From 6ac469a6c33d7b5b6a1e0abcb4761e9ca05fa449 Mon Sep 17 00:00:00 2001 From: Jason Ekstrand Date: Wed, 7 Sep 2016 21:33:48 -0700 Subject: anv/allocator: Use VG_NOACCESS_WRITE in anv_bo_pool_free Previously, we were relying on the fact that VALGRIND_MEMPOOL_FREE came later on in the function to prevent "link->bo = bo" from causing an invalid write. However, in the case where the size requested by the user is very small (less than sizeof(struct anv_bo)), this isn't sufficient. Instead, we should call VALGRIND_MEMPOOL_FREE early and then use VG_NOACCESS_WRITE. We do, however, have to call VALGRIND_MEMPOOL_FREE after reading bo_in because it may be stored in the bo itself. Signed-off-by: Jason Ekstrand --- src/intel/vulkan/anv_allocator.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/intel/vulkan/anv_allocator.c b/src/intel/vulkan/anv_allocator.c index 457a88f..c1687b9 100644 --- a/src/intel/vulkan/anv_allocator.c +++ b/src/intel/vulkan/anv_allocator.c @@ -865,15 +865,17 @@ anv_bo_pool_free(struct anv_bo_pool *pool, const struct anv_bo *bo_in) { /* Make a copy in case the anv_bo happens to be storred in the BO */ struct anv_bo bo = *bo_in; + + VG(VALGRIND_MEMPOOL_FREE(pool, bo.map)); + struct bo_pool_bo_link *link = bo.map; - link->bo = bo; + VG_NOACCESS_WRITE(&link->bo, bo); assert(util_is_power_of_two(bo.size)); const unsigned size_log2 = ilog2_round_up(bo.size); const unsigned bucket = size_log2 - 12; assert(bucket < ARRAY_SIZE(pool->free_list)); - VG(VALGRIND_MEMPOOL_FREE(pool, bo.map)); anv_ptr_free_list_push(&pool->free_list[bucket], link); } -- cgit v1.1