[bug report] drm: Begin an API for in-kernel clients
Dan Carpenter
dan.carpenter at oracle.com
Wed Jul 11 18:28:59 UTC 2018
Hello Noralf Trønnes,
The patch c76f0f7cb546: "drm: Begin an API for in-kernel clients"
from Jul 3, 2018, leads to the following static checker warning:
drivers/gpu/drm/drm_client.c:289 drm_client_buffer_create()
error: double free of 'buffer'
drivers/gpu/drm/drm_client.c
268 /*
269 * FIXME: The dependency on GEM here isn't required, we could
270 * convert the driver handle to a dma-buf instead and use the
271 * backend-agnostic dma-buf vmap support instead. This would
272 * require that the handle2fd prime ioctl is reworked to pull the
273 * fd_install step out of the driver backend hooks, to make that
274 * final step optional for internal users.
275 */
276 vaddr = dev->driver->gem_prime_vmap(obj);
277 if (!vaddr) {
278 ret = -ENOMEM;
279 goto err_delete;
280 }
281
282 buffer->vaddr = vaddr;
283
284 return buffer;
285
286 err_delete:
287 drm_client_buffer_delete(buffer);
^^^^^^
Freed here
288 err_free:
289 kfree(buffer);
^^^^^^
Double free
290
291 return ERR_PTR(ret);
292 }
293
regards,
dan carpenter
More information about the dri-devel
mailing list