Module: Mesa Branch: staging/23.3 Commit: a317466914af5de90924dd8e24ac047c977e9565 URL: http://cgit.freedesktop.org/mesa/mesa/commit/?id=a317466914af5de90924dd8e24ac047c977e9565
Author: José Expósito <jexpo...@redhat.com> Date: Fri Nov 3 14:15:06 2023 +0100 zink: Fix crash on zink_create_screen error path The `zink_internal_create_screen()` function can fail before `screen->loader_lib` and/or `screen->instance` are initialized. The `zink_destroy_screen()` doesn't check those cases and crashes. The error was found by Fedora's CI. The back trace is available at [1]. [1] https://bodhi.fedoraproject.org/updates/FEDORA-2023-c39f82c465 Fixes: 0c2045553fe4 ("zink: use screen destructor for creation fails") Reviewed-by: Erik Faye-Lund <erik.faye-l...@collabora.com> Signed-off-by: José Expósito <jexpo...@redhat.com> Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/26029> (cherry picked from commit 8a635e516ebb12411de8055c3405f36be43269b3) --- .pick_status.json | 2 +- src/gallium/drivers/zink/zink_screen.c | 8 ++++++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.pick_status.json b/.pick_status.json index ee8dee82cbd..401ec8064bc 100644 --- a/.pick_status.json +++ b/.pick_status.json @@ -564,7 +564,7 @@ "description": "zink: Fix crash on zink_create_screen error path", "nominated": true, "nomination_type": 1, - "resolution": 0, + "resolution": 1, "main_sha": null, "because_sha": "0c2045553fe4b3f337935cf007ba3920497e51a0", "notes": null diff --git a/src/gallium/drivers/zink/zink_screen.c b/src/gallium/drivers/zink/zink_screen.c index 74b575ed658..0edb8d5f35e 100644 --- a/src/gallium/drivers/zink/zink_screen.c +++ b/src/gallium/drivers/zink/zink_screen.c @@ -1520,10 +1520,14 @@ zink_destroy_screen(struct pipe_screen *pscreen) if (screen->dev) VKSCR(DestroyDevice)(screen->dev, NULL); - VKSCR(DestroyInstance)(screen->instance, NULL); + if (screen->instance) + VKSCR(DestroyInstance)(screen->instance, NULL); + util_idalloc_mt_fini(&screen->buffer_ids); - util_dl_close(screen->loader_lib); + if (screen->loader_lib) + util_dl_close(screen->loader_lib); + if (screen->drm_fd != -1) close(screen->drm_fd);
