From 5c1ba498cd2ccd7e15cb129131b80d708e8d0887 Mon Sep 17 00:00:00 2001
From: Taylor R Campbell <riastradh@NetBSD.org>
Date: Tue, 31 May 2022 00:24:25 +0000
Subject: [PATCH] nouveau(4): Plug leaks in nvkm_mem_new_host error branches.

---
 .../nvkm/subdev/mmu/nouveau_nvkm_subdev_mmu_mem.c    | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/sys/external/bsd/drm2/dist/drm/nouveau/nvkm/subdev/mmu/nouveau_nvkm_subdev_mmu_mem.c b/sys/external/bsd/drm2/dist/drm/nouveau/nvkm/subdev/mmu/nouveau_nvkm_subdev_mmu_mem.c
index ead5e82fa2da..9544e8a08748 100644
--- a/sys/external/bsd/drm2/dist/drm/nouveau/nvkm/subdev/mmu/nouveau_nvkm_subdev_mmu_mem.c
+++ b/sys/external/bsd/drm2/dist/drm/nouveau/nvkm/subdev/mmu/nouveau_nvkm_subdev_mmu_mem.c
@@ -228,6 +228,7 @@ nvkm_mem_new_host(struct nvkm_mmu *mmu, int type, u8 page, u64 size,
 			}
 		} else {
 #ifdef __NetBSD__
+			kfree(mem);
 			return -ENODEV;
 #else
 			nvkm_memory_ctor(&nvkm_mem_sgl, &mem->memory);
@@ -235,8 +236,14 @@ nvkm_mem_new_host(struct nvkm_mmu *mmu, int type, u8 page, u64 size,
 #endif
 		}
 
-		if (!IS_ALIGNED(size, PAGE_SIZE))
+		if (!IS_ALIGNED(size, PAGE_SIZE)) {
+#ifdef __NetBSD__
+			kmem_free(mem->dma, mem->dmamap->dm_nsegs *
+			    sizeof(mem->dma[0]));
+#endif
+			kfree(mem);
 			return -EINVAL;
+		}
 		mem->pages = size >> PAGE_SHIFT;
 		return 0;
 	} else
@@ -259,6 +266,9 @@ nvkm_mem_new_host(struct nvkm_mmu *mmu, int type, u8 page, u64 size,
 	    mem->mem, size, &mem->nseg, BUS_DMA_WAITOK);
 	if (ret) {
 fail0:		kmem_free(mem->mem, size * sizeof(mem->mem[0]));
+		kmem_free(mem->dma, mem->dmamap->dm_nsegs *
+		    sizeof(mem->dma[0]));
+		kfree(mem);
 		return ret;
 	}
 	/* XXX errno NetBSD->Linux */