From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
Navid Emamdoost <navid.emamdoost@gmail.com>,
Daniel Vetter <daniel.vetter@ffwll.ch>
Subject: [PATCH 4.14 30/36] dma-buf: Fix memory leak in sync_file_merge()
Date: Thu, 19 Dec 2019 19:34:47 +0100 [thread overview]
Message-ID: <20191219182923.110075074@linuxfoundation.org> (raw)
In-Reply-To: <20191219182848.708141124@linuxfoundation.org>
From: Navid Emamdoost <navid.emamdoost@gmail.com>
commit 6645d42d79d33e8a9fe262660a75d5f4556bbea9 upstream.
In the implementation of sync_file_merge() the allocated sync_file is
leaked if number of fences overflows. Release sync_file by goto err.
Fixes: a02b9dc90d84 ("dma-buf/sync_file: refactor fence storage in struct sync_file")
Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Link: https://patchwork.freedesktop.org/patch/msgid/20191122220957.30427-1-navid.emamdoost@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/dma-buf/sync_file.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/dma-buf/sync_file.c
+++ b/drivers/dma-buf/sync_file.c
@@ -230,7 +230,7 @@ static struct sync_file *sync_file_merge
a_fences = get_fences(a, &a_num_fences);
b_fences = get_fences(b, &b_num_fences);
if (a_num_fences > INT_MAX - b_num_fences)
- return NULL;
+ goto err;
num_fences = a_num_fences + b_num_fences;
next prev parent reply other threads:[~2019-12-19 19:01 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-19 18:34 [PATCH 4.14 00/36] 4.14.160-stable review Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 01/36] net: bridge: deny dev_set_mac_address() when unregistering Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 02/36] net: dsa: fix flow dissection on Tx path Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 03/36] net: ethernet: ti: cpsw: fix extra rx interrupt Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 04/36] net: thunderx: start phy before starting autonegotiation Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 05/36] openvswitch: support asymmetric conntrack Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 06/36] tcp: md5: fix potential overestimation of TCP option space Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 07/36] tipc: fix ordering of tipc module init and exit routine Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 08/36] tcp: fix rejected syncookies due to stale timestamps Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 09/36] tcp: tighten acceptance of ACKs not matching a child socket Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 10/36] tcp: Protect accesses to .ts_recent_stamp with {READ,WRITE}_ONCE() Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 11/36] inet: protect against too small mtu values Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 12/36] nvme: host: core: fix precedence of ternary operator Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 13/36] Revert "regulator: Defer init completion for a while after late_initcall" Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 14/36] PCI/PM: Always return devices to D0 when thawing Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 15/36] PCI: Fix Intel ACS quirk UPDCR register address Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 16/36] PCI/MSI: Fix incorrect MSI-X masking on resume Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 17/36] PCI: Apply Cavium ACS quirk to ThunderX2 and ThunderX3 Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 18/36] xtensa: fix TLB sanity checker Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 19/36] rpmsg: glink: Set tail pointer to 0 at end of FIFO Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 20/36] rpmsg: glink: Fix reuse intents memory leak issue Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 21/36] rpmsg: glink: Fix use after free in open_ack TIMEOUT case Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 22/36] rpmsg: glink: Put an extra reference during cleanup Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 23/36] rpmsg: glink: Fix rpmsg_register_device err handling Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 24/36] rpmsg: glink: Dont send pending rx_done during remove Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 25/36] rpmsg: glink: Free pending deferred work on remove Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 26/36] CIFS: Respect O_SYNC and O_DIRECT flags during reconnect Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 27/36] ARM: dts: s3c64xx: Fix init order of clock providers Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 28/36] ARM: tegra: Fix FLOW_CTLR_HALT register clobbering by tegra_resume() Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 29/36] vfio/pci: call irq_bypass_unregister_producer() before freeing irq Greg Kroah-Hartman
2019-12-19 18:34 ` Greg Kroah-Hartman [this message]
2019-12-19 18:34 ` [PATCH 4.14 31/36] dm btree: increase rebalance threshold in __rebalance2() Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 32/36] scsi: iscsi: Fix a potential deadlock in the timeout handler Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 33/36] drm/radeon: fix r1xx/r2xx register checker for POT textures Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 34/36] xhci: fix USB3 device initiated resume race with roothub autosuspend Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 35/36] net: stmmac: use correct DMA buffer size in the RX descriptor Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 36/36] net: stmmac: dont stop NAPI processing when dropping a packet Greg Kroah-Hartman
2019-12-20 4:39 ` [PATCH 4.14 00/36] 4.14.160-stable review shuah
2019-12-20 5:34 ` Naresh Kamboju
2019-12-20 10:29 ` Jon Hunter
2019-12-20 18:48 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191219182923.110075074@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=daniel.vetter@ffwll.ch \
--cc=linux-kernel@vger.kernel.org \
--cc=navid.emamdoost@gmail.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).