From a5e926891cb0601626483ffe079519a0f1acf03f Mon Sep 17 00:00:00 2001
From: Mel Henning <mhenning@darkrefraction.com>
Date: Tue, 2 Sep 2025 16:14:07 -0400
Subject: [PATCH] nvk: Clear cond_render_gart_* in reset_cmd_buffer

nvk_cmd_pool_free_gart_mem_list frees this buffer, so we need to clear
the pointers to it in order to avoid a use after free.

Fixes: 07c70c77de ("nvk: add cond render upload buffer.")
Reviewed-by: Faith Ekstrand <faith.ekstrand@collabora.com>
Reviewed-by: Mary Guillemard <mary@mary.zone>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/37153>
(cherry picked from commit eaa547f6f2193e50ffd5564e1f143ca42defaef8)
---
 .pick_status.json                   | 2 +-
 src/nouveau/vulkan/nvk_cmd_buffer.c | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/.pick_status.json b/.pick_status.json
index 13cb282b5ed..a0d132f716b 100644
--- a/.pick_status.json
+++ b/.pick_status.json
@@ -9404,7 +9404,7 @@
         "description": "nvk: Clear cond_render_gart_* in reset_cmd_buffer",
         "nominated": true,
         "nomination_type": 2,
-        "resolution": 0,
+        "resolution": 1,
         "main_sha": null,
         "because_sha": "07c70c77de4b7894df6719a0c19293ac85d53686",
         "notes": null
diff --git a/src/nouveau/vulkan/nvk_cmd_buffer.c b/src/nouveau/vulkan/nvk_cmd_buffer.c
index fd54628c94d..c0748b6b17f 100644
--- a/src/nouveau/vulkan/nvk_cmd_buffer.c
+++ b/src/nouveau/vulkan/nvk_cmd_buffer.c
@@ -114,6 +114,8 @@ nvk_reset_cmd_buffer(struct vk_command_buffer *vk_cmd_buffer,
    cmd->push_mem = NULL;
    cmd->push_mem_limit = NULL;
    cmd->push = (struct nv_push) {0};
+   cmd->cond_render_gart_mem = NULL;
+   cmd->cond_render_gart_offset = 0;
 
    util_dynarray_clear(&cmd->pushes);