[PATCH, RESEND] drm/vmwgfx: Don't double-free the mode stored in par->set_mode

Mon Mar 18 16:59:39 UTC 2019

Hi Thomas,

Thanks for doing this and somehow I missed the last patch, sorry about
that. Have some questions below otherwise the patch looks good to me.

Reviewed-by: Deepak Rawat <drawat at vmware.com>

I will include your changes in vmwgfx-next and run tests.

On Mon, 2019-03-18 at 15:47 +0100, Thomas Zimmermann wrote:
> When calling vmw_fb_set_par(), the mode stored in par->set_mode gets
> free'd
> twice. The first free is in vmw_fb_kms_detach(), the second is near
> the
> end of vmw_fb_set_par() under the name of 'old_mode'. The mode-
> setting code
> only works correctly if the mode doesn't actually change.

You mean to say that without your patch vmwgfx fb driver fail to change
the mode?

>  Removing 'old_mode'
> in favor of using par->set_mode directly fixes the problem.
> 
> Signed-off-by: Thomas Zimmermann <tzimmermann at suse.de>
> ---
>  drivers/gpu/drm/vmwgfx/vmwgfx_fb.c | 12 +++---------
>  1 file changed, 3 insertions(+), 9 deletions(-)
> 
> diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_fb.c
> b/drivers/gpu/drm/vmwgfx/vmwgfx_fb.c
> index b913a56f3426..2a9112515f46 100644
> --- a/drivers/gpu/drm/vmwgfx/vmwgfx_fb.c
> +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_fb.c
> @@ -564,11 +564,9 @@ static int vmw_fb_set_par(struct fb_info *info)
>  		0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
>  		DRM_MODE_FLAG_NHSYNC | DRM_MODE_FLAG_PVSYNC)
>  	};
> -	struct drm_display_mode *old_mode;
>  	struct drm_display_mode *mode;
>  	int ret;
> 
> -	old_mode = par->set_mode;
>  	mode = drm_mode_duplicate(vmw_priv->dev, &new_mode);
>  	if (!mode) {
>  		DRM_ERROR("Could not create new fb mode.\n");
> @@ -579,11 +577,7 @@ static int vmw_fb_set_par(struct fb_info *info)
>  	mode->vdisplay = var->yres;
>  	vmw_guess_mode_timing(mode);
> 
> -	if (old_mode && drm_mode_equal(old_mode, mode)) {
> -		drm_mode_destroy(vmw_priv->dev, mode);
> -		mode = old_mode;
> -		old_mode = NULL;

I am having hard time understanding original intention for this piece
of code. Was there a restriction to send pointer to old mode if mode
were same and that restriction don't hold anymore. Sorry I am not
familiar with this code area.

> -	} else if (!vmw_kms_validate_mode_vram(vmw_priv,
> +	if (!vmw_kms_validate_mode_vram(vmw_priv,
>  					mode->hdisplay *
>  					DIV_ROUND_UP(var-
> >bits_per_pixel, 8),
>  					mode->vdisplay)) {
> @@ -620,8 +614,8 @@ static int vmw_fb_set_par(struct fb_info *info)
>  	schedule_delayed_work(&par->local_work, 0);
> 
>  out_unlock:
> -	if (old_mode)
> -		drm_mode_destroy(vmw_priv->dev, old_mode);
> +	if (par->set_mode)
> +		drm_mode_destroy(vmw_priv->dev, par->set_mode);
>  	par->set_mode = mode;
> 
>  	mutex_unlock(&par->bo_mutex);
> --
> 2.20.1
> 
> _______________________________________________
> dri-devel mailing list
> dri-devel at lists.freedesktop.org
> 
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.freedesktop.org%2Fmailman%2Flistinfo%2Fdri-devel&data=02%7C01%7Cdrawat%40vmware.com%7Cb1508247a3954fb0b08b08d6abb0bcd0%7Cb39138ca3cee4b4aa4d6cd83d9dd62f0%7C0%7C0%7C636885172908359973&sdata=AN6UTrMzxcVK7MC6bX3OxNbcyq0j4HdKt0dk1yyHOHc%3D&reserved=0