From 008659bee1e7146661edcf88584112aa0fdbf935 Mon Sep 17 00:00:00 2001 From: Kyle Roarty Date: Wed, 29 Sep 2021 23:04:46 -0500 Subject: [PATCH] arch-gcn3: Fix MUBUF out-of-bounds case 1 This patch upates the out-of-bounds check to properly check against the correct buffer_offset, which is different depending on if the const_swizzle_enable is true or false. Change-Id: I5c687c09ee7f8e446618084b8545b74a84211d4d Reviewed-on: https://gem5-review.googlesource.com/c/public/gem5/+/51127 Reviewed-by: Matt Sinclair Reviewed-by: Matthew Poremba Reviewed-by: Alex Dutu Maintainer: Matt Sinclair Tested-by: kokoro --- src/arch/amdgpu/gcn3/insts/op_encodings.hh | 43 ++++++++++++---------- 1 file changed, 23 insertions(+), 20 deletions(-) diff --git a/src/arch/amdgpu/gcn3/insts/op_encodings.hh b/src/arch/amdgpu/gcn3/insts/op_encodings.hh index 24edfa7cd1..be96924064 100644 --- a/src/arch/amdgpu/gcn3/insts/op_encodings.hh +++ b/src/arch/amdgpu/gcn3/insts/op_encodings.hh @@ -634,6 +634,7 @@ namespace Gcn3ISA Addr stride = 0; Addr buf_idx = 0; Addr buf_off = 0; + Addr buffer_offset = 0; BufferRsrcDescriptor rsrc_desc; std::memcpy((void*)&rsrc_desc, s_rsrc_desc.rawDataPtr(), @@ -656,6 +657,26 @@ namespace Gcn3ISA buf_off = v_off[lane] + inst_offset; + if (rsrc_desc.swizzleEn) { + Addr idx_stride = 8 << rsrc_desc.idxStride; + Addr elem_size = 2 << rsrc_desc.elemSize; + Addr idx_msb = buf_idx / idx_stride; + Addr idx_lsb = buf_idx % idx_stride; + Addr off_msb = buf_off / elem_size; + Addr off_lsb = buf_off % elem_size; + DPRINTF(GCN3, "mubuf swizzled lane %d: " + "idx_stride = %llx, elem_size = %llx, " + "idx_msb = %llx, idx_lsb = %llx, " + "off_msb = %llx, off_lsb = %llx\n", + lane, idx_stride, elem_size, idx_msb, idx_lsb, + off_msb, off_lsb); + + buffer_offset =(idx_msb * stride + off_msb * elem_size) + * idx_stride + idx_lsb * elem_size + off_lsb; + } else { + buffer_offset = buf_off + stride * buf_idx; + } + /** * Range check behavior causes out of range accesses to @@ -665,7 +686,7 @@ namespace Gcn3ISA * basis. */ if (rsrc_desc.stride == 0 || !rsrc_desc.swizzleEn) { - if (buf_off + stride * buf_idx >= + if (buffer_offset >= rsrc_desc.numRecords - s_offset.rawData()) { DPRINTF(GCN3, "mubuf out-of-bounds condition 1: " "lane = %d, buffer_offset = %llx, " @@ -692,25 +713,7 @@ namespace Gcn3ISA } } - if (rsrc_desc.swizzleEn) { - Addr idx_stride = 8 << rsrc_desc.idxStride; - Addr elem_size = 2 << rsrc_desc.elemSize; - Addr idx_msb = buf_idx / idx_stride; - Addr idx_lsb = buf_idx % idx_stride; - Addr off_msb = buf_off / elem_size; - Addr off_lsb = buf_off % elem_size; - DPRINTF(GCN3, "mubuf swizzled lane %d: " - "idx_stride = %llx, elem_size = %llx, " - "idx_msb = %llx, idx_lsb = %llx, " - "off_msb = %llx, off_lsb = %llx\n", - lane, idx_stride, elem_size, idx_msb, idx_lsb, - off_msb, off_lsb); - - vaddr += ((idx_msb * stride + off_msb * elem_size) - * idx_stride + idx_lsb * elem_size + off_lsb); - } else { - vaddr += buf_off + stride * buf_idx; - } + vaddr += buffer_offset; DPRINTF(GCN3, "Calculating mubuf address for lane %d: " "vaddr = %llx, base_addr = %llx, "