aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorThomas Hellstrom <thellstrom@vmware.com>2009-12-02 18:33:46 +0100
committerDave Airlie <airlied@redhat.com>2009-12-16 15:34:40 +1000
commit9c51ba1db37cab780f38b2210913959f22d7b830 (patch)
tree78136ca9c2fc00cd0550703fe07ae7ada55c11b9
parentaaa207369436d04bb85382ddbb688a5b9461fd21 (diff)
downloadkernel_samsung_smdk4412-9c51ba1db37cab780f38b2210913959f22d7b830.tar.gz
kernel_samsung_smdk4412-9c51ba1db37cab780f38b2210913959f22d7b830.tar.bz2
kernel_samsung_smdk4412-9c51ba1db37cab780f38b2210913959f22d7b830.zip
drm/ttm: Fix potential ttm_mem_evict_first races.
1) The function was previously called with a potentially empty LRU list which would have lead to an OOPS or servere corruption. 2) In rare cases, after reservation has succeeded, another process may already have evicted it or even pinned it. We must revalidate the buffer status after releasing the lru lock. Signed-off-by: Thomas Hellstrom <thellstrom@vmware.com> Signed-off-by: Dave Airlie <airlied@redhat.com>
-rw-r--r--drivers/gpu/drm/ttm/ttm_bo.c36
1 files changed, 31 insertions, 5 deletions
diff --git a/drivers/gpu/drm/ttm/ttm_bo.c b/drivers/gpu/drm/ttm/ttm_bo.c
index 7927fe99d01..826240d4d67 100644
--- a/drivers/gpu/drm/ttm/ttm_bo.c
+++ b/drivers/gpu/drm/ttm/ttm_bo.c
@@ -685,19 +685,45 @@ static int ttm_mem_evict_first(struct ttm_bo_device *bdev,
struct ttm_buffer_object *bo;
int ret, put_count = 0;
+retry:
spin_lock(&glob->lru_lock);
+ if (list_empty(&man->lru)) {
+ spin_unlock(&glob->lru_lock);
+ return -EBUSY;
+ }
+
bo = list_first_entry(&man->lru, struct ttm_buffer_object, lru);
kref_get(&bo->list_kref);
- ret = ttm_bo_reserve_locked(bo, interruptible, no_wait, false, 0);
- if (likely(ret == 0))
- put_count = ttm_bo_del_from_lru(bo);
+
+ ret = ttm_bo_reserve_locked(bo, false, true, false, 0);
+
+ if (unlikely(ret == -EBUSY)) {
+ spin_unlock(&glob->lru_lock);
+ if (likely(!no_wait))
+ ret = ttm_bo_wait_unreserved(bo, interruptible);
+
+ kref_put(&bo->list_kref, ttm_bo_release_list);
+
+ /**
+ * We *need* to retry after releasing the lru lock.
+ */
+
+ if (unlikely(ret != 0))
+ return ret;
+ goto retry;
+ }
+
+ put_count = ttm_bo_del_from_lru(bo);
spin_unlock(&glob->lru_lock);
- if (unlikely(ret != 0))
- return ret;
+
+ BUG_ON(ret != 0);
+
while (put_count--)
kref_put(&bo->list_kref, ttm_bo_ref_bug);
+
ret = ttm_bo_evict(bo, interruptible, no_wait);
ttm_bo_unreserve(bo);
+
kref_put(&bo->list_kref, ttm_bo_release_list);
return ret;
}