From 7e5f3d30860ad10a03eece2a0f34633b3f16d2e3 Mon Sep 17 00:00:00 2001 From: Changbin Du Date: Thu, 9 Feb 2017 16:50:15 +0800 Subject: [PATCH] drm/i915/gvt: fix crash at function release_shadow_wa_ctx In function dispatch_workload(), if it fail before calling intel_gvt_scan_and_shadow_wa_ctx(), the indirect ctx will not be shadowed so no cleaup need. wa_ctx->indirect_ctx.obj indicate whether indirect_ctx is shadowed. The obj is null if it is unshadowed. BUG: unable to handle kernel NULL pointer dereference at 00000000000001a0 IP: complete_execlist_workload+0x2c9/0x3e0 [i915] Oops: 0002 [#1] SMP task: ffff939546d2d880 task.stack: ffffbd9b82ac4000 RIP: 0010:complete_execlist_workload+0x2c9/0x3e0 [i915] RSP: 0018:ffffbd9b82ac7dd8 EFLAGS: 00010202 RAX: 0000000000000000 RBX: ffff9393c725b540 RCX: 0000000000000006 RDX: 0000000000000007 RSI: 0000000000000202 RDI: ffff939559c8dd00 RBP: ffffbd9b82ac7e18 R08: 0000000000000001 R09: 000000000120dd8f R10: 0000000000000000 R11: 000000000120dd8f R12: ffff9393c725b540 R13: ffff9393c725b618 R14: ffffbd9b81f0d000 R15: ffff939520e0e000 FS: 0000000000000000(0000) GS:ffff939559c80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000001a0 CR3: 000000043d664000 CR4: 00000000003426e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: workload_thread+0x312/0xd70 [i915] ? __wake_up_sync+0x20/0x20 ? wake_atomic_t_function+0x60/0x60 kthread+0x101/0x140 Signed-off-by: Changbin Du Signed-off-by: Zhenyu Wang --- drivers/gpu/drm/i915/gvt/execlist.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/i915/gvt/execlist.c b/drivers/gpu/drm/i915/gvt/execlist.c index f32bb6f6495c..136c6e77561a 100644 --- a/drivers/gpu/drm/i915/gvt/execlist.c +++ b/drivers/gpu/drm/i915/gvt/execlist.c @@ -515,7 +515,7 @@ static void release_shadow_batch_buffer(struct intel_vgpu_workload *workload) static void release_shadow_wa_ctx(struct intel_shadow_wa_ctx *wa_ctx) { - if (wa_ctx->indirect_ctx.size == 0) + if (!wa_ctx->indirect_ctx.obj) return; i915_gem_object_unpin_map(wa_ctx->indirect_ctx.obj);