From d0dc1c8398e75f4efd37e9602f18bb024428516d Mon Sep 17 00:00:00 2001 From: Matt Roper Date: Fri, 16 Jan 2015 07:25:24 -0800 Subject: [PATCH] drm/i915: Don't cleanup plane state in intel_plane_destroy() When we transitioned to the atomic plane helpers in commit: commit ea2c67bb4affa84080c616920f3899f123786e56 Author: Matt Roper Date: Tue Dec 23 10:41:52 2014 -0800 drm/i915: Move to atomic plane helpers (v9) one of the changes was to call intel_plane_destroy_state() while tearing down a plane to prevent leaks when unloading the driver. That made sense when the patches were first written, but before they were merged, commit 3009c0377f25c29852b218a6933a969d02cbdc5d Author: Thierry Reding Date: Tue Nov 25 12:09:49 2014 +0100 drm: Free atomic state during cleanup had already landed, which made this the responsibility of the DRM core. The result was that we were kfree()'ing the state twice, and also possibly double-unref'ing a framebuffer, leading to memory corruption when the driver was unloaded. The fix is to simply not try to cleanup the state in the i915 teardown code now that the core handles this for us. Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=88433 Testcase: igt/drv_module_reload Root-cause-analysis-by: Ander Conselvan de Oliveira Signed-off-by: Matt Roper Reviewed-by: Jani Nikula Signed-off-by: Daniel Vetter --- drivers/gpu/drm/i915/intel_display.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c index 91d8ada8fe6d..cc3b9d87c2e8 100644 --- a/drivers/gpu/drm/i915/intel_display.c +++ b/drivers/gpu/drm/i915/intel_display.c @@ -11937,7 +11937,6 @@ static void intel_finish_crtc_commit(struct drm_crtc *crtc) void intel_plane_destroy(struct drm_plane *plane) { struct intel_plane *intel_plane = to_intel_plane(plane); - intel_plane_destroy_state(plane, plane->state); drm_plane_cleanup(plane); kfree(intel_plane); } -- 2.30.2