On 2/24/26 09:25, Thomas Zimmermann wrote:
There's a long-standing bug in defio where the framebuffer device or module gets removed while mmap'ed areas of the framebuffer memory persists in userspace. Page faults in the area then operate on defined state.Patches 1 and 2 fix these problems. Patches 3 and 4 build upon the fix and put defio state into the correct places. v2: - use alloc_obj() functions Thomas Zimmermann (4): fbdev: defio: Disconnect deferred I/O from the lifetime of struct fb_info fbdev: defio: Keep module reference from VMAs fbdev: defio: Move variable state into struct fb_deferred_io_state fbdev: defio: Move pageref array to struct fb_deferred_io_state drivers/video/fbdev/core/fb_defio.c | 266 ++++++++++++++++++++-------- include/linux/fb.h | 9 +- 2 files changed, 195 insertions(+), 80 deletions(-)
Series added to fbdev git tree for further testing. Thanks! Helge
