amd64/132042: drm module crash the system when closing gnome session

Robert Noland rnoland at FreeBSD.org
Wed Feb 25 11:10:04 PST 2009


The following reply was made to PR amd64/132042; it has been noted by GNATS.

From: Robert Noland <rnoland at FreeBSD.org>
To: Olivier =?ISO-8859-1?Q?Cochard-Labb=E9?= <olivier at freenas.org>
Cc: John Baldwin <jhb at freebsd.org>, freebsd-amd64 at freebsd.org,
        freebsd-gnats-submit at freebsd.org
Subject: Re: amd64/132042: drm module crash the system when closing gnome 
 session
Date: Wed, 25 Feb 2009 13:02:13 -0600

 --=-kRsdmaGMuQUbaOyJJsOx
 Content-Type: text/plain; charset="ISO-8859-1"
 Content-Transfer-Encoding: quoted-printable
 
 On Wed, 2009-02-25 at 19:14 +0100, Olivier Cochard-Labb=E9 wrote:
 > Dear FreeBSD kernel guru,
 > =20
 >=20
 >        =20
 >        =20
 >         This is drm specific and not amd64-specific.
 >=20
 > I know, but on the web page http://www.freebsd.org/send-pr.html, the
 > category selection don't propose "drm".
 > Then I choose the category related to the kernel that I'm using.
 > =20
 >=20
 >        =20
 >         Please go to frame 8 and 'p *m'.  If the 'mtx_lock' member is
 >         6, then the
 >         mutex is destroyed and it is a use-after-free bug in drm(4).
 >=20
 > (kgdb) frame 8
 > #8  0xffffffff802d47aa in _mtx_lock_sleep (m=3D0xffffff000348a968,=20
 >     tid=3D18446742974229954560, opts=3DVariable "opts" is not available.
 > ) at /usr/src/sys/kern/kern_mutex.c:339
 > 339                owner =3D (struct thread *)(v & ~MTX_FLAGMASK);
 > (kgdb) p *m
 > $1 =3D {lock_object =3D {lo_name =3D 0xffffffffaf198e0f "DRM IRQ lock",=20
 >     lo_type =3D 0xffffffffaf198e0f "DRM IRQ lock", lo_flags =3D 16908288,=
 =20
 >     lo_witness_data =3D {lod_list =3D {stqe_next =3D 0x0}, lod_witness =
 =3D
 > 0x0}},=20
 >   mtx_lock =3D 6, mtx_recurse =3D 0}
 >=20
 > The mtx_lock is 6, as you predicted.
 >=20
 > Regards,
 >=20
 > Olivier
 >=20
 > (reading gnu gdb documentation for understanding what "frame" and "p
 > *m" mean)
 
 I just committed several changes to the i915 drm driver in CURRENT.  Not
 the least of which is an overhaul of the irq handler.  Can you see if
 that addresses the issue?
 
 robert.
 
 --=20
 Robert Noland <rnoland at FreeBSD.org>
 FreeBSD
 
 --=-kRsdmaGMuQUbaOyJJsOx
 Content-Type: application/pgp-signature; name="signature.asc"
 Content-Description: This is a digitally signed message part
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.10 (FreeBSD)
 
 iEYEABECAAYFAkmllbUACgkQM4TrQ4qfRONLXACghCcORO4lVZ4vQfUbVPfFmF6X
 u3MAn0+3N6IWOKrFFZ94fOpb3bMXLMFf
 =oskj
 -----END PGP SIGNATURE-----
 
 --=-kRsdmaGMuQUbaOyJJsOx--
 


More information about the freebsd-amd64 mailing list