The unpin worker frees it work struct and so during intel_crtc_disable
we should only also free the work struct if cancel_work_sync() reports
that it successfully cancelled the work prior to it being executed and
thus avoid the double free.
The impact is only for people unloading modules during a fullscreen game
or movie playback, so extremely small.
Signed-off-by: Chris Wilson <chris at chris-wilson.co.uk>
---
drivers/gpu/drm/i915/intel_display.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
index 8298b72..78390e8 100644
--- a/drivers/gpu/drm/i915/intel_display.c
+++ b/drivers/gpu/drm/i915/intel_display.c
@@ -7602,10 +7602,8 @@ static void intel_crtc_destroy(struct drm_crtc *crtc)
intel_crtc->unpin_work = NULL;
spin_unlock_irqrestore(&dev->event_lock, flags);
- if (work) {
- cancel_work_sync(&work->work);
+ if (work && cancel_work_sync(&work->work))
kfree(work);
- }
drm_crtc_cleanup(crtc);
--
1.7.10
