drm/vmwgfx: Don't double-free the mode stored in par->set_mode
authorThomas Zimmermann <tzimmermann@suse.de>
Mon, 18 Mar 2019 14:47:58 +0000 (15:47 +0100)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 27 Mar 2019 05:13:51 +0000 (14:13 +0900)
commit c2d311553855395764e2e5bf401d987ba65c2056 upstream.

When calling vmw_fb_set_par(), the mode stored in par->set_mode gets free'd
twice. The first free is in vmw_fb_kms_detach(), the second is near the
end of vmw_fb_set_par() under the name of 'old_mode'. The mode-setting code
only works correctly if the mode doesn't actually change. Removing
'old_mode' in favor of using par->set_mode directly fixes the problem.

Cc: <stable@vger.kernel.org>
Fixes: a278724aa23c ("drm/vmwgfx: Implement fbdev on kms v2")
Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>
Reviewed-by: Deepak Rawat <drawat@vmware.com>
Signed-off-by: Thomas Hellstrom <thellstrom@vmware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/gpu/drm/vmwgfx/vmwgfx_fb.c

index d23a18aae476be3ab181a7a7bd3b8b52e3487efb..3ba9b6ad0281b6c71a3652d26c706558fd35de01 100644 (file)
@@ -588,11 +588,9 @@ static int vmw_fb_set_par(struct fb_info *info)
                0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
                DRM_MODE_FLAG_NHSYNC | DRM_MODE_FLAG_PVSYNC)
        };
-       struct drm_display_mode *old_mode;
        struct drm_display_mode *mode;
        int ret;
 
-       old_mode = par->set_mode;
        mode = drm_mode_duplicate(vmw_priv->dev, &new_mode);
        if (!mode) {
                DRM_ERROR("Could not create new fb mode.\n");
@@ -603,11 +601,7 @@ static int vmw_fb_set_par(struct fb_info *info)
        mode->vdisplay = var->yres;
        vmw_guess_mode_timing(mode);
 
-       if (old_mode && drm_mode_equal(old_mode, mode)) {
-               drm_mode_destroy(vmw_priv->dev, mode);
-               mode = old_mode;
-               old_mode = NULL;
-       } else if (!vmw_kms_validate_mode_vram(vmw_priv,
+       if (!vmw_kms_validate_mode_vram(vmw_priv,
                                        mode->hdisplay *
                                        DIV_ROUND_UP(var->bits_per_pixel, 8),
                                        mode->vdisplay)) {
@@ -677,8 +671,8 @@ static int vmw_fb_set_par(struct fb_info *info)
        schedule_delayed_work(&par->local_work, 0);
 
 out_unlock:
-       if (old_mode)
-               drm_mode_destroy(vmw_priv->dev, old_mode);
+       if (par->set_mode)
+               drm_mode_destroy(vmw_priv->dev, par->set_mode);
        par->set_mode = mode;
 
        drm_modeset_unlock_all(vmw_priv->dev);