From 0e3fe9b3944d3dad3b2268d4acdbd77fd727dcd5 Mon Sep 17 00:00:00 2001
From: Robert Morell <rmorell@nvidia.com>
Date: Mon, 6 Dec 2010 17:32:01 -0800
Subject: [PATCH] video: tegra: nvmap: Clear handle->owner on release

A struct nvmap_handle may be shared by multiple clients.  If the
original client (the handle "owner") is destroyed, but the handle is
still referenced by other clients, h->owner points to freed memory.  To
prevent this, clear h->owner when the owner frees its reference to that
struct nvmap_handle.

Change-Id: I54722091568ce2058f5988e5f6e00e68605a8100
Signed-off-by: Rebecca Schultz Zavin <rebecca@android.com>
---
 drivers/video/tegra/nvmap/nvmap_handle.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/video/tegra/nvmap/nvmap_handle.c b/drivers/video/tegra/nvmap/nvmap_handle.c
index 4455c8d1cce1..44f55b3f59ba 100644
--- a/drivers/video/tegra/nvmap/nvmap_handle.c
+++ b/drivers/video/tegra/nvmap/nvmap_handle.c
@@ -379,6 +379,9 @@ void nvmap_free_handle_id(struct nvmap_client *client, unsigned long id)
 	while (pins--)
 		nvmap_unpin_handles(client, &ref->handle, 1);
 
+	if (h->owner == client)
+		h->owner = NULL;
+
 	kfree(ref);
 
 out:
-- 
2.34.1