[PATCH 0/1] drm/xe: Untangle vm_bind_ioctl cleanup order and fix double free bug
Christoph Manszewski
christoph.manszewski at intel.com
Tue Aug 12 13:17:27 UTC 2025
Hi,
recently I stumbled into a double-free bug for array-binds when the
argument check fails. I've submitted a subtest to expose this issue
here: https://patchwork.freedesktop.org/series/152831/
I took the liberty to change the cleanup order in the main vm_bind
function but if that turns out to be unnecessary/faulty, just setting
the bind_ops to NULL on failure should be enough to fix the bug.
Regards,
Christoph
Christoph Manszewski (1):
drm/xe: Untangle vm_bind_ioctl cleanup order and fix double free bug
drivers/gpu/drm/xe/xe_vm.c | 18 +++++++++++-------
1 file changed, 11 insertions(+), 7 deletions(-)
--
2.47.1
More information about the Intel-xe
mailing list