In order to avoid keeping a reference on the i915_vma (which is long
overdue!) we have to coordinate all the possible lifetimes and only use
the vma while we know it is alive. In this episode, we are reminded that
while idle, the closed vma are destroyed. So if the GT idles while we are
working with the vma, the vma itself becomes invalid.
First class i915_vma here we come, but in the meantime keep piling on
the straw.
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Reviewed-by: Matthew Auld <matthew.auld@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20191203155032.3137263-1-chris@chris-wilson.co.uk
                                                       struct i915_vma,
                                                       obj_link))) {
                struct i915_address_space *vm = vma->vm;
+               bool awake = false;
 
-               ret = -EBUSY;
+               ret = -EAGAIN;
                if (!i915_vm_tryopen(vm))
                        break;
 
+               /* Prevent vma being freed by i915_vma_parked as we unbind */
+               if (intel_gt_pm_get_if_awake(vm->gt)) {
+                       awake = true;
+               } else {
+                       if (i915_vma_is_closed(vma)) {
+                               spin_unlock(&obj->vma.lock);
+                               goto err_vm;
+                       }
+               }
+
                list_move_tail(&vma->obj_link, &still_in_list);
                spin_unlock(&obj->vma.lock);
 
+               ret = -EBUSY;
                if (flags & I915_GEM_OBJECT_UNBIND_ACTIVE ||
                    !i915_vma_is_active(vma))
                        ret = i915_vma_unbind(vma);
 
+               if (awake)
+                       intel_gt_pm_put(vm->gt);
+err_vm:
                i915_vm_close(vm);
                spin_lock(&obj->vma.lock);
        }