From mboxrd@z Thu Jan  1 00:00:00 1970
From: Daniel Vetter <daniel@ffwll.ch>
Subject: Re: [PATCH] [v2] drm/i915: Fix another another
 use-after-free in do_switch
Date: Mon, 11 Aug 2014 11:26:21 +0200
Message-ID: <20140811092621.GD8727@phenom.ffwll.local>
References: <1404238671-18760-5-git-send-email-benjamin.widawsky@intel.com>
 <1407615316-30645-1-git-send-email-benjamin.widawsky@intel.com>
 <20140810080410.GC6666@nuc-i3427.alporthouse.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <intel-gfx-bounces@lists.freedesktop.org>
Received: from mail-we0-f172.google.com (mail-we0-f172.google.com
 [74.125.82.172])
 by gabe.freedesktop.org (Postfix) with ESMTP id 3E7CA6E39F
 for <intel-gfx@lists.freedesktop.org>; Mon, 11 Aug 2014 02:26:10 -0700 (PDT)
Received: by mail-we0-f172.google.com with SMTP id x48so8339095wes.3
 for <intel-gfx@lists.freedesktop.org>; Mon, 11 Aug 2014 02:26:09 -0700 (PDT)
Content-Disposition: inline
In-Reply-To: <20140810080410.GC6666@nuc-i3427.alporthouse.com>
List-Unsubscribe: <http://lists.freedesktop.org/mailman/options/intel-gfx>,
 <mailto:intel-gfx-request@lists.freedesktop.org?subject=unsubscribe>
List-Archive: <http://lists.freedesktop.org/archives/intel-gfx>
List-Post: <mailto:intel-gfx@lists.freedesktop.org>
List-Help: <mailto:intel-gfx-request@lists.freedesktop.org?subject=help>
List-Subscribe: <http://lists.freedesktop.org/mailman/listinfo/intel-gfx>,
 <mailto:intel-gfx-request@lists.freedesktop.org?subject=subscribe>
Errors-To: intel-gfx-bounces@lists.freedesktop.org
Sender: "Intel-gfx" <intel-gfx-bounces@lists.freedesktop.org>
To: Chris Wilson <chris@chris-wilson.co.uk>, Ben Widawsky <benjamin.widawsky@intel.com>, Intel GFX <intel-gfx@lists.freedesktop.org>, Ben Widawsky <ben@bwidawsk.net>
List-Id: intel-gfx@lists.freedesktop.org

On Sun, Aug 10, 2014 at 09:04:10AM +0100, Chris Wilson wrote:
> On Sat, Aug 09, 2014 at 01:15:16PM -0700, Ben Widawsky wrote:
> > See the following for many more details.
> > 
> > commit acc240d41ea1ab9c488a79219fb313b5b46265ae
> > Author: Daniel Vetter <daniel.vetter@ffwll.ch>
> > Date:   Thu Dec 5 15:42:34 2013 +0100
> > 
> >     drm/i915: Fix use-after-free in do_switch
> > 
> > In this case, the issue is only for full PPGTT:
> > do_switch
> >   context_unref
> >     ppgtt_release
> >       i915_gpu_idle
> > 	switch_to_default
> > 	from changes to default context

Pardon my ignorance (well this stuff is just hard), but can the above
still happen with Michel Thierry's patch to rework ppgtt_release?

In particular I seem to be too dense to find the ppgtt_release -> gpu_idle
step once the forcefull vma unbinding is gone. Doe I miss something?
Someone please enlighten me ...

Thanks, Daniel

> > 
> > This could be backported to the pre do_switch cleanup I did in this
> > series. However, it's much cleaner and more obvious as a patch on top,
> > so I'd really like to do this as a post cleanup patch.
> > 
> > v2: There was a bug in the original patch where the ring->last_context
> > was set too early. I am not sure how this wasn't being hit when I sent
> > this previously. Perhaps I tested the wrong patch previously.
> > 
> > Signed-off-by: Ben Widawsky <ben@bwidawsk.net>
> 
> Ok, I convinced myself that the you are fixing the bug you describe and
> don't seem to be introducing a new one, so
> 
> Reviewed-by: Chris Wilson <chris@chris-wilson.co.uk>
> -Chris
> 
> -- 
> Chris Wilson, Intel Open Source Technology Centre
> _______________________________________________
> Intel-gfx mailing list
> Intel-gfx@lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/intel-gfx

-- 
Daniel Vetter
Software Engineer, Intel Corporation
+41 (0) 79 365 57 48 - http://blog.ffwll.ch