This is a note to let you know that I've just added the patch titled drm/i915: Fix unsafe loop iteration over vma whilst unbinding them to the 3.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: drm-i915-fix-unsafe-loop-iteration-over-vma-whilst-unbinding-them.patch and it can be found in the queue-3.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From daniel.vetter@xxxxxxxx Tue Jun 3 23:13:34 2014 From: Daniel Vetter <daniel.vetter@xxxxxxxx> Date: Wed, 21 May 2014 11:07:24 +0200 Subject: drm/i915: Fix unsafe loop iteration over vma whilst unbinding them To: stable@xxxxxxxxxxxxxxx Cc: Intel Graphics Development <intel-gfx@xxxxxxxxxxxxxxxxxxxxx>, Chris Wilson <chris@xxxxxxxxxxxxxxxxxx>, Ben Widawsky <ben@xxxxxxxxxxxx>, Daniel Vetter <daniel.vetter@xxxxxxxx> Message-ID: <1400663245-15601-4-git-send-email-daniel.vetter@xxxxxxxx> From: Chris Wilson <chris@xxxxxxxxxxxxxxxxxx> This is commit df6f783a4ef6790780a67c491897ac upstream. On non-LLC platforms, when changing the cache level of an object, we may need to unbind it so that prefetching across page boundaries does not cross into a different memory domain. This requires us to unbind conflicting vma, but we did so iterating over the objects vma in an unsafe manner (as the list was being modified as we iterated). The regression was introduced in commit 3089c6f239d7d2c4cb2dd5c353e8984cf79af1d7 Author: Ben Widawsky <ben@xxxxxxxxxxxx> Date: Wed Jul 31 17:00:03 2013 -0700 drm/i915: make caching operate on all address spaces apparently as far back as v3.12-rc1, but it has only just begun to trigger real world bug reports. Reported-and-tested-by: Nikolay Martynov <mar.kolya@xxxxxxxxx> Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=76384 Signed-off-by: Chris Wilson <chris@xxxxxxxxxxxxxxxxxx> Cc: Ben Widawsky <ben@xxxxxxxxxxxx> Signed-off-by: Daniel Vetter <daniel.vetter@xxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- drivers/gpu/drm/i915/i915_gem.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/drivers/gpu/drm/i915/i915_gem.c +++ b/drivers/gpu/drm/i915/i915_gem.c @@ -3529,7 +3529,7 @@ int i915_gem_object_set_cache_level(stru { struct drm_device *dev = obj->base.dev; drm_i915_private_t *dev_priv = dev->dev_private; - struct i915_vma *vma; + struct i915_vma *vma, *next; int ret; if (obj->cache_level == cache_level) @@ -3540,7 +3540,7 @@ int i915_gem_object_set_cache_level(stru return -EBUSY; } - list_for_each_entry(vma, &obj->vma_list, vma_link) { + list_for_each_entry_safe(vma, next, &obj->vma_list, vma_link) { if (!i915_gem_valid_gtt_space(dev, &vma->node, cache_level)) { ret = i915_vma_unbind(vma); if (ret) Patches currently in stable-queue which might be from daniel.vetter@xxxxxxxx are queue-3.14/drm-i915-don-t-warn-nor-handle-unexpected-hpd-interrupts-on-gmch-platforms.patch queue-3.14/drm-i915-fix-unsafe-loop-iteration-over-vma-whilst-unbinding-them.patch queue-3.14/drm-i915-disable-self-refresh-for-untiled-fbs-on-i915gm.patch queue-3.14/drm-i915-don-t-check-gmch-state-on-inherited-configs.patch queue-3.14/drm-i915-break-encoder-crtc-link-separately-in-intel_sanitize_crtc.patch queue-3.14/drm-i915-quirk-invert-brightness-for-acer-aspire-5336.patch queue-3.14/drm-i915-move-power-domain-init-earlier-during-system-resume.patch -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html