drm_syncobj_find() acquires a syncobj reference on success. The invalid flags check returns -EINVAL without calling drm_syncobj_put, bypassing the out label where the reference would be released. Move the flags check after the NULL check to ensure the reference is properly released.
Suggested-by: Greg KH <[email protected]> Fixes: 18226ba52159 ("drm/syncobj: reject invalid flags in drm_syncobj_find_fence") Cc: [email protected] Signed-off-by: WenTao Liang <[email protected]> --- Changes in v2: - Fix patch format based on reviewer feedback --- drivers/gpu/drm/drm_syncobj.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/drm_syncobj.c b/drivers/gpu/drm/drm_syncobj.c index 8d9fd1917c6e..e40e2d92d5ef 100644 --- a/drivers/gpu/drm/drm_syncobj.c +++ b/drivers/gpu/drm/drm_syncobj.c @@ -442,12 +442,14 @@ int drm_syncobj_find_fence(struct drm_file *file_private, u64 timeout = nsecs_to_jiffies64(DRM_SYNCOBJ_WAIT_FOR_SUBMIT_TIMEOUT); int ret; - if (flags & ~DRM_SYNCOBJ_WAIT_FLAGS_WAIT_FOR_SUBMIT) - return -EINVAL; - if (!syncobj) return -ENOENT; + if (flags & ~DRM_SYNCOBJ_WAIT_FLAGS_WAIT_FOR_SUBMIT) { + drm_syncobj_put(syncobj); + return -EINVAL; + } + /* Waiting for userspace with locks help is illegal cause that can * trivial deadlock with page faults for example. Make lockdep complain * about it early on. -- 2.39.5 (Apple Git-154)
