On 24/11/2025 11:20, Steven Price wrote:
> When vmemdup_array_user() fails, 'handles' is set to a negative error
> code and no memory is allocated. So the call to kvfree() should not
> happen. Instead just return early with the error code.
>
> Fixes: cb77b79abf5f ("drm/gem: Use vmemdup_array_user in
> drm_gem_objects_lookup")
> Signed-off-by: Steven Price <[email protected]>
Applied to drm-misc-next.
> ---
> drivers/gpu/drm/drm_gem.c | 7 ++-----
> 1 file changed, 2 insertions(+), 5 deletions(-)
>
> diff --git a/drivers/gpu/drm/drm_gem.c b/drivers/gpu/drm/drm_gem.c
> index 68168d58a7c8..efc79bbf3c73 100644
> --- a/drivers/gpu/drm/drm_gem.c
> +++ b/drivers/gpu/drm/drm_gem.c
> @@ -798,13 +798,10 @@ int drm_gem_objects_lookup(struct drm_file *filp, void
> __user *bo_handles,
> *objs_out = objs;
>
> handles = vmemdup_array_user(bo_handles, count, sizeof(u32));
> - if (IS_ERR(handles)) {
> - ret = PTR_ERR(handles);
> - goto out;
> - }
> + if (IS_ERR(handles))
> + return PTR_ERR(handles);
>
> ret = objects_lookup(filp, handles, count, objs);
> -out:
> kvfree(handles);
> return ret;
>
