Hi,
On Sat, Mar 09, 2013 at 08:44:31PM +0200, Aaro Koskinen wrote:
> There's nouveau crash during boot with 3.9-rc1 on iMac G5 (nVidia GeForce
> FX 5200 Ultra). This happens also with current mainline kernel HEAD
> (0aefda3e8188ad71168bd32152d41b3d72f04087).
>
> git bisect tells the first bad commit is
> 1d7c71a3e2f77336df536855b0efd2dc5bdeb41b (drm/nouveau/disp: port vblank
> handling to event interface).
>
> The crash is (manually copied from screen):
>
> [...]
>
> Unable to handle kernel paging request for data at address 0x100000000
>
> call trace:
> nouveau_event_trigger
The cause is event handling linked lists getting corrupted.
I'm not sure how that code is intented to work, but with the below HACK
I can at least boot the iMac without crashing, and get a working display:
diff --git a/drivers/gpu/drm/nouveau/core/core/event.c
b/drivers/gpu/drm/nouveau/core/core/event.c
index 6d01e0f..ab8d6c7 100644
--- a/drivers/gpu/drm/nouveau/core/core/event.c
+++ b/drivers/gpu/drm/nouveau/core/core/event.c
@@ -29,7 +29,7 @@ nouveau_event_put_locked(struct nouveau_event *event, int
index,
{
if (!--event->index[index].refs)
event->disable(event, index);
- list_del(&handler->head);
+ list_del(&handler->heads[index]);
}
void
@@ -39,7 +39,7 @@ nouveau_event_put(struct nouveau_event *event, int index,
unsigned long flags;
spin_lock_irqsave(&event->lock, flags);
- if (index < event->index_nr)
+ if (index < ARRAY_SIZE(handler->heads) && index < event->index_nr)
nouveau_event_put_locked(event, index, handler);
spin_unlock_irqrestore(&event->lock, flags);
}
@@ -51,8 +51,8 @@ nouveau_event_get(struct nouveau_event *event, int index,
unsigned long flags;
spin_lock_irqsave(&event->lock, flags);
- if (index < event->index_nr) {
- list_add(&handler->head, &event->index[index].list);
+ if (index < ARRAY_SIZE(handler->heads) && index < event->index_nr) {
+ list_add(&handler->heads[index], &event->index[index].list);
if (!event->index[index].refs++)
event->enable(event, index);
}
@@ -69,7 +69,7 @@ nouveau_event_trigger(struct nouveau_event *event, int index)
return;
spin_lock_irqsave(&event->lock, flags);
- list_for_each_entry_safe(handler, temp, &event->index[index].list,
head) {
+ list_for_each_entry_safe(handler, temp, &event->index[index].list,
heads[index]) {
if (handler->func(handler, index) == NVKM_EVENT_DROP) {
nouveau_event_put_locked(event, index, handler);
}
diff --git a/drivers/gpu/drm/nouveau/core/include/core/event.h
b/drivers/gpu/drm/nouveau/core/include/core/event.h
index 9e09440..ba52172 100644
--- a/drivers/gpu/drm/nouveau/core/include/core/event.h
+++ b/drivers/gpu/drm/nouveau/core/include/core/event.h
@@ -6,7 +6,7 @@
#define NVKM_EVENT_KEEP 1
struct nouveau_eventh {
- struct list_head head;
+ struct list_head heads[2];
int (*func)(struct nouveau_eventh *, int index);
};
A.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
