As what was correctly debugged here: commit acc240d41ea1ab9c488a79219fb313b5b46265ae Author: Daniel Vetter <daniel.vetter@xxxxxxxx> Date: Thu Dec 5 15:42:34 2013 +0100 drm/i915: Fix use-after-free in do_switch It then becomes apparent that the default context cannot be the context being switched to for context switch because it is always bound. It follows that if the ring->last_context (from) has changed after the bind_to_gtt, it will always be the default context - this is commented in the code block. This assertion will help catch issues without our logic sooner than letting the system move long (which is possible for some time). I really want this to be a BUG(), but I also want the patch to get merged. I think the fact that none of the ERRNOs make any sense at all is just more evidence that this shouldn't be a WARN. //Cc: Ian Lister (don't have current email address) Cc: Rafael Barbalho <rafael.barbalho@xxxxxxxxx> Signed-off-by: Ben Widawsky <ben@xxxxxxxxxxxx> --- drivers/gpu/drm/i915/i915_gem_context.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/drivers/gpu/drm/i915/i915_gem_context.c b/drivers/gpu/drm/i915/i915_gem_context.c index 0ce8fc9..34bf177 100644 --- a/drivers/gpu/drm/i915/i915_gem_context.c +++ b/drivers/gpu/drm/i915/i915_gem_context.c @@ -691,6 +691,15 @@ static int do_switch_rcs(struct intel_engine_cs *ring, */ from = ring->last_context; + /* The only context which 'from' can be, if it was changed, is the default + * context. The default context cannot end up in evict everything (as + * commented above) because it is always pinned. + */ + if (WARN_ON(from == to)) { + ret = -EPERM; + goto unpin_out; + } + if (needs_pd_load) { /* Older GENs still want the load first, "PP_DCLV followed by * PP_DIR_BASE register through Load Register Immediate commands -- 2.0.4 _______________________________________________ Intel-gfx mailing list Intel-gfx@xxxxxxxxxxxxxxxxxxxxx http://lists.freedesktop.org/mailman/listinfo/intel-gfx