Bug 106643 - double free when exporting a temporarily imported semaphore
Summary: double free when exporting a temporarily imported semaphore
Alias: None
Product: Mesa
Classification: Unclassified
Component: Drivers/Vulkan/intel (show other bugs)
Version: 17.3
Hardware: Other All
: medium normal
Assignee: Intel 3D Bugs Mailing List
QA Contact: Intel 3D Bugs Mailing List
Depends on:
Reported: 2018-05-24 19:50 UTC by Craig Stout
Modified: 2018-06-07 16:48 UTC (History)
1 user (show)

See Also:
i915 platform:
i915 features:


Description Craig Stout 2018-05-24 19:50:48 UTC
At the bottom of anv_GetSemaphoreFdKHR:

   /* From the Vulkan 1.0.53 spec:
    *    "Export operations have the same transference as the specified handle
    *    type’s import operations. [...] If the semaphore was using a
    *    temporarily imported payload, the semaphore’s prior permanent payload
    *    will be restored.
   if (impl == &semaphore->temporary)
      anv_semaphore_impl_cleanup(device, impl);

If this happens, the underlying semaphore resource is released but the semaphore type is not updated to NONE.  

So, on Destroy, the semaphore resource will be released again.

I think instead it should be:

    anv_semaphore_reset_temporary(device, semaphore);
Comment 1 Jason Ekstrand 2018-06-07 00:48:55 UTC
Comment 2 Jason Ekstrand 2018-06-07 16:48:20 UTC
This should be fixed by the following commit on master:

commit 237c5ac4f9748d254aa4c5428fec44cf753bc47d (public/master)
Author: Jason Ekstrand <jason.ekstrand@intel.com>
Date:   Sat May 26 12:08:22 2018 -0700

    anv: Set fence/semaphore types to NONE in impl_cleanup
    There were some places that were calling anv_semaphore_impl_cleanup and
    neither deleting the semaphore nor setting the type back to NONE.  Just
    set it to NONE in impl_cleanup to avoid these issues.
    Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=106643
    Fixes: 031f57eba "anv: Add a basic implementation of VK_KHX_external..."
    Reviewed-by: Lionel Landwerlin <lionel.g.landwerlin@intel.com>

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.