superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror-linux/drivers/gpu/drm
History
Zhenghang Xiao 7164d78559 drm/gem: fix race between change_handle and handle_delete 
drm_gem_change_handle_ioctl leaves the old handle live in the IDR
during the window between spin_unlock(table_lock) and the final
spin_lock(table_lock). A concurrent drm_gem_handle_delete on the old
handle succeeds in this window, decrements handle_count to 0, and frees
the GEM object while the new handle's IDR entry still references it.

NULL the old handle's IDR entry before dropping table_lock so that any
concurrent GEM_CLOSE on the old handle sees NULL and returns -EINVAL.
Restore the old entry on the prime-bookkeeping error path.

Fixes: 5e28b7b944 ("drm: Set old handle to NULL before prime swap in change_handle")
Signed-off-by: Zhenghang Xiao <kipreyyy@gmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: Dave Airlie <airlied@redhat.com>
Link: https://patch.msgid.link/20260526085313.26791-1-kipreyyy@gmail.com
 		2026-05-30 07:01:39 +10:00
..
adp
amd drm/amdgpu: fix calling VM invalidation in amdgpu_hmm_invalidate_gfx 2026-05-27 12:06:26 -04:00
arm drm/komeda: Add support for Arm China Linlon-D6 2026-03-24 16:08:54 +00:00
armada Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
aspeed
ast drm/ast: dp501: Fix initialization of SCU2C 2026-03-30 10:38:11 +02:00
atmel-hlcdc drm: atmel-hlcdc: add LCD controller layer definition for sama7d65 2026-02-25 09:20:45 +05:30
bridge drm/bridge: megachips: remove bridge when irq request fails 2026-05-19 10:46:33 +02:00
ci Merge tag 'drm-msm-next-2026-04-02' of https://gitlab.freedesktop.org/drm/msm into drm-next 2026-04-03 18:57:00 +10:00
clients Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
display drm/display: hdmi: Use drm_output_color_format instead of hdmi_colorspace 2026-03-24 13:54:35 +01:00
etnaviv drm/etnaviv: Fix armed job not being pushed to the DRM scheduler 2026-05-05 11:40:16 +02:00
exynos drm/exynos: remove bridge when component_add fails 2026-05-05 16:50:42 +02:00
fsl-dcu Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
gma500 drm/gma500/oaktrail_lvds: fix i2c adapter leaks on init 2026-05-13 20:15:17 +02:00
gud Merge drm/drm-fixes into drm-misc-next-fixes 2026-03-30 10:05:36 +02:00
hisilicon drm/hisilicon/hibmc: Adding reset colorbar cfg in dp init. 2026-01-20 10:53:14 +02:00
hyperv drm/hyperv: validate VMBus packet size in receive callback 2026-05-25 07:31:53 -04:00
i915 drm/i915/psr: Use DC_OFF wake reference to block DC6 on vblank enable 2026-05-26 09:31:48 +01:00
imagination drm/imagination: Fix segfault when updating ftrace mask 2026-04-27 14:22:52 +01:00
imx drm/imx: ipuv3-plane: support underlay plane 2026-03-13 16:27:06 +01:00
ingenic drm/atomic: Remove state argument to drm_atomic_private_obj_init 2026-03-20 10:03:11 +01:00
kmb Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
lima Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
logicvc drm/logicvc: Fix device node reference leak in logicvc_drm_config_parse() 2026-02-10 15:18:36 +01:00
loongson drm/loongson: Use managed KMS polling 2026-05-15 08:50:54 +02:00
mcde drm/mcde: dsi: convert to of_drm_find_and_get_bridge() 2026-02-23 10:10:34 +01:00
mediatek drm/mediatek: mtk_hdmi_ddc: Fix non-static global variable 2026-05-18 14:21:39 +00:00
meson Merge tag 'drm-msm-next-2026-04-02' of https://gitlab.freedesktop.org/drm/msm into drm-next 2026-04-03 18:57:00 +10:00
mgag200 Convert more 'alloc_obj' cases to default GFP_KERNEL arguments 2026-02-21 20:03:00 -08:00
msm drm/msm: Restore second parameter name in purge() and evict() 2026-05-24 10:31:24 -07:00
mxsfb drm: lcdif: Use dev_err_probe() 2026-03-10 09:42:09 +08:00
nouveau Revert "drm/nouveau/gsp: add support for GA100" 2026-05-01 01:08:00 +02:00
nova rust: gem: Introduce DriverObject::Args 2026-03-26 02:08:04 +01:00
omapdrm drm/atomic: Remove state argument to drm_atomic_private_obj_init 2026-03-20 10:03:11 +01:00
panel drm/panel: himax-hx83102: restore MODE_LPM after sending disable cmds 2026-05-05 14:43:36 +02:00
panfrost drm/panfrost: Fix wait_bo ioctl leaking positive return from dma_resv_wait_timeout() 2026-05-07 14:52:55 +01:00
panthor drm fixes for 7.1-rc1 2026-04-24 11:44:52 -07:00
pl111 Linux 6.19-rc7 2026-01-28 12:44:28 +10:00
qxl drm/qxl: Fix missing KMS poll cleanup 2026-05-04 14:54:44 +02:00
radeon drm/radeon/evergreen_cs: Add missing NULL prefix check in surface check 2026-05-19 12:16:16 -04:00
renesas drm: rcar-du: Fix crash when no CMM is available 2026-04-23 15:53:46 +03:00
rockchip drm/rockchip: analogix: Convert to drm_output_color_format 2026-03-24 13:54:34 +01:00
scheduler Linux 7.0-rc3 2026-03-11 11:18:31 +01:00
sitronix Merge drm/drm-fixes into drm-misc-next-fixes 2026-03-30 10:05:36 +02:00
solomon drm/solomon: Fix page start when updating rectangle in page addressing mode 2026-02-26 13:42:09 +01:00
sprd
sti drm/sti: remove bridge when sti_hda component_add fails 2026-05-04 22:52:39 +02:00
stm drm/bridge: stm_lvds: Do not fail atomic_check on disabled connector 2026-04-13 12:52:33 +02:00
sun4i drm/display: hdmi: Use drm_output_color_format instead of hdmi_colorspace 2026-03-24 13:54:35 +01:00
sysfb drm/sysfb: ofdrm: fix PCI device reference leaks 2026-04-27 11:30:49 +02:00
tegra drm for v7.1-rc1 2026-04-15 08:45:00 -07:00
tests drm/display: hdmi: Use drm_output_color_format instead of hdmi_colorspace 2026-03-24 13:54:35 +01:00
tidss Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
tilcdc drm/tilcdc: Fix type mismatch 2026-03-17 17:50:49 +01:00
tiny drm/bochs: Drop manual put on probe error path 2026-05-07 10:51:18 +02:00
ttm drm/ttm: Fix ttm_bo_shrink() infinite LRU walk on backup failure 2026-05-14 15:32:29 +02:00
tve200
tyr drm for v7.1-rc1 2026-04-15 08:45:00 -07:00
udl drm/udl: Increase GET_URB_TIMEOUT 2026-04-28 10:50:41 +02:00
v3d drm/v3d: Release indirect CSD GEM reference on CPU job free 2026-05-18 19:59:51 -03:00
vboxvideo Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
vc4 drm for v7.1-rc1 2026-04-15 08:45:00 -07:00
verisilicon drm: verisilicon: make vs_dc_platform_driver static 2026-03-25 15:21:23 +01:00
vgem Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
virtio drm/virtio: use uninterruptible resv lock for plane updates 2026-05-20 18:12:11 +03:00
vkms drm/vkms: Support setting custom background color 2026-03-18 09:59:57 +00:00
vmwgfx Linux 7.0-rc6 2026-03-31 07:51:02 +10:00
xe drm/xe: Restore IDLEDLY regiter on engine reset 2026-05-27 11:27:22 -04:00
xen Convert remaining multi-line kmalloc_obj/flex GFP_KERNEL uses 2026-02-22 08:26:33 -08:00
xlnx Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
Kconfig DRM Rust changes for v7.1-rc1 2026-04-01 07:32:05 +10:00
Kconfig.debug drm: fix dead default for DRM_TTM_KUNIT_TEST 2026-03-24 16:19:04 +01:00
Makefile Merge drm/drm-next into drm-xe-next 2026-03-12 07:23:23 -07:00
drm_atomic.c drm/atomic: Remove state argument to drm_atomic_private_obj_init 2026-03-20 10:03:11 +01:00
drm_atomic_helper.c drm fixes for 7.1-rc1 2026-04-24 11:44:52 -07:00
drm_atomic_state_helper.c drm: Add CRTC background color property 2026-03-18 09:59:57 +00:00
drm_atomic_uapi.c drm: Add CRTC background color property 2026-03-18 09:59:57 +00:00
drm_auth.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
drm_blend.c drm: Add CRTC background color property 2026-03-18 09:59:57 +00:00
drm_bridge.c Linux 7.0-rc7 2026-04-07 12:36:31 +02:00
drm_bridge_helper.c
drm_buddy.c Convert remaining multi-line kmalloc_obj/flex GFP_KERNEL uses 2026-02-22 08:26:33 -08:00
drm_cache.c
drm_client.c drm/client: Export drm_client_buffer_create() 2026-03-03 09:28:31 +01:00
drm_client_event.c
drm_client_modeset.c drm/client: Do not destroy NULL modes 2026-02-25 09:31:54 +02:00
drm_client_sysrq.c
drm_color_mgmt.c drm/color-mgmt: Typo s/R332/RGB332/ 2026-04-27 11:36:05 +02:00
drm_colorop.c drm/colorop: Preserve bypass value in duplicate_state() 2026-03-16 08:33:05 +05:30
drm_connector.c drm/display: hdmi: Use drm_output_color_format instead of hdmi_colorspace 2026-03-24 13:54:35 +01:00
drm_crtc.c drm/simple-kms: Deprecate simple-kms helpers 2026-03-25 15:05:22 +01:00
drm_crtc_helper.c Convert remaining multi-line kmalloc_obj/flex GFP_KERNEL uses 2026-02-22 08:26:33 -08:00
drm_crtc_helper_internal.h
drm_crtc_internal.h
drm_damage_helper.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
drm_debugfs.c drm/debug: don't register files for unsupported HDMI InfoFrames 2026-01-19 13:11:47 +02:00
drm_debugfs_crc.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
drm_displayid.c
drm_displayid_internal.h
drm_draw.c drm/draw: add drm_draw_can_convert_from_xrgb8888 2025-12-19 23:06:41 +01:00
drm_draw_internal.h drm/draw: add drm_draw_can_convert_from_xrgb8888 2025-12-19 23:06:41 +01:00
drm_drv.c drm/gem: Make the GEM LRU lock part of drm_device 2026-05-18 15:16:47 +02:00
drm_dumb_buffers.c drm: prevent integer overflows in dumb buffer creation helpers 2026-05-29 08:30:47 +02:00
drm_edid.c drm/edid: Parse AMD Vendor-Specific Data Block 2026-04-03 13:45:49 -04:00
drm_edid_load.c
drm_eld.c
drm_encoder.c
drm_exec.c
drm_fb_dma_helper.c
drm_fb_helper.c drm/fb-helper: Fix clipping when damage area spans a single scanline 2026-05-04 14:55:40 +02:00
drm_fbdev_dma.c
drm_fbdev_shmem.c
drm_fbdev_ttm.c
drm_file.c Revert "drm: Fix use-after-free on framebuffers and property blobs when calling drm_dev_unplug" 2026-03-26 14:09:26 +01:00
drm_flip_work.c treewide: Replace kmalloc with kmalloc_obj for non-scalar types 2026-02-21 01:02:28 -08:00
drm_format_helper.c
drm_format_internal.h
drm_fourcc.c
drm_framebuffer.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
drm_gem.c drm/gem: fix race between change_handle and handle_delete 2026-05-30 07:01:39 +10:00
drm_gem_atomic_helper.c drm/simple-kms: Deprecate simple-kms helpers 2026-03-25 15:05:22 +01:00
drm_gem_dma_helper.c drm/gem-dma: set VM_DONTDUMP for mmap 2026-03-26 14:35:18 +08:00
drm_gem_framebuffer_helper.c drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs() 2026-04-27 11:27:22 +02:00
drm_gem_shmem_helper.c drm/shmem_helper: Make sure PMD entries get the writeable upgrade 2026-04-03 10:11:04 +02:00
drm_gem_ttm_helper.c
drm_gem_vram_helper.c drm/vram: remove DRM_VRAM_MM_FILE_OPERATIONS from docs 2026-04-09 09:34:28 +02:00
drm_gpusvm.c drm/pagemap: Add helper to access zone_device_data 2026-03-13 18:12:07 -07:00
drm_gpuvm.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
drm_internal.h
drm_ioc32.c drm/ioc32: stop speculation on the drm_compat_ioctl path 2026-04-02 08:24:55 +02:00
drm_ioctl.c
drm_kms_helper_common.c
drm_lease.c Convert more 'alloc_obj' cases to default GFP_KERNEL arguments 2026-02-21 20:03:00 -08:00
drm_managed.c
drm_mipi_dbi.c drm/mipi-dbi: Remove simple-display helpers from mipi-dbi 2026-03-25 15:05:17 +01:00
drm_mipi_dsi.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
drm_mm.c
drm_mode_config.c Linux 7.0-rc7 2026-04-07 12:36:31 +02:00
drm_mode_object.c drm/mode_object: add drm_object_immutable_property_get_value() 2026-01-14 02:18:31 +02:00
drm_modes.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
drm_modeset_helper.c drm/simple-kms: Deprecate simple-kms helpers 2026-03-25 15:05:22 +01:00
drm_modeset_lock.c treewide: Replace kmalloc with kmalloc_obj for non-scalar types 2026-02-21 01:02:28 -08:00
drm_of.c
drm_pagemap.c drm/pagemap: Enable THP support for GPU memory migration 2026-03-13 18:12:59 -07:00
drm_pagemap_util.c drm/pagemap_util: Ensure proper cache lock management on free 2026-03-17 15:39:07 +01:00
drm_panel.c
drm_panel_backlight_quirks.c
drm_panel_orientation_quirks.c
drm_panic.c drm/panic: Fix expected string for QR_CODE in drm_panic_type_map 2026-01-09 08:53:27 +00:00
drm_panic_qr.rs
drm_pci.c
drm_plane.c Convert more 'alloc_obj' cases to default GFP_KERNEL arguments 2026-02-21 20:03:00 -08:00
drm_plane_helper.c Convert more 'alloc_obj' cases to default GFP_KERNEL arguments 2026-02-21 20:03:00 -08:00
drm_prime.c drm/prime: Limit scatter list size with dedicated DMA device 2026-03-23 13:23:29 +08:00
drm_print.c
drm_privacy_screen.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
drm_privacy_screen_x86.c
drm_probe_helper.c drm/probe-helper: replace use of system_wq with system_percpu_wq 2026-02-09 09:41:09 +01:00
drm_property.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
drm_ras.c drm/ras: Introduce the DRM RAS infrastructure over generic netlink 2026-03-05 19:38:55 -05:00
drm_ras_genl_family.c drm/ras: Introduce the DRM RAS infrastructure over generic netlink 2026-03-05 19:38:55 -05:00
drm_ras_nl.c drm/ras: Introduce the DRM RAS infrastructure over generic netlink 2026-03-05 19:38:55 -05:00
drm_ras_nl.h drm/ras: Introduce the DRM RAS infrastructure over generic netlink 2026-03-05 19:38:55 -05:00
drm_rect.c
drm_self_refresh_helper.c Merge drm/drm-next into drm-misc-next 2026-02-23 11:48:20 +01:00
drm_simple_kms_helper.c drm/simple-kms: Deprecate simple-kms helpers 2026-03-25 15:05:22 +01:00
drm_suballoc.c Merge tag 'drm-xe-next-2026-03-02' of https://gitlab.freedesktop.org/drm/xe/kernel into drm-next 2026-03-03 10:37:29 +10:00
drm_syncobj.c drm/syncobj: Fix xa_alloc allocation flags 2026-03-25 08:05:35 +00:00
drm_sysfs.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
drm_trace.h
drm_trace_points.c
drm_vblank.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
drm_vblank_helper.c
drm_vblank_work.c
drm_vma_manager.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
drm_writeback.c dma-buf: inline spinlock for fence protection v5 2026-02-23 16:14:19 +01:00