[Intel-gfx] [PATCH v2] drm/i915: Ensure associated VMAs are inactive when contexts are destroyed
Chris Wilson
chris at chris-wilson.co.uk
Tue Nov 17 08:04:40 PST 2015
On Tue, Nov 17, 2015 at 03:53:24PM +0000, Tvrtko Ursulin wrote:
> From: Tvrtko Ursulin <tvrtko.ursulin at intel.com>
>
> In the following commit:
>
> commit e9f24d5fb7cf3628b195b18ff3ac4e37937ceeae
> Author: Tvrtko Ursulin <tvrtko.ursulin at intel.com>
> Date: Mon Oct 5 13:26:36 2015 +0100
>
> drm/i915: Clean up associated VMAs on context destruction
>
> I added a WARN_ON assertion that VM's active list must be empty
> at the time of owning context is getting freed, but that turned
> out to be a wrong assumption.
>
> Due ordering of operations in i915_gem_object_retire__read, where
> contexts are unreferenced before VMAs are moved to the inactive
> list, the described situation can in fact happen.
>
> It feels wrong to do things in such order so this fix makes sure
> a reference to context is held until the move to inactive list
> is completed.
>
> v2: Rather than hold a temporary context reference move the
> request unreference to be the last operation. (Daniel Vetter)
Because that is a use-after-free.
-Chris
--
Chris Wilson, Intel Open Source Technology Centre
More information about the Intel-gfx
mailing list