summaryrefslogtreecommitdiff
path: root/virt
diff options
context:
space:
mode:
authorJohn Harrison <John.C.Harrison@Intel.com>2016-04-01 15:22:57 +0100
committerJohn Harrison <John.C.Harrison@Intel.com>2016-05-06 14:12:43 +0100
commitaedfea71d24ad95ea120871045263a080f69c65b (patch)
tree0c1d00a7e90bdf47dfcba8bde3741c1f383a10f8 /virt
parente80d58939935d29ed029933a527bda41b8a3d5d6 (diff)
drm/i915: Fix clean up of file client list on execbuff failure
If an execbuff IOCTL call fails for some reason, it would leave the request in the client list. The request clean up code would remove this but only later on and only after the reference count has dropped to zero. The entire sequence is contained within the driver mutex lock. However, there is still a hole such that any code which does not require the mutex lock could still find the request on the client list and start using it. That would lead to broken reference counts, use of dangling pointers and all sorts of other nastiness. The throttle IOCTL in particular does not acquire the mutex and does process the client list. And the likely situation of the execbuff IOCTL failing is when the system is busy with lots of work outstanding. That is exactly the situation where the throttle IOCTL would try to wait on a request. Currently, this hole is tiny - the gap between the reference count dropping to zero and the free function being called in response. However the next patch in this series enlarges that gap considerably by deferring the free function (to remove the need for the mutex lock when unreferencing requests). v7: New patch in series. Signed-off-by: John Harrison <John.C.Harrison@Intel.com>
Diffstat (limited to 'virt')
0 files changed, 0 insertions, 0 deletions