[Intel-gfx] [PATCH] [v2] drm/i915: Fix another another use-after-free in do_switch

[Daniel Vetter]

On Sun, Aug 10, 2014 at 09:04:10AM +0100, Chris Wilson wrote:
> On Sat, Aug 09, 2014 at 01:15:16PM -0700, Ben Widawsky wrote:
> > See the following for many more details.
> > 
> > commit acc240d41ea1ab9c488a79219fb313b5b46265ae
> > Author: Daniel Vetter <daniel.vetter at ffwll.ch>
> > Date:   Thu Dec 5 15:42:34 2013 +0100
> > 
> >     drm/i915: Fix use-after-free in do_switch
> > 
> > In this case, the issue is only for full PPGTT:
> > do_switch
> >   context_unref
> >     ppgtt_release
> >       i915_gpu_idle
> > 	switch_to_default
> > 	from changes to default context

Pardon my ignorance (well this stuff is just hard), but can the above
still happen with Michel Thierry's patch to rework ppgtt_release?

In particular I seem to be too dense to find the ppgtt_release -> gpu_idle
step once the forcefull vma unbinding is gone. Doe I miss something?
Someone please enlighten me ...

Thanks, Daniel

> > 
> > This could be backported to the pre do_switch cleanup I did in this
> > series. However, it's much cleaner and more obvious as a patch on top,
> > so I'd really like to do this as a post cleanup patch.
> > 
> > v2: There was a bug in the original patch where the ring->last_context
> > was set too early. I am not sure how this wasn't being hit when I sent
> > this previously. Perhaps I tested the wrong patch previously.
> > 
> > Signed-off-by: Ben Widawsky <ben at bwidawsk.net>
> 
> Ok, I convinced myself that the you are fixing the bug you describe and
> don't seem to be introducing a new one, so
> 
> Reviewed-by: Chris Wilson <chris at chris-wilson.co.uk>
> -Chris
> 
> -- 
> Chris Wilson, Intel Open Source Technology Centre
> _______________________________________________
> Intel-gfx mailing list
> Intel-gfx at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/intel-gfx

-- 
Daniel Vetter
Software Engineer, Intel Corporation
+41 (0) 79 365 57 48 - http://blog.ffwll.ch