[Bug 16193] NULL pointer dereference - radeon_unmap_vram_bos+0x22/0x50

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



https://bugzilla.kernel.org/show_bug.cgi?id=16193

Scott Wood <scott@xxxxxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |scott@xxxxxxxxxxxx

--- Comment #3 from Scott Wood <scott@xxxxxxxxxxxx> ---
I saw this (or something very similar) on Ubuntu's 3.8.0-27 kernel (but I hope
this is useful information anyway -- I doubt it's an Ubuntu issue, and this
code doesn't appear to have changed since 3.8), when using alt-enter to toggle
fullscreen in dosbox (which worked many times in the past, so it's not easily
reproduceable).

The NULL pointer is in rdev->gem.objects.  I notice that elsewhere,
rdev->gem.mutex is held when the list is modified, but it does not appear to be
held when traversed in radeon_unmap_vram_bos().  Will ttm_bo_unmap_virtual()
ever acquire gem.mutex itself (i.e. can bo->destroy() be called)?  It wasn't
immediately obvious that it would from reading the code, but if
ttm_bo_unmap_virtual() can't cause list entry deletion then why use
list_for_each_entry_safe()?  Is there something else that ensures that the list
won't be modified concurrently with radeon_unmap_vram_bos()?

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
dri-devel mailing list
dri-devel@xxxxxxxxxxxxxxxxxxxxx
http://lists.freedesktop.org/mailman/listinfo/dri-devel




[Index of Archives]     [Linux DRI Users]     [Linux Intel Graphics]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [XFree86]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [XFree86]
  Powered by Linux