Bug 72274

Summary: drm/i195: Potential dangling pointer on context switch
Product: DRI Reporter: Josh Triplett <josh>
Component: DRM/IntelAssignee: Intel GFX Bugs mailing list <intel-gfx-bugs>
Status: CLOSED FIXED QA Contact: Intel GFX Bugs mailing list <intel-gfx-bugs>
Severity: normal    
Priority: medium CC: intel-gfx-bugs
Version: unspecified   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:

Description Josh Triplett 2013-12-03 18:24:44 UTC 
See https://chromium-review.googlesource.com/#/c/177627/ for full report and patch.

"When HW context switch is enabled, the last context switched away from
is stored in the ring, and when a context is unbound, the ring pointer
is not updated."
Comment 1 Chris Wilson 2013-12-03 19:13:41 UTC 
Fixed (made irrelevant) by

commit 112522f6789581824903f6f72082b5b841a7f0f9
Author: Chris Wilson <chris@chris-wilson.co.uk>
Date:   Thu May 2 16:48:07 2013 +0300

    drm/i915: put context upon switching
    
    In order to be notified of when the context and all of its associated
    objects is idle (for if the context maps to a ppgtt) we need a callback
    from the retire handler. We can arrange this by using the kref_get/put
    of the context for request tracking and by inserting a request to
    demarque the switch away from the old context.
    
    [Ben: fixed minor error to patch compile, AND s/last_context/from/]
    Signed-off-by: Ben Widawsky <ben@bwidawsk.net>
    Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.