github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-05-27 00:22:00 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph

drm/gem: Fix a GEM leak in drm_gem_get_unmapped_area()

Browse Source 
drm_gem_object_lookup_at_offset() can return a valid object with
filp or filp->f_op->get_unmapped_area set to NULL. Make sure we still
release the ref we acquired on such objects.

Cc: Loïc Molinari <loic.molinari@collabora.com>
Fixes: 99bda20d6d ("drm/gem: Introduce drm_gem_get_unmapped_area() fop")
Reviewed-by: Loïc Molinari <loic.molinari@collabora.com>
Link: https://patch.msgid.link/20260106164935.409765-1-boris.brezillon@collabora.com
Signed-off-by: Boris Brezillon <boris.brezillon@collabora.com>
This commit is contained in:
Boris Brezillon 2026-01-06 17:49:35 +01:00
parent 0244539f9a
commit 5f8d6f29c5
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
drivers/gpu/drm/drm_gem.c
View File

@ -1298,11 +1298,13 @@ unsigned long drm_gem_get_unmapped_area(struct file *filp, unsigned long uaddr,
unsigned long ret;
obj = drm_gem_object_lookup_at_offset(filp, pgoff, len >> PAGE_SHIFT);
if (IS_ERR(obj) || !obj->filp || !obj->filp->f_op->get_unmapped_area)
return mm_get_unmapped_area(filp, uaddr, len, 0, flags);
if (IS_ERR(obj))
obj = NULL;
ret = obj->filp->f_op->get_unmapped_area(obj->filp, uaddr, len, 0,
flags);
if (!obj || !obj->filp || !obj->filp->f_op->get_unmapped_area)
ret = mm_get_unmapped_area(filp, uaddr, len, 0, flags);
else
ret = obj->filp->f_op->get_unmapped_area(obj->filp, uaddr, len, 0, flags);
drm_gem_object_put(obj);