> -----Original Message----- > From: amd-gfx [mailto:[email protected]] On Behalf > Of Michel Dänzer > Sent: Wednesday, June 21, 2017 11:56 PM > To: [email protected] > Subject: [PATCH xf86-video-amdgpu] Increase reference count of FB > assigned to drmmode_crtc->flip_pending > > From: Michel Dänzer <[email protected]> > > Otherwise, it could happen that we destroy the FB before the flip > completes, resulting in use-after-free and most likely a crash. > > Signed-off-by: Michel Dänzer <[email protected]>
Reviewed-by: Alex Deucher <[email protected]> > --- > src/amdgpu_kms.c | 8 ++++---- > src/drmmode_display.c | 8 ++++++-- > 2 files changed, 10 insertions(+), 6 deletions(-) > > diff --git a/src/amdgpu_kms.c b/src/amdgpu_kms.c > index 784f7388a..143294a9f 100644 > --- a/src/amdgpu_kms.c > +++ b/src/amdgpu_kms.c > @@ -722,8 +722,8 @@ amdgpu_prime_scanout_flip(PixmapDirtyUpdatePtr > ent) > return; > } > > - drmmode_crtc->flip_pending = > - amdgpu_pixmap_get_fb(drmmode_crtc- > >scanout[scanout_id].pixmap); > + drmmode_fb_reference(pAMDGPUEnt->fd, &drmmode_crtc- > >flip_pending, > + amdgpu_pixmap_get_fb(drmmode_crtc- > >scanout[scanout_id].pixmap)); > if (!drmmode_crtc->flip_pending) { > xf86DrvMsg(scrn->scrnIndex, X_WARNING, > "Failed to get FB for PRIME flip.\n"); > @@ -1011,8 +1011,8 @@ amdgpu_scanout_flip(ScreenPtr pScreen, > AMDGPUInfoPtr info, > return; > } > > - drmmode_crtc->flip_pending = > - amdgpu_pixmap_get_fb(drmmode_crtc- > >scanout[scanout_id].pixmap); > + drmmode_fb_reference(pAMDGPUEnt->fd, &drmmode_crtc- > >flip_pending, > + amdgpu_pixmap_get_fb(drmmode_crtc- > >scanout[scanout_id].pixmap)); > if (!drmmode_crtc->flip_pending) { > xf86DrvMsg(scrn->scrnIndex, X_WARNING, > "Failed to get FB for scanout flip.\n"); > diff --git a/src/drmmode_display.c b/src/drmmode_display.c > index 0d900418a..ce46f7ba6 100644 > --- a/src/drmmode_display.c > +++ b/src/drmmode_display.c > @@ -2196,8 +2196,11 @@ void > drmmode_clear_pending_flip(xf86CrtcPtr crtc) > { > drmmode_crtc_private_ptr drmmode_crtc = crtc->driver_private; > + ScrnInfoPtr scrn = crtc->scrn; > + AMDGPUEntPtr pAMDGPUEnt = AMDGPUEntPriv(scrn); > > - drmmode_crtc->flip_pending = NULL; > + drmmode_fb_reference(pAMDGPUEnt->fd, &drmmode_crtc- > >flip_pending, > + NULL); > > if (!crtc->enabled || > (drmmode_crtc->pending_dpms_mode != DPMSModeOn && > @@ -2835,7 +2838,8 @@ Bool amdgpu_do_pageflip(ScrnInfoPtr scrn, > ClientPtr client, > goto flip_error; > } > > - drmmode_crtc->flip_pending = fb; > + drmmode_fb_reference(pAMDGPUEnt->fd, > &drmmode_crtc->flip_pending, > + fb); > drm_queue_seq = 0; > } > > -- > 2.11.0 > > _______________________________________________ > amd-gfx mailing list > [email protected] > https://lists.freedesktop.org/mailman/listinfo/amd-gfx _______________________________________________ amd-gfx mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/amd-gfx
