Chris Wilson <[email protected]> writes:
> In intel_wakeref_auto, we use refcount_inc_not_zero to detect the first
> use and initialise the timer. On doing so, we have to avoid using
> refcount_inc on that zero count as the debug code flags that as an
> error:
> refcount_t: increment on 0; use-after-free.
>
Yeah there are reinforced version: refcount_inc_checked, which
I failed to notice.
I guess the good news is that now we have proof that there is
someone watching our six.
> Rearrange the code so that if we know the count is 0 and we are
> initialising, we explicitly set it to 1.
>
> Fixes: b27e35ae5b18 ("drm/i915: Keep user GGTT alive for a minimum of 250ms")
> Signed-off-by: Chris Wilson <[email protected]>
> Cc: Mika Kuoppala <[email protected]>
> ---
> drivers/gpu/drm/i915/intel_wakeref.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/gpu/drm/i915/intel_wakeref.c
> b/drivers/gpu/drm/i915/intel_wakeref.c
> index c2dda5a375f0..c25ba1b5e8ba 100644
> --- a/drivers/gpu/drm/i915/intel_wakeref.c
> +++ b/drivers/gpu/drm/i915/intel_wakeref.c
> @@ -114,11 +114,11 @@ void intel_wakeref_auto(struct intel_wakeref_auto *wf,
> unsigned long timeout)
>
> if (!refcount_inc_not_zero(&wf->count)) {
> spin_lock_irqsave(&wf->lock, flags);
> - if (!refcount_read(&wf->count)) {
> + if (!refcount_inc_not_zero(&wf->count)) {
Ok, overflow is checked with this.
Reviewed-by: Mika Kuoppala <[email protected]>
> GEM_BUG_ON(wf->wakeref);
> wf->wakeref = intel_runtime_pm_get_if_in_use(wf->i915);
> + refcount_set(&wf->count, 1);
> }
> - refcount_inc(&wf->count);
> spin_unlock_irqrestore(&wf->lock, flags);
> }
>
> --
> 2.20.1
_______________________________________________
Intel-gfx mailing list
[email protected]
https://lists.freedesktop.org/mailman/listinfo/intel-gfx
