Commit 79f4127a authored by Luiz Augusto von Dentz's avatar Luiz Augusto von Dentz
Browse files

Bluetooth: btusb: Fix memory leak 



This checks if CONFIG_DEV_COREDUMP is enabled before attempting to clone
the skb and also make sure btmtk_process_coredump frees the skb passed
following the same logic.

Fixes: 0b701513 ("Bluetooth: btusb: mediatek: add MediaTek devcoredump support")
Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
parent a6e06258

drivers/bluetooth/btmtk.c

+3 −1
Original line number Diff line number Diff line
@@ -372,8 +372,10 @@ int btmtk_process_coredump(struct hci_dev *hdev, struct sk_buff *skb) 
	struct btmediatek_data *data = hci_get_priv(hdev);

	int err;



	if (!IS_ENABLED(CONFIG_DEV_COREDUMP))

	if (!IS_ENABLED(CONFIG_DEV_COREDUMP)) {

		kfree_skb(skb);

		return 0;

	}



	switch (data->cd_info.state) {

	case HCI_DEVCOREDUMP_IDLE:

drivers/bluetooth/btusb.c

+6 −4
Original line number Diff line number Diff line
@@ -3281,7 +3281,6 @@ static int btusb_recv_acl_mtk(struct hci_dev *hdev, struct sk_buff *skb) 
{

	struct btusb_data *data = hci_get_drvdata(hdev);

	u16 handle = le16_to_cpu(hci_acl_hdr(skb)->handle);

	struct sk_buff *skb_cd;



	switch (handle) {

	case 0xfc6f:		/* Firmware dump from device */
@@ -3294,9 +3293,12 @@ static int btusb_recv_acl_mtk(struct hci_dev *hdev, struct sk_buff *skb) 
		 * for backward compatibility, so we have to clone the packet

		 * extraly for the in-kernel coredump support.

		 */

		skb_cd = skb_clone(skb, GFP_ATOMIC);

		if (IS_ENABLED(CONFIG_DEV_COREDUMP)) {

			struct sk_buff *skb_cd = skb_clone(skb, GFP_ATOMIC);



			if (skb_cd)

				btmtk_process_coredump(hdev, skb_cd);

		}



		fallthrough;

	case 0x05ff:		/* Firmware debug logging 1 */