[PATCH 4.4 002/131] drm/vmwgfx: Dont double-free the mode stored in par->set_mode

From: Greg Kroah-Hartman
Date: Mon Apr 01 2019 - 13:31:42 EST

Next message: Greg Kroah-Hartman: "[PATCH 4.4 040/131] sched/fair: Fix new tasks load avg removed from source CPU in wake_up_new_task()"
Previous message: Greg Kroah-Hartman: "[PATCH 4.4 009/131] ext4: brelse all indirect buffer in ext4_ind_remove_space()"
In reply to: Greg Kroah-Hartman: "[PATCH 4.4 009/131] ext4: brelse all indirect buffer in ext4_ind_remove_space()"
Next in thread: Greg Kroah-Hartman: "[PATCH 4.4 040/131] sched/fair: Fix new tasks load avg removed from source CPU in wake_up_new_task()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

4.4-stable review patch. If anyone has any objections, please let me know.

------------------

From: Thomas Zimmermann <tzimmermann@xxxxxxx>

commit c2d311553855395764e2e5bf401d987ba65c2056 upstream.

When calling vmw_fb_set_par(), the mode stored in par->set_mode gets free'd
twice. The first free is in vmw_fb_kms_detach(), the second is near the
end of vmw_fb_set_par() under the name of 'old_mode'. The mode-setting code
only works correctly if the mode doesn't actually change. Removing
'old_mode' in favor of using par->set_mode directly fixes the problem.

Cc: <stable@xxxxxxxxxxxxxxx>
Fixes: a278724aa23c ("drm/vmwgfx: Implement fbdev on kms v2")
Signed-off-by: Thomas Zimmermann <tzimmermann@xxxxxxx>
Reviewed-by: Deepak Rawat <drawat@xxxxxxxxxx>
Signed-off-by: Thomas Hellstrom <thellstrom@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
drivers/gpu/drm/vmwgfx/vmwgfx_fb.c | 12 +++---------
1 file changed, 3 insertions(+), 9 deletions(-)

--- a/drivers/gpu/drm/vmwgfx/vmwgfx_fb.c
+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_fb.c
@@ -531,11 +531,9 @@ static int vmw_fb_set_par(struct fb_info
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
DRM_MODE_FLAG_NHSYNC | DRM_MODE_FLAG_PVSYNC)
};
- struct drm_display_mode *old_mode;
struct drm_display_mode *mode;
int ret;

- old_mode = par->set_mode;
mode = drm_mode_duplicate(vmw_priv->dev, &new_mode);
if (!mode) {
DRM_ERROR("Could not create new fb mode.\n");
@@ -546,11 +544,7 @@ static int vmw_fb_set_par(struct fb_info
mode->vdisplay = var->yres;
vmw_guess_mode_timing(mode);

- if (old_mode && drm_mode_equal(old_mode, mode)) {
- drm_mode_destroy(vmw_priv->dev, mode);
- mode = old_mode;
- old_mode = NULL;
- } else if (!vmw_kms_validate_mode_vram(vmw_priv,
+ if (!vmw_kms_validate_mode_vram(vmw_priv,
mode->hdisplay *
DIV_ROUND_UP(var->bits_per_pixel, 8),
mode->vdisplay)) {
@@ -613,8 +607,8 @@ static int vmw_fb_set_par(struct fb_info
schedule_delayed_work(&par->local_work, 0);

out_unlock:
- if (old_mode)
- drm_mode_destroy(vmw_priv->dev, old_mode);
+ if (par->set_mode)
+ drm_mode_destroy(vmw_priv->dev, par->set_mode);
par->set_mode = mode;

drm_modeset_unlock_all(vmw_priv->dev);

Next message: Greg Kroah-Hartman: "[PATCH 4.4 040/131] sched/fair: Fix new tasks load avg removed from source CPU in wake_up_new_task()"
Previous message: Greg Kroah-Hartman: "[PATCH 4.4 009/131] ext4: brelse all indirect buffer in ext4_ind_remove_space()"
In reply to: Greg Kroah-Hartman: "[PATCH 4.4 009/131] ext4: brelse all indirect buffer in ext4_ind_remove_space()"
Next in thread: Greg Kroah-Hartman: "[PATCH 4.4 040/131] sched/fair: Fix new tasks load avg removed from source CPU in wake_up_new_task()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]