From: Daniel Vetter <daniel@ffwll.ch>
To: Chris Wilson <chris@chris-wilson.co.uk>,
Ben Widawsky <benjamin.widawsky@intel.com>,
Intel GFX <intel-gfx@lists.freedesktop.org>,
Ben Widawsky <ben@bwidawsk.net>
Subject: Re: [PATCH] [v2] drm/i915: Fix another another use-after-free in do_switch
Date: Mon, 11 Aug 2014 11:26:21 +0200 [thread overview]
Message-ID: <20140811092621.GD8727@phenom.ffwll.local> (raw)
In-Reply-To: <20140810080410.GC6666@nuc-i3427.alporthouse.com>
On Sun, Aug 10, 2014 at 09:04:10AM +0100, Chris Wilson wrote:
> On Sat, Aug 09, 2014 at 01:15:16PM -0700, Ben Widawsky wrote:
> > See the following for many more details.
> >
> > commit acc240d41ea1ab9c488a79219fb313b5b46265ae
> > Author: Daniel Vetter <daniel.vetter@ffwll.ch>
> > Date: Thu Dec 5 15:42:34 2013 +0100
> >
> > drm/i915: Fix use-after-free in do_switch
> >
> > In this case, the issue is only for full PPGTT:
> > do_switch
> > context_unref
> > ppgtt_release
> > i915_gpu_idle
> > switch_to_default
> > from changes to default context
Pardon my ignorance (well this stuff is just hard), but can the above
still happen with Michel Thierry's patch to rework ppgtt_release?
In particular I seem to be too dense to find the ppgtt_release -> gpu_idle
step once the forcefull vma unbinding is gone. Doe I miss something?
Someone please enlighten me ...
Thanks, Daniel
> >
> > This could be backported to the pre do_switch cleanup I did in this
> > series. However, it's much cleaner and more obvious as a patch on top,
> > so I'd really like to do this as a post cleanup patch.
> >
> > v2: There was a bug in the original patch where the ring->last_context
> > was set too early. I am not sure how this wasn't being hit when I sent
> > this previously. Perhaps I tested the wrong patch previously.
> >
> > Signed-off-by: Ben Widawsky <ben@bwidawsk.net>
>
> Ok, I convinced myself that the you are fixing the bug you describe and
> don't seem to be introducing a new one, so
>
> Reviewed-by: Chris Wilson <chris@chris-wilson.co.uk>
> -Chris
>
> --
> Chris Wilson, Intel Open Source Technology Centre
> _______________________________________________
> Intel-gfx mailing list
> Intel-gfx@lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/intel-gfx
--
Daniel Vetter
Software Engineer, Intel Corporation
+41 (0) 79 365 57 48 - http://blog.ffwll.ch
next prev parent reply other threads:[~2014-08-11 9:26 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-07-01 18:17 [PATCH 00/16] Enabling GEN8 full PPGTT + fixes Ben Widawsky
2014-07-01 18:17 ` [PATCH 01/16] drm/i915: Split up do_switch Ben Widawsky
2014-07-01 18:17 ` [PATCH 02/16] drm/i915: Extract l3 remapping out of ctx switch Ben Widawsky
2014-07-01 18:17 ` [PATCH 03/16] drm/i915/ppgtt: Load address space after mi_set_context Ben Widawsky
2014-07-01 18:17 ` [PATCH 04/16] drm/i915: Fix another another use-after-free in do_switch Ben Widawsky
2014-08-09 20:15 ` [PATCH] [v2] " Ben Widawsky
2014-08-10 8:04 ` Chris Wilson
2014-08-11 9:26 ` Daniel Vetter [this message]
2014-07-01 18:17 ` [PATCH 05/16] drm/i915/ctx: Return earlier on failure Ben Widawsky
2014-07-04 8:14 ` Chris Wilson
2014-07-01 18:17 ` [PATCH 06/16] drm/i915/error: Check the potential ctx obj's vm Ben Widawsky
2014-07-17 8:47 ` Daniel Vetter
2014-07-01 18:17 ` [PATCH 07/16] drm/i915/error: vma error capture prettyify Ben Widawsky
2014-07-01 18:17 ` [PATCH 08/16] drm/i915/error: Do a better job of disambiguating VMAs Ben Widawsky
2014-07-04 7:57 ` Chris Wilson
2014-07-04 16:56 ` Ben Widawsky
2014-07-17 8:51 ` Daniel Vetter
2014-07-20 23:49 ` Ben Widawsky
2014-07-01 18:17 ` [PATCH 09/16] drm/i915/error: Capture vmas instead of BOs Ben Widawsky
2014-07-01 18:17 ` [PATCH 10/16] drm/i915: Add some extra guards in evict_vm Ben Widawsky
2014-07-01 18:17 ` [PATCH 11/16] drm/i915: Make an uninterruptible evict Ben Widawsky
2014-07-01 18:17 ` [PATCH 12/16] drm/i915: Reorder ctx unref on ppgtt cleanup Ben Widawsky
2014-07-17 9:56 ` Daniel Vetter
2014-07-01 18:17 ` [PATCH 13/16] drm/i915: More correct (slower) " Ben Widawsky
2014-07-17 9:49 ` Daniel Vetter
2014-07-01 18:17 ` [PATCH 14/16] drm/i915: Defer PPGTT cleanup Ben Widawsky
2014-07-01 18:17 ` [PATCH 15/16] drm/i915/bdw: Enable full PPGTT Ben Widawsky
2014-07-01 18:17 ` [PATCH 16/16] drm/i915: Get the error state over the wire (HACKish) Ben Widawsky
2014-07-04 8:02 ` Chris Wilson
2014-07-03 22:01 ` [PATCH 1/2] drm/i915/gen8: Invalidate TLBs before PDP reload Ben Widawsky
2014-07-03 22:01 ` [PATCH 2/2] drm/i915: Remove false assertion in ppgtt_release Ben Widawsky
2014-07-04 7:51 ` [PATCH 1/2] drm/i915/gen8: Invalidate TLBs before PDP reload Chris Wilson
2014-07-04 16:55 ` Ben Widawsky
2014-07-17 12:04 ` [PATCH 00/16] Enabling GEN8 full PPGTT + fixes Daniel Vetter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140811092621.GD8727@phenom.ffwll.local \
--to=daniel@ffwll.ch \
--cc=ben@bwidawsk.net \
--cc=benjamin.widawsky@intel.com \
--cc=chris@chris-wilson.co.uk \
--cc=intel-gfx@lists.freedesktop.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox