From 3ffff01749928ea5ffdae2cecad561898c3b0f71 Mon Sep 17 00:00:00 2001 From: Chris Wilson Date: Tue, 22 Aug 2017 12:05:17 +0100 Subject: drm/i915: Ignore duplicate VMA stored within the per-object handle LUT MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit By using drm_gem_flink/drm_gem_open on an object using the same fd, it is possible for a client to create multiple handles pointing to the same object (tied to the same contexts and VMA), as exemplified by igt::gem_handle_to_libdrm_bo(). Since this duplication has been possible since forever, we cannot assume that the handle:(fpriv, object) is unique and so must handle the multiple users of a single VMA. v2: Added commentary noise. Testcase: igt/gem_close Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=102355 Fixes: d1b48c1e7184 ("drm/i915: Replace execbuf vma ht with an idr") Signed-off-by: Chris Wilson Cc: Tvrtko Ursulin Cc: Joonas Lahtinen Link: https://patchwork.freedesktop.org/patch/msgid/20170822110517.22277-3-chris@chris-wilson.co.uk Tested-by: Marta Lofstedt Reviewed-by: MichaƂ Winiarski --- drivers/gpu/drm/i915/i915_gem.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'drivers/gpu/drm/i915/i915_gem.c') diff --git a/drivers/gpu/drm/i915/i915_gem.c b/drivers/gpu/drm/i915/i915_gem.c index 5dc396c20c06..ac02785fdaff 100644 --- a/drivers/gpu/drm/i915/i915_gem.c +++ b/drivers/gpu/drm/i915/i915_gem.c @@ -3258,7 +3258,13 @@ void i915_gem_close_object(struct drm_gem_object *gem, struct drm_file *file) continue; vma = radix_tree_delete(&ctx->handles_vma, lut->handle); - if (!i915_vma_is_ggtt(vma)) + GEM_BUG_ON(vma->obj != obj); + + /* We allow the process to have multiple handles to the same + * vma, in the same fd namespace, by virtue of flink/open. + */ + GEM_BUG_ON(!vma->open_count); + if (!--vma->open_count && !i915_vma_is_ggtt(vma)) i915_vma_close(vma); list_del(&lut->obj_link); -- cgit v1.2.3