diff mbox

[1/2] drm/vmwgfx: Fix a circular locking dependency in the fbdev code

Message ID 1440145241-3367-1-git-send-email-thellstrom@vmware.com (mailing list archive)
State New, archived
Headers show

Commit Message

Thomas Hellstrom Aug. 21, 2015, 8:20 a.m. UTC
When a user-space process writes directly to the fbdev framebuffer,
we hit a circular locking dependency. Fix this by introducing a local
delayed work callback so that the defio lock can be released before
calling into the modesetting code for a dirty update.

Signed-off-by: Thomas Hellstrom <thellstrom@vmware.com>
Reviewed-by: Sinclair Yeh <syeh@vmware.com>
---
 drivers/gpu/drm/vmwgfx/vmwgfx_fb.c | 29 +++++++++++++++++------------
 1 file changed, 17 insertions(+), 12 deletions(-)
diff mbox

Patch

diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_fb.c b/drivers/gpu/drm/vmwgfx/vmwgfx_fb.c
index 042c5b4..3b1faf7 100644
--- a/drivers/gpu/drm/vmwgfx/vmwgfx_fb.c
+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_fb.c
@@ -68,8 +68,7 @@  struct vmw_fb_par {
 
 	struct drm_crtc *crtc;
 	struct drm_connector *con;
-
-	bool local_mode;
+	struct delayed_work local_work;
 };
 
 static int vmw_fb_setcolreg(unsigned regno, unsigned red, unsigned green,
@@ -167,8 +166,10 @@  static int vmw_fb_blank(int blank, struct fb_info *info)
  * Dirty code
  */
 
-static void vmw_fb_dirty_flush(struct vmw_fb_par *par)
+static void vmw_fb_dirty_flush(struct work_struct *work)
 {
+	struct vmw_fb_par *par = container_of(work, struct vmw_fb_par,
+					      local_work.work);
 	struct vmw_private *vmw_priv = par->vmw_priv;
 	struct fb_info *info = vmw_priv->fb_info;
 	unsigned long irq_flags;
@@ -248,7 +249,6 @@  static void vmw_fb_dirty_mark(struct vmw_fb_par *par,
 			      unsigned x1, unsigned y1,
 			      unsigned width, unsigned height)
 {
-	struct fb_info *info = par->vmw_priv->fb_info;
 	unsigned long flags;
 	unsigned x2 = x1 + width;
 	unsigned y2 = y1 + height;
@@ -262,7 +262,8 @@  static void vmw_fb_dirty_mark(struct vmw_fb_par *par,
 		/* if we are active start the dirty work
 		 * we share the work with the defio system */
 		if (par->dirty.active)
-			schedule_delayed_work(&info->deferred_work, VMW_DIRTY_DELAY);
+			schedule_delayed_work(&par->local_work,
+					      VMW_DIRTY_DELAY);
 	} else {
 		if (x1 < par->dirty.x1)
 			par->dirty.x1 = x1;
@@ -326,9 +327,14 @@  static void vmw_deferred_io(struct fb_info *info,
 		par->dirty.x2 = info->var.xres;
 		par->dirty.y2 = y2;
 		spin_unlock_irqrestore(&par->dirty.lock, flags);
-	}
 
-	vmw_fb_dirty_flush(par);
+		/*
+		 * Since we've already waited on this work once, try to
+		 * execute asap.
+		 */
+		cancel_delayed_work(&par->local_work);
+		schedule_delayed_work(&par->local_work, 0);
+	}
 };
 
 static struct fb_deferred_io vmw_defio = {
@@ -601,11 +607,7 @@  static int vmw_fb_set_par(struct fb_info *info)
 	/* If there already was stuff dirty we wont
 	 * schedule a new work, so lets do it now */
 
-#if (defined(VMWGFX_STANDALONE) && defined(VMWGFX_FB_DEFERRED))
-	schedule_delayed_work(&par->def_par.deferred_work, 0);
-#else
-	schedule_delayed_work(&info->deferred_work, 0);
-#endif
+	schedule_delayed_work(&par->local_work, 0);
 
 out_unlock:
 	if (old_mode)
@@ -662,6 +664,7 @@  int vmw_fb_init(struct vmw_private *vmw_priv)
 	vmw_priv->fb_info = info;
 	par = info->par;
 	memset(par, 0, sizeof(*par));
+	INIT_DELAYED_WORK(&par->local_work, &vmw_fb_dirty_flush);
 	par->vmw_priv = vmw_priv;
 	par->vmalloc = NULL;
 	par->max_width = fb_width;
@@ -784,6 +787,7 @@  int vmw_fb_close(struct vmw_private *vmw_priv)
 
 	/* ??? order */
 	fb_deferred_io_cleanup(info);
+	cancel_delayed_work_sync(&par->local_work);
 	unregister_framebuffer(info);
 
 	(void) vmw_fb_kms_detach(par, true, true);
@@ -811,6 +815,7 @@  int vmw_fb_off(struct vmw_private *vmw_priv)
 	spin_unlock_irqrestore(&par->dirty.lock, flags);
 
 	flush_delayed_work(&info->deferred_work);
+	flush_delayed_work(&par->local_work);
 
 	mutex_lock(&par->bo_mutex);
 	(void) vmw_fb_kms_detach(par, true, false);