Gerd Hoffmann
2018-Aug-10 06:03 UTC
[PATCH] drm/cirrus: Use drm_framebuffer_put to avoid kernel oops in clean-up
On Fri, Jul 20, 2018 at 01:27:43PM +0200, Thomas Zimmermann wrote:> In the Cirrus driver, the regular clean-up code also performs the clean-up > of a failed initialization. If the fbdev's framebuffer was not initialized, > the clean-up will fail within drm_framebuffer_unregister_private. Booting > with cirrus.bpp=16 triggers this bug. > > The framebuffer is currently stored directly within struct cirrus_fbdev. To > fix the bug, we turn it into a pointer that is only set for initialized > framebuffers. The fbdev's clean-up code skips uninitialized framebuffers. > > The memory for struct drm_framebuffer is allocated dynamically. This requires > additional error handling within cirrusfb_create. The framebuffer clean-up is > now performed by drm_framebuffer_put, which also frees the data strcuture's > memory.pushed to drm-misc-next (also the other ones, except the failing ttm_put patches). thanks, Gerd