Mesa (main): freedreno/ir3: Fix use after free

[GitLab Mirror]

Module: Mesa
Branch: main
Commit: 09f64f74db9e0dd22ef6e4bf616ac7bffde2a6fd
URL:    http://cgit.freedesktop.org/mesa/mesa/commit/?id=09f64f74db9e0dd22ef6e4bf616ac7bffde2a6fd

Author: Rob Clark <robdclark at chromium.org>
Date:   Sun Apr 18 09:10:07 2021 -0700

freedreno/ir3: Fix use after free

If the tex/sfu ssa src is from a different block than the one currently
being scheduled, we do not have a valid sched-node.  So fallback to
previous behavior rather than dereference an invalid ptr.

Fixes: 7821e5a3f8d ("ir3/sched: Don't penalize uses of already-waited tex/SFU")
Signed-off-by: Rob Clark <robdclark at chromium.org>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/10306>

---

 src/freedreno/ir3/ir3_sched.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/freedreno/ir3/ir3_sched.c b/src/freedreno/ir3/ir3_sched.c
index 431d7e98109..6d4a76ea03d 100644
--- a/src/freedreno/ir3/ir3_sched.c
+++ b/src/freedreno/ir3/ir3_sched.c
@@ -194,6 +194,12 @@ is_outstanding_tex_or_prefetch(struct ir3_instruction *instr, struct ir3_sched_c
 	if (!is_tex_or_prefetch(instr))
 		return false;
 
+	/* The sched node is only valid within the same block, we cannot
+	 * really say anything about src's from other blocks
+	 */
+	if (instr->block != ctx->block)
+		return true;
+
 	struct ir3_sched_node *n = instr->data;
 	return n->tex_index >= ctx->first_outstanding_tex_index;
 }
@@ -204,6 +210,12 @@ is_outstanding_sfu(struct ir3_instruction *instr, struct ir3_sched_ctx *ctx)
 	if (!is_sfu(instr))
 		return false;
 
+	/* The sched node is only valid within the same block, we cannot
+	 * really say anything about src's from other blocks
+	 */
+	if (instr->block != ctx->block)
+		return true;
+
 	struct ir3_sched_node *n = instr->data;
 	return n->sfu_index >= ctx->first_outstanding_sfu_index;
 }