From 68796300403ebc11e5113cfad3183390f4d0fee7 Mon Sep 17 00:00:00 2001
From: jsg <jsg@openbsd.org>
Date: Mon, 8 Jul 2024 02:10:48 +0000
Subject: [PATCH] drm/drm_file: Fix pid refcounting race

From Jann Horn
16682588ead4a593cf1aebb33b36df4d1e9e4ffa in linux-6.6.y/6.6.37
4f2a129b33a2054e62273edd5a051c34c08d96e9 in mainline linux
---
 sys/dev/pci/drm/drm_file.c | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/sys/dev/pci/drm/drm_file.c b/sys/dev/pci/drm/drm_file.c
index 1920e89d657..a4f3e5c81d0 100644
--- a/sys/dev/pci/drm/drm_file.c
+++ b/sys/dev/pci/drm/drm_file.c
@@ -551,14 +551,12 @@ void drm_file_update_pid(struct drm_file *filp)
 
 	dev = filp->minor->dev;
 	mutex_lock(&dev->filelist_mutex);
+	get_pid(pid);
 	old = rcu_replace_pointer(filp->pid, pid, 1);
 	mutex_unlock(&dev->filelist_mutex);
 
-	if (pid != old) {
-		get_pid(pid);
-		synchronize_rcu();
-		put_pid(old);
-	}
+	synchronize_rcu();
+	put_pid(old);
 #endif
 }
 
-- 
2.20.1