On Thu, Oct 20, 2016 at 04:02:39PM +0800, Zhenyu Wang wrote:
> void intel_gvt_clean_device(struct drm_i915_private *dev_priv)
> {
> - struct intel_gvt *gvt = &dev_priv->gvt;
> + struct intel_gvt *gvt = to_gvt(dev_priv);
>
> if (WARN_ON(!gvt->initialized))
> return;
> @@ -188,6 +189,8 @@ void intel_gvt_clean_device(struct drm_i915_private *dev_priv)
> intel_gvt_clean_mmio_info(gvt);
> intel_gvt_free_firmware(gvt);
>
> + kfree(dev_priv->gvt);
> + dev_priv->gvt = NULL;
> gvt->initialized = false;
> }
Whoops. First a NULL pointer deref then a use-after-free before coffee.
I need coffee!
Just remove struct intel_gvt.initialized, it is leading you astray.
-Chris
--
Chris Wilson, Intel Open Source Technology Centre
_______________________________________________
Intel-gfx mailing list
Intel-gfx@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/intel-gfx
