[PATCH] drm: Unlink dead file_priv from list of active files first
David Herrmann
dh.herrmann at gmail.com
Thu Jul 24 06:29:09 PDT 2014
Hi
On Thu, Jul 24, 2014 at 3:23 PM, Chris Wilson <chris at chris-wilson.co.uk> wrote:
> In order to prevent external observers walking the list of open DRM
> files from seeing an invalid drm_file_private in the process of being
> torndown, the first operation we need to take is to unlink the
> drm_file_private from that list.
>
> general protection fault: 0000 [#1] PREEMPT SMP
> Modules linked in: i915 i2c_algo_bit drm_kms_helper drm lpc_ich mfd_core nls_iso8859_1 i2c_hid video hid_generic usbhid hid e1000e ahci ptp libahci pps_core
> CPU: 3 PID: 8220 Comm: cat Not tainted 3.16.0-rc6+ #4
> Hardware name: Intel Corporation Shark Bay Client platform/WhiteTip Mountain 1, BIOS HSWLPTU1.86C.0119.R00.1303230105 03/23/2013
> task: ffff8800219642c0 ti: ffff880047024000 task.ti: ffff880047024000
> RIP: 0010:[<ffffffffa0137c70>] [<ffffffffa0137c70>] per_file_stats+0x110/0x160 [i915]
> RSP: 0018:ffff880047027d48 EFLAGS: 00010246
> RAX: 6b6b6b6b6b6b6b6b RBX: ffff880047027e30 RCX: 0000000000000000
> RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff88003a05cd00
> RBP: ffff880047027d58 R08: 0000000000000001 R09: 0000000000000000
> R10: ffff8800219642c0 R11: 0000000000000000 R12: ffff88003a05cd00
> R13: 0000000000000000 R14: ffff88003a05cd00 R15: ffff880047027d88
> FS: 00007f5f73a13740(0000) GS:ffff88014e380000(0000) knlGS:0000000000000000
> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 00000000023ff038 CR3: 0000000021a4b000 CR4: 00000000001407e0
> Stack:
> 0000000000000001 000000000000ffff ffff880047027dc8 ffffffff813438e4
> ffff880047027e30 ffffffffa0137b60 ffff880021a8af58 ffff880021a8f1a0
> ffff8800a2061fb0 ffff8800a2062048 ffff8800a2061fb0 ffff8800a1e23478
> Call Trace:
> [<ffffffff813438e4>] idr_for_each+0xf4/0x180
> [<ffffffffa0137b60>] ? i915_gem_stolen_list_info+0x1f0/0x1f0 [i915]
> [<ffffffffa013a17a>] i915_gem_object_info+0x5ca/0x6a0 [i915]
> [<ffffffff81193ec5>] seq_read+0xf5/0x3a0
> [<ffffffff8116d950>] vfs_read+0x90/0x150
> [<ffffffff8116e509>] SyS_read+0x49/0xb0
> [<ffffffff815d8622>] tracesys+0xd0/0xd5
> Code: 01 00 00 49 39 84 24 08 01 00 00 74 55 49 8b 84 24 b8 00 00 00 48 01 43 18 31 c0 5b 41 5c 5d c3 0f 1f 00 49 8b 44 24 08 4c 89 e7 <48> 8b 70 28 48 81 c6 48 80 00 00 e8 80 14 01 00 84 c0 74 bc 49
> RIP [<ffffffffa0137c70>] per_file_stats+0x110/0x160 [i915]
> RSP <ffff880047027d48>
>
> Reported-by: "Ursulin, Tvrtko" <tvrtko.ursulin at intel.com>
> Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=81712
> Signed-off-by: Chris Wilson <chris at chris-wilson.co.uk>
> Cc: "Ursulin, Tvrtko" <tvrtko.ursulin at intel.com>
I have the same change in my local drm_file cleanup. This is:
Reviewed-by: David Herrmann <dh.herrmann at gmail.com>
Thanks
David
> ---
> drivers/gpu/drm/drm_fops.c | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/gpu/drm/drm_fops.c b/drivers/gpu/drm/drm_fops.c
> index a0c63cf..aff8217 100644
> --- a/drivers/gpu/drm/drm_fops.c
> +++ b/drivers/gpu/drm/drm_fops.c
> @@ -416,6 +416,10 @@ int drm_release(struct inode *inode, struct file *filp)
>
> DRM_DEBUG("open_count = %d\n", dev->open_count);
>
> + mutex_lock(&dev->struct_mutex);
> + list_del(&file_priv->lhead);
> + mutex_unlock(&dev->struct_mutex);
> +
> if (dev->driver->preclose)
> dev->driver->preclose(dev, file_priv);
>
> @@ -509,10 +513,6 @@ int drm_release(struct inode *inode, struct file *filp)
> file_priv->is_master = 0;
> mutex_unlock(&dev->master_mutex);
>
> - mutex_lock(&dev->struct_mutex);
> - list_del(&file_priv->lhead);
> - mutex_unlock(&dev->struct_mutex);
> -
> if (dev->driver->postclose)
> dev->driver->postclose(dev, file_priv);
>
> --
> 1.9.1
>
> _______________________________________________
> dri-devel mailing list
> dri-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/dri-devel
More information about the dri-devel
mailing list