Add missing drm_gem_object_put() call when drm_gem_object_lookup() successfully returns an object. This fixes a GEM object reference leak that can prevent driver modules from unloading when using prime buffers.
Fixes: 53096728b891 ("drm: Add DRM prime interface to reassign GEM handle") Signed-off-by: Karol Wachowski karol.wachowski@linux.intel.com --- Changes between v1 and v2: - move setting ret value under if branch as suggested in review - add Cc: stable 6.18+ --- drivers/gpu/drm/drm_gem.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/drm_gem.c b/drivers/gpu/drm/drm_gem.c index ca1956608261..bcc08a6aebf8 100644 --- a/drivers/gpu/drm/drm_gem.c +++ b/drivers/gpu/drm/drm_gem.c @@ -1010,8 +1010,10 @@ int drm_gem_change_handle_ioctl(struct drm_device *dev, void *data, if (!obj) return -ENOENT;
- if (args->handle == args->new_handle) - return 0; + if (args->handle == args->new_handle) { + ret = 0; + goto out; + }
mutex_lock(&file_priv->prime.lock);
@@ -1043,6 +1045,8 @@ int drm_gem_change_handle_ioctl(struct drm_device *dev, void *data,
out_unlock: mutex_unlock(&file_priv->prime.lock); +out: + drm_gem_object_put(obj);
return ret; }
On 12/12/25 14:20, Karol Wachowski wrote:
Add missing drm_gem_object_put() call when drm_gem_object_lookup() successfully returns an object. This fixes a GEM object reference leak that can prevent driver modules from unloading when using prime buffers.
Fixes: 53096728b891 ("drm: Add DRM prime interface to reassign GEM handle") Signed-off-by: Karol Wachowski karol.wachowski@linux.intel.com
Changes between v1 and v2:
- move setting ret value under if branch as suggested in review
- add Cc: stable 6.18+
Oh don't CC the stable list on the review mail directly, just add "CC: stable@vger.kernel.org # 6.18+" to the tags. Greg is going to complain about that :(
With that done Reviewed-by: Christian König christian.koenig@amd.com and please push to drm-misc-fixes.
If you don't have commit rights for drm-misc-fixes please ping me and I'm going to push that.
Thanks, Christian.
drivers/gpu/drm/drm_gem.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/drm_gem.c b/drivers/gpu/drm/drm_gem.c index ca1956608261..bcc08a6aebf8 100644 --- a/drivers/gpu/drm/drm_gem.c +++ b/drivers/gpu/drm/drm_gem.c @@ -1010,8 +1010,10 @@ int drm_gem_change_handle_ioctl(struct drm_device *dev, void *data, if (!obj) return -ENOENT;
- if (args->handle == args->new_handle)
return 0;
- if (args->handle == args->new_handle) {
ret = 0;goto out;- }
mutex_lock(&file_priv->prime.lock); @@ -1043,6 +1045,8 @@ int drm_gem_change_handle_ioctl(struct drm_device *dev, void *data, out_unlock: mutex_unlock(&file_priv->prime.lock); +out:
- drm_gem_object_put(obj);
return ret; }
On 12/12/2025 2:28 PM, Christian König wrote:
On 12/12/25 14:20, Karol Wachowski wrote:
Add missing drm_gem_object_put() call when drm_gem_object_lookup() successfully returns an object. This fixes a GEM object reference leak that can prevent driver modules from unloading when using prime buffers.
Fixes: 53096728b891 ("drm: Add DRM prime interface to reassign GEM handle") Signed-off-by: Karol Wachowski karol.wachowski@linux.intel.com
Changes between v1 and v2:
- move setting ret value under if branch as suggested in review
- add Cc: stable 6.18+
Oh don't CC the stable list on the review mail directly, just add "CC: stable@vger.kernel.org # 6.18+" to the tags. Greg is going to complain about that :(
Oops, sorry about that. I've just sent V3 with (hopefully) correctly set Cc: tag this time.
With that done Reviewed-by: Christian König christian.koenig@amd.com and please push to drm-misc-fixes.
If you don't have commit rights for drm-misc-fixes please ping me and I'm going to push that.
Thanks, Christian.
drivers/gpu/drm/drm_gem.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/drm_gem.c b/drivers/gpu/drm/drm_gem.c index ca1956608261..bcc08a6aebf8 100644 --- a/drivers/gpu/drm/drm_gem.c +++ b/drivers/gpu/drm/drm_gem.c @@ -1010,8 +1010,10 @@ int drm_gem_change_handle_ioctl(struct drm_device *dev, void *data, if (!obj) return -ENOENT;
- if (args->handle == args->new_handle)
return 0;
- if (args->handle == args->new_handle) {
ret = 0;goto out;- }
mutex_lock(&file_priv->prime.lock); @@ -1043,6 +1045,8 @@ int drm_gem_change_handle_ioctl(struct drm_device *dev, void *data, out_unlock: mutex_unlock(&file_priv->prime.lock); +out:
- drm_gem_object_put(obj);
return ret; }
linaro-mm-sig@lists.linaro.org
-
Christian König -
Karol Wachowski