From patchwork Tue Oct 21 10:48:09 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Dheeraj Jamwal <dheerajx.s.jamwal@intel.com>
X-Patchwork-Id: 5115881
Return-Path: <ltsi-dev-bounces@lists.linuxfoundation.org>
X-Original-To: patchwork-ltsi-dev@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.19.201])
	by patchwork1.web.kernel.org (Postfix) with ESMTP id A1C4F9F349
	for <patchwork-ltsi-dev@patchwork.kernel.org>;
	Tue, 21 Oct 2014 11:22:09 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id BA1532010F
	for <patchwork-ltsi-dev@patchwork.kernel.org>;
	Tue, 21 Oct 2014 11:22:08 +0000 (UTC)
Received: from mail.linuxfoundation.org (mail.linuxfoundation.org
	[140.211.169.12])
	(using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id C9295200CA
	for <patchwork-ltsi-dev@patchwork.kernel.org>;
	Tue, 21 Oct 2014 11:22:07 +0000 (UTC)
Received: from mail.linux-foundation.org (localhost [127.0.0.1])
	by mail.linuxfoundation.org (Postfix) with ESMTP id B2EE5BEA;
	Tue, 21 Oct 2014 11:03:06 +0000 (UTC)
X-Original-To: ltsi-dev@lists.linuxfoundation.org
Delivered-To: ltsi-dev@mail.linuxfoundation.org
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id E2F47B39
	for <ltsi-dev@lists.linuxfoundation.org>;
	Tue, 21 Oct 2014 11:03:04 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from mga11.intel.com (mga11.intel.com [192.55.52.93])
	by smtp1.linuxfoundation.org (Postfix) with ESMTP id 785262010C
	for <ltsi-dev@lists.linuxfoundation.org>;
	Tue, 21 Oct 2014 11:03:04 +0000 (UTC)
Received: from fmsmga002.fm.intel.com ([10.253.24.26])
	by fmsmga102.fm.intel.com with ESMTP; 21 Oct 2014 04:02:58 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.04,761,1406617200"; d="scan'208";a="617794496"
Received: from ubuntu-desktop.png.intel.com ([10.221.122.25])
	by fmsmga002.fm.intel.com with ESMTP; 21 Oct 2014 04:02:53 -0700
From: Dheeraj Jamwal <dheerajx.s.jamwal@intel.com>
To: ltsi-dev@lists.linuxfoundation.org
Date: Tue, 21 Oct 2014 18:48:09 +0800
Message-Id: <1413889294-31328-290-git-send-email-dheerajx.s.jamwal@intel.com>
X-Mailer: git-send-email 1.7.9.5
In-Reply-To: <1413889294-31328-1-git-send-email-dheerajx.s.jamwal@intel.com>
References: <dheerajx.s.jamwal@intel.com>
	<1413889294-31328-1-git-send-email-dheerajx.s.jamwal@intel.com>
X-Spam-Status: No, score=-5.6 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_MED,
	RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
Subject: [LTSI-dev] [PATCH 0289/1094] drm/i915: Reset vma->mm_list after
	unbinding
X-BeenThere: ltsi-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "A list to discuss patches, development,
	and other things related to the LTSI project"
	<ltsi-dev.lists.linuxfoundation.org>
List-Unsubscribe: 
 <https://lists.linuxfoundation.org/mailman/options/ltsi-dev>,
	<mailto:ltsi-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/ltsi-dev/>
List-Post: <mailto:ltsi-dev@lists.linuxfoundation.org>
List-Help: <mailto:ltsi-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/ltsi-dev>,
	<mailto:ltsi-dev-request@lists.linuxfoundation.org?subject=subscribe>
MIME-Version: 1.0
Sender: ltsi-dev-bounces@lists.linuxfoundation.org
Errors-To: ltsi-dev-bounces@lists.linuxfoundation.org
X-Virus-Scanned: ClamAV using ClamSMTP

From: Chris Wilson <chris@chris-wilson.co.uk>

In place of true activity counting, we walk the list of vma associated
with an object managing each on the vm's active/inactive list everytime
we call move-to-inactive. This depends upon the vma->mm_list being
cleared after unbinding, or else we run into difficulty when tracking
the object in multiple vm's - we see a use-after free and corruption of
the mm_list.

Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Ben Widawsky <ben@bwidawsk.net>
Reviewed-by: Ben Widawsky <ben@bwidawsk.net>
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
(cherry picked from commit 64bf930379ac8097705db7d40602c2aa9ec0d2f4)

Signed-off-by: Dheeraj Jamwal <dheerajx.s.jamwal@intel.com>
---
 drivers/gpu/drm/i915/i915_gem.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/i915/i915_gem.c b/drivers/gpu/drm/i915/i915_gem.c
index 0ec1080..b41ead6 100644
--- a/drivers/gpu/drm/i915/i915_gem.c
+++ b/drivers/gpu/drm/i915/i915_gem.c
@@ -2739,7 +2739,7 @@ int i915_vma_unbind(struct i915_vma *vma)
 
 	i915_gem_gtt_finish_object(obj);
 
-	list_del(&vma->mm_list);
+	list_del_init(&vma->mm_list);
 	/* Avoid an unnecessary call to unbind on rebind. */
 	if (i915_is_ggtt(vma->vm))
 		obj->map_and_fenceable = true;