From 81e6a108dab956b9de2214435e6fbdbc46b46293 Mon Sep 17 00:00:00 2001 From: Mike Blumenkrantz Date: Tue, 19 Sep 2023 08:53:42 -0400 Subject: [PATCH] zink: avoid UAF on wayland async present with to-be-retired swapchain wayland surfaces are likely to become unlinked in WSI implementations upon retiring a swapchain, requiring the pending present to complete in order to avoid invalid access cc: mesa-stable Part-of: (cherry picked from commit aaabb5b0f209dfad32ff108a49f39871e688444f) --- .pick_status.json | 2 +- src/gallium/drivers/zink/zink_kopper.c | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/.pick_status.json b/.pick_status.json index 0da35432386..1644220487a 100644 --- a/.pick_status.json +++ b/.pick_status.json @@ -1291,7 +1291,7 @@ "description": "zink: avoid UAF on wayland async present with to-be-retired swapchain", "nominated": true, "nomination_type": 0, - "resolution": 0, + "resolution": 1, "main_sha": null, "because_sha": null }, diff --git a/src/gallium/drivers/zink/zink_kopper.c b/src/gallium/drivers/zink/zink_kopper.c index e95ba519f6e..52f85578deb 100644 --- a/src/gallium/drivers/zink/zink_kopper.c +++ b/src/gallium/drivers/zink/zink_kopper.c @@ -253,6 +253,9 @@ kopper_CreateSwapchain(struct zink_screen *screen, struct kopper_displaytarget * bool has_alpha = cdt->info.has_alpha && (cdt->caps.supportedCompositeAlpha & VK_COMPOSITE_ALPHA_PRE_MULTIPLIED_BIT_KHR); if (cdt->swapchain) { cswap->scci = cdt->swapchain->scci; + /* avoid UAF if async present needs to-be-retired swapchain */ + if (cdt->type == KOPPER_WAYLAND && cdt->swapchain->swapchain) + util_queue_fence_wait(&cdt->swapchain->present_fence); cswap->scci.oldSwapchain = cdt->swapchain->swapchain; } else { cswap->scci.sType = VK_STRUCTURE_TYPE_SWAPCHAIN_CREATE_INFO_KHR;