From bb0c3b12b955497f0bceb9790d06c30714321e53 Mon Sep 17 00:00:00 2001
From: Valentine Burley <valentine.burley@collabora.com>
Date: Fri, 20 Mar 2026 11:33:46 +0100
Subject: [PATCH] tu/drm/virtio: Fix GEM handle leak on failed dmabuf res_id
 lookup

When vdrm_handle_to_res_id fails in virtio_bo_init_dmabuf, the handle
obtained from vdrm_dmabuf_to_handle was leaked.
Closing the handle is safe despite the lack of vdrm refcounting
because dma_bo_lock is held and already-imported BOs return early.
At this point, we are the sole holder of the handle.

While here, use the local vdrm variable consistently.

Fixes: 6ca192f586f ("turnip: virtio: fix iova leak upon found already imported dmabuf")
Signed-off-by: Valentine Burley <valentine.burley@collabora.com>
(cherry picked from commit f2c89f01880d12061631801ab217d7b4d2fcca9b)

Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/40752>
---
 .pick_status.json                         | 2 +-
 src/freedreno/vulkan/tu_knl_drm_virtio.cc | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.pick_status.json b/.pick_status.json
index c7ec3f98c52..b889e7932b3 100644
--- a/.pick_status.json
+++ b/.pick_status.json
@@ -3824,7 +3824,7 @@
         "description": "tu/drm/virtio: Fix GEM handle leak on failed dmabuf res_id lookup",
         "nominated": true,
         "nomination_type": 2,
-        "resolution": 0,
+        "resolution": 1,
         "main_sha": null,
         "because_sha": "6ca192f586fe1470a97b6f34bce7761a760ce15d",
         "notes": null
diff --git a/src/freedreno/vulkan/tu_knl_drm_virtio.cc b/src/freedreno/vulkan/tu_knl_drm_virtio.cc
index f3dc823aca4..020210dd8af 100644
--- a/src/freedreno/vulkan/tu_knl_drm_virtio.cc
+++ b/src/freedreno/vulkan/tu_knl_drm_virtio.cc
@@ -822,7 +822,7 @@ virtio_bo_init_dmabuf(struct tu_device *dev,
 
    res_id = vdrm_handle_to_res_id(vdrm, handle);
    if (!res_id) {
-      /* XXX gem_handle potentially leaked here since no refcnt */
+      vdrm_bo_close(vdrm, handle);
       result = vk_error(dev, VK_ERROR_INVALID_EXTERNAL_HANDLE);
       goto out_unlock;
    }
@@ -844,7 +844,7 @@ virtio_bo_init_dmabuf(struct tu_device *dev,
                                                   TU_BO_ALLOC_DMABUF, &iova);
    mtx_unlock(&dev->vma_mutex);
    if (result != VK_SUCCESS) {
-      vdrm_bo_close(dev->vdev->vdrm, handle);
+      vdrm_bo_close(vdrm, handle);
       goto out_unlock;
    }