On Thu, Apr 10, 2014 at 02:47:52PM +0300, Tomi Valkeinen wrote:
Hi,
I've been debugging omapdrm issues on top of the latest drm mainline changes. Sometimes a drm_framebuffer ref count drops to -1 when aborting a drm application, or unloading the modules.
The setup is very basic, just a single crtc with the crtc's primary plane.
What seems to happen is:
App is started
fb is created, and taken into use by omapdrm. omapdrm takes a ref to
the fb.
the app is starts to shut down
drm_framebuffer_remove is called
fb->refcount.refcount > 1, so it goes to disable stuff
drm_plane_force_disable is called for the primary plane
drm_plane_force_disable does plane->disable_plane, which on omapdrm
puts stuff on a workqueue as plane cannot be disabled immediately
drm_plane_force_disable calls __drm_framebuffer_unreference()
at the end of drm_framebuffer_remove(), there's
drm_framebuffer_unreference, which causes ref count to go to zero, and the fb to be destroyed
- a bit later, the queued work is ran, which does
drm_framebuffer_unreference(), and ref count goes to -1. Here omapdrm is removing the ref that had been taken in the beginning.
So the explicit unref done by drm_plane_force_disable() seems a bit out of place. I can't figure out which drm_framebuffer_reference() would be the matching one for the unref done by drm_plane_force_disable().
Any ideas what ref is that? Or is the __drm_framebuffer_unreference() extra in drm_plane_force_disable()?
That's the reference that was taken by the drm_mode_setplane() when it succesfully called the .update_plane() hook.
__drm_framebuffer_unregister() drops the "idr reference" taken in drm_framebuffer_init().
And the last ref dropped by drm_framebuffer_remove() is the initial ref from kref_init() which I suppose is what the 'fpriv->fbs reference' comments are referring to.