Breakage in "track dev_mapping in more robust and flexible way"
Thomas Hellstrom
thellstrom at vmware.com
Thu Oct 25 07:02:25 PDT 2012
Hi,
This commit
From 949c4a34afacfe800fc442afac117aba15284962 Mon Sep 17 00:00:00 2001
From: Ilija Hadzic <ihadzic at research.bell-labs.com>
Date: Tue, 15 May 2012 16:40:10 -0400
Subject: [PATCH] drm: track dev_mapping in more robust and flexible way
Setting dev_mapping (pointer to the address_space structure
used for memory mappings) to the address_space of the first
opener's inode and then failing if other openers come in
through a different inode has a few restrictions that are
eliminated by this patch.
If we already have valid dev_mapping and we spot an opener
with different i_node, we force its i_mapping pointer to the
already established address_space structure (first opener's
inode). This will make all mappings from drm device hang off
the same address_space object.
...
Breaks drivers using TTM, since when the X server calls into the driver
open, drm's dev_mapping has not
yet been setup. The setup needs to be moved before the driver's open
hook is called.
Typically, if a TTM-aware driver is provoked by the Xorg server to move
a buffer from system to VRAM or AGP,
before any other drm client is started, The user-space page table
entries are not killed before the move, and left pointing
into freed pages, causing system crashes and / or user-space access to
arbitrary memory.
/Thomas
More information about the dri-devel
mailing list