On Sun, Jan 01, 2017 at 03:16:31PM -0600, vcaputo@xxxxxxxxxxx wrote: > Hi Chris, > > I've uncovered a bug in i915_gem_request_alloc(): > https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/drivers/gpu/drm/i915/i915_gem_request.c?h=v4.9#n425 > > ctx here may be NULL, and i915_gem_context_get() is unconditionally > adding a reference to the supplied ctx, which makes things go boom when > NULL. ctx is not allowed to be NULL. > This happens for me in practice via: > https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/drivers/gpu/drm/i915/intel_display.c?h=v4.9#n12317 > > It appears engine->last_context may be NULL. It was meant to be using mmioflip if last_context was NULL, since we can do that immediately (i.e. lower latency) than via queuing the csflip. > The comment heading i915_gem_request_alloc() states that ctx shall be > NULL and that an appropriate context will be chosen automatically. This > is not what is currently implemented. Comment is wrong. -Chris -- Chris Wilson, Intel Open Source Technology Centre _______________________________________________ dri-devel mailing list dri-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/dri-devel
