On Tue, Jul 15, 2025 at 12:02 PM Thomas Zimmermann <tzimmerm...@suse.de> wrote:
>
> Revert the use of drm_gem_object.dma_buf back to .import_attach->dmabuf
> in the affected places. Separates references to imported and exported DMA
> bufs within a GEM object; as before.
>
> The dma_buf field in struct drm_gem_object is not stable over the object
> instance's lifetime. The field becomes NULL when user space releases the
> final GEM handle on the buffer object. This resulted in a NULL-pointer
> deref.
>
> Workarounds in commit 5307dce878d4 ("drm/gem: Acquire references on GEM
> handles for framebuffers") and commit f6bfc9afc751 ("drm/framebuffer:
> Acquire internal references on GEM handles") only solved the problem
> partially. They especially don't work for buffer objects without a DRM
> framebuffer associated.
>
> v3:
> - cc stable where necessary
> v2:
> - extended commit messages (Sima)
> - drop the GEM-handle changes to be resolved separately
>
> Thomas Zimmermann (7):
> Revert "drm/virtio: Use dma_buf from GEM object instance"
> Revert "drm/vmwgfx: Use dma_buf from GEM object instance"
> Revert "drm/etnaviv: Use dma_buf from GEM object instance"
> Revert "drm/prime: Use dma_buf from GEM object instance"
> Revert "drm/gem-framebuffer: Use dma_buf from GEM object instance"
> Revert "drm/gem-shmem: Use dma_buf from GEM object instance"
> Revert "drm/gem-dma: Use dma_buf from GEM object instance"
>
> drivers/gpu/drm/drm_gem_dma_helper.c | 2 +-
> drivers/gpu/drm/drm_gem_framebuffer_helper.c | 8 ++++++--
> drivers/gpu/drm/drm_gem_shmem_helper.c | 4 ++--
> drivers/gpu/drm/drm_prime.c | 8 +++++++-
> drivers/gpu/drm/etnaviv/etnaviv_gem_prime.c | 4 ++--
> drivers/gpu/drm/virtio/virtgpu_prime.c | 5 +++--
> drivers/gpu/drm/vmwgfx/vmwgfx_gem.c | 6 +++---
> 7 files changed, 24 insertions(+), 13 deletions(-)
>
> --Thanks for taking care of this. Acked-by: Zack Rusin <zack.ru...@broadcom.com> z
smime.p7s
Description: S/MIME Cryptographic Signature
