fdo-mirrors/mesa
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/mesa/mesa.git synced 2026-05-06 07:18:17 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

radv: Remove arenas from capture_replay_arena_vas

Browse source 
Avoids an use after free when looking up an arena.

cc: mesa-stable

Reviewed-by: Samuel Pitoiset <samuel.pitoiset@gmail.com>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/28961>
(cherry picked from commit df82221bb3)
This commit is contained in:
Konstantin Seurer 2024-04-28 15:57:30 +02:00 committed by Eric Engestrom
parent ca6431d9d7
commit c64129a0bd
3 changed files with 15 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.pick_status.json
View file

@ -104,7 +104,7 @@
"description": "radv: Remove arenas from capture_replay_arena_vas",
"nominated": true,
"nomination_type": 0,
"resolution": 0,
"resolution": 1,
"main_sha": null,
"because_sha": null,
"notes": null

5
src/amd/vulkan/radv_device.c
View file

@ -1320,9 +1320,6 @@ radv_DestroyDevice(VkDevice _device, const VkAllocationCallbacks *pAllocator)
if (!device)
return;
if (device->capture_replay_arena_vas)
_mesa_hash_table_u64_destroy(device->capture_replay_arena_vas);
radv_device_finish_perf_counter_lock_cs(device);
if (device->perf_counter_bo)
device->ws->buffer_destroy(device->ws, device->perf_counter_bo);
@ -1372,6 +1369,8 @@ radv_DestroyDevice(VkDevice _device, const VkAllocationCallbacks *pAllocator)
radv_finish_trace(device);
radv_destroy_shader_arenas(device);
if (device->capture_replay_arena_vas)
_mesa_hash_table_u64_destroy(device->capture_replay_arena_vas);
radv_sqtt_finish(device);

12
src/amd/vulkan/radv_shader.c
View file

@ -1292,6 +1292,18 @@ radv_free_shader_memory(struct radv_device *device, union radv_shader_arena_bloc
radv_rmv_log_bo_destroy(device, arena->bo);
device->ws->buffer_destroy(device->ws, arena->bo);
list_del(&arena->list);
if (device->capture_replay_arena_vas) {
struct hash_entry *arena_entry = NULL;
hash_table_foreach (device->capture_replay_arena_vas->table, entry) {
if (entry->data == arena) {
arena_entry = entry;
break;
}
}
_mesa_hash_table_remove(device->capture_replay_arena_vas->table, arena_entry);
}
free(arena);
} else if (free_list) {
add_hole(free_list, hole);