Commit 07566330 authored by Thomas Zimmermann's avatar Thomas Zimmermann Committed by Stefan Bader

drm/vmwgfx: Don't double-free the mode stored in par->set_mode

BugLink: https://bugs.launchpad.net/bugs/1826212

commit c2d31155 upstream.

When calling vmw_fb_set_par(), the mode stored in par->set_mode gets free'd
twice. The first free is in vmw_fb_kms_detach(), the second is near the
end of vmw_fb_set_par() under the name of 'old_mode'. The mode-setting code
only works correctly if the mode doesn't actually change. Removing
'old_mode' in favor of using par->set_mode directly fixes the problem.

Cc: <stable@vger.kernel.org>
Fixes: a278724a ("drm/vmwgfx: Implement fbdev on kms v2")
Signed-off-by: default avatarThomas Zimmermann <tzimmermann@suse.de>
Reviewed-by: default avatarDeepak Rawat <drawat@vmware.com>
Signed-off-by: default avatarThomas Hellstrom <thellstrom@vmware.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarStefan Bader <stefan.bader@canonical.com>
Signed-off-by: default avatarKleber Sacilotto de Souza <kleber.souza@canonical.com>
parent 86325531
...@@ -531,11 +531,9 @@ static int vmw_fb_set_par(struct fb_info *info) ...@@ -531,11 +531,9 @@ static int vmw_fb_set_par(struct fb_info *info)
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
DRM_MODE_FLAG_NHSYNC | DRM_MODE_FLAG_PVSYNC) DRM_MODE_FLAG_NHSYNC | DRM_MODE_FLAG_PVSYNC)
}; };
struct drm_display_mode *old_mode;
struct drm_display_mode *mode; struct drm_display_mode *mode;
int ret; int ret;
old_mode = par->set_mode;
mode = drm_mode_duplicate(vmw_priv->dev, &new_mode); mode = drm_mode_duplicate(vmw_priv->dev, &new_mode);
if (!mode) { if (!mode) {
DRM_ERROR("Could not create new fb mode.\n"); DRM_ERROR("Could not create new fb mode.\n");
...@@ -546,11 +544,7 @@ static int vmw_fb_set_par(struct fb_info *info) ...@@ -546,11 +544,7 @@ static int vmw_fb_set_par(struct fb_info *info)
mode->vdisplay = var->yres; mode->vdisplay = var->yres;
vmw_guess_mode_timing(mode); vmw_guess_mode_timing(mode);
if (old_mode && drm_mode_equal(old_mode, mode)) { if (!vmw_kms_validate_mode_vram(vmw_priv,
drm_mode_destroy(vmw_priv->dev, mode);
mode = old_mode;
old_mode = NULL;
} else if (!vmw_kms_validate_mode_vram(vmw_priv,
mode->hdisplay * mode->hdisplay *
DIV_ROUND_UP(var->bits_per_pixel, 8), DIV_ROUND_UP(var->bits_per_pixel, 8),
mode->vdisplay)) { mode->vdisplay)) {
...@@ -613,8 +607,8 @@ static int vmw_fb_set_par(struct fb_info *info) ...@@ -613,8 +607,8 @@ static int vmw_fb_set_par(struct fb_info *info)
schedule_delayed_work(&par->local_work, 0); schedule_delayed_work(&par->local_work, 0);
out_unlock: out_unlock:
if (old_mode) if (par->set_mode)
drm_mode_destroy(vmw_priv->dev, old_mode); drm_mode_destroy(vmw_priv->dev, par->set_mode);
par->set_mode = mode; par->set_mode = mode;
drm_modeset_unlock_all(vmw_priv->dev); drm_modeset_unlock_all(vmw_priv->dev);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment