Quoting Matthew Auld (2020-02-19 19:02:36) > > @@ -497,7 +497,7 @@ void i915_sched_node_fini(struct i915_sched_node *node) > > GEM_BUG_ON(dep->signaler != node); > > GEM_BUG_ON(!list_empty(&dep->dfs_link)); > > > > - list_del(&dep->signal_link); > > + list_del_rcu(&dep->signal_link); > > if (dep->flags & I915_DEPENDENCY_ALLOC) > > i915_dependency_free(dep); > > Is this not a potential uaf? Do we not have to wait for the grace > period before doing the free, or what? If we insert SLAB_TYPESAFE_BY_RCU that should satisfy all. (Give or that the amount of pain in thinking about rcu-freelists.) -Chris _______________________________________________ Intel-gfx mailing list Intel-gfx@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/intel-gfx
