diff mbox series

Bluetooth: hci_conn: Fix potential memleak in iso_listen_bis()

Message ID 20221108112308.3910185-1-bobo.shaobowang@huawei.com (mailing list archive)
State New, archived
Headers show
Series Bluetooth: hci_conn: Fix potential memleak in iso_listen_bis() | expand

Checks

Context Check Description
tedd_an/pre-ci_am success Success
tedd_an/checkpatch success Checkpatch PASS
tedd_an/gitlint success Gitlint PASS
tedd_an/subjectprefix success PASS
tedd_an/buildkernel success Build Kernel PASS
tedd_an/buildkernel32 success Build Kernel32 PASS
tedd_an/incremental_build success Pass
tedd_an/testrunnersetup success Test Runner Setup PASS
tedd_an/testrunnerl2cap-tester success Total: 40, Passed: 40 (100.0%), Failed: 0, Not Run: 0
tedd_an/testrunneriso-tester success Total: 55, Passed: 55 (100.0%), Failed: 0, Not Run: 0
tedd_an/testrunnerbnep-tester success Total: 1, Passed: 1 (100.0%), Failed: 0, Not Run: 0
tedd_an/testrunnermgmt-tester success Total: 494, Passed: 494 (100.0%), Failed: 0, Not Run: 0
tedd_an/testrunnerrfcomm-tester success Total: 11, Passed: 11 (100.0%), Failed: 0, Not Run: 0
tedd_an/testrunnersco-tester success Total: 12, Passed: 12 (100.0%), Failed: 0, Not Run: 0
tedd_an/testrunnerioctl-tester success Total: 28, Passed: 28 (100.0%), Failed: 0, Not Run: 0
tedd_an/testrunnermesh-tester success Total: 10, Passed: 10 (100.0%), Failed: 0, Not Run: 0
tedd_an/testrunnersmp-tester success Total: 8, Passed: 8 (100.0%), Failed: 0, Not Run: 0
tedd_an/testrunneruserchan-tester success Total: 4, Passed: 4 (100.0%), Failed: 0, Not Run: 0

Commit Message

Wangshaobo (bobo) Nov. 8, 2022, 11:23 a.m. UTC 
When hci_pa_create_sync() failed, hdev should be freed as there
was no place to handle its recycling after.

Fixes: f764a6c2c1e4 ("Bluetooth: ISO: Add broadcast support")
Signed-off-by: Wang ShaoBo <bobo.shaobowang@huawei.com>
---
 net/bluetooth/iso.c | 3 +++
 1 file changed, 3 insertions(+)

Comments

bluez.test.bot@gmail.com Nov. 8, 2022, noon UTC | #1 
This is automated email and please do not reply to this email!

Dear submitter,

Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=693186

---Test result---

Test Summary:
CheckPatch                    PASS      1.66 seconds
GitLint                       PASS      1.05 seconds
SubjectPrefix                 PASS      0.84 seconds
BuildKernel                   PASS      34.49 seconds
BuildKernel32                 PASS      30.67 seconds
Incremental Build with patchesPASS      47.81 seconds
TestRunner: Setup             PASS      510.78 seconds
TestRunner: l2cap-tester      PASS      17.73 seconds
TestRunner: iso-tester        PASS      16.71 seconds
TestRunner: bnep-tester       PASS      6.66 seconds
TestRunner: mgmt-tester       PASS      107.48 seconds
TestRunner: rfcomm-tester     PASS      10.88 seconds
TestRunner: sco-tester        PASS      9.90 seconds
TestRunner: ioctl-tester      PASS      11.26 seconds
TestRunner: mesh-tester       PASS      8.20 seconds
TestRunner: smp-tester        PASS      9.91 seconds
TestRunner: userchan-tester   PASS      6.89 seconds



---
Regards,
Linux Bluetooth
Luiz Augusto von Dentz Nov. 8, 2022, 11:41 p.m. UTC | #2 
Hi Wang,

On Tue, Nov 8, 2022 at 3:24 AM Wang ShaoBo <bobo.shaobowang@huawei.com> wrote:
>
> When hci_pa_create_sync() failed, hdev should be freed as there
> was no place to handle its recycling after.

The patch itself seems fine but the description is misleading since we
are not freeing the hdev instead we are jus releasing the reference we
got.

> Fixes: f764a6c2c1e4 ("Bluetooth: ISO: Add broadcast support")
> Signed-off-by: Wang ShaoBo <bobo.shaobowang@huawei.com>
> ---
>  net/bluetooth/iso.c | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/net/bluetooth/iso.c b/net/bluetooth/iso.c
> index f825857db6d0..4e3867110dc1 100644
> --- a/net/bluetooth/iso.c
> +++ b/net/bluetooth/iso.c
> @@ -880,6 +880,9 @@ static int iso_listen_bis(struct sock *sk)
>
>         hci_dev_unlock(hdev);
>
> +       if (err)
> +               hci_dev_put(hdev);

Not sure why you are not always calling hci_dev_put?

>         return err;
>  }
>
> --
> 2.25.1
>
Wangshaobo (bobo) Nov. 9, 2022, 2:13 a.m. UTC | #3 
在 2022/11/9 7:41, Luiz Augusto von Dentz 写道:
> Hi Wang,
>
> On Tue, Nov 8, 2022 at 3:24 AM Wang ShaoBo <bobo.shaobowang@huawei.com> wrote:
>> When hci_pa_create_sync() failed, hdev should be freed as there
>> was no place to handle its recycling after.
> The patch itself seems fine but the description is misleading since we
> are not freeing the hdev instead we are jus releasing the reference we
> got.
>
>> Fixes: f764a6c2c1e4 ("Bluetooth: ISO: Add broadcast support")
>> Signed-off-by: Wang ShaoBo <bobo.shaobowang@huawei.com>
>> ---
>>   net/bluetooth/iso.c | 3 +++
>>   1 file changed, 3 insertions(+)
>>
>> diff --git a/net/bluetooth/iso.c b/net/bluetooth/iso.c
>> index f825857db6d0..4e3867110dc1 100644
>> --- a/net/bluetooth/iso.c
>> +++ b/net/bluetooth/iso.c
>> @@ -880,6 +880,9 @@ static int iso_listen_bis(struct sock *sk)
>>
>>          hci_dev_unlock(hdev);
>>
>> +       if (err)
>> +               hci_dev_put(hdev);
> Not sure why you are not always calling hci_dev_put?

emm, I would have thought that the reference would be released after 
calling hci_cmd_sync_queue(), but in fact actually not.

-- Wang ShaoBo

>
>>          return err;
>>   }
>>
>> --
>> 2.25.1
>>
>
diff mbox series

Patch

diff --git a/net/bluetooth/iso.c b/net/bluetooth/iso.c
index f825857db6d0..4e3867110dc1 100644
--- a/net/bluetooth/iso.c
+++ b/net/bluetooth/iso.c
@@ -880,6 +880,9 @@  static int iso_listen_bis(struct sock *sk)
 
 	hci_dev_unlock(hdev);
 
+	if (err)
+		hci_dev_put(hdev);
+
 	return err;
 }