From f18492faa9f692d62cee774066ef182d3e279eec Mon Sep 17 00:00:00 2001
From: Alyssa Rosenzweig <alyssa@collabora.com>
Date: Fri, 24 Jun 2022 10:42:00 -0400
Subject: [PATCH] lima,panfrost: Do not ralloc contexts against the screen

ralloc is not thread-safe. While a given context can only be accessed from a
single thread at once, multiple contexts can be created against the same screen
at once. The ralloc allocations against the shared screens will race. Depending
on the result of the race, the same block of memory can be returned as the two
new contexts in two different threads, causing a use-after-free when the context
is freed later.

We free the context explicitly when it's destroyed anyway. If screens are
getting destroyed without the contexts getting destroyed first, that's a state
tracker bug, not a Panfrost one.

This matches what Iris does.

Fixes crash in test_integer_ops.int_math on Panfrost.

Fixes: 0fcf73bc2d4 ("panfrost: Move to use ralloc for some allocations")
Signed-off-by: Alyssa Rosenzweig <alyssa@collabora.com>
Reviewed-by: Jesse Natalie <jenatali@microsoft.com>
Reviewed-by: Vasily Khoruzhick <anarsoul@gmail.com>
Reviewed-by: Jason Ekstrand <jason.ekstrand@collabora.com>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/17234>
---
 src/gallium/drivers/lima/lima_context.c    | 2 +-
 src/gallium/drivers/panfrost/pan_context.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/gallium/drivers/lima/lima_context.c b/src/gallium/drivers/lima/lima_context.c
index f9d423a31fb..1070a56d25c 100644
--- a/src/gallium/drivers/lima/lima_context.c
+++ b/src/gallium/drivers/lima/lima_context.c
@@ -205,7 +205,7 @@ lima_context_create(struct pipe_screen *pscreen, void *priv, unsigned flags)
    struct lima_screen *screen = lima_screen(pscreen);
    struct lima_context *ctx;
 
-   ctx = rzalloc(screen, struct lima_context);
+   ctx = rzalloc(NULL, struct lima_context);
    if (!ctx)
       return NULL;
 
diff --git a/src/gallium/drivers/panfrost/pan_context.c b/src/gallium/drivers/panfrost/pan_context.c
index 304107f45c4..c268e07d1b8 100644
--- a/src/gallium/drivers/panfrost/pan_context.c
+++ b/src/gallium/drivers/panfrost/pan_context.c
@@ -1060,7 +1060,7 @@ panfrost_set_stream_output_targets(struct pipe_context *pctx,
 struct pipe_context *
 panfrost_create_context(struct pipe_screen *screen, void *priv, unsigned flags)
 {
-        struct panfrost_context *ctx = rzalloc(screen, struct panfrost_context);
+        struct panfrost_context *ctx = rzalloc(NULL, struct panfrost_context);
         struct pipe_context *gallium = (struct pipe_context *) ctx;
         struct panfrost_device *dev = pan_device(screen);