1 /************************************************************************** 2 * 3 * Copyright © 2009 VMware, Inc., Palo Alto, CA., USA 4 * All Rights Reserved. 5 * 6 * Permission is hereby granted, free of charge, to any person obtaining a 7 * copy of this software and associated documentation files (the 8 * "Software"), to deal in the Software without restriction, including 9 * without limitation the rights to use, copy, modify, merge, publish, 10 * distribute, sub license, and/or sell copies of the Software, and to 11 * permit persons to whom the Software is furnished to do so, subject to 12 * the following conditions: 13 * 14 * The above copyright notice and this permission notice (including the 15 * next paragraph) shall be included in all copies or substantial portions 16 * of the Software. 17 * 18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 20 * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL 21 * THE COPYRIGHT HOLDERS, AUTHORS AND/OR ITS SUPPLIERS BE LIABLE FOR ANY CLAIM, 22 * DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR 23 * OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE 24 * USE OR OTHER DEALINGS IN THE SOFTWARE. 25 * 26 **************************************************************************/ 27 28 #include "vmwgfx_drv.h" 29 #include "vmwgfx_drm.h" 30 #include "ttm/ttm_object.h" 31 #include "ttm/ttm_placement.h" 32 #include "drmP.h" 33 34 struct vmw_user_context { 35 struct ttm_base_object base; 36 struct vmw_resource res; 37 }; 38 39 struct vmw_user_surface { 40 struct ttm_base_object base; 41 struct vmw_surface srf; 42 uint32_t size; 43 }; 44 45 struct vmw_user_dma_buffer { 46 struct ttm_base_object base; 47 struct vmw_dma_buffer dma; 48 }; 49 50 struct vmw_bo_user_rep { 51 uint32_t handle; 52 uint64_t map_handle; 53 }; 54 55 struct vmw_stream { 56 struct vmw_resource res; 57 uint32_t stream_id; 58 }; 59 60 struct vmw_user_stream { 61 struct ttm_base_object base; 62 struct vmw_stream stream; 63 }; 64 65 struct vmw_surface_offset { 66 uint32_t face; 67 uint32_t mip; 68 uint32_t bo_offset; 69 }; 70 71 72 static uint64_t vmw_user_context_size; 73 static uint64_t vmw_user_surface_size; 74 static uint64_t vmw_user_stream_size; 75 76 static inline struct vmw_dma_buffer * 77 vmw_dma_buffer(struct ttm_buffer_object *bo) 78 { 79 return container_of(bo, struct vmw_dma_buffer, base); 80 } 81 82 static inline struct vmw_user_dma_buffer * 83 vmw_user_dma_buffer(struct ttm_buffer_object *bo) 84 { 85 struct vmw_dma_buffer *vmw_bo = vmw_dma_buffer(bo); 86 return container_of(vmw_bo, struct vmw_user_dma_buffer, dma); 87 } 88 89 struct vmw_resource *vmw_resource_reference(struct vmw_resource *res) 90 { 91 kref_get(&res->kref); 92 return res; 93 } 94 95 96 /** 97 * vmw_resource_release_id - release a resource id to the id manager. 98 * 99 * @res: Pointer to the resource. 100 * 101 * Release the resource id to the resource id manager and set it to -1 102 */ 103 static void vmw_resource_release_id(struct vmw_resource *res) 104 { 105 struct vmw_private *dev_priv = res->dev_priv; 106 107 write_lock(&dev_priv->resource_lock); 108 if (res->id != -1) 109 idr_remove(res->idr, res->id); 110 res->id = -1; 111 write_unlock(&dev_priv->resource_lock); 112 } 113 114 static void vmw_resource_release(struct kref *kref) 115 { 116 struct vmw_resource *res = 117 container_of(kref, struct vmw_resource, kref); 118 struct vmw_private *dev_priv = res->dev_priv; 119 int id = res->id; 120 struct idr *idr = res->idr; 121 122 res->avail = false; 123 if (res->remove_from_lists != NULL) 124 res->remove_from_lists(res); 125 write_unlock(&dev_priv->resource_lock); 126 127 if (likely(res->hw_destroy != NULL)) 128 res->hw_destroy(res); 129 130 if (res->res_free != NULL) 131 res->res_free(res); 132 else 133 kfree(res); 134 135 write_lock(&dev_priv->resource_lock); 136 137 if (id != -1) 138 idr_remove(idr, id); 139 } 140 141 void vmw_resource_unreference(struct vmw_resource **p_res) 142 { 143 struct vmw_resource *res = *p_res; 144 struct vmw_private *dev_priv = res->dev_priv; 145 146 *p_res = NULL; 147 write_lock(&dev_priv->resource_lock); 148 kref_put(&res->kref, vmw_resource_release); 149 write_unlock(&dev_priv->resource_lock); 150 } 151 152 153 /** 154 * vmw_resource_alloc_id - release a resource id to the id manager. 155 * 156 * @dev_priv: Pointer to the device private structure. 157 * @res: Pointer to the resource. 158 * 159 * Allocate the lowest free resource from the resource manager, and set 160 * @res->id to that id. Returns 0 on success and -ENOMEM on failure. 161 */ 162 static int vmw_resource_alloc_id(struct vmw_private *dev_priv, 163 struct vmw_resource *res) 164 { 165 int ret; 166 167 BUG_ON(res->id != -1); 168 169 do { 170 if (unlikely(idr_pre_get(res->idr, GFP_KERNEL) == 0)) 171 return -ENOMEM; 172 173 write_lock(&dev_priv->resource_lock); 174 ret = idr_get_new_above(res->idr, res, 1, &res->id); 175 write_unlock(&dev_priv->resource_lock); 176 177 } while (ret == -EAGAIN); 178 179 return ret; 180 } 181 182 183 static int vmw_resource_init(struct vmw_private *dev_priv, 184 struct vmw_resource *res, 185 struct idr *idr, 186 enum ttm_object_type obj_type, 187 bool delay_id, 188 void (*res_free) (struct vmw_resource *res), 189 void (*remove_from_lists) 190 (struct vmw_resource *res)) 191 { 192 kref_init(&res->kref); 193 res->hw_destroy = NULL; 194 res->res_free = res_free; 195 res->remove_from_lists = remove_from_lists; 196 res->res_type = obj_type; 197 res->idr = idr; 198 res->avail = false; 199 res->dev_priv = dev_priv; 200 INIT_LIST_HEAD(&res->query_head); 201 INIT_LIST_HEAD(&res->validate_head); 202 res->id = -1; 203 if (delay_id) 204 return 0; 205 else 206 return vmw_resource_alloc_id(dev_priv, res); 207 } 208 209 /** 210 * vmw_resource_activate 211 * 212 * @res: Pointer to the newly created resource 213 * @hw_destroy: Destroy function. NULL if none. 214 * 215 * Activate a resource after the hardware has been made aware of it. 216 * Set tye destroy function to @destroy. Typically this frees the 217 * resource and destroys the hardware resources associated with it. 218 * Activate basically means that the function vmw_resource_lookup will 219 * find it. 220 */ 221 222 static void vmw_resource_activate(struct vmw_resource *res, 223 void (*hw_destroy) (struct vmw_resource *)) 224 { 225 struct vmw_private *dev_priv = res->dev_priv; 226 227 write_lock(&dev_priv->resource_lock); 228 res->avail = true; 229 res->hw_destroy = hw_destroy; 230 write_unlock(&dev_priv->resource_lock); 231 } 232 233 struct vmw_resource *vmw_resource_lookup(struct vmw_private *dev_priv, 234 struct idr *idr, int id) 235 { 236 struct vmw_resource *res; 237 238 read_lock(&dev_priv->resource_lock); 239 res = idr_find(idr, id); 240 if (res && res->avail) 241 kref_get(&res->kref); 242 else 243 res = NULL; 244 read_unlock(&dev_priv->resource_lock); 245 246 if (unlikely(res == NULL)) 247 return NULL; 248 249 return res; 250 } 251 252 /** 253 * Context management: 254 */ 255 256 static void vmw_hw_context_destroy(struct vmw_resource *res) 257 { 258 259 struct vmw_private *dev_priv = res->dev_priv; 260 struct { 261 SVGA3dCmdHeader header; 262 SVGA3dCmdDestroyContext body; 263 } *cmd; 264 265 266 vmw_execbuf_release_pinned_bo(dev_priv, true, res->id); 267 268 cmd = vmw_fifo_reserve(dev_priv, sizeof(*cmd)); 269 if (unlikely(cmd == NULL)) { 270 DRM_ERROR("Failed reserving FIFO space for surface " 271 "destruction.\n"); 272 return; 273 } 274 275 cmd->header.id = cpu_to_le32(SVGA_3D_CMD_CONTEXT_DESTROY); 276 cmd->header.size = cpu_to_le32(sizeof(cmd->body)); 277 cmd->body.cid = cpu_to_le32(res->id); 278 279 vmw_fifo_commit(dev_priv, sizeof(*cmd)); 280 vmw_3d_resource_dec(dev_priv, false); 281 } 282 283 static int vmw_context_init(struct vmw_private *dev_priv, 284 struct vmw_resource *res, 285 void (*res_free) (struct vmw_resource *res)) 286 { 287 int ret; 288 289 struct { 290 SVGA3dCmdHeader header; 291 SVGA3dCmdDefineContext body; 292 } *cmd; 293 294 ret = vmw_resource_init(dev_priv, res, &dev_priv->context_idr, 295 VMW_RES_CONTEXT, false, res_free, NULL); 296 297 if (unlikely(ret != 0)) { 298 DRM_ERROR("Failed to allocate a resource id.\n"); 299 goto out_early; 300 } 301 302 if (unlikely(res->id >= SVGA3D_MAX_CONTEXT_IDS)) { 303 DRM_ERROR("Out of hw context ids.\n"); 304 vmw_resource_unreference(&res); 305 return -ENOMEM; 306 } 307 308 cmd = vmw_fifo_reserve(dev_priv, sizeof(*cmd)); 309 if (unlikely(cmd == NULL)) { 310 DRM_ERROR("Fifo reserve failed.\n"); 311 vmw_resource_unreference(&res); 312 return -ENOMEM; 313 } 314 315 cmd->header.id = cpu_to_le32(SVGA_3D_CMD_CONTEXT_DEFINE); 316 cmd->header.size = cpu_to_le32(sizeof(cmd->body)); 317 cmd->body.cid = cpu_to_le32(res->id); 318 319 vmw_fifo_commit(dev_priv, sizeof(*cmd)); 320 (void) vmw_3d_resource_inc(dev_priv, false); 321 vmw_resource_activate(res, vmw_hw_context_destroy); 322 return 0; 323 324 out_early: 325 if (res_free == NULL) 326 kfree(res); 327 else 328 res_free(res); 329 return ret; 330 } 331 332 struct vmw_resource *vmw_context_alloc(struct vmw_private *dev_priv) 333 { 334 struct vmw_resource *res = kmalloc(sizeof(*res), GFP_KERNEL); 335 int ret; 336 337 if (unlikely(res == NULL)) 338 return NULL; 339 340 ret = vmw_context_init(dev_priv, res, NULL); 341 return (ret == 0) ? res : NULL; 342 } 343 344 /** 345 * User-space context management: 346 */ 347 348 static void vmw_user_context_free(struct vmw_resource *res) 349 { 350 struct vmw_user_context *ctx = 351 container_of(res, struct vmw_user_context, res); 352 struct vmw_private *dev_priv = res->dev_priv; 353 354 kfree(ctx); 355 ttm_mem_global_free(vmw_mem_glob(dev_priv), 356 vmw_user_context_size); 357 } 358 359 /** 360 * This function is called when user space has no more references on the 361 * base object. It releases the base-object's reference on the resource object. 362 */ 363 364 static void vmw_user_context_base_release(struct ttm_base_object **p_base) 365 { 366 struct ttm_base_object *base = *p_base; 367 struct vmw_user_context *ctx = 368 container_of(base, struct vmw_user_context, base); 369 struct vmw_resource *res = &ctx->res; 370 371 *p_base = NULL; 372 vmw_resource_unreference(&res); 373 } 374 375 int vmw_context_destroy_ioctl(struct drm_device *dev, void *data, 376 struct drm_file *file_priv) 377 { 378 struct vmw_private *dev_priv = vmw_priv(dev); 379 struct vmw_resource *res; 380 struct vmw_user_context *ctx; 381 struct drm_vmw_context_arg *arg = (struct drm_vmw_context_arg *)data; 382 struct ttm_object_file *tfile = vmw_fpriv(file_priv)->tfile; 383 int ret = 0; 384 385 res = vmw_resource_lookup(dev_priv, &dev_priv->context_idr, arg->cid); 386 if (unlikely(res == NULL)) 387 return -EINVAL; 388 389 if (res->res_free != &vmw_user_context_free) { 390 ret = -EINVAL; 391 goto out; 392 } 393 394 ctx = container_of(res, struct vmw_user_context, res); 395 if (ctx->base.tfile != tfile && !ctx->base.shareable) { 396 ret = -EPERM; 397 goto out; 398 } 399 400 ttm_ref_object_base_unref(tfile, ctx->base.hash.key, TTM_REF_USAGE); 401 out: 402 vmw_resource_unreference(&res); 403 return ret; 404 } 405 406 int vmw_context_define_ioctl(struct drm_device *dev, void *data, 407 struct drm_file *file_priv) 408 { 409 struct vmw_private *dev_priv = vmw_priv(dev); 410 struct vmw_user_context *ctx; 411 struct vmw_resource *res; 412 struct vmw_resource *tmp; 413 struct drm_vmw_context_arg *arg = (struct drm_vmw_context_arg *)data; 414 struct ttm_object_file *tfile = vmw_fpriv(file_priv)->tfile; 415 struct vmw_master *vmaster = vmw_master(file_priv->master); 416 int ret; 417 418 419 /* 420 * Approximate idr memory usage with 128 bytes. It will be limited 421 * by maximum number_of contexts anyway. 422 */ 423 424 if (unlikely(vmw_user_context_size == 0)) 425 vmw_user_context_size = ttm_round_pot(sizeof(*ctx)) + 128; 426 427 ret = ttm_read_lock(&vmaster->lock, true); 428 if (unlikely(ret != 0)) 429 return ret; 430 431 ret = ttm_mem_global_alloc(vmw_mem_glob(dev_priv), 432 vmw_user_context_size, 433 false, true); 434 if (unlikely(ret != 0)) { 435 if (ret != -ERESTARTSYS) 436 DRM_ERROR("Out of graphics memory for context" 437 " creation.\n"); 438 goto out_unlock; 439 } 440 441 ctx = kmalloc(sizeof(*ctx), GFP_KERNEL); 442 if (unlikely(ctx == NULL)) { 443 ttm_mem_global_free(vmw_mem_glob(dev_priv), 444 vmw_user_context_size); 445 ret = -ENOMEM; 446 goto out_unlock; 447 } 448 449 res = &ctx->res; 450 ctx->base.shareable = false; 451 ctx->base.tfile = NULL; 452 453 /* 454 * From here on, the destructor takes over resource freeing. 455 */ 456 457 ret = vmw_context_init(dev_priv, res, vmw_user_context_free); 458 if (unlikely(ret != 0)) 459 goto out_unlock; 460 461 tmp = vmw_resource_reference(&ctx->res); 462 ret = ttm_base_object_init(tfile, &ctx->base, false, VMW_RES_CONTEXT, 463 &vmw_user_context_base_release, NULL); 464 465 if (unlikely(ret != 0)) { 466 vmw_resource_unreference(&tmp); 467 goto out_err; 468 } 469 470 arg->cid = res->id; 471 out_err: 472 vmw_resource_unreference(&res); 473 out_unlock: 474 ttm_read_unlock(&vmaster->lock); 475 return ret; 476 477 } 478 479 int vmw_context_check(struct vmw_private *dev_priv, 480 struct ttm_object_file *tfile, 481 int id, 482 struct vmw_resource **p_res) 483 { 484 struct vmw_resource *res; 485 int ret = 0; 486 487 read_lock(&dev_priv->resource_lock); 488 res = idr_find(&dev_priv->context_idr, id); 489 if (res && res->avail) { 490 struct vmw_user_context *ctx = 491 container_of(res, struct vmw_user_context, res); 492 if (ctx->base.tfile != tfile && !ctx->base.shareable) 493 ret = -EPERM; 494 if (p_res) 495 *p_res = vmw_resource_reference(res); 496 } else 497 ret = -EINVAL; 498 read_unlock(&dev_priv->resource_lock); 499 500 return ret; 501 } 502 503 struct vmw_bpp { 504 uint8_t bpp; 505 uint8_t s_bpp; 506 }; 507 508 /* 509 * Size table for the supported SVGA3D surface formats. It consists of 510 * two values. The bpp value and the s_bpp value which is short for 511 * "stride bits per pixel" The values are given in such a way that the 512 * minimum stride for the image is calculated using 513 * 514 * min_stride = w*s_bpp 515 * 516 * and the total memory requirement for the image is 517 * 518 * h*min_stride*bpp/s_bpp 519 * 520 */ 521 static const struct vmw_bpp vmw_sf_bpp[] = { 522 [SVGA3D_FORMAT_INVALID] = {0, 0}, 523 [SVGA3D_X8R8G8B8] = {32, 32}, 524 [SVGA3D_A8R8G8B8] = {32, 32}, 525 [SVGA3D_R5G6B5] = {16, 16}, 526 [SVGA3D_X1R5G5B5] = {16, 16}, 527 [SVGA3D_A1R5G5B5] = {16, 16}, 528 [SVGA3D_A4R4G4B4] = {16, 16}, 529 [SVGA3D_Z_D32] = {32, 32}, 530 [SVGA3D_Z_D16] = {16, 16}, 531 [SVGA3D_Z_D24S8] = {32, 32}, 532 [SVGA3D_Z_D15S1] = {16, 16}, 533 [SVGA3D_LUMINANCE8] = {8, 8}, 534 [SVGA3D_LUMINANCE4_ALPHA4] = {8, 8}, 535 [SVGA3D_LUMINANCE16] = {16, 16}, 536 [SVGA3D_LUMINANCE8_ALPHA8] = {16, 16}, 537 [SVGA3D_DXT1] = {4, 16}, 538 [SVGA3D_DXT2] = {8, 32}, 539 [SVGA3D_DXT3] = {8, 32}, 540 [SVGA3D_DXT4] = {8, 32}, 541 [SVGA3D_DXT5] = {8, 32}, 542 [SVGA3D_BUMPU8V8] = {16, 16}, 543 [SVGA3D_BUMPL6V5U5] = {16, 16}, 544 [SVGA3D_BUMPX8L8V8U8] = {32, 32}, 545 [SVGA3D_ARGB_S10E5] = {16, 16}, 546 [SVGA3D_ARGB_S23E8] = {32, 32}, 547 [SVGA3D_A2R10G10B10] = {32, 32}, 548 [SVGA3D_V8U8] = {16, 16}, 549 [SVGA3D_Q8W8V8U8] = {32, 32}, 550 [SVGA3D_CxV8U8] = {16, 16}, 551 [SVGA3D_X8L8V8U8] = {32, 32}, 552 [SVGA3D_A2W10V10U10] = {32, 32}, 553 [SVGA3D_ALPHA8] = {8, 8}, 554 [SVGA3D_R_S10E5] = {16, 16}, 555 [SVGA3D_R_S23E8] = {32, 32}, 556 [SVGA3D_RG_S10E5] = {16, 16}, 557 [SVGA3D_RG_S23E8] = {32, 32}, 558 [SVGA3D_BUFFER] = {8, 8}, 559 [SVGA3D_Z_D24X8] = {32, 32}, 560 [SVGA3D_V16U16] = {32, 32}, 561 [SVGA3D_G16R16] = {32, 32}, 562 [SVGA3D_A16B16G16R16] = {64, 64}, 563 [SVGA3D_UYVY] = {12, 12}, 564 [SVGA3D_YUY2] = {12, 12}, 565 [SVGA3D_NV12] = {12, 8}, 566 [SVGA3D_AYUV] = {32, 32}, 567 [SVGA3D_BC4_UNORM] = {4, 16}, 568 [SVGA3D_BC5_UNORM] = {8, 32}, 569 [SVGA3D_Z_DF16] = {16, 16}, 570 [SVGA3D_Z_DF24] = {24, 24}, 571 [SVGA3D_Z_D24S8_INT] = {32, 32} 572 }; 573 574 575 /** 576 * Surface management. 577 */ 578 579 struct vmw_surface_dma { 580 SVGA3dCmdHeader header; 581 SVGA3dCmdSurfaceDMA body; 582 SVGA3dCopyBox cb; 583 SVGA3dCmdSurfaceDMASuffix suffix; 584 }; 585 586 struct vmw_surface_define { 587 SVGA3dCmdHeader header; 588 SVGA3dCmdDefineSurface body; 589 }; 590 591 struct vmw_surface_destroy { 592 SVGA3dCmdHeader header; 593 SVGA3dCmdDestroySurface body; 594 }; 595 596 597 /** 598 * vmw_surface_dma_size - Compute fifo size for a dma command. 599 * 600 * @srf: Pointer to a struct vmw_surface 601 * 602 * Computes the required size for a surface dma command for backup or 603 * restoration of the surface represented by @srf. 604 */ 605 static inline uint32_t vmw_surface_dma_size(const struct vmw_surface *srf) 606 { 607 return srf->num_sizes * sizeof(struct vmw_surface_dma); 608 } 609 610 611 /** 612 * vmw_surface_define_size - Compute fifo size for a surface define command. 613 * 614 * @srf: Pointer to a struct vmw_surface 615 * 616 * Computes the required size for a surface define command for the definition 617 * of the surface represented by @srf. 618 */ 619 static inline uint32_t vmw_surface_define_size(const struct vmw_surface *srf) 620 { 621 return sizeof(struct vmw_surface_define) + srf->num_sizes * 622 sizeof(SVGA3dSize); 623 } 624 625 626 /** 627 * vmw_surface_destroy_size - Compute fifo size for a surface destroy command. 628 * 629 * Computes the required size for a surface destroy command for the destruction 630 * of a hw surface. 631 */ 632 static inline uint32_t vmw_surface_destroy_size(void) 633 { 634 return sizeof(struct vmw_surface_destroy); 635 } 636 637 /** 638 * vmw_surface_destroy_encode - Encode a surface_destroy command. 639 * 640 * @id: The surface id 641 * @cmd_space: Pointer to memory area in which the commands should be encoded. 642 */ 643 static void vmw_surface_destroy_encode(uint32_t id, 644 void *cmd_space) 645 { 646 struct vmw_surface_destroy *cmd = (struct vmw_surface_destroy *) 647 cmd_space; 648 649 cmd->header.id = SVGA_3D_CMD_SURFACE_DESTROY; 650 cmd->header.size = sizeof(cmd->body); 651 cmd->body.sid = id; 652 } 653 654 /** 655 * vmw_surface_define_encode - Encode a surface_define command. 656 * 657 * @srf: Pointer to a struct vmw_surface object. 658 * @cmd_space: Pointer to memory area in which the commands should be encoded. 659 */ 660 static void vmw_surface_define_encode(const struct vmw_surface *srf, 661 void *cmd_space) 662 { 663 struct vmw_surface_define *cmd = (struct vmw_surface_define *) 664 cmd_space; 665 struct drm_vmw_size *src_size; 666 SVGA3dSize *cmd_size; 667 uint32_t cmd_len; 668 int i; 669 670 cmd_len = sizeof(cmd->body) + srf->num_sizes * sizeof(SVGA3dSize); 671 672 cmd->header.id = SVGA_3D_CMD_SURFACE_DEFINE; 673 cmd->header.size = cmd_len; 674 cmd->body.sid = srf->res.id; 675 cmd->body.surfaceFlags = srf->flags; 676 cmd->body.format = cpu_to_le32(srf->format); 677 for (i = 0; i < DRM_VMW_MAX_SURFACE_FACES; ++i) 678 cmd->body.face[i].numMipLevels = srf->mip_levels[i]; 679 680 cmd += 1; 681 cmd_size = (SVGA3dSize *) cmd; 682 src_size = srf->sizes; 683 684 for (i = 0; i < srf->num_sizes; ++i, cmd_size++, src_size++) { 685 cmd_size->width = src_size->width; 686 cmd_size->height = src_size->height; 687 cmd_size->depth = src_size->depth; 688 } 689 } 690 691 692 /** 693 * vmw_surface_dma_encode - Encode a surface_dma command. 694 * 695 * @srf: Pointer to a struct vmw_surface object. 696 * @cmd_space: Pointer to memory area in which the commands should be encoded. 697 * @ptr: Pointer to an SVGAGuestPtr indicating where the surface contents 698 * should be placed or read from. 699 * @to_surface: Boolean whether to DMA to the surface or from the surface. 700 */ 701 static void vmw_surface_dma_encode(struct vmw_surface *srf, 702 void *cmd_space, 703 const SVGAGuestPtr *ptr, 704 bool to_surface) 705 { 706 uint32_t i; 707 uint32_t bpp = vmw_sf_bpp[srf->format].bpp; 708 uint32_t stride_bpp = vmw_sf_bpp[srf->format].s_bpp; 709 struct vmw_surface_dma *cmd = (struct vmw_surface_dma *)cmd_space; 710 711 for (i = 0; i < srf->num_sizes; ++i) { 712 SVGA3dCmdHeader *header = &cmd->header; 713 SVGA3dCmdSurfaceDMA *body = &cmd->body; 714 SVGA3dCopyBox *cb = &cmd->cb; 715 SVGA3dCmdSurfaceDMASuffix *suffix = &cmd->suffix; 716 const struct vmw_surface_offset *cur_offset = &srf->offsets[i]; 717 const struct drm_vmw_size *cur_size = &srf->sizes[i]; 718 719 header->id = SVGA_3D_CMD_SURFACE_DMA; 720 header->size = sizeof(*body) + sizeof(*cb) + sizeof(*suffix); 721 722 body->guest.ptr = *ptr; 723 body->guest.ptr.offset += cur_offset->bo_offset; 724 body->guest.pitch = (cur_size->width * stride_bpp + 7) >> 3; 725 body->host.sid = srf->res.id; 726 body->host.face = cur_offset->face; 727 body->host.mipmap = cur_offset->mip; 728 body->transfer = ((to_surface) ? SVGA3D_WRITE_HOST_VRAM : 729 SVGA3D_READ_HOST_VRAM); 730 cb->x = 0; 731 cb->y = 0; 732 cb->z = 0; 733 cb->srcx = 0; 734 cb->srcy = 0; 735 cb->srcz = 0; 736 cb->w = cur_size->width; 737 cb->h = cur_size->height; 738 cb->d = cur_size->depth; 739 740 suffix->suffixSize = sizeof(*suffix); 741 suffix->maximumOffset = body->guest.pitch*cur_size->height* 742 cur_size->depth*bpp / stride_bpp; 743 suffix->flags.discard = 0; 744 suffix->flags.unsynchronized = 0; 745 suffix->flags.reserved = 0; 746 ++cmd; 747 } 748 }; 749 750 751 static void vmw_hw_surface_destroy(struct vmw_resource *res) 752 { 753 754 struct vmw_private *dev_priv = res->dev_priv; 755 struct vmw_surface *srf; 756 void *cmd; 757 758 if (res->id != -1) { 759 760 cmd = vmw_fifo_reserve(dev_priv, vmw_surface_destroy_size()); 761 if (unlikely(cmd == NULL)) { 762 DRM_ERROR("Failed reserving FIFO space for surface " 763 "destruction.\n"); 764 return; 765 } 766 767 vmw_surface_destroy_encode(res->id, cmd); 768 vmw_fifo_commit(dev_priv, vmw_surface_destroy_size()); 769 770 /* 771 * used_memory_size_atomic, or separate lock 772 * to avoid taking dev_priv::cmdbuf_mutex in 773 * the destroy path. 774 */ 775 776 mutex_lock(&dev_priv->cmdbuf_mutex); 777 srf = container_of(res, struct vmw_surface, res); 778 dev_priv->used_memory_size -= srf->backup_size; 779 mutex_unlock(&dev_priv->cmdbuf_mutex); 780 781 } 782 vmw_3d_resource_dec(dev_priv, false); 783 } 784 785 void vmw_surface_res_free(struct vmw_resource *res) 786 { 787 struct vmw_surface *srf = container_of(res, struct vmw_surface, res); 788 789 if (srf->backup) 790 ttm_bo_unref(&srf->backup); 791 kfree(srf->offsets); 792 kfree(srf->sizes); 793 kfree(srf->snooper.image); 794 kfree(srf); 795 } 796 797 798 /** 799 * vmw_surface_do_validate - make a surface available to the device. 800 * 801 * @dev_priv: Pointer to a device private struct. 802 * @srf: Pointer to a struct vmw_surface. 803 * 804 * If the surface doesn't have a hw id, allocate one, and optionally 805 * DMA the backed up surface contents to the device. 806 * 807 * Returns -EBUSY if there wasn't sufficient device resources to 808 * complete the validation. Retry after freeing up resources. 809 * 810 * May return other errors if the kernel is out of guest resources. 811 */ 812 int vmw_surface_do_validate(struct vmw_private *dev_priv, 813 struct vmw_surface *srf) 814 { 815 struct vmw_resource *res = &srf->res; 816 struct list_head val_list; 817 struct ttm_validate_buffer val_buf; 818 uint32_t submit_size; 819 uint8_t *cmd; 820 int ret; 821 822 if (likely(res->id != -1)) 823 return 0; 824 825 if (unlikely(dev_priv->used_memory_size + srf->backup_size >= 826 dev_priv->memory_size)) 827 return -EBUSY; 828 829 /* 830 * Reserve- and validate the backup DMA bo. 831 */ 832 833 if (srf->backup) { 834 INIT_LIST_HEAD(&val_list); 835 val_buf.bo = ttm_bo_reference(srf->backup); 836 val_buf.new_sync_obj_arg = (void *)((unsigned long) 837 DRM_VMW_FENCE_FLAG_EXEC); 838 list_add_tail(&val_buf.head, &val_list); 839 ret = ttm_eu_reserve_buffers(&val_list); 840 if (unlikely(ret != 0)) 841 goto out_no_reserve; 842 843 ret = ttm_bo_validate(srf->backup, &vmw_srf_placement, 844 true, false, false); 845 if (unlikely(ret != 0)) 846 goto out_no_validate; 847 } 848 849 /* 850 * Alloc id for the resource. 851 */ 852 853 ret = vmw_resource_alloc_id(dev_priv, res); 854 if (unlikely(ret != 0)) { 855 DRM_ERROR("Failed to allocate a surface id.\n"); 856 goto out_no_id; 857 } 858 if (unlikely(res->id >= SVGA3D_MAX_SURFACE_IDS)) { 859 ret = -EBUSY; 860 goto out_no_fifo; 861 } 862 863 864 /* 865 * Encode surface define- and dma commands. 866 */ 867 868 submit_size = vmw_surface_define_size(srf); 869 if (srf->backup) 870 submit_size += vmw_surface_dma_size(srf); 871 872 cmd = vmw_fifo_reserve(dev_priv, submit_size); 873 if (unlikely(cmd == NULL)) { 874 DRM_ERROR("Failed reserving FIFO space for surface " 875 "validation.\n"); 876 ret = -ENOMEM; 877 goto out_no_fifo; 878 } 879 880 vmw_surface_define_encode(srf, cmd); 881 if (srf->backup) { 882 SVGAGuestPtr ptr; 883 884 cmd += vmw_surface_define_size(srf); 885 vmw_bo_get_guest_ptr(srf->backup, &ptr); 886 vmw_surface_dma_encode(srf, cmd, &ptr, true); 887 } 888 889 vmw_fifo_commit(dev_priv, submit_size); 890 891 /* 892 * Create a fence object and fence the backup buffer. 893 */ 894 895 if (srf->backup) { 896 struct vmw_fence_obj *fence; 897 898 (void) vmw_execbuf_fence_commands(NULL, dev_priv, 899 &fence, NULL); 900 ttm_eu_fence_buffer_objects(&val_list, fence); 901 if (likely(fence != NULL)) 902 vmw_fence_obj_unreference(&fence); 903 ttm_bo_unref(&val_buf.bo); 904 ttm_bo_unref(&srf->backup); 905 } 906 907 /* 908 * Surface memory usage accounting. 909 */ 910 911 dev_priv->used_memory_size += srf->backup_size; 912 913 return 0; 914 915 out_no_fifo: 916 vmw_resource_release_id(res); 917 out_no_id: 918 out_no_validate: 919 if (srf->backup) 920 ttm_eu_backoff_reservation(&val_list); 921 out_no_reserve: 922 if (srf->backup) 923 ttm_bo_unref(&val_buf.bo); 924 return ret; 925 } 926 927 /** 928 * vmw_surface_evict - Evict a hw surface. 929 * 930 * @dev_priv: Pointer to a device private struct. 931 * @srf: Pointer to a struct vmw_surface 932 * 933 * DMA the contents of a hw surface to a backup guest buffer object, 934 * and destroy the hw surface, releasing its id. 935 */ 936 int vmw_surface_evict(struct vmw_private *dev_priv, 937 struct vmw_surface *srf) 938 { 939 struct vmw_resource *res = &srf->res; 940 struct list_head val_list; 941 struct ttm_validate_buffer val_buf; 942 uint32_t submit_size; 943 uint8_t *cmd; 944 int ret; 945 struct vmw_fence_obj *fence; 946 SVGAGuestPtr ptr; 947 948 BUG_ON(res->id == -1); 949 950 /* 951 * Create a surface backup buffer object. 952 */ 953 954 if (!srf->backup) { 955 ret = ttm_bo_create(&dev_priv->bdev, srf->backup_size, 956 ttm_bo_type_device, 957 &vmw_srf_placement, 0, 0, true, 958 NULL, &srf->backup); 959 if (unlikely(ret != 0)) 960 return ret; 961 } 962 963 /* 964 * Reserve- and validate the backup DMA bo. 965 */ 966 967 INIT_LIST_HEAD(&val_list); 968 val_buf.bo = ttm_bo_reference(srf->backup); 969 val_buf.new_sync_obj_arg = (void *)(unsigned long) 970 DRM_VMW_FENCE_FLAG_EXEC; 971 list_add_tail(&val_buf.head, &val_list); 972 ret = ttm_eu_reserve_buffers(&val_list); 973 if (unlikely(ret != 0)) 974 goto out_no_reserve; 975 976 ret = ttm_bo_validate(srf->backup, &vmw_srf_placement, 977 true, false, false); 978 if (unlikely(ret != 0)) 979 goto out_no_validate; 980 981 982 /* 983 * Encode the dma- and surface destroy commands. 984 */ 985 986 submit_size = vmw_surface_dma_size(srf) + vmw_surface_destroy_size(); 987 cmd = vmw_fifo_reserve(dev_priv, submit_size); 988 if (unlikely(cmd == NULL)) { 989 DRM_ERROR("Failed reserving FIFO space for surface " 990 "eviction.\n"); 991 ret = -ENOMEM; 992 goto out_no_fifo; 993 } 994 995 vmw_bo_get_guest_ptr(srf->backup, &ptr); 996 vmw_surface_dma_encode(srf, cmd, &ptr, false); 997 cmd += vmw_surface_dma_size(srf); 998 vmw_surface_destroy_encode(res->id, cmd); 999 vmw_fifo_commit(dev_priv, submit_size); 1000 1001 /* 1002 * Surface memory usage accounting. 1003 */ 1004 1005 dev_priv->used_memory_size -= srf->backup_size; 1006 1007 /* 1008 * Create a fence object and fence the DMA buffer. 1009 */ 1010 1011 (void) vmw_execbuf_fence_commands(NULL, dev_priv, 1012 &fence, NULL); 1013 ttm_eu_fence_buffer_objects(&val_list, fence); 1014 if (likely(fence != NULL)) 1015 vmw_fence_obj_unreference(&fence); 1016 ttm_bo_unref(&val_buf.bo); 1017 1018 /* 1019 * Release the surface ID. 1020 */ 1021 1022 vmw_resource_release_id(res); 1023 1024 return 0; 1025 1026 out_no_fifo: 1027 out_no_validate: 1028 if (srf->backup) 1029 ttm_eu_backoff_reservation(&val_list); 1030 out_no_reserve: 1031 ttm_bo_unref(&val_buf.bo); 1032 ttm_bo_unref(&srf->backup); 1033 return ret; 1034 } 1035 1036 1037 /** 1038 * vmw_surface_validate - make a surface available to the device, evicting 1039 * other surfaces if needed. 1040 * 1041 * @dev_priv: Pointer to a device private struct. 1042 * @srf: Pointer to a struct vmw_surface. 1043 * 1044 * Try to validate a surface and if it fails due to limited device resources, 1045 * repeatedly try to evict other surfaces until the request can be 1046 * acommodated. 1047 * 1048 * May return errors if out of resources. 1049 */ 1050 int vmw_surface_validate(struct vmw_private *dev_priv, 1051 struct vmw_surface *srf) 1052 { 1053 int ret; 1054 struct vmw_surface *evict_srf; 1055 1056 do { 1057 write_lock(&dev_priv->resource_lock); 1058 list_del_init(&srf->lru_head); 1059 write_unlock(&dev_priv->resource_lock); 1060 1061 ret = vmw_surface_do_validate(dev_priv, srf); 1062 if (likely(ret != -EBUSY)) 1063 break; 1064 1065 write_lock(&dev_priv->resource_lock); 1066 if (list_empty(&dev_priv->surface_lru)) { 1067 DRM_ERROR("Out of device memory for surfaces.\n"); 1068 ret = -EBUSY; 1069 write_unlock(&dev_priv->resource_lock); 1070 break; 1071 } 1072 1073 evict_srf = vmw_surface_reference 1074 (list_first_entry(&dev_priv->surface_lru, 1075 struct vmw_surface, 1076 lru_head)); 1077 list_del_init(&evict_srf->lru_head); 1078 1079 write_unlock(&dev_priv->resource_lock); 1080 (void) vmw_surface_evict(dev_priv, evict_srf); 1081 1082 vmw_surface_unreference(&evict_srf); 1083 1084 } while (1); 1085 1086 if (unlikely(ret != 0 && srf->res.id != -1)) { 1087 write_lock(&dev_priv->resource_lock); 1088 list_add_tail(&srf->lru_head, &dev_priv->surface_lru); 1089 write_unlock(&dev_priv->resource_lock); 1090 } 1091 1092 return ret; 1093 } 1094 1095 1096 /** 1097 * vmw_surface_remove_from_lists - Remove surface resources from lookup lists 1098 * 1099 * @res: Pointer to a struct vmw_resource embedded in a struct vmw_surface 1100 * 1101 * As part of the resource destruction, remove the surface from any 1102 * lookup lists. 1103 */ 1104 static void vmw_surface_remove_from_lists(struct vmw_resource *res) 1105 { 1106 struct vmw_surface *srf = container_of(res, struct vmw_surface, res); 1107 1108 list_del_init(&srf->lru_head); 1109 } 1110 1111 int vmw_surface_init(struct vmw_private *dev_priv, 1112 struct vmw_surface *srf, 1113 void (*res_free) (struct vmw_resource *res)) 1114 { 1115 int ret; 1116 struct vmw_resource *res = &srf->res; 1117 1118 BUG_ON(res_free == NULL); 1119 INIT_LIST_HEAD(&srf->lru_head); 1120 ret = vmw_resource_init(dev_priv, res, &dev_priv->surface_idr, 1121 VMW_RES_SURFACE, true, res_free, 1122 vmw_surface_remove_from_lists); 1123 1124 if (unlikely(ret != 0)) 1125 res_free(res); 1126 1127 /* 1128 * The surface won't be visible to hardware until a 1129 * surface validate. 1130 */ 1131 1132 (void) vmw_3d_resource_inc(dev_priv, false); 1133 vmw_resource_activate(res, vmw_hw_surface_destroy); 1134 return ret; 1135 } 1136 1137 static void vmw_user_surface_free(struct vmw_resource *res) 1138 { 1139 struct vmw_surface *srf = container_of(res, struct vmw_surface, res); 1140 struct vmw_user_surface *user_srf = 1141 container_of(srf, struct vmw_user_surface, srf); 1142 struct vmw_private *dev_priv = srf->res.dev_priv; 1143 uint32_t size = user_srf->size; 1144 1145 if (srf->backup) 1146 ttm_bo_unref(&srf->backup); 1147 kfree(srf->offsets); 1148 kfree(srf->sizes); 1149 kfree(srf->snooper.image); 1150 kfree(user_srf); 1151 ttm_mem_global_free(vmw_mem_glob(dev_priv), size); 1152 } 1153 1154 /** 1155 * vmw_resource_unreserve - unreserve resources previously reserved for 1156 * command submission. 1157 * 1158 * @list_head: list of resources to unreserve. 1159 * 1160 * Currently only surfaces are considered, and unreserving a surface 1161 * means putting it back on the device's surface lru list, 1162 * so that it can be evicted if necessary. 1163 * This function traverses the resource list and 1164 * checks whether resources are surfaces, and in that case puts them back 1165 * on the device's surface LRU list. 1166 */ 1167 void vmw_resource_unreserve(struct list_head *list) 1168 { 1169 struct vmw_resource *res; 1170 struct vmw_surface *srf; 1171 rwlock_t *lock = NULL; 1172 1173 list_for_each_entry(res, list, validate_head) { 1174 1175 if (res->res_free != &vmw_surface_res_free && 1176 res->res_free != &vmw_user_surface_free) 1177 continue; 1178 1179 if (unlikely(lock == NULL)) { 1180 lock = &res->dev_priv->resource_lock; 1181 write_lock(lock); 1182 } 1183 1184 srf = container_of(res, struct vmw_surface, res); 1185 list_del_init(&srf->lru_head); 1186 list_add_tail(&srf->lru_head, &res->dev_priv->surface_lru); 1187 } 1188 1189 if (lock != NULL) 1190 write_unlock(lock); 1191 } 1192 1193 /** 1194 * Helper function that looks either a surface or dmabuf. 1195 * 1196 * The pointer this pointed at by out_surf and out_buf needs to be null. 1197 */ 1198 int vmw_user_lookup_handle(struct vmw_private *dev_priv, 1199 struct ttm_object_file *tfile, 1200 uint32_t handle, 1201 struct vmw_surface **out_surf, 1202 struct vmw_dma_buffer **out_buf) 1203 { 1204 int ret; 1205 1206 BUG_ON(*out_surf || *out_buf); 1207 1208 ret = vmw_user_surface_lookup_handle(dev_priv, tfile, handle, out_surf); 1209 if (!ret) 1210 return 0; 1211 1212 ret = vmw_user_dmabuf_lookup(tfile, handle, out_buf); 1213 return ret; 1214 } 1215 1216 1217 int vmw_user_surface_lookup_handle(struct vmw_private *dev_priv, 1218 struct ttm_object_file *tfile, 1219 uint32_t handle, struct vmw_surface **out) 1220 { 1221 struct vmw_resource *res; 1222 struct vmw_surface *srf; 1223 struct vmw_user_surface *user_srf; 1224 struct ttm_base_object *base; 1225 int ret = -EINVAL; 1226 1227 base = ttm_base_object_lookup(tfile, handle); 1228 if (unlikely(base == NULL)) 1229 return -EINVAL; 1230 1231 if (unlikely(base->object_type != VMW_RES_SURFACE)) 1232 goto out_bad_resource; 1233 1234 user_srf = container_of(base, struct vmw_user_surface, base); 1235 srf = &user_srf->srf; 1236 res = &srf->res; 1237 1238 read_lock(&dev_priv->resource_lock); 1239 1240 if (!res->avail || res->res_free != &vmw_user_surface_free) { 1241 read_unlock(&dev_priv->resource_lock); 1242 goto out_bad_resource; 1243 } 1244 1245 kref_get(&res->kref); 1246 read_unlock(&dev_priv->resource_lock); 1247 1248 *out = srf; 1249 ret = 0; 1250 1251 out_bad_resource: 1252 ttm_base_object_unref(&base); 1253 1254 return ret; 1255 } 1256 1257 static void vmw_user_surface_base_release(struct ttm_base_object **p_base) 1258 { 1259 struct ttm_base_object *base = *p_base; 1260 struct vmw_user_surface *user_srf = 1261 container_of(base, struct vmw_user_surface, base); 1262 struct vmw_resource *res = &user_srf->srf.res; 1263 1264 *p_base = NULL; 1265 vmw_resource_unreference(&res); 1266 } 1267 1268 int vmw_surface_destroy_ioctl(struct drm_device *dev, void *data, 1269 struct drm_file *file_priv) 1270 { 1271 struct drm_vmw_surface_arg *arg = (struct drm_vmw_surface_arg *)data; 1272 struct ttm_object_file *tfile = vmw_fpriv(file_priv)->tfile; 1273 1274 return ttm_ref_object_base_unref(tfile, arg->sid, TTM_REF_USAGE); 1275 } 1276 1277 int vmw_surface_define_ioctl(struct drm_device *dev, void *data, 1278 struct drm_file *file_priv) 1279 { 1280 struct vmw_private *dev_priv = vmw_priv(dev); 1281 struct vmw_user_surface *user_srf; 1282 struct vmw_surface *srf; 1283 struct vmw_resource *res; 1284 struct vmw_resource *tmp; 1285 union drm_vmw_surface_create_arg *arg = 1286 (union drm_vmw_surface_create_arg *)data; 1287 struct drm_vmw_surface_create_req *req = &arg->req; 1288 struct drm_vmw_surface_arg *rep = &arg->rep; 1289 struct ttm_object_file *tfile = vmw_fpriv(file_priv)->tfile; 1290 struct drm_vmw_size __user *user_sizes; 1291 int ret; 1292 int i, j; 1293 uint32_t cur_bo_offset; 1294 struct drm_vmw_size *cur_size; 1295 struct vmw_surface_offset *cur_offset; 1296 uint32_t stride_bpp; 1297 uint32_t bpp; 1298 uint32_t num_sizes; 1299 uint32_t size; 1300 struct vmw_master *vmaster = vmw_master(file_priv->master); 1301 1302 if (unlikely(vmw_user_surface_size == 0)) 1303 vmw_user_surface_size = ttm_round_pot(sizeof(*user_srf)) + 1304 128; 1305 1306 num_sizes = 0; 1307 for (i = 0; i < DRM_VMW_MAX_SURFACE_FACES; ++i) 1308 num_sizes += req->mip_levels[i]; 1309 1310 if (num_sizes > DRM_VMW_MAX_SURFACE_FACES * 1311 DRM_VMW_MAX_MIP_LEVELS) 1312 return -EINVAL; 1313 1314 size = vmw_user_surface_size + 128 + 1315 ttm_round_pot(num_sizes * sizeof(struct drm_vmw_size)) + 1316 ttm_round_pot(num_sizes * sizeof(struct vmw_surface_offset)); 1317 1318 1319 ret = ttm_read_lock(&vmaster->lock, true); 1320 if (unlikely(ret != 0)) 1321 return ret; 1322 1323 ret = ttm_mem_global_alloc(vmw_mem_glob(dev_priv), 1324 size, false, true); 1325 if (unlikely(ret != 0)) { 1326 if (ret != -ERESTARTSYS) 1327 DRM_ERROR("Out of graphics memory for surface" 1328 " creation.\n"); 1329 goto out_unlock; 1330 } 1331 1332 user_srf = kmalloc(sizeof(*user_srf), GFP_KERNEL); 1333 if (unlikely(user_srf == NULL)) { 1334 ret = -ENOMEM; 1335 goto out_no_user_srf; 1336 } 1337 1338 srf = &user_srf->srf; 1339 res = &srf->res; 1340 1341 srf->flags = req->flags; 1342 srf->format = req->format; 1343 srf->scanout = req->scanout; 1344 srf->backup = NULL; 1345 1346 memcpy(srf->mip_levels, req->mip_levels, sizeof(srf->mip_levels)); 1347 srf->num_sizes = num_sizes; 1348 user_srf->size = size; 1349 1350 srf->sizes = kmalloc(srf->num_sizes * sizeof(*srf->sizes), GFP_KERNEL); 1351 if (unlikely(srf->sizes == NULL)) { 1352 ret = -ENOMEM; 1353 goto out_no_sizes; 1354 } 1355 srf->offsets = kmalloc(srf->num_sizes * sizeof(*srf->offsets), 1356 GFP_KERNEL); 1357 if (unlikely(srf->sizes == NULL)) { 1358 ret = -ENOMEM; 1359 goto out_no_offsets; 1360 } 1361 1362 user_sizes = (struct drm_vmw_size __user *)(unsigned long) 1363 req->size_addr; 1364 1365 ret = copy_from_user(srf->sizes, user_sizes, 1366 srf->num_sizes * sizeof(*srf->sizes)); 1367 if (unlikely(ret != 0)) { 1368 ret = -EFAULT; 1369 goto out_no_copy; 1370 } 1371 1372 cur_bo_offset = 0; 1373 cur_offset = srf->offsets; 1374 cur_size = srf->sizes; 1375 1376 bpp = vmw_sf_bpp[srf->format].bpp; 1377 stride_bpp = vmw_sf_bpp[srf->format].s_bpp; 1378 1379 for (i = 0; i < DRM_VMW_MAX_SURFACE_FACES; ++i) { 1380 for (j = 0; j < srf->mip_levels[i]; ++j) { 1381 uint32_t stride = 1382 (cur_size->width * stride_bpp + 7) >> 3; 1383 1384 cur_offset->face = i; 1385 cur_offset->mip = j; 1386 cur_offset->bo_offset = cur_bo_offset; 1387 cur_bo_offset += stride * cur_size->height * 1388 cur_size->depth * bpp / stride_bpp; 1389 ++cur_offset; 1390 ++cur_size; 1391 } 1392 } 1393 srf->backup_size = cur_bo_offset; 1394 1395 if (srf->scanout && 1396 srf->num_sizes == 1 && 1397 srf->sizes[0].width == 64 && 1398 srf->sizes[0].height == 64 && 1399 srf->format == SVGA3D_A8R8G8B8) { 1400 1401 /* allocate image area and clear it */ 1402 srf->snooper.image = kzalloc(64 * 64 * 4, GFP_KERNEL); 1403 if (!srf->snooper.image) { 1404 DRM_ERROR("Failed to allocate cursor_image\n"); 1405 ret = -ENOMEM; 1406 goto out_no_copy; 1407 } 1408 } else { 1409 srf->snooper.image = NULL; 1410 } 1411 srf->snooper.crtc = NULL; 1412 1413 user_srf->base.shareable = false; 1414 user_srf->base.tfile = NULL; 1415 1416 /** 1417 * From this point, the generic resource management functions 1418 * destroy the object on failure. 1419 */ 1420 1421 ret = vmw_surface_init(dev_priv, srf, vmw_user_surface_free); 1422 if (unlikely(ret != 0)) 1423 goto out_unlock; 1424 1425 tmp = vmw_resource_reference(&srf->res); 1426 ret = ttm_base_object_init(tfile, &user_srf->base, 1427 req->shareable, VMW_RES_SURFACE, 1428 &vmw_user_surface_base_release, NULL); 1429 1430 if (unlikely(ret != 0)) { 1431 vmw_resource_unreference(&tmp); 1432 vmw_resource_unreference(&res); 1433 goto out_unlock; 1434 } 1435 1436 rep->sid = user_srf->base.hash.key; 1437 if (rep->sid == SVGA3D_INVALID_ID) 1438 DRM_ERROR("Created bad Surface ID.\n"); 1439 1440 vmw_resource_unreference(&res); 1441 1442 ttm_read_unlock(&vmaster->lock); 1443 return 0; 1444 out_no_copy: 1445 kfree(srf->offsets); 1446 out_no_offsets: 1447 kfree(srf->sizes); 1448 out_no_sizes: 1449 kfree(user_srf); 1450 out_no_user_srf: 1451 ttm_mem_global_free(vmw_mem_glob(dev_priv), size); 1452 out_unlock: 1453 ttm_read_unlock(&vmaster->lock); 1454 return ret; 1455 } 1456 1457 int vmw_surface_reference_ioctl(struct drm_device *dev, void *data, 1458 struct drm_file *file_priv) 1459 { 1460 union drm_vmw_surface_reference_arg *arg = 1461 (union drm_vmw_surface_reference_arg *)data; 1462 struct drm_vmw_surface_arg *req = &arg->req; 1463 struct drm_vmw_surface_create_req *rep = &arg->rep; 1464 struct ttm_object_file *tfile = vmw_fpriv(file_priv)->tfile; 1465 struct vmw_surface *srf; 1466 struct vmw_user_surface *user_srf; 1467 struct drm_vmw_size __user *user_sizes; 1468 struct ttm_base_object *base; 1469 int ret = -EINVAL; 1470 1471 base = ttm_base_object_lookup(tfile, req->sid); 1472 if (unlikely(base == NULL)) { 1473 DRM_ERROR("Could not find surface to reference.\n"); 1474 return -EINVAL; 1475 } 1476 1477 if (unlikely(base->object_type != VMW_RES_SURFACE)) 1478 goto out_bad_resource; 1479 1480 user_srf = container_of(base, struct vmw_user_surface, base); 1481 srf = &user_srf->srf; 1482 1483 ret = ttm_ref_object_add(tfile, &user_srf->base, TTM_REF_USAGE, NULL); 1484 if (unlikely(ret != 0)) { 1485 DRM_ERROR("Could not add a reference to a surface.\n"); 1486 goto out_no_reference; 1487 } 1488 1489 rep->flags = srf->flags; 1490 rep->format = srf->format; 1491 memcpy(rep->mip_levels, srf->mip_levels, sizeof(srf->mip_levels)); 1492 user_sizes = (struct drm_vmw_size __user *)(unsigned long) 1493 rep->size_addr; 1494 1495 if (user_sizes) 1496 ret = copy_to_user(user_sizes, srf->sizes, 1497 srf->num_sizes * sizeof(*srf->sizes)); 1498 if (unlikely(ret != 0)) { 1499 DRM_ERROR("copy_to_user failed %p %u\n", 1500 user_sizes, srf->num_sizes); 1501 ret = -EFAULT; 1502 } 1503 out_bad_resource: 1504 out_no_reference: 1505 ttm_base_object_unref(&base); 1506 1507 return ret; 1508 } 1509 1510 int vmw_surface_check(struct vmw_private *dev_priv, 1511 struct ttm_object_file *tfile, 1512 uint32_t handle, int *id) 1513 { 1514 struct ttm_base_object *base; 1515 struct vmw_user_surface *user_srf; 1516 1517 int ret = -EPERM; 1518 1519 base = ttm_base_object_lookup(tfile, handle); 1520 if (unlikely(base == NULL)) 1521 return -EINVAL; 1522 1523 if (unlikely(base->object_type != VMW_RES_SURFACE)) 1524 goto out_bad_surface; 1525 1526 user_srf = container_of(base, struct vmw_user_surface, base); 1527 *id = user_srf->srf.res.id; 1528 ret = 0; 1529 1530 out_bad_surface: 1531 /** 1532 * FIXME: May deadlock here when called from the 1533 * command parsing code. 1534 */ 1535 1536 ttm_base_object_unref(&base); 1537 return ret; 1538 } 1539 1540 /** 1541 * Buffer management. 1542 */ 1543 void vmw_dmabuf_bo_free(struct ttm_buffer_object *bo) 1544 { 1545 struct vmw_dma_buffer *vmw_bo = vmw_dma_buffer(bo); 1546 1547 kfree(vmw_bo); 1548 } 1549 1550 int vmw_dmabuf_init(struct vmw_private *dev_priv, 1551 struct vmw_dma_buffer *vmw_bo, 1552 size_t size, struct ttm_placement *placement, 1553 bool interruptible, 1554 void (*bo_free) (struct ttm_buffer_object *bo)) 1555 { 1556 struct ttm_bo_device *bdev = &dev_priv->bdev; 1557 size_t acc_size; 1558 int ret; 1559 1560 BUG_ON(!bo_free); 1561 1562 acc_size = ttm_bo_acc_size(bdev, size, sizeof(struct vmw_dma_buffer)); 1563 memset(vmw_bo, 0, sizeof(*vmw_bo)); 1564 1565 INIT_LIST_HEAD(&vmw_bo->validate_list); 1566 1567 ret = ttm_bo_init(bdev, &vmw_bo->base, size, 1568 ttm_bo_type_device, placement, 1569 0, 0, interruptible, 1570 NULL, acc_size, NULL, bo_free); 1571 return ret; 1572 } 1573 1574 static void vmw_user_dmabuf_destroy(struct ttm_buffer_object *bo) 1575 { 1576 struct vmw_user_dma_buffer *vmw_user_bo = vmw_user_dma_buffer(bo); 1577 1578 kfree(vmw_user_bo); 1579 } 1580 1581 static void vmw_user_dmabuf_release(struct ttm_base_object **p_base) 1582 { 1583 struct vmw_user_dma_buffer *vmw_user_bo; 1584 struct ttm_base_object *base = *p_base; 1585 struct ttm_buffer_object *bo; 1586 1587 *p_base = NULL; 1588 1589 if (unlikely(base == NULL)) 1590 return; 1591 1592 vmw_user_bo = container_of(base, struct vmw_user_dma_buffer, base); 1593 bo = &vmw_user_bo->dma.base; 1594 ttm_bo_unref(&bo); 1595 } 1596 1597 int vmw_dmabuf_alloc_ioctl(struct drm_device *dev, void *data, 1598 struct drm_file *file_priv) 1599 { 1600 struct vmw_private *dev_priv = vmw_priv(dev); 1601 union drm_vmw_alloc_dmabuf_arg *arg = 1602 (union drm_vmw_alloc_dmabuf_arg *)data; 1603 struct drm_vmw_alloc_dmabuf_req *req = &arg->req; 1604 struct drm_vmw_dmabuf_rep *rep = &arg->rep; 1605 struct vmw_user_dma_buffer *vmw_user_bo; 1606 struct ttm_buffer_object *tmp; 1607 struct vmw_master *vmaster = vmw_master(file_priv->master); 1608 int ret; 1609 1610 vmw_user_bo = kzalloc(sizeof(*vmw_user_bo), GFP_KERNEL); 1611 if (unlikely(vmw_user_bo == NULL)) 1612 return -ENOMEM; 1613 1614 ret = ttm_read_lock(&vmaster->lock, true); 1615 if (unlikely(ret != 0)) { 1616 kfree(vmw_user_bo); 1617 return ret; 1618 } 1619 1620 ret = vmw_dmabuf_init(dev_priv, &vmw_user_bo->dma, req->size, 1621 &vmw_vram_sys_placement, true, 1622 &vmw_user_dmabuf_destroy); 1623 if (unlikely(ret != 0)) 1624 goto out_no_dmabuf; 1625 1626 tmp = ttm_bo_reference(&vmw_user_bo->dma.base); 1627 ret = ttm_base_object_init(vmw_fpriv(file_priv)->tfile, 1628 &vmw_user_bo->base, 1629 false, 1630 ttm_buffer_type, 1631 &vmw_user_dmabuf_release, NULL); 1632 if (unlikely(ret != 0)) 1633 goto out_no_base_object; 1634 else { 1635 rep->handle = vmw_user_bo->base.hash.key; 1636 rep->map_handle = vmw_user_bo->dma.base.addr_space_offset; 1637 rep->cur_gmr_id = vmw_user_bo->base.hash.key; 1638 rep->cur_gmr_offset = 0; 1639 } 1640 1641 out_no_base_object: 1642 ttm_bo_unref(&tmp); 1643 out_no_dmabuf: 1644 ttm_read_unlock(&vmaster->lock); 1645 1646 return ret; 1647 } 1648 1649 int vmw_dmabuf_unref_ioctl(struct drm_device *dev, void *data, 1650 struct drm_file *file_priv) 1651 { 1652 struct drm_vmw_unref_dmabuf_arg *arg = 1653 (struct drm_vmw_unref_dmabuf_arg *)data; 1654 1655 return ttm_ref_object_base_unref(vmw_fpriv(file_priv)->tfile, 1656 arg->handle, 1657 TTM_REF_USAGE); 1658 } 1659 1660 uint32_t vmw_dmabuf_validate_node(struct ttm_buffer_object *bo, 1661 uint32_t cur_validate_node) 1662 { 1663 struct vmw_dma_buffer *vmw_bo = vmw_dma_buffer(bo); 1664 1665 if (likely(vmw_bo->on_validate_list)) 1666 return vmw_bo->cur_validate_node; 1667 1668 vmw_bo->cur_validate_node = cur_validate_node; 1669 vmw_bo->on_validate_list = true; 1670 1671 return cur_validate_node; 1672 } 1673 1674 void vmw_dmabuf_validate_clear(struct ttm_buffer_object *bo) 1675 { 1676 struct vmw_dma_buffer *vmw_bo = vmw_dma_buffer(bo); 1677 1678 vmw_bo->on_validate_list = false; 1679 } 1680 1681 int vmw_user_dmabuf_lookup(struct ttm_object_file *tfile, 1682 uint32_t handle, struct vmw_dma_buffer **out) 1683 { 1684 struct vmw_user_dma_buffer *vmw_user_bo; 1685 struct ttm_base_object *base; 1686 1687 base = ttm_base_object_lookup(tfile, handle); 1688 if (unlikely(base == NULL)) { 1689 printk(KERN_ERR "Invalid buffer object handle 0x%08lx.\n", 1690 (unsigned long)handle); 1691 return -ESRCH; 1692 } 1693 1694 if (unlikely(base->object_type != ttm_buffer_type)) { 1695 ttm_base_object_unref(&base); 1696 printk(KERN_ERR "Invalid buffer object handle 0x%08lx.\n", 1697 (unsigned long)handle); 1698 return -EINVAL; 1699 } 1700 1701 vmw_user_bo = container_of(base, struct vmw_user_dma_buffer, base); 1702 (void)ttm_bo_reference(&vmw_user_bo->dma.base); 1703 ttm_base_object_unref(&base); 1704 *out = &vmw_user_bo->dma; 1705 1706 return 0; 1707 } 1708 1709 /* 1710 * Stream management 1711 */ 1712 1713 static void vmw_stream_destroy(struct vmw_resource *res) 1714 { 1715 struct vmw_private *dev_priv = res->dev_priv; 1716 struct vmw_stream *stream; 1717 int ret; 1718 1719 DRM_INFO("%s: unref\n", __func__); 1720 stream = container_of(res, struct vmw_stream, res); 1721 1722 ret = vmw_overlay_unref(dev_priv, stream->stream_id); 1723 WARN_ON(ret != 0); 1724 } 1725 1726 static int vmw_stream_init(struct vmw_private *dev_priv, 1727 struct vmw_stream *stream, 1728 void (*res_free) (struct vmw_resource *res)) 1729 { 1730 struct vmw_resource *res = &stream->res; 1731 int ret; 1732 1733 ret = vmw_resource_init(dev_priv, res, &dev_priv->stream_idr, 1734 VMW_RES_STREAM, false, res_free, NULL); 1735 1736 if (unlikely(ret != 0)) { 1737 if (res_free == NULL) 1738 kfree(stream); 1739 else 1740 res_free(&stream->res); 1741 return ret; 1742 } 1743 1744 ret = vmw_overlay_claim(dev_priv, &stream->stream_id); 1745 if (ret) { 1746 vmw_resource_unreference(&res); 1747 return ret; 1748 } 1749 1750 DRM_INFO("%s: claimed\n", __func__); 1751 1752 vmw_resource_activate(&stream->res, vmw_stream_destroy); 1753 return 0; 1754 } 1755 1756 /** 1757 * User-space context management: 1758 */ 1759 1760 static void vmw_user_stream_free(struct vmw_resource *res) 1761 { 1762 struct vmw_user_stream *stream = 1763 container_of(res, struct vmw_user_stream, stream.res); 1764 struct vmw_private *dev_priv = res->dev_priv; 1765 1766 kfree(stream); 1767 ttm_mem_global_free(vmw_mem_glob(dev_priv), 1768 vmw_user_stream_size); 1769 } 1770 1771 /** 1772 * This function is called when user space has no more references on the 1773 * base object. It releases the base-object's reference on the resource object. 1774 */ 1775 1776 static void vmw_user_stream_base_release(struct ttm_base_object **p_base) 1777 { 1778 struct ttm_base_object *base = *p_base; 1779 struct vmw_user_stream *stream = 1780 container_of(base, struct vmw_user_stream, base); 1781 struct vmw_resource *res = &stream->stream.res; 1782 1783 *p_base = NULL; 1784 vmw_resource_unreference(&res); 1785 } 1786 1787 int vmw_stream_unref_ioctl(struct drm_device *dev, void *data, 1788 struct drm_file *file_priv) 1789 { 1790 struct vmw_private *dev_priv = vmw_priv(dev); 1791 struct vmw_resource *res; 1792 struct vmw_user_stream *stream; 1793 struct drm_vmw_stream_arg *arg = (struct drm_vmw_stream_arg *)data; 1794 struct ttm_object_file *tfile = vmw_fpriv(file_priv)->tfile; 1795 int ret = 0; 1796 1797 res = vmw_resource_lookup(dev_priv, &dev_priv->stream_idr, arg->stream_id); 1798 if (unlikely(res == NULL)) 1799 return -EINVAL; 1800 1801 if (res->res_free != &vmw_user_stream_free) { 1802 ret = -EINVAL; 1803 goto out; 1804 } 1805 1806 stream = container_of(res, struct vmw_user_stream, stream.res); 1807 if (stream->base.tfile != tfile) { 1808 ret = -EINVAL; 1809 goto out; 1810 } 1811 1812 ttm_ref_object_base_unref(tfile, stream->base.hash.key, TTM_REF_USAGE); 1813 out: 1814 vmw_resource_unreference(&res); 1815 return ret; 1816 } 1817 1818 int vmw_stream_claim_ioctl(struct drm_device *dev, void *data, 1819 struct drm_file *file_priv) 1820 { 1821 struct vmw_private *dev_priv = vmw_priv(dev); 1822 struct vmw_user_stream *stream; 1823 struct vmw_resource *res; 1824 struct vmw_resource *tmp; 1825 struct drm_vmw_stream_arg *arg = (struct drm_vmw_stream_arg *)data; 1826 struct ttm_object_file *tfile = vmw_fpriv(file_priv)->tfile; 1827 struct vmw_master *vmaster = vmw_master(file_priv->master); 1828 int ret; 1829 1830 /* 1831 * Approximate idr memory usage with 128 bytes. It will be limited 1832 * by maximum number_of streams anyway? 1833 */ 1834 1835 if (unlikely(vmw_user_stream_size == 0)) 1836 vmw_user_stream_size = ttm_round_pot(sizeof(*stream)) + 128; 1837 1838 ret = ttm_read_lock(&vmaster->lock, true); 1839 if (unlikely(ret != 0)) 1840 return ret; 1841 1842 ret = ttm_mem_global_alloc(vmw_mem_glob(dev_priv), 1843 vmw_user_stream_size, 1844 false, true); 1845 if (unlikely(ret != 0)) { 1846 if (ret != -ERESTARTSYS) 1847 DRM_ERROR("Out of graphics memory for stream" 1848 " creation.\n"); 1849 goto out_unlock; 1850 } 1851 1852 1853 stream = kmalloc(sizeof(*stream), GFP_KERNEL); 1854 if (unlikely(stream == NULL)) { 1855 ttm_mem_global_free(vmw_mem_glob(dev_priv), 1856 vmw_user_stream_size); 1857 ret = -ENOMEM; 1858 goto out_unlock; 1859 } 1860 1861 res = &stream->stream.res; 1862 stream->base.shareable = false; 1863 stream->base.tfile = NULL; 1864 1865 /* 1866 * From here on, the destructor takes over resource freeing. 1867 */ 1868 1869 ret = vmw_stream_init(dev_priv, &stream->stream, vmw_user_stream_free); 1870 if (unlikely(ret != 0)) 1871 goto out_unlock; 1872 1873 tmp = vmw_resource_reference(res); 1874 ret = ttm_base_object_init(tfile, &stream->base, false, VMW_RES_STREAM, 1875 &vmw_user_stream_base_release, NULL); 1876 1877 if (unlikely(ret != 0)) { 1878 vmw_resource_unreference(&tmp); 1879 goto out_err; 1880 } 1881 1882 arg->stream_id = res->id; 1883 out_err: 1884 vmw_resource_unreference(&res); 1885 out_unlock: 1886 ttm_read_unlock(&vmaster->lock); 1887 return ret; 1888 } 1889 1890 int vmw_user_stream_lookup(struct vmw_private *dev_priv, 1891 struct ttm_object_file *tfile, 1892 uint32_t *inout_id, struct vmw_resource **out) 1893 { 1894 struct vmw_user_stream *stream; 1895 struct vmw_resource *res; 1896 int ret; 1897 1898 res = vmw_resource_lookup(dev_priv, &dev_priv->stream_idr, *inout_id); 1899 if (unlikely(res == NULL)) 1900 return -EINVAL; 1901 1902 if (res->res_free != &vmw_user_stream_free) { 1903 ret = -EINVAL; 1904 goto err_ref; 1905 } 1906 1907 stream = container_of(res, struct vmw_user_stream, stream.res); 1908 if (stream->base.tfile != tfile) { 1909 ret = -EPERM; 1910 goto err_ref; 1911 } 1912 1913 *inout_id = stream->stream.stream_id; 1914 *out = res; 1915 return 0; 1916 err_ref: 1917 vmw_resource_unreference(&res); 1918 return ret; 1919 } 1920