Mesa (master): r300g: don't crash when getting NULL colorbuffers
Marek Olšák
mareko at kemper.freedesktop.org
Thu Apr 24 23:40:43 UTC 2014
Module: Mesa
Branch: master
Commit: e522c455e40b06a89885d413d564df40015259b3
URL: http://cgit.freedesktop.org/mesa/mesa/commit/?id=e522c455e40b06a89885d413d564df40015259b3
Author: Marek Olšák <marek.olsak at amd.com>
Date: Sun Apr 20 04:32:24 2014 +0200
r300g: don't crash when getting NULL colorbuffers
Cc: mesa-stable at lists.freedesktop.org
---
src/gallium/drivers/r300/r300_blit.c | 4 +--
src/gallium/drivers/r300/r300_context.h | 14 ++++++++++
src/gallium/drivers/r300/r300_emit.c | 25 +++++++++++------
src/gallium/drivers/r300/r300_state.c | 46 +++++++++++++++++++------------
4 files changed, 60 insertions(+), 29 deletions(-)
diff --git a/src/gallium/drivers/r300/r300_blit.c b/src/gallium/drivers/r300/r300_blit.c
index cc9ea8a..05e55f3 100644
--- a/src/gallium/drivers/r300/r300_blit.c
+++ b/src/gallium/drivers/r300/r300_blit.c
@@ -130,7 +130,7 @@ static boolean r300_cbzb_clear_allowed(struct r300_context *r300,
(struct pipe_framebuffer_state*)r300->fb_state.state;
/* Only color clear allowed, and only one colorbuffer. */
- if ((clear_buffers & ~PIPE_CLEAR_COLOR) != 0 || fb->nr_cbufs != 1)
+ if ((clear_buffers & ~PIPE_CLEAR_COLOR) != 0 || fb->nr_cbufs != 1 || !fb->cbufs[0])
return FALSE;
return r300_surface(fb->cbufs[0])->cbzb_allowed;
@@ -313,7 +313,7 @@ static void r300_clear(struct pipe_context* pipe,
/* Use fast color clear for an AA colorbuffer.
* The CMASK is shared between all colorbuffers, so we use it
* if there is only one colorbuffer bound. */
- if ((buffers & PIPE_CLEAR_COLOR) && fb->nr_cbufs == 1 &&
+ if ((buffers & PIPE_CLEAR_COLOR) && fb->nr_cbufs == 1 && fb->cbufs[0] &&
r300_resource(fb->cbufs[0]->texture)->tex.cmask_dwords) {
/* Try to obtain the access to the CMASK if we don't have one. */
if (!r300->cmask_access) {
diff --git a/src/gallium/drivers/r300/r300_context.h b/src/gallium/drivers/r300/r300_context.h
index e6b0181..8736cc7 100644
--- a/src/gallium/drivers/r300/r300_context.h
+++ b/src/gallium/drivers/r300/r300_context.h
@@ -688,6 +688,20 @@ static INLINE void r300_mark_atom_dirty(struct r300_context *r300,
}
}
+static INLINE struct pipe_surface *
+r300_get_nonnull_cb(struct pipe_framebuffer_state *fb, unsigned i)
+{
+ if (fb->cbufs[i])
+ return fb->cbufs[i];
+
+ /* The i-th framebuffer is NULL, return any non-NULL one. */
+ for (i = 0; i < fb->nr_cbufs; i++)
+ if (fb->cbufs[i])
+ return fb->cbufs[i];
+
+ return NULL;
+}
+
struct pipe_context* r300_create_context(struct pipe_screen* screen,
void *priv);
diff --git a/src/gallium/drivers/r300/r300_emit.c b/src/gallium/drivers/r300/r300_emit.c
index 9f16413..b201334 100644
--- a/src/gallium/drivers/r300/r300_emit.c
+++ b/src/gallium/drivers/r300/r300_emit.c
@@ -42,15 +42,18 @@ void r300_emit_blend_state(struct r300_context* r300,
struct r300_blend_state* blend = (struct r300_blend_state*)state;
struct pipe_framebuffer_state* fb =
(struct pipe_framebuffer_state*)r300->fb_state.state;
+ struct pipe_surface *cb;
CS_LOCALS(r300);
- if (fb->nr_cbufs) {
- if (fb->cbufs[0]->format == PIPE_FORMAT_R16G16B16A16_FLOAT) {
+ cb = fb->nr_cbufs ? r300_get_nonnull_cb(fb, 0) : NULL;
+
+ if (cb) {
+ if (cb->format == PIPE_FORMAT_R16G16B16A16_FLOAT) {
WRITE_CS_TABLE(blend->cb_noclamp, size);
- } else if (fb->cbufs[0]->format == PIPE_FORMAT_R16G16B16X16_FLOAT) {
+ } else if (cb->format == PIPE_FORMAT_R16G16B16X16_FLOAT) {
WRITE_CS_TABLE(blend->cb_noclamp_noalpha, size);
} else {
- unsigned swz = r300_surface(fb->cbufs[0])->colormask_swizzle;
+ unsigned swz = r300_surface(cb)->colormask_swizzle;
WRITE_CS_TABLE(blend->cb_clamp[swz], size);
}
} else {
@@ -88,9 +91,11 @@ void r300_emit_dsa_state(struct r300_context* r300, unsigned size, void* state)
/* Choose the alpha ref value between 8-bit (FG_ALPHA_FUNC.AM_VAL) and
* 16-bit (FG_ALPHA_VALUE). */
if (is_r500 && (alpha_func & R300_FG_ALPHA_FUNC_ENABLE)) {
- if (fb->nr_cbufs &&
- (fb->cbufs[0]->format == PIPE_FORMAT_R16G16B16A16_FLOAT ||
- fb->cbufs[0]->format == PIPE_FORMAT_R16G16B16X16_FLOAT)) {
+ struct pipe_surface *cb = fb->nr_cbufs ? r300_get_nonnull_cb(fb, 0) : NULL;
+
+ if (cb &&
+ (cb->format == PIPE_FORMAT_R16G16B16A16_FLOAT ||
+ cb->format == PIPE_FORMAT_R16G16B16X16_FLOAT)) {
alpha_func |= R500_FG_ALPHA_FUNC_FP16_ENABLE;
} else {
alpha_func |= R500_FG_ALPHA_FUNC_8BIT;
@@ -419,7 +424,7 @@ void r300_emit_fb_state(struct r300_context* r300, unsigned size, void* state)
/* Set up colorbuffers. */
for (i = 0; i < fb->nr_cbufs; i++) {
- surf = r300_surface(fb->cbufs[i]);
+ surf = r300_surface(r300_get_nonnull_cb(fb, i));
OUT_CS_REG(R300_RB3D_COLOROFFSET0 + (4 * i), surf->offset);
OUT_CS_RELOC(surf);
@@ -600,7 +605,7 @@ void r300_emit_fb_state_pipelined(struct r300_context *r300,
* (must be written after unpipelined regs) */
OUT_CS_REG_SEQ(R300_US_OUT_FMT_0, 4);
for (i = 0; i < num_cbufs; i++) {
- OUT_CS(r300_surface(fb->cbufs[i])->format);
+ OUT_CS(r300_surface(r300_get_nonnull_cb(fb, i))->format);
}
for (; i < 1; i++) {
OUT_CS(R300_US_OUT_FMT_C4_8 |
@@ -1310,6 +1315,8 @@ validate:
if (r300->fb_state.dirty) {
/* Color buffers... */
for (i = 0; i < fb->nr_cbufs; i++) {
+ if (!fb->cbufs[i])
+ continue;
tex = r300_resource(fb->cbufs[i]->texture);
assert(tex && tex->buf && "cbuf is marked, but NULL!");
r300->rws->cs_add_reloc(r300->cs, tex->cs_buf,
diff --git a/src/gallium/drivers/r300/r300_state.c b/src/gallium/drivers/r300/r300_state.c
index 5472263..b664c97 100644
--- a/src/gallium/drivers/r300/r300_state.c
+++ b/src/gallium/drivers/r300/r300_state.c
@@ -579,16 +579,17 @@ static void r300_set_blend_color(struct pipe_context* pipe,
struct r300_blend_color_state *state =
(struct r300_blend_color_state*)r300->blend_color_state.state;
struct pipe_blend_color c;
- enum pipe_format format = fb->nr_cbufs ? fb->cbufs[0]->format : 0;
+ struct pipe_surface *cb;
float tmp;
CB_LOCALS;
state->state = *color; /* Save it, so that we can reuse it in set_fb_state */
c = *color;
+ cb = fb->nr_cbufs ? r300_get_nonnull_cb(fb, 0) : NULL;
/* The blend color is dependent on the colorbuffer format. */
- if (fb->nr_cbufs) {
- switch (format) {
+ if (cb) {
+ switch (cb->format) {
case PIPE_FORMAT_R8_UNORM:
case PIPE_FORMAT_L8_UNORM:
case PIPE_FORMAT_I8_UNORM:
@@ -623,7 +624,7 @@ static void r300_set_blend_color(struct pipe_context* pipe,
BEGIN_CB(state->cb, 3);
OUT_CB_REG_SEQ(R500_RB3D_CONSTANT_COLOR_AR, 2);
- switch (format) {
+ switch (cb ? cb->format : 0) {
case PIPE_FORMAT_R16G16B16A16_FLOAT:
case PIPE_FORMAT_R16G16B16X16_FLOAT:
OUT_CB(util_float_to_half(c.color[2]) |
@@ -858,6 +859,9 @@ static void r300_fb_set_tiling_flags(struct r300_context *r300,
/* Set tiling flags for new surfaces. */
for (i = 0; i < state->nr_cbufs; i++) {
+ if (!state->cbufs[i])
+ continue;
+
r300_tex_set_tiling_flags(r300,
r300_resource(state->cbufs[i]->texture),
state->cbufs[i]->u.tex.level);
@@ -950,7 +954,8 @@ static unsigned r300_get_num_samples(struct r300_context *r300)
num_samples = 6;
for (i = 0; i < fb->nr_cbufs; i++)
- num_samples = MIN2(num_samples, fb->cbufs[i]->texture->nr_samples);
+ if (fb->cbufs[i])
+ num_samples = MIN2(num_samples, fb->cbufs[i]->texture->nr_samples);
if (fb->zsbuf)
num_samples = MIN2(num_samples, fb->zsbuf->texture->nr_samples);
@@ -967,7 +972,7 @@ r300_set_framebuffer_state(struct pipe_context* pipe,
{
struct r300_context* r300 = r300_context(pipe);
struct r300_aa_state *aa = (struct r300_aa_state*)r300->aa_state.state;
- struct pipe_framebuffer_state *old_state = r300->fb_state.state;
+ struct pipe_framebuffer_state *current_state = r300->fb_state.state;
unsigned max_width, max_height, i;
uint32_t zbuffer_bpp = 0;
boolean unlock_zbuffer = FALSE;
@@ -986,17 +991,17 @@ r300_set_framebuffer_state(struct pipe_context* pipe,
return;
}
- if (old_state->zsbuf && r300->zmask_in_use && !r300->locked_zbuffer) {
+ if (current_state->zsbuf && r300->zmask_in_use && !r300->locked_zbuffer) {
/* There is a zmask in use, what are we gonna do? */
if (state->zsbuf) {
- if (!pipe_surface_equal(old_state->zsbuf, state->zsbuf)) {
+ if (!pipe_surface_equal(current_state->zsbuf, state->zsbuf)) {
/* Decompress the currently bound zbuffer before we bind another one. */
r300_decompress_zmask(r300);
r300->hiz_in_use = FALSE;
}
} else {
/* We don't bind another zbuffer, so lock the current one. */
- pipe_surface_reference(&r300->locked_zbuffer, old_state->zsbuf);
+ pipe_surface_reference(&r300->locked_zbuffer, current_state->zsbuf);
}
} else if (r300->locked_zbuffer) {
/* We have a locked zbuffer now, what are we gonna do? */
@@ -1014,9 +1019,20 @@ r300_set_framebuffer_state(struct pipe_context* pipe,
}
assert(state->zsbuf || (r300->locked_zbuffer && !unlock_zbuffer) || !r300->zmask_in_use);
+ /* If zsbuf is set from NULL to non-NULL or vice versa.. */
+ if (!!current_state->zsbuf != !!state->zsbuf) {
+ r300_mark_atom_dirty(r300, &r300->dsa_state);
+ }
+
+ util_copy_framebuffer_state(r300->fb_state.state, state);
+
+ /* Remove trailing NULL colorbuffers. */
+ while (current_state->nr_cbufs && !current_state->cbufs[current_state->nr_cbufs-1])
+ current_state->nr_cbufs--;
+
/* Set whether CMASK can be used. */
r300->cmask_in_use =
- state->nr_cbufs == 1 &&
+ state->nr_cbufs == 1 && state->cbufs[0] &&
r300->screen->cmask_resource == state->cbufs[0]->texture;
/* Need to reset clamping or colormask. */
@@ -1025,11 +1041,6 @@ r300_set_framebuffer_state(struct pipe_context* pipe,
/* Re-swizzle the blend color. */
r300_set_blend_color(pipe, &((struct r300_blend_color_state*)r300->blend_color_state.state)->state);
- /* If zsbuf is set from NULL to non-NULL or vice versa.. */
- if (!!old_state->zsbuf != !!state->zsbuf) {
- r300_mark_atom_dirty(r300, &r300->dsa_state);
- }
-
if (r300->screen->info.drm_minor < 12) {
/* The tiling flags are dependent on the surface miplevel, unfortunately.
* This workarounds a bad design decision in old kernels which were
@@ -1037,8 +1048,6 @@ r300_set_framebuffer_state(struct pipe_context* pipe,
r300_fb_set_tiling_flags(r300, state);
}
- util_copy_framebuffer_state(r300->fb_state.state, state);
-
if (unlock_zbuffer) {
pipe_surface_reference(&r300->locked_zbuffer, NULL);
}
@@ -1089,7 +1098,8 @@ r300_set_framebuffer_state(struct pipe_context* pipe,
if (DBG_ON(r300, DBG_FB)) {
fprintf(stderr, "r300: set_framebuffer_state:\n");
for (i = 0; i < state->nr_cbufs; i++) {
- r300_print_fb_surf_info(state->cbufs[i], i, "CB");
+ if (state->cbufs[i])
+ r300_print_fb_surf_info(state->cbufs[i], i, "CB");
}
if (state->zsbuf) {
r300_print_fb_surf_info(state->zsbuf, 0, "ZB");
More information about the mesa-commit
mailing list