Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
drm/gem: Fix a GEM leak in drm_gem_get_unmapped_area()
drm_gem_object_lookup_at_offset() can return a valid object with
filp or filp->f_op->get_unmapped_area set to NULL. Make sure we still
release the ref we acquired on such objects.
Cc: Loïc Molinari <loic.molinari@collabora.com>
Fixes: 99bda20d6d4c ("drm/gem: Introduce drm_gem_get_unmapped_area() fop")
Reviewed-by: Loïc Molinari <loic.molinari@collabora.com>
Link: https://patch.msgid.link/20260106164935.409765-1-boris.brezillon@collabora.com
Signed-off-by: Boris Brezillon <boris.brezillon@collabora.com>
+6
-4
+6
-4
drivers/gpu/drm/drm_gem.c
+6
-4
drivers/gpu/drm/drm_gem.c
···
1298
1298
unsigned long ret;
1299
1299
1300
1300
obj = drm_gem_object_lookup_at_offset(filp, pgoff, len >> PAGE_SHIFT);
1301
-
if (IS_ERR(obj) || !obj->filp || !obj->filp->f_op->get_unmapped_area)
1302
-
return mm_get_unmapped_area(filp, uaddr, len, 0, flags);
1301
+
if (IS_ERR(obj))
1302
+
obj = NULL;
1303
1303
1304
-
ret = obj->filp->f_op->get_unmapped_area(obj->filp, uaddr, len, 0,
1305
-
flags);
1304
+
if (!obj || !obj->filp || !obj->filp->f_op->get_unmapped_area)
1305
+
ret = mm_get_unmapped_area(filp, uaddr, len, 0, flags);
1306
+
else
1307
+
ret = obj->filp->f_op->get_unmapped_area(obj->filp, uaddr, len, 0, flags);
1306
1308
1307
1309
drm_gem_object_put(obj);
1308
1310