fdo-mirrors/mesa
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/mesa/mesa.git synced 2026-01-08 02:00:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

nv50: reset TFB bufctx when we no longer hold a reference to the buffers

Browse source 
This fix is analogous to commit ff085d014.

This fixes some use-after-free situations in dEQP when an xfb state is
removed, and then a clear is triggered, which only does a partial
validation. It would attempt to read the no-longer-valid buffers,
resulting in crashes.

Signed-off-by: Ilia Mirkin <imirkin@alum.mit.edu>
Reviewed-by: Samuel Pitoiset <samuel.pitoiset@gmail.com>
Cc: "11.1 11.2" <mesa-stable@lists.freedesktop.org>
This commit is contained in:
Ilia Mirkin 2016-03-19 11:43:37 -04:00
parent 902bbda81b
commit d1b85dbffa
2 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/gallium/drivers/nouveau/nv50/nv50_shader_state.c
View file

@ -648,8 +648,6 @@ nv50_stream_output_validate(struct nv50_context *nv50)
BEGIN_NV04(push, NV50_3D(STRMOUT_BUFFERS_CTRL), 1);
PUSH_DATA (push, ctrl);
nouveau_bufctx_reset(nv50->bufctx_3d, NV50_BIND_3D_SO);
for (i = 0; i < nv50->num_so_targets; ++i) {
struct nv50_so_target *targ = nv50_so_target(nv50->so_target[i]);
struct nv04_resource *buf = nv04_resource(targ->pipe.buffer);

4
src/gallium/drivers/nouveau/nv50/nv50_state.c
View file

@ -1180,8 +1180,10 @@ nv50_set_stream_output_targets(struct pipe_context *pipe,
}
nv50->num_so_targets = num_targets;
if (nv50->so_targets_dirty)
if (nv50->so_targets_dirty) {
nouveau_bufctx_reset(nv50->bufctx_3d, NV50_BIND_3D_SO);
nv50->dirty_3d |= NV50_NEW_3D_STRMOUT;
}
}
static void