+ Sean On Mon, 2017-08-21 at 18:16 +0200, Daniel Vetter wrote: > On Sat, Aug 19, 2017 at 01:05:58PM +0100, Chris Wilson wrote: > > This is the same bug as we fixed in commit f6cd7daecff5 ("drm: Release > > driver references to handle before making it available again"), but now > > the exposure is via the PRIME lookup tables. If we remove the > > object/handle from the PRIME lut, then a new request for the same > > object/fd will generate a new handle, thus for a short window that > > object is known to userspace by two different handles. Fix this by > > releasing the driver tracking before PRIME. > > > > Fixes: 0ff926c7d4f0 ("drm/prime: add exported buffers to current fprivs > > imported buffer list (v2)") > > Signed-off-by: Chris Wilson <chris@xxxxxxxxxxxxxxxxxx> > > Cc: David Airlie <airlied@xxxxxxxx> > > Cc: Daniel Vetter <daniel.vetter@xxxxxxxxx> > > Cc: Rob Clark <robdclark@xxxxxxxxx> > > Cc: Ville Syrjälä <ville.syrjala@xxxxxxxxxxxxxxx> > > Cc: Thierry Reding <treding@xxxxxxxxxx> > > Cc: stable@xxxxxxxxxxxxxxx > > Do we have an evil igt for this? I guess since the old one didn't have > one, this new race is also hard to reproduce ... > > Reviewed-by: Daniel Vetter <daniel.vetter@xxxxxxxx> Pushed this to drm-misc-fixes (and drm-misc-next for I am a monkey with a keyboard), thanks for the patch and review. Sean, you can blame it on me when/if there is trouble caused by the patch being in both branches. Hopefully next merge will cause less headache. Regards, Joonas -- Joonas Lahtinen Open Source Technology Center Intel Corporation