Skip to content

backend/drm: fix queued cursor FB overwritten with NULL

Simon Ser requested to merge emersion/wlroots:fix-drm-pending-cursor into master

With the following sequence of events, the cursor FB fields could end up being all set to NULL while the cursor is enabled:

  1. set_cursor is called, conn->cursor_pending_fb is set to a FB pointer.
  2. The output is committed with a buffer. crtc->cursor->queued_fb is set to the FB pointer, conn->cursor_pending_fb is reset to NULL. A page-flip event is expected in the future.
  3. The output is committed with a modeset before the page-flip event is triggered. crtc->cursor->queued_fb is reset to NULL.

At this point all of crtc->cursor->current_fb, crtc->cursor->queued_fb and conn->cursor_pending_fb are NULL which is a bogus state when the cursor plane is enabled.

To avoid this issue, avoid overwriting crtc->cursor->queued_fb with a NULL pointer on commit. The cursor logic still isn't great, but let's keep a rework of that for a separate patch.

Closes: #3734 (closed)

Merge request reports

Loading