The tidss_crtc_reset() function will (rightfully) destroy any
pre-existing state.
However, the tidss CRTC driver has its own CRTC state structure that
subclasses drm_crtc_state, and yet will destroy the previous state
by calling __drm_atomic_helper_crtc_destroy_state() and kfree() on its
drm_crtc_state pointer.
It works only because the drm_crtc_state is the first field in the
structure, and thus its offset is 0. It's incredibly fragile however, so
let's call our destroy implementation in such a case to deal with it
properly.
Signed-off-by: Maxime Ripard <mrip...@kernel.org>
---
drivers/gpu/drm/tidss/tidss_crtc.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/tidss/tidss_crtc.c
b/drivers/gpu/drm/tidss/tidss_crtc.c
index
eb431a238b11d22349d61f0e17f05994f50d5f2f..8fcc6a2f94770ae825eeb2a3b09856a2bf2d6a1e
100644
--- a/drivers/gpu/drm/tidss/tidss_crtc.c
+++ b/drivers/gpu/drm/tidss/tidss_crtc.c
@@ -355,13 +355,11 @@ static void tidss_crtc_destroy_state(struct drm_crtc
*crtc,
static void tidss_crtc_reset(struct drm_crtc *crtc)
{
struct tidss_crtc_state *tstate;
if (crtc->state)
- __drm_atomic_helper_crtc_destroy_state(crtc->state);
-
- kfree(crtc->state);
+ tidss_crtc_destroy_state(crtc, crtc->state);
tstate = kzalloc(sizeof(*tstate), GFP_KERNEL);
if (!tstate) {
crtc->state = NULL;
return;
--
2.50.1
