From 60367132a21449c2119f0bb27eef907bc95828af Mon Sep 17 00:00:00 2001 From: Chris Wilson Date: Thu, 16 Mar 2017 20:42:35 +0000 Subject: [PATCH] drm/i915: Avoid use-after-free of ctx in request tracepoints trace_i915_gem_request_out may be used after the request is completed, and so the request may have been retired on another thread, invalidating the rq->ctx. Avoid dereferencing rq->ctx in the tracepoint by switching to the fence context id instead, updating all tracepoints to match. Signed-off-by: Chris Wilson Cc: Tvrtko Ursulin Link: http://patchwork.freedesktop.org/patch/msgid/20170316204235.27786-1-chris@chris-wilson.co.uk Reviewed-by: Tvrtko Ursulin --- drivers/gpu/drm/i915/i915_trace.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/i915/i915_trace.h b/drivers/gpu/drm/i915/i915_trace.h index 5503f5ab1e98..66404c5aee82 100644 --- a/drivers/gpu/drm/i915/i915_trace.h +++ b/drivers/gpu/drm/i915/i915_trace.h @@ -590,7 +590,7 @@ TRACE_EVENT(i915_gem_request_queue, TP_fast_assign( __entry->dev = req->i915->drm.primary->index; __entry->ring = req->engine->id; - __entry->ctx = req->ctx->hw_id; + __entry->ctx = req->fence.context; __entry->seqno = req->fence.seqno; __entry->flags = flags; ), @@ -637,8 +637,8 @@ DECLARE_EVENT_CLASS(i915_gem_request, TP_fast_assign( __entry->dev = req->i915->drm.primary->index; - __entry->ctx = req->ctx->hw_id; __entry->ring = req->engine->id; + __entry->ctx = req->fence.context; __entry->seqno = req->fence.seqno; __entry->global = req->global_seqno; ), @@ -681,7 +681,7 @@ DECLARE_EVENT_CLASS(i915_gem_request_hw, TP_fast_assign( __entry->dev = req->i915->drm.primary->index; __entry->ring = req->engine->id; - __entry->ctx = req->ctx->hw_id; + __entry->ctx = req->fence.context; __entry->seqno = req->fence.seqno; __entry->global_seqno = req->global_seqno; __entry->port = port; @@ -776,7 +776,7 @@ TRACE_EVENT(i915_gem_request_wait_begin, TP_fast_assign( __entry->dev = req->i915->drm.primary->index; __entry->ring = req->engine->id; - __entry->ctx = req->ctx->hw_id; + __entry->ctx = req->fence.context; __entry->seqno = req->fence.seqno; __entry->global = req->global_seqno; __entry->flags = flags; -- 2.20.1