drm/i915/gvt: fix use after free for workload
authorChangbin Du <changbin.du@intel.com>
Thu, 5 Jan 2017 05:28:05 +0000 (13:28 +0800)
committerZhenyu Wang <zhenyuw@linux.intel.com>
Mon, 9 Jan 2017 03:05:56 +0000 (11:05 +0800)
In the function workload_thread(), we invoke complete_current_workload()
to cleanup the just processed workload (workload will be freed there).
So we cannot access workload->req after that. This patch move
complete_current_workload() afterward.

Signed-off-by: Changbin Du <changbin.du@intel.com>
Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com>
drivers/gpu/drm/i915/gvt/scheduler.c

index 4db24225023520b879b12fce1a924cc236384bd5..c694dd039f3bbc408e2218986fb383e656210726 100644 (file)
@@ -459,11 +459,11 @@ complete:
                gvt_dbg_sched("will complete workload %p\n, status: %d\n",
                                workload, workload->status);
 
-               complete_current_workload(gvt, ring_id);
-
                if (workload->req)
                        i915_gem_request_put(fetch_and_zero(&workload->req));
 
+               complete_current_workload(gvt, ring_id);
+
                if (need_force_wake)
                        intel_uncore_forcewake_put(gvt->dev_priv,
                                        FORCEWAKE_ALL);