Skip to content

vrend: Don't write buffer in vrend_pipe_resource_attach_iov()

Feng Jiang requested to merge flynnjiang/virglrenderer:fix-buffer into master

There will be a race condition between mempcy and vrend_write_to_iovec:

Guest:

  pipe_buffer_create
    virtio_gpu_resource_create_ioctl
      virtio_gpu_cmd_resource_create_3d
        VIRTIO_GPU_CMD_RESOURCE_CREATE_3D
      virtio_gpu_object_attach
        VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING
  pipe_buffer_map
  memcpy()

Host:

  virgl_renderer_resource_attach_iov
    vrend_pipe_resource_attach_iov
      vrend_write_to_iovec

When a resource is created and data is written immediately, the virglrenderer may not have or is performing an attach operation, then the data previously written by memcpy is overwritten by vrend_write_to_iovec in the attach operation

Signed-off-by: Feng Jiang jiangfeng@kylinos.cn

Merge request reports

Loading