amd64/132042: drm module crash the system when closing gnome
session
Robert Noland
rnoland at FreeBSD.org
Wed Feb 25 11:18:34 PST 2009
On Wed, 2009-02-25 at 19:14 +0100, Olivier Cochard-Labbé wrote:
> Dear FreeBSD kernel guru,
>
>
>
>
> This is drm specific and not amd64-specific.
>
> I know, but on the web page http://www.freebsd.org/send-pr.html, the
> category selection don't propose "drm".
> Then I choose the category related to the kernel that I'm using.
>
>
>
> Please go to frame 8 and 'p *m'. If the 'mtx_lock' member is
> 6, then the
> mutex is destroyed and it is a use-after-free bug in drm(4).
>
> (kgdb) frame 8
> #8 0xffffffff802d47aa in _mtx_lock_sleep (m=0xffffff000348a968,
> tid=18446742974229954560, opts=Variable "opts" is not available.
> ) at /usr/src/sys/kern/kern_mutex.c:339
> 339 owner = (struct thread *)(v & ~MTX_FLAGMASK);
> (kgdb) p *m
> $1 = {lock_object = {lo_name = 0xffffffffaf198e0f "DRM IRQ lock",
> lo_type = 0xffffffffaf198e0f "DRM IRQ lock", lo_flags = 16908288,
> lo_witness_data = {lod_list = {stqe_next = 0x0}, lod_witness =
> 0x0}},
> mtx_lock = 6, mtx_recurse = 0}
>
> The mtx_lock is 6, as you predicted.
>
> Regards,
>
> Olivier
>
> (reading gnu gdb documentation for understanding what "frame" and "p
> *m" mean)
I just committed several changes to the i915 drm driver in CURRENT. Not
the least of which is an overhaul of the irq handler. Can you see if
that addresses the issue?
robert.
--
Robert Noland <rnoland at FreeBSD.org>
FreeBSD
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: This is a digitally signed message part
Url : http://lists.freebsd.org/pipermail/freebsd-amd64/attachments/20090225/01cb0514/attachment.pgp
More information about the freebsd-amd64
mailing list