[PATCH 1/5] drm/udl: Clear BO vmapping pointer after unmapping BO memory
Daniel Vetter
daniel at ffwll.ch
Fri Oct 25 07:39:15 UTC 2019
On Thu, Oct 24, 2019 at 04:42:33PM +0200, Thomas Zimmermann wrote:
> Unmapping the BO memory with udl_gem_vunmap() creates a dangling pointer
> in struct udl_gem_object.vmapping. This can crash udl_handle_damage(),
> which check the pointer's value for NULL. Clear the pointer to NULL and
> let udl_handle_damage() re-establish the mapping if necessary.
>
> Signed-off-by: Thomas Zimmermann <tzimmermann at suse.de>
Hm right now this is not a problem, becase we remove the vmapping only
when we free the underlying object. If that changes somehow, then what we
actually need is to start refcount the vmapping (and drop the trick in
udl_handle_damage and unconditionally vmap/vunmap). Might be easier to
just cut over to shmem helpers.
-Daniel
> ---
> drivers/gpu/drm/udl/udl_gem.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/drivers/gpu/drm/udl/udl_gem.c b/drivers/gpu/drm/udl/udl_gem.c
> index b23a5c2fcd80..3ea0cd9ae2d6 100644
> --- a/drivers/gpu/drm/udl/udl_gem.c
> +++ b/drivers/gpu/drm/udl/udl_gem.c
> @@ -174,6 +174,7 @@ void udl_gem_vunmap(struct udl_gem_object *obj)
> }
>
> vunmap(obj->vmapping);
> + obj->vmapping = NULL;
>
> udl_gem_put_pages(obj);
> }
> --
> 2.23.0
>
--
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch
More information about the dri-devel
mailing list