From ece6458c04e4e2a536afd468a4795b63aff67adc Mon Sep 17 00:00:00 2001 From: Alyssa Rosenzweig Date: Mon, 23 Aug 2021 20:18:25 -0400 Subject: [PATCH] panfrost: Fix NULL dereference in allowlist code If a user attempts to run Panfrost on an unsupported GPU (e.g. Mali T604), Panfrost will refuse to load and will destroy the screen immediately, allowing for a graceful fallback to a software rasterizer. However, the screen destroy code calls a screen_destroy function in the GenXML vtbl -- and this function is still NULL when the allowlist is checked. This manifests as crashes on unsuported GPUs. Issue tracked down with Icecream95's mad Ghidra skills. Closes: #5269 Fixes: 88dc4db6be7 ("panfrost: Init/destroy blitter from per-gen file") Signed-off-by: Alyssa Rosenzweig Reported-by: Icecream95 Part-of: (cherry picked from commit 2d31d469f771b5ef617c88b8b50dff97288284fe) --- .pick_status.json | 2 +- src/gallium/drivers/panfrost/pan_screen.c | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.pick_status.json b/.pick_status.json index ed12d455ef7..3f388f93627 100644 --- a/.pick_status.json +++ b/.pick_status.json @@ -238,7 +238,7 @@ "description": "panfrost: Fix NULL dereference in allowlist code", "nominated": true, "nomination_type": 1, - "resolution": 0, + "resolution": 1, "main_sha": null, "because_sha": "88dc4db6be7e21dee525ce1dd4e411664ebc33d6" }, diff --git a/src/gallium/drivers/panfrost/pan_screen.c b/src/gallium/drivers/panfrost/pan_screen.c index 6df27b4cdd5..432351ba72d 100644 --- a/src/gallium/drivers/panfrost/pan_screen.c +++ b/src/gallium/drivers/panfrost/pan_screen.c @@ -701,7 +701,8 @@ panfrost_destroy_screen(struct pipe_screen *pscreen) panfrost_pool_cleanup(&screen->blitter.desc_pool); pan_blend_shaders_cleanup(dev); - screen->vtbl.screen_destroy(pscreen); + if (screen->vtbl.screen_destroy) + screen->vtbl.screen_destroy(pscreen); if (dev->ro) dev->ro->destroy(dev->ro);