Xorg sometimes mmaps 0xa0000-0xc0000 from a /proc PCI device file such as /proc/bus/pci/0001:1d/05.0. This happens in the xf86MapDomainMemory() -> linuxMapPci() path. This mmap can fail, which causes linuxMapPci() to return NULL, but xf86MapDomainMemory() doesn't check the return code. This leads to a SIGSEGV crash later on. CONFIGURATION I saw the SIGSEGV on an HP rx8640 (ia64) box running SLES10. The system includes cells 1 and 3, with a VGA card installed but the firmware "acpiconfig" switch set to "default". DETAILS The chipset routes the 0xa0000-0xc0000 region to system memory, not to the VGA card. Because the range is memory, the kernel maps it with a write-back mapping. A Linux defect (https://bugzilla.novell.com/show_bug.cgi?id=208325) allows Xorg to map the 0xa0000-0xc0000 region with an uncacheable mapping. The chipset in the HP rx8640 doesn't support uncacheable access to memory, so it causes an MCA when Xorg touches it. The Novell bugzilla above has a patch that causes the Xorg mmap to fail instead of creating an uncacheable mapping. That prevents the MCA, but Xorg still crashes with a SIGSEGV because it isn't checking the mmap return code. I'll attach an Xorg patch to make it check the return code.
Created attachment 7799 [details] [review] check mmap return code
Obviously correct - committed. Thanks
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.