drm/i915/gem: Fix oops in error handling code

This code will Oops when it tries to i915_gem_object_free(obj) because
"obj" is an error pointer.

Fixes: 97d553963250 ("drm/i915/region: convert object_create into object_init")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Chris Wilson <chris@chris-wilson.co.uk>
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Link: https://patchwork.freedesktop.org/patch/msgid/YA6FkPn5S4ZDUGxq@mwanda
(cherry picked from commit ad8db423a30f0ac39a5483dfd726058135ff2bd2)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>

diff --git a/drivers/gpu/drm/i915/gem/i915_gem_stolen.c b/drivers/gpu/drm/i915/gem/i915_gem_stolen.c
index 551935348ad8e37f6f1004febe9726abb93c3474..a1e197a6e999d9ca030591a496ab24ef475f57b2 100644 (file)
--- a/drivers/gpu/drm/i915/gem/i915_gem_stolen.c
+++ b/drivers/gpu/drm/i915/gem/i915_gem_stolen.c
@@ -753,22 +753,18 @@ i915_gem_object_create_stolen_for_preallocated(struct drm_i915_private *i915,
        mutex_lock(&i915->mm.stolen_lock);
        ret = drm_mm_reserve_node(&i915->mm.stolen, stolen);
        mutex_unlock(&i915->mm.stolen_lock);
-       if (ret) {
-               obj = ERR_PTR(ret);
+       if (ret)
                goto err_free;
-       }
 
        obj = i915_gem_object_alloc();
        if (!obj) {
-               obj = ERR_PTR(-ENOMEM);
+               ret = -ENOMEM;
                goto err_stolen;
        }
 
        ret = __i915_gem_object_create_stolen(mem, obj, stolen);
-       if (ret) {
-               obj = ERR_PTR(ret);
+       if (ret)
                goto err_object_free;
-       }
 
        i915_gem_object_set_cache_coherency(obj, I915_CACHE_NONE);
        return obj;
@@ -779,7 +775,7 @@ err_stolen:
        i915_gem_stolen_remove_node(i915, stolen);
 err_free:
        kfree(stolen);
-       return obj;
+       return ERR_PTR(ret);
 }
 
 bool i915_gem_object_is_stolen(const struct drm_i915_gem_object *obj)