[PATCH] drm/omap: Take a fb reference in omap_plane_update()
Daniel Vetter
daniel at ffwll.ch
Tue Apr 9 05:53:17 PDT 2013
On Tue, Apr 09, 2013 at 05:56:02PM +0530, Archit Taneja wrote:
> When userspace calls SET_PLANE ioctl, drm core takes a reference of the fb and
> passes control to the update_plane op defined by the drm driver.
>
> In omapdrm, we have a worker thread which queues framebuffers objects received
> from update_plane and displays them at the appropriate time.
>
> It is possible that the framebuffer is destoryed by userspace between the time
> of calling the ioctl and apply-worker being scheduled. If this happens, the
> apply-worker holds a pointer to a framebuffer which is already destroyed.
>
> Take an extra refernece/unreference of the fb in omap_plane_update() to prevent
> this from happening. A reference is taken of the fb passed to update_plane(),
> the previous framebuffer (held by plane->fb) is unreferenced. This will prevent
> drm from destroying the framebuffer till the time it's unreferenced by the
> apply-worker.
>
> This is in addition to the exisitng reference/unreference in update_pin(),
> which is taken for the scanout of the plane's current framebuffer, and an
> unreference the previous framebuffer.
>
> Signed-off-by: Archit Taneja <archit at ti.com>
> Cc: Rob Clark <robdclark at gmail.com>
> ---
> drivers/gpu/drm/omapdrm/omap_plane.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/drivers/gpu/drm/omapdrm/omap_plane.c b/drivers/gpu/drm/omapdrm/omap_plane.c
> index 2882cda..8d225d7 100644
> --- a/drivers/gpu/drm/omapdrm/omap_plane.c
> +++ b/drivers/gpu/drm/omapdrm/omap_plane.c
> @@ -247,6 +247,12 @@ static int omap_plane_update(struct drm_plane *plane,
> {
> struct omap_plane *omap_plane = to_omap_plane(plane);
> omap_plane->enabled = true;
> +
> + if (plane->fb)
> + drm_framebuffer_unreference(plane->fb);
Shouldn't the unref only happen once the flip has completed? Otherwise we
might free the memory which is still being scanned out and put some other
crap there.
Note that I've been too lazy to read the code, but I expected the unref of
the old one to happen after the ref-taking for the new one, with a vblank
wait/delay in between ... Might be that I'm completely off ;-)
-Daniel
> +
> + drm_framebuffer_reference(fb);
> +
> return omap_plane_mode_set(plane, crtc, fb,
> crtc_x, crtc_y, crtc_w, crtc_h,
> src_x, src_y, src_w, src_h,
> --
> 1.7.10.4
>
> _______________________________________________
> dri-devel mailing list
> dri-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/dri-devel
--
Daniel Vetter
Software Engineer, Intel Corporation
+41 (0) 79 365 57 48 - http://blog.ffwll.ch
More information about the dri-devel
mailing list