[Bug 16193] NULL pointer dereference - radeon_unmap_vram_bos+0x22/0x50
bugzilla-daemon at bugzilla.kernel.org
bugzilla-daemon at bugzilla.kernel.org
Sun Aug 11 18:51:44 PDT 2013
https://bugzilla.kernel.org/show_bug.cgi?id=16193
Scott Wood <scott at buserror.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |scott at buserror.net
--- Comment #3 from Scott Wood <scott at buserror.net> ---
I saw this (or something very similar) on Ubuntu's 3.8.0-27 kernel (but I hope
this is useful information anyway -- I doubt it's an Ubuntu issue, and this
code doesn't appear to have changed since 3.8), when using alt-enter to toggle
fullscreen in dosbox (which worked many times in the past, so it's not easily
reproduceable).
The NULL pointer is in rdev->gem.objects. I notice that elsewhere,
rdev->gem.mutex is held when the list is modified, but it does not appear to be
held when traversed in radeon_unmap_vram_bos(). Will ttm_bo_unmap_virtual()
ever acquire gem.mutex itself (i.e. can bo->destroy() be called)? It wasn't
immediately obvious that it would from reading the code, but if
ttm_bo_unmap_virtual() can't cause list entry deletion then why use
list_for_each_entry_safe()? Is there something else that ensures that the list
won't be modified concurrently with radeon_unmap_vram_bos()?
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the dri-devel
mailing list