* [PATCH] Bluetooth: btusb: fix memory leak in btusb_mtk_submit_wmt_recv_urb()
@ 2021-10-13 16:22 mark-yw.chen
2021-10-13 16:32 ` Marcel Holtmann
2021-10-13 17:26 ` bluez.test.bot
0 siblings, 2 replies; 3+ messages in thread
From: mark-yw.chen @ 2021-10-13 16:22 UTC (permalink / raw)
To: marcel, johan.hedberg
Cc: mark-yw.chen, will-cy.lee, linux-bluetooth, linux-mediatek, linux-kernel
From: Mark-YW.Chen <mark-yw.chen@mediatek.com>
Driver should free `usb->setup_packet` to avoid the leak.
$ cat /sys/kernel/debug/kmemleak
unreferenced object 0xffffffa564a58080 (size 128):
backtrace:
[<000000007eb8dd70>] kmem_cache_alloc_trace+0x22c/0x384
[<000000008a44191d>] btusb_mtk_hci_wmt_sync+0x1ec/0x994
[btusb]
[<00000000ca7189a3>] btusb_mtk_setup+0x6b8/0x13cc
[btusb]
[<00000000c6105069>] hci_dev_do_open+0x290/0x974
[bluetooth]
[<00000000a583f8b8>] hci_power_on+0xdc/0x3cc [bluetooth]
[<000000005d80e687>] process_one_work+0x514/0xc80
[<00000000f4d57637>] worker_thread+0x818/0xd0c
[<00000000dc7bdb55>] kthread+0x2f8/0x3b8
[<00000000f9999513>] ret_from_fork+0x10/0x30
Signed-off-by: Mark-YW.Chen <mark-yw.chen@mediatek.com>
---
drivers/bluetooth/btusb.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c
index 75c83768c257..1bfcbcabc7d3 100644
--- a/drivers/bluetooth/btusb.c
+++ b/drivers/bluetooth/btusb.c
@@ -2265,6 +2265,7 @@ static void btusb_mtk_wmt_recv(struct urb *urb)
skb = bt_skb_alloc(HCI_WMT_MAX_EVENT_SIZE, GFP_ATOMIC);
if (!skb) {
hdev->stat.err_rx++;
+ kfree(urb->setup_packet);
return;
}
@@ -2285,6 +2286,7 @@ static void btusb_mtk_wmt_recv(struct urb *urb)
data->evt_skb = skb_clone(skb, GFP_ATOMIC);
if (!data->evt_skb) {
kfree_skb(skb);
+ kfree(urb->setup_packet);
return;
}
}
@@ -2293,6 +2295,7 @@ static void btusb_mtk_wmt_recv(struct urb *urb)
if (err < 0) {
kfree_skb(data->evt_skb);
data->evt_skb = NULL;
+ kfree(urb->setup_packet);
return;
}
@@ -2303,6 +2306,7 @@ static void btusb_mtk_wmt_recv(struct urb *urb)
wake_up_bit(&data->flags,
BTUSB_TX_WAIT_VND_EVT);
}
+ kfree(urb->setup_packet);
return;
} else if (urb->status == -ENOENT) {
/* Avoid suspend failed when usb_kill_urb */
@@ -2323,6 +2327,7 @@ static void btusb_mtk_wmt_recv(struct urb *urb)
usb_anchor_urb(urb, &data->ctrl_anchor);
err = usb_submit_urb(urb, GFP_ATOMIC);
if (err < 0) {
+ kfree(urb->setup_packet);
/* -EPERM: urb is being killed;
* -ENODEV: device got disconnected
*/
--
2.18.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] Bluetooth: btusb: fix memory leak in btusb_mtk_submit_wmt_recv_urb()
2021-10-13 16:22 [PATCH] Bluetooth: btusb: fix memory leak in btusb_mtk_submit_wmt_recv_urb() mark-yw.chen
@ 2021-10-13 16:32 ` Marcel Holtmann
2021-10-13 17:26 ` bluez.test.bot
1 sibling, 0 replies; 3+ messages in thread
From: Marcel Holtmann @ 2021-10-13 16:32 UTC (permalink / raw)
To: mark-yw.chen
Cc: Johan Hedberg, will-cy.lee, linux-bluetooth, linux-mediatek,
linux-kernel
Hi Mark,
> Driver should free `usb->setup_packet` to avoid the leak.
>
> $ cat /sys/kernel/debug/kmemleak
> unreferenced object 0xffffffa564a58080 (size 128):
> backtrace:
> [<000000007eb8dd70>] kmem_cache_alloc_trace+0x22c/0x384
> [<000000008a44191d>] btusb_mtk_hci_wmt_sync+0x1ec/0x994
> [btusb]
> [<00000000ca7189a3>] btusb_mtk_setup+0x6b8/0x13cc
> [btusb]
> [<00000000c6105069>] hci_dev_do_open+0x290/0x974
> [bluetooth]
> [<00000000a583f8b8>] hci_power_on+0xdc/0x3cc [bluetooth]
> [<000000005d80e687>] process_one_work+0x514/0xc80
> [<00000000f4d57637>] worker_thread+0x818/0xd0c
> [<00000000dc7bdb55>] kthread+0x2f8/0x3b8
> [<00000000f9999513>] ret_from_fork+0x10/0x30
>
> Signed-off-by: Mark-YW.Chen <mark-yw.chen@mediatek.com>
> ---
> drivers/bluetooth/btusb.c | 5 +++++
> 1 file changed, 5 insertions(+)
patch has been applied to bluetooth-next tree.
Regards
Marcel
^ permalink raw reply [flat|nested] 3+ messages in thread
* RE: Bluetooth: btusb: fix memory leak in btusb_mtk_submit_wmt_recv_urb()
2021-10-13 16:22 [PATCH] Bluetooth: btusb: fix memory leak in btusb_mtk_submit_wmt_recv_urb() mark-yw.chen
2021-10-13 16:32 ` Marcel Holtmann
@ 2021-10-13 17:26 ` bluez.test.bot
1 sibling, 0 replies; 3+ messages in thread
From: bluez.test.bot @ 2021-10-13 17:26 UTC (permalink / raw)
To: linux-bluetooth, Mark-YW.Chen
[-- Attachment #1: Type: text/plain, Size: 935 bytes --]
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=562869
---Test result---
Test Summary:
CheckPatch PASS 1.77 seconds
GitLint PASS 0.89 seconds
BuildKernel PASS 612.21 seconds
TestRunner: Setup PASS 403.02 seconds
TestRunner: l2cap-tester PASS 8.63 seconds
TestRunner: bnep-tester PASS 4.94 seconds
TestRunner: mgmt-tester PASS 84.39 seconds
TestRunner: rfcomm-tester PASS 5.74 seconds
TestRunner: sco-tester PASS 6.24 seconds
TestRunner: smp-tester PASS 6.06 seconds
TestRunner: userchan-tester PASS 5.21 seconds
---
Regards,
Linux Bluetooth
[-- Attachment #2: l2cap-tester.log --]
[-- Type: application/octet-stream, Size: 44357 bytes --]
[-- Attachment #3: bnep-tester.log --]
[-- Type: application/octet-stream, Size: 3564 bytes --]
[-- Attachment #4: mgmt-tester.log --]
[-- Type: application/octet-stream, Size: 646011 bytes --]
[-- Attachment #5: rfcomm-tester.log --]
[-- Type: application/octet-stream, Size: 11684 bytes --]
[-- Attachment #6: sco-tester.log --]
[-- Type: application/octet-stream, Size: 13924 bytes --]
[-- Attachment #7: smp-tester.log --]
[-- Type: application/octet-stream, Size: 11829 bytes --]
[-- Attachment #8: userchan-tester.log --]
[-- Type: application/octet-stream, Size: 6370 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-10-13 17:26 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-10-13 16:22 [PATCH] Bluetooth: btusb: fix memory leak in btusb_mtk_submit_wmt_recv_urb() mark-yw.chen
2021-10-13 16:32 ` Marcel Holtmann
2021-10-13 17:26 ` bluez.test.bot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).