hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/ICOXN8 CVE: CVE-2025-38449 -------------------------------- Commit f6bfc9afc751 ("drm/framebuffer: Acquire internal references on GEM handles") bring kabi change for struct drm_framebuffer which lead to kabi changes. Move internal_flags after hot_y since there exists 4 bytes hole which will not lead to size change of there struct. w/o this fix: struct drm_framebuffer { ... int hot_y; /* 144 4 */ /* XXX 4 bytes hole, try to pack */ struct list_head filp_head; /* 152 16 */ ... /* size: 200, cachelines: 4, members: 16 */ /* sum members: 196, holes: 1, sum holes: 4 */ /* last cacheline: 8 bytes */ }; w/ this fix: struct drm_framebuffer { ... int hot_y; /* 144 4 */ unsigned int internal_flags; /* 148 4 */ struct list_head filp_head; /* 152 16 */ ... /* size: 200, cachelines: 4, members: 17 */ /* last cacheline: 8 bytes */ }; the total size of this struct keep the same. Fixes: f6bfc9afc751 ("drm/framebuffer: Acquire internal references on GEM handles") Signed-off-by: Wupeng Ma <mawupeng1@huawei.com> --- include/drm/drm_framebuffer.h | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/include/drm/drm_framebuffer.h b/include/drm/drm_framebuffer.h index 990259873e1e3..18543b7b6df92 100644 --- a/include/drm/drm_framebuffer.h +++ b/include/drm/drm_framebuffer.h @@ -191,10 +191,6 @@ struct drm_framebuffer { * DRM_MODE_FB_MODIFIERS. */ int flags; - /** - * @internal_flags: Framebuffer flags like DRM_FRAMEBUFFER_HAS_HANDLE_REF. - */ - unsigned int internal_flags; /** * @hot_x: X coordinate of the cursor hotspot. Used by the legacy cursor * IOCTL when the driver supports cursor through a DRM_PLANE_TYPE_CURSOR @@ -207,6 +203,12 @@ struct drm_framebuffer { * universal plane. */ int hot_y; + /** + * @internal_flags: Framebuffer flags like DRM_FRAMEBUFFER_HAS_HANDLE_REF. + * add internal_flags to avoid kabi change here since here exists + * 4 bytes hole. + */ + KABI_FILL_HOLE(unsigned int internal_flags) /** * @filp_head: Placed on &drm_file.fbs, protected by &drm_file.fbs_lock. */ -- 2.43.0