AlexIndustrial/mesa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

pvr: fix cleaning up failed CreateDevice

Browse Source 
When running the Vulkan CTS test
dEQP-VK.api.device_init.create_instance_device_intentional_alloc_fail.basic ,
the driver sometimes crashes because of cleaning up sequences try to do
pvr_suballoc_bo_free() on bo's that is never initialized (thus old stale
value remains as pointer).

Fix the issues that lead to wild pointers access (a wrong cleanup
sequence and trying to free bo's that fails to be allocated).

The CTS test still fails here with "Allocations still remain, failed on
index 4274", but at least it does not crash now.

Reviewed-by: Frank Binns <frank.binns@imgtec.com>
Signed-off-by: Icenowy Zheng <uwu@icenowy.me>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/38506>
This commit is contained in:
Icenowy Zheng
2025-11-18 18:49:06 +08:00
committed by Marge Bot
parent ab9e148bfb
commit 54077d9893
1 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/imagination/vulkan/pvr_device.c
View File

@@ -645,8 +645,9 @@ pvr_device_init_view_index_init_programs(struct pvr_device *device)
{
uint32_t *staging_buffer = NULL;
VkResult result;
unsigned i;
for (unsigned i = 0; i < PVR_MAX_MULTIVIEW; ++i) {
for (i = 0; i < PVR_MAX_MULTIVIEW; ++i) {
uint32_t staging_buffer_size;
struct pvr_pds_view_index_init_program *program =
&device->view_index_init_info[i];
@@ -696,7 +697,7 @@ pvr_device_init_view_index_init_programs(struct pvr_device *device)
vk_free(&device->vk.alloc, staging_buffer);
if (result != VK_SUCCESS)
for (uint32_t u = 0; u < PVR_MAX_MULTIVIEW; ++u)
for (uint32_t u = 0; u < i; ++u)
pvr_bo_suballoc_free(device->view_index_init_programs[u].pvr_bo);
return result;
@@ -984,13 +985,13 @@ err_pvr_finish_compute_idfwdf:
err_pvr_destroy_compute_query_programs:
pvr_device_destroy_compute_query_programs(device);
err_pvr_free_compute_empty:
pvr_bo_suballoc_free(device->pds_compute_empty_program.pvr_bo);
err_pvr_free_view_index:
for (uint32_t u = 0; u < PVR_MAX_MULTIVIEW; ++u)
pvr_bo_suballoc_free(device->view_index_init_programs[u].pvr_bo);
err_pvr_free_compute_empty:
pvr_bo_suballoc_free(device->pds_compute_empty_program.pvr_bo);
err_pvr_free_compute_fence:
pvr_bo_suballoc_free(device->pds_compute_fence_program.pvr_bo);