superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror-linux/drivers/gpu/drm
History
Zhenghang Xiao 7164d78559 drm/gem: fix race between change_handle and handle_delete 
drm_gem_change_handle_ioctl leaves the old handle live in the IDR
during the window between spin_unlock(table_lock) and the final
spin_lock(table_lock). A concurrent drm_gem_handle_delete on the old
handle succeeds in this window, decrements handle_count to 0, and frees
the GEM object while the new handle's IDR entry still references it.

NULL the old handle's IDR entry before dropping table_lock so that any
concurrent GEM_CLOSE on the old handle sees NULL and returns -EINVAL.
Restore the old entry on the prime-bookkeeping error path.

Fixes: 5e28b7b944 ("drm: Set old handle to NULL before prime swap in change_handle")
Signed-off-by: Zhenghang Xiao <kipreyyy@gmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: Dave Airlie <airlied@redhat.com>
Link: https://patch.msgid.link/20260526085313.26791-1-kipreyyy@gmail.com
 		2026-05-30 07:01:39 +10:00
..
adp
amd drm/amdgpu: fix calling VM invalidation in amdgpu_hmm_invalidate_gfx 2026-05-27 12:06:26 -04:00
arm
armada
aspeed
ast
atmel-hlcdc
bridge drm/bridge: megachips: remove bridge when irq request fails 2026-05-19 10:46:33 +02:00
ci
clients
display
etnaviv drm/etnaviv: Fix armed job not being pushed to the DRM scheduler 2026-05-05 11:40:16 +02:00
exynos drm/exynos: remove bridge when component_add fails 2026-05-05 16:50:42 +02:00
fsl-dcu
gma500 drm/gma500/oaktrail_lvds: fix i2c adapter leaks on init 2026-05-13 20:15:17 +02:00
gud
hisilicon
hyperv drm/hyperv: validate VMBus packet size in receive callback 2026-05-25 07:31:53 -04:00
i915 drm/i915/psr: Use DC_OFF wake reference to block DC6 on vblank enable 2026-05-26 09:31:48 +01:00
imagination drm/imagination: Fix segfault when updating ftrace mask 2026-04-27 14:22:52 +01:00
imx
ingenic
kmb
lima
logicvc
loongson drm/loongson: Use managed KMS polling 2026-05-15 08:50:54 +02:00
mcde
mediatek drm/mediatek: mtk_hdmi_ddc: Fix non-static global variable 2026-05-18 14:21:39 +00:00
meson
mgag200
msm drm/msm: Restore second parameter name in purge() and evict() 2026-05-24 10:31:24 -07:00
mxsfb
nouveau Revert "drm/nouveau/gsp: add support for GA100" 2026-05-01 01:08:00 +02:00
nova
omapdrm
panel drm/panel: himax-hx83102: restore MODE_LPM after sending disable cmds 2026-05-05 14:43:36 +02:00
panfrost drm/panfrost: Fix wait_bo ioctl leaking positive return from dma_resv_wait_timeout() 2026-05-07 14:52:55 +01:00
panthor drm fixes for 7.1-rc1 2026-04-24 11:44:52 -07:00
pl111
qxl drm/qxl: Fix missing KMS poll cleanup 2026-05-04 14:54:44 +02:00
radeon drm/radeon/evergreen_cs: Add missing NULL prefix check in surface check 2026-05-19 12:16:16 -04:00
renesas drm: rcar-du: Fix crash when no CMM is available 2026-04-23 15:53:46 +03:00
rockchip
scheduler
sitronix
solomon
sprd
sti drm/sti: remove bridge when sti_hda component_add fails 2026-05-04 22:52:39 +02:00
stm drm/bridge: stm_lvds: Do not fail atomic_check on disabled connector 2026-04-13 12:52:33 +02:00
sun4i
sysfb drm/sysfb: ofdrm: fix PCI device reference leaks 2026-04-27 11:30:49 +02:00
tegra drm for v7.1-rc1 2026-04-15 08:45:00 -07:00
tests
tidss
tilcdc
tiny drm/bochs: Drop manual put on probe error path 2026-05-07 10:51:18 +02:00
ttm drm/ttm: Fix ttm_bo_shrink() infinite LRU walk on backup failure 2026-05-14 15:32:29 +02:00
tve200
tyr drm for v7.1-rc1 2026-04-15 08:45:00 -07:00
udl drm/udl: Increase GET_URB_TIMEOUT 2026-04-28 10:50:41 +02:00
v3d drm/v3d: Release indirect CSD GEM reference on CPU job free 2026-05-18 19:59:51 -03:00
vboxvideo
vc4 drm for v7.1-rc1 2026-04-15 08:45:00 -07:00
verisilicon
vgem
virtio drm/virtio: use uninterruptible resv lock for plane updates 2026-05-20 18:12:11 +03:00
vkms
vmwgfx
xe drm/xe: Restore IDLEDLY regiter on engine reset 2026-05-27 11:27:22 -04:00
xen
xlnx
Kconfig
Kconfig.debug
Makefile
drm_atomic.c
drm_atomic_helper.c drm fixes for 7.1-rc1 2026-04-24 11:44:52 -07:00
drm_atomic_state_helper.c
drm_atomic_uapi.c
drm_auth.c
drm_blend.c
drm_bridge.c Linux 7.0-rc7 2026-04-07 12:36:31 +02:00
drm_bridge_helper.c
drm_buddy.c
drm_cache.c
drm_client.c
drm_client_event.c
drm_client_modeset.c
drm_client_sysrq.c
drm_color_mgmt.c drm/color-mgmt: Typo s/R332/RGB332/ 2026-04-27 11:36:05 +02:00
drm_colorop.c
drm_connector.c
drm_crtc.c
drm_crtc_helper.c
drm_crtc_helper_internal.h
drm_crtc_internal.h
drm_damage_helper.c
drm_debugfs.c
drm_debugfs_crc.c
drm_displayid.c
drm_displayid_internal.h
drm_draw.c
drm_draw_internal.h
drm_drv.c drm/gem: Make the GEM LRU lock part of drm_device 2026-05-18 15:16:47 +02:00
drm_dumb_buffers.c drm: prevent integer overflows in dumb buffer creation helpers 2026-05-29 08:30:47 +02:00
drm_edid.c
drm_edid_load.c
drm_eld.c
drm_encoder.c
drm_exec.c
drm_fb_dma_helper.c
drm_fb_helper.c drm/fb-helper: Fix clipping when damage area spans a single scanline 2026-05-04 14:55:40 +02:00
drm_fbdev_dma.c
drm_fbdev_shmem.c
drm_fbdev_ttm.c
drm_file.c
drm_flip_work.c
drm_format_helper.c
drm_format_internal.h
drm_fourcc.c
drm_framebuffer.c
drm_gem.c drm/gem: fix race between change_handle and handle_delete 2026-05-30 07:01:39 +10:00
drm_gem_atomic_helper.c
drm_gem_dma_helper.c
drm_gem_framebuffer_helper.c drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs() 2026-04-27 11:27:22 +02:00
drm_gem_shmem_helper.c
drm_gem_ttm_helper.c
drm_gem_vram_helper.c drm/vram: remove DRM_VRAM_MM_FILE_OPERATIONS from docs 2026-04-09 09:34:28 +02:00
drm_gpusvm.c
drm_gpuvm.c
drm_internal.h
drm_ioc32.c
drm_ioctl.c
drm_kms_helper_common.c
drm_lease.c
drm_managed.c
drm_mipi_dbi.c
drm_mipi_dsi.c
drm_mm.c
drm_mode_config.c Linux 7.0-rc7 2026-04-07 12:36:31 +02:00
drm_mode_object.c
drm_modes.c
drm_modeset_helper.c
drm_modeset_lock.c
drm_of.c
drm_pagemap.c
drm_pagemap_util.c
drm_panel.c
drm_panel_backlight_quirks.c
drm_panel_orientation_quirks.c
drm_panic.c
drm_panic_qr.rs
drm_pci.c
drm_plane.c
drm_plane_helper.c
drm_prime.c
drm_print.c
drm_privacy_screen.c
drm_privacy_screen_x86.c
drm_probe_helper.c
drm_property.c
drm_ras.c
drm_ras_genl_family.c
drm_ras_nl.c
drm_ras_nl.h
drm_rect.c
drm_self_refresh_helper.c
drm_simple_kms_helper.c
drm_suballoc.c
drm_syncobj.c
drm_sysfs.c
drm_trace.h
drm_trace_points.c
drm_vblank.c
drm_vblank_helper.c
drm_vblank_work.c
drm_vma_manager.c
drm_writeback.c