This is a note to let you know that I've just added the patch titled Bluetooth: hci_qca: Fix memleak in qca_controller_memdump to the 5.10-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: bluetooth-hci_qca-fix-memleak-in-qca_controller_memd.patch and it can be found in the queue-5.10 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. commit a314b18f83d3a655a4734aa2265fe772c9d9f47b Author: Dinghao Liu <dinghao.liu@xxxxxxxxxx> Date: Sat Jan 2 13:47:55 2021 +0800 Bluetooth: hci_qca: Fix memleak in qca_controller_memdump [ Upstream commit 71f8e707557b9bc25dc90a59a752528d4e7c1cbf ] When __le32_to_cpu() fails, qca_memdump should be freed just like when vmalloc() fails. Fixes: d841502c79e3f ("Bluetooth: hci_qca: Collect controller memory dump during SSR") Signed-off-by: Dinghao Liu <dinghao.liu@xxxxxxxxxx> Signed-off-by: Marcel Holtmann <marcel@xxxxxxxxxxxx> Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c index 244b8feba5232..5c26c7d941731 100644 --- a/drivers/bluetooth/hci_qca.c +++ b/drivers/bluetooth/hci_qca.c @@ -1020,7 +1020,9 @@ static void qca_controller_memdump(struct work_struct *work) dump_size = __le32_to_cpu(dump->dump_size); if (!(dump_size)) { bt_dev_err(hu->hdev, "Rx invalid memdump size"); + kfree(qca_memdump); kfree_skb(skb); + qca->qca_memdump = NULL; mutex_unlock(&qca->hci_memdump_lock); return; }