a/drivers/gpu/drm/i915/gt/intel_context.c V2: Reduce the scope of the mutex lock to only _intel_context_retire()Īnd mark it as a function that may sleep so it doesn't run inĭrivers/gpu/drm/i915/gt/intel_context.c | 5 ++++-ġ file changed, 4 insertions(+), 1 deletion(-)ĭiff -git a/drivers/gpu/drm/i915/gt/intel_context.c b/drivers/gpu/drm/i915/gt/intel_context.c To complement the active callback and fix the corruption. Protect _intel_context_retire() with active->mutex (i.e., ref->mutex) Tvrtko Ursulin, Mika Kuoppala, Matthew Auld, Lionel Landwerlin, Rodrigo Vivi, David Airlie, Daniel Vetter, Chris Wilson, 3:29 ` kernel test robot 1 sibling, 1 reply 37+ messages in threadįrom: Sultan Alsawaf 4:29 UTC ( / raw)
22:35 ` drm/i915: Synchronize active and retire callbacks Sultan Alsawaf 1:13 drm/i915: Fix use-after-free due to intel_context_pin/unpin race Sultan 4:29 ` Sultan Alsawaf * drm/i915: Fix use-after-free due to intel_context_pin/unpin race except if you wait on it, you must manage your own references! */ * After the final retire, the entire struct may be freed */ Spin_unlock_irqrestore(&ref->tree_lock, flags) Protect the retire callback with ref->mutex to complement the activeįixes: 12c255b5dad1 ("drm/i915: Provide an i915_active.acquire callback")ĭrivers/gpu/drm/i915/i915_active.c | 2 ++ĭiff -git a/drivers/gpu/drm/i915/i915_active.c b/drivers/gpu/drm/i915/i915_active.c The NULL-pointer-dereference looks like this:īUG: unable to handle page fault for address: 0000000000003448 In 5.4, this was more noticeableīecause intel_ring_unpin() would set ring->vaddr to NULL and cause aĬlean NULL-pointer-dereference panic, but in newer kernels the Intel_context_pin() and intel_context_unpin() to run at the same time, The retire and active callbacks can run simultaneously, allowing Rodrigo Vivi, David Airlie, Daniel Vetter, Matthew Auld,Ĭhris Wilson, intel-gfx, dri-devel, linux-kernel 3:29 ` kernel test robot 0 siblings, 2 replies 37+ messages in threadįrom: Sultan Alsawaf 1:13 UTC ( / raw)Ĭc: Sultan Alsawaf, stable, Jani Nikula, Joonas Lahtinen, Drm/i915: Fix use-after-free due to intel_context_pin/unpin race All of help / color / mirror / Atom feed * drm/i915: Fix use-after-free due to intel_context_pin/unpin race 1:13 Sultan Alsawaf
0 kommentar(er)
