[PATCH] drm/qxl: add locking to prevent race on garbage collection

[Colin King]

From: Colin Ian King <colin.king at canonical.com>

I've seen the driver break a few times in qxl_garbage_collect
and I believe this is a race condition on qxl_release_free.
Adding extra locking around the release free addresses the
breakage.

Signed-off-by: Colin Ian King <colin.king at canonical.com>
---
 drivers/gpu/drm/qxl/qxl_cmd.c     | 3 +++
 drivers/gpu/drm/qxl/qxl_release.c | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/qxl/qxl_cmd.c b/drivers/gpu/drm/qxl/qxl_cmd.c
index fdc1833..9474622 100644
--- a/drivers/gpu/drm/qxl/qxl_cmd.c
+++ b/drivers/gpu/drm/qxl/qxl_cmd.c
@@ -243,7 +243,10 @@ int qxl_garbage_collect(struct qxl_device *qdev)
 			}
 			id = next_id;
 
+			mutex_lock(&qdev->release_mutex);
 			qxl_release_free(qdev, release);
+			mutex_unlock(&qdev->release_mutex);
+
 			++i;
 		}
 	}
diff --git a/drivers/gpu/drm/qxl/qxl_release.c b/drivers/gpu/drm/qxl/qxl_release.c
index 4efa8e2..2713f6d 100644
--- a/drivers/gpu/drm/qxl/qxl_release.c
+++ b/drivers/gpu/drm/qxl/qxl_release.c
@@ -360,8 +360,8 @@ int qxl_alloc_release_reserved(struct qxl_device *qdev, unsigned long size,
 	if (!qdev->current_release_bo[cur_idx]) {
 		ret = qxl_release_bo_alloc(qdev, &qdev->current_release_bo[cur_idx]);
 		if (ret) {
-			mutex_unlock(&qdev->release_mutex);
 			qxl_release_free(qdev, *release);
+			mutex_unlock(&qdev->release_mutex);
 			return ret;
 		}
 	}
-- 
2.6.2