On Tue, Jul 15, 2025 at 10:26:22AM +0200, Thomas Zimmermann wrote:
> This reverts commit 515986100d176663d0a03219a3056e4252f729e6.
>
> The dma_buf field in struct drm_gem_object is not stable over the
> object instance's lifetime. The field becomes NULL when user space
> releases the final GEM handle on the buffer object. This resulted
> in a NULL-pointer deref.
>
> Workarounds in commit 5307dce878d4 ("drm/gem: Acquire references on
> GEM handles for framebuffers") and commit f6bfc9afc751 ("drm/framebuffer:
> Acquire internal references on GEM handles") only solved the problem
> partially. They especially don't work for buffer objects without a DRM
> framebuffer associated.
>
> Hence, this revert to going back to using .import_attach->dmabuf.
>
> Signed-off-by: Thomas Zimmermann <tzimmerm...@suse.de>
Reviewed-by: Simona Vetter <simona.vet...@ffwll.ch>
> ---
> drivers/gpu/drm/amd/amdgpu/amdgpu_dma_buf.c | 2 +-
> drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c | 3 ++-
> drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 2 +-
> 3 files changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_dma_buf.c
> b/drivers/gpu/drm/amd/amdgpu/amdgpu_dma_buf.c
> index ff98c87b2e0b..5743ebb2f1b7 100644
> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_dma_buf.c
> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_dma_buf.c
> @@ -514,7 +514,7 @@ bool amdgpu_dmabuf_is_xgmi_accessible(struct
> amdgpu_device *adev,
> return false;
>
> if (drm_gem_is_imported(obj)) {
> - struct dma_buf *dma_buf = obj->dma_buf;
> + struct dma_buf *dma_buf = obj->import_attach->dmabuf;
>
> if (dma_buf->ops != &amdgpu_dmabuf_ops)
> /* No XGMI with non AMD GPUs */
> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
> b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
> index 6626a6e64ff5..d1ccbfcf21fa 100644
> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
> @@ -317,7 +317,8 @@ static int amdgpu_gem_object_open(struct drm_gem_object
> *obj,
> */
> if (!vm->is_compute_context || !vm->process_info)
> return 0;
> - if (!drm_gem_is_imported(obj) || !dma_buf_is_dynamic(obj->dma_buf))
> + if (!drm_gem_is_imported(obj) ||
> + !dma_buf_is_dynamic(obj->import_attach->dmabuf))
> return 0;
> mutex_lock_nested(&vm->process_info->lock, 1);
> if (!WARN_ON(!vm->process_info->eviction_fence)) {
> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c
> b/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c
> index af0f655dfd5b..b9b4f7d9186e 100644
> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c
> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c
> @@ -1272,7 +1272,7 @@ int amdgpu_vm_bo_update(struct amdgpu_device *adev,
> struct amdgpu_bo_va *bo_va,
> struct drm_gem_object *obj = &bo->tbo.base;
>
> if (drm_gem_is_imported(obj) && bo_va->is_xgmi) {
> - struct dma_buf *dma_buf = obj->dma_buf;
> + struct dma_buf *dma_buf = obj->import_attach->dmabuf;
> struct drm_gem_object *gobj = dma_buf->priv;
> struct amdgpu_bo *abo = gem_to_amdgpu_bo(gobj);
>
> --
> 2.50.0
>
--
Simona Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch
