Christian König
2025-Mar-26 13:05 UTC
[PATCH] drm/nouveau: prime: drm_prime_gem_destroy comment
Am 26.03.25 um 13:53 schrieb Chris Bainbridge:> Edit the comments on correct usage of drm_prime_gem_destroy to note > that, if using TTM, drm_prime_gem_destroy must be called in the > ttm_buffer_object.destroy hook, to avoid the dma_buf being freed leaving > a dangling pointer which will be later dereferenced by > ttm_bo_delayed_delete. > > Signed-off-by: Chris Bainbridge <chris.bainbridge at gmail.com> > Suggested-by: Christian K?nig <christian.koenig at amd.com>The subject line of the patch should probably read "drm/prime: fix drm_prime_gem_destroy comment" since this isn't nouveau specific at all. It's just that all other TTM drivers except for nouveau got that right. Regards, Christian.> --- > drivers/gpu/drm/drm_prime.c | 8 ++++++-- > 1 file changed, 6 insertions(+), 2 deletions(-) > > diff --git a/drivers/gpu/drm/drm_prime.c b/drivers/gpu/drm/drm_prime.c > index 32a8781cfd67..452d5c7cd292 100644 > --- a/drivers/gpu/drm/drm_prime.c > +++ b/drivers/gpu/drm/drm_prime.c > @@ -929,7 +929,9 @@ EXPORT_SYMBOL(drm_gem_prime_export); > * &drm_driver.gem_prime_import_sg_table internally. > * > * Drivers must arrange to call drm_prime_gem_destroy() from their > - * &drm_gem_object_funcs.free hook when using this function. > + * &drm_gem_object_funcs.free hook or &ttm_buffer_object.destroy > + * hook when using this function, to avoid the dma_buf being freed while the > + * ttm_buffer_object can still dereference it. > */ > struct drm_gem_object *drm_gem_prime_import_dev(struct drm_device *dev, > struct dma_buf *dma_buf, > @@ -999,7 +1001,9 @@ EXPORT_SYMBOL(drm_gem_prime_import_dev); > * implementation in drm_gem_prime_fd_to_handle(). > * > * Drivers must arrange to call drm_prime_gem_destroy() from their > - * &drm_gem_object_funcs.free hook when using this function. > + * &drm_gem_object_funcs.free hook or &ttm_buffer_object.destroy > + * hook when using this function, to avoid the dma_buf being freed while the > + * ttm_buffer_object can still dereference it. > */ > struct drm_gem_object *drm_gem_prime_import(struct drm_device *dev, > struct dma_buf *dma_buf)
Chris Bainbridge
2025-Mar-26 13:11 UTC
[PATCH v2] drm/prime: fix drm_prime_gem_destroy comment
Edit the comments on correct usage of drm_prime_gem_destroy to note that, if using TTM, drm_prime_gem_destroy must be called in the ttm_buffer_object.destroy hook, to avoid the dma_buf being freed leaving a dangling pointer which will be later dereferenced by ttm_bo_delayed_delete. Signed-off-by: Chris Bainbridge <chris.bainbridge at gmail.com> Suggested-by: Christian K?nig <christian.koenig at amd.com> --- drivers/gpu/drm/drm_prime.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/drm_prime.c b/drivers/gpu/drm/drm_prime.c index 32a8781cfd67..452d5c7cd292 100644 --- a/drivers/gpu/drm/drm_prime.c +++ b/drivers/gpu/drm/drm_prime.c @@ -929,7 +929,9 @@ EXPORT_SYMBOL(drm_gem_prime_export); * &drm_driver.gem_prime_import_sg_table internally. * * Drivers must arrange to call drm_prime_gem_destroy() from their - * &drm_gem_object_funcs.free hook when using this function. + * &drm_gem_object_funcs.free hook or &ttm_buffer_object.destroy + * hook when using this function, to avoid the dma_buf being freed while the + * ttm_buffer_object can still dereference it. */ struct drm_gem_object *drm_gem_prime_import_dev(struct drm_device *dev, struct dma_buf *dma_buf, @@ -999,7 +1001,9 @@ EXPORT_SYMBOL(drm_gem_prime_import_dev); * implementation in drm_gem_prime_fd_to_handle(). * * Drivers must arrange to call drm_prime_gem_destroy() from their - * &drm_gem_object_funcs.free hook when using this function. + * &drm_gem_object_funcs.free hook or &ttm_buffer_object.destroy + * hook when using this function, to avoid the dma_buf being freed while the + * ttm_buffer_object can still dereference it. */ struct drm_gem_object *drm_gem_prime_import(struct drm_device *dev, struct dma_buf *dma_buf) -- 2.47.2
Danilo Krummrich
2025-Mar-28 11:01 UTC
[PATCH v2] drm/prime: fix drm_prime_gem_destroy comment
On Wed, Mar 26, 2025 at 01:10:58PM +0000, Chris Bainbridge wrote:> Edit the comments on correct usage of drm_prime_gem_destroy to note > that, if using TTM, drm_prime_gem_destroy must be called in the > ttm_buffer_object.destroy hook, to avoid the dma_buf being freed leaving > a dangling pointer which will be later dereferenced by > ttm_bo_delayed_delete. > > Signed-off-by: Chris Bainbridge <chris.bainbridge at gmail.com> > Suggested-by: Christian K?nig <christian.koenig at amd.com>Can you please send new version of patches as a new mail thread (not in reply to previous versions) please? Otherwise, Reviewed-by: Danilo Krummrich <dakr at kernel.org> @Christian, I assume you will pick this one up?