[GIT PULL] exynos-drm-next

Sun, 01 Feb 2026 06:39:50 -0800 

Hi Dave and Daniel,

    Fix three regressions in the Exynos VIDI driver related to context lookup,
    user pointer handling, and concurrency.
    The fixes ensure the correct vidi context is used, safely copy EDID data
    from user space, and protect EDID memory operations with proper locking
    to prevent invalid access, security issues, and race conditions.

    Please kindly let me know if there is any problem.

Thanks,
Inki Dae


The following changes since commit 502d2d8e01c8930afd42363d543ed11298cbe34a:

  Merge tag 'drm-xe-next-fixes-2026-01-29' of 
https://gitlab.freedesktop.org/drm/xe/kernel into drm-next (2026-01-30 13:02:41 
+1000)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/daeinki/drm-exynos 
tags/exynos-drm-next-for-v6.20

for you to fetch changes up to 52b330799e2d6f825ae2bb74662ec1b10eb954bb:

  drm/exynos: vidi: use ctx->lock to protect struct vidi_context member 
variables related to memory alloc/free (2026-02-01 23:28:01 +0900)

----------------------------------------------------------------
Fix three regressions
. Fix a regression where vidi_connection_ioctl() used the wrong device
  to look up the vidi context. It stores the vidi device in exynos_drm_private
  and uses it in ioctl(), preventing invalid pointer access and related bugs.
. Fix a security regression where vidi_connection_ioctl() directly dereferenced
  a user pointer for EDID data. It copies EDID from user space
  with copy_from_user() into kernel memory before use, preventing arbitrary
  kernel memory access.
. Fix a concurrency regression where vidi_context members related
  to EDID memory were accessed without locking. It protects alloc/free and
  state updates with ctx->lock, preventing race conditions and use-after-free 
bugs.

----------------------------------------------------------------
Jeongjun Park (3):
      drm/exynos: vidi: use priv->vidi_dev for ctx lookup in 
vidi_connection_ioctl()
      drm/exynos: vidi: fix to avoid directly dereferencing user pointer
      drm/exynos: vidi: use ctx->lock to protect struct vidi_context member 
variables related to memory alloc/free

 drivers/gpu/drm/exynos/exynos_drm_drv.h  |  1 +
 drivers/gpu/drm/exynos/exynos_drm_vidi.c | 74 +++++++++++++++++++++++++++-----
 2 files changed, 64 insertions(+), 11 deletions(-)

Reply via email to