From: Dmitry Osipenko <dmitry.osipenko@collabora.com>
Date: Thu, 3 Apr 2025 14:26:33 +0000 (+0300)
Subject: drm/shmem-helper: Fix unsetting shmem vaddr while vmap refcount > 0
X-Git-Tag: v6.16-rc1~144^2~21^2~60
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=dd717762761807452ca25634652e180a80349cd8;p=thirdparty%2Flinux.git

drm/shmem-helper: Fix unsetting shmem vaddr while vmap refcount > 0

We switched to use refcount_t for vmaps and missed to change the vunmap
code to properly unset the vmap pointer, which is now cleared while vmap's
refcount > 0. Clear the cached vmap pointer only when refcounting drops to
zero to fix the bug.

Fixes: e1fc39a92332 ("drm/shmem-helper: Use refcount_t for vmap_use_count")
Reported-by: Lucas De Marchi <lucas.demarchi@intel.com>
Closes: https://lore.kernel.org/dri-devel/20250403105053.788b0f6e@collabora.com/T/#m3dca6d81bedc8d6146a56b82694624fbc6fa4c96
Signed-off-by: Dmitry Osipenko <dmitry.osipenko@collabora.com>
Reviewed-by: Boris Brezillon <boris.brezillon@collabora.com>
Tested-by: Lucas De Marchi <lucas.demarchi@intel.com>
Link: https://lore.kernel.org/r/20250403142633.484660-1-dmitry.osipenko@collabora.com
---

diff --git a/drivers/gpu/drm/drm_gem_shmem_helper.c b/drivers/gpu/drm/drm_gem_shmem_helper.c
index 2d924d547a519..aa43265f4f4f6 100644
--- a/drivers/gpu/drm/drm_gem_shmem_helper.c
+++ b/drivers/gpu/drm/drm_gem_shmem_helper.c
@@ -415,11 +415,11 @@ void drm_gem_shmem_vunmap_locked(struct drm_gem_shmem_object *shmem,
 
 		if (refcount_dec_and_test(&shmem->vmap_use_count)) {
 			vunmap(shmem->vaddr);
+			shmem->vaddr = NULL;
+
 			drm_gem_shmem_unpin_locked(shmem);
 		}
 	}
-
-	shmem->vaddr = NULL;
 }
 EXPORT_SYMBOL_GPL(drm_gem_shmem_vunmap_locked);