From 9fbeb06e0aa7e69c7fd009423489de69c53976b1 Mon Sep 17 00:00:00 2001 From: jsg Date: Thu, 19 Sep 2024 04:19:44 +0000 Subject: [PATCH] drm/syncobj: Fix syncobj leak in drm_syncobj_eventfd_ioctl From T.J. Mercier 8e1ffb257982974352e9153eddcbaf01f949f700 in linux-6.6.y/6.6.52 8c7c44be57672e1474bf15a451011c291e85fda4 in mainline linux --- sys/dev/pci/drm/drm_syncobj.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/sys/dev/pci/drm/drm_syncobj.c b/sys/dev/pci/drm/drm_syncobj.c index 841bc90810e..8a5c553ae9e 100644 --- a/sys/dev/pci/drm/drm_syncobj.c +++ b/sys/dev/pci/drm/drm_syncobj.c @@ -1489,6 +1489,7 @@ drm_syncobj_eventfd_ioctl(struct drm_device *dev, void *data, struct drm_syncobj *syncobj; struct eventfd_ctx *ev_fd_ctx; struct syncobj_eventfd_entry *entry; + int ret; if (!drm_core_check_feature(dev, DRIVER_SYNCOBJ_TIMELINE)) return -EOPNOTSUPP; @@ -1504,13 +1505,15 @@ drm_syncobj_eventfd_ioctl(struct drm_device *dev, void *data, return -ENOENT; ev_fd_ctx = eventfd_ctx_fdget(args->fd); - if (IS_ERR(ev_fd_ctx)) - return PTR_ERR(ev_fd_ctx); + if (IS_ERR(ev_fd_ctx)) { + ret = PTR_ERR(ev_fd_ctx); + goto err_fdget; + } entry = kzalloc(sizeof(*entry), GFP_KERNEL); if (!entry) { - eventfd_ctx_put(ev_fd_ctx); - return -ENOMEM; + ret = -ENOMEM; + goto err_kzalloc; } entry->syncobj = syncobj; entry->ev_fd_ctx = ev_fd_ctx; @@ -1521,6 +1524,12 @@ drm_syncobj_eventfd_ioctl(struct drm_device *dev, void *data, drm_syncobj_put(syncobj); return 0; + +err_kzalloc: + eventfd_ctx_put(ev_fd_ctx); +err_fdget: + drm_syncobj_put(syncobj); + return ret; #endif } -- 2.20.1