Skip to content

radeonsi: Check aux_context on si_destroy_screen()

The function radeonsi_screen_create_impl() tries to create the aux_context but doesn't actually check for the returned value from si_create_context().

Then, on si_destroy_screen() the aux_context is used without actually checking whether it's a thing or not.

As a result, if for any reason si_create_context() failed, we shall crash in si_destroy_screen() with a NULL pointer dereference trying to access ((struct si_context *)sscreen->aux_context)->log.

I think this is what is causing downstream issue https://bugzilla.redhat.com/show_bug.cgi?id=1975031.

The logs show:

Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: radeon:    size      : 65536 bytes
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: radeon:    alignment : 4096 bytes
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: radeon:    domains   : 4
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: radeon:    va        : 0x0000000100000000
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: radeon: Failed to deallocate virtual address for buffer:
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: radeon:    size      : 65536 bytes
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: radeon:    va        : 0x100000000
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: radeon: Failed to allocate virtual address for buffer:
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: radeon:    size      : 65536 bytes
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: radeon:    alignment : 4096 bytes
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: radeon:    domains   : 4
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: radeon:    va        : 0x0000000100000000
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: radeon: Failed to deallocate virtual address for buffer:
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: radeon:    size      : 65536 bytes
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: radeon:    va        : 0x100000000
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: radeonsi: Failed to create a context.
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: (EE)
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: (EE) Backtrace:
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: (EE) 0: /usr/bin/Xwayland (0x55bed1776000+0x1655f9) [0x55bed18db5f9]
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: (EE) 1: /usr/bin/Xwayland (0x55bed1776000+0x165702) [0x55bed18db702]
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: (EE) 2: /lib64/libc.so.6 (0x7f310da62000+0x3d320) [0x7f310da9f320]
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: (EE) 3: /usr/lib64/dri/radeonsi_dri.so (0x7f310b6aa000+0x961b34) [0x7f310c00bb34]
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: (EE) 4: /usr/lib64/dri/radeonsi_dri.so (0x7f310b6aa000+0x1b0345) [0x7f310b85a345]
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: (EE) 5: /usr/lib64/dri/radeonsi_dri.so (0x7f310b6aa000+0x1b0379) [0x7f310b85a379]
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: (EE) 6: /usr/lib64/dri/radeonsi_dri.so (0x7f310b6aa000+0x6c5393) [0x7f310bd6f393]
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: (EE) 7: /lib64/libEGL_mesa.so.0 (0x7f310d084000+0x1d1c7) [0x7f310d0a11c7]
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: (EE) 8: /lib64/libEGL_mesa.so.0 (0x7f310d084000+0x1d750) [0x7f310d0a1750]
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: (EE) 9: /lib64/libEGL_mesa.so.0 (0x7f310d084000+0x1130a) [0x7f310d09530a]
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: (EE) 10: /usr/bin/Xwayland (0x55bed1776000+0x42328) [0x55bed17b8328]
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: (EE) 11: /usr/bin/Xwayland (0x55bed1776000+0x35dfb) [0x55bed17abdfb]
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: (EE) 12: /lib64/libc.so.6 (__libc_start_main+0xd5) [0x7f310da89b75]
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: (EE) 13: /usr/bin/Xwayland (0x55bed1776000+0x3858e) [0x55bed17ae58e]
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: (EE)
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: (EE) Segmentation fault at address 0x520
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: (EE)
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: Fatal server error:
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: (EE) Caught signal 11 (Segmentation fault). Server aborting
Jun 20 15:00:55 fedora org.gnome.Shell.desktop[1365]: (EE)

So "radeonsi: Failed to create a context" is from si_create_context() and it returns NULL.

radeonsi_screen_create_impl() does:

1361    /* Create the auxiliary context. This must be done last. */
1362    sscreen->aux_context = si_create_context()

But doesn't seem to check whether the context was actually created.

Then, in si_destroy_screen(), it does:

 845    struct u_log_context *aux_log = ((struct si_context *)sscreen->aux_context)->log;

So if aux_context is NULL, that's a NULL pointer dereference.

And that's precisely the crash point in the backtrace:

  #7  <signal handler called>
  No locals.
  #8  0x00007f310c00bb34 in si_destroy_screen (pscreen=0x55bed3aeac80) at ../src/gallium/drivers/radeonsi/si_pipe.c:845
          sscreen = 0x55bed3aeac80
          parts = {0x7f310e272e00 <epoxy_eglQueryString>, 0x0, 0x0, 0x0, 0x0}
          i = <optimized out>
          aux_log = <optimized out>
  #9  0x00007f310b85a345 in dri_destroy_screen_helper (screen=0x55bed3ae5110) at ../src/gallium/frontends/dri/dri_screen.c:532
  No locals.
  […]

Merge request reports

Loading