[Mesa-dev] [PATCH 1/3] cso: don't release sampler states that are bound

[Marek Olšák]

From: Marek Olšák <marek.olsak at amd.com>

This fixes random radeonsi GPU hangs in Batman Arkham: Origins (Wine) and
probably many other games too.

cso_cache deletes sampler states when the cache size is too big and doesn't
check which sampler states are bound, causing use-after-free in drivers.
Because of that, radeonsi uploaded garbage sampler states and the hardware
went bananas. Other drivers may have experienced similar issues.

Cc: 13.0 12.0 <mesa-stable at lists.freedesktop.org>
---
 src/gallium/auxiliary/cso_cache/cso_cache.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/gallium/auxiliary/cso_cache/cso_cache.c b/src/gallium/auxiliary/cso_cache/cso_cache.c
index b240c93..1f3be4b 100644
--- a/src/gallium/auxiliary/cso_cache/cso_cache.c
+++ b/src/gallium/auxiliary/cso_cache/cso_cache.c
@@ -181,21 +181,23 @@ static inline void sanitize_cb(struct cso_hash *hash, enum cso_cache_type type,
       --to_remove;
    }
 }
 
 struct cso_hash_iter
 cso_insert_state(struct cso_cache *sc,
                  unsigned hash_key, enum cso_cache_type type,
                  void *state)
 {
    struct cso_hash *hash = _cso_hash_for_type(sc, type);
-   sanitize_hash(sc, hash, type, sc->max_size);
+
+   if (type != CSO_SAMPLER)
+      sanitize_hash(sc, hash, type, sc->max_size);
 
    return cso_hash_insert(hash, hash_key, state);
 }
 
 struct cso_hash_iter
 cso_find_state(struct cso_cache *sc,
                unsigned hash_key, enum cso_cache_type type)
 {
    struct cso_hash *hash = _cso_hash_for_type(sc, type);
 
-- 
2.7.4