On 2020/06/14 15:45, Jonathan Gray wrote:
> On Sat, Jun 13, 2020 at 12:15:13PM +0100, Stuart Henderson wrote:
> > Same with a newer kernel.
> >
> > OpenBSD 6.7-current (GENERIC.MP) #3: Thu Jun 11 19:47:48 BST 2020
> > [email protected]:/sys/arch/amd64/compile/GENERIC.MP
> >
> > uvm_fault(0xfffffd86e2f6c120, 0x51, 0, 1) -> e
> > kernel: page fault trap, code=0
> > Stopped at i915_request_create+0x4b: movq 0x50(%r14),%rdi
> > ddb{1}> tr
>
> 0x50 is the offset in the struct of requests
> r14 in 1 in both traces and appears to be tl
>
> I don't yet see how that is possible, can you try this diff and tell me
> if the printf triggers?
I'm running with it, hasn't triggered yet (3h uptime).
> Index: sys/dev/pci/drm/i915/i915_request.c
> ===================================================================
> RCS file: /cvs/src/sys/dev/pci/drm/i915/i915_request.c,v
> retrieving revision 1.3
> diff -u -p -r1.3 i915_request.c
> --- sys/dev/pci/drm/i915/i915_request.c 8 Jun 2020 04:48:11 -0000
> 1.3
> +++ sys/dev/pci/drm/i915/i915_request.c 14 Jun 2020 05:33:44 -0000
> @@ -877,6 +877,11 @@ i915_request_create(struct intel_context
> if (IS_ERR(tl))
> return ERR_CAST(tl);
>
> + if ((vaddr_t)tl == 1) {
> + printf("%s tl == 1\n", __func__);
> + return ERR_PTR(-EINVAL);
> + }
> +
> /* Move our oldest request to the slab-cache (if not in use!) */
> rq = list_first_entry(&tl->requests, typeof(*rq), link);
> if (!list_is_last(&rq->link, &tl->requests))
>
