7fa0cba2b2
When "buffer in list" check does not pass, don't free validation lists - they were not initialized yet. Fixes this oops: [drm] nouveau 0000:02:00.0: push 105 buffer not in list BUG: unable to handle kernel NULL pointer dereference at 000000000000057c IP: [<ffffffff81236aa4>] do_raw_spin_lock+0x14/0x13c PGD 1ac6cb067 PUD 1aaa52067 PMD 0 CPU 0 Modules linked in: nouveau ttm drm_kms_helper snd_hda_codec_realtek snd_hda_intel snd_hda_codec Pid: 6265, comm: OilRush_x86 Not tainted 2.6.38-rc6-nv+ #632 System manufacturer System Product Name/P6T SE RIP: 0010:[<ffffffff81236aa4>] [<ffffffff81236aa4>] do_raw_spin_lock+0x14/0x13c (...) Process OilRush_x86 (pid: 6265, threadinfo ffff8801a6aee000, task ffff8801a26c0000) 0000000000000000 ffff8801ac74c618 0000000000000000 0000000000000578 0000000000000000 ffff8801ac74c618 0000000000000000 ffff8801bd9d0000 [<ffffffff81417f78>] _raw_spin_lock+0x1e/0x22 [<ffffffffa00a2746>] nouveau_bo_fence+0x2e/0x60 [nouveau] [<ffffffffa00a540b>] validate_fini_list+0x35/0xeb [nouveau] [<ffffffffa00a54d3>] validate_fini+0x12/0x31 [nouveau] [<ffffffffa00a6386>] nouveau_gem_ioctl_pushbuf+0xe94/0xf6b [nouveau] [<ffffffff8141ac56>] ? sub_preempt_count+0x9e/0xb2 [<ffffffff81417e94>] ? _raw_spin_unlock_irqrestore+0x30/0x4d [<ffffffff8105dea2>] ? __wake_up+0x3f/0x48 [<ffffffff812aebb4>] drm_ioctl+0x289/0x361 [<ffffffff8141ac56>] ? sub_preempt_count+0x9e/0xb2 [<ffffffffa00a54f2>] ? nouveau_gem_ioctl_pushbuf+0x0/0xf6b [nouveau] [<ffffffff8141ac56>] ? sub_preempt_count+0x9e/0xb2 [<ffffffffa010caa2>] nouveau_compat_ioctl+0x16/0x1c [nouveau] [<ffffffff81142c0d>] compat_sys_ioctl+0x1c8/0x12d7 [<ffffffff814179ca>] ? trace_hardirqs_off_thunk+0x3a/0x6c [<ffffffff81058099>] sysenter_dispatch+0x7/0x30 [<ffffffff8141798e>] ? trace_hardirqs_on_thunk+0x3a/0x3c RIP [<ffffffff81236aa4>] do_raw_spin_lock+0x14/0x13c RSP <ffff8801a6aefb88> ---[ end trace 0014d5d93e6147e1 ]--- Additionally, don't call validate_fini twice in case of validation failure. Signed-off-by: Marcin Slusarz <marcin.slusarz@gmail.com> Signed-off-by: Maarten Maathuis <madman2003@gmail.com> Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
************************************************************
* For the very latest on DRI development, please see: *
* http://dri.freedesktop.org/ *
************************************************************
The Direct Rendering Manager (drm) is a device-independent kernel-level
device driver that provides support for the XFree86 Direct Rendering
Infrastructure (DRI).
The DRM supports the Direct Rendering Infrastructure (DRI) in four major
ways:
1. The DRM provides synchronized access to the graphics hardware via
the use of an optimized two-tiered lock.
2. The DRM enforces the DRI security policy for access to the graphics
hardware by only allowing authenticated X11 clients access to
restricted regions of memory.
3. The DRM provides a generic DMA engine, complete with multiple
queues and the ability to detect the need for an OpenGL context
switch.
4. The DRM is extensible via the use of small device-specific modules
that rely extensively on the API exported by the DRM module.
Documentation on the DRI is available from:
http://dri.freedesktop.org/wiki/Documentation
http://sourceforge.net/project/showfiles.php?group_id=387
http://dri.sourceforge.net/doc/
For specific information about kernel-level support, see:
The Direct Rendering Manager, Kernel Support for the Direct Rendering
Infrastructure
http://dri.sourceforge.net/doc/drm_low_level.html
Hardware Locking for the Direct Rendering Infrastructure
http://dri.sourceforge.net/doc/hardware_locking_low_level.html
A Security Analysis of the Direct Rendering Infrastructure
http://dri.sourceforge.net/doc/security_low_level.html