[PATCH] drm: Hold the mode mutex whilst probing for sysfs status

Jesse Barnes jbarnes at virtuousgeek.org
Tue Mar 15 08:35:39 PDT 2011


On Tue, 15 Mar 2011 11:40:00 +0000
Chris Wilson <chris at chris-wilson.co.uk> wrote:

> As detect will use hw registers and may modify structures, it needs to be
> serialised by use of the dev->mode_config.mutex. Make it so.
> 
> Otherwise, we may cause random crashes as the sysfs file is queried
> whilst a concurrent hotplug poll is being run. For example:
> 
> [ 1189.189626] BUG: unable to handle kernel NULL pointer dereference at 00000100
> [ 1189.189821] IP: [<e0c22019>] intel_tv_detect_type+0xa2/0x203 [i915]
> [ 1189.190020] *pde = 00000000
> [ 1189.190104] Oops: 0000 [#1] SMP
> [ 1189.190209] last sysfs file: /sys/devices/pci0000:00/0000:00:02.0/drm/card0/card0-SVIDEO-1/status
> [ 1189.190412] Modules linked in: mperf cpufreq_conservative cpufreq_userspace cpufreq_powersave cpufreq_stats decnet uinput fuse loop joydev snd_hd a_codec_realtek snd_hda_intel snd_hda_codec snd_hwdep snd_pcm_oss snd_mixer_oss snd_pcm i915 snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq drm_kms_helper snd_timer uvcvideo d rm snd_seq_device eeepc_laptop tpm_tis usbhid videodev i2c_algo_bit v4l1_compat snd sparse_keymap i2c_core hid serio_raw tpm psmouse evdev tpm_bios rfkill shpchp ac processor rng_c ore battery video power_supply soundcore pci_hotplug button output snd_page_alloc usb_storage uas ext3 jbd mbcache sd_mod crc_t10dif ata_generic ahci libahci ata_piix libata uhci_h cd ehci_hcd scsi_mod usbcore thermal atl2 thermal_sys nls_base [last unloaded: scsi_wait_scan]
> [ 1189.192007]
> [ 1189.192007] Pid: 1464, comm: upowerd Not tainted 2.6.37-2-686 #1 ASUSTeK Computer INC. 701/701
> [ 1189.192007] EIP: 0060:[<e0c22019>] EFLAGS: 00010246 CPU: 0
> [ 1189.192007] EIP is at intel_tv_detect_type+0xa2/0x203 [i915]
> [ 1189.192007] EAX: 00000000 EBX: dca74000 ECX: e0f68004 EDX: 00068004
> [ 1189.192007] ESI: dd110c00 EDI: 400c0c37 EBP: dca7429c ESP: de365e2c
> [ 1189.192007]  DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
> [ 1189.192007] Process upowerd (pid: 1464, ti=de364000 task=dcc8acb0 task.ti=de364000)
> [ 1189.192007] Stack: Mar 15 03:43:23 hostname kernel: [ 1189.192007]  e0c2cda4 70000000 400c0c30 00000000 dd111000 de365e54 de365f24 dd110c00
> [ 1189.192007]  e0c22203 01000000 00000003 00000000 00000000 00000000 00000000 4353544e
> [ 1189.192007]  30383420 00000069 00000000 00000000 00000000 00000000 00000000 00000000
> [ 1189.192007] Call Trace: Mar 15 03:43:23 hostname kernel: [ 1189.192007]  [<e0c22203>] ?  intel_tv_detect+0x89/0x12d [i915]
> [ 1189.192007]  [<e0a9dcef>] ?  status_show+0x0/0x2f [drm]
> [ 1189.192007]  [<e0a9dd03>] ?  status_show+0x14/0x2f [drm]
> 
> [Digression: what is upowerd doing reading those power hungry files?]
> 
> Reported-by: Paul Menzel <paulepanter at users.sourceforge.net>
> Signed-off-by: Chris Wilson <chris at chris-wilson.co.uk>
> Cc: stable at kernel.org
> ---
>  drivers/gpu/drm/drm_sysfs.c |    7 +++++++
>  1 files changed, 7 insertions(+), 0 deletions(-)
> 
> diff --git a/drivers/gpu/drm/drm_sysfs.c b/drivers/gpu/drm/drm_sysfs.c
> index 85da4c4..2eee8e0 100644
> --- a/drivers/gpu/drm/drm_sysfs.c
> +++ b/drivers/gpu/drm/drm_sysfs.c
> @@ -158,8 +158,15 @@ static ssize_t status_show(struct device *device,
>  {
>  	struct drm_connector *connector = to_drm_connector(device);
>  	enum drm_connector_status status;
> +	int ret;
> +
> +	ret = mutex_lock_interruptible(&connector->dev->mode_config.mutex);
> +	if (ret)
> +		return ret;
>  
>  	status = connector->funcs->detect(connector, true);
> +	mutex_unlock(&connector->dev->mode_config.mutex);
> +

How about adding a mutex assertion check in the detect hook as well?  I
think we need a more generous sprinkling of those around the CRTC
helper code in general...

-- 
Jesse Barnes, Intel Open Source Technology Center


More information about the dri-devel mailing list