From: Greg Kroah-Hartman Date: Thu, 19 Apr 2012 17:08:07 +0000 (-0700) Subject: 3.3-stable patches X-Git-Tag: v3.2.16~18 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3d65b14520f83446dcf99778dc4d9ff450e16f43;p=thirdparty%2Fkernel%2Fstable-queue.git 3.3-stable patches added patches: bluetooth-uart-ldisc-fix-memory-leak.patch --- diff --git a/queue-3.3/bluetooth-hci_ldisc-fix-null-pointer-dereference-on-tty_close.patch b/queue-3.3/bluetooth-hci_ldisc-fix-null-pointer-dereference-on-tty_close.patch index af60ad4f5b8..02308ba0f99 100644 --- a/queue-3.3/bluetooth-hci_ldisc-fix-null-pointer-dereference-on-tty_close.patch +++ b/queue-3.3/bluetooth-hci_ldisc-fix-null-pointer-dereference-on-tty_close.patch @@ -89,7 +89,7 @@ Signed-off-by: Greg Kroah-Hartman --- a/drivers/bluetooth/hci_ldisc.c +++ b/drivers/bluetooth/hci_ldisc.c -@@ -310,11 +310,11 @@ static void hci_uart_tty_close(struct tt +@@ -309,11 +309,11 @@ static void hci_uart_tty_close(struct tt hci_uart_close(hdev); if (test_and_clear_bit(HCI_UART_PROTO_SET, &hu->flags)) { @@ -100,5 +100,5 @@ Signed-off-by: Greg Kroah-Hartman } + hu->proto->close(hu); } + kfree(hu); } - } diff --git a/queue-3.3/bluetooth-uart-ldisc-fix-memory-leak.patch b/queue-3.3/bluetooth-uart-ldisc-fix-memory-leak.patch new file mode 100644 index 00000000000..e92cc72342c --- /dev/null +++ b/queue-3.3/bluetooth-uart-ldisc-fix-memory-leak.patch @@ -0,0 +1,48 @@ +From 501dac2851c5bf1edf158adc4deb15e10c59bb04 Mon Sep 17 00:00:00 2001 +From: Johan Hovold +Date: Wed, 11 Apr 2012 11:24:35 +0200 +Subject: [PATCH] Bluetooth: uart-ldisc: Fix memory leak + +From: Johan Hovold + +This is a partial, self-contained, minimal backport of commit +797fe796c4335b35d95d5326824513befdb5d1e9 upstream which fixes the memory +leak: + +Bluetooth: uart-ldisc: Fix memory leak and remove destruct cb + +We currently leak the hci_uart object if HCI_UART_PROTO_SET is never set +because the hci-destruct callback will then never be called. This fix +removes the hci-destruct callback and frees the driver internal private +hci_uart object directly on tty-close. We call hci_unregister_dev() here +so the hci-core will never call our callbacks again (except destruct). +Therefore, we can safely free the driver internal data right away and +set the destruct callback to NULL. + +Signed-off-by: David Herrmann +Acked-by: Marcel Holtmann +Signed-off-by: Johan Hedberg +Signed-off-by: Johan Hovold +Signed-off-by: Greg Kroah-Hartman +--- + drivers/bluetooth/hci_ldisc.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/bluetooth/hci_ldisc.c ++++ b/drivers/bluetooth/hci_ldisc.c +@@ -237,7 +237,6 @@ static void hci_uart_destruct(struct hci + return; + + BT_DBG("%s", hdev->name); +- kfree(hdev->driver_data); + } + + /* ------ LDISC part ------ */ +@@ -316,6 +315,7 @@ static void hci_uart_tty_close(struct tt + hci_free_dev(hdev); + } + } ++ kfree(hu); + } + } + diff --git a/queue-3.3/series b/queue-3.3/series index 5f5d9d79167..6569d8e8337 100644 --- a/queue-3.3/series +++ b/queue-3.3/series @@ -11,6 +11,7 @@ arm-7379-1-dt-fix-atags_to_fdt-second-call-site.patch arm-7384-1-thumbee-disable-userspace-teehbr-access-for-config_arm_thumbee.patch md-raid1-raid10-fix-calculation-of-vcnt-when-processing-error-recovery.patch md-bitmap-prevent-bitmap_daemon_work-running-while-initialising-bitmap.patch +bluetooth-uart-ldisc-fix-memory-leak.patch bluetooth-hci_ldisc-fix-null-pointer-dereference-on-tty_close.patch bluetooth-hci_core-fix-null-pointer-dereference-at-unregister.patch bluetooth-remove-unneeded-locking.patch