3.3-stable patches

added patches:
	bluetooth-uart-ldisc-fix-memory-leak.patch

diff --git a/queue-3.3/bluetooth-hci_ldisc-fix-null-pointer-dereference-on-tty_close.patch b/queue-3.3/bluetooth-hci_ldisc-fix-null-pointer-dereference-on-tty_close.patch
index af60ad4f5b88952f0829d7509c5376d983053df8..02308ba0f99ee71a9764d48fae8116fa2c0546ab 100644 (file)
--- a/queue-3.3/bluetooth-hci_ldisc-fix-null-pointer-dereference-on-tty_close.patch
+++ b/queue-3.3/bluetooth-hci_ldisc-fix-null-pointer-dereference-on-tty_close.patch
@@ -89,7 +89,7 @@ Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 
 --- a/drivers/bluetooth/hci_ldisc.c
 +++ b/drivers/bluetooth/hci_ldisc.c
-@@ -310,11 +310,11 @@ static void hci_uart_tty_close(struct tt
+@@ -309,11 +309,11 @@ static void hci_uart_tty_close(struct tt
                        hci_uart_close(hdev);
  
                if (test_and_clear_bit(HCI_UART_PROTO_SET, &hu->flags)) {
@@ -100,5 +100,5 @@ Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
                        }
 +                      hu->proto->close(hu);
                }
+               kfree(hu);
        }
- }

diff --git a/queue-3.3/bluetooth-uart-ldisc-fix-memory-leak.patch b/queue-3.3/bluetooth-uart-ldisc-fix-memory-leak.patch
new file mode 100644 (file)
index 0000000..e92cc72
--- /dev/null
+++ b/queue-3.3/bluetooth-uart-ldisc-fix-memory-leak.patch
@@ -0,0 +1,48 @@
+From 501dac2851c5bf1edf158adc4deb15e10c59bb04 Mon Sep 17 00:00:00 2001
+From: Johan Hovold <jhovold@gmail.com>
+Date: Wed, 11 Apr 2012 11:24:35 +0200
+Subject: [PATCH] Bluetooth: uart-ldisc: Fix memory leak
+
+From: Johan Hovold <jhovold@gmail.com>
+
+This is a partial, self-contained, minimal backport of commit
+797fe796c4335b35d95d5326824513befdb5d1e9 upstream which fixes the memory
+leak:
+
+Bluetooth: uart-ldisc: Fix memory leak and remove destruct cb
+
+We currently leak the hci_uart object if HCI_UART_PROTO_SET is never set
+because the hci-destruct callback will then never be called.  This fix
+removes the hci-destruct callback and frees the driver internal private
+hci_uart object directly on tty-close. We call hci_unregister_dev() here
+so the hci-core will never call our callbacks again (except destruct).
+Therefore, we can safely free the driver internal data right away and
+set the destruct callback to NULL.
+
+Signed-off-by: David Herrmann <dh.herrmann@googlemail.com>
+Acked-by: Marcel Holtmann <marcel@holtmann.org>
+Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
+Signed-off-by: Johan Hovold <jhovold@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/bluetooth/hci_ldisc.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/bluetooth/hci_ldisc.c
++++ b/drivers/bluetooth/hci_ldisc.c
+@@ -237,7 +237,6 @@ static void hci_uart_destruct(struct hci
+               return;
+ 
+       BT_DBG("%s", hdev->name);
+-      kfree(hdev->driver_data);
+ }
+ 
+ /* ------ LDISC part ------ */
+@@ -316,6 +315,7 @@ static void hci_uart_tty_close(struct tt
+                               hci_free_dev(hdev);
+                       }
+               }
++              kfree(hu);
+       }
+ }
+ 

diff --git a/queue-3.3/series b/queue-3.3/series
index 5f5d9d79167d7b924243c64076d39b1f798365be..6569d8e833788718269372dab06fe9f8911bcb96 100644 (file)
--- a/queue-3.3/series
+++ b/queue-3.3/series
@@ -11,6 +11,7 @@ arm-7379-1-dt-fix-atags_to_fdt-second-call-site.patch
 arm-7384-1-thumbee-disable-userspace-teehbr-access-for-config_arm_thumbee.patch
 md-raid1-raid10-fix-calculation-of-vcnt-when-processing-error-recovery.patch
 md-bitmap-prevent-bitmap_daemon_work-running-while-initialising-bitmap.patch
+bluetooth-uart-ldisc-fix-memory-leak.patch
 bluetooth-hci_ldisc-fix-null-pointer-dereference-on-tty_close.patch
 bluetooth-hci_core-fix-null-pointer-dereference-at-unregister.patch
 bluetooth-remove-unneeded-locking.patch