From c1e854a3e3fda82a0bf567c2f00bfc4f9b0fb147 Mon Sep 17 00:00:00 2001
From: Ben Skeggs <bskeggs@redhat.com>
Date: Thu, 25 May 2023 10:31:05 +1000
Subject: [PATCH] drm/nouveau/nvif: fix potential double-free

DRM cleanup paths unconditionally call nvif_mmu_dtor() for clients,
which would result in a double-free if nvif_mmu_ctor()'d previously
failed.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
Reviewed-by: Lyude Paul <lyude@redhat.com>
Signed-off-by: Karol Herbst <kherbst@redhat.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20230525003106.3853741-9-skeggsb@gmail.com
---
 drivers/gpu/drm/nouveau/nvif/mmu.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/gpu/drm/nouveau/nvif/mmu.c b/drivers/gpu/drm/nouveau/nvif/mmu.c
index 3709cbbc19a1e..c9dd3cff49a00 100644
--- a/drivers/gpu/drm/nouveau/nvif/mmu.c
+++ b/drivers/gpu/drm/nouveau/nvif/mmu.c
@@ -27,6 +27,9 @@
 void
 nvif_mmu_dtor(struct nvif_mmu *mmu)
 {
+	if (!nvif_object_constructed(&mmu->object))
+		return;
+
 	kfree(mmu->kind);
 	kfree(mmu->type);
 	kfree(mmu->heap);
-- 
2.30.2