staging: drm/imx: fix pageflip events during device close
authorSascha Hauer <s.hauer@pengutronix.de>
Thu, 10 Oct 2013 14:18:44 +0000 (16:18 +0200)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Fri, 11 Oct 2013 22:30:33 +0000 (15:30 -0700)
During a device close the drm core frees all pending events in
drm_events_release(). If at that time a pageflip is pending the
interrupt handler will try to complete the now unitialized
event resulting in a NULL pointer exception. Seen on imx-drm
when userspace is killed during a page flip.

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Signed-off-by: Philipp Zabel <p.zabel@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/staging/imx-drm/imx-drm-core.c
drivers/staging/imx-drm/ipuv3-crtc.c

index 5e0b8e2..3f68337 100644 (file)
@@ -185,6 +185,18 @@ static void imx_drm_disable_vblank(struct drm_device *drm, int crtc)
        imx_drm_crtc->imx_drm_helper_funcs.disable_vblank(imx_drm_crtc->crtc);
 }
 
+static void imx_drm_driver_preclose(struct drm_device *drm,
+               struct drm_file *file)
+{
+       int i;
+
+       if (!file->is_master)
+               return;
+
+       for (i = 0; i < 4; i++)
+               imx_drm_disable_vblank(drm , i);
+}
+
 static const struct file_operations imx_drm_driver_fops = {
        .owner = THIS_MODULE,
        .open = drm_open,
@@ -766,6 +778,7 @@ static struct drm_driver imx_drm_driver = {
        .load                   = imx_drm_driver_load,
        .unload                 = imx_drm_driver_unload,
        .lastclose              = imx_drm_driver_lastclose,
+       .preclose               = imx_drm_driver_preclose,
        .gem_free_object        = drm_gem_cma_free_object,
        .gem_vm_ops             = &drm_gem_cma_vm_ops,
        .dumb_create            = drm_gem_cma_dumb_create,
index 292abea..ae50dd4 100644 (file)
@@ -368,10 +368,6 @@ static struct drm_crtc_helper_funcs ipu_helper_funcs = {
 
 static int ipu_enable_vblank(struct drm_crtc *crtc)
 {
-       struct ipu_crtc *ipu_crtc = to_ipu_crtc(crtc);
-
-       enable_irq(ipu_crtc->irq);
-
        return 0;
 }
 
@@ -379,7 +375,8 @@ static void ipu_disable_vblank(struct drm_crtc *crtc)
 {
        struct ipu_crtc *ipu_crtc = to_ipu_crtc(crtc);
 
-       disable_irq(ipu_crtc->irq);
+       ipu_crtc->page_flip_event = NULL;
+       ipu_crtc->newfb = NULL;
 }
 
 static int ipu_set_interface_pix_fmt(struct drm_crtc *crtc, u32 encoder_type,
@@ -502,8 +499,6 @@ static int ipu_crtc_init(struct ipu_crtc *ipu_crtc,
                goto err_put_resources;
        }
 
-       disable_irq(ipu_crtc->irq);
-
        return 0;
 
 err_put_resources: