On Wed, Apr 12, 2017 at 11:55:24AM +0200, Christian König wrote: > Am 12.04.2017 um 06:57 schrieb Dave Airlie: > >+static int amdgpu_sem_lookup_and_remove(struct amdgpu_cs_parser *p, > >+ uint32_t handle) > >+{ > >+ int r; > >+ struct dma_fence *old_fence; > >+ > >+ r = drm_syncobj_replace_fence(p->filp, handle, NULL); > >+ if (r) > >+ return r; > >+ dma_fence_put(old_fence); > > Am I wrong or is old_fence not initialized here? > > Additional to that what happens when the fence in the sync object > was changed while we do the CS? Or even worse the handle got > assigned to a new sync object. We either ww_mutex the lot, or regard that as a userspace race where the order between the two concurrent CS emits is undefined and who gets the in-semaphore is happenstance. -Chris -- Chris Wilson, Intel Open Source Technology Centre