[Mesa-stable] [PATCH 1/6] i965/sync: Fix uninitalized usage and leak of mutex

Chad Versace chadversary at chromium.org
Wed Sep 28 06:51:19 UTC 2016


We locked an unitialized mutex in the callstack
    glClientWaitSync
    intel_gl_client_wait_sync
    brw_fence_client_wait_sync
because we forgot to initialize it in intel_gl_fence_sync.
(The EGLSync codepath didn't have this bug. It initialized the mutex in
intel_dri_create_sync).

We also forgot to tear down (mtx_destroy) the mutex when destroying
the sync object.

Cc: mesa-stable at lists.freedesktop.org
---
 src/mesa/drivers/dri/i965/intel_syncobj.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/src/mesa/drivers/dri/i965/intel_syncobj.c b/src/mesa/drivers/dri/i965/intel_syncobj.c
index dfda448..4276f3f 100644
--- a/src/mesa/drivers/dri/i965/intel_syncobj.c
+++ b/src/mesa/drivers/dri/i965/intel_syncobj.c
@@ -58,10 +58,20 @@ struct intel_gl_sync_object {
 };
 
 static void
+brw_fence_init(struct brw_context *brw, struct brw_fence *fence)
+{
+   fence->brw = brw;
+   fence->batch_bo = NULL;
+   mtx_init(&fence->mutex, mtx_plain);
+}
+
+static void
 brw_fence_finish(struct brw_fence *fence)
 {
    if (fence->batch_bo)
       drm_intel_bo_unreference(fence->batch_bo);
+
+   mtx_destroy(&fence->mutex);
 }
 
 static void
@@ -186,6 +196,7 @@ intel_gl_fence_sync(struct gl_context *ctx, struct gl_sync_object *s,
    struct brw_context *brw = brw_context(ctx);
    struct intel_gl_sync_object *sync = (struct intel_gl_sync_object *)s;
 
+   brw_fence_init(brw, &sync->fence);
    brw_fence_insert(brw, &sync->fence);
 }
 
@@ -240,8 +251,7 @@ intel_dri_create_fence(__DRIcontext *ctx)
    if (!fence)
       return NULL;
 
-   mtx_init(&fence->mutex, mtx_plain);
-   fence->brw = brw;
+   brw_fence_init(brw, fence);
    brw_fence_insert(brw, fence);
 
    return fence;
-- 
2.10.0



More information about the mesa-stable mailing list