gfx: drv: Clean pending page flip events when device is closed
If userspace closes the device node with pending page flips driver keeps
a pointer to file private that is already freed. Following backtrace
shows the oops happening.
[ 643.828884] BUG: unable to handle kernel paging request at
6b6b6b6b
[ 643.835082] IP: [<
c1224b6e>] __list_add+0x2a/0x5c
[ 643.888465] EIP is at __list_add+0x2a/0x5c
[ 643.943931] Call Trace:
[ 643.946376] [<
c139c0d8>] psb_intel_flip_complete+0x71/0xcb
[ 643.951937] [<
c139c1c8>] sync_callback+0x96/0x9f
[ 643.956631] [<
c1371310>] PVRSRVCallbackOnSync+0x37/0xb7
[ 643.961934] [<
c139c132>] ? psb_intel_flip_complete+0xcb/0xcb
[ 643.967673] [<
c139c049>] psb_intel_crtc_page_flip+0xa1/0xbf
[ 643.973324] [<
c1282f5d>] drm_mode_page_flip_ioctl+0x13f/0x190
[ 643.979151] [<
c12778bf>] drm_ioctl+0x276/0x332
To cleanup pending events driver has to keep linked list of pending
flips in file private. When file is closed all events in pending flips
for the file are cleared.
To avoid race conditions dev->event_lock is used to protect pending
flips lists from parallel access.
Issue: KER-47
Signed-off-by: Pauli Nieminen <pauli.nieminen@linux.intel.com>
CC: Rahul Verman <rahul.verma@intel.com>
Acked-by: Sean V Kelley <sean.v.kelley@intel.com>
Reviewed-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
projects / kernel / kernel-mfld-blackbay.git / commit