| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 09 Nov 2016 09:01:57 +0100
From: Gerd Hoffmann <kraxel@...hat.com>
To: "Michael S. Tsirkin" <mst@...hat.com>
Cc: Jiri Slaby <jslaby@...e.cz>,
virtualization@...ts.linux-foundation.org,
Linux kernel mailing list <linux-kernel@...r.kernel.org>,
David Airlie <airlied@...ux.ie>,
dri-devel@...ts.freedesktop.org
Subject: Re: BUG: 'list_empty(&vgdev->free_vbufs)' is true!
On Di, 2016-11-08 at 22:37 +0200, Michael S. Tsirkin wrote:
> On Mon, Nov 07, 2016 at 09:43:24AM +0100, Jiri Slaby wrote:
> > Hi,
> >
> > I can relatively easily reproduce this bug:
How?
> > BUG: 'list_empty(&vgdev->free_vbufs)' is true!
> The following might be helpful for debugging - if kernel still will
> not stop panicing, we are looking at some kind
> of memory corruption.
Looking carefully through the code I think it isn't impossible to
trigger this, but you need for that:
(1) command queue full (quite possible),
(2) cursor queue full too (unlikely), and
(3) multiple threads trying to submit commands and waiting for free
space in the command queue (possible with virgl enabled).
Do things improve if you allocate some extra bufs?
int virtio_gpu_alloc_vbufs(struct virtio_gpu_device *vgdev)
{
struct virtio_gpu_vbuffer *vbuf;
- int i, size, count = 0;
+ int i, size, count = 16;
void *ptr;
INIT_LIST_HEAD(&vgdev->free_vbufs);
Memory corruption sounds plausible too.
Redirect console to ttyS0 for trouble-shooting, trying to dump the oops
to the display device which triggered the oops in the first place isn't
going to work very well ...
cheers,
Gerd
Powered by blists - more mailing lists