CVE-2024-43863

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/vmwgfx: Fix a deadlock in dma buf fence polling<br /> <br /> Introduce a version of the fence ops that on release doesn&amp;#39;t remove<br /> the fence from the pending list, and thus doesn&amp;#39;t require a lock to<br /> fix poll-&gt;fence wait-&gt;fence unref deadlocks.<br /> <br /> vmwgfx overwrites the wait callback to iterate over the list of all<br /> fences and update their status, to do that it holds a lock to prevent<br /> the list modifcations from other threads. The fence destroy callback<br /> both deletes the fence and removes it from the list of pending<br /> fences, for which it holds a lock.<br /> <br /> dma buf polling cb unrefs a fence after it&amp;#39;s been signaled: so the poll<br /> calls the wait, which signals the fences, which are being destroyed.<br /> The destruction tries to acquire the lock on the pending fences list<br /> which it can never get because it&amp;#39;s held by the wait from which it<br /> was called.<br /> <br /> Old bug, but not a lot of userspace apps were using dma-buf polling<br /> interfaces. Fix those, in particular this fixes KDE stalls/deadlock.