From 95b98f004f9d9ad240867ddbb7b3eb38a3471828 Mon Sep 17 00:00:00 2001 From: Matthew Auld Date: Wed, 20 Jan 2021 10:47:14 +0000 Subject: [PATCH] drm/i915/region: don't leak the object on error Sanity check the object size before allocating a new gem object. Fixes: 97d553963250 ("drm/i915/region: convert object_create into object_init") Testcase: igt/gem_create/create-massive Signed-off-by: Matthew Auld Reviewed-by: Chris Wilson Signed-off-by: Chris Wilson Link: https://patchwork.freedesktop.org/patch/msgid/20210120104714.112812-1-matthew.auld@intel.com --- drivers/gpu/drm/i915/gem/i915_gem_region.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/i915/gem/i915_gem_region.c b/drivers/gpu/drm/i915/gem/i915_gem_region.c index 4834a0b2..3e3dad2 100644 --- a/drivers/gpu/drm/i915/gem/i915_gem_region.c +++ b/drivers/gpu/drm/i915/gem/i915_gem_region.c @@ -161,10 +161,6 @@ i915_gem_object_create_region(struct intel_memory_region *mem, GEM_BUG_ON(!size); GEM_BUG_ON(!IS_ALIGNED(size, I915_GTT_MIN_ALIGNMENT)); - obj = i915_gem_object_alloc(); - if (!obj) - return ERR_PTR(-ENOMEM); - /* * XXX: There is a prevalence of the assumption that we fit the * object's page count inside a 32bit _signed_ variable. Let's document @@ -178,6 +174,10 @@ i915_gem_object_create_region(struct intel_memory_region *mem, if (overflows_type(size, obj->base.size)) return ERR_PTR(-E2BIG); + obj = i915_gem_object_alloc(); + if (!obj) + return ERR_PTR(-ENOMEM); + err = mem->ops->init_object(mem, obj, size, flags); if (err) goto err_object_free; -- 2.7.4