From abfb950aa82c8e0ea15f6d7b5ffd05c973911ea5 Mon Sep 17 00:00:00 2001 From: Mike Blumenkrantz Date: Tue, 30 Jan 2024 07:47:45 -0500 Subject: [PATCH] zink: always map descriptor buffers as COHERENT this is already implied since the buffers must be BAR-allocated, but it ensures the context isn't accessed during unmap Fixes: b06f6e00fba ("zink: fix heap-use-after-free on batch_state with sub-allocated pipe_resources") Part-of: (cherry picked from commit c900cca96c4cf6766f5b855e07a0ea4d2584bf22) --- .pick_status.json | 2 +- src/gallium/drivers/zink/zink_descriptors.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.pick_status.json b/.pick_status.json index 89272c62e1c..457d36d7e88 100644 --- a/.pick_status.json +++ b/.pick_status.json @@ -494,7 +494,7 @@ "description": "zink: always map descriptor buffers as COHERENT", "nominated": true, "nomination_type": 1, - "resolution": 0, + "resolution": 1, "main_sha": null, "because_sha": "b06f6e00fba6e33c28a198a1bb14b89e9dfbb4ae", "notes": null diff --git a/src/gallium/drivers/zink/zink_descriptors.c b/src/gallium/drivers/zink/zink_descriptors.c index b7e0ded9ffc..1c3b3fe71be 100644 --- a/src/gallium/drivers/zink/zink_descriptors.c +++ b/src/gallium/drivers/zink/zink_descriptors.c @@ -1593,7 +1593,7 @@ zink_batch_descriptor_init(struct zink_screen *screen, struct zink_batch_state * if (!pres) return false; bs->dd.db = zink_resource(pres); - bs->dd.db_map = pipe_buffer_map(&bs->ctx->base, pres, PIPE_MAP_READ | PIPE_MAP_WRITE | PIPE_MAP_PERSISTENT | PIPE_MAP_THREAD_SAFE, &bs->dd.db_xfer); + bs->dd.db_map = pipe_buffer_map(&bs->ctx->base, pres, PIPE_MAP_READ | PIPE_MAP_WRITE | PIPE_MAP_PERSISTENT | PIPE_MAP_COHERENT | PIPE_MAP_THREAD_SAFE, &bs->dd.db_xfer); } return true; }