[Nouveau] [RFC] gem: fix "refcount_t: underflow; use-after-free"
Ben Skeggs
skeggsb at gmail.com
Wed Oct 7 05:42:39 UTC 2020
On Wed, 7 Oct 2020 at 08:08, Karol Herbst <kherbst at redhat.com> wrote:
>
> we can't use nouveau_bo_ref here as no ttm object was allocated and
> nouveau_bo_ref mainly deals with that. Simply deallocate the object.
I suspect this was fallout from when that whole process was split into
stages, seems reasonable to me, applied.
Ben.
>
> Signed-off-by: Karol Herbst <kherbst at redhat.com>
> ---
> drm/nouveau/nouveau_gem.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drm/nouveau/nouveau_gem.c b/drm/nouveau/nouveau_gem.c
> index e11303fbc..45582a8dc 100644
> --- a/drm/nouveau/nouveau_gem.c
> +++ b/drm/nouveau/nouveau_gem.c
> @@ -198,7 +198,8 @@ nouveau_gem_new(struct nouveau_cli *cli, u64 size, int align, uint32_t domain,
> * to the caller, instead of a normal nouveau_bo ttm reference. */
> ret = drm_gem_object_init(drm->dev, &nvbo->bo.base, size);
> if (ret) {
> - nouveau_bo_ref(NULL, &nvbo);
> + drm_gem_object_release(&nvbo->bo.base);
> + kfree(nvbo);
> return ret;
> }
>
> --
> 2.26.2
>
> _______________________________________________
> Nouveau mailing list
> Nouveau at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/nouveau
More information about the Nouveau
mailing list