Gem GTT mmaps..

From: Thomas Hellström
Date: Wed Feb 04 2009 - 17:32:25 EST

Next message: Roland Dreier: "Re: [Bug #12491] i915 lockdep warning"
Previous message: Alexey Zaytsev: "Re: [git pull] scheduler fixes"
Next in thread: Jesse Barnes: "Re: Gem GTT mmaps.."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Jesse,

I have some concerns about the GEM GTT mmap functionality.

First, a gem object pointer is copied to map->offset and then to the vma->vm_private_data without proper reference counting. This pointer is used in i915_gem_fault() to access the gem object. However if the gem object is destroyed and a process then tries to access data in a vma mapping the (now destroyed) object, it would dereference a stale pointer into kernel space? Shouldn't those pointers be reference counted, and to account for fork(), a vm open and close would be needed to reference count corresponding pointers of newly created and destroyed vmas?

Second, the i915_gem_fault method returns VM_FAULT_SIGBUS if vm_insert_pfn() fails with an -EBUSY. I think that's an error, since that would indicate that the pte was already populated by a racing thread.

/Thomas

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Roland Dreier: "Re: [Bug #12491] i915 lockdep warning"
Previous message: Alexey Zaytsev: "Re: [git pull] scheduler fixes"
Next in thread: Jesse Barnes: "Re: Gem GTT mmaps.."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]