sna: Only couple up a proxy->rq when inserting into the request->buffers list

Otherwise, we may never decouple it again afterwards leading to a dangling pointer dereference. Bugzilla: https://bugs.launchpad.net/ubuntu/+source/xserver-xorg-video-intel/+bug/1289923 Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
author: Chris Wilson <chris@chris-wilson.co.uk> 2014-03-12 12:17:55 +0000
committer: Chris Wilson <chris@chris-wilson.co.uk> 2014-03-12 12:23:53 +0000
commit: 08d73f1a4499cfe7c3121ff2ecdd36729c5f3544 (patch)
tree: 87805704e2a098cb3bad69c3d6e9301212813260 /src
parent: 2f50261539618c30c8470a5795fe5c2440e2318f (diff)
2 files changed, 5 insertions, 1 deletions
diff --git a/src/sna/kgem.c b/src/sna/kgem.c
index 8aef6233..729573a9 100644
--- a/src/sna/kgem.c
+++ b/src/sna/kgem.c
@@ -5841,11 +5841,13 @@ struct kgem_bo *kgem_create_proxy(struct kgem *kgem,
 	bo->proxy = kgem_bo_reference(target);
 	bo->delta = offset;
 
+	/* Proxies are only tracked for busyness on the current rq */
 	if (target->exec && !bo->io) {
+		assert(RQ(target->rq) == kgem->next_request);
 		list_move_tail(&bo->request, &kgem->next_request->buffers);
 		bo->exec = &_kgem_dummy_exec;
+		bo->rq = target->rq;
 	}
-	bo->rq = target->rq;
 
 	return bo;
 }
diff --git a/src/sna/kgem.h b/src/sna/kgem.h
index fdabd504..cb0055e6 100644
--- a/src/sna/kgem.h
+++ b/src/sna/kgem.h
@@ -630,6 +630,8 @@ static inline void __kgem_bo_mark_dirty(struct kgem_bo *bo)
 	     bo->handle, bo->proxy != NULL));
 
 	assert(bo->refcnt);
+	assert(bo->exec);
+	assert(bo->rq);
 
 	bo->exec->flags |= LOCAL_EXEC_OBJECT_WRITE;
 	bo->needs_flush = bo->gpu_dirty = true;
author	Chris Wilson <chris@chris-wilson.co.uk>	2014-03-12 12:17:55 +0000
committer	Chris Wilson <chris@chris-wilson.co.uk>	2014-03-12 12:23:53 +0000
commit	08d73f1a4499cfe7c3121ff2ecdd36729c5f3544 (patch)
tree	87805704e2a098cb3bad69c3d6e9301212813260 /src
parent	2f50261539618c30c8470a5795fe5c2440e2318f (diff)