e93be6
From patchwork Thu Feb  9 18:16:00 2017
e93be6
Content-Type: text/plain; charset="utf-8"
e93be6
MIME-Version: 1.0
e93be6
Content-Transfer-Encoding: 7bit
e93be6
Subject: drm/vc4: Fix OOPSes from trying to cache a partially constructed BO.
e93be6
From: Eric Anholt <eric@anholt.net>
e93be6
X-Patchwork-Id: 138087
e93be6
Message-Id: <20170209181600.24048-1-eric@anholt.net>
e93be6
To: dri-devel@lists.freedesktop.org
e93be6
Cc: linux-kernel@vger.kernel.org, pbrobinson@gmail.com
e93be6
Date: Thu,  9 Feb 2017 10:16:00 -0800
e93be6
e93be6
If a CMA allocation failed, the partially constructed BO would be
e93be6
unreferenced through the normal path, and we might choose to put it in
e93be6
the BO cache.  If we then reused it before it expired from the cache,
e93be6
the kernel would OOPS.
e93be6
e93be6
Signed-off-by: Eric Anholt <eric@anholt.net>
e93be6
Fixes: c826a6e10644 ("drm/vc4: Add a BO cache.")
e93be6
---
e93be6
 drivers/gpu/drm/vc4/vc4_bo.c | 8 ++++++++
e93be6
 1 file changed, 8 insertions(+)
e93be6
e93be6
diff --git a/drivers/gpu/drm/vc4/vc4_bo.c b/drivers/gpu/drm/vc4/vc4_bo.c
e93be6
index 5ec14f25625d..fd83a2807656 100644
e93be6
--- a/drivers/gpu/drm/vc4/vc4_bo.c
e93be6
+++ b/drivers/gpu/drm/vc4/vc4_bo.c
e93be6
@@ -314,6 +314,14 @@ void vc4_free_object(struct drm_gem_object *gem_bo)
e93be6
 		goto out;
e93be6
 	}
e93be6
 
e93be6
+	/* If this object was partially constructed but CMA allocation
e93be6
+	 * had failed, just free it.
e93be6
+	 */
e93be6
+	if (!bo->base.vaddr) {
e93be6
+		vc4_bo_destroy(bo);
e93be6
+		goto out;
e93be6
+	}
e93be6
+
e93be6
 	cache_list = vc4_get_cache_list_for_size(dev, gem_bo->size);
e93be6
 	if (!cache_list) {
e93be6
 		vc4_bo_destroy(bo);