1
2
3
4
5
6
7#include <linux/intel-iommu.h>
8#include <linux/dma-resv.h>
9#include <linux/sync_file.h>
10#include <linux/uaccess.h>
11
12#include <drm/drm_syncobj.h>
13
14#include "display/intel_frontbuffer.h"
15
16#include "gem/i915_gem_ioctls.h"
17#include "gt/intel_context.h"
18#include "gt/intel_engine_pool.h"
19#include "gt/intel_gt.h"
20#include "gt/intel_gt_pm.h"
21#include "gt/intel_ring.h"
22
23#include "i915_drv.h"
24#include "i915_gem_clflush.h"
25#include "i915_gem_context.h"
26#include "i915_gem_ioctls.h"
27#include "i915_sw_fence_work.h"
28#include "i915_trace.h"
29
30struct eb_vma {
31 struct i915_vma *vma;
32 unsigned int flags;
33
34
35 struct drm_i915_gem_exec_object2 *exec;
36 struct list_head bind_link;
37 struct list_head reloc_link;
38
39 struct hlist_node node;
40 u32 handle;
41};
42
43enum {
44 FORCE_CPU_RELOC = 1,
45 FORCE_GTT_RELOC,
46 FORCE_GPU_RELOC,
47#define DBG_FORCE_RELOC 0
48};
49
50#define __EXEC_OBJECT_HAS_PIN BIT(31)
51#define __EXEC_OBJECT_HAS_FENCE BIT(30)
52#define __EXEC_OBJECT_NEEDS_MAP BIT(29)
53#define __EXEC_OBJECT_NEEDS_BIAS BIT(28)
54#define __EXEC_OBJECT_INTERNAL_FLAGS (~0u << 28)
55#define __EXEC_OBJECT_RESERVED (__EXEC_OBJECT_HAS_PIN | __EXEC_OBJECT_HAS_FENCE)
56
57#define __EXEC_HAS_RELOC BIT(31)
58#define __EXEC_INTERNAL_FLAGS (~0u << 31)
59#define UPDATE PIN_OFFSET_FIXED
60
61#define BATCH_OFFSET_BIAS (256*1024)
62
63#define __I915_EXEC_ILLEGAL_FLAGS \
64 (__I915_EXEC_UNKNOWN_FLAGS | \
65 I915_EXEC_CONSTANTS_MASK | \
66 I915_EXEC_RESOURCE_STREAMER)
67
68
69#if IS_ENABLED(CONFIG_DRM_I915_DEBUG_GEM)
70#undef EINVAL
71#define EINVAL ({ \
72 DRM_DEBUG_DRIVER("EINVAL at %s:%d\n", __func__, __LINE__); \
73 22; \
74})
75#endif
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228struct i915_execbuffer {
229 struct drm_i915_private *i915;
230 struct drm_file *file;
231 struct drm_i915_gem_execbuffer2 *args;
232 struct drm_i915_gem_exec_object2 *exec;
233 struct eb_vma *vma;
234
235 struct intel_engine_cs *engine;
236 struct intel_context *context;
237 struct i915_gem_context *gem_context;
238
239 struct i915_request *request;
240 struct eb_vma *batch;
241 struct i915_vma *trampoline;
242
243
244 unsigned int buffer_count;
245
246
247 struct list_head unbound;
248
249
250 struct list_head relocs;
251
252
253
254
255
256
257 struct reloc_cache {
258 struct drm_mm_node node;
259 unsigned long vaddr;
260 unsigned long page;
261 unsigned int gen;
262 bool use_64bit_reloc : 1;
263 bool has_llc : 1;
264 bool has_fence : 1;
265 bool needs_unfenced : 1;
266
267 struct i915_request *rq;
268 u32 *rq_cmd;
269 unsigned int rq_size;
270 } reloc_cache;
271
272 u64 invalid_flags;
273 u32 context_flags;
274
275 u32 batch_start_offset;
276 u32 batch_len;
277 u32 batch_flags;
278
279
280
281
282
283
284 int lut_size;
285 struct hlist_head *buckets;
286};
287
288static inline bool eb_use_cmdparser(const struct i915_execbuffer *eb)
289{
290 return intel_engine_requires_cmd_parser(eb->engine) ||
291 (intel_engine_using_cmd_parser(eb->engine) &&
292 eb->args->batch_len);
293}
294
295static int eb_create(struct i915_execbuffer *eb)
296{
297 if (!(eb->args->flags & I915_EXEC_HANDLE_LUT)) {
298 unsigned int size = 1 + ilog2(eb->buffer_count);
299
300
301
302
303
304
305
306
307
308
309
310
311 do {
312 gfp_t flags;
313
314
315
316
317
318
319
320 flags = GFP_KERNEL;
321 if (size > 1)
322 flags |= __GFP_NORETRY | __GFP_NOWARN;
323
324 eb->buckets = kzalloc(sizeof(struct hlist_head) << size,
325 flags);
326 if (eb->buckets)
327 break;
328 } while (--size);
329
330 if (unlikely(!size))
331 return -ENOMEM;
332
333 eb->lut_size = size;
334 } else {
335 eb->lut_size = -eb->buffer_count;
336 }
337
338 return 0;
339}
340
341static bool
342eb_vma_misplaced(const struct drm_i915_gem_exec_object2 *entry,
343 const struct i915_vma *vma,
344 unsigned int flags)
345{
346 if (vma->node.size < entry->pad_to_size)
347 return true;
348
349 if (entry->alignment && !IS_ALIGNED(vma->node.start, entry->alignment))
350 return true;
351
352 if (flags & EXEC_OBJECT_PINNED &&
353 vma->node.start != entry->offset)
354 return true;
355
356 if (flags & __EXEC_OBJECT_NEEDS_BIAS &&
357 vma->node.start < BATCH_OFFSET_BIAS)
358 return true;
359
360 if (!(flags & EXEC_OBJECT_SUPPORTS_48B_ADDRESS) &&
361 (vma->node.start + vma->node.size - 1) >> 32)
362 return true;
363
364 if (flags & __EXEC_OBJECT_NEEDS_MAP &&
365 !i915_vma_is_map_and_fenceable(vma))
366 return true;
367
368 return false;
369}
370
371static inline bool
372eb_pin_vma(struct i915_execbuffer *eb,
373 const struct drm_i915_gem_exec_object2 *entry,
374 struct eb_vma *ev)
375{
376 struct i915_vma *vma = ev->vma;
377 u64 pin_flags;
378
379 if (vma->node.size)
380 pin_flags = vma->node.start;
381 else
382 pin_flags = entry->offset & PIN_OFFSET_MASK;
383
384 pin_flags |= PIN_USER | PIN_NOEVICT | PIN_OFFSET_FIXED;
385 if (unlikely(ev->flags & EXEC_OBJECT_NEEDS_GTT))
386 pin_flags |= PIN_GLOBAL;
387
388 if (unlikely(i915_vma_pin(vma, 0, 0, pin_flags)))
389 return false;
390
391 if (unlikely(ev->flags & EXEC_OBJECT_NEEDS_FENCE)) {
392 if (unlikely(i915_vma_pin_fence(vma))) {
393 i915_vma_unpin(vma);
394 return false;
395 }
396
397 if (vma->fence)
398 ev->flags |= __EXEC_OBJECT_HAS_FENCE;
399 }
400
401 ev->flags |= __EXEC_OBJECT_HAS_PIN;
402 return !eb_vma_misplaced(entry, vma, ev->flags);
403}
404
405static inline void __eb_unreserve_vma(struct i915_vma *vma, unsigned int flags)
406{
407 GEM_BUG_ON(!(flags & __EXEC_OBJECT_HAS_PIN));
408
409 if (unlikely(flags & __EXEC_OBJECT_HAS_FENCE))
410 __i915_vma_unpin_fence(vma);
411
412 __i915_vma_unpin(vma);
413}
414
415static inline void
416eb_unreserve_vma(struct eb_vma *ev)
417{
418 if (!(ev->flags & __EXEC_OBJECT_HAS_PIN))
419 return;
420
421 __eb_unreserve_vma(ev->vma, ev->flags);
422 ev->flags &= ~__EXEC_OBJECT_RESERVED;
423}
424
425static int
426eb_validate_vma(struct i915_execbuffer *eb,
427 struct drm_i915_gem_exec_object2 *entry,
428 struct i915_vma *vma)
429{
430 if (unlikely(entry->flags & eb->invalid_flags))
431 return -EINVAL;
432
433 if (unlikely(entry->alignment &&
434 !is_power_of_2_u64(entry->alignment)))
435 return -EINVAL;
436
437
438
439
440
441 if (unlikely(entry->flags & EXEC_OBJECT_PINNED &&
442 entry->offset != gen8_canonical_addr(entry->offset & I915_GTT_PAGE_MASK)))
443 return -EINVAL;
444
445
446 if (entry->flags & EXEC_OBJECT_PAD_TO_SIZE) {
447 if (unlikely(offset_in_page(entry->pad_to_size)))
448 return -EINVAL;
449 } else {
450 entry->pad_to_size = 0;
451 }
452
453
454
455
456
457 entry->offset = gen8_noncanonical_addr(entry->offset);
458
459 if (!eb->reloc_cache.has_fence) {
460 entry->flags &= ~EXEC_OBJECT_NEEDS_FENCE;
461 } else {
462 if ((entry->flags & EXEC_OBJECT_NEEDS_FENCE ||
463 eb->reloc_cache.needs_unfenced) &&
464 i915_gem_object_is_tiled(vma->obj))
465 entry->flags |= EXEC_OBJECT_NEEDS_GTT | __EXEC_OBJECT_NEEDS_MAP;
466 }
467
468 if (!(entry->flags & EXEC_OBJECT_PINNED))
469 entry->flags |= eb->context_flags;
470
471 return 0;
472}
473
474static void
475eb_add_vma(struct i915_execbuffer *eb,
476 unsigned int i, unsigned batch_idx,
477 struct i915_vma *vma)
478{
479 struct drm_i915_gem_exec_object2 *entry = &eb->exec[i];
480 struct eb_vma *ev = &eb->vma[i];
481
482 GEM_BUG_ON(i915_vma_is_closed(vma));
483
484 ev->vma = i915_vma_get(vma);
485 ev->exec = entry;
486 ev->flags = entry->flags;
487
488 if (eb->lut_size > 0) {
489 ev->handle = entry->handle;
490 hlist_add_head(&ev->node,
491 &eb->buckets[hash_32(entry->handle,
492 eb->lut_size)]);
493 }
494
495 if (entry->relocation_count)
496 list_add_tail(&ev->reloc_link, &eb->relocs);
497
498
499
500
501
502
503
504
505
506
507 if (i == batch_idx) {
508 if (entry->relocation_count &&
509 !(ev->flags & EXEC_OBJECT_PINNED))
510 ev->flags |= __EXEC_OBJECT_NEEDS_BIAS;
511 if (eb->reloc_cache.has_fence)
512 ev->flags |= EXEC_OBJECT_NEEDS_FENCE;
513
514 eb->batch = ev;
515 }
516
517 if (eb_pin_vma(eb, entry, ev)) {
518 if (entry->offset != vma->node.start) {
519 entry->offset = vma->node.start | UPDATE;
520 eb->args->flags |= __EXEC_HAS_RELOC;
521 }
522 } else {
523 eb_unreserve_vma(ev);
524 list_add_tail(&ev->bind_link, &eb->unbound);
525 }
526}
527
528static inline int use_cpu_reloc(const struct reloc_cache *cache,
529 const struct drm_i915_gem_object *obj)
530{
531 if (!i915_gem_object_has_struct_page(obj))
532 return false;
533
534 if (DBG_FORCE_RELOC == FORCE_CPU_RELOC)
535 return true;
536
537 if (DBG_FORCE_RELOC == FORCE_GTT_RELOC)
538 return false;
539
540 return (cache->has_llc ||
541 obj->cache_dirty ||
542 obj->cache_level != I915_CACHE_NONE);
543}
544
545static int eb_reserve_vma(const struct i915_execbuffer *eb,
546 struct eb_vma *ev,
547 u64 pin_flags)
548{
549 struct drm_i915_gem_exec_object2 *entry = ev->exec;
550 unsigned int exec_flags = ev->flags;
551 struct i915_vma *vma = ev->vma;
552 int err;
553
554 if (exec_flags & EXEC_OBJECT_NEEDS_GTT)
555 pin_flags |= PIN_GLOBAL;
556
557
558
559
560
561 if (!(exec_flags & EXEC_OBJECT_SUPPORTS_48B_ADDRESS))
562 pin_flags |= PIN_ZONE_4G;
563
564 if (exec_flags & __EXEC_OBJECT_NEEDS_MAP)
565 pin_flags |= PIN_MAPPABLE;
566
567 if (exec_flags & EXEC_OBJECT_PINNED)
568 pin_flags |= entry->offset | PIN_OFFSET_FIXED;
569 else if (exec_flags & __EXEC_OBJECT_NEEDS_BIAS)
570 pin_flags |= BATCH_OFFSET_BIAS | PIN_OFFSET_BIAS;
571
572 if (drm_mm_node_allocated(&vma->node) &&
573 eb_vma_misplaced(entry, vma, ev->flags)) {
574 err = i915_vma_unbind(vma);
575 if (err)
576 return err;
577 }
578
579 err = i915_vma_pin(vma,
580 entry->pad_to_size, entry->alignment,
581 pin_flags);
582 if (err)
583 return err;
584
585 if (entry->offset != vma->node.start) {
586 entry->offset = vma->node.start | UPDATE;
587 eb->args->flags |= __EXEC_HAS_RELOC;
588 }
589
590 if (unlikely(exec_flags & EXEC_OBJECT_NEEDS_FENCE)) {
591 err = i915_vma_pin_fence(vma);
592 if (unlikely(err)) {
593 i915_vma_unpin(vma);
594 return err;
595 }
596
597 if (vma->fence)
598 exec_flags |= __EXEC_OBJECT_HAS_FENCE;
599 }
600
601 ev->flags = exec_flags | __EXEC_OBJECT_HAS_PIN;
602 GEM_BUG_ON(eb_vma_misplaced(entry, vma, ev->flags));
603
604 return 0;
605}
606
607static int eb_reserve(struct i915_execbuffer *eb)
608{
609 const unsigned int count = eb->buffer_count;
610 unsigned int pin_flags = PIN_USER | PIN_NONBLOCK;
611 struct list_head last;
612 struct eb_vma *ev;
613 unsigned int i, pass;
614 int err = 0;
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630 if (mutex_lock_interruptible(&eb->i915->drm.struct_mutex))
631 return -EINTR;
632
633 pass = 0;
634 do {
635 list_for_each_entry(ev, &eb->unbound, bind_link) {
636 err = eb_reserve_vma(eb, ev, pin_flags);
637 if (err)
638 break;
639 }
640 if (!(err == -ENOSPC || err == -EAGAIN))
641 break;
642
643
644 INIT_LIST_HEAD(&eb->unbound);
645 INIT_LIST_HEAD(&last);
646 for (i = 0; i < count; i++) {
647 unsigned int flags;
648
649 ev = &eb->vma[i];
650 flags = ev->flags;
651 if (flags & EXEC_OBJECT_PINNED &&
652 flags & __EXEC_OBJECT_HAS_PIN)
653 continue;
654
655 eb_unreserve_vma(ev);
656
657 if (flags & EXEC_OBJECT_PINNED)
658
659 list_add(&ev->bind_link, &eb->unbound);
660 else if (flags & __EXEC_OBJECT_NEEDS_MAP)
661
662 list_add_tail(&ev->bind_link, &eb->unbound);
663 else if (!(flags & EXEC_OBJECT_SUPPORTS_48B_ADDRESS))
664
665 list_add(&ev->bind_link, &last);
666 else
667 list_add_tail(&ev->bind_link, &last);
668 }
669 list_splice_tail(&last, &eb->unbound);
670
671 if (err == -EAGAIN) {
672 mutex_unlock(&eb->i915->drm.struct_mutex);
673 flush_workqueue(eb->i915->mm.userptr_wq);
674 mutex_lock(&eb->i915->drm.struct_mutex);
675 continue;
676 }
677
678 switch (pass++) {
679 case 0:
680 break;
681
682 case 1:
683
684 mutex_lock(&eb->context->vm->mutex);
685 err = i915_gem_evict_vm(eb->context->vm);
686 mutex_unlock(&eb->context->vm->mutex);
687 if (err)
688 goto unlock;
689 break;
690
691 default:
692 err = -ENOSPC;
693 goto unlock;
694 }
695
696 pin_flags = PIN_USER;
697 } while (1);
698
699unlock:
700 mutex_unlock(&eb->i915->drm.struct_mutex);
701 return err;
702}
703
704static unsigned int eb_batch_index(const struct i915_execbuffer *eb)
705{
706 if (eb->args->flags & I915_EXEC_BATCH_FIRST)
707 return 0;
708 else
709 return eb->buffer_count - 1;
710}
711
712static int eb_select_context(struct i915_execbuffer *eb)
713{
714 struct i915_gem_context *ctx;
715
716 ctx = i915_gem_context_lookup(eb->file->driver_priv, eb->args->rsvd1);
717 if (unlikely(!ctx))
718 return -ENOENT;
719
720 eb->gem_context = ctx;
721 if (rcu_access_pointer(ctx->vm))
722 eb->invalid_flags |= EXEC_OBJECT_NEEDS_GTT;
723
724 eb->context_flags = 0;
725 if (test_bit(UCONTEXT_NO_ZEROMAP, &ctx->user_flags))
726 eb->context_flags |= __EXEC_OBJECT_NEEDS_BIAS;
727
728 return 0;
729}
730
731static int eb_lookup_vmas(struct i915_execbuffer *eb)
732{
733 struct radix_tree_root *handles_vma = &eb->gem_context->handles_vma;
734 struct drm_i915_gem_object *obj;
735 unsigned int i, batch;
736 int err;
737
738 if (unlikely(i915_gem_context_is_closed(eb->gem_context)))
739 return -ENOENT;
740
741 INIT_LIST_HEAD(&eb->relocs);
742 INIT_LIST_HEAD(&eb->unbound);
743
744 batch = eb_batch_index(eb);
745
746 for (i = 0; i < eb->buffer_count; i++) {
747 u32 handle = eb->exec[i].handle;
748 struct i915_lut_handle *lut;
749 struct i915_vma *vma;
750
751 vma = radix_tree_lookup(handles_vma, handle);
752 if (likely(vma))
753 goto add_vma;
754
755 obj = i915_gem_object_lookup(eb->file, handle);
756 if (unlikely(!obj)) {
757 err = -ENOENT;
758 goto err_vma;
759 }
760
761 vma = i915_vma_instance(obj, eb->context->vm, NULL);
762 if (IS_ERR(vma)) {
763 err = PTR_ERR(vma);
764 goto err_obj;
765 }
766
767 lut = i915_lut_handle_alloc();
768 if (unlikely(!lut)) {
769 err = -ENOMEM;
770 goto err_obj;
771 }
772
773 err = radix_tree_insert(handles_vma, handle, vma);
774 if (unlikely(err)) {
775 i915_lut_handle_free(lut);
776 goto err_obj;
777 }
778
779
780 if (!atomic_fetch_inc(&vma->open_count))
781 i915_vma_reopen(vma);
782 lut->handle = handle;
783 lut->ctx = eb->gem_context;
784
785 i915_gem_object_lock(obj);
786 list_add(&lut->obj_link, &obj->lut_list);
787 i915_gem_object_unlock(obj);
788
789add_vma:
790 err = eb_validate_vma(eb, &eb->exec[i], vma);
791 if (unlikely(err))
792 goto err_vma;
793
794 eb_add_vma(eb, i, batch, vma);
795 }
796
797 return 0;
798
799err_obj:
800 i915_gem_object_put(obj);
801err_vma:
802 eb->vma[i].vma = NULL;
803 return err;
804}
805
806static struct eb_vma *
807eb_get_vma(const struct i915_execbuffer *eb, unsigned long handle)
808{
809 if (eb->lut_size < 0) {
810 if (handle >= -eb->lut_size)
811 return NULL;
812 return &eb->vma[handle];
813 } else {
814 struct hlist_head *head;
815 struct eb_vma *ev;
816
817 head = &eb->buckets[hash_32(handle, eb->lut_size)];
818 hlist_for_each_entry(ev, head, node) {
819 if (ev->handle == handle)
820 return ev;
821 }
822 return NULL;
823 }
824}
825
826static void eb_release_vmas(const struct i915_execbuffer *eb)
827{
828 const unsigned int count = eb->buffer_count;
829 unsigned int i;
830
831 for (i = 0; i < count; i++) {
832 struct eb_vma *ev = &eb->vma[i];
833 struct i915_vma *vma = ev->vma;
834
835 if (!vma)
836 break;
837
838 eb->vma[i].vma = NULL;
839
840 if (ev->flags & __EXEC_OBJECT_HAS_PIN)
841 __eb_unreserve_vma(vma, ev->flags);
842
843 i915_vma_put(vma);
844 }
845}
846
847static void eb_destroy(const struct i915_execbuffer *eb)
848{
849 GEM_BUG_ON(eb->reloc_cache.rq);
850
851 if (eb->lut_size > 0)
852 kfree(eb->buckets);
853}
854
855static inline u64
856relocation_target(const struct drm_i915_gem_relocation_entry *reloc,
857 const struct i915_vma *target)
858{
859 return gen8_canonical_addr((int)reloc->delta + target->node.start);
860}
861
862static void reloc_cache_init(struct reloc_cache *cache,
863 struct drm_i915_private *i915)
864{
865 cache->page = -1;
866 cache->vaddr = 0;
867
868 cache->gen = INTEL_GEN(i915);
869 cache->has_llc = HAS_LLC(i915);
870 cache->use_64bit_reloc = HAS_64BIT_RELOC(i915);
871 cache->has_fence = cache->gen < 4;
872 cache->needs_unfenced = INTEL_INFO(i915)->unfenced_needs_alignment;
873 cache->node.flags = 0;
874 cache->rq = NULL;
875 cache->rq_size = 0;
876}
877
878static inline void *unmask_page(unsigned long p)
879{
880 return (void *)(uintptr_t)(p & PAGE_MASK);
881}
882
883static inline unsigned int unmask_flags(unsigned long p)
884{
885 return p & ~PAGE_MASK;
886}
887
888#define KMAP 0x4
889
890static inline struct i915_ggtt *cache_to_ggtt(struct reloc_cache *cache)
891{
892 struct drm_i915_private *i915 =
893 container_of(cache, struct i915_execbuffer, reloc_cache)->i915;
894 return &i915->ggtt;
895}
896
897static void reloc_gpu_flush(struct reloc_cache *cache)
898{
899 struct drm_i915_gem_object *obj = cache->rq->batch->obj;
900
901 GEM_BUG_ON(cache->rq_size >= obj->base.size / sizeof(u32));
902 cache->rq_cmd[cache->rq_size] = MI_BATCH_BUFFER_END;
903
904 __i915_gem_object_flush_map(obj, 0, sizeof(u32) * (cache->rq_size + 1));
905 i915_gem_object_unpin_map(obj);
906
907 intel_gt_chipset_flush(cache->rq->engine->gt);
908
909 i915_request_add(cache->rq);
910 cache->rq = NULL;
911}
912
913static void reloc_cache_reset(struct reloc_cache *cache)
914{
915 void *vaddr;
916
917 if (cache->rq)
918 reloc_gpu_flush(cache);
919
920 if (!cache->vaddr)
921 return;
922
923 vaddr = unmask_page(cache->vaddr);
924 if (cache->vaddr & KMAP) {
925 if (cache->vaddr & CLFLUSH_AFTER)
926 mb();
927
928 kunmap_atomic(vaddr);
929 i915_gem_object_finish_access((struct drm_i915_gem_object *)cache->node.mm);
930 } else {
931 struct i915_ggtt *ggtt = cache_to_ggtt(cache);
932
933 intel_gt_flush_ggtt_writes(ggtt->vm.gt);
934 io_mapping_unmap_atomic((void __iomem *)vaddr);
935
936 if (drm_mm_node_allocated(&cache->node)) {
937 ggtt->vm.clear_range(&ggtt->vm,
938 cache->node.start,
939 cache->node.size);
940 mutex_lock(&ggtt->vm.mutex);
941 drm_mm_remove_node(&cache->node);
942 mutex_unlock(&ggtt->vm.mutex);
943 } else {
944 i915_vma_unpin((struct i915_vma *)cache->node.mm);
945 }
946 }
947
948 cache->vaddr = 0;
949 cache->page = -1;
950}
951
952static void *reloc_kmap(struct drm_i915_gem_object *obj,
953 struct reloc_cache *cache,
954 unsigned long page)
955{
956 void *vaddr;
957
958 if (cache->vaddr) {
959 kunmap_atomic(unmask_page(cache->vaddr));
960 } else {
961 unsigned int flushes;
962 int err;
963
964 err = i915_gem_object_prepare_write(obj, &flushes);
965 if (err)
966 return ERR_PTR(err);
967
968 BUILD_BUG_ON(KMAP & CLFLUSH_FLAGS);
969 BUILD_BUG_ON((KMAP | CLFLUSH_FLAGS) & PAGE_MASK);
970
971 cache->vaddr = flushes | KMAP;
972 cache->node.mm = (void *)obj;
973 if (flushes)
974 mb();
975 }
976
977 vaddr = kmap_atomic(i915_gem_object_get_dirty_page(obj, page));
978 cache->vaddr = unmask_flags(cache->vaddr) | (unsigned long)vaddr;
979 cache->page = page;
980
981 return vaddr;
982}
983
984static void *reloc_iomap(struct drm_i915_gem_object *obj,
985 struct reloc_cache *cache,
986 unsigned long page)
987{
988 struct i915_ggtt *ggtt = cache_to_ggtt(cache);
989 unsigned long offset;
990 void *vaddr;
991
992 if (cache->vaddr) {
993 intel_gt_flush_ggtt_writes(ggtt->vm.gt);
994 io_mapping_unmap_atomic((void __force __iomem *) unmask_page(cache->vaddr));
995 } else {
996 struct i915_vma *vma;
997 int err;
998
999 if (i915_gem_object_is_tiled(obj))
1000 return ERR_PTR(-EINVAL);
1001
1002 if (use_cpu_reloc(cache, obj))
1003 return NULL;
1004
1005 i915_gem_object_lock(obj);
1006 err = i915_gem_object_set_to_gtt_domain(obj, true);
1007 i915_gem_object_unlock(obj);
1008 if (err)
1009 return ERR_PTR(err);
1010
1011 vma = i915_gem_object_ggtt_pin(obj, NULL, 0, 0,
1012 PIN_MAPPABLE |
1013 PIN_NONBLOCK |
1014 PIN_NOEVICT);
1015 if (IS_ERR(vma)) {
1016 memset(&cache->node, 0, sizeof(cache->node));
1017 mutex_lock(&ggtt->vm.mutex);
1018 err = drm_mm_insert_node_in_range
1019 (&ggtt->vm.mm, &cache->node,
1020 PAGE_SIZE, 0, I915_COLOR_UNEVICTABLE,
1021 0, ggtt->mappable_end,
1022 DRM_MM_INSERT_LOW);
1023 mutex_unlock(&ggtt->vm.mutex);
1024 if (err)
1025 return NULL;
1026 } else {
1027 cache->node.start = vma->node.start;
1028 cache->node.mm = (void *)vma;
1029 }
1030 }
1031
1032 offset = cache->node.start;
1033 if (drm_mm_node_allocated(&cache->node)) {
1034 ggtt->vm.insert_page(&ggtt->vm,
1035 i915_gem_object_get_dma_address(obj, page),
1036 offset, I915_CACHE_NONE, 0);
1037 } else {
1038 offset += page << PAGE_SHIFT;
1039 }
1040
1041 vaddr = (void __force *)io_mapping_map_atomic_wc(&ggtt->iomap,
1042 offset);
1043 cache->page = page;
1044 cache->vaddr = (unsigned long)vaddr;
1045
1046 return vaddr;
1047}
1048
1049static void *reloc_vaddr(struct drm_i915_gem_object *obj,
1050 struct reloc_cache *cache,
1051 unsigned long page)
1052{
1053 void *vaddr;
1054
1055 if (cache->page == page) {
1056 vaddr = unmask_page(cache->vaddr);
1057 } else {
1058 vaddr = NULL;
1059 if ((cache->vaddr & KMAP) == 0)
1060 vaddr = reloc_iomap(obj, cache, page);
1061 if (!vaddr)
1062 vaddr = reloc_kmap(obj, cache, page);
1063 }
1064
1065 return vaddr;
1066}
1067
1068static void clflush_write32(u32 *addr, u32 value, unsigned int flushes)
1069{
1070 if (unlikely(flushes & (CLFLUSH_BEFORE | CLFLUSH_AFTER))) {
1071 if (flushes & CLFLUSH_BEFORE) {
1072 clflushopt(addr);
1073 mb();
1074 }
1075
1076 *addr = value;
1077
1078
1079
1080
1081
1082
1083
1084
1085 if (flushes & CLFLUSH_AFTER)
1086 clflushopt(addr);
1087 } else
1088 *addr = value;
1089}
1090
1091static int reloc_move_to_gpu(struct i915_request *rq, struct i915_vma *vma)
1092{
1093 struct drm_i915_gem_object *obj = vma->obj;
1094 int err;
1095
1096 i915_vma_lock(vma);
1097
1098 if (obj->cache_dirty & ~obj->cache_coherent)
1099 i915_gem_clflush_object(obj, 0);
1100 obj->write_domain = 0;
1101
1102 err = i915_request_await_object(rq, vma->obj, true);
1103 if (err == 0)
1104 err = i915_vma_move_to_active(vma, rq, EXEC_OBJECT_WRITE);
1105
1106 i915_vma_unlock(vma);
1107
1108 return err;
1109}
1110
1111static int __reloc_gpu_alloc(struct i915_execbuffer *eb,
1112 struct i915_vma *vma,
1113 unsigned int len)
1114{
1115 struct reloc_cache *cache = &eb->reloc_cache;
1116 struct intel_engine_pool_node *pool;
1117 struct i915_request *rq;
1118 struct i915_vma *batch;
1119 u32 *cmd;
1120 int err;
1121
1122 pool = intel_engine_get_pool(eb->engine, PAGE_SIZE);
1123 if (IS_ERR(pool))
1124 return PTR_ERR(pool);
1125
1126 cmd = i915_gem_object_pin_map(pool->obj,
1127 cache->has_llc ?
1128 I915_MAP_FORCE_WB :
1129 I915_MAP_FORCE_WC);
1130 if (IS_ERR(cmd)) {
1131 err = PTR_ERR(cmd);
1132 goto out_pool;
1133 }
1134
1135 batch = i915_vma_instance(pool->obj, vma->vm, NULL);
1136 if (IS_ERR(batch)) {
1137 err = PTR_ERR(batch);
1138 goto err_unmap;
1139 }
1140
1141 err = i915_vma_pin(batch, 0, 0, PIN_USER | PIN_NONBLOCK);
1142 if (err)
1143 goto err_unmap;
1144
1145 rq = i915_request_create(eb->context);
1146 if (IS_ERR(rq)) {
1147 err = PTR_ERR(rq);
1148 goto err_unpin;
1149 }
1150
1151 err = intel_engine_pool_mark_active(pool, rq);
1152 if (err)
1153 goto err_request;
1154
1155 err = reloc_move_to_gpu(rq, vma);
1156 if (err)
1157 goto err_request;
1158
1159 err = eb->engine->emit_bb_start(rq,
1160 batch->node.start, PAGE_SIZE,
1161 cache->gen > 5 ? 0 : I915_DISPATCH_SECURE);
1162 if (err)
1163 goto skip_request;
1164
1165 i915_vma_lock(batch);
1166 err = i915_request_await_object(rq, batch->obj, false);
1167 if (err == 0)
1168 err = i915_vma_move_to_active(batch, rq, 0);
1169 i915_vma_unlock(batch);
1170 if (err)
1171 goto skip_request;
1172
1173 rq->batch = batch;
1174 i915_vma_unpin(batch);
1175
1176 cache->rq = rq;
1177 cache->rq_cmd = cmd;
1178 cache->rq_size = 0;
1179
1180
1181 goto out_pool;
1182
1183skip_request:
1184 i915_request_set_error_once(rq, err);
1185err_request:
1186 i915_request_add(rq);
1187err_unpin:
1188 i915_vma_unpin(batch);
1189err_unmap:
1190 i915_gem_object_unpin_map(pool->obj);
1191out_pool:
1192 intel_engine_pool_put(pool);
1193 return err;
1194}
1195
1196static u32 *reloc_gpu(struct i915_execbuffer *eb,
1197 struct i915_vma *vma,
1198 unsigned int len)
1199{
1200 struct reloc_cache *cache = &eb->reloc_cache;
1201 u32 *cmd;
1202
1203 if (cache->rq_size > PAGE_SIZE/sizeof(u32) - (len + 1))
1204 reloc_gpu_flush(cache);
1205
1206 if (unlikely(!cache->rq)) {
1207 int err;
1208
1209 if (!intel_engine_can_store_dword(eb->engine))
1210 return ERR_PTR(-ENODEV);
1211
1212 err = __reloc_gpu_alloc(eb, vma, len);
1213 if (unlikely(err))
1214 return ERR_PTR(err);
1215 }
1216
1217 cmd = cache->rq_cmd + cache->rq_size;
1218 cache->rq_size += len;
1219
1220 return cmd;
1221}
1222
1223static u64
1224relocate_entry(struct i915_vma *vma,
1225 const struct drm_i915_gem_relocation_entry *reloc,
1226 struct i915_execbuffer *eb,
1227 const struct i915_vma *target)
1228{
1229 u64 offset = reloc->offset;
1230 u64 target_offset = relocation_target(reloc, target);
1231 bool wide = eb->reloc_cache.use_64bit_reloc;
1232 void *vaddr;
1233
1234 if (!eb->reloc_cache.vaddr &&
1235 (DBG_FORCE_RELOC == FORCE_GPU_RELOC ||
1236 !dma_resv_test_signaled_rcu(vma->resv, true))) {
1237 const unsigned int gen = eb->reloc_cache.gen;
1238 unsigned int len;
1239 u32 *batch;
1240 u64 addr;
1241
1242 if (wide)
1243 len = offset & 7 ? 8 : 5;
1244 else if (gen >= 4)
1245 len = 4;
1246 else
1247 len = 3;
1248
1249 batch = reloc_gpu(eb, vma, len);
1250 if (IS_ERR(batch))
1251 goto repeat;
1252
1253 addr = gen8_canonical_addr(vma->node.start + offset);
1254 if (wide) {
1255 if (offset & 7) {
1256 *batch++ = MI_STORE_DWORD_IMM_GEN4;
1257 *batch++ = lower_32_bits(addr);
1258 *batch++ = upper_32_bits(addr);
1259 *batch++ = lower_32_bits(target_offset);
1260
1261 addr = gen8_canonical_addr(addr + 4);
1262
1263 *batch++ = MI_STORE_DWORD_IMM_GEN4;
1264 *batch++ = lower_32_bits(addr);
1265 *batch++ = upper_32_bits(addr);
1266 *batch++ = upper_32_bits(target_offset);
1267 } else {
1268 *batch++ = (MI_STORE_DWORD_IMM_GEN4 | (1 << 21)) + 1;
1269 *batch++ = lower_32_bits(addr);
1270 *batch++ = upper_32_bits(addr);
1271 *batch++ = lower_32_bits(target_offset);
1272 *batch++ = upper_32_bits(target_offset);
1273 }
1274 } else if (gen >= 6) {
1275 *batch++ = MI_STORE_DWORD_IMM_GEN4;
1276 *batch++ = 0;
1277 *batch++ = addr;
1278 *batch++ = target_offset;
1279 } else if (gen >= 4) {
1280 *batch++ = MI_STORE_DWORD_IMM_GEN4 | MI_USE_GGTT;
1281 *batch++ = 0;
1282 *batch++ = addr;
1283 *batch++ = target_offset;
1284 } else {
1285 *batch++ = MI_STORE_DWORD_IMM | MI_MEM_VIRTUAL;
1286 *batch++ = addr;
1287 *batch++ = target_offset;
1288 }
1289
1290 goto out;
1291 }
1292
1293repeat:
1294 vaddr = reloc_vaddr(vma->obj, &eb->reloc_cache, offset >> PAGE_SHIFT);
1295 if (IS_ERR(vaddr))
1296 return PTR_ERR(vaddr);
1297
1298 clflush_write32(vaddr + offset_in_page(offset),
1299 lower_32_bits(target_offset),
1300 eb->reloc_cache.vaddr);
1301
1302 if (wide) {
1303 offset += sizeof(u32);
1304 target_offset >>= 32;
1305 wide = false;
1306 goto repeat;
1307 }
1308
1309out:
1310 return target->node.start | UPDATE;
1311}
1312
1313static u64
1314eb_relocate_entry(struct i915_execbuffer *eb,
1315 struct eb_vma *ev,
1316 const struct drm_i915_gem_relocation_entry *reloc)
1317{
1318 struct drm_i915_private *i915 = eb->i915;
1319 struct eb_vma *target;
1320 int err;
1321
1322
1323 target = eb_get_vma(eb, reloc->target_handle);
1324 if (unlikely(!target))
1325 return -ENOENT;
1326
1327
1328 if (unlikely(reloc->write_domain & (reloc->write_domain - 1))) {
1329 drm_dbg(&i915->drm, "reloc with multiple write domains: "
1330 "target %d offset %d "
1331 "read %08x write %08x",
1332 reloc->target_handle,
1333 (int) reloc->offset,
1334 reloc->read_domains,
1335 reloc->write_domain);
1336 return -EINVAL;
1337 }
1338 if (unlikely((reloc->write_domain | reloc->read_domains)
1339 & ~I915_GEM_GPU_DOMAINS)) {
1340 drm_dbg(&i915->drm, "reloc with read/write non-GPU domains: "
1341 "target %d offset %d "
1342 "read %08x write %08x",
1343 reloc->target_handle,
1344 (int) reloc->offset,
1345 reloc->read_domains,
1346 reloc->write_domain);
1347 return -EINVAL;
1348 }
1349
1350 if (reloc->write_domain) {
1351 target->flags |= EXEC_OBJECT_WRITE;
1352
1353
1354
1355
1356
1357
1358
1359 if (reloc->write_domain == I915_GEM_DOMAIN_INSTRUCTION &&
1360 IS_GEN(eb->i915, 6)) {
1361 err = i915_vma_bind(target->vma,
1362 target->vma->obj->cache_level,
1363 PIN_GLOBAL, NULL);
1364 if (WARN_ONCE(err,
1365 "Unexpected failure to bind target VMA!"))
1366 return err;
1367 }
1368 }
1369
1370
1371
1372
1373
1374 if (!DBG_FORCE_RELOC &&
1375 gen8_canonical_addr(target->vma->node.start) == reloc->presumed_offset)
1376 return 0;
1377
1378
1379 if (unlikely(reloc->offset >
1380 ev->vma->size - (eb->reloc_cache.use_64bit_reloc ? 8 : 4))) {
1381 drm_dbg(&i915->drm, "Relocation beyond object bounds: "
1382 "target %d offset %d size %d.\n",
1383 reloc->target_handle,
1384 (int)reloc->offset,
1385 (int)ev->vma->size);
1386 return -EINVAL;
1387 }
1388 if (unlikely(reloc->offset & 3)) {
1389 drm_dbg(&i915->drm, "Relocation not 4-byte aligned: "
1390 "target %d offset %d.\n",
1391 reloc->target_handle,
1392 (int)reloc->offset);
1393 return -EINVAL;
1394 }
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404 ev->flags &= ~EXEC_OBJECT_ASYNC;
1405
1406
1407 return relocate_entry(ev->vma, reloc, eb, target->vma);
1408}
1409
1410static int eb_relocate_vma(struct i915_execbuffer *eb, struct eb_vma *ev)
1411{
1412#define N_RELOC(x) ((x) / sizeof(struct drm_i915_gem_relocation_entry))
1413 struct drm_i915_gem_relocation_entry stack[N_RELOC(512)];
1414 struct drm_i915_gem_relocation_entry __user *urelocs;
1415 const struct drm_i915_gem_exec_object2 *entry = ev->exec;
1416 unsigned int remain;
1417
1418 urelocs = u64_to_user_ptr(entry->relocs_ptr);
1419 remain = entry->relocation_count;
1420 if (unlikely(remain > N_RELOC(ULONG_MAX)))
1421 return -EINVAL;
1422
1423
1424
1425
1426
1427
1428 if (unlikely(!access_ok(urelocs, remain*sizeof(*urelocs))))
1429 return -EFAULT;
1430
1431 do {
1432 struct drm_i915_gem_relocation_entry *r = stack;
1433 unsigned int count =
1434 min_t(unsigned int, remain, ARRAY_SIZE(stack));
1435 unsigned int copied;
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445 copied = __copy_from_user(r, urelocs, count * sizeof(r[0]));
1446 if (unlikely(copied)) {
1447 remain = -EFAULT;
1448 goto out;
1449 }
1450
1451 remain -= count;
1452 do {
1453 u64 offset = eb_relocate_entry(eb, ev, r);
1454
1455 if (likely(offset == 0)) {
1456 } else if ((s64)offset < 0) {
1457 remain = (int)offset;
1458 goto out;
1459 } else {
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481 offset = gen8_canonical_addr(offset & ~UPDATE);
1482 __put_user(offset,
1483 &urelocs[r - stack].presumed_offset);
1484 }
1485 } while (r++, --count);
1486 urelocs += ARRAY_SIZE(stack);
1487 } while (remain);
1488out:
1489 reloc_cache_reset(&eb->reloc_cache);
1490 return remain;
1491}
1492
1493static int eb_relocate(struct i915_execbuffer *eb)
1494{
1495 int err;
1496
1497 mutex_lock(&eb->gem_context->mutex);
1498 err = eb_lookup_vmas(eb);
1499 mutex_unlock(&eb->gem_context->mutex);
1500 if (err)
1501 return err;
1502
1503 if (!list_empty(&eb->unbound)) {
1504 err = eb_reserve(eb);
1505 if (err)
1506 return err;
1507 }
1508
1509
1510 if (eb->args->flags & __EXEC_HAS_RELOC) {
1511 struct eb_vma *ev;
1512
1513 list_for_each_entry(ev, &eb->relocs, reloc_link) {
1514 err = eb_relocate_vma(eb, ev);
1515 if (err)
1516 return err;
1517 }
1518 }
1519
1520 return 0;
1521}
1522
1523static int eb_move_to_gpu(struct i915_execbuffer *eb)
1524{
1525 const unsigned int count = eb->buffer_count;
1526 struct ww_acquire_ctx acquire;
1527 unsigned int i;
1528 int err = 0;
1529
1530 ww_acquire_init(&acquire, &reservation_ww_class);
1531
1532 for (i = 0; i < count; i++) {
1533 struct eb_vma *ev = &eb->vma[i];
1534 struct i915_vma *vma = ev->vma;
1535
1536 err = ww_mutex_lock_interruptible(&vma->resv->lock, &acquire);
1537 if (err == -EDEADLK) {
1538 GEM_BUG_ON(i == 0);
1539 do {
1540 int j = i - 1;
1541
1542 ww_mutex_unlock(&eb->vma[j].vma->resv->lock);
1543
1544 swap(eb->vma[i], eb->vma[j]);
1545 } while (--i);
1546
1547 err = ww_mutex_lock_slow_interruptible(&vma->resv->lock,
1548 &acquire);
1549 }
1550 if (err)
1551 break;
1552 }
1553 ww_acquire_done(&acquire);
1554
1555 while (i--) {
1556 struct eb_vma *ev = &eb->vma[i];
1557 struct i915_vma *vma = ev->vma;
1558 unsigned int flags = ev->flags;
1559 struct drm_i915_gem_object *obj = vma->obj;
1560
1561 assert_vma_held(vma);
1562
1563 if (flags & EXEC_OBJECT_CAPTURE) {
1564 struct i915_capture_list *capture;
1565
1566 capture = kmalloc(sizeof(*capture), GFP_KERNEL);
1567 if (capture) {
1568 capture->next = eb->request->capture_list;
1569 capture->vma = vma;
1570 eb->request->capture_list = capture;
1571 }
1572 }
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586 if (unlikely(obj->cache_dirty & ~obj->cache_coherent)) {
1587 if (i915_gem_clflush_object(obj, 0))
1588 flags &= ~EXEC_OBJECT_ASYNC;
1589 }
1590
1591 if (err == 0 && !(flags & EXEC_OBJECT_ASYNC)) {
1592 err = i915_request_await_object
1593 (eb->request, obj, flags & EXEC_OBJECT_WRITE);
1594 }
1595
1596 if (err == 0)
1597 err = i915_vma_move_to_active(vma, eb->request, flags);
1598
1599 i915_vma_unlock(vma);
1600
1601 __eb_unreserve_vma(vma, flags);
1602 i915_vma_put(vma);
1603
1604 ev->vma = NULL;
1605 }
1606 ww_acquire_fini(&acquire);
1607
1608 if (unlikely(err))
1609 goto err_skip;
1610
1611 eb->exec = NULL;
1612
1613
1614 intel_gt_chipset_flush(eb->engine->gt);
1615 return 0;
1616
1617err_skip:
1618 i915_request_set_error_once(eb->request, err);
1619 return err;
1620}
1621
1622static int i915_gem_check_execbuffer(struct drm_i915_gem_execbuffer2 *exec)
1623{
1624 if (exec->flags & __I915_EXEC_ILLEGAL_FLAGS)
1625 return -EINVAL;
1626
1627
1628 if (!(exec->flags & I915_EXEC_FENCE_ARRAY)) {
1629 if (exec->num_cliprects || exec->cliprects_ptr)
1630 return -EINVAL;
1631 }
1632
1633 if (exec->DR4 == 0xffffffff) {
1634 DRM_DEBUG("UXA submitting garbage DR4, fixing up\n");
1635 exec->DR4 = 0;
1636 }
1637 if (exec->DR1 || exec->DR4)
1638 return -EINVAL;
1639
1640 if ((exec->batch_start_offset | exec->batch_len) & 0x7)
1641 return -EINVAL;
1642
1643 return 0;
1644}
1645
1646static int i915_reset_gen7_sol_offsets(struct i915_request *rq)
1647{
1648 u32 *cs;
1649 int i;
1650
1651 if (!IS_GEN(rq->i915, 7) || rq->engine->id != RCS0) {
1652 drm_dbg(&rq->i915->drm, "sol reset is gen7/rcs only\n");
1653 return -EINVAL;
1654 }
1655
1656 cs = intel_ring_begin(rq, 4 * 2 + 2);
1657 if (IS_ERR(cs))
1658 return PTR_ERR(cs);
1659
1660 *cs++ = MI_LOAD_REGISTER_IMM(4);
1661 for (i = 0; i < 4; i++) {
1662 *cs++ = i915_mmio_reg_offset(GEN7_SO_WRITE_OFFSET(i));
1663 *cs++ = 0;
1664 }
1665 *cs++ = MI_NOOP;
1666 intel_ring_advance(rq, cs);
1667
1668 return 0;
1669}
1670
1671static struct i915_vma *
1672shadow_batch_pin(struct drm_i915_gem_object *obj,
1673 struct i915_address_space *vm,
1674 unsigned int flags)
1675{
1676 struct i915_vma *vma;
1677 int err;
1678
1679 vma = i915_vma_instance(obj, vm, NULL);
1680 if (IS_ERR(vma))
1681 return vma;
1682
1683 err = i915_vma_pin(vma, 0, 0, flags);
1684 if (err)
1685 return ERR_PTR(err);
1686
1687 return vma;
1688}
1689
1690struct eb_parse_work {
1691 struct dma_fence_work base;
1692 struct intel_engine_cs *engine;
1693 struct i915_vma *batch;
1694 struct i915_vma *shadow;
1695 struct i915_vma *trampoline;
1696 unsigned int batch_offset;
1697 unsigned int batch_length;
1698};
1699
1700static int __eb_parse(struct dma_fence_work *work)
1701{
1702 struct eb_parse_work *pw = container_of(work, typeof(*pw), base);
1703
1704 return intel_engine_cmd_parser(pw->engine,
1705 pw->batch,
1706 pw->batch_offset,
1707 pw->batch_length,
1708 pw->shadow,
1709 pw->trampoline);
1710}
1711
1712static void __eb_parse_release(struct dma_fence_work *work)
1713{
1714 struct eb_parse_work *pw = container_of(work, typeof(*pw), base);
1715
1716 if (pw->trampoline)
1717 i915_active_release(&pw->trampoline->active);
1718 i915_active_release(&pw->shadow->active);
1719 i915_active_release(&pw->batch->active);
1720}
1721
1722static const struct dma_fence_work_ops eb_parse_ops = {
1723 .name = "eb_parse",
1724 .work = __eb_parse,
1725 .release = __eb_parse_release,
1726};
1727
1728static int eb_parse_pipeline(struct i915_execbuffer *eb,
1729 struct i915_vma *shadow,
1730 struct i915_vma *trampoline)
1731{
1732 struct eb_parse_work *pw;
1733 int err;
1734
1735 pw = kzalloc(sizeof(*pw), GFP_KERNEL);
1736 if (!pw)
1737 return -ENOMEM;
1738
1739 err = i915_active_acquire(&eb->batch->vma->active);
1740 if (err)
1741 goto err_free;
1742
1743 err = i915_active_acquire(&shadow->active);
1744 if (err)
1745 goto err_batch;
1746
1747 if (trampoline) {
1748 err = i915_active_acquire(&trampoline->active);
1749 if (err)
1750 goto err_shadow;
1751 }
1752
1753 dma_fence_work_init(&pw->base, &eb_parse_ops);
1754
1755 pw->engine = eb->engine;
1756 pw->batch = eb->batch->vma;
1757 pw->batch_offset = eb->batch_start_offset;
1758 pw->batch_length = eb->batch_len;
1759 pw->shadow = shadow;
1760 pw->trampoline = trampoline;
1761
1762 err = dma_resv_lock_interruptible(pw->batch->resv, NULL);
1763 if (err)
1764 goto err_trampoline;
1765
1766 err = dma_resv_reserve_shared(pw->batch->resv, 1);
1767 if (err)
1768 goto err_batch_unlock;
1769
1770
1771 err = i915_sw_fence_await_reservation(&pw->base.chain,
1772 pw->batch->resv, NULL, false,
1773 0, I915_FENCE_GFP);
1774 if (err < 0)
1775 goto err_batch_unlock;
1776
1777
1778 dma_resv_add_shared_fence(pw->batch->resv, &pw->base.dma);
1779
1780 dma_resv_unlock(pw->batch->resv);
1781
1782
1783 dma_resv_lock(shadow->resv, NULL);
1784 dma_resv_add_excl_fence(shadow->resv, &pw->base.dma);
1785 dma_resv_unlock(shadow->resv);
1786
1787 dma_fence_work_commit(&pw->base);
1788 return 0;
1789
1790err_batch_unlock:
1791 dma_resv_unlock(pw->batch->resv);
1792err_trampoline:
1793 if (trampoline)
1794 i915_active_release(&trampoline->active);
1795err_shadow:
1796 i915_active_release(&shadow->active);
1797err_batch:
1798 i915_active_release(&eb->batch->vma->active);
1799err_free:
1800 kfree(pw);
1801 return err;
1802}
1803
1804static int eb_parse(struct i915_execbuffer *eb)
1805{
1806 struct drm_i915_private *i915 = eb->i915;
1807 struct intel_engine_pool_node *pool;
1808 struct i915_vma *shadow, *trampoline;
1809 unsigned int len;
1810 int err;
1811
1812 if (!eb_use_cmdparser(eb))
1813 return 0;
1814
1815 len = eb->batch_len;
1816 if (!CMDPARSER_USES_GGTT(eb->i915)) {
1817
1818
1819
1820
1821 if (!eb->context->vm->has_read_only) {
1822 drm_dbg(&i915->drm,
1823 "Cannot prevent post-scan tampering without RO capable vm\n");
1824 return -EINVAL;
1825 }
1826 } else {
1827 len += I915_CMD_PARSER_TRAMPOLINE_SIZE;
1828 }
1829
1830 pool = intel_engine_get_pool(eb->engine, len);
1831 if (IS_ERR(pool))
1832 return PTR_ERR(pool);
1833
1834 shadow = shadow_batch_pin(pool->obj, eb->context->vm, PIN_USER);
1835 if (IS_ERR(shadow)) {
1836 err = PTR_ERR(shadow);
1837 goto err;
1838 }
1839 i915_gem_object_set_readonly(shadow->obj);
1840
1841 trampoline = NULL;
1842 if (CMDPARSER_USES_GGTT(eb->i915)) {
1843 trampoline = shadow;
1844
1845 shadow = shadow_batch_pin(pool->obj,
1846 &eb->engine->gt->ggtt->vm,
1847 PIN_GLOBAL);
1848 if (IS_ERR(shadow)) {
1849 err = PTR_ERR(shadow);
1850 shadow = trampoline;
1851 goto err_shadow;
1852 }
1853
1854 eb->batch_flags |= I915_DISPATCH_SECURE;
1855 }
1856
1857 err = eb_parse_pipeline(eb, shadow, trampoline);
1858 if (err)
1859 goto err_trampoline;
1860
1861 eb->vma[eb->buffer_count].vma = i915_vma_get(shadow);
1862 eb->vma[eb->buffer_count].flags = __EXEC_OBJECT_HAS_PIN;
1863 eb->batch = &eb->vma[eb->buffer_count++];
1864
1865 eb->trampoline = trampoline;
1866 eb->batch_start_offset = 0;
1867
1868 shadow->private = pool;
1869 return 0;
1870
1871err_trampoline:
1872 if (trampoline)
1873 i915_vma_unpin(trampoline);
1874err_shadow:
1875 i915_vma_unpin(shadow);
1876err:
1877 intel_engine_pool_put(pool);
1878 return err;
1879}
1880
1881static void
1882add_to_client(struct i915_request *rq, struct drm_file *file)
1883{
1884 struct drm_i915_file_private *file_priv = file->driver_priv;
1885
1886 rq->file_priv = file_priv;
1887
1888 spin_lock(&file_priv->mm.lock);
1889 list_add_tail(&rq->client_link, &file_priv->mm.request_list);
1890 spin_unlock(&file_priv->mm.lock);
1891}
1892
1893static int eb_submit(struct i915_execbuffer *eb, struct i915_vma *batch)
1894{
1895 int err;
1896
1897 err = eb_move_to_gpu(eb);
1898 if (err)
1899 return err;
1900
1901 if (eb->args->flags & I915_EXEC_GEN7_SOL_RESET) {
1902 err = i915_reset_gen7_sol_offsets(eb->request);
1903 if (err)
1904 return err;
1905 }
1906
1907
1908
1909
1910
1911
1912
1913 if (eb->engine->emit_init_breadcrumb) {
1914 err = eb->engine->emit_init_breadcrumb(eb->request);
1915 if (err)
1916 return err;
1917 }
1918
1919 err = eb->engine->emit_bb_start(eb->request,
1920 batch->node.start +
1921 eb->batch_start_offset,
1922 eb->batch_len,
1923 eb->batch_flags);
1924 if (err)
1925 return err;
1926
1927 if (eb->trampoline) {
1928 GEM_BUG_ON(eb->batch_start_offset);
1929 err = eb->engine->emit_bb_start(eb->request,
1930 eb->trampoline->node.start +
1931 eb->batch_len,
1932 0, 0);
1933 if (err)
1934 return err;
1935 }
1936
1937 if (intel_context_nopreempt(eb->context))
1938 __set_bit(I915_FENCE_FLAG_NOPREEMPT, &eb->request->fence.flags);
1939
1940 return 0;
1941}
1942
1943static int num_vcs_engines(const struct drm_i915_private *i915)
1944{
1945 return hweight64(INTEL_INFO(i915)->engine_mask &
1946 GENMASK_ULL(VCS0 + I915_MAX_VCS - 1, VCS0));
1947}
1948
1949
1950
1951
1952
1953static unsigned int
1954gen8_dispatch_bsd_engine(struct drm_i915_private *dev_priv,
1955 struct drm_file *file)
1956{
1957 struct drm_i915_file_private *file_priv = file->driver_priv;
1958
1959
1960 if ((int)file_priv->bsd_engine < 0)
1961 file_priv->bsd_engine =
1962 get_random_int() % num_vcs_engines(dev_priv);
1963
1964 return file_priv->bsd_engine;
1965}
1966
1967static const enum intel_engine_id user_ring_map[] = {
1968 [I915_EXEC_DEFAULT] = RCS0,
1969 [I915_EXEC_RENDER] = RCS0,
1970 [I915_EXEC_BLT] = BCS0,
1971 [I915_EXEC_BSD] = VCS0,
1972 [I915_EXEC_VEBOX] = VECS0
1973};
1974
1975static struct i915_request *eb_throttle(struct intel_context *ce)
1976{
1977 struct intel_ring *ring = ce->ring;
1978 struct intel_timeline *tl = ce->timeline;
1979 struct i915_request *rq;
1980
1981
1982
1983
1984
1985 if (intel_ring_update_space(ring) >= PAGE_SIZE)
1986 return NULL;
1987
1988
1989
1990
1991
1992
1993
1994
1995 list_for_each_entry(rq, &tl->requests, link) {
1996 if (rq->ring != ring)
1997 continue;
1998
1999 if (__intel_ring_space(rq->postfix,
2000 ring->emit, ring->size) > ring->size / 2)
2001 break;
2002 }
2003 if (&rq->link == &tl->requests)
2004 return NULL;
2005
2006 return i915_request_get(rq);
2007}
2008
2009static int __eb_pin_engine(struct i915_execbuffer *eb, struct intel_context *ce)
2010{
2011 struct intel_timeline *tl;
2012 struct i915_request *rq;
2013 int err;
2014
2015
2016
2017
2018
2019 err = intel_gt_terminally_wedged(ce->engine->gt);
2020 if (err)
2021 return err;
2022
2023 if (unlikely(intel_context_is_banned(ce)))
2024 return -EIO;
2025
2026
2027
2028
2029
2030
2031 err = intel_context_pin(ce);
2032 if (err)
2033 return err;
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043 tl = intel_context_timeline_lock(ce);
2044 if (IS_ERR(tl)) {
2045 err = PTR_ERR(tl);
2046 goto err_unpin;
2047 }
2048
2049 intel_context_enter(ce);
2050 rq = eb_throttle(ce);
2051
2052 intel_context_timeline_unlock(tl);
2053
2054 if (rq) {
2055 bool nonblock = eb->file->filp->f_flags & O_NONBLOCK;
2056 long timeout;
2057
2058 timeout = MAX_SCHEDULE_TIMEOUT;
2059 if (nonblock)
2060 timeout = 0;
2061
2062 timeout = i915_request_wait(rq,
2063 I915_WAIT_INTERRUPTIBLE,
2064 timeout);
2065 i915_request_put(rq);
2066
2067 if (timeout < 0) {
2068 err = nonblock ? -EWOULDBLOCK : timeout;
2069 goto err_exit;
2070 }
2071 }
2072
2073 eb->engine = ce->engine;
2074 eb->context = ce;
2075 return 0;
2076
2077err_exit:
2078 mutex_lock(&tl->mutex);
2079 intel_context_exit(ce);
2080 intel_context_timeline_unlock(tl);
2081err_unpin:
2082 intel_context_unpin(ce);
2083 return err;
2084}
2085
2086static void eb_unpin_engine(struct i915_execbuffer *eb)
2087{
2088 struct intel_context *ce = eb->context;
2089 struct intel_timeline *tl = ce->timeline;
2090
2091 mutex_lock(&tl->mutex);
2092 intel_context_exit(ce);
2093 mutex_unlock(&tl->mutex);
2094
2095 intel_context_unpin(ce);
2096}
2097
2098static unsigned int
2099eb_select_legacy_ring(struct i915_execbuffer *eb,
2100 struct drm_file *file,
2101 struct drm_i915_gem_execbuffer2 *args)
2102{
2103 struct drm_i915_private *i915 = eb->i915;
2104 unsigned int user_ring_id = args->flags & I915_EXEC_RING_MASK;
2105
2106 if (user_ring_id != I915_EXEC_BSD &&
2107 (args->flags & I915_EXEC_BSD_MASK)) {
2108 drm_dbg(&i915->drm,
2109 "execbuf with non bsd ring but with invalid "
2110 "bsd dispatch flags: %d\n", (int)(args->flags));
2111 return -1;
2112 }
2113
2114 if (user_ring_id == I915_EXEC_BSD && num_vcs_engines(i915) > 1) {
2115 unsigned int bsd_idx = args->flags & I915_EXEC_BSD_MASK;
2116
2117 if (bsd_idx == I915_EXEC_BSD_DEFAULT) {
2118 bsd_idx = gen8_dispatch_bsd_engine(i915, file);
2119 } else if (bsd_idx >= I915_EXEC_BSD_RING1 &&
2120 bsd_idx <= I915_EXEC_BSD_RING2) {
2121 bsd_idx >>= I915_EXEC_BSD_SHIFT;
2122 bsd_idx--;
2123 } else {
2124 drm_dbg(&i915->drm,
2125 "execbuf with unknown bsd ring: %u\n",
2126 bsd_idx);
2127 return -1;
2128 }
2129
2130 return _VCS(bsd_idx);
2131 }
2132
2133 if (user_ring_id >= ARRAY_SIZE(user_ring_map)) {
2134 drm_dbg(&i915->drm, "execbuf with unknown ring: %u\n",
2135 user_ring_id);
2136 return -1;
2137 }
2138
2139 return user_ring_map[user_ring_id];
2140}
2141
2142static int
2143eb_pin_engine(struct i915_execbuffer *eb,
2144 struct drm_file *file,
2145 struct drm_i915_gem_execbuffer2 *args)
2146{
2147 struct intel_context *ce;
2148 unsigned int idx;
2149 int err;
2150
2151 if (i915_gem_context_user_engines(eb->gem_context))
2152 idx = args->flags & I915_EXEC_RING_MASK;
2153 else
2154 idx = eb_select_legacy_ring(eb, file, args);
2155
2156 ce = i915_gem_context_get_engine(eb->gem_context, idx);
2157 if (IS_ERR(ce))
2158 return PTR_ERR(ce);
2159
2160 err = __eb_pin_engine(eb, ce);
2161 intel_context_put(ce);
2162
2163 return err;
2164}
2165
2166static void
2167__free_fence_array(struct drm_syncobj **fences, unsigned int n)
2168{
2169 while (n--)
2170 drm_syncobj_put(ptr_mask_bits(fences[n], 2));
2171 kvfree(fences);
2172}
2173
2174static struct drm_syncobj **
2175get_fence_array(struct drm_i915_gem_execbuffer2 *args,
2176 struct drm_file *file)
2177{
2178 const unsigned long nfences = args->num_cliprects;
2179 struct drm_i915_gem_exec_fence __user *user;
2180 struct drm_syncobj **fences;
2181 unsigned long n;
2182 int err;
2183
2184 if (!(args->flags & I915_EXEC_FENCE_ARRAY))
2185 return NULL;
2186
2187
2188 BUILD_BUG_ON(sizeof(size_t) > sizeof(unsigned long));
2189 if (nfences > min_t(unsigned long,
2190 ULONG_MAX / sizeof(*user),
2191 SIZE_MAX / sizeof(*fences)))
2192 return ERR_PTR(-EINVAL);
2193
2194 user = u64_to_user_ptr(args->cliprects_ptr);
2195 if (!access_ok(user, nfences * sizeof(*user)))
2196 return ERR_PTR(-EFAULT);
2197
2198 fences = kvmalloc_array(nfences, sizeof(*fences),
2199 __GFP_NOWARN | GFP_KERNEL);
2200 if (!fences)
2201 return ERR_PTR(-ENOMEM);
2202
2203 for (n = 0; n < nfences; n++) {
2204 struct drm_i915_gem_exec_fence fence;
2205 struct drm_syncobj *syncobj;
2206
2207 if (__copy_from_user(&fence, user++, sizeof(fence))) {
2208 err = -EFAULT;
2209 goto err;
2210 }
2211
2212 if (fence.flags & __I915_EXEC_FENCE_UNKNOWN_FLAGS) {
2213 err = -EINVAL;
2214 goto err;
2215 }
2216
2217 syncobj = drm_syncobj_find(file, fence.handle);
2218 if (!syncobj) {
2219 DRM_DEBUG("Invalid syncobj handle provided\n");
2220 err = -ENOENT;
2221 goto err;
2222 }
2223
2224 BUILD_BUG_ON(~(ARCH_KMALLOC_MINALIGN - 1) &
2225 ~__I915_EXEC_FENCE_UNKNOWN_FLAGS);
2226
2227 fences[n] = ptr_pack_bits(syncobj, fence.flags, 2);
2228 }
2229
2230 return fences;
2231
2232err:
2233 __free_fence_array(fences, n);
2234 return ERR_PTR(err);
2235}
2236
2237static void
2238put_fence_array(struct drm_i915_gem_execbuffer2 *args,
2239 struct drm_syncobj **fences)
2240{
2241 if (fences)
2242 __free_fence_array(fences, args->num_cliprects);
2243}
2244
2245static int
2246await_fence_array(struct i915_execbuffer *eb,
2247 struct drm_syncobj **fences)
2248{
2249 const unsigned int nfences = eb->args->num_cliprects;
2250 unsigned int n;
2251 int err;
2252
2253 for (n = 0; n < nfences; n++) {
2254 struct drm_syncobj *syncobj;
2255 struct dma_fence *fence;
2256 unsigned int flags;
2257
2258 syncobj = ptr_unpack_bits(fences[n], &flags, 2);
2259 if (!(flags & I915_EXEC_FENCE_WAIT))
2260 continue;
2261
2262 fence = drm_syncobj_fence_get(syncobj);
2263 if (!fence)
2264 return -EINVAL;
2265
2266 err = i915_request_await_dma_fence(eb->request, fence);
2267 dma_fence_put(fence);
2268 if (err < 0)
2269 return err;
2270 }
2271
2272 return 0;
2273}
2274
2275static void
2276signal_fence_array(struct i915_execbuffer *eb,
2277 struct drm_syncobj **fences)
2278{
2279 const unsigned int nfences = eb->args->num_cliprects;
2280 struct dma_fence * const fence = &eb->request->fence;
2281 unsigned int n;
2282
2283 for (n = 0; n < nfences; n++) {
2284 struct drm_syncobj *syncobj;
2285 unsigned int flags;
2286
2287 syncobj = ptr_unpack_bits(fences[n], &flags, 2);
2288 if (!(flags & I915_EXEC_FENCE_SIGNAL))
2289 continue;
2290
2291 drm_syncobj_replace_fence(syncobj, fence);
2292 }
2293}
2294
2295static void retire_requests(struct intel_timeline *tl, struct i915_request *end)
2296{
2297 struct i915_request *rq, *rn;
2298
2299 list_for_each_entry_safe(rq, rn, &tl->requests, link)
2300 if (rq == end || !i915_request_retire(rq))
2301 break;
2302}
2303
2304static void eb_request_add(struct i915_execbuffer *eb)
2305{
2306 struct i915_request *rq = eb->request;
2307 struct intel_timeline * const tl = i915_request_timeline(rq);
2308 struct i915_sched_attr attr = {};
2309 struct i915_request *prev;
2310
2311 lockdep_assert_held(&tl->mutex);
2312 lockdep_unpin_lock(&tl->mutex, rq->cookie);
2313
2314 trace_i915_request_add(rq);
2315
2316 prev = __i915_request_commit(rq);
2317
2318
2319 if (likely(!intel_context_is_closed(eb->context))) {
2320 attr = eb->gem_context->sched;
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334 if (!(rq->sched.flags & I915_SCHED_HAS_SEMAPHORE_CHAIN))
2335 attr.priority |= I915_PRIORITY_NOSEMAPHORE;
2336
2337
2338
2339
2340
2341
2342
2343 if (list_empty(&rq->sched.signalers_list))
2344 attr.priority |= I915_PRIORITY_WAIT;
2345 } else {
2346
2347 i915_request_set_error_once(rq, -ENOENT);
2348 __i915_request_skip(rq);
2349 }
2350
2351 local_bh_disable();
2352 __i915_request_queue(rq, &attr);
2353 local_bh_enable();
2354
2355
2356 if (prev)
2357 retire_requests(tl, prev);
2358
2359 mutex_unlock(&tl->mutex);
2360}
2361
2362static int
2363i915_gem_do_execbuffer(struct drm_device *dev,
2364 struct drm_file *file,
2365 struct drm_i915_gem_execbuffer2 *args,
2366 struct drm_i915_gem_exec_object2 *exec,
2367 struct drm_syncobj **fences)
2368{
2369 struct drm_i915_private *i915 = to_i915(dev);
2370 struct i915_execbuffer eb;
2371 struct dma_fence *in_fence = NULL;
2372 struct dma_fence *exec_fence = NULL;
2373 struct sync_file *out_fence = NULL;
2374 struct i915_vma *batch;
2375 int out_fence_fd = -1;
2376 int err;
2377
2378 BUILD_BUG_ON(__EXEC_INTERNAL_FLAGS & ~__I915_EXEC_ILLEGAL_FLAGS);
2379 BUILD_BUG_ON(__EXEC_OBJECT_INTERNAL_FLAGS &
2380 ~__EXEC_OBJECT_UNKNOWN_FLAGS);
2381
2382 eb.i915 = i915;
2383 eb.file = file;
2384 eb.args = args;
2385 if (DBG_FORCE_RELOC || !(args->flags & I915_EXEC_NO_RELOC))
2386 args->flags |= __EXEC_HAS_RELOC;
2387
2388 eb.exec = exec;
2389 eb.vma = (struct eb_vma *)(exec + args->buffer_count + 1);
2390 eb.vma[0].vma = NULL;
2391
2392 eb.invalid_flags = __EXEC_OBJECT_UNKNOWN_FLAGS;
2393 reloc_cache_init(&eb.reloc_cache, eb.i915);
2394
2395 eb.buffer_count = args->buffer_count;
2396 eb.batch_start_offset = args->batch_start_offset;
2397 eb.batch_len = args->batch_len;
2398 eb.trampoline = NULL;
2399
2400 eb.batch_flags = 0;
2401 if (args->flags & I915_EXEC_SECURE) {
2402 if (INTEL_GEN(i915) >= 11)
2403 return -ENODEV;
2404
2405
2406 if (!HAS_SECURE_BATCHES(i915))
2407 return -EPERM;
2408
2409 if (!drm_is_current_master(file) || !capable(CAP_SYS_ADMIN))
2410 return -EPERM;
2411
2412 eb.batch_flags |= I915_DISPATCH_SECURE;
2413 }
2414 if (args->flags & I915_EXEC_IS_PINNED)
2415 eb.batch_flags |= I915_DISPATCH_PINNED;
2416
2417 if (args->flags & I915_EXEC_FENCE_IN) {
2418 in_fence = sync_file_get_fence(lower_32_bits(args->rsvd2));
2419 if (!in_fence)
2420 return -EINVAL;
2421 }
2422
2423 if (args->flags & I915_EXEC_FENCE_SUBMIT) {
2424 if (in_fence) {
2425 err = -EINVAL;
2426 goto err_in_fence;
2427 }
2428
2429 exec_fence = sync_file_get_fence(lower_32_bits(args->rsvd2));
2430 if (!exec_fence) {
2431 err = -EINVAL;
2432 goto err_in_fence;
2433 }
2434 }
2435
2436 if (args->flags & I915_EXEC_FENCE_OUT) {
2437 out_fence_fd = get_unused_fd_flags(O_CLOEXEC);
2438 if (out_fence_fd < 0) {
2439 err = out_fence_fd;
2440 goto err_exec_fence;
2441 }
2442 }
2443
2444 err = eb_create(&eb);
2445 if (err)
2446 goto err_out_fence;
2447
2448 GEM_BUG_ON(!eb.lut_size);
2449
2450 err = eb_select_context(&eb);
2451 if (unlikely(err))
2452 goto err_destroy;
2453
2454 err = eb_pin_engine(&eb, file, args);
2455 if (unlikely(err))
2456 goto err_context;
2457
2458 err = eb_relocate(&eb);
2459 if (err) {
2460
2461
2462
2463
2464
2465
2466
2467 args->flags &= ~__EXEC_HAS_RELOC;
2468 goto err_vma;
2469 }
2470
2471 if (unlikely(eb.batch->flags & EXEC_OBJECT_WRITE)) {
2472 drm_dbg(&i915->drm,
2473 "Attempting to use self-modifying batch buffer\n");
2474 err = -EINVAL;
2475 goto err_vma;
2476 }
2477
2478 if (range_overflows_t(u64,
2479 eb.batch_start_offset, eb.batch_len,
2480 eb.batch->vma->size)) {
2481 drm_dbg(&i915->drm, "Attempting to use out-of-bounds batch\n");
2482 err = -EINVAL;
2483 goto err_vma;
2484 }
2485
2486 if (eb.batch_len == 0)
2487 eb.batch_len = eb.batch->vma->size - eb.batch_start_offset;
2488
2489 err = eb_parse(&eb);
2490 if (err)
2491 goto err_vma;
2492
2493
2494
2495
2496
2497 batch = eb.batch->vma;
2498 if (eb.batch_flags & I915_DISPATCH_SECURE) {
2499 struct i915_vma *vma;
2500
2501
2502
2503
2504
2505
2506
2507
2508
2509
2510
2511 vma = i915_gem_object_ggtt_pin(batch->obj, NULL, 0, 0, 0);
2512 if (IS_ERR(vma)) {
2513 err = PTR_ERR(vma);
2514 goto err_parse;
2515 }
2516
2517 batch = vma;
2518 }
2519
2520
2521 GEM_BUG_ON(eb.reloc_cache.rq);
2522
2523
2524 eb.request = i915_request_create(eb.context);
2525 if (IS_ERR(eb.request)) {
2526 err = PTR_ERR(eb.request);
2527 goto err_batch_unpin;
2528 }
2529
2530 if (in_fence) {
2531 err = i915_request_await_dma_fence(eb.request, in_fence);
2532 if (err < 0)
2533 goto err_request;
2534 }
2535
2536 if (exec_fence) {
2537 err = i915_request_await_execution(eb.request, exec_fence,
2538 eb.engine->bond_execute);
2539 if (err < 0)
2540 goto err_request;
2541 }
2542
2543 if (fences) {
2544 err = await_fence_array(&eb, fences);
2545 if (err)
2546 goto err_request;
2547 }
2548
2549 if (out_fence_fd != -1) {
2550 out_fence = sync_file_create(&eb.request->fence);
2551 if (!out_fence) {
2552 err = -ENOMEM;
2553 goto err_request;
2554 }
2555 }
2556
2557
2558
2559
2560
2561
2562
2563
2564 eb.request->batch = batch;
2565 if (batch->private)
2566 intel_engine_pool_mark_active(batch->private, eb.request);
2567
2568 trace_i915_request_queue(eb.request, eb.batch_flags);
2569 err = eb_submit(&eb, batch);
2570err_request:
2571 add_to_client(eb.request, file);
2572 i915_request_get(eb.request);
2573 eb_request_add(&eb);
2574
2575 if (fences)
2576 signal_fence_array(&eb, fences);
2577
2578 if (out_fence) {
2579 if (err == 0) {
2580 fd_install(out_fence_fd, out_fence->file);
2581 args->rsvd2 &= GENMASK_ULL(31, 0);
2582 args->rsvd2 |= (u64)out_fence_fd << 32;
2583 out_fence_fd = -1;
2584 } else {
2585 fput(out_fence->file);
2586 }
2587 }
2588 i915_request_put(eb.request);
2589
2590err_batch_unpin:
2591 if (eb.batch_flags & I915_DISPATCH_SECURE)
2592 i915_vma_unpin(batch);
2593err_parse:
2594 if (batch->private)
2595 intel_engine_pool_put(batch->private);
2596err_vma:
2597 if (eb.exec)
2598 eb_release_vmas(&eb);
2599 if (eb.trampoline)
2600 i915_vma_unpin(eb.trampoline);
2601 eb_unpin_engine(&eb);
2602err_context:
2603 i915_gem_context_put(eb.gem_context);
2604err_destroy:
2605 eb_destroy(&eb);
2606err_out_fence:
2607 if (out_fence_fd != -1)
2608 put_unused_fd(out_fence_fd);
2609err_exec_fence:
2610 dma_fence_put(exec_fence);
2611err_in_fence:
2612 dma_fence_put(in_fence);
2613 return err;
2614}
2615
2616static size_t eb_element_size(void)
2617{
2618 return sizeof(struct drm_i915_gem_exec_object2) + sizeof(struct eb_vma);
2619}
2620
2621static bool check_buffer_count(size_t count)
2622{
2623 const size_t sz = eb_element_size();
2624
2625
2626
2627
2628
2629
2630
2631 return !(count < 1 || count > INT_MAX || count > SIZE_MAX / sz - 1);
2632}
2633
2634
2635
2636
2637
2638int
2639i915_gem_execbuffer_ioctl(struct drm_device *dev, void *data,
2640 struct drm_file *file)
2641{
2642 struct drm_i915_private *i915 = to_i915(dev);
2643 struct drm_i915_gem_execbuffer *args = data;
2644 struct drm_i915_gem_execbuffer2 exec2;
2645 struct drm_i915_gem_exec_object *exec_list = NULL;
2646 struct drm_i915_gem_exec_object2 *exec2_list = NULL;
2647 const size_t count = args->buffer_count;
2648 unsigned int i;
2649 int err;
2650
2651 if (!check_buffer_count(count)) {
2652 drm_dbg(&i915->drm, "execbuf2 with %zd buffers\n", count);
2653 return -EINVAL;
2654 }
2655
2656 exec2.buffers_ptr = args->buffers_ptr;
2657 exec2.buffer_count = args->buffer_count;
2658 exec2.batch_start_offset = args->batch_start_offset;
2659 exec2.batch_len = args->batch_len;
2660 exec2.DR1 = args->DR1;
2661 exec2.DR4 = args->DR4;
2662 exec2.num_cliprects = args->num_cliprects;
2663 exec2.cliprects_ptr = args->cliprects_ptr;
2664 exec2.flags = I915_EXEC_RENDER;
2665 i915_execbuffer2_set_context_id(exec2, 0);
2666
2667 err = i915_gem_check_execbuffer(&exec2);
2668 if (err)
2669 return err;
2670
2671
2672 exec_list = kvmalloc_array(count, sizeof(*exec_list),
2673 __GFP_NOWARN | GFP_KERNEL);
2674 exec2_list = kvmalloc_array(count + 1, eb_element_size(),
2675 __GFP_NOWARN | GFP_KERNEL);
2676 if (exec_list == NULL || exec2_list == NULL) {
2677 drm_dbg(&i915->drm,
2678 "Failed to allocate exec list for %d buffers\n",
2679 args->buffer_count);
2680 kvfree(exec_list);
2681 kvfree(exec2_list);
2682 return -ENOMEM;
2683 }
2684 err = copy_from_user(exec_list,
2685 u64_to_user_ptr(args->buffers_ptr),
2686 sizeof(*exec_list) * count);
2687 if (err) {
2688 drm_dbg(&i915->drm, "copy %d exec entries failed %d\n",
2689 args->buffer_count, err);
2690 kvfree(exec_list);
2691 kvfree(exec2_list);
2692 return -EFAULT;
2693 }
2694
2695 for (i = 0; i < args->buffer_count; i++) {
2696 exec2_list[i].handle = exec_list[i].handle;
2697 exec2_list[i].relocation_count = exec_list[i].relocation_count;
2698 exec2_list[i].relocs_ptr = exec_list[i].relocs_ptr;
2699 exec2_list[i].alignment = exec_list[i].alignment;
2700 exec2_list[i].offset = exec_list[i].offset;
2701 if (INTEL_GEN(to_i915(dev)) < 4)
2702 exec2_list[i].flags = EXEC_OBJECT_NEEDS_FENCE;
2703 else
2704 exec2_list[i].flags = 0;
2705 }
2706
2707 err = i915_gem_do_execbuffer(dev, file, &exec2, exec2_list, NULL);
2708 if (exec2.flags & __EXEC_HAS_RELOC) {
2709 struct drm_i915_gem_exec_object __user *user_exec_list =
2710 u64_to_user_ptr(args->buffers_ptr);
2711
2712
2713 for (i = 0; i < args->buffer_count; i++) {
2714 if (!(exec2_list[i].offset & UPDATE))
2715 continue;
2716
2717 exec2_list[i].offset =
2718 gen8_canonical_addr(exec2_list[i].offset & PIN_OFFSET_MASK);
2719 exec2_list[i].offset &= PIN_OFFSET_MASK;
2720 if (__copy_to_user(&user_exec_list[i].offset,
2721 &exec2_list[i].offset,
2722 sizeof(user_exec_list[i].offset)))
2723 break;
2724 }
2725 }
2726
2727 kvfree(exec_list);
2728 kvfree(exec2_list);
2729 return err;
2730}
2731
2732int
2733i915_gem_execbuffer2_ioctl(struct drm_device *dev, void *data,
2734 struct drm_file *file)
2735{
2736 struct drm_i915_private *i915 = to_i915(dev);
2737 struct drm_i915_gem_execbuffer2 *args = data;
2738 struct drm_i915_gem_exec_object2 *exec2_list;
2739 struct drm_syncobj **fences = NULL;
2740 const size_t count = args->buffer_count;
2741 int err;
2742
2743 if (!check_buffer_count(count)) {
2744 drm_dbg(&i915->drm, "execbuf2 with %zd buffers\n", count);
2745 return -EINVAL;
2746 }
2747
2748 err = i915_gem_check_execbuffer(args);
2749 if (err)
2750 return err;
2751
2752
2753 exec2_list = kvmalloc_array(count + 1, eb_element_size(),
2754 __GFP_NOWARN | GFP_KERNEL);
2755 if (exec2_list == NULL) {
2756 drm_dbg(&i915->drm, "Failed to allocate exec list for %zd buffers\n",
2757 count);
2758 return -ENOMEM;
2759 }
2760 if (copy_from_user(exec2_list,
2761 u64_to_user_ptr(args->buffers_ptr),
2762 sizeof(*exec2_list) * count)) {
2763 drm_dbg(&i915->drm, "copy %zd exec entries failed\n", count);
2764 kvfree(exec2_list);
2765 return -EFAULT;
2766 }
2767
2768 if (args->flags & I915_EXEC_FENCE_ARRAY) {
2769 fences = get_fence_array(args, file);
2770 if (IS_ERR(fences)) {
2771 kvfree(exec2_list);
2772 return PTR_ERR(fences);
2773 }
2774 }
2775
2776 err = i915_gem_do_execbuffer(dev, file, args, exec2_list, fences);
2777
2778
2779
2780
2781
2782
2783
2784 if (args->flags & __EXEC_HAS_RELOC) {
2785 struct drm_i915_gem_exec_object2 __user *user_exec_list =
2786 u64_to_user_ptr(args->buffers_ptr);
2787 unsigned int i;
2788
2789
2790
2791
2792
2793
2794
2795
2796
2797 if (!user_access_begin(user_exec_list, count * sizeof(*user_exec_list)))
2798 goto end;
2799
2800 for (i = 0; i < args->buffer_count; i++) {
2801 if (!(exec2_list[i].offset & UPDATE))
2802 continue;
2803
2804 exec2_list[i].offset =
2805 gen8_canonical_addr(exec2_list[i].offset & PIN_OFFSET_MASK);
2806 unsafe_put_user(exec2_list[i].offset,
2807 &user_exec_list[i].offset,
2808 end_user);
2809 }
2810end_user:
2811 user_access_end();
2812end:;
2813 }
2814
2815 args->flags &= ~__I915_EXEC_UNKNOWN_FLAGS;
2816 put_fence_array(args, fences);
2817 kvfree(exec2_list);
2818 return err;
2819}
2820
