linux/drivers/gpu/drm/i915/i915_gem_execbuffer.c
<<
>>
Prefs
   1/*
   2 * Copyright © 2008,2010 Intel Corporation
   3 *
   4 * Permission is hereby granted, free of charge, to any person obtaining a
   5 * copy of this software and associated documentation files (the "Software"),
   6 * to deal in the Software without restriction, including without limitation
   7 * the rights to use, copy, modify, merge, publish, distribute, sublicense,
   8 * and/or sell copies of the Software, and to permit persons to whom the
   9 * Software is furnished to do so, subject to the following conditions:
  10 *
  11 * The above copyright notice and this permission notice (including the next
  12 * paragraph) shall be included in all copies or substantial portions of the
  13 * Software.
  14 *
  15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  16 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  17 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL
  18 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
  19 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
  20 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
  21 * IN THE SOFTWARE.
  22 *
  23 * Authors:
  24 *    Eric Anholt <eric@anholt.net>
  25 *    Chris Wilson <chris@chris-wilson.co.uk>
  26 *
  27 */
  28
  29#include <drm/drmP.h>
  30#include <drm/i915_drm.h>
  31#include "i915_drv.h"
  32#include "i915_trace.h"
  33#include "intel_drv.h"
  34#include <linux/dma_remapping.h>
  35
  36struct eb_objects {
  37        struct list_head objects;
  38        int and;
  39        union {
  40                struct drm_i915_gem_object *lut[0];
  41                struct hlist_head buckets[0];
  42        };
  43};
  44
  45static struct eb_objects *
  46eb_create(struct drm_i915_gem_execbuffer2 *args)
  47{
  48        struct eb_objects *eb = NULL;
  49
  50        if (args->flags & I915_EXEC_HANDLE_LUT) {
  51                int size = args->buffer_count;
  52                size *= sizeof(struct drm_i915_gem_object *);
  53                size += sizeof(struct eb_objects);
  54                eb = kmalloc(size, GFP_TEMPORARY | __GFP_NOWARN | __GFP_NORETRY);
  55        }
  56
  57        if (eb == NULL) {
  58                int size = args->buffer_count;
  59                int count = PAGE_SIZE / sizeof(struct hlist_head) / 2;
  60                BUILD_BUG_ON_NOT_POWER_OF_2(PAGE_SIZE / sizeof(struct hlist_head));
  61                while (count > 2*size)
  62                        count >>= 1;
  63                eb = kzalloc(count*sizeof(struct hlist_head) +
  64                             sizeof(struct eb_objects),
  65                             GFP_TEMPORARY);
  66                if (eb == NULL)
  67                        return eb;
  68
  69                eb->and = count - 1;
  70        } else
  71                eb->and = -args->buffer_count;
  72
  73        INIT_LIST_HEAD(&eb->objects);
  74        return eb;
  75}
  76
  77static void
  78eb_reset(struct eb_objects *eb)
  79{
  80        if (eb->and >= 0)
  81                memset(eb->buckets, 0, (eb->and+1)*sizeof(struct hlist_head));
  82}
  83
  84static int
  85eb_lookup_objects(struct eb_objects *eb,
  86                  struct drm_i915_gem_exec_object2 *exec,
  87                  const struct drm_i915_gem_execbuffer2 *args,
  88                  struct drm_file *file)
  89{
  90        int i;
  91
  92        spin_lock(&file->table_lock);
  93        for (i = 0; i < args->buffer_count; i++) {
  94                struct drm_i915_gem_object *obj;
  95
  96                obj = to_intel_bo(idr_find(&file->object_idr, exec[i].handle));
  97                if (obj == NULL) {
  98                        spin_unlock(&file->table_lock);
  99                        DRM_DEBUG("Invalid object handle %d at index %d\n",
 100                                   exec[i].handle, i);
 101                        return -ENOENT;
 102                }
 103
 104                if (!list_empty(&obj->exec_list)) {
 105                        spin_unlock(&file->table_lock);
 106                        DRM_DEBUG("Object %p [handle %d, index %d] appears more than once in object list\n",
 107                                   obj, exec[i].handle, i);
 108                        return -EINVAL;
 109                }
 110
 111                drm_gem_object_reference(&obj->base);
 112                list_add_tail(&obj->exec_list, &eb->objects);
 113
 114                obj->exec_entry = &exec[i];
 115                if (eb->and < 0) {
 116                        eb->lut[i] = obj;
 117                } else {
 118                        uint32_t handle = args->flags & I915_EXEC_HANDLE_LUT ? i : exec[i].handle;
 119                        obj->exec_handle = handle;
 120                        hlist_add_head(&obj->exec_node,
 121                                       &eb->buckets[handle & eb->and]);
 122                }
 123        }
 124        spin_unlock(&file->table_lock);
 125
 126        return 0;
 127}
 128
 129static struct drm_i915_gem_object *
 130eb_get_object(struct eb_objects *eb, unsigned long handle)
 131{
 132        if (eb->and < 0) {
 133                if (handle >= -eb->and)
 134                        return NULL;
 135                return eb->lut[handle];
 136        } else {
 137                struct hlist_head *head;
 138                struct hlist_node *node;
 139
 140                head = &eb->buckets[handle & eb->and];
 141                hlist_for_each(node, head) {
 142                        struct drm_i915_gem_object *obj;
 143
 144                        obj = hlist_entry(node, struct drm_i915_gem_object, exec_node);
 145                        if (obj->exec_handle == handle)
 146                                return obj;
 147                }
 148                return NULL;
 149        }
 150}
 151
 152static void
 153eb_destroy(struct eb_objects *eb)
 154{
 155        while (!list_empty(&eb->objects)) {
 156                struct drm_i915_gem_object *obj;
 157
 158                obj = list_first_entry(&eb->objects,
 159                                       struct drm_i915_gem_object,
 160                                       exec_list);
 161                list_del_init(&obj->exec_list);
 162                drm_gem_object_unreference(&obj->base);
 163        }
 164        kfree(eb);
 165}
 166
 167static inline int use_cpu_reloc(struct drm_i915_gem_object *obj)
 168{
 169        return (obj->base.write_domain == I915_GEM_DOMAIN_CPU ||
 170                !obj->map_and_fenceable ||
 171                obj->cache_level != I915_CACHE_NONE);
 172}
 173
 174static int
 175i915_gem_execbuffer_relocate_entry(struct drm_i915_gem_object *obj,
 176                                   struct eb_objects *eb,
 177                                   struct drm_i915_gem_relocation_entry *reloc)
 178{
 179        struct drm_device *dev = obj->base.dev;
 180        struct drm_gem_object *target_obj;
 181        struct drm_i915_gem_object *target_i915_obj;
 182        uint32_t target_offset;
 183        int ret = -EINVAL;
 184
 185        /* we've already hold a reference to all valid objects */
 186        target_obj = &eb_get_object(eb, reloc->target_handle)->base;
 187        if (unlikely(target_obj == NULL))
 188                return -ENOENT;
 189
 190        target_i915_obj = to_intel_bo(target_obj);
 191        target_offset = target_i915_obj->gtt_offset;
 192
 193        /* Sandybridge PPGTT errata: We need a global gtt mapping for MI and
 194         * pipe_control writes because the gpu doesn't properly redirect them
 195         * through the ppgtt for non_secure batchbuffers. */
 196        if (unlikely(IS_GEN6(dev) &&
 197            reloc->write_domain == I915_GEM_DOMAIN_INSTRUCTION &&
 198            !target_i915_obj->has_global_gtt_mapping)) {
 199                i915_gem_gtt_bind_object(target_i915_obj,
 200                                         target_i915_obj->cache_level);
 201        }
 202
 203        /* Validate that the target is in a valid r/w GPU domain */
 204        if (unlikely(reloc->write_domain & (reloc->write_domain - 1))) {
 205                DRM_DEBUG("reloc with multiple write domains: "
 206                          "obj %p target %d offset %d "
 207                          "read %08x write %08x",
 208                          obj, reloc->target_handle,
 209                          (int) reloc->offset,
 210                          reloc->read_domains,
 211                          reloc->write_domain);
 212                return ret;
 213        }
 214        if (unlikely((reloc->write_domain | reloc->read_domains)
 215                     & ~I915_GEM_GPU_DOMAINS)) {
 216                DRM_DEBUG("reloc with read/write non-GPU domains: "
 217                          "obj %p target %d offset %d "
 218                          "read %08x write %08x",
 219                          obj, reloc->target_handle,
 220                          (int) reloc->offset,
 221                          reloc->read_domains,
 222                          reloc->write_domain);
 223                return ret;
 224        }
 225
 226        target_obj->pending_read_domains |= reloc->read_domains;
 227        target_obj->pending_write_domain |= reloc->write_domain;
 228
 229        /* If the relocation already has the right value in it, no
 230         * more work needs to be done.
 231         */
 232        if (target_offset == reloc->presumed_offset)
 233                return 0;
 234
 235        /* Check that the relocation address is valid... */
 236        if (unlikely(reloc->offset > obj->base.size - 4)) {
 237                DRM_DEBUG("Relocation beyond object bounds: "
 238                          "obj %p target %d offset %d size %d.\n",
 239                          obj, reloc->target_handle,
 240                          (int) reloc->offset,
 241                          (int) obj->base.size);
 242                return ret;
 243        }
 244        if (unlikely(reloc->offset & 3)) {
 245                DRM_DEBUG("Relocation not 4-byte aligned: "
 246                          "obj %p target %d offset %d.\n",
 247                          obj, reloc->target_handle,
 248                          (int) reloc->offset);
 249                return ret;
 250        }
 251
 252        /* We can't wait for rendering with pagefaults disabled */
 253        if (obj->active && in_atomic())
 254                return -EFAULT;
 255
 256        reloc->delta += target_offset;
 257        if (use_cpu_reloc(obj)) {
 258                uint32_t page_offset = reloc->offset & ~PAGE_MASK;
 259                char *vaddr;
 260
 261                ret = i915_gem_object_set_to_cpu_domain(obj, 1);
 262                if (ret)
 263                        return ret;
 264
 265                vaddr = kmap_atomic(i915_gem_object_get_page(obj,
 266                                                             reloc->offset >> PAGE_SHIFT));
 267                *(uint32_t *)(vaddr + page_offset) = reloc->delta;
 268                kunmap_atomic(vaddr);
 269        } else {
 270                struct drm_i915_private *dev_priv = dev->dev_private;
 271                uint32_t __iomem *reloc_entry;
 272                void __iomem *reloc_page;
 273
 274                ret = i915_gem_object_set_to_gtt_domain(obj, true);
 275                if (ret)
 276                        return ret;
 277
 278                ret = i915_gem_object_put_fence(obj);
 279                if (ret)
 280                        return ret;
 281
 282                /* Map the page containing the relocation we're going to perform.  */
 283                reloc->offset += obj->gtt_offset;
 284                reloc_page = io_mapping_map_atomic_wc(dev_priv->gtt.mappable,
 285                                                      reloc->offset & PAGE_MASK);
 286                reloc_entry = (uint32_t __iomem *)
 287                        (reloc_page + (reloc->offset & ~PAGE_MASK));
 288                iowrite32(reloc->delta, reloc_entry);
 289                io_mapping_unmap_atomic(reloc_page);
 290        }
 291
 292        /* and update the user's relocation entry */
 293        reloc->presumed_offset = target_offset;
 294
 295        return 0;
 296}
 297
 298static int
 299i915_gem_execbuffer_relocate_object(struct drm_i915_gem_object *obj,
 300                                    struct eb_objects *eb)
 301{
 302#define N_RELOC(x) ((x) / sizeof(struct drm_i915_gem_relocation_entry))
 303        struct drm_i915_gem_relocation_entry stack_reloc[N_RELOC(512)];
 304        struct drm_i915_gem_relocation_entry __user *user_relocs;
 305        struct drm_i915_gem_exec_object2 *entry = obj->exec_entry;
 306        int remain, ret;
 307
 308        user_relocs = to_user_ptr(entry->relocs_ptr);
 309
 310        remain = entry->relocation_count;
 311        while (remain) {
 312                struct drm_i915_gem_relocation_entry *r = stack_reloc;
 313                int count = remain;
 314                if (count > ARRAY_SIZE(stack_reloc))
 315                        count = ARRAY_SIZE(stack_reloc);
 316                remain -= count;
 317
 318                if (__copy_from_user_inatomic(r, user_relocs, count*sizeof(r[0])))
 319                        return -EFAULT;
 320
 321                do {
 322                        u64 offset = r->presumed_offset;
 323
 324                        ret = i915_gem_execbuffer_relocate_entry(obj, eb, r);
 325                        if (ret)
 326                                return ret;
 327
 328                        if (r->presumed_offset != offset &&
 329                            __copy_to_user_inatomic(&user_relocs->presumed_offset,
 330                                                    &r->presumed_offset,
 331                                                    sizeof(r->presumed_offset))) {
 332                                return -EFAULT;
 333                        }
 334
 335                        user_relocs++;
 336                        r++;
 337                } while (--count);
 338        }
 339
 340        return 0;
 341#undef N_RELOC
 342}
 343
 344static int
 345i915_gem_execbuffer_relocate_object_slow(struct drm_i915_gem_object *obj,
 346                                         struct eb_objects *eb,
 347                                         struct drm_i915_gem_relocation_entry *relocs)
 348{
 349        const struct drm_i915_gem_exec_object2 *entry = obj->exec_entry;
 350        int i, ret;
 351
 352        for (i = 0; i < entry->relocation_count; i++) {
 353                ret = i915_gem_execbuffer_relocate_entry(obj, eb, &relocs[i]);
 354                if (ret)
 355                        return ret;
 356        }
 357
 358        return 0;
 359}
 360
 361static int
 362i915_gem_execbuffer_relocate(struct eb_objects *eb)
 363{
 364        struct drm_i915_gem_object *obj;
 365        int ret = 0;
 366
 367        /* This is the fast path and we cannot handle a pagefault whilst
 368         * holding the struct mutex lest the user pass in the relocations
 369         * contained within a mmaped bo. For in such a case we, the page
 370         * fault handler would call i915_gem_fault() and we would try to
 371         * acquire the struct mutex again. Obviously this is bad and so
 372         * lockdep complains vehemently.
 373         */
 374        pagefault_disable();
 375        list_for_each_entry(obj, &eb->objects, exec_list) {
 376                ret = i915_gem_execbuffer_relocate_object(obj, eb);
 377                if (ret)
 378                        break;
 379        }
 380        pagefault_enable();
 381
 382        return ret;
 383}
 384
 385#define  __EXEC_OBJECT_HAS_PIN (1<<31)
 386#define  __EXEC_OBJECT_HAS_FENCE (1<<30)
 387
 388static int
 389need_reloc_mappable(struct drm_i915_gem_object *obj)
 390{
 391        struct drm_i915_gem_exec_object2 *entry = obj->exec_entry;
 392        return entry->relocation_count && !use_cpu_reloc(obj);
 393}
 394
 395static int
 396i915_gem_execbuffer_reserve_object(struct drm_i915_gem_object *obj,
 397                                   struct intel_ring_buffer *ring,
 398                                   bool *need_reloc)
 399{
 400        struct drm_i915_private *dev_priv = obj->base.dev->dev_private;
 401        struct drm_i915_gem_exec_object2 *entry = obj->exec_entry;
 402        bool has_fenced_gpu_access = INTEL_INFO(ring->dev)->gen < 4;
 403        bool need_fence, need_mappable;
 404        int ret;
 405
 406        need_fence =
 407                has_fenced_gpu_access &&
 408                entry->flags & EXEC_OBJECT_NEEDS_FENCE &&
 409                obj->tiling_mode != I915_TILING_NONE;
 410        need_mappable = need_fence || need_reloc_mappable(obj);
 411
 412        ret = i915_gem_object_pin(obj, entry->alignment, need_mappable, false);
 413        if (ret)
 414                return ret;
 415
 416        entry->flags |= __EXEC_OBJECT_HAS_PIN;
 417
 418        if (has_fenced_gpu_access) {
 419                if (entry->flags & EXEC_OBJECT_NEEDS_FENCE) {
 420                        ret = i915_gem_object_get_fence(obj);
 421                        if (ret)
 422                                return ret;
 423
 424                        if (i915_gem_object_pin_fence(obj))
 425                                entry->flags |= __EXEC_OBJECT_HAS_FENCE;
 426
 427                        obj->pending_fenced_gpu_access = true;
 428                }
 429        }
 430
 431        /* Ensure ppgtt mapping exists if needed */
 432        if (dev_priv->mm.aliasing_ppgtt && !obj->has_aliasing_ppgtt_mapping) {
 433                i915_ppgtt_bind_object(dev_priv->mm.aliasing_ppgtt,
 434                                       obj, obj->cache_level);
 435
 436                obj->has_aliasing_ppgtt_mapping = 1;
 437        }
 438
 439        if (entry->offset != obj->gtt_offset) {
 440                entry->offset = obj->gtt_offset;
 441                *need_reloc = true;
 442        }
 443
 444        if (entry->flags & EXEC_OBJECT_WRITE) {
 445                obj->base.pending_read_domains = I915_GEM_DOMAIN_RENDER;
 446                obj->base.pending_write_domain = I915_GEM_DOMAIN_RENDER;
 447        }
 448
 449        if (entry->flags & EXEC_OBJECT_NEEDS_GTT &&
 450            !obj->has_global_gtt_mapping)
 451                i915_gem_gtt_bind_object(obj, obj->cache_level);
 452
 453        return 0;
 454}
 455
 456static void
 457i915_gem_execbuffer_unreserve_object(struct drm_i915_gem_object *obj)
 458{
 459        struct drm_i915_gem_exec_object2 *entry;
 460
 461        if (!obj->gtt_space)
 462                return;
 463
 464        entry = obj->exec_entry;
 465
 466        if (entry->flags & __EXEC_OBJECT_HAS_FENCE)
 467                i915_gem_object_unpin_fence(obj);
 468
 469        if (entry->flags & __EXEC_OBJECT_HAS_PIN)
 470                i915_gem_object_unpin(obj);
 471
 472        entry->flags &= ~(__EXEC_OBJECT_HAS_FENCE | __EXEC_OBJECT_HAS_PIN);
 473}
 474
 475static int
 476i915_gem_execbuffer_reserve(struct intel_ring_buffer *ring,
 477                            struct list_head *objects,
 478                            bool *need_relocs)
 479{
 480        struct drm_i915_gem_object *obj;
 481        struct list_head ordered_objects;
 482        bool has_fenced_gpu_access = INTEL_INFO(ring->dev)->gen < 4;
 483        int retry;
 484
 485        INIT_LIST_HEAD(&ordered_objects);
 486        while (!list_empty(objects)) {
 487                struct drm_i915_gem_exec_object2 *entry;
 488                bool need_fence, need_mappable;
 489
 490                obj = list_first_entry(objects,
 491                                       struct drm_i915_gem_object,
 492                                       exec_list);
 493                entry = obj->exec_entry;
 494
 495                need_fence =
 496                        has_fenced_gpu_access &&
 497                        entry->flags & EXEC_OBJECT_NEEDS_FENCE &&
 498                        obj->tiling_mode != I915_TILING_NONE;
 499                need_mappable = need_fence || need_reloc_mappable(obj);
 500
 501                if (need_mappable)
 502                        list_move(&obj->exec_list, &ordered_objects);
 503                else
 504                        list_move_tail(&obj->exec_list, &ordered_objects);
 505
 506                obj->base.pending_read_domains = I915_GEM_GPU_DOMAINS & ~I915_GEM_DOMAIN_COMMAND;
 507                obj->base.pending_write_domain = 0;
 508                obj->pending_fenced_gpu_access = false;
 509        }
 510        list_splice(&ordered_objects, objects);
 511
 512        /* Attempt to pin all of the buffers into the GTT.
 513         * This is done in 3 phases:
 514         *
 515         * 1a. Unbind all objects that do not match the GTT constraints for
 516         *     the execbuffer (fenceable, mappable, alignment etc).
 517         * 1b. Increment pin count for already bound objects.
 518         * 2.  Bind new objects.
 519         * 3.  Decrement pin count.
 520         *
 521         * This avoid unnecessary unbinding of later objects in order to make
 522         * room for the earlier objects *unless* we need to defragment.
 523         */
 524        retry = 0;
 525        do {
 526                int ret = 0;
 527
 528                /* Unbind any ill-fitting objects or pin. */
 529                list_for_each_entry(obj, objects, exec_list) {
 530                        struct drm_i915_gem_exec_object2 *entry = obj->exec_entry;
 531                        bool need_fence, need_mappable;
 532
 533                        if (!obj->gtt_space)
 534                                continue;
 535
 536                        need_fence =
 537                                has_fenced_gpu_access &&
 538                                entry->flags & EXEC_OBJECT_NEEDS_FENCE &&
 539                                obj->tiling_mode != I915_TILING_NONE;
 540                        need_mappable = need_fence || need_reloc_mappable(obj);
 541
 542                        if ((entry->alignment && obj->gtt_offset & (entry->alignment - 1)) ||
 543                            (need_mappable && !obj->map_and_fenceable))
 544                                ret = i915_gem_object_unbind(obj);
 545                        else
 546                                ret = i915_gem_execbuffer_reserve_object(obj, ring, need_relocs);
 547                        if (ret)
 548                                goto err;
 549                }
 550
 551                /* Bind fresh objects */
 552                list_for_each_entry(obj, objects, exec_list) {
 553                        if (obj->gtt_space)
 554                                continue;
 555
 556                        ret = i915_gem_execbuffer_reserve_object(obj, ring, need_relocs);
 557                        if (ret)
 558                                goto err;
 559                }
 560
 561err:            /* Decrement pin count for bound objects */
 562                list_for_each_entry(obj, objects, exec_list)
 563                        i915_gem_execbuffer_unreserve_object(obj);
 564
 565                if (ret != -ENOSPC || retry++)
 566                        return ret;
 567
 568                ret = i915_gem_evict_everything(ring->dev);
 569                if (ret)
 570                        return ret;
 571        } while (1);
 572}
 573
 574static int
 575i915_gem_execbuffer_relocate_slow(struct drm_device *dev,
 576                                  struct drm_i915_gem_execbuffer2 *args,
 577                                  struct drm_file *file,
 578                                  struct intel_ring_buffer *ring,
 579                                  struct eb_objects *eb,
 580                                  struct drm_i915_gem_exec_object2 *exec)
 581{
 582        struct drm_i915_gem_relocation_entry *reloc;
 583        struct drm_i915_gem_object *obj;
 584        bool need_relocs;
 585        int *reloc_offset;
 586        int i, total, ret;
 587        int count = args->buffer_count;
 588
 589        /* We may process another execbuffer during the unlock... */
 590        while (!list_empty(&eb->objects)) {
 591                obj = list_first_entry(&eb->objects,
 592                                       struct drm_i915_gem_object,
 593                                       exec_list);
 594                list_del_init(&obj->exec_list);
 595                drm_gem_object_unreference(&obj->base);
 596        }
 597
 598        mutex_unlock(&dev->struct_mutex);
 599
 600        total = 0;
 601        for (i = 0; i < count; i++)
 602                total += exec[i].relocation_count;
 603
 604        reloc_offset = drm_malloc_ab(count, sizeof(*reloc_offset));
 605        reloc = drm_malloc_ab(total, sizeof(*reloc));
 606        if (reloc == NULL || reloc_offset == NULL) {
 607                drm_free_large(reloc);
 608                drm_free_large(reloc_offset);
 609                mutex_lock(&dev->struct_mutex);
 610                return -ENOMEM;
 611        }
 612
 613        total = 0;
 614        for (i = 0; i < count; i++) {
 615                struct drm_i915_gem_relocation_entry __user *user_relocs;
 616                u64 invalid_offset = (u64)-1;
 617                int j;
 618
 619                user_relocs = to_user_ptr(exec[i].relocs_ptr);
 620
 621                if (copy_from_user(reloc+total, user_relocs,
 622                                   exec[i].relocation_count * sizeof(*reloc))) {
 623                        ret = -EFAULT;
 624                        mutex_lock(&dev->struct_mutex);
 625                        goto err;
 626                }
 627
 628                /* As we do not update the known relocation offsets after
 629                 * relocating (due to the complexities in lock handling),
 630                 * we need to mark them as invalid now so that we force the
 631                 * relocation processing next time. Just in case the target
 632                 * object is evicted and then rebound into its old
 633                 * presumed_offset before the next execbuffer - if that
 634                 * happened we would make the mistake of assuming that the
 635                 * relocations were valid.
 636                 */
 637                for (j = 0; j < exec[i].relocation_count; j++) {
 638                        if (copy_to_user(&user_relocs[j].presumed_offset,
 639                                         &invalid_offset,
 640                                         sizeof(invalid_offset))) {
 641                                ret = -EFAULT;
 642                                mutex_lock(&dev->struct_mutex);
 643                                goto err;
 644                        }
 645                }
 646
 647                reloc_offset[i] = total;
 648                total += exec[i].relocation_count;
 649        }
 650
 651        ret = i915_mutex_lock_interruptible(dev);
 652        if (ret) {
 653                mutex_lock(&dev->struct_mutex);
 654                goto err;
 655        }
 656
 657        /* reacquire the objects */
 658        eb_reset(eb);
 659        ret = eb_lookup_objects(eb, exec, args, file);
 660        if (ret)
 661                goto err;
 662
 663        need_relocs = (args->flags & I915_EXEC_NO_RELOC) == 0;
 664        ret = i915_gem_execbuffer_reserve(ring, &eb->objects, &need_relocs);
 665        if (ret)
 666                goto err;
 667
 668        list_for_each_entry(obj, &eb->objects, exec_list) {
 669                int offset = obj->exec_entry - exec;
 670                ret = i915_gem_execbuffer_relocate_object_slow(obj, eb,
 671                                                               reloc + reloc_offset[offset]);
 672                if (ret)
 673                        goto err;
 674        }
 675
 676        /* Leave the user relocations as are, this is the painfully slow path,
 677         * and we want to avoid the complication of dropping the lock whilst
 678         * having buffers reserved in the aperture and so causing spurious
 679         * ENOSPC for random operations.
 680         */
 681
 682err:
 683        drm_free_large(reloc);
 684        drm_free_large(reloc_offset);
 685        return ret;
 686}
 687
 688static int
 689i915_gem_execbuffer_move_to_gpu(struct intel_ring_buffer *ring,
 690                                struct list_head *objects)
 691{
 692        struct drm_i915_gem_object *obj;
 693        uint32_t flush_domains = 0;
 694        int ret;
 695
 696        list_for_each_entry(obj, objects, exec_list) {
 697                ret = i915_gem_object_sync(obj, ring);
 698                if (ret)
 699                        return ret;
 700
 701                if (obj->base.write_domain & I915_GEM_DOMAIN_CPU)
 702                        i915_gem_clflush_object(obj);
 703
 704                flush_domains |= obj->base.write_domain;
 705        }
 706
 707        if (flush_domains & I915_GEM_DOMAIN_CPU)
 708                i915_gem_chipset_flush(ring->dev);
 709
 710        if (flush_domains & I915_GEM_DOMAIN_GTT)
 711                wmb();
 712
 713        /* Unconditionally invalidate gpu caches and ensure that we do flush
 714         * any residual writes from the previous batch.
 715         */
 716        return intel_ring_invalidate_all_caches(ring);
 717}
 718
 719static bool
 720i915_gem_check_execbuffer(struct drm_i915_gem_execbuffer2 *exec)
 721{
 722        if (exec->flags & __I915_EXEC_UNKNOWN_FLAGS)
 723                return false;
 724
 725        return ((exec->batch_start_offset | exec->batch_len) & 0x7) == 0;
 726}
 727
 728static int
 729validate_exec_list(struct drm_i915_gem_exec_object2 *exec,
 730                   int count)
 731{
 732        int i;
 733        int relocs_total = 0;
 734        int relocs_max = INT_MAX / sizeof(struct drm_i915_gem_relocation_entry);
 735
 736        for (i = 0; i < count; i++) {
 737                char __user *ptr = to_user_ptr(exec[i].relocs_ptr);
 738                int length; /* limited by fault_in_pages_readable() */
 739
 740                if (exec[i].flags & __EXEC_OBJECT_UNKNOWN_FLAGS)
 741                        return -EINVAL;
 742
 743                /* First check for malicious input causing overflow in
 744                 * the worst case where we need to allocate the entire
 745                 * relocation tree as a single array.
 746                 */
 747                if (exec[i].relocation_count > relocs_max - relocs_total)
 748                        return -EINVAL;
 749                relocs_total += exec[i].relocation_count;
 750
 751                length = exec[i].relocation_count *
 752                        sizeof(struct drm_i915_gem_relocation_entry);
 753                /*
 754                 * We must check that the entire relocation array is safe
 755                 * to read, but since we may need to update the presumed
 756                 * offsets during execution, check for full write access.
 757                 */
 758                if (!access_ok(VERIFY_WRITE, ptr, length))
 759                        return -EFAULT;
 760
 761                if (fault_in_multipages_readable(ptr, length))
 762                        return -EFAULT;
 763        }
 764
 765        return 0;
 766}
 767
 768static void
 769i915_gem_execbuffer_move_to_active(struct list_head *objects,
 770                                   struct intel_ring_buffer *ring)
 771{
 772        struct drm_i915_gem_object *obj;
 773
 774        list_for_each_entry(obj, objects, exec_list) {
 775                u32 old_read = obj->base.read_domains;
 776                u32 old_write = obj->base.write_domain;
 777
 778                obj->base.write_domain = obj->base.pending_write_domain;
 779                if (obj->base.write_domain == 0)
 780                        obj->base.pending_read_domains |= obj->base.read_domains;
 781                obj->base.read_domains = obj->base.pending_read_domains;
 782                obj->fenced_gpu_access = obj->pending_fenced_gpu_access;
 783
 784                i915_gem_object_move_to_active(obj, ring);
 785                if (obj->base.write_domain) {
 786                        obj->dirty = 1;
 787                        obj->last_write_seqno = intel_ring_get_seqno(ring);
 788                        if (obj->pin_count) /* check for potential scanout */
 789                                intel_mark_fb_busy(obj);
 790                }
 791
 792                trace_i915_gem_object_change_domain(obj, old_read, old_write);
 793        }
 794}
 795
 796static void
 797i915_gem_execbuffer_retire_commands(struct drm_device *dev,
 798                                    struct drm_file *file,
 799                                    struct intel_ring_buffer *ring)
 800{
 801        /* Unconditionally force add_request to emit a full flush. */
 802        ring->gpu_caches_dirty = true;
 803
 804        /* Add a breadcrumb for the completion of the batch buffer */
 805        (void)i915_add_request(ring, file, NULL);
 806}
 807
 808static int
 809i915_reset_gen7_sol_offsets(struct drm_device *dev,
 810                            struct intel_ring_buffer *ring)
 811{
 812        drm_i915_private_t *dev_priv = dev->dev_private;
 813        int ret, i;
 814
 815        if (!IS_GEN7(dev) || ring != &dev_priv->ring[RCS])
 816                return 0;
 817
 818        ret = intel_ring_begin(ring, 4 * 3);
 819        if (ret)
 820                return ret;
 821
 822        for (i = 0; i < 4; i++) {
 823                intel_ring_emit(ring, MI_LOAD_REGISTER_IMM(1));
 824                intel_ring_emit(ring, GEN7_SO_WRITE_OFFSET(i));
 825                intel_ring_emit(ring, 0);
 826        }
 827
 828        intel_ring_advance(ring);
 829
 830        return 0;
 831}
 832
 833static int
 834i915_gem_do_execbuffer(struct drm_device *dev, void *data,
 835                       struct drm_file *file,
 836                       struct drm_i915_gem_execbuffer2 *args,
 837                       struct drm_i915_gem_exec_object2 *exec)
 838{
 839        drm_i915_private_t *dev_priv = dev->dev_private;
 840        struct eb_objects *eb;
 841        struct drm_i915_gem_object *batch_obj;
 842        struct drm_clip_rect *cliprects = NULL;
 843        struct intel_ring_buffer *ring;
 844        u32 ctx_id = i915_execbuffer2_get_context_id(*args);
 845        u32 exec_start, exec_len;
 846        u32 mask, flags;
 847        int ret, mode, i;
 848        bool need_relocs;
 849
 850        if (!i915_gem_check_execbuffer(args))
 851                return -EINVAL;
 852
 853        ret = validate_exec_list(exec, args->buffer_count);
 854        if (ret)
 855                return ret;
 856
 857        flags = 0;
 858        if (args->flags & I915_EXEC_SECURE) {
 859                if (!file->is_master || !capable(CAP_SYS_ADMIN))
 860                    return -EPERM;
 861
 862                flags |= I915_DISPATCH_SECURE;
 863        }
 864        if (args->flags & I915_EXEC_IS_PINNED)
 865                flags |= I915_DISPATCH_PINNED;
 866
 867        switch (args->flags & I915_EXEC_RING_MASK) {
 868        case I915_EXEC_DEFAULT:
 869        case I915_EXEC_RENDER:
 870                ring = &dev_priv->ring[RCS];
 871                break;
 872        case I915_EXEC_BSD:
 873                ring = &dev_priv->ring[VCS];
 874                if (ctx_id != 0) {
 875                        DRM_DEBUG("Ring %s doesn't support contexts\n",
 876                                  ring->name);
 877                        return -EPERM;
 878                }
 879                break;
 880        case I915_EXEC_BLT:
 881                ring = &dev_priv->ring[BCS];
 882                if (ctx_id != 0) {
 883                        DRM_DEBUG("Ring %s doesn't support contexts\n",
 884                                  ring->name);
 885                        return -EPERM;
 886                }
 887                break;
 888        default:
 889                DRM_DEBUG("execbuf with unknown ring: %d\n",
 890                          (int)(args->flags & I915_EXEC_RING_MASK));
 891                return -EINVAL;
 892        }
 893        if (!intel_ring_initialized(ring)) {
 894                DRM_DEBUG("execbuf with invalid ring: %d\n",
 895                          (int)(args->flags & I915_EXEC_RING_MASK));
 896                return -EINVAL;
 897        }
 898
 899        mode = args->flags & I915_EXEC_CONSTANTS_MASK;
 900        mask = I915_EXEC_CONSTANTS_MASK;
 901        switch (mode) {
 902        case I915_EXEC_CONSTANTS_REL_GENERAL:
 903        case I915_EXEC_CONSTANTS_ABSOLUTE:
 904        case I915_EXEC_CONSTANTS_REL_SURFACE:
 905                if (ring == &dev_priv->ring[RCS] &&
 906                    mode != dev_priv->relative_constants_mode) {
 907                        if (INTEL_INFO(dev)->gen < 4)
 908                                return -EINVAL;
 909
 910                        if (INTEL_INFO(dev)->gen > 5 &&
 911                            mode == I915_EXEC_CONSTANTS_REL_SURFACE)
 912                                return -EINVAL;
 913
 914                        /* The HW changed the meaning on this bit on gen6 */
 915                        if (INTEL_INFO(dev)->gen >= 6)
 916                                mask &= ~I915_EXEC_CONSTANTS_REL_SURFACE;
 917                }
 918                break;
 919        default:
 920                DRM_DEBUG("execbuf with unknown constants: %d\n", mode);
 921                return -EINVAL;
 922        }
 923
 924        if (args->buffer_count < 1) {
 925                DRM_DEBUG("execbuf with %d buffers\n", args->buffer_count);
 926                return -EINVAL;
 927        }
 928
 929        if (args->num_cliprects != 0) {
 930                if (ring != &dev_priv->ring[RCS]) {
 931                        DRM_DEBUG("clip rectangles are only valid with the render ring\n");
 932                        return -EINVAL;
 933                }
 934
 935                if (INTEL_INFO(dev)->gen >= 5) {
 936                        DRM_DEBUG("clip rectangles are only valid on pre-gen5\n");
 937                        return -EINVAL;
 938                }
 939
 940                if (args->num_cliprects > UINT_MAX / sizeof(*cliprects)) {
 941                        DRM_DEBUG("execbuf with %u cliprects\n",
 942                                  args->num_cliprects);
 943                        return -EINVAL;
 944                }
 945
 946                cliprects = kmalloc(args->num_cliprects * sizeof(*cliprects),
 947                                    GFP_KERNEL);
 948                if (cliprects == NULL) {
 949                        ret = -ENOMEM;
 950                        goto pre_mutex_err;
 951                }
 952
 953                if (copy_from_user(cliprects,
 954                                   to_user_ptr(args->cliprects_ptr),
 955                                   sizeof(*cliprects)*args->num_cliprects)) {
 956                        ret = -EFAULT;
 957                        goto pre_mutex_err;
 958                }
 959        }
 960
 961        ret = i915_mutex_lock_interruptible(dev);
 962        if (ret)
 963                goto pre_mutex_err;
 964
 965        if (dev_priv->mm.suspended) {
 966                mutex_unlock(&dev->struct_mutex);
 967                ret = -EBUSY;
 968                goto pre_mutex_err;
 969        }
 970
 971        eb = eb_create(args);
 972        if (eb == NULL) {
 973                mutex_unlock(&dev->struct_mutex);
 974                ret = -ENOMEM;
 975                goto pre_mutex_err;
 976        }
 977
 978        /* Look up object handles */
 979        ret = eb_lookup_objects(eb, exec, args, file);
 980        if (ret)
 981                goto err;
 982
 983        /* take note of the batch buffer before we might reorder the lists */
 984        batch_obj = list_entry(eb->objects.prev,
 985                               struct drm_i915_gem_object,
 986                               exec_list);
 987
 988        /* Move the objects en-masse into the GTT, evicting if necessary. */
 989        need_relocs = (args->flags & I915_EXEC_NO_RELOC) == 0;
 990        ret = i915_gem_execbuffer_reserve(ring, &eb->objects, &need_relocs);
 991        if (ret)
 992                goto err;
 993
 994        /* The objects are in their final locations, apply the relocations. */
 995        if (need_relocs)
 996                ret = i915_gem_execbuffer_relocate(eb);
 997        if (ret) {
 998                if (ret == -EFAULT) {
 999                        ret = i915_gem_execbuffer_relocate_slow(dev, args, file, ring,
1000                                                                eb, exec);
1001                        BUG_ON(!mutex_is_locked(&dev->struct_mutex));
1002                }
1003                if (ret)
1004                        goto err;
1005        }
1006
1007        /* Set the pending read domains for the batch buffer to COMMAND */
1008        if (batch_obj->base.pending_write_domain) {
1009                DRM_DEBUG("Attempting to use self-modifying batch buffer\n");
1010                ret = -EINVAL;
1011                goto err;
1012        }
1013        batch_obj->base.pending_read_domains |= I915_GEM_DOMAIN_COMMAND;
1014
1015        /* snb/ivb/vlv conflate the "batch in ppgtt" bit with the "non-secure
1016         * batch" bit. Hence we need to pin secure batches into the global gtt.
1017         * hsw should have this fixed, but let's be paranoid and do it
1018         * unconditionally for now. */
1019        if (flags & I915_DISPATCH_SECURE && !batch_obj->has_global_gtt_mapping)
1020                i915_gem_gtt_bind_object(batch_obj, batch_obj->cache_level);
1021
1022        ret = i915_gem_execbuffer_move_to_gpu(ring, &eb->objects);
1023        if (ret)
1024                goto err;
1025
1026        ret = i915_switch_context(ring, file, ctx_id);
1027        if (ret)
1028                goto err;
1029
1030        if (ring == &dev_priv->ring[RCS] &&
1031            mode != dev_priv->relative_constants_mode) {
1032                ret = intel_ring_begin(ring, 4);
1033                if (ret)
1034                                goto err;
1035
1036                intel_ring_emit(ring, MI_NOOP);
1037                intel_ring_emit(ring, MI_LOAD_REGISTER_IMM(1));
1038                intel_ring_emit(ring, INSTPM);
1039                intel_ring_emit(ring, mask << 16 | mode);
1040                intel_ring_advance(ring);
1041
1042                dev_priv->relative_constants_mode = mode;
1043        }
1044
1045        if (args->flags & I915_EXEC_GEN7_SOL_RESET) {
1046                ret = i915_reset_gen7_sol_offsets(dev, ring);
1047                if (ret)
1048                        goto err;
1049        }
1050
1051        exec_start = batch_obj->gtt_offset + args->batch_start_offset;
1052        exec_len = args->batch_len;
1053        if (cliprects) {
1054                for (i = 0; i < args->num_cliprects; i++) {
1055                        ret = i915_emit_box(dev, &cliprects[i],
1056                                            args->DR1, args->DR4);
1057                        if (ret)
1058                                goto err;
1059
1060                        ret = ring->dispatch_execbuffer(ring,
1061                                                        exec_start, exec_len,
1062                                                        flags);
1063                        if (ret)
1064                                goto err;
1065                }
1066        } else {
1067                ret = ring->dispatch_execbuffer(ring,
1068                                                exec_start, exec_len,
1069                                                flags);
1070                if (ret)
1071                        goto err;
1072        }
1073
1074        trace_i915_gem_ring_dispatch(ring, intel_ring_get_seqno(ring), flags);
1075
1076        i915_gem_execbuffer_move_to_active(&eb->objects, ring);
1077        i915_gem_execbuffer_retire_commands(dev, file, ring);
1078
1079err:
1080        eb_destroy(eb);
1081
1082        mutex_unlock(&dev->struct_mutex);
1083
1084pre_mutex_err:
1085        kfree(cliprects);
1086        return ret;
1087}
1088
1089/*
1090 * Legacy execbuffer just creates an exec2 list from the original exec object
1091 * list array and passes it to the real function.
1092 */
1093int
1094i915_gem_execbuffer(struct drm_device *dev, void *data,
1095                    struct drm_file *file)
1096{
1097        struct drm_i915_gem_execbuffer *args = data;
1098        struct drm_i915_gem_execbuffer2 exec2;
1099        struct drm_i915_gem_exec_object *exec_list = NULL;
1100        struct drm_i915_gem_exec_object2 *exec2_list = NULL;
1101        int ret, i;
1102
1103        if (args->buffer_count < 1) {
1104                DRM_DEBUG("execbuf with %d buffers\n", args->buffer_count);
1105                return -EINVAL;
1106        }
1107
1108        /* Copy in the exec list from userland */
1109        exec_list = drm_malloc_ab(sizeof(*exec_list), args->buffer_count);
1110        exec2_list = drm_malloc_ab(sizeof(*exec2_list), args->buffer_count);
1111        if (exec_list == NULL || exec2_list == NULL) {
1112                DRM_DEBUG("Failed to allocate exec list for %d buffers\n",
1113                          args->buffer_count);
1114                drm_free_large(exec_list);
1115                drm_free_large(exec2_list);
1116                return -ENOMEM;
1117        }
1118        ret = copy_from_user(exec_list,
1119                             to_user_ptr(args->buffers_ptr),
1120                             sizeof(*exec_list) * args->buffer_count);
1121        if (ret != 0) {
1122                DRM_DEBUG("copy %d exec entries failed %d\n",
1123                          args->buffer_count, ret);
1124                drm_free_large(exec_list);
1125                drm_free_large(exec2_list);
1126                return -EFAULT;
1127        }
1128
1129        for (i = 0; i < args->buffer_count; i++) {
1130                exec2_list[i].handle = exec_list[i].handle;
1131                exec2_list[i].relocation_count = exec_list[i].relocation_count;
1132                exec2_list[i].relocs_ptr = exec_list[i].relocs_ptr;
1133                exec2_list[i].alignment = exec_list[i].alignment;
1134                exec2_list[i].offset = exec_list[i].offset;
1135                if (INTEL_INFO(dev)->gen < 4)
1136                        exec2_list[i].flags = EXEC_OBJECT_NEEDS_FENCE;
1137                else
1138                        exec2_list[i].flags = 0;
1139        }
1140
1141        exec2.buffers_ptr = args->buffers_ptr;
1142        exec2.buffer_count = args->buffer_count;
1143        exec2.batch_start_offset = args->batch_start_offset;
1144        exec2.batch_len = args->batch_len;
1145        exec2.DR1 = args->DR1;
1146        exec2.DR4 = args->DR4;
1147        exec2.num_cliprects = args->num_cliprects;
1148        exec2.cliprects_ptr = args->cliprects_ptr;
1149        exec2.flags = I915_EXEC_RENDER;
1150        i915_execbuffer2_set_context_id(exec2, 0);
1151
1152        ret = i915_gem_do_execbuffer(dev, data, file, &exec2, exec2_list);
1153        if (!ret) {
1154                /* Copy the new buffer offsets back to the user's exec list. */
1155                for (i = 0; i < args->buffer_count; i++)
1156                        exec_list[i].offset = exec2_list[i].offset;
1157                /* ... and back out to userspace */
1158                ret = copy_to_user(to_user_ptr(args->buffers_ptr),
1159                                   exec_list,
1160                                   sizeof(*exec_list) * args->buffer_count);
1161                if (ret) {
1162                        ret = -EFAULT;
1163                        DRM_DEBUG("failed to copy %d exec entries "
1164                                  "back to user (%d)\n",
1165                                  args->buffer_count, ret);
1166                }
1167        }
1168
1169        drm_free_large(exec_list);
1170        drm_free_large(exec2_list);
1171        return ret;
1172}
1173
1174int
1175i915_gem_execbuffer2(struct drm_device *dev, void *data,
1176                     struct drm_file *file)
1177{
1178        struct drm_i915_gem_execbuffer2 *args = data;
1179        struct drm_i915_gem_exec_object2 *exec2_list = NULL;
1180        int ret;
1181
1182        if (args->buffer_count < 1 ||
1183            args->buffer_count > UINT_MAX / sizeof(*exec2_list)) {
1184                DRM_DEBUG("execbuf2 with %d buffers\n", args->buffer_count);
1185                return -EINVAL;
1186        }
1187
1188        exec2_list = kmalloc(sizeof(*exec2_list)*args->buffer_count,
1189                             GFP_TEMPORARY | __GFP_NOWARN | __GFP_NORETRY);
1190        if (exec2_list == NULL)
1191                exec2_list = drm_malloc_ab(sizeof(*exec2_list),
1192                                           args->buffer_count);
1193        if (exec2_list == NULL) {
1194                DRM_DEBUG("Failed to allocate exec list for %d buffers\n",
1195                          args->buffer_count);
1196                return -ENOMEM;
1197        }
1198        ret = copy_from_user(exec2_list,
1199                             to_user_ptr(args->buffers_ptr),
1200                             sizeof(*exec2_list) * args->buffer_count);
1201        if (ret != 0) {
1202                DRM_DEBUG("copy %d exec entries failed %d\n",
1203                          args->buffer_count, ret);
1204                drm_free_large(exec2_list);
1205                return -EFAULT;
1206        }
1207
1208        ret = i915_gem_do_execbuffer(dev, data, file, args, exec2_list);
1209        if (!ret) {
1210                /* Copy the new buffer offsets back to the user's exec list. */
1211                ret = copy_to_user(to_user_ptr(args->buffers_ptr),
1212                                   exec2_list,
1213                                   sizeof(*exec2_list) * args->buffer_count);
1214                if (ret) {
1215                        ret = -EFAULT;
1216                        DRM_DEBUG("failed to copy %d exec entries "
1217                                  "back to user (%d)\n",
1218                                  args->buffer_count, ret);
1219                }
1220        }
1221
1222        drm_free_large(exec2_list);
1223        return ret;
1224}
1225