The hci_conn_failed() function currently calls hci_connect_cfm(), which
indirectly leads to the allocation of an l2cap_conn struct in l2cap_conn_add().
This operation results in a memory leak, as the l2cap_conn structure
becomes unreferenced.
To address this issue and prevent the memory leak, this patch modifies
hci_conn_failed() to replace the call to hci_connect_cfm() with a
call to hci_disconn_cfm().
Reported-by: [email protected]
Signed-off-by: Yuran Pereira <[email protected]>
---
net/bluetooth/hci_conn.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index 7a6f20338db8..1d2d03b4a98a 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -1248,7 +1248,7 @@ void hci_conn_failed(struct hci_conn *conn, u8 status)
}
conn->state = BT_CLOSED;
- hci_connect_cfm(conn, status);
+ hci_disconn_cfm(conn, status);
hci_conn_del(conn);
}
--
2.25.1
On Sat, Oct 07, 2023 at 05:09:01PM +0530, Yuran Pereira wrote:
> The hci_conn_failed() function currently calls hci_connect_cfm(), which
> indirectly leads to the allocation of an l2cap_conn struct in l2cap_conn_add().
> This operation results in a memory leak, as the l2cap_conn structure
> becomes unreferenced.
>
> To address this issue and prevent the memory leak, this patch modifies
> hci_conn_failed() to replace the call to hci_connect_cfm() with a
> call to hci_disconn_cfm().
>
> Reported-by: [email protected]
> Signed-off-by: Yuran Pereira <[email protected]>
> ---
> net/bluetooth/hci_conn.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
What commit id does this fix?
thanks,
greg k-h
Hi Yuran,
On Sat, Oct 7, 2023 at 10:39 AM Yuran Pereira <[email protected]> wrote:
>
> Hello Greg,
> My apologies, I just noticed that my patch is based on the mainline tree. I'll re-submit one based on the Bluetooth tree and I'll ensure to include the commit id that it's fixing.
>
> Thanks,
> Yuran Pereira
> ________________________________
> De: Greg KH <[email protected]>
> Enviado: 7 de outubro de 2023 11:41
> Para: Yuran Pereira <[email protected]>
> Cc: [email protected] <[email protected]>; [email protected] <[email protected]>; [email protected] <[email protected]>; [email protected] <[email protected]>; [email protected] <[email protected]>; [email protected] <[email protected]>; [email protected] <[email protected]>
> Assunto: Re: [PATCH] Bluetooth: hci_conn_failed: Fixes memory leak
>
> On Sat, Oct 07, 2023 at 05:09:01PM +0530, Yuran Pereira wrote:
> > The hci_conn_failed() function currently calls hci_connect_cfm(), which
> > indirectly leads to the allocation of an l2cap_conn struct in l2cap_conn_add().
> > This operation results in a memory leak, as the l2cap_conn structure
> > becomes unreferenced.
> >
> > To address this issue and prevent the memory leak, this patch modifies
> > hci_conn_failed() to replace the call to hci_connect_cfm() with a
> > call to hci_disconn_cfm().
I suspect this is not quite right, hci_disconn_cfm is called when a
disconnection has been requested, hci_connect_cfm is correct here
since it is meant to notify the result of connection request procedure
so I can only assume that the culprit here is that hci_conn_failed is
called with status 0 which is invalid and needs fixing.
> > Reported-by: [email protected]
> > Signed-off-by: Yuran Pereira <[email protected]>
> > ---
> > net/bluetooth/hci_conn.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
>
> What commit id does this fix?
>
> thanks,
>
> greg k-h
--
Luiz Augusto von Dentz