]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blob - drivers/gpu/drm/i915/i915_gem.c
projects / mirror_ubuntu-bionic-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge remote-tracking branch 'airlied/drm-next' into drm-intel-next-queued
[mirror_ubuntu-bionic-kernel.git] / drivers / gpu / drm / i915 / i915_gem.c
1 /*
2 * Copyright © 2008-2015 Intel Corporation
3 *
4 * Permission is hereby granted, free of charge, to any person obtaining a
5 * copy of this software and associated documentation files (the "Software"),
6 * to deal in the Software without restriction, including without limitation
7 * the rights to use, copy, modify, merge, publish, distribute, sublicense,
8 * and/or sell copies of the Software, and to permit persons to whom the
9 * Software is furnished to do so, subject to the following conditions:
10 *
11 * The above copyright notice and this permission notice (including the next
12 * paragraph) shall be included in all copies or substantial portions of the
13 * Software.
14 *
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
18 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
20 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
21 * IN THE SOFTWARE.
22 *
23 * Authors:
24 * Eric Anholt <eric@anholt.net>
25 *
26 */
27
28 #include <drm/drmP.h>
29 #include <drm/drm_vma_manager.h>
30 #include <drm/i915_drm.h>
31 #include "i915_drv.h"
32 #include "i915_gem_clflush.h"
33 #include "i915_vgpu.h"
34 #include "i915_trace.h"
35 #include "intel_drv.h"
36 #include "intel_frontbuffer.h"
37 #include "intel_mocs.h"
38 #include <linux/dma-fence-array.h>
39 #include <linux/kthread.h>
40 #include <linux/reservation.h>
41 #include <linux/shmem_fs.h>
42 #include <linux/slab.h>
43 #include <linux/stop_machine.h>
44 #include <linux/swap.h>
45 #include <linux/pci.h>
46 #include <linux/dma-buf.h>
47
48 static void i915_gem_flush_free_objects(struct drm_i915_private *i915);
49 static void i915_gem_object_flush_gtt_write_domain(struct drm_i915_gem_object *obj);
50 static void i915_gem_object_flush_cpu_write_domain(struct drm_i915_gem_object *obj);
51
52 static bool cpu_write_needs_clflush(struct drm_i915_gem_object *obj)
53 {
54 if (obj->base.write_domain == I915_GEM_DOMAIN_CPU)
55 return false;
56
57 if (!i915_gem_object_is_coherent(obj))
58 return true;
59
60 return obj->pin_display;
61 }
62
63 static int
64 insert_mappable_node(struct i915_ggtt *ggtt,
65 struct drm_mm_node *node, u32 size)
66 {
67 memset(node, 0, sizeof(*node));
68 return drm_mm_insert_node_in_range(&ggtt->base.mm, node,
69 size, 0, I915_COLOR_UNEVICTABLE,
70 0, ggtt->mappable_end,
71 DRM_MM_INSERT_LOW);
72 }
73
74 static void
75 remove_mappable_node(struct drm_mm_node *node)
76 {
77 drm_mm_remove_node(node);
78 }
79
80 /* some bookkeeping */
81 static void i915_gem_info_add_obj(struct drm_i915_private *dev_priv,
82 u64 size)
83 {
84 spin_lock(&dev_priv->mm.object_stat_lock);
85 dev_priv->mm.object_count++;
86 dev_priv->mm.object_memory += size;
87 spin_unlock(&dev_priv->mm.object_stat_lock);
88 }
89
90 static void i915_gem_info_remove_obj(struct drm_i915_private *dev_priv,
91 u64 size)
92 {
93 spin_lock(&dev_priv->mm.object_stat_lock);
94 dev_priv->mm.object_count--;
95 dev_priv->mm.object_memory -= size;
96 spin_unlock(&dev_priv->mm.object_stat_lock);
97 }
98
99 static int
100 i915_gem_wait_for_error(struct i915_gpu_error *error)
101 {
102 int ret;
103
104 might_sleep();
105
106 if (!i915_reset_in_progress(error))
107 return 0;
108
109 /*
110 * Only wait 10 seconds for the gpu reset to complete to avoid hanging
111 * userspace. If it takes that long something really bad is going on and
112 * we should simply try to bail out and fail as gracefully as possible.
113 */
114 ret = wait_event_interruptible_timeout(error->reset_queue,
115 !i915_reset_in_progress(error),
116 I915_RESET_TIMEOUT);
117 if (ret == 0) {
118 DRM_ERROR("Timed out waiting for the gpu reset to complete\n");
119 return -EIO;
120 } else if (ret < 0) {
121 return ret;
122 } else {
123 return 0;
124 }
125 }
126
127 int i915_mutex_lock_interruptible(struct drm_device *dev)
128 {
129 struct drm_i915_private *dev_priv = to_i915(dev);
130 int ret;
131
132 ret = i915_gem_wait_for_error(&dev_priv->gpu_error);
133 if (ret)
134 return ret;
135
136 ret = mutex_lock_interruptible(&dev->struct_mutex);
137 if (ret)
138 return ret;
139
140 return 0;
141 }
142
143 int
144 i915_gem_get_aperture_ioctl(struct drm_device *dev, void *data,
145 struct drm_file *file)
146 {
147 struct drm_i915_private *dev_priv = to_i915(dev);
148 struct i915_ggtt *ggtt = &dev_priv->ggtt;
149 struct drm_i915_gem_get_aperture *args = data;
150 struct i915_vma *vma;
151 size_t pinned;
152
153 pinned = 0;
154 mutex_lock(&dev->struct_mutex);
155 list_for_each_entry(vma, &ggtt->base.active_list, vm_link)
156 if (i915_vma_is_pinned(vma))
157 pinned += vma->node.size;
158 list_for_each_entry(vma, &ggtt->base.inactive_list, vm_link)
159 if (i915_vma_is_pinned(vma))
160 pinned += vma->node.size;
161 mutex_unlock(&dev->struct_mutex);
162
163 args->aper_size = ggtt->base.total;
164 args->aper_available_size = args->aper_size - pinned;
165
166 return 0;
167 }
168
169 static struct sg_table *
170 i915_gem_object_get_pages_phys(struct drm_i915_gem_object *obj)
171 {
172 struct address_space *mapping = obj->base.filp->f_mapping;
173 drm_dma_handle_t *phys;
174 struct sg_table *st;
175 struct scatterlist *sg;
176 char *vaddr;
177 int i;
178
179 if (WARN_ON(i915_gem_object_needs_bit17_swizzle(obj)))
180 return ERR_PTR(-EINVAL);
181
182 /* Always aligning to the object size, allows a single allocation
183 * to handle all possible callers, and given typical object sizes,
184 * the alignment of the buddy allocation will naturally match.
185 */
186 phys = drm_pci_alloc(obj->base.dev,
187 obj->base.size,
188 roundup_pow_of_two(obj->base.size));
189 if (!phys)
190 return ERR_PTR(-ENOMEM);
191
192 vaddr = phys->vaddr;
193 for (i = 0; i < obj->base.size / PAGE_SIZE; i++) {
194 struct page *page;
195 char *src;
196
197 page = shmem_read_mapping_page(mapping, i);
198 if (IS_ERR(page)) {
199 st = ERR_CAST(page);
200 goto err_phys;
201 }
202
203 src = kmap_atomic(page);
204 memcpy(vaddr, src, PAGE_SIZE);
205 drm_clflush_virt_range(vaddr, PAGE_SIZE);
206 kunmap_atomic(src);
207
208 put_page(page);
209 vaddr += PAGE_SIZE;
210 }
211
212 i915_gem_chipset_flush(to_i915(obj->base.dev));
213
214 st = kmalloc(sizeof(*st), GFP_KERNEL);
215 if (!st) {
216 st = ERR_PTR(-ENOMEM);
217 goto err_phys;
218 }
219
220 if (sg_alloc_table(st, 1, GFP_KERNEL)) {
221 kfree(st);
222 st = ERR_PTR(-ENOMEM);
223 goto err_phys;
224 }
225
226 sg = st->sgl;
227 sg->offset = 0;
228 sg->length = obj->base.size;
229
230 sg_dma_address(sg) = phys->busaddr;
231 sg_dma_len(sg) = obj->base.size;
232
233 obj->phys_handle = phys;
234 return st;
235
236 err_phys:
237 drm_pci_free(obj->base.dev, phys);
238 return st;
239 }
240
241 static void
242 __i915_gem_object_release_shmem(struct drm_i915_gem_object *obj,
243 struct sg_table *pages,
244 bool needs_clflush)
245 {
246 GEM_BUG_ON(obj->mm.madv == __I915_MADV_PURGED);
247
248 if (obj->mm.madv == I915_MADV_DONTNEED)
249 obj->mm.dirty = false;
250
251 if (needs_clflush &&
252 (obj->base.read_domains & I915_GEM_DOMAIN_CPU) == 0 &&
253 !i915_gem_object_is_coherent(obj))
254 drm_clflush_sg(pages);
255
256 obj->base.read_domains = I915_GEM_DOMAIN_CPU;
257 obj->base.write_domain = I915_GEM_DOMAIN_CPU;
258 }
259
260 static void
261 i915_gem_object_put_pages_phys(struct drm_i915_gem_object *obj,
262 struct sg_table *pages)
263 {
264 __i915_gem_object_release_shmem(obj, pages, false);
265
266 if (obj->mm.dirty) {
267 struct address_space *mapping = obj->base.filp->f_mapping;
268 char *vaddr = obj->phys_handle->vaddr;
269 int i;
270
271 for (i = 0; i < obj->base.size / PAGE_SIZE; i++) {
272 struct page *page;
273 char *dst;
274
275 page = shmem_read_mapping_page(mapping, i);
276 if (IS_ERR(page))
277 continue;
278
279 dst = kmap_atomic(page);
280 drm_clflush_virt_range(vaddr, PAGE_SIZE);
281 memcpy(dst, vaddr, PAGE_SIZE);
282 kunmap_atomic(dst);
283
284 set_page_dirty(page);
285 if (obj->mm.madv == I915_MADV_WILLNEED)
286 mark_page_accessed(page);
287 put_page(page);
288 vaddr += PAGE_SIZE;
289 }
290 obj->mm.dirty = false;
291 }
292
293 sg_free_table(pages);
294 kfree(pages);
295
296 drm_pci_free(obj->base.dev, obj->phys_handle);
297 }
298
299 static void
300 i915_gem_object_release_phys(struct drm_i915_gem_object *obj)
301 {
302 i915_gem_object_unpin_pages(obj);
303 }
304
305 static const struct drm_i915_gem_object_ops i915_gem_phys_ops = {
306 .get_pages = i915_gem_object_get_pages_phys,
307 .put_pages = i915_gem_object_put_pages_phys,
308 .release = i915_gem_object_release_phys,
309 };
310
311 static const struct drm_i915_gem_object_ops i915_gem_object_ops;
312
313 int i915_gem_object_unbind(struct drm_i915_gem_object *obj)
314 {
315 struct i915_vma *vma;
316 LIST_HEAD(still_in_list);
317 int ret;
318
319 lockdep_assert_held(&obj->base.dev->struct_mutex);
320
321 /* Closed vma are removed from the obj->vma_list - but they may
322 * still have an active binding on the object. To remove those we
323 * must wait for all rendering to complete to the object (as unbinding
324 * must anyway), and retire the requests.
325 */
326 ret = i915_gem_object_wait(obj,
327 I915_WAIT_INTERRUPTIBLE |
328 I915_WAIT_LOCKED |
329 I915_WAIT_ALL,
330 MAX_SCHEDULE_TIMEOUT,
331 NULL);
332 if (ret)
333 return ret;
334
335 i915_gem_retire_requests(to_i915(obj->base.dev));
336
337 while ((vma = list_first_entry_or_null(&obj->vma_list,
338 struct i915_vma,
339 obj_link))) {
340 list_move_tail(&vma->obj_link, &still_in_list);
341 ret = i915_vma_unbind(vma);
342 if (ret)
343 break;
344 }
345 list_splice(&still_in_list, &obj->vma_list);
346
347 return ret;
348 }
349
350 static long
351 i915_gem_object_wait_fence(struct dma_fence *fence,
352 unsigned int flags,
353 long timeout,
354 struct intel_rps_client *rps)
355 {
356 struct drm_i915_gem_request *rq;
357
358 BUILD_BUG_ON(I915_WAIT_INTERRUPTIBLE != 0x1);
359
360 if (test_bit(DMA_FENCE_FLAG_SIGNALED_BIT, &fence->flags))
361 return timeout;
362
363 if (!dma_fence_is_i915(fence))
364 return dma_fence_wait_timeout(fence,
365 flags & I915_WAIT_INTERRUPTIBLE,
366 timeout);
367
368 rq = to_request(fence);
369 if (i915_gem_request_completed(rq))
370 goto out;
371
372 /* This client is about to stall waiting for the GPU. In many cases
373 * this is undesirable and limits the throughput of the system, as
374 * many clients cannot continue processing user input/output whilst
375 * blocked. RPS autotuning may take tens of milliseconds to respond
376 * to the GPU load and thus incurs additional latency for the client.
377 * We can circumvent that by promoting the GPU frequency to maximum
378 * before we wait. This makes the GPU throttle up much more quickly
379 * (good for benchmarks and user experience, e.g. window animations),
380 * but at a cost of spending more power processing the workload
381 * (bad for battery). Not all clients even want their results
382 * immediately and for them we should just let the GPU select its own
383 * frequency to maximise efficiency. To prevent a single client from
384 * forcing the clocks too high for the whole system, we only allow
385 * each client to waitboost once in a busy period.
386 */
387 if (rps) {
388 if (INTEL_GEN(rq->i915) >= 6)
389 gen6_rps_boost(rq->i915, rps, rq->emitted_jiffies);
390 else
391 rps = NULL;
392 }
393
394 timeout = i915_wait_request(rq, flags, timeout);
395
396 out:
397 if (flags & I915_WAIT_LOCKED && i915_gem_request_completed(rq))
398 i915_gem_request_retire_upto(rq);
399
400 if (rps && i915_gem_request_global_seqno(rq) == intel_engine_last_submit(rq->engine)) {
401 /* The GPU is now idle and this client has stalled.
402 * Since no other client has submitted a request in the
403 * meantime, assume that this client is the only one
404 * supplying work to the GPU but is unable to keep that
405 * work supplied because it is waiting. Since the GPU is
406 * then never kept fully busy, RPS autoclocking will
407 * keep the clocks relatively low, causing further delays.
408 * Compensate by giving the synchronous client credit for
409 * a waitboost next time.
410 */
411 spin_lock(&rq->i915->rps.client_lock);
412 list_del_init(&rps->link);
413 spin_unlock(&rq->i915->rps.client_lock);
414 }
415
416 return timeout;
417 }
418
419 static long
420 i915_gem_object_wait_reservation(struct reservation_object *resv,
421 unsigned int flags,
422 long timeout,
423 struct intel_rps_client *rps)
424 {
425 unsigned int seq = __read_seqcount_begin(&resv->seq);
426 struct dma_fence *excl;
427 bool prune_fences = false;
428
429 if (flags & I915_WAIT_ALL) {
430 struct dma_fence **shared;
431 unsigned int count, i;
432 int ret;
433
434 ret = reservation_object_get_fences_rcu(resv,
435 &excl, &count, &shared);
436 if (ret)
437 return ret;
438
439 for (i = 0; i < count; i++) {
440 timeout = i915_gem_object_wait_fence(shared[i],
441 flags, timeout,
442 rps);
443 if (timeout < 0)
444 break;
445
446 dma_fence_put(shared[i]);
447 }
448
449 for (; i < count; i++)
450 dma_fence_put(shared[i]);
451 kfree(shared);
452
453 prune_fences = count && timeout >= 0;
454 } else {
455 excl = reservation_object_get_excl_rcu(resv);
456 }
457
458 if (excl && timeout >= 0) {
459 timeout = i915_gem_object_wait_fence(excl, flags, timeout, rps);
460 prune_fences = timeout >= 0;
461 }
462
463 dma_fence_put(excl);
464
465 if (prune_fences && !__read_seqcount_retry(&resv->seq, seq)) {
466 reservation_object_lock(resv, NULL);
467 if (!__read_seqcount_retry(&resv->seq, seq))
468 reservation_object_add_excl_fence(resv, NULL);
469 reservation_object_unlock(resv);
470 }
471
472 return timeout;
473 }
474
475 static void __fence_set_priority(struct dma_fence *fence, int prio)
476 {
477 struct drm_i915_gem_request *rq;
478 struct intel_engine_cs *engine;
479
480 if (!dma_fence_is_i915(fence))
481 return;
482
483 rq = to_request(fence);
484 engine = rq->engine;
485 if (!engine->schedule)
486 return;
487
488 engine->schedule(rq, prio);
489 }
490
491 static void fence_set_priority(struct dma_fence *fence, int prio)
492 {
493 /* Recurse once into a fence-array */
494 if (dma_fence_is_array(fence)) {
495 struct dma_fence_array *array = to_dma_fence_array(fence);
496 int i;
497
498 for (i = 0; i < array->num_fences; i++)
499 __fence_set_priority(array->fences[i], prio);
500 } else {
501 __fence_set_priority(fence, prio);
502 }
503 }
504
505 int
506 i915_gem_object_wait_priority(struct drm_i915_gem_object *obj,
507 unsigned int flags,
508 int prio)
509 {
510 struct dma_fence *excl;
511
512 if (flags & I915_WAIT_ALL) {
513 struct dma_fence **shared;
514 unsigned int count, i;
515 int ret;
516
517 ret = reservation_object_get_fences_rcu(obj->resv,
518 &excl, &count, &shared);
519 if (ret)
520 return ret;
521
522 for (i = 0; i < count; i++) {
523 fence_set_priority(shared[i], prio);
524 dma_fence_put(shared[i]);
525 }
526
527 kfree(shared);
528 } else {
529 excl = reservation_object_get_excl_rcu(obj->resv);
530 }
531
532 if (excl) {
533 fence_set_priority(excl, prio);
534 dma_fence_put(excl);
535 }
536 return 0;
537 }
538
539 /**
540 * Waits for rendering to the object to be completed
541 * @obj: i915 gem object
542 * @flags: how to wait (under a lock, for all rendering or just for writes etc)
543 * @timeout: how long to wait
544 * @rps: client (user process) to charge for any waitboosting
545 */
546 int
547 i915_gem_object_wait(struct drm_i915_gem_object *obj,
548 unsigned int flags,
549 long timeout,
550 struct intel_rps_client *rps)
551 {
552 might_sleep();
553 #if IS_ENABLED(CONFIG_LOCKDEP)
554 GEM_BUG_ON(debug_locks &&
555 !!lockdep_is_held(&obj->base.dev->struct_mutex) !=
556 !!(flags & I915_WAIT_LOCKED));
557 #endif
558 GEM_BUG_ON(timeout < 0);
559
560 timeout = i915_gem_object_wait_reservation(obj->resv,
561 flags, timeout,
562 rps);
563 return timeout < 0 ? timeout : 0;
564 }
565
566 static struct intel_rps_client *to_rps_client(struct drm_file *file)
567 {
568 struct drm_i915_file_private *fpriv = file->driver_priv;
569
570 return &fpriv->rps;
571 }
572
573 int
574 i915_gem_object_attach_phys(struct drm_i915_gem_object *obj,
575 int align)
576 {
577 int ret;
578
579 if (align > obj->base.size)
580 return -EINVAL;
581
582 if (obj->ops == &i915_gem_phys_ops)
583 return 0;
584
585 if (obj->mm.madv != I915_MADV_WILLNEED)
586 return -EFAULT;
587
588 if (obj->base.filp == NULL)
589 return -EINVAL;
590
591 ret = i915_gem_object_unbind(obj);
592 if (ret)
593 return ret;
594
595 __i915_gem_object_put_pages(obj, I915_MM_NORMAL);
596 if (obj->mm.pages)
597 return -EBUSY;
598
599 GEM_BUG_ON(obj->ops != &i915_gem_object_ops);
600 obj->ops = &i915_gem_phys_ops;
601
602 ret = i915_gem_object_pin_pages(obj);
603 if (ret)
604 goto err_xfer;
605
606 return 0;
607
608 err_xfer:
609 obj->ops = &i915_gem_object_ops;
610 return ret;
611 }
612
613 static int
614 i915_gem_phys_pwrite(struct drm_i915_gem_object *obj,
615 struct drm_i915_gem_pwrite *args,
616 struct drm_file *file)
617 {
618 void *vaddr = obj->phys_handle->vaddr + args->offset;
619 char __user *user_data = u64_to_user_ptr(args->data_ptr);
620
621 /* We manually control the domain here and pretend that it
622 * remains coherent i.e. in the GTT domain, like shmem_pwrite.
623 */
624 intel_fb_obj_invalidate(obj, ORIGIN_CPU);
625 if (copy_from_user(vaddr, user_data, args->size))
626 return -EFAULT;
627
628 drm_clflush_virt_range(vaddr, args->size);
629 i915_gem_chipset_flush(to_i915(obj->base.dev));
630
631 intel_fb_obj_flush(obj, ORIGIN_CPU);
632 return 0;
633 }
634
635 void *i915_gem_object_alloc(struct drm_i915_private *dev_priv)
636 {
637 return kmem_cache_zalloc(dev_priv->objects, GFP_KERNEL);
638 }
639
640 void i915_gem_object_free(struct drm_i915_gem_object *obj)
641 {
642 struct drm_i915_private *dev_priv = to_i915(obj->base.dev);
643 kmem_cache_free(dev_priv->objects, obj);
644 }
645
646 static int
647 i915_gem_create(struct drm_file *file,
648 struct drm_i915_private *dev_priv,
649 uint64_t size,
650 uint32_t *handle_p)
651 {
652 struct drm_i915_gem_object *obj;
653 int ret;
654 u32 handle;
655
656 size = roundup(size, PAGE_SIZE);
657 if (size == 0)
658 return -EINVAL;
659
660 /* Allocate the new object */
661 obj = i915_gem_object_create(dev_priv, size);
662 if (IS_ERR(obj))
663 return PTR_ERR(obj);
664
665 ret = drm_gem_handle_create(file, &obj->base, &handle);
666 /* drop reference from allocate - handle holds it now */
667 i915_gem_object_put(obj);
668 if (ret)
669 return ret;
670
671 *handle_p = handle;
672 return 0;
673 }
674
675 int
676 i915_gem_dumb_create(struct drm_file *file,
677 struct drm_device *dev,
678 struct drm_mode_create_dumb *args)
679 {
680 /* have to work out size/pitch and return them */
681 args->pitch = ALIGN(args->width * DIV_ROUND_UP(args->bpp, 8), 64);
682 args->size = args->pitch * args->height;
683 return i915_gem_create(file, to_i915(dev),
684 args->size, &args->handle);
685 }
686
687 /**
688 * Creates a new mm object and returns a handle to it.
689 * @dev: drm device pointer
690 * @data: ioctl data blob
691 * @file: drm file pointer
692 */
693 int
694 i915_gem_create_ioctl(struct drm_device *dev, void *data,
695 struct drm_file *file)
696 {
697 struct drm_i915_private *dev_priv = to_i915(dev);
698 struct drm_i915_gem_create *args = data;
699
700 i915_gem_flush_free_objects(dev_priv);
701
702 return i915_gem_create(file, dev_priv,
703 args->size, &args->handle);
704 }
705
706 static inline int
707 __copy_to_user_swizzled(char __user *cpu_vaddr,
708 const char *gpu_vaddr, int gpu_offset,
709 int length)
710 {
711 int ret, cpu_offset = 0;
712
713 while (length > 0) {
714 int cacheline_end = ALIGN(gpu_offset + 1, 64);
715 int this_length = min(cacheline_end - gpu_offset, length);
716 int swizzled_gpu_offset = gpu_offset ^ 64;
717
718 ret = __copy_to_user(cpu_vaddr + cpu_offset,
719 gpu_vaddr + swizzled_gpu_offset,
720 this_length);
721 if (ret)
722 return ret + length;
723
724 cpu_offset += this_length;
725 gpu_offset += this_length;
726 length -= this_length;
727 }
728
729 return 0;
730 }
731
732 static inline int
733 __copy_from_user_swizzled(char *gpu_vaddr, int gpu_offset,
734 const char __user *cpu_vaddr,
735 int length)
736 {
737 int ret, cpu_offset = 0;
738
739 while (length > 0) {
740 int cacheline_end = ALIGN(gpu_offset + 1, 64);
741 int this_length = min(cacheline_end - gpu_offset, length);
742 int swizzled_gpu_offset = gpu_offset ^ 64;
743
744 ret = __copy_from_user(gpu_vaddr + swizzled_gpu_offset,
745 cpu_vaddr + cpu_offset,
746 this_length);
747 if (ret)
748 return ret + length;
749
750 cpu_offset += this_length;
751 gpu_offset += this_length;
752 length -= this_length;
753 }
754
755 return 0;
756 }
757
758 /*
759 * Pins the specified object's pages and synchronizes the object with
760 * GPU accesses. Sets needs_clflush to non-zero if the caller should
761 * flush the object from the CPU cache.
762 */
763 int i915_gem_obj_prepare_shmem_read(struct drm_i915_gem_object *obj,
764 unsigned int *needs_clflush)
765 {
766 int ret;
767
768 lockdep_assert_held(&obj->base.dev->struct_mutex);
769
770 *needs_clflush = 0;
771 if (!i915_gem_object_has_struct_page(obj))
772 return -ENODEV;
773
774 ret = i915_gem_object_wait(obj,
775 I915_WAIT_INTERRUPTIBLE |
776 I915_WAIT_LOCKED,
777 MAX_SCHEDULE_TIMEOUT,
778 NULL);
779 if (ret)
780 return ret;
781
782 ret = i915_gem_object_pin_pages(obj);
783 if (ret)
784 return ret;
785
786 i915_gem_object_flush_gtt_write_domain(obj);
787
788 /* If we're not in the cpu read domain, set ourself into the gtt
789 * read domain and manually flush cachelines (if required). This
790 * optimizes for the case when the gpu will dirty the data
791 * anyway again before the next pread happens.
792 */
793 if (!(obj->base.read_domains & I915_GEM_DOMAIN_CPU))
794 *needs_clflush = !i915_gem_object_is_coherent(obj);
795
796 if (*needs_clflush && !static_cpu_has(X86_FEATURE_CLFLUSH)) {
797 ret = i915_gem_object_set_to_cpu_domain(obj, false);
798 if (ret)
799 goto err_unpin;
800
801 *needs_clflush = 0;
802 }
803
804 /* return with the pages pinned */
805 return 0;
806
807 err_unpin:
808 i915_gem_object_unpin_pages(obj);
809 return ret;
810 }
811
812 int i915_gem_obj_prepare_shmem_write(struct drm_i915_gem_object *obj,
813 unsigned int *needs_clflush)
814 {
815 int ret;
816
817 lockdep_assert_held(&obj->base.dev->struct_mutex);
818
819 *needs_clflush = 0;
820 if (!i915_gem_object_has_struct_page(obj))
821 return -ENODEV;
822
823 ret = i915_gem_object_wait(obj,
824 I915_WAIT_INTERRUPTIBLE |
825 I915_WAIT_LOCKED |
826 I915_WAIT_ALL,
827 MAX_SCHEDULE_TIMEOUT,
828 NULL);
829 if (ret)
830 return ret;
831
832 ret = i915_gem_object_pin_pages(obj);
833 if (ret)
834 return ret;
835
836 i915_gem_object_flush_gtt_write_domain(obj);
837
838 /* If we're not in the cpu write domain, set ourself into the
839 * gtt write domain and manually flush cachelines (as required).
840 * This optimizes for the case when the gpu will use the data
841 * right away and we therefore have to clflush anyway.
842 */
843 if (obj->base.write_domain != I915_GEM_DOMAIN_CPU)
844 *needs_clflush |= cpu_write_needs_clflush(obj) << 1;
845
846 /* Same trick applies to invalidate partially written cachelines read
847 * before writing.
848 */
849 if (!(obj->base.read_domains & I915_GEM_DOMAIN_CPU))
850 *needs_clflush |= !i915_gem_object_is_coherent(obj);
851
852 if (*needs_clflush && !static_cpu_has(X86_FEATURE_CLFLUSH)) {
853 ret = i915_gem_object_set_to_cpu_domain(obj, true);
854 if (ret)
855 goto err_unpin;
856
857 *needs_clflush = 0;
858 }
859
860 if ((*needs_clflush & CLFLUSH_AFTER) == 0)
861 obj->cache_dirty = true;
862
863 intel_fb_obj_invalidate(obj, ORIGIN_CPU);
864 obj->mm.dirty = true;
865 /* return with the pages pinned */
866 return 0;
867
868 err_unpin:
869 i915_gem_object_unpin_pages(obj);
870 return ret;
871 }
872
873 static void
874 shmem_clflush_swizzled_range(char *addr, unsigned long length,
875 bool swizzled)
876 {
877 if (unlikely(swizzled)) {
878 unsigned long start = (unsigned long) addr;
879 unsigned long end = (unsigned long) addr + length;
880
881 /* For swizzling simply ensure that we always flush both
882 * channels. Lame, but simple and it works. Swizzled
883 * pwrite/pread is far from a hotpath - current userspace
884 * doesn't use it at all. */
885 start = round_down(start, 128);
886 end = round_up(end, 128);
887
888 drm_clflush_virt_range((void *)start, end - start);
889 } else {
890 drm_clflush_virt_range(addr, length);
891 }
892
893 }
894
895 /* Only difference to the fast-path function is that this can handle bit17
896 * and uses non-atomic copy and kmap functions. */
897 static int
898 shmem_pread_slow(struct page *page, int offset, int length,
899 char __user *user_data,
900 bool page_do_bit17_swizzling, bool needs_clflush)
901 {
902 char *vaddr;
903 int ret;
904
905 vaddr = kmap(page);
906 if (needs_clflush)
907 shmem_clflush_swizzled_range(vaddr + offset, length,
908 page_do_bit17_swizzling);
909
910 if (page_do_bit17_swizzling)
911 ret = __copy_to_user_swizzled(user_data, vaddr, offset, length);
912 else
913 ret = __copy_to_user(user_data, vaddr + offset, length);
914 kunmap(page);
915
916 return ret ? - EFAULT : 0;
917 }
918
919 static int
920 shmem_pread(struct page *page, int offset, int length, char __user *user_data,
921 bool page_do_bit17_swizzling, bool needs_clflush)
922 {
923 int ret;
924
925 ret = -ENODEV;
926 if (!page_do_bit17_swizzling) {
927 char *vaddr = kmap_atomic(page);
928
929 if (needs_clflush)
930 drm_clflush_virt_range(vaddr + offset, length);
931 ret = __copy_to_user_inatomic(user_data, vaddr + offset, length);
932 kunmap_atomic(vaddr);
933 }
934 if (ret == 0)
935 return 0;
936
937 return shmem_pread_slow(page, offset, length, user_data,
938 page_do_bit17_swizzling, needs_clflush);
939 }
940
941 static int
942 i915_gem_shmem_pread(struct drm_i915_gem_object *obj,
943 struct drm_i915_gem_pread *args)
944 {
945 char __user *user_data;
946 u64 remain;
947 unsigned int obj_do_bit17_swizzling;
948 unsigned int needs_clflush;
949 unsigned int idx, offset;
950 int ret;
951
952 obj_do_bit17_swizzling = 0;
953 if (i915_gem_object_needs_bit17_swizzle(obj))
954 obj_do_bit17_swizzling = BIT(17);
955
956 ret = mutex_lock_interruptible(&obj->base.dev->struct_mutex);
957 if (ret)
958 return ret;
959
960 ret = i915_gem_obj_prepare_shmem_read(obj, &needs_clflush);
961 mutex_unlock(&obj->base.dev->struct_mutex);
962 if (ret)
963 return ret;
964
965 remain = args->size;
966 user_data = u64_to_user_ptr(args->data_ptr);
967 offset = offset_in_page(args->offset);
968 for (idx = args->offset >> PAGE_SHIFT; remain; idx++) {
969 struct page *page = i915_gem_object_get_page(obj, idx);
970 int length;
971
972 length = remain;
973 if (offset + length > PAGE_SIZE)
974 length = PAGE_SIZE - offset;
975
976 ret = shmem_pread(page, offset, length, user_data,
977 page_to_phys(page) & obj_do_bit17_swizzling,
978 needs_clflush);
979 if (ret)
980 break;
981
982 remain -= length;
983 user_data += length;
984 offset = 0;
985 }
986
987 i915_gem_obj_finish_shmem_access(obj);
988 return ret;
989 }
990
991 static inline bool
992 gtt_user_read(struct io_mapping *mapping,
993 loff_t base, int offset,
994 char __user *user_data, int length)
995 {
996 void *vaddr;
997 unsigned long unwritten;
998
999 /* We can use the cpu mem copy function because this is X86. */
1000 vaddr = (void __force *)io_mapping_map_atomic_wc(mapping, base);
1001 unwritten = __copy_to_user_inatomic(user_data, vaddr + offset, length);
1002 io_mapping_unmap_atomic(vaddr);
1003 if (unwritten) {
1004 vaddr = (void __force *)
1005 io_mapping_map_wc(mapping, base, PAGE_SIZE);
1006 unwritten = copy_to_user(user_data, vaddr + offset, length);
1007 io_mapping_unmap(vaddr);
1008 }
1009 return unwritten;
1010 }
1011
1012 static int
1013 i915_gem_gtt_pread(struct drm_i915_gem_object *obj,
1014 const struct drm_i915_gem_pread *args)
1015 {
1016 struct drm_i915_private *i915 = to_i915(obj->base.dev);
1017 struct i915_ggtt *ggtt = &i915->ggtt;
1018 struct drm_mm_node node;
1019 struct i915_vma *vma;
1020 void __user *user_data;
1021 u64 remain, offset;
1022 int ret;
1023
1024 ret = mutex_lock_interruptible(&i915->drm.struct_mutex);
1025 if (ret)
1026 return ret;
1027
1028 intel_runtime_pm_get(i915);
1029 vma = i915_gem_object_ggtt_pin(obj, NULL, 0, 0,
1030 PIN_MAPPABLE | PIN_NONBLOCK);
1031 if (!IS_ERR(vma)) {
1032 node.start = i915_ggtt_offset(vma);
1033 node.allocated = false;
1034 ret = i915_vma_put_fence(vma);
1035 if (ret) {
1036 i915_vma_unpin(vma);
1037 vma = ERR_PTR(ret);
1038 }
1039 }
1040 if (IS_ERR(vma)) {
1041 ret = insert_mappable_node(ggtt, &node, PAGE_SIZE);
1042 if (ret)
1043 goto out_unlock;
1044 GEM_BUG_ON(!node.allocated);
1045 }
1046
1047 ret = i915_gem_object_set_to_gtt_domain(obj, false);
1048 if (ret)
1049 goto out_unpin;
1050
1051 mutex_unlock(&i915->drm.struct_mutex);
1052
1053 user_data = u64_to_user_ptr(args->data_ptr);
1054 remain = args->size;
1055 offset = args->offset;
1056
1057 while (remain > 0) {
1058 /* Operation in this page
1059 *
1060 * page_base = page offset within aperture
1061 * page_offset = offset within page
1062 * page_length = bytes to copy for this page
1063 */
1064 u32 page_base = node.start;
1065 unsigned page_offset = offset_in_page(offset);
1066 unsigned page_length = PAGE_SIZE - page_offset;
1067 page_length = remain < page_length ? remain : page_length;
1068 if (node.allocated) {
1069 wmb();
1070 ggtt->base.insert_page(&ggtt->base,
1071 i915_gem_object_get_dma_address(obj, offset >> PAGE_SHIFT),
1072 node.start, I915_CACHE_NONE, 0);
1073 wmb();
1074 } else {
1075 page_base += offset & PAGE_MASK;
1076 }
1077
1078 if (gtt_user_read(&ggtt->mappable, page_base, page_offset,
1079 user_data, page_length)) {
1080 ret = -EFAULT;
1081 break;
1082 }
1083
1084 remain -= page_length;
1085 user_data += page_length;
1086 offset += page_length;
1087 }
1088
1089 mutex_lock(&i915->drm.struct_mutex);
1090 out_unpin:
1091 if (node.allocated) {
1092 wmb();
1093 ggtt->base.clear_range(&ggtt->base,
1094 node.start, node.size);
1095 remove_mappable_node(&node);
1096 } else {
1097 i915_vma_unpin(vma);
1098 }
1099 out_unlock:
1100 intel_runtime_pm_put(i915);
1101 mutex_unlock(&i915->drm.struct_mutex);
1102
1103 return ret;
1104 }
1105
1106 /**
1107 * Reads data from the object referenced by handle.
1108 * @dev: drm device pointer
1109 * @data: ioctl data blob
1110 * @file: drm file pointer
1111 *
1112 * On error, the contents of *data are undefined.
1113 */
1114 int
1115 i915_gem_pread_ioctl(struct drm_device *dev, void *data,
1116 struct drm_file *file)
1117 {
1118 struct drm_i915_gem_pread *args = data;
1119 struct drm_i915_gem_object *obj;
1120 int ret;
1121
1122 if (args->size == 0)
1123 return 0;
1124
1125 if (!access_ok(VERIFY_WRITE,
1126 u64_to_user_ptr(args->data_ptr),
1127 args->size))
1128 return -EFAULT;
1129
1130 obj = i915_gem_object_lookup(file, args->handle);
1131 if (!obj)
1132 return -ENOENT;
1133
1134 /* Bounds check source. */
1135 if (range_overflows_t(u64, args->offset, args->size, obj->base.size)) {
1136 ret = -EINVAL;
1137 goto out;
1138 }
1139
1140 trace_i915_gem_object_pread(obj, args->offset, args->size);
1141
1142 ret = i915_gem_object_wait(obj,
1143 I915_WAIT_INTERRUPTIBLE,
1144 MAX_SCHEDULE_TIMEOUT,
1145 to_rps_client(file));
1146 if (ret)
1147 goto out;
1148
1149 ret = i915_gem_object_pin_pages(obj);
1150 if (ret)
1151 goto out;
1152
1153 ret = i915_gem_shmem_pread(obj, args);
1154 if (ret == -EFAULT || ret == -ENODEV)
1155 ret = i915_gem_gtt_pread(obj, args);
1156
1157 i915_gem_object_unpin_pages(obj);
1158 out:
1159 i915_gem_object_put(obj);
1160 return ret;
1161 }
1162
1163 /* This is the fast write path which cannot handle
1164 * page faults in the source data
1165 */
1166
1167 static inline bool
1168 ggtt_write(struct io_mapping *mapping,
1169 loff_t base, int offset,
1170 char __user *user_data, int length)
1171 {
1172 void *vaddr;
1173 unsigned long unwritten;
1174
1175 /* We can use the cpu mem copy function because this is X86. */
1176 vaddr = (void __force *)io_mapping_map_atomic_wc(mapping, base);
1177 unwritten = __copy_from_user_inatomic_nocache(vaddr + offset,
1178 user_data, length);
1179 io_mapping_unmap_atomic(vaddr);
1180 if (unwritten) {
1181 vaddr = (void __force *)
1182 io_mapping_map_wc(mapping, base, PAGE_SIZE);
1183 unwritten = copy_from_user(vaddr + offset, user_data, length);
1184 io_mapping_unmap(vaddr);
1185 }
1186
1187 return unwritten;
1188 }
1189
1190 /**
1191 * This is the fast pwrite path, where we copy the data directly from the
1192 * user into the GTT, uncached.
1193 * @obj: i915 GEM object
1194 * @args: pwrite arguments structure
1195 */
1196 static int
1197 i915_gem_gtt_pwrite_fast(struct drm_i915_gem_object *obj,
1198 const struct drm_i915_gem_pwrite *args)
1199 {
1200 struct drm_i915_private *i915 = to_i915(obj->base.dev);
1201 struct i915_ggtt *ggtt = &i915->ggtt;
1202 struct drm_mm_node node;
1203 struct i915_vma *vma;
1204 u64 remain, offset;
1205 void __user *user_data;
1206 int ret;
1207
1208 ret = mutex_lock_interruptible(&i915->drm.struct_mutex);
1209 if (ret)
1210 return ret;
1211
1212 intel_runtime_pm_get(i915);
1213 vma = i915_gem_object_ggtt_pin(obj, NULL, 0, 0,
1214 PIN_MAPPABLE | PIN_NONBLOCK);
1215 if (!IS_ERR(vma)) {
1216 node.start = i915_ggtt_offset(vma);
1217 node.allocated = false;
1218 ret = i915_vma_put_fence(vma);
1219 if (ret) {
1220 i915_vma_unpin(vma);
1221 vma = ERR_PTR(ret);
1222 }
1223 }
1224 if (IS_ERR(vma)) {
1225 ret = insert_mappable_node(ggtt, &node, PAGE_SIZE);
1226 if (ret)
1227 goto out_unlock;
1228 GEM_BUG_ON(!node.allocated);
1229 }
1230
1231 ret = i915_gem_object_set_to_gtt_domain(obj, true);
1232 if (ret)
1233 goto out_unpin;
1234
1235 mutex_unlock(&i915->drm.struct_mutex);
1236
1237 intel_fb_obj_invalidate(obj, ORIGIN_CPU);
1238
1239 user_data = u64_to_user_ptr(args->data_ptr);
1240 offset = args->offset;
1241 remain = args->size;
1242 while (remain) {
1243 /* Operation in this page
1244 *
1245 * page_base = page offset within aperture
1246 * page_offset = offset within page
1247 * page_length = bytes to copy for this page
1248 */
1249 u32 page_base = node.start;
1250 unsigned int page_offset = offset_in_page(offset);
1251 unsigned int page_length = PAGE_SIZE - page_offset;
1252 page_length = remain < page_length ? remain : page_length;
1253 if (node.allocated) {
1254 wmb(); /* flush the write before we modify the GGTT */
1255 ggtt->base.insert_page(&ggtt->base,
1256 i915_gem_object_get_dma_address(obj, offset >> PAGE_SHIFT),
1257 node.start, I915_CACHE_NONE, 0);
1258 wmb(); /* flush modifications to the GGTT (insert_page) */
1259 } else {
1260 page_base += offset & PAGE_MASK;
1261 }
1262 /* If we get a fault while copying data, then (presumably) our
1263 * source page isn't available. Return the error and we'll
1264 * retry in the slow path.
1265 * If the object is non-shmem backed, we retry again with the
1266 * path that handles page fault.
1267 */
1268 if (ggtt_write(&ggtt->mappable, page_base, page_offset,
1269 user_data, page_length)) {
1270 ret = -EFAULT;
1271 break;
1272 }
1273
1274 remain -= page_length;
1275 user_data += page_length;
1276 offset += page_length;
1277 }
1278 intel_fb_obj_flush(obj, ORIGIN_CPU);
1279
1280 mutex_lock(&i915->drm.struct_mutex);
1281 out_unpin:
1282 if (node.allocated) {
1283 wmb();
1284 ggtt->base.clear_range(&ggtt->base,
1285 node.start, node.size);
1286 remove_mappable_node(&node);
1287 } else {
1288 i915_vma_unpin(vma);
1289 }
1290 out_unlock:
1291 intel_runtime_pm_put(i915);
1292 mutex_unlock(&i915->drm.struct_mutex);
1293 return ret;
1294 }
1295
1296 static int
1297 shmem_pwrite_slow(struct page *page, int offset, int length,
1298 char __user *user_data,
1299 bool page_do_bit17_swizzling,
1300 bool needs_clflush_before,
1301 bool needs_clflush_after)
1302 {
1303 char *vaddr;
1304 int ret;
1305
1306 vaddr = kmap(page);
1307 if (unlikely(needs_clflush_before || page_do_bit17_swizzling))
1308 shmem_clflush_swizzled_range(vaddr + offset, length,
1309 page_do_bit17_swizzling);
1310 if (page_do_bit17_swizzling)
1311 ret = __copy_from_user_swizzled(vaddr, offset, user_data,
1312 length);
1313 else
1314 ret = __copy_from_user(vaddr + offset, user_data, length);
1315 if (needs_clflush_after)
1316 shmem_clflush_swizzled_range(vaddr + offset, length,
1317 page_do_bit17_swizzling);
1318 kunmap(page);
1319
1320 return ret ? -EFAULT : 0;
1321 }
1322
1323 /* Per-page copy function for the shmem pwrite fastpath.
1324 * Flushes invalid cachelines before writing to the target if
1325 * needs_clflush_before is set and flushes out any written cachelines after
1326 * writing if needs_clflush is set.
1327 */
1328 static int
1329 shmem_pwrite(struct page *page, int offset, int len, char __user *user_data,
1330 bool page_do_bit17_swizzling,
1331 bool needs_clflush_before,
1332 bool needs_clflush_after)
1333 {
1334 int ret;
1335
1336 ret = -ENODEV;
1337 if (!page_do_bit17_swizzling) {
1338 char *vaddr = kmap_atomic(page);
1339
1340 if (needs_clflush_before)
1341 drm_clflush_virt_range(vaddr + offset, len);
1342 ret = __copy_from_user_inatomic(vaddr + offset, user_data, len);
1343 if (needs_clflush_after)
1344 drm_clflush_virt_range(vaddr + offset, len);
1345
1346 kunmap_atomic(vaddr);
1347 }
1348 if (ret == 0)
1349 return ret;
1350
1351 return shmem_pwrite_slow(page, offset, len, user_data,
1352 page_do_bit17_swizzling,
1353 needs_clflush_before,
1354 needs_clflush_after);
1355 }
1356
1357 static int
1358 i915_gem_shmem_pwrite(struct drm_i915_gem_object *obj,
1359 const struct drm_i915_gem_pwrite *args)
1360 {
1361 struct drm_i915_private *i915 = to_i915(obj->base.dev);
1362 void __user *user_data;
1363 u64 remain;
1364 unsigned int obj_do_bit17_swizzling;
1365 unsigned int partial_cacheline_write;
1366 unsigned int needs_clflush;
1367 unsigned int offset, idx;
1368 int ret;
1369
1370 ret = mutex_lock_interruptible(&i915->drm.struct_mutex);
1371 if (ret)
1372 return ret;
1373
1374 ret = i915_gem_obj_prepare_shmem_write(obj, &needs_clflush);
1375 mutex_unlock(&i915->drm.struct_mutex);
1376 if (ret)
1377 return ret;
1378
1379 obj_do_bit17_swizzling = 0;
1380 if (i915_gem_object_needs_bit17_swizzle(obj))
1381 obj_do_bit17_swizzling = BIT(17);
1382
1383 /* If we don't overwrite a cacheline completely we need to be
1384 * careful to have up-to-date data by first clflushing. Don't
1385 * overcomplicate things and flush the entire patch.
1386 */
1387 partial_cacheline_write = 0;
1388 if (needs_clflush & CLFLUSH_BEFORE)
1389 partial_cacheline_write = boot_cpu_data.x86_clflush_size - 1;
1390
1391 user_data = u64_to_user_ptr(args->data_ptr);
1392 remain = args->size;
1393 offset = offset_in_page(args->offset);
1394 for (idx = args->offset >> PAGE_SHIFT; remain; idx++) {
1395 struct page *page = i915_gem_object_get_page(obj, idx);
1396 int length;
1397
1398 length = remain;
1399 if (offset + length > PAGE_SIZE)
1400 length = PAGE_SIZE - offset;
1401
1402 ret = shmem_pwrite(page, offset, length, user_data,
1403 page_to_phys(page) & obj_do_bit17_swizzling,
1404 (offset | length) & partial_cacheline_write,
1405 needs_clflush & CLFLUSH_AFTER);
1406 if (ret)
1407 break;
1408
1409 remain -= length;
1410 user_data += length;
1411 offset = 0;
1412 }
1413
1414 intel_fb_obj_flush(obj, ORIGIN_CPU);
1415 i915_gem_obj_finish_shmem_access(obj);
1416 return ret;
1417 }
1418
1419 /**
1420 * Writes data to the object referenced by handle.
1421 * @dev: drm device
1422 * @data: ioctl data blob
1423 * @file: drm file
1424 *
1425 * On error, the contents of the buffer that were to be modified are undefined.
1426 */
1427 int
1428 i915_gem_pwrite_ioctl(struct drm_device *dev, void *data,
1429 struct drm_file *file)
1430 {
1431 struct drm_i915_gem_pwrite *args = data;
1432 struct drm_i915_gem_object *obj;
1433 int ret;
1434
1435 if (args->size == 0)
1436 return 0;
1437
1438 if (!access_ok(VERIFY_READ,
1439 u64_to_user_ptr(args->data_ptr),
1440 args->size))
1441 return -EFAULT;
1442
1443 obj = i915_gem_object_lookup(file, args->handle);
1444 if (!obj)
1445 return -ENOENT;
1446
1447 /* Bounds check destination. */
1448 if (range_overflows_t(u64, args->offset, args->size, obj->base.size)) {
1449 ret = -EINVAL;
1450 goto err;
1451 }
1452
1453 trace_i915_gem_object_pwrite(obj, args->offset, args->size);
1454
1455 ret = -ENODEV;
1456 if (obj->ops->pwrite)
1457 ret = obj->ops->pwrite(obj, args);
1458 if (ret != -ENODEV)
1459 goto err;
1460
1461 ret = i915_gem_object_wait(obj,
1462 I915_WAIT_INTERRUPTIBLE |
1463 I915_WAIT_ALL,
1464 MAX_SCHEDULE_TIMEOUT,
1465 to_rps_client(file));
1466 if (ret)
1467 goto err;
1468
1469 ret = i915_gem_object_pin_pages(obj);
1470 if (ret)
1471 goto err;
1472
1473 ret = -EFAULT;
1474 /* We can only do the GTT pwrite on untiled buffers, as otherwise
1475 * it would end up going through the fenced access, and we'll get
1476 * different detiling behavior between reading and writing.
1477 * pread/pwrite currently are reading and writing from the CPU
1478 * perspective, requiring manual detiling by the client.
1479 */
1480 if (!i915_gem_object_has_struct_page(obj) ||
1481 cpu_write_needs_clflush(obj))
1482 /* Note that the gtt paths might fail with non-page-backed user
1483 * pointers (e.g. gtt mappings when moving data between
1484 * textures). Fallback to the shmem path in that case.
1485 */
1486 ret = i915_gem_gtt_pwrite_fast(obj, args);
1487
1488 if (ret == -EFAULT || ret == -ENOSPC) {
1489 if (obj->phys_handle)
1490 ret = i915_gem_phys_pwrite(obj, args, file);
1491 else
1492 ret = i915_gem_shmem_pwrite(obj, args);
1493 }
1494
1495 i915_gem_object_unpin_pages(obj);
1496 err:
1497 i915_gem_object_put(obj);
1498 return ret;
1499 }
1500
1501 static inline enum fb_op_origin
1502 write_origin(struct drm_i915_gem_object *obj, unsigned domain)
1503 {
1504 return (domain == I915_GEM_DOMAIN_GTT ?
1505 obj->frontbuffer_ggtt_origin : ORIGIN_CPU);
1506 }
1507
1508 static void i915_gem_object_bump_inactive_ggtt(struct drm_i915_gem_object *obj)
1509 {
1510 struct drm_i915_private *i915;
1511 struct list_head *list;
1512 struct i915_vma *vma;
1513
1514 list_for_each_entry(vma, &obj->vma_list, obj_link) {
1515 if (!i915_vma_is_ggtt(vma))
1516 break;
1517
1518 if (i915_vma_is_active(vma))
1519 continue;
1520
1521 if (!drm_mm_node_allocated(&vma->node))
1522 continue;
1523
1524 list_move_tail(&vma->vm_link, &vma->vm->inactive_list);
1525 }
1526
1527 i915 = to_i915(obj->base.dev);
1528 list = obj->bind_count ? &i915->mm.bound_list : &i915->mm.unbound_list;
1529 list_move_tail(&obj->global_link, list);
1530 }
1531
1532 /**
1533 * Called when user space prepares to use an object with the CPU, either
1534 * through the mmap ioctl's mapping or a GTT mapping.
1535 * @dev: drm device
1536 * @data: ioctl data blob
1537 * @file: drm file
1538 */
1539 int
1540 i915_gem_set_domain_ioctl(struct drm_device *dev, void *data,
1541 struct drm_file *file)
1542 {
1543 struct drm_i915_gem_set_domain *args = data;
1544 struct drm_i915_gem_object *obj;
1545 uint32_t read_domains = args->read_domains;
1546 uint32_t write_domain = args->write_domain;
1547 int err;
1548
1549 /* Only handle setting domains to types used by the CPU. */
1550 if ((write_domain | read_domains) & I915_GEM_GPU_DOMAINS)
1551 return -EINVAL;
1552
1553 /* Having something in the write domain implies it's in the read
1554 * domain, and only that read domain. Enforce that in the request.
1555 */
1556 if (write_domain != 0 && read_domains != write_domain)
1557 return -EINVAL;
1558
1559 obj = i915_gem_object_lookup(file, args->handle);
1560 if (!obj)
1561 return -ENOENT;
1562
1563 /* Try to flush the object off the GPU without holding the lock.
1564 * We will repeat the flush holding the lock in the normal manner
1565 * to catch cases where we are gazumped.
1566 */
1567 err = i915_gem_object_wait(obj,
1568 I915_WAIT_INTERRUPTIBLE |
1569 (write_domain ? I915_WAIT_ALL : 0),
1570 MAX_SCHEDULE_TIMEOUT,
1571 to_rps_client(file));
1572 if (err)
1573 goto out;
1574
1575 /* Flush and acquire obj->pages so that we are coherent through
1576 * direct access in memory with previous cached writes through
1577 * shmemfs and that our cache domain tracking remains valid.
1578 * For example, if the obj->filp was moved to swap without us
1579 * being notified and releasing the pages, we would mistakenly
1580 * continue to assume that the obj remained out of the CPU cached
1581 * domain.
1582 */
1583 err = i915_gem_object_pin_pages(obj);
1584 if (err)
1585 goto out;
1586
1587 err = i915_mutex_lock_interruptible(dev);
1588 if (err)
1589 goto out_unpin;
1590
1591 if (read_domains & I915_GEM_DOMAIN_GTT)
1592 err = i915_gem_object_set_to_gtt_domain(obj, write_domain != 0);
1593 else
1594 err = i915_gem_object_set_to_cpu_domain(obj, write_domain != 0);
1595
1596 /* And bump the LRU for this access */
1597 i915_gem_object_bump_inactive_ggtt(obj);
1598
1599 mutex_unlock(&dev->struct_mutex);
1600
1601 if (write_domain != 0)
1602 intel_fb_obj_invalidate(obj, write_origin(obj, write_domain));
1603
1604 out_unpin:
1605 i915_gem_object_unpin_pages(obj);
1606 out:
1607 i915_gem_object_put(obj);
1608 return err;
1609 }
1610
1611 /**
1612 * Called when user space has done writes to this buffer
1613 * @dev: drm device
1614 * @data: ioctl data blob
1615 * @file: drm file
1616 */
1617 int
1618 i915_gem_sw_finish_ioctl(struct drm_device *dev, void *data,
1619 struct drm_file *file)
1620 {
1621 struct drm_i915_gem_sw_finish *args = data;
1622 struct drm_i915_gem_object *obj;
1623
1624 obj = i915_gem_object_lookup(file, args->handle);
1625 if (!obj)
1626 return -ENOENT;
1627
1628 /* Pinned buffers may be scanout, so flush the cache */
1629 i915_gem_object_flush_if_display(obj);
1630 i915_gem_object_put(obj);
1631
1632 return 0;
1633 }
1634
1635 /**
1636 * i915_gem_mmap_ioctl - Maps the contents of an object, returning the address
1637 * it is mapped to.
1638 * @dev: drm device
1639 * @data: ioctl data blob
1640 * @file: drm file
1641 *
1642 * While the mapping holds a reference on the contents of the object, it doesn't
1643 * imply a ref on the object itself.
1644 *
1645 * IMPORTANT:
1646 *
1647 * DRM driver writers who look a this function as an example for how to do GEM
1648 * mmap support, please don't implement mmap support like here. The modern way
1649 * to implement DRM mmap support is with an mmap offset ioctl (like
1650 * i915_gem_mmap_gtt) and then using the mmap syscall on the DRM fd directly.
1651 * That way debug tooling like valgrind will understand what's going on, hiding
1652 * the mmap call in a driver private ioctl will break that. The i915 driver only
1653 * does cpu mmaps this way because we didn't know better.
1654 */
1655 int
1656 i915_gem_mmap_ioctl(struct drm_device *dev, void *data,
1657 struct drm_file *file)
1658 {
1659 struct drm_i915_gem_mmap *args = data;
1660 struct drm_i915_gem_object *obj;
1661 unsigned long addr;
1662
1663 if (args->flags & ~(I915_MMAP_WC))
1664 return -EINVAL;
1665
1666 if (args->flags & I915_MMAP_WC && !boot_cpu_has(X86_FEATURE_PAT))
1667 return -ENODEV;
1668
1669 obj = i915_gem_object_lookup(file, args->handle);
1670 if (!obj)
1671 return -ENOENT;
1672
1673 /* prime objects have no backing filp to GEM mmap
1674 * pages from.
1675 */
1676 if (!obj->base.filp) {
1677 i915_gem_object_put(obj);
1678 return -EINVAL;
1679 }
1680
1681 addr = vm_mmap(obj->base.filp, 0, args->size,
1682 PROT_READ | PROT_WRITE, MAP_SHARED,
1683 args->offset);
1684 if (args->flags & I915_MMAP_WC) {
1685 struct mm_struct *mm = current->mm;
1686 struct vm_area_struct *vma;
1687
1688 if (down_write_killable(&mm->mmap_sem)) {
1689 i915_gem_object_put(obj);
1690 return -EINTR;
1691 }
1692 vma = find_vma(mm, addr);
1693 if (vma)
1694 vma->vm_page_prot =
1695 pgprot_writecombine(vm_get_page_prot(vma->vm_flags));
1696 else
1697 addr = -ENOMEM;
1698 up_write(&mm->mmap_sem);
1699
1700 /* This may race, but that's ok, it only gets set */
1701 WRITE_ONCE(obj->frontbuffer_ggtt_origin, ORIGIN_CPU);
1702 }
1703 i915_gem_object_put(obj);
1704 if (IS_ERR((void *)addr))
1705 return addr;
1706
1707 args->addr_ptr = (uint64_t) addr;
1708
1709 return 0;
1710 }
1711
1712 static unsigned int tile_row_pages(struct drm_i915_gem_object *obj)
1713 {
1714 return i915_gem_object_get_tile_row_size(obj) >> PAGE_SHIFT;
1715 }
1716
1717 /**
1718 * i915_gem_mmap_gtt_version - report the current feature set for GTT mmaps
1719 *
1720 * A history of the GTT mmap interface:
1721 *
1722 * 0 - Everything had to fit into the GTT. Both parties of a memcpy had to
1723 * aligned and suitable for fencing, and still fit into the available
1724 * mappable space left by the pinned display objects. A classic problem
1725 * we called the page-fault-of-doom where we would ping-pong between
1726 * two objects that could not fit inside the GTT and so the memcpy
1727 * would page one object in at the expense of the other between every
1728 * single byte.
1729 *
1730 * 1 - Objects can be any size, and have any compatible fencing (X Y, or none
1731 * as set via i915_gem_set_tiling() [DRM_I915_GEM_SET_TILING]). If the
1732 * object is too large for the available space (or simply too large
1733 * for the mappable aperture!), a view is created instead and faulted
1734 * into userspace. (This view is aligned and sized appropriately for
1735 * fenced access.)
1736 *
1737 * Restrictions:
1738 *
1739 * * snoopable objects cannot be accessed via the GTT. It can cause machine
1740 * hangs on some architectures, corruption on others. An attempt to service
1741 * a GTT page fault from a snoopable object will generate a SIGBUS.
1742 *
1743 * * the object must be able to fit into RAM (physical memory, though no
1744 * limited to the mappable aperture).
1745 *
1746 *
1747 * Caveats:
1748 *
1749 * * a new GTT page fault will synchronize rendering from the GPU and flush
1750 * all data to system memory. Subsequent access will not be synchronized.
1751 *
1752 * * all mappings are revoked on runtime device suspend.
1753 *
1754 * * there are only 8, 16 or 32 fence registers to share between all users
1755 * (older machines require fence register for display and blitter access
1756 * as well). Contention of the fence registers will cause the previous users
1757 * to be unmapped and any new access will generate new page faults.
1758 *
1759 * * running out of memory while servicing a fault may generate a SIGBUS,
1760 * rather than the expected SIGSEGV.
1761 */
1762 int i915_gem_mmap_gtt_version(void)
1763 {
1764 return 1;
1765 }
1766
1767 static inline struct i915_ggtt_view
1768 compute_partial_view(struct drm_i915_gem_object *obj,
1769 pgoff_t page_offset,
1770 unsigned int chunk)
1771 {
1772 struct i915_ggtt_view view;
1773
1774 if (i915_gem_object_is_tiled(obj))
1775 chunk = roundup(chunk, tile_row_pages(obj));
1776
1777 view.type = I915_GGTT_VIEW_PARTIAL;
1778 view.partial.offset = rounddown(page_offset, chunk);
1779 view.partial.size =
1780 min_t(unsigned int, chunk,
1781 (obj->base.size >> PAGE_SHIFT) - view.partial.offset);
1782
1783 /* If the partial covers the entire object, just create a normal VMA. */
1784 if (chunk >= obj->base.size >> PAGE_SHIFT)
1785 view.type = I915_GGTT_VIEW_NORMAL;
1786
1787 return view;
1788 }
1789
1790 /**
1791 * i915_gem_fault - fault a page into the GTT
1792 * @vmf: fault info
1793 *
1794 * The fault handler is set up by drm_gem_mmap() when a object is GTT mapped
1795 * from userspace. The fault handler takes care of binding the object to
1796 * the GTT (if needed), allocating and programming a fence register (again,
1797 * only if needed based on whether the old reg is still valid or the object
1798 * is tiled) and inserting a new PTE into the faulting process.
1799 *
1800 * Note that the faulting process may involve evicting existing objects
1801 * from the GTT and/or fence registers to make room. So performance may
1802 * suffer if the GTT working set is large or there are few fence registers
1803 * left.
1804 *
1805 * The current feature set supported by i915_gem_fault() and thus GTT mmaps
1806 * is exposed via I915_PARAM_MMAP_GTT_VERSION (see i915_gem_mmap_gtt_version).
1807 */
1808 int i915_gem_fault(struct vm_fault *vmf)
1809 {
1810 #define MIN_CHUNK_PAGES ((1 << 20) >> PAGE_SHIFT) /* 1 MiB */
1811 struct vm_area_struct *area = vmf->vma;
1812 struct drm_i915_gem_object *obj = to_intel_bo(area->vm_private_data);
1813 struct drm_device *dev = obj->base.dev;
1814 struct drm_i915_private *dev_priv = to_i915(dev);
1815 struct i915_ggtt *ggtt = &dev_priv->ggtt;
1816 bool write = !!(vmf->flags & FAULT_FLAG_WRITE);
1817 struct i915_vma *vma;
1818 pgoff_t page_offset;
1819 unsigned int flags;
1820 int ret;
1821
1822 /* We don't use vmf->pgoff since that has the fake offset */
1823 page_offset = (vmf->address - area->vm_start) >> PAGE_SHIFT;
1824
1825 trace_i915_gem_object_fault(obj, page_offset, true, write);
1826
1827 /* Try to flush the object off the GPU first without holding the lock.
1828 * Upon acquiring the lock, we will perform our sanity checks and then
1829 * repeat the flush holding the lock in the normal manner to catch cases
1830 * where we are gazumped.
1831 */
1832 ret = i915_gem_object_wait(obj,
1833 I915_WAIT_INTERRUPTIBLE,
1834 MAX_SCHEDULE_TIMEOUT,
1835 NULL);
1836 if (ret)
1837 goto err;
1838
1839 ret = i915_gem_object_pin_pages(obj);
1840 if (ret)
1841 goto err;
1842
1843 intel_runtime_pm_get(dev_priv);
1844
1845 ret = i915_mutex_lock_interruptible(dev);
1846 if (ret)
1847 goto err_rpm;
1848
1849 /* Access to snoopable pages through the GTT is incoherent. */
1850 if (obj->cache_level != I915_CACHE_NONE && !HAS_LLC(dev_priv)) {
1851 ret = -EFAULT;
1852 goto err_unlock;
1853 }
1854
1855 /* If the object is smaller than a couple of partial vma, it is
1856 * not worth only creating a single partial vma - we may as well
1857 * clear enough space for the full object.
1858 */
1859 flags = PIN_MAPPABLE;
1860 if (obj->base.size > 2 * MIN_CHUNK_PAGES << PAGE_SHIFT)
1861 flags |= PIN_NONBLOCK | PIN_NONFAULT;
1862
1863 /* Now pin it into the GTT as needed */
1864 vma = i915_gem_object_ggtt_pin(obj, NULL, 0, 0, flags);
1865 if (IS_ERR(vma)) {
1866 /* Use a partial view if it is bigger than available space */
1867 struct i915_ggtt_view view =
1868 compute_partial_view(obj, page_offset, MIN_CHUNK_PAGES);
1869
1870 /* Userspace is now writing through an untracked VMA, abandon
1871 * all hope that the hardware is able to track future writes.
1872 */
1873 obj->frontbuffer_ggtt_origin = ORIGIN_CPU;
1874
1875 vma = i915_gem_object_ggtt_pin(obj, &view, 0, 0, PIN_MAPPABLE);
1876 }
1877 if (IS_ERR(vma)) {
1878 ret = PTR_ERR(vma);
1879 goto err_unlock;
1880 }
1881
1882 ret = i915_gem_object_set_to_gtt_domain(obj, write);
1883 if (ret)
1884 goto err_unpin;
1885
1886 ret = i915_vma_get_fence(vma);
1887 if (ret)
1888 goto err_unpin;
1889
1890 /* Mark as being mmapped into userspace for later revocation */
1891 assert_rpm_wakelock_held(dev_priv);
1892 if (list_empty(&obj->userfault_link))
1893 list_add(&obj->userfault_link, &dev_priv->mm.userfault_list);
1894
1895 /* Finally, remap it using the new GTT offset */
1896 ret = remap_io_mapping(area,
1897 area->vm_start + (vma->ggtt_view.partial.offset << PAGE_SHIFT),
1898 (ggtt->mappable_base + vma->node.start) >> PAGE_SHIFT,
1899 min_t(u64, vma->size, area->vm_end - area->vm_start),
1900 &ggtt->mappable);
1901
1902 err_unpin:
1903 __i915_vma_unpin(vma);
1904 err_unlock:
1905 mutex_unlock(&dev->struct_mutex);
1906 err_rpm:
1907 intel_runtime_pm_put(dev_priv);
1908 i915_gem_object_unpin_pages(obj);
1909 err:
1910 switch (ret) {
1911 case -EIO:
1912 /*
1913 * We eat errors when the gpu is terminally wedged to avoid
1914 * userspace unduly crashing (gl has no provisions for mmaps to
1915 * fail). But any other -EIO isn't ours (e.g. swap in failure)
1916 * and so needs to be reported.
1917 */
1918 if (!i915_terminally_wedged(&dev_priv->gpu_error)) {
1919 ret = VM_FAULT_SIGBUS;
1920 break;
1921 }
1922 case -EAGAIN:
1923 /*
1924 * EAGAIN means the gpu is hung and we'll wait for the error
1925 * handler to reset everything when re-faulting in
1926 * i915_mutex_lock_interruptible.
1927 */
1928 case 0:
1929 case -ERESTARTSYS:
1930 case -EINTR:
1931 case -EBUSY:
1932 /*
1933 * EBUSY is ok: this just means that another thread
1934 * already did the job.
1935 */
1936 ret = VM_FAULT_NOPAGE;
1937 break;
1938 case -ENOMEM:
1939 ret = VM_FAULT_OOM;
1940 break;
1941 case -ENOSPC:
1942 case -EFAULT:
1943 ret = VM_FAULT_SIGBUS;
1944 break;
1945 default:
1946 WARN_ONCE(ret, "unhandled error in i915_gem_fault: %i\n", ret);
1947 ret = VM_FAULT_SIGBUS;
1948 break;
1949 }
1950 return ret;
1951 }
1952
1953 /**
1954 * i915_gem_release_mmap - remove physical page mappings
1955 * @obj: obj in question
1956 *
1957 * Preserve the reservation of the mmapping with the DRM core code, but
1958 * relinquish ownership of the pages back to the system.
1959 *
1960 * It is vital that we remove the page mapping if we have mapped a tiled
1961 * object through the GTT and then lose the fence register due to
1962 * resource pressure. Similarly if the object has been moved out of the
1963 * aperture, than pages mapped into userspace must be revoked. Removing the
1964 * mapping will then trigger a page fault on the next user access, allowing
1965 * fixup by i915_gem_fault().
1966 */
1967 void
1968 i915_gem_release_mmap(struct drm_i915_gem_object *obj)
1969 {
1970 struct drm_i915_private *i915 = to_i915(obj->base.dev);
1971
1972 /* Serialisation between user GTT access and our code depends upon
1973 * revoking the CPU's PTE whilst the mutex is held. The next user
1974 * pagefault then has to wait until we release the mutex.
1975 *
1976 * Note that RPM complicates somewhat by adding an additional
1977 * requirement that operations to the GGTT be made holding the RPM
1978 * wakeref.
1979 */
1980 lockdep_assert_held(&i915->drm.struct_mutex);
1981 intel_runtime_pm_get(i915);
1982
1983 if (list_empty(&obj->userfault_link))
1984 goto out;
1985
1986 list_del_init(&obj->userfault_link);
1987 drm_vma_node_unmap(&obj->base.vma_node,
1988 obj->base.dev->anon_inode->i_mapping);
1989
1990 /* Ensure that the CPU's PTE are revoked and there are not outstanding
1991 * memory transactions from userspace before we return. The TLB
1992 * flushing implied above by changing the PTE above *should* be
1993 * sufficient, an extra barrier here just provides us with a bit
1994 * of paranoid documentation about our requirement to serialise
1995 * memory writes before touching registers / GSM.
1996 */
1997 wmb();
1998
1999 out:
2000 intel_runtime_pm_put(i915);
2001 }
2002
2003 void i915_gem_runtime_suspend(struct drm_i915_private *dev_priv)
2004 {
2005 struct drm_i915_gem_object *obj, *on;
2006 int i;
2007
2008 /*
2009 * Only called during RPM suspend. All users of the userfault_list
2010 * must be holding an RPM wakeref to ensure that this can not
2011 * run concurrently with themselves (and use the struct_mutex for
2012 * protection between themselves).
2013 */
2014
2015 list_for_each_entry_safe(obj, on,
2016 &dev_priv->mm.userfault_list, userfault_link) {
2017 list_del_init(&obj->userfault_link);
2018 drm_vma_node_unmap(&obj->base.vma_node,
2019 obj->base.dev->anon_inode->i_mapping);
2020 }
2021
2022 /* The fence will be lost when the device powers down. If any were
2023 * in use by hardware (i.e. they are pinned), we should not be powering
2024 * down! All other fences will be reacquired by the user upon waking.
2025 */
2026 for (i = 0; i < dev_priv->num_fence_regs; i++) {
2027 struct drm_i915_fence_reg *reg = &dev_priv->fence_regs[i];
2028
2029 /* Ideally we want to assert that the fence register is not
2030 * live at this point (i.e. that no piece of code will be
2031 * trying to write through fence + GTT, as that both violates
2032 * our tracking of activity and associated locking/barriers,
2033 * but also is illegal given that the hw is powered down).
2034 *
2035 * Previously we used reg->pin_count as a "liveness" indicator.
2036 * That is not sufficient, and we need a more fine-grained
2037 * tool if we want to have a sanity check here.
2038 */
2039
2040 if (!reg->vma)
2041 continue;
2042
2043 GEM_BUG_ON(!list_empty(&reg->vma->obj->userfault_link));
2044 reg->dirty = true;
2045 }
2046 }
2047
2048 static int i915_gem_object_create_mmap_offset(struct drm_i915_gem_object *obj)
2049 {
2050 struct drm_i915_private *dev_priv = to_i915(obj->base.dev);
2051 int err;
2052
2053 err = drm_gem_create_mmap_offset(&obj->base);
2054 if (likely(!err))
2055 return 0;
2056
2057 /* Attempt to reap some mmap space from dead objects */
2058 do {
2059 err = i915_gem_wait_for_idle(dev_priv, I915_WAIT_INTERRUPTIBLE);
2060 if (err)
2061 break;
2062
2063 i915_gem_drain_freed_objects(dev_priv);
2064 err = drm_gem_create_mmap_offset(&obj->base);
2065 if (!err)
2066 break;
2067
2068 } while (flush_delayed_work(&dev_priv->gt.retire_work));
2069
2070 return err;
2071 }
2072
2073 static void i915_gem_object_free_mmap_offset(struct drm_i915_gem_object *obj)
2074 {
2075 drm_gem_free_mmap_offset(&obj->base);
2076 }
2077
2078 int
2079 i915_gem_mmap_gtt(struct drm_file *file,
2080 struct drm_device *dev,
2081 uint32_t handle,
2082 uint64_t *offset)
2083 {
2084 struct drm_i915_gem_object *obj;
2085 int ret;
2086
2087 obj = i915_gem_object_lookup(file, handle);
2088 if (!obj)
2089 return -ENOENT;
2090
2091 ret = i915_gem_object_create_mmap_offset(obj);
2092 if (ret == 0)
2093 *offset = drm_vma_node_offset_addr(&obj->base.vma_node);
2094
2095 i915_gem_object_put(obj);
2096 return ret;
2097 }
2098
2099 /**
2100 * i915_gem_mmap_gtt_ioctl - prepare an object for GTT mmap'ing
2101 * @dev: DRM device
2102 * @data: GTT mapping ioctl data
2103 * @file: GEM object info
2104 *
2105 * Simply returns the fake offset to userspace so it can mmap it.
2106 * The mmap call will end up in drm_gem_mmap(), which will set things
2107 * up so we can get faults in the handler above.
2108 *
2109 * The fault handler will take care of binding the object into the GTT
2110 * (since it may have been evicted to make room for something), allocating
2111 * a fence register, and mapping the appropriate aperture address into
2112 * userspace.
2113 */
2114 int
2115 i915_gem_mmap_gtt_ioctl(struct drm_device *dev, void *data,
2116 struct drm_file *file)
2117 {
2118 struct drm_i915_gem_mmap_gtt *args = data;
2119
2120 return i915_gem_mmap_gtt(file, dev, args->handle, &args->offset);
2121 }
2122
2123 /* Immediately discard the backing storage */
2124 static void
2125 i915_gem_object_truncate(struct drm_i915_gem_object *obj)
2126 {
2127 i915_gem_object_free_mmap_offset(obj);
2128
2129 if (obj->base.filp == NULL)
2130 return;
2131
2132 /* Our goal here is to return as much of the memory as
2133 * is possible back to the system as we are called from OOM.
2134 * To do this we must instruct the shmfs to drop all of its
2135 * backing pages, *now*.
2136 */
2137 shmem_truncate_range(file_inode(obj->base.filp), 0, (loff_t)-1);
2138 obj->mm.madv = __I915_MADV_PURGED;
2139 obj->mm.pages = ERR_PTR(-EFAULT);
2140 }
2141
2142 /* Try to discard unwanted pages */
2143 void __i915_gem_object_invalidate(struct drm_i915_gem_object *obj)
2144 {
2145 struct address_space *mapping;
2146
2147 lockdep_assert_held(&obj->mm.lock);
2148 GEM_BUG_ON(obj->mm.pages);
2149
2150 switch (obj->mm.madv) {
2151 case I915_MADV_DONTNEED:
2152 i915_gem_object_truncate(obj);
2153 case __I915_MADV_PURGED:
2154 return;
2155 }
2156
2157 if (obj->base.filp == NULL)
2158 return;
2159
2160 mapping = obj->base.filp->f_mapping,
2161 invalidate_mapping_pages(mapping, 0, (loff_t)-1);
2162 }
2163
2164 static void
2165 i915_gem_object_put_pages_gtt(struct drm_i915_gem_object *obj,
2166 struct sg_table *pages)
2167 {
2168 struct sgt_iter sgt_iter;
2169 struct page *page;
2170
2171 __i915_gem_object_release_shmem(obj, pages, true);
2172
2173 i915_gem_gtt_finish_pages(obj, pages);
2174
2175 if (i915_gem_object_needs_bit17_swizzle(obj))
2176 i915_gem_object_save_bit_17_swizzle(obj, pages);
2177
2178 for_each_sgt_page(page, sgt_iter, pages) {
2179 if (obj->mm.dirty)
2180 set_page_dirty(page);
2181
2182 if (obj->mm.madv == I915_MADV_WILLNEED)
2183 mark_page_accessed(page);
2184
2185 put_page(page);
2186 }
2187 obj->mm.dirty = false;
2188
2189 sg_free_table(pages);
2190 kfree(pages);
2191 }
2192
2193 static void __i915_gem_object_reset_page_iter(struct drm_i915_gem_object *obj)
2194 {
2195 struct radix_tree_iter iter;
2196 void **slot;
2197
2198 radix_tree_for_each_slot(slot, &obj->mm.get_page.radix, &iter, 0)
2199 radix_tree_delete(&obj->mm.get_page.radix, iter.index);
2200 }
2201
2202 void __i915_gem_object_put_pages(struct drm_i915_gem_object *obj,
2203 enum i915_mm_subclass subclass)
2204 {
2205 struct sg_table *pages;
2206
2207 if (i915_gem_object_has_pinned_pages(obj))
2208 return;
2209
2210 GEM_BUG_ON(obj->bind_count);
2211 if (!READ_ONCE(obj->mm.pages))
2212 return;
2213
2214 /* May be called by shrinker from within get_pages() (on another bo) */
2215 mutex_lock_nested(&obj->mm.lock, subclass);
2216 if (unlikely(atomic_read(&obj->mm.pages_pin_count)))
2217 goto unlock;
2218
2219 /* ->put_pages might need to allocate memory for the bit17 swizzle
2220 * array, hence protect them from being reaped by removing them from gtt
2221 * lists early. */
2222 pages = fetch_and_zero(&obj->mm.pages);
2223 GEM_BUG_ON(!pages);
2224
2225 if (obj->mm.mapping) {
2226 void *ptr;
2227
2228 ptr = ptr_mask_bits(obj->mm.mapping);
2229 if (is_vmalloc_addr(ptr))
2230 vunmap(ptr);
2231 else
2232 kunmap(kmap_to_page(ptr));
2233
2234 obj->mm.mapping = NULL;
2235 }
2236
2237 __i915_gem_object_reset_page_iter(obj);
2238
2239 if (!IS_ERR(pages))
2240 obj->ops->put_pages(obj, pages);
2241
2242 unlock:
2243 mutex_unlock(&obj->mm.lock);
2244 }
2245
2246 static bool i915_sg_trim(struct sg_table *orig_st)
2247 {
2248 struct sg_table new_st;
2249 struct scatterlist *sg, *new_sg;
2250 unsigned int i;
2251
2252 if (orig_st->nents == orig_st->orig_nents)
2253 return false;
2254
2255 if (sg_alloc_table(&new_st, orig_st->nents, GFP_KERNEL | __GFP_NOWARN))
2256 return false;
2257
2258 new_sg = new_st.sgl;
2259 for_each_sg(orig_st->sgl, sg, orig_st->nents, i) {
2260 sg_set_page(new_sg, sg_page(sg), sg->length, 0);
2261 /* called before being DMA mapped, no need to copy sg->dma_* */
2262 new_sg = sg_next(new_sg);
2263 }
2264 GEM_BUG_ON(new_sg); /* Should walk exactly nents and hit the end */
2265
2266 sg_free_table(orig_st);
2267
2268 *orig_st = new_st;
2269 return true;
2270 }
2271
2272 static struct sg_table *
2273 i915_gem_object_get_pages_gtt(struct drm_i915_gem_object *obj)
2274 {
2275 struct drm_i915_private *dev_priv = to_i915(obj->base.dev);
2276 const unsigned long page_count = obj->base.size / PAGE_SIZE;
2277 unsigned long i;
2278 struct address_space *mapping;
2279 struct sg_table *st;
2280 struct scatterlist *sg;
2281 struct sgt_iter sgt_iter;
2282 struct page *page;
2283 unsigned long last_pfn = 0; /* suppress gcc warning */
2284 unsigned int max_segment;
2285 int ret;
2286 gfp_t gfp;
2287
2288 /* Assert that the object is not currently in any GPU domain. As it
2289 * wasn't in the GTT, there shouldn't be any way it could have been in
2290 * a GPU cache
2291 */
2292 GEM_BUG_ON(obj->base.read_domains & I915_GEM_GPU_DOMAINS);
2293 GEM_BUG_ON(obj->base.write_domain & I915_GEM_GPU_DOMAINS);
2294
2295 max_segment = swiotlb_max_segment();
2296 if (!max_segment)
2297 max_segment = rounddown(UINT_MAX, PAGE_SIZE);
2298
2299 st = kmalloc(sizeof(*st), GFP_KERNEL);
2300 if (st == NULL)
2301 return ERR_PTR(-ENOMEM);
2302
2303 rebuild_st:
2304 if (sg_alloc_table(st, page_count, GFP_KERNEL)) {
2305 kfree(st);
2306 return ERR_PTR(-ENOMEM);
2307 }
2308
2309 /* Get the list of pages out of our struct file. They'll be pinned
2310 * at this point until we release them.
2311 *
2312 * Fail silently without starting the shrinker
2313 */
2314 mapping = obj->base.filp->f_mapping;
2315 gfp = mapping_gfp_constraint(mapping, ~(__GFP_IO | __GFP_RECLAIM));
2316 gfp |= __GFP_NORETRY | __GFP_NOWARN;
2317 sg = st->sgl;
2318 st->nents = 0;
2319 for (i = 0; i < page_count; i++) {
2320 page = shmem_read_mapping_page_gfp(mapping, i, gfp);
2321 if (IS_ERR(page)) {
2322 i915_gem_shrink(dev_priv,
2323 page_count,
2324 I915_SHRINK_BOUND |
2325 I915_SHRINK_UNBOUND |
2326 I915_SHRINK_PURGEABLE);
2327 page = shmem_read_mapping_page_gfp(mapping, i, gfp);
2328 }
2329 if (IS_ERR(page)) {
2330 /* We've tried hard to allocate the memory by reaping
2331 * our own buffer, now let the real VM do its job and
2332 * go down in flames if truly OOM.
2333 */
2334 page = shmem_read_mapping_page(mapping, i);
2335 if (IS_ERR(page)) {
2336 ret = PTR_ERR(page);
2337 goto err_sg;
2338 }
2339 }
2340 if (!i ||
2341 sg->length >= max_segment ||
2342 page_to_pfn(page) != last_pfn + 1) {
2343 if (i)
2344 sg = sg_next(sg);
2345 st->nents++;
2346 sg_set_page(sg, page, PAGE_SIZE, 0);
2347 } else {
2348 sg->length += PAGE_SIZE;
2349 }
2350 last_pfn = page_to_pfn(page);
2351
2352 /* Check that the i965g/gm workaround works. */
2353 WARN_ON((gfp & __GFP_DMA32) && (last_pfn >= 0x00100000UL));
2354 }
2355 if (sg) /* loop terminated early; short sg table */
2356 sg_mark_end(sg);
2357
2358 /* Trim unused sg entries to avoid wasting memory. */
2359 i915_sg_trim(st);
2360
2361 ret = i915_gem_gtt_prepare_pages(obj, st);
2362 if (ret) {
2363 /* DMA remapping failed? One possible cause is that
2364 * it could not reserve enough large entries, asking
2365 * for PAGE_SIZE chunks instead may be helpful.
2366 */
2367 if (max_segment > PAGE_SIZE) {
2368 for_each_sgt_page(page, sgt_iter, st)
2369 put_page(page);
2370 sg_free_table(st);
2371
2372 max_segment = PAGE_SIZE;
2373 goto rebuild_st;
2374 } else {
2375 dev_warn(&dev_priv->drm.pdev->dev,
2376 "Failed to DMA remap %lu pages\n",
2377 page_count);
2378 goto err_pages;
2379 }
2380 }
2381
2382 if (i915_gem_object_needs_bit17_swizzle(obj))
2383 i915_gem_object_do_bit_17_swizzle(obj, st);
2384
2385 return st;
2386
2387 err_sg:
2388 sg_mark_end(sg);
2389 err_pages:
2390 for_each_sgt_page(page, sgt_iter, st)
2391 put_page(page);
2392 sg_free_table(st);
2393 kfree(st);
2394
2395 /* shmemfs first checks if there is enough memory to allocate the page
2396 * and reports ENOSPC should there be insufficient, along with the usual
2397 * ENOMEM for a genuine allocation failure.
2398 *
2399 * We use ENOSPC in our driver to mean that we have run out of aperture
2400 * space and so want to translate the error from shmemfs back to our
2401 * usual understanding of ENOMEM.
2402 */
2403 if (ret == -ENOSPC)
2404 ret = -ENOMEM;
2405
2406 return ERR_PTR(ret);
2407 }
2408
2409 void __i915_gem_object_set_pages(struct drm_i915_gem_object *obj,
2410 struct sg_table *pages)
2411 {
2412 lockdep_assert_held(&obj->mm.lock);
2413
2414 obj->mm.get_page.sg_pos = pages->sgl;
2415 obj->mm.get_page.sg_idx = 0;
2416
2417 obj->mm.pages = pages;
2418
2419 if (i915_gem_object_is_tiled(obj) &&
2420 to_i915(obj->base.dev)->quirks & QUIRK_PIN_SWIZZLED_PAGES) {
2421 GEM_BUG_ON(obj->mm.quirked);
2422 __i915_gem_object_pin_pages(obj);
2423 obj->mm.quirked = true;
2424 }
2425 }
2426
2427 static int ____i915_gem_object_get_pages(struct drm_i915_gem_object *obj)
2428 {
2429 struct sg_table *pages;
2430
2431 GEM_BUG_ON(i915_gem_object_has_pinned_pages(obj));
2432
2433 if (unlikely(obj->mm.madv != I915_MADV_WILLNEED)) {
2434 DRM_DEBUG("Attempting to obtain a purgeable object\n");
2435 return -EFAULT;
2436 }
2437
2438 pages = obj->ops->get_pages(obj);
2439 if (unlikely(IS_ERR(pages)))
2440 return PTR_ERR(pages);
2441
2442 __i915_gem_object_set_pages(obj, pages);
2443 return 0;
2444 }
2445
2446 /* Ensure that the associated pages are gathered from the backing storage
2447 * and pinned into our object. i915_gem_object_pin_pages() may be called
2448 * multiple times before they are released by a single call to
2449 * i915_gem_object_unpin_pages() - once the pages are no longer referenced
2450 * either as a result of memory pressure (reaping pages under the shrinker)
2451 * or as the object is itself released.
2452 */
2453 int __i915_gem_object_get_pages(struct drm_i915_gem_object *obj)
2454 {
2455 int err;
2456
2457 err = mutex_lock_interruptible(&obj->mm.lock);
2458 if (err)
2459 return err;
2460
2461 if (unlikely(IS_ERR_OR_NULL(obj->mm.pages))) {
2462 err = ____i915_gem_object_get_pages(obj);
2463 if (err)
2464 goto unlock;
2465
2466 smp_mb__before_atomic();
2467 }
2468 atomic_inc(&obj->mm.pages_pin_count);
2469
2470 unlock:
2471 mutex_unlock(&obj->mm.lock);
2472 return err;
2473 }
2474
2475 /* The 'mapping' part of i915_gem_object_pin_map() below */
2476 static void *i915_gem_object_map(const struct drm_i915_gem_object *obj,
2477 enum i915_map_type type)
2478 {
2479 unsigned long n_pages = obj->base.size >> PAGE_SHIFT;
2480 struct sg_table *sgt = obj->mm.pages;
2481 struct sgt_iter sgt_iter;
2482 struct page *page;
2483 struct page *stack_pages[32];
2484 struct page **pages = stack_pages;
2485 unsigned long i = 0;
2486 pgprot_t pgprot;
2487 void *addr;
2488
2489 /* A single page can always be kmapped */
2490 if (n_pages == 1 && type == I915_MAP_WB)
2491 return kmap(sg_page(sgt->sgl));
2492
2493 if (n_pages > ARRAY_SIZE(stack_pages)) {
2494 /* Too big for stack -- allocate temporary array instead */
2495 pages = drm_malloc_gfp(n_pages, sizeof(*pages), GFP_TEMPORARY);
2496 if (!pages)
2497 return NULL;
2498 }
2499
2500 for_each_sgt_page(page, sgt_iter, sgt)
2501 pages[i++] = page;
2502
2503 /* Check that we have the expected number of pages */
2504 GEM_BUG_ON(i != n_pages);
2505
2506 switch (type) {
2507 case I915_MAP_WB:
2508 pgprot = PAGE_KERNEL;
2509 break;
2510 case I915_MAP_WC:
2511 pgprot = pgprot_writecombine(PAGE_KERNEL_IO);
2512 break;
2513 }
2514 addr = vmap(pages, n_pages, 0, pgprot);
2515
2516 if (pages != stack_pages)
2517 drm_free_large(pages);
2518
2519 return addr;
2520 }
2521
2522 /* get, pin, and map the pages of the object into kernel space */
2523 void *i915_gem_object_pin_map(struct drm_i915_gem_object *obj,
2524 enum i915_map_type type)
2525 {
2526 enum i915_map_type has_type;
2527 bool pinned;
2528 void *ptr;
2529 int ret;
2530
2531 GEM_BUG_ON(!i915_gem_object_has_struct_page(obj));
2532
2533 ret = mutex_lock_interruptible(&obj->mm.lock);
2534 if (ret)
2535 return ERR_PTR(ret);
2536
2537 pinned = true;
2538 if (!atomic_inc_not_zero(&obj->mm.pages_pin_count)) {
2539 if (unlikely(IS_ERR_OR_NULL(obj->mm.pages))) {
2540 ret = ____i915_gem_object_get_pages(obj);
2541 if (ret)
2542 goto err_unlock;
2543
2544 smp_mb__before_atomic();
2545 }
2546 atomic_inc(&obj->mm.pages_pin_count);
2547 pinned = false;
2548 }
2549 GEM_BUG_ON(!obj->mm.pages);
2550
2551 ptr = ptr_unpack_bits(obj->mm.mapping, has_type);
2552 if (ptr && has_type != type) {
2553 if (pinned) {
2554 ret = -EBUSY;
2555 goto err_unpin;
2556 }
2557
2558 if (is_vmalloc_addr(ptr))
2559 vunmap(ptr);
2560 else
2561 kunmap(kmap_to_page(ptr));
2562
2563 ptr = obj->mm.mapping = NULL;
2564 }
2565
2566 if (!ptr) {
2567 ptr = i915_gem_object_map(obj, type);
2568 if (!ptr) {
2569 ret = -ENOMEM;
2570 goto err_unpin;
2571 }
2572
2573 obj->mm.mapping = ptr_pack_bits(ptr, type);
2574 }
2575
2576 out_unlock:
2577 mutex_unlock(&obj->mm.lock);
2578 return ptr;
2579
2580 err_unpin:
2581 atomic_dec(&obj->mm.pages_pin_count);
2582 err_unlock:
2583 ptr = ERR_PTR(ret);
2584 goto out_unlock;
2585 }
2586
2587 static int
2588 i915_gem_object_pwrite_gtt(struct drm_i915_gem_object *obj,
2589 const struct drm_i915_gem_pwrite *arg)
2590 {
2591 struct address_space *mapping = obj->base.filp->f_mapping;
2592 char __user *user_data = u64_to_user_ptr(arg->data_ptr);
2593 u64 remain, offset;
2594 unsigned int pg;
2595
2596 /* Before we instantiate/pin the backing store for our use, we
2597 * can prepopulate the shmemfs filp efficiently using a write into
2598 * the pagecache. We avoid the penalty of instantiating all the
2599 * pages, important if the user is just writing to a few and never
2600 * uses the object on the GPU, and using a direct write into shmemfs
2601 * allows it to avoid the cost of retrieving a page (either swapin
2602 * or clearing-before-use) before it is overwritten.
2603 */
2604 if (READ_ONCE(obj->mm.pages))
2605 return -ENODEV;
2606
2607 /* Before the pages are instantiated the object is treated as being
2608 * in the CPU domain. The pages will be clflushed as required before
2609 * use, and we can freely write into the pages directly. If userspace
2610 * races pwrite with any other operation; corruption will ensue -
2611 * that is userspace's prerogative!
2612 */
2613
2614 remain = arg->size;
2615 offset = arg->offset;
2616 pg = offset_in_page(offset);
2617
2618 do {
2619 unsigned int len, unwritten;
2620 struct page *page;
2621 void *data, *vaddr;
2622 int err;
2623
2624 len = PAGE_SIZE - pg;
2625 if (len > remain)
2626 len = remain;
2627
2628 err = pagecache_write_begin(obj->base.filp, mapping,
2629 offset, len, 0,
2630 &page, &data);
2631 if (err < 0)
2632 return err;
2633
2634 vaddr = kmap(page);
2635 unwritten = copy_from_user(vaddr + pg, user_data, len);
2636 kunmap(page);
2637
2638 err = pagecache_write_end(obj->base.filp, mapping,
2639 offset, len, len - unwritten,
2640 page, data);
2641 if (err < 0)
2642 return err;
2643
2644 if (unwritten)
2645 return -EFAULT;
2646
2647 remain -= len;
2648 user_data += len;
2649 offset += len;
2650 pg = 0;
2651 } while (remain);
2652
2653 return 0;
2654 }
2655
2656 static bool ban_context(const struct i915_gem_context *ctx)
2657 {
2658 return (i915_gem_context_is_bannable(ctx) &&
2659 ctx->ban_score >= CONTEXT_SCORE_BAN_THRESHOLD);
2660 }
2661
2662 static void i915_gem_context_mark_guilty(struct i915_gem_context *ctx)
2663 {
2664 ctx->guilty_count++;
2665 ctx->ban_score += CONTEXT_SCORE_GUILTY;
2666 if (ban_context(ctx))
2667 i915_gem_context_set_banned(ctx);
2668
2669 DRM_DEBUG_DRIVER("context %s marked guilty (score %d) banned? %s\n",
2670 ctx->name, ctx->ban_score,
2671 yesno(i915_gem_context_is_banned(ctx)));
2672
2673 if (!i915_gem_context_is_banned(ctx) || IS_ERR_OR_NULL(ctx->file_priv))
2674 return;
2675
2676 ctx->file_priv->context_bans++;
2677 DRM_DEBUG_DRIVER("client %s has had %d context banned\n",
2678 ctx->name, ctx->file_priv->context_bans);
2679 }
2680
2681 static void i915_gem_context_mark_innocent(struct i915_gem_context *ctx)
2682 {
2683 ctx->active_count++;
2684 }
2685
2686 struct drm_i915_gem_request *
2687 i915_gem_find_active_request(struct intel_engine_cs *engine)
2688 {
2689 struct drm_i915_gem_request *request, *active = NULL;
2690 unsigned long flags;
2691
2692 /* We are called by the error capture and reset at a random
2693 * point in time. In particular, note that neither is crucially
2694 * ordered with an interrupt. After a hang, the GPU is dead and we
2695 * assume that no more writes can happen (we waited long enough for
2696 * all writes that were in transaction to be flushed) - adding an
2697 * extra delay for a recent interrupt is pointless. Hence, we do
2698 * not need an engine->irq_seqno_barrier() before the seqno reads.
2699 */
2700 spin_lock_irqsave(&engine->timeline->lock, flags);
2701 list_for_each_entry(request, &engine->timeline->requests, link) {
2702 if (__i915_gem_request_completed(request,
2703 request->global_seqno))
2704 continue;
2705
2706 GEM_BUG_ON(request->engine != engine);
2707 GEM_BUG_ON(test_bit(DMA_FENCE_FLAG_SIGNALED_BIT,
2708 &request->fence.flags));
2709
2710 active = request;
2711 break;
2712 }
2713 spin_unlock_irqrestore(&engine->timeline->lock, flags);
2714
2715 return active;
2716 }
2717
2718 static bool engine_stalled(struct intel_engine_cs *engine)
2719 {
2720 if (!engine->hangcheck.stalled)
2721 return false;
2722
2723 /* Check for possible seqno movement after hang declaration */
2724 if (engine->hangcheck.seqno != intel_engine_get_seqno(engine)) {
2725 DRM_DEBUG_DRIVER("%s pardoned\n", engine->name);
2726 return false;
2727 }
2728
2729 return true;
2730 }
2731
2732 int i915_gem_reset_prepare(struct drm_i915_private *dev_priv)
2733 {
2734 struct intel_engine_cs *engine;
2735 enum intel_engine_id id;
2736 int err = 0;
2737
2738 /* Ensure irq handler finishes, and not run again. */
2739 for_each_engine(engine, dev_priv, id) {
2740 struct drm_i915_gem_request *request;
2741
2742 /* Prevent the signaler thread from updating the request
2743 * state (by calling dma_fence_signal) as we are processing
2744 * the reset. The write from the GPU of the seqno is
2745 * asynchronous and the signaler thread may see a different
2746 * value to us and declare the request complete, even though
2747 * the reset routine have picked that request as the active
2748 * (incomplete) request. This conflict is not handled
2749 * gracefully!
2750 */
2751 kthread_park(engine->breadcrumbs.signaler);
2752
2753 /* Prevent request submission to the hardware until we have
2754 * completed the reset in i915_gem_reset_finish(). If a request
2755 * is completed by one engine, it may then queue a request
2756 * to a second via its engine->irq_tasklet *just* as we are
2757 * calling engine->init_hw() and also writing the ELSP.
2758 * Turning off the engine->irq_tasklet until the reset is over
2759 * prevents the race.
2760 */
2761 tasklet_kill(&engine->irq_tasklet);
2762 tasklet_disable(&engine->irq_tasklet);
2763
2764 if (engine->irq_seqno_barrier)
2765 engine->irq_seqno_barrier(engine);
2766
2767 if (engine_stalled(engine)) {
2768 request = i915_gem_find_active_request(engine);
2769 if (request && request->fence.error == -EIO)
2770 err = -EIO; /* Previous reset failed! */
2771 }
2772 }
2773
2774 i915_gem_revoke_fences(dev_priv);
2775
2776 return err;
2777 }
2778
2779 static void skip_request(struct drm_i915_gem_request *request)
2780 {
2781 void *vaddr = request->ring->vaddr;
2782 u32 head;
2783
2784 /* As this request likely depends on state from the lost
2785 * context, clear out all the user operations leaving the
2786 * breadcrumb at the end (so we get the fence notifications).
2787 */
2788 head = request->head;
2789 if (request->postfix < head) {
2790 memset(vaddr + head, 0, request->ring->size - head);
2791 head = 0;
2792 }
2793 memset(vaddr + head, 0, request->postfix - head);
2794
2795 dma_fence_set_error(&request->fence, -EIO);
2796 }
2797
2798 static void engine_skip_context(struct drm_i915_gem_request *request)
2799 {
2800 struct intel_engine_cs *engine = request->engine;
2801 struct i915_gem_context *hung_ctx = request->ctx;
2802 struct intel_timeline *timeline;
2803 unsigned long flags;
2804
2805 timeline = i915_gem_context_lookup_timeline(hung_ctx, engine);
2806
2807 spin_lock_irqsave(&engine->timeline->lock, flags);
2808 spin_lock(&timeline->lock);
2809
2810 list_for_each_entry_continue(request, &engine->timeline->requests, link)
2811 if (request->ctx == hung_ctx)
2812 skip_request(request);
2813
2814 list_for_each_entry(request, &timeline->requests, link)
2815 skip_request(request);
2816
2817 spin_unlock(&timeline->lock);
2818 spin_unlock_irqrestore(&engine->timeline->lock, flags);
2819 }
2820
2821 /* Returns true if the request was guilty of hang */
2822 static bool i915_gem_reset_request(struct drm_i915_gem_request *request)
2823 {
2824 /* Read once and return the resolution */
2825 const bool guilty = engine_stalled(request->engine);
2826
2827 /* The guilty request will get skipped on a hung engine.
2828 *
2829 * Users of client default contexts do not rely on logical
2830 * state preserved between batches so it is safe to execute
2831 * queued requests following the hang. Non default contexts
2832 * rely on preserved state, so skipping a batch loses the
2833 * evolution of the state and it needs to be considered corrupted.
2834 * Executing more queued batches on top of corrupted state is
2835 * risky. But we take the risk by trying to advance through
2836 * the queued requests in order to make the client behaviour
2837 * more predictable around resets, by not throwing away random
2838 * amount of batches it has prepared for execution. Sophisticated
2839 * clients can use gem_reset_stats_ioctl and dma fence status
2840 * (exported via sync_file info ioctl on explicit fences) to observe
2841 * when it loses the context state and should rebuild accordingly.
2842 *
2843 * The context ban, and ultimately the client ban, mechanism are safety
2844 * valves if client submission ends up resulting in nothing more than
2845 * subsequent hangs.
2846 */
2847
2848 if (guilty) {
2849 i915_gem_context_mark_guilty(request->ctx);
2850 skip_request(request);
2851 } else {
2852 i915_gem_context_mark_innocent(request->ctx);
2853 dma_fence_set_error(&request->fence, -EAGAIN);
2854 }
2855
2856 return guilty;
2857 }
2858
2859 static void i915_gem_reset_engine(struct intel_engine_cs *engine)
2860 {
2861 struct drm_i915_gem_request *request;
2862
2863 request = i915_gem_find_active_request(engine);
2864 if (request && i915_gem_reset_request(request)) {
2865 DRM_DEBUG_DRIVER("resetting %s to restart from tail of request 0x%x\n",
2866 engine->name, request->global_seqno);
2867
2868 /* If this context is now banned, skip all pending requests. */
2869 if (i915_gem_context_is_banned(request->ctx))
2870 engine_skip_context(request);
2871 }
2872
2873 /* Setup the CS to resume from the breadcrumb of the hung request */
2874 engine->reset_hw(engine, request);
2875 }
2876
2877 void i915_gem_reset(struct drm_i915_private *dev_priv)
2878 {
2879 struct intel_engine_cs *engine;
2880 enum intel_engine_id id;
2881
2882 lockdep_assert_held(&dev_priv->drm.struct_mutex);
2883
2884 i915_gem_retire_requests(dev_priv);
2885
2886 for_each_engine(engine, dev_priv, id) {
2887 struct i915_gem_context *ctx;
2888
2889 i915_gem_reset_engine(engine);
2890 ctx = fetch_and_zero(&engine->last_retired_context);
2891 if (ctx)
2892 engine->context_unpin(engine, ctx);
2893 }
2894
2895 i915_gem_restore_fences(dev_priv);
2896
2897 if (dev_priv->gt.awake) {
2898 intel_sanitize_gt_powersave(dev_priv);
2899 intel_enable_gt_powersave(dev_priv);
2900 if (INTEL_GEN(dev_priv) >= 6)
2901 gen6_rps_busy(dev_priv);
2902 }
2903 }
2904
2905 void i915_gem_reset_finish(struct drm_i915_private *dev_priv)
2906 {
2907 struct intel_engine_cs *engine;
2908 enum intel_engine_id id;
2909
2910 lockdep_assert_held(&dev_priv->drm.struct_mutex);
2911
2912 for_each_engine(engine, dev_priv, id) {
2913 tasklet_enable(&engine->irq_tasklet);
2914 kthread_unpark(engine->breadcrumbs.signaler);
2915 }
2916 }
2917
2918 static void nop_submit_request(struct drm_i915_gem_request *request)
2919 {
2920 dma_fence_set_error(&request->fence, -EIO);
2921 i915_gem_request_submit(request);
2922 intel_engine_init_global_seqno(request->engine, request->global_seqno);
2923 }
2924
2925 static void engine_set_wedged(struct intel_engine_cs *engine)
2926 {
2927 struct drm_i915_gem_request *request;
2928 unsigned long flags;
2929
2930 /* We need to be sure that no thread is running the old callback as
2931 * we install the nop handler (otherwise we would submit a request
2932 * to hardware that will never complete). In order to prevent this
2933 * race, we wait until the machine is idle before making the swap
2934 * (using stop_machine()).
2935 */
2936 engine->submit_request = nop_submit_request;
2937
2938 /* Mark all executing requests as skipped */
2939 spin_lock_irqsave(&engine->timeline->lock, flags);
2940 list_for_each_entry(request, &engine->timeline->requests, link)
2941 dma_fence_set_error(&request->fence, -EIO);
2942 spin_unlock_irqrestore(&engine->timeline->lock, flags);
2943
2944 /* Mark all pending requests as complete so that any concurrent
2945 * (lockless) lookup doesn't try and wait upon the request as we
2946 * reset it.
2947 */
2948 intel_engine_init_global_seqno(engine,
2949 intel_engine_last_submit(engine));
2950
2951 /*
2952 * Clear the execlists queue up before freeing the requests, as those
2953 * are the ones that keep the context and ringbuffer backing objects
2954 * pinned in place.
2955 */
2956
2957 if (i915.enable_execlists) {
2958 unsigned long flags;
2959
2960 spin_lock_irqsave(&engine->timeline->lock, flags);
2961
2962 i915_gem_request_put(engine->execlist_port[0].request);
2963 i915_gem_request_put(engine->execlist_port[1].request);
2964 memset(engine->execlist_port, 0, sizeof(engine->execlist_port));
2965 engine->execlist_queue = RB_ROOT;
2966 engine->execlist_first = NULL;
2967
2968 spin_unlock_irqrestore(&engine->timeline->lock, flags);
2969 }
2970 }
2971
2972 static int __i915_gem_set_wedged_BKL(void *data)
2973 {
2974 struct drm_i915_private *i915 = data;
2975 struct intel_engine_cs *engine;
2976 enum intel_engine_id id;
2977
2978 for_each_engine(engine, i915, id)
2979 engine_set_wedged(engine);
2980
2981 return 0;
2982 }
2983
2984 void i915_gem_set_wedged(struct drm_i915_private *dev_priv)
2985 {
2986 lockdep_assert_held(&dev_priv->drm.struct_mutex);
2987 set_bit(I915_WEDGED, &dev_priv->gpu_error.flags);
2988
2989 stop_machine(__i915_gem_set_wedged_BKL, dev_priv, NULL);
2990
2991 i915_gem_context_lost(dev_priv);
2992 i915_gem_retire_requests(dev_priv);
2993
2994 mod_delayed_work(dev_priv->wq, &dev_priv->gt.idle_work, 0);
2995 }
2996
2997 static void
2998 i915_gem_retire_work_handler(struct work_struct *work)
2999 {
3000 struct drm_i915_private *dev_priv =
3001 container_of(work, typeof(*dev_priv), gt.retire_work.work);
3002 struct drm_device *dev = &dev_priv->drm;
3003
3004 /* Come back later if the device is busy... */
3005 if (mutex_trylock(&dev->struct_mutex)) {
3006 i915_gem_retire_requests(dev_priv);
3007 mutex_unlock(&dev->struct_mutex);
3008 }
3009
3010 /* Keep the retire handler running until we are finally idle.
3011 * We do not need to do this test under locking as in the worst-case
3012 * we queue the retire worker once too often.
3013 */
3014 if (READ_ONCE(dev_priv->gt.awake)) {
3015 i915_queue_hangcheck(dev_priv);
3016 queue_delayed_work(dev_priv->wq,
3017 &dev_priv->gt.retire_work,
3018 round_jiffies_up_relative(HZ));
3019 }
3020 }
3021
3022 static void
3023 i915_gem_idle_work_handler(struct work_struct *work)
3024 {
3025 struct drm_i915_private *dev_priv =
3026 container_of(work, typeof(*dev_priv), gt.idle_work.work);
3027 struct drm_device *dev = &dev_priv->drm;
3028 struct intel_engine_cs *engine;
3029 enum intel_engine_id id;
3030 bool rearm_hangcheck;
3031
3032 if (!READ_ONCE(dev_priv->gt.awake))
3033 return;
3034
3035 /*
3036 * Wait for last execlists context complete, but bail out in case a
3037 * new request is submitted.
3038 */
3039 wait_for(READ_ONCE(dev_priv->gt.active_requests) ||
3040 intel_engines_are_idle(dev_priv),
3041 10);
3042 if (READ_ONCE(dev_priv->gt.active_requests))
3043 return;
3044
3045 rearm_hangcheck =
3046 cancel_delayed_work_sync(&dev_priv->gpu_error.hangcheck_work);
3047
3048 if (!mutex_trylock(&dev->struct_mutex)) {
3049 /* Currently busy, come back later */
3050 mod_delayed_work(dev_priv->wq,
3051 &dev_priv->gt.idle_work,
3052 msecs_to_jiffies(50));
3053 goto out_rearm;
3054 }
3055
3056 /*
3057 * New request retired after this work handler started, extend active
3058 * period until next instance of the work.
3059 */
3060 if (work_pending(work))
3061 goto out_unlock;
3062
3063 if (dev_priv->gt.active_requests)
3064 goto out_unlock;
3065
3066 if (wait_for(intel_engines_are_idle(dev_priv), 10))
3067 DRM_ERROR("Timeout waiting for engines to idle\n");
3068
3069 for_each_engine(engine, dev_priv, id) {
3070 intel_engine_disarm_breadcrumbs(engine);
3071 i915_gem_batch_pool_fini(&engine->batch_pool);
3072 }
3073
3074 GEM_BUG_ON(!dev_priv->gt.awake);
3075 dev_priv->gt.awake = false;
3076 rearm_hangcheck = false;
3077
3078 if (INTEL_GEN(dev_priv) >= 6)
3079 gen6_rps_idle(dev_priv);
3080 intel_runtime_pm_put(dev_priv);
3081 out_unlock:
3082 mutex_unlock(&dev->struct_mutex);
3083
3084 out_rearm:
3085 if (rearm_hangcheck) {
3086 GEM_BUG_ON(!dev_priv->gt.awake);
3087 i915_queue_hangcheck(dev_priv);
3088 }
3089 }
3090
3091 void i915_gem_close_object(struct drm_gem_object *gem, struct drm_file *file)
3092 {
3093 struct drm_i915_gem_object *obj = to_intel_bo(gem);
3094 struct drm_i915_file_private *fpriv = file->driver_priv;
3095 struct i915_vma *vma, *vn;
3096
3097 mutex_lock(&obj->base.dev->struct_mutex);
3098 list_for_each_entry_safe(vma, vn, &obj->vma_list, obj_link)
3099 if (vma->vm->file == fpriv)
3100 i915_vma_close(vma);
3101
3102 if (i915_gem_object_is_active(obj) &&
3103 !i915_gem_object_has_active_reference(obj)) {
3104 i915_gem_object_set_active_reference(obj);
3105 i915_gem_object_get(obj);
3106 }
3107 mutex_unlock(&obj->base.dev->struct_mutex);
3108 }
3109
3110 static unsigned long to_wait_timeout(s64 timeout_ns)
3111 {
3112 if (timeout_ns < 0)
3113 return MAX_SCHEDULE_TIMEOUT;
3114
3115 if (timeout_ns == 0)
3116 return 0;
3117
3118 return nsecs_to_jiffies_timeout(timeout_ns);
3119 }
3120
3121 /**
3122 * i915_gem_wait_ioctl - implements DRM_IOCTL_I915_GEM_WAIT
3123 * @dev: drm device pointer
3124 * @data: ioctl data blob
3125 * @file: drm file pointer
3126 *
3127 * Returns 0 if successful, else an error is returned with the remaining time in
3128 * the timeout parameter.
3129 * -ETIME: object is still busy after timeout
3130 * -ERESTARTSYS: signal interrupted the wait
3131 * -ENONENT: object doesn't exist
3132 * Also possible, but rare:
3133 * -EAGAIN: GPU wedged
3134 * -ENOMEM: damn
3135 * -ENODEV: Internal IRQ fail
3136 * -E?: The add request failed
3137 *
3138 * The wait ioctl with a timeout of 0 reimplements the busy ioctl. With any
3139 * non-zero timeout parameter the wait ioctl will wait for the given number of
3140 * nanoseconds on an object becoming unbusy. Since the wait itself does so
3141 * without holding struct_mutex the object may become re-busied before this
3142 * function completes. A similar but shorter * race condition exists in the busy
3143 * ioctl
3144 */
3145 int
3146 i915_gem_wait_ioctl(struct drm_device *dev, void *data, struct drm_file *file)
3147 {
3148 struct drm_i915_gem_wait *args = data;
3149 struct drm_i915_gem_object *obj;
3150 ktime_t start;
3151 long ret;
3152
3153 if (args->flags != 0)
3154 return -EINVAL;
3155
3156 obj = i915_gem_object_lookup(file, args->bo_handle);
3157 if (!obj)
3158 return -ENOENT;
3159
3160 start = ktime_get();
3161
3162 ret = i915_gem_object_wait(obj,
3163 I915_WAIT_INTERRUPTIBLE | I915_WAIT_ALL,
3164 to_wait_timeout(args->timeout_ns),
3165 to_rps_client(file));
3166
3167 if (args->timeout_ns > 0) {
3168 args->timeout_ns -= ktime_to_ns(ktime_sub(ktime_get(), start));
3169 if (args->timeout_ns < 0)
3170 args->timeout_ns = 0;
3171
3172 /*
3173 * Apparently ktime isn't accurate enough and occasionally has a
3174 * bit of mismatch in the jiffies<->nsecs<->ktime loop. So patch
3175 * things up to make the test happy. We allow up to 1 jiffy.
3176 *
3177 * This is a regression from the timespec->ktime conversion.
3178 */
3179 if (ret == -ETIME && !nsecs_to_jiffies(args->timeout_ns))
3180 args->timeout_ns = 0;
3181 }
3182
3183 i915_gem_object_put(obj);
3184 return ret;
3185 }
3186
3187 static int wait_for_timeline(struct i915_gem_timeline *tl, unsigned int flags)
3188 {
3189 int ret, i;
3190
3191 for (i = 0; i < ARRAY_SIZE(tl->engine); i++) {
3192 ret = i915_gem_active_wait(&tl->engine[i].last_request, flags);
3193 if (ret)
3194 return ret;
3195 }
3196
3197 return 0;
3198 }
3199
3200 int i915_gem_wait_for_idle(struct drm_i915_private *i915, unsigned int flags)
3201 {
3202 int ret;
3203
3204 if (flags & I915_WAIT_LOCKED) {
3205 struct i915_gem_timeline *tl;
3206
3207 lockdep_assert_held(&i915->drm.struct_mutex);
3208
3209 list_for_each_entry(tl, &i915->gt.timelines, link) {
3210 ret = wait_for_timeline(tl, flags);
3211 if (ret)
3212 return ret;
3213 }
3214 } else {
3215 ret = wait_for_timeline(&i915->gt.global_timeline, flags);
3216 if (ret)
3217 return ret;
3218 }
3219
3220 return 0;
3221 }
3222
3223 /** Flushes the GTT write domain for the object if it's dirty. */
3224 static void
3225 i915_gem_object_flush_gtt_write_domain(struct drm_i915_gem_object *obj)
3226 {
3227 struct drm_i915_private *dev_priv = to_i915(obj->base.dev);
3228
3229 if (obj->base.write_domain != I915_GEM_DOMAIN_GTT)
3230 return;
3231
3232 /* No actual flushing is required for the GTT write domain. Writes
3233 * to it "immediately" go to main memory as far as we know, so there's
3234 * no chipset flush. It also doesn't land in render cache.
3235 *
3236 * However, we do have to enforce the order so that all writes through
3237 * the GTT land before any writes to the device, such as updates to
3238 * the GATT itself.
3239 *
3240 * We also have to wait a bit for the writes to land from the GTT.
3241 * An uncached read (i.e. mmio) seems to be ideal for the round-trip
3242 * timing. This issue has only been observed when switching quickly
3243 * between GTT writes and CPU reads from inside the kernel on recent hw,
3244 * and it appears to only affect discrete GTT blocks (i.e. on LLC
3245 * system agents we cannot reproduce this behaviour).
3246 */
3247 wmb();
3248 if (INTEL_GEN(dev_priv) >= 6 && !HAS_LLC(dev_priv))
3249 POSTING_READ(RING_ACTHD(dev_priv->engine[RCS]->mmio_base));
3250
3251 intel_fb_obj_flush(obj, write_origin(obj, I915_GEM_DOMAIN_GTT));
3252
3253 obj->base.write_domain = 0;
3254 }
3255
3256 /** Flushes the CPU write domain for the object if it's dirty. */
3257 static void
3258 i915_gem_object_flush_cpu_write_domain(struct drm_i915_gem_object *obj)
3259 {
3260 if (obj->base.write_domain != I915_GEM_DOMAIN_CPU)
3261 return;
3262
3263 i915_gem_clflush_object(obj, I915_CLFLUSH_SYNC);
3264 obj->base.write_domain = 0;
3265 }
3266
3267 static void __i915_gem_object_flush_for_display(struct drm_i915_gem_object *obj)
3268 {
3269 if (obj->base.write_domain != I915_GEM_DOMAIN_CPU && !obj->cache_dirty)
3270 return;
3271
3272 i915_gem_clflush_object(obj, I915_CLFLUSH_FORCE);
3273 obj->base.write_domain = 0;
3274 }
3275
3276 void i915_gem_object_flush_if_display(struct drm_i915_gem_object *obj)
3277 {
3278 if (!READ_ONCE(obj->pin_display))
3279 return;
3280
3281 mutex_lock(&obj->base.dev->struct_mutex);
3282 __i915_gem_object_flush_for_display(obj);
3283 mutex_unlock(&obj->base.dev->struct_mutex);
3284 }
3285
3286 /**
3287 * Moves a single object to the GTT read, and possibly write domain.
3288 * @obj: object to act on
3289 * @write: ask for write access or read only
3290 *
3291 * This function returns when the move is complete, including waiting on
3292 * flushes to occur.
3293 */
3294 int
3295 i915_gem_object_set_to_gtt_domain(struct drm_i915_gem_object *obj, bool write)
3296 {
3297 int ret;
3298
3299 lockdep_assert_held(&obj->base.dev->struct_mutex);
3300
3301 ret = i915_gem_object_wait(obj,
3302 I915_WAIT_INTERRUPTIBLE |
3303 I915_WAIT_LOCKED |
3304 (write ? I915_WAIT_ALL : 0),
3305 MAX_SCHEDULE_TIMEOUT,
3306 NULL);
3307 if (ret)
3308 return ret;
3309
3310 if (obj->base.write_domain == I915_GEM_DOMAIN_GTT)
3311 return 0;
3312
3313 /* Flush and acquire obj->pages so that we are coherent through
3314 * direct access in memory with previous cached writes through
3315 * shmemfs and that our cache domain tracking remains valid.
3316 * For example, if the obj->filp was moved to swap without us
3317 * being notified and releasing the pages, we would mistakenly
3318 * continue to assume that the obj remained out of the CPU cached
3319 * domain.
3320 */
3321 ret = i915_gem_object_pin_pages(obj);
3322 if (ret)
3323 return ret;
3324
3325 i915_gem_object_flush_cpu_write_domain(obj);
3326
3327 /* Serialise direct access to this object with the barriers for
3328 * coherent writes from the GPU, by effectively invalidating the
3329 * GTT domain upon first access.
3330 */
3331 if ((obj->base.read_domains & I915_GEM_DOMAIN_GTT) == 0)
3332 mb();
3333
3334 /* It should now be out of any other write domains, and we can update
3335 * the domain values for our changes.
3336 */
3337 GEM_BUG_ON((obj->base.write_domain & ~I915_GEM_DOMAIN_GTT) != 0);
3338 obj->base.read_domains |= I915_GEM_DOMAIN_GTT;
3339 if (write) {
3340 obj->base.read_domains = I915_GEM_DOMAIN_GTT;
3341 obj->base.write_domain = I915_GEM_DOMAIN_GTT;
3342 obj->mm.dirty = true;
3343 }
3344
3345 i915_gem_object_unpin_pages(obj);
3346 return 0;
3347 }
3348
3349 /**
3350 * Changes the cache-level of an object across all VMA.
3351 * @obj: object to act on
3352 * @cache_level: new cache level to set for the object
3353 *
3354 * After this function returns, the object will be in the new cache-level
3355 * across all GTT and the contents of the backing storage will be coherent,
3356 * with respect to the new cache-level. In order to keep the backing storage
3357 * coherent for all users, we only allow a single cache level to be set
3358 * globally on the object and prevent it from being changed whilst the
3359 * hardware is reading from the object. That is if the object is currently
3360 * on the scanout it will be set to uncached (or equivalent display
3361 * cache coherency) and all non-MOCS GPU access will also be uncached so
3362 * that all direct access to the scanout remains coherent.
3363 */
3364 int i915_gem_object_set_cache_level(struct drm_i915_gem_object *obj,
3365 enum i915_cache_level cache_level)
3366 {
3367 struct i915_vma *vma;
3368 int ret;
3369
3370 lockdep_assert_held(&obj->base.dev->struct_mutex);
3371
3372 if (obj->cache_level == cache_level)
3373 return 0;
3374
3375 /* Inspect the list of currently bound VMA and unbind any that would
3376 * be invalid given the new cache-level. This is principally to
3377 * catch the issue of the CS prefetch crossing page boundaries and
3378 * reading an invalid PTE on older architectures.
3379 */
3380 restart:
3381 list_for_each_entry(vma, &obj->vma_list, obj_link) {
3382 if (!drm_mm_node_allocated(&vma->node))
3383 continue;
3384
3385 if (i915_vma_is_pinned(vma)) {
3386 DRM_DEBUG("can not change the cache level of pinned objects\n");
3387 return -EBUSY;
3388 }
3389
3390 if (i915_gem_valid_gtt_space(vma, cache_level))
3391 continue;
3392
3393 ret = i915_vma_unbind(vma);
3394 if (ret)
3395 return ret;
3396
3397 /* As unbinding may affect other elements in the
3398 * obj->vma_list (due to side-effects from retiring
3399 * an active vma), play safe and restart the iterator.
3400 */
3401 goto restart;
3402 }
3403
3404 /* We can reuse the existing drm_mm nodes but need to change the
3405 * cache-level on the PTE. We could simply unbind them all and
3406 * rebind with the correct cache-level on next use. However since
3407 * we already have a valid slot, dma mapping, pages etc, we may as
3408 * rewrite the PTE in the belief that doing so tramples upon less
3409 * state and so involves less work.
3410 */
3411 if (obj->bind_count) {
3412 /* Before we change the PTE, the GPU must not be accessing it.
3413 * If we wait upon the object, we know that all the bound
3414 * VMA are no longer active.
3415 */
3416 ret = i915_gem_object_wait(obj,
3417 I915_WAIT_INTERRUPTIBLE |
3418 I915_WAIT_LOCKED |
3419 I915_WAIT_ALL,
3420 MAX_SCHEDULE_TIMEOUT,
3421 NULL);
3422 if (ret)
3423 return ret;
3424
3425 if (!HAS_LLC(to_i915(obj->base.dev)) &&
3426 cache_level != I915_CACHE_NONE) {
3427 /* Access to snoopable pages through the GTT is
3428 * incoherent and on some machines causes a hard
3429 * lockup. Relinquish the CPU mmaping to force
3430 * userspace to refault in the pages and we can
3431 * then double check if the GTT mapping is still
3432 * valid for that pointer access.
3433 */
3434 i915_gem_release_mmap(obj);
3435
3436 /* As we no longer need a fence for GTT access,
3437 * we can relinquish it now (and so prevent having
3438 * to steal a fence from someone else on the next
3439 * fence request). Note GPU activity would have
3440 * dropped the fence as all snoopable access is
3441 * supposed to be linear.
3442 */
3443 list_for_each_entry(vma, &obj->vma_list, obj_link) {
3444 ret = i915_vma_put_fence(vma);
3445 if (ret)
3446 return ret;
3447 }
3448 } else {
3449 /* We either have incoherent backing store and
3450 * so no GTT access or the architecture is fully
3451 * coherent. In such cases, existing GTT mmaps
3452 * ignore the cache bit in the PTE and we can
3453 * rewrite it without confusing the GPU or having
3454 * to force userspace to fault back in its mmaps.
3455 */
3456 }
3457
3458 list_for_each_entry(vma, &obj->vma_list, obj_link) {
3459 if (!drm_mm_node_allocated(&vma->node))
3460 continue;
3461
3462 ret = i915_vma_bind(vma, cache_level, PIN_UPDATE);
3463 if (ret)
3464 return ret;
3465 }
3466 }
3467
3468 if (obj->base.write_domain == I915_GEM_DOMAIN_CPU &&
3469 i915_gem_object_is_coherent(obj))
3470 obj->cache_dirty = true;
3471
3472 list_for_each_entry(vma, &obj->vma_list, obj_link)
3473 vma->node.color = cache_level;
3474 obj->cache_level = cache_level;
3475
3476 return 0;
3477 }
3478
3479 int i915_gem_get_caching_ioctl(struct drm_device *dev, void *data,
3480 struct drm_file *file)
3481 {
3482 struct drm_i915_gem_caching *args = data;
3483 struct drm_i915_gem_object *obj;
3484 int err = 0;
3485
3486 rcu_read_lock();
3487 obj = i915_gem_object_lookup_rcu(file, args->handle);
3488 if (!obj) {
3489 err = -ENOENT;
3490 goto out;
3491 }
3492
3493 switch (obj->cache_level) {
3494 case I915_CACHE_LLC:
3495 case I915_CACHE_L3_LLC:
3496 args->caching = I915_CACHING_CACHED;
3497 break;
3498
3499 case I915_CACHE_WT:
3500 args->caching = I915_CACHING_DISPLAY;
3501 break;
3502
3503 default:
3504 args->caching = I915_CACHING_NONE;
3505 break;
3506 }
3507 out:
3508 rcu_read_unlock();
3509 return err;
3510 }
3511
3512 int i915_gem_set_caching_ioctl(struct drm_device *dev, void *data,
3513 struct drm_file *file)
3514 {
3515 struct drm_i915_private *i915 = to_i915(dev);
3516 struct drm_i915_gem_caching *args = data;
3517 struct drm_i915_gem_object *obj;
3518 enum i915_cache_level level;
3519 int ret = 0;
3520
3521 switch (args->caching) {
3522 case I915_CACHING_NONE:
3523 level = I915_CACHE_NONE;
3524 break;
3525 case I915_CACHING_CACHED:
3526 /*
3527 * Due to a HW issue on BXT A stepping, GPU stores via a
3528 * snooped mapping may leave stale data in a corresponding CPU
3529 * cacheline, whereas normally such cachelines would get
3530 * invalidated.
3531 */
3532 if (!HAS_LLC(i915) && !HAS_SNOOP(i915))
3533 return -ENODEV;
3534
3535 level = I915_CACHE_LLC;
3536 break;
3537 case I915_CACHING_DISPLAY:
3538 level = HAS_WT(i915) ? I915_CACHE_WT : I915_CACHE_NONE;
3539 break;
3540 default:
3541 return -EINVAL;
3542 }
3543
3544 obj = i915_gem_object_lookup(file, args->handle);
3545 if (!obj)
3546 return -ENOENT;
3547
3548 if (obj->cache_level == level)
3549 goto out;
3550
3551 ret = i915_gem_object_wait(obj,
3552 I915_WAIT_INTERRUPTIBLE,
3553 MAX_SCHEDULE_TIMEOUT,
3554 to_rps_client(file));
3555 if (ret)
3556 goto out;
3557
3558 ret = i915_mutex_lock_interruptible(dev);
3559 if (ret)
3560 goto out;
3561
3562 ret = i915_gem_object_set_cache_level(obj, level);
3563 mutex_unlock(&dev->struct_mutex);
3564
3565 out:
3566 i915_gem_object_put(obj);
3567 return ret;
3568 }
3569
3570 /*
3571 * Prepare buffer for display plane (scanout, cursors, etc).
3572 * Can be called from an uninterruptible phase (modesetting) and allows
3573 * any flushes to be pipelined (for pageflips).
3574 */
3575 struct i915_vma *
3576 i915_gem_object_pin_to_display_plane(struct drm_i915_gem_object *obj,
3577 u32 alignment,
3578 const struct i915_ggtt_view *view)
3579 {
3580 struct i915_vma *vma;
3581 int ret;
3582
3583 lockdep_assert_held(&obj->base.dev->struct_mutex);
3584
3585 /* Mark the pin_display early so that we account for the
3586 * display coherency whilst setting up the cache domains.
3587 */
3588 obj->pin_display++;
3589
3590 /* The display engine is not coherent with the LLC cache on gen6. As
3591 * a result, we make sure that the pinning that is about to occur is
3592 * done with uncached PTEs. This is lowest common denominator for all
3593 * chipsets.
3594 *
3595 * However for gen6+, we could do better by using the GFDT bit instead
3596 * of uncaching, which would allow us to flush all the LLC-cached data
3597 * with that bit in the PTE to main memory with just one PIPE_CONTROL.
3598 */
3599 ret = i915_gem_object_set_cache_level(obj,
3600 HAS_WT(to_i915(obj->base.dev)) ?
3601 I915_CACHE_WT : I915_CACHE_NONE);
3602 if (ret) {
3603 vma = ERR_PTR(ret);
3604 goto err_unpin_display;
3605 }
3606
3607 /* As the user may map the buffer once pinned in the display plane
3608 * (e.g. libkms for the bootup splash), we have to ensure that we
3609 * always use map_and_fenceable for all scanout buffers. However,
3610 * it may simply be too big to fit into mappable, in which case
3611 * put it anyway and hope that userspace can cope (but always first
3612 * try to preserve the existing ABI).
3613 */
3614 vma = ERR_PTR(-ENOSPC);
3615 if (!view || view->type == I915_GGTT_VIEW_NORMAL)
3616 vma = i915_gem_object_ggtt_pin(obj, view, 0, alignment,
3617 PIN_MAPPABLE | PIN_NONBLOCK);
3618 if (IS_ERR(vma)) {
3619 struct drm_i915_private *i915 = to_i915(obj->base.dev);
3620 unsigned int flags;
3621
3622 /* Valleyview is definitely limited to scanning out the first
3623 * 512MiB. Lets presume this behaviour was inherited from the
3624 * g4x display engine and that all earlier gen are similarly
3625 * limited. Testing suggests that it is a little more
3626 * complicated than this. For example, Cherryview appears quite
3627 * happy to scanout from anywhere within its global aperture.
3628 */
3629 flags = 0;
3630 if (HAS_GMCH_DISPLAY(i915))
3631 flags = PIN_MAPPABLE;
3632 vma = i915_gem_object_ggtt_pin(obj, view, 0, alignment, flags);
3633 }
3634 if (IS_ERR(vma))
3635 goto err_unpin_display;
3636
3637 vma->display_alignment = max_t(u64, vma->display_alignment, alignment);
3638
3639 /* Treat this as an end-of-frame, like intel_user_framebuffer_dirty() */
3640 __i915_gem_object_flush_for_display(obj);
3641 intel_fb_obj_flush(obj, ORIGIN_DIRTYFB);
3642
3643 /* It should now be out of any other write domains, and we can update
3644 * the domain values for our changes.
3645 */
3646 obj->base.read_domains |= I915_GEM_DOMAIN_GTT;
3647
3648 return vma;
3649
3650 err_unpin_display:
3651 obj->pin_display--;
3652 return vma;
3653 }
3654
3655 void
3656 i915_gem_object_unpin_from_display_plane(struct i915_vma *vma)
3657 {
3658 lockdep_assert_held(&vma->vm->i915->drm.struct_mutex);
3659
3660 if (WARN_ON(vma->obj->pin_display == 0))
3661 return;
3662
3663 if (--vma->obj->pin_display == 0)
3664 vma->display_alignment = I915_GTT_MIN_ALIGNMENT;
3665
3666 /* Bump the LRU to try and avoid premature eviction whilst flipping */
3667 i915_gem_object_bump_inactive_ggtt(vma->obj);
3668
3669 i915_vma_unpin(vma);
3670 }
3671
3672 /**
3673 * Moves a single object to the CPU read, and possibly write domain.
3674 * @obj: object to act on
3675 * @write: requesting write or read-only access
3676 *
3677 * This function returns when the move is complete, including waiting on
3678 * flushes to occur.
3679 */
3680 int
3681 i915_gem_object_set_to_cpu_domain(struct drm_i915_gem_object *obj, bool write)
3682 {
3683 int ret;
3684
3685 lockdep_assert_held(&obj->base.dev->struct_mutex);
3686
3687 ret = i915_gem_object_wait(obj,
3688 I915_WAIT_INTERRUPTIBLE |
3689 I915_WAIT_LOCKED |
3690 (write ? I915_WAIT_ALL : 0),
3691 MAX_SCHEDULE_TIMEOUT,
3692 NULL);
3693 if (ret)
3694 return ret;
3695
3696 if (obj->base.write_domain == I915_GEM_DOMAIN_CPU)
3697 return 0;
3698
3699 i915_gem_object_flush_gtt_write_domain(obj);
3700
3701 /* Flush the CPU cache if it's still invalid. */
3702 if ((obj->base.read_domains & I915_GEM_DOMAIN_CPU) == 0) {
3703 i915_gem_clflush_object(obj, I915_CLFLUSH_SYNC);
3704 obj->base.read_domains |= I915_GEM_DOMAIN_CPU;
3705 }
3706
3707 /* It should now be out of any other write domains, and we can update
3708 * the domain values for our changes.
3709 */
3710 GEM_BUG_ON((obj->base.write_domain & ~I915_GEM_DOMAIN_CPU) != 0);
3711
3712 /* If we're writing through the CPU, then the GPU read domains will
3713 * need to be invalidated at next use.
3714 */
3715 if (write) {
3716 obj->base.read_domains = I915_GEM_DOMAIN_CPU;
3717 obj->base.write_domain = I915_GEM_DOMAIN_CPU;
3718 }
3719
3720 return 0;
3721 }
3722
3723 /* Throttle our rendering by waiting until the ring has completed our requests
3724 * emitted over 20 msec ago.
3725 *
3726 * Note that if we were to use the current jiffies each time around the loop,
3727 * we wouldn't escape the function with any frames outstanding if the time to
3728 * render a frame was over 20ms.
3729 *
3730 * This should get us reasonable parallelism between CPU and GPU but also
3731 * relatively low latency when blocking on a particular request to finish.
3732 */
3733 static int
3734 i915_gem_ring_throttle(struct drm_device *dev, struct drm_file *file)
3735 {
3736 struct drm_i915_private *dev_priv = to_i915(dev);
3737 struct drm_i915_file_private *file_priv = file->driver_priv;
3738 unsigned long recent_enough = jiffies - DRM_I915_THROTTLE_JIFFIES;
3739 struct drm_i915_gem_request *request, *target = NULL;
3740 long ret;
3741
3742 /* ABI: return -EIO if already wedged */
3743 if (i915_terminally_wedged(&dev_priv->gpu_error))
3744 return -EIO;
3745
3746 spin_lock(&file_priv->mm.lock);
3747 list_for_each_entry(request, &file_priv->mm.request_list, client_link) {
3748 if (time_after_eq(request->emitted_jiffies, recent_enough))
3749 break;
3750
3751 if (target) {
3752 list_del(&target->client_link);
3753 target->file_priv = NULL;
3754 }
3755
3756 target = request;
3757 }
3758 if (target)
3759 i915_gem_request_get(target);
3760 spin_unlock(&file_priv->mm.lock);
3761
3762 if (target == NULL)
3763 return 0;
3764
3765 ret = i915_wait_request(target,
3766 I915_WAIT_INTERRUPTIBLE,
3767 MAX_SCHEDULE_TIMEOUT);
3768 i915_gem_request_put(target);
3769
3770 return ret < 0 ? ret : 0;
3771 }
3772
3773 struct i915_vma *
3774 i915_gem_object_ggtt_pin(struct drm_i915_gem_object *obj,
3775 const struct i915_ggtt_view *view,
3776 u64 size,
3777 u64 alignment,
3778 u64 flags)
3779 {
3780 struct drm_i915_private *dev_priv = to_i915(obj->base.dev);
3781 struct i915_address_space *vm = &dev_priv->ggtt.base;
3782 struct i915_vma *vma;
3783 int ret;
3784
3785 lockdep_assert_held(&obj->base.dev->struct_mutex);
3786
3787 vma = i915_vma_instance(obj, vm, view);
3788 if (unlikely(IS_ERR(vma)))
3789 return vma;
3790
3791 if (i915_vma_misplaced(vma, size, alignment, flags)) {
3792 if (flags & PIN_NONBLOCK &&
3793 (i915_vma_is_pinned(vma) || i915_vma_is_active(vma)))
3794 return ERR_PTR(-ENOSPC);
3795
3796 if (flags & PIN_MAPPABLE) {
3797 /* If the required space is larger than the available
3798 * aperture, we will not able to find a slot for the
3799 * object and unbinding the object now will be in
3800 * vain. Worse, doing so may cause us to ping-pong
3801 * the object in and out of the Global GTT and
3802 * waste a lot of cycles under the mutex.
3803 */
3804 if (vma->fence_size > dev_priv->ggtt.mappable_end)
3805 return ERR_PTR(-E2BIG);
3806
3807 /* If NONBLOCK is set the caller is optimistically
3808 * trying to cache the full object within the mappable
3809 * aperture, and *must* have a fallback in place for
3810 * situations where we cannot bind the object. We
3811 * can be a little more lax here and use the fallback
3812 * more often to avoid costly migrations of ourselves
3813 * and other objects within the aperture.
3814 *
3815 * Half-the-aperture is used as a simple heuristic.
3816 * More interesting would to do search for a free
3817 * block prior to making the commitment to unbind.
3818 * That caters for the self-harm case, and with a
3819 * little more heuristics (e.g. NOFAULT, NOEVICT)
3820 * we could try to minimise harm to others.
3821 */
3822 if (flags & PIN_NONBLOCK &&
3823 vma->fence_size > dev_priv->ggtt.mappable_end / 2)
3824 return ERR_PTR(-ENOSPC);
3825 }
3826
3827 WARN(i915_vma_is_pinned(vma),
3828 "bo is already pinned in ggtt with incorrect alignment:"
3829 " offset=%08x, req.alignment=%llx,"
3830 " req.map_and_fenceable=%d, vma->map_and_fenceable=%d\n",
3831 i915_ggtt_offset(vma), alignment,
3832 !!(flags & PIN_MAPPABLE),
3833 i915_vma_is_map_and_fenceable(vma));
3834 ret = i915_vma_unbind(vma);
3835 if (ret)
3836 return ERR_PTR(ret);
3837 }
3838
3839 ret = i915_vma_pin(vma, size, alignment, flags | PIN_GLOBAL);
3840 if (ret)
3841 return ERR_PTR(ret);
3842
3843 return vma;
3844 }
3845
3846 static __always_inline unsigned int __busy_read_flag(unsigned int id)
3847 {
3848 /* Note that we could alias engines in the execbuf API, but
3849 * that would be very unwise as it prevents userspace from
3850 * fine control over engine selection. Ahem.
3851 *
3852 * This should be something like EXEC_MAX_ENGINE instead of
3853 * I915_NUM_ENGINES.
3854 */
3855 BUILD_BUG_ON(I915_NUM_ENGINES > 16);
3856 return 0x10000 << id;
3857 }
3858
3859 static __always_inline unsigned int __busy_write_id(unsigned int id)
3860 {
3861 /* The uABI guarantees an active writer is also amongst the read
3862 * engines. This would be true if we accessed the activity tracking
3863 * under the lock, but as we perform the lookup of the object and
3864 * its activity locklessly we can not guarantee that the last_write
3865 * being active implies that we have set the same engine flag from
3866 * last_read - hence we always set both read and write busy for
3867 * last_write.
3868 */
3869 return id | __busy_read_flag(id);
3870 }
3871
3872 static __always_inline unsigned int
3873 __busy_set_if_active(const struct dma_fence *fence,
3874 unsigned int (*flag)(unsigned int id))
3875 {
3876 struct drm_i915_gem_request *rq;
3877
3878 /* We have to check the current hw status of the fence as the uABI
3879 * guarantees forward progress. We could rely on the idle worker
3880 * to eventually flush us, but to minimise latency just ask the
3881 * hardware.
3882 *
3883 * Note we only report on the status of native fences.
3884 */
3885 if (!dma_fence_is_i915(fence))
3886 return 0;
3887
3888 /* opencode to_request() in order to avoid const warnings */
3889 rq = container_of(fence, struct drm_i915_gem_request, fence);
3890 if (i915_gem_request_completed(rq))
3891 return 0;
3892
3893 return flag(rq->engine->exec_id);
3894 }
3895
3896 static __always_inline unsigned int
3897 busy_check_reader(const struct dma_fence *fence)
3898 {
3899 return __busy_set_if_active(fence, __busy_read_flag);
3900 }
3901
3902 static __always_inline unsigned int
3903 busy_check_writer(const struct dma_fence *fence)
3904 {
3905 if (!fence)
3906 return 0;
3907
3908 return __busy_set_if_active(fence, __busy_write_id);
3909 }
3910
3911 int
3912 i915_gem_busy_ioctl(struct drm_device *dev, void *data,
3913 struct drm_file *file)
3914 {
3915 struct drm_i915_gem_busy *args = data;
3916 struct drm_i915_gem_object *obj;
3917 struct reservation_object_list *list;
3918 unsigned int seq;
3919 int err;
3920
3921 err = -ENOENT;
3922 rcu_read_lock();
3923 obj = i915_gem_object_lookup_rcu(file, args->handle);
3924 if (!obj)
3925 goto out;
3926
3927 /* A discrepancy here is that we do not report the status of
3928 * non-i915 fences, i.e. even though we may report the object as idle,
3929 * a call to set-domain may still stall waiting for foreign rendering.
3930 * This also means that wait-ioctl may report an object as busy,
3931 * where busy-ioctl considers it idle.
3932 *
3933 * We trade the ability to warn of foreign fences to report on which
3934 * i915 engines are active for the object.
3935 *
3936 * Alternatively, we can trade that extra information on read/write
3937 * activity with
3938 * args->busy =
3939 * !reservation_object_test_signaled_rcu(obj->resv, true);
3940 * to report the overall busyness. This is what the wait-ioctl does.
3941 *
3942 */
3943 retry:
3944 seq = raw_read_seqcount(&obj->resv->seq);
3945
3946 /* Translate the exclusive fence to the READ *and* WRITE engine */
3947 args->busy = busy_check_writer(rcu_dereference(obj->resv->fence_excl));
3948
3949 /* Translate shared fences to READ set of engines */
3950 list = rcu_dereference(obj->resv->fence);
3951 if (list) {
3952 unsigned int shared_count = list->shared_count, i;
3953
3954 for (i = 0; i < shared_count; ++i) {
3955 struct dma_fence *fence =
3956 rcu_dereference(list->shared[i]);
3957
3958 args->busy |= busy_check_reader(fence);
3959 }
3960 }
3961
3962 if (args->busy && read_seqcount_retry(&obj->resv->seq, seq))
3963 goto retry;
3964
3965 err = 0;
3966 out:
3967 rcu_read_unlock();
3968 return err;
3969 }
3970
3971 int
3972 i915_gem_throttle_ioctl(struct drm_device *dev, void *data,
3973 struct drm_file *file_priv)
3974 {
3975 return i915_gem_ring_throttle(dev, file_priv);
3976 }
3977
3978 int
3979 i915_gem_madvise_ioctl(struct drm_device *dev, void *data,
3980 struct drm_file *file_priv)
3981 {
3982 struct drm_i915_private *dev_priv = to_i915(dev);
3983 struct drm_i915_gem_madvise *args = data;
3984 struct drm_i915_gem_object *obj;
3985 int err;
3986
3987 switch (args->madv) {
3988 case I915_MADV_DONTNEED:
3989 case I915_MADV_WILLNEED:
3990 break;
3991 default:
3992 return -EINVAL;
3993 }
3994
3995 obj = i915_gem_object_lookup(file_priv, args->handle);
3996 if (!obj)
3997 return -ENOENT;
3998
3999 err = mutex_lock_interruptible(&obj->mm.lock);
4000 if (err)
4001 goto out;
4002
4003 if (obj->mm.pages &&
4004 i915_gem_object_is_tiled(obj) &&
4005 dev_priv->quirks & QUIRK_PIN_SWIZZLED_PAGES) {
4006 if (obj->mm.madv == I915_MADV_WILLNEED) {
4007 GEM_BUG_ON(!obj->mm.quirked);
4008 __i915_gem_object_unpin_pages(obj);
4009 obj->mm.quirked = false;
4010 }
4011 if (args->madv == I915_MADV_WILLNEED) {
4012 GEM_BUG_ON(obj->mm.quirked);
4013 __i915_gem_object_pin_pages(obj);
4014 obj->mm.quirked = true;
4015 }
4016 }
4017
4018 if (obj->mm.madv != __I915_MADV_PURGED)
4019 obj->mm.madv = args->madv;
4020
4021 /* if the object is no longer attached, discard its backing storage */
4022 if (obj->mm.madv == I915_MADV_DONTNEED && !obj->mm.pages)
4023 i915_gem_object_truncate(obj);
4024
4025 args->retained = obj->mm.madv != __I915_MADV_PURGED;
4026 mutex_unlock(&obj->mm.lock);
4027
4028 out:
4029 i915_gem_object_put(obj);
4030 return err;
4031 }
4032
4033 static void
4034 frontbuffer_retire(struct i915_gem_active *active,
4035 struct drm_i915_gem_request *request)
4036 {
4037 struct drm_i915_gem_object *obj =
4038 container_of(active, typeof(*obj), frontbuffer_write);
4039
4040 intel_fb_obj_flush(obj, ORIGIN_CS);
4041 }
4042
4043 void i915_gem_object_init(struct drm_i915_gem_object *obj,
4044 const struct drm_i915_gem_object_ops *ops)
4045 {
4046 mutex_init(&obj->mm.lock);
4047
4048 INIT_LIST_HEAD(&obj->global_link);
4049 INIT_LIST_HEAD(&obj->userfault_link);
4050 INIT_LIST_HEAD(&obj->obj_exec_link);
4051 INIT_LIST_HEAD(&obj->vma_list);
4052 INIT_LIST_HEAD(&obj->batch_pool_link);
4053
4054 obj->ops = ops;
4055
4056 reservation_object_init(&obj->__builtin_resv);
4057 obj->resv = &obj->__builtin_resv;
4058
4059 obj->frontbuffer_ggtt_origin = ORIGIN_GTT;
4060 init_request_active(&obj->frontbuffer_write, frontbuffer_retire);
4061
4062 obj->mm.madv = I915_MADV_WILLNEED;
4063 INIT_RADIX_TREE(&obj->mm.get_page.radix, GFP_KERNEL | __GFP_NOWARN);
4064 mutex_init(&obj->mm.get_page.lock);
4065
4066 i915_gem_info_add_obj(to_i915(obj->base.dev), obj->base.size);
4067 }
4068
4069 static const struct drm_i915_gem_object_ops i915_gem_object_ops = {
4070 .flags = I915_GEM_OBJECT_HAS_STRUCT_PAGE |
4071 I915_GEM_OBJECT_IS_SHRINKABLE,
4072
4073 .get_pages = i915_gem_object_get_pages_gtt,
4074 .put_pages = i915_gem_object_put_pages_gtt,
4075
4076 .pwrite = i915_gem_object_pwrite_gtt,
4077 };
4078
4079 struct drm_i915_gem_object *
4080 i915_gem_object_create(struct drm_i915_private *dev_priv, u64 size)
4081 {
4082 struct drm_i915_gem_object *obj;
4083 struct address_space *mapping;
4084 gfp_t mask;
4085 int ret;
4086
4087 /* There is a prevalence of the assumption that we fit the object's
4088 * page count inside a 32bit _signed_ variable. Let's document this and
4089 * catch if we ever need to fix it. In the meantime, if you do spot
4090 * such a local variable, please consider fixing!
4091 */
4092 if (WARN_ON(size >> PAGE_SHIFT > INT_MAX))
4093 return ERR_PTR(-E2BIG);
4094
4095 if (overflows_type(size, obj->base.size))
4096 return ERR_PTR(-E2BIG);
4097
4098 obj = i915_gem_object_alloc(dev_priv);
4099 if (obj == NULL)
4100 return ERR_PTR(-ENOMEM);
4101
4102 ret = drm_gem_object_init(&dev_priv->drm, &obj->base, size);
4103 if (ret)
4104 goto fail;
4105
4106 mask = GFP_HIGHUSER | __GFP_RECLAIMABLE;
4107 if (IS_I965GM(dev_priv) || IS_I965G(dev_priv)) {
4108 /* 965gm cannot relocate objects above 4GiB. */
4109 mask &= ~__GFP_HIGHMEM;
4110 mask |= __GFP_DMA32;
4111 }
4112
4113 mapping = obj->base.filp->f_mapping;
4114 mapping_set_gfp_mask(mapping, mask);
4115
4116 i915_gem_object_init(obj, &i915_gem_object_ops);
4117
4118 obj->base.write_domain = I915_GEM_DOMAIN_CPU;
4119 obj->base.read_domains = I915_GEM_DOMAIN_CPU;
4120
4121 if (HAS_LLC(dev_priv)) {
4122 /* On some devices, we can have the GPU use the LLC (the CPU
4123 * cache) for about a 10% performance improvement
4124 * compared to uncached. Graphics requests other than
4125 * display scanout are coherent with the CPU in
4126 * accessing this cache. This means in this mode we
4127 * don't need to clflush on the CPU side, and on the
4128 * GPU side we only need to flush internal caches to
4129 * get data visible to the CPU.
4130 *
4131 * However, we maintain the display planes as UC, and so
4132 * need to rebind when first used as such.
4133 */
4134 obj->cache_level = I915_CACHE_LLC;
4135 } else
4136 obj->cache_level = I915_CACHE_NONE;
4137
4138 trace_i915_gem_object_create(obj);
4139
4140 return obj;
4141
4142 fail:
4143 i915_gem_object_free(obj);
4144 return ERR_PTR(ret);
4145 }
4146
4147 static bool discard_backing_storage(struct drm_i915_gem_object *obj)
4148 {
4149 /* If we are the last user of the backing storage (be it shmemfs
4150 * pages or stolen etc), we know that the pages are going to be
4151 * immediately released. In this case, we can then skip copying
4152 * back the contents from the GPU.
4153 */
4154
4155 if (obj->mm.madv != I915_MADV_WILLNEED)
4156 return false;
4157
4158 if (obj->base.filp == NULL)
4159 return true;
4160
4161 /* At first glance, this looks racy, but then again so would be
4162 * userspace racing mmap against close. However, the first external
4163 * reference to the filp can only be obtained through the
4164 * i915_gem_mmap_ioctl() which safeguards us against the user
4165 * acquiring such a reference whilst we are in the middle of
4166 * freeing the object.
4167 */
4168 return atomic_long_read(&obj->base.filp->f_count) == 1;
4169 }
4170
4171 static void __i915_gem_free_objects(struct drm_i915_private *i915,
4172 struct llist_node *freed)
4173 {
4174 struct drm_i915_gem_object *obj, *on;
4175
4176 mutex_lock(&i915->drm.struct_mutex);
4177 intel_runtime_pm_get(i915);
4178 llist_for_each_entry(obj, freed, freed) {
4179 struct i915_vma *vma, *vn;
4180
4181 trace_i915_gem_object_destroy(obj);
4182
4183 GEM_BUG_ON(i915_gem_object_is_active(obj));
4184 list_for_each_entry_safe(vma, vn,
4185 &obj->vma_list, obj_link) {
4186 GEM_BUG_ON(!i915_vma_is_ggtt(vma));
4187 GEM_BUG_ON(i915_vma_is_active(vma));
4188 vma->flags &= ~I915_VMA_PIN_MASK;
4189 i915_vma_close(vma);
4190 }
4191 GEM_BUG_ON(!list_empty(&obj->vma_list));
4192 GEM_BUG_ON(!RB_EMPTY_ROOT(&obj->vma_tree));
4193
4194 list_del(&obj->global_link);
4195 }
4196 intel_runtime_pm_put(i915);
4197 mutex_unlock(&i915->drm.struct_mutex);
4198
4199 llist_for_each_entry_safe(obj, on, freed, freed) {
4200 GEM_BUG_ON(obj->bind_count);
4201 GEM_BUG_ON(atomic_read(&obj->frontbuffer_bits));
4202
4203 if (obj->ops->release)
4204 obj->ops->release(obj);
4205
4206 if (WARN_ON(i915_gem_object_has_pinned_pages(obj)))
4207 atomic_set(&obj->mm.pages_pin_count, 0);
4208 __i915_gem_object_put_pages(obj, I915_MM_NORMAL);
4209 GEM_BUG_ON(obj->mm.pages);
4210
4211 if (obj->base.import_attach)
4212 drm_prime_gem_destroy(&obj->base, NULL);
4213
4214 reservation_object_fini(&obj->__builtin_resv);
4215 drm_gem_object_release(&obj->base);
4216 i915_gem_info_remove_obj(i915, obj->base.size);
4217
4218 kfree(obj->bit_17);
4219 i915_gem_object_free(obj);
4220 }
4221 }
4222
4223 static void i915_gem_flush_free_objects(struct drm_i915_private *i915)
4224 {
4225 struct llist_node *freed;
4226
4227 freed = llist_del_all(&i915->mm.free_list);
4228 if (unlikely(freed))
4229 __i915_gem_free_objects(i915, freed);
4230 }
4231
4232 static void __i915_gem_free_work(struct work_struct *work)
4233 {
4234 struct drm_i915_private *i915 =
4235 container_of(work, struct drm_i915_private, mm.free_work);
4236 struct llist_node *freed;
4237
4238 /* All file-owned VMA should have been released by this point through
4239 * i915_gem_close_object(), or earlier by i915_gem_context_close().
4240 * However, the object may also be bound into the global GTT (e.g.
4241 * older GPUs without per-process support, or for direct access through
4242 * the GTT either for the user or for scanout). Those VMA still need to
4243 * unbound now.
4244 */
4245
4246 while ((freed = llist_del_all(&i915->mm.free_list)))
4247 __i915_gem_free_objects(i915, freed);
4248 }
4249
4250 static void __i915_gem_free_object_rcu(struct rcu_head *head)
4251 {
4252 struct drm_i915_gem_object *obj =
4253 container_of(head, typeof(*obj), rcu);
4254 struct drm_i915_private *i915 = to_i915(obj->base.dev);
4255
4256 /* We can't simply use call_rcu() from i915_gem_free_object()
4257 * as we need to block whilst unbinding, and the call_rcu
4258 * task may be called from softirq context. So we take a
4259 * detour through a worker.
4260 */
4261 if (llist_add(&obj->freed, &i915->mm.free_list))
4262 schedule_work(&i915->mm.free_work);
4263 }
4264
4265 void i915_gem_free_object(struct drm_gem_object *gem_obj)
4266 {
4267 struct drm_i915_gem_object *obj = to_intel_bo(gem_obj);
4268
4269 if (obj->mm.quirked)
4270 __i915_gem_object_unpin_pages(obj);
4271
4272 if (discard_backing_storage(obj))
4273 obj->mm.madv = I915_MADV_DONTNEED;
4274
4275 /* Before we free the object, make sure any pure RCU-only
4276 * read-side critical sections are complete, e.g.
4277 * i915_gem_busy_ioctl(). For the corresponding synchronized
4278 * lookup see i915_gem_object_lookup_rcu().
4279 */
4280 call_rcu(&obj->rcu, __i915_gem_free_object_rcu);
4281 }
4282
4283 void __i915_gem_object_release_unless_active(struct drm_i915_gem_object *obj)
4284 {
4285 lockdep_assert_held(&obj->base.dev->struct_mutex);
4286
4287 GEM_BUG_ON(i915_gem_object_has_active_reference(obj));
4288 if (i915_gem_object_is_active(obj))
4289 i915_gem_object_set_active_reference(obj);
4290 else
4291 i915_gem_object_put(obj);
4292 }
4293
4294 static void assert_kernel_context_is_current(struct drm_i915_private *dev_priv)
4295 {
4296 struct intel_engine_cs *engine;
4297 enum intel_engine_id id;
4298
4299 for_each_engine(engine, dev_priv, id)
4300 GEM_BUG_ON(engine->last_retired_context &&
4301 !i915_gem_context_is_kernel(engine->last_retired_context));
4302 }
4303
4304 void i915_gem_sanitize(struct drm_i915_private *i915)
4305 {
4306 /*
4307 * If we inherit context state from the BIOS or earlier occupants
4308 * of the GPU, the GPU may be in an inconsistent state when we
4309 * try to take over. The only way to remove the earlier state
4310 * is by resetting. However, resetting on earlier gen is tricky as
4311 * it may impact the display and we are uncertain about the stability
4312 * of the reset, so we only reset recent machines with logical
4313 * context support (that must be reset to remove any stray contexts).
4314 */
4315 if (HAS_HW_CONTEXTS(i915)) {
4316 int reset = intel_gpu_reset(i915, ALL_ENGINES);
4317 WARN_ON(reset && reset != -ENODEV);
4318 }
4319 }
4320
4321 int i915_gem_suspend(struct drm_i915_private *dev_priv)
4322 {
4323 struct drm_device *dev = &dev_priv->drm;
4324 int ret;
4325
4326 intel_runtime_pm_get(dev_priv);
4327 intel_suspend_gt_powersave(dev_priv);
4328
4329 mutex_lock(&dev->struct_mutex);
4330
4331 /* We have to flush all the executing contexts to main memory so
4332 * that they can saved in the hibernation image. To ensure the last
4333 * context image is coherent, we have to switch away from it. That
4334 * leaves the dev_priv->kernel_context still active when
4335 * we actually suspend, and its image in memory may not match the GPU
4336 * state. Fortunately, the kernel_context is disposable and we do
4337 * not rely on its state.
4338 */
4339 ret = i915_gem_switch_to_kernel_context(dev_priv);
4340 if (ret)
4341 goto err_unlock;
4342
4343 ret = i915_gem_wait_for_idle(dev_priv,
4344 I915_WAIT_INTERRUPTIBLE |
4345 I915_WAIT_LOCKED);
4346 if (ret)
4347 goto err_unlock;
4348
4349 i915_gem_retire_requests(dev_priv);
4350 GEM_BUG_ON(dev_priv->gt.active_requests);
4351
4352 assert_kernel_context_is_current(dev_priv);
4353 i915_gem_context_lost(dev_priv);
4354 mutex_unlock(&dev->struct_mutex);
4355
4356 cancel_delayed_work_sync(&dev_priv->gpu_error.hangcheck_work);
4357 cancel_delayed_work_sync(&dev_priv->gt.retire_work);
4358
4359 /* As the idle_work is rearming if it detects a race, play safe and
4360 * repeat the flush until it is definitely idle.
4361 */
4362 while (flush_delayed_work(&dev_priv->gt.idle_work))
4363 ;
4364
4365 i915_gem_drain_freed_objects(dev_priv);
4366
4367 /* Assert that we sucessfully flushed all the work and
4368 * reset the GPU back to its idle, low power state.
4369 */
4370 WARN_ON(dev_priv->gt.awake);
4371 WARN_ON(!intel_engines_are_idle(dev_priv));
4372
4373 /*
4374 * Neither the BIOS, ourselves or any other kernel
4375 * expects the system to be in execlists mode on startup,
4376 * so we need to reset the GPU back to legacy mode. And the only
4377 * known way to disable logical contexts is through a GPU reset.
4378 *
4379 * So in order to leave the system in a known default configuration,
4380 * always reset the GPU upon unload and suspend. Afterwards we then
4381 * clean up the GEM state tracking, flushing off the requests and
4382 * leaving the system in a known idle state.
4383 *
4384 * Note that is of the upmost importance that the GPU is idle and
4385 * all stray writes are flushed *before* we dismantle the backing
4386 * storage for the pinned objects.
4387 *
4388 * However, since we are uncertain that resetting the GPU on older
4389 * machines is a good idea, we don't - just in case it leaves the
4390 * machine in an unusable condition.
4391 */
4392 i915_gem_sanitize(dev_priv);
4393 goto out_rpm_put;
4394
4395 err_unlock:
4396 mutex_unlock(&dev->struct_mutex);
4397 out_rpm_put:
4398 intel_runtime_pm_put(dev_priv);
4399 return ret;
4400 }
4401
4402 void i915_gem_resume(struct drm_i915_private *dev_priv)
4403 {
4404 struct drm_device *dev = &dev_priv->drm;
4405
4406 WARN_ON(dev_priv->gt.awake);
4407
4408 mutex_lock(&dev->struct_mutex);
4409 i915_gem_restore_gtt_mappings(dev_priv);
4410
4411 /* As we didn't flush the kernel context before suspend, we cannot
4412 * guarantee that the context image is complete. So let's just reset
4413 * it and start again.
4414 */
4415 dev_priv->gt.resume(dev_priv);
4416
4417 mutex_unlock(&dev->struct_mutex);
4418 }
4419
4420 void i915_gem_init_swizzling(struct drm_i915_private *dev_priv)
4421 {
4422 if (INTEL_GEN(dev_priv) < 5 ||
4423 dev_priv->mm.bit_6_swizzle_x == I915_BIT_6_SWIZZLE_NONE)
4424 return;
4425
4426 I915_WRITE(DISP_ARB_CTL, I915_READ(DISP_ARB_CTL) |
4427 DISP_TILE_SURFACE_SWIZZLING);
4428
4429 if (IS_GEN5(dev_priv))
4430 return;
4431
4432 I915_WRITE(TILECTL, I915_READ(TILECTL) | TILECTL_SWZCTL);
4433 if (IS_GEN6(dev_priv))
4434 I915_WRITE(ARB_MODE, _MASKED_BIT_ENABLE(ARB_MODE_SWIZZLE_SNB));
4435 else if (IS_GEN7(dev_priv))
4436 I915_WRITE(ARB_MODE, _MASKED_BIT_ENABLE(ARB_MODE_SWIZZLE_IVB));
4437 else if (IS_GEN8(dev_priv))
4438 I915_WRITE(GAMTARBMODE, _MASKED_BIT_ENABLE(ARB_MODE_SWIZZLE_BDW));
4439 else
4440 BUG();
4441 }
4442
4443 static void init_unused_ring(struct drm_i915_private *dev_priv, u32 base)
4444 {
4445 I915_WRITE(RING_CTL(base), 0);
4446 I915_WRITE(RING_HEAD(base), 0);
4447 I915_WRITE(RING_TAIL(base), 0);
4448 I915_WRITE(RING_START(base), 0);
4449 }
4450
4451 static void init_unused_rings(struct drm_i915_private *dev_priv)
4452 {
4453 if (IS_I830(dev_priv)) {
4454 init_unused_ring(dev_priv, PRB1_BASE);
4455 init_unused_ring(dev_priv, SRB0_BASE);
4456 init_unused_ring(dev_priv, SRB1_BASE);
4457 init_unused_ring(dev_priv, SRB2_BASE);
4458 init_unused_ring(dev_priv, SRB3_BASE);
4459 } else if (IS_GEN2(dev_priv)) {
4460 init_unused_ring(dev_priv, SRB0_BASE);
4461 init_unused_ring(dev_priv, SRB1_BASE);
4462 } else if (IS_GEN3(dev_priv)) {
4463 init_unused_ring(dev_priv, PRB1_BASE);
4464 init_unused_ring(dev_priv, PRB2_BASE);
4465 }
4466 }
4467
4468 static int __i915_gem_restart_engines(void *data)
4469 {
4470 struct drm_i915_private *i915 = data;
4471 struct intel_engine_cs *engine;
4472 enum intel_engine_id id;
4473 int err;
4474
4475 for_each_engine(engine, i915, id) {
4476 err = engine->init_hw(engine);
4477 if (err)
4478 return err;
4479 }
4480
4481 return 0;
4482 }
4483
4484 int i915_gem_init_hw(struct drm_i915_private *dev_priv)
4485 {
4486 int ret;
4487
4488 dev_priv->gt.last_init_time = ktime_get();
4489
4490 /* Double layer security blanket, see i915_gem_init() */
4491 intel_uncore_forcewake_get(dev_priv, FORCEWAKE_ALL);
4492
4493 if (HAS_EDRAM(dev_priv) && INTEL_GEN(dev_priv) < 9)
4494 I915_WRITE(HSW_IDICR, I915_READ(HSW_IDICR) | IDIHASHMSK(0xf));
4495
4496 if (IS_HASWELL(dev_priv))
4497 I915_WRITE(MI_PREDICATE_RESULT_2, IS_HSW_GT3(dev_priv) ?
4498 LOWER_SLICE_ENABLED : LOWER_SLICE_DISABLED);
4499
4500 if (HAS_PCH_NOP(dev_priv)) {
4501 if (IS_IVYBRIDGE(dev_priv)) {
4502 u32 temp = I915_READ(GEN7_MSG_CTL);
4503 temp &= ~(WAIT_FOR_PCH_FLR_ACK | WAIT_FOR_PCH_RESET_ACK);
4504 I915_WRITE(GEN7_MSG_CTL, temp);
4505 } else if (INTEL_GEN(dev_priv) >= 7) {
4506 u32 temp = I915_READ(HSW_NDE_RSTWRN_OPT);
4507 temp &= ~RESET_PCH_HANDSHAKE_ENABLE;
4508 I915_WRITE(HSW_NDE_RSTWRN_OPT, temp);
4509 }
4510 }
4511
4512 i915_gem_init_swizzling(dev_priv);
4513
4514 /*
4515 * At least 830 can leave some of the unused rings
4516 * "active" (ie. head != tail) after resume which
4517 * will prevent c3 entry. Makes sure all unused rings
4518 * are totally idle.
4519 */
4520 init_unused_rings(dev_priv);
4521
4522 BUG_ON(!dev_priv->kernel_context);
4523
4524 ret = i915_ppgtt_init_hw(dev_priv);
4525 if (ret) {
4526 DRM_ERROR("PPGTT enable HW failed %d\n", ret);
4527 goto out;
4528 }
4529
4530 /* Need to do basic initialisation of all rings first: */
4531 ret = __i915_gem_restart_engines(dev_priv);
4532 if (ret)
4533 goto out;
4534
4535 intel_mocs_init_l3cc_table(dev_priv);
4536
4537 /* We can't enable contexts until all firmware is loaded */
4538 ret = intel_guc_setup(dev_priv);
4539 if (ret)
4540 goto out;
4541
4542 out:
4543 intel_uncore_forcewake_put(dev_priv, FORCEWAKE_ALL);
4544 return ret;
4545 }
4546
4547 bool intel_sanitize_semaphores(struct drm_i915_private *dev_priv, int value)
4548 {
4549 if (INTEL_INFO(dev_priv)->gen < 6)
4550 return false;
4551
4552 /* TODO: make semaphores and Execlists play nicely together */
4553 if (i915.enable_execlists)
4554 return false;
4555
4556 if (value >= 0)
4557 return value;
4558
4559 #ifdef CONFIG_INTEL_IOMMU
4560 /* Enable semaphores on SNB when IO remapping is off */
4561 if (INTEL_INFO(dev_priv)->gen == 6 && intel_iommu_gfx_mapped)
4562 return false;
4563 #endif
4564
4565 return true;
4566 }
4567
4568 int i915_gem_init(struct drm_i915_private *dev_priv)
4569 {
4570 int ret;
4571
4572 mutex_lock(&dev_priv->drm.struct_mutex);
4573
4574 i915_gem_clflush_init(dev_priv);
4575
4576 if (!i915.enable_execlists) {
4577 dev_priv->gt.resume = intel_legacy_submission_resume;
4578 dev_priv->gt.cleanup_engine = intel_engine_cleanup;
4579 } else {
4580 dev_priv->gt.resume = intel_lr_context_resume;
4581 dev_priv->gt.cleanup_engine = intel_logical_ring_cleanup;
4582 }
4583
4584 /* This is just a security blanket to placate dragons.
4585 * On some systems, we very sporadically observe that the first TLBs
4586 * used by the CS may be stale, despite us poking the TLB reset. If
4587 * we hold the forcewake during initialisation these problems
4588 * just magically go away.
4589 */
4590 intel_uncore_forcewake_get(dev_priv, FORCEWAKE_ALL);
4591
4592 i915_gem_init_userptr(dev_priv);
4593
4594 ret = i915_gem_init_ggtt(dev_priv);
4595 if (ret)
4596 goto out_unlock;
4597
4598 ret = i915_gem_context_init(dev_priv);
4599 if (ret)
4600 goto out_unlock;
4601
4602 ret = intel_engines_init(dev_priv);
4603 if (ret)
4604 goto out_unlock;
4605
4606 ret = i915_gem_init_hw(dev_priv);
4607 if (ret == -EIO) {
4608 /* Allow engine initialisation to fail by marking the GPU as
4609 * wedged. But we only want to do this where the GPU is angry,
4610 * for all other failure, such as an allocation failure, bail.
4611 */
4612 DRM_ERROR("Failed to initialize GPU, declaring it wedged\n");
4613 i915_gem_set_wedged(dev_priv);
4614 ret = 0;
4615 }
4616
4617 out_unlock:
4618 intel_uncore_forcewake_put(dev_priv, FORCEWAKE_ALL);
4619 mutex_unlock(&dev_priv->drm.struct_mutex);
4620
4621 return ret;
4622 }
4623
4624 void i915_gem_init_mmio(struct drm_i915_private *i915)
4625 {
4626 i915_gem_sanitize(i915);
4627 }
4628
4629 void
4630 i915_gem_cleanup_engines(struct drm_i915_private *dev_priv)
4631 {
4632 struct intel_engine_cs *engine;
4633 enum intel_engine_id id;
4634
4635 for_each_engine(engine, dev_priv, id)
4636 dev_priv->gt.cleanup_engine(engine);
4637 }
4638
4639 void
4640 i915_gem_load_init_fences(struct drm_i915_private *dev_priv)
4641 {
4642 int i;
4643
4644 if (INTEL_INFO(dev_priv)->gen >= 7 && !IS_VALLEYVIEW(dev_priv) &&
4645 !IS_CHERRYVIEW(dev_priv))
4646 dev_priv->num_fence_regs = 32;
4647 else if (INTEL_INFO(dev_priv)->gen >= 4 ||
4648 IS_I945G(dev_priv) || IS_I945GM(dev_priv) ||
4649 IS_G33(dev_priv) || IS_PINEVIEW(dev_priv))
4650 dev_priv->num_fence_regs = 16;
4651 else
4652 dev_priv->num_fence_regs = 8;
4653
4654 if (intel_vgpu_active(dev_priv))
4655 dev_priv->num_fence_regs =
4656 I915_READ(vgtif_reg(avail_rs.fence_num));
4657
4658 /* Initialize fence registers to zero */
4659 for (i = 0; i < dev_priv->num_fence_regs; i++) {
4660 struct drm_i915_fence_reg *fence = &dev_priv->fence_regs[i];
4661
4662 fence->i915 = dev_priv;
4663 fence->id = i;
4664 list_add_tail(&fence->link, &dev_priv->mm.fence_list);
4665 }
4666 i915_gem_restore_fences(dev_priv);
4667
4668 i915_gem_detect_bit_6_swizzle(dev_priv);
4669 }
4670
4671 int
4672 i915_gem_load_init(struct drm_i915_private *dev_priv)
4673 {
4674 int err = -ENOMEM;
4675
4676 dev_priv->objects = KMEM_CACHE(drm_i915_gem_object, SLAB_HWCACHE_ALIGN);
4677 if (!dev_priv->objects)
4678 goto err_out;
4679
4680 dev_priv->vmas = KMEM_CACHE(i915_vma, SLAB_HWCACHE_ALIGN);
4681 if (!dev_priv->vmas)
4682 goto err_objects;
4683
4684 dev_priv->requests = KMEM_CACHE(drm_i915_gem_request,
4685 SLAB_HWCACHE_ALIGN |
4686 SLAB_RECLAIM_ACCOUNT |
4687 SLAB_DESTROY_BY_RCU);
4688 if (!dev_priv->requests)
4689 goto err_vmas;
4690
4691 dev_priv->dependencies = KMEM_CACHE(i915_dependency,
4692 SLAB_HWCACHE_ALIGN |
4693 SLAB_RECLAIM_ACCOUNT);
4694 if (!dev_priv->dependencies)
4695 goto err_requests;
4696
4697 mutex_lock(&dev_priv->drm.struct_mutex);
4698 INIT_LIST_HEAD(&dev_priv->gt.timelines);
4699 err = i915_gem_timeline_init__global(dev_priv);
4700 mutex_unlock(&dev_priv->drm.struct_mutex);
4701 if (err)
4702 goto err_dependencies;
4703
4704 INIT_LIST_HEAD(&dev_priv->context_list);
4705 INIT_WORK(&dev_priv->mm.free_work, __i915_gem_free_work);
4706 init_llist_head(&dev_priv->mm.free_list);
4707 INIT_LIST_HEAD(&dev_priv->mm.unbound_list);
4708 INIT_LIST_HEAD(&dev_priv->mm.bound_list);
4709 INIT_LIST_HEAD(&dev_priv->mm.fence_list);
4710 INIT_LIST_HEAD(&dev_priv->mm.userfault_list);
4711 INIT_DELAYED_WORK(&dev_priv->gt.retire_work,
4712 i915_gem_retire_work_handler);
4713 INIT_DELAYED_WORK(&dev_priv->gt.idle_work,
4714 i915_gem_idle_work_handler);
4715 init_waitqueue_head(&dev_priv->gpu_error.wait_queue);
4716 init_waitqueue_head(&dev_priv->gpu_error.reset_queue);
4717
4718 init_waitqueue_head(&dev_priv->pending_flip_queue);
4719
4720 dev_priv->mm.interruptible = true;
4721
4722 atomic_set(&dev_priv->mm.bsd_engine_dispatch_index, 0);
4723
4724 spin_lock_init(&dev_priv->fb_tracking.lock);
4725
4726 return 0;
4727
4728 err_dependencies:
4729 kmem_cache_destroy(dev_priv->dependencies);
4730 err_requests:
4731 kmem_cache_destroy(dev_priv->requests);
4732 err_vmas:
4733 kmem_cache_destroy(dev_priv->vmas);
4734 err_objects:
4735 kmem_cache_destroy(dev_priv->objects);
4736 err_out:
4737 return err;
4738 }
4739
4740 void i915_gem_load_cleanup(struct drm_i915_private *dev_priv)
4741 {
4742 i915_gem_drain_freed_objects(dev_priv);
4743 WARN_ON(!llist_empty(&dev_priv->mm.free_list));
4744 WARN_ON(dev_priv->mm.object_count);
4745
4746 mutex_lock(&dev_priv->drm.struct_mutex);
4747 i915_gem_timeline_fini(&dev_priv->gt.global_timeline);
4748 WARN_ON(!list_empty(&dev_priv->gt.timelines));
4749 mutex_unlock(&dev_priv->drm.struct_mutex);
4750
4751 kmem_cache_destroy(dev_priv->dependencies);
4752 kmem_cache_destroy(dev_priv->requests);
4753 kmem_cache_destroy(dev_priv->vmas);
4754 kmem_cache_destroy(dev_priv->objects);
4755
4756 /* And ensure that our DESTROY_BY_RCU slabs are truly destroyed */
4757 rcu_barrier();
4758 }
4759
4760 int i915_gem_freeze(struct drm_i915_private *dev_priv)
4761 {
4762 mutex_lock(&dev_priv->drm.struct_mutex);
4763 i915_gem_shrink_all(dev_priv);
4764 mutex_unlock(&dev_priv->drm.struct_mutex);
4765
4766 return 0;
4767 }
4768
4769 int i915_gem_freeze_late(struct drm_i915_private *dev_priv)
4770 {
4771 struct drm_i915_gem_object *obj;
4772 struct list_head *phases[] = {
4773 &dev_priv->mm.unbound_list,
4774 &dev_priv->mm.bound_list,
4775 NULL
4776 }, **p;
4777
4778 /* Called just before we write the hibernation image.
4779 *
4780 * We need to update the domain tracking to reflect that the CPU
4781 * will be accessing all the pages to create and restore from the
4782 * hibernation, and so upon restoration those pages will be in the
4783 * CPU domain.
4784 *
4785 * To make sure the hibernation image contains the latest state,
4786 * we update that state just before writing out the image.
4787 *
4788 * To try and reduce the hibernation image, we manually shrink
4789 * the objects as well.
4790 */
4791
4792 mutex_lock(&dev_priv->drm.struct_mutex);
4793 i915_gem_shrink(dev_priv, -1UL, I915_SHRINK_UNBOUND);
4794
4795 for (p = phases; *p; p++) {
4796 list_for_each_entry(obj, *p, global_link) {
4797 obj->base.read_domains = I915_GEM_DOMAIN_CPU;
4798 obj->base.write_domain = I915_GEM_DOMAIN_CPU;
4799 }
4800 }
4801 mutex_unlock(&dev_priv->drm.struct_mutex);
4802
4803 return 0;
4804 }
4805
4806 void i915_gem_release(struct drm_device *dev, struct drm_file *file)
4807 {
4808 struct drm_i915_file_private *file_priv = file->driver_priv;
4809 struct drm_i915_gem_request *request;
4810
4811 /* Clean up our request list when the client is going away, so that
4812 * later retire_requests won't dereference our soon-to-be-gone
4813 * file_priv.
4814 */
4815 spin_lock(&file_priv->mm.lock);
4816 list_for_each_entry(request, &file_priv->mm.request_list, client_link)
4817 request->file_priv = NULL;
4818 spin_unlock(&file_priv->mm.lock);
4819
4820 if (!list_empty(&file_priv->rps.link)) {
4821 spin_lock(&to_i915(dev)->rps.client_lock);
4822 list_del(&file_priv->rps.link);
4823 spin_unlock(&to_i915(dev)->rps.client_lock);
4824 }
4825 }
4826
4827 int i915_gem_open(struct drm_device *dev, struct drm_file *file)
4828 {
4829 struct drm_i915_file_private *file_priv;
4830 int ret;
4831
4832 DRM_DEBUG("\n");
4833
4834 file_priv = kzalloc(sizeof(*file_priv), GFP_KERNEL);
4835 if (!file_priv)
4836 return -ENOMEM;
4837
4838 file->driver_priv = file_priv;
4839 file_priv->dev_priv = to_i915(dev);
4840 file_priv->file = file;
4841 INIT_LIST_HEAD(&file_priv->rps.link);
4842
4843 spin_lock_init(&file_priv->mm.lock);
4844 INIT_LIST_HEAD(&file_priv->mm.request_list);
4845
4846 file_priv->bsd_engine = -1;
4847
4848 ret = i915_gem_context_open(dev, file);
4849 if (ret)
4850 kfree(file_priv);
4851
4852 return ret;
4853 }
4854
4855 /**
4856 * i915_gem_track_fb - update frontbuffer tracking
4857 * @old: current GEM buffer for the frontbuffer slots
4858 * @new: new GEM buffer for the frontbuffer slots
4859 * @frontbuffer_bits: bitmask of frontbuffer slots
4860 *
4861 * This updates the frontbuffer tracking bits @frontbuffer_bits by clearing them
4862 * from @old and setting them in @new. Both @old and @new can be NULL.
4863 */
4864 void i915_gem_track_fb(struct drm_i915_gem_object *old,
4865 struct drm_i915_gem_object *new,
4866 unsigned frontbuffer_bits)
4867 {
4868 /* Control of individual bits within the mask are guarded by
4869 * the owning plane->mutex, i.e. we can never see concurrent
4870 * manipulation of individual bits. But since the bitfield as a whole
4871 * is updated using RMW, we need to use atomics in order to update
4872 * the bits.
4873 */
4874 BUILD_BUG_ON(INTEL_FRONTBUFFER_BITS_PER_PIPE * I915_MAX_PIPES >
4875 sizeof(atomic_t) * BITS_PER_BYTE);
4876
4877 if (old) {
4878 WARN_ON(!(atomic_read(&old->frontbuffer_bits) & frontbuffer_bits));
4879 atomic_andnot(frontbuffer_bits, &old->frontbuffer_bits);
4880 }
4881
4882 if (new) {
4883 WARN_ON(atomic_read(&new->frontbuffer_bits) & frontbuffer_bits);
4884 atomic_or(frontbuffer_bits, &new->frontbuffer_bits);
4885 }
4886 }
4887
4888 /* Allocate a new GEM object and fill it with the supplied data */
4889 struct drm_i915_gem_object *
4890 i915_gem_object_create_from_data(struct drm_i915_private *dev_priv,
4891 const void *data, size_t size)
4892 {
4893 struct drm_i915_gem_object *obj;
4894 struct sg_table *sg;
4895 size_t bytes;
4896 int ret;
4897
4898 obj = i915_gem_object_create(dev_priv, round_up(size, PAGE_SIZE));
4899 if (IS_ERR(obj))
4900 return obj;
4901
4902 ret = i915_gem_object_set_to_cpu_domain(obj, true);
4903 if (ret)
4904 goto fail;
4905
4906 ret = i915_gem_object_pin_pages(obj);
4907 if (ret)
4908 goto fail;
4909
4910 sg = obj->mm.pages;
4911 bytes = sg_copy_from_buffer(sg->sgl, sg->nents, (void *)data, size);
4912 obj->mm.dirty = true; /* Backing store is now out of date */
4913 i915_gem_object_unpin_pages(obj);
4914
4915 if (WARN_ON(bytes != size)) {
4916 DRM_ERROR("Incomplete copy, wrote %zu of %zu", bytes, size);
4917 ret = -EFAULT;
4918 goto fail;
4919 }
4920
4921 return obj;
4922
4923 fail:
4924 i915_gem_object_put(obj);
4925 return ERR_PTR(ret);
4926 }
4927
4928 struct scatterlist *
4929 i915_gem_object_get_sg(struct drm_i915_gem_object *obj,
4930 unsigned int n,
4931 unsigned int *offset)
4932 {
4933 struct i915_gem_object_page_iter *iter = &obj->mm.get_page;
4934 struct scatterlist *sg;
4935 unsigned int idx, count;
4936
4937 might_sleep();
4938 GEM_BUG_ON(n >= obj->base.size >> PAGE_SHIFT);
4939 GEM_BUG_ON(!i915_gem_object_has_pinned_pages(obj));
4940
4941 /* As we iterate forward through the sg, we record each entry in a
4942 * radixtree for quick repeated (backwards) lookups. If we have seen
4943 * this index previously, we will have an entry for it.
4944 *
4945 * Initial lookup is O(N), but this is amortized to O(1) for
4946 * sequential page access (where each new request is consecutive
4947 * to the previous one). Repeated lookups are O(lg(obj->base.size)),
4948 * i.e. O(1) with a large constant!
4949 */
4950 if (n < READ_ONCE(iter->sg_idx))
4951 goto lookup;
4952
4953 mutex_lock(&iter->lock);
4954
4955 /* We prefer to reuse the last sg so that repeated lookup of this
4956 * (or the subsequent) sg are fast - comparing against the last
4957 * sg is faster than going through the radixtree.
4958 */
4959
4960 sg = iter->sg_pos;
4961 idx = iter->sg_idx;
4962 count = __sg_page_count(sg);
4963
4964 while (idx + count <= n) {
4965 unsigned long exception, i;
4966 int ret;
4967
4968 /* If we cannot allocate and insert this entry, or the
4969 * individual pages from this range, cancel updating the
4970 * sg_idx so that on this lookup we are forced to linearly
4971 * scan onwards, but on future lookups we will try the
4972 * insertion again (in which case we need to be careful of
4973 * the error return reporting that we have already inserted
4974 * this index).
4975 */
4976 ret = radix_tree_insert(&iter->radix, idx, sg);
4977 if (ret && ret != -EEXIST)
4978 goto scan;
4979
4980 exception =
4981 RADIX_TREE_EXCEPTIONAL_ENTRY |
4982 idx << RADIX_TREE_EXCEPTIONAL_SHIFT;
4983 for (i = 1; i < count; i++) {
4984 ret = radix_tree_insert(&iter->radix, idx + i,
4985 (void *)exception);
4986 if (ret && ret != -EEXIST)
4987 goto scan;
4988 }
4989
4990 idx += count;
4991 sg = ____sg_next(sg);
4992 count = __sg_page_count(sg);
4993 }
4994
4995 scan:
4996 iter->sg_pos = sg;
4997 iter->sg_idx = idx;
4998
4999 mutex_unlock(&iter->lock);
5000
5001 if (unlikely(n < idx)) /* insertion completed by another thread */
5002 goto lookup;
5003
5004 /* In case we failed to insert the entry into the radixtree, we need
5005 * to look beyond the current sg.
5006 */
5007 while (idx + count <= n) {
5008 idx += count;
5009 sg = ____sg_next(sg);
5010 count = __sg_page_count(sg);
5011 }
5012
5013 *offset = n - idx;
5014 return sg;
5015
5016 lookup:
5017 rcu_read_lock();
5018
5019 sg = radix_tree_lookup(&iter->radix, n);
5020 GEM_BUG_ON(!sg);
5021
5022 /* If this index is in the middle of multi-page sg entry,
5023 * the radixtree will contain an exceptional entry that points
5024 * to the start of that range. We will return the pointer to
5025 * the base page and the offset of this page within the
5026 * sg entry's range.
5027 */
5028 *offset = 0;
5029 if (unlikely(radix_tree_exception(sg))) {
5030 unsigned long base =
5031 (unsigned long)sg >> RADIX_TREE_EXCEPTIONAL_SHIFT;
5032
5033 sg = radix_tree_lookup(&iter->radix, base);
5034 GEM_BUG_ON(!sg);
5035
5036 *offset = n - base;
5037 }
5038
5039 rcu_read_unlock();
5040
5041 return sg;
5042 }
5043
5044 struct page *
5045 i915_gem_object_get_page(struct drm_i915_gem_object *obj, unsigned int n)
5046 {
5047 struct scatterlist *sg;
5048 unsigned int offset;
5049
5050 GEM_BUG_ON(!i915_gem_object_has_struct_page(obj));
5051
5052 sg = i915_gem_object_get_sg(obj, n, &offset);
5053 return nth_page(sg_page(sg), offset);
5054 }
5055
5056 /* Like i915_gem_object_get_page(), but mark the returned page dirty */
5057 struct page *
5058 i915_gem_object_get_dirty_page(struct drm_i915_gem_object *obj,
5059 unsigned int n)
5060 {
5061 struct page *page;
5062
5063 page = i915_gem_object_get_page(obj, n);
5064 if (!obj->mm.dirty)
5065 set_page_dirty(page);
5066
5067 return page;
5068 }
5069
5070 dma_addr_t
5071 i915_gem_object_get_dma_address(struct drm_i915_gem_object *obj,
5072 unsigned long n)
5073 {
5074 struct scatterlist *sg;
5075 unsigned int offset;
5076
5077 sg = i915_gem_object_get_sg(obj, n, &offset);
5078 return sg_dma_address(sg) + (offset << PAGE_SHIFT);
5079 }
5080
5081 #if IS_ENABLED(CONFIG_DRM_I915_SELFTEST)
5082 #include "selftests/scatterlist.c"
5083 #include "selftests/mock_gem_device.c"
5084 #include "selftests/huge_gem_object.c"
5085 #include "selftests/i915_gem_object.c"
5086 #include "selftests/i915_gem_coherency.c"
5087 #endif
ubuntu-bionic-kernel mirror