From mboxrd@z Thu Jan 1 00:00:00 1970 From: bugzilla-daemon-CC+yJ3UmIYqDUpFQwHEjaQ@public.gmane.org Subject: [Bug 75279] XCloseDisplay() takes one minute around nouveau_dri.so, freezing Firefox startup Date: Wed, 05 Mar 2014 20:41:24 +0000 Message-ID: References: Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0224511245==" Return-path: In-Reply-To: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: nouveau-bounces-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW@public.gmane.org Errors-To: nouveau-bounces-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW@public.gmane.org To: nouveau-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW@public.gmane.org List-Id: nouveau.vger.kernel.org --===============0224511245== Content-Type: multipart/alternative; boundary="1394052084.daDc2.26424"; charset="us-ascii" --1394052084.daDc2.26424 Date: Wed, 5 Mar 2014 20:41:24 +0000 MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" https://bugs.freedesktop.org/show_bug.cgi?id=75279 --- Comment #34 from Benoit Jacob --- Also, here's the story of how that caused Firefox to keep spinning here. The mozilla change that made this bug noticeable (by having Firefox stuck for a minute there) was https://bugzilla.mozilla.org/show_bug.cgi?id=860254 . Before that, this use-after-free read was being lucky enough to read the data that was still present in memory even after the free(), so fence->state still had the expected value; but after that mozilla-side change, our memory allocator started immediately poisoning free'd memory, so fence->state had a totally wrong value, causing this loop here to spin indefinitely. -- You are receiving this mail because: You are the assignee for the bug. --1394052084.daDc2.26424 Date: Wed, 5 Mar 2014 20:41:24 +0000 MIME-Version: 1.0 Content-Type: text/html; charset="UTF-8"

Comment # 34 on bug 75279 from 
Also, here's the story of how that caused Firefox to keep spinning here. The
mozilla change that made this bug noticeable (by having Firefox stuck for a
minute there) was https://bugzilla.mozilla.org/show_bug.cgi?id=860254 . Before
that, this use-after-free read was being lucky enough to read the data that was
still present in memory even after the free(), so fence->state still had the
expected value; but after that mozilla-side change, our memory allocator
started immediately poisoning free'd memory, so fence->state had a totally
wrong value, causing this loop here to spin indefinitely.

You are receiving this mail because:
  • You are the assignee for the bug.
--1394052084.daDc2.26424-- --===============0224511245== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Nouveau mailing list Nouveau-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW@public.gmane.org http://lists.freedesktop.org/mailman/listinfo/nouveau --===============0224511245==--