linux

History

Chris Wilson f6e47884e7 drm/i915: Avoid unmapping pages from a NULL address space Found by gem_stress. As we perform retirement from a workqueue, it is possible for us to free and unbind objects after the last close on the device, and so after the address space has been torn down and reset to NULL: BUG: unable to handle kernel NULL pointer dereference at 00000054 IP: [<c1295a20>] mutex_lock+0xf/0x27 *pde = 00000000 Oops: 0002 [#1] SMP last sysfs file: /sys/module/vt/parameters/default_utf8 Pid: 5, comm: kworker/u:0 Not tainted 2.6.38+ #214 EIP: 0060:[<c1295a20>] EFLAGS: 00010206 CPU: 1 EIP is at mutex_lock+0xf/0x27 EAX: 00000054 EBX: 00000054 ECX: 00000000 EDX: 00012fff ESI: 00000028 EDI: 00000000 EBP: f706fe20 ESP: f706fe18 DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 Process kworker/u:0 (pid: 5, ti=f706e000 task=f7060d00 task.ti=f706e000) Stack: f5aa3c60 00000000 f706fe74 c107e7df 00000246 dea55380 00000054 f5aa3c60 f706fe44 00000061 f70b4000 c13fff84 00000008 f706fe54 00000000 00000000 00012f00 00012fff 00000028 c109e575 f6b36700 00100000 00000000 f706fe90 Call Trace: [<c107e7df>] unmap_mapping_range+0x7d/0x1e6 [<c109e575>] ? mntput_no_expire+0x52/0xb6 [<c11c12f6>] i915_gem_release_mmap+0x49/0x58 [<c11c3449>] i915_gem_object_unbind+0x4c/0x125 [<c11c353f>] i915_gem_free_object_tail+0x1d/0xdb [<c11c55a2>] i915_gem_free_object+0x3d/0x41 [<c11a6be2>] ? drm_gem_object_free+0x0/0x27 [<c11a6c07>] drm_gem_object_free+0x25/0x27 [<c113c3ca>] kref_put+0x39/0x42 [<c11c0a59>] drm_gem_object_unreference+0x16/0x18 [<c11c0b15>] i915_gem_object_move_to_inactive+0xba/0xbe [<c11c0c87>] i915_gem_retire_requests_ring+0x16e/0x1a5 [<c11c3645>] i915_gem_retire_requests+0x48/0x63 [<c11c36ac>] i915_gem_retire_work_handler+0x4c/0x117 [<c10385d1>] process_one_work+0x140/0x21b [<c103734c>] ? __need_more_worker+0x13/0x2a [<c10373b1>] ? need_to_create_worker+0x1c/0x35 [<c11c3660>] ? i915_gem_retire_work_handler+0x0/0x117 [<c1038faf>] worker_thread+0xd4/0x14b [<c1038edb>] ? worker_thread+0x0/0x14b [<c103be1b>] kthread+0x68/0x6d [<c103bdb3>] ? kthread+0x0/0x6d [<c12970f6>] kernel_thread_helper+0x6/0x10 Code: 00 e8 98 fe ff ff 5d c3 55 89 e5 3e 8d 74 26 00 ba 01 00 00 00 e8 84 fe ff ff 5d c3 55 89 e5 53 8d 64 24 fc 3e 8d 74 26 00 89 c3 <f0> ff 08 79 05 e8 ab ff ff ff 89 e0 25 00 e0 ff ff 89 43 10 58 EIP: [<c1295a20>] mutex_lock+0xf/0x27 SS:ESP 0068:f706fe18 CR2: 0000000000000054 Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk> Reviewed-by: Keith Packard <keithp@keithp.com>		2011-03-23 09:17:03 +00:00
..
i2c	drm/i2c/ch7006: Don't use POWER_LEVEL_FULL_POWER_OFF on early chip versions.	2010-08-09 15:16:23 +10:00
i810	drm: rework PCI/platform driver interface.	2011-02-07 13:09:36 +10:00
i915	drm/i915: Avoid unmapping pages from a NULL address space	2011-03-23 09:17:03 +00:00
mga	drm: rework PCI/platform driver interface.	2011-02-07 13:09:36 +10:00
nouveau	Merge commit '5359533801e3dd3abca5b7d3d985b0b33fd9fe8b' into drm-core-next	2011-03-16 11:34:41 +10:00
r128	drm: rework PCI/platform driver interface.	2011-02-07 13:09:36 +10:00
radeon	drm/radeon: fixup refcounts in radeon dumb create ioctl.	2011-03-17 13:58:34 +10:00
savage	drm: rework PCI/platform driver interface.	2011-02-07 13:09:36 +10:00
sis	drm: rework PCI/platform driver interface.	2011-02-07 13:09:36 +10:00
tdfx	drm: rework PCI/platform driver interface.	2011-02-07 13:09:36 +10:00
ttm	Revert "ttm: Include the 'struct dev' when using the DMA API."	2011-02-23 14:24:01 +10:00
via	drm: rework PCI/platform driver interface.	2011-02-07 13:09:36 +10:00
vmwgfx	Revert "ttm: Include the 'struct dev' when using the DMA API."	2011-02-23 14:24:01 +10:00
ati_pcigart.c	drm/radeon: Fix pci_map_page() error checking	2010-08-12 09:38:29 +10:00
drm_agpsupport.c	drm: kill drm_agp_chipset_flush	2010-11-23 20:14:44 +00:00
drm_auth.c	drivers/gpu/drm: Use kzalloc	2010-05-18 15:57:05 +10:00
drm_buffer.c	drm: fix trivial coding errors	2010-09-24 10:10:23 +10:00
drm_bufs.c	DRM: Replace kmalloc/memset combos with kzalloc	2010-08-12 09:12:30 +10:00
drm_cache.c
drm_context.c	drm: kill context_ctor callback	2010-08-30 09:38:25 +10:00
drm_crtc_helper.c	Merge branch 'drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6	2011-02-04 10:02:22 -08:00
drm_crtc.c	drm: dumb scanout create/mmap for intel/radeon (v3)	2011-02-07 12:16:14 +10:00
drm_debugfs.c	drm: Move the GTT accounting to i915	2010-10-01 14:45:20 +01:00
drm_dma.c	drivers/gpu/drm: Use kzalloc	2010-05-18 15:57:05 +10:00
drm_dp_i2c_helper.c
drm_drv.c	drm/core: add ioctl to query device/driver capabilities	2011-03-04 14:47:30 +10:00
drm_edid_modes.h	drm: Mark constant arrays of drm_display_mode const	2011-02-23 11:13:11 +10:00
drm_edid.c	drm: Retry i2c transfer of EDID block after failure	2011-03-16 11:25:13 +10:00
drm_encoder_slave.c	drm/kms: Simplify setup of the initial I2C encoder config.	2010-08-05 09:37:45 +10:00
drm_fb_helper.c	Merge commit '5359533801e3dd3abca5b7d3d985b0b33fd9fe8b' into drm-core-next	2011-03-16 11:34:41 +10:00
drm_fops.c	drm/switcheroo: track state of switch in drivers.	2011-01-05 13:45:30 +10:00
drm_gem.c	drm: Fix use-after-free in drm_gem_vm_close()	2011-03-21 09:15:22 +10:00
drm_global.c	drm: move ttm global code to core drm	2010-08-04 09:46:06 +10:00
drm_hashtab.c	drm: Remove unused members from struct drm_open_hash	2011-02-23 11:16:40 +10:00
drm_info.c	Merge remote branch 'intel/drm-intel-next' of ../drm-next into drm-core-next	2011-03-14 14:15:13 +10:00
drm_ioc32.c
drm_ioctl.c	drm/kernel: vblank wait on crtc > 1	2011-03-21 09:25:54 +10:00
drm_irq.c	drm/kernel: vblank wait on crtc > 1	2011-03-21 09:25:54 +10:00
drm_lock.c	drm: readd drm_lock_free in drm_unlock	2010-09-26 13:35:49 +10:00
drm_memory.c	drm: kill agp indirection mess	2010-08-30 09:44:40 +10:00
drm_mm.c	drm: mm: add helper to unwind scan state	2011-02-23 10:32:57 +10:00
drm_modes.c	drm: Mark constant arrays of drm_display_mode const	2011-02-23 11:13:11 +10:00
drm_pci.c	drm: rework PCI/platform driver interface.	2011-02-07 13:09:36 +10:00
drm_platform.c	drm: rework PCI/platform driver interface.	2011-02-07 13:09:36 +10:00
drm_proc.c	drm: Move the GTT accounting to i915	2010-10-01 14:45:20 +01:00
drm_scatter.c	drm: don't export drm_sg_alloc	2010-08-30 09:37:43 +10:00
drm_sman.c
drm_stub.c	drm: add usb framework	2011-02-07 13:09:42 +10:00
drm_sysfs.c	drm: Hold the mode mutex whilst probing for sysfs status	2011-03-16 11:23:04 +10:00
drm_trace_points.c	drm: add vblank event trace point	2010-07-02 14:02:44 +10:00
drm_trace.h	drm: add per-event vblank event trace points	2010-07-02 14:03:24 +10:00
drm_usb.c	drm: add usb framework	2011-02-07 13:09:42 +10:00
drm_vm.c	Merge remote branch 'korg/drm-fixes' into drm-vmware-next	2010-10-06 11:10:48 +10:00
Kconfig	drm/i810: remove the BKL	2011-02-07 12:15:04 +10:00
Makefile	drm: add usb framework	2011-02-07 13:09:42 +10:00
README.drm

README.drm

************************************************************
* For the very latest on DRI development, please see:      *
*     http://dri.freedesktop.org/                          *
************************************************************

The Direct Rendering Manager (drm) is a device-independent kernel-level
device driver that provides support for the XFree86 Direct Rendering
Infrastructure (DRI).

The DRM supports the Direct Rendering Infrastructure (DRI) in four major
ways:

    1. The DRM provides synchronized access to the graphics hardware via
       the use of an optimized two-tiered lock.

    2. The DRM enforces the DRI security policy for access to the graphics
       hardware by only allowing authenticated X11 clients access to
       restricted regions of memory.

    3. The DRM provides a generic DMA engine, complete with multiple
       queues and the ability to detect the need for an OpenGL context
       switch.

    4. The DRM is extensible via the use of small device-specific modules
       that rely extensively on the API exported by the DRM module.


Documentation on the DRI is available from:
    http://dri.freedesktop.org/wiki/Documentation
    http://sourceforge.net/project/showfiles.php?group_id=387
    http://dri.sourceforge.net/doc/

For specific information about kernel-level support, see:

    The Direct Rendering Manager, Kernel Support for the Direct Rendering
    Infrastructure
    http://dri.sourceforge.net/doc/drm_low_level.html

    Hardware Locking for the Direct Rendering Infrastructure
    http://dri.sourceforge.net/doc/hardware_locking_low_level.html

    A Security Analysis of the Direct Rendering Infrastructure
    http://dri.sourceforge.net/doc/security_low_level.html