Quoting Joonas Lahtinen (2017-11-16 11:08:18) > On Wed, 2017-11-15 at 12:14 +0000, Chris Wilson wrote: > > When we call intel_engine_cancel_signaling() to stop reporting whether > > or not a request is completed via an asynchronous signal, we remove that > > request from the breadcrumb wait queue. However, we may be concurrently > > processing that request in the signaler itself, the actual operations on > > the request itself are serialised but we do not actually clear the > > waiter after removing it from the tree allowing both parties to attempt > > to do so and corrupting the rbtree. (Elsewhere removing from the > > breadcrumb wait queue could only be done on behalf of i915_wait_request, > > so this race could not happen). > > > > Reported-by: "He, Bo" <[email protected]> > > Fixes: 9eb143bbec7d ("drm/i915: Allow a request to be cancelled") > > Signed-off-by: Chris Wilson <[email protected]> > > Cc: "He, Bo" <[email protected]> > > Cc: Tvrtko Ursulin <[email protected]> > > Cc: Michał Winiarski <[email protected]> > > Cc: Joonas Lahtinen <[email protected]> > > Reviewed-by: Joonas Lahtinen <[email protected]>
Ta, I was debating how to wait for a t-b, but this is definitely a race between canceling and signaling that needs to be fixed regardless. Pushed, -Chris _______________________________________________ Intel-gfx mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/intel-gfx
