projects / platform / kernel / linux-rpi.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4bef9a8)
nfc: fdp: Fix potential memory leak in fdp_nci_send()
authorShang XiaoJing <shangxiaojing@huawei.com>
Thu, 27 Oct 2022 14:03:29 +0000 (22:03 +0800)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 10 Nov 2022 17:15:27 +0000 (18:15 +0100)
[ Upstream commit 8e4aae6b8ca76afb1fb64dcb24be44ba814e7f8a ]

fdp_nci_send() will call fdp_nci_i2c_write that will not free skb in
the function. As a result, when fdp_nci_i2c_write() finished, the skb
will memleak. fdp_nci_send() should free skb after fdp_nci_i2c_write()
finished.

Fixes: a06347c04c13 ("NFC: Add Intel Fields Peak NFC solution driver")
Signed-off-by: Shang XiaoJing <shangxiaojing@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
drivers/nfc/fdp/fdp.c patch | blob | history

diff --git a/drivers/nfc/fdp/fdp.c b/drivers/nfc/fdp/fdp.c
index c6b3334..f12f903 100644 (file)
--- a/drivers/nfc/fdp/fdp.c
+++ b/drivers/nfc/fdp/fdp.c
@@ -249,11 +249,19 @@ static int fdp_nci_close(struct nci_dev *ndev)
 static int fdp_nci_send(struct nci_dev *ndev, struct sk_buff *skb)
 {
        struct fdp_nci_info *info = nci_get_drvdata(ndev);
+       int ret;
 
        if (atomic_dec_and_test(&info->data_pkt_counter))
                info->data_pkt_counter_cb(ndev);
 
-       return info->phy_ops->write(info->phy, skb);
+       ret = info->phy_ops->write(info->phy, skb);
+       if (ret < 0) {
+               kfree_skb(skb);
+               return ret;
+       }
+
+       consume_skb(skb);
+       return 0;
 }
 
 static int fdp_nci_request_firmware(struct nci_dev *ndev)
Domain: System / Kernel;