From 3fbbd79d9cf8c3e9cd591ddb7887d4ff2519d046 Mon Sep 17 00:00:00 2001 From: Rob Clark Date: Tue, 6 Feb 2024 10:36:09 -0800 Subject: [PATCH] freedreno/decode: Fix prefetch handling for IB1 crash Found this while investigating iova faults, with impossibly low iova (ie. fault addresses like 0x0000000000181800). Looks like fetching past the end of memory mapped GMEM when doing a CP_BLIT resolve blit. But because the fault GPU is waiting in a CP_WAIT_FOR_ME in IB1 after the resolve blit, crashdec wasn't correctly finding the location. We should just skip all the complicated bits working backwards in IB1 to find the jump into IB2 if we see that the crash is actually in IB1. Signed-off-by: Rob Clark Part-of: --- src/freedreno/decode/crashdec-prefetch.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/freedreno/decode/crashdec-prefetch.c b/src/freedreno/decode/crashdec-prefetch.c index 0fcec586d59..8835db5460f 100644 --- a/src/freedreno/decode/crashdec-prefetch.c +++ b/src/freedreno/decode/crashdec-prefetch.c @@ -195,9 +195,14 @@ handle_prefetch(uint32_t *dwords, uint32_t sizedwords) { struct prefetch_state rb_state = {}; struct ib *ib1 = scan_cmdstream(&rb_state, 1, dwords, sizedwords); + if (!ib1) return; + /* If the gpu crashed in IB1, we can skip the rest: */ + if (!options.ibs[2].rem) + return; + struct prefetch_state ib1_state = {}; /* Once we find the actual IB1 position, we need to find the IB2 position.