Hi, This commit
From 949c4a34afacfe800fc442afac117aba15284962 Mon Sep 17 00:00:00 2001 From: Ilija Hadzic <ihad...@research.bell-labs.com> Date: Tue, 15 May 2012 16:40:10 -0400 Subject: [PATCH] drm: track dev_mapping in more robust and flexible way Setting dev_mapping (pointer to the address_space structure used for memory mappings) to the address_space of the first opener's inode and then failing if other openers come in through a different inode has a few restrictions that are eliminated by this patch. If we already have valid dev_mapping and we spot an opener with different i_node, we force its i_mapping pointer to the already established address_space structure (first opener's inode). This will make all mappings from drm device hang off the same address_space object. ... Breaks drivers using TTM, since when the X server calls into the driver open, drm's dev_mapping has not yet been setup. The setup needs to be moved before the driver's open hook is called. Typically, if a TTM-aware driver is provoked by the Xorg server to move a buffer from system to VRAM or AGP, before any other drm client is started, The user-space page table entries are not killed before the move, and left pointing into freed pages, causing system crashes and / or user-space access to arbitrary memory. /Thomas