From: Joshua Aberback <joshua.aberback@xxxxxxx> commit 27227a234c1487cb7a684615f0749c455218833a upstream. [Why] The mechanism to backup and restore plane states doesn't maintain refcount, which can cause issues if the refcount of the plane changes in between backup and restore operations, such as memory leaks if the refcount was supposed to go down, or double frees / invalid memory accesses if the refcount was supposed to go up. [How] Cache and re-apply current refcount when restoring plane states. Cc: stable@xxxxxxxxxxxxxxx Reviewed-by: Josip Pavic <josip.pavic@xxxxxxx> Signed-off-by: Joshua Aberback <joshua.aberback@xxxxxxx> Signed-off-by: Hamza Mahfooz <hamza.mahfooz@xxxxxxx> Tested-by: Daniel Wheeler <daniel.wheeler@xxxxxxx> Signed-off-by: Alex Deucher <alexander.deucher@xxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- drivers/gpu/drm/amd/display/dc/core/dc.c | 3 +++ 1 file changed, 3 insertions(+) --- a/drivers/gpu/drm/amd/display/dc/core/dc.c +++ b/drivers/gpu/drm/amd/display/dc/core/dc.c @@ -3066,7 +3066,10 @@ static void restore_planes_and_stream_st return; for (i = 0; i < status->plane_count; i++) { + /* refcount will always be valid, restore everything else */ + struct kref refcount = status->plane_states[i]->refcount; *status->plane_states[i] = scratch->plane_states[i]; + status->plane_states[i]->refcount = refcount; } *stream = scratch->stream_state; } Patches currently in stable-queue which might be from joshua.aberback@xxxxxxx are queue-6.12/drm-amd-display-fix-handling-of-plane-refcount.patch