From mboxrd@z Thu Jan 1 00:00:00 1970 From: Daniel Vetter Subject: Re: [PATCH] drm/i915: Gracefully handle obj not bound to GGTT in is_pin_display Date: Thu, 3 Apr 2014 11:34:50 +0200 Message-ID: <20140403093450.GC7225@phenom.ffwll.local> References: <1396462861-16396-1-git-send-email-oscar.mateo@intel.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: Received: from mail-we0-f176.google.com (mail-we0-f176.google.com [74.125.82.176]) by gabe.freedesktop.org (Postfix) with ESMTP id 4661C8813A for ; Thu, 3 Apr 2014 02:34:54 -0700 (PDT) Received: by mail-we0-f176.google.com with SMTP id x48so1483686wes.7 for ; Thu, 03 Apr 2014 02:34:53 -0700 (PDT) Content-Disposition: inline In-Reply-To: <1396462861-16396-1-git-send-email-oscar.mateo@intel.com> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: intel-gfx-bounces@lists.freedesktop.org Sender: "Intel-gfx" To: oscar.mateo@intel.com Cc: intel-gfx@lists.freedesktop.org List-Id: intel-gfx@lists.freedesktop.org On Wed, Apr 02, 2014 at 07:21:01PM +0100, oscar.mateo@intel.com wrote: > From: Oscar Mateo > > Otherwise, we do a NULL pointer dereference. > > I've seen this happen while handling an error in > i915_gem_object_pin_to_display_plane(): > > If i915_gem_object_set_cache_level() fails, we call is_pin_display() to > handle the error. At this point, the object is still not pinned to GGTT > and maybe not even bound, so we have to check before we dereference its > GGTT vma. > > Issue: VIZ-3772 > Signed-off-by: Oscar Mateo Have you looked into provoking this with an igt testcase? On a hunch a busy load (to extend the race window) plus the usual interruptor trick to jump out of wait_seqno calls should be able to make this go kaboom on command. But I haven't analyzed the bug in detail. Thanks, Daniel > --- > drivers/gpu/drm/i915/i915_gem.c | 6 +++++- > 1 file changed, 5 insertions(+), 1 deletion(-) > > diff --git a/drivers/gpu/drm/i915/i915_gem.c b/drivers/gpu/drm/i915/i915_gem.c > index c70121d..1d161c7 100644 > --- a/drivers/gpu/drm/i915/i915_gem.c > +++ b/drivers/gpu/drm/i915/i915_gem.c > @@ -3619,6 +3619,10 @@ unlock: > > static bool is_pin_display(struct drm_i915_gem_object *obj) > { > + struct i915_vma *vma = i915_gem_obj_to_ggtt(obj); > + if (!vma) > + return false; > + > /* There are 3 sources that pin objects: > * 1. The display engine (scanouts, sprites, cursors); > * 2. Reservations for execbuffer; > @@ -3630,7 +3634,7 @@ static bool is_pin_display(struct drm_i915_gem_object *obj) > * subtracting the potential reference by the user, any pin_count > * remains, it must be due to another use by the display engine. > */ > - return i915_gem_obj_to_ggtt(obj)->pin_count - !!obj->user_pin_count; > + return vma->pin_count - !!obj->user_pin_count; > } > > /* > -- > 1.9.0 > > _______________________________________________ > Intel-gfx mailing list > Intel-gfx@lists.freedesktop.org > http://lists.freedesktop.org/mailman/listinfo/intel-gfx -- Daniel Vetter Software Engineer, Intel Corporation +41 (0) 79 365 57 48 - http://blog.ffwll.ch