Skip to content

Commit

Permalink
drm: Unlink dead file_priv from list of active files first
Browse files Browse the repository at this point in the history 
In order to prevent external observers walking the list of open DRM
files from seeing an invalid drm_file_private in the process of being
torndown, the first operation we need to take is to unlink the
drm_file_private from that list.

	general protection fault: 0000 [#1] PREEMPT SMP
	Modules linked in: i915 i2c_algo_bit drm_kms_helper drm lpc_ich mfd_core nls_iso8859_1 i2c_hid video hid_generic usbhid hid e1000e ahci ptp libahci pps_core
	CPU: 3 PID: 8220 Comm: cat Not tainted 3.16.0-rc6+ MIPS#4
	Hardware name: Intel Corporation Shark Bay Client platform/WhiteTip Mountain 1, BIOS HSWLPTU1.86C.0119.R00.1303230105 03/23/2013
	task: ffff8800219642c0 ti: ffff880047024000 task.ti: ffff880047024000
	RIP: 0010:[<ffffffffa0137c70>]  [<ffffffffa0137c70>] per_file_stats+0x110/0x160 [i915]
	RSP: 0018:ffff880047027d48  EFLAGS: 00010246
	RAX: 6b6b6b6b6b6b6b6b RBX: ffff880047027e30 RCX: 0000000000000000
	RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff88003a05cd00
	RBP: ffff880047027d58 R08: 0000000000000001 R09: 0000000000000000
	R10: ffff8800219642c0 R11: 0000000000000000 R12: ffff88003a05cd00
	R13: 0000000000000000 R14: ffff88003a05cd00 R15: ffff880047027d88
	FS:  00007f5f73a13740(0000) GS:ffff88014e380000(0000) knlGS:0000000000000000
	CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
	CR2: 00000000023ff038 CR3: 0000000021a4b000 CR4: 00000000001407e0
	Stack:
	 0000000000000001 000000000000ffff ffff880047027dc8 ffffffff813438e4
	 ffff880047027e30 ffffffffa0137b60 ffff880021a8af58 ffff880021a8f1a0
	 ffff8800a2061fb0 ffff8800a2062048 ffff8800a2061fb0 ffff8800a1e23478
	Call Trace:
	 [<ffffffff813438e4>] idr_for_each+0xf4/0x180
	 [<ffffffffa0137b60>] ? i915_gem_stolen_list_info+0x1f0/0x1f0 [i915]
	 [<ffffffffa013a17a>] i915_gem_object_info+0x5ca/0x6a0 [i915]
	 [<ffffffff81193ec5>] seq_read+0xf5/0x3a0
	 [<ffffffff8116d950>] vfs_read+0x90/0x150
	 [<ffffffff8116e509>] SyS_read+0x49/0xb0
	 [<ffffffff815d8622>] tracesys+0xd0/0xd5
	Code: 01 00 00 49 39 84 24 08 01 00 00 74 55 49 8b 84 24 b8 00 00 00 48 01 43 18 31 c0 5b 41 5c 5d c3 0f 1f 00 49 8b 44 24 08 4c 89 e7 <48> 8b 70 28 48 81 c6 48 80 00 00 e8 80 14 01 00 84 c0 74 bc 49
	RIP  [<ffffffffa0137c70>] per_file_stats+0x110/0x160 [i915]
	RSP <ffff880047027d48>

Reported-by: "Ursulin, Tvrtko" <[email protected]>
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=81712
Signed-off-by: Chris Wilson <[email protected]>
Cc: "Ursulin, Tvrtko" <[email protected]>
Reviewed-by: David Herrmann <[email protected]>
Signed-off-by: Dave Airlie <[email protected]>
  • Loading branch information
@ickle @airlied
ickle authored and airlied committed Aug 5, 2014
1 parent a91576d commit dff01de
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions drivers/gpu/drm/drm_fops.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -425,6 +425,10 @@ int drm_release(struct inode *inode, struct file *filp)

DRM_DEBUG("open_count = %d\n", dev->open_count);

mutex_lock(&dev->struct_mutex);
list_del(&file_priv->lhead);
mutex_unlock(&dev->struct_mutex);

if (dev->driver->preclose)
dev->driver->preclose(dev, file_priv);

Expand Down Expand Up @@ -518,10 +522,6 @@ int drm_release(struct inode *inode, struct file *filp)
file_priv->is_master = 0;
mutex_unlock(&dev->master_mutex);

mutex_lock(&dev->struct_mutex);
list_del(&file_priv->lhead);
mutex_unlock(&dev->struct_mutex);

if (dev->driver->postclose)
dev->driver->postclose(dev, file_priv);

Expand Down

0 comments on commit dff01de

Please sign in to comment.