[Mesa-dev] [PATCH 01/13] glx: Don't create a shared context if the other context isn't the same kind

Ian Romanick idr at freedesktop.org
Wed Dec 21 10:13:45 PST 2011 

On 12/21/2011 07:29 AM, Jose Fonseca wrote:
> Looks a sensible thing to do.
>
> I assume no DRI driver will ever want to hook vtable->destroy. If
> that  may eventually happen, then may be it is useful to add an
> assert(vtable->destroy == dri2_destroy_context) when the context is created.

This particular vtable isn't visible to the driver.  It is only used by 
the application facing part of GLX and the particular protocol back-end 
(DRI, DRI2, indirect GLX, etc.) being used.  The other thing I had 
thought of checking was that vtable pointed to the correct 
glx_screen_vtable (look for dri2_screen_vtable in src/glx/dri2_glx.c).

> ----- Original Message -----
>> From: Ian Romanick<ian.d.romanick at intel.com>
>>
>> Each of the DRI, DRI2, and DRISW backends contain code like the
>> following in their create-context routine:
>>
>>     if (shareList) {
>>        pcp_shared = (struct dri2_context *) shareList;
>>        shared = pcp_shared->driContext;
>>     }
>>
>> This assumes that the glx_context *shareList is actually the correct
>> derived type.  However, if shareList was created as an
>> indirect-rendering context, it will not be the expected type.  As a
>> result, shared will contain garbage.  This garbage will be passed to
>> the driver, and the driver will probably segfault.  This can be
>> observed with the following GLX code:
>>
>>      ctx0 = glXCreateContext(dpy, visinfo, NULL, False);
>>      ctx1 = glXCreateContext(dpy, visinfo, ctx0, True);
>>
>> Create-context is the only case where this occurs.  All other cases
>> where a context is passed to the backend, it is the 'this' pointer
>> (i.e., we got to the backend by call something from ctx->vtable).
>>
>> To work around this, check that the shareList->vtable->destroy method
>> is the same as the destroy method of the expected type.  We could
>> also
>> check that shareList->vtable matches the vtable or by adding a "tag"
>> to glx_context to identify the derived type.
>>
>> NOTE: This is a candidate for the 7.11 branch.
>>
>> Signed-off-by: Ian Romanick<ian.d.romanick at intel.com>
>> ---
>>   src/glx/dri2_glx.c  |    7 +++++++
>>   src/glx/dri_glx.c   |    7 +++++++
>>   src/glx/drisw_glx.c |    7 +++++++
>>   3 files changed, 21 insertions(+), 0 deletions(-)
>>
>> diff --git a/src/glx/dri2_glx.c b/src/glx/dri2_glx.c
>> index 553869a..f929fdd 100644
>> --- a/src/glx/dri2_glx.c
>> +++ b/src/glx/dri2_glx.c
>> @@ -185,6 +185,13 @@ dri2_create_context(struct glx_screen *base,
>>      __DRIcontext *shared = NULL;
>>
>>      if (shareList) {
>> +      /* If the shareList context is not a DRI2 context, we cannot
>> possibly
>> +       * create a DRI2 context that shares it.
>> +       */
>> +      if (shareList->vtable->destroy != dri2_destroy_context) {
>> +	 return NULL;
>> +      }
>> +
>>         pcp_shared = (struct dri2_context *) shareList;
>>         shared = pcp_shared->driContext;
>>      }
>> diff --git a/src/glx/dri_glx.c b/src/glx/dri_glx.c
>> index 666423a..9365224 100644
>> --- a/src/glx/dri_glx.c
>> +++ b/src/glx/dri_glx.c
>> @@ -587,6 +587,13 @@ dri_create_context(struct glx_screen *base,
>>         return NULL;
>>
>>      if (shareList) {
>> +      /* If the shareList context is not a DRI context, we cannot
>> possibly
>> +       * create a DRI context that shares it.
>> +       */
>> +      if (shareList->vtable->destroy != dri_destroy_context) {
>> +	 return NULL;
>> +      }
>> +
>>         pcp_shared = (struct dri_context *) shareList;
>>         shared = pcp_shared->driContext;
>>      }
>> diff --git a/src/glx/drisw_glx.c b/src/glx/drisw_glx.c
>> index fbc6be2..f988eeb 100644
>> --- a/src/glx/drisw_glx.c
>> +++ b/src/glx/drisw_glx.c
>> @@ -382,6 +382,13 @@ drisw_create_context(struct glx_screen *base,
>>         return NULL;
>>
>>      if (shareList) {
>> +      /* If the shareList context is not a DRISW context, we cannot
>> possibly
>> +       * create a DRISW context that shares it.
>> +       */
>> +      if (shareList->vtable->destroy != drisw_destroy_context) {
>> +	 return NULL;
>> +      }
>> +
>>         pcp_shared = (struct drisw_context *) shareList;
>>         shared = pcp_shared->driContext;
>>      }
>> --
>> 1.7.6.4
>>
>> _______________________________________________
>> mesa-dev mailing list
>> mesa-dev at lists.freedesktop.org
>> http://lists.freedesktop.org/mailman/listinfo/mesa-dev

More information about the mesa-dev mailing list