From 2d2820349a23e3f6065cd3c3d6f50dc4fca34f15 Mon Sep 17 00:00:00 2001
From: Boris Brezillon <boris.brezillon@collabora.com>
Date: Mon, 29 Jan 2024 14:05:56 +0100
Subject: [PATCH] panvk: Fix call ordering in panvk_DestroyDevice()

Destroy the decode context when all private BOs attached to the device
have been destroyed, otherwise we a have use-after-free situation when
panvk_priv_bo_destroy() calls pandecode_inject_mmap().

Fixes: 211aa201945b ("panvk: Move away from panfrost_{bo,device}")
Signed-off-by: Boris Brezillon <boris.brezillon@collabora.com>
Reviewed-by: Erik Faye-Lund <erik.faye-lund@collabora.com>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/28104>
---
 src/panfrost/vulkan/panvk_device.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/panfrost/vulkan/panvk_device.c b/src/panfrost/vulkan/panvk_device.c
index 52f426bd23e..1b9c735c3f0 100644
--- a/src/panfrost/vulkan/panvk_device.c
+++ b/src/panfrost/vulkan/panvk_device.c
@@ -1143,9 +1143,6 @@ panvk_DestroyDevice(VkDevice _device, const VkAllocationCallbacks *pAllocator)
    if (!device)
       return;
 
-   if (device->debug.decode_ctx)
-      pandecode_destroy_context(device->debug.decode_ctx);
-
    for (unsigned i = 0; i < PANVK_MAX_QUEUE_FAMILIES; i++) {
       for (unsigned q = 0; q < device->queue_count[i]; q++)
          panvk_queue_finish(&device->queues[i][q]);
@@ -1158,6 +1155,10 @@ panvk_DestroyDevice(VkDevice _device, const VkAllocationCallbacks *pAllocator)
    panvk_priv_bo_destroy(device->tiler_heap, &device->vk.alloc);
    panvk_priv_bo_destroy(device->sample_positions, &device->vk.alloc);
    pan_kmod_vm_destroy(device->kmod.vm);
+
+   if (device->debug.decode_ctx)
+      pandecode_destroy_context(device->debug.decode_ctx);
+
    pan_kmod_dev_destroy(device->kmod.dev);
    vk_free(&device->vk.alloc, device);
 }