2f040d2708
drm_gem_shmem_create_with_handle() returns a GEM object and attach a
handle to it. When the user closes the DRM FD, the core releases all
GEM handles along with their backing GEM objs, which can lead to a
double-free issue if panfrost_ioctl_create_bo() failed and went
through the err_free path where drm_gem_object_put_unlocked() is
called without deleting the associate handle.
Replace this drm_gem_object_put_unlocked() call by a
drm_gem_handle_delete() one to fix that.
Fixes:
|
||
---|---|---|
.. | ||
Kconfig | ||
Makefile | ||
TODO | ||
panfrost_devfreq.c | ||
panfrost_devfreq.h | ||
panfrost_device.c | ||
panfrost_device.h | ||
panfrost_drv.c | ||
panfrost_features.h | ||
panfrost_gem.c | ||
panfrost_gem.h | ||
panfrost_gpu.c | ||
panfrost_gpu.h | ||
panfrost_issues.h | ||
panfrost_job.c | ||
panfrost_job.h | ||
panfrost_mmu.c | ||
panfrost_mmu.h | ||
panfrost_regs.h |