[008/197] drm: Return ENODEV if the inode mapping changes
From: Greg KH
Date: Thu Apr 22 2010 - 16:48:35 EST
2.6.32-stable review patch. If anyone has any objections, please let us know.
------------------
From: Chris Wilson <chris@xxxxxxxxxxxxxxxxxx>
commit da58405860b992d2bb21ebae5d685fe3204dd3f0 upstream.
Replace a BUG_ON with an error code in the event that the inode mapping
changes between calls to drm_open. This may happen for instance if udev
is loaded subsequent to the original opening of the device:
[ 644.291870] kernel BUG at drivers/gpu/drm/drm_fops.c:146!
[ 644.291876] invalid opcode: 0000 [#1] SMP
[ 644.291882] last sysfs file: /sys/kernel/uevent_seqnum
[ 644.291888]
[ 644.291895] Pid: 7276, comm: lt-cairo-test-s Not tainted 2.6.34-rc1 #2 N150/N210/N220 /N150/N210/N220
[ 644.291903] EIP: 0060:[<c11c70e3>] EFLAGS: 00210283 CPU: 0
[ 644.291912] EIP is at drm_open+0x4b1/0x4e2
[ 644.291918] EAX: f72d8d18 EBX: f790a400 ECX: f73176b8 EDX: 00000000
[ 644.291923] ESI: f790a414 EDI: f790a414 EBP: f647ae20 ESP: f647adfc
[ 644.291929] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
[ 644.291937] Process lt-cairo-test-s (pid: 7276, ti=f647a000 task=f73f5c80 task.ti=f647a000)
[ 644.291941] Stack:
[ 644.291945] 00000000 f7bb7400 00000080 f6451100 f73176b8 f6479214 f6451100 f73176b8
[ 644.291957] <0> c1297ce0 f647ae34 c11c6c04 f73176b8 f7949800 00000000 f647ae54 c1080ac5
[ 644.291969] <0> f7949800 f6451100 00000000 f6451100 f73176b8 f6452780 f647ae70 c107d1e6
[ 644.291982] Call Trace:
[ 644.291991] [<c11c6c04>] ? drm_stub_open+0x8a/0xb8
[ 644.292000] [<c1080ac5>] ? chrdev_open+0xef/0x106
[ 644.292008] [<c107d1e6>] ? __dentry_open+0xd4/0x1a6
[ 644.292015] [<c107d35b>] ? nameidata_to_filp+0x31/0x45
[ 644.292022] [<c10809d6>] ? chrdev_open+0x0/0x106
[ 644.292030] [<c10864e2>] ? do_last+0x346/0x423
[ 644.292037] [<c108789f>] ? do_filp_open+0x190/0x415
[ 644.292046] [<c1071eb5>] ? handle_mm_fault+0x214/0x710
[ 644.292053] [<c107d008>] ? do_sys_open+0x4d/0xe9
[ 644.292061] [<c1016462>] ? do_page_fault+0x211/0x23f
[ 644.292068] [<c107d0f0>] ? sys_open+0x23/0x2b
[ 644.292075] [<c1002650>] ? sysenter_do_call+0x12/0x26
[ 644.292079] Code: 89 f0 89 55 dc e8 8d 96 0a 00 8b 45 e0 8b 55 dc 83 78 04 01 75 28 8b 83 18 02 00 00 85 c0 74 0f 8b 4d ec 3b 81 ac 00 00 00 74 13 <0f> 0b eb fe 8b 4d ec 8b 81 ac 00 00 00 89 83 18 02 00 00 89 f0
[ 644.292143] EIP: [<c11c70e3>] drm_open+0x4b1/0x4e2 SS:ESP 0068:f647adfc
[ 644.292175] ---[ end trace 2ddd476af89a60fa ]---
Signed-off-by: Chris Wilson <chris@xxxxxxxxxxxxxxxxxx>
Signed-off-by: Dave Airlie <airlied@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxx>
--- a/drivers/gpu/drm/drm_fops.c
+++ b/drivers/gpu/drm/drm_fops.c
@@ -140,14 +140,16 @@ int drm_open(struct inode *inode, struct file *filp)
spin_unlock(&dev->count_lock);
}
out:
- mutex_lock(&dev->struct_mutex);
- if (minor->type == DRM_MINOR_LEGACY) {
- BUG_ON((dev->dev_mapping != NULL) &&
- (dev->dev_mapping != inode->i_mapping));
- if (dev->dev_mapping == NULL)
- dev->dev_mapping = inode->i_mapping;
+ if (!retcode) {
+ mutex_lock(&dev->struct_mutex);
+ if (minor->type == DRM_MINOR_LEGACY) {
+ if (dev->dev_mapping == NULL)
+ dev->dev_mapping = inode->i_mapping;
+ else if (dev->dev_mapping != inode->i_mapping)
+ retcode = -ENODEV;
+ }
+ mutex_unlock(&dev->struct_mutex);
}
- mutex_unlock(&dev->struct_mutex);
return retcode;
}
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/