On Fri, Nov 29, 2013 at 11:44:59AM +0000, Chris Wilson wrote:
> During the vmap() routine for the dma-buf, we first grab the pages and
> then try to allocate a temporary array to pass to the vmap(). However,
> the shrinker can and will reap any object that is unbound if the
> allocation for the array first fails. This includes the object which we
> are attempting to vmap(). The solution is to mark the object's pages as
> pinned whilst we try the allocation to prevent the use-after-free
> introduced by the potential shrinkage.
>
> Signed-off-by: Chris Wilson <[email protected]>
Picked up for -fixes, thanks for the patch.
-Daniel
--
Daniel Vetter
Software Engineer, Intel Corporation
+41 (0) 79 365 57 48 - http://blog.ffwll.ch
_______________________________________________
Intel-gfx mailing list
[email protected]
http://lists.freedesktop.org/mailman/listinfo/intel-gfx
