From mboxrd@z Thu Jan  1 00:00:00 1970
From: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
Subject: Re: [PATCH] drm/gma500: fix double freeing
Date: Wed, 30 Sep 2015 11:42:41 +0530
Message-ID: <20150930061241.GC3500@sudip-pc>
References: <1441803040-15998-1-git-send-email-sudipm.mukherjee@gmail.com>
 <20150924155725.GE10109@sudip-pc>
 <CAMeQTsZvcpL3MRF_VTR_nvbhKKUTK-+c_kEc2UBP2t6WzAr3vg@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Return-path: <dri-devel-bounces@lists.freedesktop.org>
Received: from mail-pa0-f47.google.com (mail-pa0-f47.google.com
 [209.85.220.47])
 by gabe.freedesktop.org (Postfix) with ESMTPS id 399E272146
 for <dri-devel@lists.freedesktop.org>; Tue, 29 Sep 2015 23:12:48 -0700 (PDT)
Received: by pacex6 with SMTP id ex6so30092557pac.0
 for <dri-devel@lists.freedesktop.org>; Tue, 29 Sep 2015 23:12:47 -0700 (PDT)
Content-Disposition: inline
In-Reply-To: <CAMeQTsZvcpL3MRF_VTR_nvbhKKUTK-+c_kEc2UBP2t6WzAr3vg@mail.gmail.com>
List-Unsubscribe: <http://lists.freedesktop.org/mailman/options/dri-devel>,
 <mailto:dri-devel-request@lists.freedesktop.org?subject=unsubscribe>
List-Archive: <http://lists.freedesktop.org/archives/dri-devel>
List-Post: <mailto:dri-devel@lists.freedesktop.org>
List-Help: <mailto:dri-devel-request@lists.freedesktop.org?subject=help>
List-Subscribe: <http://lists.freedesktop.org/mailman/listinfo/dri-devel>,
 <mailto:dri-devel-request@lists.freedesktop.org?subject=subscribe>
Errors-To: dri-devel-bounces@lists.freedesktop.org
Sender: "dri-devel" <dri-devel-bounces@lists.freedesktop.org>
To: Patrik Jakobsson <patrik.r.jakobsson@gmail.com>
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>, linux-kernel <linux-kernel@vger.kernel.org>, dri-devel <dri-devel@lists.freedesktop.org>
List-Id: dri-devel@lists.freedesktop.org

T24gVHVlLCBTZXAgMjksIDIwMTUgYXQgMDM6MjA6MzVQTSArMDIwMCwgUGF0cmlrIEpha29ic3Nv
biB3cm90ZToKPiBPbiBUaHUsIFNlcCAyNCwgMjAxNSBhdCA1OjU3IFBNLCBTdWRpcCBNdWtoZXJq
ZWUKPiA8c3VkaXBtLm11a2hlcmplZUBnbWFpbC5jb20+IHdyb3RlOgo+ID4gT24gV2VkLCBTZXAg
MDksIDIwMTUgYXQgMDY6MjA6NDBQTSArMDUzMCwgU3VkaXAgTXVraGVyamVlIHdyb3RlOgo+ID4+
IElmIGJhY2tpbmctPnN0b2xlbiBpcyB0cnVlIHRoZW4gd2Ugd2VyZSBmcmVlaW5nIGJhY2tpbmcg
YnkgY2FsbGluZwo+ID4+IHBzYl9ndHRfZnJlZV9yYW5nZSgpIGJ1dCB3ZSBjYWxsZWQgaXQgYWdh
aW4gYWZ0ZXIgdW5sb2NraW5nIHRoZSBtdXRleC4KPiA+PiBMZXRzIG1ha2UgaXQgTlVMTCBhZnRl
ciBmcmVlaW5nIGluIHBzYl9ndHRfZnJlZV9yYW5nZSgpIGFuZCBjaGVjayBmb3IKPiA+PiBOVUxM
IGJlZm9yZSBjYWxsaW5nIHRoZSBmdW5jdGlvbiBmb3IgdGhlIHNlY29uZCB0aW1lLgo+ID4+Cj4g
Pj4gU2lnbmVkLW9mZi1ieTogU3VkaXAgTXVraGVyamVlIDxzdWRpcEB2ZWN0b3JpbmRpYS5vcmc+
Cj4gPj4gLS0tCj4gPiBIaSBQYXRyaWssCj4gPiBBIGdlbnRsZSBwaW5nLgo+ID4KPiA+IHJlZ2Fy
ZHMKPiA+IHN1ZGlwCj4gCj4gSGksIHNvcnJ5IGZvciB0aGUgbGF0ZSByZXBseS4KPiAKPiBXaHkg
YXJlIHdlIGZyZWVpbmcgdGhlIHJhbmdlIHR3aWNlIGluIHRoZSBmaXJzdCBjYXNlPwpJIHRoaW5r
LAppZiBiYWNraW5nLT5zdG9sZW4gaXMgdHJ1ZSB0aGVuIGJhY2tpbmcgaXMgcmVsZWFzZWQgdXNp
bmcKcHNiX2d0dF9mcmVlX3JhbmdlKCkgYnV0IGlmIGJhY2tpbmctPnN0b2xlbiBpcyBmYWxzZSB0
aGVuIHRoZSBnZW0gb2JqZWN0CmlzIGZyZWVkIGJ1dCB0aGUgYmFja2luZyBpcyBub3QgeWV0IGZy
ZWVkLiBUbyBmcmVlIHRoYXQgYmFja2luZwpwc2JfZ3R0X2ZyZWVfcmFuZ2UoKSBoYXMgYmVlbiBj
YWxsZWQgc2Vjb25kIHRpbWUuIE15IHBhdGNoIHRyaWVkIHRvIGZpeAp0aGUgcG9zc2liaWxpdHkg
b2YgYmFja2luZy0+c3RvbGVuIGJlaW5nIHRydWUgYW5kIGJhY2tpbmcgYmVpbmcgZnJlZWQgMgp0
aW1lcy4KCnJlZ2FyZHMKc3VkaXAKCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fCmRyaS1kZXZlbCBtYWlsaW5nIGxpc3QKZHJpLWRldmVsQGxpc3RzLmZyZWVk
ZXNrdG9wLm9yZwpodHRwOi8vbGlzdHMuZnJlZWRlc2t0b3Aub3JnL21haWxtYW4vbGlzdGluZm8v
ZHJpLWRldmVsCg==

From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753827AbbI3GMu (ORCPT <rfc822;w@1wt.eu>);
	Wed, 30 Sep 2015 02:12:50 -0400
Received: from mail-pa0-f46.google.com ([209.85.220.46]:33846 "EHLO
	mail-pa0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1753103AbbI3GMs (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Wed, 30 Sep 2015 02:12:48 -0400
Date: Wed, 30 Sep 2015 11:42:41 +0530
From: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
To: Patrik Jakobsson <patrik.r.jakobsson@gmail.com>
Cc: David Airlie <airlied@linux.ie>, Daniel Vetter <daniel.vetter@ffwll.ch>,
        linux-kernel <linux-kernel@vger.kernel.org>,
        dri-devel <dri-devel@lists.freedesktop.org>
Subject: Re: [PATCH] drm/gma500: fix double freeing
Message-ID: <20150930061241.GC3500@sudip-pc>
References: <1441803040-15998-1-git-send-email-sudipm.mukherjee@gmail.com>
 <20150924155725.GE10109@sudip-pc>
 <CAMeQTsZvcpL3MRF_VTR_nvbhKKUTK-+c_kEc2UBP2t6WzAr3vg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAMeQTsZvcpL3MRF_VTR_nvbhKKUTK-+c_kEc2UBP2t6WzAr3vg@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Sep 29, 2015 at 03:20:35PM +0200, Patrik Jakobsson wrote:
> On Thu, Sep 24, 2015 at 5:57 PM, Sudip Mukherjee
> <sudipm.mukherjee@gmail.com> wrote:
> > On Wed, Sep 09, 2015 at 06:20:40PM +0530, Sudip Mukherjee wrote:
> >> If backing->stolen is true then we were freeing backing by calling
> >> psb_gtt_free_range() but we called it again after unlocking the mutex.
> >> Lets make it NULL after freeing in psb_gtt_free_range() and check for
> >> NULL before calling the function for the second time.
> >>
> >> Signed-off-by: Sudip Mukherjee <sudip@vectorindia.org>
> >> ---
> > Hi Patrik,
> > A gentle ping.
> >
> > regards
> > sudip
> 
> Hi, sorry for the late reply.
> 
> Why are we freeing the range twice in the first case?
I think,
if backing->stolen is true then backing is released using
psb_gtt_free_range() but if backing->stolen is false then the gem object
is freed but the backing is not yet freed. To free that backing
psb_gtt_free_range() has been called second time. My patch tried to fix
the possibility of backing->stolen being true and backing being freed 2
times.

regards
sudip