1 /* 2 * Copyright 2018 Red Hat Inc. 3 * 4 * Permission is hereby granted, free of charge, to any person obtaining a 5 * copy of this software and associated documentation files (the "Software"), 6 * to deal in the Software without restriction, including without limitation 7 * the rights to use, copy, modify, merge, publish, distribute, sublicense, 8 * and/or sell copies of the Software, and to permit persons to whom the 9 * Software is furnished to do so, subject to the following conditions: 10 * 11 * The above copyright notice and this permission notice shall be included in 12 * all copies or substantial portions of the Software. 13 * 14 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 15 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 17 * THE COPYRIGHT HOLDER(S) OR AUTHOR(S) BE LIABLE FOR ANY CLAIM, DAMAGES OR 18 * OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, 19 * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR 20 * OTHER DEALINGS IN THE SOFTWARE. 21 */ 22 #include "nouveau_svm.h" 23 #include "nouveau_drv.h" 24 #include "nouveau_chan.h" 25 #include "nouveau_dmem.h" 26 27 #include <nvif/notify.h> 28 #include <nvif/object.h> 29 #include <nvif/vmm.h> 30 31 #include <nvif/class.h> 32 #include <nvif/clb069.h> 33 #include <nvif/ifc00d.h> 34 35 #include <linux/sched/mm.h> 36 #include <linux/sort.h> 37 #include <linux/hmm.h> 38 39 struct nouveau_svm { 40 struct nouveau_drm *drm; 41 struct mutex mutex; 42 struct list_head inst; 43 44 struct nouveau_svm_fault_buffer { 45 int id; 46 struct nvif_object object; 47 u32 entries; 48 u32 getaddr; 49 u32 putaddr; 50 u32 get; 51 u32 put; 52 struct nvif_notify notify; 53 54 struct nouveau_svm_fault { 55 u64 inst; 56 u64 addr; 57 u64 time; 58 u32 engine; 59 u8 gpc; 60 u8 hub; 61 u8 access; 62 u8 client; 63 u8 fault; 64 struct nouveau_svmm *svmm; 65 } **fault; 66 int fault_nr; 67 } buffer[1]; 68 }; 69 70 #define SVM_DBG(s,f,a...) NV_DEBUG((s)->drm, "svm: "f"\n", ##a) 71 #define SVM_ERR(s,f,a...) NV_WARN((s)->drm, "svm: "f"\n", ##a) 72 73 struct nouveau_pfnmap_args { 74 struct nvif_ioctl_v0 i; 75 struct nvif_ioctl_mthd_v0 m; 76 struct nvif_vmm_pfnmap_v0 p; 77 }; 78 79 struct nouveau_ivmm { 80 struct nouveau_svmm *svmm; 81 u64 inst; 82 struct list_head head; 83 }; 84 85 static struct nouveau_ivmm * 86 nouveau_ivmm_find(struct nouveau_svm *svm, u64 inst) 87 { 88 struct nouveau_ivmm *ivmm; 89 list_for_each_entry(ivmm, &svm->inst, head) { 90 if (ivmm->inst == inst) 91 return ivmm; 92 } 93 return NULL; 94 } 95 96 #define SVMM_DBG(s,f,a...) \ 97 NV_DEBUG((s)->vmm->cli->drm, "svm-%p: "f"\n", (s), ##a) 98 #define SVMM_ERR(s,f,a...) \ 99 NV_WARN((s)->vmm->cli->drm, "svm-%p: "f"\n", (s), ##a) 100 101 int 102 nouveau_svmm_bind(struct drm_device *dev, void *data, 103 struct drm_file *file_priv) 104 { 105 struct nouveau_cli *cli = nouveau_cli(file_priv); 106 struct drm_nouveau_svm_bind *args = data; 107 unsigned target, cmd, priority; 108 unsigned long addr, end, size; 109 struct mm_struct *mm; 110 111 args->va_start &= PAGE_MASK; 112 args->va_end &= PAGE_MASK; 113 114 /* Sanity check arguments */ 115 if (args->reserved0 || args->reserved1) 116 return -EINVAL; 117 if (args->header & (~NOUVEAU_SVM_BIND_VALID_MASK)) 118 return -EINVAL; 119 if (args->va_start >= args->va_end) 120 return -EINVAL; 121 if (!args->npages) 122 return -EINVAL; 123 124 cmd = args->header >> NOUVEAU_SVM_BIND_COMMAND_SHIFT; 125 cmd &= NOUVEAU_SVM_BIND_COMMAND_MASK; 126 switch (cmd) { 127 case NOUVEAU_SVM_BIND_COMMAND__MIGRATE: 128 break; 129 default: 130 return -EINVAL; 131 } 132 133 priority = args->header >> NOUVEAU_SVM_BIND_PRIORITY_SHIFT; 134 priority &= NOUVEAU_SVM_BIND_PRIORITY_MASK; 135 136 /* FIXME support CPU target ie all target value < GPU_VRAM */ 137 target = args->header >> NOUVEAU_SVM_BIND_TARGET_SHIFT; 138 target &= NOUVEAU_SVM_BIND_TARGET_MASK; 139 switch (target) { 140 case NOUVEAU_SVM_BIND_TARGET__GPU_VRAM: 141 break; 142 default: 143 return -EINVAL; 144 } 145 146 /* 147 * FIXME: For now refuse non 0 stride, we need to change the migrate 148 * kernel function to handle stride to avoid to create a mess within 149 * each device driver. 150 */ 151 if (args->stride) 152 return -EINVAL; 153 154 size = ((unsigned long)args->npages) << PAGE_SHIFT; 155 if ((args->va_start + size) <= args->va_start) 156 return -EINVAL; 157 if ((args->va_start + size) > args->va_end) 158 return -EINVAL; 159 160 /* 161 * Ok we are ask to do something sane, for now we only support migrate 162 * commands but we will add things like memory policy (what to do on 163 * page fault) and maybe some other commands. 164 */ 165 166 mm = get_task_mm(current); 167 mmap_read_lock(mm); 168 169 if (!cli->svm.svmm) { 170 mmap_read_unlock(mm); 171 return -EINVAL; 172 } 173 174 for (addr = args->va_start, end = args->va_start + size; addr < end;) { 175 struct vm_area_struct *vma; 176 unsigned long next; 177 178 vma = find_vma_intersection(mm, addr, end); 179 if (!vma) 180 break; 181 182 addr = max(addr, vma->vm_start); 183 next = min(vma->vm_end, end); 184 /* This is a best effort so we ignore errors */ 185 nouveau_dmem_migrate_vma(cli->drm, cli->svm.svmm, vma, addr, 186 next); 187 addr = next; 188 } 189 190 /* 191 * FIXME Return the number of page we have migrated, again we need to 192 * update the migrate API to return that information so that we can 193 * report it to user space. 194 */ 195 args->result = 0; 196 197 mmap_read_unlock(mm); 198 mmput(mm); 199 200 return 0; 201 } 202 203 /* Unlink channel instance from SVMM. */ 204 void 205 nouveau_svmm_part(struct nouveau_svmm *svmm, u64 inst) 206 { 207 struct nouveau_ivmm *ivmm; 208 if (svmm) { 209 mutex_lock(&svmm->vmm->cli->drm->svm->mutex); 210 ivmm = nouveau_ivmm_find(svmm->vmm->cli->drm->svm, inst); 211 if (ivmm) { 212 list_del(&ivmm->head); 213 kfree(ivmm); 214 } 215 mutex_unlock(&svmm->vmm->cli->drm->svm->mutex); 216 } 217 } 218 219 /* Link channel instance to SVMM. */ 220 int 221 nouveau_svmm_join(struct nouveau_svmm *svmm, u64 inst) 222 { 223 struct nouveau_ivmm *ivmm; 224 if (svmm) { 225 if (!(ivmm = kmalloc(sizeof(*ivmm), GFP_KERNEL))) 226 return -ENOMEM; 227 ivmm->svmm = svmm; 228 ivmm->inst = inst; 229 230 mutex_lock(&svmm->vmm->cli->drm->svm->mutex); 231 list_add(&ivmm->head, &svmm->vmm->cli->drm->svm->inst); 232 mutex_unlock(&svmm->vmm->cli->drm->svm->mutex); 233 } 234 return 0; 235 } 236 237 /* Invalidate SVMM address-range on GPU. */ 238 void 239 nouveau_svmm_invalidate(struct nouveau_svmm *svmm, u64 start, u64 limit) 240 { 241 if (limit > start) { 242 bool super = svmm->vmm->vmm.object.client->super; 243 svmm->vmm->vmm.object.client->super = true; 244 nvif_object_mthd(&svmm->vmm->vmm.object, NVIF_VMM_V0_PFNCLR, 245 &(struct nvif_vmm_pfnclr_v0) { 246 .addr = start, 247 .size = limit - start, 248 }, sizeof(struct nvif_vmm_pfnclr_v0)); 249 svmm->vmm->vmm.object.client->super = super; 250 } 251 } 252 253 static int 254 nouveau_svmm_invalidate_range_start(struct mmu_notifier *mn, 255 const struct mmu_notifier_range *update) 256 { 257 struct nouveau_svmm *svmm = 258 container_of(mn, struct nouveau_svmm, notifier); 259 unsigned long start = update->start; 260 unsigned long limit = update->end; 261 262 if (!mmu_notifier_range_blockable(update)) 263 return -EAGAIN; 264 265 SVMM_DBG(svmm, "invalidate %016lx-%016lx", start, limit); 266 267 mutex_lock(&svmm->mutex); 268 if (unlikely(!svmm->vmm)) 269 goto out; 270 271 /* 272 * Ignore invalidation callbacks for device private pages since 273 * the invalidation is handled as part of the migration process. 274 */ 275 if (update->event == MMU_NOTIFY_MIGRATE && 276 update->migrate_pgmap_owner == svmm->vmm->cli->drm->dev) 277 goto out; 278 279 if (limit > svmm->unmanaged.start && start < svmm->unmanaged.limit) { 280 if (start < svmm->unmanaged.start) { 281 nouveau_svmm_invalidate(svmm, start, 282 svmm->unmanaged.limit); 283 } 284 start = svmm->unmanaged.limit; 285 } 286 287 nouveau_svmm_invalidate(svmm, start, limit); 288 289 out: 290 mutex_unlock(&svmm->mutex); 291 return 0; 292 } 293 294 static void nouveau_svmm_free_notifier(struct mmu_notifier *mn) 295 { 296 kfree(container_of(mn, struct nouveau_svmm, notifier)); 297 } 298 299 static const struct mmu_notifier_ops nouveau_mn_ops = { 300 .invalidate_range_start = nouveau_svmm_invalidate_range_start, 301 .free_notifier = nouveau_svmm_free_notifier, 302 }; 303 304 void 305 nouveau_svmm_fini(struct nouveau_svmm **psvmm) 306 { 307 struct nouveau_svmm *svmm = *psvmm; 308 if (svmm) { 309 mutex_lock(&svmm->mutex); 310 svmm->vmm = NULL; 311 mutex_unlock(&svmm->mutex); 312 mmu_notifier_put(&svmm->notifier); 313 *psvmm = NULL; 314 } 315 } 316 317 int 318 nouveau_svmm_init(struct drm_device *dev, void *data, 319 struct drm_file *file_priv) 320 { 321 struct nouveau_cli *cli = nouveau_cli(file_priv); 322 struct nouveau_svmm *svmm; 323 struct drm_nouveau_svm_init *args = data; 324 int ret; 325 326 /* Allocate tracking for SVM-enabled VMM. */ 327 if (!(svmm = kzalloc(sizeof(*svmm), GFP_KERNEL))) 328 return -ENOMEM; 329 svmm->vmm = &cli->svm; 330 svmm->unmanaged.start = args->unmanaged_addr; 331 svmm->unmanaged.limit = args->unmanaged_addr + args->unmanaged_size; 332 mutex_init(&svmm->mutex); 333 334 /* Check that SVM isn't already enabled for the client. */ 335 mutex_lock(&cli->mutex); 336 if (cli->svm.cli) { 337 ret = -EBUSY; 338 goto out_free; 339 } 340 341 /* Allocate a new GPU VMM that can support SVM (managed by the 342 * client, with replayable faults enabled). 343 * 344 * All future channel/memory allocations will make use of this 345 * VMM instead of the standard one. 346 */ 347 ret = nvif_vmm_ctor(&cli->mmu, "svmVmm", 348 cli->vmm.vmm.object.oclass, true, 349 args->unmanaged_addr, args->unmanaged_size, 350 &(struct gp100_vmm_v0) { 351 .fault_replay = true, 352 }, sizeof(struct gp100_vmm_v0), &cli->svm.vmm); 353 if (ret) 354 goto out_free; 355 356 mmap_write_lock(current->mm); 357 svmm->notifier.ops = &nouveau_mn_ops; 358 ret = __mmu_notifier_register(&svmm->notifier, current->mm); 359 if (ret) 360 goto out_mm_unlock; 361 /* Note, ownership of svmm transfers to mmu_notifier */ 362 363 cli->svm.svmm = svmm; 364 cli->svm.cli = cli; 365 mmap_write_unlock(current->mm); 366 mutex_unlock(&cli->mutex); 367 return 0; 368 369 out_mm_unlock: 370 mmap_write_unlock(current->mm); 371 out_free: 372 mutex_unlock(&cli->mutex); 373 kfree(svmm); 374 return ret; 375 } 376 377 /* Issue fault replay for GPU to retry accesses that faulted previously. */ 378 static void 379 nouveau_svm_fault_replay(struct nouveau_svm *svm) 380 { 381 SVM_DBG(svm, "replay"); 382 WARN_ON(nvif_object_mthd(&svm->drm->client.vmm.vmm.object, 383 GP100_VMM_VN_FAULT_REPLAY, 384 &(struct gp100_vmm_fault_replay_vn) {}, 385 sizeof(struct gp100_vmm_fault_replay_vn))); 386 } 387 388 /* Cancel a replayable fault that could not be handled. 389 * 390 * Cancelling the fault will trigger recovery to reset the engine 391 * and kill the offending channel (ie. GPU SIGSEGV). 392 */ 393 static void 394 nouveau_svm_fault_cancel(struct nouveau_svm *svm, 395 u64 inst, u8 hub, u8 gpc, u8 client) 396 { 397 SVM_DBG(svm, "cancel %016llx %d %02x %02x", inst, hub, gpc, client); 398 WARN_ON(nvif_object_mthd(&svm->drm->client.vmm.vmm.object, 399 GP100_VMM_VN_FAULT_CANCEL, 400 &(struct gp100_vmm_fault_cancel_v0) { 401 .hub = hub, 402 .gpc = gpc, 403 .client = client, 404 .inst = inst, 405 }, sizeof(struct gp100_vmm_fault_cancel_v0))); 406 } 407 408 static void 409 nouveau_svm_fault_cancel_fault(struct nouveau_svm *svm, 410 struct nouveau_svm_fault *fault) 411 { 412 nouveau_svm_fault_cancel(svm, fault->inst, 413 fault->hub, 414 fault->gpc, 415 fault->client); 416 } 417 418 static int 419 nouveau_svm_fault_cmp(const void *a, const void *b) 420 { 421 const struct nouveau_svm_fault *fa = *(struct nouveau_svm_fault **)a; 422 const struct nouveau_svm_fault *fb = *(struct nouveau_svm_fault **)b; 423 int ret; 424 if ((ret = (s64)fa->inst - fb->inst)) 425 return ret; 426 if ((ret = (s64)fa->addr - fb->addr)) 427 return ret; 428 /*XXX: atomic? */ 429 return (fa->access == 0 || fa->access == 3) - 430 (fb->access == 0 || fb->access == 3); 431 } 432 433 static void 434 nouveau_svm_fault_cache(struct nouveau_svm *svm, 435 struct nouveau_svm_fault_buffer *buffer, u32 offset) 436 { 437 struct nvif_object *memory = &buffer->object; 438 const u32 instlo = nvif_rd32(memory, offset + 0x00); 439 const u32 insthi = nvif_rd32(memory, offset + 0x04); 440 const u32 addrlo = nvif_rd32(memory, offset + 0x08); 441 const u32 addrhi = nvif_rd32(memory, offset + 0x0c); 442 const u32 timelo = nvif_rd32(memory, offset + 0x10); 443 const u32 timehi = nvif_rd32(memory, offset + 0x14); 444 const u32 engine = nvif_rd32(memory, offset + 0x18); 445 const u32 info = nvif_rd32(memory, offset + 0x1c); 446 const u64 inst = (u64)insthi << 32 | instlo; 447 const u8 gpc = (info & 0x1f000000) >> 24; 448 const u8 hub = (info & 0x00100000) >> 20; 449 const u8 client = (info & 0x00007f00) >> 8; 450 struct nouveau_svm_fault *fault; 451 452 //XXX: i think we're supposed to spin waiting */ 453 if (WARN_ON(!(info & 0x80000000))) 454 return; 455 456 nvif_mask(memory, offset + 0x1c, 0x80000000, 0x00000000); 457 458 if (!buffer->fault[buffer->fault_nr]) { 459 fault = kmalloc(sizeof(*fault), GFP_KERNEL); 460 if (WARN_ON(!fault)) { 461 nouveau_svm_fault_cancel(svm, inst, hub, gpc, client); 462 return; 463 } 464 buffer->fault[buffer->fault_nr] = fault; 465 } 466 467 fault = buffer->fault[buffer->fault_nr++]; 468 fault->inst = inst; 469 fault->addr = (u64)addrhi << 32 | addrlo; 470 fault->time = (u64)timehi << 32 | timelo; 471 fault->engine = engine; 472 fault->gpc = gpc; 473 fault->hub = hub; 474 fault->access = (info & 0x000f0000) >> 16; 475 fault->client = client; 476 fault->fault = (info & 0x0000001f); 477 478 SVM_DBG(svm, "fault %016llx %016llx %02x", 479 fault->inst, fault->addr, fault->access); 480 } 481 482 struct svm_notifier { 483 struct mmu_interval_notifier notifier; 484 struct nouveau_svmm *svmm; 485 }; 486 487 static bool nouveau_svm_range_invalidate(struct mmu_interval_notifier *mni, 488 const struct mmu_notifier_range *range, 489 unsigned long cur_seq) 490 { 491 struct svm_notifier *sn = 492 container_of(mni, struct svm_notifier, notifier); 493 494 /* 495 * serializes the update to mni->invalidate_seq done by caller and 496 * prevents invalidation of the PTE from progressing while HW is being 497 * programmed. This is very hacky and only works because the normal 498 * notifier that does invalidation is always called after the range 499 * notifier. 500 */ 501 if (mmu_notifier_range_blockable(range)) 502 mutex_lock(&sn->svmm->mutex); 503 else if (!mutex_trylock(&sn->svmm->mutex)) 504 return false; 505 mmu_interval_set_seq(mni, cur_seq); 506 mutex_unlock(&sn->svmm->mutex); 507 return true; 508 } 509 510 static const struct mmu_interval_notifier_ops nouveau_svm_mni_ops = { 511 .invalidate = nouveau_svm_range_invalidate, 512 }; 513 514 static void nouveau_hmm_convert_pfn(struct nouveau_drm *drm, 515 struct hmm_range *range, 516 struct nouveau_pfnmap_args *args) 517 { 518 struct page *page; 519 520 /* 521 * The address prepared here is passed through nvif_object_ioctl() 522 * to an eventual DMA map in something like gp100_vmm_pgt_pfn() 523 * 524 * This is all just encoding the internal hmm representation into a 525 * different nouveau internal representation. 526 */ 527 if (!(range->hmm_pfns[0] & HMM_PFN_VALID)) { 528 args->p.phys[0] = 0; 529 return; 530 } 531 532 page = hmm_pfn_to_page(range->hmm_pfns[0]); 533 /* 534 * Only map compound pages to the GPU if the CPU is also mapping the 535 * page as a compound page. Otherwise, the PTE protections might not be 536 * consistent (e.g., CPU only maps part of a compound page). 537 * Note that the underlying page might still be larger than the 538 * CPU mapping (e.g., a PUD sized compound page partially mapped with 539 * a PMD sized page table entry). 540 */ 541 if (hmm_pfn_to_map_order(range->hmm_pfns[0])) { 542 unsigned long addr = args->p.addr; 543 544 args->p.page = hmm_pfn_to_map_order(range->hmm_pfns[0]) + 545 PAGE_SHIFT; 546 args->p.size = 1UL << args->p.page; 547 args->p.addr &= ~(args->p.size - 1); 548 page -= (addr - args->p.addr) >> PAGE_SHIFT; 549 } 550 if (is_device_private_page(page)) 551 args->p.phys[0] = nouveau_dmem_page_addr(page) | 552 NVIF_VMM_PFNMAP_V0_V | 553 NVIF_VMM_PFNMAP_V0_VRAM; 554 else 555 args->p.phys[0] = page_to_phys(page) | 556 NVIF_VMM_PFNMAP_V0_V | 557 NVIF_VMM_PFNMAP_V0_HOST; 558 if (range->hmm_pfns[0] & HMM_PFN_WRITE) 559 args->p.phys[0] |= NVIF_VMM_PFNMAP_V0_W; 560 } 561 562 static int nouveau_range_fault(struct nouveau_svmm *svmm, 563 struct nouveau_drm *drm, 564 struct nouveau_pfnmap_args *args, u32 size, 565 unsigned long hmm_flags, 566 struct svm_notifier *notifier) 567 { 568 unsigned long timeout = 569 jiffies + msecs_to_jiffies(HMM_RANGE_DEFAULT_TIMEOUT); 570 /* Have HMM fault pages within the fault window to the GPU. */ 571 unsigned long hmm_pfns[1]; 572 struct hmm_range range = { 573 .notifier = ¬ifier->notifier, 574 .start = notifier->notifier.interval_tree.start, 575 .end = notifier->notifier.interval_tree.last + 1, 576 .default_flags = hmm_flags, 577 .hmm_pfns = hmm_pfns, 578 .dev_private_owner = drm->dev, 579 }; 580 struct mm_struct *mm = notifier->notifier.mm; 581 int ret; 582 583 while (true) { 584 if (time_after(jiffies, timeout)) 585 return -EBUSY; 586 587 range.notifier_seq = mmu_interval_read_begin(range.notifier); 588 mmap_read_lock(mm); 589 ret = hmm_range_fault(&range); 590 mmap_read_unlock(mm); 591 if (ret) { 592 if (ret == -EBUSY) 593 continue; 594 return ret; 595 } 596 597 mutex_lock(&svmm->mutex); 598 if (mmu_interval_read_retry(range.notifier, 599 range.notifier_seq)) { 600 mutex_unlock(&svmm->mutex); 601 continue; 602 } 603 break; 604 } 605 606 nouveau_hmm_convert_pfn(drm, &range, args); 607 608 svmm->vmm->vmm.object.client->super = true; 609 ret = nvif_object_ioctl(&svmm->vmm->vmm.object, args, size, NULL); 610 svmm->vmm->vmm.object.client->super = false; 611 mutex_unlock(&svmm->mutex); 612 613 return ret; 614 } 615 616 static int 617 nouveau_svm_fault(struct nvif_notify *notify) 618 { 619 struct nouveau_svm_fault_buffer *buffer = 620 container_of(notify, typeof(*buffer), notify); 621 struct nouveau_svm *svm = 622 container_of(buffer, typeof(*svm), buffer[buffer->id]); 623 struct nvif_object *device = &svm->drm->client.device.object; 624 struct nouveau_svmm *svmm; 625 struct { 626 struct nouveau_pfnmap_args i; 627 u64 phys[1]; 628 } args; 629 unsigned long hmm_flags; 630 u64 inst, start, limit; 631 int fi, fn; 632 int replay = 0, ret; 633 634 /* Parse available fault buffer entries into a cache, and update 635 * the GET pointer so HW can reuse the entries. 636 */ 637 SVM_DBG(svm, "fault handler"); 638 if (buffer->get == buffer->put) { 639 buffer->put = nvif_rd32(device, buffer->putaddr); 640 buffer->get = nvif_rd32(device, buffer->getaddr); 641 if (buffer->get == buffer->put) 642 return NVIF_NOTIFY_KEEP; 643 } 644 buffer->fault_nr = 0; 645 646 SVM_DBG(svm, "get %08x put %08x", buffer->get, buffer->put); 647 while (buffer->get != buffer->put) { 648 nouveau_svm_fault_cache(svm, buffer, buffer->get * 0x20); 649 if (++buffer->get == buffer->entries) 650 buffer->get = 0; 651 } 652 nvif_wr32(device, buffer->getaddr, buffer->get); 653 SVM_DBG(svm, "%d fault(s) pending", buffer->fault_nr); 654 655 /* Sort parsed faults by instance pointer to prevent unnecessary 656 * instance to SVMM translations, followed by address and access 657 * type to reduce the amount of work when handling the faults. 658 */ 659 sort(buffer->fault, buffer->fault_nr, sizeof(*buffer->fault), 660 nouveau_svm_fault_cmp, NULL); 661 662 /* Lookup SVMM structure for each unique instance pointer. */ 663 mutex_lock(&svm->mutex); 664 for (fi = 0, svmm = NULL; fi < buffer->fault_nr; fi++) { 665 if (!svmm || buffer->fault[fi]->inst != inst) { 666 struct nouveau_ivmm *ivmm = 667 nouveau_ivmm_find(svm, buffer->fault[fi]->inst); 668 svmm = ivmm ? ivmm->svmm : NULL; 669 inst = buffer->fault[fi]->inst; 670 SVM_DBG(svm, "inst %016llx -> svm-%p", inst, svmm); 671 } 672 buffer->fault[fi]->svmm = svmm; 673 } 674 mutex_unlock(&svm->mutex); 675 676 /* Process list of faults. */ 677 args.i.i.version = 0; 678 args.i.i.type = NVIF_IOCTL_V0_MTHD; 679 args.i.m.version = 0; 680 args.i.m.method = NVIF_VMM_V0_PFNMAP; 681 args.i.p.version = 0; 682 683 for (fi = 0; fn = fi + 1, fi < buffer->fault_nr; fi = fn) { 684 struct svm_notifier notifier; 685 struct mm_struct *mm; 686 687 /* Cancel any faults from non-SVM channels. */ 688 if (!(svmm = buffer->fault[fi]->svmm)) { 689 nouveau_svm_fault_cancel_fault(svm, buffer->fault[fi]); 690 continue; 691 } 692 SVMM_DBG(svmm, "addr %016llx", buffer->fault[fi]->addr); 693 694 /* We try and group handling of faults within a small 695 * window into a single update. 696 */ 697 start = buffer->fault[fi]->addr; 698 limit = start + PAGE_SIZE; 699 if (start < svmm->unmanaged.limit) 700 limit = min_t(u64, limit, svmm->unmanaged.start); 701 702 /* 703 * Prepare the GPU-side update of all pages within the 704 * fault window, determining required pages and access 705 * permissions based on pending faults. 706 */ 707 args.i.p.addr = start; 708 args.i.p.page = PAGE_SHIFT; 709 args.i.p.size = PAGE_SIZE; 710 /* 711 * Determine required permissions based on GPU fault 712 * access flags. 713 * XXX: atomic? 714 */ 715 switch (buffer->fault[fi]->access) { 716 case 0: /* READ. */ 717 hmm_flags = HMM_PFN_REQ_FAULT; 718 break; 719 case 3: /* PREFETCH. */ 720 hmm_flags = 0; 721 break; 722 default: 723 hmm_flags = HMM_PFN_REQ_FAULT | HMM_PFN_REQ_WRITE; 724 break; 725 } 726 727 mm = svmm->notifier.mm; 728 if (!mmget_not_zero(mm)) { 729 nouveau_svm_fault_cancel_fault(svm, buffer->fault[fi]); 730 continue; 731 } 732 733 notifier.svmm = svmm; 734 ret = mmu_interval_notifier_insert(¬ifier.notifier, mm, 735 args.i.p.addr, args.i.p.size, 736 &nouveau_svm_mni_ops); 737 if (!ret) { 738 ret = nouveau_range_fault(svmm, svm->drm, &args.i, 739 sizeof(args), hmm_flags, ¬ifier); 740 mmu_interval_notifier_remove(¬ifier.notifier); 741 } 742 mmput(mm); 743 744 limit = args.i.p.addr + args.i.p.size; 745 for (fn = fi; ++fn < buffer->fault_nr; ) { 746 /* It's okay to skip over duplicate addresses from the 747 * same SVMM as faults are ordered by access type such 748 * that only the first one needs to be handled. 749 * 750 * ie. WRITE faults appear first, thus any handling of 751 * pending READ faults will already be satisfied. 752 * But if a large page is mapped, make sure subsequent 753 * fault addresses have sufficient access permission. 754 */ 755 if (buffer->fault[fn]->svmm != svmm || 756 buffer->fault[fn]->addr >= limit || 757 (buffer->fault[fi]->access == 0 /* READ. */ && 758 !(args.phys[0] & NVIF_VMM_PFNMAP_V0_V)) || 759 (buffer->fault[fi]->access != 0 /* READ. */ && 760 buffer->fault[fi]->access != 3 /* PREFETCH. */ && 761 !(args.phys[0] & NVIF_VMM_PFNMAP_V0_W))) 762 break; 763 } 764 765 /* If handling failed completely, cancel all faults. */ 766 if (ret) { 767 while (fi < fn) { 768 struct nouveau_svm_fault *fault = 769 buffer->fault[fi++]; 770 771 nouveau_svm_fault_cancel_fault(svm, fault); 772 } 773 } else 774 replay++; 775 } 776 777 /* Issue fault replay to the GPU. */ 778 if (replay) 779 nouveau_svm_fault_replay(svm); 780 return NVIF_NOTIFY_KEEP; 781 } 782 783 static struct nouveau_pfnmap_args * 784 nouveau_pfns_to_args(void *pfns) 785 { 786 return container_of(pfns, struct nouveau_pfnmap_args, p.phys); 787 } 788 789 u64 * 790 nouveau_pfns_alloc(unsigned long npages) 791 { 792 struct nouveau_pfnmap_args *args; 793 794 args = kzalloc(struct_size(args, p.phys, npages), GFP_KERNEL); 795 if (!args) 796 return NULL; 797 798 args->i.type = NVIF_IOCTL_V0_MTHD; 799 args->m.method = NVIF_VMM_V0_PFNMAP; 800 args->p.page = PAGE_SHIFT; 801 802 return args->p.phys; 803 } 804 805 void 806 nouveau_pfns_free(u64 *pfns) 807 { 808 struct nouveau_pfnmap_args *args = nouveau_pfns_to_args(pfns); 809 810 kfree(args); 811 } 812 813 void 814 nouveau_pfns_map(struct nouveau_svmm *svmm, struct mm_struct *mm, 815 unsigned long addr, u64 *pfns, unsigned long npages) 816 { 817 struct nouveau_pfnmap_args *args = nouveau_pfns_to_args(pfns); 818 int ret; 819 820 args->p.addr = addr; 821 args->p.size = npages << PAGE_SHIFT; 822 823 mutex_lock(&svmm->mutex); 824 825 svmm->vmm->vmm.object.client->super = true; 826 ret = nvif_object_ioctl(&svmm->vmm->vmm.object, args, sizeof(*args) + 827 npages * sizeof(args->p.phys[0]), NULL); 828 svmm->vmm->vmm.object.client->super = false; 829 830 mutex_unlock(&svmm->mutex); 831 } 832 833 static void 834 nouveau_svm_fault_buffer_fini(struct nouveau_svm *svm, int id) 835 { 836 struct nouveau_svm_fault_buffer *buffer = &svm->buffer[id]; 837 nvif_notify_put(&buffer->notify); 838 } 839 840 static int 841 nouveau_svm_fault_buffer_init(struct nouveau_svm *svm, int id) 842 { 843 struct nouveau_svm_fault_buffer *buffer = &svm->buffer[id]; 844 struct nvif_object *device = &svm->drm->client.device.object; 845 buffer->get = nvif_rd32(device, buffer->getaddr); 846 buffer->put = nvif_rd32(device, buffer->putaddr); 847 SVM_DBG(svm, "get %08x put %08x (init)", buffer->get, buffer->put); 848 return nvif_notify_get(&buffer->notify); 849 } 850 851 static void 852 nouveau_svm_fault_buffer_dtor(struct nouveau_svm *svm, int id) 853 { 854 struct nouveau_svm_fault_buffer *buffer = &svm->buffer[id]; 855 int i; 856 857 if (buffer->fault) { 858 for (i = 0; buffer->fault[i] && i < buffer->entries; i++) 859 kfree(buffer->fault[i]); 860 kvfree(buffer->fault); 861 } 862 863 nouveau_svm_fault_buffer_fini(svm, id); 864 865 nvif_notify_dtor(&buffer->notify); 866 nvif_object_dtor(&buffer->object); 867 } 868 869 static int 870 nouveau_svm_fault_buffer_ctor(struct nouveau_svm *svm, s32 oclass, int id) 871 { 872 struct nouveau_svm_fault_buffer *buffer = &svm->buffer[id]; 873 struct nouveau_drm *drm = svm->drm; 874 struct nvif_object *device = &drm->client.device.object; 875 struct nvif_clb069_v0 args = {}; 876 int ret; 877 878 buffer->id = id; 879 880 ret = nvif_object_ctor(device, "svmFaultBuffer", 0, oclass, &args, 881 sizeof(args), &buffer->object); 882 if (ret < 0) { 883 SVM_ERR(svm, "Fault buffer allocation failed: %d", ret); 884 return ret; 885 } 886 887 nvif_object_map(&buffer->object, NULL, 0); 888 buffer->entries = args.entries; 889 buffer->getaddr = args.get; 890 buffer->putaddr = args.put; 891 892 ret = nvif_notify_ctor(&buffer->object, "svmFault", nouveau_svm_fault, 893 true, NVB069_V0_NTFY_FAULT, NULL, 0, 0, 894 &buffer->notify); 895 if (ret) 896 return ret; 897 898 buffer->fault = kvzalloc(sizeof(*buffer->fault) * buffer->entries, GFP_KERNEL); 899 if (!buffer->fault) 900 return -ENOMEM; 901 902 return nouveau_svm_fault_buffer_init(svm, id); 903 } 904 905 void 906 nouveau_svm_resume(struct nouveau_drm *drm) 907 { 908 struct nouveau_svm *svm = drm->svm; 909 if (svm) 910 nouveau_svm_fault_buffer_init(svm, 0); 911 } 912 913 void 914 nouveau_svm_suspend(struct nouveau_drm *drm) 915 { 916 struct nouveau_svm *svm = drm->svm; 917 if (svm) 918 nouveau_svm_fault_buffer_fini(svm, 0); 919 } 920 921 void 922 nouveau_svm_fini(struct nouveau_drm *drm) 923 { 924 struct nouveau_svm *svm = drm->svm; 925 if (svm) { 926 nouveau_svm_fault_buffer_dtor(svm, 0); 927 kfree(drm->svm); 928 drm->svm = NULL; 929 } 930 } 931 932 void 933 nouveau_svm_init(struct nouveau_drm *drm) 934 { 935 static const struct nvif_mclass buffers[] = { 936 { VOLTA_FAULT_BUFFER_A, 0 }, 937 { MAXWELL_FAULT_BUFFER_A, 0 }, 938 {} 939 }; 940 struct nouveau_svm *svm; 941 int ret; 942 943 /* Disable on Volta and newer until channel recovery is fixed, 944 * otherwise clients will have a trivial way to trash the GPU 945 * for everyone. 946 */ 947 if (drm->client.device.info.family > NV_DEVICE_INFO_V0_PASCAL) 948 return; 949 950 if (!(drm->svm = svm = kzalloc(sizeof(*drm->svm), GFP_KERNEL))) 951 return; 952 953 drm->svm->drm = drm; 954 mutex_init(&drm->svm->mutex); 955 INIT_LIST_HEAD(&drm->svm->inst); 956 957 ret = nvif_mclass(&drm->client.device.object, buffers); 958 if (ret < 0) { 959 SVM_DBG(svm, "No supported fault buffer class"); 960 nouveau_svm_fini(drm); 961 return; 962 } 963 964 ret = nouveau_svm_fault_buffer_ctor(svm, buffers[ret].oclass, 0); 965 if (ret) { 966 nouveau_svm_fini(drm); 967 return; 968 } 969 970 SVM_DBG(svm, "Initialised"); 971 } 972