[Nouveau] [PATCH] drm/nouveau: release vga_ram allocation before tearing down mm's
Ben Skeggs
bskeggs at redhat.com
Sun May 8 15:39:46 PDT 2011
On Sat, 2011-05-07 at 18:03 +0200, Daniel Vetter wrote:
> Otherwise we have a use-after free.
>
> Tested-and-Reported-by: Bruno Prémont <bonbons at linux-vserver.org>
> Signed-off-by: Daniel Vetter <daniel.vetter at ffwll.ch>
Ah, we actually have a patch in the nouveau git tree fixing this
already.
I'll get this upstream ASAP.
Ben.
> ---
> drivers/gpu/drm/nouveau/nouveau_mem.c | 2 --
> drivers/gpu/drm/nouveau/nouveau_state.c | 2 ++
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/gpu/drm/nouveau/nouveau_mem.c b/drivers/gpu/drm/nouveau/nouveau_mem.c
> index 5045f8b..c3e953b 100644
> --- a/drivers/gpu/drm/nouveau/nouveau_mem.c
> +++ b/drivers/gpu/drm/nouveau/nouveau_mem.c
> @@ -152,8 +152,6 @@ nouveau_mem_vram_fini(struct drm_device *dev)
> {
> struct drm_nouveau_private *dev_priv = dev->dev_private;
>
> - nouveau_bo_ref(NULL, &dev_priv->vga_ram);
> -
> ttm_bo_device_release(&dev_priv->ttm.bdev);
>
> nouveau_ttm_global_release(dev_priv);
> diff --git a/drivers/gpu/drm/nouveau/nouveau_state.c b/drivers/gpu/drm/nouveau/nouveau_state.c
> index a30adec..1fe6503 100644
> --- a/drivers/gpu/drm/nouveau/nouveau_state.c
> +++ b/drivers/gpu/drm/nouveau/nouveau_state.c
> @@ -768,6 +768,8 @@ static void nouveau_card_takedown(struct drm_device *dev)
> engine->mc.takedown(dev);
> engine->display.late_takedown(dev);
>
> + nouveau_bo_ref(NULL, &dev_priv->vga_ram);
> +
> mutex_lock(&dev->struct_mutex);
> ttm_bo_clean_mm(&dev_priv->ttm.bdev, TTM_PL_VRAM);
> ttm_bo_clean_mm(&dev_priv->ttm.bdev, TTM_PL_TT);
More information about the Nouveau
mailing list