Once a DRM device is unregistered, user-space must not access any existing
mmaps, anymore. As we cannot rely on this, we now zap all of them in
drm_dev_unregister().
Any driver which wants to support that needs to protect their fault()
and mmap() handlers via drm_dev_get_active(), otherwise users can create
new mmaps after/during drm_dev_unregister().
Signed-off-by: David Herrmann <dh.herrmann at gmail.com>
---
drivers/gpu/drm/drm_stub.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/gpu/drm/drm_stub.c b/drivers/gpu/drm/drm_stub.c
index e363b72..274a005 100644
--- a/drivers/gpu/drm/drm_stub.c
+++ b/drivers/gpu/drm/drm_stub.c
@@ -602,6 +602,10 @@ void drm_dev_unregister(struct drm_device *dev)
drm_dev_shutdown(dev);
+ /* zap all memory mappings (drm_global_mutex must not be locked) */
+ if (dev->dev_mapping)
+ unmap_mapping_range(dev->dev_mapping, 0, LLONG_MAX, 1);
+
/* We cannot hold drm_global_mutex during drm_dev_shutdown() as it might
* dead-lock. Hence, there's a small race between drm_dev_shutdown() and
* us locking drm_global_mutex which drm_release() might trigger. To fix
--
1.8.4.1
