[PATCH 1/2] drm: Do not set outparam on error during GEM handle allocation

Good practice dictates that we do not leak stale information to our callers, and should avoid overwriting an outparam on an error path.

Reported-by: Ville Syrjälä ville.syrjala@linux.intel.com Signed-off-by: Chris Wilson chris@chris-wilson.co.uk Cc: Ville Syrjälä ville.syrjala@linux.intel.com --- drivers/gpu/drm/drm_gem.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/drivers/gpu/drm/drm_gem.c b/drivers/gpu/drm/drm_gem.c index 1b0c2c127072..eeee320e406b 100644 --- a/drivers/gpu/drm/drm_gem.c +++ b/drivers/gpu/drm/drm_gem.c @@ -331,6 +331,7 @@ drm_gem_handle_create_tail(struct drm_file *file_priv, u32 *handlep) { struct drm_device *dev = obj->dev; + u32 handle; int ret;

WARN_ON(!mutex_is_locked(&dev->object_name_lock)); @@ -353,7 +354,7 @@ drm_gem_handle_create_tail(struct drm_file *file_priv, if (ret < 0) goto err_unref;

- *handlep = ret; + handle = ret;

ret = drm_vma_node_allow(&obj->vma_node, file_priv->filp); if (ret) @@ -365,13 +366,14 @@ drm_gem_handle_create_tail(struct drm_file *file_priv, goto err_revoke; }

+ *handlep = handle; return 0;

err_revoke: drm_vma_node_revoke(&obj->vma_node, file_priv->filp); err_remove: spin_lock(&file_priv->table_lock); - idr_remove(&file_priv->object_idr, *handlep); + idr_remove(&file_priv->object_idr, handle); spin_unlock(&file_priv->table_lock); err_unref: drm_gem_object_handle_unreference_unlocked(obj);