The unpin worker frees it work struct and so during intel_crtc_disable we should only also free the work struct if cancel_work_sync() reports that it successfully cancelled the work prior to it being executed and thus avoid the double free.
The impact is only for people unloading modules during a fullscreen game or movie playback, so extremely small. Signed-off-by: Chris Wilson <[email protected]> --- drivers/gpu/drm/i915/intel_display.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c index 8298b72..78390e8 100644 --- a/drivers/gpu/drm/i915/intel_display.c +++ b/drivers/gpu/drm/i915/intel_display.c @@ -7602,10 +7602,8 @@ static void intel_crtc_destroy(struct drm_crtc *crtc) intel_crtc->unpin_work = NULL; spin_unlock_irqrestore(&dev->event_lock, flags); - if (work) { - cancel_work_sync(&work->work); + if (work && cancel_work_sync(&work->work)) kfree(work); - } drm_crtc_cleanup(crtc); -- 1.7.10 _______________________________________________ Intel-gfx mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/intel-gfx
