From 574f83db56a497cb2b3888e9ea4b90fa08a557ff Mon Sep 17 00:00:00 2001
From: jsg <jsg@openbsd.org>
Date: Fri, 4 Jun 2021 07:29:54 +0000
Subject: [PATCH] avoid a use after free in a path taken if malloc M_NOWAIT
 fails

---
 sys/dev/pci/drm/dma-resv.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/sys/dev/pci/drm/dma-resv.c b/sys/dev/pci/drm/dma-resv.c
index 46143dd06ce..554acb703cd 100644
--- a/sys/dev/pci/drm/dma-resv.c
+++ b/sys/dev/pci/drm/dma-resv.c
@@ -474,7 +474,10 @@ int dma_resv_get_fences_rcu(struct dma_resv *obj,
 			nshared = kmalloc(sz, GFP_NOWAIT | __GFP_NOWARN);
 			if (nshared != NULL && shared != NULL)
 				memcpy(nshared, shared, sz);
-			kfree(shared);
+			if (nshared) {
+				kfree(shared);
+				shared = NULL;
+			}
 #endif
 			if (!nshared) {
 				rcu_read_unlock();
@@ -489,6 +492,7 @@ int dma_resv_get_fences_rcu(struct dma_resv *obj,
 				if (nshared != NULL && shared != NULL)
 					memcpy(nshared, shared, sz);
 				kfree(shared);
+				shared = NULL;
 #endif
 				if (nshared) {
 					shared = nshared;
-- 
2.20.1