Re: [PATCH] dma-buf: free dmabuf->name in dma_buf_release()

From: Cong Wang
Date: Thu Feb 27 2020 - 16:38:20 EST

Next message: Mike Kravetz: "Re: [PATCH v2] mm/hugetlb: fix a addressing exception caused by huge_pte_offset()"
Previous message: Rik van Riel: "[PATCH 1/2] mm,compaction,cma: add alloc_contig flag to compact_control"
In reply to: Andrew Morton: "Re: [PATCH] dma-buf: free dmabuf->name in dma_buf_release()"
Next in thread: Andrew Morton: "Re: [PATCH] dma-buf: free dmabuf->name in dma_buf_release()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Feb 25, 2020 at 5:54 PM Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> wrote:
>
> On Tue, 25 Feb 2020 12:44:46 -0800 Cong Wang <xiyou.wangcong@xxxxxxxxx> wrote:
>
> > dma-buff name can be set via DMA_BUF_SET_NAME ioctl, but once set
> > it never gets freed.
> >
> > Free it in dma_buf_release().
> >
> > ...
> >
> > --- a/drivers/dma-buf/dma-buf.c
> > +++ b/drivers/dma-buf/dma-buf.c
> > @@ -108,6 +108,7 @@ static int dma_buf_release(struct inode *inode, struct file *file)
> > dma_resv_fini(dmabuf->resv);
> >
> > module_put(dmabuf->owner);
> > + kfree(dmabuf->name);
> > kfree(dmabuf);
> > return 0;
> > }
>
> ow. Is that ioctl privileged?

It looks unprivileged to me, as I don't see capable() called along
the path.

Thanks.

Next message: Mike Kravetz: "Re: [PATCH v2] mm/hugetlb: fix a addressing exception caused by huge_pte_offset()"
Previous message: Rik van Riel: "[PATCH 1/2] mm,compaction,cma: add alloc_contig flag to compact_control"
In reply to: Andrew Morton: "Re: [PATCH] dma-buf: free dmabuf->name in dma_buf_release()"
Next in thread: Andrew Morton: "Re: [PATCH] dma-buf: free dmabuf->name in dma_buf_release()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]