tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Bluetooth: btusb: Fix memory leak
This checks if CONFIG_DEV_COREDUMP is enabled before attempting to clone
the skb and also make sure btmtk_process_coredump frees the skb passed
following the same logic.
Fixes: 0b7015132878 ("Bluetooth: btusb: mediatek: add MediaTek devcoredump support")
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+9
-5
+3
-1
drivers/bluetooth/btmtk.c
+3
-1
drivers/bluetooth/btmtk.c
···
372
372
struct btmediatek_data *data = hci_get_priv(hdev);
373
373
int err;
374
374
375
-
if (!IS_ENABLED(CONFIG_DEV_COREDUMP))
375
+
if (!IS_ENABLED(CONFIG_DEV_COREDUMP)) {
376
+
kfree_skb(skb);
376
377
return 0;
378
+
}
377
379
378
380
switch (data->cd_info.state) {
379
381
case HCI_DEVCOREDUMP_IDLE:
+6
-4
drivers/bluetooth/btusb.c
+6
-4
drivers/bluetooth/btusb.c
···
3281
3281
{
3282
3282
struct btusb_data *data = hci_get_drvdata(hdev);
3283
3283
u16 handle = le16_to_cpu(hci_acl_hdr(skb)->handle);
3284
-
struct sk_buff *skb_cd;
3285
3284
3286
3285
switch (handle) {
3287
3286
case 0xfc6f: /* Firmware dump from device */
···
3293
3294
* for backward compatibility, so we have to clone the packet
3294
3295
* extraly for the in-kernel coredump support.
3295
3296
*/
3296
-
skb_cd = skb_clone(skb, GFP_ATOMIC);
3297
-
if (skb_cd)
3298
-
btmtk_process_coredump(hdev, skb_cd);
3297
+
if (IS_ENABLED(CONFIG_DEV_COREDUMP)) {
3298
+
struct sk_buff *skb_cd = skb_clone(skb, GFP_ATOMIC);
3299
+
3300
+
if (skb_cd)
3301
+
btmtk_process_coredump(hdev, skb_cd);
3302
+
}
3299
3303
3300
3304
fallthrough;
3301
3305
case 0x05ff: /* Firmware debug logging 1 */