diff options
| author | Dinghao Liu <dinghao.liu@zju.edu.cn> | 2021-01-02 13:47:55 +0800 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2021-03-04 11:37:22 +0100 |
| commit | 601899cec0a3a84341d70289cd014d358b00f808 (patch) | |
| tree | de1fb47d2a29643947f5a9823216009a9b1fcc70 /drivers/bluetooth | |
| parent | ec621e844289c1eee648ce33c3e1c73b86ad4084 (diff) | |
Bluetooth: hci_qca: Fix memleak in qca_controller_memdump
[ Upstream commit 71f8e707557b9bc25dc90a59a752528d4e7c1cbf ]
When __le32_to_cpu() fails, qca_memdump should be freed
just like when vmalloc() fails.
Fixes: d841502c79e3f ("Bluetooth: hci_qca: Collect controller memory dump during SSR")
Signed-off-by: Dinghao Liu <dinghao.liu@zju.edu.cn>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'drivers/bluetooth')
| -rw-r--r-- | drivers/bluetooth/hci_qca.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c index 244b8feba523..5c26c7d94173 100644 --- a/drivers/bluetooth/hci_qca.c +++ b/drivers/bluetooth/hci_qca.c @@ -1020,7 +1020,9 @@ static void qca_controller_memdump(struct work_struct *work) dump_size = __le32_to_cpu(dump->dump_size); if (!(dump_size)) { bt_dev_err(hu->hdev, "Rx invalid memdump size"); + kfree(qca_memdump); kfree_skb(skb); + qca->qca_memdump = NULL; mutex_unlock(&qca->hci_memdump_lock); return; } |