When v3d_lookup_bos fails to `allocate validated BO pointers`, job->bo_count was already set to args->bo_count, but job->bo points to NULL. In this scenario, we must verify that job->bo is not NULL before iterating on it to proper clean up a job. Also, drm_gem_object_put already checks that the object passed is not NULL, doing the job->bo[i] checker redundant. Signed-off-by: Melissa Wen <mwen@xxxxxxxxxx> --- drivers/gpu/drm/v3d/v3d_gem.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/v3d/v3d_gem.c b/drivers/gpu/drm/v3d/v3d_gem.c index 92bc0faee84f..926bfc7e07fb 100644 --- a/drivers/gpu/drm/v3d/v3d_gem.c +++ b/drivers/gpu/drm/v3d/v3d_gem.c @@ -358,11 +358,11 @@ v3d_job_free(struct kref *ref) struct v3d_job *job = container_of(ref, struct v3d_job, refcount); int i; - for (i = 0; i < job->bo_count; i++) { - if (job->bo[i]) + if (job->bo) { + for (i = 0; i < job->bo_count; i++) drm_gem_object_put(job->bo[i]); + kvfree(job->bo); } - kvfree(job->bo); dma_fence_put(job->irq_fence); dma_fence_put(job->done_fence); -- 2.35.1