projects / thirdparty / kernel / stable-queue.git / blame
| Commit | Line | Data |
|---|---|---|
| 5d9d1744 GKH |
1 | From cfd376b6bfccf33782a0748a9c70f7f752f8b869 Mon Sep 17 00:00:00 2001 |
| 2 | From: Marcin Slusarz <marcin.slusarz@gmail.com> | |
| 3 | Date: Mon, 10 Dec 2012 21:30:51 +0100 | |
| 4 | Subject: drm/nouveau/vm: fix memory corruption when pgt allocation fails | |
| 5 | ||
| 6 | From: Marcin Slusarz <marcin.slusarz@gmail.com> | |
| 7 | ||
| 8 | commit cfd376b6bfccf33782a0748a9c70f7f752f8b869 upstream. | |
| 9 | ||
| 10 | If we return freed vm, nouveau_drm_open will happily call nouveau_cli_destroy, | |
| 11 | which will try to free it again. | |
| 12 | ||
| 13 | Reported-by: Peter Hurley <peter@hurleysoftware.com> | |
| 14 | Signed-off-by: Marcin Slusarz <marcin.slusarz@gmail.com> | |
| 15 | Signed-off-by: Ben Skeggs <bskeggs@redhat.com> | |
| 16 | Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
| 17 | ||
| 18 | --- | |
| 19 | drivers/gpu/drm/nouveau/core/subdev/vm/base.c | 4 +++- | |
| 20 | 1 file changed, 3 insertions(+), 1 deletion(-) | |
| 21 | ||
| 22 | --- a/drivers/gpu/drm/nouveau/core/subdev/vm/base.c | |
| 23 | +++ b/drivers/gpu/drm/nouveau/core/subdev/vm/base.c | |
| 24 | @@ -352,7 +352,7 @@ nouveau_vm_create(struct nouveau_vmmgr * | |
| 25 | u64 mm_length = (offset + length) - mm_offset; | |
| 26 | int ret; | |
| 27 | ||
| 28 | - vm = *pvm = kzalloc(sizeof(*vm), GFP_KERNEL); | |
| 29 | + vm = kzalloc(sizeof(*vm), GFP_KERNEL); | |
| 30 | if (!vm) | |
| 31 | return -ENOMEM; | |
| 32 | ||
| 33 | @@ -376,6 +376,8 @@ nouveau_vm_create(struct nouveau_vmmgr * | |
| 34 | return ret; | |
| 35 | } | |
| 36 | ||
| 37 | + *pvm = vm; | |
| 38 | + | |
| 39 | return 0; | |
| 40 | } | |
| 41 |