drm/msm: Add error handling for krealloc in metadata setup

[ Upstream commit 1c8c354098ea9d4376a58c96ae6b65288a6f15d8 ]

Function msm_ioctl_gem_info_set_metadata() now checks for krealloc
failure and returns -ENOMEM, avoiding potential NULL pointer dereference.
Explicitly avoids __GFP_NOFAIL due to deadlock risks and allocation constraints.

Signed-off-by: Yuan Chen <chenyuan@kylinos.cn>
Patchwork: https://patchwork.freedesktop.org/patch/661235/
Signed-off-by: Rob Clark <robin.clark@oss.qualcomm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/drivers/gpu/drm/msm/msm_drv.c b/drivers/gpu/drm/msm/msm_drv.c
index 8c13b08708d228cf089dd83ad390fd4ad7ae818a..197d8d9a421d32b3f60c5eafa3c96318cc79b54f 100644 (file)
--- a/drivers/gpu/drm/msm/msm_drv.c
+++ b/drivers/gpu/drm/msm/msm_drv.c
@@ -550,6 +550,7 @@ static int msm_ioctl_gem_info_set_metadata(struct drm_gem_object *obj,
                                           u32 metadata_size)
 {
        struct msm_gem_object *msm_obj = to_msm_bo(obj);
+       void *new_metadata;
        void *buf;
        int ret;
 
@@ -567,8 +568,14 @@ static int msm_ioctl_gem_info_set_metadata(struct drm_gem_object *obj,
        if (ret)
                goto out;
 
-       msm_obj->metadata =
+       new_metadata =
                krealloc(msm_obj->metadata, metadata_size, GFP_KERNEL);
+       if (!new_metadata) {
+               ret = -ENOMEM;
+               goto out;
+       }
+
+       msm_obj->metadata = new_metadata;
        msm_obj->metadata_size = metadata_size;
        memcpy(msm_obj->metadata, buf, metadata_size);