From b52f09c494507a67a6a2c6b024c7df57150304f4 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Noralf=20Tr=C3=B8nnes?= Date: Mon, 28 Aug 2017 19:17:43 +0200 Subject: [PATCH] drm/fb-helper: Avoid NULL ptr dereference in fb_set_suspend() MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit drm_fb_helper_resume_worker() uses fb_helper->fbdev to call fb_set_suspend() which dereferences the pointer. Move sync-canceling of the resume worker in drm_fb_helper_fini() before setting fb_helper->fbdev to NULL. Move dirty_work as well. Signed-off-by: Noralf Trønnes Reviewed-by: Daniel Vetter Reviewed-by: Laurent Pinchart Link: https://patchwork.freedesktop.org/patch/msgid/1503940668-25883-2-git-send-email-noralf@tronnes.org --- drivers/gpu/drm/drm_fb_helper.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/drm_fb_helper.c b/drivers/gpu/drm/drm_fb_helper.c index 1b8f013..6a31d13 100644 --- a/drivers/gpu/drm/drm_fb_helper.c +++ b/drivers/gpu/drm/drm_fb_helper.c @@ -910,6 +910,9 @@ void drm_fb_helper_fini(struct drm_fb_helper *fb_helper) if (!drm_fbdev_emulation || !fb_helper) return; + cancel_work_sync(&fb_helper->resume_work); + cancel_work_sync(&fb_helper->dirty_work); + info = fb_helper->fbdev; if (info) { if (info->cmap.len) @@ -918,9 +921,6 @@ void drm_fb_helper_fini(struct drm_fb_helper *fb_helper) } fb_helper->fbdev = NULL; - cancel_work_sync(&fb_helper->resume_work); - cancel_work_sync(&fb_helper->dirty_work); - mutex_lock(&kernel_fb_helper_lock); if (!list_empty(&fb_helper->kernel_fb_list)) { list_del(&fb_helper->kernel_fb_list); -- 2.7.4