diff mbox

drm/atomic-helpers: Make nonblocking more resilient

Message ID 20170228101151.5916-1-daniel.vetter@ffwll.ch (mailing list archive)
State New, archived
Headers show

Commit Message

Daniel Vetter Feb. 28, 2017, 10:11 a.m. UTC 
We've switched to refcounting for the event completion, which means
there's no risk for use-after free anymore after:

commit 24835e442f289813aa568d142a755672a740503c
Author: Daniel Vetter <daniel.vetter@ffwll.ch>
Date:   Wed Dec 21 11:23:30 2016 +0100

    drm: reference count event->completion

This should make the commit machinery a bit more resilient against
drivers bugs. It won't fix any driver bugs of course.

References: https://bugs.freedesktop.org/show_bug.cgi?id=96781
Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
---
 drivers/gpu/drm/drm_atomic_helper.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

Comments

Andrzej Hajda Feb. 28, 2017, 11:53 a.m. UTC | #1 
On 28.02.2017 11:11, Daniel Vetter wrote:
> We've switched to refcounting for the event completion, which means
> there's no risk for use-after free anymore after:
>
> commit 24835e442f289813aa568d142a755672a740503c
> Author: Daniel Vetter <daniel.vetter@ffwll.ch>
> Date:   Wed Dec 21 11:23:30 2016 +0100
>
>     drm: reference count event->completion
>
> This should make the commit machinery a bit more resilient against
> drivers bugs. It won't fix any driver bugs of course.
>
> References: https://bugs.freedesktop.org/show_bug.cgi?id=96781
> Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>

Regarding problems described on the bug tracker - it could be a blind
guess, but you can check if events are not canceled meanwhile, if for
some reason event responsible for page-flip is canceled completion is
not called.

Regards
Andrzej
diff mbox

Patch

diff --git a/drivers/gpu/drm/drm_atomic_helper.c b/drivers/gpu/drm/drm_atomic_helper.c
index 9203f3e933f7..f68181a92210 100644
--- a/drivers/gpu/drm/drm_atomic_helper.c
+++ b/drivers/gpu/drm/drm_atomic_helper.c
@@ -1611,15 +1611,16 @@  void drm_atomic_helper_commit_cleanup_done(struct drm_atomic_state *old_state)
 
 		spin_unlock(&crtc->commit_lock);
 
-		/* We must wait for the vblank event to signal our completion
-		 * before releasing our reference, since the vblank work does
-		 * not hold a reference of its own. */
 		ret = wait_for_completion_timeout(&commit->flip_done,
 						  10*HZ);
-		if (ret == 0)
+		if (ret == 0) {
 			DRM_ERROR("[CRTC:%d:%s] flip_done timed out\n",
 				  crtc->base.id, crtc->name);
 
+			/* Unblock at least subsequent commits */
+			complete_all(&commit->flip_done);
+		}
+
 		spin_lock(&crtc->commit_lock);
 del_commit:
 		list_del(&commit->commit_entry);