From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 2F702D185F1 for ; Thu, 8 Jan 2026 13:31:33 +0000 (UTC) Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id 9441510E714; Thu, 8 Jan 2026 13:31:32 +0000 (UTC) Authentication-Results: gabe.freedesktop.org; dkim=pass (2048-bit key; unprotected) header.d=collabora.com header.i=@collabora.com header.b="JwC8Iw5I"; dkim-atps=neutral Received: from bali.collaboradmins.com (bali.collaboradmins.com [148.251.105.195]) by gabe.freedesktop.org (Postfix) with ESMTPS id 0333310E714 for ; Thu, 8 Jan 2026 13:31:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=collabora.com; s=mail; t=1767879089; bh=KOA/NU7Mj3mL2MJ8fU+gUxFhPyQ1xRDQpyB4lWoJ7bo=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=JwC8Iw5IVRoRo6q2JwKFU207A4z4xv2mOKmJRq4eAvCbsrBXw7XfEmVDeqguSI6bL XOfKKJw/6BTwsXhhhgxqWtTkCmjYmc8sxc1xg9s2aCsRymoNsdVCJln2z0Ct6Bz3+W 1VHKgBXUEjTjJ5ueIOhWXviTkJZ7uXbHhEsUBWUoAn/iPWYLvg/3bRgMUwbo6XRI1h /JEMhyzAuiR7/yGfpg3F5wBMaZ8x4weDCo4W1BH6C9lUCG0mslDq97dJSMAA6PUe4i DNd1O289ZlT70lxWnT8k4f1Y1blYgxiQ0e0TJaentCWyIkyjCzI6MgWsuvCEidPcRX /VQypRRrs2PZA== Received: from fedora (unknown [IPv6:2a01:e0a:2c:6930:d919:a6e:5ea1:8a9f]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (prime256v1) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: bbrezillon) by bali.collaboradmins.com (Postfix) with ESMTPSA id 473E017E1214; Thu, 8 Jan 2026 14:31:29 +0100 (CET) Date: Thu, 8 Jan 2026 14:31:22 +0100 From: Boris Brezillon To: =?UTF-8?B?TG/Dr2M=?= Molinari Cc: dri-devel@lists.freedesktop.org, David Airlie , Simona Vetter , Maarten Lankhorst , Maxime Ripard , Thomas Zimmermann , kernel@collabora.com Subject: Re: [PATCH] drm/gem: Fix a GEM leak in drm_gem_get_unmapped_area() Message-ID: <20260108143122.41af011b@fedora> In-Reply-To: <5e012ec2-ed8a-4195-8486-f5038c430f82@collabora.com> References: <20260106164935.409765-1-boris.brezillon@collabora.com> <5e012ec2-ed8a-4195-8486-f5038c430f82@collabora.com> Organization: Collabora X-Mailer: Claws Mail 4.3.1 (GTK 3.24.51; x86_64-redhat-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: dri-devel@lists.freedesktop.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Direct Rendering Infrastructure - Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dri-devel-bounces@lists.freedesktop.org Sender: "dri-devel" On Thu, 8 Jan 2026 14:18:26 +0100 Lo=C3=AFc Molinari wrote: > Hi Boris, >=20 > On 06/01/2026 17:49, Boris Brezillon wrote: > > drm_gem_object_lookup_at_offset() can return a valid object with > > filp or filp->f_op->get_unmapped_area set to NULL. Make sure we still > > release the ref we acquired on such objects. > >=20 > > Cc: Lo=C3=AFc Molinari > > Fixes: 99bda20d6d4c ("drm/gem: Introduce drm_gem_get_unmapped_area() fo= p") > > Signed-off-by: Boris Brezillon > > --- > > drivers/gpu/drm/drm_gem.c | 10 ++++++---- > > 1 file changed, 6 insertions(+), 4 deletions(-) > >=20 > > diff --git a/drivers/gpu/drm/drm_gem.c b/drivers/gpu/drm/drm_gem.c > > index 36c8af123877..f7cbf6e8d1e0 100644 > > --- a/drivers/gpu/drm/drm_gem.c > > +++ b/drivers/gpu/drm/drm_gem.c > > @@ -1298,11 +1298,13 @@ unsigned long drm_gem_get_unmapped_area(struct = file *filp, unsigned long uaddr, > > unsigned long ret; > > =20 > > obj =3D drm_gem_object_lookup_at_offset(filp, pgoff, len >> PAGE_SHI= FT); > > - if (IS_ERR(obj) || !obj->filp || !obj->filp->f_op->get_unmapped_area) > > - return mm_get_unmapped_area(filp, uaddr, len, 0, flags); > > + if (IS_ERR(obj)) > > + obj =3D NULL; > > =20 > > - ret =3D obj->filp->f_op->get_unmapped_area(obj->filp, uaddr, len, 0, > > - flags); > > + if (!obj || !obj->filp || !obj->filp->f_op->get_unmapped_area) > > + ret =3D mm_get_unmapped_area(filp, uaddr, len, 0, flags); > > + else > > + ret =3D obj->filp->f_op->get_unmapped_area(obj->filp, uaddr, len, 0,= flags); =20 >=20 > Apart maybe for this line exceeding 80 chars: The limit has been bumped to 100 chars a while ago (checkpatch --strict didn't complain), and for these single statements inside conditional blocks, I prefer to have them on a single line when I can because otherwise I tend to add curly braces to clearly flag the end of each conditional block. >=20 > Reviewed-by: Lo=C3=AFc Molinari Thanks!