diff options
author | Jason Ekstrand <[email protected]> | 2019-10-25 14:28:02 -0500 |
---|---|---|
committer | Jason Ekstrand <[email protected]> | 2019-10-31 13:46:08 +0000 |
commit | c4be72934ee36b3954ae76a0ae42f5daed9f6900 (patch) | |
tree | ad30114662643402375664f824cddd00974f3c9a | |
parent | bbf389013ff851b3d60fee92fccf7c6cb94e4e29 (diff) |
anv: Fix a relocation race condition
Previously, we would read the offset from the BO in anv_reloc_list_add
to generate the presumed offset and then again in the caller to compute
the 64-bit address to write into the buffer. However, if the offset
somehow changed between these two points, the presumed offset would no
longer match the written offset. This is unlikely to actually ever be a
problem in practice because the presumed offset gets recorded first and
so if the written address is wrong then the presumed offset is almost
certainly wrong and the relocation will trigger. However, it's much
safer to simply have anv_reloc_list_add return the 64-bit address.
Reviewed-by: Lionel Landwerlin <[email protected]>
-rw-r--r-- | src/intel/vulkan/anv_batch_chain.c | 17 | ||||
-rw-r--r-- | src/intel/vulkan/anv_private.h | 2 | ||||
-rw-r--r-- | src/intel/vulkan/genX_blorp_exec.c | 8 | ||||
-rw-r--r-- | src/intel/vulkan/genX_cmd_buffer.c | 10 |
4 files changed, 25 insertions, 12 deletions
diff --git a/src/intel/vulkan/anv_batch_chain.c b/src/intel/vulkan/anv_batch_chain.c index c5362aaebc2..b64e36c9523 100644 --- a/src/intel/vulkan/anv_batch_chain.c +++ b/src/intel/vulkan/anv_batch_chain.c @@ -143,14 +143,21 @@ anv_reloc_list_grow(struct anv_reloc_list *list, return VK_SUCCESS; } +#define READ_ONCE(x) (*(volatile __typeof__(x) *)&(x)) + VkResult anv_reloc_list_add(struct anv_reloc_list *list, const VkAllocationCallbacks *alloc, - uint32_t offset, struct anv_bo *target_bo, uint32_t delta) + uint32_t offset, struct anv_bo *target_bo, uint32_t delta, + uint64_t *address_u64_out) { struct drm_i915_gem_relocation_entry *entry; int index; + uint64_t target_bo_offset = READ_ONCE(target_bo->offset); + if (address_u64_out) + *address_u64_out = target_bo_offset + delta; + if (target_bo->flags & EXEC_OBJECT_PINNED) { if (list->deps == NULL) { list->deps = _mesa_pointer_set_create(NULL); @@ -172,7 +179,7 @@ anv_reloc_list_add(struct anv_reloc_list *list, entry->target_handle = target_bo->gem_handle; entry->delta = delta; entry->offset = offset; - entry->presumed_offset = target_bo->offset; + entry->presumed_offset = target_bo_offset; entry->read_domains = 0; entry->write_domain = 0; VG(VALGRIND_CHECK_MEM_IS_DEFINED(entry, sizeof(*entry))); @@ -241,14 +248,16 @@ uint64_t anv_batch_emit_reloc(struct anv_batch *batch, void *location, struct anv_bo *bo, uint32_t delta) { + uint64_t address_u64 = 0; VkResult result = anv_reloc_list_add(batch->relocs, batch->alloc, - location - batch->start, bo, delta); + location - batch->start, bo, delta, + &address_u64); if (result != VK_SUCCESS) { anv_batch_set_error(batch, result); return 0; } - return bo->offset + delta; + return address_u64; } void diff --git a/src/intel/vulkan/anv_private.h b/src/intel/vulkan/anv_private.h index db00494e5a5..f3f718a4855 100644 --- a/src/intel/vulkan/anv_private.h +++ b/src/intel/vulkan/anv_private.h @@ -1317,7 +1317,7 @@ void anv_reloc_list_finish(struct anv_reloc_list *list, VkResult anv_reloc_list_add(struct anv_reloc_list *list, const VkAllocationCallbacks *alloc, uint32_t offset, struct anv_bo *target_bo, - uint32_t delta); + uint32_t delta, uint64_t *address_u64_out); struct anv_batch_bo { /* Link in the anv_cmd_buffer.owned_batch_bos list */ diff --git a/src/intel/vulkan/genX_blorp_exec.c b/src/intel/vulkan/genX_blorp_exec.c index 9c754f7318e..7ac603abb28 100644 --- a/src/intel/vulkan/genX_blorp_exec.c +++ b/src/intel/vulkan/genX_blorp_exec.c @@ -57,17 +57,17 @@ blorp_surface_reloc(struct blorp_batch *batch, uint32_t ss_offset, struct blorp_address address, uint32_t delta) { struct anv_cmd_buffer *cmd_buffer = batch->driver_batch; + uint64_t address_u64 = 0; VkResult result = anv_reloc_list_add(&cmd_buffer->surface_relocs, &cmd_buffer->pool->alloc, - ss_offset, address.buffer, address.offset + delta); + ss_offset, address.buffer, address.offset + delta, + &address_u64); if (result != VK_SUCCESS) anv_batch_set_error(&cmd_buffer->batch, result); void *dest = anv_block_pool_map( &cmd_buffer->device->surface_state_pool.block_pool, ss_offset); - uint64_t val = ((struct anv_bo*)address.buffer)->offset + address.offset + - delta; - write_reloc(cmd_buffer->device, dest, val, false); + write_reloc(cmd_buffer->device, dest, address_u64, false); } static uint64_t diff --git a/src/intel/vulkan/genX_cmd_buffer.c b/src/intel/vulkan/genX_cmd_buffer.c index a4223bfd1ef..f7a49147394 100644 --- a/src/intel/vulkan/genX_cmd_buffer.c +++ b/src/intel/vulkan/genX_cmd_buffer.c @@ -207,7 +207,7 @@ add_surface_reloc(struct anv_cmd_buffer *cmd_buffer, VkResult result = anv_reloc_list_add(&cmd_buffer->surface_relocs, &cmd_buffer->pool->alloc, state.offset + isl_dev->ss.addr_offset, - addr.bo, addr.offset); + addr.bo, addr.offset, NULL); if (result != VK_SUCCESS) anv_batch_set_error(&cmd_buffer->batch, result); } @@ -226,7 +226,9 @@ add_surface_state_relocs(struct anv_cmd_buffer *cmd_buffer, anv_reloc_list_add(&cmd_buffer->surface_relocs, &cmd_buffer->pool->alloc, state.state.offset + isl_dev->ss.aux_addr_offset, - state.aux_address.bo, state.aux_address.offset); + state.aux_address.bo, + state.aux_address.offset, + NULL); if (result != VK_SUCCESS) anv_batch_set_error(&cmd_buffer->batch, result); } @@ -237,7 +239,9 @@ add_surface_state_relocs(struct anv_cmd_buffer *cmd_buffer, &cmd_buffer->pool->alloc, state.state.offset + isl_dev->ss.clear_color_state_offset, - state.clear_address.bo, state.clear_address.offset); + state.clear_address.bo, + state.clear_address.offset, + NULL); if (result != VK_SUCCESS) anv_batch_set_error(&cmd_buffer->batch, result); } |