On 12/12/2025 2:06 PM, Christian König wrote:
> On 12/12/25 14:02, Karol Wachowski wrote:
>> Add missing drm_gem_object_put() call when drm_gem_object_lookup()
>> successfully returns an object. This fixes a GEM object reference
>> leak that can prevent driver modules from unloading when using
>> prime buffers.
>
> Good catch.
>
>> Fixes: 53096728b891 ("drm: Add DRM prime interface to reassign GEM handle")
>> Signed-off-by: Karol Wachowski <[email protected]>
>
> CC: stable 6.18?
Good idea - added CC: stable in v2.
>
>> ---
>> drivers/gpu/drm/drm_gem.c | 6 ++++--
>> 1 file changed, 4 insertions(+), 2 deletions(-)
>>
>> diff --git a/drivers/gpu/drm/drm_gem.c b/drivers/gpu/drm/drm_gem.c
>> index ca1956608261..e150bc1ce65a 100644
>> --- a/drivers/gpu/drm/drm_gem.c
>> +++ b/drivers/gpu/drm/drm_gem.c
>> @@ -1001,7 +1001,7 @@ int drm_gem_change_handle_ioctl(struct drm_device
>> *dev, void *data,
>> {
>> struct drm_gem_change_handle *args = data;
>> struct drm_gem_object *obj;
>> - int ret;
>> + int ret = 0;
>
> Please set ret explicitly in the if branch below.
>
> Always initializing return values is usually considered bad coding style.
Totally agree, moved setting to suggested place in v2.
>
> Apart from that looks good to me.
>
> Thanks,
> Christian.
Thanks,
Karol.>
>>
>> if (!drm_core_check_feature(dev, DRIVER_GEM))
>> return -EOPNOTSUPP;
>> @@ -1011,7 +1011,7 @@ int drm_gem_change_handle_ioctl(struct drm_device
>> *dev, void *data,
>> return -ENOENT;
>>
>> if (args->handle == args->new_handle)
>> - return 0;
>> + goto out;
>>
>> mutex_lock(&file_priv->prime.lock);
>>
>> @@ -1043,6 +1043,8 @@ int drm_gem_change_handle_ioctl(struct drm_device
>> *dev, void *data,
>>
>> out_unlock:
>> mutex_unlock(&file_priv->prime.lock);
>> +out:
>> + drm_gem_object_put(obj);
>>
>> return ret;
>> }
>
