OpenHarmony/third_party_mesa3d
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

radv: create a fresh fork for each pipeline compile

Browse Source 
In order to prevent a potential malicious pipeline tainting our
secure compile process and interfering with successive pipelines
we want to create a fresh fork for each pipeline compile.

Benchmarking has shown that simply forking on each pipeline
creation doubles the total time it takes to compile a fossilize db
collection. So instead here we fork the process at device creation
so that we have a slim copy of the device and then fork this
otherwise idle and untainted process each time we compile a
pipeline. Forking this slim copy of the device results in only a
20% increase in compile time vs a 100% increase.

Fixes: cff53da3 ("radv: enable secure compile support")
This commit is contained in:
Timothy Arceri
2019-11-25 10:08:26 +11:00
parent 1663bb1f77
commit f54c4e85ce
2 changed files with 139 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/amd/vulkan/radv_pipeline.c
View File

@@ -4708,8 +4708,19 @@ radv_secure_compile(struct radv_pipeline *pipeline,
int fd_secure_input = device->sc_state->secure_compile_processes[process].fd_secure_input;
int fd_secure_output = device->sc_state->secure_compile_processes[process].fd_secure_output;
/* Fork a copy of the slim untainted secure compile process */
enum radv_secure_compile_type sc_type = RADV_SC_TYPE_FORK_DEVICE;
write(fd_secure_input, &sc_type, sizeof(sc_type));
if (!radv_sc_read(fd_secure_output, &sc_type, sizeof(sc_type), true) ||
sc_type != RADV_SC_TYPE_INIT_SUCCESS)
return VK_ERROR_DEVICE_LOST;
fd_secure_input = device->sc_state->secure_compile_processes[process].fd_server;
fd_secure_output = device->sc_state->secure_compile_processes[process].fd_client;
/* Write pipeline / shader module out to secure process via pipe */
enum radv_secure_compile_type sc_type = RADV_SC_TYPE_COMPILE_PIPELINE;
sc_type = RADV_SC_TYPE_COMPILE_PIPELINE;
write(fd_secure_input, &sc_type, sizeof(sc_type));
/* Write pipeline layout out to secure process */
@@ -4818,6 +4829,9 @@ radv_secure_compile(struct radv_pipeline *pipeline,
}
}
sc_type = RADV_SC_TYPE_DESTROY_DEVICE;
write(fd_secure_input, &sc_type, sizeof(sc_type));
mtx_lock(&device->sc_state->secure_compile_mutex);
device->sc_state->secure_compile_thread_counter--;
device->sc_state->secure_compile_processes[process].in_use = false;