From mboxrd@z Thu Jan 1 00:00:00 1970 From: Matthew Bullock Subject: Broken locking in ttm_bo_swapout Date: Thu, 20 Jan 2011 10:53:16 -0800 Message-ID: <4D38849C.5020808@tadpole.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; Format="flowed" Content-Transfer-Encoding: 7bit Return-path: Received: from exprod8og103.obsmtp.com (exprod8og103.obsmtp.com [64.18.3.86]) by gabe.freedesktop.org (Postfix) with ESMTP id 1AD6B9E74C for ; Thu, 20 Jan 2011 11:10:23 -0800 (PST) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: dri-devel-bounces+sf-dri-devel=m.gmane.org@lists.freedesktop.org Errors-To: dri-devel-bounces+sf-dri-devel=m.gmane.org@lists.freedesktop.org To: dri-devel@lists.freedesktop.org List-Id: dri-devel@lists.freedesktop.org I have a fairly simple opengl application running on nouveau. It effectively just plots a couple of very large images that change regularly. I've been getting an easily repeatable failure, hitting the BUG_ON(in_interrupt) in vfree() that is called during ttm_shrink_work(). Obviously vfree() is being called with a lock held... Looking at the locking up through the stack trace, there's an obvious mistake: There should be a: spin_lock(&glob->lru_lock); before the continue in ttm_bo_swapout() in drivers/gpu/drm/ttm/ttm_bo.c --- ttm_bo.c~ 2011-01-05 00:50:19.000000000 +0000 +++ ttm_bo.c 2011-01-20 18:11:57.262813765 +0000 @@ -1761,6 +1761,7 @@ static int ttm_bo_swapout(struct ttm_mem spin_unlock(&glob->lru_lock); (void) ttm_bo_cleanup_refs(bo, false, false, false); kref_put(&bo->list_kref, ttm_bo_release_list); + spin_lock(&glob->lru_lock); continue; } That fixes the problem for me. Matthew