1 /* 2 * Copyright 2018 Red Hat Inc. 3 * 4 * Permission is hereby granted, free of charge, to any person obtaining a 5 * copy of this software and associated documentation files (the "Software"), 6 * to deal in the Software without restriction, including without limitation 7 * the rights to use, copy, modify, merge, publish, distribute, sublicense, 8 * and/or sell copies of the Software, and to permit persons to whom the 9 * Software is furnished to do so, subject to the following conditions: 10 * 11 * The above copyright notice and this permission notice shall be included in 12 * all copies or substantial portions of the Software. 13 * 14 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 15 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 17 * THE COPYRIGHT HOLDER(S) OR AUTHOR(S) BE LIABLE FOR ANY CLAIM, DAMAGES OR 18 * OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, 19 * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR 20 * OTHER DEALINGS IN THE SOFTWARE. 21 */ 22 #include "nouveau_svm.h" 23 #include "nouveau_drv.h" 24 #include "nouveau_chan.h" 25 #include "nouveau_dmem.h" 26 27 #include <nvif/notify.h> 28 #include <nvif/object.h> 29 #include <nvif/vmm.h> 30 31 #include <nvif/class.h> 32 #include <nvif/clb069.h> 33 #include <nvif/ifc00d.h> 34 35 #include <linux/sched/mm.h> 36 #include <linux/sort.h> 37 #include <linux/hmm.h> 38 39 struct nouveau_svm { 40 struct nouveau_drm *drm; 41 struct mutex mutex; 42 struct list_head inst; 43 44 struct nouveau_svm_fault_buffer { 45 int id; 46 struct nvif_object object; 47 u32 entries; 48 u32 getaddr; 49 u32 putaddr; 50 u32 get; 51 u32 put; 52 struct nvif_notify notify; 53 54 struct nouveau_svm_fault { 55 u64 inst; 56 u64 addr; 57 u64 time; 58 u32 engine; 59 u8 gpc; 60 u8 hub; 61 u8 access; 62 u8 client; 63 u8 fault; 64 struct nouveau_svmm *svmm; 65 } **fault; 66 int fault_nr; 67 } buffer[1]; 68 }; 69 70 #define SVM_DBG(s,f,a...) NV_DEBUG((s)->drm, "svm: "f"\n", ##a) 71 #define SVM_ERR(s,f,a...) NV_WARN((s)->drm, "svm: "f"\n", ##a) 72 73 struct nouveau_pfnmap_args { 74 struct nvif_ioctl_v0 i; 75 struct nvif_ioctl_mthd_v0 m; 76 struct nvif_vmm_pfnmap_v0 p; 77 }; 78 79 struct nouveau_ivmm { 80 struct nouveau_svmm *svmm; 81 u64 inst; 82 struct list_head head; 83 }; 84 85 static struct nouveau_ivmm * 86 nouveau_ivmm_find(struct nouveau_svm *svm, u64 inst) 87 { 88 struct nouveau_ivmm *ivmm; 89 list_for_each_entry(ivmm, &svm->inst, head) { 90 if (ivmm->inst == inst) 91 return ivmm; 92 } 93 return NULL; 94 } 95 96 struct nouveau_svmm { 97 struct mmu_notifier notifier; 98 struct nouveau_vmm *vmm; 99 struct { 100 unsigned long start; 101 unsigned long limit; 102 } unmanaged; 103 104 struct mutex mutex; 105 }; 106 107 #define SVMM_DBG(s,f,a...) \ 108 NV_DEBUG((s)->vmm->cli->drm, "svm-%p: "f"\n", (s), ##a) 109 #define SVMM_ERR(s,f,a...) \ 110 NV_WARN((s)->vmm->cli->drm, "svm-%p: "f"\n", (s), ##a) 111 112 int 113 nouveau_svmm_bind(struct drm_device *dev, void *data, 114 struct drm_file *file_priv) 115 { 116 struct nouveau_cli *cli = nouveau_cli(file_priv); 117 struct drm_nouveau_svm_bind *args = data; 118 unsigned target, cmd, priority; 119 unsigned long addr, end, size; 120 struct mm_struct *mm; 121 122 args->va_start &= PAGE_MASK; 123 args->va_end &= PAGE_MASK; 124 125 /* Sanity check arguments */ 126 if (args->reserved0 || args->reserved1) 127 return -EINVAL; 128 if (args->header & (~NOUVEAU_SVM_BIND_VALID_MASK)) 129 return -EINVAL; 130 if (args->va_start >= args->va_end) 131 return -EINVAL; 132 if (!args->npages) 133 return -EINVAL; 134 135 cmd = args->header >> NOUVEAU_SVM_BIND_COMMAND_SHIFT; 136 cmd &= NOUVEAU_SVM_BIND_COMMAND_MASK; 137 switch (cmd) { 138 case NOUVEAU_SVM_BIND_COMMAND__MIGRATE: 139 break; 140 default: 141 return -EINVAL; 142 } 143 144 priority = args->header >> NOUVEAU_SVM_BIND_PRIORITY_SHIFT; 145 priority &= NOUVEAU_SVM_BIND_PRIORITY_MASK; 146 147 /* FIXME support CPU target ie all target value < GPU_VRAM */ 148 target = args->header >> NOUVEAU_SVM_BIND_TARGET_SHIFT; 149 target &= NOUVEAU_SVM_BIND_TARGET_MASK; 150 switch (target) { 151 case NOUVEAU_SVM_BIND_TARGET__GPU_VRAM: 152 break; 153 default: 154 return -EINVAL; 155 } 156 157 /* 158 * FIXME: For now refuse non 0 stride, we need to change the migrate 159 * kernel function to handle stride to avoid to create a mess within 160 * each device driver. 161 */ 162 if (args->stride) 163 return -EINVAL; 164 165 size = ((unsigned long)args->npages) << PAGE_SHIFT; 166 if ((args->va_start + size) <= args->va_start) 167 return -EINVAL; 168 if ((args->va_start + size) > args->va_end) 169 return -EINVAL; 170 171 /* 172 * Ok we are ask to do something sane, for now we only support migrate 173 * commands but we will add things like memory policy (what to do on 174 * page fault) and maybe some other commands. 175 */ 176 177 mm = get_task_mm(current); 178 mmap_read_lock(mm); 179 180 if (!cli->svm.svmm) { 181 mmap_read_unlock(mm); 182 return -EINVAL; 183 } 184 185 for (addr = args->va_start, end = args->va_start + size; addr < end;) { 186 struct vm_area_struct *vma; 187 unsigned long next; 188 189 vma = find_vma_intersection(mm, addr, end); 190 if (!vma) 191 break; 192 193 addr = max(addr, vma->vm_start); 194 next = min(vma->vm_end, end); 195 /* This is a best effort so we ignore errors */ 196 nouveau_dmem_migrate_vma(cli->drm, cli->svm.svmm, vma, addr, 197 next); 198 addr = next; 199 } 200 201 /* 202 * FIXME Return the number of page we have migrated, again we need to 203 * update the migrate API to return that information so that we can 204 * report it to user space. 205 */ 206 args->result = 0; 207 208 mmap_read_unlock(mm); 209 mmput(mm); 210 211 return 0; 212 } 213 214 /* Unlink channel instance from SVMM. */ 215 void 216 nouveau_svmm_part(struct nouveau_svmm *svmm, u64 inst) 217 { 218 struct nouveau_ivmm *ivmm; 219 if (svmm) { 220 mutex_lock(&svmm->vmm->cli->drm->svm->mutex); 221 ivmm = nouveau_ivmm_find(svmm->vmm->cli->drm->svm, inst); 222 if (ivmm) { 223 list_del(&ivmm->head); 224 kfree(ivmm); 225 } 226 mutex_unlock(&svmm->vmm->cli->drm->svm->mutex); 227 } 228 } 229 230 /* Link channel instance to SVMM. */ 231 int 232 nouveau_svmm_join(struct nouveau_svmm *svmm, u64 inst) 233 { 234 struct nouveau_ivmm *ivmm; 235 if (svmm) { 236 if (!(ivmm = kmalloc(sizeof(*ivmm), GFP_KERNEL))) 237 return -ENOMEM; 238 ivmm->svmm = svmm; 239 ivmm->inst = inst; 240 241 mutex_lock(&svmm->vmm->cli->drm->svm->mutex); 242 list_add(&ivmm->head, &svmm->vmm->cli->drm->svm->inst); 243 mutex_unlock(&svmm->vmm->cli->drm->svm->mutex); 244 } 245 return 0; 246 } 247 248 /* Invalidate SVMM address-range on GPU. */ 249 static void 250 nouveau_svmm_invalidate(struct nouveau_svmm *svmm, u64 start, u64 limit) 251 { 252 if (limit > start) { 253 bool super = svmm->vmm->vmm.object.client->super; 254 svmm->vmm->vmm.object.client->super = true; 255 nvif_object_mthd(&svmm->vmm->vmm.object, NVIF_VMM_V0_PFNCLR, 256 &(struct nvif_vmm_pfnclr_v0) { 257 .addr = start, 258 .size = limit - start, 259 }, sizeof(struct nvif_vmm_pfnclr_v0)); 260 svmm->vmm->vmm.object.client->super = super; 261 } 262 } 263 264 static int 265 nouveau_svmm_invalidate_range_start(struct mmu_notifier *mn, 266 const struct mmu_notifier_range *update) 267 { 268 struct nouveau_svmm *svmm = 269 container_of(mn, struct nouveau_svmm, notifier); 270 unsigned long start = update->start; 271 unsigned long limit = update->end; 272 273 if (!mmu_notifier_range_blockable(update)) 274 return -EAGAIN; 275 276 SVMM_DBG(svmm, "invalidate %016lx-%016lx", start, limit); 277 278 mutex_lock(&svmm->mutex); 279 if (unlikely(!svmm->vmm)) 280 goto out; 281 282 if (limit > svmm->unmanaged.start && start < svmm->unmanaged.limit) { 283 if (start < svmm->unmanaged.start) { 284 nouveau_svmm_invalidate(svmm, start, 285 svmm->unmanaged.limit); 286 } 287 start = svmm->unmanaged.limit; 288 } 289 290 nouveau_svmm_invalidate(svmm, start, limit); 291 292 out: 293 mutex_unlock(&svmm->mutex); 294 return 0; 295 } 296 297 static void nouveau_svmm_free_notifier(struct mmu_notifier *mn) 298 { 299 kfree(container_of(mn, struct nouveau_svmm, notifier)); 300 } 301 302 static const struct mmu_notifier_ops nouveau_mn_ops = { 303 .invalidate_range_start = nouveau_svmm_invalidate_range_start, 304 .free_notifier = nouveau_svmm_free_notifier, 305 }; 306 307 void 308 nouveau_svmm_fini(struct nouveau_svmm **psvmm) 309 { 310 struct nouveau_svmm *svmm = *psvmm; 311 if (svmm) { 312 mutex_lock(&svmm->mutex); 313 svmm->vmm = NULL; 314 mutex_unlock(&svmm->mutex); 315 mmu_notifier_put(&svmm->notifier); 316 *psvmm = NULL; 317 } 318 } 319 320 int 321 nouveau_svmm_init(struct drm_device *dev, void *data, 322 struct drm_file *file_priv) 323 { 324 struct nouveau_cli *cli = nouveau_cli(file_priv); 325 struct nouveau_svmm *svmm; 326 struct drm_nouveau_svm_init *args = data; 327 int ret; 328 329 /* Allocate tracking for SVM-enabled VMM. */ 330 if (!(svmm = kzalloc(sizeof(*svmm), GFP_KERNEL))) 331 return -ENOMEM; 332 svmm->vmm = &cli->svm; 333 svmm->unmanaged.start = args->unmanaged_addr; 334 svmm->unmanaged.limit = args->unmanaged_addr + args->unmanaged_size; 335 mutex_init(&svmm->mutex); 336 337 /* Check that SVM isn't already enabled for the client. */ 338 mutex_lock(&cli->mutex); 339 if (cli->svm.cli) { 340 ret = -EBUSY; 341 goto out_free; 342 } 343 344 /* Allocate a new GPU VMM that can support SVM (managed by the 345 * client, with replayable faults enabled). 346 * 347 * All future channel/memory allocations will make use of this 348 * VMM instead of the standard one. 349 */ 350 ret = nvif_vmm_ctor(&cli->mmu, "svmVmm", 351 cli->vmm.vmm.object.oclass, true, 352 args->unmanaged_addr, args->unmanaged_size, 353 &(struct gp100_vmm_v0) { 354 .fault_replay = true, 355 }, sizeof(struct gp100_vmm_v0), &cli->svm.vmm); 356 if (ret) 357 goto out_free; 358 359 mmap_write_lock(current->mm); 360 svmm->notifier.ops = &nouveau_mn_ops; 361 ret = __mmu_notifier_register(&svmm->notifier, current->mm); 362 if (ret) 363 goto out_mm_unlock; 364 /* Note, ownership of svmm transfers to mmu_notifier */ 365 366 cli->svm.svmm = svmm; 367 cli->svm.cli = cli; 368 mmap_write_unlock(current->mm); 369 mutex_unlock(&cli->mutex); 370 return 0; 371 372 out_mm_unlock: 373 mmap_write_unlock(current->mm); 374 out_free: 375 mutex_unlock(&cli->mutex); 376 kfree(svmm); 377 return ret; 378 } 379 380 /* Issue fault replay for GPU to retry accesses that faulted previously. */ 381 static void 382 nouveau_svm_fault_replay(struct nouveau_svm *svm) 383 { 384 SVM_DBG(svm, "replay"); 385 WARN_ON(nvif_object_mthd(&svm->drm->client.vmm.vmm.object, 386 GP100_VMM_VN_FAULT_REPLAY, 387 &(struct gp100_vmm_fault_replay_vn) {}, 388 sizeof(struct gp100_vmm_fault_replay_vn))); 389 } 390 391 /* Cancel a replayable fault that could not be handled. 392 * 393 * Cancelling the fault will trigger recovery to reset the engine 394 * and kill the offending channel (ie. GPU SIGSEGV). 395 */ 396 static void 397 nouveau_svm_fault_cancel(struct nouveau_svm *svm, 398 u64 inst, u8 hub, u8 gpc, u8 client) 399 { 400 SVM_DBG(svm, "cancel %016llx %d %02x %02x", inst, hub, gpc, client); 401 WARN_ON(nvif_object_mthd(&svm->drm->client.vmm.vmm.object, 402 GP100_VMM_VN_FAULT_CANCEL, 403 &(struct gp100_vmm_fault_cancel_v0) { 404 .hub = hub, 405 .gpc = gpc, 406 .client = client, 407 .inst = inst, 408 }, sizeof(struct gp100_vmm_fault_cancel_v0))); 409 } 410 411 static void 412 nouveau_svm_fault_cancel_fault(struct nouveau_svm *svm, 413 struct nouveau_svm_fault *fault) 414 { 415 nouveau_svm_fault_cancel(svm, fault->inst, 416 fault->hub, 417 fault->gpc, 418 fault->client); 419 } 420 421 static int 422 nouveau_svm_fault_cmp(const void *a, const void *b) 423 { 424 const struct nouveau_svm_fault *fa = *(struct nouveau_svm_fault **)a; 425 const struct nouveau_svm_fault *fb = *(struct nouveau_svm_fault **)b; 426 int ret; 427 if ((ret = (s64)fa->inst - fb->inst)) 428 return ret; 429 if ((ret = (s64)fa->addr - fb->addr)) 430 return ret; 431 /*XXX: atomic? */ 432 return (fa->access == 0 || fa->access == 3) - 433 (fb->access == 0 || fb->access == 3); 434 } 435 436 static void 437 nouveau_svm_fault_cache(struct nouveau_svm *svm, 438 struct nouveau_svm_fault_buffer *buffer, u32 offset) 439 { 440 struct nvif_object *memory = &buffer->object; 441 const u32 instlo = nvif_rd32(memory, offset + 0x00); 442 const u32 insthi = nvif_rd32(memory, offset + 0x04); 443 const u32 addrlo = nvif_rd32(memory, offset + 0x08); 444 const u32 addrhi = nvif_rd32(memory, offset + 0x0c); 445 const u32 timelo = nvif_rd32(memory, offset + 0x10); 446 const u32 timehi = nvif_rd32(memory, offset + 0x14); 447 const u32 engine = nvif_rd32(memory, offset + 0x18); 448 const u32 info = nvif_rd32(memory, offset + 0x1c); 449 const u64 inst = (u64)insthi << 32 | instlo; 450 const u8 gpc = (info & 0x1f000000) >> 24; 451 const u8 hub = (info & 0x00100000) >> 20; 452 const u8 client = (info & 0x00007f00) >> 8; 453 struct nouveau_svm_fault *fault; 454 455 //XXX: i think we're supposed to spin waiting */ 456 if (WARN_ON(!(info & 0x80000000))) 457 return; 458 459 nvif_mask(memory, offset + 0x1c, 0x80000000, 0x00000000); 460 461 if (!buffer->fault[buffer->fault_nr]) { 462 fault = kmalloc(sizeof(*fault), GFP_KERNEL); 463 if (WARN_ON(!fault)) { 464 nouveau_svm_fault_cancel(svm, inst, hub, gpc, client); 465 return; 466 } 467 buffer->fault[buffer->fault_nr] = fault; 468 } 469 470 fault = buffer->fault[buffer->fault_nr++]; 471 fault->inst = inst; 472 fault->addr = (u64)addrhi << 32 | addrlo; 473 fault->time = (u64)timehi << 32 | timelo; 474 fault->engine = engine; 475 fault->gpc = gpc; 476 fault->hub = hub; 477 fault->access = (info & 0x000f0000) >> 16; 478 fault->client = client; 479 fault->fault = (info & 0x0000001f); 480 481 SVM_DBG(svm, "fault %016llx %016llx %02x", 482 fault->inst, fault->addr, fault->access); 483 } 484 485 struct svm_notifier { 486 struct mmu_interval_notifier notifier; 487 struct nouveau_svmm *svmm; 488 }; 489 490 static bool nouveau_svm_range_invalidate(struct mmu_interval_notifier *mni, 491 const struct mmu_notifier_range *range, 492 unsigned long cur_seq) 493 { 494 struct svm_notifier *sn = 495 container_of(mni, struct svm_notifier, notifier); 496 497 /* 498 * serializes the update to mni->invalidate_seq done by caller and 499 * prevents invalidation of the PTE from progressing while HW is being 500 * programmed. This is very hacky and only works because the normal 501 * notifier that does invalidation is always called after the range 502 * notifier. 503 */ 504 if (mmu_notifier_range_blockable(range)) 505 mutex_lock(&sn->svmm->mutex); 506 else if (!mutex_trylock(&sn->svmm->mutex)) 507 return false; 508 mmu_interval_set_seq(mni, cur_seq); 509 mutex_unlock(&sn->svmm->mutex); 510 return true; 511 } 512 513 static const struct mmu_interval_notifier_ops nouveau_svm_mni_ops = { 514 .invalidate = nouveau_svm_range_invalidate, 515 }; 516 517 static void nouveau_hmm_convert_pfn(struct nouveau_drm *drm, 518 struct hmm_range *range, u64 *ioctl_addr) 519 { 520 unsigned long i, npages; 521 522 /* 523 * The ioctl_addr prepared here is passed through nvif_object_ioctl() 524 * to an eventual DMA map in something like gp100_vmm_pgt_pfn() 525 * 526 * This is all just encoding the internal hmm representation into a 527 * different nouveau internal representation. 528 */ 529 npages = (range->end - range->start) >> PAGE_SHIFT; 530 for (i = 0; i < npages; ++i) { 531 struct page *page; 532 533 if (!(range->hmm_pfns[i] & HMM_PFN_VALID)) { 534 ioctl_addr[i] = 0; 535 continue; 536 } 537 538 page = hmm_pfn_to_page(range->hmm_pfns[i]); 539 if (is_device_private_page(page)) 540 ioctl_addr[i] = nouveau_dmem_page_addr(page) | 541 NVIF_VMM_PFNMAP_V0_V | 542 NVIF_VMM_PFNMAP_V0_VRAM; 543 else 544 ioctl_addr[i] = page_to_phys(page) | 545 NVIF_VMM_PFNMAP_V0_V | 546 NVIF_VMM_PFNMAP_V0_HOST; 547 if (range->hmm_pfns[i] & HMM_PFN_WRITE) 548 ioctl_addr[i] |= NVIF_VMM_PFNMAP_V0_W; 549 } 550 } 551 552 static int nouveau_range_fault(struct nouveau_svmm *svmm, 553 struct nouveau_drm *drm, void *data, u32 size, 554 unsigned long hmm_pfns[], u64 *ioctl_addr, 555 struct svm_notifier *notifier) 556 { 557 unsigned long timeout = 558 jiffies + msecs_to_jiffies(HMM_RANGE_DEFAULT_TIMEOUT); 559 /* Have HMM fault pages within the fault window to the GPU. */ 560 struct hmm_range range = { 561 .notifier = ¬ifier->notifier, 562 .start = notifier->notifier.interval_tree.start, 563 .end = notifier->notifier.interval_tree.last + 1, 564 .pfn_flags_mask = HMM_PFN_REQ_FAULT | HMM_PFN_REQ_WRITE, 565 .hmm_pfns = hmm_pfns, 566 .dev_private_owner = drm->dev, 567 }; 568 struct mm_struct *mm = notifier->notifier.mm; 569 int ret; 570 571 while (true) { 572 if (time_after(jiffies, timeout)) 573 return -EBUSY; 574 575 range.notifier_seq = mmu_interval_read_begin(range.notifier); 576 mmap_read_lock(mm); 577 ret = hmm_range_fault(&range); 578 mmap_read_unlock(mm); 579 if (ret) { 580 /* 581 * FIXME: the input PFN_REQ flags are destroyed on 582 * -EBUSY, we need to regenerate them, also for the 583 * other continue below 584 */ 585 if (ret == -EBUSY) 586 continue; 587 return ret; 588 } 589 590 mutex_lock(&svmm->mutex); 591 if (mmu_interval_read_retry(range.notifier, 592 range.notifier_seq)) { 593 mutex_unlock(&svmm->mutex); 594 continue; 595 } 596 break; 597 } 598 599 nouveau_hmm_convert_pfn(drm, &range, ioctl_addr); 600 601 svmm->vmm->vmm.object.client->super = true; 602 ret = nvif_object_ioctl(&svmm->vmm->vmm.object, data, size, NULL); 603 svmm->vmm->vmm.object.client->super = false; 604 mutex_unlock(&svmm->mutex); 605 606 return ret; 607 } 608 609 static int 610 nouveau_svm_fault(struct nvif_notify *notify) 611 { 612 struct nouveau_svm_fault_buffer *buffer = 613 container_of(notify, typeof(*buffer), notify); 614 struct nouveau_svm *svm = 615 container_of(buffer, typeof(*svm), buffer[buffer->id]); 616 struct nvif_object *device = &svm->drm->client.device.object; 617 struct nouveau_svmm *svmm; 618 struct { 619 struct { 620 struct nvif_ioctl_v0 i; 621 struct nvif_ioctl_mthd_v0 m; 622 struct nvif_vmm_pfnmap_v0 p; 623 } i; 624 u64 phys[16]; 625 } args; 626 unsigned long hmm_pfns[ARRAY_SIZE(args.phys)]; 627 struct vm_area_struct *vma; 628 u64 inst, start, limit; 629 int fi, fn, pi, fill; 630 int replay = 0, ret; 631 632 /* Parse available fault buffer entries into a cache, and update 633 * the GET pointer so HW can reuse the entries. 634 */ 635 SVM_DBG(svm, "fault handler"); 636 if (buffer->get == buffer->put) { 637 buffer->put = nvif_rd32(device, buffer->putaddr); 638 buffer->get = nvif_rd32(device, buffer->getaddr); 639 if (buffer->get == buffer->put) 640 return NVIF_NOTIFY_KEEP; 641 } 642 buffer->fault_nr = 0; 643 644 SVM_DBG(svm, "get %08x put %08x", buffer->get, buffer->put); 645 while (buffer->get != buffer->put) { 646 nouveau_svm_fault_cache(svm, buffer, buffer->get * 0x20); 647 if (++buffer->get == buffer->entries) 648 buffer->get = 0; 649 } 650 nvif_wr32(device, buffer->getaddr, buffer->get); 651 SVM_DBG(svm, "%d fault(s) pending", buffer->fault_nr); 652 653 /* Sort parsed faults by instance pointer to prevent unnecessary 654 * instance to SVMM translations, followed by address and access 655 * type to reduce the amount of work when handling the faults. 656 */ 657 sort(buffer->fault, buffer->fault_nr, sizeof(*buffer->fault), 658 nouveau_svm_fault_cmp, NULL); 659 660 /* Lookup SVMM structure for each unique instance pointer. */ 661 mutex_lock(&svm->mutex); 662 for (fi = 0, svmm = NULL; fi < buffer->fault_nr; fi++) { 663 if (!svmm || buffer->fault[fi]->inst != inst) { 664 struct nouveau_ivmm *ivmm = 665 nouveau_ivmm_find(svm, buffer->fault[fi]->inst); 666 svmm = ivmm ? ivmm->svmm : NULL; 667 inst = buffer->fault[fi]->inst; 668 SVM_DBG(svm, "inst %016llx -> svm-%p", inst, svmm); 669 } 670 buffer->fault[fi]->svmm = svmm; 671 } 672 mutex_unlock(&svm->mutex); 673 674 /* Process list of faults. */ 675 args.i.i.version = 0; 676 args.i.i.type = NVIF_IOCTL_V0_MTHD; 677 args.i.m.version = 0; 678 args.i.m.method = NVIF_VMM_V0_PFNMAP; 679 args.i.p.version = 0; 680 681 for (fi = 0; fn = fi + 1, fi < buffer->fault_nr; fi = fn) { 682 struct svm_notifier notifier; 683 struct mm_struct *mm; 684 685 /* Cancel any faults from non-SVM channels. */ 686 if (!(svmm = buffer->fault[fi]->svmm)) { 687 nouveau_svm_fault_cancel_fault(svm, buffer->fault[fi]); 688 continue; 689 } 690 SVMM_DBG(svmm, "addr %016llx", buffer->fault[fi]->addr); 691 692 /* We try and group handling of faults within a small 693 * window into a single update. 694 */ 695 start = buffer->fault[fi]->addr; 696 limit = start + (ARRAY_SIZE(args.phys) << PAGE_SHIFT); 697 if (start < svmm->unmanaged.limit) 698 limit = min_t(u64, limit, svmm->unmanaged.start); 699 SVMM_DBG(svmm, "wndw %016llx-%016llx", start, limit); 700 701 mm = svmm->notifier.mm; 702 if (!mmget_not_zero(mm)) { 703 nouveau_svm_fault_cancel_fault(svm, buffer->fault[fi]); 704 continue; 705 } 706 707 /* Intersect fault window with the CPU VMA, cancelling 708 * the fault if the address is invalid. 709 */ 710 mmap_read_lock(mm); 711 vma = find_vma_intersection(mm, start, limit); 712 if (!vma) { 713 SVMM_ERR(svmm, "wndw %016llx-%016llx", start, limit); 714 mmap_read_unlock(mm); 715 mmput(mm); 716 nouveau_svm_fault_cancel_fault(svm, buffer->fault[fi]); 717 continue; 718 } 719 start = max_t(u64, start, vma->vm_start); 720 limit = min_t(u64, limit, vma->vm_end); 721 mmap_read_unlock(mm); 722 SVMM_DBG(svmm, "wndw %016llx-%016llx", start, limit); 723 724 if (buffer->fault[fi]->addr != start) { 725 SVMM_ERR(svmm, "addr %016llx", buffer->fault[fi]->addr); 726 mmput(mm); 727 nouveau_svm_fault_cancel_fault(svm, buffer->fault[fi]); 728 continue; 729 } 730 731 /* Prepare the GPU-side update of all pages within the 732 * fault window, determining required pages and access 733 * permissions based on pending faults. 734 */ 735 args.i.p.page = PAGE_SHIFT; 736 args.i.p.addr = start; 737 for (fn = fi, pi = 0;;) { 738 /* Determine required permissions based on GPU fault 739 * access flags. 740 *XXX: atomic? 741 */ 742 switch (buffer->fault[fn]->access) { 743 case 0: /* READ. */ 744 hmm_pfns[pi++] = HMM_PFN_REQ_FAULT; 745 break; 746 case 3: /* PREFETCH. */ 747 hmm_pfns[pi++] = 0; 748 break; 749 default: 750 hmm_pfns[pi++] = HMM_PFN_REQ_FAULT | 751 HMM_PFN_REQ_WRITE; 752 break; 753 } 754 args.i.p.size = pi << PAGE_SHIFT; 755 756 /* It's okay to skip over duplicate addresses from the 757 * same SVMM as faults are ordered by access type such 758 * that only the first one needs to be handled. 759 * 760 * ie. WRITE faults appear first, thus any handling of 761 * pending READ faults will already be satisfied. 762 */ 763 while (++fn < buffer->fault_nr && 764 buffer->fault[fn]->svmm == svmm && 765 buffer->fault[fn ]->addr == 766 buffer->fault[fn - 1]->addr); 767 768 /* If the next fault is outside the window, or all GPU 769 * faults have been dealt with, we're done here. 770 */ 771 if (fn >= buffer->fault_nr || 772 buffer->fault[fn]->svmm != svmm || 773 buffer->fault[fn]->addr >= limit) 774 break; 775 776 /* Fill in the gap between this fault and the next. */ 777 fill = (buffer->fault[fn ]->addr - 778 buffer->fault[fn - 1]->addr) >> PAGE_SHIFT; 779 while (--fill) 780 hmm_pfns[pi++] = 0; 781 } 782 783 SVMM_DBG(svmm, "wndw %016llx-%016llx covering %d fault(s)", 784 args.i.p.addr, 785 args.i.p.addr + args.i.p.size, fn - fi); 786 787 notifier.svmm = svmm; 788 ret = mmu_interval_notifier_insert(¬ifier.notifier, 789 svmm->notifier.mm, 790 args.i.p.addr, args.i.p.size, 791 &nouveau_svm_mni_ops); 792 if (!ret) { 793 ret = nouveau_range_fault( 794 svmm, svm->drm, &args, 795 sizeof(args.i) + pi * sizeof(args.phys[0]), 796 hmm_pfns, args.phys, ¬ifier); 797 mmu_interval_notifier_remove(¬ifier.notifier); 798 } 799 mmput(mm); 800 801 /* Cancel any faults in the window whose pages didn't manage 802 * to keep their valid bit, or stay writeable when required. 803 * 804 * If handling failed completely, cancel all faults. 805 */ 806 while (fi < fn) { 807 struct nouveau_svm_fault *fault = buffer->fault[fi++]; 808 pi = (fault->addr - args.i.p.addr) >> PAGE_SHIFT; 809 if (ret || 810 !(args.phys[pi] & NVIF_VMM_PFNMAP_V0_V) || 811 (!(args.phys[pi] & NVIF_VMM_PFNMAP_V0_W) && 812 fault->access != 0 && fault->access != 3)) { 813 nouveau_svm_fault_cancel_fault(svm, fault); 814 continue; 815 } 816 replay++; 817 } 818 } 819 820 /* Issue fault replay to the GPU. */ 821 if (replay) 822 nouveau_svm_fault_replay(svm); 823 return NVIF_NOTIFY_KEEP; 824 } 825 826 static struct nouveau_pfnmap_args * 827 nouveau_pfns_to_args(void *pfns) 828 { 829 return container_of(pfns, struct nouveau_pfnmap_args, p.phys); 830 } 831 832 u64 * 833 nouveau_pfns_alloc(unsigned long npages) 834 { 835 struct nouveau_pfnmap_args *args; 836 837 args = kzalloc(struct_size(args, p.phys, npages), GFP_KERNEL); 838 if (!args) 839 return NULL; 840 841 args->i.type = NVIF_IOCTL_V0_MTHD; 842 args->m.method = NVIF_VMM_V0_PFNMAP; 843 args->p.page = PAGE_SHIFT; 844 845 return args->p.phys; 846 } 847 848 void 849 nouveau_pfns_free(u64 *pfns) 850 { 851 struct nouveau_pfnmap_args *args = nouveau_pfns_to_args(pfns); 852 853 kfree(args); 854 } 855 856 void 857 nouveau_pfns_map(struct nouveau_svmm *svmm, struct mm_struct *mm, 858 unsigned long addr, u64 *pfns, unsigned long npages) 859 { 860 struct nouveau_pfnmap_args *args = nouveau_pfns_to_args(pfns); 861 int ret; 862 863 args->p.addr = addr; 864 args->p.size = npages << PAGE_SHIFT; 865 866 mutex_lock(&svmm->mutex); 867 868 svmm->vmm->vmm.object.client->super = true; 869 ret = nvif_object_ioctl(&svmm->vmm->vmm.object, args, sizeof(*args) + 870 npages * sizeof(args->p.phys[0]), NULL); 871 svmm->vmm->vmm.object.client->super = false; 872 873 mutex_unlock(&svmm->mutex); 874 } 875 876 static void 877 nouveau_svm_fault_buffer_fini(struct nouveau_svm *svm, int id) 878 { 879 struct nouveau_svm_fault_buffer *buffer = &svm->buffer[id]; 880 nvif_notify_put(&buffer->notify); 881 } 882 883 static int 884 nouveau_svm_fault_buffer_init(struct nouveau_svm *svm, int id) 885 { 886 struct nouveau_svm_fault_buffer *buffer = &svm->buffer[id]; 887 struct nvif_object *device = &svm->drm->client.device.object; 888 buffer->get = nvif_rd32(device, buffer->getaddr); 889 buffer->put = nvif_rd32(device, buffer->putaddr); 890 SVM_DBG(svm, "get %08x put %08x (init)", buffer->get, buffer->put); 891 return nvif_notify_get(&buffer->notify); 892 } 893 894 static void 895 nouveau_svm_fault_buffer_dtor(struct nouveau_svm *svm, int id) 896 { 897 struct nouveau_svm_fault_buffer *buffer = &svm->buffer[id]; 898 int i; 899 900 if (buffer->fault) { 901 for (i = 0; buffer->fault[i] && i < buffer->entries; i++) 902 kfree(buffer->fault[i]); 903 kvfree(buffer->fault); 904 } 905 906 nouveau_svm_fault_buffer_fini(svm, id); 907 908 nvif_notify_dtor(&buffer->notify); 909 nvif_object_dtor(&buffer->object); 910 } 911 912 static int 913 nouveau_svm_fault_buffer_ctor(struct nouveau_svm *svm, s32 oclass, int id) 914 { 915 struct nouveau_svm_fault_buffer *buffer = &svm->buffer[id]; 916 struct nouveau_drm *drm = svm->drm; 917 struct nvif_object *device = &drm->client.device.object; 918 struct nvif_clb069_v0 args = {}; 919 int ret; 920 921 buffer->id = id; 922 923 ret = nvif_object_ctor(device, "svmFaultBuffer", 0, oclass, &args, 924 sizeof(args), &buffer->object); 925 if (ret < 0) { 926 SVM_ERR(svm, "Fault buffer allocation failed: %d", ret); 927 return ret; 928 } 929 930 nvif_object_map(&buffer->object, NULL, 0); 931 buffer->entries = args.entries; 932 buffer->getaddr = args.get; 933 buffer->putaddr = args.put; 934 935 ret = nvif_notify_ctor(&buffer->object, "svmFault", nouveau_svm_fault, 936 true, NVB069_V0_NTFY_FAULT, NULL, 0, 0, 937 &buffer->notify); 938 if (ret) 939 return ret; 940 941 buffer->fault = kvzalloc(sizeof(*buffer->fault) * buffer->entries, GFP_KERNEL); 942 if (!buffer->fault) 943 return -ENOMEM; 944 945 return nouveau_svm_fault_buffer_init(svm, id); 946 } 947 948 void 949 nouveau_svm_resume(struct nouveau_drm *drm) 950 { 951 struct nouveau_svm *svm = drm->svm; 952 if (svm) 953 nouveau_svm_fault_buffer_init(svm, 0); 954 } 955 956 void 957 nouveau_svm_suspend(struct nouveau_drm *drm) 958 { 959 struct nouveau_svm *svm = drm->svm; 960 if (svm) 961 nouveau_svm_fault_buffer_fini(svm, 0); 962 } 963 964 void 965 nouveau_svm_fini(struct nouveau_drm *drm) 966 { 967 struct nouveau_svm *svm = drm->svm; 968 if (svm) { 969 nouveau_svm_fault_buffer_dtor(svm, 0); 970 kfree(drm->svm); 971 drm->svm = NULL; 972 } 973 } 974 975 void 976 nouveau_svm_init(struct nouveau_drm *drm) 977 { 978 static const struct nvif_mclass buffers[] = { 979 { VOLTA_FAULT_BUFFER_A, 0 }, 980 { MAXWELL_FAULT_BUFFER_A, 0 }, 981 {} 982 }; 983 struct nouveau_svm *svm; 984 int ret; 985 986 /* Disable on Volta and newer until channel recovery is fixed, 987 * otherwise clients will have a trivial way to trash the GPU 988 * for everyone. 989 */ 990 if (drm->client.device.info.family > NV_DEVICE_INFO_V0_PASCAL) 991 return; 992 993 if (!(drm->svm = svm = kzalloc(sizeof(*drm->svm), GFP_KERNEL))) 994 return; 995 996 drm->svm->drm = drm; 997 mutex_init(&drm->svm->mutex); 998 INIT_LIST_HEAD(&drm->svm->inst); 999 1000 ret = nvif_mclass(&drm->client.device.object, buffers); 1001 if (ret < 0) { 1002 SVM_DBG(svm, "No supported fault buffer class"); 1003 nouveau_svm_fini(drm); 1004 return; 1005 } 1006 1007 ret = nouveau_svm_fault_buffer_ctor(svm, buffers[ret].oclass, 0); 1008 if (ret) { 1009 nouveau_svm_fini(drm); 1010 return; 1011 } 1012 1013 SVM_DBG(svm, "Initialised"); 1014 } 1015