]> git.ipfire.org Git - thirdparty/kernel/stable.git/commitdiff
projects / thirdparty / kernel / stable.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5cb9341)
Bluetooth: btusb: Fix memory leak
authorLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
Wed, 28 Feb 2024 16:17:24 +0000 (11:17 -0500)
committerSasha Levin <sashal@kernel.org>
Tue, 26 Mar 2024 22:16:54 +0000 (18:16 -0400)
[ Upstream commit 79f4127a502c5905f04da1f20a7bbe07103fb77c ]

This checks if CONFIG_DEV_COREDUMP is enabled before attempting to clone
the skb and also make sure btmtk_process_coredump frees the skb passed
following the same logic.

Fixes: 0b7015132878 ("Bluetooth: btusb: mediatek: add MediaTek devcoredump support")
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
drivers/bluetooth/btmtk.c patch | blob | blame | history
drivers/bluetooth/btusb.c patch | blob | blame | history

diff --git a/drivers/bluetooth/btmtk.c b/drivers/bluetooth/btmtk.c
index aaabb732082cd8501d70d21c6c17207fb16a4ad8..285418dbb43f5e26ac8945aa7bb7c2253eb4208c 100644 (file)
--- a/drivers/bluetooth/btmtk.c
+++ b/drivers/bluetooth/btmtk.c
@@ -372,8 +372,10 @@ int btmtk_process_coredump(struct hci_dev *hdev, struct sk_buff *skb)
        struct btmediatek_data *data = hci_get_priv(hdev);
        int err;
 
-       if (!IS_ENABLED(CONFIG_DEV_COREDUMP))
+       if (!IS_ENABLED(CONFIG_DEV_COREDUMP)) {
+               kfree_skb(skb);
                return 0;
+       }
 
        switch (data->cd_info.state) {
        case HCI_DEVCOREDUMP_IDLE:
diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c
index d31edad7a05607407c6dd4c9f1e14edc571d9385..6cb87d47ad7d53815e4e14ee97fe952b86989857 100644 (file)
--- a/drivers/bluetooth/btusb.c
+++ b/drivers/bluetooth/btusb.c
@@ -3273,7 +3273,6 @@ static int btusb_recv_acl_mtk(struct hci_dev *hdev, struct sk_buff *skb)
 {
        struct btusb_data *data = hci_get_drvdata(hdev);
        u16 handle = le16_to_cpu(hci_acl_hdr(skb)->handle);
-       struct sk_buff *skb_cd;
 
        switch (handle) {
        case 0xfc6f:            /* Firmware dump from device */
@@ -3286,9 +3285,12 @@ static int btusb_recv_acl_mtk(struct hci_dev *hdev, struct sk_buff *skb)
                 * for backward compatibility, so we have to clone the packet
                 * extraly for the in-kernel coredump support.
                 */
-               skb_cd = skb_clone(skb, GFP_ATOMIC);
-               if (skb_cd)
-                       btmtk_process_coredump(hdev, skb_cd);
+               if (IS_ENABLED(CONFIG_DEV_COREDUMP)) {
+                       struct sk_buff *skb_cd = skb_clone(skb, GFP_ATOMIC);
+
+                       if (skb_cd)
+                               btmtk_process_coredump(hdev, skb_cd);
+               }
 
                fallthrough;
        case 0x05ff:            /* Firmware debug logging 1 */
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git