https://bugzilla.novell.com/show_bug.cgi?id=844177
https://bugzilla.novell.com/show_bug.cgi?id=844177#c1
Jeff Mahoney changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
AssignedTo|kernel-maintainers@forge.pr |jeffm@suse.com
|ovo.novell.com |
--- Comment #1 from Jeff Mahoney 2013-10-22 15:22:09 EDT ---
Created an attachment (id=564471)
--> (http://bugzilla.novell.com/attachment.cgi?id=564471)
[PATCH] nouveau: Fix race with fence signaling
There exists a tight race between the call to nouveau_fence_done from
nouveau_fence_wait and the call to nouveau_fence_wait_uevent.
nouveau_fence_done checks to see if fence->channel is NULL before calling
nouveau_fence_wait_uevent, but it's not good enough since the dereference
in nouveau_fence_wait_uevent is done outside the lock. Another thread
may have signaled the fence in that tight window and then we Oops
while dereferencing fence->channel->drm at the beginning of
nouveau_fence_wait_uevent.
The good news is that nouveau_fence_wait_uevent only uses fence->channel
directly to grab the chan->drm pointer. If we pass that in directly as
a known good pointer, we can avoid the race. Passing the nouveau_fence_done
check in the caller ensures that the pointer is valid.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
