On Tue, 09 Sep 2025 13:36:23 +0000 Alice Ryhl <alicer...@google.com> wrote:
> static void panthor_vma_init(struct panthor_vma *vma, u32 flags) > @@ -2084,12 +2010,12 @@ static int panthor_gpuva_sm_step_map(struct > drm_gpuva_op *op, void *priv) > if (ret) > return ret; > > - /* Ref owned by the mapping now, clear the obj field so we don't > release the > - * pinning/obj ref behind GPUVA's back. > - */ > drm_gpuva_map(&vm->base, &vma->base, &op->map); > panthor_vma_link(vm, vma, op_ctx->map.vm_bo); > + > + drm_gpuvm_bo_put_deferred(op_ctx->map.vm_bo); Hm, I don't see why we need a drm_gpuvm_bo_put_deferred() here. The original idea was to delegate the vm_bo ownership to the VA being added to the VM tree, so if we put it here, we have a UAF situation, don't we? > op_ctx->map.vm_bo = NULL; > + > return 0; > }
