diff options
author | Eric Anholt <[email protected]> | 2016-10-20 16:48:12 -0700 |
---|---|---|
committer | Eric Anholt <[email protected]> | 2016-10-21 14:12:06 -0700 |
commit | 1d7874fa7b4683cba8f8bc78c139402b989dd9df (patch) | |
tree | 50e419e79e478893e4f062a5f5c35c3b6a6300b8 /src/gallium/drivers/vc4/kernel | |
parent | 3f05fc62f924c051bdb883482452fb37650d5768 (diff) |
vc4: Fix termination of the initial scan for branch targets.
The loop is scanning until the original max_ip (size of the BO), but we
want to not examine any code after the PROG_END's delay slots. There was
a block trying to do that, except that we had some early continue
statements if the signal wasn't a PROG_END or a BRANCH.
The failure mode would be that a valid shader is rejected because some
undefined memory after the PROG_END slots is parsed as a branch and the
rest of its setup is illegal. I haven't seen this in the wild, but
valgrind was complaining and the new userland simulator code started
triggering it.
Diffstat (limited to 'src/gallium/drivers/vc4/kernel')
-rw-r--r-- | src/gallium/drivers/vc4/kernel/vc4_validate_shaders.c | 19 |
1 files changed, 8 insertions, 11 deletions
diff --git a/src/gallium/drivers/vc4/kernel/vc4_validate_shaders.c b/src/gallium/drivers/vc4/kernel/vc4_validate_shaders.c index 82717ca554a..0ff3d01f3f2 100644 --- a/src/gallium/drivers/vc4/kernel/vc4_validate_shaders.c +++ b/src/gallium/drivers/vc4/kernel/vc4_validate_shaders.c @@ -603,9 +603,7 @@ static bool vc4_validate_branches(struct vc4_shader_validation_state *validation_state) { uint32_t max_branch_target = 0; - bool found_shader_end = false; int ip; - int shader_end_ip = 0; int last_branch = -2; for (ip = 0; ip < validation_state->max_ip; ip++) { @@ -616,8 +614,13 @@ vc4_validate_branches(struct vc4_shader_validation_state *validation_state) uint32_t branch_target_ip; if (sig == QPU_SIG_PROG_END) { - shader_end_ip = ip; - found_shader_end = true; + /* There are two delay slots after program end is + * signaled that are still executed, then we're + * finished. validation_state->max_ip is the + * instruction after the last valid instruction in the + * program. + */ + validation_state->max_ip = ip + 3; continue; } @@ -671,15 +674,9 @@ vc4_validate_branches(struct vc4_shader_validation_state *validation_state) } set_bit(after_delay_ip, validation_state->branch_targets); max_branch_target = max(max_branch_target, after_delay_ip); - - /* There are two delay slots after program end is signaled - * that are still executed, then we're finished. - */ - if (found_shader_end && ip == shader_end_ip + 2) - break; } - if (max_branch_target > shader_end_ip) { + if (max_branch_target > validation_state->max_ip - 3) { DRM_ERROR("Branch landed after QPU_SIG_PROG_END"); return false; } |