From 2f7c68cb55ecb7331f2381deb497c27155f32faf Mon Sep 17 00:00:00 2001
From: hc <hc@nodka.com>
Date: Wed, 03 Jan 2024 09:43:39 +0000
Subject: [PATCH] update kernel to 5.10.198

---
 kernel/drivers/gpu/drm/virtio/virtgpu_ioctl.c |   10 +++++++++-
 1 files changed, 9 insertions(+), 1 deletions(-)

diff --git a/kernel/drivers/gpu/drm/virtio/virtgpu_ioctl.c b/kernel/drivers/gpu/drm/virtio/virtgpu_ioctl.c
index 33b8eba..36efa27 100644
--- a/kernel/drivers/gpu/drm/virtio/virtgpu_ioctl.c
+++ b/kernel/drivers/gpu/drm/virtio/virtgpu_ioctl.c
@@ -279,10 +279,18 @@
 		drm_gem_object_release(obj);
 		return ret;
 	}
-	drm_gem_object_put(obj);
 
 	rc->res_handle = qobj->hw_res_handle; /* similiar to a VM address */
 	rc->bo_handle = handle;
+
+	/*
+	 * The handle owns the reference now.  But we must drop our
+	 * remaining reference *after* we no longer need to dereference
+	 * the obj.  Otherwise userspace could guess the handle and
+	 * race closing it from another thread.
+	 */
+	drm_gem_object_put(obj);
+
 	return 0;
 }
 

--
Gitblit v1.6.2