Re: [PATCH 3.13.y-ckt 078/138] drm/radeon: hold reference to fences in radeon_sa_bo_new
From: Nicolai HÃhnle
Date: Wed Mar 09 2016 - 18:43:21 EST
On 09.03.2016 18:13, Kamal Mostafa wrote:
3.13.11-ckt36 -stable review patch. If anyone has any objections, please let me know.
Please drop the patch for now, it causes a NULL pointer dereference on
kernels <= 3.17. We will follow up with a correctly backported patch.
Thanks,
Nicolai
---8<------------------------------------------------------------
From: =?UTF-8?q?Nicolai=20H=C3=A4hnle?= <nicolai.haehnle@xxxxxxx>
commit f6ff4f67cdf8455d0a4226eeeaf5af17c37d05eb upstream.
An arbitrary amount of time can pass between spin_unlock and
radeon_fence_wait_any, so we need to ensure that nobody frees the
fences from under us.
Based on the analogous fix for amdgpu.
Signed-off-by: Nicolai HÃhnle <nicolai.haehnle@xxxxxxx>
Reviewed-by: Christian KÃnig <christian.koenig@xxxxxxx>
Signed-off-by: Kamal Mostafa <kamal@xxxxxxxxxxxxx>
---
drivers/gpu/drm/radeon/radeon_sa.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/gpu/drm/radeon/radeon_sa.c b/drivers/gpu/drm/radeon/radeon_sa.c
index f0bac68..bb16684 100644
--- a/drivers/gpu/drm/radeon/radeon_sa.c
+++ b/drivers/gpu/drm/radeon/radeon_sa.c
@@ -349,8 +349,13 @@ int radeon_sa_bo_new(struct radeon_device *rdev,
/* see if we can skip over some allocations */
} while (radeon_sa_bo_next_hole(sa_manager, fences, tries));
+ for (i = 0; i < RADEON_NUM_RINGS; ++i)
+ radeon_fence_ref(fences[i]);
+
spin_unlock(&sa_manager->wq.lock);
r = radeon_fence_wait_any(rdev, fences, false);
+ for (i = 0; i < RADEON_NUM_RINGS; ++i)
+ radeon_fence_unref(&fences[i]);
spin_lock(&sa_manager->wq.lock);
/* if we have nothing to wait for block */
if (r == -ENOENT && block) {