drm/i915: Avoid use-after-free of ctx in request tracepoints
authorChris Wilson <chris@chris-wilson.co.uk>
Thu, 16 Mar 2017 20:42:35 +0000 (20:42 +0000)
committerChris Wilson <chris@chris-wilson.co.uk>
Fri, 17 Mar 2017 07:59:48 +0000 (07:59 +0000)
trace_i915_gem_request_out may be used after the request is completed,
and so the request may have been retired on another thread, invalidating
the rq->ctx. Avoid dereferencing rq->ctx in the tracepoint by switching
to the fence context id instead, updating all tracepoints to match.

Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Link: http://patchwork.freedesktop.org/patch/msgid/20170316204235.27786-1-chris@chris-wilson.co.uk
Reviewed-by: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
drivers/gpu/drm/i915/i915_trace.h

index 5503f5ab1e986acc36b2f77921f4aef6f0931ab1..66404c5aee82e501a263c52098500abd28304d9a 100644 (file)
@@ -590,7 +590,7 @@ TRACE_EVENT(i915_gem_request_queue,
            TP_fast_assign(
                           __entry->dev = req->i915->drm.primary->index;
                           __entry->ring = req->engine->id;
-                          __entry->ctx = req->ctx->hw_id;
+                          __entry->ctx = req->fence.context;
                           __entry->seqno = req->fence.seqno;
                           __entry->flags = flags;
                           ),
@@ -637,8 +637,8 @@ DECLARE_EVENT_CLASS(i915_gem_request,
 
            TP_fast_assign(
                           __entry->dev = req->i915->drm.primary->index;
-                          __entry->ctx = req->ctx->hw_id;
                           __entry->ring = req->engine->id;
+                          __entry->ctx = req->fence.context;
                           __entry->seqno = req->fence.seqno;
                           __entry->global = req->global_seqno;
                           ),
@@ -681,7 +681,7 @@ DECLARE_EVENT_CLASS(i915_gem_request_hw,
                    TP_fast_assign(
                                   __entry->dev = req->i915->drm.primary->index;
                                   __entry->ring = req->engine->id;
-                                  __entry->ctx = req->ctx->hw_id;
+                                  __entry->ctx = req->fence.context;
                                   __entry->seqno = req->fence.seqno;
                                   __entry->global_seqno = req->global_seqno;
                                   __entry->port = port;
@@ -776,7 +776,7 @@ TRACE_EVENT(i915_gem_request_wait_begin,
            TP_fast_assign(
                           __entry->dev = req->i915->drm.primary->index;
                           __entry->ring = req->engine->id;
-                          __entry->ctx = req->ctx->hw_id;
+                          __entry->ctx = req->fence.context;
                           __entry->seqno = req->fence.seqno;
                           __entry->global = req->global_seqno;
                           __entry->flags = flags;