From 6b354ccaee6988b91a97b1b70b4d84bd4d244cb1 Mon Sep 17 00:00:00 2001 From: ameerj <52414509+ameerj@users.noreply.github.com> Date: Mon, 4 Jan 2021 01:36:41 -0500 Subject: [PATCH] buffer_queue: Protect queue_sequence list access with a mutex fixes a data race as this is an unprotected variable manipulated by multiple threads --- .../hle/service/nvflinger/buffer_queue.cpp | 28 +++++++++++-------- src/core/hle/service/nvflinger/buffer_queue.h | 6 ++-- 2 files changed, 21 insertions(+), 13 deletions(-) diff --git a/src/core/hle/service/nvflinger/buffer_queue.cpp b/src/core/hle/service/nvflinger/buffer_queue.cpp index 0e6bde9f5d..c68905e192 100644 --- a/src/core/hle/service/nvflinger/buffer_queue.cpp +++ b/src/core/hle/service/nvflinger/buffer_queue.cpp @@ -26,10 +26,10 @@ void BufferQueue::SetPreallocatedBuffer(u32 slot, const IGBPBuffer& igbp_buffer) LOG_WARNING(Service, "Adding graphics buffer {}", slot); { - std::unique_lock lock{queue_mutex}; + std::unique_lock lock{free_buffers_mutex}; free_buffers.push_back(slot); } - condition.notify_one(); + free_buffers_condition.notify_one(); buffers[slot] = { .slot = slot, @@ -48,8 +48,8 @@ std::optional> BufferQueue::Dequeue u32 height) { // Wait for first request before trying to dequeue { - std::unique_lock lock{queue_mutex}; - condition.wait(lock, [this] { return !free_buffers.empty() || !is_connect; }); + std::unique_lock lock{free_buffers_mutex}; + free_buffers_condition.wait(lock, [this] { return !free_buffers.empty() || !is_connect; }); } if (!is_connect) { @@ -58,7 +58,7 @@ std::optional> BufferQueue::Dequeue return std::nullopt; } - std::unique_lock lock{queue_mutex}; + std::unique_lock lock{free_buffers_mutex}; auto f_itr = free_buffers.begin(); auto slot = buffers.size(); @@ -100,6 +100,7 @@ void BufferQueue::QueueBuffer(u32 slot, BufferTransformFlags transform, buffers[slot].crop_rect = crop_rect; buffers[slot].swap_interval = swap_interval; buffers[slot].multi_fence = multi_fence; + std::unique_lock lock{queue_sequence_mutex}; queue_sequence.push_back(slot); } @@ -113,15 +114,16 @@ void BufferQueue::CancelBuffer(u32 slot, const Service::Nvidia::MultiFence& mult buffers[slot].swap_interval = 0; { - std::unique_lock lock{queue_mutex}; + std::unique_lock lock{free_buffers_mutex}; free_buffers.push_back(slot); } - condition.notify_one(); + free_buffers_condition.notify_one(); buffer_wait_event.writable->Signal(); } std::optional> BufferQueue::AcquireBuffer() { + std::unique_lock lock{queue_sequence_mutex}; std::size_t buffer_slot = buffers.size(); // Iterate to find a queued buffer matching the requested slot. while (buffer_slot == buffers.size() && !queue_sequence.empty()) { @@ -147,25 +149,29 @@ void BufferQueue::ReleaseBuffer(u32 slot) { buffers[slot].status = Buffer::Status::Free; { - std::unique_lock lock{queue_mutex}; + std::unique_lock lock{free_buffers_mutex}; free_buffers.push_back(slot); } - condition.notify_one(); + free_buffers_condition.notify_one(); buffer_wait_event.writable->Signal(); } void BufferQueue::Connect() { + std::unique_lock lock{queue_sequence_mutex}; queue_sequence.clear(); is_connect = true; } void BufferQueue::Disconnect() { buffers.fill({}); - queue_sequence.clear(); + { + std::unique_lock lock{queue_sequence_mutex}; + queue_sequence.clear(); + } buffer_wait_event.writable->Signal(); is_connect = false; - condition.notify_one(); + free_buffers_condition.notify_one(); } u32 BufferQueue::Query(QueryType type) { diff --git a/src/core/hle/service/nvflinger/buffer_queue.h b/src/core/hle/service/nvflinger/buffer_queue.h index a2f60d9ebf..ad7469277d 100644 --- a/src/core/hle/service/nvflinger/buffer_queue.h +++ b/src/core/hle/service/nvflinger/buffer_queue.h @@ -129,8 +129,10 @@ private: std::list queue_sequence; Kernel::EventPair buffer_wait_event; - std::mutex queue_mutex; - std::condition_variable condition; + std::mutex free_buffers_mutex; + std::condition_variable free_buffers_condition; + + std::mutex queue_sequence_mutex; }; } // namespace Service::NVFlinger