Module: Mesa
Branch: 7.11
Commit: 8d1f1eae93a873fae3639134581de6ac1f6d413e
URL:
http://cgit.freedesktop.org/mesa/mesa/commit/?id=8d1f1eae93a873fae3639134581de6ac1f6d413e
Author: Marcin Slusarz <marcin.slus...@gmail.com>
Date: Sun Sep 25 16:01:19 2011 +0200
nouveau: fix crash during fence emission
Fence emission can flush the push buffer, which through flush_notify
unreferences recently emitted fence. If ref count is increased after
fence emission, unreference deletes the fence, which causes SIGSEGV.
Backtrace:
nouveau_fence_del
nouveau_fence_ref
nouveau_fence_next
nouveau_pushbuf_flush
MARK_RING
nv50_screen_fence_emit
nouveau_fence_emit
nv50_flush
This bug manifested as an assertion failure in nouveau_fence.c, because
SIGSEGV handler tried to shutdown the application and used messed up
fence.
This issue was reported by Maxim Levitsky.
(commit e1e03ce4928edf4ea0ef43d853cb869f70b126aa in master)
---
src/gallium/drivers/nouveau/nouveau_fence.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/gallium/drivers/nouveau/nouveau_fence.c
b/src/gallium/drivers/nouveau/nouveau_fence.c
index ea2038c..26e4775 100644
--- a/src/gallium/drivers/nouveau/nouveau_fence.c
+++ b/src/gallium/drivers/nouveau/nouveau_fence.c
@@ -93,8 +93,6 @@ nouveau_fence_emit(struct nouveau_fence *fence)
/* set this now, so that if fence.emit triggers a flush we don't recurse */
fence->state = NOUVEAU_FENCE_STATE_EMITTED;
- screen->fence.emit(&screen->base, fence->sequence);
-
++fence->ref;
if (screen->fence.tail)
@@ -103,6 +101,8 @@ nouveau_fence_emit(struct nouveau_fence *fence)
screen->fence.head = fence;
screen->fence.tail = fence;
+
+ screen->fence.emit(&screen->base, fence->sequence);
}
void
_______________________________________________
mesa-commit mailing list
mesa-commit@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/mesa-commit
