http://bugzilla.kernel.org/show_bug.cgi?id=12899
Summary: Crash in i915.ko: i915_driver_irq_handler
Product: Drivers
Version: 2.5
KernelVersion: 2.6.29-rc8
Platform: All
OS/Version: Linux
Tree: Mainline
Status: NEW
Severity: high
Priority: P1
Component: Video(DRI)
AssignedTo: [email protected]
ReportedBy: [email protected]
linux-2.6.29-rc8, no kernel modesetting, X server running with legacy DRI
I observe frequent kernel NULL pointer dereferences in i915_driver_irq_handler
while switching from a running X server back into the VGA text console. Machine
locks hard very shortly afterwards, so all backtraces via serial console are
truncated, the last messages are at best:
[drm:gm45_get_vblank_counter] *ERROR* trying to get vblank count for disabled
pipe 0
BUG: unable to handle kernel NULL pointer dereference at 00000084
IP: [<f90b736b>] i915_driver_irq_handler+0x135/0x1b7 [i915]
>From the disassembly I guess that the culprit is:
if (dev->primary->master) {
master_priv = dev->primary->master->driver_priv;
if (master_priv->sarea_priv)
master_priv->sarea_priv->last_dispatch =
READ_BREADCRUMB(dev_priv); <---- CRASH
}
and after applying the following small patch:
diff --git a/drivers/gpu/drm/i915/i915_irq.c b/drivers/gpu/drm/i915/i915_irq.c
index 87b6b60..d7fe821 100644
--- a/drivers/gpu/drm/i915/i915_irq.c
+++ b/drivers/gpu/drm/i915/i915_irq.c
@@ -249,7 +249,7 @@ irqreturn_t i915_driver_irq_handler(DRM_IRQ_ARGS)
if (dev->primary->master) {
master_priv = dev->primary->master->driver_priv;
- if (master_priv->sarea_priv)
+ if (master_priv->sarea_priv &&
dev_priv->hw_status_page)
master_priv->sarea_priv->last_dispatch =
READ_BREADCRUMB(dev_priv);
}
the problem goes away. The patch is most certainly *wrong*, but that it hides
the problem hints that there must somewhere be a race between clearing out
"->hw_status_page" and the interrupt handler. Someone with better understanding
of the driver should have a look.
--
Configure bugmail: http://bugzilla.kernel.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
------------------------------------------------------------------------------
Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are
powering Web 2.0 with engaging, cross-platform capabilities. Quickly and
easily build your RIAs with Flex Builder, the Eclipse(TM)based development
software that enables intelligent coding and step-through debugging.
Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com
--
_______________________________________________
Dri-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dri-devel
