Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Bluetooth: hci_sync: fix leaks when hci_cmd_sync_queue_once fails
When hci_cmd_sync_queue_once() returns with error, the destroy callback
will not be called.
Fix leaking references / memory on these failures.
Signed-off-by: Pauli Virtanen <pav@iki.fi>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
authored by
Pauli Virtanen
and committed by
Luiz Augusto von Dentz
aca37720
2969554b
+11
-2
+11
-2
net/bluetooth/hci_sync.c
+11
-2
net/bluetooth/hci_sync.c
···
7460
7460
* role is possible. Otherwise just transition into the
7461
7461
* connected state without requesting the remote features.
7462
7462
*/
7463
-
if (conn->out || (hdev->le_features[0] & HCI_LE_PERIPHERAL_FEATURES))
7463
+
if (conn->out || (hdev->le_features[0] & HCI_LE_PERIPHERAL_FEATURES)) {
7464
7464
err = hci_cmd_sync_queue_once(hdev,
7465
7465
hci_le_read_remote_features_sync,
7466
7466
hci_conn_hold(conn),
7467
7467
le_read_features_complete);
7468
-
else
7468
+
if (err)
7469
+
hci_conn_drop(conn);
7470
+
} else {
7469
7471
err = -EOPNOTSUPP;
7472
+
}
7470
7473
7471
7474
return (err == -EEXIST) ? 0 : err;
7472
7475
}
···
7508
7505
7509
7506
err = hci_cmd_sync_queue_once(hdev, hci_change_conn_ptype_sync, cp,
7510
7507
pkt_type_changed);
7508
+
if (err)
7509
+
kfree(cp);
7510
+
7511
7511
return (err == -EEXIST) ? 0 : err;
7512
7512
}
7513
7513
···
7550
7544
7551
7545
err = hci_cmd_sync_queue_once(hdev, hci_le_set_phy_sync, cp,
7552
7546
le_phy_update_complete);
7547
+
if (err)
7548
+
kfree(cp);
7549
+
7553
7550
return (err == -EEXIST) ? 0 : err;
7554
7551
}