LXR linux/drivers/gpu/drm/i915/i915_gem

   1/*
   2 * Copyright © 2008,2010 Intel Corporation
   3 *
   4 * Permission is hereby granted, free of charge, to any person obtaining a
   5 * copy of this software and associated documentation files (the "Software"),
   6 * to deal in the Software without restriction, including without limitation
   7 * the rights to use, copy, modify, merge, publish, distribute, sublicense,
   8 * and/or sell copies of the Software, and to permit persons to whom the
   9 * Software is furnished to do so, subject to the following conditions:
  10 *
  11 * The above copyright notice and this permission notice (including the next
  12 * paragraph) shall be included in all copies or substantial portions of the
  13 * Software.
  14 *
  15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  16 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  17 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL
  18 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
  19 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
  20 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
  21 * IN THE SOFTWARE.
  22 *
  23 * Authors:
  24 *    Eric Anholt <eric@anholt.net>
  25 *    Chris Wilson <chris@chris-wilson.co.uk>
  26 *
  27 */
  28
  29#include <drm/drmP.h>
  30#include <drm/i915_drm.h>
  31#include "i915_drv.h"
  32#include "i915_trace.h"
  33#include "intel_drv.h"
  34#include <linux/dma_remapping.h>
  35#include <linux/uaccess.h>
  36
  37#define  __EXEC_OBJECT_HAS_PIN (1<<31)
  38#define  __EXEC_OBJECT_HAS_FENCE (1<<30)
  39#define  __EXEC_OBJECT_NEEDS_MAP (1<<29)
  40#define  __EXEC_OBJECT_NEEDS_BIAS (1<<28)
  41
  42#define BATCH_OFFSET_BIAS (256*1024)
  43
  44struct eb_vmas {
  45        struct list_head vmas;
  46        int and;
  47        union {
  48                struct i915_vma *lut[0];
  49                struct hlist_head buckets[0];
  50        };
  51};
  52
  53static struct eb_vmas *
  54eb_create(struct drm_i915_gem_execbuffer2 *args)
  55{
  56        struct eb_vmas *eb = NULL;
  57
  58        if (args->flags & I915_EXEC_HANDLE_LUT) {
  59                unsigned size = args->buffer_count;
  60                size *= sizeof(struct i915_vma *);
  61                size += sizeof(struct eb_vmas);
  62                eb = kmalloc(size, GFP_TEMPORARY | __GFP_NOWARN | __GFP_NORETRY);
  63        }
  64
  65        if (eb == NULL) {
  66                unsigned size = args->buffer_count;
  67                unsigned count = PAGE_SIZE / sizeof(struct hlist_head) / 2;
  68                BUILD_BUG_ON_NOT_POWER_OF_2(PAGE_SIZE / sizeof(struct hlist_head));
  69                while (count > 2*size)
  70                        count >>= 1;
  71                eb = kzalloc(count*sizeof(struct hlist_head) +
  72                             sizeof(struct eb_vmas),
  73                             GFP_TEMPORARY);
  74                if (eb == NULL)
  75                        return eb;
  76
  77                eb->and = count - 1;
  78        } else
  79                eb->and = -args->buffer_count;
  80
  81        INIT_LIST_HEAD(&eb->vmas);
  82        return eb;
  83}
  84
  85static void
  86eb_reset(struct eb_vmas *eb)
  87{
  88        if (eb->and >= 0)
  89                memset(eb->buckets, 0, (eb->and+1)*sizeof(struct hlist_head));
  90}
  91
  92static int
  93eb_lookup_vmas(struct eb_vmas *eb,
  94               struct drm_i915_gem_exec_object2 *exec,
  95               const struct drm_i915_gem_execbuffer2 *args,
  96               struct i915_address_space *vm,
  97               struct drm_file *file)
  98{
  99        struct drm_i915_gem_object *obj;
 100        struct list_head objects;
 101        int i, ret;
 102
 103        INIT_LIST_HEAD(&objects);
 104        spin_lock(&file->table_lock);
 105        /* Grab a reference to the object and release the lock so we can lookup
 106         * or create the VMA without using GFP_ATOMIC */
 107        for (i = 0; i < args->buffer_count; i++) {
 108                obj = to_intel_bo(idr_find(&file->object_idr, exec[i].handle));
 109                if (obj == NULL) {
 110                        spin_unlock(&file->table_lock);
 111                        DRM_DEBUG("Invalid object handle %d at index %d\n",
 112                                   exec[i].handle, i);
 113                        ret = -ENOENT;
 114                        goto err;
 115                }
 116
 117                if (!list_empty(&obj->obj_exec_link)) {
 118                        spin_unlock(&file->table_lock);
 119                        DRM_DEBUG("Object %p [handle %d, index %d] appears more than once in object list\n",
 120                                   obj, exec[i].handle, i);
 121                        ret = -EINVAL;
 122                        goto err;
 123                }
 124
 125                drm_gem_object_reference(&obj->base);
 126                list_add_tail(&obj->obj_exec_link, &objects);
 127        }
 128        spin_unlock(&file->table_lock);
 129
 130        i = 0;
 131        while (!list_empty(&objects)) {
 132                struct i915_vma *vma;
 133
 134                obj = list_first_entry(&objects,
 135                                       struct drm_i915_gem_object,
 136                                       obj_exec_link);
 137
 138                /*
 139                 * NOTE: We can leak any vmas created here when something fails
 140                 * later on. But that's no issue since vma_unbind can deal with
 141                 * vmas which are not actually bound. And since only
 142                 * lookup_or_create exists as an interface to get at the vma
 143                 * from the (obj, vm) we don't run the risk of creating
 144                 * duplicated vmas for the same vm.
 145                 */
 146                vma = i915_gem_obj_lookup_or_create_vma(obj, vm);
 147                if (IS_ERR(vma)) {
 148                        DRM_DEBUG("Failed to lookup VMA\n");
 149                        ret = PTR_ERR(vma);
 150                        goto err;
 151                }
 152
 153                /* Transfer ownership from the objects list to the vmas list. */
 154                list_add_tail(&vma->exec_list, &eb->vmas);
 155                list_del_init(&obj->obj_exec_link);
 156
 157                vma->exec_entry = &exec[i];
 158                if (eb->and < 0) {
 159                        eb->lut[i] = vma;
 160                } else {
 161                        uint32_t handle = args->flags & I915_EXEC_HANDLE_LUT ? i : exec[i].handle;
 162                        vma->exec_handle = handle;
 163                        hlist_add_head(&vma->exec_node,
 164                                       &eb->buckets[handle & eb->and]);
 165                }
 166                ++i;
 167        }
 168
 169        return 0;
 170
 171
 172err:
 173        while (!list_empty(&objects)) {
 174                obj = list_first_entry(&objects,
 175                                       struct drm_i915_gem_object,
 176                                       obj_exec_link);
 177                list_del_init(&obj->obj_exec_link);
 178                drm_gem_object_unreference(&obj->base);
 179        }
 180        /*
 181         * Objects already transfered to the vmas list will be unreferenced by
 182         * eb_destroy.
 183         */
 184
 185        return ret;
 186}
 187
 188static struct i915_vma *eb_get_vma(struct eb_vmas *eb, unsigned long handle)
 189{
 190        if (eb->and < 0) {
 191                if (handle >= -eb->and)
 192                        return NULL;
 193                return eb->lut[handle];
 194        } else {
 195                struct hlist_head *head;
 196                struct i915_vma *vma;
 197
 198                head = &eb->buckets[handle & eb->and];
 199                hlist_for_each_entry(vma, head, exec_node) {
 200                        if (vma->exec_handle == handle)
 201                                return vma;
 202                }
 203                return NULL;
 204        }
 205}
 206
 207static void
 208i915_gem_execbuffer_unreserve_vma(struct i915_vma *vma)
 209{
 210        struct drm_i915_gem_exec_object2 *entry;
 211        struct drm_i915_gem_object *obj = vma->obj;
 212
 213        if (!drm_mm_node_allocated(&vma->node))
 214                return;
 215
 216        entry = vma->exec_entry;
 217
 218        if (entry->flags & __EXEC_OBJECT_HAS_FENCE)
 219                i915_gem_object_unpin_fence(obj);
 220
 221        if (entry->flags & __EXEC_OBJECT_HAS_PIN)
 222                vma->pin_count--;
 223
 224        entry->flags &= ~(__EXEC_OBJECT_HAS_FENCE | __EXEC_OBJECT_HAS_PIN);
 225}
 226
 227static void eb_destroy(struct eb_vmas *eb)
 228{
 229        while (!list_empty(&eb->vmas)) {
 230                struct i915_vma *vma;
 231
 232                vma = list_first_entry(&eb->vmas,
 233                                       struct i915_vma,
 234                                       exec_list);
 235                list_del_init(&vma->exec_list);
 236                i915_gem_execbuffer_unreserve_vma(vma);
 237                drm_gem_object_unreference(&vma->obj->base);
 238        }
 239        kfree(eb);
 240}
 241
 242static inline int use_cpu_reloc(struct drm_i915_gem_object *obj)
 243{
 244        return (HAS_LLC(obj->base.dev) ||
 245                obj->base.write_domain == I915_GEM_DOMAIN_CPU ||
 246                obj->cache_level != I915_CACHE_NONE);
 247}
 248
 249/* Used to convert any address to canonical form.
 250 * Starting from gen8, some commands (e.g. STATE_BASE_ADDRESS,
 251 * MI_LOAD_REGISTER_MEM and others, see Broadwell PRM Vol2a) require the
 252 * addresses to be in a canonical form:
 253 * "GraphicsAddress[63:48] are ignored by the HW and assumed to be in correct
 254 * canonical form [63:48] == [47]."
 255 */
 256#define GEN8_HIGH_ADDRESS_BIT 47
 257static inline uint64_t gen8_canonical_addr(uint64_t address)
 258{
 259        return sign_extend64(address, GEN8_HIGH_ADDRESS_BIT);
 260}
 261
 262static inline uint64_t gen8_noncanonical_addr(uint64_t address)
 263{
 264        return address & ((1ULL << (GEN8_HIGH_ADDRESS_BIT + 1)) - 1);
 265}
 266
 267static inline uint64_t
 268relocation_target(struct drm_i915_gem_relocation_entry *reloc,
 269                  uint64_t target_offset)
 270{
 271        return gen8_canonical_addr((int)reloc->delta + target_offset);
 272}
 273
 274static int
 275relocate_entry_cpu(struct drm_i915_gem_object *obj,
 276                   struct drm_i915_gem_relocation_entry *reloc,
 277                   uint64_t target_offset)
 278{
 279        struct drm_device *dev = obj->base.dev;
 280        uint32_t page_offset = offset_in_page(reloc->offset);
 281        uint64_t delta = relocation_target(reloc, target_offset);
 282        char *vaddr;
 283        int ret;
 284
 285        ret = i915_gem_object_set_to_cpu_domain(obj, true);
 286        if (ret)
 287                return ret;
 288
 289        vaddr = kmap_atomic(i915_gem_object_get_dirty_page(obj,
 290                                reloc->offset >> PAGE_SHIFT));
 291        *(uint32_t *)(vaddr + page_offset) = lower_32_bits(delta);
 292
 293        if (INTEL_INFO(dev)->gen >= 8) {
 294                page_offset = offset_in_page(page_offset + sizeof(uint32_t));
 295
 296                if (page_offset == 0) {
 297                        kunmap_atomic(vaddr);
 298                        vaddr = kmap_atomic(i915_gem_object_get_dirty_page(obj,
 299                            (reloc->offset + sizeof(uint32_t)) >> PAGE_SHIFT));
 300                }
 301
 302                *(uint32_t *)(vaddr + page_offset) = upper_32_bits(delta);
 303        }
 304
 305        kunmap_atomic(vaddr);
 306
 307        return 0;
 308}
 309
 310static int
 311relocate_entry_gtt(struct drm_i915_gem_object *obj,
 312                   struct drm_i915_gem_relocation_entry *reloc,
 313                   uint64_t target_offset)
 314{
 315        struct drm_device *dev = obj->base.dev;
 316        struct drm_i915_private *dev_priv = to_i915(dev);
 317        struct i915_ggtt *ggtt = &dev_priv->ggtt;
 318        uint64_t delta = relocation_target(reloc, target_offset);
 319        uint64_t offset;
 320        void __iomem *reloc_page;
 321        int ret;
 322
 323        ret = i915_gem_object_set_to_gtt_domain(obj, true);
 324        if (ret)
 325                return ret;
 326
 327        ret = i915_gem_object_put_fence(obj);
 328        if (ret)
 329                return ret;
 330
 331        /* Map the page containing the relocation we're going to perform.  */
 332        offset = i915_gem_obj_ggtt_offset(obj);
 333        offset += reloc->offset;
 334        reloc_page = io_mapping_map_atomic_wc(ggtt->mappable,
 335                                              offset & PAGE_MASK);
 336        iowrite32(lower_32_bits(delta), reloc_page + offset_in_page(offset));
 337
 338        if (INTEL_INFO(dev)->gen >= 8) {
 339                offset += sizeof(uint32_t);
 340
 341                if (offset_in_page(offset) == 0) {
 342                        io_mapping_unmap_atomic(reloc_page);
 343                        reloc_page =
 344                                io_mapping_map_atomic_wc(ggtt->mappable,
 345                                                         offset);
 346                }
 347
 348                iowrite32(upper_32_bits(delta),
 349                          reloc_page + offset_in_page(offset));
 350        }
 351
 352        io_mapping_unmap_atomic(reloc_page);
 353
 354        return 0;
 355}
 356
 357static void
 358clflush_write32(void *addr, uint32_t value)
 359{
 360        /* This is not a fast path, so KISS. */
 361        drm_clflush_virt_range(addr, sizeof(uint32_t));
 362        *(uint32_t *)addr = value;
 363        drm_clflush_virt_range(addr, sizeof(uint32_t));
 364}
 365
 366static int
 367relocate_entry_clflush(struct drm_i915_gem_object *obj,
 368                       struct drm_i915_gem_relocation_entry *reloc,
 369                       uint64_t target_offset)
 370{
 371        struct drm_device *dev = obj->base.dev;
 372        uint32_t page_offset = offset_in_page(reloc->offset);
 373        uint64_t delta = relocation_target(reloc, target_offset);
 374        char *vaddr;
 375        int ret;
 376
 377        ret = i915_gem_object_set_to_gtt_domain(obj, true);
 378        if (ret)
 379                return ret;
 380
 381        vaddr = kmap_atomic(i915_gem_object_get_dirty_page(obj,
 382                                reloc->offset >> PAGE_SHIFT));
 383        clflush_write32(vaddr + page_offset, lower_32_bits(delta));
 384
 385        if (INTEL_INFO(dev)->gen >= 8) {
 386                page_offset = offset_in_page(page_offset + sizeof(uint32_t));
 387
 388                if (page_offset == 0) {
 389                        kunmap_atomic(vaddr);
 390                        vaddr = kmap_atomic(i915_gem_object_get_dirty_page(obj,
 391                            (reloc->offset + sizeof(uint32_t)) >> PAGE_SHIFT));
 392                }
 393
 394                clflush_write32(vaddr + page_offset, upper_32_bits(delta));
 395        }
 396
 397        kunmap_atomic(vaddr);
 398
 399        return 0;
 400}
 401
 402static int
 403i915_gem_execbuffer_relocate_entry(struct drm_i915_gem_object *obj,
 404                                   struct eb_vmas *eb,
 405                                   struct drm_i915_gem_relocation_entry *reloc)
 406{
 407        struct drm_device *dev = obj->base.dev;
 408        struct drm_gem_object *target_obj;
 409        struct drm_i915_gem_object *target_i915_obj;
 410        struct i915_vma *target_vma;
 411        uint64_t target_offset;
 412        int ret;
 413
 414        /* we've already hold a reference to all valid objects */
 415        target_vma = eb_get_vma(eb, reloc->target_handle);
 416        if (unlikely(target_vma == NULL))
 417                return -ENOENT;
 418        target_i915_obj = target_vma->obj;
 419        target_obj = &target_vma->obj->base;
 420
 421        target_offset = gen8_canonical_addr(target_vma->node.start);
 422
 423        /* Sandybridge PPGTT errata: We need a global gtt mapping for MI and
 424         * pipe_control writes because the gpu doesn't properly redirect them
 425         * through the ppgtt for non_secure batchbuffers. */
 426        if (unlikely(IS_GEN6(dev) &&
 427            reloc->write_domain == I915_GEM_DOMAIN_INSTRUCTION)) {
 428                ret = i915_vma_bind(target_vma, target_i915_obj->cache_level,
 429                                    PIN_GLOBAL);
 430                if (WARN_ONCE(ret, "Unexpected failure to bind target VMA!"))
 431                        return ret;
 432        }
 433
 434        /* Validate that the target is in a valid r/w GPU domain */
 435        if (unlikely(reloc->write_domain & (reloc->write_domain - 1))) {
 436                DRM_DEBUG("reloc with multiple write domains: "
 437                          "obj %p target %d offset %d "
 438                          "read %08x write %08x",
 439                          obj, reloc->target_handle,
 440                          (int) reloc->offset,
 441                          reloc->read_domains,
 442                          reloc->write_domain);
 443                return -EINVAL;
 444        }
 445        if (unlikely((reloc->write_domain | reloc->read_domains)
 446                     & ~I915_GEM_GPU_DOMAINS)) {
 447                DRM_DEBUG("reloc with read/write non-GPU domains: "
 448                          "obj %p target %d offset %d "
 449                          "read %08x write %08x",
 450                          obj, reloc->target_handle,
 451                          (int) reloc->offset,
 452                          reloc->read_domains,
 453                          reloc->write_domain);
 454                return -EINVAL;
 455        }
 456
 457        target_obj->pending_read_domains |= reloc->read_domains;
 458        target_obj->pending_write_domain |= reloc->write_domain;
 459
 460        /* If the relocation already has the right value in it, no
 461         * more work needs to be done.
 462         */
 463        if (target_offset == reloc->presumed_offset)
 464                return 0;
 465
 466        /* Check that the relocation address is valid... */
 467        if (unlikely(reloc->offset >
 468                obj->base.size - (INTEL_INFO(dev)->gen >= 8 ? 8 : 4))) {
 469                DRM_DEBUG("Relocation beyond object bounds: "
 470                          "obj %p target %d offset %d size %d.\n",
 471                          obj, reloc->target_handle,
 472                          (int) reloc->offset,
 473                          (int) obj->base.size);
 474                return -EINVAL;
 475        }
 476        if (unlikely(reloc->offset & 3)) {
 477                DRM_DEBUG("Relocation not 4-byte aligned: "
 478                          "obj %p target %d offset %d.\n",
 479                          obj, reloc->target_handle,
 480                          (int) reloc->offset);
 481                return -EINVAL;
 482        }
 483
 484        /* We can't wait for rendering with pagefaults disabled */
 485        if (obj->active && pagefault_disabled())
 486                return -EFAULT;
 487
 488        if (use_cpu_reloc(obj))
 489                ret = relocate_entry_cpu(obj, reloc, target_offset);
 490        else if (obj->map_and_fenceable)
 491                ret = relocate_entry_gtt(obj, reloc, target_offset);
 492        else if (static_cpu_has(X86_FEATURE_CLFLUSH))
 493                ret = relocate_entry_clflush(obj, reloc, target_offset);
 494        else {
 495                WARN_ONCE(1, "Impossible case in relocation handling\n");
 496                ret = -ENODEV;
 497        }
 498
 499        if (ret)
 500                return ret;
 501
 502        /* and update the user's relocation entry */
 503        reloc->presumed_offset = target_offset;
 504
 505        return 0;
 506}
 507
 508static int
 509i915_gem_execbuffer_relocate_vma(struct i915_vma *vma,
 510                                 struct eb_vmas *eb)
 511{
 512#define N_RELOC(x) ((x) / sizeof(struct drm_i915_gem_relocation_entry))
 513        struct drm_i915_gem_relocation_entry stack_reloc[N_RELOC(512)];
 514        struct drm_i915_gem_relocation_entry __user *user_relocs;
 515        struct drm_i915_gem_exec_object2 *entry = vma->exec_entry;
 516        int remain, ret;
 517
 518        user_relocs = u64_to_user_ptr(entry->relocs_ptr);
 519
 520        remain = entry->relocation_count;
 521        while (remain) {
 522                struct drm_i915_gem_relocation_entry *r = stack_reloc;
 523                int count = remain;
 524                if (count > ARRAY_SIZE(stack_reloc))
 525                        count = ARRAY_SIZE(stack_reloc);
 526                remain -= count;
 527
 528                if (__copy_from_user_inatomic(r, user_relocs, count*sizeof(r[0])))
 529                        return -EFAULT;
 530
 531                do {
 532                        u64 offset = r->presumed_offset;
 533
 534                        ret = i915_gem_execbuffer_relocate_entry(vma->obj, eb, r);
 535                        if (ret)
 536                                return ret;
 537
 538                        if (r->presumed_offset != offset &&
 539                            __put_user(r->presumed_offset, &user_relocs->presumed_offset)) {
 540                                return -EFAULT;
 541                        }
 542
 543                        user_relocs++;
 544                        r++;
 545                } while (--count);
 546        }
 547
 548        return 0;
 549#undef N_RELOC
 550}
 551
 552static int
 553i915_gem_execbuffer_relocate_vma_slow(struct i915_vma *vma,
 554                                      struct eb_vmas *eb,
 555                                      struct drm_i915_gem_relocation_entry *relocs)
 556{
 557        const struct drm_i915_gem_exec_object2 *entry = vma->exec_entry;
 558        int i, ret;
 559
 560        for (i = 0; i < entry->relocation_count; i++) {
 561                ret = i915_gem_execbuffer_relocate_entry(vma->obj, eb, &relocs[i]);
 562                if (ret)
 563                        return ret;
 564        }
 565
 566        return 0;
 567}
 568
 569static int
 570i915_gem_execbuffer_relocate(struct eb_vmas *eb)
 571{
 572        struct i915_vma *vma;
 573        int ret = 0;
 574
 575        /* This is the fast path and we cannot handle a pagefault whilst
 576         * holding the struct mutex lest the user pass in the relocations
 577         * contained within a mmaped bo. For in such a case we, the page
 578         * fault handler would call i915_gem_fault() and we would try to
 579         * acquire the struct mutex again. Obviously this is bad and so
 580         * lockdep complains vehemently.
 581         */
 582        pagefault_disable();
 583        list_for_each_entry(vma, &eb->vmas, exec_list) {
 584                ret = i915_gem_execbuffer_relocate_vma(vma, eb);
 585                if (ret)
 586                        break;
 587        }
 588        pagefault_enable();
 589
 590        return ret;
 591}
 592
 593static bool only_mappable_for_reloc(unsigned int flags)
 594{
 595        return (flags & (EXEC_OBJECT_NEEDS_FENCE | __EXEC_OBJECT_NEEDS_MAP)) ==
 596                __EXEC_OBJECT_NEEDS_MAP;
 597}
 598
 599static int
 600i915_gem_execbuffer_reserve_vma(struct i915_vma *vma,
 601                                struct intel_engine_cs *engine,
 602                                bool *need_reloc)
 603{
 604        struct drm_i915_gem_object *obj = vma->obj;
 605        struct drm_i915_gem_exec_object2 *entry = vma->exec_entry;
 606        uint64_t flags;
 607        int ret;
 608
 609        flags = PIN_USER;
 610        if (entry->flags & EXEC_OBJECT_NEEDS_GTT)
 611                flags |= PIN_GLOBAL;
 612
 613        if (!drm_mm_node_allocated(&vma->node)) {
 614                /* Wa32bitGeneralStateOffset & Wa32bitInstructionBaseOffset,
 615                 * limit address to the first 4GBs for unflagged objects.
 616                 */
 617                if ((entry->flags & EXEC_OBJECT_SUPPORTS_48B_ADDRESS) == 0)
 618                        flags |= PIN_ZONE_4G;
 619                if (entry->flags & __EXEC_OBJECT_NEEDS_MAP)
 620                        flags |= PIN_GLOBAL | PIN_MAPPABLE;
 621                if (entry->flags & __EXEC_OBJECT_NEEDS_BIAS)
 622                        flags |= BATCH_OFFSET_BIAS | PIN_OFFSET_BIAS;
 623                if (entry->flags & EXEC_OBJECT_PINNED)
 624                        flags |= entry->offset | PIN_OFFSET_FIXED;
 625                if ((flags & PIN_MAPPABLE) == 0)
 626                        flags |= PIN_HIGH;
 627        }
 628
 629        ret = i915_gem_object_pin(obj, vma->vm, entry->alignment, flags);
 630        if ((ret == -ENOSPC  || ret == -E2BIG) &&
 631            only_mappable_for_reloc(entry->flags))
 632                ret = i915_gem_object_pin(obj, vma->vm,
 633                                          entry->alignment,
 634                                          flags & ~PIN_MAPPABLE);
 635        if (ret)
 636                return ret;
 637
 638        entry->flags |= __EXEC_OBJECT_HAS_PIN;
 639
 640        if (entry->flags & EXEC_OBJECT_NEEDS_FENCE) {
 641                ret = i915_gem_object_get_fence(obj);
 642                if (ret)
 643                        return ret;
 644
 645                if (i915_gem_object_pin_fence(obj))
 646                        entry->flags |= __EXEC_OBJECT_HAS_FENCE;
 647        }
 648
 649        if (entry->offset != vma->node.start) {
 650                entry->offset = vma->node.start;
 651                *need_reloc = true;
 652        }
 653
 654        if (entry->flags & EXEC_OBJECT_WRITE) {
 655                obj->base.pending_read_domains = I915_GEM_DOMAIN_RENDER;
 656                obj->base.pending_write_domain = I915_GEM_DOMAIN_RENDER;
 657        }
 658
 659        return 0;
 660}
 661
 662static bool
 663need_reloc_mappable(struct i915_vma *vma)
 664{
 665        struct drm_i915_gem_exec_object2 *entry = vma->exec_entry;
 666
 667        if (entry->relocation_count == 0)
 668                return false;
 669
 670        if (!vma->is_ggtt)
 671                return false;
 672
 673        /* See also use_cpu_reloc() */
 674        if (HAS_LLC(vma->obj->base.dev))
 675                return false;
 676
 677        if (vma->obj->base.write_domain == I915_GEM_DOMAIN_CPU)
 678                return false;
 679
 680        return true;
 681}
 682
 683static bool
 684eb_vma_misplaced(struct i915_vma *vma)
 685{
 686        struct drm_i915_gem_exec_object2 *entry = vma->exec_entry;
 687        struct drm_i915_gem_object *obj = vma->obj;
 688
 689        WARN_ON(entry->flags & __EXEC_OBJECT_NEEDS_MAP && !vma->is_ggtt);
 690
 691        if (entry->alignment &&
 692            vma->node.start & (entry->alignment - 1))
 693                return true;
 694
 695        if (entry->flags & EXEC_OBJECT_PINNED &&
 696            vma->node.start != entry->offset)
 697                return true;
 698
 699        if (entry->flags & __EXEC_OBJECT_NEEDS_BIAS &&
 700            vma->node.start < BATCH_OFFSET_BIAS)
 701                return true;
 702
 703        /* avoid costly ping-pong once a batch bo ended up non-mappable */
 704        if (entry->flags & __EXEC_OBJECT_NEEDS_MAP && !obj->map_and_fenceable)
 705                return !only_mappable_for_reloc(entry->flags);
 706
 707        if ((entry->flags & EXEC_OBJECT_SUPPORTS_48B_ADDRESS) == 0 &&
 708            (vma->node.start + vma->node.size - 1) >> 32)
 709                return true;
 710
 711        return false;
 712}
 713
 714static int
 715i915_gem_execbuffer_reserve(struct intel_engine_cs *engine,
 716                            struct list_head *vmas,
 717                            struct intel_context *ctx,
 718                            bool *need_relocs)
 719{
 720        struct drm_i915_gem_object *obj;
 721        struct i915_vma *vma;
 722        struct i915_address_space *vm;
 723        struct list_head ordered_vmas;
 724        struct list_head pinned_vmas;
 725        bool has_fenced_gpu_access = INTEL_INFO(engine->dev)->gen < 4;
 726        int retry;
 727
 728        i915_gem_retire_requests_ring(engine);
 729
 730        vm = list_first_entry(vmas, struct i915_vma, exec_list)->vm;
 731
 732        INIT_LIST_HEAD(&ordered_vmas);
 733        INIT_LIST_HEAD(&pinned_vmas);
 734        while (!list_empty(vmas)) {
 735                struct drm_i915_gem_exec_object2 *entry;
 736                bool need_fence, need_mappable;
 737
 738                vma = list_first_entry(vmas, struct i915_vma, exec_list);
 739                obj = vma->obj;
 740                entry = vma->exec_entry;
 741
 742                if (ctx->flags & CONTEXT_NO_ZEROMAP)
 743                        entry->flags |= __EXEC_OBJECT_NEEDS_BIAS;
 744
 745                if (!has_fenced_gpu_access)
 746                        entry->flags &= ~EXEC_OBJECT_NEEDS_FENCE;
 747                need_fence =
 748                        entry->flags & EXEC_OBJECT_NEEDS_FENCE &&
 749                        obj->tiling_mode != I915_TILING_NONE;
 750                need_mappable = need_fence || need_reloc_mappable(vma);
 751
 752                if (entry->flags & EXEC_OBJECT_PINNED)
 753                        list_move_tail(&vma->exec_list, &pinned_vmas);
 754                else if (need_mappable) {
 755                        entry->flags |= __EXEC_OBJECT_NEEDS_MAP;
 756                        list_move(&vma->exec_list, &ordered_vmas);
 757                } else
 758                        list_move_tail(&vma->exec_list, &ordered_vmas);
 759
 760                obj->base.pending_read_domains = I915_GEM_GPU_DOMAINS & ~I915_GEM_DOMAIN_COMMAND;
 761                obj->base.pending_write_domain = 0;
 762        }
 763        list_splice(&ordered_vmas, vmas);
 764        list_splice(&pinned_vmas, vmas);
 765
 766        /* Attempt to pin all of the buffers into the GTT.
 767         * This is done in 3 phases:
 768         *
 769         * 1a. Unbind all objects that do not match the GTT constraints for
 770         *     the execbuffer (fenceable, mappable, alignment etc).
 771         * 1b. Increment pin count for already bound objects.
 772         * 2.  Bind new objects.
 773         * 3.  Decrement pin count.
 774         *
 775         * This avoid unnecessary unbinding of later objects in order to make
 776         * room for the earlier objects *unless* we need to defragment.
 777         */
 778        retry = 0;
 779        do {
 780                int ret = 0;
 781
 782                /* Unbind any ill-fitting objects or pin. */
 783                list_for_each_entry(vma, vmas, exec_list) {
 784                        if (!drm_mm_node_allocated(&vma->node))
 785                                continue;
 786
 787                        if (eb_vma_misplaced(vma))
 788                                ret = i915_vma_unbind(vma);
 789                        else
 790                                ret = i915_gem_execbuffer_reserve_vma(vma,
 791                                                                      engine,
 792                                                                      need_relocs);
 793                        if (ret)
 794                                goto err;
 795                }
 796
 797                /* Bind fresh objects */
 798                list_for_each_entry(vma, vmas, exec_list) {
 799                        if (drm_mm_node_allocated(&vma->node))
 800                                continue;
 801
 802                        ret = i915_gem_execbuffer_reserve_vma(vma, engine,
 803                                                              need_relocs);
 804                        if (ret)
 805                                goto err;
 806                }
 807
 808err:
 809                if (ret != -ENOSPC || retry++)
 810                        return ret;
 811
 812                /* Decrement pin count for bound objects */
 813                list_for_each_entry(vma, vmas, exec_list)
 814                        i915_gem_execbuffer_unreserve_vma(vma);
 815
 816                ret = i915_gem_evict_vm(vm, true);
 817                if (ret)
 818                        return ret;
 819        } while (1);
 820}
 821
 822static int
 823i915_gem_execbuffer_relocate_slow(struct drm_device *dev,
 824                                  struct drm_i915_gem_execbuffer2 *args,
 825                                  struct drm_file *file,
 826                                  struct intel_engine_cs *engine,
 827                                  struct eb_vmas *eb,
 828                                  struct drm_i915_gem_exec_object2 *exec,
 829                                  struct intel_context *ctx)
 830{
 831        struct drm_i915_gem_relocation_entry *reloc;
 832        struct i915_address_space *vm;
 833        struct i915_vma *vma;
 834        bool need_relocs;
 835        int *reloc_offset;
 836        int i, total, ret;
 837        unsigned count = args->buffer_count;
 838
 839        vm = list_first_entry(&eb->vmas, struct i915_vma, exec_list)->vm;
 840
 841        /* We may process another execbuffer during the unlock... */
 842        while (!list_empty(&eb->vmas)) {
 843                vma = list_first_entry(&eb->vmas, struct i915_vma, exec_list);
 844                list_del_init(&vma->exec_list);
 845                i915_gem_execbuffer_unreserve_vma(vma);
 846                drm_gem_object_unreference(&vma->obj->base);
 847        }
 848
 849        mutex_unlock(&dev->struct_mutex);
 850
 851        total = 0;
 852        for (i = 0; i < count; i++)
 853                total += exec[i].relocation_count;
 854
 855        reloc_offset = drm_malloc_ab(count, sizeof(*reloc_offset));
 856        reloc = drm_malloc_ab(total, sizeof(*reloc));
 857        if (reloc == NULL || reloc_offset == NULL) {
 858                drm_free_large(reloc);
 859                drm_free_large(reloc_offset);
 860                mutex_lock(&dev->struct_mutex);
 861                return -ENOMEM;
 862        }
 863
 864        total = 0;
 865        for (i = 0; i < count; i++) {
 866                struct drm_i915_gem_relocation_entry __user *user_relocs;
 867                u64 invalid_offset = (u64)-1;
 868                int j;
 869
 870                user_relocs = u64_to_user_ptr(exec[i].relocs_ptr);
 871
 872                if (copy_from_user(reloc+total, user_relocs,
 873                                   exec[i].relocation_count * sizeof(*reloc))) {
 874                        ret = -EFAULT;
 875                        mutex_lock(&dev->struct_mutex);
 876                        goto err;
 877                }
 878
 879                /* As we do not update the known relocation offsets after
 880                 * relocating (due to the complexities in lock handling),
 881                 * we need to mark them as invalid now so that we force the
 882                 * relocation processing next time. Just in case the target
 883                 * object is evicted and then rebound into its old
 884                 * presumed_offset before the next execbuffer - if that
 885                 * happened we would make the mistake of assuming that the
 886                 * relocations were valid.
 887                 */
 888                for (j = 0; j < exec[i].relocation_count; j++) {
 889                        if (__copy_to_user(&user_relocs[j].presumed_offset,
 890                                           &invalid_offset,
 891                                           sizeof(invalid_offset))) {
 892                                ret = -EFAULT;
 893                                mutex_lock(&dev->struct_mutex);
 894                                goto err;
 895                        }
 896                }
 897
 898                reloc_offset[i] = total;
 899                total += exec[i].relocation_count;
 900        }
 901
 902        ret = i915_mutex_lock_interruptible(dev);
 903        if (ret) {
 904                mutex_lock(&dev->struct_mutex);
 905                goto err;
 906        }
 907
 908        /* reacquire the objects */
 909        eb_reset(eb);
 910        ret = eb_lookup_vmas(eb, exec, args, vm, file);
 911        if (ret)
 912                goto err;
 913
 914        need_relocs = (args->flags & I915_EXEC_NO_RELOC) == 0;
 915        ret = i915_gem_execbuffer_reserve(engine, &eb->vmas, ctx,
 916                                          &need_relocs);
 917        if (ret)
 918                goto err;
 919
 920        list_for_each_entry(vma, &eb->vmas, exec_list) {
 921                int offset = vma->exec_entry - exec;
 922                ret = i915_gem_execbuffer_relocate_vma_slow(vma, eb,
 923                                                            reloc + reloc_offset[offset]);
 924                if (ret)
 925                        goto err;
 926        }
 927
 928        /* Leave the user relocations as are, this is the painfully slow path,
 929         * and we want to avoid the complication of dropping the lock whilst
 930         * having buffers reserved in the aperture and so causing spurious
 931         * ENOSPC for random operations.
 932         */
 933
 934err:
 935        drm_free_large(reloc);
 936        drm_free_large(reloc_offset);
 937        return ret;
 938}
 939
 940static int
 941i915_gem_execbuffer_move_to_gpu(struct drm_i915_gem_request *req,
 942                                struct list_head *vmas)
 943{
 944        const unsigned other_rings = ~intel_engine_flag(req->engine);
 945        struct i915_vma *vma;
 946        uint32_t flush_domains = 0;
 947        bool flush_chipset = false;
 948        int ret;
 949
 950        list_for_each_entry(vma, vmas, exec_list) {
 951                struct drm_i915_gem_object *obj = vma->obj;
 952
 953                if (obj->active & other_rings) {
 954                        ret = i915_gem_object_sync(obj, req->engine, &req);
 955                        if (ret)
 956                                return ret;
 957                }
 958
 959                if (obj->base.write_domain & I915_GEM_DOMAIN_CPU)
 960                        flush_chipset |= i915_gem_clflush_object(obj, false);
 961
 962                flush_domains |= obj->base.write_domain;
 963        }
 964
 965        if (flush_chipset)
 966                i915_gem_chipset_flush(req->engine->dev);
 967
 968        if (flush_domains & I915_GEM_DOMAIN_GTT)
 969                wmb();
 970
 971        /* Unconditionally invalidate gpu caches and ensure that we do flush
 972         * any residual writes from the previous batch.
 973         */
 974        return intel_ring_invalidate_all_caches(req);
 975}
 976
 977static bool
 978i915_gem_check_execbuffer(struct drm_i915_gem_execbuffer2 *exec)
 979{
 980        if (exec->flags & __I915_EXEC_UNKNOWN_FLAGS)
 981                return false;
 982
 983        /* Kernel clipping was a DRI1 misfeature */
 984        if (exec->num_cliprects || exec->cliprects_ptr)
 985                return false;
 986
 987        if (exec->DR4 == 0xffffffff) {
 988                DRM_DEBUG("UXA submitting garbage DR4, fixing up\n");
 989                exec->DR4 = 0;
 990        }
 991        if (exec->DR1 || exec->DR4)
 992                return false;
 993
 994        if ((exec->batch_start_offset | exec->batch_len) & 0x7)
 995                return false;
 996
 997        return true;
 998}
 999
1000static int

1001validate_exec_list(struct drm_device *dev,
1002                   struct drm_i915_gem_exec_object2 *exec,
1003                   int count)
1004{
1005        unsigned relocs_total = 0;
1006        unsigned relocs_max = UINT_MAX / sizeof(struct drm_i915_gem_relocation_entry);
1007        unsigned invalid_flags;
1008        int i;
1009
1010        invalid_flags = __EXEC_OBJECT_UNKNOWN_FLAGS;
1011        if (USES_FULL_PPGTT(dev))
1012                invalid_flags |= EXEC_OBJECT_NEEDS_GTT;
1013
1014        for (i = 0; i < count; i++) {
1015                char __user *ptr = u64_to_user_ptr(exec[i].relocs_ptr);
1016                int length; /* limited by fault_in_pages_readable() */
1017
1018                if (exec[i].flags & invalid_flags)
1019                        return -EINVAL;
1020
1021                /* Offset can be used as input (EXEC_OBJECT_PINNED), reject
1022                 * any non-page-aligned or non-canonical addresses.
1023                 */
1024                if (exec[i].flags & EXEC_OBJECT_PINNED) {
1025                        if (exec[i].offset !=
1026                            gen8_canonical_addr(exec[i].offset & PAGE_MASK))
1027                                return -EINVAL;
1028
1029                        /* From drm_mm perspective address space is continuous,
1030                         * so from this point we're always using non-canonical
1031                         * form internally.
1032                         */
1033                        exec[i].offset = gen8_noncanonical_addr(exec[i].offset);
1034                }
1035
1036                if (exec[i].alignment && !is_power_of_2(exec[i].alignment))
1037                        return -EINVAL;
1038
1039                /* First check for malicious input causing overflow in
1040                 * the worst case where we need to allocate the entire
1041                 * relocation tree as a single array.
1042                 */
1043                if (exec[i].relocation_count > relocs_max - relocs_total)
1044                        return -EINVAL;
1045                relocs_total += exec[i].relocation_count;
1046
1047                length = exec[i].relocation_count *
1048                        sizeof(struct drm_i915_gem_relocation_entry);
1049                /*
1050                 * We must check that the entire relocation array is safe
1051                 * to read, but since we may need to update the presumed
1052                 * offsets during execution, check for full write access.
1053                 */
1054                if (!access_ok(VERIFY_WRITE, ptr, length))
1055                        return -EFAULT;
1056
1057                if (likely(!i915.prefault_disable)) {
1058                        if (fault_in_multipages_readable(ptr, length))
1059                                return -EFAULT;
1060                }
1061        }
1062
1063        return 0;
1064}
1065
1066static struct intel_context *
1067i915_gem_validate_context(struct drm_device *dev, struct drm_file *file,
1068                          struct intel_engine_cs *engine, const u32 ctx_id)
1069{
1070        struct intel_context *ctx = NULL;
1071        struct i915_ctx_hang_stats *hs;
1072
1073        if (engine->id != RCS && ctx_id != DEFAULT_CONTEXT_HANDLE)
1074                return ERR_PTR(-EINVAL);
1075
1076        ctx = i915_gem_context_get(file->driver_priv, ctx_id);
1077        if (IS_ERR(ctx))
1078                return ctx;
1079
1080        hs = &ctx->hang_stats;
1081        if (hs->banned) {
1082                DRM_DEBUG("Context %u tried to submit while banned\n", ctx_id);
1083                return ERR_PTR(-EIO);
1084        }
1085
1086        if (i915.enable_execlists && !ctx->engine[engine->id].state) {
1087                int ret = intel_lr_context_deferred_alloc(ctx, engine);
1088                if (ret) {
1089                        DRM_DEBUG("Could not create LRC %u: %d\n", ctx_id, ret);
1090                        return ERR_PTR(ret);
1091                }
1092        }
1093
1094        return ctx;
1095}
1096
1097void
1098i915_gem_execbuffer_move_to_active(struct list_head *vmas,
1099                                   struct drm_i915_gem_request *req)
1100{
1101        struct intel_engine_cs *engine = i915_gem_request_get_engine(req);
1102        struct i915_vma *vma;
1103
1104        list_for_each_entry(vma, vmas, exec_list) {
1105                struct drm_i915_gem_exec_object2 *entry = vma->exec_entry;
1106                struct drm_i915_gem_object *obj = vma->obj;
1107                u32 old_read = obj->base.read_domains;
1108                u32 old_write = obj->base.write_domain;
1109
1110                obj->dirty = 1; /* be paranoid  */
1111                obj->base.write_domain = obj->base.pending_write_domain;
1112                if (obj->base.write_domain == 0)
1113                        obj->base.pending_read_domains |= obj->base.read_domains;
1114                obj->base.read_domains = obj->base.pending_read_domains;
1115
1116                i915_vma_move_to_active(vma, req);
1117                if (obj->base.write_domain) {
1118                        i915_gem_request_assign(&obj->last_write_req, req);
1119
1120                        intel_fb_obj_invalidate(obj, ORIGIN_CS);
1121
1122                        /* update for the implicit flush after a batch */
1123                        obj->base.write_domain &= ~I915_GEM_GPU_DOMAINS;
1124                }
1125                if (entry->flags & EXEC_OBJECT_NEEDS_FENCE) {
1126                        i915_gem_request_assign(&obj->last_fenced_req, req);
1127                        if (entry->flags & __EXEC_OBJECT_HAS_FENCE) {
1128                                struct drm_i915_private *dev_priv = to_i915(engine->dev);
1129                                list_move_tail(&dev_priv->fence_regs[obj->fence_reg].lru_list,
1130                                               &dev_priv->mm.fence_list);
1131                        }
1132                }
1133
1134                trace_i915_gem_object_change_domain(obj, old_read, old_write);
1135        }
1136}
1137
1138static void
1139i915_gem_execbuffer_retire_commands(struct i915_execbuffer_params *params)
1140{
1141        /* Unconditionally force add_request to emit a full flush. */
1142        params->engine->gpu_caches_dirty = true;
1143
1144        /* Add a breadcrumb for the completion of the batch buffer */
1145        __i915_add_request(params->request, params->batch_obj, true);
1146}
1147
1148static int
1149i915_reset_gen7_sol_offsets(struct drm_device *dev,
1150                            struct drm_i915_gem_request *req)
1151{
1152        struct intel_engine_cs *engine = req->engine;
1153        struct drm_i915_private *dev_priv = dev->dev_private;
1154        int ret, i;
1155
1156        if (!IS_GEN7(dev) || engine != &dev_priv->engine[RCS]) {
1157                DRM_DEBUG("sol reset is gen7/rcs only\n");
1158                return -EINVAL;
1159        }
1160
1161        ret = intel_ring_begin(req, 4 * 3);
1162        if (ret)
1163                return ret;
1164
1165        for (i = 0; i < 4; i++) {
1166                intel_ring_emit(engine, MI_LOAD_REGISTER_IMM(1));
1167                intel_ring_emit_reg(engine, GEN7_SO_WRITE_OFFSET(i));
1168                intel_ring_emit(engine, 0);
1169        }
1170
1171        intel_ring_advance(engine);
1172
1173        return 0;
1174}
1175
1176static struct drm_i915_gem_object*
1177i915_gem_execbuffer_parse(struct intel_engine_cs *engine,
1178                          struct drm_i915_gem_exec_object2 *shadow_exec_entry,
1179                          struct eb_vmas *eb,
1180                          struct drm_i915_gem_object *batch_obj,
1181                          u32 batch_start_offset,
1182                          u32 batch_len,
1183                          bool is_master)
1184{
1185        struct drm_i915_gem_object *shadow_batch_obj;
1186        struct i915_vma *vma;
1187        int ret;
1188
1189        shadow_batch_obj = i915_gem_batch_pool_get(&engine->batch_pool,
1190                                                   PAGE_ALIGN(batch_len));
1191        if (IS_ERR(shadow_batch_obj))
1192                return shadow_batch_obj;
1193
1194        ret = i915_parse_cmds(engine,
1195                              batch_obj,
1196                              shadow_batch_obj,
1197                              batch_start_offset,
1198                              batch_len,
1199                              is_master);
1200        if (ret)
1201                goto err;
1202
1203        ret = i915_gem_obj_ggtt_pin(shadow_batch_obj, 0, 0);
1204        if (ret)
1205                goto err;
1206
1207        i915_gem_object_unpin_pages(shadow_batch_obj);
1208
1209        memset(shadow_exec_entry, 0, sizeof(*shadow_exec_entry));
1210
1211        vma = i915_gem_obj_to_ggtt(shadow_batch_obj);
1212        vma->exec_entry = shadow_exec_entry;
1213        vma->exec_entry->flags = __EXEC_OBJECT_HAS_PIN;
1214        drm_gem_object_reference(&shadow_batch_obj->base);
1215        list_add_tail(&vma->exec_list, &eb->vmas);
1216
1217        shadow_batch_obj->base.pending_read_domains = I915_GEM_DOMAIN_COMMAND;
1218
1219        return shadow_batch_obj;
1220
1221err:
1222        i915_gem_object_unpin_pages(shadow_batch_obj);
1223        if (ret == -EACCES) /* unhandled chained batch */
1224                return batch_obj;
1225        else
1226                return ERR_PTR(ret);
1227}
1228
1229int
1230i915_gem_ringbuffer_submission(struct i915_execbuffer_params *params,
1231                               struct drm_i915_gem_execbuffer2 *args,
1232                               struct list_head *vmas)
1233{
1234        struct drm_device *dev = params->dev;
1235        struct intel_engine_cs *engine = params->engine;
1236        struct drm_i915_private *dev_priv = dev->dev_private;
1237        u64 exec_start, exec_len;
1238        int instp_mode;
1239        u32 instp_mask;
1240        int ret;
1241
1242        ret = i915_gem_execbuffer_move_to_gpu(params->request, vmas);
1243        if (ret)
1244                return ret;
1245
1246        ret = i915_switch_context(params->request);
1247        if (ret)
1248                return ret;
1249
1250        WARN(params->ctx->ppgtt && params->ctx->ppgtt->pd_dirty_rings & (1<<engine->id),
1251             "%s didn't clear reload\n", engine->name);
1252
1253        instp_mode = args->flags & I915_EXEC_CONSTANTS_MASK;
1254        instp_mask = I915_EXEC_CONSTANTS_MASK;
1255        switch (instp_mode) {
1256        case I915_EXEC_CONSTANTS_REL_GENERAL:
1257        case I915_EXEC_CONSTANTS_ABSOLUTE:
1258        case I915_EXEC_CONSTANTS_REL_SURFACE:
1259                if (instp_mode != 0 && engine != &dev_priv->engine[RCS]) {
1260                        DRM_DEBUG("non-0 rel constants mode on non-RCS\n");
1261                        return -EINVAL;
1262                }
1263
1264                if (instp_mode != dev_priv->relative_constants_mode) {
1265                        if (INTEL_INFO(dev)->gen < 4) {
1266                                DRM_DEBUG("no rel constants on pre-gen4\n");
1267                                return -EINVAL;
1268                        }
1269
1270                        if (INTEL_INFO(dev)->gen > 5 &&
1271                            instp_mode == I915_EXEC_CONSTANTS_REL_SURFACE) {
1272                                DRM_DEBUG("rel surface constants mode invalid on gen5+\n");
1273                                return -EINVAL;
1274                        }
1275
1276                        /* The HW changed the meaning on this bit on gen6 */
1277                        if (INTEL_INFO(dev)->gen >= 6)
1278                                instp_mask &= ~I915_EXEC_CONSTANTS_REL_SURFACE;
1279                }
1280                break;
1281        default:
1282                DRM_DEBUG("execbuf with unknown constants: %d\n", instp_mode);
1283                return -EINVAL;
1284        }
1285
1286        if (engine == &dev_priv->engine[RCS] &&
1287            instp_mode != dev_priv->relative_constants_mode) {
1288                ret = intel_ring_begin(params->request, 4);
1289                if (ret)
1290                        return ret;
1291
1292                intel_ring_emit(engine, MI_NOOP);
1293                intel_ring_emit(engine, MI_LOAD_REGISTER_IMM(1));
1294                intel_ring_emit_reg(engine, INSTPM);
1295                intel_ring_emit(engine, instp_mask << 16 | instp_mode);
1296                intel_ring_advance(engine);
1297
1298                dev_priv->relative_constants_mode = instp_mode;
1299        }
1300
1301        if (args->flags & I915_EXEC_GEN7_SOL_RESET) {
1302                ret = i915_reset_gen7_sol_offsets(dev, params->request);
1303                if (ret)
1304                        return ret;
1305        }
1306
1307        exec_len   = args->batch_len;
1308        exec_start = params->batch_obj_vm_offset +
1309                     params->args_batch_start_offset;
1310
1311        if (exec_len == 0)
1312                exec_len = params->batch_obj->base.size;
1313
1314        ret = engine->dispatch_execbuffer(params->request,
1315                                        exec_start, exec_len,
1316                                        params->dispatch_flags);
1317        if (ret)
1318                return ret;
1319
1320        trace_i915_gem_ring_dispatch(params->request, params->dispatch_flags);
1321
1322        i915_gem_execbuffer_move_to_active(vmas, params->request);
1323
1324        return 0;
1325}
1326
1327/**
1328 * Find one BSD ring to dispatch the corresponding BSD command.
1329 * The ring index is returned.
1330 */
1331static unsigned int
1332gen8_dispatch_bsd_ring(struct drm_i915_private *dev_priv, struct drm_file *file)
1333{
1334        struct drm_i915_file_private *file_priv = file->driver_priv;
1335
1336        /* Check whether the file_priv has already selected one ring. */
1337        if ((int)file_priv->bsd_ring < 0) {
1338                /* If not, use the ping-pong mechanism to select one. */
1339                mutex_lock(&dev_priv->dev->struct_mutex);
1340                file_priv->bsd_ring = dev_priv->mm.bsd_ring_dispatch_index;
1341                dev_priv->mm.bsd_ring_dispatch_index ^= 1;
1342                mutex_unlock(&dev_priv->dev->struct_mutex);
1343        }
1344
1345        return file_priv->bsd_ring;
1346}
1347
1348static struct drm_i915_gem_object *
1349eb_get_batch(struct eb_vmas *eb)
1350{
1351        struct i915_vma *vma = list_entry(eb->vmas.prev, typeof(*vma), exec_list);
1352
1353        /*
1354         * SNA is doing fancy tricks with compressing batch buffers, which leads
1355         * to negative relocation deltas. Usually that works out ok since the
1356         * relocate address is still positive, except when the batch is placed
1357         * very low in the GTT. Ensure this doesn't happen.
1358         *
1359         * Note that actual hangs have only been observed on gen7, but for
1360         * paranoia do it everywhere.
1361         */
1362        if ((vma->exec_entry->flags & EXEC_OBJECT_PINNED) == 0)
1363                vma->exec_entry->flags |= __EXEC_OBJECT_NEEDS_BIAS;
1364
1365        return vma->obj;
1366}
1367
1368#define I915_USER_RINGS (4)
1369
1370static const enum intel_engine_id user_ring_map[I915_USER_RINGS + 1] = {
1371        [I915_EXEC_DEFAULT]     = RCS,
1372        [I915_EXEC_RENDER]      = RCS,
1373        [I915_EXEC_BLT]         = BCS,
1374        [I915_EXEC_BSD]         = VCS,
1375        [I915_EXEC_VEBOX]       = VECS
1376};
1377
1378static int
1379eb_select_ring(struct drm_i915_private *dev_priv,
1380               struct drm_file *file,
1381               struct drm_i915_gem_execbuffer2 *args,
1382               struct intel_engine_cs **ring)
1383{
1384        unsigned int user_ring_id = args->flags & I915_EXEC_RING_MASK;
1385
1386        if (user_ring_id > I915_USER_RINGS) {
1387                DRM_DEBUG("execbuf with unknown ring: %u\n", user_ring_id);
1388                return -EINVAL;
1389        }
1390
1391        if ((user_ring_id != I915_EXEC_BSD) &&
1392            ((args->flags & I915_EXEC_BSD_MASK) != 0)) {
1393                DRM_DEBUG("execbuf with non bsd ring but with invalid "
1394                          "bsd dispatch flags: %d\n", (int)(args->flags));
1395                return -EINVAL;
1396        }
1397
1398        if (user_ring_id == I915_EXEC_BSD && HAS_BSD2(dev_priv)) {
1399                unsigned int bsd_idx = args->flags & I915_EXEC_BSD_MASK;
1400
1401                if (bsd_idx == I915_EXEC_BSD_DEFAULT) {
1402                        bsd_idx = gen8_dispatch_bsd_ring(dev_priv, file);
1403                } else if (bsd_idx >= I915_EXEC_BSD_RING1 &&
1404                           bsd_idx <= I915_EXEC_BSD_RING2) {
1405                        bsd_idx >>= I915_EXEC_BSD_SHIFT;
1406                        bsd_idx--;
1407                } else {
1408                        DRM_DEBUG("execbuf with unknown bsd ring: %u\n",
1409                                  bsd_idx);
1410                        return -EINVAL;
1411                }
1412
1413                *ring = &dev_priv->engine[_VCS(bsd_idx)];
1414        } else {
1415                *ring = &dev_priv->engine[user_ring_map[user_ring_id]];
1416        }
1417
1418        if (!intel_engine_initialized(*ring)) {
1419                DRM_DEBUG("execbuf with invalid ring: %u\n", user_ring_id);
1420                return -EINVAL;
1421        }
1422
1423        return 0;
1424}
1425
1426static int
1427i915_gem_do_execbuffer(struct drm_device *dev, void *data,
1428                       struct drm_file *file,
1429                       struct drm_i915_gem_execbuffer2 *args,
1430                       struct drm_i915_gem_exec_object2 *exec)
1431{
1432        struct drm_i915_private *dev_priv = to_i915(dev);
1433        struct i915_ggtt *ggtt = &dev_priv->ggtt;
1434        struct drm_i915_gem_request *req = NULL;
1435        struct eb_vmas *eb;
1436        struct drm_i915_gem_object *batch_obj;
1437        struct drm_i915_gem_exec_object2 shadow_exec_entry;
1438        struct intel_engine_cs *engine;
1439        struct intel_context *ctx;
1440        struct i915_address_space *vm;
1441        struct i915_execbuffer_params params_master; /* XXX: will be removed later */
1442        struct i915_execbuffer_params *params = &params_master;
1443        const u32 ctx_id = i915_execbuffer2_get_context_id(*args);
1444        u32 dispatch_flags;
1445        int ret;
1446        bool need_relocs;
1447
1448        if (!i915_gem_check_execbuffer(args))
1449                return -EINVAL;
1450
1451        ret = validate_exec_list(dev, exec, args->buffer_count);
1452        if (ret)
1453                return ret;
1454
1455        dispatch_flags = 0;
1456        if (args->flags & I915_EXEC_SECURE) {
1457                if (!file->is_master || !capable(CAP_SYS_ADMIN))
1458                    return -EPERM;
1459
1460                dispatch_flags |= I915_DISPATCH_SECURE;
1461        }
1462        if (args->flags & I915_EXEC_IS_PINNED)
1463                dispatch_flags |= I915_DISPATCH_PINNED;
1464
1465        ret = eb_select_ring(dev_priv, file, args, &engine);
1466        if (ret)
1467                return ret;
1468
1469        if (args->buffer_count < 1) {
1470                DRM_DEBUG("execbuf with %d buffers\n", args->buffer_count);
1471                return -EINVAL;
1472        }
1473
1474        if (args->flags & I915_EXEC_RESOURCE_STREAMER) {
1475                if (!HAS_RESOURCE_STREAMER(dev)) {
1476                        DRM_DEBUG("RS is only allowed for Haswell, Gen8 and above\n");
1477                        return -EINVAL;
1478                }
1479                if (engine->id != RCS) {
1480                        DRM_DEBUG("RS is not available on %s\n",
1481                                 engine->name);
1482                        return -EINVAL;
1483                }
1484
1485                dispatch_flags |= I915_DISPATCH_RS;
1486        }
1487
1488        intel_runtime_pm_get(dev_priv);
1489
1490        ret = i915_mutex_lock_interruptible(dev);
1491        if (ret)
1492                goto pre_mutex_err;
1493
1494        ctx = i915_gem_validate_context(dev, file, engine, ctx_id);
1495        if (IS_ERR(ctx)) {
1496                mutex_unlock(&dev->struct_mutex);
1497                ret = PTR_ERR(ctx);
1498                goto pre_mutex_err;
1499        }
1500
1501        i915_gem_context_reference(ctx);
1502
1503        if (ctx->ppgtt)
1504                vm = &ctx->ppgtt->base;
1505        else
1506                vm = &ggtt->base;
1507
1508        memset(&params_master, 0x00, sizeof(params_master));
1509
1510        eb = eb_create(args);
1511        if (eb == NULL) {
1512                i915_gem_context_unreference(ctx);
1513                mutex_unlock(&dev->struct_mutex);
1514                ret = -ENOMEM;
1515                goto pre_mutex_err;
1516        }
1517
1518        /* Look up object handles */
1519        ret = eb_lookup_vmas(eb, exec, args, vm, file);
1520        if (ret)
1521                goto err;
1522
1523        /* take note of the batch buffer before we might reorder the lists */
1524        batch_obj = eb_get_batch(eb);
1525
1526        /* Move the objects en-masse into the GTT, evicting if necessary. */
1527        need_relocs = (args->flags & I915_EXEC_NO_RELOC) == 0;
1528        ret = i915_gem_execbuffer_reserve(engine, &eb->vmas, ctx,
1529                                          &need_relocs);
1530        if (ret)
1531                goto err;
1532
1533        /* The objects are in their final locations, apply the relocations. */
1534        if (need_relocs)
1535                ret = i915_gem_execbuffer_relocate(eb);
1536        if (ret) {
1537                if (ret == -EFAULT) {
1538                        ret = i915_gem_execbuffer_relocate_slow(dev, args, file,
1539                                                                engine,
1540                                                                eb, exec, ctx);
1541                        BUG_ON(!mutex_is_locked(&dev->struct_mutex));
1542                }
1543                if (ret)
1544                        goto err;
1545        }
1546
1547        /* Set the pending read domains for the batch buffer to COMMAND */
1548        if (batch_obj->base.pending_write_domain) {
1549                DRM_DEBUG("Attempting to use self-modifying batch buffer\n");
1550                ret = -EINVAL;
1551                goto err;
1552        }
1553
1554        params->args_batch_start_offset = args->batch_start_offset;
1555        if (i915_needs_cmd_parser(engine) && args->batch_len) {
1556                struct drm_i915_gem_object *parsed_batch_obj;
1557
1558                parsed_batch_obj = i915_gem_execbuffer_parse(engine,
1559                                                             &shadow_exec_entry,
1560                                                             eb,
1561                                                             batch_obj,
1562                                                             args->batch_start_offset,
1563                                                             args->batch_len,
1564                                                             file->is_master);
1565                if (IS_ERR(parsed_batch_obj)) {
1566                        ret = PTR_ERR(parsed_batch_obj);
1567                        goto err;
1568                }
1569
1570                /*
1571                 * parsed_batch_obj == batch_obj means batch not fully parsed:
1572                 * Accept, but don't promote to secure.
1573                 */
1574
1575                if (parsed_batch_obj != batch_obj) {
1576                        /*
1577                         * Batch parsed and accepted:
1578                         *
1579                         * Set the DISPATCH_SECURE bit to remove the NON_SECURE
1580                         * bit from MI_BATCH_BUFFER_START commands issued in
1581                         * the dispatch_execbuffer implementations. We
1582                         * specifically don't want that set on batches the
1583                         * command parser has accepted.
1584                         */
1585                        dispatch_flags |= I915_DISPATCH_SECURE;
1586                        params->args_batch_start_offset = 0;
1587                        batch_obj = parsed_batch_obj;
1588                }
1589        }
1590
1591        batch_obj->base.pending_read_domains |= I915_GEM_DOMAIN_COMMAND;
1592
1593        /* snb/ivb/vlv conflate the "batch in ppgtt" bit with the "non-secure
1594         * batch" bit. Hence we need to pin secure batches into the global gtt.
1595         * hsw should have this fixed, but bdw mucks it up again. */
1596        if (dispatch_flags & I915_DISPATCH_SECURE) {
1597                /*
1598                 * So on first glance it looks freaky that we pin the batch here
1599                 * outside of the reservation loop. But:
1600                 * - The batch is already pinned into the relevant ppgtt, so we
1601                 *   already have the backing storage fully allocated.
1602                 * - No other BO uses the global gtt (well contexts, but meh),
1603                 *   so we don't really have issues with multiple objects not
1604                 *   fitting due to fragmentation.
1605                 * So this is actually safe.
1606                 */
1607                ret = i915_gem_obj_ggtt_pin(batch_obj, 0, 0);
1608                if (ret)
1609                        goto err;
1610
1611                params->batch_obj_vm_offset = i915_gem_obj_ggtt_offset(batch_obj);
1612        } else
1613                params->batch_obj_vm_offset = i915_gem_obj_offset(batch_obj, vm);
1614
1615        /* Allocate a request for this batch buffer nice and early. */
1616        req = i915_gem_request_alloc(engine, ctx);
1617        if (IS_ERR(req)) {
1618                ret = PTR_ERR(req);
1619                goto err_batch_unpin;
1620        }
1621
1622        ret = i915_gem_request_add_to_client(req, file);
1623        if (ret)
1624                goto err_request;
1625
1626        /*
1627         * Save assorted stuff away to pass through to *_submission().
1628         * NB: This data should be 'persistent' and not local as it will
1629         * kept around beyond the duration of the IOCTL once the GPU
1630         * scheduler arrives.
1631         */
1632        params->dev                     = dev;
1633        params->file                    = file;
1634        params->engine                    = engine;
1635        params->dispatch_flags          = dispatch_flags;
1636        params->batch_obj               = batch_obj;
1637        params->ctx                     = ctx;
1638        params->request                 = req;
1639
1640        ret = dev_priv->gt.execbuf_submit(params, args, &eb->vmas);
1641err_request:
1642        i915_gem_execbuffer_retire_commands(params);
1643
1644err_batch_unpin:
1645        /*
1646         * FIXME: We crucially rely upon the active tracking for the (ppgtt)
1647         * batch vma for correctness. For less ugly and less fragility this
1648         * needs to be adjusted to also track the ggtt batch vma properly as
1649         * active.
1650         */
1651        if (dispatch_flags & I915_DISPATCH_SECURE)
1652                i915_gem_object_ggtt_unpin(batch_obj);
1653
1654err:
1655        /* the request owns the ref now */
1656        i915_gem_context_unreference(ctx);
1657        eb_destroy(eb);
1658
1659        mutex_unlock(&dev->struct_mutex);
1660
1661pre_mutex_err:
1662        /* intel_gpu_busy should also get a ref, so it will free when the device
1663         * is really idle. */
1664        intel_runtime_pm_put(dev_priv);
1665        return ret;
1666}
1667
1668/*
1669 * Legacy execbuffer just creates an exec2 list from the original exec object
1670 * list array and passes it to the real function.
1671 */
1672int
1673i915_gem_execbuffer(struct drm_device *dev, void *data,
1674                    struct drm_file *file)
1675{
1676        struct drm_i915_gem_execbuffer *args = data;
1677        struct drm_i915_gem_execbuffer2 exec2;
1678        struct drm_i915_gem_exec_object *exec_list = NULL;
1679        struct drm_i915_gem_exec_object2 *exec2_list = NULL;
1680        int ret, i;
1681
1682        if (args->buffer_count < 1) {
1683                DRM_DEBUG("execbuf with %d buffers\n", args->buffer_count);
1684                return -EINVAL;
1685        }
1686
1687        /* Copy in the exec list from userland */
1688        exec_list = drm_malloc_ab(sizeof(*exec_list), args->buffer_count);
1689        exec2_list = drm_malloc_ab(sizeof(*exec2_list), args->buffer_count);
1690        if (exec_list == NULL || exec2_list == NULL) {
1691                DRM_DEBUG("Failed to allocate exec list for %d buffers\n",
1692                          args->buffer_count);
1693                drm_free_large(exec_list);
1694                drm_free_large(exec2_list);
1695                return -ENOMEM;
1696        }
1697        ret = copy_from_user(exec_list,
1698                             u64_to_user_ptr(args->buffers_ptr),
1699                             sizeof(*exec_list) * args->buffer_count);
1700        if (ret != 0) {
1701                DRM_DEBUG("copy %d exec entries failed %d\n",
1702                          args->buffer_count, ret);
1703                drm_free_large(exec_list);
1704                drm_free_large(exec2_list);
1705                return -EFAULT;
1706        }
1707
1708        for (i = 0; i < args->buffer_count; i++) {
1709                exec2_list[i].handle = exec_list[i].handle;
1710                exec2_list[i].relocation_count = exec_list[i].relocation_count;
1711                exec2_list[i].relocs_ptr = exec_list[i].relocs_ptr;
1712                exec2_list[i].alignment = exec_list[i].alignment;
1713                exec2_list[i].offset = exec_list[i].offset;
1714                if (INTEL_INFO(dev)->gen < 4)
1715                        exec2_list[i].flags = EXEC_OBJECT_NEEDS_FENCE;
1716                else
1717                        exec2_list[i].flags = 0;
1718        }
1719
1720        exec2.buffers_ptr = args->buffers_ptr;
1721        exec2.buffer_count = args->buffer_count;
1722        exec2.batch_start_offset = args->batch_start_offset;
1723        exec2.batch_len = args->batch_len;
1724        exec2.DR1 = args->DR1;
1725        exec2.DR4 = args->DR4;
1726        exec2.num_cliprects = args->num_cliprects;
1727        exec2.cliprects_ptr = args->cliprects_ptr;
1728        exec2.flags = I915_EXEC_RENDER;
1729        i915_execbuffer2_set_context_id(exec2, 0);
1730
1731        ret = i915_gem_do_execbuffer(dev, data, file, &exec2, exec2_list);
1732        if (!ret) {
1733                struct drm_i915_gem_exec_object __user *user_exec_list =
1734                        u64_to_user_ptr(args->buffers_ptr);
1735
1736                /* Copy the new buffer offsets back to the user's exec list. */
1737                for (i = 0; i < args->buffer_count; i++) {
1738                        exec2_list[i].offset =
1739                                gen8_canonical_addr(exec2_list[i].offset);
1740                        ret = __copy_to_user(&user_exec_list[i].offset,
1741                                             &exec2_list[i].offset,
1742                                             sizeof(user_exec_list[i].offset));
1743                        if (ret) {
1744                                ret = -EFAULT;
1745                                DRM_DEBUG("failed to copy %d exec entries "
1746                                          "back to user (%d)\n",
1747                                          args->buffer_count, ret);
1748                                break;
1749                        }
1750                }
1751        }
1752
1753        drm_free_large(exec_list);
1754        drm_free_large(exec2_list);
1755        return ret;
1756}
1757
1758int
1759i915_gem_execbuffer2(struct drm_device *dev, void *data,
1760                     struct drm_file *file)
1761{
1762        struct drm_i915_gem_execbuffer2 *args = data;
1763        struct drm_i915_gem_exec_object2 *exec2_list = NULL;
1764        int ret;
1765
1766        if (args->buffer_count < 1 ||
1767            args->buffer_count > UINT_MAX / sizeof(*exec2_list)) {
1768                DRM_DEBUG("execbuf2 with %d buffers\n", args->buffer_count);
1769                return -EINVAL;
1770        }
1771
1772        if (args->rsvd2 != 0) {
1773                DRM_DEBUG("dirty rvsd2 field\n");
1774                return -EINVAL;
1775        }
1776
1777        exec2_list = drm_malloc_gfp(args->buffer_count,
1778                                    sizeof(*exec2_list),
1779                                    GFP_TEMPORARY);
1780        if (exec2_list == NULL) {
1781                DRM_DEBUG("Failed to allocate exec list for %d buffers\n",
1782                          args->buffer_count);
1783                return -ENOMEM;
1784        }
1785        ret = copy_from_user(exec2_list,
1786                             u64_to_user_ptr(args->buffers_ptr),
1787                             sizeof(*exec2_list) * args->buffer_count);
1788        if (ret != 0) {
1789                DRM_DEBUG("copy %d exec entries failed %d\n",
1790                          args->buffer_count, ret);
1791                drm_free_large(exec2_list);
1792                return -EFAULT;
1793        }
1794
1795        ret = i915_gem_do_execbuffer(dev, data, file, args, exec2_list);
1796        if (!ret) {
1797                /* Copy the new buffer offsets back to the user's exec list. */
1798                struct drm_i915_gem_exec_object2 __user *user_exec_list =
1799                                   u64_to_user_ptr(args->buffers_ptr);
1800                int i;
1801
1802                for (i = 0; i < args->buffer_count; i++) {
1803                        exec2_list[i].offset =
1804                                gen8_canonical_addr(exec2_list[i].offset);
1805                        ret = __copy_to_user(&user_exec_list[i].offset,
1806                                             &exec2_list[i].offset,
1807                                             sizeof(user_exec_list[i].offset));
1808                        if (ret) {
1809                                ret = -EFAULT;
1810                                DRM_DEBUG("failed to copy %d exec entries "
1811                                          "back to user\n",
1812                                          args->buffer_count);
1813                                break;
1814                        }
1815                }
1816        }
1817
1818        drm_free_large(exec2_list);
1819        return ret;
1820}
1821