Hi,
On Sat, Jun 21, 2025 at 10:51 AM Jakub Kicinski <kuba@xxxxxxxxxx> wrote:
>
> On Fri, 20 Jun 2025 13:57:47 -0400 Luiz Augusto von Dentz wrote:
> > bluetooth pull request for net:
> >
> > - L2CAP: Fix L2CAP MTU negotiation
> > - hci_core: Fix use-after-free in vhci_flush()
> > - btintel_pcie: Fix potential race condition in firmware download
> > - hci_qca: fix unable to load the BT driver
>
> commit 135c1294c585cf8
>
> alloc_size = sizeof(*hdev);
> if (sizeof_priv) {
> /* Fixme: May need ALIGN-ment? */
> alloc_size += sizeof_priv;
> }
>
> hdev = kzalloc(alloc_size, GFP_KERNEL);
> if (!hdev)
> return NULL;
>
> + if (init_srcu_struct(&hdev->srcu))
> + return NULL;
> +
> hdev->pkt_type = (HCI_DM1 | HCI_DH1 | HCI_HV1);
>
> Isn't this leaking hdev?
Yeah looks like we shall free the hdev before returning NULL, will fix
that and resend.
--
Luiz Augusto von Dentz
