drm/tidss: crtc: Cleanup reset implementation

The tidss_crtc_reset() function will (rightfully) destroy any
pre-existing state.

However, the tidss CRTC driver has its own CRTC state structure that
subclasses drm_crtc_state, and yet will destroy the previous state
by calling __drm_atomic_helper_crtc_destroy_state() and kfree() on its
drm_crtc_state pointer.

It works only because the drm_crtc_state is the first field in the
structure, and thus its offset is 0. It's incredibly fragile however, so
let's call our destroy implementation in such a case to deal with it
properly.

Reviewed-by: Thomas Zimmermann <tzimmermann@suse.de>
Link: https://lore.kernel.org/r/20250902-drm-state-readout-v1-22-14ad5315da3f@kernel.org
Signed-off-by: Maxime Ripard <mripard@kernel.org>
Link: https://lore.kernel.org/r/20250902-drm-state-readout-v1-22-14ad5315da3f@kernel.org

diff --git a/drivers/gpu/drm/tidss/tidss_crtc.c b/drivers/gpu/drm/tidss/tidss_crtc.c
index eb431a238b11d22349d61f0e17f05994f50d5f2f..8fcc6a2f94770ae825eeb2a3b09856a2bf2d6a1e 100644 (file)
--- a/drivers/gpu/drm/tidss/tidss_crtc.c
+++ b/drivers/gpu/drm/tidss/tidss_crtc.c
@@ -357,9 +357,7 @@ static void tidss_crtc_reset(struct drm_crtc *crtc)
        struct tidss_crtc_state *tstate;
 
        if (crtc->state)
-               __drm_atomic_helper_crtc_destroy_state(crtc->state);
-
-       kfree(crtc->state);
+               tidss_crtc_destroy_state(crtc, crtc->state);
 
        tstate = kzalloc(sizeof(*tstate), GFP_KERNEL);
        if (!tstate) {