On Thu, 8 Jan 2026 14:18:26 +0100 Loïc Molinari <[email protected]> wrote:
> Hi Boris, > > On 06/01/2026 17:49, Boris Brezillon wrote: > > drm_gem_object_lookup_at_offset() can return a valid object with > > filp or filp->f_op->get_unmapped_area set to NULL. Make sure we still > > release the ref we acquired on such objects. > > > > Cc: Loïc Molinari <[email protected]> > > Fixes: 99bda20d6d4c ("drm/gem: Introduce drm_gem_get_unmapped_area() fop") > > Signed-off-by: Boris Brezillon <[email protected]> > > --- > > drivers/gpu/drm/drm_gem.c | 10 ++++++---- > > 1 file changed, 6 insertions(+), 4 deletions(-) > > > > diff --git a/drivers/gpu/drm/drm_gem.c b/drivers/gpu/drm/drm_gem.c > > index 36c8af123877..f7cbf6e8d1e0 100644 > > --- a/drivers/gpu/drm/drm_gem.c > > +++ b/drivers/gpu/drm/drm_gem.c > > @@ -1298,11 +1298,13 @@ unsigned long drm_gem_get_unmapped_area(struct file > > *filp, unsigned long uaddr, > > unsigned long ret; > > > > obj = drm_gem_object_lookup_at_offset(filp, pgoff, len >> PAGE_SHIFT); > > - if (IS_ERR(obj) || !obj->filp || !obj->filp->f_op->get_unmapped_area) > > - return mm_get_unmapped_area(filp, uaddr, len, 0, flags); > > + if (IS_ERR(obj)) > > + obj = NULL; > > > > - ret = obj->filp->f_op->get_unmapped_area(obj->filp, uaddr, len, 0, > > - flags); > > + if (!obj || !obj->filp || !obj->filp->f_op->get_unmapped_area) > > + ret = mm_get_unmapped_area(filp, uaddr, len, 0, flags); > > + else > > + ret = obj->filp->f_op->get_unmapped_area(obj->filp, uaddr, len, > > 0, flags); > > Apart maybe for this line exceeding 80 chars: The limit has been bumped to 100 chars a while ago (checkpatch --strict didn't complain), and for these single statements inside conditional blocks, I prefer to have them on a single line when I can because otherwise I tend to add curly braces to clearly flag the end of each conditional block. > > Reviewed-by: Loïc Molinari <[email protected]> Thanks!
