[PATCH v2 0/2] drm/xe: Untangle vm_bind_ioctl cleanup order and fix double free bug
Christoph Manszewski
christoph.manszewski at intel.com
Wed Aug 13 10:12:29 UTC 2025
Hi,
recently I stumbled into a double-free bug for array-binds when the
argument check fails. I've submitted a subtest to expose this issue
here: https://patchwork.freedesktop.org/series/152831/
I took the liberty to change the cleanup order in the main vm_bind
function but if that turns out to be unnecessary/faulty, just setting
the bind_ops to NULL on failure should be enough to fix the bug.
Regards,
Christoph
v2:
- correctly set the bind_ops pointer (Matt),
- move the reordering into a separate patch (Matt),
- adjust commit trailers,
Christoph Manszewski (2):
drm/xe: Fix vm_bind_ioctl double free bug
drm/xe: Untangle vm_bind_ioctl cleanup order
drivers/gpu/drm/xe/xe_vm.c | 18 +++++++++++-------
1 file changed, 11 insertions(+), 7 deletions(-)
--
2.47.1
More information about the Intel-xe
mailing list