Unmapping the BO memory with udl_gem_vunmap() creates a dangling pointer in struct udl_gem_object.vmapping. This can crash udl_handle_damage(), which check the pointer's value for NULL. Clear the pointer to NULL and let udl_handle_damage() re-establish the mapping if necessary. Signed-off-by: Thomas Zimmermann <tzimmermann@xxxxxxx> --- drivers/gpu/drm/udl/udl_gem.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/udl/udl_gem.c b/drivers/gpu/drm/udl/udl_gem.c index b23a5c2fcd80..3ea0cd9ae2d6 100644 --- a/drivers/gpu/drm/udl/udl_gem.c +++ b/drivers/gpu/drm/udl/udl_gem.c @@ -174,6 +174,7 @@ void udl_gem_vunmap(struct udl_gem_object *obj) } vunmap(obj->vmapping); + obj->vmapping = NULL; udl_gem_put_pages(obj); } -- 2.23.0 _______________________________________________ dri-devel mailing list dri-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/dri-devel
