projects / linux-2.6-microblaze.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a6e0625)
Bluetooth: btusb: Fix memory leak
authorLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
Wed, 28 Feb 2024 16:17:24 +0000 (11:17 -0500)
committerLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
Wed, 6 Mar 2024 22:26:23 +0000 (17:26 -0500)
This checks if CONFIG_DEV_COREDUMP is enabled before attempting to clone
the skb and also make sure btmtk_process_coredump frees the skb passed
following the same logic.

Fixes: 0b7015132878 ("Bluetooth: btusb: mediatek: add MediaTek devcoredump support")
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
drivers/bluetooth/btmtk.c patch | blob | history
drivers/bluetooth/btusb.c patch | blob | history

diff --git a/drivers/bluetooth/btmtk.c b/drivers/bluetooth/btmtk.c
index aaabb73..285418d 100644 (file)
--- a/drivers/bluetooth/btmtk.c
+++ b/drivers/bluetooth/btmtk.c
@@ -372,8 +372,10 @@ int btmtk_process_coredump(struct hci_dev *hdev, struct sk_buff *skb)
        struct btmediatek_data *data = hci_get_priv(hdev);
        int err;
 
-       if (!IS_ENABLED(CONFIG_DEV_COREDUMP))
+       if (!IS_ENABLED(CONFIG_DEV_COREDUMP)) {
+               kfree_skb(skb);
                return 0;
+       }
 
        switch (data->cd_info.state) {
        case HCI_DEVCOREDUMP_IDLE:
diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c
index edfb49b..f390080 100644 (file)
--- a/drivers/bluetooth/btusb.c
+++ b/drivers/bluetooth/btusb.c
@@ -3281,7 +3281,6 @@ static int btusb_recv_acl_mtk(struct hci_dev *hdev, struct sk_buff *skb)
 {
        struct btusb_data *data = hci_get_drvdata(hdev);
        u16 handle = le16_to_cpu(hci_acl_hdr(skb)->handle);
-       struct sk_buff *skb_cd;
 
        switch (handle) {
        case 0xfc6f:            /* Firmware dump from device */
@@ -3294,9 +3293,12 @@ static int btusb_recv_acl_mtk(struct hci_dev *hdev, struct sk_buff *skb)
                 * for backward compatibility, so we have to clone the packet
                 * extraly for the in-kernel coredump support.
                 */
-               skb_cd = skb_clone(skb, GFP_ATOMIC);
-               if (skb_cd)
-                       btmtk_process_coredump(hdev, skb_cd);
+               if (IS_ENABLED(CONFIG_DEV_COREDUMP)) {
+                       struct sk_buff *skb_cd = skb_clone(skb, GFP_ATOMIC);
+
+                       if (skb_cd)
+                               btmtk_process_coredump(hdev, skb_cd);
+               }
 
                fallthrough;
        case 0x05ff:            /* Firmware debug logging 1 */
MicroBlaze GIT Repository