From b33b556ce59b5239a7b73c495209f90ec990e60c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20K=C3=B6nig?= <christian.koenig@amd.com>
Date: Mon, 22 Jul 2019 14:56:25 +0200
Subject: drm/syncobj: fix leaking dma_fence in drm_syncobj_query_ioctl
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Git-commit: b33b556ce59b5239a7b73c495209f90ec990e60c
Patch-mainline: v5.4-rc1
References: bsc#1152472

We need to check the context number instead if the previous sequence to detect
an error and if an error is detected we need to drop the reference to the
current fence or otherwise would leak it.

Signed-off-by: Christian König <christian.koenig@amd.com>
Reviewed-by: Lionel Landwerlin <lionel.g.landwerlin@intel.com>
Fixes: 27b575a9aa2f ("drm/syncobj: add timeline payload query ioctl v6")
Link: https://patchwork.freedesktop.org/patch/319123/
Acked-by: Thomas Zimmermann <tzimmermann@suse.de>
---
 drivers/gpu/drm/drm_syncobj.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/drivers/gpu/drm/drm_syncobj.c b/drivers/gpu/drm/drm_syncobj.c
index 75cb4bb7619e..1438dcb3ebb1 100644
--- a/drivers/gpu/drm/drm_syncobj.c
+++ b/drivers/gpu/drm/drm_syncobj.c
@@ -1298,14 +1298,14 @@ int drm_syncobj_query_ioctl(struct drm_device *dev, void *data,
 			struct dma_fence *iter, *last_signaled = NULL;
 
 			dma_fence_chain_for_each(iter, fence) {
-				if (!iter)
-					break;
-				dma_fence_put(last_signaled);
-				last_signaled = dma_fence_get(iter);
-				if (!to_dma_fence_chain(last_signaled)->prev_seqno)
+				if (iter->context != fence->context) {
+					dma_fence_put(iter);
 					/* It is most likely that timeline has
 					 * unorder points. */
 					break;
+				}
+				dma_fence_put(last_signaled);
+				last_signaled = dma_fence_get(iter);
 			}
 			point = dma_fence_is_signaled(last_signaled) ?
 				last_signaled->seqno :
-- 
2.28.0