Once a DRM device is unregistered, user-space must not access any existing
mmaps, anymore. As we cannot rely on this, we now zap all of them in
drm_dev_unregister().

Any driver which wants to support that needs to protect their fault()
and mmap() handlers via drm_dev_get_active(), otherwise users can create
new mmaps after/during drm_dev_unregister().

Signed-off-by: David Herrmann <dh.herrmann at gmail.com>
---
 drivers/gpu/drm/drm_stub.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/drivers/gpu/drm/drm_stub.c b/drivers/gpu/drm/drm_stub.c
index e363b72..274a005 100644
--- a/drivers/gpu/drm/drm_stub.c
+++ b/drivers/gpu/drm/drm_stub.c
@@ -602,6 +602,10 @@ void drm_dev_unregister(struct drm_device *dev)

        drm_dev_shutdown(dev);

+       /* zap all memory mappings (drm_global_mutex must not be locked) */
+       if (dev->dev_mapping)
+               unmap_mapping_range(dev->dev_mapping, 0, LLONG_MAX, 1);
+
        /* We cannot hold drm_global_mutex during drm_dev_shutdown() as it might
         * dead-lock. Hence, there's a small race between drm_dev_shutdown() and
         * us locking drm_global_mutex which drm_release() might trigger. To fix
-- 
1.8.4.1

Reply via email to