fdo-mirrors/mesa
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/mesa/mesa.git synced 2026-01-03 09:20:13 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

pvr: Fix ds subtile alignment NULL pointer dereference

Browse source 
pvr_cmd_buffer_end_sub_cmd() sets the current sub-command to NULL. This was
causing list_move_to(), which is called immediately after this, to access a NULL
pointer. Fix this by storing the current sub command before calling
pve_cmd_buffer_end_sub_cmd() so that this can be used instead when modifying the
list.

Fixes: d1b17a5edc ("pvr: Implement ZLS subtile alignment")
Signed-off-by: Matt Coster <matt.coster@imgtec.com>
Acked-by: Alyssa Rosenzweig <alyssa@rosenzweig.io>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/31679>
This commit is contained in:
Matt Coster 2023-10-03 14:23:06 +01:00 committed by Marge Bot
parent a324a028a9
commit 6ba3c5263d
1 changed files with 7 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
src/imagination/vulkan/pvr_cmd_buffer.c
View file

@ -1168,6 +1168,7 @@ pvr_sub_cmd_gfx_align_ds_subtiles(struct pvr_cmd_buffer *const cmd_buffer,
*/
assert(list_last_entry(&cmd_buffer->sub_cmds, struct pvr_sub_cmd, link) ==
prev_sub_cmd);
assert(prev_sub_cmd == cmd_buffer->state.current_sub_cmd);
if (!pvr_ds_attachment_requires_zls(ds))
return VK_SUCCESS;
@ -1222,6 +1223,8 @@ pvr_sub_cmd_gfx_align_ds_subtiles(struct pvr_cmd_buffer *const cmd_buffer,
};
if (ds->load.d || ds->load.s) {
struct pvr_sub_cmd *new_sub_cmd;
cmd_buffer->state.current_sub_cmd = NULL;
result =
@ -1229,6 +1232,8 @@ pvr_sub_cmd_gfx_align_ds_subtiles(struct pvr_cmd_buffer *const cmd_buffer,
if (result != VK_SUCCESS)
return result;
new_sub_cmd = cmd_buffer->state.current_sub_cmd;
result = pvr_copy_image_to_buffer_region_format(cmd_buffer,
ds_image,
buffer->dev_addr,
@ -1238,7 +1243,7 @@ pvr_sub_cmd_gfx_align_ds_subtiles(struct pvr_cmd_buffer *const cmd_buffer,
if (result != VK_SUCCESS)
return result;
cmd_buffer->state.current_sub_cmd->transfer.serialize_with_frag = true;
new_sub_cmd->transfer.serialize_with_frag = true;
result = pvr_cmd_buffer_end_sub_cmd(cmd_buffer);
if (result != VK_SUCCESS)
@ -1247,8 +1252,7 @@ pvr_sub_cmd_gfx_align_ds_subtiles(struct pvr_cmd_buffer *const cmd_buffer,
/* Now we have to fiddle with cmd_buffer to place this transfer command
* *before* the target gfx subcommand.
*/
list_move_to(&cmd_buffer->state.current_sub_cmd->link,
&prev_sub_cmd->link);
list_move_to(&new_sub_cmd->link, &prev_sub_cmd->link);
cmd_buffer->state.current_sub_cmd = prev_sub_cmd;
}