From: Greg Kroah-Hartman Date: Thu, 19 Apr 2012 16:30:07 +0000 (-0700) Subject: 3.0-stable patches X-Git-Tag: v3.2.16~20 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a4580efac869bd33b0f97b7fec23dd5c3c76396f;p=thirdparty%2Fkernel%2Fstable-queue.git 3.0-stable patches added patches: bluetooth-uart-ldisc-fix-memory-leak.patch --- diff --git a/queue-3.0/bluetooth-hci_ldisc-fix-null-pointer-dereference-on-tty_close.patch b/queue-3.0/bluetooth-hci_ldisc-fix-null-pointer-dereference-on-tty_close.patch index af60ad4f5b8..02308ba0f99 100644 --- a/queue-3.0/bluetooth-hci_ldisc-fix-null-pointer-dereference-on-tty_close.patch +++ b/queue-3.0/bluetooth-hci_ldisc-fix-null-pointer-dereference-on-tty_close.patch @@ -89,7 +89,7 @@ Signed-off-by: Greg Kroah-Hartman --- a/drivers/bluetooth/hci_ldisc.c +++ b/drivers/bluetooth/hci_ldisc.c -@@ -310,11 +310,11 @@ static void hci_uart_tty_close(struct tt +@@ -309,11 +309,11 @@ static void hci_uart_tty_close(struct tt hci_uart_close(hdev); if (test_and_clear_bit(HCI_UART_PROTO_SET, &hu->flags)) { @@ -100,5 +100,5 @@ Signed-off-by: Greg Kroah-Hartman } + hu->proto->close(hu); } + kfree(hu); } - } diff --git a/queue-3.0/bluetooth-uart-ldisc-fix-memory-leak.patch b/queue-3.0/bluetooth-uart-ldisc-fix-memory-leak.patch new file mode 100644 index 00000000000..e92cc72342c --- /dev/null +++ b/queue-3.0/bluetooth-uart-ldisc-fix-memory-leak.patch @@ -0,0 +1,48 @@ +From 501dac2851c5bf1edf158adc4deb15e10c59bb04 Mon Sep 17 00:00:00 2001 +From: Johan Hovold +Date: Wed, 11 Apr 2012 11:24:35 +0200 +Subject: [PATCH] Bluetooth: uart-ldisc: Fix memory leak + +From: Johan Hovold + +This is a partial, self-contained, minimal backport of commit +797fe796c4335b35d95d5326824513befdb5d1e9 upstream which fixes the memory +leak: + +Bluetooth: uart-ldisc: Fix memory leak and remove destruct cb + +We currently leak the hci_uart object if HCI_UART_PROTO_SET is never set +because the hci-destruct callback will then never be called. This fix +removes the hci-destruct callback and frees the driver internal private +hci_uart object directly on tty-close. We call hci_unregister_dev() here +so the hci-core will never call our callbacks again (except destruct). +Therefore, we can safely free the driver internal data right away and +set the destruct callback to NULL. + +Signed-off-by: David Herrmann +Acked-by: Marcel Holtmann +Signed-off-by: Johan Hedberg +Signed-off-by: Johan Hovold +Signed-off-by: Greg Kroah-Hartman +--- + drivers/bluetooth/hci_ldisc.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/bluetooth/hci_ldisc.c ++++ b/drivers/bluetooth/hci_ldisc.c +@@ -237,7 +237,6 @@ static void hci_uart_destruct(struct hci + return; + + BT_DBG("%s", hdev->name); +- kfree(hdev->driver_data); + } + + /* ------ LDISC part ------ */ +@@ -316,6 +315,7 @@ static void hci_uart_tty_close(struct tt + hci_free_dev(hdev); + } + } ++ kfree(hu); + } + } + diff --git a/queue-3.0/series b/queue-3.0/series index 315a81a4738..f2a6b03e880 100644 --- a/queue-3.0/series +++ b/queue-3.0/series @@ -2,6 +2,7 @@ drm-i915-ringbuffer-exclude-last-2-cachlines-of-ring-on-845g.patch drm-radeon-only-add-the-mm-i2c-bus-if-the-hw_i2c-module-param-is-set.patch rtlwifi-add-missing-dma-buffer-unmapping-for-pci-drivers.patch arm-7384-1-thumbee-disable-userspace-teehbr-access-for-config_arm_thumbee.patch +bluetooth-uart-ldisc-fix-memory-leak.patch bluetooth-hci_ldisc-fix-null-pointer-dereference-on-tty_close.patch ia64-fix-futex_atomic_cmpxchg_inatomic.patch drivers-rtc-rtc-pl031.c-enable-clock-on-all-st-variants.patch