Re: [lvc-project] [PATCH] [RFC] dma-buf: fix race condition between poll and close

On Fri, 03. May 14:08, Dmitry Antipov wrote: > On 5/3/24 11:18 AM, Christian König wrote: > > > Attached is a compile only tested patch, please verify if it fixes your > > problem. > > LGTM, and this is similar to get_file() in __pollwait() and fput() in > free_poll_entry() used in

[PATCH] drm/ttm: fix ttm pool initialization for no-dma-device drivers

if there is no device for DMA. Found by Linux Verification Center (linuxtesting.org). Fixes: b0a7ce53d494 ("drm/ttm: Schedule delayed_delete worker closer") Signed-off-by: Fedor Pchelkin --- drivers/gpu/drm/ttm/ttm_device.c | 9 +++-- 1 file changed, 7 insertions(+), 2 deletions(-)

[PATCH 5.10 1/1] drm/qxl: fix UAF on handle creation

org/patch/msgid/20230814165119.90847-1-wan...@redhat.com [pchelkin: The problem can be reproduced on 5.10 stable. It lacks commit f4a84e165e6d ("drm/qxl: allocate dumb buffers in ram"). Adjust a small conflict regarding that commit: it affects only where the buffers are placed.] Signed-

[PATCH 5.10 0/1] drm/qxl: fix UAF on handle creation

The bug `KASAN: slab-use-after-free in qxl_mode_dumb_create` is reproduced on 5.10 stable branch. The problem has been fixed by the following patch which can be cleanly applied to 5.10. The fix is already included in all stable branches starting from 5.15. Link to the "failed to apply to 5.10"

[PATCH] drm/exynos: gsc: minor fix for loop iteration in gsc_runtime_resume

Do not forget to call clk_disable_unprepare() on the first element of ctx->clocks array. Found by Linux Verification Center (linuxtesting.org). Fixes: 8b7d3ec83aba ("drm/exynos: gsc: Convert driver to IPP v2 core API") Signed-off-by: Fedor Pchelkin --- drivers/gpu/drm/exynos/exy

[PATCH] drm/tegra: put drm_gem_object ref on error in tegra_fb_create

). Fixes: de2ba664c30f ("gpu: host1x: drm: Add memory manager and fb") Signed-off-by: Fedor Pchelkin --- drivers/gpu/drm/tegra/fb.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/tegra/fb.c b/drivers/gpu/drm/tegra/fb.c index a719af1dc9a5..46170753699d 100644 --- a/d

Re: [PATCH] drm/crtc: do not release uninitialized connector reference

On 23/07/21 01:15PM, Fedor Pchelkin wrote: > Inside drm_mode_setcrtc() connector_set is allocated using kmalloc_array() > so its values are uninitialized. When filling this array with actual > pointers to drm connector objects, an error caused with invalid ioctl > request data may occu

[PATCH] drm/crtc: do not release uninitialized connector reference

: b164d31f50b2 ("drm/modes: add connector reference counting. (v2)") Signed-off-by: Fedor Pchelkin --- drivers/gpu/drm/drm_crtc.c | 22 -- 1 file changed, 8 insertions(+), 14 deletions(-) diff --git a/drivers/gpu/drm/drm_crtc.c b/drivers/gpu/drm/drm_crtc.c index df

[PATCH 5.4/5.10 1/1] drm/atomic: Don't pollute crtc_state->mode_blob with error pointers

ted-by: fuyufan Signed-off-by: Ville Syrjälä Link: https://patchwork.freedesktop.org/patch/msgid/20220209091928.14766-1-ville.syrj...@linux.intel.com Acked-by: Maxime Ripard Signed-off-by: Fedor Pchelkin --- drivers/gpu/drm/drm_atomic_uapi.c | 14 -- 1 file changed, 8 insertions(+)

[PATCH 5.4/5.10 0/1] drm/atomic: Don't pollute crtc_state->mode_blob with error pointers

general protection fault in drm_mode_object_put() is hit on 5.4/5.10 if drm_property_create_blob() fails for some reason and state->mode_blob is assigned an error pointer which is not treated correctly in some places as mentioned in patch description. The following patch fixes the issue and can