On Mon, May 13, 2019 at 01:32:39PM -0700, Bjorn Andersson wrote:
On Wed 08 May 19:03 PDT 2019, Brian Masney wrote:
The msm_gem_object structure contains resv and _resv fields that are no longer needed since the reservation object is now stored on drm_gem_object. msm_atomic_prepare_fb() and msm_atomic_prepare_fb() both referenced the wrong reservation object, and would lead to an attempt to dereference a NULL pointer. Correct those two cases to point to the correct reservation object.
Signed-off-by: Brian Masney masneyb@onstation.org Fixes: dd55cf6929e6 ("drm: msm: Switch to use drm_gem_object reservation_object")
Reviewed-by: Bjorn Andersson bjorn.andersson@linaro.org Tested-by: Bjorn Andersson bjorn.andersson@linaro.org
This resolves a NULL-pointer dereference about to show up in v5.2-rc1, so please pick this up for -rc.
Let me send out another version of just this patch. This snippet below that I removed needs to stay. I got a little too over eager removing code.
@@ -973,9 +973,6 @@ static int msm_gem_new_impl(struct drm_device *dev, msm_obj->flags = flags; msm_obj->madv = MSM_MADV_WILLNEED;
- if (resv)
msm_obj->base.resv = resv;- INIT_LIST_HEAD(&msm_obj->submit_entry); INIT_LIST_HEAD(&msm_obj->vmas);
Brian