This is a note to let you know that I've just added the patch titled
Bluetooth: hci_qca: Fix memleak in qca_controller_memdump
to the 5.10-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
bluetooth-hci_qca-fix-memleak-in-qca_controller_memd.patch
and it can be found in the queue-5.10 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
commit a314b18f83d3a655a4734aa2265fe772c9d9f47b
Author: Dinghao Liu <dinghao.liu@xxxxxxxxxx>
Date: Sat Jan 2 13:47:55 2021 +0800
Bluetooth: hci_qca: Fix memleak in qca_controller_memdump
[ Upstream commit 71f8e707557b9bc25dc90a59a752528d4e7c1cbf ]
When __le32_to_cpu() fails, qca_memdump should be freed
just like when vmalloc() fails.
Fixes: d841502c79e3f ("Bluetooth: hci_qca: Collect controller memory dump during SSR")
Signed-off-by: Dinghao Liu <dinghao.liu@xxxxxxxxxx>
Signed-off-by: Marcel Holtmann <marcel@xxxxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c
index 244b8feba5232..5c26c7d941731 100644
--- a/drivers/bluetooth/hci_qca.c
+++ b/drivers/bluetooth/hci_qca.c
@@ -1020,7 +1020,9 @@ static void qca_controller_memdump(struct work_struct *work)
dump_size = __le32_to_cpu(dump->dump_size);
if (!(dump_size)) {
bt_dev_err(hu->hdev, "Rx invalid memdump size");
+ kfree(qca_memdump);
kfree_skb(skb);
+ qca->qca_memdump = NULL;
mutex_unlock(&qca->hci_memdump_lock);
return;
}
