[PATCH] drm/ttm: Always and only destroy bo->ttm_resv in ttm_bo_release_list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 02/11/17 11:49 AM, Christian König wrote:
> Am 01.11.2017 um 17:15 schrieb Michel Dänzer:
>> From: Michel Dänzer <michel.daenzer at amd.com>
>>
>> Fixes a use-after-free due to a race condition in
>> ttm_bo_cleanup_refs_and_unlock, which allows one task to reserve a BO
>> and destroy its ttm_resv while another task is waiting for it to signal
>> in reservation_object_wait_timeout_rcu.
>>
>> Fixes: 0d2bd2ae045d "drm/ttm: fix memory leak while individualizing BOs"
>> Signed-off-by: Michel Dänzer <michel.daenzer at amd.com>
> 
> Good idea, but one thing we should probably change.
> 
>> ---
>>   drivers/gpu/drm/ttm/ttm_bo.c | 13 +++----------
>>   1 file changed, 3 insertions(+), 10 deletions(-)
>>
>> diff --git a/drivers/gpu/drm/ttm/ttm_bo.c b/drivers/gpu/drm/ttm/ttm_bo.c
>> index 379ec41d2c69..a19a0ebf32ac 100644
>> --- a/drivers/gpu/drm/ttm/ttm_bo.c
>> +++ b/drivers/gpu/drm/ttm/ttm_bo.c
>> @@ -150,8 +150,7 @@ static void ttm_bo_release_list(struct kref
>> *list_kref)
>>       ttm_tt_destroy(bo->ttm);
>>       atomic_dec(&bo->glob->bo_count);
>>       dma_fence_put(bo->moving);
>> -    if (bo->resv == &bo->ttm_resv)
>> -        reservation_object_fini(&bo->ttm_resv);
>> +    reservation_object_fini(&bo->ttm_resv);
> 
> When we always call reservation_object_fini() here we should probably
> also always call reservation_object_init() in ttm_bo_init_reserved() to
> make sure the object is always initialized.

Fair enough.


> This way we can also remove the call to reservation_object_init() in
> ttm_bo_individualize_resv().

Both done in v2, thanks for the review and suggestions.


-- 
Earthling Michel Dänzer               |               http://www.amd.com
Libre software enthusiast             |             Mesa and X developer


[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux