[Nouveau] [Bug 58087] [-next] nouveau corrupts kernel mm allocator

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Wed Dec 12 13:14:33 PST 2012 

https://bugs.freedesktop.org/show_bug.cgi?id=58087

--- Comment #2 from Peter Hurley <peter at hurleysoftware.com> ---
(In reply to comment #1)
> Created attachment 71290 [details] [review]
> fix

-    vm = *pvm = kzalloc(sizeof(*vm), GFP_KERNEL);
+    vm = kzalloc(sizeof(*vm), GFP_KERNEL);

How/why *not* setting cli->base.vm to NULL fixes this?

Also, this assignment idiom is common in the nouveau driver code. Is the above
fix just one of many necessary?

core/subdev/vm/base.c:    vm = *pvm = kzalloc(sizeof(*vm), GFP_KERNEL);
core/core/object.c:    object = *pobject = kzalloc(size, GFP_KERNEL);
core/core/ramht.c:    co = ho = nouveau_ramht_hash(ramht, chid, handle);
core/core/handle.c:    handle = *phandle = kzalloc(sizeof(*handle),
GFP_KERNEL);
nouveau_abi16.c:        cli->abi16 = abi16 = kzalloc(sizeof(*abi16),
GFP_KERNEL);
nouveau_bo.c:    struct nouveau_channel *chan = chan = drm->channel;  /*
COMMENT: THIS ONE IS INTERESTING */
nouveau_chan.c:    chan = *pchan = kzalloc(sizeof(*chan), GFP_KERNEL);
nouveau_display.c:    disp = drm->display = kzalloc(sizeof(*disp), GFP_KERNEL);
nouveau_pm.c:    pm = drm->pm = kzalloc(sizeof(*pm), GFP_KERNEL);
nv04_fence.c:    priv = drm->fence = kzalloc(sizeof(*priv), GFP_KERNEL);
nv10_fence.c:    fctx = chan->fence = kzalloc(sizeof(*fctx), GFP_KERNEL);
nv10_fence.c:    priv = drm->fence = kzalloc(sizeof(*priv), GFP_KERNEL);
nv50_fence.c:    fctx = chan->fence = kzalloc(sizeof(*fctx), GFP_KERNEL);
nv50_fence.c:    priv = drm->fence = kzalloc(sizeof(*priv), GFP_KERNEL);
nv84_fence.c:    fctx = chan->fence = kzalloc(sizeof(*fctx), GFP_KERNEL);
nv84_fence.c:    priv = drm->fence = kzalloc(sizeof(*priv), GFP_KERNEL);
nvc0_fence.c:    fctx = chan->fence = kzalloc(sizeof(*fctx), GFP_KERNEL);
nvc0_fence.c:    priv = drm->fence = kzalloc(sizeof(*priv), GFP_KERNEL);

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/nouveau/attachments/20121212/c7793821/attachment.html>

More information about the Nouveau mailing list