[Intel-gfx] [PATCH] drm/i915: Don't deref request->ctx inside unlocked print_request()

Chris Wilson chris at chris-wilson.co.uk
Wed Feb 28 12:41:31 UTC 2018


Quoting Mika Kuoppala (2018-02-28 12:32:40)
> Chris Wilson <chris at chris-wilson.co.uk> writes:
> 
> > Although we protect the request itself, we don't lock inside
> > intel_engine_dump() and so the request maybe retired as we peek into it.
> > One consequence is that the request->ctx may be freed before we
> > dereference it, leading to a use-after-free. Replace the hw_id we are
> > peeking from inside request->ctx with the request->fence.context, with
> > which we can still track from which context the request originated
> > (although to tie to HW reports requires a little more legwork, but is
> > good enough to follow the GEM traces).
> 
> How we do the legwork? I tried to see from the code how we
> can associate ctx hw_id with the fence.context id but failed.

It's currently inside tracepoints.
-Chris


More information about the Intel-gfx mailing list