diff options
| author | Yang Yingliang <yangyingliang@huawei.com> | 2022-11-26 15:33:14 +0800 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2023-05-11 23:17:05 +0900 |
| commit | d922c295710fe531c599f882baa28ae2cfd6a618 (patch) | |
| tree | 0069be7c66143d393edb3a0068ea8d5d8727cab5 | |
| parent | a5089a3d8ca6c04fbda3fd920510dbd6d03297b8 (diff) | |
| download | linux-stable-d922c295710fe531c599f882baa28ae2cfd6a618.tar.gz linux-stable-d922c295710fe531c599f882baa28ae2cfd6a618.tar.bz2 linux-stable-d922c295710fe531c599f882baa28ae2cfd6a618.zip | |
gpu: host1x: Fix potential double free if IOMMU is disabled
[ Upstream commit 8466ff24a37a9a18fb935e90dda64f049131ae28 ]
If context device has no IOMMU, the 'cdl->devs' is freed in
error path, but host1x_memory_context_list_init() doesn't
return an error code, so the module can be loaded successfully,
when it's unloading, the host1x_memory_context_list_free() is
called in host1x_remove(), it will cause double free. Set the
'cdl->devs' to NULL after freeing it to avoid double free.
Fixes: 8aa5bcb61612 ("gpu: host1x: Add context device management code")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Reviewed-by: Mikko Perttunen <mperttunen@nvidia.com>
Signed-off-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
| -rw-r--r-- | drivers/gpu/host1x/context.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/drivers/gpu/host1x/context.c b/drivers/gpu/host1x/context.c index 8beedcf080ab..5ec18315ff9f 100644 --- a/drivers/gpu/host1x/context.c +++ b/drivers/gpu/host1x/context.c @@ -83,6 +83,7 @@ del_devices: device_del(&cdl->devs[i].dev); kfree(cdl->devs); + cdl->devs = NULL; cdl->len = 0; return err; |