From: Ben Skeggs <bskeggs@xxxxxxxxxx>
DRM cleanup paths unconditionally call nvif_mmu_dtor() for clients,
which would result in a double-free if nvif_mmu_ctor()'d previously
failed.
Signed-off-by: Ben Skeggs <bskeggs@xxxxxxxxxx>
---
drivers/gpu/drm/nouveau/nvif/mmu.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/gpu/drm/nouveau/nvif/mmu.c b/drivers/gpu/drm/nouveau/nvif/mmu.c
index 3709cbbc19a1..c9dd3cff49a0 100644
--- a/drivers/gpu/drm/nouveau/nvif/mmu.c
+++ b/drivers/gpu/drm/nouveau/nvif/mmu.c
@@ -27,6 +27,9 @@
void
nvif_mmu_dtor(struct nvif_mmu *mmu)
{
+ if (!nvif_object_constructed(&mmu->object))
+ return;
+
kfree(mmu->kind);
kfree(mmu->type);
kfree(mmu->heap);
--
2.40.1
