1. Patchew
  2. Xen
  3. View series

[PATCH] drm/xen: fix potential memleak in error branch

Bernard Zhao posted 1 patch 2 years, 5 months ago
Failed in applying to current master (apply log)
drivers/gpu/drm/xen/xen_drm_front_gem.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
[PATCH] drm/xen: fix potential memleak in error branch
Posted by Bernard Zhao 2 years, 5 months ago 
In function xen_drm_front_gem_import_sg_table, if in error branch,
there maybe potential memleak if not call gem_free_pages_array.

Signed-off-by: Bernard Zhao <bernard@vivo.com>
---
 drivers/gpu/drm/xen/xen_drm_front_gem.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/drivers/gpu/drm/xen/xen_drm_front_gem.c b/drivers/gpu/drm/xen/xen_drm_front_gem.c
index b293c67230ef..732c3eec0666 100644
--- a/drivers/gpu/drm/xen/xen_drm_front_gem.c
+++ b/drivers/gpu/drm/xen/xen_drm_front_gem.c
@@ -222,15 +222,19 @@ xen_drm_front_gem_import_sg_table(struct drm_device *dev,
 
 	ret = drm_prime_sg_to_page_array(sgt, xen_obj->pages,
 					 xen_obj->num_pages);
-	if (ret < 0)
+	if (ret < 0) {
+		gem_free_pages_array(xen_obj);
 		return ERR_PTR(ret);
+	}
 
 	ret = xen_drm_front_dbuf_create(drm_info->front_info,
 					xen_drm_front_dbuf_to_cookie(&xen_obj->base),
 					0, 0, 0, size, sgt->sgl->offset,
 					xen_obj->pages);
-	if (ret < 0)
+	if (ret < 0) {
+		gem_free_pages_array(xen_obj);
 		return ERR_PTR(ret);
+	}
 
 	DRM_DEBUG("Imported buffer of size %zu with nents %u\n",
 		  size, sgt->orig_nents);
-- 
2.33.1
Re: [PATCH] drm/xen: fix potential memleak in error branch
Posted by Oleksandr Andrushchenko 2 years, 5 months ago 
Hi, Bernard!

On 15.11.21 05:45, Bernard Zhao wrote:
> In function xen_drm_front_gem_import_sg_table, if in error branch,
> there maybe potential memleak if not call gem_free_pages_array.
>
> Signed-off-by: Bernard Zhao <bernard@vivo.com>
> ---
>   drivers/gpu/drm/xen/xen_drm_front_gem.c | 8 ++++++--
>   1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/gpu/drm/xen/xen_drm_front_gem.c b/drivers/gpu/drm/xen/xen_drm_front_gem.c
> index b293c67230ef..732c3eec0666 100644
> --- a/drivers/gpu/drm/xen/xen_drm_front_gem.c
> +++ b/drivers/gpu/drm/xen/xen_drm_front_gem.c
> @@ -222,15 +222,19 @@ xen_drm_front_gem_import_sg_table(struct drm_device *dev,
>   
>   	ret = drm_prime_sg_to_page_array(sgt, xen_obj->pages,
>   					 xen_obj->num_pages);
> -	if (ret < 0)
> +	if (ret < 0) {
> +		gem_free_pages_array(xen_obj);
>   		return ERR_PTR(ret);
> +	}
This will be deleted on the fail path of the import by removing the GEM
object, so xen_drm_front_gem_free_object_unlocked will take care of this
>   
>   	ret = xen_drm_front_dbuf_create(drm_info->front_info,
>   					xen_drm_front_dbuf_to_cookie(&xen_obj->base),
>   					0, 0, 0, size, sgt->sgl->offset,
>   					xen_obj->pages);
> -	if (ret < 0)
> +	if (ret < 0) {
> +		gem_free_pages_array(xen_obj);
>   		return ERR_PTR(ret);
> +	}
>   
>   	DRM_DEBUG("Imported buffer of size %zu with nents %u\n",
>   		  size, sgt->orig_nents);
Thank you,
Oleksandr

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.