drm/crtc_helper: Reset empty plane state in drm_helper_crtc_mode_set_base()

Transitional drivers might access the NULL pointer plane->state in
drm_helper_crtc_mode_set_base(), which causes NULL pointer dereference.
So, let's reset it before handing it over to those drivers.
commit e4f31ad2b713 ("drm: reset empty state in transitional helpers")
did the same thing for other transitional helpers, but it seems this one
was missed.

Signed-off-by: Liu Ying <gnuiyl@gmail.com>
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Link: http://patchwork.freedesktop.org/patch/msgid/1459846239-8946-1-git-send-email-gnuiyl@gmail.com

diff --git a/drivers/gpu/drm/drm_crtc_helper.c b/drivers/gpu/drm/drm_crtc_helper.c
index 79555d2..66ca313 100644 (file)
--- a/drivers/gpu/drm/drm_crtc_helper.c
+++ b/drivers/gpu/drm/drm_crtc_helper.c
@@ -1053,10 +1053,12 @@ int drm_helper_crtc_mode_set_base(struct drm_crtc *crtc, int x, int y,
 
        if (plane->funcs->atomic_duplicate_state)
                plane_state = plane->funcs->atomic_duplicate_state(plane);
-       else if (plane->state)
+       else {
+               if (!plane->state)
+                       drm_atomic_helper_plane_reset(plane);
+
                plane_state = drm_atomic_helper_plane_duplicate_state(plane);
-       else
-               plane_state = kzalloc(sizeof(*plane_state), GFP_KERNEL);
+       }
        if (!plane_state)
                return -ENOMEM;
        plane_state->plane = plane;