Mesa (main): radv: re-apply "Do not access set layout during vkCmdBindDescriptorSets."
GitLab Mirror
gitlab-mirror at kemper.freedesktop.org
Tue Dec 28 15:34:44 UTC 2021
Module: Mesa
Branch: main
Commit: b775aaff1ec86f4ebd50867a045695da1fbeb2e1
URL: http://cgit.freedesktop.org/mesa/mesa/commit/?id=b775aaff1ec86f4ebd50867a045695da1fbeb2e1
Author: Samuel Pitoiset <samuel.pitoiset at gmail.com>
Date: Tue Dec 28 15:14:02 2021 +0100
radv: re-apply "Do not access set layout during vkCmdBindDescriptorSets."
Uplay needs this to avoid a crash because it does an use-after-free
of a descriptor set layout. This was initially introduced by Bas to
workaround a similar issue with Baldur's Gate 3, it seems needed again.
Cc: 21.3 mesa-stable
Closes: https://gitlab.freedesktop.org/mesa/mesa/-/issues/5789
Signed-off-by: Samuel Pitoiset <samuel.pitoiset at gmail.com>
Reviewed-by: Bas Nieuwenhuizen <bas at basnieuwenhuizen.nl>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/14318>
---
src/amd/vulkan/radv_cmd_buffer.c | 5 ++---
src/amd/vulkan/radv_descriptor_set.c | 9 +++++++--
src/amd/vulkan/radv_descriptor_set.h | 4 +++-
3 files changed, 12 insertions(+), 6 deletions(-)
diff --git a/src/amd/vulkan/radv_cmd_buffer.c b/src/amd/vulkan/radv_cmd_buffer.c
index ec81e4a56c1..c20e75eb5be 100644
--- a/src/amd/vulkan/radv_cmd_buffer.c
+++ b/src/amd/vulkan/radv_cmd_buffer.c
@@ -4689,7 +4689,6 @@ radv_bind_descriptor_set(struct radv_cmd_buffer *cmd_buffer, VkPipelineBindPoint
radv_set_descriptor_set(cmd_buffer, bind_point, set, idx);
assert(set);
- assert(!(set->header.layout->flags & VK_DESCRIPTOR_SET_LAYOUT_CREATE_PUSH_DESCRIPTOR_BIT_KHR));
if (!cmd_buffer->device->use_global_bo_list) {
for (unsigned j = 0; j < set->header.buffer_count; ++j)
@@ -4727,7 +4726,7 @@ radv_CmdBindDescriptorSets(VkCommandBuffer commandBuffer, VkPipelineBindPoint pi
radv_bind_descriptor_set(cmd_buffer, pipelineBindPoint, set, set_idx);
}
- for (unsigned j = 0; j < set->header.layout->dynamic_offset_count; ++j, ++dyn_idx) {
+ for (unsigned j = 0; j < layout->set[set_idx].dynamic_offset_count; ++j, ++dyn_idx) {
unsigned idx = j + layout->set[i + firstSet].dynamic_offset_start;
uint32_t *dst = descriptors_state->dynamic_buffers + idx * 4;
assert(dyn_idx < dynamicOffsetCount);
@@ -4753,7 +4752,7 @@ radv_CmdBindDescriptorSets(VkCommandBuffer commandBuffer, VkPipelineBindPoint pi
}
}
- cmd_buffer->push_constant_stages |= set->header.layout->dynamic_shader_stages;
+ cmd_buffer->push_constant_stages |= layout->set[set_idx].dynamic_offset_stages;
}
}
}
diff --git a/src/amd/vulkan/radv_descriptor_set.c b/src/amd/vulkan/radv_descriptor_set.c
index fa23793c8e2..1c8ee0d7a0d 100644
--- a/src/amd/vulkan/radv_descriptor_set.c
+++ b/src/amd/vulkan/radv_descriptor_set.c
@@ -496,11 +496,16 @@ radv_CreatePipelineLayout(VkDevice _device, const VkPipelineLayoutCreateInfo *pC
layout->set[set].layout = set_layout;
layout->set[set].dynamic_offset_start = dynamic_offset_count;
+ layout->set[set].dynamic_offset_count = 0;
+ layout->set[set].dynamic_offset_stages = 0;
for (uint32_t b = 0; b < set_layout->binding_count; b++) {
- dynamic_offset_count += set_layout->binding[b].array_size * set_layout->binding[b].dynamic_offset_count;
- dynamic_shader_stages |= set_layout->dynamic_shader_stages;
+ layout->set[set].dynamic_offset_count +=
+ set_layout->binding[b].array_size * set_layout->binding[b].dynamic_offset_count;
+ layout->set[set].dynamic_offset_stages |= set_layout->dynamic_shader_stages;
}
+ dynamic_offset_count += layout->set[set].dynamic_offset_count;
+ dynamic_shader_stages |= layout->set[set].dynamic_offset_stages;
/* Hash the entire set layout except for the vk_object_base. The
* rest of the set layout is carefully constructed to not have
diff --git a/src/amd/vulkan/radv_descriptor_set.h b/src/amd/vulkan/radv_descriptor_set.h
index 298c4c62fcb..1038bc52b16 100644
--- a/src/amd/vulkan/radv_descriptor_set.h
+++ b/src/amd/vulkan/radv_descriptor_set.h
@@ -89,7 +89,9 @@ struct radv_pipeline_layout {
struct {
struct radv_descriptor_set_layout *layout;
uint32_t size;
- uint32_t dynamic_offset_start;
+ uint16_t dynamic_offset_start;
+ uint16_t dynamic_offset_count;
+ VkShaderStageFlags dynamic_offset_stages;
} set[MAX_SETS];
uint32_t num_sets;
More information about the mesa-commit
mailing list