diff mbox series

Bluetooth: hci_conn: Fix potential memleak in iso_listen_bis()

Message ID 20221108112308.3910185-1-bobo.shaobowang@huawei.com (mailing list archive)
State Awaiting Upstream
Delegated to: Netdev Maintainers
Headers show
Series Bluetooth: hci_conn: Fix potential memleak in iso_listen_bis() | expand

Checks

Context Check Description
netdev/tree_selection success Guessed tree name to be net-next
netdev/fixes_present success Fixes tag not required for -next series
netdev/subject_prefix warning Target tree name not specified in the subject
netdev/cover_letter success Single patches do not need cover letters
netdev/patch_count success Link
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 0 this patch: 0
netdev/cc_maintainers warning 5 maintainers not CCed: marcel@holtmann.org davem@davemloft.net edumazet@google.com kuba@kernel.org johan.hedberg@gmail.com
netdev/build_clang success Errors and warnings before: 0 this patch: 0
netdev/module_param success Was 0 now: 0
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success Fixes tag looks correct
netdev/build_allmodconfig_warn success Errors and warnings before: 0 this patch: 0
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 9 lines checked
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0

Commit Message

Wangshaobo (bobo) Nov. 8, 2022, 11:23 a.m. UTC 
When hci_pa_create_sync() failed, hdev should be freed as there
was no place to handle its recycling after.

Fixes: f764a6c2c1e4 ("Bluetooth: ISO: Add broadcast support")
Signed-off-by: Wang ShaoBo <bobo.shaobowang@huawei.com>
---
 net/bluetooth/iso.c | 3 +++
 1 file changed, 3 insertions(+)

Comments

Luiz Augusto von Dentz Nov. 8, 2022, 11:41 p.m. UTC | #1 
Hi Wang,

On Tue, Nov 8, 2022 at 3:24 AM Wang ShaoBo <bobo.shaobowang@huawei.com> wrote:
>
> When hci_pa_create_sync() failed, hdev should be freed as there
> was no place to handle its recycling after.

The patch itself seems fine but the description is misleading since we
are not freeing the hdev instead we are jus releasing the reference we
got.

> Fixes: f764a6c2c1e4 ("Bluetooth: ISO: Add broadcast support")
> Signed-off-by: Wang ShaoBo <bobo.shaobowang@huawei.com>
> ---
>  net/bluetooth/iso.c | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/net/bluetooth/iso.c b/net/bluetooth/iso.c
> index f825857db6d0..4e3867110dc1 100644
> --- a/net/bluetooth/iso.c
> +++ b/net/bluetooth/iso.c
> @@ -880,6 +880,9 @@ static int iso_listen_bis(struct sock *sk)
>
>         hci_dev_unlock(hdev);
>
> +       if (err)
> +               hci_dev_put(hdev);

Not sure why you are not always calling hci_dev_put?

>         return err;
>  }
>
> --
> 2.25.1
>
Wangshaobo (bobo) Nov. 9, 2022, 2:13 a.m. UTC | #2 
在 2022/11/9 7:41, Luiz Augusto von Dentz 写道:
> Hi Wang,
>
> On Tue, Nov 8, 2022 at 3:24 AM Wang ShaoBo <bobo.shaobowang@huawei.com> wrote:
>> When hci_pa_create_sync() failed, hdev should be freed as there
>> was no place to handle its recycling after.
> The patch itself seems fine but the description is misleading since we
> are not freeing the hdev instead we are jus releasing the reference we
> got.
>
>> Fixes: f764a6c2c1e4 ("Bluetooth: ISO: Add broadcast support")
>> Signed-off-by: Wang ShaoBo <bobo.shaobowang@huawei.com>
>> ---
>>   net/bluetooth/iso.c | 3 +++
>>   1 file changed, 3 insertions(+)
>>
>> diff --git a/net/bluetooth/iso.c b/net/bluetooth/iso.c
>> index f825857db6d0..4e3867110dc1 100644
>> --- a/net/bluetooth/iso.c
>> +++ b/net/bluetooth/iso.c
>> @@ -880,6 +880,9 @@ static int iso_listen_bis(struct sock *sk)
>>
>>          hci_dev_unlock(hdev);
>>
>> +       if (err)
>> +               hci_dev_put(hdev);
> Not sure why you are not always calling hci_dev_put?

emm, I would have thought that the reference would be released after 
calling hci_cmd_sync_queue(), but in fact actually not.

-- Wang ShaoBo

>
>>          return err;
>>   }
>>
>> --
>> 2.25.1
>>
>
diff mbox series

Patch

diff --git a/net/bluetooth/iso.c b/net/bluetooth/iso.c
index f825857db6d0..4e3867110dc1 100644
--- a/net/bluetooth/iso.c
+++ b/net/bluetooth/iso.c
@@ -880,6 +880,9 @@  static int iso_listen_bis(struct sock *sk)
 
 	hci_dev_unlock(hdev);
 
+	if (err)
+		hci_dev_put(hdev);
+
 	return err;
 }