Linux DRM Ioctl Developed By AMD Being Disabled Following Ongoing Security Issue
Linux DRM Ioctl Developed By AMD Being Disabled Following Ongoing Security Issue
https://www.phoronix.com/news/Linux-7.1-DRM-Change-Handle
Publish Date: 2026-06-05 20:52:00
Source Domain: www.phoronix.com
It’s unfortunately another busy week in the Linux 7.1 kernel space with not everything slowing down so well, late in the cycle and leading to the upcoming 7.1 stable release. This week’s DRM pull request of kernel graphics/accelerator drivers is again heavy on fixes and also ends up disabling an ioctl interface given ongoing security concerns from that code merged last year.
David Airlie of Red Hat wrote in Friday’s pull request of DRM fixes for Linux 7.1:
“Weekly drm fixes, not contributing to things settling down unfortunately, lots of driver fixes for various bounds checks, leaks and UAF type things, i915/xe probably the most sane, amdgpu has a mix of fixes all over, then ethosu has lots of small fixes.
The problem of fixing thing in private has really hit us with the change handle ioctl, and “Sima was right” and we should have disabled the ioctl, since it was only introduced a couple of kernels ago and failed to upstream it’s tests in time. The patch here fixes the problems Sima identified, but disables the ioctl as well, with a list of known problems in it and a request for proper tests to be written and upstreamed. It’s a niche user ioctl designed for CRIU with AMD ROCm, so I think it’s fine to just disable it.
Maybe this week will settle down,
Dave.”
Besides the ongoing surplus of Linux fixes continuing to flow in for Linux 7.1, the ioctl drama is the other matter… It pertains to drm_gem_change_handle_ioctl() as a DRM PRIME interface to re-assign GEM handles. This is an interface pursued by AMD engineers as part of their Checkpoint and Restore in User-Space (CRIU) initiative. CRIU needs to be able to create or import a buffer object with a specific GEM handle. This interface was devised by AMD engineers last year.
This work was done by AMD to allow freezing a running app/container of ROCm compute workloads and saving its state to be restored later, such as when performing live migration or snapshotting purposes.
Earlier this year with CVE-2026-23149 a…
