Hi,
> > + fput(memfd);
> > + }
> > + memfd = NULL;
> Now memfd is NULL
> > + buf = dma_buf_export(&exp_info);
> > + if (IS_ERR(buf)) {
> > + ret = PTR_ERR(buf);
> > + goto err_put_pages;
> Assume an error occured
> > +err_put_pages:
> > + while (pgbuf > 0)
> > + put_page(ubuf->pages[--pgbuf]);
> > +err_free_ubuf:
> > + fput(memfd);
> Now fput it called with NULL, and in fput this is used in
> where the bug is signalled, so I guess fput doesn't accept a null
> pointer.
Indeed. Already fixed in drm-misc-next.
> I'm not sure why you set memfd to NULL at all, because on the following
> non-error path it is not used.
And in the error path it should not be user either, at least when the
error happens *after* exiting the loop, otherwise we would fput twice in
the error case.
> The other question is of course, why did dma_buf_export fail for me ...
What exactly did you try?
cheers,
Gerd
