Re: [PATCH] drm/nouveau: avoid a use-after-free when BO init fails

Reviewed-by: Lyude Paul On Wed, 2020-12-02 at 19:02 -0500, Jeremy Cline wrote: > nouveau_bo_init() is backed by ttm_bo_init() and ferries its return code > back to the caller. On failures, ttm_bo_init() invokes the provided > destructor which should de-initialize and free the memory. > > Thus,

[PATCH] drm/nouveau: avoid a use-after-free when BO init fails

nouveau_bo_init() is backed by ttm_bo_init() and ferries its return code back to the caller. On failures, ttm_bo_init() invokes the provided destructor which should de-initialize and free the memory. Thus, when nouveau_bo_init() returns an error the gem object has already been released and the