i915_gem.c 130.9 KB
Newer Older
1
/*
2
 * Copyright © 2008-2015 Intel Corporation
3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27
 *
 * Permission is hereby granted, free of charge, to any person obtaining a
 * copy of this software and associated documentation files (the "Software"),
 * to deal in the Software without restriction, including without limitation
 * the rights to use, copy, modify, merge, publish, distribute, sublicense,
 * and/or sell copies of the Software, and to permit persons to whom the
 * Software is furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice (including the next
 * paragraph) shall be included in all copies or substantial portions of the
 * Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL
 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
 * IN THE SOFTWARE.
 *
 * Authors:
 *    Eric Anholt <eric@anholt.net>
 *
 */

28
#include <drm/drmP.h>
29
#include <drm/drm_vma_manager.h>
30
#include <drm/i915_drm.h>
31
#include "i915_drv.h"
32
#include "i915_vgpu.h"
C
Chris Wilson 已提交
33
#include "i915_trace.h"
34
#include "intel_drv.h"
35
#include "intel_frontbuffer.h"
36
#include "intel_mocs.h"
37
#include <linux/dma-fence-array.h>
38
#include <linux/reservation.h>
39
#include <linux/shmem_fs.h>
40
#include <linux/slab.h>
41
#include <linux/stop_machine.h>
42
#include <linux/swap.h>
J
Jesse Barnes 已提交
43
#include <linux/pci.h>
44
#include <linux/dma-buf.h>
45

46
static void i915_gem_flush_free_objects(struct drm_i915_private *i915);
47
static void i915_gem_object_flush_gtt_write_domain(struct drm_i915_gem_object *obj);
48
static void i915_gem_object_flush_cpu_write_domain(struct drm_i915_gem_object *obj);
49

50 51 52
static bool cpu_cache_is_coherent(struct drm_device *dev,
				  enum i915_cache_level level)
{
53
	return HAS_LLC(to_i915(dev)) || level != I915_CACHE_NONE;
54 55
}

56 57
static bool cpu_write_needs_clflush(struct drm_i915_gem_object *obj)
{
58 59 60
	if (obj->base.write_domain == I915_GEM_DOMAIN_CPU)
		return false;

61 62 63 64 65 66
	if (!cpu_cache_is_coherent(obj->base.dev, obj->cache_level))
		return true;

	return obj->pin_display;
}

67
static int
68
insert_mappable_node(struct i915_ggtt *ggtt,
69 70 71
                     struct drm_mm_node *node, u32 size)
{
	memset(node, 0, sizeof(*node));
72 73 74
	return drm_mm_insert_node_in_range_generic(&ggtt->base.mm, node,
						   size, 0, -1,
						   0, ggtt->mappable_end,
75 76 77 78 79 80 81 82 83 84
						   DRM_MM_SEARCH_DEFAULT,
						   DRM_MM_CREATE_DEFAULT);
}

static void
remove_mappable_node(struct drm_mm_node *node)
{
	drm_mm_remove_node(node);
}

85 86
/* some bookkeeping */
static void i915_gem_info_add_obj(struct drm_i915_private *dev_priv,
87
				  u64 size)
88
{
89
	spin_lock(&dev_priv->mm.object_stat_lock);
90 91
	dev_priv->mm.object_count++;
	dev_priv->mm.object_memory += size;
92
	spin_unlock(&dev_priv->mm.object_stat_lock);
93 94 95
}

static void i915_gem_info_remove_obj(struct drm_i915_private *dev_priv,
96
				     u64 size)
97
{
98
	spin_lock(&dev_priv->mm.object_stat_lock);
99 100
	dev_priv->mm.object_count--;
	dev_priv->mm.object_memory -= size;
101
	spin_unlock(&dev_priv->mm.object_stat_lock);
102 103
}

104
static int
105
i915_gem_wait_for_error(struct i915_gpu_error *error)
106 107 108
{
	int ret;

109 110
	might_sleep();

111
	if (!i915_reset_in_progress(error))
112 113
		return 0;

114 115 116 117 118
	/*
	 * Only wait 10 seconds for the gpu reset to complete to avoid hanging
	 * userspace. If it takes that long something really bad is going on and
	 * we should simply try to bail out and fail as gracefully as possible.
	 */
119
	ret = wait_event_interruptible_timeout(error->reset_queue,
120
					       !i915_reset_in_progress(error),
121
					       I915_RESET_TIMEOUT);
122 123 124 125
	if (ret == 0) {
		DRM_ERROR("Timed out waiting for the gpu reset to complete\n");
		return -EIO;
	} else if (ret < 0) {
126
		return ret;
127 128
	} else {
		return 0;
129
	}
130 131
}

132
int i915_mutex_lock_interruptible(struct drm_device *dev)
133
{
134
	struct drm_i915_private *dev_priv = to_i915(dev);
135 136
	int ret;

137
	ret = i915_gem_wait_for_error(&dev_priv->gpu_error);
138 139 140 141 142 143 144 145 146
	if (ret)
		return ret;

	ret = mutex_lock_interruptible(&dev->struct_mutex);
	if (ret)
		return ret;

	return 0;
}
147

148 149
int
i915_gem_get_aperture_ioctl(struct drm_device *dev, void *data,
150
			    struct drm_file *file)
151
{
152
	struct drm_i915_private *dev_priv = to_i915(dev);
153
	struct i915_ggtt *ggtt = &dev_priv->ggtt;
154
	struct drm_i915_gem_get_aperture *args = data;
155
	struct i915_vma *vma;
156
	size_t pinned;
157

158
	pinned = 0;
159
	mutex_lock(&dev->struct_mutex);
160
	list_for_each_entry(vma, &ggtt->base.active_list, vm_link)
161
		if (i915_vma_is_pinned(vma))
162
			pinned += vma->node.size;
163
	list_for_each_entry(vma, &ggtt->base.inactive_list, vm_link)
164
		if (i915_vma_is_pinned(vma))
165
			pinned += vma->node.size;
166
	mutex_unlock(&dev->struct_mutex);
167

168
	args->aper_size = ggtt->base.total;
169
	args->aper_available_size = args->aper_size - pinned;
170

171 172 173
	return 0;
}

174
static struct sg_table *
175
i915_gem_object_get_pages_phys(struct drm_i915_gem_object *obj)
176
{
177
	struct address_space *mapping = obj->base.filp->f_mapping;
178 179 180 181
	char *vaddr = obj->phys_handle->vaddr;
	struct sg_table *st;
	struct scatterlist *sg;
	int i;
182

183
	if (WARN_ON(i915_gem_object_needs_bit17_swizzle(obj)))
184
		return ERR_PTR(-EINVAL);
185 186 187 188 189 190 191

	for (i = 0; i < obj->base.size / PAGE_SIZE; i++) {
		struct page *page;
		char *src;

		page = shmem_read_mapping_page(mapping, i);
		if (IS_ERR(page))
192
			return ERR_CAST(page);
193 194 195 196 197 198

		src = kmap_atomic(page);
		memcpy(vaddr, src, PAGE_SIZE);
		drm_clflush_virt_range(vaddr, PAGE_SIZE);
		kunmap_atomic(src);

199
		put_page(page);
200 201 202
		vaddr += PAGE_SIZE;
	}

203
	i915_gem_chipset_flush(to_i915(obj->base.dev));
204 205 206

	st = kmalloc(sizeof(*st), GFP_KERNEL);
	if (st == NULL)
207
		return ERR_PTR(-ENOMEM);
208 209 210

	if (sg_alloc_table(st, 1, GFP_KERNEL)) {
		kfree(st);
211
		return ERR_PTR(-ENOMEM);
212 213 214 215 216
	}

	sg = st->sgl;
	sg->offset = 0;
	sg->length = obj->base.size;
217

218 219 220
	sg_dma_address(sg) = obj->phys_handle->busaddr;
	sg_dma_len(sg) = obj->base.size;

221
	return st;
222 223 224
}

static void
225 226
__i915_gem_object_release_shmem(struct drm_i915_gem_object *obj,
				struct sg_table *pages)
227
{
C
Chris Wilson 已提交
228
	GEM_BUG_ON(obj->mm.madv == __I915_MADV_PURGED);
229

C
Chris Wilson 已提交
230 231
	if (obj->mm.madv == I915_MADV_DONTNEED)
		obj->mm.dirty = false;
232

233 234
	if ((obj->base.read_domains & I915_GEM_DOMAIN_CPU) == 0 &&
	    !cpu_cache_is_coherent(obj->base.dev, obj->cache_level))
235
		drm_clflush_sg(pages);
236 237 238 239 240 241 242 243 244

	obj->base.read_domains = I915_GEM_DOMAIN_CPU;
	obj->base.write_domain = I915_GEM_DOMAIN_CPU;
}

static void
i915_gem_object_put_pages_phys(struct drm_i915_gem_object *obj,
			       struct sg_table *pages)
{
245
	__i915_gem_object_release_shmem(obj, pages);
246

C
Chris Wilson 已提交
247
	if (obj->mm.dirty) {
248
		struct address_space *mapping = obj->base.filp->f_mapping;
249
		char *vaddr = obj->phys_handle->vaddr;
250 251 252
		int i;

		for (i = 0; i < obj->base.size / PAGE_SIZE; i++) {
253 254 255 256 257 258 259 260 261 262 263 264 265
			struct page *page;
			char *dst;

			page = shmem_read_mapping_page(mapping, i);
			if (IS_ERR(page))
				continue;

			dst = kmap_atomic(page);
			drm_clflush_virt_range(vaddr, PAGE_SIZE);
			memcpy(dst, vaddr, PAGE_SIZE);
			kunmap_atomic(dst);

			set_page_dirty(page);
C
Chris Wilson 已提交
266
			if (obj->mm.madv == I915_MADV_WILLNEED)
267
				mark_page_accessed(page);
268
			put_page(page);
269 270
			vaddr += PAGE_SIZE;
		}
C
Chris Wilson 已提交
271
		obj->mm.dirty = false;
272 273
	}

274 275
	sg_free_table(pages);
	kfree(pages);
276 277 278 279 280 281
}

static void
i915_gem_object_release_phys(struct drm_i915_gem_object *obj)
{
	drm_pci_free(obj->base.dev, obj->phys_handle);
C
Chris Wilson 已提交
282
	i915_gem_object_unpin_pages(obj);
283 284 285 286 287 288 289 290
}

static const struct drm_i915_gem_object_ops i915_gem_phys_ops = {
	.get_pages = i915_gem_object_get_pages_phys,
	.put_pages = i915_gem_object_put_pages_phys,
	.release = i915_gem_object_release_phys,
};

291
int i915_gem_object_unbind(struct drm_i915_gem_object *obj)
292 293 294
{
	struct i915_vma *vma;
	LIST_HEAD(still_in_list);
295 296 297
	int ret;

	lockdep_assert_held(&obj->base.dev->struct_mutex);
298

299 300 301 302
	/* Closed vma are removed from the obj->vma_list - but they may
	 * still have an active binding on the object. To remove those we
	 * must wait for all rendering to complete to the object (as unbinding
	 * must anyway), and retire the requests.
303
	 */
304 305 306 307 308 309
	ret = i915_gem_object_wait(obj,
				   I915_WAIT_INTERRUPTIBLE |
				   I915_WAIT_LOCKED |
				   I915_WAIT_ALL,
				   MAX_SCHEDULE_TIMEOUT,
				   NULL);
310 311 312 313 314
	if (ret)
		return ret;

	i915_gem_retire_requests(to_i915(obj->base.dev));

315 316 317 318 319 320 321 322 323 324 325 326 327
	while ((vma = list_first_entry_or_null(&obj->vma_list,
					       struct i915_vma,
					       obj_link))) {
		list_move_tail(&vma->obj_link, &still_in_list);
		ret = i915_vma_unbind(vma);
		if (ret)
			break;
	}
	list_splice(&still_in_list, &obj->vma_list);

	return ret;
}

328 329 330 331 332
static long
i915_gem_object_wait_fence(struct dma_fence *fence,
			   unsigned int flags,
			   long timeout,
			   struct intel_rps_client *rps)
333
{
334
	struct drm_i915_gem_request *rq;
335

336
	BUILD_BUG_ON(I915_WAIT_INTERRUPTIBLE != 0x1);
337

338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369
	if (test_bit(DMA_FENCE_FLAG_SIGNALED_BIT, &fence->flags))
		return timeout;

	if (!dma_fence_is_i915(fence))
		return dma_fence_wait_timeout(fence,
					      flags & I915_WAIT_INTERRUPTIBLE,
					      timeout);

	rq = to_request(fence);
	if (i915_gem_request_completed(rq))
		goto out;

	/* This client is about to stall waiting for the GPU. In many cases
	 * this is undesirable and limits the throughput of the system, as
	 * many clients cannot continue processing user input/output whilst
	 * blocked. RPS autotuning may take tens of milliseconds to respond
	 * to the GPU load and thus incurs additional latency for the client.
	 * We can circumvent that by promoting the GPU frequency to maximum
	 * before we wait. This makes the GPU throttle up much more quickly
	 * (good for benchmarks and user experience, e.g. window animations),
	 * but at a cost of spending more power processing the workload
	 * (bad for battery). Not all clients even want their results
	 * immediately and for them we should just let the GPU select its own
	 * frequency to maximise efficiency. To prevent a single client from
	 * forcing the clocks too high for the whole system, we only allow
	 * each client to waitboost once in a busy period.
	 */
	if (rps) {
		if (INTEL_GEN(rq->i915) >= 6)
			gen6_rps_boost(rq->i915, rps, rq->emitted_jiffies);
		else
			rps = NULL;
370 371
	}

372 373 374 375 376 377
	timeout = i915_wait_request(rq, flags, timeout);

out:
	if (flags & I915_WAIT_LOCKED && i915_gem_request_completed(rq))
		i915_gem_request_retire_upto(rq);

378
	if (rps && rq->global_seqno == intel_engine_last_submit(rq->engine)) {
379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407
		/* The GPU is now idle and this client has stalled.
		 * Since no other client has submitted a request in the
		 * meantime, assume that this client is the only one
		 * supplying work to the GPU but is unable to keep that
		 * work supplied because it is waiting. Since the GPU is
		 * then never kept fully busy, RPS autoclocking will
		 * keep the clocks relatively low, causing further delays.
		 * Compensate by giving the synchronous client credit for
		 * a waitboost next time.
		 */
		spin_lock(&rq->i915->rps.client_lock);
		list_del_init(&rps->link);
		spin_unlock(&rq->i915->rps.client_lock);
	}

	return timeout;
}

static long
i915_gem_object_wait_reservation(struct reservation_object *resv,
				 unsigned int flags,
				 long timeout,
				 struct intel_rps_client *rps)
{
	struct dma_fence *excl;

	if (flags & I915_WAIT_ALL) {
		struct dma_fence **shared;
		unsigned int count, i;
408 409
		int ret;

410 411
		ret = reservation_object_get_fences_rcu(resv,
							&excl, &count, &shared);
412 413 414
		if (ret)
			return ret;

415 416 417 418 419 420
		for (i = 0; i < count; i++) {
			timeout = i915_gem_object_wait_fence(shared[i],
							     flags, timeout,
							     rps);
			if (timeout <= 0)
				break;
421

422 423 424 425 426 427 428 429
			dma_fence_put(shared[i]);
		}

		for (; i < count; i++)
			dma_fence_put(shared[i]);
		kfree(shared);
	} else {
		excl = reservation_object_get_excl_rcu(resv);
430 431
	}

432 433 434 435 436 437
	if (excl && timeout > 0)
		timeout = i915_gem_object_wait_fence(excl, flags, timeout, rps);

	dma_fence_put(excl);

	return timeout;
438 439
}

440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503
static void __fence_set_priority(struct dma_fence *fence, int prio)
{
	struct drm_i915_gem_request *rq;
	struct intel_engine_cs *engine;

	if (!dma_fence_is_i915(fence))
		return;

	rq = to_request(fence);
	engine = rq->engine;
	if (!engine->schedule)
		return;

	engine->schedule(rq, prio);
}

static void fence_set_priority(struct dma_fence *fence, int prio)
{
	/* Recurse once into a fence-array */
	if (dma_fence_is_array(fence)) {
		struct dma_fence_array *array = to_dma_fence_array(fence);
		int i;

		for (i = 0; i < array->num_fences; i++)
			__fence_set_priority(array->fences[i], prio);
	} else {
		__fence_set_priority(fence, prio);
	}
}

int
i915_gem_object_wait_priority(struct drm_i915_gem_object *obj,
			      unsigned int flags,
			      int prio)
{
	struct dma_fence *excl;

	if (flags & I915_WAIT_ALL) {
		struct dma_fence **shared;
		unsigned int count, i;
		int ret;

		ret = reservation_object_get_fences_rcu(obj->resv,
							&excl, &count, &shared);
		if (ret)
			return ret;

		for (i = 0; i < count; i++) {
			fence_set_priority(shared[i], prio);
			dma_fence_put(shared[i]);
		}

		kfree(shared);
	} else {
		excl = reservation_object_get_excl_rcu(obj->resv);
	}

	if (excl) {
		fence_set_priority(excl, prio);
		dma_fence_put(excl);
	}
	return 0;
}

504 505 506 507 508 509
/**
 * Waits for rendering to the object to be completed
 * @obj: i915 gem object
 * @flags: how to wait (under a lock, for all rendering or just for writes etc)
 * @timeout: how long to wait
 * @rps: client (user process) to charge for any waitboosting
510
 */
511 512 513 514 515
int
i915_gem_object_wait(struct drm_i915_gem_object *obj,
		     unsigned int flags,
		     long timeout,
		     struct intel_rps_client *rps)
516
{
517 518 519 520 521 522 523
	might_sleep();
#if IS_ENABLED(CONFIG_LOCKDEP)
	GEM_BUG_ON(debug_locks &&
		   !!lockdep_is_held(&obj->base.dev->struct_mutex) !=
		   !!(flags & I915_WAIT_LOCKED));
#endif
	GEM_BUG_ON(timeout < 0);
524

525 526 527
	timeout = i915_gem_object_wait_reservation(obj->resv,
						   flags, timeout,
						   rps);
528
	return timeout < 0 ? timeout : 0;
529 530 531 532 533 534 535 536 537
}

static struct intel_rps_client *to_rps_client(struct drm_file *file)
{
	struct drm_i915_file_private *fpriv = file->driver_priv;

	return &fpriv->rps;
}

538 539 540 541 542
int
i915_gem_object_attach_phys(struct drm_i915_gem_object *obj,
			    int align)
{
	drm_dma_handle_t *phys;
543
	int ret;
544 545 546 547 548 549 550 551

	if (obj->phys_handle) {
		if ((unsigned long)obj->phys_handle->vaddr & (align -1))
			return -EBUSY;

		return 0;
	}

C
Chris Wilson 已提交
552
	if (obj->mm.madv != I915_MADV_WILLNEED)
553 554 555 556 557
		return -EFAULT;

	if (obj->base.filp == NULL)
		return -EINVAL;

C
Chris Wilson 已提交
558 559 560 561
	ret = i915_gem_object_unbind(obj);
	if (ret)
		return ret;

562
	__i915_gem_object_put_pages(obj, I915_MM_NORMAL);
563 564
	if (obj->mm.pages)
		return -EBUSY;
565

566 567 568 569 570 571
	/* create a new object */
	phys = drm_pci_alloc(obj->base.dev, obj->base.size, align);
	if (!phys)
		return -ENOMEM;

	obj->phys_handle = phys;
572 573
	obj->ops = &i915_gem_phys_ops;

C
Chris Wilson 已提交
574
	return i915_gem_object_pin_pages(obj);
575 576 577 578 579
}

static int
i915_gem_phys_pwrite(struct drm_i915_gem_object *obj,
		     struct drm_i915_gem_pwrite *args,
580
		     struct drm_file *file)
581 582 583
{
	struct drm_device *dev = obj->base.dev;
	void *vaddr = obj->phys_handle->vaddr + args->offset;
584
	char __user *user_data = u64_to_user_ptr(args->data_ptr);
585
	int ret;
586 587 588 589

	/* We manually control the domain here and pretend that it
	 * remains coherent i.e. in the GTT domain, like shmem_pwrite.
	 */
590 591 592 593 594 595
	lockdep_assert_held(&obj->base.dev->struct_mutex);
	ret = i915_gem_object_wait(obj,
				   I915_WAIT_INTERRUPTIBLE |
				   I915_WAIT_LOCKED |
				   I915_WAIT_ALL,
				   MAX_SCHEDULE_TIMEOUT,
596
				   to_rps_client(file));
597 598
	if (ret)
		return ret;
599

600
	intel_fb_obj_invalidate(obj, ORIGIN_CPU);
601 602 603 604 605 606 607 608 609 610
	if (__copy_from_user_inatomic_nocache(vaddr, user_data, args->size)) {
		unsigned long unwritten;

		/* The physical object once assigned is fixed for the lifetime
		 * of the obj, so we can safely drop the lock and continue
		 * to access vaddr.
		 */
		mutex_unlock(&dev->struct_mutex);
		unwritten = copy_from_user(vaddr, user_data, args->size);
		mutex_lock(&dev->struct_mutex);
611 612 613 614
		if (unwritten) {
			ret = -EFAULT;
			goto out;
		}
615 616
	}

617
	drm_clflush_virt_range(vaddr, args->size);
618
	i915_gem_chipset_flush(to_i915(dev));
619 620

out:
621
	intel_fb_obj_flush(obj, false, ORIGIN_CPU);
622
	return ret;
623 624
}

625 626
void *i915_gem_object_alloc(struct drm_device *dev)
{
627
	struct drm_i915_private *dev_priv = to_i915(dev);
628
	return kmem_cache_zalloc(dev_priv->objects, GFP_KERNEL);
629 630 631 632
}

void i915_gem_object_free(struct drm_i915_gem_object *obj)
{
633
	struct drm_i915_private *dev_priv = to_i915(obj->base.dev);
634
	kmem_cache_free(dev_priv->objects, obj);
635 636
}

637 638 639 640 641
static int
i915_gem_create(struct drm_file *file,
		struct drm_device *dev,
		uint64_t size,
		uint32_t *handle_p)
642
{
643
	struct drm_i915_gem_object *obj;
644 645
	int ret;
	u32 handle;
646

647
	size = roundup(size, PAGE_SIZE);
648 649
	if (size == 0)
		return -EINVAL;
650 651

	/* Allocate the new object */
652
	obj = i915_gem_object_create(dev, size);
653 654
	if (IS_ERR(obj))
		return PTR_ERR(obj);
655

656
	ret = drm_gem_handle_create(file, &obj->base, &handle);
657
	/* drop reference from allocate - handle holds it now */
C
Chris Wilson 已提交
658
	i915_gem_object_put(obj);
659 660
	if (ret)
		return ret;
661

662
	*handle_p = handle;
663 664 665
	return 0;
}

666 667 668 669 670 671
int
i915_gem_dumb_create(struct drm_file *file,
		     struct drm_device *dev,
		     struct drm_mode_create_dumb *args)
{
	/* have to work out size/pitch and return them */
672
	args->pitch = ALIGN(args->width * DIV_ROUND_UP(args->bpp, 8), 64);
673 674
	args->size = args->pitch * args->height;
	return i915_gem_create(file, dev,
675
			       args->size, &args->handle);
676 677 678 679
}

/**
 * Creates a new mm object and returns a handle to it.
680 681 682
 * @dev: drm device pointer
 * @data: ioctl data blob
 * @file: drm file pointer
683 684 685 686 687 688
 */
int
i915_gem_create_ioctl(struct drm_device *dev, void *data,
		      struct drm_file *file)
{
	struct drm_i915_gem_create *args = data;
689

690 691
	i915_gem_flush_free_objects(to_i915(dev));

692
	return i915_gem_create(file, dev,
693
			       args->size, &args->handle);
694 695
}

696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721
static inline int
__copy_to_user_swizzled(char __user *cpu_vaddr,
			const char *gpu_vaddr, int gpu_offset,
			int length)
{
	int ret, cpu_offset = 0;

	while (length > 0) {
		int cacheline_end = ALIGN(gpu_offset + 1, 64);
		int this_length = min(cacheline_end - gpu_offset, length);
		int swizzled_gpu_offset = gpu_offset ^ 64;

		ret = __copy_to_user(cpu_vaddr + cpu_offset,
				     gpu_vaddr + swizzled_gpu_offset,
				     this_length);
		if (ret)
			return ret + length;

		cpu_offset += this_length;
		gpu_offset += this_length;
		length -= this_length;
	}

	return 0;
}

722
static inline int
723 724
__copy_from_user_swizzled(char *gpu_vaddr, int gpu_offset,
			  const char __user *cpu_vaddr,
725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747
			  int length)
{
	int ret, cpu_offset = 0;

	while (length > 0) {
		int cacheline_end = ALIGN(gpu_offset + 1, 64);
		int this_length = min(cacheline_end - gpu_offset, length);
		int swizzled_gpu_offset = gpu_offset ^ 64;

		ret = __copy_from_user(gpu_vaddr + swizzled_gpu_offset,
				       cpu_vaddr + cpu_offset,
				       this_length);
		if (ret)
			return ret + length;

		cpu_offset += this_length;
		gpu_offset += this_length;
		length -= this_length;
	}

	return 0;
}

748 749 750 751 752 753
/*
 * Pins the specified object's pages and synchronizes the object with
 * GPU accesses. Sets needs_clflush to non-zero if the caller should
 * flush the object from the CPU cache.
 */
int i915_gem_obj_prepare_shmem_read(struct drm_i915_gem_object *obj,
754
				    unsigned int *needs_clflush)
755 756 757
{
	int ret;

758
	lockdep_assert_held(&obj->base.dev->struct_mutex);
759

760
	*needs_clflush = 0;
761 762
	if (!i915_gem_object_has_struct_page(obj))
		return -ENODEV;
763

764 765 766 767 768
	ret = i915_gem_object_wait(obj,
				   I915_WAIT_INTERRUPTIBLE |
				   I915_WAIT_LOCKED,
				   MAX_SCHEDULE_TIMEOUT,
				   NULL);
769 770 771
	if (ret)
		return ret;

C
Chris Wilson 已提交
772
	ret = i915_gem_object_pin_pages(obj);
773 774 775
	if (ret)
		return ret;

776 777
	i915_gem_object_flush_gtt_write_domain(obj);

778 779 780 781 782 783
	/* If we're not in the cpu read domain, set ourself into the gtt
	 * read domain and manually flush cachelines (if required). This
	 * optimizes for the case when the gpu will dirty the data
	 * anyway again before the next pread happens.
	 */
	if (!(obj->base.read_domains & I915_GEM_DOMAIN_CPU))
784 785
		*needs_clflush = !cpu_cache_is_coherent(obj->base.dev,
							obj->cache_level);
786 787 788

	if (*needs_clflush && !static_cpu_has(X86_FEATURE_CLFLUSH)) {
		ret = i915_gem_object_set_to_cpu_domain(obj, false);
789 790 791
		if (ret)
			goto err_unpin;

792
		*needs_clflush = 0;
793 794
	}

795
	/* return with the pages pinned */
796
	return 0;
797 798 799 800

err_unpin:
	i915_gem_object_unpin_pages(obj);
	return ret;
801 802 803 804 805 806 807
}

int i915_gem_obj_prepare_shmem_write(struct drm_i915_gem_object *obj,
				     unsigned int *needs_clflush)
{
	int ret;

808 809
	lockdep_assert_held(&obj->base.dev->struct_mutex);

810 811 812 813
	*needs_clflush = 0;
	if (!i915_gem_object_has_struct_page(obj))
		return -ENODEV;

814 815 816 817 818 819
	ret = i915_gem_object_wait(obj,
				   I915_WAIT_INTERRUPTIBLE |
				   I915_WAIT_LOCKED |
				   I915_WAIT_ALL,
				   MAX_SCHEDULE_TIMEOUT,
				   NULL);
820 821 822
	if (ret)
		return ret;

C
Chris Wilson 已提交
823
	ret = i915_gem_object_pin_pages(obj);
824 825 826
	if (ret)
		return ret;

827 828
	i915_gem_object_flush_gtt_write_domain(obj);

829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845
	/* If we're not in the cpu write domain, set ourself into the
	 * gtt write domain and manually flush cachelines (as required).
	 * This optimizes for the case when the gpu will use the data
	 * right away and we therefore have to clflush anyway.
	 */
	if (obj->base.write_domain != I915_GEM_DOMAIN_CPU)
		*needs_clflush |= cpu_write_needs_clflush(obj) << 1;

	/* Same trick applies to invalidate partially written cachelines read
	 * before writing.
	 */
	if (!(obj->base.read_domains & I915_GEM_DOMAIN_CPU))
		*needs_clflush |= !cpu_cache_is_coherent(obj->base.dev,
							 obj->cache_level);

	if (*needs_clflush && !static_cpu_has(X86_FEATURE_CLFLUSH)) {
		ret = i915_gem_object_set_to_cpu_domain(obj, true);
846 847 848
		if (ret)
			goto err_unpin;

849 850 851 852 853 854 855
		*needs_clflush = 0;
	}

	if ((*needs_clflush & CLFLUSH_AFTER) == 0)
		obj->cache_dirty = true;

	intel_fb_obj_invalidate(obj, ORIGIN_CPU);
C
Chris Wilson 已提交
856
	obj->mm.dirty = true;
857
	/* return with the pages pinned */
858
	return 0;
859 860 861 862

err_unpin:
	i915_gem_object_unpin_pages(obj);
	return ret;
863 864
}

865 866 867 868
static void
shmem_clflush_swizzled_range(char *addr, unsigned long length,
			     bool swizzled)
{
869
	if (unlikely(swizzled)) {
870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886
		unsigned long start = (unsigned long) addr;
		unsigned long end = (unsigned long) addr + length;

		/* For swizzling simply ensure that we always flush both
		 * channels. Lame, but simple and it works. Swizzled
		 * pwrite/pread is far from a hotpath - current userspace
		 * doesn't use it at all. */
		start = round_down(start, 128);
		end = round_up(end, 128);

		drm_clflush_virt_range((void *)start, end - start);
	} else {
		drm_clflush_virt_range(addr, length);
	}

}

887 888 889
/* Only difference to the fast-path function is that this can handle bit17
 * and uses non-atomic copy and kmap functions. */
static int
890
shmem_pread_slow(struct page *page, int offset, int length,
891 892 893 894 895 896 897 898
		 char __user *user_data,
		 bool page_do_bit17_swizzling, bool needs_clflush)
{
	char *vaddr;
	int ret;

	vaddr = kmap(page);
	if (needs_clflush)
899
		shmem_clflush_swizzled_range(vaddr + offset, length,
900
					     page_do_bit17_swizzling);
901 902

	if (page_do_bit17_swizzling)
903
		ret = __copy_to_user_swizzled(user_data, vaddr, offset, length);
904
	else
905
		ret = __copy_to_user(user_data, vaddr + offset, length);
906 907
	kunmap(page);

908
	return ret ? - EFAULT : 0;
909 910
}

911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971 972 973 974 975 976 977 978 979 980 981 982 983 984 985 986
static int
shmem_pread(struct page *page, int offset, int length, char __user *user_data,
	    bool page_do_bit17_swizzling, bool needs_clflush)
{
	int ret;

	ret = -ENODEV;
	if (!page_do_bit17_swizzling) {
		char *vaddr = kmap_atomic(page);

		if (needs_clflush)
			drm_clflush_virt_range(vaddr + offset, length);
		ret = __copy_to_user_inatomic(user_data, vaddr + offset, length);
		kunmap_atomic(vaddr);
	}
	if (ret == 0)
		return 0;

	return shmem_pread_slow(page, offset, length, user_data,
				page_do_bit17_swizzling, needs_clflush);
}

static int
i915_gem_shmem_pread(struct drm_i915_gem_object *obj,
		     struct drm_i915_gem_pread *args)
{
	char __user *user_data;
	u64 remain;
	unsigned int obj_do_bit17_swizzling;
	unsigned int needs_clflush;
	unsigned int idx, offset;
	int ret;

	obj_do_bit17_swizzling = 0;
	if (i915_gem_object_needs_bit17_swizzle(obj))
		obj_do_bit17_swizzling = BIT(17);

	ret = mutex_lock_interruptible(&obj->base.dev->struct_mutex);
	if (ret)
		return ret;

	ret = i915_gem_obj_prepare_shmem_read(obj, &needs_clflush);
	mutex_unlock(&obj->base.dev->struct_mutex);
	if (ret)
		return ret;

	remain = args->size;
	user_data = u64_to_user_ptr(args->data_ptr);
	offset = offset_in_page(args->offset);
	for (idx = args->offset >> PAGE_SHIFT; remain; idx++) {
		struct page *page = i915_gem_object_get_page(obj, idx);
		int length;

		length = remain;
		if (offset + length > PAGE_SIZE)
			length = PAGE_SIZE - offset;

		ret = shmem_pread(page, offset, length, user_data,
				  page_to_phys(page) & obj_do_bit17_swizzling,
				  needs_clflush);
		if (ret)
			break;

		remain -= length;
		user_data += length;
		offset = 0;
	}

	i915_gem_obj_finish_shmem_access(obj);
	return ret;
}

static inline bool
gtt_user_read(struct io_mapping *mapping,
	      loff_t base, int offset,
	      char __user *user_data, int length)
987 988
{
	void *vaddr;
989
	unsigned long unwritten;
990 991

	/* We can use the cpu mem copy function because this is X86. */
992 993 994 995 996 997 998 999 1000
	vaddr = (void __force *)io_mapping_map_atomic_wc(mapping, base);
	unwritten = __copy_to_user_inatomic(user_data, vaddr + offset, length);
	io_mapping_unmap_atomic(vaddr);
	if (unwritten) {
		vaddr = (void __force *)
			io_mapping_map_wc(mapping, base, PAGE_SIZE);
		unwritten = copy_to_user(user_data, vaddr + offset, length);
		io_mapping_unmap(vaddr);
	}
1001 1002 1003 1004
	return unwritten;
}

static int
1005 1006
i915_gem_gtt_pread(struct drm_i915_gem_object *obj,
		   const struct drm_i915_gem_pread *args)
1007
{
1008 1009
	struct drm_i915_private *i915 = to_i915(obj->base.dev);
	struct i915_ggtt *ggtt = &i915->ggtt;
1010
	struct drm_mm_node node;
1011 1012 1013
	struct i915_vma *vma;
	void __user *user_data;
	u64 remain, offset;
1014 1015
	int ret;

1016 1017 1018 1019 1020 1021 1022
	ret = mutex_lock_interruptible(&i915->drm.struct_mutex);
	if (ret)
		return ret;

	intel_runtime_pm_get(i915);
	vma = i915_gem_object_ggtt_pin(obj, NULL, 0, 0,
				       PIN_MAPPABLE | PIN_NONBLOCK);
1023 1024 1025
	if (!IS_ERR(vma)) {
		node.start = i915_ggtt_offset(vma);
		node.allocated = false;
1026
		ret = i915_vma_put_fence(vma);
1027 1028 1029 1030 1031
		if (ret) {
			i915_vma_unpin(vma);
			vma = ERR_PTR(ret);
		}
	}
C
Chris Wilson 已提交
1032
	if (IS_ERR(vma)) {
1033
		ret = insert_mappable_node(ggtt, &node, PAGE_SIZE);
1034
		if (ret)
1035 1036
			goto out_unlock;
		GEM_BUG_ON(!node.allocated);
1037 1038 1039 1040 1041 1042
	}

	ret = i915_gem_object_set_to_gtt_domain(obj, false);
	if (ret)
		goto out_unpin;

1043
	mutex_unlock(&i915->drm.struct_mutex);
1044

1045 1046 1047
	user_data = u64_to_user_ptr(args->data_ptr);
	remain = args->size;
	offset = args->offset;
1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063

	while (remain > 0) {
		/* Operation in this page
		 *
		 * page_base = page offset within aperture
		 * page_offset = offset within page
		 * page_length = bytes to copy for this page
		 */
		u32 page_base = node.start;
		unsigned page_offset = offset_in_page(offset);
		unsigned page_length = PAGE_SIZE - page_offset;
		page_length = remain < page_length ? remain : page_length;
		if (node.allocated) {
			wmb();
			ggtt->base.insert_page(&ggtt->base,
					       i915_gem_object_get_dma_address(obj, offset >> PAGE_SHIFT),
1064
					       node.start, I915_CACHE_NONE, 0);
1065 1066 1067 1068
			wmb();
		} else {
			page_base += offset & PAGE_MASK;
		}
1069 1070 1071

		if (gtt_user_read(&ggtt->mappable, page_base, page_offset,
				  user_data, page_length)) {
1072 1073 1074 1075 1076 1077 1078 1079 1080
			ret = -EFAULT;
			break;
		}

		remain -= page_length;
		user_data += page_length;
		offset += page_length;
	}

1081
	mutex_lock(&i915->drm.struct_mutex);
1082 1083 1084 1085
out_unpin:
	if (node.allocated) {
		wmb();
		ggtt->base.clear_range(&ggtt->base,
1086
				       node.start, node.size);
1087 1088
		remove_mappable_node(&node);
	} else {
C
Chris Wilson 已提交
1089
		i915_vma_unpin(vma);
1090
	}
1091 1092 1093
out_unlock:
	intel_runtime_pm_put(i915);
	mutex_unlock(&i915->drm.struct_mutex);
1094

1095 1096 1097
	return ret;
}

1098 1099
/**
 * Reads data from the object referenced by handle.
1100 1101 1102
 * @dev: drm device pointer
 * @data: ioctl data blob
 * @file: drm file pointer
1103 1104 1105 1106 1107
 *
 * On error, the contents of *data are undefined.
 */
int
i915_gem_pread_ioctl(struct drm_device *dev, void *data,
1108
		     struct drm_file *file)
1109 1110
{
	struct drm_i915_gem_pread *args = data;
1111
	struct drm_i915_gem_object *obj;
1112
	int ret;
1113

1114 1115 1116 1117
	if (args->size == 0)
		return 0;

	if (!access_ok(VERIFY_WRITE,
1118
		       u64_to_user_ptr(args->data_ptr),
1119 1120 1121
		       args->size))
		return -EFAULT;

1122
	obj = i915_gem_object_lookup(file, args->handle);
1123 1124
	if (!obj)
		return -ENOENT;
1125

1126
	/* Bounds check source.  */
1127 1128
	if (args->offset > obj->base.size ||
	    args->size > obj->base.size - args->offset) {
C
Chris Wilson 已提交
1129
		ret = -EINVAL;
1130
		goto out;
C
Chris Wilson 已提交
1131 1132
	}

C
Chris Wilson 已提交
1133 1134
	trace_i915_gem_object_pread(obj, args->offset, args->size);

1135 1136 1137 1138
	ret = i915_gem_object_wait(obj,
				   I915_WAIT_INTERRUPTIBLE,
				   MAX_SCHEDULE_TIMEOUT,
				   to_rps_client(file));
1139
	if (ret)
1140
		goto out;
1141

1142
	ret = i915_gem_object_pin_pages(obj);
1143
	if (ret)
1144
		goto out;
1145

1146
	ret = i915_gem_shmem_pread(obj, args);
1147
	if (ret == -EFAULT || ret == -ENODEV)
1148
		ret = i915_gem_gtt_pread(obj, args);
1149

1150 1151
	i915_gem_object_unpin_pages(obj);
out:
C
Chris Wilson 已提交
1152
	i915_gem_object_put(obj);
1153
	return ret;
1154 1155
}

1156 1157
/* This is the fast write path which cannot handle
 * page faults in the source data
1158
 */
1159

1160 1161 1162 1163
static inline bool
ggtt_write(struct io_mapping *mapping,
	   loff_t base, int offset,
	   char __user *user_data, int length)
1164
{
1165
	void *vaddr;
1166
	unsigned long unwritten;
1167

1168
	/* We can use the cpu mem copy function because this is X86. */
1169 1170
	vaddr = (void __force *)io_mapping_map_atomic_wc(mapping, base);
	unwritten = __copy_from_user_inatomic_nocache(vaddr + offset,
1171
						      user_data, length);
1172 1173 1174 1175 1176 1177 1178
	io_mapping_unmap_atomic(vaddr);
	if (unwritten) {
		vaddr = (void __force *)
			io_mapping_map_wc(mapping, base, PAGE_SIZE);
		unwritten = copy_from_user(vaddr + offset, user_data, length);
		io_mapping_unmap(vaddr);
	}
1179 1180 1181 1182

	return unwritten;
}

1183 1184 1185
/**
 * This is the fast pwrite path, where we copy the data directly from the
 * user into the GTT, uncached.
1186
 * @obj: i915 GEM object
1187
 * @args: pwrite arguments structure
1188
 */
1189
static int
1190 1191
i915_gem_gtt_pwrite_fast(struct drm_i915_gem_object *obj,
			 const struct drm_i915_gem_pwrite *args)
1192
{
1193
	struct drm_i915_private *i915 = to_i915(obj->base.dev);
1194 1195
	struct i915_ggtt *ggtt = &i915->ggtt;
	struct drm_mm_node node;
1196 1197 1198
	struct i915_vma *vma;
	u64 remain, offset;
	void __user *user_data;
1199
	int ret;
1200

1201 1202 1203
	ret = mutex_lock_interruptible(&i915->drm.struct_mutex);
	if (ret)
		return ret;
D
Daniel Vetter 已提交
1204

1205
	intel_runtime_pm_get(i915);
C
Chris Wilson 已提交
1206
	vma = i915_gem_object_ggtt_pin(obj, NULL, 0, 0,
1207
				       PIN_MAPPABLE | PIN_NONBLOCK);
1208 1209 1210
	if (!IS_ERR(vma)) {
		node.start = i915_ggtt_offset(vma);
		node.allocated = false;
1211
		ret = i915_vma_put_fence(vma);
1212 1213 1214 1215 1216
		if (ret) {
			i915_vma_unpin(vma);
			vma = ERR_PTR(ret);
		}
	}
C
Chris Wilson 已提交
1217
	if (IS_ERR(vma)) {
1218
		ret = insert_mappable_node(ggtt, &node, PAGE_SIZE);
1219
		if (ret)
1220 1221
			goto out_unlock;
		GEM_BUG_ON(!node.allocated);
1222
	}
D
Daniel Vetter 已提交
1223 1224 1225 1226 1227

	ret = i915_gem_object_set_to_gtt_domain(obj, true);
	if (ret)
		goto out_unpin;

1228 1229
	mutex_unlock(&i915->drm.struct_mutex);

1230
	intel_fb_obj_invalidate(obj, ORIGIN_CPU);
1231

1232 1233 1234 1235
	user_data = u64_to_user_ptr(args->data_ptr);
	offset = args->offset;
	remain = args->size;
	while (remain) {
1236 1237
		/* Operation in this page
		 *
1238 1239 1240
		 * page_base = page offset within aperture
		 * page_offset = offset within page
		 * page_length = bytes to copy for this page
1241
		 */
1242
		u32 page_base = node.start;
1243 1244
		unsigned int page_offset = offset_in_page(offset);
		unsigned int page_length = PAGE_SIZE - page_offset;
1245 1246 1247 1248 1249 1250 1251 1252 1253 1254
		page_length = remain < page_length ? remain : page_length;
		if (node.allocated) {
			wmb(); /* flush the write before we modify the GGTT */
			ggtt->base.insert_page(&ggtt->base,
					       i915_gem_object_get_dma_address(obj, offset >> PAGE_SHIFT),
					       node.start, I915_CACHE_NONE, 0);
			wmb(); /* flush modifications to the GGTT (insert_page) */
		} else {
			page_base += offset & PAGE_MASK;
		}
1255
		/* If we get a fault while copying data, then (presumably) our
1256 1257
		 * source page isn't available.  Return the error and we'll
		 * retry in the slow path.
1258 1259
		 * If the object is non-shmem backed, we retry again with the
		 * path that handles page fault.
1260
		 */
1261 1262 1263 1264
		if (ggtt_write(&ggtt->mappable, page_base, page_offset,
			       user_data, page_length)) {
			ret = -EFAULT;
			break;
D
Daniel Vetter 已提交
1265
		}
1266

1267 1268 1269
		remain -= page_length;
		user_data += page_length;
		offset += page_length;
1270
	}
1271
	intel_fb_obj_flush(obj, false, ORIGIN_CPU);
1272 1273

	mutex_lock(&i915->drm.struct_mutex);
D
Daniel Vetter 已提交
1274
out_unpin:
1275 1276 1277
	if (node.allocated) {
		wmb();
		ggtt->base.clear_range(&ggtt->base,
1278
				       node.start, node.size);
1279 1280
		remove_mappable_node(&node);
	} else {
C
Chris Wilson 已提交
1281
		i915_vma_unpin(vma);
1282
	}
1283
out_unlock:
1284
	intel_runtime_pm_put(i915);
1285
	mutex_unlock(&i915->drm.struct_mutex);
1286
	return ret;
1287 1288
}

1289
static int
1290
shmem_pwrite_slow(struct page *page, int offset, int length,
1291 1292 1293 1294
		  char __user *user_data,
		  bool page_do_bit17_swizzling,
		  bool needs_clflush_before,
		  bool needs_clflush_after)
1295
{
1296 1297
	char *vaddr;
	int ret;
1298

1299
	vaddr = kmap(page);
1300
	if (unlikely(needs_clflush_before || page_do_bit17_swizzling))
1301
		shmem_clflush_swizzled_range(vaddr + offset, length,
1302
					     page_do_bit17_swizzling);
1303
	if (page_do_bit17_swizzling)
1304 1305
		ret = __copy_from_user_swizzled(vaddr, offset, user_data,
						length);
1306
	else
1307
		ret = __copy_from_user(vaddr + offset, user_data, length);
1308
	if (needs_clflush_after)
1309
		shmem_clflush_swizzled_range(vaddr + offset, length,
1310
					     page_do_bit17_swizzling);
1311
	kunmap(page);
1312

1313
	return ret ? -EFAULT : 0;
1314 1315
}

1316 1317 1318 1319 1320
/* Per-page copy function for the shmem pwrite fastpath.
 * Flushes invalid cachelines before writing to the target if
 * needs_clflush_before is set and flushes out any written cachelines after
 * writing if needs_clflush is set.
 */
1321
static int
1322 1323 1324 1325
shmem_pwrite(struct page *page, int offset, int len, char __user *user_data,
	     bool page_do_bit17_swizzling,
	     bool needs_clflush_before,
	     bool needs_clflush_after)
1326
{
1327 1328 1329 1330 1331 1332 1333 1334 1335 1336 1337 1338 1339 1340 1341 1342 1343 1344 1345 1346 1347 1348 1349 1350 1351 1352 1353 1354 1355 1356 1357 1358
	int ret;

	ret = -ENODEV;
	if (!page_do_bit17_swizzling) {
		char *vaddr = kmap_atomic(page);

		if (needs_clflush_before)
			drm_clflush_virt_range(vaddr + offset, len);
		ret = __copy_from_user_inatomic(vaddr + offset, user_data, len);
		if (needs_clflush_after)
			drm_clflush_virt_range(vaddr + offset, len);

		kunmap_atomic(vaddr);
	}
	if (ret == 0)
		return ret;

	return shmem_pwrite_slow(page, offset, len, user_data,
				 page_do_bit17_swizzling,
				 needs_clflush_before,
				 needs_clflush_after);
}

static int
i915_gem_shmem_pwrite(struct drm_i915_gem_object *obj,
		      const struct drm_i915_gem_pwrite *args)
{
	struct drm_i915_private *i915 = to_i915(obj->base.dev);
	void __user *user_data;
	u64 remain;
	unsigned int obj_do_bit17_swizzling;
	unsigned int partial_cacheline_write;
1359
	unsigned int needs_clflush;
1360 1361
	unsigned int offset, idx;
	int ret;
1362

1363
	ret = mutex_lock_interruptible(&i915->drm.struct_mutex);
1364 1365 1366
	if (ret)
		return ret;

1367 1368 1369 1370
	ret = i915_gem_obj_prepare_shmem_write(obj, &needs_clflush);
	mutex_unlock(&i915->drm.struct_mutex);
	if (ret)
		return ret;
1371

1372 1373 1374
	obj_do_bit17_swizzling = 0;
	if (i915_gem_object_needs_bit17_swizzle(obj))
		obj_do_bit17_swizzling = BIT(17);
1375

1376 1377 1378 1379 1380 1381 1382
	/* If we don't overwrite a cacheline completely we need to be
	 * careful to have up-to-date data by first clflushing. Don't
	 * overcomplicate things and flush the entire patch.
	 */
	partial_cacheline_write = 0;
	if (needs_clflush & CLFLUSH_BEFORE)
		partial_cacheline_write = boot_cpu_data.x86_clflush_size - 1;
1383

1384 1385 1386 1387 1388 1389
	user_data = u64_to_user_ptr(args->data_ptr);
	remain = args->size;
	offset = offset_in_page(args->offset);
	for (idx = args->offset >> PAGE_SHIFT; remain; idx++) {
		struct page *page = i915_gem_object_get_page(obj, idx);
		int length;
1390

1391 1392 1393
		length = remain;
		if (offset + length > PAGE_SIZE)
			length = PAGE_SIZE - offset;
1394

1395 1396 1397 1398
		ret = shmem_pwrite(page, offset, length, user_data,
				   page_to_phys(page) & obj_do_bit17_swizzling,
				   (offset | length) & partial_cacheline_write,
				   needs_clflush & CLFLUSH_AFTER);
1399
		if (ret)
1400
			break;
1401

1402 1403 1404
		remain -= length;
		user_data += length;
		offset = 0;
1405
	}
1406

1407
	intel_fb_obj_flush(obj, false, ORIGIN_CPU);
1408
	i915_gem_obj_finish_shmem_access(obj);
1409
	return ret;
1410 1411 1412 1413
}

/**
 * Writes data to the object referenced by handle.
1414 1415 1416
 * @dev: drm device
 * @data: ioctl data blob
 * @file: drm file
1417 1418 1419 1420 1421
 *
 * On error, the contents of the buffer that were to be modified are undefined.
 */
int
i915_gem_pwrite_ioctl(struct drm_device *dev, void *data,
1422
		      struct drm_file *file)
1423 1424
{
	struct drm_i915_gem_pwrite *args = data;
1425
	struct drm_i915_gem_object *obj;
1426 1427 1428 1429 1430 1431
	int ret;

	if (args->size == 0)
		return 0;

	if (!access_ok(VERIFY_READ,
1432
		       u64_to_user_ptr(args->data_ptr),
1433 1434 1435
		       args->size))
		return -EFAULT;

1436
	obj = i915_gem_object_lookup(file, args->handle);
1437 1438
	if (!obj)
		return -ENOENT;
1439

1440
	/* Bounds check destination. */
1441 1442
	if (args->offset > obj->base.size ||
	    args->size > obj->base.size - args->offset) {
C
Chris Wilson 已提交
1443
		ret = -EINVAL;
1444
		goto err;
C
Chris Wilson 已提交
1445 1446
	}

C
Chris Wilson 已提交
1447 1448
	trace_i915_gem_object_pwrite(obj, args->offset, args->size);

1449 1450 1451 1452 1453
	ret = i915_gem_object_wait(obj,
				   I915_WAIT_INTERRUPTIBLE |
				   I915_WAIT_ALL,
				   MAX_SCHEDULE_TIMEOUT,
				   to_rps_client(file));
1454 1455 1456
	if (ret)
		goto err;

1457
	ret = i915_gem_object_pin_pages(obj);
1458
	if (ret)
1459
		goto err;
1460

D
Daniel Vetter 已提交
1461
	ret = -EFAULT;
1462 1463 1464 1465 1466 1467
	/* We can only do the GTT pwrite on untiled buffers, as otherwise
	 * it would end up going through the fenced access, and we'll get
	 * different detiling behavior between reading and writing.
	 * pread/pwrite currently are reading and writing from the CPU
	 * perspective, requiring manual detiling by the client.
	 */
1468
	if (!i915_gem_object_has_struct_page(obj) ||
1469
	    cpu_write_needs_clflush(obj))
D
Daniel Vetter 已提交
1470 1471
		/* Note that the gtt paths might fail with non-page-backed user
		 * pointers (e.g. gtt mappings when moving data between
1472 1473
		 * textures). Fallback to the shmem path in that case.
		 */
1474
		ret = i915_gem_gtt_pwrite_fast(obj, args);
1475

1476
	if (ret == -EFAULT || ret == -ENOSPC) {
1477 1478
		if (obj->phys_handle)
			ret = i915_gem_phys_pwrite(obj, args, file);
1479
		else
1480
			ret = i915_gem_shmem_pwrite(obj, args);
1481
	}
1482

1483
	i915_gem_object_unpin_pages(obj);
1484
err:
C
Chris Wilson 已提交
1485
	i915_gem_object_put(obj);
1486
	return ret;
1487 1488
}

1489
static inline enum fb_op_origin
1490 1491
write_origin(struct drm_i915_gem_object *obj, unsigned domain)
{
1492 1493
	return (domain == I915_GEM_DOMAIN_GTT ?
		obj->frontbuffer_ggtt_origin : ORIGIN_CPU);
1494 1495
}

1496 1497 1498 1499 1500 1501 1502 1503 1504 1505 1506 1507 1508 1509 1510 1511 1512 1513 1514 1515 1516
static void i915_gem_object_bump_inactive_ggtt(struct drm_i915_gem_object *obj)
{
	struct drm_i915_private *i915;
	struct list_head *list;
	struct i915_vma *vma;

	list_for_each_entry(vma, &obj->vma_list, obj_link) {
		if (!i915_vma_is_ggtt(vma))
			continue;

		if (i915_vma_is_active(vma))
			continue;

		if (!drm_mm_node_allocated(&vma->node))
			continue;

		list_move_tail(&vma->vm_link, &vma->vm->inactive_list);
	}

	i915 = to_i915(obj->base.dev);
	list = obj->bind_count ? &i915->mm.bound_list : &i915->mm.unbound_list;
1517
	list_move_tail(&obj->global_link, list);
1518 1519
}

1520
/**
1521 1522
 * Called when user space prepares to use an object with the CPU, either
 * through the mmap ioctl's mapping or a GTT mapping.
1523 1524 1525
 * @dev: drm device
 * @data: ioctl data blob
 * @file: drm file
1526 1527 1528
 */
int
i915_gem_set_domain_ioctl(struct drm_device *dev, void *data,
1529
			  struct drm_file *file)
1530 1531
{
	struct drm_i915_gem_set_domain *args = data;
1532
	struct drm_i915_gem_object *obj;
1533 1534
	uint32_t read_domains = args->read_domains;
	uint32_t write_domain = args->write_domain;
1535
	int err;
1536

1537
	/* Only handle setting domains to types used by the CPU. */
1538
	if ((write_domain | read_domains) & I915_GEM_GPU_DOMAINS)
1539 1540 1541 1542 1543 1544 1545 1546
		return -EINVAL;

	/* Having something in the write domain implies it's in the read
	 * domain, and only that read domain.  Enforce that in the request.
	 */
	if (write_domain != 0 && read_domains != write_domain)
		return -EINVAL;

1547
	obj = i915_gem_object_lookup(file, args->handle);
1548 1549
	if (!obj)
		return -ENOENT;
1550

1551 1552 1553 1554
	/* Try to flush the object off the GPU without holding the lock.
	 * We will repeat the flush holding the lock in the normal manner
	 * to catch cases where we are gazumped.
	 */
1555
	err = i915_gem_object_wait(obj,
1556 1557 1558 1559
				   I915_WAIT_INTERRUPTIBLE |
				   (write_domain ? I915_WAIT_ALL : 0),
				   MAX_SCHEDULE_TIMEOUT,
				   to_rps_client(file));
1560
	if (err)
C
Chris Wilson 已提交
1561
		goto out;
1562

1563 1564 1565 1566 1567 1568 1569 1570 1571 1572
	/* Flush and acquire obj->pages so that we are coherent through
	 * direct access in memory with previous cached writes through
	 * shmemfs and that our cache domain tracking remains valid.
	 * For example, if the obj->filp was moved to swap without us
	 * being notified and releasing the pages, we would mistakenly
	 * continue to assume that the obj remained out of the CPU cached
	 * domain.
	 */
	err = i915_gem_object_pin_pages(obj);
	if (err)
C
Chris Wilson 已提交
1573
		goto out;
1574 1575 1576

	err = i915_mutex_lock_interruptible(dev);
	if (err)
C
Chris Wilson 已提交
1577
		goto out_unpin;
1578

1579
	if (read_domains & I915_GEM_DOMAIN_GTT)
1580
		err = i915_gem_object_set_to_gtt_domain(obj, write_domain != 0);
1581
	else
1582
		err = i915_gem_object_set_to_cpu_domain(obj, write_domain != 0);
1583

1584 1585
	/* And bump the LRU for this access */
	i915_gem_object_bump_inactive_ggtt(obj);
1586

1587
	mutex_unlock(&dev->struct_mutex);
1588

1589 1590 1591
	if (write_domain != 0)
		intel_fb_obj_invalidate(obj, write_origin(obj, write_domain));

C
Chris Wilson 已提交
1592
out_unpin:
1593
	i915_gem_object_unpin_pages(obj);
C
Chris Wilson 已提交
1594 1595
out:
	i915_gem_object_put(obj);
1596
	return err;
1597 1598 1599 1600
}

/**
 * Called when user space has done writes to this buffer
1601 1602 1603
 * @dev: drm device
 * @data: ioctl data blob
 * @file: drm file
1604 1605 1606
 */
int
i915_gem_sw_finish_ioctl(struct drm_device *dev, void *data,
1607
			 struct drm_file *file)
1608 1609
{
	struct drm_i915_gem_sw_finish *args = data;
1610
	struct drm_i915_gem_object *obj;
1611
	int err = 0;
1612

1613
	obj = i915_gem_object_lookup(file, args->handle);
1614 1615
	if (!obj)
		return -ENOENT;
1616 1617

	/* Pinned buffers may be scanout, so flush the cache */
1618 1619 1620 1621 1622 1623 1624
	if (READ_ONCE(obj->pin_display)) {
		err = i915_mutex_lock_interruptible(dev);
		if (!err) {
			i915_gem_object_flush_cpu_write_domain(obj);
			mutex_unlock(&dev->struct_mutex);
		}
	}
1625

C
Chris Wilson 已提交
1626
	i915_gem_object_put(obj);
1627
	return err;
1628 1629 1630
}

/**
1631 1632 1633 1634 1635
 * i915_gem_mmap_ioctl - Maps the contents of an object, returning the address
 *			 it is mapped to.
 * @dev: drm device
 * @data: ioctl data blob
 * @file: drm file
1636 1637 1638
 *
 * While the mapping holds a reference on the contents of the object, it doesn't
 * imply a ref on the object itself.
1639 1640 1641 1642 1643 1644 1645 1646 1647 1648
 *
 * IMPORTANT:
 *
 * DRM driver writers who look a this function as an example for how to do GEM
 * mmap support, please don't implement mmap support like here. The modern way
 * to implement DRM mmap support is with an mmap offset ioctl (like
 * i915_gem_mmap_gtt) and then using the mmap syscall on the DRM fd directly.
 * That way debug tooling like valgrind will understand what's going on, hiding
 * the mmap call in a driver private ioctl will break that. The i915 driver only
 * does cpu mmaps this way because we didn't know better.
1649 1650 1651
 */
int
i915_gem_mmap_ioctl(struct drm_device *dev, void *data,
1652
		    struct drm_file *file)
1653 1654
{
	struct drm_i915_gem_mmap *args = data;
1655
	struct drm_i915_gem_object *obj;
1656 1657
	unsigned long addr;

1658 1659 1660
	if (args->flags & ~(I915_MMAP_WC))
		return -EINVAL;

1661
	if (args->flags & I915_MMAP_WC && !boot_cpu_has(X86_FEATURE_PAT))
1662 1663
		return -ENODEV;

1664 1665
	obj = i915_gem_object_lookup(file, args->handle);
	if (!obj)
1666
		return -ENOENT;
1667

1668 1669 1670
	/* prime objects have no backing filp to GEM mmap
	 * pages from.
	 */
1671
	if (!obj->base.filp) {
C
Chris Wilson 已提交
1672
		i915_gem_object_put(obj);
1673 1674 1675
		return -EINVAL;
	}

1676
	addr = vm_mmap(obj->base.filp, 0, args->size,
1677 1678
		       PROT_READ | PROT_WRITE, MAP_SHARED,
		       args->offset);
1679 1680 1681 1682
	if (args->flags & I915_MMAP_WC) {
		struct mm_struct *mm = current->mm;
		struct vm_area_struct *vma;

1683
		if (down_write_killable(&mm->mmap_sem)) {
C
Chris Wilson 已提交
1684
			i915_gem_object_put(obj);
1685 1686
			return -EINTR;
		}
1687 1688 1689 1690 1691 1692 1693
		vma = find_vma(mm, addr);
		if (vma)
			vma->vm_page_prot =
				pgprot_writecombine(vm_get_page_prot(vma->vm_flags));
		else
			addr = -ENOMEM;
		up_write(&mm->mmap_sem);
1694 1695

		/* This may race, but that's ok, it only gets set */
1696
		WRITE_ONCE(obj->frontbuffer_ggtt_origin, ORIGIN_CPU);
1697
	}
C
Chris Wilson 已提交
1698
	i915_gem_object_put(obj);
1699 1700 1701 1702 1703 1704 1705 1706
	if (IS_ERR((void *)addr))
		return addr;

	args->addr_ptr = (uint64_t) addr;

	return 0;
}

1707 1708 1709 1710 1711 1712 1713 1714 1715 1716
static unsigned int tile_row_pages(struct drm_i915_gem_object *obj)
{
	u64 size;

	size = i915_gem_object_get_stride(obj);
	size *= i915_gem_object_get_tiling(obj) == I915_TILING_Y ? 32 : 8;

	return size >> PAGE_SHIFT;
}

1717 1718 1719 1720 1721 1722 1723 1724 1725 1726 1727 1728 1729 1730 1731 1732 1733 1734 1735 1736 1737 1738 1739 1740 1741 1742 1743 1744 1745 1746 1747 1748 1749 1750 1751 1752 1753 1754 1755 1756 1757 1758 1759 1760 1761 1762 1763 1764 1765 1766
/**
 * i915_gem_mmap_gtt_version - report the current feature set for GTT mmaps
 *
 * A history of the GTT mmap interface:
 *
 * 0 - Everything had to fit into the GTT. Both parties of a memcpy had to
 *     aligned and suitable for fencing, and still fit into the available
 *     mappable space left by the pinned display objects. A classic problem
 *     we called the page-fault-of-doom where we would ping-pong between
 *     two objects that could not fit inside the GTT and so the memcpy
 *     would page one object in at the expense of the other between every
 *     single byte.
 *
 * 1 - Objects can be any size, and have any compatible fencing (X Y, or none
 *     as set via i915_gem_set_tiling() [DRM_I915_GEM_SET_TILING]). If the
 *     object is too large for the available space (or simply too large
 *     for the mappable aperture!), a view is created instead and faulted
 *     into userspace. (This view is aligned and sized appropriately for
 *     fenced access.)
 *
 * Restrictions:
 *
 *  * snoopable objects cannot be accessed via the GTT. It can cause machine
 *    hangs on some architectures, corruption on others. An attempt to service
 *    a GTT page fault from a snoopable object will generate a SIGBUS.
 *
 *  * the object must be able to fit into RAM (physical memory, though no
 *    limited to the mappable aperture).
 *
 *
 * Caveats:
 *
 *  * a new GTT page fault will synchronize rendering from the GPU and flush
 *    all data to system memory. Subsequent access will not be synchronized.
 *
 *  * all mappings are revoked on runtime device suspend.
 *
 *  * there are only 8, 16 or 32 fence registers to share between all users
 *    (older machines require fence register for display and blitter access
 *    as well). Contention of the fence registers will cause the previous users
 *    to be unmapped and any new access will generate new page faults.
 *
 *  * running out of memory while servicing a fault may generate a SIGBUS,
 *    rather than the expected SIGSEGV.
 */
int i915_gem_mmap_gtt_version(void)
{
	return 1;
}

1767 1768
/**
 * i915_gem_fault - fault a page into the GTT
C
Chris Wilson 已提交
1769
 * @area: CPU VMA in question
1770
 * @vmf: fault info
1771 1772 1773 1774 1775 1776 1777 1778 1779 1780 1781
 *
 * The fault handler is set up by drm_gem_mmap() when a object is GTT mapped
 * from userspace.  The fault handler takes care of binding the object to
 * the GTT (if needed), allocating and programming a fence register (again,
 * only if needed based on whether the old reg is still valid or the object
 * is tiled) and inserting a new PTE into the faulting process.
 *
 * Note that the faulting process may involve evicting existing objects
 * from the GTT and/or fence registers to make room.  So performance may
 * suffer if the GTT working set is large or there are few fence registers
 * left.
1782 1783 1784
 *
 * The current feature set supported by i915_gem_fault() and thus GTT mmaps
 * is exposed via I915_PARAM_MMAP_GTT_VERSION (see i915_gem_mmap_gtt_version).
1785
 */
C
Chris Wilson 已提交
1786
int i915_gem_fault(struct vm_area_struct *area, struct vm_fault *vmf)
1787
{
1788
#define MIN_CHUNK_PAGES ((1 << 20) >> PAGE_SHIFT) /* 1 MiB */
C
Chris Wilson 已提交
1789
	struct drm_i915_gem_object *obj = to_intel_bo(area->vm_private_data);
1790
	struct drm_device *dev = obj->base.dev;
1791 1792
	struct drm_i915_private *dev_priv = to_i915(dev);
	struct i915_ggtt *ggtt = &dev_priv->ggtt;
1793
	bool write = !!(vmf->flags & FAULT_FLAG_WRITE);
C
Chris Wilson 已提交
1794
	struct i915_vma *vma;
1795
	pgoff_t page_offset;
1796
	unsigned int flags;
1797
	int ret;
1798

1799
	/* We don't use vmf->pgoff since that has the fake offset */
C
Chris Wilson 已提交
1800
	page_offset = ((unsigned long)vmf->virtual_address - area->vm_start) >>
1801 1802
		PAGE_SHIFT;

C
Chris Wilson 已提交
1803 1804
	trace_i915_gem_object_fault(obj, page_offset, true, write);

1805
	/* Try to flush the object off the GPU first without holding the lock.
1806
	 * Upon acquiring the lock, we will perform our sanity checks and then
1807 1808 1809
	 * repeat the flush holding the lock in the normal manner to catch cases
	 * where we are gazumped.
	 */
1810 1811 1812 1813
	ret = i915_gem_object_wait(obj,
				   I915_WAIT_INTERRUPTIBLE,
				   MAX_SCHEDULE_TIMEOUT,
				   NULL);
1814
	if (ret)
1815 1816
		goto err;

1817 1818 1819 1820
	ret = i915_gem_object_pin_pages(obj);
	if (ret)
		goto err;

1821 1822 1823 1824 1825
	intel_runtime_pm_get(dev_priv);

	ret = i915_mutex_lock_interruptible(dev);
	if (ret)
		goto err_rpm;
1826

1827
	/* Access to snoopable pages through the GTT is incoherent. */
1828
	if (obj->cache_level != I915_CACHE_NONE && !HAS_LLC(dev_priv)) {
1829
		ret = -EFAULT;
1830
		goto err_unlock;
1831 1832
	}

1833 1834 1835 1836 1837 1838 1839 1840
	/* If the object is smaller than a couple of partial vma, it is
	 * not worth only creating a single partial vma - we may as well
	 * clear enough space for the full object.
	 */
	flags = PIN_MAPPABLE;
	if (obj->base.size > 2 * MIN_CHUNK_PAGES << PAGE_SHIFT)
		flags |= PIN_NONBLOCK | PIN_NONFAULT;

1841
	/* Now pin it into the GTT as needed */
1842
	vma = i915_gem_object_ggtt_pin(obj, NULL, 0, 0, flags);
1843 1844
	if (IS_ERR(vma)) {
		struct i915_ggtt_view view;
1845 1846
		unsigned int chunk_size;

1847
		/* Use a partial view if it is bigger than available space */
1848 1849
		chunk_size = MIN_CHUNK_PAGES;
		if (i915_gem_object_is_tiled(obj))
1850
			chunk_size = roundup(chunk_size, tile_row_pages(obj));
1851

1852 1853 1854 1855
		memset(&view, 0, sizeof(view));
		view.type = I915_GGTT_VIEW_PARTIAL;
		view.params.partial.offset = rounddown(page_offset, chunk_size);
		view.params.partial.size =
1856
			min_t(unsigned int, chunk_size,
1857
			      vma_pages(area) - view.params.partial.offset);
1858

1859 1860 1861 1862 1863 1864
		/* If the partial covers the entire object, just create a
		 * normal VMA.
		 */
		if (chunk_size >= obj->base.size >> PAGE_SHIFT)
			view.type = I915_GGTT_VIEW_NORMAL;

1865 1866 1867 1868 1869
		/* Userspace is now writing through an untracked VMA, abandon
		 * all hope that the hardware is able to track future writes.
		 */
		obj->frontbuffer_ggtt_origin = ORIGIN_CPU;

1870 1871
		vma = i915_gem_object_ggtt_pin(obj, &view, 0, 0, PIN_MAPPABLE);
	}
C
Chris Wilson 已提交
1872 1873
	if (IS_ERR(vma)) {
		ret = PTR_ERR(vma);
1874
		goto err_unlock;
C
Chris Wilson 已提交
1875
	}
1876

1877 1878
	ret = i915_gem_object_set_to_gtt_domain(obj, write);
	if (ret)
1879
		goto err_unpin;
1880

1881
	ret = i915_vma_get_fence(vma);
1882
	if (ret)
1883
		goto err_unpin;
1884

1885
	/* Mark as being mmapped into userspace for later revocation */
1886
	assert_rpm_wakelock_held(dev_priv);
1887 1888 1889
	if (list_empty(&obj->userfault_link))
		list_add(&obj->userfault_link, &dev_priv->mm.userfault_list);

1890
	/* Finally, remap it using the new GTT offset */
1891 1892 1893 1894 1895
	ret = remap_io_mapping(area,
			       area->vm_start + (vma->ggtt_view.params.partial.offset << PAGE_SHIFT),
			       (ggtt->mappable_base + vma->node.start) >> PAGE_SHIFT,
			       min_t(u64, vma->size, area->vm_end - area->vm_start),
			       &ggtt->mappable);
1896

1897
err_unpin:
C
Chris Wilson 已提交
1898
	__i915_vma_unpin(vma);
1899
err_unlock:
1900
	mutex_unlock(&dev->struct_mutex);
1901 1902
err_rpm:
	intel_runtime_pm_put(dev_priv);
1903
	i915_gem_object_unpin_pages(obj);
1904
err:
1905
	switch (ret) {
1906
	case -EIO:
1907 1908 1909 1910 1911 1912 1913
		/*
		 * We eat errors when the gpu is terminally wedged to avoid
		 * userspace unduly crashing (gl has no provisions for mmaps to
		 * fail). But any other -EIO isn't ours (e.g. swap in failure)
		 * and so needs to be reported.
		 */
		if (!i915_terminally_wedged(&dev_priv->gpu_error)) {
1914 1915 1916
			ret = VM_FAULT_SIGBUS;
			break;
		}
1917
	case -EAGAIN:
D
Daniel Vetter 已提交
1918 1919 1920 1921
		/*
		 * EAGAIN means the gpu is hung and we'll wait for the error
		 * handler to reset everything when re-faulting in
		 * i915_mutex_lock_interruptible.
1922
		 */
1923 1924
	case 0:
	case -ERESTARTSYS:
1925
	case -EINTR:
1926 1927 1928 1929 1930
	case -EBUSY:
		/*
		 * EBUSY is ok: this just means that another thread
		 * already did the job.
		 */
1931 1932
		ret = VM_FAULT_NOPAGE;
		break;
1933
	case -ENOMEM:
1934 1935
		ret = VM_FAULT_OOM;
		break;
1936
	case -ENOSPC:
1937
	case -EFAULT:
1938 1939
		ret = VM_FAULT_SIGBUS;
		break;
1940
	default:
1941
		WARN_ONCE(ret, "unhandled error in i915_gem_fault: %i\n", ret);
1942 1943
		ret = VM_FAULT_SIGBUS;
		break;
1944
	}
1945
	return ret;
1946 1947
}

1948 1949 1950 1951
/**
 * i915_gem_release_mmap - remove physical page mappings
 * @obj: obj in question
 *
1952
 * Preserve the reservation of the mmapping with the DRM core code, but
1953 1954 1955 1956 1957 1958 1959 1960 1961
 * relinquish ownership of the pages back to the system.
 *
 * It is vital that we remove the page mapping if we have mapped a tiled
 * object through the GTT and then lose the fence register due to
 * resource pressure. Similarly if the object has been moved out of the
 * aperture, than pages mapped into userspace must be revoked. Removing the
 * mapping will then trigger a page fault on the next user access, allowing
 * fixup by i915_gem_fault().
 */
1962
void
1963
i915_gem_release_mmap(struct drm_i915_gem_object *obj)
1964
{
1965 1966
	struct drm_i915_private *i915 = to_i915(obj->base.dev);

1967 1968 1969
	/* Serialisation between user GTT access and our code depends upon
	 * revoking the CPU's PTE whilst the mutex is held. The next user
	 * pagefault then has to wait until we release the mutex.
1970 1971 1972 1973
	 *
	 * Note that RPM complicates somewhat by adding an additional
	 * requirement that operations to the GGTT be made holding the RPM
	 * wakeref.
1974
	 */
1975
	lockdep_assert_held(&i915->drm.struct_mutex);
1976
	intel_runtime_pm_get(i915);
1977

1978
	if (list_empty(&obj->userfault_link))
1979
		goto out;
1980

1981
	list_del_init(&obj->userfault_link);
1982 1983
	drm_vma_node_unmap(&obj->base.vma_node,
			   obj->base.dev->anon_inode->i_mapping);
1984 1985 1986 1987 1988 1989 1990 1991 1992

	/* Ensure that the CPU's PTE are revoked and there are not outstanding
	 * memory transactions from userspace before we return. The TLB
	 * flushing implied above by changing the PTE above *should* be
	 * sufficient, an extra barrier here just provides us with a bit
	 * of paranoid documentation about our requirement to serialise
	 * memory writes before touching registers / GSM.
	 */
	wmb();
1993 1994 1995

out:
	intel_runtime_pm_put(i915);
1996 1997
}

1998
void i915_gem_runtime_suspend(struct drm_i915_private *dev_priv)
1999
{
2000
	struct drm_i915_gem_object *obj, *on;
2001
	int i;
2002

2003 2004 2005 2006 2007 2008
	/*
	 * Only called during RPM suspend. All users of the userfault_list
	 * must be holding an RPM wakeref to ensure that this can not
	 * run concurrently with themselves (and use the struct_mutex for
	 * protection between themselves).
	 */
2009

2010 2011 2012
	list_for_each_entry_safe(obj, on,
				 &dev_priv->mm.userfault_list, userfault_link) {
		list_del_init(&obj->userfault_link);
2013 2014 2015
		drm_vma_node_unmap(&obj->base.vma_node,
				   obj->base.dev->anon_inode->i_mapping);
	}
2016 2017 2018 2019 2020 2021 2022 2023 2024 2025 2026 2027 2028 2029 2030 2031 2032

	/* The fence will be lost when the device powers down. If any were
	 * in use by hardware (i.e. they are pinned), we should not be powering
	 * down! All other fences will be reacquired by the user upon waking.
	 */
	for (i = 0; i < dev_priv->num_fence_regs; i++) {
		struct drm_i915_fence_reg *reg = &dev_priv->fence_regs[i];

		if (WARN_ON(reg->pin_count))
			continue;

		if (!reg->vma)
			continue;

		GEM_BUG_ON(!list_empty(&reg->vma->obj->userfault_link));
		reg->dirty = true;
	}
2033 2034
}

2035 2036
/**
 * i915_gem_get_ggtt_size - return required global GTT size for an object
2037
 * @dev_priv: i915 device
2038 2039 2040 2041 2042 2043
 * @size: object size
 * @tiling_mode: tiling mode
 *
 * Return the required global GTT size for an object, taking into account
 * potential fence register mapping.
 */
2044 2045
u64 i915_gem_get_ggtt_size(struct drm_i915_private *dev_priv,
			   u64 size, int tiling_mode)
2046
{
2047
	u64 ggtt_size;
2048

2049 2050
	GEM_BUG_ON(size == 0);

2051
	if (INTEL_GEN(dev_priv) >= 4 ||
2052 2053
	    tiling_mode == I915_TILING_NONE)
		return size;
2054 2055

	/* Previous chips need a power-of-two fence region when tiling */
2056
	if (IS_GEN3(dev_priv))
2057
		ggtt_size = 1024*1024;
2058
	else
2059
		ggtt_size = 512*1024;
2060

2061 2062
	while (ggtt_size < size)
		ggtt_size <<= 1;
2063

2064
	return ggtt_size;
2065 2066
}

2067
/**
2068
 * i915_gem_get_ggtt_alignment - return required global GTT alignment
2069
 * @dev_priv: i915 device
2070 2071
 * @size: object size
 * @tiling_mode: tiling mode
2072
 * @fenced: is fenced alignment required or not
2073
 *
2074
 * Return the required global GTT alignment for an object, taking into account
2075
 * potential fence register mapping.
2076
 */
2077
u64 i915_gem_get_ggtt_alignment(struct drm_i915_private *dev_priv, u64 size,
2078
				int tiling_mode, bool fenced)
2079
{
2080 2081
	GEM_BUG_ON(size == 0);

2082 2083 2084 2085
	/*
	 * Minimum alignment is 4k (GTT page size), but might be greater
	 * if a fence register is needed for the object.
	 */
2086
	if (INTEL_GEN(dev_priv) >= 4 || (!fenced && IS_G33(dev_priv)) ||
2087
	    tiling_mode == I915_TILING_NONE)
2088 2089
		return 4096;

2090 2091 2092 2093
	/*
	 * Previous chips need to be aligned to the size of the smallest
	 * fence register that can contain the object.
	 */
2094
	return i915_gem_get_ggtt_size(dev_priv, size, tiling_mode);
2095 2096
}

2097 2098
static int i915_gem_object_create_mmap_offset(struct drm_i915_gem_object *obj)
{
2099
	struct drm_i915_private *dev_priv = to_i915(obj->base.dev);
2100
	int err;
2101

2102 2103 2104
	err = drm_gem_create_mmap_offset(&obj->base);
	if (!err)
		return 0;
2105

2106 2107 2108
	/* We can idle the GPU locklessly to flush stale objects, but in order
	 * to claim that space for ourselves, we need to take the big
	 * struct_mutex to free the requests+objects and allocate our slot.
2109
	 */
2110
	err = i915_gem_wait_for_idle(dev_priv, I915_WAIT_INTERRUPTIBLE);
2111 2112 2113 2114 2115 2116 2117 2118 2119
	if (err)
		return err;

	err = i915_mutex_lock_interruptible(&dev_priv->drm);
	if (!err) {
		i915_gem_retire_requests(dev_priv);
		err = drm_gem_create_mmap_offset(&obj->base);
		mutex_unlock(&dev_priv->drm.struct_mutex);
	}
2120

2121
	return err;
2122 2123 2124 2125 2126 2127 2128
}

static void i915_gem_object_free_mmap_offset(struct drm_i915_gem_object *obj)
{
	drm_gem_free_mmap_offset(&obj->base);
}

2129
int
2130 2131
i915_gem_mmap_gtt(struct drm_file *file,
		  struct drm_device *dev,
2132
		  uint32_t handle,
2133
		  uint64_t *offset)
2134
{
2135
	struct drm_i915_gem_object *obj;
2136 2137
	int ret;

2138
	obj = i915_gem_object_lookup(file, handle);
2139 2140
	if (!obj)
		return -ENOENT;
2141

2142
	ret = i915_gem_object_create_mmap_offset(obj);
2143 2144
	if (ret == 0)
		*offset = drm_vma_node_offset_addr(&obj->base.vma_node);
2145

C
Chris Wilson 已提交
2146
	i915_gem_object_put(obj);
2147
	return ret;
2148 2149
}

2150 2151 2152 2153 2154 2155 2156 2157 2158 2159 2160 2161 2162 2163 2164 2165 2166 2167 2168 2169 2170
/**
 * i915_gem_mmap_gtt_ioctl - prepare an object for GTT mmap'ing
 * @dev: DRM device
 * @data: GTT mapping ioctl data
 * @file: GEM object info
 *
 * Simply returns the fake offset to userspace so it can mmap it.
 * The mmap call will end up in drm_gem_mmap(), which will set things
 * up so we can get faults in the handler above.
 *
 * The fault handler will take care of binding the object into the GTT
 * (since it may have been evicted to make room for something), allocating
 * a fence register, and mapping the appropriate aperture address into
 * userspace.
 */
int
i915_gem_mmap_gtt_ioctl(struct drm_device *dev, void *data,
			struct drm_file *file)
{
	struct drm_i915_gem_mmap_gtt *args = data;

2171
	return i915_gem_mmap_gtt(file, dev, args->handle, &args->offset);
2172 2173
}

D
Daniel Vetter 已提交
2174 2175 2176
/* Immediately discard the backing storage */
static void
i915_gem_object_truncate(struct drm_i915_gem_object *obj)
2177
{
2178
	i915_gem_object_free_mmap_offset(obj);
2179

2180 2181
	if (obj->base.filp == NULL)
		return;
2182

D
Daniel Vetter 已提交
2183 2184 2185 2186 2187
	/* Our goal here is to return as much of the memory as
	 * is possible back to the system as we are called from OOM.
	 * To do this we must instruct the shmfs to drop all of its
	 * backing pages, *now*.
	 */
2188
	shmem_truncate_range(file_inode(obj->base.filp), 0, (loff_t)-1);
C
Chris Wilson 已提交
2189
	obj->mm.madv = __I915_MADV_PURGED;
D
Daniel Vetter 已提交
2190
}
2191

2192
/* Try to discard unwanted pages */
2193
void __i915_gem_object_invalidate(struct drm_i915_gem_object *obj)
D
Daniel Vetter 已提交
2194
{
2195 2196
	struct address_space *mapping;

2197 2198 2199
	lockdep_assert_held(&obj->mm.lock);
	GEM_BUG_ON(obj->mm.pages);

C
Chris Wilson 已提交
2200
	switch (obj->mm.madv) {
2201 2202 2203 2204 2205 2206 2207 2208 2209
	case I915_MADV_DONTNEED:
		i915_gem_object_truncate(obj);
	case __I915_MADV_PURGED:
		return;
	}

	if (obj->base.filp == NULL)
		return;

2210
	mapping = obj->base.filp->f_mapping,
2211
	invalidate_mapping_pages(mapping, 0, (loff_t)-1);
2212 2213
}

2214
static void
2215 2216
i915_gem_object_put_pages_gtt(struct drm_i915_gem_object *obj,
			      struct sg_table *pages)
2217
{
2218 2219
	struct sgt_iter sgt_iter;
	struct page *page;
2220

2221
	__i915_gem_object_release_shmem(obj, pages);
2222

2223
	i915_gem_gtt_finish_pages(obj, pages);
I
Imre Deak 已提交
2224

2225
	if (i915_gem_object_needs_bit17_swizzle(obj))
2226
		i915_gem_object_save_bit_17_swizzle(obj, pages);
2227

2228
	for_each_sgt_page(page, sgt_iter, pages) {
C
Chris Wilson 已提交
2229
		if (obj->mm.dirty)
2230
			set_page_dirty(page);
2231

C
Chris Wilson 已提交
2232
		if (obj->mm.madv == I915_MADV_WILLNEED)
2233
			mark_page_accessed(page);
2234

2235
		put_page(page);
2236
	}
C
Chris Wilson 已提交
2237
	obj->mm.dirty = false;
2238

2239 2240
	sg_free_table(pages);
	kfree(pages);
2241
}
C
Chris Wilson 已提交
2242

2243 2244 2245 2246 2247
static void __i915_gem_object_reset_page_iter(struct drm_i915_gem_object *obj)
{
	struct radix_tree_iter iter;
	void **slot;

C
Chris Wilson 已提交
2248 2249
	radix_tree_for_each_slot(slot, &obj->mm.get_page.radix, &iter, 0)
		radix_tree_delete(&obj->mm.get_page.radix, iter.index);
2250 2251
}

2252 2253
void __i915_gem_object_put_pages(struct drm_i915_gem_object *obj,
				 enum i915_mm_subclass subclass)
2254
{
2255
	struct sg_table *pages;
2256

C
Chris Wilson 已提交
2257
	if (i915_gem_object_has_pinned_pages(obj))
2258
		return;
2259

2260
	GEM_BUG_ON(obj->bind_count);
2261 2262 2263 2264
	if (!READ_ONCE(obj->mm.pages))
		return;

	/* May be called by shrinker from within get_pages() (on another bo) */
2265
	mutex_lock_nested(&obj->mm.lock, subclass);
2266 2267
	if (unlikely(atomic_read(&obj->mm.pages_pin_count)))
		goto unlock;
B
Ben Widawsky 已提交
2268

2269 2270 2271
	/* ->put_pages might need to allocate memory for the bit17 swizzle
	 * array, hence protect them from being reaped by removing them from gtt
	 * lists early. */
2272 2273
	pages = fetch_and_zero(&obj->mm.pages);
	GEM_BUG_ON(!pages);
2274

C
Chris Wilson 已提交
2275
	if (obj->mm.mapping) {
2276 2277
		void *ptr;

C
Chris Wilson 已提交
2278
		ptr = ptr_mask_bits(obj->mm.mapping);
2279 2280
		if (is_vmalloc_addr(ptr))
			vunmap(ptr);
2281
		else
2282 2283
			kunmap(kmap_to_page(ptr));

C
Chris Wilson 已提交
2284
		obj->mm.mapping = NULL;
2285 2286
	}

2287 2288
	__i915_gem_object_reset_page_iter(obj);

2289
	obj->ops->put_pages(obj, pages);
2290 2291
unlock:
	mutex_unlock(&obj->mm.lock);
C
Chris Wilson 已提交
2292 2293
}

2294
static unsigned int swiotlb_max_size(void)
2295 2296 2297 2298 2299 2300 2301 2302
{
#if IS_ENABLED(CONFIG_SWIOTLB)
	return rounddown(swiotlb_nr_tbl() << IO_TLB_SHIFT, PAGE_SIZE);
#else
	return 0;
#endif
}

2303 2304 2305 2306 2307 2308 2309 2310 2311 2312 2313 2314 2315 2316 2317 2318 2319 2320 2321 2322 2323 2324 2325 2326
static void i915_sg_trim(struct sg_table *orig_st)
{
	struct sg_table new_st;
	struct scatterlist *sg, *new_sg;
	unsigned int i;

	if (orig_st->nents == orig_st->orig_nents)
		return;

	if (sg_alloc_table(&new_st, orig_st->nents, GFP_KERNEL))
		return;

	new_sg = new_st.sgl;
	for_each_sg(orig_st->sgl, sg, orig_st->nents, i) {
		sg_set_page(new_sg, sg_page(sg), sg->length, 0);
		/* called before being DMA mapped, no need to copy sg->dma_* */
		new_sg = sg_next(new_sg);
	}

	sg_free_table(orig_st);

	*orig_st = new_st;
}

2327
static struct sg_table *
C
Chris Wilson 已提交
2328
i915_gem_object_get_pages_gtt(struct drm_i915_gem_object *obj)
2329
{
2330
	struct drm_i915_private *dev_priv = to_i915(obj->base.dev);
2331 2332
	int page_count, i;
	struct address_space *mapping;
2333 2334
	struct sg_table *st;
	struct scatterlist *sg;
2335
	struct sgt_iter sgt_iter;
2336
	struct page *page;
2337
	unsigned long last_pfn = 0;	/* suppress gcc warning */
2338
	unsigned int max_segment;
I
Imre Deak 已提交
2339
	int ret;
C
Chris Wilson 已提交
2340
	gfp_t gfp;
2341

C
Chris Wilson 已提交
2342 2343 2344 2345
	/* Assert that the object is not currently in any GPU domain. As it
	 * wasn't in the GTT, there shouldn't be any way it could have been in
	 * a GPU cache
	 */
2346 2347
	GEM_BUG_ON(obj->base.read_domains & I915_GEM_GPU_DOMAINS);
	GEM_BUG_ON(obj->base.write_domain & I915_GEM_GPU_DOMAINS);
C
Chris Wilson 已提交
2348

2349 2350
	max_segment = swiotlb_max_size();
	if (!max_segment)
2351
		max_segment = rounddown(UINT_MAX, PAGE_SIZE);
2352

2353 2354
	st = kmalloc(sizeof(*st), GFP_KERNEL);
	if (st == NULL)
2355
		return ERR_PTR(-ENOMEM);
2356

2357
	page_count = obj->base.size / PAGE_SIZE;
2358 2359
	if (sg_alloc_table(st, page_count, GFP_KERNEL)) {
		kfree(st);
2360
		return ERR_PTR(-ENOMEM);
2361
	}
2362

2363 2364 2365 2366 2367
	/* Get the list of pages out of our struct file.  They'll be pinned
	 * at this point until we release them.
	 *
	 * Fail silently without starting the shrinker
	 */
2368
	mapping = obj->base.filp->f_mapping;
2369
	gfp = mapping_gfp_constraint(mapping, ~(__GFP_IO | __GFP_RECLAIM));
2370
	gfp |= __GFP_NORETRY | __GFP_NOWARN;
2371 2372 2373
	sg = st->sgl;
	st->nents = 0;
	for (i = 0; i < page_count; i++) {
C
Chris Wilson 已提交
2374 2375
		page = shmem_read_mapping_page_gfp(mapping, i, gfp);
		if (IS_ERR(page)) {
2376 2377 2378 2379 2380
			i915_gem_shrink(dev_priv,
					page_count,
					I915_SHRINK_BOUND |
					I915_SHRINK_UNBOUND |
					I915_SHRINK_PURGEABLE);
C
Chris Wilson 已提交
2381 2382 2383 2384 2385 2386 2387
			page = shmem_read_mapping_page_gfp(mapping, i, gfp);
		}
		if (IS_ERR(page)) {
			/* We've tried hard to allocate the memory by reaping
			 * our own buffer, now let the real VM do its job and
			 * go down in flames if truly OOM.
			 */
2388
			page = shmem_read_mapping_page(mapping, i);
I
Imre Deak 已提交
2389 2390
			if (IS_ERR(page)) {
				ret = PTR_ERR(page);
2391
				goto err_sg;
I
Imre Deak 已提交
2392
			}
C
Chris Wilson 已提交
2393
		}
2394 2395 2396
		if (!i ||
		    sg->length >= max_segment ||
		    page_to_pfn(page) != last_pfn + 1) {
2397 2398 2399 2400 2401 2402 2403 2404
			if (i)
				sg = sg_next(sg);
			st->nents++;
			sg_set_page(sg, page, PAGE_SIZE, 0);
		} else {
			sg->length += PAGE_SIZE;
		}
		last_pfn = page_to_pfn(page);
2405 2406 2407

		/* Check that the i965g/gm workaround works. */
		WARN_ON((gfp & __GFP_DMA32) && (last_pfn >= 0x00100000UL));
2408
	}
2409
	if (sg) /* loop terminated early; short sg table */
2410
		sg_mark_end(sg);
2411

2412 2413 2414
	/* Trim unused sg entries to avoid wasting memory. */
	i915_sg_trim(st);

2415
	ret = i915_gem_gtt_prepare_pages(obj, st);
I
Imre Deak 已提交
2416 2417 2418
	if (ret)
		goto err_pages;

2419
	if (i915_gem_object_needs_bit17_swizzle(obj))
2420
		i915_gem_object_do_bit_17_swizzle(obj, st);
2421

2422
	return st;
2423

2424
err_sg:
2425
	sg_mark_end(sg);
2426
err_pages:
2427 2428
	for_each_sgt_page(page, sgt_iter, st)
		put_page(page);
2429 2430
	sg_free_table(st);
	kfree(st);
2431 2432 2433 2434 2435 2436 2437 2438 2439

	/* shmemfs first checks if there is enough memory to allocate the page
	 * and reports ENOSPC should there be insufficient, along with the usual
	 * ENOMEM for a genuine allocation failure.
	 *
	 * We use ENOSPC in our driver to mean that we have run out of aperture
	 * space and so want to translate the error from shmemfs back to our
	 * usual understanding of ENOMEM.
	 */
I
Imre Deak 已提交
2440 2441 2442
	if (ret == -ENOSPC)
		ret = -ENOMEM;

2443 2444 2445 2446 2447 2448
	return ERR_PTR(ret);
}

void __i915_gem_object_set_pages(struct drm_i915_gem_object *obj,
				 struct sg_table *pages)
{
2449
	lockdep_assert_held(&obj->mm.lock);
2450 2451 2452 2453 2454

	obj->mm.get_page.sg_pos = pages->sgl;
	obj->mm.get_page.sg_idx = 0;

	obj->mm.pages = pages;
2455 2456 2457 2458 2459 2460 2461

	if (i915_gem_object_is_tiled(obj) &&
	    to_i915(obj->base.dev)->quirks & QUIRK_PIN_SWIZZLED_PAGES) {
		GEM_BUG_ON(obj->mm.quirked);
		__i915_gem_object_pin_pages(obj);
		obj->mm.quirked = true;
	}
2462 2463 2464 2465 2466 2467
}

static int ____i915_gem_object_get_pages(struct drm_i915_gem_object *obj)
{
	struct sg_table *pages;

2468 2469
	GEM_BUG_ON(i915_gem_object_has_pinned_pages(obj));

2470 2471 2472 2473 2474 2475 2476 2477 2478 2479 2480
	if (unlikely(obj->mm.madv != I915_MADV_WILLNEED)) {
		DRM_DEBUG("Attempting to obtain a purgeable object\n");
		return -EFAULT;
	}

	pages = obj->ops->get_pages(obj);
	if (unlikely(IS_ERR(pages)))
		return PTR_ERR(pages);

	__i915_gem_object_set_pages(obj, pages);
	return 0;
2481 2482
}

2483
/* Ensure that the associated pages are gathered from the backing storage
2484
 * and pinned into our object. i915_gem_object_pin_pages() may be called
2485
 * multiple times before they are released by a single call to
2486
 * i915_gem_object_unpin_pages() - once the pages are no longer referenced
2487 2488 2489
 * either as a result of memory pressure (reaping pages under the shrinker)
 * or as the object is itself released.
 */
C
Chris Wilson 已提交
2490
int __i915_gem_object_get_pages(struct drm_i915_gem_object *obj)
2491
{
2492
	int err;
2493

2494 2495 2496
	err = mutex_lock_interruptible(&obj->mm.lock);
	if (err)
		return err;
2497

2498 2499 2500 2501
	if (unlikely(!obj->mm.pages)) {
		err = ____i915_gem_object_get_pages(obj);
		if (err)
			goto unlock;
2502

2503 2504 2505
		smp_mb__before_atomic();
	}
	atomic_inc(&obj->mm.pages_pin_count);
2506

2507 2508
unlock:
	mutex_unlock(&obj->mm.lock);
2509
	return err;
2510 2511
}

2512
/* The 'mapping' part of i915_gem_object_pin_map() below */
2513 2514
static void *i915_gem_object_map(const struct drm_i915_gem_object *obj,
				 enum i915_map_type type)
2515 2516
{
	unsigned long n_pages = obj->base.size >> PAGE_SHIFT;
C
Chris Wilson 已提交
2517
	struct sg_table *sgt = obj->mm.pages;
2518 2519
	struct sgt_iter sgt_iter;
	struct page *page;
2520 2521
	struct page *stack_pages[32];
	struct page **pages = stack_pages;
2522
	unsigned long i = 0;
2523
	pgprot_t pgprot;
2524 2525 2526
	void *addr;

	/* A single page can always be kmapped */
2527
	if (n_pages == 1 && type == I915_MAP_WB)
2528 2529
		return kmap(sg_page(sgt->sgl));

2530 2531 2532 2533 2534 2535
	if (n_pages > ARRAY_SIZE(stack_pages)) {
		/* Too big for stack -- allocate temporary array instead */
		pages = drm_malloc_gfp(n_pages, sizeof(*pages), GFP_TEMPORARY);
		if (!pages)
			return NULL;
	}
2536

2537 2538
	for_each_sgt_page(page, sgt_iter, sgt)
		pages[i++] = page;
2539 2540 2541 2542

	/* Check that we have the expected number of pages */
	GEM_BUG_ON(i != n_pages);

2543 2544 2545 2546 2547 2548 2549 2550 2551
	switch (type) {
	case I915_MAP_WB:
		pgprot = PAGE_KERNEL;
		break;
	case I915_MAP_WC:
		pgprot = pgprot_writecombine(PAGE_KERNEL_IO);
		break;
	}
	addr = vmap(pages, n_pages, 0, pgprot);
2552

2553 2554
	if (pages != stack_pages)
		drm_free_large(pages);
2555 2556 2557 2558 2559

	return addr;
}

/* get, pin, and map the pages of the object into kernel space */
2560 2561
void *i915_gem_object_pin_map(struct drm_i915_gem_object *obj,
			      enum i915_map_type type)
2562
{
2563 2564 2565
	enum i915_map_type has_type;
	bool pinned;
	void *ptr;
2566 2567
	int ret;

2568
	GEM_BUG_ON(!i915_gem_object_has_struct_page(obj));
2569

2570
	ret = mutex_lock_interruptible(&obj->mm.lock);
2571 2572 2573
	if (ret)
		return ERR_PTR(ret);

2574 2575
	pinned = true;
	if (!atomic_inc_not_zero(&obj->mm.pages_pin_count)) {
2576 2577 2578 2579
		if (unlikely(!obj->mm.pages)) {
			ret = ____i915_gem_object_get_pages(obj);
			if (ret)
				goto err_unlock;
2580

2581 2582 2583
			smp_mb__before_atomic();
		}
		atomic_inc(&obj->mm.pages_pin_count);
2584 2585 2586
		pinned = false;
	}
	GEM_BUG_ON(!obj->mm.pages);
2587

C
Chris Wilson 已提交
2588
	ptr = ptr_unpack_bits(obj->mm.mapping, has_type);
2589 2590 2591
	if (ptr && has_type != type) {
		if (pinned) {
			ret = -EBUSY;
2592
			goto err_unpin;
2593
		}
2594 2595 2596 2597 2598 2599

		if (is_vmalloc_addr(ptr))
			vunmap(ptr);
		else
			kunmap(kmap_to_page(ptr));

C
Chris Wilson 已提交
2600
		ptr = obj->mm.mapping = NULL;
2601 2602
	}

2603 2604 2605 2606
	if (!ptr) {
		ptr = i915_gem_object_map(obj, type);
		if (!ptr) {
			ret = -ENOMEM;
2607
			goto err_unpin;
2608 2609
		}

C
Chris Wilson 已提交
2610
		obj->mm.mapping = ptr_pack_bits(ptr, type);
2611 2612
	}

2613 2614
out_unlock:
	mutex_unlock(&obj->mm.lock);
2615 2616
	return ptr;

2617 2618 2619 2620 2621
err_unpin:
	atomic_dec(&obj->mm.pages_pin_count);
err_unlock:
	ptr = ERR_PTR(ret);
	goto out_unlock;
2622 2623
}

2624
static bool i915_context_is_banned(const struct i915_gem_context *ctx)
2625
{
2626
	if (ctx->banned)
2627 2628
		return true;

2629
	if (!ctx->bannable)
2630 2631
		return false;

2632
	if (ctx->ban_score >= CONTEXT_SCORE_BAN_THRESHOLD) {
2633 2634 2635 2636
		DRM_DEBUG("context hanging too often, banning!\n");
		return true;
	}

2637 2638 2639
	return false;
}

2640
static void i915_gem_context_mark_guilty(struct i915_gem_context *ctx)
2641
{
2642
	ctx->ban_score += CONTEXT_SCORE_GUILTY;
2643

2644 2645
	ctx->banned = i915_context_is_banned(ctx);
	ctx->guilty_count++;
2646 2647

	DRM_DEBUG_DRIVER("context %s marked guilty (score %d) banned? %s\n",
2648 2649
			 ctx->name, ctx->ban_score,
			 yesno(ctx->banned));
2650

2651
	if (!ctx->banned || IS_ERR_OR_NULL(ctx->file_priv))
2652 2653
		return;

2654 2655 2656
	ctx->file_priv->context_bans++;
	DRM_DEBUG_DRIVER("client %s has had %d context banned\n",
			 ctx->name, ctx->file_priv->context_bans);
2657 2658 2659 2660
}

static void i915_gem_context_mark_innocent(struct i915_gem_context *ctx)
{
2661
	ctx->active_count++;
2662 2663
}

2664
struct drm_i915_gem_request *
2665
i915_gem_find_active_request(struct intel_engine_cs *engine)
2666
{
2667 2668
	struct drm_i915_gem_request *request;

2669 2670 2671 2672 2673 2674 2675 2676
	/* We are called by the error capture and reset at a random
	 * point in time. In particular, note that neither is crucially
	 * ordered with an interrupt. After a hang, the GPU is dead and we
	 * assume that no more writes can happen (we waited long enough for
	 * all writes that were in transaction to be flushed) - adding an
	 * extra delay for a recent interrupt is pointless. Hence, we do
	 * not need an engine->irq_seqno_barrier() before the seqno reads.
	 */
2677
	list_for_each_entry(request, &engine->timeline->requests, link) {
C
Chris Wilson 已提交
2678
		if (__i915_gem_request_completed(request))
2679
			continue;
2680

2681
		return request;
2682
	}
2683 2684 2685 2686

	return NULL;
}

2687 2688 2689 2690 2691 2692 2693 2694 2695 2696 2697 2698 2699 2700 2701 2702 2703 2704
static void reset_request(struct drm_i915_gem_request *request)
{
	void *vaddr = request->ring->vaddr;
	u32 head;

	/* As this request likely depends on state from the lost
	 * context, clear out all the user operations leaving the
	 * breadcrumb at the end (so we get the fence notifications).
	 */
	head = request->head;
	if (request->postfix < head) {
		memset(vaddr + head, 0, request->ring->size - head);
		head = 0;
	}
	memset(vaddr + head, 0, request->postfix - head);
}

static void i915_gem_reset_engine(struct intel_engine_cs *engine)
2705 2706
{
	struct drm_i915_gem_request *request;
2707
	struct i915_gem_context *incomplete_ctx;
C
Chris Wilson 已提交
2708
	struct intel_timeline *timeline;
2709 2710
	bool ring_hung;

2711 2712 2713
	if (engine->irq_seqno_barrier)
		engine->irq_seqno_barrier(engine);

2714
	request = i915_gem_find_active_request(engine);
2715
	if (!request)
2716 2717
		return;

2718 2719 2720 2721 2722
	ring_hung = engine->hangcheck.stalled;
	if (engine->hangcheck.seqno != intel_engine_get_seqno(engine)) {
		DRM_DEBUG_DRIVER("%s pardoned, was guilty? %s\n",
				 engine->name,
				 yesno(ring_hung));
2723
		ring_hung = false;
2724
	}
2725

2726 2727 2728 2729 2730
	if (ring_hung)
		i915_gem_context_mark_guilty(request->ctx);
	else
		i915_gem_context_mark_innocent(request->ctx);

2731 2732 2733 2734
	if (!ring_hung)
		return;

	DRM_DEBUG_DRIVER("resetting %s to restart from tail of request 0x%x\n",
2735
			 engine->name, request->global_seqno);
2736 2737 2738 2739 2740 2741 2742 2743 2744 2745 2746 2747 2748 2749 2750 2751

	/* Setup the CS to resume from the breadcrumb of the hung request */
	engine->reset_hw(engine, request);

	/* Users of the default context do not rely on logical state
	 * preserved between batches. They have to emit full state on
	 * every batch and so it is safe to execute queued requests following
	 * the hang.
	 *
	 * Other contexts preserve state, now corrupt. We want to skip all
	 * queued requests that reference the corrupt context.
	 */
	incomplete_ctx = request->ctx;
	if (i915_gem_context_is_default(incomplete_ctx))
		return;

2752
	list_for_each_entry_continue(request, &engine->timeline->requests, link)
2753 2754
		if (request->ctx == incomplete_ctx)
			reset_request(request);
C
Chris Wilson 已提交
2755 2756 2757 2758

	timeline = i915_gem_context_lookup_timeline(incomplete_ctx, engine);
	list_for_each_entry(request, &timeline->requests, link)
		reset_request(request);
2759
}
2760

2761
void i915_gem_reset(struct drm_i915_private *dev_priv)
2762
{
2763
	struct intel_engine_cs *engine;
2764
	enum intel_engine_id id;
2765

2766 2767
	lockdep_assert_held(&dev_priv->drm.struct_mutex);

2768 2769
	i915_gem_retire_requests(dev_priv);

2770
	for_each_engine(engine, dev_priv, id)
2771 2772
		i915_gem_reset_engine(engine);

2773
	i915_gem_restore_fences(dev_priv);
2774 2775 2776 2777 2778 2779 2780

	if (dev_priv->gt.awake) {
		intel_sanitize_gt_powersave(dev_priv);
		intel_enable_gt_powersave(dev_priv);
		if (INTEL_GEN(dev_priv) >= 6)
			gen6_rps_busy(dev_priv);
	}
2781 2782 2783 2784
}

static void nop_submit_request(struct drm_i915_gem_request *request)
{
2785 2786
	i915_gem_request_submit(request);
	intel_engine_init_global_seqno(request->engine, request->global_seqno);
2787 2788 2789 2790
}

static void i915_gem_cleanup_engine(struct intel_engine_cs *engine)
{
2791 2792 2793 2794 2795 2796
	/* We need to be sure that no thread is running the old callback as
	 * we install the nop handler (otherwise we would submit a request
	 * to hardware that will never complete). In order to prevent this
	 * race, we wait until the machine is idle before making the swap
	 * (using stop_machine()).
	 */
2797
	engine->submit_request = nop_submit_request;
2798

2799 2800 2801 2802
	/* Mark all pending requests as complete so that any concurrent
	 * (lockless) lookup doesn't try and wait upon the request as we
	 * reset it.
	 */
2803
	intel_engine_init_global_seqno(engine,
2804
				       intel_engine_last_submit(engine));
2805

2806 2807 2808 2809 2810 2811
	/*
	 * Clear the execlists queue up before freeing the requests, as those
	 * are the ones that keep the context and ringbuffer backing objects
	 * pinned in place.
	 */

2812
	if (i915.enable_execlists) {
2813 2814 2815 2816
		unsigned long flags;

		spin_lock_irqsave(&engine->timeline->lock, flags);

2817 2818 2819
		i915_gem_request_put(engine->execlist_port[0].request);
		i915_gem_request_put(engine->execlist_port[1].request);
		memset(engine->execlist_port, 0, sizeof(engine->execlist_port));
2820 2821
		engine->execlist_queue = RB_ROOT;
		engine->execlist_first = NULL;
2822 2823

		spin_unlock_irqrestore(&engine->timeline->lock, flags);
2824
	}
2825 2826
}

2827
static int __i915_gem_set_wedged_BKL(void *data)
2828
{
2829
	struct drm_i915_private *i915 = data;
2830
	struct intel_engine_cs *engine;
2831
	enum intel_engine_id id;
2832

2833 2834 2835 2836 2837 2838 2839 2840
	for_each_engine(engine, i915, id)
		i915_gem_cleanup_engine(engine);

	return 0;
}

void i915_gem_set_wedged(struct drm_i915_private *dev_priv)
{
2841 2842
	lockdep_assert_held(&dev_priv->drm.struct_mutex);
	set_bit(I915_WEDGED, &dev_priv->gpu_error.flags);
2843

2844
	stop_machine(__i915_gem_set_wedged_BKL, dev_priv, NULL);
2845

2846
	i915_gem_context_lost(dev_priv);
2847
	i915_gem_retire_requests(dev_priv);
2848 2849

	mod_delayed_work(dev_priv->wq, &dev_priv->gt.idle_work, 0);
2850 2851
}

2852
static void
2853 2854
i915_gem_retire_work_handler(struct work_struct *work)
{
2855
	struct drm_i915_private *dev_priv =
2856
		container_of(work, typeof(*dev_priv), gt.retire_work.work);
2857
	struct drm_device *dev = &dev_priv->drm;
2858

2859
	/* Come back later if the device is busy... */
2860
	if (mutex_trylock(&dev->struct_mutex)) {
2861
		i915_gem_retire_requests(dev_priv);
2862
		mutex_unlock(&dev->struct_mutex);
2863
	}
2864 2865 2866 2867 2868

	/* Keep the retire handler running until we are finally idle.
	 * We do not need to do this test under locking as in the worst-case
	 * we queue the retire worker once too often.
	 */
2869 2870
	if (READ_ONCE(dev_priv->gt.awake)) {
		i915_queue_hangcheck(dev_priv);
2871 2872
		queue_delayed_work(dev_priv->wq,
				   &dev_priv->gt.retire_work,
2873
				   round_jiffies_up_relative(HZ));
2874
	}
2875
}
2876

2877 2878 2879 2880
static void
i915_gem_idle_work_handler(struct work_struct *work)
{
	struct drm_i915_private *dev_priv =
2881
		container_of(work, typeof(*dev_priv), gt.idle_work.work);
2882
	struct drm_device *dev = &dev_priv->drm;
2883
	struct intel_engine_cs *engine;
2884
	enum intel_engine_id id;
2885 2886 2887 2888 2889
	bool rearm_hangcheck;

	if (!READ_ONCE(dev_priv->gt.awake))
		return;

2890 2891 2892 2893 2894 2895 2896
	/*
	 * Wait for last execlists context complete, but bail out in case a
	 * new request is submitted.
	 */
	wait_for(READ_ONCE(dev_priv->gt.active_requests) ||
		 intel_execlists_idle(dev_priv), 10);

2897
	if (READ_ONCE(dev_priv->gt.active_requests))
2898 2899 2900 2901 2902 2903 2904 2905 2906 2907 2908 2909 2910
		return;

	rearm_hangcheck =
		cancel_delayed_work_sync(&dev_priv->gpu_error.hangcheck_work);

	if (!mutex_trylock(&dev->struct_mutex)) {
		/* Currently busy, come back later */
		mod_delayed_work(dev_priv->wq,
				 &dev_priv->gt.idle_work,
				 msecs_to_jiffies(50));
		goto out_rearm;
	}

2911 2912 2913 2914 2915 2916 2917
	/*
	 * New request retired after this work handler started, extend active
	 * period until next instance of the work.
	 */
	if (work_pending(work))
		goto out_unlock;

2918
	if (dev_priv->gt.active_requests)
2919
		goto out_unlock;
2920

2921 2922 2923
	if (wait_for(intel_execlists_idle(dev_priv), 10))
		DRM_ERROR("Timeout waiting for engines to idle\n");

2924
	for_each_engine(engine, dev_priv, id)
2925
		i915_gem_batch_pool_fini(&engine->batch_pool);
2926

2927 2928 2929
	GEM_BUG_ON(!dev_priv->gt.awake);
	dev_priv->gt.awake = false;
	rearm_hangcheck = false;
2930

2931 2932 2933 2934 2935
	if (INTEL_GEN(dev_priv) >= 6)
		gen6_rps_idle(dev_priv);
	intel_runtime_pm_put(dev_priv);
out_unlock:
	mutex_unlock(&dev->struct_mutex);
2936

2937 2938 2939 2940
out_rearm:
	if (rearm_hangcheck) {
		GEM_BUG_ON(!dev_priv->gt.awake);
		i915_queue_hangcheck(dev_priv);
2941
	}
2942 2943
}

2944 2945 2946 2947 2948 2949 2950 2951 2952 2953
void i915_gem_close_object(struct drm_gem_object *gem, struct drm_file *file)
{
	struct drm_i915_gem_object *obj = to_intel_bo(gem);
	struct drm_i915_file_private *fpriv = file->driver_priv;
	struct i915_vma *vma, *vn;

	mutex_lock(&obj->base.dev->struct_mutex);
	list_for_each_entry_safe(vma, vn, &obj->vma_list, obj_link)
		if (vma->vm->file == fpriv)
			i915_vma_close(vma);
2954 2955 2956 2957 2958 2959

	if (i915_gem_object_is_active(obj) &&
	    !i915_gem_object_has_active_reference(obj)) {
		i915_gem_object_set_active_reference(obj);
		i915_gem_object_get(obj);
	}
2960 2961 2962
	mutex_unlock(&obj->base.dev->struct_mutex);
}

2963 2964 2965 2966 2967 2968 2969 2970 2971 2972 2973
static unsigned long to_wait_timeout(s64 timeout_ns)
{
	if (timeout_ns < 0)
		return MAX_SCHEDULE_TIMEOUT;

	if (timeout_ns == 0)
		return 0;

	return nsecs_to_jiffies_timeout(timeout_ns);
}

2974 2975
/**
 * i915_gem_wait_ioctl - implements DRM_IOCTL_I915_GEM_WAIT
2976 2977 2978
 * @dev: drm device pointer
 * @data: ioctl data blob
 * @file: drm file pointer
2979 2980 2981 2982 2983 2984 2985 2986 2987 2988 2989 2990 2991 2992 2993 2994 2995 2996 2997 2998 2999 3000 3001 3002
 *
 * Returns 0 if successful, else an error is returned with the remaining time in
 * the timeout parameter.
 *  -ETIME: object is still busy after timeout
 *  -ERESTARTSYS: signal interrupted the wait
 *  -ENONENT: object doesn't exist
 * Also possible, but rare:
 *  -EAGAIN: GPU wedged
 *  -ENOMEM: damn
 *  -ENODEV: Internal IRQ fail
 *  -E?: The add request failed
 *
 * The wait ioctl with a timeout of 0 reimplements the busy ioctl. With any
 * non-zero timeout parameter the wait ioctl will wait for the given number of
 * nanoseconds on an object becoming unbusy. Since the wait itself does so
 * without holding struct_mutex the object may become re-busied before this
 * function completes. A similar but shorter * race condition exists in the busy
 * ioctl
 */
int
i915_gem_wait_ioctl(struct drm_device *dev, void *data, struct drm_file *file)
{
	struct drm_i915_gem_wait *args = data;
	struct drm_i915_gem_object *obj;
3003 3004
	ktime_t start;
	long ret;
3005

3006 3007 3008
	if (args->flags != 0)
		return -EINVAL;

3009
	obj = i915_gem_object_lookup(file, args->bo_handle);
3010
	if (!obj)
3011 3012
		return -ENOENT;

3013 3014 3015 3016 3017 3018 3019 3020 3021 3022 3023
	start = ktime_get();

	ret = i915_gem_object_wait(obj,
				   I915_WAIT_INTERRUPTIBLE | I915_WAIT_ALL,
				   to_wait_timeout(args->timeout_ns),
				   to_rps_client(file));

	if (args->timeout_ns > 0) {
		args->timeout_ns -= ktime_to_ns(ktime_sub(ktime_get(), start));
		if (args->timeout_ns < 0)
			args->timeout_ns = 0;
3024 3025
	}

C
Chris Wilson 已提交
3026
	i915_gem_object_put(obj);
3027
	return ret;
3028 3029
}

3030
static int wait_for_timeline(struct i915_gem_timeline *tl, unsigned int flags)
3031
{
3032
	int ret, i;
3033

3034 3035 3036 3037 3038
	for (i = 0; i < ARRAY_SIZE(tl->engine); i++) {
		ret = i915_gem_active_wait(&tl->engine[i].last_request, flags);
		if (ret)
			return ret;
	}
3039

3040 3041 3042 3043 3044 3045 3046
	return 0;
}

int i915_gem_wait_for_idle(struct drm_i915_private *i915, unsigned int flags)
{
	int ret;

3047 3048 3049 3050 3051 3052 3053 3054 3055 3056 3057 3058
	if (flags & I915_WAIT_LOCKED) {
		struct i915_gem_timeline *tl;

		lockdep_assert_held(&i915->drm.struct_mutex);

		list_for_each_entry(tl, &i915->gt.timelines, link) {
			ret = wait_for_timeline(tl, flags);
			if (ret)
				return ret;
		}
	} else {
		ret = wait_for_timeline(&i915->gt.global_timeline, flags);
3059 3060 3061
		if (ret)
			return ret;
	}
3062

3063
	return 0;
3064 3065
}

3066 3067
void i915_gem_clflush_object(struct drm_i915_gem_object *obj,
			     bool force)
3068 3069 3070 3071 3072
{
	/* If we don't have a page list set up, then we're not pinned
	 * to GPU, and we can ignore the cache flush because it'll happen
	 * again at bind time.
	 */
C
Chris Wilson 已提交
3073
	if (!obj->mm.pages)
3074
		return;
3075

3076 3077 3078 3079
	/*
	 * Stolen memory is always coherent with the GPU as it is explicitly
	 * marked as wc by the system, or the system is cache-coherent.
	 */
3080
	if (obj->stolen || obj->phys_handle)
3081
		return;
3082

3083 3084 3085 3086 3087 3088 3089 3090
	/* If the GPU is snooping the contents of the CPU cache,
	 * we do not need to manually clear the CPU cache lines.  However,
	 * the caches are only snooped when the render cache is
	 * flushed/invalidated.  As we always have to emit invalidations
	 * and flushes when moving into and out of the RENDER domain, correct
	 * snooping behaviour occurs naturally as the result of our domain
	 * tracking.
	 */
3091 3092
	if (!force && cpu_cache_is_coherent(obj->base.dev, obj->cache_level)) {
		obj->cache_dirty = true;
3093
		return;
3094
	}
3095

C
Chris Wilson 已提交
3096
	trace_i915_gem_object_clflush(obj);
C
Chris Wilson 已提交
3097
	drm_clflush_sg(obj->mm.pages);
3098
	obj->cache_dirty = false;
3099 3100 3101 3102
}

/** Flushes the GTT write domain for the object if it's dirty. */
static void
3103
i915_gem_object_flush_gtt_write_domain(struct drm_i915_gem_object *obj)
3104
{
3105
	struct drm_i915_private *dev_priv = to_i915(obj->base.dev);
C
Chris Wilson 已提交
3106

3107
	if (obj->base.write_domain != I915_GEM_DOMAIN_GTT)
3108 3109
		return;

3110
	/* No actual flushing is required for the GTT write domain.  Writes
3111
	 * to it "immediately" go to main memory as far as we know, so there's
3112
	 * no chipset flush.  It also doesn't land in render cache.
3113 3114 3115 3116
	 *
	 * However, we do have to enforce the order so that all writes through
	 * the GTT land before any writes to the device, such as updates to
	 * the GATT itself.
3117 3118 3119 3120 3121 3122 3123
	 *
	 * We also have to wait a bit for the writes to land from the GTT.
	 * An uncached read (i.e. mmio) seems to be ideal for the round-trip
	 * timing. This issue has only been observed when switching quickly
	 * between GTT writes and CPU reads from inside the kernel on recent hw,
	 * and it appears to only affect discrete GTT blocks (i.e. on LLC
	 * system agents we cannot reproduce this behaviour).
3124
	 */
3125
	wmb();
3126
	if (INTEL_GEN(dev_priv) >= 6 && !HAS_LLC(dev_priv))
3127
		POSTING_READ(RING_ACTHD(dev_priv->engine[RCS]->mmio_base));
3128

3129
	intel_fb_obj_flush(obj, false, write_origin(obj, I915_GEM_DOMAIN_GTT));
3130

3131
	obj->base.write_domain = 0;
C
Chris Wilson 已提交
3132
	trace_i915_gem_object_change_domain(obj,
3133
					    obj->base.read_domains,
3134
					    I915_GEM_DOMAIN_GTT);
3135 3136 3137 3138
}

/** Flushes the CPU write domain for the object if it's dirty. */
static void
3139
i915_gem_object_flush_cpu_write_domain(struct drm_i915_gem_object *obj)
3140
{
3141
	if (obj->base.write_domain != I915_GEM_DOMAIN_CPU)
3142 3143
		return;

3144
	i915_gem_clflush_object(obj, obj->pin_display);
3145
	intel_fb_obj_flush(obj, false, ORIGIN_CPU);
3146

3147
	obj->base.write_domain = 0;
C
Chris Wilson 已提交
3148
	trace_i915_gem_object_change_domain(obj,
3149
					    obj->base.read_domains,
3150
					    I915_GEM_DOMAIN_CPU);
3151 3152
}

3153 3154
/**
 * Moves a single object to the GTT read, and possibly write domain.
3155 3156
 * @obj: object to act on
 * @write: ask for write access or read only
3157 3158 3159 3160
 *
 * This function returns when the move is complete, including waiting on
 * flushes to occur.
 */
J
Jesse Barnes 已提交
3161
int
3162
i915_gem_object_set_to_gtt_domain(struct drm_i915_gem_object *obj, bool write)
3163
{
C
Chris Wilson 已提交
3164
	uint32_t old_write_domain, old_read_domains;
3165
	int ret;
3166

3167
	lockdep_assert_held(&obj->base.dev->struct_mutex);
3168

3169 3170 3171 3172 3173 3174
	ret = i915_gem_object_wait(obj,
				   I915_WAIT_INTERRUPTIBLE |
				   I915_WAIT_LOCKED |
				   (write ? I915_WAIT_ALL : 0),
				   MAX_SCHEDULE_TIMEOUT,
				   NULL);
3175 3176 3177
	if (ret)
		return ret;

3178 3179 3180
	if (obj->base.write_domain == I915_GEM_DOMAIN_GTT)
		return 0;

3181 3182 3183 3184 3185 3186 3187 3188
	/* Flush and acquire obj->pages so that we are coherent through
	 * direct access in memory with previous cached writes through
	 * shmemfs and that our cache domain tracking remains valid.
	 * For example, if the obj->filp was moved to swap without us
	 * being notified and releasing the pages, we would mistakenly
	 * continue to assume that the obj remained out of the CPU cached
	 * domain.
	 */
C
Chris Wilson 已提交
3189
	ret = i915_gem_object_pin_pages(obj);
3190 3191 3192
	if (ret)
		return ret;

3193
	i915_gem_object_flush_cpu_write_domain(obj);
C
Chris Wilson 已提交
3194

3195 3196 3197 3198 3199 3200 3201
	/* Serialise direct access to this object with the barriers for
	 * coherent writes from the GPU, by effectively invalidating the
	 * GTT domain upon first access.
	 */
	if ((obj->base.read_domains & I915_GEM_DOMAIN_GTT) == 0)
		mb();

3202 3203
	old_write_domain = obj->base.write_domain;
	old_read_domains = obj->base.read_domains;
C
Chris Wilson 已提交
3204

3205 3206 3207
	/* It should now be out of any other write domains, and we can update
	 * the domain values for our changes.
	 */
3208
	GEM_BUG_ON((obj->base.write_domain & ~I915_GEM_DOMAIN_GTT) != 0);
3209
	obj->base.read_domains |= I915_GEM_DOMAIN_GTT;
3210
	if (write) {
3211 3212
		obj->base.read_domains = I915_GEM_DOMAIN_GTT;
		obj->base.write_domain = I915_GEM_DOMAIN_GTT;
C
Chris Wilson 已提交
3213
		obj->mm.dirty = true;
3214 3215
	}

C
Chris Wilson 已提交
3216 3217 3218 3219
	trace_i915_gem_object_change_domain(obj,
					    old_read_domains,
					    old_write_domain);

C
Chris Wilson 已提交
3220
	i915_gem_object_unpin_pages(obj);
3221 3222 3223
	return 0;
}

3224 3225
/**
 * Changes the cache-level of an object across all VMA.
3226 3227
 * @obj: object to act on
 * @cache_level: new cache level to set for the object
3228 3229 3230 3231 3232 3233 3234 3235 3236 3237 3238
 *
 * After this function returns, the object will be in the new cache-level
 * across all GTT and the contents of the backing storage will be coherent,
 * with respect to the new cache-level. In order to keep the backing storage
 * coherent for all users, we only allow a single cache level to be set
 * globally on the object and prevent it from being changed whilst the
 * hardware is reading from the object. That is if the object is currently
 * on the scanout it will be set to uncached (or equivalent display
 * cache coherency) and all non-MOCS GPU access will also be uncached so
 * that all direct access to the scanout remains coherent.
 */
3239 3240 3241
int i915_gem_object_set_cache_level(struct drm_i915_gem_object *obj,
				    enum i915_cache_level cache_level)
{
3242
	struct i915_vma *vma;
3243
	int ret;
3244

3245 3246
	lockdep_assert_held(&obj->base.dev->struct_mutex);

3247
	if (obj->cache_level == cache_level)
3248
		return 0;
3249

3250 3251 3252 3253 3254
	/* Inspect the list of currently bound VMA and unbind any that would
	 * be invalid given the new cache-level. This is principally to
	 * catch the issue of the CS prefetch crossing page boundaries and
	 * reading an invalid PTE on older architectures.
	 */
3255 3256
restart:
	list_for_each_entry(vma, &obj->vma_list, obj_link) {
3257 3258 3259
		if (!drm_mm_node_allocated(&vma->node))
			continue;

3260
		if (i915_vma_is_pinned(vma)) {
3261 3262 3263 3264
			DRM_DEBUG("can not change the cache level of pinned objects\n");
			return -EBUSY;
		}

3265 3266 3267 3268 3269 3270 3271 3272 3273 3274 3275 3276
		if (i915_gem_valid_gtt_space(vma, cache_level))
			continue;

		ret = i915_vma_unbind(vma);
		if (ret)
			return ret;

		/* As unbinding may affect other elements in the
		 * obj->vma_list (due to side-effects from retiring
		 * an active vma), play safe and restart the iterator.
		 */
		goto restart;
3277 3278
	}

3279 3280 3281 3282 3283 3284 3285
	/* We can reuse the existing drm_mm nodes but need to change the
	 * cache-level on the PTE. We could simply unbind them all and
	 * rebind with the correct cache-level on next use. However since
	 * we already have a valid slot, dma mapping, pages etc, we may as
	 * rewrite the PTE in the belief that doing so tramples upon less
	 * state and so involves less work.
	 */
3286
	if (obj->bind_count) {
3287 3288 3289 3290
		/* Before we change the PTE, the GPU must not be accessing it.
		 * If we wait upon the object, we know that all the bound
		 * VMA are no longer active.
		 */
3291 3292 3293 3294 3295 3296
		ret = i915_gem_object_wait(obj,
					   I915_WAIT_INTERRUPTIBLE |
					   I915_WAIT_LOCKED |
					   I915_WAIT_ALL,
					   MAX_SCHEDULE_TIMEOUT,
					   NULL);
3297 3298 3299
		if (ret)
			return ret;

3300 3301
		if (!HAS_LLC(to_i915(obj->base.dev)) &&
		    cache_level != I915_CACHE_NONE) {
3302 3303 3304 3305 3306 3307 3308 3309 3310 3311 3312 3313 3314 3315 3316 3317
			/* Access to snoopable pages through the GTT is
			 * incoherent and on some machines causes a hard
			 * lockup. Relinquish the CPU mmaping to force
			 * userspace to refault in the pages and we can
			 * then double check if the GTT mapping is still
			 * valid for that pointer access.
			 */
			i915_gem_release_mmap(obj);

			/* As we no longer need a fence for GTT access,
			 * we can relinquish it now (and so prevent having
			 * to steal a fence from someone else on the next
			 * fence request). Note GPU activity would have
			 * dropped the fence as all snoopable access is
			 * supposed to be linear.
			 */
3318 3319 3320 3321 3322
			list_for_each_entry(vma, &obj->vma_list, obj_link) {
				ret = i915_vma_put_fence(vma);
				if (ret)
					return ret;
			}
3323 3324 3325 3326 3327 3328 3329 3330
		} else {
			/* We either have incoherent backing store and
			 * so no GTT access or the architecture is fully
			 * coherent. In such cases, existing GTT mmaps
			 * ignore the cache bit in the PTE and we can
			 * rewrite it without confusing the GPU or having
			 * to force userspace to fault back in its mmaps.
			 */
3331 3332
		}

3333
		list_for_each_entry(vma, &obj->vma_list, obj_link) {
3334 3335 3336 3337 3338 3339 3340
			if (!drm_mm_node_allocated(&vma->node))
				continue;

			ret = i915_vma_bind(vma, cache_level, PIN_UPDATE);
			if (ret)
				return ret;
		}
3341 3342
	}

3343 3344 3345 3346
	if (obj->base.write_domain == I915_GEM_DOMAIN_CPU &&
	    cpu_cache_is_coherent(obj->base.dev, obj->cache_level))
		obj->cache_dirty = true;

3347
	list_for_each_entry(vma, &obj->vma_list, obj_link)
3348 3349 3350
		vma->node.color = cache_level;
	obj->cache_level = cache_level;

3351 3352 3353
	return 0;
}

B
Ben Widawsky 已提交
3354 3355
int i915_gem_get_caching_ioctl(struct drm_device *dev, void *data,
			       struct drm_file *file)
3356
{
B
Ben Widawsky 已提交
3357
	struct drm_i915_gem_caching *args = data;
3358
	struct drm_i915_gem_object *obj;
3359
	int err = 0;
3360

3361 3362 3363 3364 3365 3366
	rcu_read_lock();
	obj = i915_gem_object_lookup_rcu(file, args->handle);
	if (!obj) {
		err = -ENOENT;
		goto out;
	}
3367

3368 3369 3370 3371 3372 3373
	switch (obj->cache_level) {
	case I915_CACHE_LLC:
	case I915_CACHE_L3_LLC:
		args->caching = I915_CACHING_CACHED;
		break;

3374 3375 3376 3377
	case I915_CACHE_WT:
		args->caching = I915_CACHING_DISPLAY;
		break;

3378 3379 3380 3381
	default:
		args->caching = I915_CACHING_NONE;
		break;
	}
3382 3383 3384
out:
	rcu_read_unlock();
	return err;
3385 3386
}

B
Ben Widawsky 已提交
3387 3388
int i915_gem_set_caching_ioctl(struct drm_device *dev, void *data,
			       struct drm_file *file)
3389
{
3390
	struct drm_i915_private *i915 = to_i915(dev);
B
Ben Widawsky 已提交
3391
	struct drm_i915_gem_caching *args = data;
3392 3393 3394 3395
	struct drm_i915_gem_object *obj;
	enum i915_cache_level level;
	int ret;

B
Ben Widawsky 已提交
3396 3397
	switch (args->caching) {
	case I915_CACHING_NONE:
3398 3399
		level = I915_CACHE_NONE;
		break;
B
Ben Widawsky 已提交
3400
	case I915_CACHING_CACHED:
3401 3402 3403 3404 3405 3406
		/*
		 * Due to a HW issue on BXT A stepping, GPU stores via a
		 * snooped mapping may leave stale data in a corresponding CPU
		 * cacheline, whereas normally such cachelines would get
		 * invalidated.
		 */
3407
		if (!HAS_LLC(i915) && !HAS_SNOOP(i915))
3408 3409
			return -ENODEV;

3410 3411
		level = I915_CACHE_LLC;
		break;
3412
	case I915_CACHING_DISPLAY:
3413
		level = HAS_WT(i915) ? I915_CACHE_WT : I915_CACHE_NONE;
3414
		break;
3415 3416 3417 3418
	default:
		return -EINVAL;
	}

B
Ben Widawsky 已提交
3419 3420
	ret = i915_mutex_lock_interruptible(dev);
	if (ret)
3421
		return ret;
B
Ben Widawsky 已提交
3422

3423 3424
	obj = i915_gem_object_lookup(file, args->handle);
	if (!obj) {
3425 3426 3427 3428 3429
		ret = -ENOENT;
		goto unlock;
	}

	ret = i915_gem_object_set_cache_level(obj, level);
3430
	i915_gem_object_put(obj);
3431 3432 3433 3434 3435
unlock:
	mutex_unlock(&dev->struct_mutex);
	return ret;
}

3436
/*
3437 3438 3439
 * Prepare buffer for display plane (scanout, cursors, etc).
 * Can be called from an uninterruptible phase (modesetting) and allows
 * any flushes to be pipelined (for pageflips).
3440
 */
C
Chris Wilson 已提交
3441
struct i915_vma *
3442 3443
i915_gem_object_pin_to_display_plane(struct drm_i915_gem_object *obj,
				     u32 alignment,
3444
				     const struct i915_ggtt_view *view)
3445
{
C
Chris Wilson 已提交
3446
	struct i915_vma *vma;
3447
	u32 old_read_domains, old_write_domain;
3448 3449
	int ret;

3450 3451
	lockdep_assert_held(&obj->base.dev->struct_mutex);

3452 3453 3454
	/* Mark the pin_display early so that we account for the
	 * display coherency whilst setting up the cache domains.
	 */
3455
	obj->pin_display++;
3456

3457 3458 3459 3460 3461 3462 3463 3464 3465
	/* The display engine is not coherent with the LLC cache on gen6.  As
	 * a result, we make sure that the pinning that is about to occur is
	 * done with uncached PTEs. This is lowest common denominator for all
	 * chipsets.
	 *
	 * However for gen6+, we could do better by using the GFDT bit instead
	 * of uncaching, which would allow us to flush all the LLC-cached data
	 * with that bit in the PTE to main memory with just one PIPE_CONTROL.
	 */
3466
	ret = i915_gem_object_set_cache_level(obj,
3467 3468
					      HAS_WT(to_i915(obj->base.dev)) ?
					      I915_CACHE_WT : I915_CACHE_NONE);
C
Chris Wilson 已提交
3469 3470
	if (ret) {
		vma = ERR_PTR(ret);
3471
		goto err_unpin_display;
C
Chris Wilson 已提交
3472
	}
3473

3474 3475
	/* As the user may map the buffer once pinned in the display plane
	 * (e.g. libkms for the bootup splash), we have to ensure that we
3476 3477 3478 3479
	 * always use map_and_fenceable for all scanout buffers. However,
	 * it may simply be too big to fit into mappable, in which case
	 * put it anyway and hope that userspace can cope (but always first
	 * try to preserve the existing ABI).
3480
	 */
3481 3482 3483 3484
	vma = ERR_PTR(-ENOSPC);
	if (view->type == I915_GGTT_VIEW_NORMAL)
		vma = i915_gem_object_ggtt_pin(obj, view, 0, alignment,
					       PIN_MAPPABLE | PIN_NONBLOCK);
3485 3486 3487 3488 3489 3490 3491 3492 3493 3494 3495 3496 3497 3498 3499 3500
	if (IS_ERR(vma)) {
		struct drm_i915_private *i915 = to_i915(obj->base.dev);
		unsigned int flags;

		/* Valleyview is definitely limited to scanning out the first
		 * 512MiB. Lets presume this behaviour was inherited from the
		 * g4x display engine and that all earlier gen are similarly
		 * limited. Testing suggests that it is a little more
		 * complicated than this. For example, Cherryview appears quite
		 * happy to scanout from anywhere within its global aperture.
		 */
		flags = 0;
		if (HAS_GMCH_DISPLAY(i915))
			flags = PIN_MAPPABLE;
		vma = i915_gem_object_ggtt_pin(obj, view, 0, alignment, flags);
	}
C
Chris Wilson 已提交
3501
	if (IS_ERR(vma))
3502
		goto err_unpin_display;
3503

3504 3505
	vma->display_alignment = max_t(u64, vma->display_alignment, alignment);

3506 3507 3508 3509 3510
	/* Treat this as an end-of-frame, like intel_user_framebuffer_dirty() */
	if (obj->cache_dirty) {
		i915_gem_clflush_object(obj, true);
		intel_fb_obj_flush(obj, false, ORIGIN_DIRTYFB);
	}
3511

3512
	old_write_domain = obj->base.write_domain;
3513
	old_read_domains = obj->base.read_domains;
3514 3515 3516 3517

	/* It should now be out of any other write domains, and we can update
	 * the domain values for our changes.
	 */
3518
	obj->base.write_domain = 0;
3519
	obj->base.read_domains |= I915_GEM_DOMAIN_GTT;
3520 3521 3522

	trace_i915_gem_object_change_domain(obj,
					    old_read_domains,
3523
					    old_write_domain);
3524

C
Chris Wilson 已提交
3525
	return vma;
3526 3527

err_unpin_display:
3528
	obj->pin_display--;
C
Chris Wilson 已提交
3529
	return vma;
3530 3531 3532
}

void
C
Chris Wilson 已提交
3533
i915_gem_object_unpin_from_display_plane(struct i915_vma *vma)
3534
{
3535
	lockdep_assert_held(&vma->vm->i915->drm.struct_mutex);
3536

C
Chris Wilson 已提交
3537
	if (WARN_ON(vma->obj->pin_display == 0))
3538 3539
		return;

3540 3541
	if (--vma->obj->pin_display == 0)
		vma->display_alignment = 0;
3542

3543 3544 3545 3546
	/* Bump the LRU to try and avoid premature eviction whilst flipping  */
	if (!i915_vma_is_active(vma))
		list_move_tail(&vma->vm_link, &vma->vm->inactive_list);

C
Chris Wilson 已提交
3547
	i915_vma_unpin(vma);
3548 3549
}

3550 3551
/**
 * Moves a single object to the CPU read, and possibly write domain.
3552 3553
 * @obj: object to act on
 * @write: requesting write or read-only access
3554 3555 3556 3557
 *
 * This function returns when the move is complete, including waiting on
 * flushes to occur.
 */
3558
int
3559
i915_gem_object_set_to_cpu_domain(struct drm_i915_gem_object *obj, bool write)
3560
{
C
Chris Wilson 已提交
3561
	uint32_t old_write_domain, old_read_domains;
3562 3563
	int ret;

3564
	lockdep_assert_held(&obj->base.dev->struct_mutex);
3565

3566 3567 3568 3569 3570 3571
	ret = i915_gem_object_wait(obj,
				   I915_WAIT_INTERRUPTIBLE |
				   I915_WAIT_LOCKED |
				   (write ? I915_WAIT_ALL : 0),
				   MAX_SCHEDULE_TIMEOUT,
				   NULL);
3572 3573 3574
	if (ret)
		return ret;

3575 3576 3577
	if (obj->base.write_domain == I915_GEM_DOMAIN_CPU)
		return 0;

3578
	i915_gem_object_flush_gtt_write_domain(obj);
3579

3580 3581
	old_write_domain = obj->base.write_domain;
	old_read_domains = obj->base.read_domains;
C
Chris Wilson 已提交
3582

3583
	/* Flush the CPU cache if it's still invalid. */
3584
	if ((obj->base.read_domains & I915_GEM_DOMAIN_CPU) == 0) {
3585
		i915_gem_clflush_object(obj, false);
3586

3587
		obj->base.read_domains |= I915_GEM_DOMAIN_CPU;
3588 3589 3590 3591 3592
	}

	/* It should now be out of any other write domains, and we can update
	 * the domain values for our changes.
	 */
3593
	GEM_BUG_ON((obj->base.write_domain & ~I915_GEM_DOMAIN_CPU) != 0);
3594 3595 3596 3597 3598

	/* If we're writing through the CPU, then the GPU read domains will
	 * need to be invalidated at next use.
	 */
	if (write) {
3599 3600
		obj->base.read_domains = I915_GEM_DOMAIN_CPU;
		obj->base.write_domain = I915_GEM_DOMAIN_CPU;
3601
	}
3602

C
Chris Wilson 已提交
3603 3604 3605 3606
	trace_i915_gem_object_change_domain(obj,
					    old_read_domains,
					    old_write_domain);

3607 3608 3609
	return 0;
}

3610 3611 3612
/* Throttle our rendering by waiting until the ring has completed our requests
 * emitted over 20 msec ago.
 *
3613 3614 3615 3616
 * Note that if we were to use the current jiffies each time around the loop,
 * we wouldn't escape the function with any frames outstanding if the time to
 * render a frame was over 20ms.
 *
3617 3618 3619
 * This should get us reasonable parallelism between CPU and GPU but also
 * relatively low latency when blocking on a particular request to finish.
 */
3620
static int
3621
i915_gem_ring_throttle(struct drm_device *dev, struct drm_file *file)
3622
{
3623
	struct drm_i915_private *dev_priv = to_i915(dev);
3624
	struct drm_i915_file_private *file_priv = file->driver_priv;
3625
	unsigned long recent_enough = jiffies - DRM_I915_THROTTLE_JIFFIES;
3626
	struct drm_i915_gem_request *request, *target = NULL;
3627
	long ret;
3628

3629 3630 3631
	/* ABI: return -EIO if already wedged */
	if (i915_terminally_wedged(&dev_priv->gpu_error))
		return -EIO;
3632

3633
	spin_lock(&file_priv->mm.lock);
3634
	list_for_each_entry(request, &file_priv->mm.request_list, client_list) {
3635 3636
		if (time_after_eq(request->emitted_jiffies, recent_enough))
			break;
3637

3638 3639 3640 3641 3642 3643 3644
		/*
		 * Note that the request might not have been submitted yet.
		 * In which case emitted_jiffies will be zero.
		 */
		if (!request->emitted_jiffies)
			continue;

3645
		target = request;
3646
	}
3647
	if (target)
3648
		i915_gem_request_get(target);
3649
	spin_unlock(&file_priv->mm.lock);
3650

3651
	if (target == NULL)
3652
		return 0;
3653

3654 3655 3656
	ret = i915_wait_request(target,
				I915_WAIT_INTERRUPTIBLE,
				MAX_SCHEDULE_TIMEOUT);
3657
	i915_gem_request_put(target);
3658

3659
	return ret < 0 ? ret : 0;
3660 3661
}

C
Chris Wilson 已提交
3662
struct i915_vma *
3663 3664
i915_gem_object_ggtt_pin(struct drm_i915_gem_object *obj,
			 const struct i915_ggtt_view *view,
3665
			 u64 size,
3666 3667
			 u64 alignment,
			 u64 flags)
3668
{
3669 3670
	struct drm_i915_private *dev_priv = to_i915(obj->base.dev);
	struct i915_address_space *vm = &dev_priv->ggtt.base;
3671 3672
	struct i915_vma *vma;
	int ret;
3673

3674 3675
	lockdep_assert_held(&obj->base.dev->struct_mutex);

C
Chris Wilson 已提交
3676
	vma = i915_gem_obj_lookup_or_create_vma(obj, vm, view);
3677
	if (IS_ERR(vma))
C
Chris Wilson 已提交
3678
		return vma;
3679 3680 3681 3682

	if (i915_vma_misplaced(vma, size, alignment, flags)) {
		if (flags & PIN_NONBLOCK &&
		    (i915_vma_is_pinned(vma) || i915_vma_is_active(vma)))
C
Chris Wilson 已提交
3683
			return ERR_PTR(-ENOSPC);
3684

3685 3686 3687 3688 3689 3690 3691 3692 3693 3694 3695 3696 3697 3698 3699 3700 3701 3702 3703 3704 3705 3706 3707 3708 3709 3710 3711 3712 3713 3714 3715 3716 3717 3718 3719
		if (flags & PIN_MAPPABLE) {
			u32 fence_size;

			fence_size = i915_gem_get_ggtt_size(dev_priv, vma->size,
							    i915_gem_object_get_tiling(obj));
			/* If the required space is larger than the available
			 * aperture, we will not able to find a slot for the
			 * object and unbinding the object now will be in
			 * vain. Worse, doing so may cause us to ping-pong
			 * the object in and out of the Global GTT and
			 * waste a lot of cycles under the mutex.
			 */
			if (fence_size > dev_priv->ggtt.mappable_end)
				return ERR_PTR(-E2BIG);

			/* If NONBLOCK is set the caller is optimistically
			 * trying to cache the full object within the mappable
			 * aperture, and *must* have a fallback in place for
			 * situations where we cannot bind the object. We
			 * can be a little more lax here and use the fallback
			 * more often to avoid costly migrations of ourselves
			 * and other objects within the aperture.
			 *
			 * Half-the-aperture is used as a simple heuristic.
			 * More interesting would to do search for a free
			 * block prior to making the commitment to unbind.
			 * That caters for the self-harm case, and with a
			 * little more heuristics (e.g. NOFAULT, NOEVICT)
			 * we could try to minimise harm to others.
			 */
			if (flags & PIN_NONBLOCK &&
			    fence_size > dev_priv->ggtt.mappable_end / 2)
				return ERR_PTR(-ENOSPC);
		}

3720 3721
		WARN(i915_vma_is_pinned(vma),
		     "bo is already pinned in ggtt with incorrect alignment:"
3722 3723 3724
		     " offset=%08x, req.alignment=%llx,"
		     " req.map_and_fenceable=%d, vma->map_and_fenceable=%d\n",
		     i915_ggtt_offset(vma), alignment,
3725
		     !!(flags & PIN_MAPPABLE),
3726
		     i915_vma_is_map_and_fenceable(vma));
3727 3728
		ret = i915_vma_unbind(vma);
		if (ret)
C
Chris Wilson 已提交
3729
			return ERR_PTR(ret);
3730 3731
	}

C
Chris Wilson 已提交
3732 3733 3734
	ret = i915_vma_pin(vma, size, alignment, flags | PIN_GLOBAL);
	if (ret)
		return ERR_PTR(ret);
3735

C
Chris Wilson 已提交
3736
	return vma;
3737 3738
}

3739
static __always_inline unsigned int __busy_read_flag(unsigned int id)
3740 3741 3742 3743 3744 3745 3746 3747 3748 3749 3750 3751 3752 3753
{
	/* Note that we could alias engines in the execbuf API, but
	 * that would be very unwise as it prevents userspace from
	 * fine control over engine selection. Ahem.
	 *
	 * This should be something like EXEC_MAX_ENGINE instead of
	 * I915_NUM_ENGINES.
	 */
	BUILD_BUG_ON(I915_NUM_ENGINES > 16);
	return 0x10000 << id;
}

static __always_inline unsigned int __busy_write_id(unsigned int id)
{
3754 3755 3756 3757 3758 3759 3760 3761 3762
	/* The uABI guarantees an active writer is also amongst the read
	 * engines. This would be true if we accessed the activity tracking
	 * under the lock, but as we perform the lookup of the object and
	 * its activity locklessly we can not guarantee that the last_write
	 * being active implies that we have set the same engine flag from
	 * last_read - hence we always set both read and write busy for
	 * last_write.
	 */
	return id | __busy_read_flag(id);
3763 3764
}

3765
static __always_inline unsigned int
3766
__busy_set_if_active(const struct dma_fence *fence,
3767 3768
		     unsigned int (*flag)(unsigned int id))
{
3769
	struct drm_i915_gem_request *rq;
3770

3771 3772 3773 3774
	/* We have to check the current hw status of the fence as the uABI
	 * guarantees forward progress. We could rely on the idle worker
	 * to eventually flush us, but to minimise latency just ask the
	 * hardware.
3775
	 *
3776
	 * Note we only report on the status of native fences.
3777
	 */
3778 3779 3780 3781 3782 3783 3784 3785 3786
	if (!dma_fence_is_i915(fence))
		return 0;

	/* opencode to_request() in order to avoid const warnings */
	rq = container_of(fence, struct drm_i915_gem_request, fence);
	if (i915_gem_request_completed(rq))
		return 0;

	return flag(rq->engine->exec_id);
3787 3788
}

3789
static __always_inline unsigned int
3790
busy_check_reader(const struct dma_fence *fence)
3791
{
3792
	return __busy_set_if_active(fence, __busy_read_flag);
3793 3794
}

3795
static __always_inline unsigned int
3796
busy_check_writer(const struct dma_fence *fence)
3797
{
3798 3799 3800 3801
	if (!fence)
		return 0;

	return __busy_set_if_active(fence, __busy_write_id);
3802 3803
}

3804 3805
int
i915_gem_busy_ioctl(struct drm_device *dev, void *data,
3806
		    struct drm_file *file)
3807 3808
{
	struct drm_i915_gem_busy *args = data;
3809
	struct drm_i915_gem_object *obj;
3810 3811
	struct reservation_object_list *list;
	unsigned int seq;
3812
	int err;
3813

3814
	err = -ENOENT;
3815 3816
	rcu_read_lock();
	obj = i915_gem_object_lookup_rcu(file, args->handle);
3817
	if (!obj)
3818
		goto out;
3819

3820 3821 3822 3823 3824 3825 3826 3827 3828 3829 3830 3831 3832 3833 3834 3835 3836 3837
	/* A discrepancy here is that we do not report the status of
	 * non-i915 fences, i.e. even though we may report the object as idle,
	 * a call to set-domain may still stall waiting for foreign rendering.
	 * This also means that wait-ioctl may report an object as busy,
	 * where busy-ioctl considers it idle.
	 *
	 * We trade the ability to warn of foreign fences to report on which
	 * i915 engines are active for the object.
	 *
	 * Alternatively, we can trade that extra information on read/write
	 * activity with
	 *	args->busy =
	 *		!reservation_object_test_signaled_rcu(obj->resv, true);
	 * to report the overall busyness. This is what the wait-ioctl does.
	 *
	 */
retry:
	seq = raw_read_seqcount(&obj->resv->seq);
3838

3839 3840
	/* Translate the exclusive fence to the READ *and* WRITE engine */
	args->busy = busy_check_writer(rcu_dereference(obj->resv->fence_excl));
3841

3842 3843 3844 3845
	/* Translate shared fences to READ set of engines */
	list = rcu_dereference(obj->resv->fence);
	if (list) {
		unsigned int shared_count = list->shared_count, i;
3846

3847 3848 3849 3850 3851 3852
		for (i = 0; i < shared_count; ++i) {
			struct dma_fence *fence =
				rcu_dereference(list->shared[i]);

			args->busy |= busy_check_reader(fence);
		}
3853
	}
3854

3855 3856 3857 3858
	if (args->busy && read_seqcount_retry(&obj->resv->seq, seq))
		goto retry;

	err = 0;
3859 3860 3861
out:
	rcu_read_unlock();
	return err;
3862 3863 3864 3865 3866 3867
}

int
i915_gem_throttle_ioctl(struct drm_device *dev, void *data,
			struct drm_file *file_priv)
{
3868
	return i915_gem_ring_throttle(dev, file_priv);
3869 3870
}

3871 3872 3873 3874
int
i915_gem_madvise_ioctl(struct drm_device *dev, void *data,
		       struct drm_file *file_priv)
{
3875
	struct drm_i915_private *dev_priv = to_i915(dev);
3876
	struct drm_i915_gem_madvise *args = data;
3877
	struct drm_i915_gem_object *obj;
3878
	int err;
3879 3880 3881 3882 3883 3884 3885 3886 3887

	switch (args->madv) {
	case I915_MADV_DONTNEED:
	case I915_MADV_WILLNEED:
	    break;
	default:
	    return -EINVAL;
	}

3888
	obj = i915_gem_object_lookup(file_priv, args->handle);
3889 3890 3891 3892 3893 3894
	if (!obj)
		return -ENOENT;

	err = mutex_lock_interruptible(&obj->mm.lock);
	if (err)
		goto out;
3895

C
Chris Wilson 已提交
3896
	if (obj->mm.pages &&
3897
	    i915_gem_object_is_tiled(obj) &&
3898
	    dev_priv->quirks & QUIRK_PIN_SWIZZLED_PAGES) {
3899 3900
		if (obj->mm.madv == I915_MADV_WILLNEED) {
			GEM_BUG_ON(!obj->mm.quirked);
C
Chris Wilson 已提交
3901
			__i915_gem_object_unpin_pages(obj);
3902 3903 3904
			obj->mm.quirked = false;
		}
		if (args->madv == I915_MADV_WILLNEED) {
3905
			GEM_BUG_ON(obj->mm.quirked);
C
Chris Wilson 已提交
3906
			__i915_gem_object_pin_pages(obj);
3907 3908
			obj->mm.quirked = true;
		}
3909 3910
	}

C
Chris Wilson 已提交
3911 3912
	if (obj->mm.madv != __I915_MADV_PURGED)
		obj->mm.madv = args->madv;
3913

C
Chris Wilson 已提交
3914
	/* if the object is no longer attached, discard its backing storage */
C
Chris Wilson 已提交
3915
	if (obj->mm.madv == I915_MADV_DONTNEED && !obj->mm.pages)
3916 3917
		i915_gem_object_truncate(obj);

C
Chris Wilson 已提交
3918
	args->retained = obj->mm.madv != __I915_MADV_PURGED;
3919
	mutex_unlock(&obj->mm.lock);
C
Chris Wilson 已提交
3920

3921
out:
3922
	i915_gem_object_put(obj);
3923
	return err;
3924 3925
}

3926 3927 3928 3929 3930 3931 3932 3933 3934 3935
static void
frontbuffer_retire(struct i915_gem_active *active,
		   struct drm_i915_gem_request *request)
{
	struct drm_i915_gem_object *obj =
		container_of(active, typeof(*obj), frontbuffer_write);

	intel_fb_obj_flush(obj, true, ORIGIN_CS);
}

3936 3937
void i915_gem_object_init(struct drm_i915_gem_object *obj,
			  const struct drm_i915_gem_object_ops *ops)
3938
{
3939 3940
	mutex_init(&obj->mm.lock);

3941
	INIT_LIST_HEAD(&obj->global_link);
3942
	INIT_LIST_HEAD(&obj->userfault_link);
3943
	INIT_LIST_HEAD(&obj->obj_exec_link);
B
Ben Widawsky 已提交
3944
	INIT_LIST_HEAD(&obj->vma_list);
3945
	INIT_LIST_HEAD(&obj->batch_pool_link);
3946

3947 3948
	obj->ops = ops;

3949 3950 3951
	reservation_object_init(&obj->__builtin_resv);
	obj->resv = &obj->__builtin_resv;

3952
	obj->frontbuffer_ggtt_origin = ORIGIN_GTT;
3953
	init_request_active(&obj->frontbuffer_write, frontbuffer_retire);
C
Chris Wilson 已提交
3954 3955 3956 3957

	obj->mm.madv = I915_MADV_WILLNEED;
	INIT_RADIX_TREE(&obj->mm.get_page.radix, GFP_KERNEL | __GFP_NOWARN);
	mutex_init(&obj->mm.get_page.lock);
3958

3959
	i915_gem_info_add_obj(to_i915(obj->base.dev), obj->base.size);
3960 3961
}

3962
static const struct drm_i915_gem_object_ops i915_gem_object_ops = {
3963 3964
	.flags = I915_GEM_OBJECT_HAS_STRUCT_PAGE |
		 I915_GEM_OBJECT_IS_SHRINKABLE,
3965 3966 3967 3968
	.get_pages = i915_gem_object_get_pages_gtt,
	.put_pages = i915_gem_object_put_pages_gtt,
};

3969 3970 3971 3972 3973 3974
/* Note we don't consider signbits :| */
#define overflows_type(x, T) \
	(sizeof(x) > sizeof(T) && (x) >> (sizeof(T) * BITS_PER_BYTE))

struct drm_i915_gem_object *
i915_gem_object_create(struct drm_device *dev, u64 size)
3975
{
3976
	struct drm_i915_private *dev_priv = to_i915(dev);
3977
	struct drm_i915_gem_object *obj;
3978
	struct address_space *mapping;
D
Daniel Vetter 已提交
3979
	gfp_t mask;
3980
	int ret;
3981

3982 3983 3984 3985 3986 3987 3988 3989 3990 3991 3992
	/* There is a prevalence of the assumption that we fit the object's
	 * page count inside a 32bit _signed_ variable. Let's document this and
	 * catch if we ever need to fix it. In the meantime, if you do spot
	 * such a local variable, please consider fixing!
	 */
	if (WARN_ON(size >> PAGE_SHIFT > INT_MAX))
		return ERR_PTR(-E2BIG);

	if (overflows_type(size, obj->base.size))
		return ERR_PTR(-E2BIG);

3993
	obj = i915_gem_object_alloc(dev);
3994
	if (obj == NULL)
3995
		return ERR_PTR(-ENOMEM);
3996

3997 3998 3999
	ret = drm_gem_object_init(dev, &obj->base, size);
	if (ret)
		goto fail;
4000

4001
	mask = GFP_HIGHUSER | __GFP_RECLAIMABLE;
4002
	if (IS_CRESTLINE(dev_priv) || IS_BROADWATER(dev_priv)) {
4003 4004 4005 4006 4007
		/* 965gm cannot relocate objects above 4GiB. */
		mask &= ~__GFP_HIGHMEM;
		mask |= __GFP_DMA32;
	}

4008
	mapping = obj->base.filp->f_mapping;
4009
	mapping_set_gfp_mask(mapping, mask);
4010

4011
	i915_gem_object_init(obj, &i915_gem_object_ops);
4012

4013 4014
	obj->base.write_domain = I915_GEM_DOMAIN_CPU;
	obj->base.read_domains = I915_GEM_DOMAIN_CPU;
4015

4016
	if (HAS_LLC(dev_priv)) {
4017
		/* On some devices, we can have the GPU use the LLC (the CPU
4018 4019 4020 4021 4022 4023 4024 4025 4026 4027 4028 4029 4030 4031 4032
		 * cache) for about a 10% performance improvement
		 * compared to uncached.  Graphics requests other than
		 * display scanout are coherent with the CPU in
		 * accessing this cache.  This means in this mode we
		 * don't need to clflush on the CPU side, and on the
		 * GPU side we only need to flush internal caches to
		 * get data visible to the CPU.
		 *
		 * However, we maintain the display planes as UC, and so
		 * need to rebind when first used as such.
		 */
		obj->cache_level = I915_CACHE_LLC;
	} else
		obj->cache_level = I915_CACHE_NONE;

4033 4034
	trace_i915_gem_object_create(obj);

4035
	return obj;
4036 4037 4038 4039

fail:
	i915_gem_object_free(obj);
	return ERR_PTR(ret);
4040 4041
}

4042 4043 4044 4045 4046 4047 4048 4049
static bool discard_backing_storage(struct drm_i915_gem_object *obj)
{
	/* If we are the last user of the backing storage (be it shmemfs
	 * pages or stolen etc), we know that the pages are going to be
	 * immediately released. In this case, we can then skip copying
	 * back the contents from the GPU.
	 */

C
Chris Wilson 已提交
4050
	if (obj->mm.madv != I915_MADV_WILLNEED)
4051 4052 4053 4054 4055 4056 4057 4058 4059 4060 4061 4062 4063 4064 4065
		return false;

	if (obj->base.filp == NULL)
		return true;

	/* At first glance, this looks racy, but then again so would be
	 * userspace racing mmap against close. However, the first external
	 * reference to the filp can only be obtained through the
	 * i915_gem_mmap_ioctl() which safeguards us against the user
	 * acquiring such a reference whilst we are in the middle of
	 * freeing the object.
	 */
	return atomic_long_read(&obj->base.filp->f_count) == 1;
}

4066 4067
static void __i915_gem_free_objects(struct drm_i915_private *i915,
				    struct llist_node *freed)
4068
{
4069
	struct drm_i915_gem_object *obj, *on;
4070

4071 4072 4073 4074 4075 4076 4077 4078 4079 4080 4081 4082 4083 4084 4085
	mutex_lock(&i915->drm.struct_mutex);
	intel_runtime_pm_get(i915);
	llist_for_each_entry(obj, freed, freed) {
		struct i915_vma *vma, *vn;

		trace_i915_gem_object_destroy(obj);

		GEM_BUG_ON(i915_gem_object_is_active(obj));
		list_for_each_entry_safe(vma, vn,
					 &obj->vma_list, obj_link) {
			GEM_BUG_ON(!i915_vma_is_ggtt(vma));
			GEM_BUG_ON(i915_vma_is_active(vma));
			vma->flags &= ~I915_VMA_PIN_MASK;
			i915_vma_close(vma);
		}
4086 4087
		GEM_BUG_ON(!list_empty(&obj->vma_list));
		GEM_BUG_ON(!RB_EMPTY_ROOT(&obj->vma_tree));
4088

4089
		list_del(&obj->global_link);
4090 4091 4092 4093 4094 4095 4096 4097 4098 4099
	}
	intel_runtime_pm_put(i915);
	mutex_unlock(&i915->drm.struct_mutex);

	llist_for_each_entry_safe(obj, on, freed, freed) {
		GEM_BUG_ON(obj->bind_count);
		GEM_BUG_ON(atomic_read(&obj->frontbuffer_bits));

		if (obj->ops->release)
			obj->ops->release(obj);
4100

4101 4102
		if (WARN_ON(i915_gem_object_has_pinned_pages(obj)))
			atomic_set(&obj->mm.pages_pin_count, 0);
4103
		__i915_gem_object_put_pages(obj, I915_MM_NORMAL);
4104 4105 4106 4107 4108
		GEM_BUG_ON(obj->mm.pages);

		if (obj->base.import_attach)
			drm_prime_gem_destroy(&obj->base, NULL);

4109
		reservation_object_fini(&obj->__builtin_resv);
4110 4111 4112 4113 4114 4115 4116 4117 4118 4119 4120 4121 4122 4123 4124 4125 4126 4127 4128 4129 4130 4131
		drm_gem_object_release(&obj->base);
		i915_gem_info_remove_obj(i915, obj->base.size);

		kfree(obj->bit_17);
		i915_gem_object_free(obj);
	}
}

static void i915_gem_flush_free_objects(struct drm_i915_private *i915)
{
	struct llist_node *freed;

	freed = llist_del_all(&i915->mm.free_list);
	if (unlikely(freed))
		__i915_gem_free_objects(i915, freed);
}

static void __i915_gem_free_work(struct work_struct *work)
{
	struct drm_i915_private *i915 =
		container_of(work, struct drm_i915_private, mm.free_work);
	struct llist_node *freed;
4132

4133 4134 4135 4136 4137 4138 4139
	/* All file-owned VMA should have been released by this point through
	 * i915_gem_close_object(), or earlier by i915_gem_context_close().
	 * However, the object may also be bound into the global GTT (e.g.
	 * older GPUs without per-process support, or for direct access through
	 * the GTT either for the user or for scanout). Those VMA still need to
	 * unbound now.
	 */
4140

4141 4142 4143
	while ((freed = llist_del_all(&i915->mm.free_list)))
		__i915_gem_free_objects(i915, freed);
}
4144

4145 4146 4147 4148 4149 4150 4151 4152 4153 4154 4155 4156 4157 4158
static void __i915_gem_free_object_rcu(struct rcu_head *head)
{
	struct drm_i915_gem_object *obj =
		container_of(head, typeof(*obj), rcu);
	struct drm_i915_private *i915 = to_i915(obj->base.dev);

	/* We can't simply use call_rcu() from i915_gem_free_object()
	 * as we need to block whilst unbinding, and the call_rcu
	 * task may be called from softirq context. So we take a
	 * detour through a worker.
	 */
	if (llist_add(&obj->freed, &i915->mm.free_list))
		schedule_work(&i915->mm.free_work);
}
4159

4160 4161 4162
void i915_gem_free_object(struct drm_gem_object *gem_obj)
{
	struct drm_i915_gem_object *obj = to_intel_bo(gem_obj);
C
Chris Wilson 已提交
4163

4164 4165 4166
	if (obj->mm.quirked)
		__i915_gem_object_unpin_pages(obj);

4167
	if (discard_backing_storage(obj))
C
Chris Wilson 已提交
4168
		obj->mm.madv = I915_MADV_DONTNEED;
4169

4170 4171 4172 4173 4174 4175
	/* Before we free the object, make sure any pure RCU-only
	 * read-side critical sections are complete, e.g.
	 * i915_gem_busy_ioctl(). For the corresponding synchronized
	 * lookup see i915_gem_object_lookup_rcu().
	 */
	call_rcu(&obj->rcu, __i915_gem_free_object_rcu);
4176 4177
}

4178 4179 4180 4181 4182 4183 4184 4185 4186 4187 4188
void __i915_gem_object_release_unless_active(struct drm_i915_gem_object *obj)
{
	lockdep_assert_held(&obj->base.dev->struct_mutex);

	GEM_BUG_ON(i915_gem_object_has_active_reference(obj));
	if (i915_gem_object_is_active(obj))
		i915_gem_object_set_active_reference(obj);
	else
		i915_gem_object_put(obj);
}

4189 4190 4191 4192 4193 4194 4195 4196 4197
static void assert_kernel_context_is_current(struct drm_i915_private *dev_priv)
{
	struct intel_engine_cs *engine;
	enum intel_engine_id id;

	for_each_engine(engine, dev_priv, id)
		GEM_BUG_ON(engine->last_context != dev_priv->kernel_context);
}

4198
int i915_gem_suspend(struct drm_device *dev)
4199
{
4200
	struct drm_i915_private *dev_priv = to_i915(dev);
4201
	int ret;
4202

4203 4204
	intel_suspend_gt_powersave(dev_priv);

4205
	mutex_lock(&dev->struct_mutex);
4206 4207 4208 4209 4210 4211 4212 4213 4214 4215 4216 4217 4218

	/* We have to flush all the executing contexts to main memory so
	 * that they can saved in the hibernation image. To ensure the last
	 * context image is coherent, we have to switch away from it. That
	 * leaves the dev_priv->kernel_context still active when
	 * we actually suspend, and its image in memory may not match the GPU
	 * state. Fortunately, the kernel_context is disposable and we do
	 * not rely on its state.
	 */
	ret = i915_gem_switch_to_kernel_context(dev_priv);
	if (ret)
		goto err;

4219 4220 4221
	ret = i915_gem_wait_for_idle(dev_priv,
				     I915_WAIT_INTERRUPTIBLE |
				     I915_WAIT_LOCKED);
4222
	if (ret)
4223
		goto err;
4224

4225
	i915_gem_retire_requests(dev_priv);
4226
	GEM_BUG_ON(dev_priv->gt.active_requests);
4227

4228
	assert_kernel_context_is_current(dev_priv);
4229
	i915_gem_context_lost(dev_priv);
4230 4231
	mutex_unlock(&dev->struct_mutex);

4232
	cancel_delayed_work_sync(&dev_priv->gpu_error.hangcheck_work);
4233 4234
	cancel_delayed_work_sync(&dev_priv->gt.retire_work);
	flush_delayed_work(&dev_priv->gt.idle_work);
4235
	flush_work(&dev_priv->mm.free_work);
4236

4237 4238 4239
	/* Assert that we sucessfully flushed all the work and
	 * reset the GPU back to its idle, low power state.
	 */
4240
	WARN_ON(dev_priv->gt.awake);
4241
	WARN_ON(!intel_execlists_idle(dev_priv));
4242

4243 4244 4245 4246 4247 4248 4249 4250 4251 4252 4253 4254 4255 4256 4257 4258 4259 4260 4261
	/*
	 * Neither the BIOS, ourselves or any other kernel
	 * expects the system to be in execlists mode on startup,
	 * so we need to reset the GPU back to legacy mode. And the only
	 * known way to disable logical contexts is through a GPU reset.
	 *
	 * So in order to leave the system in a known default configuration,
	 * always reset the GPU upon unload and suspend. Afterwards we then
	 * clean up the GEM state tracking, flushing off the requests and
	 * leaving the system in a known idle state.
	 *
	 * Note that is of the upmost importance that the GPU is idle and
	 * all stray writes are flushed *before* we dismantle the backing
	 * storage for the pinned objects.
	 *
	 * However, since we are uncertain that resetting the GPU on older
	 * machines is a good idea, we don't - just in case it leaves the
	 * machine in an unusable condition.
	 */
4262
	if (HAS_HW_CONTEXTS(dev_priv)) {
4263 4264 4265 4266
		int reset = intel_gpu_reset(dev_priv, ALL_ENGINES);
		WARN_ON(reset && reset != -ENODEV);
	}

4267
	return 0;
4268 4269 4270 4271

err:
	mutex_unlock(&dev->struct_mutex);
	return ret;
4272 4273
}

4274 4275 4276 4277
void i915_gem_resume(struct drm_device *dev)
{
	struct drm_i915_private *dev_priv = to_i915(dev);

4278 4279
	WARN_ON(dev_priv->gt.awake);

4280
	mutex_lock(&dev->struct_mutex);
4281
	i915_gem_restore_gtt_mappings(dev_priv);
4282 4283 4284 4285 4286

	/* As we didn't flush the kernel context before suspend, we cannot
	 * guarantee that the context image is complete. So let's just reset
	 * it and start again.
	 */
4287
	dev_priv->gt.resume(dev_priv);
4288 4289 4290 4291

	mutex_unlock(&dev->struct_mutex);
}

4292
void i915_gem_init_swizzling(struct drm_i915_private *dev_priv)
4293
{
4294
	if (INTEL_GEN(dev_priv) < 5 ||
4295 4296 4297 4298 4299 4300
	    dev_priv->mm.bit_6_swizzle_x == I915_BIT_6_SWIZZLE_NONE)
		return;

	I915_WRITE(DISP_ARB_CTL, I915_READ(DISP_ARB_CTL) |
				 DISP_TILE_SURFACE_SWIZZLING);

4301
	if (IS_GEN5(dev_priv))
4302 4303
		return;

4304
	I915_WRITE(TILECTL, I915_READ(TILECTL) | TILECTL_SWZCTL);
4305
	if (IS_GEN6(dev_priv))
4306
		I915_WRITE(ARB_MODE, _MASKED_BIT_ENABLE(ARB_MODE_SWIZZLE_SNB));
4307
	else if (IS_GEN7(dev_priv))
4308
		I915_WRITE(ARB_MODE, _MASKED_BIT_ENABLE(ARB_MODE_SWIZZLE_IVB));
4309
	else if (IS_GEN8(dev_priv))
B
Ben Widawsky 已提交
4310
		I915_WRITE(GAMTARBMODE, _MASKED_BIT_ENABLE(ARB_MODE_SWIZZLE_BDW));
4311 4312
	else
		BUG();
4313
}
D
Daniel Vetter 已提交
4314

4315
static void init_unused_ring(struct drm_i915_private *dev_priv, u32 base)
4316 4317 4318 4319 4320 4321 4322
{
	I915_WRITE(RING_CTL(base), 0);
	I915_WRITE(RING_HEAD(base), 0);
	I915_WRITE(RING_TAIL(base), 0);
	I915_WRITE(RING_START(base), 0);
}

4323
static void init_unused_rings(struct drm_i915_private *dev_priv)
4324
{
4325 4326 4327 4328 4329 4330 4331 4332 4333 4334 4335 4336
	if (IS_I830(dev_priv)) {
		init_unused_ring(dev_priv, PRB1_BASE);
		init_unused_ring(dev_priv, SRB0_BASE);
		init_unused_ring(dev_priv, SRB1_BASE);
		init_unused_ring(dev_priv, SRB2_BASE);
		init_unused_ring(dev_priv, SRB3_BASE);
	} else if (IS_GEN2(dev_priv)) {
		init_unused_ring(dev_priv, SRB0_BASE);
		init_unused_ring(dev_priv, SRB1_BASE);
	} else if (IS_GEN3(dev_priv)) {
		init_unused_ring(dev_priv, PRB1_BASE);
		init_unused_ring(dev_priv, PRB2_BASE);
4337 4338 4339
	}
}

4340 4341 4342
int
i915_gem_init_hw(struct drm_device *dev)
{
4343
	struct drm_i915_private *dev_priv = to_i915(dev);
4344
	struct intel_engine_cs *engine;
4345
	enum intel_engine_id id;
C
Chris Wilson 已提交
4346
	int ret;
4347

4348 4349
	dev_priv->gt.last_init_time = ktime_get();

4350 4351 4352
	/* Double layer security blanket, see i915_gem_init() */
	intel_uncore_forcewake_get(dev_priv, FORCEWAKE_ALL);

4353
	if (HAS_EDRAM(dev_priv) && INTEL_GEN(dev_priv) < 9)
4354
		I915_WRITE(HSW_IDICR, I915_READ(HSW_IDICR) | IDIHASHMSK(0xf));
4355

4356
	if (IS_HASWELL(dev_priv))
4357
		I915_WRITE(MI_PREDICATE_RESULT_2, IS_HSW_GT3(dev_priv) ?
4358
			   LOWER_SLICE_ENABLED : LOWER_SLICE_DISABLED);
4359

4360
	if (HAS_PCH_NOP(dev_priv)) {
4361
		if (IS_IVYBRIDGE(dev_priv)) {
4362 4363 4364
			u32 temp = I915_READ(GEN7_MSG_CTL);
			temp &= ~(WAIT_FOR_PCH_FLR_ACK | WAIT_FOR_PCH_RESET_ACK);
			I915_WRITE(GEN7_MSG_CTL, temp);
4365
		} else if (INTEL_GEN(dev_priv) >= 7) {
4366 4367 4368 4369
			u32 temp = I915_READ(HSW_NDE_RSTWRN_OPT);
			temp &= ~RESET_PCH_HANDSHAKE_ENABLE;
			I915_WRITE(HSW_NDE_RSTWRN_OPT, temp);
		}
4370 4371
	}

4372
	i915_gem_init_swizzling(dev_priv);
4373

4374 4375 4376 4377 4378 4379
	/*
	 * At least 830 can leave some of the unused rings
	 * "active" (ie. head != tail) after resume which
	 * will prevent c3 entry. Makes sure all unused rings
	 * are totally idle.
	 */
4380
	init_unused_rings(dev_priv);
4381

4382
	BUG_ON(!dev_priv->kernel_context);
4383

4384
	ret = i915_ppgtt_init_hw(dev_priv);
4385 4386 4387 4388 4389 4390
	if (ret) {
		DRM_ERROR("PPGTT enable HW failed %d\n", ret);
		goto out;
	}

	/* Need to do basic initialisation of all rings first: */
4391
	for_each_engine(engine, dev_priv, id) {
4392
		ret = engine->init_hw(engine);
D
Daniel Vetter 已提交
4393
		if (ret)
4394
			goto out;
D
Daniel Vetter 已提交
4395
	}
4396

4397 4398
	intel_mocs_init_l3cc_table(dev);

4399
	/* We can't enable contexts until all firmware is loaded */
4400 4401 4402
	ret = intel_guc_setup(dev);
	if (ret)
		goto out;
4403

4404 4405
out:
	intel_uncore_forcewake_put(dev_priv, FORCEWAKE_ALL);
4406
	return ret;
4407 4408
}

4409 4410 4411 4412 4413 4414 4415 4416 4417 4418 4419 4420 4421 4422 4423 4424 4425 4426 4427 4428 4429
bool intel_sanitize_semaphores(struct drm_i915_private *dev_priv, int value)
{
	if (INTEL_INFO(dev_priv)->gen < 6)
		return false;

	/* TODO: make semaphores and Execlists play nicely together */
	if (i915.enable_execlists)
		return false;

	if (value >= 0)
		return value;

#ifdef CONFIG_INTEL_IOMMU
	/* Enable semaphores on SNB when IO remapping is off */
	if (INTEL_INFO(dev_priv)->gen == 6 && intel_iommu_gfx_mapped)
		return false;
#endif

	return true;
}

4430 4431
int i915_gem_init(struct drm_device *dev)
{
4432
	struct drm_i915_private *dev_priv = to_i915(dev);
4433 4434 4435
	int ret;

	mutex_lock(&dev->struct_mutex);
4436

4437
	if (!i915.enable_execlists) {
4438
		dev_priv->gt.resume = intel_legacy_submission_resume;
4439
		dev_priv->gt.cleanup_engine = intel_engine_cleanup;
4440
	} else {
4441
		dev_priv->gt.resume = intel_lr_context_resume;
4442
		dev_priv->gt.cleanup_engine = intel_logical_ring_cleanup;
4443 4444
	}

4445 4446 4447 4448 4449 4450 4451 4452
	/* This is just a security blanket to placate dragons.
	 * On some systems, we very sporadically observe that the first TLBs
	 * used by the CS may be stale, despite us poking the TLB reset. If
	 * we hold the forcewake during initialisation these problems
	 * just magically go away.
	 */
	intel_uncore_forcewake_get(dev_priv, FORCEWAKE_ALL);

4453
	i915_gem_init_userptr(dev_priv);
4454 4455 4456 4457

	ret = i915_gem_init_ggtt(dev_priv);
	if (ret)
		goto out_unlock;
4458

4459
	ret = i915_gem_context_init(dev);
4460 4461
	if (ret)
		goto out_unlock;
4462

4463
	ret = intel_engines_init(dev);
D
Daniel Vetter 已提交
4464
	if (ret)
4465
		goto out_unlock;
4466

4467
	ret = i915_gem_init_hw(dev);
4468
	if (ret == -EIO) {
4469
		/* Allow engine initialisation to fail by marking the GPU as
4470 4471 4472 4473
		 * wedged. But we only want to do this where the GPU is angry,
		 * for all other failure, such as an allocation failure, bail.
		 */
		DRM_ERROR("Failed to initialize GPU, declaring it wedged\n");
4474
		i915_gem_set_wedged(dev_priv);
4475
		ret = 0;
4476
	}
4477 4478

out_unlock:
4479
	intel_uncore_forcewake_put(dev_priv, FORCEWAKE_ALL);
4480
	mutex_unlock(&dev->struct_mutex);
4481

4482
	return ret;
4483 4484
}

4485
void
4486
i915_gem_cleanup_engines(struct drm_device *dev)
4487
{
4488
	struct drm_i915_private *dev_priv = to_i915(dev);
4489
	struct intel_engine_cs *engine;
4490
	enum intel_engine_id id;
4491

4492
	for_each_engine(engine, dev_priv, id)
4493
		dev_priv->gt.cleanup_engine(engine);
4494 4495
}

4496 4497 4498
void
i915_gem_load_init_fences(struct drm_i915_private *dev_priv)
{
4499
	int i;
4500 4501 4502 4503 4504 4505 4506 4507 4508 4509

	if (INTEL_INFO(dev_priv)->gen >= 7 && !IS_VALLEYVIEW(dev_priv) &&
	    !IS_CHERRYVIEW(dev_priv))
		dev_priv->num_fence_regs = 32;
	else if (INTEL_INFO(dev_priv)->gen >= 4 || IS_I945G(dev_priv) ||
		 IS_I945GM(dev_priv) || IS_G33(dev_priv))
		dev_priv->num_fence_regs = 16;
	else
		dev_priv->num_fence_regs = 8;

4510
	if (intel_vgpu_active(dev_priv))
4511 4512 4513 4514
		dev_priv->num_fence_regs =
				I915_READ(vgtif_reg(avail_rs.fence_num));

	/* Initialize fence registers to zero */
4515 4516 4517 4518 4519 4520 4521
	for (i = 0; i < dev_priv->num_fence_regs; i++) {
		struct drm_i915_fence_reg *fence = &dev_priv->fence_regs[i];

		fence->i915 = dev_priv;
		fence->id = i;
		list_add_tail(&fence->link, &dev_priv->mm.fence_list);
	}
4522
	i915_gem_restore_fences(dev_priv);
4523

4524
	i915_gem_detect_bit_6_swizzle(dev_priv);
4525 4526
}

4527
int
4528
i915_gem_load_init(struct drm_device *dev)
4529
{
4530
	struct drm_i915_private *dev_priv = to_i915(dev);
4531
	int err = -ENOMEM;
4532

4533 4534
	dev_priv->objects = KMEM_CACHE(drm_i915_gem_object, SLAB_HWCACHE_ALIGN);
	if (!dev_priv->objects)
4535 4536
		goto err_out;

4537 4538
	dev_priv->vmas = KMEM_CACHE(i915_vma, SLAB_HWCACHE_ALIGN);
	if (!dev_priv->vmas)
4539 4540
		goto err_objects;

4541 4542 4543 4544 4545
	dev_priv->requests = KMEM_CACHE(drm_i915_gem_request,
					SLAB_HWCACHE_ALIGN |
					SLAB_RECLAIM_ACCOUNT |
					SLAB_DESTROY_BY_RCU);
	if (!dev_priv->requests)
4546 4547
		goto err_vmas;

4548 4549 4550 4551 4552 4553
	dev_priv->dependencies = KMEM_CACHE(i915_dependency,
					    SLAB_HWCACHE_ALIGN |
					    SLAB_RECLAIM_ACCOUNT);
	if (!dev_priv->dependencies)
		goto err_requests;

4554 4555
	mutex_lock(&dev_priv->drm.struct_mutex);
	INIT_LIST_HEAD(&dev_priv->gt.timelines);
4556
	err = i915_gem_timeline_init__global(dev_priv);
4557 4558
	mutex_unlock(&dev_priv->drm.struct_mutex);
	if (err)
4559
		goto err_dependencies;
4560

4561
	INIT_LIST_HEAD(&dev_priv->context_list);
4562 4563
	INIT_WORK(&dev_priv->mm.free_work, __i915_gem_free_work);
	init_llist_head(&dev_priv->mm.free_list);
C
Chris Wilson 已提交
4564 4565
	INIT_LIST_HEAD(&dev_priv->mm.unbound_list);
	INIT_LIST_HEAD(&dev_priv->mm.bound_list);
4566
	INIT_LIST_HEAD(&dev_priv->mm.fence_list);
4567
	INIT_LIST_HEAD(&dev_priv->mm.userfault_list);
4568
	INIT_DELAYED_WORK(&dev_priv->gt.retire_work,
4569
			  i915_gem_retire_work_handler);
4570
	INIT_DELAYED_WORK(&dev_priv->gt.idle_work,
4571
			  i915_gem_idle_work_handler);
4572
	init_waitqueue_head(&dev_priv->gpu_error.wait_queue);
4573
	init_waitqueue_head(&dev_priv->gpu_error.reset_queue);
4574

4575 4576
	dev_priv->relative_constants_mode = I915_EXEC_CONSTANTS_REL_GENERAL;

4577
	init_waitqueue_head(&dev_priv->pending_flip_queue);
4578

4579 4580
	dev_priv->mm.interruptible = true;

4581 4582
	atomic_set(&dev_priv->mm.bsd_engine_dispatch_index, 0);

4583
	spin_lock_init(&dev_priv->fb_tracking.lock);
4584 4585 4586

	return 0;

4587 4588
err_dependencies:
	kmem_cache_destroy(dev_priv->dependencies);
4589 4590 4591 4592 4593 4594 4595 4596
err_requests:
	kmem_cache_destroy(dev_priv->requests);
err_vmas:
	kmem_cache_destroy(dev_priv->vmas);
err_objects:
	kmem_cache_destroy(dev_priv->objects);
err_out:
	return err;
4597
}
4598

4599 4600 4601 4602
void i915_gem_load_cleanup(struct drm_device *dev)
{
	struct drm_i915_private *dev_priv = to_i915(dev);

4603 4604
	WARN_ON(!llist_empty(&dev_priv->mm.free_list));

4605 4606 4607 4608 4609
	mutex_lock(&dev_priv->drm.struct_mutex);
	i915_gem_timeline_fini(&dev_priv->gt.global_timeline);
	WARN_ON(!list_empty(&dev_priv->gt.timelines));
	mutex_unlock(&dev_priv->drm.struct_mutex);

4610
	kmem_cache_destroy(dev_priv->dependencies);
4611 4612 4613
	kmem_cache_destroy(dev_priv->requests);
	kmem_cache_destroy(dev_priv->vmas);
	kmem_cache_destroy(dev_priv->objects);
4614 4615 4616

	/* And ensure that our DESTROY_BY_RCU slabs are truly destroyed */
	rcu_barrier();
4617 4618
}

4619 4620 4621 4622 4623 4624 4625 4626 4627 4628 4629 4630 4631
int i915_gem_freeze(struct drm_i915_private *dev_priv)
{
	intel_runtime_pm_get(dev_priv);

	mutex_lock(&dev_priv->drm.struct_mutex);
	i915_gem_shrink_all(dev_priv);
	mutex_unlock(&dev_priv->drm.struct_mutex);

	intel_runtime_pm_put(dev_priv);

	return 0;
}

4632 4633 4634
int i915_gem_freeze_late(struct drm_i915_private *dev_priv)
{
	struct drm_i915_gem_object *obj;
4635 4636 4637 4638 4639
	struct list_head *phases[] = {
		&dev_priv->mm.unbound_list,
		&dev_priv->mm.bound_list,
		NULL
	}, **p;
4640 4641 4642 4643 4644 4645 4646 4647 4648 4649

	/* Called just before we write the hibernation image.
	 *
	 * We need to update the domain tracking to reflect that the CPU
	 * will be accessing all the pages to create and restore from the
	 * hibernation, and so upon restoration those pages will be in the
	 * CPU domain.
	 *
	 * To make sure the hibernation image contains the latest state,
	 * we update that state just before writing out the image.
4650 4651 4652
	 *
	 * To try and reduce the hibernation image, we manually shrink
	 * the objects as well.
4653 4654
	 */

4655 4656
	mutex_lock(&dev_priv->drm.struct_mutex);
	i915_gem_shrink(dev_priv, -1UL, I915_SHRINK_UNBOUND);
4657

4658
	for (p = phases; *p; p++) {
4659
		list_for_each_entry(obj, *p, global_link) {
4660 4661 4662
			obj->base.read_domains = I915_GEM_DOMAIN_CPU;
			obj->base.write_domain = I915_GEM_DOMAIN_CPU;
		}
4663
	}
4664
	mutex_unlock(&dev_priv->drm.struct_mutex);
4665 4666 4667 4668

	return 0;
}

4669
void i915_gem_release(struct drm_device *dev, struct drm_file *file)
4670
{
4671
	struct drm_i915_file_private *file_priv = file->driver_priv;
4672
	struct drm_i915_gem_request *request;
4673 4674 4675 4676 4677

	/* Clean up our request list when the client is going away, so that
	 * later retire_requests won't dereference our soon-to-be-gone
	 * file_priv.
	 */
4678
	spin_lock(&file_priv->mm.lock);
4679
	list_for_each_entry(request, &file_priv->mm.request_list, client_list)
4680
		request->file_priv = NULL;
4681
	spin_unlock(&file_priv->mm.lock);
4682

4683
	if (!list_empty(&file_priv->rps.link)) {
4684
		spin_lock(&to_i915(dev)->rps.client_lock);
4685
		list_del(&file_priv->rps.link);
4686
		spin_unlock(&to_i915(dev)->rps.client_lock);
4687
	}
4688 4689 4690 4691 4692
}

int i915_gem_open(struct drm_device *dev, struct drm_file *file)
{
	struct drm_i915_file_private *file_priv;
4693
	int ret;
4694

4695
	DRM_DEBUG("\n");
4696 4697 4698 4699 4700 4701

	file_priv = kzalloc(sizeof(*file_priv), GFP_KERNEL);
	if (!file_priv)
		return -ENOMEM;

	file->driver_priv = file_priv;
4702
	file_priv->dev_priv = to_i915(dev);
4703
	file_priv->file = file;
4704
	INIT_LIST_HEAD(&file_priv->rps.link);
4705 4706 4707 4708

	spin_lock_init(&file_priv->mm.lock);
	INIT_LIST_HEAD(&file_priv->mm.request_list);

4709
	file_priv->bsd_engine = -1;
4710

4711 4712 4713
	ret = i915_gem_context_open(dev, file);
	if (ret)
		kfree(file_priv);
4714

4715
	return ret;
4716 4717
}

4718 4719
/**
 * i915_gem_track_fb - update frontbuffer tracking
4720 4721 4722
 * @old: current GEM buffer for the frontbuffer slots
 * @new: new GEM buffer for the frontbuffer slots
 * @frontbuffer_bits: bitmask of frontbuffer slots
4723 4724 4725 4726
 *
 * This updates the frontbuffer tracking bits @frontbuffer_bits by clearing them
 * from @old and setting them in @new. Both @old and @new can be NULL.
 */
4727 4728 4729 4730
void i915_gem_track_fb(struct drm_i915_gem_object *old,
		       struct drm_i915_gem_object *new,
		       unsigned frontbuffer_bits)
{
4731 4732 4733 4734 4735 4736 4737 4738 4739
	/* Control of individual bits within the mask are guarded by
	 * the owning plane->mutex, i.e. we can never see concurrent
	 * manipulation of individual bits. But since the bitfield as a whole
	 * is updated using RMW, we need to use atomics in order to update
	 * the bits.
	 */
	BUILD_BUG_ON(INTEL_FRONTBUFFER_BITS_PER_PIPE * I915_MAX_PIPES >
		     sizeof(atomic_t) * BITS_PER_BYTE);

4740
	if (old) {
4741 4742
		WARN_ON(!(atomic_read(&old->frontbuffer_bits) & frontbuffer_bits));
		atomic_andnot(frontbuffer_bits, &old->frontbuffer_bits);
4743 4744 4745
	}

	if (new) {
4746 4747
		WARN_ON(atomic_read(&new->frontbuffer_bits) & frontbuffer_bits);
		atomic_or(frontbuffer_bits, &new->frontbuffer_bits);
4748 4749 4750
	}
}

4751 4752 4753 4754 4755 4756 4757 4758 4759 4760
/* Allocate a new GEM object and fill it with the supplied data */
struct drm_i915_gem_object *
i915_gem_object_create_from_data(struct drm_device *dev,
			         const void *data, size_t size)
{
	struct drm_i915_gem_object *obj;
	struct sg_table *sg;
	size_t bytes;
	int ret;

4761
	obj = i915_gem_object_create(dev, round_up(size, PAGE_SIZE));
4762
	if (IS_ERR(obj))
4763 4764 4765 4766 4767 4768
		return obj;

	ret = i915_gem_object_set_to_cpu_domain(obj, true);
	if (ret)
		goto fail;

C
Chris Wilson 已提交
4769
	ret = i915_gem_object_pin_pages(obj);
4770 4771 4772
	if (ret)
		goto fail;

C
Chris Wilson 已提交
4773
	sg = obj->mm.pages;
4774
	bytes = sg_copy_from_buffer(sg->sgl, sg->nents, (void *)data, size);
C
Chris Wilson 已提交
4775
	obj->mm.dirty = true; /* Backing store is now out of date */
4776 4777 4778 4779 4780 4781 4782 4783 4784 4785 4786
	i915_gem_object_unpin_pages(obj);

	if (WARN_ON(bytes != size)) {
		DRM_ERROR("Incomplete copy, wrote %zu of %zu", bytes, size);
		ret = -EFAULT;
		goto fail;
	}

	return obj;

fail:
4787
	i915_gem_object_put(obj);
4788 4789
	return ERR_PTR(ret);
}
4790 4791 4792 4793 4794 4795

struct scatterlist *
i915_gem_object_get_sg(struct drm_i915_gem_object *obj,
		       unsigned int n,
		       unsigned int *offset)
{
C
Chris Wilson 已提交
4796
	struct i915_gem_object_page_iter *iter = &obj->mm.get_page;
4797 4798 4799 4800 4801
	struct scatterlist *sg;
	unsigned int idx, count;

	might_sleep();
	GEM_BUG_ON(n >= obj->base.size >> PAGE_SHIFT);
C
Chris Wilson 已提交
4802
	GEM_BUG_ON(!i915_gem_object_has_pinned_pages(obj));
4803 4804 4805 4806 4807 4808 4809 4810 4811 4812 4813 4814 4815 4816 4817 4818 4819 4820 4821 4822 4823 4824 4825 4826 4827 4828 4829 4830 4831 4832 4833 4834 4835 4836 4837 4838 4839 4840 4841 4842 4843 4844 4845 4846 4847 4848 4849 4850 4851 4852 4853 4854 4855 4856 4857 4858 4859 4860 4861 4862 4863 4864 4865 4866 4867 4868 4869 4870 4871 4872 4873 4874 4875 4876 4877 4878 4879 4880 4881 4882 4883 4884 4885 4886 4887 4888 4889 4890 4891 4892 4893 4894 4895 4896 4897 4898 4899 4900 4901 4902 4903 4904 4905 4906 4907 4908 4909 4910 4911 4912 4913 4914 4915 4916 4917 4918 4919 4920 4921 4922 4923 4924 4925 4926

	/* As we iterate forward through the sg, we record each entry in a
	 * radixtree for quick repeated (backwards) lookups. If we have seen
	 * this index previously, we will have an entry for it.
	 *
	 * Initial lookup is O(N), but this is amortized to O(1) for
	 * sequential page access (where each new request is consecutive
	 * to the previous one). Repeated lookups are O(lg(obj->base.size)),
	 * i.e. O(1) with a large constant!
	 */
	if (n < READ_ONCE(iter->sg_idx))
		goto lookup;

	mutex_lock(&iter->lock);

	/* We prefer to reuse the last sg so that repeated lookup of this
	 * (or the subsequent) sg are fast - comparing against the last
	 * sg is faster than going through the radixtree.
	 */

	sg = iter->sg_pos;
	idx = iter->sg_idx;
	count = __sg_page_count(sg);

	while (idx + count <= n) {
		unsigned long exception, i;
		int ret;

		/* If we cannot allocate and insert this entry, or the
		 * individual pages from this range, cancel updating the
		 * sg_idx so that on this lookup we are forced to linearly
		 * scan onwards, but on future lookups we will try the
		 * insertion again (in which case we need to be careful of
		 * the error return reporting that we have already inserted
		 * this index).
		 */
		ret = radix_tree_insert(&iter->radix, idx, sg);
		if (ret && ret != -EEXIST)
			goto scan;

		exception =
			RADIX_TREE_EXCEPTIONAL_ENTRY |
			idx << RADIX_TREE_EXCEPTIONAL_SHIFT;
		for (i = 1; i < count; i++) {
			ret = radix_tree_insert(&iter->radix, idx + i,
						(void *)exception);
			if (ret && ret != -EEXIST)
				goto scan;
		}

		idx += count;
		sg = ____sg_next(sg);
		count = __sg_page_count(sg);
	}

scan:
	iter->sg_pos = sg;
	iter->sg_idx = idx;

	mutex_unlock(&iter->lock);

	if (unlikely(n < idx)) /* insertion completed by another thread */
		goto lookup;

	/* In case we failed to insert the entry into the radixtree, we need
	 * to look beyond the current sg.
	 */
	while (idx + count <= n) {
		idx += count;
		sg = ____sg_next(sg);
		count = __sg_page_count(sg);
	}

	*offset = n - idx;
	return sg;

lookup:
	rcu_read_lock();

	sg = radix_tree_lookup(&iter->radix, n);
	GEM_BUG_ON(!sg);

	/* If this index is in the middle of multi-page sg entry,
	 * the radixtree will contain an exceptional entry that points
	 * to the start of that range. We will return the pointer to
	 * the base page and the offset of this page within the
	 * sg entry's range.
	 */
	*offset = 0;
	if (unlikely(radix_tree_exception(sg))) {
		unsigned long base =
			(unsigned long)sg >> RADIX_TREE_EXCEPTIONAL_SHIFT;

		sg = radix_tree_lookup(&iter->radix, base);
		GEM_BUG_ON(!sg);

		*offset = n - base;
	}

	rcu_read_unlock();

	return sg;
}

struct page *
i915_gem_object_get_page(struct drm_i915_gem_object *obj, unsigned int n)
{
	struct scatterlist *sg;
	unsigned int offset;

	GEM_BUG_ON(!i915_gem_object_has_struct_page(obj));

	sg = i915_gem_object_get_sg(obj, n, &offset);
	return nth_page(sg_page(sg), offset);
}

/* Like i915_gem_object_get_page(), but mark the returned page dirty */
struct page *
i915_gem_object_get_dirty_page(struct drm_i915_gem_object *obj,
			       unsigned int n)
{
	struct page *page;

	page = i915_gem_object_get_page(obj, n);
C
Chris Wilson 已提交
4927
	if (!obj->mm.dirty)
4928 4929 4930 4931 4932 4933 4934 4935 4936 4937 4938 4939 4940 4941 4942
		set_page_dirty(page);

	return page;
}

dma_addr_t
i915_gem_object_get_dma_address(struct drm_i915_gem_object *obj,
				unsigned long n)
{
	struct scatterlist *sg;
	unsigned int offset;

	sg = i915_gem_object_get_sg(obj, n, &offset);
	return sg_dma_address(sg) + (offset << PAGE_SHIFT);
}