Re: [PATCH] drm: fix double free for gbo in drm_gem_vram_init and drm_gem_vram_create

> I have some comments on the resulting changes below. > > Am 01.07.20 um 04:32 schrieb Jia Yang: >> Ping... >> >> On 2020/6/20 14:21, Jia Yang wrote: >>> I got a use-after-free report when doing some fuzz test: >>> >>> If ttm_bo_init() fails

Re: [PATCH] drm: fix double free for gbo in drm_gem_vram_init and drm_gem_vram_create

Ping... On 2020/6/20 14:21, Jia Yang wrote: > I got a use-after-free report when doing some fuzz test: > > If ttm_bo_init() fails, the "gbo" and "gbo->bo.base" will be > freed by ttm_buffer_object_destroy() in ttm_bo_init(). But > then drm_gem_vram_crea

[PATCH] drm: fix double free for gbo in drm_gem_vram_init and drm_gem_vram_create

em_vram_init() will free "gbo" again. Reported-by: Hulk Robot Signed-off-by: Jia Yang --- drivers/gpu/drm/drm_gem_vram_helper.c | 28 +++ 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/drivers/gpu/drm/drm_gem_vram_helper.c b/drivers/gpu/drm/drm