backend/drm: fix queued cursor FB overwritten with NULL
With the following sequence of events, the cursor FB fields could end up being all set to NULL while the cursor is enabled:
- set_cursor is called, conn->cursor_pending_fb is set to a FB pointer.
- The output is committed with a buffer. crtc->cursor->queued_fb is set to the FB pointer, conn->cursor_pending_fb is reset to NULL. A page-flip event is expected in the future.
- The output is committed with a modeset before the page-flip event is triggered. crtc->cursor->queued_fb is reset to NULL.
At this point all of crtc->cursor->current_fb, crtc->cursor->queued_fb and conn->cursor_pending_fb are NULL which is a bogus state when the cursor plane is enabled.
To avoid this issue, avoid overwriting crtc->cursor->queued_fb with a NULL pointer on commit. The cursor logic still isn't great, but let's keep a rework of that for a separate patch.
Closes: #3734 (closed)