https://bugzilla.novell.com/show_bug.cgi?id=844177 https://bugzilla.novell.com/show_bug.cgi?id=844177#c1 Jeff Mahoney <jeffm@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED AssignedTo|kernel-maintainers@forge.pr |jeffm@suse.com |ovo.novell.com | --- Comment #1 from Jeff Mahoney <jeffm@suse.com> 2013-10-22 15:22:09 EDT --- Created an attachment (id=564471) --> (http://bugzilla.novell.com/attachment.cgi?id=564471) [PATCH] nouveau: Fix race with fence signaling There exists a tight race between the call to nouveau_fence_done from nouveau_fence_wait and the call to nouveau_fence_wait_uevent. nouveau_fence_done checks to see if fence->channel is NULL before calling nouveau_fence_wait_uevent, but it's not good enough since the dereference in nouveau_fence_wait_uevent is done outside the lock. Another thread may have signaled the fence in that tight window and then we Oops while dereferencing fence->channel->drm at the beginning of nouveau_fence_wait_uevent. The good news is that nouveau_fence_wait_uevent only uses fence->channel directly to grab the chan->drm pointer. If we pass that in directly as a known good pointer, we can avoid the race. Passing the nouveau_fence_done check in the caller ensures that the pointer is valid. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.