fdo-mirrors/mesa
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/mesa/mesa.git synced 2026-05-07 17:58:26 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

zink: fix descriptor buffer unmaps on screen destroy

Browse source 
descriptor buffer uses mapped buffers. mapping/unmapping buffers
uses a ctx in the function params, but at this time there is no ctx.
since the ctx is not actually used for unmapping descriptor buffers,
this can instead use a special buffer unmap function to avoid invalid access

Fixes: b06f6e00fb ("zink: fix heap-use-after-free on batch_state with sub-allocated pipe_resources")
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/27344>
(cherry picked from commit 0a97d1ebfa)
This commit is contained in:
Mike Blumenkrantz 2024-01-29 15:07:39 -05:00 committed by Eric Engestrom
parent 098fb7465d
commit 627a6d792a
5 changed files with 15 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.pick_status.json
View file

@ -484,7 +484,7 @@
"description": "zink: fix descriptor buffer unmaps on screen destroy",
"nominated": true,
"nomination_type": 1,
"resolution": 0,
"resolution": 1,
"main_sha": null,
"because_sha": "b06f6e00fba6e33c28a198a1bb14b89e9dfbb4ae",
"notes": null

1
src/gallium/drivers/zink/zink_context.c
View file

@ -172,6 +172,7 @@ zink_context_destroy(struct pipe_context *pctx)
while (bs) {
struct zink_batch_state *bs_next = bs->next;
zink_clear_batch_state(ctx, bs);
bs->ctx = NULL;
/* restore link as we insert them into the screens free_batch_states
* list below
*/

2
src/gallium/drivers/zink/zink_descriptors.c
View file

@ -1501,7 +1501,7 @@ zink_batch_descriptor_deinit(struct zink_screen *screen, struct zink_batch_state
}
if (bs->dd.db_xfer)
pipe_buffer_unmap(&bs->ctx->base, bs->dd.db_xfer);
zink_screen_buffer_unmap(&screen->base, bs->dd.db_xfer);
bs->dd.db_xfer = NULL;
if (bs->dd.db)
screen->base.resource_destroy(&screen->base, &bs->dd.db->base.b);

10
src/gallium/drivers/zink/zink_resource.c
View file

@ -2840,6 +2840,16 @@ do_transfer_unmap(struct zink_screen *screen, struct zink_transfer *trans)
unmap_resource(screen, res);
}
void
zink_screen_buffer_unmap(struct pipe_screen *pscreen, struct pipe_transfer *ptrans)
{
struct zink_screen *screen = zink_screen(pscreen);
struct zink_transfer *trans = (struct zink_transfer *)ptrans;
if (trans->base.b.usage & PIPE_MAP_ONCE && !trans->staging_res)
do_transfer_unmap(screen, trans);
transfer_unmap(NULL, ptrans);
}
static void
zink_buffer_unmap(struct pipe_context *pctx, struct pipe_transfer *ptrans)
{

3
src/gallium/drivers/zink/zink_resource.h
View file

@ -44,7 +44,8 @@ zink_screen_resource_init(struct pipe_screen *pscreen);
void
zink_context_resource_init(struct pipe_context *pctx);
void
zink_screen_buffer_unmap(struct pipe_screen *pscreen, struct pipe_transfer *ptrans);
void
zink_get_depth_stencil_resources(struct pipe_resource *res,
struct zink_resource **out_z,