Nodes stored in the validation duplicates hashtable come from an arena
allocator that is cleared at the end of vmw_execbuf_process. All nodes
are expected to be cleared in vmw_validation_drop_ht but this node escaped
because its resource was destroyed prematurely.
Fixes: 64ad2abfe9a6 ("drm/vmwgfx: Adapt validation code for reference-free
lookups")
Reported-by: Kuzey Arda Bulut <[email protected]>
Signed-off-by: Ian Forbes <[email protected]>
---
drivers/gpu/drm/vmwgfx/vmwgfx_validation.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_validation.c
b/drivers/gpu/drm/vmwgfx/vmwgfx_validation.c
index 7ee93e7191c7..4d0fb71f6211 100644
--- a/drivers/gpu/drm/vmwgfx/vmwgfx_validation.c
+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_validation.c
@@ -308,8 +308,10 @@ int vmw_validation_add_resource(struct
vmw_validation_context *ctx,
hash_add_rcu(ctx->sw_context->res_ht, &node->hash.head,
node->hash.key);
}
node->res = vmw_resource_reference_unless_doomed(res);
- if (!node->res)
+ if (!node->res) {
+ hash_del_rcu(&node->hash.head);
return -ESRCH;
+ }
node->first_usage = 1;
if (!res->dev_priv->has_mob) {
--
2.51.0
