projects / platform / kernel / linux-starfive.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: bf72c8c)
drm/i915/fbc: __intel_fbc_cleanup_cfb() may be called multiple times
authorChris Wilson <chris@chris-wilson.co.uk>
Thu, 30 Jan 2020 13:51:36 +0000 (13:51 +0000)
committerChris Wilson <chris@chris-wilson.co.uk>
Thu, 30 Jan 2020 17:22:29 +0000 (17:22 +0000)
Avoid releasing the same stolen nodes causing a use-after-free and/or
explosions as the self-checks fail, as __intel_fbc_cleanup_cfb() may be
called multiple times during module unload.

Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Ville Syrjälä <ville.syrjala@linux.intel.com>
Reviewed-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20200130135136.1878646-1-chris@chris-wilson.co.uk
drivers/gpu/drm/i915/display/intel_fbc.c patch | blob | history

diff --git a/drivers/gpu/drm/i915/display/intel_fbc.c b/drivers/gpu/drm/i915/display/intel_fbc.c
index 2a3f133..ab676c6 100644 (file)
--- a/drivers/gpu/drm/i915/display/intel_fbc.c
+++ b/drivers/gpu/drm/i915/display/intel_fbc.c
@@ -537,13 +537,15 @@ static void __intel_fbc_cleanup_cfb(struct drm_i915_private *dev_priv)
 {
        struct intel_fbc *fbc = &dev_priv->fbc;
 
-       if (drm_mm_node_allocated(&fbc->compressed_fb))
-               i915_gem_stolen_remove_node(dev_priv, &fbc->compressed_fb);
+       if (!drm_mm_node_allocated(&fbc->compressed_fb))
+               return;
 
        if (fbc->compressed_llb) {
                i915_gem_stolen_remove_node(dev_priv, fbc->compressed_llb);
                kfree(fbc->compressed_llb);
        }
+
+       i915_gem_stolen_remove_node(dev_priv, &fbc->compressed_fb);
 }
 
 void intel_fbc_cleanup_cfb(struct drm_i915_private *dev_priv)
Domain: System / Kernel;