From mboxrd@z Thu Jan 1 00:00:00 1970 From: Bharath Vedartham Subject: [PATCH] dma-buf: Fix memory leak in dma_buf_set_name Date: Fri, 16 Aug 2019 23:30:22 +0530 Message-ID: <1565978422-9661-1-git-send-email-linux.bhar@gmail.com> Return-path: Sender: linux-kernel-owner@vger.kernel.org To: sumit.semwal@linaro.org Cc: linux-media@vger.kernel.org, dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, linux-kernel@vger.kernel.org, Bharath Vedartham List-Id: dri-devel@lists.freedesktop.org This patch fixes a memory leak bug reported by syzbot. Link to the bug is given at [1]. A local variable name is used to hold the copied user buffer string using strndup_user. strndup_user allocates memory using kmalloc_track_caller in memdup_user. This kmalloc allocation needs to be followed by a kfree. This patch has been tested by a compile test. [1] https://syzkaller.appspot.com/bug?id=ce692a3aa13e00e335e090be7846c6eb60ddff7a Reported-by: syzbot+b2098bc44728a4efb3e9@syzkaller.appspotmail.com Signed-off-by: Bharath Vedartham --- drivers/dma-buf/dma-buf.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/dma-buf/dma-buf.c b/drivers/dma-buf/dma-buf.c index f45bfb2..9798f6d 100644 --- a/drivers/dma-buf/dma-buf.c +++ b/drivers/dma-buf/dma-buf.c @@ -342,6 +342,7 @@ static long dma_buf_set_name(struct dma_buf *dmabuf, const char __user *buf) } kfree(dmabuf->name); dmabuf->name = name; + kfree(name); out_unlock: mutex_unlock(&dmabuf->lock); -- 2.7.4