From: "Ville Syrjälä" <ville.syrjala@linux.intel.com>
To: Chris Wilson <chris@chris-wilson.co.uk>
Cc: intel-gfx@lists.freedesktop.org, Ben Widawsky <ben@bwidawsk.net>
Subject: Re: [PATCH] drm/i915: Reset vma->mm_list after unbinding
Date: Thu, 27 Feb 2014 16:11:39 +0200 [thread overview]
Message-ID: <20140227141139.GK3852@intel.com> (raw)
In-Reply-To: <1393338208-10242-1-git-send-email-chris@chris-wilson.co.uk>
On Tue, Feb 25, 2014 at 02:23:28PM +0000, Chris Wilson wrote:
> In place of true activity counting, we walk the list of vma associated
> with an object managing each on the vm's active/inactive list everytime
> we call move-to-inactive. This depends upon the vma->mm_list being
> cleared after unbinding, or else we run into difficulty when tracking
> the object in multiple vm's - we see a use-after free and corruption of
> the mm_list.
>
> Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
> Cc: Ben Widawsky <ben@bwidawsk.net>
> ---
> drivers/gpu/drm/i915/i915_gem.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/i915/i915_gem.c b/drivers/gpu/drm/i915/i915_gem.c
> index 633a8d56e401..4de984e176f5 100644
> --- a/drivers/gpu/drm/i915/i915_gem.c
> +++ b/drivers/gpu/drm/i915/i915_gem.c
> @@ -2874,7 +2874,7 @@ int i915_vma_unbind(struct i915_vma *vma)
>
> i915_gem_gtt_finish_object(obj);
>
> - list_del(&vma->mm_list);
> + list_del_init(&vma->mm_list);
Isn't this just another symptom of the vma unbind recursion bug? I mean
how can someone else be accessing vma->mm_list while we're in the process
of freeing the vma itself (happens just a few lines down from here).
> if (i915_is_ggtt(vma->vm))
> obj->map_and_fenceable = false;
>
> --
> 1.9.0
>
> _______________________________________________
> Intel-gfx mailing list
> Intel-gfx@lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/intel-gfx
--
Ville Syrjälä
Intel OTC
next prev parent reply other threads:[~2014-02-27 14:12 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-02-25 14:23 [PATCH] drm/i915: Reset vma->mm_list after unbinding Chris Wilson
2014-02-25 23:38 ` Ben Widawsky
2014-03-05 13:05 ` Chris Wilson
2014-03-05 14:15 ` Daniel Vetter
2014-02-27 14:11 ` Ville Syrjälä [this message]
2014-02-27 14:28 ` Chris Wilson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140227141139.GK3852@intel.com \
--to=ville.syrjala@linux.intel.com \
--cc=ben@bwidawsk.net \
--cc=chris@chris-wilson.co.uk \
--cc=intel-gfx@lists.freedesktop.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox