DL-Mirrors/kernel-tenderloin-3.0
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8a9472dd94de126fc9f1d79e9dfd6a76d363a2c3
kernel-tenderloin-3.0/drivers/gpu/drm/nouveau
History
Ben Skeggs e1cf4ad959 drm/nouveau/gem: fix fence_sync race / oops 
commit 525895ba388c949aa906f26e3ec5cb1ab041f56b upstream.

Due to a race it was possible for a fence to be destroyed while another
thread was trying to synchronise with it.  If this happened in the fallback
non-semaphore path, it lead to the following oops due to fence->channel
being NULL.

BUG: unable to handle kernel NULL pointer dereference at   (null)
IP: [<fa9632ce>] nouveau_fence_update+0xe/0xe0 [nouveau]
*pde = a649c067
SMP
Modules linked in: fuse nouveau(O) ttm(O) drm_kms_helper(O) drm(O) mxm_wmi video wmi netconsole configfs lockd bnep bluetooth rfkill ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 nf_conntrack_ipv4 nf_defrag_ipv4 xt_state nf_conntrack ip6table_filter ip6_tables snd_hda_codec_realtek snd_hda_intel snd_hda_cobinfmt_misc uinput ata_generic pata_acpi pata_aet2c_algo_bit i2c_core [last unloaded: wmi]

Pid: 2255, comm: gnome-shell Tainted: G           O 3.2.0-0.rc5.git0.1.fc17.i686 #1 System manufacturer System Product Name/M2A-VM
EIP: 0060:[<fa9632ce>] EFLAGS: 00010296 CPU: 1
EIP is at nouveau_fence_update+0xe/0xe0 [nouveau]
EAX: 00000000 EBX: ddfc6dd0 ECX: dd111580 EDX: 00000000
ESI: 00003e80 EDI: dd111580 EBP: dd121d00 ESP: dd121ce8
 DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
Process gnome-shell (pid: 2255, ti=dd120000 task=dd111580 task.ti=dd120000)
Stack:
 7dc86c76 00000000 00003e80 ddfc6dd0 00003e80 dd111580 dd121d0c fa96371f
 00000000 dd121d3c fa963773 dd111580 01000246 000ec53d 00000000 ddfc6dd0
 00001f40 00000000 ddfc6dd0 00000010 dc7df840 dd121d6c fa9639a0 00000000
Call Trace:
 [<fa96371f>] __nouveau_fence_signalled+0x1f/0x30 [nouveau]
 [<fa963773>] __nouveau_fence_wait+0x43/0xd0 [nouveau]
 [<fa9639a0>] nouveau_fence_sync+0x1a0/0x1c0 [nouveau]
 [<fa964046>] validate_list+0x176/0x300 [nouveau]
 [<f7d9c9c0>] ? ttm_bo_mem_put+0x30/0x30 [ttm]
 [<fa964b8a>] nouveau_gem_ioctl_pushbuf+0x48a/0xfd0 [nouveau]
 [<c0406481>] ? die+0x31/0x80
 [<f7c93d98>] drm_ioctl+0x388/0x490 [drm]
 [<c0406481>] ? die+0x31/0x80
 [<fa964700>] ? nouveau_gem_ioctl_new+0x150/0x150 [nouveau]
 [<c0635c7b>] ? file_has_perm+0xcb/0xe0
 [<f7c93a10>] ? drm_copy_field+0x80/0x80 [drm]
 [<c0564f56>] do_vfs_ioctl+0x86/0x5b0
 [<c0406481>] ? die+0x31/0x80
 [<c0635f22>] ? selinux_file_ioctl+0x62/0x130
 [<c0554f30>] ? fget_light+0x30/0x340
 [<c05654ef>] sys_ioctl+0x6f/0x80
 [<c099e3a4>] syscall_call+0x7/0xb
 [<c0406481>] ? die+0x31/0x80
 [<c0406481>] ? die+0x31/0x80

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-02-13 11:06:07 -08:00
..
Kconfig
drm: fix nouveau_acpi build
2011-05-16 11:57:20 +10:00
Makefile
drm/nv50: rename nv84_mpeg to nv50_mpeg
2011-05-16 10:49:04 +10:00
nouveau_acpi.c
drm/nouveau: drop leftover debugging
2011-06-20 15:27:18 +10:00
nouveau_backlight.c
nouveau: change the backlight parent device to the connector, not the PCI dev
2011-03-22 17:43:59 -07:00
nouveau_bios.c
drm/nouveau: recognise DCB connector type 0x41 as LVDS
2011-05-16 10:50:13 +10:00
nouveau_bios.h
drm/nouveau: recognise DCB connector type 0x41 as LVDS
2011-05-16 10:50:13 +10:00
nouveau_bo.c
Merge remote branch 'intel/drm-intel-next' of ../drm-next into drm-core-next
2011-03-14 14:15:13 +10:00
nouveau_calc.c
nouveau_channel.c
drm/nouveau: initialize chan->fence.lock before use
2011-11-21 14:31:16 -08:00
nouveau_connector.c
drm/nouveau: recognise DCB connector type 0x41 as LVDS
2011-05-16 10:50:13 +10:00
nouveau_connector.h
nouveau_crtc.h
nouveau_debugfs.c
nouveau_display.c
drm/nouveau: remove remnants of nouveau_pgraph_engine
2011-05-16 10:48:45 +10:00
nouveau_dma.c
drm/nouveau: fix allocation of notifier object
2011-04-20 08:51:34 +10:00
nouveau_dma.h
drm/nouveau: remove no_vm/mappable flags from nouveau_bo
2011-02-25 06:45:34 +10:00
nouveau_dp.c
drm/nouveau: silence some compiler warnings
2011-02-25 06:44:22 +10:00
nouveau_drv.c
drm/nouveau: remove remnants of nouveau_pgraph_engine
2011-05-16 10:48:45 +10:00
nouveau_drv.h
drm/nva3/clk: better pll calculation when no fractional fb div available
2011-05-16 10:50:59 +10:00
nouveau_encoder.h
nouveau_fb.h
drm/nv50-nvc0: precalculate some fb state when creating them
2011-02-25 06:45:08 +10:00
nouveau_fbcon.c
drm/nouveau: fix notifier memory corruption bug
2011-04-20 08:51:31 +10:00
nouveau_fbcon.h
drm/nvc0: implement fbcon acceleration
2010-12-21 17:18:39 +10:00
nouveau_fence.c
drm/nouveau: initialize chan->fence.lock before use
2011-11-21 14:31:16 -08:00
nouveau_gem.c
drm/nouveau/gem: fix fence_sync race / oops
2012-02-13 11:06:07 -08:00
nouveau_grctx.h
drm/nouveau: Fix missing whitespace checkpatch.pl errors.
2011-05-16 10:47:25 +10:00
nouveau_hw.c
drm/nv17-nv40: Fix modesetting failure when pitch == 4096px (fdo bug 35901).
2011-06-07 09:22:29 +10:00
nouveau_hw.h
nouveau_i2c.c
nouveau_i2c.h
nouveau_ioc32.c
nouveau_irq.c
nouveau_mem.c
drm/nv40: fall back to paged dma object for the moment
2011-06-07 09:23:03 +10:00
nouveau_mm.c
drm/nouveau: fix regression causing ttm to not be able to evict vram
2011-03-08 07:03:01 +10:00
nouveau_mm.h
drm/nouveau: rename nouveau_vram to nouveau_mem
2011-02-25 06:45:55 +10:00
nouveau_notifier.c
drm/nouveau: fix pinning of notifier block
2011-04-20 08:51:23 +10:00
nouveau_object.c
drm/nouveau: remove remnants of nouveau_pgraph_engine
2011-05-16 10:48:45 +10:00
nouveau_perf.c
drm/nouveau/pm: Prevent overflow in nouveau_perf_init()
2011-06-18 14:38:38 +10:00
nouveau_pm.c
drm/nouveau: Associate memtimings with performance levels on cards <= nv98
2011-05-16 10:50:30 +10:00
nouveau_pm.h
nouveau_ramht.c
drm/nv50-nvc0: fix ramht entries for multiple evo channels
2011-02-25 06:44:48 +10:00
nouveau_ramht.h
nouveau_reg.h
drm/nouveau: Fix missing whitespace checkpatch.pl errors.
2011-05-16 10:47:25 +10:00
nouveau_sgdma.c
drm/nouveau: properly handle allocation failure in nouveau_sgdma_populate
2011-10-03 11:40:14 -07:00
nouveau_state.c
Revert "drm/nvc0: recognise 0xdX chipsets as NV_C0"
2011-07-02 07:10:20 +10:00
nouveau_temp.c
drm/nouveau: use I2C_MODULE_PREFIX kernel define
2011-02-25 06:44:33 +10:00
nouveau_ttm.c
nouveau_util.c
drm/nouveau: add nouveau_enum_find() util function
2011-03-14 16:31:50 +10:00
nouveau_util.h
drm/nouveau: add nouveau_enum_find() util function
2011-03-14 16:31:50 +10:00
nouveau_vm.c
drm/nouveau: fix vram page mapping when crossing page table boundaries
2011-06-07 09:22:48 +10:00
nouveau_vm.h
drm/nv50/gr: move to exec engine interfaces
2011-05-16 10:48:06 +10:00
nouveau_volt.c
drm/nouveau: use static vidshift of 2 on volt 0x30 tables
2011-05-16 10:47:47 +10:00
nv04_crtc.c
drm/nv17-nv40: Fix modesetting failure when pitch == 4096px (fdo bug 35901).
2011-06-07 09:22:29 +10:00
nv04_cursor.c
nv04_dac.c
drm/nouveau: introduce a util function to wait on reg != val
2010-12-08 03:00:36 +01:00
nv04_dfp.c
drm/nouveau: fix oops on unload with disabled LVDS panel
2011-04-05 11:07:05 +10:00
nv04_display.c
nv04_fb.c
nv04_fbcon.c
drm/nouveau: implicitly insert non-DMA objects into RAMHT
2010-12-08 03:00:35 +01:00
nv04_fifo.c
drm/nv50: check for vm traps on every gr irq
2011-03-14 16:32:30 +10:00
nv04_graph.c
drm/nv04/gr: move to exec engine interfaces
2011-05-16 10:48:27 +10:00
nv04_instmem.c
drm/nouveau: Free nv04 instmem ramin heap at card takedown
2011-05-16 10:49:58 +10:00
nv04_mc.c
nv04_pm.c
nv04_timer.c
nv04_tv.c
nv10_fb.c
nv10_fifo.c
drm/nouveau: make fifo.create_context() responsible for mapping control regs
2010-12-08 03:00:34 +01:00
nv10_gpio.c
nv10_graph.c
drm/nouveau: move set_tile_region to nouveau_exec_engine
2011-05-16 10:48:33 +10:00
nv17_tv_modes.c
drm: Mark constant arrays of drm_display_mode const
2011-02-23 11:13:11 +10:00
nv17_tv.c
drm: Mark constant arrays of drm_display_mode const
2011-02-23 11:13:11 +10:00
nv17_tv.h
drm: Mark constant arrays of drm_display_mode const
2011-02-23 11:13:11 +10:00
nv20_graph.c
drm/nouveau: remove remnants of nouveau_pgraph_engine
2011-05-16 10:48:45 +10:00
nv30_fb.c
nv40_fb.c
drm/nv40: implement support for on-chip PCIEGART
2011-02-25 06:44:04 +10:00
nv40_fifo.c
drm/nv40/vpe: add support for PMPEG
2011-05-16 10:48:56 +10:00
nv40_graph.c
drm/nv40/gr: oops, fix random bits getting set in engine obj
2011-05-16 10:49:47 +10:00
nv40_grctx.c
drm/nv40: make detection of 0x4097-ful chipsets available everywhere
2011-01-17 11:28:31 +10:00
nv40_mc.c
drm/nv40: initialise 0x17xx on all chipsets that have it
2011-01-17 11:28:43 +10:00
nv40_mpeg.c
drm/nv40/vpe: add support for PMPEG
2011-05-16 10:48:56 +10:00
nv50_calc.c
drm/nva3/clk: better pll calculation when no fractional fb div available
2011-05-16 10:50:59 +10:00
nv50_crtc.c
drm/nouveau: make cursor_set implementation consistent with other drivers
2011-05-16 10:51:05 +10:00
nv50_cursor.c
drm/nv50-nvc0: rename disp->evo to disp->master
2011-02-25 06:44:42 +10:00
nv50_dac.c
drm/nv50-nvc0: rename disp->evo to disp->master
2011-02-25 06:44:42 +10:00
nv50_display.c
drm/nv50/disp: fix gamma with page flipping overlay turned on
2011-06-18 14:38:45 +10:00
nv50_display.h
drm/nv50-nvc0: initialise display sync channels
2011-02-25 06:45:11 +10:00
nv50_evo.c
drm/nv50-nvc0: work around an evo channel hang that some people see
2011-04-05 11:07:16 +10:00
nv50_evo.h
drm/nv50-nvc0: initialise display sync channels
2011-02-25 06:45:11 +10:00
nv50_fb.c
drm/nv50: check for vm traps on every gr irq
2011-03-14 16:32:30 +10:00
nv50_fbcon.c
drm/nv50: add missing license header to nv50_fbcon.c
2010-12-21 06:14:37 +10:00
nv50_fifo.c
drm/nv50: drop explicit yields in favour of smaller PFIFO timeslice
2011-02-25 06:44:30 +10:00
nv50_gpio.c
drm/nouveau: use system_wq instead of dev_priv->wq
2011-02-25 06:44:36 +10:00
nv50_graph.c
drm/nva3: implement support for copy engine
2011-05-16 10:48:48 +10:00
nv50_grctx.c
drm/nouveau: Fix brace placement checkpatch.pl errors.
2011-05-16 10:47:19 +10:00
nv50_instmem.c
drm/nouveau: split ramin_lock into two locks, one hardirq safe
2011-04-20 08:50:14 +10:00
nv50_mc.c
nv50_mpeg.c
drm/nv50: support PMPEG on original nv50
2011-05-16 10:49:08 +10:00
nv50_pm.c
drm/nv50: improve nv50_pm_get_clock()
2011-05-16 10:49:41 +10:00
nv50_sor.c
drm/nv50-nvc0: rename disp->evo to disp->master
2011-02-25 06:44:42 +10:00
nv50_vm.c
drm/nv50/gr: move to exec engine interfaces
2011-05-16 10:48:06 +10:00
nv50_vram.c
drm/nv50: support for compression
2011-02-25 06:46:07 +10:00
nv84_crypt.c
drm/nouveau: working towards a common way to represent engines
2011-05-16 10:48:01 +10:00
nva3_copy.c
drm/nva3: implement support for copy engine
2011-05-16 10:48:48 +10:00
nva3_copy.fuc
drm/nva3: implement support for copy engine
2011-05-16 10:48:48 +10:00
nva3_copy.fuc.h
drm/nva3: implement support for copy engine
2011-05-16 10:48:48 +10:00
nva3_pm.c
drm/nva3/clk: better pll calculation when no fractional fb div available
2011-05-16 10:50:59 +10:00
nvc0_copy.c
drm/nvc0: implement support for copy engines
2011-05-16 10:48:53 +10:00
nvc0_copy.fuc.h
drm/nvc0: implement support for copy engines
2011-05-16 10:48:53 +10:00
nvc0_fb.c
nvc0_fbcon.c
drm/nvc0: nuke left-over debug messages
2010-12-29 10:51:34 +10:00
nvc0_fifo.c
drm/nvc0/fifo: stick user area into a gpuobj rather than a bo
2011-05-16 10:49:30 +10:00
nvc0_graph.c
drm/nvc0/gr: calculate some more of our magic numbers
2011-05-16 10:50:22 +10:00
nvc0_graph.h
drm/nvc0/gr: calculate some more of our magic numbers
2011-05-16 10:50:22 +10:00
nvc0_grctx.c
drm/nvc0/gr: move to exec engine interfaces
2011-05-16 10:48:09 +10:00
nvc0_instmem.c
drm/nouveau: don't munge in drm_mm internals
2011-02-23 10:18:20 +10:00
nvc0_vm.c
drm/nouveau: split ramin_lock into two locks, one hardirq safe
2011-04-20 08:50:14 +10:00
nvc0_vram.c
drm/nv50: support for compression
2011-02-25 06:46:07 +10:00
nvreg.h
drm/nv17-nv40: Fix modesetting failure when pitch == 4096px (fdo bug 35901).
2011-06-07 09:22:29 +10:00