From: Yang Yingliang yangyingliang@huawei.com
[ Upstream commit 8466ff24a37a9a18fb935e90dda64f049131ae28 ]
If context device has no IOMMU, the 'cdl->devs' is freed in error path, but host1x_memory_context_list_init() doesn't return an error code, so the module can be loaded successfully, when it's unloading, the host1x_memory_context_list_free() is called in host1x_remove(), it will cause double free. Set the 'cdl->devs' to NULL after freeing it to avoid double free.
Fixes: 8aa5bcb61612 ("gpu: host1x: Add context device management code") Signed-off-by: Yang Yingliang yangyingliang@huawei.com Reviewed-by: Mikko Perttunen mperttunen@nvidia.com Signed-off-by: Thierry Reding treding@nvidia.com Signed-off-by: Sasha Levin sashal@kernel.org --- drivers/gpu/host1x/context.c | 1 + 1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/host1x/context.c b/drivers/gpu/host1x/context.c index 8beedcf080abd..5ec18315ff9fe 100644 --- a/drivers/gpu/host1x/context.c +++ b/drivers/gpu/host1x/context.c @@ -83,6 +83,7 @@ int host1x_memory_context_list_init(struct host1x *host1x) device_del(&cdl->devs[i].dev);
kfree(cdl->devs); + cdl->devs = NULL; cdl->len = 0;
return err;