Check that raw buffers and raw bind groups are valid (#4895)

gfx-rs · Dec 20, 2023 · 0524c88 · 0524c88
1 parent 0e35006
commit 0524c88
Show file tree

Hide file tree

Showing 8 changed files with 89 additions and 44 deletions.
diff --git a/wgpu-core/src/binding_model.rs b/wgpu-core/src/binding_model.rs
@@ -9,6 +9,7 @@ use crate::{
     init_tracker::{BufferInitTrackerAction, TextureInitTrackerAction},
     resource::{Resource, ResourceInfo, ResourceType},
     resource_log,
+    snatch::SnatchGuard,
     track::{BindGroupStates, UsageConflict},
     validation::{MissingBufferUsageError, MissingTextureUsageError},
     FastHashMap, Label,
@@ -835,8 +836,13 @@ impl<A: HalApi> Drop for BindGroup<A> {
 }
 
 impl<A: HalApi> BindGroup<A> {
-    pub(crate) fn raw(&self) -> &A::BindGroup {
-        self.raw.as_ref().unwrap()
+    pub(crate) fn raw(&self, guard: &SnatchGuard) -> Option<&A::BindGroup> {
+        for buffer in &self.used_buffer_ranges {
+            // Clippy insist on writing it this way. The idea is to return None
+            // if any of the raw buffer is not valid anymore.
+            let _ = buffer.buffer.raw(guard)?;
+        }
+        self.raw.as_ref()
     }
     pub(crate) fn validate_dynamic_bindings(
         &self,

diff --git a/wgpu-core/src/command/bundle.rs b/wgpu-core/src/command/bundle.rs
@@ -712,6 +712,8 @@ pub enum CreateRenderBundleError {
 pub enum ExecutionError {
     #[error("Buffer {0:?} is destroyed")]
     DestroyedBuffer(id::BufferId),
+    #[error("BindGroup {0:?} is invalid")]
+    InvalidBindGroup(id::BindGroupId),
     #[error("Using {0} in a render bundle is not implemented")]
     Unimplemented(&'static str),
 }
@@ -722,6 +724,9 @@ impl PrettyError for ExecutionError {
             Self::DestroyedBuffer(id) => {
                 fmt.buffer_label(&id);
             }
+            Self::InvalidBindGroup(id) => {
+                fmt.bind_group_label(&id);
+            }
             Self::Unimplemented(_reason) => {}
         };
     }
@@ -796,11 +801,14 @@ impl<A: HalApi> RenderBundle<A> {
                 } => {
                     let bind_groups = trackers.bind_groups.read();
                     let bind_group = bind_groups.get(bind_group_id).unwrap();
+                    let raw_bg = bind_group
+                        .raw(&snatch_guard)
+                        .ok_or(ExecutionError::InvalidBindGroup(bind_group_id))?;
                     unsafe {
                         raw.set_bind_group(
                             pipeline_layout.as_ref().unwrap().raw(),
                             index,
-                            bind_group.raw(),
+                            raw_bg,
                             &offsets[..num_dynamic_offsets as usize],
                         )
                     };
@@ -820,7 +828,11 @@ impl<A: HalApi> RenderBundle<A> {
                     size,
                 } => {
                     let buffers = trackers.buffers.read();
-                    let buffer = buffers.get(buffer_id).unwrap().raw(&snatch_guard);
+                    let buffer: &A::Buffer = buffers
+                        .get(buffer_id)
+                        .ok_or(ExecutionError::DestroyedBuffer(buffer_id))?
+                        .raw(&snatch_guard)
+                        .ok_or(ExecutionError::DestroyedBuffer(buffer_id))?;
                     let bb = hal::BufferBinding {
                         buffer,
                         offset,
@@ -835,7 +847,11 @@ impl<A: HalApi> RenderBundle<A> {
                     size,
                 } => {
                     let buffers = trackers.buffers.read();
-                    let buffer = buffers.get(buffer_id).unwrap().raw(&snatch_guard);
+                    let buffer = buffers
+                        .get(buffer_id)
+                        .ok_or(ExecutionError::DestroyedBuffer(buffer_id))?
+                        .raw(&snatch_guard)
+                        .ok_or(ExecutionError::DestroyedBuffer(buffer_id))?;
                     let bb = hal::BufferBinding {
                         buffer,
                         offset,
@@ -914,7 +930,11 @@ impl<A: HalApi> RenderBundle<A> {
                     indexed: false,
                 } => {
                     let buffers = trackers.buffers.read();
-                    let buffer = buffers.get(buffer_id).unwrap().raw(&snatch_guard);
+                    let buffer = buffers
+                        .get(buffer_id)
+                        .ok_or(ExecutionError::DestroyedBuffer(buffer_id))?
+                        .raw(&snatch_guard)
+                        .ok_or(ExecutionError::DestroyedBuffer(buffer_id))?;
                     unsafe { raw.draw_indirect(buffer, offset, 1) };
                 }
                 RenderCommand::MultiDrawIndirect {
@@ -924,7 +944,11 @@ impl<A: HalApi> RenderBundle<A> {
                     indexed: true,
                 } => {
                     let buffers = trackers.buffers.read();
-                    let buffer = buffers.get(buffer_id).unwrap().raw(&snatch_guard);
+                    let buffer = buffers
+                        .get(buffer_id)
+                        .ok_or(ExecutionError::DestroyedBuffer(buffer_id))?
+                        .raw(&snatch_guard)
+                        .ok_or(ExecutionError::DestroyedBuffer(buffer_id))?;
                     unsafe { raw.draw_indexed_indirect(buffer, offset, 1) };
                 }
                 RenderCommand::MultiDrawIndirect { .. }

diff --git a/wgpu-core/src/command/compute.rs b/wgpu-core/src/command/compute.rs
@@ -188,8 +188,8 @@ pub enum DispatchError {
 pub enum ComputePassErrorInner {
     #[error(transparent)]
     Encoder(#[from] CommandEncoderError),
-    #[error("Bind group {0:?} is invalid")]
-    InvalidBindGroup(id::BindGroupId),
+    #[error("Bind group at index {0:?} is invalid")]
+    InvalidBindGroup(usize),
     #[error("Device {0:?} is invalid")]
     InvalidDevice(DeviceId),
     #[error("Bind group index {index} is greater than the device's requested `max_bind_group` limit {max}")]
@@ -232,9 +232,6 @@ impl PrettyError for ComputePassErrorInner {
     fn fmt_pretty(&self, fmt: &mut ErrorFormatter) {
         fmt.error(self);
         match *self {
-            Self::InvalidBindGroup(id) => {
-                fmt.bind_group_label(&id);
-            }
             Self::InvalidPipeline(id) => {
                 fmt.compute_pipeline_label(&id);
             }
@@ -520,7 +517,7 @@ impl<G: GlobalIdentityHandlerFactory> Global<G> {
                     let bind_group = tracker
                         .bind_groups
                         .add_single(&*bind_group_guard, bind_group_id)
-                        .ok_or(ComputePassErrorInner::InvalidBindGroup(bind_group_id))
+                        .ok_or(ComputePassErrorInner::InvalidBindGroup(index as usize))
                         .map_pass_err(scope)?;
                     bind_group
                         .validate_dynamic_bindings(index, &temp_offsets, &cmd_buf.limits)
@@ -550,7 +547,10 @@ impl<G: GlobalIdentityHandlerFactory> Global<G> {
                         let pipeline_layout = pipeline_layout.as_ref().unwrap().raw();
                         for (i, e) in entries.iter().enumerate() {
                             if let Some(group) = e.group.as_ref() {
-                                let raw_bg = group.raw();
+                                let raw_bg = group
+                                    .raw(&snatch_guard)
+                                    .ok_or(ComputePassErrorInner::InvalidBindGroup(i))
+                                    .map_pass_err(scope)?;
                                 unsafe {
                                     raw.set_bind_group(
                                         pipeline_layout,
@@ -594,7 +594,10 @@ impl<G: GlobalIdentityHandlerFactory> Global<G> {
                         if !entries.is_empty() {
                             for (i, e) in entries.iter().enumerate() {
                                 if let Some(group) = e.group.as_ref() {
-                                    let raw_bg = group.raw();
+                                    let raw_bg = group
+                                        .raw(&snatch_guard)
+                                        .ok_or(ComputePassErrorInner::InvalidBindGroup(i))
+                                        .map_pass_err(scope)?;
                                     unsafe {
                                         raw.set_bind_group(
                                             pipeline.layout.raw(),

diff --git a/wgpu-core/src/command/query.rs b/wgpu-core/src/command/query.rs
@@ -479,12 +479,16 @@ impl<G: GlobalIdentityHandlerFactory> Global<G> {
             MemoryInitKind::ImplicitlyInitialized,
         ));
 
+        let raw_dst_buffer = dst_buffer
+            .raw(&snatch_guard)
+            .ok_or(QueryError::InvalidBuffer(destination))?;
+
         unsafe {
             raw_encoder.transition_buffers(dst_barrier.into_iter());
             raw_encoder.copy_query_results(
                 query_set.raw(),
                 start_query..end_query,
-                dst_buffer.raw(&snatch_guard),
+                raw_dst_buffer,
                 destination_offset,
                 wgt::BufferSize::new_unchecked(stride as u64),
             );

diff --git a/wgpu-core/src/command/render.rs b/wgpu-core/src/command/render.rs
@@ -576,6 +576,8 @@ pub enum RenderPassErrorInner {
     SurfaceTextureDropped,
     #[error("Not enough memory left for render pass")]
     OutOfMemory,
+    #[error("The bind group at index {0:?} is invalid")]
+    InvalidBindGroup(usize),
     #[error("Unable to clear non-present/read-only depth")]
     InvalidDepthOps,
     #[error("Unable to clear non-present/read-only stencil")]
@@ -1484,7 +1486,10 @@ impl<G: GlobalIdentityHandlerFactory> Global<G> {
                             let pipeline_layout = pipeline_layout.as_ref().unwrap().raw();
                             for (i, e) in entries.iter().enumerate() {
                                 if let Some(group) = e.group.as_ref() {
-                                    let raw_bg = group.raw();
+                                    let raw_bg = group
+                                        .raw(&snatch_guard)
+                                        .ok_or(RenderPassErrorInner::InvalidBindGroup(i))
+                                        .map_pass_err(scope)?;
                                     unsafe {
                                         raw.set_bind_group(
                                             pipeline_layout,
@@ -1562,7 +1567,10 @@ impl<G: GlobalIdentityHandlerFactory> Global<G> {
                             if !entries.is_empty() {
                                 for (i, e) in entries.iter().enumerate() {
                                     if let Some(group) = e.group.as_ref() {
-                                        let raw_bg = group.raw();
+                                        let raw_bg = group
+                                            .raw(&snatch_guard)
+                                            .ok_or(RenderPassErrorInner::InvalidBindGroup(i))
+                                            .map_pass_err(scope)?;
                                         unsafe {
                                             raw.set_bind_group(
                                                 pipeline.layout.raw(),
@@ -2332,6 +2340,9 @@ impl<G: GlobalIdentityHandlerFactory> Global<G> {
                                 ExecutionError::DestroyedBuffer(id) => {
                                     RenderCommandError::DestroyedBuffer(id)
                                 }
+                                ExecutionError::InvalidBindGroup(id) => {
+                                    RenderCommandError::InvalidBindGroup(id)
+                                }
                                 ExecutionError::Unimplemented(what) => {
                                     RenderCommandError::Unimplemented(what)
                                 }

diff --git a/wgpu-core/src/device/global.rs b/wgpu-core/src/device/global.rs
@@ -228,11 +228,8 @@ impl<G: GlobalIdentityHandlerFactory> Global<G> {
                 };
 
                 let snatch_guard = device.snatchable_lock.read();
-                let mapping = match unsafe {
-                    device
-                        .raw()
-                        .map_buffer(stage.raw(&snatch_guard), 0..stage.size)
-                } {
+                let stage_raw = stage.raw(&snatch_guard).unwrap();
+                let mapping = match unsafe { device.raw().map_buffer(stage_raw, 0..stage.size) } {
                     Ok(mapping) => mapping,
                     Err(e) => {
                         to_destroy.push(buffer);
@@ -401,7 +398,9 @@ impl<G: GlobalIdentityHandlerFactory> Global<G> {
             });
         }
 
-        let raw_buf = buffer.raw(&snatch_guard);
+        let raw_buf = buffer
+            .raw(&snatch_guard)
+            .ok_or(BufferAccessError::Destroyed)?;
         unsafe {
             let mapping = device
                 .raw()
@@ -451,7 +450,9 @@ impl<G: GlobalIdentityHandlerFactory> Global<G> {
         check_buffer_usage(buffer.usage, wgt::BufferUsages::MAP_READ)?;
         //assert!(buffer isn't used by the GPU);
 
-        let raw_buf = buffer.raw(&snatch_guard);
+        let raw_buf = buffer
+            .raw(&snatch_guard)
+            .ok_or(BufferAccessError::Destroyed)?;
         unsafe {
             let mapping = device
                 .raw()

diff --git a/wgpu-core/src/device/mod.rs b/wgpu-core/src/device/mod.rs
@@ -340,17 +340,17 @@ fn map_buffer<A: HalApi>(
     kind: HostMap,
 ) -> Result<ptr::NonNull<u8>, BufferAccessError> {
     let snatch_guard = buffer.device.snatchable_lock.read();
+    let raw_buffer = buffer
+        .raw(&snatch_guard)
+        .ok_or(BufferAccessError::Destroyed)?;
     let mapping = unsafe {
-        raw.map_buffer(buffer.raw(&snatch_guard), offset..offset + size)
+        raw.map_buffer(raw_buffer, offset..offset + size)
             .map_err(DeviceError::from)?
     };
 
     *buffer.sync_mapped_writes.lock() = match kind {
         HostMap::Read if !mapping.is_coherent => unsafe {
-            raw.invalidate_mapped_ranges(
-                buffer.raw(&snatch_guard),
-                iter::once(offset..offset + size),
-            );
+            raw.invalidate_mapped_ranges(raw_buffer, iter::once(offset..offset + size));
             None
         },
         HostMap::Write if !mapping.is_coherent => Some(offset..offset + size),
@@ -390,9 +390,7 @@ fn map_buffer<A: HalApi>(
         mapped[fill_range].fill(0);
 
         if zero_init_needs_flush_now {
-            unsafe {
-                raw.flush_mapped_ranges(buffer.raw(&snatch_guard), iter::once(uninitialized))
-            };
+            unsafe { raw.flush_mapped_ranges(raw_buffer, iter::once(uninitialized)) };
         }
     }
 

diff --git a/wgpu-core/src/resource.rs b/wgpu-core/src/resource.rs
@@ -423,8 +423,8 @@ impl<A: HalApi> Drop for Buffer<A> {
 }
 
 impl<A: HalApi> Buffer<A> {
-    pub(crate) fn raw(&self, guard: &SnatchGuard) -> &A::Buffer {
-        self.raw.get(guard).unwrap()
+    pub(crate) fn raw(&self, guard: &SnatchGuard) -> Option<&A::Buffer> {
+        self.raw.get(guard)
     }
 
     pub(crate) fn buffer_unmap_inner(
@@ -434,6 +434,9 @@ impl<A: HalApi> Buffer<A> {
 
         let device = &self.device;
         let snatch_guard = device.snatchable_lock.read();
+        let raw_buf = self
+            .raw(&snatch_guard)
+            .ok_or(BufferAccessError::Destroyed)?;
         let buffer_id = self.info.id();
         log::debug!("Buffer {:?} map state -> Idle", buffer_id);
         match mem::replace(&mut *self.map_state.lock(), resource::BufferMapState::Idle) {
@@ -458,17 +461,12 @@ impl<A: HalApi> Buffer<A> {
                 if needs_flush {
                     unsafe {
                         device.raw().flush_mapped_ranges(
-                            stage_buffer.raw(&snatch_guard),
+                            stage_buffer.raw(&snatch_guard).unwrap(),
                             iter::once(0..self.size),
                         );
                     }
                 }
 
-                let raw_buf = self
-                    .raw
-                    .get(&snatch_guard)
-                    .ok_or(BufferAccessError::Destroyed)?;
-
                 self.info
                     .use_at(device.active_submission_index.load(Ordering::Relaxed) + 1);
                 let region = wgt::BufferSize::new(self.size).map(|size| hal::BufferCopy {
@@ -477,7 +475,7 @@ impl<A: HalApi> Buffer<A> {
                     size,
                 });
                 let transition_src = hal::BufferBarrier {
-                    buffer: stage_buffer.raw(&snatch_guard),
+                    buffer: stage_buffer.raw(&snatch_guard).unwrap(),
                     usage: hal::BufferUses::MAP_WRITE..hal::BufferUses::COPY_SRC,
                 };
                 let transition_dst = hal::BufferBarrier {
@@ -493,7 +491,7 @@ impl<A: HalApi> Buffer<A> {
                     );
                     if self.size > 0 {
                         encoder.copy_buffer_to_buffer(
-                            stage_buffer.raw(&snatch_guard),
+                            stage_buffer.raw(&snatch_guard).unwrap(),
                             raw_buf,
                             region.into_iter(),
                         );
@@ -528,7 +526,7 @@ impl<A: HalApi> Buffer<A> {
                 unsafe {
                     device
                         .raw()
-                        .unmap_buffer(self.raw(&snatch_guard))
+                        .unmap_buffer(raw_buf)
                         .map_err(DeviceError::from)?
                 };
             }