speedtch usbatm.c,1.45,1.46

[Duncan Sands]

Update of /home/cvs/speedtch
In directory phoenix.infradead.org:/tmp/cvs-serv1674

Modified Files:
	usbatm.c 
Log Message:
Avoid Oops on bind failure by zeroing out the entire instance, not just part
of it.  Also, avoid leaking an urb when we fail to allocate a buffer.  Spotted
by Stanislaw W. Gruszka.


Index: usbatm.c
===================================================================
RCS file: /home/cvs/speedtch/usbatm.c,v
retrieving revision 1.45
retrieving revision 1.46
diff -u -r1.45 -r1.46
--- usbatm.c	20 May 2005 13:45:06 -0000	1.45
+++ usbatm.c	27 May 2005 07:55:14 -0000	1.46
@@ -949,6 +949,7 @@
 	struct usb_device *usb_dev = interface_to_usbdev(intf);
 	struct usbatm_data *instance;
 	char *buf;
+	size_t instance_size = sizeof(*instance) + sizeof(struct urb *) * (num_rcv_urbs + num_snd_urbs);
 	int error = -ENOMEM;
 	int i, length;
 	int need_heavy;
@@ -960,14 +961,13 @@
 			intf->altsetting->desc.bInterfaceNumber);
 
 	/* instance init */
-	instance = kmalloc(sizeof(*instance) + sizeof(struct urb *) * (num_rcv_urbs + num_snd_urbs),
-			   GFP_KERNEL);
+	instance = kmalloc(instance_size, GFP_KERNEL);
 	if (!instance) {
 		dev_dbg(dev, "%s: no memory for instance data!\n", __func__);
 		return -ENOMEM;
 	}
 
-	memset(instance, 0, sizeof(*instance));
+	memset(instance, 0, instance_size);
 
 	/* public fields */
 
@@ -1051,6 +1051,8 @@
 			goto fail_unbind;
 		}
 
+		instance->urbs[i] = urb;
+
 		buffer = kmalloc(channel->buf_size, GFP_KERNEL);
 		if (!buffer) {
 			dev_dbg(dev, "%s: no memory for buffer %d!\n", __func__, i);
@@ -1078,7 +1080,6 @@
 
 		vdbg("%s: alloced buffer 0x%p buf size %u urb 0x%p",
 		     __func__, urb->transfer_buffer, urb->transfer_buffer_length, urb);
-		instance->urbs[i] = urb;
 	}
 
 	if (need_heavy && driver->heavy_init) {