[Mesa-dev] [PATCH 2/2] i965/tiled_memcpy: Protect against wrong alignments

Chad Versace chad.versace at intel.com
Wed Apr 6 17:59:56 UTC 2016 

On 04/05/2016 04:50 PM, Jason Ekstrand wrote:
> On Tue, Apr 5, 2016 at 4:26 PM, Chad Versace <chad.versace at intel.com <mailto:chad.versace at intel.com>> wrote:
> 
>     On 04/04/2016 06:04 PM, Jason Ekstrand wrote:
>     > It's possible, when doing an x-tiled copy, to end up with a case where the
>     > bytes parameter is equal to 16 but the pointer is not actually aligned.
>     > This causes asserts in debug mode and segfaults in release builds due to
>     > doing an aligned operation on an unaligned pointer.
>     >
>     > Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=93962
>     > ---
>     >  src/mesa/drivers/dri/i965/intel_tiled_memcpy.c | 48 +++++++++++++-------------
>     >  1 file changed, 24 insertions(+), 24 deletions(-)
>     >
>     > diff --git a/src/mesa/drivers/dri/i965/intel_tiled_memcpy.c b/src/mesa/drivers/dri/i965/intel_tiled_memcpy.c
>     > index 19079d0..823d8b0 100644
>     > --- a/src/mesa/drivers/dri/i965/intel_tiled_memcpy.c
>     > +++ b/src/mesa/drivers/dri/i965/intel_tiled_memcpy.c
>     > @@ -85,19 +85,19 @@ rgba8_copy_aligned_dst(void *dst, const void *src, size_t bytes)
>     >     uint8_t const *s = src;
>     >
>     >  #ifdef __SSSE3__
>     > -   if (bytes == 16) {
>     > -      assert(!(((uintptr_t)dst) & 0xf));
>     > -      rgba8_copy_16_aligned_dst(d+ 0, s+ 0);
>     > -      return dst;
>     > -   }
>     > +   if ((((uintptr_t)dst) & 0xf) == 0) {
>     > +      if (bytes == 16) {
>     > +         rgba8_copy_16_aligned_dst(d+ 0, s+ 0);
>     > +         return dst;
>     > +      }
> 
>     [snip]
> 
>     I see the bug... Sometimes (dst, src) points into (tiled, linear user ptr) memory, and
>     other times into (linear user ptr, tiled) memory. So we can never assume that either
>     address is aligned, as it may be a user ptr.
> 
> 
> No, that is not correct.  We use the aligned_dst version for when dst is tiled and aligned_src for when src is tiled.  The problem is that, when copying a 4 pixel wide region from a X-tiled buffer, it can end up getting called with bytes == 16 and an unaligned pointer.
>  
> 
>     I didn't test it, but it looks correct to me.
> 
>     Reviewed-by: Chad Versace <chad.versace at intel.com <mailto:chad.versace at intel.com>>
> 
>     (I'm really back from parental leave! I just built Mesa for the first time
>      in 9 weeks! Of course, I had to install a newer libdrm before it compiled).

I'm now confused, so I withdraw my r-b for this patch.

If the dst parameter to rgba8_copy_aligned_dst is sometimes unaligned, then why does the function
name contain "aligned"? Because 'dst' is aligned, or because it uses an aligned SSE intrinsic.
Also, that makes this comment wrong:

    /**                                                                 
     * Copy RGBA to BGRA - swap R and B, with the destination 16-byte al
     */                                                                 
    static inline void *                                                
    rgba8_copy_aligned_dst(void *dst, const void *src, size_t bytes)

More information about the mesa-dev mailing list