diff options
| author | Mario Kleiner <mario.kleiner.de@gmail.com> | 2014-08-06 03:22:46 +0200 |
|---|---|---|
| committer | Daniel Vetter <daniel.vetter@ffwll.ch> | 2014-09-10 09:41:29 +0200 |
| commit | 2368ffb18b1d2b04eb80478d225676caa7a3c4c8 (patch) | |
| tree | df045778d0c44fb8d4d729fce32e3d0fcda4c771 /drivers/gpu/drm/drm_global.c | |
| parent | drm: Remove drm_vblank_cleanup from drm_vblank_init error path. (diff) | |
| download | linux-2368ffb18b1d2b04eb80478d225676caa7a3c4c8.tar.xz linux-2368ffb18b1d2b04eb80478d225676caa7a3c4c8.zip | |
drm: Use vblank_disable_and_save in drm_vblank_cleanup()
Calling vblank_disable_fn() will cause that function to no-op
if !dev->vblank_disable_allowed for some kms drivers, e.g.,
on nouveau-kms. This can cause the gpu vblank irq's to not get
disabled before freeing the dev->vblank array, so if a
vblank irq fires and calls into drm_handle_vblank() after
drm_vblank_cleanup() completes, it will cause use-after-free
access to dev->vblank array.
Call vblank_disable_and_save unconditionally, so vblank irqs
are guaranteed to be off, before we delete the data structures
on which they operate.
Signed-off-by: Mario Kleiner <mario.kleiner.de@gmail.com>
Reviewed-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
[danvet: Fix subsystem name in patch subject.]
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Diffstat (limited to 'drivers/gpu/drm/drm_global.c')
0 files changed, 0 insertions, 0 deletions