Re: [PATCH v1] drm/shmem-helper: Fix unsetting shmem vaddr while vmap refcount > 0
From: Boris Brezillon
Date: Thu Apr 03 2025 - 10:34:34 EST
On Thu, 3 Apr 2025 17:26:33 +0300
Dmitry Osipenko <dmitry.osipenko@xxxxxxxxxxxxx> wrote:
> We switched to use refcount_t for vmaps and missed to change the vunmap
> code to properly unset the vmap pointer, which is now cleared while vmap's
> refcount > 0. Clear the cached vmap pointer only when refcounting drops to
> zero to fix the bug.
>
> Fixes: e1fc39a92332 ("drm/shmem-helper: Use refcount_t for vmap_use_count")
> Reported-by: Lucas De Marchi <lucas.demarchi@xxxxxxxxx>
> Closes: https://lore.kernel.org/dri-devel/20250403105053.788b0f6e@xxxxxxxxxxxxx/T/#m3dca6d81bedc8d6146a56b82694624fbc6fa4c96
> Signed-off-by: Dmitry Osipenko <dmitry.osipenko@xxxxxxxxxxxxx>
Reviewed-by: Boris Brezillon <boris.brezillon@xxxxxxxxxxxxx>
> ---
> drivers/gpu/drm/drm_gem_shmem_helper.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/gpu/drm/drm_gem_shmem_helper.c b/drivers/gpu/drm/drm_gem_shmem_helper.c
> index 2d924d547a51..aa43265f4f4f 100644
> --- a/drivers/gpu/drm/drm_gem_shmem_helper.c
> +++ b/drivers/gpu/drm/drm_gem_shmem_helper.c
> @@ -415,11 +415,11 @@ void drm_gem_shmem_vunmap_locked(struct drm_gem_shmem_object *shmem,
>
> if (refcount_dec_and_test(&shmem->vmap_use_count)) {
> vunmap(shmem->vaddr);
> + shmem->vaddr = NULL;
> +
> drm_gem_shmem_unpin_locked(shmem);
> }
> }
> -
> - shmem->vaddr = NULL;
> }
> EXPORT_SYMBOL_GPL(drm_gem_shmem_vunmap_locked);
>