2 * SPDX-License-Identifier: MIT
4 * Copyright © 2014-2016 Intel Corporation
7 #include <linux/mman.h>
8 #include <linux/sizes.h>
10 #include "gt/intel_gt.h"
13 #include "i915_gem_gtt.h"
14 #include "i915_gem_ioctls.h"
15 #include "i915_gem_object.h"
16 #include "i915_trace.h"
20 __vma_matches(struct vm_area_struct *vma, struct file *filp,
21 unsigned long addr, unsigned long size)
23 if (vma->vm_file != filp)
26 return vma->vm_start == addr &&
27 (vma->vm_end - vma->vm_start) == PAGE_ALIGN(size);
31 * i915_gem_mmap_ioctl - Maps the contents of an object, returning the address
34 * @data: ioctl data blob
37 * While the mapping holds a reference on the contents of the object, it doesn't
38 * imply a ref on the object itself.
42 * DRM driver writers who look a this function as an example for how to do GEM
43 * mmap support, please don't implement mmap support like here. The modern way
44 * to implement DRM mmap support is with an mmap offset ioctl (like
45 * i915_gem_mmap_gtt) and then using the mmap syscall on the DRM fd directly.
46 * That way debug tooling like valgrind will understand what's going on, hiding
47 * the mmap call in a driver private ioctl will break that. The i915 driver only
48 * does cpu mmaps this way because we didn't know better.
51 i915_gem_mmap_ioctl(struct drm_device *dev, void *data,
52 struct drm_file *file)
54 struct drm_i915_gem_mmap *args = data;
55 struct drm_i915_gem_object *obj;
58 if (args->flags & ~(I915_MMAP_WC))
61 if (args->flags & I915_MMAP_WC && !boot_cpu_has(X86_FEATURE_PAT))
64 obj = i915_gem_object_lookup(file, args->handle);
68 /* prime objects have no backing filp to GEM mmap
71 if (!obj->base.filp) {
76 if (range_overflows(args->offset, args->size, (u64)obj->base.size)) {
81 addr = vm_mmap(obj->base.filp, 0, args->size,
82 PROT_READ | PROT_WRITE, MAP_SHARED,
84 if (IS_ERR_VALUE(addr))
87 if (args->flags & I915_MMAP_WC) {
88 struct mm_struct *mm = current->mm;
89 struct vm_area_struct *vma;
91 if (down_write_killable(&mm->mmap_sem)) {
95 vma = find_vma(mm, addr);
96 if (vma && __vma_matches(vma, obj->base.filp, addr, args->size))
98 pgprot_writecombine(vm_get_page_prot(vma->vm_flags));
101 up_write(&mm->mmap_sem);
102 if (IS_ERR_VALUE(addr))
105 i915_gem_object_put(obj);
107 args->addr_ptr = (u64)addr;
111 i915_gem_object_put(obj);
115 static unsigned int tile_row_pages(const struct drm_i915_gem_object *obj)
117 return i915_gem_object_get_tile_row_size(obj) >> PAGE_SHIFT;
121 * i915_gem_mmap_gtt_version - report the current feature set for GTT mmaps
123 * A history of the GTT mmap interface:
125 * 0 - Everything had to fit into the GTT. Both parties of a memcpy had to
126 * aligned and suitable for fencing, and still fit into the available
127 * mappable space left by the pinned display objects. A classic problem
128 * we called the page-fault-of-doom where we would ping-pong between
129 * two objects that could not fit inside the GTT and so the memcpy
130 * would page one object in at the expense of the other between every
133 * 1 - Objects can be any size, and have any compatible fencing (X Y, or none
134 * as set via i915_gem_set_tiling() [DRM_I915_GEM_SET_TILING]). If the
135 * object is too large for the available space (or simply too large
136 * for the mappable aperture!), a view is created instead and faulted
137 * into userspace. (This view is aligned and sized appropriately for
140 * 2 - Recognise WC as a separate cache domain so that we can flush the
141 * delayed writes via GTT before performing direct access via WC.
143 * 3 - Remove implicit set-domain(GTT) and synchronisation on initial
144 * pagefault; swapin remains transparent.
148 * * snoopable objects cannot be accessed via the GTT. It can cause machine
149 * hangs on some architectures, corruption on others. An attempt to service
150 * a GTT page fault from a snoopable object will generate a SIGBUS.
152 * * the object must be able to fit into RAM (physical memory, though no
153 * limited to the mappable aperture).
158 * * a new GTT page fault will synchronize rendering from the GPU and flush
159 * all data to system memory. Subsequent access will not be synchronized.
161 * * all mappings are revoked on runtime device suspend.
163 * * there are only 8, 16 or 32 fence registers to share between all users
164 * (older machines require fence register for display and blitter access
165 * as well). Contention of the fence registers will cause the previous users
166 * to be unmapped and any new access will generate new page faults.
168 * * running out of memory while servicing a fault may generate a SIGBUS,
169 * rather than the expected SIGSEGV.
171 int i915_gem_mmap_gtt_version(void)
176 static inline struct i915_ggtt_view
177 compute_partial_view(const struct drm_i915_gem_object *obj,
181 struct i915_ggtt_view view;
183 if (i915_gem_object_is_tiled(obj))
184 chunk = roundup(chunk, tile_row_pages(obj));
186 view.type = I915_GGTT_VIEW_PARTIAL;
187 view.partial.offset = rounddown(page_offset, chunk);
189 min_t(unsigned int, chunk,
190 (obj->base.size >> PAGE_SHIFT) - view.partial.offset);
192 /* If the partial covers the entire object, just create a normal VMA. */
193 if (chunk >= obj->base.size >> PAGE_SHIFT)
194 view.type = I915_GGTT_VIEW_NORMAL;
200 * i915_gem_fault - fault a page into the GTT
203 * The fault handler is set up by drm_gem_mmap() when a object is GTT mapped
204 * from userspace. The fault handler takes care of binding the object to
205 * the GTT (if needed), allocating and programming a fence register (again,
206 * only if needed based on whether the old reg is still valid or the object
207 * is tiled) and inserting a new PTE into the faulting process.
209 * Note that the faulting process may involve evicting existing objects
210 * from the GTT and/or fence registers to make room. So performance may
211 * suffer if the GTT working set is large or there are few fence registers
214 * The current feature set supported by i915_gem_fault() and thus GTT mmaps
215 * is exposed via I915_PARAM_MMAP_GTT_VERSION (see i915_gem_mmap_gtt_version).
217 vm_fault_t i915_gem_fault(struct vm_fault *vmf)
219 #define MIN_CHUNK_PAGES (SZ_1M >> PAGE_SHIFT)
220 struct vm_area_struct *area = vmf->vma;
221 struct drm_i915_gem_object *obj = to_intel_bo(area->vm_private_data);
222 struct drm_device *dev = obj->base.dev;
223 struct drm_i915_private *i915 = to_i915(dev);
224 struct intel_runtime_pm *rpm = &i915->runtime_pm;
225 struct i915_ggtt *ggtt = &i915->ggtt;
226 bool write = area->vm_flags & VM_WRITE;
227 intel_wakeref_t wakeref;
228 struct i915_vma *vma;
233 /* Sanity check that we allow writing into this object */
234 if (i915_gem_object_is_readonly(obj) && write)
235 return VM_FAULT_SIGBUS;
237 /* We don't use vmf->pgoff since that has the fake offset */
238 page_offset = (vmf->address - area->vm_start) >> PAGE_SHIFT;
240 trace_i915_gem_object_fault(obj, page_offset, true, write);
242 ret = i915_gem_object_pin_pages(obj);
246 wakeref = intel_runtime_pm_get(rpm);
248 ret = intel_gt_reset_trylock(ggtt->vm.gt, &srcu);
252 ret = i915_mutex_lock_interruptible(dev);
256 /* Access to snoopable pages through the GTT is incoherent. */
257 if (obj->cache_level != I915_CACHE_NONE && !HAS_LLC(i915)) {
262 /* Now pin it into the GTT as needed */
263 vma = i915_gem_object_ggtt_pin(obj, NULL, 0, 0,
265 PIN_NONBLOCK /* NOWARN */ |
268 /* Use a partial view if it is bigger than available space */
269 struct i915_ggtt_view view =
270 compute_partial_view(obj, page_offset, MIN_CHUNK_PAGES);
273 flags = PIN_MAPPABLE | PIN_NOSEARCH;
274 if (view.type == I915_GGTT_VIEW_NORMAL)
275 flags |= PIN_NONBLOCK; /* avoid warnings for pinned */
278 * Userspace is now writing through an untracked VMA, abandon
279 * all hope that the hardware is able to track future writes.
282 vma = i915_gem_object_ggtt_pin(obj, &view, 0, 0, flags);
284 flags = PIN_MAPPABLE;
285 view.type = I915_GGTT_VIEW_PARTIAL;
286 vma = i915_gem_object_ggtt_pin(obj, &view, 0, 0, flags);
294 ret = i915_vma_pin_fence(vma);
298 /* Finally, remap it using the new GTT offset */
299 ret = remap_io_mapping(area,
300 area->vm_start + (vma->ggtt_view.partial.offset << PAGE_SHIFT),
301 (ggtt->gmadr.start + vma->node.start) >> PAGE_SHIFT,
302 min_t(u64, vma->size, area->vm_end - area->vm_start),
307 assert_rpm_wakelock_held(rpm);
309 /* Mark as being mmapped into userspace for later revocation */
310 mutex_lock(&i915->ggtt.vm.mutex);
311 if (!i915_vma_set_userfault(vma) && !obj->userfault_count++)
312 list_add(&obj->userfault_link, &i915->ggtt.userfault_list);
313 mutex_unlock(&i915->ggtt.vm.mutex);
315 if (CONFIG_DRM_I915_USERFAULT_AUTOSUSPEND)
316 intel_wakeref_auto(&i915->ggtt.userfault_wakeref,
317 msecs_to_jiffies_timeout(CONFIG_DRM_I915_USERFAULT_AUTOSUSPEND));
320 GEM_BUG_ON(!i915_gem_object_has_pinned_pages(obj));
321 i915_vma_set_ggtt_write(vma);
322 obj->mm.dirty = true;
326 i915_vma_unpin_fence(vma);
328 __i915_vma_unpin(vma);
330 mutex_unlock(&dev->struct_mutex);
332 intel_gt_reset_unlock(ggtt->vm.gt, srcu);
334 intel_runtime_pm_put(rpm, wakeref);
335 i915_gem_object_unpin_pages(obj);
340 * We eat errors when the gpu is terminally wedged to avoid
341 * userspace unduly crashing (gl has no provisions for mmaps to
342 * fail). But any other -EIO isn't ours (e.g. swap in failure)
343 * and so needs to be reported.
345 if (!intel_gt_is_wedged(ggtt->vm.gt))
346 return VM_FAULT_SIGBUS;
347 /* else, fall through */
350 * EAGAIN means the gpu is hung and we'll wait for the error
351 * handler to reset everything when re-faulting in
352 * i915_mutex_lock_interruptible.
359 * EBUSY is ok: this just means that another thread
360 * already did the job.
362 return VM_FAULT_NOPAGE;
367 return VM_FAULT_SIGBUS;
369 WARN_ONCE(ret, "unhandled error in %s: %i\n", __func__, ret);
370 return VM_FAULT_SIGBUS;
374 void __i915_gem_object_release_mmap(struct drm_i915_gem_object *obj)
376 struct i915_vma *vma;
378 GEM_BUG_ON(!obj->userfault_count);
380 obj->userfault_count = 0;
381 list_del(&obj->userfault_link);
382 drm_vma_node_unmap(&obj->base.vma_node,
383 obj->base.dev->anon_inode->i_mapping);
385 for_each_ggtt_vma(vma, obj)
386 i915_vma_unset_userfault(vma);
390 * i915_gem_object_release_mmap - remove physical page mappings
391 * @obj: obj in question
393 * Preserve the reservation of the mmapping with the DRM core code, but
394 * relinquish ownership of the pages back to the system.
396 * It is vital that we remove the page mapping if we have mapped a tiled
397 * object through the GTT and then lose the fence register due to
398 * resource pressure. Similarly if the object has been moved out of the
399 * aperture, than pages mapped into userspace must be revoked. Removing the
400 * mapping will then trigger a page fault on the next user access, allowing
401 * fixup by i915_gem_fault().
403 void i915_gem_object_release_mmap(struct drm_i915_gem_object *obj)
405 struct drm_i915_private *i915 = to_i915(obj->base.dev);
406 intel_wakeref_t wakeref;
408 /* Serialisation between user GTT access and our code depends upon
409 * revoking the CPU's PTE whilst the mutex is held. The next user
410 * pagefault then has to wait until we release the mutex.
412 * Note that RPM complicates somewhat by adding an additional
413 * requirement that operations to the GGTT be made holding the RPM
416 wakeref = intel_runtime_pm_get(&i915->runtime_pm);
417 mutex_lock(&i915->ggtt.vm.mutex);
419 if (!obj->userfault_count)
422 __i915_gem_object_release_mmap(obj);
424 /* Ensure that the CPU's PTE are revoked and there are not outstanding
425 * memory transactions from userspace before we return. The TLB
426 * flushing implied above by changing the PTE above *should* be
427 * sufficient, an extra barrier here just provides us with a bit
428 * of paranoid documentation about our requirement to serialise
429 * memory writes before touching registers / GSM.
434 mutex_unlock(&i915->ggtt.vm.mutex);
435 intel_runtime_pm_put(&i915->runtime_pm, wakeref);
438 static int create_mmap_offset(struct drm_i915_gem_object *obj)
440 struct drm_i915_private *i915 = to_i915(obj->base.dev);
443 err = drm_gem_create_mmap_offset(&obj->base);
447 /* Attempt to reap some mmap space from dead objects */
449 err = i915_gem_wait_for_idle(i915,
450 I915_WAIT_INTERRUPTIBLE,
451 MAX_SCHEDULE_TIMEOUT);
455 i915_gem_drain_freed_objects(i915);
456 err = drm_gem_create_mmap_offset(&obj->base);
460 } while (flush_delayed_work(&i915->gem.retire_work));
466 i915_gem_mmap_gtt(struct drm_file *file,
467 struct drm_device *dev,
471 struct drm_i915_gem_object *obj;
474 obj = i915_gem_object_lookup(file, handle);
478 ret = create_mmap_offset(obj);
480 *offset = drm_vma_node_offset_addr(&obj->base.vma_node);
482 i915_gem_object_put(obj);
487 * i915_gem_mmap_gtt_ioctl - prepare an object for GTT mmap'ing
489 * @data: GTT mapping ioctl data
490 * @file: GEM object info
492 * Simply returns the fake offset to userspace so it can mmap it.
493 * The mmap call will end up in drm_gem_mmap(), which will set things
494 * up so we can get faults in the handler above.
496 * The fault handler will take care of binding the object into the GTT
497 * (since it may have been evicted to make room for something), allocating
498 * a fence register, and mapping the appropriate aperture address into
502 i915_gem_mmap_gtt_ioctl(struct drm_device *dev, void *data,
503 struct drm_file *file)
505 struct drm_i915_gem_mmap_gtt *args = data;
507 return i915_gem_mmap_gtt(file, dev, args->handle, &args->offset);
510 #if IS_ENABLED(CONFIG_DRM_I915_SELFTEST)
511 #include "selftests/i915_gem_mman.c"
git.samba.org / sfrench / cifs-2.6.git / blob