[PATCH 77/81] drm/i915: Kill drop_pages()
Chris Wilson
chris at chris-wilson.co.uk
Sat Apr 16 18:11:34 UTC 2016
The drop_pages() function is a dangerous trap in that it can release the
passed in object pointer and so unless the caller is aware, it can
easily trick us into using the stale object afterwards. Move it into its
solitary callsite where we know it is safe.
Signed-off-by: Chris Wilson <chris at chris-wilson.co.uk>
---
drivers/gpu/drm/i915/i915_gem.c | 20 +++++---------------
1 file changed, 5 insertions(+), 15 deletions(-)
diff --git a/drivers/gpu/drm/i915/i915_gem.c b/drivers/gpu/drm/i915/i915_gem.c
index f20f5a55e4d5..fbb33ca80853 100644
--- a/drivers/gpu/drm/i915/i915_gem.c
+++ b/drivers/gpu/drm/i915/i915_gem.c
@@ -278,20 +278,6 @@ i915_gem_object_unbind(struct drm_i915_gem_object *obj)
return ret;
}
-static int
-drop_pages(struct drm_i915_gem_object *obj)
-{
- int ret;
-
- drm_gem_object_reference(&obj->base);
- ret = i915_gem_object_unbind(obj);
- if (ret == 0)
- ret = i915_gem_object_put_pages(obj);
- drm_gem_object_unreference(&obj->base);
-
- return ret;
-}
-
int
i915_gem_object_attach_phys(struct drm_i915_gem_object *obj,
int align)
@@ -312,7 +298,11 @@ i915_gem_object_attach_phys(struct drm_i915_gem_object *obj,
if (obj->base.filp == NULL)
return -EINVAL;
- ret = drop_pages(obj);
+ ret = i915_gem_object_unbind(obj);
+ if (ret)
+ return ret;
+
+ ret = i915_gem_object_put_pages(obj);
if (ret)
return ret;
--
2.8.0.rc3
More information about the Intel-gfx-trybot
mailing list