On Fri, Nov 29, 2013 at 11:44:59AM +0000, Chris Wilson wrote: > During the vmap() routine for the dma-buf, we first grab the pages and > then try to allocate a temporary array to pass to the vmap(). However, > the shrinker can and will reap any object that is unbound if the > allocation for the array first fails. This includes the object which we > are attempting to vmap(). The solution is to mark the object's pages as > pinned whilst we try the allocation to prevent the use-after-free > introduced by the potential shrinkage. > > Signed-off-by: Chris Wilson <chris@xxxxxxxxxxxxxxxxxx> Picked up for -fixes, thanks for the patch. -Daniel -- Daniel Vetter Software Engineer, Intel Corporation +41 (0) 79 365 57 48 - http://blog.ffwll.ch _______________________________________________ Intel-gfx mailing list Intel-gfx@xxxxxxxxxxxxxxxxxxxxx http://lists.freedesktop.org/mailman/listinfo/intel-gfx
