1 /************************************************************************** 2 * 3 * Copyright © 2009 VMware, Inc., Palo Alto, CA., USA 4 * All Rights Reserved. 5 * 6 * Permission is hereby granted, free of charge, to any person obtaining a 7 * copy of this software and associated documentation files (the 8 * "Software"), to deal in the Software without restriction, including 9 * without limitation the rights to use, copy, modify, merge, publish, 10 * distribute, sub license, and/or sell copies of the Software, and to 11 * permit persons to whom the Software is furnished to do so, subject to 12 * the following conditions: 13 * 14 * The above copyright notice and this permission notice (including the 15 * next paragraph) shall be included in all copies or substantial portions 16 * of the Software. 17 * 18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 20 * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL 21 * THE COPYRIGHT HOLDERS, AUTHORS AND/OR ITS SUPPLIERS BE LIABLE FOR ANY CLAIM, 22 * DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR 23 * OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE 24 * USE OR OTHER DEALINGS IN THE SOFTWARE. 25 * 26 **************************************************************************/ 27 28 #include "vmwgfx_drv.h" 29 #include "vmwgfx_reg.h" 30 #include <drm/ttm/ttm_bo_api.h> 31 #include <drm/ttm/ttm_placement.h> 32 33 #define VMW_RES_HT_ORDER 12 34 35 /** 36 * struct vmw_resource_relocation - Relocation info for resources 37 * 38 * @head: List head for the software context's relocation list. 39 * @res: Non-ref-counted pointer to the resource. 40 * @offset: Offset of 4 byte entries into the command buffer where the 41 * id that needs fixup is located. 42 */ 43 struct vmw_resource_relocation { 44 struct list_head head; 45 const struct vmw_resource *res; 46 unsigned long offset; 47 }; 48 49 /** 50 * struct vmw_resource_val_node - Validation info for resources 51 * 52 * @head: List head for the software context's resource list. 53 * @hash: Hash entry for quick resouce to val_node lookup. 54 * @res: Ref-counted pointer to the resource. 55 * @switch_backup: Boolean whether to switch backup buffer on unreserve. 56 * @new_backup: Refcounted pointer to the new backup buffer. 57 * @staged_bindings: If @res is a context, tracks bindings set up during 58 * the command batch. Otherwise NULL. 59 * @new_backup_offset: New backup buffer offset if @new_backup is non-NUll. 60 * @first_usage: Set to true the first time the resource is referenced in 61 * the command stream. 62 * @no_buffer_needed: Resources do not need to allocate buffer backup on 63 * reservation. The command stream will provide one. 64 */ 65 struct vmw_resource_val_node { 66 struct list_head head; 67 struct drm_hash_item hash; 68 struct vmw_resource *res; 69 struct vmw_dma_buffer *new_backup; 70 struct vmw_ctx_binding_state *staged_bindings; 71 unsigned long new_backup_offset; 72 bool first_usage; 73 bool no_buffer_needed; 74 }; 75 76 /** 77 * struct vmw_cmd_entry - Describe a command for the verifier 78 * 79 * @user_allow: Whether allowed from the execbuf ioctl. 80 * @gb_disable: Whether disabled if guest-backed objects are available. 81 * @gb_enable: Whether enabled iff guest-backed objects are available. 82 */ 83 struct vmw_cmd_entry { 84 int (*func) (struct vmw_private *, struct vmw_sw_context *, 85 SVGA3dCmdHeader *); 86 bool user_allow; 87 bool gb_disable; 88 bool gb_enable; 89 }; 90 91 #define VMW_CMD_DEF(_cmd, _func, _user_allow, _gb_disable, _gb_enable) \ 92 [(_cmd) - SVGA_3D_CMD_BASE] = {(_func), (_user_allow),\ 93 (_gb_disable), (_gb_enable)} 94 95 /** 96 * vmw_resource_unreserve - unreserve resources previously reserved for 97 * command submission. 98 * 99 * @list_head: list of resources to unreserve. 100 * @backoff: Whether command submission failed. 101 */ 102 static void vmw_resource_list_unreserve(struct list_head *list, 103 bool backoff) 104 { 105 struct vmw_resource_val_node *val; 106 107 list_for_each_entry(val, list, head) { 108 struct vmw_resource *res = val->res; 109 struct vmw_dma_buffer *new_backup = 110 backoff ? NULL : val->new_backup; 111 112 /* 113 * Transfer staged context bindings to the 114 * persistent context binding tracker. 115 */ 116 if (unlikely(val->staged_bindings)) { 117 if (!backoff) { 118 vmw_context_binding_state_transfer 119 (val->res, val->staged_bindings); 120 } 121 kfree(val->staged_bindings); 122 val->staged_bindings = NULL; 123 } 124 vmw_resource_unreserve(res, new_backup, 125 val->new_backup_offset); 126 vmw_dmabuf_unreference(&val->new_backup); 127 } 128 } 129 130 131 /** 132 * vmw_resource_val_add - Add a resource to the software context's 133 * resource list if it's not already on it. 134 * 135 * @sw_context: Pointer to the software context. 136 * @res: Pointer to the resource. 137 * @p_node On successful return points to a valid pointer to a 138 * struct vmw_resource_val_node, if non-NULL on entry. 139 */ 140 static int vmw_resource_val_add(struct vmw_sw_context *sw_context, 141 struct vmw_resource *res, 142 struct vmw_resource_val_node **p_node) 143 { 144 struct vmw_resource_val_node *node; 145 struct drm_hash_item *hash; 146 int ret; 147 148 if (likely(drm_ht_find_item(&sw_context->res_ht, (unsigned long) res, 149 &hash) == 0)) { 150 node = container_of(hash, struct vmw_resource_val_node, hash); 151 node->first_usage = false; 152 if (unlikely(p_node != NULL)) 153 *p_node = node; 154 return 0; 155 } 156 157 node = kzalloc(sizeof(*node), GFP_KERNEL); 158 if (unlikely(node == NULL)) { 159 DRM_ERROR("Failed to allocate a resource validation " 160 "entry.\n"); 161 return -ENOMEM; 162 } 163 164 node->hash.key = (unsigned long) res; 165 ret = drm_ht_insert_item(&sw_context->res_ht, &node->hash); 166 if (unlikely(ret != 0)) { 167 DRM_ERROR("Failed to initialize a resource validation " 168 "entry.\n"); 169 kfree(node); 170 return ret; 171 } 172 list_add_tail(&node->head, &sw_context->resource_list); 173 node->res = vmw_resource_reference(res); 174 node->first_usage = true; 175 176 if (unlikely(p_node != NULL)) 177 *p_node = node; 178 179 return 0; 180 } 181 182 /** 183 * vmw_resource_context_res_add - Put resources previously bound to a context on 184 * the validation list 185 * 186 * @dev_priv: Pointer to a device private structure 187 * @sw_context: Pointer to a software context used for this command submission 188 * @ctx: Pointer to the context resource 189 * 190 * This function puts all resources that were previously bound to @ctx on 191 * the resource validation list. This is part of the context state reemission 192 */ 193 static int vmw_resource_context_res_add(struct vmw_private *dev_priv, 194 struct vmw_sw_context *sw_context, 195 struct vmw_resource *ctx) 196 { 197 struct list_head *binding_list; 198 struct vmw_ctx_binding *entry; 199 int ret = 0; 200 struct vmw_resource *res; 201 202 mutex_lock(&dev_priv->binding_mutex); 203 binding_list = vmw_context_binding_list(ctx); 204 205 list_for_each_entry(entry, binding_list, ctx_list) { 206 res = vmw_resource_reference_unless_doomed(entry->bi.res); 207 if (unlikely(res == NULL)) 208 continue; 209 210 ret = vmw_resource_val_add(sw_context, entry->bi.res, NULL); 211 vmw_resource_unreference(&res); 212 if (unlikely(ret != 0)) 213 break; 214 } 215 216 mutex_unlock(&dev_priv->binding_mutex); 217 return ret; 218 } 219 220 /** 221 * vmw_resource_relocation_add - Add a relocation to the relocation list 222 * 223 * @list: Pointer to head of relocation list. 224 * @res: The resource. 225 * @offset: Offset into the command buffer currently being parsed where the 226 * id that needs fixup is located. Granularity is 4 bytes. 227 */ 228 static int vmw_resource_relocation_add(struct list_head *list, 229 const struct vmw_resource *res, 230 unsigned long offset) 231 { 232 struct vmw_resource_relocation *rel; 233 234 rel = kmalloc(sizeof(*rel), GFP_KERNEL); 235 if (unlikely(rel == NULL)) { 236 DRM_ERROR("Failed to allocate a resource relocation.\n"); 237 return -ENOMEM; 238 } 239 240 rel->res = res; 241 rel->offset = offset; 242 list_add_tail(&rel->head, list); 243 244 return 0; 245 } 246 247 /** 248 * vmw_resource_relocations_free - Free all relocations on a list 249 * 250 * @list: Pointer to the head of the relocation list. 251 */ 252 static void vmw_resource_relocations_free(struct list_head *list) 253 { 254 struct vmw_resource_relocation *rel, *n; 255 256 list_for_each_entry_safe(rel, n, list, head) { 257 list_del(&rel->head); 258 kfree(rel); 259 } 260 } 261 262 /** 263 * vmw_resource_relocations_apply - Apply all relocations on a list 264 * 265 * @cb: Pointer to the start of the command buffer bein patch. This need 266 * not be the same buffer as the one being parsed when the relocation 267 * list was built, but the contents must be the same modulo the 268 * resource ids. 269 * @list: Pointer to the head of the relocation list. 270 */ 271 static void vmw_resource_relocations_apply(uint32_t *cb, 272 struct list_head *list) 273 { 274 struct vmw_resource_relocation *rel; 275 276 list_for_each_entry(rel, list, head) { 277 if (likely(rel->res != NULL)) 278 cb[rel->offset] = rel->res->id; 279 else 280 cb[rel->offset] = SVGA_3D_CMD_NOP; 281 } 282 } 283 284 static int vmw_cmd_invalid(struct vmw_private *dev_priv, 285 struct vmw_sw_context *sw_context, 286 SVGA3dCmdHeader *header) 287 { 288 return capable(CAP_SYS_ADMIN) ? : -EINVAL; 289 } 290 291 static int vmw_cmd_ok(struct vmw_private *dev_priv, 292 struct vmw_sw_context *sw_context, 293 SVGA3dCmdHeader *header) 294 { 295 return 0; 296 } 297 298 /** 299 * vmw_bo_to_validate_list - add a bo to a validate list 300 * 301 * @sw_context: The software context used for this command submission batch. 302 * @bo: The buffer object to add. 303 * @validate_as_mob: Validate this buffer as a MOB. 304 * @p_val_node: If non-NULL Will be updated with the validate node number 305 * on return. 306 * 307 * Returns -EINVAL if the limit of number of buffer objects per command 308 * submission is reached. 309 */ 310 static int vmw_bo_to_validate_list(struct vmw_sw_context *sw_context, 311 struct ttm_buffer_object *bo, 312 bool validate_as_mob, 313 uint32_t *p_val_node) 314 { 315 uint32_t val_node; 316 struct vmw_validate_buffer *vval_buf; 317 struct ttm_validate_buffer *val_buf; 318 struct drm_hash_item *hash; 319 int ret; 320 321 if (likely(drm_ht_find_item(&sw_context->res_ht, (unsigned long) bo, 322 &hash) == 0)) { 323 vval_buf = container_of(hash, struct vmw_validate_buffer, 324 hash); 325 if (unlikely(vval_buf->validate_as_mob != validate_as_mob)) { 326 DRM_ERROR("Inconsistent buffer usage.\n"); 327 return -EINVAL; 328 } 329 val_buf = &vval_buf->base; 330 val_node = vval_buf - sw_context->val_bufs; 331 } else { 332 val_node = sw_context->cur_val_buf; 333 if (unlikely(val_node >= VMWGFX_MAX_VALIDATIONS)) { 334 DRM_ERROR("Max number of DMA buffers per submission " 335 "exceeded.\n"); 336 return -EINVAL; 337 } 338 vval_buf = &sw_context->val_bufs[val_node]; 339 vval_buf->hash.key = (unsigned long) bo; 340 ret = drm_ht_insert_item(&sw_context->res_ht, &vval_buf->hash); 341 if (unlikely(ret != 0)) { 342 DRM_ERROR("Failed to initialize a buffer validation " 343 "entry.\n"); 344 return ret; 345 } 346 ++sw_context->cur_val_buf; 347 val_buf = &vval_buf->base; 348 val_buf->bo = ttm_bo_reference(bo); 349 val_buf->shared = false; 350 list_add_tail(&val_buf->head, &sw_context->validate_nodes); 351 vval_buf->validate_as_mob = validate_as_mob; 352 } 353 354 if (p_val_node) 355 *p_val_node = val_node; 356 357 return 0; 358 } 359 360 /** 361 * vmw_resources_reserve - Reserve all resources on the sw_context's 362 * resource list. 363 * 364 * @sw_context: Pointer to the software context. 365 * 366 * Note that since vmware's command submission currently is protected by 367 * the cmdbuf mutex, no fancy deadlock avoidance is required for resources, 368 * since only a single thread at once will attempt this. 369 */ 370 static int vmw_resources_reserve(struct vmw_sw_context *sw_context) 371 { 372 struct vmw_resource_val_node *val; 373 int ret; 374 375 list_for_each_entry(val, &sw_context->resource_list, head) { 376 struct vmw_resource *res = val->res; 377 378 ret = vmw_resource_reserve(res, val->no_buffer_needed); 379 if (unlikely(ret != 0)) 380 return ret; 381 382 if (res->backup) { 383 struct ttm_buffer_object *bo = &res->backup->base; 384 385 ret = vmw_bo_to_validate_list 386 (sw_context, bo, 387 vmw_resource_needs_backup(res), NULL); 388 389 if (unlikely(ret != 0)) 390 return ret; 391 } 392 } 393 return 0; 394 } 395 396 /** 397 * vmw_resources_validate - Validate all resources on the sw_context's 398 * resource list. 399 * 400 * @sw_context: Pointer to the software context. 401 * 402 * Before this function is called, all resource backup buffers must have 403 * been validated. 404 */ 405 static int vmw_resources_validate(struct vmw_sw_context *sw_context) 406 { 407 struct vmw_resource_val_node *val; 408 int ret; 409 410 list_for_each_entry(val, &sw_context->resource_list, head) { 411 struct vmw_resource *res = val->res; 412 413 ret = vmw_resource_validate(res); 414 if (unlikely(ret != 0)) { 415 if (ret != -ERESTARTSYS) 416 DRM_ERROR("Failed to validate resource.\n"); 417 return ret; 418 } 419 } 420 return 0; 421 } 422 423 424 /** 425 * vmw_cmd_res_reloc_add - Add a resource to a software context's 426 * relocation- and validation lists. 427 * 428 * @dev_priv: Pointer to a struct vmw_private identifying the device. 429 * @sw_context: Pointer to the software context. 430 * @res_type: Resource type. 431 * @id_loc: Pointer to where the id that needs translation is located. 432 * @res: Valid pointer to a struct vmw_resource. 433 * @p_val: If non null, a pointer to the struct vmw_resource_validate_node 434 * used for this resource is returned here. 435 */ 436 static int vmw_cmd_res_reloc_add(struct vmw_private *dev_priv, 437 struct vmw_sw_context *sw_context, 438 enum vmw_res_type res_type, 439 uint32_t *id_loc, 440 struct vmw_resource *res, 441 struct vmw_resource_val_node **p_val) 442 { 443 int ret; 444 struct vmw_resource_val_node *node; 445 446 *p_val = NULL; 447 ret = vmw_resource_relocation_add(&sw_context->res_relocations, 448 res, 449 id_loc - sw_context->buf_start); 450 if (unlikely(ret != 0)) 451 return ret; 452 453 ret = vmw_resource_val_add(sw_context, res, &node); 454 if (unlikely(ret != 0)) 455 return ret; 456 457 if (res_type == vmw_res_context && dev_priv->has_mob && 458 node->first_usage) { 459 460 /* 461 * Put contexts first on the list to be able to exit 462 * list traversal for contexts early. 463 */ 464 list_del(&node->head); 465 list_add(&node->head, &sw_context->resource_list); 466 467 ret = vmw_resource_context_res_add(dev_priv, sw_context, res); 468 if (unlikely(ret != 0)) 469 return ret; 470 node->staged_bindings = 471 kzalloc(sizeof(*node->staged_bindings), GFP_KERNEL); 472 if (node->staged_bindings == NULL) { 473 DRM_ERROR("Failed to allocate context binding " 474 "information.\n"); 475 return -ENOMEM; 476 } 477 INIT_LIST_HEAD(&node->staged_bindings->list); 478 } 479 480 if (p_val) 481 *p_val = node; 482 483 return 0; 484 } 485 486 487 /** 488 * vmw_cmd_res_check - Check that a resource is present and if so, put it 489 * on the resource validate list unless it's already there. 490 * 491 * @dev_priv: Pointer to a device private structure. 492 * @sw_context: Pointer to the software context. 493 * @res_type: Resource type. 494 * @converter: User-space visisble type specific information. 495 * @id_loc: Pointer to the location in the command buffer currently being 496 * parsed from where the user-space resource id handle is located. 497 * @p_val: Pointer to pointer to resource validalidation node. Populated 498 * on exit. 499 */ 500 static int 501 vmw_cmd_res_check(struct vmw_private *dev_priv, 502 struct vmw_sw_context *sw_context, 503 enum vmw_res_type res_type, 504 const struct vmw_user_resource_conv *converter, 505 uint32_t *id_loc, 506 struct vmw_resource_val_node **p_val) 507 { 508 struct vmw_res_cache_entry *rcache = 509 &sw_context->res_cache[res_type]; 510 struct vmw_resource *res; 511 struct vmw_resource_val_node *node; 512 int ret; 513 514 if (*id_loc == SVGA3D_INVALID_ID) { 515 if (p_val) 516 *p_val = NULL; 517 if (res_type == vmw_res_context) { 518 DRM_ERROR("Illegal context invalid id.\n"); 519 return -EINVAL; 520 } 521 return 0; 522 } 523 524 /* 525 * Fastpath in case of repeated commands referencing the same 526 * resource 527 */ 528 529 if (likely(rcache->valid && *id_loc == rcache->handle)) { 530 const struct vmw_resource *res = rcache->res; 531 532 rcache->node->first_usage = false; 533 if (p_val) 534 *p_val = rcache->node; 535 536 return vmw_resource_relocation_add 537 (&sw_context->res_relocations, res, 538 id_loc - sw_context->buf_start); 539 } 540 541 ret = vmw_user_resource_lookup_handle(dev_priv, 542 sw_context->fp->tfile, 543 *id_loc, 544 converter, 545 &res); 546 if (unlikely(ret != 0)) { 547 DRM_ERROR("Could not find or use resource 0x%08x.\n", 548 (unsigned) *id_loc); 549 dump_stack(); 550 return ret; 551 } 552 553 rcache->valid = true; 554 rcache->res = res; 555 rcache->handle = *id_loc; 556 557 ret = vmw_cmd_res_reloc_add(dev_priv, sw_context, res_type, id_loc, 558 res, &node); 559 if (unlikely(ret != 0)) 560 goto out_no_reloc; 561 562 rcache->node = node; 563 if (p_val) 564 *p_val = node; 565 vmw_resource_unreference(&res); 566 return 0; 567 568 out_no_reloc: 569 BUG_ON(sw_context->error_resource != NULL); 570 sw_context->error_resource = res; 571 572 return ret; 573 } 574 575 /** 576 * vmw_rebind_contexts - Rebind all resources previously bound to 577 * referenced contexts. 578 * 579 * @sw_context: Pointer to the software context. 580 * 581 * Rebind context binding points that have been scrubbed because of eviction. 582 */ 583 static int vmw_rebind_contexts(struct vmw_sw_context *sw_context) 584 { 585 struct vmw_resource_val_node *val; 586 int ret; 587 588 list_for_each_entry(val, &sw_context->resource_list, head) { 589 if (unlikely(!val->staged_bindings)) 590 break; 591 592 ret = vmw_context_rebind_all(val->res); 593 if (unlikely(ret != 0)) { 594 if (ret != -ERESTARTSYS) 595 DRM_ERROR("Failed to rebind context.\n"); 596 return ret; 597 } 598 } 599 600 return 0; 601 } 602 603 /** 604 * vmw_cmd_cid_check - Check a command header for valid context information. 605 * 606 * @dev_priv: Pointer to a device private structure. 607 * @sw_context: Pointer to the software context. 608 * @header: A command header with an embedded user-space context handle. 609 * 610 * Convenience function: Call vmw_cmd_res_check with the user-space context 611 * handle embedded in @header. 612 */ 613 static int vmw_cmd_cid_check(struct vmw_private *dev_priv, 614 struct vmw_sw_context *sw_context, 615 SVGA3dCmdHeader *header) 616 { 617 struct vmw_cid_cmd { 618 SVGA3dCmdHeader header; 619 uint32_t cid; 620 } *cmd; 621 622 cmd = container_of(header, struct vmw_cid_cmd, header); 623 return vmw_cmd_res_check(dev_priv, sw_context, vmw_res_context, 624 user_context_converter, &cmd->cid, NULL); 625 } 626 627 static int vmw_cmd_set_render_target_check(struct vmw_private *dev_priv, 628 struct vmw_sw_context *sw_context, 629 SVGA3dCmdHeader *header) 630 { 631 struct vmw_sid_cmd { 632 SVGA3dCmdHeader header; 633 SVGA3dCmdSetRenderTarget body; 634 } *cmd; 635 struct vmw_resource_val_node *ctx_node; 636 struct vmw_resource_val_node *res_node; 637 int ret; 638 639 cmd = container_of(header, struct vmw_sid_cmd, header); 640 641 ret = vmw_cmd_res_check(dev_priv, sw_context, vmw_res_context, 642 user_context_converter, &cmd->body.cid, 643 &ctx_node); 644 if (unlikely(ret != 0)) 645 return ret; 646 647 ret = vmw_cmd_res_check(dev_priv, sw_context, vmw_res_surface, 648 user_surface_converter, 649 &cmd->body.target.sid, &res_node); 650 if (unlikely(ret != 0)) 651 return ret; 652 653 if (dev_priv->has_mob) { 654 struct vmw_ctx_bindinfo bi; 655 656 bi.ctx = ctx_node->res; 657 bi.res = res_node ? res_node->res : NULL; 658 bi.bt = vmw_ctx_binding_rt; 659 bi.i1.rt_type = cmd->body.type; 660 return vmw_context_binding_add(ctx_node->staged_bindings, &bi); 661 } 662 663 return 0; 664 } 665 666 static int vmw_cmd_surface_copy_check(struct vmw_private *dev_priv, 667 struct vmw_sw_context *sw_context, 668 SVGA3dCmdHeader *header) 669 { 670 struct vmw_sid_cmd { 671 SVGA3dCmdHeader header; 672 SVGA3dCmdSurfaceCopy body; 673 } *cmd; 674 int ret; 675 676 cmd = container_of(header, struct vmw_sid_cmd, header); 677 ret = vmw_cmd_res_check(dev_priv, sw_context, vmw_res_surface, 678 user_surface_converter, 679 &cmd->body.src.sid, NULL); 680 if (unlikely(ret != 0)) 681 return ret; 682 return vmw_cmd_res_check(dev_priv, sw_context, vmw_res_surface, 683 user_surface_converter, 684 &cmd->body.dest.sid, NULL); 685 } 686 687 static int vmw_cmd_stretch_blt_check(struct vmw_private *dev_priv, 688 struct vmw_sw_context *sw_context, 689 SVGA3dCmdHeader *header) 690 { 691 struct vmw_sid_cmd { 692 SVGA3dCmdHeader header; 693 SVGA3dCmdSurfaceStretchBlt body; 694 } *cmd; 695 int ret; 696 697 cmd = container_of(header, struct vmw_sid_cmd, header); 698 ret = vmw_cmd_res_check(dev_priv, sw_context, vmw_res_surface, 699 user_surface_converter, 700 &cmd->body.src.sid, NULL); 701 if (unlikely(ret != 0)) 702 return ret; 703 return vmw_cmd_res_check(dev_priv, sw_context, vmw_res_surface, 704 user_surface_converter, 705 &cmd->body.dest.sid, NULL); 706 } 707 708 static int vmw_cmd_blt_surf_screen_check(struct vmw_private *dev_priv, 709 struct vmw_sw_context *sw_context, 710 SVGA3dCmdHeader *header) 711 { 712 struct vmw_sid_cmd { 713 SVGA3dCmdHeader header; 714 SVGA3dCmdBlitSurfaceToScreen body; 715 } *cmd; 716 717 cmd = container_of(header, struct vmw_sid_cmd, header); 718 719 return vmw_cmd_res_check(dev_priv, sw_context, vmw_res_surface, 720 user_surface_converter, 721 &cmd->body.srcImage.sid, NULL); 722 } 723 724 static int vmw_cmd_present_check(struct vmw_private *dev_priv, 725 struct vmw_sw_context *sw_context, 726 SVGA3dCmdHeader *header) 727 { 728 struct vmw_sid_cmd { 729 SVGA3dCmdHeader header; 730 SVGA3dCmdPresent body; 731 } *cmd; 732 733 734 cmd = container_of(header, struct vmw_sid_cmd, header); 735 736 return vmw_cmd_res_check(dev_priv, sw_context, vmw_res_surface, 737 user_surface_converter, &cmd->body.sid, 738 NULL); 739 } 740 741 /** 742 * vmw_query_bo_switch_prepare - Prepare to switch pinned buffer for queries. 743 * 744 * @dev_priv: The device private structure. 745 * @new_query_bo: The new buffer holding query results. 746 * @sw_context: The software context used for this command submission. 747 * 748 * This function checks whether @new_query_bo is suitable for holding 749 * query results, and if another buffer currently is pinned for query 750 * results. If so, the function prepares the state of @sw_context for 751 * switching pinned buffers after successful submission of the current 752 * command batch. 753 */ 754 static int vmw_query_bo_switch_prepare(struct vmw_private *dev_priv, 755 struct ttm_buffer_object *new_query_bo, 756 struct vmw_sw_context *sw_context) 757 { 758 struct vmw_res_cache_entry *ctx_entry = 759 &sw_context->res_cache[vmw_res_context]; 760 int ret; 761 762 BUG_ON(!ctx_entry->valid); 763 sw_context->last_query_ctx = ctx_entry->res; 764 765 if (unlikely(new_query_bo != sw_context->cur_query_bo)) { 766 767 if (unlikely(new_query_bo->num_pages > 4)) { 768 DRM_ERROR("Query buffer too large.\n"); 769 return -EINVAL; 770 } 771 772 if (unlikely(sw_context->cur_query_bo != NULL)) { 773 sw_context->needs_post_query_barrier = true; 774 ret = vmw_bo_to_validate_list(sw_context, 775 sw_context->cur_query_bo, 776 dev_priv->has_mob, NULL); 777 if (unlikely(ret != 0)) 778 return ret; 779 } 780 sw_context->cur_query_bo = new_query_bo; 781 782 ret = vmw_bo_to_validate_list(sw_context, 783 dev_priv->dummy_query_bo, 784 dev_priv->has_mob, NULL); 785 if (unlikely(ret != 0)) 786 return ret; 787 788 } 789 790 return 0; 791 } 792 793 794 /** 795 * vmw_query_bo_switch_commit - Finalize switching pinned query buffer 796 * 797 * @dev_priv: The device private structure. 798 * @sw_context: The software context used for this command submission batch. 799 * 800 * This function will check if we're switching query buffers, and will then, 801 * issue a dummy occlusion query wait used as a query barrier. When the fence 802 * object following that query wait has signaled, we are sure that all 803 * preceding queries have finished, and the old query buffer can be unpinned. 804 * However, since both the new query buffer and the old one are fenced with 805 * that fence, we can do an asynchronus unpin now, and be sure that the 806 * old query buffer won't be moved until the fence has signaled. 807 * 808 * As mentioned above, both the new - and old query buffers need to be fenced 809 * using a sequence emitted *after* calling this function. 810 */ 811 static void vmw_query_bo_switch_commit(struct vmw_private *dev_priv, 812 struct vmw_sw_context *sw_context) 813 { 814 /* 815 * The validate list should still hold references to all 816 * contexts here. 817 */ 818 819 if (sw_context->needs_post_query_barrier) { 820 struct vmw_res_cache_entry *ctx_entry = 821 &sw_context->res_cache[vmw_res_context]; 822 struct vmw_resource *ctx; 823 int ret; 824 825 BUG_ON(!ctx_entry->valid); 826 ctx = ctx_entry->res; 827 828 ret = vmw_fifo_emit_dummy_query(dev_priv, ctx->id); 829 830 if (unlikely(ret != 0)) 831 DRM_ERROR("Out of fifo space for dummy query.\n"); 832 } 833 834 if (dev_priv->pinned_bo != sw_context->cur_query_bo) { 835 if (dev_priv->pinned_bo) { 836 vmw_bo_pin(dev_priv->pinned_bo, false); 837 ttm_bo_unref(&dev_priv->pinned_bo); 838 } 839 840 if (!sw_context->needs_post_query_barrier) { 841 vmw_bo_pin(sw_context->cur_query_bo, true); 842 843 /* 844 * We pin also the dummy_query_bo buffer so that we 845 * don't need to validate it when emitting 846 * dummy queries in context destroy paths. 847 */ 848 849 vmw_bo_pin(dev_priv->dummy_query_bo, true); 850 dev_priv->dummy_query_bo_pinned = true; 851 852 BUG_ON(sw_context->last_query_ctx == NULL); 853 dev_priv->query_cid = sw_context->last_query_ctx->id; 854 dev_priv->query_cid_valid = true; 855 dev_priv->pinned_bo = 856 ttm_bo_reference(sw_context->cur_query_bo); 857 } 858 } 859 } 860 861 /** 862 * vmw_translate_mob_pointer - Prepare to translate a user-space buffer 863 * handle to a MOB id. 864 * 865 * @dev_priv: Pointer to a device private structure. 866 * @sw_context: The software context used for this command batch validation. 867 * @id: Pointer to the user-space handle to be translated. 868 * @vmw_bo_p: Points to a location that, on successful return will carry 869 * a reference-counted pointer to the DMA buffer identified by the 870 * user-space handle in @id. 871 * 872 * This function saves information needed to translate a user-space buffer 873 * handle to a MOB id. The translation does not take place immediately, but 874 * during a call to vmw_apply_relocations(). This function builds a relocation 875 * list and a list of buffers to validate. The former needs to be freed using 876 * either vmw_apply_relocations() or vmw_free_relocations(). The latter 877 * needs to be freed using vmw_clear_validations. 878 */ 879 static int vmw_translate_mob_ptr(struct vmw_private *dev_priv, 880 struct vmw_sw_context *sw_context, 881 SVGAMobId *id, 882 struct vmw_dma_buffer **vmw_bo_p) 883 { 884 struct vmw_dma_buffer *vmw_bo = NULL; 885 struct ttm_buffer_object *bo; 886 uint32_t handle = *id; 887 struct vmw_relocation *reloc; 888 int ret; 889 890 ret = vmw_user_dmabuf_lookup(sw_context->fp->tfile, handle, &vmw_bo); 891 if (unlikely(ret != 0)) { 892 DRM_ERROR("Could not find or use MOB buffer.\n"); 893 return -EINVAL; 894 } 895 bo = &vmw_bo->base; 896 897 if (unlikely(sw_context->cur_reloc >= VMWGFX_MAX_RELOCATIONS)) { 898 DRM_ERROR("Max number relocations per submission" 899 " exceeded\n"); 900 ret = -EINVAL; 901 goto out_no_reloc; 902 } 903 904 reloc = &sw_context->relocs[sw_context->cur_reloc++]; 905 reloc->mob_loc = id; 906 reloc->location = NULL; 907 908 ret = vmw_bo_to_validate_list(sw_context, bo, true, &reloc->index); 909 if (unlikely(ret != 0)) 910 goto out_no_reloc; 911 912 *vmw_bo_p = vmw_bo; 913 return 0; 914 915 out_no_reloc: 916 vmw_dmabuf_unreference(&vmw_bo); 917 vmw_bo_p = NULL; 918 return ret; 919 } 920 921 /** 922 * vmw_translate_guest_pointer - Prepare to translate a user-space buffer 923 * handle to a valid SVGAGuestPtr 924 * 925 * @dev_priv: Pointer to a device private structure. 926 * @sw_context: The software context used for this command batch validation. 927 * @ptr: Pointer to the user-space handle to be translated. 928 * @vmw_bo_p: Points to a location that, on successful return will carry 929 * a reference-counted pointer to the DMA buffer identified by the 930 * user-space handle in @id. 931 * 932 * This function saves information needed to translate a user-space buffer 933 * handle to a valid SVGAGuestPtr. The translation does not take place 934 * immediately, but during a call to vmw_apply_relocations(). 935 * This function builds a relocation list and a list of buffers to validate. 936 * The former needs to be freed using either vmw_apply_relocations() or 937 * vmw_free_relocations(). The latter needs to be freed using 938 * vmw_clear_validations. 939 */ 940 static int vmw_translate_guest_ptr(struct vmw_private *dev_priv, 941 struct vmw_sw_context *sw_context, 942 SVGAGuestPtr *ptr, 943 struct vmw_dma_buffer **vmw_bo_p) 944 { 945 struct vmw_dma_buffer *vmw_bo = NULL; 946 struct ttm_buffer_object *bo; 947 uint32_t handle = ptr->gmrId; 948 struct vmw_relocation *reloc; 949 int ret; 950 951 ret = vmw_user_dmabuf_lookup(sw_context->fp->tfile, handle, &vmw_bo); 952 if (unlikely(ret != 0)) { 953 DRM_ERROR("Could not find or use GMR region.\n"); 954 return -EINVAL; 955 } 956 bo = &vmw_bo->base; 957 958 if (unlikely(sw_context->cur_reloc >= VMWGFX_MAX_RELOCATIONS)) { 959 DRM_ERROR("Max number relocations per submission" 960 " exceeded\n"); 961 ret = -EINVAL; 962 goto out_no_reloc; 963 } 964 965 reloc = &sw_context->relocs[sw_context->cur_reloc++]; 966 reloc->location = ptr; 967 968 ret = vmw_bo_to_validate_list(sw_context, bo, false, &reloc->index); 969 if (unlikely(ret != 0)) 970 goto out_no_reloc; 971 972 *vmw_bo_p = vmw_bo; 973 return 0; 974 975 out_no_reloc: 976 vmw_dmabuf_unreference(&vmw_bo); 977 vmw_bo_p = NULL; 978 return ret; 979 } 980 981 /** 982 * vmw_cmd_begin_gb_query - validate a SVGA_3D_CMD_BEGIN_GB_QUERY command. 983 * 984 * @dev_priv: Pointer to a device private struct. 985 * @sw_context: The software context used for this command submission. 986 * @header: Pointer to the command header in the command stream. 987 */ 988 static int vmw_cmd_begin_gb_query(struct vmw_private *dev_priv, 989 struct vmw_sw_context *sw_context, 990 SVGA3dCmdHeader *header) 991 { 992 struct vmw_begin_gb_query_cmd { 993 SVGA3dCmdHeader header; 994 SVGA3dCmdBeginGBQuery q; 995 } *cmd; 996 997 cmd = container_of(header, struct vmw_begin_gb_query_cmd, 998 header); 999 1000 return vmw_cmd_res_check(dev_priv, sw_context, vmw_res_context, 1001 user_context_converter, &cmd->q.cid, 1002 NULL); 1003 } 1004 1005 /** 1006 * vmw_cmd_begin_query - validate a SVGA_3D_CMD_BEGIN_QUERY command. 1007 * 1008 * @dev_priv: Pointer to a device private struct. 1009 * @sw_context: The software context used for this command submission. 1010 * @header: Pointer to the command header in the command stream. 1011 */ 1012 static int vmw_cmd_begin_query(struct vmw_private *dev_priv, 1013 struct vmw_sw_context *sw_context, 1014 SVGA3dCmdHeader *header) 1015 { 1016 struct vmw_begin_query_cmd { 1017 SVGA3dCmdHeader header; 1018 SVGA3dCmdBeginQuery q; 1019 } *cmd; 1020 1021 cmd = container_of(header, struct vmw_begin_query_cmd, 1022 header); 1023 1024 if (unlikely(dev_priv->has_mob)) { 1025 struct { 1026 SVGA3dCmdHeader header; 1027 SVGA3dCmdBeginGBQuery q; 1028 } gb_cmd; 1029 1030 BUG_ON(sizeof(gb_cmd) != sizeof(*cmd)); 1031 1032 gb_cmd.header.id = SVGA_3D_CMD_BEGIN_GB_QUERY; 1033 gb_cmd.header.size = cmd->header.size; 1034 gb_cmd.q.cid = cmd->q.cid; 1035 gb_cmd.q.type = cmd->q.type; 1036 1037 memcpy(cmd, &gb_cmd, sizeof(*cmd)); 1038 return vmw_cmd_begin_gb_query(dev_priv, sw_context, header); 1039 } 1040 1041 return vmw_cmd_res_check(dev_priv, sw_context, vmw_res_context, 1042 user_context_converter, &cmd->q.cid, 1043 NULL); 1044 } 1045 1046 /** 1047 * vmw_cmd_end_gb_query - validate a SVGA_3D_CMD_END_GB_QUERY command. 1048 * 1049 * @dev_priv: Pointer to a device private struct. 1050 * @sw_context: The software context used for this command submission. 1051 * @header: Pointer to the command header in the command stream. 1052 */ 1053 static int vmw_cmd_end_gb_query(struct vmw_private *dev_priv, 1054 struct vmw_sw_context *sw_context, 1055 SVGA3dCmdHeader *header) 1056 { 1057 struct vmw_dma_buffer *vmw_bo; 1058 struct vmw_query_cmd { 1059 SVGA3dCmdHeader header; 1060 SVGA3dCmdEndGBQuery q; 1061 } *cmd; 1062 int ret; 1063 1064 cmd = container_of(header, struct vmw_query_cmd, header); 1065 ret = vmw_cmd_cid_check(dev_priv, sw_context, header); 1066 if (unlikely(ret != 0)) 1067 return ret; 1068 1069 ret = vmw_translate_mob_ptr(dev_priv, sw_context, 1070 &cmd->q.mobid, 1071 &vmw_bo); 1072 if (unlikely(ret != 0)) 1073 return ret; 1074 1075 ret = vmw_query_bo_switch_prepare(dev_priv, &vmw_bo->base, sw_context); 1076 1077 vmw_dmabuf_unreference(&vmw_bo); 1078 return ret; 1079 } 1080 1081 /** 1082 * vmw_cmd_end_query - validate a SVGA_3D_CMD_END_QUERY command. 1083 * 1084 * @dev_priv: Pointer to a device private struct. 1085 * @sw_context: The software context used for this command submission. 1086 * @header: Pointer to the command header in the command stream. 1087 */ 1088 static int vmw_cmd_end_query(struct vmw_private *dev_priv, 1089 struct vmw_sw_context *sw_context, 1090 SVGA3dCmdHeader *header) 1091 { 1092 struct vmw_dma_buffer *vmw_bo; 1093 struct vmw_query_cmd { 1094 SVGA3dCmdHeader header; 1095 SVGA3dCmdEndQuery q; 1096 } *cmd; 1097 int ret; 1098 1099 cmd = container_of(header, struct vmw_query_cmd, header); 1100 if (dev_priv->has_mob) { 1101 struct { 1102 SVGA3dCmdHeader header; 1103 SVGA3dCmdEndGBQuery q; 1104 } gb_cmd; 1105 1106 BUG_ON(sizeof(gb_cmd) != sizeof(*cmd)); 1107 1108 gb_cmd.header.id = SVGA_3D_CMD_END_GB_QUERY; 1109 gb_cmd.header.size = cmd->header.size; 1110 gb_cmd.q.cid = cmd->q.cid; 1111 gb_cmd.q.type = cmd->q.type; 1112 gb_cmd.q.mobid = cmd->q.guestResult.gmrId; 1113 gb_cmd.q.offset = cmd->q.guestResult.offset; 1114 1115 memcpy(cmd, &gb_cmd, sizeof(*cmd)); 1116 return vmw_cmd_end_gb_query(dev_priv, sw_context, header); 1117 } 1118 1119 ret = vmw_cmd_cid_check(dev_priv, sw_context, header); 1120 if (unlikely(ret != 0)) 1121 return ret; 1122 1123 ret = vmw_translate_guest_ptr(dev_priv, sw_context, 1124 &cmd->q.guestResult, 1125 &vmw_bo); 1126 if (unlikely(ret != 0)) 1127 return ret; 1128 1129 ret = vmw_query_bo_switch_prepare(dev_priv, &vmw_bo->base, sw_context); 1130 1131 vmw_dmabuf_unreference(&vmw_bo); 1132 return ret; 1133 } 1134 1135 /** 1136 * vmw_cmd_wait_gb_query - validate a SVGA_3D_CMD_WAIT_GB_QUERY command. 1137 * 1138 * @dev_priv: Pointer to a device private struct. 1139 * @sw_context: The software context used for this command submission. 1140 * @header: Pointer to the command header in the command stream. 1141 */ 1142 static int vmw_cmd_wait_gb_query(struct vmw_private *dev_priv, 1143 struct vmw_sw_context *sw_context, 1144 SVGA3dCmdHeader *header) 1145 { 1146 struct vmw_dma_buffer *vmw_bo; 1147 struct vmw_query_cmd { 1148 SVGA3dCmdHeader header; 1149 SVGA3dCmdWaitForGBQuery q; 1150 } *cmd; 1151 int ret; 1152 1153 cmd = container_of(header, struct vmw_query_cmd, header); 1154 ret = vmw_cmd_cid_check(dev_priv, sw_context, header); 1155 if (unlikely(ret != 0)) 1156 return ret; 1157 1158 ret = vmw_translate_mob_ptr(dev_priv, sw_context, 1159 &cmd->q.mobid, 1160 &vmw_bo); 1161 if (unlikely(ret != 0)) 1162 return ret; 1163 1164 vmw_dmabuf_unreference(&vmw_bo); 1165 return 0; 1166 } 1167 1168 /** 1169 * vmw_cmd_wait_query - validate a SVGA_3D_CMD_WAIT_QUERY command. 1170 * 1171 * @dev_priv: Pointer to a device private struct. 1172 * @sw_context: The software context used for this command submission. 1173 * @header: Pointer to the command header in the command stream. 1174 */ 1175 static int vmw_cmd_wait_query(struct vmw_private *dev_priv, 1176 struct vmw_sw_context *sw_context, 1177 SVGA3dCmdHeader *header) 1178 { 1179 struct vmw_dma_buffer *vmw_bo; 1180 struct vmw_query_cmd { 1181 SVGA3dCmdHeader header; 1182 SVGA3dCmdWaitForQuery q; 1183 } *cmd; 1184 int ret; 1185 1186 cmd = container_of(header, struct vmw_query_cmd, header); 1187 if (dev_priv->has_mob) { 1188 struct { 1189 SVGA3dCmdHeader header; 1190 SVGA3dCmdWaitForGBQuery q; 1191 } gb_cmd; 1192 1193 BUG_ON(sizeof(gb_cmd) != sizeof(*cmd)); 1194 1195 gb_cmd.header.id = SVGA_3D_CMD_WAIT_FOR_GB_QUERY; 1196 gb_cmd.header.size = cmd->header.size; 1197 gb_cmd.q.cid = cmd->q.cid; 1198 gb_cmd.q.type = cmd->q.type; 1199 gb_cmd.q.mobid = cmd->q.guestResult.gmrId; 1200 gb_cmd.q.offset = cmd->q.guestResult.offset; 1201 1202 memcpy(cmd, &gb_cmd, sizeof(*cmd)); 1203 return vmw_cmd_wait_gb_query(dev_priv, sw_context, header); 1204 } 1205 1206 ret = vmw_cmd_cid_check(dev_priv, sw_context, header); 1207 if (unlikely(ret != 0)) 1208 return ret; 1209 1210 ret = vmw_translate_guest_ptr(dev_priv, sw_context, 1211 &cmd->q.guestResult, 1212 &vmw_bo); 1213 if (unlikely(ret != 0)) 1214 return ret; 1215 1216 vmw_dmabuf_unreference(&vmw_bo); 1217 return 0; 1218 } 1219 1220 static int vmw_cmd_dma(struct vmw_private *dev_priv, 1221 struct vmw_sw_context *sw_context, 1222 SVGA3dCmdHeader *header) 1223 { 1224 struct vmw_dma_buffer *vmw_bo = NULL; 1225 struct vmw_surface *srf = NULL; 1226 struct vmw_dma_cmd { 1227 SVGA3dCmdHeader header; 1228 SVGA3dCmdSurfaceDMA dma; 1229 } *cmd; 1230 int ret; 1231 SVGA3dCmdSurfaceDMASuffix *suffix; 1232 uint32_t bo_size; 1233 1234 cmd = container_of(header, struct vmw_dma_cmd, header); 1235 suffix = (SVGA3dCmdSurfaceDMASuffix *)((unsigned long) &cmd->dma + 1236 header->size - sizeof(*suffix)); 1237 1238 /* Make sure device and verifier stays in sync. */ 1239 if (unlikely(suffix->suffixSize != sizeof(*suffix))) { 1240 DRM_ERROR("Invalid DMA suffix size.\n"); 1241 return -EINVAL; 1242 } 1243 1244 ret = vmw_translate_guest_ptr(dev_priv, sw_context, 1245 &cmd->dma.guest.ptr, 1246 &vmw_bo); 1247 if (unlikely(ret != 0)) 1248 return ret; 1249 1250 /* Make sure DMA doesn't cross BO boundaries. */ 1251 bo_size = vmw_bo->base.num_pages * PAGE_SIZE; 1252 if (unlikely(cmd->dma.guest.ptr.offset > bo_size)) { 1253 DRM_ERROR("Invalid DMA offset.\n"); 1254 return -EINVAL; 1255 } 1256 1257 bo_size -= cmd->dma.guest.ptr.offset; 1258 if (unlikely(suffix->maximumOffset > bo_size)) 1259 suffix->maximumOffset = bo_size; 1260 1261 ret = vmw_cmd_res_check(dev_priv, sw_context, vmw_res_surface, 1262 user_surface_converter, &cmd->dma.host.sid, 1263 NULL); 1264 if (unlikely(ret != 0)) { 1265 if (unlikely(ret != -ERESTARTSYS)) 1266 DRM_ERROR("could not find surface for DMA.\n"); 1267 goto out_no_surface; 1268 } 1269 1270 srf = vmw_res_to_srf(sw_context->res_cache[vmw_res_surface].res); 1271 1272 vmw_kms_cursor_snoop(srf, sw_context->fp->tfile, &vmw_bo->base, 1273 header); 1274 1275 out_no_surface: 1276 vmw_dmabuf_unreference(&vmw_bo); 1277 return ret; 1278 } 1279 1280 static int vmw_cmd_draw(struct vmw_private *dev_priv, 1281 struct vmw_sw_context *sw_context, 1282 SVGA3dCmdHeader *header) 1283 { 1284 struct vmw_draw_cmd { 1285 SVGA3dCmdHeader header; 1286 SVGA3dCmdDrawPrimitives body; 1287 } *cmd; 1288 SVGA3dVertexDecl *decl = (SVGA3dVertexDecl *)( 1289 (unsigned long)header + sizeof(*cmd)); 1290 SVGA3dPrimitiveRange *range; 1291 uint32_t i; 1292 uint32_t maxnum; 1293 int ret; 1294 1295 ret = vmw_cmd_cid_check(dev_priv, sw_context, header); 1296 if (unlikely(ret != 0)) 1297 return ret; 1298 1299 cmd = container_of(header, struct vmw_draw_cmd, header); 1300 maxnum = (header->size - sizeof(cmd->body)) / sizeof(*decl); 1301 1302 if (unlikely(cmd->body.numVertexDecls > maxnum)) { 1303 DRM_ERROR("Illegal number of vertex declarations.\n"); 1304 return -EINVAL; 1305 } 1306 1307 for (i = 0; i < cmd->body.numVertexDecls; ++i, ++decl) { 1308 ret = vmw_cmd_res_check(dev_priv, sw_context, vmw_res_surface, 1309 user_surface_converter, 1310 &decl->array.surfaceId, NULL); 1311 if (unlikely(ret != 0)) 1312 return ret; 1313 } 1314 1315 maxnum = (header->size - sizeof(cmd->body) - 1316 cmd->body.numVertexDecls * sizeof(*decl)) / sizeof(*range); 1317 if (unlikely(cmd->body.numRanges > maxnum)) { 1318 DRM_ERROR("Illegal number of index ranges.\n"); 1319 return -EINVAL; 1320 } 1321 1322 range = (SVGA3dPrimitiveRange *) decl; 1323 for (i = 0; i < cmd->body.numRanges; ++i, ++range) { 1324 ret = vmw_cmd_res_check(dev_priv, sw_context, vmw_res_surface, 1325 user_surface_converter, 1326 &range->indexArray.surfaceId, NULL); 1327 if (unlikely(ret != 0)) 1328 return ret; 1329 } 1330 return 0; 1331 } 1332 1333 1334 static int vmw_cmd_tex_state(struct vmw_private *dev_priv, 1335 struct vmw_sw_context *sw_context, 1336 SVGA3dCmdHeader *header) 1337 { 1338 struct vmw_tex_state_cmd { 1339 SVGA3dCmdHeader header; 1340 SVGA3dCmdSetTextureState state; 1341 } *cmd; 1342 1343 SVGA3dTextureState *last_state = (SVGA3dTextureState *) 1344 ((unsigned long) header + header->size + sizeof(header)); 1345 SVGA3dTextureState *cur_state = (SVGA3dTextureState *) 1346 ((unsigned long) header + sizeof(struct vmw_tex_state_cmd)); 1347 struct vmw_resource_val_node *ctx_node; 1348 struct vmw_resource_val_node *res_node; 1349 int ret; 1350 1351 cmd = container_of(header, struct vmw_tex_state_cmd, 1352 header); 1353 1354 ret = vmw_cmd_res_check(dev_priv, sw_context, vmw_res_context, 1355 user_context_converter, &cmd->state.cid, 1356 &ctx_node); 1357 if (unlikely(ret != 0)) 1358 return ret; 1359 1360 for (; cur_state < last_state; ++cur_state) { 1361 if (likely(cur_state->name != SVGA3D_TS_BIND_TEXTURE)) 1362 continue; 1363 1364 ret = vmw_cmd_res_check(dev_priv, sw_context, vmw_res_surface, 1365 user_surface_converter, 1366 &cur_state->value, &res_node); 1367 if (unlikely(ret != 0)) 1368 return ret; 1369 1370 if (dev_priv->has_mob) { 1371 struct vmw_ctx_bindinfo bi; 1372 1373 bi.ctx = ctx_node->res; 1374 bi.res = res_node ? res_node->res : NULL; 1375 bi.bt = vmw_ctx_binding_tex; 1376 bi.i1.texture_stage = cur_state->stage; 1377 vmw_context_binding_add(ctx_node->staged_bindings, 1378 &bi); 1379 } 1380 } 1381 1382 return 0; 1383 } 1384 1385 static int vmw_cmd_check_define_gmrfb(struct vmw_private *dev_priv, 1386 struct vmw_sw_context *sw_context, 1387 void *buf) 1388 { 1389 struct vmw_dma_buffer *vmw_bo; 1390 int ret; 1391 1392 struct { 1393 uint32_t header; 1394 SVGAFifoCmdDefineGMRFB body; 1395 } *cmd = buf; 1396 1397 ret = vmw_translate_guest_ptr(dev_priv, sw_context, 1398 &cmd->body.ptr, 1399 &vmw_bo); 1400 if (unlikely(ret != 0)) 1401 return ret; 1402 1403 vmw_dmabuf_unreference(&vmw_bo); 1404 1405 return ret; 1406 } 1407 1408 /** 1409 * vmw_cmd_switch_backup - Utility function to handle backup buffer switching 1410 * 1411 * @dev_priv: Pointer to a device private struct. 1412 * @sw_context: The software context being used for this batch. 1413 * @res_type: The resource type. 1414 * @converter: Information about user-space binding for this resource type. 1415 * @res_id: Pointer to the user-space resource handle in the command stream. 1416 * @buf_id: Pointer to the user-space backup buffer handle in the command 1417 * stream. 1418 * @backup_offset: Offset of backup into MOB. 1419 * 1420 * This function prepares for registering a switch of backup buffers 1421 * in the resource metadata just prior to unreserving. 1422 */ 1423 static int vmw_cmd_switch_backup(struct vmw_private *dev_priv, 1424 struct vmw_sw_context *sw_context, 1425 enum vmw_res_type res_type, 1426 const struct vmw_user_resource_conv 1427 *converter, 1428 uint32_t *res_id, 1429 uint32_t *buf_id, 1430 unsigned long backup_offset) 1431 { 1432 int ret; 1433 struct vmw_dma_buffer *dma_buf; 1434 struct vmw_resource_val_node *val_node; 1435 1436 ret = vmw_cmd_res_check(dev_priv, sw_context, res_type, 1437 converter, res_id, &val_node); 1438 if (unlikely(ret != 0)) 1439 return ret; 1440 1441 ret = vmw_translate_mob_ptr(dev_priv, sw_context, buf_id, &dma_buf); 1442 if (unlikely(ret != 0)) 1443 return ret; 1444 1445 if (val_node->first_usage) 1446 val_node->no_buffer_needed = true; 1447 1448 vmw_dmabuf_unreference(&val_node->new_backup); 1449 val_node->new_backup = dma_buf; 1450 val_node->new_backup_offset = backup_offset; 1451 1452 return 0; 1453 } 1454 1455 /** 1456 * vmw_cmd_bind_gb_surface - Validate an SVGA_3D_CMD_BIND_GB_SURFACE 1457 * command 1458 * 1459 * @dev_priv: Pointer to a device private struct. 1460 * @sw_context: The software context being used for this batch. 1461 * @header: Pointer to the command header in the command stream. 1462 */ 1463 static int vmw_cmd_bind_gb_surface(struct vmw_private *dev_priv, 1464 struct vmw_sw_context *sw_context, 1465 SVGA3dCmdHeader *header) 1466 { 1467 struct vmw_bind_gb_surface_cmd { 1468 SVGA3dCmdHeader header; 1469 SVGA3dCmdBindGBSurface body; 1470 } *cmd; 1471 1472 cmd = container_of(header, struct vmw_bind_gb_surface_cmd, header); 1473 1474 return vmw_cmd_switch_backup(dev_priv, sw_context, vmw_res_surface, 1475 user_surface_converter, 1476 &cmd->body.sid, &cmd->body.mobid, 1477 0); 1478 } 1479 1480 /** 1481 * vmw_cmd_update_gb_image - Validate an SVGA_3D_CMD_UPDATE_GB_IMAGE 1482 * command 1483 * 1484 * @dev_priv: Pointer to a device private struct. 1485 * @sw_context: The software context being used for this batch. 1486 * @header: Pointer to the command header in the command stream. 1487 */ 1488 static int vmw_cmd_update_gb_image(struct vmw_private *dev_priv, 1489 struct vmw_sw_context *sw_context, 1490 SVGA3dCmdHeader *header) 1491 { 1492 struct vmw_gb_surface_cmd { 1493 SVGA3dCmdHeader header; 1494 SVGA3dCmdUpdateGBImage body; 1495 } *cmd; 1496 1497 cmd = container_of(header, struct vmw_gb_surface_cmd, header); 1498 1499 return vmw_cmd_res_check(dev_priv, sw_context, vmw_res_surface, 1500 user_surface_converter, 1501 &cmd->body.image.sid, NULL); 1502 } 1503 1504 /** 1505 * vmw_cmd_update_gb_surface - Validate an SVGA_3D_CMD_UPDATE_GB_SURFACE 1506 * command 1507 * 1508 * @dev_priv: Pointer to a device private struct. 1509 * @sw_context: The software context being used for this batch. 1510 * @header: Pointer to the command header in the command stream. 1511 */ 1512 static int vmw_cmd_update_gb_surface(struct vmw_private *dev_priv, 1513 struct vmw_sw_context *sw_context, 1514 SVGA3dCmdHeader *header) 1515 { 1516 struct vmw_gb_surface_cmd { 1517 SVGA3dCmdHeader header; 1518 SVGA3dCmdUpdateGBSurface body; 1519 } *cmd; 1520 1521 cmd = container_of(header, struct vmw_gb_surface_cmd, header); 1522 1523 return vmw_cmd_res_check(dev_priv, sw_context, vmw_res_surface, 1524 user_surface_converter, 1525 &cmd->body.sid, NULL); 1526 } 1527 1528 /** 1529 * vmw_cmd_readback_gb_image - Validate an SVGA_3D_CMD_READBACK_GB_IMAGE 1530 * command 1531 * 1532 * @dev_priv: Pointer to a device private struct. 1533 * @sw_context: The software context being used for this batch. 1534 * @header: Pointer to the command header in the command stream. 1535 */ 1536 static int vmw_cmd_readback_gb_image(struct vmw_private *dev_priv, 1537 struct vmw_sw_context *sw_context, 1538 SVGA3dCmdHeader *header) 1539 { 1540 struct vmw_gb_surface_cmd { 1541 SVGA3dCmdHeader header; 1542 SVGA3dCmdReadbackGBImage body; 1543 } *cmd; 1544 1545 cmd = container_of(header, struct vmw_gb_surface_cmd, header); 1546 1547 return vmw_cmd_res_check(dev_priv, sw_context, vmw_res_surface, 1548 user_surface_converter, 1549 &cmd->body.image.sid, NULL); 1550 } 1551 1552 /** 1553 * vmw_cmd_readback_gb_surface - Validate an SVGA_3D_CMD_READBACK_GB_SURFACE 1554 * command 1555 * 1556 * @dev_priv: Pointer to a device private struct. 1557 * @sw_context: The software context being used for this batch. 1558 * @header: Pointer to the command header in the command stream. 1559 */ 1560 static int vmw_cmd_readback_gb_surface(struct vmw_private *dev_priv, 1561 struct vmw_sw_context *sw_context, 1562 SVGA3dCmdHeader *header) 1563 { 1564 struct vmw_gb_surface_cmd { 1565 SVGA3dCmdHeader header; 1566 SVGA3dCmdReadbackGBSurface body; 1567 } *cmd; 1568 1569 cmd = container_of(header, struct vmw_gb_surface_cmd, header); 1570 1571 return vmw_cmd_res_check(dev_priv, sw_context, vmw_res_surface, 1572 user_surface_converter, 1573 &cmd->body.sid, NULL); 1574 } 1575 1576 /** 1577 * vmw_cmd_invalidate_gb_image - Validate an SVGA_3D_CMD_INVALIDATE_GB_IMAGE 1578 * command 1579 * 1580 * @dev_priv: Pointer to a device private struct. 1581 * @sw_context: The software context being used for this batch. 1582 * @header: Pointer to the command header in the command stream. 1583 */ 1584 static int vmw_cmd_invalidate_gb_image(struct vmw_private *dev_priv, 1585 struct vmw_sw_context *sw_context, 1586 SVGA3dCmdHeader *header) 1587 { 1588 struct vmw_gb_surface_cmd { 1589 SVGA3dCmdHeader header; 1590 SVGA3dCmdInvalidateGBImage body; 1591 } *cmd; 1592 1593 cmd = container_of(header, struct vmw_gb_surface_cmd, header); 1594 1595 return vmw_cmd_res_check(dev_priv, sw_context, vmw_res_surface, 1596 user_surface_converter, 1597 &cmd->body.image.sid, NULL); 1598 } 1599 1600 /** 1601 * vmw_cmd_invalidate_gb_surface - Validate an 1602 * SVGA_3D_CMD_INVALIDATE_GB_SURFACE command 1603 * 1604 * @dev_priv: Pointer to a device private struct. 1605 * @sw_context: The software context being used for this batch. 1606 * @header: Pointer to the command header in the command stream. 1607 */ 1608 static int vmw_cmd_invalidate_gb_surface(struct vmw_private *dev_priv, 1609 struct vmw_sw_context *sw_context, 1610 SVGA3dCmdHeader *header) 1611 { 1612 struct vmw_gb_surface_cmd { 1613 SVGA3dCmdHeader header; 1614 SVGA3dCmdInvalidateGBSurface body; 1615 } *cmd; 1616 1617 cmd = container_of(header, struct vmw_gb_surface_cmd, header); 1618 1619 return vmw_cmd_res_check(dev_priv, sw_context, vmw_res_surface, 1620 user_surface_converter, 1621 &cmd->body.sid, NULL); 1622 } 1623 1624 1625 /** 1626 * vmw_cmd_shader_define - Validate an SVGA_3D_CMD_SHADER_DEFINE 1627 * command 1628 * 1629 * @dev_priv: Pointer to a device private struct. 1630 * @sw_context: The software context being used for this batch. 1631 * @header: Pointer to the command header in the command stream. 1632 */ 1633 static int vmw_cmd_shader_define(struct vmw_private *dev_priv, 1634 struct vmw_sw_context *sw_context, 1635 SVGA3dCmdHeader *header) 1636 { 1637 struct vmw_shader_define_cmd { 1638 SVGA3dCmdHeader header; 1639 SVGA3dCmdDefineShader body; 1640 } *cmd; 1641 int ret; 1642 size_t size; 1643 struct vmw_resource_val_node *val; 1644 1645 cmd = container_of(header, struct vmw_shader_define_cmd, 1646 header); 1647 1648 ret = vmw_cmd_res_check(dev_priv, sw_context, vmw_res_context, 1649 user_context_converter, &cmd->body.cid, 1650 &val); 1651 if (unlikely(ret != 0)) 1652 return ret; 1653 1654 if (unlikely(!dev_priv->has_mob)) 1655 return 0; 1656 1657 size = cmd->header.size - sizeof(cmd->body); 1658 ret = vmw_compat_shader_add(dev_priv, 1659 vmw_context_res_man(val->res), 1660 cmd->body.shid, cmd + 1, 1661 cmd->body.type, size, 1662 &sw_context->staged_cmd_res); 1663 if (unlikely(ret != 0)) 1664 return ret; 1665 1666 return vmw_resource_relocation_add(&sw_context->res_relocations, 1667 NULL, &cmd->header.id - 1668 sw_context->buf_start); 1669 1670 return 0; 1671 } 1672 1673 /** 1674 * vmw_cmd_shader_destroy - Validate an SVGA_3D_CMD_SHADER_DESTROY 1675 * command 1676 * 1677 * @dev_priv: Pointer to a device private struct. 1678 * @sw_context: The software context being used for this batch. 1679 * @header: Pointer to the command header in the command stream. 1680 */ 1681 static int vmw_cmd_shader_destroy(struct vmw_private *dev_priv, 1682 struct vmw_sw_context *sw_context, 1683 SVGA3dCmdHeader *header) 1684 { 1685 struct vmw_shader_destroy_cmd { 1686 SVGA3dCmdHeader header; 1687 SVGA3dCmdDestroyShader body; 1688 } *cmd; 1689 int ret; 1690 struct vmw_resource_val_node *val; 1691 1692 cmd = container_of(header, struct vmw_shader_destroy_cmd, 1693 header); 1694 1695 ret = vmw_cmd_res_check(dev_priv, sw_context, vmw_res_context, 1696 user_context_converter, &cmd->body.cid, 1697 &val); 1698 if (unlikely(ret != 0)) 1699 return ret; 1700 1701 if (unlikely(!dev_priv->has_mob)) 1702 return 0; 1703 1704 ret = vmw_compat_shader_remove(vmw_context_res_man(val->res), 1705 cmd->body.shid, 1706 cmd->body.type, 1707 &sw_context->staged_cmd_res); 1708 if (unlikely(ret != 0)) 1709 return ret; 1710 1711 return vmw_resource_relocation_add(&sw_context->res_relocations, 1712 NULL, &cmd->header.id - 1713 sw_context->buf_start); 1714 1715 return 0; 1716 } 1717 1718 /** 1719 * vmw_cmd_set_shader - Validate an SVGA_3D_CMD_SET_SHADER 1720 * command 1721 * 1722 * @dev_priv: Pointer to a device private struct. 1723 * @sw_context: The software context being used for this batch. 1724 * @header: Pointer to the command header in the command stream. 1725 */ 1726 static int vmw_cmd_set_shader(struct vmw_private *dev_priv, 1727 struct vmw_sw_context *sw_context, 1728 SVGA3dCmdHeader *header) 1729 { 1730 struct vmw_set_shader_cmd { 1731 SVGA3dCmdHeader header; 1732 SVGA3dCmdSetShader body; 1733 } *cmd; 1734 struct vmw_resource_val_node *ctx_node, *res_node = NULL; 1735 struct vmw_ctx_bindinfo bi; 1736 struct vmw_resource *res = NULL; 1737 int ret; 1738 1739 cmd = container_of(header, struct vmw_set_shader_cmd, 1740 header); 1741 1742 ret = vmw_cmd_res_check(dev_priv, sw_context, vmw_res_context, 1743 user_context_converter, &cmd->body.cid, 1744 &ctx_node); 1745 if (unlikely(ret != 0)) 1746 return ret; 1747 1748 if (!dev_priv->has_mob) 1749 return 0; 1750 1751 if (cmd->body.shid != SVGA3D_INVALID_ID) { 1752 res = vmw_compat_shader_lookup 1753 (vmw_context_res_man(ctx_node->res), 1754 cmd->body.shid, 1755 cmd->body.type); 1756 1757 if (!IS_ERR(res)) { 1758 ret = vmw_cmd_res_reloc_add(dev_priv, sw_context, 1759 vmw_res_shader, 1760 &cmd->body.shid, res, 1761 &res_node); 1762 vmw_resource_unreference(&res); 1763 if (unlikely(ret != 0)) 1764 return ret; 1765 } 1766 } 1767 1768 if (!res_node) { 1769 ret = vmw_cmd_res_check(dev_priv, sw_context, 1770 vmw_res_shader, 1771 user_shader_converter, 1772 &cmd->body.shid, &res_node); 1773 if (unlikely(ret != 0)) 1774 return ret; 1775 } 1776 1777 bi.ctx = ctx_node->res; 1778 bi.res = res_node ? res_node->res : NULL; 1779 bi.bt = vmw_ctx_binding_shader; 1780 bi.i1.shader_type = cmd->body.type; 1781 return vmw_context_binding_add(ctx_node->staged_bindings, &bi); 1782 } 1783 1784 /** 1785 * vmw_cmd_set_shader_const - Validate an SVGA_3D_CMD_SET_SHADER_CONST 1786 * command 1787 * 1788 * @dev_priv: Pointer to a device private struct. 1789 * @sw_context: The software context being used for this batch. 1790 * @header: Pointer to the command header in the command stream. 1791 */ 1792 static int vmw_cmd_set_shader_const(struct vmw_private *dev_priv, 1793 struct vmw_sw_context *sw_context, 1794 SVGA3dCmdHeader *header) 1795 { 1796 struct vmw_set_shader_const_cmd { 1797 SVGA3dCmdHeader header; 1798 SVGA3dCmdSetShaderConst body; 1799 } *cmd; 1800 int ret; 1801 1802 cmd = container_of(header, struct vmw_set_shader_const_cmd, 1803 header); 1804 1805 ret = vmw_cmd_res_check(dev_priv, sw_context, vmw_res_context, 1806 user_context_converter, &cmd->body.cid, 1807 NULL); 1808 if (unlikely(ret != 0)) 1809 return ret; 1810 1811 if (dev_priv->has_mob) 1812 header->id = SVGA_3D_CMD_SET_GB_SHADERCONSTS_INLINE; 1813 1814 return 0; 1815 } 1816 1817 /** 1818 * vmw_cmd_bind_gb_shader - Validate an SVGA_3D_CMD_BIND_GB_SHADER 1819 * command 1820 * 1821 * @dev_priv: Pointer to a device private struct. 1822 * @sw_context: The software context being used for this batch. 1823 * @header: Pointer to the command header in the command stream. 1824 */ 1825 static int vmw_cmd_bind_gb_shader(struct vmw_private *dev_priv, 1826 struct vmw_sw_context *sw_context, 1827 SVGA3dCmdHeader *header) 1828 { 1829 struct vmw_bind_gb_shader_cmd { 1830 SVGA3dCmdHeader header; 1831 SVGA3dCmdBindGBShader body; 1832 } *cmd; 1833 1834 cmd = container_of(header, struct vmw_bind_gb_shader_cmd, 1835 header); 1836 1837 return vmw_cmd_switch_backup(dev_priv, sw_context, vmw_res_shader, 1838 user_shader_converter, 1839 &cmd->body.shid, &cmd->body.mobid, 1840 cmd->body.offsetInBytes); 1841 } 1842 1843 static int vmw_cmd_check_not_3d(struct vmw_private *dev_priv, 1844 struct vmw_sw_context *sw_context, 1845 void *buf, uint32_t *size) 1846 { 1847 uint32_t size_remaining = *size; 1848 uint32_t cmd_id; 1849 1850 cmd_id = le32_to_cpu(((uint32_t *)buf)[0]); 1851 switch (cmd_id) { 1852 case SVGA_CMD_UPDATE: 1853 *size = sizeof(uint32_t) + sizeof(SVGAFifoCmdUpdate); 1854 break; 1855 case SVGA_CMD_DEFINE_GMRFB: 1856 *size = sizeof(uint32_t) + sizeof(SVGAFifoCmdDefineGMRFB); 1857 break; 1858 case SVGA_CMD_BLIT_GMRFB_TO_SCREEN: 1859 *size = sizeof(uint32_t) + sizeof(SVGAFifoCmdBlitGMRFBToScreen); 1860 break; 1861 case SVGA_CMD_BLIT_SCREEN_TO_GMRFB: 1862 *size = sizeof(uint32_t) + sizeof(SVGAFifoCmdBlitGMRFBToScreen); 1863 break; 1864 default: 1865 DRM_ERROR("Unsupported SVGA command: %u.\n", cmd_id); 1866 return -EINVAL; 1867 } 1868 1869 if (*size > size_remaining) { 1870 DRM_ERROR("Invalid SVGA command (size mismatch):" 1871 " %u.\n", cmd_id); 1872 return -EINVAL; 1873 } 1874 1875 if (unlikely(!sw_context->kernel)) { 1876 DRM_ERROR("Kernel only SVGA command: %u.\n", cmd_id); 1877 return -EPERM; 1878 } 1879 1880 if (cmd_id == SVGA_CMD_DEFINE_GMRFB) 1881 return vmw_cmd_check_define_gmrfb(dev_priv, sw_context, buf); 1882 1883 return 0; 1884 } 1885 1886 static const struct vmw_cmd_entry vmw_cmd_entries[SVGA_3D_CMD_MAX] = { 1887 VMW_CMD_DEF(SVGA_3D_CMD_SURFACE_DEFINE, &vmw_cmd_invalid, 1888 false, false, false), 1889 VMW_CMD_DEF(SVGA_3D_CMD_SURFACE_DESTROY, &vmw_cmd_invalid, 1890 false, false, false), 1891 VMW_CMD_DEF(SVGA_3D_CMD_SURFACE_COPY, &vmw_cmd_surface_copy_check, 1892 true, false, false), 1893 VMW_CMD_DEF(SVGA_3D_CMD_SURFACE_STRETCHBLT, &vmw_cmd_stretch_blt_check, 1894 true, false, false), 1895 VMW_CMD_DEF(SVGA_3D_CMD_SURFACE_DMA, &vmw_cmd_dma, 1896 true, false, false), 1897 VMW_CMD_DEF(SVGA_3D_CMD_CONTEXT_DEFINE, &vmw_cmd_invalid, 1898 false, false, false), 1899 VMW_CMD_DEF(SVGA_3D_CMD_CONTEXT_DESTROY, &vmw_cmd_invalid, 1900 false, false, false), 1901 VMW_CMD_DEF(SVGA_3D_CMD_SETTRANSFORM, &vmw_cmd_cid_check, 1902 true, false, false), 1903 VMW_CMD_DEF(SVGA_3D_CMD_SETZRANGE, &vmw_cmd_cid_check, 1904 true, false, false), 1905 VMW_CMD_DEF(SVGA_3D_CMD_SETRENDERSTATE, &vmw_cmd_cid_check, 1906 true, false, false), 1907 VMW_CMD_DEF(SVGA_3D_CMD_SETRENDERTARGET, 1908 &vmw_cmd_set_render_target_check, true, false, false), 1909 VMW_CMD_DEF(SVGA_3D_CMD_SETTEXTURESTATE, &vmw_cmd_tex_state, 1910 true, false, false), 1911 VMW_CMD_DEF(SVGA_3D_CMD_SETMATERIAL, &vmw_cmd_cid_check, 1912 true, false, false), 1913 VMW_CMD_DEF(SVGA_3D_CMD_SETLIGHTDATA, &vmw_cmd_cid_check, 1914 true, false, false), 1915 VMW_CMD_DEF(SVGA_3D_CMD_SETLIGHTENABLED, &vmw_cmd_cid_check, 1916 true, false, false), 1917 VMW_CMD_DEF(SVGA_3D_CMD_SETVIEWPORT, &vmw_cmd_cid_check, 1918 true, false, false), 1919 VMW_CMD_DEF(SVGA_3D_CMD_SETCLIPPLANE, &vmw_cmd_cid_check, 1920 true, false, false), 1921 VMW_CMD_DEF(SVGA_3D_CMD_CLEAR, &vmw_cmd_cid_check, 1922 true, false, false), 1923 VMW_CMD_DEF(SVGA_3D_CMD_PRESENT, &vmw_cmd_present_check, 1924 false, false, false), 1925 VMW_CMD_DEF(SVGA_3D_CMD_SHADER_DEFINE, &vmw_cmd_shader_define, 1926 true, false, false), 1927 VMW_CMD_DEF(SVGA_3D_CMD_SHADER_DESTROY, &vmw_cmd_shader_destroy, 1928 true, false, false), 1929 VMW_CMD_DEF(SVGA_3D_CMD_SET_SHADER, &vmw_cmd_set_shader, 1930 true, false, false), 1931 VMW_CMD_DEF(SVGA_3D_CMD_SET_SHADER_CONST, &vmw_cmd_set_shader_const, 1932 true, false, false), 1933 VMW_CMD_DEF(SVGA_3D_CMD_DRAW_PRIMITIVES, &vmw_cmd_draw, 1934 true, false, false), 1935 VMW_CMD_DEF(SVGA_3D_CMD_SETSCISSORRECT, &vmw_cmd_cid_check, 1936 true, false, false), 1937 VMW_CMD_DEF(SVGA_3D_CMD_BEGIN_QUERY, &vmw_cmd_begin_query, 1938 true, false, false), 1939 VMW_CMD_DEF(SVGA_3D_CMD_END_QUERY, &vmw_cmd_end_query, 1940 true, false, false), 1941 VMW_CMD_DEF(SVGA_3D_CMD_WAIT_FOR_QUERY, &vmw_cmd_wait_query, 1942 true, false, false), 1943 VMW_CMD_DEF(SVGA_3D_CMD_PRESENT_READBACK, &vmw_cmd_ok, 1944 true, false, false), 1945 VMW_CMD_DEF(SVGA_3D_CMD_BLIT_SURFACE_TO_SCREEN, 1946 &vmw_cmd_blt_surf_screen_check, false, false, false), 1947 VMW_CMD_DEF(SVGA_3D_CMD_SURFACE_DEFINE_V2, &vmw_cmd_invalid, 1948 false, false, false), 1949 VMW_CMD_DEF(SVGA_3D_CMD_GENERATE_MIPMAPS, &vmw_cmd_invalid, 1950 false, false, false), 1951 VMW_CMD_DEF(SVGA_3D_CMD_ACTIVATE_SURFACE, &vmw_cmd_invalid, 1952 false, false, false), 1953 VMW_CMD_DEF(SVGA_3D_CMD_DEACTIVATE_SURFACE, &vmw_cmd_invalid, 1954 false, false, false), 1955 VMW_CMD_DEF(SVGA_3D_CMD_SCREEN_DMA, &vmw_cmd_invalid, 1956 false, false, false), 1957 VMW_CMD_DEF(SVGA_3D_CMD_SET_UNITY_SURFACE_COOKIE, &vmw_cmd_invalid, 1958 false, false, false), 1959 VMW_CMD_DEF(SVGA_3D_CMD_OPEN_CONTEXT_SURFACE, &vmw_cmd_invalid, 1960 false, false, false), 1961 VMW_CMD_DEF(SVGA_3D_CMD_LOGICOPS_BITBLT, &vmw_cmd_invalid, 1962 false, false, false), 1963 VMW_CMD_DEF(SVGA_3D_CMD_LOGICOPS_TRANSBLT, &vmw_cmd_invalid, 1964 false, false, false), 1965 VMW_CMD_DEF(SVGA_3D_CMD_LOGICOPS_STRETCHBLT, &vmw_cmd_invalid, 1966 false, false, false), 1967 VMW_CMD_DEF(SVGA_3D_CMD_LOGICOPS_COLORFILL, &vmw_cmd_invalid, 1968 false, false, false), 1969 VMW_CMD_DEF(SVGA_3D_CMD_LOGICOPS_ALPHABLEND, &vmw_cmd_invalid, 1970 false, false, false), 1971 VMW_CMD_DEF(SVGA_3D_CMD_LOGICOPS_CLEARTYPEBLEND, &vmw_cmd_invalid, 1972 false, false, false), 1973 VMW_CMD_DEF(SVGA_3D_CMD_SET_OTABLE_BASE, &vmw_cmd_invalid, 1974 false, false, true), 1975 VMW_CMD_DEF(SVGA_3D_CMD_READBACK_OTABLE, &vmw_cmd_invalid, 1976 false, false, true), 1977 VMW_CMD_DEF(SVGA_3D_CMD_DEFINE_GB_MOB, &vmw_cmd_invalid, 1978 false, false, true), 1979 VMW_CMD_DEF(SVGA_3D_CMD_DESTROY_GB_MOB, &vmw_cmd_invalid, 1980 false, false, true), 1981 VMW_CMD_DEF(SVGA_3D_CMD_REDEFINE_GB_MOB, &vmw_cmd_invalid, 1982 false, false, true), 1983 VMW_CMD_DEF(SVGA_3D_CMD_UPDATE_GB_MOB_MAPPING, &vmw_cmd_invalid, 1984 false, false, true), 1985 VMW_CMD_DEF(SVGA_3D_CMD_DEFINE_GB_SURFACE, &vmw_cmd_invalid, 1986 false, false, true), 1987 VMW_CMD_DEF(SVGA_3D_CMD_DESTROY_GB_SURFACE, &vmw_cmd_invalid, 1988 false, false, true), 1989 VMW_CMD_DEF(SVGA_3D_CMD_BIND_GB_SURFACE, &vmw_cmd_bind_gb_surface, 1990 true, false, true), 1991 VMW_CMD_DEF(SVGA_3D_CMD_COND_BIND_GB_SURFACE, &vmw_cmd_invalid, 1992 false, false, true), 1993 VMW_CMD_DEF(SVGA_3D_CMD_UPDATE_GB_IMAGE, &vmw_cmd_update_gb_image, 1994 true, false, true), 1995 VMW_CMD_DEF(SVGA_3D_CMD_UPDATE_GB_SURFACE, 1996 &vmw_cmd_update_gb_surface, true, false, true), 1997 VMW_CMD_DEF(SVGA_3D_CMD_READBACK_GB_IMAGE, 1998 &vmw_cmd_readback_gb_image, true, false, true), 1999 VMW_CMD_DEF(SVGA_3D_CMD_READBACK_GB_SURFACE, 2000 &vmw_cmd_readback_gb_surface, true, false, true), 2001 VMW_CMD_DEF(SVGA_3D_CMD_INVALIDATE_GB_IMAGE, 2002 &vmw_cmd_invalidate_gb_image, true, false, true), 2003 VMW_CMD_DEF(SVGA_3D_CMD_INVALIDATE_GB_SURFACE, 2004 &vmw_cmd_invalidate_gb_surface, true, false, true), 2005 VMW_CMD_DEF(SVGA_3D_CMD_DEFINE_GB_CONTEXT, &vmw_cmd_invalid, 2006 false, false, true), 2007 VMW_CMD_DEF(SVGA_3D_CMD_DESTROY_GB_CONTEXT, &vmw_cmd_invalid, 2008 false, false, true), 2009 VMW_CMD_DEF(SVGA_3D_CMD_BIND_GB_CONTEXT, &vmw_cmd_invalid, 2010 false, false, true), 2011 VMW_CMD_DEF(SVGA_3D_CMD_READBACK_GB_CONTEXT, &vmw_cmd_invalid, 2012 false, false, true), 2013 VMW_CMD_DEF(SVGA_3D_CMD_INVALIDATE_GB_CONTEXT, &vmw_cmd_invalid, 2014 false, false, true), 2015 VMW_CMD_DEF(SVGA_3D_CMD_DEFINE_GB_SHADER, &vmw_cmd_invalid, 2016 false, false, true), 2017 VMW_CMD_DEF(SVGA_3D_CMD_BIND_GB_SHADER, &vmw_cmd_bind_gb_shader, 2018 true, false, true), 2019 VMW_CMD_DEF(SVGA_3D_CMD_DESTROY_GB_SHADER, &vmw_cmd_invalid, 2020 false, false, true), 2021 VMW_CMD_DEF(SVGA_3D_CMD_SET_OTABLE_BASE64, &vmw_cmd_invalid, 2022 false, false, false), 2023 VMW_CMD_DEF(SVGA_3D_CMD_BEGIN_GB_QUERY, &vmw_cmd_begin_gb_query, 2024 true, false, true), 2025 VMW_CMD_DEF(SVGA_3D_CMD_END_GB_QUERY, &vmw_cmd_end_gb_query, 2026 true, false, true), 2027 VMW_CMD_DEF(SVGA_3D_CMD_WAIT_FOR_GB_QUERY, &vmw_cmd_wait_gb_query, 2028 true, false, true), 2029 VMW_CMD_DEF(SVGA_3D_CMD_NOP, &vmw_cmd_ok, 2030 true, false, true), 2031 VMW_CMD_DEF(SVGA_3D_CMD_ENABLE_GART, &vmw_cmd_invalid, 2032 false, false, true), 2033 VMW_CMD_DEF(SVGA_3D_CMD_DISABLE_GART, &vmw_cmd_invalid, 2034 false, false, true), 2035 VMW_CMD_DEF(SVGA_3D_CMD_MAP_MOB_INTO_GART, &vmw_cmd_invalid, 2036 false, false, true), 2037 VMW_CMD_DEF(SVGA_3D_CMD_UNMAP_GART_RANGE, &vmw_cmd_invalid, 2038 false, false, true), 2039 VMW_CMD_DEF(SVGA_3D_CMD_DEFINE_GB_SCREENTARGET, &vmw_cmd_invalid, 2040 false, false, true), 2041 VMW_CMD_DEF(SVGA_3D_CMD_DESTROY_GB_SCREENTARGET, &vmw_cmd_invalid, 2042 false, false, true), 2043 VMW_CMD_DEF(SVGA_3D_CMD_BIND_GB_SCREENTARGET, &vmw_cmd_invalid, 2044 false, false, true), 2045 VMW_CMD_DEF(SVGA_3D_CMD_UPDATE_GB_SCREENTARGET, &vmw_cmd_invalid, 2046 false, false, true), 2047 VMW_CMD_DEF(SVGA_3D_CMD_READBACK_GB_IMAGE_PARTIAL, &vmw_cmd_invalid, 2048 false, false, true), 2049 VMW_CMD_DEF(SVGA_3D_CMD_INVALIDATE_GB_IMAGE_PARTIAL, &vmw_cmd_invalid, 2050 false, false, true), 2051 VMW_CMD_DEF(SVGA_3D_CMD_SET_GB_SHADERCONSTS_INLINE, &vmw_cmd_cid_check, 2052 true, false, true) 2053 }; 2054 2055 static int vmw_cmd_check(struct vmw_private *dev_priv, 2056 struct vmw_sw_context *sw_context, 2057 void *buf, uint32_t *size) 2058 { 2059 uint32_t cmd_id; 2060 uint32_t size_remaining = *size; 2061 SVGA3dCmdHeader *header = (SVGA3dCmdHeader *) buf; 2062 int ret; 2063 const struct vmw_cmd_entry *entry; 2064 bool gb = dev_priv->capabilities & SVGA_CAP_GBOBJECTS; 2065 2066 cmd_id = le32_to_cpu(((uint32_t *)buf)[0]); 2067 /* Handle any none 3D commands */ 2068 if (unlikely(cmd_id < SVGA_CMD_MAX)) 2069 return vmw_cmd_check_not_3d(dev_priv, sw_context, buf, size); 2070 2071 2072 cmd_id = le32_to_cpu(header->id); 2073 *size = le32_to_cpu(header->size) + sizeof(SVGA3dCmdHeader); 2074 2075 cmd_id -= SVGA_3D_CMD_BASE; 2076 if (unlikely(*size > size_remaining)) 2077 goto out_invalid; 2078 2079 if (unlikely(cmd_id >= SVGA_3D_CMD_MAX - SVGA_3D_CMD_BASE)) 2080 goto out_invalid; 2081 2082 entry = &vmw_cmd_entries[cmd_id]; 2083 if (unlikely(!entry->func)) 2084 goto out_invalid; 2085 2086 if (unlikely(!entry->user_allow && !sw_context->kernel)) 2087 goto out_privileged; 2088 2089 if (unlikely(entry->gb_disable && gb)) 2090 goto out_old; 2091 2092 if (unlikely(entry->gb_enable && !gb)) 2093 goto out_new; 2094 2095 ret = entry->func(dev_priv, sw_context, header); 2096 if (unlikely(ret != 0)) 2097 goto out_invalid; 2098 2099 return 0; 2100 out_invalid: 2101 DRM_ERROR("Invalid SVGA3D command: %d\n", 2102 cmd_id + SVGA_3D_CMD_BASE); 2103 return -EINVAL; 2104 out_privileged: 2105 DRM_ERROR("Privileged SVGA3D command: %d\n", 2106 cmd_id + SVGA_3D_CMD_BASE); 2107 return -EPERM; 2108 out_old: 2109 DRM_ERROR("Deprecated (disallowed) SVGA3D command: %d\n", 2110 cmd_id + SVGA_3D_CMD_BASE); 2111 return -EINVAL; 2112 out_new: 2113 DRM_ERROR("SVGA3D command: %d not supported by virtual hardware.\n", 2114 cmd_id + SVGA_3D_CMD_BASE); 2115 return -EINVAL; 2116 } 2117 2118 static int vmw_cmd_check_all(struct vmw_private *dev_priv, 2119 struct vmw_sw_context *sw_context, 2120 void *buf, 2121 uint32_t size) 2122 { 2123 int32_t cur_size = size; 2124 int ret; 2125 2126 sw_context->buf_start = buf; 2127 2128 while (cur_size > 0) { 2129 size = cur_size; 2130 ret = vmw_cmd_check(dev_priv, sw_context, buf, &size); 2131 if (unlikely(ret != 0)) 2132 return ret; 2133 buf = (void *)((unsigned long) buf + size); 2134 cur_size -= size; 2135 } 2136 2137 if (unlikely(cur_size != 0)) { 2138 DRM_ERROR("Command verifier out of sync.\n"); 2139 return -EINVAL; 2140 } 2141 2142 return 0; 2143 } 2144 2145 static void vmw_free_relocations(struct vmw_sw_context *sw_context) 2146 { 2147 sw_context->cur_reloc = 0; 2148 } 2149 2150 static void vmw_apply_relocations(struct vmw_sw_context *sw_context) 2151 { 2152 uint32_t i; 2153 struct vmw_relocation *reloc; 2154 struct ttm_validate_buffer *validate; 2155 struct ttm_buffer_object *bo; 2156 2157 for (i = 0; i < sw_context->cur_reloc; ++i) { 2158 reloc = &sw_context->relocs[i]; 2159 validate = &sw_context->val_bufs[reloc->index].base; 2160 bo = validate->bo; 2161 switch (bo->mem.mem_type) { 2162 case TTM_PL_VRAM: 2163 reloc->location->offset += bo->offset; 2164 reloc->location->gmrId = SVGA_GMR_FRAMEBUFFER; 2165 break; 2166 case VMW_PL_GMR: 2167 reloc->location->gmrId = bo->mem.start; 2168 break; 2169 case VMW_PL_MOB: 2170 *reloc->mob_loc = bo->mem.start; 2171 break; 2172 default: 2173 BUG(); 2174 } 2175 } 2176 vmw_free_relocations(sw_context); 2177 } 2178 2179 /** 2180 * vmw_resource_list_unrefererence - Free up a resource list and unreference 2181 * all resources referenced by it. 2182 * 2183 * @list: The resource list. 2184 */ 2185 static void vmw_resource_list_unreference(struct list_head *list) 2186 { 2187 struct vmw_resource_val_node *val, *val_next; 2188 2189 /* 2190 * Drop references to resources held during command submission. 2191 */ 2192 2193 list_for_each_entry_safe(val, val_next, list, head) { 2194 list_del_init(&val->head); 2195 vmw_resource_unreference(&val->res); 2196 if (unlikely(val->staged_bindings)) 2197 kfree(val->staged_bindings); 2198 kfree(val); 2199 } 2200 } 2201 2202 static void vmw_clear_validations(struct vmw_sw_context *sw_context) 2203 { 2204 struct vmw_validate_buffer *entry, *next; 2205 struct vmw_resource_val_node *val; 2206 2207 /* 2208 * Drop references to DMA buffers held during command submission. 2209 */ 2210 list_for_each_entry_safe(entry, next, &sw_context->validate_nodes, 2211 base.head) { 2212 list_del(&entry->base.head); 2213 ttm_bo_unref(&entry->base.bo); 2214 (void) drm_ht_remove_item(&sw_context->res_ht, &entry->hash); 2215 sw_context->cur_val_buf--; 2216 } 2217 BUG_ON(sw_context->cur_val_buf != 0); 2218 2219 list_for_each_entry(val, &sw_context->resource_list, head) 2220 (void) drm_ht_remove_item(&sw_context->res_ht, &val->hash); 2221 } 2222 2223 static int vmw_validate_single_buffer(struct vmw_private *dev_priv, 2224 struct ttm_buffer_object *bo, 2225 bool validate_as_mob) 2226 { 2227 int ret; 2228 2229 2230 /* 2231 * Don't validate pinned buffers. 2232 */ 2233 2234 if (bo == dev_priv->pinned_bo || 2235 (bo == dev_priv->dummy_query_bo && 2236 dev_priv->dummy_query_bo_pinned)) 2237 return 0; 2238 2239 if (validate_as_mob) 2240 return ttm_bo_validate(bo, &vmw_mob_placement, true, false); 2241 2242 /** 2243 * Put BO in VRAM if there is space, otherwise as a GMR. 2244 * If there is no space in VRAM and GMR ids are all used up, 2245 * start evicting GMRs to make room. If the DMA buffer can't be 2246 * used as a GMR, this will return -ENOMEM. 2247 */ 2248 2249 ret = ttm_bo_validate(bo, &vmw_vram_gmr_placement, true, false); 2250 if (likely(ret == 0 || ret == -ERESTARTSYS)) 2251 return ret; 2252 2253 /** 2254 * If that failed, try VRAM again, this time evicting 2255 * previous contents. 2256 */ 2257 2258 DRM_INFO("Falling through to VRAM.\n"); 2259 ret = ttm_bo_validate(bo, &vmw_vram_placement, true, false); 2260 return ret; 2261 } 2262 2263 static int vmw_validate_buffers(struct vmw_private *dev_priv, 2264 struct vmw_sw_context *sw_context) 2265 { 2266 struct vmw_validate_buffer *entry; 2267 int ret; 2268 2269 list_for_each_entry(entry, &sw_context->validate_nodes, base.head) { 2270 ret = vmw_validate_single_buffer(dev_priv, entry->base.bo, 2271 entry->validate_as_mob); 2272 if (unlikely(ret != 0)) 2273 return ret; 2274 } 2275 return 0; 2276 } 2277 2278 static int vmw_resize_cmd_bounce(struct vmw_sw_context *sw_context, 2279 uint32_t size) 2280 { 2281 if (likely(sw_context->cmd_bounce_size >= size)) 2282 return 0; 2283 2284 if (sw_context->cmd_bounce_size == 0) 2285 sw_context->cmd_bounce_size = VMWGFX_CMD_BOUNCE_INIT_SIZE; 2286 2287 while (sw_context->cmd_bounce_size < size) { 2288 sw_context->cmd_bounce_size = 2289 PAGE_ALIGN(sw_context->cmd_bounce_size + 2290 (sw_context->cmd_bounce_size >> 1)); 2291 } 2292 2293 if (sw_context->cmd_bounce != NULL) 2294 vfree(sw_context->cmd_bounce); 2295 2296 sw_context->cmd_bounce = vmalloc(sw_context->cmd_bounce_size); 2297 2298 if (sw_context->cmd_bounce == NULL) { 2299 DRM_ERROR("Failed to allocate command bounce buffer.\n"); 2300 sw_context->cmd_bounce_size = 0; 2301 return -ENOMEM; 2302 } 2303 2304 return 0; 2305 } 2306 2307 /** 2308 * vmw_execbuf_fence_commands - create and submit a command stream fence 2309 * 2310 * Creates a fence object and submits a command stream marker. 2311 * If this fails for some reason, We sync the fifo and return NULL. 2312 * It is then safe to fence buffers with a NULL pointer. 2313 * 2314 * If @p_handle is not NULL @file_priv must also not be NULL. Creates 2315 * a userspace handle if @p_handle is not NULL, otherwise not. 2316 */ 2317 2318 int vmw_execbuf_fence_commands(struct drm_file *file_priv, 2319 struct vmw_private *dev_priv, 2320 struct vmw_fence_obj **p_fence, 2321 uint32_t *p_handle) 2322 { 2323 uint32_t sequence; 2324 int ret; 2325 bool synced = false; 2326 2327 /* p_handle implies file_priv. */ 2328 BUG_ON(p_handle != NULL && file_priv == NULL); 2329 2330 ret = vmw_fifo_send_fence(dev_priv, &sequence); 2331 if (unlikely(ret != 0)) { 2332 DRM_ERROR("Fence submission error. Syncing.\n"); 2333 synced = true; 2334 } 2335 2336 if (p_handle != NULL) 2337 ret = vmw_user_fence_create(file_priv, dev_priv->fman, 2338 sequence, p_fence, p_handle); 2339 else 2340 ret = vmw_fence_create(dev_priv->fman, sequence, p_fence); 2341 2342 if (unlikely(ret != 0 && !synced)) { 2343 (void) vmw_fallback_wait(dev_priv, false, false, 2344 sequence, false, 2345 VMW_FENCE_WAIT_TIMEOUT); 2346 *p_fence = NULL; 2347 } 2348 2349 return 0; 2350 } 2351 2352 /** 2353 * vmw_execbuf_copy_fence_user - copy fence object information to 2354 * user-space. 2355 * 2356 * @dev_priv: Pointer to a vmw_private struct. 2357 * @vmw_fp: Pointer to the struct vmw_fpriv representing the calling file. 2358 * @ret: Return value from fence object creation. 2359 * @user_fence_rep: User space address of a struct drm_vmw_fence_rep to 2360 * which the information should be copied. 2361 * @fence: Pointer to the fenc object. 2362 * @fence_handle: User-space fence handle. 2363 * 2364 * This function copies fence information to user-space. If copying fails, 2365 * The user-space struct drm_vmw_fence_rep::error member is hopefully 2366 * left untouched, and if it's preloaded with an -EFAULT by user-space, 2367 * the error will hopefully be detected. 2368 * Also if copying fails, user-space will be unable to signal the fence 2369 * object so we wait for it immediately, and then unreference the 2370 * user-space reference. 2371 */ 2372 void 2373 vmw_execbuf_copy_fence_user(struct vmw_private *dev_priv, 2374 struct vmw_fpriv *vmw_fp, 2375 int ret, 2376 struct drm_vmw_fence_rep __user *user_fence_rep, 2377 struct vmw_fence_obj *fence, 2378 uint32_t fence_handle) 2379 { 2380 struct drm_vmw_fence_rep fence_rep; 2381 2382 if (user_fence_rep == NULL) 2383 return; 2384 2385 memset(&fence_rep, 0, sizeof(fence_rep)); 2386 2387 fence_rep.error = ret; 2388 if (ret == 0) { 2389 BUG_ON(fence == NULL); 2390 2391 fence_rep.handle = fence_handle; 2392 fence_rep.seqno = fence->base.seqno; 2393 vmw_update_seqno(dev_priv, &dev_priv->fifo); 2394 fence_rep.passed_seqno = dev_priv->last_read_seqno; 2395 } 2396 2397 /* 2398 * copy_to_user errors will be detected by user space not 2399 * seeing fence_rep::error filled in. Typically 2400 * user-space would have pre-set that member to -EFAULT. 2401 */ 2402 ret = copy_to_user(user_fence_rep, &fence_rep, 2403 sizeof(fence_rep)); 2404 2405 /* 2406 * User-space lost the fence object. We need to sync 2407 * and unreference the handle. 2408 */ 2409 if (unlikely(ret != 0) && (fence_rep.error == 0)) { 2410 ttm_ref_object_base_unref(vmw_fp->tfile, 2411 fence_handle, TTM_REF_USAGE); 2412 DRM_ERROR("Fence copy error. Syncing.\n"); 2413 (void) vmw_fence_obj_wait(fence, false, false, 2414 VMW_FENCE_WAIT_TIMEOUT); 2415 } 2416 } 2417 2418 2419 2420 int vmw_execbuf_process(struct drm_file *file_priv, 2421 struct vmw_private *dev_priv, 2422 void __user *user_commands, 2423 void *kernel_commands, 2424 uint32_t command_size, 2425 uint64_t throttle_us, 2426 struct drm_vmw_fence_rep __user *user_fence_rep, 2427 struct vmw_fence_obj **out_fence) 2428 { 2429 struct vmw_sw_context *sw_context = &dev_priv->ctx; 2430 struct vmw_fence_obj *fence = NULL; 2431 struct vmw_resource *error_resource; 2432 struct list_head resource_list; 2433 struct ww_acquire_ctx ticket; 2434 uint32_t handle; 2435 void *cmd; 2436 int ret; 2437 2438 ret = mutex_lock_interruptible(&dev_priv->cmdbuf_mutex); 2439 if (unlikely(ret != 0)) 2440 return -ERESTARTSYS; 2441 2442 if (kernel_commands == NULL) { 2443 sw_context->kernel = false; 2444 2445 ret = vmw_resize_cmd_bounce(sw_context, command_size); 2446 if (unlikely(ret != 0)) 2447 goto out_unlock; 2448 2449 2450 ret = copy_from_user(sw_context->cmd_bounce, 2451 user_commands, command_size); 2452 2453 if (unlikely(ret != 0)) { 2454 ret = -EFAULT; 2455 DRM_ERROR("Failed copying commands.\n"); 2456 goto out_unlock; 2457 } 2458 kernel_commands = sw_context->cmd_bounce; 2459 } else 2460 sw_context->kernel = true; 2461 2462 sw_context->fp = vmw_fpriv(file_priv); 2463 sw_context->cur_reloc = 0; 2464 sw_context->cur_val_buf = 0; 2465 INIT_LIST_HEAD(&sw_context->resource_list); 2466 sw_context->cur_query_bo = dev_priv->pinned_bo; 2467 sw_context->last_query_ctx = NULL; 2468 sw_context->needs_post_query_barrier = false; 2469 memset(sw_context->res_cache, 0, sizeof(sw_context->res_cache)); 2470 INIT_LIST_HEAD(&sw_context->validate_nodes); 2471 INIT_LIST_HEAD(&sw_context->res_relocations); 2472 if (!sw_context->res_ht_initialized) { 2473 ret = drm_ht_create(&sw_context->res_ht, VMW_RES_HT_ORDER); 2474 if (unlikely(ret != 0)) 2475 goto out_unlock; 2476 sw_context->res_ht_initialized = true; 2477 } 2478 INIT_LIST_HEAD(&sw_context->staged_cmd_res); 2479 2480 INIT_LIST_HEAD(&resource_list); 2481 ret = vmw_cmd_check_all(dev_priv, sw_context, kernel_commands, 2482 command_size); 2483 if (unlikely(ret != 0)) 2484 goto out_err_nores; 2485 2486 ret = vmw_resources_reserve(sw_context); 2487 if (unlikely(ret != 0)) 2488 goto out_err_nores; 2489 2490 ret = ttm_eu_reserve_buffers(&ticket, &sw_context->validate_nodes, 2491 true, NULL); 2492 if (unlikely(ret != 0)) 2493 goto out_err; 2494 2495 ret = vmw_validate_buffers(dev_priv, sw_context); 2496 if (unlikely(ret != 0)) 2497 goto out_err; 2498 2499 ret = vmw_resources_validate(sw_context); 2500 if (unlikely(ret != 0)) 2501 goto out_err; 2502 2503 if (throttle_us) { 2504 ret = vmw_wait_lag(dev_priv, &dev_priv->fifo.marker_queue, 2505 throttle_us); 2506 2507 if (unlikely(ret != 0)) 2508 goto out_err; 2509 } 2510 2511 ret = mutex_lock_interruptible(&dev_priv->binding_mutex); 2512 if (unlikely(ret != 0)) { 2513 ret = -ERESTARTSYS; 2514 goto out_err; 2515 } 2516 2517 if (dev_priv->has_mob) { 2518 ret = vmw_rebind_contexts(sw_context); 2519 if (unlikely(ret != 0)) 2520 goto out_unlock_binding; 2521 } 2522 2523 cmd = vmw_fifo_reserve(dev_priv, command_size); 2524 if (unlikely(cmd == NULL)) { 2525 DRM_ERROR("Failed reserving fifo space for commands.\n"); 2526 ret = -ENOMEM; 2527 goto out_unlock_binding; 2528 } 2529 2530 vmw_apply_relocations(sw_context); 2531 memcpy(cmd, kernel_commands, command_size); 2532 2533 vmw_resource_relocations_apply(cmd, &sw_context->res_relocations); 2534 vmw_resource_relocations_free(&sw_context->res_relocations); 2535 2536 vmw_fifo_commit(dev_priv, command_size); 2537 2538 vmw_query_bo_switch_commit(dev_priv, sw_context); 2539 ret = vmw_execbuf_fence_commands(file_priv, dev_priv, 2540 &fence, 2541 (user_fence_rep) ? &handle : NULL); 2542 /* 2543 * This error is harmless, because if fence submission fails, 2544 * vmw_fifo_send_fence will sync. The error will be propagated to 2545 * user-space in @fence_rep 2546 */ 2547 2548 if (ret != 0) 2549 DRM_ERROR("Fence submission error. Syncing.\n"); 2550 2551 vmw_resource_list_unreserve(&sw_context->resource_list, false); 2552 mutex_unlock(&dev_priv->binding_mutex); 2553 2554 ttm_eu_fence_buffer_objects(&ticket, &sw_context->validate_nodes, 2555 (void *) fence); 2556 2557 if (unlikely(dev_priv->pinned_bo != NULL && 2558 !dev_priv->query_cid_valid)) 2559 __vmw_execbuf_release_pinned_bo(dev_priv, fence); 2560 2561 vmw_clear_validations(sw_context); 2562 vmw_execbuf_copy_fence_user(dev_priv, vmw_fpriv(file_priv), ret, 2563 user_fence_rep, fence, handle); 2564 2565 /* Don't unreference when handing fence out */ 2566 if (unlikely(out_fence != NULL)) { 2567 *out_fence = fence; 2568 fence = NULL; 2569 } else if (likely(fence != NULL)) { 2570 vmw_fence_obj_unreference(&fence); 2571 } 2572 2573 list_splice_init(&sw_context->resource_list, &resource_list); 2574 vmw_cmdbuf_res_commit(&sw_context->staged_cmd_res); 2575 mutex_unlock(&dev_priv->cmdbuf_mutex); 2576 2577 /* 2578 * Unreference resources outside of the cmdbuf_mutex to 2579 * avoid deadlocks in resource destruction paths. 2580 */ 2581 vmw_resource_list_unreference(&resource_list); 2582 2583 return 0; 2584 2585 out_unlock_binding: 2586 mutex_unlock(&dev_priv->binding_mutex); 2587 out_err: 2588 ttm_eu_backoff_reservation(&ticket, &sw_context->validate_nodes); 2589 out_err_nores: 2590 vmw_resource_list_unreserve(&sw_context->resource_list, true); 2591 vmw_resource_relocations_free(&sw_context->res_relocations); 2592 vmw_free_relocations(sw_context); 2593 vmw_clear_validations(sw_context); 2594 if (unlikely(dev_priv->pinned_bo != NULL && 2595 !dev_priv->query_cid_valid)) 2596 __vmw_execbuf_release_pinned_bo(dev_priv, NULL); 2597 out_unlock: 2598 list_splice_init(&sw_context->resource_list, &resource_list); 2599 error_resource = sw_context->error_resource; 2600 sw_context->error_resource = NULL; 2601 vmw_cmdbuf_res_revert(&sw_context->staged_cmd_res); 2602 mutex_unlock(&dev_priv->cmdbuf_mutex); 2603 2604 /* 2605 * Unreference resources outside of the cmdbuf_mutex to 2606 * avoid deadlocks in resource destruction paths. 2607 */ 2608 vmw_resource_list_unreference(&resource_list); 2609 if (unlikely(error_resource != NULL)) 2610 vmw_resource_unreference(&error_resource); 2611 2612 return ret; 2613 } 2614 2615 /** 2616 * vmw_execbuf_unpin_panic - Idle the fifo and unpin the query buffer. 2617 * 2618 * @dev_priv: The device private structure. 2619 * 2620 * This function is called to idle the fifo and unpin the query buffer 2621 * if the normal way to do this hits an error, which should typically be 2622 * extremely rare. 2623 */ 2624 static void vmw_execbuf_unpin_panic(struct vmw_private *dev_priv) 2625 { 2626 DRM_ERROR("Can't unpin query buffer. Trying to recover.\n"); 2627 2628 (void) vmw_fallback_wait(dev_priv, false, true, 0, false, 10*HZ); 2629 vmw_bo_pin(dev_priv->pinned_bo, false); 2630 vmw_bo_pin(dev_priv->dummy_query_bo, false); 2631 dev_priv->dummy_query_bo_pinned = false; 2632 } 2633 2634 2635 /** 2636 * __vmw_execbuf_release_pinned_bo - Flush queries and unpin the pinned 2637 * query bo. 2638 * 2639 * @dev_priv: The device private structure. 2640 * @fence: If non-NULL should point to a struct vmw_fence_obj issued 2641 * _after_ a query barrier that flushes all queries touching the current 2642 * buffer pointed to by @dev_priv->pinned_bo 2643 * 2644 * This function should be used to unpin the pinned query bo, or 2645 * as a query barrier when we need to make sure that all queries have 2646 * finished before the next fifo command. (For example on hardware 2647 * context destructions where the hardware may otherwise leak unfinished 2648 * queries). 2649 * 2650 * This function does not return any failure codes, but make attempts 2651 * to do safe unpinning in case of errors. 2652 * 2653 * The function will synchronize on the previous query barrier, and will 2654 * thus not finish until that barrier has executed. 2655 * 2656 * the @dev_priv->cmdbuf_mutex needs to be held by the current thread 2657 * before calling this function. 2658 */ 2659 void __vmw_execbuf_release_pinned_bo(struct vmw_private *dev_priv, 2660 struct vmw_fence_obj *fence) 2661 { 2662 int ret = 0; 2663 struct list_head validate_list; 2664 struct ttm_validate_buffer pinned_val, query_val; 2665 struct vmw_fence_obj *lfence = NULL; 2666 struct ww_acquire_ctx ticket; 2667 2668 if (dev_priv->pinned_bo == NULL) 2669 goto out_unlock; 2670 2671 INIT_LIST_HEAD(&validate_list); 2672 2673 pinned_val.bo = ttm_bo_reference(dev_priv->pinned_bo); 2674 pinned_val.shared = false; 2675 list_add_tail(&pinned_val.head, &validate_list); 2676 2677 query_val.bo = ttm_bo_reference(dev_priv->dummy_query_bo); 2678 query_val.shared = false; 2679 list_add_tail(&query_val.head, &validate_list); 2680 2681 ret = ttm_eu_reserve_buffers(&ticket, &validate_list, 2682 false, NULL); 2683 if (unlikely(ret != 0)) { 2684 vmw_execbuf_unpin_panic(dev_priv); 2685 goto out_no_reserve; 2686 } 2687 2688 if (dev_priv->query_cid_valid) { 2689 BUG_ON(fence != NULL); 2690 ret = vmw_fifo_emit_dummy_query(dev_priv, dev_priv->query_cid); 2691 if (unlikely(ret != 0)) { 2692 vmw_execbuf_unpin_panic(dev_priv); 2693 goto out_no_emit; 2694 } 2695 dev_priv->query_cid_valid = false; 2696 } 2697 2698 vmw_bo_pin(dev_priv->pinned_bo, false); 2699 vmw_bo_pin(dev_priv->dummy_query_bo, false); 2700 dev_priv->dummy_query_bo_pinned = false; 2701 2702 if (fence == NULL) { 2703 (void) vmw_execbuf_fence_commands(NULL, dev_priv, &lfence, 2704 NULL); 2705 fence = lfence; 2706 } 2707 ttm_eu_fence_buffer_objects(&ticket, &validate_list, (void *) fence); 2708 if (lfence != NULL) 2709 vmw_fence_obj_unreference(&lfence); 2710 2711 ttm_bo_unref(&query_val.bo); 2712 ttm_bo_unref(&pinned_val.bo); 2713 ttm_bo_unref(&dev_priv->pinned_bo); 2714 2715 out_unlock: 2716 return; 2717 2718 out_no_emit: 2719 ttm_eu_backoff_reservation(&ticket, &validate_list); 2720 out_no_reserve: 2721 ttm_bo_unref(&query_val.bo); 2722 ttm_bo_unref(&pinned_val.bo); 2723 ttm_bo_unref(&dev_priv->pinned_bo); 2724 } 2725 2726 /** 2727 * vmw_execbuf_release_pinned_bo - Flush queries and unpin the pinned 2728 * query bo. 2729 * 2730 * @dev_priv: The device private structure. 2731 * 2732 * This function should be used to unpin the pinned query bo, or 2733 * as a query barrier when we need to make sure that all queries have 2734 * finished before the next fifo command. (For example on hardware 2735 * context destructions where the hardware may otherwise leak unfinished 2736 * queries). 2737 * 2738 * This function does not return any failure codes, but make attempts 2739 * to do safe unpinning in case of errors. 2740 * 2741 * The function will synchronize on the previous query barrier, and will 2742 * thus not finish until that barrier has executed. 2743 */ 2744 void vmw_execbuf_release_pinned_bo(struct vmw_private *dev_priv) 2745 { 2746 mutex_lock(&dev_priv->cmdbuf_mutex); 2747 if (dev_priv->query_cid_valid) 2748 __vmw_execbuf_release_pinned_bo(dev_priv, NULL); 2749 mutex_unlock(&dev_priv->cmdbuf_mutex); 2750 } 2751 2752 2753 int vmw_execbuf_ioctl(struct drm_device *dev, void *data, 2754 struct drm_file *file_priv) 2755 { 2756 struct vmw_private *dev_priv = vmw_priv(dev); 2757 struct drm_vmw_execbuf_arg *arg = (struct drm_vmw_execbuf_arg *)data; 2758 int ret; 2759 2760 /* 2761 * This will allow us to extend the ioctl argument while 2762 * maintaining backwards compatibility: 2763 * We take different code paths depending on the value of 2764 * arg->version. 2765 */ 2766 2767 if (unlikely(arg->version != DRM_VMW_EXECBUF_VERSION)) { 2768 DRM_ERROR("Incorrect execbuf version.\n"); 2769 DRM_ERROR("You're running outdated experimental " 2770 "vmwgfx user-space drivers."); 2771 return -EINVAL; 2772 } 2773 2774 ret = ttm_read_lock(&dev_priv->reservation_sem, true); 2775 if (unlikely(ret != 0)) 2776 return ret; 2777 2778 ret = vmw_execbuf_process(file_priv, dev_priv, 2779 (void __user *)(unsigned long)arg->commands, 2780 NULL, arg->command_size, arg->throttle_us, 2781 (void __user *)(unsigned long)arg->fence_rep, 2782 NULL); 2783 2784 if (unlikely(ret != 0)) 2785 goto out_unlock; 2786 2787 vmw_kms_cursor_post_execbuf(dev_priv); 2788 2789 out_unlock: 2790 ttm_read_unlock(&dev_priv->reservation_sem); 2791 return ret; 2792 } 2793