| Message ID | 1404238671-18760-6-git-send-email-benjamin.widawsky@intel.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Tue, Jul 01, 2014 at 11:17:40AM -0700, Ben Widawsky wrote: > As what was correctly debugged here: > commit acc240d41ea1ab9c488a79219fb313b5b46265ae > Author: Daniel Vetter <daniel.vetter@ffwll.ch> > Date: Thu Dec 5 15:42:34 2013 +0100 > > drm/i915: Fix use-after-free in do_switch > > It then becomes apparent that the default context cannot be the context > being switched to for context switch because it is always bound. It > follows that if the ring->last_context (from) has changed after the > bind_to_gtt, it will always be the default context - this is commented > in the code block. > > This assertion will help catch issues without our logic sooner than > letting the system move long (which is possible for some time). > > I really want this to be a BUG(), but I also want the patch to get > merged. I think the fact that none of the ERRNOs make any sense at all > is just more evidence that this shouldn't be a WARN. Hmm, we could adopt EREMOTEIO or for driver bugs. -Chris
diff --git a/drivers/gpu/drm/i915/i915_gem_context.c b/drivers/gpu/drm/i915/i915_gem_context.c index 0e6e743..cf7cf81 100644 --- a/drivers/gpu/drm/i915/i915_gem_context.c +++ b/drivers/gpu/drm/i915/i915_gem_context.c @@ -669,6 +669,15 @@ static int do_switch_rcs(struct intel_engine_cs *ring, */ from = ring->last_context; + /* The only context which 'from' can be, if it was changed, is the default + * context. The default context cannot end up in evict everything (as + * commented above) because it is always pinned. + */ + if (WARN_ON(from == to)) { + ret = -EPERM; + goto unpin_out; + } + if (needs_pd_load) { /* Older GENs still want the load first, "PP_DCLV followed by * PP_DIR_BASE register through Load Register Immediate commands
As what was correctly debugged here: commit acc240d41ea1ab9c488a79219fb313b5b46265ae Author: Daniel Vetter <daniel.vetter@ffwll.ch> Date: Thu Dec 5 15:42:34 2013 +0100 drm/i915: Fix use-after-free in do_switch It then becomes apparent that the default context cannot be the context being switched to for context switch because it is always bound. It follows that if the ring->last_context (from) has changed after the bind_to_gtt, it will always be the default context - this is commented in the code block. This assertion will help catch issues without our logic sooner than letting the system move long (which is possible for some time). I really want this to be a BUG(), but I also want the patch to get merged. I think the fact that none of the ERRNOs make any sense at all is just more evidence that this shouldn't be a WARN. //Cc: Ian Lister (don't have current email address) Cc: Rafael Barbalho <rafael.barbalho@intel.com> Signed-off-by: Ben Widawsky <ben@bwidawsk.net> --- drivers/gpu/drm/i915/i915_gem_context.c | 9 +++++++++ 1 file changed, 9 insertions(+)