From 96d74e940e1057b322de6abb20c09c810dcb417b Mon Sep 17 00:00:00 2001
From: Yu Qiaowei <cerf.yu@rock-chips.com>
Date: Sat, 15 Oct 2022 12:33:13 +0800
Subject: [PATCH] video: rockchip: rga3: fix use-after-free in
 rga_request_release_signal

Make sure the job is no longer in use before releasing the job.

Signed-off-by: Yu Qiaowei <cerf.yu@rock-chips.com>
Change-Id: I6a63c2b94fc9004bb460279e7a940ffa0f57c682
---
 drivers/video/rockchip/rga3/rga_job.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/video/rockchip/rga3/rga_job.c b/drivers/video/rockchip/rga3/rga_job.c
index 47bb908c8fb7..a89b465e3585 100644
--- a/drivers/video/rockchip/rga3/rga_job.c
+++ b/drivers/video/rockchip/rga3/rga_job.c
@@ -832,8 +832,6 @@ int rga_request_release_signal(struct rga_scheduler_t *scheduler, struct rga_job
 	rga_request_get(request);
 	mutex_unlock(&request_manager->lock);
 
-	rga_job_cleanup(job);
-
 	spin_lock_irqsave(&request->lock, flags);
 
 	if (job->ret < 0) {
@@ -848,6 +846,8 @@ int rga_request_release_signal(struct rga_scheduler_t *scheduler, struct rga_job
 
 	spin_unlock_irqrestore(&request->lock, flags);
 
+	rga_job_cleanup(job);
+
 	if ((failed_count + finished_count) >= request->task_count) {
 		spin_lock_irqsave(&request->lock, flags);