From: Asahi Lina <lina@asahilina.net>
Date: Fri, 11 Aug 2023 08:04:00 +0000 (+0900)
Subject: asahi: Fix incorrect BO bitmap reallocations
X-Git-Tag: upstream/23.3.3~3441
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=c247de37bbcbfeb92971ce91ef774abe46afd815;p=platform%2Fupstream%2Fmesa.git

asahi: Fix incorrect BO bitmap reallocations

If the BO handle is greater than 2x what fits inside the current bitmap
size, then we end up overflowing. Make sure to always reallocate to a
large enough bitmap, not just 2x the previous size.

Found while replaying firefox apitraces with looping (which apparently
leaks a ton of objects, but that might just be apitrace).

Signed-off-by: Asahi Lina <lina@asahilina.net>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/24635>
---

diff --git a/src/gallium/drivers/asahi/agx_state.h b/src/gallium/drivers/asahi/agx_state.h
index 06c49ed..8aaa9e9 100644
--- a/src/gallium/drivers/asahi/agx_state.h
+++ b/src/gallium/drivers/asahi/agx_state.h
@@ -707,10 +707,14 @@ agx_batch_add_bo(struct agx_batch *batch, struct agx_bo *bo)
 {
    /* Double the size of the BO list if we run out, this is amortized O(1) */
    if (unlikely(bo->handle > agx_batch_bo_list_bits(batch))) {
+      unsigned word_count =
+         MAX2(batch->bo_list.word_count * 2,
+              util_next_power_of_two(BITSET_WORDS(bo->handle + 1)));
+
       batch->bo_list.set =
          rerzalloc(batch->ctx, batch->bo_list.set, BITSET_WORD,
-                   batch->bo_list.word_count, batch->bo_list.word_count * 2);
-      batch->bo_list.word_count *= 2;
+                   batch->bo_list.word_count, word_count);
+      batch->bo_list.word_count = word_count;
    }
 
    /* The batch holds a single reference to each BO in the batch, released when