From: Anant Thazhemadam <anant.thazhemadam@gmail.com> To: unlisted-recipients:; (no To-header on input) Cc: linux-kernel-mentees@lists.linuxfoundation.org, Anant Thazhemadam <anant.thazhemadam@gmail.com>, syzbot+6ce141c55b2f7aafd1c4@syzkaller.appspotmail.com, Marcel Holtmann <marcel@holtmann.org>, Johan Hedberg <johan.hedberg@gmail.com>, Hans de Goede <hdegoede@redhat.com>, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [Linux-kernel-mentees][PATCH v2] bluetooth: hci_h5: close serdev device and free hu in h5_close Date: Fri, 2 Oct 2020 01:13:28 +0530 [thread overview] Message-ID: <20201001194329.9328-1-anant.thazhemadam@gmail.com> (raw) When h5_close() gets called, the memory allocated for the hu gets freed only if hu->serdev doesn't exist. This leads to a memory leak. So when h5_close() is requested, close the serdev device instance and free the memory allocated to the hu entirely instead. Fixes: ce945552fde4 ("Bluetooth: hci_h5: Add support for serdev enumerated devices") Reported-by: syzbot+6ce141c55b2f7aafd1c4@syzkaller.appspotmail.com Tested-by: syzbot+6ce141c55b2f7aafd1c4@syzkaller.appspotmail.com Signed-off-by: Anant Thazhemadam <anant.thazhemadam@gmail.com> --- Changes in v2: * Fixed the Fixes tag drivers/bluetooth/hci_h5.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/bluetooth/hci_h5.c b/drivers/bluetooth/hci_h5.c index e41854e0d79a..3d1585add572 100644 --- a/drivers/bluetooth/hci_h5.c +++ b/drivers/bluetooth/hci_h5.c @@ -248,8 +248,12 @@ static int h5_close(struct hci_uart *hu) if (h5->vnd && h5->vnd->close) h5->vnd->close(h5); - if (!hu->serdev) - kfree(h5); + if (hu->serdev) + serdev_device_close(hu->serdev); + + kfree_skb(h5->rx_skb); + kfree(h5); + h5 = NULL; return 0; } -- 2.25.1
WARNING: multiple messages have this Message-ID (diff)
From: Anant Thazhemadam <anant.thazhemadam@gmail.com> Cc: Anant Thazhemadam <anant.thazhemadam@gmail.com>, syzbot+6ce141c55b2f7aafd1c4@syzkaller.appspotmail.com, Johan Hedberg <johan.hedberg@gmail.com>, linux-bluetooth@vger.kernel.org, Marcel Holtmann <marcel@holtmann.org>, linux-kernel@vger.kernel.org, Hans de Goede <hdegoede@redhat.com>, linux-kernel-mentees@lists.linuxfoundation.org Subject: [Linux-kernel-mentees] [PATCH v2] bluetooth: hci_h5: close serdev device and free hu in h5_close Date: Fri, 2 Oct 2020 01:13:28 +0530 [thread overview] Message-ID: <20201001194329.9328-1-anant.thazhemadam@gmail.com> (raw) When h5_close() gets called, the memory allocated for the hu gets freed only if hu->serdev doesn't exist. This leads to a memory leak. So when h5_close() is requested, close the serdev device instance and free the memory allocated to the hu entirely instead. Fixes: ce945552fde4 ("Bluetooth: hci_h5: Add support for serdev enumerated devices") Reported-by: syzbot+6ce141c55b2f7aafd1c4@syzkaller.appspotmail.com Tested-by: syzbot+6ce141c55b2f7aafd1c4@syzkaller.appspotmail.com Signed-off-by: Anant Thazhemadam <anant.thazhemadam@gmail.com> --- Changes in v2: * Fixed the Fixes tag drivers/bluetooth/hci_h5.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/bluetooth/hci_h5.c b/drivers/bluetooth/hci_h5.c index e41854e0d79a..3d1585add572 100644 --- a/drivers/bluetooth/hci_h5.c +++ b/drivers/bluetooth/hci_h5.c @@ -248,8 +248,12 @@ static int h5_close(struct hci_uart *hu) if (h5->vnd && h5->vnd->close) h5->vnd->close(h5); - if (!hu->serdev) - kfree(h5); + if (hu->serdev) + serdev_device_close(hu->serdev); + + kfree_skb(h5->rx_skb); + kfree(h5); + h5 = NULL; return 0; } -- 2.25.1 _______________________________________________ Linux-kernel-mentees mailing list Linux-kernel-mentees@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/linux-kernel-mentees
next reply other threads:[~2020-10-01 19:43 UTC|newest] Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-10-01 19:43 Anant Thazhemadam [this message] 2020-10-01 19:43 ` [Linux-kernel-mentees] [PATCH v2] bluetooth: hci_h5: close serdev device and free hu in h5_close Anant Thazhemadam 2020-10-02 10:22 ` [Linux-kernel-mentees][PATCH " Hans de Goede 2020-10-02 10:22 ` [Linux-kernel-mentees] [PATCH " Hans de Goede 2020-10-02 10:55 ` [Linux-kernel-mentees][PATCH " Anant Thazhemadam 2020-10-02 10:55 ` [Linux-kernel-mentees] [PATCH " Anant Thazhemadam 2020-10-03 22:07 ` Anant Thazhemadam 2020-10-03 22:07 ` [Linux-kernel-mentees] " Anant Thazhemadam 2020-10-04 5:17 ` [PATCH v3] bluetooth: hci_h5: fix memory leak " Anant Thazhemadam 2020-10-04 5:17 ` [Linux-kernel-mentees] " Anant Thazhemadam 2020-10-05 9:18 ` Hans de Goede 2020-10-05 9:18 ` [Linux-kernel-mentees] " Hans de Goede 2020-10-06 2:44 ` Anant Thazhemadam 2020-10-06 2:44 ` [Linux-kernel-mentees] " Anant Thazhemadam 2020-10-06 6:30 ` Hans de Goede 2020-10-06 6:30 ` [Linux-kernel-mentees] " Hans de Goede
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20201001194329.9328-1-anant.thazhemadam@gmail.com \ --to=anant.thazhemadam@gmail.com \ --cc=hdegoede@redhat.com \ --cc=johan.hedberg@gmail.com \ --cc=linux-bluetooth@vger.kernel.org \ --cc=linux-kernel-mentees@lists.linuxfoundation.org \ --cc=linux-kernel@vger.kernel.org \ --cc=marcel@holtmann.org \ --cc=syzbot+6ce141c55b2f7aafd1c4@syzkaller.appspotmail.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.