Re: [PATCH] dma-buf: free dmabuf->name in dma_buf_release()

From: Chenbo Feng
Date: Tue Feb 18 2020 - 13:41:31 EST

Next message: Christoph Hellwig: "take the bus_dma_limit into account on arm"
Previous message: Jordan Crouse: "Re: [RFC PATCH v1] iommu/arm-smmu: Allow domains to choose a context bank"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Acked-by: Chenbo Feng <fengc@xxxxxxxxxx>

On Thu, Dec 26, 2019 at 10:32 PM Cong Wang <xiyou.wangcong@xxxxxxxxx> wrote:
>
> dma-buff name can be set via DMA_BUF_SET_NAME ioctl, but once set
> it never gets freed.
>
> Free it in dma_buf_release().
>
> Fixes: bb2bb9030425 ("dma-buf: add DMA_BUF_SET_NAME ioctls")
> Reported-by: syzbot+b2098bc44728a4efb3e9@xxxxxxxxxxxxxxxxxxxxxxxxx
> Cc: Greg Hackmann <ghackmann@xxxxxxxxxx>
> Cc: Chenbo Feng <fengc@xxxxxxxxxx>
> Cc: Sumit Semwal <sumit.semwal@xxxxxxxxxx>
> Signed-off-by: Cong Wang <xiyou.wangcong@xxxxxxxxx>
> ---
> drivers/dma-buf/dma-buf.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/drivers/dma-buf/dma-buf.c b/drivers/dma-buf/dma-buf.c
> index ce41cd9b758a..2427398ff22a 100644
> --- a/drivers/dma-buf/dma-buf.c
> +++ b/drivers/dma-buf/dma-buf.c
> @@ -108,6 +108,7 @@ static int dma_buf_release(struct inode *inode, struct file *file)
> dma_resv_fini(dmabuf->resv);
>
> module_put(dmabuf->owner);
> + kfree(dmabuf->name);
> kfree(dmabuf);
> return 0;
> }
> --
> 2.21.0
>

Next message: Christoph Hellwig: "take the bus_dma_limit into account on arm"
Previous message: Jordan Crouse: "Re: [RFC PATCH v1] iommu/arm-smmu: Allow domains to choose a context bank"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]