On 11/26/22 09:33, Yang Yingliang wrote:
If context device has no IOMMU, the 'cdl->devs' is freed in
error path, but host1x_memory_context_list_init() doesn't
return an error code, so the module can be loaded successfully,
when it's unloading, the host1x_memory_context_list_free() is
called in host1x_remove(), it will cause double free. Set the
'cdl->devs' to NULL after freeing it to avoid double free.
Fixes: 8aa5bcb61612 ("gpu: host1x: Add context device management code")
Signed-off-by: Yang Yingliang <yangyingliang@xxxxxxxxxx>
---
drivers/gpu/host1x/context.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/host1x/context.c b/drivers/gpu/host1x/context.c
index b08cf11f9a66..291f34562e2e 100644
--- a/drivers/gpu/host1x/context.c
+++ b/drivers/gpu/host1x/context.c
@@ -87,6 +87,7 @@ int host1x_memory_context_list_init(struct host1x *host1x)
device_del(&cdl->devs[i].dev);
kfree(cdl->devs);
+ cdl->devs = NULL;
cdl->len = 0;
return err;
Thanks!
Reviewed-by: Mikko Perttunen <mperttunen@xxxxxxxxxx>
