Commit 60367132 authored by Chris Wilson's avatar Chris Wilson

drm/i915: Avoid use-after-free of ctx in request tracepoints

trace_i915_gem_request_out may be used after the request is completed,
and so the request may have been retired on another thread, invalidating
the rq->ctx. Avoid dereferencing rq->ctx in the tracepoint by switching
to the fence context id instead, updating all tracepoints to match.
Signed-off-by: default avatarChris Wilson <chris@chris-wilson.co.uk>
Cc: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Link: http://patchwork.freedesktop.org/patch/msgid/20170316204235.27786-1-chris@chris-wilson.co.ukReviewed-by: default avatarTvrtko Ursulin <tvrtko.ursulin@intel.com>
parent a533b4ba
...@@ -590,7 +590,7 @@ TRACE_EVENT(i915_gem_request_queue, ...@@ -590,7 +590,7 @@ TRACE_EVENT(i915_gem_request_queue,
TP_fast_assign( TP_fast_assign(
__entry->dev = req->i915->drm.primary->index; __entry->dev = req->i915->drm.primary->index;
__entry->ring = req->engine->id; __entry->ring = req->engine->id;
__entry->ctx = req->ctx->hw_id; __entry->ctx = req->fence.context;
__entry->seqno = req->fence.seqno; __entry->seqno = req->fence.seqno;
__entry->flags = flags; __entry->flags = flags;
), ),
...@@ -637,8 +637,8 @@ DECLARE_EVENT_CLASS(i915_gem_request, ...@@ -637,8 +637,8 @@ DECLARE_EVENT_CLASS(i915_gem_request,
TP_fast_assign( TP_fast_assign(
__entry->dev = req->i915->drm.primary->index; __entry->dev = req->i915->drm.primary->index;
__entry->ctx = req->ctx->hw_id;
__entry->ring = req->engine->id; __entry->ring = req->engine->id;
__entry->ctx = req->fence.context;
__entry->seqno = req->fence.seqno; __entry->seqno = req->fence.seqno;
__entry->global = req->global_seqno; __entry->global = req->global_seqno;
), ),
...@@ -681,7 +681,7 @@ DECLARE_EVENT_CLASS(i915_gem_request_hw, ...@@ -681,7 +681,7 @@ DECLARE_EVENT_CLASS(i915_gem_request_hw,
TP_fast_assign( TP_fast_assign(
__entry->dev = req->i915->drm.primary->index; __entry->dev = req->i915->drm.primary->index;
__entry->ring = req->engine->id; __entry->ring = req->engine->id;
__entry->ctx = req->ctx->hw_id; __entry->ctx = req->fence.context;
__entry->seqno = req->fence.seqno; __entry->seqno = req->fence.seqno;
__entry->global_seqno = req->global_seqno; __entry->global_seqno = req->global_seqno;
__entry->port = port; __entry->port = port;
...@@ -776,7 +776,7 @@ TRACE_EVENT(i915_gem_request_wait_begin, ...@@ -776,7 +776,7 @@ TRACE_EVENT(i915_gem_request_wait_begin,
TP_fast_assign( TP_fast_assign(
__entry->dev = req->i915->drm.primary->index; __entry->dev = req->i915->drm.primary->index;
__entry->ring = req->engine->id; __entry->ring = req->engine->id;
__entry->ctx = req->ctx->hw_id; __entry->ctx = req->fence.context;
__entry->seqno = req->fence.seqno; __entry->seqno = req->fence.seqno;
__entry->global = req->global_seqno; __entry->global = req->global_seqno;
__entry->flags = flags; __entry->flags = flags;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment