hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/ICOXN8 CVE: CVE-2025-38449 -------------------------------- Commit f6bfc9afc751 ("drm/framebuffer: Acquire internal references on GEM handles") bring kabi change for struct drm_framebuffer which lead to kabi changes. Move internal_flags after hot_y since there exists 4 bytes hole which will not lead to size change of there struct. w/o this fix: struct drm_framebuffer { ... int hot_y; /* 144 4 */ /* XXX 4 bytes hole, try to pack */ struct list_head filp_head; /* 152 16 */ ... /* size: 200, cachelines: 4, members: 16 */ /* sum members: 196, holes: 1, sum holes: 4 */ /* last cacheline: 8 bytes */ }; w/ this fix: struct drm_framebuffer { ... int hot_y; /* 144 4 */ unsigned int internal_flags; /* 148 4 */ struct list_head filp_head; /* 152 16 */ ... /* size: 200, cachelines: 4, members: 17 */ /* last cacheline: 8 bytes */ }; the total size of this struct keep the same. Fixes: 5307dce878d4 ("drm/gem: Acquire references on GEM handles for framebuffers") Signed-off-by: Wupeng Ma <mawupeng1@huawei.com> --- include/drm/drm_framebuffer.h | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/include/drm/drm_framebuffer.h b/include/drm/drm_framebuffer.h index 490070da98b0..018d69f37160 100644 --- a/include/drm/drm_framebuffer.h +++ b/include/drm/drm_framebuffer.h @@ -183,10 +183,6 @@ struct drm_framebuffer { * DRM_MODE_FB_MODIFIERS. */ int flags; - /** - * @internal_flags: Framebuffer flags like DRM_FRAMEBUFFER_HAS_HANDLE_REF. - */ - unsigned int internal_flags; /** * @hot_x: X coordinate of the cursor hotspot. Used by the legacy cursor * IOCTL when the driver supports cursor through a DRM_PLANE_TYPE_CURSOR @@ -199,6 +195,14 @@ struct drm_framebuffer { * universal plane. */ int hot_y; +#if !defined(__GENKSYMS__) + /** + * @internal_flags: Framebuffer flags like DRM_FRAMEBUFFER_HAS_HANDLE_REF. + * add internal_flags to avoid kabi change here since here exists + * 4 bytes hole. + */ + unsigned int internal_flags; +#endif /** * @filp_head: Placed on &drm_file.fbs, protected by &drm_file.fbs_lock. */ -- 2.43.0