From 7eb3b2c83dccddec34787adf67c10c82331d262e Mon Sep 17 00:00:00 2001 From: Laurent Pinchart Date: Thu, 17 May 2012 13:27:19 +0200 Subject: [PATCH] drm: Delete the vblank timer synchronously at cleanup time A race condition exists in drm_vblank_cleanup() if the vblank disable timer callback runs after freeing the memory that its callback function tries to access. Fix this by deleting the timer synchronously. Signed-off-by: Laurent Pinchart Reviewed-by: Alex Deucher Signed-off-by: Dave Airlie --- drivers/gpu/drm/drm_irq.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/drm_irq.c b/drivers/gpu/drm/drm_irq.c index c869436e238a..acd2cb45a513 100644 --- a/drivers/gpu/drm/drm_irq.c +++ b/drivers/gpu/drm/drm_irq.c @@ -189,7 +189,7 @@ void drm_vblank_cleanup(struct drm_device *dev) if (dev->num_crtcs == 0) return; - del_timer(&dev->vblank_disable_timer); + del_timer_sync(&dev->vblank_disable_timer); vblank_disable_fn((unsigned long)dev); -- 2.30.2