[PATCH 1/2] drm: Fix memory leak at error path of drm_read()
Chris Wilson
chris at chris-wilson.co.uk
Thu Dec 4 03:51:14 PST 2014
On Thu, Dec 04, 2014 at 11:56:42AM +0100, Takashi Iwai wrote:
> Signed-off-by: Takashi Iwai <tiwai at suse.de>
> ---
> drivers/gpu/drm/drm_fops.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/drivers/gpu/drm/drm_fops.c b/drivers/gpu/drm/drm_fops.c
> index ed7bc68f7e87..a82dc28d54f3 100644
> --- a/drivers/gpu/drm/drm_fops.c
> +++ b/drivers/gpu/drm/drm_fops.c
> @@ -525,6 +525,7 @@ ssize_t drm_read(struct file *filp, char __user *buffer,
> if (copy_to_user(buffer + total,
> e->event, e->event->length)) {
> total = -EFAULT;
> + e->destroy(e);
We shouldn't just be throwing away the event here, but put the event
back at the front of the queue. Poses an interesting race issue. Seems
like we want to hold the spinlock until the copy is complete so that we
can fix up the failure correctly.
-Chris
--
Chris Wilson, Intel Open Source Technology Centre
More information about the dri-devel
mailing list