[Intel-gfx] [PATCH] [v2] drm/i915/vma: Correct use after free in eviction

Ben Widawsky ben at bwidawsk.net
Mon Aug 19 00:35:18 CEST 2013


On Sun, Aug 18, 2013 at 07:26:57PM +0200, Daniel Vetter wrote:
> On Fri, Aug 16, 2013 at 11:31:12PM +0100, Chris Wilson wrote:
> > On Fri, Aug 16, 2013 at 01:29:33PM -0700, Ben Widawsky wrote:
> > > The vma will [possibly] be destroyed during unbind in eviction.
> > > Immediately after this, we try to delete the list entry.
> > > 
> > > Chris and Ville did the debug on this before I woke up, I just get to
> > > take credit for the fix :p
> > > 
> > > v2: Missed the drm_object_unreference use after free (Ville)
> > > 
> > > Reported-by: Mika Kuoppala <mika.kuoppala at intel.com>
> > > Cc: Ville Syrjälä <ville.syrjala at linux.intel.com>
> > > Cc: Chris Wilson <chris at chris-wilson.co.uk>
> > > Signed-off-by: Ben Widawsky <ben at bwidawsk.net>
> 
> Since the commit message lacks that crucial piece of information: How was
> this discovered? I use that to tune my gut feeling for gauging the
> -nightly test effectiveness ...

Mika pasted an oops on #intel-gfx. Chris and Ville had is solved before
I woke up. It's pretty strange, Chris said the bug existed in the
original ppgtt2 branch (I'm too lazy to check). In many runs for myself,
and QA, I'd not seen the oops though. I really can't explain it.


-- 
Ben Widawsky, Intel Open Source Technology Center



More information about the Intel-gfx mailing list