hk: fix hk_passthrough_gs_key size computation

The non-dynamic members of xfb_info are already included in
sizeof(hk_passthrough_gs_key), so adding nir_xfb_info_size counts them
twice. Because of this we were including uninitialized memory in the key
in hk_handle_passthrough_gs, which is undefined behavior.

Fixes: 5bc8284816 ("hk: add Vulkan driver for Apple GPUs")
Signed-off-by: Olivia Lee <olivia.lee@collabora.com>
(cherry picked from commit d6745b358d)

Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/39745>

.pick_status.json

@@ -124,7 +124,7 @@
         "description": "hk: fix hk_passthrough_gs_key size computation",
         "nominated": true,
         "nomination_type": 2,
-        "resolution": 0,
+        "resolution": 1,
         "main_sha": null,
         "because_sha": "5bc828481630147575348b66677edaade9e891e6",
         "notes": null

src/asahi/vulkan/hk_cmd_draw.c

@@ -3259,8 +3259,7 @@ hk_handle_passthrough_gs(struct hk_cmd_buffer *cmd, struct agx_draw draw)
    }
 
    /* Else, we need to bind a passthrough GS */
-   size_t key_size =
-      sizeof(struct hk_passthrough_gs_key) + nir_xfb_info_size(xfb_outputs);
+   size_t key_size = hk_passthrough_gs_key_size(xfb_outputs);
    struct hk_passthrough_gs_key *key = alloca(key_size);
 
    *key = (struct hk_passthrough_gs_key){

src/asahi/vulkan/hk_shader.h

@@ -386,8 +386,16 @@ struct hk_passthrough_gs_key {
    /* Decomposed primitive */
    enum mesa_prim prim;
 
-   /* Transform feedback info. Must add nir_xfb_info_size to get the key size */
+   /* Transform feedback info. Must use hk_passthrough_gs_key_size to get the
+    * key size */
    nir_xfb_info xfb_info;
 };
 
+static inline size_t
+hk_passthrough_gs_key_size(uint16_t output_count)
+{
+   return (sizeof(struct hk_passthrough_gs_key) - sizeof(nir_xfb_info)) +
+      nir_xfb_info_size(output_count);
+}
+
 void hk_nir_passthrough_gs(struct nir_builder *b, const void *key_);