On 27 May 2015 at 20:04, Frediano Ziglio <fziglio@xxxxxxxxxx> wrote: > qxl_bo structure has two reference counters, one in the GEM object and > another in the TTM object. The GEM object keep a counter to the TTM object > so when GEM counter reached zero the TTM counter (using qxl_bo_unref) was > decremented. The qxl object is fully freed (both GEM and TTM part are cleaned) > when the TTM counter reach zero. > One issue was that surface idr structure has no owning on qxl_bo objects however > it contains a pointer to qxl_bo object. This caused some nasty race condition > for instance qxl_bo object was reaped even after counter was already zero. > This patch fix these races moving main counter (the one used by qxl_bo_(un)ref) > to GEM object which cleanup routine (qxl_gem_object_free) remove the idr pointer > (using qxl_surface_evict) when the counters are still valid. Uggh, but yes, not sure I like this fix for the problem, but if it works, Reviewed-by: Dave Airlie <airlied@xxxxxxxxxx> _______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx http://lists.freedesktop.org/mailman/listinfo/spice-devel