On 15/04/16 11:00, Chris Wilson wrote:
On Fri, Apr 15, 2016 at 10:40:42AM +0100, Tvrtko Ursulin wrote:
On 13/04/16 16:12, Chris Wilson wrote:
On Wed, Apr 13, 2016 at 03:47:58PM +0100, Chris Wilson wrote:
+ /* We also want to clear any cached iomaps as they wrap vmap */
+ list_for_each_entry_safe(vma, next,
+ &dev_priv->ggtt.base.inactive_list, vm_link)
+ if (vma->iomap && i915_vma_unbind(vma) == 0)
+ freed_pages += vma->node.size >> PAGE_SHIFT;
Use after free. I need to store the page count in a local before calling
unbind.
Waiting for respin. :)
Also, shouldn't the patch which adds the size argument to
io_mapping_map_wc be in this series?
It was, this was just an update to patch 2. The delta here is just
unsigned long count = vma->node.size >> PAGE_SHIFT;
if (vma->iomap && i915_vma_unbind(vma) == 0)
freed_pages += count;
My bad, I got lost in the threads.. :(
Could I ask for those two BUG_ONs to be replaced with GEM_BUG_ONs now
that is in?
Maybe also add a quick return at the top, as a micro-opt:
if (vma->iomap)
reutrn vma->iomap;
Followed by WARNs, GEM_BUG_ONs and rest?
Shrinker fix mandatory and with or without my above comments r-b from me.
Regards,
Tvrtko
_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx
