From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756788AbcDGPwg (ORCPT ); Thu, 7 Apr 2016 11:52:36 -0400 Received: from mail-pa0-f46.google.com ([209.85.220.46]:34516 "EHLO mail-pa0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756769AbcDGPwe (ORCPT ); Thu, 7 Apr 2016 11:52:34 -0400 Message-ID: <5706823B.7060800@gmail.com> Date: Thu, 07 Apr 2016 21:22:27 +0530 From: Sudip Mukherjee User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: Patrik Jakobsson CC: David Airlie , Daniel Vetter , linux-kernel , dri-devel Subject: Re: [PATCH v3] drm/gma500: fix double freeing References: <1444146539-5698-1-git-send-email-sudipm.mukherjee@gmail.com> <1444308468-8910-1-git-send-email-sudipm.mukherjee@gmail.com> <20151209115304.GC24852@sudip-pc> In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wednesday 09 December 2015 05:50 PM, Patrik Jakobsson wrote: > On Wed, Dec 9, 2015 at 12:53 PM, Sudip Mukherjee > wrote: >> On Thu, Oct 08, 2015 at 06:17:48PM +0530, Sudip Mukherjee wrote: >>> We are allocating backing using psbfb_alloc() and so >>> backing->stolen is always true. So we were freeing backing two times. >>> Moreover if we follow the execution path then we should be freeing >>> backing after we have released the helper. So remove the one which frees >>> backing before the helper is released. >>> While at it the error labels are also renamed to give a meaningful >>> name. >>> >>> Signed-off-by: Sudip Mukherjee >>> Reviewed-by: Patrik Jakobsson >>> --- >> >> This patch was never picked up. It will not apply now. >> >> Daniel, please let me know if you want me to resend after making >> necessary changes. > > I will pick this up and pass it along to Dave. Sorry for the delay. This was not picked up. But I guess it is still true. Do you want me to rebase and send it again.. regards sudip > > -Patrik > >> >> regards >> sudip >> >>> drivers/gpu/drm/gma500/framebuffer.c | 13 ++++--------- >>> 1 file changed, 4 insertions(+), 9 deletions(-) >>> >>> diff --git a/drivers/gpu/drm/gma500/framebuffer.c b/drivers/gpu/drm/gma500/framebuffer.c >>> index 2eaf1b3..52e2bf3 100644 >>> --- a/drivers/gpu/drm/gma500/framebuffer.c >>> +++ b/drivers/gpu/drm/gma500/framebuffer.c >>> @@ -411,7 +411,7 @@ static int psbfb_create(struct psb_fbdev *fbdev, >>> info = drm_fb_helper_alloc_fbi(&fbdev->psb_fb_helper); >>> if (IS_ERR(info)) { >>> ret = PTR_ERR(info); >>> - goto out_err1; >>> + goto err_unlock; >>> } >>> info->par = fbdev; >>> >>> @@ -419,7 +419,7 @@ static int psbfb_create(struct psb_fbdev *fbdev, >>> >>> ret = psb_framebuffer_init(dev, psbfb, &mode_cmd, backing); >>> if (ret) >>> - goto out_unref; >>> + goto err_release; >>> >>> fb = &psbfb->base; >>> psbfb->fbdev = info; >>> @@ -465,14 +465,9 @@ static int psbfb_create(struct psb_fbdev *fbdev, >>> >>> mutex_unlock(&dev->struct_mutex); >>> return 0; >>> -out_unref: >>> - if (backing->stolen) >>> - psb_gtt_free_range(dev, backing); >>> - else >>> - drm_gem_object_unreference(&backing->gem); >>> - >>> +err_release: >>> drm_fb_helper_release_fbi(&fbdev->psb_fb_helper); >>> -out_err1: >>> +err_unlock: >>> mutex_unlock(&dev->struct_mutex); >>> psb_gtt_free_range(dev, backing); >>> return ret; >>> -- >>> 1.9.1 >>>