fdo-mirrors/mesa
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/mesa/mesa.git synced 2025-12-25 00:00:11 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

zink: don't use screen ralloc context for screen::pipeline_libs

Browse source 
set_rehash will realloc this memory, which triggers a UAF on screen destroy

cc: mesa-stable

Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/37370>
This commit is contained in:
Mike Blumenkrantz 2025-07-22 14:07:34 -04:00 committed by Marge Bot
parent f7480771c6
commit dfcdae378a
2 changed files with 11 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
src/gallium/drivers/zink/zink_draw.cpp
View file

@ -1361,14 +1361,14 @@ zink_init_grid_functions(struct zink_context *ctx)
void
zink_init_screen_pipeline_libs(struct zink_screen *screen)
{
_mesa_set_init(&screen->pipeline_libs[0], screen, hash_gfx_program<0>, equals_gfx_program<0>);
_mesa_set_init(&screen->pipeline_libs[1], screen, hash_gfx_program<1>, equals_gfx_program<1>);
_mesa_set_init(&screen->pipeline_libs[2], screen, hash_gfx_program<2>, equals_gfx_program<2>);
_mesa_set_init(&screen->pipeline_libs[3], screen, hash_gfx_program<3>, equals_gfx_program<3>);
_mesa_set_init(&screen->pipeline_libs[4], screen, hash_gfx_program<4>, equals_gfx_program<4>);
_mesa_set_init(&screen->pipeline_libs[5], screen, hash_gfx_program<5>, equals_gfx_program<5>);
_mesa_set_init(&screen->pipeline_libs[6], screen, hash_gfx_program<6>, equals_gfx_program<6>);
_mesa_set_init(&screen->pipeline_libs[7], screen, hash_gfx_program<7>, equals_gfx_program<7>);
_mesa_set_init(&screen->pipeline_libs[0], NULL, hash_gfx_program<0>, equals_gfx_program<0>);
_mesa_set_init(&screen->pipeline_libs[1], NULL, hash_gfx_program<1>, equals_gfx_program<1>);
_mesa_set_init(&screen->pipeline_libs[2], NULL, hash_gfx_program<2>, equals_gfx_program<2>);
_mesa_set_init(&screen->pipeline_libs[3], NULL, hash_gfx_program<3>, equals_gfx_program<3>);
_mesa_set_init(&screen->pipeline_libs[4], NULL, hash_gfx_program<4>, equals_gfx_program<4>);
_mesa_set_init(&screen->pipeline_libs[5], NULL, hash_gfx_program<5>, equals_gfx_program<5>);
_mesa_set_init(&screen->pipeline_libs[6], NULL, hash_gfx_program<6>, equals_gfx_program<6>);
_mesa_set_init(&screen->pipeline_libs[7], NULL, hash_gfx_program<7>, equals_gfx_program<7>);
for (unsigned i = 0; i < ARRAY_SIZE(screen->pipeline_libs_lock); i++)
simple_mtx_init(&screen->pipeline_libs_lock[i], mtx_plain);
}

8
src/gallium/drivers/zink/zink_screen.c
View file

@ -1491,6 +1491,9 @@ zink_destroy_screen(struct pipe_screen *pscreen)
if (screen->gfx_push_constant_layout)
VKSCR(DestroyPipelineLayout)(screen->dev, screen->gfx_push_constant_layout, NULL);
for (unsigned i = 0; i < ARRAY_SIZE(screen->pipeline_libs); i++)
_mesa_set_fini(&screen->pipeline_libs[i], NULL);
u_transfer_helper_destroy(pscreen->transfer_helper);
if (util_queue_is_initialized(&screen->cache_get_thread)) {
util_queue_finish(&screen->cache_get_thread);
@ -1505,11 +1508,6 @@ zink_destroy_screen(struct pipe_screen *pscreen)
#endif
disk_cache_destroy(screen->disk_cache);
/* we don't have an API to check if a set is already initialized */
for (unsigned i = 0; i < ARRAY_SIZE(screen->pipeline_libs); i++)
if (screen->pipeline_libs[i].table)
_mesa_set_clear(&screen->pipeline_libs[i], NULL);
zink_bo_deinit(screen);
util_live_shader_cache_deinit(&screen->shaders);