Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit cfd376b6 authored by Marcin Slusarz's avatar Marcin Slusarz Committed by Ben Skeggs
Browse files

drm/nouveau/vm: fix memory corruption when pgt allocation fails 



If we return freed vm, nouveau_drm_open will happily call nouveau_cli_destroy,
which will try to free it again.

Reported-by: default avatarPeter Hurley <peter@hurleysoftware.com>
Signed-off-by: default avatarMarcin Slusarz <marcin.slusarz@gmail.com>
Signed-off-by: default avatarBen Skeggs <bskeggs@redhat.com>
parent 4c4101d2

drivers/gpu/drm/nouveau/core/subdev/vm/base.c

+3 −1
Original line number Diff line number Diff line
@@ -352,7 +352,7 @@ nouveau_vm_create(struct nouveau_vmmgr *vmm, u64 offset, u64 length, 
	u64 mm_length = (offset + length) - mm_offset;

	int ret;



	vm = *pvm = kzalloc(sizeof(*vm), GFP_KERNEL);

	vm = kzalloc(sizeof(*vm), GFP_KERNEL);

	if (!vm)

		return -ENOMEM;
@@ -376,6 +376,8 @@ nouveau_vm_create(struct nouveau_vmmgr *vmm, u64 offset, u64 length, 
		return ret;

	}



	*pvm = vm;



	return 0;

}