Re: [PATCH] drm/i915: Fix erroneous dereference of batch_obj inside reset_status

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Chris Wilson <chris@xxxxxxxxxxxxxxxxxx> writes:

> As the rings may be processed and their requests deallocated in a
> different order to the natural retirement during a reset,
>
> /* Whilst this request exists, batch_obj will be on the
>  * active_list, and so will hold the active reference. Only when this
>  * request is retired will the the batch_obj be moved onto the
>  * inactive_list and lose its active reference. Hence we do not need
>  * to explicitly hold another reference here.
>  */
>
> is violated, and the batch_obj may be dereferenced after it had been
> freed on another ring. This can be simply avoided by processing the
> status update prior to deallocating any requests.
>
> Fixes regression (a possible OOPS following a GPU hang) from
> commit aa60c664e6df502578454621c3a9b1f087ff8d25
> Author: Mika Kuoppala <mika.kuoppala@xxxxxxxxxxxxxxx>
> Date:   Wed Jun 12 15:13:20 2013 +0300
>
>     drm/i915: find guilty batch buffer on ring resets
>
> Signed-off-by: Chris Wilson <chris@xxxxxxxxxxxxxxxxxx>
> Cc: Mika Kuoppala <mika.kuoppala@xxxxxxxxx>
> Cc: stable@xxxxxxxxxxxxxxx

Passes the igt/gem_reset_stats/close-pending-fork and
doesn't affect the fast path.

Reviewed-by: Mika Kuoppala <mika.kuoppala@xxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]