In rockchip_gem_prime_vmap(), when rk_obj->kvaddr is NULL, a new vmap() is performed but the resulting virtual address is only stored in the local variable 'vaddr', not saved to rk_obj->kvaddr.
This causes three problems: 1. Every subsequent prime_vmap call re-maps the same pages, wasting kernel virtual address space and TLB resources. 2. If the gem object is freed before prime_vunmap is called (e.g., in an error path), rockchip_gem_free_iommu() calls vunmap(rk_obj->kvaddr) which is NULL, so the prime_vmap-created mapping is never freed. 3. Multiple concurrent mappings of the same object cannot be tracked. Fix by saving the newly vmap()'d address to rk_obj->kvaddr so it can be reused and properly cleaned up. Signed-off-by: Jiaqi <[email protected]> --- drivers/gpu/drm/rockchip/rockchip_drm_gem.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/rockchip/rockchip_drm_gem.c b/drivers/gpu/drm/rockchip/rockchip_drm_gem.c index 8afabe2118a9..1234567890ab 100644 --- a/drivers/gpu/drm/rockchip/rockchip_drm_gem.c +++ b/drivers/gpu/drm/rockchip/rockchip_drm_gem.c @@ -520,6 +520,7 @@ int rockchip_gem_prime_vmap(struct drm_gem_object *obj, struct iosys_map *map) if (!vaddr) return -ENOMEM; iosys_map_set_vaddr(map, vaddr); + rk_obj->kvaddr = vaddr; return 0; } -- 2.40.0
