From: Herton Ronaldo Krzesinski <herton.krzesinski@canonical.com>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Andy Whitcroft <apw@canonical.com>, linux-kernel@vger.kernel.org
Subject: Re: Linux 2.6.38-rc6
Date: Thu, 24 Feb 2011 14:21:15 -0300 [thread overview]
Message-ID: <20110224172114.GC2630@herton-IdeaPad-Y430> (raw)
In-Reply-To: <AANLkTinzse1ZfEvAuWfuZ_8VDypcnD5poU6GwOdYTgWh@mail.gmail.com>
On Thu, Feb 24, 2011 at 08:37:11AM -0800, Linus Torvalds wrote:
> On Thu, Feb 24, 2011 at 5:20 AM, Anca Emanuel <anca.emanuel@gmail.com> wrote:
> >>
> >> Every boot?
> >
> > Yes.
> >
> >> And just out of interest, what happens if you don't have the vesafb
> >> driver at all?
> >
> > I used 'e' option from grub, removed the 'set gfxpayload = $linux_gfx_mode'
> > and it works.
> >
> > dmesg: http://pastebin.com/JAZsk4vD
>
> Hmm. So it definitely seems to be the hand-over.
>
> Does this patch make any difference? When we unregister the old
> framebuffer, we still leave it in the registered_fb[] array, which
> looks wrong. But it would also be interesting to hear if setting
> CONFIG_SLUB_DEBUG_ON or CONFIG_DEBUG_PAGEALLOC makes any difference
> (they'd help detect accesses to free'd data structures).
Hi Linus,
I opened a bug about this issue in January, while I was still working
with Mandriva and got a similar issue reported. Basically it's a race on
vesafb removal with i915 with modesetting enabled. And indeed you have
to use slub_debug to always reproduce it, sometimes the use after free
of struct fb_info not always trigers it. I posted a testcase and a
proposed patch at https://bugzilla.kernel.org/show_bug.cgi?id=26232
I remember to have posted here on LKML the patch too, but didn't got
answers to it.
Andy Whitcroft fixed it too with a similar patch,
http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-natty.git;a=commit;h=c5a742b5f78e161d6a13853a7e3e6e1dfa429e69
I CC'd Andy, the author of the patch, he will push his version, looks
more complete as it takes care of mm_lock in do_mmap too.
My bug report has also another test case and fix for a inverse locking
problem, it would be good to take a look too.
In any case, any of these problems are not recent regressions. The race
on framebuffer removal at least exists since unregister_framebuffer
started to be used to remove it while loading framebuffer from modesetting
drivers.
>
> Linus
> drivers/video/fbmem.c | 1 +
> 1 files changed, 1 insertions(+), 0 deletions(-)
>
> diff --git a/drivers/video/fbmem.c b/drivers/video/fbmem.c
> index e2bf953..e8f8925 100644
> --- a/drivers/video/fbmem.c
> +++ b/drivers/video/fbmem.c
> @@ -1511,6 +1511,7 @@ void remove_conflicting_framebuffers(struct apertures_struct *a,
> "%s vs %s - removing generic driver\n",
> name, registered_fb[i]->fix.id);
> unregister_framebuffer(registered_fb[i]);
> + registered_fb[i] = NULL;
> }
> }
> }
--
[]'s
Herton
next prev parent reply other threads:[~2011-02-24 17:21 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-02-22 1:44 Linux 2.6.38-rc6 Linus Torvalds
2011-02-22 14:03 ` Borislav Petkov
2011-02-22 14:50 ` Borislav Petkov
2011-02-22 15:22 ` Linus Torvalds
2011-02-23 5:42 ` Anca Emanuel
2011-02-23 6:14 ` Anca Emanuel
2011-02-23 16:32 ` Linus Torvalds
2011-02-23 16:32 ` Linus Torvalds
2011-02-23 17:16 ` Anca Emanuel
2011-02-23 17:16 ` Anca Emanuel
2011-02-24 0:28 ` Linus Torvalds
2011-02-24 0:28 ` Linus Torvalds
2011-02-24 0:43 ` Dave Airlie
2011-02-24 0:43 ` Dave Airlie
2011-02-24 13:20 ` Anca Emanuel
2011-02-24 13:20 ` Anca Emanuel
2011-02-24 16:37 ` Linus Torvalds
2011-02-24 16:37 ` Linus Torvalds
2011-02-24 17:21 ` Herton Ronaldo Krzesinski [this message]
2011-02-24 23:54 ` Herton Ronaldo Krzesinski
2011-02-25 0:48 ` Anca Emanuel
2011-02-25 0:48 ` Anca Emanuel
2011-02-25 0:48 ` Anca Emanuel
2011-02-25 0:54 ` Linus Torvalds
2011-02-25 0:54 ` Linus Torvalds
2011-02-25 1:14 ` Dave Airlie
2011-02-25 1:14 ` Dave Airlie
2011-02-25 1:47 ` Anca Emanuel
2011-02-25 1:47 ` Anca Emanuel
2011-02-25 1:56 ` Anca Emanuel
2011-02-25 1:56 ` Anca Emanuel
2011-02-25 14:49 ` Herton Ronaldo Krzesinski
2011-02-25 14:49 ` Herton Ronaldo Krzesinski
2011-03-22 8:36 ` Paul Mundt
2011-03-22 8:36 ` Paul Mundt
2011-02-23 9:43 ` Jeff Chua
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110224172114.GC2630@herton-IdeaPad-Y430 \
--to=herton.krzesinski@canonical.com \
--cc=apw@canonical.com \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.