c73da4049c818e7c113a1f9e8132c92a568f3996
[linux-2.6.git] / drivers / gpu / drm / i915 / i915_gem.c
1 /*
2  * Copyright © 2008 Intel Corporation
3  *
4  * Permission is hereby granted, free of charge, to any person obtaining a
5  * copy of this software and associated documentation files (the "Software"),
6  * to deal in the Software without restriction, including without limitation
7  * the rights to use, copy, modify, merge, publish, distribute, sublicense,
8  * and/or sell copies of the Software, and to permit persons to whom the
9  * Software is furnished to do so, subject to the following conditions:
10  *
11  * The above copyright notice and this permission notice (including the next
12  * paragraph) shall be included in all copies or substantial portions of the
13  * Software.
14  *
15  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL
18  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
20  * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
21  * IN THE SOFTWARE.
22  *
23  * Authors:
24  *    Eric Anholt <eric@anholt.net>
25  *
26  */
27
28 #include "drmP.h"
29 #include "drm.h"
30 #include "i915_drm.h"
31 #include "i915_drv.h"
32 #include "i915_trace.h"
33 #include "intel_drv.h"
34 #include <linux/swap.h>
35 #include <linux/pci.h>
36
37 #define I915_GEM_GPU_DOMAINS    (~(I915_GEM_DOMAIN_CPU | I915_GEM_DOMAIN_GTT))
38
39 static void i915_gem_object_flush_gpu_write_domain(struct drm_gem_object *obj);
40 static void i915_gem_object_flush_gtt_write_domain(struct drm_gem_object *obj);
41 static void i915_gem_object_flush_cpu_write_domain(struct drm_gem_object *obj);
42 static int i915_gem_object_set_to_cpu_domain(struct drm_gem_object *obj,
43                                              int write);
44 static int i915_gem_object_set_cpu_read_domain_range(struct drm_gem_object *obj,
45                                                      uint64_t offset,
46                                                      uint64_t size);
47 static void i915_gem_object_set_to_full_cpu_read_domain(struct drm_gem_object *obj);
48 static int i915_gem_object_wait_rendering(struct drm_gem_object *obj);
49 static int i915_gem_object_bind_to_gtt(struct drm_gem_object *obj,
50                                            unsigned alignment);
51 static void i915_gem_clear_fence_reg(struct drm_gem_object *obj);
52 static int i915_gem_evict_something(struct drm_device *dev, int min_size);
53 static int i915_gem_evict_from_inactive_list(struct drm_device *dev);
54 static int i915_gem_phys_pwrite(struct drm_device *dev, struct drm_gem_object *obj,
55                                 struct drm_i915_gem_pwrite *args,
56                                 struct drm_file *file_priv);
57
58 static LIST_HEAD(shrink_list);
59 static DEFINE_SPINLOCK(shrink_list_lock);
60
61 int i915_gem_do_init(struct drm_device *dev, unsigned long start,
62                      unsigned long end)
63 {
64         drm_i915_private_t *dev_priv = dev->dev_private;
65
66         if (start >= end ||
67             (start & (PAGE_SIZE - 1)) != 0 ||
68             (end & (PAGE_SIZE - 1)) != 0) {
69                 return -EINVAL;
70         }
71
72         drm_mm_init(&dev_priv->mm.gtt_space, start,
73                     end - start);
74
75         dev->gtt_total = (uint32_t) (end - start);
76
77         return 0;
78 }
79
80 int
81 i915_gem_init_ioctl(struct drm_device *dev, void *data,
82                     struct drm_file *file_priv)
83 {
84         struct drm_i915_gem_init *args = data;
85         int ret;
86
87         mutex_lock(&dev->struct_mutex);
88         ret = i915_gem_do_init(dev, args->gtt_start, args->gtt_end);
89         mutex_unlock(&dev->struct_mutex);
90
91         return ret;
92 }
93
94 int
95 i915_gem_get_aperture_ioctl(struct drm_device *dev, void *data,
96                             struct drm_file *file_priv)
97 {
98         struct drm_i915_gem_get_aperture *args = data;
99
100         if (!(dev->driver->driver_features & DRIVER_GEM))
101                 return -ENODEV;
102
103         args->aper_size = dev->gtt_total;
104         args->aper_available_size = (args->aper_size -
105                                      atomic_read(&dev->pin_memory));
106
107         return 0;
108 }
109
110
111 /**
112  * Creates a new mm object and returns a handle to it.
113  */
114 int
115 i915_gem_create_ioctl(struct drm_device *dev, void *data,
116                       struct drm_file *file_priv)
117 {
118         struct drm_i915_gem_create *args = data;
119         struct drm_gem_object *obj;
120         int ret;
121         u32 handle;
122
123         args->size = roundup(args->size, PAGE_SIZE);
124
125         /* Allocate the new object */
126         obj = drm_gem_object_alloc(dev, args->size);
127         if (obj == NULL)
128                 return -ENOMEM;
129
130         ret = drm_gem_handle_create(file_priv, obj, &handle);
131         drm_gem_object_handle_unreference_unlocked(obj);
132
133         if (ret)
134                 return ret;
135
136         args->handle = handle;
137
138         return 0;
139 }
140
141 static inline int
142 fast_shmem_read(struct page **pages,
143                 loff_t page_base, int page_offset,
144                 char __user *data,
145                 int length)
146 {
147         char __iomem *vaddr;
148         int unwritten;
149
150         vaddr = kmap_atomic(pages[page_base >> PAGE_SHIFT], KM_USER0);
151         if (vaddr == NULL)
152                 return -ENOMEM;
153         unwritten = __copy_to_user_inatomic(data, vaddr + page_offset, length);
154         kunmap_atomic(vaddr, KM_USER0);
155
156         if (unwritten)
157                 return -EFAULT;
158
159         return 0;
160 }
161
162 static int i915_gem_object_needs_bit17_swizzle(struct drm_gem_object *obj)
163 {
164         drm_i915_private_t *dev_priv = obj->dev->dev_private;
165         struct drm_i915_gem_object *obj_priv = obj->driver_private;
166
167         return dev_priv->mm.bit_6_swizzle_x == I915_BIT_6_SWIZZLE_9_10_17 &&
168                 obj_priv->tiling_mode != I915_TILING_NONE;
169 }
170
171 static inline int
172 slow_shmem_copy(struct page *dst_page,
173                 int dst_offset,
174                 struct page *src_page,
175                 int src_offset,
176                 int length)
177 {
178         char *dst_vaddr, *src_vaddr;
179
180         dst_vaddr = kmap_atomic(dst_page, KM_USER0);
181         if (dst_vaddr == NULL)
182                 return -ENOMEM;
183
184         src_vaddr = kmap_atomic(src_page, KM_USER1);
185         if (src_vaddr == NULL) {
186                 kunmap_atomic(dst_vaddr, KM_USER0);
187                 return -ENOMEM;
188         }
189
190         memcpy(dst_vaddr + dst_offset, src_vaddr + src_offset, length);
191
192         kunmap_atomic(src_vaddr, KM_USER1);
193         kunmap_atomic(dst_vaddr, KM_USER0);
194
195         return 0;
196 }
197
198 static inline int
199 slow_shmem_bit17_copy(struct page *gpu_page,
200                       int gpu_offset,
201                       struct page *cpu_page,
202                       int cpu_offset,
203                       int length,
204                       int is_read)
205 {
206         char *gpu_vaddr, *cpu_vaddr;
207
208         /* Use the unswizzled path if this page isn't affected. */
209         if ((page_to_phys(gpu_page) & (1 << 17)) == 0) {
210                 if (is_read)
211                         return slow_shmem_copy(cpu_page, cpu_offset,
212                                                gpu_page, gpu_offset, length);
213                 else
214                         return slow_shmem_copy(gpu_page, gpu_offset,
215                                                cpu_page, cpu_offset, length);
216         }
217
218         gpu_vaddr = kmap_atomic(gpu_page, KM_USER0);
219         if (gpu_vaddr == NULL)
220                 return -ENOMEM;
221
222         cpu_vaddr = kmap_atomic(cpu_page, KM_USER1);
223         if (cpu_vaddr == NULL) {
224                 kunmap_atomic(gpu_vaddr, KM_USER0);
225                 return -ENOMEM;
226         }
227
228         /* Copy the data, XORing A6 with A17 (1). The user already knows he's
229          * XORing with the other bits (A9 for Y, A9 and A10 for X)
230          */
231         while (length > 0) {
232                 int cacheline_end = ALIGN(gpu_offset + 1, 64);
233                 int this_length = min(cacheline_end - gpu_offset, length);
234                 int swizzled_gpu_offset = gpu_offset ^ 64;
235
236                 if (is_read) {
237                         memcpy(cpu_vaddr + cpu_offset,
238                                gpu_vaddr + swizzled_gpu_offset,
239                                this_length);
240                 } else {
241                         memcpy(gpu_vaddr + swizzled_gpu_offset,
242                                cpu_vaddr + cpu_offset,
243                                this_length);
244                 }
245                 cpu_offset += this_length;
246                 gpu_offset += this_length;
247                 length -= this_length;
248         }
249
250         kunmap_atomic(cpu_vaddr, KM_USER1);
251         kunmap_atomic(gpu_vaddr, KM_USER0);
252
253         return 0;
254 }
255
256 /**
257  * This is the fast shmem pread path, which attempts to copy_from_user directly
258  * from the backing pages of the object to the user's address space.  On a
259  * fault, it fails so we can fall back to i915_gem_shmem_pwrite_slow().
260  */
261 static int
262 i915_gem_shmem_pread_fast(struct drm_device *dev, struct drm_gem_object *obj,
263                           struct drm_i915_gem_pread *args,
264                           struct drm_file *file_priv)
265 {
266         struct drm_i915_gem_object *obj_priv = obj->driver_private;
267         ssize_t remain;
268         loff_t offset, page_base;
269         char __user *user_data;
270         int page_offset, page_length;
271         int ret;
272
273         user_data = (char __user *) (uintptr_t) args->data_ptr;
274         remain = args->size;
275
276         mutex_lock(&dev->struct_mutex);
277
278         ret = i915_gem_object_get_pages(obj, 0);
279         if (ret != 0)
280                 goto fail_unlock;
281
282         ret = i915_gem_object_set_cpu_read_domain_range(obj, args->offset,
283                                                         args->size);
284         if (ret != 0)
285                 goto fail_put_pages;
286
287         obj_priv = obj->driver_private;
288         offset = args->offset;
289
290         while (remain > 0) {
291                 /* Operation in this page
292                  *
293                  * page_base = page offset within aperture
294                  * page_offset = offset within page
295                  * page_length = bytes to copy for this page
296                  */
297                 page_base = (offset & ~(PAGE_SIZE-1));
298                 page_offset = offset & (PAGE_SIZE-1);
299                 page_length = remain;
300                 if ((page_offset + remain) > PAGE_SIZE)
301                         page_length = PAGE_SIZE - page_offset;
302
303                 ret = fast_shmem_read(obj_priv->pages,
304                                       page_base, page_offset,
305                                       user_data, page_length);
306                 if (ret)
307                         goto fail_put_pages;
308
309                 remain -= page_length;
310                 user_data += page_length;
311                 offset += page_length;
312         }
313
314 fail_put_pages:
315         i915_gem_object_put_pages(obj);
316 fail_unlock:
317         mutex_unlock(&dev->struct_mutex);
318
319         return ret;
320 }
321
322 static int
323 i915_gem_object_get_pages_or_evict(struct drm_gem_object *obj)
324 {
325         int ret;
326
327         ret = i915_gem_object_get_pages(obj, __GFP_NORETRY | __GFP_NOWARN);
328
329         /* If we've insufficient memory to map in the pages, attempt
330          * to make some space by throwing out some old buffers.
331          */
332         if (ret == -ENOMEM) {
333                 struct drm_device *dev = obj->dev;
334
335                 ret = i915_gem_evict_something(dev, obj->size);
336                 if (ret)
337                         return ret;
338
339                 ret = i915_gem_object_get_pages(obj, 0);
340         }
341
342         return ret;
343 }
344
345 /**
346  * This is the fallback shmem pread path, which allocates temporary storage
347  * in kernel space to copy_to_user into outside of the struct_mutex, so we
348  * can copy out of the object's backing pages while holding the struct mutex
349  * and not take page faults.
350  */
351 static int
352 i915_gem_shmem_pread_slow(struct drm_device *dev, struct drm_gem_object *obj,
353                           struct drm_i915_gem_pread *args,
354                           struct drm_file *file_priv)
355 {
356         struct drm_i915_gem_object *obj_priv = obj->driver_private;
357         struct mm_struct *mm = current->mm;
358         struct page **user_pages;
359         ssize_t remain;
360         loff_t offset, pinned_pages, i;
361         loff_t first_data_page, last_data_page, num_pages;
362         int shmem_page_index, shmem_page_offset;
363         int data_page_index,  data_page_offset;
364         int page_length;
365         int ret;
366         uint64_t data_ptr = args->data_ptr;
367         int do_bit17_swizzling;
368
369         remain = args->size;
370
371         /* Pin the user pages containing the data.  We can't fault while
372          * holding the struct mutex, yet we want to hold it while
373          * dereferencing the user data.
374          */
375         first_data_page = data_ptr / PAGE_SIZE;
376         last_data_page = (data_ptr + args->size - 1) / PAGE_SIZE;
377         num_pages = last_data_page - first_data_page + 1;
378
379         user_pages = drm_calloc_large(num_pages, sizeof(struct page *));
380         if (user_pages == NULL)
381                 return -ENOMEM;
382
383         down_read(&mm->mmap_sem);
384         pinned_pages = get_user_pages(current, mm, (uintptr_t)args->data_ptr,
385                                       num_pages, 1, 0, user_pages, NULL);
386         up_read(&mm->mmap_sem);
387         if (pinned_pages < num_pages) {
388                 ret = -EFAULT;
389                 goto fail_put_user_pages;
390         }
391
392         do_bit17_swizzling = i915_gem_object_needs_bit17_swizzle(obj);
393
394         mutex_lock(&dev->struct_mutex);
395
396         ret = i915_gem_object_get_pages_or_evict(obj);
397         if (ret)
398                 goto fail_unlock;
399
400         ret = i915_gem_object_set_cpu_read_domain_range(obj, args->offset,
401                                                         args->size);
402         if (ret != 0)
403                 goto fail_put_pages;
404
405         obj_priv = obj->driver_private;
406         offset = args->offset;
407
408         while (remain > 0) {
409                 /* Operation in this page
410                  *
411                  * shmem_page_index = page number within shmem file
412                  * shmem_page_offset = offset within page in shmem file
413                  * data_page_index = page number in get_user_pages return
414                  * data_page_offset = offset with data_page_index page.
415                  * page_length = bytes to copy for this page
416                  */
417                 shmem_page_index = offset / PAGE_SIZE;
418                 shmem_page_offset = offset & ~PAGE_MASK;
419                 data_page_index = data_ptr / PAGE_SIZE - first_data_page;
420                 data_page_offset = data_ptr & ~PAGE_MASK;
421
422                 page_length = remain;
423                 if ((shmem_page_offset + page_length) > PAGE_SIZE)
424                         page_length = PAGE_SIZE - shmem_page_offset;
425                 if ((data_page_offset + page_length) > PAGE_SIZE)
426                         page_length = PAGE_SIZE - data_page_offset;
427
428                 if (do_bit17_swizzling) {
429                         ret = slow_shmem_bit17_copy(obj_priv->pages[shmem_page_index],
430                                                     shmem_page_offset,
431                                                     user_pages[data_page_index],
432                                                     data_page_offset,
433                                                     page_length,
434                                                     1);
435                 } else {
436                         ret = slow_shmem_copy(user_pages[data_page_index],
437                                               data_page_offset,
438                                               obj_priv->pages[shmem_page_index],
439                                               shmem_page_offset,
440                                               page_length);
441                 }
442                 if (ret)
443                         goto fail_put_pages;
444
445                 remain -= page_length;
446                 data_ptr += page_length;
447                 offset += page_length;
448         }
449
450 fail_put_pages:
451         i915_gem_object_put_pages(obj);
452 fail_unlock:
453         mutex_unlock(&dev->struct_mutex);
454 fail_put_user_pages:
455         for (i = 0; i < pinned_pages; i++) {
456                 SetPageDirty(user_pages[i]);
457                 page_cache_release(user_pages[i]);
458         }
459         drm_free_large(user_pages);
460
461         return ret;
462 }
463
464 /**
465  * Reads data from the object referenced by handle.
466  *
467  * On error, the contents of *data are undefined.
468  */
469 int
470 i915_gem_pread_ioctl(struct drm_device *dev, void *data,
471                      struct drm_file *file_priv)
472 {
473         struct drm_i915_gem_pread *args = data;
474         struct drm_gem_object *obj;
475         struct drm_i915_gem_object *obj_priv;
476         int ret;
477
478         obj = drm_gem_object_lookup(dev, file_priv, args->handle);
479         if (obj == NULL)
480                 return -EBADF;
481         obj_priv = obj->driver_private;
482
483         /* Bounds check source.
484          *
485          * XXX: This could use review for overflow issues...
486          */
487         if (args->offset > obj->size || args->size > obj->size ||
488             args->offset + args->size > obj->size) {
489                 drm_gem_object_unreference_unlocked(obj);
490                 return -EINVAL;
491         }
492
493         if (i915_gem_object_needs_bit17_swizzle(obj)) {
494                 ret = i915_gem_shmem_pread_slow(dev, obj, args, file_priv);
495         } else {
496                 ret = i915_gem_shmem_pread_fast(dev, obj, args, file_priv);
497                 if (ret != 0)
498                         ret = i915_gem_shmem_pread_slow(dev, obj, args,
499                                                         file_priv);
500         }
501
502         drm_gem_object_unreference_unlocked(obj);
503
504         return ret;
505 }
506
507 /* This is the fast write path which cannot handle
508  * page faults in the source data
509  */
510
511 static inline int
512 fast_user_write(struct io_mapping *mapping,
513                 loff_t page_base, int page_offset,
514                 char __user *user_data,
515                 int length)
516 {
517         char *vaddr_atomic;
518         unsigned long unwritten;
519
520         vaddr_atomic = io_mapping_map_atomic_wc(mapping, page_base);
521         unwritten = __copy_from_user_inatomic_nocache(vaddr_atomic + page_offset,
522                                                       user_data, length);
523         io_mapping_unmap_atomic(vaddr_atomic);
524         if (unwritten)
525                 return -EFAULT;
526         return 0;
527 }
528
529 /* Here's the write path which can sleep for
530  * page faults
531  */
532
533 static inline int
534 slow_kernel_write(struct io_mapping *mapping,
535                   loff_t gtt_base, int gtt_offset,
536                   struct page *user_page, int user_offset,
537                   int length)
538 {
539         char *src_vaddr, *dst_vaddr;
540         unsigned long unwritten;
541
542         dst_vaddr = io_mapping_map_atomic_wc(mapping, gtt_base);
543         src_vaddr = kmap_atomic(user_page, KM_USER1);
544         unwritten = __copy_from_user_inatomic_nocache(dst_vaddr + gtt_offset,
545                                                       src_vaddr + user_offset,
546                                                       length);
547         kunmap_atomic(src_vaddr, KM_USER1);
548         io_mapping_unmap_atomic(dst_vaddr);
549         if (unwritten)
550                 return -EFAULT;
551         return 0;
552 }
553
554 static inline int
555 fast_shmem_write(struct page **pages,
556                  loff_t page_base, int page_offset,
557                  char __user *data,
558                  int length)
559 {
560         char __iomem *vaddr;
561         unsigned long unwritten;
562
563         vaddr = kmap_atomic(pages[page_base >> PAGE_SHIFT], KM_USER0);
564         if (vaddr == NULL)
565                 return -ENOMEM;
566         unwritten = __copy_from_user_inatomic(vaddr + page_offset, data, length);
567         kunmap_atomic(vaddr, KM_USER0);
568
569         if (unwritten)
570                 return -EFAULT;
571         return 0;
572 }
573
574 /**
575  * This is the fast pwrite path, where we copy the data directly from the
576  * user into the GTT, uncached.
577  */
578 static int
579 i915_gem_gtt_pwrite_fast(struct drm_device *dev, struct drm_gem_object *obj,
580                          struct drm_i915_gem_pwrite *args,
581                          struct drm_file *file_priv)
582 {
583         struct drm_i915_gem_object *obj_priv = obj->driver_private;
584         drm_i915_private_t *dev_priv = dev->dev_private;
585         ssize_t remain;
586         loff_t offset, page_base;
587         char __user *user_data;
588         int page_offset, page_length;
589         int ret;
590
591         user_data = (char __user *) (uintptr_t) args->data_ptr;
592         remain = args->size;
593         if (!access_ok(VERIFY_READ, user_data, remain))
594                 return -EFAULT;
595
596
597         mutex_lock(&dev->struct_mutex);
598         ret = i915_gem_object_pin(obj, 0);
599         if (ret) {
600                 mutex_unlock(&dev->struct_mutex);
601                 return ret;
602         }
603         ret = i915_gem_object_set_to_gtt_domain(obj, 1);
604         if (ret)
605                 goto fail;
606
607         obj_priv = obj->driver_private;
608         offset = obj_priv->gtt_offset + args->offset;
609
610         while (remain > 0) {
611                 /* Operation in this page
612                  *
613                  * page_base = page offset within aperture
614                  * page_offset = offset within page
615                  * page_length = bytes to copy for this page
616                  */
617                 page_base = (offset & ~(PAGE_SIZE-1));
618                 page_offset = offset & (PAGE_SIZE-1);
619                 page_length = remain;
620                 if ((page_offset + remain) > PAGE_SIZE)
621                         page_length = PAGE_SIZE - page_offset;
622
623                 ret = fast_user_write (dev_priv->mm.gtt_mapping, page_base,
624                                        page_offset, user_data, page_length);
625
626                 /* If we get a fault while copying data, then (presumably) our
627                  * source page isn't available.  Return the error and we'll
628                  * retry in the slow path.
629                  */
630                 if (ret)
631                         goto fail;
632
633                 remain -= page_length;
634                 user_data += page_length;
635                 offset += page_length;
636         }
637
638 fail:
639         i915_gem_object_unpin(obj);
640         mutex_unlock(&dev->struct_mutex);
641
642         return ret;
643 }
644
645 /**
646  * This is the fallback GTT pwrite path, which uses get_user_pages to pin
647  * the memory and maps it using kmap_atomic for copying.
648  *
649  * This code resulted in x11perf -rgb10text consuming about 10% more CPU
650  * than using i915_gem_gtt_pwrite_fast on a G45 (32-bit).
651  */
652 static int
653 i915_gem_gtt_pwrite_slow(struct drm_device *dev, struct drm_gem_object *obj,
654                          struct drm_i915_gem_pwrite *args,
655                          struct drm_file *file_priv)
656 {
657         struct drm_i915_gem_object *obj_priv = obj->driver_private;
658         drm_i915_private_t *dev_priv = dev->dev_private;
659         ssize_t remain;
660         loff_t gtt_page_base, offset;
661         loff_t first_data_page, last_data_page, num_pages;
662         loff_t pinned_pages, i;
663         struct page **user_pages;
664         struct mm_struct *mm = current->mm;
665         int gtt_page_offset, data_page_offset, data_page_index, page_length;
666         int ret;
667         uint64_t data_ptr = args->data_ptr;
668
669         remain = args->size;
670
671         /* Pin the user pages containing the data.  We can't fault while
672          * holding the struct mutex, and all of the pwrite implementations
673          * want to hold it while dereferencing the user data.
674          */
675         first_data_page = data_ptr / PAGE_SIZE;
676         last_data_page = (data_ptr + args->size - 1) / PAGE_SIZE;
677         num_pages = last_data_page - first_data_page + 1;
678
679         user_pages = drm_calloc_large(num_pages, sizeof(struct page *));
680         if (user_pages == NULL)
681                 return -ENOMEM;
682
683         down_read(&mm->mmap_sem);
684         pinned_pages = get_user_pages(current, mm, (uintptr_t)args->data_ptr,
685                                       num_pages, 0, 0, user_pages, NULL);
686         up_read(&mm->mmap_sem);
687         if (pinned_pages < num_pages) {
688                 ret = -EFAULT;
689                 goto out_unpin_pages;
690         }
691
692         mutex_lock(&dev->struct_mutex);
693         ret = i915_gem_object_pin(obj, 0);
694         if (ret)
695                 goto out_unlock;
696
697         ret = i915_gem_object_set_to_gtt_domain(obj, 1);
698         if (ret)
699                 goto out_unpin_object;
700
701         obj_priv = obj->driver_private;
702         offset = obj_priv->gtt_offset + args->offset;
703
704         while (remain > 0) {
705                 /* Operation in this page
706                  *
707                  * gtt_page_base = page offset within aperture
708                  * gtt_page_offset = offset within page in aperture
709                  * data_page_index = page number in get_user_pages return
710                  * data_page_offset = offset with data_page_index page.
711                  * page_length = bytes to copy for this page
712                  */
713                 gtt_page_base = offset & PAGE_MASK;
714                 gtt_page_offset = offset & ~PAGE_MASK;
715                 data_page_index = data_ptr / PAGE_SIZE - first_data_page;
716                 data_page_offset = data_ptr & ~PAGE_MASK;
717
718                 page_length = remain;
719                 if ((gtt_page_offset + page_length) > PAGE_SIZE)
720                         page_length = PAGE_SIZE - gtt_page_offset;
721                 if ((data_page_offset + page_length) > PAGE_SIZE)
722                         page_length = PAGE_SIZE - data_page_offset;
723
724                 ret = slow_kernel_write(dev_priv->mm.gtt_mapping,
725                                         gtt_page_base, gtt_page_offset,
726                                         user_pages[data_page_index],
727                                         data_page_offset,
728                                         page_length);
729
730                 /* If we get a fault while copying data, then (presumably) our
731                  * source page isn't available.  Return the error and we'll
732                  * retry in the slow path.
733                  */
734                 if (ret)
735                         goto out_unpin_object;
736
737                 remain -= page_length;
738                 offset += page_length;
739                 data_ptr += page_length;
740         }
741
742 out_unpin_object:
743         i915_gem_object_unpin(obj);
744 out_unlock:
745         mutex_unlock(&dev->struct_mutex);
746 out_unpin_pages:
747         for (i = 0; i < pinned_pages; i++)
748                 page_cache_release(user_pages[i]);
749         drm_free_large(user_pages);
750
751         return ret;
752 }
753
754 /**
755  * This is the fast shmem pwrite path, which attempts to directly
756  * copy_from_user into the kmapped pages backing the object.
757  */
758 static int
759 i915_gem_shmem_pwrite_fast(struct drm_device *dev, struct drm_gem_object *obj,
760                            struct drm_i915_gem_pwrite *args,
761                            struct drm_file *file_priv)
762 {
763         struct drm_i915_gem_object *obj_priv = obj->driver_private;
764         ssize_t remain;
765         loff_t offset, page_base;
766         char __user *user_data;
767         int page_offset, page_length;
768         int ret;
769
770         user_data = (char __user *) (uintptr_t) args->data_ptr;
771         remain = args->size;
772
773         mutex_lock(&dev->struct_mutex);
774
775         ret = i915_gem_object_get_pages(obj, 0);
776         if (ret != 0)
777                 goto fail_unlock;
778
779         ret = i915_gem_object_set_to_cpu_domain(obj, 1);
780         if (ret != 0)
781                 goto fail_put_pages;
782
783         obj_priv = obj->driver_private;
784         offset = args->offset;
785         obj_priv->dirty = 1;
786
787         while (remain > 0) {
788                 /* Operation in this page
789                  *
790                  * page_base = page offset within aperture
791                  * page_offset = offset within page
792                  * page_length = bytes to copy for this page
793                  */
794                 page_base = (offset & ~(PAGE_SIZE-1));
795                 page_offset = offset & (PAGE_SIZE-1);
796                 page_length = remain;
797                 if ((page_offset + remain) > PAGE_SIZE)
798                         page_length = PAGE_SIZE - page_offset;
799
800                 ret = fast_shmem_write(obj_priv->pages,
801                                        page_base, page_offset,
802                                        user_data, page_length);
803                 if (ret)
804                         goto fail_put_pages;
805
806                 remain -= page_length;
807                 user_data += page_length;
808                 offset += page_length;
809         }
810
811 fail_put_pages:
812         i915_gem_object_put_pages(obj);
813 fail_unlock:
814         mutex_unlock(&dev->struct_mutex);
815
816         return ret;
817 }
818
819 /**
820  * This is the fallback shmem pwrite path, which uses get_user_pages to pin
821  * the memory and maps it using kmap_atomic for copying.
822  *
823  * This avoids taking mmap_sem for faulting on the user's address while the
824  * struct_mutex is held.
825  */
826 static int
827 i915_gem_shmem_pwrite_slow(struct drm_device *dev, struct drm_gem_object *obj,
828                            struct drm_i915_gem_pwrite *args,
829                            struct drm_file *file_priv)
830 {
831         struct drm_i915_gem_object *obj_priv = obj->driver_private;
832         struct mm_struct *mm = current->mm;
833         struct page **user_pages;
834         ssize_t remain;
835         loff_t offset, pinned_pages, i;
836         loff_t first_data_page, last_data_page, num_pages;
837         int shmem_page_index, shmem_page_offset;
838         int data_page_index,  data_page_offset;
839         int page_length;
840         int ret;
841         uint64_t data_ptr = args->data_ptr;
842         int do_bit17_swizzling;
843
844         remain = args->size;
845
846         /* Pin the user pages containing the data.  We can't fault while
847          * holding the struct mutex, and all of the pwrite implementations
848          * want to hold it while dereferencing the user data.
849          */
850         first_data_page = data_ptr / PAGE_SIZE;
851         last_data_page = (data_ptr + args->size - 1) / PAGE_SIZE;
852         num_pages = last_data_page - first_data_page + 1;
853
854         user_pages = drm_calloc_large(num_pages, sizeof(struct page *));
855         if (user_pages == NULL)
856                 return -ENOMEM;
857
858         down_read(&mm->mmap_sem);
859         pinned_pages = get_user_pages(current, mm, (uintptr_t)args->data_ptr,
860                                       num_pages, 0, 0, user_pages, NULL);
861         up_read(&mm->mmap_sem);
862         if (pinned_pages < num_pages) {
863                 ret = -EFAULT;
864                 goto fail_put_user_pages;
865         }
866
867         do_bit17_swizzling = i915_gem_object_needs_bit17_swizzle(obj);
868
869         mutex_lock(&dev->struct_mutex);
870
871         ret = i915_gem_object_get_pages_or_evict(obj);
872         if (ret)
873                 goto fail_unlock;
874
875         ret = i915_gem_object_set_to_cpu_domain(obj, 1);
876         if (ret != 0)
877                 goto fail_put_pages;
878
879         obj_priv = obj->driver_private;
880         offset = args->offset;
881         obj_priv->dirty = 1;
882
883         while (remain > 0) {
884                 /* Operation in this page
885                  *
886                  * shmem_page_index = page number within shmem file
887                  * shmem_page_offset = offset within page in shmem file
888                  * data_page_index = page number in get_user_pages return
889                  * data_page_offset = offset with data_page_index page.
890                  * page_length = bytes to copy for this page
891                  */
892                 shmem_page_index = offset / PAGE_SIZE;
893                 shmem_page_offset = offset & ~PAGE_MASK;
894                 data_page_index = data_ptr / PAGE_SIZE - first_data_page;
895                 data_page_offset = data_ptr & ~PAGE_MASK;
896
897                 page_length = remain;
898                 if ((shmem_page_offset + page_length) > PAGE_SIZE)
899                         page_length = PAGE_SIZE - shmem_page_offset;
900                 if ((data_page_offset + page_length) > PAGE_SIZE)
901                         page_length = PAGE_SIZE - data_page_offset;
902
903                 if (do_bit17_swizzling) {
904                         ret = slow_shmem_bit17_copy(obj_priv->pages[shmem_page_index],
905                                                     shmem_page_offset,
906                                                     user_pages[data_page_index],
907                                                     data_page_offset,
908                                                     page_length,
909                                                     0);
910                 } else {
911                         ret = slow_shmem_copy(obj_priv->pages[shmem_page_index],
912                                               shmem_page_offset,
913                                               user_pages[data_page_index],
914                                               data_page_offset,
915                                               page_length);
916                 }
917                 if (ret)
918                         goto fail_put_pages;
919
920                 remain -= page_length;
921                 data_ptr += page_length;
922                 offset += page_length;
923         }
924
925 fail_put_pages:
926         i915_gem_object_put_pages(obj);
927 fail_unlock:
928         mutex_unlock(&dev->struct_mutex);
929 fail_put_user_pages:
930         for (i = 0; i < pinned_pages; i++)
931                 page_cache_release(user_pages[i]);
932         drm_free_large(user_pages);
933
934         return ret;
935 }
936
937 /**
938  * Writes data to the object referenced by handle.
939  *
940  * On error, the contents of the buffer that were to be modified are undefined.
941  */
942 int
943 i915_gem_pwrite_ioctl(struct drm_device *dev, void *data,
944                       struct drm_file *file_priv)
945 {
946         struct drm_i915_gem_pwrite *args = data;
947         struct drm_gem_object *obj;
948         struct drm_i915_gem_object *obj_priv;
949         int ret = 0;
950
951         obj = drm_gem_object_lookup(dev, file_priv, args->handle);
952         if (obj == NULL)
953                 return -EBADF;
954         obj_priv = obj->driver_private;
955
956         /* Bounds check destination.
957          *
958          * XXX: This could use review for overflow issues...
959          */
960         if (args->offset > obj->size || args->size > obj->size ||
961             args->offset + args->size > obj->size) {
962                 drm_gem_object_unreference_unlocked(obj);
963                 return -EINVAL;
964         }
965
966         /* We can only do the GTT pwrite on untiled buffers, as otherwise
967          * it would end up going through the fenced access, and we'll get
968          * different detiling behavior between reading and writing.
969          * pread/pwrite currently are reading and writing from the CPU
970          * perspective, requiring manual detiling by the client.
971          */
972         if (obj_priv->phys_obj)
973                 ret = i915_gem_phys_pwrite(dev, obj, args, file_priv);
974         else if (obj_priv->tiling_mode == I915_TILING_NONE &&
975                  dev->gtt_total != 0) {
976                 ret = i915_gem_gtt_pwrite_fast(dev, obj, args, file_priv);
977                 if (ret == -EFAULT) {
978                         ret = i915_gem_gtt_pwrite_slow(dev, obj, args,
979                                                        file_priv);
980                 }
981         } else if (i915_gem_object_needs_bit17_swizzle(obj)) {
982                 ret = i915_gem_shmem_pwrite_slow(dev, obj, args, file_priv);
983         } else {
984                 ret = i915_gem_shmem_pwrite_fast(dev, obj, args, file_priv);
985                 if (ret == -EFAULT) {
986                         ret = i915_gem_shmem_pwrite_slow(dev, obj, args,
987                                                          file_priv);
988                 }
989         }
990
991 #if WATCH_PWRITE
992         if (ret)
993                 DRM_INFO("pwrite failed %d\n", ret);
994 #endif
995
996         drm_gem_object_unreference_unlocked(obj);
997
998         return ret;
999 }
1000
1001 /**
1002  * Called when user space prepares to use an object with the CPU, either
1003  * through the mmap ioctl's mapping or a GTT mapping.
1004  */
1005 int
1006 i915_gem_set_domain_ioctl(struct drm_device *dev, void *data,
1007                           struct drm_file *file_priv)
1008 {
1009         struct drm_i915_private *dev_priv = dev->dev_private;
1010         struct drm_i915_gem_set_domain *args = data;
1011         struct drm_gem_object *obj;
1012         struct drm_i915_gem_object *obj_priv;
1013         uint32_t read_domains = args->read_domains;
1014         uint32_t write_domain = args->write_domain;
1015         int ret;
1016
1017         if (!(dev->driver->driver_features & DRIVER_GEM))
1018                 return -ENODEV;
1019
1020         /* Only handle setting domains to types used by the CPU. */
1021         if (write_domain & I915_GEM_GPU_DOMAINS)
1022                 return -EINVAL;
1023
1024         if (read_domains & I915_GEM_GPU_DOMAINS)
1025                 return -EINVAL;
1026
1027         /* Having something in the write domain implies it's in the read
1028          * domain, and only that read domain.  Enforce that in the request.
1029          */
1030         if (write_domain != 0 && read_domains != write_domain)
1031                 return -EINVAL;
1032
1033         obj = drm_gem_object_lookup(dev, file_priv, args->handle);
1034         if (obj == NULL)
1035                 return -EBADF;
1036         obj_priv = obj->driver_private;
1037
1038         mutex_lock(&dev->struct_mutex);
1039
1040         intel_mark_busy(dev, obj);
1041
1042 #if WATCH_BUF
1043         DRM_INFO("set_domain_ioctl %p(%zd), %08x %08x\n",
1044                  obj, obj->size, read_domains, write_domain);
1045 #endif
1046         if (read_domains & I915_GEM_DOMAIN_GTT) {
1047                 ret = i915_gem_object_set_to_gtt_domain(obj, write_domain != 0);
1048
1049                 /* Update the LRU on the fence for the CPU access that's
1050                  * about to occur.
1051                  */
1052                 if (obj_priv->fence_reg != I915_FENCE_REG_NONE) {
1053                         list_move_tail(&obj_priv->fence_list,
1054                                        &dev_priv->mm.fence_list);
1055                 }
1056
1057                 /* Silently promote "you're not bound, there was nothing to do"
1058                  * to success, since the client was just asking us to
1059                  * make sure everything was done.
1060                  */
1061                 if (ret == -EINVAL)
1062                         ret = 0;
1063         } else {
1064                 ret = i915_gem_object_set_to_cpu_domain(obj, write_domain != 0);
1065         }
1066
1067         drm_gem_object_unreference(obj);
1068         mutex_unlock(&dev->struct_mutex);
1069         return ret;
1070 }
1071
1072 /**
1073  * Called when user space has done writes to this buffer
1074  */
1075 int
1076 i915_gem_sw_finish_ioctl(struct drm_device *dev, void *data,
1077                       struct drm_file *file_priv)
1078 {
1079         struct drm_i915_gem_sw_finish *args = data;
1080         struct drm_gem_object *obj;
1081         struct drm_i915_gem_object *obj_priv;
1082         int ret = 0;
1083
1084         if (!(dev->driver->driver_features & DRIVER_GEM))
1085                 return -ENODEV;
1086
1087         mutex_lock(&dev->struct_mutex);
1088         obj = drm_gem_object_lookup(dev, file_priv, args->handle);
1089         if (obj == NULL) {
1090                 mutex_unlock(&dev->struct_mutex);
1091                 return -EBADF;
1092         }
1093
1094 #if WATCH_BUF
1095         DRM_INFO("%s: sw_finish %d (%p %zd)\n",
1096                  __func__, args->handle, obj, obj->size);
1097 #endif
1098         obj_priv = obj->driver_private;
1099
1100         /* Pinned buffers may be scanout, so flush the cache */
1101         if (obj_priv->pin_count)
1102                 i915_gem_object_flush_cpu_write_domain(obj);
1103
1104         drm_gem_object_unreference(obj);
1105         mutex_unlock(&dev->struct_mutex);
1106         return ret;
1107 }
1108
1109 /**
1110  * Maps the contents of an object, returning the address it is mapped
1111  * into.
1112  *
1113  * While the mapping holds a reference on the contents of the object, it doesn't
1114  * imply a ref on the object itself.
1115  */
1116 int
1117 i915_gem_mmap_ioctl(struct drm_device *dev, void *data,
1118                    struct drm_file *file_priv)
1119 {
1120         struct drm_i915_gem_mmap *args = data;
1121         struct drm_gem_object *obj;
1122         loff_t offset;
1123         unsigned long addr;
1124
1125         if (!(dev->driver->driver_features & DRIVER_GEM))
1126                 return -ENODEV;
1127
1128         obj = drm_gem_object_lookup(dev, file_priv, args->handle);
1129         if (obj == NULL)
1130                 return -EBADF;
1131
1132         offset = args->offset;
1133
1134         down_write(&current->mm->mmap_sem);
1135         addr = do_mmap(obj->filp, 0, args->size,
1136                        PROT_READ | PROT_WRITE, MAP_SHARED,
1137                        args->offset);
1138         up_write(&current->mm->mmap_sem);
1139         drm_gem_object_unreference_unlocked(obj);
1140         if (IS_ERR((void *)addr))
1141                 return addr;
1142
1143         args->addr_ptr = (uint64_t) addr;
1144
1145         return 0;
1146 }
1147
1148 /**
1149  * i915_gem_fault - fault a page into the GTT
1150  * vma: VMA in question
1151  * vmf: fault info
1152  *
1153  * The fault handler is set up by drm_gem_mmap() when a object is GTT mapped
1154  * from userspace.  The fault handler takes care of binding the object to
1155  * the GTT (if needed), allocating and programming a fence register (again,
1156  * only if needed based on whether the old reg is still valid or the object
1157  * is tiled) and inserting a new PTE into the faulting process.
1158  *
1159  * Note that the faulting process may involve evicting existing objects
1160  * from the GTT and/or fence registers to make room.  So performance may
1161  * suffer if the GTT working set is large or there are few fence registers
1162  * left.
1163  */
1164 int i915_gem_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
1165 {
1166         struct drm_gem_object *obj = vma->vm_private_data;
1167         struct drm_device *dev = obj->dev;
1168         struct drm_i915_private *dev_priv = dev->dev_private;
1169         struct drm_i915_gem_object *obj_priv = obj->driver_private;
1170         pgoff_t page_offset;
1171         unsigned long pfn;
1172         int ret = 0;
1173         bool write = !!(vmf->flags & FAULT_FLAG_WRITE);
1174
1175         /* We don't use vmf->pgoff since that has the fake offset */
1176         page_offset = ((unsigned long)vmf->virtual_address - vma->vm_start) >>
1177                 PAGE_SHIFT;
1178
1179         /* Now bind it into the GTT if needed */
1180         mutex_lock(&dev->struct_mutex);
1181         if (!obj_priv->gtt_space) {
1182                 ret = i915_gem_object_bind_to_gtt(obj, 0);
1183                 if (ret)
1184                         goto unlock;
1185
1186                 list_add_tail(&obj_priv->list, &dev_priv->mm.inactive_list);
1187
1188                 ret = i915_gem_object_set_to_gtt_domain(obj, write);
1189                 if (ret)
1190                         goto unlock;
1191         }
1192
1193         /* Need a new fence register? */
1194         if (obj_priv->tiling_mode != I915_TILING_NONE) {
1195                 ret = i915_gem_object_get_fence_reg(obj);
1196                 if (ret)
1197                         goto unlock;
1198         }
1199
1200         pfn = ((dev->agp->base + obj_priv->gtt_offset) >> PAGE_SHIFT) +
1201                 page_offset;
1202
1203         /* Finally, remap it using the new GTT offset */
1204         ret = vm_insert_pfn(vma, (unsigned long)vmf->virtual_address, pfn);
1205 unlock:
1206         mutex_unlock(&dev->struct_mutex);
1207
1208         switch (ret) {
1209         case 0:
1210         case -ERESTARTSYS:
1211                 return VM_FAULT_NOPAGE;
1212         case -ENOMEM:
1213         case -EAGAIN:
1214                 return VM_FAULT_OOM;
1215         default:
1216                 return VM_FAULT_SIGBUS;
1217         }
1218 }
1219
1220 /**
1221  * i915_gem_create_mmap_offset - create a fake mmap offset for an object
1222  * @obj: obj in question
1223  *
1224  * GEM memory mapping works by handing back to userspace a fake mmap offset
1225  * it can use in a subsequent mmap(2) call.  The DRM core code then looks
1226  * up the object based on the offset and sets up the various memory mapping
1227  * structures.
1228  *
1229  * This routine allocates and attaches a fake offset for @obj.
1230  */
1231 static int
1232 i915_gem_create_mmap_offset(struct drm_gem_object *obj)
1233 {
1234         struct drm_device *dev = obj->dev;
1235         struct drm_gem_mm *mm = dev->mm_private;
1236         struct drm_i915_gem_object *obj_priv = obj->driver_private;
1237         struct drm_map_list *list;
1238         struct drm_local_map *map;
1239         int ret = 0;
1240
1241         /* Set the object up for mmap'ing */
1242         list = &obj->map_list;
1243         list->map = kzalloc(sizeof(struct drm_map_list), GFP_KERNEL);
1244         if (!list->map)
1245                 return -ENOMEM;
1246
1247         map = list->map;
1248         map->type = _DRM_GEM;
1249         map->size = obj->size;
1250         map->handle = obj;
1251
1252         /* Get a DRM GEM mmap offset allocated... */
1253         list->file_offset_node = drm_mm_search_free(&mm->offset_manager,
1254                                                     obj->size / PAGE_SIZE, 0, 0);
1255         if (!list->file_offset_node) {
1256                 DRM_ERROR("failed to allocate offset for bo %d\n", obj->name);
1257                 ret = -ENOMEM;
1258                 goto out_free_list;
1259         }
1260
1261         list->file_offset_node = drm_mm_get_block(list->file_offset_node,
1262                                                   obj->size / PAGE_SIZE, 0);
1263         if (!list->file_offset_node) {
1264                 ret = -ENOMEM;
1265                 goto out_free_list;
1266         }
1267
1268         list->hash.key = list->file_offset_node->start;
1269         if (drm_ht_insert_item(&mm->offset_hash, &list->hash)) {
1270                 DRM_ERROR("failed to add to map hash\n");
1271                 ret = -ENOMEM;
1272                 goto out_free_mm;
1273         }
1274
1275         /* By now we should be all set, any drm_mmap request on the offset
1276          * below will get to our mmap & fault handler */
1277         obj_priv->mmap_offset = ((uint64_t) list->hash.key) << PAGE_SHIFT;
1278
1279         return 0;
1280
1281 out_free_mm:
1282         drm_mm_put_block(list->file_offset_node);
1283 out_free_list:
1284         kfree(list->map);
1285
1286         return ret;
1287 }
1288
1289 /**
1290  * i915_gem_release_mmap - remove physical page mappings
1291  * @obj: obj in question
1292  *
1293  * Preserve the reservation of the mmapping with the DRM core code, but
1294  * relinquish ownership of the pages back to the system.
1295  *
1296  * It is vital that we remove the page mapping if we have mapped a tiled
1297  * object through the GTT and then lose the fence register due to
1298  * resource pressure. Similarly if the object has been moved out of the
1299  * aperture, than pages mapped into userspace must be revoked. Removing the
1300  * mapping will then trigger a page fault on the next user access, allowing
1301  * fixup by i915_gem_fault().
1302  */
1303 void
1304 i915_gem_release_mmap(struct drm_gem_object *obj)
1305 {
1306         struct drm_device *dev = obj->dev;
1307         struct drm_i915_gem_object *obj_priv = obj->driver_private;
1308
1309         if (dev->dev_mapping)
1310                 unmap_mapping_range(dev->dev_mapping,
1311                                     obj_priv->mmap_offset, obj->size, 1);
1312 }
1313
1314 static void
1315 i915_gem_free_mmap_offset(struct drm_gem_object *obj)
1316 {
1317         struct drm_device *dev = obj->dev;
1318         struct drm_i915_gem_object *obj_priv = obj->driver_private;
1319         struct drm_gem_mm *mm = dev->mm_private;
1320         struct drm_map_list *list;
1321
1322         list = &obj->map_list;
1323         drm_ht_remove_item(&mm->offset_hash, &list->hash);
1324
1325         if (list->file_offset_node) {
1326                 drm_mm_put_block(list->file_offset_node);
1327                 list->file_offset_node = NULL;
1328         }
1329
1330         if (list->map) {
1331                 kfree(list->map);
1332                 list->map = NULL;
1333         }
1334
1335         obj_priv->mmap_offset = 0;
1336 }
1337
1338 /**
1339  * i915_gem_get_gtt_alignment - return required GTT alignment for an object
1340  * @obj: object to check
1341  *
1342  * Return the required GTT alignment for an object, taking into account
1343  * potential fence register mapping if needed.
1344  */
1345 static uint32_t
1346 i915_gem_get_gtt_alignment(struct drm_gem_object *obj)
1347 {
1348         struct drm_device *dev = obj->dev;
1349         struct drm_i915_gem_object *obj_priv = obj->driver_private;
1350         int start, i;
1351
1352         /*
1353          * Minimum alignment is 4k (GTT page size), but might be greater
1354          * if a fence register is needed for the object.
1355          */
1356         if (IS_I965G(dev) || obj_priv->tiling_mode == I915_TILING_NONE)
1357                 return 4096;
1358
1359         /*
1360          * Previous chips need to be aligned to the size of the smallest
1361          * fence register that can contain the object.
1362          */
1363         if (IS_I9XX(dev))
1364                 start = 1024*1024;
1365         else
1366                 start = 512*1024;
1367
1368         for (i = start; i < obj->size; i <<= 1)
1369                 ;
1370
1371         return i;
1372 }
1373
1374 /**
1375  * i915_gem_mmap_gtt_ioctl - prepare an object for GTT mmap'ing
1376  * @dev: DRM device
1377  * @data: GTT mapping ioctl data
1378  * @file_priv: GEM object info
1379  *
1380  * Simply returns the fake offset to userspace so it can mmap it.
1381  * The mmap call will end up in drm_gem_mmap(), which will set things
1382  * up so we can get faults in the handler above.
1383  *
1384  * The fault handler will take care of binding the object into the GTT
1385  * (since it may have been evicted to make room for something), allocating
1386  * a fence register, and mapping the appropriate aperture address into
1387  * userspace.
1388  */
1389 int
1390 i915_gem_mmap_gtt_ioctl(struct drm_device *dev, void *data,
1391                         struct drm_file *file_priv)
1392 {
1393         struct drm_i915_gem_mmap_gtt *args = data;
1394         struct drm_i915_private *dev_priv = dev->dev_private;
1395         struct drm_gem_object *obj;
1396         struct drm_i915_gem_object *obj_priv;
1397         int ret;
1398
1399         if (!(dev->driver->driver_features & DRIVER_GEM))
1400                 return -ENODEV;
1401
1402         obj = drm_gem_object_lookup(dev, file_priv, args->handle);
1403         if (obj == NULL)
1404                 return -EBADF;
1405
1406         mutex_lock(&dev->struct_mutex);
1407
1408         obj_priv = obj->driver_private;
1409
1410         if (obj_priv->madv != I915_MADV_WILLNEED) {
1411                 DRM_ERROR("Attempting to mmap a purgeable buffer\n");
1412                 drm_gem_object_unreference(obj);
1413                 mutex_unlock(&dev->struct_mutex);
1414                 return -EINVAL;
1415         }
1416
1417
1418         if (!obj_priv->mmap_offset) {
1419                 ret = i915_gem_create_mmap_offset(obj);
1420                 if (ret) {
1421                         drm_gem_object_unreference(obj);
1422                         mutex_unlock(&dev->struct_mutex);
1423                         return ret;
1424                 }
1425         }
1426
1427         args->offset = obj_priv->mmap_offset;
1428
1429         /*
1430          * Pull it into the GTT so that we have a page list (makes the
1431          * initial fault faster and any subsequent flushing possible).
1432          */
1433         if (!obj_priv->agp_mem) {
1434                 ret = i915_gem_object_bind_to_gtt(obj, 0);
1435                 if (ret) {
1436                         drm_gem_object_unreference(obj);
1437                         mutex_unlock(&dev->struct_mutex);
1438                         return ret;
1439                 }
1440                 list_add_tail(&obj_priv->list, &dev_priv->mm.inactive_list);
1441         }
1442
1443         drm_gem_object_unreference(obj);
1444         mutex_unlock(&dev->struct_mutex);
1445
1446         return 0;
1447 }
1448
1449 void
1450 i915_gem_object_put_pages(struct drm_gem_object *obj)
1451 {
1452         struct drm_i915_gem_object *obj_priv = obj->driver_private;
1453         int page_count = obj->size / PAGE_SIZE;
1454         int i;
1455
1456         BUG_ON(obj_priv->pages_refcount == 0);
1457         BUG_ON(obj_priv->madv == __I915_MADV_PURGED);
1458
1459         if (--obj_priv->pages_refcount != 0)
1460                 return;
1461
1462         if (obj_priv->tiling_mode != I915_TILING_NONE)
1463                 i915_gem_object_save_bit_17_swizzle(obj);
1464
1465         if (obj_priv->madv == I915_MADV_DONTNEED)
1466                 obj_priv->dirty = 0;
1467
1468         for (i = 0; i < page_count; i++) {
1469                 if (obj_priv->pages[i] == NULL)
1470                         break;
1471
1472                 if (obj_priv->dirty)
1473                         set_page_dirty(obj_priv->pages[i]);
1474
1475                 if (obj_priv->madv == I915_MADV_WILLNEED)
1476                         mark_page_accessed(obj_priv->pages[i]);
1477
1478                 page_cache_release(obj_priv->pages[i]);
1479         }
1480         obj_priv->dirty = 0;
1481
1482         drm_free_large(obj_priv->pages);
1483         obj_priv->pages = NULL;
1484 }
1485
1486 static void
1487 i915_gem_object_move_to_active(struct drm_gem_object *obj, uint32_t seqno)
1488 {
1489         struct drm_device *dev = obj->dev;
1490         drm_i915_private_t *dev_priv = dev->dev_private;
1491         struct drm_i915_gem_object *obj_priv = obj->driver_private;
1492
1493         /* Add a reference if we're newly entering the active list. */
1494         if (!obj_priv->active) {
1495                 drm_gem_object_reference(obj);
1496                 obj_priv->active = 1;
1497         }
1498         /* Move from whatever list we were on to the tail of execution. */
1499         spin_lock(&dev_priv->mm.active_list_lock);
1500         list_move_tail(&obj_priv->list,
1501                        &dev_priv->mm.active_list);
1502         spin_unlock(&dev_priv->mm.active_list_lock);
1503         obj_priv->last_rendering_seqno = seqno;
1504 }
1505
1506 static void
1507 i915_gem_object_move_to_flushing(struct drm_gem_object *obj)
1508 {
1509         struct drm_device *dev = obj->dev;
1510         drm_i915_private_t *dev_priv = dev->dev_private;
1511         struct drm_i915_gem_object *obj_priv = obj->driver_private;
1512
1513         BUG_ON(!obj_priv->active);
1514         list_move_tail(&obj_priv->list, &dev_priv->mm.flushing_list);
1515         obj_priv->last_rendering_seqno = 0;
1516 }
1517
1518 /* Immediately discard the backing storage */
1519 static void
1520 i915_gem_object_truncate(struct drm_gem_object *obj)
1521 {
1522         struct drm_i915_gem_object *obj_priv = obj->driver_private;
1523         struct inode *inode;
1524
1525         inode = obj->filp->f_path.dentry->d_inode;
1526         if (inode->i_op->truncate)
1527                 inode->i_op->truncate (inode);
1528
1529         obj_priv->madv = __I915_MADV_PURGED;
1530 }
1531
1532 static inline int
1533 i915_gem_object_is_purgeable(struct drm_i915_gem_object *obj_priv)
1534 {
1535         return obj_priv->madv == I915_MADV_DONTNEED;
1536 }
1537
1538 static void
1539 i915_gem_object_move_to_inactive(struct drm_gem_object *obj)
1540 {
1541         struct drm_device *dev = obj->dev;
1542         drm_i915_private_t *dev_priv = dev->dev_private;
1543         struct drm_i915_gem_object *obj_priv = obj->driver_private;
1544
1545         i915_verify_inactive(dev, __FILE__, __LINE__);
1546         if (obj_priv->pin_count != 0)
1547                 list_del_init(&obj_priv->list);
1548         else
1549                 list_move_tail(&obj_priv->list, &dev_priv->mm.inactive_list);
1550
1551         BUG_ON(!list_empty(&obj_priv->gpu_write_list));
1552
1553         obj_priv->last_rendering_seqno = 0;
1554         if (obj_priv->active) {
1555                 obj_priv->active = 0;
1556                 drm_gem_object_unreference(obj);
1557         }
1558         i915_verify_inactive(dev, __FILE__, __LINE__);
1559 }
1560
1561 /**
1562  * Creates a new sequence number, emitting a write of it to the status page
1563  * plus an interrupt, which will trigger i915_user_interrupt_handler.
1564  *
1565  * Must be called with struct_lock held.
1566  *
1567  * Returned sequence numbers are nonzero on success.
1568  */
1569 uint32_t
1570 i915_add_request(struct drm_device *dev, struct drm_file *file_priv,
1571                  uint32_t flush_domains)
1572 {
1573         drm_i915_private_t *dev_priv = dev->dev_private;
1574         struct drm_i915_file_private *i915_file_priv = NULL;
1575         struct drm_i915_gem_request *request;
1576         uint32_t seqno;
1577         int was_empty;
1578         RING_LOCALS;
1579
1580         if (file_priv != NULL)
1581                 i915_file_priv = file_priv->driver_priv;
1582
1583         request = kzalloc(sizeof(*request), GFP_KERNEL);
1584         if (request == NULL)
1585                 return 0;
1586
1587         /* Grab the seqno we're going to make this request be, and bump the
1588          * next (skipping 0 so it can be the reserved no-seqno value).
1589          */
1590         seqno = dev_priv->mm.next_gem_seqno;
1591         dev_priv->mm.next_gem_seqno++;
1592         if (dev_priv->mm.next_gem_seqno == 0)
1593                 dev_priv->mm.next_gem_seqno++;
1594
1595         BEGIN_LP_RING(4);
1596         OUT_RING(MI_STORE_DWORD_INDEX);
1597         OUT_RING(I915_GEM_HWS_INDEX << MI_STORE_DWORD_INDEX_SHIFT);
1598         OUT_RING(seqno);
1599
1600         OUT_RING(MI_USER_INTERRUPT);
1601         ADVANCE_LP_RING();
1602
1603         DRM_DEBUG_DRIVER("%d\n", seqno);
1604
1605         request->seqno = seqno;
1606         request->emitted_jiffies = jiffies;
1607         was_empty = list_empty(&dev_priv->mm.request_list);
1608         list_add_tail(&request->list, &dev_priv->mm.request_list);
1609         if (i915_file_priv) {
1610                 list_add_tail(&request->client_list,
1611                               &i915_file_priv->mm.request_list);
1612         } else {
1613                 INIT_LIST_HEAD(&request->client_list);
1614         }
1615
1616         /* Associate any objects on the flushing list matching the write
1617          * domain we're flushing with our flush.
1618          */
1619         if (flush_domains != 0) {
1620                 struct drm_i915_gem_object *obj_priv, *next;
1621
1622                 list_for_each_entry_safe(obj_priv, next,
1623                                          &dev_priv->mm.gpu_write_list,
1624                                          gpu_write_list) {
1625                         struct drm_gem_object *obj = obj_priv->obj;
1626
1627                         if ((obj->write_domain & flush_domains) ==
1628                             obj->write_domain) {
1629                                 uint32_t old_write_domain = obj->write_domain;
1630
1631                                 obj->write_domain = 0;
1632                                 list_del_init(&obj_priv->gpu_write_list);
1633                                 i915_gem_object_move_to_active(obj, seqno);
1634
1635                                 trace_i915_gem_object_change_domain(obj,
1636                                                                     obj->read_domains,
1637                                                                     old_write_domain);
1638                         }
1639                 }
1640
1641         }
1642
1643         if (!dev_priv->mm.suspended) {
1644                 mod_timer(&dev_priv->hangcheck_timer, jiffies + DRM_I915_HANGCHECK_PERIOD);
1645                 if (was_empty)
1646                         queue_delayed_work(dev_priv->wq, &dev_priv->mm.retire_work, HZ);
1647         }
1648         return seqno;
1649 }
1650
1651 /**
1652  * Command execution barrier
1653  *
1654  * Ensures that all commands in the ring are finished
1655  * before signalling the CPU
1656  */
1657 static uint32_t
1658 i915_retire_commands(struct drm_device *dev)
1659 {
1660         drm_i915_private_t *dev_priv = dev->dev_private;
1661         uint32_t cmd = MI_FLUSH | MI_NO_WRITE_FLUSH;
1662         uint32_t flush_domains = 0;
1663         RING_LOCALS;
1664
1665         /* The sampler always gets flushed on i965 (sigh) */
1666         if (IS_I965G(dev))
1667                 flush_domains |= I915_GEM_DOMAIN_SAMPLER;
1668         BEGIN_LP_RING(2);
1669         OUT_RING(cmd);
1670         OUT_RING(0); /* noop */
1671         ADVANCE_LP_RING();
1672         return flush_domains;
1673 }
1674
1675 /**
1676  * Moves buffers associated only with the given active seqno from the active
1677  * to inactive list, potentially freeing them.
1678  */
1679 static void
1680 i915_gem_retire_request(struct drm_device *dev,
1681                         struct drm_i915_gem_request *request)
1682 {
1683         drm_i915_private_t *dev_priv = dev->dev_private;
1684
1685         trace_i915_gem_request_retire(dev, request->seqno);
1686
1687         /* Move any buffers on the active list that are no longer referenced
1688          * by the ringbuffer to the flushing/inactive lists as appropriate.
1689          */
1690         spin_lock(&dev_priv->mm.active_list_lock);
1691         while (!list_empty(&dev_priv->mm.active_list)) {
1692                 struct drm_gem_object *obj;
1693                 struct drm_i915_gem_object *obj_priv;
1694
1695                 obj_priv = list_first_entry(&dev_priv->mm.active_list,
1696                                             struct drm_i915_gem_object,
1697                                             list);
1698                 obj = obj_priv->obj;
1699
1700                 /* If the seqno being retired doesn't match the oldest in the
1701                  * list, then the oldest in the list must still be newer than
1702                  * this seqno.
1703                  */
1704                 if (obj_priv->last_rendering_seqno != request->seqno)
1705                         goto out;
1706
1707 #if WATCH_LRU
1708                 DRM_INFO("%s: retire %d moves to inactive list %p\n",
1709                          __func__, request->seqno, obj);
1710 #endif
1711
1712                 if (obj->write_domain != 0)
1713                         i915_gem_object_move_to_flushing(obj);
1714                 else {
1715                         /* Take a reference on the object so it won't be
1716                          * freed while the spinlock is held.  The list
1717                          * protection for this spinlock is safe when breaking
1718                          * the lock like this since the next thing we do
1719                          * is just get the head of the list again.
1720                          */
1721                         drm_gem_object_reference(obj);
1722                         i915_gem_object_move_to_inactive(obj);
1723                         spin_unlock(&dev_priv->mm.active_list_lock);
1724                         drm_gem_object_unreference(obj);
1725                         spin_lock(&dev_priv->mm.active_list_lock);
1726                 }
1727         }
1728 out:
1729         spin_unlock(&dev_priv->mm.active_list_lock);
1730 }
1731
1732 /**
1733  * Returns true if seq1 is later than seq2.
1734  */
1735 bool
1736 i915_seqno_passed(uint32_t seq1, uint32_t seq2)
1737 {
1738         return (int32_t)(seq1 - seq2) >= 0;
1739 }
1740
1741 uint32_t
1742 i915_get_gem_seqno(struct drm_device *dev)
1743 {
1744         drm_i915_private_t *dev_priv = dev->dev_private;
1745
1746         return READ_HWSP(dev_priv, I915_GEM_HWS_INDEX);
1747 }
1748
1749 /**
1750  * This function clears the request list as sequence numbers are passed.
1751  */
1752 void
1753 i915_gem_retire_requests(struct drm_device *dev)
1754 {
1755         drm_i915_private_t *dev_priv = dev->dev_private;
1756         uint32_t seqno;
1757
1758         if (!dev_priv->hw_status_page || list_empty(&dev_priv->mm.request_list))
1759                 return;
1760
1761         seqno = i915_get_gem_seqno(dev);
1762
1763         while (!list_empty(&dev_priv->mm.request_list)) {
1764                 struct drm_i915_gem_request *request;
1765                 uint32_t retiring_seqno;
1766
1767                 request = list_first_entry(&dev_priv->mm.request_list,
1768                                            struct drm_i915_gem_request,
1769                                            list);
1770                 retiring_seqno = request->seqno;
1771
1772                 if (i915_seqno_passed(seqno, retiring_seqno) ||
1773                     atomic_read(&dev_priv->mm.wedged)) {
1774                         i915_gem_retire_request(dev, request);
1775
1776                         list_del(&request->list);
1777                         list_del(&request->client_list);
1778                         kfree(request);
1779                 } else
1780                         break;
1781         }
1782
1783         if (unlikely (dev_priv->trace_irq_seqno &&
1784                       i915_seqno_passed(dev_priv->trace_irq_seqno, seqno))) {
1785                 i915_user_irq_put(dev);
1786                 dev_priv->trace_irq_seqno = 0;
1787         }
1788 }
1789
1790 void
1791 i915_gem_retire_work_handler(struct work_struct *work)
1792 {
1793         drm_i915_private_t *dev_priv;
1794         struct drm_device *dev;
1795
1796         dev_priv = container_of(work, drm_i915_private_t,
1797                                 mm.retire_work.work);
1798         dev = dev_priv->dev;
1799
1800         mutex_lock(&dev->struct_mutex);
1801         i915_gem_retire_requests(dev);
1802         if (!dev_priv->mm.suspended &&
1803             !list_empty(&dev_priv->mm.request_list))
1804                 queue_delayed_work(dev_priv->wq, &dev_priv->mm.retire_work, HZ);
1805         mutex_unlock(&dev->struct_mutex);
1806 }
1807
1808 int
1809 i915_do_wait_request(struct drm_device *dev, uint32_t seqno, int interruptible)
1810 {
1811         drm_i915_private_t *dev_priv = dev->dev_private;
1812         u32 ier;
1813         int ret = 0;
1814
1815         BUG_ON(seqno == 0);
1816
1817         if (atomic_read(&dev_priv->mm.wedged))
1818                 return -EIO;
1819
1820         if (!i915_seqno_passed(i915_get_gem_seqno(dev), seqno)) {
1821                 if (HAS_PCH_SPLIT(dev))
1822                         ier = I915_READ(DEIER) | I915_READ(GTIER);
1823                 else
1824                         ier = I915_READ(IER);
1825                 if (!ier) {
1826                         DRM_ERROR("something (likely vbetool) disabled "
1827                                   "interrupts, re-enabling\n");
1828                         i915_driver_irq_preinstall(dev);
1829                         i915_driver_irq_postinstall(dev);
1830                 }
1831
1832                 trace_i915_gem_request_wait_begin(dev, seqno);
1833
1834                 dev_priv->mm.waiting_gem_seqno = seqno;
1835                 i915_user_irq_get(dev);
1836                 if (interruptible)
1837                         ret = wait_event_interruptible(dev_priv->irq_queue,
1838                                 i915_seqno_passed(i915_get_gem_seqno(dev), seqno) ||
1839                                 atomic_read(&dev_priv->mm.wedged));
1840                 else
1841                         wait_event(dev_priv->irq_queue,
1842                                 i915_seqno_passed(i915_get_gem_seqno(dev), seqno) ||
1843                                 atomic_read(&dev_priv->mm.wedged));
1844
1845                 i915_user_irq_put(dev);
1846                 dev_priv->mm.waiting_gem_seqno = 0;
1847
1848                 trace_i915_gem_request_wait_end(dev, seqno);
1849         }
1850         if (atomic_read(&dev_priv->mm.wedged))
1851                 ret = -EIO;
1852
1853         if (ret && ret != -ERESTARTSYS)
1854                 DRM_ERROR("%s returns %d (awaiting %d at %d)\n",
1855                           __func__, ret, seqno, i915_get_gem_seqno(dev));
1856
1857         /* Directly dispatch request retiring.  While we have the work queue
1858          * to handle this, the waiter on a request often wants an associated
1859          * buffer to have made it to the inactive list, and we would need
1860          * a separate wait queue to handle that.
1861          */
1862         if (ret == 0)
1863                 i915_gem_retire_requests(dev);
1864
1865         return ret;
1866 }
1867
1868 /**
1869  * Waits for a sequence number to be signaled, and cleans up the
1870  * request and object lists appropriately for that event.
1871  */
1872 static int
1873 i915_wait_request(struct drm_device *dev, uint32_t seqno)
1874 {
1875         return i915_do_wait_request(dev, seqno, 1);
1876 }
1877
1878 static void
1879 i915_gem_flush(struct drm_device *dev,
1880                uint32_t invalidate_domains,
1881                uint32_t flush_domains)
1882 {
1883         drm_i915_private_t *dev_priv = dev->dev_private;
1884         uint32_t cmd;
1885         RING_LOCALS;
1886
1887 #if WATCH_EXEC
1888         DRM_INFO("%s: invalidate %08x flush %08x\n", __func__,
1889                   invalidate_domains, flush_domains);
1890 #endif
1891         trace_i915_gem_request_flush(dev, dev_priv->mm.next_gem_seqno,
1892                                      invalidate_domains, flush_domains);
1893
1894         if (flush_domains & I915_GEM_DOMAIN_CPU)
1895                 drm_agp_chipset_flush(dev);
1896
1897         if ((invalidate_domains | flush_domains) & I915_GEM_GPU_DOMAINS) {
1898                 /*
1899                  * read/write caches:
1900                  *
1901                  * I915_GEM_DOMAIN_RENDER is always invalidated, but is
1902                  * only flushed if MI_NO_WRITE_FLUSH is unset.  On 965, it is
1903                  * also flushed at 2d versus 3d pipeline switches.
1904                  *
1905                  * read-only caches:
1906                  *
1907                  * I915_GEM_DOMAIN_SAMPLER is flushed on pre-965 if
1908                  * MI_READ_FLUSH is set, and is always flushed on 965.
1909                  *
1910                  * I915_GEM_DOMAIN_COMMAND may not exist?
1911                  *
1912                  * I915_GEM_DOMAIN_INSTRUCTION, which exists on 965, is
1913                  * invalidated when MI_EXE_FLUSH is set.
1914                  *
1915                  * I915_GEM_DOMAIN_VERTEX, which exists on 965, is
1916                  * invalidated with every MI_FLUSH.
1917                  *
1918                  * TLBs:
1919                  *
1920                  * On 965, TLBs associated with I915_GEM_DOMAIN_COMMAND
1921                  * and I915_GEM_DOMAIN_CPU in are invalidated at PTE write and
1922                  * I915_GEM_DOMAIN_RENDER and I915_GEM_DOMAIN_SAMPLER
1923                  * are flushed at any MI_FLUSH.
1924                  */
1925
1926                 cmd = MI_FLUSH | MI_NO_WRITE_FLUSH;
1927                 if ((invalidate_domains|flush_domains) &
1928                     I915_GEM_DOMAIN_RENDER)
1929                         cmd &= ~MI_NO_WRITE_FLUSH;
1930                 if (!IS_I965G(dev)) {
1931                         /*
1932                          * On the 965, the sampler cache always gets flushed
1933                          * and this bit is reserved.
1934                          */
1935                         if (invalidate_domains & I915_GEM_DOMAIN_SAMPLER)
1936                                 cmd |= MI_READ_FLUSH;
1937                 }
1938                 if (invalidate_domains & I915_GEM_DOMAIN_INSTRUCTION)
1939                         cmd |= MI_EXE_FLUSH;
1940
1941 #if WATCH_EXEC
1942                 DRM_INFO("%s: queue flush %08x to ring\n", __func__, cmd);
1943 #endif
1944                 BEGIN_LP_RING(2);
1945                 OUT_RING(cmd);
1946                 OUT_RING(MI_NOOP);
1947                 ADVANCE_LP_RING();
1948         }
1949 }
1950
1951 /**
1952  * Ensures that all rendering to the object has completed and the object is
1953  * safe to unbind from the GTT or access from the CPU.
1954  */
1955 static int
1956 i915_gem_object_wait_rendering(struct drm_gem_object *obj)
1957 {
1958         struct drm_device *dev = obj->dev;
1959         struct drm_i915_gem_object *obj_priv = obj->driver_private;
1960         int ret;
1961
1962         /* This function only exists to support waiting for existing rendering,
1963          * not for emitting required flushes.
1964          */
1965         BUG_ON((obj->write_domain & I915_GEM_GPU_DOMAINS) != 0);
1966
1967         /* If there is rendering queued on the buffer being evicted, wait for
1968          * it.
1969          */
1970         if (obj_priv->active) {
1971 #if WATCH_BUF
1972                 DRM_INFO("%s: object %p wait for seqno %08x\n",
1973                           __func__, obj, obj_priv->last_rendering_seqno);
1974 #endif
1975                 ret = i915_wait_request(dev, obj_priv->last_rendering_seqno);
1976                 if (ret != 0)
1977                         return ret;
1978         }
1979
1980         return 0;
1981 }
1982
1983 /**
1984  * Unbinds an object from the GTT aperture.
1985  */
1986 int
1987 i915_gem_object_unbind(struct drm_gem_object *obj)
1988 {
1989         struct drm_device *dev = obj->dev;
1990         struct drm_i915_gem_object *obj_priv = obj->driver_private;
1991         int ret = 0;
1992
1993 #if WATCH_BUF
1994         DRM_INFO("%s:%d %p\n", __func__, __LINE__, obj);
1995         DRM_INFO("gtt_space %p\n", obj_priv->gtt_space);
1996 #endif
1997         if (obj_priv->gtt_space == NULL)
1998                 return 0;
1999
2000         if (obj_priv->pin_count != 0) {
2001                 DRM_ERROR("Attempting to unbind pinned buffer\n");
2002                 return -EINVAL;
2003         }
2004
2005         /* blow away mappings if mapped through GTT */
2006         i915_gem_release_mmap(obj);
2007
2008         /* Move the object to the CPU domain to ensure that
2009          * any possible CPU writes while it's not in the GTT
2010          * are flushed when we go to remap it. This will
2011          * also ensure that all pending GPU writes are finished
2012          * before we unbind.
2013          */
2014         ret = i915_gem_object_set_to_cpu_domain(obj, 1);
2015         if (ret) {
2016                 if (ret != -ERESTARTSYS)
2017                         DRM_ERROR("set_domain failed: %d\n", ret);
2018                 return ret;
2019         }
2020
2021         BUG_ON(obj_priv->active);
2022
2023         /* release the fence reg _after_ flushing */
2024         if (obj_priv->fence_reg != I915_FENCE_REG_NONE)
2025                 i915_gem_clear_fence_reg(obj);
2026
2027         if (obj_priv->agp_mem != NULL) {
2028                 drm_unbind_agp(obj_priv->agp_mem);
2029                 drm_free_agp(obj_priv->agp_mem, obj->size / PAGE_SIZE);
2030                 obj_priv->agp_mem = NULL;
2031         }
2032
2033         i915_gem_object_put_pages(obj);
2034         BUG_ON(obj_priv->pages_refcount);
2035
2036         if (obj_priv->gtt_space) {
2037                 atomic_dec(&dev->gtt_count);
2038                 atomic_sub(obj->size, &dev->gtt_memory);
2039
2040                 drm_mm_put_block(obj_priv->gtt_space);
2041                 obj_priv->gtt_space = NULL;
2042         }
2043
2044         /* Remove ourselves from the LRU list if present. */
2045         if (!list_empty(&obj_priv->list))
2046                 list_del_init(&obj_priv->list);
2047
2048         if (i915_gem_object_is_purgeable(obj_priv))
2049                 i915_gem_object_truncate(obj);
2050
2051         trace_i915_gem_object_unbind(obj);
2052
2053         return 0;
2054 }
2055
2056 static struct drm_gem_object *
2057 i915_gem_find_inactive_object(struct drm_device *dev, int min_size)
2058 {
2059         drm_i915_private_t *dev_priv = dev->dev_private;
2060         struct drm_i915_gem_object *obj_priv;
2061         struct drm_gem_object *best = NULL;
2062         struct drm_gem_object *first = NULL;
2063
2064         /* Try to find the smallest clean object */
2065         list_for_each_entry(obj_priv, &dev_priv->mm.inactive_list, list) {
2066                 struct drm_gem_object *obj = obj_priv->obj;
2067                 if (obj->size >= min_size) {
2068                         if ((!obj_priv->dirty ||
2069                              i915_gem_object_is_purgeable(obj_priv)) &&
2070                             (!best || obj->size < best->size)) {
2071                                 best = obj;
2072                                 if (best->size == min_size)
2073                                         return best;
2074                         }
2075                         if (!first)
2076                             first = obj;
2077                 }
2078         }
2079
2080         return best ? best : first;
2081 }
2082
2083 static int
2084 i915_gem_evict_everything(struct drm_device *dev)
2085 {
2086         drm_i915_private_t *dev_priv = dev->dev_private;
2087         int ret;
2088         uint32_t seqno;
2089         bool lists_empty;
2090
2091         spin_lock(&dev_priv->mm.active_list_lock);
2092         lists_empty = (list_empty(&dev_priv->mm.inactive_list) &&
2093                        list_empty(&dev_priv->mm.flushing_list) &&
2094                        list_empty(&dev_priv->mm.active_list));
2095         spin_unlock(&dev_priv->mm.active_list_lock);
2096
2097         if (lists_empty)
2098                 return -ENOSPC;
2099
2100         /* Flush everything (on to the inactive lists) and evict */
2101         i915_gem_flush(dev, I915_GEM_GPU_DOMAINS, I915_GEM_GPU_DOMAINS);
2102         seqno = i915_add_request(dev, NULL, I915_GEM_GPU_DOMAINS);
2103         if (seqno == 0)
2104                 return -ENOMEM;
2105
2106         ret = i915_wait_request(dev, seqno);
2107         if (ret)
2108                 return ret;
2109
2110         BUG_ON(!list_empty(&dev_priv->mm.flushing_list));
2111
2112         ret = i915_gem_evict_from_inactive_list(dev);
2113         if (ret)
2114                 return ret;
2115
2116         spin_lock(&dev_priv->mm.active_list_lock);
2117         lists_empty = (list_empty(&dev_priv->mm.inactive_list) &&
2118                        list_empty(&dev_priv->mm.flushing_list) &&
2119                        list_empty(&dev_priv->mm.active_list));
2120         spin_unlock(&dev_priv->mm.active_list_lock);
2121         BUG_ON(!lists_empty);
2122
2123         return 0;
2124 }
2125
2126 static int
2127 i915_gem_evict_something(struct drm_device *dev, int min_size)
2128 {
2129         drm_i915_private_t *dev_priv = dev->dev_private;
2130         struct drm_gem_object *obj;
2131         int ret;
2132
2133         for (;;) {
2134                 i915_gem_retire_requests(dev);
2135
2136                 /* If there's an inactive buffer available now, grab it
2137                  * and be done.
2138                  */
2139                 obj = i915_gem_find_inactive_object(dev, min_size);
2140                 if (obj) {
2141                         struct drm_i915_gem_object *obj_priv;
2142
2143 #if WATCH_LRU
2144                         DRM_INFO("%s: evicting %p\n", __func__, obj);
2145 #endif
2146                         obj_priv = obj->driver_private;
2147                         BUG_ON(obj_priv->pin_count != 0);
2148                         BUG_ON(obj_priv->active);
2149
2150                         /* Wait on the rendering and unbind the buffer. */
2151                         return i915_gem_object_unbind(obj);
2152                 }
2153
2154                 /* If we didn't get anything, but the ring is still processing
2155                  * things, wait for the next to finish and hopefully leave us
2156                  * a buffer to evict.
2157                  */
2158                 if (!list_empty(&dev_priv->mm.request_list)) {
2159                         struct drm_i915_gem_request *request;
2160
2161                         request = list_first_entry(&dev_priv->mm.request_list,
2162                                                    struct drm_i915_gem_request,
2163                                                    list);
2164
2165                         ret = i915_wait_request(dev, request->seqno);
2166                         if (ret)
2167                                 return ret;
2168
2169                         continue;
2170                 }
2171
2172                 /* If we didn't have anything on the request list but there
2173                  * are buffers awaiting a flush, emit one and try again.
2174                  * When we wait on it, those buffers waiting for that flush
2175                  * will get moved to inactive.
2176                  */
2177                 if (!list_empty(&dev_priv->mm.flushing_list)) {
2178                         struct drm_i915_gem_object *obj_priv;
2179
2180                         /* Find an object that we can immediately reuse */
2181                         list_for_each_entry(obj_priv, &dev_priv->mm.flushing_list, list) {
2182                                 obj = obj_priv->obj;
2183                                 if (obj->size >= min_size)
2184                                         break;
2185
2186                                 obj = NULL;
2187                         }
2188
2189                         if (obj != NULL) {
2190                                 uint32_t seqno;
2191
2192                                 i915_gem_flush(dev,
2193                                                obj->write_domain,
2194                                                obj->write_domain);
2195                                 seqno = i915_add_request(dev, NULL, obj->write_domain);
2196                                 if (seqno == 0)
2197                                         return -ENOMEM;
2198
2199                                 ret = i915_wait_request(dev, seqno);
2200                                 if (ret)
2201                                         return ret;
2202
2203                                 continue;
2204                         }
2205                 }
2206
2207                 /* If we didn't do any of the above, there's no single buffer
2208                  * large enough to swap out for the new one, so just evict
2209                  * everything and start again. (This should be rare.)
2210                  */
2211                 if (!list_empty (&dev_priv->mm.inactive_list))
2212                         return i915_gem_evict_from_inactive_list(dev);
2213                 else
2214                         return i915_gem_evict_everything(dev);
2215         }
2216 }
2217
2218 int
2219 i915_gem_object_get_pages(struct drm_gem_object *obj,
2220                           gfp_t gfpmask)
2221 {
2222         struct drm_i915_gem_object *obj_priv = obj->driver_private;
2223         int page_count, i;
2224         struct address_space *mapping;
2225         struct inode *inode;
2226         struct page *page;
2227         int ret;
2228
2229         if (obj_priv->pages_refcount++ != 0)
2230                 return 0;
2231
2232         /* Get the list of pages out of our struct file.  They'll be pinned
2233          * at this point until we release them.
2234          */
2235         page_count = obj->size / PAGE_SIZE;
2236         BUG_ON(obj_priv->pages != NULL);
2237         obj_priv->pages = drm_calloc_large(page_count, sizeof(struct page *));
2238         if (obj_priv->pages == NULL) {
2239                 obj_priv->pages_refcount--;
2240                 return -ENOMEM;
2241         }
2242
2243         inode = obj->filp->f_path.dentry->d_inode;
2244         mapping = inode->i_mapping;
2245         for (i = 0; i < page_count; i++) {
2246                 page = read_cache_page_gfp(mapping, i,
2247                                            mapping_gfp_mask (mapping) |
2248                                            __GFP_COLD |
2249                                            gfpmask);
2250                 if (IS_ERR(page)) {
2251                         ret = PTR_ERR(page);
2252                         i915_gem_object_put_pages(obj);
2253                         return ret;
2254                 }
2255                 obj_priv->pages[i] = page;
2256         }
2257
2258         if (obj_priv->tiling_mode != I915_TILING_NONE)
2259                 i915_gem_object_do_bit_17_swizzle(obj);
2260
2261         return 0;
2262 }
2263
2264 static void sandybridge_write_fence_reg(struct drm_i915_fence_reg *reg)
2265 {
2266         struct drm_gem_object *obj = reg->obj;
2267         struct drm_device *dev = obj->dev;
2268         drm_i915_private_t *dev_priv = dev->dev_private;
2269         struct drm_i915_gem_object *obj_priv = obj->driver_private;
2270         int regnum = obj_priv->fence_reg;
2271         uint64_t val;
2272
2273         val = (uint64_t)((obj_priv->gtt_offset + obj->size - 4096) &
2274                     0xfffff000) << 32;
2275         val |= obj_priv->gtt_offset & 0xfffff000;
2276         val |= (uint64_t)((obj_priv->stride / 128) - 1) <<
2277                 SANDYBRIDGE_FENCE_PITCH_SHIFT;
2278
2279         if (obj_priv->tiling_mode == I915_TILING_Y)
2280                 val |= 1 << I965_FENCE_TILING_Y_SHIFT;
2281         val |= I965_FENCE_REG_VALID;
2282
2283         I915_WRITE64(FENCE_REG_SANDYBRIDGE_0 + (regnum * 8), val);
2284 }
2285
2286 static void i965_write_fence_reg(struct drm_i915_fence_reg *reg)
2287 {
2288         struct drm_gem_object *obj = reg->obj;
2289         struct drm_device *dev = obj->dev;
2290         drm_i915_private_t *dev_priv = dev->dev_private;
2291         struct drm_i915_gem_object *obj_priv = obj->driver_private;
2292         int regnum = obj_priv->fence_reg;
2293         uint64_t val;
2294
2295         val = (uint64_t)((obj_priv->gtt_offset + obj->size - 4096) &
2296                     0xfffff000) << 32;
2297         val |= obj_priv->gtt_offset & 0xfffff000;
2298         val |= ((obj_priv->stride / 128) - 1) << I965_FENCE_PITCH_SHIFT;
2299         if (obj_priv->tiling_mode == I915_TILING_Y)
2300                 val |= 1 << I965_FENCE_TILING_Y_SHIFT;
2301         val |= I965_FENCE_REG_VALID;
2302
2303         I915_WRITE64(FENCE_REG_965_0 + (regnum * 8), val);
2304 }
2305
2306 static void i915_write_fence_reg(struct drm_i915_fence_reg *reg)
2307 {
2308         struct drm_gem_object *obj = reg->obj;
2309         struct drm_device *dev = obj->dev;
2310         drm_i915_private_t *dev_priv = dev->dev_private;
2311         struct drm_i915_gem_object *obj_priv = obj->driver_private;
2312         int regnum = obj_priv->fence_reg;
2313         int tile_width;
2314         uint32_t fence_reg, val;
2315         uint32_t pitch_val;
2316
2317         if ((obj_priv->gtt_offset & ~I915_FENCE_START_MASK) ||
2318             (obj_priv->gtt_offset & (obj->size - 1))) {
2319                 WARN(1, "%s: object 0x%08x not 1M or size (0x%zx) aligned\n",
2320                      __func__, obj_priv->gtt_offset, obj->size);
2321                 return;
2322         }
2323
2324         if (obj_priv->tiling_mode == I915_TILING_Y &&
2325             HAS_128_BYTE_Y_TILING(dev))
2326                 tile_width = 128;
2327         else
2328                 tile_width = 512;
2329
2330         /* Note: pitch better be a power of two tile widths */
2331         pitch_val = obj_priv->stride / tile_width;
2332         pitch_val = ffs(pitch_val) - 1;
2333
2334         val = obj_priv->gtt_offset;
2335         if (obj_priv->tiling_mode == I915_TILING_Y)
2336                 val |= 1 << I830_FENCE_TILING_Y_SHIFT;
2337         val |= I915_FENCE_SIZE_BITS(obj->size);
2338         val |= pitch_val << I830_FENCE_PITCH_SHIFT;
2339         val |= I830_FENCE_REG_VALID;
2340
2341         if (regnum < 8)
2342                 fence_reg = FENCE_REG_830_0 + (regnum * 4);
2343         else
2344                 fence_reg = FENCE_REG_945_8 + ((regnum - 8) * 4);
2345         I915_WRITE(fence_reg, val);
2346 }
2347
2348 static void i830_write_fence_reg(struct drm_i915_fence_reg *reg)
2349 {
2350         struct drm_gem_object *obj = reg->obj;
2351         struct drm_device *dev = obj->dev;
2352         drm_i915_private_t *dev_priv = dev->dev_private;
2353         struct drm_i915_gem_object *obj_priv = obj->driver_private;
2354         int regnum = obj_priv->fence_reg;
2355         uint32_t val;
2356         uint32_t pitch_val;
2357         uint32_t fence_size_bits;
2358
2359         if ((obj_priv->gtt_offset & ~I830_FENCE_START_MASK) ||
2360             (obj_priv->gtt_offset & (obj->size - 1))) {
2361                 WARN(1, "%s: object 0x%08x not 512K or size aligned\n",
2362                      __func__, obj_priv->gtt_offset);
2363                 return;
2364         }
2365
2366         pitch_val = obj_priv->stride / 128;
2367         pitch_val = ffs(pitch_val) - 1;
2368         WARN_ON(pitch_val > I830_FENCE_MAX_PITCH_VAL);
2369
2370         val = obj_priv->gtt_offset;
2371         if (obj_priv->tiling_mode == I915_TILING_Y)
2372                 val |= 1 << I830_FENCE_TILING_Y_SHIFT;
2373         fence_size_bits = I830_FENCE_SIZE_BITS(obj->size);
2374         WARN_ON(fence_size_bits & ~0x00000f00);
2375         val |= fence_size_bits;
2376         val |= pitch_val << I830_FENCE_PITCH_SHIFT;
2377         val |= I830_FENCE_REG_VALID;
2378
2379         I915_WRITE(FENCE_REG_830_0 + (regnum * 4), val);
2380 }
2381
2382 /**
2383  * i915_gem_object_get_fence_reg - set up a fence reg for an object
2384  * @obj: object to map through a fence reg
2385  *
2386  * When mapping objects through the GTT, userspace wants to be able to write
2387  * to them without having to worry about swizzling if the object is tiled.
2388  *
2389  * This function walks the fence regs looking for a free one for @obj,
2390  * stealing one if it can't find any.
2391  *
2392  * It then sets up the reg based on the object's properties: address, pitch
2393  * and tiling format.
2394  */
2395 int
2396 i915_gem_object_get_fence_reg(struct drm_gem_object *obj)
2397 {
2398         struct drm_device *dev = obj->dev;
2399         struct drm_i915_private *dev_priv = dev->dev_private;
2400         struct drm_i915_gem_object *obj_priv = obj->driver_private;
2401         struct drm_i915_fence_reg *reg = NULL;
2402         struct drm_i915_gem_object *old_obj_priv = NULL;
2403         int i, ret, avail;
2404
2405         /* Just update our place in the LRU if our fence is getting used. */
2406         if (obj_priv->fence_reg != I915_FENCE_REG_NONE) {
2407                 list_move_tail(&obj_priv->fence_list, &dev_priv->mm.fence_list);
2408                 return 0;
2409         }
2410
2411         switch (obj_priv->tiling_mode) {
2412         case I915_TILING_NONE:
2413                 WARN(1, "allocating a fence for non-tiled object?\n");
2414                 break;
2415         case I915_TILING_X:
2416                 if (!obj_priv->stride)
2417                         return -EINVAL;
2418                 WARN((obj_priv->stride & (512 - 1)),
2419                      "object 0x%08x is X tiled but has non-512B pitch\n",
2420                      obj_priv->gtt_offset);
2421                 break;
2422         case I915_TILING_Y:
2423                 if (!obj_priv->stride)
2424                         return -EINVAL;
2425                 WARN((obj_priv->stride & (128 - 1)),
2426                      "object 0x%08x is Y tiled but has non-128B pitch\n",
2427                      obj_priv->gtt_offset);
2428                 break;
2429         }
2430
2431         /* First try to find a free reg */
2432         avail = 0;
2433         for (i = dev_priv->fence_reg_start; i < dev_priv->num_fence_regs; i++) {
2434                 reg = &dev_priv->fence_regs[i];
2435                 if (!reg->obj)
2436                         break;
2437
2438                 old_obj_priv = reg->obj->driver_private;
2439                 if (!old_obj_priv->pin_count)
2440                     avail++;
2441         }
2442
2443         /* None available, try to steal one or wait for a user to finish */
2444         if (i == dev_priv->num_fence_regs) {
2445                 struct drm_gem_object *old_obj = NULL;
2446
2447                 if (avail == 0)
2448                         return -ENOSPC;
2449
2450                 list_for_each_entry(old_obj_priv, &dev_priv->mm.fence_list,
2451                                     fence_list) {
2452                         old_obj = old_obj_priv->obj;
2453
2454                         if (old_obj_priv->pin_count)
2455                                 continue;
2456
2457                         /* Take a reference, as otherwise the wait_rendering
2458                          * below may cause the object to get freed out from
2459                          * under us.
2460                          */
2461                         drm_gem_object_reference(old_obj);
2462
2463                         /* i915 uses fences for GPU access to tiled buffers */
2464                         if (IS_I965G(dev) || !old_obj_priv->active)
2465                                 break;
2466
2467                         /* This brings the object to the head of the LRU if it
2468                          * had been written to.  The only way this should
2469                          * result in us waiting longer than the expected
2470                          * optimal amount of time is if there was a
2471                          * fence-using buffer later that was read-only.
2472                          */
2473                         i915_gem_object_flush_gpu_write_domain(old_obj);
2474                         ret = i915_gem_object_wait_rendering(old_obj);
2475                         if (ret != 0) {
2476                                 drm_gem_object_unreference(old_obj);
2477                                 return ret;
2478                         }
2479
2480                         break;
2481                 }
2482
2483                 /*
2484                  * Zap this virtual mapping so we can set up a fence again
2485                  * for this object next time we need it.
2486                  */
2487                 i915_gem_release_mmap(old_obj);
2488
2489                 i = old_obj_priv->fence_reg;
2490                 reg = &dev_priv->fence_regs[i];
2491
2492                 old_obj_priv->fence_reg = I915_FENCE_REG_NONE;
2493                 list_del_init(&old_obj_priv->fence_list);
2494
2495                 drm_gem_object_unreference(old_obj);
2496         }
2497
2498         obj_priv->fence_reg = i;
2499         list_add_tail(&obj_priv->fence_list, &dev_priv->mm.fence_list);
2500
2501         reg->obj = obj;
2502
2503         if (IS_GEN6(dev))
2504                 sandybridge_write_fence_reg(reg);
2505         else if (IS_I965G(dev))
2506                 i965_write_fence_reg(reg);
2507         else if (IS_I9XX(dev))
2508                 i915_write_fence_reg(reg);
2509         else
2510                 i830_write_fence_reg(reg);
2511
2512         trace_i915_gem_object_get_fence(obj, i, obj_priv->tiling_mode);
2513
2514         return 0;
2515 }
2516
2517 /**
2518  * i915_gem_clear_fence_reg - clear out fence register info
2519  * @obj: object to clear
2520  *
2521  * Zeroes out the fence register itself and clears out the associated
2522  * data structures in dev_priv and obj_priv.
2523  */
2524 static void
2525 i915_gem_clear_fence_reg(struct drm_gem_object *obj)
2526 {
2527         struct drm_device *dev = obj->dev;
2528         drm_i915_private_t *dev_priv = dev->dev_private;
2529         struct drm_i915_gem_object *obj_priv = obj->driver_private;
2530
2531         if (IS_GEN6(dev)) {
2532                 I915_WRITE64(FENCE_REG_SANDYBRIDGE_0 +
2533                              (obj_priv->fence_reg * 8), 0);
2534         } else if (IS_I965G(dev)) {
2535                 I915_WRITE64(FENCE_REG_965_0 + (obj_priv->fence_reg * 8), 0);
2536         } else {
2537                 uint32_t fence_reg;
2538
2539                 if (obj_priv->fence_reg < 8)
2540                         fence_reg = FENCE_REG_830_0 + obj_priv->fence_reg * 4;
2541                 else
2542                         fence_reg = FENCE_REG_945_8 + (obj_priv->fence_reg -
2543                                                        8) * 4;
2544
2545                 I915_WRITE(fence_reg, 0);
2546         }
2547
2548         dev_priv->fence_regs[obj_priv->fence_reg].obj = NULL;
2549         obj_priv->fence_reg = I915_FENCE_REG_NONE;
2550         list_del_init(&obj_priv->fence_list);
2551 }
2552
2553 /**
2554  * i915_gem_object_put_fence_reg - waits on outstanding fenced access
2555  * to the buffer to finish, and then resets the fence register.
2556  * @obj: tiled object holding a fence register.
2557  *
2558  * Zeroes out the fence register itself and clears out the associated
2559  * data structures in dev_priv and obj_priv.
2560  */
2561 int
2562 i915_gem_object_put_fence_reg(struct drm_gem_object *obj)
2563 {
2564         struct drm_device *dev = obj->dev;
2565         struct drm_i915_gem_object *obj_priv = obj->driver_private;
2566
2567         if (obj_priv->fence_reg == I915_FENCE_REG_NONE)
2568                 return 0;
2569
2570         /* If we've changed tiling, GTT-mappings of the object
2571          * need to re-fault to ensure that the correct fence register
2572          * setup is in place.
2573          */
2574         i915_gem_release_mmap(obj);
2575
2576         /* On the i915, GPU access to tiled buffers is via a fence,
2577          * therefore we must wait for any outstanding access to complete
2578          * before clearing the fence.
2579          */
2580         if (!IS_I965G(dev)) {
2581                 int ret;
2582
2583                 i915_gem_object_flush_gpu_write_domain(obj);
2584                 ret = i915_gem_object_wait_rendering(obj);
2585                 if (ret != 0)
2586                         return ret;
2587         }
2588
2589         i915_gem_object_flush_gtt_write_domain(obj);
2590         i915_gem_clear_fence_reg (obj);
2591
2592         return 0;
2593 }
2594
2595 /**
2596  * Finds free space in the GTT aperture and binds the object there.
2597  */
2598 static int
2599 i915_gem_object_bind_to_gtt(struct drm_gem_object *obj, unsigned alignment)
2600 {
2601         struct drm_device *dev = obj->dev;
2602         drm_i915_private_t *dev_priv = dev->dev_private;
2603         struct drm_i915_gem_object *obj_priv = obj->driver_private;
2604         struct drm_mm_node *free_space;
2605         gfp_t gfpmask =  __GFP_NORETRY | __GFP_NOWARN;
2606         int ret;
2607
2608         if (obj_priv->madv != I915_MADV_WILLNEED) {
2609                 DRM_ERROR("Attempting to bind a purgeable object\n");
2610                 return -EINVAL;
2611         }
2612
2613         if (alignment == 0)
2614                 alignment = i915_gem_get_gtt_alignment(obj);
2615         if (alignment & (i915_gem_get_gtt_alignment(obj) - 1)) {
2616                 DRM_ERROR("Invalid object alignment requested %u\n", alignment);
2617                 return -EINVAL;
2618         }
2619
2620  search_free:
2621         free_space = drm_mm_search_free(&dev_priv->mm.gtt_space,
2622                                         obj->size, alignment, 0);
2623         if (free_space != NULL) {
2624                 obj_priv->gtt_space = drm_mm_get_block(free_space, obj->size,
2625                                                        alignment);
2626                 if (obj_priv->gtt_space != NULL) {
2627                         obj_priv->gtt_space->private = obj;
2628                         obj_priv->gtt_offset = obj_priv->gtt_space->start;
2629                 }
2630         }
2631         if (obj_priv->gtt_space == NULL) {
2632                 /* If the gtt is empty and we're still having trouble
2633                  * fitting our object in, we're out of memory.
2634                  */
2635 #if WATCH_LRU
2636                 DRM_INFO("%s: GTT full, evicting something\n", __func__);
2637 #endif
2638                 ret = i915_gem_evict_something(dev, obj->size);
2639                 if (ret)
2640                         return ret;
2641
2642                 goto search_free;
2643         }
2644
2645 #if WATCH_BUF
2646         DRM_INFO("Binding object of size %zd at 0x%08x\n",
2647                  obj->size, obj_priv->gtt_offset);
2648 #endif
2649         ret = i915_gem_object_get_pages(obj, gfpmask);
2650         if (ret) {
2651                 drm_mm_put_block(obj_priv->gtt_space);
2652                 obj_priv->gtt_space = NULL;
2653
2654                 if (ret == -ENOMEM) {
2655                         /* first try to clear up some space from the GTT */
2656                         ret = i915_gem_evict_something(dev, obj->size);
2657                         if (ret) {
2658                                 /* now try to shrink everyone else */
2659                                 if (gfpmask) {
2660                                         gfpmask = 0;
2661                                         goto search_free;
2662                                 }
2663
2664                                 return ret;
2665                         }
2666
2667                         goto search_free;
2668                 }
2669
2670                 return ret;
2671         }
2672
2673         /* Create an AGP memory structure pointing at our pages, and bind it
2674          * into the GTT.
2675          */
2676         obj_priv->agp_mem = drm_agp_bind_pages(dev,
2677                                                obj_priv->pages,
2678                                                obj->size >> PAGE_SHIFT,
2679                                                obj_priv->gtt_offset,
2680                                                obj_priv->agp_type);
2681         if (obj_priv->agp_mem == NULL) {
2682                 i915_gem_object_put_pages(obj);
2683                 drm_mm_put_block(obj_priv->gtt_space);
2684                 obj_priv->gtt_space = NULL;
2685
2686                 ret = i915_gem_evict_something(dev, obj->size);
2687                 if (ret)
2688                         return ret;
2689
2690                 goto search_free;
2691         }
2692         atomic_inc(&dev->gtt_count);
2693         atomic_add(obj->size, &dev->gtt_memory);
2694
2695         /* Assert that the object is not currently in any GPU domain. As it
2696          * wasn't in the GTT, there shouldn't be any way it could have been in
2697          * a GPU cache
2698          */
2699         BUG_ON(obj->read_domains & I915_GEM_GPU_DOMAINS);
2700         BUG_ON(obj->write_domain & I915_GEM_GPU_DOMAINS);
2701
2702         trace_i915_gem_object_bind(obj, obj_priv->gtt_offset);
2703
2704         return 0;
2705 }
2706
2707 void
2708 i915_gem_clflush_object(struct drm_gem_object *obj)
2709 {
2710         struct drm_i915_gem_object      *obj_priv = obj->driver_private;
2711
2712         /* If we don't have a page list set up, then we're not pinned
2713          * to GPU, and we can ignore the cache flush because it'll happen
2714          * again at bind time.
2715          */
2716         if (obj_priv->pages == NULL)
2717                 return;
2718
2719         trace_i915_gem_object_clflush(obj);
2720
2721         drm_clflush_pages(obj_priv->pages, obj->size / PAGE_SIZE);
2722 }
2723
2724 /** Flushes any GPU write domain for the object if it's dirty. */
2725 static void
2726 i915_gem_object_flush_gpu_write_domain(struct drm_gem_object *obj)
2727 {
2728         struct drm_device *dev = obj->dev;
2729         uint32_t seqno;
2730         uint32_t old_write_domain;
2731
2732         if ((obj->write_domain & I915_GEM_GPU_DOMAINS) == 0)
2733                 return;
2734
2735         /* Queue the GPU write cache flushing we need. */
2736         old_write_domain = obj->write_domain;
2737         i915_gem_flush(dev, 0, obj->write_domain);
2738         seqno = i915_add_request(dev, NULL, obj->write_domain);
2739         BUG_ON(obj->write_domain);
2740         i915_gem_object_move_to_active(obj, seqno);
2741
2742         trace_i915_gem_object_change_domain(obj,
2743                                             obj->read_domains,
2744                                             old_write_domain);
2745 }
2746
2747 /** Flushes the GTT write domain for the object if it's dirty. */
2748 static void
2749 i915_gem_object_flush_gtt_write_domain(struct drm_gem_object *obj)
2750 {
2751         uint32_t old_write_domain;
2752
2753         if (obj->write_domain != I915_GEM_DOMAIN_GTT)
2754                 return;
2755
2756         /* No actual flushing is required for the GTT write domain.   Writes
2757          * to it immediately go to main memory as far as we know, so there's
2758          * no chipset flush.  It also doesn't land in render cache.
2759          */
2760         old_write_domain = obj->write_domain;
2761         obj->write_domain = 0;
2762
2763         trace_i915_gem_object_change_domain(obj,
2764                                             obj->read_domains,
2765                                             old_write_domain);
2766 }
2767
2768 /** Flushes the CPU write domain for the object if it's dirty. */
2769 static void
2770 i915_gem_object_flush_cpu_write_domain(struct drm_gem_object *obj)
2771 {
2772         struct drm_device *dev = obj->dev;
2773         uint32_t old_write_domain;
2774
2775         if (obj->write_domain != I915_GEM_DOMAIN_CPU)
2776                 return;
2777
2778         i915_gem_clflush_object(obj);
2779         drm_agp_chipset_flush(dev);
2780         old_write_domain = obj->write_domain;
2781         obj->write_domain = 0;
2782
2783         trace_i915_gem_object_change_domain(obj,
2784                                             obj->read_domains,
2785                                             old_write_domain);
2786 }
2787
2788 void
2789 i915_gem_object_flush_write_domain(struct drm_gem_object *obj)
2790 {
2791         switch (obj->write_domain) {
2792         case I915_GEM_DOMAIN_GTT:
2793                 i915_gem_object_flush_gtt_write_domain(obj);
2794                 break;
2795         case I915_GEM_DOMAIN_CPU:
2796                 i915_gem_object_flush_cpu_write_domain(obj);
2797                 break;
2798         default:
2799                 i915_gem_object_flush_gpu_write_domain(obj);
2800                 break;
2801         }
2802 }
2803
2804 /**
2805  * Moves a single object to the GTT read, and possibly write domain.
2806  *
2807  * This function returns when the move is complete, including waiting on
2808  * flushes to occur.
2809  */
2810 int
2811 i915_gem_object_set_to_gtt_domain(struct drm_gem_object *obj, int write)
2812 {
2813         struct drm_i915_gem_object *obj_priv = obj->driver_private;
2814         uint32_t old_write_domain, old_read_domains;
2815         int ret;
2816
2817         /* Not valid to be called on unbound objects. */
2818         if (obj_priv->gtt_space == NULL)
2819                 return -EINVAL;
2820
2821         i915_gem_object_flush_gpu_write_domain(obj);
2822         /* Wait on any GPU rendering and flushing to occur. */
2823         ret = i915_gem_object_wait_rendering(obj);
2824         if (ret != 0)
2825                 return ret;
2826
2827         old_write_domain = obj->write_domain;
2828         old_read_domains = obj->read_domains;
2829
2830         /* If we're writing through the GTT domain, then CPU and GPU caches
2831          * will need to be invalidated at next use.
2832          */
2833         if (write)
2834                 obj->read_domains &= I915_GEM_DOMAIN_GTT;
2835
2836         i915_gem_object_flush_cpu_write_domain(obj);
2837
2838         /* It should now be out of any other write domains, and we can update
2839          * the domain values for our changes.
2840          */
2841         BUG_ON((obj->write_domain & ~I915_GEM_DOMAIN_GTT) != 0);
2842         obj->read_domains |= I915_GEM_DOMAIN_GTT;
2843         if (write) {
2844                 obj->write_domain = I915_GEM_DOMAIN_GTT;
2845                 obj_priv->dirty = 1;
2846         }
2847
2848         trace_i915_gem_object_change_domain(obj,
2849                                             old_read_domains,
2850                                             old_write_domain);
2851
2852         return 0;
2853 }
2854
2855 /*
2856  * Prepare buffer for display plane. Use uninterruptible for possible flush
2857  * wait, as in modesetting process we're not supposed to be interrupted.
2858  */
2859 int
2860 i915_gem_object_set_to_display_plane(struct drm_gem_object *obj)
2861 {
2862         struct drm_device *dev = obj->dev;
2863         struct drm_i915_gem_object *obj_priv = obj->driver_private;
2864         uint32_t old_write_domain, old_read_domains;
2865         int ret;
2866
2867         /* Not valid to be called on unbound objects. */
2868         if (obj_priv->gtt_space == NULL)
2869                 return -EINVAL;
2870
2871         i915_gem_object_flush_gpu_write_domain(obj);
2872
2873         /* Wait on any GPU rendering and flushing to occur. */
2874         if (obj_priv->active) {
2875 #if WATCH_BUF
2876                 DRM_INFO("%s: object %p wait for seqno %08x\n",
2877                           __func__, obj, obj_priv->last_rendering_seqno);
2878 #endif
2879                 ret = i915_do_wait_request(dev, obj_priv->last_rendering_seqno, 0);
2880                 if (ret != 0)
2881                         return ret;
2882         }
2883
2884         old_write_domain = obj->write_domain;
2885         old_read_domains = obj->read_domains;
2886
2887         obj->read_domains &= I915_GEM_DOMAIN_GTT;
2888
2889         i915_gem_object_flush_cpu_write_domain(obj);
2890
2891         /* It should now be out of any other write domains, and we can update
2892          * the domain values for our changes.
2893          */
2894         BUG_ON((obj->write_domain & ~I915_GEM_DOMAIN_GTT) != 0);
2895         obj->read_domains |= I915_GEM_DOMAIN_GTT;
2896         obj->write_domain = I915_GEM_DOMAIN_GTT;
2897         obj_priv->dirty = 1;
2898
2899         trace_i915_gem_object_change_domain(obj,
2900                                             old_read_domains,
2901                                             old_write_domain);
2902
2903         return 0;
2904 }
2905
2906 /**
2907  * Moves a single object to the CPU read, and possibly write domain.
2908  *
2909  * This function returns when the move is complete, including waiting on
2910  * flushes to occur.
2911  */
2912 static int
2913 i915_gem_object_set_to_cpu_domain(struct drm_gem_object *obj, int write)
2914 {
2915         uint32_t old_write_domain, old_read_domains;
2916         int ret;
2917
2918         i915_gem_object_flush_gpu_write_domain(obj);
2919         /* Wait on any GPU rendering and flushing to occur. */
2920         ret = i915_gem_object_wait_rendering(obj);
2921         if (ret != 0)
2922                 return ret;
2923
2924         i915_gem_object_flush_gtt_write_domain(obj);
2925
2926         /* If we have a partially-valid cache of the object in the CPU,
2927          * finish invalidating it and free the per-page flags.
2928          */
2929         i915_gem_object_set_to_full_cpu_read_domain(obj);
2930
2931         old_write_domain = obj->write_domain;
2932         old_read_domains = obj->read_domains;
2933
2934         /* Flush the CPU cache if it's still invalid. */
2935         if ((obj->read_domains & I915_GEM_DOMAIN_CPU) == 0) {
2936                 i915_gem_clflush_object(obj);
2937
2938                 obj->read_domains |= I915_GEM_DOMAIN_CPU;
2939         }
2940
2941         /* It should now be out of any other write domains, and we can update
2942          * the domain values for our changes.
2943          */
2944         BUG_ON((obj->write_domain & ~I915_GEM_DOMAIN_CPU) != 0);
2945
2946         /* If we're writing through the CPU, then the GPU read domains will
2947          * need to be invalidated at next use.
2948          */
2949         if (write) {
2950                 obj->read_domains &= I915_GEM_DOMAIN_CPU;
2951                 obj->write_domain = I915_GEM_DOMAIN_CPU;
2952         }
2953
2954         trace_i915_gem_object_change_domain(obj,
2955                                             old_read_domains,
2956                                             old_write_domain);
2957
2958         return 0;
2959 }
2960
2961 /*
2962  * Set the next domain for the specified object. This
2963  * may not actually perform the necessary flushing/invaliding though,
2964  * as that may want to be batched with other set_domain operations
2965  *
2966  * This is (we hope) the only really tricky part of gem. The goal
2967  * is fairly simple -- track which caches hold bits of the object
2968  * and make sure they remain coherent. A few concrete examples may
2969  * help to explain how it works. For shorthand, we use the notation
2970  * (read_domains, write_domain), e.g. (CPU, CPU) to indicate the
2971  * a pair of read and write domain masks.
2972  *
2973  * Case 1: the batch buffer
2974  *
2975  *      1. Allocated
2976  *      2. Written by CPU
2977  *      3. Mapped to GTT
2978  *      4. Read by GPU
2979  *      5. Unmapped from GTT
2980  *      6. Freed
2981  *
2982  *      Let's take these a step at a time
2983  *
2984  *      1. Allocated
2985  *              Pages allocated from the kernel may still have
2986  *              cache contents, so we set them to (CPU, CPU) always.
2987  *      2. Written by CPU (using pwrite)
2988  *              The pwrite function calls set_domain (CPU, CPU) and
2989  *              this function does nothing (as nothing changes)
2990  *      3. Mapped by GTT
2991  *              This function asserts that the object is not
2992  *              currently in any GPU-based read or write domains
2993  *      4. Read by GPU
2994  *              i915_gem_execbuffer calls set_domain (COMMAND, 0).
2995  *              As write_domain is zero, this function adds in the
2996  *              current read domains (CPU+COMMAND, 0).
2997  *              flush_domains is set to CPU.
2998  *              invalidate_domains is set to COMMAND
2999  *              clflush is run to get data out of the CPU caches
3000  *              then i915_dev_set_domain calls i915_gem_flush to
3001  *              emit an MI_FLUSH and drm_agp_chipset_flush
3002  *      5. Unmapped from GTT
3003  *              i915_gem_object_unbind calls set_domain (CPU, CPU)
3004  *              flush_domains and invalidate_domains end up both zero
3005  *              so no flushing/invalidating happens
3006  *      6. Freed
3007  *              yay, done
3008  *
3009  * Case 2: The shared render buffer
3010  *
3011  *      1. Allocated
3012  *      2. Mapped to GTT
3013  *      3. Read/written by GPU
3014  *      4. set_domain to (CPU,CPU)
3015  *      5. Read/written by CPU
3016  *      6. Read/written by GPU
3017  *
3018  *      1. Allocated
3019  *              Same as last example, (CPU, CPU)
3020  *      2. Mapped to GTT
3021  *              Nothing changes (assertions find that it is not in the GPU)
3022  *      3. Read/written by GPU
3023  *              execbuffer calls set_domain (RENDER, RENDER)
3024  *              flush_domains gets CPU
3025  *              invalidate_domains gets GPU
3026  *              clflush (obj)
3027  *              MI_FLUSH and drm_agp_chipset_flush
3028  *      4. set_domain (CPU, CPU)
3029  *              flush_domains gets GPU
3030  *              invalidate_domains gets CPU
3031  *              wait_rendering (obj) to make sure all drawing is complete.
3032  *              This will include an MI_FLUSH to get the data from GPU
3033  *              to memory
3034  *              clflush (obj) to invalidate the CPU cache
3035  *              Another MI_FLUSH in i915_gem_flush (eliminate this somehow?)
3036  *      5. Read/written by CPU
3037  *              cache lines are loaded and dirtied
3038  *      6. Read written by GPU
3039  *              Same as last GPU access
3040  *
3041  * Case 3: The constant buffer
3042  *
3043  *      1. Allocated
3044  *      2. Written by CPU
3045  *      3. Read by GPU
3046  *      4. Updated (written) by CPU again
3047  *      5. Read by GPU
3048  *
3049  *      1. Allocated
3050  *              (CPU, CPU)
3051  *      2. Written by CPU
3052  *              (CPU, CPU)
3053  *      3. Read by GPU
3054  *              (CPU+RENDER, 0)
3055  *              flush_domains = CPU
3056  *              invalidate_domains = RENDER
3057  *              clflush (obj)
3058  *              MI_FLUSH
3059  *              drm_agp_chipset_flush
3060  *      4. Updated (written) by CPU again
3061  *              (CPU, CPU)
3062  *              flush_domains = 0 (no previous write domain)
3063  *              invalidate_domains = 0 (no new read domains)
3064  *      5. Read by GPU
3065  *              (CPU+RENDER, 0)
3066  *              flush_domains = CPU
3067  *              invalidate_domains = RENDER
3068  *              clflush (obj)
3069  *              MI_FLUSH
3070  *              drm_agp_chipset_flush
3071  */
3072 static void
3073 i915_gem_object_set_to_gpu_domain(struct drm_gem_object *obj)
3074 {
3075         struct drm_device               *dev = obj->dev;
3076         struct drm_i915_gem_object      *obj_priv = obj->driver_private;
3077         uint32_t                        invalidate_domains = 0;
3078         uint32_t                        flush_domains = 0;
3079         uint32_t                        old_read_domains;
3080
3081         BUG_ON(obj->pending_read_domains & I915_GEM_DOMAIN_CPU);
3082         BUG_ON(obj->pending_write_domain == I915_GEM_DOMAIN_CPU);
3083
3084         intel_mark_busy(dev, obj);
3085
3086 #if WATCH_BUF
3087         DRM_INFO("%s: object %p read %08x -> %08x write %08x -> %08x\n",
3088                  __func__, obj,
3089                  obj->read_domains, obj->pending_read_domains,
3090                  obj->write_domain, obj->pending_write_domain);
3091 #endif
3092         /*
3093          * If the object isn't moving to a new write domain,
3094          * let the object stay in multiple read domains
3095          */
3096         if (obj->pending_write_domain == 0)
3097                 obj->pending_read_domains |= obj->read_domains;
3098         else
3099                 obj_priv->dirty = 1;
3100
3101         /*
3102          * Flush the current write domain if
3103          * the new read domains don't match. Invalidate
3104          * any read domains which differ from the old
3105          * write domain
3106          */
3107         if (obj->write_domain &&
3108             obj->write_domain != obj->pending_read_domains) {
3109                 flush_domains |= obj->write_domain;
3110                 invalidate_domains |=
3111                         obj->pending_read_domains & ~obj->write_domain;
3112         }
3113         /*
3114          * Invalidate any read caches which may have
3115          * stale data. That is, any new read domains.
3116          */
3117         invalidate_domains |= obj->pending_read_domains & ~obj->read_domains;
3118         if ((flush_domains | invalidate_domains) & I915_GEM_DOMAIN_CPU) {
3119 #if WATCH_BUF
3120                 DRM_INFO("%s: CPU domain flush %08x invalidate %08x\n",
3121                          __func__, flush_domains, invalidate_domains);
3122 #endif
3123                 i915_gem_clflush_object(obj);
3124         }
3125
3126         old_read_domains = obj->read_domains;
3127
3128         /* The actual obj->write_domain will be updated with
3129          * pending_write_domain after we emit the accumulated flush for all
3130          * of our domain changes in execbuffers (which clears objects'
3131          * write_domains).  So if we have a current write domain that we
3132          * aren't changing, set pending_write_domain to that.
3133          */
3134         if (flush_domains == 0 && obj->pending_write_domain == 0)
3135                 obj->pending_write_domain = obj->write_domain;
3136         obj->read_domains = obj->pending_read_domains;
3137
3138         dev->invalidate_domains |= invalidate_domains;
3139         dev->flush_domains |= flush_domains;
3140 #if WATCH_BUF
3141         DRM_INFO("%s: read %08x write %08x invalidate %08x flush %08x\n",
3142                  __func__,
3143                  obj->read_domains, obj->write_domain,
3144                  dev->invalidate_domains, dev->flush_domains);
3145 #endif
3146
3147         trace_i915_gem_object_change_domain(obj,
3148                                             old_read_domains,
3149                                             obj->write_domain);
3150 }
3151
3152 /**
3153  * Moves the object from a partially CPU read to a full one.
3154  *
3155  * Note that this only resolves i915_gem_object_set_cpu_read_domain_range(),
3156  * and doesn't handle transitioning from !(read_domains & I915_GEM_DOMAIN_CPU).
3157  */
3158 static void
3159 i915_gem_object_set_to_full_cpu_read_domain(struct drm_gem_object *obj)
3160 {
3161         struct drm_i915_gem_object *obj_priv = obj->driver_private;
3162
3163         if (!obj_priv->page_cpu_valid)
3164                 return;
3165
3166         /* If we're partially in the CPU read domain, finish moving it in.
3167          */
3168         if (obj->read_domains & I915_GEM_DOMAIN_CPU) {
3169                 int i;
3170
3171                 for (i = 0; i <= (obj->size - 1) / PAGE_SIZE; i++) {
3172                         if (obj_priv->page_cpu_valid[i])
3173                                 continue;
3174                         drm_clflush_pages(obj_priv->pages + i, 1);
3175                 }
3176         }
3177
3178         /* Free the page_cpu_valid mappings which are now stale, whether
3179          * or not we've got I915_GEM_DOMAIN_CPU.
3180          */
3181         kfree(obj_priv->page_cpu_valid);
3182         obj_priv->page_cpu_valid = NULL;
3183 }
3184
3185 /**
3186  * Set the CPU read domain on a range of the object.
3187  *
3188  * The object ends up with I915_GEM_DOMAIN_CPU in its read flags although it's
3189  * not entirely valid.  The page_cpu_valid member of the object flags which
3190  * pages have been flushed, and will be respected by
3191  * i915_gem_object_set_to_cpu_domain() if it's called on to get a valid mapping
3192  * of the whole object.
3193  *
3194  * This function returns when the move is complete, including waiting on
3195  * flushes to occur.
3196  */
3197 static int
3198 i915_gem_object_set_cpu_read_domain_range(struct drm_gem_object *obj,
3199                                           uint64_t offset, uint64_t size)
3200 {
3201         struct drm_i915_gem_object *obj_priv = obj->driver_private;
3202         uint32_t old_read_domains;
3203         int i, ret;
3204
3205         if (offset == 0 && size == obj->size)
3206                 return i915_gem_object_set_to_cpu_domain(obj, 0);
3207
3208         i915_gem_object_flush_gpu_write_domain(obj);
3209         /* Wait on any GPU rendering and flushing to occur. */
3210         ret = i915_gem_object_wait_rendering(obj);
3211         if (ret != 0)
3212                 return ret;
3213         i915_gem_object_flush_gtt_write_domain(obj);
3214
3215         /* If we're already fully in the CPU read domain, we're done. */
3216         if (obj_priv->page_cpu_valid == NULL &&
3217             (obj->read_domains & I915_GEM_DOMAIN_CPU) != 0)
3218                 return 0;
3219
3220         /* Otherwise, create/clear the per-page CPU read domain flag if we're
3221          * newly adding I915_GEM_DOMAIN_CPU
3222          */
3223         if (obj_priv->page_cpu_valid == NULL) {
3224                 obj_priv->page_cpu_valid = kzalloc(obj->size / PAGE_SIZE,
3225                                                    GFP_KERNEL);
3226                 if (obj_priv->page_cpu_valid == NULL)
3227                         return -ENOMEM;
3228         } else if ((obj->read_domains & I915_GEM_DOMAIN_CPU) == 0)
3229                 memset(obj_priv->page_cpu_valid, 0, obj->size / PAGE_SIZE);
3230
3231         /* Flush the cache on any pages that are still invalid from the CPU's
3232          * perspective.
3233          */
3234         for (i = offset / PAGE_SIZE; i <= (offset + size - 1) / PAGE_SIZE;
3235              i++) {
3236                 if (obj_priv->page_cpu_valid[i])
3237                         continue;
3238
3239                 drm_clflush_pages(obj_priv->pages + i, 1);
3240
3241                 obj_priv->page_cpu_valid[i] = 1;
3242         }
3243
3244         /* It should now be out of any other write domains, and we can update
3245          * the domain values for our changes.
3246          */
3247         BUG_ON((obj->write_domain & ~I915_GEM_DOMAIN_CPU) != 0);
3248
3249         old_read_domains = obj->read_domains;
3250         obj->read_domains |= I915_GEM_DOMAIN_CPU;
3251
3252         trace_i915_gem_object_change_domain(obj,
3253                                             old_read_domains,
3254                                             obj->write_domain);
3255
3256         return 0;
3257 }
3258
3259 /**
3260  * Pin an object to the GTT and evaluate the relocations landing in it.
3261  */
3262 static int
3263 i915_gem_object_pin_and_relocate(struct drm_gem_object *obj,
3264                                  struct drm_file *file_priv,
3265                                  struct drm_i915_gem_exec_object2 *entry,
3266                                  struct drm_i915_gem_relocation_entry *relocs)
3267 {
3268         struct drm_device *dev = obj->dev;
3269         drm_i915_private_t *dev_priv = dev->dev_private;
3270         struct drm_i915_gem_object *obj_priv = obj->driver_private;
3271         int i, ret;
3272         void __iomem *reloc_page;
3273         bool need_fence;
3274
3275         need_fence = entry->flags & EXEC_OBJECT_NEEDS_FENCE &&
3276                      obj_priv->tiling_mode != I915_TILING_NONE;
3277
3278         /* Check fence reg constraints and rebind if necessary */
3279         if (need_fence && !i915_gem_object_fence_offset_ok(obj,
3280             obj_priv->tiling_mode))
3281                 i915_gem_object_unbind(obj);
3282
3283         /* Choose the GTT offset for our buffer and put it there. */
3284         ret = i915_gem_object_pin(obj, (uint32_t) entry->alignment);
3285         if (ret)
3286                 return ret;
3287
3288         /*
3289          * Pre-965 chips need a fence register set up in order to
3290          * properly handle blits to/from tiled surfaces.
3291          */
3292         if (need_fence) {
3293                 ret = i915_gem_object_get_fence_reg(obj);
3294                 if (ret != 0) {
3295                         if (ret != -EBUSY && ret != -ERESTARTSYS)
3296                                 DRM_ERROR("Failure to install fence: %d\n",
3297                                           ret);
3298                         i915_gem_object_unpin(obj);
3299                         return ret;
3300                 }
3301         }
3302
3303         entry->offset = obj_priv->gtt_offset;
3304
3305         /* Apply the relocations, using the GTT aperture to avoid cache
3306          * flushing requirements.
3307          */
3308         for (i = 0; i < entry->relocation_count; i++) {
3309                 struct drm_i915_gem_relocation_entry *reloc= &relocs[i];
3310                 struct drm_gem_object *target_obj;
3311                 struct drm_i915_gem_object *target_obj_priv;
3312                 uint32_t reloc_val, reloc_offset;
3313                 uint32_t __iomem *reloc_entry;
3314
3315                 target_obj = drm_gem_object_lookup(obj->dev, file_priv,
3316                                                    reloc->target_handle);
3317                 if (target_obj == NULL) {
3318                         i915_gem_object_unpin(obj);
3319                         return -EBADF;
3320                 }
3321                 target_obj_priv = target_obj->driver_private;
3322
3323 #if WATCH_RELOC
3324                 DRM_INFO("%s: obj %p offset %08x target %d "
3325                          "read %08x write %08x gtt %08x "
3326                          "presumed %08x delta %08x\n",
3327                          __func__,
3328                          obj,
3329                          (int) reloc->offset,
3330                          (int) reloc->target_handle,
3331                          (int) reloc->read_domains,
3332                          (int) reloc->write_domain,
3333                          (int) target_obj_priv->gtt_offset,
3334                          (int) reloc->presumed_offset,
3335                          reloc->delta);
3336 #endif
3337
3338                 /* The target buffer should have appeared before us in the
3339                  * exec_object list, so it should have a GTT space bound by now.
3340                  */
3341                 if (target_obj_priv->gtt_space == NULL) {
3342                         DRM_ERROR("No GTT space found for object %d\n",
3343                                   reloc->target_handle);
3344                         drm_gem_object_unreference(target_obj);
3345                         i915_gem_object_unpin(obj);
3346                         return -EINVAL;
3347                 }
3348
3349                 /* Validate that the target is in a valid r/w GPU domain */
3350                 if (reloc->write_domain & I915_GEM_DOMAIN_CPU ||
3351                     reloc->read_domains & I915_GEM_DOMAIN_CPU) {
3352                         DRM_ERROR("reloc with read/write CPU domains: "
3353                                   "obj %p target %d offset %d "
3354                                   "read %08x write %08x",
3355                                   obj, reloc->target_handle,
3356                                   (int) reloc->offset,
3357                                   reloc->read_domains,
3358                                   reloc->write_domain);
3359                         drm_gem_object_unreference(target_obj);
3360                         i915_gem_object_unpin(obj);
3361                         return -EINVAL;
3362                 }
3363                 if (reloc->write_domain && target_obj->pending_write_domain &&
3364                     reloc->write_domain != target_obj->pending_write_domain) {
3365                         DRM_ERROR("Write domain conflict: "
3366                                   "obj %p target %d offset %d "
3367                                   "new %08x old %08x\n",
3368                                   obj, reloc->target_handle,
3369                                   (int) reloc->offset,
3370                                   reloc->write_domain,
3371                                   target_obj->pending_write_domain);
3372                         drm_gem_object_unreference(target_obj);
3373                         i915_gem_object_unpin(obj);
3374                         return -EINVAL;
3375                 }
3376
3377                 target_obj->pending_read_domains |= reloc->read_domains;
3378                 target_obj->pending_write_domain |= reloc->write_domain;
3379
3380                 /* If the relocation already has the right value in it, no
3381                  * more work needs to be done.
3382                  */
3383                 if (target_obj_priv->gtt_offset == reloc->presumed_offset) {
3384                         drm_gem_object_unreference(target_obj);
3385                         continue;
3386                 }
3387
3388                 /* Check that the relocation address is valid... */
3389                 if (reloc->offset > obj->size - 4) {
3390                         DRM_ERROR("Relocation beyond object bounds: "
3391                                   "obj %p target %d offset %d size %d.\n",
3392                                   obj, reloc->target_handle,
3393                                   (int) reloc->offset, (int) obj->size);
3394                         drm_gem_object_unreference(target_obj);
3395                         i915_gem_object_unpin(obj);
3396                         return -EINVAL;
3397                 }
3398                 if (reloc->offset & 3) {
3399                         DRM_ERROR("Relocation not 4-byte aligned: "
3400                                   "obj %p target %d offset %d.\n",
3401                                   obj, reloc->target_handle,
3402                                   (int) reloc->offset);
3403                         drm_gem_object_unreference(target_obj);
3404                         i915_gem_object_unpin(obj);
3405                         return -EINVAL;
3406                 }
3407
3408                 /* and points to somewhere within the target object. */
3409                 if (reloc->delta >= target_obj->size) {
3410                         DRM_ERROR("Relocation beyond target object bounds: "
3411                                   "obj %p target %d delta %d size %d.\n",
3412                                   obj, reloc->target_handle,
3413                                   (int) reloc->delta, (int) target_obj->size);
3414                         drm_gem_object_unreference(target_obj);
3415                         i915_gem_object_unpin(obj);
3416                         return -EINVAL;
3417                 }
3418
3419                 ret = i915_gem_object_set_to_gtt_domain(obj, 1);
3420                 if (ret != 0) {
3421                         drm_gem_object_unreference(target_obj);
3422                         i915_gem_object_unpin(obj);
3423                         return -EINVAL;
3424                 }
3425
3426                 /* Map the page containing the relocation we're going to
3427                  * perform.
3428                  */
3429                 reloc_offset = obj_priv->gtt_offset + reloc->offset;
3430                 reloc_page = io_mapping_map_atomic_wc(dev_priv->mm.gtt_mapping,
3431                                                       (reloc_offset &
3432                                                        ~(PAGE_SIZE - 1)));
3433                 reloc_entry = (uint32_t __iomem *)(reloc_page +
3434                                                    (reloc_offset & (PAGE_SIZE - 1)));
3435                 reloc_val = target_obj_priv->gtt_offset + reloc->delta;
3436
3437 #if WATCH_BUF
3438                 DRM_INFO("Applied relocation: %p@0x%08x %08x -> %08x\n",
3439                           obj, (unsigned int) reloc->offset,
3440                           readl(reloc_entry), reloc_val);
3441 #endif
3442                 writel(reloc_val, reloc_entry);
3443                 io_mapping_unmap_atomic(reloc_page);
3444
3445                 /* The updated presumed offset for this entry will be
3446                  * copied back out to the user.
3447                  */
3448                 reloc->presumed_offset = target_obj_priv->gtt_offset;
3449
3450                 drm_gem_object_unreference(target_obj);
3451         }
3452
3453 #if WATCH_BUF
3454         if (0)
3455                 i915_gem_dump_object(obj, 128, __func__, ~0);
3456 #endif
3457         return 0;
3458 }
3459
3460 /** Dispatch a batchbuffer to the ring
3461  */
3462 static int
3463 i915_dispatch_gem_execbuffer(struct drm_device *dev,
3464                               struct drm_i915_gem_execbuffer2 *exec,
3465                               struct drm_clip_rect *cliprects,
3466                               uint64_t exec_offset)
3467 {
3468         drm_i915_private_t *dev_priv = dev->dev_private;
3469         int nbox = exec->num_cliprects;
3470         int i = 0, count;
3471         uint32_t exec_start, exec_len;
3472         RING_LOCALS;
3473
3474         exec_start = (uint32_t) exec_offset + exec->batch_start_offset;
3475         exec_len = (uint32_t) exec->batch_len;
3476
3477         trace_i915_gem_request_submit(dev, dev_priv->mm.next_gem_seqno + 1);
3478
3479         count = nbox ? nbox : 1;
3480
3481         for (i = 0; i < count; i++) {
3482                 if (i < nbox) {
3483                         int ret = i915_emit_box(dev, cliprects, i,
3484                                                 exec->DR1, exec->DR4);
3485                         if (ret)
3486                                 return ret;
3487                 }
3488
3489                 if (IS_I830(dev) || IS_845G(dev)) {
3490                         BEGIN_LP_RING(4);
3491                         OUT_RING(MI_BATCH_BUFFER);
3492                         OUT_RING(exec_start | MI_BATCH_NON_SECURE);
3493                         OUT_RING(exec_start + exec_len - 4);
3494                         OUT_RING(0);
3495                         ADVANCE_LP_RING();
3496                 } else {
3497                         BEGIN_LP_RING(2);
3498                         if (IS_I965G(dev)) {
3499                                 OUT_RING(MI_BATCH_BUFFER_START |
3500                                          (2 << 6) |
3501                                          MI_BATCH_NON_SECURE_I965);
3502                                 OUT_RING(exec_start);
3503                         } else {
3504                                 OUT_RING(MI_BATCH_BUFFER_START |
3505                                          (2 << 6));
3506                                 OUT_RING(exec_start | MI_BATCH_NON_SECURE);
3507                         }
3508                         ADVANCE_LP_RING();
3509                 }
3510         }
3511
3512         /* XXX breadcrumb */
3513         return 0;
3514 }
3515
3516 /* Throttle our rendering by waiting until the ring has completed our requests
3517  * emitted over 20 msec ago.
3518  *
3519  * Note that if we were to use the current jiffies each time around the loop,
3520  * we wouldn't escape the function with any frames outstanding if the time to
3521  * render a frame was over 20ms.
3522  *
3523  * This should get us reasonable parallelism between CPU and GPU but also
3524  * relatively low latency when blocking on a particular request to finish.
3525  */
3526 static int
3527 i915_gem_ring_throttle(struct drm_device *dev, struct drm_file *file_priv)
3528 {
3529         struct drm_i915_file_private *i915_file_priv = file_priv->driver_priv;
3530         int ret = 0;
3531         unsigned long recent_enough = jiffies - msecs_to_jiffies(20);
3532
3533         mutex_lock(&dev->struct_mutex);
3534         while (!list_empty(&i915_file_priv->mm.request_list)) {
3535                 struct drm_i915_gem_request *request;
3536
3537                 request = list_first_entry(&i915_file_priv->mm.request_list,
3538                                            struct drm_i915_gem_request,
3539                                            client_list);
3540
3541                 if (time_after_eq(request->emitted_jiffies, recent_enough))
3542                         break;
3543
3544                 ret = i915_wait_request(dev, request->seqno);
3545                 if (ret != 0)
3546                         break;
3547         }
3548         mutex_unlock(&dev->struct_mutex);
3549
3550         return ret;
3551 }
3552
3553 static int
3554 i915_gem_get_relocs_from_user(struct drm_i915_gem_exec_object2 *exec_list,
3555                               uint32_t buffer_count,
3556                               struct drm_i915_gem_relocation_entry **relocs)
3557 {
3558         uint32_t reloc_count = 0, reloc_index = 0, i;
3559         int ret;
3560
3561         *relocs = NULL;
3562         for (i = 0; i < buffer_count; i++) {
3563                 if (reloc_count + exec_list[i].relocation_count < reloc_count)
3564                         return -EINVAL;
3565                 reloc_count += exec_list[i].relocation_count;
3566         }
3567
3568         *relocs = drm_calloc_large(reloc_count, sizeof(**relocs));
3569         if (*relocs == NULL) {
3570                 DRM_ERROR("failed to alloc relocs, count %d\n", reloc_count);
3571                 return -ENOMEM;
3572         }
3573
3574         for (i = 0; i < buffer_count; i++) {
3575                 struct drm_i915_gem_relocation_entry __user *user_relocs;
3576
3577                 user_relocs = (void __user *)(uintptr_t)exec_list[i].relocs_ptr;
3578
3579                 ret = copy_from_user(&(*relocs)[reloc_index],
3580                                      user_relocs,
3581                                      exec_list[i].relocation_count *
3582                                      sizeof(**relocs));
3583                 if (ret != 0) {
3584                         drm_free_large(*relocs);
3585                         *relocs = NULL;
3586                         return -EFAULT;
3587                 }
3588
3589                 reloc_index += exec_list[i].relocation_count;
3590         }
3591
3592         return 0;
3593 }
3594
3595 static int
3596 i915_gem_put_relocs_to_user(struct drm_i915_gem_exec_object2 *exec_list,
3597                             uint32_t buffer_count,
3598                             struct drm_i915_gem_relocation_entry *relocs)
3599 {
3600         uint32_t reloc_count = 0, i;
3601         int ret = 0;
3602
3603         if (relocs == NULL)
3604             return 0;
3605
3606         for (i = 0; i < buffer_count; i++) {
3607                 struct drm_i915_gem_relocation_entry __user *user_relocs;
3608                 int unwritten;
3609
3610                 user_relocs = (void __user *)(uintptr_t)exec_list[i].relocs_ptr;
3611
3612                 unwritten = copy_to_user(user_relocs,
3613                                          &relocs[reloc_count],
3614                                          exec_list[i].relocation_count *
3615                                          sizeof(*relocs));
3616
3617                 if (unwritten) {
3618                         ret = -EFAULT;
3619                         goto err;
3620                 }
3621
3622                 reloc_count += exec_list[i].relocation_count;
3623         }
3624
3625 err:
3626         drm_free_large(relocs);
3627
3628         return ret;
3629 }
3630
3631 static int
3632 i915_gem_check_execbuffer (struct drm_i915_gem_execbuffer2 *exec,
3633                            uint64_t exec_offset)
3634 {
3635         uint32_t exec_start, exec_len;
3636
3637         exec_start = (uint32_t) exec_offset + exec->batch_start_offset;
3638         exec_len = (uint32_t) exec->batch_len;
3639
3640         if ((exec_start | exec_len) & 0x7)
3641                 return -EINVAL;
3642
3643         if (!exec_start)
3644                 return -EINVAL;
3645
3646         return 0;
3647 }
3648
3649 static int
3650 i915_gem_wait_for_pending_flip(struct drm_device *dev,
3651                                struct drm_gem_object **object_list,
3652                                int count)
3653 {
3654         drm_i915_private_t *dev_priv = dev->dev_private;
3655         struct drm_i915_gem_object *obj_priv;
3656         DEFINE_WAIT(wait);
3657         int i, ret = 0;
3658
3659         for (;;) {
3660                 prepare_to_wait(&dev_priv->pending_flip_queue,
3661                                 &wait, TASK_INTERRUPTIBLE);
3662                 for (i = 0; i < count; i++) {
3663                         obj_priv = object_list[i]->driver_private;
3664                         if (atomic_read(&obj_priv->pending_flip) > 0)
3665                                 break;
3666                 }
3667                 if (i == count)
3668                         break;
3669
3670                 if (!signal_pending(current)) {
3671                         mutex_unlock(&dev->struct_mutex);
3672                         schedule();
3673                         mutex_lock(&dev->struct_mutex);
3674                         continue;
3675                 }
3676                 ret = -ERESTARTSYS;
3677                 break;
3678         }
3679         finish_wait(&dev_priv->pending_flip_queue, &wait);
3680
3681         return ret;
3682 }
3683
3684 int
3685 i915_gem_do_execbuffer(struct drm_device *dev, void *data,
3686                        struct drm_file *file_priv,
3687                        struct drm_i915_gem_execbuffer2 *args,
3688                        struct drm_i915_gem_exec_object2 *exec_list)
3689 {
3690         drm_i915_private_t *dev_priv = dev->dev_private;
3691         struct drm_gem_object **object_list = NULL;
3692         struct drm_gem_object *batch_obj;
3693         struct drm_i915_gem_object *obj_priv;
3694         struct drm_clip_rect *cliprects = NULL;
3695         struct drm_i915_gem_relocation_entry *relocs = NULL;
3696         int ret = 0, ret2, i, pinned = 0;
3697         uint64_t exec_offset;
3698         uint32_t seqno, flush_domains, reloc_index;
3699         int pin_tries, flips;
3700
3701 #if WATCH_EXEC
3702         DRM_INFO("buffers_ptr %d buffer_count %d len %08x\n",
3703                   (int) args->buffers_ptr, args->buffer_count, args->batch_len);
3704 #endif
3705
3706         if (args->buffer_count < 1) {
3707                 DRM_ERROR("execbuf with %d buffers\n", args->buffer_count);
3708                 return -EINVAL;
3709         }
3710         object_list = drm_malloc_ab(sizeof(*object_list), args->buffer_count);
3711         if (object_list == NULL) {
3712                 DRM_ERROR("Failed to allocate object list for %d buffers\n",
3713                           args->buffer_count);
3714                 ret = -ENOMEM;
3715                 goto pre_mutex_err;
3716         }
3717
3718         if (args->num_cliprects != 0) {
3719                 cliprects = kcalloc(args->num_cliprects, sizeof(*cliprects),
3720                                     GFP_KERNEL);
3721                 if (cliprects == NULL) {
3722                         ret = -ENOMEM;
3723                         goto pre_mutex_err;
3724                 }
3725
3726                 ret = copy_from_user(cliprects,
3727                                      (struct drm_clip_rect __user *)
3728                                      (uintptr_t) args->cliprects_ptr,
3729                                      sizeof(*cliprects) * args->num_cliprects);
3730                 if (ret != 0) {
3731                         DRM_ERROR("copy %d cliprects failed: %d\n",
3732                                   args->num_cliprects, ret);
3733                         goto pre_mutex_err;
3734                 }
3735         }
3736
3737         ret = i915_gem_get_relocs_from_user(exec_list, args->buffer_count,
3738                                             &relocs);
3739         if (ret != 0)
3740                 goto pre_mutex_err;
3741
3742         mutex_lock(&dev->struct_mutex);
3743
3744         i915_verify_inactive(dev, __FILE__, __LINE__);
3745
3746         if (atomic_read(&dev_priv->mm.wedged)) {
3747                 mutex_unlock(&dev->struct_mutex);
3748                 ret = -EIO;
3749                 goto pre_mutex_err;
3750         }
3751
3752         if (dev_priv->mm.suspended) {
3753                 mutex_unlock(&dev->struct_mutex);
3754                 ret = -EBUSY;
3755                 goto pre_mutex_err;
3756         }
3757
3758         /* Look up object handles */
3759         flips = 0;
3760         for (i = 0; i < args->buffer_count; i++) {
3761                 object_list[i] = drm_gem_object_lookup(dev, file_priv,
3762                                                        exec_list[i].handle);
3763                 if (object_list[i] == NULL) {
3764                         DRM_ERROR("Invalid object handle %d at index %d\n",
3765                                    exec_list[i].handle, i);
3766                         /* prevent error path from reading uninitialized data */
3767                         args->buffer_count = i + 1;
3768                         ret = -EBADF;
3769                         goto err;
3770                 }
3771
3772                 obj_priv = object_list[i]->driver_private;
3773                 if (obj_priv->in_execbuffer) {
3774                         DRM_ERROR("Object %p appears more than once in object list\n",
3775                                    object_list[i]);
3776                         /* prevent error path from reading uninitialized data */
3777                         args->buffer_count = i + 1;
3778                         ret = -EBADF;
3779                         goto err;
3780                 }
3781                 obj_priv->in_execbuffer = true;
3782                 flips += atomic_read(&obj_priv->pending_flip);
3783         }
3784
3785         if (flips > 0) {
3786                 ret = i915_gem_wait_for_pending_flip(dev, object_list,
3787                                                      args->buffer_count);
3788                 if (ret)
3789                         goto err;
3790         }
3791
3792         /* Pin and relocate */
3793         for (pin_tries = 0; ; pin_tries++) {
3794                 ret = 0;
3795                 reloc_index = 0;
3796
3797                 for (i = 0; i < args->buffer_count; i++) {
3798                         object_list[i]->pending_read_domains = 0;
3799                         object_list[i]->pending_write_domain = 0;
3800                         ret = i915_gem_object_pin_and_relocate(object_list[i],
3801                                                                file_priv,
3802                                                                &exec_list[i],
3803                                                                &relocs[reloc_index]);
3804                         if (ret)
3805                                 break;
3806                         pinned = i + 1;
3807                         reloc_index += exec_list[i].relocation_count;
3808                 }
3809                 /* success */
3810                 if (ret == 0)
3811                         break;
3812
3813                 /* error other than GTT full, or we've already tried again */
3814                 if (ret != -ENOSPC || pin_tries >= 1) {
3815                         if (ret != -ERESTARTSYS) {
3816                                 unsigned long long total_size = 0;
3817                                 for (i = 0; i < args->buffer_count; i++)
3818                                         total_size += object_list[i]->size;
3819                                 DRM_ERROR("Failed to pin buffer %d of %d, total %llu bytes: %d\n",
3820                                           pinned+1, args->buffer_count,
3821                                           total_size, ret);
3822                                 DRM_ERROR("%d objects [%d pinned], "
3823                                           "%d object bytes [%d pinned], "
3824                                           "%d/%d gtt bytes\n",
3825                                           atomic_read(&dev->object_count),
3826                                           atomic_read(&dev->pin_count),
3827                                           atomic_read(&dev->object_memory),
3828                                           atomic_read(&dev->pin_memory),
3829                                           atomic_read(&dev->gtt_memory),
3830                                           dev->gtt_total);
3831                         }
3832                         goto err;
3833                 }
3834
3835                 /* unpin all of our buffers */
3836                 for (i = 0; i < pinned; i++)
3837                         i915_gem_object_unpin(object_list[i]);
3838                 pinned = 0;
3839
3840                 /* evict everyone we can from the aperture */
3841                 ret = i915_gem_evict_everything(dev);
3842                 if (ret && ret != -ENOSPC)
3843                         goto err;
3844         }
3845
3846         /* Set the pending read domains for the batch buffer to COMMAND */
3847         batch_obj = object_list[args->buffer_count-1];
3848         if (batch_obj->pending_write_domain) {
3849                 DRM_ERROR("Attempting to use self-modifying batch buffer\n");
3850                 ret = -EINVAL;
3851                 goto err;
3852         }
3853         batch_obj->pending_read_domains |= I915_GEM_DOMAIN_COMMAND;
3854
3855         /* Sanity check the batch buffer, prior to moving objects */
3856         exec_offset = exec_list[args->buffer_count - 1].offset;
3857         ret = i915_gem_check_execbuffer (args, exec_offset);
3858         if (ret != 0) {
3859                 DRM_ERROR("execbuf with invalid offset/length\n");
3860                 goto err;
3861         }
3862
3863         i915_verify_inactive(dev, __FILE__, __LINE__);
3864
3865         /* Zero the global flush/invalidate flags. These
3866          * will be modified as new domains are computed
3867          * for each object
3868          */
3869         dev->invalidate_domains = 0;
3870         dev->flush_domains = 0;
3871
3872         for (i = 0; i < args->buffer_count; i++) {
3873                 struct drm_gem_object *obj = object_list[i];
3874
3875                 /* Compute new gpu domains and update invalidate/flush */
3876                 i915_gem_object_set_to_gpu_domain(obj);
3877         }
3878
3879         i915_verify_inactive(dev, __FILE__, __LINE__);
3880
3881         if (dev->invalidate_domains | dev->flush_domains) {
3882 #if WATCH_EXEC
3883                 DRM_INFO("%s: invalidate_domains %08x flush_domains %08x\n",
3884                           __func__,
3885                          dev->invalidate_domains,
3886                          dev->flush_domains);
3887 #endif
3888                 i915_gem_flush(dev,
3889                                dev->invalidate_domains,
3890                                dev->flush_domains);
3891                 if (dev->flush_domains & I915_GEM_GPU_DOMAINS)
3892                         (void)i915_add_request(dev, file_priv,
3893                                                dev->flush_domains);
3894         }
3895
3896         for (i = 0; i < args->buffer_count; i++) {
3897                 struct drm_gem_object *obj = object_list[i];
3898                 struct drm_i915_gem_object *obj_priv = obj->driver_private;
3899                 uint32_t old_write_domain = obj->write_domain;
3900
3901                 obj->write_domain = obj->pending_write_domain;
3902                 if (obj->write_domain)
3903                         list_move_tail(&obj_priv->gpu_write_list,
3904                                        &dev_priv->mm.gpu_write_list);
3905                 else
3906                         list_del_init(&obj_priv->gpu_write_list);
3907
3908                 trace_i915_gem_object_change_domain(obj,
3909                                                     obj->read_domains,
3910                                                     old_write_domain);
3911         }
3912
3913         i915_verify_inactive(dev, __FILE__, __LINE__);
3914
3915 #if WATCH_COHERENCY
3916         for (i = 0; i < args->buffer_count; i++) {
3917                 i915_gem_object_check_coherency(object_list[i],
3918                                                 exec_list[i].handle);
3919         }
3920 #endif
3921
3922 #if WATCH_EXEC
3923         i915_gem_dump_object(batch_obj,
3924                               args->batch_len,
3925                               __func__,
3926                               ~0);
3927 #endif
3928
3929         /* Exec the batchbuffer */
3930         ret = i915_dispatch_gem_execbuffer(dev, args, cliprects, exec_offset);
3931         if (ret) {
3932                 DRM_ERROR("dispatch failed %d\n", ret);
3933                 goto err;
3934         }
3935
3936         /*
3937          * Ensure that the commands in the batch buffer are
3938          * finished before the interrupt fires
3939          */
3940         flush_domains = i915_retire_commands(dev);
3941
3942         i915_verify_inactive(dev, __FILE__, __LINE__);
3943
3944         /*
3945          * Get a seqno representing the execution of the current buffer,
3946          * which we can wait on.  We would like to mitigate these interrupts,
3947          * likely by only creating seqnos occasionally (so that we have
3948          * *some* interrupts representing completion of buffers that we can
3949          * wait on when trying to clear up gtt space).
3950          */
3951         seqno = i915_add_request(dev, file_priv, flush_domains);
3952         BUG_ON(seqno == 0);
3953         for (i = 0; i < args->buffer_count; i++) {
3954                 struct drm_gem_object *obj = object_list[i];
3955
3956                 i915_gem_object_move_to_active(obj, seqno);
3957 #if WATCH_LRU
3958                 DRM_INFO("%s: move to exec list %p\n", __func__, obj);
3959 #endif
3960         }
3961 #if WATCH_LRU
3962         i915_dump_lru(dev, __func__);
3963 #endif
3964
3965         i915_verify_inactive(dev, __FILE__, __LINE__);
3966
3967 err:
3968         for (i = 0; i < pinned; i++)
3969                 i915_gem_object_unpin(object_list[i]);
3970
3971         for (i = 0; i < args->buffer_count; i++) {
3972                 if (object_list[i]) {
3973                         obj_priv = object_list[i]->driver_private;
3974                         obj_priv->in_execbuffer = false;
3975                 }
3976                 drm_gem_object_unreference(object_list[i]);
3977         }
3978
3979         mutex_unlock(&dev->struct_mutex);
3980
3981 pre_mutex_err:
3982         /* Copy the updated relocations out regardless of current error
3983          * state.  Failure to update the relocs would mean that the next
3984          * time userland calls execbuf, it would do so with presumed offset
3985          * state that didn't match the actual object state.
3986          */
3987         ret2 = i915_gem_put_relocs_to_user(exec_list, args->buffer_count,
3988                                            relocs);
3989         if (ret2 != 0) {
3990                 DRM_ERROR("Failed to copy relocations back out: %d\n", ret2);
3991
3992                 if (ret == 0)
3993                         ret = ret2;
3994         }
3995
3996         drm_free_large(object_list);
3997         kfree(cliprects);
3998
3999         return ret;
4000 }
4001
4002 /*
4003  * Legacy execbuffer just creates an exec2 list from the original exec object
4004  * list array and passes it to the real function.
4005  */
4006 int
4007 i915_gem_execbuffer(struct drm_device *dev, void *data,
4008                     struct drm_file *file_priv)
4009 {
4010         struct drm_i915_gem_execbuffer *args = data;
4011         struct drm_i915_gem_execbuffer2 exec2;
4012         struct drm_i915_gem_exec_object *exec_list = NULL;
4013         struct drm_i915_gem_exec_object2 *exec2_list = NULL;
4014         int ret, i;
4015
4016 #if WATCH_EXEC
4017         DRM_INFO("buffers_ptr %d buffer_count %d len %08x\n",
4018                   (int) args->buffers_ptr, args->buffer_count, args->batch_len);
4019 #endif
4020
4021         if (args->buffer_count < 1) {
4022                 DRM_ERROR("execbuf with %d buffers\n", args->buffer_count);
4023                 return -EINVAL;
4024         }
4025
4026         /* Copy in the exec list from userland */
4027         exec_list = drm_malloc_ab(sizeof(*exec_list), args->buffer_count);
4028         exec2_list = drm_malloc_ab(sizeof(*exec2_list), args->buffer_count);
4029         if (exec_list == NULL || exec2_list == NULL) {
4030                 DRM_ERROR("Failed to allocate exec list for %d buffers\n",
4031                           args->buffer_count);
4032                 drm_free_large(exec_list);
4033                 drm_free_large(exec2_list);
4034                 return -ENOMEM;
4035         }
4036         ret = copy_from_user(exec_list,
4037                              (struct drm_i915_relocation_entry __user *)
4038                              (uintptr_t) args->buffers_ptr,
4039                              sizeof(*exec_list) * args->buffer_count);
4040         if (ret != 0) {
4041                 DRM_ERROR("copy %d exec entries failed %d\n",
4042                           args->buffer_count, ret);
4043                 drm_free_large(exec_list);
4044                 drm_free_large(exec2_list);
4045                 return -EFAULT;
4046         }
4047
4048         for (i = 0; i < args->buffer_count; i++) {
4049                 exec2_list[i].handle = exec_list[i].handle;
4050                 exec2_list[i].relocation_count = exec_list[i].relocation_count;
4051                 exec2_list[i].relocs_ptr = exec_list[i].relocs_ptr;
4052                 exec2_list[i].alignment = exec_list[i].alignment;
4053                 exec2_list[i].offset = exec_list[i].offset;
4054                 if (!IS_I965G(dev))
4055                         exec2_list[i].flags = EXEC_OBJECT_NEEDS_FENCE;
4056                 else
4057                         exec2_list[i].flags = 0;
4058         }
4059
4060         exec2.buffers_ptr = args->buffers_ptr;
4061         exec2.buffer_count = args->buffer_count;
4062         exec2.batch_start_offset = args->batch_start_offset;
4063         exec2.batch_len = args->batch_len;
4064         exec2.DR1 = args->DR1;
4065         exec2.DR4 = args->DR4;
4066         exec2.num_cliprects = args->num_cliprects;
4067         exec2.cliprects_ptr = args->cliprects_ptr;
4068         exec2.flags = 0;
4069
4070         ret = i915_gem_do_execbuffer(dev, data, file_priv, &exec2, exec2_list);
4071         if (!ret) {
4072                 /* Copy the new buffer offsets back to the user's exec list. */
4073                 for (i = 0; i < args->buffer_count; i++)
4074                         exec_list[i].offset = exec2_list[i].offset;
4075                 /* ... and back out to userspace */
4076                 ret = copy_to_user((struct drm_i915_relocation_entry __user *)
4077                                    (uintptr_t) args->buffers_ptr,
4078                                    exec_list,
4079                                    sizeof(*exec_list) * args->buffer_count);
4080                 if (ret) {
4081                         ret = -EFAULT;
4082                         DRM_ERROR("failed to copy %d exec entries "
4083                                   "back to user (%d)\n",
4084                                   args->buffer_count, ret);
4085                 }
4086         }
4087
4088         drm_free_large(exec_list);
4089         drm_free_large(exec2_list);
4090         return ret;
4091 }
4092
4093 int
4094 i915_gem_execbuffer2(struct drm_device *dev, void *data,
4095                      struct drm_file *file_priv)
4096 {
4097         struct drm_i915_gem_execbuffer2 *args = data;
4098         struct drm_i915_gem_exec_object2 *exec2_list = NULL;
4099         int ret;
4100
4101 #if WATCH_EXEC
4102         DRM_INFO("buffers_ptr %d buffer_count %d len %08x\n",
4103                   (int) args->buffers_ptr, args->buffer_count, args->batch_len);
4104 #endif
4105
4106         if (args->buffer_count < 1) {
4107                 DRM_ERROR("execbuf2 with %d buffers\n", args->buffer_count);
4108                 return -EINVAL;
4109         }
4110
4111         exec2_list = drm_malloc_ab(sizeof(*exec2_list), args->buffer_count);
4112         if (exec2_list == NULL) {
4113                 DRM_ERROR("Failed to allocate exec list for %d buffers\n",
4114                           args->buffer_count);
4115                 return -ENOMEM;
4116         }
4117         ret = copy_from_user(exec2_list,
4118                              (struct drm_i915_relocation_entry __user *)
4119                              (uintptr_t) args->buffers_ptr,
4120                              sizeof(*exec2_list) * args->buffer_count);
4121         if (ret != 0) {
4122                 DRM_ERROR("copy %d exec entries failed %d\n",
4123                           args->buffer_count, ret);
4124                 drm_free_large(exec2_list);
4125                 return -EFAULT;
4126         }
4127
4128         ret = i915_gem_do_execbuffer(dev, data, file_priv, args, exec2_list);
4129         if (!ret) {
4130                 /* Copy the new buffer offsets back to the user's exec list. */
4131                 ret = copy_to_user((struct drm_i915_relocation_entry __user *)
4132                                    (uintptr_t) args->buffers_ptr,
4133                                    exec2_list,
4134                                    sizeof(*exec2_list) * args->buffer_count);
4135                 if (ret) {
4136                         ret = -EFAULT;
4137                         DRM_ERROR("failed to copy %d exec entries "
4138                                   "back to user (%d)\n",
4139                                   args->buffer_count, ret);
4140                 }
4141         }
4142
4143         drm_free_large(exec2_list);
4144         return ret;
4145 }
4146
4147 int
4148 i915_gem_object_pin(struct drm_gem_object *obj, uint32_t alignment)
4149 {
4150         struct drm_device *dev = obj->dev;
4151         struct drm_i915_gem_object *obj_priv = obj->driver_private;
4152         int ret;
4153
4154         i915_verify_inactive(dev, __FILE__, __LINE__);
4155         if (obj_priv->gtt_space == NULL) {
4156                 ret = i915_gem_object_bind_to_gtt(obj, alignment);
4157                 if (ret)
4158                         return ret;
4159         }
4160
4161         obj_priv->pin_count++;
4162
4163         /* If the object is not active and not pending a flush,
4164          * remove it from the inactive list
4165          */
4166         if (obj_priv->pin_count == 1) {
4167                 atomic_inc(&dev->pin_count);
4168                 atomic_add(obj->size, &dev->pin_memory);
4169                 if (!obj_priv->active &&
4170                     (obj->write_domain & I915_GEM_GPU_DOMAINS) == 0 &&
4171                     !list_empty(&obj_priv->list))
4172                         list_del_init(&obj_priv->list);
4173         }
4174         i915_verify_inactive(dev, __FILE__, __LINE__);
4175
4176         return 0;
4177 }
4178
4179 void
4180 i915_gem_object_unpin(struct drm_gem_object *obj)
4181 {
4182         struct drm_device *dev = obj->dev;
4183         drm_i915_private_t *dev_priv = dev->dev_private;
4184         struct drm_i915_gem_object *obj_priv = obj->driver_private;
4185
4186         i915_verify_inactive(dev, __FILE__, __LINE__);
4187         obj_priv->pin_count--;
4188         BUG_ON(obj_priv->pin_count < 0);
4189         BUG_ON(obj_priv->gtt_space == NULL);
4190
4191         /* If the object is no longer pinned, and is
4192          * neither active nor being flushed, then stick it on
4193          * the inactive list
4194          */
4195         if (obj_priv->pin_count == 0) {
4196                 if (!obj_priv->active &&
4197                     (obj->write_domain & I915_GEM_GPU_DOMAINS) == 0)
4198                         list_move_tail(&obj_priv->list,
4199                                        &dev_priv->mm.inactive_list);
4200                 atomic_dec(&dev->pin_count);
4201                 atomic_sub(obj->size, &dev->pin_memory);
4202         }
4203         i915_verify_inactive(dev, __FILE__, __LINE__);
4204 }
4205
4206 int
4207 i915_gem_pin_ioctl(struct drm_device *dev, void *data,
4208                    struct drm_file *file_priv)
4209 {
4210         struct drm_i915_gem_pin *args = data;
4211         struct drm_gem_object *obj;
4212         struct drm_i915_gem_object *obj_priv;
4213         int ret;
4214
4215         mutex_lock(&dev->struct_mutex);
4216
4217         obj = drm_gem_object_lookup(dev, file_priv, args->handle);
4218         if (obj == NULL) {
4219                 DRM_ERROR("Bad handle in i915_gem_pin_ioctl(): %d\n",
4220                           args->handle);
4221                 mutex_unlock(&dev->struct_mutex);
4222                 return -EBADF;
4223         }
4224         obj_priv = obj->driver_private;
4225
4226         if (obj_priv->madv != I915_MADV_WILLNEED) {
4227                 DRM_ERROR("Attempting to pin a purgeable buffer\n");
4228                 drm_gem_object_unreference(obj);
4229                 mutex_unlock(&dev->struct_mutex);
4230                 return -EINVAL;
4231         }
4232
4233         if (obj_priv->pin_filp != NULL && obj_priv->pin_filp != file_priv) {
4234                 DRM_ERROR("Already pinned in i915_gem_pin_ioctl(): %d\n",
4235                           args->handle);
4236                 drm_gem_object_unreference(obj);
4237                 mutex_unlock(&dev->struct_mutex);
4238                 return -EINVAL;
4239         }
4240
4241         obj_priv->user_pin_count++;
4242         obj_priv->pin_filp = file_priv;
4243         if (obj_priv->user_pin_count == 1) {
4244                 ret = i915_gem_object_pin(obj, args->alignment);
4245                 if (ret != 0) {
4246                         drm_gem_object_unreference(obj);
4247                         mutex_unlock(&dev->struct_mutex);
4248                         return ret;
4249                 }
4250         }
4251
4252         /* XXX - flush the CPU caches for pinned objects
4253          * as the X server doesn't manage domains yet
4254          */
4255         i915_gem_object_flush_cpu_write_domain(obj);
4256         args->offset = obj_priv->gtt_offset;
4257         drm_gem_object_unreference(obj);
4258         mutex_unlock(&dev->struct_mutex);
4259
4260         return 0;
4261 }
4262
4263 int
4264 i915_gem_unpin_ioctl(struct drm_device *dev, void *data,
4265                      struct drm_file *file_priv)
4266 {
4267         struct drm_i915_gem_pin *args = data;
4268         struct drm_gem_object *obj;
4269         struct drm_i915_gem_object *obj_priv;
4270
4271         mutex_lock(&dev->struct_mutex);
4272
4273         obj = drm_gem_object_lookup(dev, file_priv, args->handle);
4274         if (obj == NULL) {
4275                 DRM_ERROR("Bad handle in i915_gem_unpin_ioctl(): %d\n",
4276                           args->handle);
4277                 mutex_unlock(&dev->struct_mutex);
4278                 return -EBADF;
4279         }
4280
4281         obj_priv = obj->driver_private;
4282         if (obj_priv->pin_filp != file_priv) {
4283                 DRM_ERROR("Not pinned by caller in i915_gem_pin_ioctl(): %d\n",
4284                           args->handle);
4285                 drm_gem_object_unreference(obj);
4286                 mutex_unlock(&dev->struct_mutex);
4287                 return -EINVAL;
4288         }
4289         obj_priv->user_pin_count--;
4290         if (obj_priv->user_pin_count == 0) {
4291                 obj_priv->pin_filp = NULL;
4292                 i915_gem_object_unpin(obj);
4293         }
4294
4295         drm_gem_object_unreference(obj);
4296         mutex_unlock(&dev->struct_mutex);
4297         return 0;
4298 }
4299
4300 int
4301 i915_gem_busy_ioctl(struct drm_device *dev, void *data,
4302                     struct drm_file *file_priv)
4303 {
4304         struct drm_i915_gem_busy *args = data;
4305         struct drm_gem_object *obj;
4306         struct drm_i915_gem_object *obj_priv;
4307
4308         obj = drm_gem_object_lookup(dev, file_priv, args->handle);
4309         if (obj == NULL) {
4310                 DRM_ERROR("Bad handle in i915_gem_busy_ioctl(): %d\n",
4311                           args->handle);
4312                 return -EBADF;
4313         }
4314
4315         mutex_lock(&dev->struct_mutex);
4316         /* Update the active list for the hardware's current position.
4317          * Otherwise this only updates on a delayed timer or when irqs are
4318          * actually unmasked, and our working set ends up being larger than
4319          * required.
4320          */
4321         i915_gem_retire_requests(dev);
4322
4323         obj_priv = obj->driver_private;
4324         /* Don't count being on the flushing list against the object being
4325          * done.  Otherwise, a buffer left on the flushing list but not getting
4326          * flushed (because nobody's flushing that domain) won't ever return
4327          * unbusy and get reused by libdrm's bo cache.  The other expected
4328          * consumer of this interface, OpenGL's occlusion queries, also specs
4329          * that the objects get unbusy "eventually" without any interference.
4330          */
4331         args->busy = obj_priv->active && obj_priv->last_rendering_seqno != 0;
4332
4333         drm_gem_object_unreference(obj);
4334         mutex_unlock(&dev->struct_mutex);
4335         return 0;
4336 }
4337
4338 int
4339 i915_gem_throttle_ioctl(struct drm_device *dev, void *data,
4340                         struct drm_file *file_priv)
4341 {
4342     return i915_gem_ring_throttle(dev, file_priv);
4343 }
4344
4345 int
4346 i915_gem_madvise_ioctl(struct drm_device *dev, void *data,
4347                        struct drm_file *file_priv)
4348 {
4349         struct drm_i915_gem_madvise *args = data;
4350         struct drm_gem_object *obj;
4351         struct drm_i915_gem_object *obj_priv;
4352
4353         switch (args->madv) {
4354         case I915_MADV_DONTNEED:
4355         case I915_MADV_WILLNEED:
4356             break;
4357         default:
4358             return -EINVAL;
4359         }
4360
4361         obj = drm_gem_object_lookup(dev, file_priv, args->handle);
4362         if (obj == NULL) {
4363                 DRM_ERROR("Bad handle in i915_gem_madvise_ioctl(): %d\n",
4364                           args->handle);
4365                 return -EBADF;
4366         }
4367
4368         mutex_lock(&dev->struct_mutex);
4369         obj_priv = obj->driver_private;
4370
4371         if (obj_priv->pin_count) {
4372                 drm_gem_object_unreference(obj);
4373                 mutex_unlock(&dev->struct_mutex);
4374
4375                 DRM_ERROR("Attempted i915_gem_madvise_ioctl() on a pinned object\n");
4376                 return -EINVAL;
4377         }
4378
4379         if (obj_priv->madv != __I915_MADV_PURGED)
4380                 obj_priv->madv = args->madv;
4381
4382         /* if the object is no longer bound, discard its backing storage */
4383         if (i915_gem_object_is_purgeable(obj_priv) &&
4384             obj_priv->gtt_space == NULL)
4385                 i915_gem_object_truncate(obj);
4386
4387         args->retained = obj_priv->madv != __I915_MADV_PURGED;
4388
4389         drm_gem_object_unreference(obj);
4390         mutex_unlock(&dev->struct_mutex);
4391
4392         return 0;
4393 }
4394
4395 int i915_gem_init_object(struct drm_gem_object *obj)
4396 {
4397         struct drm_i915_gem_object *obj_priv;
4398
4399         obj_priv = kzalloc(sizeof(*obj_priv), GFP_KERNEL);
4400         if (obj_priv == NULL)
4401                 return -ENOMEM;
4402
4403         /*
4404          * We've just allocated pages from the kernel,
4405          * so they've just been written by the CPU with
4406          * zeros. They'll need to be clflushed before we
4407          * use them with the GPU.
4408          */
4409         obj->write_domain = I915_GEM_DOMAIN_CPU;
4410         obj->read_domains = I915_GEM_DOMAIN_CPU;
4411
4412         obj_priv->agp_type = AGP_USER_MEMORY;
4413
4414         obj->driver_private = obj_priv;
4415         obj_priv->obj = obj;
4416         obj_priv->fence_reg = I915_FENCE_REG_NONE;
4417         INIT_LIST_HEAD(&obj_priv->list);
4418         INIT_LIST_HEAD(&obj_priv->gpu_write_list);
4419         INIT_LIST_HEAD(&obj_priv->fence_list);
4420         obj_priv->madv = I915_MADV_WILLNEED;
4421
4422         trace_i915_gem_object_create(obj);
4423
4424         return 0;
4425 }
4426
4427 void i915_gem_free_object(struct drm_gem_object *obj)
4428 {
4429         struct drm_device *dev = obj->dev;
4430         struct drm_i915_gem_object *obj_priv = obj->driver_private;
4431
4432         trace_i915_gem_object_destroy(obj);
4433
4434         while (obj_priv->pin_count > 0)
4435                 i915_gem_object_unpin(obj);
4436
4437         if (obj_priv->phys_obj)
4438                 i915_gem_detach_phys_object(dev, obj);
4439
4440         i915_gem_object_unbind(obj);
4441
4442         if (obj_priv->mmap_offset)
4443                 i915_gem_free_mmap_offset(obj);
4444
4445         kfree(obj_priv->page_cpu_valid);
4446         kfree(obj_priv->bit_17);
4447         kfree(obj->driver_private);
4448 }
4449
4450 /** Unbinds all inactive objects. */
4451 static int
4452 i915_gem_evict_from_inactive_list(struct drm_device *dev)
4453 {
4454         drm_i915_private_t *dev_priv = dev->dev_private;
4455
4456         while (!list_empty(&dev_priv->mm.inactive_list)) {
4457                 struct drm_gem_object *obj;
4458                 int ret;
4459
4460                 obj = list_first_entry(&dev_priv->mm.inactive_list,
4461                                        struct drm_i915_gem_object,
4462                                        list)->obj;
4463
4464                 ret = i915_gem_object_unbind(obj);
4465                 if (ret != 0) {
4466                         DRM_ERROR("Error unbinding object: %d\n", ret);
4467                         return ret;
4468                 }
4469         }
4470
4471         return 0;
4472 }
4473
4474 static int
4475 i915_gpu_idle(struct drm_device *dev)
4476 {
4477         drm_i915_private_t *dev_priv = dev->dev_private;
4478         bool lists_empty;
4479         uint32_t seqno;
4480
4481         spin_lock(&dev_priv->mm.active_list_lock);
4482         lists_empty = list_empty(&dev_priv->mm.flushing_list) &&
4483                       list_empty(&dev_priv->mm.active_list);
4484         spin_unlock(&dev_priv->mm.active_list_lock);
4485
4486         if (lists_empty)
4487                 return 0;
4488
4489         /* Flush everything onto the inactive list. */
4490         i915_gem_flush(dev, I915_GEM_GPU_DOMAINS, I915_GEM_GPU_DOMAINS);
4491         seqno = i915_add_request(dev, NULL, I915_GEM_GPU_DOMAINS);
4492         if (seqno == 0)
4493                 return -ENOMEM;
4494
4495         return i915_wait_request(dev, seqno);
4496 }
4497
4498 int
4499 i915_gem_idle(struct drm_device *dev)
4500 {
4501         drm_i915_private_t *dev_priv = dev->dev_private;
4502         int ret;
4503
4504         mutex_lock(&dev->struct_mutex);
4505
4506         if (dev_priv->mm.suspended || dev_priv->ring.ring_obj == NULL) {
4507                 mutex_unlock(&dev->struct_mutex);
4508                 return 0;
4509         }
4510
4511         ret = i915_gpu_idle(dev);
4512         if (ret) {
4513                 mutex_unlock(&dev->struct_mutex);
4514                 return ret;
4515         }
4516
4517         /* Under UMS, be paranoid and evict. */
4518         if (!drm_core_check_feature(dev, DRIVER_MODESET)) {
4519                 ret = i915_gem_evict_from_inactive_list(dev);
4520                 if (ret) {
4521                         mutex_unlock(&dev->struct_mutex);
4522                         return ret;
4523                 }
4524         }
4525
4526         /* Hack!  Don't let anybody do execbuf while we don't control the chip.
4527          * We need to replace this with a semaphore, or something.
4528          * And not confound mm.suspended!
4529          */
4530         dev_priv->mm.suspended = 1;
4531         del_timer(&dev_priv->hangcheck_timer);
4532
4533         i915_kernel_lost_context(dev);
4534         i915_gem_cleanup_ringbuffer(dev);
4535
4536         mutex_unlock(&dev->struct_mutex);
4537
4538         /* Cancel the retire work handler, which should be idle now. */
4539         cancel_delayed_work_sync(&dev_priv->mm.retire_work);
4540
4541         return 0;
4542 }
4543
4544 static int
4545 i915_gem_init_hws(struct drm_device *dev)
4546 {
4547         drm_i915_private_t *dev_priv = dev->dev_private;
4548         struct drm_gem_object *obj;
4549         struct drm_i915_gem_object *obj_priv;
4550         int ret;
4551
4552         /* If we need a physical address for the status page, it's already
4553          * initialized at driver load time.
4554          */
4555         if (!I915_NEED_GFX_HWS(dev))
4556                 return 0;
4557
4558         obj = drm_gem_object_alloc(dev, 4096);
4559         if (obj == NULL) {
4560                 DRM_ERROR("Failed to allocate status page\n");
4561                 return -ENOMEM;
4562         }
4563         obj_priv = obj->driver_private;
4564         obj_priv->agp_type = AGP_USER_CACHED_MEMORY;
4565
4566         ret = i915_gem_object_pin(obj, 4096);
4567         if (ret != 0) {
4568                 drm_gem_object_unreference(obj);
4569                 return ret;
4570         }
4571
4572         dev_priv->status_gfx_addr = obj_priv->gtt_offset;
4573
4574         dev_priv->hw_status_page = kmap(obj_priv->pages[0]);
4575         if (dev_priv->hw_status_page == NULL) {
4576                 DRM_ERROR("Failed to map status page.\n");
4577                 memset(&dev_priv->hws_map, 0, sizeof(dev_priv->hws_map));
4578                 i915_gem_object_unpin(obj);
4579                 drm_gem_object_unreference(obj);
4580                 return -EINVAL;
4581         }
4582         dev_priv->hws_obj = obj;
4583         memset(dev_priv->hw_status_page, 0, PAGE_SIZE);
4584         if (IS_GEN6(dev)) {
4585                 I915_WRITE(HWS_PGA_GEN6, dev_priv->status_gfx_addr);
4586                 I915_READ(HWS_PGA_GEN6); /* posting read */
4587         } else {
4588                 I915_WRITE(HWS_PGA, dev_priv->status_gfx_addr);
4589                 I915_READ(HWS_PGA); /* posting read */
4590         }
4591         DRM_DEBUG_DRIVER("hws offset: 0x%08x\n", dev_priv->status_gfx_addr);
4592
4593         return 0;
4594 }
4595
4596 static void
4597 i915_gem_cleanup_hws(struct drm_device *dev)
4598 {
4599         drm_i915_private_t *dev_priv = dev->dev_private;
4600         struct drm_gem_object *obj;
4601         struct drm_i915_gem_object *obj_priv;
4602
4603         if (dev_priv->hws_obj == NULL)
4604                 return;
4605
4606         obj = dev_priv->hws_obj;
4607         obj_priv = obj->driver_private;
4608
4609         kunmap(obj_priv->pages[0]);
4610         i915_gem_object_unpin(obj);
4611         drm_gem_object_unreference(obj);
4612         dev_priv->hws_obj = NULL;
4613
4614         memset(&dev_priv->hws_map, 0, sizeof(dev_priv->hws_map));
4615         dev_priv->hw_status_page = NULL;
4616
4617         /* Write high address into HWS_PGA when disabling. */
4618         I915_WRITE(HWS_PGA, 0x1ffff000);
4619 }
4620
4621 int
4622 i915_gem_init_ringbuffer(struct drm_device *dev)
4623 {
4624         drm_i915_private_t *dev_priv = dev->dev_private;
4625         struct drm_gem_object *obj;
4626         struct drm_i915_gem_object *obj_priv;
4627         drm_i915_ring_buffer_t *ring = &dev_priv->ring;
4628         int ret;
4629         u32 head;
4630
4631         ret = i915_gem_init_hws(dev);
4632         if (ret != 0)
4633                 return ret;
4634
4635         obj = drm_gem_object_alloc(dev, 128 * 1024);
4636         if (obj == NULL) {
4637                 DRM_ERROR("Failed to allocate ringbuffer\n");
4638                 i915_gem_cleanup_hws(dev);
4639                 return -ENOMEM;
4640         }
4641         obj_priv = obj->driver_private;
4642
4643         ret = i915_gem_object_pin(obj, 4096);
4644         if (ret != 0) {
4645                 drm_gem_object_unreference(obj);
4646                 i915_gem_cleanup_hws(dev);
4647                 return ret;
4648         }
4649
4650         /* Set up the kernel mapping for the ring. */
4651         ring->Size = obj->size;
4652
4653         ring->map.offset = dev->agp->base + obj_priv->gtt_offset;
4654         ring->map.size = obj->size;
4655         ring->map.type = 0;
4656         ring->map.flags = 0;
4657         ring->map.mtrr = 0;
4658
4659         drm_core_ioremap_wc(&ring->map, dev);
4660         if (ring->map.handle == NULL) {
4661                 DRM_ERROR("Failed to map ringbuffer.\n");
4662                 memset(&dev_priv->ring, 0, sizeof(dev_priv->ring));
4663                 i915_gem_object_unpin(obj);
4664                 drm_gem_object_unreference(obj);
4665                 i915_gem_cleanup_hws(dev);
4666                 return -EINVAL;
4667         }
4668         ring->ring_obj = obj;
4669         ring->virtual_start = ring->map.handle;
4670
4671         /* Stop the ring if it's running. */
4672         I915_WRITE(PRB0_CTL, 0);
4673         I915_WRITE(PRB0_TAIL, 0);
4674         I915_WRITE(PRB0_HEAD, 0);
4675
4676         /* Initialize the ring. */
4677         I915_WRITE(PRB0_START, obj_priv->gtt_offset);
4678         head = I915_READ(PRB0_HEAD) & HEAD_ADDR;
4679
4680         /* G45 ring initialization fails to reset head to zero */
4681         if (head != 0) {
4682                 DRM_ERROR("Ring head not reset to zero "
4683                           "ctl %08x head %08x tail %08x start %08x\n",
4684                           I915_READ(PRB0_CTL),
4685                           I915_READ(PRB0_HEAD),
4686                           I915_READ(PRB0_TAIL),
4687                           I915_READ(PRB0_START));
4688                 I915_WRITE(PRB0_HEAD, 0);
4689
4690                 DRM_ERROR("Ring head forced to zero "
4691                           "ctl %08x head %08x tail %08x start %08x\n",
4692                           I915_READ(PRB0_CTL),
4693                           I915_READ(PRB0_HEAD),
4694                           I915_READ(PRB0_TAIL),
4695                           I915_READ(PRB0_START));
4696         }
4697
4698         I915_WRITE(PRB0_CTL,
4699                    ((obj->size - 4096) & RING_NR_PAGES) |
4700                    RING_NO_REPORT |
4701                    RING_VALID);
4702
4703         head = I915_READ(PRB0_HEAD) & HEAD_ADDR;
4704
4705         /* If the head is still not zero, the ring is dead */
4706         if (head != 0) {
4707                 DRM_ERROR("Ring initialization failed "
4708                           "ctl %08x head %08x tail %08x start %08x\n",
4709                           I915_READ(PRB0_CTL),
4710                           I915_READ(PRB0_HEAD),
4711                           I915_READ(PRB0_TAIL),
4712                           I915_READ(PRB0_START));
4713                 return -EIO;
4714         }
4715
4716         /* Update our cache of the ring state */
4717         if (!drm_core_check_feature(dev, DRIVER_MODESET))
4718                 i915_kernel_lost_context(dev);
4719         else {
4720                 ring->head = I915_READ(PRB0_HEAD) & HEAD_ADDR;
4721                 ring->tail = I915_READ(PRB0_TAIL) & TAIL_ADDR;
4722                 ring->space = ring->head - (ring->tail + 8);
4723                 if (ring->space < 0)
4724                         ring->space += ring->Size;
4725         }
4726
4727         return 0;
4728 }
4729
4730 void
4731 i915_gem_cleanup_ringbuffer(struct drm_device *dev)
4732 {
4733         drm_i915_private_t *dev_priv = dev->dev_private;
4734
4735         if (dev_priv->ring.ring_obj == NULL)
4736                 return;
4737
4738         drm_core_ioremapfree(&dev_priv->ring.map, dev);
4739
4740         i915_gem_object_unpin(dev_priv->ring.ring_obj);
4741         drm_gem_object_unreference(dev_priv->ring.ring_obj);
4742         dev_priv->ring.ring_obj = NULL;
4743         memset(&dev_priv->ring, 0, sizeof(dev_priv->ring));
4744
4745         i915_gem_cleanup_hws(dev);
4746 }
4747
4748 int
4749 i915_gem_entervt_ioctl(struct drm_device *dev, void *data,
4750                        struct drm_file *file_priv)
4751 {
4752         drm_i915_private_t *dev_priv = dev->dev_private;
4753         int ret;
4754
4755         if (drm_core_check_feature(dev, DRIVER_MODESET))
4756                 return 0;
4757
4758         if (atomic_read(&dev_priv->mm.wedged)) {
4759                 DRM_ERROR("Reenabling wedged hardware, good luck\n");
4760                 atomic_set(&dev_priv->mm.wedged, 0);
4761         }
4762
4763         mutex_lock(&dev->struct_mutex);
4764         dev_priv->mm.suspended = 0;
4765
4766         ret = i915_gem_init_ringbuffer(dev);
4767         if (ret != 0) {
4768                 mutex_unlock(&dev->struct_mutex);
4769                 return ret;
4770         }
4771
4772         spin_lock(&dev_priv->mm.active_list_lock);
4773         BUG_ON(!list_empty(&dev_priv->mm.active_list));
4774         spin_unlock(&dev_priv->mm.active_list_lock);
4775
4776         BUG_ON(!list_empty(&dev_priv->mm.flushing_list));
4777         BUG_ON(!list_empty(&dev_priv->mm.inactive_list));
4778         BUG_ON(!list_empty(&dev_priv->mm.request_list));
4779         mutex_unlock(&dev->struct_mutex);
4780
4781         drm_irq_install(dev);
4782
4783         return 0;
4784 }
4785
4786 int
4787 i915_gem_leavevt_ioctl(struct drm_device *dev, void *data,
4788                        struct drm_file *file_priv)
4789 {
4790         if (drm_core_check_feature(dev, DRIVER_MODESET))
4791                 return 0;
4792
4793         drm_irq_uninstall(dev);
4794         return i915_gem_idle(dev);
4795 }
4796
4797 void
4798 i915_gem_lastclose(struct drm_device *dev)
4799 {
4800         int ret;
4801
4802         if (drm_core_check_feature(dev, DRIVER_MODESET))
4803                 return;
4804
4805         ret = i915_gem_idle(dev);
4806         if (ret)
4807                 DRM_ERROR("failed to idle hardware: %d\n", ret);
4808 }
4809
4810 void
4811 i915_gem_load(struct drm_device *dev)
4812 {
4813         int i;
4814         drm_i915_private_t *dev_priv = dev->dev_private;
4815
4816         spin_lock_init(&dev_priv->mm.active_list_lock);
4817         INIT_LIST_HEAD(&dev_priv->mm.active_list);
4818         INIT_LIST_HEAD(&dev_priv->mm.flushing_list);
4819         INIT_LIST_HEAD(&dev_priv->mm.gpu_write_list);
4820         INIT_LIST_HEAD(&dev_priv->mm.inactive_list);
4821         INIT_LIST_HEAD(&dev_priv->mm.request_list);
4822         INIT_LIST_HEAD(&dev_priv->mm.fence_list);
4823         INIT_DELAYED_WORK(&dev_priv->mm.retire_work,
4824                           i915_gem_retire_work_handler);
4825         dev_priv->mm.next_gem_seqno = 1;
4826
4827         spin_lock(&shrink_list_lock);
4828         list_add(&dev_priv->mm.shrink_list, &shrink_list);
4829         spin_unlock(&shrink_list_lock);
4830
4831         /* Old X drivers will take 0-2 for front, back, depth buffers */
4832         if (!drm_core_check_feature(dev, DRIVER_MODESET))
4833                 dev_priv->fence_reg_start = 3;
4834
4835         if (IS_I965G(dev) || IS_I945G(dev) || IS_I945GM(dev) || IS_G33(dev))
4836                 dev_priv->num_fence_regs = 16;
4837         else
4838                 dev_priv->num_fence_regs = 8;
4839
4840         /* Initialize fence registers to zero */
4841         if (IS_I965G(dev)) {
4842                 for (i = 0; i < 16; i++)
4843                         I915_WRITE64(FENCE_REG_965_0 + (i * 8), 0);
4844         } else {
4845                 for (i = 0; i < 8; i++)
4846                         I915_WRITE(FENCE_REG_830_0 + (i * 4), 0);
4847                 if (IS_I945G(dev) || IS_I945GM(dev) || IS_G33(dev))
4848                         for (i = 0; i < 8; i++)
4849                                 I915_WRITE(FENCE_REG_945_8 + (i * 4), 0);
4850         }
4851         i915_gem_detect_bit_6_swizzle(dev);
4852         init_waitqueue_head(&dev_priv->pending_flip_queue);
4853 }
4854
4855 /*
4856  * Create a physically contiguous memory object for this object
4857  * e.g. for cursor + overlay regs
4858  */
4859 int i915_gem_init_phys_object(struct drm_device *dev,
4860                               int id, int size)
4861 {
4862         drm_i915_private_t *dev_priv = dev->dev_private;
4863         struct drm_i915_gem_phys_object *phys_obj;
4864         int ret;
4865
4866         if (dev_priv->mm.phys_objs[id - 1] || !size)
4867                 return 0;
4868
4869         phys_obj = kzalloc(sizeof(struct drm_i915_gem_phys_object), GFP_KERNEL);
4870         if (!phys_obj)
4871                 return -ENOMEM;
4872
4873         phys_obj->id = id;
4874
4875         phys_obj->handle = drm_pci_alloc(dev, size, 0);
4876         if (!phys_obj->handle) {
4877                 ret = -ENOMEM;
4878                 goto kfree_obj;
4879         }
4880 #ifdef CONFIG_X86
4881         set_memory_wc((unsigned long)phys_obj->handle->vaddr, phys_obj->handle->size / PAGE_SIZE);
4882 #endif
4883
4884         dev_priv->mm.phys_objs[id - 1] = phys_obj;
4885
4886         return 0;
4887 kfree_obj:
4888         kfree(phys_obj);
4889         return ret;
4890 }
4891
4892 void i915_gem_free_phys_object(struct drm_device *dev, int id)
4893 {
4894         drm_i915_private_t *dev_priv = dev->dev_private;
4895         struct drm_i915_gem_phys_object *phys_obj;
4896
4897         if (!dev_priv->mm.phys_objs[id - 1])
4898                 return;
4899
4900         phys_obj = dev_priv->mm.phys_objs[id - 1];
4901         if (phys_obj->cur_obj) {
4902                 i915_gem_detach_phys_object(dev, phys_obj->cur_obj);
4903         }
4904
4905 #ifdef CONFIG_X86
4906         set_memory_wb((unsigned long)phys_obj->handle->vaddr, phys_obj->handle->size / PAGE_SIZE);
4907 #endif
4908         drm_pci_free(dev, phys_obj->handle);
4909         kfree(phys_obj);
4910         dev_priv->mm.phys_objs[id - 1] = NULL;
4911 }
4912
4913 void i915_gem_free_all_phys_object(struct drm_device *dev)
4914 {
4915         int i;
4916
4917         for (i = I915_GEM_PHYS_CURSOR_0; i <= I915_MAX_PHYS_OBJECT; i++)
4918                 i915_gem_free_phys_object(dev, i);
4919 }
4920
4921 void i915_gem_detach_phys_object(struct drm_device *dev,
4922                                  struct drm_gem_object *obj)
4923 {
4924         struct drm_i915_gem_object *obj_priv;
4925         int i;
4926         int ret;
4927         int page_count;
4928
4929         obj_priv = obj->driver_private;
4930         if (!obj_priv->phys_obj)
4931                 return;
4932
4933         ret = i915_gem_object_get_pages(obj, 0);
4934         if (ret)
4935                 goto out;
4936
4937         page_count = obj->size / PAGE_SIZE;
4938
4939         for (i = 0; i < page_count; i++) {
4940                 char *dst = kmap_atomic(obj_priv->pages[i], KM_USER0);
4941                 char *src = obj_priv->phys_obj->handle->vaddr + (i * PAGE_SIZE);
4942
4943                 memcpy(dst, src, PAGE_SIZE);
4944                 kunmap_atomic(dst, KM_USER0);
4945         }
4946         drm_clflush_pages(obj_priv->pages, page_count);
4947         drm_agp_chipset_flush(dev);
4948
4949         i915_gem_object_put_pages(obj);
4950 out:
4951         obj_priv->phys_obj->cur_obj = NULL;
4952         obj_priv->phys_obj = NULL;
4953 }
4954
4955 int
4956 i915_gem_attach_phys_object(struct drm_device *dev,
4957                             struct drm_gem_object *obj, int id)
4958 {
4959         drm_i915_private_t *dev_priv = dev->dev_private;
4960         struct drm_i915_gem_object *obj_priv;
4961         int ret = 0;
4962         int page_count;
4963         int i;
4964
4965         if (id > I915_MAX_PHYS_OBJECT)
4966                 return -EINVAL;
4967
4968         obj_priv = obj->driver_private;
4969
4970         if (obj_priv->phys_obj) {
4971                 if (obj_priv->phys_obj->id == id)
4972                         return 0;
4973                 i915_gem_detach_phys_object(dev, obj);
4974         }
4975
4976
4977         /* create a new object */
4978         if (!dev_priv->mm.phys_objs[id - 1]) {
4979                 ret = i915_gem_init_phys_object(dev, id,
4980                                                 obj->size);
4981                 if (ret) {
4982                         DRM_ERROR("failed to init phys object %d size: %zu\n", id, obj->size);
4983                         goto out;
4984                 }
4985         }
4986
4987         /* bind to the object */
4988         obj_priv->phys_obj = dev_priv->mm.phys_objs[id - 1];
4989         obj_priv->phys_obj->cur_obj = obj;
4990
4991         ret = i915_gem_object_get_pages(obj, 0);
4992         if (ret) {
4993                 DRM_ERROR("failed to get page list\n");
4994                 goto out;
4995         }
4996
4997         page_count = obj->size / PAGE_SIZE;
4998
4999         for (i = 0; i < page_count; i++) {
5000                 char *src = kmap_atomic(obj_priv->pages[i], KM_USER0);
5001                 char *dst = obj_priv->phys_obj->handle->vaddr + (i * PAGE_SIZE);
5002
5003                 memcpy(dst, src, PAGE_SIZE);
5004                 kunmap_atomic(src, KM_USER0);
5005         }
5006
5007         i915_gem_object_put_pages(obj);
5008
5009         return 0;
5010 out:
5011         return ret;
5012 }
5013
5014 static int
5015 i915_gem_phys_pwrite(struct drm_device *dev, struct drm_gem_object *obj,
5016                      struct drm_i915_gem_pwrite *args,
5017                      struct drm_file *file_priv)
5018 {
5019         struct drm_i915_gem_object *obj_priv = obj->driver_private;
5020         void *obj_addr;
5021         int ret;
5022         char __user *user_data;
5023
5024         user_data = (char __user *) (uintptr_t) args->data_ptr;
5025         obj_addr = obj_priv->phys_obj->handle->vaddr + args->offset;
5026
5027         DRM_DEBUG_DRIVER("obj_addr %p, %lld\n", obj_addr, args->size);
5028         ret = copy_from_user(obj_addr, user_data, args->size);
5029         if (ret)
5030                 return -EFAULT;
5031
5032         drm_agp_chipset_flush(dev);
5033         return 0;
5034 }
5035
5036 void i915_gem_release(struct drm_device * dev, struct drm_file *file_priv)
5037 {
5038         struct drm_i915_file_private *i915_file_priv = file_priv->driver_priv;
5039
5040         /* Clean up our request list when the client is going away, so that
5041          * later retire_requests won't dereference our soon-to-be-gone
5042          * file_priv.
5043          */
5044         mutex_lock(&dev->struct_mutex);
5045         while (!list_empty(&i915_file_priv->mm.request_list))
5046                 list_del_init(i915_file_priv->mm.request_list.next);
5047         mutex_unlock(&dev->struct_mutex);
5048 }
5049
5050 static int
5051 i915_gem_shrink(int nr_to_scan, gfp_t gfp_mask)
5052 {
5053         drm_i915_private_t *dev_priv, *next_dev;
5054         struct drm_i915_gem_object *obj_priv, *next_obj;
5055         int cnt = 0;
5056         int would_deadlock = 1;
5057
5058         /* "fast-path" to count number of available objects */
5059         if (nr_to_scan == 0) {
5060                 spin_lock(&shrink_list_lock);
5061                 list_for_each_entry(dev_priv, &shrink_list, mm.shrink_list) {
5062                         struct drm_device *dev = dev_priv->dev;
5063
5064                         if (mutex_trylock(&dev->struct_mutex)) {
5065                                 list_for_each_entry(obj_priv,
5066                                                     &dev_priv->mm.inactive_list,
5067                                                     list)
5068                                         cnt++;
5069                                 mutex_unlock(&dev->struct_mutex);
5070                         }
5071                 }
5072                 spin_unlock(&shrink_list_lock);
5073
5074                 return (cnt / 100) * sysctl_vfs_cache_pressure;
5075         }
5076
5077         spin_lock(&shrink_list_lock);
5078
5079         /* first scan for clean buffers */
5080         list_for_each_entry_safe(dev_priv, next_dev,
5081                                  &shrink_list, mm.shrink_list) {
5082                 struct drm_device *dev = dev_priv->dev;
5083
5084                 if (! mutex_trylock(&dev->struct_mutex))
5085                         continue;
5086
5087                 spin_unlock(&shrink_list_lock);
5088
5089                 i915_gem_retire_requests(dev);
5090
5091                 list_for_each_entry_safe(obj_priv, next_obj,
5092                                          &dev_priv->mm.inactive_list,
5093                                          list) {
5094                         if (i915_gem_object_is_purgeable(obj_priv)) {
5095                                 i915_gem_object_unbind(obj_priv->obj);
5096                                 if (--nr_to_scan <= 0)
5097                                         break;
5098                         }
5099                 }
5100
5101                 spin_lock(&shrink_list_lock);
5102                 mutex_unlock(&dev->struct_mutex);
5103
5104                 would_deadlock = 0;
5105
5106                 if (nr_to_scan <= 0)
5107                         break;
5108         }
5109
5110         /* second pass, evict/count anything still on the inactive list */
5111         list_for_each_entry_safe(dev_priv, next_dev,
5112                                  &shrink_list, mm.shrink_list) {
5113                 struct drm_device *dev = dev_priv->dev;
5114
5115                 if (! mutex_trylock(&dev->struct_mutex))
5116                         continue;
5117
5118                 spin_unlock(&shrink_list_lock);
5119
5120                 list_for_each_entry_safe(obj_priv, next_obj,
5121                                          &dev_priv->mm.inactive_list,
5122                                          list) {
5123                         if (nr_to_scan > 0) {
5124                                 i915_gem_object_unbind(obj_priv->obj);
5125                                 nr_to_scan--;
5126                         } else
5127                                 cnt++;
5128                 }
5129
5130                 spin_lock(&shrink_list_lock);
5131                 mutex_unlock(&dev->struct_mutex);
5132
5133                 would_deadlock = 0;
5134         }
5135
5136         spin_unlock(&shrink_list_lock);
5137
5138         if (would_deadlock)
5139                 return -1;
5140         else if (cnt > 0)
5141                 return (cnt / 100) * sysctl_vfs_cache_pressure;
5142         else
5143                 return 0;
5144 }
5145
5146 static struct shrinker shrinker = {
5147         .shrink = i915_gem_shrink,
5148         .seeks = DEFAULT_SEEKS,
5149 };
5150
5151 __init void
5152 i915_gem_shrinker_init(void)
5153 {
5154     register_shrinker(&shrinker);
5155 }
5156
5157 __exit void
5158 i915_gem_shrinker_exit(void)
5159 {
5160     unregister_shrinker(&shrinker);
5161 }