[Intel-gfx] [PATCH 1/3] drm/i915/gt: Do not allow setting ring size for legacy ring submission
Maarten Lankhorst
maarten.lankhorst at linux.intel.com
Mon Jun 21 12:49:21 UTC 2021
Op 21-06-2021 om 14:08 schreef Tvrtko Ursulin:
>
> I had some questions on the trybot mailing list, let me copy&paste..
>
> On 21/06/2021 12:41, Maarten Lankhorst wrote:
>> It doesn't work for legacy ring submission, and is in the best case
>> ignored.
>
> Looks rejected instead of ignored:
>
> static int set_ringsize(struct i915_gem_context *ctx,
> struct drm_i915_gem_context_param *args)
> {
> if (!HAS_LOGICAL_RING_CONTEXTS(ctx->i915))
> return -ENODEV;
>>
>> In the worst case we end up freeing engine->legacy.ring for all other
>> active engines, resulting in a use-after-free.
>
> Worst case is cloning because ring_context_alloc is not taking a reference to engine->legacy.ring, or something else?
>
> Regards,
>
> Tvrtko
I only noticed this because tests started failing, if it should already hit -ENODEV then that's weird..
See: https://patchwork.freedesktop.org/series/91501/ for the failure.
It should not hit the INCOMPLETEs there.
The legacy contexts don't grab a reference to engine->legacy.ring, but a copy to the pointer, presumably because its lifetime is always shorter than the ring lifetime, so it will actually free it.
~Maarten
More information about the Intel-gfx
mailing list