korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-12-04 17:44:14 +08:00
Code Issues Packages Projects Releases Wiki Activity

drm/i915/region: don't leak the object on error

Browse Source 
Sanity check the object size before allocating a new gem object.

Fixes: 97d5539632 ("drm/i915/region: convert object_create into object_init")
Testcase: igt/gem_create/create-massive
Signed-off-by: Matthew Auld <matthew.auld@intel.com>
Reviewed-by: Chris Wilson <chris@chris-wilson.co.uk>
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Link: https://patchwork.freedesktop.org/patch/msgid/20210120104714.112812-1-matthew.auld@intel.com
This commit is contained in:
Matthew Auld 2021-01-20 10:47:14 +00:00 committed by Chris Wilson
parent 1e58215f06
commit 95b98f004f
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
drivers/gpu/drm/i915/gem/i915_gem_region.c
View File

@ -161,10 +161,6 @@ i915_gem_object_create_region(struct intel_memory_region *mem,
GEM_BUG_ON(!size);
GEM_BUG_ON(!IS_ALIGNED(size, I915_GTT_MIN_ALIGNMENT));
obj = i915_gem_object_alloc();
if (!obj)
return ERR_PTR(-ENOMEM);
/*
* XXX: There is a prevalence of the assumption that we fit the
* object's page count inside a 32bit _signed_ variable. Let's document
@ -178,6 +174,10 @@ i915_gem_object_create_region(struct intel_memory_region *mem,
if (overflows_type(size, obj->base.size))
return ERR_PTR(-E2BIG);
obj = i915_gem_object_alloc();
if (!obj)
return ERR_PTR(-ENOMEM);
err = mem->ops->init_object(mem, obj, size, flags);
if (err)
goto err_object_free;