Preserve a ttm reference during dumb buffer creation. This keeps the dumb buffer valid for framebuffer usage and fixes all igt tests that use dumb buffers. Also fix ttm_prime_fd_to_handle(), which in the error case was leaking a dma_buf reference. During vmw_prime_fd_to_handle() this function is expected to fail for dumb buffers since the fd is for a gem object, the dma_buf would in turn hold a reference to the dumb buffer gem object and cause a memory leak.
Signed-off-by: Maaz Mombasawala <[email protected]> --- drivers/gpu/drm/vmwgfx/ttm_object.c | 7 +++++-- drivers/gpu/drm/vmwgfx/vmwgfx_surface.c | 5 +++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/vmwgfx/ttm_object.c b/drivers/gpu/drm/vmwgfx/ttm_object.c index 2421b0dd057c..f9042bafdc93 100644 --- a/drivers/gpu/drm/vmwgfx/ttm_object.c +++ b/drivers/gpu/drm/vmwgfx/ttm_object.c @@ -547,14 +547,17 @@ int ttm_prime_fd_to_handle(struct ttm_object_file *tfile, if (IS_ERR(dma_buf)) return PTR_ERR(dma_buf); - if (dma_buf->ops != &tdev->ops) - return -ENOSYS; + if (dma_buf->ops != &tdev->ops) { + ret = -ENOSYS; + goto out; + } prime = (struct ttm_prime_object *) dma_buf->priv; base = &prime->base; *handle = base->handle; ret = ttm_ref_object_add(tfile, base, NULL, false); +out: dma_buf_put(dma_buf); return ret; diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c b/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c index b2d3927b5567..256e7b89daea 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c @@ -2328,11 +2328,12 @@ int vmw_dumb_create(struct drm_file *file_priv, struct vmw_user_surface *usurf = container_of(vbo->dumb_surface, struct vmw_user_surface, srf); usurf->prime.base.refcount_release = NULL; + err: if (res) vmw_resource_unreference(&res); - - ttm_ref_object_base_unref(tfile, arg.rep.handle); + if (ret) + ttm_ref_object_base_unref(tfile, arg.rep.handle); return ret; } -- 2.54.0
