i915_gem.c (33064B)
1/* 2 * Copyright © 2008-2015 Intel Corporation 3 * 4 * Permission is hereby granted, free of charge, to any person obtaining a 5 * copy of this software and associated documentation files (the "Software"), 6 * to deal in the Software without restriction, including without limitation 7 * the rights to use, copy, modify, merge, publish, distribute, sublicense, 8 * and/or sell copies of the Software, and to permit persons to whom the 9 * Software is furnished to do so, subject to the following conditions: 10 * 11 * The above copyright notice and this permission notice (including the next 12 * paragraph) shall be included in all copies or substantial portions of the 13 * Software. 14 * 15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 18 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 20 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS 21 * IN THE SOFTWARE. 22 * 23 * Authors: 24 * Eric Anholt <eric@anholt.net> 25 * 26 */ 27 28#include <linux/dma-fence-array.h> 29#include <linux/kthread.h> 30#include <linux/dma-resv.h> 31#include <linux/shmem_fs.h> 32#include <linux/slab.h> 33#include <linux/stop_machine.h> 34#include <linux/swap.h> 35#include <linux/pci.h> 36#include <linux/dma-buf.h> 37#include <linux/mman.h> 38 39#include <drm/drm_cache.h> 40#include <drm/drm_vma_manager.h> 41 42#include "display/intel_display.h" 43#include "display/intel_frontbuffer.h" 44 45#include "gem/i915_gem_clflush.h" 46#include "gem/i915_gem_context.h" 47#include "gem/i915_gem_ioctls.h" 48#include "gem/i915_gem_mman.h" 49#include "gem/i915_gem_pm.h" 50#include "gem/i915_gem_region.h" 51#include "gem/i915_gem_userptr.h" 52#include "gt/intel_engine_user.h" 53#include "gt/intel_gt.h" 54#include "gt/intel_gt_pm.h" 55#include "gt/intel_workarounds.h" 56 57#include "i915_drv.h" 58#include "i915_file_private.h" 59#include "i915_trace.h" 60#include "i915_vgpu.h" 61#include "intel_pm.h" 62 63static int 64insert_mappable_node(struct i915_ggtt *ggtt, struct drm_mm_node *node, u32 size) 65{ 66 int err; 67 68 err = mutex_lock_interruptible(&ggtt->vm.mutex); 69 if (err) 70 return err; 71 72 memset(node, 0, sizeof(*node)); 73 err = drm_mm_insert_node_in_range(&ggtt->vm.mm, node, 74 size, 0, I915_COLOR_UNEVICTABLE, 75 0, ggtt->mappable_end, 76 DRM_MM_INSERT_LOW); 77 78 mutex_unlock(&ggtt->vm.mutex); 79 80 return err; 81} 82 83static void 84remove_mappable_node(struct i915_ggtt *ggtt, struct drm_mm_node *node) 85{ 86 mutex_lock(&ggtt->vm.mutex); 87 drm_mm_remove_node(node); 88 mutex_unlock(&ggtt->vm.mutex); 89} 90 91int 92i915_gem_get_aperture_ioctl(struct drm_device *dev, void *data, 93 struct drm_file *file) 94{ 95 struct drm_i915_private *i915 = to_i915(dev); 96 struct i915_ggtt *ggtt = to_gt(i915)->ggtt; 97 struct drm_i915_gem_get_aperture *args = data; 98 struct i915_vma *vma; 99 u64 pinned; 100 101 if (mutex_lock_interruptible(&ggtt->vm.mutex)) 102 return -EINTR; 103 104 pinned = ggtt->vm.reserved; 105 list_for_each_entry(vma, &ggtt->vm.bound_list, vm_link) 106 if (i915_vma_is_pinned(vma)) 107 pinned += vma->node.size; 108 109 mutex_unlock(&ggtt->vm.mutex); 110 111 args->aper_size = ggtt->vm.total; 112 args->aper_available_size = args->aper_size - pinned; 113 114 return 0; 115} 116 117int i915_gem_object_unbind(struct drm_i915_gem_object *obj, 118 unsigned long flags) 119{ 120 struct intel_runtime_pm *rpm = &to_i915(obj->base.dev)->runtime_pm; 121 bool vm_trylock = !!(flags & I915_GEM_OBJECT_UNBIND_VM_TRYLOCK); 122 LIST_HEAD(still_in_list); 123 intel_wakeref_t wakeref; 124 struct i915_vma *vma; 125 int ret; 126 127 assert_object_held(obj); 128 129 if (list_empty(&obj->vma.list)) 130 return 0; 131 132 /* 133 * As some machines use ACPI to handle runtime-resume callbacks, and 134 * ACPI is quite kmalloc happy, we cannot resume beneath the vm->mutex 135 * as they are required by the shrinker. Ergo, we wake the device up 136 * first just in case. 137 */ 138 wakeref = intel_runtime_pm_get(rpm); 139 140try_again: 141 ret = 0; 142 spin_lock(&obj->vma.lock); 143 while (!ret && (vma = list_first_entry_or_null(&obj->vma.list, 144 struct i915_vma, 145 obj_link))) { 146 list_move_tail(&vma->obj_link, &still_in_list); 147 if (!i915_vma_is_bound(vma, I915_VMA_BIND_MASK)) 148 continue; 149 150 if (flags & I915_GEM_OBJECT_UNBIND_TEST) { 151 ret = -EBUSY; 152 break; 153 } 154 155 /* 156 * Requiring the vm destructor to take the object lock 157 * before destroying a vma would help us eliminate the 158 * i915_vm_tryget() here, AND thus also the barrier stuff 159 * at the end. That's an easy fix, but sleeping locks in 160 * a kthread should generally be avoided. 161 */ 162 ret = -EAGAIN; 163 if (!i915_vm_tryget(vma->vm)) 164 break; 165 166 spin_unlock(&obj->vma.lock); 167 168 /* 169 * Since i915_vma_parked() takes the object lock 170 * before vma destruction, it won't race us here, 171 * and destroy the vma from under us. 172 */ 173 174 ret = -EBUSY; 175 if (flags & I915_GEM_OBJECT_UNBIND_ASYNC) { 176 assert_object_held(vma->obj); 177 ret = i915_vma_unbind_async(vma, vm_trylock); 178 } 179 180 if (ret == -EBUSY && (flags & I915_GEM_OBJECT_UNBIND_ACTIVE || 181 !i915_vma_is_active(vma))) { 182 if (vm_trylock) { 183 if (mutex_trylock(&vma->vm->mutex)) { 184 ret = __i915_vma_unbind(vma); 185 mutex_unlock(&vma->vm->mutex); 186 } 187 } else { 188 ret = i915_vma_unbind(vma); 189 } 190 } 191 192 i915_vm_put(vma->vm); 193 spin_lock(&obj->vma.lock); 194 } 195 list_splice_init(&still_in_list, &obj->vma.list); 196 spin_unlock(&obj->vma.lock); 197 198 if (ret == -EAGAIN && flags & I915_GEM_OBJECT_UNBIND_BARRIER) { 199 rcu_barrier(); /* flush the i915_vm_release() */ 200 goto try_again; 201 } 202 203 intel_runtime_pm_put(rpm, wakeref); 204 205 return ret; 206} 207 208static int 209shmem_pread(struct page *page, int offset, int len, char __user *user_data, 210 bool needs_clflush) 211{ 212 char *vaddr; 213 int ret; 214 215 vaddr = kmap(page); 216 217 if (needs_clflush) 218 drm_clflush_virt_range(vaddr + offset, len); 219 220 ret = __copy_to_user(user_data, vaddr + offset, len); 221 222 kunmap(page); 223 224 return ret ? -EFAULT : 0; 225} 226 227static int 228i915_gem_shmem_pread(struct drm_i915_gem_object *obj, 229 struct drm_i915_gem_pread *args) 230{ 231 unsigned int needs_clflush; 232 unsigned int idx, offset; 233 char __user *user_data; 234 u64 remain; 235 int ret; 236 237 ret = i915_gem_object_lock_interruptible(obj, NULL); 238 if (ret) 239 return ret; 240 241 ret = i915_gem_object_pin_pages(obj); 242 if (ret) 243 goto err_unlock; 244 245 ret = i915_gem_object_prepare_read(obj, &needs_clflush); 246 if (ret) 247 goto err_unpin; 248 249 i915_gem_object_finish_access(obj); 250 i915_gem_object_unlock(obj); 251 252 remain = args->size; 253 user_data = u64_to_user_ptr(args->data_ptr); 254 offset = offset_in_page(args->offset); 255 for (idx = args->offset >> PAGE_SHIFT; remain; idx++) { 256 struct page *page = i915_gem_object_get_page(obj, idx); 257 unsigned int length = min_t(u64, remain, PAGE_SIZE - offset); 258 259 ret = shmem_pread(page, offset, length, user_data, 260 needs_clflush); 261 if (ret) 262 break; 263 264 remain -= length; 265 user_data += length; 266 offset = 0; 267 } 268 269 i915_gem_object_unpin_pages(obj); 270 return ret; 271 272err_unpin: 273 i915_gem_object_unpin_pages(obj); 274err_unlock: 275 i915_gem_object_unlock(obj); 276 return ret; 277} 278 279static inline bool 280gtt_user_read(struct io_mapping *mapping, 281 loff_t base, int offset, 282 char __user *user_data, int length) 283{ 284 void __iomem *vaddr; 285 unsigned long unwritten; 286 287 /* We can use the cpu mem copy function because this is X86. */ 288 vaddr = io_mapping_map_atomic_wc(mapping, base); 289 unwritten = __copy_to_user_inatomic(user_data, 290 (void __force *)vaddr + offset, 291 length); 292 io_mapping_unmap_atomic(vaddr); 293 if (unwritten) { 294 vaddr = io_mapping_map_wc(mapping, base, PAGE_SIZE); 295 unwritten = copy_to_user(user_data, 296 (void __force *)vaddr + offset, 297 length); 298 io_mapping_unmap(vaddr); 299 } 300 return unwritten; 301} 302 303static struct i915_vma *i915_gem_gtt_prepare(struct drm_i915_gem_object *obj, 304 struct drm_mm_node *node, 305 bool write) 306{ 307 struct drm_i915_private *i915 = to_i915(obj->base.dev); 308 struct i915_ggtt *ggtt = to_gt(i915)->ggtt; 309 struct i915_vma *vma; 310 struct i915_gem_ww_ctx ww; 311 int ret; 312 313 i915_gem_ww_ctx_init(&ww, true); 314retry: 315 vma = ERR_PTR(-ENODEV); 316 ret = i915_gem_object_lock(obj, &ww); 317 if (ret) 318 goto err_ww; 319 320 ret = i915_gem_object_set_to_gtt_domain(obj, write); 321 if (ret) 322 goto err_ww; 323 324 if (!i915_gem_object_is_tiled(obj)) 325 vma = i915_gem_object_ggtt_pin_ww(obj, &ww, NULL, 0, 0, 326 PIN_MAPPABLE | 327 PIN_NONBLOCK /* NOWARN */ | 328 PIN_NOEVICT); 329 if (vma == ERR_PTR(-EDEADLK)) { 330 ret = -EDEADLK; 331 goto err_ww; 332 } else if (!IS_ERR(vma)) { 333 node->start = i915_ggtt_offset(vma); 334 node->flags = 0; 335 } else { 336 ret = insert_mappable_node(ggtt, node, PAGE_SIZE); 337 if (ret) 338 goto err_ww; 339 GEM_BUG_ON(!drm_mm_node_allocated(node)); 340 vma = NULL; 341 } 342 343 ret = i915_gem_object_pin_pages(obj); 344 if (ret) { 345 if (drm_mm_node_allocated(node)) { 346 ggtt->vm.clear_range(&ggtt->vm, node->start, node->size); 347 remove_mappable_node(ggtt, node); 348 } else { 349 i915_vma_unpin(vma); 350 } 351 } 352 353err_ww: 354 if (ret == -EDEADLK) { 355 ret = i915_gem_ww_ctx_backoff(&ww); 356 if (!ret) 357 goto retry; 358 } 359 i915_gem_ww_ctx_fini(&ww); 360 361 return ret ? ERR_PTR(ret) : vma; 362} 363 364static void i915_gem_gtt_cleanup(struct drm_i915_gem_object *obj, 365 struct drm_mm_node *node, 366 struct i915_vma *vma) 367{ 368 struct drm_i915_private *i915 = to_i915(obj->base.dev); 369 struct i915_ggtt *ggtt = to_gt(i915)->ggtt; 370 371 i915_gem_object_unpin_pages(obj); 372 if (drm_mm_node_allocated(node)) { 373 ggtt->vm.clear_range(&ggtt->vm, node->start, node->size); 374 remove_mappable_node(ggtt, node); 375 } else { 376 i915_vma_unpin(vma); 377 } 378} 379 380static int 381i915_gem_gtt_pread(struct drm_i915_gem_object *obj, 382 const struct drm_i915_gem_pread *args) 383{ 384 struct drm_i915_private *i915 = to_i915(obj->base.dev); 385 struct i915_ggtt *ggtt = to_gt(i915)->ggtt; 386 intel_wakeref_t wakeref; 387 struct drm_mm_node node; 388 void __user *user_data; 389 struct i915_vma *vma; 390 u64 remain, offset; 391 int ret = 0; 392 393 wakeref = intel_runtime_pm_get(&i915->runtime_pm); 394 395 vma = i915_gem_gtt_prepare(obj, &node, false); 396 if (IS_ERR(vma)) { 397 ret = PTR_ERR(vma); 398 goto out_rpm; 399 } 400 401 user_data = u64_to_user_ptr(args->data_ptr); 402 remain = args->size; 403 offset = args->offset; 404 405 while (remain > 0) { 406 /* Operation in this page 407 * 408 * page_base = page offset within aperture 409 * page_offset = offset within page 410 * page_length = bytes to copy for this page 411 */ 412 u32 page_base = node.start; 413 unsigned page_offset = offset_in_page(offset); 414 unsigned page_length = PAGE_SIZE - page_offset; 415 page_length = remain < page_length ? remain : page_length; 416 if (drm_mm_node_allocated(&node)) { 417 ggtt->vm.insert_page(&ggtt->vm, 418 i915_gem_object_get_dma_address(obj, offset >> PAGE_SHIFT), 419 node.start, I915_CACHE_NONE, 0); 420 } else { 421 page_base += offset & PAGE_MASK; 422 } 423 424 if (gtt_user_read(&ggtt->iomap, page_base, page_offset, 425 user_data, page_length)) { 426 ret = -EFAULT; 427 break; 428 } 429 430 remain -= page_length; 431 user_data += page_length; 432 offset += page_length; 433 } 434 435 i915_gem_gtt_cleanup(obj, &node, vma); 436out_rpm: 437 intel_runtime_pm_put(&i915->runtime_pm, wakeref); 438 return ret; 439} 440 441/** 442 * Reads data from the object referenced by handle. 443 * @dev: drm device pointer 444 * @data: ioctl data blob 445 * @file: drm file pointer 446 * 447 * On error, the contents of *data are undefined. 448 */ 449int 450i915_gem_pread_ioctl(struct drm_device *dev, void *data, 451 struct drm_file *file) 452{ 453 struct drm_i915_private *i915 = to_i915(dev); 454 struct drm_i915_gem_pread *args = data; 455 struct drm_i915_gem_object *obj; 456 int ret; 457 458 /* PREAD is disallowed for all platforms after TGL-LP. This also 459 * covers all platforms with local memory. 460 */ 461 if (GRAPHICS_VER(i915) >= 12 && !IS_TIGERLAKE(i915)) 462 return -EOPNOTSUPP; 463 464 if (args->size == 0) 465 return 0; 466 467 if (!access_ok(u64_to_user_ptr(args->data_ptr), 468 args->size)) 469 return -EFAULT; 470 471 obj = i915_gem_object_lookup(file, args->handle); 472 if (!obj) 473 return -ENOENT; 474 475 /* Bounds check source. */ 476 if (range_overflows_t(u64, args->offset, args->size, obj->base.size)) { 477 ret = -EINVAL; 478 goto out; 479 } 480 481 trace_i915_gem_object_pread(obj, args->offset, args->size); 482 ret = -ENODEV; 483 if (obj->ops->pread) 484 ret = obj->ops->pread(obj, args); 485 if (ret != -ENODEV) 486 goto out; 487 488 ret = i915_gem_object_wait(obj, 489 I915_WAIT_INTERRUPTIBLE, 490 MAX_SCHEDULE_TIMEOUT); 491 if (ret) 492 goto out; 493 494 ret = i915_gem_shmem_pread(obj, args); 495 if (ret == -EFAULT || ret == -ENODEV) 496 ret = i915_gem_gtt_pread(obj, args); 497 498out: 499 i915_gem_object_put(obj); 500 return ret; 501} 502 503/* This is the fast write path which cannot handle 504 * page faults in the source data 505 */ 506 507static inline bool 508ggtt_write(struct io_mapping *mapping, 509 loff_t base, int offset, 510 char __user *user_data, int length) 511{ 512 void __iomem *vaddr; 513 unsigned long unwritten; 514 515 /* We can use the cpu mem copy function because this is X86. */ 516 vaddr = io_mapping_map_atomic_wc(mapping, base); 517 unwritten = __copy_from_user_inatomic_nocache((void __force *)vaddr + offset, 518 user_data, length); 519 io_mapping_unmap_atomic(vaddr); 520 if (unwritten) { 521 vaddr = io_mapping_map_wc(mapping, base, PAGE_SIZE); 522 unwritten = copy_from_user((void __force *)vaddr + offset, 523 user_data, length); 524 io_mapping_unmap(vaddr); 525 } 526 527 return unwritten; 528} 529 530/** 531 * This is the fast pwrite path, where we copy the data directly from the 532 * user into the GTT, uncached. 533 * @obj: i915 GEM object 534 * @args: pwrite arguments structure 535 */ 536static int 537i915_gem_gtt_pwrite_fast(struct drm_i915_gem_object *obj, 538 const struct drm_i915_gem_pwrite *args) 539{ 540 struct drm_i915_private *i915 = to_i915(obj->base.dev); 541 struct i915_ggtt *ggtt = to_gt(i915)->ggtt; 542 struct intel_runtime_pm *rpm = &i915->runtime_pm; 543 intel_wakeref_t wakeref; 544 struct drm_mm_node node; 545 struct i915_vma *vma; 546 u64 remain, offset; 547 void __user *user_data; 548 int ret = 0; 549 550 if (i915_gem_object_has_struct_page(obj)) { 551 /* 552 * Avoid waking the device up if we can fallback, as 553 * waking/resuming is very slow (worst-case 10-100 ms 554 * depending on PCI sleeps and our own resume time). 555 * This easily dwarfs any performance advantage from 556 * using the cache bypass of indirect GGTT access. 557 */ 558 wakeref = intel_runtime_pm_get_if_in_use(rpm); 559 if (!wakeref) 560 return -EFAULT; 561 } else { 562 /* No backing pages, no fallback, we must force GGTT access */ 563 wakeref = intel_runtime_pm_get(rpm); 564 } 565 566 vma = i915_gem_gtt_prepare(obj, &node, true); 567 if (IS_ERR(vma)) { 568 ret = PTR_ERR(vma); 569 goto out_rpm; 570 } 571 572 i915_gem_object_invalidate_frontbuffer(obj, ORIGIN_CPU); 573 574 user_data = u64_to_user_ptr(args->data_ptr); 575 offset = args->offset; 576 remain = args->size; 577 while (remain) { 578 /* Operation in this page 579 * 580 * page_base = page offset within aperture 581 * page_offset = offset within page 582 * page_length = bytes to copy for this page 583 */ 584 u32 page_base = node.start; 585 unsigned int page_offset = offset_in_page(offset); 586 unsigned int page_length = PAGE_SIZE - page_offset; 587 page_length = remain < page_length ? remain : page_length; 588 if (drm_mm_node_allocated(&node)) { 589 /* flush the write before we modify the GGTT */ 590 intel_gt_flush_ggtt_writes(ggtt->vm.gt); 591 ggtt->vm.insert_page(&ggtt->vm, 592 i915_gem_object_get_dma_address(obj, offset >> PAGE_SHIFT), 593 node.start, I915_CACHE_NONE, 0); 594 wmb(); /* flush modifications to the GGTT (insert_page) */ 595 } else { 596 page_base += offset & PAGE_MASK; 597 } 598 /* If we get a fault while copying data, then (presumably) our 599 * source page isn't available. Return the error and we'll 600 * retry in the slow path. 601 * If the object is non-shmem backed, we retry again with the 602 * path that handles page fault. 603 */ 604 if (ggtt_write(&ggtt->iomap, page_base, page_offset, 605 user_data, page_length)) { 606 ret = -EFAULT; 607 break; 608 } 609 610 remain -= page_length; 611 user_data += page_length; 612 offset += page_length; 613 } 614 615 intel_gt_flush_ggtt_writes(ggtt->vm.gt); 616 i915_gem_object_flush_frontbuffer(obj, ORIGIN_CPU); 617 618 i915_gem_gtt_cleanup(obj, &node, vma); 619out_rpm: 620 intel_runtime_pm_put(rpm, wakeref); 621 return ret; 622} 623 624/* Per-page copy function for the shmem pwrite fastpath. 625 * Flushes invalid cachelines before writing to the target if 626 * needs_clflush_before is set and flushes out any written cachelines after 627 * writing if needs_clflush is set. 628 */ 629static int 630shmem_pwrite(struct page *page, int offset, int len, char __user *user_data, 631 bool needs_clflush_before, 632 bool needs_clflush_after) 633{ 634 char *vaddr; 635 int ret; 636 637 vaddr = kmap(page); 638 639 if (needs_clflush_before) 640 drm_clflush_virt_range(vaddr + offset, len); 641 642 ret = __copy_from_user(vaddr + offset, user_data, len); 643 if (!ret && needs_clflush_after) 644 drm_clflush_virt_range(vaddr + offset, len); 645 646 kunmap(page); 647 648 return ret ? -EFAULT : 0; 649} 650 651static int 652i915_gem_shmem_pwrite(struct drm_i915_gem_object *obj, 653 const struct drm_i915_gem_pwrite *args) 654{ 655 unsigned int partial_cacheline_write; 656 unsigned int needs_clflush; 657 unsigned int offset, idx; 658 void __user *user_data; 659 u64 remain; 660 int ret; 661 662 ret = i915_gem_object_lock_interruptible(obj, NULL); 663 if (ret) 664 return ret; 665 666 ret = i915_gem_object_pin_pages(obj); 667 if (ret) 668 goto err_unlock; 669 670 ret = i915_gem_object_prepare_write(obj, &needs_clflush); 671 if (ret) 672 goto err_unpin; 673 674 i915_gem_object_finish_access(obj); 675 i915_gem_object_unlock(obj); 676 677 /* If we don't overwrite a cacheline completely we need to be 678 * careful to have up-to-date data by first clflushing. Don't 679 * overcomplicate things and flush the entire patch. 680 */ 681 partial_cacheline_write = 0; 682 if (needs_clflush & CLFLUSH_BEFORE) 683 partial_cacheline_write = boot_cpu_data.x86_clflush_size - 1; 684 685 user_data = u64_to_user_ptr(args->data_ptr); 686 remain = args->size; 687 offset = offset_in_page(args->offset); 688 for (idx = args->offset >> PAGE_SHIFT; remain; idx++) { 689 struct page *page = i915_gem_object_get_page(obj, idx); 690 unsigned int length = min_t(u64, remain, PAGE_SIZE - offset); 691 692 ret = shmem_pwrite(page, offset, length, user_data, 693 (offset | length) & partial_cacheline_write, 694 needs_clflush & CLFLUSH_AFTER); 695 if (ret) 696 break; 697 698 remain -= length; 699 user_data += length; 700 offset = 0; 701 } 702 703 i915_gem_object_flush_frontbuffer(obj, ORIGIN_CPU); 704 705 i915_gem_object_unpin_pages(obj); 706 return ret; 707 708err_unpin: 709 i915_gem_object_unpin_pages(obj); 710err_unlock: 711 i915_gem_object_unlock(obj); 712 return ret; 713} 714 715/** 716 * Writes data to the object referenced by handle. 717 * @dev: drm device 718 * @data: ioctl data blob 719 * @file: drm file 720 * 721 * On error, the contents of the buffer that were to be modified are undefined. 722 */ 723int 724i915_gem_pwrite_ioctl(struct drm_device *dev, void *data, 725 struct drm_file *file) 726{ 727 struct drm_i915_private *i915 = to_i915(dev); 728 struct drm_i915_gem_pwrite *args = data; 729 struct drm_i915_gem_object *obj; 730 int ret; 731 732 /* PWRITE is disallowed for all platforms after TGL-LP. This also 733 * covers all platforms with local memory. 734 */ 735 if (GRAPHICS_VER(i915) >= 12 && !IS_TIGERLAKE(i915)) 736 return -EOPNOTSUPP; 737 738 if (args->size == 0) 739 return 0; 740 741 if (!access_ok(u64_to_user_ptr(args->data_ptr), args->size)) 742 return -EFAULT; 743 744 obj = i915_gem_object_lookup(file, args->handle); 745 if (!obj) 746 return -ENOENT; 747 748 /* Bounds check destination. */ 749 if (range_overflows_t(u64, args->offset, args->size, obj->base.size)) { 750 ret = -EINVAL; 751 goto err; 752 } 753 754 /* Writes not allowed into this read-only object */ 755 if (i915_gem_object_is_readonly(obj)) { 756 ret = -EINVAL; 757 goto err; 758 } 759 760 trace_i915_gem_object_pwrite(obj, args->offset, args->size); 761 762 ret = -ENODEV; 763 if (obj->ops->pwrite) 764 ret = obj->ops->pwrite(obj, args); 765 if (ret != -ENODEV) 766 goto err; 767 768 ret = i915_gem_object_wait(obj, 769 I915_WAIT_INTERRUPTIBLE | 770 I915_WAIT_ALL, 771 MAX_SCHEDULE_TIMEOUT); 772 if (ret) 773 goto err; 774 775 ret = -EFAULT; 776 /* We can only do the GTT pwrite on untiled buffers, as otherwise 777 * it would end up going through the fenced access, and we'll get 778 * different detiling behavior between reading and writing. 779 * pread/pwrite currently are reading and writing from the CPU 780 * perspective, requiring manual detiling by the client. 781 */ 782 if (!i915_gem_object_has_struct_page(obj) || 783 i915_gem_cpu_write_needs_clflush(obj)) 784 /* Note that the gtt paths might fail with non-page-backed user 785 * pointers (e.g. gtt mappings when moving data between 786 * textures). Fallback to the shmem path in that case. 787 */ 788 ret = i915_gem_gtt_pwrite_fast(obj, args); 789 790 if (ret == -EFAULT || ret == -ENOSPC) { 791 if (i915_gem_object_has_struct_page(obj)) 792 ret = i915_gem_shmem_pwrite(obj, args); 793 } 794 795err: 796 i915_gem_object_put(obj); 797 return ret; 798} 799 800/** 801 * Called when user space has done writes to this buffer 802 * @dev: drm device 803 * @data: ioctl data blob 804 * @file: drm file 805 */ 806int 807i915_gem_sw_finish_ioctl(struct drm_device *dev, void *data, 808 struct drm_file *file) 809{ 810 struct drm_i915_gem_sw_finish *args = data; 811 struct drm_i915_gem_object *obj; 812 813 obj = i915_gem_object_lookup(file, args->handle); 814 if (!obj) 815 return -ENOENT; 816 817 /* 818 * Proxy objects are barred from CPU access, so there is no 819 * need to ban sw_finish as it is a nop. 820 */ 821 822 /* Pinned buffers may be scanout, so flush the cache */ 823 i915_gem_object_flush_if_display(obj); 824 i915_gem_object_put(obj); 825 826 return 0; 827} 828 829void i915_gem_runtime_suspend(struct drm_i915_private *i915) 830{ 831 struct drm_i915_gem_object *obj, *on; 832 int i; 833 834 /* 835 * Only called during RPM suspend. All users of the userfault_list 836 * must be holding an RPM wakeref to ensure that this can not 837 * run concurrently with themselves (and use the struct_mutex for 838 * protection between themselves). 839 */ 840 841 list_for_each_entry_safe(obj, on, 842 &to_gt(i915)->ggtt->userfault_list, userfault_link) 843 __i915_gem_object_release_mmap_gtt(obj); 844 845 /* 846 * The fence will be lost when the device powers down. If any were 847 * in use by hardware (i.e. they are pinned), we should not be powering 848 * down! All other fences will be reacquired by the user upon waking. 849 */ 850 for (i = 0; i < to_gt(i915)->ggtt->num_fences; i++) { 851 struct i915_fence_reg *reg = &to_gt(i915)->ggtt->fence_regs[i]; 852 853 /* 854 * Ideally we want to assert that the fence register is not 855 * live at this point (i.e. that no piece of code will be 856 * trying to write through fence + GTT, as that both violates 857 * our tracking of activity and associated locking/barriers, 858 * but also is illegal given that the hw is powered down). 859 * 860 * Previously we used reg->pin_count as a "liveness" indicator. 861 * That is not sufficient, and we need a more fine-grained 862 * tool if we want to have a sanity check here. 863 */ 864 865 if (!reg->vma) 866 continue; 867 868 GEM_BUG_ON(i915_vma_has_userfault(reg->vma)); 869 reg->dirty = true; 870 } 871} 872 873static void discard_ggtt_vma(struct i915_vma *vma) 874{ 875 struct drm_i915_gem_object *obj = vma->obj; 876 877 spin_lock(&obj->vma.lock); 878 if (!RB_EMPTY_NODE(&vma->obj_node)) { 879 rb_erase(&vma->obj_node, &obj->vma.tree); 880 RB_CLEAR_NODE(&vma->obj_node); 881 } 882 spin_unlock(&obj->vma.lock); 883} 884 885struct i915_vma * 886i915_gem_object_ggtt_pin_ww(struct drm_i915_gem_object *obj, 887 struct i915_gem_ww_ctx *ww, 888 const struct i915_ggtt_view *view, 889 u64 size, u64 alignment, u64 flags) 890{ 891 struct drm_i915_private *i915 = to_i915(obj->base.dev); 892 struct i915_ggtt *ggtt = to_gt(i915)->ggtt; 893 struct i915_vma *vma; 894 int ret; 895 896 GEM_WARN_ON(!ww); 897 898 if (flags & PIN_MAPPABLE && 899 (!view || view->type == I915_GGTT_VIEW_NORMAL)) { 900 /* 901 * If the required space is larger than the available 902 * aperture, we will not able to find a slot for the 903 * object and unbinding the object now will be in 904 * vain. Worse, doing so may cause us to ping-pong 905 * the object in and out of the Global GTT and 906 * waste a lot of cycles under the mutex. 907 */ 908 if (obj->base.size > ggtt->mappable_end) 909 return ERR_PTR(-E2BIG); 910 911 /* 912 * If NONBLOCK is set the caller is optimistically 913 * trying to cache the full object within the mappable 914 * aperture, and *must* have a fallback in place for 915 * situations where we cannot bind the object. We 916 * can be a little more lax here and use the fallback 917 * more often to avoid costly migrations of ourselves 918 * and other objects within the aperture. 919 * 920 * Half-the-aperture is used as a simple heuristic. 921 * More interesting would to do search for a free 922 * block prior to making the commitment to unbind. 923 * That caters for the self-harm case, and with a 924 * little more heuristics (e.g. NOFAULT, NOEVICT) 925 * we could try to minimise harm to others. 926 */ 927 if (flags & PIN_NONBLOCK && 928 obj->base.size > ggtt->mappable_end / 2) 929 return ERR_PTR(-ENOSPC); 930 } 931 932new_vma: 933 vma = i915_vma_instance(obj, &ggtt->vm, view); 934 if (IS_ERR(vma)) 935 return vma; 936 937 if (i915_vma_misplaced(vma, size, alignment, flags)) { 938 if (flags & PIN_NONBLOCK) { 939 if (i915_vma_is_pinned(vma) || i915_vma_is_active(vma)) 940 return ERR_PTR(-ENOSPC); 941 942 /* 943 * If this misplaced vma is too big (i.e, at-least 944 * half the size of aperture) or hasn't been pinned 945 * mappable before, we ignore the misplacement when 946 * PIN_NONBLOCK is set in order to avoid the ping-pong 947 * issue described above. In other words, we try to 948 * avoid the costly operation of unbinding this vma 949 * from the GGTT and rebinding it back because there 950 * may not be enough space for this vma in the aperture. 951 */ 952 if (flags & PIN_MAPPABLE && 953 (vma->fence_size > ggtt->mappable_end / 2 || 954 !i915_vma_is_map_and_fenceable(vma))) 955 return ERR_PTR(-ENOSPC); 956 } 957 958 if (i915_vma_is_pinned(vma) || i915_vma_is_active(vma)) { 959 discard_ggtt_vma(vma); 960 goto new_vma; 961 } 962 963 ret = i915_vma_unbind(vma); 964 if (ret) 965 return ERR_PTR(ret); 966 } 967 968 ret = i915_vma_pin_ww(vma, ww, size, alignment, flags | PIN_GLOBAL); 969 970 if (ret) 971 return ERR_PTR(ret); 972 973 if (vma->fence && !i915_gem_object_is_tiled(obj)) { 974 mutex_lock(&ggtt->vm.mutex); 975 i915_vma_revoke_fence(vma); 976 mutex_unlock(&ggtt->vm.mutex); 977 } 978 979 ret = i915_vma_wait_for_bind(vma); 980 if (ret) { 981 i915_vma_unpin(vma); 982 return ERR_PTR(ret); 983 } 984 985 return vma; 986} 987 988struct i915_vma * __must_check 989i915_gem_object_ggtt_pin(struct drm_i915_gem_object *obj, 990 const struct i915_ggtt_view *view, 991 u64 size, u64 alignment, u64 flags) 992{ 993 struct i915_gem_ww_ctx ww; 994 struct i915_vma *ret; 995 int err; 996 997 for_i915_gem_ww(&ww, err, true) { 998 err = i915_gem_object_lock(obj, &ww); 999 if (err) 1000 continue; 1001 1002 ret = i915_gem_object_ggtt_pin_ww(obj, &ww, view, size, 1003 alignment, flags); 1004 if (IS_ERR(ret)) 1005 err = PTR_ERR(ret); 1006 } 1007 1008 return err ? ERR_PTR(err) : ret; 1009} 1010 1011int 1012i915_gem_madvise_ioctl(struct drm_device *dev, void *data, 1013 struct drm_file *file_priv) 1014{ 1015 struct drm_i915_private *i915 = to_i915(dev); 1016 struct drm_i915_gem_madvise *args = data; 1017 struct drm_i915_gem_object *obj; 1018 int err; 1019 1020 switch (args->madv) { 1021 case I915_MADV_DONTNEED: 1022 case I915_MADV_WILLNEED: 1023 break; 1024 default: 1025 return -EINVAL; 1026 } 1027 1028 obj = i915_gem_object_lookup(file_priv, args->handle); 1029 if (!obj) 1030 return -ENOENT; 1031 1032 err = i915_gem_object_lock_interruptible(obj, NULL); 1033 if (err) 1034 goto out; 1035 1036 if (i915_gem_object_has_pages(obj) && 1037 i915_gem_object_is_tiled(obj) && 1038 i915->quirks & QUIRK_PIN_SWIZZLED_PAGES) { 1039 if (obj->mm.madv == I915_MADV_WILLNEED) { 1040 GEM_BUG_ON(!i915_gem_object_has_tiling_quirk(obj)); 1041 i915_gem_object_clear_tiling_quirk(obj); 1042 i915_gem_object_make_shrinkable(obj); 1043 } 1044 if (args->madv == I915_MADV_WILLNEED) { 1045 GEM_BUG_ON(i915_gem_object_has_tiling_quirk(obj)); 1046 i915_gem_object_make_unshrinkable(obj); 1047 i915_gem_object_set_tiling_quirk(obj); 1048 } 1049 } 1050 1051 if (obj->mm.madv != __I915_MADV_PURGED) { 1052 obj->mm.madv = args->madv; 1053 if (obj->ops->adjust_lru) 1054 obj->ops->adjust_lru(obj); 1055 } 1056 1057 if (i915_gem_object_has_pages(obj) || 1058 i915_gem_object_has_self_managed_shrink_list(obj)) { 1059 unsigned long flags; 1060 1061 spin_lock_irqsave(&i915->mm.obj_lock, flags); 1062 if (!list_empty(&obj->mm.link)) { 1063 struct list_head *list; 1064 1065 if (obj->mm.madv != I915_MADV_WILLNEED) 1066 list = &i915->mm.purge_list; 1067 else 1068 list = &i915->mm.shrink_list; 1069 list_move_tail(&obj->mm.link, list); 1070 1071 } 1072 spin_unlock_irqrestore(&i915->mm.obj_lock, flags); 1073 } 1074 1075 /* if the object is no longer attached, discard its backing storage */ 1076 if (obj->mm.madv == I915_MADV_DONTNEED && 1077 !i915_gem_object_has_pages(obj)) 1078 i915_gem_object_truncate(obj); 1079 1080 args->retained = obj->mm.madv != __I915_MADV_PURGED; 1081 1082 i915_gem_object_unlock(obj); 1083out: 1084 i915_gem_object_put(obj); 1085 return err; 1086} 1087 1088int i915_gem_init(struct drm_i915_private *dev_priv) 1089{ 1090 int ret; 1091 1092 /* We need to fallback to 4K pages if host doesn't support huge gtt. */ 1093 if (intel_vgpu_active(dev_priv) && !intel_vgpu_has_huge_gtt(dev_priv)) 1094 mkwrite_device_info(dev_priv)->page_sizes = 1095 I915_GTT_PAGE_SIZE_4K; 1096 1097 ret = i915_gem_init_userptr(dev_priv); 1098 if (ret) 1099 return ret; 1100 1101 intel_uc_fetch_firmwares(&to_gt(dev_priv)->uc); 1102 intel_wopcm_init(&dev_priv->wopcm); 1103 1104 ret = i915_init_ggtt(dev_priv); 1105 if (ret) { 1106 GEM_BUG_ON(ret == -EIO); 1107 goto err_unlock; 1108 } 1109 1110 /* 1111 * Despite its name intel_init_clock_gating applies both display 1112 * clock gating workarounds; GT mmio workarounds and the occasional 1113 * GT power context workaround. Worse, sometimes it includes a context 1114 * register workaround which we need to apply before we record the 1115 * default HW state for all contexts. 1116 * 1117 * FIXME: break up the workarounds and apply them at the right time! 1118 */ 1119 intel_init_clock_gating(dev_priv); 1120 1121 ret = intel_gt_init(to_gt(dev_priv)); 1122 if (ret) 1123 goto err_unlock; 1124 1125 return 0; 1126 1127 /* 1128 * Unwinding is complicated by that we want to handle -EIO to mean 1129 * disable GPU submission but keep KMS alive. We want to mark the 1130 * HW as irrevisibly wedged, but keep enough state around that the 1131 * driver doesn't explode during runtime. 1132 */ 1133err_unlock: 1134 i915_gem_drain_workqueue(dev_priv); 1135 1136 if (ret != -EIO) 1137 intel_uc_cleanup_firmwares(&to_gt(dev_priv)->uc); 1138 1139 if (ret == -EIO) { 1140 /* 1141 * Allow engines or uC initialisation to fail by marking the GPU 1142 * as wedged. But we only want to do this when the GPU is angry, 1143 * for all other failure, such as an allocation failure, bail. 1144 */ 1145 if (!intel_gt_is_wedged(to_gt(dev_priv))) { 1146 i915_probe_error(dev_priv, 1147 "Failed to initialize GPU, declaring it wedged!\n"); 1148 intel_gt_set_wedged(to_gt(dev_priv)); 1149 } 1150 1151 /* Minimal basic recovery for KMS */ 1152 ret = i915_ggtt_enable_hw(dev_priv); 1153 i915_ggtt_resume(to_gt(dev_priv)->ggtt); 1154 intel_init_clock_gating(dev_priv); 1155 } 1156 1157 i915_gem_drain_freed_objects(dev_priv); 1158 1159 return ret; 1160} 1161 1162void i915_gem_driver_register(struct drm_i915_private *i915) 1163{ 1164 i915_gem_driver_register__shrinker(i915); 1165 1166 intel_engines_driver_register(i915); 1167} 1168 1169void i915_gem_driver_unregister(struct drm_i915_private *i915) 1170{ 1171 i915_gem_driver_unregister__shrinker(i915); 1172} 1173 1174void i915_gem_driver_remove(struct drm_i915_private *dev_priv) 1175{ 1176 intel_wakeref_auto_fini(&to_gt(dev_priv)->ggtt->userfault_wakeref); 1177 1178 i915_gem_suspend_late(dev_priv); 1179 intel_gt_driver_remove(to_gt(dev_priv)); 1180 dev_priv->uabi_engines = RB_ROOT; 1181 1182 /* Flush any outstanding unpin_work. */ 1183 i915_gem_drain_workqueue(dev_priv); 1184 1185 i915_gem_drain_freed_objects(dev_priv); 1186} 1187 1188void i915_gem_driver_release(struct drm_i915_private *dev_priv) 1189{ 1190 intel_gt_driver_release(to_gt(dev_priv)); 1191 1192 intel_uc_cleanup_firmwares(&to_gt(dev_priv)->uc); 1193 1194 i915_gem_drain_freed_objects(dev_priv); 1195 1196 drm_WARN_ON(&dev_priv->drm, !list_empty(&dev_priv->gem.contexts.list)); 1197} 1198 1199static void i915_gem_init__mm(struct drm_i915_private *i915) 1200{ 1201 spin_lock_init(&i915->mm.obj_lock); 1202 1203 init_llist_head(&i915->mm.free_list); 1204 1205 INIT_LIST_HEAD(&i915->mm.purge_list); 1206 INIT_LIST_HEAD(&i915->mm.shrink_list); 1207 1208 i915_gem_init__objects(i915); 1209} 1210 1211void i915_gem_init_early(struct drm_i915_private *dev_priv) 1212{ 1213 i915_gem_init__mm(dev_priv); 1214 i915_gem_init__contexts(dev_priv); 1215 1216 spin_lock_init(&dev_priv->fb_tracking.lock); 1217} 1218 1219void i915_gem_cleanup_early(struct drm_i915_private *dev_priv) 1220{ 1221 i915_gem_drain_freed_objects(dev_priv); 1222 GEM_BUG_ON(!llist_empty(&dev_priv->mm.free_list)); 1223 GEM_BUG_ON(atomic_read(&dev_priv->mm.free_count)); 1224 drm_WARN_ON(&dev_priv->drm, dev_priv->mm.shrink_count); 1225} 1226 1227int i915_gem_open(struct drm_i915_private *i915, struct drm_file *file) 1228{ 1229 struct drm_i915_file_private *file_priv; 1230 struct i915_drm_client *client; 1231 int ret = -ENOMEM; 1232 1233 DRM_DEBUG("\n"); 1234 1235 file_priv = kzalloc(sizeof(*file_priv), GFP_KERNEL); 1236 if (!file_priv) 1237 goto err_alloc; 1238 1239 client = i915_drm_client_add(&i915->clients); 1240 if (IS_ERR(client)) { 1241 ret = PTR_ERR(client); 1242 goto err_client; 1243 } 1244 1245 file->driver_priv = file_priv; 1246 file_priv->dev_priv = i915; 1247 file_priv->file = file; 1248 file_priv->client = client; 1249 1250 file_priv->bsd_engine = -1; 1251 file_priv->hang_timestamp = jiffies; 1252 1253 ret = i915_gem_context_open(i915, file); 1254 if (ret) 1255 goto err_context; 1256 1257 return 0; 1258 1259err_context: 1260 i915_drm_client_put(client); 1261err_client: 1262 kfree(file_priv); 1263err_alloc: 1264 return ret; 1265} 1266 1267#if IS_ENABLED(CONFIG_DRM_I915_SELFTEST) 1268#include "selftests/mock_gem_device.c" 1269#include "selftests/i915_gem.c" 1270#endif