Re: [PATCH] drm/xen: fix potential memleak in error branch

From: Oleksandr Andrushchenko
Date: Mon Nov 15 2021 - 09:05:03 EST


Hi, Bernard!

On 15.11.21 05:45, Bernard Zhao wrote:
> In function xen_drm_front_gem_import_sg_table, if in error branch,
> there maybe potential memleak if not call gem_free_pages_array.
>
> Signed-off-by: Bernard Zhao <bernard@xxxxxxxx>
> ---
> drivers/gpu/drm/xen/xen_drm_front_gem.c | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/gpu/drm/xen/xen_drm_front_gem.c b/drivers/gpu/drm/xen/xen_drm_front_gem.c
> index b293c67230ef..732c3eec0666 100644
> --- a/drivers/gpu/drm/xen/xen_drm_front_gem.c
> +++ b/drivers/gpu/drm/xen/xen_drm_front_gem.c
> @@ -222,15 +222,19 @@ xen_drm_front_gem_import_sg_table(struct drm_device *dev,
>
> ret = drm_prime_sg_to_page_array(sgt, xen_obj->pages,
> xen_obj->num_pages);
> - if (ret < 0)
> + if (ret < 0) {
> + gem_free_pages_array(xen_obj);
> return ERR_PTR(ret);
> + }
This will be deleted on the fail path of the import by removing the GEM
object, so xen_drm_front_gem_free_object_unlocked will take care of this
>
> ret = xen_drm_front_dbuf_create(drm_info->front_info,
> xen_drm_front_dbuf_to_cookie(&xen_obj->base),
> 0, 0, 0, size, sgt->sgl->offset,
> xen_obj->pages);
> - if (ret < 0)
> + if (ret < 0) {
> + gem_free_pages_array(xen_obj);
> return ERR_PTR(ret);
> + }
>
> DRM_DEBUG("Imported buffer of size %zu with nents %u\n",
> size, sgt->orig_nents);
Thank you,
Oleksandr