Bug 29053

Summary: possible memory corruption (win32 qxl)
Product: Spice Reporter: Yonit Halperin <yhalperi>
Component: win32 qxl xddmAssignee: Alexander Larsson <alexl>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: medium    
Version: unspecified   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:
Bug Depends on: 29254    
Bug Blocks:    

Description Yonit Halperin 2010-07-13 23:02:44 UTC 
The PDev->surfaces_info array, is allocated/freed when a PDev is enabled/disabled.
A surface info is used in FreeDelSurface for releasing the surface drawarea memory in the device RAM.
While the surfaces_info array is destroyed when a PDev is disabled, surfaces that correspond to the this PDev may still be referenced by the worker and/or the release ring. Thus, when those are released we will encounter an error.

The solution should make surfaces_info global (per device), similarly to the surfaces_used array. However, the primary surface, which is not released in FreeDelSurface, but uses surfaces_info in DeleteDeviceBitmap, should be handled separately, since two primary surfaces of two different PDevs can be alive simultaneously (e.g., DrvAssertMode(disabled) is called for PDev X, and DrvEnableSurface is called fo PDev Y).
Comment 1 Yonit Halperin 2010-07-26 06:14:23 UTC 
Update:
The problem is a little different:
In DrvGetDirectDrawInfo we map the off-screean surfaces heap to the VRAM.
This is done for each pdev. But if DrvAssertMode(false) is called for pdev X,
and then pdev Y is enabled, surfaces that are allocated for pdev Y may override the memory of pdev's X surfaces. Operations on pdev's x surfaces are still possible till it is totally disabled (and it can also be enabled using DrvAssetMode(true)). Thus, we may encounter memory corruption.
Comment 2 Yonit Halperin 2010-07-28 06:51:09 UTC 
The bug is related to Bug 29254. If we change the off-screens' memory management,
this bug is no longer relevant
Comment 3 Alexander Larsson 2010-08-24 01:31:46 UTC 
surfaces_info is global now

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.