Nouveau - Nov 2011 - [PATCH to drm/nouveau] nouveau: Mark nouveau subchannel unbound nouveau_grobj_free

Valgrind throws warns about a user-after-free if you try to bind a
new subchannel after the old one in that slot was freed,
so remove it from the channel list.

Signed-off-by: Maarten Lankhorst <m.b.lankhorst at gmail.com>

--- a/nouveau/nouveau_grobj.c
+++ b/nouveau/nouveau_grobj.c
@@ -100,12 +99,13 @@ nouveau_grobj_free(struct nouveau_grobj **grobj)
 		struct drm_nouveau_gpuobj_free f;
 
 		FIRE_RING(&chan->base);
-
 		f.channel = chan->drm.channel;
 		f.handle  = nvgrobj->base.handle;
 		drmCommandWrite(nvdev->fd, DRM_NOUVEAU_GPUOBJ_FREE,
 				&f, sizeof(f));	
 	}
+	if (nvgrobj->base.bound != NOUVEAU_GROBJ_UNBOUND)
+		chan->base.subc[nvgrobj->base.subc].gr = NULL;
 	free(nvgrobj);
 }

On Thu, Nov 24, 2011 at 8:08 AM, Maarten Lankhorst
<m.b.lankhorst at gmail.com> wrote:
> Valgrind throws warns about a user-after-free if you try to bind a
> new subchannel after the old one in that slot was freed,
> so remove it from the channel list.
>
> Signed-off-by: Maarten Lankhorst <m.b.lankhorst at gmail.com>
>
> --- a/nouveau/nouveau_grobj.c
> +++ b/nouveau/nouveau_grobj.c
> @@ -100,12 +99,13 @@ nouveau_grobj_free(struct nouveau_grobj **grobj)
> ? ? ? ? ? ? ? ?struct drm_nouveau_gpuobj_free f;
>
> ? ? ? ? ? ? ? ?FIRE_RING(&chan->base);
> -
> ? ? ? ? ? ? ? ?f.channel = chan->drm.channel;
> ? ? ? ? ? ? ? ?f.handle ?= nvgrobj->base.handle;
> ? ? ? ? ? ? ? ?drmCommandWrite(nvdev->fd, DRM_NOUVEAU_GPUOBJ_FREE,
> ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?&f, sizeof(f));
> ? ? ? ?}
> + ? ? ? if (nvgrobj->base.bound != NOUVEAU_GROBJ_UNBOUND)
> + ? ? ? ? ? ? ? chan->base.subc[nvgrobj->base.subc].gr = NULL;
> ? ? ? ?free(nvgrobj);
> ?}
>
>
>
> _______________________________________________
> Nouveau mailing list
> Nouveau at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/nouveau
>
Pushed, thanks.