projects / wrapfs-4.13.y.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a820061) | patch
ion: Do not 'put' ION handle until after its final use
authorLee Jones <lee.jones@linaro.org>
Tue, 25 Jan 2022 14:18:08 +0000 (14:18 +0000)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Sat, 29 Jan 2022 09:15:58 +0000 (10:15 +0100)
commitc47385c73fced27375559d1a2eb10f165a0869b0
tree1e6820d8f09d750e1c4fce56115d35cfe3ef17e6tree | snapshot
parenta8200613c8c9fbaf7b55d4d438376ebaf0c4ce7ecommit | diff
ion: Do not 'put' ION handle until after its final use

pass_to_user() eventually calls kref_put() on an ION handle which is
still live, potentially allowing for it to be legitimately freed by
the client.

Prevent this from happening before its final use in both ION_IOC_ALLOC
and ION_IOC_IMPORT.

Signed-off-by: Lee Jones <lee.jones@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/staging/android/ion/ion-ioctl.c diff | blob | history
wrapfs-4.13.y