1 /* 2 * Copyright © 2008-2015 Intel Corporation 3 * 4 * Permission is hereby granted, free of charge, to any person obtaining a 5 * copy of this software and associated documentation files (the "Software"), 6 * to deal in the Software without restriction, including without limitation 7 * the rights to use, copy, modify, merge, publish, distribute, sublicense, 8 * and/or sell copies of the Software, and to permit persons to whom the 9 * Software is furnished to do so, subject to the following conditions: 10 * 11 * The above copyright notice and this permission notice (including the next 12 * paragraph) shall be included in all copies or substantial portions of the 13 * Software. 14 * 15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 18 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 20 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS 21 * IN THE SOFTWARE. 22 * 23 * Authors: 24 * Eric Anholt <eric@anholt.net> 25 * 26 */ 27 28 #include <drm/drmP.h> 29 #include <drm/drm_vma_manager.h> 30 #include <drm/i915_drm.h> 31 #include "i915_drv.h" 32 #include "i915_vgpu.h" 33 #include "i915_trace.h" 34 #include "intel_drv.h" 35 #include "intel_frontbuffer.h" 36 #include "intel_mocs.h" 37 #include <linux/dma-fence-array.h> 38 #include <linux/reservation.h> 39 #include <linux/shmem_fs.h> 40 #include <linux/slab.h> 41 #include <linux/swap.h> 42 #include <linux/pci.h> 43 #include <linux/dma-buf.h> 44 45 static void i915_gem_flush_free_objects(struct drm_i915_private *i915); 46 static void i915_gem_object_flush_gtt_write_domain(struct drm_i915_gem_object *obj); 47 static void i915_gem_object_flush_cpu_write_domain(struct drm_i915_gem_object *obj); 48 49 static bool cpu_cache_is_coherent(struct drm_device *dev, 50 enum i915_cache_level level) 51 { 52 return HAS_LLC(to_i915(dev)) || level != I915_CACHE_NONE; 53 } 54 55 static bool cpu_write_needs_clflush(struct drm_i915_gem_object *obj) 56 { 57 if (obj->base.write_domain == I915_GEM_DOMAIN_CPU) 58 return false; 59 60 if (!cpu_cache_is_coherent(obj->base.dev, obj->cache_level)) 61 return true; 62 63 return obj->pin_display; 64 } 65 66 static int 67 insert_mappable_node(struct i915_ggtt *ggtt, 68 struct drm_mm_node *node, u32 size) 69 { 70 memset(node, 0, sizeof(*node)); 71 return drm_mm_insert_node_in_range_generic(&ggtt->base.mm, node, 72 size, 0, -1, 73 0, ggtt->mappable_end, 74 DRM_MM_SEARCH_DEFAULT, 75 DRM_MM_CREATE_DEFAULT); 76 } 77 78 static void 79 remove_mappable_node(struct drm_mm_node *node) 80 { 81 drm_mm_remove_node(node); 82 } 83 84 /* some bookkeeping */ 85 static void i915_gem_info_add_obj(struct drm_i915_private *dev_priv, 86 u64 size) 87 { 88 spin_lock(&dev_priv->mm.object_stat_lock); 89 dev_priv->mm.object_count++; 90 dev_priv->mm.object_memory += size; 91 spin_unlock(&dev_priv->mm.object_stat_lock); 92 } 93 94 static void i915_gem_info_remove_obj(struct drm_i915_private *dev_priv, 95 u64 size) 96 { 97 spin_lock(&dev_priv->mm.object_stat_lock); 98 dev_priv->mm.object_count--; 99 dev_priv->mm.object_memory -= size; 100 spin_unlock(&dev_priv->mm.object_stat_lock); 101 } 102 103 static int 104 i915_gem_wait_for_error(struct i915_gpu_error *error) 105 { 106 int ret; 107 108 might_sleep(); 109 110 if (!i915_reset_in_progress(error)) 111 return 0; 112 113 /* 114 * Only wait 10 seconds for the gpu reset to complete to avoid hanging 115 * userspace. If it takes that long something really bad is going on and 116 * we should simply try to bail out and fail as gracefully as possible. 117 */ 118 ret = wait_event_interruptible_timeout(error->reset_queue, 119 !i915_reset_in_progress(error), 120 I915_RESET_TIMEOUT); 121 if (ret == 0) { 122 DRM_ERROR("Timed out waiting for the gpu reset to complete\n"); 123 return -EIO; 124 } else if (ret < 0) { 125 return ret; 126 } else { 127 return 0; 128 } 129 } 130 131 int i915_mutex_lock_interruptible(struct drm_device *dev) 132 { 133 struct drm_i915_private *dev_priv = to_i915(dev); 134 int ret; 135 136 ret = i915_gem_wait_for_error(&dev_priv->gpu_error); 137 if (ret) 138 return ret; 139 140 ret = mutex_lock_interruptible(&dev->struct_mutex); 141 if (ret) 142 return ret; 143 144 return 0; 145 } 146 147 int 148 i915_gem_get_aperture_ioctl(struct drm_device *dev, void *data, 149 struct drm_file *file) 150 { 151 struct drm_i915_private *dev_priv = to_i915(dev); 152 struct i915_ggtt *ggtt = &dev_priv->ggtt; 153 struct drm_i915_gem_get_aperture *args = data; 154 struct i915_vma *vma; 155 size_t pinned; 156 157 pinned = 0; 158 mutex_lock(&dev->struct_mutex); 159 list_for_each_entry(vma, &ggtt->base.active_list, vm_link) 160 if (i915_vma_is_pinned(vma)) 161 pinned += vma->node.size; 162 list_for_each_entry(vma, &ggtt->base.inactive_list, vm_link) 163 if (i915_vma_is_pinned(vma)) 164 pinned += vma->node.size; 165 mutex_unlock(&dev->struct_mutex); 166 167 args->aper_size = ggtt->base.total; 168 args->aper_available_size = args->aper_size - pinned; 169 170 return 0; 171 } 172 173 static struct sg_table * 174 i915_gem_object_get_pages_phys(struct drm_i915_gem_object *obj) 175 { 176 struct address_space *mapping = obj->base.filp->f_mapping; 177 drm_dma_handle_t *phys; 178 struct sg_table *st; 179 struct scatterlist *sg; 180 char *vaddr; 181 int i; 182 183 if (WARN_ON(i915_gem_object_needs_bit17_swizzle(obj))) 184 return ERR_PTR(-EINVAL); 185 186 /* Always aligning to the object size, allows a single allocation 187 * to handle all possible callers, and given typical object sizes, 188 * the alignment of the buddy allocation will naturally match. 189 */ 190 phys = drm_pci_alloc(obj->base.dev, 191 obj->base.size, 192 roundup_pow_of_two(obj->base.size)); 193 if (!phys) 194 return ERR_PTR(-ENOMEM); 195 196 vaddr = phys->vaddr; 197 for (i = 0; i < obj->base.size / PAGE_SIZE; i++) { 198 struct page *page; 199 char *src; 200 201 page = shmem_read_mapping_page(mapping, i); 202 if (IS_ERR(page)) { 203 st = ERR_CAST(page); 204 goto err_phys; 205 } 206 207 src = kmap_atomic(page); 208 memcpy(vaddr, src, PAGE_SIZE); 209 drm_clflush_virt_range(vaddr, PAGE_SIZE); 210 kunmap_atomic(src); 211 212 put_page(page); 213 vaddr += PAGE_SIZE; 214 } 215 216 i915_gem_chipset_flush(to_i915(obj->base.dev)); 217 218 st = kmalloc(sizeof(*st), GFP_KERNEL); 219 if (!st) { 220 st = ERR_PTR(-ENOMEM); 221 goto err_phys; 222 } 223 224 if (sg_alloc_table(st, 1, GFP_KERNEL)) { 225 kfree(st); 226 st = ERR_PTR(-ENOMEM); 227 goto err_phys; 228 } 229 230 sg = st->sgl; 231 sg->offset = 0; 232 sg->length = obj->base.size; 233 234 sg_dma_address(sg) = phys->busaddr; 235 sg_dma_len(sg) = obj->base.size; 236 237 obj->phys_handle = phys; 238 return st; 239 240 err_phys: 241 drm_pci_free(obj->base.dev, phys); 242 return st; 243 } 244 245 static void 246 __i915_gem_object_release_shmem(struct drm_i915_gem_object *obj, 247 struct sg_table *pages, 248 bool needs_clflush) 249 { 250 GEM_BUG_ON(obj->mm.madv == __I915_MADV_PURGED); 251 252 if (obj->mm.madv == I915_MADV_DONTNEED) 253 obj->mm.dirty = false; 254 255 if (needs_clflush && 256 (obj->base.read_domains & I915_GEM_DOMAIN_CPU) == 0 && 257 !cpu_cache_is_coherent(obj->base.dev, obj->cache_level)) 258 drm_clflush_sg(pages); 259 260 obj->base.read_domains = I915_GEM_DOMAIN_CPU; 261 obj->base.write_domain = I915_GEM_DOMAIN_CPU; 262 } 263 264 static void 265 i915_gem_object_put_pages_phys(struct drm_i915_gem_object *obj, 266 struct sg_table *pages) 267 { 268 __i915_gem_object_release_shmem(obj, pages, false); 269 270 if (obj->mm.dirty) { 271 struct address_space *mapping = obj->base.filp->f_mapping; 272 char *vaddr = obj->phys_handle->vaddr; 273 int i; 274 275 for (i = 0; i < obj->base.size / PAGE_SIZE; i++) { 276 struct page *page; 277 char *dst; 278 279 page = shmem_read_mapping_page(mapping, i); 280 if (IS_ERR(page)) 281 continue; 282 283 dst = kmap_atomic(page); 284 drm_clflush_virt_range(vaddr, PAGE_SIZE); 285 memcpy(dst, vaddr, PAGE_SIZE); 286 kunmap_atomic(dst); 287 288 set_page_dirty(page); 289 if (obj->mm.madv == I915_MADV_WILLNEED) 290 mark_page_accessed(page); 291 put_page(page); 292 vaddr += PAGE_SIZE; 293 } 294 obj->mm.dirty = false; 295 } 296 297 sg_free_table(pages); 298 kfree(pages); 299 300 drm_pci_free(obj->base.dev, obj->phys_handle); 301 } 302 303 static void 304 i915_gem_object_release_phys(struct drm_i915_gem_object *obj) 305 { 306 i915_gem_object_unpin_pages(obj); 307 } 308 309 static const struct drm_i915_gem_object_ops i915_gem_phys_ops = { 310 .get_pages = i915_gem_object_get_pages_phys, 311 .put_pages = i915_gem_object_put_pages_phys, 312 .release = i915_gem_object_release_phys, 313 }; 314 315 int i915_gem_object_unbind(struct drm_i915_gem_object *obj) 316 { 317 struct i915_vma *vma; 318 LIST_HEAD(still_in_list); 319 int ret; 320 321 lockdep_assert_held(&obj->base.dev->struct_mutex); 322 323 /* Closed vma are removed from the obj->vma_list - but they may 324 * still have an active binding on the object. To remove those we 325 * must wait for all rendering to complete to the object (as unbinding 326 * must anyway), and retire the requests. 327 */ 328 ret = i915_gem_object_wait(obj, 329 I915_WAIT_INTERRUPTIBLE | 330 I915_WAIT_LOCKED | 331 I915_WAIT_ALL, 332 MAX_SCHEDULE_TIMEOUT, 333 NULL); 334 if (ret) 335 return ret; 336 337 i915_gem_retire_requests(to_i915(obj->base.dev)); 338 339 while ((vma = list_first_entry_or_null(&obj->vma_list, 340 struct i915_vma, 341 obj_link))) { 342 list_move_tail(&vma->obj_link, &still_in_list); 343 ret = i915_vma_unbind(vma); 344 if (ret) 345 break; 346 } 347 list_splice(&still_in_list, &obj->vma_list); 348 349 return ret; 350 } 351 352 static long 353 i915_gem_object_wait_fence(struct dma_fence *fence, 354 unsigned int flags, 355 long timeout, 356 struct intel_rps_client *rps) 357 { 358 struct drm_i915_gem_request *rq; 359 360 BUILD_BUG_ON(I915_WAIT_INTERRUPTIBLE != 0x1); 361 362 if (test_bit(DMA_FENCE_FLAG_SIGNALED_BIT, &fence->flags)) 363 return timeout; 364 365 if (!dma_fence_is_i915(fence)) 366 return dma_fence_wait_timeout(fence, 367 flags & I915_WAIT_INTERRUPTIBLE, 368 timeout); 369 370 rq = to_request(fence); 371 if (i915_gem_request_completed(rq)) 372 goto out; 373 374 /* This client is about to stall waiting for the GPU. In many cases 375 * this is undesirable and limits the throughput of the system, as 376 * many clients cannot continue processing user input/output whilst 377 * blocked. RPS autotuning may take tens of milliseconds to respond 378 * to the GPU load and thus incurs additional latency for the client. 379 * We can circumvent that by promoting the GPU frequency to maximum 380 * before we wait. This makes the GPU throttle up much more quickly 381 * (good for benchmarks and user experience, e.g. window animations), 382 * but at a cost of spending more power processing the workload 383 * (bad for battery). Not all clients even want their results 384 * immediately and for them we should just let the GPU select its own 385 * frequency to maximise efficiency. To prevent a single client from 386 * forcing the clocks too high for the whole system, we only allow 387 * each client to waitboost once in a busy period. 388 */ 389 if (rps) { 390 if (INTEL_GEN(rq->i915) >= 6) 391 gen6_rps_boost(rq->i915, rps, rq->emitted_jiffies); 392 else 393 rps = NULL; 394 } 395 396 timeout = i915_wait_request(rq, flags, timeout); 397 398 out: 399 if (flags & I915_WAIT_LOCKED && i915_gem_request_completed(rq)) 400 i915_gem_request_retire_upto(rq); 401 402 if (rps && rq->global_seqno == intel_engine_last_submit(rq->engine)) { 403 /* The GPU is now idle and this client has stalled. 404 * Since no other client has submitted a request in the 405 * meantime, assume that this client is the only one 406 * supplying work to the GPU but is unable to keep that 407 * work supplied because it is waiting. Since the GPU is 408 * then never kept fully busy, RPS autoclocking will 409 * keep the clocks relatively low, causing further delays. 410 * Compensate by giving the synchronous client credit for 411 * a waitboost next time. 412 */ 413 spin_lock(&rq->i915->rps.client_lock); 414 list_del_init(&rps->link); 415 spin_unlock(&rq->i915->rps.client_lock); 416 } 417 418 return timeout; 419 } 420 421 static long 422 i915_gem_object_wait_reservation(struct reservation_object *resv, 423 unsigned int flags, 424 long timeout, 425 struct intel_rps_client *rps) 426 { 427 struct dma_fence *excl; 428 429 if (flags & I915_WAIT_ALL) { 430 struct dma_fence **shared; 431 unsigned int count, i; 432 int ret; 433 434 ret = reservation_object_get_fences_rcu(resv, 435 &excl, &count, &shared); 436 if (ret) 437 return ret; 438 439 for (i = 0; i < count; i++) { 440 timeout = i915_gem_object_wait_fence(shared[i], 441 flags, timeout, 442 rps); 443 if (timeout <= 0) 444 break; 445 446 dma_fence_put(shared[i]); 447 } 448 449 for (; i < count; i++) 450 dma_fence_put(shared[i]); 451 kfree(shared); 452 } else { 453 excl = reservation_object_get_excl_rcu(resv); 454 } 455 456 if (excl && timeout > 0) 457 timeout = i915_gem_object_wait_fence(excl, flags, timeout, rps); 458 459 dma_fence_put(excl); 460 461 return timeout; 462 } 463 464 static void __fence_set_priority(struct dma_fence *fence, int prio) 465 { 466 struct drm_i915_gem_request *rq; 467 struct intel_engine_cs *engine; 468 469 if (!dma_fence_is_i915(fence)) 470 return; 471 472 rq = to_request(fence); 473 engine = rq->engine; 474 if (!engine->schedule) 475 return; 476 477 engine->schedule(rq, prio); 478 } 479 480 static void fence_set_priority(struct dma_fence *fence, int prio) 481 { 482 /* Recurse once into a fence-array */ 483 if (dma_fence_is_array(fence)) { 484 struct dma_fence_array *array = to_dma_fence_array(fence); 485 int i; 486 487 for (i = 0; i < array->num_fences; i++) 488 __fence_set_priority(array->fences[i], prio); 489 } else { 490 __fence_set_priority(fence, prio); 491 } 492 } 493 494 int 495 i915_gem_object_wait_priority(struct drm_i915_gem_object *obj, 496 unsigned int flags, 497 int prio) 498 { 499 struct dma_fence *excl; 500 501 if (flags & I915_WAIT_ALL) { 502 struct dma_fence **shared; 503 unsigned int count, i; 504 int ret; 505 506 ret = reservation_object_get_fences_rcu(obj->resv, 507 &excl, &count, &shared); 508 if (ret) 509 return ret; 510 511 for (i = 0; i < count; i++) { 512 fence_set_priority(shared[i], prio); 513 dma_fence_put(shared[i]); 514 } 515 516 kfree(shared); 517 } else { 518 excl = reservation_object_get_excl_rcu(obj->resv); 519 } 520 521 if (excl) { 522 fence_set_priority(excl, prio); 523 dma_fence_put(excl); 524 } 525 return 0; 526 } 527 528 /** 529 * Waits for rendering to the object to be completed 530 * @obj: i915 gem object 531 * @flags: how to wait (under a lock, for all rendering or just for writes etc) 532 * @timeout: how long to wait 533 * @rps: client (user process) to charge for any waitboosting 534 */ 535 int 536 i915_gem_object_wait(struct drm_i915_gem_object *obj, 537 unsigned int flags, 538 long timeout, 539 struct intel_rps_client *rps) 540 { 541 might_sleep(); 542 #if IS_ENABLED(CONFIG_LOCKDEP) 543 GEM_BUG_ON(debug_locks && 544 !!lockdep_is_held(&obj->base.dev->struct_mutex) != 545 !!(flags & I915_WAIT_LOCKED)); 546 #endif 547 GEM_BUG_ON(timeout < 0); 548 549 timeout = i915_gem_object_wait_reservation(obj->resv, 550 flags, timeout, 551 rps); 552 return timeout < 0 ? timeout : 0; 553 } 554 555 static struct intel_rps_client *to_rps_client(struct drm_file *file) 556 { 557 struct drm_i915_file_private *fpriv = file->driver_priv; 558 559 return &fpriv->rps; 560 } 561 562 int 563 i915_gem_object_attach_phys(struct drm_i915_gem_object *obj, 564 int align) 565 { 566 int ret; 567 568 if (align > obj->base.size) 569 return -EINVAL; 570 571 if (obj->ops == &i915_gem_phys_ops) 572 return 0; 573 574 if (obj->mm.madv != I915_MADV_WILLNEED) 575 return -EFAULT; 576 577 if (obj->base.filp == NULL) 578 return -EINVAL; 579 580 ret = i915_gem_object_unbind(obj); 581 if (ret) 582 return ret; 583 584 __i915_gem_object_put_pages(obj, I915_MM_NORMAL); 585 if (obj->mm.pages) 586 return -EBUSY; 587 588 obj->ops = &i915_gem_phys_ops; 589 590 return i915_gem_object_pin_pages(obj); 591 } 592 593 static int 594 i915_gem_phys_pwrite(struct drm_i915_gem_object *obj, 595 struct drm_i915_gem_pwrite *args, 596 struct drm_file *file) 597 { 598 void *vaddr = obj->phys_handle->vaddr + args->offset; 599 char __user *user_data = u64_to_user_ptr(args->data_ptr); 600 601 /* We manually control the domain here and pretend that it 602 * remains coherent i.e. in the GTT domain, like shmem_pwrite. 603 */ 604 intel_fb_obj_invalidate(obj, ORIGIN_CPU); 605 if (copy_from_user(vaddr, user_data, args->size)) 606 return -EFAULT; 607 608 drm_clflush_virt_range(vaddr, args->size); 609 i915_gem_chipset_flush(to_i915(obj->base.dev)); 610 611 intel_fb_obj_flush(obj, false, ORIGIN_CPU); 612 return 0; 613 } 614 615 void *i915_gem_object_alloc(struct drm_device *dev) 616 { 617 struct drm_i915_private *dev_priv = to_i915(dev); 618 return kmem_cache_zalloc(dev_priv->objects, GFP_KERNEL); 619 } 620 621 void i915_gem_object_free(struct drm_i915_gem_object *obj) 622 { 623 struct drm_i915_private *dev_priv = to_i915(obj->base.dev); 624 kmem_cache_free(dev_priv->objects, obj); 625 } 626 627 static int 628 i915_gem_create(struct drm_file *file, 629 struct drm_device *dev, 630 uint64_t size, 631 uint32_t *handle_p) 632 { 633 struct drm_i915_gem_object *obj; 634 int ret; 635 u32 handle; 636 637 size = roundup(size, PAGE_SIZE); 638 if (size == 0) 639 return -EINVAL; 640 641 /* Allocate the new object */ 642 obj = i915_gem_object_create(dev, size); 643 if (IS_ERR(obj)) 644 return PTR_ERR(obj); 645 646 ret = drm_gem_handle_create(file, &obj->base, &handle); 647 /* drop reference from allocate - handle holds it now */ 648 i915_gem_object_put(obj); 649 if (ret) 650 return ret; 651 652 *handle_p = handle; 653 return 0; 654 } 655 656 int 657 i915_gem_dumb_create(struct drm_file *file, 658 struct drm_device *dev, 659 struct drm_mode_create_dumb *args) 660 { 661 /* have to work out size/pitch and return them */ 662 args->pitch = ALIGN(args->width * DIV_ROUND_UP(args->bpp, 8), 64); 663 args->size = args->pitch * args->height; 664 return i915_gem_create(file, dev, 665 args->size, &args->handle); 666 } 667 668 /** 669 * Creates a new mm object and returns a handle to it. 670 * @dev: drm device pointer 671 * @data: ioctl data blob 672 * @file: drm file pointer 673 */ 674 int 675 i915_gem_create_ioctl(struct drm_device *dev, void *data, 676 struct drm_file *file) 677 { 678 struct drm_i915_gem_create *args = data; 679 680 i915_gem_flush_free_objects(to_i915(dev)); 681 682 return i915_gem_create(file, dev, 683 args->size, &args->handle); 684 } 685 686 static inline int 687 __copy_to_user_swizzled(char __user *cpu_vaddr, 688 const char *gpu_vaddr, int gpu_offset, 689 int length) 690 { 691 int ret, cpu_offset = 0; 692 693 while (length > 0) { 694 int cacheline_end = ALIGN(gpu_offset + 1, 64); 695 int this_length = min(cacheline_end - gpu_offset, length); 696 int swizzled_gpu_offset = gpu_offset ^ 64; 697 698 ret = __copy_to_user(cpu_vaddr + cpu_offset, 699 gpu_vaddr + swizzled_gpu_offset, 700 this_length); 701 if (ret) 702 return ret + length; 703 704 cpu_offset += this_length; 705 gpu_offset += this_length; 706 length -= this_length; 707 } 708 709 return 0; 710 } 711 712 static inline int 713 __copy_from_user_swizzled(char *gpu_vaddr, int gpu_offset, 714 const char __user *cpu_vaddr, 715 int length) 716 { 717 int ret, cpu_offset = 0; 718 719 while (length > 0) { 720 int cacheline_end = ALIGN(gpu_offset + 1, 64); 721 int this_length = min(cacheline_end - gpu_offset, length); 722 int swizzled_gpu_offset = gpu_offset ^ 64; 723 724 ret = __copy_from_user(gpu_vaddr + swizzled_gpu_offset, 725 cpu_vaddr + cpu_offset, 726 this_length); 727 if (ret) 728 return ret + length; 729 730 cpu_offset += this_length; 731 gpu_offset += this_length; 732 length -= this_length; 733 } 734 735 return 0; 736 } 737 738 /* 739 * Pins the specified object's pages and synchronizes the object with 740 * GPU accesses. Sets needs_clflush to non-zero if the caller should 741 * flush the object from the CPU cache. 742 */ 743 int i915_gem_obj_prepare_shmem_read(struct drm_i915_gem_object *obj, 744 unsigned int *needs_clflush) 745 { 746 int ret; 747 748 lockdep_assert_held(&obj->base.dev->struct_mutex); 749 750 *needs_clflush = 0; 751 if (!i915_gem_object_has_struct_page(obj)) 752 return -ENODEV; 753 754 ret = i915_gem_object_wait(obj, 755 I915_WAIT_INTERRUPTIBLE | 756 I915_WAIT_LOCKED, 757 MAX_SCHEDULE_TIMEOUT, 758 NULL); 759 if (ret) 760 return ret; 761 762 ret = i915_gem_object_pin_pages(obj); 763 if (ret) 764 return ret; 765 766 i915_gem_object_flush_gtt_write_domain(obj); 767 768 /* If we're not in the cpu read domain, set ourself into the gtt 769 * read domain and manually flush cachelines (if required). This 770 * optimizes for the case when the gpu will dirty the data 771 * anyway again before the next pread happens. 772 */ 773 if (!(obj->base.read_domains & I915_GEM_DOMAIN_CPU)) 774 *needs_clflush = !cpu_cache_is_coherent(obj->base.dev, 775 obj->cache_level); 776 777 if (*needs_clflush && !static_cpu_has(X86_FEATURE_CLFLUSH)) { 778 ret = i915_gem_object_set_to_cpu_domain(obj, false); 779 if (ret) 780 goto err_unpin; 781 782 *needs_clflush = 0; 783 } 784 785 /* return with the pages pinned */ 786 return 0; 787 788 err_unpin: 789 i915_gem_object_unpin_pages(obj); 790 return ret; 791 } 792 793 int i915_gem_obj_prepare_shmem_write(struct drm_i915_gem_object *obj, 794 unsigned int *needs_clflush) 795 { 796 int ret; 797 798 lockdep_assert_held(&obj->base.dev->struct_mutex); 799 800 *needs_clflush = 0; 801 if (!i915_gem_object_has_struct_page(obj)) 802 return -ENODEV; 803 804 ret = i915_gem_object_wait(obj, 805 I915_WAIT_INTERRUPTIBLE | 806 I915_WAIT_LOCKED | 807 I915_WAIT_ALL, 808 MAX_SCHEDULE_TIMEOUT, 809 NULL); 810 if (ret) 811 return ret; 812 813 ret = i915_gem_object_pin_pages(obj); 814 if (ret) 815 return ret; 816 817 i915_gem_object_flush_gtt_write_domain(obj); 818 819 /* If we're not in the cpu write domain, set ourself into the 820 * gtt write domain and manually flush cachelines (as required). 821 * This optimizes for the case when the gpu will use the data 822 * right away and we therefore have to clflush anyway. 823 */ 824 if (obj->base.write_domain != I915_GEM_DOMAIN_CPU) 825 *needs_clflush |= cpu_write_needs_clflush(obj) << 1; 826 827 /* Same trick applies to invalidate partially written cachelines read 828 * before writing. 829 */ 830 if (!(obj->base.read_domains & I915_GEM_DOMAIN_CPU)) 831 *needs_clflush |= !cpu_cache_is_coherent(obj->base.dev, 832 obj->cache_level); 833 834 if (*needs_clflush && !static_cpu_has(X86_FEATURE_CLFLUSH)) { 835 ret = i915_gem_object_set_to_cpu_domain(obj, true); 836 if (ret) 837 goto err_unpin; 838 839 *needs_clflush = 0; 840 } 841 842 if ((*needs_clflush & CLFLUSH_AFTER) == 0) 843 obj->cache_dirty = true; 844 845 intel_fb_obj_invalidate(obj, ORIGIN_CPU); 846 obj->mm.dirty = true; 847 /* return with the pages pinned */ 848 return 0; 849 850 err_unpin: 851 i915_gem_object_unpin_pages(obj); 852 return ret; 853 } 854 855 static void 856 shmem_clflush_swizzled_range(char *addr, unsigned long length, 857 bool swizzled) 858 { 859 if (unlikely(swizzled)) { 860 unsigned long start = (unsigned long) addr; 861 unsigned long end = (unsigned long) addr + length; 862 863 /* For swizzling simply ensure that we always flush both 864 * channels. Lame, but simple and it works. Swizzled 865 * pwrite/pread is far from a hotpath - current userspace 866 * doesn't use it at all. */ 867 start = round_down(start, 128); 868 end = round_up(end, 128); 869 870 drm_clflush_virt_range((void *)start, end - start); 871 } else { 872 drm_clflush_virt_range(addr, length); 873 } 874 875 } 876 877 /* Only difference to the fast-path function is that this can handle bit17 878 * and uses non-atomic copy and kmap functions. */ 879 static int 880 shmem_pread_slow(struct page *page, int offset, int length, 881 char __user *user_data, 882 bool page_do_bit17_swizzling, bool needs_clflush) 883 { 884 char *vaddr; 885 int ret; 886 887 vaddr = kmap(page); 888 if (needs_clflush) 889 shmem_clflush_swizzled_range(vaddr + offset, length, 890 page_do_bit17_swizzling); 891 892 if (page_do_bit17_swizzling) 893 ret = __copy_to_user_swizzled(user_data, vaddr, offset, length); 894 else 895 ret = __copy_to_user(user_data, vaddr + offset, length); 896 kunmap(page); 897 898 return ret ? - EFAULT : 0; 899 } 900 901 static int 902 shmem_pread(struct page *page, int offset, int length, char __user *user_data, 903 bool page_do_bit17_swizzling, bool needs_clflush) 904 { 905 int ret; 906 907 ret = -ENODEV; 908 if (!page_do_bit17_swizzling) { 909 char *vaddr = kmap_atomic(page); 910 911 if (needs_clflush) 912 drm_clflush_virt_range(vaddr + offset, length); 913 ret = __copy_to_user_inatomic(user_data, vaddr + offset, length); 914 kunmap_atomic(vaddr); 915 } 916 if (ret == 0) 917 return 0; 918 919 return shmem_pread_slow(page, offset, length, user_data, 920 page_do_bit17_swizzling, needs_clflush); 921 } 922 923 static int 924 i915_gem_shmem_pread(struct drm_i915_gem_object *obj, 925 struct drm_i915_gem_pread *args) 926 { 927 char __user *user_data; 928 u64 remain; 929 unsigned int obj_do_bit17_swizzling; 930 unsigned int needs_clflush; 931 unsigned int idx, offset; 932 int ret; 933 934 obj_do_bit17_swizzling = 0; 935 if (i915_gem_object_needs_bit17_swizzle(obj)) 936 obj_do_bit17_swizzling = BIT(17); 937 938 ret = mutex_lock_interruptible(&obj->base.dev->struct_mutex); 939 if (ret) 940 return ret; 941 942 ret = i915_gem_obj_prepare_shmem_read(obj, &needs_clflush); 943 mutex_unlock(&obj->base.dev->struct_mutex); 944 if (ret) 945 return ret; 946 947 remain = args->size; 948 user_data = u64_to_user_ptr(args->data_ptr); 949 offset = offset_in_page(args->offset); 950 for (idx = args->offset >> PAGE_SHIFT; remain; idx++) { 951 struct page *page = i915_gem_object_get_page(obj, idx); 952 int length; 953 954 length = remain; 955 if (offset + length > PAGE_SIZE) 956 length = PAGE_SIZE - offset; 957 958 ret = shmem_pread(page, offset, length, user_data, 959 page_to_phys(page) & obj_do_bit17_swizzling, 960 needs_clflush); 961 if (ret) 962 break; 963 964 remain -= length; 965 user_data += length; 966 offset = 0; 967 } 968 969 i915_gem_obj_finish_shmem_access(obj); 970 return ret; 971 } 972 973 static inline bool 974 gtt_user_read(struct io_mapping *mapping, 975 loff_t base, int offset, 976 char __user *user_data, int length) 977 { 978 void *vaddr; 979 unsigned long unwritten; 980 981 /* We can use the cpu mem copy function because this is X86. */ 982 vaddr = (void __force *)io_mapping_map_atomic_wc(mapping, base); 983 unwritten = __copy_to_user_inatomic(user_data, vaddr + offset, length); 984 io_mapping_unmap_atomic(vaddr); 985 if (unwritten) { 986 vaddr = (void __force *) 987 io_mapping_map_wc(mapping, base, PAGE_SIZE); 988 unwritten = copy_to_user(user_data, vaddr + offset, length); 989 io_mapping_unmap(vaddr); 990 } 991 return unwritten; 992 } 993 994 static int 995 i915_gem_gtt_pread(struct drm_i915_gem_object *obj, 996 const struct drm_i915_gem_pread *args) 997 { 998 struct drm_i915_private *i915 = to_i915(obj->base.dev); 999 struct i915_ggtt *ggtt = &i915->ggtt; 1000 struct drm_mm_node node; 1001 struct i915_vma *vma; 1002 void __user *user_data; 1003 u64 remain, offset; 1004 int ret; 1005 1006 ret = mutex_lock_interruptible(&i915->drm.struct_mutex); 1007 if (ret) 1008 return ret; 1009 1010 intel_runtime_pm_get(i915); 1011 vma = i915_gem_object_ggtt_pin(obj, NULL, 0, 0, 1012 PIN_MAPPABLE | PIN_NONBLOCK); 1013 if (!IS_ERR(vma)) { 1014 node.start = i915_ggtt_offset(vma); 1015 node.allocated = false; 1016 ret = i915_vma_put_fence(vma); 1017 if (ret) { 1018 i915_vma_unpin(vma); 1019 vma = ERR_PTR(ret); 1020 } 1021 } 1022 if (IS_ERR(vma)) { 1023 ret = insert_mappable_node(ggtt, &node, PAGE_SIZE); 1024 if (ret) 1025 goto out_unlock; 1026 GEM_BUG_ON(!node.allocated); 1027 } 1028 1029 ret = i915_gem_object_set_to_gtt_domain(obj, false); 1030 if (ret) 1031 goto out_unpin; 1032 1033 mutex_unlock(&i915->drm.struct_mutex); 1034 1035 user_data = u64_to_user_ptr(args->data_ptr); 1036 remain = args->size; 1037 offset = args->offset; 1038 1039 while (remain > 0) { 1040 /* Operation in this page 1041 * 1042 * page_base = page offset within aperture 1043 * page_offset = offset within page 1044 * page_length = bytes to copy for this page 1045 */ 1046 u32 page_base = node.start; 1047 unsigned page_offset = offset_in_page(offset); 1048 unsigned page_length = PAGE_SIZE - page_offset; 1049 page_length = remain < page_length ? remain : page_length; 1050 if (node.allocated) { 1051 wmb(); 1052 ggtt->base.insert_page(&ggtt->base, 1053 i915_gem_object_get_dma_address(obj, offset >> PAGE_SHIFT), 1054 node.start, I915_CACHE_NONE, 0); 1055 wmb(); 1056 } else { 1057 page_base += offset & PAGE_MASK; 1058 } 1059 1060 if (gtt_user_read(&ggtt->mappable, page_base, page_offset, 1061 user_data, page_length)) { 1062 ret = -EFAULT; 1063 break; 1064 } 1065 1066 remain -= page_length; 1067 user_data += page_length; 1068 offset += page_length; 1069 } 1070 1071 mutex_lock(&i915->drm.struct_mutex); 1072 out_unpin: 1073 if (node.allocated) { 1074 wmb(); 1075 ggtt->base.clear_range(&ggtt->base, 1076 node.start, node.size); 1077 remove_mappable_node(&node); 1078 } else { 1079 i915_vma_unpin(vma); 1080 } 1081 out_unlock: 1082 intel_runtime_pm_put(i915); 1083 mutex_unlock(&i915->drm.struct_mutex); 1084 1085 return ret; 1086 } 1087 1088 /** 1089 * Reads data from the object referenced by handle. 1090 * @dev: drm device pointer 1091 * @data: ioctl data blob 1092 * @file: drm file pointer 1093 * 1094 * On error, the contents of *data are undefined. 1095 */ 1096 int 1097 i915_gem_pread_ioctl(struct drm_device *dev, void *data, 1098 struct drm_file *file) 1099 { 1100 struct drm_i915_gem_pread *args = data; 1101 struct drm_i915_gem_object *obj; 1102 int ret; 1103 1104 if (args->size == 0) 1105 return 0; 1106 1107 if (!access_ok(VERIFY_WRITE, 1108 u64_to_user_ptr(args->data_ptr), 1109 args->size)) 1110 return -EFAULT; 1111 1112 obj = i915_gem_object_lookup(file, args->handle); 1113 if (!obj) 1114 return -ENOENT; 1115 1116 /* Bounds check source. */ 1117 if (args->offset > obj->base.size || 1118 args->size > obj->base.size - args->offset) { 1119 ret = -EINVAL; 1120 goto out; 1121 } 1122 1123 trace_i915_gem_object_pread(obj, args->offset, args->size); 1124 1125 ret = i915_gem_object_wait(obj, 1126 I915_WAIT_INTERRUPTIBLE, 1127 MAX_SCHEDULE_TIMEOUT, 1128 to_rps_client(file)); 1129 if (ret) 1130 goto out; 1131 1132 ret = i915_gem_object_pin_pages(obj); 1133 if (ret) 1134 goto out; 1135 1136 ret = i915_gem_shmem_pread(obj, args); 1137 if (ret == -EFAULT || ret == -ENODEV) 1138 ret = i915_gem_gtt_pread(obj, args); 1139 1140 i915_gem_object_unpin_pages(obj); 1141 out: 1142 i915_gem_object_put(obj); 1143 return ret; 1144 } 1145 1146 /* This is the fast write path which cannot handle 1147 * page faults in the source data 1148 */ 1149 1150 static inline bool 1151 ggtt_write(struct io_mapping *mapping, 1152 loff_t base, int offset, 1153 char __user *user_data, int length) 1154 { 1155 void *vaddr; 1156 unsigned long unwritten; 1157 1158 /* We can use the cpu mem copy function because this is X86. */ 1159 vaddr = (void __force *)io_mapping_map_atomic_wc(mapping, base); 1160 unwritten = __copy_from_user_inatomic_nocache(vaddr + offset, 1161 user_data, length); 1162 io_mapping_unmap_atomic(vaddr); 1163 if (unwritten) { 1164 vaddr = (void __force *) 1165 io_mapping_map_wc(mapping, base, PAGE_SIZE); 1166 unwritten = copy_from_user(vaddr + offset, user_data, length); 1167 io_mapping_unmap(vaddr); 1168 } 1169 1170 return unwritten; 1171 } 1172 1173 /** 1174 * This is the fast pwrite path, where we copy the data directly from the 1175 * user into the GTT, uncached. 1176 * @obj: i915 GEM object 1177 * @args: pwrite arguments structure 1178 */ 1179 static int 1180 i915_gem_gtt_pwrite_fast(struct drm_i915_gem_object *obj, 1181 const struct drm_i915_gem_pwrite *args) 1182 { 1183 struct drm_i915_private *i915 = to_i915(obj->base.dev); 1184 struct i915_ggtt *ggtt = &i915->ggtt; 1185 struct drm_mm_node node; 1186 struct i915_vma *vma; 1187 u64 remain, offset; 1188 void __user *user_data; 1189 int ret; 1190 1191 ret = mutex_lock_interruptible(&i915->drm.struct_mutex); 1192 if (ret) 1193 return ret; 1194 1195 intel_runtime_pm_get(i915); 1196 vma = i915_gem_object_ggtt_pin(obj, NULL, 0, 0, 1197 PIN_MAPPABLE | PIN_NONBLOCK); 1198 if (!IS_ERR(vma)) { 1199 node.start = i915_ggtt_offset(vma); 1200 node.allocated = false; 1201 ret = i915_vma_put_fence(vma); 1202 if (ret) { 1203 i915_vma_unpin(vma); 1204 vma = ERR_PTR(ret); 1205 } 1206 } 1207 if (IS_ERR(vma)) { 1208 ret = insert_mappable_node(ggtt, &node, PAGE_SIZE); 1209 if (ret) 1210 goto out_unlock; 1211 GEM_BUG_ON(!node.allocated); 1212 } 1213 1214 ret = i915_gem_object_set_to_gtt_domain(obj, true); 1215 if (ret) 1216 goto out_unpin; 1217 1218 mutex_unlock(&i915->drm.struct_mutex); 1219 1220 intel_fb_obj_invalidate(obj, ORIGIN_CPU); 1221 1222 user_data = u64_to_user_ptr(args->data_ptr); 1223 offset = args->offset; 1224 remain = args->size; 1225 while (remain) { 1226 /* Operation in this page 1227 * 1228 * page_base = page offset within aperture 1229 * page_offset = offset within page 1230 * page_length = bytes to copy for this page 1231 */ 1232 u32 page_base = node.start; 1233 unsigned int page_offset = offset_in_page(offset); 1234 unsigned int page_length = PAGE_SIZE - page_offset; 1235 page_length = remain < page_length ? remain : page_length; 1236 if (node.allocated) { 1237 wmb(); /* flush the write before we modify the GGTT */ 1238 ggtt->base.insert_page(&ggtt->base, 1239 i915_gem_object_get_dma_address(obj, offset >> PAGE_SHIFT), 1240 node.start, I915_CACHE_NONE, 0); 1241 wmb(); /* flush modifications to the GGTT (insert_page) */ 1242 } else { 1243 page_base += offset & PAGE_MASK; 1244 } 1245 /* If we get a fault while copying data, then (presumably) our 1246 * source page isn't available. Return the error and we'll 1247 * retry in the slow path. 1248 * If the object is non-shmem backed, we retry again with the 1249 * path that handles page fault. 1250 */ 1251 if (ggtt_write(&ggtt->mappable, page_base, page_offset, 1252 user_data, page_length)) { 1253 ret = -EFAULT; 1254 break; 1255 } 1256 1257 remain -= page_length; 1258 user_data += page_length; 1259 offset += page_length; 1260 } 1261 intel_fb_obj_flush(obj, false, ORIGIN_CPU); 1262 1263 mutex_lock(&i915->drm.struct_mutex); 1264 out_unpin: 1265 if (node.allocated) { 1266 wmb(); 1267 ggtt->base.clear_range(&ggtt->base, 1268 node.start, node.size); 1269 remove_mappable_node(&node); 1270 } else { 1271 i915_vma_unpin(vma); 1272 } 1273 out_unlock: 1274 intel_runtime_pm_put(i915); 1275 mutex_unlock(&i915->drm.struct_mutex); 1276 return ret; 1277 } 1278 1279 static int 1280 shmem_pwrite_slow(struct page *page, int offset, int length, 1281 char __user *user_data, 1282 bool page_do_bit17_swizzling, 1283 bool needs_clflush_before, 1284 bool needs_clflush_after) 1285 { 1286 char *vaddr; 1287 int ret; 1288 1289 vaddr = kmap(page); 1290 if (unlikely(needs_clflush_before || page_do_bit17_swizzling)) 1291 shmem_clflush_swizzled_range(vaddr + offset, length, 1292 page_do_bit17_swizzling); 1293 if (page_do_bit17_swizzling) 1294 ret = __copy_from_user_swizzled(vaddr, offset, user_data, 1295 length); 1296 else 1297 ret = __copy_from_user(vaddr + offset, user_data, length); 1298 if (needs_clflush_after) 1299 shmem_clflush_swizzled_range(vaddr + offset, length, 1300 page_do_bit17_swizzling); 1301 kunmap(page); 1302 1303 return ret ? -EFAULT : 0; 1304 } 1305 1306 /* Per-page copy function for the shmem pwrite fastpath. 1307 * Flushes invalid cachelines before writing to the target if 1308 * needs_clflush_before is set and flushes out any written cachelines after 1309 * writing if needs_clflush is set. 1310 */ 1311 static int 1312 shmem_pwrite(struct page *page, int offset, int len, char __user *user_data, 1313 bool page_do_bit17_swizzling, 1314 bool needs_clflush_before, 1315 bool needs_clflush_after) 1316 { 1317 int ret; 1318 1319 ret = -ENODEV; 1320 if (!page_do_bit17_swizzling) { 1321 char *vaddr = kmap_atomic(page); 1322 1323 if (needs_clflush_before) 1324 drm_clflush_virt_range(vaddr + offset, len); 1325 ret = __copy_from_user_inatomic(vaddr + offset, user_data, len); 1326 if (needs_clflush_after) 1327 drm_clflush_virt_range(vaddr + offset, len); 1328 1329 kunmap_atomic(vaddr); 1330 } 1331 if (ret == 0) 1332 return ret; 1333 1334 return shmem_pwrite_slow(page, offset, len, user_data, 1335 page_do_bit17_swizzling, 1336 needs_clflush_before, 1337 needs_clflush_after); 1338 } 1339 1340 static int 1341 i915_gem_shmem_pwrite(struct drm_i915_gem_object *obj, 1342 const struct drm_i915_gem_pwrite *args) 1343 { 1344 struct drm_i915_private *i915 = to_i915(obj->base.dev); 1345 void __user *user_data; 1346 u64 remain; 1347 unsigned int obj_do_bit17_swizzling; 1348 unsigned int partial_cacheline_write; 1349 unsigned int needs_clflush; 1350 unsigned int offset, idx; 1351 int ret; 1352 1353 ret = mutex_lock_interruptible(&i915->drm.struct_mutex); 1354 if (ret) 1355 return ret; 1356 1357 ret = i915_gem_obj_prepare_shmem_write(obj, &needs_clflush); 1358 mutex_unlock(&i915->drm.struct_mutex); 1359 if (ret) 1360 return ret; 1361 1362 obj_do_bit17_swizzling = 0; 1363 if (i915_gem_object_needs_bit17_swizzle(obj)) 1364 obj_do_bit17_swizzling = BIT(17); 1365 1366 /* If we don't overwrite a cacheline completely we need to be 1367 * careful to have up-to-date data by first clflushing. Don't 1368 * overcomplicate things and flush the entire patch. 1369 */ 1370 partial_cacheline_write = 0; 1371 if (needs_clflush & CLFLUSH_BEFORE) 1372 partial_cacheline_write = boot_cpu_data.x86_clflush_size - 1; 1373 1374 user_data = u64_to_user_ptr(args->data_ptr); 1375 remain = args->size; 1376 offset = offset_in_page(args->offset); 1377 for (idx = args->offset >> PAGE_SHIFT; remain; idx++) { 1378 struct page *page = i915_gem_object_get_page(obj, idx); 1379 int length; 1380 1381 length = remain; 1382 if (offset + length > PAGE_SIZE) 1383 length = PAGE_SIZE - offset; 1384 1385 ret = shmem_pwrite(page, offset, length, user_data, 1386 page_to_phys(page) & obj_do_bit17_swizzling, 1387 (offset | length) & partial_cacheline_write, 1388 needs_clflush & CLFLUSH_AFTER); 1389 if (ret) 1390 break; 1391 1392 remain -= length; 1393 user_data += length; 1394 offset = 0; 1395 } 1396 1397 intel_fb_obj_flush(obj, false, ORIGIN_CPU); 1398 i915_gem_obj_finish_shmem_access(obj); 1399 return ret; 1400 } 1401 1402 /** 1403 * Writes data to the object referenced by handle. 1404 * @dev: drm device 1405 * @data: ioctl data blob 1406 * @file: drm file 1407 * 1408 * On error, the contents of the buffer that were to be modified are undefined. 1409 */ 1410 int 1411 i915_gem_pwrite_ioctl(struct drm_device *dev, void *data, 1412 struct drm_file *file) 1413 { 1414 struct drm_i915_gem_pwrite *args = data; 1415 struct drm_i915_gem_object *obj; 1416 int ret; 1417 1418 if (args->size == 0) 1419 return 0; 1420 1421 if (!access_ok(VERIFY_READ, 1422 u64_to_user_ptr(args->data_ptr), 1423 args->size)) 1424 return -EFAULT; 1425 1426 obj = i915_gem_object_lookup(file, args->handle); 1427 if (!obj) 1428 return -ENOENT; 1429 1430 /* Bounds check destination. */ 1431 if (args->offset > obj->base.size || 1432 args->size > obj->base.size - args->offset) { 1433 ret = -EINVAL; 1434 goto err; 1435 } 1436 1437 trace_i915_gem_object_pwrite(obj, args->offset, args->size); 1438 1439 ret = i915_gem_object_wait(obj, 1440 I915_WAIT_INTERRUPTIBLE | 1441 I915_WAIT_ALL, 1442 MAX_SCHEDULE_TIMEOUT, 1443 to_rps_client(file)); 1444 if (ret) 1445 goto err; 1446 1447 ret = i915_gem_object_pin_pages(obj); 1448 if (ret) 1449 goto err; 1450 1451 ret = -EFAULT; 1452 /* We can only do the GTT pwrite on untiled buffers, as otherwise 1453 * it would end up going through the fenced access, and we'll get 1454 * different detiling behavior between reading and writing. 1455 * pread/pwrite currently are reading and writing from the CPU 1456 * perspective, requiring manual detiling by the client. 1457 */ 1458 if (!i915_gem_object_has_struct_page(obj) || 1459 cpu_write_needs_clflush(obj)) 1460 /* Note that the gtt paths might fail with non-page-backed user 1461 * pointers (e.g. gtt mappings when moving data between 1462 * textures). Fallback to the shmem path in that case. 1463 */ 1464 ret = i915_gem_gtt_pwrite_fast(obj, args); 1465 1466 if (ret == -EFAULT || ret == -ENOSPC) { 1467 if (obj->phys_handle) 1468 ret = i915_gem_phys_pwrite(obj, args, file); 1469 else 1470 ret = i915_gem_shmem_pwrite(obj, args); 1471 } 1472 1473 i915_gem_object_unpin_pages(obj); 1474 err: 1475 i915_gem_object_put(obj); 1476 return ret; 1477 } 1478 1479 static inline enum fb_op_origin 1480 write_origin(struct drm_i915_gem_object *obj, unsigned domain) 1481 { 1482 return (domain == I915_GEM_DOMAIN_GTT ? 1483 obj->frontbuffer_ggtt_origin : ORIGIN_CPU); 1484 } 1485 1486 static void i915_gem_object_bump_inactive_ggtt(struct drm_i915_gem_object *obj) 1487 { 1488 struct drm_i915_private *i915; 1489 struct list_head *list; 1490 struct i915_vma *vma; 1491 1492 list_for_each_entry(vma, &obj->vma_list, obj_link) { 1493 if (!i915_vma_is_ggtt(vma)) 1494 continue; 1495 1496 if (i915_vma_is_active(vma)) 1497 continue; 1498 1499 if (!drm_mm_node_allocated(&vma->node)) 1500 continue; 1501 1502 list_move_tail(&vma->vm_link, &vma->vm->inactive_list); 1503 } 1504 1505 i915 = to_i915(obj->base.dev); 1506 list = obj->bind_count ? &i915->mm.bound_list : &i915->mm.unbound_list; 1507 list_move_tail(&obj->global_link, list); 1508 } 1509 1510 /** 1511 * Called when user space prepares to use an object with the CPU, either 1512 * through the mmap ioctl's mapping or a GTT mapping. 1513 * @dev: drm device 1514 * @data: ioctl data blob 1515 * @file: drm file 1516 */ 1517 int 1518 i915_gem_set_domain_ioctl(struct drm_device *dev, void *data, 1519 struct drm_file *file) 1520 { 1521 struct drm_i915_gem_set_domain *args = data; 1522 struct drm_i915_gem_object *obj; 1523 uint32_t read_domains = args->read_domains; 1524 uint32_t write_domain = args->write_domain; 1525 int err; 1526 1527 /* Only handle setting domains to types used by the CPU. */ 1528 if ((write_domain | read_domains) & I915_GEM_GPU_DOMAINS) 1529 return -EINVAL; 1530 1531 /* Having something in the write domain implies it's in the read 1532 * domain, and only that read domain. Enforce that in the request. 1533 */ 1534 if (write_domain != 0 && read_domains != write_domain) 1535 return -EINVAL; 1536 1537 obj = i915_gem_object_lookup(file, args->handle); 1538 if (!obj) 1539 return -ENOENT; 1540 1541 /* Try to flush the object off the GPU without holding the lock. 1542 * We will repeat the flush holding the lock in the normal manner 1543 * to catch cases where we are gazumped. 1544 */ 1545 err = i915_gem_object_wait(obj, 1546 I915_WAIT_INTERRUPTIBLE | 1547 (write_domain ? I915_WAIT_ALL : 0), 1548 MAX_SCHEDULE_TIMEOUT, 1549 to_rps_client(file)); 1550 if (err) 1551 goto out; 1552 1553 /* Flush and acquire obj->pages so that we are coherent through 1554 * direct access in memory with previous cached writes through 1555 * shmemfs and that our cache domain tracking remains valid. 1556 * For example, if the obj->filp was moved to swap without us 1557 * being notified and releasing the pages, we would mistakenly 1558 * continue to assume that the obj remained out of the CPU cached 1559 * domain. 1560 */ 1561 err = i915_gem_object_pin_pages(obj); 1562 if (err) 1563 goto out; 1564 1565 err = i915_mutex_lock_interruptible(dev); 1566 if (err) 1567 goto out_unpin; 1568 1569 if (read_domains & I915_GEM_DOMAIN_GTT) 1570 err = i915_gem_object_set_to_gtt_domain(obj, write_domain != 0); 1571 else 1572 err = i915_gem_object_set_to_cpu_domain(obj, write_domain != 0); 1573 1574 /* And bump the LRU for this access */ 1575 i915_gem_object_bump_inactive_ggtt(obj); 1576 1577 mutex_unlock(&dev->struct_mutex); 1578 1579 if (write_domain != 0) 1580 intel_fb_obj_invalidate(obj, write_origin(obj, write_domain)); 1581 1582 out_unpin: 1583 i915_gem_object_unpin_pages(obj); 1584 out: 1585 i915_gem_object_put(obj); 1586 return err; 1587 } 1588 1589 /** 1590 * Called when user space has done writes to this buffer 1591 * @dev: drm device 1592 * @data: ioctl data blob 1593 * @file: drm file 1594 */ 1595 int 1596 i915_gem_sw_finish_ioctl(struct drm_device *dev, void *data, 1597 struct drm_file *file) 1598 { 1599 struct drm_i915_gem_sw_finish *args = data; 1600 struct drm_i915_gem_object *obj; 1601 int err = 0; 1602 1603 obj = i915_gem_object_lookup(file, args->handle); 1604 if (!obj) 1605 return -ENOENT; 1606 1607 /* Pinned buffers may be scanout, so flush the cache */ 1608 if (READ_ONCE(obj->pin_display)) { 1609 err = i915_mutex_lock_interruptible(dev); 1610 if (!err) { 1611 i915_gem_object_flush_cpu_write_domain(obj); 1612 mutex_unlock(&dev->struct_mutex); 1613 } 1614 } 1615 1616 i915_gem_object_put(obj); 1617 return err; 1618 } 1619 1620 /** 1621 * i915_gem_mmap_ioctl - Maps the contents of an object, returning the address 1622 * it is mapped to. 1623 * @dev: drm device 1624 * @data: ioctl data blob 1625 * @file: drm file 1626 * 1627 * While the mapping holds a reference on the contents of the object, it doesn't 1628 * imply a ref on the object itself. 1629 * 1630 * IMPORTANT: 1631 * 1632 * DRM driver writers who look a this function as an example for how to do GEM 1633 * mmap support, please don't implement mmap support like here. The modern way 1634 * to implement DRM mmap support is with an mmap offset ioctl (like 1635 * i915_gem_mmap_gtt) and then using the mmap syscall on the DRM fd directly. 1636 * That way debug tooling like valgrind will understand what's going on, hiding 1637 * the mmap call in a driver private ioctl will break that. The i915 driver only 1638 * does cpu mmaps this way because we didn't know better. 1639 */ 1640 int 1641 i915_gem_mmap_ioctl(struct drm_device *dev, void *data, 1642 struct drm_file *file) 1643 { 1644 struct drm_i915_gem_mmap *args = data; 1645 struct drm_i915_gem_object *obj; 1646 unsigned long addr; 1647 1648 if (args->flags & ~(I915_MMAP_WC)) 1649 return -EINVAL; 1650 1651 if (args->flags & I915_MMAP_WC && !boot_cpu_has(X86_FEATURE_PAT)) 1652 return -ENODEV; 1653 1654 obj = i915_gem_object_lookup(file, args->handle); 1655 if (!obj) 1656 return -ENOENT; 1657 1658 /* prime objects have no backing filp to GEM mmap 1659 * pages from. 1660 */ 1661 if (!obj->base.filp) { 1662 i915_gem_object_put(obj); 1663 return -EINVAL; 1664 } 1665 1666 addr = vm_mmap(obj->base.filp, 0, args->size, 1667 PROT_READ | PROT_WRITE, MAP_SHARED, 1668 args->offset); 1669 if (args->flags & I915_MMAP_WC) { 1670 struct mm_struct *mm = current->mm; 1671 struct vm_area_struct *vma; 1672 1673 if (down_write_killable(&mm->mmap_sem)) { 1674 i915_gem_object_put(obj); 1675 return -EINTR; 1676 } 1677 vma = find_vma(mm, addr); 1678 if (vma) 1679 vma->vm_page_prot = 1680 pgprot_writecombine(vm_get_page_prot(vma->vm_flags)); 1681 else 1682 addr = -ENOMEM; 1683 up_write(&mm->mmap_sem); 1684 1685 /* This may race, but that's ok, it only gets set */ 1686 WRITE_ONCE(obj->frontbuffer_ggtt_origin, ORIGIN_CPU); 1687 } 1688 i915_gem_object_put(obj); 1689 if (IS_ERR((void *)addr)) 1690 return addr; 1691 1692 args->addr_ptr = (uint64_t) addr; 1693 1694 return 0; 1695 } 1696 1697 static unsigned int tile_row_pages(struct drm_i915_gem_object *obj) 1698 { 1699 u64 size; 1700 1701 size = i915_gem_object_get_stride(obj); 1702 size *= i915_gem_object_get_tiling(obj) == I915_TILING_Y ? 32 : 8; 1703 1704 return size >> PAGE_SHIFT; 1705 } 1706 1707 /** 1708 * i915_gem_mmap_gtt_version - report the current feature set for GTT mmaps 1709 * 1710 * A history of the GTT mmap interface: 1711 * 1712 * 0 - Everything had to fit into the GTT. Both parties of a memcpy had to 1713 * aligned and suitable for fencing, and still fit into the available 1714 * mappable space left by the pinned display objects. A classic problem 1715 * we called the page-fault-of-doom where we would ping-pong between 1716 * two objects that could not fit inside the GTT and so the memcpy 1717 * would page one object in at the expense of the other between every 1718 * single byte. 1719 * 1720 * 1 - Objects can be any size, and have any compatible fencing (X Y, or none 1721 * as set via i915_gem_set_tiling() [DRM_I915_GEM_SET_TILING]). If the 1722 * object is too large for the available space (or simply too large 1723 * for the mappable aperture!), a view is created instead and faulted 1724 * into userspace. (This view is aligned and sized appropriately for 1725 * fenced access.) 1726 * 1727 * Restrictions: 1728 * 1729 * * snoopable objects cannot be accessed via the GTT. It can cause machine 1730 * hangs on some architectures, corruption on others. An attempt to service 1731 * a GTT page fault from a snoopable object will generate a SIGBUS. 1732 * 1733 * * the object must be able to fit into RAM (physical memory, though no 1734 * limited to the mappable aperture). 1735 * 1736 * 1737 * Caveats: 1738 * 1739 * * a new GTT page fault will synchronize rendering from the GPU and flush 1740 * all data to system memory. Subsequent access will not be synchronized. 1741 * 1742 * * all mappings are revoked on runtime device suspend. 1743 * 1744 * * there are only 8, 16 or 32 fence registers to share between all users 1745 * (older machines require fence register for display and blitter access 1746 * as well). Contention of the fence registers will cause the previous users 1747 * to be unmapped and any new access will generate new page faults. 1748 * 1749 * * running out of memory while servicing a fault may generate a SIGBUS, 1750 * rather than the expected SIGSEGV. 1751 */ 1752 int i915_gem_mmap_gtt_version(void) 1753 { 1754 return 1; 1755 } 1756 1757 /** 1758 * i915_gem_fault - fault a page into the GTT 1759 * @area: CPU VMA in question 1760 * @vmf: fault info 1761 * 1762 * The fault handler is set up by drm_gem_mmap() when a object is GTT mapped 1763 * from userspace. The fault handler takes care of binding the object to 1764 * the GTT (if needed), allocating and programming a fence register (again, 1765 * only if needed based on whether the old reg is still valid or the object 1766 * is tiled) and inserting a new PTE into the faulting process. 1767 * 1768 * Note that the faulting process may involve evicting existing objects 1769 * from the GTT and/or fence registers to make room. So performance may 1770 * suffer if the GTT working set is large or there are few fence registers 1771 * left. 1772 * 1773 * The current feature set supported by i915_gem_fault() and thus GTT mmaps 1774 * is exposed via I915_PARAM_MMAP_GTT_VERSION (see i915_gem_mmap_gtt_version). 1775 */ 1776 int i915_gem_fault(struct vm_area_struct *area, struct vm_fault *vmf) 1777 { 1778 #define MIN_CHUNK_PAGES ((1 << 20) >> PAGE_SHIFT) /* 1 MiB */ 1779 struct drm_i915_gem_object *obj = to_intel_bo(area->vm_private_data); 1780 struct drm_device *dev = obj->base.dev; 1781 struct drm_i915_private *dev_priv = to_i915(dev); 1782 struct i915_ggtt *ggtt = &dev_priv->ggtt; 1783 bool write = !!(vmf->flags & FAULT_FLAG_WRITE); 1784 struct i915_vma *vma; 1785 pgoff_t page_offset; 1786 unsigned int flags; 1787 int ret; 1788 1789 /* We don't use vmf->pgoff since that has the fake offset */ 1790 page_offset = (vmf->address - area->vm_start) >> PAGE_SHIFT; 1791 1792 trace_i915_gem_object_fault(obj, page_offset, true, write); 1793 1794 /* Try to flush the object off the GPU first without holding the lock. 1795 * Upon acquiring the lock, we will perform our sanity checks and then 1796 * repeat the flush holding the lock in the normal manner to catch cases 1797 * where we are gazumped. 1798 */ 1799 ret = i915_gem_object_wait(obj, 1800 I915_WAIT_INTERRUPTIBLE, 1801 MAX_SCHEDULE_TIMEOUT, 1802 NULL); 1803 if (ret) 1804 goto err; 1805 1806 ret = i915_gem_object_pin_pages(obj); 1807 if (ret) 1808 goto err; 1809 1810 intel_runtime_pm_get(dev_priv); 1811 1812 ret = i915_mutex_lock_interruptible(dev); 1813 if (ret) 1814 goto err_rpm; 1815 1816 /* Access to snoopable pages through the GTT is incoherent. */ 1817 if (obj->cache_level != I915_CACHE_NONE && !HAS_LLC(dev_priv)) { 1818 ret = -EFAULT; 1819 goto err_unlock; 1820 } 1821 1822 /* If the object is smaller than a couple of partial vma, it is 1823 * not worth only creating a single partial vma - we may as well 1824 * clear enough space for the full object. 1825 */ 1826 flags = PIN_MAPPABLE; 1827 if (obj->base.size > 2 * MIN_CHUNK_PAGES << PAGE_SHIFT) 1828 flags |= PIN_NONBLOCK | PIN_NONFAULT; 1829 1830 /* Now pin it into the GTT as needed */ 1831 vma = i915_gem_object_ggtt_pin(obj, NULL, 0, 0, flags); 1832 if (IS_ERR(vma)) { 1833 struct i915_ggtt_view view; 1834 unsigned int chunk_size; 1835 1836 /* Use a partial view if it is bigger than available space */ 1837 chunk_size = MIN_CHUNK_PAGES; 1838 if (i915_gem_object_is_tiled(obj)) 1839 chunk_size = roundup(chunk_size, tile_row_pages(obj)); 1840 1841 memset(&view, 0, sizeof(view)); 1842 view.type = I915_GGTT_VIEW_PARTIAL; 1843 view.params.partial.offset = rounddown(page_offset, chunk_size); 1844 view.params.partial.size = 1845 min_t(unsigned int, chunk_size, 1846 vma_pages(area) - view.params.partial.offset); 1847 1848 /* If the partial covers the entire object, just create a 1849 * normal VMA. 1850 */ 1851 if (chunk_size >= obj->base.size >> PAGE_SHIFT) 1852 view.type = I915_GGTT_VIEW_NORMAL; 1853 1854 /* Userspace is now writing through an untracked VMA, abandon 1855 * all hope that the hardware is able to track future writes. 1856 */ 1857 obj->frontbuffer_ggtt_origin = ORIGIN_CPU; 1858 1859 vma = i915_gem_object_ggtt_pin(obj, &view, 0, 0, PIN_MAPPABLE); 1860 } 1861 if (IS_ERR(vma)) { 1862 ret = PTR_ERR(vma); 1863 goto err_unlock; 1864 } 1865 1866 ret = i915_gem_object_set_to_gtt_domain(obj, write); 1867 if (ret) 1868 goto err_unpin; 1869 1870 ret = i915_vma_get_fence(vma); 1871 if (ret) 1872 goto err_unpin; 1873 1874 /* Mark as being mmapped into userspace for later revocation */ 1875 assert_rpm_wakelock_held(dev_priv); 1876 if (list_empty(&obj->userfault_link)) 1877 list_add(&obj->userfault_link, &dev_priv->mm.userfault_list); 1878 1879 /* Finally, remap it using the new GTT offset */ 1880 ret = remap_io_mapping(area, 1881 area->vm_start + (vma->ggtt_view.params.partial.offset << PAGE_SHIFT), 1882 (ggtt->mappable_base + vma->node.start) >> PAGE_SHIFT, 1883 min_t(u64, vma->size, area->vm_end - area->vm_start), 1884 &ggtt->mappable); 1885 1886 err_unpin: 1887 __i915_vma_unpin(vma); 1888 err_unlock: 1889 mutex_unlock(&dev->struct_mutex); 1890 err_rpm: 1891 intel_runtime_pm_put(dev_priv); 1892 i915_gem_object_unpin_pages(obj); 1893 err: 1894 switch (ret) { 1895 case -EIO: 1896 /* 1897 * We eat errors when the gpu is terminally wedged to avoid 1898 * userspace unduly crashing (gl has no provisions for mmaps to 1899 * fail). But any other -EIO isn't ours (e.g. swap in failure) 1900 * and so needs to be reported. 1901 */ 1902 if (!i915_terminally_wedged(&dev_priv->gpu_error)) { 1903 ret = VM_FAULT_SIGBUS; 1904 break; 1905 } 1906 case -EAGAIN: 1907 /* 1908 * EAGAIN means the gpu is hung and we'll wait for the error 1909 * handler to reset everything when re-faulting in 1910 * i915_mutex_lock_interruptible. 1911 */ 1912 case 0: 1913 case -ERESTARTSYS: 1914 case -EINTR: 1915 case -EBUSY: 1916 /* 1917 * EBUSY is ok: this just means that another thread 1918 * already did the job. 1919 */ 1920 ret = VM_FAULT_NOPAGE; 1921 break; 1922 case -ENOMEM: 1923 ret = VM_FAULT_OOM; 1924 break; 1925 case -ENOSPC: 1926 case -EFAULT: 1927 ret = VM_FAULT_SIGBUS; 1928 break; 1929 default: 1930 WARN_ONCE(ret, "unhandled error in i915_gem_fault: %i\n", ret); 1931 ret = VM_FAULT_SIGBUS; 1932 break; 1933 } 1934 return ret; 1935 } 1936 1937 /** 1938 * i915_gem_release_mmap - remove physical page mappings 1939 * @obj: obj in question 1940 * 1941 * Preserve the reservation of the mmapping with the DRM core code, but 1942 * relinquish ownership of the pages back to the system. 1943 * 1944 * It is vital that we remove the page mapping if we have mapped a tiled 1945 * object through the GTT and then lose the fence register due to 1946 * resource pressure. Similarly if the object has been moved out of the 1947 * aperture, than pages mapped into userspace must be revoked. Removing the 1948 * mapping will then trigger a page fault on the next user access, allowing 1949 * fixup by i915_gem_fault(). 1950 */ 1951 void 1952 i915_gem_release_mmap(struct drm_i915_gem_object *obj) 1953 { 1954 struct drm_i915_private *i915 = to_i915(obj->base.dev); 1955 1956 /* Serialisation between user GTT access and our code depends upon 1957 * revoking the CPU's PTE whilst the mutex is held. The next user 1958 * pagefault then has to wait until we release the mutex. 1959 * 1960 * Note that RPM complicates somewhat by adding an additional 1961 * requirement that operations to the GGTT be made holding the RPM 1962 * wakeref. 1963 */ 1964 lockdep_assert_held(&i915->drm.struct_mutex); 1965 intel_runtime_pm_get(i915); 1966 1967 if (list_empty(&obj->userfault_link)) 1968 goto out; 1969 1970 list_del_init(&obj->userfault_link); 1971 drm_vma_node_unmap(&obj->base.vma_node, 1972 obj->base.dev->anon_inode->i_mapping); 1973 1974 /* Ensure that the CPU's PTE are revoked and there are not outstanding 1975 * memory transactions from userspace before we return. The TLB 1976 * flushing implied above by changing the PTE above *should* be 1977 * sufficient, an extra barrier here just provides us with a bit 1978 * of paranoid documentation about our requirement to serialise 1979 * memory writes before touching registers / GSM. 1980 */ 1981 wmb(); 1982 1983 out: 1984 intel_runtime_pm_put(i915); 1985 } 1986 1987 void i915_gem_runtime_suspend(struct drm_i915_private *dev_priv) 1988 { 1989 struct drm_i915_gem_object *obj, *on; 1990 int i; 1991 1992 /* 1993 * Only called during RPM suspend. All users of the userfault_list 1994 * must be holding an RPM wakeref to ensure that this can not 1995 * run concurrently with themselves (and use the struct_mutex for 1996 * protection between themselves). 1997 */ 1998 1999 list_for_each_entry_safe(obj, on, 2000 &dev_priv->mm.userfault_list, userfault_link) { 2001 list_del_init(&obj->userfault_link); 2002 drm_vma_node_unmap(&obj->base.vma_node, 2003 obj->base.dev->anon_inode->i_mapping); 2004 } 2005 2006 /* The fence will be lost when the device powers down. If any were 2007 * in use by hardware (i.e. they are pinned), we should not be powering 2008 * down! All other fences will be reacquired by the user upon waking. 2009 */ 2010 for (i = 0; i < dev_priv->num_fence_regs; i++) { 2011 struct drm_i915_fence_reg *reg = &dev_priv->fence_regs[i]; 2012 2013 /* Ideally we want to assert that the fence register is not 2014 * live at this point (i.e. that no piece of code will be 2015 * trying to write through fence + GTT, as that both violates 2016 * our tracking of activity and associated locking/barriers, 2017 * but also is illegal given that the hw is powered down). 2018 * 2019 * Previously we used reg->pin_count as a "liveness" indicator. 2020 * That is not sufficient, and we need a more fine-grained 2021 * tool if we want to have a sanity check here. 2022 */ 2023 2024 if (!reg->vma) 2025 continue; 2026 2027 GEM_BUG_ON(!list_empty(®->vma->obj->userfault_link)); 2028 reg->dirty = true; 2029 } 2030 } 2031 2032 /** 2033 * i915_gem_get_ggtt_size - return required global GTT size for an object 2034 * @dev_priv: i915 device 2035 * @size: object size 2036 * @tiling_mode: tiling mode 2037 * 2038 * Return the required global GTT size for an object, taking into account 2039 * potential fence register mapping. 2040 */ 2041 u64 i915_gem_get_ggtt_size(struct drm_i915_private *dev_priv, 2042 u64 size, int tiling_mode) 2043 { 2044 u64 ggtt_size; 2045 2046 GEM_BUG_ON(size == 0); 2047 2048 if (INTEL_GEN(dev_priv) >= 4 || 2049 tiling_mode == I915_TILING_NONE) 2050 return size; 2051 2052 /* Previous chips need a power-of-two fence region when tiling */ 2053 if (IS_GEN3(dev_priv)) 2054 ggtt_size = 1024*1024; 2055 else 2056 ggtt_size = 512*1024; 2057 2058 while (ggtt_size < size) 2059 ggtt_size <<= 1; 2060 2061 return ggtt_size; 2062 } 2063 2064 /** 2065 * i915_gem_get_ggtt_alignment - return required global GTT alignment 2066 * @dev_priv: i915 device 2067 * @size: object size 2068 * @tiling_mode: tiling mode 2069 * @fenced: is fenced alignment required or not 2070 * 2071 * Return the required global GTT alignment for an object, taking into account 2072 * potential fence register mapping. 2073 */ 2074 u64 i915_gem_get_ggtt_alignment(struct drm_i915_private *dev_priv, u64 size, 2075 int tiling_mode, bool fenced) 2076 { 2077 GEM_BUG_ON(size == 0); 2078 2079 /* 2080 * Minimum alignment is 4k (GTT page size), but might be greater 2081 * if a fence register is needed for the object. 2082 */ 2083 if (INTEL_GEN(dev_priv) >= 4 || (!fenced && IS_G33(dev_priv)) || 2084 tiling_mode == I915_TILING_NONE) 2085 return 4096; 2086 2087 /* 2088 * Previous chips need to be aligned to the size of the smallest 2089 * fence register that can contain the object. 2090 */ 2091 return i915_gem_get_ggtt_size(dev_priv, size, tiling_mode); 2092 } 2093 2094 static int i915_gem_object_create_mmap_offset(struct drm_i915_gem_object *obj) 2095 { 2096 struct drm_i915_private *dev_priv = to_i915(obj->base.dev); 2097 int err; 2098 2099 err = drm_gem_create_mmap_offset(&obj->base); 2100 if (!err) 2101 return 0; 2102 2103 /* We can idle the GPU locklessly to flush stale objects, but in order 2104 * to claim that space for ourselves, we need to take the big 2105 * struct_mutex to free the requests+objects and allocate our slot. 2106 */ 2107 err = i915_gem_wait_for_idle(dev_priv, I915_WAIT_INTERRUPTIBLE); 2108 if (err) 2109 return err; 2110 2111 err = i915_mutex_lock_interruptible(&dev_priv->drm); 2112 if (!err) { 2113 i915_gem_retire_requests(dev_priv); 2114 err = drm_gem_create_mmap_offset(&obj->base); 2115 mutex_unlock(&dev_priv->drm.struct_mutex); 2116 } 2117 2118 return err; 2119 } 2120 2121 static void i915_gem_object_free_mmap_offset(struct drm_i915_gem_object *obj) 2122 { 2123 drm_gem_free_mmap_offset(&obj->base); 2124 } 2125 2126 int 2127 i915_gem_mmap_gtt(struct drm_file *file, 2128 struct drm_device *dev, 2129 uint32_t handle, 2130 uint64_t *offset) 2131 { 2132 struct drm_i915_gem_object *obj; 2133 int ret; 2134 2135 obj = i915_gem_object_lookup(file, handle); 2136 if (!obj) 2137 return -ENOENT; 2138 2139 ret = i915_gem_object_create_mmap_offset(obj); 2140 if (ret == 0) 2141 *offset = drm_vma_node_offset_addr(&obj->base.vma_node); 2142 2143 i915_gem_object_put(obj); 2144 return ret; 2145 } 2146 2147 /** 2148 * i915_gem_mmap_gtt_ioctl - prepare an object for GTT mmap'ing 2149 * @dev: DRM device 2150 * @data: GTT mapping ioctl data 2151 * @file: GEM object info 2152 * 2153 * Simply returns the fake offset to userspace so it can mmap it. 2154 * The mmap call will end up in drm_gem_mmap(), which will set things 2155 * up so we can get faults in the handler above. 2156 * 2157 * The fault handler will take care of binding the object into the GTT 2158 * (since it may have been evicted to make room for something), allocating 2159 * a fence register, and mapping the appropriate aperture address into 2160 * userspace. 2161 */ 2162 int 2163 i915_gem_mmap_gtt_ioctl(struct drm_device *dev, void *data, 2164 struct drm_file *file) 2165 { 2166 struct drm_i915_gem_mmap_gtt *args = data; 2167 2168 return i915_gem_mmap_gtt(file, dev, args->handle, &args->offset); 2169 } 2170 2171 /* Immediately discard the backing storage */ 2172 static void 2173 i915_gem_object_truncate(struct drm_i915_gem_object *obj) 2174 { 2175 i915_gem_object_free_mmap_offset(obj); 2176 2177 if (obj->base.filp == NULL) 2178 return; 2179 2180 /* Our goal here is to return as much of the memory as 2181 * is possible back to the system as we are called from OOM. 2182 * To do this we must instruct the shmfs to drop all of its 2183 * backing pages, *now*. 2184 */ 2185 shmem_truncate_range(file_inode(obj->base.filp), 0, (loff_t)-1); 2186 obj->mm.madv = __I915_MADV_PURGED; 2187 } 2188 2189 /* Try to discard unwanted pages */ 2190 void __i915_gem_object_invalidate(struct drm_i915_gem_object *obj) 2191 { 2192 struct address_space *mapping; 2193 2194 lockdep_assert_held(&obj->mm.lock); 2195 GEM_BUG_ON(obj->mm.pages); 2196 2197 switch (obj->mm.madv) { 2198 case I915_MADV_DONTNEED: 2199 i915_gem_object_truncate(obj); 2200 case __I915_MADV_PURGED: 2201 return; 2202 } 2203 2204 if (obj->base.filp == NULL) 2205 return; 2206 2207 mapping = obj->base.filp->f_mapping, 2208 invalidate_mapping_pages(mapping, 0, (loff_t)-1); 2209 } 2210 2211 static void 2212 i915_gem_object_put_pages_gtt(struct drm_i915_gem_object *obj, 2213 struct sg_table *pages) 2214 { 2215 struct sgt_iter sgt_iter; 2216 struct page *page; 2217 2218 __i915_gem_object_release_shmem(obj, pages, true); 2219 2220 i915_gem_gtt_finish_pages(obj, pages); 2221 2222 if (i915_gem_object_needs_bit17_swizzle(obj)) 2223 i915_gem_object_save_bit_17_swizzle(obj, pages); 2224 2225 for_each_sgt_page(page, sgt_iter, pages) { 2226 if (obj->mm.dirty) 2227 set_page_dirty(page); 2228 2229 if (obj->mm.madv == I915_MADV_WILLNEED) 2230 mark_page_accessed(page); 2231 2232 put_page(page); 2233 } 2234 obj->mm.dirty = false; 2235 2236 sg_free_table(pages); 2237 kfree(pages); 2238 } 2239 2240 static void __i915_gem_object_reset_page_iter(struct drm_i915_gem_object *obj) 2241 { 2242 struct radix_tree_iter iter; 2243 void **slot; 2244 2245 radix_tree_for_each_slot(slot, &obj->mm.get_page.radix, &iter, 0) 2246 radix_tree_delete(&obj->mm.get_page.radix, iter.index); 2247 } 2248 2249 void __i915_gem_object_put_pages(struct drm_i915_gem_object *obj, 2250 enum i915_mm_subclass subclass) 2251 { 2252 struct sg_table *pages; 2253 2254 if (i915_gem_object_has_pinned_pages(obj)) 2255 return; 2256 2257 GEM_BUG_ON(obj->bind_count); 2258 if (!READ_ONCE(obj->mm.pages)) 2259 return; 2260 2261 /* May be called by shrinker from within get_pages() (on another bo) */ 2262 mutex_lock_nested(&obj->mm.lock, subclass); 2263 if (unlikely(atomic_read(&obj->mm.pages_pin_count))) 2264 goto unlock; 2265 2266 /* ->put_pages might need to allocate memory for the bit17 swizzle 2267 * array, hence protect them from being reaped by removing them from gtt 2268 * lists early. */ 2269 pages = fetch_and_zero(&obj->mm.pages); 2270 GEM_BUG_ON(!pages); 2271 2272 if (obj->mm.mapping) { 2273 void *ptr; 2274 2275 ptr = ptr_mask_bits(obj->mm.mapping); 2276 if (is_vmalloc_addr(ptr)) 2277 vunmap(ptr); 2278 else 2279 kunmap(kmap_to_page(ptr)); 2280 2281 obj->mm.mapping = NULL; 2282 } 2283 2284 __i915_gem_object_reset_page_iter(obj); 2285 2286 obj->ops->put_pages(obj, pages); 2287 unlock: 2288 mutex_unlock(&obj->mm.lock); 2289 } 2290 2291 static void i915_sg_trim(struct sg_table *orig_st) 2292 { 2293 struct sg_table new_st; 2294 struct scatterlist *sg, *new_sg; 2295 unsigned int i; 2296 2297 if (orig_st->nents == orig_st->orig_nents) 2298 return; 2299 2300 if (sg_alloc_table(&new_st, orig_st->nents, GFP_KERNEL | __GFP_NOWARN)) 2301 return; 2302 2303 new_sg = new_st.sgl; 2304 for_each_sg(orig_st->sgl, sg, orig_st->nents, i) { 2305 sg_set_page(new_sg, sg_page(sg), sg->length, 0); 2306 /* called before being DMA mapped, no need to copy sg->dma_* */ 2307 new_sg = sg_next(new_sg); 2308 } 2309 2310 sg_free_table(orig_st); 2311 2312 *orig_st = new_st; 2313 } 2314 2315 static struct sg_table * 2316 i915_gem_object_get_pages_gtt(struct drm_i915_gem_object *obj) 2317 { 2318 struct drm_i915_private *dev_priv = to_i915(obj->base.dev); 2319 const unsigned long page_count = obj->base.size / PAGE_SIZE; 2320 unsigned long i; 2321 struct address_space *mapping; 2322 struct sg_table *st; 2323 struct scatterlist *sg; 2324 struct sgt_iter sgt_iter; 2325 struct page *page; 2326 unsigned long last_pfn = 0; /* suppress gcc warning */ 2327 unsigned int max_segment; 2328 int ret; 2329 gfp_t gfp; 2330 2331 /* Assert that the object is not currently in any GPU domain. As it 2332 * wasn't in the GTT, there shouldn't be any way it could have been in 2333 * a GPU cache 2334 */ 2335 GEM_BUG_ON(obj->base.read_domains & I915_GEM_GPU_DOMAINS); 2336 GEM_BUG_ON(obj->base.write_domain & I915_GEM_GPU_DOMAINS); 2337 2338 max_segment = swiotlb_max_segment(); 2339 if (!max_segment) 2340 max_segment = rounddown(UINT_MAX, PAGE_SIZE); 2341 2342 st = kmalloc(sizeof(*st), GFP_KERNEL); 2343 if (st == NULL) 2344 return ERR_PTR(-ENOMEM); 2345 2346 rebuild_st: 2347 if (sg_alloc_table(st, page_count, GFP_KERNEL)) { 2348 kfree(st); 2349 return ERR_PTR(-ENOMEM); 2350 } 2351 2352 /* Get the list of pages out of our struct file. They'll be pinned 2353 * at this point until we release them. 2354 * 2355 * Fail silently without starting the shrinker 2356 */ 2357 mapping = obj->base.filp->f_mapping; 2358 gfp = mapping_gfp_constraint(mapping, ~(__GFP_IO | __GFP_RECLAIM)); 2359 gfp |= __GFP_NORETRY | __GFP_NOWARN; 2360 sg = st->sgl; 2361 st->nents = 0; 2362 for (i = 0; i < page_count; i++) { 2363 page = shmem_read_mapping_page_gfp(mapping, i, gfp); 2364 if (IS_ERR(page)) { 2365 i915_gem_shrink(dev_priv, 2366 page_count, 2367 I915_SHRINK_BOUND | 2368 I915_SHRINK_UNBOUND | 2369 I915_SHRINK_PURGEABLE); 2370 page = shmem_read_mapping_page_gfp(mapping, i, gfp); 2371 } 2372 if (IS_ERR(page)) { 2373 /* We've tried hard to allocate the memory by reaping 2374 * our own buffer, now let the real VM do its job and 2375 * go down in flames if truly OOM. 2376 */ 2377 page = shmem_read_mapping_page(mapping, i); 2378 if (IS_ERR(page)) { 2379 ret = PTR_ERR(page); 2380 goto err_sg; 2381 } 2382 } 2383 if (!i || 2384 sg->length >= max_segment || 2385 page_to_pfn(page) != last_pfn + 1) { 2386 if (i) 2387 sg = sg_next(sg); 2388 st->nents++; 2389 sg_set_page(sg, page, PAGE_SIZE, 0); 2390 } else { 2391 sg->length += PAGE_SIZE; 2392 } 2393 last_pfn = page_to_pfn(page); 2394 2395 /* Check that the i965g/gm workaround works. */ 2396 WARN_ON((gfp & __GFP_DMA32) && (last_pfn >= 0x00100000UL)); 2397 } 2398 if (sg) /* loop terminated early; short sg table */ 2399 sg_mark_end(sg); 2400 2401 /* Trim unused sg entries to avoid wasting memory. */ 2402 i915_sg_trim(st); 2403 2404 ret = i915_gem_gtt_prepare_pages(obj, st); 2405 if (ret) { 2406 /* DMA remapping failed? One possible cause is that 2407 * it could not reserve enough large entries, asking 2408 * for PAGE_SIZE chunks instead may be helpful. 2409 */ 2410 if (max_segment > PAGE_SIZE) { 2411 for_each_sgt_page(page, sgt_iter, st) 2412 put_page(page); 2413 sg_free_table(st); 2414 2415 max_segment = PAGE_SIZE; 2416 goto rebuild_st; 2417 } else { 2418 dev_warn(&dev_priv->drm.pdev->dev, 2419 "Failed to DMA remap %lu pages\n", 2420 page_count); 2421 goto err_pages; 2422 } 2423 } 2424 2425 if (i915_gem_object_needs_bit17_swizzle(obj)) 2426 i915_gem_object_do_bit_17_swizzle(obj, st); 2427 2428 return st; 2429 2430 err_sg: 2431 sg_mark_end(sg); 2432 err_pages: 2433 for_each_sgt_page(page, sgt_iter, st) 2434 put_page(page); 2435 sg_free_table(st); 2436 kfree(st); 2437 2438 /* shmemfs first checks if there is enough memory to allocate the page 2439 * and reports ENOSPC should there be insufficient, along with the usual 2440 * ENOMEM for a genuine allocation failure. 2441 * 2442 * We use ENOSPC in our driver to mean that we have run out of aperture 2443 * space and so want to translate the error from shmemfs back to our 2444 * usual understanding of ENOMEM. 2445 */ 2446 if (ret == -ENOSPC) 2447 ret = -ENOMEM; 2448 2449 return ERR_PTR(ret); 2450 } 2451 2452 void __i915_gem_object_set_pages(struct drm_i915_gem_object *obj, 2453 struct sg_table *pages) 2454 { 2455 lockdep_assert_held(&obj->mm.lock); 2456 2457 obj->mm.get_page.sg_pos = pages->sgl; 2458 obj->mm.get_page.sg_idx = 0; 2459 2460 obj->mm.pages = pages; 2461 2462 if (i915_gem_object_is_tiled(obj) && 2463 to_i915(obj->base.dev)->quirks & QUIRK_PIN_SWIZZLED_PAGES) { 2464 GEM_BUG_ON(obj->mm.quirked); 2465 __i915_gem_object_pin_pages(obj); 2466 obj->mm.quirked = true; 2467 } 2468 } 2469 2470 static int ____i915_gem_object_get_pages(struct drm_i915_gem_object *obj) 2471 { 2472 struct sg_table *pages; 2473 2474 GEM_BUG_ON(i915_gem_object_has_pinned_pages(obj)); 2475 2476 if (unlikely(obj->mm.madv != I915_MADV_WILLNEED)) { 2477 DRM_DEBUG("Attempting to obtain a purgeable object\n"); 2478 return -EFAULT; 2479 } 2480 2481 pages = obj->ops->get_pages(obj); 2482 if (unlikely(IS_ERR(pages))) 2483 return PTR_ERR(pages); 2484 2485 __i915_gem_object_set_pages(obj, pages); 2486 return 0; 2487 } 2488 2489 /* Ensure that the associated pages are gathered from the backing storage 2490 * and pinned into our object. i915_gem_object_pin_pages() may be called 2491 * multiple times before they are released by a single call to 2492 * i915_gem_object_unpin_pages() - once the pages are no longer referenced 2493 * either as a result of memory pressure (reaping pages under the shrinker) 2494 * or as the object is itself released. 2495 */ 2496 int __i915_gem_object_get_pages(struct drm_i915_gem_object *obj) 2497 { 2498 int err; 2499 2500 err = mutex_lock_interruptible(&obj->mm.lock); 2501 if (err) 2502 return err; 2503 2504 if (unlikely(!obj->mm.pages)) { 2505 err = ____i915_gem_object_get_pages(obj); 2506 if (err) 2507 goto unlock; 2508 2509 smp_mb__before_atomic(); 2510 } 2511 atomic_inc(&obj->mm.pages_pin_count); 2512 2513 unlock: 2514 mutex_unlock(&obj->mm.lock); 2515 return err; 2516 } 2517 2518 /* The 'mapping' part of i915_gem_object_pin_map() below */ 2519 static void *i915_gem_object_map(const struct drm_i915_gem_object *obj, 2520 enum i915_map_type type) 2521 { 2522 unsigned long n_pages = obj->base.size >> PAGE_SHIFT; 2523 struct sg_table *sgt = obj->mm.pages; 2524 struct sgt_iter sgt_iter; 2525 struct page *page; 2526 struct page *stack_pages[32]; 2527 struct page **pages = stack_pages; 2528 unsigned long i = 0; 2529 pgprot_t pgprot; 2530 void *addr; 2531 2532 /* A single page can always be kmapped */ 2533 if (n_pages == 1 && type == I915_MAP_WB) 2534 return kmap(sg_page(sgt->sgl)); 2535 2536 if (n_pages > ARRAY_SIZE(stack_pages)) { 2537 /* Too big for stack -- allocate temporary array instead */ 2538 pages = drm_malloc_gfp(n_pages, sizeof(*pages), GFP_TEMPORARY); 2539 if (!pages) 2540 return NULL; 2541 } 2542 2543 for_each_sgt_page(page, sgt_iter, sgt) 2544 pages[i++] = page; 2545 2546 /* Check that we have the expected number of pages */ 2547 GEM_BUG_ON(i != n_pages); 2548 2549 switch (type) { 2550 case I915_MAP_WB: 2551 pgprot = PAGE_KERNEL; 2552 break; 2553 case I915_MAP_WC: 2554 pgprot = pgprot_writecombine(PAGE_KERNEL_IO); 2555 break; 2556 } 2557 addr = vmap(pages, n_pages, 0, pgprot); 2558 2559 if (pages != stack_pages) 2560 drm_free_large(pages); 2561 2562 return addr; 2563 } 2564 2565 /* get, pin, and map the pages of the object into kernel space */ 2566 void *i915_gem_object_pin_map(struct drm_i915_gem_object *obj, 2567 enum i915_map_type type) 2568 { 2569 enum i915_map_type has_type; 2570 bool pinned; 2571 void *ptr; 2572 int ret; 2573 2574 GEM_BUG_ON(!i915_gem_object_has_struct_page(obj)); 2575 2576 ret = mutex_lock_interruptible(&obj->mm.lock); 2577 if (ret) 2578 return ERR_PTR(ret); 2579 2580 pinned = true; 2581 if (!atomic_inc_not_zero(&obj->mm.pages_pin_count)) { 2582 if (unlikely(!obj->mm.pages)) { 2583 ret = ____i915_gem_object_get_pages(obj); 2584 if (ret) 2585 goto err_unlock; 2586 2587 smp_mb__before_atomic(); 2588 } 2589 atomic_inc(&obj->mm.pages_pin_count); 2590 pinned = false; 2591 } 2592 GEM_BUG_ON(!obj->mm.pages); 2593 2594 ptr = ptr_unpack_bits(obj->mm.mapping, has_type); 2595 if (ptr && has_type != type) { 2596 if (pinned) { 2597 ret = -EBUSY; 2598 goto err_unpin; 2599 } 2600 2601 if (is_vmalloc_addr(ptr)) 2602 vunmap(ptr); 2603 else 2604 kunmap(kmap_to_page(ptr)); 2605 2606 ptr = obj->mm.mapping = NULL; 2607 } 2608 2609 if (!ptr) { 2610 ptr = i915_gem_object_map(obj, type); 2611 if (!ptr) { 2612 ret = -ENOMEM; 2613 goto err_unpin; 2614 } 2615 2616 obj->mm.mapping = ptr_pack_bits(ptr, type); 2617 } 2618 2619 out_unlock: 2620 mutex_unlock(&obj->mm.lock); 2621 return ptr; 2622 2623 err_unpin: 2624 atomic_dec(&obj->mm.pages_pin_count); 2625 err_unlock: 2626 ptr = ERR_PTR(ret); 2627 goto out_unlock; 2628 } 2629 2630 static bool i915_context_is_banned(const struct i915_gem_context *ctx) 2631 { 2632 unsigned long elapsed; 2633 2634 if (ctx->hang_stats.banned) 2635 return true; 2636 2637 elapsed = get_seconds() - ctx->hang_stats.guilty_ts; 2638 if (ctx->hang_stats.ban_period_seconds && 2639 elapsed <= ctx->hang_stats.ban_period_seconds) { 2640 DRM_DEBUG("context hanging too fast, banning!\n"); 2641 return true; 2642 } 2643 2644 return false; 2645 } 2646 2647 static void i915_set_reset_status(struct i915_gem_context *ctx, 2648 const bool guilty) 2649 { 2650 struct i915_ctx_hang_stats *hs = &ctx->hang_stats; 2651 2652 if (guilty) { 2653 hs->banned = i915_context_is_banned(ctx); 2654 hs->batch_active++; 2655 hs->guilty_ts = get_seconds(); 2656 } else { 2657 hs->batch_pending++; 2658 } 2659 } 2660 2661 struct drm_i915_gem_request * 2662 i915_gem_find_active_request(struct intel_engine_cs *engine) 2663 { 2664 struct drm_i915_gem_request *request; 2665 2666 /* We are called by the error capture and reset at a random 2667 * point in time. In particular, note that neither is crucially 2668 * ordered with an interrupt. After a hang, the GPU is dead and we 2669 * assume that no more writes can happen (we waited long enough for 2670 * all writes that were in transaction to be flushed) - adding an 2671 * extra delay for a recent interrupt is pointless. Hence, we do 2672 * not need an engine->irq_seqno_barrier() before the seqno reads. 2673 */ 2674 list_for_each_entry(request, &engine->timeline->requests, link) { 2675 if (__i915_gem_request_completed(request)) 2676 continue; 2677 2678 return request; 2679 } 2680 2681 return NULL; 2682 } 2683 2684 static void reset_request(struct drm_i915_gem_request *request) 2685 { 2686 void *vaddr = request->ring->vaddr; 2687 u32 head; 2688 2689 /* As this request likely depends on state from the lost 2690 * context, clear out all the user operations leaving the 2691 * breadcrumb at the end (so we get the fence notifications). 2692 */ 2693 head = request->head; 2694 if (request->postfix < head) { 2695 memset(vaddr + head, 0, request->ring->size - head); 2696 head = 0; 2697 } 2698 memset(vaddr + head, 0, request->postfix - head); 2699 } 2700 2701 static void i915_gem_reset_engine(struct intel_engine_cs *engine) 2702 { 2703 struct drm_i915_gem_request *request; 2704 struct i915_gem_context *incomplete_ctx; 2705 struct intel_timeline *timeline; 2706 unsigned long flags; 2707 bool ring_hung; 2708 2709 if (engine->irq_seqno_barrier) 2710 engine->irq_seqno_barrier(engine); 2711 2712 request = i915_gem_find_active_request(engine); 2713 if (!request) 2714 return; 2715 2716 ring_hung = engine->hangcheck.score >= HANGCHECK_SCORE_RING_HUNG; 2717 if (engine->hangcheck.seqno != intel_engine_get_seqno(engine)) 2718 ring_hung = false; 2719 2720 i915_set_reset_status(request->ctx, ring_hung); 2721 if (!ring_hung) 2722 return; 2723 2724 DRM_DEBUG_DRIVER("resetting %s to restart from tail of request 0x%x\n", 2725 engine->name, request->global_seqno); 2726 2727 /* Setup the CS to resume from the breadcrumb of the hung request */ 2728 engine->reset_hw(engine, request); 2729 2730 /* Users of the default context do not rely on logical state 2731 * preserved between batches. They have to emit full state on 2732 * every batch and so it is safe to execute queued requests following 2733 * the hang. 2734 * 2735 * Other contexts preserve state, now corrupt. We want to skip all 2736 * queued requests that reference the corrupt context. 2737 */ 2738 incomplete_ctx = request->ctx; 2739 if (i915_gem_context_is_default(incomplete_ctx)) 2740 return; 2741 2742 timeline = i915_gem_context_lookup_timeline(incomplete_ctx, engine); 2743 2744 spin_lock_irqsave(&engine->timeline->lock, flags); 2745 spin_lock(&timeline->lock); 2746 2747 list_for_each_entry_continue(request, &engine->timeline->requests, link) 2748 if (request->ctx == incomplete_ctx) 2749 reset_request(request); 2750 2751 list_for_each_entry(request, &timeline->requests, link) 2752 reset_request(request); 2753 2754 spin_unlock(&timeline->lock); 2755 spin_unlock_irqrestore(&engine->timeline->lock, flags); 2756 } 2757 2758 void i915_gem_reset(struct drm_i915_private *dev_priv) 2759 { 2760 struct intel_engine_cs *engine; 2761 enum intel_engine_id id; 2762 2763 lockdep_assert_held(&dev_priv->drm.struct_mutex); 2764 2765 i915_gem_retire_requests(dev_priv); 2766 2767 for_each_engine(engine, dev_priv, id) 2768 i915_gem_reset_engine(engine); 2769 2770 i915_gem_restore_fences(dev_priv); 2771 2772 if (dev_priv->gt.awake) { 2773 intel_sanitize_gt_powersave(dev_priv); 2774 intel_enable_gt_powersave(dev_priv); 2775 if (INTEL_GEN(dev_priv) >= 6) 2776 gen6_rps_busy(dev_priv); 2777 } 2778 } 2779 2780 static void nop_submit_request(struct drm_i915_gem_request *request) 2781 { 2782 i915_gem_request_submit(request); 2783 intel_engine_init_global_seqno(request->engine, request->global_seqno); 2784 } 2785 2786 static void i915_gem_cleanup_engine(struct intel_engine_cs *engine) 2787 { 2788 engine->submit_request = nop_submit_request; 2789 2790 /* Mark all pending requests as complete so that any concurrent 2791 * (lockless) lookup doesn't try and wait upon the request as we 2792 * reset it. 2793 */ 2794 intel_engine_init_global_seqno(engine, 2795 intel_engine_last_submit(engine)); 2796 2797 /* 2798 * Clear the execlists queue up before freeing the requests, as those 2799 * are the ones that keep the context and ringbuffer backing objects 2800 * pinned in place. 2801 */ 2802 2803 if (i915.enable_execlists) { 2804 unsigned long flags; 2805 2806 spin_lock_irqsave(&engine->timeline->lock, flags); 2807 2808 i915_gem_request_put(engine->execlist_port[0].request); 2809 i915_gem_request_put(engine->execlist_port[1].request); 2810 memset(engine->execlist_port, 0, sizeof(engine->execlist_port)); 2811 engine->execlist_queue = RB_ROOT; 2812 engine->execlist_first = NULL; 2813 2814 spin_unlock_irqrestore(&engine->timeline->lock, flags); 2815 } 2816 } 2817 2818 void i915_gem_set_wedged(struct drm_i915_private *dev_priv) 2819 { 2820 struct intel_engine_cs *engine; 2821 enum intel_engine_id id; 2822 2823 lockdep_assert_held(&dev_priv->drm.struct_mutex); 2824 set_bit(I915_WEDGED, &dev_priv->gpu_error.flags); 2825 2826 i915_gem_context_lost(dev_priv); 2827 for_each_engine(engine, dev_priv, id) 2828 i915_gem_cleanup_engine(engine); 2829 mod_delayed_work(dev_priv->wq, &dev_priv->gt.idle_work, 0); 2830 2831 i915_gem_retire_requests(dev_priv); 2832 } 2833 2834 static void 2835 i915_gem_retire_work_handler(struct work_struct *work) 2836 { 2837 struct drm_i915_private *dev_priv = 2838 container_of(work, typeof(*dev_priv), gt.retire_work.work); 2839 struct drm_device *dev = &dev_priv->drm; 2840 2841 /* Come back later if the device is busy... */ 2842 if (mutex_trylock(&dev->struct_mutex)) { 2843 i915_gem_retire_requests(dev_priv); 2844 mutex_unlock(&dev->struct_mutex); 2845 } 2846 2847 /* Keep the retire handler running until we are finally idle. 2848 * We do not need to do this test under locking as in the worst-case 2849 * we queue the retire worker once too often. 2850 */ 2851 if (READ_ONCE(dev_priv->gt.awake)) { 2852 i915_queue_hangcheck(dev_priv); 2853 queue_delayed_work(dev_priv->wq, 2854 &dev_priv->gt.retire_work, 2855 round_jiffies_up_relative(HZ)); 2856 } 2857 } 2858 2859 static void 2860 i915_gem_idle_work_handler(struct work_struct *work) 2861 { 2862 struct drm_i915_private *dev_priv = 2863 container_of(work, typeof(*dev_priv), gt.idle_work.work); 2864 struct drm_device *dev = &dev_priv->drm; 2865 struct intel_engine_cs *engine; 2866 enum intel_engine_id id; 2867 bool rearm_hangcheck; 2868 2869 if (!READ_ONCE(dev_priv->gt.awake)) 2870 return; 2871 2872 /* 2873 * Wait for last execlists context complete, but bail out in case a 2874 * new request is submitted. 2875 */ 2876 wait_for(READ_ONCE(dev_priv->gt.active_requests) || 2877 intel_execlists_idle(dev_priv), 10); 2878 2879 if (READ_ONCE(dev_priv->gt.active_requests)) 2880 return; 2881 2882 rearm_hangcheck = 2883 cancel_delayed_work_sync(&dev_priv->gpu_error.hangcheck_work); 2884 2885 if (!mutex_trylock(&dev->struct_mutex)) { 2886 /* Currently busy, come back later */ 2887 mod_delayed_work(dev_priv->wq, 2888 &dev_priv->gt.idle_work, 2889 msecs_to_jiffies(50)); 2890 goto out_rearm; 2891 } 2892 2893 /* 2894 * New request retired after this work handler started, extend active 2895 * period until next instance of the work. 2896 */ 2897 if (work_pending(work)) 2898 goto out_unlock; 2899 2900 if (dev_priv->gt.active_requests) 2901 goto out_unlock; 2902 2903 if (wait_for(intel_execlists_idle(dev_priv), 10)) 2904 DRM_ERROR("Timeout waiting for engines to idle\n"); 2905 2906 for_each_engine(engine, dev_priv, id) 2907 i915_gem_batch_pool_fini(&engine->batch_pool); 2908 2909 GEM_BUG_ON(!dev_priv->gt.awake); 2910 dev_priv->gt.awake = false; 2911 rearm_hangcheck = false; 2912 2913 if (INTEL_GEN(dev_priv) >= 6) 2914 gen6_rps_idle(dev_priv); 2915 intel_runtime_pm_put(dev_priv); 2916 out_unlock: 2917 mutex_unlock(&dev->struct_mutex); 2918 2919 out_rearm: 2920 if (rearm_hangcheck) { 2921 GEM_BUG_ON(!dev_priv->gt.awake); 2922 i915_queue_hangcheck(dev_priv); 2923 } 2924 } 2925 2926 void i915_gem_close_object(struct drm_gem_object *gem, struct drm_file *file) 2927 { 2928 struct drm_i915_gem_object *obj = to_intel_bo(gem); 2929 struct drm_i915_file_private *fpriv = file->driver_priv; 2930 struct i915_vma *vma, *vn; 2931 2932 mutex_lock(&obj->base.dev->struct_mutex); 2933 list_for_each_entry_safe(vma, vn, &obj->vma_list, obj_link) 2934 if (vma->vm->file == fpriv) 2935 i915_vma_close(vma); 2936 2937 if (i915_gem_object_is_active(obj) && 2938 !i915_gem_object_has_active_reference(obj)) { 2939 i915_gem_object_set_active_reference(obj); 2940 i915_gem_object_get(obj); 2941 } 2942 mutex_unlock(&obj->base.dev->struct_mutex); 2943 } 2944 2945 static unsigned long to_wait_timeout(s64 timeout_ns) 2946 { 2947 if (timeout_ns < 0) 2948 return MAX_SCHEDULE_TIMEOUT; 2949 2950 if (timeout_ns == 0) 2951 return 0; 2952 2953 return nsecs_to_jiffies_timeout(timeout_ns); 2954 } 2955 2956 /** 2957 * i915_gem_wait_ioctl - implements DRM_IOCTL_I915_GEM_WAIT 2958 * @dev: drm device pointer 2959 * @data: ioctl data blob 2960 * @file: drm file pointer 2961 * 2962 * Returns 0 if successful, else an error is returned with the remaining time in 2963 * the timeout parameter. 2964 * -ETIME: object is still busy after timeout 2965 * -ERESTARTSYS: signal interrupted the wait 2966 * -ENONENT: object doesn't exist 2967 * Also possible, but rare: 2968 * -EAGAIN: GPU wedged 2969 * -ENOMEM: damn 2970 * -ENODEV: Internal IRQ fail 2971 * -E?: The add request failed 2972 * 2973 * The wait ioctl with a timeout of 0 reimplements the busy ioctl. With any 2974 * non-zero timeout parameter the wait ioctl will wait for the given number of 2975 * nanoseconds on an object becoming unbusy. Since the wait itself does so 2976 * without holding struct_mutex the object may become re-busied before this 2977 * function completes. A similar but shorter * race condition exists in the busy 2978 * ioctl 2979 */ 2980 int 2981 i915_gem_wait_ioctl(struct drm_device *dev, void *data, struct drm_file *file) 2982 { 2983 struct drm_i915_gem_wait *args = data; 2984 struct drm_i915_gem_object *obj; 2985 ktime_t start; 2986 long ret; 2987 2988 if (args->flags != 0) 2989 return -EINVAL; 2990 2991 obj = i915_gem_object_lookup(file, args->bo_handle); 2992 if (!obj) 2993 return -ENOENT; 2994 2995 start = ktime_get(); 2996 2997 ret = i915_gem_object_wait(obj, 2998 I915_WAIT_INTERRUPTIBLE | I915_WAIT_ALL, 2999 to_wait_timeout(args->timeout_ns), 3000 to_rps_client(file)); 3001 3002 if (args->timeout_ns > 0) { 3003 args->timeout_ns -= ktime_to_ns(ktime_sub(ktime_get(), start)); 3004 if (args->timeout_ns < 0) 3005 args->timeout_ns = 0; 3006 } 3007 3008 i915_gem_object_put(obj); 3009 return ret; 3010 } 3011 3012 static int wait_for_timeline(struct i915_gem_timeline *tl, unsigned int flags) 3013 { 3014 int ret, i; 3015 3016 for (i = 0; i < ARRAY_SIZE(tl->engine); i++) { 3017 ret = i915_gem_active_wait(&tl->engine[i].last_request, flags); 3018 if (ret) 3019 return ret; 3020 } 3021 3022 return 0; 3023 } 3024 3025 int i915_gem_wait_for_idle(struct drm_i915_private *i915, unsigned int flags) 3026 { 3027 int ret; 3028 3029 if (flags & I915_WAIT_LOCKED) { 3030 struct i915_gem_timeline *tl; 3031 3032 lockdep_assert_held(&i915->drm.struct_mutex); 3033 3034 list_for_each_entry(tl, &i915->gt.timelines, link) { 3035 ret = wait_for_timeline(tl, flags); 3036 if (ret) 3037 return ret; 3038 } 3039 } else { 3040 ret = wait_for_timeline(&i915->gt.global_timeline, flags); 3041 if (ret) 3042 return ret; 3043 } 3044 3045 return 0; 3046 } 3047 3048 void i915_gem_clflush_object(struct drm_i915_gem_object *obj, 3049 bool force) 3050 { 3051 /* If we don't have a page list set up, then we're not pinned 3052 * to GPU, and we can ignore the cache flush because it'll happen 3053 * again at bind time. 3054 */ 3055 if (!obj->mm.pages) 3056 return; 3057 3058 /* 3059 * Stolen memory is always coherent with the GPU as it is explicitly 3060 * marked as wc by the system, or the system is cache-coherent. 3061 */ 3062 if (obj->stolen || obj->phys_handle) 3063 return; 3064 3065 /* If the GPU is snooping the contents of the CPU cache, 3066 * we do not need to manually clear the CPU cache lines. However, 3067 * the caches are only snooped when the render cache is 3068 * flushed/invalidated. As we always have to emit invalidations 3069 * and flushes when moving into and out of the RENDER domain, correct 3070 * snooping behaviour occurs naturally as the result of our domain 3071 * tracking. 3072 */ 3073 if (!force && cpu_cache_is_coherent(obj->base.dev, obj->cache_level)) { 3074 obj->cache_dirty = true; 3075 return; 3076 } 3077 3078 trace_i915_gem_object_clflush(obj); 3079 drm_clflush_sg(obj->mm.pages); 3080 obj->cache_dirty = false; 3081 } 3082 3083 /** Flushes the GTT write domain for the object if it's dirty. */ 3084 static void 3085 i915_gem_object_flush_gtt_write_domain(struct drm_i915_gem_object *obj) 3086 { 3087 struct drm_i915_private *dev_priv = to_i915(obj->base.dev); 3088 3089 if (obj->base.write_domain != I915_GEM_DOMAIN_GTT) 3090 return; 3091 3092 /* No actual flushing is required for the GTT write domain. Writes 3093 * to it "immediately" go to main memory as far as we know, so there's 3094 * no chipset flush. It also doesn't land in render cache. 3095 * 3096 * However, we do have to enforce the order so that all writes through 3097 * the GTT land before any writes to the device, such as updates to 3098 * the GATT itself. 3099 * 3100 * We also have to wait a bit for the writes to land from the GTT. 3101 * An uncached read (i.e. mmio) seems to be ideal for the round-trip 3102 * timing. This issue has only been observed when switching quickly 3103 * between GTT writes and CPU reads from inside the kernel on recent hw, 3104 * and it appears to only affect discrete GTT blocks (i.e. on LLC 3105 * system agents we cannot reproduce this behaviour). 3106 */ 3107 wmb(); 3108 if (INTEL_GEN(dev_priv) >= 6 && !HAS_LLC(dev_priv)) 3109 POSTING_READ(RING_ACTHD(dev_priv->engine[RCS]->mmio_base)); 3110 3111 intel_fb_obj_flush(obj, false, write_origin(obj, I915_GEM_DOMAIN_GTT)); 3112 3113 obj->base.write_domain = 0; 3114 trace_i915_gem_object_change_domain(obj, 3115 obj->base.read_domains, 3116 I915_GEM_DOMAIN_GTT); 3117 } 3118 3119 /** Flushes the CPU write domain for the object if it's dirty. */ 3120 static void 3121 i915_gem_object_flush_cpu_write_domain(struct drm_i915_gem_object *obj) 3122 { 3123 if (obj->base.write_domain != I915_GEM_DOMAIN_CPU) 3124 return; 3125 3126 i915_gem_clflush_object(obj, obj->pin_display); 3127 intel_fb_obj_flush(obj, false, ORIGIN_CPU); 3128 3129 obj->base.write_domain = 0; 3130 trace_i915_gem_object_change_domain(obj, 3131 obj->base.read_domains, 3132 I915_GEM_DOMAIN_CPU); 3133 } 3134 3135 /** 3136 * Moves a single object to the GTT read, and possibly write domain. 3137 * @obj: object to act on 3138 * @write: ask for write access or read only 3139 * 3140 * This function returns when the move is complete, including waiting on 3141 * flushes to occur. 3142 */ 3143 int 3144 i915_gem_object_set_to_gtt_domain(struct drm_i915_gem_object *obj, bool write) 3145 { 3146 uint32_t old_write_domain, old_read_domains; 3147 int ret; 3148 3149 lockdep_assert_held(&obj->base.dev->struct_mutex); 3150 3151 ret = i915_gem_object_wait(obj, 3152 I915_WAIT_INTERRUPTIBLE | 3153 I915_WAIT_LOCKED | 3154 (write ? I915_WAIT_ALL : 0), 3155 MAX_SCHEDULE_TIMEOUT, 3156 NULL); 3157 if (ret) 3158 return ret; 3159 3160 if (obj->base.write_domain == I915_GEM_DOMAIN_GTT) 3161 return 0; 3162 3163 /* Flush and acquire obj->pages so that we are coherent through 3164 * direct access in memory with previous cached writes through 3165 * shmemfs and that our cache domain tracking remains valid. 3166 * For example, if the obj->filp was moved to swap without us 3167 * being notified and releasing the pages, we would mistakenly 3168 * continue to assume that the obj remained out of the CPU cached 3169 * domain. 3170 */ 3171 ret = i915_gem_object_pin_pages(obj); 3172 if (ret) 3173 return ret; 3174 3175 i915_gem_object_flush_cpu_write_domain(obj); 3176 3177 /* Serialise direct access to this object with the barriers for 3178 * coherent writes from the GPU, by effectively invalidating the 3179 * GTT domain upon first access. 3180 */ 3181 if ((obj->base.read_domains & I915_GEM_DOMAIN_GTT) == 0) 3182 mb(); 3183 3184 old_write_domain = obj->base.write_domain; 3185 old_read_domains = obj->base.read_domains; 3186 3187 /* It should now be out of any other write domains, and we can update 3188 * the domain values for our changes. 3189 */ 3190 GEM_BUG_ON((obj->base.write_domain & ~I915_GEM_DOMAIN_GTT) != 0); 3191 obj->base.read_domains |= I915_GEM_DOMAIN_GTT; 3192 if (write) { 3193 obj->base.read_domains = I915_GEM_DOMAIN_GTT; 3194 obj->base.write_domain = I915_GEM_DOMAIN_GTT; 3195 obj->mm.dirty = true; 3196 } 3197 3198 trace_i915_gem_object_change_domain(obj, 3199 old_read_domains, 3200 old_write_domain); 3201 3202 i915_gem_object_unpin_pages(obj); 3203 return 0; 3204 } 3205 3206 /** 3207 * Changes the cache-level of an object across all VMA. 3208 * @obj: object to act on 3209 * @cache_level: new cache level to set for the object 3210 * 3211 * After this function returns, the object will be in the new cache-level 3212 * across all GTT and the contents of the backing storage will be coherent, 3213 * with respect to the new cache-level. In order to keep the backing storage 3214 * coherent for all users, we only allow a single cache level to be set 3215 * globally on the object and prevent it from being changed whilst the 3216 * hardware is reading from the object. That is if the object is currently 3217 * on the scanout it will be set to uncached (or equivalent display 3218 * cache coherency) and all non-MOCS GPU access will also be uncached so 3219 * that all direct access to the scanout remains coherent. 3220 */ 3221 int i915_gem_object_set_cache_level(struct drm_i915_gem_object *obj, 3222 enum i915_cache_level cache_level) 3223 { 3224 struct i915_vma *vma; 3225 int ret; 3226 3227 lockdep_assert_held(&obj->base.dev->struct_mutex); 3228 3229 if (obj->cache_level == cache_level) 3230 return 0; 3231 3232 /* Inspect the list of currently bound VMA and unbind any that would 3233 * be invalid given the new cache-level. This is principally to 3234 * catch the issue of the CS prefetch crossing page boundaries and 3235 * reading an invalid PTE on older architectures. 3236 */ 3237 restart: 3238 list_for_each_entry(vma, &obj->vma_list, obj_link) { 3239 if (!drm_mm_node_allocated(&vma->node)) 3240 continue; 3241 3242 if (i915_vma_is_pinned(vma)) { 3243 DRM_DEBUG("can not change the cache level of pinned objects\n"); 3244 return -EBUSY; 3245 } 3246 3247 if (i915_gem_valid_gtt_space(vma, cache_level)) 3248 continue; 3249 3250 ret = i915_vma_unbind(vma); 3251 if (ret) 3252 return ret; 3253 3254 /* As unbinding may affect other elements in the 3255 * obj->vma_list (due to side-effects from retiring 3256 * an active vma), play safe and restart the iterator. 3257 */ 3258 goto restart; 3259 } 3260 3261 /* We can reuse the existing drm_mm nodes but need to change the 3262 * cache-level on the PTE. We could simply unbind them all and 3263 * rebind with the correct cache-level on next use. However since 3264 * we already have a valid slot, dma mapping, pages etc, we may as 3265 * rewrite the PTE in the belief that doing so tramples upon less 3266 * state and so involves less work. 3267 */ 3268 if (obj->bind_count) { 3269 /* Before we change the PTE, the GPU must not be accessing it. 3270 * If we wait upon the object, we know that all the bound 3271 * VMA are no longer active. 3272 */ 3273 ret = i915_gem_object_wait(obj, 3274 I915_WAIT_INTERRUPTIBLE | 3275 I915_WAIT_LOCKED | 3276 I915_WAIT_ALL, 3277 MAX_SCHEDULE_TIMEOUT, 3278 NULL); 3279 if (ret) 3280 return ret; 3281 3282 if (!HAS_LLC(to_i915(obj->base.dev)) && 3283 cache_level != I915_CACHE_NONE) { 3284 /* Access to snoopable pages through the GTT is 3285 * incoherent and on some machines causes a hard 3286 * lockup. Relinquish the CPU mmaping to force 3287 * userspace to refault in the pages and we can 3288 * then double check if the GTT mapping is still 3289 * valid for that pointer access. 3290 */ 3291 i915_gem_release_mmap(obj); 3292 3293 /* As we no longer need a fence for GTT access, 3294 * we can relinquish it now (and so prevent having 3295 * to steal a fence from someone else on the next 3296 * fence request). Note GPU activity would have 3297 * dropped the fence as all snoopable access is 3298 * supposed to be linear. 3299 */ 3300 list_for_each_entry(vma, &obj->vma_list, obj_link) { 3301 ret = i915_vma_put_fence(vma); 3302 if (ret) 3303 return ret; 3304 } 3305 } else { 3306 /* We either have incoherent backing store and 3307 * so no GTT access or the architecture is fully 3308 * coherent. In such cases, existing GTT mmaps 3309 * ignore the cache bit in the PTE and we can 3310 * rewrite it without confusing the GPU or having 3311 * to force userspace to fault back in its mmaps. 3312 */ 3313 } 3314 3315 list_for_each_entry(vma, &obj->vma_list, obj_link) { 3316 if (!drm_mm_node_allocated(&vma->node)) 3317 continue; 3318 3319 ret = i915_vma_bind(vma, cache_level, PIN_UPDATE); 3320 if (ret) 3321 return ret; 3322 } 3323 } 3324 3325 if (obj->base.write_domain == I915_GEM_DOMAIN_CPU && 3326 cpu_cache_is_coherent(obj->base.dev, obj->cache_level)) 3327 obj->cache_dirty = true; 3328 3329 list_for_each_entry(vma, &obj->vma_list, obj_link) 3330 vma->node.color = cache_level; 3331 obj->cache_level = cache_level; 3332 3333 return 0; 3334 } 3335 3336 int i915_gem_get_caching_ioctl(struct drm_device *dev, void *data, 3337 struct drm_file *file) 3338 { 3339 struct drm_i915_gem_caching *args = data; 3340 struct drm_i915_gem_object *obj; 3341 int err = 0; 3342 3343 rcu_read_lock(); 3344 obj = i915_gem_object_lookup_rcu(file, args->handle); 3345 if (!obj) { 3346 err = -ENOENT; 3347 goto out; 3348 } 3349 3350 switch (obj->cache_level) { 3351 case I915_CACHE_LLC: 3352 case I915_CACHE_L3_LLC: 3353 args->caching = I915_CACHING_CACHED; 3354 break; 3355 3356 case I915_CACHE_WT: 3357 args->caching = I915_CACHING_DISPLAY; 3358 break; 3359 3360 default: 3361 args->caching = I915_CACHING_NONE; 3362 break; 3363 } 3364 out: 3365 rcu_read_unlock(); 3366 return err; 3367 } 3368 3369 int i915_gem_set_caching_ioctl(struct drm_device *dev, void *data, 3370 struct drm_file *file) 3371 { 3372 struct drm_i915_private *i915 = to_i915(dev); 3373 struct drm_i915_gem_caching *args = data; 3374 struct drm_i915_gem_object *obj; 3375 enum i915_cache_level level; 3376 int ret; 3377 3378 switch (args->caching) { 3379 case I915_CACHING_NONE: 3380 level = I915_CACHE_NONE; 3381 break; 3382 case I915_CACHING_CACHED: 3383 /* 3384 * Due to a HW issue on BXT A stepping, GPU stores via a 3385 * snooped mapping may leave stale data in a corresponding CPU 3386 * cacheline, whereas normally such cachelines would get 3387 * invalidated. 3388 */ 3389 if (!HAS_LLC(i915) && !HAS_SNOOP(i915)) 3390 return -ENODEV; 3391 3392 level = I915_CACHE_LLC; 3393 break; 3394 case I915_CACHING_DISPLAY: 3395 level = HAS_WT(i915) ? I915_CACHE_WT : I915_CACHE_NONE; 3396 break; 3397 default: 3398 return -EINVAL; 3399 } 3400 3401 ret = i915_mutex_lock_interruptible(dev); 3402 if (ret) 3403 return ret; 3404 3405 obj = i915_gem_object_lookup(file, args->handle); 3406 if (!obj) { 3407 ret = -ENOENT; 3408 goto unlock; 3409 } 3410 3411 ret = i915_gem_object_set_cache_level(obj, level); 3412 i915_gem_object_put(obj); 3413 unlock: 3414 mutex_unlock(&dev->struct_mutex); 3415 return ret; 3416 } 3417 3418 /* 3419 * Prepare buffer for display plane (scanout, cursors, etc). 3420 * Can be called from an uninterruptible phase (modesetting) and allows 3421 * any flushes to be pipelined (for pageflips). 3422 */ 3423 struct i915_vma * 3424 i915_gem_object_pin_to_display_plane(struct drm_i915_gem_object *obj, 3425 u32 alignment, 3426 const struct i915_ggtt_view *view) 3427 { 3428 struct i915_vma *vma; 3429 u32 old_read_domains, old_write_domain; 3430 int ret; 3431 3432 lockdep_assert_held(&obj->base.dev->struct_mutex); 3433 3434 /* Mark the pin_display early so that we account for the 3435 * display coherency whilst setting up the cache domains. 3436 */ 3437 obj->pin_display++; 3438 3439 /* The display engine is not coherent with the LLC cache on gen6. As 3440 * a result, we make sure that the pinning that is about to occur is 3441 * done with uncached PTEs. This is lowest common denominator for all 3442 * chipsets. 3443 * 3444 * However for gen6+, we could do better by using the GFDT bit instead 3445 * of uncaching, which would allow us to flush all the LLC-cached data 3446 * with that bit in the PTE to main memory with just one PIPE_CONTROL. 3447 */ 3448 ret = i915_gem_object_set_cache_level(obj, 3449 HAS_WT(to_i915(obj->base.dev)) ? 3450 I915_CACHE_WT : I915_CACHE_NONE); 3451 if (ret) { 3452 vma = ERR_PTR(ret); 3453 goto err_unpin_display; 3454 } 3455 3456 /* As the user may map the buffer once pinned in the display plane 3457 * (e.g. libkms for the bootup splash), we have to ensure that we 3458 * always use map_and_fenceable for all scanout buffers. However, 3459 * it may simply be too big to fit into mappable, in which case 3460 * put it anyway and hope that userspace can cope (but always first 3461 * try to preserve the existing ABI). 3462 */ 3463 vma = ERR_PTR(-ENOSPC); 3464 if (view->type == I915_GGTT_VIEW_NORMAL) 3465 vma = i915_gem_object_ggtt_pin(obj, view, 0, alignment, 3466 PIN_MAPPABLE | PIN_NONBLOCK); 3467 if (IS_ERR(vma)) { 3468 struct drm_i915_private *i915 = to_i915(obj->base.dev); 3469 unsigned int flags; 3470 3471 /* Valleyview is definitely limited to scanning out the first 3472 * 512MiB. Lets presume this behaviour was inherited from the 3473 * g4x display engine and that all earlier gen are similarly 3474 * limited. Testing suggests that it is a little more 3475 * complicated than this. For example, Cherryview appears quite 3476 * happy to scanout from anywhere within its global aperture. 3477 */ 3478 flags = 0; 3479 if (HAS_GMCH_DISPLAY(i915)) 3480 flags = PIN_MAPPABLE; 3481 vma = i915_gem_object_ggtt_pin(obj, view, 0, alignment, flags); 3482 } 3483 if (IS_ERR(vma)) 3484 goto err_unpin_display; 3485 3486 vma->display_alignment = max_t(u64, vma->display_alignment, alignment); 3487 3488 /* Treat this as an end-of-frame, like intel_user_framebuffer_dirty() */ 3489 if (obj->cache_dirty || obj->base.write_domain == I915_GEM_DOMAIN_CPU) { 3490 i915_gem_clflush_object(obj, true); 3491 intel_fb_obj_flush(obj, false, ORIGIN_DIRTYFB); 3492 } 3493 3494 old_write_domain = obj->base.write_domain; 3495 old_read_domains = obj->base.read_domains; 3496 3497 /* It should now be out of any other write domains, and we can update 3498 * the domain values for our changes. 3499 */ 3500 obj->base.write_domain = 0; 3501 obj->base.read_domains |= I915_GEM_DOMAIN_GTT; 3502 3503 trace_i915_gem_object_change_domain(obj, 3504 old_read_domains, 3505 old_write_domain); 3506 3507 return vma; 3508 3509 err_unpin_display: 3510 obj->pin_display--; 3511 return vma; 3512 } 3513 3514 void 3515 i915_gem_object_unpin_from_display_plane(struct i915_vma *vma) 3516 { 3517 lockdep_assert_held(&vma->vm->dev->struct_mutex); 3518 3519 if (WARN_ON(vma->obj->pin_display == 0)) 3520 return; 3521 3522 if (--vma->obj->pin_display == 0) 3523 vma->display_alignment = 0; 3524 3525 /* Bump the LRU to try and avoid premature eviction whilst flipping */ 3526 if (!i915_vma_is_active(vma)) 3527 list_move_tail(&vma->vm_link, &vma->vm->inactive_list); 3528 3529 i915_vma_unpin(vma); 3530 } 3531 3532 /** 3533 * Moves a single object to the CPU read, and possibly write domain. 3534 * @obj: object to act on 3535 * @write: requesting write or read-only access 3536 * 3537 * This function returns when the move is complete, including waiting on 3538 * flushes to occur. 3539 */ 3540 int 3541 i915_gem_object_set_to_cpu_domain(struct drm_i915_gem_object *obj, bool write) 3542 { 3543 uint32_t old_write_domain, old_read_domains; 3544 int ret; 3545 3546 lockdep_assert_held(&obj->base.dev->struct_mutex); 3547 3548 ret = i915_gem_object_wait(obj, 3549 I915_WAIT_INTERRUPTIBLE | 3550 I915_WAIT_LOCKED | 3551 (write ? I915_WAIT_ALL : 0), 3552 MAX_SCHEDULE_TIMEOUT, 3553 NULL); 3554 if (ret) 3555 return ret; 3556 3557 if (obj->base.write_domain == I915_GEM_DOMAIN_CPU) 3558 return 0; 3559 3560 i915_gem_object_flush_gtt_write_domain(obj); 3561 3562 old_write_domain = obj->base.write_domain; 3563 old_read_domains = obj->base.read_domains; 3564 3565 /* Flush the CPU cache if it's still invalid. */ 3566 if ((obj->base.read_domains & I915_GEM_DOMAIN_CPU) == 0) { 3567 i915_gem_clflush_object(obj, false); 3568 3569 obj->base.read_domains |= I915_GEM_DOMAIN_CPU; 3570 } 3571 3572 /* It should now be out of any other write domains, and we can update 3573 * the domain values for our changes. 3574 */ 3575 GEM_BUG_ON((obj->base.write_domain & ~I915_GEM_DOMAIN_CPU) != 0); 3576 3577 /* If we're writing through the CPU, then the GPU read domains will 3578 * need to be invalidated at next use. 3579 */ 3580 if (write) { 3581 obj->base.read_domains = I915_GEM_DOMAIN_CPU; 3582 obj->base.write_domain = I915_GEM_DOMAIN_CPU; 3583 } 3584 3585 trace_i915_gem_object_change_domain(obj, 3586 old_read_domains, 3587 old_write_domain); 3588 3589 return 0; 3590 } 3591 3592 /* Throttle our rendering by waiting until the ring has completed our requests 3593 * emitted over 20 msec ago. 3594 * 3595 * Note that if we were to use the current jiffies each time around the loop, 3596 * we wouldn't escape the function with any frames outstanding if the time to 3597 * render a frame was over 20ms. 3598 * 3599 * This should get us reasonable parallelism between CPU and GPU but also 3600 * relatively low latency when blocking on a particular request to finish. 3601 */ 3602 static int 3603 i915_gem_ring_throttle(struct drm_device *dev, struct drm_file *file) 3604 { 3605 struct drm_i915_private *dev_priv = to_i915(dev); 3606 struct drm_i915_file_private *file_priv = file->driver_priv; 3607 unsigned long recent_enough = jiffies - DRM_I915_THROTTLE_JIFFIES; 3608 struct drm_i915_gem_request *request, *target = NULL; 3609 long ret; 3610 3611 /* ABI: return -EIO if already wedged */ 3612 if (i915_terminally_wedged(&dev_priv->gpu_error)) 3613 return -EIO; 3614 3615 spin_lock(&file_priv->mm.lock); 3616 list_for_each_entry(request, &file_priv->mm.request_list, client_list) { 3617 if (time_after_eq(request->emitted_jiffies, recent_enough)) 3618 break; 3619 3620 /* 3621 * Note that the request might not have been submitted yet. 3622 * In which case emitted_jiffies will be zero. 3623 */ 3624 if (!request->emitted_jiffies) 3625 continue; 3626 3627 target = request; 3628 } 3629 if (target) 3630 i915_gem_request_get(target); 3631 spin_unlock(&file_priv->mm.lock); 3632 3633 if (target == NULL) 3634 return 0; 3635 3636 ret = i915_wait_request(target, 3637 I915_WAIT_INTERRUPTIBLE, 3638 MAX_SCHEDULE_TIMEOUT); 3639 i915_gem_request_put(target); 3640 3641 return ret < 0 ? ret : 0; 3642 } 3643 3644 struct i915_vma * 3645 i915_gem_object_ggtt_pin(struct drm_i915_gem_object *obj, 3646 const struct i915_ggtt_view *view, 3647 u64 size, 3648 u64 alignment, 3649 u64 flags) 3650 { 3651 struct drm_i915_private *dev_priv = to_i915(obj->base.dev); 3652 struct i915_address_space *vm = &dev_priv->ggtt.base; 3653 struct i915_vma *vma; 3654 int ret; 3655 3656 lockdep_assert_held(&obj->base.dev->struct_mutex); 3657 3658 vma = i915_gem_obj_lookup_or_create_vma(obj, vm, view); 3659 if (IS_ERR(vma)) 3660 return vma; 3661 3662 if (i915_vma_misplaced(vma, size, alignment, flags)) { 3663 if (flags & PIN_NONBLOCK && 3664 (i915_vma_is_pinned(vma) || i915_vma_is_active(vma))) 3665 return ERR_PTR(-ENOSPC); 3666 3667 if (flags & PIN_MAPPABLE) { 3668 u32 fence_size; 3669 3670 fence_size = i915_gem_get_ggtt_size(dev_priv, vma->size, 3671 i915_gem_object_get_tiling(obj)); 3672 /* If the required space is larger than the available 3673 * aperture, we will not able to find a slot for the 3674 * object and unbinding the object now will be in 3675 * vain. Worse, doing so may cause us to ping-pong 3676 * the object in and out of the Global GTT and 3677 * waste a lot of cycles under the mutex. 3678 */ 3679 if (fence_size > dev_priv->ggtt.mappable_end) 3680 return ERR_PTR(-E2BIG); 3681 3682 /* If NONBLOCK is set the caller is optimistically 3683 * trying to cache the full object within the mappable 3684 * aperture, and *must* have a fallback in place for 3685 * situations where we cannot bind the object. We 3686 * can be a little more lax here and use the fallback 3687 * more often to avoid costly migrations of ourselves 3688 * and other objects within the aperture. 3689 * 3690 * Half-the-aperture is used as a simple heuristic. 3691 * More interesting would to do search for a free 3692 * block prior to making the commitment to unbind. 3693 * That caters for the self-harm case, and with a 3694 * little more heuristics (e.g. NOFAULT, NOEVICT) 3695 * we could try to minimise harm to others. 3696 */ 3697 if (flags & PIN_NONBLOCK && 3698 fence_size > dev_priv->ggtt.mappable_end / 2) 3699 return ERR_PTR(-ENOSPC); 3700 } 3701 3702 WARN(i915_vma_is_pinned(vma), 3703 "bo is already pinned in ggtt with incorrect alignment:" 3704 " offset=%08x, req.alignment=%llx," 3705 " req.map_and_fenceable=%d, vma->map_and_fenceable=%d\n", 3706 i915_ggtt_offset(vma), alignment, 3707 !!(flags & PIN_MAPPABLE), 3708 i915_vma_is_map_and_fenceable(vma)); 3709 ret = i915_vma_unbind(vma); 3710 if (ret) 3711 return ERR_PTR(ret); 3712 } 3713 3714 ret = i915_vma_pin(vma, size, alignment, flags | PIN_GLOBAL); 3715 if (ret) 3716 return ERR_PTR(ret); 3717 3718 return vma; 3719 } 3720 3721 static __always_inline unsigned int __busy_read_flag(unsigned int id) 3722 { 3723 /* Note that we could alias engines in the execbuf API, but 3724 * that would be very unwise as it prevents userspace from 3725 * fine control over engine selection. Ahem. 3726 * 3727 * This should be something like EXEC_MAX_ENGINE instead of 3728 * I915_NUM_ENGINES. 3729 */ 3730 BUILD_BUG_ON(I915_NUM_ENGINES > 16); 3731 return 0x10000 << id; 3732 } 3733 3734 static __always_inline unsigned int __busy_write_id(unsigned int id) 3735 { 3736 /* The uABI guarantees an active writer is also amongst the read 3737 * engines. This would be true if we accessed the activity tracking 3738 * under the lock, but as we perform the lookup of the object and 3739 * its activity locklessly we can not guarantee that the last_write 3740 * being active implies that we have set the same engine flag from 3741 * last_read - hence we always set both read and write busy for 3742 * last_write. 3743 */ 3744 return id | __busy_read_flag(id); 3745 } 3746 3747 static __always_inline unsigned int 3748 __busy_set_if_active(const struct dma_fence *fence, 3749 unsigned int (*flag)(unsigned int id)) 3750 { 3751 struct drm_i915_gem_request *rq; 3752 3753 /* We have to check the current hw status of the fence as the uABI 3754 * guarantees forward progress. We could rely on the idle worker 3755 * to eventually flush us, but to minimise latency just ask the 3756 * hardware. 3757 * 3758 * Note we only report on the status of native fences. 3759 */ 3760 if (!dma_fence_is_i915(fence)) 3761 return 0; 3762 3763 /* opencode to_request() in order to avoid const warnings */ 3764 rq = container_of(fence, struct drm_i915_gem_request, fence); 3765 if (i915_gem_request_completed(rq)) 3766 return 0; 3767 3768 return flag(rq->engine->exec_id); 3769 } 3770 3771 static __always_inline unsigned int 3772 busy_check_reader(const struct dma_fence *fence) 3773 { 3774 return __busy_set_if_active(fence, __busy_read_flag); 3775 } 3776 3777 static __always_inline unsigned int 3778 busy_check_writer(const struct dma_fence *fence) 3779 { 3780 if (!fence) 3781 return 0; 3782 3783 return __busy_set_if_active(fence, __busy_write_id); 3784 } 3785 3786 int 3787 i915_gem_busy_ioctl(struct drm_device *dev, void *data, 3788 struct drm_file *file) 3789 { 3790 struct drm_i915_gem_busy *args = data; 3791 struct drm_i915_gem_object *obj; 3792 struct reservation_object_list *list; 3793 unsigned int seq; 3794 int err; 3795 3796 err = -ENOENT; 3797 rcu_read_lock(); 3798 obj = i915_gem_object_lookup_rcu(file, args->handle); 3799 if (!obj) 3800 goto out; 3801 3802 /* A discrepancy here is that we do not report the status of 3803 * non-i915 fences, i.e. even though we may report the object as idle, 3804 * a call to set-domain may still stall waiting for foreign rendering. 3805 * This also means that wait-ioctl may report an object as busy, 3806 * where busy-ioctl considers it idle. 3807 * 3808 * We trade the ability to warn of foreign fences to report on which 3809 * i915 engines are active for the object. 3810 * 3811 * Alternatively, we can trade that extra information on read/write 3812 * activity with 3813 * args->busy = 3814 * !reservation_object_test_signaled_rcu(obj->resv, true); 3815 * to report the overall busyness. This is what the wait-ioctl does. 3816 * 3817 */ 3818 retry: 3819 seq = raw_read_seqcount(&obj->resv->seq); 3820 3821 /* Translate the exclusive fence to the READ *and* WRITE engine */ 3822 args->busy = busy_check_writer(rcu_dereference(obj->resv->fence_excl)); 3823 3824 /* Translate shared fences to READ set of engines */ 3825 list = rcu_dereference(obj->resv->fence); 3826 if (list) { 3827 unsigned int shared_count = list->shared_count, i; 3828 3829 for (i = 0; i < shared_count; ++i) { 3830 struct dma_fence *fence = 3831 rcu_dereference(list->shared[i]); 3832 3833 args->busy |= busy_check_reader(fence); 3834 } 3835 } 3836 3837 if (args->busy && read_seqcount_retry(&obj->resv->seq, seq)) 3838 goto retry; 3839 3840 err = 0; 3841 out: 3842 rcu_read_unlock(); 3843 return err; 3844 } 3845 3846 int 3847 i915_gem_throttle_ioctl(struct drm_device *dev, void *data, 3848 struct drm_file *file_priv) 3849 { 3850 return i915_gem_ring_throttle(dev, file_priv); 3851 } 3852 3853 int 3854 i915_gem_madvise_ioctl(struct drm_device *dev, void *data, 3855 struct drm_file *file_priv) 3856 { 3857 struct drm_i915_private *dev_priv = to_i915(dev); 3858 struct drm_i915_gem_madvise *args = data; 3859 struct drm_i915_gem_object *obj; 3860 int err; 3861 3862 switch (args->madv) { 3863 case I915_MADV_DONTNEED: 3864 case I915_MADV_WILLNEED: 3865 break; 3866 default: 3867 return -EINVAL; 3868 } 3869 3870 obj = i915_gem_object_lookup(file_priv, args->handle); 3871 if (!obj) 3872 return -ENOENT; 3873 3874 err = mutex_lock_interruptible(&obj->mm.lock); 3875 if (err) 3876 goto out; 3877 3878 if (obj->mm.pages && 3879 i915_gem_object_is_tiled(obj) && 3880 dev_priv->quirks & QUIRK_PIN_SWIZZLED_PAGES) { 3881 if (obj->mm.madv == I915_MADV_WILLNEED) { 3882 GEM_BUG_ON(!obj->mm.quirked); 3883 __i915_gem_object_unpin_pages(obj); 3884 obj->mm.quirked = false; 3885 } 3886 if (args->madv == I915_MADV_WILLNEED) { 3887 GEM_BUG_ON(obj->mm.quirked); 3888 __i915_gem_object_pin_pages(obj); 3889 obj->mm.quirked = true; 3890 } 3891 } 3892 3893 if (obj->mm.madv != __I915_MADV_PURGED) 3894 obj->mm.madv = args->madv; 3895 3896 /* if the object is no longer attached, discard its backing storage */ 3897 if (obj->mm.madv == I915_MADV_DONTNEED && !obj->mm.pages) 3898 i915_gem_object_truncate(obj); 3899 3900 args->retained = obj->mm.madv != __I915_MADV_PURGED; 3901 mutex_unlock(&obj->mm.lock); 3902 3903 out: 3904 i915_gem_object_put(obj); 3905 return err; 3906 } 3907 3908 static void 3909 frontbuffer_retire(struct i915_gem_active *active, 3910 struct drm_i915_gem_request *request) 3911 { 3912 struct drm_i915_gem_object *obj = 3913 container_of(active, typeof(*obj), frontbuffer_write); 3914 3915 intel_fb_obj_flush(obj, true, ORIGIN_CS); 3916 } 3917 3918 void i915_gem_object_init(struct drm_i915_gem_object *obj, 3919 const struct drm_i915_gem_object_ops *ops) 3920 { 3921 mutex_init(&obj->mm.lock); 3922 3923 INIT_LIST_HEAD(&obj->global_link); 3924 INIT_LIST_HEAD(&obj->userfault_link); 3925 INIT_LIST_HEAD(&obj->obj_exec_link); 3926 INIT_LIST_HEAD(&obj->vma_list); 3927 INIT_LIST_HEAD(&obj->batch_pool_link); 3928 3929 obj->ops = ops; 3930 3931 reservation_object_init(&obj->__builtin_resv); 3932 obj->resv = &obj->__builtin_resv; 3933 3934 obj->frontbuffer_ggtt_origin = ORIGIN_GTT; 3935 init_request_active(&obj->frontbuffer_write, frontbuffer_retire); 3936 3937 obj->mm.madv = I915_MADV_WILLNEED; 3938 INIT_RADIX_TREE(&obj->mm.get_page.radix, GFP_KERNEL | __GFP_NOWARN); 3939 mutex_init(&obj->mm.get_page.lock); 3940 3941 i915_gem_info_add_obj(to_i915(obj->base.dev), obj->base.size); 3942 } 3943 3944 static const struct drm_i915_gem_object_ops i915_gem_object_ops = { 3945 .flags = I915_GEM_OBJECT_HAS_STRUCT_PAGE | 3946 I915_GEM_OBJECT_IS_SHRINKABLE, 3947 .get_pages = i915_gem_object_get_pages_gtt, 3948 .put_pages = i915_gem_object_put_pages_gtt, 3949 }; 3950 3951 /* Note we don't consider signbits :| */ 3952 #define overflows_type(x, T) \ 3953 (sizeof(x) > sizeof(T) && (x) >> (sizeof(T) * BITS_PER_BYTE)) 3954 3955 struct drm_i915_gem_object * 3956 i915_gem_object_create(struct drm_device *dev, u64 size) 3957 { 3958 struct drm_i915_private *dev_priv = to_i915(dev); 3959 struct drm_i915_gem_object *obj; 3960 struct address_space *mapping; 3961 gfp_t mask; 3962 int ret; 3963 3964 /* There is a prevalence of the assumption that we fit the object's 3965 * page count inside a 32bit _signed_ variable. Let's document this and 3966 * catch if we ever need to fix it. In the meantime, if you do spot 3967 * such a local variable, please consider fixing! 3968 */ 3969 if (WARN_ON(size >> PAGE_SHIFT > INT_MAX)) 3970 return ERR_PTR(-E2BIG); 3971 3972 if (overflows_type(size, obj->base.size)) 3973 return ERR_PTR(-E2BIG); 3974 3975 obj = i915_gem_object_alloc(dev); 3976 if (obj == NULL) 3977 return ERR_PTR(-ENOMEM); 3978 3979 ret = drm_gem_object_init(dev, &obj->base, size); 3980 if (ret) 3981 goto fail; 3982 3983 mask = GFP_HIGHUSER | __GFP_RECLAIMABLE; 3984 if (IS_CRESTLINE(dev_priv) || IS_BROADWATER(dev_priv)) { 3985 /* 965gm cannot relocate objects above 4GiB. */ 3986 mask &= ~__GFP_HIGHMEM; 3987 mask |= __GFP_DMA32; 3988 } 3989 3990 mapping = obj->base.filp->f_mapping; 3991 mapping_set_gfp_mask(mapping, mask); 3992 3993 i915_gem_object_init(obj, &i915_gem_object_ops); 3994 3995 obj->base.write_domain = I915_GEM_DOMAIN_CPU; 3996 obj->base.read_domains = I915_GEM_DOMAIN_CPU; 3997 3998 if (HAS_LLC(dev_priv)) { 3999 /* On some devices, we can have the GPU use the LLC (the CPU 4000 * cache) for about a 10% performance improvement 4001 * compared to uncached. Graphics requests other than 4002 * display scanout are coherent with the CPU in 4003 * accessing this cache. This means in this mode we 4004 * don't need to clflush on the CPU side, and on the 4005 * GPU side we only need to flush internal caches to 4006 * get data visible to the CPU. 4007 * 4008 * However, we maintain the display planes as UC, and so 4009 * need to rebind when first used as such. 4010 */ 4011 obj->cache_level = I915_CACHE_LLC; 4012 } else 4013 obj->cache_level = I915_CACHE_NONE; 4014 4015 trace_i915_gem_object_create(obj); 4016 4017 return obj; 4018 4019 fail: 4020 i915_gem_object_free(obj); 4021 return ERR_PTR(ret); 4022 } 4023 4024 static bool discard_backing_storage(struct drm_i915_gem_object *obj) 4025 { 4026 /* If we are the last user of the backing storage (be it shmemfs 4027 * pages or stolen etc), we know that the pages are going to be 4028 * immediately released. In this case, we can then skip copying 4029 * back the contents from the GPU. 4030 */ 4031 4032 if (obj->mm.madv != I915_MADV_WILLNEED) 4033 return false; 4034 4035 if (obj->base.filp == NULL) 4036 return true; 4037 4038 /* At first glance, this looks racy, but then again so would be 4039 * userspace racing mmap against close. However, the first external 4040 * reference to the filp can only be obtained through the 4041 * i915_gem_mmap_ioctl() which safeguards us against the user 4042 * acquiring such a reference whilst we are in the middle of 4043 * freeing the object. 4044 */ 4045 return atomic_long_read(&obj->base.filp->f_count) == 1; 4046 } 4047 4048 static void __i915_gem_free_objects(struct drm_i915_private *i915, 4049 struct llist_node *freed) 4050 { 4051 struct drm_i915_gem_object *obj, *on; 4052 4053 mutex_lock(&i915->drm.struct_mutex); 4054 intel_runtime_pm_get(i915); 4055 llist_for_each_entry(obj, freed, freed) { 4056 struct i915_vma *vma, *vn; 4057 4058 trace_i915_gem_object_destroy(obj); 4059 4060 GEM_BUG_ON(i915_gem_object_is_active(obj)); 4061 list_for_each_entry_safe(vma, vn, 4062 &obj->vma_list, obj_link) { 4063 GEM_BUG_ON(!i915_vma_is_ggtt(vma)); 4064 GEM_BUG_ON(i915_vma_is_active(vma)); 4065 vma->flags &= ~I915_VMA_PIN_MASK; 4066 i915_vma_close(vma); 4067 } 4068 GEM_BUG_ON(!list_empty(&obj->vma_list)); 4069 GEM_BUG_ON(!RB_EMPTY_ROOT(&obj->vma_tree)); 4070 4071 list_del(&obj->global_link); 4072 } 4073 intel_runtime_pm_put(i915); 4074 mutex_unlock(&i915->drm.struct_mutex); 4075 4076 llist_for_each_entry_safe(obj, on, freed, freed) { 4077 GEM_BUG_ON(obj->bind_count); 4078 GEM_BUG_ON(atomic_read(&obj->frontbuffer_bits)); 4079 4080 if (obj->ops->release) 4081 obj->ops->release(obj); 4082 4083 if (WARN_ON(i915_gem_object_has_pinned_pages(obj))) 4084 atomic_set(&obj->mm.pages_pin_count, 0); 4085 __i915_gem_object_put_pages(obj, I915_MM_NORMAL); 4086 GEM_BUG_ON(obj->mm.pages); 4087 4088 if (obj->base.import_attach) 4089 drm_prime_gem_destroy(&obj->base, NULL); 4090 4091 reservation_object_fini(&obj->__builtin_resv); 4092 drm_gem_object_release(&obj->base); 4093 i915_gem_info_remove_obj(i915, obj->base.size); 4094 4095 kfree(obj->bit_17); 4096 i915_gem_object_free(obj); 4097 } 4098 } 4099 4100 static void i915_gem_flush_free_objects(struct drm_i915_private *i915) 4101 { 4102 struct llist_node *freed; 4103 4104 freed = llist_del_all(&i915->mm.free_list); 4105 if (unlikely(freed)) 4106 __i915_gem_free_objects(i915, freed); 4107 } 4108 4109 static void __i915_gem_free_work(struct work_struct *work) 4110 { 4111 struct drm_i915_private *i915 = 4112 container_of(work, struct drm_i915_private, mm.free_work); 4113 struct llist_node *freed; 4114 4115 /* All file-owned VMA should have been released by this point through 4116 * i915_gem_close_object(), or earlier by i915_gem_context_close(). 4117 * However, the object may also be bound into the global GTT (e.g. 4118 * older GPUs without per-process support, or for direct access through 4119 * the GTT either for the user or for scanout). Those VMA still need to 4120 * unbound now. 4121 */ 4122 4123 while ((freed = llist_del_all(&i915->mm.free_list))) 4124 __i915_gem_free_objects(i915, freed); 4125 } 4126 4127 static void __i915_gem_free_object_rcu(struct rcu_head *head) 4128 { 4129 struct drm_i915_gem_object *obj = 4130 container_of(head, typeof(*obj), rcu); 4131 struct drm_i915_private *i915 = to_i915(obj->base.dev); 4132 4133 /* We can't simply use call_rcu() from i915_gem_free_object() 4134 * as we need to block whilst unbinding, and the call_rcu 4135 * task may be called from softirq context. So we take a 4136 * detour through a worker. 4137 */ 4138 if (llist_add(&obj->freed, &i915->mm.free_list)) 4139 schedule_work(&i915->mm.free_work); 4140 } 4141 4142 void i915_gem_free_object(struct drm_gem_object *gem_obj) 4143 { 4144 struct drm_i915_gem_object *obj = to_intel_bo(gem_obj); 4145 4146 if (obj->mm.quirked) 4147 __i915_gem_object_unpin_pages(obj); 4148 4149 if (discard_backing_storage(obj)) 4150 obj->mm.madv = I915_MADV_DONTNEED; 4151 4152 /* Before we free the object, make sure any pure RCU-only 4153 * read-side critical sections are complete, e.g. 4154 * i915_gem_busy_ioctl(). For the corresponding synchronized 4155 * lookup see i915_gem_object_lookup_rcu(). 4156 */ 4157 call_rcu(&obj->rcu, __i915_gem_free_object_rcu); 4158 } 4159 4160 void __i915_gem_object_release_unless_active(struct drm_i915_gem_object *obj) 4161 { 4162 lockdep_assert_held(&obj->base.dev->struct_mutex); 4163 4164 GEM_BUG_ON(i915_gem_object_has_active_reference(obj)); 4165 if (i915_gem_object_is_active(obj)) 4166 i915_gem_object_set_active_reference(obj); 4167 else 4168 i915_gem_object_put(obj); 4169 } 4170 4171 static void assert_kernel_context_is_current(struct drm_i915_private *dev_priv) 4172 { 4173 struct intel_engine_cs *engine; 4174 enum intel_engine_id id; 4175 4176 for_each_engine(engine, dev_priv, id) 4177 GEM_BUG_ON(engine->last_context != dev_priv->kernel_context); 4178 } 4179 4180 int i915_gem_suspend(struct drm_device *dev) 4181 { 4182 struct drm_i915_private *dev_priv = to_i915(dev); 4183 int ret; 4184 4185 intel_suspend_gt_powersave(dev_priv); 4186 4187 mutex_lock(&dev->struct_mutex); 4188 4189 /* We have to flush all the executing contexts to main memory so 4190 * that they can saved in the hibernation image. To ensure the last 4191 * context image is coherent, we have to switch away from it. That 4192 * leaves the dev_priv->kernel_context still active when 4193 * we actually suspend, and its image in memory may not match the GPU 4194 * state. Fortunately, the kernel_context is disposable and we do 4195 * not rely on its state. 4196 */ 4197 ret = i915_gem_switch_to_kernel_context(dev_priv); 4198 if (ret) 4199 goto err; 4200 4201 ret = i915_gem_wait_for_idle(dev_priv, 4202 I915_WAIT_INTERRUPTIBLE | 4203 I915_WAIT_LOCKED); 4204 if (ret) 4205 goto err; 4206 4207 i915_gem_retire_requests(dev_priv); 4208 GEM_BUG_ON(dev_priv->gt.active_requests); 4209 4210 assert_kernel_context_is_current(dev_priv); 4211 i915_gem_context_lost(dev_priv); 4212 mutex_unlock(&dev->struct_mutex); 4213 4214 cancel_delayed_work_sync(&dev_priv->gpu_error.hangcheck_work); 4215 cancel_delayed_work_sync(&dev_priv->gt.retire_work); 4216 flush_delayed_work(&dev_priv->gt.idle_work); 4217 flush_work(&dev_priv->mm.free_work); 4218 4219 /* Assert that we sucessfully flushed all the work and 4220 * reset the GPU back to its idle, low power state. 4221 */ 4222 WARN_ON(dev_priv->gt.awake); 4223 WARN_ON(!intel_execlists_idle(dev_priv)); 4224 4225 /* 4226 * Neither the BIOS, ourselves or any other kernel 4227 * expects the system to be in execlists mode on startup, 4228 * so we need to reset the GPU back to legacy mode. And the only 4229 * known way to disable logical contexts is through a GPU reset. 4230 * 4231 * So in order to leave the system in a known default configuration, 4232 * always reset the GPU upon unload and suspend. Afterwards we then 4233 * clean up the GEM state tracking, flushing off the requests and 4234 * leaving the system in a known idle state. 4235 * 4236 * Note that is of the upmost importance that the GPU is idle and 4237 * all stray writes are flushed *before* we dismantle the backing 4238 * storage for the pinned objects. 4239 * 4240 * However, since we are uncertain that resetting the GPU on older 4241 * machines is a good idea, we don't - just in case it leaves the 4242 * machine in an unusable condition. 4243 */ 4244 if (HAS_HW_CONTEXTS(dev_priv)) { 4245 int reset = intel_gpu_reset(dev_priv, ALL_ENGINES); 4246 WARN_ON(reset && reset != -ENODEV); 4247 } 4248 4249 return 0; 4250 4251 err: 4252 mutex_unlock(&dev->struct_mutex); 4253 return ret; 4254 } 4255 4256 void i915_gem_resume(struct drm_device *dev) 4257 { 4258 struct drm_i915_private *dev_priv = to_i915(dev); 4259 4260 WARN_ON(dev_priv->gt.awake); 4261 4262 mutex_lock(&dev->struct_mutex); 4263 i915_gem_restore_gtt_mappings(dev_priv); 4264 4265 /* As we didn't flush the kernel context before suspend, we cannot 4266 * guarantee that the context image is complete. So let's just reset 4267 * it and start again. 4268 */ 4269 dev_priv->gt.resume(dev_priv); 4270 4271 mutex_unlock(&dev->struct_mutex); 4272 } 4273 4274 void i915_gem_init_swizzling(struct drm_i915_private *dev_priv) 4275 { 4276 if (INTEL_GEN(dev_priv) < 5 || 4277 dev_priv->mm.bit_6_swizzle_x == I915_BIT_6_SWIZZLE_NONE) 4278 return; 4279 4280 I915_WRITE(DISP_ARB_CTL, I915_READ(DISP_ARB_CTL) | 4281 DISP_TILE_SURFACE_SWIZZLING); 4282 4283 if (IS_GEN5(dev_priv)) 4284 return; 4285 4286 I915_WRITE(TILECTL, I915_READ(TILECTL) | TILECTL_SWZCTL); 4287 if (IS_GEN6(dev_priv)) 4288 I915_WRITE(ARB_MODE, _MASKED_BIT_ENABLE(ARB_MODE_SWIZZLE_SNB)); 4289 else if (IS_GEN7(dev_priv)) 4290 I915_WRITE(ARB_MODE, _MASKED_BIT_ENABLE(ARB_MODE_SWIZZLE_IVB)); 4291 else if (IS_GEN8(dev_priv)) 4292 I915_WRITE(GAMTARBMODE, _MASKED_BIT_ENABLE(ARB_MODE_SWIZZLE_BDW)); 4293 else 4294 BUG(); 4295 } 4296 4297 static void init_unused_ring(struct drm_i915_private *dev_priv, u32 base) 4298 { 4299 I915_WRITE(RING_CTL(base), 0); 4300 I915_WRITE(RING_HEAD(base), 0); 4301 I915_WRITE(RING_TAIL(base), 0); 4302 I915_WRITE(RING_START(base), 0); 4303 } 4304 4305 static void init_unused_rings(struct drm_i915_private *dev_priv) 4306 { 4307 if (IS_I830(dev_priv)) { 4308 init_unused_ring(dev_priv, PRB1_BASE); 4309 init_unused_ring(dev_priv, SRB0_BASE); 4310 init_unused_ring(dev_priv, SRB1_BASE); 4311 init_unused_ring(dev_priv, SRB2_BASE); 4312 init_unused_ring(dev_priv, SRB3_BASE); 4313 } else if (IS_GEN2(dev_priv)) { 4314 init_unused_ring(dev_priv, SRB0_BASE); 4315 init_unused_ring(dev_priv, SRB1_BASE); 4316 } else if (IS_GEN3(dev_priv)) { 4317 init_unused_ring(dev_priv, PRB1_BASE); 4318 init_unused_ring(dev_priv, PRB2_BASE); 4319 } 4320 } 4321 4322 int 4323 i915_gem_init_hw(struct drm_device *dev) 4324 { 4325 struct drm_i915_private *dev_priv = to_i915(dev); 4326 struct intel_engine_cs *engine; 4327 enum intel_engine_id id; 4328 int ret; 4329 4330 dev_priv->gt.last_init_time = ktime_get(); 4331 4332 /* Double layer security blanket, see i915_gem_init() */ 4333 intel_uncore_forcewake_get(dev_priv, FORCEWAKE_ALL); 4334 4335 if (HAS_EDRAM(dev_priv) && INTEL_GEN(dev_priv) < 9) 4336 I915_WRITE(HSW_IDICR, I915_READ(HSW_IDICR) | IDIHASHMSK(0xf)); 4337 4338 if (IS_HASWELL(dev_priv)) 4339 I915_WRITE(MI_PREDICATE_RESULT_2, IS_HSW_GT3(dev_priv) ? 4340 LOWER_SLICE_ENABLED : LOWER_SLICE_DISABLED); 4341 4342 if (HAS_PCH_NOP(dev_priv)) { 4343 if (IS_IVYBRIDGE(dev_priv)) { 4344 u32 temp = I915_READ(GEN7_MSG_CTL); 4345 temp &= ~(WAIT_FOR_PCH_FLR_ACK | WAIT_FOR_PCH_RESET_ACK); 4346 I915_WRITE(GEN7_MSG_CTL, temp); 4347 } else if (INTEL_GEN(dev_priv) >= 7) { 4348 u32 temp = I915_READ(HSW_NDE_RSTWRN_OPT); 4349 temp &= ~RESET_PCH_HANDSHAKE_ENABLE; 4350 I915_WRITE(HSW_NDE_RSTWRN_OPT, temp); 4351 } 4352 } 4353 4354 i915_gem_init_swizzling(dev_priv); 4355 4356 /* 4357 * At least 830 can leave some of the unused rings 4358 * "active" (ie. head != tail) after resume which 4359 * will prevent c3 entry. Makes sure all unused rings 4360 * are totally idle. 4361 */ 4362 init_unused_rings(dev_priv); 4363 4364 BUG_ON(!dev_priv->kernel_context); 4365 4366 ret = i915_ppgtt_init_hw(dev_priv); 4367 if (ret) { 4368 DRM_ERROR("PPGTT enable HW failed %d\n", ret); 4369 goto out; 4370 } 4371 4372 /* Need to do basic initialisation of all rings first: */ 4373 for_each_engine(engine, dev_priv, id) { 4374 ret = engine->init_hw(engine); 4375 if (ret) 4376 goto out; 4377 } 4378 4379 intel_mocs_init_l3cc_table(dev); 4380 4381 /* We can't enable contexts until all firmware is loaded */ 4382 ret = intel_guc_setup(dev); 4383 if (ret) 4384 goto out; 4385 4386 out: 4387 intel_uncore_forcewake_put(dev_priv, FORCEWAKE_ALL); 4388 return ret; 4389 } 4390 4391 bool intel_sanitize_semaphores(struct drm_i915_private *dev_priv, int value) 4392 { 4393 if (INTEL_INFO(dev_priv)->gen < 6) 4394 return false; 4395 4396 /* TODO: make semaphores and Execlists play nicely together */ 4397 if (i915.enable_execlists) 4398 return false; 4399 4400 if (value >= 0) 4401 return value; 4402 4403 #ifdef CONFIG_INTEL_IOMMU 4404 /* Enable semaphores on SNB when IO remapping is off */ 4405 if (INTEL_INFO(dev_priv)->gen == 6 && intel_iommu_gfx_mapped) 4406 return false; 4407 #endif 4408 4409 return true; 4410 } 4411 4412 int i915_gem_init(struct drm_device *dev) 4413 { 4414 struct drm_i915_private *dev_priv = to_i915(dev); 4415 int ret; 4416 4417 mutex_lock(&dev->struct_mutex); 4418 4419 if (!i915.enable_execlists) { 4420 dev_priv->gt.resume = intel_legacy_submission_resume; 4421 dev_priv->gt.cleanup_engine = intel_engine_cleanup; 4422 } else { 4423 dev_priv->gt.resume = intel_lr_context_resume; 4424 dev_priv->gt.cleanup_engine = intel_logical_ring_cleanup; 4425 } 4426 4427 /* This is just a security blanket to placate dragons. 4428 * On some systems, we very sporadically observe that the first TLBs 4429 * used by the CS may be stale, despite us poking the TLB reset. If 4430 * we hold the forcewake during initialisation these problems 4431 * just magically go away. 4432 */ 4433 intel_uncore_forcewake_get(dev_priv, FORCEWAKE_ALL); 4434 4435 i915_gem_init_userptr(dev_priv); 4436 4437 ret = i915_gem_init_ggtt(dev_priv); 4438 if (ret) 4439 goto out_unlock; 4440 4441 ret = i915_gem_context_init(dev); 4442 if (ret) 4443 goto out_unlock; 4444 4445 ret = intel_engines_init(dev); 4446 if (ret) 4447 goto out_unlock; 4448 4449 ret = i915_gem_init_hw(dev); 4450 if (ret == -EIO) { 4451 /* Allow engine initialisation to fail by marking the GPU as 4452 * wedged. But we only want to do this where the GPU is angry, 4453 * for all other failure, such as an allocation failure, bail. 4454 */ 4455 DRM_ERROR("Failed to initialize GPU, declaring it wedged\n"); 4456 i915_gem_set_wedged(dev_priv); 4457 ret = 0; 4458 } 4459 4460 out_unlock: 4461 intel_uncore_forcewake_put(dev_priv, FORCEWAKE_ALL); 4462 mutex_unlock(&dev->struct_mutex); 4463 4464 return ret; 4465 } 4466 4467 void 4468 i915_gem_cleanup_engines(struct drm_device *dev) 4469 { 4470 struct drm_i915_private *dev_priv = to_i915(dev); 4471 struct intel_engine_cs *engine; 4472 enum intel_engine_id id; 4473 4474 for_each_engine(engine, dev_priv, id) 4475 dev_priv->gt.cleanup_engine(engine); 4476 } 4477 4478 void 4479 i915_gem_load_init_fences(struct drm_i915_private *dev_priv) 4480 { 4481 int i; 4482 4483 if (INTEL_INFO(dev_priv)->gen >= 7 && !IS_VALLEYVIEW(dev_priv) && 4484 !IS_CHERRYVIEW(dev_priv)) 4485 dev_priv->num_fence_regs = 32; 4486 else if (INTEL_INFO(dev_priv)->gen >= 4 || IS_I945G(dev_priv) || 4487 IS_I945GM(dev_priv) || IS_G33(dev_priv)) 4488 dev_priv->num_fence_regs = 16; 4489 else 4490 dev_priv->num_fence_regs = 8; 4491 4492 if (intel_vgpu_active(dev_priv)) 4493 dev_priv->num_fence_regs = 4494 I915_READ(vgtif_reg(avail_rs.fence_num)); 4495 4496 /* Initialize fence registers to zero */ 4497 for (i = 0; i < dev_priv->num_fence_regs; i++) { 4498 struct drm_i915_fence_reg *fence = &dev_priv->fence_regs[i]; 4499 4500 fence->i915 = dev_priv; 4501 fence->id = i; 4502 list_add_tail(&fence->link, &dev_priv->mm.fence_list); 4503 } 4504 i915_gem_restore_fences(dev_priv); 4505 4506 i915_gem_detect_bit_6_swizzle(dev_priv); 4507 } 4508 4509 int 4510 i915_gem_load_init(struct drm_device *dev) 4511 { 4512 struct drm_i915_private *dev_priv = to_i915(dev); 4513 int err = -ENOMEM; 4514 4515 dev_priv->objects = KMEM_CACHE(drm_i915_gem_object, SLAB_HWCACHE_ALIGN); 4516 if (!dev_priv->objects) 4517 goto err_out; 4518 4519 dev_priv->vmas = KMEM_CACHE(i915_vma, SLAB_HWCACHE_ALIGN); 4520 if (!dev_priv->vmas) 4521 goto err_objects; 4522 4523 dev_priv->requests = KMEM_CACHE(drm_i915_gem_request, 4524 SLAB_HWCACHE_ALIGN | 4525 SLAB_RECLAIM_ACCOUNT | 4526 SLAB_DESTROY_BY_RCU); 4527 if (!dev_priv->requests) 4528 goto err_vmas; 4529 4530 dev_priv->dependencies = KMEM_CACHE(i915_dependency, 4531 SLAB_HWCACHE_ALIGN | 4532 SLAB_RECLAIM_ACCOUNT); 4533 if (!dev_priv->dependencies) 4534 goto err_requests; 4535 4536 mutex_lock(&dev_priv->drm.struct_mutex); 4537 INIT_LIST_HEAD(&dev_priv->gt.timelines); 4538 err = i915_gem_timeline_init__global(dev_priv); 4539 mutex_unlock(&dev_priv->drm.struct_mutex); 4540 if (err) 4541 goto err_dependencies; 4542 4543 INIT_LIST_HEAD(&dev_priv->context_list); 4544 INIT_WORK(&dev_priv->mm.free_work, __i915_gem_free_work); 4545 init_llist_head(&dev_priv->mm.free_list); 4546 INIT_LIST_HEAD(&dev_priv->mm.unbound_list); 4547 INIT_LIST_HEAD(&dev_priv->mm.bound_list); 4548 INIT_LIST_HEAD(&dev_priv->mm.fence_list); 4549 INIT_LIST_HEAD(&dev_priv->mm.userfault_list); 4550 INIT_DELAYED_WORK(&dev_priv->gt.retire_work, 4551 i915_gem_retire_work_handler); 4552 INIT_DELAYED_WORK(&dev_priv->gt.idle_work, 4553 i915_gem_idle_work_handler); 4554 init_waitqueue_head(&dev_priv->gpu_error.wait_queue); 4555 init_waitqueue_head(&dev_priv->gpu_error.reset_queue); 4556 4557 dev_priv->relative_constants_mode = I915_EXEC_CONSTANTS_REL_GENERAL; 4558 4559 init_waitqueue_head(&dev_priv->pending_flip_queue); 4560 4561 dev_priv->mm.interruptible = true; 4562 4563 atomic_set(&dev_priv->mm.bsd_engine_dispatch_index, 0); 4564 4565 spin_lock_init(&dev_priv->fb_tracking.lock); 4566 4567 return 0; 4568 4569 err_dependencies: 4570 kmem_cache_destroy(dev_priv->dependencies); 4571 err_requests: 4572 kmem_cache_destroy(dev_priv->requests); 4573 err_vmas: 4574 kmem_cache_destroy(dev_priv->vmas); 4575 err_objects: 4576 kmem_cache_destroy(dev_priv->objects); 4577 err_out: 4578 return err; 4579 } 4580 4581 void i915_gem_load_cleanup(struct drm_device *dev) 4582 { 4583 struct drm_i915_private *dev_priv = to_i915(dev); 4584 4585 WARN_ON(!llist_empty(&dev_priv->mm.free_list)); 4586 4587 mutex_lock(&dev_priv->drm.struct_mutex); 4588 i915_gem_timeline_fini(&dev_priv->gt.global_timeline); 4589 WARN_ON(!list_empty(&dev_priv->gt.timelines)); 4590 mutex_unlock(&dev_priv->drm.struct_mutex); 4591 4592 kmem_cache_destroy(dev_priv->dependencies); 4593 kmem_cache_destroy(dev_priv->requests); 4594 kmem_cache_destroy(dev_priv->vmas); 4595 kmem_cache_destroy(dev_priv->objects); 4596 4597 /* And ensure that our DESTROY_BY_RCU slabs are truly destroyed */ 4598 rcu_barrier(); 4599 } 4600 4601 int i915_gem_freeze(struct drm_i915_private *dev_priv) 4602 { 4603 intel_runtime_pm_get(dev_priv); 4604 4605 mutex_lock(&dev_priv->drm.struct_mutex); 4606 i915_gem_shrink_all(dev_priv); 4607 mutex_unlock(&dev_priv->drm.struct_mutex); 4608 4609 intel_runtime_pm_put(dev_priv); 4610 4611 return 0; 4612 } 4613 4614 int i915_gem_freeze_late(struct drm_i915_private *dev_priv) 4615 { 4616 struct drm_i915_gem_object *obj; 4617 struct list_head *phases[] = { 4618 &dev_priv->mm.unbound_list, 4619 &dev_priv->mm.bound_list, 4620 NULL 4621 }, **p; 4622 4623 /* Called just before we write the hibernation image. 4624 * 4625 * We need to update the domain tracking to reflect that the CPU 4626 * will be accessing all the pages to create and restore from the 4627 * hibernation, and so upon restoration those pages will be in the 4628 * CPU domain. 4629 * 4630 * To make sure the hibernation image contains the latest state, 4631 * we update that state just before writing out the image. 4632 * 4633 * To try and reduce the hibernation image, we manually shrink 4634 * the objects as well. 4635 */ 4636 4637 mutex_lock(&dev_priv->drm.struct_mutex); 4638 i915_gem_shrink(dev_priv, -1UL, I915_SHRINK_UNBOUND); 4639 4640 for (p = phases; *p; p++) { 4641 list_for_each_entry(obj, *p, global_link) { 4642 obj->base.read_domains = I915_GEM_DOMAIN_CPU; 4643 obj->base.write_domain = I915_GEM_DOMAIN_CPU; 4644 } 4645 } 4646 mutex_unlock(&dev_priv->drm.struct_mutex); 4647 4648 return 0; 4649 } 4650 4651 void i915_gem_release(struct drm_device *dev, struct drm_file *file) 4652 { 4653 struct drm_i915_file_private *file_priv = file->driver_priv; 4654 struct drm_i915_gem_request *request; 4655 4656 /* Clean up our request list when the client is going away, so that 4657 * later retire_requests won't dereference our soon-to-be-gone 4658 * file_priv. 4659 */ 4660 spin_lock(&file_priv->mm.lock); 4661 list_for_each_entry(request, &file_priv->mm.request_list, client_list) 4662 request->file_priv = NULL; 4663 spin_unlock(&file_priv->mm.lock); 4664 4665 if (!list_empty(&file_priv->rps.link)) { 4666 spin_lock(&to_i915(dev)->rps.client_lock); 4667 list_del(&file_priv->rps.link); 4668 spin_unlock(&to_i915(dev)->rps.client_lock); 4669 } 4670 } 4671 4672 int i915_gem_open(struct drm_device *dev, struct drm_file *file) 4673 { 4674 struct drm_i915_file_private *file_priv; 4675 int ret; 4676 4677 DRM_DEBUG("\n"); 4678 4679 file_priv = kzalloc(sizeof(*file_priv), GFP_KERNEL); 4680 if (!file_priv) 4681 return -ENOMEM; 4682 4683 file->driver_priv = file_priv; 4684 file_priv->dev_priv = to_i915(dev); 4685 file_priv->file = file; 4686 INIT_LIST_HEAD(&file_priv->rps.link); 4687 4688 spin_lock_init(&file_priv->mm.lock); 4689 INIT_LIST_HEAD(&file_priv->mm.request_list); 4690 4691 file_priv->bsd_engine = -1; 4692 4693 ret = i915_gem_context_open(dev, file); 4694 if (ret) 4695 kfree(file_priv); 4696 4697 return ret; 4698 } 4699 4700 /** 4701 * i915_gem_track_fb - update frontbuffer tracking 4702 * @old: current GEM buffer for the frontbuffer slots 4703 * @new: new GEM buffer for the frontbuffer slots 4704 * @frontbuffer_bits: bitmask of frontbuffer slots 4705 * 4706 * This updates the frontbuffer tracking bits @frontbuffer_bits by clearing them 4707 * from @old and setting them in @new. Both @old and @new can be NULL. 4708 */ 4709 void i915_gem_track_fb(struct drm_i915_gem_object *old, 4710 struct drm_i915_gem_object *new, 4711 unsigned frontbuffer_bits) 4712 { 4713 /* Control of individual bits within the mask are guarded by 4714 * the owning plane->mutex, i.e. we can never see concurrent 4715 * manipulation of individual bits. But since the bitfield as a whole 4716 * is updated using RMW, we need to use atomics in order to update 4717 * the bits. 4718 */ 4719 BUILD_BUG_ON(INTEL_FRONTBUFFER_BITS_PER_PIPE * I915_MAX_PIPES > 4720 sizeof(atomic_t) * BITS_PER_BYTE); 4721 4722 if (old) { 4723 WARN_ON(!(atomic_read(&old->frontbuffer_bits) & frontbuffer_bits)); 4724 atomic_andnot(frontbuffer_bits, &old->frontbuffer_bits); 4725 } 4726 4727 if (new) { 4728 WARN_ON(atomic_read(&new->frontbuffer_bits) & frontbuffer_bits); 4729 atomic_or(frontbuffer_bits, &new->frontbuffer_bits); 4730 } 4731 } 4732 4733 /* Allocate a new GEM object and fill it with the supplied data */ 4734 struct drm_i915_gem_object * 4735 i915_gem_object_create_from_data(struct drm_device *dev, 4736 const void *data, size_t size) 4737 { 4738 struct drm_i915_gem_object *obj; 4739 struct sg_table *sg; 4740 size_t bytes; 4741 int ret; 4742 4743 obj = i915_gem_object_create(dev, round_up(size, PAGE_SIZE)); 4744 if (IS_ERR(obj)) 4745 return obj; 4746 4747 ret = i915_gem_object_set_to_cpu_domain(obj, true); 4748 if (ret) 4749 goto fail; 4750 4751 ret = i915_gem_object_pin_pages(obj); 4752 if (ret) 4753 goto fail; 4754 4755 sg = obj->mm.pages; 4756 bytes = sg_copy_from_buffer(sg->sgl, sg->nents, (void *)data, size); 4757 obj->mm.dirty = true; /* Backing store is now out of date */ 4758 i915_gem_object_unpin_pages(obj); 4759 4760 if (WARN_ON(bytes != size)) { 4761 DRM_ERROR("Incomplete copy, wrote %zu of %zu", bytes, size); 4762 ret = -EFAULT; 4763 goto fail; 4764 } 4765 4766 return obj; 4767 4768 fail: 4769 i915_gem_object_put(obj); 4770 return ERR_PTR(ret); 4771 } 4772 4773 struct scatterlist * 4774 i915_gem_object_get_sg(struct drm_i915_gem_object *obj, 4775 unsigned int n, 4776 unsigned int *offset) 4777 { 4778 struct i915_gem_object_page_iter *iter = &obj->mm.get_page; 4779 struct scatterlist *sg; 4780 unsigned int idx, count; 4781 4782 might_sleep(); 4783 GEM_BUG_ON(n >= obj->base.size >> PAGE_SHIFT); 4784 GEM_BUG_ON(!i915_gem_object_has_pinned_pages(obj)); 4785 4786 /* As we iterate forward through the sg, we record each entry in a 4787 * radixtree for quick repeated (backwards) lookups. If we have seen 4788 * this index previously, we will have an entry for it. 4789 * 4790 * Initial lookup is O(N), but this is amortized to O(1) for 4791 * sequential page access (where each new request is consecutive 4792 * to the previous one). Repeated lookups are O(lg(obj->base.size)), 4793 * i.e. O(1) with a large constant! 4794 */ 4795 if (n < READ_ONCE(iter->sg_idx)) 4796 goto lookup; 4797 4798 mutex_lock(&iter->lock); 4799 4800 /* We prefer to reuse the last sg so that repeated lookup of this 4801 * (or the subsequent) sg are fast - comparing against the last 4802 * sg is faster than going through the radixtree. 4803 */ 4804 4805 sg = iter->sg_pos; 4806 idx = iter->sg_idx; 4807 count = __sg_page_count(sg); 4808 4809 while (idx + count <= n) { 4810 unsigned long exception, i; 4811 int ret; 4812 4813 /* If we cannot allocate and insert this entry, or the 4814 * individual pages from this range, cancel updating the 4815 * sg_idx so that on this lookup we are forced to linearly 4816 * scan onwards, but on future lookups we will try the 4817 * insertion again (in which case we need to be careful of 4818 * the error return reporting that we have already inserted 4819 * this index). 4820 */ 4821 ret = radix_tree_insert(&iter->radix, idx, sg); 4822 if (ret && ret != -EEXIST) 4823 goto scan; 4824 4825 exception = 4826 RADIX_TREE_EXCEPTIONAL_ENTRY | 4827 idx << RADIX_TREE_EXCEPTIONAL_SHIFT; 4828 for (i = 1; i < count; i++) { 4829 ret = radix_tree_insert(&iter->radix, idx + i, 4830 (void *)exception); 4831 if (ret && ret != -EEXIST) 4832 goto scan; 4833 } 4834 4835 idx += count; 4836 sg = ____sg_next(sg); 4837 count = __sg_page_count(sg); 4838 } 4839 4840 scan: 4841 iter->sg_pos = sg; 4842 iter->sg_idx = idx; 4843 4844 mutex_unlock(&iter->lock); 4845 4846 if (unlikely(n < idx)) /* insertion completed by another thread */ 4847 goto lookup; 4848 4849 /* In case we failed to insert the entry into the radixtree, we need 4850 * to look beyond the current sg. 4851 */ 4852 while (idx + count <= n) { 4853 idx += count; 4854 sg = ____sg_next(sg); 4855 count = __sg_page_count(sg); 4856 } 4857 4858 *offset = n - idx; 4859 return sg; 4860 4861 lookup: 4862 rcu_read_lock(); 4863 4864 sg = radix_tree_lookup(&iter->radix, n); 4865 GEM_BUG_ON(!sg); 4866 4867 /* If this index is in the middle of multi-page sg entry, 4868 * the radixtree will contain an exceptional entry that points 4869 * to the start of that range. We will return the pointer to 4870 * the base page and the offset of this page within the 4871 * sg entry's range. 4872 */ 4873 *offset = 0; 4874 if (unlikely(radix_tree_exception(sg))) { 4875 unsigned long base = 4876 (unsigned long)sg >> RADIX_TREE_EXCEPTIONAL_SHIFT; 4877 4878 sg = radix_tree_lookup(&iter->radix, base); 4879 GEM_BUG_ON(!sg); 4880 4881 *offset = n - base; 4882 } 4883 4884 rcu_read_unlock(); 4885 4886 return sg; 4887 } 4888 4889 struct page * 4890 i915_gem_object_get_page(struct drm_i915_gem_object *obj, unsigned int n) 4891 { 4892 struct scatterlist *sg; 4893 unsigned int offset; 4894 4895 GEM_BUG_ON(!i915_gem_object_has_struct_page(obj)); 4896 4897 sg = i915_gem_object_get_sg(obj, n, &offset); 4898 return nth_page(sg_page(sg), offset); 4899 } 4900 4901 /* Like i915_gem_object_get_page(), but mark the returned page dirty */ 4902 struct page * 4903 i915_gem_object_get_dirty_page(struct drm_i915_gem_object *obj, 4904 unsigned int n) 4905 { 4906 struct page *page; 4907 4908 page = i915_gem_object_get_page(obj, n); 4909 if (!obj->mm.dirty) 4910 set_page_dirty(page); 4911 4912 return page; 4913 } 4914 4915 dma_addr_t 4916 i915_gem_object_get_dma_address(struct drm_i915_gem_object *obj, 4917 unsigned long n) 4918 { 4919 struct scatterlist *sg; 4920 unsigned int offset; 4921 4922 sg = i915_gem_object_get_sg(obj, n, &offset); 4923 return sg_dma_address(sg) + (offset << PAGE_SHIFT); 4924 } 4925