On 15.01.2015 12:53, Federico wrote: > How about this? It seems at least related. > > https://github.com/alterapraxisptyltd/openatom/issues/1 > > Quote: > [linux] Infinite loop in pci_get_rom_size() > > This is one of those issues that you find when putting supposedly stable > code through unusual situations. I did expect any function in linux that > is not part of radeon.ko to not be rock solid. Turns out that's not > really the case. > > If we have a PCIR structure with a zero size length, the loop iterating > through those structure does not advance. It simply does "image += > readw(pds + 16) * 512;", but if that field is zero we're back analyzing > the same structure on the next loop. The way to get out of this loop is > to set bit 7 of the type field. That's what 'last_image' does. If that > bit is not set, with the above, that's an infinite loop. > > Luckily, it doesn't crash the kernel, but it hangs any driver that calls > the function under said circumstances. No more modprobe -r or unbinding. > Reboot is needed. No idea why a firmware blob here is treated as trusted > input.
That could indeed explain it, does the attached patch help? -- Earthling Michel Dänzer | http://www.amd.com Libre software enthusiast | Mesa and X developer -------------- next part -------------- A non-text attachment was scrubbed... Name: pci_get_rom_size.diff Type: text/x-patch Size: 845 bytes Desc: not available URL: <http://lists.freedesktop.org/archives/dri-devel/attachments/20150115/ea8153f7/attachment.bin>
