]> git.ipfire.org Git - thirdparty/kernel/stable.git/commitdiff
drm/msm: Add error handling for krealloc in metadata setup
authorYuan Chen <chenyuan@kylinos.cn>
Fri, 27 Jun 2025 02:16:43 +0000 (10:16 +0800)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 20 Aug 2025 16:41:12 +0000 (18:41 +0200)
[ Upstream commit 1c8c354098ea9d4376a58c96ae6b65288a6f15d8 ]

Function msm_ioctl_gem_info_set_metadata() now checks for krealloc
failure and returns -ENOMEM, avoiding potential NULL pointer dereference.
Explicitly avoids __GFP_NOFAIL due to deadlock risks and allocation constraints.

Signed-off-by: Yuan Chen <chenyuan@kylinos.cn>
Patchwork: https://patchwork.freedesktop.org/patch/661235/
Signed-off-by: Rob Clark <robin.clark@oss.qualcomm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
drivers/gpu/drm/msm/msm_drv.c

index d007687c24467d84d4d4179174764ef066c66354..f0d016ce8e11cba5bb30b60b7abc1b2c542b33f0 100644 (file)
@@ -555,6 +555,7 @@ static int msm_ioctl_gem_info_set_metadata(struct drm_gem_object *obj,
                                           u32 metadata_size)
 {
        struct msm_gem_object *msm_obj = to_msm_bo(obj);
+       void *new_metadata;
        void *buf;
        int ret;
 
@@ -572,8 +573,14 @@ static int msm_ioctl_gem_info_set_metadata(struct drm_gem_object *obj,
        if (ret)
                goto out;
 
-       msm_obj->metadata =
+       new_metadata =
                krealloc(msm_obj->metadata, metadata_size, GFP_KERNEL);
+       if (!new_metadata) {
+               ret = -ENOMEM;
+               goto out;
+       }
+
+       msm_obj->metadata = new_metadata;
        msm_obj->metadata_size = metadata_size;
        memcpy(msm_obj->metadata, buf, metadata_size);