drm/etnaviv: fix reference leak when mmaping imported buffer

drm_gem_prime_mmap() takes a reference on the GEM object, but before that
drm_gem_mmap_obj() already takes a reference, which will be leaked as only
one reference is dropped when the mapping is closed. Drop the extra
reference when dma_buf_mmap() succeeds.

Cc: stable@vger.kernel.org
Signed-off-by: Lucas Stach <l.stach@pengutronix.de>
Reviewed-by: Christian Gmeiner <christian.gmeiner@gmail.com>

diff --git a/drivers/gpu/drm/etnaviv/etnaviv_gem_prime.c b/drivers/gpu/drm/etnaviv/etnaviv_gem_prime.c
index 7031db1..3524b58 100644 (file)
--- a/drivers/gpu/drm/etnaviv/etnaviv_gem_prime.c
+++ b/drivers/gpu/drm/etnaviv/etnaviv_gem_prime.c
@@ -91,7 +91,15 @@ static void *etnaviv_gem_prime_vmap_impl(struct etnaviv_gem_object *etnaviv_obj)
 static int etnaviv_gem_prime_mmap_obj(struct etnaviv_gem_object *etnaviv_obj,
                struct vm_area_struct *vma)
 {
-       return dma_buf_mmap(etnaviv_obj->base.dma_buf, vma, 0);
+       int ret;
+
+       ret = dma_buf_mmap(etnaviv_obj->base.dma_buf, vma, 0);
+       if (!ret) {
+               /* Drop the reference acquired by drm_gem_mmap_obj(). */
+               drm_gem_object_put(&etnaviv_obj->base);
+       }
+
+       return ret;
 }
 
 static const struct etnaviv_gem_ops etnaviv_gem_prime_ops = {