[PATCH v2 1/2] drm/ttm: Reset ttm_mem_global when initialized

[Brian Yip]

Certain attributes such as num_zones and kobj in the
ttm_mem_global structure were never reset after calling
ttm_mem_global_release(). Consequently, when multiple GPU drivers
are loaded, and the first one fails to load its firmware, the second
driver will attempt to load its own firmware. Initializing the
second driver invokes ttm_mem_global_init where ttm_mem_global.num_zones
is eventually incremented beyond TTM_MEM_MAX_ZONES.
ttm_mem_global.num_zones is then used to dereference a ttm_mem_zone beyond
the amount of ttm_mem_zones allocated, resulting in a crash.

Zero initialize the ttm_mem_global structure such that its state will
be pristine and thus, ready to be re-initialized.

Signed-off-by: Brian Yip <itsbriany at gmail.com>
---
 drivers/gpu/drm/ttm/ttm_memory.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/gpu/drm/ttm/ttm_memory.c b/drivers/gpu/drm/ttm/ttm_memory.c
index 699fed9e08ee..73b461d5a4c0 100644
--- a/drivers/gpu/drm/ttm/ttm_memory.c
+++ b/drivers/gpu/drm/ttm/ttm_memory.c
@@ -419,6 +419,8 @@ int ttm_mem_global_init(struct ttm_mem_global *glob)
 	int i;
 	struct ttm_mem_zone *zone;
 
+	memset(glob, 0, sizeof(struct ttm_mem_global));
+
 	spin_lock_init(&glob->lock);
 	glob->swap_queue = create_singlethread_workqueue("ttm_swap");
 	INIT_WORK(&glob->work, ttm_shrink_work);
-- 
2.20.1