From: jimqu <Jim.Qu@amd.com>
Date: Mon, 28 Nov 2016 08:05:46 +0800
Subject: drm/amd/display: Fix memory corruption issue.
Git-commit: ead964f24e111aa5ba6ec4c2ee15ae20f11a121a
Patch-mainline: v4.15-rc1
References: FATE#326289 FATE#326079 FATE#326049 FATE#322398 FATE#326166
temp_flip_context is always same as current_context,
and the current_context will be freed in
dc_commit_targets(), but temp_flip_context will be used in
dc_update_surfaces_for_target().
Signed-off-by: JimQu <Jim.Qu@amd.com>
Reviewed-by: Andrey Grodzovsky <Andrey.Grodzovsky@amd.com>
Acked-by: Harry Wentland <Harry.Wentland@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Acked-by: Petr Tesarik <ptesarik@suse.com>
---
drivers/gpu/drm/amd/display/dc/core/dc.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
--- a/drivers/gpu/drm/amd/display/dc/core/dc.c
+++ b/drivers/gpu/drm/amd/display/dc/core/dc.c
@@ -1096,8 +1096,12 @@ bool dc_commit_targets(
resource_validate_ctx_destruct(core_dc->current_context);
- dm_free(core_dc->current_context);
+ if (core_dc->temp_flip_context != core_dc->current_context) {
+ dm_free(core_dc->temp_flip_context);
+ core_dc->temp_flip_context = core_dc->current_context;
+ }
core_dc->current_context = context;
+ memset(core_dc->temp_flip_context, 0, sizeof(*core_dc->temp_flip_context));
return (result == DC_OK);