fdo-mirrors/mesa
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/mesa/mesa.git synced 2026-05-07 09:18:04 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

zink: don't destroy the current batch state on context destroy

Browse source 
these are owned by the screen now

should fix some flakiness with shared contexts

Fixes: b06f6e00fb ("zink: fix heap-use-after-free on batch_state with sub-allocated pipe_resources")
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/27749>
(cherry picked from commit dfe331930c)
This commit is contained in:
Mike Blumenkrantz 2024-02-22 09:19:35 -05:00 committed by Eric Engestrom
parent 40c72e73e7
commit 3794d15e61
2 changed files with 17 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.pick_status.json
View file

@ -1254,7 +1254,7 @@
"description": "zink: don't destroy the current batch state on context destroy",
"nominated": true,
"nomination_type": 1,
"resolution": 0,
"resolution": 1,
"main_sha": null,
"because_sha": "b06f6e00fba6e33c28a198a1bb14b89e9dfbb4ae",
"notes": null

22
src/gallium/drivers/zink/zink_context.c
View file

@ -187,21 +187,31 @@ zink_context_destroy(struct pipe_context *pctx)
screen->free_batch_states = ctx->batch_states;
screen->last_free_batch_state = screen->free_batch_states;
}
while (screen->last_free_batch_state->next)
screen->last_free_batch_state = screen->last_free_batch_state->next;
}
while (screen->last_free_batch_state && screen->last_free_batch_state->next)
screen->last_free_batch_state = screen->last_free_batch_state->next;
if (ctx->free_batch_states) {
if (screen->free_batch_states)
screen->last_free_batch_state->next = ctx->free_batch_states;
else
else {
screen->free_batch_states = ctx->free_batch_states;
screen->last_free_batch_state = ctx->last_free_batch_state;
screen->last_free_batch_state = ctx->last_free_batch_state;
}
}
simple_mtx_unlock(&screen->free_batch_states_lock);
while (screen->last_free_batch_state && screen->last_free_batch_state->next)
screen->last_free_batch_state = screen->last_free_batch_state->next;
if (ctx->batch.state) {
zink_clear_batch_state(ctx, ctx->batch.state);
zink_batch_state_destroy(screen, ctx->batch.state);
if (screen->free_batch_states)
screen->last_free_batch_state->next = ctx->batch.state;
else {
screen->free_batch_states = ctx->batch.state;
screen->last_free_batch_state = screen->free_batch_states;
}
}
while (screen->last_free_batch_state && screen->last_free_batch_state->next)
screen->last_free_batch_state = screen->last_free_batch_state->next;
simple_mtx_unlock(&screen->free_batch_states_lock);
for (unsigned i = 0; i < 2; i++) {
util_idalloc_fini(&ctx->di.bindless[i].tex_slots);