git.fsl.cs.sunysb.edu Git - wrapfs-2.6.38.y.git/commit

author	Daniel Rosenberg <drosen@google.com>
	Tue, 25 Jan 2022 14:18:07 +0000 (14:18 +0000)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sat, 29 Jan 2022 09:15:58 +0000 (10:15 +0100)
commit	a8200613c8c9fbaf7b55d4d438376ebaf0c4ce7e
tree	db97e5742e17e173348c11375425afa33c96c762	tree \| snapshot
parent	504e1d6ee65d5b5a053253ae62f46035d774353c	commit \| diff

ion: Protect kref from userspace manipulation

This separates the kref for ion handles into two components.
Userspace requests through the ioctl will hold at most one
reference to the internally used kref. All additional requests
will increment a separate counter, and the original reference is
only put once that counter hits 0. This protects the kernel from
a poorly behaving userspace.

Signed-off-by: Daniel Rosenberg <drosen@google.com>
[d-cagle@codeaurora.org: Resolve style issues]
Signed-off-by: Dennis Cagle <d-cagle@codeaurora.org>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

drivers/staging/android/ion/ion-ioctl.c		diff \| blob \| history
drivers/staging/android/ion/ion.c		diff \| blob \| history
drivers/staging/android/ion/ion_priv.h		diff \| blob \| history