drm/i915: Unref old_obj on get_fence_reg() error path
[linux-2.6.git] / drivers / gpu / drm / i915 / i915_gem.c
1 /*
2  * Copyright © 2008 Intel Corporation
3  *
4  * Permission is hereby granted, free of charge, to any person obtaining a
5  * copy of this software and associated documentation files (the "Software"),
6  * to deal in the Software without restriction, including without limitation
7  * the rights to use, copy, modify, merge, publish, distribute, sublicense,
8  * and/or sell copies of the Software, and to permit persons to whom the
9  * Software is furnished to do so, subject to the following conditions:
10  *
11  * The above copyright notice and this permission notice (including the next
12  * paragraph) shall be included in all copies or substantial portions of the
13  * Software.
14  *
15  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL
18  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
20  * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
21  * IN THE SOFTWARE.
22  *
23  * Authors:
24  *    Eric Anholt <eric@anholt.net>
25  *
26  */
27
28 #include "drmP.h"
29 #include "drm.h"
30 #include "i915_drm.h"
31 #include "i915_drv.h"
32 #include <linux/swap.h>
33 #include <linux/pci.h>
34
35 #define I915_GEM_GPU_DOMAINS    (~(I915_GEM_DOMAIN_CPU | I915_GEM_DOMAIN_GTT))
36
37 static void i915_gem_object_flush_gpu_write_domain(struct drm_gem_object *obj);
38 static void i915_gem_object_flush_gtt_write_domain(struct drm_gem_object *obj);
39 static void i915_gem_object_flush_cpu_write_domain(struct drm_gem_object *obj);
40 static int i915_gem_object_set_to_cpu_domain(struct drm_gem_object *obj,
41                                              int write);
42 static int i915_gem_object_set_cpu_read_domain_range(struct drm_gem_object *obj,
43                                                      uint64_t offset,
44                                                      uint64_t size);
45 static void i915_gem_object_set_to_full_cpu_read_domain(struct drm_gem_object *obj);
46 static int i915_gem_object_wait_rendering(struct drm_gem_object *obj);
47 static int i915_gem_object_bind_to_gtt(struct drm_gem_object *obj,
48                                            unsigned alignment);
49 static void i915_gem_clear_fence_reg(struct drm_gem_object *obj);
50 static int i915_gem_evict_something(struct drm_device *dev);
51 static int i915_gem_phys_pwrite(struct drm_device *dev, struct drm_gem_object *obj,
52                                 struct drm_i915_gem_pwrite *args,
53                                 struct drm_file *file_priv);
54
55 int i915_gem_do_init(struct drm_device *dev, unsigned long start,
56                      unsigned long end)
57 {
58         drm_i915_private_t *dev_priv = dev->dev_private;
59
60         if (start >= end ||
61             (start & (PAGE_SIZE - 1)) != 0 ||
62             (end & (PAGE_SIZE - 1)) != 0) {
63                 return -EINVAL;
64         }
65
66         drm_mm_init(&dev_priv->mm.gtt_space, start,
67                     end - start);
68
69         dev->gtt_total = (uint32_t) (end - start);
70
71         return 0;
72 }
73
74 int
75 i915_gem_init_ioctl(struct drm_device *dev, void *data,
76                     struct drm_file *file_priv)
77 {
78         struct drm_i915_gem_init *args = data;
79         int ret;
80
81         mutex_lock(&dev->struct_mutex);
82         ret = i915_gem_do_init(dev, args->gtt_start, args->gtt_end);
83         mutex_unlock(&dev->struct_mutex);
84
85         return ret;
86 }
87
88 int
89 i915_gem_get_aperture_ioctl(struct drm_device *dev, void *data,
90                             struct drm_file *file_priv)
91 {
92         struct drm_i915_gem_get_aperture *args = data;
93
94         if (!(dev->driver->driver_features & DRIVER_GEM))
95                 return -ENODEV;
96
97         args->aper_size = dev->gtt_total;
98         args->aper_available_size = (args->aper_size -
99                                      atomic_read(&dev->pin_memory));
100
101         return 0;
102 }
103
104
105 /**
106  * Creates a new mm object and returns a handle to it.
107  */
108 int
109 i915_gem_create_ioctl(struct drm_device *dev, void *data,
110                       struct drm_file *file_priv)
111 {
112         struct drm_i915_gem_create *args = data;
113         struct drm_gem_object *obj;
114         int handle, ret;
115
116         args->size = roundup(args->size, PAGE_SIZE);
117
118         /* Allocate the new object */
119         obj = drm_gem_object_alloc(dev, args->size);
120         if (obj == NULL)
121                 return -ENOMEM;
122
123         ret = drm_gem_handle_create(file_priv, obj, &handle);
124         mutex_lock(&dev->struct_mutex);
125         drm_gem_object_handle_unreference(obj);
126         mutex_unlock(&dev->struct_mutex);
127
128         if (ret)
129                 return ret;
130
131         args->handle = handle;
132
133         return 0;
134 }
135
136 static inline int
137 fast_shmem_read(struct page **pages,
138                 loff_t page_base, int page_offset,
139                 char __user *data,
140                 int length)
141 {
142         char __iomem *vaddr;
143         int unwritten;
144
145         vaddr = kmap_atomic(pages[page_base >> PAGE_SHIFT], KM_USER0);
146         if (vaddr == NULL)
147                 return -ENOMEM;
148         unwritten = __copy_to_user_inatomic(data, vaddr + page_offset, length);
149         kunmap_atomic(vaddr, KM_USER0);
150
151         if (unwritten)
152                 return -EFAULT;
153
154         return 0;
155 }
156
157 static int i915_gem_object_needs_bit17_swizzle(struct drm_gem_object *obj)
158 {
159         drm_i915_private_t *dev_priv = obj->dev->dev_private;
160         struct drm_i915_gem_object *obj_priv = obj->driver_private;
161
162         return dev_priv->mm.bit_6_swizzle_x == I915_BIT_6_SWIZZLE_9_10_17 &&
163                 obj_priv->tiling_mode != I915_TILING_NONE;
164 }
165
166 static inline int
167 slow_shmem_copy(struct page *dst_page,
168                 int dst_offset,
169                 struct page *src_page,
170                 int src_offset,
171                 int length)
172 {
173         char *dst_vaddr, *src_vaddr;
174
175         dst_vaddr = kmap_atomic(dst_page, KM_USER0);
176         if (dst_vaddr == NULL)
177                 return -ENOMEM;
178
179         src_vaddr = kmap_atomic(src_page, KM_USER1);
180         if (src_vaddr == NULL) {
181                 kunmap_atomic(dst_vaddr, KM_USER0);
182                 return -ENOMEM;
183         }
184
185         memcpy(dst_vaddr + dst_offset, src_vaddr + src_offset, length);
186
187         kunmap_atomic(src_vaddr, KM_USER1);
188         kunmap_atomic(dst_vaddr, KM_USER0);
189
190         return 0;
191 }
192
193 static inline int
194 slow_shmem_bit17_copy(struct page *gpu_page,
195                       int gpu_offset,
196                       struct page *cpu_page,
197                       int cpu_offset,
198                       int length,
199                       int is_read)
200 {
201         char *gpu_vaddr, *cpu_vaddr;
202
203         /* Use the unswizzled path if this page isn't affected. */
204         if ((page_to_phys(gpu_page) & (1 << 17)) == 0) {
205                 if (is_read)
206                         return slow_shmem_copy(cpu_page, cpu_offset,
207                                                gpu_page, gpu_offset, length);
208                 else
209                         return slow_shmem_copy(gpu_page, gpu_offset,
210                                                cpu_page, cpu_offset, length);
211         }
212
213         gpu_vaddr = kmap_atomic(gpu_page, KM_USER0);
214         if (gpu_vaddr == NULL)
215                 return -ENOMEM;
216
217         cpu_vaddr = kmap_atomic(cpu_page, KM_USER1);
218         if (cpu_vaddr == NULL) {
219                 kunmap_atomic(gpu_vaddr, KM_USER0);
220                 return -ENOMEM;
221         }
222
223         /* Copy the data, XORing A6 with A17 (1). The user already knows he's
224          * XORing with the other bits (A9 for Y, A9 and A10 for X)
225          */
226         while (length > 0) {
227                 int cacheline_end = ALIGN(gpu_offset + 1, 64);
228                 int this_length = min(cacheline_end - gpu_offset, length);
229                 int swizzled_gpu_offset = gpu_offset ^ 64;
230
231                 if (is_read) {
232                         memcpy(cpu_vaddr + cpu_offset,
233                                gpu_vaddr + swizzled_gpu_offset,
234                                this_length);
235                 } else {
236                         memcpy(gpu_vaddr + swizzled_gpu_offset,
237                                cpu_vaddr + cpu_offset,
238                                this_length);
239                 }
240                 cpu_offset += this_length;
241                 gpu_offset += this_length;
242                 length -= this_length;
243         }
244
245         kunmap_atomic(cpu_vaddr, KM_USER1);
246         kunmap_atomic(gpu_vaddr, KM_USER0);
247
248         return 0;
249 }
250
251 /**
252  * This is the fast shmem pread path, which attempts to copy_from_user directly
253  * from the backing pages of the object to the user's address space.  On a
254  * fault, it fails so we can fall back to i915_gem_shmem_pwrite_slow().
255  */
256 static int
257 i915_gem_shmem_pread_fast(struct drm_device *dev, struct drm_gem_object *obj,
258                           struct drm_i915_gem_pread *args,
259                           struct drm_file *file_priv)
260 {
261         struct drm_i915_gem_object *obj_priv = obj->driver_private;
262         ssize_t remain;
263         loff_t offset, page_base;
264         char __user *user_data;
265         int page_offset, page_length;
266         int ret;
267
268         user_data = (char __user *) (uintptr_t) args->data_ptr;
269         remain = args->size;
270
271         mutex_lock(&dev->struct_mutex);
272
273         ret = i915_gem_object_get_pages(obj);
274         if (ret != 0)
275                 goto fail_unlock;
276
277         ret = i915_gem_object_set_cpu_read_domain_range(obj, args->offset,
278                                                         args->size);
279         if (ret != 0)
280                 goto fail_put_pages;
281
282         obj_priv = obj->driver_private;
283         offset = args->offset;
284
285         while (remain > 0) {
286                 /* Operation in this page
287                  *
288                  * page_base = page offset within aperture
289                  * page_offset = offset within page
290                  * page_length = bytes to copy for this page
291                  */
292                 page_base = (offset & ~(PAGE_SIZE-1));
293                 page_offset = offset & (PAGE_SIZE-1);
294                 page_length = remain;
295                 if ((page_offset + remain) > PAGE_SIZE)
296                         page_length = PAGE_SIZE - page_offset;
297
298                 ret = fast_shmem_read(obj_priv->pages,
299                                       page_base, page_offset,
300                                       user_data, page_length);
301                 if (ret)
302                         goto fail_put_pages;
303
304                 remain -= page_length;
305                 user_data += page_length;
306                 offset += page_length;
307         }
308
309 fail_put_pages:
310         i915_gem_object_put_pages(obj);
311 fail_unlock:
312         mutex_unlock(&dev->struct_mutex);
313
314         return ret;
315 }
316
317 /**
318  * This is the fallback shmem pread path, which allocates temporary storage
319  * in kernel space to copy_to_user into outside of the struct_mutex, so we
320  * can copy out of the object's backing pages while holding the struct mutex
321  * and not take page faults.
322  */
323 static int
324 i915_gem_shmem_pread_slow(struct drm_device *dev, struct drm_gem_object *obj,
325                           struct drm_i915_gem_pread *args,
326                           struct drm_file *file_priv)
327 {
328         struct drm_i915_gem_object *obj_priv = obj->driver_private;
329         struct mm_struct *mm = current->mm;
330         struct page **user_pages;
331         ssize_t remain;
332         loff_t offset, pinned_pages, i;
333         loff_t first_data_page, last_data_page, num_pages;
334         int shmem_page_index, shmem_page_offset;
335         int data_page_index,  data_page_offset;
336         int page_length;
337         int ret;
338         uint64_t data_ptr = args->data_ptr;
339         int do_bit17_swizzling;
340
341         remain = args->size;
342
343         /* Pin the user pages containing the data.  We can't fault while
344          * holding the struct mutex, yet we want to hold it while
345          * dereferencing the user data.
346          */
347         first_data_page = data_ptr / PAGE_SIZE;
348         last_data_page = (data_ptr + args->size - 1) / PAGE_SIZE;
349         num_pages = last_data_page - first_data_page + 1;
350
351         user_pages = drm_calloc_large(num_pages, sizeof(struct page *));
352         if (user_pages == NULL)
353                 return -ENOMEM;
354
355         down_read(&mm->mmap_sem);
356         pinned_pages = get_user_pages(current, mm, (uintptr_t)args->data_ptr,
357                                       num_pages, 1, 0, user_pages, NULL);
358         up_read(&mm->mmap_sem);
359         if (pinned_pages < num_pages) {
360                 ret = -EFAULT;
361                 goto fail_put_user_pages;
362         }
363
364         do_bit17_swizzling = i915_gem_object_needs_bit17_swizzle(obj);
365
366         mutex_lock(&dev->struct_mutex);
367
368         ret = i915_gem_object_get_pages(obj);
369         if (ret != 0)
370                 goto fail_unlock;
371
372         ret = i915_gem_object_set_cpu_read_domain_range(obj, args->offset,
373                                                         args->size);
374         if (ret != 0)
375                 goto fail_put_pages;
376
377         obj_priv = obj->driver_private;
378         offset = args->offset;
379
380         while (remain > 0) {
381                 /* Operation in this page
382                  *
383                  * shmem_page_index = page number within shmem file
384                  * shmem_page_offset = offset within page in shmem file
385                  * data_page_index = page number in get_user_pages return
386                  * data_page_offset = offset with data_page_index page.
387                  * page_length = bytes to copy for this page
388                  */
389                 shmem_page_index = offset / PAGE_SIZE;
390                 shmem_page_offset = offset & ~PAGE_MASK;
391                 data_page_index = data_ptr / PAGE_SIZE - first_data_page;
392                 data_page_offset = data_ptr & ~PAGE_MASK;
393
394                 page_length = remain;
395                 if ((shmem_page_offset + page_length) > PAGE_SIZE)
396                         page_length = PAGE_SIZE - shmem_page_offset;
397                 if ((data_page_offset + page_length) > PAGE_SIZE)
398                         page_length = PAGE_SIZE - data_page_offset;
399
400                 if (do_bit17_swizzling) {
401                         ret = slow_shmem_bit17_copy(obj_priv->pages[shmem_page_index],
402                                                     shmem_page_offset,
403                                                     user_pages[data_page_index],
404                                                     data_page_offset,
405                                                     page_length,
406                                                     1);
407                 } else {
408                         ret = slow_shmem_copy(user_pages[data_page_index],
409                                               data_page_offset,
410                                               obj_priv->pages[shmem_page_index],
411                                               shmem_page_offset,
412                                               page_length);
413                 }
414                 if (ret)
415                         goto fail_put_pages;
416
417                 remain -= page_length;
418                 data_ptr += page_length;
419                 offset += page_length;
420         }
421
422 fail_put_pages:
423         i915_gem_object_put_pages(obj);
424 fail_unlock:
425         mutex_unlock(&dev->struct_mutex);
426 fail_put_user_pages:
427         for (i = 0; i < pinned_pages; i++) {
428                 SetPageDirty(user_pages[i]);
429                 page_cache_release(user_pages[i]);
430         }
431         drm_free_large(user_pages);
432
433         return ret;
434 }
435
436 /**
437  * Reads data from the object referenced by handle.
438  *
439  * On error, the contents of *data are undefined.
440  */
441 int
442 i915_gem_pread_ioctl(struct drm_device *dev, void *data,
443                      struct drm_file *file_priv)
444 {
445         struct drm_i915_gem_pread *args = data;
446         struct drm_gem_object *obj;
447         struct drm_i915_gem_object *obj_priv;
448         int ret;
449
450         obj = drm_gem_object_lookup(dev, file_priv, args->handle);
451         if (obj == NULL)
452                 return -EBADF;
453         obj_priv = obj->driver_private;
454
455         /* Bounds check source.
456          *
457          * XXX: This could use review for overflow issues...
458          */
459         if (args->offset > obj->size || args->size > obj->size ||
460             args->offset + args->size > obj->size) {
461                 drm_gem_object_unreference(obj);
462                 return -EINVAL;
463         }
464
465         if (i915_gem_object_needs_bit17_swizzle(obj)) {
466                 ret = i915_gem_shmem_pread_slow(dev, obj, args, file_priv);
467         } else {
468                 ret = i915_gem_shmem_pread_fast(dev, obj, args, file_priv);
469                 if (ret != 0)
470                         ret = i915_gem_shmem_pread_slow(dev, obj, args,
471                                                         file_priv);
472         }
473
474         drm_gem_object_unreference(obj);
475
476         return ret;
477 }
478
479 /* This is the fast write path which cannot handle
480  * page faults in the source data
481  */
482
483 static inline int
484 fast_user_write(struct io_mapping *mapping,
485                 loff_t page_base, int page_offset,
486                 char __user *user_data,
487                 int length)
488 {
489         char *vaddr_atomic;
490         unsigned long unwritten;
491
492         vaddr_atomic = io_mapping_map_atomic_wc(mapping, page_base);
493         unwritten = __copy_from_user_inatomic_nocache(vaddr_atomic + page_offset,
494                                                       user_data, length);
495         io_mapping_unmap_atomic(vaddr_atomic);
496         if (unwritten)
497                 return -EFAULT;
498         return 0;
499 }
500
501 /* Here's the write path which can sleep for
502  * page faults
503  */
504
505 static inline int
506 slow_kernel_write(struct io_mapping *mapping,
507                   loff_t gtt_base, int gtt_offset,
508                   struct page *user_page, int user_offset,
509                   int length)
510 {
511         char *src_vaddr, *dst_vaddr;
512         unsigned long unwritten;
513
514         dst_vaddr = io_mapping_map_atomic_wc(mapping, gtt_base);
515         src_vaddr = kmap_atomic(user_page, KM_USER1);
516         unwritten = __copy_from_user_inatomic_nocache(dst_vaddr + gtt_offset,
517                                                       src_vaddr + user_offset,
518                                                       length);
519         kunmap_atomic(src_vaddr, KM_USER1);
520         io_mapping_unmap_atomic(dst_vaddr);
521         if (unwritten)
522                 return -EFAULT;
523         return 0;
524 }
525
526 static inline int
527 fast_shmem_write(struct page **pages,
528                  loff_t page_base, int page_offset,
529                  char __user *data,
530                  int length)
531 {
532         char __iomem *vaddr;
533         unsigned long unwritten;
534
535         vaddr = kmap_atomic(pages[page_base >> PAGE_SHIFT], KM_USER0);
536         if (vaddr == NULL)
537                 return -ENOMEM;
538         unwritten = __copy_from_user_inatomic(vaddr + page_offset, data, length);
539         kunmap_atomic(vaddr, KM_USER0);
540
541         if (unwritten)
542                 return -EFAULT;
543         return 0;
544 }
545
546 /**
547  * This is the fast pwrite path, where we copy the data directly from the
548  * user into the GTT, uncached.
549  */
550 static int
551 i915_gem_gtt_pwrite_fast(struct drm_device *dev, struct drm_gem_object *obj,
552                          struct drm_i915_gem_pwrite *args,
553                          struct drm_file *file_priv)
554 {
555         struct drm_i915_gem_object *obj_priv = obj->driver_private;
556         drm_i915_private_t *dev_priv = dev->dev_private;
557         ssize_t remain;
558         loff_t offset, page_base;
559         char __user *user_data;
560         int page_offset, page_length;
561         int ret;
562
563         user_data = (char __user *) (uintptr_t) args->data_ptr;
564         remain = args->size;
565         if (!access_ok(VERIFY_READ, user_data, remain))
566                 return -EFAULT;
567
568
569         mutex_lock(&dev->struct_mutex);
570         ret = i915_gem_object_pin(obj, 0);
571         if (ret) {
572                 mutex_unlock(&dev->struct_mutex);
573                 return ret;
574         }
575         ret = i915_gem_object_set_to_gtt_domain(obj, 1);
576         if (ret)
577                 goto fail;
578
579         obj_priv = obj->driver_private;
580         offset = obj_priv->gtt_offset + args->offset;
581
582         while (remain > 0) {
583                 /* Operation in this page
584                  *
585                  * page_base = page offset within aperture
586                  * page_offset = offset within page
587                  * page_length = bytes to copy for this page
588                  */
589                 page_base = (offset & ~(PAGE_SIZE-1));
590                 page_offset = offset & (PAGE_SIZE-1);
591                 page_length = remain;
592                 if ((page_offset + remain) > PAGE_SIZE)
593                         page_length = PAGE_SIZE - page_offset;
594
595                 ret = fast_user_write (dev_priv->mm.gtt_mapping, page_base,
596                                        page_offset, user_data, page_length);
597
598                 /* If we get a fault while copying data, then (presumably) our
599                  * source page isn't available.  Return the error and we'll
600                  * retry in the slow path.
601                  */
602                 if (ret)
603                         goto fail;
604
605                 remain -= page_length;
606                 user_data += page_length;
607                 offset += page_length;
608         }
609
610 fail:
611         i915_gem_object_unpin(obj);
612         mutex_unlock(&dev->struct_mutex);
613
614         return ret;
615 }
616
617 /**
618  * This is the fallback GTT pwrite path, which uses get_user_pages to pin
619  * the memory and maps it using kmap_atomic for copying.
620  *
621  * This code resulted in x11perf -rgb10text consuming about 10% more CPU
622  * than using i915_gem_gtt_pwrite_fast on a G45 (32-bit).
623  */
624 static int
625 i915_gem_gtt_pwrite_slow(struct drm_device *dev, struct drm_gem_object *obj,
626                          struct drm_i915_gem_pwrite *args,
627                          struct drm_file *file_priv)
628 {
629         struct drm_i915_gem_object *obj_priv = obj->driver_private;
630         drm_i915_private_t *dev_priv = dev->dev_private;
631         ssize_t remain;
632         loff_t gtt_page_base, offset;
633         loff_t first_data_page, last_data_page, num_pages;
634         loff_t pinned_pages, i;
635         struct page **user_pages;
636         struct mm_struct *mm = current->mm;
637         int gtt_page_offset, data_page_offset, data_page_index, page_length;
638         int ret;
639         uint64_t data_ptr = args->data_ptr;
640
641         remain = args->size;
642
643         /* Pin the user pages containing the data.  We can't fault while
644          * holding the struct mutex, and all of the pwrite implementations
645          * want to hold it while dereferencing the user data.
646          */
647         first_data_page = data_ptr / PAGE_SIZE;
648         last_data_page = (data_ptr + args->size - 1) / PAGE_SIZE;
649         num_pages = last_data_page - first_data_page + 1;
650
651         user_pages = drm_calloc_large(num_pages, sizeof(struct page *));
652         if (user_pages == NULL)
653                 return -ENOMEM;
654
655         down_read(&mm->mmap_sem);
656         pinned_pages = get_user_pages(current, mm, (uintptr_t)args->data_ptr,
657                                       num_pages, 0, 0, user_pages, NULL);
658         up_read(&mm->mmap_sem);
659         if (pinned_pages < num_pages) {
660                 ret = -EFAULT;
661                 goto out_unpin_pages;
662         }
663
664         mutex_lock(&dev->struct_mutex);
665         ret = i915_gem_object_pin(obj, 0);
666         if (ret)
667                 goto out_unlock;
668
669         ret = i915_gem_object_set_to_gtt_domain(obj, 1);
670         if (ret)
671                 goto out_unpin_object;
672
673         obj_priv = obj->driver_private;
674         offset = obj_priv->gtt_offset + args->offset;
675
676         while (remain > 0) {
677                 /* Operation in this page
678                  *
679                  * gtt_page_base = page offset within aperture
680                  * gtt_page_offset = offset within page in aperture
681                  * data_page_index = page number in get_user_pages return
682                  * data_page_offset = offset with data_page_index page.
683                  * page_length = bytes to copy for this page
684                  */
685                 gtt_page_base = offset & PAGE_MASK;
686                 gtt_page_offset = offset & ~PAGE_MASK;
687                 data_page_index = data_ptr / PAGE_SIZE - first_data_page;
688                 data_page_offset = data_ptr & ~PAGE_MASK;
689
690                 page_length = remain;
691                 if ((gtt_page_offset + page_length) > PAGE_SIZE)
692                         page_length = PAGE_SIZE - gtt_page_offset;
693                 if ((data_page_offset + page_length) > PAGE_SIZE)
694                         page_length = PAGE_SIZE - data_page_offset;
695
696                 ret = slow_kernel_write(dev_priv->mm.gtt_mapping,
697                                         gtt_page_base, gtt_page_offset,
698                                         user_pages[data_page_index],
699                                         data_page_offset,
700                                         page_length);
701
702                 /* If we get a fault while copying data, then (presumably) our
703                  * source page isn't available.  Return the error and we'll
704                  * retry in the slow path.
705                  */
706                 if (ret)
707                         goto out_unpin_object;
708
709                 remain -= page_length;
710                 offset += page_length;
711                 data_ptr += page_length;
712         }
713
714 out_unpin_object:
715         i915_gem_object_unpin(obj);
716 out_unlock:
717         mutex_unlock(&dev->struct_mutex);
718 out_unpin_pages:
719         for (i = 0; i < pinned_pages; i++)
720                 page_cache_release(user_pages[i]);
721         drm_free_large(user_pages);
722
723         return ret;
724 }
725
726 /**
727  * This is the fast shmem pwrite path, which attempts to directly
728  * copy_from_user into the kmapped pages backing the object.
729  */
730 static int
731 i915_gem_shmem_pwrite_fast(struct drm_device *dev, struct drm_gem_object *obj,
732                            struct drm_i915_gem_pwrite *args,
733                            struct drm_file *file_priv)
734 {
735         struct drm_i915_gem_object *obj_priv = obj->driver_private;
736         ssize_t remain;
737         loff_t offset, page_base;
738         char __user *user_data;
739         int page_offset, page_length;
740         int ret;
741
742         user_data = (char __user *) (uintptr_t) args->data_ptr;
743         remain = args->size;
744
745         mutex_lock(&dev->struct_mutex);
746
747         ret = i915_gem_object_get_pages(obj);
748         if (ret != 0)
749                 goto fail_unlock;
750
751         ret = i915_gem_object_set_to_cpu_domain(obj, 1);
752         if (ret != 0)
753                 goto fail_put_pages;
754
755         obj_priv = obj->driver_private;
756         offset = args->offset;
757         obj_priv->dirty = 1;
758
759         while (remain > 0) {
760                 /* Operation in this page
761                  *
762                  * page_base = page offset within aperture
763                  * page_offset = offset within page
764                  * page_length = bytes to copy for this page
765                  */
766                 page_base = (offset & ~(PAGE_SIZE-1));
767                 page_offset = offset & (PAGE_SIZE-1);
768                 page_length = remain;
769                 if ((page_offset + remain) > PAGE_SIZE)
770                         page_length = PAGE_SIZE - page_offset;
771
772                 ret = fast_shmem_write(obj_priv->pages,
773                                        page_base, page_offset,
774                                        user_data, page_length);
775                 if (ret)
776                         goto fail_put_pages;
777
778                 remain -= page_length;
779                 user_data += page_length;
780                 offset += page_length;
781         }
782
783 fail_put_pages:
784         i915_gem_object_put_pages(obj);
785 fail_unlock:
786         mutex_unlock(&dev->struct_mutex);
787
788         return ret;
789 }
790
791 /**
792  * This is the fallback shmem pwrite path, which uses get_user_pages to pin
793  * the memory and maps it using kmap_atomic for copying.
794  *
795  * This avoids taking mmap_sem for faulting on the user's address while the
796  * struct_mutex is held.
797  */
798 static int
799 i915_gem_shmem_pwrite_slow(struct drm_device *dev, struct drm_gem_object *obj,
800                            struct drm_i915_gem_pwrite *args,
801                            struct drm_file *file_priv)
802 {
803         struct drm_i915_gem_object *obj_priv = obj->driver_private;
804         struct mm_struct *mm = current->mm;
805         struct page **user_pages;
806         ssize_t remain;
807         loff_t offset, pinned_pages, i;
808         loff_t first_data_page, last_data_page, num_pages;
809         int shmem_page_index, shmem_page_offset;
810         int data_page_index,  data_page_offset;
811         int page_length;
812         int ret;
813         uint64_t data_ptr = args->data_ptr;
814         int do_bit17_swizzling;
815
816         remain = args->size;
817
818         /* Pin the user pages containing the data.  We can't fault while
819          * holding the struct mutex, and all of the pwrite implementations
820          * want to hold it while dereferencing the user data.
821          */
822         first_data_page = data_ptr / PAGE_SIZE;
823         last_data_page = (data_ptr + args->size - 1) / PAGE_SIZE;
824         num_pages = last_data_page - first_data_page + 1;
825
826         user_pages = drm_calloc_large(num_pages, sizeof(struct page *));
827         if (user_pages == NULL)
828                 return -ENOMEM;
829
830         down_read(&mm->mmap_sem);
831         pinned_pages = get_user_pages(current, mm, (uintptr_t)args->data_ptr,
832                                       num_pages, 0, 0, user_pages, NULL);
833         up_read(&mm->mmap_sem);
834         if (pinned_pages < num_pages) {
835                 ret = -EFAULT;
836                 goto fail_put_user_pages;
837         }
838
839         do_bit17_swizzling = i915_gem_object_needs_bit17_swizzle(obj);
840
841         mutex_lock(&dev->struct_mutex);
842
843         ret = i915_gem_object_get_pages(obj);
844         if (ret != 0)
845                 goto fail_unlock;
846
847         ret = i915_gem_object_set_to_cpu_domain(obj, 1);
848         if (ret != 0)
849                 goto fail_put_pages;
850
851         obj_priv = obj->driver_private;
852         offset = args->offset;
853         obj_priv->dirty = 1;
854
855         while (remain > 0) {
856                 /* Operation in this page
857                  *
858                  * shmem_page_index = page number within shmem file
859                  * shmem_page_offset = offset within page in shmem file
860                  * data_page_index = page number in get_user_pages return
861                  * data_page_offset = offset with data_page_index page.
862                  * page_length = bytes to copy for this page
863                  */
864                 shmem_page_index = offset / PAGE_SIZE;
865                 shmem_page_offset = offset & ~PAGE_MASK;
866                 data_page_index = data_ptr / PAGE_SIZE - first_data_page;
867                 data_page_offset = data_ptr & ~PAGE_MASK;
868
869                 page_length = remain;
870                 if ((shmem_page_offset + page_length) > PAGE_SIZE)
871                         page_length = PAGE_SIZE - shmem_page_offset;
872                 if ((data_page_offset + page_length) > PAGE_SIZE)
873                         page_length = PAGE_SIZE - data_page_offset;
874
875                 if (do_bit17_swizzling) {
876                         ret = slow_shmem_bit17_copy(obj_priv->pages[shmem_page_index],
877                                                     shmem_page_offset,
878                                                     user_pages[data_page_index],
879                                                     data_page_offset,
880                                                     page_length,
881                                                     0);
882                 } else {
883                         ret = slow_shmem_copy(obj_priv->pages[shmem_page_index],
884                                               shmem_page_offset,
885                                               user_pages[data_page_index],
886                                               data_page_offset,
887                                               page_length);
888                 }
889                 if (ret)
890                         goto fail_put_pages;
891
892                 remain -= page_length;
893                 data_ptr += page_length;
894                 offset += page_length;
895         }
896
897 fail_put_pages:
898         i915_gem_object_put_pages(obj);
899 fail_unlock:
900         mutex_unlock(&dev->struct_mutex);
901 fail_put_user_pages:
902         for (i = 0; i < pinned_pages; i++)
903                 page_cache_release(user_pages[i]);
904         drm_free_large(user_pages);
905
906         return ret;
907 }
908
909 /**
910  * Writes data to the object referenced by handle.
911  *
912  * On error, the contents of the buffer that were to be modified are undefined.
913  */
914 int
915 i915_gem_pwrite_ioctl(struct drm_device *dev, void *data,
916                       struct drm_file *file_priv)
917 {
918         struct drm_i915_gem_pwrite *args = data;
919         struct drm_gem_object *obj;
920         struct drm_i915_gem_object *obj_priv;
921         int ret = 0;
922
923         obj = drm_gem_object_lookup(dev, file_priv, args->handle);
924         if (obj == NULL)
925                 return -EBADF;
926         obj_priv = obj->driver_private;
927
928         /* Bounds check destination.
929          *
930          * XXX: This could use review for overflow issues...
931          */
932         if (args->offset > obj->size || args->size > obj->size ||
933             args->offset + args->size > obj->size) {
934                 drm_gem_object_unreference(obj);
935                 return -EINVAL;
936         }
937
938         /* We can only do the GTT pwrite on untiled buffers, as otherwise
939          * it would end up going through the fenced access, and we'll get
940          * different detiling behavior between reading and writing.
941          * pread/pwrite currently are reading and writing from the CPU
942          * perspective, requiring manual detiling by the client.
943          */
944         if (obj_priv->phys_obj)
945                 ret = i915_gem_phys_pwrite(dev, obj, args, file_priv);
946         else if (obj_priv->tiling_mode == I915_TILING_NONE &&
947                  dev->gtt_total != 0) {
948                 ret = i915_gem_gtt_pwrite_fast(dev, obj, args, file_priv);
949                 if (ret == -EFAULT) {
950                         ret = i915_gem_gtt_pwrite_slow(dev, obj, args,
951                                                        file_priv);
952                 }
953         } else if (i915_gem_object_needs_bit17_swizzle(obj)) {
954                 ret = i915_gem_shmem_pwrite_slow(dev, obj, args, file_priv);
955         } else {
956                 ret = i915_gem_shmem_pwrite_fast(dev, obj, args, file_priv);
957                 if (ret == -EFAULT) {
958                         ret = i915_gem_shmem_pwrite_slow(dev, obj, args,
959                                                          file_priv);
960                 }
961         }
962
963 #if WATCH_PWRITE
964         if (ret)
965                 DRM_INFO("pwrite failed %d\n", ret);
966 #endif
967
968         drm_gem_object_unreference(obj);
969
970         return ret;
971 }
972
973 /**
974  * Called when user space prepares to use an object with the CPU, either
975  * through the mmap ioctl's mapping or a GTT mapping.
976  */
977 int
978 i915_gem_set_domain_ioctl(struct drm_device *dev, void *data,
979                           struct drm_file *file_priv)
980 {
981         struct drm_i915_private *dev_priv = dev->dev_private;
982         struct drm_i915_gem_set_domain *args = data;
983         struct drm_gem_object *obj;
984         uint32_t read_domains = args->read_domains;
985         uint32_t write_domain = args->write_domain;
986         int ret;
987
988         if (!(dev->driver->driver_features & DRIVER_GEM))
989                 return -ENODEV;
990
991         /* Only handle setting domains to types used by the CPU. */
992         if (write_domain & I915_GEM_GPU_DOMAINS)
993                 return -EINVAL;
994
995         if (read_domains & I915_GEM_GPU_DOMAINS)
996                 return -EINVAL;
997
998         /* Having something in the write domain implies it's in the read
999          * domain, and only that read domain.  Enforce that in the request.
1000          */
1001         if (write_domain != 0 && read_domains != write_domain)
1002                 return -EINVAL;
1003
1004         obj = drm_gem_object_lookup(dev, file_priv, args->handle);
1005         if (obj == NULL)
1006                 return -EBADF;
1007
1008         mutex_lock(&dev->struct_mutex);
1009 #if WATCH_BUF
1010         DRM_INFO("set_domain_ioctl %p(%zd), %08x %08x\n",
1011                  obj, obj->size, read_domains, write_domain);
1012 #endif
1013         if (read_domains & I915_GEM_DOMAIN_GTT) {
1014                 struct drm_i915_gem_object *obj_priv = obj->driver_private;
1015
1016                 ret = i915_gem_object_set_to_gtt_domain(obj, write_domain != 0);
1017
1018                 /* Update the LRU on the fence for the CPU access that's
1019                  * about to occur.
1020                  */
1021                 if (obj_priv->fence_reg != I915_FENCE_REG_NONE) {
1022                         list_move_tail(&obj_priv->fence_list,
1023                                        &dev_priv->mm.fence_list);
1024                 }
1025
1026                 /* Silently promote "you're not bound, there was nothing to do"
1027                  * to success, since the client was just asking us to
1028                  * make sure everything was done.
1029                  */
1030                 if (ret == -EINVAL)
1031                         ret = 0;
1032         } else {
1033                 ret = i915_gem_object_set_to_cpu_domain(obj, write_domain != 0);
1034         }
1035
1036         drm_gem_object_unreference(obj);
1037         mutex_unlock(&dev->struct_mutex);
1038         return ret;
1039 }
1040
1041 /**
1042  * Called when user space has done writes to this buffer
1043  */
1044 int
1045 i915_gem_sw_finish_ioctl(struct drm_device *dev, void *data,
1046                       struct drm_file *file_priv)
1047 {
1048         struct drm_i915_gem_sw_finish *args = data;
1049         struct drm_gem_object *obj;
1050         struct drm_i915_gem_object *obj_priv;
1051         int ret = 0;
1052
1053         if (!(dev->driver->driver_features & DRIVER_GEM))
1054                 return -ENODEV;
1055
1056         mutex_lock(&dev->struct_mutex);
1057         obj = drm_gem_object_lookup(dev, file_priv, args->handle);
1058         if (obj == NULL) {
1059                 mutex_unlock(&dev->struct_mutex);
1060                 return -EBADF;
1061         }
1062
1063 #if WATCH_BUF
1064         DRM_INFO("%s: sw_finish %d (%p %zd)\n",
1065                  __func__, args->handle, obj, obj->size);
1066 #endif
1067         obj_priv = obj->driver_private;
1068
1069         /* Pinned buffers may be scanout, so flush the cache */
1070         if (obj_priv->pin_count)
1071                 i915_gem_object_flush_cpu_write_domain(obj);
1072
1073         drm_gem_object_unreference(obj);
1074         mutex_unlock(&dev->struct_mutex);
1075         return ret;
1076 }
1077
1078 /**
1079  * Maps the contents of an object, returning the address it is mapped
1080  * into.
1081  *
1082  * While the mapping holds a reference on the contents of the object, it doesn't
1083  * imply a ref on the object itself.
1084  */
1085 int
1086 i915_gem_mmap_ioctl(struct drm_device *dev, void *data,
1087                    struct drm_file *file_priv)
1088 {
1089         struct drm_i915_gem_mmap *args = data;
1090         struct drm_gem_object *obj;
1091         loff_t offset;
1092         unsigned long addr;
1093
1094         if (!(dev->driver->driver_features & DRIVER_GEM))
1095                 return -ENODEV;
1096
1097         obj = drm_gem_object_lookup(dev, file_priv, args->handle);
1098         if (obj == NULL)
1099                 return -EBADF;
1100
1101         offset = args->offset;
1102
1103         down_write(&current->mm->mmap_sem);
1104         addr = do_mmap(obj->filp, 0, args->size,
1105                        PROT_READ | PROT_WRITE, MAP_SHARED,
1106                        args->offset);
1107         up_write(&current->mm->mmap_sem);
1108         mutex_lock(&dev->struct_mutex);
1109         drm_gem_object_unreference(obj);
1110         mutex_unlock(&dev->struct_mutex);
1111         if (IS_ERR((void *)addr))
1112                 return addr;
1113
1114         args->addr_ptr = (uint64_t) addr;
1115
1116         return 0;
1117 }
1118
1119 /**
1120  * i915_gem_fault - fault a page into the GTT
1121  * vma: VMA in question
1122  * vmf: fault info
1123  *
1124  * The fault handler is set up by drm_gem_mmap() when a object is GTT mapped
1125  * from userspace.  The fault handler takes care of binding the object to
1126  * the GTT (if needed), allocating and programming a fence register (again,
1127  * only if needed based on whether the old reg is still valid or the object
1128  * is tiled) and inserting a new PTE into the faulting process.
1129  *
1130  * Note that the faulting process may involve evicting existing objects
1131  * from the GTT and/or fence registers to make room.  So performance may
1132  * suffer if the GTT working set is large or there are few fence registers
1133  * left.
1134  */
1135 int i915_gem_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
1136 {
1137         struct drm_gem_object *obj = vma->vm_private_data;
1138         struct drm_device *dev = obj->dev;
1139         struct drm_i915_private *dev_priv = dev->dev_private;
1140         struct drm_i915_gem_object *obj_priv = obj->driver_private;
1141         pgoff_t page_offset;
1142         unsigned long pfn;
1143         int ret = 0;
1144         bool write = !!(vmf->flags & FAULT_FLAG_WRITE);
1145
1146         /* We don't use vmf->pgoff since that has the fake offset */
1147         page_offset = ((unsigned long)vmf->virtual_address - vma->vm_start) >>
1148                 PAGE_SHIFT;
1149
1150         /* Now bind it into the GTT if needed */
1151         mutex_lock(&dev->struct_mutex);
1152         if (!obj_priv->gtt_space) {
1153                 ret = i915_gem_object_bind_to_gtt(obj, obj_priv->gtt_alignment);
1154                 if (ret) {
1155                         mutex_unlock(&dev->struct_mutex);
1156                         return VM_FAULT_SIGBUS;
1157                 }
1158
1159                 ret = i915_gem_object_set_to_gtt_domain(obj, write);
1160                 if (ret) {
1161                         mutex_unlock(&dev->struct_mutex);
1162                         return VM_FAULT_SIGBUS;
1163                 }
1164
1165                 list_add_tail(&obj_priv->list, &dev_priv->mm.inactive_list);
1166         }
1167
1168         /* Need a new fence register? */
1169         if (obj_priv->tiling_mode != I915_TILING_NONE) {
1170                 ret = i915_gem_object_get_fence_reg(obj);
1171                 if (ret) {
1172                         mutex_unlock(&dev->struct_mutex);
1173                         return VM_FAULT_SIGBUS;
1174                 }
1175         }
1176
1177         pfn = ((dev->agp->base + obj_priv->gtt_offset) >> PAGE_SHIFT) +
1178                 page_offset;
1179
1180         /* Finally, remap it using the new GTT offset */
1181         ret = vm_insert_pfn(vma, (unsigned long)vmf->virtual_address, pfn);
1182
1183         mutex_unlock(&dev->struct_mutex);
1184
1185         switch (ret) {
1186         case -ENOMEM:
1187         case -EAGAIN:
1188                 return VM_FAULT_OOM;
1189         case -EFAULT:
1190         case -EINVAL:
1191                 return VM_FAULT_SIGBUS;
1192         default:
1193                 return VM_FAULT_NOPAGE;
1194         }
1195 }
1196
1197 /**
1198  * i915_gem_create_mmap_offset - create a fake mmap offset for an object
1199  * @obj: obj in question
1200  *
1201  * GEM memory mapping works by handing back to userspace a fake mmap offset
1202  * it can use in a subsequent mmap(2) call.  The DRM core code then looks
1203  * up the object based on the offset and sets up the various memory mapping
1204  * structures.
1205  *
1206  * This routine allocates and attaches a fake offset for @obj.
1207  */
1208 static int
1209 i915_gem_create_mmap_offset(struct drm_gem_object *obj)
1210 {
1211         struct drm_device *dev = obj->dev;
1212         struct drm_gem_mm *mm = dev->mm_private;
1213         struct drm_i915_gem_object *obj_priv = obj->driver_private;
1214         struct drm_map_list *list;
1215         struct drm_local_map *map;
1216         int ret = 0;
1217
1218         /* Set the object up for mmap'ing */
1219         list = &obj->map_list;
1220         list->map = kzalloc(sizeof(struct drm_map_list), GFP_KERNEL);
1221         if (!list->map)
1222                 return -ENOMEM;
1223
1224         map = list->map;
1225         map->type = _DRM_GEM;
1226         map->size = obj->size;
1227         map->handle = obj;
1228
1229         /* Get a DRM GEM mmap offset allocated... */
1230         list->file_offset_node = drm_mm_search_free(&mm->offset_manager,
1231                                                     obj->size / PAGE_SIZE, 0, 0);
1232         if (!list->file_offset_node) {
1233                 DRM_ERROR("failed to allocate offset for bo %d\n", obj->name);
1234                 ret = -ENOMEM;
1235                 goto out_free_list;
1236         }
1237
1238         list->file_offset_node = drm_mm_get_block(list->file_offset_node,
1239                                                   obj->size / PAGE_SIZE, 0);
1240         if (!list->file_offset_node) {
1241                 ret = -ENOMEM;
1242                 goto out_free_list;
1243         }
1244
1245         list->hash.key = list->file_offset_node->start;
1246         if (drm_ht_insert_item(&mm->offset_hash, &list->hash)) {
1247                 DRM_ERROR("failed to add to map hash\n");
1248                 goto out_free_mm;
1249         }
1250
1251         /* By now we should be all set, any drm_mmap request on the offset
1252          * below will get to our mmap & fault handler */
1253         obj_priv->mmap_offset = ((uint64_t) list->hash.key) << PAGE_SHIFT;
1254
1255         return 0;
1256
1257 out_free_mm:
1258         drm_mm_put_block(list->file_offset_node);
1259 out_free_list:
1260         kfree(list->map);
1261
1262         return ret;
1263 }
1264
1265 /**
1266  * i915_gem_release_mmap - remove physical page mappings
1267  * @obj: obj in question
1268  *
1269  * Preserve the reservation of the mmaping with the DRM core code, but
1270  * relinquish ownership of the pages back to the system.
1271  *
1272  * It is vital that we remove the page mapping if we have mapped a tiled
1273  * object through the GTT and then lose the fence register due to
1274  * resource pressure. Similarly if the object has been moved out of the
1275  * aperture, than pages mapped into userspace must be revoked. Removing the
1276  * mapping will then trigger a page fault on the next user access, allowing
1277  * fixup by i915_gem_fault().
1278  */
1279 void
1280 i915_gem_release_mmap(struct drm_gem_object *obj)
1281 {
1282         struct drm_device *dev = obj->dev;
1283         struct drm_i915_gem_object *obj_priv = obj->driver_private;
1284
1285         if (dev->dev_mapping)
1286                 unmap_mapping_range(dev->dev_mapping,
1287                                     obj_priv->mmap_offset, obj->size, 1);
1288 }
1289
1290 static void
1291 i915_gem_free_mmap_offset(struct drm_gem_object *obj)
1292 {
1293         struct drm_device *dev = obj->dev;
1294         struct drm_i915_gem_object *obj_priv = obj->driver_private;
1295         struct drm_gem_mm *mm = dev->mm_private;
1296         struct drm_map_list *list;
1297
1298         list = &obj->map_list;
1299         drm_ht_remove_item(&mm->offset_hash, &list->hash);
1300
1301         if (list->file_offset_node) {
1302                 drm_mm_put_block(list->file_offset_node);
1303                 list->file_offset_node = NULL;
1304         }
1305
1306         if (list->map) {
1307                 kfree(list->map);
1308                 list->map = NULL;
1309         }
1310
1311         obj_priv->mmap_offset = 0;
1312 }
1313
1314 /**
1315  * i915_gem_get_gtt_alignment - return required GTT alignment for an object
1316  * @obj: object to check
1317  *
1318  * Return the required GTT alignment for an object, taking into account
1319  * potential fence register mapping if needed.
1320  */
1321 static uint32_t
1322 i915_gem_get_gtt_alignment(struct drm_gem_object *obj)
1323 {
1324         struct drm_device *dev = obj->dev;
1325         struct drm_i915_gem_object *obj_priv = obj->driver_private;
1326         int start, i;
1327
1328         /*
1329          * Minimum alignment is 4k (GTT page size), but might be greater
1330          * if a fence register is needed for the object.
1331          */
1332         if (IS_I965G(dev) || obj_priv->tiling_mode == I915_TILING_NONE)
1333                 return 4096;
1334
1335         /*
1336          * Previous chips need to be aligned to the size of the smallest
1337          * fence register that can contain the object.
1338          */
1339         if (IS_I9XX(dev))
1340                 start = 1024*1024;
1341         else
1342                 start = 512*1024;
1343
1344         for (i = start; i < obj->size; i <<= 1)
1345                 ;
1346
1347         return i;
1348 }
1349
1350 /**
1351  * i915_gem_mmap_gtt_ioctl - prepare an object for GTT mmap'ing
1352  * @dev: DRM device
1353  * @data: GTT mapping ioctl data
1354  * @file_priv: GEM object info
1355  *
1356  * Simply returns the fake offset to userspace so it can mmap it.
1357  * The mmap call will end up in drm_gem_mmap(), which will set things
1358  * up so we can get faults in the handler above.
1359  *
1360  * The fault handler will take care of binding the object into the GTT
1361  * (since it may have been evicted to make room for something), allocating
1362  * a fence register, and mapping the appropriate aperture address into
1363  * userspace.
1364  */
1365 int
1366 i915_gem_mmap_gtt_ioctl(struct drm_device *dev, void *data,
1367                         struct drm_file *file_priv)
1368 {
1369         struct drm_i915_gem_mmap_gtt *args = data;
1370         struct drm_i915_private *dev_priv = dev->dev_private;
1371         struct drm_gem_object *obj;
1372         struct drm_i915_gem_object *obj_priv;
1373         int ret;
1374
1375         if (!(dev->driver->driver_features & DRIVER_GEM))
1376                 return -ENODEV;
1377
1378         obj = drm_gem_object_lookup(dev, file_priv, args->handle);
1379         if (obj == NULL)
1380                 return -EBADF;
1381
1382         mutex_lock(&dev->struct_mutex);
1383
1384         obj_priv = obj->driver_private;
1385
1386         if (!obj_priv->mmap_offset) {
1387                 ret = i915_gem_create_mmap_offset(obj);
1388                 if (ret) {
1389                         drm_gem_object_unreference(obj);
1390                         mutex_unlock(&dev->struct_mutex);
1391                         return ret;
1392                 }
1393         }
1394
1395         args->offset = obj_priv->mmap_offset;
1396
1397         obj_priv->gtt_alignment = i915_gem_get_gtt_alignment(obj);
1398
1399         /* Make sure the alignment is correct for fence regs etc */
1400         if (obj_priv->agp_mem &&
1401             (obj_priv->gtt_offset & (obj_priv->gtt_alignment - 1))) {
1402                 drm_gem_object_unreference(obj);
1403                 mutex_unlock(&dev->struct_mutex);
1404                 return -EINVAL;
1405         }
1406
1407         /*
1408          * Pull it into the GTT so that we have a page list (makes the
1409          * initial fault faster and any subsequent flushing possible).
1410          */
1411         if (!obj_priv->agp_mem) {
1412                 ret = i915_gem_object_bind_to_gtt(obj, obj_priv->gtt_alignment);
1413                 if (ret) {
1414                         drm_gem_object_unreference(obj);
1415                         mutex_unlock(&dev->struct_mutex);
1416                         return ret;
1417                 }
1418                 list_add_tail(&obj_priv->list, &dev_priv->mm.inactive_list);
1419         }
1420
1421         drm_gem_object_unreference(obj);
1422         mutex_unlock(&dev->struct_mutex);
1423
1424         return 0;
1425 }
1426
1427 void
1428 i915_gem_object_put_pages(struct drm_gem_object *obj)
1429 {
1430         struct drm_i915_gem_object *obj_priv = obj->driver_private;
1431         int page_count = obj->size / PAGE_SIZE;
1432         int i;
1433
1434         BUG_ON(obj_priv->pages_refcount == 0);
1435
1436         if (--obj_priv->pages_refcount != 0)
1437                 return;
1438
1439         if (obj_priv->tiling_mode != I915_TILING_NONE)
1440                 i915_gem_object_save_bit_17_swizzle(obj);
1441
1442         for (i = 0; i < page_count; i++)
1443                 if (obj_priv->pages[i] != NULL) {
1444                         if (obj_priv->dirty)
1445                                 set_page_dirty(obj_priv->pages[i]);
1446                         mark_page_accessed(obj_priv->pages[i]);
1447                         page_cache_release(obj_priv->pages[i]);
1448                 }
1449         obj_priv->dirty = 0;
1450
1451         drm_free_large(obj_priv->pages);
1452         obj_priv->pages = NULL;
1453 }
1454
1455 static void
1456 i915_gem_object_move_to_active(struct drm_gem_object *obj, uint32_t seqno)
1457 {
1458         struct drm_device *dev = obj->dev;
1459         drm_i915_private_t *dev_priv = dev->dev_private;
1460         struct drm_i915_gem_object *obj_priv = obj->driver_private;
1461
1462         /* Add a reference if we're newly entering the active list. */
1463         if (!obj_priv->active) {
1464                 drm_gem_object_reference(obj);
1465                 obj_priv->active = 1;
1466         }
1467         /* Move from whatever list we were on to the tail of execution. */
1468         spin_lock(&dev_priv->mm.active_list_lock);
1469         list_move_tail(&obj_priv->list,
1470                        &dev_priv->mm.active_list);
1471         spin_unlock(&dev_priv->mm.active_list_lock);
1472         obj_priv->last_rendering_seqno = seqno;
1473 }
1474
1475 static void
1476 i915_gem_object_move_to_flushing(struct drm_gem_object *obj)
1477 {
1478         struct drm_device *dev = obj->dev;
1479         drm_i915_private_t *dev_priv = dev->dev_private;
1480         struct drm_i915_gem_object *obj_priv = obj->driver_private;
1481
1482         BUG_ON(!obj_priv->active);
1483         list_move_tail(&obj_priv->list, &dev_priv->mm.flushing_list);
1484         obj_priv->last_rendering_seqno = 0;
1485 }
1486
1487 static void
1488 i915_gem_object_move_to_inactive(struct drm_gem_object *obj)
1489 {
1490         struct drm_device *dev = obj->dev;
1491         drm_i915_private_t *dev_priv = dev->dev_private;
1492         struct drm_i915_gem_object *obj_priv = obj->driver_private;
1493
1494         i915_verify_inactive(dev, __FILE__, __LINE__);
1495         if (obj_priv->pin_count != 0)
1496                 list_del_init(&obj_priv->list);
1497         else
1498                 list_move_tail(&obj_priv->list, &dev_priv->mm.inactive_list);
1499
1500         obj_priv->last_rendering_seqno = 0;
1501         if (obj_priv->active) {
1502                 obj_priv->active = 0;
1503                 drm_gem_object_unreference(obj);
1504         }
1505         i915_verify_inactive(dev, __FILE__, __LINE__);
1506 }
1507
1508 /**
1509  * Creates a new sequence number, emitting a write of it to the status page
1510  * plus an interrupt, which will trigger i915_user_interrupt_handler.
1511  *
1512  * Must be called with struct_lock held.
1513  *
1514  * Returned sequence numbers are nonzero on success.
1515  */
1516 static uint32_t
1517 i915_add_request(struct drm_device *dev, struct drm_file *file_priv,
1518                  uint32_t flush_domains)
1519 {
1520         drm_i915_private_t *dev_priv = dev->dev_private;
1521         struct drm_i915_file_private *i915_file_priv = NULL;
1522         struct drm_i915_gem_request *request;
1523         uint32_t seqno;
1524         int was_empty;
1525         RING_LOCALS;
1526
1527         if (file_priv != NULL)
1528                 i915_file_priv = file_priv->driver_priv;
1529
1530         request = kzalloc(sizeof(*request), GFP_KERNEL);
1531         if (request == NULL)
1532                 return 0;
1533
1534         /* Grab the seqno we're going to make this request be, and bump the
1535          * next (skipping 0 so it can be the reserved no-seqno value).
1536          */
1537         seqno = dev_priv->mm.next_gem_seqno;
1538         dev_priv->mm.next_gem_seqno++;
1539         if (dev_priv->mm.next_gem_seqno == 0)
1540                 dev_priv->mm.next_gem_seqno++;
1541
1542         BEGIN_LP_RING(4);
1543         OUT_RING(MI_STORE_DWORD_INDEX);
1544         OUT_RING(I915_GEM_HWS_INDEX << MI_STORE_DWORD_INDEX_SHIFT);
1545         OUT_RING(seqno);
1546
1547         OUT_RING(MI_USER_INTERRUPT);
1548         ADVANCE_LP_RING();
1549
1550         DRM_DEBUG("%d\n", seqno);
1551
1552         request->seqno = seqno;
1553         request->emitted_jiffies = jiffies;
1554         was_empty = list_empty(&dev_priv->mm.request_list);
1555         list_add_tail(&request->list, &dev_priv->mm.request_list);
1556         if (i915_file_priv) {
1557                 list_add_tail(&request->client_list,
1558                               &i915_file_priv->mm.request_list);
1559         } else {
1560                 INIT_LIST_HEAD(&request->client_list);
1561         }
1562
1563         /* Associate any objects on the flushing list matching the write
1564          * domain we're flushing with our flush.
1565          */
1566         if (flush_domains != 0) {
1567                 struct drm_i915_gem_object *obj_priv, *next;
1568
1569                 list_for_each_entry_safe(obj_priv, next,
1570                                          &dev_priv->mm.flushing_list, list) {
1571                         struct drm_gem_object *obj = obj_priv->obj;
1572
1573                         if ((obj->write_domain & flush_domains) ==
1574                             obj->write_domain) {
1575                                 obj->write_domain = 0;
1576                                 i915_gem_object_move_to_active(obj, seqno);
1577                         }
1578                 }
1579
1580         }
1581
1582         if (was_empty && !dev_priv->mm.suspended)
1583                 queue_delayed_work(dev_priv->wq, &dev_priv->mm.retire_work, HZ);
1584         return seqno;
1585 }
1586
1587 /**
1588  * Command execution barrier
1589  *
1590  * Ensures that all commands in the ring are finished
1591  * before signalling the CPU
1592  */
1593 static uint32_t
1594 i915_retire_commands(struct drm_device *dev)
1595 {
1596         drm_i915_private_t *dev_priv = dev->dev_private;
1597         uint32_t cmd = MI_FLUSH | MI_NO_WRITE_FLUSH;
1598         uint32_t flush_domains = 0;
1599         RING_LOCALS;
1600
1601         /* The sampler always gets flushed on i965 (sigh) */
1602         if (IS_I965G(dev))
1603                 flush_domains |= I915_GEM_DOMAIN_SAMPLER;
1604         BEGIN_LP_RING(2);
1605         OUT_RING(cmd);
1606         OUT_RING(0); /* noop */
1607         ADVANCE_LP_RING();
1608         return flush_domains;
1609 }
1610
1611 /**
1612  * Moves buffers associated only with the given active seqno from the active
1613  * to inactive list, potentially freeing them.
1614  */
1615 static void
1616 i915_gem_retire_request(struct drm_device *dev,
1617                         struct drm_i915_gem_request *request)
1618 {
1619         drm_i915_private_t *dev_priv = dev->dev_private;
1620
1621         /* Move any buffers on the active list that are no longer referenced
1622          * by the ringbuffer to the flushing/inactive lists as appropriate.
1623          */
1624         spin_lock(&dev_priv->mm.active_list_lock);
1625         while (!list_empty(&dev_priv->mm.active_list)) {
1626                 struct drm_gem_object *obj;
1627                 struct drm_i915_gem_object *obj_priv;
1628
1629                 obj_priv = list_first_entry(&dev_priv->mm.active_list,
1630                                             struct drm_i915_gem_object,
1631                                             list);
1632                 obj = obj_priv->obj;
1633
1634                 /* If the seqno being retired doesn't match the oldest in the
1635                  * list, then the oldest in the list must still be newer than
1636                  * this seqno.
1637                  */
1638                 if (obj_priv->last_rendering_seqno != request->seqno)
1639                         goto out;
1640
1641 #if WATCH_LRU
1642                 DRM_INFO("%s: retire %d moves to inactive list %p\n",
1643                          __func__, request->seqno, obj);
1644 #endif
1645
1646                 if (obj->write_domain != 0)
1647                         i915_gem_object_move_to_flushing(obj);
1648                 else {
1649                         /* Take a reference on the object so it won't be
1650                          * freed while the spinlock is held.  The list
1651                          * protection for this spinlock is safe when breaking
1652                          * the lock like this since the next thing we do
1653                          * is just get the head of the list again.
1654                          */
1655                         drm_gem_object_reference(obj);
1656                         i915_gem_object_move_to_inactive(obj);
1657                         spin_unlock(&dev_priv->mm.active_list_lock);
1658                         drm_gem_object_unreference(obj);
1659                         spin_lock(&dev_priv->mm.active_list_lock);
1660                 }
1661         }
1662 out:
1663         spin_unlock(&dev_priv->mm.active_list_lock);
1664 }
1665
1666 /**
1667  * Returns true if seq1 is later than seq2.
1668  */
1669 static int
1670 i915_seqno_passed(uint32_t seq1, uint32_t seq2)
1671 {
1672         return (int32_t)(seq1 - seq2) >= 0;
1673 }
1674
1675 uint32_t
1676 i915_get_gem_seqno(struct drm_device *dev)
1677 {
1678         drm_i915_private_t *dev_priv = dev->dev_private;
1679
1680         return READ_HWSP(dev_priv, I915_GEM_HWS_INDEX);
1681 }
1682
1683 /**
1684  * This function clears the request list as sequence numbers are passed.
1685  */
1686 void
1687 i915_gem_retire_requests(struct drm_device *dev)
1688 {
1689         drm_i915_private_t *dev_priv = dev->dev_private;
1690         uint32_t seqno;
1691
1692         if (!dev_priv->hw_status_page)
1693                 return;
1694
1695         seqno = i915_get_gem_seqno(dev);
1696
1697         while (!list_empty(&dev_priv->mm.request_list)) {
1698                 struct drm_i915_gem_request *request;
1699                 uint32_t retiring_seqno;
1700
1701                 request = list_first_entry(&dev_priv->mm.request_list,
1702                                            struct drm_i915_gem_request,
1703                                            list);
1704                 retiring_seqno = request->seqno;
1705
1706                 if (i915_seqno_passed(seqno, retiring_seqno) ||
1707                     dev_priv->mm.wedged) {
1708                         i915_gem_retire_request(dev, request);
1709
1710                         list_del(&request->list);
1711                         list_del(&request->client_list);
1712                         kfree(request);
1713                 } else
1714                         break;
1715         }
1716 }
1717
1718 void
1719 i915_gem_retire_work_handler(struct work_struct *work)
1720 {
1721         drm_i915_private_t *dev_priv;
1722         struct drm_device *dev;
1723
1724         dev_priv = container_of(work, drm_i915_private_t,
1725                                 mm.retire_work.work);
1726         dev = dev_priv->dev;
1727
1728         mutex_lock(&dev->struct_mutex);
1729         i915_gem_retire_requests(dev);
1730         if (!dev_priv->mm.suspended &&
1731             !list_empty(&dev_priv->mm.request_list))
1732                 queue_delayed_work(dev_priv->wq, &dev_priv->mm.retire_work, HZ);
1733         mutex_unlock(&dev->struct_mutex);
1734 }
1735
1736 /**
1737  * Waits for a sequence number to be signaled, and cleans up the
1738  * request and object lists appropriately for that event.
1739  */
1740 static int
1741 i915_wait_request(struct drm_device *dev, uint32_t seqno)
1742 {
1743         drm_i915_private_t *dev_priv = dev->dev_private;
1744         u32 ier;
1745         int ret = 0;
1746
1747         BUG_ON(seqno == 0);
1748
1749         if (!i915_seqno_passed(i915_get_gem_seqno(dev), seqno)) {
1750                 if (IS_IGDNG(dev))
1751                         ier = I915_READ(DEIER) | I915_READ(GTIER);
1752                 else
1753                         ier = I915_READ(IER);
1754                 if (!ier) {
1755                         DRM_ERROR("something (likely vbetool) disabled "
1756                                   "interrupts, re-enabling\n");
1757                         i915_driver_irq_preinstall(dev);
1758                         i915_driver_irq_postinstall(dev);
1759                 }
1760
1761                 dev_priv->mm.waiting_gem_seqno = seqno;
1762                 i915_user_irq_get(dev);
1763                 ret = wait_event_interruptible(dev_priv->irq_queue,
1764                                                i915_seqno_passed(i915_get_gem_seqno(dev),
1765                                                                  seqno) ||
1766                                                dev_priv->mm.wedged);
1767                 i915_user_irq_put(dev);
1768                 dev_priv->mm.waiting_gem_seqno = 0;
1769         }
1770         if (dev_priv->mm.wedged)
1771                 ret = -EIO;
1772
1773         if (ret && ret != -ERESTARTSYS)
1774                 DRM_ERROR("%s returns %d (awaiting %d at %d)\n",
1775                           __func__, ret, seqno, i915_get_gem_seqno(dev));
1776
1777         /* Directly dispatch request retiring.  While we have the work queue
1778          * to handle this, the waiter on a request often wants an associated
1779          * buffer to have made it to the inactive list, and we would need
1780          * a separate wait queue to handle that.
1781          */
1782         if (ret == 0)
1783                 i915_gem_retire_requests(dev);
1784
1785         return ret;
1786 }
1787
1788 static void
1789 i915_gem_flush(struct drm_device *dev,
1790                uint32_t invalidate_domains,
1791                uint32_t flush_domains)
1792 {
1793         drm_i915_private_t *dev_priv = dev->dev_private;
1794         uint32_t cmd;
1795         RING_LOCALS;
1796
1797 #if WATCH_EXEC
1798         DRM_INFO("%s: invalidate %08x flush %08x\n", __func__,
1799                   invalidate_domains, flush_domains);
1800 #endif
1801
1802         if (flush_domains & I915_GEM_DOMAIN_CPU)
1803                 drm_agp_chipset_flush(dev);
1804
1805         if ((invalidate_domains | flush_domains) & I915_GEM_GPU_DOMAINS) {
1806                 /*
1807                  * read/write caches:
1808                  *
1809                  * I915_GEM_DOMAIN_RENDER is always invalidated, but is
1810                  * only flushed if MI_NO_WRITE_FLUSH is unset.  On 965, it is
1811                  * also flushed at 2d versus 3d pipeline switches.
1812                  *
1813                  * read-only caches:
1814                  *
1815                  * I915_GEM_DOMAIN_SAMPLER is flushed on pre-965 if
1816                  * MI_READ_FLUSH is set, and is always flushed on 965.
1817                  *
1818                  * I915_GEM_DOMAIN_COMMAND may not exist?
1819                  *
1820                  * I915_GEM_DOMAIN_INSTRUCTION, which exists on 965, is
1821                  * invalidated when MI_EXE_FLUSH is set.
1822                  *
1823                  * I915_GEM_DOMAIN_VERTEX, which exists on 965, is
1824                  * invalidated with every MI_FLUSH.
1825                  *
1826                  * TLBs:
1827                  *
1828                  * On 965, TLBs associated with I915_GEM_DOMAIN_COMMAND
1829                  * and I915_GEM_DOMAIN_CPU in are invalidated at PTE write and
1830                  * I915_GEM_DOMAIN_RENDER and I915_GEM_DOMAIN_SAMPLER
1831                  * are flushed at any MI_FLUSH.
1832                  */
1833
1834                 cmd = MI_FLUSH | MI_NO_WRITE_FLUSH;
1835                 if ((invalidate_domains|flush_domains) &
1836                     I915_GEM_DOMAIN_RENDER)
1837                         cmd &= ~MI_NO_WRITE_FLUSH;
1838                 if (!IS_I965G(dev)) {
1839                         /*
1840                          * On the 965, the sampler cache always gets flushed
1841                          * and this bit is reserved.
1842                          */
1843                         if (invalidate_domains & I915_GEM_DOMAIN_SAMPLER)
1844                                 cmd |= MI_READ_FLUSH;
1845                 }
1846                 if (invalidate_domains & I915_GEM_DOMAIN_INSTRUCTION)
1847                         cmd |= MI_EXE_FLUSH;
1848
1849 #if WATCH_EXEC
1850                 DRM_INFO("%s: queue flush %08x to ring\n", __func__, cmd);
1851 #endif
1852                 BEGIN_LP_RING(2);
1853                 OUT_RING(cmd);
1854                 OUT_RING(0); /* noop */
1855                 ADVANCE_LP_RING();
1856         }
1857 }
1858
1859 /**
1860  * Ensures that all rendering to the object has completed and the object is
1861  * safe to unbind from the GTT or access from the CPU.
1862  */
1863 static int
1864 i915_gem_object_wait_rendering(struct drm_gem_object *obj)
1865 {
1866         struct drm_device *dev = obj->dev;
1867         struct drm_i915_gem_object *obj_priv = obj->driver_private;
1868         int ret;
1869
1870         /* This function only exists to support waiting for existing rendering,
1871          * not for emitting required flushes.
1872          */
1873         BUG_ON((obj->write_domain & I915_GEM_GPU_DOMAINS) != 0);
1874
1875         /* If there is rendering queued on the buffer being evicted, wait for
1876          * it.
1877          */
1878         if (obj_priv->active) {
1879 #if WATCH_BUF
1880                 DRM_INFO("%s: object %p wait for seqno %08x\n",
1881                           __func__, obj, obj_priv->last_rendering_seqno);
1882 #endif
1883                 ret = i915_wait_request(dev, obj_priv->last_rendering_seqno);
1884                 if (ret != 0)
1885                         return ret;
1886         }
1887
1888         return 0;
1889 }
1890
1891 /**
1892  * Unbinds an object from the GTT aperture.
1893  */
1894 int
1895 i915_gem_object_unbind(struct drm_gem_object *obj)
1896 {
1897         struct drm_device *dev = obj->dev;
1898         struct drm_i915_gem_object *obj_priv = obj->driver_private;
1899         int ret = 0;
1900
1901 #if WATCH_BUF
1902         DRM_INFO("%s:%d %p\n", __func__, __LINE__, obj);
1903         DRM_INFO("gtt_space %p\n", obj_priv->gtt_space);
1904 #endif
1905         if (obj_priv->gtt_space == NULL)
1906                 return 0;
1907
1908         if (obj_priv->pin_count != 0) {
1909                 DRM_ERROR("Attempting to unbind pinned buffer\n");
1910                 return -EINVAL;
1911         }
1912
1913         /* Move the object to the CPU domain to ensure that
1914          * any possible CPU writes while it's not in the GTT
1915          * are flushed when we go to remap it. This will
1916          * also ensure that all pending GPU writes are finished
1917          * before we unbind.
1918          */
1919         ret = i915_gem_object_set_to_cpu_domain(obj, 1);
1920         if (ret) {
1921                 if (ret != -ERESTARTSYS)
1922                         DRM_ERROR("set_domain failed: %d\n", ret);
1923                 return ret;
1924         }
1925
1926         if (obj_priv->agp_mem != NULL) {
1927                 drm_unbind_agp(obj_priv->agp_mem);
1928                 drm_free_agp(obj_priv->agp_mem, obj->size / PAGE_SIZE);
1929                 obj_priv->agp_mem = NULL;
1930         }
1931
1932         BUG_ON(obj_priv->active);
1933
1934         /* blow away mappings if mapped through GTT */
1935         i915_gem_release_mmap(obj);
1936
1937         if (obj_priv->fence_reg != I915_FENCE_REG_NONE)
1938                 i915_gem_clear_fence_reg(obj);
1939
1940         i915_gem_object_put_pages(obj);
1941
1942         if (obj_priv->gtt_space) {
1943                 atomic_dec(&dev->gtt_count);
1944                 atomic_sub(obj->size, &dev->gtt_memory);
1945
1946                 drm_mm_put_block(obj_priv->gtt_space);
1947                 obj_priv->gtt_space = NULL;
1948         }
1949
1950         /* Remove ourselves from the LRU list if present. */
1951         if (!list_empty(&obj_priv->list))
1952                 list_del_init(&obj_priv->list);
1953
1954         return 0;
1955 }
1956
1957 static int
1958 i915_gem_evict_something(struct drm_device *dev)
1959 {
1960         drm_i915_private_t *dev_priv = dev->dev_private;
1961         struct drm_gem_object *obj;
1962         struct drm_i915_gem_object *obj_priv;
1963         int ret = 0;
1964
1965         for (;;) {
1966                 /* If there's an inactive buffer available now, grab it
1967                  * and be done.
1968                  */
1969                 if (!list_empty(&dev_priv->mm.inactive_list)) {
1970                         obj_priv = list_first_entry(&dev_priv->mm.inactive_list,
1971                                                     struct drm_i915_gem_object,
1972                                                     list);
1973                         obj = obj_priv->obj;
1974                         BUG_ON(obj_priv->pin_count != 0);
1975 #if WATCH_LRU
1976                         DRM_INFO("%s: evicting %p\n", __func__, obj);
1977 #endif
1978                         BUG_ON(obj_priv->active);
1979
1980                         /* Wait on the rendering and unbind the buffer. */
1981                         ret = i915_gem_object_unbind(obj);
1982                         break;
1983                 }
1984
1985                 /* If we didn't get anything, but the ring is still processing
1986                  * things, wait for one of those things to finish and hopefully
1987                  * leave us a buffer to evict.
1988                  */
1989                 if (!list_empty(&dev_priv->mm.request_list)) {
1990                         struct drm_i915_gem_request *request;
1991
1992                         request = list_first_entry(&dev_priv->mm.request_list,
1993                                                    struct drm_i915_gem_request,
1994                                                    list);
1995
1996                         ret = i915_wait_request(dev, request->seqno);
1997                         if (ret)
1998                                 break;
1999
2000                         /* if waiting caused an object to become inactive,
2001                          * then loop around and wait for it. Otherwise, we
2002                          * assume that waiting freed and unbound something,
2003                          * so there should now be some space in the GTT
2004                          */
2005                         if (!list_empty(&dev_priv->mm.inactive_list))
2006                                 continue;
2007                         break;
2008                 }
2009
2010                 /* If we didn't have anything on the request list but there
2011                  * are buffers awaiting a flush, emit one and try again.
2012                  * When we wait on it, those buffers waiting for that flush
2013                  * will get moved to inactive.
2014                  */
2015                 if (!list_empty(&dev_priv->mm.flushing_list)) {
2016                         obj_priv = list_first_entry(&dev_priv->mm.flushing_list,
2017                                                     struct drm_i915_gem_object,
2018                                                     list);
2019                         obj = obj_priv->obj;
2020
2021                         i915_gem_flush(dev,
2022                                        obj->write_domain,
2023                                        obj->write_domain);
2024                         i915_add_request(dev, NULL, obj->write_domain);
2025
2026                         obj = NULL;
2027                         continue;
2028                 }
2029
2030                 DRM_ERROR("inactive empty %d request empty %d "
2031                           "flushing empty %d\n",
2032                           list_empty(&dev_priv->mm.inactive_list),
2033                           list_empty(&dev_priv->mm.request_list),
2034                           list_empty(&dev_priv->mm.flushing_list));
2035                 /* If we didn't do any of the above, there's nothing to be done
2036                  * and we just can't fit it in.
2037                  */
2038                 return -ENOSPC;
2039         }
2040         return ret;
2041 }
2042
2043 static int
2044 i915_gem_evict_everything(struct drm_device *dev)
2045 {
2046         int ret;
2047
2048         for (;;) {
2049                 ret = i915_gem_evict_something(dev);
2050                 if (ret != 0)
2051                         break;
2052         }
2053         if (ret == -ENOSPC)
2054                 return 0;
2055         return ret;
2056 }
2057
2058 int
2059 i915_gem_object_get_pages(struct drm_gem_object *obj)
2060 {
2061         struct drm_i915_gem_object *obj_priv = obj->driver_private;
2062         int page_count, i;
2063         struct address_space *mapping;
2064         struct inode *inode;
2065         struct page *page;
2066         int ret;
2067
2068         if (obj_priv->pages_refcount++ != 0)
2069                 return 0;
2070
2071         /* Get the list of pages out of our struct file.  They'll be pinned
2072          * at this point until we release them.
2073          */
2074         page_count = obj->size / PAGE_SIZE;
2075         BUG_ON(obj_priv->pages != NULL);
2076         obj_priv->pages = drm_calloc_large(page_count, sizeof(struct page *));
2077         if (obj_priv->pages == NULL) {
2078                 DRM_ERROR("Faled to allocate page list\n");
2079                 obj_priv->pages_refcount--;
2080                 return -ENOMEM;
2081         }
2082
2083         inode = obj->filp->f_path.dentry->d_inode;
2084         mapping = inode->i_mapping;
2085         for (i = 0; i < page_count; i++) {
2086                 page = read_mapping_page(mapping, i, NULL);
2087                 if (IS_ERR(page)) {
2088                         ret = PTR_ERR(page);
2089                         DRM_ERROR("read_mapping_page failed: %d\n", ret);
2090                         i915_gem_object_put_pages(obj);
2091                         return ret;
2092                 }
2093                 obj_priv->pages[i] = page;
2094         }
2095
2096         if (obj_priv->tiling_mode != I915_TILING_NONE)
2097                 i915_gem_object_do_bit_17_swizzle(obj);
2098
2099         return 0;
2100 }
2101
2102 static void i965_write_fence_reg(struct drm_i915_fence_reg *reg)
2103 {
2104         struct drm_gem_object *obj = reg->obj;
2105         struct drm_device *dev = obj->dev;
2106         drm_i915_private_t *dev_priv = dev->dev_private;
2107         struct drm_i915_gem_object *obj_priv = obj->driver_private;
2108         int regnum = obj_priv->fence_reg;
2109         uint64_t val;
2110
2111         val = (uint64_t)((obj_priv->gtt_offset + obj->size - 4096) &
2112                     0xfffff000) << 32;
2113         val |= obj_priv->gtt_offset & 0xfffff000;
2114         val |= ((obj_priv->stride / 128) - 1) << I965_FENCE_PITCH_SHIFT;
2115         if (obj_priv->tiling_mode == I915_TILING_Y)
2116                 val |= 1 << I965_FENCE_TILING_Y_SHIFT;
2117         val |= I965_FENCE_REG_VALID;
2118
2119         I915_WRITE64(FENCE_REG_965_0 + (regnum * 8), val);
2120 }
2121
2122 static void i915_write_fence_reg(struct drm_i915_fence_reg *reg)
2123 {
2124         struct drm_gem_object *obj = reg->obj;
2125         struct drm_device *dev = obj->dev;
2126         drm_i915_private_t *dev_priv = dev->dev_private;
2127         struct drm_i915_gem_object *obj_priv = obj->driver_private;
2128         int regnum = obj_priv->fence_reg;
2129         int tile_width;
2130         uint32_t fence_reg, val;
2131         uint32_t pitch_val;
2132
2133         if ((obj_priv->gtt_offset & ~I915_FENCE_START_MASK) ||
2134             (obj_priv->gtt_offset & (obj->size - 1))) {
2135                 WARN(1, "%s: object 0x%08x not 1M or size (0x%zx) aligned\n",
2136                      __func__, obj_priv->gtt_offset, obj->size);
2137                 return;
2138         }
2139
2140         if (obj_priv->tiling_mode == I915_TILING_Y &&
2141             HAS_128_BYTE_Y_TILING(dev))
2142                 tile_width = 128;
2143         else
2144                 tile_width = 512;
2145
2146         /* Note: pitch better be a power of two tile widths */
2147         pitch_val = obj_priv->stride / tile_width;
2148         pitch_val = ffs(pitch_val) - 1;
2149
2150         val = obj_priv->gtt_offset;
2151         if (obj_priv->tiling_mode == I915_TILING_Y)
2152                 val |= 1 << I830_FENCE_TILING_Y_SHIFT;
2153         val |= I915_FENCE_SIZE_BITS(obj->size);
2154         val |= pitch_val << I830_FENCE_PITCH_SHIFT;
2155         val |= I830_FENCE_REG_VALID;
2156
2157         if (regnum < 8)
2158                 fence_reg = FENCE_REG_830_0 + (regnum * 4);
2159         else
2160                 fence_reg = FENCE_REG_945_8 + ((regnum - 8) * 4);
2161         I915_WRITE(fence_reg, val);
2162 }
2163
2164 static void i830_write_fence_reg(struct drm_i915_fence_reg *reg)
2165 {
2166         struct drm_gem_object *obj = reg->obj;
2167         struct drm_device *dev = obj->dev;
2168         drm_i915_private_t *dev_priv = dev->dev_private;
2169         struct drm_i915_gem_object *obj_priv = obj->driver_private;
2170         int regnum = obj_priv->fence_reg;
2171         uint32_t val;
2172         uint32_t pitch_val;
2173         uint32_t fence_size_bits;
2174
2175         if ((obj_priv->gtt_offset & ~I830_FENCE_START_MASK) ||
2176             (obj_priv->gtt_offset & (obj->size - 1))) {
2177                 WARN(1, "%s: object 0x%08x not 512K or size aligned\n",
2178                      __func__, obj_priv->gtt_offset);
2179                 return;
2180         }
2181
2182         pitch_val = obj_priv->stride / 128;
2183         pitch_val = ffs(pitch_val) - 1;
2184         WARN_ON(pitch_val > I830_FENCE_MAX_PITCH_VAL);
2185
2186         val = obj_priv->gtt_offset;
2187         if (obj_priv->tiling_mode == I915_TILING_Y)
2188                 val |= 1 << I830_FENCE_TILING_Y_SHIFT;
2189         fence_size_bits = I830_FENCE_SIZE_BITS(obj->size);
2190         WARN_ON(fence_size_bits & ~0x00000f00);
2191         val |= fence_size_bits;
2192         val |= pitch_val << I830_FENCE_PITCH_SHIFT;
2193         val |= I830_FENCE_REG_VALID;
2194
2195         I915_WRITE(FENCE_REG_830_0 + (regnum * 4), val);
2196 }
2197
2198 /**
2199  * i915_gem_object_get_fence_reg - set up a fence reg for an object
2200  * @obj: object to map through a fence reg
2201  *
2202  * When mapping objects through the GTT, userspace wants to be able to write
2203  * to them without having to worry about swizzling if the object is tiled.
2204  *
2205  * This function walks the fence regs looking for a free one for @obj,
2206  * stealing one if it can't find any.
2207  *
2208  * It then sets up the reg based on the object's properties: address, pitch
2209  * and tiling format.
2210  */
2211 int
2212 i915_gem_object_get_fence_reg(struct drm_gem_object *obj)
2213 {
2214         struct drm_device *dev = obj->dev;
2215         struct drm_i915_private *dev_priv = dev->dev_private;
2216         struct drm_i915_gem_object *obj_priv = obj->driver_private;
2217         struct drm_i915_fence_reg *reg = NULL;
2218         struct drm_i915_gem_object *old_obj_priv = NULL;
2219         int i, ret, avail;
2220
2221         /* Just update our place in the LRU if our fence is getting used. */
2222         if (obj_priv->fence_reg != I915_FENCE_REG_NONE) {
2223                 list_move_tail(&obj_priv->fence_list, &dev_priv->mm.fence_list);
2224                 return 0;
2225         }
2226
2227         switch (obj_priv->tiling_mode) {
2228         case I915_TILING_NONE:
2229                 WARN(1, "allocating a fence for non-tiled object?\n");
2230                 break;
2231         case I915_TILING_X:
2232                 if (!obj_priv->stride)
2233                         return -EINVAL;
2234                 WARN((obj_priv->stride & (512 - 1)),
2235                      "object 0x%08x is X tiled but has non-512B pitch\n",
2236                      obj_priv->gtt_offset);
2237                 break;
2238         case I915_TILING_Y:
2239                 if (!obj_priv->stride)
2240                         return -EINVAL;
2241                 WARN((obj_priv->stride & (128 - 1)),
2242                      "object 0x%08x is Y tiled but has non-128B pitch\n",
2243                      obj_priv->gtt_offset);
2244                 break;
2245         }
2246
2247         /* First try to find a free reg */
2248         avail = 0;
2249         for (i = dev_priv->fence_reg_start; i < dev_priv->num_fence_regs; i++) {
2250                 reg = &dev_priv->fence_regs[i];
2251                 if (!reg->obj)
2252                         break;
2253
2254                 old_obj_priv = reg->obj->driver_private;
2255                 if (!old_obj_priv->pin_count)
2256                     avail++;
2257         }
2258
2259         /* None available, try to steal one or wait for a user to finish */
2260         if (i == dev_priv->num_fence_regs) {
2261                 struct drm_gem_object *old_obj = NULL;
2262
2263                 if (avail == 0)
2264                         return -ENOSPC;
2265
2266                 list_for_each_entry(old_obj_priv, &dev_priv->mm.fence_list,
2267                                     fence_list) {
2268                         old_obj = old_obj_priv->obj;
2269
2270                         if (old_obj_priv->pin_count)
2271                                 continue;
2272
2273                         /* Take a reference, as otherwise the wait_rendering
2274                          * below may cause the object to get freed out from
2275                          * under us.
2276                          */
2277                         drm_gem_object_reference(old_obj);
2278
2279                         /* i915 uses fences for GPU access to tiled buffers */
2280                         if (IS_I965G(dev) || !old_obj_priv->active)
2281                                 break;
2282
2283                         /* This brings the object to the head of the LRU if it
2284                          * had been written to.  The only way this should
2285                          * result in us waiting longer than the expected
2286                          * optimal amount of time is if there was a
2287                          * fence-using buffer later that was read-only.
2288                          */
2289                         i915_gem_object_flush_gpu_write_domain(old_obj);
2290                         ret = i915_gem_object_wait_rendering(old_obj);
2291                         if (ret != 0) {
2292                                 drm_gem_object_unreference(old_obj);
2293                                 return ret;
2294                         }
2295
2296                         break;
2297                 }
2298
2299                 /*
2300                  * Zap this virtual mapping so we can set up a fence again
2301                  * for this object next time we need it.
2302                  */
2303                 i915_gem_release_mmap(old_obj);
2304
2305                 i = old_obj_priv->fence_reg;
2306                 reg = &dev_priv->fence_regs[i];
2307
2308                 old_obj_priv->fence_reg = I915_FENCE_REG_NONE;
2309                 list_del_init(&old_obj_priv->fence_list);
2310
2311                 drm_gem_object_unreference(old_obj);
2312         }
2313
2314         obj_priv->fence_reg = i;
2315         list_add_tail(&obj_priv->fence_list, &dev_priv->mm.fence_list);
2316
2317         reg->obj = obj;
2318
2319         if (IS_I965G(dev))
2320                 i965_write_fence_reg(reg);
2321         else if (IS_I9XX(dev))
2322                 i915_write_fence_reg(reg);
2323         else
2324                 i830_write_fence_reg(reg);
2325
2326         return 0;
2327 }
2328
2329 /**
2330  * i915_gem_clear_fence_reg - clear out fence register info
2331  * @obj: object to clear
2332  *
2333  * Zeroes out the fence register itself and clears out the associated
2334  * data structures in dev_priv and obj_priv.
2335  */
2336 static void
2337 i915_gem_clear_fence_reg(struct drm_gem_object *obj)
2338 {
2339         struct drm_device *dev = obj->dev;
2340         drm_i915_private_t *dev_priv = dev->dev_private;
2341         struct drm_i915_gem_object *obj_priv = obj->driver_private;
2342
2343         if (IS_I965G(dev))
2344                 I915_WRITE64(FENCE_REG_965_0 + (obj_priv->fence_reg * 8), 0);
2345         else {
2346                 uint32_t fence_reg;
2347
2348                 if (obj_priv->fence_reg < 8)
2349                         fence_reg = FENCE_REG_830_0 + obj_priv->fence_reg * 4;
2350                 else
2351                         fence_reg = FENCE_REG_945_8 + (obj_priv->fence_reg -
2352                                                        8) * 4;
2353
2354                 I915_WRITE(fence_reg, 0);
2355         }
2356
2357         dev_priv->fence_regs[obj_priv->fence_reg].obj = NULL;
2358         obj_priv->fence_reg = I915_FENCE_REG_NONE;
2359         list_del_init(&obj_priv->fence_list);
2360 }
2361
2362 /**
2363  * i915_gem_object_put_fence_reg - waits on outstanding fenced access
2364  * to the buffer to finish, and then resets the fence register.
2365  * @obj: tiled object holding a fence register.
2366  *
2367  * Zeroes out the fence register itself and clears out the associated
2368  * data structures in dev_priv and obj_priv.
2369  */
2370 int
2371 i915_gem_object_put_fence_reg(struct drm_gem_object *obj)
2372 {
2373         struct drm_device *dev = obj->dev;
2374         struct drm_i915_gem_object *obj_priv = obj->driver_private;
2375
2376         if (obj_priv->fence_reg == I915_FENCE_REG_NONE)
2377                 return 0;
2378
2379         /* On the i915, GPU access to tiled buffers is via a fence,
2380          * therefore we must wait for any outstanding access to complete
2381          * before clearing the fence.
2382          */
2383         if (!IS_I965G(dev)) {
2384                 int ret;
2385
2386                 i915_gem_object_flush_gpu_write_domain(obj);
2387                 i915_gem_object_flush_gtt_write_domain(obj);
2388                 ret = i915_gem_object_wait_rendering(obj);
2389                 if (ret != 0)
2390                         return ret;
2391         }
2392
2393         i915_gem_clear_fence_reg (obj);
2394
2395         return 0;
2396 }
2397
2398 /**
2399  * Finds free space in the GTT aperture and binds the object there.
2400  */
2401 static int
2402 i915_gem_object_bind_to_gtt(struct drm_gem_object *obj, unsigned alignment)
2403 {
2404         struct drm_device *dev = obj->dev;
2405         drm_i915_private_t *dev_priv = dev->dev_private;
2406         struct drm_i915_gem_object *obj_priv = obj->driver_private;
2407         struct drm_mm_node *free_space;
2408         int page_count, ret;
2409
2410         if (dev_priv->mm.suspended)
2411                 return -EBUSY;
2412         if (alignment == 0)
2413                 alignment = i915_gem_get_gtt_alignment(obj);
2414         if (alignment & (i915_gem_get_gtt_alignment(obj) - 1)) {
2415                 DRM_ERROR("Invalid object alignment requested %u\n", alignment);
2416                 return -EINVAL;
2417         }
2418
2419  search_free:
2420         free_space = drm_mm_search_free(&dev_priv->mm.gtt_space,
2421                                         obj->size, alignment, 0);
2422         if (free_space != NULL) {
2423                 obj_priv->gtt_space = drm_mm_get_block(free_space, obj->size,
2424                                                        alignment);
2425                 if (obj_priv->gtt_space != NULL) {
2426                         obj_priv->gtt_space->private = obj;
2427                         obj_priv->gtt_offset = obj_priv->gtt_space->start;
2428                 }
2429         }
2430         if (obj_priv->gtt_space == NULL) {
2431                 bool lists_empty;
2432
2433                 /* If the gtt is empty and we're still having trouble
2434                  * fitting our object in, we're out of memory.
2435                  */
2436 #if WATCH_LRU
2437                 DRM_INFO("%s: GTT full, evicting something\n", __func__);
2438 #endif
2439                 spin_lock(&dev_priv->mm.active_list_lock);
2440                 lists_empty = (list_empty(&dev_priv->mm.inactive_list) &&
2441                                list_empty(&dev_priv->mm.flushing_list) &&
2442                                list_empty(&dev_priv->mm.active_list));
2443                 spin_unlock(&dev_priv->mm.active_list_lock);
2444                 if (lists_empty) {
2445                         DRM_ERROR("GTT full, but LRU list empty\n");
2446                         return -ENOSPC;
2447                 }
2448
2449                 ret = i915_gem_evict_something(dev);
2450                 if (ret != 0) {
2451                         if (ret != -ERESTARTSYS)
2452                                 DRM_ERROR("Failed to evict a buffer %d\n", ret);
2453                         return ret;
2454                 }
2455                 goto search_free;
2456         }
2457
2458 #if WATCH_BUF
2459         DRM_INFO("Binding object of size %zd at 0x%08x\n",
2460                  obj->size, obj_priv->gtt_offset);
2461 #endif
2462         ret = i915_gem_object_get_pages(obj);
2463         if (ret) {
2464                 drm_mm_put_block(obj_priv->gtt_space);
2465                 obj_priv->gtt_space = NULL;
2466                 return ret;
2467         }
2468
2469         page_count = obj->size / PAGE_SIZE;
2470         /* Create an AGP memory structure pointing at our pages, and bind it
2471          * into the GTT.
2472          */
2473         obj_priv->agp_mem = drm_agp_bind_pages(dev,
2474                                                obj_priv->pages,
2475                                                page_count,
2476                                                obj_priv->gtt_offset,
2477                                                obj_priv->agp_type);
2478         if (obj_priv->agp_mem == NULL) {
2479                 i915_gem_object_put_pages(obj);
2480                 drm_mm_put_block(obj_priv->gtt_space);
2481                 obj_priv->gtt_space = NULL;
2482                 return -ENOMEM;
2483         }
2484         atomic_inc(&dev->gtt_count);
2485         atomic_add(obj->size, &dev->gtt_memory);
2486
2487         /* Assert that the object is not currently in any GPU domain. As it
2488          * wasn't in the GTT, there shouldn't be any way it could have been in
2489          * a GPU cache
2490          */
2491         BUG_ON(obj->read_domains & I915_GEM_GPU_DOMAINS);
2492         BUG_ON(obj->write_domain & I915_GEM_GPU_DOMAINS);
2493
2494         return 0;
2495 }
2496
2497 void
2498 i915_gem_clflush_object(struct drm_gem_object *obj)
2499 {
2500         struct drm_i915_gem_object      *obj_priv = obj->driver_private;
2501
2502         /* If we don't have a page list set up, then we're not pinned
2503          * to GPU, and we can ignore the cache flush because it'll happen
2504          * again at bind time.
2505          */
2506         if (obj_priv->pages == NULL)
2507                 return;
2508
2509         /* XXX: The 865 in particular appears to be weird in how it handles
2510          * cache flushing.  We haven't figured it out, but the
2511          * clflush+agp_chipset_flush doesn't appear to successfully get the
2512          * data visible to the PGU, while wbinvd + agp_chipset_flush does.
2513          */
2514         if (IS_I865G(obj->dev)) {
2515                 wbinvd();
2516                 return;
2517         }
2518
2519         drm_clflush_pages(obj_priv->pages, obj->size / PAGE_SIZE);
2520 }
2521
2522 /** Flushes any GPU write domain for the object if it's dirty. */
2523 static void
2524 i915_gem_object_flush_gpu_write_domain(struct drm_gem_object *obj)
2525 {
2526         struct drm_device *dev = obj->dev;
2527         uint32_t seqno;
2528
2529         if ((obj->write_domain & I915_GEM_GPU_DOMAINS) == 0)
2530                 return;
2531
2532         /* Queue the GPU write cache flushing we need. */
2533         i915_gem_flush(dev, 0, obj->write_domain);
2534         seqno = i915_add_request(dev, NULL, obj->write_domain);
2535         obj->write_domain = 0;
2536         i915_gem_object_move_to_active(obj, seqno);
2537 }
2538
2539 /** Flushes the GTT write domain for the object if it's dirty. */
2540 static void
2541 i915_gem_object_flush_gtt_write_domain(struct drm_gem_object *obj)
2542 {
2543         if (obj->write_domain != I915_GEM_DOMAIN_GTT)
2544                 return;
2545
2546         /* No actual flushing is required for the GTT write domain.   Writes
2547          * to it immediately go to main memory as far as we know, so there's
2548          * no chipset flush.  It also doesn't land in render cache.
2549          */
2550         obj->write_domain = 0;
2551 }
2552
2553 /** Flushes the CPU write domain for the object if it's dirty. */
2554 static void
2555 i915_gem_object_flush_cpu_write_domain(struct drm_gem_object *obj)
2556 {
2557         struct drm_device *dev = obj->dev;
2558
2559         if (obj->write_domain != I915_GEM_DOMAIN_CPU)
2560                 return;
2561
2562         i915_gem_clflush_object(obj);
2563         drm_agp_chipset_flush(dev);
2564         obj->write_domain = 0;
2565 }
2566
2567 /**
2568  * Moves a single object to the GTT read, and possibly write domain.
2569  *
2570  * This function returns when the move is complete, including waiting on
2571  * flushes to occur.
2572  */
2573 int
2574 i915_gem_object_set_to_gtt_domain(struct drm_gem_object *obj, int write)
2575 {
2576         struct drm_i915_gem_object *obj_priv = obj->driver_private;
2577         int ret;
2578
2579         /* Not valid to be called on unbound objects. */
2580         if (obj_priv->gtt_space == NULL)
2581                 return -EINVAL;
2582
2583         i915_gem_object_flush_gpu_write_domain(obj);
2584         /* Wait on any GPU rendering and flushing to occur. */
2585         ret = i915_gem_object_wait_rendering(obj);
2586         if (ret != 0)
2587                 return ret;
2588
2589         /* If we're writing through the GTT domain, then CPU and GPU caches
2590          * will need to be invalidated at next use.
2591          */
2592         if (write)
2593                 obj->read_domains &= I915_GEM_DOMAIN_GTT;
2594
2595         i915_gem_object_flush_cpu_write_domain(obj);
2596
2597         /* It should now be out of any other write domains, and we can update
2598          * the domain values for our changes.
2599          */
2600         BUG_ON((obj->write_domain & ~I915_GEM_DOMAIN_GTT) != 0);
2601         obj->read_domains |= I915_GEM_DOMAIN_GTT;
2602         if (write) {
2603                 obj->write_domain = I915_GEM_DOMAIN_GTT;
2604                 obj_priv->dirty = 1;
2605         }
2606
2607         return 0;
2608 }
2609
2610 /**
2611  * Moves a single object to the CPU read, and possibly write domain.
2612  *
2613  * This function returns when the move is complete, including waiting on
2614  * flushes to occur.
2615  */
2616 static int
2617 i915_gem_object_set_to_cpu_domain(struct drm_gem_object *obj, int write)
2618 {
2619         int ret;
2620
2621         i915_gem_object_flush_gpu_write_domain(obj);
2622         /* Wait on any GPU rendering and flushing to occur. */
2623         ret = i915_gem_object_wait_rendering(obj);
2624         if (ret != 0)
2625                 return ret;
2626
2627         i915_gem_object_flush_gtt_write_domain(obj);
2628
2629         /* If we have a partially-valid cache of the object in the CPU,
2630          * finish invalidating it and free the per-page flags.
2631          */
2632         i915_gem_object_set_to_full_cpu_read_domain(obj);
2633
2634         /* Flush the CPU cache if it's still invalid. */
2635         if ((obj->read_domains & I915_GEM_DOMAIN_CPU) == 0) {
2636                 i915_gem_clflush_object(obj);
2637
2638                 obj->read_domains |= I915_GEM_DOMAIN_CPU;
2639         }
2640
2641         /* It should now be out of any other write domains, and we can update
2642          * the domain values for our changes.
2643          */
2644         BUG_ON((obj->write_domain & ~I915_GEM_DOMAIN_CPU) != 0);
2645
2646         /* If we're writing through the CPU, then the GPU read domains will
2647          * need to be invalidated at next use.
2648          */
2649         if (write) {
2650                 obj->read_domains &= I915_GEM_DOMAIN_CPU;
2651                 obj->write_domain = I915_GEM_DOMAIN_CPU;
2652         }
2653
2654         return 0;
2655 }
2656
2657 /*
2658  * Set the next domain for the specified object. This
2659  * may not actually perform the necessary flushing/invaliding though,
2660  * as that may want to be batched with other set_domain operations
2661  *
2662  * This is (we hope) the only really tricky part of gem. The goal
2663  * is fairly simple -- track which caches hold bits of the object
2664  * and make sure they remain coherent. A few concrete examples may
2665  * help to explain how it works. For shorthand, we use the notation
2666  * (read_domains, write_domain), e.g. (CPU, CPU) to indicate the
2667  * a pair of read and write domain masks.
2668  *
2669  * Case 1: the batch buffer
2670  *
2671  *      1. Allocated
2672  *      2. Written by CPU
2673  *      3. Mapped to GTT
2674  *      4. Read by GPU
2675  *      5. Unmapped from GTT
2676  *      6. Freed
2677  *
2678  *      Let's take these a step at a time
2679  *
2680  *      1. Allocated
2681  *              Pages allocated from the kernel may still have
2682  *              cache contents, so we set them to (CPU, CPU) always.
2683  *      2. Written by CPU (using pwrite)
2684  *              The pwrite function calls set_domain (CPU, CPU) and
2685  *              this function does nothing (as nothing changes)
2686  *      3. Mapped by GTT
2687  *              This function asserts that the object is not
2688  *              currently in any GPU-based read or write domains
2689  *      4. Read by GPU
2690  *              i915_gem_execbuffer calls set_domain (COMMAND, 0).
2691  *              As write_domain is zero, this function adds in the
2692  *              current read domains (CPU+COMMAND, 0).
2693  *              flush_domains is set to CPU.
2694  *              invalidate_domains is set to COMMAND
2695  *              clflush is run to get data out of the CPU caches
2696  *              then i915_dev_set_domain calls i915_gem_flush to
2697  *              emit an MI_FLUSH and drm_agp_chipset_flush
2698  *      5. Unmapped from GTT
2699  *              i915_gem_object_unbind calls set_domain (CPU, CPU)
2700  *              flush_domains and invalidate_domains end up both zero
2701  *              so no flushing/invalidating happens
2702  *      6. Freed
2703  *              yay, done
2704  *
2705  * Case 2: The shared render buffer
2706  *
2707  *      1. Allocated
2708  *      2. Mapped to GTT
2709  *      3. Read/written by GPU
2710  *      4. set_domain to (CPU,CPU)
2711  *      5. Read/written by CPU
2712  *      6. Read/written by GPU
2713  *
2714  *      1. Allocated
2715  *              Same as last example, (CPU, CPU)
2716  *      2. Mapped to GTT
2717  *              Nothing changes (assertions find that it is not in the GPU)
2718  *      3. Read/written by GPU
2719  *              execbuffer calls set_domain (RENDER, RENDER)
2720  *              flush_domains gets CPU
2721  *              invalidate_domains gets GPU
2722  *              clflush (obj)
2723  *              MI_FLUSH and drm_agp_chipset_flush
2724  *      4. set_domain (CPU, CPU)
2725  *              flush_domains gets GPU
2726  *              invalidate_domains gets CPU
2727  *              wait_rendering (obj) to make sure all drawing is complete.
2728  *              This will include an MI_FLUSH to get the data from GPU
2729  *              to memory
2730  *              clflush (obj) to invalidate the CPU cache
2731  *              Another MI_FLUSH in i915_gem_flush (eliminate this somehow?)
2732  *      5. Read/written by CPU
2733  *              cache lines are loaded and dirtied
2734  *      6. Read written by GPU
2735  *              Same as last GPU access
2736  *
2737  * Case 3: The constant buffer
2738  *
2739  *      1. Allocated
2740  *      2. Written by CPU
2741  *      3. Read by GPU
2742  *      4. Updated (written) by CPU again
2743  *      5. Read by GPU
2744  *
2745  *      1. Allocated
2746  *              (CPU, CPU)
2747  *      2. Written by CPU
2748  *              (CPU, CPU)
2749  *      3. Read by GPU
2750  *              (CPU+RENDER, 0)
2751  *              flush_domains = CPU
2752  *              invalidate_domains = RENDER
2753  *              clflush (obj)
2754  *              MI_FLUSH
2755  *              drm_agp_chipset_flush
2756  *      4. Updated (written) by CPU again
2757  *              (CPU, CPU)
2758  *              flush_domains = 0 (no previous write domain)
2759  *              invalidate_domains = 0 (no new read domains)
2760  *      5. Read by GPU
2761  *              (CPU+RENDER, 0)
2762  *              flush_domains = CPU
2763  *              invalidate_domains = RENDER
2764  *              clflush (obj)
2765  *              MI_FLUSH
2766  *              drm_agp_chipset_flush
2767  */
2768 static void
2769 i915_gem_object_set_to_gpu_domain(struct drm_gem_object *obj)
2770 {
2771         struct drm_device               *dev = obj->dev;
2772         struct drm_i915_gem_object      *obj_priv = obj->driver_private;
2773         uint32_t                        invalidate_domains = 0;
2774         uint32_t                        flush_domains = 0;
2775
2776         BUG_ON(obj->pending_read_domains & I915_GEM_DOMAIN_CPU);
2777         BUG_ON(obj->pending_write_domain == I915_GEM_DOMAIN_CPU);
2778
2779 #if WATCH_BUF
2780         DRM_INFO("%s: object %p read %08x -> %08x write %08x -> %08x\n",
2781                  __func__, obj,
2782                  obj->read_domains, obj->pending_read_domains,
2783                  obj->write_domain, obj->pending_write_domain);
2784 #endif
2785         /*
2786          * If the object isn't moving to a new write domain,
2787          * let the object stay in multiple read domains
2788          */
2789         if (obj->pending_write_domain == 0)
2790                 obj->pending_read_domains |= obj->read_domains;
2791         else
2792                 obj_priv->dirty = 1;
2793
2794         /*
2795          * Flush the current write domain if
2796          * the new read domains don't match. Invalidate
2797          * any read domains which differ from the old
2798          * write domain
2799          */
2800         if (obj->write_domain &&
2801             obj->write_domain != obj->pending_read_domains) {
2802                 flush_domains |= obj->write_domain;
2803                 invalidate_domains |=
2804                         obj->pending_read_domains & ~obj->write_domain;
2805         }
2806         /*
2807          * Invalidate any read caches which may have
2808          * stale data. That is, any new read domains.
2809          */
2810         invalidate_domains |= obj->pending_read_domains & ~obj->read_domains;
2811         if ((flush_domains | invalidate_domains) & I915_GEM_DOMAIN_CPU) {
2812 #if WATCH_BUF
2813                 DRM_INFO("%s: CPU domain flush %08x invalidate %08x\n",
2814                          __func__, flush_domains, invalidate_domains);
2815 #endif
2816                 i915_gem_clflush_object(obj);
2817         }
2818
2819         /* The actual obj->write_domain will be updated with
2820          * pending_write_domain after we emit the accumulated flush for all
2821          * of our domain changes in execbuffers (which clears objects'
2822          * write_domains).  So if we have a current write domain that we
2823          * aren't changing, set pending_write_domain to that.
2824          */
2825         if (flush_domains == 0 && obj->pending_write_domain == 0)
2826                 obj->pending_write_domain = obj->write_domain;
2827         obj->read_domains = obj->pending_read_domains;
2828
2829         dev->invalidate_domains |= invalidate_domains;
2830         dev->flush_domains |= flush_domains;
2831 #if WATCH_BUF
2832         DRM_INFO("%s: read %08x write %08x invalidate %08x flush %08x\n",
2833                  __func__,
2834                  obj->read_domains, obj->write_domain,
2835                  dev->invalidate_domains, dev->flush_domains);
2836 #endif
2837 }
2838
2839 /**
2840  * Moves the object from a partially CPU read to a full one.
2841  *
2842  * Note that this only resolves i915_gem_object_set_cpu_read_domain_range(),
2843  * and doesn't handle transitioning from !(read_domains & I915_GEM_DOMAIN_CPU).
2844  */
2845 static void
2846 i915_gem_object_set_to_full_cpu_read_domain(struct drm_gem_object *obj)
2847 {
2848         struct drm_i915_gem_object *obj_priv = obj->driver_private;
2849
2850         if (!obj_priv->page_cpu_valid)
2851                 return;
2852
2853         /* If we're partially in the CPU read domain, finish moving it in.
2854          */
2855         if (obj->read_domains & I915_GEM_DOMAIN_CPU) {
2856                 int i;
2857
2858                 for (i = 0; i <= (obj->size - 1) / PAGE_SIZE; i++) {
2859                         if (obj_priv->page_cpu_valid[i])
2860                                 continue;
2861                         drm_clflush_pages(obj_priv->pages + i, 1);
2862                 }
2863         }
2864
2865         /* Free the page_cpu_valid mappings which are now stale, whether
2866          * or not we've got I915_GEM_DOMAIN_CPU.
2867          */
2868         kfree(obj_priv->page_cpu_valid);
2869         obj_priv->page_cpu_valid = NULL;
2870 }
2871
2872 /**
2873  * Set the CPU read domain on a range of the object.
2874  *
2875  * The object ends up with I915_GEM_DOMAIN_CPU in its read flags although it's
2876  * not entirely valid.  The page_cpu_valid member of the object flags which
2877  * pages have been flushed, and will be respected by
2878  * i915_gem_object_set_to_cpu_domain() if it's called on to get a valid mapping
2879  * of the whole object.
2880  *
2881  * This function returns when the move is complete, including waiting on
2882  * flushes to occur.
2883  */
2884 static int
2885 i915_gem_object_set_cpu_read_domain_range(struct drm_gem_object *obj,
2886                                           uint64_t offset, uint64_t size)
2887 {
2888         struct drm_i915_gem_object *obj_priv = obj->driver_private;
2889         int i, ret;
2890
2891         if (offset == 0 && size == obj->size)
2892                 return i915_gem_object_set_to_cpu_domain(obj, 0);
2893
2894         i915_gem_object_flush_gpu_write_domain(obj);
2895         /* Wait on any GPU rendering and flushing to occur. */
2896         ret = i915_gem_object_wait_rendering(obj);
2897         if (ret != 0)
2898                 return ret;
2899         i915_gem_object_flush_gtt_write_domain(obj);
2900
2901         /* If we're already fully in the CPU read domain, we're done. */
2902         if (obj_priv->page_cpu_valid == NULL &&
2903             (obj->read_domains & I915_GEM_DOMAIN_CPU) != 0)
2904                 return 0;
2905
2906         /* Otherwise, create/clear the per-page CPU read domain flag if we're
2907          * newly adding I915_GEM_DOMAIN_CPU
2908          */
2909         if (obj_priv->page_cpu_valid == NULL) {
2910                 obj_priv->page_cpu_valid = kzalloc(obj->size / PAGE_SIZE,
2911                                                    GFP_KERNEL);
2912                 if (obj_priv->page_cpu_valid == NULL)
2913                         return -ENOMEM;
2914         } else if ((obj->read_domains & I915_GEM_DOMAIN_CPU) == 0)
2915                 memset(obj_priv->page_cpu_valid, 0, obj->size / PAGE_SIZE);
2916
2917         /* Flush the cache on any pages that are still invalid from the CPU's
2918          * perspective.
2919          */
2920         for (i = offset / PAGE_SIZE; i <= (offset + size - 1) / PAGE_SIZE;
2921              i++) {
2922                 if (obj_priv->page_cpu_valid[i])
2923                         continue;
2924
2925                 drm_clflush_pages(obj_priv->pages + i, 1);
2926
2927                 obj_priv->page_cpu_valid[i] = 1;
2928         }
2929
2930         /* It should now be out of any other write domains, and we can update
2931          * the domain values for our changes.
2932          */
2933         BUG_ON((obj->write_domain & ~I915_GEM_DOMAIN_CPU) != 0);
2934
2935         obj->read_domains |= I915_GEM_DOMAIN_CPU;
2936
2937         return 0;
2938 }
2939
2940 /**
2941  * Pin an object to the GTT and evaluate the relocations landing in it.
2942  */
2943 static int
2944 i915_gem_object_pin_and_relocate(struct drm_gem_object *obj,
2945                                  struct drm_file *file_priv,
2946                                  struct drm_i915_gem_exec_object *entry,
2947                                  struct drm_i915_gem_relocation_entry *relocs)
2948 {
2949         struct drm_device *dev = obj->dev;
2950         drm_i915_private_t *dev_priv = dev->dev_private;
2951         struct drm_i915_gem_object *obj_priv = obj->driver_private;
2952         int i, ret;
2953         void __iomem *reloc_page;
2954
2955         /* Choose the GTT offset for our buffer and put it there. */
2956         ret = i915_gem_object_pin(obj, (uint32_t) entry->alignment);
2957         if (ret)
2958                 return ret;
2959
2960         entry->offset = obj_priv->gtt_offset;
2961
2962         /* Apply the relocations, using the GTT aperture to avoid cache
2963          * flushing requirements.
2964          */
2965         for (i = 0; i < entry->relocation_count; i++) {
2966                 struct drm_i915_gem_relocation_entry *reloc= &relocs[i];
2967                 struct drm_gem_object *target_obj;
2968                 struct drm_i915_gem_object *target_obj_priv;
2969                 uint32_t reloc_val, reloc_offset;
2970                 uint32_t __iomem *reloc_entry;
2971
2972                 target_obj = drm_gem_object_lookup(obj->dev, file_priv,
2973                                                    reloc->target_handle);
2974                 if (target_obj == NULL) {
2975                         i915_gem_object_unpin(obj);
2976                         return -EBADF;
2977                 }
2978                 target_obj_priv = target_obj->driver_private;
2979
2980                 /* The target buffer should have appeared before us in the
2981                  * exec_object list, so it should have a GTT space bound by now.
2982                  */
2983                 if (target_obj_priv->gtt_space == NULL) {
2984                         DRM_ERROR("No GTT space found for object %d\n",
2985                                   reloc->target_handle);
2986                         drm_gem_object_unreference(target_obj);
2987                         i915_gem_object_unpin(obj);
2988                         return -EINVAL;
2989                 }
2990
2991                 if (reloc->offset > obj->size - 4) {
2992                         DRM_ERROR("Relocation beyond object bounds: "
2993                                   "obj %p target %d offset %d size %d.\n",
2994                                   obj, reloc->target_handle,
2995                                   (int) reloc->offset, (int) obj->size);
2996                         drm_gem_object_unreference(target_obj);
2997                         i915_gem_object_unpin(obj);
2998                         return -EINVAL;
2999                 }
3000                 if (reloc->offset & 3) {
3001                         DRM_ERROR("Relocation not 4-byte aligned: "
3002                                   "obj %p target %d offset %d.\n",
3003                                   obj, reloc->target_handle,
3004                                   (int) reloc->offset);
3005                         drm_gem_object_unreference(target_obj);
3006                         i915_gem_object_unpin(obj);
3007                         return -EINVAL;
3008                 }
3009
3010                 if (reloc->write_domain & I915_GEM_DOMAIN_CPU ||
3011                     reloc->read_domains & I915_GEM_DOMAIN_CPU) {
3012                         DRM_ERROR("reloc with read/write CPU domains: "
3013                                   "obj %p target %d offset %d "
3014                                   "read %08x write %08x",
3015                                   obj, reloc->target_handle,
3016                                   (int) reloc->offset,
3017                                   reloc->read_domains,
3018                                   reloc->write_domain);
3019                         drm_gem_object_unreference(target_obj);
3020                         i915_gem_object_unpin(obj);
3021                         return -EINVAL;
3022                 }
3023
3024                 if (reloc->write_domain && target_obj->pending_write_domain &&
3025                     reloc->write_domain != target_obj->pending_write_domain) {
3026                         DRM_ERROR("Write domain conflict: "
3027                                   "obj %p target %d offset %d "
3028                                   "new %08x old %08x\n",
3029                                   obj, reloc->target_handle,
3030                                   (int) reloc->offset,
3031                                   reloc->write_domain,
3032                                   target_obj->pending_write_domain);
3033                         drm_gem_object_unreference(target_obj);
3034                         i915_gem_object_unpin(obj);
3035                         return -EINVAL;
3036                 }
3037
3038 #if WATCH_RELOC
3039                 DRM_INFO("%s: obj %p offset %08x target %d "
3040                          "read %08x write %08x gtt %08x "
3041                          "presumed %08x delta %08x\n",
3042                          __func__,
3043                          obj,
3044                          (int) reloc->offset,
3045                          (int) reloc->target_handle,
3046                          (int) reloc->read_domains,
3047                          (int) reloc->write_domain,
3048                          (int) target_obj_priv->gtt_offset,
3049                          (int) reloc->presumed_offset,
3050                          reloc->delta);
3051 #endif
3052
3053                 target_obj->pending_read_domains |= reloc->read_domains;
3054                 target_obj->pending_write_domain |= reloc->write_domain;
3055
3056                 /* If the relocation already has the right value in it, no
3057                  * more work needs to be done.
3058                  */
3059                 if (target_obj_priv->gtt_offset == reloc->presumed_offset) {
3060                         drm_gem_object_unreference(target_obj);
3061                         continue;
3062                 }
3063
3064                 ret = i915_gem_object_set_to_gtt_domain(obj, 1);
3065                 if (ret != 0) {
3066                         drm_gem_object_unreference(target_obj);
3067                         i915_gem_object_unpin(obj);
3068                         return -EINVAL;
3069                 }
3070
3071                 /* Map the page containing the relocation we're going to
3072                  * perform.
3073                  */
3074                 reloc_offset = obj_priv->gtt_offset + reloc->offset;
3075                 reloc_page = io_mapping_map_atomic_wc(dev_priv->mm.gtt_mapping,
3076                                                       (reloc_offset &
3077                                                        ~(PAGE_SIZE - 1)));
3078                 reloc_entry = (uint32_t __iomem *)(reloc_page +
3079                                                    (reloc_offset & (PAGE_SIZE - 1)));
3080                 reloc_val = target_obj_priv->gtt_offset + reloc->delta;
3081
3082 #if WATCH_BUF
3083                 DRM_INFO("Applied relocation: %p@0x%08x %08x -> %08x\n",
3084                           obj, (unsigned int) reloc->offset,
3085                           readl(reloc_entry), reloc_val);
3086 #endif
3087                 writel(reloc_val, reloc_entry);
3088                 io_mapping_unmap_atomic(reloc_page);
3089
3090                 /* The updated presumed offset for this entry will be
3091                  * copied back out to the user.
3092                  */
3093                 reloc->presumed_offset = target_obj_priv->gtt_offset;
3094
3095                 drm_gem_object_unreference(target_obj);
3096         }
3097
3098 #if WATCH_BUF
3099         if (0)
3100                 i915_gem_dump_object(obj, 128, __func__, ~0);
3101 #endif
3102         return 0;
3103 }
3104
3105 /** Dispatch a batchbuffer to the ring
3106  */
3107 static int
3108 i915_dispatch_gem_execbuffer(struct drm_device *dev,
3109                               struct drm_i915_gem_execbuffer *exec,
3110                               struct drm_clip_rect *cliprects,
3111                               uint64_t exec_offset)
3112 {
3113         drm_i915_private_t *dev_priv = dev->dev_private;
3114         int nbox = exec->num_cliprects;
3115         int i = 0, count;
3116         uint32_t exec_start, exec_len;
3117         RING_LOCALS;
3118
3119         exec_start = (uint32_t) exec_offset + exec->batch_start_offset;
3120         exec_len = (uint32_t) exec->batch_len;
3121
3122         count = nbox ? nbox : 1;
3123
3124         for (i = 0; i < count; i++) {
3125                 if (i < nbox) {
3126                         int ret = i915_emit_box(dev, cliprects, i,
3127                                                 exec->DR1, exec->DR4);
3128                         if (ret)
3129                                 return ret;
3130                 }
3131
3132                 if (IS_I830(dev) || IS_845G(dev)) {
3133                         BEGIN_LP_RING(4);
3134                         OUT_RING(MI_BATCH_BUFFER);
3135                         OUT_RING(exec_start | MI_BATCH_NON_SECURE);
3136                         OUT_RING(exec_start + exec_len - 4);
3137                         OUT_RING(0);
3138                         ADVANCE_LP_RING();
3139                 } else {
3140                         BEGIN_LP_RING(2);
3141                         if (IS_I965G(dev)) {
3142                                 OUT_RING(MI_BATCH_BUFFER_START |
3143                                          (2 << 6) |
3144                                          MI_BATCH_NON_SECURE_I965);
3145                                 OUT_RING(exec_start);
3146                         } else {
3147                                 OUT_RING(MI_BATCH_BUFFER_START |
3148                                          (2 << 6));
3149                                 OUT_RING(exec_start | MI_BATCH_NON_SECURE);
3150                         }
3151                         ADVANCE_LP_RING();
3152                 }
3153         }
3154
3155         /* XXX breadcrumb */
3156         return 0;
3157 }
3158
3159 /* Throttle our rendering by waiting until the ring has completed our requests
3160  * emitted over 20 msec ago.
3161  *
3162  * Note that if we were to use the current jiffies each time around the loop,
3163  * we wouldn't escape the function with any frames outstanding if the time to
3164  * render a frame was over 20ms.
3165  *
3166  * This should get us reasonable parallelism between CPU and GPU but also
3167  * relatively low latency when blocking on a particular request to finish.
3168  */
3169 static int
3170 i915_gem_ring_throttle(struct drm_device *dev, struct drm_file *file_priv)
3171 {
3172         struct drm_i915_file_private *i915_file_priv = file_priv->driver_priv;
3173         int ret = 0;
3174         unsigned long recent_enough = jiffies - msecs_to_jiffies(20);
3175
3176         mutex_lock(&dev->struct_mutex);
3177         while (!list_empty(&i915_file_priv->mm.request_list)) {
3178                 struct drm_i915_gem_request *request;
3179
3180                 request = list_first_entry(&i915_file_priv->mm.request_list,
3181                                            struct drm_i915_gem_request,
3182                                            client_list);
3183
3184                 if (time_after_eq(request->emitted_jiffies, recent_enough))
3185                         break;
3186
3187                 ret = i915_wait_request(dev, request->seqno);
3188                 if (ret != 0)
3189                         break;
3190         }
3191         mutex_unlock(&dev->struct_mutex);
3192
3193         return ret;
3194 }
3195
3196 static int
3197 i915_gem_get_relocs_from_user(struct drm_i915_gem_exec_object *exec_list,
3198                               uint32_t buffer_count,
3199                               struct drm_i915_gem_relocation_entry **relocs)
3200 {
3201         uint32_t reloc_count = 0, reloc_index = 0, i;
3202         int ret;
3203
3204         *relocs = NULL;
3205         for (i = 0; i < buffer_count; i++) {
3206                 if (reloc_count + exec_list[i].relocation_count < reloc_count)
3207                         return -EINVAL;
3208                 reloc_count += exec_list[i].relocation_count;
3209         }
3210
3211         *relocs = drm_calloc_large(reloc_count, sizeof(**relocs));
3212         if (*relocs == NULL)
3213                 return -ENOMEM;
3214
3215         for (i = 0; i < buffer_count; i++) {
3216                 struct drm_i915_gem_relocation_entry __user *user_relocs;
3217
3218                 user_relocs = (void __user *)(uintptr_t)exec_list[i].relocs_ptr;
3219
3220                 ret = copy_from_user(&(*relocs)[reloc_index],
3221                                      user_relocs,
3222                                      exec_list[i].relocation_count *
3223                                      sizeof(**relocs));
3224                 if (ret != 0) {
3225                         drm_free_large(*relocs);
3226                         *relocs = NULL;
3227                         return -EFAULT;
3228                 }
3229
3230                 reloc_index += exec_list[i].relocation_count;
3231         }
3232
3233         return 0;
3234 }
3235
3236 static int
3237 i915_gem_put_relocs_to_user(struct drm_i915_gem_exec_object *exec_list,
3238                             uint32_t buffer_count,
3239                             struct drm_i915_gem_relocation_entry *relocs)
3240 {
3241         uint32_t reloc_count = 0, i;
3242         int ret = 0;
3243
3244         for (i = 0; i < buffer_count; i++) {
3245                 struct drm_i915_gem_relocation_entry __user *user_relocs;
3246                 int unwritten;
3247
3248                 user_relocs = (void __user *)(uintptr_t)exec_list[i].relocs_ptr;
3249
3250                 unwritten = copy_to_user(user_relocs,
3251                                          &relocs[reloc_count],
3252                                          exec_list[i].relocation_count *
3253                                          sizeof(*relocs));
3254
3255                 if (unwritten) {
3256                         ret = -EFAULT;
3257                         goto err;
3258                 }
3259
3260                 reloc_count += exec_list[i].relocation_count;
3261         }
3262
3263 err:
3264         drm_free_large(relocs);
3265
3266         return ret;
3267 }
3268
3269 static int
3270 i915_gem_check_execbuffer (struct drm_i915_gem_execbuffer *exec,
3271                            uint64_t exec_offset)
3272 {
3273         uint32_t exec_start, exec_len;
3274
3275         exec_start = (uint32_t) exec_offset + exec->batch_start_offset;
3276         exec_len = (uint32_t) exec->batch_len;
3277
3278         if ((exec_start | exec_len) & 0x7)
3279                 return -EINVAL;
3280
3281         if (!exec_start)
3282                 return -EINVAL;
3283
3284         return 0;
3285 }
3286
3287 int
3288 i915_gem_execbuffer(struct drm_device *dev, void *data,
3289                     struct drm_file *file_priv)
3290 {
3291         drm_i915_private_t *dev_priv = dev->dev_private;
3292         struct drm_i915_gem_execbuffer *args = data;
3293         struct drm_i915_gem_exec_object *exec_list = NULL;
3294         struct drm_gem_object **object_list = NULL;
3295         struct drm_gem_object *batch_obj;
3296         struct drm_i915_gem_object *obj_priv;
3297         struct drm_clip_rect *cliprects = NULL;
3298         struct drm_i915_gem_relocation_entry *relocs;
3299         int ret, ret2, i, pinned = 0;
3300         uint64_t exec_offset;
3301         uint32_t seqno, flush_domains, reloc_index;
3302         int pin_tries;
3303
3304 #if WATCH_EXEC
3305         DRM_INFO("buffers_ptr %d buffer_count %d len %08x\n",
3306                   (int) args->buffers_ptr, args->buffer_count, args->batch_len);
3307 #endif
3308
3309         if (args->buffer_count < 1) {
3310                 DRM_ERROR("execbuf with %d buffers\n", args->buffer_count);
3311                 return -EINVAL;
3312         }
3313         /* Copy in the exec list from userland */
3314         exec_list = drm_calloc_large(sizeof(*exec_list), args->buffer_count);
3315         object_list = drm_calloc_large(sizeof(*object_list), args->buffer_count);
3316         if (exec_list == NULL || object_list == NULL) {
3317                 DRM_ERROR("Failed to allocate exec or object list "
3318                           "for %d buffers\n",
3319                           args->buffer_count);
3320                 ret = -ENOMEM;
3321                 goto pre_mutex_err;
3322         }
3323         ret = copy_from_user(exec_list,
3324                              (struct drm_i915_relocation_entry __user *)
3325                              (uintptr_t) args->buffers_ptr,
3326                              sizeof(*exec_list) * args->buffer_count);
3327         if (ret != 0) {
3328                 DRM_ERROR("copy %d exec entries failed %d\n",
3329                           args->buffer_count, ret);
3330                 goto pre_mutex_err;
3331         }
3332
3333         if (args->num_cliprects != 0) {
3334                 cliprects = kcalloc(args->num_cliprects, sizeof(*cliprects),
3335                                     GFP_KERNEL);
3336                 if (cliprects == NULL)
3337                         goto pre_mutex_err;
3338
3339                 ret = copy_from_user(cliprects,
3340                                      (struct drm_clip_rect __user *)
3341                                      (uintptr_t) args->cliprects_ptr,
3342                                      sizeof(*cliprects) * args->num_cliprects);
3343                 if (ret != 0) {
3344                         DRM_ERROR("copy %d cliprects failed: %d\n",
3345                                   args->num_cliprects, ret);
3346                         goto pre_mutex_err;
3347                 }
3348         }
3349
3350         ret = i915_gem_get_relocs_from_user(exec_list, args->buffer_count,
3351                                             &relocs);
3352         if (ret != 0)
3353                 goto pre_mutex_err;
3354
3355         mutex_lock(&dev->struct_mutex);
3356
3357         i915_verify_inactive(dev, __FILE__, __LINE__);
3358
3359         if (dev_priv->mm.wedged) {
3360                 DRM_ERROR("Execbuf while wedged\n");
3361                 mutex_unlock(&dev->struct_mutex);
3362                 ret = -EIO;
3363                 goto pre_mutex_err;
3364         }
3365
3366         if (dev_priv->mm.suspended) {
3367                 DRM_ERROR("Execbuf while VT-switched.\n");
3368                 mutex_unlock(&dev->struct_mutex);
3369                 ret = -EBUSY;
3370                 goto pre_mutex_err;
3371         }
3372
3373         /* Look up object handles */
3374         for (i = 0; i < args->buffer_count; i++) {
3375                 object_list[i] = drm_gem_object_lookup(dev, file_priv,
3376                                                        exec_list[i].handle);
3377                 if (object_list[i] == NULL) {
3378                         DRM_ERROR("Invalid object handle %d at index %d\n",
3379                                    exec_list[i].handle, i);
3380                         ret = -EBADF;
3381                         goto err;
3382                 }
3383
3384                 obj_priv = object_list[i]->driver_private;
3385                 if (obj_priv->in_execbuffer) {
3386                         DRM_ERROR("Object %p appears more than once in object list\n",
3387                                    object_list[i]);
3388                         ret = -EBADF;
3389                         goto err;
3390                 }
3391                 obj_priv->in_execbuffer = true;
3392         }
3393
3394         /* Pin and relocate */
3395         for (pin_tries = 0; ; pin_tries++) {
3396                 ret = 0;
3397                 reloc_index = 0;
3398
3399                 for (i = 0; i < args->buffer_count; i++) {
3400                         object_list[i]->pending_read_domains = 0;
3401                         object_list[i]->pending_write_domain = 0;
3402                         ret = i915_gem_object_pin_and_relocate(object_list[i],
3403                                                                file_priv,
3404                                                                &exec_list[i],
3405                                                                &relocs[reloc_index]);
3406                         if (ret)
3407                                 break;
3408                         pinned = i + 1;
3409                         reloc_index += exec_list[i].relocation_count;
3410                 }
3411                 /* success */
3412                 if (ret == 0)
3413                         break;
3414
3415                 /* error other than GTT full, or we've already tried again */
3416                 if (ret != -ENOSPC || pin_tries >= 1) {
3417                         if (ret != -ERESTARTSYS)
3418                                 DRM_ERROR("Failed to pin buffers %d\n", ret);
3419                         goto err;
3420                 }
3421
3422                 /* unpin all of our buffers */
3423                 for (i = 0; i < pinned; i++)
3424                         i915_gem_object_unpin(object_list[i]);
3425                 pinned = 0;
3426
3427                 /* evict everyone we can from the aperture */
3428                 ret = i915_gem_evict_everything(dev);
3429                 if (ret)
3430                         goto err;
3431         }
3432
3433         /* Set the pending read domains for the batch buffer to COMMAND */
3434         batch_obj = object_list[args->buffer_count-1];
3435         if (batch_obj->pending_write_domain) {
3436                 DRM_ERROR("Attempting to use self-modifying batch buffer\n");
3437                 ret = -EINVAL;
3438                 goto err;
3439         }
3440         batch_obj->pending_read_domains |= I915_GEM_DOMAIN_COMMAND;
3441
3442         /* Sanity check the batch buffer, prior to moving objects */
3443         exec_offset = exec_list[args->buffer_count - 1].offset;
3444         ret = i915_gem_check_execbuffer (args, exec_offset);
3445         if (ret != 0) {
3446                 DRM_ERROR("execbuf with invalid offset/length\n");
3447                 goto err;
3448         }
3449
3450         i915_verify_inactive(dev, __FILE__, __LINE__);
3451
3452         /* Zero the global flush/invalidate flags. These
3453          * will be modified as new domains are computed
3454          * for each object
3455          */
3456         dev->invalidate_domains = 0;
3457         dev->flush_domains = 0;
3458
3459         for (i = 0; i < args->buffer_count; i++) {
3460                 struct drm_gem_object *obj = object_list[i];
3461
3462                 /* Compute new gpu domains and update invalidate/flush */
3463                 i915_gem_object_set_to_gpu_domain(obj);
3464         }
3465
3466         i915_verify_inactive(dev, __FILE__, __LINE__);
3467
3468         if (dev->invalidate_domains | dev->flush_domains) {
3469 #if WATCH_EXEC
3470                 DRM_INFO("%s: invalidate_domains %08x flush_domains %08x\n",
3471                           __func__,
3472                          dev->invalidate_domains,
3473                          dev->flush_domains);
3474 #endif
3475                 i915_gem_flush(dev,
3476                                dev->invalidate_domains,
3477                                dev->flush_domains);
3478                 if (dev->flush_domains)
3479                         (void)i915_add_request(dev, file_priv,
3480                                                dev->flush_domains);
3481         }
3482
3483         for (i = 0; i < args->buffer_count; i++) {
3484                 struct drm_gem_object *obj = object_list[i];
3485
3486                 obj->write_domain = obj->pending_write_domain;
3487         }
3488
3489         i915_verify_inactive(dev, __FILE__, __LINE__);
3490
3491 #if WATCH_COHERENCY
3492         for (i = 0; i < args->buffer_count; i++) {
3493                 i915_gem_object_check_coherency(object_list[i],
3494                                                 exec_list[i].handle);
3495         }
3496 #endif
3497
3498 #if WATCH_EXEC
3499         i915_gem_dump_object(batch_obj,
3500                               args->batch_len,
3501                               __func__,
3502                               ~0);
3503 #endif
3504
3505         /* Exec the batchbuffer */
3506         ret = i915_dispatch_gem_execbuffer(dev, args, cliprects, exec_offset);
3507         if (ret) {
3508                 DRM_ERROR("dispatch failed %d\n", ret);
3509                 goto err;
3510         }
3511
3512         /*
3513          * Ensure that the commands in the batch buffer are
3514          * finished before the interrupt fires
3515          */
3516         flush_domains = i915_retire_commands(dev);
3517
3518         i915_verify_inactive(dev, __FILE__, __LINE__);
3519
3520         /*
3521          * Get a seqno representing the execution of the current buffer,
3522          * which we can wait on.  We would like to mitigate these interrupts,
3523          * likely by only creating seqnos occasionally (so that we have
3524          * *some* interrupts representing completion of buffers that we can
3525          * wait on when trying to clear up gtt space).
3526          */
3527         seqno = i915_add_request(dev, file_priv, flush_domains);
3528         BUG_ON(seqno == 0);
3529         for (i = 0; i < args->buffer_count; i++) {
3530                 struct drm_gem_object *obj = object_list[i];
3531
3532                 i915_gem_object_move_to_active(obj, seqno);
3533 #if WATCH_LRU
3534                 DRM_INFO("%s: move to exec list %p\n", __func__, obj);
3535 #endif
3536         }
3537 #if WATCH_LRU
3538         i915_dump_lru(dev, __func__);
3539 #endif
3540
3541         i915_verify_inactive(dev, __FILE__, __LINE__);
3542
3543 err:
3544         for (i = 0; i < pinned; i++)
3545                 i915_gem_object_unpin(object_list[i]);
3546
3547         for (i = 0; i < args->buffer_count; i++) {
3548                 if (object_list[i]) {
3549                         obj_priv = object_list[i]->driver_private;
3550                         obj_priv->in_execbuffer = false;
3551                 }
3552                 drm_gem_object_unreference(object_list[i]);
3553         }
3554
3555         mutex_unlock(&dev->struct_mutex);
3556
3557         if (!ret) {
3558                 /* Copy the new buffer offsets back to the user's exec list. */
3559                 ret = copy_to_user((struct drm_i915_relocation_entry __user *)
3560                                    (uintptr_t) args->buffers_ptr,
3561                                    exec_list,
3562                                    sizeof(*exec_list) * args->buffer_count);
3563                 if (ret) {
3564                         ret = -EFAULT;
3565                         DRM_ERROR("failed to copy %d exec entries "
3566                                   "back to user (%d)\n",
3567                                   args->buffer_count, ret);
3568                 }
3569         }
3570
3571         /* Copy the updated relocations out regardless of current error
3572          * state.  Failure to update the relocs would mean that the next
3573          * time userland calls execbuf, it would do so with presumed offset
3574          * state that didn't match the actual object state.
3575          */
3576         ret2 = i915_gem_put_relocs_to_user(exec_list, args->buffer_count,
3577                                            relocs);
3578         if (ret2 != 0) {
3579                 DRM_ERROR("Failed to copy relocations back out: %d\n", ret2);
3580
3581                 if (ret == 0)
3582                         ret = ret2;
3583         }
3584
3585 pre_mutex_err:
3586         drm_free_large(object_list);
3587         drm_free_large(exec_list);
3588         kfree(cliprects);
3589
3590         return ret;
3591 }
3592
3593 int
3594 i915_gem_object_pin(struct drm_gem_object *obj, uint32_t alignment)
3595 {
3596         struct drm_device *dev = obj->dev;
3597         struct drm_i915_gem_object *obj_priv = obj->driver_private;
3598         int ret;
3599
3600         i915_verify_inactive(dev, __FILE__, __LINE__);
3601         if (obj_priv->gtt_space == NULL) {
3602                 ret = i915_gem_object_bind_to_gtt(obj, alignment);
3603                 if (ret != 0) {
3604                         if (ret != -EBUSY && ret != -ERESTARTSYS)
3605                                 DRM_ERROR("Failure to bind: %d\n", ret);
3606                         return ret;
3607                 }
3608         }
3609         /*
3610          * Pre-965 chips need a fence register set up in order to
3611          * properly handle tiled surfaces.
3612          */
3613         if (!IS_I965G(dev) && obj_priv->tiling_mode != I915_TILING_NONE) {
3614                 ret = i915_gem_object_get_fence_reg(obj);
3615                 if (ret != 0) {
3616                         if (ret != -EBUSY && ret != -ERESTARTSYS)
3617                                 DRM_ERROR("Failure to install fence: %d\n",
3618                                           ret);
3619                         return ret;
3620                 }
3621         }
3622         obj_priv->pin_count++;
3623
3624         /* If the object is not active and not pending a flush,
3625          * remove it from the inactive list
3626          */
3627         if (obj_priv->pin_count == 1) {
3628                 atomic_inc(&dev->pin_count);
3629                 atomic_add(obj->size, &dev->pin_memory);
3630                 if (!obj_priv->active &&
3631                     (obj->write_domain & I915_GEM_GPU_DOMAINS) == 0 &&
3632                     !list_empty(&obj_priv->list))
3633                         list_del_init(&obj_priv->list);
3634         }
3635         i915_verify_inactive(dev, __FILE__, __LINE__);
3636
3637         return 0;
3638 }
3639
3640 void
3641 i915_gem_object_unpin(struct drm_gem_object *obj)
3642 {
3643         struct drm_device *dev = obj->dev;
3644         drm_i915_private_t *dev_priv = dev->dev_private;
3645         struct drm_i915_gem_object *obj_priv = obj->driver_private;
3646
3647         i915_verify_inactive(dev, __FILE__, __LINE__);
3648         obj_priv->pin_count--;
3649         BUG_ON(obj_priv->pin_count < 0);
3650         BUG_ON(obj_priv->gtt_space == NULL);
3651
3652         /* If the object is no longer pinned, and is
3653          * neither active nor being flushed, then stick it on
3654          * the inactive list
3655          */
3656         if (obj_priv->pin_count == 0) {
3657                 if (!obj_priv->active &&
3658                     (obj->write_domain & I915_GEM_GPU_DOMAINS) == 0)
3659                         list_move_tail(&obj_priv->list,
3660                                        &dev_priv->mm.inactive_list);
3661                 atomic_dec(&dev->pin_count);
3662                 atomic_sub(obj->size, &dev->pin_memory);
3663         }
3664         i915_verify_inactive(dev, __FILE__, __LINE__);
3665 }
3666
3667 int
3668 i915_gem_pin_ioctl(struct drm_device *dev, void *data,
3669                    struct drm_file *file_priv)
3670 {
3671         struct drm_i915_gem_pin *args = data;
3672         struct drm_gem_object *obj;
3673         struct drm_i915_gem_object *obj_priv;
3674         int ret;
3675
3676         mutex_lock(&dev->struct_mutex);
3677
3678         obj = drm_gem_object_lookup(dev, file_priv, args->handle);
3679         if (obj == NULL) {
3680                 DRM_ERROR("Bad handle in i915_gem_pin_ioctl(): %d\n",
3681                           args->handle);
3682                 mutex_unlock(&dev->struct_mutex);
3683                 return -EBADF;
3684         }
3685         obj_priv = obj->driver_private;
3686
3687         if (obj_priv->pin_filp != NULL && obj_priv->pin_filp != file_priv) {
3688                 DRM_ERROR("Already pinned in i915_gem_pin_ioctl(): %d\n",
3689                           args->handle);
3690                 drm_gem_object_unreference(obj);
3691                 mutex_unlock(&dev->struct_mutex);
3692                 return -EINVAL;
3693         }
3694
3695         obj_priv->user_pin_count++;
3696         obj_priv->pin_filp = file_priv;
3697         if (obj_priv->user_pin_count == 1) {
3698                 ret = i915_gem_object_pin(obj, args->alignment);
3699                 if (ret != 0) {
3700                         drm_gem_object_unreference(obj);
3701                         mutex_unlock(&dev->struct_mutex);
3702                         return ret;
3703                 }
3704         }
3705
3706         /* XXX - flush the CPU caches for pinned objects
3707          * as the X server doesn't manage domains yet
3708          */
3709         i915_gem_object_flush_cpu_write_domain(obj);
3710         args->offset = obj_priv->gtt_offset;
3711         drm_gem_object_unreference(obj);
3712         mutex_unlock(&dev->struct_mutex);
3713
3714         return 0;
3715 }
3716
3717 int
3718 i915_gem_unpin_ioctl(struct drm_device *dev, void *data,
3719                      struct drm_file *file_priv)
3720 {
3721         struct drm_i915_gem_pin *args = data;
3722         struct drm_gem_object *obj;
3723         struct drm_i915_gem_object *obj_priv;
3724
3725         mutex_lock(&dev->struct_mutex);
3726
3727         obj = drm_gem_object_lookup(dev, file_priv, args->handle);
3728         if (obj == NULL) {
3729                 DRM_ERROR("Bad handle in i915_gem_unpin_ioctl(): %d\n",
3730                           args->handle);
3731                 mutex_unlock(&dev->struct_mutex);
3732                 return -EBADF;
3733         }
3734
3735         obj_priv = obj->driver_private;
3736         if (obj_priv->pin_filp != file_priv) {
3737                 DRM_ERROR("Not pinned by caller in i915_gem_pin_ioctl(): %d\n",
3738                           args->handle);
3739                 drm_gem_object_unreference(obj);
3740                 mutex_unlock(&dev->struct_mutex);
3741                 return -EINVAL;
3742         }
3743         obj_priv->user_pin_count--;
3744         if (obj_priv->user_pin_count == 0) {
3745                 obj_priv->pin_filp = NULL;
3746                 i915_gem_object_unpin(obj);
3747         }
3748
3749         drm_gem_object_unreference(obj);
3750         mutex_unlock(&dev->struct_mutex);
3751         return 0;
3752 }
3753
3754 int
3755 i915_gem_busy_ioctl(struct drm_device *dev, void *data,
3756                     struct drm_file *file_priv)
3757 {
3758         struct drm_i915_gem_busy *args = data;
3759         struct drm_gem_object *obj;
3760         struct drm_i915_gem_object *obj_priv;
3761
3762         obj = drm_gem_object_lookup(dev, file_priv, args->handle);
3763         if (obj == NULL) {
3764                 DRM_ERROR("Bad handle in i915_gem_busy_ioctl(): %d\n",
3765                           args->handle);
3766                 return -EBADF;
3767         }
3768
3769         mutex_lock(&dev->struct_mutex);
3770         /* Update the active list for the hardware's current position.
3771          * Otherwise this only updates on a delayed timer or when irqs are
3772          * actually unmasked, and our working set ends up being larger than
3773          * required.
3774          */
3775         i915_gem_retire_requests(dev);
3776
3777         obj_priv = obj->driver_private;
3778         /* Don't count being on the flushing list against the object being
3779          * done.  Otherwise, a buffer left on the flushing list but not getting
3780          * flushed (because nobody's flushing that domain) won't ever return
3781          * unbusy and get reused by libdrm's bo cache.  The other expected
3782          * consumer of this interface, OpenGL's occlusion queries, also specs
3783          * that the objects get unbusy "eventually" without any interference.
3784          */
3785         args->busy = obj_priv->active && obj_priv->last_rendering_seqno != 0;
3786
3787         drm_gem_object_unreference(obj);
3788         mutex_unlock(&dev->struct_mutex);
3789         return 0;
3790 }
3791
3792 int
3793 i915_gem_throttle_ioctl(struct drm_device *dev, void *data,
3794                         struct drm_file *file_priv)
3795 {
3796     return i915_gem_ring_throttle(dev, file_priv);
3797 }
3798
3799 int i915_gem_init_object(struct drm_gem_object *obj)
3800 {
3801         struct drm_i915_gem_object *obj_priv;
3802
3803         obj_priv = kzalloc(sizeof(*obj_priv), GFP_KERNEL);
3804         if (obj_priv == NULL)
3805                 return -ENOMEM;
3806
3807         /*
3808          * We've just allocated pages from the kernel,
3809          * so they've just been written by the CPU with
3810          * zeros. They'll need to be clflushed before we
3811          * use them with the GPU.
3812          */
3813         obj->write_domain = I915_GEM_DOMAIN_CPU;
3814         obj->read_domains = I915_GEM_DOMAIN_CPU;
3815
3816         obj_priv->agp_type = AGP_USER_MEMORY;
3817
3818         obj->driver_private = obj_priv;
3819         obj_priv->obj = obj;
3820         obj_priv->fence_reg = I915_FENCE_REG_NONE;
3821         INIT_LIST_HEAD(&obj_priv->list);
3822         INIT_LIST_HEAD(&obj_priv->fence_list);
3823
3824         return 0;
3825 }
3826
3827 void i915_gem_free_object(struct drm_gem_object *obj)
3828 {
3829         struct drm_device *dev = obj->dev;
3830         struct drm_i915_gem_object *obj_priv = obj->driver_private;
3831
3832         while (obj_priv->pin_count > 0)
3833                 i915_gem_object_unpin(obj);
3834
3835         if (obj_priv->phys_obj)
3836                 i915_gem_detach_phys_object(dev, obj);
3837
3838         i915_gem_object_unbind(obj);
3839
3840         i915_gem_free_mmap_offset(obj);
3841
3842         kfree(obj_priv->page_cpu_valid);
3843         kfree(obj_priv->bit_17);
3844         kfree(obj->driver_private);
3845 }
3846
3847 /** Unbinds all objects that are on the given buffer list. */
3848 static int
3849 i915_gem_evict_from_list(struct drm_device *dev, struct list_head *head)
3850 {
3851         struct drm_gem_object *obj;
3852         struct drm_i915_gem_object *obj_priv;
3853         int ret;
3854
3855         while (!list_empty(head)) {
3856                 obj_priv = list_first_entry(head,
3857                                             struct drm_i915_gem_object,
3858                                             list);
3859                 obj = obj_priv->obj;
3860
3861                 if (obj_priv->pin_count != 0) {
3862                         DRM_ERROR("Pinned object in unbind list\n");
3863                         mutex_unlock(&dev->struct_mutex);
3864                         return -EINVAL;
3865                 }
3866
3867                 ret = i915_gem_object_unbind(obj);
3868                 if (ret != 0) {
3869                         DRM_ERROR("Error unbinding object in LeaveVT: %d\n",
3870                                   ret);
3871                         mutex_unlock(&dev->struct_mutex);
3872                         return ret;
3873                 }
3874         }
3875
3876
3877         return 0;
3878 }
3879
3880 int
3881 i915_gem_idle(struct drm_device *dev)
3882 {
3883         drm_i915_private_t *dev_priv = dev->dev_private;
3884         uint32_t seqno, cur_seqno, last_seqno;
3885         int stuck, ret;
3886
3887         mutex_lock(&dev->struct_mutex);
3888
3889         if (dev_priv->mm.suspended || dev_priv->ring.ring_obj == NULL) {
3890                 mutex_unlock(&dev->struct_mutex);
3891                 return 0;
3892         }
3893
3894         /* Hack!  Don't let anybody do execbuf while we don't control the chip.
3895          * We need to replace this with a semaphore, or something.
3896          */
3897         dev_priv->mm.suspended = 1;
3898
3899         /* Cancel the retire work handler, wait for it to finish if running
3900          */
3901         mutex_unlock(&dev->struct_mutex);
3902         cancel_delayed_work_sync(&dev_priv->mm.retire_work);
3903         mutex_lock(&dev->struct_mutex);
3904
3905         i915_kernel_lost_context(dev);
3906
3907         /* Flush the GPU along with all non-CPU write domains
3908          */
3909         i915_gem_flush(dev, I915_GEM_GPU_DOMAINS, I915_GEM_GPU_DOMAINS);
3910         seqno = i915_add_request(dev, NULL, I915_GEM_GPU_DOMAINS);
3911
3912         if (seqno == 0) {
3913                 mutex_unlock(&dev->struct_mutex);
3914                 return -ENOMEM;
3915         }
3916
3917         dev_priv->mm.waiting_gem_seqno = seqno;
3918         last_seqno = 0;
3919         stuck = 0;
3920         for (;;) {
3921                 cur_seqno = i915_get_gem_seqno(dev);
3922                 if (i915_seqno_passed(cur_seqno, seqno))
3923                         break;
3924                 if (last_seqno == cur_seqno) {
3925                         if (stuck++ > 100) {
3926                                 DRM_ERROR("hardware wedged\n");
3927                                 dev_priv->mm.wedged = 1;
3928                                 DRM_WAKEUP(&dev_priv->irq_queue);
3929                                 break;
3930                         }
3931                 }
3932                 msleep(10);
3933                 last_seqno = cur_seqno;
3934         }
3935         dev_priv->mm.waiting_gem_seqno = 0;
3936
3937         i915_gem_retire_requests(dev);
3938
3939         spin_lock(&dev_priv->mm.active_list_lock);
3940         if (!dev_priv->mm.wedged) {
3941                 /* Active and flushing should now be empty as we've
3942                  * waited for a sequence higher than any pending execbuffer
3943                  */
3944                 WARN_ON(!list_empty(&dev_priv->mm.active_list));
3945                 WARN_ON(!list_empty(&dev_priv->mm.flushing_list));
3946                 /* Request should now be empty as we've also waited
3947                  * for the last request in the list
3948                  */
3949                 WARN_ON(!list_empty(&dev_priv->mm.request_list));
3950         }
3951
3952         /* Empty the active and flushing lists to inactive.  If there's
3953          * anything left at this point, it means that we're wedged and
3954          * nothing good's going to happen by leaving them there.  So strip
3955          * the GPU domains and just stuff them onto inactive.
3956          */
3957         while (!list_empty(&dev_priv->mm.active_list)) {
3958                 struct drm_i915_gem_object *obj_priv;
3959
3960                 obj_priv = list_first_entry(&dev_priv->mm.active_list,
3961                                             struct drm_i915_gem_object,
3962                                             list);
3963                 obj_priv->obj->write_domain &= ~I915_GEM_GPU_DOMAINS;
3964                 i915_gem_object_move_to_inactive(obj_priv->obj);
3965         }
3966         spin_unlock(&dev_priv->mm.active_list_lock);
3967
3968         while (!list_empty(&dev_priv->mm.flushing_list)) {
3969                 struct drm_i915_gem_object *obj_priv;
3970
3971                 obj_priv = list_first_entry(&dev_priv->mm.flushing_list,
3972                                             struct drm_i915_gem_object,
3973                                             list);
3974                 obj_priv->obj->write_domain &= ~I915_GEM_GPU_DOMAINS;
3975                 i915_gem_object_move_to_inactive(obj_priv->obj);
3976         }
3977
3978
3979         /* Move all inactive buffers out of the GTT. */
3980         ret = i915_gem_evict_from_list(dev, &dev_priv->mm.inactive_list);
3981         WARN_ON(!list_empty(&dev_priv->mm.inactive_list));
3982         if (ret) {
3983                 mutex_unlock(&dev->struct_mutex);
3984                 return ret;
3985         }
3986
3987         i915_gem_cleanup_ringbuffer(dev);
3988         mutex_unlock(&dev->struct_mutex);
3989
3990         return 0;
3991 }
3992
3993 static int
3994 i915_gem_init_hws(struct drm_device *dev)
3995 {
3996         drm_i915_private_t *dev_priv = dev->dev_private;
3997         struct drm_gem_object *obj;
3998         struct drm_i915_gem_object *obj_priv;
3999         int ret;
4000
4001         /* If we need a physical address for the status page, it's already
4002          * initialized at driver load time.
4003          */
4004         if (!I915_NEED_GFX_HWS(dev))
4005                 return 0;
4006
4007         obj = drm_gem_object_alloc(dev, 4096);
4008         if (obj == NULL) {
4009                 DRM_ERROR("Failed to allocate status page\n");
4010                 return -ENOMEM;
4011         }
4012         obj_priv = obj->driver_private;
4013         obj_priv->agp_type = AGP_USER_CACHED_MEMORY;
4014
4015         ret = i915_gem_object_pin(obj, 4096);
4016         if (ret != 0) {
4017                 drm_gem_object_unreference(obj);
4018                 return ret;
4019         }
4020
4021         dev_priv->status_gfx_addr = obj_priv->gtt_offset;
4022
4023         dev_priv->hw_status_page = kmap(obj_priv->pages[0]);
4024         if (dev_priv->hw_status_page == NULL) {
4025                 DRM_ERROR("Failed to map status page.\n");
4026                 memset(&dev_priv->hws_map, 0, sizeof(dev_priv->hws_map));
4027                 i915_gem_object_unpin(obj);
4028                 drm_gem_object_unreference(obj);
4029                 return -EINVAL;
4030         }
4031         dev_priv->hws_obj = obj;
4032         memset(dev_priv->hw_status_page, 0, PAGE_SIZE);
4033         I915_WRITE(HWS_PGA, dev_priv->status_gfx_addr);
4034         I915_READ(HWS_PGA); /* posting read */
4035         DRM_DEBUG("hws offset: 0x%08x\n", dev_priv->status_gfx_addr);
4036
4037         return 0;
4038 }
4039
4040 static void
4041 i915_gem_cleanup_hws(struct drm_device *dev)
4042 {
4043         drm_i915_private_t *dev_priv = dev->dev_private;
4044         struct drm_gem_object *obj;
4045         struct drm_i915_gem_object *obj_priv;
4046
4047         if (dev_priv->hws_obj == NULL)
4048                 return;
4049
4050         obj = dev_priv->hws_obj;
4051         obj_priv = obj->driver_private;
4052
4053         kunmap(obj_priv->pages[0]);
4054         i915_gem_object_unpin(obj);
4055         drm_gem_object_unreference(obj);
4056         dev_priv->hws_obj = NULL;
4057
4058         memset(&dev_priv->hws_map, 0, sizeof(dev_priv->hws_map));
4059         dev_priv->hw_status_page = NULL;
4060
4061         /* Write high address into HWS_PGA when disabling. */
4062         I915_WRITE(HWS_PGA, 0x1ffff000);
4063 }
4064
4065 int
4066 i915_gem_init_ringbuffer(struct drm_device *dev)
4067 {
4068         drm_i915_private_t *dev_priv = dev->dev_private;
4069         struct drm_gem_object *obj;
4070         struct drm_i915_gem_object *obj_priv;
4071         drm_i915_ring_buffer_t *ring = &dev_priv->ring;
4072         int ret;
4073         u32 head;
4074
4075         ret = i915_gem_init_hws(dev);
4076         if (ret != 0)
4077                 return ret;
4078
4079         obj = drm_gem_object_alloc(dev, 128 * 1024);
4080         if (obj == NULL) {
4081                 DRM_ERROR("Failed to allocate ringbuffer\n");
4082                 i915_gem_cleanup_hws(dev);
4083                 return -ENOMEM;
4084         }
4085         obj_priv = obj->driver_private;
4086
4087         ret = i915_gem_object_pin(obj, 4096);
4088         if (ret != 0) {
4089                 drm_gem_object_unreference(obj);
4090                 i915_gem_cleanup_hws(dev);
4091                 return ret;
4092         }
4093
4094         /* Set up the kernel mapping for the ring. */
4095         ring->Size = obj->size;
4096         ring->tail_mask = obj->size - 1;
4097
4098         ring->map.offset = dev->agp->base + obj_priv->gtt_offset;
4099         ring->map.size = obj->size;
4100         ring->map.type = 0;
4101         ring->map.flags = 0;
4102         ring->map.mtrr = 0;
4103
4104         drm_core_ioremap_wc(&ring->map, dev);
4105         if (ring->map.handle == NULL) {
4106                 DRM_ERROR("Failed to map ringbuffer.\n");
4107                 memset(&dev_priv->ring, 0, sizeof(dev_priv->ring));
4108                 i915_gem_object_unpin(obj);
4109                 drm_gem_object_unreference(obj);
4110                 i915_gem_cleanup_hws(dev);
4111                 return -EINVAL;
4112         }
4113         ring->ring_obj = obj;
4114         ring->virtual_start = ring->map.handle;
4115
4116         /* Stop the ring if it's running. */
4117         I915_WRITE(PRB0_CTL, 0);
4118         I915_WRITE(PRB0_TAIL, 0);
4119         I915_WRITE(PRB0_HEAD, 0);
4120
4121         /* Initialize the ring. */
4122         I915_WRITE(PRB0_START, obj_priv->gtt_offset);
4123         head = I915_READ(PRB0_HEAD) & HEAD_ADDR;
4124
4125         /* G45 ring initialization fails to reset head to zero */
4126         if (head != 0) {
4127                 DRM_ERROR("Ring head not reset to zero "
4128                           "ctl %08x head %08x tail %08x start %08x\n",
4129                           I915_READ(PRB0_CTL),
4130                           I915_READ(PRB0_HEAD),
4131                           I915_READ(PRB0_TAIL),
4132                           I915_READ(PRB0_START));
4133                 I915_WRITE(PRB0_HEAD, 0);
4134
4135                 DRM_ERROR("Ring head forced to zero "
4136                           "ctl %08x head %08x tail %08x start %08x\n",
4137                           I915_READ(PRB0_CTL),
4138                           I915_READ(PRB0_HEAD),
4139                           I915_READ(PRB0_TAIL),
4140                           I915_READ(PRB0_START));
4141         }
4142
4143         I915_WRITE(PRB0_CTL,
4144                    ((obj->size - 4096) & RING_NR_PAGES) |
4145                    RING_NO_REPORT |
4146                    RING_VALID);
4147
4148         head = I915_READ(PRB0_HEAD) & HEAD_ADDR;
4149
4150         /* If the head is still not zero, the ring is dead */
4151         if (head != 0) {
4152                 DRM_ERROR("Ring initialization failed "
4153                           "ctl %08x head %08x tail %08x start %08x\n",
4154                           I915_READ(PRB0_CTL),
4155                           I915_READ(PRB0_HEAD),
4156                           I915_READ(PRB0_TAIL),
4157                           I915_READ(PRB0_START));
4158                 return -EIO;
4159         }
4160
4161         /* Update our cache of the ring state */
4162         if (!drm_core_check_feature(dev, DRIVER_MODESET))
4163                 i915_kernel_lost_context(dev);
4164         else {
4165                 ring->head = I915_READ(PRB0_HEAD) & HEAD_ADDR;
4166                 ring->tail = I915_READ(PRB0_TAIL) & TAIL_ADDR;
4167                 ring->space = ring->head - (ring->tail + 8);
4168                 if (ring->space < 0)
4169                         ring->space += ring->Size;
4170         }
4171
4172         return 0;
4173 }
4174
4175 void
4176 i915_gem_cleanup_ringbuffer(struct drm_device *dev)
4177 {
4178         drm_i915_private_t *dev_priv = dev->dev_private;
4179
4180         if (dev_priv->ring.ring_obj == NULL)
4181                 return;
4182
4183         drm_core_ioremapfree(&dev_priv->ring.map, dev);
4184
4185         i915_gem_object_unpin(dev_priv->ring.ring_obj);
4186         drm_gem_object_unreference(dev_priv->ring.ring_obj);
4187         dev_priv->ring.ring_obj = NULL;
4188         memset(&dev_priv->ring, 0, sizeof(dev_priv->ring));
4189
4190         i915_gem_cleanup_hws(dev);
4191 }
4192
4193 int
4194 i915_gem_entervt_ioctl(struct drm_device *dev, void *data,
4195                        struct drm_file *file_priv)
4196 {
4197         drm_i915_private_t *dev_priv = dev->dev_private;
4198         int ret;
4199
4200         if (drm_core_check_feature(dev, DRIVER_MODESET))
4201                 return 0;
4202
4203         if (dev_priv->mm.wedged) {
4204                 DRM_ERROR("Reenabling wedged hardware, good luck\n");
4205                 dev_priv->mm.wedged = 0;
4206         }
4207
4208         mutex_lock(&dev->struct_mutex);
4209         dev_priv->mm.suspended = 0;
4210
4211         ret = i915_gem_init_ringbuffer(dev);
4212         if (ret != 0) {
4213                 mutex_unlock(&dev->struct_mutex);
4214                 return ret;
4215         }
4216
4217         spin_lock(&dev_priv->mm.active_list_lock);
4218         BUG_ON(!list_empty(&dev_priv->mm.active_list));
4219         spin_unlock(&dev_priv->mm.active_list_lock);
4220
4221         BUG_ON(!list_empty(&dev_priv->mm.flushing_list));
4222         BUG_ON(!list_empty(&dev_priv->mm.inactive_list));
4223         BUG_ON(!list_empty(&dev_priv->mm.request_list));
4224         mutex_unlock(&dev->struct_mutex);
4225
4226         drm_irq_install(dev);
4227
4228         return 0;
4229 }
4230
4231 int
4232 i915_gem_leavevt_ioctl(struct drm_device *dev, void *data,
4233                        struct drm_file *file_priv)
4234 {
4235         int ret;
4236
4237         if (drm_core_check_feature(dev, DRIVER_MODESET))
4238                 return 0;
4239
4240         ret = i915_gem_idle(dev);
4241         drm_irq_uninstall(dev);
4242
4243         return ret;
4244 }
4245
4246 void
4247 i915_gem_lastclose(struct drm_device *dev)
4248 {
4249         int ret;
4250
4251         if (drm_core_check_feature(dev, DRIVER_MODESET))
4252                 return;
4253
4254         ret = i915_gem_idle(dev);
4255         if (ret)
4256                 DRM_ERROR("failed to idle hardware: %d\n", ret);
4257 }
4258
4259 void
4260 i915_gem_load(struct drm_device *dev)
4261 {
4262         int i;
4263         drm_i915_private_t *dev_priv = dev->dev_private;
4264
4265         spin_lock_init(&dev_priv->mm.active_list_lock);
4266         INIT_LIST_HEAD(&dev_priv->mm.active_list);
4267         INIT_LIST_HEAD(&dev_priv->mm.flushing_list);
4268         INIT_LIST_HEAD(&dev_priv->mm.inactive_list);
4269         INIT_LIST_HEAD(&dev_priv->mm.request_list);
4270         INIT_LIST_HEAD(&dev_priv->mm.fence_list);
4271         INIT_DELAYED_WORK(&dev_priv->mm.retire_work,
4272                           i915_gem_retire_work_handler);
4273         dev_priv->mm.next_gem_seqno = 1;
4274
4275         /* Old X drivers will take 0-2 for front, back, depth buffers */
4276         dev_priv->fence_reg_start = 3;
4277
4278         if (IS_I965G(dev) || IS_I945G(dev) || IS_I945GM(dev) || IS_G33(dev))
4279                 dev_priv->num_fence_regs = 16;
4280         else
4281                 dev_priv->num_fence_regs = 8;
4282
4283         /* Initialize fence registers to zero */
4284         if (IS_I965G(dev)) {
4285                 for (i = 0; i < 16; i++)
4286                         I915_WRITE64(FENCE_REG_965_0 + (i * 8), 0);
4287         } else {
4288                 for (i = 0; i < 8; i++)
4289                         I915_WRITE(FENCE_REG_830_0 + (i * 4), 0);
4290                 if (IS_I945G(dev) || IS_I945GM(dev) || IS_G33(dev))
4291                         for (i = 0; i < 8; i++)
4292                                 I915_WRITE(FENCE_REG_945_8 + (i * 4), 0);
4293         }
4294
4295         i915_gem_detect_bit_6_swizzle(dev);
4296 }
4297
4298 /*
4299  * Create a physically contiguous memory object for this object
4300  * e.g. for cursor + overlay regs
4301  */
4302 int i915_gem_init_phys_object(struct drm_device *dev,
4303                               int id, int size)
4304 {
4305         drm_i915_private_t *dev_priv = dev->dev_private;
4306         struct drm_i915_gem_phys_object *phys_obj;
4307         int ret;
4308
4309         if (dev_priv->mm.phys_objs[id - 1] || !size)
4310                 return 0;
4311
4312         phys_obj = kzalloc(sizeof(struct drm_i915_gem_phys_object), GFP_KERNEL);
4313         if (!phys_obj)
4314                 return -ENOMEM;
4315
4316         phys_obj->id = id;
4317
4318         phys_obj->handle = drm_pci_alloc(dev, size, 0, 0xffffffff);
4319         if (!phys_obj->handle) {
4320                 ret = -ENOMEM;
4321                 goto kfree_obj;
4322         }
4323 #ifdef CONFIG_X86
4324         set_memory_wc((unsigned long)phys_obj->handle->vaddr, phys_obj->handle->size / PAGE_SIZE);
4325 #endif
4326
4327         dev_priv->mm.phys_objs[id - 1] = phys_obj;
4328
4329         return 0;
4330 kfree_obj:
4331         kfree(phys_obj);
4332         return ret;
4333 }
4334
4335 void i915_gem_free_phys_object(struct drm_device *dev, int id)
4336 {
4337         drm_i915_private_t *dev_priv = dev->dev_private;
4338         struct drm_i915_gem_phys_object *phys_obj;
4339
4340         if (!dev_priv->mm.phys_objs[id - 1])
4341                 return;
4342
4343         phys_obj = dev_priv->mm.phys_objs[id - 1];
4344         if (phys_obj->cur_obj) {
4345                 i915_gem_detach_phys_object(dev, phys_obj->cur_obj);
4346         }
4347
4348 #ifdef CONFIG_X86
4349         set_memory_wb((unsigned long)phys_obj->handle->vaddr, phys_obj->handle->size / PAGE_SIZE);
4350 #endif
4351         drm_pci_free(dev, phys_obj->handle);
4352         kfree(phys_obj);
4353         dev_priv->mm.phys_objs[id - 1] = NULL;
4354 }
4355
4356 void i915_gem_free_all_phys_object(struct drm_device *dev)
4357 {
4358         int i;
4359
4360         for (i = I915_GEM_PHYS_CURSOR_0; i <= I915_MAX_PHYS_OBJECT; i++)
4361                 i915_gem_free_phys_object(dev, i);
4362 }
4363
4364 void i915_gem_detach_phys_object(struct drm_device *dev,
4365                                  struct drm_gem_object *obj)
4366 {
4367         struct drm_i915_gem_object *obj_priv;
4368         int i;
4369         int ret;
4370         int page_count;
4371
4372         obj_priv = obj->driver_private;
4373         if (!obj_priv->phys_obj)
4374                 return;
4375
4376         ret = i915_gem_object_get_pages(obj);
4377         if (ret)
4378                 goto out;
4379
4380         page_count = obj->size / PAGE_SIZE;
4381
4382         for (i = 0; i < page_count; i++) {
4383                 char *dst = kmap_atomic(obj_priv->pages[i], KM_USER0);
4384                 char *src = obj_priv->phys_obj->handle->vaddr + (i * PAGE_SIZE);
4385
4386                 memcpy(dst, src, PAGE_SIZE);
4387                 kunmap_atomic(dst, KM_USER0);
4388         }
4389         drm_clflush_pages(obj_priv->pages, page_count);
4390         drm_agp_chipset_flush(dev);
4391
4392         i915_gem_object_put_pages(obj);
4393 out:
4394         obj_priv->phys_obj->cur_obj = NULL;
4395         obj_priv->phys_obj = NULL;
4396 }
4397
4398 int
4399 i915_gem_attach_phys_object(struct drm_device *dev,
4400                             struct drm_gem_object *obj, int id)
4401 {
4402         drm_i915_private_t *dev_priv = dev->dev_private;
4403         struct drm_i915_gem_object *obj_priv;
4404         int ret = 0;
4405         int page_count;
4406         int i;
4407
4408         if (id > I915_MAX_PHYS_OBJECT)
4409                 return -EINVAL;
4410
4411         obj_priv = obj->driver_private;
4412
4413         if (obj_priv->phys_obj) {
4414                 if (obj_priv->phys_obj->id == id)
4415                         return 0;
4416                 i915_gem_detach_phys_object(dev, obj);
4417         }
4418
4419
4420         /* create a new object */
4421         if (!dev_priv->mm.phys_objs[id - 1]) {
4422                 ret = i915_gem_init_phys_object(dev, id,
4423                                                 obj->size);
4424                 if (ret) {
4425                         DRM_ERROR("failed to init phys object %d size: %zu\n", id, obj->size);
4426                         goto out;
4427                 }
4428         }
4429
4430         /* bind to the object */
4431         obj_priv->phys_obj = dev_priv->mm.phys_objs[id - 1];
4432         obj_priv->phys_obj->cur_obj = obj;
4433
4434         ret = i915_gem_object_get_pages(obj);
4435         if (ret) {
4436                 DRM_ERROR("failed to get page list\n");
4437                 goto out;
4438         }
4439
4440         page_count = obj->size / PAGE_SIZE;
4441
4442         for (i = 0; i < page_count; i++) {
4443                 char *src = kmap_atomic(obj_priv->pages[i], KM_USER0);
4444                 char *dst = obj_priv->phys_obj->handle->vaddr + (i * PAGE_SIZE);
4445
4446                 memcpy(dst, src, PAGE_SIZE);
4447                 kunmap_atomic(src, KM_USER0);
4448         }
4449
4450         i915_gem_object_put_pages(obj);
4451
4452         return 0;
4453 out:
4454         return ret;
4455 }
4456
4457 static int
4458 i915_gem_phys_pwrite(struct drm_device *dev, struct drm_gem_object *obj,
4459                      struct drm_i915_gem_pwrite *args,
4460                      struct drm_file *file_priv)
4461 {
4462         struct drm_i915_gem_object *obj_priv = obj->driver_private;
4463         void *obj_addr;
4464         int ret;
4465         char __user *user_data;
4466
4467         user_data = (char __user *) (uintptr_t) args->data_ptr;
4468         obj_addr = obj_priv->phys_obj->handle->vaddr + args->offset;
4469
4470         DRM_DEBUG("obj_addr %p, %lld\n", obj_addr, args->size);
4471         ret = copy_from_user(obj_addr, user_data, args->size);
4472         if (ret)
4473                 return -EFAULT;
4474
4475         drm_agp_chipset_flush(dev);
4476         return 0;
4477 }
4478
4479 void i915_gem_release(struct drm_device * dev, struct drm_file *file_priv)
4480 {
4481         struct drm_i915_file_private *i915_file_priv = file_priv->driver_priv;
4482
4483         /* Clean up our request list when the client is going away, so that
4484          * later retire_requests won't dereference our soon-to-be-gone
4485          * file_priv.
4486          */
4487         mutex_lock(&dev->struct_mutex);
4488         while (!list_empty(&i915_file_priv->mm.request_list))
4489                 list_del_init(i915_file_priv->mm.request_list.next);
4490         mutex_unlock(&dev->struct_mutex);
4491 }