We've switched to refcounting for the event completion, which means
there's no risk for use-after free anymore after:
commit 24835e442f289813aa568d142a755672a740503c
Author: Daniel Vetter <daniel.vet...@ffwll.ch>
Date: Wed Dec 21 11:23:30 2016 +0100
drm: reference count event->completion
This should make the commit machinery a bit more resilient against
drivers bugs. It won't fix any driver bugs of course.
References: https://bugs.freedesktop.org/show_bug.cgi?id=96781
Signed-off-by: Daniel Vetter <daniel.vet...@intel.com>
---
drivers/gpu/drm/drm_atomic_helper.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/drivers/gpu/drm/drm_atomic_helper.c
b/drivers/gpu/drm/drm_atomic_helper.c
index 9203f3e933f7..f68181a92210 100644
--- a/drivers/gpu/drm/drm_atomic_helper.c
+++ b/drivers/gpu/drm/drm_atomic_helper.c
@@ -1611,15 +1611,16 @@ void drm_atomic_helper_commit_cleanup_done(struct
drm_atomic_state *old_state)
spin_unlock(&crtc->commit_lock);
- /* We must wait for the vblank event to signal our completion
- * before releasing our reference, since the vblank work does
- * not hold a reference of its own. */
ret = wait_for_completion_timeout(&commit->flip_done,
10*HZ);
- if (ret == 0)
+ if (ret == 0) {
DRM_ERROR("[CRTC:%d:%s] flip_done timed out\n",
crtc->base.id, crtc->name);
+ /* Unblock at least subsequent commits */
+ complete_all(&commit->flip_done);
+ }
+
spin_lock(&crtc->commit_lock);
del_commit:
list_del(&commit->commit_entry);
--
2.11.0
_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx
