On Fri, Sep 25, 2015 at 01:57:58PM +0200, Lucas Stach wrote:
> +void etnaviv_gpu_cmdbuf_free(struct etnaviv_cmdbuf *cmdbuf)
> +{
> + dma_free_writecombine(cmdbuf->gpu->dev, cmdbuf->size,
> + cmdbuf->vaddr, cmdbuf->paddr);
> + kfree(cmdbuf);
> +}
...
> @@ -885,6 +914,14 @@ static void retire_worker(struct work_struct *work)
> + list_for_each_entry_safe(cmdbuf, tmp, &gpu->active_cmd_list,
> + gpu_active_list) {
> + if (fence_after_eq(fence, cmdbuf->fence)) {
> + etnaviv_gpu_cmdbuf_free(cmdbuf);
> + list_del(&cmdbuf->gpu_active_list);
I mentioned that I'd left one of my machines on a soak test - with vlc
running with a video clip, but in pause mode. vlc continues writing
frames to the etnaviv Xv GPU backend, thereby exercising these code
paths. After about 39 hours, the above provoked the oops below, which
is a use-after-free bug. Fix on its way to my git branch once builds
and reboots are complete.
Unable to handle kernel NULL pointer dereference at virtual address 00000004
pgd = c0004000
[00000004] *pgd=00000000
Internal error: Oops: 817 [#1] SMP ARM
Modules linked in: bnep rfcomm bluetooth algif_hash af_alg nfsd exportfs caam_jr rc_cec coda snd_soc_fsl_spdif imx_pcm_dma imx_sdma v4l2_mem2mem videobuf2_dma_contig cecd_dw_hdmi caam videobuf2_vmalloc videobuf2_memops imx2_wdt imx_thermal snd_soc_imx_spdif
CPU: 0 PID: 9381 Comm: kworker/u8:0 Not tainted 4.3.0-rc6+ #1862[140431.268864] Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree)
Workqueue: etnaviv retire_worker
task: ea478000 ti: ea638000 task.ti: ea638000
PC is at retire_worker+0x108/0x158
LR is at mark_held_locks+0x74/0x98
pc : [<c0544134>] lr : [<c0077838>] psr: 200f0013
sp : ea639e58 ip : 0000022e fp : ea639e8c
r10: 00000200 r9 : 00000100 r8 : ee28b5b0
r7 : ee28b5f0 r6 : 00385989 r5 : ee28b598 r4 : ed0eeb40
r3 : c05439f0 r2 : 00000080 r1 : 00000000 r0 : 00000001
Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none
Control: 10c5387d Table: 3d02804a DAC: 00000051
Process kworker/u8:0 (pid: 9381, stack limit = 0xea638210)
Stack: (0xea639e58 to 0xea63a000)
9e40: ea639e74 ee2b2834
9e60: c0077a58 ee28b5f0 e9595880 ee822000 ea639eb0 00000000 c09f40f8 ee1a4600
9e80: ea639eec ea639e90 c0047b4c c0544038 00000001 00000000 c0047ab8 ee822000
...
Backtrace:
[<c054402c>] (retire_worker) from [<c0047b4c>] (process_one_work+0x1c4/0x4b0)
r10:ee1a4600 r9:c09f40f8 r8:00000000 r7:ea639eb0 r6:ee822000 r5:e9595880
r4:ee28b5f0
[<c0047988>] (process_one_work) from [<c0047ea8>] (worker_thread+0x34/0x4b0)
r10:ee822000 r9:ee822000 r8:00000088 r7:e9595898 r6:e9595880 r5:00000001
r4:ee822030
[<c0047e74>] (worker_thread) from [<c004e0f4>] (kthread+0xe0/0xfc)
r10:00000000 r9:00000000 r8:00000000 r7:c0047e74 r6:e9595880 r5:00000000
r4:e1fdc800
[<c004e014>] (kthread) from [<c000fcf0>] (ret_from_fork+0x14/0x24)
r7:00000000 r6:00000000 r5:c004e014 r4:e1fdc800
Code: ba000006 ebffff50 e594301c e5941018 (e5813004)
---[ end trace d430e2a4bd7d6777 ]---
--
FTTC broadband for 0.8mile line: currently at 9.6Mbps down 400kbps up
according to speedtest.net.
_______________________________________________
dri-devel mailing list
dri-devel@xxxxxxxxxxxxxxxxxxxxx
http://lists.freedesktop.org/mailman/listinfo/dri-devel
