release/5.2.53/drm-msm-fix-potential-memleak-in-error-branch.patch - pub/scm/linux/kernel/git/paulg/longterm-queue-5.2 - Git at Google

 From 944ffbd40a6829cdb381053a3439fac0c21f49c3 Mon Sep 17 00:00:00 2001
 From: Bernard Zhao <bernard@vivo.com>
 Date: Fri, 12 Jun 2020 09:23:49 +0800
 Subject: [PATCH] drm/msm: fix potential memleak in error branch

 commit 177d3819633cd520e3f95df541a04644aab4c657 upstream.

 In function msm_submitqueue_create, the queue is a local
 variable, in return -EINVAL branch, queue didn`t add to ctx`s
 list yet, and also didn`t kfree, this maybe bring in potential
 memleak.

 Signed-off-by: Bernard Zhao <bernard@vivo.com>
 [trivial commit msg fixup]
 Signed-off-by: Rob Clark <robdclark@chromium.org>
 Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>

 diff --git a/drivers/gpu/drm/msm/msm_submitqueue.c b/drivers/gpu/drm/msm/msm_submitqueue.c
 index c70e00e22c4c..5ae5a465d28a 100644
 --- a/drivers/gpu/drm/msm/msm_submitqueue.c
 +++ b/drivers/gpu/drm/msm/msm_submitqueue.c
 @@ -69,8 +69,10 @@ int msm_submitqueue_create(struct drm_device *drm, struct msm_file_private *ctx,
  	queue->flags = flags;

  	if (priv->gpu) {
 -		if (prio >= priv->gpu->nr_rings)
 +		if (prio >= priv->gpu->nr_rings) {
 +			kfree(queue);
  			return -EINVAL;
 +		}

  		queue->prio = prio;
  	}
 --
 2.27.0
	From 944ffbd40a6829cdb381053a3439fac0c21f49c3 Mon Sep 17 00:00:00 2001
	From: Bernard Zhao <bernard@vivo.com>
	Date: Fri, 12 Jun 2020 09:23:49 +0800
	Subject: [PATCH] drm/msm: fix potential memleak in error branch

	commit 177d3819633cd520e3f95df541a04644aab4c657 upstream.

	In function msm_submitqueue_create, the queue is a local
	variable, in return -EINVAL branch, queue didn`t add to ctx`s
	list yet, and also didn`t kfree, this maybe bring in potential
	memleak.

	Signed-off-by: Bernard Zhao <bernard@vivo.com>
	[trivial commit msg fixup]
	Signed-off-by: Rob Clark <robdclark@chromium.org>
	Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>

	diff --git a/drivers/gpu/drm/msm/msm_submitqueue.c b/drivers/gpu/drm/msm/msm_submitqueue.c
	index c70e00e22c4c..5ae5a465d28a 100644
	--- a/drivers/gpu/drm/msm/msm_submitqueue.c
	+++ b/drivers/gpu/drm/msm/msm_submitqueue.c
	@@ -69,8 +69,10 @@ int msm_submitqueue_create(struct drm_device drm, struct msm_file_private ctx,
	queue->flags = flags;

	if (priv->gpu) {
	- if (prio >= priv->gpu->nr_rings)
	+ if (prio >= priv->gpu->nr_rings) {
	+ kfree(queue);
	return -EINVAL;
	+ }

	queue->prio = prio;
	}
	--
	2.27.0