drm/vmwgfx: Don't double-free the mode stored in par->set_mode
authorThomas Zimmermann <tzimmermann@suse.de>
Mon, 18 Mar 2019 14:47:58 +0000 (15:47 +0100)
committerThomas Hellstrom <thellstrom@vmware.com>
Wed, 20 Mar 2019 06:57:01 +0000 (07:57 +0100)
When calling vmw_fb_set_par(), the mode stored in par->set_mode gets free'd
twice. The first free is in vmw_fb_kms_detach(), the second is near the
end of vmw_fb_set_par() under the name of 'old_mode'. The mode-setting code
only works correctly if the mode doesn't actually change. Removing
'old_mode' in favor of using par->set_mode directly fixes the problem.

Cc: <stable@vger.kernel.org>
Fixes: a278724aa23c ("drm/vmwgfx: Implement fbdev on kms v2")
Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>
Reviewed-by: Deepak Rawat <drawat@vmware.com>
Signed-off-by: Thomas Hellstrom <thellstrom@vmware.com>
drivers/gpu/drm/vmwgfx/vmwgfx_fb.c

index b913a56f3426669f21582e271fac9add830bb91d..2a9112515f464c320628d64b8a9d92c645f730dd 100644 (file)
@@ -564,11 +564,9 @@ static int vmw_fb_set_par(struct fb_info *info)
                0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
                DRM_MODE_FLAG_NHSYNC | DRM_MODE_FLAG_PVSYNC)
        };
-       struct drm_display_mode *old_mode;
        struct drm_display_mode *mode;
        int ret;
 
-       old_mode = par->set_mode;
        mode = drm_mode_duplicate(vmw_priv->dev, &new_mode);
        if (!mode) {
                DRM_ERROR("Could not create new fb mode.\n");
@@ -579,11 +577,7 @@ static int vmw_fb_set_par(struct fb_info *info)
        mode->vdisplay = var->yres;
        vmw_guess_mode_timing(mode);
 
-       if (old_mode && drm_mode_equal(old_mode, mode)) {
-               drm_mode_destroy(vmw_priv->dev, mode);
-               mode = old_mode;
-               old_mode = NULL;
-       } else if (!vmw_kms_validate_mode_vram(vmw_priv,
+       if (!vmw_kms_validate_mode_vram(vmw_priv,
                                        mode->hdisplay *
                                        DIV_ROUND_UP(var->bits_per_pixel, 8),
                                        mode->vdisplay)) {
@@ -620,8 +614,8 @@ static int vmw_fb_set_par(struct fb_info *info)
        schedule_delayed_work(&par->local_work, 0);
 
 out_unlock:
-       if (old_mode)
-               drm_mode_destroy(vmw_priv->dev, old_mode);
+       if (par->set_mode)
+               drm_mode_destroy(vmw_priv->dev, par->set_mode);
        par->set_mode = mode;
 
        mutex_unlock(&par->bo_mutex);