On 2016.10.20 09:12:02 +0100, Chris Wilson wrote:
> On Thu, Oct 20, 2016 at 04:02:39PM +0800, Zhenyu Wang wrote:
> > void intel_gvt_clean_device(struct drm_i915_private *dev_priv)
> > {
> > - struct intel_gvt *gvt = &dev_priv->gvt;
> > + struct intel_gvt *gvt = to_gvt(dev_priv);
> >
> > if (WARN_ON(!gvt->initialized))
> > return;
> > @@ -188,6 +189,8 @@ void intel_gvt_clean_device(struct drm_i915_private *dev_priv)
> > intel_gvt_clean_mmio_info(gvt);
> > intel_gvt_free_firmware(gvt);
> >
> > + kfree(dev_priv->gvt);
> > + dev_priv->gvt = NULL;
> > gvt->initialized = false;
> > }
>
> Whoops. First a NULL pointer deref then a use-after-free before coffee.
> I need coffee!
>
> Just remove struct intel_gvt.initialized, it is leading you astray.
oops! sorry about that...
--
Open Source Technology Center, Intel ltd.
$gpg --keyserver wwwkeys.pgp.net --recv-keys 4D781827
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ Intel-gfx mailing list Intel-gfx@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/intel-gfx
