if (instance->apiVersion == 0)
instance->apiVersion = VK_API_VERSION_1_0;
- /* Get secure compile thread count. NOTE: We cap this at 32 */
-#define MAX_SC_PROCS 32
- char *num_sc_threads = getenv("RADV_SECURE_COMPILE_THREADS");
- if (num_sc_threads)
- instance->num_sc_threads = MIN2(strtoul(num_sc_threads, NULL, 10), MAX_SC_PROCS);
-
instance->debug_flags = parse_debug_string(getenv("RADV_DEBUG"),
radv_debug_options);
- /* Disable memory cache when secure compile is set */
- if (radv_device_use_secure_compile(instance))
- instance->debug_flags |= RADV_DEBUG_NO_MEMORY_CACHE;
-
instance->perftest_flags = parse_debug_string(getenv("RADV_PERFTEST"),
radv_perftest_options);
return result;
}
-static int install_seccomp_filter() {
-
- struct sock_filter filter[] = {
- /* Check arch is 64bit x86 */
- BPF_STMT(BPF_LD + BPF_W + BPF_ABS, (offsetof(struct seccomp_data, arch))),
- BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, AUDIT_ARCH_X86_64, 0, 12),
-
- /* Futex is required for mutex locks */
- #if defined __NR__newselect
- BPF_STMT(BPF_LD + BPF_W + BPF_ABS, (offsetof(struct seccomp_data, nr))),
- BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, __NR__newselect, 11, 0),
- #elif defined __NR_select
- BPF_STMT(BPF_LD + BPF_W + BPF_ABS, (offsetof(struct seccomp_data, nr))),
- BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, __NR_select, 11, 0),
- #else
- BPF_STMT(BPF_LD + BPF_W + BPF_ABS, (offsetof(struct seccomp_data, nr))),
- BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, __NR_pselect6, 11, 0),
- #endif
-
- /* Allow system exit calls for the forked process */
- BPF_STMT(BPF_LD + BPF_W + BPF_ABS, (offsetof(struct seccomp_data, nr))),
- BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, __NR_exit_group, 9, 0),
-
- /* Allow system read calls */
- BPF_STMT(BPF_LD + BPF_W + BPF_ABS, (offsetof(struct seccomp_data, nr))),
- BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, __NR_read, 7, 0),
-
- /* Allow system write calls */
- BPF_STMT(BPF_LD + BPF_W + BPF_ABS, (offsetof(struct seccomp_data, nr))),
- BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, __NR_write, 5, 0),
-
- /* Allow system brk calls (we need this for malloc) */
- BPF_STMT(BPF_LD + BPF_W + BPF_ABS, (offsetof(struct seccomp_data, nr))),
- BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, __NR_brk, 3, 0),
-
- /* Futex is required for mutex locks */
- BPF_STMT(BPF_LD + BPF_W + BPF_ABS, (offsetof(struct seccomp_data, nr))),
- BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, __NR_futex, 1, 0),
-
- /* Return error if we hit a system call not on the whitelist */
- BPF_STMT(BPF_RET + BPF_K, SECCOMP_RET_ERRNO | (EPERM & SECCOMP_RET_DATA)),
-
- /* Allow whitelisted system calls */
- BPF_STMT(BPF_RET + BPF_K, SECCOMP_RET_ALLOW),
- };
-
- struct sock_fprog prog = {
- .len = (unsigned short)(sizeof(filter) / sizeof(filter[0])),
- .filter = filter,
- };
-
- if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0))
- return -1;
-
- if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog))
- return -1;
-
- return 0;
-}
-
-/* Helper function with timeout support for reading from the pipe between
- * processes used for secure compile.
- */
-bool radv_sc_read(int fd, void *buf, size_t size, bool timeout)
-{
- fd_set fds;
- struct timeval tv;
-
- FD_ZERO(&fds);
- FD_SET(fd, &fds);
-
- while (true) {
- /* We can't rely on the value of tv after calling select() so
- * we must reset it on each iteration of the loop.
- */
- tv.tv_sec = 5;
- tv.tv_usec = 0;
-
- int rval = select(fd + 1, &fds, NULL, NULL, timeout ? &tv : NULL);
-
- if (rval == -1) {
- /* select error */
- return false;
- } else if (rval) {
- ssize_t bytes_read = read(fd, buf, size);
- if (bytes_read < 0)
- return false;
-
- buf += bytes_read;
- size -= bytes_read;
- if (size == 0)
- return true;
- } else {
- /* select timeout */
- return false;
- }
- }
-}
-
-static bool radv_close_all_fds(const int *keep_fds, int keep_fd_count)
-{
- DIR *d;
- struct dirent *dir;
- d = opendir("/proc/self/fd");
- if (!d)
- return false;
- int dir_fd = dirfd(d);
-
- while ((dir = readdir(d)) != NULL) {
- if (dir->d_name[0] == '.')
- continue;
-
- int fd = atoi(dir->d_name);
- if (fd == dir_fd)
- continue;
-
- bool keep = false;
- for (int i = 0; !keep && i < keep_fd_count; ++i)
- if (keep_fds[i] == fd)
- keep = true;
-
- if (keep)
- continue;
-
- close(fd);
- }
- closedir(d);
- return true;
-}
-
-static bool secure_compile_open_fifo_fds(struct radv_secure_compile_state *sc,
- int *fd_server, int *fd_client,
- unsigned process, bool make_fifo)
-{
- bool result = false;
- char *fifo_server_path = NULL;
- char *fifo_client_path = NULL;
-
- if (asprintf(&fifo_server_path, "/tmp/radv_server_%s_%u", sc->uid, process) == -1)
- goto open_fifo_exit;
-
- if (asprintf(&fifo_client_path, "/tmp/radv_client_%s_%u", sc->uid, process) == -1)
- goto open_fifo_exit;
-
- if (make_fifo) {
- int file1 = mkfifo(fifo_server_path, 0666);
- if(file1 < 0)
- goto open_fifo_exit;
-
- int file2 = mkfifo(fifo_client_path, 0666);
- if(file2 < 0)
- goto open_fifo_exit;
- }
-
- *fd_server = open(fifo_server_path, O_RDWR);
- if(*fd_server < 1)
- goto open_fifo_exit;
-
- *fd_client = open(fifo_client_path, O_RDWR);
- if(*fd_client < 1) {
- close(*fd_server);
- goto open_fifo_exit;
- }
-
- result = true;
-
-open_fifo_exit:
- free(fifo_server_path);
- free(fifo_client_path);
-
- return result;
-}
-
-static void run_secure_compile_device(struct radv_device *device, unsigned process,
- int fd_idle_device_output)
-{
- int fd_secure_input;
- int fd_secure_output;
- bool fifo_result = secure_compile_open_fifo_fds(device->sc_state,
- &fd_secure_input,
- &fd_secure_output,
- process, false);
-
- enum radv_secure_compile_type sc_type;
-
- const int needed_fds[] = {
- fd_secure_input,
- fd_secure_output,
- fd_idle_device_output,
- };
-
- if (!fifo_result || !radv_close_all_fds(needed_fds, ARRAY_SIZE(needed_fds)) ||
- install_seccomp_filter() == -1) {
- sc_type = RADV_SC_TYPE_INIT_FAILURE;
- } else {
- sc_type = RADV_SC_TYPE_INIT_SUCCESS;
- device->sc_state->secure_compile_processes[process].fd_secure_input = fd_secure_input;
- device->sc_state->secure_compile_processes[process].fd_secure_output = fd_secure_output;
- }
-
- write(fd_idle_device_output, &sc_type, sizeof(sc_type));
-
- if (sc_type == RADV_SC_TYPE_INIT_FAILURE)
- goto secure_compile_exit;
-
- while (true) {
- radv_sc_read(fd_secure_input, &sc_type, sizeof(sc_type), false);
-
- if (sc_type == RADV_SC_TYPE_COMPILE_PIPELINE) {
- struct radv_pipeline *pipeline;
- bool sc_read = true;
-
- pipeline = vk_zalloc2(&device->vk.alloc, NULL, sizeof(*pipeline), 8,
- VK_SYSTEM_ALLOCATION_SCOPE_OBJECT);
-
- pipeline->device = device;
-
- /* Read pipeline layout */
- struct radv_pipeline_layout layout;
- sc_read = radv_sc_read(fd_secure_input, &layout, sizeof(struct radv_pipeline_layout), true);
- sc_read &= radv_sc_read(fd_secure_input, &layout.num_sets, sizeof(uint32_t), true);
- if (!sc_read)
- goto secure_compile_exit;
-
- for (uint32_t set = 0; set < layout.num_sets; set++) {
- uint32_t layout_size;
- sc_read &= radv_sc_read(fd_secure_input, &layout_size, sizeof(uint32_t), true);
- if (!sc_read)
- goto secure_compile_exit;
-
- layout.set[set].layout = malloc(layout_size);
- layout.set[set].layout->layout_size = layout_size;
- sc_read &= radv_sc_read(fd_secure_input, layout.set[set].layout,
- layout.set[set].layout->layout_size, true);
- }
-
- pipeline->layout = &layout;
-
- /* Read pipeline key */
- struct radv_pipeline_key key;
- sc_read &= radv_sc_read(fd_secure_input, &key, sizeof(struct radv_pipeline_key), true);
-
- /* Read pipeline create flags */
- VkPipelineCreateFlags flags;
- sc_read &= radv_sc_read(fd_secure_input, &flags, sizeof(VkPipelineCreateFlags), true);
-
- /* Read stage and shader information */
- uint32_t num_stages;
- const VkPipelineShaderStageCreateInfo *pStages[MESA_SHADER_STAGES] = { 0, };
- sc_read &= radv_sc_read(fd_secure_input, &num_stages, sizeof(uint32_t), true);
- if (!sc_read)
- goto secure_compile_exit;
-
- for (uint32_t i = 0; i < num_stages; i++) {
-
- /* Read stage */
- gl_shader_stage stage;
- sc_read &= radv_sc_read(fd_secure_input, &stage, sizeof(gl_shader_stage), true);
-
- VkPipelineShaderStageCreateInfo *pStage = calloc(1, sizeof(VkPipelineShaderStageCreateInfo));
-
- /* Read entry point name */
- size_t name_size;
- sc_read &= radv_sc_read(fd_secure_input, &name_size, sizeof(size_t), true);
- if (!sc_read)
- goto secure_compile_exit;
-
- char *ep_name = malloc(name_size);
- sc_read &= radv_sc_read(fd_secure_input, ep_name, name_size, true);
- pStage->pName = ep_name;
-
- /* Read shader module */
- size_t module_size;
- sc_read &= radv_sc_read(fd_secure_input, &module_size, sizeof(size_t), true);
- if (!sc_read)
- goto secure_compile_exit;
-
- struct radv_shader_module *module = malloc(module_size);
- sc_read &= radv_sc_read(fd_secure_input, module, module_size, true);
- pStage->module = radv_shader_module_to_handle(module);
-
- /* Read specialization info */
- bool has_spec_info;
- sc_read &= radv_sc_read(fd_secure_input, &has_spec_info, sizeof(bool), true);
- if (!sc_read)
- goto secure_compile_exit;
-
- if (has_spec_info) {
- VkSpecializationInfo *specInfo = malloc(sizeof(VkSpecializationInfo));
- pStage->pSpecializationInfo = specInfo;
-
- sc_read &= radv_sc_read(fd_secure_input, &specInfo->dataSize, sizeof(size_t), true);
- if (!sc_read)
- goto secure_compile_exit;
-
- void *si_data = malloc(specInfo->dataSize);
- sc_read &= radv_sc_read(fd_secure_input, si_data, specInfo->dataSize, true);
- specInfo->pData = si_data;
-
- sc_read &= radv_sc_read(fd_secure_input, &specInfo->mapEntryCount, sizeof(uint32_t), true);
- if (!sc_read)
- goto secure_compile_exit;
-
- VkSpecializationMapEntry *mapEntries = malloc(sizeof(VkSpecializationMapEntry) * specInfo->mapEntryCount);
- for (uint32_t j = 0; j < specInfo->mapEntryCount; j++) {
- sc_read &= radv_sc_read(fd_secure_input, &mapEntries[j], sizeof(VkSpecializationMapEntry), true);
- if (!sc_read)
- goto secure_compile_exit;
- }
-
- specInfo->pMapEntries = mapEntries;
- }
-
- pStages[stage] = pStage;
- }
-
- /* Compile the shaders */
- VkPipelineCreationFeedbackEXT *stage_feedbacks[MESA_SHADER_STAGES] = { 0 };
-
- /* Not fully to spec but if we're doing sandboxed compilations already this doesn't matter. */
- flags &= ~VK_PIPELINE_CREATE_FAIL_ON_PIPELINE_COMPILE_REQUIRED_BIT_EXT;
-
- radv_create_shaders(pipeline, device, NULL, &key, pStages, flags, NULL, stage_feedbacks);
-
- /* free memory allocated above */
- for (uint32_t set = 0; set < layout.num_sets; set++)
- free(layout.set[set].layout);
-
- for (uint32_t i = 0; i < MESA_SHADER_STAGES; i++) {
- if (!pStages[i])
- continue;
-
- free((void *) pStages[i]->pName);
- free(radv_shader_module_from_handle(pStages[i]->module));
- if (pStages[i]->pSpecializationInfo) {
- free((void *) pStages[i]->pSpecializationInfo->pData);
- free((void *) pStages[i]->pSpecializationInfo->pMapEntries);
- free((void *) pStages[i]->pSpecializationInfo);
- }
- free((void *) pStages[i]);
- }
-
- vk_free(&device->vk.alloc, pipeline);
-
- sc_type = RADV_SC_TYPE_COMPILE_PIPELINE_FINISHED;
- write(fd_secure_output, &sc_type, sizeof(sc_type));
-
- } else if (sc_type == RADV_SC_TYPE_DESTROY_DEVICE) {
- goto secure_compile_exit;
- }
- }
-
-secure_compile_exit:
- close(fd_secure_input);
- close(fd_secure_output);
- close(fd_idle_device_output);
- _exit(0);
-}
-
-static enum radv_secure_compile_type fork_secure_compile_device(struct radv_device *device, unsigned process)
-{
- int fd_secure_input[2];
- int fd_secure_output[2];
-
- /* create pipe descriptors (used to communicate between processes) */
- if (pipe(fd_secure_input) == -1 || pipe(fd_secure_output) == -1)
- return RADV_SC_TYPE_INIT_FAILURE;
-
-
- int sc_pid;
- if ((sc_pid = fork()) == 0) {
- device->sc_state->secure_compile_thread_counter = process;
- run_secure_compile_device(device, process, fd_secure_output[1]);
- } else {
- if (sc_pid == -1)
- return RADV_SC_TYPE_INIT_FAILURE;
-
- /* Read the init result returned from the secure process */
- enum radv_secure_compile_type sc_type;
- bool sc_read = radv_sc_read(fd_secure_output[0], &sc_type, sizeof(sc_type), true);
-
- if (sc_type == RADV_SC_TYPE_INIT_FAILURE || !sc_read) {
- close(fd_secure_input[0]);
- close(fd_secure_input[1]);
- close(fd_secure_output[1]);
- close(fd_secure_output[0]);
- int status;
- waitpid(sc_pid, &status, 0);
-
- return RADV_SC_TYPE_INIT_FAILURE;
- } else {
- assert(sc_type == RADV_SC_TYPE_INIT_SUCCESS);
- write(device->sc_state->secure_compile_processes[process].fd_secure_output, &sc_type, sizeof(sc_type));
-
- close(fd_secure_input[0]);
- close(fd_secure_input[1]);
- close(fd_secure_output[1]);
- close(fd_secure_output[0]);
-
- int status;
- waitpid(sc_pid, &status, 0);
- }
- }
-
- return RADV_SC_TYPE_INIT_SUCCESS;
-}
-
-/* Run a bare bones fork of a device that was forked right after its creation.
- * This device will have low overhead when it is forked again before each
- * pipeline compilation. This device sits idle and its only job is to fork
- * itself.
- */
-static void run_secure_compile_idle_device(struct radv_device *device, unsigned process,
- int fd_secure_input, int fd_secure_output)
-{
- enum radv_secure_compile_type sc_type = RADV_SC_TYPE_INIT_SUCCESS;
- device->sc_state->secure_compile_processes[process].fd_secure_input = fd_secure_input;
- device->sc_state->secure_compile_processes[process].fd_secure_output = fd_secure_output;
-
- write(fd_secure_output, &sc_type, sizeof(sc_type));
-
- while (true) {
- radv_sc_read(fd_secure_input, &sc_type, sizeof(sc_type), false);
-
- if (sc_type == RADV_SC_TYPE_FORK_DEVICE) {
- sc_type = fork_secure_compile_device(device, process);
-
- if (sc_type == RADV_SC_TYPE_INIT_FAILURE)
- goto secure_compile_exit;
-
- } else if (sc_type == RADV_SC_TYPE_DESTROY_DEVICE) {
- goto secure_compile_exit;
- }
- }
-
-secure_compile_exit:
- close(fd_secure_input);
- close(fd_secure_output);
- _exit(0);
-}
-
-static void destroy_secure_compile_device(struct radv_device *device, unsigned process)
-{
- int fd_secure_input = device->sc_state->secure_compile_processes[process].fd_secure_input;
-
- enum radv_secure_compile_type sc_type = RADV_SC_TYPE_DESTROY_DEVICE;
- write(fd_secure_input, &sc_type, sizeof(sc_type));
-
- close(device->sc_state->secure_compile_processes[process].fd_secure_input);
- close(device->sc_state->secure_compile_processes[process].fd_secure_output);
-
- int status;
- waitpid(device->sc_state->secure_compile_processes[process].sc_pid, &status, 0);
-}
-
-static VkResult fork_secure_compile_idle_device(struct radv_device *device)
-{
- device->sc_state = vk_zalloc(&device->vk.alloc,
- sizeof(struct radv_secure_compile_state),
- 8, VK_SYSTEM_ALLOCATION_SCOPE_DEVICE);
-
- mtx_init(&device->sc_state->secure_compile_mutex, mtx_plain);
-
- pid_t upid = getpid();
- time_t seconds = time(NULL);
-
- char *uid;
- if (asprintf(&uid, "%ld_%ld", (long) upid, (long) seconds) == -1)
- return VK_ERROR_INITIALIZATION_FAILED;
-
- device->sc_state->uid = uid;
-
- uint8_t sc_threads = device->instance->num_sc_threads;
- int fd_secure_input[MAX_SC_PROCS][2];
- int fd_secure_output[MAX_SC_PROCS][2];
-
- /* create pipe descriptors (used to communicate between processes) */
- for (unsigned i = 0; i < sc_threads; i++) {
- if (pipe(fd_secure_input[i]) == -1 ||
- pipe(fd_secure_output[i]) == -1) {
- return VK_ERROR_INITIALIZATION_FAILED;
- }
- }
-
- device->sc_state->secure_compile_processes = vk_zalloc(&device->vk.alloc,
- sizeof(struct radv_secure_compile_process) * sc_threads, 8,
- VK_SYSTEM_ALLOCATION_SCOPE_DEVICE);
-
- for (unsigned process = 0; process < sc_threads; process++) {
- if ((device->sc_state->secure_compile_processes[process].sc_pid = fork()) == 0) {
- device->sc_state->secure_compile_thread_counter = process;
- run_secure_compile_idle_device(device, process, fd_secure_input[process][0], fd_secure_output[process][1]);
- } else {
- if (device->sc_state->secure_compile_processes[process].sc_pid == -1)
- return VK_ERROR_INITIALIZATION_FAILED;
-
- /* Read the init result returned from the secure process */
- enum radv_secure_compile_type sc_type;
- bool sc_read = radv_sc_read(fd_secure_output[process][0], &sc_type, sizeof(sc_type), true);
-
- bool fifo_result;
- if (sc_read && sc_type == RADV_SC_TYPE_INIT_SUCCESS) {
- fifo_result = secure_compile_open_fifo_fds(device->sc_state,
- &device->sc_state->secure_compile_processes[process].fd_server,
- &device->sc_state->secure_compile_processes[process].fd_client,
- process, true);
-
- device->sc_state->secure_compile_processes[process].fd_secure_input = fd_secure_input[process][1];
- device->sc_state->secure_compile_processes[process].fd_secure_output = fd_secure_output[process][0];
- }
-
- if (sc_type == RADV_SC_TYPE_INIT_FAILURE || !sc_read || !fifo_result) {
- close(fd_secure_input[process][0]);
- close(fd_secure_input[process][1]);
- close(fd_secure_output[process][1]);
- close(fd_secure_output[process][0]);
- int status;
- waitpid(device->sc_state->secure_compile_processes[process].sc_pid, &status, 0);
-
- /* Destroy any forks that were created sucessfully */
- for (unsigned i = 0; i < process; i++) {
- destroy_secure_compile_device(device, i);
- }
-
- return VK_ERROR_INITIALIZATION_FAILED;
- }
- }
- }
- return VK_SUCCESS;
-}
-
static void
radv_device_init_dispatch(struct radv_device *device)
{
goto fail;
}
- /* Temporarily disable secure compile while we create meta shaders, etc */
- uint8_t sc_threads = device->instance->num_sc_threads;
- if (sc_threads)
- device->instance->num_sc_threads = 0;
-
device->keep_shader_info = keep_shader_info;
result = radv_device_init_meta(device);
if (result != VK_SUCCESS)
1 << util_logbase2(device->force_aniso));
}
- /* Fork device for secure compile as required */
- device->instance->num_sc_threads = sc_threads;
- if (radv_device_use_secure_compile(device->instance)) {
-
- result = fork_secure_compile_idle_device(device);
- if (result != VK_SUCCESS)
- goto fail_meta;
- }
-
*pDevice = radv_device_to_handle(device);
return VK_SUCCESS;
radv_thread_trace_finish(device);
- if (radv_device_use_secure_compile(device->instance)) {
- for (unsigned i = 0; i < device->instance->num_sc_threads; i++ ) {
- destroy_secure_compile_device(device, i);
- }
- }
-
- if (device->sc_state) {
- free(device->sc_state->uid);
- vk_free(&device->vk.alloc, device->sc_state->secure_compile_processes);
- }
- vk_free(&device->vk.alloc, device->sc_state);
vk_free(&device->vk.alloc, device);
}
return NULL;
}
-static VkResult
-radv_secure_compile(struct radv_pipeline *pipeline,
- struct radv_device *device,
- const struct radv_pipeline_key *key,
- const VkPipelineShaderStageCreateInfo **pStages,
- const VkPipelineCreateFlags flags,
- unsigned num_stages)
-{
- uint8_t allowed_pipeline_hashes[2][20];
- radv_hash_shaders(allowed_pipeline_hashes[0], pStages,
- pipeline->layout, key, get_hash_flags(device));
-
- /* Generate the GC copy hash */
- memcpy(allowed_pipeline_hashes[1], allowed_pipeline_hashes[0], 20);
- allowed_pipeline_hashes[1][0] ^= 1;
-
- uint8_t allowed_hashes[2][20];
- for (unsigned i = 0; i < 2; ++i) {
- disk_cache_compute_key(device->physical_device->disk_cache,
- allowed_pipeline_hashes[i], 20,
- allowed_hashes[i]);
- }
-
- /* Do an early exit if all cache entries are already there. */
- bool may_need_copy_shader = pStages[MESA_SHADER_GEOMETRY];
- void *main_entry = disk_cache_get(device->physical_device->disk_cache, allowed_hashes[0], NULL);
- void *copy_entry = NULL;
- if (may_need_copy_shader)
- copy_entry = disk_cache_get(device->physical_device->disk_cache, allowed_hashes[1], NULL);
-
- bool has_all_cache_entries = main_entry && (!may_need_copy_shader || copy_entry);
- free(main_entry);
- free(copy_entry);
-
- if(has_all_cache_entries)
- return VK_SUCCESS;
-
- unsigned process = 0;
- uint8_t sc_threads = device->instance->num_sc_threads;
- while (true) {
- mtx_lock(&device->sc_state->secure_compile_mutex);
- if (device->sc_state->secure_compile_thread_counter < sc_threads) {
- device->sc_state->secure_compile_thread_counter++;
- for (unsigned i = 0; i < sc_threads; i++) {
- if (!device->sc_state->secure_compile_processes[i].in_use) {
- device->sc_state->secure_compile_processes[i].in_use = true;
- process = i;
- break;
- }
- }
- mtx_unlock(&device->sc_state->secure_compile_mutex);
- break;
- }
- mtx_unlock(&device->sc_state->secure_compile_mutex);
- }
-
- int fd_secure_input = device->sc_state->secure_compile_processes[process].fd_secure_input;
- int fd_secure_output = device->sc_state->secure_compile_processes[process].fd_secure_output;
-
- /* Fork a copy of the slim untainted secure compile process */
- enum radv_secure_compile_type sc_type = RADV_SC_TYPE_FORK_DEVICE;
- write(fd_secure_input, &sc_type, sizeof(sc_type));
-
- if (!radv_sc_read(fd_secure_output, &sc_type, sizeof(sc_type), true) ||
- sc_type != RADV_SC_TYPE_INIT_SUCCESS)
- return VK_ERROR_DEVICE_LOST;
-
- fd_secure_input = device->sc_state->secure_compile_processes[process].fd_server;
- fd_secure_output = device->sc_state->secure_compile_processes[process].fd_client;
-
- /* Write pipeline / shader module out to secure process via pipe */
- sc_type = RADV_SC_TYPE_COMPILE_PIPELINE;
- write(fd_secure_input, &sc_type, sizeof(sc_type));
-
- /* Write pipeline layout out to secure process */
- struct radv_pipeline_layout *layout = pipeline->layout;
- write(fd_secure_input, layout, sizeof(struct radv_pipeline_layout));
- write(fd_secure_input, &layout->num_sets, sizeof(uint32_t));
- for (uint32_t set = 0; set < layout->num_sets; set++) {
- write(fd_secure_input, &layout->set[set].layout->layout_size, sizeof(uint32_t));
- write(fd_secure_input, layout->set[set].layout, layout->set[set].layout->layout_size);
- }
-
- /* Write pipeline key out to secure process */
- write(fd_secure_input, key, sizeof(struct radv_pipeline_key));
-
- /* Write pipeline create flags out to secure process */
- write(fd_secure_input, &flags, sizeof(VkPipelineCreateFlags));
-
- /* Write stage and shader information out to secure process */
- write(fd_secure_input, &num_stages, sizeof(uint32_t));
- for (uint32_t i = 0; i < MESA_SHADER_STAGES; i++) {
- if (!pStages[i])
- continue;
-
- /* Write stage out to secure process */
- gl_shader_stage stage = ffs(pStages[i]->stage) - 1;
- write(fd_secure_input, &stage, sizeof(gl_shader_stage));
-
- /* Write entry point name out to secure process */
- size_t name_size = strlen(pStages[i]->pName) + 1;
- write(fd_secure_input, &name_size, sizeof(size_t));
- write(fd_secure_input, pStages[i]->pName, name_size);
-
- /* Write shader module out to secure process */
- struct radv_shader_module *module = radv_shader_module_from_handle(pStages[i]->module);
- assert(!module->nir);
- size_t module_size = sizeof(struct radv_shader_module) + module->size;
- write(fd_secure_input, &module_size, sizeof(size_t));
- write(fd_secure_input, module, module_size);
-
- /* Write specialization info out to secure process */
- const VkSpecializationInfo *specInfo = pStages[i]->pSpecializationInfo;
- bool has_spec_info = specInfo ? true : false;
- write(fd_secure_input, &has_spec_info, sizeof(bool));
- if (specInfo) {
- write(fd_secure_input, &specInfo->dataSize, sizeof(size_t));
- write(fd_secure_input, specInfo->pData, specInfo->dataSize);
-
- write(fd_secure_input, &specInfo->mapEntryCount, sizeof(uint32_t));
- for (uint32_t j = 0; j < specInfo->mapEntryCount; j++)
- write(fd_secure_input, &specInfo->pMapEntries[j], sizeof(VkSpecializationMapEntry));
- }
- }
-
- /* Read the data returned from the secure process */
- while (sc_type != RADV_SC_TYPE_COMPILE_PIPELINE_FINISHED) {
- if (!radv_sc_read(fd_secure_output, &sc_type, sizeof(sc_type), true))
- return VK_ERROR_DEVICE_LOST;
-
- if (sc_type == RADV_SC_TYPE_WRITE_DISK_CACHE) {
- assert(device->physical_device->disk_cache);
-
- uint8_t disk_sha1[20];
- if (!radv_sc_read(fd_secure_output, disk_sha1, sizeof(uint8_t) * 20, true))
- return VK_ERROR_DEVICE_LOST;
-
- if (memcmp(disk_sha1, allowed_hashes[0], 20) &&
- memcmp(disk_sha1, allowed_hashes[1], 20))
- return VK_ERROR_DEVICE_LOST;
-
- uint32_t entry_size;
- if (!radv_sc_read(fd_secure_output, &entry_size, sizeof(uint32_t), true))
- return VK_ERROR_DEVICE_LOST;
-
- struct cache_entry *entry = malloc(entry_size);
- if (!radv_sc_read(fd_secure_output, entry, entry_size, true))
- return VK_ERROR_DEVICE_LOST;
-
- disk_cache_put(device->physical_device->disk_cache,
- disk_sha1, entry, entry_size,
- NULL);
-
- free(entry);
- } else if (sc_type == RADV_SC_TYPE_READ_DISK_CACHE) {
- uint8_t disk_sha1[20];
- if (!radv_sc_read(fd_secure_output, disk_sha1, sizeof(uint8_t) * 20, true))
- return VK_ERROR_DEVICE_LOST;
-
- if (memcmp(disk_sha1, allowed_hashes[0], 20) &&
- memcmp(disk_sha1, allowed_hashes[1], 20))
- return VK_ERROR_DEVICE_LOST;
-
- size_t size;
- struct cache_entry *entry = (struct cache_entry *)
- disk_cache_get(device->physical_device->disk_cache,
- disk_sha1, &size);
-
- uint8_t found = entry ? 1 : 0;
- write(fd_secure_input, &found, sizeof(uint8_t));
-
- if (found) {
- write(fd_secure_input, &size, sizeof(size_t));
- write(fd_secure_input, entry, size);
- }
-
- free(entry);
- }
- }
-
- sc_type = RADV_SC_TYPE_DESTROY_DEVICE;
- write(fd_secure_input, &sc_type, sizeof(sc_type));
-
- mtx_lock(&device->sc_state->secure_compile_mutex);
- device->sc_state->secure_compile_thread_counter--;
- device->sc_state->secure_compile_processes[process].in_use = false;
- mtx_unlock(&device->sc_state->secure_compile_mutex);
-
- return VK_SUCCESS;
-}
-
static VkResult
radv_pipeline_init(struct radv_pipeline *pipeline,
struct radv_device *device,
}
struct radv_pipeline_key key = radv_generate_graphics_pipeline_key(pipeline, pCreateInfo, &blend, has_view_index);
- if (radv_device_use_secure_compile(device->instance)) {
- return radv_secure_compile(pipeline, device, &key, pStages, pCreateInfo->flags, pCreateInfo->stageCount);
- } else {
- result = radv_create_shaders(pipeline, device, cache, &key, pStages,
- pCreateInfo->flags, pipeline_feedback,
- stage_feedbacks);
- if (result != VK_SUCCESS)
- return result;
- }
+
+ result = radv_create_shaders(pipeline, device, cache, &key, pStages,
+ pCreateInfo->flags, pipeline_feedback,
+ stage_feedbacks);
+ if (result != VK_SUCCESS)
+ return result;
pipeline->graphics.spi_baryc_cntl = S_0286E0_FRONT_FACE_ALL_BITS(1);
radv_pipeline_init_multisample_state(pipeline, &blend, pCreateInfo);
struct radv_pipeline_key key =
radv_generate_compute_pipeline_key(pipeline, pCreateInfo);
- if (radv_device_use_secure_compile(device->instance)) {
- result = radv_secure_compile(pipeline, device, &key, pStages, pCreateInfo->flags, 1);
- *pPipeline = radv_pipeline_to_handle(pipeline);
-
+ result = radv_create_shaders(pipeline, device, cache, &key, pStages,
+ pCreateInfo->flags, pipeline_feedback,
+ stage_feedbacks);
+ if (result != VK_SUCCESS) {
+ radv_pipeline_destroy(device, pipeline, pAllocator);
return result;
- } else {
- result = radv_create_shaders(pipeline, device, cache, &key, pStages,
- pCreateInfo->flags, pipeline_feedback,
- stage_feedbacks);
- if (result != VK_SUCCESS) {
- radv_pipeline_destroy(device, pipeline, pAllocator);
- return result;
- }
}
pipeline->user_data_0[MESA_SHADER_COMPUTE] = radv_pipeline_stage_to_user_data_0(pipeline, MESA_SHADER_COMPUTE, device->physical_device->rad_info.chip_class);
projects / mesa.git / commitdiff