On Mon, Sep 15, 2025 at 02:19:30PM +0200, Hans de Goede wrote:
Hi,
On 15-Sep-25 8:36 AM, Janne Grunau wrote:
The pm_domain cleanup can not be devres managed as it uses struct simplefb_par which is allocated within struct fb_info by framebuffer_alloc(). This allocation is explicitly freed by unregister_framebuffer() in simplefb_remove(). Devres managed cleanup runs after the device remove call and thus can no longer access struct simplefb_par. Call simplefb_detach_genpds() explicitly from simplefb_destroy() like the cleanup functions for clocks and regulators.
Fixes an use after free on M2 Mac mini during aperture_remove_conflicting_devices() using the downstream asahi kernel with Debian's kernel config. For unknown reasons this started to consistently dereference an invalid pointer in v6.16.3 based kernels.
Thanks, this v3 patch looks good to me:
Reviewed-by: Hans de Goede hansg@kernel.org
I assume that you will push this do drm-misc yourself ?
I don't have drm-misc commit access yet. I took this as reminder to request access so I will either commit it myself or ask someone else in a couple of days (if nobody beats me to it).
thanks, Janne