From 9649399e918f61788a6302a0f7d3c5ed34c2930c Mon Sep 17 00:00:00 2001 From: Chris Wilson Date: Tue, 5 Jan 2016 09:42:30 +0000 Subject: [PATCH] drm: Do not set outparam on error during GEM handle allocation MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Good practice dictates that we do not leak stale information to our callers, and should avoid overwriting an outparam on an error path. Reported-by: Ville Syrjälä Signed-off-by: Chris Wilson Cc: Ville Syrjälä Link: http://patchwork.freedesktop.org/patch/msgid/1451986951-3703-1-git-send-email-chris@chris-wilson.co.uk Reviewed-by: Thierry Reding Signed-off-by: Daniel Vetter --- drivers/gpu/drm/drm_gem.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/drm_gem.c b/drivers/gpu/drm/drm_gem.c index 1b0c2c127072..eeee320e406b 100644 --- a/drivers/gpu/drm/drm_gem.c +++ b/drivers/gpu/drm/drm_gem.c @@ -331,6 +331,7 @@ drm_gem_handle_create_tail(struct drm_file *file_priv, u32 *handlep) { struct drm_device *dev = obj->dev; + u32 handle; int ret; WARN_ON(!mutex_is_locked(&dev->object_name_lock)); @@ -353,7 +354,7 @@ drm_gem_handle_create_tail(struct drm_file *file_priv, if (ret < 0) goto err_unref; - *handlep = ret; + handle = ret; ret = drm_vma_node_allow(&obj->vma_node, file_priv->filp); if (ret) @@ -365,13 +366,14 @@ drm_gem_handle_create_tail(struct drm_file *file_priv, goto err_revoke; } + *handlep = handle; return 0; err_revoke: drm_vma_node_revoke(&obj->vma_node, file_priv->filp); err_remove: spin_lock(&file_priv->table_lock); - idr_remove(&file_priv->object_idr, *handlep); + idr_remove(&file_priv->object_idr, handle); spin_unlock(&file_priv->table_lock); err_unref: drm_gem_object_handle_unreference_unlocked(obj); -- 2.20.1