radv: remove the secure compile support feature

Steam was the only client of this feature and it seems no longer used. Signed-off-by: Samuel Pitoiset <samuel.pitoiset@gmail.com> Reviewed-by: Bas Nieuwenhuizen <bas@basnieuwenhuizen.nl> Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/5869>
2020-07-12 13:59:14 +02:00
parent 59b4c623c9
commit 7324977e42
6 changed files with 16 additions and 920 deletions
--- a/docs/envvars.rst
+++ b/docs/envvars.rst
@@ -588,8 +588,6 @@ RADV driver environment variables
   ``tccompatcmask``
      enable TC-compat cmask for MSAA images
 ``RADV_SECURE_COMPILE_THREADS``
   maximum number of secure compile threads (up to 32)
 ``RADV_TEX_ANISO``
   force anisotropy filter (up to 16)
 ``RADV_TRACE_FILE``
--- a/src/amd/vulkan/radv_device.c
+++ b/src/amd/vulkan/radv_device.c
@@ -643,19 +643,9 @@ VkResult radv_CreateInstance(
 	if (instance->apiVersion == 0)
 		instance->apiVersion = VK_API_VERSION_1_0;
 	/* Get secure compile thread count. NOTE: We cap this at 32 */
 #define MAX_SC_PROCS 32
 	char *num_sc_threads = getenv("RADV_SECURE_COMPILE_THREADS");
 	if (num_sc_threads)
 		instance->num_sc_threads = MIN2(strtoul(num_sc_threads, NULL, 10), MAX_SC_PROCS);
 	instance->debug_flags = parse_debug_string(getenv("RADV_DEBUG"),
 						   radv_debug_options);
 	/* Disable memory cache when secure compile is set */
 	if (radv_device_use_secure_compile(instance))
 		instance->debug_flags |= RADV_DEBUG_NO_MEMORY_CACHE;
 	instance->perftest_flags = parse_debug_string(getenv("RADV_PERFTEST"),
 						   radv_perftest_options);
@@ -2372,537 +2362,6 @@ radv_get_int_debug_option(const char *name, int default_value)
 	return result;
 }
 static int install_seccomp_filter() {
 	struct sock_filter filter[] = {
 		/* Check arch is 64bit x86 */
 		BPF_STMT(BPF_LD + BPF_W + BPF_ABS, (offsetof(struct seccomp_data, arch))),
 		BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, AUDIT_ARCH_X86_64, 0, 12),
 		/* Futex is required for mutex locks */
 		#if defined __NR__newselect
 		BPF_STMT(BPF_LD + BPF_W + BPF_ABS, (offsetof(struct seccomp_data, nr))),
 		BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, __NR__newselect, 11, 0),
 		#elif defined __NR_select
 		BPF_STMT(BPF_LD + BPF_W + BPF_ABS, (offsetof(struct seccomp_data, nr))),
 		BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, __NR_select, 11, 0),
 		#else
 		BPF_STMT(BPF_LD + BPF_W + BPF_ABS, (offsetof(struct seccomp_data, nr))),
 		BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, __NR_pselect6, 11, 0),
 		#endif
 		/* Allow system exit calls for the forked process */
 		BPF_STMT(BPF_LD + BPF_W + BPF_ABS, (offsetof(struct seccomp_data, nr))),
 		BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, __NR_exit_group, 9, 0),
 		/* Allow system read calls */
 		BPF_STMT(BPF_LD + BPF_W + BPF_ABS, (offsetof(struct seccomp_data, nr))),
 		BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, __NR_read, 7, 0),
 		/* Allow system write calls */
 		BPF_STMT(BPF_LD + BPF_W + BPF_ABS, (offsetof(struct seccomp_data, nr))),
 		BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, __NR_write, 5, 0),
 		/* Allow system brk calls (we need this for malloc) */
 		BPF_STMT(BPF_LD + BPF_W + BPF_ABS, (offsetof(struct seccomp_data, nr))),
 		BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, __NR_brk, 3, 0),
 		/* Futex is required for mutex locks */
 		BPF_STMT(BPF_LD + BPF_W + BPF_ABS, (offsetof(struct seccomp_data, nr))),
 		BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, __NR_futex, 1, 0),
 		/* Return error if we hit a system call not on the whitelist */
 		BPF_STMT(BPF_RET + BPF_K, SECCOMP_RET_ERRNO | (EPERM & SECCOMP_RET_DATA)),
 		/* Allow whitelisted system calls */
 		BPF_STMT(BPF_RET + BPF_K, SECCOMP_RET_ALLOW),
 	};
 	struct sock_fprog prog = {
 		.len = (unsigned short)(sizeof(filter) / sizeof(filter[0])),
 		.filter = filter,
 	};
 	if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0))
 		return -1;
 	if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog))
 		return -1;
 	return 0;
 }
 /* Helper function with timeout support for reading from the pipe between
 * processes used for secure compile.
 */
 bool radv_sc_read(int fd, void *buf, size_t size, bool timeout)
 {
 	fd_set fds;
 	struct timeval tv;
 	FD_ZERO(&fds);
 	FD_SET(fd, &fds);
 	while (true) {
 		/* We can't rely on the value of tv after calling select() so
 		 * we must reset it on each iteration of the loop.
 		 */
 		tv.tv_sec = 5;
 		tv.tv_usec = 0;
 		int rval = select(fd + 1, &fds, NULL, NULL, timeout ? &tv : NULL);
 		if (rval == -1) {
 			/* select error */
 			return false;
 		} else if (rval) {
 			ssize_t bytes_read = read(fd, buf, size);
 			if (bytes_read < 0)
 				return false;
 			buf += bytes_read;
 			size -= bytes_read;
 			if (size == 0)
 				return true;
 		} else {
 			/* select timeout */
 			return false;
 		}
 	}
 }
 static bool radv_close_all_fds(const int *keep_fds, int keep_fd_count)
 {
 	DIR *d;
 	struct dirent *dir;
 	d = opendir("/proc/self/fd");
 	if (!d)
 		return false;
 	int dir_fd = dirfd(d);
 	while ((dir = readdir(d)) != NULL) {
 		if (dir->d_name[0] == '.')
 			continue;
 		int fd = atoi(dir->d_name);
 		if (fd == dir_fd)
 			continue;
 		bool keep = false;
 		for (int i = 0; !keep && i < keep_fd_count; ++i)
 			if (keep_fds[i] == fd)
 				keep = true;
 		if (keep)
 			continue;
 		close(fd);
 	}
 	closedir(d);
 	return true;
 }
 static bool secure_compile_open_fifo_fds(struct radv_secure_compile_state *sc,
 					 int *fd_server, int *fd_client,
 					 unsigned process, bool make_fifo)
 {
 	bool result = false;
 	char *fifo_server_path = NULL;
 	char *fifo_client_path = NULL;
 	if (asprintf(&fifo_server_path, "/tmp/radv_server_%s_%u", sc->uid, process) == -1)
 		goto open_fifo_exit;
 	if (asprintf(&fifo_client_path, "/tmp/radv_client_%s_%u", sc->uid, process) == -1)
 		goto open_fifo_exit;
 	if (make_fifo) {
 		int file1 = mkfifo(fifo_server_path, 0666);
 		if(file1 < 0)
 			goto open_fifo_exit;
 		int file2 = mkfifo(fifo_client_path, 0666);
 		if(file2 < 0)
 			goto open_fifo_exit;
 	}
 	*fd_server = open(fifo_server_path, O_RDWR);
 	if(*fd_server < 1)
 		goto open_fifo_exit;
 	*fd_client = open(fifo_client_path, O_RDWR);
 	if(*fd_client < 1) {
 		close(*fd_server);
 		goto open_fifo_exit;
 	}
 	result = true;
 open_fifo_exit:
 	free(fifo_server_path);
 	free(fifo_client_path);
 	return result;
 }
 static void run_secure_compile_device(struct radv_device *device, unsigned process,
 				      int fd_idle_device_output)
 {
 	int fd_secure_input;
 	int fd_secure_output;
 	bool fifo_result = secure_compile_open_fifo_fds(device->sc_state,
 							&fd_secure_input,
 							&fd_secure_output,
 							process, false);
 	enum radv_secure_compile_type sc_type;
 	const int needed_fds[] = {
 		fd_secure_input,
 		fd_secure_output,
 		fd_idle_device_output,
 	};
 	if (!fifo_result || !radv_close_all_fds(needed_fds, ARRAY_SIZE(needed_fds)) ||
 	    install_seccomp_filter() == -1) {
 		sc_type = RADV_SC_TYPE_INIT_FAILURE;
 	} else {
 		sc_type = RADV_SC_TYPE_INIT_SUCCESS;
 		device->sc_state->secure_compile_processes[process].fd_secure_input = fd_secure_input;
 		device->sc_state->secure_compile_processes[process].fd_secure_output = fd_secure_output;
 	}
 	write(fd_idle_device_output, &sc_type, sizeof(sc_type));
 	if (sc_type == RADV_SC_TYPE_INIT_FAILURE)
 		goto secure_compile_exit;
 	while (true) {
 		radv_sc_read(fd_secure_input, &sc_type, sizeof(sc_type), false);
 		if (sc_type == RADV_SC_TYPE_COMPILE_PIPELINE) {
 			struct radv_pipeline *pipeline;
 			bool sc_read = true;
 			pipeline = vk_zalloc2(&device->vk.alloc, NULL, sizeof(*pipeline), 8,
 					      VK_SYSTEM_ALLOCATION_SCOPE_OBJECT);
 			pipeline->device = device;
 			/* Read pipeline layout */
 			struct radv_pipeline_layout layout;
 			sc_read = radv_sc_read(fd_secure_input, &layout, sizeof(struct radv_pipeline_layout), true);
 			sc_read &= radv_sc_read(fd_secure_input, &layout.num_sets, sizeof(uint32_t), true);
 			if (!sc_read)
 				goto secure_compile_exit;
 			for (uint32_t set = 0; set < layout.num_sets; set++) {
 				uint32_t layout_size;
 				sc_read &= radv_sc_read(fd_secure_input, &layout_size, sizeof(uint32_t), true);
 				if (!sc_read)
 					goto secure_compile_exit;
 				layout.set[set].layout = malloc(layout_size);
 				layout.set[set].layout->layout_size = layout_size;
 				sc_read &= radv_sc_read(fd_secure_input, layout.set[set].layout,
 							layout.set[set].layout->layout_size, true);
 			}
 			pipeline->layout = &layout;
 			/* Read pipeline key */
 			struct radv_pipeline_key key;
 			sc_read &= radv_sc_read(fd_secure_input, &key, sizeof(struct radv_pipeline_key), true);
 			/* Read pipeline create flags */
 			VkPipelineCreateFlags flags;
 			sc_read &= radv_sc_read(fd_secure_input, &flags, sizeof(VkPipelineCreateFlags), true);
 			/* Read stage and shader information */
 			uint32_t num_stages;
 			const VkPipelineShaderStageCreateInfo *pStages[MESA_SHADER_STAGES] = { 0, };
 			sc_read &= radv_sc_read(fd_secure_input, &num_stages, sizeof(uint32_t), true);
 			if (!sc_read)
 				goto secure_compile_exit;
 			for (uint32_t i = 0; i < num_stages; i++) {
 				/* Read stage */
 				gl_shader_stage stage;
 				sc_read &= radv_sc_read(fd_secure_input, &stage, sizeof(gl_shader_stage), true);
 				VkPipelineShaderStageCreateInfo *pStage = calloc(1, sizeof(VkPipelineShaderStageCreateInfo));
 				/* Read entry point name */
 				size_t name_size;
 				sc_read &= radv_sc_read(fd_secure_input, &name_size, sizeof(size_t), true);
 				if (!sc_read)
 					goto secure_compile_exit;
 				char *ep_name = malloc(name_size);
 				sc_read &= radv_sc_read(fd_secure_input, ep_name, name_size, true);
 				pStage->pName = ep_name;
 				/* Read shader module */
 				size_t module_size;
 				sc_read &= radv_sc_read(fd_secure_input, &module_size, sizeof(size_t), true);
 				if (!sc_read)
 					goto secure_compile_exit;
 				struct radv_shader_module *module = malloc(module_size);
 				sc_read &= radv_sc_read(fd_secure_input, module, module_size, true);
 				pStage->module = radv_shader_module_to_handle(module);
 				/* Read specialization info */
 				bool has_spec_info;
 				sc_read &= radv_sc_read(fd_secure_input, &has_spec_info, sizeof(bool), true);
 				if (!sc_read)
 					goto secure_compile_exit;
 				if (has_spec_info) {
 					VkSpecializationInfo *specInfo = malloc(sizeof(VkSpecializationInfo));
 					pStage->pSpecializationInfo = specInfo;
 					sc_read &= radv_sc_read(fd_secure_input, &specInfo->dataSize, sizeof(size_t), true);
 					if (!sc_read)
 						goto secure_compile_exit;
 					void *si_data = malloc(specInfo->dataSize);
 					sc_read &= radv_sc_read(fd_secure_input, si_data, specInfo->dataSize, true);
 					specInfo->pData = si_data;
 					sc_read &= radv_sc_read(fd_secure_input, &specInfo->mapEntryCount, sizeof(uint32_t), true);
 					if (!sc_read)
 						goto secure_compile_exit;
 					VkSpecializationMapEntry *mapEntries = malloc(sizeof(VkSpecializationMapEntry) * specInfo->mapEntryCount);
 					for (uint32_t j = 0; j < specInfo->mapEntryCount; j++) {
 						sc_read &= radv_sc_read(fd_secure_input, &mapEntries[j], sizeof(VkSpecializationMapEntry), true);
 						if (!sc_read)
 							goto secure_compile_exit;
 					}
 					specInfo->pMapEntries = mapEntries;
 				}
 				pStages[stage] = pStage;
 			}
 			/* Compile the shaders */
 			VkPipelineCreationFeedbackEXT *stage_feedbacks[MESA_SHADER_STAGES] = { 0 };
 			/* Not fully to spec but if we're doing sandboxed compilations already this doesn't matter. */
 			flags &= ~VK_PIPELINE_CREATE_FAIL_ON_PIPELINE_COMPILE_REQUIRED_BIT_EXT;
 			radv_create_shaders(pipeline, device, NULL, &key, pStages, flags, NULL, stage_feedbacks);
 			/* free memory allocated above */
 			for (uint32_t set = 0; set < layout.num_sets; set++)
 				free(layout.set[set].layout);
 			for (uint32_t i = 0; i < MESA_SHADER_STAGES; i++) {
 				if (!pStages[i])
 					continue;
 				free((void *) pStages[i]->pName);
 				free(radv_shader_module_from_handle(pStages[i]->module));
 				if (pStages[i]->pSpecializationInfo) {
 					free((void *) pStages[i]->pSpecializationInfo->pData);
 					free((void *) pStages[i]->pSpecializationInfo->pMapEntries);
 					free((void *) pStages[i]->pSpecializationInfo);
 				}
 				free((void *) pStages[i]);
 			}
 			vk_free(&device->vk.alloc, pipeline);
 			sc_type = RADV_SC_TYPE_COMPILE_PIPELINE_FINISHED;
 			write(fd_secure_output, &sc_type, sizeof(sc_type));
 		} else if (sc_type == RADV_SC_TYPE_DESTROY_DEVICE) {
 			goto secure_compile_exit;
 		}
 	}
 secure_compile_exit:
 	close(fd_secure_input);
 	close(fd_secure_output);
 	close(fd_idle_device_output);
 	_exit(0);
 }
 static enum radv_secure_compile_type fork_secure_compile_device(struct radv_device *device, unsigned process)
 {
 	int fd_secure_input[2];
 	int fd_secure_output[2];
 	/* create pipe descriptors (used to communicate between processes) */
 	if (pipe(fd_secure_input) == -1 || pipe(fd_secure_output) == -1)
 		return RADV_SC_TYPE_INIT_FAILURE;
 	int sc_pid;
 	if ((sc_pid = fork()) == 0) {
 		device->sc_state->secure_compile_thread_counter = process;
 		run_secure_compile_device(device, process, fd_secure_output[1]);
 	} else {
 		if (sc_pid == -1)
 			return RADV_SC_TYPE_INIT_FAILURE;
 		/* Read the init result returned from the secure process */
 		enum radv_secure_compile_type sc_type;
 		bool sc_read = radv_sc_read(fd_secure_output[0], &sc_type, sizeof(sc_type), true);
 		if (sc_type == RADV_SC_TYPE_INIT_FAILURE || !sc_read) {
 			close(fd_secure_input[0]);
 			close(fd_secure_input[1]);
 			close(fd_secure_output[1]);
 			close(fd_secure_output[0]);
 			int status;
 			waitpid(sc_pid, &status, 0);
 			return RADV_SC_TYPE_INIT_FAILURE;
 		} else {
 			assert(sc_type == RADV_SC_TYPE_INIT_SUCCESS);
 			write(device->sc_state->secure_compile_processes[process].fd_secure_output, &sc_type, sizeof(sc_type));
 			close(fd_secure_input[0]);
 			close(fd_secure_input[1]);
 			close(fd_secure_output[1]);
 			close(fd_secure_output[0]);
 			int status;
 			waitpid(sc_pid, &status, 0);
 		}
 	}
 	return RADV_SC_TYPE_INIT_SUCCESS;
 }
 /* Run a bare bones fork of a device that was forked right after its creation.
 * This device will have low overhead when it is forked again before each
 * pipeline compilation. This device sits idle and its only job is to fork
 * itself.
 */
 static void run_secure_compile_idle_device(struct radv_device *device, unsigned process,
 					    int fd_secure_input, int fd_secure_output)
 {
 	enum radv_secure_compile_type sc_type = RADV_SC_TYPE_INIT_SUCCESS;
 	device->sc_state->secure_compile_processes[process].fd_secure_input = fd_secure_input;
 	device->sc_state->secure_compile_processes[process].fd_secure_output = fd_secure_output;
 	write(fd_secure_output, &sc_type, sizeof(sc_type));
 	while (true) {
 		radv_sc_read(fd_secure_input, &sc_type, sizeof(sc_type), false);
 		if (sc_type == RADV_SC_TYPE_FORK_DEVICE) {
 			sc_type = fork_secure_compile_device(device, process);
 			if (sc_type == RADV_SC_TYPE_INIT_FAILURE)
 				goto secure_compile_exit;
 		} else if (sc_type == RADV_SC_TYPE_DESTROY_DEVICE) {
 			goto secure_compile_exit;
 		}
 	}
 secure_compile_exit:
 	close(fd_secure_input);
 	close(fd_secure_output);
 	_exit(0);
 }
 static void destroy_secure_compile_device(struct radv_device *device, unsigned process)
 {
 	int fd_secure_input = device->sc_state->secure_compile_processes[process].fd_secure_input;
 	enum radv_secure_compile_type sc_type = RADV_SC_TYPE_DESTROY_DEVICE;
 	write(fd_secure_input, &sc_type, sizeof(sc_type));
 	close(device->sc_state->secure_compile_processes[process].fd_secure_input);
 	close(device->sc_state->secure_compile_processes[process].fd_secure_output);
 	int status;
 	waitpid(device->sc_state->secure_compile_processes[process].sc_pid, &status, 0);
 }
 static VkResult fork_secure_compile_idle_device(struct radv_device *device)
 {
 	device->sc_state = vk_zalloc(&device->vk.alloc,
 				     sizeof(struct radv_secure_compile_state),
 				     8, VK_SYSTEM_ALLOCATION_SCOPE_DEVICE);
 	mtx_init(&device->sc_state->secure_compile_mutex, mtx_plain);
 	pid_t upid = getpid();
 	time_t seconds = time(NULL);
 	char *uid;
 	if (asprintf(&uid, "%ld_%ld", (long) upid, (long) seconds) == -1)
 		return VK_ERROR_INITIALIZATION_FAILED;
 	device->sc_state->uid = uid;
 	uint8_t sc_threads = device->instance->num_sc_threads;
 	int fd_secure_input[MAX_SC_PROCS][2];
 	int fd_secure_output[MAX_SC_PROCS][2];
 	/* create pipe descriptors (used to communicate between processes) */
 	for (unsigned i = 0; i < sc_threads; i++) {
 		if (pipe(fd_secure_input[i]) == -1 ||
 		    pipe(fd_secure_output[i]) == -1) {
 			return VK_ERROR_INITIALIZATION_FAILED;
 		}
 	}
 	device->sc_state->secure_compile_processes = vk_zalloc(&device->vk.alloc,
 								sizeof(struct radv_secure_compile_process) * sc_threads, 8,
 								VK_SYSTEM_ALLOCATION_SCOPE_DEVICE);
 	for (unsigned process = 0; process < sc_threads; process++) {
 		if ((device->sc_state->secure_compile_processes[process].sc_pid = fork()) == 0) {
 			device->sc_state->secure_compile_thread_counter = process;
 			run_secure_compile_idle_device(device, process, fd_secure_input[process][0], fd_secure_output[process][1]);
 		} else {
 			if (device->sc_state->secure_compile_processes[process].sc_pid == -1)
 				return VK_ERROR_INITIALIZATION_FAILED;
 			/* Read the init result returned from the secure process */
 			enum radv_secure_compile_type sc_type;
 			bool sc_read = radv_sc_read(fd_secure_output[process][0], &sc_type, sizeof(sc_type), true);
 			bool fifo_result;
 			if (sc_read && sc_type == RADV_SC_TYPE_INIT_SUCCESS) {
 				fifo_result = secure_compile_open_fifo_fds(device->sc_state,
 									   &device->sc_state->secure_compile_processes[process].fd_server,
 									   &device->sc_state->secure_compile_processes[process].fd_client,
 									   process, true);
 				device->sc_state->secure_compile_processes[process].fd_secure_input = fd_secure_input[process][1];
 				device->sc_state->secure_compile_processes[process].fd_secure_output = fd_secure_output[process][0];
 			}
 			if (sc_type == RADV_SC_TYPE_INIT_FAILURE || !sc_read || !fifo_result) {
 				close(fd_secure_input[process][0]);
 				close(fd_secure_input[process][1]);
 				close(fd_secure_output[process][1]);
 				close(fd_secure_output[process][0]);
 				int status;
 				waitpid(device->sc_state->secure_compile_processes[process].sc_pid, &status, 0);
 				/* Destroy any forks that were created sucessfully */
 				for (unsigned i = 0; i < process; i++) {
 					destroy_secure_compile_device(device, i);
 				}
 				return VK_ERROR_INITIALIZATION_FAILED;
 			}
 		}
 	}
 	return VK_SUCCESS;
 }
 static void
 radv_device_init_dispatch(struct radv_device *device)
 {
@@ -3215,11 +2674,6 @@ VkResult radv_CreateDevice(
 			goto fail;
 	}
 	/* Temporarily disable secure compile while we create meta shaders, etc */
 	uint8_t sc_threads = device->instance->num_sc_threads;
 	if (sc_threads)
 		device->instance->num_sc_threads = 0;
 	device->keep_shader_info = keep_shader_info;
 	result = radv_device_init_meta(device);
 	if (result != VK_SUCCESS)
@@ -3278,15 +2732,6 @@ VkResult radv_CreateDevice(
 			1 << util_logbase2(device->force_aniso));
 	}
 	/* Fork device for secure compile as required */
 	device->instance->num_sc_threads = sc_threads;
 	if (radv_device_use_secure_compile(device->instance)) {
 		result = fork_secure_compile_idle_device(device);
 		if (result != VK_SUCCESS)
 			goto fail_meta;
 	}
 	*pDevice = radv_device_to_handle(device);
 	return VK_SUCCESS;
@@ -3355,17 +2800,6 @@ void radv_DestroyDevice(
 	radv_thread_trace_finish(device);
 	if (radv_device_use_secure_compile(device->instance)) {
 		for (unsigned i = 0; i < device->instance->num_sc_threads; i++ ) {
 			destroy_secure_compile_device(device, i);
 		}
 	}
 	if (device->sc_state) {
 		free(device->sc_state->uid);
 		vk_free(&device->vk.alloc, device->sc_state->secure_compile_processes);
 	}
 	vk_free(&device->vk.alloc, device->sc_state);
 	vk_free(&device->vk.alloc, device);
 }
--- a/src/amd/vulkan/radv_pipeline.c
+++ b/src/amd/vulkan/radv_pipeline.c
@@ -4773,197 +4773,6 @@ radv_pipeline_get_streamout_shader(struct radv_pipeline *pipeline)
 	return NULL;
 }
 static VkResult
 radv_secure_compile(struct radv_pipeline *pipeline,
 		    struct radv_device *device,
 		    const struct radv_pipeline_key *key,
 		    const VkPipelineShaderStageCreateInfo **pStages,
 		    const VkPipelineCreateFlags flags,
 		    unsigned num_stages)
 {
 	uint8_t allowed_pipeline_hashes[2][20];
 	radv_hash_shaders(allowed_pipeline_hashes[0], pStages,
 	                  pipeline->layout, key, get_hash_flags(device));
 	/* Generate the GC copy hash */
 	memcpy(allowed_pipeline_hashes[1], allowed_pipeline_hashes[0], 20);
 	allowed_pipeline_hashes[1][0] ^= 1;
 	uint8_t allowed_hashes[2][20];
 	for (unsigned i = 0; i < 2; ++i) {
 		disk_cache_compute_key(device->physical_device->disk_cache,
 		                       allowed_pipeline_hashes[i], 20,
 		                       allowed_hashes[i]);
 	}
 	/* Do an early exit if all cache entries are already there. */
 	bool may_need_copy_shader = pStages[MESA_SHADER_GEOMETRY];
 	void *main_entry = disk_cache_get(device->physical_device->disk_cache, allowed_hashes[0], NULL);
 	void *copy_entry = NULL;
 	if (may_need_copy_shader)
 		copy_entry = disk_cache_get(device->physical_device->disk_cache, allowed_hashes[1], NULL);
 	bool has_all_cache_entries = main_entry && (!may_need_copy_shader || copy_entry);
 	free(main_entry);
 	free(copy_entry);
 	if(has_all_cache_entries)
 		return VK_SUCCESS;
 	unsigned process = 0;
 	uint8_t sc_threads = device->instance->num_sc_threads;
 	while (true) {
 		mtx_lock(&device->sc_state->secure_compile_mutex);
 		if (device->sc_state->secure_compile_thread_counter < sc_threads) {
 			device->sc_state->secure_compile_thread_counter++;
 			for (unsigned i = 0; i < sc_threads; i++) {
 				if (!device->sc_state->secure_compile_processes[i].in_use) {
 					device->sc_state->secure_compile_processes[i].in_use = true;
 					process = i;
 					break;
 				}
 			}
 			mtx_unlock(&device->sc_state->secure_compile_mutex);
 			break;
 		}
 		mtx_unlock(&device->sc_state->secure_compile_mutex);
 	}
 	int fd_secure_input = device->sc_state->secure_compile_processes[process].fd_secure_input;
 	int fd_secure_output = device->sc_state->secure_compile_processes[process].fd_secure_output;
 	/* Fork a copy of the slim untainted secure compile process */
 	enum radv_secure_compile_type sc_type = RADV_SC_TYPE_FORK_DEVICE;
 	write(fd_secure_input, &sc_type, sizeof(sc_type));
 	if (!radv_sc_read(fd_secure_output, &sc_type, sizeof(sc_type), true) ||
 	    sc_type != RADV_SC_TYPE_INIT_SUCCESS)
 		return VK_ERROR_DEVICE_LOST;
 	fd_secure_input = device->sc_state->secure_compile_processes[process].fd_server;
 	fd_secure_output = device->sc_state->secure_compile_processes[process].fd_client;
 	/* Write pipeline / shader module out to secure process via pipe */
 	sc_type = RADV_SC_TYPE_COMPILE_PIPELINE;
 	write(fd_secure_input, &sc_type, sizeof(sc_type));
 	/* Write pipeline layout out to secure process */
 	struct radv_pipeline_layout *layout = pipeline->layout;
 	write(fd_secure_input, layout, sizeof(struct radv_pipeline_layout));
 	write(fd_secure_input, &layout->num_sets, sizeof(uint32_t));
 	for (uint32_t set = 0; set < layout->num_sets; set++) {
 		write(fd_secure_input, &layout->set[set].layout->layout_size, sizeof(uint32_t));
 		write(fd_secure_input, layout->set[set].layout, layout->set[set].layout->layout_size);
 	}
 	/* Write pipeline key out to secure process */
 	write(fd_secure_input, key, sizeof(struct radv_pipeline_key));
 	/* Write pipeline create flags out to secure process */
 	write(fd_secure_input, &flags, sizeof(VkPipelineCreateFlags));
 	/* Write stage and shader information out to secure process */
 	write(fd_secure_input, &num_stages, sizeof(uint32_t));
 	for (uint32_t i = 0; i < MESA_SHADER_STAGES; i++) {
 		if (!pStages[i])
 			continue;
 		/* Write stage out to secure process */
 		gl_shader_stage stage = ffs(pStages[i]->stage) - 1;
 		write(fd_secure_input, &stage, sizeof(gl_shader_stage));
 		/* Write entry point name out to secure process */
 		size_t name_size = strlen(pStages[i]->pName) + 1;
 		write(fd_secure_input, &name_size, sizeof(size_t));
 		write(fd_secure_input, pStages[i]->pName, name_size);
 		/* Write shader module out to secure process */
 		struct radv_shader_module *module = radv_shader_module_from_handle(pStages[i]->module);
 		assert(!module->nir);
 		size_t module_size = sizeof(struct radv_shader_module) + module->size;
 		write(fd_secure_input, &module_size, sizeof(size_t));
 		write(fd_secure_input, module, module_size);
 		/* Write specialization info out to secure process */
 		const VkSpecializationInfo *specInfo = pStages[i]->pSpecializationInfo;
 		bool has_spec_info = specInfo ? true : false;
 		write(fd_secure_input, &has_spec_info, sizeof(bool));
 		if (specInfo) {
 			write(fd_secure_input, &specInfo->dataSize, sizeof(size_t));
 			write(fd_secure_input, specInfo->pData, specInfo->dataSize);
 			write(fd_secure_input, &specInfo->mapEntryCount, sizeof(uint32_t));
 			for (uint32_t j = 0; j < specInfo->mapEntryCount; j++)
 				write(fd_secure_input, &specInfo->pMapEntries[j], sizeof(VkSpecializationMapEntry));
 		}
 	}
 	/* Read the data returned from the secure process */
 	while (sc_type != RADV_SC_TYPE_COMPILE_PIPELINE_FINISHED) {
 		if (!radv_sc_read(fd_secure_output, &sc_type, sizeof(sc_type), true))
 			return VK_ERROR_DEVICE_LOST;
 		if (sc_type == RADV_SC_TYPE_WRITE_DISK_CACHE) {
 			assert(device->physical_device->disk_cache);
 			uint8_t disk_sha1[20];
 			if (!radv_sc_read(fd_secure_output, disk_sha1, sizeof(uint8_t) * 20, true))
 				return VK_ERROR_DEVICE_LOST;
 			if (memcmp(disk_sha1, allowed_hashes[0], 20) &&
 			    memcmp(disk_sha1, allowed_hashes[1], 20))
 				return VK_ERROR_DEVICE_LOST;
 			uint32_t entry_size;
 			if (!radv_sc_read(fd_secure_output, &entry_size, sizeof(uint32_t), true))
 				return VK_ERROR_DEVICE_LOST;
 			struct cache_entry *entry = malloc(entry_size);
 			if (!radv_sc_read(fd_secure_output, entry, entry_size, true))
 				return VK_ERROR_DEVICE_LOST;
 			disk_cache_put(device->physical_device->disk_cache,
 				       disk_sha1, entry, entry_size,
 				       NULL);
 			free(entry);
 		} else if (sc_type == RADV_SC_TYPE_READ_DISK_CACHE) {
 			uint8_t disk_sha1[20];
 			if (!radv_sc_read(fd_secure_output, disk_sha1, sizeof(uint8_t) * 20, true))
 				return VK_ERROR_DEVICE_LOST;
 			if (memcmp(disk_sha1, allowed_hashes[0], 20) &&
 			    memcmp(disk_sha1, allowed_hashes[1], 20))
 				return VK_ERROR_DEVICE_LOST;
 			size_t size;
 			struct cache_entry *entry = (struct cache_entry *)
 				disk_cache_get(device->physical_device->disk_cache,
 					       disk_sha1, &size);
 			uint8_t found = entry ? 1 : 0;
 			write(fd_secure_input, &found, sizeof(uint8_t));
 			if (found) {
 				write(fd_secure_input, &size, sizeof(size_t));
 				write(fd_secure_input, entry, size);
 			}
 			free(entry);
 		}
 	}
 	sc_type = RADV_SC_TYPE_DESTROY_DEVICE;
 	write(fd_secure_input, &sc_type, sizeof(sc_type));
 	mtx_lock(&device->sc_state->secure_compile_mutex);
 	device->sc_state->secure_compile_thread_counter--;
 	device->sc_state->secure_compile_processes[process].in_use = false;
 	mtx_unlock(&device->sc_state->secure_compile_mutex);
 	return VK_SUCCESS;
 }
 static VkResult
 radv_pipeline_init(struct radv_pipeline *pipeline,
 		   struct radv_device *device,
@@ -5001,15 +4810,12 @@ radv_pipeline_init(struct radv_pipeline *pipeline,
 	}
 	struct radv_pipeline_key key = radv_generate_graphics_pipeline_key(pipeline, pCreateInfo, &blend, has_view_index);
-	if (radv_device_use_secure_compile(device->instance)) {
+
 		return radv_secure_compile(pipeline, device, &key, pStages, pCreateInfo->flags, pCreateInfo->stageCount);
 	} else {
 	result = radv_create_shaders(pipeline, device, cache, &key, pStages,
 		                     pCreateInfo->flags, pipeline_feedback,
 				     stage_feedbacks);
 	if (result != VK_SUCCESS)
 		return result;
 	}
 	pipeline->graphics.spi_baryc_cntl = S_0286E0_FRONT_FACE_ALL_BITS(1);
 	radv_pipeline_init_multisample_state(pipeline, &blend, pCreateInfo);
@@ -5313,12 +5119,6 @@ static VkResult radv_compute_pipeline_create(
 	struct radv_pipeline_key key =
 		radv_generate_compute_pipeline_key(pipeline, pCreateInfo);
 	if (radv_device_use_secure_compile(device->instance)) {
 		result = radv_secure_compile(pipeline, device, &key, pStages, pCreateInfo->flags, 1);
 		*pPipeline = radv_pipeline_to_handle(pipeline);
 		return result;
 	} else {
 	result = radv_create_shaders(pipeline, device, cache, &key, pStages,
 		                     pCreateInfo->flags, pipeline_feedback,
 				     stage_feedbacks);
@@ -5326,7 +5126,6 @@ static VkResult radv_compute_pipeline_create(
 		radv_pipeline_destroy(device, pipeline, pAllocator);
 		return result;
 	}
 	}
 	pipeline->user_data_0[MESA_SHADER_COMPUTE] = radv_pipeline_stage_to_user_data_0(pipeline, MESA_SHADER_COMPUTE, device->physical_device->rad_info.chip_class);
 	pipeline->need_indirect_descriptor_sets |= pipeline->shaders[MESA_SHADER_COMPUTE]->info.need_indirect_descriptor_sets;
--- a/src/amd/vulkan/radv_pipeline_cache.c
+++ b/src/amd/vulkan/radv_pipeline_cache.c
@@ -262,67 +262,6 @@ radv_is_cache_disabled(struct radv_device *device)
 	return (device->instance->debug_flags & RADV_DEBUG_NO_CACHE);
 }
 /*
 * Secure compiles cannot open files so we get the parent process to load the
 * cache entry for us.
 */
 static struct cache_entry *
 radv_sc_read_from_disk_cache(struct radv_device *device, uint8_t *disk_sha1)
 {
 	struct cache_entry *entry;
 	unsigned process = device->sc_state->secure_compile_thread_counter;
 	enum radv_secure_compile_type sc_type = RADV_SC_TYPE_READ_DISK_CACHE;
 	write(device->sc_state->secure_compile_processes[process].fd_secure_output,
 	      &sc_type, sizeof(enum radv_secure_compile_type));
 	write(device->sc_state->secure_compile_processes[process].fd_secure_output,
 	      disk_sha1, sizeof(uint8_t) * 20);
 	uint8_t found_cache_entry;
 	if (!radv_sc_read(device->sc_state->secure_compile_processes[process].fd_secure_input,
 			  &found_cache_entry, sizeof(uint8_t), true))
 		return NULL;
 	if (found_cache_entry) {
 		size_t entry_size;
 		if (!radv_sc_read(device->sc_state->secure_compile_processes[process].fd_secure_input,
 				  &entry_size, sizeof(size_t), true))
 			return NULL;
 		entry = malloc(entry_size);
 		if (!radv_sc_read(device->sc_state->secure_compile_processes[process].fd_secure_input,
 				  entry, entry_size, true))
 			return NULL;
 		return entry;
 	}
 	return NULL;
 }
 /*
 * Secure compiles cannot open files so we get the parent process to write to
 * the disk cache for us.
 */
 static void
 radv_sc_write_to_disk_cache(struct radv_device *device, uint8_t *disk_sha1,
 			    struct cache_entry *entry)
 {
 	unsigned process = device->sc_state->secure_compile_thread_counter;
 	enum radv_secure_compile_type sc_type = RADV_SC_TYPE_WRITE_DISK_CACHE;
 	write(device->sc_state->secure_compile_processes[process].fd_secure_output,
 	      &sc_type, sizeof(enum radv_secure_compile_type));
 	write(device->sc_state->secure_compile_processes[process].fd_secure_output,
 	      disk_sha1, sizeof(uint8_t) * 20);
 	uint32_t size = entry_size(entry);
 	write(device->sc_state->secure_compile_processes[process].fd_secure_output,
 	      &size, sizeof(uint32_t));
 	write(device->sc_state->secure_compile_processes[process].fd_secure_output,
 	      entry, size);
 }
 bool
 radv_create_shader_variants_from_pipeline_cache(struct radv_device *device,
 					        struct radv_pipeline_cache *cache,
@@ -356,14 +295,9 @@ radv_create_shader_variants_from_pipeline_cache(struct radv_device *device,
 		disk_cache_compute_key(device->physical_device->disk_cache,
 				       sha1, 20, disk_sha1);
 		if (radv_device_use_secure_compile(device->instance)) {
 			entry = radv_sc_read_from_disk_cache(device, disk_sha1);
 		} else {
 		entry = (struct cache_entry *)
 			disk_cache_get(device->physical_device->disk_cache,
 				       disk_sha1, NULL);
 		}
 		if (!entry) {
 			radv_pipeline_cache_unlock(cache);
 			return false;
@@ -489,16 +423,8 @@ radv_pipeline_cache_insert_shaders(struct radv_device *device,
 		disk_cache_compute_key(device->physical_device->disk_cache, sha1, 20,
 			       disk_sha1);
-		/* Write the cache item out to the parent of this forked
+		disk_cache_put(device->physical_device->disk_cache, disk_sha1,
-		 * process.
+			       entry, entry_size(entry), NULL);
 		 */
 		if (radv_device_use_secure_compile(device->instance)) {
 			radv_sc_write_to_disk_cache(device, disk_sha1, entry);
 		} else {
 			disk_cache_put(device->physical_device->disk_cache,
 				       disk_sha1, entry, entry_size(entry),
 				       NULL);
 		}
 	}
 	if (device->instance->debug_flags & RADV_DEBUG_NO_MEMORY_CACHE &&
--- a/src/amd/vulkan/radv_private.h
+++ b/src/amd/vulkan/radv_private.h
@@ -95,18 +95,6 @@ typedef uint32_t xcb_window_t;
 #define RADV_SUPPORT_ANDROID_HARDWARE_BUFFER 0
 #endif
 enum radv_secure_compile_type {
 	RADV_SC_TYPE_INIT_SUCCESS,
 	RADV_SC_TYPE_INIT_FAILURE,
 	RADV_SC_TYPE_COMPILE_PIPELINE,
 	RADV_SC_TYPE_COMPILE_PIPELINE_FINISHED,
 	RADV_SC_TYPE_READ_DISK_CACHE,
 	RADV_SC_TYPE_WRITE_DISK_CACHE,
 	RADV_SC_TYPE_FORK_DEVICE,
 	RADV_SC_TYPE_DESTROY_DEVICE,
 	RADV_SC_TYPE_COUNT
 };
 #define radv_printflike(a, b) __attribute__((__format__(__printf__, a, b)))
 static inline uint32_t
@@ -337,7 +325,6 @@ struct radv_instance {
 	uint64_t debug_flags;
 	uint64_t perftest_flags;
 	uint8_t num_sc_threads;
 	struct vk_debug_report_instance             debug_report_callbacks;
@@ -358,12 +345,6 @@ struct radv_instance {
 	bool enable_mrt_output_nan_fixup;
 };
 static inline
 bool radv_device_use_secure_compile(struct radv_instance *instance)
 {
   return instance->num_sc_threads;
 }
 VkResult radv_init_wsi(struct radv_physical_device *physical_device);
 void radv_finish_wsi(struct radv_physical_device *physical_device);
@@ -743,36 +724,6 @@ VkResult radv_bo_list_add(struct radv_device *device,
 void radv_bo_list_remove(struct radv_device *device,
 			 struct radeon_winsys_bo *bo);
 struct radv_secure_compile_process {
 	/* Secure process file descriptors. Used to communicate between the
 	 * user facing device and the idle forked device used to fork a clean
 	 * process for each new pipeline compile.
 	 */
 	int fd_secure_input;
 	int fd_secure_output;
 	/* FIFO file descriptors used to communicate between the user facing
 	 * device and the secure process that does the actual secure compile.
 	 */
 	int fd_server;
 	int fd_client;
 	/* Secure compile process id */
 	pid_t sc_pid;
 	/* Is the secure compile process currently in use by a thread */
 	bool in_use;
 };
 struct radv_secure_compile_state {
 	struct radv_secure_compile_process *secure_compile_processes;
 	uint32_t secure_compile_thread_counter;
 	mtx_t secure_compile_mutex;
 	/* Unique process ID used to build name for FIFO file descriptor */
 	char *uid;
 };
 #define RADV_BORDER_COLOR_COUNT       4096
 #define RADV_BORDER_COLOR_BUFFER_SIZE (sizeof(VkClearColorValue) * RADV_BORDER_COLOR_COUNT)
@@ -859,8 +810,6 @@ struct radv_device {
 	struct radv_device_border_color_data border_color_data;
 	struct radv_secure_compile_state *sc_state;
 	/* Condition variable for legacy timelines, to notify waiters when a
 	 * new point gets submitted. */
 	pthread_cond_t timeline_cond;
@@ -1221,9 +1170,6 @@ radv_initialise_ds_surface(struct radv_device *device,
 			   struct radv_ds_buffer_info *ds,
 			   struct radv_image_view *iview);
 bool
 radv_sc_read(int fd, void *buf, size_t size, bool timeout);
 /**
 * Attachment state when recording a renderpass instance.
 *
--- a/src/amd/vulkan/radv_shader.c
+++ b/src/amd/vulkan/radv_shader.c
@@ -1036,13 +1036,6 @@ radv_shader_variant_create(struct radv_device *device,
 	radv_postprocess_config(device->physical_device, &config, &binary->info,
 				binary->stage, &variant->config);
 	if (radv_device_use_secure_compile(device->instance)) {
 		if (binary->type == RADV_BINARY_TYPE_RTLD)
 			ac_rtld_close(&rtld_binary);
 		return variant;
 	}
 	void *dest_ptr = radv_alloc_shader_memory(device, variant);
 	if (!dest_ptr) {
 		if (binary->type == RADV_BINARY_TYPE_RTLD)