This is a note to let you know that I've just added the patch titled
Bluetooth: qca: fix firmware check error path
to the 5.15-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
bluetooth-qca-fix-firmware-check-error-path.patch
and it can be found in the queue-5.15 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 40d442f969fb1e871da6fca73d3f8aef1f888558 Mon Sep 17 00:00:00 2001
From: Johan Hovold <johan+linaro@xxxxxxxxxx>
Date: Wed, 1 May 2024 08:37:40 +0200
Subject: Bluetooth: qca: fix firmware check error path
From: Johan Hovold <johan+linaro@xxxxxxxxxx>
commit 40d442f969fb1e871da6fca73d3f8aef1f888558 upstream.
A recent commit fixed the code that parses the firmware files before
downloading them to the controller but introduced a memory leak in case
the sanity checks ever fail.
Make sure to free the firmware buffer before returning on errors.
Fixes: f905ae0be4b7 ("Bluetooth: qca: add missing firmware sanity checks")
Cc: stable@xxxxxxxxxxxxxxx # 4.19
Signed-off-by: Johan Hovold <johan+linaro@xxxxxxxxxx>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@xxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/bluetooth/btqca.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/bluetooth/btqca.c
+++ b/drivers/bluetooth/btqca.c
@@ -492,7 +492,7 @@ static int qca_download_firmware(struct
ret = qca_tlv_check_data(hdev, config, data, size, soc_type);
if (ret)
- return ret;
+ goto out;
segment = data;
remain = size;
Patches currently in stable-queue which might be from johan+linaro@xxxxxxxxxx are
queue-5.15/bluetooth-qca-add-missing-firmware-sanity-checks.patch
queue-5.15/bluetooth-qca-fix-nvm-configuration-parsing.patch
queue-5.15/bluetooth-qca-fix-firmware-check-error-path.patch
queue-5.15/regulator-core-fix-debugfs-creation-regression.patch
