diff options
author | Michel Dänzer <michel.daenzer@amd.com> | 2016-04-01 15:29:26 +0900 |
---|---|---|
committer | Michel Dänzer <michel.daenzer@amd.com> | 2016-04-01 15:29:26 +0900 |
commit | 5ba95c3abeb8df82aa8d33a47596eae6403ea7af (patch) | |
tree | 15c5bc7bbdb7263e893cbb061c51c083496b4d06 /src/amdgpu_present.c | |
parent | 8ecfa69b5a833bd4c39e773a6acfd7eef9144d13 (diff) |
Identify DRM event queue entries by sequence number instead of by pointer
If the memory for an entry was allocated at the same address as that for
a previously cancelled entry, the handler could theoretically be called
prematurely, triggered by the DRM event which was submitted for the
cancelled entry.
(Ported from radeon commit 4693b1bd5b5c381e8b7b68a6f7f0c6696d6a68df)
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Diffstat (limited to 'src/amdgpu_present.c')
-rw-r--r-- | src/amdgpu_present.c | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/src/amdgpu_present.c b/src/amdgpu_present.c index 4b33ce2..4aa0708 100644 --- a/src/amdgpu_present.c +++ b/src/amdgpu_present.c @@ -157,7 +157,7 @@ amdgpu_present_queue_vblank(RRCrtcPtr crtc, uint64_t event_id, uint64_t msc) AMDGPUEntPtr pAMDGPUEnt = AMDGPUEntPriv(scrn); int crtc_id = drmmode_get_crtc_id(xf86_crtc); struct amdgpu_present_vblank_event *event; - struct amdgpu_drm_queue_entry *queue; + uintptr_t drm_queue_seq; drmVBlank vbl; int ret; @@ -165,24 +165,25 @@ amdgpu_present_queue_vblank(RRCrtcPtr crtc, uint64_t event_id, uint64_t msc) if (!event) return BadAlloc; event->event_id = event_id; - queue = amdgpu_drm_queue_alloc(xf86_crtc, AMDGPU_DRM_QUEUE_CLIENT_DEFAULT, - event_id, event, - amdgpu_present_vblank_handler, - amdgpu_present_vblank_abort); - if (!queue) { + drm_queue_seq = amdgpu_drm_queue_alloc(xf86_crtc, + AMDGPU_DRM_QUEUE_CLIENT_DEFAULT, + event_id, event, + amdgpu_present_vblank_handler, + amdgpu_present_vblank_abort); + if (!drm_queue_seq) { free(event); return BadAlloc; } vbl.request.type = DRM_VBLANK_ABSOLUTE | DRM_VBLANK_EVENT | crtc_select(crtc_id); vbl.request.sequence = msc; - vbl.request.signal = (unsigned long)queue; + vbl.request.signal = drm_queue_seq; for (;;) { ret = drmWaitVBlank(pAMDGPUEnt->fd, &vbl); if (!ret) break; if (errno != EBUSY || !amdgpu_present_flush_drm_events(screen)) { - amdgpu_drm_abort_entry(queue); + amdgpu_drm_abort_entry(drm_queue_seq); return BadAlloc; } } |