drm/syncobj: Fix syncobj leak in drm_syncobj_eventfd_ioctl
authorjsg <jsg@openbsd.org>
Thu, 19 Sep 2024 04:19:44 +0000 (04:19 +0000)
committerjsg <jsg@openbsd.org>
Thu, 19 Sep 2024 04:19:44 +0000 (04:19 +0000)
From T.J. Mercier
8e1ffb257982974352e9153eddcbaf01f949f700 in linux-6.6.y/6.6.52
8c7c44be57672e1474bf15a451011c291e85fda4 in mainline linux

sys/dev/pci/drm/drm_syncobj.c

index 841bc90..8a5c553 100644 (file)
@@ -1489,6 +1489,7 @@ drm_syncobj_eventfd_ioctl(struct drm_device *dev, void *data,
        struct drm_syncobj *syncobj;
        struct eventfd_ctx *ev_fd_ctx;
        struct syncobj_eventfd_entry *entry;
+       int ret;
 
        if (!drm_core_check_feature(dev, DRIVER_SYNCOBJ_TIMELINE))
                return -EOPNOTSUPP;
@@ -1504,13 +1505,15 @@ drm_syncobj_eventfd_ioctl(struct drm_device *dev, void *data,
                return -ENOENT;
 
        ev_fd_ctx = eventfd_ctx_fdget(args->fd);
-       if (IS_ERR(ev_fd_ctx))
-               return PTR_ERR(ev_fd_ctx);
+       if (IS_ERR(ev_fd_ctx)) {
+               ret = PTR_ERR(ev_fd_ctx);
+               goto err_fdget;
+       }
 
        entry = kzalloc(sizeof(*entry), GFP_KERNEL);
        if (!entry) {
-               eventfd_ctx_put(ev_fd_ctx);
-               return -ENOMEM;
+               ret = -ENOMEM;
+               goto err_kzalloc;
        }
        entry->syncobj = syncobj;
        entry->ev_fd_ctx = ev_fd_ctx;
@@ -1521,6 +1524,12 @@ drm_syncobj_eventfd_ioctl(struct drm_device *dev, void *data,
        drm_syncobj_put(syncobj);
 
        return 0;
+
+err_kzalloc:
+       eventfd_ctx_put(ev_fd_ctx);
+err_fdget:
+       drm_syncobj_put(syncobj);
+       return ret;
 #endif
 }