Date: Tue, 17 Jul 2007 07:23:09 +0300 From: Kostik Belousov <kostikbel@gmail.com> To: Ganbold <ganbold@micom.mng.net> Cc: x11@freebsd.org Subject: Re: LOR when running google-earth Message-ID: <20070717042309.GY2200@deviant.kiev.zoral.com.ua> In-Reply-To: <469C240B.4060201@micom.mng.net> References: <469B17BB.9050305@micom.mng.net> <20070716105316.GT2200@deviant.kiev.zoral.com.ua> <469C240B.4060201@micom.mng.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--uQTKok2xqDOM7hgb
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Tue, Jul 17, 2007 at 10:06:03AM +0800, Ganbold wrote:
> Hi,
>=20
> I have new LOR here after applying this patch:
>=20
> lock order reversal: (sleepable after non-sleepable)
> 1st 0xc3e3e4d8 drm device (drm device) @=20
> /usr/src/sys/modules/drm/i915/../../../dev/drm/i915_dma.c:675
> 2nd 0xc42bb784 user map (user map) @ /usr/src/sys/vm/vm_map.c:1818
> KDB: stack backtrace:
> db_trace_self_wrapper(c08a24a7,e6386a08,c066801e,c08a4988,c42bb784,...)=
=20
> at db_trace_self_wrapper+0x26
> kdb_backtrace(c08a4988,c42bb784,c08bca1a,c08bca1a,c08bc9af,...) at=20
> kdb_backtrace+0x29
> witness_checkorder(c42bb784,9,c08bc9af,71a,e6386a3c,...) at=20
> witness_checkorder+0x6de
> _sx_xlock(c42bb784,0,c08bc9af,71a,c3e3e400,...) at _sx_xlock+0x7d
> _vm_map_lock(c42bb740,c08bc9af,71a,e6386a84,c06677fc,...) at=20
> _vm_map_lock+0x51
> vm_map_unwire(c42bb740,8570000,8571000,0,e6386b34,...) at vm_map_unwire+0=
x2d
> vsunlock(8570df8,30,c450171e,2a3,e6386b0c,...) at vsunlock+0x46
> i915_cmdbuffer(c4358b00,8018644b,c3e1ae00,3,c3ef0000,...) at=20
> i915_cmdbuffer+0x5c8
> drm_ioctl(c4358b00,8018644b,c3e1ae00,3,c3ef0000,...) at drm_ioctl+0x357
> giant_ioctl(c4358b00,8018644b,c3e1ae00,3,c3ef0000,...) at giant_ioctl+0x56
> devfs_ioctl_f(c4e10678,8018644b,c3e1ae00,c4359a00,c3ef0000,...) at=20
> devfs_ioctl_f+0xc9
> kern_ioctl(c3ef0000,9,8018644b,c3e1ae00,386c4c,...) at kern_ioctl+0x243
> ioctl(c3ef0000,e6386cfc,e6386c80,c4027e4a,c3ef0000,...) at ioctl+0x134
> linux_ioctl_drm(c3ef0000,e6386cfc,c4035c45,a2f,c3ef0000,...) at=20
> linux_ioctl_drm+0x2f
> linux_ioctl(c3ef0000,e6386cfc,e6386cf8,e6386d1c,c4037dd0,...) at=20
> linux_ioctl+0xca
> syscall(e6386d38) at syscall+0x2b3
> Xint0x80_syscall() at Xint0x80_syscall+0x20
> --- syscall (54, Linux ELF, linux_ioctl), eip =3D 0x49ea95f4, esp =3D=20
> 0xbfbfdf0c, ebp =3D 0xbfbfdf2c ---
> KDB: enter: witness_checkorder
> [thread pid 991 tid 100083 ]
> Stopped at kdb_enter+0x32: leave
> db> bt
> Tracing pid 991 tid 100083 td 0xc3ef0000
> kdb_enter(c085f570,c42bb784,c08bca1a,c08bca1a,c08bc9af,...) at=20
> kdb_enter+0x32
> witness_checkorder(c42bb784,9,c08bc9af,71a,e6386a3c,...) at=20
> witness_checkorder+0x6f3
> _sx_xlock(c42bb784,0,c08bc9af,71a,c3e3e400,...) at _sx_xlock+0x7d
> _vm_map_lock(c42bb740,c08bc9af,71a,e6386a84,c06677fc,...) at=20
> _vm_map_lock+0x51
> vm_map_unwire(c42bb740,8570000,8571000,0,e6386b34,...) at vm_map_unwire+0=
x2d
> vsunlock(8570df8,30,c450171e,2a3,e6386b0c,...) at vsunlock+0x46
> i915_cmdbuffer(c4358b00,8018644b,c3e1ae00,3,c3ef0000,...) at=20
> i915_cmdbuffer+0x5c8
> drm_ioctl(c4358b00,8018644b,c3e1ae00,3,c3ef0000,...) at drm_ioctl+0x357
> giant_ioctl(c4358b00,8018644b,c3e1ae00,3,c3ef0000,...) at giant_ioctl+0x56
> devfs_ioctl_f(c4e10678,8018644b,c3e1ae00,c4359a00,c3ef0000,...) at=20
> devfs_ioctl_f+0xc9
> kern_ioctl(c3ef0000,9,8018644b,c3e1ae00,386c4c,...) at kern_ioctl+0x243
> ioctl(c3ef0000,e6386cfc,e6386c80,c4027e4a,c3ef0000,...) at ioctl+0x134
> linux_ioctl_drm(c3ef0000,e6386cfc,c4035c45,a2f,c3ef0000,...) at=20
> linux_ioctl_drm+0x2f
> linux_ioctl(c3ef0000,e6386cfc,e6386cf8,e6386d1c,c4037dd0,...) at=20
> linux_ioctl+0xca
> syscall(e6386d38) at syscall+0x2b3
> Xint0x80_syscall() at Xint0x80_syscall+0x20
> --- syscall (54, Linux ELF, linux_ioctl), eip =3D 0x49ea95f4, esp =3D=20
> 0xbfbfdf0c, ebp =3D 0xbfbfdf2c ---
> db>
My fault. Updated patch below.
Did you experienced any other bad effects of the patch, aside from the
LOR above ?
diff --git a/sys/dev/drm/i915_dma.c b/sys/dev/drm/i915_dma.c
index dfaf334..c9dd799 100644
--- a/sys/dev/drm/i915_dma.c
+++ b/sys/dev/drm/i915_dma.c
@@ -367,20 +367,14 @@ static int i915_emit_cmds(drm_device_t * dev, int __u=
ser * buffer, int dwords)
for (i =3D 0; i < dwords;) {
int cmd, sz;
=20
- if (DRM_COPY_FROM_USER_UNCHECKED(&cmd, &buffer[i], sizeof(cmd))) {
-
- return DRM_ERR(EINVAL);
- }
+ cmd =3D buffer[i];
if ((sz =3D validate_cmd(cmd)) =3D=3D 0 || i + sz > dwords)
return DRM_ERR(EINVAL);
=20
OUT_RING(cmd);
=20
while (++i, --sz) {
- if (DRM_COPY_FROM_USER_UNCHECKED(&cmd, &buffer[i],
- sizeof(cmd))) {
- return DRM_ERR(EINVAL);
- }
+ cmd =3D buffer[i];
OUT_RING(cmd);
}
}
@@ -401,10 +395,7 @@ static int i915_emit_box(drm_device_t * dev,
drm_clip_rect_t box;
RING_LOCALS;
=20
- if (DRM_COPY_FROM_USER_UNCHECKED(&box, &boxes[i], sizeof(box))) {
- return EFAULT;
- }
-
+ box =3D boxes[i];
if (box.y2 <=3D box.y1 || box.x2 <=3D box.x1 || box.y2 <=3D 0 || box.x2 <=
=3D 0) {
DRM_ERROR("Bad box %d,%d..%d,%d\n",
box.x1, box.y1, box.x2, box.y2);
@@ -604,6 +595,7 @@ static int i915_batchbuffer(DRM_IOCTL_ARGS)
drm_i915_sarea_t *sarea_priv =3D (drm_i915_sarea_t *)
dev_priv->sarea_priv;
drm_i915_batchbuffer_t batch;
+ size_t cliplen;
int ret;
=20
if (!dev_priv->allow_batchbuffer) {
@@ -619,14 +611,25 @@ static int i915_batchbuffer(DRM_IOCTL_ARGS)
=20
LOCK_TEST_WITH_RETURN(dev, filp);
=20
+ DRM_UNLOCK();
+ cliplen =3D batch.num_cliprects * sizeof(drm_clip_rect_t);=09
if (batch.num_cliprects && DRM_VERIFYAREA_READ(batch.cliprects,
- batch.num_cliprects *
- sizeof(drm_clip_rect_t)))
+ cliplen)) {
+ DRM_LOCK();
return DRM_ERR(EFAULT);
-
+ }
+ ret =3D vslock(batch.cliprects, cliplen);
+ if (ret) {
+ DRM_ERROR("Fault wiring cliprects\n");
+ DRM_LOCK();
+ return DRM_ERR(EFAULT);
+ }
+ DRM_LOCK();
ret =3D i915_dispatch_batchbuffer(dev, &batch);
-
sarea_priv->last_dispatch =3D (int)hw_status[5];
+ DRM_UNLOCK();
+ vsunlock(batch.cliprects, cliplen);
+ DRM_LOCK();
return ret;
}
=20
@@ -638,6 +641,7 @@ static int i915_cmdbuffer(DRM_IOCTL_ARGS)
drm_i915_sarea_t *sarea_priv =3D (drm_i915_sarea_t *)
dev_priv->sarea_priv;
drm_i915_cmdbuffer_t cmdbuf;
+ size_t cliplen;
int ret;
=20
DRM_COPY_FROM_USER_IOCTL(cmdbuf, (drm_i915_cmdbuffer_t __user *) data,
@@ -648,22 +652,38 @@ static int i915_cmdbuffer(DRM_IOCTL_ARGS)
=20
LOCK_TEST_WITH_RETURN(dev, filp);
=20
+ DRM_UNLOCK();
+ cliplen =3D cmdbuf.num_cliprects * sizeof(drm_clip_rect_t);
if (cmdbuf.num_cliprects &&
- DRM_VERIFYAREA_READ(cmdbuf.cliprects,
- cmdbuf.num_cliprects *
- sizeof(drm_clip_rect_t))) {
+ DRM_VERIFYAREA_READ(cmdbuf.cliprects, cliplen)) {
DRM_ERROR("Fault accessing cliprects\n");
+ DRM_LOCK();
return DRM_ERR(EFAULT);
}
-
- ret =3D i915_dispatch_cmdbuffer(dev, &cmdbuf);
+ ret =3D vslock(cmdbuf.cliprects, cliplen);
if (ret) {
- DRM_ERROR("i915_dispatch_cmdbuffer failed\n");
- return ret;
+ DRM_ERROR("Fault wiring cliprects\n");
+ DRM_LOCK();
+ return DRM_ERR(EFAULT);
}
-
- sarea_priv->last_dispatch =3D (int)hw_status[5];
- return 0;
+ ret =3D vslock(cmdbuf.buf, cmdbuf.sz);
+ if (ret) {
+ vsunlock(cmdbuf.cliprects, cliplen);
+ DRM_ERROR("Fault wiring cmds\n");
+ DRM_LOCK();
+ return DRM_ERR(EFAULT);
+ }
+ DRM_LOCK();
+ ret =3D i915_dispatch_cmdbuffer(dev, &cmdbuf);
+ if (ret =3D=3D 0)
+ sarea_priv->last_dispatch =3D (int)hw_status[5];
+ else
+ DRM_ERROR("i915_dispatch_cmdbuffer failed\n");
+ DRM_UNLOCK();
+ vsunlock(cmdbuf.buf, cmdbuf.sz);
+ vsunlock(cmdbuf.cliprects, cliplen);
+ DRM_LOCK();
+ return (ret);
}
=20
static int i915_do_cleanup_pageflip(drm_device_t * dev)
--uQTKok2xqDOM7hgb
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (FreeBSD)
iD8DBQFGnEQtC3+MBN1Mb4gRAgP3AJ44WNZjEAm0HhdaQ87rxhMB5qoIwQCeMxjM
UHRwvAowqdZRxkCCRBIoc/8=
=g1fi
-----END PGP SIGNATURE-----
--uQTKok2xqDOM7hgb--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070717042309.GY2200>