[PATCH 0/8] drm/gem: Audit around handle_create races
Simona Vetter
simona.vetter at ffwll.ch
Wed May 28 09:12:58 UTC 2025
Hi all,
Thanks to a report by Jacek Lawrynowicz I've crawled around in core and
driver code around drm_gem_handle_create() and found a bunch of issues.
Attached series is either fixes where I could do them, or RFC-style
patches that just add a comment about what looks wrong. The conversion
from idr_for_each_entry to idr_for_each only fixes temporary premature idr
iteration termination, and so fairly benign impact.
Testing and review very much welcome.
Cheers, Sima
Simona Vetter (8):
drm/gem: Fix race in drm_gem_handle_create_tail()
drm/fdinfo: Switch to idr_for_each() in drm_show_memory_stats()
drm/panthor: Fix UAF in panthor_gem_create_with_handle() debugfs code
accel/qaic: delete qaic_bo.handle
drm/amd/kfd: Add comment about possible drm_gem_handle_create() race
drm/amdgpu: Add comments about drm_file.object_idr issues
drm/vmwgfx: Add comments about drm_file.object_idr issues
drm/xe: Add comments about drm_file.object_idr issues
drivers/accel/qaic/qaic.h | 2 -
drivers/accel/qaic/qaic_data.c | 1 -
.../gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 2 +
drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c | 2 +
drivers/gpu/drm/drm_file.c | 95 +++++++++++--------
drivers/gpu/drm/drm_gem.c | 10 +-
drivers/gpu/drm/panthor/panthor_gem.c | 31 +++---
drivers/gpu/drm/panthor/panthor_gem.h | 3 -
drivers/gpu/drm/vmwgfx/vmwgfx_gem.c | 1 +
drivers/gpu/drm/xe/xe_drm_client.c | 3 +
include/drm/drm_file.h | 3 +
11 files changed, 90 insertions(+), 63 deletions(-)
--
2.49.0
More information about the dri-devel
mailing list