Bug 21060 - Crash in drm_intel_gem_bo_start_gtt_access with XV if DRI disabled
Summary: Crash in drm_intel_gem_bo_start_gtt_access with XV if DRI disabled
Status: RESOLVED FIXED
Alias: None
Product: xorg
Classification: Unclassified
Component: Driver/intel (show other bugs)
Version: unspecified
Hardware: x86-64 (AMD64) Linux (All)
: medium normal
Assignee: Eric Anholt
QA Contact: Xorg Project Team
URL:
Whiteboard:
Keywords: patch
: 21326 (view as bug list)
Depends on:
Blocks:
 
Reported: 2009-04-05 07:58 UTC by Albert Damen
Modified: 2009-04-21 18:00 UTC (History)
2 users (show)

See Also:
i915 platform:
i915 features:


Attachments
xorg.conf (1010 bytes, text/plain)
2009-04-05 07:59 UTC, Albert Damen
no flags Details
Full backtrace (2.93 KB, text/plain)
2009-04-05 07:59 UTC, Albert Damen
no flags Details
Proposed fix (898 bytes, patch)
2009-04-05 08:05 UTC, Albert Damen
no flags Details | Splinter Review

Note You need to log in before you can comment on or make changes to this bug.
Description Albert Damen 2009-04-05 07:58:25 UTC
This bug was originally reported at https://bugs.launchpad.net/ubuntu/jaunty/+source/xserver-xorg-video-intel/+bug/354688

xf86-video-intel 2.6.3

X crashed while trying to launch a just-downloaded mp3 file using totem.

The crash only occurred with virtual display set to >2048 width. Without the virtual display setting, the crash did not occur.

The first time I try to run totem, it errors out with this message:

The program 'totem' received an X Window System error.
This probably reflects a bug in the program.
The error was 'BadAlloc (insufficient resources for operation)'.
  (Details: serial 76 error_code 11 request_code 132 minor_code 19)
  (Note to programmers: normally, X errors are reported asynchronously;
   that is, you will receive the error a while after causing it.
   To debug your program, run it with the --sync command line
   option to change this behavior. You can then get a meaningful
   backtrace from your debugger if you break on the gdk_x_error() function.)

There is a corresponding error in Xorg.0.log:

(EE) intel(0): Failed to pin xv buffer

And then the second totem invocation will crash X.

Xorg.0.log also contains the error:
(EE) intel(0): Cannot support DRI with frame buffer width > 2048
Comment 1 Albert Damen 2009-04-05 07:59:18 UTC
Created attachment 24573 [details]
xorg.conf
Comment 2 Albert Damen 2009-04-05 07:59:52 UTC
Created attachment 24574 [details]
Full backtrace
Comment 3 Albert Damen 2009-04-05 08:02:26 UTC
The problem is in xxv-intel, src/i830_video.c
In I830PutImage:
    if (pPriv->buf == NULL) {
        pPriv->buf = drm_intel_bo_alloc(pI830->bufmgr,
                                        "xv buffer", alloc_size, 4096);
        if (pPriv->buf == NULL)
            return BadAlloc;
        if (!pPriv->textured && drm_intel_bo_pin(pPriv->buf, 4096) != 0) {
            drm_intel_bo_unreference(pPriv->buf);
            xf86DrvMsg(pScrn->scrnIndex, X_ERROR,
                       "Failed to pin xv buffer\n");
            return BadAlloc;
        }
    }

The first time totem is run, pPriv->buf is NULL, a buffer is allocated and, given the failed to pin error message, pPriv->buf is now not NULL. drm_intel_bo_unreference frees the buffer, but does not set pPriv->buf back to NULL.
Therefore, next time totem is run, -intel will think we have a valid xv buffer and crash.

Attached patch solves the problem and makes totem return the BadAlloc error message every time. X no longer crashes.
Comment 4 Albert Damen 2009-04-05 08:05:14 UTC
Created attachment 24575 [details] [review]
Proposed fix
Comment 5 Gordon Jin 2009-04-06 04:13:18 UTC
Setting virtual >2048 on 945 results in DRI disabled.
Comment 6 Bryce Harrington 2009-04-06 17:30:05 UTC
I've pulled albert's patch in for Ubuntu Jaunty, after jbarnes took a quick look and gave a thumbs up.  Would be most comfortable in that choice if this patch made it into the upstream tree as well.
Comment 7 Eric Anholt 2009-04-21 16:54:27 UTC
pushed.
Comment 8 Gordon Jin 2009-04-21 18:00:15 UTC
*** Bug 21326 has been marked as a duplicate of this bug. ***


Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.