From: Marcel Holtmann Date: Sun, 6 Jul 2014 13:36:15 +0000 (+0200) Subject: Bluetooth: Fix memory leaking when hdev->send returns an error X-Git-Tag: firefly_0821_release~176^2~3474^2~12^2~41^2~110 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=cdc52faac5f341beaff036828b9459f7c8dd7296;p=firefly-linux-kernel-4.4.55.git Bluetooth: Fix memory leaking when hdev->send returns an error The drivers are allowed to just return an error from hdev->send callback and in that case the driver does not own the SKB. Which means that the caller has to free the SKB. Signed-off-by: Marcel Holtmann Signed-off-by: Johan Hedberg --- diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c index fc7abd3c012d..b02454ab07ee 100644 --- a/net/bluetooth/hci_core.c +++ b/net/bluetooth/hci_core.c @@ -4339,6 +4339,8 @@ EXPORT_SYMBOL(hci_unregister_cb); static void hci_send_frame(struct hci_dev *hdev, struct sk_buff *skb) { + int err; + BT_DBG("%s type %d len %d", hdev->name, bt_cb(skb)->pkt_type, skb->len); /* Time stamp */ @@ -4355,8 +4357,11 @@ static void hci_send_frame(struct hci_dev *hdev, struct sk_buff *skb) /* Get rid of skb owner, prior to sending to the driver. */ skb_orphan(skb); - if (hdev->send(hdev, skb) < 0) - BT_ERR("%s sending frame failed", hdev->name); + err = hdev->send(hdev, skb); + if (err < 0) { + BT_ERR("%s sending frame failed (%d)", hdev->name, err); + kfree_skb(skb); + } } void hci_req_init(struct hci_request *req, struct hci_dev *hdev)