4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Monk Liu Monk.Liu@amd.com
[ Upstream commit 129d65c18ecfb249aceb540c31fdaf79bd5a11ff ]
this fix the issue that access memory after freed after driver unloaded.
Signed-off-by: Monk Liu Monk.Liu@amd.com Acked-by: Alex Deucher alexander.deucher@amd.com Signed-off-by: Alex Deucher alexander.deucher@amd.com Signed-off-by: Sasha Levin alexander.levin@microsoft.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- drivers/gpu/drm/amd/amdgpu/dce_virtual.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/gpu/drm/amd/amdgpu/dce_virtual.c +++ b/drivers/gpu/drm/amd/amdgpu/dce_virtual.c @@ -437,6 +437,8 @@ static int dce_virtual_sw_fini(void *han drm_kms_helper_poll_fini(adev->ddev);
drm_mode_config_cleanup(adev->ddev); + /* clear crtcs pointer to avoid dce irq finish routine access freed data */ + memset(adev->mode_info.crtcs, 0, sizeof(adev->mode_info.crtcs[0]) * AMDGPU_MAX_CRTCS); adev->mode_info.mode_config_initialized = false; return 0; } @@ -723,7 +725,7 @@ static void dce_virtual_set_crtc_vblank_ int crtc, enum amdgpu_interrupt_state state) { - if (crtc >= adev->mode_info.num_crtc) { + if (crtc >= adev->mode_info.num_crtc || !adev->mode_info.crtcs[crtc]) { DRM_DEBUG("invalid crtc %d\n", crtc); return; }