From e7d7d10d0a76e95c04a946e83a05aec224704489 Mon Sep 17 00:00:00 2001 From: "Eric R. Smith" Date: Fri, 1 Aug 2025 16:04:45 -0300 Subject: [PATCH] panvk: fix a NULL pointer dereference in occlusion queries If a meta operation (like a blit or clear) happens while occlusion queries are active, we temporarily disable the query. Unfortunately the code for this did not clear out the `syncobj` field. In rare combinations of circumstances this could cause an attempt to issue a write back of the occlusion query values, and since we've zeroed the `ptr` field it writes to a NULL value, causing a bus fault and device lost error. Fixes: 61534faf4e2 ("panvk: Wire occlusion queries to internals") Reviewed-by: Erik Faye-Lund Reviewed-by: Lars-Ivar Hesselberg Simonsen Part-of: (cherry picked from commit 24c692c981631276f3f20ff021931c665162e7e6) --- .pick_status.json | 2 +- src/panfrost/vulkan/panvk_vX_cmd_meta.c | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/.pick_status.json b/.pick_status.json index 320ae4bef07..47249491251 100644 --- a/.pick_status.json +++ b/.pick_status.json @@ -6274,7 +6274,7 @@ "description": "panvk: fix a NULL pointer dereference in occlusion queries", "nominated": true, "nomination_type": 2, - "resolution": 0, + "resolution": 1, "main_sha": null, "because_sha": "61534faf4e2b031b64ee387558a44e7e06915c48", "notes": null diff --git a/src/panfrost/vulkan/panvk_vX_cmd_meta.c b/src/panfrost/vulkan/panvk_vX_cmd_meta.c index 9ad416a2d48..99ceb4eb546 100644 --- a/src/panfrost/vulkan/panvk_vX_cmd_meta.c +++ b/src/panfrost/vulkan/panvk_vX_cmd_meta.c @@ -112,6 +112,9 @@ panvk_per_arch(cmd_meta_gfx_start)( save_ctx->occlusion_query = cmdbuf->state.gfx.occlusion_query; /* Ensure occlusion queries are disabled */ +#if PAN_ARCH >= 10 + cmdbuf->state.gfx.occlusion_query.syncobj = 0; +#endif cmdbuf->state.gfx.occlusion_query.ptr = 0; cmdbuf->state.gfx.occlusion_query.mode = MALI_OCCLUSION_MODE_DISABLED; gfx_state_set_dirty(cmdbuf, OQ);