Module: Mesa Branch: staging/23.2 Commit: 0e3f799bb95eb57ed8676c4e1321fabb22f16359 URL: http://cgit.freedesktop.org/mesa/mesa/commit/?id=0e3f799bb95eb57ed8676c4e1321fabb22f16359
Author: Mike Blumenkrantz <[email protected]> Date: Tue Sep 19 08:53:42 2023 -0400 zink: avoid UAF on wayland async present with to-be-retired swapchain wayland surfaces are likely to become unlinked in WSI implementations upon retiring a swapchain, requiring the pending present to complete in order to avoid invalid access cc: mesa-stable Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/25288> (cherry picked from commit aaabb5b0f209dfad32ff108a49f39871e688444f) --- .pick_status.json | 2 +- src/gallium/drivers/zink/zink_kopper.c | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/.pick_status.json b/.pick_status.json index 90d9cad5ba4..31b434700aa 100644 --- a/.pick_status.json +++ b/.pick_status.json @@ -564,7 +564,7 @@ "description": "zink: avoid UAF on wayland async present with to-be-retired swapchain", "nominated": true, "nomination_type": 0, - "resolution": 0, + "resolution": 1, "main_sha": null, "because_sha": null, "notes": null diff --git a/src/gallium/drivers/zink/zink_kopper.c b/src/gallium/drivers/zink/zink_kopper.c index 0ea3c5515b3..e5386b5e4b1 100644 --- a/src/gallium/drivers/zink/zink_kopper.c +++ b/src/gallium/drivers/zink/zink_kopper.c @@ -255,6 +255,9 @@ kopper_CreateSwapchain(struct zink_screen *screen, struct kopper_displaytarget * bool has_alpha = cdt->info.has_alpha && (cdt->caps.supportedCompositeAlpha & VK_COMPOSITE_ALPHA_PRE_MULTIPLIED_BIT_KHR); if (cdt->swapchain) { cswap->scci = cdt->swapchain->scci; + /* avoid UAF if async present needs to-be-retired swapchain */ + if (cdt->type == KOPPER_WAYLAND && cdt->swapchain->swapchain) + util_queue_fence_wait(&cdt->swapchain->present_fence); cswap->scci.oldSwapchain = cdt->swapchain->swapchain; } else { cswap->scci.sType = VK_STRUCTURE_TYPE_SWAPCHAIN_CREATE_INFO_KHR;
