drm/armada: fix page_flip refcounting leak (c5488307) · Commits · e / devices / android_kernel_teracube_2e

drivers/gpu/drm/armada/armada_crtc.c

+5 −8

Original line number	Original line	Diff line number	Diff line
	@@ -945,18 +945,15 @@ static int armada_drm_crtc_page_flip(struct drm_crtc *crtc,
	armada_reg_queue_end(work->regs, i);		armada_reg_queue_end(work->regs, i);

	/*		/*
	* Hold the old framebuffer for the work - DRM appears to drop our		* Ensure that we hold a reference on the new framebuffer.
	* reference to the old framebuffer in drm_mode_page_flip_ioctl().		* This has to match the behaviour in mode_set.
	*/		*/
	drm_framebuffer_reference(work->old_fb);		drm_framebuffer_reference(fb);

	ret = armada_drm_crtc_queue_frame_work(dcrtc, work);		ret = armada_drm_crtc_queue_frame_work(dcrtc, work);
	if (ret) {		if (ret) {
	/*		/* Undo our reference above */
	* Undo our reference above; DRM does not drop the reference		drm_framebuffer_unreference(fb);
	* to this object on error, so that's okay.
	*/
	drm_framebuffer_unreference(work->old_fb);
	kfree(work);		kfree(work);
	return ret;		return ret;
	}		}