Received: by 2002:ab2:6857:0:b0:1ef:ffd0:ce49 with SMTP id l23csp2378144lqp;
        Sun, 24 Mar 2024 16:43:47 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCUoFowgpoCVp6WHknCdRyQUWAliFOSmHRZ69SW18HCj78QWASnTjO3dT5Ie5k+jnKGBDkWfM07KQ285k8x6TfhVnN90E1lFYCxr1hFYLA==
X-Google-Smtp-Source: AGHT+IEw+S4g/3F8d7+9Pbq/CmDLOZyrXfbmPk8JAiv+TDVWjAzrP7mFCEbM1WqDn0IY6blUZo52
X-Received: by 2002:ad4:5a51:0:b0:696:7902:983a with SMTP id ej17-20020ad45a51000000b006967902983amr5050639qvb.2.1711323827173;
        Sun, 24 Mar 2024 16:43:47 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1711323827; cv=pass;
        d=google.com; s=arc-20160816;
        b=tzT69/VZ3MVSuJCfKPaSKwvog5be1/Kxw97lFBev45EgNW8sqlJHLLaZ5ghcBhW4k3
         fRTmWY8FjR4ERtEQw916t1uK30fwO/xuM3vWTF5WqKAKIKtlW3Gr+/pLfrSSElFaeeVU
         wZ2VD3uYJEGD593Uwn447jj1ZNGyOZ3LwkabNiC486001apbaHbppne2Eabn9qRPZ4As
         2EFJJs+xrcMuZPv03MvGq5oNrCtYm0F5Hjdde8+KvSuphYPAqDtBq28Qb3v+wfeTS/UE
         X61Xg+1yaj7b9TVwqZ4yNU4H5jBAjUXbsR8tODE8jA22tUQ0N2fZfVOtUaJ1Df4XTms6
         0AKQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:in-reply-to:message-id
         :date:subject:cc:to:from:dkim-signature;
        bh=pSZqMBvSHPNd/LdcsZBLAESSD1M5wCMA3EuczGge/QY=;
        fh=/TnrLxI5sd/8bhOUk5NCak+Scug04k+QZYgHCAWUD88=;
        b=wJ3UZ2jDeGhHnyfhZzAl4vEMhlLhZrcSkzC3u2ZAzUJSL+eLmjWLLFdD4R0g6GdMo8
         KMFljX/DAQfkHQhcOuqZ6CWgyxDmACjXXjOXcYueQWBjvPvrDnmuOM5ZiVhum/une06L
         UXWHOkCzCCPy30uMVZRxt9bjfCYwScDzuCsNqdaDXhUrwRWwMHOnFi3JxasyGtKfxU+T
         Q1FIEFikdIf6n1oIdxdRePBtz2uYZYj/55SZQ3Gumnux8pQdemgRpu0xiRfeDgUl3dKB
         RVGeKyBf36AgNtWGjtrDdy7N57Guud68tYDngLcTaB3iHS+PlJ949bMUWBmSYE5rCxce
         n3gQ==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=bi0wxxlm;
       arc=pass (i=1 dkim=pass dkdomain=kernel.org);
       spf=pass (google.com: domain of linux-kernel+bounces-113205-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-113205-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel+bounces-113205-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223])
        by mx.google.com with ESMTPS id r14-20020a0562140c4e00b006961178758asi6937395qvj.221.2024.03.24.16.43.46
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 24 Mar 2024 16:43:47 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-113205-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=bi0wxxlm;
       arc=pass (i=1 dkim=pass dkdomain=kernel.org);
       spf=pass (google.com: domain of linux-kernel+bounces-113205-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-113205-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ny.mirrors.kernel.org (Postfix) with ESMTPS id DFA471C226CB
	for <linux.lists.archive@gmail.com>; Sun, 24 Mar 2024 23:43:46 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 5B61417D24A;
	Sun, 24 Mar 2024 22:40:08 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="bi0wxxlm"
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4DA7617D228;
	Sun, 24 Mar 2024 22:40:07 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1711320007; cv=none; b=powViEbk3gCVdEnWPcOrm+vHAQr6dICWUQ0zDKqGyNBWHt4B1Lfiv4fzvmznSHDclRQ/vaXLsxmuUjAj3w1/4VwfoEukHPgcu+d+r7KG+X0GHthkTDADP1TeK/2+aVFXRhpzZRhHN077RLLqjAwCyqR0z2ji8RoB22xJuJMcNcc=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1711320007; c=relaxed/simple;
	bh=DJS3TGp3Td4MV9ZRjIwo5xMPi1BQTcb3/FYgdCrfEqo=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version; b=cE2T0aPT+g6VhJZ5yeT0ce9vwbAM3JwCKDDRidggr2q5l4Lf+j4fsV9hECHjmTMMZGJSNsPQF+WEuy2AmPeLStYvp/gwlPR2sVv2u42I1pFpt4JamYQF81HId0GvTmE/AtEhbaioRpmq+5JeaSfwgK/YWxNLdB6WbRnxy/KvoCw=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=bi0wxxlm; arc=none smtp.client-ip=10.30.226.201
Received: by smtp.kernel.org (Postfix) with ESMTPSA id A0E9CC433F1;
	Sun, 24 Mar 2024 22:40:06 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1711320007;
	bh=DJS3TGp3Td4MV9ZRjIwo5xMPi1BQTcb3/FYgdCrfEqo=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=bi0wxxlmbGD36mkdAwNw1jBoDGOeoGcC6n5ki994OZOOzY8ogBCSYqb1EFypREDxH
	 hPqjXYSnKmmlwnoJgZ1bipySV/41oN5D1FSsd00xFA1nNiZ2AtMpccjIYzsaLlllGg
	 BQKPdkEohIjGoTgrS2ty3OwoIqX3+wmRVC5yhUux+ocAnqnEonLSbU2FC08KFVXUq4
	 5lgL0CCJC6Sxkkfg7yTZZsXsBH6OTI5StFkFTL7+whlA4OObrfE0NgbmjbUnHf1HFa
	 RAkinz3+MSVaax2I4/gHZyo6yAQbKGjGPrz6RWA94Dj3MGAXa6hbZzTmKw/WLOH5f4
	 PQDyPbIvbvtpw==
From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org,
	stable@vger.kernel.org
Cc: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>,
	Sasha Levin <sashal@kernel.org>
Subject: [PATCH 6.8 314/715] Bluetooth: btusb: Fix memory leak
Date: Sun, 24 Mar 2024 18:28:13 -0400
Message-ID: <20240324223455.1342824-315-sashal@kernel.org>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20240324223455.1342824-1-sashal@kernel.org>
References: <20240324223455.1342824-1-sashal@kernel.org>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
X-stable: review
X-Patchwork-Hint: Ignore
Content-Transfer-Encoding: 8bit

From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

[ Upstream commit 79f4127a502c5905f04da1f20a7bbe07103fb77c ]

This checks if CONFIG_DEV_COREDUMP is enabled before attempting to clone
the skb and also make sure btmtk_process_coredump frees the skb passed
following the same logic.

Fixes: 0b7015132878 ("Bluetooth: btusb: mediatek: add MediaTek devcoredump support")
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/bluetooth/btmtk.c |  4 +++-
 drivers/bluetooth/btusb.c | 10 ++++++----
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/drivers/bluetooth/btmtk.c b/drivers/bluetooth/btmtk.c
index aaabb732082cd..285418dbb43f5 100644
--- a/drivers/bluetooth/btmtk.c
+++ b/drivers/bluetooth/btmtk.c
@@ -372,8 +372,10 @@ int btmtk_process_coredump(struct hci_dev *hdev, struct sk_buff *skb)
 	struct btmediatek_data *data = hci_get_priv(hdev);
 	int err;
 
-	if (!IS_ENABLED(CONFIG_DEV_COREDUMP))
+	if (!IS_ENABLED(CONFIG_DEV_COREDUMP)) {
+		kfree_skb(skb);
 		return 0;
+	}
 
 	switch (data->cd_info.state) {
 	case HCI_DEVCOREDUMP_IDLE:
diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c
index d31edad7a0560..6cb87d47ad7d5 100644
--- a/drivers/bluetooth/btusb.c
+++ b/drivers/bluetooth/btusb.c
@@ -3273,7 +3273,6 @@ static int btusb_recv_acl_mtk(struct hci_dev *hdev, struct sk_buff *skb)
 {
 	struct btusb_data *data = hci_get_drvdata(hdev);
 	u16 handle = le16_to_cpu(hci_acl_hdr(skb)->handle);
-	struct sk_buff *skb_cd;
 
 	switch (handle) {
 	case 0xfc6f:		/* Firmware dump from device */
@@ -3286,9 +3285,12 @@ static int btusb_recv_acl_mtk(struct hci_dev *hdev, struct sk_buff *skb)
 		 * for backward compatibility, so we have to clone the packet
 		 * extraly for the in-kernel coredump support.
 		 */
-		skb_cd = skb_clone(skb, GFP_ATOMIC);
-		if (skb_cd)
-			btmtk_process_coredump(hdev, skb_cd);
+		if (IS_ENABLED(CONFIG_DEV_COREDUMP)) {
+			struct sk_buff *skb_cd = skb_clone(skb, GFP_ATOMIC);
+
+			if (skb_cd)
+				btmtk_process_coredump(hdev, skb_cd);
+		}
 
 		fallthrough;
 	case 0x05ff:		/* Firmware debug logging 1 */
-- 
2.43.0