On Wed Apr 22, 2026 at 8:52 AM JST, Lyude Paul wrote: <snip>
@@ -176,6 +195,100 @@ extern "C" fn free_callback(obj: *mut bindings::drm_gem_object) { // SAFETY: We're recovering the Kbox<> we created in gem_create_object() let _ = unsafe { KBox::from_raw(this) }; }
- // If necessary, create an SGTable for the gem object and register a Devres for it to ensure
- // that it is unmapped on driver unbind.
- fn get_sg_table<'a>(
&'a self,dev: &'a device::Device<Bound>,
Just noticed that the caller can technically pass a different `dev` from the one the buffer will be mapped onto, potentially linking the `Devres` (and thus the device mapping) to a completely unrelated lifetime.
I.e. `dev` is only used to create the `Devres`, while `drm_gem_shmem_get_pages_sgt_locked` uses the object's device pointer to create the mapping. We need to add the check ensuring that the two point to the same device:
let expected = self.dev().as_ref().as_raw(); if dev.as_raw() != expected { return Err(EINVAL); }
Ideally we could do without the `dev` argument altogether, but that's our only guarantee that the device is bound, so I don't think we can do without this runtime check.
I think it's also worth mentioning in the documentations of `sg_table` and `owned_sg_table` which device is expected.