From: Gerd Hoffmann <kra...@redhat.com>
Surface tracking needs proper locking since it is used from vcpu and spice
worker threads, add it. Also reset the surface counter when zapping all
surfaces.
Signed-off-by: Gerd Hoffmann <kra...@redhat.com>
---
hw/qxl.c | 13 ++++++++++++-
hw/qxl.h | 2 ++
2 files changed, 14 insertions(+), 1 deletions(-)
diff --git a/hw/qxl.c b/hw/qxl.c
index c1508a5..6862bc8 100644
--- a/hw/qxl.c
+++ b/hw/qxl.c
@@ -135,7 +135,12 @@ void qxl_spice_update_area(PCIQXLDevice *qxl, uint32_t
surface_id,
void qxl_spice_destroy_surface_wait(PCIQXLDevice *qxl, uint32_t id)
{
+ qemu_mutex_lock(&qxl->track_lock);
+ PANIC_ON(id >= NUM_SURFACES);
qxl->ssd.worker->destroy_surface_wait(qxl->ssd.worker, id);
+ qxl->guest_surfaces.cmds[id] = 0;
+ qxl->guest_surfaces.count--;
+ qemu_mutex_unlock(&qxl->track_lock);
}
void qxl_spice_loadvm_commands(PCIQXLDevice *qxl, struct QXLCommandExt *ext,
@@ -156,7 +161,11 @@ void qxl_spice_reset_memslots(PCIQXLDevice *qxl)
void qxl_spice_destroy_surfaces(PCIQXLDevice *qxl)
{
+ qemu_mutex_lock(&qxl->track_lock);
qxl->ssd.worker->destroy_surfaces(qxl->ssd.worker);
+ memset(&qxl->guest_surfaces.cmds, 0, sizeof(qxl->guest_surfaces.cmds));
+ qxl->guest_surfaces.count = 0;
+ qemu_mutex_unlock(&qxl->track_lock);
}
void qxl_spice_reset_image_cache(PCIQXLDevice *qxl)
@@ -315,6 +324,7 @@ static void qxl_track_command(PCIQXLDevice *qxl, struct
QXLCommandExt *ext)
QXLSurfaceCmd *cmd = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id);
uint32_t id = le32_to_cpu(cmd->surface_id);
PANIC_ON(id >= NUM_SURFACES);
+ qemu_mutex_lock(&qxl->track_lock);
if (cmd->type == QXL_SURFACE_CMD_CREATE) {
qxl->guest_surfaces.cmds[id] = ext->cmd.data;
qxl->guest_surfaces.count++;
@@ -325,6 +335,7 @@ static void qxl_track_command(PCIQXLDevice *qxl, struct
QXLCommandExt *ext)
qxl->guest_surfaces.cmds[id] = 0;
qxl->guest_surfaces.count--;
}
+ qemu_mutex_unlock(&qxl->track_lock);
break;
}
case QXL_CMD_CURSOR:
@@ -873,7 +884,6 @@ static void qxl_reset_surfaces(PCIQXLDevice *d)
dprint(d, 1, "%s:\n", __FUNCTION__);
d->mode = QXL_MODE_UNDEFINED;
qxl_spice_destroy_surfaces(d);
- memset(&d->guest_surfaces.cmds, 0, sizeof(d->guest_surfaces.cmds));
}
/* called from spice server thread context only */
@@ -1284,6 +1294,7 @@ static int qxl_init_common(PCIQXLDevice *qxl)
qxl->generation = 1;
qxl->num_memslots = NUM_MEMSLOTS;
qxl->num_surfaces = NUM_SURFACES;
+ qemu_mutex_init(&qxl->track_lock);
switch (qxl->revision) {
case 1: /* spice 0.4 -- qxl-1 */
diff --git a/hw/qxl.h b/hw/qxl.h
index 489d518..087ef6b 100644
--- a/hw/qxl.h
+++ b/hw/qxl.h
@@ -55,6 +55,8 @@ typedef struct PCIQXLDevice {
} guest_surfaces;
QXLPHYSICAL guest_cursor;
+ QemuMutex track_lock;
+
/* thread signaling */
pthread_t main;
int pipe[2];
--
1.7.6
