On Sun Jun 28, 2026 at 11:53 PM JST, Danilo Krummrich wrote:
> If drm_dev_register() fails after registering a minor (e.g. render minor
> registered, primary minor fails), userspace could have opened the first
> minor and entered a drm_dev_enter() critical section. Since the
> unplugged flag was never set, the ioctl proceeds while the error path
> tears down device resources.
>
> Fix this by introducing drm_dev_synchronize_unplug(), which sets the
> unplugged flag and waits for the SRCU barrier, ensuring all in-flight
> drm_dev_enter() critical sections complete before cleanup proceeds; call
> it on the error path of drm_dev_register().
>
> Fixes: bee330f3d672 ("drm: Use srcu to protect drm_device.unplugged")
> Cc: [email protected]
> Reported-by: [email protected]
> Closes:
> https://lore.kernel.org/all/[email protected]/
> Signed-off-by: Danilo Krummrich <[email protected]>
Reviewed-by: Alexandre Courbot <[email protected]>