staging: ion: Store a copy of the client name on client creation

Currently, we copy the pointer passed in to ion_client_create without
making a copy of the string itself. This approach is problematic since
it relies on the client keeping the name string in working order.

Cc: Colin Cross <ccross@android.com>
Cc: Android Kernel Team <kernel-team@android.com>
Signed-off-by: Mitchel Humpherys <mitchelh@codeaurora.org>
[jstultz: Minor commit subject tweaks]
Signed-off-by: John Stultz <john.stultz@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/staging/android/ion/ion.c b/drivers/staging/android/ion/ion.c
index 4869420..eac4bce 100644 (file)
--- a/drivers/staging/android/ion/ion.c
+++ b/drivers/staging/android/ion/ion.c
@@ -735,19 +735,18 @@ struct ion_client *ion_client_create(struct ion_device *dev,
        task_unlock(current->group_leader);
 
        client = kzalloc(sizeof(struct ion_client), GFP_KERNEL);
-       if (!client) {
-               if (task)
-                       put_task_struct(current->group_leader);
-               return ERR_PTR(-ENOMEM);
-       }
+       if (!client)
+               goto err_put_task_struct;
 
        client->dev = dev;
        client->handles = RB_ROOT;
        idr_init(&client->idr);
        mutex_init(&client->lock);
-       client->name = name;
        client->task = task;
        client->pid = pid;
+       client->name = kstrdup(name, GFP_KERNEL);
+       if (!client->name)
+               goto err_free_client;
 
        down_write(&dev->lock);
        p = &dev->clients.rb_node;
@@ -776,6 +775,13 @@ struct ion_client *ion_client_create(struct ion_device *dev,
        up_write(&dev->lock);
 
        return client;
+
+err_free_client:
+       kfree(client);
+err_put_task_struct:
+       if (task)
+               put_task_struct(current->group_leader);
+       return ERR_PTR(-ENOMEM);
 }
 EXPORT_SYMBOL(ion_client_create);
 
@@ -800,6 +806,7 @@ void ion_client_destroy(struct ion_client *client)
        debugfs_remove_recursive(client->debug_root);
        up_write(&dev->lock);
 
+       kfree(client->name);
        kfree(client);
 }
 EXPORT_SYMBOL(ion_client_destroy);