From fbc6a5280f5acd0fed1db1fbe8b4e0513e68372b Mon Sep 17 00:00:00 2001
From: Eric Anholt <eric@anholt.net>
Date: Tue, 1 Dec 2020 13:47:28 -0800
Subject: [PATCH] freedreno: Break out of "should we free the entry" loop once
 we've freed.

Fixes a use-after-free of the state on the next iteration when it was
probably just destroyed.

Fixes: 6de01faac5a2 ("freedreno/a6xx: invalidate tex state cache entries on rebind")
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/7695>
(cherry picked from commit d3c67d7e7ec6b9cf10fbea0d08e92751b7b0fbae)
---
 .pick_status.json                                | 2 +-
 src/gallium/drivers/freedreno/a6xx/fd6_texture.c | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/.pick_status.json b/.pick_status.json
index 37511f61b0f..525cd635a4f 100644
--- a/.pick_status.json
+++ b/.pick_status.json
@@ -229,7 +229,7 @@
         "description": "freedreno: Break out of \"should we free the entry\" loop once we've freed.",
         "nominated": true,
         "nomination_type": 1,
-        "resolution": 0,
+        "resolution": 1,
         "master_sha": null,
         "because_sha": "6de01faac5a20208422fb75d22f2bd88c53f53d8"
     },
diff --git a/src/gallium/drivers/freedreno/a6xx/fd6_texture.c b/src/gallium/drivers/freedreno/a6xx/fd6_texture.c
index 5e6b9010453..43b1c6deafd 100644
--- a/src/gallium/drivers/freedreno/a6xx/fd6_texture.c
+++ b/src/gallium/drivers/freedreno/a6xx/fd6_texture.c
@@ -450,6 +450,7 @@ fd6_rebind_resource(struct fd_context *ctx, struct fd_resource *rsc)
 			if (rsc->seqno == state->key.view[i].rsc_seqno) {
 				fd6_texture_state_destroy(entry->data);
 				_mesa_hash_table_remove(fd6_ctx->tex_cache, entry);
+				break;
 			}
 		}
 	}