This issue happens in an error path of igt_dmabuf_export_vmap(). When
dma_buf_vmap() succeeds and memchr_inv() returns nonzero, the function
forgets to decrement `vmapping_counter` of the dma_buf object, which
may result in refcount leaks.
Fix it by calling dma_buf_vunmap() under label `out_dma_map` in
certain error path.
Signed-off-by: Xin Xiong <xiong...@fudan.edu.cn>
Signed-off-by: Xiyu Yang <xiyuyan...@fudan.edu.cn>
Signed-off-by: Xin Tan <tanxin....@gmail.com>
---
drivers/gpu/drm/i915/gem/selftests/i915_gem_dmabuf.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/i915/gem/selftests/i915_gem_dmabuf.c
b/drivers/gpu/drm/i915/gem/selftests/i915_gem_dmabuf.c
index 4a6bb64c3..b24bc506f 100644
--- a/drivers/gpu/drm/i915/gem/selftests/i915_gem_dmabuf.c
+++ b/drivers/gpu/drm/i915/gem/selftests/i915_gem_dmabuf.c
@@ -428,12 +428,14 @@ static int igt_dmabuf_export_vmap(void *arg)
if (memchr_inv(ptr, 0, dmabuf->size)) {
pr_err("Exported object not initialiased to zero!\n");
err = -EINVAL;
- goto out;
+ goto out_dma_map;
}
memset(ptr, 0xc5, dmabuf->size);
err = 0;
+
+out_dma_map:
dma_buf_vunmap(dmabuf, &map);
out:
dma_buf_put(dmabuf);
--
2.25.1
