From mboxrd@z Thu Jan  1 00:00:00 1970
From: Tvrtko Ursulin <tvrtko.ursulin@linux.intel.com>
Subject: Re: [PATCH 2/2] drm/i915: Initialise userptr
 mmu_notifier serial to 1
Date: Fri, 11 Jul 2014 12:53:54 +0100
Message-ID: <53BFD052.4050508@linux.intel.com>
References: <1405074481-4742-1-git-send-email-chris@chris-wilson.co.uk>
 <1405074481-4742-2-git-send-email-chris@chris-wilson.co.uk>
 <53BFC3CA.3010703@linux.intel.com>
 <20140711110602.GB12165@nuc-i3427.alporthouse.com>
 <53BFCB00.1020902@linux.intel.com>
 <20140711113541.GC12165@nuc-i3427.alporthouse.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Content-Transfer-Encoding: 7bit
Return-path: <intel-gfx-bounces@lists.freedesktop.org>
Received: from mga02.intel.com (mga02.intel.com [134.134.136.20])
 by gabe.freedesktop.org (Postfix) with ESMTP id 7D7966E1FC
 for <intel-gfx@lists.freedesktop.org>; Fri, 11 Jul 2014 04:53:56 -0700 (PDT)
In-Reply-To: <20140711113541.GC12165@nuc-i3427.alporthouse.com>
List-Unsubscribe: <http://lists.freedesktop.org/mailman/options/intel-gfx>,
 <mailto:intel-gfx-request@lists.freedesktop.org?subject=unsubscribe>
List-Archive: <http://lists.freedesktop.org/archives/intel-gfx>
List-Post: <mailto:intel-gfx@lists.freedesktop.org>
List-Help: <mailto:intel-gfx-request@lists.freedesktop.org?subject=help>
List-Subscribe: <http://lists.freedesktop.org/mailman/listinfo/intel-gfx>,
 <mailto:intel-gfx-request@lists.freedesktop.org?subject=subscribe>
Errors-To: intel-gfx-bounces@lists.freedesktop.org
Sender: "Intel-gfx" <intel-gfx-bounces@lists.freedesktop.org>
To: Chris Wilson <chris@chris-wilson.co.uk>, intel-gfx@lists.freedesktop.org
List-Id: intel-gfx@lists.freedesktop.org


On 07/11/2014 12:35 PM, Chris Wilson wrote:
> On Fri, Jul 11, 2014 at 12:31:12PM +0100, Tvrtko Ursulin wrote:
>>
>> On 07/11/2014 12:06 PM, Chris Wilson wrote:
>>> On Fri, Jul 11, 2014 at 12:00:26PM +0100, Tvrtko Ursulin wrote:
>>>> But it will be interesting to know what code managed to trigger this
>>>> race, because as we discussed on IRC it would indicate some pretty
>>>> wild userspace behaviour. Or lack of imagination on our part?
>>>
>>> A threaded client. One thread using userptr, the other doing munmap or
>>> free. Given enough embarrassment, it will happen every time.
>>
>> Yes fine, but I struggle to imagine what would be the intention of
>> such code or how did it manage to fail in such way. I hope the only
>> difference is not that userptr "upgraded" the failure mode for heap
>> corruption or memory management races in general.
>
> The mmu notifier is called everytime a process sneezes. It does not
> imply that our object is being invalidated, just that some portion of
> the current->mm is being modified.

Ah yes, I did not see the big picture.

Tvrtko