From: Dinghao Liu <dinghao.liu@zju.edu.cn>
Date: Sat, 2 Jan 2021 05:47:55 +0000 (+0800)
Subject: Bluetooth: hci_qca: Fix memleak in qca_controller_memdump
X-Git-Tag: v5.10.25~1116
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=601899cec0a3a84341d70289cd014d358b00f808;p=platform%2Fkernel%2Flinux-rpi.git

Bluetooth: hci_qca: Fix memleak in qca_controller_memdump

[ Upstream commit 71f8e707557b9bc25dc90a59a752528d4e7c1cbf ]

When __le32_to_cpu() fails, qca_memdump should be freed
just like when vmalloc() fails.

Fixes: d841502c79e3f ("Bluetooth: hci_qca: Collect controller memory dump during SSR")
Signed-off-by: Dinghao Liu <dinghao.liu@zju.edu.cn>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---

diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c
index 244b8fe..5c26c7d 100644
--- a/drivers/bluetooth/hci_qca.c
+++ b/drivers/bluetooth/hci_qca.c
@@ -1020,7 +1020,9 @@ static void qca_controller_memdump(struct work_struct *work)
 			dump_size = __le32_to_cpu(dump->dump_size);
 			if (!(dump_size)) {
 				bt_dev_err(hu->hdev, "Rx invalid memdump size");
+				kfree(qca_memdump);
 				kfree_skb(skb);
+				qca->qca_memdump = NULL;
 				mutex_unlock(&qca->hci_memdump_lock);
 				return;
 			}