[PATCH] drm/xen: fix potential memleak in error branch

Oleksandr Andrushchenko Oleksandr_Andrushchenko at epam.com
Mon Nov 15 14:04:44 UTC 2021


Hi, Bernard!

On 15.11.21 05:45, Bernard Zhao wrote:
> In function xen_drm_front_gem_import_sg_table, if in error branch,
> there maybe potential memleak if not call gem_free_pages_array.
>
> Signed-off-by: Bernard Zhao <bernard at vivo.com>
> ---
>   drivers/gpu/drm/xen/xen_drm_front_gem.c | 8 ++++++--
>   1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/gpu/drm/xen/xen_drm_front_gem.c b/drivers/gpu/drm/xen/xen_drm_front_gem.c
> index b293c67230ef..732c3eec0666 100644
> --- a/drivers/gpu/drm/xen/xen_drm_front_gem.c
> +++ b/drivers/gpu/drm/xen/xen_drm_front_gem.c
> @@ -222,15 +222,19 @@ xen_drm_front_gem_import_sg_table(struct drm_device *dev,
>   
>   	ret = drm_prime_sg_to_page_array(sgt, xen_obj->pages,
>   					 xen_obj->num_pages);
> -	if (ret < 0)
> +	if (ret < 0) {
> +		gem_free_pages_array(xen_obj);
>   		return ERR_PTR(ret);
> +	}
This will be deleted on the fail path of the import by removing the GEM
object, so xen_drm_front_gem_free_object_unlocked will take care of this
>   
>   	ret = xen_drm_front_dbuf_create(drm_info->front_info,
>   					xen_drm_front_dbuf_to_cookie(&xen_obj->base),
>   					0, 0, 0, size, sgt->sgl->offset,
>   					xen_obj->pages);
> -	if (ret < 0)
> +	if (ret < 0) {
> +		gem_free_pages_array(xen_obj);
>   		return ERR_PTR(ret);
> +	}
>   
>   	DRM_DEBUG("Imported buffer of size %zu with nents %u\n",
>   		  size, sgt->orig_nents);
Thank you,
Oleksandr


More information about the dri-devel mailing list