[Mesa-dev] [PATCH 2/7] i965: Don't call the blitter on addresses it can't handle.
Eric Anholt
eric at anholt.net
Mon Dec 23 16:08:54 PST 2013
Noticed by tex3d-maxsize on my next commit to check that our addresses
don't overflow.
---
src/mesa/drivers/dri/i965/intel_blit.c | 20 ++++++++++++++++++++
src/mesa/drivers/dri/i965/intel_mipmap_tree.c | 23 ++++++++++++++++++++---
2 files changed, 40 insertions(+), 3 deletions(-)
diff --git a/src/mesa/drivers/dri/i965/intel_blit.c b/src/mesa/drivers/dri/i965/intel_blit.c
index 7bc289f..13cc777 100644
--- a/src/mesa/drivers/dri/i965/intel_blit.c
+++ b/src/mesa/drivers/dri/i965/intel_blit.c
@@ -229,12 +229,32 @@ intel_miptree_blit(struct brw_context *brw,
src_x += src_image_x;
src_y += src_image_y;
+ /* The blitter interprets the 16-bit src x/y as a signed 16-bit value,
+ * where negative values are invalid. The values we're working with are
+ * unsigned, so make sure we don't overflow.
+ */
+ if (src_x >= 32768 || src_y >= 32768) {
+ perf_debug("Falling back due to >=32k src offset (%d, %d)\n",
+ src_x, src_y);
+ return false;
+ }
+
uint32_t dst_image_x, dst_image_y;
intel_miptree_get_image_offset(dst_mt, dst_level, dst_slice,
&dst_image_x, &dst_image_y);
dst_x += dst_image_x;
dst_y += dst_image_y;
+ /* The blitter interprets the 16-bit destination x/y as a signed 16-bit
+ * value. The values we're working with are unsigned, so make sure we
+ * don't overflow.
+ */
+ if (dst_x >= 32768 || dst_y >= 32768) {
+ perf_debug("Falling back due to >=32k dst offset (%d, %d)\n",
+ dst_x, dst_y);
+ return false;
+ }
+
if (!intelEmitCopyBlit(brw,
src_mt->cpp,
src_pitch,
diff --git a/src/mesa/drivers/dri/i965/intel_mipmap_tree.c b/src/mesa/drivers/dri/i965/intel_mipmap_tree.c
index de47143..0818226 100644
--- a/src/mesa/drivers/dri/i965/intel_mipmap_tree.c
+++ b/src/mesa/drivers/dri/i965/intel_mipmap_tree.c
@@ -443,7 +443,8 @@ intel_miptree_choose_tiling(struct brw_context *brw,
if (minimum_pitch < 64)
return I915_TILING_NONE;
- if (ALIGN(minimum_pitch, 512) >= 32768) {
+ if (ALIGN(minimum_pitch, 512) >= 32768 ||
+ mt->total_width >= 32768 || mt->total_height >= 32768) {
perf_debug("%dx%d miptree too large to blit, falling back to untiled",
mt->total_width, mt->total_height);
return I915_TILING_NONE;
@@ -2233,6 +2234,22 @@ intel_miptree_release_map(struct intel_mipmap_tree *mt,
*map = NULL;
}
+static bool
+can_blit_slice(struct intel_mipmap_tree *mt,
+ unsigned int level, unsigned int slice)
+{
+ uint32_t image_x;
+ uint32_t image_y;
+ intel_miptree_get_image_offset(mt, level, slice, &image_x, &image_y);
+ if (image_x >= 32768 || image_y >= 32768)
+ return false;
+
+ if (mt->region->pitch >= 32768)
+ return false;
+
+ return true;
+}
+
static void
intel_miptree_map_singlesample(struct brw_context *brw,
struct intel_mipmap_tree *mt,
@@ -2276,11 +2293,11 @@ intel_miptree_map_singlesample(struct brw_context *brw,
!mt->compressed &&
(mt->region->tiling == I915_TILING_X ||
(brw->gen >= 6 && mt->region->tiling == I915_TILING_Y)) &&
- mt->region->pitch < 32768) {
+ can_blit_slice(mt, level, slice)) {
intel_miptree_map_blit(brw, mt, map, level, slice);
} else if (mt->region->tiling != I915_TILING_NONE &&
mt->region->bo->size >= brw->max_gtt_map_object_size) {
- assert(mt->region->pitch < 32768);
+ assert(can_blit_slice(mt, level, slice));
intel_miptree_map_blit(brw, mt, map, level, slice);
#ifdef __SSE4_1__
} else if (!(mode & GL_MAP_WRITE_BIT) && !mt->compressed) {
--
1.8.5.1
More information about the mesa-dev
mailing list