On Fri, Sep 26, 2025 at 3:54 PM Ian Forbes <[email protected]> wrote: > > Nodes stored in the validation duplicates hashtable come from an arena > allocator that is cleared at the end of vmw_execbuf_process. All nodes > are expected to be cleared in vmw_validation_drop_ht but this node escaped > because its resource was destroyed prematurely. > > Fixes: 64ad2abfe9a6 ("drm/vmwgfx: Adapt validation code for reference-free > lookups") > Reported-by: Kuzey Arda Bulut <[email protected]> > Signed-off-by: Ian Forbes <[email protected]> > --- > drivers/gpu/drm/vmwgfx/vmwgfx_validation.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_validation.c > b/drivers/gpu/drm/vmwgfx/vmwgfx_validation.c > index 7ee93e7191c7..4d0fb71f6211 100644 > --- a/drivers/gpu/drm/vmwgfx/vmwgfx_validation.c > +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_validation.c > @@ -308,8 +308,10 @@ int vmw_validation_add_resource(struct > vmw_validation_context *ctx, > hash_add_rcu(ctx->sw_context->res_ht, &node->hash.head, > node->hash.key); > } > node->res = vmw_resource_reference_unless_doomed(res); > - if (!node->res) > + if (!node->res) { > + hash_del_rcu(&node->hash.head); > return -ESRCH; > + } > > node->first_usage = 1; > if (!res->dev_priv->has_mob) { > -- > 2.51.0 >
Thanks for finding this. Reviewed-by: Zack Rusin <[email protected]> z
smime.p7s
Description: S/MIME Cryptographic Signature
