Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 22078800 authored by Marcel Holtmann's avatar Marcel Holtmann Committed by Johan Hedberg
Browse files

Bluetooth: Fix memory leaks from discovery filter UUID list 



In case of failure or when unplugging a controller, the allocated
memory for the UUID list of the discovery filter is not freed. Use
the newly introduced helper for reset the discovery filter and with
that also freeing existing memory.

Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
Signed-off-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
parent 0256325e

net/bluetooth/hci_core.c

+1 −0
Original line number Diff line number Diff line
@@ -4255,6 +4255,7 @@ void hci_unregister_dev(struct hci_dev *hdev) 
	hci_remote_oob_data_clear(hdev);

	hci_bdaddr_list_clear(&hdev->le_white_list);

	hci_conn_params_clear_all(hdev);

	hci_discovery_filter_clear(hdev);

	hci_dev_unlock(hdev);



	hci_dev_put(hdev);

net/bluetooth/mgmt.c

+10 −2
Original line number Diff line number Diff line
@@ -3870,9 +3870,12 @@ static int start_discovery(struct sock *sk, struct hci_dev *hdev, 
		goto failed;

	}



	/* Clear the discovery filter first to free any previously

	 * allocated memory for the UUID list.

	 */

	hci_discovery_filter_clear(hdev);



	hdev->discovery.type = cp->type;

	hdev->discovery.rssi = HCI_RSSI_INVALID;

	hdev->discovery.uuid_count = 0;



	hci_req_init(&req, hdev);
@@ -3957,6 +3960,11 @@ static int start_service_discovery(struct sock *sk, struct hci_dev *hdev, 
		goto failed;

	}



	/* Clear the discovery filter first to free any previously

	 * allocated memory for the UUID list.

	 */

	hci_discovery_filter_clear(hdev);



	hdev->discovery.type = cp->type;

	hdev->discovery.rssi = cp->rssi;

	hdev->discovery.uuid_count = uuid_count;