From: Archit Taneja <architt@codeaurora.org>
To: robdclark@gmail.com, sviau@codeaurora.org
Cc: dri-devel@lists.freedesktop.org, linux-arm-msm@vger.kernel.org,
Archit Taneja <architt@codeaurora.org>
Subject: [PATCH] drm/msm: Fix mdp5_crtc->ctl NULL dereference
Date: Mon, 8 Jun 2015 09:57:27 +0530 [thread overview]
Message-ID: <1433737647-1926-1-git-send-email-architt@codeaurora.org> (raw)
A race condition between drm_release and drm_mode_rmfb can result in
mdp5_crtc_disable() accessing mdp5_crtc->ctl when its already been set
to NULL by a complete_flip() which disables the crtc.
Move the ctl register write within complete_flip() when the crtc state
is disabled.
Signed-off-by: Archit Taneja <architt@codeaurora.org>
---
drivers/gpu/drm/msm/mdp/mdp5/mdp5_crtc.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/msm/mdp/mdp5/mdp5_crtc.c b/drivers/gpu/drm/msm/mdp/mdp5/mdp5_crtc.c
index c153077..13dd7dd 100644
--- a/drivers/gpu/drm/msm/mdp/mdp5/mdp5_crtc.c
+++ b/drivers/gpu/drm/msm/mdp/mdp5/mdp5_crtc.c
@@ -143,6 +143,8 @@ static void complete_flip(struct drm_crtc *crtc, struct drm_file *file)
}
if (mdp5_crtc->ctl && !crtc->state->enable) {
+ /* set STAGE_UNUSED for all layers */
+ mdp5_ctl_blend(mdp5_crtc->ctl, mdp5_crtc->lm, 0x00000000);
mdp5_ctl_release(mdp5_crtc->ctl);
mdp5_crtc->ctl = NULL;
}
@@ -274,9 +276,6 @@ static void mdp5_crtc_disable(struct drm_crtc *crtc)
if (WARN_ON(!mdp5_crtc->enabled))
return;
- /* set STAGE_UNUSED for all layers */
- mdp5_ctl_blend(mdp5_crtc->ctl, mdp5_crtc->lm, 0x00000000);
-
mdp_irq_unregister(&mdp5_kms->base, &mdp5_crtc->err);
mdp5_disable(mdp5_kms);
--
The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
hosted by The Linux Foundation
reply other threads:[~2015-06-08 4:27 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1433737647-1926-1-git-send-email-architt@codeaurora.org \
--to=architt@codeaurora.org \
--cc=dri-devel@lists.freedesktop.org \
--cc=linux-arm-msm@vger.kernel.org \
--cc=robdclark@gmail.com \
--cc=sviau@codeaurora.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox