Index: dev/drm/r300_cmdbuf.c
===================================================================
--- dev/drm/r300_cmdbuf.c	(revision 190987)
+++ dev/drm/r300_cmdbuf.c	(working copy)
@@ -1043,6 +1043,8 @@
 	int emit_dispatch_age = 0;
 	int ret = 0;
 
+	DRM_UNLOCK();
+
 	DRM_DEBUG("\n");
 
 	/* pacify */
@@ -1205,5 +1207,7 @@
 
 	COMMIT_RING();
 
+	DRM_LOCK();
+
 	return ret;
 }
Index: dev/drm/radeon_irq.c
===================================================================
--- dev/drm/radeon_irq.c	(revision 190987)
+++ dev/drm/radeon_irq.c	(working copy)
@@ -332,10 +332,13 @@
 
 	result = radeon_emit_irq(dev);
 
+	DRM_UNLOCK();
 	if (DRM_COPY_TO_USER(emit->irq_seq, &result, sizeof(int))) {
 		DRM_ERROR("copy_to_user\n");
+		DRM_LOCK();
 		return -EFAULT;
 	}
+	DRM_LOCK();
 
 	return 0;
 }
Index: dev/drm/radeon_mem.c
===================================================================
--- dev/drm/radeon_mem.c	(revision 190987)
+++ dev/drm/radeon_mem.c	(working copy)
@@ -246,11 +246,14 @@
 	if (!block)
 		return -ENOMEM;
 
+	DRM_UNLOCK();
 	if (DRM_COPY_TO_USER(alloc->region_offset, &block->start,
 			     sizeof(int))) {
 		DRM_ERROR("copy_to_user\n");
+		DRM_LOCK();
 		return -EFAULT;
 	}
+	DRM_LOCK();
 
 	return 0;
 }
Index: dev/drm/radeon_state.c
===================================================================
--- dev/drm/radeon_state.c	(revision 190987)
+++ dev/drm/radeon_state.c	(working copy)
@@ -1773,8 +1773,13 @@
 		}
 		if (!buf) {
 			DRM_DEBUG("EAGAIN\n");
-			if (DRM_COPY_TO_USER(tex->image, image, sizeof(*image)))
+			DRM_UNLOCK();
+			if (DRM_COPY_TO_USER(tex->image, image,
+			    sizeof(*image))) {
+				DRM_LOCK();
 				return -EFAULT;
+			}
+			DRM_LOCK();
 			return -EAGAIN;
 		}
 
@@ -1786,10 +1791,13 @@
 
 #define RADEON_COPY_MT(_buf, _data, _width) \
 	do { \
-		if (DRM_COPY_FROM_USER(_buf, _data, (_width))) {\
+		DRM_UNLOCK(); \
+		if (DRM_COPY_FROM_USER(_buf, _data, (_width))) { \
 			DRM_ERROR("EFAULT on pad, %d bytes\n", (_width)); \
+			DRM_LOCK(); \
 			return -EFAULT; \
 		} \
+		DRM_LOCK(); \
 	} while(0)
 
 		if (microtile) {
@@ -2130,9 +2138,13 @@
 	if (sarea_priv->nbox > RADEON_NR_SAREA_CLIPRECTS)
 		sarea_priv->nbox = RADEON_NR_SAREA_CLIPRECTS;
 
+	DRM_UNLOCK();
 	if (DRM_COPY_FROM_USER(&depth_boxes, clear->depth_boxes,
-			       sarea_priv->nbox * sizeof(depth_boxes[0])))
+			       sarea_priv->nbox * sizeof(depth_boxes[0]))) {
+		DRM_LOCK();
 		return -EFAULT;
+	}
+	DRM_LOCK();
 
 	radeon_cp_dispatch_clear(dev, clear, depth_boxes);
 
@@ -2391,10 +2403,13 @@
 		return -EINVAL;
 	}
 
-	if (DRM_COPY_FROM_USER(&image,
-			       (drm_radeon_tex_image_t __user *) tex->image,
-			       sizeof(image)))
-		return -EFAULT;
+	DRM_UNLOCK();
+	ret = -DRM_COPY_FROM_USER(&image,
+	    (drm_radeon_tex_image_t __user *) tex->image,
+	    sizeof(image));
+	DRM_LOCK();
+	if (ret)
+		return ret;
 
 	RING_SPACE_TEST_WITH_RETURN(dev_priv);
 	VB_AGE_TEST_WITH_RETURN(dev_priv);
@@ -2412,8 +2427,12 @@
 
 	LOCK_TEST_WITH_RETURN(dev, file_priv);
 
-	if (DRM_COPY_FROM_USER(&mask, stipple->mask, 32 * sizeof(u32)))
+	DRM_UNLOCK();
+	if (DRM_COPY_FROM_USER(&mask, stipple->mask, 32 * sizeof(u32))) {
+		DRM_LOCK();
 		return -EFAULT;
+	}
+	DRM_LOCK();
 
 	RING_SPACE_TEST_WITH_RETURN(dev_priv);
 
@@ -2540,16 +2559,24 @@
 		drm_radeon_prim_t prim;
 		drm_radeon_tcl_prim_t tclprim;
 
-		if (DRM_COPY_FROM_USER(&prim, &vertex->prim[i], sizeof(prim)))
+		DRM_UNLOCK();
+		if (DRM_COPY_FROM_USER(&prim, &vertex->prim[i], sizeof(prim))) {
+			DRM_LOCK();
 			return -EFAULT;
+		}
+		DRM_LOCK();
 
 		if (prim.stateidx != laststate) {
 			drm_radeon_state_t state;
 
+			DRM_UNLOCK();
 			if (DRM_COPY_FROM_USER(&state,
 					       &vertex->state[prim.stateidx],
-					       sizeof(state)))
+					       sizeof(state))) {
+				DRM_LOCK();
 				return -EFAULT;
+			}
+			DRM_LOCK();
 
 			if (radeon_emit_state2(dev_priv, file_priv, &state)) {
 				DRM_ERROR("radeon_emit_state2 failed\n");
@@ -2766,8 +2793,12 @@
 
 	do {
 		if (i < cmdbuf->nbox) {
-			if (DRM_COPY_FROM_USER(&box, &boxes[i], sizeof(box)))
+			DRM_UNLOCK();
+			if (DRM_COPY_FROM_USER(&box, &boxes[i], sizeof(box))) {
+				DRM_LOCK();
 				return -EFAULT;
+			}
+			DRM_LOCK();
 			/* FIXME The second and subsequent times round
 			 * this loop, send a WAIT_UNTIL_3D_IDLE before
 			 * calling emit_clip_rect(). This fixes a
@@ -2860,11 +2891,14 @@
 		kbuf = drm_alloc(cmdbuf->bufsz, DRM_MEM_DRIVER);
 		if (kbuf == NULL)
 			return -ENOMEM;
+		DRM_UNLOCK();
 		if (DRM_COPY_FROM_USER(kbuf, (void __user *)cmdbuf->buf,
 				       cmdbuf->bufsz)) {
+			DRM_LOCK();
 			drm_free(kbuf, orig_bufsz, DRM_MEM_DRIVER);
 			return -EFAULT;
 		}
+		DRM_LOCK();
 		cmdbuf->buf = kbuf;
 	}
 
@@ -3077,10 +3111,13 @@
 		return -EINVAL;
 	}
 
+	DRM_UNLOCK();
 	if (DRM_COPY_TO_USER(param->value, &value, sizeof(int))) {
 		DRM_ERROR("copy_to_user\n");
+		DRM_LOCK();
 		return -EFAULT;
 	}
+	DRM_LOCK();
 
 	return 0;
 }