drm/vc4: Fix a memory leak in hang state error path

When vc4_save_hang_state() encounters an early return condition, it
returns without freeing the previously allocated `kernel_state`,
leaking memory.

Add the missing kfree() calls by consolidating the early return paths
into a single place.

Fixes: 214613656b51 ("drm/vc4: Add an interface for capturing the GPU state after a hang.")
Reviewed-by: Melissa Wen <mwen@igalia.com>
Link: https://patch.msgid.link/20260330-vc4-misc-fixes-v1-3-92defc940a29@igalia.com
Signed-off-by: Maíra Canal <mcanal@igalia.com>

diff --git a/drivers/gpu/drm/vc4/vc4_gem.c b/drivers/gpu/drm/vc4/vc4_gem.c
index a64d5a962452836256a0a3a27e4f0d2db46be4ea..34bdac107ce18fa54de93feb4b538cb9869f1067 100644 (file)
--- a/drivers/gpu/drm/vc4/vc4_gem.c
+++ b/drivers/gpu/drm/vc4/vc4_gem.c
@@ -171,10 +171,8 @@ vc4_save_hang_state(struct drm_device *dev)
        spin_lock_irqsave(&vc4->job_lock, irqflags);
        exec[0] = vc4_first_bin_job(vc4);
        exec[1] = vc4_first_render_job(vc4);
-       if (!exec[0] && !exec[1]) {
-               spin_unlock_irqrestore(&vc4->job_lock, irqflags);
-               return;
-       }
+       if (!exec[0] && !exec[1])
+               goto err_free_state;
 
        /* Get the bos from both binner and renderer into hang state. */
        state->bo_count = 0;
@@ -191,10 +189,8 @@ vc4_save_hang_state(struct drm_device *dev)
        kernel_state->bo = kzalloc_objs(*kernel_state->bo, state->bo_count,
                                        GFP_ATOMIC);
 
-       if (!kernel_state->bo) {
-               spin_unlock_irqrestore(&vc4->job_lock, irqflags);
-               return;
-       }
+       if (!kernel_state->bo)
+               goto err_free_state;
 
        k = 0;
        for (i = 0; i < 2; i++) {
@@ -286,6 +282,12 @@ vc4_save_hang_state(struct drm_device *dev)
                vc4->hang_state = kernel_state;
                spin_unlock_irqrestore(&vc4->job_lock, irqflags);
        }
+
+       return;
+
+err_free_state:
+       spin_unlock_irqrestore(&vc4->job_lock, irqflags);
+       kfree(kernel_state);
 }
 
 static void