[PATCH v2 0/2] drm/logicvc: Avoid UAF in DRM object management

From: Romain Gantois

Date: Tue Jun 30 2026 - 05:20:02 EST


Hi everyone, this is version two of my series which fixes some memory
management issues in the logicvc-drm driver.

Patch 1/2 migrates the driver to drmm to avoid accessing DRM objects after
they have been freed by devm.

Patch 2/2 uses the unplug mechanism to ensure that DRM objects aren't
accessed after the DRM device is removed.

Best Regards,

Romain

Signed-off-by: Romain Gantois <romain.gantois@xxxxxxxxxxx>
---
Changes in v2:
- Added protection of DRM device resources after removal using drm_dev_enter()
- Link to v1: https://patch.msgid.link/20260601-logicvc-uaf-v1-1-8c9ca5b3429c@xxxxxxxxxxx

To: Paul Kocialkowski <paulk@xxxxxxxxxxx>
To: Maarten Lankhorst <maarten.lankhorst@xxxxxxxxxxxxxxx>
To: Maxime Ripard <mripard@xxxxxxxxxx>
To: Thomas Zimmermann <tzimmermann@xxxxxxx>
To: David Airlie <airlied@xxxxxxxxx>
To: Simona Vetter <simona@xxxxxxxx>
Cc: Jason Xiang <jx@xxxxxxxxxxxxxx>
Cc: Thomas Petazzoni <thomas.petazzoni@xxxxxxxxxxx>
Cc: Paul Kocialkowski <paul.kocialkowski@xxxxxxxxxxx>
Cc: dri-devel@xxxxxxxxxxxxxxxxxxxxx
Cc: linux-kernel@xxxxxxxxxxxxxxx

---
Romain Gantois (2):
drm/logicvc: Avoid use-after-free with devm_kzalloc()
drm/logicvc: Avoid using DRM resources after device is unplugged

drivers/gpu/drm/logicvc/logicvc_crtc.c | 52 ++++++----
drivers/gpu/drm/logicvc/logicvc_drm.c | 9 +-
drivers/gpu/drm/logicvc/logicvc_interface.c | 61 +++++------
drivers/gpu/drm/logicvc/logicvc_layer.c | 153 +++++++++++++++-------------
4 files changed, 156 insertions(+), 119 deletions(-)
---
base-commit: 44e151be23deb788d9f6124de93823faf6e04e99
change-id: 20260526-logicvc-uaf-eab103f0d0de

Best regards,
--
Romain Gantois <romain.gantois@xxxxxxxxxxx>