[Bug 99684] [BDW] use-after-free in gen8_ppgtt_alloc_page_directories
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Sun Feb 5 13:42:08 UTC 2017
https://bugs.freedesktop.org/show_bug.cgi?id=99684
--- Comment #1 from Chris Wilson <chris at chris-wilson.co.uk> ---
Shrinker doing unbind + clear_range vs bind + va_allocate is protected by
struct_mutex. But what if the shrinker is triggered by va_allocate or
insert-enties. Insert-entries should not be an issue, it should never allocate.
But there is a window of opportunity for the shrinker to run as we do allocate
and reap a level after we have already checked its presence.
Please see the patches on the list as to how we could fix this by moving the
accounting into the allocation phase - that will prevent us from reaping levels
we have already processed.
--
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/intel-gfx-bugs/attachments/20170205/bdcf0ffa/attachment.html>
More information about the intel-gfx-bugs
mailing list