From 0d8b5323f86e992177e9995a7e5e0ee163575ee9 Mon Sep 17 00:00:00 2001 From: Mitchel Humpherys Date: Wed, 18 Dec 2013 22:10:07 -0800 Subject: [PATCH] ion: store a copy of the client name on client creation Currently, we copy the pointer passed in to ion_client_create without making a copy of the string itself. This approach is problematic since it relies on the client keeping the name string in working order. Change-Id: I62d79c7539b2c857a5a625339d49c9c892e8622d Signed-off-by: Mitchel Humpherys --- drivers/staging/android/ion/ion.c | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/drivers/staging/android/ion/ion.c b/drivers/staging/android/ion/ion.c index ada4a02e1ef2..7627ffbc8360 100644 --- a/drivers/staging/android/ion/ion.c +++ b/drivers/staging/android/ion/ion.c @@ -734,19 +734,18 @@ struct ion_client *ion_client_create(struct ion_device *dev, task_unlock(current->group_leader); client = kzalloc(sizeof(struct ion_client), GFP_KERNEL); - if (!client) { - if (task) - put_task_struct(current->group_leader); - return ERR_PTR(-ENOMEM); - } + if (!client) + goto err_put_task_struct; client->dev = dev; client->handles = RB_ROOT; idr_init(&client->idr); mutex_init(&client->lock); - client->name = name; client->task = task; client->pid = pid; + client->name = kstrdup(name, GFP_KERNEL); + if (!client->name) + goto err_free_client; down_write(&dev->lock); p = &dev->clients.rb_node; @@ -775,6 +774,13 @@ struct ion_client *ion_client_create(struct ion_device *dev, up_write(&dev->lock); return client; + +err_free_client: + kfree(client); +err_put_task_struct: + if (task) + put_task_struct(current->group_leader); + return ERR_PTR(-ENOMEM); } EXPORT_SYMBOL(ion_client_create); @@ -799,6 +805,7 @@ void ion_client_destroy(struct ion_client *client) debugfs_remove_recursive(client->debug_root); up_write(&dev->lock); + kfree(client->name); kfree(client); } EXPORT_SYMBOL(ion_client_destroy); -- 2.34.1