We dereference "eaction->event" inside the call to drm_send_event_locked() so should hold off on setting it to NULL until afterward.
Fixes: fb740cf2492c ("drm: Create drm_send_event helpers") Signed-off-by: Dan Carpenter dan.carpenter@oracle.com
diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c b/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c index e0edf14..37c305b 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c @@ -880,8 +880,8 @@ static void vmw_event_fence_action_seq_passed(struct vmw_fence_action *action) }
list_del_init(&eaction->fpriv_head); - eaction->event = NULL; drm_send_event_locked(dev, eaction->event); + eaction->event = NULL; spin_unlock_irqrestore(&dev->event_lock, irq_flags); }
On Thu, Jan 28, 2016 at 12:06:46PM +0300, Dan Carpenter wrote:
We dereference "eaction->event" inside the call to drm_send_event_locked() so should hold off on setting it to NULL until afterward.
Fixes: fb740cf2492c ("drm: Create drm_send_event helpers") Signed-off-by: Dan Carpenter dan.carpenter@oracle.com
Oh dear that's embarassing. Thanks for the patch, applied. -Daniel
diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c b/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c index e0edf14..37c305b 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c @@ -880,8 +880,8 @@ static void vmw_event_fence_action_seq_passed(struct vmw_fence_action *action) }
list_del_init(&eaction->fpriv_head);
- eaction->event = NULL; drm_send_event_locked(dev, eaction->event);
- eaction->event = NULL; spin_unlock_irqrestore(&dev->event_lock, irq_flags);
}
dri-devel@lists.freedesktop.org
-
Dan Carpenter -
Daniel Vetter