This is a note to let you know that I've just added the patch titled
drm/radeon: fix oops in ttm reserve when pageflipping (v2)
to the 2.6.39-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
drm-radeon-fix-oops-in-ttm-reserve-when-pageflipping-v2.patch
and it can be found in the queue-2.6.39 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <[email protected]> know about it.
>From 498c555f56a02ec1059bc150cde84411ba0ac010 Mon Sep 17 00:00:00 2001
From: Dave Airlie <[email protected]>
Date: Sun, 29 May 2011 17:48:32 +1000
Subject: drm/radeon: fix oops in ttm reserve when pageflipping (v2)
From: Dave Airlie <[email protected]>
commit 498c555f56a02ec1059bc150cde84411ba0ac010 upstream.
We need to take a reference to this object, pinning doesn't take a reference
so if userspace deletes the object it can disappear even if pinned.
v2: fix error paths to unreference properly also.
should fix:
https://bugzilla.kernel.org/show_bug.cgi?id=32402
and
https://bugzilla.redhat.com/show_bug.cgi?id=680651
Acked-By: Alex Deucher <[email protected]>
Signed-off-by: Dave Airlie <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/gpu/drm/radeon/radeon_display.c | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
--- a/drivers/gpu/drm/radeon/radeon_display.c
+++ b/drivers/gpu/drm/radeon/radeon_display.c
@@ -264,6 +264,8 @@ static void radeon_unpin_work_func(struc
radeon_bo_unreserve(work->old_rbo);
} else
DRM_ERROR("failed to reserve buffer after flip\n");
+
+ drm_gem_object_unreference_unlocked(&work->old_rbo->gem_base);
kfree(work);
}
@@ -371,6 +373,8 @@ static int radeon_crtc_page_flip(struct
new_radeon_fb = to_radeon_framebuffer(fb);
/* schedule unpin of the old buffer */
obj = old_radeon_fb->obj;
+ /* take a reference to the old object */
+ drm_gem_object_reference(obj);
rbo = gem_to_radeon_bo(obj);
work->old_rbo = rbo;
INIT_WORK(&work->work, radeon_unpin_work_func);
@@ -378,12 +382,9 @@ static int radeon_crtc_page_flip(struct
/* We borrow the event spin lock for protecting unpin_work */
spin_lock_irqsave(&dev->event_lock, flags);
if (radeon_crtc->unpin_work) {
- spin_unlock_irqrestore(&dev->event_lock, flags);
- kfree(work);
- radeon_fence_unref(&fence);
-
DRM_DEBUG_DRIVER("flip queue: crtc already busy\n");
- return -EBUSY;
+ r = -EBUSY;
+ goto unlock_free;
}
radeon_crtc->unpin_work = work;
radeon_crtc->deferred_flip_completion = 0;
@@ -497,6 +498,8 @@ pflip_cleanup1:
pflip_cleanup:
spin_lock_irqsave(&dev->event_lock, flags);
radeon_crtc->unpin_work = NULL;
+unlock_free:
+ drm_gem_object_unreference_unlocked(old_radeon_fb->obj);
spin_unlock_irqrestore(&dev->event_lock, flags);
radeon_fence_unref(&fence);
kfree(work);
Patches currently in stable-queue which might be from [email protected] are
queue-2.6.39/drm-radeon-kms-add-new-ni-pci-ids.patch
queue-2.6.39/drm-radeon-kms-fix-backend-map-typo-on-juniper.patch
queue-2.6.39/drm-radeon-kms-fix-typo-in-evergreen-disp-int-status.patch
queue-2.6.39/drm-radeon-kms-free-ib-pool-on-module-unloading.patch
queue-2.6.39/drm-radeon-fix-oops-in-ttm-reserve-when-pageflipping-v2.patch
queue-2.6.39/drm-radeon-kms-clean-up-multiple-crtc-handling-for.patch
queue-2.6.39/drm-radeon-kms-fix-typo-in-ih_cntl-swap-bitfield.patch
_______________________________________________
stable mailing list
[email protected]
http://linux.kernel.org/mailman/listinfo/stable
