Change 2741192 by cgf@cgf:nane:freebsd-import on 2015/03/05 04:27:09
http://burtweb.eng.netapp.com:8080/cgi-bin/p4/describe?change=2741192&port=p4netapp:1666&user=p4burtd
or
http://burtweb.eng.netapp.com:8080/cgi-bin/p4/describe?change=2741192&port=p4netapp:1666&user=p4burtd&diff=-du
r279599 | dumbbell | 2015-03-04 20:43:46
drm: Import Linux commit b7ea85a4fed37835eec78a7be3039c8dc22b8178
Author: Huacai Chen <[email protected]>
Date: Tue May 21 06:23:43 2013 +0000
drm: fix a use-after-free when GPU acceleration disabled
When GPU acceleration is disabled, drm_vblank_cleanup() will free
the
vblank-related data, such as vblank_refcount, vblank_inmodeset, etc.
But we found that drm_vblank_post_modeset() may be called after the
cleanup, which use vblank_refcount and vblank_inmodeset. And this
will
cause a kernel panic.
Fix this by return immediately if dev->num_crtcs is zero. This is
the
same thing that drm_vblank_pre_modeset() does.
Call trace of a drm_vblank_post_modeset() after
drm_vblank_cleanup():
[ 62.628906] [<ffffffff804868d0>]
drm_vblank_post_modeset+0x34/0xb4
[ 62.628906] [<ffffffff804c7008>] atombios_crtc_dpms+0xb4/0x174
[ 62.628906] [<ffffffff804c70e0>] atombios_crtc_commit+0x18/0x38
[ 62.628906] [<ffffffff8047f038>]
drm_crtc_helper_set_mode+0x304/0x3cc
[ 62.628906] [<ffffffff8047f92c>]
drm_crtc_helper_set_config+0x6d8/0x988
[ 62.628906] [<ffffffff8047dd40>] drm_fb_helper_set_par+0x94/0x104
[ 62.628906] [<ffffffff80439d14>] fbcon_init+0x424/0x57c
[ 62.628906] [<ffffffff8046a638>] visual_init+0xb8/0x118
[ 62.628906] [<ffffffff8046b9f8>] take_over_console+0x238/0x384
[ 62.628906] [<ffffffff80436df8>] fbcon_takeover+0x7c/0xdc
[ 62.628906] [<ffffffff8024fa20>] notifier_call_chain+0x44/0x94
[ 62.628906] [<ffffffff8024fcbc>]
__blocking_notifier_call_chain+0x48/0x68
[ 62.628906] [<ffffffff8042d990>] register_framebuffer+0x228/0x260
[ 62.628906] [<ffffffff8047e010>]
drm_fb_helper_single_fb_probe+0x260/0x314
[ 62.628906] [<ffffffff8047e2c4>]
drm_fb_helper_initial_config+0x200/0x234
[ 62.628906] [<ffffffff804e5560>] radeon_fbdev_init+0xd4/0xf4
[ 62.628906] [<ffffffff804e0e08>] radeon_modeset_init+0x9bc/0xa18
[ 62.628906] [<ffffffff804bfc14>]
radeon_driver_load_kms+0xdc/0x12c
[ 62.628906] [<ffffffff8048b548>] drm_get_pci_dev+0x148/0x238
[ 62.628906] [<ffffffff80423564>] local_pci_probe+0x5c/0xd0
[ 62.628906] [<ffffffff80241ac4>] work_for_cpu_fn+0x1c/0x30
[ 62.628906] [<ffffffff802427c8>] process_one_work+0x274/0x3bc
[ 62.628906] [<ffffffff80242934>]
process_scheduled_works+0x24/0x44
[ 62.628906] [<ffffffff8024515c>] worker_thread+0x31c/0x3f4
[ 62.628906] [<ffffffff802497a8>] kthread+0x88/0x90
[ 62.628906] [<ffffffff80206794>] kernel_thread_helper+0x10/0x18
Signed-off-by: Huacai Chen <[email protected]>
Signed-off-by: Binbin Zhou <[email protected]>
Cc: <[email protected]>
Reviewed-by: Michel Dänzer <[email protected]>
Acked-by: Paul Menzel <[email protected]>
Signed-off-by: Dave Airlie <[email protected]>
Reported by: J.R. Oldroyd <[email protected]>
MFC after: 2 weeks
Affected files ...
.. //depot/import/freebsd/head/sys/dev/drm2/drm_irq.c#5 edit
The information contained in this message and in any attachments is privileged
and confidential, and may contain personal data. It is intended only for the
use of the addressee. You should not read, copy, use, or disclose this
information without authorisation. If you are not the intended recipient of
this message, please e-mail the sender immediately and delete this message. Any
unauthorised dissemination, disclosure, copying or use of the contents of this
message is strictly prohibited and may result in legal action, including civil
or criminal proceedings.
NetApp-Disclaimer-v1.1
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
