| Summary: | double free when exporting a temporarily imported semaphore | ||
|---|---|---|---|
| Product: | Mesa | Reporter: | Craig Stout <cstout> |
| Component: | Drivers/Vulkan/intel | Assignee: | Intel 3D Bugs Mailing List <intel-3d-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Intel 3D Bugs Mailing List <intel-3d-bugs> |
| Severity: | normal | ||
| Priority: | medium | CC: | jason |
| Version: | 17.3 | ||
| Hardware: | Other | ||
| OS: | All | ||
| Whiteboard: | |||
| i915 platform: | i915 features: | ||
This should be fixed by the following commit on master: commit 237c5ac4f9748d254aa4c5428fec44cf753bc47d (public/master) Author: Jason Ekstrand <jason.ekstrand@intel.com> Date: Sat May 26 12:08:22 2018 -0700 anv: Set fence/semaphore types to NONE in impl_cleanup There were some places that were calling anv_semaphore_impl_cleanup and neither deleting the semaphore nor setting the type back to NONE. Just set it to NONE in impl_cleanup to avoid these issues. Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=106643 Fixes: 031f57eba "anv: Add a basic implementation of VK_KHX_external..." Reviewed-by: Lionel Landwerlin <lionel.g.landwerlin@intel.com> |
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.
At the bottom of anv_GetSemaphoreFdKHR: /* From the Vulkan 1.0.53 spec: * * "Export operations have the same transference as the specified handle * type’s import operations. [...] If the semaphore was using a * temporarily imported payload, the semaphore’s prior permanent payload * will be restored. */ if (impl == &semaphore->temporary) anv_semaphore_impl_cleanup(device, impl); If this happens, the underlying semaphore resource is released but the semaphore type is not updated to NONE. So, on Destroy, the semaphore resource will be released again. I think instead it should be: anv_semaphore_reset_temporary(device, semaphore);