drm/i915: Fix race on unreferencing the wrong mmio-flip-request
As we perform the mmio-flip without any locking and then try to acquire the struct_mutex prior to dereferencing the request, it is possible for userspace to queue a new pageflip before the worker can finish clearing the old state - and then it will clear the new flip request. The result is that the new flip could be completed before the GPU has finished rendering. The bugs stems from removing the seqno checking in commit 536f5b5e Author: Ander Conselvan de Oliveira <ander.conselvan.de.oliveira@intel.com> Date: Thu Nov 6 11:03:40 2014 +0200 drm/i915: Make mmio flip wait for seqno in the work function Signed-off-by: NChris Wilson <chris@chris-wilson.co.uk> Cc: Ander Conselvan de Oliveira <ander.conselvan.de.oliveira@intel.com> Signed-off-by: NDaniel Vetter <daniel.vetter@ffwll.ch>
Showing
想要评论请 注册 或 登录