drm/exynos: vidi: use priv->vidi_dev for ctx lookup in vidi_connection_ioctl() - kernel

diff options

author	Jeongjun Park <aha310510@gmail.com>	2026-01-19 17:25:51 +0900
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2026-02-26 14:59:46 -0800
commit	b5fc86d753dd4c281a943b92f0eef02d31af03d7 (patch)
tree	d3703bfc8445bc9d6a671321a96622f7b10e4989 /include/net/aligned_data.h
parent	5c8e29b5208b823c8d5730e7a7aff0218593666c (diff)

drm/exynos: vidi: use priv->vidi_dev for ctx lookup in vidi_connection_ioctl()

commit d3968a0d85b211e197f2f4f06268a7031079e0d0 upstream. vidi_connection_ioctl() retrieves the driver_data from drm_dev->dev to obtain a struct vidi_context pointer. However, drm_dev->dev is the exynos-drm master device, and the driver_data contained therein is not the vidi component device, but a completely different device. This can lead to various bugs, ranging from null pointer dereferences and garbage value accesses to, in unlucky cases, out-of-bounds errors, use-after-free errors, and more. To resolve this issue, we need to store/delete the vidi device pointer in exynos_drm_private->vidi_dev during bind/unbind, and then read this exynos_drm_private->vidi_dev within ioctl() to obtain the correct struct vidi_context pointer. Cc: <stable@vger.kernel.org> Signed-off-by: Jeongjun Park <aha310510@gmail.com> Signed-off-by: Inki Dae <inki.dae@samsung.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Diffstat (limited to 'include/net/aligned_data.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: