vc4: Fix termination of the initial scan for branch targets.

The loop is scanning until the original max_ip (size of the BO), but we
want to not examine any code after the PROG_END's delay slots.  There was
a block trying to do that, except that we had some early continue
statements if the signal wasn't a PROG_END or a BRANCH.

The failure mode would be that a valid shader is rejected because some
undefined memory after the PROG_END slots is parsed as a branch and the
rest of its setup is illegal.  I haven't seen this in the wild, but
valgrind was complaining and the new userland simulator code started
triggering it.

diff --git a/src/gallium/drivers/vc4/kernel/vc4_validate_shaders.c b/src/gallium/drivers/vc4/kernel/vc4_validate_shaders.c
index 82717ca554a7f988d3962ac3312e26b360bdf53d..0ff3d01f3f2459ac235c15f26f6aa75fc25cb69e 100644 (file)
--- a/src/gallium/drivers/vc4/kernel/vc4_validate_shaders.c
+++ b/src/gallium/drivers/vc4/kernel/vc4_validate_shaders.c
@@ -603,9 +603,7 @@ static bool
 vc4_validate_branches(struct vc4_shader_validation_state *validation_state)
 {
        uint32_t max_branch_target = 0;
-       bool found_shader_end = false;
        int ip;
-       int shader_end_ip = 0;
        int last_branch = -2;
 
        for (ip = 0; ip < validation_state->max_ip; ip++) {
@@ -616,8 +614,13 @@ vc4_validate_branches(struct vc4_shader_validation_state *validation_state)
                uint32_t branch_target_ip;
 
                if (sig == QPU_SIG_PROG_END) {
-                       shader_end_ip = ip;
-                       found_shader_end = true;
+                       /* There are two delay slots after program end is
+                        * signaled that are still executed, then we're
+                        * finished.  validation_state->max_ip is the
+                        * instruction after the last valid instruction in the
+                        * program.
+                        */
+                       validation_state->max_ip = ip + 3;
                        continue;
                }
 
@@ -671,15 +674,9 @@ vc4_validate_branches(struct vc4_shader_validation_state *validation_state)
                }
                set_bit(after_delay_ip, validation_state->branch_targets);
                max_branch_target = max(max_branch_target, after_delay_ip);
-
-               /* There are two delay slots after program end is signaled
-                * that are still executed, then we're finished.
-                */
-               if (found_shader_end && ip == shader_end_ip + 2)
-                       break;
        }
 
-       if (max_branch_target > shader_end_ip) {
+       if (max_branch_target > validation_state->max_ip - 3) {
                DRM_ERROR("Branch landed after QPU_SIG_PROG_END");
                return false;
        }