From: Anant Thazhemadam <anant.thazhemadam@gmail.com>
To: unlisted-recipients:; (no To-header on input)
Cc: linux-kernel-mentees@lists.linuxfoundation.org,
Anant Thazhemadam <anant.thazhemadam@gmail.com>,
syzbot+6ce141c55b2f7aafd1c4@syzkaller.appspotmail.com,
Marcel Holtmann <marcel@holtmann.org>,
Johan Hedberg <johan.hedberg@gmail.com>,
Hans de Goede <hdegoede@redhat.com>,
linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [Linux-kernel-mentees][PATCH v2] bluetooth: hci_h5: close serdev device and free hu in h5_close
Date: Fri, 2 Oct 2020 01:13:28 +0530 [thread overview]
Message-ID: <20201001194329.9328-1-anant.thazhemadam@gmail.com> (raw)
When h5_close() gets called, the memory allocated for the hu gets
freed only if hu->serdev doesn't exist. This leads to a memory leak.
So when h5_close() is requested, close the serdev device instance and
free the memory allocated to the hu entirely instead.
Fixes: ce945552fde4 ("Bluetooth: hci_h5: Add support for serdev enumerated devices")
Reported-by: syzbot+6ce141c55b2f7aafd1c4@syzkaller.appspotmail.com
Tested-by: syzbot+6ce141c55b2f7aafd1c4@syzkaller.appspotmail.com
Signed-off-by: Anant Thazhemadam <anant.thazhemadam@gmail.com>
---
Changes in v2:
* Fixed the Fixes tag
drivers/bluetooth/hci_h5.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/bluetooth/hci_h5.c b/drivers/bluetooth/hci_h5.c
index e41854e0d79a..3d1585add572 100644
--- a/drivers/bluetooth/hci_h5.c
+++ b/drivers/bluetooth/hci_h5.c
@@ -248,8 +248,12 @@ static int h5_close(struct hci_uart *hu)
if (h5->vnd && h5->vnd->close)
h5->vnd->close(h5);
- if (!hu->serdev)
- kfree(h5);
+ if (hu->serdev)
+ serdev_device_close(hu->serdev);
+
+ kfree_skb(h5->rx_skb);
+ kfree(h5);
+ h5 = NULL;
return 0;
}
--
2.25.1
WARNING: multiple messages have this Message-ID (diff)
From: Anant Thazhemadam <anant.thazhemadam@gmail.com>
Cc: Anant Thazhemadam <anant.thazhemadam@gmail.com>,
syzbot+6ce141c55b2f7aafd1c4@syzkaller.appspotmail.com,
Johan Hedberg <johan.hedberg@gmail.com>,
linux-bluetooth@vger.kernel.org,
Marcel Holtmann <marcel@holtmann.org>,
linux-kernel@vger.kernel.org, Hans de Goede <hdegoede@redhat.com>,
linux-kernel-mentees@lists.linuxfoundation.org
Subject: [Linux-kernel-mentees] [PATCH v2] bluetooth: hci_h5: close serdev device and free hu in h5_close
Date: Fri, 2 Oct 2020 01:13:28 +0530 [thread overview]
Message-ID: <20201001194329.9328-1-anant.thazhemadam@gmail.com> (raw)
When h5_close() gets called, the memory allocated for the hu gets
freed only if hu->serdev doesn't exist. This leads to a memory leak.
So when h5_close() is requested, close the serdev device instance and
free the memory allocated to the hu entirely instead.
Fixes: ce945552fde4 ("Bluetooth: hci_h5: Add support for serdev enumerated devices")
Reported-by: syzbot+6ce141c55b2f7aafd1c4@syzkaller.appspotmail.com
Tested-by: syzbot+6ce141c55b2f7aafd1c4@syzkaller.appspotmail.com
Signed-off-by: Anant Thazhemadam <anant.thazhemadam@gmail.com>
---
Changes in v2:
* Fixed the Fixes tag
drivers/bluetooth/hci_h5.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/bluetooth/hci_h5.c b/drivers/bluetooth/hci_h5.c
index e41854e0d79a..3d1585add572 100644
--- a/drivers/bluetooth/hci_h5.c
+++ b/drivers/bluetooth/hci_h5.c
@@ -248,8 +248,12 @@ static int h5_close(struct hci_uart *hu)
if (h5->vnd && h5->vnd->close)
h5->vnd->close(h5);
- if (!hu->serdev)
- kfree(h5);
+ if (hu->serdev)
+ serdev_device_close(hu->serdev);
+
+ kfree_skb(h5->rx_skb);
+ kfree(h5);
+ h5 = NULL;
return 0;
}
--
2.25.1
_______________________________________________
Linux-kernel-mentees mailing list
Linux-kernel-mentees@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/linux-kernel-mentees
next reply other threads:[~2020-10-01 19:43 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-01 19:43 Anant Thazhemadam [this message]
2020-10-01 19:43 ` [Linux-kernel-mentees] [PATCH v2] bluetooth: hci_h5: close serdev device and free hu in h5_close Anant Thazhemadam
2020-10-02 10:22 ` [Linux-kernel-mentees][PATCH " Hans de Goede
2020-10-02 10:22 ` [Linux-kernel-mentees] [PATCH " Hans de Goede
2020-10-02 10:55 ` [Linux-kernel-mentees][PATCH " Anant Thazhemadam
2020-10-02 10:55 ` [Linux-kernel-mentees] [PATCH " Anant Thazhemadam
2020-10-03 22:07 ` Anant Thazhemadam
2020-10-03 22:07 ` [Linux-kernel-mentees] " Anant Thazhemadam
2020-10-04 5:17 ` [PATCH v3] bluetooth: hci_h5: fix memory leak " Anant Thazhemadam
2020-10-04 5:17 ` [Linux-kernel-mentees] " Anant Thazhemadam
2020-10-05 9:18 ` Hans de Goede
2020-10-05 9:18 ` [Linux-kernel-mentees] " Hans de Goede
2020-10-06 2:44 ` Anant Thazhemadam
2020-10-06 2:44 ` [Linux-kernel-mentees] " Anant Thazhemadam
2020-10-06 6:30 ` Hans de Goede
2020-10-06 6:30 ` [Linux-kernel-mentees] " Hans de Goede
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201001194329.9328-1-anant.thazhemadam@gmail.com \
--to=anant.thazhemadam@gmail.com \
--cc=hdegoede@redhat.com \
--cc=johan.hedberg@gmail.com \
--cc=linux-bluetooth@vger.kernel.org \
--cc=linux-kernel-mentees@lists.linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=marcel@holtmann.org \
--cc=syzbot+6ce141c55b2f7aafd1c4@syzkaller.appspotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.