From 2e4c04864a09404e390926efd788b73ef9ff1c94 Mon Sep 17 00:00:00 2001
From: Paulo Zanoni <paulo.r.zanoni@intel.com>
Date: Fri, 8 Sep 2023 14:29:51 -0700
Subject: [PATCH] iris: avoid stack overflow in iris_bo_wait_syncobj()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Keep most cases using the stack as it's cheaper, but fall back to the
heap when the size gets too big.

This should fix a stack overflow reported by @rhezashan for a case
where we had lots of iris_screens.

Credits to Matt Turner and José Roberto de Souza for their work on
this issue, which led us to find its root cause.

Cc: mesa-stable
Reported-by: rheza shandikri (@rhezashan in gitlab)
Credits-to: José Roberto de Souza <jose.souza@intel.com>
Credits-to: Matt Turner <mattst88@gmail.com>
Reviewed-by: José Roberto de Souza <jose.souza@intel.com>
Reviewed-by: Kenneth Graunke <kenneth@whitecape.org>
Signed-off-by: Paulo Zanoni <paulo.r.zanoni@intel.com>
(cherry picked from commit 3cec15dd142b47c33b9e266a9b9f8e2c6540fa99)

Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/25404>
---
 src/gallium/drivers/iris/iris_bufmgr.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/gallium/drivers/iris/iris_bufmgr.c b/src/gallium/drivers/iris/iris_bufmgr.c
index f1f58861e0f..18529480085 100644
--- a/src/gallium/drivers/iris/iris_bufmgr.c
+++ b/src/gallium/drivers/iris/iris_bufmgr.c
@@ -50,6 +50,7 @@
 #include "errno.h"
 #include "common/intel_aux_map.h"
 #include "common/intel_clflush.h"
+#include "c99_alloca.h"
 #include "dev/intel_debug.h"
 #include "common/intel_gem.h"
 #include "dev/intel_device_info.h"
@@ -525,7 +526,10 @@ iris_bo_wait_syncobj(struct iris_bo *bo, int64_t timeout_ns)
 
    simple_mtx_lock(&bufmgr->bo_deps_lock);
 
-   uint32_t handles[bo->deps_size * IRIS_BATCH_COUNT * 2 + is_external];
+   const int handles_len = bo->deps_size * IRIS_BATCH_COUNT * 2 + is_external;
+   uint32_t *handles = handles_len <= 32 ?
+                        (uint32_t *)alloca(handles_len * sizeof(*handles)) :
+                        (uint32_t *)malloc(handles_len * sizeof(*handles));
    int handle_count = 0;
 
    if (is_external) {
@@ -575,6 +579,8 @@ iris_bo_wait_syncobj(struct iris_bo *bo, int64_t timeout_ns)
    }
 
 out:
+   if (handles_len > 32)
+      free(handles);
    if (external_implicit_syncobj)
       iris_syncobj_reference(bufmgr, &external_implicit_syncobj, NULL);