Commit 889ad63d authored Jun 01, 2018 by Jeremy Cline Committed by Gerd Hoffmann Jun 04, 2018

drm/qxl: Call qxl_bo_unref outside atomic context

"qxl_bo_unref" may sleep, but calling "qxl_release_map" causes
"preempt_disable()" to be called and "preempt_enable()" isn't called
until "qxl_release_unmap" is used. Move the call to "qxl_bo_unref" out
from in between the two to avoid sleeping from an atomic context.

This issue can be demonstrated on a kernel with CONFIG_LOCKDEP=y by
creating a VM using QXL, using a desktop environment using Xorg, then
moving the cursor on or off a window.

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1571128


Fixes: 9428088c ("drm/qxl: reapply cursor after resetting primary")
Cc: stable@vger.kernel.org
Signed-off-by: Jeremy Cline <jcline@redhat.com>
Link: http://patchwork.freedesktop.org/patch/msgid/20180601200532.13619-1-jcline@redhat.com


Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

parent c32048d9

drivers/gpu/drm/qxl/qxl_display.c

+5 −2

Original line number	Diff line number	Diff line
		@@ -630,7 +630,7 @@ static void qxl_cursor_atomic_update(struct drm_plane *plane,
		struct qxl_cursor_cmd *cmd;
		struct qxl_cursor *cursor;
		struct drm_gem_object *obj;
		struct qxl_bo cursor_bo = NULL, user_bo = NULL;
		struct qxl_bo cursor_bo = NULL, user_bo = NULL, *old_cursor_bo = NULL;
		int ret;
		void *user_ptr;
		int size = 64644;
		@@ -684,7 +684,7 @@ static void qxl_cursor_atomic_update(struct drm_plane *plane,
		cursor_bo, 0);
		cmd->type = QXL_CURSOR_SET;

		qxl_bo_unref(&qcrtc->cursor_bo);
		old_cursor_bo = qcrtc->cursor_bo;
		qcrtc->cursor_bo = cursor_bo;
		cursor_bo = NULL;
		} else {
		@@ -704,6 +704,9 @@ static void qxl_cursor_atomic_update(struct drm_plane *plane,
		qxl_push_cursor_ring_release(qdev, release, QXL_CMD_CURSOR, false);
		qxl_release_fence_buffer_objects(release);

		if (old_cursor_bo)
		qxl_bo_unref(&old_cursor_bo);

		qxl_bo_unref(&cursor_bo);

		return;