提交 eeacd86e 编写于 作者: C Chris Wilson 提交者: Zhenyu Wang

drm/i915/gvt: Remove dangerous unpin of backing storage of bound GPU object

Unpinning the pages prior to the object being release from the GPU may
allow the GPU to read and write into system pages (i.e. use after free
by the hw).
Signed-off-by: NChris Wilson <chris@chris-wilson.co.uk>
Signed-off-by: NZhenyu Wang <zhenyuw@linux.intel.com>
上级 b6d89142
...@@ -405,7 +405,11 @@ static void prepare_shadow_batch_buffer(struct intel_vgpu_workload *workload) ...@@ -405,7 +405,11 @@ static void prepare_shadow_batch_buffer(struct intel_vgpu_workload *workload)
gvt_err("Cannot pin\n"); gvt_err("Cannot pin\n");
return; return;
} }
i915_gem_object_unpin_pages(entry_obj->obj);
/* FIXME: we are not tracking our pinned VMA leaving it
* up to the core to fix up the stray pin_count upon
* free.
*/
/* update the relocate gma with shadow batch buffer*/ /* update the relocate gma with shadow batch buffer*/
set_gma_to_bb_cmd(entry_obj, set_gma_to_bb_cmd(entry_obj,
...@@ -455,7 +459,11 @@ static void prepare_shadow_wa_ctx(struct intel_shadow_wa_ctx *wa_ctx) ...@@ -455,7 +459,11 @@ static void prepare_shadow_wa_ctx(struct intel_shadow_wa_ctx *wa_ctx)
gvt_err("Cannot pin indirect ctx obj\n"); gvt_err("Cannot pin indirect ctx obj\n");
return; return;
} }
i915_gem_object_unpin_pages(wa_ctx->indirect_ctx.obj);
/* FIXME: we are not tracking our pinned VMA leaving it
* up to the core to fix up the stray pin_count upon
* free.
*/
wa_ctx->indirect_ctx.shadow_gma = i915_ggtt_offset(vma); wa_ctx->indirect_ctx.shadow_gma = i915_ggtt_offset(vma);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册