From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 80796EA4E04 for ; Mon, 2 Mar 2026 13:52:14 +0000 (UTC) Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id 5AF7A10E4F5; Mon, 2 Mar 2026 13:52:13 +0000 (UTC) Authentication-Results: gabe.freedesktop.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="fGu1Nqsh"; dkim-atps=neutral Received: from mail-wm1-f46.google.com (mail-wm1-f46.google.com [209.85.128.46]) by gabe.freedesktop.org (Postfix) with ESMTPS id 4305F10E1FE for ; Sun, 1 Mar 2026 12:36:01 +0000 (UTC) Received: by mail-wm1-f46.google.com with SMTP id 5b1f17b1804b1-48379a42f76so27955985e9.0 for ; Sun, 01 Mar 2026 04:36:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1772368560; x=1772973360; darn=lists.freedesktop.org; h=cc:to:message-id:content-transfer-encoding:mime-version:subject :date:from:from:to:cc:subject:date:message-id:reply-to; bh=7WTaNKvEWa7tYm/Uesjo1oABC1FIfYN68a3odoPwQR0=; b=fGu1Nqshr7f4TQDd5MjhBpv/6/b6tviA+kYSm0vstsvstgPJPzurDQp0XXp0Jl0qIr Z9PqilDT1KPO4W+0Y+Ce4rw+Z6VBfKLiUMcT+MW17RbsKELAM8uNrifPBR8C815ugRXJ aMmH7Kk7FT13V2zb7BiEg9MM0QooxoPdV6XWzkenjaw4rZPAlRZzH8chN584CEKQUfx8 Y+xN/abPAkuoOEvExQbjk/zZ7mt7/7nNGQjmyFgPNh+0otQqX40XP6EBNvDqs5+BV8lv 9hKvIdpe5bpr0EwQY3vWrk88r/N35thWDrmXYdoQoB/sPs9tJ8/MG0nTQuvrtEehS609 ucwg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1772368560; x=1772973360; h=cc:to:message-id:content-transfer-encoding:mime-version:subject :date:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=7WTaNKvEWa7tYm/Uesjo1oABC1FIfYN68a3odoPwQR0=; b=bfD1YGmUhHIzlA/kHX+Y1BZPDQLCipVgiHNNMWNYLdrt3+igF4Sq81RCvxQr96ng2W Kk2aPdUB2oklA2hTUUp1bB9ZJPh5cR4uRY+44DevvLusyLuEgWWWjAcbMBRCPCEIIBil 9gtQVENxCiC2fIio0/1g8XFupuD4TN17tsDe1pmmZHYaYRGdgQXWlYjSnb7Xb4NMnqng ZO3oisyu2Z0l/uX3ctXhJHxLUBpA23Ad3GpnegDH6ZoNCteCPcJB8hHYKKmuwSqedXCO FldDGMQlF1HETb4R2eWBPfWZAgGWgtnXs58FI2dTimwQoKO5LdEaqWLKurQ/dwZDUcjV X3Dw== X-Gm-Message-State: AOJu0YwyhNgDfJwYVLETWRKbYvzFQZvEWO/Alca42Vxjq0KaOHp2dyXd I4LuVZW7paTs3X0KmsjW5QdxWgSgSBQ1vVNFcVhM3sdaD8aKDEBO0CUxmDE9nJCz X-Gm-Gg: ATEYQzyC/scm0kkwv+g+fEIOAeUqFkdChbk5RD+gEbYo6Bk/NXPwU6faargHv6i6+kX mwpj9SSV0LoPjMN3JxOc3FtYhz8efTEhWv8+CZnFP4wU1iaIB3/WbIE5EISoX5KdEeoapOHVtNc YdlZY7YJ3jFmaCi6w73JtuzujuilyDqqmK2XeoNPfwFMkptAh6rQFRMxsMLAjZPromN1x8/6LYD /OAAhVH4yUrFGN45D0iLWL1dSoPfgeP1JIet0B4WDt3vwpI4p3gucsoweT6bPY7kEUH/ji01mvs TprYcm/Sqj7oULsIYKkMXOtbqJ+NMRB9/o8089v8aucssq1C2dJJngGJBNUVKktnflnN8CVt99h mi1kk8lrWyfF1qe4A2nEI390JTsUHJKQCOiwsHd16vDE7c3go3uTKOvaP22q8dMpqYYh2st0cG9 ZeDLsIBbLXRQikr2ZGUsr9QY4WrfOa180MuvouLN/+YNu9dGbxWQHJZxWLgNgPaIuo/zyI0XvwT gdT++xEZN6yKp1w3g== X-Received: by 2002:a05:600c:3b22:b0:477:a978:3a7b with SMTP id 5b1f17b1804b1-483c9bff7b0mr143483095e9.22.1772368559454; Sun, 01 Mar 2026 04:35:59 -0800 (PST) Received: from [10.13.0.20] (ip87-106-117-14.pbiaas.com. [87.106.117.14]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4399c70e8dasm21164286f8f.9.2026.03.01.04.35.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 01 Mar 2026 04:35:58 -0800 (PST) From: Julian Orth Date: Sun, 01 Mar 2026 13:34:42 +0100 Subject: [PATCH] drm/syncobj: Fix handle <-> fd ioctls with dirty stack MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <20260301-point-v1-1-21fc5fd98614@gmail.com> X-B4-Tracking: v=1; b=H4sIAAAAAAAC/6tWKk4tykwtVrJSqFYqSi3LLM7MzwNyDHUUlJIzE vPSU3UzU4B8JSMDIzMDYwND3YL8zLwSXRNjA9MkMxND8zRTUyWg2oKi1LTMCrA50bG1tQBQQD7 ZVwAAAA== X-Change-ID: 20260301-point-4305b6417f55 To: Maarten Lankhorst , Maxime Ripard , Thomas Zimmermann , David Airlie , Simona Vetter , =?utf-8?q?Christian_K=C3=B6nig?= , Dmitry Osipenko , Rob Clark Cc: dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org, Julian Orth X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1772368557; l=2444; i=ju.orth@gmail.com; s=20251120; h=from:subject:message-id; bh=DxbNewEV8IlsHVmCvNU4nij2VG3FPWOYPR+kY3PZdN4=; b=Vd7rGo61uCU2Su434lAUNi/cf7rLnYloe2yqjADQSux9Rf1Rbp+z3OWwHNy0C+tkKHuiSY9zz mxyaUTh5cGBBd7fD5VGje0OUnt0doQYcxD6Bnix5vkWKehoBX6LMlRK X-Developer-Key: i=ju.orth@gmail.com; a=ed25519; pk=uM2SS4lelkuIoYHc7v9N9bgBZ3hS632zJS2xjRJLPLI= X-Mailman-Approved-At: Mon, 02 Mar 2026 13:52:12 +0000 X-BeenThere: dri-devel@lists.freedesktop.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Direct Rendering Infrastructure - Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dri-devel-bounces@lists.freedesktop.org Sender: "dri-devel" Consider the following application: #include #include #include #include int main(void) { int fd = open("/dev/dri/renderD128", O_RDWR); struct drm_syncobj_create arg1; ioctl(fd, DRM_IOCTL_SYNCOBJ_CREATE, &arg1); struct drm_syncobj_handle arg2; memset(&arg2, 1, sizeof(arg2)); // simulate dirty stack arg2.handle = arg1.handle; arg2.flags = 0; arg2.fd = 0; arg2.pad = 0; // arg2.point = 0; // userspace is required to set point to 0 ioctl(fd, DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD, &arg2); } The last ioctl returns EINVAL because args->point is not 0. However, userspace developed against older kernel versions is not aware of the new point field and might therefore not initialize it. The correct check would be if (args->flags & DRM_SYNCOBJ_FD_TO_HANDLE_FLAGS_TIMELINE) return -EINVAL; However, there might already be userspace that relies on this not returning an error as long as point == 0. Therefore use the more lenient check. Fixes: c2d3a7300695 ("drm/syncobj: Extend EXPORT_SYNC_FILE for timeline syncobjs") Signed-off-by: Julian Orth --- This patch fixes a regression that would cause conversions between syncobj handles and fds to fail if userspace did not initialize a recently-added field to 0. --- drivers/gpu/drm/drm_syncobj.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/drm_syncobj.c b/drivers/gpu/drm/drm_syncobj.c index 250734dee928..49eccb43ce63 100644 --- a/drivers/gpu/drm/drm_syncobj.c +++ b/drivers/gpu/drm/drm_syncobj.c @@ -875,7 +875,7 @@ drm_syncobj_handle_to_fd_ioctl(struct drm_device *dev, void *data, return drm_syncobj_export_sync_file(file_private, args->handle, point, &args->fd); - if (args->point) + if (point) return -EINVAL; return drm_syncobj_handle_to_fd(file_private, args->handle, @@ -909,7 +909,7 @@ drm_syncobj_fd_to_handle_ioctl(struct drm_device *dev, void *data, args->handle, point); - if (args->point) + if (point) return -EINVAL; return drm_syncobj_fd_to_handle(file_private, args->fd, --- base-commit: eb71ab2bf72260054677e348498ba995a057c463 change-id: 20260301-point-4305b6417f55 Best regards, -- Julian Orth