From 8fec8e88f1770998b02ce3110c6ea680aefc65e9 Mon Sep 17 00:00:00 2001 From: Olivia Lee Date: Tue, 27 Jan 2026 17:26:00 -0800 Subject: [PATCH] hk: fix hk_passthrough_gs_key size computation The non-dynamic members of xfb_info are already included in sizeof(hk_passthrough_gs_key), so adding nir_xfb_info_size counts them twice. Because of this we were including uninitialized memory in the key in hk_handle_passthrough_gs, which is undefined behavior. Fixes: 5bc82848163 ("hk: add Vulkan driver for Apple GPUs") Signed-off-by: Olivia Lee (cherry picked from commit d6745b358d3cef37e6a2a69dc49ab5ac59393fb1) Part-of: --- .pick_status.json | 2 +- src/asahi/vulkan/hk_cmd_draw.c | 3 +-- src/asahi/vulkan/hk_shader.h | 10 +++++++++- 3 files changed, 11 insertions(+), 4 deletions(-) diff --git a/.pick_status.json b/.pick_status.json index bacd62ac9df..cdd1b1137ee 100644 --- a/.pick_status.json +++ b/.pick_status.json @@ -124,7 +124,7 @@ "description": "hk: fix hk_passthrough_gs_key size computation", "nominated": true, "nomination_type": 2, - "resolution": 0, + "resolution": 1, "main_sha": null, "because_sha": "5bc828481630147575348b66677edaade9e891e6", "notes": null diff --git a/src/asahi/vulkan/hk_cmd_draw.c b/src/asahi/vulkan/hk_cmd_draw.c index d8b69338e94..35aadf27680 100644 --- a/src/asahi/vulkan/hk_cmd_draw.c +++ b/src/asahi/vulkan/hk_cmd_draw.c @@ -3259,8 +3259,7 @@ hk_handle_passthrough_gs(struct hk_cmd_buffer *cmd, struct agx_draw draw) } /* Else, we need to bind a passthrough GS */ - size_t key_size = - sizeof(struct hk_passthrough_gs_key) + nir_xfb_info_size(xfb_outputs); + size_t key_size = hk_passthrough_gs_key_size(xfb_outputs); struct hk_passthrough_gs_key *key = alloca(key_size); *key = (struct hk_passthrough_gs_key){ diff --git a/src/asahi/vulkan/hk_shader.h b/src/asahi/vulkan/hk_shader.h index 836c7fbffaa..5c01e3c998d 100644 --- a/src/asahi/vulkan/hk_shader.h +++ b/src/asahi/vulkan/hk_shader.h @@ -386,8 +386,16 @@ struct hk_passthrough_gs_key { /* Decomposed primitive */ enum mesa_prim prim; - /* Transform feedback info. Must add nir_xfb_info_size to get the key size */ + /* Transform feedback info. Must use hk_passthrough_gs_key_size to get the + * key size */ nir_xfb_info xfb_info; }; +static inline size_t +hk_passthrough_gs_key_size(uint16_t output_count) +{ + return (sizeof(struct hk_passthrough_gs_key) - sizeof(nir_xfb_info)) + + nir_xfb_info_size(output_count); +} + void hk_nir_passthrough_gs(struct nir_builder *b, const void *key_);