On Mon, Feb 13, 2017 at 09:05:33AM +0100, Thierry Reding wrote: > On Sun, Feb 12, 2017 at 12:15:46AM +0000, Russell King - ARM Linux wrote: > > On Sat, Feb 11, 2017 at 09:09:34PM +0000, Dan MacDonald wrote: > > diff --git a/drivers/gpu/drm/drm_atomic_helper.c b/drivers/gpu/drm/drm_atomic_helper.c > > index 21f992605541..46668d071d6a 100644 > > --- a/drivers/gpu/drm/drm_atomic_helper.c > > +++ b/drivers/gpu/drm/drm_atomic_helper.c > > @@ -1201,9 +1201,8 @@ static void commit_tail(struct drm_atomic_state *state) > > else > > drm_atomic_helper_commit_tail(state); > > > > - drm_atomic_helper_commit_cleanup_done(state); > > - > > - drm_atomic_state_free(state); > > + if (drm_atomic_helper_commit_cleanup_done(state) == 0) > > + drm_atomic_state_free(state); > > Chris (Cc'ed) added reference counting to atomic state for v4.10, maybe > that already fixes the issue? I'm not confident it will, as there is not an independent ref on the state for the phases, and so a forced timeout still leaves a dangling pointer. The above chunk goes the opposite way and leaks the state to avoid the invalid deref, what we need is a ref around its existence on the dependency queue if that is outside the lifetime of the commit. -Chris -- Chris Wilson, Intel Open Source Technology Centre _______________________________________________ dri-devel mailing list dri-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/dri-devel
