This code will Oops when it tries to i915_gem_object_free(obj) because
"obj" is an error pointer.
Fixes: 97d553963250 ("drm/i915/region: convert object_create into object_init")
Signed-off-by: Dan Carpenter <[email protected]>
---
drivers/gpu/drm/i915/gem/i915_gem_stolen.c | 12 ++++--------
1 file changed, 4 insertions(+), 8 deletions(-)
diff --git a/drivers/gpu/drm/i915/gem/i915_gem_stolen.c
b/drivers/gpu/drm/i915/gem/i915_gem_stolen.c
index 551935348ad8..a1e197a6e999 100644
--- a/drivers/gpu/drm/i915/gem/i915_gem_stolen.c
+++ b/drivers/gpu/drm/i915/gem/i915_gem_stolen.c
@@ -753,22 +753,18 @@ i915_gem_object_create_stolen_for_preallocated(struct
drm_i915_private *i915,
mutex_lock(&i915->mm.stolen_lock);
ret = drm_mm_reserve_node(&i915->mm.stolen, stolen);
mutex_unlock(&i915->mm.stolen_lock);
- if (ret) {
- obj = ERR_PTR(ret);
+ if (ret)
goto err_free;
- }
obj = i915_gem_object_alloc();
if (!obj) {
- obj = ERR_PTR(-ENOMEM);
+ ret = -ENOMEM;
goto err_stolen;
}
ret = __i915_gem_object_create_stolen(mem, obj, stolen);
- if (ret) {
- obj = ERR_PTR(ret);
+ if (ret)
goto err_object_free;
- }
i915_gem_object_set_cache_coherency(obj, I915_CACHE_NONE);
return obj;
@@ -779,7 +775,7 @@ i915_gem_object_create_stolen_for_preallocated(struct
drm_i915_private *i915,
i915_gem_stolen_remove_node(i915, stolen);
err_free:
kfree(stolen);
- return obj;
+ return ERR_PTR(ret);
}
bool i915_gem_object_is_stolen(const struct drm_i915_gem_object *obj)
--
2.29.2
_______________________________________________
Intel-gfx mailing list
[email protected]
https://lists.freedesktop.org/mailman/listinfo/intel-gfx
