drm: imx: convert to drm_crtc_send_vblank_event()
authorRussell King <rmk+kernel@arm.linux.org.uk>
Wed, 25 Nov 2015 10:25:39 +0000 (10:25 +0000)
committerPhilipp Zabel <p.zabel@pengutronix.de>
Wed, 25 Nov 2015 10:37:41 +0000 (11:37 +0100)
ipu_crtc_handle_pageflip() was calling drm_send_vblank_event() with
a pipe argument of -1.  Commit cc1ef118fc09 ("drm/irq: Make pipe
unsigned and name consistent") now makes this error obvious, as we
now may get a warning from:

if (WARN_ON(pipe >= dev->num_crtcs))

in drm_vblank_count_and_time().  Prior to this change, we would end
up making out-of-bounds array accesses via:

struct drm_vblank_crtc *vblank = &dev->vblank[crtc];
and
*vblanktime = vblanktimestamp(dev, pipe, cur_vblank);

So, this has been broken for a very long time, and is not a result
of the above commit.  Since we don't care about the staging versions,
I've tagged this with the earliest mainline commit where we do care,
even though this commit did not introduce the bug.

Fixes: 6556f7f82b9c ("drm: imx: Move imx-drm driver out of staging")
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Philipp Zabel <p.zabel@pengutronix.de>
drivers/gpu/drm/imx/ipuv3-crtc.c

index 67813ca2a87cf08278d18b0c3a4e16c82de97090..4ab841eebee19dc099758f0018d9cf5030b475c0 100644 (file)
@@ -212,7 +212,8 @@ static void ipu_crtc_handle_pageflip(struct ipu_crtc *ipu_crtc)
 
        spin_lock_irqsave(&drm->event_lock, flags);
        if (ipu_crtc->page_flip_event)
-               drm_send_vblank_event(drm, -1, ipu_crtc->page_flip_event);
+               drm_crtc_send_vblank_event(&ipu_crtc->base,
+                                          ipu_crtc->page_flip_event);
        ipu_crtc->page_flip_event = NULL;
        imx_drm_crtc_vblank_put(ipu_crtc->imx_crtc);
        spin_unlock_irqrestore(&drm->event_lock, flags);