| 1 |
From fb41d6e95c40e024b2dc1339e44a004061606837 Mon Sep 17 00:00:00 2001 |
| 2 |
From: Gert Wollny <gert.wollny@collabora.com> |
| 3 |
Date: Mon, 3 Sep 2018 10:05:44 +0200 |
| 4 |
Subject: [PATCH 02/20] winsys/virgl: correct resource and handle allocation |
| 5 |
(v2) |
| 6 |
|
| 7 |
Fixes crash with |
| 8 |
piglit/bin/map_buffer_range-invalidate CopyBufferSubData \ |
| 9 |
increment-offset -auto -fbo |
| 10 |
|
| 11 |
* Resize the resource storage already when the count is equal to the |
| 12 |
allocated size, fixes: |
| 13 |
|
| 14 |
Invalid write of size 8 |
| 15 |
at 0xB72E4CF: virgl_drm_add_res (virgl_drm_winsys.c:629) |
| 16 |
by 0xB72E4CF: virgl_drm_emit_res (virgl_drm_winsys.c:663) |
| 17 |
by 0xB72A44A: virgl_encode_resource_copy_region (virgl_encode.c:776) |
| 18 |
by 0xB40CD12: st_copy_buffer_subdata (st_cb_bufferobjects.c:585) |
| 19 |
by 0xB244A3B: _mesa_CopyBufferSubData (bufferobj.c:2940) |
| 20 |
by 0x109A1E: upload (invalidate.c:169) |
| 21 |
by 0x109C2F: piglit_display (invalidate.c:215) |
| 22 |
by 0x4F80FBE: run_test (piglit_fbo_framework.c:52) |
| 23 |
by 0x4F66E5F: piglit_gl_test_run (piglit-framework-gl.c:229) |
| 24 |
by 0x10949D: main (invalidate.c:47) |
| 25 |
Address 0xbe07d30 is 0 bytes after a block of size 4,096 alloc'd |
| 26 |
at 0x4C31B25: calloc (in |
| 27 |
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) |
| 28 |
by 0xB72DAAF: virgl_drm_cmd_buf_create (virgl_drm_winsys.c:567) |
| 29 |
|
| 30 |
* Also resize the space allocated for the handles, fixes: |
| 31 |
|
| 32 |
Invalid write of size 4 |
| 33 |
at 0xB72E4F0: virgl_drm_add_res (virgl_drm_winsys.c:631) |
| 34 |
by 0xB72E4F0: virgl_drm_emit_res (virgl_drm_winsys.c:663) |
| 35 |
by 0xB72A44A: virgl_encode_resource_copy_region (virgl_encode.c:776) |
| 36 |
by 0xB40CD12: st_copy_buffer_subdata (st_cb_bufferobjects.c:585) |
| 37 |
by 0xB244A3B: _mesa_CopyBufferSubData (bufferobj.c:2940) |
| 38 |
by 0x109A1E: upload (invalidate.c:169) |
| 39 |
by 0x109C2F: piglit_display (invalidate.c:215) |
| 40 |
by 0x4F80FBE: run_test (piglit_fbo_framework.c:52) |
| 41 |
by 0x4F66E5F: piglit_gl_test_run (piglit-framework-gl.c:229) |
| 42 |
by 0x10949D: main (invalidate.c:47) |
| 43 |
Address 0xbe08570 is 0 bytes after a block of size 2,048 alloc'd |
| 44 |
at 0x4C2FB0F: malloc ( |
| 45 |
in /usr/lib/valgrind/vgpreload_memcheck-amd64- linux.so) |
| 46 |
by 0xB72DAC8: virgl_drm_cmd_buf_create (virgl_drm_winsys.c:572) |
| 47 |
|
| 48 |
Fixes: 4b15b5e803e ("virgl: resize resource bo allocation if we need to.") |
| 49 |
|
| 50 |
v2: - Use REALLOC macro and avoid memory leak when re-allocation fails |
| 51 |
- add Fixes tag (both Emil Velikov) |
| 52 |
- reorder commit message |
| 53 |
|
| 54 |
Signed-off-by: Gert Wollny <gert.wollny@collabora.com> |
| 55 |
(cherry picked from commit 9b0e8d87233691c1f025002f1da89ed3f8f69583) |
| 56 |
--- |
| 57 |
.../winsys/virgl/drm/virgl_drm_winsys.c | 23 +++++++++++++++---- |
| 58 |
1 file changed, 18 insertions(+), 5 deletions(-) |
| 59 |
|
| 60 |
diff --git a/src/gallium/winsys/virgl/drm/virgl_drm_winsys.c b/src/gallium/winsys/virgl/drm/virgl_drm_winsys.c |
| 61 |
index aad6430c41..80c93be70c 100644 |
| 62 |
--- a/src/gallium/winsys/virgl/drm/virgl_drm_winsys.c |
| 63 |
+++ b/src/gallium/winsys/virgl/drm/virgl_drm_winsys.c |
| 64 |
@@ -617,13 +617,26 @@ static void virgl_drm_add_res(struct virgl_drm_winsys *qdws, |
| 65 |
{ |
| 66 |
unsigned hash = res->res_handle & (sizeof(cbuf->is_handle_added)-1); |
| 67 |
|
| 68 |
- if (cbuf->cres > cbuf->nres) { |
| 69 |
- cbuf->nres += 256; |
| 70 |
- cbuf->res_bo = realloc(cbuf->res_bo, cbuf->nres * sizeof(struct virgl_hw_buf*)); |
| 71 |
- if (!cbuf->res_bo) { |
| 72 |
- fprintf(stderr,"failure to add relocation %d, %d\n", cbuf->cres, cbuf->nres); |
| 73 |
+ if (cbuf->cres >= cbuf->nres) { |
| 74 |
+ unsigned new_nres = cbuf->nres + 256; |
| 75 |
+ void *new_ptr = REALLOC(cbuf->res_bo, |
| 76 |
+ cbuf->nres * sizeof(struct virgl_hw_buf*), |
| 77 |
+ new_nres * sizeof(struct virgl_hw_buf*)); |
| 78 |
+ if (!new_ptr) { |
| 79 |
+ fprintf(stderr,"failure to add relocation %d, %d\n", cbuf->cres, new_nres); |
| 80 |
return; |
| 81 |
} |
| 82 |
+ cbuf->res_bo = new_ptr; |
| 83 |
+ |
| 84 |
+ new_ptr = REALLOC(cbuf->res_hlist, |
| 85 |
+ cbuf->nres * sizeof(uint32_t), |
| 86 |
+ new_nres * sizeof(uint32_t)); |
| 87 |
+ if (!new_ptr) { |
| 88 |
+ fprintf(stderr,"failure to add hlist relocation %d, %d\n", cbuf->cres, cbuf->nres); |
| 89 |
+ return; |
| 90 |
+ } |
| 91 |
+ cbuf->res_hlist = new_ptr; |
| 92 |
+ cbuf->nres = new_nres; |
| 93 |
} |
| 94 |
|
| 95 |
cbuf->res_bo[cbuf->cres] = NULL; |
| 96 |
-- |
| 97 |
2.18.0 |
| 98 |
|
Parent Directory
| 
Revision Log