[PATCH] dma-buf: call kfree() w/o mutex held in dma_buf_attach()
Emil Velikov
emil.l.velikov at gmail.com
Thu Apr 25 15:48:50 UTC 2019
From: Emil Velikov <emil.velikov at collabora.com>
In dma_buf_attach() we allocate memory w/o a mutex being held, thus in
the error path we should kfree() it after the mutex_unlock.
The inverse function dma_buf_deattach() gets this right.
Cc: Sumit Semwal <sumit.semwal at linaro.org>
Signed-off-by: Emil Velikov <emil.velikov at collabora.com>
---
drivers/dma-buf/dma-buf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/dma-buf/dma-buf.c b/drivers/dma-buf/dma-buf.c
index 3ae6c0c2cc02..57ddeb735b8b 100644
--- a/drivers/dma-buf/dma-buf.c
+++ b/drivers/dma-buf/dma-buf.c
@@ -579,8 +579,8 @@ struct dma_buf_attachment *dma_buf_attach(struct dma_buf *dmabuf,
return attach;
err_attach:
- kfree(attach);
mutex_unlock(&dmabuf->lock);
+ kfree(attach);
return ERR_PTR(ret);
}
EXPORT_SYMBOL_GPL(dma_buf_attach);
--
2.21.0
More information about the dri-devel
mailing list