* [v4.19.y PATCH 0/3] fix drm/udl use-after-free error
@ 2019-07-15 18:05 Ross Zwisler
2019-07-15 18:05 ` [v4.19.y PATCH 1/3] drm/udl: introduce a macro to convert dev to udl Ross Zwisler
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Ross Zwisler @ 2019-07-15 18:05 UTC (permalink / raw)
To: stable; +Cc: Ross Zwisler, Dave Airlie, Thomas Zimmermann, Guenter Roeck
When testing with a device which uses the drm/udl driver, KASAN shows
that on hot-remove we have a use-after-free:
==================================================================
BUG: KASAN: use-after-free in do_raw_spin_lock+0x1c/0xdd
Read of size 4 at addr ffff88841863668c by task kworker/2:3/2085
CPU: 2 PID: 2085 Comm: kworker/2:3 Tainted: G U W 4.19.59-dirty #15
Hardware name: GOOGLE Samus, BIOS Google_Samus.6300.276.0 08/17/2016
Workqueue: events drm_mode_rmfb_work_fn
Call Trace:
dump_stack+0x62/0x8b
print_address_description+0x80/0x2d2
? do_raw_spin_lock+0x1c/0xdd
kasan_report+0x26a/0x2aa
do_raw_spin_lock+0x1c/0xdd
_raw_spin_lock_irqsave+0x19/0x1f
down_timeout+0x19/0x58
udl_get_urb+0x3d/0x13c
? udl_crtc_dpms+0x2e/0x270
udl_crtc_dpms+0x45/0x270
__drm_helper_disable_unused_functions+0xed/0x150
drm_crtc_helper_set_config+0x214/0xf25
? ___slab_alloc.constprop.75+0xdd/0x48c
? drm_modeset_lock_all+0x33/0xbb
? ___might_sleep+0x80/0x1b6
__drm_mode_set_config_internal+0x103/0x22c
drm_crtc_force_disable+0x4e/0x69
drm_framebuffer_remove+0x169/0x508
? do_raw_spin_unlock+0xd4/0xde
? mmdrop+0x16/0x29
drm_mode_rmfb_work_fn+0x8d/0x9b
process_one_work+0x309/0x4df
worker_thread+0x369/0x447
? create_worker+0x2f1/0x2f1
kthread+0x223/0x233
? kthread_worker_fn+0x29c/0x29c
ret_from_fork+0x35/0x40
Allocated by task 2085:
kasan_kmalloc+0x99/0xa8
kmem_cache_alloc_trace+0x105/0x12b
udl_driver_load+0x52/0x776
drm_dev_register+0x151/0x2d6
udl_usb_probe+0x4f/0xa6
usb_probe_interface+0x25e/0x311
really_probe+0x1f1/0x3ee
driver_probe_device+0xd6/0x112
bus_for_each_drv+0xbb/0xe2
__device_attach+0xdb/0x159
bus_probe_device+0x5a/0x100
device_add+0x4bf/0x847
usb_set_configuration+0x972/0x9df
generic_probe+0x45/0x77
really_probe+0x1f1/0x3ee
driver_probe_device+0xd6/0x112
bus_for_each_drv+0xbb/0xe2
__device_attach+0xdb/0x159
bus_probe_device+0x5a/0x100
device_add+0x4bf/0x847
usb_new_device+0x540/0x6ba
hub_event+0x1017/0x161c
process_one_work+0x309/0x4df
worker_thread+0x2de/0x447
kthread+0x223/0x233
ret_from_fork+0x35/0x40
Freed by task 2085:
__kasan_slab_free+0x102/0x126
slab_free_freelist_hook+0x4d/0x9d
kfree+0x127/0x1bd
drm_dev_unregister+0xae/0x167
drm_dev_unplug+0x2e/0x38
usb_unbind_interface+0xc5/0x2be
device_release_driver_internal+0x229/0x381
bus_remove_device+0x1a2/0x1cd
device_del+0x26b/0x42c
usb_disable_device+0x112/0x2c9
usb_disconnect+0xed/0x28c
usb_disconnect+0xde/0x28c
hub_event+0x7eb/0x161c
process_one_work+0x309/0x4df
worker_thread+0x2de/0x447
kthread+0x223/0x233
ret_from_fork+0x35/0x40
The buggy address belongs to the object at ffff888418636600
which belongs to the cache kmalloc-2048 of size 2048
The buggy address is located 140 bytes inside of
2048-byte region [ffff888418636600, ffff888418636e00)
The buggy address belongs to the page:
page:ffffea0010618c00 count:1 mapcount:0 mapping:ffff88842d403040 index:0x0 compound_mapcount: 0
flags: 0x8000000000008100(slab|head)
raw: 8000000000008100 dead000000000100 dead000000000200 ffff88842d403040
raw: 0000000000000000 00000000000f000f 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff888418636580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff888418636600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff888418636680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
^
ffff888418636700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff888418636780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================
Disabling lock debugging due to kernel taint
[drm] wait for urb interrupted: ffffffc2 available: 4
This happens 100% of the time and is resolved by the following patch
upstream:
commit 6ecac85eadb9 ("drm/udl: move to embedding drm device inside udl device.")
This patch is the third in this series, and requires the first two
patches as dependencies. All three were clean cherry-picks on top of
v4.19.59.
Dave Airlie (2):
drm/udl: introduce a macro to convert dev to udl.
drm/udl: move to embedding drm device inside udl device.
Thomas Zimmermann (1):
drm/udl: Replace drm_dev_unref with drm_dev_put
drivers/gpu/drm/udl/udl_drv.c | 56 +++++++++++++++++++++++++++-------
drivers/gpu/drm/udl/udl_drv.h | 9 +++---
drivers/gpu/drm/udl/udl_fb.c | 12 ++++----
drivers/gpu/drm/udl/udl_gem.c | 2 +-
drivers/gpu/drm/udl/udl_main.c | 35 ++++++---------------
5 files changed, 66 insertions(+), 48 deletions(-)
--
2.22.0.510.g264f2c817a-goog
^ permalink raw reply [flat|nested] 4+ messages in thread
* [v4.19.y PATCH 1/3] drm/udl: introduce a macro to convert dev to udl.
2019-07-15 18:05 [v4.19.y PATCH 0/3] fix drm/udl use-after-free error Ross Zwisler
@ 2019-07-15 18:05 ` Ross Zwisler
2019-07-15 18:05 ` [v4.19.y PATCH 2/3] drm/udl: Replace drm_dev_unref with drm_dev_put Ross Zwisler
2019-07-15 18:05 ` [v4.19.y PATCH 3/3] drm/udl: move to embedding drm device inside udl device Ross Zwisler
2 siblings, 0 replies; 4+ messages in thread
From: Ross Zwisler @ 2019-07-15 18:05 UTC (permalink / raw)
To: stable
Cc: Dave Airlie, Thomas Zimmermann, Guenter Roeck, Alex Deucher,
Ross Zwisler
From: Dave Airlie <airlied@redhat.com>
commit fd96e0dba19c53c2d66f2a398716bb74df8ca85e upstream.
This just makes it easier to later embed drm into udl.
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20190405031715.5959-3-airlied@gmail.com
Signed-off-by: Ross Zwisler <zwisler@google.com>
---
drivers/gpu/drm/udl/udl_drv.h | 2 ++
drivers/gpu/drm/udl/udl_fb.c | 10 +++++-----
drivers/gpu/drm/udl/udl_gem.c | 2 +-
drivers/gpu/drm/udl/udl_main.c | 12 ++++++------
4 files changed, 14 insertions(+), 12 deletions(-)
diff --git a/drivers/gpu/drm/udl/udl_drv.h b/drivers/gpu/drm/udl/udl_drv.h
index 4ae67d882eae..b3e08e876d62 100644
--- a/drivers/gpu/drm/udl/udl_drv.h
+++ b/drivers/gpu/drm/udl/udl_drv.h
@@ -71,6 +71,8 @@ struct udl_device {
atomic_t cpu_kcycles_used; /* transpired during pixel processing */
};
+#define to_udl(x) ((x)->dev_private)
+
struct udl_gem_object {
struct drm_gem_object base;
struct page **pages;
diff --git a/drivers/gpu/drm/udl/udl_fb.c b/drivers/gpu/drm/udl/udl_fb.c
index dd9ffded223b..590323ea261f 100644
--- a/drivers/gpu/drm/udl/udl_fb.c
+++ b/drivers/gpu/drm/udl/udl_fb.c
@@ -82,7 +82,7 @@ int udl_handle_damage(struct udl_framebuffer *fb, int x, int y,
int width, int height)
{
struct drm_device *dev = fb->base.dev;
- struct udl_device *udl = dev->dev_private;
+ struct udl_device *udl = to_udl(dev);
int i, ret;
char *cmd;
cycles_t start_cycles, end_cycles;
@@ -210,7 +210,7 @@ static int udl_fb_open(struct fb_info *info, int user)
{
struct udl_fbdev *ufbdev = info->par;
struct drm_device *dev = ufbdev->ufb.base.dev;
- struct udl_device *udl = dev->dev_private;
+ struct udl_device *udl = to_udl(dev);
/* If the USB device is gone, we don't accept new opens */
if (drm_dev_is_unplugged(udl->ddev))
@@ -441,7 +441,7 @@ static void udl_fbdev_destroy(struct drm_device *dev,
int udl_fbdev_init(struct drm_device *dev)
{
- struct udl_device *udl = dev->dev_private;
+ struct udl_device *udl = to_udl(dev);
int bpp_sel = fb_bpp;
struct udl_fbdev *ufbdev;
int ret;
@@ -480,7 +480,7 @@ int udl_fbdev_init(struct drm_device *dev)
void udl_fbdev_cleanup(struct drm_device *dev)
{
- struct udl_device *udl = dev->dev_private;
+ struct udl_device *udl = to_udl(dev);
if (!udl->fbdev)
return;
@@ -491,7 +491,7 @@ void udl_fbdev_cleanup(struct drm_device *dev)
void udl_fbdev_unplug(struct drm_device *dev)
{
- struct udl_device *udl = dev->dev_private;
+ struct udl_device *udl = to_udl(dev);
struct udl_fbdev *ufbdev;
if (!udl->fbdev)
return;
diff --git a/drivers/gpu/drm/udl/udl_gem.c b/drivers/gpu/drm/udl/udl_gem.c
index bb7b58407039..3b3e17652bb2 100644
--- a/drivers/gpu/drm/udl/udl_gem.c
+++ b/drivers/gpu/drm/udl/udl_gem.c
@@ -203,7 +203,7 @@ int udl_gem_mmap(struct drm_file *file, struct drm_device *dev,
{
struct udl_gem_object *gobj;
struct drm_gem_object *obj;
- struct udl_device *udl = dev->dev_private;
+ struct udl_device *udl = to_udl(dev);
int ret = 0;
mutex_lock(&udl->gem_lock);
diff --git a/drivers/gpu/drm/udl/udl_main.c b/drivers/gpu/drm/udl/udl_main.c
index 19055dda3140..09ce98113c0e 100644
--- a/drivers/gpu/drm/udl/udl_main.c
+++ b/drivers/gpu/drm/udl/udl_main.c
@@ -29,7 +29,7 @@
static int udl_parse_vendor_descriptor(struct drm_device *dev,
struct usb_device *usbdev)
{
- struct udl_device *udl = dev->dev_private;
+ struct udl_device *udl = to_udl(dev);
char *desc;
char *buf;
char *desc_end;
@@ -165,7 +165,7 @@ void udl_urb_completion(struct urb *urb)
static void udl_free_urb_list(struct drm_device *dev)
{
- struct udl_device *udl = dev->dev_private;
+ struct udl_device *udl = to_udl(dev);
int count = udl->urbs.count;
struct list_head *node;
struct urb_node *unode;
@@ -198,7 +198,7 @@ static void udl_free_urb_list(struct drm_device *dev)
static int udl_alloc_urb_list(struct drm_device *dev, int count, size_t size)
{
- struct udl_device *udl = dev->dev_private;
+ struct udl_device *udl = to_udl(dev);
struct urb *urb;
struct urb_node *unode;
char *buf;
@@ -262,7 +262,7 @@ static int udl_alloc_urb_list(struct drm_device *dev, int count, size_t size)
struct urb *udl_get_urb(struct drm_device *dev)
{
- struct udl_device *udl = dev->dev_private;
+ struct udl_device *udl = to_udl(dev);
int ret = 0;
struct list_head *entry;
struct urb_node *unode;
@@ -295,7 +295,7 @@ struct urb *udl_get_urb(struct drm_device *dev)
int udl_submit_urb(struct drm_device *dev, struct urb *urb, size_t len)
{
- struct udl_device *udl = dev->dev_private;
+ struct udl_device *udl = to_udl(dev);
int ret;
BUG_ON(len > udl->urbs.size);
@@ -370,7 +370,7 @@ int udl_drop_usb(struct drm_device *dev)
void udl_driver_unload(struct drm_device *dev)
{
- struct udl_device *udl = dev->dev_private;
+ struct udl_device *udl = to_udl(dev);
drm_kms_helper_poll_fini(dev);
--
2.22.0.510.g264f2c817a-goog
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [v4.19.y PATCH 2/3] drm/udl: Replace drm_dev_unref with drm_dev_put
2019-07-15 18:05 [v4.19.y PATCH 0/3] fix drm/udl use-after-free error Ross Zwisler
2019-07-15 18:05 ` [v4.19.y PATCH 1/3] drm/udl: introduce a macro to convert dev to udl Ross Zwisler
@ 2019-07-15 18:05 ` Ross Zwisler
2019-07-15 18:05 ` [v4.19.y PATCH 3/3] drm/udl: move to embedding drm device inside udl device Ross Zwisler
2 siblings, 0 replies; 4+ messages in thread
From: Ross Zwisler @ 2019-07-15 18:05 UTC (permalink / raw)
To: stable
Cc: Thomas Zimmermann, Dave Airlie, Guenter Roeck, Sean Paul, Ross Zwisler
From: Thomas Zimmermann <tzimmermann@suse.de>
commit ac3b35f11a06964f5fe7f6ea9a190a28a7994704 upstream.
This patch unifies the naming of DRM functions for reference counting
of struct drm_device. The resulting code is more aligned with the rest
of the Linux kernel interfaces.
Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>
Signed-off-by: Sean Paul <seanpaul@chromium.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20180926120212.25359-1-tzimmermann@suse.de
Signed-off-by: Ross Zwisler <zwisler@google.com>
---
drivers/gpu/drm/udl/udl_drv.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/udl/udl_drv.c b/drivers/gpu/drm/udl/udl_drv.c
index 54e767bd5ddb..bd4f0b88bbd7 100644
--- a/drivers/gpu/drm/udl/udl_drv.c
+++ b/drivers/gpu/drm/udl/udl_drv.c
@@ -95,7 +95,7 @@ static int udl_usb_probe(struct usb_interface *interface,
return 0;
err_free:
- drm_dev_unref(dev);
+ drm_dev_put(dev);
return r;
}
--
2.22.0.510.g264f2c817a-goog
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [v4.19.y PATCH 3/3] drm/udl: move to embedding drm device inside udl device.
2019-07-15 18:05 [v4.19.y PATCH 0/3] fix drm/udl use-after-free error Ross Zwisler
2019-07-15 18:05 ` [v4.19.y PATCH 1/3] drm/udl: introduce a macro to convert dev to udl Ross Zwisler
2019-07-15 18:05 ` [v4.19.y PATCH 2/3] drm/udl: Replace drm_dev_unref with drm_dev_put Ross Zwisler
@ 2019-07-15 18:05 ` Ross Zwisler
2 siblings, 0 replies; 4+ messages in thread
From: Ross Zwisler @ 2019-07-15 18:05 UTC (permalink / raw)
To: stable
Cc: Dave Airlie, Thomas Zimmermann, Guenter Roeck, Alex Deucher,
Ross Zwisler
From: Dave Airlie <airlied@redhat.com>
commit 6ecac85eadb9d4065b9038fa3d3c66d49038e14b upstream.
This should help with some of the lifetime issues, and move us away
from load/unload.
Acked-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20190405031715.5959-4-airlied@gmail.com
Signed-off-by: Ross Zwisler <zwisler@google.com>
---
drivers/gpu/drm/udl/udl_drv.c | 56 +++++++++++++++++++++++++++-------
drivers/gpu/drm/udl/udl_drv.h | 9 +++---
drivers/gpu/drm/udl/udl_fb.c | 2 +-
drivers/gpu/drm/udl/udl_main.c | 23 ++------------
4 files changed, 53 insertions(+), 37 deletions(-)
diff --git a/drivers/gpu/drm/udl/udl_drv.c b/drivers/gpu/drm/udl/udl_drv.c
index bd4f0b88bbd7..f28703db8dbd 100644
--- a/drivers/gpu/drm/udl/udl_drv.c
+++ b/drivers/gpu/drm/udl/udl_drv.c
@@ -47,10 +47,16 @@ static const struct file_operations udl_driver_fops = {
.llseek = noop_llseek,
};
+static void udl_driver_release(struct drm_device *dev)
+{
+ udl_fini(dev);
+ udl_modeset_cleanup(dev);
+ drm_dev_fini(dev);
+ kfree(dev);
+}
+
static struct drm_driver driver = {
.driver_features = DRIVER_MODESET | DRIVER_GEM | DRIVER_PRIME,
- .load = udl_driver_load,
- .unload = udl_driver_unload,
.release = udl_driver_release,
/* gem hooks */
@@ -74,28 +80,56 @@ static struct drm_driver driver = {
.patchlevel = DRIVER_PATCHLEVEL,
};
+static struct udl_device *udl_driver_create(struct usb_interface *interface)
+{
+ struct usb_device *udev = interface_to_usbdev(interface);
+ struct udl_device *udl;
+ int r;
+
+ udl = kzalloc(sizeof(*udl), GFP_KERNEL);
+ if (!udl)
+ return ERR_PTR(-ENOMEM);
+
+ r = drm_dev_init(&udl->drm, &driver, &interface->dev);
+ if (r) {
+ kfree(udl);
+ return ERR_PTR(r);
+ }
+
+ udl->udev = udev;
+ udl->drm.dev_private = udl;
+
+ r = udl_init(udl);
+ if (r) {
+ drm_dev_fini(&udl->drm);
+ kfree(udl);
+ return ERR_PTR(r);
+ }
+
+ usb_set_intfdata(interface, udl);
+ return udl;
+}
+
static int udl_usb_probe(struct usb_interface *interface,
const struct usb_device_id *id)
{
- struct usb_device *udev = interface_to_usbdev(interface);
- struct drm_device *dev;
int r;
+ struct udl_device *udl;
- dev = drm_dev_alloc(&driver, &interface->dev);
- if (IS_ERR(dev))
- return PTR_ERR(dev);
+ udl = udl_driver_create(interface);
+ if (IS_ERR(udl))
+ return PTR_ERR(udl);
- r = drm_dev_register(dev, (unsigned long)udev);
+ r = drm_dev_register(&udl->drm, 0);
if (r)
goto err_free;
- usb_set_intfdata(interface, dev);
- DRM_INFO("Initialized udl on minor %d\n", dev->primary->index);
+ DRM_INFO("Initialized udl on minor %d\n", udl->drm.primary->index);
return 0;
err_free:
- drm_dev_put(dev);
+ drm_dev_put(&udl->drm);
return r;
}
diff --git a/drivers/gpu/drm/udl/udl_drv.h b/drivers/gpu/drm/udl/udl_drv.h
index b3e08e876d62..35c1f33fbc1a 100644
--- a/drivers/gpu/drm/udl/udl_drv.h
+++ b/drivers/gpu/drm/udl/udl_drv.h
@@ -50,8 +50,8 @@ struct urb_list {
struct udl_fbdev;
struct udl_device {
+ struct drm_device drm;
struct device *dev;
- struct drm_device *ddev;
struct usb_device *udev;
struct drm_crtc *crtc;
@@ -71,7 +71,7 @@ struct udl_device {
atomic_t cpu_kcycles_used; /* transpired during pixel processing */
};
-#define to_udl(x) ((x)->dev_private)
+#define to_udl(x) container_of(x, struct udl_device, drm)
struct udl_gem_object {
struct drm_gem_object base;
@@ -104,9 +104,8 @@ struct urb *udl_get_urb(struct drm_device *dev);
int udl_submit_urb(struct drm_device *dev, struct urb *urb, size_t len);
void udl_urb_completion(struct urb *urb);
-int udl_driver_load(struct drm_device *dev, unsigned long flags);
-void udl_driver_unload(struct drm_device *dev);
-void udl_driver_release(struct drm_device *dev);
+int udl_init(struct udl_device *udl);
+void udl_fini(struct drm_device *dev);
int udl_fbdev_init(struct drm_device *dev);
void udl_fbdev_cleanup(struct drm_device *dev);
diff --git a/drivers/gpu/drm/udl/udl_fb.c b/drivers/gpu/drm/udl/udl_fb.c
index 590323ea261f..4ab101bf1df0 100644
--- a/drivers/gpu/drm/udl/udl_fb.c
+++ b/drivers/gpu/drm/udl/udl_fb.c
@@ -213,7 +213,7 @@ static int udl_fb_open(struct fb_info *info, int user)
struct udl_device *udl = to_udl(dev);
/* If the USB device is gone, we don't accept new opens */
- if (drm_dev_is_unplugged(udl->ddev))
+ if (drm_dev_is_unplugged(&udl->drm))
return -ENODEV;
ufbdev->fb_count++;
diff --git a/drivers/gpu/drm/udl/udl_main.c b/drivers/gpu/drm/udl/udl_main.c
index 09ce98113c0e..8d22b6cd5241 100644
--- a/drivers/gpu/drm/udl/udl_main.c
+++ b/drivers/gpu/drm/udl/udl_main.c
@@ -310,20 +310,12 @@ int udl_submit_urb(struct drm_device *dev, struct urb *urb, size_t len)
return ret;
}
-int udl_driver_load(struct drm_device *dev, unsigned long flags)
+int udl_init(struct udl_device *udl)
{
- struct usb_device *udev = (void*)flags;
- struct udl_device *udl;
+ struct drm_device *dev = &udl->drm;
int ret = -ENOMEM;
DRM_DEBUG("\n");
- udl = kzalloc(sizeof(struct udl_device), GFP_KERNEL);
- if (!udl)
- return -ENOMEM;
-
- udl->udev = udev;
- udl->ddev = dev;
- dev->dev_private = udl;
mutex_init(&udl->gem_lock);
@@ -357,7 +349,6 @@ int udl_driver_load(struct drm_device *dev, unsigned long flags)
err:
if (udl->urbs.count)
udl_free_urb_list(dev);
- kfree(udl);
DRM_ERROR("%d\n", ret);
return ret;
}
@@ -368,7 +359,7 @@ int udl_drop_usb(struct drm_device *dev)
return 0;
}
-void udl_driver_unload(struct drm_device *dev)
+void udl_fini(struct drm_device *dev)
{
struct udl_device *udl = to_udl(dev);
@@ -378,12 +369,4 @@ void udl_driver_unload(struct drm_device *dev)
udl_free_urb_list(dev);
udl_fbdev_cleanup(dev);
- kfree(udl);
-}
-
-void udl_driver_release(struct drm_device *dev)
-{
- udl_modeset_cleanup(dev);
- drm_dev_fini(dev);
- kfree(dev);
}
--
2.22.0.510.g264f2c817a-goog
^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-07-15 18:06 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-07-15 18:05 [v4.19.y PATCH 0/3] fix drm/udl use-after-free error Ross Zwisler
2019-07-15 18:05 ` [v4.19.y PATCH 1/3] drm/udl: introduce a macro to convert dev to udl Ross Zwisler
2019-07-15 18:05 ` [v4.19.y PATCH 2/3] drm/udl: Replace drm_dev_unref with drm_dev_put Ross Zwisler
2019-07-15 18:05 ` [v4.19.y PATCH 3/3] drm/udl: move to embedding drm device inside udl device Ross Zwisler
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.