drm/ttm - stabilizing pass, misc bug fixes
* hold the vblank_time_lock around mod_timer() calls in drm_vblank_put()
(in drm_irq.c). This should help protect against reentrancy races on
vblank_time_lock() which can result in a corrupted callout structure.
(possibly fixes crash).
* Add TTM_BO_PRIV_FLAG_ACTIVE to flag the implied reference on the
ttm_buffer_object (bo) structure instead of assuming that the implied
reference is always present in ttm_bo_release().
Only do final cleanup operations with the implied ref. This saves us
from ref/deref races which could result in multiple 1->0, 0->1 transitions
(might not be possible any more with the covering lock around
ttm_bo_release(), but do it anyway for safety).
(fixes crash).
* Unconditionally clear *bo in radeon_bo_unref().
* Unconditionally zero memory when allocating the bo in radeon_sa_bo_new()
to ensure that unused fields are zerod.
* For now, always use cpu 0 for the task queue. This fixes races/corruption
related to mycpuid changing and causing the wrong taskqueue_thread[] to
be specified vs prior calls. (fixes crash).
* Make sure *p_bo is NULL in ttm_bo_create() in the failure path.
* NULL out glob->dummy_read_page after freeing the page.
* Zero the temporary ttm_buffer_object in ttm_buffer_object_transfer()
to ensure that the last release does not double-free non-retained fields
(fixes double frees and related crashes).
* Make sure that *obj_res is NULL in ttm_bo_mmap_single() in the failure path.
* Fix spin-lock reversal in ttm_shrink() (fixes crash).
* Fix TTM memory initialization limits. Use the vm.dma_reserved count to
determine how much DMAable memory TTM can play with instead of assuming
4GB.
* Remove double-lock in ttm_release_base() (fixes deadlock).
* Protect the 1->0 transition on the ttm_base_object structure with its
lock to avoid races (fixes crash).
* Properly dispose of contig-allocated pages using vm_page_free_contig().
ttm_vm_page_free() was previously improperly using vm_page_free() which
has the effect of removing the page from the contig pool (fixes OOM).
* vm_page_grab() with VM_ALLOC_RETRY requires that VM_ALLOC_NORMAL also
be specified (fixes crash).
12 files changed: