drm: rcar-du: Zero-out sg_tables when duplicating plane state

The state structure for VSP-backed planes, rcar_du_vsp_plane_state,
contains sg tables that track framebuffer mapping performed in the
.prepare_fb() operation to unmap them in .cleanup_fb(). The tables are
incorrectly copied when duplicating state, which can result :

Zero-out sg_tables in original plane, effectively introducing move
semantic. Seems, this fixes issue with double-free,
when rcar_du_vsp_plane_cleanup_fb() freed the same sg_table
both in original plane and in the copy.
Reported-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Signed-off-by: Laurent Pinchart <laurent.pinchart+renesas@ideasonboard.com>

drivers/gpu/drm/rcar-du/rcar_du_vsp.c

@@ -299,18 +299,17 @@ static const struct drm_plane_helper_funcs rcar_du_vsp_plane_helper_funcs = {
 static struct drm_plane_state *
 rcar_du_vsp_plane_atomic_duplicate_state(struct drm_plane *plane)
 {
-	struct rcar_du_vsp_plane_state *state;
 	struct rcar_du_vsp_plane_state *copy;
 
 	if (WARN_ON(!plane->state))
 		return NULL;
 
-	state = to_rcar_vsp_plane_state(plane->state);
-	copy = kmemdup(state, sizeof(*state), GFP_KERNEL);
+	copy = kzalloc(sizeof(*copy), GFP_KERNEL);
 	if (copy == NULL)
 		return NULL;
 
 	__drm_atomic_helper_plane_duplicate_state(plane, &copy->state);
+	copy->alpha = to_rcar_vsp_plane_state(plane->state)->alpha;
 
 	return &copy->state;
 }