Commit 37b76172 authored by Chris Wilson's avatar Chris Wilson
Browse files

drm/i915/fbc: __intel_fbc_cleanup_cfb() may be called multiple times 



Avoid releasing the same stolen nodes causing a use-after-free and/or
explosions as the self-checks fail, as __intel_fbc_cleanup_cfb() may be
called multiple times during module unload.

Signed-off-by: default avatarChris Wilson <chris@chris-wilson.co.uk>
Cc: Ville Syrjälä <ville.syrjala@linux.intel.com>
Reviewed-by: default avatarVille Syrjälä <ville.syrjala@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20200130135136.1878646-1-chris@chris-wilson.co.uk
parent bf72c8c6

drivers/gpu/drm/i915/display/intel_fbc.c

+4 −2
Original line number Diff line number Diff line
@@ -537,13 +537,15 @@ static void __intel_fbc_cleanup_cfb(struct drm_i915_private *dev_priv) 
{

	struct intel_fbc *fbc = &dev_priv->fbc;



	if (drm_mm_node_allocated(&fbc->compressed_fb))

		i915_gem_stolen_remove_node(dev_priv, &fbc->compressed_fb);

	if (!drm_mm_node_allocated(&fbc->compressed_fb))

		return;



	if (fbc->compressed_llb) {

		i915_gem_stolen_remove_node(dev_priv, fbc->compressed_llb);

		kfree(fbc->compressed_llb);

	}



	i915_gem_stolen_remove_node(dev_priv, &fbc->compressed_fb);

}



void intel_fbc_cleanup_cfb(struct drm_i915_private *dev_priv)

CRA Git | Maintained and supported by SUSTech CRA and CCSE