projects / linux-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
drm/i915: Check context status before looking up our obj/vma
[linux-block.git] / drivers / gpu / drm / i915 / i915_gem_execbuffer.c
CommitLineData
54cf91dc
CW		 1/*
2 * Copyright © 2008,2010 Intel Corporation
3 *
4 * Permission is hereby granted, free of charge, to any person obtaining a
5 * copy of this software and associated documentation files (the "Software"),
6 * to deal in the Software without restriction, including without limitation
7 * the rights to use, copy, modify, merge, publish, distribute, sublicense,
8 * and/or sell copies of the Software, and to permit persons to whom the
9 * Software is furnished to do so, subject to the following conditions:
10 *
11 * The above copyright notice and this permission notice (including the next
12 * paragraph) shall be included in all copies or substantial portions of the
13 * Software.
14 *
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
18 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
20 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
21 * IN THE SOFTWARE.
22 *
23 * Authors:
24 * Eric Anholt <eric@anholt.net>
25 * Chris Wilson <chris@chris-wilson.co.uk>
26 *
27 */
28
ad778f89
CW		 29#include <linux/dma_remapping.h>
30#include <linux/reservation.h>
fec0445c 31#include <linux/sync_file.h>
ad778f89
CW		 32#include <linux/uaccess.h>
33
760285e7 34#include <drm/drmP.h>
cf6e7bac 35#include <drm/drm_syncobj.h>
760285e7 36#include <drm/i915_drm.h>
ad778f89 37
54cf91dc 38#include "i915_drv.h"
57822dc6 39#include "i915_gem_clflush.h"
54cf91dc
CW		 40#include "i915_trace.h"
41#include "intel_drv.h"
5d723d7a 42#include "intel_frontbuffer.h"
54cf91dc 43
7dd4f672
CW		 44enum {
45 FORCE_CPU_RELOC = 1,
46 FORCE_GTT_RELOC,
47 FORCE_GPU_RELOC,
48#define DBG_FORCE_RELOC 0 /* choose one of the above! */
49};
d50415cc 50
dade2a61
CW		 51#define __EXEC_OBJECT_HAS_REF BIT(31)
52#define __EXEC_OBJECT_HAS_PIN BIT(30)
53#define __EXEC_OBJECT_HAS_FENCE BIT(29)
54#define __EXEC_OBJECT_NEEDS_MAP BIT(28)
55#define __EXEC_OBJECT_NEEDS_BIAS BIT(27)
56#define __EXEC_OBJECT_INTERNAL_FLAGS (~0u << 27) /* all of the above */
2889caa9
CW		 57#define __EXEC_OBJECT_RESERVED (__EXEC_OBJECT_HAS_PIN | __EXEC_OBJECT_HAS_FENCE)
58
59#define __EXEC_HAS_RELOC BIT(31)
60#define __EXEC_VALIDATED BIT(30)
61#define UPDATE PIN_OFFSET_FIXED
d23db88c
CW		 62
63#define BATCH_OFFSET_BIAS (256*1024)
a415d355 64
650bc635
CW		 65#define __I915_EXEC_ILLEGAL_FLAGS \
66 (__I915_EXEC_UNKNOWN_FLAGS | I915_EXEC_CONSTANTS_MASK)
5b043f4e 67
2889caa9
CW		 68/**
69 * DOC: User command execution
70 *
71 * Userspace submits commands to be executed on the GPU as an instruction
72 * stream within a GEM object we call a batchbuffer. This instructions may
73 * refer to other GEM objects containing auxiliary state such as kernels,
74 * samplers, render targets and even secondary batchbuffers. Userspace does
75 * not know where in the GPU memory these objects reside and so before the
76 * batchbuffer is passed to the GPU for execution, those addresses in the
77 * batchbuffer and auxiliary objects are updated. This is known as relocation,
78 * or patching. To try and avoid having to relocate each object on the next
79 * execution, userspace is told the location of those objects in this pass,
80 * but this remains just a hint as the kernel may choose a new location for
81 * any object in the future.
82 *
83 * Processing an execbuf ioctl is conceptually split up into a few phases.
84 *
85 * 1. Validation - Ensure all the pointers, handles and flags are valid.
86 * 2. Reservation - Assign GPU address space for every object
87 * 3. Relocation - Update any addresses to point to the final locations
88 * 4. Serialisation - Order the request with respect to its dependencies
89 * 5. Construction - Construct a request to execute the batchbuffer
90 * 6. Submission (at some point in the future execution)
91 *
92 * Reserving resources for the execbuf is the most complicated phase. We
93 * neither want to have to migrate the object in the address space, nor do
94 * we want to have to update any relocations pointing to this object. Ideally,
95 * we want to leave the object where it is and for all the existing relocations
96 * to match. If the object is given a new address, or if userspace thinks the
97 * object is elsewhere, we have to parse all the relocation entries and update
98 * the addresses. Userspace can set the I915_EXEC_NORELOC flag to hint that
99 * all the target addresses in all of its objects match the value in the
100 * relocation entries and that they all match the presumed offsets given by the
101 * list of execbuffer objects. Using this knowledge, we know that if we haven't
102 * moved any buffers, all the relocation entries are valid and we can skip
103 * the update. (If userspace is wrong, the likely outcome is an impromptu GPU
104 * hang.) The requirement for using I915_EXEC_NO_RELOC are:
105 *
106 * The addresses written in the objects must match the corresponding
107 * reloc.presumed_offset which in turn must match the corresponding
108 * execobject.offset.
109 *
110 * Any render targets written to in the batch must be flagged with
111 * EXEC_OBJECT_WRITE.
112 *
113 * To avoid stalling, execobject.offset should match the current
114 * address of that object within the active context.
115 *
116 * The reservation is done is multiple phases. First we try and keep any
117 * object already bound in its current location - so as long as meets the
118 * constraints imposed by the new execbuffer. Any object left unbound after the
119 * first pass is then fitted into any available idle space. If an object does
120 * not fit, all objects are removed from the reservation and the process rerun
121 * after sorting the objects into a priority order (more difficult to fit
122 * objects are tried first). Failing that, the entire VM is cleared and we try
123 * to fit the execbuf once last time before concluding that it simply will not
124 * fit.
125 *
126 * A small complication to all of this is that we allow userspace not only to
127 * specify an alignment and a size for the object in the address space, but
128 * we also allow userspace to specify the exact offset. This objects are
129 * simpler to place (the location is known a priori) all we have to do is make
130 * sure the space is available.
131 *
132 * Once all the objects are in place, patching up the buried pointers to point
133 * to the final locations is a fairly simple job of walking over the relocation
134 * entry arrays, looking up the right address and rewriting the value into
135 * the object. Simple! ... The relocation entries are stored in user memory
136 * and so to access them we have to copy them into a local buffer. That copy
137 * has to avoid taking any pagefaults as they may lead back to a GEM object
138 * requiring the struct_mutex (i.e. recursive deadlock). So once again we split
139 * the relocation into multiple passes. First we try to do everything within an
140 * atomic context (avoid the pagefaults) which requires that we never wait. If
141 * we detect that we may wait, or if we need to fault, then we have to fallback
142 * to a slower path. The slowpath has to drop the mutex. (Can you hear alarm
143 * bells yet?) Dropping the mutex means that we lose all the state we have
144 * built up so far for the execbuf and we must reset any global data. However,
145 * we do leave the objects pinned in their final locations - which is a
146 * potential issue for concurrent execbufs. Once we have left the mutex, we can
147 * allocate and copy all the relocation entries into a large array at our
148 * leisure, reacquire the mutex, reclaim all the objects and other state and
149 * then proceed to update any incorrect addresses with the objects.
150 *
151 * As we process the relocation entries, we maintain a record of whether the
152 * object is being written to. Using NORELOC, we expect userspace to provide
153 * this information instead. We also check whether we can skip the relocation
154 * by comparing the expected value inside the relocation entry with the target's
155 * final address. If they differ, we have to map the current object and rewrite
156 * the 4 or 8 byte pointer within.
157 *
158 * Serialising an execbuf is quite simple according to the rules of the GEM
159 * ABI. Execution within each context is ordered by the order of submission.
160 * Writes to any GEM object are in order of submission and are exclusive. Reads
161 * from a GEM object are unordered with respect to other reads, but ordered by
162 * writes. A write submitted after a read cannot occur before the read, and
163 * similarly any read submitted after a write cannot occur before the write.
164 * Writes are ordered between engines such that only one write occurs at any
165 * time (completing any reads beforehand) - using semaphores where available
166 * and CPU serialisation otherwise. Other GEM access obey the same rules, any
167 * write (either via mmaps using set-domain, or via pwrite) must flush all GPU
168 * reads before starting, and any read (either using set-domain or pread) must
169 * flush all GPU writes before starting. (Note we only employ a barrier before,
170 * we currently rely on userspace not concurrently starting a new execution
171 * whilst reading or writing to an object. This may be an advantage or not
172 * depending on how much you trust userspace not to shoot themselves in the
173 * foot.) Serialisation may just result in the request being inserted into
174 * a DAG awaiting its turn, but most simple is to wait on the CPU until
175 * all dependencies are resolved.
176 *
177 * After all of that, is just a matter of closing the request and handing it to
178 * the hardware (well, leaving it in a queue to be executed). However, we also
179 * offer the ability for batchbuffers to be run with elevated privileges so
180 * that they access otherwise hidden registers. (Used to adjust L3 cache etc.)
181 * Before any batch is given extra privileges we first must check that it
182 * contains no nefarious instructions, we check that each instruction is from
183 * our whitelist and all registers are also from an allowed list. We first
184 * copy the user's batchbuffer to a shadow (so that the user doesn't have
185 * access to it, either by the CPU or GPU as we scan it) and then parse each
186 * instruction. If everything is ok, we set a flag telling the hardware to run
187 * the batchbuffer in trusted mode, otherwise the ioctl is rejected.
188 */
189
650bc635 190struct i915_execbuffer {
2889caa9
CW		 191 struct drm_i915_private *i915; /** i915 backpointer */
192 struct drm_file *file; /** per-file lookup tables and limits */
193 struct drm_i915_gem_execbuffer2 *args; /** ioctl parameters */
194 struct drm_i915_gem_exec_object2 *exec; /** ioctl execobj[] */
195
196 struct intel_engine_cs *engine; /** engine to queue the request to */
197 struct i915_gem_context *ctx; /** context for building the request */
198 struct i915_address_space *vm; /** GTT and vma for the request */
199
200 struct drm_i915_gem_request *request; /** our request to build */
201 struct i915_vma *batch; /** identity of the batch obj/vma */
202
203 /** actual size of execobj[] as we may extend it for the cmdparser */
204 unsigned int buffer_count;
205
206 /** list of vma not yet bound during reservation phase */
207 struct list_head unbound;
208
209 /** list of vma that have execobj.relocation_count */
210 struct list_head relocs;
211
212 /**
213 * Track the most recently used object for relocations, as we
214 * frequently have to perform multiple relocations within the same
215 * obj/page
216 */
650bc635 217 struct reloc_cache {
2889caa9
CW		 218 struct drm_mm_node node; /** temporary GTT binding */
219 unsigned long vaddr; /** Current kmap address */
220 unsigned long page; /** Currently mapped page index */
7dd4f672 221 unsigned int gen; /** Cached value of INTEL_GEN */
650bc635 222 bool use_64bit_reloc : 1;
2889caa9
CW		 223 bool has_llc : 1;
224 bool has_fence : 1;
225 bool needs_unfenced : 1;
7dd4f672
CW		 226
227 struct drm_i915_gem_request *rq;
228 u32 *rq_cmd;
229 unsigned int rq_size;
650bc635 230 } reloc_cache;
2889caa9
CW		 231
232 u64 invalid_flags; /** Set of execobj.flags that are invalid */
233 u32 context_flags; /** Set of execobj.flags to insert from the ctx */
234
235 u32 batch_start_offset; /** Location within object of batch */
236 u32 batch_len; /** Length of batch within object */
237 u32 batch_flags; /** Flags composed for emit_bb_start() */
238
239 /**
240 * Indicate either the size of the hastable used to resolve
241 * relocation handles, or if negative that we are using a direct
242 * index into the execobj[].
243 */
244 int lut_size;
245 struct hlist_head *buckets; /** ht for relocation handles */
67731b87
CW		 246};
247
4ff4b44c
CW		 248/*
249 * As an alternative to creating a hashtable of handle-to-vma for a batch,
250 * we used the last available reserved field in the execobject[] and stash
251 * a link from the execobj to its vma.
252 */
253#define __exec_to_vma(ee) (ee)->rsvd2
254#define exec_to_vma(ee) u64_to_ptr(struct i915_vma, __exec_to_vma(ee))
255
2889caa9
CW		 256/*
257 * Used to convert any address to canonical form.
258 * Starting from gen8, some commands (e.g. STATE_BASE_ADDRESS,
259 * MI_LOAD_REGISTER_MEM and others, see Broadwell PRM Vol2a) require the
260 * addresses to be in a canonical form:
261 * "GraphicsAddress[63:48] are ignored by the HW and assumed to be in correct
262 * canonical form [63:48] == [47]."
263 */
264#define GEN8_HIGH_ADDRESS_BIT 47
265static inline u64 gen8_canonical_addr(u64 address)
266{
267 return sign_extend64(address, GEN8_HIGH_ADDRESS_BIT);
268}
269
270static inline u64 gen8_noncanonical_addr(u64 address)
271{
272 return address & GENMASK_ULL(GEN8_HIGH_ADDRESS_BIT, 0);
273}
274
650bc635 275static int eb_create(struct i915_execbuffer *eb)
67731b87 276{
2889caa9
CW		 277 if (!(eb->args->flags & I915_EXEC_HANDLE_LUT)) {
278 unsigned int size = 1 + ilog2(eb->buffer_count);
4ff4b44c 279
2889caa9
CW		 280 /*
281 * Without a 1:1 association between relocation handles and
282 * the execobject[] index, we instead create a hashtable.
283 * We size it dynamically based on available memory, starting
284 * first with 1:1 assocative hash and scaling back until
285 * the allocation succeeds.
286 *
287 * Later on we use a positive lut_size to indicate we are
288 * using this hashtable, and a negative value to indicate a
289 * direct lookup.
290 */
4ff4b44c 291 do {
4d470f73
CW		 292 unsigned int flags;
293
294 /* While we can still reduce the allocation size, don't
295 * raise a warning and allow the allocation to fail.
296 * On the last pass though, we want to try as hard
297 * as possible to perform the allocation and warn
298 * if it fails.
299 */
300 flags = GFP_TEMPORARY;
301 if (size > 1)
302 flags |= __GFP_NORETRY | __GFP_NOWARN;
303
4ff4b44c 304 eb->buckets = kzalloc(sizeof(struct hlist_head) << size,
4d470f73 305 flags);
4ff4b44c
CW		 306 if (eb->buckets)
307 break;
308 } while (--size);
309
4d470f73
CW		 310 if (unlikely(!size))
311 return -ENOMEM;
eef90ccb 312
2889caa9 313 eb->lut_size = size;
650bc635 314 } else {
2889caa9 315 eb->lut_size = -eb->buffer_count;
650bc635 316 }
eef90ccb 317
650bc635 318 return 0;
67731b87
CW		 319}
320
2889caa9
CW		 321static bool
322eb_vma_misplaced(const struct drm_i915_gem_exec_object2 *entry,
323 const struct i915_vma *vma)
324{
325 if (!(entry->flags & __EXEC_OBJECT_HAS_PIN))
326 return true;
327
328 if (vma->node.size < entry->pad_to_size)
329 return true;
330
331 if (entry->alignment && !IS_ALIGNED(vma->node.start, entry->alignment))
332 return true;
333
334 if (entry->flags & EXEC_OBJECT_PINNED &&
335 vma->node.start != entry->offset)
336 return true;
337
338 if (entry->flags & __EXEC_OBJECT_NEEDS_BIAS &&
339 vma->node.start < BATCH_OFFSET_BIAS)
340 return true;
341
342 if (!(entry->flags & EXEC_OBJECT_SUPPORTS_48B_ADDRESS) &&
343 (vma->node.start + vma->node.size - 1) >> 32)
344 return true;
345
346 return false;
347}
348
349static inline void
350eb_pin_vma(struct i915_execbuffer *eb,
351 struct drm_i915_gem_exec_object2 *entry,
352 struct i915_vma *vma)
353{
354 u64 flags;
355
616d9cee
CW		 356 if (vma->node.size)
357 flags = vma->node.start;
358 else
359 flags = entry->offset & PIN_OFFSET_MASK;
360
361 flags |= PIN_USER | PIN_NOEVICT | PIN_OFFSET_FIXED;
2889caa9
CW		 362 if (unlikely(entry->flags & EXEC_OBJECT_NEEDS_GTT))
363 flags |= PIN_GLOBAL;
616d9cee 364
2889caa9
CW		 365 if (unlikely(i915_vma_pin(vma, 0, 0, flags)))
366 return;
367
368 if (unlikely(entry->flags & EXEC_OBJECT_NEEDS_FENCE)) {
369 if (unlikely(i915_vma_get_fence(vma))) {
370 i915_vma_unpin(vma);
371 return;
372 }
373
374 if (i915_vma_pin_fence(vma))
375 entry->flags |= __EXEC_OBJECT_HAS_FENCE;
376 }
377
378 entry->flags |= __EXEC_OBJECT_HAS_PIN;
379}
380
d55495b4
CW		 381static inline void
382__eb_unreserve_vma(struct i915_vma *vma,
383 const struct drm_i915_gem_exec_object2 *entry)
384{
2889caa9
CW		 385 GEM_BUG_ON(!(entry->flags & __EXEC_OBJECT_HAS_PIN));
386
d55495b4
CW		 387 if (unlikely(entry->flags & __EXEC_OBJECT_HAS_FENCE))
388 i915_vma_unpin_fence(vma);
389
2889caa9 390 __i915_vma_unpin(vma);
d55495b4
CW		 391}
392
2889caa9
CW		 393static inline void
394eb_unreserve_vma(struct i915_vma *vma,
395 struct drm_i915_gem_exec_object2 *entry)
d55495b4 396{
2889caa9
CW		 397 if (!(entry->flags & __EXEC_OBJECT_HAS_PIN))
398 return;
d55495b4
CW		 399
400 __eb_unreserve_vma(vma, entry);
2889caa9 401 entry->flags &= ~__EXEC_OBJECT_RESERVED;
d55495b4
CW		 402}
403
2889caa9
CW		 404static int
405eb_validate_vma(struct i915_execbuffer *eb,
406 struct drm_i915_gem_exec_object2 *entry,
407 struct i915_vma *vma)
67731b87 408{
2889caa9
CW		 409 if (unlikely(entry->flags & eb->invalid_flags))
410 return -EINVAL;
d55495b4 411
2889caa9
CW		 412 if (unlikely(entry->alignment && !is_power_of_2(entry->alignment)))
413 return -EINVAL;
414
415 /*
416 * Offset can be used as input (EXEC_OBJECT_PINNED), reject
417 * any non-page-aligned or non-canonical addresses.
418 */
419 if (unlikely(entry->flags & EXEC_OBJECT_PINNED &&
420 entry->offset != gen8_canonical_addr(entry->offset & PAGE_MASK)))
421 return -EINVAL;
422
423 /* pad_to_size was once a reserved field, so sanitize it */
424 if (entry->flags & EXEC_OBJECT_PAD_TO_SIZE) {
425 if (unlikely(offset_in_page(entry->pad_to_size)))
426 return -EINVAL;
427 } else {
428 entry->pad_to_size = 0;
d55495b4
CW		 429 }
430
2889caa9
CW		 431 if (unlikely(vma->exec_entry)) {
432 DRM_DEBUG("Object [handle %d, index %d] appears more than once in object list\n",
433 entry->handle, (int)(entry - eb->exec));
434 return -EINVAL;
435 }
436
437 /*
438 * From drm_mm perspective address space is continuous,
439 * so from this point we're always using non-canonical
440 * form internally.
441 */
442 entry->offset = gen8_noncanonical_addr(entry->offset);
443
444 return 0;
67731b87
CW		 445}
446
2889caa9
CW		 447static int
448eb_add_vma(struct i915_execbuffer *eb,
449 struct drm_i915_gem_exec_object2 *entry,
450 struct i915_vma *vma)
59bfa124 451{
2889caa9
CW		 452 int err;
453
454 GEM_BUG_ON(i915_vma_is_closed(vma));
455
456 if (!(eb->args->flags & __EXEC_VALIDATED)) {
457 err = eb_validate_vma(eb, entry, vma);
458 if (unlikely(err))
459 return err;
4ff4b44c 460 }
4ff4b44c 461
4d470f73 462 if (eb->lut_size > 0) {
2889caa9 463 vma->exec_handle = entry->handle;
4ff4b44c 464 hlist_add_head(&vma->exec_node,
2889caa9
CW		 465 &eb->buckets[hash_32(entry->handle,
466 eb->lut_size)]);
4ff4b44c 467 }
59bfa124 468
2889caa9
CW		 469 if (entry->relocation_count)
470 list_add_tail(&vma->reloc_link, &eb->relocs);
471
472 if (!eb->reloc_cache.has_fence) {
473 entry->flags &= ~EXEC_OBJECT_NEEDS_FENCE;
474 } else {
475 if ((entry->flags & EXEC_OBJECT_NEEDS_FENCE ||
476 eb->reloc_cache.needs_unfenced) &&
477 i915_gem_object_is_tiled(vma->obj))
478 entry->flags |= EXEC_OBJECT_NEEDS_GTT | __EXEC_OBJECT_NEEDS_MAP;
479 }
480
481 if (!(entry->flags & EXEC_OBJECT_PINNED))
482 entry->flags |= eb->context_flags;
483
484 /*
485 * Stash a pointer from the vma to execobj, so we can query its flags,
486 * size, alignment etc as provided by the user. Also we stash a pointer
487 * to the vma inside the execobj so that we can use a direct lookup
488 * to find the right target VMA when doing relocations.
489 */
490 vma->exec_entry = entry;
dade2a61 491 __exec_to_vma(entry) = (uintptr_t)vma;
2889caa9
CW		 492
493 err = 0;
616d9cee 494 eb_pin_vma(eb, entry, vma);
2889caa9
CW		 495 if (eb_vma_misplaced(entry, vma)) {
496 eb_unreserve_vma(vma, entry);
497
498 list_add_tail(&vma->exec_link, &eb->unbound);
499 if (drm_mm_node_allocated(&vma->node))
500 err = i915_vma_unbind(vma);
501 } else {
502 if (entry->offset != vma->node.start) {
503 entry->offset = vma->node.start | UPDATE;
504 eb->args->flags |= __EXEC_HAS_RELOC;
505 }
506 }
507 return err;
508}
509
510static inline int use_cpu_reloc(const struct reloc_cache *cache,
511 const struct drm_i915_gem_object *obj)
512{
513 if (!i915_gem_object_has_struct_page(obj))
514 return false;
515
7dd4f672
CW		 516 if (DBG_FORCE_RELOC == FORCE_CPU_RELOC)
517 return true;
518
519 if (DBG_FORCE_RELOC == FORCE_GTT_RELOC)
520 return false;
2889caa9
CW		 521
522 return (cache->has_llc ||
523 obj->cache_dirty ||
524 obj->cache_level != I915_CACHE_NONE);
525}
526
527static int eb_reserve_vma(const struct i915_execbuffer *eb,
528 struct i915_vma *vma)
529{
530 struct drm_i915_gem_exec_object2 *entry = vma->exec_entry;
531 u64 flags;
532 int err;
533
534 flags = PIN_USER | PIN_NONBLOCK;
535 if (entry->flags & EXEC_OBJECT_NEEDS_GTT)
536 flags |= PIN_GLOBAL;
537
538 /*
539 * Wa32bitGeneralStateOffset & Wa32bitInstructionBaseOffset,
540 * limit address to the first 4GBs for unflagged objects.
541 */
542 if (!(entry->flags & EXEC_OBJECT_SUPPORTS_48B_ADDRESS))
543 flags |= PIN_ZONE_4G;
544
545 if (entry->flags & __EXEC_OBJECT_NEEDS_MAP)
546 flags |= PIN_MAPPABLE;
547
548 if (entry->flags & EXEC_OBJECT_PINNED) {
549 flags |= entry->offset | PIN_OFFSET_FIXED;
550 flags &= ~PIN_NONBLOCK; /* force overlapping PINNED checks */
551 } else if (entry->flags & __EXEC_OBJECT_NEEDS_BIAS) {
552 flags |= BATCH_OFFSET_BIAS | PIN_OFFSET_BIAS;
553 }
554
555 err = i915_vma_pin(vma, entry->pad_to_size, entry->alignment, flags);
556 if (err)
557 return err;
558
559 if (entry->offset != vma->node.start) {
560 entry->offset = vma->node.start | UPDATE;
561 eb->args->flags |= __EXEC_HAS_RELOC;
562 }
563
2889caa9
CW		 564 if (unlikely(entry->flags & EXEC_OBJECT_NEEDS_FENCE)) {
565 err = i915_vma_get_fence(vma);
566 if (unlikely(err)) {
567 i915_vma_unpin(vma);
568 return err;
569 }
570
571 if (i915_vma_pin_fence(vma))
572 entry->flags |= __EXEC_OBJECT_HAS_FENCE;
573 }
574
1da7b54c
CW		 575 entry->flags |= __EXEC_OBJECT_HAS_PIN;
576 GEM_BUG_ON(eb_vma_misplaced(entry, vma));
577
2889caa9
CW		 578 return 0;
579}
580
581static int eb_reserve(struct i915_execbuffer *eb)
582{
583 const unsigned int count = eb->buffer_count;
584 struct list_head last;
585 struct i915_vma *vma;
586 unsigned int i, pass;
587 int err;
588
589 /*
590 * Attempt to pin all of the buffers into the GTT.
591 * This is done in 3 phases:
592 *
593 * 1a. Unbind all objects that do not match the GTT constraints for
594 * the execbuffer (fenceable, mappable, alignment etc).
595 * 1b. Increment pin count for already bound objects.
596 * 2. Bind new objects.
597 * 3. Decrement pin count.
598 *
599 * This avoid unnecessary unbinding of later objects in order to make
600 * room for the earlier objects *unless* we need to defragment.
601 */
602
603 pass = 0;
604 err = 0;
605 do {
606 list_for_each_entry(vma, &eb->unbound, exec_link) {
607 err = eb_reserve_vma(eb, vma);
608 if (err)
609 break;
610 }
611 if (err != -ENOSPC)
612 return err;
613
614 /* Resort *all* the objects into priority order */
615 INIT_LIST_HEAD(&eb->unbound);
616 INIT_LIST_HEAD(&last);
617 for (i = 0; i < count; i++) {
618 struct drm_i915_gem_exec_object2 *entry = &eb->exec[i];
619
620 if (entry->flags & EXEC_OBJECT_PINNED &&
621 entry->flags & __EXEC_OBJECT_HAS_PIN)
622 continue;
623
624 vma = exec_to_vma(entry);
625 eb_unreserve_vma(vma, entry);
626
627 if (entry->flags & EXEC_OBJECT_PINNED)
628 list_add(&vma->exec_link, &eb->unbound);
629 else if (entry->flags & __EXEC_OBJECT_NEEDS_MAP)
630 list_add_tail(&vma->exec_link, &eb->unbound);
631 else
632 list_add_tail(&vma->exec_link, &last);
633 }
634 list_splice_tail(&last, &eb->unbound);
635
636 switch (pass++) {
637 case 0:
638 break;
639
640 case 1:
641 /* Too fragmented, unbind everything and retry */
642 err = i915_gem_evict_vm(eb->vm);
643 if (err)
644 return err;
645 break;
646
647 default:
648 return -ENOSPC;
649 }
650 } while (1);
4ff4b44c 651}
59bfa124 652
4ff4b44c 653static inline struct hlist_head *
2889caa9 654ht_head(const struct i915_gem_context_vma_lut *lut, u32 handle)
4ff4b44c 655{
2889caa9 656 return &lut->ht[hash_32(handle, lut->ht_bits)];
4ff4b44c
CW		 657}
658
659static inline bool
2889caa9 660ht_needs_resize(const struct i915_gem_context_vma_lut *lut)
4ff4b44c 661{
2889caa9
CW		 662 return (4*lut->ht_count > 3*lut->ht_size ||
663 4*lut->ht_count + 1 < lut->ht_size);
59bfa124
CW		 664}
665
2889caa9
CW		 666static unsigned int eb_batch_index(const struct i915_execbuffer *eb)
667{
1a71cf2f
CW		 668 if (eb->args->flags & I915_EXEC_BATCH_FIRST)
669 return 0;
670 else
671 return eb->buffer_count - 1;
2889caa9
CW		 672}
673
674static int eb_select_context(struct i915_execbuffer *eb)
675{
676 struct i915_gem_context *ctx;
677
678 ctx = i915_gem_context_lookup(eb->file->driver_priv, eb->args->rsvd1);
1acfc104
CW		 679 if (unlikely(!ctx))
680 return -ENOENT;
2889caa9 681
1acfc104 682 eb->ctx = ctx;
2889caa9
CW		 683 eb->vm = ctx->ppgtt ? &ctx->ppgtt->base : &eb->i915->ggtt.base;
684
685 eb->context_flags = 0;
686 if (ctx->flags & CONTEXT_NO_ZEROMAP)
687 eb->context_flags |= __EXEC_OBJECT_NEEDS_BIAS;
688
689 return 0;
690}
691
692static int eb_lookup_vmas(struct i915_execbuffer *eb)
3b96eff4 693{
4ff4b44c 694#define INTERMEDIATE BIT(0)
2889caa9
CW		 695 const unsigned int count = eb->buffer_count;
696 struct i915_gem_context_vma_lut *lut = &eb->ctx->vma_lut;
4ff4b44c 697 struct i915_vma *vma;
2889caa9
CW		 698 struct idr *idr;
699 unsigned int i;
4ff4b44c 700 int slow_pass = -1;
2889caa9 701 int err;
3b96eff4 702
8bcbfb12
CW		 703 if (unlikely(i915_gem_context_is_closed(eb->ctx)))
704 return -ENOENT;
705
706 if (unlikely(i915_gem_context_is_banned(eb->ctx)))
707 return -EIO;
708
2889caa9
CW		 709 INIT_LIST_HEAD(&eb->relocs);
710 INIT_LIST_HEAD(&eb->unbound);
d55495b4 711
2889caa9
CW		 712 if (unlikely(lut->ht_size & I915_CTX_RESIZE_IN_PROGRESS))
713 flush_work(&lut->resize);
714 GEM_BUG_ON(lut->ht_size & I915_CTX_RESIZE_IN_PROGRESS);
4ff4b44c
CW		 715
716 for (i = 0; i < count; i++) {
717 __exec_to_vma(&eb->exec[i]) = 0;
718
719 hlist_for_each_entry(vma,
2889caa9 720 ht_head(lut, eb->exec[i].handle),
4ff4b44c
CW		 721 ctx_node) {
722 if (vma->ctx_handle != eb->exec[i].handle)
723 continue;
724
2889caa9
CW		 725 err = eb_add_vma(eb, &eb->exec[i], vma);
726 if (unlikely(err))
727 return err;
4ff4b44c
CW		 728
729 goto next_vma;
730 }
731
732 if (slow_pass < 0)
733 slow_pass = i;
734next_vma: ;
735 }
736
737 if (slow_pass < 0)
2889caa9 738 goto out;
4ff4b44c 739
650bc635 740 spin_lock(&eb->file->table_lock);
2889caa9
CW		 741 /*
742 * Grab a reference to the object and release the lock so we can lookup
743 * or create the VMA without using GFP_ATOMIC
744 */
745 idr = &eb->file->object_idr;
4ff4b44c
CW		 746 for (i = slow_pass; i < count; i++) {
747 struct drm_i915_gem_object *obj;
3b96eff4 748
4ff4b44c
CW		 749 if (__exec_to_vma(&eb->exec[i]))
750 continue;
751
2889caa9 752 obj = to_intel_bo(idr_find(idr, eb->exec[i].handle));
4ff4b44c 753 if (unlikely(!obj)) {
650bc635 754 spin_unlock(&eb->file->table_lock);
4ff4b44c
CW		 755 DRM_DEBUG("Invalid object handle %d at index %d\n",
756 eb->exec[i].handle, i);
2889caa9
CW		 757 err = -ENOENT;
758 goto err;
3b96eff4
CW		 759 }
760
4ff4b44c 761 __exec_to_vma(&eb->exec[i]) = INTERMEDIATE | (uintptr_t)obj;
27173f1f 762 }
650bc635 763 spin_unlock(&eb->file->table_lock);
3b96eff4 764
4ff4b44c
CW		 765 for (i = slow_pass; i < count; i++) {
766 struct drm_i915_gem_object *obj;
6f65e29a 767
2889caa9 768 if (!(__exec_to_vma(&eb->exec[i]) & INTERMEDIATE))
4ff4b44c 769 continue;
9ae9ab52 770
e656a6cb
DV		 771 /*
772 * NOTE: We can leak any vmas created here when something fails
773 * later on. But that's no issue since vma_unbind can deal with
774 * vmas which are not actually bound. And since only
775 * lookup_or_create exists as an interface to get at the vma
776 * from the (obj, vm) we don't run the risk of creating
777 * duplicated vmas for the same vm.
778 */
2889caa9 779 obj = u64_to_ptr(typeof(*obj),
4ff4b44c 780 __exec_to_vma(&eb->exec[i]) & ~INTERMEDIATE);
650bc635 781 vma = i915_vma_instance(obj, eb->vm, NULL);
058d88c4 782 if (unlikely(IS_ERR(vma))) {
27173f1f 783 DRM_DEBUG("Failed to lookup VMA\n");
2889caa9
CW		 784 err = PTR_ERR(vma);
785 goto err;
27173f1f
BW		 786 }
787
4ff4b44c
CW		 788 /* First come, first served */
789 if (!vma->ctx) {
790 vma->ctx = eb->ctx;
791 vma->ctx_handle = eb->exec[i].handle;
792 hlist_add_head(&vma->ctx_node,
2889caa9
CW		 793 ht_head(lut, eb->exec[i].handle));
794 lut->ht_count++;
795 lut->ht_size |= I915_CTX_RESIZE_IN_PROGRESS;
4ff4b44c
CW		 796 if (i915_vma_is_ggtt(vma)) {
797 GEM_BUG_ON(obj->vma_hashed);
798 obj->vma_hashed = vma;
799 }
dade2a61
CW		 800
801 i915_vma_get(vma);
eef90ccb 802 }
4ff4b44c 803
2889caa9
CW		 804 err = eb_add_vma(eb, &eb->exec[i], vma);
805 if (unlikely(err))
806 goto err;
dade2a61
CW		 807
808 /* Only after we validated the user didn't use our bits */
809 if (vma->ctx != eb->ctx) {
810 i915_vma_get(vma);
811 eb->exec[i].flags |= __EXEC_OBJECT_HAS_REF;
812 }
4ff4b44c
CW		 813 }
814
2889caa9
CW		 815 if (lut->ht_size & I915_CTX_RESIZE_IN_PROGRESS) {
816 if (ht_needs_resize(lut))
817 queue_work(system_highpri_wq, &lut->resize);
818 else
819 lut->ht_size &= ~I915_CTX_RESIZE_IN_PROGRESS;
3b96eff4 820 }
3b96eff4 821
2889caa9
CW		 822out:
823 /* take note of the batch buffer before we might reorder the lists */
824 i = eb_batch_index(eb);
825 eb->batch = exec_to_vma(&eb->exec[i]);
27173f1f 826
9ae9ab52 827 /*
4ff4b44c
CW		 828 * SNA is doing fancy tricks with compressing batch buffers, which leads
829 * to negative relocation deltas. Usually that works out ok since the
830 * relocate address is still positive, except when the batch is placed
831 * very low in the GTT. Ensure this doesn't happen.
832 *
833 * Note that actual hangs have only been observed on gen7, but for
834 * paranoia do it everywhere.
9ae9ab52 835 */
2889caa9
CW		 836 if (!(eb->exec[i].flags & EXEC_OBJECT_PINNED))
837 eb->exec[i].flags |= __EXEC_OBJECT_NEEDS_BIAS;
838 if (eb->reloc_cache.has_fence)
839 eb->exec[i].flags |= EXEC_OBJECT_NEEDS_FENCE;
9ae9ab52 840
2889caa9
CW		 841 eb->args->flags |= __EXEC_VALIDATED;
842 return eb_reserve(eb);
843
844err:
845 for (i = slow_pass; i < count; i++) {
846 if (__exec_to_vma(&eb->exec[i]) & INTERMEDIATE)
847 __exec_to_vma(&eb->exec[i]) = 0;
848 }
849 lut->ht_size &= ~I915_CTX_RESIZE_IN_PROGRESS;
850 return err;
851#undef INTERMEDIATE
3b96eff4
CW		 852}
853
4ff4b44c 854static struct i915_vma *
2889caa9 855eb_get_vma(const struct i915_execbuffer *eb, unsigned long handle)
67731b87 856{
2889caa9
CW		 857 if (eb->lut_size < 0) {
858 if (handle >= -eb->lut_size)
eef90ccb 859 return NULL;
4ff4b44c 860 return exec_to_vma(&eb->exec[handle]);
eef90ccb
CW		 861 } else {
862 struct hlist_head *head;
aa45950b 863 struct i915_vma *vma;
67731b87 864
2889caa9 865 head = &eb->buckets[hash_32(handle, eb->lut_size)];
aa45950b 866 hlist_for_each_entry(vma, head, exec_node) {
27173f1f
BW		 867 if (vma->exec_handle == handle)
868 return vma;
eef90ccb
CW		 869 }
870 return NULL;
871 }
67731b87
CW		 872}
873
2889caa9 874static void eb_release_vmas(const struct i915_execbuffer *eb)
a415d355 875{
2889caa9
CW		 876 const unsigned int count = eb->buffer_count;
877 unsigned int i;
878
879 for (i = 0; i < count; i++) {
880 struct drm_i915_gem_exec_object2 *entry = &eb->exec[i];
881 struct i915_vma *vma = exec_to_vma(entry);
650bc635 882
2889caa9 883 if (!vma)
d55495b4 884 continue;
bcffc3fa 885
2889caa9 886 GEM_BUG_ON(vma->exec_entry != entry);
172ae5b4 887 vma->exec_entry = NULL;
51d05e1b 888 __exec_to_vma(entry) = 0;
9e53d9be 889
dade2a61
CW		 890 if (entry->flags & __EXEC_OBJECT_HAS_PIN)
891 __eb_unreserve_vma(vma, entry);
892
893 if (entry->flags & __EXEC_OBJECT_HAS_REF)
894 i915_vma_put(vma);
d50415cc 895
dade2a61
CW		 896 entry->flags &=
897 ~(__EXEC_OBJECT_RESERVED | __EXEC_OBJECT_HAS_REF);
2889caa9 898 }
dabdfe02
CW		 899}
900
2889caa9 901static void eb_reset_vmas(const struct i915_execbuffer *eb)
934acce3 902{
2889caa9 903 eb_release_vmas(eb);
4d470f73 904 if (eb->lut_size > 0)
2889caa9
CW		 905 memset(eb->buckets, 0,
906 sizeof(struct hlist_head) << eb->lut_size);
934acce3
MW		 907}
908
2889caa9 909static void eb_destroy(const struct i915_execbuffer *eb)
934acce3 910{
7dd4f672
CW		 911 GEM_BUG_ON(eb->reloc_cache.rq);
912
4d470f73 913 if (eb->lut_size > 0)
2889caa9 914 kfree(eb->buckets);
934acce3
MW		 915}
916
2889caa9 917static inline u64
d50415cc 918relocation_target(const struct drm_i915_gem_relocation_entry *reloc,
2889caa9 919 const struct i915_vma *target)
934acce3 920{
2889caa9 921 return gen8_canonical_addr((int)reloc->delta + target->node.start);
934acce3
MW		 922}
923
d50415cc
CW		 924static void reloc_cache_init(struct reloc_cache *cache,
925 struct drm_i915_private *i915)
5032d871 926{
31a39207 927 cache->page = -1;
d50415cc 928 cache->vaddr = 0;
dfc5148f 929 /* Must be a variable in the struct to allow GCC to unroll. */
7dd4f672 930 cache->gen = INTEL_GEN(i915);
2889caa9 931 cache->has_llc = HAS_LLC(i915);
dfc5148f 932 cache->use_64bit_reloc = HAS_64BIT_RELOC(i915);
7dd4f672
CW		 933 cache->has_fence = cache->gen < 4;
934 cache->needs_unfenced = INTEL_INFO(i915)->unfenced_needs_alignment;
e8cb909a 935 cache->node.allocated = false;
7dd4f672
CW		 936 cache->rq = NULL;
937 cache->rq_size = 0;
d50415cc 938}
5032d871 939
d50415cc
CW		 940static inline void *unmask_page(unsigned long p)
941{
942 return (void *)(uintptr_t)(p & PAGE_MASK);
943}
944
945static inline unsigned int unmask_flags(unsigned long p)
946{
947 return p & ~PAGE_MASK;
31a39207
CW		 948}
949
d50415cc
CW		 950#define KMAP 0x4 /* after CLFLUSH_FLAGS */
951
650bc635
CW		 952static inline struct i915_ggtt *cache_to_ggtt(struct reloc_cache *cache)
953{
954 struct drm_i915_private *i915 =
955 container_of(cache, struct i915_execbuffer, reloc_cache)->i915;
956 return &i915->ggtt;
957}
958
7dd4f672
CW		 959static void reloc_gpu_flush(struct reloc_cache *cache)
960{
961 GEM_BUG_ON(cache->rq_size >= cache->rq->batch->obj->base.size / sizeof(u32));
962 cache->rq_cmd[cache->rq_size] = MI_BATCH_BUFFER_END;
963 i915_gem_object_unpin_map(cache->rq->batch->obj);
964 i915_gem_chipset_flush(cache->rq->i915);
965
966 __i915_add_request(cache->rq, true);
967 cache->rq = NULL;
968}
969
650bc635 970static void reloc_cache_reset(struct reloc_cache *cache)
31a39207 971{
d50415cc 972 void *vaddr;
5032d871 973
7dd4f672
CW		 974 if (cache->rq)
975 reloc_gpu_flush(cache);
976
31a39207
CW		 977 if (!cache->vaddr)
978 return;
3c94ceee 979
d50415cc
CW		 980 vaddr = unmask_page(cache->vaddr);
981 if (cache->vaddr & KMAP) {
982 if (cache->vaddr & CLFLUSH_AFTER)
983 mb();
3c94ceee 984
d50415cc
CW		 985 kunmap_atomic(vaddr);
986 i915_gem_obj_finish_shmem_access((struct drm_i915_gem_object *)cache->node.mm);
987 } else {
e8cb909a 988 wmb();
d50415cc 989 io_mapping_unmap_atomic((void __iomem *)vaddr);
e8cb909a 990 if (cache->node.allocated) {
650bc635 991 struct i915_ggtt *ggtt = cache_to_ggtt(cache);
e8cb909a
CW		 992
993 ggtt->base.clear_range(&ggtt->base,
994 cache->node.start,
4fb84d99 995 cache->node.size);
e8cb909a
CW		 996 drm_mm_remove_node(&cache->node);
997 } else {
998 i915_vma_unpin((struct i915_vma *)cache->node.mm);
3c94ceee 999 }
31a39207 1000 }
650bc635
CW		 1001
1002 cache->vaddr = 0;
1003 cache->page = -1;
31a39207
CW		 1004}
1005
1006static void *reloc_kmap(struct drm_i915_gem_object *obj,
1007 struct reloc_cache *cache,
2889caa9 1008 unsigned long page)
31a39207 1009{
d50415cc
CW		 1010 void *vaddr;
1011
1012 if (cache->vaddr) {
1013 kunmap_atomic(unmask_page(cache->vaddr));
1014 } else {
1015 unsigned int flushes;
2889caa9 1016 int err;
31a39207 1017
2889caa9
CW		 1018 err = i915_gem_obj_prepare_shmem_write(obj, &flushes);
1019 if (err)
1020 return ERR_PTR(err);
d50415cc
CW		 1021
1022 BUILD_BUG_ON(KMAP & CLFLUSH_FLAGS);
1023 BUILD_BUG_ON((KMAP | CLFLUSH_FLAGS) & PAGE_MASK);
3c94ceee 1024
d50415cc
CW		 1025 cache->vaddr = flushes | KMAP;
1026 cache->node.mm = (void *)obj;
1027 if (flushes)
1028 mb();
3c94ceee
BW		 1029 }
1030
d50415cc
CW		 1031 vaddr = kmap_atomic(i915_gem_object_get_dirty_page(obj, page));
1032 cache->vaddr = unmask_flags(cache->vaddr) | (unsigned long)vaddr;
31a39207 1033 cache->page = page;
5032d871 1034
d50415cc 1035 return vaddr;
5032d871
RB		 1036}
1037
d50415cc
CW		 1038static void *reloc_iomap(struct drm_i915_gem_object *obj,
1039 struct reloc_cache *cache,
2889caa9 1040 unsigned long page)
5032d871 1041{
650bc635 1042 struct i915_ggtt *ggtt = cache_to_ggtt(cache);
e8cb909a 1043 unsigned long offset;
d50415cc 1044 void *vaddr;
5032d871 1045
d50415cc 1046 if (cache->vaddr) {
615e5000 1047 io_mapping_unmap_atomic((void __force __iomem *) unmask_page(cache->vaddr));
d50415cc
CW		 1048 } else {
1049 struct i915_vma *vma;
2889caa9 1050 int err;
5032d871 1051
2889caa9 1052 if (use_cpu_reloc(cache, obj))
d50415cc 1053 return NULL;
3c94ceee 1054
2889caa9
CW		 1055 err = i915_gem_object_set_to_gtt_domain(obj, true);
1056 if (err)
1057 return ERR_PTR(err);
3c94ceee 1058
d50415cc
CW		 1059 vma = i915_gem_object_ggtt_pin(obj, NULL, 0, 0,
1060 PIN_MAPPABLE | PIN_NONBLOCK);
e8cb909a
CW		 1061 if (IS_ERR(vma)) {
1062 memset(&cache->node, 0, sizeof(cache->node));
2889caa9 1063 err = drm_mm_insert_node_in_range
e8cb909a 1064 (&ggtt->base.mm, &cache->node,
f51455d4 1065 PAGE_SIZE, 0, I915_COLOR_UNEVICTABLE,
e8cb909a 1066 0, ggtt->mappable_end,
4e64e553 1067 DRM_MM_INSERT_LOW);
2889caa9 1068 if (err) /* no inactive aperture space, use cpu reloc */
c92fa4fe 1069 return NULL;
e8cb909a 1070 } else {
2889caa9
CW		 1071 err = i915_vma_put_fence(vma);
1072 if (err) {
e8cb909a 1073 i915_vma_unpin(vma);
2889caa9 1074 return ERR_PTR(err);
e8cb909a 1075 }
5032d871 1076
e8cb909a
CW		 1077 cache->node.start = vma->node.start;
1078 cache->node.mm = (void *)vma;
3c94ceee 1079 }
e8cb909a 1080 }
3c94ceee 1081
e8cb909a
CW		 1082 offset = cache->node.start;
1083 if (cache->node.allocated) {
fc099090 1084 wmb();
e8cb909a
CW		 1085 ggtt->base.insert_page(&ggtt->base,
1086 i915_gem_object_get_dma_address(obj, page),
1087 offset, I915_CACHE_NONE, 0);
1088 } else {
1089 offset += page << PAGE_SHIFT;
3c94ceee
BW		 1090 }
1091
650bc635
CW		 1092 vaddr = (void __force *)io_mapping_map_atomic_wc(&ggtt->mappable,
1093 offset);
d50415cc
CW		 1094 cache->page = page;
1095 cache->vaddr = (unsigned long)vaddr;
5032d871 1096
d50415cc 1097 return vaddr;
5032d871
RB		 1098}
1099
d50415cc
CW		 1100static void *reloc_vaddr(struct drm_i915_gem_object *obj,
1101 struct reloc_cache *cache,
2889caa9 1102 unsigned long page)
edf4427b 1103{
d50415cc 1104 void *vaddr;
5032d871 1105
d50415cc
CW		 1106 if (cache->page == page) {
1107 vaddr = unmask_page(cache->vaddr);
1108 } else {
1109 vaddr = NULL;
1110 if ((cache->vaddr & KMAP) == 0)
1111 vaddr = reloc_iomap(obj, cache, page);
1112 if (!vaddr)
1113 vaddr = reloc_kmap(obj, cache, page);
3c94ceee
BW		 1114 }
1115
d50415cc 1116 return vaddr;
edf4427b
CW		 1117}
1118
d50415cc 1119static void clflush_write32(u32 *addr, u32 value, unsigned int flushes)
edf4427b 1120{
d50415cc
CW		 1121 if (unlikely(flushes & (CLFLUSH_BEFORE | CLFLUSH_AFTER))) {
1122 if (flushes & CLFLUSH_BEFORE) {
1123 clflushopt(addr);
1124 mb();
1125 }
edf4427b 1126
d50415cc 1127 *addr = value;
edf4427b 1128
2889caa9
CW		 1129 /*
1130 * Writes to the same cacheline are serialised by the CPU
d50415cc
CW		 1131 * (including clflush). On the write path, we only require
1132 * that it hits memory in an orderly fashion and place
1133 * mb barriers at the start and end of the relocation phase
1134 * to ensure ordering of clflush wrt to the system.
1135 */
1136 if (flushes & CLFLUSH_AFTER)
1137 clflushopt(addr);
1138 } else
1139 *addr = value;
edf4427b 1140}
edf4427b 1141
7dd4f672
CW		 1142static int __reloc_gpu_alloc(struct i915_execbuffer *eb,
1143 struct i915_vma *vma,
1144 unsigned int len)
1145{
1146 struct reloc_cache *cache = &eb->reloc_cache;
1147 struct drm_i915_gem_object *obj;
1148 struct drm_i915_gem_request *rq;
1149 struct i915_vma *batch;
1150 u32 *cmd;
1151 int err;
1152
1153 GEM_BUG_ON(vma->obj->base.write_domain & I915_GEM_DOMAIN_CPU);
1154
1155 obj = i915_gem_batch_pool_get(&eb->engine->batch_pool, PAGE_SIZE);
1156 if (IS_ERR(obj))
1157 return PTR_ERR(obj);
1158
1159 cmd = i915_gem_object_pin_map(obj,
1160 cache->has_llc ? I915_MAP_WB : I915_MAP_WC);
1161 i915_gem_object_unpin_pages(obj);
1162 if (IS_ERR(cmd))
1163 return PTR_ERR(cmd);
1164
1165 err = i915_gem_object_set_to_wc_domain(obj, false);
1166 if (err)
1167 goto err_unmap;
1168
1169 batch = i915_vma_instance(obj, vma->vm, NULL);
1170 if (IS_ERR(batch)) {
1171 err = PTR_ERR(batch);
1172 goto err_unmap;
1173 }
1174
1175 err = i915_vma_pin(batch, 0, 0, PIN_USER | PIN_NONBLOCK);
1176 if (err)
1177 goto err_unmap;
1178
1179 rq = i915_gem_request_alloc(eb->engine, eb->ctx);
1180 if (IS_ERR(rq)) {
1181 err = PTR_ERR(rq);
1182 goto err_unpin;
1183 }
1184
1185 err = i915_gem_request_await_object(rq, vma->obj, true);
1186 if (err)
1187 goto err_request;
1188
1189 err = eb->engine->emit_flush(rq, EMIT_INVALIDATE);
1190 if (err)
1191 goto err_request;
1192
1193 err = i915_switch_context(rq);
1194 if (err)
1195 goto err_request;
1196
1197 err = eb->engine->emit_bb_start(rq,
1198 batch->node.start, PAGE_SIZE,
1199 cache->gen > 5 ? 0 : I915_DISPATCH_SECURE);
1200 if (err)
1201 goto err_request;
1202
95ff7c7d 1203 GEM_BUG_ON(!reservation_object_test_signaled_rcu(batch->resv, true));
7dd4f672 1204 i915_vma_move_to_active(batch, rq, 0);
95ff7c7d
CW		 1205 reservation_object_lock(batch->resv, NULL);
1206 reservation_object_add_excl_fence(batch->resv, &rq->fence);
1207 reservation_object_unlock(batch->resv);
7dd4f672
CW		 1208 i915_vma_unpin(batch);
1209
25ffaa67 1210 i915_vma_move_to_active(vma, rq, EXEC_OBJECT_WRITE);
95ff7c7d
CW		 1211 reservation_object_lock(vma->resv, NULL);
1212 reservation_object_add_excl_fence(vma->resv, &rq->fence);
1213 reservation_object_unlock(vma->resv);
7dd4f672
CW		 1214
1215 rq->batch = batch;
1216
1217 cache->rq = rq;
1218 cache->rq_cmd = cmd;
1219 cache->rq_size = 0;
1220
1221 /* Return with batch mapping (cmd) still pinned */
1222 return 0;
1223
1224err_request:
1225 i915_add_request(rq);
1226err_unpin:
1227 i915_vma_unpin(batch);
1228err_unmap:
1229 i915_gem_object_unpin_map(obj);
1230 return err;
1231}
1232
1233static u32 *reloc_gpu(struct i915_execbuffer *eb,
1234 struct i915_vma *vma,
1235 unsigned int len)
1236{
1237 struct reloc_cache *cache = &eb->reloc_cache;
1238 u32 *cmd;
1239
1240 if (cache->rq_size > PAGE_SIZE/sizeof(u32) - (len + 1))
1241 reloc_gpu_flush(cache);
1242
1243 if (unlikely(!cache->rq)) {
1244 int err;
1245
1246 err = __reloc_gpu_alloc(eb, vma, len);
1247 if (unlikely(err))
1248 return ERR_PTR(err);
1249 }
1250
1251 cmd = cache->rq_cmd + cache->rq_size;
1252 cache->rq_size += len;
1253
1254 return cmd;
1255}
1256
2889caa9
CW		 1257static u64
1258relocate_entry(struct i915_vma *vma,
d50415cc 1259 const struct drm_i915_gem_relocation_entry *reloc,
2889caa9
CW		 1260 struct i915_execbuffer *eb,
1261 const struct i915_vma *target)
edf4427b 1262{
d50415cc 1263 u64 offset = reloc->offset;
2889caa9
CW		 1264 u64 target_offset = relocation_target(reloc, target);
1265 bool wide = eb->reloc_cache.use_64bit_reloc;
d50415cc 1266 void *vaddr;
edf4427b 1267
7dd4f672
CW		 1268 if (!eb->reloc_cache.vaddr &&
1269 (DBG_FORCE_RELOC == FORCE_GPU_RELOC ||
f2f5c061
CW		 1270 !reservation_object_test_signaled_rcu(vma->resv, true)) &&
1271 __intel_engine_can_store_dword(eb->reloc_cache.gen,
1272 eb->engine->class)) {
7dd4f672
CW		 1273 const unsigned int gen = eb->reloc_cache.gen;
1274 unsigned int len;
1275 u32 *batch;
1276 u64 addr;
1277
1278 if (wide)
1279 len = offset & 7 ? 8 : 5;
1280 else if (gen >= 4)
1281 len = 4;
f2f5c061 1282 else
7dd4f672 1283 len = 3;
7dd4f672
CW		 1284
1285 batch = reloc_gpu(eb, vma, len);
1286 if (IS_ERR(batch))
1287 goto repeat;
1288
1289 addr = gen8_canonical_addr(vma->node.start + offset);
1290 if (wide) {
1291 if (offset & 7) {
1292 *batch++ = MI_STORE_DWORD_IMM_GEN4;
1293 *batch++ = lower_32_bits(addr);
1294 *batch++ = upper_32_bits(addr);
1295 *batch++ = lower_32_bits(target_offset);
1296
1297 addr = gen8_canonical_addr(addr + 4);
1298
1299 *batch++ = MI_STORE_DWORD_IMM_GEN4;
1300 *batch++ = lower_32_bits(addr);
1301 *batch++ = upper_32_bits(addr);
1302 *batch++ = upper_32_bits(target_offset);
1303 } else {
1304 *batch++ = (MI_STORE_DWORD_IMM_GEN4 | (1 << 21)) + 1;
1305 *batch++ = lower_32_bits(addr);
1306 *batch++ = upper_32_bits(addr);
1307 *batch++ = lower_32_bits(target_offset);
1308 *batch++ = upper_32_bits(target_offset);
1309 }
1310 } else if (gen >= 6) {
1311 *batch++ = MI_STORE_DWORD_IMM_GEN4;
1312 *batch++ = 0;
1313 *batch++ = addr;
1314 *batch++ = target_offset;
1315 } else if (gen >= 4) {
1316 *batch++ = MI_STORE_DWORD_IMM_GEN4 | MI_USE_GGTT;
1317 *batch++ = 0;
1318 *batch++ = addr;
1319 *batch++ = target_offset;
1320 } else {
1321 *batch++ = MI_STORE_DWORD_IMM | MI_MEM_VIRTUAL;
1322 *batch++ = addr;
1323 *batch++ = target_offset;
1324 }
1325
1326 goto out;
1327 }
1328
d50415cc 1329repeat:
95ff7c7d 1330 vaddr = reloc_vaddr(vma->obj, &eb->reloc_cache, offset >> PAGE_SHIFT);
d50415cc
CW		 1331 if (IS_ERR(vaddr))
1332 return PTR_ERR(vaddr);
1333
1334 clflush_write32(vaddr + offset_in_page(offset),
1335 lower_32_bits(target_offset),
2889caa9 1336 eb->reloc_cache.vaddr);
d50415cc
CW		 1337
1338 if (wide) {
1339 offset += sizeof(u32);
1340 target_offset >>= 32;
1341 wide = false;
1342 goto repeat;
edf4427b 1343 }
edf4427b 1344
7dd4f672 1345out:
2889caa9 1346 return target->node.start | UPDATE;
edf4427b 1347}
edf4427b 1348
2889caa9
CW		 1349static u64
1350eb_relocate_entry(struct i915_execbuffer *eb,
1351 struct i915_vma *vma,
1352 const struct drm_i915_gem_relocation_entry *reloc)
54cf91dc 1353{
507d977f 1354 struct i915_vma *target;
2889caa9 1355 int err;
54cf91dc 1356
67731b87 1357 /* we've already hold a reference to all valid objects */
507d977f
CW		 1358 target = eb_get_vma(eb, reloc->target_handle);
1359 if (unlikely(!target))
54cf91dc 1360 return -ENOENT;
e844b990 1361
54cf91dc 1362 /* Validate that the target is in a valid r/w GPU domain */
b8f7ab17 1363 if (unlikely(reloc->write_domain & (reloc->write_domain - 1))) {
ff240199 1364 DRM_DEBUG("reloc with multiple write domains: "
507d977f 1365 "target %d offset %d "
54cf91dc 1366 "read %08x write %08x",
507d977f 1367 reloc->target_handle,
54cf91dc
CW		 1368 (int) reloc->offset,
1369 reloc->read_domains,
1370 reloc->write_domain);
8b78f0e5 1371 return -EINVAL;
54cf91dc 1372 }
4ca4a250
DV		 1373 if (unlikely((reloc->write_domain | reloc->read_domains)
1374 & ~I915_GEM_GPU_DOMAINS)) {
ff240199 1375 DRM_DEBUG("reloc with read/write non-GPU domains: "
507d977f 1376 "target %d offset %d "
54cf91dc 1377 "read %08x write %08x",
507d977f 1378 reloc->target_handle,
54cf91dc
CW		 1379 (int) reloc->offset,
1380 reloc->read_domains,
1381 reloc->write_domain);
8b78f0e5 1382 return -EINVAL;
54cf91dc 1383 }
54cf91dc 1384
2889caa9 1385 if (reloc->write_domain) {
507d977f
CW		 1386 target->exec_entry->flags |= EXEC_OBJECT_WRITE;
1387
2889caa9
CW		 1388 /*
1389 * Sandybridge PPGTT errata: We need a global gtt mapping
1390 * for MI and pipe_control writes because the gpu doesn't
1391 * properly redirect them through the ppgtt for non_secure
1392 * batchbuffers.
1393 */
1394 if (reloc->write_domain == I915_GEM_DOMAIN_INSTRUCTION &&
1395 IS_GEN6(eb->i915)) {
1396 err = i915_vma_bind(target, target->obj->cache_level,
1397 PIN_GLOBAL);
1398 if (WARN_ONCE(err,
1399 "Unexpected failure to bind target VMA!"))
1400 return err;
1401 }
507d977f 1402 }
54cf91dc 1403
2889caa9
CW		 1404 /*
1405 * If the relocation already has the right value in it, no
54cf91dc
CW		 1406 * more work needs to be done.
1407 */
7dd4f672
CW		 1408 if (!DBG_FORCE_RELOC &&
1409 gen8_canonical_addr(target->node.start) == reloc->presumed_offset)
67731b87 1410 return 0;
54cf91dc
CW		 1411
1412 /* Check that the relocation address is valid... */
3c94ceee 1413 if (unlikely(reloc->offset >
507d977f 1414 vma->size - (eb->reloc_cache.use_64bit_reloc ? 8 : 4))) {
ff240199 1415 DRM_DEBUG("Relocation beyond object bounds: "
507d977f
CW		 1416 "target %d offset %d size %d.\n",
1417 reloc->target_handle,
1418 (int)reloc->offset,
1419 (int)vma->size);
8b78f0e5 1420 return -EINVAL;
54cf91dc 1421 }
b8f7ab17 1422 if (unlikely(reloc->offset & 3)) {
ff240199 1423 DRM_DEBUG("Relocation not 4-byte aligned: "
507d977f
CW		 1424 "target %d offset %d.\n",
1425 reloc->target_handle,
1426 (int)reloc->offset);
8b78f0e5 1427 return -EINVAL;
54cf91dc
CW		 1428 }
1429
071750e5
CW		 1430 /*
1431 * If we write into the object, we need to force the synchronisation
1432 * barrier, either with an asynchronous clflush or if we executed the
1433 * patching using the GPU (though that should be serialised by the
1434 * timeline). To be completely sure, and since we are required to
1435 * do relocations we are already stalling, disable the user's opt
1436 * of our synchronisation.
1437 */
1438 vma->exec_entry->flags &= ~EXEC_OBJECT_ASYNC;
1439
54cf91dc 1440 /* and update the user's relocation entry */
2889caa9 1441 return relocate_entry(vma, reloc, eb, target);
54cf91dc
CW		 1442}
1443
2889caa9 1444static int eb_relocate_vma(struct i915_execbuffer *eb, struct i915_vma *vma)
54cf91dc 1445{
1d83f442 1446#define N_RELOC(x) ((x) / sizeof(struct drm_i915_gem_relocation_entry))
2889caa9
CW		 1447 struct drm_i915_gem_relocation_entry stack[N_RELOC(512)];
1448 struct drm_i915_gem_relocation_entry __user *urelocs;
1449 const struct drm_i915_gem_exec_object2 *entry = vma->exec_entry;
1450 unsigned int remain;
54cf91dc 1451
2889caa9 1452 urelocs = u64_to_user_ptr(entry->relocs_ptr);
1d83f442 1453 remain = entry->relocation_count;
2889caa9
CW		 1454 if (unlikely(remain > N_RELOC(ULONG_MAX)))
1455 return -EINVAL;
ebc0808f 1456
2889caa9
CW		 1457 /*
1458 * We must check that the entire relocation array is safe
1459 * to read. However, if the array is not writable the user loses
1460 * the updated relocation values.
1461 */
edd9003f 1462 if (unlikely(!access_ok(VERIFY_READ, urelocs, remain*sizeof(*urelocs))))
2889caa9
CW		 1463 return -EFAULT;
1464
1465 do {
1466 struct drm_i915_gem_relocation_entry *r = stack;
1467 unsigned int count =
1468 min_t(unsigned int, remain, ARRAY_SIZE(stack));
1469 unsigned int copied;
1d83f442 1470
2889caa9
CW		 1471 /*
1472 * This is the fast path and we cannot handle a pagefault
ebc0808f
CW		 1473 * whilst holding the struct mutex lest the user pass in the
1474 * relocations contained within a mmaped bo. For in such a case
1475 * we, the page fault handler would call i915_gem_fault() and
1476 * we would try to acquire the struct mutex again. Obviously
1477 * this is bad and so lockdep complains vehemently.
1478 */
1479 pagefault_disable();
2889caa9 1480 copied = __copy_from_user_inatomic(r, urelocs, count * sizeof(r[0]));
ebc0808f 1481 pagefault_enable();
2889caa9
CW		 1482 if (unlikely(copied)) {
1483 remain = -EFAULT;
31a39207
CW		 1484 goto out;
1485 }
54cf91dc 1486
2889caa9 1487 remain -= count;
1d83f442 1488 do {
2889caa9 1489 u64 offset = eb_relocate_entry(eb, vma, r);
54cf91dc 1490
2889caa9
CW		 1491 if (likely(offset == 0)) {
1492 } else if ((s64)offset < 0) {
1493 remain = (int)offset;
31a39207 1494 goto out;
2889caa9
CW		 1495 } else {
1496 /*
1497 * Note that reporting an error now
1498 * leaves everything in an inconsistent
1499 * state as we have *already* changed
1500 * the relocation value inside the
1501 * object. As we have not changed the
1502 * reloc.presumed_offset or will not
1503 * change the execobject.offset, on the
1504 * call we may not rewrite the value
1505 * inside the object, leaving it
1506 * dangling and causing a GPU hang. Unless
1507 * userspace dynamically rebuilds the
1508 * relocations on each execbuf rather than
1509 * presume a static tree.
1510 *
1511 * We did previously check if the relocations
1512 * were writable (access_ok), an error now
1513 * would be a strange race with mprotect,
1514 * having already demonstrated that we
1515 * can read from this userspace address.
1516 */
1517 offset = gen8_canonical_addr(offset & ~UPDATE);
1518 __put_user(offset,
1519 &urelocs[r-stack].presumed_offset);
1d83f442 1520 }
2889caa9
CW		 1521 } while (r++, --count);
1522 urelocs += ARRAY_SIZE(stack);
1523 } while (remain);
31a39207 1524out:
650bc635 1525 reloc_cache_reset(&eb->reloc_cache);
2889caa9 1526 return remain;
54cf91dc
CW		 1527}
1528
1529static int
2889caa9 1530eb_relocate_vma_slow(struct i915_execbuffer *eb, struct i915_vma *vma)
54cf91dc 1531{
27173f1f 1532 const struct drm_i915_gem_exec_object2 *entry = vma->exec_entry;
2889caa9
CW		 1533 struct drm_i915_gem_relocation_entry *relocs =
1534 u64_to_ptr(typeof(*relocs), entry->relocs_ptr);
1535 unsigned int i;
1536 int err;
54cf91dc
CW		 1537
1538 for (i = 0; i < entry->relocation_count; i++) {
2889caa9 1539 u64 offset = eb_relocate_entry(eb, vma, &relocs[i]);
d4aeee77 1540
2889caa9
CW		 1541 if ((s64)offset < 0) {
1542 err = (int)offset;
1543 goto err;
1544 }
54cf91dc 1545 }
2889caa9
CW		 1546 err = 0;
1547err:
1548 reloc_cache_reset(&eb->reloc_cache);
1549 return err;
edf4427b
CW		 1550}
1551
2889caa9 1552static int check_relocations(const struct drm_i915_gem_exec_object2 *entry)
1690e1eb 1553{
2889caa9
CW		 1554 const char __user *addr, *end;
1555 unsigned long size;
1556 char __maybe_unused c;
1690e1eb 1557
2889caa9
CW		 1558 size = entry->relocation_count;
1559 if (size == 0)
1560 return 0;
7788a765 1561
2889caa9
CW		 1562 if (size > N_RELOC(ULONG_MAX))
1563 return -EINVAL;
9a5a53b3 1564
2889caa9
CW		 1565 addr = u64_to_user_ptr(entry->relocs_ptr);
1566 size *= sizeof(struct drm_i915_gem_relocation_entry);
1567 if (!access_ok(VERIFY_READ, addr, size))
1568 return -EFAULT;
1690e1eb 1569
2889caa9
CW		 1570 end = addr + size;
1571 for (; addr < end; addr += PAGE_SIZE) {
1572 int err = __get_user(c, addr);
1573 if (err)
1574 return err;
ed5982e6 1575 }
2889caa9 1576 return __get_user(c, end - 1);
7788a765 1577}
1690e1eb 1578
2889caa9 1579static int eb_copy_relocations(const struct i915_execbuffer *eb)
d23db88c 1580{
2889caa9
CW		 1581 const unsigned int count = eb->buffer_count;
1582 unsigned int i;
1583 int err;
e6a84468 1584
2889caa9
CW		 1585 for (i = 0; i < count; i++) {
1586 const unsigned int nreloc = eb->exec[i].relocation_count;
1587 struct drm_i915_gem_relocation_entry __user *urelocs;
1588 struct drm_i915_gem_relocation_entry *relocs;
1589 unsigned long size;
1590 unsigned long copied;
e6a84468 1591
2889caa9
CW		 1592 if (nreloc == 0)
1593 continue;
e6a84468 1594
2889caa9
CW		 1595 err = check_relocations(&eb->exec[i]);
1596 if (err)
1597 goto err;
d23db88c 1598
2889caa9
CW		 1599 urelocs = u64_to_user_ptr(eb->exec[i].relocs_ptr);
1600 size = nreloc * sizeof(*relocs);
d23db88c 1601
2889caa9
CW		 1602 relocs = kvmalloc_array(size, 1, GFP_TEMPORARY);
1603 if (!relocs) {
1604 kvfree(relocs);
1605 err = -ENOMEM;
1606 goto err;
1607 }
d23db88c 1608
2889caa9
CW		 1609 /* copy_from_user is limited to < 4GiB */
1610 copied = 0;
1611 do {
1612 unsigned int len =
1613 min_t(u64, BIT_ULL(31), size - copied);
1614
1615 if (__copy_from_user((char *)relocs + copied,
1616 (char *)urelocs + copied,
1617 len)) {
1618 kvfree(relocs);
1619 err = -EFAULT;
1620 goto err;
1621 }
91b2db6f 1622
2889caa9
CW		 1623 copied += len;
1624 } while (copied < size);
506a8e87 1625
2889caa9
CW		 1626 /*
1627 * As we do not update the known relocation offsets after
1628 * relocating (due to the complexities in lock handling),
1629 * we need to mark them as invalid now so that we force the
1630 * relocation processing next time. Just in case the target
1631 * object is evicted and then rebound into its old
1632 * presumed_offset before the next execbuffer - if that
1633 * happened we would make the mistake of assuming that the
1634 * relocations were valid.
1635 */
1636 user_access_begin();
1637 for (copied = 0; copied < nreloc; copied++)
1638 unsafe_put_user(-1,
1639 &urelocs[copied].presumed_offset,
1640 end_user);
1641end_user:
1642 user_access_end();
d23db88c 1643
2889caa9
CW		 1644 eb->exec[i].relocs_ptr = (uintptr_t)relocs;
1645 }
edf4427b 1646
2889caa9 1647 return 0;
101b506a 1648
2889caa9
CW		 1649err:
1650 while (i--) {
1651 struct drm_i915_gem_relocation_entry *relocs =
1652 u64_to_ptr(typeof(*relocs), eb->exec[i].relocs_ptr);
1653 if (eb->exec[i].relocation_count)
1654 kvfree(relocs);
1655 }
1656 return err;
d23db88c
CW		 1657}
1658
2889caa9 1659static int eb_prefault_relocations(const struct i915_execbuffer *eb)
54cf91dc 1660{
2889caa9
CW		 1661 const unsigned int count = eb->buffer_count;
1662 unsigned int i;
54cf91dc 1663
2889caa9
CW		 1664 if (unlikely(i915.prefault_disable))
1665 return 0;
54cf91dc 1666
2889caa9
CW		 1667 for (i = 0; i < count; i++) {
1668 int err;
54cf91dc 1669
2889caa9
CW		 1670 err = check_relocations(&eb->exec[i]);
1671 if (err)
1672 return err;
1673 }
a415d355 1674
2889caa9 1675 return 0;
54cf91dc
CW		 1676}
1677
2889caa9 1678static noinline int eb_relocate_slow(struct i915_execbuffer *eb)
54cf91dc 1679{
650bc635 1680 struct drm_device *dev = &eb->i915->drm;
2889caa9 1681 bool have_copy = false;
27173f1f 1682 struct i915_vma *vma;
2889caa9
CW		 1683 int err = 0;
1684
1685repeat:
1686 if (signal_pending(current)) {
1687 err = -ERESTARTSYS;
1688 goto out;
1689 }
27173f1f 1690
67731b87 1691 /* We may process another execbuffer during the unlock... */
2889caa9 1692 eb_reset_vmas(eb);
54cf91dc
CW		 1693 mutex_unlock(&dev->struct_mutex);
1694
2889caa9
CW		 1695 /*
1696 * We take 3 passes through the slowpatch.
1697 *
1698 * 1 - we try to just prefault all the user relocation entries and
1699 * then attempt to reuse the atomic pagefault disabled fast path again.
1700 *
1701 * 2 - we copy the user entries to a local buffer here outside of the
1702 * local and allow ourselves to wait upon any rendering before
1703 * relocations
1704 *
1705 * 3 - we already have a local copy of the relocation entries, but
1706 * were interrupted (EAGAIN) whilst waiting for the objects, try again.
1707 */
1708 if (!err) {
1709 err = eb_prefault_relocations(eb);
1710 } else if (!have_copy) {
1711 err = eb_copy_relocations(eb);
1712 have_copy = err == 0;
1713 } else {
1714 cond_resched();
1715 err = 0;
54cf91dc 1716 }
2889caa9
CW		 1717 if (err) {
1718 mutex_lock(&dev->struct_mutex);
1719 goto out;
54cf91dc
CW		 1720 }
1721
8a2421bd
CW		 1722 /* A frequent cause for EAGAIN are currently unavailable client pages */
1723 flush_workqueue(eb->i915->mm.userptr_wq);
1724
2889caa9
CW		 1725 err = i915_mutex_lock_interruptible(dev);
1726 if (err) {
54cf91dc 1727 mutex_lock(&dev->struct_mutex);
2889caa9 1728 goto out;
54cf91dc
CW		 1729 }
1730
67731b87 1731 /* reacquire the objects */
2889caa9
CW		 1732 err = eb_lookup_vmas(eb);
1733 if (err)
3b96eff4 1734 goto err;
67731b87 1735
2889caa9
CW		 1736 list_for_each_entry(vma, &eb->relocs, reloc_link) {
1737 if (!have_copy) {
1738 pagefault_disable();
1739 err = eb_relocate_vma(eb, vma);
1740 pagefault_enable();
1741 if (err)
1742 goto repeat;
1743 } else {
1744 err = eb_relocate_vma_slow(eb, vma);
1745 if (err)
1746 goto err;
1747 }
54cf91dc
CW		 1748 }
1749
2889caa9
CW		 1750 /*
1751 * Leave the user relocations as are, this is the painfully slow path,
54cf91dc
CW		 1752 * and we want to avoid the complication of dropping the lock whilst
1753 * having buffers reserved in the aperture and so causing spurious
1754 * ENOSPC for random operations.
1755 */
1756
1757err:
2889caa9
CW		 1758 if (err == -EAGAIN)
1759 goto repeat;
1760
1761out:
1762 if (have_copy) {
1763 const unsigned int count = eb->buffer_count;
1764 unsigned int i;
1765
1766 for (i = 0; i < count; i++) {
1767 const struct drm_i915_gem_exec_object2 *entry =
1768 &eb->exec[i];
1769 struct drm_i915_gem_relocation_entry *relocs;
1770
1771 if (!entry->relocation_count)
1772 continue;
1773
1774 relocs = u64_to_ptr(typeof(*relocs), entry->relocs_ptr);
1775 kvfree(relocs);
1776 }
1777 }
1778
1f727d9e 1779 return err;
54cf91dc
CW		 1780}
1781
2889caa9 1782static int eb_relocate(struct i915_execbuffer *eb)
54cf91dc 1783{
2889caa9
CW		 1784 if (eb_lookup_vmas(eb))
1785 goto slow;
1786
1787 /* The objects are in their final locations, apply the relocations. */
1788 if (eb->args->flags & __EXEC_HAS_RELOC) {
1789 struct i915_vma *vma;
1790
1791 list_for_each_entry(vma, &eb->relocs, reloc_link) {
1792 if (eb_relocate_vma(eb, vma))
1793 goto slow;
1794 }
1795 }
1796
1797 return 0;
1798
1799slow:
1800 return eb_relocate_slow(eb);
1801}
1802
95ff7c7d 1803static void eb_export_fence(struct i915_vma *vma,
2889caa9
CW		 1804 struct drm_i915_gem_request *req,
1805 unsigned int flags)
1806{
95ff7c7d 1807 struct reservation_object *resv = vma->resv;
2889caa9
CW		 1808
1809 /*
1810 * Ignore errors from failing to allocate the new fence, we can't
1811 * handle an error right now. Worst case should be missed
1812 * synchronisation leading to rendering corruption.
1813 */
1814 reservation_object_lock(resv, NULL);
1815 if (flags & EXEC_OBJECT_WRITE)
1816 reservation_object_add_excl_fence(resv, &req->fence);
1817 else if (reservation_object_reserve_shared(resv) == 0)
1818 reservation_object_add_shared_fence(resv, &req->fence);
1819 reservation_object_unlock(resv);
1820}
1821
1822static int eb_move_to_gpu(struct i915_execbuffer *eb)
1823{
1824 const unsigned int count = eb->buffer_count;
1825 unsigned int i;
1826 int err;
54cf91dc 1827
2889caa9 1828 for (i = 0; i < count; i++) {
0f46daa1 1829 struct drm_i915_gem_exec_object2 *entry = &eb->exec[i];
2889caa9 1830 struct i915_vma *vma = exec_to_vma(entry);
27173f1f 1831 struct drm_i915_gem_object *obj = vma->obj;
03ade511 1832
2889caa9 1833 if (entry->flags & EXEC_OBJECT_CAPTURE) {
b0fd47ad
CW		 1834 struct i915_gem_capture_list *capture;
1835
1836 capture = kmalloc(sizeof(*capture), GFP_KERNEL);
1837 if (unlikely(!capture))
1838 return -ENOMEM;
1839
650bc635 1840 capture->next = eb->request->capture_list;
b0fd47ad 1841 capture->vma = vma;
650bc635 1842 eb->request->capture_list = capture;
b0fd47ad
CW		 1843 }
1844
b8f55be6
CW		 1845 /*
1846 * If the GPU is not _reading_ through the CPU cache, we need
1847 * to make sure that any writes (both previous GPU writes from
1848 * before a change in snooping levels and normal CPU writes)
1849 * caught in that cache are flushed to main memory.
1850 *
1851 * We want to say
1852 * obj->cache_dirty &&
1853 * !(obj->cache_coherent & I915_BO_CACHE_COHERENT_FOR_READ)
1854 * but gcc's optimiser doesn't handle that as well and emits
1855 * two jumps instead of one. Maybe one day...
1856 */
1857 if (unlikely(obj->cache_dirty & ~obj->cache_coherent)) {
0f46daa1
CW		 1858 if (i915_gem_clflush_object(obj, 0))
1859 entry->flags &= ~EXEC_OBJECT_ASYNC;
1860 }
1861
2889caa9
CW		 1862 if (entry->flags & EXEC_OBJECT_ASYNC)
1863 goto skip_flushes;
77ae9957 1864
2889caa9
CW		 1865 err = i915_gem_request_await_object
1866 (eb->request, obj, entry->flags & EXEC_OBJECT_WRITE);
1867 if (err)
1868 return err;
1869
1870skip_flushes:
1871 i915_vma_move_to_active(vma, eb->request, entry->flags);
1872 __eb_unreserve_vma(vma, entry);
1873 vma->exec_entry = NULL;
1874 }
1875
1876 for (i = 0; i < count; i++) {
1877 const struct drm_i915_gem_exec_object2 *entry = &eb->exec[i];
1878 struct i915_vma *vma = exec_to_vma(entry);
1879
95ff7c7d 1880 eb_export_fence(vma, eb->request, entry->flags);
dade2a61
CW		 1881 if (unlikely(entry->flags & __EXEC_OBJECT_HAS_REF))
1882 i915_vma_put(vma);
c59a333f 1883 }
2889caa9 1884 eb->exec = NULL;
c59a333f 1885
dcd79934 1886 /* Unconditionally flush any chipset caches (for streaming writes). */
650bc635 1887 i915_gem_chipset_flush(eb->i915);
6ac42f41 1888
c7fe7d25 1889 /* Unconditionally invalidate GPU caches and TLBs. */
650bc635 1890 return eb->engine->emit_flush(eb->request, EMIT_INVALIDATE);
54cf91dc
CW		 1891}
1892
2889caa9 1893static bool i915_gem_check_execbuffer(struct drm_i915_gem_execbuffer2 *exec)
54cf91dc 1894{
650bc635 1895 if (exec->flags & __I915_EXEC_ILLEGAL_FLAGS)
ed5982e6
DV		 1896 return false;
1897
2f5945bc 1898 /* Kernel clipping was a DRI1 misfeature */
cf6e7bac
JE		 1899 if (!(exec->flags & I915_EXEC_FENCE_ARRAY)) {
1900 if (exec->num_cliprects || exec->cliprects_ptr)
1901 return false;
1902 }
2f5945bc
CW		 1903
1904 if (exec->DR4 == 0xffffffff) {
1905 DRM_DEBUG("UXA submitting garbage DR4, fixing up\n");
1906 exec->DR4 = 0;
1907 }
1908 if (exec->DR1 || exec->DR4)
1909 return false;
1910
1911 if ((exec->batch_start_offset | exec->batch_len) & 0x7)
1912 return false;
1913
1914 return true;
54cf91dc
CW		 1915}
1916
5cf3d280
CW		 1917void i915_vma_move_to_active(struct i915_vma *vma,
1918 struct drm_i915_gem_request *req,
1919 unsigned int flags)
1920{
1921 struct drm_i915_gem_object *obj = vma->obj;
1922 const unsigned int idx = req->engine->id;
1923
81147b07 1924 lockdep_assert_held(&req->i915->drm.struct_mutex);
5cf3d280
CW		 1925 GEM_BUG_ON(!drm_mm_node_allocated(&vma->node));
1926
2889caa9
CW		 1927 /*
1928 * Add a reference if we're newly entering the active list.
b0decaf7
CW		 1929 * The order in which we add operations to the retirement queue is
1930 * vital here: mark_active adds to the start of the callback list,
1931 * such that subsequent callbacks are called first. Therefore we
1932 * add the active reference first and queue for it to be dropped
1933 * *last*.
1934 */
d07f0e59
CW		 1935 if (!i915_vma_is_active(vma))
1936 obj->active_count++;
1937 i915_vma_set_active(vma, idx);
1938 i915_gem_active_set(&vma->last_read[idx], req);
1939 list_move_tail(&vma->vm_link, &vma->vm->active_list);
5cf3d280 1940
e27ab73d 1941 obj->base.write_domain = 0;
5cf3d280 1942 if (flags & EXEC_OBJECT_WRITE) {
e27ab73d
CW		 1943 obj->base.write_domain = I915_GEM_DOMAIN_RENDER;
1944
5b8c8aec
CW		 1945 if (intel_fb_obj_invalidate(obj, ORIGIN_CS))
1946 i915_gem_active_set(&obj->frontbuffer_write, req);
5cf3d280 1947
e27ab73d 1948 obj->base.read_domains = 0;
5cf3d280 1949 }
e27ab73d 1950 obj->base.read_domains |= I915_GEM_GPU_DOMAINS;
5cf3d280 1951
49ef5294
CW		 1952 if (flags & EXEC_OBJECT_NEEDS_FENCE)
1953 i915_gem_active_set(&vma->last_fence, req);
5cf3d280
CW		 1954}
1955
2889caa9 1956static int i915_reset_gen7_sol_offsets(struct drm_i915_gem_request *req)
ae662d31 1957{
73dec95e
TU		 1958 u32 *cs;
1959 int i;
ae662d31 1960
b5321f30 1961 if (!IS_GEN7(req->i915) || req->engine->id != RCS) {
9d662da8
DV		 1962 DRM_DEBUG("sol reset is gen7/rcs only\n");
1963 return -EINVAL;
1964 }
ae662d31 1965
2889caa9 1966 cs = intel_ring_begin(req, 4 * 2 + 2);
73dec95e
TU		 1967 if (IS_ERR(cs))
1968 return PTR_ERR(cs);
ae662d31 1969
2889caa9 1970 *cs++ = MI_LOAD_REGISTER_IMM(4);
ae662d31 1971 for (i = 0; i < 4; i++) {
73dec95e
TU		 1972 *cs++ = i915_mmio_reg_offset(GEN7_SO_WRITE_OFFSET(i));
1973 *cs++ = 0;
ae662d31 1974 }
2889caa9 1975 *cs++ = MI_NOOP;
73dec95e 1976 intel_ring_advance(req, cs);
ae662d31
EA		 1977
1978 return 0;
1979}
1980
650bc635 1981static struct i915_vma *eb_parse(struct i915_execbuffer *eb, bool is_master)
71745376 1982{
71745376 1983 struct drm_i915_gem_object *shadow_batch_obj;
17cabf57 1984 struct i915_vma *vma;
2889caa9 1985 int err;
71745376 1986
650bc635
CW		 1987 shadow_batch_obj = i915_gem_batch_pool_get(&eb->engine->batch_pool,
1988 PAGE_ALIGN(eb->batch_len));
71745376 1989 if (IS_ERR(shadow_batch_obj))
59bfa124 1990 return ERR_CAST(shadow_batch_obj);
71745376 1991
2889caa9 1992 err = intel_engine_cmd_parser(eb->engine,
650bc635 1993 eb->batch->obj,
33a051a5 1994 shadow_batch_obj,
650bc635
CW		 1995 eb->batch_start_offset,
1996 eb->batch_len,
33a051a5 1997 is_master);
2889caa9
CW		 1998 if (err) {
1999 if (err == -EACCES) /* unhandled chained batch */
058d88c4
CW		 2000 vma = NULL;
2001 else
2889caa9 2002 vma = ERR_PTR(err);
058d88c4
CW		 2003 goto out;
2004 }
71745376 2005
058d88c4
CW		 2006 vma = i915_gem_object_ggtt_pin(shadow_batch_obj, NULL, 0, 0, 0);
2007 if (IS_ERR(vma))
2008 goto out;
de4e783a 2009
650bc635 2010 vma->exec_entry =
2889caa9
CW		 2011 memset(&eb->exec[eb->buffer_count++],
2012 0, sizeof(*vma->exec_entry));
dade2a61 2013 vma->exec_entry->flags = __EXEC_OBJECT_HAS_PIN | __EXEC_OBJECT_HAS_REF;
2889caa9 2014 __exec_to_vma(vma->exec_entry) = (uintptr_t)i915_vma_get(vma);
71745376 2015
058d88c4 2016out:
de4e783a 2017 i915_gem_object_unpin_pages(shadow_batch_obj);
058d88c4 2018 return vma;
71745376 2019}
5c6c6003 2020
c8659efa 2021static void
2889caa9 2022add_to_client(struct drm_i915_gem_request *req, struct drm_file *file)
c8659efa
CW		 2023{
2024 req->file_priv = file->driver_priv;
2025 list_add_tail(&req->client_link, &req->file_priv->mm.request_list);
2026}
2027
2889caa9 2028static int eb_submit(struct i915_execbuffer *eb)
78382593 2029{
2889caa9 2030 int err;
78382593 2031
2889caa9
CW		 2032 err = eb_move_to_gpu(eb);
2033 if (err)
2034 return err;
78382593 2035
2889caa9
CW		 2036 err = i915_switch_context(eb->request);
2037 if (err)
2038 return err;
78382593 2039
650bc635 2040 if (eb->args->flags & I915_EXEC_GEN7_SOL_RESET) {
2889caa9
CW		 2041 err = i915_reset_gen7_sol_offsets(eb->request);
2042 if (err)
2043 return err;
78382593
OM		 2044 }
2045
2889caa9 2046 err = eb->engine->emit_bb_start(eb->request,
650bc635
CW		 2047 eb->batch->node.start +
2048 eb->batch_start_offset,
2049 eb->batch_len,
2889caa9
CW		 2050 eb->batch_flags);
2051 if (err)
2052 return err;
78382593 2053
2f5945bc 2054 return 0;
78382593
OM		 2055}
2056
a8ebba75
ZY		 2057/**
2058 * Find one BSD ring to dispatch the corresponding BSD command.
c80ff16e 2059 * The engine index is returned.
a8ebba75 2060 */
de1add36 2061static unsigned int
c80ff16e
CW		 2062gen8_dispatch_bsd_engine(struct drm_i915_private *dev_priv,
2063 struct drm_file *file)
a8ebba75 2064{
a8ebba75
ZY		 2065 struct drm_i915_file_private *file_priv = file->driver_priv;
2066
de1add36 2067 /* Check whether the file_priv has already selected one ring. */
6f633402
JL		 2068 if ((int)file_priv->bsd_engine < 0)
2069 file_priv->bsd_engine = atomic_fetch_xor(1,
2070 &dev_priv->mm.bsd_engine_dispatch_index);
d23db88c 2071
c80ff16e 2072 return file_priv->bsd_engine;
d23db88c
CW		 2073}
2074
de1add36
TU		 2075#define I915_USER_RINGS (4)
2076
117897f4 2077static const enum intel_engine_id user_ring_map[I915_USER_RINGS + 1] = {
de1add36
TU		 2078 [I915_EXEC_DEFAULT] = RCS,
2079 [I915_EXEC_RENDER] = RCS,
2080 [I915_EXEC_BLT] = BCS,
2081 [I915_EXEC_BSD] = VCS,
2082 [I915_EXEC_VEBOX] = VECS
2083};
2084
f8ca0c07
DG		 2085static struct intel_engine_cs *
2086eb_select_engine(struct drm_i915_private *dev_priv,
2087 struct drm_file *file,
2088 struct drm_i915_gem_execbuffer2 *args)
de1add36
TU		 2089{
2090 unsigned int user_ring_id = args->flags & I915_EXEC_RING_MASK;
f8ca0c07 2091 struct intel_engine_cs *engine;
de1add36
TU		 2092
2093 if (user_ring_id > I915_USER_RINGS) {
2094 DRM_DEBUG("execbuf with unknown ring: %u\n", user_ring_id);
f8ca0c07 2095 return NULL;
de1add36
TU		 2096 }
2097
2098 if ((user_ring_id != I915_EXEC_BSD) &&
2099 ((args->flags & I915_EXEC_BSD_MASK) != 0)) {
2100 DRM_DEBUG("execbuf with non bsd ring but with invalid "
2101 "bsd dispatch flags: %d\n", (int)(args->flags));
f8ca0c07 2102 return NULL;
de1add36
TU		 2103 }
2104
2105 if (user_ring_id == I915_EXEC_BSD && HAS_BSD2(dev_priv)) {
2106 unsigned int bsd_idx = args->flags & I915_EXEC_BSD_MASK;
2107
2108 if (bsd_idx == I915_EXEC_BSD_DEFAULT) {
c80ff16e 2109 bsd_idx = gen8_dispatch_bsd_engine(dev_priv, file);
de1add36
TU		 2110 } else if (bsd_idx >= I915_EXEC_BSD_RING1 &&
2111 bsd_idx <= I915_EXEC_BSD_RING2) {
d9da6aa0 2112 bsd_idx >>= I915_EXEC_BSD_SHIFT;
de1add36
TU		 2113 bsd_idx--;
2114 } else {
2115 DRM_DEBUG("execbuf with unknown bsd ring: %u\n",
2116 bsd_idx);
f8ca0c07 2117 return NULL;
de1add36
TU		 2118 }
2119
3b3f1650 2120 engine = dev_priv->engine[_VCS(bsd_idx)];
de1add36 2121 } else {
3b3f1650 2122 engine = dev_priv->engine[user_ring_map[user_ring_id]];
de1add36
TU		 2123 }
2124
3b3f1650 2125 if (!engine) {
de1add36 2126 DRM_DEBUG("execbuf with invalid ring: %u\n", user_ring_id);
f8ca0c07 2127 return NULL;
de1add36
TU		 2128 }
2129
f8ca0c07 2130 return engine;
de1add36
TU		 2131}
2132
cf6e7bac
JE		 2133static void
2134__free_fence_array(struct drm_syncobj **fences, unsigned int n)
2135{
2136 while (n--)
2137 drm_syncobj_put(ptr_mask_bits(fences[n], 2));
2138 kvfree(fences);
2139}
2140
2141static struct drm_syncobj **
2142get_fence_array(struct drm_i915_gem_execbuffer2 *args,
2143 struct drm_file *file)
2144{
2145 const unsigned int nfences = args->num_cliprects;
2146 struct drm_i915_gem_exec_fence __user *user;
2147 struct drm_syncobj **fences;
2148 unsigned int n;
2149 int err;
2150
2151 if (!(args->flags & I915_EXEC_FENCE_ARRAY))
2152 return NULL;
2153
2154 if (nfences > SIZE_MAX / sizeof(*fences))
2155 return ERR_PTR(-EINVAL);
2156
2157 user = u64_to_user_ptr(args->cliprects_ptr);
2158 if (!access_ok(VERIFY_READ, user, nfences * 2 * sizeof(u32)))
2159 return ERR_PTR(-EFAULT);
2160
2161 fences = kvmalloc_array(args->num_cliprects, sizeof(*fences),
2162 __GFP_NOWARN | GFP_TEMPORARY);
2163 if (!fences)
2164 return ERR_PTR(-ENOMEM);
2165
2166 for (n = 0; n < nfences; n++) {
2167 struct drm_i915_gem_exec_fence fence;
2168 struct drm_syncobj *syncobj;
2169
2170 if (__copy_from_user(&fence, user++, sizeof(fence))) {
2171 err = -EFAULT;
2172 goto err;
2173 }
2174
2175 syncobj = drm_syncobj_find(file, fence.handle);
2176 if (!syncobj) {
2177 DRM_DEBUG("Invalid syncobj handle provided\n");
2178 err = -ENOENT;
2179 goto err;
2180 }
2181
2182 fences[n] = ptr_pack_bits(syncobj, fence.flags, 2);
2183 }
2184
2185 return fences;
2186
2187err:
2188 __free_fence_array(fences, n);
2189 return ERR_PTR(err);
2190}
2191
2192static void
2193put_fence_array(struct drm_i915_gem_execbuffer2 *args,
2194 struct drm_syncobj **fences)
2195{
2196 if (fences)
2197 __free_fence_array(fences, args->num_cliprects);
2198}
2199
2200static int
2201await_fence_array(struct i915_execbuffer *eb,
2202 struct drm_syncobj **fences)
2203{
2204 const unsigned int nfences = eb->args->num_cliprects;
2205 unsigned int n;
2206 int err;
2207
2208 for (n = 0; n < nfences; n++) {
2209 struct drm_syncobj *syncobj;
2210 struct dma_fence *fence;
2211 unsigned int flags;
2212
2213 syncobj = ptr_unpack_bits(fences[n], &flags, 2);
2214 if (!(flags & I915_EXEC_FENCE_WAIT))
2215 continue;
2216
2217 rcu_read_lock();
2218 fence = dma_fence_get_rcu_safe(&syncobj->fence);
2219 rcu_read_unlock();
2220 if (!fence)
2221 return -EINVAL;
2222
2223 err = i915_gem_request_await_dma_fence(eb->request, fence);
2224 dma_fence_put(fence);
2225 if (err < 0)
2226 return err;
2227 }
2228
2229 return 0;
2230}
2231
2232static void
2233signal_fence_array(struct i915_execbuffer *eb,
2234 struct drm_syncobj **fences)
2235{
2236 const unsigned int nfences = eb->args->num_cliprects;
2237 struct dma_fence * const fence = &eb->request->fence;
2238 unsigned int n;
2239
2240 for (n = 0; n < nfences; n++) {
2241 struct drm_syncobj *syncobj;
2242 unsigned int flags;
2243
2244 syncobj = ptr_unpack_bits(fences[n], &flags, 2);
2245 if (!(flags & I915_EXEC_FENCE_SIGNAL))
2246 continue;
2247
2248 drm_syncobj_replace_fence(syncobj, fence);
2249 }
2250}
2251
54cf91dc 2252static int
650bc635 2253i915_gem_do_execbuffer(struct drm_device *dev,
54cf91dc
CW		 2254 struct drm_file *file,
2255 struct drm_i915_gem_execbuffer2 *args,
cf6e7bac
JE		 2256 struct drm_i915_gem_exec_object2 *exec,
2257 struct drm_syncobj **fences)
54cf91dc 2258{
650bc635 2259 struct i915_execbuffer eb;
fec0445c
CW		 2260 struct dma_fence *in_fence = NULL;
2261 struct sync_file *out_fence = NULL;
2262 int out_fence_fd = -1;
2889caa9 2263 int err;
432e58ed 2264
2889caa9
CW		 2265 BUILD_BUG_ON(__EXEC_OBJECT_INTERNAL_FLAGS &
2266 ~__EXEC_OBJECT_UNKNOWN_FLAGS);
54cf91dc 2267
650bc635
CW		 2268 eb.i915 = to_i915(dev);
2269 eb.file = file;
2270 eb.args = args;
7dd4f672 2271 if (DBG_FORCE_RELOC || !(args->flags & I915_EXEC_NO_RELOC))
2889caa9 2272 args->flags |= __EXEC_HAS_RELOC;
650bc635 2273 eb.exec = exec;
2889caa9
CW		 2274 eb.invalid_flags = __EXEC_OBJECT_UNKNOWN_FLAGS;
2275 if (USES_FULL_PPGTT(eb.i915))
2276 eb.invalid_flags |= EXEC_OBJECT_NEEDS_GTT;
650bc635
CW		 2277 reloc_cache_init(&eb.reloc_cache, eb.i915);
2278
2889caa9 2279 eb.buffer_count = args->buffer_count;
650bc635
CW		 2280 eb.batch_start_offset = args->batch_start_offset;
2281 eb.batch_len = args->batch_len;
2282
2889caa9 2283 eb.batch_flags = 0;
d7d4eedd 2284 if (args->flags & I915_EXEC_SECURE) {
b3ac9f25 2285 if (!drm_is_current_master(file) || !capable(CAP_SYS_ADMIN))
d7d4eedd
CW		 2286 return -EPERM;
2287
2889caa9 2288 eb.batch_flags |= I915_DISPATCH_SECURE;
d7d4eedd 2289 }
b45305fc 2290 if (args->flags & I915_EXEC_IS_PINNED)
2889caa9 2291 eb.batch_flags |= I915_DISPATCH_PINNED;
54cf91dc 2292
650bc635
CW		 2293 eb.engine = eb_select_engine(eb.i915, file, args);
2294 if (!eb.engine)
54cf91dc 2295 return -EINVAL;
54cf91dc 2296
a9ed33ca 2297 if (args->flags & I915_EXEC_RESOURCE_STREAMER) {
650bc635 2298 if (!HAS_RESOURCE_STREAMER(eb.i915)) {
a9ed33ca
AJ		 2299 DRM_DEBUG("RS is only allowed for Haswell, Gen8 and above\n");
2300 return -EINVAL;
2301 }
650bc635 2302 if (eb.engine->id != RCS) {
a9ed33ca 2303 DRM_DEBUG("RS is not available on %s\n",
650bc635 2304 eb.engine->name);
a9ed33ca
AJ		 2305 return -EINVAL;
2306 }
2307
2889caa9 2308 eb.batch_flags |= I915_DISPATCH_RS;
a9ed33ca
AJ		 2309 }
2310
fec0445c
CW		 2311 if (args->flags & I915_EXEC_FENCE_IN) {
2312 in_fence = sync_file_get_fence(lower_32_bits(args->rsvd2));
4a04e371
DCS		 2313 if (!in_fence)
2314 return -EINVAL;
fec0445c
CW		 2315 }
2316
2317 if (args->flags & I915_EXEC_FENCE_OUT) {
2318 out_fence_fd = get_unused_fd_flags(O_CLOEXEC);
2319 if (out_fence_fd < 0) {
2889caa9 2320 err = out_fence_fd;
4a04e371 2321 goto err_in_fence;
fec0445c
CW		 2322 }
2323 }
2324
4d470f73
CW		 2325 err = eb_create(&eb);
2326 if (err)
2327 goto err_out_fence;
2328
2329 GEM_BUG_ON(!eb.lut_size);
2889caa9 2330
1acfc104
CW		 2331 err = eb_select_context(&eb);
2332 if (unlikely(err))
2333 goto err_destroy;
2334
2889caa9
CW		 2335 /*
2336 * Take a local wakeref for preparing to dispatch the execbuf as
67d97da3
CW		 2337 * we expect to access the hardware fairly frequently in the
2338 * process. Upon first dispatch, we acquire another prolonged
2339 * wakeref that we hold until the GPU has been idle for at least
2340 * 100ms.
2341 */
650bc635 2342 intel_runtime_pm_get(eb.i915);
1acfc104 2343
2889caa9
CW		 2344 err = i915_mutex_lock_interruptible(dev);
2345 if (err)
2346 goto err_rpm;
f65c9168 2347
2889caa9 2348 err = eb_relocate(&eb);
1f727d9e 2349 if (err) {
2889caa9
CW		 2350 /*
2351 * If the user expects the execobject.offset and
2352 * reloc.presumed_offset to be an exact match,
2353 * as for using NO_RELOC, then we cannot update
2354 * the execobject.offset until we have completed
2355 * relocation.
2356 */
2357 args->flags &= ~__EXEC_HAS_RELOC;
2889caa9 2358 goto err_vma;
1f727d9e 2359 }
54cf91dc 2360
2889caa9 2361 if (unlikely(eb.batch->exec_entry->flags & EXEC_OBJECT_WRITE)) {
ff240199 2362 DRM_DEBUG("Attempting to use self-modifying batch buffer\n");
2889caa9
CW		 2363 err = -EINVAL;
2364 goto err_vma;
54cf91dc 2365 }
650bc635
CW		 2366 if (eb.batch_start_offset > eb.batch->size ||
2367 eb.batch_len > eb.batch->size - eb.batch_start_offset) {
0b537272 2368 DRM_DEBUG("Attempting to use out-of-bounds batch\n");
2889caa9
CW		 2369 err = -EINVAL;
2370 goto err_vma;
0b537272 2371 }
54cf91dc 2372
650bc635 2373 if (eb.engine->needs_cmd_parser && eb.batch_len) {
59bfa124
CW		 2374 struct i915_vma *vma;
2375
650bc635 2376 vma = eb_parse(&eb, drm_is_current_master(file));
59bfa124 2377 if (IS_ERR(vma)) {
2889caa9
CW		 2378 err = PTR_ERR(vma);
2379 goto err_vma;
78a42377 2380 }
17cabf57 2381
59bfa124 2382 if (vma) {
c7c7372e
RP		 2383 /*
2384 * Batch parsed and accepted:
2385 *
2386 * Set the DISPATCH_SECURE bit to remove the NON_SECURE
2387 * bit from MI_BATCH_BUFFER_START commands issued in
2388 * the dispatch_execbuffer implementations. We
2389 * specifically don't want that set on batches the
2390 * command parser has accepted.
2391 */
2889caa9 2392 eb.batch_flags |= I915_DISPATCH_SECURE;
650bc635
CW		 2393 eb.batch_start_offset = 0;
2394 eb.batch = vma;
c7c7372e 2395 }
351e3db2
BV		 2396 }
2397
650bc635
CW		 2398 if (eb.batch_len == 0)
2399 eb.batch_len = eb.batch->size - eb.batch_start_offset;
78a42377 2400
2889caa9
CW		 2401 /*
2402 * snb/ivb/vlv conflate the "batch in ppgtt" bit with the "non-secure
d7d4eedd 2403 * batch" bit. Hence we need to pin secure batches into the global gtt.
28cf5415 2404 * hsw should have this fixed, but bdw mucks it up again. */
2889caa9 2405 if (eb.batch_flags & I915_DISPATCH_SECURE) {
058d88c4 2406 struct i915_vma *vma;
59bfa124 2407
da51a1e7
DV		 2408 /*
2409 * So on first glance it looks freaky that we pin the batch here
2410 * outside of the reservation loop. But:
2411 * - The batch is already pinned into the relevant ppgtt, so we
2412 * already have the backing storage fully allocated.
2413 * - No other BO uses the global gtt (well contexts, but meh),
fd0753cf 2414 * so we don't really have issues with multiple objects not
da51a1e7
DV		 2415 * fitting due to fragmentation.
2416 * So this is actually safe.
2417 */
2889caa9 2418 vma = i915_gem_object_ggtt_pin(eb.batch->obj, NULL, 0, 0, 0);
058d88c4 2419 if (IS_ERR(vma)) {
2889caa9
CW		 2420 err = PTR_ERR(vma);
2421 goto err_vma;
058d88c4 2422 }
d7d4eedd 2423
650bc635 2424 eb.batch = vma;
59bfa124 2425 }
d7d4eedd 2426
7dd4f672
CW		 2427 /* All GPU relocation batches must be submitted prior to the user rq */
2428 GEM_BUG_ON(eb.reloc_cache.rq);
2429
0c8dac88 2430 /* Allocate a request for this batch buffer nice and early. */
650bc635
CW		 2431 eb.request = i915_gem_request_alloc(eb.engine, eb.ctx);
2432 if (IS_ERR(eb.request)) {
2889caa9 2433 err = PTR_ERR(eb.request);
0c8dac88 2434 goto err_batch_unpin;
26827088 2435 }
0c8dac88 2436
fec0445c 2437 if (in_fence) {
2889caa9
CW		 2438 err = i915_gem_request_await_dma_fence(eb.request, in_fence);
2439 if (err < 0)
fec0445c
CW		 2440 goto err_request;
2441 }
2442
cf6e7bac
JE		 2443 if (fences) {
2444 err = await_fence_array(&eb, fences);
2445 if (err)
2446 goto err_request;
2447 }
2448
fec0445c 2449 if (out_fence_fd != -1) {
650bc635 2450 out_fence = sync_file_create(&eb.request->fence);
fec0445c 2451 if (!out_fence) {
2889caa9 2452 err = -ENOMEM;
fec0445c
CW		 2453 goto err_request;
2454 }
2455 }
2456
2889caa9
CW		 2457 /*
2458 * Whilst this request exists, batch_obj will be on the
17f298cf
CW		 2459 * active_list, and so will hold the active reference. Only when this
2460 * request is retired will the the batch_obj be moved onto the
2461 * inactive_list and lose its active reference. Hence we do not need
2462 * to explicitly hold another reference here.
2463 */
650bc635 2464 eb.request->batch = eb.batch;
5f19e2bf 2465
2889caa9
CW		 2466 trace_i915_gem_request_queue(eb.request, eb.batch_flags);
2467 err = eb_submit(&eb);
aa9b7810 2468err_request:
2889caa9 2469 __i915_add_request(eb.request, err == 0);
650bc635 2470 add_to_client(eb.request, file);
c8659efa 2471
cf6e7bac
JE		 2472 if (fences)
2473 signal_fence_array(&eb, fences);
2474
fec0445c 2475 if (out_fence) {
2889caa9 2476 if (err == 0) {
fec0445c
CW		 2477 fd_install(out_fence_fd, out_fence->file);
2478 args->rsvd2 &= GENMASK_ULL(0, 31); /* keep in-fence */
2479 args->rsvd2 |= (u64)out_fence_fd << 32;
2480 out_fence_fd = -1;
2481 } else {
2482 fput(out_fence->file);
2483 }
2484 }
54cf91dc 2485
0c8dac88 2486err_batch_unpin:
2889caa9 2487 if (eb.batch_flags & I915_DISPATCH_SECURE)
650bc635 2488 i915_vma_unpin(eb.batch);
2889caa9
CW		 2489err_vma:
2490 if (eb.exec)
2491 eb_release_vmas(&eb);
54cf91dc 2492 mutex_unlock(&dev->struct_mutex);
2889caa9 2493err_rpm:
650bc635 2494 intel_runtime_pm_put(eb.i915);
1acfc104
CW		 2495 i915_gem_context_put(eb.ctx);
2496err_destroy:
2889caa9 2497 eb_destroy(&eb);
4d470f73 2498err_out_fence:
fec0445c
CW		 2499 if (out_fence_fd != -1)
2500 put_unused_fd(out_fence_fd);
4a04e371 2501err_in_fence:
fec0445c 2502 dma_fence_put(in_fence);
2889caa9 2503 return err;
54cf91dc
CW		 2504}
2505
2506/*
2507 * Legacy execbuffer just creates an exec2 list from the original exec object
2508 * list array and passes it to the real function.
2509 */
2510int
2511i915_gem_execbuffer(struct drm_device *dev, void *data,
2512 struct drm_file *file)
2513{
2889caa9 2514 const size_t sz = sizeof(struct drm_i915_gem_exec_object2);
54cf91dc
CW		 2515 struct drm_i915_gem_execbuffer *args = data;
2516 struct drm_i915_gem_execbuffer2 exec2;
2517 struct drm_i915_gem_exec_object *exec_list = NULL;
2518 struct drm_i915_gem_exec_object2 *exec2_list = NULL;
2889caa9
CW		 2519 unsigned int i;
2520 int err;
54cf91dc 2521
2889caa9
CW		 2522 if (args->buffer_count < 1 || args->buffer_count > SIZE_MAX / sz - 1) {
2523 DRM_DEBUG("execbuf2 with %d buffers\n", args->buffer_count);
54cf91dc
CW		 2524 return -EINVAL;
2525 }
2526
2889caa9
CW		 2527 exec2.buffers_ptr = args->buffers_ptr;
2528 exec2.buffer_count = args->buffer_count;
2529 exec2.batch_start_offset = args->batch_start_offset;
2530 exec2.batch_len = args->batch_len;
2531 exec2.DR1 = args->DR1;
2532 exec2.DR4 = args->DR4;
2533 exec2.num_cliprects = args->num_cliprects;
2534 exec2.cliprects_ptr = args->cliprects_ptr;
2535 exec2.flags = I915_EXEC_RENDER;
2536 i915_execbuffer2_set_context_id(exec2, 0);
2537
2538 if (!i915_gem_check_execbuffer(&exec2))
2539 return -EINVAL;
2540
54cf91dc 2541 /* Copy in the exec list from userland */
2889caa9
CW		 2542 exec_list = kvmalloc_array(args->buffer_count, sizeof(*exec_list),
2543 __GFP_NOWARN | GFP_TEMPORARY);
2544 exec2_list = kvmalloc_array(args->buffer_count + 1, sz,
2545 __GFP_NOWARN | GFP_TEMPORARY);
54cf91dc 2546 if (exec_list == NULL || exec2_list == NULL) {
ff240199 2547 DRM_DEBUG("Failed to allocate exec list for %d buffers\n",
54cf91dc 2548 args->buffer_count);
2098105e
MH		 2549 kvfree(exec_list);
2550 kvfree(exec2_list);
54cf91dc
CW		 2551 return -ENOMEM;
2552 }
2889caa9 2553 err = copy_from_user(exec_list,
3ed605bc 2554 u64_to_user_ptr(args->buffers_ptr),
54cf91dc 2555 sizeof(*exec_list) * args->buffer_count);
2889caa9 2556 if (err) {
ff240199 2557 DRM_DEBUG("copy %d exec entries failed %d\n",
2889caa9 2558 args->buffer_count, err);
2098105e
MH		 2559 kvfree(exec_list);
2560 kvfree(exec2_list);
54cf91dc
CW		 2561 return -EFAULT;
2562 }
2563
2564 for (i = 0; i < args->buffer_count; i++) {
2565 exec2_list[i].handle = exec_list[i].handle;
2566 exec2_list[i].relocation_count = exec_list[i].relocation_count;
2567 exec2_list[i].relocs_ptr = exec_list[i].relocs_ptr;
2568 exec2_list[i].alignment = exec_list[i].alignment;
2569 exec2_list[i].offset = exec_list[i].offset;
f0836b72 2570 if (INTEL_GEN(to_i915(dev)) < 4)
54cf91dc
CW		 2571 exec2_list[i].flags = EXEC_OBJECT_NEEDS_FENCE;
2572 else
2573 exec2_list[i].flags = 0;
2574 }
2575
cf6e7bac 2576 err = i915_gem_do_execbuffer(dev, file, &exec2, exec2_list, NULL);
2889caa9 2577 if (exec2.flags & __EXEC_HAS_RELOC) {
9aab8bff 2578 struct drm_i915_gem_exec_object __user *user_exec_list =
3ed605bc 2579 u64_to_user_ptr(args->buffers_ptr);
9aab8bff 2580
54cf91dc 2581 /* Copy the new buffer offsets back to the user's exec list. */
9aab8bff 2582 for (i = 0; i < args->buffer_count; i++) {
2889caa9
CW		 2583 if (!(exec2_list[i].offset & UPDATE))
2584 continue;
2585
934acce3 2586 exec2_list[i].offset =
2889caa9
CW		 2587 gen8_canonical_addr(exec2_list[i].offset & PIN_OFFSET_MASK);
2588 exec2_list[i].offset &= PIN_OFFSET_MASK;
2589 if (__copy_to_user(&user_exec_list[i].offset,
2590 &exec2_list[i].offset,
2591 sizeof(user_exec_list[i].offset)))
9aab8bff 2592 break;
54cf91dc
CW		 2593 }
2594 }
2595
2098105e
MH		 2596 kvfree(exec_list);
2597 kvfree(exec2_list);
2889caa9 2598 return err;
54cf91dc
CW		 2599}
2600
2601int
2602i915_gem_execbuffer2(struct drm_device *dev, void *data,
2603 struct drm_file *file)
2604{
2889caa9 2605 const size_t sz = sizeof(struct drm_i915_gem_exec_object2);
54cf91dc 2606 struct drm_i915_gem_execbuffer2 *args = data;
2889caa9 2607 struct drm_i915_gem_exec_object2 *exec2_list;
cf6e7bac 2608 struct drm_syncobj **fences = NULL;
2889caa9 2609 int err;
54cf91dc 2610
2889caa9 2611 if (args->buffer_count < 1 || args->buffer_count > SIZE_MAX / sz - 1) {
ff240199 2612 DRM_DEBUG("execbuf2 with %d buffers\n", args->buffer_count);
54cf91dc
CW		 2613 return -EINVAL;
2614 }
2615
2889caa9
CW		 2616 if (!i915_gem_check_execbuffer(args))
2617 return -EINVAL;
2618
2619 /* Allocate an extra slot for use by the command parser */
2620 exec2_list = kvmalloc_array(args->buffer_count + 1, sz,
2621 __GFP_NOWARN | GFP_TEMPORARY);
54cf91dc 2622 if (exec2_list == NULL) {
ff240199 2623 DRM_DEBUG("Failed to allocate exec list for %d buffers\n",
54cf91dc
CW		 2624 args->buffer_count);
2625 return -ENOMEM;
2626 }
2889caa9
CW		 2627 if (copy_from_user(exec2_list,
2628 u64_to_user_ptr(args->buffers_ptr),
2629 sizeof(*exec2_list) * args->buffer_count)) {
2630 DRM_DEBUG("copy %d exec entries failed\n", args->buffer_count);
2098105e 2631 kvfree(exec2_list);
54cf91dc
CW		 2632 return -EFAULT;
2633 }
2634
cf6e7bac
JE		 2635 if (args->flags & I915_EXEC_FENCE_ARRAY) {
2636 fences = get_fence_array(args, file);
2637 if (IS_ERR(fences)) {
2638 kvfree(exec2_list);
2639 return PTR_ERR(fences);
2640 }
2641 }
2642
2643 err = i915_gem_do_execbuffer(dev, file, args, exec2_list, fences);
2889caa9
CW		 2644
2645 /*
2646 * Now that we have begun execution of the batchbuffer, we ignore
2647 * any new error after this point. Also given that we have already
2648 * updated the associated relocations, we try to write out the current
2649 * object locations irrespective of any error.
2650 */
2651 if (args->flags & __EXEC_HAS_RELOC) {
d593d992 2652 struct drm_i915_gem_exec_object2 __user *user_exec_list =
2889caa9
CW		 2653 u64_to_user_ptr(args->buffers_ptr);
2654 unsigned int i;
9aab8bff 2655
2889caa9
CW		 2656 /* Copy the new buffer offsets back to the user's exec list. */
2657 user_access_begin();
9aab8bff 2658 for (i = 0; i < args->buffer_count; i++) {
2889caa9
CW		 2659 if (!(exec2_list[i].offset & UPDATE))
2660 continue;
2661
934acce3 2662 exec2_list[i].offset =
2889caa9
CW		 2663 gen8_canonical_addr(exec2_list[i].offset & PIN_OFFSET_MASK);
2664 unsafe_put_user(exec2_list[i].offset,
2665 &user_exec_list[i].offset,
2666 end_user);
54cf91dc 2667 }
2889caa9
CW		 2668end_user:
2669 user_access_end();
54cf91dc
CW		 2670 }
2671
2889caa9 2672 args->flags &= ~__I915_EXEC_UNKNOWN_FLAGS;
cf6e7bac 2673 put_fence_array(args, fences);
2098105e 2674 kvfree(exec2_list);
2889caa9 2675 return err;
54cf91dc 2676}
Linux 6.x block layer and io_uring tree(s)