| Message ID | 1449244363-32230-1-git-send-email-mika.kuoppala@intel.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Fri, Dec 04, 2015 at 05:52:43PM +0200, Mika Kuoppala wrote: > If the context being destroyed have been last in the ring, > the ring->last_context will be left dangling. > > Later, the unpinning will happen for last_context, and as it > was already freed, we corrupt memory by doing so. > > This regression introduced in > commit 6d65ba943a2d1e4292a07ca7ddb6c5138b9efa5d > Author: Nick Hoath <nicholas.hoath@intel.com> > Date: Tue Dec 1 14:48:57 2015 +0000 > > drm/i915: Extend LRC pinning to cover GPU context writeback > > Fix this by clearing the ring->last_context if it is the > context being destroyed. > > Cc: Nick Hoath <nicholas.hoath@intel.com> > Cc: Daniel Vetter <daniel.vetter@ffwll.ch> > Cc: David Gordon <david.s.gordon@intel.com> > Cc: Chris Wilson <chris@chris-wilson.co.uk> > Cc: Alex Dai <yu.dai@intel.com> > Signed-off-by: Mika Kuoppala <mika.kuoppala@intel.com> > --- > drivers/gpu/drm/i915/intel_lrc.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/drivers/gpu/drm/i915/intel_lrc.c b/drivers/gpu/drm/i915/intel_lrc.c > index c3504a0..5c26fde 100644 > --- a/drivers/gpu/drm/i915/intel_lrc.c > +++ b/drivers/gpu/drm/i915/intel_lrc.c > @@ -2432,6 +2432,9 @@ intel_lr_context_clean_ring(struct intel_context *ctx, > } > } > > + if (ring->last_context == ctx) > + ring->last_context = NULL; This should be plainly impossible. ring->last_context better have a reference on it, and if that's not the case we need to fix that. Nick, can you please take a look into this asap? It's causing a BAT regression so meanwhile I'll revert your patch. Thanks, Daniel > + > WARN_ON(ctx->engine[ring->id].pin_count); > intel_ringbuffer_free(ringbuf); > drm_gem_object_unreference(&ctx_obj->base); > -- > 2.5.0 > > _______________________________________________ > Intel-gfx mailing list > Intel-gfx@lists.freedesktop.org > http://lists.freedesktop.org/mailman/listinfo/intel-gfx
diff --git a/drivers/gpu/drm/i915/intel_lrc.c b/drivers/gpu/drm/i915/intel_lrc.c index c3504a0..5c26fde 100644 --- a/drivers/gpu/drm/i915/intel_lrc.c +++ b/drivers/gpu/drm/i915/intel_lrc.c @@ -2432,6 +2432,9 @@ intel_lr_context_clean_ring(struct intel_context *ctx, } } + if (ring->last_context == ctx) + ring->last_context = NULL; + WARN_ON(ctx->engine[ring->id].pin_count); intel_ringbuffer_free(ringbuf); drm_gem_object_unreference(&ctx_obj->base);
If the context being destroyed have been last in the ring, the ring->last_context will be left dangling. Later, the unpinning will happen for last_context, and as it was already freed, we corrupt memory by doing so. This regression introduced in commit 6d65ba943a2d1e4292a07ca7ddb6c5138b9efa5d Author: Nick Hoath <nicholas.hoath@intel.com> Date: Tue Dec 1 14:48:57 2015 +0000 drm/i915: Extend LRC pinning to cover GPU context writeback Fix this by clearing the ring->last_context if it is the context being destroyed. Cc: Nick Hoath <nicholas.hoath@intel.com> Cc: Daniel Vetter <daniel.vetter@ffwll.ch> Cc: David Gordon <david.s.gordon@intel.com> Cc: Chris Wilson <chris@chris-wilson.co.uk> Cc: Alex Dai <yu.dai@intel.com> Signed-off-by: Mika Kuoppala <mika.kuoppala@intel.com> --- drivers/gpu/drm/i915/intel_lrc.c | 3 +++ 1 file changed, 3 insertions(+)