From mboxrd@z Thu Jan  1 00:00:00 1970
From: Ben Widawsky <ben@bwidawsk.net>
Subject: Re: [PATCH] drm/i915: Reset vma->mm_list after unbinding
Date: Tue, 25 Feb 2014 15:38:18 -0800
Message-ID: <20140225233818.GA2182@bwidawsk.net>
References: <1393338208-10242-1-git-send-email-chris@chris-wilson.co.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <intel-gfx-bounces@lists.freedesktop.org>
Received: from mail.bwidawsk.net (bwidawsk.net [166.78.191.112])
	by gabe.freedesktop.org (Postfix) with ESMTP id 6BBDDFA564
	for <intel-gfx@lists.freedesktop.org>;
	Tue, 25 Feb 2014 15:38:28 -0800 (PST)
Content-Disposition: inline
In-Reply-To: <1393338208-10242-1-git-send-email-chris@chris-wilson.co.uk>
List-Unsubscribe: <http://lists.freedesktop.org/mailman/options/intel-gfx>,
	<mailto:intel-gfx-request@lists.freedesktop.org?subject=unsubscribe>
List-Archive: <http://lists.freedesktop.org/archives/intel-gfx>
List-Post: <mailto:intel-gfx@lists.freedesktop.org>
List-Help: <mailto:intel-gfx-request@lists.freedesktop.org?subject=help>
List-Subscribe: <http://lists.freedesktop.org/mailman/listinfo/intel-gfx>,
	<mailto:intel-gfx-request@lists.freedesktop.org?subject=subscribe>
Sender: intel-gfx-bounces@lists.freedesktop.org
Errors-To: intel-gfx-bounces@lists.freedesktop.org
To: Chris Wilson <chris@chris-wilson.co.uk>
Cc: intel-gfx@lists.freedesktop.org
List-Id: intel-gfx@lists.freedesktop.org

On Tue, Feb 25, 2014 at 02:23:28PM +0000, Chris Wilson wrote:
> In place of true activity counting, we walk the list of vma associated
> with an object managing each on the vm's active/inactive list everytime
> we call move-to-inactive. This depends upon the vma->mm_list being
> cleared after unbinding, or else we run into difficulty when tracking
> the object in multiple vm's - we see a use-after free and corruption of
> the mm_list.

I feel bad because someone in PRC told me about this bug, and I could
have sword you had previously fixed it. So if you're reading this
whomever you were, my apoligies.
> 
> Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
> Cc: Ben Widawsky <ben@bwidawsk.net>

I think Cc: stable too

Reviewed-by: Ben Widawsky <ben@bwidawsk.net>
> ---
>  drivers/gpu/drm/i915/i915_gem.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/gpu/drm/i915/i915_gem.c b/drivers/gpu/drm/i915/i915_gem.c
> index 633a8d56e401..4de984e176f5 100644
> --- a/drivers/gpu/drm/i915/i915_gem.c
> +++ b/drivers/gpu/drm/i915/i915_gem.c
> @@ -2874,7 +2874,7 @@ int i915_vma_unbind(struct i915_vma *vma)
>  
>  	i915_gem_gtt_finish_object(obj);
>  
> -	list_del(&vma->mm_list);
> +	list_del_init(&vma->mm_list);
>  	if (i915_is_ggtt(vma->vm))
>  		obj->map_and_fenceable = false;
>  
> -- 
> 1.9.0
> 

-- 
Ben Widawsky, Intel Open Source Technology Center