From: Maxime Ripard Date: Tue, 2 Sep 2025 08:32:50 +0000 (+0200) Subject: drm/tidss: crtc: Cleanup reset implementation X-Git-Tag: v6.19-rc1~157^2~24^2~23 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b83c30ac9d3d2c15cd7e1d013ec9ff73ef945405;p=thirdparty%2Flinux.git drm/tidss: crtc: Cleanup reset implementation The tidss_crtc_reset() function will (rightfully) destroy any pre-existing state. However, the tidss CRTC driver has its own CRTC state structure that subclasses drm_crtc_state, and yet will destroy the previous state by calling __drm_atomic_helper_crtc_destroy_state() and kfree() on its drm_crtc_state pointer. It works only because the drm_crtc_state is the first field in the structure, and thus its offset is 0. It's incredibly fragile however, so let's call our destroy implementation in such a case to deal with it properly. Reviewed-by: Thomas Zimmermann Link: https://lore.kernel.org/r/20250902-drm-state-readout-v1-22-14ad5315da3f@kernel.org Signed-off-by: Maxime Ripard Link: https://lore.kernel.org/r/20250902-drm-state-readout-v1-22-14ad5315da3f@kernel.org --- diff --git a/drivers/gpu/drm/tidss/tidss_crtc.c b/drivers/gpu/drm/tidss/tidss_crtc.c index eb431a238b11d..8fcc6a2f94770 100644 --- a/drivers/gpu/drm/tidss/tidss_crtc.c +++ b/drivers/gpu/drm/tidss/tidss_crtc.c @@ -357,9 +357,7 @@ static void tidss_crtc_reset(struct drm_crtc *crtc) struct tidss_crtc_state *tstate; if (crtc->state) - __drm_atomic_helper_crtc_destroy_state(crtc->state); - - kfree(crtc->state); + tidss_crtc_destroy_state(crtc, crtc->state); tstate = kzalloc(sizeof(*tstate), GFP_KERNEL); if (!tstate) {