linux/drivers/gpu/drm/nouveau
Ben Skeggs 525895ba38 drm/nouveau/gem: fix fence_sync race / oops
Due to a race it was possible for a fence to be destroyed while another
thread was trying to synchronise with it.  If this happened in the fallback
non-semaphore path, it lead to the following oops due to fence->channel
being NULL.

BUG: unable to handle kernel NULL pointer dereference at   (null)
IP: [<fa9632ce>] nouveau_fence_update+0xe/0xe0 [nouveau]
*pde = a649c067
SMP
Modules linked in: fuse nouveau(O) ttm(O) drm_kms_helper(O) drm(O) mxm_wmi video wmi netconsole configfs lockd bnep bluetooth rfkill ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 nf_conntrack_ipv4 nf_defrag_ipv4 xt_state nf_conntrack ip6table_filter ip6_tables snd_hda_codec_realtek snd_hda_intel snd_hda_cobinfmt_misc uinput ata_generic pata_acpi pata_aet2c_algo_bit i2c_core [last unloaded: wmi]

Pid: 2255, comm: gnome-shell Tainted: G           O 3.2.0-0.rc5.git0.1.fc17.i686 #1 System manufacturer System Product Name/M2A-VM
EIP: 0060:[<fa9632ce>] EFLAGS: 00010296 CPU: 1
EIP is at nouveau_fence_update+0xe/0xe0 [nouveau]
EAX: 00000000 EBX: ddfc6dd0 ECX: dd111580 EDX: 00000000
ESI: 00003e80 EDI: dd111580 EBP: dd121d00 ESP: dd121ce8
 DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
Process gnome-shell (pid: 2255, ti=dd120000 task=dd111580 task.ti=dd120000)
Stack:
 7dc86c76 00000000 00003e80 ddfc6dd0 00003e80 dd111580 dd121d0c fa96371f
 00000000 dd121d3c fa963773 dd111580 01000246 000ec53d 00000000 ddfc6dd0
 00001f40 00000000 ddfc6dd0 00000010 dc7df840 dd121d6c fa9639a0 00000000
Call Trace:
 [<fa96371f>] __nouveau_fence_signalled+0x1f/0x30 [nouveau]
 [<fa963773>] __nouveau_fence_wait+0x43/0xd0 [nouveau]
 [<fa9639a0>] nouveau_fence_sync+0x1a0/0x1c0 [nouveau]
 [<fa964046>] validate_list+0x176/0x300 [nouveau]
 [<f7d9c9c0>] ? ttm_bo_mem_put+0x30/0x30 [ttm]
 [<fa964b8a>] nouveau_gem_ioctl_pushbuf+0x48a/0xfd0 [nouveau]
 [<c0406481>] ? die+0x31/0x80
 [<f7c93d98>] drm_ioctl+0x388/0x490 [drm]
 [<c0406481>] ? die+0x31/0x80
 [<fa964700>] ? nouveau_gem_ioctl_new+0x150/0x150 [nouveau]
 [<c0635c7b>] ? file_has_perm+0xcb/0xe0
 [<f7c93a10>] ? drm_copy_field+0x80/0x80 [drm]
 [<c0564f56>] do_vfs_ioctl+0x86/0x5b0
 [<c0406481>] ? die+0x31/0x80
 [<c0635f22>] ? selinux_file_ioctl+0x62/0x130
 [<c0554f30>] ? fget_light+0x30/0x340
 [<c05654ef>] sys_ioctl+0x6f/0x80
 [<c099e3a4>] syscall_call+0x7/0xb
 [<c0406481>] ? die+0x31/0x80
 [<c0406481>] ? die+0x31/0x80

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
Cc: stable@vger.kernel.org
2012-02-01 15:27:20 +10:00
..
Kconfig drm: fix nouveau_acpi build 2011-05-16 11:57:20 +10:00
Makefile drm/nouveau/gpio: reimplement as nouveau_gpio.c, fixing a number of issues 2011-12-21 19:01:45 +10:00
nouveau_acpi.c nouveau: Support Optimus models for vga_switcheroo 2012-01-13 09:09:15 +00:00
nouveau_backlight.c drm/nva3/backlight: add suppport for newer style backlight regs 2011-09-20 16:10:06 +10:00
nouveau_bios.c drm/nouveau/gpio: reimplement as nouveau_gpio.c, fixing a number of issues 2011-12-21 19:01:45 +10:00
nouveau_bios.h drm/nouveau/disp: check that panel power gpio is enabled at init time 2012-02-01 15:23:55 +10:00
nouveau_bo.c drm/ttm: fix two regressions since move_notify changes 2012-01-25 18:54:28 +00:00
nouveau_calc.c drm/nouveau: make the behaviour of get_pll_limits() consistent 2010-09-24 16:26:49 +10:00
nouveau_channel.c drm/nouveau: Fix pushbufs over the 4GB mark. 2011-12-21 19:01:46 +10:00
nouveau_connector.c drm/nouveau/gpio: reimplement as nouveau_gpio.c, fixing a number of issues 2011-12-21 19:01:45 +10:00
nouveau_connector.h drm/nouveau/disp: parse connector info directly in nouveau_connector.c 2011-12-21 19:01:41 +10:00
nouveau_crtc.h drm/nouveau/disp: kill off nouveau_crtc.mode 2011-12-21 19:01:22 +10:00
nouveau_debugfs.c drm/nouveau: Fix pushbufs over the 4GB mark. 2011-12-21 19:01:46 +10:00
nouveau_display.c drm/nouveau/disp: check that panel power gpio is enabled at init time 2012-02-01 15:23:55 +10:00
nouveau_dma.c drm/nouveau: Fix pushbufs over the 4GB mark. 2011-12-21 19:01:46 +10:00
nouveau_dma.h drm/nouveau: remove no_vm/mappable flags from nouveau_bo 2011-02-25 06:45:34 +10:00
nouveau_dp.c drm/nouveau/gpio: reimplement as nouveau_gpio.c, fixing a number of issues 2011-12-21 19:01:45 +10:00
nouveau_drv.c drm/nouveau: fix typo on mxmdcb option 2012-02-01 15:23:59 +10:00
nouveau_drv.h nouveau: Support Optimus models for vga_switcheroo 2012-01-13 09:09:15 +00:00
nouveau_encoder.h drm/nouveau/dp: enable down-spread if vbios and sink support it 2011-09-20 16:10:35 +10:00
nouveau_fb.h drm/nouveau: move master modesetting init to nouveau_display 2011-12-21 19:01:16 +10:00
nouveau_fbcon.c drm/nouveau: re-jig fbcon suspend/resume process a little 2011-12-21 19:01:34 +10:00
nouveau_fbcon.h drm/nvc0: implement fbcon acceleration 2010-12-21 17:18:39 +10:00
nouveau_fence.c drm/nouveau: initialize chan->fence.lock before use 2011-11-10 08:58:53 +10:00
nouveau_gem.c drm/nouveau/gem: fix fence_sync race / oops 2012-02-01 15:27:20 +10:00
nouveau_gpio.c drm/nouveau/gpio: reimplement as nouveau_gpio.c, fixing a number of issues 2011-12-21 19:01:45 +10:00
nouveau_gpio.h drm/nouveau/gpio: reimplement as nouveau_gpio.c, fixing a number of issues 2011-12-21 19:01:45 +10:00
nouveau_grctx.h drm/nouveau: Fix missing whitespace checkpatch.pl errors. 2011-05-16 10:47:25 +10:00
nouveau_hdmi.c drm/nouveau/hdmi: enable audio for nva3:nvd0 chipsets 2011-12-21 19:01:31 +10:00
nouveau_hw.c drm/nv17-nv40: Fix modesetting failure when pitch == 4096px (fdo bug 35901). 2011-06-07 09:22:29 +10:00
nouveau_hw.h drm/nv04: Fix scanout over the 16MB mark. 2010-11-18 14:38:38 +10:00
nouveau_hwsq.h drm/nouveau/hwsq: remove some magic, give proper opcode names 2011-12-21 19:01:44 +10:00
nouveau_i2c.c drm/nouveau/i2c: handle bit-banging ourselves 2011-12-21 19:01:41 +10:00
nouveau_i2c.h drm/nouveau/i2c: handle bit-banging ourselves 2011-12-21 19:01:41 +10:00
nouveau_ioc32.c
nouveau_irq.c drm/nouveau: detect disabled device in irq handler and return IRQ_NONE 2011-07-25 09:42:09 +10:00
nouveau_mem.c drm/nouveau/bios: pass drm_device to ROMPTR, rather than nvbios 2011-12-21 19:01:39 +10:00
nouveau_mm.c drm/nouveau: allow a nouveau_mm to be created with holes 2011-09-20 16:04:00 +10:00
nouveau_mm.h drm/nouveau: allow a nouveau_mm to be created with holes 2011-09-20 16:04:00 +10:00
nouveau_mxm.c drm/nouveau/mxm: pretend to succeed, even if we can't shadow the MXM-SIS 2012-02-01 15:23:58 +10:00
nouveau_notifier.c drm/nouveau: Fix notifier blocks over the 4GB mark. 2011-12-21 19:01:47 +10:00
nouveau_object.c drm/nvd0/disp: add support for page flipping 2011-12-21 19:01:37 +10:00
nouveau_perf.c drm/nouveau/bios: pass drm_device to ROMPTR, rather than nvbios 2011-12-21 19:01:39 +10:00
nouveau_pm.c drm/nouveau/pm: fix build with HWMON off 2012-01-10 10:13:16 +00:00
nouveau_pm.h drm/nvc0/pm: initial engine reclocking 2011-12-21 19:01:46 +10:00
nouveau_ramht.c drm/nv50-nvc0: fix ramht entries for multiple evo channels 2011-02-25 06:44:48 +10:00
nouveau_ramht.h drm/nouveau: return error from nouveau_ramht_remove() if not found 2010-12-03 15:05:27 +10:00
nouveau_reg.h drm/nva3/backlight: add suppport for newer style backlight regs 2011-09-20 16:10:06 +10:00
nouveau_sgdma.c drm/ttm: isolate dma data from ttm_tt V4 2011-12-06 10:40:02 +00:00
nouveau_state.c nouveau: Support Optimus models for vga_switcheroo 2012-01-13 09:09:15 +00:00
nouveau_temp.c drm/nouveau/i2c: do parsing of i2c-related vbios info in nouveau_i2c.c 2011-12-21 19:01:40 +10:00
nouveau_ttm.c drm: move ttm global code to core drm 2010-08-04 09:46:06 +10:00
nouveau_util.c drm/nouveau: add nouveau_enum_find() util function 2011-03-14 16:31:50 +10:00
nouveau_util.h drm/nouveau: add nouveau_enum_find() util function 2011-03-14 16:31:50 +10:00
nouveau_vm.c drm/nouveau/ttm: fix crash as a result of a recent ttm change 2011-12-22 15:23:25 +10:00
nouveau_vm.h drm/nouveau/ttm: fix crash as a result of a recent ttm change 2011-12-22 15:23:25 +10:00
nouveau_volt.c drm/nouveau/gpio: reimplement as nouveau_gpio.c, fixing a number of issues 2011-12-21 19:01:45 +10:00
nv04_crtc.c drm: Replace pitch with pitches[] in drm_framebuffer 2011-12-20 10:06:27 +00:00
nv04_cursor.c
nv04_dac.c drm/nouveau/gpio: reimplement as nouveau_gpio.c, fixing a number of issues 2011-12-21 19:01:45 +10:00
nv04_dfp.c drm/nv04/disp: handle dual-link spwg panels without needing quirks 2011-12-21 19:01:43 +10:00
nv04_display.c drm/nouveau: move hpd enable/disable to common code 2011-12-21 19:01:46 +10:00
nv04_fb.c
nv04_fbcon.c drm/nouveau: implicitly insert non-DMA objects into RAMHT 2010-12-08 03:00:35 +01:00
nv04_fifo.c drm/nv50: check for vm traps on every gr irq 2011-03-14 16:32:30 +10:00
nv04_graph.c drm/nouveau/gr: disable fifo access and idle before suspend ctx unload 2011-07-25 09:43:38 +10:00
nv04_instmem.c DRM: remove drm_pci_device_is_pcie 2011-07-13 08:14:52 +01:00
nv04_mc.c drm/nouveau: Disable PROM access on init. 2010-07-13 10:13:58 +10:00
nv04_pm.c drm/nv04-nv30/pm: port to newer interfaces 2011-12-21 19:01:24 +10:00
nv04_timer.c drm/nouveau/pm: remove the older interfaces completely 2011-12-21 19:01:25 +10:00
nv04_tv.c drm/nv0x-nv4x: Leave the 0x40 bit untouched when changing CRE_LCD. 2010-10-05 09:58:43 +10:00
nv10_fb.c drm/nv20: Add Z compression support. 2010-12-03 15:11:21 +10:00
nv10_fifo.c drm/nouveau: make fifo.create_context() responsible for mapping control regs 2010-12-08 03:00:34 +01:00
nv10_gpio.c drm/nv40/disp: implement support for hotplug irq 2011-12-21 19:01:45 +10:00
nv10_graph.c drm/nouveau/gr: disable fifo access and idle before suspend ctx unload 2011-07-25 09:43:38 +10:00
nv17_tv.c drm/nouveau/gpio: reimplement as nouveau_gpio.c, fixing a number of issues 2011-12-21 19:01:45 +10:00
nv17_tv.h drm: Mark constant arrays of drm_display_mode const 2011-02-23 11:13:11 +10:00
nv17_tv_modes.c drm: Mark constant arrays of drm_display_mode const 2011-02-23 11:13:11 +10:00
nv20_graph.c drm/nouveau/gr: disable fifo access and idle before suspend ctx unload 2011-07-25 09:43:38 +10:00
nv30_fb.c drm/nouveau: Rework tile region handling. 2010-12-03 15:11:20 +10:00
nv31_mpeg.c drm/nv31/mpeg: support for a single class3174 user 2011-09-20 16:03:44 +10:00
nv40_fb.c drm/nv40: implement support for on-chip PCIEGART 2011-02-25 06:44:04 +10:00
nv40_fifo.c drm/nv40/vpe: add support for PMPEG 2011-05-16 10:48:56 +10:00
nv40_graph.c drm/nouveau: pass flag to engine fini() method on suspend 2011-07-25 09:43:22 +10:00
nv40_grctx.c drm/nv40: make detection of 0x4097-ful chipsets available everywhere 2011-01-17 11:28:31 +10:00
nv40_mc.c drm/nv40: initialise 0x17xx on all chipsets that have it 2011-01-17 11:28:43 +10:00
nv40_pm.c drm/nouveau: just pass gpio line to pwm_*, not entire gpio struct 2011-12-21 19:01:44 +10:00
nv50_calc.c drm/nva3/clk: better pll calculation when no fractional fb div available 2011-05-16 10:50:59 +10:00
nv50_crtc.c drm/nv50/disp: fix scaling of doublescan modes 2011-12-21 19:01:23 +10:00
nv50_cursor.c drm/nouveau: make general drm modesetting init common 2011-09-20 16:05:04 +10:00
nv50_dac.c drm/nv50/disp: disconnect encoders before reprogramming them 2011-12-21 19:01:19 +10:00
nv50_display.c drm/nouveau: move hpd enable/disable to common code 2011-12-21 19:01:46 +10:00
nv50_display.h drm/nv50/disp: fix evo for create/init + destroy/fini split 2011-12-21 19:01:34 +10:00
nv50_evo.c drm/nv50/disp: fix evo for create/init + destroy/fini split 2011-12-21 19:01:34 +10:00
nv50_evo.h drm/nv50-nvc0: initialise display sync channels 2011-02-25 06:45:11 +10:00
nv50_fb.c drm/nv50: check for vm traps on every gr irq 2011-03-14 16:32:30 +10:00
nv50_fbcon.c drm/nv50-nvc0: explicitly map fbcon fb into channel vm 2011-06-23 15:59:59 +10:00
nv50_fifo.c drm/nouveau: Fix pushbufs over the 4GB mark. 2011-12-21 19:01:46 +10:00
nv50_gpio.c drm/nouveau/gpio: reimplement as nouveau_gpio.c, fixing a number of issues 2011-12-21 19:01:45 +10:00
nv50_graph.c drm/nv50: also report errors in MP1/MP2 when they happen. 2011-12-21 19:01:17 +10:00
nv50_grctx.c drm/nv50: fix stability issue on NV86. 2011-11-10 08:58:57 +10:00
nv50_instmem.c drm/nouveau: will need to specify channel for vm-ful gpuobj allocations 2011-06-23 15:59:18 +10:00
nv50_mc.c drm/nouveau: introduce gpio engine 2010-07-26 11:43:57 +10:00
nv50_mpeg.c drm/nouveau: pass flag to engine fini() method on suspend 2011-07-25 09:43:22 +10:00
nv50_pm.c drm/nouveau: just pass gpio line to pwm_*, not entire gpio struct 2011-12-21 19:01:44 +10:00
nv50_sor.c drm/nouveau/disp: kill off nouveau_crtc.mode 2011-12-21 19:01:22 +10:00
nv50_vm.c drm/nv50: fix page faulting for 128MB page table sizes 2011-12-21 19:01:31 +10:00
nv50_vram.c drm/nv50/vram: fix incorrect detection of bank count on newer chipsets 2011-11-10 08:58:47 +10:00
nv84_bsp.c drm/nouveau/vdec: implement stub modules for the known engines 2011-12-21 19:01:10 +10:00
nv84_crypt.c drm/nouveau: pass flag to engine fini() method on suspend 2011-07-25 09:43:22 +10:00
nv84_vp.c drm/nouveau/vdec: implement stub modules for the known engines 2011-12-21 19:01:10 +10:00
nv98_crypt.c drm/nouveau/vdec: implement stub modules for the known engines 2011-12-21 19:01:10 +10:00
nv98_ppp.c drm/nouveau/vdec: implement stub modules for the known engines 2011-12-21 19:01:10 +10:00
nva3_copy.c drm/nouveau: pass flag to engine fini() method on suspend 2011-07-25 09:43:22 +10:00
nva3_copy.fuc drm/nva3/copy: fix typo in fuc which caused host to not recieve exceptions 2011-12-21 19:01:30 +10:00
nva3_copy.fuc.h drm/nva3/copy: fix typo in fuc which caused host to not recieve exceptions 2011-12-21 19:01:30 +10:00
nva3_pm.c drm/nouveau/pm: make clocks_set return an error code clocks_set can fail. 2011-12-21 19:01:23 +10:00
nvc0_copy.c drm/nouveau: pass flag to engine fini() method on suspend 2011-07-25 09:43:22 +10:00
nvc0_copy.fuc.h drm/nva3/copy: fix typo in fuc which caused host to not recieve exceptions 2011-12-21 19:01:30 +10:00
nvc0_fb.c drm/nvc0/fb: slightly improve PMFB intr handling, move out of nvc0_graph.c 2011-09-20 16:12:21 +10:00
nvc0_fbcon.c drm/nv50-nvc0: explicitly map notifier bo into channel vm 2011-06-23 16:00:04 +10:00
nvc0_fifo.c drm/nvc0/fifo: avoid touching missing subfifos 2011-09-20 16:12:18 +10:00
nvc0_graph.c drm/nvc0/gr: add initial support for nvd9, not quite there yet.. 2011-12-21 19:01:27 +10:00
nvc0_graph.fuc drm/nvc0/gr: update fuc source to assemble with latest envyas 2011-12-21 19:01:26 +10:00
nvc0_graph.h drm/nvc0/gr: add initial support for nvd9, not quite there yet.. 2011-12-21 19:01:27 +10:00
nvc0_grctx.c drm/nvc0/gr: add initial support for nvd9, not quite there yet.. 2011-12-21 19:01:27 +10:00
nvc0_grgpc.fuc drm/nvc0/gr: add initial support for nvd9, not quite there yet.. 2011-12-21 19:01:27 +10:00
nvc0_grgpc.fuc.h drm/nvc0/gr: add initial support for nvd9, not quite there yet.. 2011-12-21 19:01:27 +10:00
nvc0_grhub.fuc drm/nvc0/gr: add initial support for nvd9, not quite there yet.. 2011-12-21 19:01:27 +10:00
nvc0_grhub.fuc.h drm/nvc0/gr: add initial support for nvd9, not quite there yet.. 2011-12-21 19:01:27 +10:00
nvc0_instmem.c drm/nvc0: enable per-client address spaces 2011-06-23 16:01:41 +10:00
nvc0_pm.c drm/nvc0/pm: initial engine reclocking 2011-12-21 19:01:46 +10:00
nvc0_vm.c drm/nv50-nvc0/vm: don't touch chan_vm 2011-06-23 15:58:40 +10:00
nvc0_vram.c drm/nvc0/vram: skip disabled PBFB subunits 2011-11-10 09:00:02 +10:00
nvd0_display.c drm/nouveau/disp: parse connector info directly in nouveau_connector.c 2011-12-21 19:01:41 +10:00
nvreg.h drm/nv17-nv40: Fix modesetting failure when pitch == 4096px (fdo bug 35901). 2011-06-07 09:22:29 +10:00