From: Inki Dae <inki.dae@samsung.com>
To: airlied@linux.ie, daniel@ffwll.ch
Cc: dri-devel@lists.freedesktop.org, linux-samsung-soc@vger.kernel.org
Subject: [GIT PULL] exynos-drm-next
Date: Sun, 1 Feb 2026 23:39:39 +0900 [thread overview]
Message-ID: <20260201143939.27074-1-inki.dae@samsung.com> (raw)
Hi Dave and Daniel,
Fix three regressions in the Exynos VIDI driver related to context lookup,
user pointer handling, and concurrency.
The fixes ensure the correct vidi context is used, safely copy EDID data
from user space, and protect EDID memory operations with proper locking
to prevent invalid access, security issues, and race conditions.
Please kindly let me know if there is any problem.
Thanks,
Inki Dae
The following changes since commit 502d2d8e01c8930afd42363d543ed11298cbe34a:
Merge tag 'drm-xe-next-fixes-2026-01-29' of https://gitlab.freedesktop.org/drm/xe/kernel into drm-next (2026-01-30 13:02:41 +1000)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/daeinki/drm-exynos tags/exynos-drm-next-for-v6.20
for you to fetch changes up to 52b330799e2d6f825ae2bb74662ec1b10eb954bb:
drm/exynos: vidi: use ctx->lock to protect struct vidi_context member variables related to memory alloc/free (2026-02-01 23:28:01 +0900)
----------------------------------------------------------------
Fix three regressions
. Fix a regression where vidi_connection_ioctl() used the wrong device
to look up the vidi context. It stores the vidi device in exynos_drm_private
and uses it in ioctl(), preventing invalid pointer access and related bugs.
. Fix a security regression where vidi_connection_ioctl() directly dereferenced
a user pointer for EDID data. It copies EDID from user space
with copy_from_user() into kernel memory before use, preventing arbitrary
kernel memory access.
. Fix a concurrency regression where vidi_context members related
to EDID memory were accessed without locking. It protects alloc/free and
state updates with ctx->lock, preventing race conditions and use-after-free bugs.
----------------------------------------------------------------
Jeongjun Park (3):
drm/exynos: vidi: use priv->vidi_dev for ctx lookup in vidi_connection_ioctl()
drm/exynos: vidi: fix to avoid directly dereferencing user pointer
drm/exynos: vidi: use ctx->lock to protect struct vidi_context member variables related to memory alloc/free
drivers/gpu/drm/exynos/exynos_drm_drv.h | 1 +
drivers/gpu/drm/exynos/exynos_drm_vidi.c | 74 +++++++++++++++++++++++++++-----
2 files changed, 64 insertions(+), 11 deletions(-)
next reply other threads:[~2026-02-01 14:39 UTC|newest]
Thread overview: 65+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-01 14:39 Inki Dae [this message]
-- strict thread matches above, loose matches on Subject: below --
2026-05-21 14:36 [GIT PULL] exynos-drm-next Inki Dae
2026-05-26 1:01 ` Dave Airlie
2026-05-28 7:33 ` Simona Vetter
2026-05-29 14:08 ` Inki Dae
2026-05-29 13:50 ` Inki Dae
2025-09-14 3:55 Inki Dae
2024-11-04 3:13 Inki Dae
[not found] <CGME20240906091343epcas1p4e83ab2ca25edbed8e129f2c6a9f7292d@epcas1p4.samsung.com>
2024-09-06 9:13 ` Inki Dae
2024-09-09 0:33 ` 대인기/Tizen Platform Lab(SR)/삼성전자
2024-07-03 7:59 Inki Dae
2024-07-05 9:25 ` Daniel Vetter
2024-04-25 3:43 Inki Dae
2023-12-12 5:11 Inki Dae
[not found] <CGME20230809060216epcas1p31ee8f5adc0b079b3bf347369c04f2dfe@epcas1p3.samsung.com>
2023-08-09 6:02 ` Inki Dae
[not found] <CGME20230328040524epcas1p270b050efedfe53d8e59c7e9103d5b84c@epcas1p2.samsung.com>
2023-03-28 4:05 ` Inki Dae
2023-03-28 17:31 ` Daniel Vetter
2023-03-29 5:39 ` 대인기
2023-04-17 1:17 ` Inki Dae
[not found] <CGME20230130051056epcas1p3864c816bfccf0c8a6e7f8601b240b11e@epcas1p3.samsung.com>
2023-01-30 5:10 ` Inki Dae
[not found] <CGME20220926020723epcas1p29e968d4d47ae3b95211c219fcd045d02@epcas1p2.samsung.com>
2022-09-26 2:07 ` Inki Dae
[not found] <CGME20220712061009epcas1p2a58002c639023a32375700be9ee9dea5@epcas1p2.samsung.com>
2022-07-12 6:10 ` Inki Dae
2021-12-22 3:53 Inki Dae
2021-08-21 17:28 Inki Dae
[not found] <CGME20210611024956epcas1p1c15767f446a585a62be9aec1482082c1@epcas1p1.samsung.com>
2021-06-11 2:59 ` Inki Dae
[not found] <CGME20210330082100epcas1p14a343aa642e07f678d265cb4fd9e930a@epcas1p1.samsung.com>
2021-03-30 8:29 ` Inki Dae
[not found] <CGME20201201044247epcas1p321782889404edc13c2a8bdea2800e9a0@epcas1p3.samsung.com>
2020-12-01 4:50 ` Inki Dae
[not found] <CGME20200922083212epcas1p3874ca74fbb2d46214b69bc0dd757aaaf@epcas1p3.samsung.com>
2020-09-22 8:38 ` Inki Dae
[not found] <CGME20200520052745epcas1p3ea5ad049aa682f5afbeaaeec9df8d835@epcas1p3.samsung.com>
2020-05-20 5:33 ` Inki Dae
[not found] <CGME20200316010443epcas1p33627ec18d70b980b7a5c943de8cfa07d@epcas1p3.samsung.com>
2020-03-16 1:09 ` Inki Dae
2020-03-18 2:17 ` Dave Airlie
2020-03-18 3:16 ` Inki Dae
[not found] <CGME20200121004854epcas1p19ef322f1b88ce31f28a17bde2bacc3fc@epcas1p1.samsung.com>
2020-01-21 0:52 ` Inki Dae
2019-10-28 12:34 Inki Dae
2019-09-01 12:06 Inki Dae
2019-06-27 14:28 Inki Dae
[not found] <CGME20190422095042epcas1p27726a67f8283fdc4beff8561d0254957@epcas1p2.samsung.com>
2019-04-22 9:51 ` Inki Dae
2019-04-24 2:03 ` Dave Airlie
2019-04-24 2:11 ` Inki Dae
[not found] <CGME20190207113137epcas1p44bf0105c4de7200eacb9e069ae28f1fd@epcas1p4.samsung.com>
2019-02-07 11:31 ` Inki Dae
[not found] <CGME20181205094053epcas1p118ccbb4387ce9bbc78e6d0988af94ff3@epcas1p1.samsung.com>
2018-12-05 9:40 ` Inki Dae
[not found] <CGME20181001080136epcas2p25ea2774ba9a203331314084a2c1a342d@epcas2p2.samsung.com>
2018-10-01 8:01 ` Inki Dae
[not found] <CGME20180725080228epcas1p2cdab6ad94e69018ba6f30c5bc82191c3@epcas1p2.samsung.com>
2018-07-25 8:02 ` Inki Dae
[not found] <CGME20180514054053epcas1p252e78c047cd19b821e57ca0e63cc3dc3@epcas1p2.samsung.com>
2018-05-14 5:40 ` Inki Dae
[not found] <CGME20180102003618epcas2p2d82ece8ab037e5213f1bc0b83cdb1a43@epcas2p2.samsung.com>
2018-01-02 0:36 ` Inki Dae
[not found] <CGME20171026013709epcas2p2525d1249a7f2ad640ce9028df12e2436@epcas2p2.samsung.com>
2017-10-26 1:37 ` Inki Dae
2017-11-14 4:22 ` Dave Airlie
2017-11-15 1:26 ` Inki Dae
2017-11-15 10:27 ` Daniel Stone
2017-11-15 22:51 ` Inki Dae
2017-11-20 7:33 ` Daniel Vetter
2017-11-28 13:45 ` Marek Szyprowski
2017-11-29 9:52 ` Daniel Vetter
2017-11-28 22:40 ` Inki Dae
[not found] <CGME20170825061857epcas1p4e7086e95f9b626ce8175a62af120e4a5@epcas1p4.samsung.com>
2017-08-25 6:18 ` Inki Dae
[not found] <CGME20170418020509epcas5p2e54f307dee164846dabf0470c5f134eb@epcas5p2.samsung.com>
2017-04-18 2:05 ` Inki Dae
2017-04-18 2:15 ` Inki Dae
2017-04-18 2:21 ` Andi Shyti
2017-04-18 2:30 ` Inki Dae
2017-04-18 7:11 ` Krzysztof Kozlowski
2017-04-18 23:35 ` Dave Airlie
2017-04-19 1:56 ` Inki Dae
2016-12-06 0:15 Inki Dae
2016-07-13 14:30 Inki Dae
2014-11-25 12:41 Inki Dae
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260201143939.27074-1-inki.dae@samsung.com \
--to=inki.dae@samsung.com \
--cc=airlied@linux.ie \
--cc=daniel@ffwll.ch \
--cc=dri-devel@lists.freedesktop.org \
--cc=linux-samsung-soc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).