On Fri, 13 Jul 2012 17:37:14 +0200, Daniel Vetter <dan...@ffwll.ch> wrote: > On Fri, Jul 13, 2012 at 02:14:05PM +0100, Chris Wilson wrote: > > Otherwise we end up trying to unpin a freed object and BUG. > > > > Signed-off-by: Chris Wilson <ch...@chris-wilson.co.uk> > > Cc: Ben Widawsky <b...@bwidawsk.net> > > Afact this patch contains quite some code refactoring that does not > relate directly to the fix (or if it does, I fail to see the direct > relevance). So I think this either needs an explanation in the commit > message or be put into a separate patch (I agree though for actual code > cleanups). > > For the fix itself I seem to be a bit dense again - the only thing I see > is that you move the refcount handling into do_switch. Afacs we do the > ref-handling in both cases only when do_switch is successful, and also > right at the end of do_switch (or right afterwards). So can you please > enlighten your clueless maintainer a bit an explain how things blow up?
The fix is that the reference handling was only done on one path, not both. Hence the default_ctx ends up being used-after-free. The rest of it was just unwinding the code to get to finding the bug... -Chris -- Chris Wilson, Intel Open Source Technology Centre _______________________________________________ Intel-gfx mailing list Intel-gfx@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/intel-gfx
