<html>
<head>
<base href="https://bugs.freedesktop.org/">
</head>
<body>
<p>
<div>
<b><a class="bz_bug_link
bz_status_NEW "
title="NEW - radeon - ring 0 stalled - GPU lockup - SI"
href="https://bugs.freedesktop.org/show_bug.cgi?id=107545#c5">Comment # 5</a>
on <a class="bz_bug_link
bz_status_NEW "
title="NEW - radeon - ring 0 stalled - GPU lockup - SI"
href="https://bugs.freedesktop.org/show_bug.cgi?id=107545">bug 107545</a>
from <span class="vcard"><a class="email" href="mailto:julien.isorce@gmail.com" title="Julien Isorce <julien.isorce@gmail.com>"> <span class="fn">Julien Isorce</span></a>
</span></b>
<pre>Extract of the 2 attached cs dumps:
User space so before ioctl radeon_cs_ioctl:
0x00000290
0x00000000
0xC0016900
0x000002A1
Kernel space so in radeon_cs_ioctl:
0x00000290
0x0000000b
0x00000000
0x000002a1
So for some reasons 0x00000000C0016900 gets overwritten by 0x0000000b00000000
Note that it always get overwritten with this value above and this value also
appears in the other packet0 bug report:
<a class="bz_bug_link
bz_status_NEW "
title="NEW - [radeonsi] radeon 0000:01:00.0: Packet0 not allowed!"
href="show_bug.cgi?id=84500#c7">https://bugs.freedesktop.org/show_bug.cgi?id=84500#c7</a>
I have started to narrow down the issue and it looks like it happens in
"radeon_cs_parser_init" in kernel/drivers/gpu/drm/radeon as the overwrtting is
already present just after this function. But it is not easy to debug further
as this function is quite difficult to understand so any inputs would be
appreciated, thx!
Does kernel space make a copy of the cs chunks or just keep a pointer on it, as
I see "user_ptr" ?
Also note that the issue does not happen with amdgpu so one possibility is that
"amdgpu_cs_parser_init" is more robust.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>