From: Boris Brezillon <boris.brezillon@collabora.com>
To: "Loïc Molinari" <loic.molinari@collabora.com>
Cc: dri-devel@lists.freedesktop.org, David Airlie <airlied@gmail.com>,
Simona Vetter <simona@ffwll.ch>,
Maarten Lankhorst <maarten.lankhorst@linux.intel.com>,
Maxime Ripard <mripard@kernel.org>,
Thomas Zimmermann <tzimmermann@suse.de>,
kernel@collabora.com
Subject: Re: [PATCH] drm/gem: Fix a GEM leak in drm_gem_get_unmapped_area()
Date: Thu, 8 Jan 2026 14:31:22 +0100 [thread overview]
Message-ID: <20260108143122.41af011b@fedora> (raw)
In-Reply-To: <5e012ec2-ed8a-4195-8486-f5038c430f82@collabora.com>
On Thu, 8 Jan 2026 14:18:26 +0100
Loïc Molinari <loic.molinari@collabora.com> wrote:
> Hi Boris,
>
> On 06/01/2026 17:49, Boris Brezillon wrote:
> > drm_gem_object_lookup_at_offset() can return a valid object with
> > filp or filp->f_op->get_unmapped_area set to NULL. Make sure we still
> > release the ref we acquired on such objects.
> >
> > Cc: Loïc Molinari <loic.molinari@collabora.com>
> > Fixes: 99bda20d6d4c ("drm/gem: Introduce drm_gem_get_unmapped_area() fop")
> > Signed-off-by: Boris Brezillon <boris.brezillon@collabora.com>
> > ---
> > drivers/gpu/drm/drm_gem.c | 10 ++++++----
> > 1 file changed, 6 insertions(+), 4 deletions(-)
> >
> > diff --git a/drivers/gpu/drm/drm_gem.c b/drivers/gpu/drm/drm_gem.c
> > index 36c8af123877..f7cbf6e8d1e0 100644
> > --- a/drivers/gpu/drm/drm_gem.c
> > +++ b/drivers/gpu/drm/drm_gem.c
> > @@ -1298,11 +1298,13 @@ unsigned long drm_gem_get_unmapped_area(struct file *filp, unsigned long uaddr,
> > unsigned long ret;
> >
> > obj = drm_gem_object_lookup_at_offset(filp, pgoff, len >> PAGE_SHIFT);
> > - if (IS_ERR(obj) || !obj->filp || !obj->filp->f_op->get_unmapped_area)
> > - return mm_get_unmapped_area(filp, uaddr, len, 0, flags);
> > + if (IS_ERR(obj))
> > + obj = NULL;
> >
> > - ret = obj->filp->f_op->get_unmapped_area(obj->filp, uaddr, len, 0,
> > - flags);
> > + if (!obj || !obj->filp || !obj->filp->f_op->get_unmapped_area)
> > + ret = mm_get_unmapped_area(filp, uaddr, len, 0, flags);
> > + else
> > + ret = obj->filp->f_op->get_unmapped_area(obj->filp, uaddr, len, 0, flags);
>
> Apart maybe for this line exceeding 80 chars:
The limit has been bumped to 100 chars a while ago (checkpatch --strict
didn't complain), and for these single statements inside conditional
blocks, I prefer to have them on a single line when I can because
otherwise I tend to add curly braces to clearly flag the end of each
conditional block.
>
> Reviewed-by: Loïc Molinari <loic.molinari@collabora.com>
Thanks!
next prev parent reply other threads:[~2026-01-08 13:31 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-06 16:49 [PATCH] drm/gem: Fix a GEM leak in drm_gem_get_unmapped_area() Boris Brezillon
2026-01-07 11:12 ` Boris Brezillon
2026-01-08 13:25 ` Loïc Molinari
2026-01-08 13:43 ` Boris Brezillon
2026-01-08 14:04 ` Loïc Molinari
2026-01-08 14:45 ` Boris Brezillon
2026-01-09 9:42 ` Loïc Molinari
2026-01-09 9:50 ` Boris Brezillon
2026-01-08 13:18 ` Loïc Molinari
2026-01-08 13:31 ` Boris Brezillon [this message]
2026-01-08 14:09 ` Loïc Molinari
2026-01-09 12:02 ` Boris Brezillon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260108143122.41af011b@fedora \
--to=boris.brezillon@collabora.com \
--cc=airlied@gmail.com \
--cc=dri-devel@lists.freedesktop.org \
--cc=kernel@collabora.com \
--cc=loic.molinari@collabora.com \
--cc=maarten.lankhorst@linux.intel.com \
--cc=mripard@kernel.org \
--cc=simona@ffwll.ch \
--cc=tzimmermann@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.