On Tue, Nov 17, 2015 at 03:53:24PM +0000, Tvrtko Ursulin wrote: > From: Tvrtko Ursulin <tvrtko.ursulin@xxxxxxxxx> > > In the following commit: > > commit e9f24d5fb7cf3628b195b18ff3ac4e37937ceeae > Author: Tvrtko Ursulin <tvrtko.ursulin@xxxxxxxxx> > Date: Mon Oct 5 13:26:36 2015 +0100 > > drm/i915: Clean up associated VMAs on context destruction > > I added a WARN_ON assertion that VM's active list must be empty > at the time of owning context is getting freed, but that turned > out to be a wrong assumption. > > Due ordering of operations in i915_gem_object_retire__read, where > contexts are unreferenced before VMAs are moved to the inactive > list, the described situation can in fact happen. > > It feels wrong to do things in such order so this fix makes sure > a reference to context is held until the move to inactive list > is completed. > > v2: Rather than hold a temporary context reference move the > request unreference to be the last operation. (Daniel Vetter) Because that is a use-after-free. -Chris -- Chris Wilson, Intel Open Source Technology Centre _______________________________________________ Intel-gfx mailing list Intel-gfx@xxxxxxxxxxxxxxxxxxxxx http://lists.freedesktop.org/mailman/listinfo/intel-gfx
