Received: by 2002:a05:7412:31a9:b0:e2:908c:2ebd with SMTP id et41csp4905479rdb;
        Fri, 15 Sep 2023 16:38:41 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IEZ4Q55alfFp8R1L1PNTAGYGq4YMZd7R1lJN/uj7DXe+NHhIvNUlDpF+IQrbOdUKooFDBWB
X-Received: by 2002:a17:902:cecb:b0:1c0:6e92:8cbd with SMTP id d11-20020a170902cecb00b001c06e928cbdmr2980535plg.28.1694821121315;
        Fri, 15 Sep 2023 16:38:41 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1694821121; cv=none;
        d=google.com; s=arc-20160816;
        b=d9qKBlJRfOF7OWcl+pTYFCBnAgSUuyyHzrJE4LCX4EHS7ygcvX13f815+WM4VXI3Sr
         fFf0uHU2KbXTLhMeWVGfPvTxzh2RfbZgQLqFrSRXPazWMxQGVHuDqkRsc+Rxi7Y6qsCY
         YiWztkxyW3Y7ZYIfH1DCKDJxxl+rMKOVMb1N1MCpFTsR6luYUBxRqNVwvd9bqWnnHxIZ
         KLj8OaZ3NluI52vclXKf/heoxmPeK4d94nBp6ZMVAktAPyB0EXbwTbXko2X1RDjL/+CP
         Pq1QwU6v06iENONoFvffRgY/VkY22L1y/SIMOyg/cnpl1LFUOI+w9aosN7kDU+1OQRfi
         sGOw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:to:from
         :dkim-signature;
        bh=1YMwtIxdzoz0GddQJf6BDXnPkXKHzTmRRJmREH4GHjM=;
        fh=4lGQI6056MBa4/oovMyIYaKLn+Wz/24RGvUivMmQP8E=;
        b=cSXfQkQ7BiDHpdGG2VHOKQUbKbxKp4/zDTpHOMvWOpnr8doO/rtmNlVtGi05L89njF
         EQSCqbCF1ZynjsrVL2an0S3kj31WP5kh/pZ5hiS+B3RV/g9wQDHNJWnCIGeIO2NhOZVa
         uz19NExNSjKR6FBgceW7luxXc4BhcYQ0F8Huvkz7EVQtWGXWnUf5Jqp1XVg62wUCeStQ
         AF+G8qB/qxNMEoLT9UIoIIFGf224YhL4D0xQuPRpQ82mdB5M3eROSlIkRHoYHHGlDKH2
         0mf2S9Y84iTK7ZioBQ2c77G1IKKm6U5k3UA4CbCrbLgL2HrdWy73mSi9VUiTfBfpU4e+
         IKxw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20230601 header.b=UUjA5N7L;
       spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-bluetooth-owner@vger.kernel.org>
Received: from howler.vger.email (howler.vger.email. [23.128.96.34])
        by mx.google.com with ESMTPS id u13-20020a170902e80d00b001b84f9263e7si4258656plg.325.2023.09.15.16.38.40
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 15 Sep 2023 16:38:41 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) client-ip=23.128.96.34;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20230601 header.b=UUjA5N7L;
       spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
	by howler.vger.email (Postfix) with ESMTP id 92A2B856529B;
	Fri, 15 Sep 2023 16:22:40 -0700 (PDT)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.10 at howler.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S237950AbjIOXWM (ORCPT <rfc822;glenndaneels@gmail.com>
        + 99 others); Fri, 15 Sep 2023 19:22:12 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34824 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S238001AbjIOXVu (ORCPT
        <rfc822;linux-bluetooth@vger.kernel.org>);
        Fri, 15 Sep 2023 19:21:50 -0400
Received: from mail-pf1-x42a.google.com (mail-pf1-x42a.google.com [IPv6:2607:f8b0:4864:20::42a])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F1F6C1FE0
        for <linux-bluetooth@vger.kernel.org>; Fri, 15 Sep 2023 16:21:44 -0700 (PDT)
Received: by mail-pf1-x42a.google.com with SMTP id d2e1a72fcca58-68fe2470d81so2443974b3a.1
        for <linux-bluetooth@vger.kernel.org>; Fri, 15 Sep 2023 16:21:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1694820103; x=1695424903; darn=vger.kernel.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=1YMwtIxdzoz0GddQJf6BDXnPkXKHzTmRRJmREH4GHjM=;
        b=UUjA5N7L53BPWi+X+SqlbZ+wPAYlZSaQNgBnvdTH+VBX9Xm7Zn/nG+b3Nn/O8PL0i5
         u8U/Z6pXeLH140xUuNtZwZYM6Xoh4VS6AcMdrzwHZOS/an3TAgPY3vXPTzfXG1oz9U6f
         xedzO8TQTjmMWrDPJ5eHgSf5sd7Ky1dRb3yz0v0RF4+AwEeT7dUSl8/AwTJ7QsOaeJHb
         m5C8v491SCMSfB2PT1UHWILS3KSqXvEpj/jQdNVC9/3ugZls0lb5OlcLwUcA8Pa/d4K4
         +N5jcrh9beotDkD6EzffYG1gk83W6400y4PpiZLfOe7GVhe1fK1Ea4oUmEw9EuB3SM1f
         z8vQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1694820103; x=1695424903;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=1YMwtIxdzoz0GddQJf6BDXnPkXKHzTmRRJmREH4GHjM=;
        b=OFc+8siV66nGQnHFwh820A728JEfgE//+aWVaMEAwbzGsoMvsTfUEx/s4JfFvukGdC
         t7Pqc7fWEyMVilNtVGLrMZyCj8qggFEUhUN5+KEj8m/6RbGDp8RJIsyS6KOec7tl4gqn
         arue7meNMNYsAomaq0zh2E911cmGi0jq25cNuSJk+DEJYRip+yMYfC9XjYT1fvuyQ6x3
         y8qPHMkrv3fKXM4JrfVOT/lhSaYsZhg7jSXWkEjYSm+fAknw9f8QA1m0yIL2Q1g9DRJc
         21wbhVTqiavI0H+6BOhmkahyVb5c7DqpMsJ5+6N8YWwZIoOVXrbCUihn7x3h3iJFeSVP
         FzTA==
X-Gm-Message-State: AOJu0YzI/y5A2vD/fzsrv5chvP4rO8kss2LLTwDAuRSAh0c1XsjrVmTC
        NFNbi8JkGLUVDAT0QT+5hKaDLxL+U+Q=
X-Received: by 2002:a05:6a00:1a86:b0:68f:bbc3:df44 with SMTP id e6-20020a056a001a8600b0068fbbc3df44mr3663619pfv.0.1694820103583;
        Fri, 15 Sep 2023 16:21:43 -0700 (PDT)
Received: from lvondent-mobl4.. (c-98-232-221-87.hsd1.or.comcast.net. [98.232.221.87])
        by smtp.gmail.com with ESMTPSA id p24-20020aa78618000000b0068746ab9aebsm3583212pfn.14.2023.09.15.16.21.41
        for <linux-bluetooth@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 15 Sep 2023 16:21:42 -0700 (PDT)
From:   Luiz Augusto von Dentz <luiz.dentz@gmail.com>
To:     linux-bluetooth@vger.kernel.org
Subject: [PATCH v2 2/2] Bluetooth: hci_codec: Fix leaking content of local_codecs
Date:   Fri, 15 Sep 2023 16:21:39 -0700
Message-ID: <20230915232139.3661778-2-luiz.dentz@gmail.com>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <20230915232139.3661778-1-luiz.dentz@gmail.com>
References: <20230915232139.3661778-1-luiz.dentz@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,
        RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-bluetooth.vger.kernel.org>
X-Mailing-List: linux-bluetooth@vger.kernel.org
X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (howler.vger.email [0.0.0.0]); Fri, 15 Sep 2023 16:22:40 -0700 (PDT)

From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

The following memory leak can be observed when the controller supports
codecs which are stored in local_codecs list but the elements are never
freed:

unreferenced object 0xffff88800221d840 (size 32):
  comm "kworker/u3:0", pid 36, jiffies 4294898739 (age 127.060s)
  hex dump (first 32 bytes):
    f8 d3 02 03 80 88 ff ff 80 d8 21 02 80 88 ff ff  ..........!.....
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffffb324f557>] __kmalloc+0x47/0x120
    [<ffffffffb39ef37d>] hci_codec_list_add.isra.0+0x2d/0x160
    [<ffffffffb39ef643>] hci_read_codec_capabilities+0x183/0x270
    [<ffffffffb39ef9ab>] hci_read_supported_codecs+0x1bb/0x2d0
    [<ffffffffb39f162e>] hci_read_local_codecs_sync+0x3e/0x60
    [<ffffffffb39ff1b3>] hci_dev_open_sync+0x943/0x11e0
    [<ffffffffb396d55d>] hci_power_on+0x10d/0x3f0
    [<ffffffffb30c99b4>] process_one_work+0x404/0x800
    [<ffffffffb30ca134>] worker_thread+0x374/0x670
    [<ffffffffb30d9108>] kthread+0x188/0x1c0
    [<ffffffffb304db6b>] ret_from_fork+0x2b/0x50
    [<ffffffffb300206a>] ret_from_fork_asm+0x1a/0x30

Cc: stable@vger.kernel.org
Fixes: 8961987f3f5f ("Bluetooth: Enumerate local supported codec and cache details")
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
---
 net/bluetooth/hci_core.c  | 1 +
 net/bluetooth/hci_event.c | 1 +
 net/bluetooth/hci_sync.c  | 1 +
 3 files changed, 3 insertions(+)

diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index 5a7fb496297b..956346dcbf82 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -2785,6 +2785,7 @@ void hci_release_dev(struct hci_dev *hdev)
 	hci_conn_params_clear_all(hdev);
 	hci_discovery_filter_clear(hdev);
 	hci_blocked_keys_clear(hdev);
+	hci_codec_list_clear(&hdev->local_codecs);
 	hci_dev_unlock(hdev);
 
 	ida_simple_remove(&hci_index_ida, hdev->id);
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index d532f4c139f9..d242f956dea8 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -33,6 +33,7 @@
 
 #include "hci_request.h"
 #include "hci_debugfs.h"
+#include "hci_codec.h"
 #include "a2mp.h"
 #include "amp.h"
 #include "smp.h"
diff --git a/net/bluetooth/hci_sync.c b/net/bluetooth/hci_sync.c
index 1be5763c261c..3640d73f9595 100644
--- a/net/bluetooth/hci_sync.c
+++ b/net/bluetooth/hci_sync.c
@@ -5074,6 +5074,7 @@ int hci_dev_close_sync(struct hci_dev *hdev)
 	memset(hdev->eir, 0, sizeof(hdev->eir));
 	memset(hdev->dev_class, 0, sizeof(hdev->dev_class));
 	bacpy(&hdev->random_addr, BDADDR_ANY);
+	hci_codec_list_clear(&hdev->local_codecs);
 
 	hci_dev_put(hdev);
 	return err;
-- 
2.41.0