From mboxrd@z Thu Jan  1 00:00:00 1970
From: =?ISO-8859-1?Q?Thomas_Hellstr=F6m?= <thellstrom@vmware.com>
Subject: Re: Breakage in "track dev_mapping in more robust and flexible way"
Date: Thu, 25 Oct 2012 17:10:42 +0200
Message-ID: <50895672.7070706@vmware.com>
References: <50894671.2070803@vmware.com> <20121025144136.GB2062@gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Content-Transfer-Encoding: 7bit
Return-path: <dri-devel-bounces+sf-dri-devel=m.gmane.org@lists.freedesktop.org>
Received: from smtp-outbound-2.vmware.com (smtp-outbound-2.vmware.com
	[208.91.2.13])
	by gabe.freedesktop.org (Postfix) with ESMTP id 0A8ADA09E6
	for <dri-devel@lists.freedesktop.org>;
	Thu, 25 Oct 2012 08:10:42 -0700 (PDT)
In-Reply-To: <20121025144136.GB2062@gmail.com>
List-Unsubscribe: <http://lists.freedesktop.org/mailman/options/dri-devel>,
	<mailto:dri-devel-request@lists.freedesktop.org?subject=unsubscribe>
List-Archive: <http://lists.freedesktop.org/archives/dri-devel>
List-Post: <mailto:dri-devel@lists.freedesktop.org>
List-Help: <mailto:dri-devel-request@lists.freedesktop.org?subject=help>
List-Subscribe: <http://lists.freedesktop.org/mailman/listinfo/dri-devel>,
	<mailto:dri-devel-request@lists.freedesktop.org?subject=subscribe>
Sender: dri-devel-bounces+sf-dri-devel=m.gmane.org@lists.freedesktop.org
Errors-To: dri-devel-bounces+sf-dri-devel=m.gmane.org@lists.freedesktop.org
To: Jerome Glisse <j.glisse@gmail.com>
Cc: Dave Airlie <airlied@redhat.com>, linux-graphics-maintainer@vmware.com, "dri-devel@lists.freedesktop.org" <dri-devel@lists.freedesktop.org>
List-Id: dri-devel@lists.freedesktop.org

On 10/25/12 4:41 PM, Jerome Glisse wrote:
> On Thu, Oct 25, 2012 at 04:02:25PM +0200, Thomas Hellstrom wrote:
>> Hi,
>>
>> This commit
>>
>>  From 949c4a34afacfe800fc442afac117aba15284962 Mon Sep 17 00:00:00 2001
>> From: Ilija Hadzic <ihadzic@research.bell-labs.com>
>> Date: Tue, 15 May 2012 16:40:10 -0400
>> Subject: [PATCH] drm: track dev_mapping in more robust and flexible way
>>
>> Setting dev_mapping (pointer to the address_space structure
>> used for memory mappings) to the address_space of the first
>> opener's inode and then failing if other openers come in
>> through a different inode has a few restrictions that are
>> eliminated by this patch.
>>
>> If we already have valid dev_mapping and we spot an opener
>> with different i_node, we force its i_mapping pointer to the
>> already established address_space structure (first opener's
>> inode). This will make all mappings from drm device hang off
>> the same address_space object.
>> ...
>>
>> Breaks drivers using TTM, since when the X server calls into the
>> driver open, drm's dev_mapping has not
>> yet been setup. The setup needs to be moved before the driver's open
>> hook is called.
>>
>> Typically, if a TTM-aware driver is provoked by the Xorg server to
>> move a buffer from system to VRAM or AGP,
>> before any other drm client is started, The user-space page table
>> entries are not killed before the move, and left pointing
>> into freed pages, causing system crashes and / or user-space access
>> to arbitrary memory.
> Doesn't handle move invalidate the drm file mapping before scheduling
> the move ?
Yes, but to do that it needs a correct value of bdev::dev_mapping, which 
is now incorrectly set on the
*second* open instead of the first open.

/Thomas


> Cheers,
> Jerome