From mboxrd@z Thu Jan  1 00:00:00 1970
From: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
Subject: Re: [PATCH v3] drm/gma500: fix double freeing
Date: Thu, 07 Apr 2016 21:22:27 +0530
Message-ID: <5706823B.7060800@gmail.com>
References: <1444146539-5698-1-git-send-email-sudipm.mukherjee@gmail.com>	<1444308468-8910-1-git-send-email-sudipm.mukherjee@gmail.com>	<20151209115304.GC24852@sudip-pc>
 <CAMeQTsaPPh5m1rHtPLYP85N6hVH-KRvcyf+XhP8TrZiqhmDE=w@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"; Format="flowed"
Content-Transfer-Encoding: base64
Return-path: <dri-devel-bounces@lists.freedesktop.org>
Received: from mail-pa0-x22f.google.com (mail-pa0-x22f.google.com
 [IPv6:2607:f8b0:400e:c03::22f])
 by gabe.freedesktop.org (Postfix) with ESMTPS id 5F61B6E08D
 for <dri-devel@lists.freedesktop.org>; Thu,  7 Apr 2016 15:52:34 +0000 (UTC)
Received: by mail-pa0-x22f.google.com with SMTP id bx7so40997302pad.3
 for <dri-devel@lists.freedesktop.org>; Thu, 07 Apr 2016 08:52:34 -0700 (PDT)
In-Reply-To: <CAMeQTsaPPh5m1rHtPLYP85N6hVH-KRvcyf+XhP8TrZiqhmDE=w@mail.gmail.com>
List-Unsubscribe: <https://lists.freedesktop.org/mailman/options/dri-devel>,
 <mailto:dri-devel-request@lists.freedesktop.org?subject=unsubscribe>
List-Archive: <https://lists.freedesktop.org/archives/dri-devel>
List-Post: <mailto:dri-devel@lists.freedesktop.org>
List-Help: <mailto:dri-devel-request@lists.freedesktop.org?subject=help>
List-Subscribe: <https://lists.freedesktop.org/mailman/listinfo/dri-devel>,
 <mailto:dri-devel-request@lists.freedesktop.org?subject=subscribe>
Errors-To: dri-devel-bounces@lists.freedesktop.org
Sender: "dri-devel" <dri-devel-bounces@lists.freedesktop.org>
To: Patrik Jakobsson <patrik.r.jakobsson@gmail.com>
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>, linux-kernel <linux-kernel@vger.kernel.org>, dri-devel <dri-devel@lists.freedesktop.org>
List-Id: dri-devel@lists.freedesktop.org

T24gV2VkbmVzZGF5IDA5IERlY2VtYmVyIDIwMTUgMDU6NTAgUE0sIFBhdHJpayBKYWtvYnNzb24g
d3JvdGU6Cj4gT24gV2VkLCBEZWMgOSwgMjAxNSBhdCAxMjo1MyBQTSwgU3VkaXAgTXVraGVyamVl
Cj4gPHN1ZGlwbS5tdWtoZXJqZWVAZ21haWwuY29tPiB3cm90ZToKPj4gT24gVGh1LCBPY3QgMDgs
IDIwMTUgYXQgMDY6MTc6NDhQTSArMDUzMCwgU3VkaXAgTXVraGVyamVlIHdyb3RlOgo+Pj4gV2Ug
YXJlIGFsbG9jYXRpbmcgYmFja2luZyB1c2luZyBwc2JmYl9hbGxvYygpIGFuZCBzbwo+Pj4gYmFj
a2luZy0+c3RvbGVuIGlzIGFsd2F5cyB0cnVlLiBTbyB3ZSB3ZXJlIGZyZWVpbmcgYmFja2luZyB0
d28gdGltZXMuCj4+PiBNb3Jlb3ZlciBpZiB3ZSBmb2xsb3cgdGhlIGV4ZWN1dGlvbiBwYXRoIHRo
ZW4gd2Ugc2hvdWxkIGJlIGZyZWVpbmcKPj4+IGJhY2tpbmcgYWZ0ZXIgd2UgaGF2ZSByZWxlYXNl
ZCB0aGUgaGVscGVyLiBTbyByZW1vdmUgdGhlIG9uZSB3aGljaCBmcmVlcwo+Pj4gYmFja2luZyBi
ZWZvcmUgdGhlIGhlbHBlciBpcyByZWxlYXNlZC4KPj4+IFdoaWxlIGF0IGl0IHRoZSBlcnJvciBs
YWJlbHMgYXJlIGFsc28gcmVuYW1lZCB0byBnaXZlIGEgbWVhbmluZ2Z1bAo+Pj4gbmFtZS4KPj4+
Cj4+PiBTaWduZWQtb2ZmLWJ5OiBTdWRpcCBNdWtoZXJqZWUgPHN1ZGlwQHZlY3RvcmluZGlhLm9y
Zz4KPj4+IFJldmlld2VkLWJ5OiBQYXRyaWsgSmFrb2Jzc29uIDxwYXRyaWsuci5qYWtvYnNzb25A
Z21haWwuY29tPgo+Pj4gLS0tCj4+Cj4+IFRoaXMgcGF0Y2ggd2FzIG5ldmVyIHBpY2tlZCB1cC4g
SXQgd2lsbCBub3QgYXBwbHkgbm93Lgo+Pgo+PiBEYW5pZWwsIHBsZWFzZSBsZXQgbWUga25vdyBp
ZiB5b3Ugd2FudCBtZSB0byByZXNlbmQgYWZ0ZXIgbWFraW5nCj4+IG5lY2Vzc2FyeSBjaGFuZ2Vz
Lgo+Cj4gSSB3aWxsIHBpY2sgdGhpcyB1cCBhbmQgcGFzcyBpdCBhbG9uZyB0byBEYXZlLiBTb3Jy
eSBmb3IgdGhlIGRlbGF5LgoKVGhpcyB3YXMgbm90IHBpY2tlZCB1cC4gQnV0IEkgZ3Vlc3MgaXQg
aXMgc3RpbGwgdHJ1ZS4gRG8geW91IHdhbnQgbWUgdG8gCnJlYmFzZSBhbmQgc2VuZCBpdCBhZ2Fp
bi4uCgpyZWdhcmRzCnN1ZGlwCgo+Cj4gLVBhdHJpawo+Cj4+Cj4+IHJlZ2FyZHMKPj4gc3VkaXAK
Pj4KPj4+ICAgZHJpdmVycy9ncHUvZHJtL2dtYTUwMC9mcmFtZWJ1ZmZlci5jIHwgMTMgKysrKy0t
LS0tLS0tLQo+Pj4gICAxIGZpbGUgY2hhbmdlZCwgNCBpbnNlcnRpb25zKCspLCA5IGRlbGV0aW9u
cygtKQo+Pj4KPj4+IGRpZmYgLS1naXQgYS9kcml2ZXJzL2dwdS9kcm0vZ21hNTAwL2ZyYW1lYnVm
ZmVyLmMgYi9kcml2ZXJzL2dwdS9kcm0vZ21hNTAwL2ZyYW1lYnVmZmVyLmMKPj4+IGluZGV4IDJl
YWYxYjMuLjUyZTJiZjMgMTAwNjQ0Cj4+PiAtLS0gYS9kcml2ZXJzL2dwdS9kcm0vZ21hNTAwL2Zy
YW1lYnVmZmVyLmMKPj4+ICsrKyBiL2RyaXZlcnMvZ3B1L2RybS9nbWE1MDAvZnJhbWVidWZmZXIu
Ywo+Pj4gQEAgLTQxMSw3ICs0MTEsNyBAQCBzdGF0aWMgaW50IHBzYmZiX2NyZWF0ZShzdHJ1Y3Qg
cHNiX2ZiZGV2ICpmYmRldiwKPj4+ICAgICAgICBpbmZvID0gZHJtX2ZiX2hlbHBlcl9hbGxvY19m
YmkoJmZiZGV2LT5wc2JfZmJfaGVscGVyKTsKPj4+ICAgICAgICBpZiAoSVNfRVJSKGluZm8pKSB7
Cj4+PiAgICAgICAgICAgICAgICByZXQgPSBQVFJfRVJSKGluZm8pOwo+Pj4gLSAgICAgICAgICAg
ICBnb3RvIG91dF9lcnIxOwo+Pj4gKyAgICAgICAgICAgICBnb3RvIGVycl91bmxvY2s7Cj4+PiAg
ICAgICAgfQo+Pj4gICAgICAgIGluZm8tPnBhciA9IGZiZGV2Owo+Pj4KPj4+IEBAIC00MTksNyAr
NDE5LDcgQEAgc3RhdGljIGludCBwc2JmYl9jcmVhdGUoc3RydWN0IHBzYl9mYmRldiAqZmJkZXYs
Cj4+Pgo+Pj4gICAgICAgIHJldCA9IHBzYl9mcmFtZWJ1ZmZlcl9pbml0KGRldiwgcHNiZmIsICZt
b2RlX2NtZCwgYmFja2luZyk7Cj4+PiAgICAgICAgaWYgKHJldCkKPj4+IC0gICAgICAgICAgICAg
Z290byBvdXRfdW5yZWY7Cj4+PiArICAgICAgICAgICAgIGdvdG8gZXJyX3JlbGVhc2U7Cj4+Pgo+
Pj4gICAgICAgIGZiID0gJnBzYmZiLT5iYXNlOwo+Pj4gICAgICAgIHBzYmZiLT5mYmRldiA9IGlu
Zm87Cj4+PiBAQCAtNDY1LDE0ICs0NjUsOSBAQCBzdGF0aWMgaW50IHBzYmZiX2NyZWF0ZShzdHJ1
Y3QgcHNiX2ZiZGV2ICpmYmRldiwKPj4+Cj4+PiAgICAgICAgbXV0ZXhfdW5sb2NrKCZkZXYtPnN0
cnVjdF9tdXRleCk7Cj4+PiAgICAgICAgcmV0dXJuIDA7Cj4+PiAtb3V0X3VucmVmOgo+Pj4gLSAg
ICAgaWYgKGJhY2tpbmctPnN0b2xlbikKPj4+IC0gICAgICAgICAgICAgcHNiX2d0dF9mcmVlX3Jh
bmdlKGRldiwgYmFja2luZyk7Cj4+PiAtICAgICBlbHNlCj4+PiAtICAgICAgICAgICAgIGRybV9n
ZW1fb2JqZWN0X3VucmVmZXJlbmNlKCZiYWNraW5nLT5nZW0pOwo+Pj4gLQo+Pj4gK2Vycl9yZWxl
YXNlOgo+Pj4gICAgICAgIGRybV9mYl9oZWxwZXJfcmVsZWFzZV9mYmkoJmZiZGV2LT5wc2JfZmJf
aGVscGVyKTsKPj4+IC1vdXRfZXJyMToKPj4+ICtlcnJfdW5sb2NrOgo+Pj4gICAgICAgIG11dGV4
X3VubG9jaygmZGV2LT5zdHJ1Y3RfbXV0ZXgpOwo+Pj4gICAgICAgIHBzYl9ndHRfZnJlZV9yYW5n
ZShkZXYsIGJhY2tpbmcpOwo+Pj4gICAgICAgIHJldHVybiByZXQ7Cj4+PiAtLQo+Pj4gMS45LjEK
Pj4+CgpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXwpkcmkt
ZGV2ZWwgbWFpbGluZyBsaXN0CmRyaS1kZXZlbEBsaXN0cy5mcmVlZGVza3RvcC5vcmcKaHR0cHM6
Ly9saXN0cy5mcmVlZGVza3RvcC5vcmcvbWFpbG1hbi9saXN0aW5mby9kcmktZGV2ZWwK

From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1756788AbcDGPwg (ORCPT <rfc822;w@1wt.eu>);
	Thu, 7 Apr 2016 11:52:36 -0400
Received: from mail-pa0-f46.google.com ([209.85.220.46]:34516 "EHLO
	mail-pa0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1756769AbcDGPwe (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Thu, 7 Apr 2016 11:52:34 -0400
Message-ID: <5706823B.7060800@gmail.com>
Date: Thu, 07 Apr 2016 21:22:27 +0530
From: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0
MIME-Version: 1.0
To: Patrik Jakobsson <patrik.r.jakobsson@gmail.com>
CC: David Airlie <airlied@linux.ie>, Daniel Vetter <daniel.vetter@ffwll.ch>,
        linux-kernel <linux-kernel@vger.kernel.org>,
        dri-devel <dri-devel@lists.freedesktop.org>
Subject: Re: [PATCH v3] drm/gma500: fix double freeing
References: <1444146539-5698-1-git-send-email-sudipm.mukherjee@gmail.com>	<1444308468-8910-1-git-send-email-sudipm.mukherjee@gmail.com>	<20151209115304.GC24852@sudip-pc> <CAMeQTsaPPh5m1rHtPLYP85N6hVH-KRvcyf+XhP8TrZiqhmDE=w@mail.gmail.com>
In-Reply-To: <CAMeQTsaPPh5m1rHtPLYP85N6hVH-KRvcyf+XhP8TrZiqhmDE=w@mail.gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wednesday 09 December 2015 05:50 PM, Patrik Jakobsson wrote:
> On Wed, Dec 9, 2015 at 12:53 PM, Sudip Mukherjee
> <sudipm.mukherjee@gmail.com> wrote:
>> On Thu, Oct 08, 2015 at 06:17:48PM +0530, Sudip Mukherjee wrote:
>>> We are allocating backing using psbfb_alloc() and so
>>> backing->stolen is always true. So we were freeing backing two times.
>>> Moreover if we follow the execution path then we should be freeing
>>> backing after we have released the helper. So remove the one which frees
>>> backing before the helper is released.
>>> While at it the error labels are also renamed to give a meaningful
>>> name.
>>>
>>> Signed-off-by: Sudip Mukherjee <sudip@vectorindia.org>
>>> Reviewed-by: Patrik Jakobsson <patrik.r.jakobsson@gmail.com>
>>> ---
>>
>> This patch was never picked up. It will not apply now.
>>
>> Daniel, please let me know if you want me to resend after making
>> necessary changes.
>
> I will pick this up and pass it along to Dave. Sorry for the delay.

This was not picked up. But I guess it is still true. Do you want me to 
rebase and send it again..

regards
sudip

>
> -Patrik
>
>>
>> regards
>> sudip
>>
>>>   drivers/gpu/drm/gma500/framebuffer.c | 13 ++++---------
>>>   1 file changed, 4 insertions(+), 9 deletions(-)
>>>
>>> diff --git a/drivers/gpu/drm/gma500/framebuffer.c b/drivers/gpu/drm/gma500/framebuffer.c
>>> index 2eaf1b3..52e2bf3 100644
>>> --- a/drivers/gpu/drm/gma500/framebuffer.c
>>> +++ b/drivers/gpu/drm/gma500/framebuffer.c
>>> @@ -411,7 +411,7 @@ static int psbfb_create(struct psb_fbdev *fbdev,
>>>        info = drm_fb_helper_alloc_fbi(&fbdev->psb_fb_helper);
>>>        if (IS_ERR(info)) {
>>>                ret = PTR_ERR(info);
>>> -             goto out_err1;
>>> +             goto err_unlock;
>>>        }
>>>        info->par = fbdev;
>>>
>>> @@ -419,7 +419,7 @@ static int psbfb_create(struct psb_fbdev *fbdev,
>>>
>>>        ret = psb_framebuffer_init(dev, psbfb, &mode_cmd, backing);
>>>        if (ret)
>>> -             goto out_unref;
>>> +             goto err_release;
>>>
>>>        fb = &psbfb->base;
>>>        psbfb->fbdev = info;
>>> @@ -465,14 +465,9 @@ static int psbfb_create(struct psb_fbdev *fbdev,
>>>
>>>        mutex_unlock(&dev->struct_mutex);
>>>        return 0;
>>> -out_unref:
>>> -     if (backing->stolen)
>>> -             psb_gtt_free_range(dev, backing);
>>> -     else
>>> -             drm_gem_object_unreference(&backing->gem);
>>> -
>>> +err_release:
>>>        drm_fb_helper_release_fbi(&fbdev->psb_fb_helper);
>>> -out_err1:
>>> +err_unlock:
>>>        mutex_unlock(&dev->struct_mutex);
>>>        psb_gtt_free_range(dev, backing);
>>>        return ret;
>>> --
>>> 1.9.1
>>>