Commit 8dc1775d authored by Chris Wilson's avatar Chris Wilson Committed by Eric Anholt

drm/i915: Attempt to uncouple object after catastrophic failure in unbind

If we fail to flush outstanding GPU writes but return the memory to the
system, we risk corrupting memory should the GPU recovery and complete
those writes. On the other hand, if we bail early and free the object
then we have a definite use-after-free and real memory corruption.
Choose the lesser of two evils, since in order to recover from the hung
GPU we need to completely reset it, those pending writes should
never happen.
Signed-off-by: default avatarChris Wilson <chris@chris-wilson.co.uk>
Signed-off-by: default avatarEric Anholt <eric@anholt.net>
parent be72615b
...@@ -1967,11 +1967,12 @@ i915_gem_object_unbind(struct drm_gem_object *obj) ...@@ -1967,11 +1967,12 @@ i915_gem_object_unbind(struct drm_gem_object *obj)
* before we unbind. * before we unbind.
*/ */
ret = i915_gem_object_set_to_cpu_domain(obj, 1); ret = i915_gem_object_set_to_cpu_domain(obj, 1);
if (ret) { if (ret == -ERESTARTSYS)
if (ret != -ERESTARTSYS)
DRM_ERROR("set_domain failed: %d\n", ret);
return ret; return ret;
} /* Continue on if we fail due to EIO, the GPU is hung so we
* should be safe and we need to cleanup or else we might
* cause memory corruption through use-after-free.
*/
BUG_ON(obj_priv->active); BUG_ON(obj_priv->active);
...@@ -2007,7 +2008,7 @@ i915_gem_object_unbind(struct drm_gem_object *obj) ...@@ -2007,7 +2008,7 @@ i915_gem_object_unbind(struct drm_gem_object *obj)
trace_i915_gem_object_unbind(obj); trace_i915_gem_object_unbind(obj);
return 0; return ret;
} }
static struct drm_gem_object * static struct drm_gem_object *
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment