On 24/11/2025 11:20, Steven Price wrote:
When vmemdup_array_user() fails, 'handles' is set to a negative error code and no memory is allocated. So the call to kvfree() should not happen. Instead just return early with the error code.
Ah sorry about that. Must have mentally confused the two allocations. Reviewed-by: Tvrtko Ursulin <[email protected]> Regards, Tvrtko
Fixes: cb77b79abf5f ("drm/gem: Use vmemdup_array_user in drm_gem_objects_lookup") Signed-off-by: Steven Price <[email protected]> --- drivers/gpu/drm/drm_gem.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/drivers/gpu/drm/drm_gem.c b/drivers/gpu/drm/drm_gem.c index 68168d58a7c8..efc79bbf3c73 100644 --- a/drivers/gpu/drm/drm_gem.c +++ b/drivers/gpu/drm/drm_gem.c @@ -798,13 +798,10 @@ int drm_gem_objects_lookup(struct drm_file *filp, void __user *bo_handles, *objs_out = objs;handles = vmemdup_array_user(bo_handles, count, sizeof(u32));- if (IS_ERR(handles)) { - ret = PTR_ERR(handles); - goto out; - } + if (IS_ERR(handles)) + return PTR_ERR(handles);ret = objects_lookup(filp, handles, count, objs);-out: kvfree(handles); return ret;
