This is a note to let you know that I've just added the patch titled
gpu: host1x: Fix potential double free if IOMMU is disabled
to the 6.2-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
gpu-host1x-fix-potential-double-free-if-iommu-is-dis.patch
and it can be found in the queue-6.2 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
commit 622cae63ef0a44e129f8c460be47da8085bd2daf
Author: Yang Yingliang <yangyingliang@xxxxxxxxxx>
Date: Sat Nov 26 15:33:14 2022 +0800
gpu: host1x: Fix potential double free if IOMMU is disabled
[ Upstream commit 8466ff24a37a9a18fb935e90dda64f049131ae28 ]
If context device has no IOMMU, the 'cdl->devs' is freed in
error path, but host1x_memory_context_list_init() doesn't
return an error code, so the module can be loaded successfully,
when it's unloading, the host1x_memory_context_list_free() is
called in host1x_remove(), it will cause double free. Set the
'cdl->devs' to NULL after freeing it to avoid double free.
Fixes: 8aa5bcb61612 ("gpu: host1x: Add context device management code")
Signed-off-by: Yang Yingliang <yangyingliang@xxxxxxxxxx>
Reviewed-by: Mikko Perttunen <mperttunen@xxxxxxxxxx>
Signed-off-by: Thierry Reding <treding@xxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
diff --git a/drivers/gpu/host1x/context.c b/drivers/gpu/host1x/context.c
index c8e7994c2c9cd..3be0d6d02f1a4 100644
--- a/drivers/gpu/host1x/context.c
+++ b/drivers/gpu/host1x/context.c
@@ -87,6 +87,7 @@ int host1x_memory_context_list_init(struct host1x *host1x)
device_del(&cdl->devs[i].dev);
kfree(cdl->devs);
+ cdl->devs = NULL;
cdl->len = 0;
return err;
