fdo-mirrors/mesa
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/mesa/mesa.git synced 2026-01-10 03:50:13 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

radv: re-apply "Do not access set layout during vkCmdBindDescriptorSets."

Browse source 
Uplay needs this to avoid a crash because it does an use-after-free
of a descriptor set layout. This was initially introduced by Bas to
workaround a similar issue with Baldur's Gate 3, it seems needed again.

Cc: 21.3 mesa-stable
Closes: https://gitlab.freedesktop.org/mesa/mesa/-/issues/5789
Signed-off-by: Samuel Pitoiset <samuel.pitoiset@gmail.com>
Reviewed-by: Bas Nieuwenhuizen <bas@basnieuwenhuizen.nl>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/14318>
This commit is contained in:
Samuel Pitoiset 2021-12-28 15:14:02 +01:00
parent 01f1bd4dfd
commit b775aaff1e
3 changed files with 12 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
src/amd/vulkan/radv_cmd_buffer.c
View file

@ -4689,7 +4689,6 @@ radv_bind_descriptor_set(struct radv_cmd_buffer *cmd_buffer, VkPipelineBindPoint
radv_set_descriptor_set(cmd_buffer, bind_point, set, idx);
assert(set);
assert(!(set->header.layout->flags & VK_DESCRIPTOR_SET_LAYOUT_CREATE_PUSH_DESCRIPTOR_BIT_KHR));
if (!cmd_buffer->device->use_global_bo_list) {
for (unsigned j = 0; j < set->header.buffer_count; ++j)
@ -4727,7 +4726,7 @@ radv_CmdBindDescriptorSets(VkCommandBuffer commandBuffer, VkPipelineBindPoint pi
radv_bind_descriptor_set(cmd_buffer, pipelineBindPoint, set, set_idx);
}
for (unsigned j = 0; j < set->header.layout->dynamic_offset_count; ++j, ++dyn_idx) {
for (unsigned j = 0; j < layout->set[set_idx].dynamic_offset_count; ++j, ++dyn_idx) {
unsigned idx = j + layout->set[i + firstSet].dynamic_offset_start;
uint32_t *dst = descriptors_state->dynamic_buffers + idx * 4;
assert(dyn_idx < dynamicOffsetCount);
@ -4753,7 +4752,7 @@ radv_CmdBindDescriptorSets(VkCommandBuffer commandBuffer, VkPipelineBindPoint pi
}
}
cmd_buffer->push_constant_stages |= set->header.layout->dynamic_shader_stages;
cmd_buffer->push_constant_stages |= layout->set[set_idx].dynamic_offset_stages;
}
}
}

9
src/amd/vulkan/radv_descriptor_set.c
View file

@ -496,11 +496,16 @@ radv_CreatePipelineLayout(VkDevice _device, const VkPipelineLayoutCreateInfo *pC
layout->set[set].layout = set_layout;
layout->set[set].dynamic_offset_start = dynamic_offset_count;
layout->set[set].dynamic_offset_count = 0;
layout->set[set].dynamic_offset_stages = 0;
for (uint32_t b = 0; b < set_layout->binding_count; b++) {
dynamic_offset_count += set_layout->binding[b].array_size * set_layout->binding[b].dynamic_offset_count;
dynamic_shader_stages |= set_layout->dynamic_shader_stages;
layout->set[set].dynamic_offset_count +=
set_layout->binding[b].array_size * set_layout->binding[b].dynamic_offset_count;
layout->set[set].dynamic_offset_stages |= set_layout->dynamic_shader_stages;
}
dynamic_offset_count += layout->set[set].dynamic_offset_count;
dynamic_shader_stages |= layout->set[set].dynamic_offset_stages;
/* Hash the entire set layout except for the vk_object_base. The
* rest of the set layout is carefully constructed to not have

4
src/amd/vulkan/radv_descriptor_set.h
View file

@ -89,7 +89,9 @@ struct radv_pipeline_layout {
struct {
struct radv_descriptor_set_layout *layout;
uint32_t size;
uint32_t dynamic_offset_start;
uint16_t dynamic_offset_start;
uint16_t dynamic_offset_count;
VkShaderStageFlags dynamic_offset_stages;
} set[MAX_SETS];
uint32_t num_sets;