On Thu, Mar 21, 2024 at 03:56:23PM -0400, Rodrigo Vivi wrote:
On Thu, Mar 21, 2024 at 03:56:44PM +0100, Maarten Lankhorst wrote:Add a reference to bo after all error paths, to prevent leaking a bo ref. Return 0 to clarify that this is the success path. Signed-off-by: Maarten Lankhorst <maarten.lankhorst@xxxxxxxxxxxxxxx> Fixes: 44e694958b95 ("drm/xe/display: Implement display support") Cc: <stable@xxxxxxxxxxxxxxx> # v6.8+ --- drivers/gpu/drm/xe/display/intel_fb_bo.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/xe/display/intel_fb_bo.c b/drivers/gpu/drm/xe/display/intel_fb_bo.c index b21da7b745a5..7262bbca9baf 100644 --- a/drivers/gpu/drm/xe/display/intel_fb_bo.c +++ b/drivers/gpu/drm/xe/display/intel_fb_bo.c @@ -27,8 +27,6 @@ int intel_fb_bo_framebuffer_init(struct intel_framebuffer *intel_fb, struct drm_i915_private *i915 = to_i915(bo->ttm.base.dev); int ret; - xe_bo_get(bo); - ret = ttm_bo_reserve(&bo->ttm, true, false, NULL); if (ret) return ret; @@ -48,7 +46,8 @@ int intel_fb_bo_framebuffer_init(struct intel_framebuffer *intel_fb, } ttm_bo_unreserve(&bo->ttm); - return ret; + xe_bo_get(bo);wouldn't be safer to keep the get in the beginning of everything else and then if in an error path you xe_bo_put(bo); ?!
yes, I was thinking exactly that. Otherwise it's harder to reason about the lifetime of the object and why the bo couldn't disappear after e.g. ttm_bo_reserve() and cause use-after-free. Lucas De Marchi
+ return 0; } struct xe_bo *intel_fb_bo_lookup_valid_bo(struct drm_i915_private *i915, -- 2.43.0
