drm/msm: fix leak in failed get_pages
authorPrakash Kamliya <pkamliya@codeaurora.org>
Mon, 4 Dec 2017 13:40:15 +0000 (19:10 +0530)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Sat, 24 Mar 2018 10:01:22 +0000 (11:01 +0100)
[ Upstream commit 62e3a3e342af3c313ab38603811ecdb1fcc79edb ]

get_pages doesn't keep a reference of the pages allocated
when it fails later in the code path. This can lead to
a memory leak. Keep reference of the allocated pages so
that it can be freed when msm_gem_free_object gets called
later during cleanup.

Signed-off-by: Prakash Kamliya <pkamliya@codeaurora.org>
Signed-off-by: Sharat Masetty <smasetty@codeaurora.org>
Signed-off-by: Rob Clark <robdclark@gmail.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/gpu/drm/msm/msm_gem.c

index ea5bb0e1632c69e45e746d8abfb820ba9d540e0b..6e0fb50d0de42f1a5535e5d46fdada518523b1d4 100644 (file)
@@ -93,14 +93,17 @@ static struct page **get_pages(struct drm_gem_object *obj)
                        return p;
                }
 
+               msm_obj->pages = p;
+
                msm_obj->sgt = drm_prime_pages_to_sg(p, npages);
                if (IS_ERR(msm_obj->sgt)) {
+                       void *ptr = ERR_CAST(msm_obj->sgt);
+
                        dev_err(dev->dev, "failed to allocate sgt\n");
-                       return ERR_CAST(msm_obj->sgt);
+                       msm_obj->sgt = NULL;
+                       return ptr;
                }
 
-               msm_obj->pages = p;
-
                /* For non-cached buffers, ensure the new pages are clean
                 * because display controller, GPU, etc. are not coherent:
                 */
@@ -135,7 +138,10 @@ static void put_pages(struct drm_gem_object *obj)
                if (msm_obj->flags & (MSM_BO_WC|MSM_BO_UNCACHED))
                        dma_unmap_sg(obj->dev->dev, msm_obj->sgt->sgl,
                                        msm_obj->sgt->nents, DMA_BIDIRECTIONAL);
-               sg_free_table(msm_obj->sgt);
+
+               if (msm_obj->sgt)
+                       sg_free_table(msm_obj->sgt);
+
                kfree(msm_obj->sgt);
 
                if (use_pages(obj))