If the context being destroyed have been last in the ring, the ring->last_context will be left dangling.
Later, the unpinning will happen for last_context, and as it was already freed, we corrupt memory by doing so. This regression introduced in commit 6d65ba943a2d1e4292a07ca7ddb6c5138b9efa5d Author: Nick Hoath <[email protected]> Date: Tue Dec 1 14:48:57 2015 +0000 drm/i915: Extend LRC pinning to cover GPU context writeback Fix this by clearing the ring->last_context if it is the context being destroyed. Cc: Nick Hoath <[email protected]> Cc: Daniel Vetter <[email protected]> Cc: David Gordon <[email protected]> Cc: Chris Wilson <[email protected]> Cc: Alex Dai <[email protected]> Signed-off-by: Mika Kuoppala <[email protected]> --- drivers/gpu/drm/i915/intel_lrc.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/gpu/drm/i915/intel_lrc.c b/drivers/gpu/drm/i915/intel_lrc.c index c3504a0..5c26fde 100644 --- a/drivers/gpu/drm/i915/intel_lrc.c +++ b/drivers/gpu/drm/i915/intel_lrc.c @@ -2432,6 +2432,9 @@ intel_lr_context_clean_ring(struct intel_context *ctx, } } + if (ring->last_context == ctx) + ring->last_context = NULL; + WARN_ON(ctx->engine[ring->id].pin_count); intel_ringbuffer_free(ringbuf); drm_gem_object_unreference(&ctx_obj->base); -- 2.5.0 _______________________________________________ Intel-gfx mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/intel-gfx
