drm/radeon/kms: Fix NULL pointer dereference if memory allocation failed.

When there is allocation failure in radeon_cs_parser_relocs parser->nrelocs
is not cleaned. This causes NULL pointer defeference in radeon_cs_parser_fini
when clean up code is trying to loop over the relocation array and free the
objects.

Fix adds a check for a possible NULL pointer in clean up code.

Signed-off-by: Pauli Nieminen <suokkos@gmail.com>
Cc: stable@kernel.org
Signed-off-by: Dave Airlie <airlied@redhat.com>

diff --git a/drivers/gpu/drm/radeon/radeon_cs.c b/drivers/gpu/drm/radeon/radeon_cs.c
index dd190f9315d31f552ef0b6552dc7473a3c2a41fb..f9b0fe002c0ab7f27430a697f95a841667281e41 100644 (file)
--- a/drivers/gpu/drm/radeon/radeon_cs.c
+++ b/drivers/gpu/drm/radeon/radeon_cs.c
@@ -193,9 +193,11 @@ static void radeon_cs_parser_fini(struct radeon_cs_parser *parser, int error)
                radeon_bo_list_fence(&parser->validated, parser->ib->fence);
        }
        radeon_bo_list_unreserve(&parser->validated);
-       for (i = 0; i < parser->nrelocs; i++) {
-               if (parser->relocs[i].gobj)
-                       drm_gem_object_unreference_unlocked(parser->relocs[i].gobj);
+       if (parser->relocs != NULL) {
+               for (i = 0; i < parser->nrelocs; i++) {
+                       if (parser->relocs[i].gobj)
+                               drm_gem_object_unreference_unlocked(parser->relocs[i].gobj);
+               }
        }
        kfree(parser->track);
        kfree(parser->relocs);