]> Git Repo - linux.git/commitdiff
projects / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c65b229)
ntsync: Fix reference leaks in the remaining create ioctls.
authorElizabeth Figura <[email protected]>
Thu, 16 Jan 2025 19:07:17 +0000 (13:07 -0600)
committerGreg Kroah-Hartman <[email protected]>
Fri, 17 Jan 2025 12:10:07 +0000 (13:10 +0100)
When ntsync_obj_get_fd() fails, we free the ntsync object but forget to drop the
"file" member.

This was fixed for semaphores in 0e7d523b5f7a23b1dc6ceceb04e31a60e9e3321d, but
that commit did not fix the similar leak for events and mutexes, since they were
part of patches not yet in the mainline kernel. Fix those cases.

Fixes: 5bc2479a3585b "ntsync: Introduce NTSYNC_IOC_CREATE_MUTEX."
Fixes: 4c7404b9c2b57 "ntsync: Introduce NTSYNC_IOC_CREATE_EVENT."
Signed-off-by: Elizabeth Figura <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Greg Kroah-Hartman <[email protected]>
drivers/misc/ntsync.c patch | blob | blame | history

diff --git a/drivers/misc/ntsync.c b/drivers/misc/ntsync.c
index b6441e9789744dc67b863594f68c1d09d974fbd6..055395cde42b66c8e1949b3c2f1816c4e6bca7cc 100644 (file)
--- a/drivers/misc/ntsync.c
+++ b/drivers/misc/ntsync.c
@@ -781,7 +781,7 @@ static int ntsync_create_mutex(struct ntsync_device *dev, void __user *argp)
        mutex->u.mutex.owner = args.owner;
        fd = ntsync_obj_get_fd(mutex);
        if (fd < 0)
-               kfree(mutex);
+               ntsync_free_obj(mutex);
 
        return fd;
 }
@@ -802,7 +802,7 @@ static int ntsync_create_event(struct ntsync_device *dev, void __user *argp)
        event->u.event.signaled = args.signaled;
        fd = ntsync_obj_get_fd(event);
        if (fd < 0)
-               kfree(event);
+               ntsync_free_obj(event);
 
        return fd;
 }
Empty description
This page took 0.053322 seconds and 4 git commands to generate.