[mutter] renderer/native: Clear old KMS updates on views rebuild

[Marge Bot <marge-bot src gnome org>]

commit 8e91c6295dd38cf5b4d60e8069eb955218a94edb
Author: Jonas Ådahl <jadahl gmail com>
Date:   Fri Jan 7 22:27:51 2022 +0100

    renderer/native: Clear old KMS updates on views rebuild
    
    If there are any pending updates, for example if we painted one of
    multiple monitors but without having posted the update due to waiting
    for another monitor to be painted, but before we paint all of them and
    post the update, another hotplug event happens, we'd have stale pending
    KMS update. When that update eventually would be processed, we'd try to
    apply out-of-date updates which may contain freed memory.
    
    Fix this by discarding any update when we're rebuilding the views. We
    can be sure not to need any of the old updates since we're rebuilding
    the whole content anyway.
    
    Closes: https://gitlab.gnome.org/GNOME/mutter/-/issues/1928
    Part-of: <https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2216>

 src/backends/native/meta-kms.c             | 6 ++++++
 src/backends/native/meta-kms.h             | 2 ++
 src/backends/native/meta-renderer-native.c | 1 +
 3 files changed, 9 insertions(+)
---
diff --git a/src/backends/native/meta-kms.c b/src/backends/native/meta-kms.c
index 5f65e75d01..beeb486a01 100644
--- a/src/backends/native/meta-kms.c
+++ b/src/backends/native/meta-kms.c
@@ -181,6 +181,12 @@ struct _MetaKms
 
 G_DEFINE_TYPE (MetaKms, meta_kms, G_TYPE_OBJECT)
 
+void
+meta_kms_discard_pending_updates (MetaKms *kms)
+{
+  g_clear_list (&kms->pending_updates, (GDestroyNotify) meta_kms_update_free);
+}
+
 static void
 meta_kms_add_pending_update (MetaKms       *kms,
                              MetaKmsUpdate *update)
diff --git a/src/backends/native/meta-kms.h b/src/backends/native/meta-kms.h
index e8a129e4b7..218cb71463 100644
--- a/src/backends/native/meta-kms.h
+++ b/src/backends/native/meta-kms.h
@@ -41,6 +41,8 @@ typedef enum _MetaKmsUpdateFlag
 #define META_TYPE_KMS (meta_kms_get_type ())
 G_DECLARE_FINAL_TYPE (MetaKms, meta_kms, META, KMS, GObject)
 
+void meta_kms_discard_pending_updates (MetaKms *kms);
+
 MetaKmsUpdate * meta_kms_ensure_pending_update (MetaKms       *kms,
                                                 MetaKmsDevice *device);
 
diff --git a/src/backends/native/meta-renderer-native.c b/src/backends/native/meta-renderer-native.c
index b38fceecf6..be7bbce1fd 100644
--- a/src/backends/native/meta-renderer-native.c
+++ b/src/backends/native/meta-renderer-native.c
@@ -1391,6 +1391,7 @@ meta_renderer_native_rebuild_views (MetaRenderer *renderer)
     META_RENDERER_CLASS (meta_renderer_native_parent_class);
 
   meta_kms_discard_pending_page_flips (kms);
+  meta_kms_discard_pending_updates (kms);
 
   keep_current_onscreens_alive (renderer);