On 2019/02/26 6:55, Joel Fernandes wrote: >> @@ -763,6 +767,8 @@ static int ashmem_pin_unpin(struct ashmem_area *asma, unsigned long cmd, >> >> out_unlock: >> mutex_unlock(&ashmem_mutex); >> + if (range) >> + kmem_cache_free(ashmem_range_cachep, range); > > This seems a bit broken to me. Once a range has been added to the LRU list, > it is then being freed here. So then the ashmem_lru_list will contain a > dangling range, right? If this range was used in range_alloc(), range == NULL here due to + struct ashmem_range *range = *new_range; + *new_range = NULL; . Thus, this range won't be freed here if range_alloc() was called. What am I missing? _______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
