Commit 554d7fa2 authored by Ben Hutchings's avatar Ben Hutchings Committed by Khalid Elmously

drm/msm: Fix possible null dereference on failure of get_pages()

BugLink: https://bugs.launchpad.net/bugs/1883917

commit 3976626e upstream.

Commit 62e3a3e3 changed get_pages() to initialise
msm_gem_object::pages before trying to initialise msm_gem_object::sgt,
so that put_pages() would properly clean up pages in the failure
case.

However, this means that put_pages() now needs to check that
msm_gem_object::sgt is not null before trying to clean it up, and
this check was only applied to part of the cleanup code.  Move
it all into the conditional block.  (Strictly speaking we don't
need to make the kfree() conditional, but since we can't avoid
checking for null ourselves we may as well do so.)

Fixes: 62e3a3e3 ("drm/msm: fix leak in failed get_pages")
Signed-off-by: default avatarBen Hutchings <ben.hutchings@codethink.co.uk>
Reviewed-by: default avatarJordan Crouse <jcrouse@codeaurora.org>
Signed-off-by: default avatarRob Clark <robdclark@gmail.com>
Cc: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarKamal Mostafa <kamal@canonical.com>
Signed-off-by: default avatarKhalid Elmously <khalid.elmously@canonical.com>
parent b48b0167
...@@ -116,17 +116,19 @@ static void put_pages(struct drm_gem_object *obj) ...@@ -116,17 +116,19 @@ static void put_pages(struct drm_gem_object *obj)
struct msm_gem_object *msm_obj = to_msm_bo(obj); struct msm_gem_object *msm_obj = to_msm_bo(obj);
if (msm_obj->pages) { if (msm_obj->pages) {
/* For non-cached buffers, ensure the new pages are clean if (msm_obj->sgt) {
* because display controller, GPU, etc. are not coherent: /* For non-cached buffers, ensure the new
*/ * pages are clean because display controller,
if (msm_obj->flags & (MSM_BO_WC|MSM_BO_UNCACHED)) * GPU, etc. are not coherent:
dma_unmap_sg(obj->dev->dev, msm_obj->sgt->sgl, */
msm_obj->sgt->nents, DMA_BIDIRECTIONAL); if (msm_obj->flags & (MSM_BO_WC|MSM_BO_UNCACHED))
dma_unmap_sg(obj->dev->dev, msm_obj->sgt->sgl,
msm_obj->sgt->nents,
DMA_BIDIRECTIONAL);
if (msm_obj->sgt)
sg_free_table(msm_obj->sgt); sg_free_table(msm_obj->sgt);
kfree(msm_obj->sgt);
kfree(msm_obj->sgt); }
if (use_pages(obj)) if (use_pages(obj))
drm_gem_put_pages(obj, msm_obj->pages, true, false); drm_gem_put_pages(obj, msm_obj->pages, true, false);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment