LOR when running google-earth
Kostik Belousov
kostikbel at gmail.com
Tue Jul 17 04:23:24 UTC 2007
On Tue, Jul 17, 2007 at 10:06:03AM +0800, Ganbold wrote:
> Hi,
>
> I have new LOR here after applying this patch:
>
> lock order reversal: (sleepable after non-sleepable)
> 1st 0xc3e3e4d8 drm device (drm device) @
> /usr/src/sys/modules/drm/i915/../../../dev/drm/i915_dma.c:675
> 2nd 0xc42bb784 user map (user map) @ /usr/src/sys/vm/vm_map.c:1818
> KDB: stack backtrace:
> db_trace_self_wrapper(c08a24a7,e6386a08,c066801e,c08a4988,c42bb784,...)
> at db_trace_self_wrapper+0x26
> kdb_backtrace(c08a4988,c42bb784,c08bca1a,c08bca1a,c08bc9af,...) at
> kdb_backtrace+0x29
> witness_checkorder(c42bb784,9,c08bc9af,71a,e6386a3c,...) at
> witness_checkorder+0x6de
> _sx_xlock(c42bb784,0,c08bc9af,71a,c3e3e400,...) at _sx_xlock+0x7d
> _vm_map_lock(c42bb740,c08bc9af,71a,e6386a84,c06677fc,...) at
> _vm_map_lock+0x51
> vm_map_unwire(c42bb740,8570000,8571000,0,e6386b34,...) at vm_map_unwire+0x2d
> vsunlock(8570df8,30,c450171e,2a3,e6386b0c,...) at vsunlock+0x46
> i915_cmdbuffer(c4358b00,8018644b,c3e1ae00,3,c3ef0000,...) at
> i915_cmdbuffer+0x5c8
> drm_ioctl(c4358b00,8018644b,c3e1ae00,3,c3ef0000,...) at drm_ioctl+0x357
> giant_ioctl(c4358b00,8018644b,c3e1ae00,3,c3ef0000,...) at giant_ioctl+0x56
> devfs_ioctl_f(c4e10678,8018644b,c3e1ae00,c4359a00,c3ef0000,...) at
> devfs_ioctl_f+0xc9
> kern_ioctl(c3ef0000,9,8018644b,c3e1ae00,386c4c,...) at kern_ioctl+0x243
> ioctl(c3ef0000,e6386cfc,e6386c80,c4027e4a,c3ef0000,...) at ioctl+0x134
> linux_ioctl_drm(c3ef0000,e6386cfc,c4035c45,a2f,c3ef0000,...) at
> linux_ioctl_drm+0x2f
> linux_ioctl(c3ef0000,e6386cfc,e6386cf8,e6386d1c,c4037dd0,...) at
> linux_ioctl+0xca
> syscall(e6386d38) at syscall+0x2b3
> Xint0x80_syscall() at Xint0x80_syscall+0x20
> --- syscall (54, Linux ELF, linux_ioctl), eip = 0x49ea95f4, esp =
> 0xbfbfdf0c, ebp = 0xbfbfdf2c ---
> KDB: enter: witness_checkorder
> [thread pid 991 tid 100083 ]
> Stopped at kdb_enter+0x32: leave
> db> bt
> Tracing pid 991 tid 100083 td 0xc3ef0000
> kdb_enter(c085f570,c42bb784,c08bca1a,c08bca1a,c08bc9af,...) at
> kdb_enter+0x32
> witness_checkorder(c42bb784,9,c08bc9af,71a,e6386a3c,...) at
> witness_checkorder+0x6f3
> _sx_xlock(c42bb784,0,c08bc9af,71a,c3e3e400,...) at _sx_xlock+0x7d
> _vm_map_lock(c42bb740,c08bc9af,71a,e6386a84,c06677fc,...) at
> _vm_map_lock+0x51
> vm_map_unwire(c42bb740,8570000,8571000,0,e6386b34,...) at vm_map_unwire+0x2d
> vsunlock(8570df8,30,c450171e,2a3,e6386b0c,...) at vsunlock+0x46
> i915_cmdbuffer(c4358b00,8018644b,c3e1ae00,3,c3ef0000,...) at
> i915_cmdbuffer+0x5c8
> drm_ioctl(c4358b00,8018644b,c3e1ae00,3,c3ef0000,...) at drm_ioctl+0x357
> giant_ioctl(c4358b00,8018644b,c3e1ae00,3,c3ef0000,...) at giant_ioctl+0x56
> devfs_ioctl_f(c4e10678,8018644b,c3e1ae00,c4359a00,c3ef0000,...) at
> devfs_ioctl_f+0xc9
> kern_ioctl(c3ef0000,9,8018644b,c3e1ae00,386c4c,...) at kern_ioctl+0x243
> ioctl(c3ef0000,e6386cfc,e6386c80,c4027e4a,c3ef0000,...) at ioctl+0x134
> linux_ioctl_drm(c3ef0000,e6386cfc,c4035c45,a2f,c3ef0000,...) at
> linux_ioctl_drm+0x2f
> linux_ioctl(c3ef0000,e6386cfc,e6386cf8,e6386d1c,c4037dd0,...) at
> linux_ioctl+0xca
> syscall(e6386d38) at syscall+0x2b3
> Xint0x80_syscall() at Xint0x80_syscall+0x20
> --- syscall (54, Linux ELF, linux_ioctl), eip = 0x49ea95f4, esp =
> 0xbfbfdf0c, ebp = 0xbfbfdf2c ---
> db>
My fault. Updated patch below.
Did you experienced any other bad effects of the patch, aside from the
LOR above ?
diff --git a/sys/dev/drm/i915_dma.c b/sys/dev/drm/i915_dma.c
index dfaf334..c9dd799 100644
--- a/sys/dev/drm/i915_dma.c
+++ b/sys/dev/drm/i915_dma.c
@@ -367,20 +367,14 @@ static int i915_emit_cmds(drm_device_t * dev, int __user * buffer, int dwords)
for (i = 0; i < dwords;) {
int cmd, sz;
- if (DRM_COPY_FROM_USER_UNCHECKED(&cmd, &buffer[i], sizeof(cmd))) {
-
- return DRM_ERR(EINVAL);
- }
+ cmd = buffer[i];
if ((sz = validate_cmd(cmd)) == 0 || i + sz > dwords)
return DRM_ERR(EINVAL);
OUT_RING(cmd);
while (++i, --sz) {
- if (DRM_COPY_FROM_USER_UNCHECKED(&cmd, &buffer[i],
- sizeof(cmd))) {
- return DRM_ERR(EINVAL);
- }
+ cmd = buffer[i];
OUT_RING(cmd);
}
}
@@ -401,10 +395,7 @@ static int i915_emit_box(drm_device_t * dev,
drm_clip_rect_t box;
RING_LOCALS;
- if (DRM_COPY_FROM_USER_UNCHECKED(&box, &boxes[i], sizeof(box))) {
- return EFAULT;
- }
-
+ box = boxes[i];
if (box.y2 <= box.y1 || box.x2 <= box.x1 || box.y2 <= 0 || box.x2 <= 0) {
DRM_ERROR("Bad box %d,%d..%d,%d\n",
box.x1, box.y1, box.x2, box.y2);
@@ -604,6 +595,7 @@ static int i915_batchbuffer(DRM_IOCTL_ARGS)
drm_i915_sarea_t *sarea_priv = (drm_i915_sarea_t *)
dev_priv->sarea_priv;
drm_i915_batchbuffer_t batch;
+ size_t cliplen;
int ret;
if (!dev_priv->allow_batchbuffer) {
@@ -619,14 +611,25 @@ static int i915_batchbuffer(DRM_IOCTL_ARGS)
LOCK_TEST_WITH_RETURN(dev, filp);
+ DRM_UNLOCK();
+ cliplen = batch.num_cliprects * sizeof(drm_clip_rect_t);
if (batch.num_cliprects && DRM_VERIFYAREA_READ(batch.cliprects,
- batch.num_cliprects *
- sizeof(drm_clip_rect_t)))
+ cliplen)) {
+ DRM_LOCK();
return DRM_ERR(EFAULT);
-
+ }
+ ret = vslock(batch.cliprects, cliplen);
+ if (ret) {
+ DRM_ERROR("Fault wiring cliprects\n");
+ DRM_LOCK();
+ return DRM_ERR(EFAULT);
+ }
+ DRM_LOCK();
ret = i915_dispatch_batchbuffer(dev, &batch);
-
sarea_priv->last_dispatch = (int)hw_status[5];
+ DRM_UNLOCK();
+ vsunlock(batch.cliprects, cliplen);
+ DRM_LOCK();
return ret;
}
@@ -638,6 +641,7 @@ static int i915_cmdbuffer(DRM_IOCTL_ARGS)
drm_i915_sarea_t *sarea_priv = (drm_i915_sarea_t *)
dev_priv->sarea_priv;
drm_i915_cmdbuffer_t cmdbuf;
+ size_t cliplen;
int ret;
DRM_COPY_FROM_USER_IOCTL(cmdbuf, (drm_i915_cmdbuffer_t __user *) data,
@@ -648,22 +652,38 @@ static int i915_cmdbuffer(DRM_IOCTL_ARGS)
LOCK_TEST_WITH_RETURN(dev, filp);
+ DRM_UNLOCK();
+ cliplen = cmdbuf.num_cliprects * sizeof(drm_clip_rect_t);
if (cmdbuf.num_cliprects &&
- DRM_VERIFYAREA_READ(cmdbuf.cliprects,
- cmdbuf.num_cliprects *
- sizeof(drm_clip_rect_t))) {
+ DRM_VERIFYAREA_READ(cmdbuf.cliprects, cliplen)) {
DRM_ERROR("Fault accessing cliprects\n");
+ DRM_LOCK();
return DRM_ERR(EFAULT);
}
-
- ret = i915_dispatch_cmdbuffer(dev, &cmdbuf);
+ ret = vslock(cmdbuf.cliprects, cliplen);
if (ret) {
- DRM_ERROR("i915_dispatch_cmdbuffer failed\n");
- return ret;
+ DRM_ERROR("Fault wiring cliprects\n");
+ DRM_LOCK();
+ return DRM_ERR(EFAULT);
}
-
- sarea_priv->last_dispatch = (int)hw_status[5];
- return 0;
+ ret = vslock(cmdbuf.buf, cmdbuf.sz);
+ if (ret) {
+ vsunlock(cmdbuf.cliprects, cliplen);
+ DRM_ERROR("Fault wiring cmds\n");
+ DRM_LOCK();
+ return DRM_ERR(EFAULT);
+ }
+ DRM_LOCK();
+ ret = i915_dispatch_cmdbuffer(dev, &cmdbuf);
+ if (ret == 0)
+ sarea_priv->last_dispatch = (int)hw_status[5];
+ else
+ DRM_ERROR("i915_dispatch_cmdbuffer failed\n");
+ DRM_UNLOCK();
+ vsunlock(cmdbuf.buf, cmdbuf.sz);
+ vsunlock(cmdbuf.cliprects, cliplen);
+ DRM_LOCK();
+ return (ret);
}
static int i915_do_cleanup_pageflip(drm_device_t * dev)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-x11/attachments/20070717/fd239212/attachment.pgp
More information about the freebsd-x11
mailing list