Commit 95b98f00 authored by Matthew Auld's avatar Matthew Auld Committed by Chris Wilson
Browse files

drm/i915/region: don't leak the object on error 



Sanity check the object size before allocating a new gem object.

Fixes: 97d55396 ("drm/i915/region: convert object_create into object_init")
Testcase: igt/gem_create/create-massive
Signed-off-by: default avatarMatthew Auld <matthew.auld@intel.com>
Reviewed-by: default avatarChris Wilson <chris@chris-wilson.co.uk>
Signed-off-by: default avatarChris Wilson <chris@chris-wilson.co.uk>
Link: https://patchwork.freedesktop.org/patch/msgid/20210120104714.112812-1-matthew.auld@intel.com
parent 1e58215f

drivers/gpu/drm/i915/gem/i915_gem_region.c

+4 −4
Original line number Diff line number Diff line
@@ -161,10 +161,6 @@ i915_gem_object_create_region(struct intel_memory_region *mem, 
	GEM_BUG_ON(!size);

	GEM_BUG_ON(!IS_ALIGNED(size, I915_GTT_MIN_ALIGNMENT));



	obj = i915_gem_object_alloc();

	if (!obj)

		return ERR_PTR(-ENOMEM);



	/*

	 * XXX: There is a prevalence of the assumption that we fit the

	 * object's page count inside a 32bit _signed_ variable. Let's document
@@ -178,6 +174,10 @@ i915_gem_object_create_region(struct intel_memory_region *mem, 
	if (overflows_type(size, obj->base.size))

		return ERR_PTR(-E2BIG);



	obj = i915_gem_object_alloc();

	if (!obj)

		return ERR_PTR(-ENOMEM);



	err = mem->ops->init_object(mem, obj, size, flags);

	if (err)

		goto err_object_free;