From owner-freebsd-x11@FreeBSD.ORG Tue Jul 17 04:23:24 2007 Return-Path: X-Original-To: x11@freebsd.org Delivered-To: freebsd-x11@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 4B8E516A405 for ; Tue, 17 Jul 2007 04:23:24 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from relay02.kiev.sovam.com (relay02.kiev.sovam.com [62.64.120.197]) by mx1.freebsd.org (Postfix) with ESMTP id D7F0C13C4B3 for ; Tue, 17 Jul 2007 04:23:23 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from [89.162.146.170] (helo=skuns.kiev.zoral.com.ua) by relay02.kiev.sovam.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.67) (envelope-from ) id 1IAean-000LaI-Fi for x11@freebsd.org; Tue, 17 Jul 2007 07:23:22 +0300 Received: from deviant.kiev.zoral.com.ua (root@[10.1.1.148]) by skuns.kiev.zoral.com.ua (8.14.1/8.14.1) with ESMTP id l6H4NAbf044770 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 17 Jul 2007 07:23:10 +0300 (EEST) (envelope-from kostikbel@gmail.com) Received: from deviant.kiev.zoral.com.ua (kostik@localhost [127.0.0.1]) by deviant.kiev.zoral.com.ua (8.14.1/8.14.1) with ESMTP id l6H4NA1J021022; Tue, 17 Jul 2007 07:23:10 +0300 (EEST) (envelope-from kostikbel@gmail.com) Received: (from kostik@localhost) by deviant.kiev.zoral.com.ua (8.14.1/8.14.1/Submit) id l6H4NAT3021021; Tue, 17 Jul 2007 07:23:10 +0300 (EEST) (envelope-from kostikbel@gmail.com) X-Authentication-Warning: deviant.kiev.zoral.com.ua: kostik set sender to kostikbel@gmail.com using -f Date: Tue, 17 Jul 2007 07:23:09 +0300 From: Kostik Belousov To: Ganbold Message-ID: <20070717042309.GY2200@deviant.kiev.zoral.com.ua> References: <469B17BB.9050305@micom.mng.net> <20070716105316.GT2200@deviant.kiev.zoral.com.ua> <469C240B.4060201@micom.mng.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="uQTKok2xqDOM7hgb" Content-Disposition: inline In-Reply-To: <469C240B.4060201@micom.mng.net> User-Agent: Mutt/1.4.2.3i X-Virus-Scanned: ClamAV version 0.90.3, clamav-milter version 0.90.3 on skuns.kiev.zoral.com.ua X-Virus-Status: Clean X-Spam-Status: No, score=-1.4 required=5.0 tests=ALL_TRUSTED autolearn=failed version=3.2.1 X-Spam-Checker-Version: SpamAssassin 3.2.1 (2007-05-02) on skuns.kiev.zoral.com.ua X-Scanner-Signature: 48c43105dfcb091c67f23aa77fb19ea2 X-DrWeb-checked: yes X-SpamTest-Envelope-From: kostikbel@gmail.com X-SpamTest-Group-ID: 00000000 X-SpamTest-Header: Not Detected X-SpamTest-Info: Profiles 1229 [July 16 2007] X-SpamTest-Info: helo_type=3 X-SpamTest-Method: none X-SpamTest-Rate: 0 X-SpamTest-Status: Not detected X-SpamTest-Status-Extended: not_detected X-SpamTest-Version: SMTP-Filter Version 3.0.0 [0255], KAS30/Release Cc: x11@freebsd.org Subject: Re: LOR when running google-earth X-BeenThere: freebsd-x11@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: X11 on FreeBSD -- maintaining and support List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Jul 2007 04:23:24 -0000 --uQTKok2xqDOM7hgb Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jul 17, 2007 at 10:06:03AM +0800, Ganbold wrote: > Hi, >=20 > I have new LOR here after applying this patch: >=20 > lock order reversal: (sleepable after non-sleepable) > 1st 0xc3e3e4d8 drm device (drm device) @=20 > /usr/src/sys/modules/drm/i915/../../../dev/drm/i915_dma.c:675 > 2nd 0xc42bb784 user map (user map) @ /usr/src/sys/vm/vm_map.c:1818 > KDB: stack backtrace: > db_trace_self_wrapper(c08a24a7,e6386a08,c066801e,c08a4988,c42bb784,...)= =20 > at db_trace_self_wrapper+0x26 > kdb_backtrace(c08a4988,c42bb784,c08bca1a,c08bca1a,c08bc9af,...) at=20 > kdb_backtrace+0x29 > witness_checkorder(c42bb784,9,c08bc9af,71a,e6386a3c,...) at=20 > witness_checkorder+0x6de > _sx_xlock(c42bb784,0,c08bc9af,71a,c3e3e400,...) at _sx_xlock+0x7d > _vm_map_lock(c42bb740,c08bc9af,71a,e6386a84,c06677fc,...) at=20 > _vm_map_lock+0x51 > vm_map_unwire(c42bb740,8570000,8571000,0,e6386b34,...) at vm_map_unwire+0= x2d > vsunlock(8570df8,30,c450171e,2a3,e6386b0c,...) at vsunlock+0x46 > i915_cmdbuffer(c4358b00,8018644b,c3e1ae00,3,c3ef0000,...) at=20 > i915_cmdbuffer+0x5c8 > drm_ioctl(c4358b00,8018644b,c3e1ae00,3,c3ef0000,...) at drm_ioctl+0x357 > giant_ioctl(c4358b00,8018644b,c3e1ae00,3,c3ef0000,...) at giant_ioctl+0x56 > devfs_ioctl_f(c4e10678,8018644b,c3e1ae00,c4359a00,c3ef0000,...) at=20 > devfs_ioctl_f+0xc9 > kern_ioctl(c3ef0000,9,8018644b,c3e1ae00,386c4c,...) at kern_ioctl+0x243 > ioctl(c3ef0000,e6386cfc,e6386c80,c4027e4a,c3ef0000,...) at ioctl+0x134 > linux_ioctl_drm(c3ef0000,e6386cfc,c4035c45,a2f,c3ef0000,...) at=20 > linux_ioctl_drm+0x2f > linux_ioctl(c3ef0000,e6386cfc,e6386cf8,e6386d1c,c4037dd0,...) at=20 > linux_ioctl+0xca > syscall(e6386d38) at syscall+0x2b3 > Xint0x80_syscall() at Xint0x80_syscall+0x20 > --- syscall (54, Linux ELF, linux_ioctl), eip =3D 0x49ea95f4, esp =3D=20 > 0xbfbfdf0c, ebp =3D 0xbfbfdf2c --- > KDB: enter: witness_checkorder > [thread pid 991 tid 100083 ] > Stopped at kdb_enter+0x32: leave > db> bt > Tracing pid 991 tid 100083 td 0xc3ef0000 > kdb_enter(c085f570,c42bb784,c08bca1a,c08bca1a,c08bc9af,...) at=20 > kdb_enter+0x32 > witness_checkorder(c42bb784,9,c08bc9af,71a,e6386a3c,...) at=20 > witness_checkorder+0x6f3 > _sx_xlock(c42bb784,0,c08bc9af,71a,c3e3e400,...) at _sx_xlock+0x7d > _vm_map_lock(c42bb740,c08bc9af,71a,e6386a84,c06677fc,...) at=20 > _vm_map_lock+0x51 > vm_map_unwire(c42bb740,8570000,8571000,0,e6386b34,...) at vm_map_unwire+0= x2d > vsunlock(8570df8,30,c450171e,2a3,e6386b0c,...) at vsunlock+0x46 > i915_cmdbuffer(c4358b00,8018644b,c3e1ae00,3,c3ef0000,...) at=20 > i915_cmdbuffer+0x5c8 > drm_ioctl(c4358b00,8018644b,c3e1ae00,3,c3ef0000,...) at drm_ioctl+0x357 > giant_ioctl(c4358b00,8018644b,c3e1ae00,3,c3ef0000,...) at giant_ioctl+0x56 > devfs_ioctl_f(c4e10678,8018644b,c3e1ae00,c4359a00,c3ef0000,...) at=20 > devfs_ioctl_f+0xc9 > kern_ioctl(c3ef0000,9,8018644b,c3e1ae00,386c4c,...) at kern_ioctl+0x243 > ioctl(c3ef0000,e6386cfc,e6386c80,c4027e4a,c3ef0000,...) at ioctl+0x134 > linux_ioctl_drm(c3ef0000,e6386cfc,c4035c45,a2f,c3ef0000,...) at=20 > linux_ioctl_drm+0x2f > linux_ioctl(c3ef0000,e6386cfc,e6386cf8,e6386d1c,c4037dd0,...) at=20 > linux_ioctl+0xca > syscall(e6386d38) at syscall+0x2b3 > Xint0x80_syscall() at Xint0x80_syscall+0x20 > --- syscall (54, Linux ELF, linux_ioctl), eip =3D 0x49ea95f4, esp =3D=20 > 0xbfbfdf0c, ebp =3D 0xbfbfdf2c --- > db> My fault. Updated patch below. Did you experienced any other bad effects of the patch, aside from the LOR above ? diff --git a/sys/dev/drm/i915_dma.c b/sys/dev/drm/i915_dma.c index dfaf334..c9dd799 100644 --- a/sys/dev/drm/i915_dma.c +++ b/sys/dev/drm/i915_dma.c @@ -367,20 +367,14 @@ static int i915_emit_cmds(drm_device_t * dev, int __u= ser * buffer, int dwords) for (i =3D 0; i < dwords;) { int cmd, sz; =20 - if (DRM_COPY_FROM_USER_UNCHECKED(&cmd, &buffer[i], sizeof(cmd))) { - - return DRM_ERR(EINVAL); - } + cmd =3D buffer[i]; if ((sz =3D validate_cmd(cmd)) =3D=3D 0 || i + sz > dwords) return DRM_ERR(EINVAL); =20 OUT_RING(cmd); =20 while (++i, --sz) { - if (DRM_COPY_FROM_USER_UNCHECKED(&cmd, &buffer[i], - sizeof(cmd))) { - return DRM_ERR(EINVAL); - } + cmd =3D buffer[i]; OUT_RING(cmd); } } @@ -401,10 +395,7 @@ static int i915_emit_box(drm_device_t * dev, drm_clip_rect_t box; RING_LOCALS; =20 - if (DRM_COPY_FROM_USER_UNCHECKED(&box, &boxes[i], sizeof(box))) { - return EFAULT; - } - + box =3D boxes[i]; if (box.y2 <=3D box.y1 || box.x2 <=3D box.x1 || box.y2 <=3D 0 || box.x2 <= =3D 0) { DRM_ERROR("Bad box %d,%d..%d,%d\n", box.x1, box.y1, box.x2, box.y2); @@ -604,6 +595,7 @@ static int i915_batchbuffer(DRM_IOCTL_ARGS) drm_i915_sarea_t *sarea_priv =3D (drm_i915_sarea_t *) dev_priv->sarea_priv; drm_i915_batchbuffer_t batch; + size_t cliplen; int ret; =20 if (!dev_priv->allow_batchbuffer) { @@ -619,14 +611,25 @@ static int i915_batchbuffer(DRM_IOCTL_ARGS) =20 LOCK_TEST_WITH_RETURN(dev, filp); =20 + DRM_UNLOCK(); + cliplen =3D batch.num_cliprects * sizeof(drm_clip_rect_t);=09 if (batch.num_cliprects && DRM_VERIFYAREA_READ(batch.cliprects, - batch.num_cliprects * - sizeof(drm_clip_rect_t))) + cliplen)) { + DRM_LOCK(); return DRM_ERR(EFAULT); - + } + ret =3D vslock(batch.cliprects, cliplen); + if (ret) { + DRM_ERROR("Fault wiring cliprects\n"); + DRM_LOCK(); + return DRM_ERR(EFAULT); + } + DRM_LOCK(); ret =3D i915_dispatch_batchbuffer(dev, &batch); - sarea_priv->last_dispatch =3D (int)hw_status[5]; + DRM_UNLOCK(); + vsunlock(batch.cliprects, cliplen); + DRM_LOCK(); return ret; } =20 @@ -638,6 +641,7 @@ static int i915_cmdbuffer(DRM_IOCTL_ARGS) drm_i915_sarea_t *sarea_priv =3D (drm_i915_sarea_t *) dev_priv->sarea_priv; drm_i915_cmdbuffer_t cmdbuf; + size_t cliplen; int ret; =20 DRM_COPY_FROM_USER_IOCTL(cmdbuf, (drm_i915_cmdbuffer_t __user *) data, @@ -648,22 +652,38 @@ static int i915_cmdbuffer(DRM_IOCTL_ARGS) =20 LOCK_TEST_WITH_RETURN(dev, filp); =20 + DRM_UNLOCK(); + cliplen =3D cmdbuf.num_cliprects * sizeof(drm_clip_rect_t); if (cmdbuf.num_cliprects && - DRM_VERIFYAREA_READ(cmdbuf.cliprects, - cmdbuf.num_cliprects * - sizeof(drm_clip_rect_t))) { + DRM_VERIFYAREA_READ(cmdbuf.cliprects, cliplen)) { DRM_ERROR("Fault accessing cliprects\n"); + DRM_LOCK(); return DRM_ERR(EFAULT); } - - ret =3D i915_dispatch_cmdbuffer(dev, &cmdbuf); + ret =3D vslock(cmdbuf.cliprects, cliplen); if (ret) { - DRM_ERROR("i915_dispatch_cmdbuffer failed\n"); - return ret; + DRM_ERROR("Fault wiring cliprects\n"); + DRM_LOCK(); + return DRM_ERR(EFAULT); } - - sarea_priv->last_dispatch =3D (int)hw_status[5]; - return 0; + ret =3D vslock(cmdbuf.buf, cmdbuf.sz); + if (ret) { + vsunlock(cmdbuf.cliprects, cliplen); + DRM_ERROR("Fault wiring cmds\n"); + DRM_LOCK(); + return DRM_ERR(EFAULT); + } + DRM_LOCK(); + ret =3D i915_dispatch_cmdbuffer(dev, &cmdbuf); + if (ret =3D=3D 0) + sarea_priv->last_dispatch =3D (int)hw_status[5]; + else + DRM_ERROR("i915_dispatch_cmdbuffer failed\n"); + DRM_UNLOCK(); + vsunlock(cmdbuf.buf, cmdbuf.sz); + vsunlock(cmdbuf.cliprects, cliplen); + DRM_LOCK(); + return (ret); } =20 static int i915_do_cleanup_pageflip(drm_device_t * dev) --uQTKok2xqDOM7hgb Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFGnEQtC3+MBN1Mb4gRAgP3AJ44WNZjEAm0HhdaQ87rxhMB5qoIwQCeMxjM UHRwvAowqdZRxkCCRBIoc/8= =g1fi -----END PGP SIGNATURE----- --uQTKok2xqDOM7hgb--