Bluetooth: Fix memory leak with L2CAP channels (6ff5abbf) · Commits · e / devices / android_kernel_teracube_2e

include/net/bluetooth/l2cap.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -469,6 +469,7 @@ struct sock l2cap_sock_alloc(struct net net, struct socket *sock,
		void l2cap_send_disconn_req(struct l2cap_conn conn, struct l2cap_chan chan, int err);
		struct l2cap_chan l2cap_chan_alloc(struct sock sk);
		void l2cap_chan_del(struct l2cap_chan *chan, int err);
		void l2cap_chan_free(struct l2cap_chan *chan);
		int l2cap_chan_connect(struct l2cap_chan *chan);

		#endif /* __L2CAP_H */

+6 −4

Original line number	Diff line number	Diff line
		@@ -160,6 +160,11 @@ struct l2cap_chan l2cap_chan_alloc(struct sock sk)
		return chan;
		}

		void l2cap_chan_free(struct l2cap_chan *chan)
		{
		kfree(chan);
		}

		static void __l2cap_chan_add(struct l2cap_conn conn, struct l2cap_chan chan)
		{
		struct sock *sk = chan->sk;
		@@ -236,7 +241,7 @@ void l2cap_chan_del(struct l2cap_chan *chan, int err)

		if (!(chan->conf_state & L2CAP_CONF_OUTPUT_DONE &&
		chan->conf_state & L2CAP_CONF_INPUT_DONE))
		goto free;
		return;

		skb_queue_purge(&chan->tx_q);

		@@ -255,9 +260,6 @@ void l2cap_chan_del(struct l2cap_chan *chan, int err)
		kfree(l);
		}
		}

		free:
		kfree(chan);
		}

		static inline u8 l2cap_get_auth_type(struct l2cap_chan *chan)

+2 −0

Original line number	Diff line number	Diff line
		@@ -849,6 +849,8 @@ void l2cap_sock_kill(struct sock *sk)
		BT_DBG("sk %p state %d", sk, sk->sk_state);

		/* Kill poor orphan */

		l2cap_chan_free(l2cap_pi(sk)->chan);
		bt_sock_unlink(&l2cap_sk_list, sk);
		sock_set_flag(sk, SOCK_DEAD);
		sock_put(sk);