[Intel-gfx] [PATCH] [v2] drm/i915/vma: Correct use after free in eviction
Daniel Vetter
daniel at ffwll.ch
Mon Aug 19 08:39:36 CEST 2013
On Mon, Aug 19, 2013 at 12:35 AM, Ben Widawsky <ben at bwidawsk.net> wrote:
> On Sun, Aug 18, 2013 at 07:26:57PM +0200, Daniel Vetter wrote:
>> On Fri, Aug 16, 2013 at 11:31:12PM +0100, Chris Wilson wrote:
>> > On Fri, Aug 16, 2013 at 01:29:33PM -0700, Ben Widawsky wrote:
>> > > The vma will [possibly] be destroyed during unbind in eviction.
>> > > Immediately after this, we try to delete the list entry.
>> > >
>> > > Chris and Ville did the debug on this before I woke up, I just get to
>> > > take credit for the fix :p
>> > >
>> > > v2: Missed the drm_object_unreference use after free (Ville)
>> > >
>> > > Reported-by: Mika Kuoppala <mika.kuoppala at intel.com>
>> > > Cc: Ville Syrjälä <ville.syrjala at linux.intel.com>
>> > > Cc: Chris Wilson <chris at chris-wilson.co.uk>
>> > > Signed-off-by: Ben Widawsky <ben at bwidawsk.net>
>>
>> Since the commit message lacks that crucial piece of information: How was
>> this discovered? I use that to tune my gut feeling for gauging the
>> -nightly test effectiveness ...
>
> Mika pasted an oops on #intel-gfx. Chris and Ville had is solved before
> I woke up. It's pretty strange, Chris said the bug existed in the
> original ppgtt2 branch (I'm too lazy to check). In many runs for myself,
> and QA, I'd not seen the oops though. I really can't explain it.
Thanks for the explanation. Please add such information (including the
full Oops) to the commit message next time around. I've asked Mika for
the backtrace meanwhile.
I guess this is another candidate for a testcase - if you and QA have
beat on this for a while and couldn't hit this bug we need to try
harder to hit bugs ;-)
-Daniel
--
Daniel Vetter
Software Engineer, Intel Corporation
+41 (0) 79 365 57 48 - http://blog.ffwll.ch
More information about the Intel-gfx
mailing list