Mesa (main): broadcom/compiler: change current block on setting spill base

GitLab Mirror gitlab-mirror at kemper.freedesktop.org
Mon Aug 9 13:30:25 UTC 2021 

Module: Mesa
Branch: main
Commit: d0e83b61743a0f6349ca523b0dab3f8825fdb111
URL:    http://cgit.freedesktop.org/mesa/mesa/commit/?id=d0e83b61743a0f6349ca523b0dab3f8825fdb111

Author: Juan A. Suarez Romero <jasuarez at igalia.com>
Date:   Mon Aug  9 11:40:55 2021 +0200

broadcom/compiler: change current block on setting spill base

The spill base setting instructions (which includes some uniforms) are
added in the entry block, not in the current block. When ldunif
optimization is applied, the cursor is pointing to instructions in the
entry block, but the current block is a different one. This leads to a
heap-buffer-overflow when going through the list of instructions
(detected by the address sanitizer).

Thus change the current block to entry block, and restore it after the
setup is done.

This fixes
dEQP-VK.ssbo.readonly.layout.single_struct.single_buffer.std430_instance_array_comp_access_store_cols
with address sanitizer enabled.

v2:
 - Set current block instead of disabling ldunif optimization (Iago)

Reviewed-by: Iago Toral Quiroga <itoral at igalia.com>
Signed-off-by: Juan A. Suarez Romero <jasuarez at igalia.com>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/12221>

---

 src/broadcom/compiler/vir_register_allocate.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/broadcom/compiler/vir_register_allocate.c b/src/broadcom/compiler/vir_register_allocate.c
index c55d8dc937d..786b01335eb 100644
--- a/src/broadcom/compiler/vir_register_allocate.c
+++ b/src/broadcom/compiler/vir_register_allocate.c
@@ -177,7 +177,12 @@ v3d_choose_spill_node(struct v3d_compile *c, struct ra_graph *g,
 void
 v3d_setup_spill_base(struct v3d_compile *c)
 {
-        c->cursor = vir_before_block(vir_entry_block(c));
+        /* Setting up the spill base is done in the entry block; so change
+         * both the current block to emit and the cursor.
+         */
+        struct qblock *current_block = c->cur_block;
+        c->cur_block = vir_entry_block(c);
+        c->cursor = vir_before_block(c->cur_block);
 
         int start_num_temps = c->num_temps;
 
@@ -204,6 +209,8 @@ v3d_setup_spill_base(struct v3d_compile *c)
         for (int i = start_num_temps; i < c->num_temps; i++)
                 BITSET_CLEAR(c->spillable, i);
 
+        /* Restore the current block. */
+        c->cur_block = current_block;
         c->cursor = vir_after_block(c->cur_block);
 }

More information about the mesa-commit mailing list