From: Thierry Reding <tred...@nvidia.com>
When accessing the array of per-CRTC VBLANK structures we must always
check that the index into the array is valid before dereferencing to
avoid crashing.
Signed-off-by: Thierry Reding <treding at nvidia.com>
---
drivers/gpu/drm/drm_irq.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/drm_irq.c b/drivers/gpu/drm/drm_irq.c
index a24658162284..cb207e047505 100644
--- a/drivers/gpu/drm/drm_irq.c
+++ b/drivers/gpu/drm/drm_irq.c
@@ -1070,10 +1070,10 @@ void drm_vblank_put(struct drm_device *dev, int crtc)
{
struct drm_vblank_crtc *vblank = &dev->vblank[crtc];
- if (WARN_ON(atomic_read(&vblank->refcount) == 0))
+ if (WARN_ON(crtc >= dev->num_crtcs))
return;
- if (WARN_ON(crtc >= dev->num_crtcs))
+ if (WARN_ON(atomic_read(&vblank->refcount) == 0))
return;
/* Last user schedules interrupt disable */
@@ -1356,6 +1356,9 @@ void drm_vblank_post_modeset(struct drm_device *dev, int
crtc)
if (!dev->num_crtcs)
return;
+ if (WARN_ON(crtc >= dev->num_crtcs))
+ return;
+
if (vblank->inmodeset) {
spin_lock_irqsave(&dev->vbl_lock, irqflags);
dev->vblank_disable_allowed = true;
--
2.1.3
