diff options
| author | Jann Horn <jannh@google.com> | 2024-12-04 17:26:21 +0100 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-12-27 14:02:10 +0100 |
| commit | c9fc8428d4255c2128da9c4d5cd92e554d0150cf (patch) | |
| tree | 09d91365211cc6c7840d985723e120cab565f496 /scripts/stackusage | |
| parent | 8e86e9909ad204c4fa2e05fb0bb6583c839a9602 (diff) | |
| download | linux-c9fc8428d4255c2128da9c4d5cd92e554d0150cf.tar.gz linux-c9fc8428d4255c2128da9c4d5cd92e554d0150cf.tar.bz2 linux-c9fc8428d4255c2128da9c4d5cd92e554d0150cf.zip | |
udmabuf: fix memory leak on last export_udmabuf() error path
[ Upstream commit f49856f525acd5bef52ae28b7da2e001bbe7439e ]
In export_udmabuf(), if dma_buf_fd() fails because the FD table is full, a
dma_buf owning the udmabuf has already been created; but the error handling
in udmabuf_create() will tear down the udmabuf without doing anything about
the containing dma_buf.
This leaves a dma_buf in memory that contains a dangling pointer; though
that doesn't seem to lead to anything bad except a memory leak.
Fix it by moving the dma_buf_fd() call out of export_udmabuf() so that we
can give it different error handling.
Note that the shape of this code changed a lot in commit 5e72b2b41a21
("udmabuf: convert udmabuf driver to use folios"); but the memory leak
seems to have existed since the introduction of udmabuf.
Fixes: fbb0de795078 ("Add udmabuf misc device")
Acked-by: Vivek Kasireddy <vivek.kasireddy@intel.com>
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Vivek Kasireddy <vivek.kasireddy@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20241204-udmabuf-fixes-v2-3-23887289de1c@google.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'scripts/stackusage')
0 files changed, 0 insertions, 0 deletions