1 /* 2 * Copyright (C) 2013 Red Hat 3 * Author: Rob Clark <robdclark@gmail.com> 4 * 5 * This program is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 as published by 7 * the Free Software Foundation. 8 * 9 * This program is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for 12 * more details. 13 * 14 * You should have received a copy of the GNU General Public License along with 15 * this program. If not, see <http://www.gnu.org/licenses/>. 16 */ 17 18 #include <linux/sync_file.h> 19 20 #include "msm_drv.h" 21 #include "msm_gpu.h" 22 #include "msm_gem.h" 23 #include "msm_gpu_trace.h" 24 25 /* 26 * Cmdstream submission: 27 */ 28 29 /* make sure these don't conflict w/ MSM_SUBMIT_BO_x */ 30 #define BO_VALID 0x8000 /* is current addr in cmdstream correct/valid? */ 31 #define BO_LOCKED 0x4000 32 #define BO_PINNED 0x2000 33 34 static struct msm_gem_submit *submit_create(struct drm_device *dev, 35 struct msm_gpu *gpu, struct msm_gem_address_space *aspace, 36 struct msm_gpu_submitqueue *queue, uint32_t nr_bos, 37 uint32_t nr_cmds) 38 { 39 struct msm_gem_submit *submit; 40 uint64_t sz = sizeof(*submit) + ((u64)nr_bos * sizeof(submit->bos[0])) + 41 ((u64)nr_cmds * sizeof(submit->cmd[0])); 42 43 if (sz > SIZE_MAX) 44 return NULL; 45 46 submit = kmalloc(sz, GFP_KERNEL | __GFP_NOWARN | __GFP_NORETRY); 47 if (!submit) 48 return NULL; 49 50 submit->dev = dev; 51 submit->aspace = aspace; 52 submit->gpu = gpu; 53 submit->fence = NULL; 54 submit->cmd = (void *)&submit->bos[nr_bos]; 55 submit->queue = queue; 56 submit->ring = gpu->rb[queue->prio]; 57 58 /* initially, until copy_from_user() and bo lookup succeeds: */ 59 submit->nr_bos = 0; 60 submit->nr_cmds = 0; 61 62 INIT_LIST_HEAD(&submit->node); 63 INIT_LIST_HEAD(&submit->bo_list); 64 ww_acquire_init(&submit->ticket, &reservation_ww_class); 65 66 return submit; 67 } 68 69 void msm_gem_submit_free(struct msm_gem_submit *submit) 70 { 71 dma_fence_put(submit->fence); 72 list_del(&submit->node); 73 put_pid(submit->pid); 74 msm_submitqueue_put(submit->queue); 75 76 kfree(submit); 77 } 78 79 static int submit_lookup_objects(struct msm_gem_submit *submit, 80 struct drm_msm_gem_submit *args, struct drm_file *file) 81 { 82 unsigned i; 83 int ret = 0; 84 85 for (i = 0; i < args->nr_bos; i++) { 86 struct drm_msm_gem_submit_bo submit_bo; 87 void __user *userptr = 88 u64_to_user_ptr(args->bos + (i * sizeof(submit_bo))); 89 90 /* make sure we don't have garbage flags, in case we hit 91 * error path before flags is initialized: 92 */ 93 submit->bos[i].flags = 0; 94 95 if (copy_from_user(&submit_bo, userptr, sizeof(submit_bo))) { 96 ret = -EFAULT; 97 i = 0; 98 goto out; 99 } 100 101 /* at least one of READ and/or WRITE flags should be set: */ 102 #define MANDATORY_FLAGS (MSM_SUBMIT_BO_READ | MSM_SUBMIT_BO_WRITE) 103 104 if ((submit_bo.flags & ~MSM_SUBMIT_BO_FLAGS) || 105 !(submit_bo.flags & MANDATORY_FLAGS)) { 106 DRM_ERROR("invalid flags: %x\n", submit_bo.flags); 107 ret = -EINVAL; 108 i = 0; 109 goto out; 110 } 111 112 submit->bos[i].handle = submit_bo.handle; 113 submit->bos[i].flags = submit_bo.flags; 114 /* in validate_objects() we figure out if this is true: */ 115 submit->bos[i].iova = submit_bo.presumed; 116 } 117 118 spin_lock(&file->table_lock); 119 120 for (i = 0; i < args->nr_bos; i++) { 121 struct drm_gem_object *obj; 122 struct msm_gem_object *msm_obj; 123 124 /* normally use drm_gem_object_lookup(), but for bulk lookup 125 * all under single table_lock just hit object_idr directly: 126 */ 127 obj = idr_find(&file->object_idr, submit->bos[i].handle); 128 if (!obj) { 129 DRM_ERROR("invalid handle %u at index %u\n", submit->bos[i].handle, i); 130 ret = -EINVAL; 131 goto out_unlock; 132 } 133 134 msm_obj = to_msm_bo(obj); 135 136 if (!list_empty(&msm_obj->submit_entry)) { 137 DRM_ERROR("handle %u at index %u already on submit list\n", 138 submit->bos[i].handle, i); 139 ret = -EINVAL; 140 goto out_unlock; 141 } 142 143 drm_gem_object_get(obj); 144 145 submit->bos[i].obj = msm_obj; 146 147 list_add_tail(&msm_obj->submit_entry, &submit->bo_list); 148 } 149 150 out_unlock: 151 spin_unlock(&file->table_lock); 152 153 out: 154 submit->nr_bos = i; 155 156 return ret; 157 } 158 159 static void submit_unlock_unpin_bo(struct msm_gem_submit *submit, 160 int i, bool backoff) 161 { 162 struct msm_gem_object *msm_obj = submit->bos[i].obj; 163 164 if (submit->bos[i].flags & BO_PINNED) 165 msm_gem_unpin_iova(&msm_obj->base, submit->aspace); 166 167 if (submit->bos[i].flags & BO_LOCKED) 168 ww_mutex_unlock(&msm_obj->base.resv->lock); 169 170 if (backoff && !(submit->bos[i].flags & BO_VALID)) 171 submit->bos[i].iova = 0; 172 173 submit->bos[i].flags &= ~(BO_LOCKED | BO_PINNED); 174 } 175 176 /* This is where we make sure all the bo's are reserved and pin'd: */ 177 static int submit_lock_objects(struct msm_gem_submit *submit) 178 { 179 int contended, slow_locked = -1, i, ret = 0; 180 181 retry: 182 for (i = 0; i < submit->nr_bos; i++) { 183 struct msm_gem_object *msm_obj = submit->bos[i].obj; 184 185 if (slow_locked == i) 186 slow_locked = -1; 187 188 contended = i; 189 190 if (!(submit->bos[i].flags & BO_LOCKED)) { 191 ret = ww_mutex_lock_interruptible(&msm_obj->base.resv->lock, 192 &submit->ticket); 193 if (ret) 194 goto fail; 195 submit->bos[i].flags |= BO_LOCKED; 196 } 197 } 198 199 ww_acquire_done(&submit->ticket); 200 201 return 0; 202 203 fail: 204 for (; i >= 0; i--) 205 submit_unlock_unpin_bo(submit, i, true); 206 207 if (slow_locked > 0) 208 submit_unlock_unpin_bo(submit, slow_locked, true); 209 210 if (ret == -EDEADLK) { 211 struct msm_gem_object *msm_obj = submit->bos[contended].obj; 212 /* we lost out in a seqno race, lock and retry.. */ 213 ret = ww_mutex_lock_slow_interruptible(&msm_obj->base.resv->lock, 214 &submit->ticket); 215 if (!ret) { 216 submit->bos[contended].flags |= BO_LOCKED; 217 slow_locked = contended; 218 goto retry; 219 } 220 } 221 222 return ret; 223 } 224 225 static int submit_fence_sync(struct msm_gem_submit *submit, bool no_implicit) 226 { 227 int i, ret = 0; 228 229 for (i = 0; i < submit->nr_bos; i++) { 230 struct msm_gem_object *msm_obj = submit->bos[i].obj; 231 bool write = submit->bos[i].flags & MSM_SUBMIT_BO_WRITE; 232 233 if (!write) { 234 /* NOTE: _reserve_shared() must happen before 235 * _add_shared_fence(), which makes this a slightly 236 * strange place to call it. OTOH this is a 237 * convenient can-fail point to hook it in. 238 */ 239 ret = reservation_object_reserve_shared(msm_obj->base.resv, 240 1); 241 if (ret) 242 return ret; 243 } 244 245 if (no_implicit) 246 continue; 247 248 ret = msm_gem_sync_object(&msm_obj->base, submit->ring->fctx, 249 write); 250 if (ret) 251 break; 252 } 253 254 return ret; 255 } 256 257 static int submit_pin_objects(struct msm_gem_submit *submit) 258 { 259 int i, ret = 0; 260 261 submit->valid = true; 262 263 for (i = 0; i < submit->nr_bos; i++) { 264 struct msm_gem_object *msm_obj = submit->bos[i].obj; 265 uint64_t iova; 266 267 /* if locking succeeded, pin bo: */ 268 ret = msm_gem_get_and_pin_iova(&msm_obj->base, 269 submit->aspace, &iova); 270 271 if (ret) 272 break; 273 274 submit->bos[i].flags |= BO_PINNED; 275 276 if (iova == submit->bos[i].iova) { 277 submit->bos[i].flags |= BO_VALID; 278 } else { 279 submit->bos[i].iova = iova; 280 /* iova changed, so address in cmdstream is not valid: */ 281 submit->bos[i].flags &= ~BO_VALID; 282 submit->valid = false; 283 } 284 } 285 286 return ret; 287 } 288 289 static int submit_bo(struct msm_gem_submit *submit, uint32_t idx, 290 struct msm_gem_object **obj, uint64_t *iova, bool *valid) 291 { 292 if (idx >= submit->nr_bos) { 293 DRM_ERROR("invalid buffer index: %u (out of %u)\n", 294 idx, submit->nr_bos); 295 return -EINVAL; 296 } 297 298 if (obj) 299 *obj = submit->bos[idx].obj; 300 if (iova) 301 *iova = submit->bos[idx].iova; 302 if (valid) 303 *valid = !!(submit->bos[idx].flags & BO_VALID); 304 305 return 0; 306 } 307 308 /* process the reloc's and patch up the cmdstream as needed: */ 309 static int submit_reloc(struct msm_gem_submit *submit, struct msm_gem_object *obj, 310 uint32_t offset, uint32_t nr_relocs, uint64_t relocs) 311 { 312 uint32_t i, last_offset = 0; 313 uint32_t *ptr; 314 int ret = 0; 315 316 if (!nr_relocs) 317 return 0; 318 319 if (offset % 4) { 320 DRM_ERROR("non-aligned cmdstream buffer: %u\n", offset); 321 return -EINVAL; 322 } 323 324 /* For now, just map the entire thing. Eventually we probably 325 * to do it page-by-page, w/ kmap() if not vmap()d.. 326 */ 327 ptr = msm_gem_get_vaddr(&obj->base); 328 329 if (IS_ERR(ptr)) { 330 ret = PTR_ERR(ptr); 331 DBG("failed to map: %d", ret); 332 return ret; 333 } 334 335 for (i = 0; i < nr_relocs; i++) { 336 struct drm_msm_gem_submit_reloc submit_reloc; 337 void __user *userptr = 338 u64_to_user_ptr(relocs + (i * sizeof(submit_reloc))); 339 uint32_t off; 340 uint64_t iova; 341 bool valid; 342 343 if (copy_from_user(&submit_reloc, userptr, sizeof(submit_reloc))) { 344 ret = -EFAULT; 345 goto out; 346 } 347 348 if (submit_reloc.submit_offset % 4) { 349 DRM_ERROR("non-aligned reloc offset: %u\n", 350 submit_reloc.submit_offset); 351 ret = -EINVAL; 352 goto out; 353 } 354 355 /* offset in dwords: */ 356 off = submit_reloc.submit_offset / 4; 357 358 if ((off >= (obj->base.size / 4)) || 359 (off < last_offset)) { 360 DRM_ERROR("invalid offset %u at reloc %u\n", off, i); 361 ret = -EINVAL; 362 goto out; 363 } 364 365 ret = submit_bo(submit, submit_reloc.reloc_idx, NULL, &iova, &valid); 366 if (ret) 367 goto out; 368 369 if (valid) 370 continue; 371 372 iova += submit_reloc.reloc_offset; 373 374 if (submit_reloc.shift < 0) 375 iova >>= -submit_reloc.shift; 376 else 377 iova <<= submit_reloc.shift; 378 379 ptr[off] = iova | submit_reloc.or; 380 381 last_offset = off; 382 } 383 384 out: 385 msm_gem_put_vaddr(&obj->base); 386 387 return ret; 388 } 389 390 static void submit_cleanup(struct msm_gem_submit *submit) 391 { 392 unsigned i; 393 394 for (i = 0; i < submit->nr_bos; i++) { 395 struct msm_gem_object *msm_obj = submit->bos[i].obj; 396 submit_unlock_unpin_bo(submit, i, false); 397 list_del_init(&msm_obj->submit_entry); 398 drm_gem_object_put(&msm_obj->base); 399 } 400 401 ww_acquire_fini(&submit->ticket); 402 } 403 404 int msm_ioctl_gem_submit(struct drm_device *dev, void *data, 405 struct drm_file *file) 406 { 407 static atomic_t ident = ATOMIC_INIT(0); 408 struct msm_drm_private *priv = dev->dev_private; 409 struct drm_msm_gem_submit *args = data; 410 struct msm_file_private *ctx = file->driver_priv; 411 struct msm_gem_submit *submit; 412 struct msm_gpu *gpu = priv->gpu; 413 struct sync_file *sync_file = NULL; 414 struct msm_gpu_submitqueue *queue; 415 struct msm_ringbuffer *ring; 416 int out_fence_fd = -1; 417 struct pid *pid = get_pid(task_pid(current)); 418 unsigned i; 419 int ret, submitid; 420 if (!gpu) 421 return -ENXIO; 422 423 /* for now, we just have 3d pipe.. eventually this would need to 424 * be more clever to dispatch to appropriate gpu module: 425 */ 426 if (MSM_PIPE_ID(args->flags) != MSM_PIPE_3D0) 427 return -EINVAL; 428 429 if (MSM_PIPE_FLAGS(args->flags) & ~MSM_SUBMIT_FLAGS) 430 return -EINVAL; 431 432 if (args->flags & MSM_SUBMIT_SUDO) { 433 if (!IS_ENABLED(CONFIG_DRM_MSM_GPU_SUDO) || 434 !capable(CAP_SYS_RAWIO)) 435 return -EINVAL; 436 } 437 438 queue = msm_submitqueue_get(ctx, args->queueid); 439 if (!queue) 440 return -ENOENT; 441 442 /* Get a unique identifier for the submission for logging purposes */ 443 submitid = atomic_inc_return(&ident) - 1; 444 445 ring = gpu->rb[queue->prio]; 446 trace_msm_gpu_submit(pid_nr(pid), ring->id, submitid, 447 args->nr_bos, args->nr_cmds); 448 449 if (args->flags & MSM_SUBMIT_FENCE_FD_IN) { 450 struct dma_fence *in_fence; 451 452 in_fence = sync_file_get_fence(args->fence_fd); 453 454 if (!in_fence) 455 return -EINVAL; 456 457 /* 458 * Wait if the fence is from a foreign context, or if the fence 459 * array contains any fence from a foreign context. 460 */ 461 ret = 0; 462 if (!dma_fence_match_context(in_fence, ring->fctx->context)) 463 ret = dma_fence_wait(in_fence, true); 464 465 dma_fence_put(in_fence); 466 if (ret) 467 return ret; 468 } 469 470 ret = mutex_lock_interruptible(&dev->struct_mutex); 471 if (ret) 472 return ret; 473 474 if (args->flags & MSM_SUBMIT_FENCE_FD_OUT) { 475 out_fence_fd = get_unused_fd_flags(O_CLOEXEC); 476 if (out_fence_fd < 0) { 477 ret = out_fence_fd; 478 goto out_unlock; 479 } 480 } 481 482 submit = submit_create(dev, gpu, ctx->aspace, queue, args->nr_bos, 483 args->nr_cmds); 484 if (!submit) { 485 ret = -ENOMEM; 486 goto out_unlock; 487 } 488 489 submit->pid = pid; 490 submit->ident = submitid; 491 492 if (args->flags & MSM_SUBMIT_SUDO) 493 submit->in_rb = true; 494 495 ret = submit_lookup_objects(submit, args, file); 496 if (ret) 497 goto out; 498 499 ret = submit_lock_objects(submit); 500 if (ret) 501 goto out; 502 503 ret = submit_fence_sync(submit, !!(args->flags & MSM_SUBMIT_NO_IMPLICIT)); 504 if (ret) 505 goto out; 506 507 ret = submit_pin_objects(submit); 508 if (ret) 509 goto out; 510 511 for (i = 0; i < args->nr_cmds; i++) { 512 struct drm_msm_gem_submit_cmd submit_cmd; 513 void __user *userptr = 514 u64_to_user_ptr(args->cmds + (i * sizeof(submit_cmd))); 515 struct msm_gem_object *msm_obj; 516 uint64_t iova; 517 518 ret = copy_from_user(&submit_cmd, userptr, sizeof(submit_cmd)); 519 if (ret) { 520 ret = -EFAULT; 521 goto out; 522 } 523 524 /* validate input from userspace: */ 525 switch (submit_cmd.type) { 526 case MSM_SUBMIT_CMD_BUF: 527 case MSM_SUBMIT_CMD_IB_TARGET_BUF: 528 case MSM_SUBMIT_CMD_CTX_RESTORE_BUF: 529 break; 530 default: 531 DRM_ERROR("invalid type: %08x\n", submit_cmd.type); 532 ret = -EINVAL; 533 goto out; 534 } 535 536 ret = submit_bo(submit, submit_cmd.submit_idx, 537 &msm_obj, &iova, NULL); 538 if (ret) 539 goto out; 540 541 if (submit_cmd.size % 4) { 542 DRM_ERROR("non-aligned cmdstream buffer size: %u\n", 543 submit_cmd.size); 544 ret = -EINVAL; 545 goto out; 546 } 547 548 if (!submit_cmd.size || 549 ((submit_cmd.size + submit_cmd.submit_offset) > 550 msm_obj->base.size)) { 551 DRM_ERROR("invalid cmdstream size: %u\n", submit_cmd.size); 552 ret = -EINVAL; 553 goto out; 554 } 555 556 submit->cmd[i].type = submit_cmd.type; 557 submit->cmd[i].size = submit_cmd.size / 4; 558 submit->cmd[i].iova = iova + submit_cmd.submit_offset; 559 submit->cmd[i].idx = submit_cmd.submit_idx; 560 561 if (submit->valid) 562 continue; 563 564 ret = submit_reloc(submit, msm_obj, submit_cmd.submit_offset, 565 submit_cmd.nr_relocs, submit_cmd.relocs); 566 if (ret) 567 goto out; 568 } 569 570 submit->nr_cmds = i; 571 572 submit->fence = msm_fence_alloc(ring->fctx); 573 if (IS_ERR(submit->fence)) { 574 ret = PTR_ERR(submit->fence); 575 submit->fence = NULL; 576 goto out; 577 } 578 579 if (args->flags & MSM_SUBMIT_FENCE_FD_OUT) { 580 sync_file = sync_file_create(submit->fence); 581 if (!sync_file) { 582 ret = -ENOMEM; 583 goto out; 584 } 585 } 586 587 msm_gpu_submit(gpu, submit, ctx); 588 589 args->fence = submit->fence->seqno; 590 591 if (args->flags & MSM_SUBMIT_FENCE_FD_OUT) { 592 fd_install(out_fence_fd, sync_file->file); 593 args->fence_fd = out_fence_fd; 594 } 595 596 out: 597 submit_cleanup(submit); 598 if (ret) 599 msm_gem_submit_free(submit); 600 out_unlock: 601 if (ret && (out_fence_fd >= 0)) 602 put_unused_fd(out_fence_fd); 603 mutex_unlock(&dev->struct_mutex); 604 return ret; 605 } 606