git.baikalelectronics.ru Git - kernel.git/commit

author	Chris Wilson <chris@chris-wilson.co.uk>
	Mon, 27 Apr 2015 12:41:16 +0000 (13:41 +0100)
committer	Daniel Vetter <daniel.vetter@ffwll.ch>
	Wed, 20 May 2015 09:25:46 +0000 (11:25 +0200)
commit	28a6c1f8b4d1fda4db07b0d0a027ef672801825d
tree	7b47121a58fefbee057016d2f739445b9899b412	tree \| snapshot
parent	92db67bea0f3b94ff97ed52b6ea9828f7093a306	commit \| diff

drm/i915: Fix race on unreferencing the wrong mmio-flip-request

As we perform the mmio-flip without any locking and then try to acquire
the struct_mutex prior to dereferencing the request, it is possible for
userspace to queue a new pageflip before the worker can finish clearing
the old state - and then it will clear the new flip request. The result
is that the new flip could be completed before the GPU has finished
rendering.

The bugs stems from removing the seqno checking in
commit a5923336b6e45de8e3421c106c940dcaee50e32d
Author: Ander Conselvan de Oliveira <ander.conselvan.de.oliveira@intel.com>
Date: Thu Nov 6 11:03:40 2014 +0200

drm/i915: Make mmio flip wait for seqno in the work function

Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Ander Conselvan de Oliveira <ander.conselvan.de.oliveira@intel.com>
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>

drivers/gpu/drm/i915/i915_drv.h		diff \| blob \| history
drivers/gpu/drm/i915/intel_display.c		diff \| blob \| history
drivers/gpu/drm/i915/intel_drv.h		diff \| blob \| history