Bluetooth: hci_qca: Fix memleak in qca_controller_memdump

stable inclusion from stable-5.10.20 commit 601899cec0a3a84341d70289cd014d358b00f808 bugzilla: 50608 -------------------------------- [ Upstream commit 71f8e707 ] When __le32_to_cpu() fails, qca_memdump should be freed just like when vmalloc() fails. Fixes: d841502c ("Bluetooth: hci_qca: Collect controller memory dump during SSR") Signed-off-by: N Dinghao Liu <dinghao.liu@zju.edu.cn> Signed-off-by: N Marcel Holtmann <marcel@holtmann.org> Signed-off-by: N Sasha Levin <sashal@kernel.org> Signed-off-by: N Chen Jun <chenjun102@huawei.com> Acked-by: N Xie XiuQi <xiexiuqi@huawei.com> Signed-off-by: N Zheng Zengkai <zhengzengkai@huawei.com>

Bluetooth: hci_qca: Fix memleak in qca_controller_memdump
stable inclusion from stable-5.10.20 commit 601899cec0a3a84341d70289cd014d358b00f808 bugzilla: 50608 -------------------------------- [ Upstream commit 71f8e707 ] When __le32_to_cpu() fails, qca_memdump should be freed just like when vmalloc() fails. Fixes: d841502c ("Bluetooth: hci_qca: Collect controller memory dump during SSR") Signed-off-by: N Dinghao Liu <dinghao.liu@zju.edu.cn> Signed-off-by: N Marcel Holtmann <marcel@holtmann.org> Signed-off-by: N Sasha Levin <sashal@kernel.org> Signed-off-by: N Chen Jun <chenjun102@huawei.com> Acked-by: N Xie XiuQi <xiexiuqi@huawei.com> Signed-off-by: N Zheng Zengkai <zhengzengkai@huawei.com>
ac940701 · Dinghao Liu · Zheng Zengkai · 042eb2cf · ac940701
显示空白变更内容
内联并排

Showing with 2 addition and 0 deletion

drivers/bluetooth/hci_qca.c drivers/bluetooth/hci_qca.c +2 -0

未找到文件。
--- a/drivers/bluetooth/hci_qca.c
+++ b/drivers/bluetooth/hci_qca.c
@@ -1020,7 +1020,9 @@ static void qca_controller_memdump(struct work_struct *work)
 			dump_size = __le32_to_cpu(dump->dump_size);
 			if (!(dump_size)) {
 				bt_dev_err(hu->hdev, "Rx invalid memdump size");
+				kfree(qca_memdump);
 				kfree_skb(skb);
+				qca->qca_memdump = NULL;
 				mutex_unlock(&qca->hci_memdump_lock);
 				return;
 			}