1 From 57b0774967d7ea8d4173f82387100a84e4ba05d8 Mon Sep 17 00:00:00 2001
2 From: Eric Anholt <eric@anholt.net>
3 Date: Thu, 20 Oct 2016 16:48:12 -0700
4 Subject: [PATCH] drm/vc4: Fix termination of the initial scan for branch
7 The loop is scanning until the original max_ip (size of the BO), but
8 we want to not examine any code after the PROG_END's delay slots.
9 There was a block trying to do that, except that we had some early
10 continue statements if the signal wasn't a PROG_END or a BRANCH.
12 The failure mode would be that a valid shader is rejected because some
13 undefined memory after the PROG_END slots is parsed as a branch and
14 the rest of its setup is illegal. I haven't seen this in the wild,
15 but valgrind was complaining when about this up in the userland
18 Signed-off-by: Eric Anholt <eric@anholt.net>
19 (cherry picked from commit 457e67a728696c4f8e6423c64e93def50530db9a)
21 drivers/gpu/drm/vc4/vc4_validate_shaders.c | 19 ++++++++-----------
22 1 file changed, 8 insertions(+), 11 deletions(-)
24 --- a/drivers/gpu/drm/vc4/vc4_validate_shaders.c
25 +++ b/drivers/gpu/drm/vc4/vc4_validate_shaders.c
26 @@ -608,9 +608,7 @@ static bool
27 vc4_validate_branches(struct vc4_shader_validation_state *validation_state)
29 uint32_t max_branch_target = 0;
30 - bool found_shader_end = false;
32 - int shader_end_ip = 0;
35 for (ip = 0; ip < validation_state->max_ip; ip++) {
36 @@ -621,8 +619,13 @@ vc4_validate_branches(struct vc4_shader_
37 uint32_t branch_target_ip;
39 if (sig == QPU_SIG_PROG_END) {
41 - found_shader_end = true;
42 + /* There are two delay slots after program end is
43 + * signaled that are still executed, then we're
44 + * finished. validation_state->max_ip is the
45 + * instruction after the last valid instruction in the
48 + validation_state->max_ip = ip + 3;
52 @@ -676,15 +679,9 @@ vc4_validate_branches(struct vc4_shader_
54 set_bit(after_delay_ip, validation_state->branch_targets);
55 max_branch_target = max(max_branch_target, after_delay_ip);
57 - /* There are two delay slots after program end is signaled
58 - * that are still executed, then we're finished.
60 - if (found_shader_end && ip == shader_end_ip + 2)
64 - if (max_branch_target > shader_end_ip) {
65 + if (max_branch_target > validation_state->max_ip - 3) {
66 DRM_ERROR("Branch landed after QPU_SIG_PROG_END");