drm/nouveau: Fix null deref in nouveau_fence_emit due to deleted fence
authorLuca Barbieri <luca@luca-barbieri.com>
Wed, 6 Jan 2010 03:02:45 +0000 (04:02 +0100)
committerBen Skeggs <bskeggs@redhat.com>
Sun, 10 Jan 2010 23:06:43 +0000 (09:06 +1000)
commit234896a7671c23233230622728f6942b3d1c098e
tree38a9a140b0bd0a78aa92cad27b27691dbc71d719
parent7978b9cfa59133a34aaad420e447c2a29d5c6152
drm/nouveau: Fix null deref in nouveau_fence_emit due to deleted fence

Currently Nouveau will unvalidate all buffers if it is forced to wait on
one, and then start revalidating from the beginning.  While doing so, it
destroys the operation fence, causing nouveau_fence_emit to crash.

This patch fixes this bug by taking the fence object out of validate_op
and creating it just before emit.  The fence pointer is initialized to 0
and unref'ed unconditionally.

In addition to fixing the bug, this prevents its reintroduction and
simplifies the code.

Signed-off-by: Luca Barbieri <luca@luca-barbieri.com>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
drivers/gpu/drm/nouveau/nouveau_gem.c