[PATCH 1/2] drm/udl: fix a NULL pointer reference in udl_gem_free_object().
Daniel Vetter
daniel at ffwll.ch
Wed Aug 31 21:05:15 UTC 2016
On Wed, Aug 31, 2016 at 10:45 PM, Haixia Shi <hshi at chromium.org> wrote:
> For details see https://bugs.chromium.org/p/chromium/issues/detail?id=468050
>
> So drm_mode_config_cleanup() is called from udl_driver_unload() in
> which we found there's still a framebuffer left, hence the WARN in
> drm_crtc.c:5495. This also forcefully releases all the buffers.
>
> A bit later the actual drm_buf_release comes in which attempts to
> release the buffer again.
Leaving a drm_framebuffer behind on unload is definitely a bug, but
not fixed with this patch here I think.
The dma-buf lifetime issue is far worse, since we simply don't
handling those leaking past the lifetime of the exporting drm_device
at all. The dma-buf has references to a lot more than just the vma
manager. What we probably need is that every exported dma-buf holds a
ref on the underlying drm_device, but that means untangling the
refcounting&cleanup of that vs unplugging it.
-Daniel
--
Daniel Vetter
Software Engineer, Intel Corporation
+41 (0) 79 365 57 48 - http://blog.ffwll.ch
More information about the dri-devel
mailing list