Bug 41499

Summary: [r600g] Regression: EVE Online graphics borked (bisected)
Product: Mesa Reporter: Luzipher <luziphermcleod>
Component: Drivers/Gallium/r600Assignee: Ian Romanick <idr>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: medium CC: idr, tallica
Version: git   
Hardware: x86-64 (AMD64)   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:
Attachments: Screenshot of login screen (bad)
Screenshot of login screen (good, commit 015d4f61ef9116c9e844299ab9f2b15c653c0450)
terrible hack

Description Luzipher 2011-10-05 18:33:53 UTC 
Created attachment 52026 [details]
Screenshot of login screen (bad)

EVE Online (which worked fairly well) started to have severe graphical glitches on r600g (HD4870) over wine. It's unplayable. I bisected this down to:

linker: Use gl_shader_program::AttributeBindings for attrib locations
commit: 523b611646ae15aa05ed37597ae9162de7290faf
http://cgit.freedesktop.org/mesa/mesa/commit/?id=523b611646ae15aa05ed37597ae9162de7290faf

Actually it seems that all triangles (I guess) are malformed, jump around and aren't textured as they should.

System:
Gentoo on vanilla kernel linux-3.1.0-rc8
Mesa from git, r600g driver
GPU: Radeon HD4870 (x2, only one used), CPU: Intel Core i7-965, MB: ASUS P6T Deluxe
libdrm from git, xf86-video-ati from git, wine-1.3.29, xorg-server-1.11.1
Comment 1 Luzipher 2011-10-05 18:35:51 UTC 
Created attachment 52027 [details]
Screenshot of login screen (good, commit 015d4f61ef9116c9e844299ab9f2b15c653c0450)
Comment 2 Michel Dänzer 2011-10-05 23:49:58 UTC 
Adding author of bisected commit to CC.
Comment 3 Ian Romanick 2011-10-06 09:46:56 UTC 
*** Bug 41508 has been marked as a duplicate of this bug. ***
Comment 4 Ian Romanick 2011-10-06 09:47:52 UTC 
Does the application produce any error logging or other debug output?
Comment 5 Luzipher 2011-10-06 10:09:35 UTC 
No, there is no crash, so the application itself probably doesn't even notice something is wrong.
I also checked /var/log/Xorg.0.log and /var/log/messages and couldn't see anything abnormal. Wine also didn't print anything unusual in the terminal.
If I should look somewhere else or should try to run some debug mode, I'd be happy to do so.

By the way ... the performance also seemed to suffer (framerate seems worse with the bug).
Comment 6 Henri Verbeet 2011-10-09 08:24:14 UTC 
Created attachment 52140 [details] [review]
terrible hack

The basic issue seems to be that in _mesa_BindAttribLocationARB() "name" is used for the hashtable key. This is unsafe because that memory is owned by the application and may go away / get overwritten / etc. The attached hack makes at least the Wine d3d tests pass again for me, but obviously introduces a memory leak instead.

It's perhaps also worth pointing out that with the way hash_table_replace() works the key can be in use even after the (original) corresponding data is no longer in the table. This may be undesirable in cases where the lifetime of the key is tied to that of the data.
Comment 7 Henri Verbeet 2011-10-09 08:33:54 UTC 
Actually, ignore that. I just noticed Ian already fixed this at http://lists.freedesktop.org/archives/mesa-dev/2011-October/013075.html.
Comment 8 Ian Romanick 2011-10-10 10:25:54 UTC 
Fixed on master by the commit below.  The bug was a regression in master, so there's no need to cherry pick the patch to a stable branch.

commit f3650b05cf4e37066d0f142a4c14fcc650de8d8d
Author: Ian Romanick <ian.d.romanick@intel.com>
Date:   Fri Oct 7 14:29:51 2011 -0700

    hash_table: Make string_to_uint_map make a copy of the name
    
    The hash table needs a copy of the key that it can keep for
    comparisons during searches.
    
    Signed-off-by: Ian Romanick <ian.d.romanick@intel.com>
    Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=41499
    Cc: Stéphane Marchesin <stephane.marchesin@gmail.com>
    Tested-by: Luzipher <luziphermcleod@yahoo.ie>
    Tested-by: Michał Lipski <tallica@o2.pl>
    Reviewed-by: Kenneth Graunke <kenneth@whitecape.org>

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.