Commit 44b6535
drm/virtio: Fix NULL pointer deref in virtgpu_dma_buf_free_obj()
There is a chance that obj->dma_buf would be NULL by the time
virtgpu_dma_buf_free_obj() is called. This can happen for imported
prime objects, when drm_gem_object_exported_dma_buf_free() gets
called on them before drm_gem_object_free(). This is because
drm_gem_object_exported_dma_buf_free() explicitly sets
obj->dma_buf to NULL.
Therefore, fix this issue by storing the dma_buf pointer in the
virtio_gpu_object instance and using it in virtgpu_dma_buf_free_obj.
This stored pointer is guaranteed to be valid until the object is
freed as we took a reference on it in virtgpu_gem_prime_import().
Fixes: 415cb45 ("drm/virtio: Use dma_buf from GEM object instance")
Cc: Dmitry Osipenko <dmitry.osipenko@collabora.com>
Cc: Thomas Zimmermann <tzimmermann@suse.de>
Signed-off-by: Vivek Kasireddy <vivek.kasireddy@intel.com>
Reviewed-by: Dmitry Osipenko <dmitry.osipenko@collabora.com>
Signed-off-by: Dmitry Osipenko <dmitry.osipenko@collabora.com>
Link: https://lore.kernel.org/r/20250501232419.180337-1-vivek.kasireddy@intel.com1 parent 9b8f320 commit 44b6535
2 files changed
+3
-1
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
88 | 88 | | |
89 | 89 | | |
90 | 90 | | |
| 91 | + | |
91 | 92 | | |
92 | 93 | | |
93 | 94 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
206 | 206 | | |
207 | 207 | | |
208 | 208 | | |
209 | | - | |
| 209 | + | |
210 | 210 | | |
211 | 211 | | |
212 | 212 | | |
| |||
332 | 332 | | |
333 | 333 | | |
334 | 334 | | |
| 335 | + | |
335 | 336 | | |
336 | 337 | | |
337 | 338 | | |
| |||
0 commit comments