On Wed Mar 4, 2026 at 5:28 PM CET, Jani Nikula wrote: > On Tue, 03 Mar 2026, Christian König <[email protected]> wrote: >> On 3/3/26 13:26, Sebastian Brzezinka wrote: >>> Since commit 541c8f2468b9 ("dma-buf: detach fence ops on signal v3"), >>> fence->ops may be set to NULL via RCU when a fence signals and has no >>> release/wait ops. ttm_bo_flush_all_fences() was not updated to handle >>> this and directly dereferences fence->ops->signaled, leading to a NULL >>> pointer dereference crash: >>> >>> ``` >>> BUG: kernel NULL pointer dereference, address: 0000000000000018 >>> RIP: 0010:ttm_bo_release+0x1bc/0x330 [ttm] >>> ``` >>> >>> Since dma_fence_enable_sw_signaling() already handles the signaled case >>> internally (it checks DMA_FENCE_FLAG_SIGNALED_BIT before doing anything), >>> the ops->signaled pre-check is redundant. Simply remove it and call >>> dma_fence_enable_sw_signaling() unconditionally for each fence. >>> >>> Closes: https://gitlab.freedesktop.org/drm/i915/kernel/-/issues/15759 >>> Fixes: 541c8f2468b9 ("dma-buf: detach fence ops on signal v3") >>> Cc: Christian König <[email protected]> >>> Signed-off-by: Sebastian Brzezinka <[email protected]> >> >> Reviewed-by: Christian König <[email protected]> >> >> Going to push that to drm-misc-next now. > > Christian, did you forget to push or is there still something missing > here? > > Sebastian, for future reference, drm/ttm patches need to be sent to the > dri-devel mailing list. I bounced the patch there now. See MAINTAINERS > and/or use scripts/get_maintainer.pl to see where you need to send the > patches. The intel-gfx list is sufficient for i915 changes only. > > BR, > Jani. Thanks for the guidance and for bouncing the patch to the correct list.
-- Best regards, Sebastian
