| Message ID | 1313982905-30129-1-git-send-email-skeggsb@gmail.com (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
On Sun, Aug 21, 2011 at 11:15 PM, <skeggsb@gmail.com> wrote: > From: Ben Skeggs <bskeggs@redhat.com> > > Nouveau makes the assumption that if a TTM is bound there will be a mm_node > around for it and the backwards ordering here resulted in a use-after-free > on some eviction paths. > > Signed-off-by: Ben Skeggs <bskeggs@redhat.com> Reviewed-by: Jerome Glisse <jglisse@redhat.com> > --- > drivers/gpu/drm/ttm/ttm_bo_util.c | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > > diff --git a/drivers/gpu/drm/ttm/ttm_bo_util.c b/drivers/gpu/drm/ttm/ttm_bo_util.c > index 77dbf40..ae3c6f5 100644 > --- a/drivers/gpu/drm/ttm/ttm_bo_util.c > +++ b/drivers/gpu/drm/ttm/ttm_bo_util.c > @@ -635,13 +635,13 @@ int ttm_bo_move_accel_cleanup(struct ttm_buffer_object *bo, > if (ret) > return ret; > > - ttm_bo_free_old_node(bo); > if ((man->flags & TTM_MEMTYPE_FLAG_FIXED) && > (bo->ttm != NULL)) { > ttm_tt_unbind(bo->ttm); > ttm_tt_destroy(bo->ttm); > bo->ttm = NULL; > } > + ttm_bo_free_old_node(bo); > } else { > /** > * This should help pipeline ordinary buffer moves. > -- > 1.7.6 > > _______________________________________________ > dri-devel mailing list > dri-devel@lists.freedesktop.org > http://lists.freedesktop.org/mailman/listinfo/dri-devel >
diff --git a/drivers/gpu/drm/ttm/ttm_bo_util.c b/drivers/gpu/drm/ttm/ttm_bo_util.c index 77dbf40..ae3c6f5 100644 --- a/drivers/gpu/drm/ttm/ttm_bo_util.c +++ b/drivers/gpu/drm/ttm/ttm_bo_util.c @@ -635,13 +635,13 @@ int ttm_bo_move_accel_cleanup(struct ttm_buffer_object *bo, if (ret) return ret; - ttm_bo_free_old_node(bo); if ((man->flags & TTM_MEMTYPE_FLAG_FIXED) && (bo->ttm != NULL)) { ttm_tt_unbind(bo->ttm); ttm_tt_destroy(bo->ttm); bo->ttm = NULL; } + ttm_bo_free_old_node(bo); } else { /** * This should help pipeline ordinary buffer moves.