Hi, drm_gem_object_init() will do these before failed: void drm_gem_private_object_init(struct drm_device *dev, struct drm_gem_object *obj, size_t size) { BUG_ON((size & (PAGE_SIZE - 1)) != 0); obj->dev = dev; obj->filp = NULL; kref_init(&obj->refcount); obj->handle_count = 0; obj->size = size; dma_resv_init(&obj->_resv); if (!obj->resv) obj->resv = &obj->_resv; drm_vma_node_reset(&obj->vma_node); INIT_LIST_HEAD(&obj->lru_node); } so I think when it failed, should use drm_gem_object_release() to do dma_resv_fini() and others. another, if drm_gem_object_init() fails, the drm_gem_handle_create() can not be called. ÓÚ Tue, 8 Nov 2022 09:28:34 +0100 Thomas Zimmermann <tzimmermann@xxxxxxx> дµÀ: > Hi > > Am 08.11.22 um 03:03 schrieb ChunyouTang: > > when goto err_free, the object had init, so it should be release > > when fail. > > If the call to drm_gem_object_init() fails, the object is still > uninitialized. Admittedly, the call to gem_create_object could need > additional cleanup, but it appears as if no one has had a need for > this so far. > > Is there anything that might leak? > > > > > Signed-off-by: ChunyouTang <tangchunyou@xxxxxxx> > > --- > > drivers/gpu/drm/drm_gem_shmem_helper.c | 4 ++-- > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > diff --git a/drivers/gpu/drm/drm_gem_shmem_helper.c > > b/drivers/gpu/drm/drm_gem_shmem_helper.c index > > 35138f8a375c..2e5e3207355f 100644 --- > > a/drivers/gpu/drm/drm_gem_shmem_helper.c +++ > > b/drivers/gpu/drm/drm_gem_shmem_helper.c @@ -104,10 +104,10 @@ > > __drm_gem_shmem_create(struct drm_device *dev, size_t size, bool > > private) return shmem; > > > > -err_release: > > - drm_gem_object_release(obj); > > err_free: > > kfree(obj); > > +err_release: > > + drm_gem_object_release(obj); > > You have now freed the object's memory before releasing it. Not going > to work. > > Best regards > Thomas > > > > > return ERR_PTR(ret); > > } >