[Mesa-stable] [PATCH 1/4] i965/sync: Fix uninitalized usage and leak of mutex
Chad Versace
chadversary at chromium.org
Tue Oct 4 22:37:53 UTC 2016
We locked an unitialized mutex in the callstack
glClientWaitSync
intel_gl_client_wait_sync
brw_fence_client_wait_sync
because we forgot to initialize it in intel_gl_fence_sync.
(The EGLSync codepath didn't have this bug. It initialized the mutex in
intel_dri_create_sync).
We also forgot to tear down (mtx_destroy) the mutex when destroying
the sync object.
Cc: mesa-stable at lists.freedesktop.org
---
src/mesa/drivers/dri/i965/intel_syncobj.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/src/mesa/drivers/dri/i965/intel_syncobj.c b/src/mesa/drivers/dri/i965/intel_syncobj.c
index dfda448..4276f3f 100644
--- a/src/mesa/drivers/dri/i965/intel_syncobj.c
+++ b/src/mesa/drivers/dri/i965/intel_syncobj.c
@@ -58,10 +58,20 @@ struct intel_gl_sync_object {
};
static void
+brw_fence_init(struct brw_context *brw, struct brw_fence *fence)
+{
+ fence->brw = brw;
+ fence->batch_bo = NULL;
+ mtx_init(&fence->mutex, mtx_plain);
+}
+
+static void
brw_fence_finish(struct brw_fence *fence)
{
if (fence->batch_bo)
drm_intel_bo_unreference(fence->batch_bo);
+
+ mtx_destroy(&fence->mutex);
}
static void
@@ -186,6 +196,7 @@ intel_gl_fence_sync(struct gl_context *ctx, struct gl_sync_object *s,
struct brw_context *brw = brw_context(ctx);
struct intel_gl_sync_object *sync = (struct intel_gl_sync_object *)s;
+ brw_fence_init(brw, &sync->fence);
brw_fence_insert(brw, &sync->fence);
}
@@ -240,8 +251,7 @@ intel_dri_create_fence(__DRIcontext *ctx)
if (!fence)
return NULL;
- mtx_init(&fence->mutex, mtx_plain);
- fence->brw = brw;
+ brw_fence_init(brw, fence);
brw_fence_insert(brw, fence);
return fence;
--
2.10.0
More information about the mesa-stable
mailing list