From 84009175fb2ca71aa7db1dbae3856a492183b592 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jonas=20=C3=85dahl?= <jadahl@gmail.com>
Date: Fri, 7 Jan 2022 22:27:51 +0100
Subject: [PATCH] renderer/native: Clear old KMS updates on views rebuild

If there are any pending updates, for example if we painted one of
multiple monitors but without having posted the update due to waiting
for another monitor to be painted, but before we paint all of them and
post the update, another hotplug event happens, we'd have stale pending
KMS update. When that update eventually would be processed, we'd try to
apply out-of-date updates which may contain freed memory.

Fix this by discarding any update when we're rebuilding the views. We
can be sure not to need any of the old updates since we're rebuilding
the whole content anyway.

Closes: https://gitlab.gnome.org/GNOME/mutter/-/issues/1928
Part-of: <https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2216>


(cherry picked from commit 8e91c6295dd38cf5b4d60e8069eb955218a94edb)
---
 src/backends/native/meta-kms.c             | 6 ++++++
 src/backends/native/meta-kms.h             | 2 ++
 src/backends/native/meta-renderer-native.c | 1 +
 3 files changed, 9 insertions(+)

diff --git a/src/backends/native/meta-kms.c b/src/backends/native/meta-kms.c
index edb6f29eec2..13ee90f5262 100644
--- a/src/backends/native/meta-kms.c
+++ b/src/backends/native/meta-kms.c
@@ -179,6 +179,12 @@ struct _MetaKms
 
 G_DEFINE_TYPE (MetaKms, meta_kms, G_TYPE_OBJECT)
 
+void
+meta_kms_discard_pending_updates (MetaKms *kms)
+{
+  g_clear_list (&kms->pending_updates, (GDestroyNotify) meta_kms_update_free);
+}
+
 static void
 meta_kms_add_pending_update (MetaKms       *kms,
                              MetaKmsUpdate *update)
diff --git a/src/backends/native/meta-kms.h b/src/backends/native/meta-kms.h
index 79713cc4050..6f55bb445f6 100644
--- a/src/backends/native/meta-kms.h
+++ b/src/backends/native/meta-kms.h
@@ -40,6 +40,8 @@ typedef enum _MetaKmsUpdateFlag
 #define META_TYPE_KMS (meta_kms_get_type ())
 G_DECLARE_FINAL_TYPE (MetaKms, meta_kms, META, KMS, GObject)
 
+void meta_kms_discard_pending_updates (MetaKms *kms);
+
 MetaKmsUpdate * meta_kms_ensure_pending_update (MetaKms       *kms,
                                                 MetaKmsDevice *device);
 
diff --git a/src/backends/native/meta-renderer-native.c b/src/backends/native/meta-renderer-native.c
index 7e4af8fe0c9..735c37202dd 100644
--- a/src/backends/native/meta-renderer-native.c
+++ b/src/backends/native/meta-renderer-native.c
@@ -1174,6 +1174,7 @@ meta_renderer_native_rebuild_views (MetaRenderer *renderer)
     META_RENDERER_CLASS (meta_renderer_native_parent_class);
 
   meta_kms_discard_pending_page_flips (kms);
+  meta_kms_discard_pending_updates (kms);
 
   keep_current_onscreens_alive (renderer);
 
-- 
GitLab