Could someone please take a look and see if the change makes sense at all?
Thanks,
James
-----Original Message-----
From: Xiong, James
Sent: Wednesday, April 13, 2016 11:09 AM
To: dri-devel at lists.freedesktop.org
Cc: intel-gfx at lists.freedesktop.org; Xiong, James <james.xiong at intel.com>
Subject: [PATCH 1/1] change the order to cleanup drm_property_blob after
drm_crtc
From: "Xiong, James" <james.xi...@intel.com>
Previously drm_mode_config_cleanup freed drm_property_blob first, then the
drm_crtc which triggered unref calls to its associated drm_propery_blob, and
could potentially cause memory corruption.
Signed-off-by: Xiong, James <james.xiong at intel.com>
---
drivers/gpu/drm/drm_crtc.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/drivers/gpu/drm/drm_crtc.c b/drivers/gpu/drm/drm_crtc.c index
30fea23..c93576a 100644
--- a/drivers/gpu/drm/drm_crtc.c
+++ b/drivers/gpu/drm/drm_crtc.c
@@ -5950,11 +5950,6 @@ void drm_mode_config_cleanup(struct drm_device *dev)
drm_property_destroy(dev, property);
}
- list_for_each_entry_safe(blob, bt, &dev->mode_config.property_blob_list,
- head_global) {
- drm_property_unreference_blob(blob);
- }
-
/*
* Single-threaded teardown context, so it's not required to grab the
* fb_lock to protect against concurrent fb_list access. Contrary, it
@@ -5977,6 +5972,11 @@ void drm_mode_config_cleanup(struct drm_device *dev)
crtc->funcs->destroy(crtc);
}
+ list_for_each_entry_safe(blob, bt, &dev->mode_config.property_blob_list,
+ head_global) {
+ drm_property_unreference_blob(blob);
+ }
+
ida_destroy(&dev->mode_config.connector_ida);
idr_destroy(&dev->mode_config.tile_idr);
idr_destroy(&dev->mode_config.crtc_idr);
--
1.9.1
