On Tue, Jun 19, 2018 at 5:50 PM Daniel Vetter <daniel.vetter@xxxxxxxx> wrote: > > The stuff never really worked, and leads to lots of fun because it > out-of-order frees atomic states. Which upsets KASAN, among other > things. > > For async updates we now have a more solid solution with the > ->atomic_async_check and ->atomic_async_commit hooks. Support for that > for msm and vc4 landed. nouveau and i915 have their own commit > routines, doing something similar. > > For everyone else it's probably better to remove the use-after-free > bug, and encourage folks to use the async support instead. The > affected drivers which register a legacy cursor plane and don't either > use the new async stuff or their own commit routine are: amdgpu, > atmel, mediatek, qxl, rockchip, sti, sun4i, tegra, virtio, and vmwgfx. > > Inspired by an amdgpu bug report. > > References: https://bugzilla.kernel.org/show_bug.cgi?id=199425 > Cc: mikita.lipski@xxxxxxx > Cc: Michel Dänzer <michel@xxxxxxxxxxx> > Cc: harry.wentland@xxxxxxx > Signed-off-by: Daniel Vetter <daniel.vetter@xxxxxxxxx> Any comments on this from amd's side? -Daniel > --- > drivers/gpu/drm/drm_atomic_helper.c | 13 ------------- > 1 file changed, 13 deletions(-) > > diff --git a/drivers/gpu/drm/drm_atomic_helper.c b/drivers/gpu/drm/drm_atomic_helper.c > index 130da5195f3b..5a576cdf26dd 100644 > --- a/drivers/gpu/drm/drm_atomic_helper.c > +++ b/drivers/gpu/drm/drm_atomic_helper.c > @@ -1330,13 +1330,6 @@ drm_atomic_helper_wait_for_vblanks(struct drm_device *dev, > int i, ret; > unsigned crtc_mask = 0; > > - /* > - * Legacy cursor ioctls are completely unsynced, and userspace > - * relies on that (by doing tons of cursor updates). > - */ > - if (old_state->legacy_cursor_update) > - return; > - > for_each_oldnew_crtc_in_state(old_state, crtc, old_crtc_state, new_crtc_state, i) { > if (!new_crtc_state->active) > continue; > @@ -1884,12 +1877,6 @@ int drm_atomic_helper_setup_commit(struct drm_atomic_state *state, > continue; > } > > - /* Legacy cursor updates are fully unsynced. */ > - if (state->legacy_cursor_update) { > - complete_all(&commit->flip_done); > - continue; > - } > - > if (!new_crtc_state->event) { > commit->event = kzalloc(sizeof(*commit->event), > GFP_KERNEL); > -- > 2.18.0.rc2 > -- Daniel Vetter Software Engineer, Intel Corporation +41 (0) 79 365 57 48 - http://blog.ffwll.ch _______________________________________________ dri-devel mailing list dri-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/dri-devel
