From 4432a2d14d80081d062f7939a950d65ea3a16eed Mon Sep 17 00:00:00 2001 From: Danylo Piliaiev Date: Wed, 30 Oct 2019 16:14:06 +0200 Subject: [PATCH] intel/blorp: Fix usage of uninitialized memory in key hashing The automatically generated padding in structs contains undefined values, force pack the structs to eliminate the padding. Otherwise structs with the same values may generate different hashes. Valgrind output: Conditional jump or move depends on uninitialised value(s) util_fast_urem32 (fast_urem_by_const.h:71) hash_table_search (hash_table.c:262) _mesa_hash_table_search (hash_table.c:296) anv_pipeline_cache_search_locked (anv_pipeline_cache.c:318) anv_pipeline_cache_search (anv_pipeline_cache.c:335) lookup_blorp_shader (anv_blorp.c:38) blorp_params_get_mcs_partial_resolve_kernel (blorp_clear.c:1112) blorp_mcs_partial_resolve (blorp_clear.c:1205) anv_image_mcs_op (anv_blorp.c:1742) anv_cmd_predicated_mcs_resolve (genX_cmd_buffer.c:774) transition_color_buffer (genX_cmd_buffer.c:1159) cmd_buffer_end_subpass (genX_cmd_buffer.c:4840) Uninitialised value was created by a stack allocation blorp_params_get_mcs_partial_resolve_kernel (blorp_clear.c:1103) Cc: Signed-off-by: Danylo Piliaiev Reviewed-by: Lionel Landwerlin --- src/intel/blorp/blorp_clear.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/intel/blorp/blorp_clear.c b/src/intel/blorp/blorp_clear.c index 901fde9095b..b8a68ffdbec 100644 --- a/src/intel/blorp/blorp_clear.c +++ b/src/intel/blorp/blorp_clear.c @@ -34,13 +34,14 @@ #define FILE_DEBUG_FLAG DEBUG_BLORP +#pragma pack(push, 1) struct brw_blorp_const_color_prog_key { enum blorp_shader_type shader_type; /* Must be BLORP_SHADER_TYPE_CLEAR */ bool use_simd16_replicated_data; bool clear_rgb_as_red; - bool pad[3]; }; +#pragma pack(pop) static bool blorp_params_get_clear_kernel(struct blorp_batch *batch, @@ -108,10 +109,12 @@ blorp_params_get_clear_kernel(struct blorp_batch *batch, return result; } +#pragma pack(push, 1) struct layer_offset_vs_key { enum blorp_shader_type shader_type; unsigned num_inputs; }; +#pragma pack(pop) /* In the case of doing attachment clears, we are using a surface state that * is handed to us so we can't set (and don't even know) the base array layer. @@ -1089,6 +1092,7 @@ blorp_nir_bit(nir_builder *b, nir_ssa_def *src, unsigned bit) nir_imm_int(b, 1)); } +#pragma pack(push, 1) struct blorp_mcs_partial_resolve_key { enum blorp_shader_type shader_type; @@ -1096,6 +1100,7 @@ struct blorp_mcs_partial_resolve_key bool int_format; uint32_t num_samples; }; +#pragma pack(pop) static bool blorp_params_get_mcs_partial_resolve_kernel(struct blorp_batch *batch, -- 2.30.2