From 9ca275f29af89e0e9b9d2a5f881bf049e9f1a17b Mon Sep 17 00:00:00 2001 From: Valentine Burley Date: Thu, 19 Mar 2026 20:00:05 +0100 Subject: [PATCH] tu/drm/virtio: Do not free iova from heap for lazy BOs When initializing a BO using a lazy VMA, the iova is provided by the sparse VMA and was not allocated from the device's VMA heap. Avoid calling util_vma_heap_free in the error path for such BOs to prevent heap corruption and potential double-frees. Fixes: 88d001383a7 ("tu: Add support for a "lazy" sparse VMA") Signed-off-by: Valentine Burley (cherry picked from commit eb7897f57b4c2f3e21bec5d9e5a5fab0f4e1f5d6) Part-of: --- .pick_status.json | 2 +- src/freedreno/vulkan/tu_knl_drm_virtio.cc | 8 +++++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/.pick_status.json b/.pick_status.json index 57502b4bf37..5de108b4d4c 100644 --- a/.pick_status.json +++ b/.pick_status.json @@ -3844,7 +3844,7 @@ "description": "tu/drm/virtio: Do not free iova from heap for lazy BOs", "nominated": true, "nomination_type": 2, - "resolution": 0, + "resolution": 1, "main_sha": null, "because_sha": "88d001383a7c5b3f27c80b9b063f29db88246e29", "notes": null diff --git a/src/freedreno/vulkan/tu_knl_drm_virtio.cc b/src/freedreno/vulkan/tu_knl_drm_virtio.cc index 4dbc85d3adf..af93ad3d015 100644 --- a/src/freedreno/vulkan/tu_knl_drm_virtio.cc +++ b/src/freedreno/vulkan/tu_knl_drm_virtio.cc @@ -775,9 +775,11 @@ virtio_bo_init(struct tu_device *dev, return VK_SUCCESS; fail: - mtx_lock(&dev->vma_mutex); - util_vma_heap_free(&dev->vma, req.iova, size); - mtx_unlock(&dev->vma_mutex); + if (!lazy_vma) { + mtx_lock(&dev->vma_mutex); + util_vma_heap_free(&dev->vma, req.iova, size); + mtx_unlock(&dev->vma_mutex); + } return result; }