Am 11.10.2017 um 23:13 schrieb Andrey Grodzovsky:
> In amdgpu_cs_parser_init() in case of error handling
> amdgpu_ctx_put() is called without setting p->ctx to NULL after that,
> later amdgpu_cs_parser_fini() also calls amdgpu_ctx_put() again and
> mess up the reference count.
>
> Signed-off-by: Andrey Grodzovsky <Andrey.Grodzovsky at amd.com>
Reviewed-by: Christian König <christian.koenig at amd.com>
> ---
> drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 6 ++----
> 1 file changed, 2 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
> index 5de092e..8513e44 100644
> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
> @@ -97,7 +97,7 @@ static int amdgpu_cs_parser_init(struct amdgpu_cs_parser *p, void *data)
> if (copy_from_user(chunk_array, chunk_array_user,
> sizeof(uint64_t)*cs->in.num_chunks)) {
> ret = -EFAULT;
> - goto put_ctx;
> + goto free_chunk;
> }
>
> p->nchunks = cs->in.num_chunks;
> @@ -105,7 +105,7 @@ static int amdgpu_cs_parser_init(struct amdgpu_cs_parser *p, void *data)
> GFP_KERNEL);
> if (!p->chunks) {
> ret = -ENOMEM;
> - goto put_ctx;
> + goto free_chunk;
> }
>
> for (i = 0; i < p->nchunks; i++) {
> @@ -185,8 +185,6 @@ static int amdgpu_cs_parser_init(struct amdgpu_cs_parser *p, void *data)
> kfree(p->chunks);
> p->chunks = NULL;
> p->nchunks = 0;
> -put_ctx:
> - amdgpu_ctx_put(p->ctx);
> free_chunk:
> kfree(chunk_array);
>
