drivers/gpu/drm/drm_gem_shmem_helper.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
We switched to use refcount_t for vmaps and missed to change the vunmap
code to properly unset the vmap pointer, which is now cleared while vmap's
refcount > 0. Clear the cached vmap pointer only when refcounting drops to
zero to fix the bug.
Fixes: e1fc39a92332 ("drm/shmem-helper: Use refcount_t for vmap_use_count")
Reported-by: Lucas De Marchi <lucas.demarchi@intel.com>
Closes: https://lore.kernel.org/dri-devel/20250403105053.788b0f6e@collabora.com/T/#m3dca6d81bedc8d6146a56b82694624fbc6fa4c96
Signed-off-by: Dmitry Osipenko <dmitry.osipenko@collabora.com>
---
drivers/gpu/drm/drm_gem_shmem_helper.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/drm_gem_shmem_helper.c b/drivers/gpu/drm/drm_gem_shmem_helper.c
index 2d924d547a51..aa43265f4f4f 100644
--- a/drivers/gpu/drm/drm_gem_shmem_helper.c
+++ b/drivers/gpu/drm/drm_gem_shmem_helper.c
@@ -415,11 +415,11 @@ void drm_gem_shmem_vunmap_locked(struct drm_gem_shmem_object *shmem,
if (refcount_dec_and_test(&shmem->vmap_use_count)) {
vunmap(shmem->vaddr);
+ shmem->vaddr = NULL;
+
drm_gem_shmem_unpin_locked(shmem);
}
}
-
- shmem->vaddr = NULL;
}
EXPORT_SYMBOL_GPL(drm_gem_shmem_vunmap_locked);
--
2.49.0On 4/3/25 17:26, Dmitry Osipenko wrote:
> We switched to use refcount_t for vmaps and missed to change the vunmap
> code to properly unset the vmap pointer, which is now cleared while vmap's
> refcount > 0. Clear the cached vmap pointer only when refcounting drops to
> zero to fix the bug.
>
> Fixes: e1fc39a92332 ("drm/shmem-helper: Use refcount_t for vmap_use_count")
> Reported-by: Lucas De Marchi <lucas.demarchi@intel.com>
> Closes: https://lore.kernel.org/dri-devel/20250403105053.788b0f6e@collabora.com/T/#m3dca6d81bedc8d6146a56b82694624fbc6fa4c96
> Signed-off-by: Dmitry Osipenko <dmitry.osipenko@collabora.com>
> ---
> drivers/gpu/drm/drm_gem_shmem_helper.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/gpu/drm/drm_gem_shmem_helper.c b/drivers/gpu/drm/drm_gem_shmem_helper.c
> index 2d924d547a51..aa43265f4f4f 100644
> --- a/drivers/gpu/drm/drm_gem_shmem_helper.c
> +++ b/drivers/gpu/drm/drm_gem_shmem_helper.c
> @@ -415,11 +415,11 @@ void drm_gem_shmem_vunmap_locked(struct drm_gem_shmem_object *shmem,
>
> if (refcount_dec_and_test(&shmem->vmap_use_count)) {
> vunmap(shmem->vaddr);
> + shmem->vaddr = NULL;
> +
> drm_gem_shmem_unpin_locked(shmem);
> }
> }
> -
> - shmem->vaddr = NULL;
> }
> EXPORT_SYMBOL_GPL(drm_gem_shmem_vunmap_locked);
>
Applied to misc-next
--
Best regards,
Dmitry
On Thu, Apr 03, 2025 at 05:26:33PM +0300, Dmitry Osipenko wrote:
>We switched to use refcount_t for vmaps and missed to change the vunmap
>code to properly unset the vmap pointer, which is now cleared while vmap's
>refcount > 0. Clear the cached vmap pointer only when refcounting drops to
>zero to fix the bug.
>
>Fixes: e1fc39a92332 ("drm/shmem-helper: Use refcount_t for vmap_use_count")
>Reported-by: Lucas De Marchi <lucas.demarchi@intel.com>
>Closes: https://lore.kernel.org/dri-devel/20250403105053.788b0f6e@collabora.com/T/#m3dca6d81bedc8d6146a56b82694624fbc6fa4c96
>Signed-off-by: Dmitry Osipenko <dmitry.osipenko@collabora.com>
Tested-by: Lucas De Marchi <lucas.demarchi@intel.com>
this fixes it for me when using `qemu ... -device cirrus-vga`
thanks
Lucas De Marchi
On Thu, 3 Apr 2025 17:26:33 +0300
Dmitry Osipenko <dmitry.osipenko@collabora.com> wrote:
> We switched to use refcount_t for vmaps and missed to change the vunmap
> code to properly unset the vmap pointer, which is now cleared while vmap's
> refcount > 0. Clear the cached vmap pointer only when refcounting drops to
> zero to fix the bug.
>
> Fixes: e1fc39a92332 ("drm/shmem-helper: Use refcount_t for vmap_use_count")
> Reported-by: Lucas De Marchi <lucas.demarchi@intel.com>
> Closes: https://lore.kernel.org/dri-devel/20250403105053.788b0f6e@collabora.com/T/#m3dca6d81bedc8d6146a56b82694624fbc6fa4c96
> Signed-off-by: Dmitry Osipenko <dmitry.osipenko@collabora.com>
Reviewed-by: Boris Brezillon <boris.brezillon@collabora.com>
> ---
> drivers/gpu/drm/drm_gem_shmem_helper.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/gpu/drm/drm_gem_shmem_helper.c b/drivers/gpu/drm/drm_gem_shmem_helper.c
> index 2d924d547a51..aa43265f4f4f 100644
> --- a/drivers/gpu/drm/drm_gem_shmem_helper.c
> +++ b/drivers/gpu/drm/drm_gem_shmem_helper.c
> @@ -415,11 +415,11 @@ void drm_gem_shmem_vunmap_locked(struct drm_gem_shmem_object *shmem,
>
> if (refcount_dec_and_test(&shmem->vmap_use_count)) {
> vunmap(shmem->vaddr);
> + shmem->vaddr = NULL;
> +
> drm_gem_shmem_unpin_locked(shmem);
> }
> }
> -
> - shmem->vaddr = NULL;
> }
> EXPORT_SYMBOL_GPL(drm_gem_shmem_vunmap_locked);
>
© 2016 - 2026 Red Hat, Inc.