https://github.com/torvalds/linux
Revision 3cfc183052c3dbf8eae57b6c1685dab00ed3db4a authored by Marek Vasut on 16 October 2021, 21:04:46 UTC, committed by Maarten Lankhorst on 21 October 2021, 09:08:08 UTC
The mxsfb->crtc.funcs may already be NULL when unloading the driver,
in which case calling mxsfb_irq_disable() via drm_irq_uninstall() from
mxsfb_unload() leads to NULL pointer dereference.
Since all we care about is masking the IRQ and mxsfb->base is still
valid, just use that to clear and mask the IRQ.
Fixes: ae1ed00932819 ("drm: mxsfb: Stop using DRM simple display pipeline helper")
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Daniel Abrecht <public@danielabrecht.ch>
Cc: Emil Velikov <emil.l.velikov@gmail.com>
Cc: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Cc: Sam Ravnborg <sam@ravnborg.org>
Cc: Stefan Agner <stefan@agner.ch>
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20211016210446.171616-1-marex@denx.de
Signed-off-by: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
1 parent 519d819
Tip revision: 3cfc183052c3dbf8eae57b6c1685dab00ed3db4a authored by Marek Vasut on 16 October 2021, 21:04:46 UTC
drm: mxsfb: Fix NULL pointer dereference crash on unload
drm: mxsfb: Fix NULL pointer dereference crash on unload
Tip revision: 3cfc183
drm_vblank_work.h
/* SPDX-License-Identifier: MIT */
#ifndef _DRM_VBLANK_WORK_H_
#define _DRM_VBLANK_WORK_H_
#include <linux/kthread.h>
struct drm_crtc;
/**
* struct drm_vblank_work - A delayed work item which delays until a target
* vblank passes, and then executes at realtime priority outside of IRQ
* context.
*
* See also:
* drm_vblank_work_schedule()
* drm_vblank_work_init()
* drm_vblank_work_cancel_sync()
* drm_vblank_work_flush()
*/
struct drm_vblank_work {
/**
* @base: The base &kthread_work item which will be executed by
* &drm_vblank_crtc.worker. Drivers should not interact with this
* directly, and instead rely on drm_vblank_work_init() to initialize
* this.
*/
struct kthread_work base;
/**
* @vblank: A pointer to &drm_vblank_crtc this work item belongs to.
*/
struct drm_vblank_crtc *vblank;
/**
* @count: The target vblank this work will execute on. Drivers should
* not modify this value directly, and instead use
* drm_vblank_work_schedule()
*/
u64 count;
/**
* @cancelling: The number of drm_vblank_work_cancel_sync() calls that
* are currently running. A work item cannot be rescheduled until all
* calls have finished.
*/
int cancelling;
/**
* @node: The position of this work item in
* &drm_vblank_crtc.pending_work.
*/
struct list_head node;
};
/**
* to_drm_vblank_work - Retrieve the respective &drm_vblank_work item from a
* &kthread_work
* @_work: The &kthread_work embedded inside a &drm_vblank_work
*/
#define to_drm_vblank_work(_work) \
container_of((_work), struct drm_vblank_work, base)
int drm_vblank_work_schedule(struct drm_vblank_work *work,
u64 count, bool nextonmiss);
void drm_vblank_work_init(struct drm_vblank_work *work, struct drm_crtc *crtc,
void (*func)(struct kthread_work *work));
bool drm_vblank_work_cancel_sync(struct drm_vblank_work *work);
void drm_vblank_work_flush(struct drm_vblank_work *work);
#endif /* !_DRM_VBLANK_WORK_H_ */
Computing file changes ...
