CVE-2025-38703

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/xe: Make dma-fences compliant with the safe access rules<br /> <br /> Xe can free some of the data pointed to by the dma-fences it exports. Most<br /> notably the timeline name can get freed if userspace closes the associated<br /> submit queue. At the same time the fence could have been exported to a<br /> third party (for example a sync_fence fd) which will then cause an use-<br /> after-free on subsequent access.<br /> <br /> To make this safe we need to make the driver compliant with the newly<br /> documented dma-fence rules. Driver has to ensure a RCU grace period<br /> between signalling a fence and freeing any data pointed to by said fence.<br /> <br /> For the timeline name we simply make the queue be freed via kfree_rcu and<br /> for the shared lock associated with multiple queues we add a RCU grace<br /> period before freeing the per GT structure holding the lock.