[PATCH 1/1] drm/i915/active: Debug remote request uaf

[Janusz Krzysztofik]

CI results from gem_barrier_race at remote-request indicate we may have a
uaf bug that affects newly created requests we are trying to register
with remote trackers.  Try to confirm that hypothesis by exploding on
the request's fence callback list not empty on first attempt to register
it with a fence tracker.

Signed-off-by: Janusz Krzysztofik <janusz.krzysztofik at linux.intel.com>
---
 drivers/gpu/drm/i915/i915_active.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/drivers/gpu/drm/i915/i915_active.c b/drivers/gpu/drm/i915/i915_active.c
index a9fea115f2d26..a6dde9054ee0a 100644
--- a/drivers/gpu/drm/i915/i915_active.c
+++ b/drivers/gpu/drm/i915/i915_active.c
@@ -1079,6 +1079,11 @@ int i915_active_fence_set(struct i915_active_fence *active,
 
 	/* Must maintain timeline ordering wrt previous active requests */
 	rcu_read_lock();
+	/*
+	 * intel_context_prepare_remote_request() -- our only user -- should
+	 * always pass a new, untracked request, make sure that's the case.
+	 */
+	GEM_BUG_ON(!list_empty(&rq->fence.cb_list));
 	fence = __i915_active_fence_set(active, &rq->fence);
 	if (fence) /* but the previous fence may not belong to that timeline! */
 		fence = dma_fence_get_rcu(fence);
-- 
2.25.1