From ea6d8811f18521a2188d1959f5fa2447e6bf5349 Mon Sep 17 00:00:00 2001
From: Dan Carpenter <dan.carpenter@oracle.com>
Date: Mon, 7 Oct 2019 12:02:06 +0300
Subject: drm/amd/powerplay: Fix error handling in smu_init_fb_allocations()
Git-commit: ea6d8811f18521a2188d1959f5fa2447e6bf5349
Patch-mainline: v5.5-rc1
References: bsc#1152489

The error handling is off by one.  We should not free the first
"tables[i].bo" without decrementing "i" because that might result in a
double free.  The second problem is that when an error occurs, then the
zeroth element "tables[0].bo" isn't freed.

I had make "i" signed int for the error handling to work, so I just
updated "ret" as well as a clean up.

Fixes: f96357a991b9 ("drm/amd/powerplay: implement smu_init(fini)_fb_allocations function")
Reviewed-by: Kevin Wang <kevin1.wang@amd.com>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Acked-by: Thomas Zimmermann <tzimmermann@suse.de>
---
 drivers/gpu/drm/amd/powerplay/amdgpu_smu.c |    5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

--- a/drivers/gpu/drm/amd/powerplay/amdgpu_smu.c
+++ b/drivers/gpu/drm/amd/powerplay/amdgpu_smu.c
@@ -769,8 +769,7 @@ static int smu_init_fb_allocations(struc
 	struct smu_table_context *smu_table = &smu->smu_table;
 	struct smu_table *tables = smu_table->tables;
 	uint32_t table_count = smu_table->table_count;
-	uint32_t i = 0;
-	int32_t ret = 0;
+	int ret, i;
 
 	if (table_count <= 0)
 		return -EINVAL;
@@ -791,7 +790,7 @@ static int smu_init_fb_allocations(struc
 
 	return 0;
 failed:
-	for (; i > 0; i--) {
+	while (--i >= 0) {
 		if (tables[i].size == 0)
 			continue;
 		amdgpu_bo_free_kernel(&tables[i].bo,