[Intel-gfx] [PATCH] drm/i915: Don't deref request->ctx inside unlocked print_request()
Mika Kuoppala
mika.kuoppala at linux.intel.com
Wed Feb 28 12:32:40 UTC 2018
Chris Wilson <chris at chris-wilson.co.uk> writes:
> Although we protect the request itself, we don't lock inside
> intel_engine_dump() and so the request maybe retired as we peek into it.
> One consequence is that the request->ctx may be freed before we
> dereference it, leading to a use-after-free. Replace the hw_id we are
> peeking from inside request->ctx with the request->fence.context, with
> which we can still track from which context the request originated
> (although to tie to HW reports requires a little more legwork, but is
> good enough to follow the GEM traces).
How we do the legwork? I tried to see from the code how we
can associate ctx hw_id with the fence.context id but failed.
-Mika
More information about the Intel-gfx
mailing list