Loading...
1/*
2 * Copyright © 2008,2010 Intel Corporation
3 *
4 * Permission is hereby granted, free of charge, to any person obtaining a
5 * copy of this software and associated documentation files (the "Software"),
6 * to deal in the Software without restriction, including without limitation
7 * the rights to use, copy, modify, merge, publish, distribute, sublicense,
8 * and/or sell copies of the Software, and to permit persons to whom the
9 * Software is furnished to do so, subject to the following conditions:
10 *
11 * The above copyright notice and this permission notice (including the next
12 * paragraph) shall be included in all copies or substantial portions of the
13 * Software.
14 *
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
18 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
20 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
21 * IN THE SOFTWARE.
22 *
23 * Authors:
24 * Eric Anholt <eric@anholt.net>
25 * Chris Wilson <chris@chris-wilson.co.uk>
26 *
27 */
28
29#include "drmP.h"
30#include "drm.h"
31#include "i915_drm.h"
32#include "i915_drv.h"
33#include "i915_trace.h"
34#include "intel_drv.h"
35
36struct change_domains {
37 uint32_t invalidate_domains;
38 uint32_t flush_domains;
39 uint32_t flush_rings;
40 uint32_t flips;
41};
42
43/*
44 * Set the next domain for the specified object. This
45 * may not actually perform the necessary flushing/invaliding though,
46 * as that may want to be batched with other set_domain operations
47 *
48 * This is (we hope) the only really tricky part of gem. The goal
49 * is fairly simple -- track which caches hold bits of the object
50 * and make sure they remain coherent. A few concrete examples may
51 * help to explain how it works. For shorthand, we use the notation
52 * (read_domains, write_domain), e.g. (CPU, CPU) to indicate the
53 * a pair of read and write domain masks.
54 *
55 * Case 1: the batch buffer
56 *
57 * 1. Allocated
58 * 2. Written by CPU
59 * 3. Mapped to GTT
60 * 4. Read by GPU
61 * 5. Unmapped from GTT
62 * 6. Freed
63 *
64 * Let's take these a step at a time
65 *
66 * 1. Allocated
67 * Pages allocated from the kernel may still have
68 * cache contents, so we set them to (CPU, CPU) always.
69 * 2. Written by CPU (using pwrite)
70 * The pwrite function calls set_domain (CPU, CPU) and
71 * this function does nothing (as nothing changes)
72 * 3. Mapped by GTT
73 * This function asserts that the object is not
74 * currently in any GPU-based read or write domains
75 * 4. Read by GPU
76 * i915_gem_execbuffer calls set_domain (COMMAND, 0).
77 * As write_domain is zero, this function adds in the
78 * current read domains (CPU+COMMAND, 0).
79 * flush_domains is set to CPU.
80 * invalidate_domains is set to COMMAND
81 * clflush is run to get data out of the CPU caches
82 * then i915_dev_set_domain calls i915_gem_flush to
83 * emit an MI_FLUSH and drm_agp_chipset_flush
84 * 5. Unmapped from GTT
85 * i915_gem_object_unbind calls set_domain (CPU, CPU)
86 * flush_domains and invalidate_domains end up both zero
87 * so no flushing/invalidating happens
88 * 6. Freed
89 * yay, done
90 *
91 * Case 2: The shared render buffer
92 *
93 * 1. Allocated
94 * 2. Mapped to GTT
95 * 3. Read/written by GPU
96 * 4. set_domain to (CPU,CPU)
97 * 5. Read/written by CPU
98 * 6. Read/written by GPU
99 *
100 * 1. Allocated
101 * Same as last example, (CPU, CPU)
102 * 2. Mapped to GTT
103 * Nothing changes (assertions find that it is not in the GPU)
104 * 3. Read/written by GPU
105 * execbuffer calls set_domain (RENDER, RENDER)
106 * flush_domains gets CPU
107 * invalidate_domains gets GPU
108 * clflush (obj)
109 * MI_FLUSH and drm_agp_chipset_flush
110 * 4. set_domain (CPU, CPU)
111 * flush_domains gets GPU
112 * invalidate_domains gets CPU
113 * wait_rendering (obj) to make sure all drawing is complete.
114 * This will include an MI_FLUSH to get the data from GPU
115 * to memory
116 * clflush (obj) to invalidate the CPU cache
117 * Another MI_FLUSH in i915_gem_flush (eliminate this somehow?)
118 * 5. Read/written by CPU
119 * cache lines are loaded and dirtied
120 * 6. Read written by GPU
121 * Same as last GPU access
122 *
123 * Case 3: The constant buffer
124 *
125 * 1. Allocated
126 * 2. Written by CPU
127 * 3. Read by GPU
128 * 4. Updated (written) by CPU again
129 * 5. Read by GPU
130 *
131 * 1. Allocated
132 * (CPU, CPU)
133 * 2. Written by CPU
134 * (CPU, CPU)
135 * 3. Read by GPU
136 * (CPU+RENDER, 0)
137 * flush_domains = CPU
138 * invalidate_domains = RENDER
139 * clflush (obj)
140 * MI_FLUSH
141 * drm_agp_chipset_flush
142 * 4. Updated (written) by CPU again
143 * (CPU, CPU)
144 * flush_domains = 0 (no previous write domain)
145 * invalidate_domains = 0 (no new read domains)
146 * 5. Read by GPU
147 * (CPU+RENDER, 0)
148 * flush_domains = CPU
149 * invalidate_domains = RENDER
150 * clflush (obj)
151 * MI_FLUSH
152 * drm_agp_chipset_flush
153 */
154static void
155i915_gem_object_set_to_gpu_domain(struct drm_i915_gem_object *obj,
156 struct intel_ring_buffer *ring,
157 struct change_domains *cd)
158{
159 uint32_t invalidate_domains = 0, flush_domains = 0;
160
161 /*
162 * If the object isn't moving to a new write domain,
163 * let the object stay in multiple read domains
164 */
165 if (obj->base.pending_write_domain == 0)
166 obj->base.pending_read_domains |= obj->base.read_domains;
167
168 /*
169 * Flush the current write domain if
170 * the new read domains don't match. Invalidate
171 * any read domains which differ from the old
172 * write domain
173 */
174 if (obj->base.write_domain &&
175 (((obj->base.write_domain != obj->base.pending_read_domains ||
176 obj->ring != ring)) ||
177 (obj->fenced_gpu_access && !obj->pending_fenced_gpu_access))) {
178 flush_domains |= obj->base.write_domain;
179 invalidate_domains |=
180 obj->base.pending_read_domains & ~obj->base.write_domain;
181 }
182 /*
183 * Invalidate any read caches which may have
184 * stale data. That is, any new read domains.
185 */
186 invalidate_domains |= obj->base.pending_read_domains & ~obj->base.read_domains;
187 if ((flush_domains | invalidate_domains) & I915_GEM_DOMAIN_CPU)
188 i915_gem_clflush_object(obj);
189
190 if (obj->base.pending_write_domain)
191 cd->flips |= atomic_read(&obj->pending_flip);
192
193 /* The actual obj->write_domain will be updated with
194 * pending_write_domain after we emit the accumulated flush for all
195 * of our domain changes in execbuffers (which clears objects'
196 * write_domains). So if we have a current write domain that we
197 * aren't changing, set pending_write_domain to that.
198 */
199 if (flush_domains == 0 && obj->base.pending_write_domain == 0)
200 obj->base.pending_write_domain = obj->base.write_domain;
201
202 cd->invalidate_domains |= invalidate_domains;
203 cd->flush_domains |= flush_domains;
204 if (flush_domains & I915_GEM_GPU_DOMAINS)
205 cd->flush_rings |= obj->ring->id;
206 if (invalidate_domains & I915_GEM_GPU_DOMAINS)
207 cd->flush_rings |= ring->id;
208}
209
210struct eb_objects {
211 int and;
212 struct hlist_head buckets[0];
213};
214
215static struct eb_objects *
216eb_create(int size)
217{
218 struct eb_objects *eb;
219 int count = PAGE_SIZE / sizeof(struct hlist_head) / 2;
220 while (count > size)
221 count >>= 1;
222 eb = kzalloc(count*sizeof(struct hlist_head) +
223 sizeof(struct eb_objects),
224 GFP_KERNEL);
225 if (eb == NULL)
226 return eb;
227
228 eb->and = count - 1;
229 return eb;
230}
231
232static void
233eb_reset(struct eb_objects *eb)
234{
235 memset(eb->buckets, 0, (eb->and+1)*sizeof(struct hlist_head));
236}
237
238static void
239eb_add_object(struct eb_objects *eb, struct drm_i915_gem_object *obj)
240{
241 hlist_add_head(&obj->exec_node,
242 &eb->buckets[obj->exec_handle & eb->and]);
243}
244
245static struct drm_i915_gem_object *
246eb_get_object(struct eb_objects *eb, unsigned long handle)
247{
248 struct hlist_head *head;
249 struct hlist_node *node;
250 struct drm_i915_gem_object *obj;
251
252 head = &eb->buckets[handle & eb->and];
253 hlist_for_each(node, head) {
254 obj = hlist_entry(node, struct drm_i915_gem_object, exec_node);
255 if (obj->exec_handle == handle)
256 return obj;
257 }
258
259 return NULL;
260}
261
262static void
263eb_destroy(struct eb_objects *eb)
264{
265 kfree(eb);
266}
267
268static int
269i915_gem_execbuffer_relocate_entry(struct drm_i915_gem_object *obj,
270 struct eb_objects *eb,
271 struct drm_i915_gem_relocation_entry *reloc)
272{
273 struct drm_device *dev = obj->base.dev;
274 struct drm_gem_object *target_obj;
275 uint32_t target_offset;
276 int ret = -EINVAL;
277
278 /* we've already hold a reference to all valid objects */
279 target_obj = &eb_get_object(eb, reloc->target_handle)->base;
280 if (unlikely(target_obj == NULL))
281 return -ENOENT;
282
283 target_offset = to_intel_bo(target_obj)->gtt_offset;
284
285 /* The target buffer should have appeared before us in the
286 * exec_object list, so it should have a GTT space bound by now.
287 */
288 if (unlikely(target_offset == 0)) {
289 DRM_ERROR("No GTT space found for object %d\n",
290 reloc->target_handle);
291 return ret;
292 }
293
294 /* Validate that the target is in a valid r/w GPU domain */
295 if (unlikely(reloc->write_domain & (reloc->write_domain - 1))) {
296 DRM_ERROR("reloc with multiple write domains: "
297 "obj %p target %d offset %d "
298 "read %08x write %08x",
299 obj, reloc->target_handle,
300 (int) reloc->offset,
301 reloc->read_domains,
302 reloc->write_domain);
303 return ret;
304 }
305 if (unlikely((reloc->write_domain | reloc->read_domains) & I915_GEM_DOMAIN_CPU)) {
306 DRM_ERROR("reloc with read/write CPU domains: "
307 "obj %p target %d offset %d "
308 "read %08x write %08x",
309 obj, reloc->target_handle,
310 (int) reloc->offset,
311 reloc->read_domains,
312 reloc->write_domain);
313 return ret;
314 }
315 if (unlikely(reloc->write_domain && target_obj->pending_write_domain &&
316 reloc->write_domain != target_obj->pending_write_domain)) {
317 DRM_ERROR("Write domain conflict: "
318 "obj %p target %d offset %d "
319 "new %08x old %08x\n",
320 obj, reloc->target_handle,
321 (int) reloc->offset,
322 reloc->write_domain,
323 target_obj->pending_write_domain);
324 return ret;
325 }
326
327 target_obj->pending_read_domains |= reloc->read_domains;
328 target_obj->pending_write_domain |= reloc->write_domain;
329
330 /* If the relocation already has the right value in it, no
331 * more work needs to be done.
332 */
333 if (target_offset == reloc->presumed_offset)
334 return 0;
335
336 /* Check that the relocation address is valid... */
337 if (unlikely(reloc->offset > obj->base.size - 4)) {
338 DRM_ERROR("Relocation beyond object bounds: "
339 "obj %p target %d offset %d size %d.\n",
340 obj, reloc->target_handle,
341 (int) reloc->offset,
342 (int) obj->base.size);
343 return ret;
344 }
345 if (unlikely(reloc->offset & 3)) {
346 DRM_ERROR("Relocation not 4-byte aligned: "
347 "obj %p target %d offset %d.\n",
348 obj, reloc->target_handle,
349 (int) reloc->offset);
350 return ret;
351 }
352
353 reloc->delta += target_offset;
354 if (obj->base.write_domain == I915_GEM_DOMAIN_CPU) {
355 uint32_t page_offset = reloc->offset & ~PAGE_MASK;
356 char *vaddr;
357
358 vaddr = kmap_atomic(obj->pages[reloc->offset >> PAGE_SHIFT]);
359 *(uint32_t *)(vaddr + page_offset) = reloc->delta;
360 kunmap_atomic(vaddr);
361 } else {
362 struct drm_i915_private *dev_priv = dev->dev_private;
363 uint32_t __iomem *reloc_entry;
364 void __iomem *reloc_page;
365
366 /* We can't wait for rendering with pagefaults disabled */
367 if (obj->active && in_atomic())
368 return -EFAULT;
369
370 ret = i915_gem_object_set_to_gtt_domain(obj, 1);
371 if (ret)
372 return ret;
373
374 /* Map the page containing the relocation we're going to perform. */
375 reloc->offset += obj->gtt_offset;
376 reloc_page = io_mapping_map_atomic_wc(dev_priv->mm.gtt_mapping,
377 reloc->offset & PAGE_MASK);
378 reloc_entry = (uint32_t __iomem *)
379 (reloc_page + (reloc->offset & ~PAGE_MASK));
380 iowrite32(reloc->delta, reloc_entry);
381 io_mapping_unmap_atomic(reloc_page);
382 }
383
384 /* and update the user's relocation entry */
385 reloc->presumed_offset = target_offset;
386
387 return 0;
388}
389
390static int
391i915_gem_execbuffer_relocate_object(struct drm_i915_gem_object *obj,
392 struct eb_objects *eb)
393{
394 struct drm_i915_gem_relocation_entry __user *user_relocs;
395 struct drm_i915_gem_exec_object2 *entry = obj->exec_entry;
396 int i, ret;
397
398 user_relocs = (void __user *)(uintptr_t)entry->relocs_ptr;
399 for (i = 0; i < entry->relocation_count; i++) {
400 struct drm_i915_gem_relocation_entry reloc;
401
402 if (__copy_from_user_inatomic(&reloc,
403 user_relocs+i,
404 sizeof(reloc)))
405 return -EFAULT;
406
407 ret = i915_gem_execbuffer_relocate_entry(obj, eb, &reloc);
408 if (ret)
409 return ret;
410
411 if (__copy_to_user_inatomic(&user_relocs[i].presumed_offset,
412 &reloc.presumed_offset,
413 sizeof(reloc.presumed_offset)))
414 return -EFAULT;
415 }
416
417 return 0;
418}
419
420static int
421i915_gem_execbuffer_relocate_object_slow(struct drm_i915_gem_object *obj,
422 struct eb_objects *eb,
423 struct drm_i915_gem_relocation_entry *relocs)
424{
425 const struct drm_i915_gem_exec_object2 *entry = obj->exec_entry;
426 int i, ret;
427
428 for (i = 0; i < entry->relocation_count; i++) {
429 ret = i915_gem_execbuffer_relocate_entry(obj, eb, &relocs[i]);
430 if (ret)
431 return ret;
432 }
433
434 return 0;
435}
436
437static int
438i915_gem_execbuffer_relocate(struct drm_device *dev,
439 struct eb_objects *eb,
440 struct list_head *objects)
441{
442 struct drm_i915_gem_object *obj;
443 int ret = 0;
444
445 /* This is the fast path and we cannot handle a pagefault whilst
446 * holding the struct mutex lest the user pass in the relocations
447 * contained within a mmaped bo. For in such a case we, the page
448 * fault handler would call i915_gem_fault() and we would try to
449 * acquire the struct mutex again. Obviously this is bad and so
450 * lockdep complains vehemently.
451 */
452 pagefault_disable();
453 list_for_each_entry(obj, objects, exec_list) {
454 ret = i915_gem_execbuffer_relocate_object(obj, eb);
455 if (ret)
456 break;
457 }
458 pagefault_enable();
459
460 return ret;
461}
462
463static int
464i915_gem_execbuffer_reserve(struct intel_ring_buffer *ring,
465 struct drm_file *file,
466 struct list_head *objects)
467{
468 struct drm_i915_gem_object *obj;
469 int ret, retry;
470 bool has_fenced_gpu_access = INTEL_INFO(ring->dev)->gen < 4;
471 struct list_head ordered_objects;
472
473 INIT_LIST_HEAD(&ordered_objects);
474 while (!list_empty(objects)) {
475 struct drm_i915_gem_exec_object2 *entry;
476 bool need_fence, need_mappable;
477
478 obj = list_first_entry(objects,
479 struct drm_i915_gem_object,
480 exec_list);
481 entry = obj->exec_entry;
482
483 need_fence =
484 has_fenced_gpu_access &&
485 entry->flags & EXEC_OBJECT_NEEDS_FENCE &&
486 obj->tiling_mode != I915_TILING_NONE;
487 need_mappable =
488 entry->relocation_count ? true : need_fence;
489
490 if (need_mappable)
491 list_move(&obj->exec_list, &ordered_objects);
492 else
493 list_move_tail(&obj->exec_list, &ordered_objects);
494
495 obj->base.pending_read_domains = 0;
496 obj->base.pending_write_domain = 0;
497 }
498 list_splice(&ordered_objects, objects);
499
500 /* Attempt to pin all of the buffers into the GTT.
501 * This is done in 3 phases:
502 *
503 * 1a. Unbind all objects that do not match the GTT constraints for
504 * the execbuffer (fenceable, mappable, alignment etc).
505 * 1b. Increment pin count for already bound objects.
506 * 2. Bind new objects.
507 * 3. Decrement pin count.
508 *
509 * This avoid unnecessary unbinding of later objects in order to makr
510 * room for the earlier objects *unless* we need to defragment.
511 */
512 retry = 0;
513 do {
514 ret = 0;
515
516 /* Unbind any ill-fitting objects or pin. */
517 list_for_each_entry(obj, objects, exec_list) {
518 struct drm_i915_gem_exec_object2 *entry = obj->exec_entry;
519 bool need_fence, need_mappable;
520 if (!obj->gtt_space)
521 continue;
522
523 need_fence =
524 has_fenced_gpu_access &&
525 entry->flags & EXEC_OBJECT_NEEDS_FENCE &&
526 obj->tiling_mode != I915_TILING_NONE;
527 need_mappable =
528 entry->relocation_count ? true : need_fence;
529
530 if ((entry->alignment && obj->gtt_offset & (entry->alignment - 1)) ||
531 (need_mappable && !obj->map_and_fenceable))
532 ret = i915_gem_object_unbind(obj);
533 else
534 ret = i915_gem_object_pin(obj,
535 entry->alignment,
536 need_mappable);
537 if (ret)
538 goto err;
539
540 entry++;
541 }
542
543 /* Bind fresh objects */
544 list_for_each_entry(obj, objects, exec_list) {
545 struct drm_i915_gem_exec_object2 *entry = obj->exec_entry;
546 bool need_fence;
547
548 need_fence =
549 has_fenced_gpu_access &&
550 entry->flags & EXEC_OBJECT_NEEDS_FENCE &&
551 obj->tiling_mode != I915_TILING_NONE;
552
553 if (!obj->gtt_space) {
554 bool need_mappable =
555 entry->relocation_count ? true : need_fence;
556
557 ret = i915_gem_object_pin(obj,
558 entry->alignment,
559 need_mappable);
560 if (ret)
561 break;
562 }
563
564 if (has_fenced_gpu_access) {
565 if (need_fence) {
566 ret = i915_gem_object_get_fence(obj, ring);
567 if (ret)
568 break;
569 } else if (entry->flags & EXEC_OBJECT_NEEDS_FENCE &&
570 obj->tiling_mode == I915_TILING_NONE) {
571 /* XXX pipelined! */
572 ret = i915_gem_object_put_fence(obj);
573 if (ret)
574 break;
575 }
576 obj->pending_fenced_gpu_access = need_fence;
577 }
578
579 entry->offset = obj->gtt_offset;
580 }
581
582 /* Decrement pin count for bound objects */
583 list_for_each_entry(obj, objects, exec_list) {
584 if (obj->gtt_space)
585 i915_gem_object_unpin(obj);
586 }
587
588 if (ret != -ENOSPC || retry > 1)
589 return ret;
590
591 /* First attempt, just clear anything that is purgeable.
592 * Second attempt, clear the entire GTT.
593 */
594 ret = i915_gem_evict_everything(ring->dev, retry == 0);
595 if (ret)
596 return ret;
597
598 retry++;
599 } while (1);
600
601err:
602 obj = list_entry(obj->exec_list.prev,
603 struct drm_i915_gem_object,
604 exec_list);
605 while (objects != &obj->exec_list) {
606 if (obj->gtt_space)
607 i915_gem_object_unpin(obj);
608
609 obj = list_entry(obj->exec_list.prev,
610 struct drm_i915_gem_object,
611 exec_list);
612 }
613
614 return ret;
615}
616
617static int
618i915_gem_execbuffer_relocate_slow(struct drm_device *dev,
619 struct drm_file *file,
620 struct intel_ring_buffer *ring,
621 struct list_head *objects,
622 struct eb_objects *eb,
623 struct drm_i915_gem_exec_object2 *exec,
624 int count)
625{
626 struct drm_i915_gem_relocation_entry *reloc;
627 struct drm_i915_gem_object *obj;
628 int *reloc_offset;
629 int i, total, ret;
630
631 /* We may process another execbuffer during the unlock... */
632 while (!list_empty(objects)) {
633 obj = list_first_entry(objects,
634 struct drm_i915_gem_object,
635 exec_list);
636 list_del_init(&obj->exec_list);
637 drm_gem_object_unreference(&obj->base);
638 }
639
640 mutex_unlock(&dev->struct_mutex);
641
642 total = 0;
643 for (i = 0; i < count; i++)
644 total += exec[i].relocation_count;
645
646 reloc_offset = drm_malloc_ab(count, sizeof(*reloc_offset));
647 reloc = drm_malloc_ab(total, sizeof(*reloc));
648 if (reloc == NULL || reloc_offset == NULL) {
649 drm_free_large(reloc);
650 drm_free_large(reloc_offset);
651 mutex_lock(&dev->struct_mutex);
652 return -ENOMEM;
653 }
654
655 total = 0;
656 for (i = 0; i < count; i++) {
657 struct drm_i915_gem_relocation_entry __user *user_relocs;
658
659 user_relocs = (void __user *)(uintptr_t)exec[i].relocs_ptr;
660
661 if (copy_from_user(reloc+total, user_relocs,
662 exec[i].relocation_count * sizeof(*reloc))) {
663 ret = -EFAULT;
664 mutex_lock(&dev->struct_mutex);
665 goto err;
666 }
667
668 reloc_offset[i] = total;
669 total += exec[i].relocation_count;
670 }
671
672 ret = i915_mutex_lock_interruptible(dev);
673 if (ret) {
674 mutex_lock(&dev->struct_mutex);
675 goto err;
676 }
677
678 /* reacquire the objects */
679 eb_reset(eb);
680 for (i = 0; i < count; i++) {
681 obj = to_intel_bo(drm_gem_object_lookup(dev, file,
682 exec[i].handle));
683 if (&obj->base == NULL) {
684 DRM_ERROR("Invalid object handle %d at index %d\n",
685 exec[i].handle, i);
686 ret = -ENOENT;
687 goto err;
688 }
689
690 list_add_tail(&obj->exec_list, objects);
691 obj->exec_handle = exec[i].handle;
692 obj->exec_entry = &exec[i];
693 eb_add_object(eb, obj);
694 }
695
696 ret = i915_gem_execbuffer_reserve(ring, file, objects);
697 if (ret)
698 goto err;
699
700 list_for_each_entry(obj, objects, exec_list) {
701 int offset = obj->exec_entry - exec;
702 ret = i915_gem_execbuffer_relocate_object_slow(obj, eb,
703 reloc + reloc_offset[offset]);
704 if (ret)
705 goto err;
706 }
707
708 /* Leave the user relocations as are, this is the painfully slow path,
709 * and we want to avoid the complication of dropping the lock whilst
710 * having buffers reserved in the aperture and so causing spurious
711 * ENOSPC for random operations.
712 */
713
714err:
715 drm_free_large(reloc);
716 drm_free_large(reloc_offset);
717 return ret;
718}
719
720static int
721i915_gem_execbuffer_flush(struct drm_device *dev,
722 uint32_t invalidate_domains,
723 uint32_t flush_domains,
724 uint32_t flush_rings)
725{
726 drm_i915_private_t *dev_priv = dev->dev_private;
727 int i, ret;
728
729 if (flush_domains & I915_GEM_DOMAIN_CPU)
730 intel_gtt_chipset_flush();
731
732 if (flush_domains & I915_GEM_DOMAIN_GTT)
733 wmb();
734
735 if ((flush_domains | invalidate_domains) & I915_GEM_GPU_DOMAINS) {
736 for (i = 0; i < I915_NUM_RINGS; i++)
737 if (flush_rings & (1 << i)) {
738 ret = i915_gem_flush_ring(&dev_priv->ring[i],
739 invalidate_domains,
740 flush_domains);
741 if (ret)
742 return ret;
743 }
744 }
745
746 return 0;
747}
748
749static int
750i915_gem_execbuffer_sync_rings(struct drm_i915_gem_object *obj,
751 struct intel_ring_buffer *to)
752{
753 struct intel_ring_buffer *from = obj->ring;
754 u32 seqno;
755 int ret, idx;
756
757 if (from == NULL || to == from)
758 return 0;
759
760 /* XXX gpu semaphores are implicated in various hard hangs on SNB */
761 if (INTEL_INFO(obj->base.dev)->gen < 6 || !i915_semaphores)
762 return i915_gem_object_wait_rendering(obj);
763
764 idx = intel_ring_sync_index(from, to);
765
766 seqno = obj->last_rendering_seqno;
767 if (seqno <= from->sync_seqno[idx])
768 return 0;
769
770 if (seqno == from->outstanding_lazy_request) {
771 struct drm_i915_gem_request *request;
772
773 request = kzalloc(sizeof(*request), GFP_KERNEL);
774 if (request == NULL)
775 return -ENOMEM;
776
777 ret = i915_add_request(from, NULL, request);
778 if (ret) {
779 kfree(request);
780 return ret;
781 }
782
783 seqno = request->seqno;
784 }
785
786 from->sync_seqno[idx] = seqno;
787 return intel_ring_sync(to, from, seqno - 1);
788}
789
790static int
791i915_gem_execbuffer_wait_for_flips(struct intel_ring_buffer *ring, u32 flips)
792{
793 u32 plane, flip_mask;
794 int ret;
795
796 /* Check for any pending flips. As we only maintain a flip queue depth
797 * of 1, we can simply insert a WAIT for the next display flip prior
798 * to executing the batch and avoid stalling the CPU.
799 */
800
801 for (plane = 0; flips >> plane; plane++) {
802 if (((flips >> plane) & 1) == 0)
803 continue;
804
805 if (plane)
806 flip_mask = MI_WAIT_FOR_PLANE_B_FLIP;
807 else
808 flip_mask = MI_WAIT_FOR_PLANE_A_FLIP;
809
810 ret = intel_ring_begin(ring, 2);
811 if (ret)
812 return ret;
813
814 intel_ring_emit(ring, MI_WAIT_FOR_EVENT | flip_mask);
815 intel_ring_emit(ring, MI_NOOP);
816 intel_ring_advance(ring);
817 }
818
819 return 0;
820}
821
822
823static int
824i915_gem_execbuffer_move_to_gpu(struct intel_ring_buffer *ring,
825 struct list_head *objects)
826{
827 struct drm_i915_gem_object *obj;
828 struct change_domains cd;
829 int ret;
830
831 memset(&cd, 0, sizeof(cd));
832 list_for_each_entry(obj, objects, exec_list)
833 i915_gem_object_set_to_gpu_domain(obj, ring, &cd);
834
835 if (cd.invalidate_domains | cd.flush_domains) {
836 ret = i915_gem_execbuffer_flush(ring->dev,
837 cd.invalidate_domains,
838 cd.flush_domains,
839 cd.flush_rings);
840 if (ret)
841 return ret;
842 }
843
844 if (cd.flips) {
845 ret = i915_gem_execbuffer_wait_for_flips(ring, cd.flips);
846 if (ret)
847 return ret;
848 }
849
850 list_for_each_entry(obj, objects, exec_list) {
851 ret = i915_gem_execbuffer_sync_rings(obj, ring);
852 if (ret)
853 return ret;
854 }
855
856 return 0;
857}
858
859static bool
860i915_gem_check_execbuffer(struct drm_i915_gem_execbuffer2 *exec)
861{
862 return ((exec->batch_start_offset | exec->batch_len) & 0x7) == 0;
863}
864
865static int
866validate_exec_list(struct drm_i915_gem_exec_object2 *exec,
867 int count)
868{
869 int i;
870
871 for (i = 0; i < count; i++) {
872 char __user *ptr = (char __user *)(uintptr_t)exec[i].relocs_ptr;
873 int length; /* limited by fault_in_pages_readable() */
874
875 /* First check for malicious input causing overflow */
876 if (exec[i].relocation_count >
877 INT_MAX / sizeof(struct drm_i915_gem_relocation_entry))
878 return -EINVAL;
879
880 length = exec[i].relocation_count *
881 sizeof(struct drm_i915_gem_relocation_entry);
882 if (!access_ok(VERIFY_READ, ptr, length))
883 return -EFAULT;
884
885 /* we may also need to update the presumed offsets */
886 if (!access_ok(VERIFY_WRITE, ptr, length))
887 return -EFAULT;
888
889 if (fault_in_pages_readable(ptr, length))
890 return -EFAULT;
891 }
892
893 return 0;
894}
895
896static void
897i915_gem_execbuffer_move_to_active(struct list_head *objects,
898 struct intel_ring_buffer *ring,
899 u32 seqno)
900{
901 struct drm_i915_gem_object *obj;
902
903 list_for_each_entry(obj, objects, exec_list) {
904 u32 old_read = obj->base.read_domains;
905 u32 old_write = obj->base.write_domain;
906
907
908 obj->base.read_domains = obj->base.pending_read_domains;
909 obj->base.write_domain = obj->base.pending_write_domain;
910 obj->fenced_gpu_access = obj->pending_fenced_gpu_access;
911
912 i915_gem_object_move_to_active(obj, ring, seqno);
913 if (obj->base.write_domain) {
914 obj->dirty = 1;
915 obj->pending_gpu_write = true;
916 list_move_tail(&obj->gpu_write_list,
917 &ring->gpu_write_list);
918 intel_mark_busy(ring->dev, obj);
919 }
920
921 trace_i915_gem_object_change_domain(obj, old_read, old_write);
922 }
923}
924
925static void
926i915_gem_execbuffer_retire_commands(struct drm_device *dev,
927 struct drm_file *file,
928 struct intel_ring_buffer *ring)
929{
930 struct drm_i915_gem_request *request;
931 u32 invalidate;
932
933 /*
934 * Ensure that the commands in the batch buffer are
935 * finished before the interrupt fires.
936 *
937 * The sampler always gets flushed on i965 (sigh).
938 */
939 invalidate = I915_GEM_DOMAIN_COMMAND;
940 if (INTEL_INFO(dev)->gen >= 4)
941 invalidate |= I915_GEM_DOMAIN_SAMPLER;
942 if (ring->flush(ring, invalidate, 0)) {
943 i915_gem_next_request_seqno(ring);
944 return;
945 }
946
947 /* Add a breadcrumb for the completion of the batch buffer */
948 request = kzalloc(sizeof(*request), GFP_KERNEL);
949 if (request == NULL || i915_add_request(ring, file, request)) {
950 i915_gem_next_request_seqno(ring);
951 kfree(request);
952 }
953}
954
955static int
956i915_gem_do_execbuffer(struct drm_device *dev, void *data,
957 struct drm_file *file,
958 struct drm_i915_gem_execbuffer2 *args,
959 struct drm_i915_gem_exec_object2 *exec)
960{
961 drm_i915_private_t *dev_priv = dev->dev_private;
962 struct list_head objects;
963 struct eb_objects *eb;
964 struct drm_i915_gem_object *batch_obj;
965 struct drm_clip_rect *cliprects = NULL;
966 struct intel_ring_buffer *ring;
967 u32 exec_start, exec_len;
968 u32 seqno;
969 int ret, mode, i;
970
971 if (!i915_gem_check_execbuffer(args)) {
972 DRM_ERROR("execbuf with invalid offset/length\n");
973 return -EINVAL;
974 }
975
976 ret = validate_exec_list(exec, args->buffer_count);
977 if (ret)
978 return ret;
979
980 switch (args->flags & I915_EXEC_RING_MASK) {
981 case I915_EXEC_DEFAULT:
982 case I915_EXEC_RENDER:
983 ring = &dev_priv->ring[RCS];
984 break;
985 case I915_EXEC_BSD:
986 if (!HAS_BSD(dev)) {
987 DRM_ERROR("execbuf with invalid ring (BSD)\n");
988 return -EINVAL;
989 }
990 ring = &dev_priv->ring[VCS];
991 break;
992 case I915_EXEC_BLT:
993 if (!HAS_BLT(dev)) {
994 DRM_ERROR("execbuf with invalid ring (BLT)\n");
995 return -EINVAL;
996 }
997 ring = &dev_priv->ring[BCS];
998 break;
999 default:
1000 DRM_ERROR("execbuf with unknown ring: %d\n",
1001 (int)(args->flags & I915_EXEC_RING_MASK));
1002 return -EINVAL;
1003 }
1004
1005 mode = args->flags & I915_EXEC_CONSTANTS_MASK;
1006 switch (mode) {
1007 case I915_EXEC_CONSTANTS_REL_GENERAL:
1008 case I915_EXEC_CONSTANTS_ABSOLUTE:
1009 case I915_EXEC_CONSTANTS_REL_SURFACE:
1010 if (ring == &dev_priv->ring[RCS] &&
1011 mode != dev_priv->relative_constants_mode) {
1012 if (INTEL_INFO(dev)->gen < 4)
1013 return -EINVAL;
1014
1015 if (INTEL_INFO(dev)->gen > 5 &&
1016 mode == I915_EXEC_CONSTANTS_REL_SURFACE)
1017 return -EINVAL;
1018
1019 ret = intel_ring_begin(ring, 4);
1020 if (ret)
1021 return ret;
1022
1023 intel_ring_emit(ring, MI_NOOP);
1024 intel_ring_emit(ring, MI_LOAD_REGISTER_IMM(1));
1025 intel_ring_emit(ring, INSTPM);
1026 intel_ring_emit(ring,
1027 I915_EXEC_CONSTANTS_MASK << 16 | mode);
1028 intel_ring_advance(ring);
1029
1030 dev_priv->relative_constants_mode = mode;
1031 }
1032 break;
1033 default:
1034 DRM_ERROR("execbuf with unknown constants: %d\n", mode);
1035 return -EINVAL;
1036 }
1037
1038 if (args->buffer_count < 1) {
1039 DRM_ERROR("execbuf with %d buffers\n", args->buffer_count);
1040 return -EINVAL;
1041 }
1042
1043 if (args->num_cliprects != 0) {
1044 if (ring != &dev_priv->ring[RCS]) {
1045 DRM_ERROR("clip rectangles are only valid with the render ring\n");
1046 return -EINVAL;
1047 }
1048
1049 cliprects = kmalloc(args->num_cliprects * sizeof(*cliprects),
1050 GFP_KERNEL);
1051 if (cliprects == NULL) {
1052 ret = -ENOMEM;
1053 goto pre_mutex_err;
1054 }
1055
1056 if (copy_from_user(cliprects,
1057 (struct drm_clip_rect __user *)(uintptr_t)
1058 args->cliprects_ptr,
1059 sizeof(*cliprects)*args->num_cliprects)) {
1060 ret = -EFAULT;
1061 goto pre_mutex_err;
1062 }
1063 }
1064
1065 ret = i915_mutex_lock_interruptible(dev);
1066 if (ret)
1067 goto pre_mutex_err;
1068
1069 if (dev_priv->mm.suspended) {
1070 mutex_unlock(&dev->struct_mutex);
1071 ret = -EBUSY;
1072 goto pre_mutex_err;
1073 }
1074
1075 eb = eb_create(args->buffer_count);
1076 if (eb == NULL) {
1077 mutex_unlock(&dev->struct_mutex);
1078 ret = -ENOMEM;
1079 goto pre_mutex_err;
1080 }
1081
1082 /* Look up object handles */
1083 INIT_LIST_HEAD(&objects);
1084 for (i = 0; i < args->buffer_count; i++) {
1085 struct drm_i915_gem_object *obj;
1086
1087 obj = to_intel_bo(drm_gem_object_lookup(dev, file,
1088 exec[i].handle));
1089 if (&obj->base == NULL) {
1090 DRM_ERROR("Invalid object handle %d at index %d\n",
1091 exec[i].handle, i);
1092 /* prevent error path from reading uninitialized data */
1093 ret = -ENOENT;
1094 goto err;
1095 }
1096
1097 if (!list_empty(&obj->exec_list)) {
1098 DRM_ERROR("Object %p [handle %d, index %d] appears more than once in object list\n",
1099 obj, exec[i].handle, i);
1100 ret = -EINVAL;
1101 goto err;
1102 }
1103
1104 list_add_tail(&obj->exec_list, &objects);
1105 obj->exec_handle = exec[i].handle;
1106 obj->exec_entry = &exec[i];
1107 eb_add_object(eb, obj);
1108 }
1109
1110 /* take note of the batch buffer before we might reorder the lists */
1111 batch_obj = list_entry(objects.prev,
1112 struct drm_i915_gem_object,
1113 exec_list);
1114
1115 /* Move the objects en-masse into the GTT, evicting if necessary. */
1116 ret = i915_gem_execbuffer_reserve(ring, file, &objects);
1117 if (ret)
1118 goto err;
1119
1120 /* The objects are in their final locations, apply the relocations. */
1121 ret = i915_gem_execbuffer_relocate(dev, eb, &objects);
1122 if (ret) {
1123 if (ret == -EFAULT) {
1124 ret = i915_gem_execbuffer_relocate_slow(dev, file, ring,
1125 &objects, eb,
1126 exec,
1127 args->buffer_count);
1128 BUG_ON(!mutex_is_locked(&dev->struct_mutex));
1129 }
1130 if (ret)
1131 goto err;
1132 }
1133
1134 /* Set the pending read domains for the batch buffer to COMMAND */
1135 if (batch_obj->base.pending_write_domain) {
1136 DRM_ERROR("Attempting to use self-modifying batch buffer\n");
1137 ret = -EINVAL;
1138 goto err;
1139 }
1140 batch_obj->base.pending_read_domains |= I915_GEM_DOMAIN_COMMAND;
1141
1142 ret = i915_gem_execbuffer_move_to_gpu(ring, &objects);
1143 if (ret)
1144 goto err;
1145
1146 seqno = i915_gem_next_request_seqno(ring);
1147 for (i = 0; i < ARRAY_SIZE(ring->sync_seqno); i++) {
1148 if (seqno < ring->sync_seqno[i]) {
1149 /* The GPU can not handle its semaphore value wrapping,
1150 * so every billion or so execbuffers, we need to stall
1151 * the GPU in order to reset the counters.
1152 */
1153 ret = i915_gpu_idle(dev);
1154 if (ret)
1155 goto err;
1156
1157 BUG_ON(ring->sync_seqno[i]);
1158 }
1159 }
1160
1161 trace_i915_gem_ring_dispatch(ring, seqno);
1162
1163 exec_start = batch_obj->gtt_offset + args->batch_start_offset;
1164 exec_len = args->batch_len;
1165 if (cliprects) {
1166 for (i = 0; i < args->num_cliprects; i++) {
1167 ret = i915_emit_box(dev, &cliprects[i],
1168 args->DR1, args->DR4);
1169 if (ret)
1170 goto err;
1171
1172 ret = ring->dispatch_execbuffer(ring,
1173 exec_start, exec_len);
1174 if (ret)
1175 goto err;
1176 }
1177 } else {
1178 ret = ring->dispatch_execbuffer(ring, exec_start, exec_len);
1179 if (ret)
1180 goto err;
1181 }
1182
1183 i915_gem_execbuffer_move_to_active(&objects, ring, seqno);
1184 i915_gem_execbuffer_retire_commands(dev, file, ring);
1185
1186err:
1187 eb_destroy(eb);
1188 while (!list_empty(&objects)) {
1189 struct drm_i915_gem_object *obj;
1190
1191 obj = list_first_entry(&objects,
1192 struct drm_i915_gem_object,
1193 exec_list);
1194 list_del_init(&obj->exec_list);
1195 drm_gem_object_unreference(&obj->base);
1196 }
1197
1198 mutex_unlock(&dev->struct_mutex);
1199
1200pre_mutex_err:
1201 kfree(cliprects);
1202 return ret;
1203}
1204
1205/*
1206 * Legacy execbuffer just creates an exec2 list from the original exec object
1207 * list array and passes it to the real function.
1208 */
1209int
1210i915_gem_execbuffer(struct drm_device *dev, void *data,
1211 struct drm_file *file)
1212{
1213 struct drm_i915_gem_execbuffer *args = data;
1214 struct drm_i915_gem_execbuffer2 exec2;
1215 struct drm_i915_gem_exec_object *exec_list = NULL;
1216 struct drm_i915_gem_exec_object2 *exec2_list = NULL;
1217 int ret, i;
1218
1219 if (args->buffer_count < 1) {
1220 DRM_ERROR("execbuf with %d buffers\n", args->buffer_count);
1221 return -EINVAL;
1222 }
1223
1224 /* Copy in the exec list from userland */
1225 exec_list = drm_malloc_ab(sizeof(*exec_list), args->buffer_count);
1226 exec2_list = drm_malloc_ab(sizeof(*exec2_list), args->buffer_count);
1227 if (exec_list == NULL || exec2_list == NULL) {
1228 DRM_ERROR("Failed to allocate exec list for %d buffers\n",
1229 args->buffer_count);
1230 drm_free_large(exec_list);
1231 drm_free_large(exec2_list);
1232 return -ENOMEM;
1233 }
1234 ret = copy_from_user(exec_list,
1235 (struct drm_i915_relocation_entry __user *)
1236 (uintptr_t) args->buffers_ptr,
1237 sizeof(*exec_list) * args->buffer_count);
1238 if (ret != 0) {
1239 DRM_ERROR("copy %d exec entries failed %d\n",
1240 args->buffer_count, ret);
1241 drm_free_large(exec_list);
1242 drm_free_large(exec2_list);
1243 return -EFAULT;
1244 }
1245
1246 for (i = 0; i < args->buffer_count; i++) {
1247 exec2_list[i].handle = exec_list[i].handle;
1248 exec2_list[i].relocation_count = exec_list[i].relocation_count;
1249 exec2_list[i].relocs_ptr = exec_list[i].relocs_ptr;
1250 exec2_list[i].alignment = exec_list[i].alignment;
1251 exec2_list[i].offset = exec_list[i].offset;
1252 if (INTEL_INFO(dev)->gen < 4)
1253 exec2_list[i].flags = EXEC_OBJECT_NEEDS_FENCE;
1254 else
1255 exec2_list[i].flags = 0;
1256 }
1257
1258 exec2.buffers_ptr = args->buffers_ptr;
1259 exec2.buffer_count = args->buffer_count;
1260 exec2.batch_start_offset = args->batch_start_offset;
1261 exec2.batch_len = args->batch_len;
1262 exec2.DR1 = args->DR1;
1263 exec2.DR4 = args->DR4;
1264 exec2.num_cliprects = args->num_cliprects;
1265 exec2.cliprects_ptr = args->cliprects_ptr;
1266 exec2.flags = I915_EXEC_RENDER;
1267
1268 ret = i915_gem_do_execbuffer(dev, data, file, &exec2, exec2_list);
1269 if (!ret) {
1270 /* Copy the new buffer offsets back to the user's exec list. */
1271 for (i = 0; i < args->buffer_count; i++)
1272 exec_list[i].offset = exec2_list[i].offset;
1273 /* ... and back out to userspace */
1274 ret = copy_to_user((struct drm_i915_relocation_entry __user *)
1275 (uintptr_t) args->buffers_ptr,
1276 exec_list,
1277 sizeof(*exec_list) * args->buffer_count);
1278 if (ret) {
1279 ret = -EFAULT;
1280 DRM_ERROR("failed to copy %d exec entries "
1281 "back to user (%d)\n",
1282 args->buffer_count, ret);
1283 }
1284 }
1285
1286 drm_free_large(exec_list);
1287 drm_free_large(exec2_list);
1288 return ret;
1289}
1290
1291int
1292i915_gem_execbuffer2(struct drm_device *dev, void *data,
1293 struct drm_file *file)
1294{
1295 struct drm_i915_gem_execbuffer2 *args = data;
1296 struct drm_i915_gem_exec_object2 *exec2_list = NULL;
1297 int ret;
1298
1299 if (args->buffer_count < 1) {
1300 DRM_ERROR("execbuf2 with %d buffers\n", args->buffer_count);
1301 return -EINVAL;
1302 }
1303
1304 exec2_list = kmalloc(sizeof(*exec2_list)*args->buffer_count,
1305 GFP_KERNEL | __GFP_NOWARN | __GFP_NORETRY);
1306 if (exec2_list == NULL)
1307 exec2_list = drm_malloc_ab(sizeof(*exec2_list),
1308 args->buffer_count);
1309 if (exec2_list == NULL) {
1310 DRM_ERROR("Failed to allocate exec list for %d buffers\n",
1311 args->buffer_count);
1312 return -ENOMEM;
1313 }
1314 ret = copy_from_user(exec2_list,
1315 (struct drm_i915_relocation_entry __user *)
1316 (uintptr_t) args->buffers_ptr,
1317 sizeof(*exec2_list) * args->buffer_count);
1318 if (ret != 0) {
1319 DRM_ERROR("copy %d exec entries failed %d\n",
1320 args->buffer_count, ret);
1321 drm_free_large(exec2_list);
1322 return -EFAULT;
1323 }
1324
1325 ret = i915_gem_do_execbuffer(dev, data, file, args, exec2_list);
1326 if (!ret) {
1327 /* Copy the new buffer offsets back to the user's exec list. */
1328 ret = copy_to_user((struct drm_i915_relocation_entry __user *)
1329 (uintptr_t) args->buffers_ptr,
1330 exec2_list,
1331 sizeof(*exec2_list) * args->buffer_count);
1332 if (ret) {
1333 ret = -EFAULT;
1334 DRM_ERROR("failed to copy %d exec entries "
1335 "back to user (%d)\n",
1336 args->buffer_count, ret);
1337 }
1338 }
1339
1340 drm_free_large(exec2_list);
1341 return ret;
1342}
1/*
2 * Copyright © 2008,2010 Intel Corporation
3 *
4 * Permission is hereby granted, free of charge, to any person obtaining a
5 * copy of this software and associated documentation files (the "Software"),
6 * to deal in the Software without restriction, including without limitation
7 * the rights to use, copy, modify, merge, publish, distribute, sublicense,
8 * and/or sell copies of the Software, and to permit persons to whom the
9 * Software is furnished to do so, subject to the following conditions:
10 *
11 * The above copyright notice and this permission notice (including the next
12 * paragraph) shall be included in all copies or substantial portions of the
13 * Software.
14 *
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
18 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
20 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
21 * IN THE SOFTWARE.
22 *
23 * Authors:
24 * Eric Anholt <eric@anholt.net>
25 * Chris Wilson <chris@chris-wilson.co.uk>
26 *
27 */
28
29#include <drm/drmP.h>
30#include <drm/i915_drm.h>
31#include "i915_drv.h"
32#include "i915_trace.h"
33#include "intel_drv.h"
34#include <linux/dma_remapping.h>
35#include <linux/uaccess.h>
36
37#define __EXEC_OBJECT_HAS_PIN (1<<31)
38#define __EXEC_OBJECT_HAS_FENCE (1<<30)
39#define __EXEC_OBJECT_NEEDS_MAP (1<<29)
40#define __EXEC_OBJECT_NEEDS_BIAS (1<<28)
41
42#define BATCH_OFFSET_BIAS (256*1024)
43
44struct eb_vmas {
45 struct list_head vmas;
46 int and;
47 union {
48 struct i915_vma *lut[0];
49 struct hlist_head buckets[0];
50 };
51};
52
53static struct eb_vmas *
54eb_create(struct drm_i915_gem_execbuffer2 *args)
55{
56 struct eb_vmas *eb = NULL;
57
58 if (args->flags & I915_EXEC_HANDLE_LUT) {
59 unsigned size = args->buffer_count;
60 size *= sizeof(struct i915_vma *);
61 size += sizeof(struct eb_vmas);
62 eb = kmalloc(size, GFP_TEMPORARY | __GFP_NOWARN | __GFP_NORETRY);
63 }
64
65 if (eb == NULL) {
66 unsigned size = args->buffer_count;
67 unsigned count = PAGE_SIZE / sizeof(struct hlist_head) / 2;
68 BUILD_BUG_ON_NOT_POWER_OF_2(PAGE_SIZE / sizeof(struct hlist_head));
69 while (count > 2*size)
70 count >>= 1;
71 eb = kzalloc(count*sizeof(struct hlist_head) +
72 sizeof(struct eb_vmas),
73 GFP_TEMPORARY);
74 if (eb == NULL)
75 return eb;
76
77 eb->and = count - 1;
78 } else
79 eb->and = -args->buffer_count;
80
81 INIT_LIST_HEAD(&eb->vmas);
82 return eb;
83}
84
85static void
86eb_reset(struct eb_vmas *eb)
87{
88 if (eb->and >= 0)
89 memset(eb->buckets, 0, (eb->and+1)*sizeof(struct hlist_head));
90}
91
92static int
93eb_lookup_vmas(struct eb_vmas *eb,
94 struct drm_i915_gem_exec_object2 *exec,
95 const struct drm_i915_gem_execbuffer2 *args,
96 struct i915_address_space *vm,
97 struct drm_file *file)
98{
99 struct drm_i915_gem_object *obj;
100 struct list_head objects;
101 int i, ret;
102
103 INIT_LIST_HEAD(&objects);
104 spin_lock(&file->table_lock);
105 /* Grab a reference to the object and release the lock so we can lookup
106 * or create the VMA without using GFP_ATOMIC */
107 for (i = 0; i < args->buffer_count; i++) {
108 obj = to_intel_bo(idr_find(&file->object_idr, exec[i].handle));
109 if (obj == NULL) {
110 spin_unlock(&file->table_lock);
111 DRM_DEBUG("Invalid object handle %d at index %d\n",
112 exec[i].handle, i);
113 ret = -ENOENT;
114 goto err;
115 }
116
117 if (!list_empty(&obj->obj_exec_link)) {
118 spin_unlock(&file->table_lock);
119 DRM_DEBUG("Object %p [handle %d, index %d] appears more than once in object list\n",
120 obj, exec[i].handle, i);
121 ret = -EINVAL;
122 goto err;
123 }
124
125 drm_gem_object_reference(&obj->base);
126 list_add_tail(&obj->obj_exec_link, &objects);
127 }
128 spin_unlock(&file->table_lock);
129
130 i = 0;
131 while (!list_empty(&objects)) {
132 struct i915_vma *vma;
133
134 obj = list_first_entry(&objects,
135 struct drm_i915_gem_object,
136 obj_exec_link);
137
138 /*
139 * NOTE: We can leak any vmas created here when something fails
140 * later on. But that's no issue since vma_unbind can deal with
141 * vmas which are not actually bound. And since only
142 * lookup_or_create exists as an interface to get at the vma
143 * from the (obj, vm) we don't run the risk of creating
144 * duplicated vmas for the same vm.
145 */
146 vma = i915_gem_obj_lookup_or_create_vma(obj, vm);
147 if (IS_ERR(vma)) {
148 DRM_DEBUG("Failed to lookup VMA\n");
149 ret = PTR_ERR(vma);
150 goto err;
151 }
152
153 /* Transfer ownership from the objects list to the vmas list. */
154 list_add_tail(&vma->exec_list, &eb->vmas);
155 list_del_init(&obj->obj_exec_link);
156
157 vma->exec_entry = &exec[i];
158 if (eb->and < 0) {
159 eb->lut[i] = vma;
160 } else {
161 uint32_t handle = args->flags & I915_EXEC_HANDLE_LUT ? i : exec[i].handle;
162 vma->exec_handle = handle;
163 hlist_add_head(&vma->exec_node,
164 &eb->buckets[handle & eb->and]);
165 }
166 ++i;
167 }
168
169 return 0;
170
171
172err:
173 while (!list_empty(&objects)) {
174 obj = list_first_entry(&objects,
175 struct drm_i915_gem_object,
176 obj_exec_link);
177 list_del_init(&obj->obj_exec_link);
178 drm_gem_object_unreference(&obj->base);
179 }
180 /*
181 * Objects already transfered to the vmas list will be unreferenced by
182 * eb_destroy.
183 */
184
185 return ret;
186}
187
188static struct i915_vma *eb_get_vma(struct eb_vmas *eb, unsigned long handle)
189{
190 if (eb->and < 0) {
191 if (handle >= -eb->and)
192 return NULL;
193 return eb->lut[handle];
194 } else {
195 struct hlist_head *head;
196 struct i915_vma *vma;
197
198 head = &eb->buckets[handle & eb->and];
199 hlist_for_each_entry(vma, head, exec_node) {
200 if (vma->exec_handle == handle)
201 return vma;
202 }
203 return NULL;
204 }
205}
206
207static void
208i915_gem_execbuffer_unreserve_vma(struct i915_vma *vma)
209{
210 struct drm_i915_gem_exec_object2 *entry;
211 struct drm_i915_gem_object *obj = vma->obj;
212
213 if (!drm_mm_node_allocated(&vma->node))
214 return;
215
216 entry = vma->exec_entry;
217
218 if (entry->flags & __EXEC_OBJECT_HAS_FENCE)
219 i915_gem_object_unpin_fence(obj);
220
221 if (entry->flags & __EXEC_OBJECT_HAS_PIN)
222 vma->pin_count--;
223
224 entry->flags &= ~(__EXEC_OBJECT_HAS_FENCE | __EXEC_OBJECT_HAS_PIN);
225}
226
227static void eb_destroy(struct eb_vmas *eb)
228{
229 while (!list_empty(&eb->vmas)) {
230 struct i915_vma *vma;
231
232 vma = list_first_entry(&eb->vmas,
233 struct i915_vma,
234 exec_list);
235 list_del_init(&vma->exec_list);
236 i915_gem_execbuffer_unreserve_vma(vma);
237 drm_gem_object_unreference(&vma->obj->base);
238 }
239 kfree(eb);
240}
241
242static inline int use_cpu_reloc(struct drm_i915_gem_object *obj)
243{
244 return (HAS_LLC(obj->base.dev) ||
245 obj->base.write_domain == I915_GEM_DOMAIN_CPU ||
246 obj->cache_level != I915_CACHE_NONE);
247}
248
249/* Used to convert any address to canonical form.
250 * Starting from gen8, some commands (e.g. STATE_BASE_ADDRESS,
251 * MI_LOAD_REGISTER_MEM and others, see Broadwell PRM Vol2a) require the
252 * addresses to be in a canonical form:
253 * "GraphicsAddress[63:48] are ignored by the HW and assumed to be in correct
254 * canonical form [63:48] == [47]."
255 */
256#define GEN8_HIGH_ADDRESS_BIT 47
257static inline uint64_t gen8_canonical_addr(uint64_t address)
258{
259 return sign_extend64(address, GEN8_HIGH_ADDRESS_BIT);
260}
261
262static inline uint64_t gen8_noncanonical_addr(uint64_t address)
263{
264 return address & ((1ULL << (GEN8_HIGH_ADDRESS_BIT + 1)) - 1);
265}
266
267static inline uint64_t
268relocation_target(struct drm_i915_gem_relocation_entry *reloc,
269 uint64_t target_offset)
270{
271 return gen8_canonical_addr((int)reloc->delta + target_offset);
272}
273
274static int
275relocate_entry_cpu(struct drm_i915_gem_object *obj,
276 struct drm_i915_gem_relocation_entry *reloc,
277 uint64_t target_offset)
278{
279 struct drm_device *dev = obj->base.dev;
280 uint32_t page_offset = offset_in_page(reloc->offset);
281 uint64_t delta = relocation_target(reloc, target_offset);
282 char *vaddr;
283 int ret;
284
285 ret = i915_gem_object_set_to_cpu_domain(obj, true);
286 if (ret)
287 return ret;
288
289 vaddr = kmap_atomic(i915_gem_object_get_dirty_page(obj,
290 reloc->offset >> PAGE_SHIFT));
291 *(uint32_t *)(vaddr + page_offset) = lower_32_bits(delta);
292
293 if (INTEL_INFO(dev)->gen >= 8) {
294 page_offset = offset_in_page(page_offset + sizeof(uint32_t));
295
296 if (page_offset == 0) {
297 kunmap_atomic(vaddr);
298 vaddr = kmap_atomic(i915_gem_object_get_dirty_page(obj,
299 (reloc->offset + sizeof(uint32_t)) >> PAGE_SHIFT));
300 }
301
302 *(uint32_t *)(vaddr + page_offset) = upper_32_bits(delta);
303 }
304
305 kunmap_atomic(vaddr);
306
307 return 0;
308}
309
310static int
311relocate_entry_gtt(struct drm_i915_gem_object *obj,
312 struct drm_i915_gem_relocation_entry *reloc,
313 uint64_t target_offset)
314{
315 struct drm_device *dev = obj->base.dev;
316 struct drm_i915_private *dev_priv = dev->dev_private;
317 uint64_t delta = relocation_target(reloc, target_offset);
318 uint64_t offset;
319 void __iomem *reloc_page;
320 int ret;
321
322 ret = i915_gem_object_set_to_gtt_domain(obj, true);
323 if (ret)
324 return ret;
325
326 ret = i915_gem_object_put_fence(obj);
327 if (ret)
328 return ret;
329
330 /* Map the page containing the relocation we're going to perform. */
331 offset = i915_gem_obj_ggtt_offset(obj);
332 offset += reloc->offset;
333 reloc_page = io_mapping_map_atomic_wc(dev_priv->gtt.mappable,
334 offset & PAGE_MASK);
335 iowrite32(lower_32_bits(delta), reloc_page + offset_in_page(offset));
336
337 if (INTEL_INFO(dev)->gen >= 8) {
338 offset += sizeof(uint32_t);
339
340 if (offset_in_page(offset) == 0) {
341 io_mapping_unmap_atomic(reloc_page);
342 reloc_page =
343 io_mapping_map_atomic_wc(dev_priv->gtt.mappable,
344 offset);
345 }
346
347 iowrite32(upper_32_bits(delta),
348 reloc_page + offset_in_page(offset));
349 }
350
351 io_mapping_unmap_atomic(reloc_page);
352
353 return 0;
354}
355
356static void
357clflush_write32(void *addr, uint32_t value)
358{
359 /* This is not a fast path, so KISS. */
360 drm_clflush_virt_range(addr, sizeof(uint32_t));
361 *(uint32_t *)addr = value;
362 drm_clflush_virt_range(addr, sizeof(uint32_t));
363}
364
365static int
366relocate_entry_clflush(struct drm_i915_gem_object *obj,
367 struct drm_i915_gem_relocation_entry *reloc,
368 uint64_t target_offset)
369{
370 struct drm_device *dev = obj->base.dev;
371 uint32_t page_offset = offset_in_page(reloc->offset);
372 uint64_t delta = relocation_target(reloc, target_offset);
373 char *vaddr;
374 int ret;
375
376 ret = i915_gem_object_set_to_gtt_domain(obj, true);
377 if (ret)
378 return ret;
379
380 vaddr = kmap_atomic(i915_gem_object_get_dirty_page(obj,
381 reloc->offset >> PAGE_SHIFT));
382 clflush_write32(vaddr + page_offset, lower_32_bits(delta));
383
384 if (INTEL_INFO(dev)->gen >= 8) {
385 page_offset = offset_in_page(page_offset + sizeof(uint32_t));
386
387 if (page_offset == 0) {
388 kunmap_atomic(vaddr);
389 vaddr = kmap_atomic(i915_gem_object_get_dirty_page(obj,
390 (reloc->offset + sizeof(uint32_t)) >> PAGE_SHIFT));
391 }
392
393 clflush_write32(vaddr + page_offset, upper_32_bits(delta));
394 }
395
396 kunmap_atomic(vaddr);
397
398 return 0;
399}
400
401static int
402i915_gem_execbuffer_relocate_entry(struct drm_i915_gem_object *obj,
403 struct eb_vmas *eb,
404 struct drm_i915_gem_relocation_entry *reloc)
405{
406 struct drm_device *dev = obj->base.dev;
407 struct drm_gem_object *target_obj;
408 struct drm_i915_gem_object *target_i915_obj;
409 struct i915_vma *target_vma;
410 uint64_t target_offset;
411 int ret;
412
413 /* we've already hold a reference to all valid objects */
414 target_vma = eb_get_vma(eb, reloc->target_handle);
415 if (unlikely(target_vma == NULL))
416 return -ENOENT;
417 target_i915_obj = target_vma->obj;
418 target_obj = &target_vma->obj->base;
419
420 target_offset = gen8_canonical_addr(target_vma->node.start);
421
422 /* Sandybridge PPGTT errata: We need a global gtt mapping for MI and
423 * pipe_control writes because the gpu doesn't properly redirect them
424 * through the ppgtt for non_secure batchbuffers. */
425 if (unlikely(IS_GEN6(dev) &&
426 reloc->write_domain == I915_GEM_DOMAIN_INSTRUCTION)) {
427 ret = i915_vma_bind(target_vma, target_i915_obj->cache_level,
428 PIN_GLOBAL);
429 if (WARN_ONCE(ret, "Unexpected failure to bind target VMA!"))
430 return ret;
431 }
432
433 /* Validate that the target is in a valid r/w GPU domain */
434 if (unlikely(reloc->write_domain & (reloc->write_domain - 1))) {
435 DRM_DEBUG("reloc with multiple write domains: "
436 "obj %p target %d offset %d "
437 "read %08x write %08x",
438 obj, reloc->target_handle,
439 (int) reloc->offset,
440 reloc->read_domains,
441 reloc->write_domain);
442 return -EINVAL;
443 }
444 if (unlikely((reloc->write_domain | reloc->read_domains)
445 & ~I915_GEM_GPU_DOMAINS)) {
446 DRM_DEBUG("reloc with read/write non-GPU domains: "
447 "obj %p target %d offset %d "
448 "read %08x write %08x",
449 obj, reloc->target_handle,
450 (int) reloc->offset,
451 reloc->read_domains,
452 reloc->write_domain);
453 return -EINVAL;
454 }
455
456 target_obj->pending_read_domains |= reloc->read_domains;
457 target_obj->pending_write_domain |= reloc->write_domain;
458
459 /* If the relocation already has the right value in it, no
460 * more work needs to be done.
461 */
462 if (target_offset == reloc->presumed_offset)
463 return 0;
464
465 /* Check that the relocation address is valid... */
466 if (unlikely(reloc->offset >
467 obj->base.size - (INTEL_INFO(dev)->gen >= 8 ? 8 : 4))) {
468 DRM_DEBUG("Relocation beyond object bounds: "
469 "obj %p target %d offset %d size %d.\n",
470 obj, reloc->target_handle,
471 (int) reloc->offset,
472 (int) obj->base.size);
473 return -EINVAL;
474 }
475 if (unlikely(reloc->offset & 3)) {
476 DRM_DEBUG("Relocation not 4-byte aligned: "
477 "obj %p target %d offset %d.\n",
478 obj, reloc->target_handle,
479 (int) reloc->offset);
480 return -EINVAL;
481 }
482
483 /* We can't wait for rendering with pagefaults disabled */
484 if (obj->active && pagefault_disabled())
485 return -EFAULT;
486
487 if (use_cpu_reloc(obj))
488 ret = relocate_entry_cpu(obj, reloc, target_offset);
489 else if (obj->map_and_fenceable)
490 ret = relocate_entry_gtt(obj, reloc, target_offset);
491 else if (cpu_has_clflush)
492 ret = relocate_entry_clflush(obj, reloc, target_offset);
493 else {
494 WARN_ONCE(1, "Impossible case in relocation handling\n");
495 ret = -ENODEV;
496 }
497
498 if (ret)
499 return ret;
500
501 /* and update the user's relocation entry */
502 reloc->presumed_offset = target_offset;
503
504 return 0;
505}
506
507static int
508i915_gem_execbuffer_relocate_vma(struct i915_vma *vma,
509 struct eb_vmas *eb)
510{
511#define N_RELOC(x) ((x) / sizeof(struct drm_i915_gem_relocation_entry))
512 struct drm_i915_gem_relocation_entry stack_reloc[N_RELOC(512)];
513 struct drm_i915_gem_relocation_entry __user *user_relocs;
514 struct drm_i915_gem_exec_object2 *entry = vma->exec_entry;
515 int remain, ret;
516
517 user_relocs = to_user_ptr(entry->relocs_ptr);
518
519 remain = entry->relocation_count;
520 while (remain) {
521 struct drm_i915_gem_relocation_entry *r = stack_reloc;
522 int count = remain;
523 if (count > ARRAY_SIZE(stack_reloc))
524 count = ARRAY_SIZE(stack_reloc);
525 remain -= count;
526
527 if (__copy_from_user_inatomic(r, user_relocs, count*sizeof(r[0])))
528 return -EFAULT;
529
530 do {
531 u64 offset = r->presumed_offset;
532
533 ret = i915_gem_execbuffer_relocate_entry(vma->obj, eb, r);
534 if (ret)
535 return ret;
536
537 if (r->presumed_offset != offset &&
538 __copy_to_user_inatomic(&user_relocs->presumed_offset,
539 &r->presumed_offset,
540 sizeof(r->presumed_offset))) {
541 return -EFAULT;
542 }
543
544 user_relocs++;
545 r++;
546 } while (--count);
547 }
548
549 return 0;
550#undef N_RELOC
551}
552
553static int
554i915_gem_execbuffer_relocate_vma_slow(struct i915_vma *vma,
555 struct eb_vmas *eb,
556 struct drm_i915_gem_relocation_entry *relocs)
557{
558 const struct drm_i915_gem_exec_object2 *entry = vma->exec_entry;
559 int i, ret;
560
561 for (i = 0; i < entry->relocation_count; i++) {
562 ret = i915_gem_execbuffer_relocate_entry(vma->obj, eb, &relocs[i]);
563 if (ret)
564 return ret;
565 }
566
567 return 0;
568}
569
570static int
571i915_gem_execbuffer_relocate(struct eb_vmas *eb)
572{
573 struct i915_vma *vma;
574 int ret = 0;
575
576 /* This is the fast path and we cannot handle a pagefault whilst
577 * holding the struct mutex lest the user pass in the relocations
578 * contained within a mmaped bo. For in such a case we, the page
579 * fault handler would call i915_gem_fault() and we would try to
580 * acquire the struct mutex again. Obviously this is bad and so
581 * lockdep complains vehemently.
582 */
583 pagefault_disable();
584 list_for_each_entry(vma, &eb->vmas, exec_list) {
585 ret = i915_gem_execbuffer_relocate_vma(vma, eb);
586 if (ret)
587 break;
588 }
589 pagefault_enable();
590
591 return ret;
592}
593
594static bool only_mappable_for_reloc(unsigned int flags)
595{
596 return (flags & (EXEC_OBJECT_NEEDS_FENCE | __EXEC_OBJECT_NEEDS_MAP)) ==
597 __EXEC_OBJECT_NEEDS_MAP;
598}
599
600static int
601i915_gem_execbuffer_reserve_vma(struct i915_vma *vma,
602 struct intel_engine_cs *ring,
603 bool *need_reloc)
604{
605 struct drm_i915_gem_object *obj = vma->obj;
606 struct drm_i915_gem_exec_object2 *entry = vma->exec_entry;
607 uint64_t flags;
608 int ret;
609
610 flags = PIN_USER;
611 if (entry->flags & EXEC_OBJECT_NEEDS_GTT)
612 flags |= PIN_GLOBAL;
613
614 if (!drm_mm_node_allocated(&vma->node)) {
615 /* Wa32bitGeneralStateOffset & Wa32bitInstructionBaseOffset,
616 * limit address to the first 4GBs for unflagged objects.
617 */
618 if ((entry->flags & EXEC_OBJECT_SUPPORTS_48B_ADDRESS) == 0)
619 flags |= PIN_ZONE_4G;
620 if (entry->flags & __EXEC_OBJECT_NEEDS_MAP)
621 flags |= PIN_GLOBAL | PIN_MAPPABLE;
622 if (entry->flags & __EXEC_OBJECT_NEEDS_BIAS)
623 flags |= BATCH_OFFSET_BIAS | PIN_OFFSET_BIAS;
624 if (entry->flags & EXEC_OBJECT_PINNED)
625 flags |= entry->offset | PIN_OFFSET_FIXED;
626 if ((flags & PIN_MAPPABLE) == 0)
627 flags |= PIN_HIGH;
628 }
629
630 ret = i915_gem_object_pin(obj, vma->vm, entry->alignment, flags);
631 if ((ret == -ENOSPC || ret == -E2BIG) &&
632 only_mappable_for_reloc(entry->flags))
633 ret = i915_gem_object_pin(obj, vma->vm,
634 entry->alignment,
635 flags & ~PIN_MAPPABLE);
636 if (ret)
637 return ret;
638
639 entry->flags |= __EXEC_OBJECT_HAS_PIN;
640
641 if (entry->flags & EXEC_OBJECT_NEEDS_FENCE) {
642 ret = i915_gem_object_get_fence(obj);
643 if (ret)
644 return ret;
645
646 if (i915_gem_object_pin_fence(obj))
647 entry->flags |= __EXEC_OBJECT_HAS_FENCE;
648 }
649
650 if (entry->offset != vma->node.start) {
651 entry->offset = vma->node.start;
652 *need_reloc = true;
653 }
654
655 if (entry->flags & EXEC_OBJECT_WRITE) {
656 obj->base.pending_read_domains = I915_GEM_DOMAIN_RENDER;
657 obj->base.pending_write_domain = I915_GEM_DOMAIN_RENDER;
658 }
659
660 return 0;
661}
662
663static bool
664need_reloc_mappable(struct i915_vma *vma)
665{
666 struct drm_i915_gem_exec_object2 *entry = vma->exec_entry;
667
668 if (entry->relocation_count == 0)
669 return false;
670
671 if (!vma->is_ggtt)
672 return false;
673
674 /* See also use_cpu_reloc() */
675 if (HAS_LLC(vma->obj->base.dev))
676 return false;
677
678 if (vma->obj->base.write_domain == I915_GEM_DOMAIN_CPU)
679 return false;
680
681 return true;
682}
683
684static bool
685eb_vma_misplaced(struct i915_vma *vma)
686{
687 struct drm_i915_gem_exec_object2 *entry = vma->exec_entry;
688 struct drm_i915_gem_object *obj = vma->obj;
689
690 WARN_ON(entry->flags & __EXEC_OBJECT_NEEDS_MAP && !vma->is_ggtt);
691
692 if (entry->alignment &&
693 vma->node.start & (entry->alignment - 1))
694 return true;
695
696 if (entry->flags & EXEC_OBJECT_PINNED &&
697 vma->node.start != entry->offset)
698 return true;
699
700 if (entry->flags & __EXEC_OBJECT_NEEDS_BIAS &&
701 vma->node.start < BATCH_OFFSET_BIAS)
702 return true;
703
704 /* avoid costly ping-pong once a batch bo ended up non-mappable */
705 if (entry->flags & __EXEC_OBJECT_NEEDS_MAP && !obj->map_and_fenceable)
706 return !only_mappable_for_reloc(entry->flags);
707
708 if ((entry->flags & EXEC_OBJECT_SUPPORTS_48B_ADDRESS) == 0 &&
709 (vma->node.start + vma->node.size - 1) >> 32)
710 return true;
711
712 return false;
713}
714
715static int
716i915_gem_execbuffer_reserve(struct intel_engine_cs *ring,
717 struct list_head *vmas,
718 struct intel_context *ctx,
719 bool *need_relocs)
720{
721 struct drm_i915_gem_object *obj;
722 struct i915_vma *vma;
723 struct i915_address_space *vm;
724 struct list_head ordered_vmas;
725 struct list_head pinned_vmas;
726 bool has_fenced_gpu_access = INTEL_INFO(ring->dev)->gen < 4;
727 int retry;
728
729 i915_gem_retire_requests_ring(ring);
730
731 vm = list_first_entry(vmas, struct i915_vma, exec_list)->vm;
732
733 INIT_LIST_HEAD(&ordered_vmas);
734 INIT_LIST_HEAD(&pinned_vmas);
735 while (!list_empty(vmas)) {
736 struct drm_i915_gem_exec_object2 *entry;
737 bool need_fence, need_mappable;
738
739 vma = list_first_entry(vmas, struct i915_vma, exec_list);
740 obj = vma->obj;
741 entry = vma->exec_entry;
742
743 if (ctx->flags & CONTEXT_NO_ZEROMAP)
744 entry->flags |= __EXEC_OBJECT_NEEDS_BIAS;
745
746 if (!has_fenced_gpu_access)
747 entry->flags &= ~EXEC_OBJECT_NEEDS_FENCE;
748 need_fence =
749 entry->flags & EXEC_OBJECT_NEEDS_FENCE &&
750 obj->tiling_mode != I915_TILING_NONE;
751 need_mappable = need_fence || need_reloc_mappable(vma);
752
753 if (entry->flags & EXEC_OBJECT_PINNED)
754 list_move_tail(&vma->exec_list, &pinned_vmas);
755 else if (need_mappable) {
756 entry->flags |= __EXEC_OBJECT_NEEDS_MAP;
757 list_move(&vma->exec_list, &ordered_vmas);
758 } else
759 list_move_tail(&vma->exec_list, &ordered_vmas);
760
761 obj->base.pending_read_domains = I915_GEM_GPU_DOMAINS & ~I915_GEM_DOMAIN_COMMAND;
762 obj->base.pending_write_domain = 0;
763 }
764 list_splice(&ordered_vmas, vmas);
765 list_splice(&pinned_vmas, vmas);
766
767 /* Attempt to pin all of the buffers into the GTT.
768 * This is done in 3 phases:
769 *
770 * 1a. Unbind all objects that do not match the GTT constraints for
771 * the execbuffer (fenceable, mappable, alignment etc).
772 * 1b. Increment pin count for already bound objects.
773 * 2. Bind new objects.
774 * 3. Decrement pin count.
775 *
776 * This avoid unnecessary unbinding of later objects in order to make
777 * room for the earlier objects *unless* we need to defragment.
778 */
779 retry = 0;
780 do {
781 int ret = 0;
782
783 /* Unbind any ill-fitting objects or pin. */
784 list_for_each_entry(vma, vmas, exec_list) {
785 if (!drm_mm_node_allocated(&vma->node))
786 continue;
787
788 if (eb_vma_misplaced(vma))
789 ret = i915_vma_unbind(vma);
790 else
791 ret = i915_gem_execbuffer_reserve_vma(vma, ring, need_relocs);
792 if (ret)
793 goto err;
794 }
795
796 /* Bind fresh objects */
797 list_for_each_entry(vma, vmas, exec_list) {
798 if (drm_mm_node_allocated(&vma->node))
799 continue;
800
801 ret = i915_gem_execbuffer_reserve_vma(vma, ring, need_relocs);
802 if (ret)
803 goto err;
804 }
805
806err:
807 if (ret != -ENOSPC || retry++)
808 return ret;
809
810 /* Decrement pin count for bound objects */
811 list_for_each_entry(vma, vmas, exec_list)
812 i915_gem_execbuffer_unreserve_vma(vma);
813
814 ret = i915_gem_evict_vm(vm, true);
815 if (ret)
816 return ret;
817 } while (1);
818}
819
820static int
821i915_gem_execbuffer_relocate_slow(struct drm_device *dev,
822 struct drm_i915_gem_execbuffer2 *args,
823 struct drm_file *file,
824 struct intel_engine_cs *ring,
825 struct eb_vmas *eb,
826 struct drm_i915_gem_exec_object2 *exec,
827 struct intel_context *ctx)
828{
829 struct drm_i915_gem_relocation_entry *reloc;
830 struct i915_address_space *vm;
831 struct i915_vma *vma;
832 bool need_relocs;
833 int *reloc_offset;
834 int i, total, ret;
835 unsigned count = args->buffer_count;
836
837 vm = list_first_entry(&eb->vmas, struct i915_vma, exec_list)->vm;
838
839 /* We may process another execbuffer during the unlock... */
840 while (!list_empty(&eb->vmas)) {
841 vma = list_first_entry(&eb->vmas, struct i915_vma, exec_list);
842 list_del_init(&vma->exec_list);
843 i915_gem_execbuffer_unreserve_vma(vma);
844 drm_gem_object_unreference(&vma->obj->base);
845 }
846
847 mutex_unlock(&dev->struct_mutex);
848
849 total = 0;
850 for (i = 0; i < count; i++)
851 total += exec[i].relocation_count;
852
853 reloc_offset = drm_malloc_ab(count, sizeof(*reloc_offset));
854 reloc = drm_malloc_ab(total, sizeof(*reloc));
855 if (reloc == NULL || reloc_offset == NULL) {
856 drm_free_large(reloc);
857 drm_free_large(reloc_offset);
858 mutex_lock(&dev->struct_mutex);
859 return -ENOMEM;
860 }
861
862 total = 0;
863 for (i = 0; i < count; i++) {
864 struct drm_i915_gem_relocation_entry __user *user_relocs;
865 u64 invalid_offset = (u64)-1;
866 int j;
867
868 user_relocs = to_user_ptr(exec[i].relocs_ptr);
869
870 if (copy_from_user(reloc+total, user_relocs,
871 exec[i].relocation_count * sizeof(*reloc))) {
872 ret = -EFAULT;
873 mutex_lock(&dev->struct_mutex);
874 goto err;
875 }
876
877 /* As we do not update the known relocation offsets after
878 * relocating (due to the complexities in lock handling),
879 * we need to mark them as invalid now so that we force the
880 * relocation processing next time. Just in case the target
881 * object is evicted and then rebound into its old
882 * presumed_offset before the next execbuffer - if that
883 * happened we would make the mistake of assuming that the
884 * relocations were valid.
885 */
886 for (j = 0; j < exec[i].relocation_count; j++) {
887 if (__copy_to_user(&user_relocs[j].presumed_offset,
888 &invalid_offset,
889 sizeof(invalid_offset))) {
890 ret = -EFAULT;
891 mutex_lock(&dev->struct_mutex);
892 goto err;
893 }
894 }
895
896 reloc_offset[i] = total;
897 total += exec[i].relocation_count;
898 }
899
900 ret = i915_mutex_lock_interruptible(dev);
901 if (ret) {
902 mutex_lock(&dev->struct_mutex);
903 goto err;
904 }
905
906 /* reacquire the objects */
907 eb_reset(eb);
908 ret = eb_lookup_vmas(eb, exec, args, vm, file);
909 if (ret)
910 goto err;
911
912 need_relocs = (args->flags & I915_EXEC_NO_RELOC) == 0;
913 ret = i915_gem_execbuffer_reserve(ring, &eb->vmas, ctx, &need_relocs);
914 if (ret)
915 goto err;
916
917 list_for_each_entry(vma, &eb->vmas, exec_list) {
918 int offset = vma->exec_entry - exec;
919 ret = i915_gem_execbuffer_relocate_vma_slow(vma, eb,
920 reloc + reloc_offset[offset]);
921 if (ret)
922 goto err;
923 }
924
925 /* Leave the user relocations as are, this is the painfully slow path,
926 * and we want to avoid the complication of dropping the lock whilst
927 * having buffers reserved in the aperture and so causing spurious
928 * ENOSPC for random operations.
929 */
930
931err:
932 drm_free_large(reloc);
933 drm_free_large(reloc_offset);
934 return ret;
935}
936
937static int
938i915_gem_execbuffer_move_to_gpu(struct drm_i915_gem_request *req,
939 struct list_head *vmas)
940{
941 const unsigned other_rings = ~intel_ring_flag(req->ring);
942 struct i915_vma *vma;
943 uint32_t flush_domains = 0;
944 bool flush_chipset = false;
945 int ret;
946
947 list_for_each_entry(vma, vmas, exec_list) {
948 struct drm_i915_gem_object *obj = vma->obj;
949
950 if (obj->active & other_rings) {
951 ret = i915_gem_object_sync(obj, req->ring, &req);
952 if (ret)
953 return ret;
954 }
955
956 if (obj->base.write_domain & I915_GEM_DOMAIN_CPU)
957 flush_chipset |= i915_gem_clflush_object(obj, false);
958
959 flush_domains |= obj->base.write_domain;
960 }
961
962 if (flush_chipset)
963 i915_gem_chipset_flush(req->ring->dev);
964
965 if (flush_domains & I915_GEM_DOMAIN_GTT)
966 wmb();
967
968 /* Unconditionally invalidate gpu caches and ensure that we do flush
969 * any residual writes from the previous batch.
970 */
971 return intel_ring_invalidate_all_caches(req);
972}
973
974static bool
975i915_gem_check_execbuffer(struct drm_i915_gem_execbuffer2 *exec)
976{
977 if (exec->flags & __I915_EXEC_UNKNOWN_FLAGS)
978 return false;
979
980 /* Kernel clipping was a DRI1 misfeature */
981 if (exec->num_cliprects || exec->cliprects_ptr)
982 return false;
983
984 if (exec->DR4 == 0xffffffff) {
985 DRM_DEBUG("UXA submitting garbage DR4, fixing up\n");
986 exec->DR4 = 0;
987 }
988 if (exec->DR1 || exec->DR4)
989 return false;
990
991 if ((exec->batch_start_offset | exec->batch_len) & 0x7)
992 return false;
993
994 return true;
995}
996
997static int
998validate_exec_list(struct drm_device *dev,
999 struct drm_i915_gem_exec_object2 *exec,
1000 int count)
1001{
1002 unsigned relocs_total = 0;
1003 unsigned relocs_max = UINT_MAX / sizeof(struct drm_i915_gem_relocation_entry);
1004 unsigned invalid_flags;
1005 int i;
1006
1007 invalid_flags = __EXEC_OBJECT_UNKNOWN_FLAGS;
1008 if (USES_FULL_PPGTT(dev))
1009 invalid_flags |= EXEC_OBJECT_NEEDS_GTT;
1010
1011 for (i = 0; i < count; i++) {
1012 char __user *ptr = to_user_ptr(exec[i].relocs_ptr);
1013 int length; /* limited by fault_in_pages_readable() */
1014
1015 if (exec[i].flags & invalid_flags)
1016 return -EINVAL;
1017
1018 /* Offset can be used as input (EXEC_OBJECT_PINNED), reject
1019 * any non-page-aligned or non-canonical addresses.
1020 */
1021 if (exec[i].flags & EXEC_OBJECT_PINNED) {
1022 if (exec[i].offset !=
1023 gen8_canonical_addr(exec[i].offset & PAGE_MASK))
1024 return -EINVAL;
1025
1026 /* From drm_mm perspective address space is continuous,
1027 * so from this point we're always using non-canonical
1028 * form internally.
1029 */
1030 exec[i].offset = gen8_noncanonical_addr(exec[i].offset);
1031 }
1032
1033 if (exec[i].alignment && !is_power_of_2(exec[i].alignment))
1034 return -EINVAL;
1035
1036 /* First check for malicious input causing overflow in
1037 * the worst case where we need to allocate the entire
1038 * relocation tree as a single array.
1039 */
1040 if (exec[i].relocation_count > relocs_max - relocs_total)
1041 return -EINVAL;
1042 relocs_total += exec[i].relocation_count;
1043
1044 length = exec[i].relocation_count *
1045 sizeof(struct drm_i915_gem_relocation_entry);
1046 /*
1047 * We must check that the entire relocation array is safe
1048 * to read, but since we may need to update the presumed
1049 * offsets during execution, check for full write access.
1050 */
1051 if (!access_ok(VERIFY_WRITE, ptr, length))
1052 return -EFAULT;
1053
1054 if (likely(!i915.prefault_disable)) {
1055 if (fault_in_multipages_readable(ptr, length))
1056 return -EFAULT;
1057 }
1058 }
1059
1060 return 0;
1061}
1062
1063static struct intel_context *
1064i915_gem_validate_context(struct drm_device *dev, struct drm_file *file,
1065 struct intel_engine_cs *ring, const u32 ctx_id)
1066{
1067 struct intel_context *ctx = NULL;
1068 struct i915_ctx_hang_stats *hs;
1069
1070 if (ring->id != RCS && ctx_id != DEFAULT_CONTEXT_HANDLE)
1071 return ERR_PTR(-EINVAL);
1072
1073 ctx = i915_gem_context_get(file->driver_priv, ctx_id);
1074 if (IS_ERR(ctx))
1075 return ctx;
1076
1077 hs = &ctx->hang_stats;
1078 if (hs->banned) {
1079 DRM_DEBUG("Context %u tried to submit while banned\n", ctx_id);
1080 return ERR_PTR(-EIO);
1081 }
1082
1083 if (i915.enable_execlists && !ctx->engine[ring->id].state) {
1084 int ret = intel_lr_context_deferred_alloc(ctx, ring);
1085 if (ret) {
1086 DRM_DEBUG("Could not create LRC %u: %d\n", ctx_id, ret);
1087 return ERR_PTR(ret);
1088 }
1089 }
1090
1091 return ctx;
1092}
1093
1094void
1095i915_gem_execbuffer_move_to_active(struct list_head *vmas,
1096 struct drm_i915_gem_request *req)
1097{
1098 struct intel_engine_cs *ring = i915_gem_request_get_ring(req);
1099 struct i915_vma *vma;
1100
1101 list_for_each_entry(vma, vmas, exec_list) {
1102 struct drm_i915_gem_exec_object2 *entry = vma->exec_entry;
1103 struct drm_i915_gem_object *obj = vma->obj;
1104 u32 old_read = obj->base.read_domains;
1105 u32 old_write = obj->base.write_domain;
1106
1107 obj->dirty = 1; /* be paranoid */
1108 obj->base.write_domain = obj->base.pending_write_domain;
1109 if (obj->base.write_domain == 0)
1110 obj->base.pending_read_domains |= obj->base.read_domains;
1111 obj->base.read_domains = obj->base.pending_read_domains;
1112
1113 i915_vma_move_to_active(vma, req);
1114 if (obj->base.write_domain) {
1115 i915_gem_request_assign(&obj->last_write_req, req);
1116
1117 intel_fb_obj_invalidate(obj, ORIGIN_CS);
1118
1119 /* update for the implicit flush after a batch */
1120 obj->base.write_domain &= ~I915_GEM_GPU_DOMAINS;
1121 }
1122 if (entry->flags & EXEC_OBJECT_NEEDS_FENCE) {
1123 i915_gem_request_assign(&obj->last_fenced_req, req);
1124 if (entry->flags & __EXEC_OBJECT_HAS_FENCE) {
1125 struct drm_i915_private *dev_priv = to_i915(ring->dev);
1126 list_move_tail(&dev_priv->fence_regs[obj->fence_reg].lru_list,
1127 &dev_priv->mm.fence_list);
1128 }
1129 }
1130
1131 trace_i915_gem_object_change_domain(obj, old_read, old_write);
1132 }
1133}
1134
1135void
1136i915_gem_execbuffer_retire_commands(struct i915_execbuffer_params *params)
1137{
1138 /* Unconditionally force add_request to emit a full flush. */
1139 params->ring->gpu_caches_dirty = true;
1140
1141 /* Add a breadcrumb for the completion of the batch buffer */
1142 __i915_add_request(params->request, params->batch_obj, true);
1143}
1144
1145static int
1146i915_reset_gen7_sol_offsets(struct drm_device *dev,
1147 struct drm_i915_gem_request *req)
1148{
1149 struct intel_engine_cs *ring = req->ring;
1150 struct drm_i915_private *dev_priv = dev->dev_private;
1151 int ret, i;
1152
1153 if (!IS_GEN7(dev) || ring != &dev_priv->ring[RCS]) {
1154 DRM_DEBUG("sol reset is gen7/rcs only\n");
1155 return -EINVAL;
1156 }
1157
1158 ret = intel_ring_begin(req, 4 * 3);
1159 if (ret)
1160 return ret;
1161
1162 for (i = 0; i < 4; i++) {
1163 intel_ring_emit(ring, MI_LOAD_REGISTER_IMM(1));
1164 intel_ring_emit_reg(ring, GEN7_SO_WRITE_OFFSET(i));
1165 intel_ring_emit(ring, 0);
1166 }
1167
1168 intel_ring_advance(ring);
1169
1170 return 0;
1171}
1172
1173static struct drm_i915_gem_object*
1174i915_gem_execbuffer_parse(struct intel_engine_cs *ring,
1175 struct drm_i915_gem_exec_object2 *shadow_exec_entry,
1176 struct eb_vmas *eb,
1177 struct drm_i915_gem_object *batch_obj,
1178 u32 batch_start_offset,
1179 u32 batch_len,
1180 bool is_master)
1181{
1182 struct drm_i915_gem_object *shadow_batch_obj;
1183 struct i915_vma *vma;
1184 int ret;
1185
1186 shadow_batch_obj = i915_gem_batch_pool_get(&ring->batch_pool,
1187 PAGE_ALIGN(batch_len));
1188 if (IS_ERR(shadow_batch_obj))
1189 return shadow_batch_obj;
1190
1191 ret = i915_parse_cmds(ring,
1192 batch_obj,
1193 shadow_batch_obj,
1194 batch_start_offset,
1195 batch_len,
1196 is_master);
1197 if (ret)
1198 goto err;
1199
1200 ret = i915_gem_obj_ggtt_pin(shadow_batch_obj, 0, 0);
1201 if (ret)
1202 goto err;
1203
1204 i915_gem_object_unpin_pages(shadow_batch_obj);
1205
1206 memset(shadow_exec_entry, 0, sizeof(*shadow_exec_entry));
1207
1208 vma = i915_gem_obj_to_ggtt(shadow_batch_obj);
1209 vma->exec_entry = shadow_exec_entry;
1210 vma->exec_entry->flags = __EXEC_OBJECT_HAS_PIN;
1211 drm_gem_object_reference(&shadow_batch_obj->base);
1212 list_add_tail(&vma->exec_list, &eb->vmas);
1213
1214 shadow_batch_obj->base.pending_read_domains = I915_GEM_DOMAIN_COMMAND;
1215
1216 return shadow_batch_obj;
1217
1218err:
1219 i915_gem_object_unpin_pages(shadow_batch_obj);
1220 if (ret == -EACCES) /* unhandled chained batch */
1221 return batch_obj;
1222 else
1223 return ERR_PTR(ret);
1224}
1225
1226int
1227i915_gem_ringbuffer_submission(struct i915_execbuffer_params *params,
1228 struct drm_i915_gem_execbuffer2 *args,
1229 struct list_head *vmas)
1230{
1231 struct drm_device *dev = params->dev;
1232 struct intel_engine_cs *ring = params->ring;
1233 struct drm_i915_private *dev_priv = dev->dev_private;
1234 u64 exec_start, exec_len;
1235 int instp_mode;
1236 u32 instp_mask;
1237 int ret;
1238
1239 ret = i915_gem_execbuffer_move_to_gpu(params->request, vmas);
1240 if (ret)
1241 return ret;
1242
1243 ret = i915_switch_context(params->request);
1244 if (ret)
1245 return ret;
1246
1247 WARN(params->ctx->ppgtt && params->ctx->ppgtt->pd_dirty_rings & (1<<ring->id),
1248 "%s didn't clear reload\n", ring->name);
1249
1250 instp_mode = args->flags & I915_EXEC_CONSTANTS_MASK;
1251 instp_mask = I915_EXEC_CONSTANTS_MASK;
1252 switch (instp_mode) {
1253 case I915_EXEC_CONSTANTS_REL_GENERAL:
1254 case I915_EXEC_CONSTANTS_ABSOLUTE:
1255 case I915_EXEC_CONSTANTS_REL_SURFACE:
1256 if (instp_mode != 0 && ring != &dev_priv->ring[RCS]) {
1257 DRM_DEBUG("non-0 rel constants mode on non-RCS\n");
1258 return -EINVAL;
1259 }
1260
1261 if (instp_mode != dev_priv->relative_constants_mode) {
1262 if (INTEL_INFO(dev)->gen < 4) {
1263 DRM_DEBUG("no rel constants on pre-gen4\n");
1264 return -EINVAL;
1265 }
1266
1267 if (INTEL_INFO(dev)->gen > 5 &&
1268 instp_mode == I915_EXEC_CONSTANTS_REL_SURFACE) {
1269 DRM_DEBUG("rel surface constants mode invalid on gen5+\n");
1270 return -EINVAL;
1271 }
1272
1273 /* The HW changed the meaning on this bit on gen6 */
1274 if (INTEL_INFO(dev)->gen >= 6)
1275 instp_mask &= ~I915_EXEC_CONSTANTS_REL_SURFACE;
1276 }
1277 break;
1278 default:
1279 DRM_DEBUG("execbuf with unknown constants: %d\n", instp_mode);
1280 return -EINVAL;
1281 }
1282
1283 if (ring == &dev_priv->ring[RCS] &&
1284 instp_mode != dev_priv->relative_constants_mode) {
1285 ret = intel_ring_begin(params->request, 4);
1286 if (ret)
1287 return ret;
1288
1289 intel_ring_emit(ring, MI_NOOP);
1290 intel_ring_emit(ring, MI_LOAD_REGISTER_IMM(1));
1291 intel_ring_emit_reg(ring, INSTPM);
1292 intel_ring_emit(ring, instp_mask << 16 | instp_mode);
1293 intel_ring_advance(ring);
1294
1295 dev_priv->relative_constants_mode = instp_mode;
1296 }
1297
1298 if (args->flags & I915_EXEC_GEN7_SOL_RESET) {
1299 ret = i915_reset_gen7_sol_offsets(dev, params->request);
1300 if (ret)
1301 return ret;
1302 }
1303
1304 exec_len = args->batch_len;
1305 exec_start = params->batch_obj_vm_offset +
1306 params->args_batch_start_offset;
1307
1308 if (exec_len == 0)
1309 exec_len = params->batch_obj->base.size;
1310
1311 ret = ring->dispatch_execbuffer(params->request,
1312 exec_start, exec_len,
1313 params->dispatch_flags);
1314 if (ret)
1315 return ret;
1316
1317 trace_i915_gem_ring_dispatch(params->request, params->dispatch_flags);
1318
1319 i915_gem_execbuffer_move_to_active(vmas, params->request);
1320 i915_gem_execbuffer_retire_commands(params);
1321
1322 return 0;
1323}
1324
1325/**
1326 * Find one BSD ring to dispatch the corresponding BSD command.
1327 * The ring index is returned.
1328 */
1329static unsigned int
1330gen8_dispatch_bsd_ring(struct drm_i915_private *dev_priv, struct drm_file *file)
1331{
1332 struct drm_i915_file_private *file_priv = file->driver_priv;
1333
1334 /* Check whether the file_priv has already selected one ring. */
1335 if ((int)file_priv->bsd_ring < 0) {
1336 /* If not, use the ping-pong mechanism to select one. */
1337 mutex_lock(&dev_priv->dev->struct_mutex);
1338 file_priv->bsd_ring = dev_priv->mm.bsd_ring_dispatch_index;
1339 dev_priv->mm.bsd_ring_dispatch_index ^= 1;
1340 mutex_unlock(&dev_priv->dev->struct_mutex);
1341 }
1342
1343 return file_priv->bsd_ring;
1344}
1345
1346static struct drm_i915_gem_object *
1347eb_get_batch(struct eb_vmas *eb)
1348{
1349 struct i915_vma *vma = list_entry(eb->vmas.prev, typeof(*vma), exec_list);
1350
1351 /*
1352 * SNA is doing fancy tricks with compressing batch buffers, which leads
1353 * to negative relocation deltas. Usually that works out ok since the
1354 * relocate address is still positive, except when the batch is placed
1355 * very low in the GTT. Ensure this doesn't happen.
1356 *
1357 * Note that actual hangs have only been observed on gen7, but for
1358 * paranoia do it everywhere.
1359 */
1360 if ((vma->exec_entry->flags & EXEC_OBJECT_PINNED) == 0)
1361 vma->exec_entry->flags |= __EXEC_OBJECT_NEEDS_BIAS;
1362
1363 return vma->obj;
1364}
1365
1366#define I915_USER_RINGS (4)
1367
1368static const enum intel_ring_id user_ring_map[I915_USER_RINGS + 1] = {
1369 [I915_EXEC_DEFAULT] = RCS,
1370 [I915_EXEC_RENDER] = RCS,
1371 [I915_EXEC_BLT] = BCS,
1372 [I915_EXEC_BSD] = VCS,
1373 [I915_EXEC_VEBOX] = VECS
1374};
1375
1376static int
1377eb_select_ring(struct drm_i915_private *dev_priv,
1378 struct drm_file *file,
1379 struct drm_i915_gem_execbuffer2 *args,
1380 struct intel_engine_cs **ring)
1381{
1382 unsigned int user_ring_id = args->flags & I915_EXEC_RING_MASK;
1383
1384 if (user_ring_id > I915_USER_RINGS) {
1385 DRM_DEBUG("execbuf with unknown ring: %u\n", user_ring_id);
1386 return -EINVAL;
1387 }
1388
1389 if ((user_ring_id != I915_EXEC_BSD) &&
1390 ((args->flags & I915_EXEC_BSD_MASK) != 0)) {
1391 DRM_DEBUG("execbuf with non bsd ring but with invalid "
1392 "bsd dispatch flags: %d\n", (int)(args->flags));
1393 return -EINVAL;
1394 }
1395
1396 if (user_ring_id == I915_EXEC_BSD && HAS_BSD2(dev_priv)) {
1397 unsigned int bsd_idx = args->flags & I915_EXEC_BSD_MASK;
1398
1399 if (bsd_idx == I915_EXEC_BSD_DEFAULT) {
1400 bsd_idx = gen8_dispatch_bsd_ring(dev_priv, file);
1401 } else if (bsd_idx >= I915_EXEC_BSD_RING1 &&
1402 bsd_idx <= I915_EXEC_BSD_RING2) {
1403 bsd_idx >>= I915_EXEC_BSD_SHIFT;
1404 bsd_idx--;
1405 } else {
1406 DRM_DEBUG("execbuf with unknown bsd ring: %u\n",
1407 bsd_idx);
1408 return -EINVAL;
1409 }
1410
1411 *ring = &dev_priv->ring[_VCS(bsd_idx)];
1412 } else {
1413 *ring = &dev_priv->ring[user_ring_map[user_ring_id]];
1414 }
1415
1416 if (!intel_ring_initialized(*ring)) {
1417 DRM_DEBUG("execbuf with invalid ring: %u\n", user_ring_id);
1418 return -EINVAL;
1419 }
1420
1421 return 0;
1422}
1423
1424static int
1425i915_gem_do_execbuffer(struct drm_device *dev, void *data,
1426 struct drm_file *file,
1427 struct drm_i915_gem_execbuffer2 *args,
1428 struct drm_i915_gem_exec_object2 *exec)
1429{
1430 struct drm_i915_private *dev_priv = dev->dev_private;
1431 struct drm_i915_gem_request *req = NULL;
1432 struct eb_vmas *eb;
1433 struct drm_i915_gem_object *batch_obj;
1434 struct drm_i915_gem_exec_object2 shadow_exec_entry;
1435 struct intel_engine_cs *ring;
1436 struct intel_context *ctx;
1437 struct i915_address_space *vm;
1438 struct i915_execbuffer_params params_master; /* XXX: will be removed later */
1439 struct i915_execbuffer_params *params = ¶ms_master;
1440 const u32 ctx_id = i915_execbuffer2_get_context_id(*args);
1441 u32 dispatch_flags;
1442 int ret;
1443 bool need_relocs;
1444
1445 if (!i915_gem_check_execbuffer(args))
1446 return -EINVAL;
1447
1448 ret = validate_exec_list(dev, exec, args->buffer_count);
1449 if (ret)
1450 return ret;
1451
1452 dispatch_flags = 0;
1453 if (args->flags & I915_EXEC_SECURE) {
1454 if (!file->is_master || !capable(CAP_SYS_ADMIN))
1455 return -EPERM;
1456
1457 dispatch_flags |= I915_DISPATCH_SECURE;
1458 }
1459 if (args->flags & I915_EXEC_IS_PINNED)
1460 dispatch_flags |= I915_DISPATCH_PINNED;
1461
1462 ret = eb_select_ring(dev_priv, file, args, &ring);
1463 if (ret)
1464 return ret;
1465
1466 if (args->buffer_count < 1) {
1467 DRM_DEBUG("execbuf with %d buffers\n", args->buffer_count);
1468 return -EINVAL;
1469 }
1470
1471 if (args->flags & I915_EXEC_RESOURCE_STREAMER) {
1472 if (!HAS_RESOURCE_STREAMER(dev)) {
1473 DRM_DEBUG("RS is only allowed for Haswell, Gen8 and above\n");
1474 return -EINVAL;
1475 }
1476 if (ring->id != RCS) {
1477 DRM_DEBUG("RS is not available on %s\n",
1478 ring->name);
1479 return -EINVAL;
1480 }
1481
1482 dispatch_flags |= I915_DISPATCH_RS;
1483 }
1484
1485 intel_runtime_pm_get(dev_priv);
1486
1487 ret = i915_mutex_lock_interruptible(dev);
1488 if (ret)
1489 goto pre_mutex_err;
1490
1491 ctx = i915_gem_validate_context(dev, file, ring, ctx_id);
1492 if (IS_ERR(ctx)) {
1493 mutex_unlock(&dev->struct_mutex);
1494 ret = PTR_ERR(ctx);
1495 goto pre_mutex_err;
1496 }
1497
1498 i915_gem_context_reference(ctx);
1499
1500 if (ctx->ppgtt)
1501 vm = &ctx->ppgtt->base;
1502 else
1503 vm = &dev_priv->gtt.base;
1504
1505 memset(¶ms_master, 0x00, sizeof(params_master));
1506
1507 eb = eb_create(args);
1508 if (eb == NULL) {
1509 i915_gem_context_unreference(ctx);
1510 mutex_unlock(&dev->struct_mutex);
1511 ret = -ENOMEM;
1512 goto pre_mutex_err;
1513 }
1514
1515 /* Look up object handles */
1516 ret = eb_lookup_vmas(eb, exec, args, vm, file);
1517 if (ret)
1518 goto err;
1519
1520 /* take note of the batch buffer before we might reorder the lists */
1521 batch_obj = eb_get_batch(eb);
1522
1523 /* Move the objects en-masse into the GTT, evicting if necessary. */
1524 need_relocs = (args->flags & I915_EXEC_NO_RELOC) == 0;
1525 ret = i915_gem_execbuffer_reserve(ring, &eb->vmas, ctx, &need_relocs);
1526 if (ret)
1527 goto err;
1528
1529 /* The objects are in their final locations, apply the relocations. */
1530 if (need_relocs)
1531 ret = i915_gem_execbuffer_relocate(eb);
1532 if (ret) {
1533 if (ret == -EFAULT) {
1534 ret = i915_gem_execbuffer_relocate_slow(dev, args, file, ring,
1535 eb, exec, ctx);
1536 BUG_ON(!mutex_is_locked(&dev->struct_mutex));
1537 }
1538 if (ret)
1539 goto err;
1540 }
1541
1542 /* Set the pending read domains for the batch buffer to COMMAND */
1543 if (batch_obj->base.pending_write_domain) {
1544 DRM_DEBUG("Attempting to use self-modifying batch buffer\n");
1545 ret = -EINVAL;
1546 goto err;
1547 }
1548
1549 params->args_batch_start_offset = args->batch_start_offset;
1550 if (i915_needs_cmd_parser(ring) && args->batch_len) {
1551 struct drm_i915_gem_object *parsed_batch_obj;
1552
1553 parsed_batch_obj = i915_gem_execbuffer_parse(ring,
1554 &shadow_exec_entry,
1555 eb,
1556 batch_obj,
1557 args->batch_start_offset,
1558 args->batch_len,
1559 file->is_master);
1560 if (IS_ERR(parsed_batch_obj)) {
1561 ret = PTR_ERR(parsed_batch_obj);
1562 goto err;
1563 }
1564
1565 /*
1566 * parsed_batch_obj == batch_obj means batch not fully parsed:
1567 * Accept, but don't promote to secure.
1568 */
1569
1570 if (parsed_batch_obj != batch_obj) {
1571 /*
1572 * Batch parsed and accepted:
1573 *
1574 * Set the DISPATCH_SECURE bit to remove the NON_SECURE
1575 * bit from MI_BATCH_BUFFER_START commands issued in
1576 * the dispatch_execbuffer implementations. We
1577 * specifically don't want that set on batches the
1578 * command parser has accepted.
1579 */
1580 dispatch_flags |= I915_DISPATCH_SECURE;
1581 params->args_batch_start_offset = 0;
1582 batch_obj = parsed_batch_obj;
1583 }
1584 }
1585
1586 batch_obj->base.pending_read_domains |= I915_GEM_DOMAIN_COMMAND;
1587
1588 /* snb/ivb/vlv conflate the "batch in ppgtt" bit with the "non-secure
1589 * batch" bit. Hence we need to pin secure batches into the global gtt.
1590 * hsw should have this fixed, but bdw mucks it up again. */
1591 if (dispatch_flags & I915_DISPATCH_SECURE) {
1592 /*
1593 * So on first glance it looks freaky that we pin the batch here
1594 * outside of the reservation loop. But:
1595 * - The batch is already pinned into the relevant ppgtt, so we
1596 * already have the backing storage fully allocated.
1597 * - No other BO uses the global gtt (well contexts, but meh),
1598 * so we don't really have issues with multiple objects not
1599 * fitting due to fragmentation.
1600 * So this is actually safe.
1601 */
1602 ret = i915_gem_obj_ggtt_pin(batch_obj, 0, 0);
1603 if (ret)
1604 goto err;
1605
1606 params->batch_obj_vm_offset = i915_gem_obj_ggtt_offset(batch_obj);
1607 } else
1608 params->batch_obj_vm_offset = i915_gem_obj_offset(batch_obj, vm);
1609
1610 /* Allocate a request for this batch buffer nice and early. */
1611 req = i915_gem_request_alloc(ring, ctx);
1612 if (IS_ERR(req)) {
1613 ret = PTR_ERR(req);
1614 goto err_batch_unpin;
1615 }
1616
1617 ret = i915_gem_request_add_to_client(req, file);
1618 if (ret)
1619 goto err_batch_unpin;
1620
1621 /*
1622 * Save assorted stuff away to pass through to *_submission().
1623 * NB: This data should be 'persistent' and not local as it will
1624 * kept around beyond the duration of the IOCTL once the GPU
1625 * scheduler arrives.
1626 */
1627 params->dev = dev;
1628 params->file = file;
1629 params->ring = ring;
1630 params->dispatch_flags = dispatch_flags;
1631 params->batch_obj = batch_obj;
1632 params->ctx = ctx;
1633 params->request = req;
1634
1635 ret = dev_priv->gt.execbuf_submit(params, args, &eb->vmas);
1636
1637err_batch_unpin:
1638 /*
1639 * FIXME: We crucially rely upon the active tracking for the (ppgtt)
1640 * batch vma for correctness. For less ugly and less fragility this
1641 * needs to be adjusted to also track the ggtt batch vma properly as
1642 * active.
1643 */
1644 if (dispatch_flags & I915_DISPATCH_SECURE)
1645 i915_gem_object_ggtt_unpin(batch_obj);
1646
1647err:
1648 /* the request owns the ref now */
1649 i915_gem_context_unreference(ctx);
1650 eb_destroy(eb);
1651
1652 /*
1653 * If the request was created but not successfully submitted then it
1654 * must be freed again. If it was submitted then it is being tracked
1655 * on the active request list and no clean up is required here.
1656 */
1657 if (ret && !IS_ERR_OR_NULL(req))
1658 i915_gem_request_cancel(req);
1659
1660 mutex_unlock(&dev->struct_mutex);
1661
1662pre_mutex_err:
1663 /* intel_gpu_busy should also get a ref, so it will free when the device
1664 * is really idle. */
1665 intel_runtime_pm_put(dev_priv);
1666 return ret;
1667}
1668
1669/*
1670 * Legacy execbuffer just creates an exec2 list from the original exec object
1671 * list array and passes it to the real function.
1672 */
1673int
1674i915_gem_execbuffer(struct drm_device *dev, void *data,
1675 struct drm_file *file)
1676{
1677 struct drm_i915_gem_execbuffer *args = data;
1678 struct drm_i915_gem_execbuffer2 exec2;
1679 struct drm_i915_gem_exec_object *exec_list = NULL;
1680 struct drm_i915_gem_exec_object2 *exec2_list = NULL;
1681 int ret, i;
1682
1683 if (args->buffer_count < 1) {
1684 DRM_DEBUG("execbuf with %d buffers\n", args->buffer_count);
1685 return -EINVAL;
1686 }
1687
1688 /* Copy in the exec list from userland */
1689 exec_list = drm_malloc_ab(sizeof(*exec_list), args->buffer_count);
1690 exec2_list = drm_malloc_ab(sizeof(*exec2_list), args->buffer_count);
1691 if (exec_list == NULL || exec2_list == NULL) {
1692 DRM_DEBUG("Failed to allocate exec list for %d buffers\n",
1693 args->buffer_count);
1694 drm_free_large(exec_list);
1695 drm_free_large(exec2_list);
1696 return -ENOMEM;
1697 }
1698 ret = copy_from_user(exec_list,
1699 to_user_ptr(args->buffers_ptr),
1700 sizeof(*exec_list) * args->buffer_count);
1701 if (ret != 0) {
1702 DRM_DEBUG("copy %d exec entries failed %d\n",
1703 args->buffer_count, ret);
1704 drm_free_large(exec_list);
1705 drm_free_large(exec2_list);
1706 return -EFAULT;
1707 }
1708
1709 for (i = 0; i < args->buffer_count; i++) {
1710 exec2_list[i].handle = exec_list[i].handle;
1711 exec2_list[i].relocation_count = exec_list[i].relocation_count;
1712 exec2_list[i].relocs_ptr = exec_list[i].relocs_ptr;
1713 exec2_list[i].alignment = exec_list[i].alignment;
1714 exec2_list[i].offset = exec_list[i].offset;
1715 if (INTEL_INFO(dev)->gen < 4)
1716 exec2_list[i].flags = EXEC_OBJECT_NEEDS_FENCE;
1717 else
1718 exec2_list[i].flags = 0;
1719 }
1720
1721 exec2.buffers_ptr = args->buffers_ptr;
1722 exec2.buffer_count = args->buffer_count;
1723 exec2.batch_start_offset = args->batch_start_offset;
1724 exec2.batch_len = args->batch_len;
1725 exec2.DR1 = args->DR1;
1726 exec2.DR4 = args->DR4;
1727 exec2.num_cliprects = args->num_cliprects;
1728 exec2.cliprects_ptr = args->cliprects_ptr;
1729 exec2.flags = I915_EXEC_RENDER;
1730 i915_execbuffer2_set_context_id(exec2, 0);
1731
1732 ret = i915_gem_do_execbuffer(dev, data, file, &exec2, exec2_list);
1733 if (!ret) {
1734 struct drm_i915_gem_exec_object __user *user_exec_list =
1735 to_user_ptr(args->buffers_ptr);
1736
1737 /* Copy the new buffer offsets back to the user's exec list. */
1738 for (i = 0; i < args->buffer_count; i++) {
1739 exec2_list[i].offset =
1740 gen8_canonical_addr(exec2_list[i].offset);
1741 ret = __copy_to_user(&user_exec_list[i].offset,
1742 &exec2_list[i].offset,
1743 sizeof(user_exec_list[i].offset));
1744 if (ret) {
1745 ret = -EFAULT;
1746 DRM_DEBUG("failed to copy %d exec entries "
1747 "back to user (%d)\n",
1748 args->buffer_count, ret);
1749 break;
1750 }
1751 }
1752 }
1753
1754 drm_free_large(exec_list);
1755 drm_free_large(exec2_list);
1756 return ret;
1757}
1758
1759int
1760i915_gem_execbuffer2(struct drm_device *dev, void *data,
1761 struct drm_file *file)
1762{
1763 struct drm_i915_gem_execbuffer2 *args = data;
1764 struct drm_i915_gem_exec_object2 *exec2_list = NULL;
1765 int ret;
1766
1767 if (args->buffer_count < 1 ||
1768 args->buffer_count > UINT_MAX / sizeof(*exec2_list)) {
1769 DRM_DEBUG("execbuf2 with %d buffers\n", args->buffer_count);
1770 return -EINVAL;
1771 }
1772
1773 if (args->rsvd2 != 0) {
1774 DRM_DEBUG("dirty rvsd2 field\n");
1775 return -EINVAL;
1776 }
1777
1778 exec2_list = kmalloc(sizeof(*exec2_list)*args->buffer_count,
1779 GFP_TEMPORARY | __GFP_NOWARN | __GFP_NORETRY);
1780 if (exec2_list == NULL)
1781 exec2_list = drm_malloc_ab(sizeof(*exec2_list),
1782 args->buffer_count);
1783 if (exec2_list == NULL) {
1784 DRM_DEBUG("Failed to allocate exec list for %d buffers\n",
1785 args->buffer_count);
1786 return -ENOMEM;
1787 }
1788 ret = copy_from_user(exec2_list,
1789 to_user_ptr(args->buffers_ptr),
1790 sizeof(*exec2_list) * args->buffer_count);
1791 if (ret != 0) {
1792 DRM_DEBUG("copy %d exec entries failed %d\n",
1793 args->buffer_count, ret);
1794 drm_free_large(exec2_list);
1795 return -EFAULT;
1796 }
1797
1798 ret = i915_gem_do_execbuffer(dev, data, file, args, exec2_list);
1799 if (!ret) {
1800 /* Copy the new buffer offsets back to the user's exec list. */
1801 struct drm_i915_gem_exec_object2 __user *user_exec_list =
1802 to_user_ptr(args->buffers_ptr);
1803 int i;
1804
1805 for (i = 0; i < args->buffer_count; i++) {
1806 exec2_list[i].offset =
1807 gen8_canonical_addr(exec2_list[i].offset);
1808 ret = __copy_to_user(&user_exec_list[i].offset,
1809 &exec2_list[i].offset,
1810 sizeof(user_exec_list[i].offset));
1811 if (ret) {
1812 ret = -EFAULT;
1813 DRM_DEBUG("failed to copy %d exec entries "
1814 "back to user\n",
1815 args->buffer_count);
1816 break;
1817 }
1818 }
1819 }
1820
1821 drm_free_large(exec2_list);
1822 return ret;
1823}