drm_syncobj_find_fence() calls drm_syncobj_find() to obtain a
reference on syncobj, then checks the flags validity. If the flags
are invalid, it returns -EINVAL without releasing the syncobj
reference obtained earlier.
Fix this by using goto to release the reference on error paths.
Cc: stable@vger.kernel.org
Fixes: 18226ba52159 ("drm/syncobj: reject invalid flags in drm_syncobj_find_fence")
Signed-off-by: Wentao Liang <vulab@iscas.ac.cn>
---
drivers/gpu/drm/drm_syncobj.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/drivers/gpu/drm/drm_syncobj.c b/drivers/gpu/drm/drm_syncobj.c
index 8d9fd1917c6e..0e986daa8ff9 100644
--- a/drivers/gpu/drm/drm_syncobj.c
+++ b/drivers/gpu/drm/drm_syncobj.c
@@ -442,11 +442,15 @@ int drm_syncobj_find_fence(struct drm_file *file_private,
u64 timeout = nsecs_to_jiffies64(DRM_SYNCOBJ_WAIT_FOR_SUBMIT_TIMEOUT);
int ret;
- if (flags & ~DRM_SYNCOBJ_WAIT_FLAGS_WAIT_FOR_SUBMIT)
- return -EINVAL;
+ if (flags & ~DRM_SYNCOBJ_WAIT_FLAGS_WAIT_FOR_SUBMIT) {
+ ret = -EINVAL;
+ goto out;
+ }
- if (!syncobj)
- return -ENOENT;
+ if (!syncobj) {
+ ret = -ENOENT;
+ goto out;
+ }
/* Waiting for userspace with locks help is illegal cause that can
* trivial deadlock with page faults for example. Make lockdep complain
--
2.34.1