drm/qxl: Avoid double free on error

Is we are not able to get source bo object from handle we free destination bo object and call cleanup code however destination object was already inserted in reloc_info array (num_relocs was already incremented) so on cleanup we free destination again. Signed-off-by: N Frediano Ziglio <fziglio@redhat.com> Reviewed-by: N Dave Airlie <airlied@redhat.com> Signed-off-by: N Dave Airlie <airlied@redhat.com>

drm/qxl: Avoid double free on error
Is we are not able to get source bo object from handle we free destination bo object and call cleanup code however destination object was already inserted in reloc_info array (num_relocs was already incremented) so on cleanup we free destination again. Signed-off-by: N Frediano Ziglio <fziglio@redhat.com> Reviewed-by: N Dave Airlie <airlied@redhat.com> Signed-off-by: N Dave Airlie <airlied@redhat.com>
fe2af53b · Frediano Ziglio · Dave Airlie · 55cc3df0 · fe2af53b
隐藏空白更改
内联并排

Showing with 0 addition and 2 deletion

drivers/gpu/drm/qxl/qxl_ioctl.c drivers/gpu/drm/qxl/qxl_ioctl.c +0 -2

未找到文件。
--- a/drivers/gpu/drm/qxl/qxl_ioctl.c
+++ b/drivers/gpu/drm/qxl/qxl_ioctl.c
@@ -240,8 +240,6 @@ static int qxl_process_single_command(struct qxl_device *qdev,
 				qxlhw_handle_to_bo(qdev, file_priv,
 						   reloc.src_handle, release);
 			if (!reloc_info[i].src_bo) {
-				if (reloc_info[i].dst_bo != cmd_bo)
-					drm_gem_object_unreference_unlocked(&reloc_info[i].dst_bo->gem_base);
 				ret = -EINVAL;
 				goto out_free_bos;
 			}