From: "Noralf Trønnes" <noralf@tronnes.org>
To: Chris Wilson <chris@chris-wilson.co.uk>, dri-devel@lists.freedesktop.org
Cc: daniel.vetter@ffwll.ch, intel-gfx@lists.freedesktop.org,
laurent.pinchart@ideasonboard.com, dh.herrmann@gmail.com
Subject: Re: [RFC 4/7] drm/prime: Clear drm_gem_object->dma_buf on release
Date: Mon, 1 Jan 2018 15:33:10 +0100 [thread overview]
Message-ID: <beb7899e-fa9a-68e7-21a9-bf5dfa11aea8@tronnes.org> (raw)
In-Reply-To: <151473488770.2051.15717714514432460668@mail.alporthouse.com>
Den 31.12.2017 16.41, skrev Chris Wilson:
> Quoting Noralf Trønnes (2017-12-31 13:58:40)
>> Clear the pointer so the buffer can be re-exported. Otherwise use
>> after free happens in the next call to drm_gem_prime_handle_to_fd().
>>
>> Signed-off-by: Noralf Trønnes <noralf@tronnes.org>
>> ---
>> drivers/gpu/drm/drm_prime.c | 1 +
>> 1 file changed, 1 insertion(+)
>>
>> diff --git a/drivers/gpu/drm/drm_prime.c b/drivers/gpu/drm/drm_prime.c
>> index 9a17725b0f7a..3214c0eb7466 100644
>> --- a/drivers/gpu/drm/drm_prime.c
>> +++ b/drivers/gpu/drm/drm_prime.c
>> @@ -343,6 +343,7 @@ void drm_gem_dmabuf_release(struct dma_buf *dma_buf)
>>
>> /* drop the reference on the export fd holds */
>> drm_gem_object_put_unlocked(obj);
>> + obj->dma_buf = NULL;
> obj->dma_buf holds a reference to the dma_buf, so to get to the dma_buf
> release we must have already called dma_buf_put(obj->dma_buf). See
> drm_gem_object_exported_dma_buf_free(). (Note you would do the
> obj->dma_buf = NULL before dropping the potentially last ref to obj.)
> A BUG_ON(obj->dma_buf) may help clarify the cache was already released.
Hmm, okay it was a shot in the dark.
Maybe I can defer dumb_buffer and drm_framebuffer creation until fb_open
and then free it all in fb_close. That would align fbdev emulation more
with how DRM userspace operates. Let's see what assumptions the code has
about drm_fb_helper->fb being set on probe...
Noralf.
_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx
next prev parent reply other threads:[~2018-01-01 14:33 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-12-31 13:58 [RFC 0/7] drm: Add generic fbdev emulation Noralf Trønnes
2017-12-31 13:58 ` [RFC 1/7] drm: provide management functions for drm_file Noralf Trønnes
2017-12-31 13:58 ` [RFC 2/7] drm/fb-helper: Ensure driver module is pinned in fb_open() Noralf Trønnes
2017-12-31 13:58 ` [RFC 3/7] drm/fb-helper: Don't restore if fbdev is not in use Noralf Trønnes
2017-12-31 13:58 ` [RFC 4/7] drm/prime: Clear drm_gem_object->dma_buf on release Noralf Trønnes
2017-12-31 15:41 ` Chris Wilson
2018-01-01 14:33 ` Noralf Trønnes [this message]
2017-12-31 13:58 ` [RFC 5/7] drm: Handle fbdev emulation in core Noralf Trønnes
2017-12-31 13:58 ` [RFC 6/7] drm/fb-helper: Add generic fbdev emulation Noralf Trønnes
2017-12-31 13:58 ` [RFC 7/7] drm/vc4: Test " Noralf Trønnes
2018-01-02 10:27 ` ✗ Fi.CI.BAT: warning for drm: Add " Patchwork
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=beb7899e-fa9a-68e7-21a9-bf5dfa11aea8@tronnes.org \
--to=noralf@tronnes.org \
--cc=chris@chris-wilson.co.uk \
--cc=daniel.vetter@ffwll.ch \
--cc=dh.herrmann@gmail.com \
--cc=dri-devel@lists.freedesktop.org \
--cc=intel-gfx@lists.freedesktop.org \
--cc=laurent.pinchart@ideasonboard.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.