If the context being destroyed have been last in the ring,
the ring->last_context will be left dangling.
Later, the unpinning will happen for last_context, and as it
was already freed, we corrupt memory by doing so.
This regression introduced in
commit 6d65ba943a2d1e4292a07ca7ddb6c5138b9efa5d
Author: Nick Hoath <nicholas.hoath@xxxxxxxxx>
Date: Tue Dec 1 14:48:57 2015 +0000
drm/i915: Extend LRC pinning to cover GPU context writeback
Fix this by clearing the ring->last_context if it is the
context being destroyed.
Cc: Nick Hoath <nicholas.hoath@xxxxxxxxx>
Cc: Daniel Vetter <daniel.vetter@xxxxxxxx>
Cc: David Gordon <david.s.gordon@xxxxxxxxx>
Cc: Chris Wilson <chris@xxxxxxxxxxxxxxxxxx>
Cc: Alex Dai <yu.dai@xxxxxxxxx>
Signed-off-by: Mika Kuoppala <mika.kuoppala@xxxxxxxxx>
---
drivers/gpu/drm/i915/intel_lrc.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/gpu/drm/i915/intel_lrc.c b/drivers/gpu/drm/i915/intel_lrc.c
index c3504a0..5c26fde 100644
--- a/drivers/gpu/drm/i915/intel_lrc.c
+++ b/drivers/gpu/drm/i915/intel_lrc.c
@@ -2432,6 +2432,9 @@ intel_lr_context_clean_ring(struct intel_context *ctx,
}
}
+ if (ring->last_context == ctx)
+ ring->last_context = NULL;
+
WARN_ON(ctx->engine[ring->id].pin_count);
intel_ringbuffer_free(ringbuf);
drm_gem_object_unreference(&ctx_obj->base);
--
2.5.0
_______________________________________________
Intel-gfx mailing list
Intel-gfx@xxxxxxxxxxxxxxxxxxxxx
http://lists.freedesktop.org/mailman/listinfo/intel-gfx
