From 60c9ecd705be3a28f79d70ea21c3939db668bf46 Mon Sep 17 00:00:00 2001 From: Zack Rusin Date: Wed, 15 Dec 2021 15:02:24 -0500 Subject: [PATCH] drm/vmwgfx: Fix possible usage of an uninitialized variable vmw_user_bo_lookup can fail to lookup user buffers, especially because the buffer handles come from the userspace. The return value has to be checked before the buffers are put back. This was spotted by Dan's Smatch statick checker: drivers/gpu/drm/vmwgfx/vmwgfx_bo.c:574 vmw_user_bo_synccpu_release() error: uninitialized symbol 'vmw_bo'. Signed-off-by: Zack Rusin Reported-by: Dan Carpenter Fixes: 8afa13a0583f ("drm/vmwgfx: Implement DRIVER_GEM") Reviewed-by: Martin Krastev Link: https://patchwork.freedesktop.org/patch/msgid/20211215200224.3693345-1-zack@kde.org --- drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c index 15fead85450c..31aecc46624b 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c @@ -568,10 +568,12 @@ static int vmw_user_bo_synccpu_release(struct drm_file *filp, struct vmw_buffer_object *vmw_bo; int ret = vmw_user_bo_lookup(filp, handle, &vmw_bo); - if (!(flags & drm_vmw_synccpu_allow_cs)) { - atomic_dec(&vmw_bo->cpu_writers); + if (!ret) { + if (!(flags & drm_vmw_synccpu_allow_cs)) { + atomic_dec(&vmw_bo->cpu_writers); + } + ttm_bo_put(&vmw_bo->base); } - ttm_bo_put(&vmw_bo->base); return ret; } -- 2.11.0