It's right above the drm_dev_put(). Aside: Another driver with a bit much devm_kzalloc, which should probably use drmm_kzalloc instead ... I'm pretty sure this one blows up already under KASAN because it's using devm_drm_dev_init, and later on devm_kzalloc. Hence the memory will get freed before the final drm_dev_put (all from the devres code), but the cleanup in that final drm_dev_put will access the just freed memory. Unfortunately fixing this properly needs slightly more work, namely drmm_ versions for all the drm objects (planes, crtc, ...), so that the cleanup actually happens before even drmm_kzalloc would release the underlying memory. Not quite there yet. Signed-off-by: Daniel Vetter <daniel.vetter@xxxxxxxxx> Cc: Jyri Sarha <jsarha@xxxxxx> Cc: Tomi Valkeinen <tomi.valkeinen@xxxxxx> --- drivers/gpu/drm/tidss/tidss_drv.c | 4 ---- drivers/gpu/drm/tidss/tidss_kms.c | 19 +++++-------------- drivers/gpu/drm/tidss/tidss_kms.h | 1 - 3 files changed, 5 insertions(+), 19 deletions(-) diff --git a/drivers/gpu/drm/tidss/tidss_drv.c b/drivers/gpu/drm/tidss/tidss_drv.c index 460d5e9d0cf4..ad449d104306 100644 --- a/drivers/gpu/drm/tidss/tidss_drv.c +++ b/drivers/gpu/drm/tidss/tidss_drv.c @@ -103,11 +103,7 @@ static const struct dev_pm_ops tidss_pm_ops = { static void tidss_release(struct drm_device *ddev) { - struct tidss_device *tidss = ddev->dev_private; - drm_kms_helper_poll_fini(ddev); - - tidss_modeset_cleanup(tidss); } DEFINE_DRM_GEM_CMA_FOPS(tidss_fops); diff --git a/drivers/gpu/drm/tidss/tidss_kms.c b/drivers/gpu/drm/tidss/tidss_kms.c index 5311e0f1c551..87e07e0e4eae 100644 --- a/drivers/gpu/drm/tidss/tidss_kms.c +++ b/drivers/gpu/drm/tidss/tidss_kms.c @@ -208,7 +208,9 @@ int tidss_modeset_init(struct tidss_device *tidss) dev_dbg(tidss->dev, "%s\n", __func__); - drm_mode_config_init(ddev); + ret = drm_mode_config_init(ddev); + if (ret) + return ret; ddev->mode_config.min_width = 8; ddev->mode_config.min_height = 8; @@ -220,11 +222,11 @@ int tidss_modeset_init(struct tidss_device *tidss) ret = tidss_dispc_modeset_init(tidss); if (ret) - goto err_mode_config_cleanup; + return ret; ret = drm_vblank_init(ddev, tidss->num_crtcs); if (ret) - goto err_mode_config_cleanup; + return ret; /* Start with vertical blanking interrupt reporting disabled. */ for (i = 0; i < tidss->num_crtcs; ++i) @@ -235,15 +237,4 @@ int tidss_modeset_init(struct tidss_device *tidss) dev_dbg(tidss->dev, "%s done\n", __func__); return 0; - -err_mode_config_cleanup: - drm_mode_config_cleanup(ddev); - return ret; -} - -void tidss_modeset_cleanup(struct tidss_device *tidss) -{ - struct drm_device *ddev = &tidss->ddev; - - drm_mode_config_cleanup(ddev); } diff --git a/drivers/gpu/drm/tidss/tidss_kms.h b/drivers/gpu/drm/tidss/tidss_kms.h index dda5625d0128..99aaff099f22 100644 --- a/drivers/gpu/drm/tidss/tidss_kms.h +++ b/drivers/gpu/drm/tidss/tidss_kms.h @@ -10,6 +10,5 @@ struct tidss_device; int tidss_modeset_init(struct tidss_device *tidss); -void tidss_modeset_cleanup(struct tidss_device *tidss); #endif -- 2.24.1 _______________________________________________ Intel-gfx mailing list Intel-gfx@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/intel-gfx