On Thu, Oct 24, 2019 at 04:42:33PM +0200, Thomas Zimmermann wrote: > Unmapping the BO memory with udl_gem_vunmap() creates a dangling pointer > in struct udl_gem_object.vmapping. This can crash udl_handle_damage(), > which check the pointer's value for NULL. Clear the pointer to NULL and > let udl_handle_damage() re-establish the mapping if necessary. > > Signed-off-by: Thomas Zimmermann <tzimmermann@xxxxxxx> Hm right now this is not a problem, becase we remove the vmapping only when we free the underlying object. If that changes somehow, then what we actually need is to start refcount the vmapping (and drop the trick in udl_handle_damage and unconditionally vmap/vunmap). Might be easier to just cut over to shmem helpers. -Daniel > --- > drivers/gpu/drm/udl/udl_gem.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/drivers/gpu/drm/udl/udl_gem.c b/drivers/gpu/drm/udl/udl_gem.c > index b23a5c2fcd80..3ea0cd9ae2d6 100644 > --- a/drivers/gpu/drm/udl/udl_gem.c > +++ b/drivers/gpu/drm/udl/udl_gem.c > @@ -174,6 +174,7 @@ void udl_gem_vunmap(struct udl_gem_object *obj) > } > > vunmap(obj->vmapping); > + obj->vmapping = NULL; > > udl_gem_put_pages(obj); > } > -- > 2.23.0 > -- Daniel Vetter Software Engineer, Intel Corporation http://blog.ffwll.ch _______________________________________________ dri-devel mailing list dri-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/dri-devel
