From e522c455e40b06a89885d413d564df40015259b3 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Marek=20Ol=C5=A1=C3=A1k?= Date: Sun, 20 Apr 2014 04:32:24 +0200 Subject: [PATCH] r300g: don't crash when getting NULL colorbuffers Cc: mesa-stable@lists.freedesktop.org --- src/gallium/drivers/r300/r300_blit.c | 4 +-- src/gallium/drivers/r300/r300_context.h | 14 ++++++++ src/gallium/drivers/r300/r300_emit.c | 25 +++++++++----- src/gallium/drivers/r300/r300_state.c | 46 +++++++++++++++---------- 4 files changed, 60 insertions(+), 29 deletions(-) diff --git a/src/gallium/drivers/r300/r300_blit.c b/src/gallium/drivers/r300/r300_blit.c index cc9ea8a8e0d..05e55f3665e 100644 --- a/src/gallium/drivers/r300/r300_blit.c +++ b/src/gallium/drivers/r300/r300_blit.c @@ -130,7 +130,7 @@ static boolean r300_cbzb_clear_allowed(struct r300_context *r300, (struct pipe_framebuffer_state*)r300->fb_state.state; /* Only color clear allowed, and only one colorbuffer. */ - if ((clear_buffers & ~PIPE_CLEAR_COLOR) != 0 || fb->nr_cbufs != 1) + if ((clear_buffers & ~PIPE_CLEAR_COLOR) != 0 || fb->nr_cbufs != 1 || !fb->cbufs[0]) return FALSE; return r300_surface(fb->cbufs[0])->cbzb_allowed; @@ -313,7 +313,7 @@ static void r300_clear(struct pipe_context* pipe, /* Use fast color clear for an AA colorbuffer. * The CMASK is shared between all colorbuffers, so we use it * if there is only one colorbuffer bound. */ - if ((buffers & PIPE_CLEAR_COLOR) && fb->nr_cbufs == 1 && + if ((buffers & PIPE_CLEAR_COLOR) && fb->nr_cbufs == 1 && fb->cbufs[0] && r300_resource(fb->cbufs[0]->texture)->tex.cmask_dwords) { /* Try to obtain the access to the CMASK if we don't have one. */ if (!r300->cmask_access) { diff --git a/src/gallium/drivers/r300/r300_context.h b/src/gallium/drivers/r300/r300_context.h index e6b0181cd84..8736cc73492 100644 --- a/src/gallium/drivers/r300/r300_context.h +++ b/src/gallium/drivers/r300/r300_context.h @@ -688,6 +688,20 @@ static INLINE void r300_mark_atom_dirty(struct r300_context *r300, } } +static INLINE struct pipe_surface * +r300_get_nonnull_cb(struct pipe_framebuffer_state *fb, unsigned i) +{ + if (fb->cbufs[i]) + return fb->cbufs[i]; + + /* The i-th framebuffer is NULL, return any non-NULL one. */ + for (i = 0; i < fb->nr_cbufs; i++) + if (fb->cbufs[i]) + return fb->cbufs[i]; + + return NULL; +} + struct pipe_context* r300_create_context(struct pipe_screen* screen, void *priv); diff --git a/src/gallium/drivers/r300/r300_emit.c b/src/gallium/drivers/r300/r300_emit.c index 9f164139213..b201334cb95 100644 --- a/src/gallium/drivers/r300/r300_emit.c +++ b/src/gallium/drivers/r300/r300_emit.c @@ -42,15 +42,18 @@ void r300_emit_blend_state(struct r300_context* r300, struct r300_blend_state* blend = (struct r300_blend_state*)state; struct pipe_framebuffer_state* fb = (struct pipe_framebuffer_state*)r300->fb_state.state; + struct pipe_surface *cb; CS_LOCALS(r300); - if (fb->nr_cbufs) { - if (fb->cbufs[0]->format == PIPE_FORMAT_R16G16B16A16_FLOAT) { + cb = fb->nr_cbufs ? r300_get_nonnull_cb(fb, 0) : NULL; + + if (cb) { + if (cb->format == PIPE_FORMAT_R16G16B16A16_FLOAT) { WRITE_CS_TABLE(blend->cb_noclamp, size); - } else if (fb->cbufs[0]->format == PIPE_FORMAT_R16G16B16X16_FLOAT) { + } else if (cb->format == PIPE_FORMAT_R16G16B16X16_FLOAT) { WRITE_CS_TABLE(blend->cb_noclamp_noalpha, size); } else { - unsigned swz = r300_surface(fb->cbufs[0])->colormask_swizzle; + unsigned swz = r300_surface(cb)->colormask_swizzle; WRITE_CS_TABLE(blend->cb_clamp[swz], size); } } else { @@ -88,9 +91,11 @@ void r300_emit_dsa_state(struct r300_context* r300, unsigned size, void* state) /* Choose the alpha ref value between 8-bit (FG_ALPHA_FUNC.AM_VAL) and * 16-bit (FG_ALPHA_VALUE). */ if (is_r500 && (alpha_func & R300_FG_ALPHA_FUNC_ENABLE)) { - if (fb->nr_cbufs && - (fb->cbufs[0]->format == PIPE_FORMAT_R16G16B16A16_FLOAT || - fb->cbufs[0]->format == PIPE_FORMAT_R16G16B16X16_FLOAT)) { + struct pipe_surface *cb = fb->nr_cbufs ? r300_get_nonnull_cb(fb, 0) : NULL; + + if (cb && + (cb->format == PIPE_FORMAT_R16G16B16A16_FLOAT || + cb->format == PIPE_FORMAT_R16G16B16X16_FLOAT)) { alpha_func |= R500_FG_ALPHA_FUNC_FP16_ENABLE; } else { alpha_func |= R500_FG_ALPHA_FUNC_8BIT; @@ -419,7 +424,7 @@ void r300_emit_fb_state(struct r300_context* r300, unsigned size, void* state) /* Set up colorbuffers. */ for (i = 0; i < fb->nr_cbufs; i++) { - surf = r300_surface(fb->cbufs[i]); + surf = r300_surface(r300_get_nonnull_cb(fb, i)); OUT_CS_REG(R300_RB3D_COLOROFFSET0 + (4 * i), surf->offset); OUT_CS_RELOC(surf); @@ -600,7 +605,7 @@ void r300_emit_fb_state_pipelined(struct r300_context *r300, * (must be written after unpipelined regs) */ OUT_CS_REG_SEQ(R300_US_OUT_FMT_0, 4); for (i = 0; i < num_cbufs; i++) { - OUT_CS(r300_surface(fb->cbufs[i])->format); + OUT_CS(r300_surface(r300_get_nonnull_cb(fb, i))->format); } for (; i < 1; i++) { OUT_CS(R300_US_OUT_FMT_C4_8 | @@ -1310,6 +1315,8 @@ validate: if (r300->fb_state.dirty) { /* Color buffers... */ for (i = 0; i < fb->nr_cbufs; i++) { + if (!fb->cbufs[i]) + continue; tex = r300_resource(fb->cbufs[i]->texture); assert(tex && tex->buf && "cbuf is marked, but NULL!"); r300->rws->cs_add_reloc(r300->cs, tex->cs_buf, diff --git a/src/gallium/drivers/r300/r300_state.c b/src/gallium/drivers/r300/r300_state.c index 5472263781e..b664c97f4dd 100644 --- a/src/gallium/drivers/r300/r300_state.c +++ b/src/gallium/drivers/r300/r300_state.c @@ -579,16 +579,17 @@ static void r300_set_blend_color(struct pipe_context* pipe, struct r300_blend_color_state *state = (struct r300_blend_color_state*)r300->blend_color_state.state; struct pipe_blend_color c; - enum pipe_format format = fb->nr_cbufs ? fb->cbufs[0]->format : 0; + struct pipe_surface *cb; float tmp; CB_LOCALS; state->state = *color; /* Save it, so that we can reuse it in set_fb_state */ c = *color; + cb = fb->nr_cbufs ? r300_get_nonnull_cb(fb, 0) : NULL; /* The blend color is dependent on the colorbuffer format. */ - if (fb->nr_cbufs) { - switch (format) { + if (cb) { + switch (cb->format) { case PIPE_FORMAT_R8_UNORM: case PIPE_FORMAT_L8_UNORM: case PIPE_FORMAT_I8_UNORM: @@ -623,7 +624,7 @@ static void r300_set_blend_color(struct pipe_context* pipe, BEGIN_CB(state->cb, 3); OUT_CB_REG_SEQ(R500_RB3D_CONSTANT_COLOR_AR, 2); - switch (format) { + switch (cb ? cb->format : 0) { case PIPE_FORMAT_R16G16B16A16_FLOAT: case PIPE_FORMAT_R16G16B16X16_FLOAT: OUT_CB(util_float_to_half(c.color[2]) | @@ -858,6 +859,9 @@ static void r300_fb_set_tiling_flags(struct r300_context *r300, /* Set tiling flags for new surfaces. */ for (i = 0; i < state->nr_cbufs; i++) { + if (!state->cbufs[i]) + continue; + r300_tex_set_tiling_flags(r300, r300_resource(state->cbufs[i]->texture), state->cbufs[i]->u.tex.level); @@ -950,7 +954,8 @@ static unsigned r300_get_num_samples(struct r300_context *r300) num_samples = 6; for (i = 0; i < fb->nr_cbufs; i++) - num_samples = MIN2(num_samples, fb->cbufs[i]->texture->nr_samples); + if (fb->cbufs[i]) + num_samples = MIN2(num_samples, fb->cbufs[i]->texture->nr_samples); if (fb->zsbuf) num_samples = MIN2(num_samples, fb->zsbuf->texture->nr_samples); @@ -967,7 +972,7 @@ r300_set_framebuffer_state(struct pipe_context* pipe, { struct r300_context* r300 = r300_context(pipe); struct r300_aa_state *aa = (struct r300_aa_state*)r300->aa_state.state; - struct pipe_framebuffer_state *old_state = r300->fb_state.state; + struct pipe_framebuffer_state *current_state = r300->fb_state.state; unsigned max_width, max_height, i; uint32_t zbuffer_bpp = 0; boolean unlock_zbuffer = FALSE; @@ -986,17 +991,17 @@ r300_set_framebuffer_state(struct pipe_context* pipe, return; } - if (old_state->zsbuf && r300->zmask_in_use && !r300->locked_zbuffer) { + if (current_state->zsbuf && r300->zmask_in_use && !r300->locked_zbuffer) { /* There is a zmask in use, what are we gonna do? */ if (state->zsbuf) { - if (!pipe_surface_equal(old_state->zsbuf, state->zsbuf)) { + if (!pipe_surface_equal(current_state->zsbuf, state->zsbuf)) { /* Decompress the currently bound zbuffer before we bind another one. */ r300_decompress_zmask(r300); r300->hiz_in_use = FALSE; } } else { /* We don't bind another zbuffer, so lock the current one. */ - pipe_surface_reference(&r300->locked_zbuffer, old_state->zsbuf); + pipe_surface_reference(&r300->locked_zbuffer, current_state->zsbuf); } } else if (r300->locked_zbuffer) { /* We have a locked zbuffer now, what are we gonna do? */ @@ -1014,9 +1019,20 @@ r300_set_framebuffer_state(struct pipe_context* pipe, } assert(state->zsbuf || (r300->locked_zbuffer && !unlock_zbuffer) || !r300->zmask_in_use); + /* If zsbuf is set from NULL to non-NULL or vice versa.. */ + if (!!current_state->zsbuf != !!state->zsbuf) { + r300_mark_atom_dirty(r300, &r300->dsa_state); + } + + util_copy_framebuffer_state(r300->fb_state.state, state); + + /* Remove trailing NULL colorbuffers. */ + while (current_state->nr_cbufs && !current_state->cbufs[current_state->nr_cbufs-1]) + current_state->nr_cbufs--; + /* Set whether CMASK can be used. */ r300->cmask_in_use = - state->nr_cbufs == 1 && + state->nr_cbufs == 1 && state->cbufs[0] && r300->screen->cmask_resource == state->cbufs[0]->texture; /* Need to reset clamping or colormask. */ @@ -1025,11 +1041,6 @@ r300_set_framebuffer_state(struct pipe_context* pipe, /* Re-swizzle the blend color. */ r300_set_blend_color(pipe, &((struct r300_blend_color_state*)r300->blend_color_state.state)->state); - /* If zsbuf is set from NULL to non-NULL or vice versa.. */ - if (!!old_state->zsbuf != !!state->zsbuf) { - r300_mark_atom_dirty(r300, &r300->dsa_state); - } - if (r300->screen->info.drm_minor < 12) { /* The tiling flags are dependent on the surface miplevel, unfortunately. * This workarounds a bad design decision in old kernels which were @@ -1037,8 +1048,6 @@ r300_set_framebuffer_state(struct pipe_context* pipe, r300_fb_set_tiling_flags(r300, state); } - util_copy_framebuffer_state(r300->fb_state.state, state); - if (unlock_zbuffer) { pipe_surface_reference(&r300->locked_zbuffer, NULL); } @@ -1089,7 +1098,8 @@ r300_set_framebuffer_state(struct pipe_context* pipe, if (DBG_ON(r300, DBG_FB)) { fprintf(stderr, "r300: set_framebuffer_state:\n"); for (i = 0; i < state->nr_cbufs; i++) { - r300_print_fb_surf_info(state->cbufs[i], i, "CB"); + if (state->cbufs[i]) + r300_print_fb_surf_info(state->cbufs[i], i, "CB"); } if (state->zsbuf) { r300_print_fb_surf_info(state->zsbuf, 0, "ZB"); -- 2.30.2