[PATCH] drm/radeon: fix oops in ttm reserve when pageflipping
Dave Airlie
airlied at gmail.com
Sun May 29 01:20:21 PDT 2011
From: Dave Airlie <airlied at redhat.com>
We need to take a reference to this object, pinning doesn't take a reference
so if userspace deletes the object it can disappear even if pinned.
should fix:
https://bugzilla.kernel.org/show_bug.cgi?id=29942
and
https://bugzilla.redhat.com/show_bug.cgi?id=680651
Signed-off-by: Dave Airlie <airlied at redhat.com>
---
drivers/gpu/drm/radeon/radeon_display.c | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/drivers/gpu/drm/radeon/radeon_display.c b/drivers/gpu/drm/radeon/radeon_display.c
index ae247ee..5b9ac22 100644
--- a/drivers/gpu/drm/radeon/radeon_display.c
+++ b/drivers/gpu/drm/radeon/radeon_display.c
@@ -264,6 +264,8 @@ static void radeon_unpin_work_func(struct work_struct *__work)
radeon_bo_unreserve(work->old_rbo);
} else
DRM_ERROR("failed to reserve buffer after flip\n");
+
+ drm_gem_object_unreference_unlocked(&work->old_rbo->gem_base);
kfree(work);
}
@@ -371,6 +373,8 @@ static int radeon_crtc_page_flip(struct drm_crtc *crtc,
new_radeon_fb = to_radeon_framebuffer(fb);
/* schedule unpin of the old buffer */
obj = old_radeon_fb->obj;
+ /* take a reference to the old object */
+ drm_gem_object_reference(obj);
rbo = gem_to_radeon_bo(obj);
work->old_rbo = rbo;
INIT_WORK(&work->work, radeon_unpin_work_func);
--
1.7.4.4
More information about the dri-devel
mailing list