diff mbox series

Bluetooth: hci_qca: Fix memleak in qca_controller_memdump

Message ID 20210102054755.21069-1-dinghao.liu@zju.edu.cn
State Accepted
Commit 71f8e707557b9bc25dc90a59a752528d4e7c1cbf
Headers show
Series Bluetooth: hci_qca: Fix memleak in qca_controller_memdump | expand

Commit Message

Dinghao Liu Jan. 2, 2021, 5:47 a.m. UTC 
When __le32_to_cpu() fails, qca_memdump should be freed
just like when vmalloc() fails.

Fixes: d841502c79e3f ("Bluetooth: hci_qca: Collect controller memory dump during SSR")
Signed-off-by: Dinghao Liu <dinghao.liu@zju.edu.cn>
---
 drivers/bluetooth/hci_qca.c | 2 ++
 1 file changed, 2 insertions(+)

Comments

Marcel Holtmann Jan. 6, 2021, 7:50 a.m. UTC | #1 
Hi Dinghao,

> When __le32_to_cpu() fails, qca_memdump should be freed

> just like when vmalloc() fails.

> 

> Fixes: d841502c79e3f ("Bluetooth: hci_qca: Collect controller memory dump during SSR")

> Signed-off-by: Dinghao Liu <dinghao.liu@zju.edu.cn>

> ---

> drivers/bluetooth/hci_qca.c | 2 ++

> 1 file changed, 2 insertions(+)


patch has been to bluetooth-next tree.

Regards

Marcel
diff mbox series

Patch

diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c
index 4a963682c702..5dbcb7c42b80 100644
--- a/drivers/bluetooth/hci_qca.c
+++ b/drivers/bluetooth/hci_qca.c
@@ -1024,7 +1024,9 @@  static void qca_controller_memdump(struct work_struct *work)
 			dump_size = __le32_to_cpu(dump->dump_size);
 			if (!(dump_size)) {
 				bt_dev_err(hu->hdev, "Rx invalid memdump size");
+				kfree(qca_memdump);
 				kfree_skb(skb);
+				qca->qca_memdump = NULL;
 				mutex_unlock(&qca->hci_memdump_lock);
 				return;
 			}