2023-01-02 15:16:42

by Dmitry Osipenko

[permalink] [raw]
Subject: Re: [PATCH] drm/virtio: Fix memory leak in virtio_gpu_object_create()

On 11/9/22 12:19, Xiu Jianfeng wrote:
> The virtio_gpu_object_shmem_init() will alloc memory and save it in
> @ents, so when virtio_gpu_array_alloc() fails, this memory should be
> freed, this patch fixes it.
>
> Fixes: e7fef0923303 ("drm/virtio: Simplify error handling of virtio_gpu_object_create()")
> Signed-off-by: Xiu Jianfeng <[email protected]>
> ---
> drivers/gpu/drm/virtio/virtgpu_object.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/gpu/drm/virtio/virtgpu_object.c b/drivers/gpu/drm/virtio/virtgpu_object.c
> index 8d7728181de0..c7e74cf13022 100644
> --- a/drivers/gpu/drm/virtio/virtgpu_object.c
> +++ b/drivers/gpu/drm/virtio/virtgpu_object.c
> @@ -184,7 +184,7 @@ int virtio_gpu_object_create(struct virtio_gpu_device *vgdev,
> struct virtio_gpu_object_array *objs = NULL;
> struct drm_gem_shmem_object *shmem_obj;
> struct virtio_gpu_object *bo;
> - struct virtio_gpu_mem_entry *ents;
> + struct virtio_gpu_mem_entry *ents = NULL;
> unsigned int nents;
> int ret;
>
> @@ -210,7 +210,7 @@ int virtio_gpu_object_create(struct virtio_gpu_device *vgdev,
> ret = -ENOMEM;
> objs = virtio_gpu_array_alloc(1);
> if (!objs)
> - goto err_put_id;
> + goto err_free_entry;
> virtio_gpu_array_add_obj(objs, &bo->base.base);
>
> ret = virtio_gpu_array_lock_resv(objs);
> @@ -239,6 +239,8 @@ int virtio_gpu_object_create(struct virtio_gpu_device *vgdev,
>
> err_put_objs:
> virtio_gpu_array_put_free(objs);
> +err_free_entry:
> + kvfree(ents);
> err_put_id:
> virtio_gpu_resource_id_put(vgdev, bo->hw_res_handle);
> err_free_gem:

Applied to drm-misc-fixes

--
Best regards,
Dmitry