| Message ID | 20210120104714.112812-1-matthew.auld@intel.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | drm/i915/region: don't leak the object on error | expand |
Quoting Matthew Auld (2021-01-20 10:47:14) > Sanity check the object size before allocating a new gem object. > > Fixes: 97d553963250 ("drm/i915/region: convert object_create into object_init") > Signed-off-by: Matthew Auld <matthew.auld@intel.com> > --- > drivers/gpu/drm/i915/gem/i915_gem_region.c | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) > > diff --git a/drivers/gpu/drm/i915/gem/i915_gem_region.c b/drivers/gpu/drm/i915/gem/i915_gem_region.c > index 4834a0b272f4..3e3dad22a683 100644 > --- a/drivers/gpu/drm/i915/gem/i915_gem_region.c > +++ b/drivers/gpu/drm/i915/gem/i915_gem_region.c > @@ -161,10 +161,6 @@ i915_gem_object_create_region(struct intel_memory_region *mem, > GEM_BUG_ON(!size); > GEM_BUG_ON(!IS_ALIGNED(size, I915_GTT_MIN_ALIGNMENT)); > > - obj = i915_gem_object_alloc(); > - if (!obj) > - return ERR_PTR(-ENOMEM); > - > /* > * XXX: There is a prevalence of the assumption that we fit the > * object's page count inside a 32bit _signed_ variable. Let's document > @@ -178,6 +174,10 @@ i915_gem_object_create_region(struct intel_memory_region *mem, > if (overflows_type(size, obj->base.size)) > return ERR_PTR(-E2BIG); > > + obj = i915_gem_object_alloc(); > + if (!obj) > + return ERR_PTR(-ENOMEM); My bad, I should have checked. It does remind me we really should drop the INT_MAX << PAGE_SHIFT rejection at some point. Ok, that was the only slip all the others have their parameter checking before the alloc, with the few error paths that are after the alloc doing cleanup. Reviewed-by: Chris Wilson <chris@chris-wilson.co.uk> -Chris
diff --git a/drivers/gpu/drm/i915/gem/i915_gem_region.c b/drivers/gpu/drm/i915/gem/i915_gem_region.c index 4834a0b272f4..3e3dad22a683 100644 --- a/drivers/gpu/drm/i915/gem/i915_gem_region.c +++ b/drivers/gpu/drm/i915/gem/i915_gem_region.c @@ -161,10 +161,6 @@ i915_gem_object_create_region(struct intel_memory_region *mem, GEM_BUG_ON(!size); GEM_BUG_ON(!IS_ALIGNED(size, I915_GTT_MIN_ALIGNMENT)); - obj = i915_gem_object_alloc(); - if (!obj) - return ERR_PTR(-ENOMEM); - /* * XXX: There is a prevalence of the assumption that we fit the * object's page count inside a 32bit _signed_ variable. Let's document @@ -178,6 +174,10 @@ i915_gem_object_create_region(struct intel_memory_region *mem, if (overflows_type(size, obj->base.size)) return ERR_PTR(-E2BIG); + obj = i915_gem_object_alloc(); + if (!obj) + return ERR_PTR(-ENOMEM); + err = mem->ops->init_object(mem, obj, size, flags); if (err) goto err_object_free;
Sanity check the object size before allocating a new gem object. Fixes: 97d553963250 ("drm/i915/region: convert object_create into object_init") Signed-off-by: Matthew Auld <matthew.auld@intel.com> --- drivers/gpu/drm/i915/gem/i915_gem_region.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)