1 |
From fb41d6e95c40e024b2dc1339e44a004061606837 Mon Sep 17 00:00:00 2001 |
2 |
From: Gert Wollny <gert.wollny@collabora.com> |
3 |
Date: Mon, 3 Sep 2018 10:05:44 +0200 |
4 |
Subject: [PATCH 02/20] winsys/virgl: correct resource and handle allocation |
5 |
(v2) |
6 |
|
7 |
Fixes crash with |
8 |
piglit/bin/map_buffer_range-invalidate CopyBufferSubData \ |
9 |
increment-offset -auto -fbo |
10 |
|
11 |
* Resize the resource storage already when the count is equal to the |
12 |
allocated size, fixes: |
13 |
|
14 |
Invalid write of size 8 |
15 |
at 0xB72E4CF: virgl_drm_add_res (virgl_drm_winsys.c:629) |
16 |
by 0xB72E4CF: virgl_drm_emit_res (virgl_drm_winsys.c:663) |
17 |
by 0xB72A44A: virgl_encode_resource_copy_region (virgl_encode.c:776) |
18 |
by 0xB40CD12: st_copy_buffer_subdata (st_cb_bufferobjects.c:585) |
19 |
by 0xB244A3B: _mesa_CopyBufferSubData (bufferobj.c:2940) |
20 |
by 0x109A1E: upload (invalidate.c:169) |
21 |
by 0x109C2F: piglit_display (invalidate.c:215) |
22 |
by 0x4F80FBE: run_test (piglit_fbo_framework.c:52) |
23 |
by 0x4F66E5F: piglit_gl_test_run (piglit-framework-gl.c:229) |
24 |
by 0x10949D: main (invalidate.c:47) |
25 |
Address 0xbe07d30 is 0 bytes after a block of size 4,096 alloc'd |
26 |
at 0x4C31B25: calloc (in |
27 |
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) |
28 |
by 0xB72DAAF: virgl_drm_cmd_buf_create (virgl_drm_winsys.c:567) |
29 |
|
30 |
* Also resize the space allocated for the handles, fixes: |
31 |
|
32 |
Invalid write of size 4 |
33 |
at 0xB72E4F0: virgl_drm_add_res (virgl_drm_winsys.c:631) |
34 |
by 0xB72E4F0: virgl_drm_emit_res (virgl_drm_winsys.c:663) |
35 |
by 0xB72A44A: virgl_encode_resource_copy_region (virgl_encode.c:776) |
36 |
by 0xB40CD12: st_copy_buffer_subdata (st_cb_bufferobjects.c:585) |
37 |
by 0xB244A3B: _mesa_CopyBufferSubData (bufferobj.c:2940) |
38 |
by 0x109A1E: upload (invalidate.c:169) |
39 |
by 0x109C2F: piglit_display (invalidate.c:215) |
40 |
by 0x4F80FBE: run_test (piglit_fbo_framework.c:52) |
41 |
by 0x4F66E5F: piglit_gl_test_run (piglit-framework-gl.c:229) |
42 |
by 0x10949D: main (invalidate.c:47) |
43 |
Address 0xbe08570 is 0 bytes after a block of size 2,048 alloc'd |
44 |
at 0x4C2FB0F: malloc ( |
45 |
in /usr/lib/valgrind/vgpreload_memcheck-amd64- linux.so) |
46 |
by 0xB72DAC8: virgl_drm_cmd_buf_create (virgl_drm_winsys.c:572) |
47 |
|
48 |
Fixes: 4b15b5e803e ("virgl: resize resource bo allocation if we need to.") |
49 |
|
50 |
v2: - Use REALLOC macro and avoid memory leak when re-allocation fails |
51 |
- add Fixes tag (both Emil Velikov) |
52 |
- reorder commit message |
53 |
|
54 |
Signed-off-by: Gert Wollny <gert.wollny@collabora.com> |
55 |
(cherry picked from commit 9b0e8d87233691c1f025002f1da89ed3f8f69583) |
56 |
--- |
57 |
.../winsys/virgl/drm/virgl_drm_winsys.c | 23 +++++++++++++++---- |
58 |
1 file changed, 18 insertions(+), 5 deletions(-) |
59 |
|
60 |
diff --git a/src/gallium/winsys/virgl/drm/virgl_drm_winsys.c b/src/gallium/winsys/virgl/drm/virgl_drm_winsys.c |
61 |
index aad6430c41..80c93be70c 100644 |
62 |
--- a/src/gallium/winsys/virgl/drm/virgl_drm_winsys.c |
63 |
+++ b/src/gallium/winsys/virgl/drm/virgl_drm_winsys.c |
64 |
@@ -617,13 +617,26 @@ static void virgl_drm_add_res(struct virgl_drm_winsys *qdws, |
65 |
{ |
66 |
unsigned hash = res->res_handle & (sizeof(cbuf->is_handle_added)-1); |
67 |
|
68 |
- if (cbuf->cres > cbuf->nres) { |
69 |
- cbuf->nres += 256; |
70 |
- cbuf->res_bo = realloc(cbuf->res_bo, cbuf->nres * sizeof(struct virgl_hw_buf*)); |
71 |
- if (!cbuf->res_bo) { |
72 |
- fprintf(stderr,"failure to add relocation %d, %d\n", cbuf->cres, cbuf->nres); |
73 |
+ if (cbuf->cres >= cbuf->nres) { |
74 |
+ unsigned new_nres = cbuf->nres + 256; |
75 |
+ void *new_ptr = REALLOC(cbuf->res_bo, |
76 |
+ cbuf->nres * sizeof(struct virgl_hw_buf*), |
77 |
+ new_nres * sizeof(struct virgl_hw_buf*)); |
78 |
+ if (!new_ptr) { |
79 |
+ fprintf(stderr,"failure to add relocation %d, %d\n", cbuf->cres, new_nres); |
80 |
return; |
81 |
} |
82 |
+ cbuf->res_bo = new_ptr; |
83 |
+ |
84 |
+ new_ptr = REALLOC(cbuf->res_hlist, |
85 |
+ cbuf->nres * sizeof(uint32_t), |
86 |
+ new_nres * sizeof(uint32_t)); |
87 |
+ if (!new_ptr) { |
88 |
+ fprintf(stderr,"failure to add hlist relocation %d, %d\n", cbuf->cres, cbuf->nres); |
89 |
+ return; |
90 |
+ } |
91 |
+ cbuf->res_hlist = new_ptr; |
92 |
+ cbuf->nres = new_nres; |
93 |
} |
94 |
|
95 |
cbuf->res_bo[cbuf->cres] = NULL; |
96 |
-- |
97 |
2.18.0 |
98 |
|