On 2/3/26 04:39, Liang, Prike wrote: >> + ptr = u64_to_user_ptr(wait_info->bo_read_handles); >> + num_read_bo_handles = wait_info->num_bo_read_handles; >> + r = drm_gem_objects_lookup(filp, ptr, num_read_bo_handles, &gobj_read); >> + if (r) >> + goto free_timeline_points; >> + >> + ptr = u64_to_user_ptr(wait_info->bo_write_handles); > > > The gobj_write pointer allocation is missing, and this part also has some > error handling issues. > I’ve drafted an attached patch to address this, which can be added to the end > of this series. > >> + num_write_bo_handles = wait_info->num_bo_write_handles; >> + r = drm_gem_objects_lookup(filp, ptr, num_write_bo_handles, >> + &gobj_write);
The gobj_write pointer is allocated by this call here. We currently need to clean that up, but drm_gem_objects_lookup() should potentially be changed to do that itself. Regards, Christian.
