Op 02-05-18 om 20:32 schreef Ville Syrjala: > From: Ville Syrjälä <[email protected]> > > Clear the old_state and new_state pointers for every object in > drm_atomic_state_default_clear(). Otherwise > drm_atomic_get_{new,old}_*_state() will hand out stale pointers to > anyone who hasn't first confirmed that the object is in fact part of > the current atomic transcation, if they are called after we've done > the ww backoff dance while hanging on to the same drm_atomic_state. > > For example, handle_conflicting_encoders() looks like it could hit > this since it iterates the full connector list and just calls > drm_atomic_get_new_connector_state() for each. > > And I believe we have now witnessed this happening at least once in > i915 check_digital_port_conflicts(). Commit 8b69449d2663 ("drm/i915: > Remove last references to drm_atomic_get_existing* macros") changed > the safe drm_atomic_get_existing_connector_state() to the unsafe > drm_atomic_get_new_connector_state(), which opened the doors for > this particular bug there as well. > > Cc: [email protected] > Cc: Maarten Lankhorst <[email protected]> > Cc: Laurent Pinchart <[email protected]> > Cc: Abhay Kumar <[email protected]> > Fixes: 581e49fe6b41 ("drm/atomic: Add new iterators over all state, v3.") > Signed-off-by: Ville Syrjälä <[email protected]> > --- OUCH! Good catch..
~Maarten Reviewed-by: Maarten Lankhorst <[email protected]> How come KASAN didn't complain? _______________________________________________ Intel-gfx mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/intel-gfx
