From 8e91c6295dd38cf5b4d60e8069eb955218a94edb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jonas=20=C3=85dahl?= <jadahl@gmail.com>
Date: Fri, 7 Jan 2022 22:27:51 +0100
Subject: [PATCH] renderer/native: Clear old KMS updates on views rebuild

If there are any pending updates, for example if we painted one of
multiple monitors but without having posted the update due to waiting
for another monitor to be painted, but before we paint all of them and
post the update, another hotplug event happens, we'd have stale pending
KMS update. When that update eventually would be processed, we'd try to
apply out-of-date updates which may contain freed memory.

Fix this by discarding any update when we're rebuilding the views. We
can be sure not to need any of the old updates since we're rebuilding
the whole content anyway.

Closes: https://gitlab.gnome.org/GNOME/mutter/-/issues/1928
Part-of: <https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2216>
---
 src/backends/native/meta-kms.c             | 6 ++++++
 src/backends/native/meta-kms.h             | 2 ++
 src/backends/native/meta-renderer-native.c | 1 +
 3 files changed, 9 insertions(+)

diff --git a/src/backends/native/meta-kms.c b/src/backends/native/meta-kms.c
index 5f65e75d0..beeb486a0 100644
--- a/src/backends/native/meta-kms.c
+++ b/src/backends/native/meta-kms.c
@@ -181,6 +181,12 @@ struct _MetaKms
 
 G_DEFINE_TYPE (MetaKms, meta_kms, G_TYPE_OBJECT)
 
+void
+meta_kms_discard_pending_updates (MetaKms *kms)
+{
+  g_clear_list (&kms->pending_updates, (GDestroyNotify) meta_kms_update_free);
+}
+
 static void
 meta_kms_add_pending_update (MetaKms       *kms,
                              MetaKmsUpdate *update)
diff --git a/src/backends/native/meta-kms.h b/src/backends/native/meta-kms.h
index e8a129e4b..218cb7146 100644
--- a/src/backends/native/meta-kms.h
+++ b/src/backends/native/meta-kms.h
@@ -41,6 +41,8 @@ typedef enum _MetaKmsUpdateFlag
 #define META_TYPE_KMS (meta_kms_get_type ())
 G_DECLARE_FINAL_TYPE (MetaKms, meta_kms, META, KMS, GObject)
 
+void meta_kms_discard_pending_updates (MetaKms *kms);
+
 MetaKmsUpdate * meta_kms_ensure_pending_update (MetaKms       *kms,
                                                 MetaKmsDevice *device);
 
diff --git a/src/backends/native/meta-renderer-native.c b/src/backends/native/meta-renderer-native.c
index b38fceecf..be7bbce1f 100644
--- a/src/backends/native/meta-renderer-native.c
+++ b/src/backends/native/meta-renderer-native.c
@@ -1391,6 +1391,7 @@ meta_renderer_native_rebuild_views (MetaRenderer *renderer)
     META_RENDERER_CLASS (meta_renderer_native_parent_class);
 
   meta_kms_discard_pending_page_flips (kms);
+  meta_kms_discard_pending_updates (kms);
 
   keep_current_onscreens_alive (renderer);