@@ -620,10 +620,14 @@ static void qxl_cursor_atomic_update(struct drm_plane *plane,
if (ret)
goto out_kunmap;
- ret = qxl_release_reserve_list(release, true);
+ ret = qxl_bo_pin(cursor_bo);
if (ret)
goto out_free_bo;
+ ret = qxl_release_reserve_list(release, true);
+ if (ret)
+ goto out_unpin;
+
ret = qxl_bo_kmap(cursor_bo, (void **)&cursor);
if (ret)
goto out_backoff;
@@ -668,6 +672,8 @@ static void qxl_cursor_atomic_update(struct drm_plane *plane,
qxl_push_cursor_ring_release(qdev, release, QXL_CMD_CURSOR, false);
qxl_release_fence_buffer_objects(release);
+ if (old_cursor_bo != NULL)
+ qxl_bo_unpin(old_cursor_bo);
qxl_bo_unref(&old_cursor_bo);
qxl_bo_unref(&cursor_bo);
@@ -675,6 +681,8 @@ static void qxl_cursor_atomic_update(struct drm_plane *plane,
out_backoff:
qxl_release_backoff_reserve_list(release);
+out_unpin:
+ qxl_bo_unpin(cursor_bo);
out_free_bo:
qxl_bo_unref(&cursor_bo);
out_kunmap:
QEMU keeps a vram reference to the last QXLCursorCmd it received. This QXLCursorCmd command points to a QXLCursor instance (stored in vram too). However, while the QXLCursorCmd memory is pinned, the QXLCursor memory is not. When booting a recent Fedora to its login screen while monitoring the QXLCursorCmd QEMU holds, it's possible to see the QXLCursor memory becoming invalid shortly after boot. Pinning that memory ensures that that QXLCursor memory is not going to be moved by the guest kernel. Moving the pin/unpin to qxl_release_list_add()/qxl_release_free_list() would be a more generic fix. However, doing this quickly exhausts QXL video memory, so more fixing would be needed before this is workable. Signed-off-by: Christophe Fergeau <cfergeau@redhat.com> --- drivers/gpu/drm/qxl/qxl_display.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-)