drm/drm_file: Fix pid refcounting race

From Jann Horn
16682588ead4a593cf1aebb33b36df4d1e9e4ffa in linux-6.6.y/6.6.37
4f2a129b33a2054e62273edd5a051c34c08d96e9 in mainline linux

diff --git a/sys/dev/pci/drm/drm_file.c b/sys/dev/pci/drm/drm_file.c
index 1920e89..a4f3e5c 100644 (file)
--- a/sys/dev/pci/drm/drm_file.c
+++ b/sys/dev/pci/drm/drm_file.c
@@ -551,14 +551,12 @@ void drm_file_update_pid(struct drm_file *filp)
 
        dev = filp->minor->dev;
        mutex_lock(&dev->filelist_mutex);
+       get_pid(pid);
        old = rcu_replace_pointer(filp->pid, pid, 1);
        mutex_unlock(&dev->filelist_mutex);
 
-       if (pid != old) {
-               get_pid(pid);
-               synchronize_rcu();
-               put_pid(old);
-       }
+       synchronize_rcu();
+       put_pid(old);
 #endif
 }