2 * Copyright © 2013 Intel Corporation
4 * Permission is hereby granted, free of charge, to any person obtaining a
5 * copy of this software and associated documentation files (the "Software"),
6 * to deal in the Software without restriction, including without limitation
7 * the rights to use, copy, modify, merge, publish, distribute, sublicense,
8 * and/or sell copies of the Software, and to permit persons to whom the
9 * Software is furnished to do so, subject to the following conditions:
11 * The above copyright notice and this permission notice (including the next
12 * paragraph) shall be included in all copies or substantial portions of the
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
18 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
20 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
31 * DOC: batch buffer command parser
34 * Certain OpenGL features (e.g. transform feedback, performance monitoring)
35 * require userspace code to submit batches containing commands such as
36 * MI_LOAD_REGISTER_IMM to access various registers. Unfortunately, some
37 * generations of the hardware will noop these commands in "unsecure" batches
38 * (which includes all userspace batches submitted via i915) even though the
39 * commands may be safe and represent the intended programming model of the
42 * The software command parser is similar in operation to the command parsing
43 * done in hardware for unsecure batches. However, the software parser allows
44 * some operations that would be noop'd by hardware, if the parser determines
45 * the operation is safe, and submits the batch as "secure" to prevent hardware
49 * At a high level, the hardware (and software) checks attempt to prevent
50 * granting userspace undue privileges. There are three categories of privilege.
52 * First, commands which are explicitly defined as privileged or which should
53 * only be used by the kernel driver. The parser generally rejects such
54 * commands, though it may allow some from the drm master process.
56 * Second, commands which access registers. To support correct/enhanced
57 * userspace functionality, particularly certain OpenGL extensions, the parser
58 * provides a whitelist of registers which userspace may safely access (for both
59 * normal and drm master processes).
61 * Third, commands which access privileged memory (i.e. GGTT, HWS page, etc).
62 * The parser always rejects such commands.
64 * The majority of the problematic commands fall in the MI_* range, with only a
65 * few specific commands on each ring (e.g. PIPE_CONTROL and MI_FLUSH_DW).
68 * Each ring maintains tables of commands and registers which the parser uses in
69 * scanning batch buffers submitted to that ring.
71 * Since the set of commands that the parser must check for is significantly
72 * smaller than the number of commands supported, the parser tables contain only
73 * those commands required by the parser. This generally works because command
74 * opcode ranges have standard command length encodings. So for commands that
75 * the parser does not need to check, it can easily skip them. This is
76 * implemented via a per-ring length decoding vfunc.
78 * Unfortunately, there are a number of commands that do not follow the standard
79 * length encoding for their opcode range, primarily amongst the MI_* commands.
80 * To handle this, the parser provides a way to define explicit "skip" entries
81 * in the per-ring command tables.
83 * Other command table entries map fairly directly to high level categories
84 * mentioned above: rejected, master-only, register whitelist. The parser
85 * implements a number of checks, including the privileged memory checks, via a
86 * general bitmasking mechanism.
89 #define STD_MI_OPCODE_MASK 0xFF800000
90 #define STD_3D_OPCODE_MASK 0xFFFF0000
91 #define STD_2D_OPCODE_MASK 0xFFC00000
92 #define STD_MFX_OPCODE_MASK 0xFFFF0000
94 #define CMD(op, opm, f, lm, fl, ...) \
96 .flags = (fl) | ((f) ? CMD_DESC_FIXED : 0), \
97 .cmd = { (op), (opm) }, \
102 /* Convenience macros to compress the tables */
103 #define SMI STD_MI_OPCODE_MASK
104 #define S3D STD_3D_OPCODE_MASK
105 #define S2D STD_2D_OPCODE_MASK
106 #define SMFX STD_MFX_OPCODE_MASK
108 #define S CMD_DESC_SKIP
109 #define R CMD_DESC_REJECT
110 #define W CMD_DESC_REGISTER
111 #define B CMD_DESC_BITMASK
112 #define M CMD_DESC_MASTER
114 /* Command Mask Fixed Len Action
115 ---------------------------------------------------------- */
116 static const struct drm_i915_cmd_descriptor common_cmds[] = {
117 CMD( MI_NOOP, SMI, F, 1, S ),
118 CMD( MI_USER_INTERRUPT, SMI, F, 1, R ),
119 CMD( MI_WAIT_FOR_EVENT, SMI, F, 1, M ),
120 CMD( MI_ARB_CHECK, SMI, F, 1, S ),
121 CMD( MI_REPORT_HEAD, SMI, F, 1, S ),
122 CMD( MI_SUSPEND_FLUSH, SMI, F, 1, S ),
123 CMD( MI_SEMAPHORE_MBOX, SMI, !F, 0xFF, R ),
124 CMD( MI_STORE_DWORD_INDEX, SMI, !F, 0xFF, R ),
125 CMD( MI_LOAD_REGISTER_IMM(1), SMI, !F, 0xFF, W,
126 .reg = { .offset = 1, .mask = 0x007FFFFC, .step = 2 } ),
127 CMD( MI_STORE_REGISTER_MEM(1), SMI, !F, 0xFF, W | B,
128 .reg = { .offset = 1, .mask = 0x007FFFFC },
131 .mask = MI_GLOBAL_GTT,
134 CMD( MI_LOAD_REGISTER_MEM, SMI, !F, 0xFF, W | B,
135 .reg = { .offset = 1, .mask = 0x007FFFFC },
138 .mask = MI_GLOBAL_GTT,
142 * MI_BATCH_BUFFER_START requires some special handling. It's not
143 * really a 'skip' action but it doesn't seem like it's worth adding
144 * a new action. See i915_parse_cmds().
146 CMD( MI_BATCH_BUFFER_START, SMI, !F, 0xFF, S ),
149 static const struct drm_i915_cmd_descriptor render_cmds[] = {
150 CMD( MI_FLUSH, SMI, F, 1, S ),
151 CMD( MI_ARB_ON_OFF, SMI, F, 1, R ),
152 CMD( MI_PREDICATE, SMI, F, 1, S ),
153 CMD( MI_TOPOLOGY_FILTER, SMI, F, 1, S ),
154 CMD( MI_DISPLAY_FLIP, SMI, !F, 0xFF, R ),
155 CMD( MI_SET_APPID, SMI, F, 1, S ),
156 CMD( MI_SET_CONTEXT, SMI, !F, 0xFF, R ),
157 CMD( MI_URB_CLEAR, SMI, !F, 0xFF, S ),
158 CMD( MI_STORE_DWORD_IMM, SMI, !F, 0x3F, B,
161 .mask = MI_GLOBAL_GTT,
164 CMD( MI_UPDATE_GTT, SMI, !F, 0xFF, R ),
165 CMD( MI_CLFLUSH, SMI, !F, 0x3FF, B,
168 .mask = MI_GLOBAL_GTT,
171 CMD( MI_REPORT_PERF_COUNT, SMI, !F, 0x3F, B,
174 .mask = MI_REPORT_PERF_COUNT_GGTT,
177 CMD( MI_CONDITIONAL_BATCH_BUFFER_END, SMI, !F, 0xFF, B,
180 .mask = MI_GLOBAL_GTT,
183 CMD( GFX_OP_3DSTATE_VF_STATISTICS, S3D, F, 1, S ),
184 CMD( PIPELINE_SELECT, S3D, F, 1, S ),
185 CMD( MEDIA_VFE_STATE, S3D, !F, 0xFFFF, B,
188 .mask = MEDIA_VFE_STATE_MMIO_ACCESS_MASK,
191 CMD( GPGPU_OBJECT, S3D, !F, 0xFF, S ),
192 CMD( GPGPU_WALKER, S3D, !F, 0xFF, S ),
193 CMD( GFX_OP_3DSTATE_SO_DECL_LIST, S3D, !F, 0x1FF, S ),
194 CMD( GFX_OP_PIPE_CONTROL(5), S3D, !F, 0xFF, B,
197 .mask = (PIPE_CONTROL_MMIO_WRITE | PIPE_CONTROL_NOTIFY),
202 .mask = (PIPE_CONTROL_GLOBAL_GTT_IVB |
203 PIPE_CONTROL_STORE_DATA_INDEX),
205 .condition_offset = 1,
206 .condition_mask = PIPE_CONTROL_POST_SYNC_OP_MASK,
210 static const struct drm_i915_cmd_descriptor hsw_render_cmds[] = {
211 CMD( MI_SET_PREDICATE, SMI, F, 1, S ),
212 CMD( MI_RS_CONTROL, SMI, F, 1, S ),
213 CMD( MI_URB_ATOMIC_ALLOC, SMI, F, 1, S ),
214 CMD( MI_SET_APPID, SMI, F, 1, S ),
215 CMD( MI_RS_CONTEXT, SMI, F, 1, S ),
216 CMD( MI_LOAD_SCAN_LINES_INCL, SMI, !F, 0x3F, M ),
217 CMD( MI_LOAD_SCAN_LINES_EXCL, SMI, !F, 0x3F, R ),
218 CMD( MI_LOAD_REGISTER_REG, SMI, !F, 0xFF, R ),
219 CMD( MI_RS_STORE_DATA_IMM, SMI, !F, 0xFF, S ),
220 CMD( MI_LOAD_URB_MEM, SMI, !F, 0xFF, S ),
221 CMD( MI_STORE_URB_MEM, SMI, !F, 0xFF, S ),
222 CMD( GFX_OP_3DSTATE_DX9_CONSTANTF_VS, S3D, !F, 0x7FF, S ),
223 CMD( GFX_OP_3DSTATE_DX9_CONSTANTF_PS, S3D, !F, 0x7FF, S ),
225 CMD( GFX_OP_3DSTATE_BINDING_TABLE_EDIT_VS, S3D, !F, 0x1FF, S ),
226 CMD( GFX_OP_3DSTATE_BINDING_TABLE_EDIT_GS, S3D, !F, 0x1FF, S ),
227 CMD( GFX_OP_3DSTATE_BINDING_TABLE_EDIT_HS, S3D, !F, 0x1FF, S ),
228 CMD( GFX_OP_3DSTATE_BINDING_TABLE_EDIT_DS, S3D, !F, 0x1FF, S ),
229 CMD( GFX_OP_3DSTATE_BINDING_TABLE_EDIT_PS, S3D, !F, 0x1FF, S ),
232 static const struct drm_i915_cmd_descriptor video_cmds[] = {
233 CMD( MI_ARB_ON_OFF, SMI, F, 1, R ),
234 CMD( MI_SET_APPID, SMI, F, 1, S ),
235 CMD( MI_STORE_DWORD_IMM, SMI, !F, 0xFF, B,
238 .mask = MI_GLOBAL_GTT,
241 CMD( MI_UPDATE_GTT, SMI, !F, 0x3F, R ),
242 CMD( MI_FLUSH_DW, SMI, !F, 0x3F, B,
245 .mask = MI_FLUSH_DW_NOTIFY,
250 .mask = MI_FLUSH_DW_USE_GTT,
252 .condition_offset = 0,
253 .condition_mask = MI_FLUSH_DW_OP_MASK,
257 .mask = MI_FLUSH_DW_STORE_INDEX,
259 .condition_offset = 0,
260 .condition_mask = MI_FLUSH_DW_OP_MASK,
262 CMD( MI_CONDITIONAL_BATCH_BUFFER_END, SMI, !F, 0xFF, B,
265 .mask = MI_GLOBAL_GTT,
269 * MFX_WAIT doesn't fit the way we handle length for most commands.
270 * It has a length field but it uses a non-standard length bias.
271 * It is always 1 dword though, so just treat it as fixed length.
273 CMD( MFX_WAIT, SMFX, F, 1, S ),
276 static const struct drm_i915_cmd_descriptor vecs_cmds[] = {
277 CMD( MI_ARB_ON_OFF, SMI, F, 1, R ),
278 CMD( MI_SET_APPID, SMI, F, 1, S ),
279 CMD( MI_STORE_DWORD_IMM, SMI, !F, 0xFF, B,
282 .mask = MI_GLOBAL_GTT,
285 CMD( MI_UPDATE_GTT, SMI, !F, 0x3F, R ),
286 CMD( MI_FLUSH_DW, SMI, !F, 0x3F, B,
289 .mask = MI_FLUSH_DW_NOTIFY,
294 .mask = MI_FLUSH_DW_USE_GTT,
296 .condition_offset = 0,
297 .condition_mask = MI_FLUSH_DW_OP_MASK,
301 .mask = MI_FLUSH_DW_STORE_INDEX,
303 .condition_offset = 0,
304 .condition_mask = MI_FLUSH_DW_OP_MASK,
306 CMD( MI_CONDITIONAL_BATCH_BUFFER_END, SMI, !F, 0xFF, B,
309 .mask = MI_GLOBAL_GTT,
314 static const struct drm_i915_cmd_descriptor blt_cmds[] = {
315 CMD( MI_DISPLAY_FLIP, SMI, !F, 0xFF, R ),
316 CMD( MI_STORE_DWORD_IMM, SMI, !F, 0x3FF, B,
319 .mask = MI_GLOBAL_GTT,
322 CMD( MI_UPDATE_GTT, SMI, !F, 0x3F, R ),
323 CMD( MI_FLUSH_DW, SMI, !F, 0x3F, B,
326 .mask = MI_FLUSH_DW_NOTIFY,
331 .mask = MI_FLUSH_DW_USE_GTT,
333 .condition_offset = 0,
334 .condition_mask = MI_FLUSH_DW_OP_MASK,
338 .mask = MI_FLUSH_DW_STORE_INDEX,
340 .condition_offset = 0,
341 .condition_mask = MI_FLUSH_DW_OP_MASK,
343 CMD( COLOR_BLT, S2D, !F, 0x3F, S ),
344 CMD( SRC_COPY_BLT, S2D, !F, 0x3F, S ),
347 static const struct drm_i915_cmd_descriptor hsw_blt_cmds[] = {
348 CMD( MI_LOAD_SCAN_LINES_INCL, SMI, !F, 0x3F, M ),
349 CMD( MI_LOAD_SCAN_LINES_EXCL, SMI, !F, 0x3F, R ),
364 static const struct drm_i915_cmd_table gen7_render_cmds[] = {
365 { common_cmds, ARRAY_SIZE(common_cmds) },
366 { render_cmds, ARRAY_SIZE(render_cmds) },
369 static const struct drm_i915_cmd_table hsw_render_ring_cmds[] = {
370 { common_cmds, ARRAY_SIZE(common_cmds) },
371 { render_cmds, ARRAY_SIZE(render_cmds) },
372 { hsw_render_cmds, ARRAY_SIZE(hsw_render_cmds) },
375 static const struct drm_i915_cmd_table gen7_video_cmds[] = {
376 { common_cmds, ARRAY_SIZE(common_cmds) },
377 { video_cmds, ARRAY_SIZE(video_cmds) },
380 static const struct drm_i915_cmd_table hsw_vebox_cmds[] = {
381 { common_cmds, ARRAY_SIZE(common_cmds) },
382 { vecs_cmds, ARRAY_SIZE(vecs_cmds) },
385 static const struct drm_i915_cmd_table gen7_blt_cmds[] = {
386 { common_cmds, ARRAY_SIZE(common_cmds) },
387 { blt_cmds, ARRAY_SIZE(blt_cmds) },
390 static const struct drm_i915_cmd_table hsw_blt_ring_cmds[] = {
391 { common_cmds, ARRAY_SIZE(common_cmds) },
392 { blt_cmds, ARRAY_SIZE(blt_cmds) },
393 { hsw_blt_cmds, ARRAY_SIZE(hsw_blt_cmds) },
397 * Register whitelists, sorted by increasing register offset.
401 * An individual whitelist entry granting access to register addr. If
402 * mask is non-zero the argument of immediate register writes will be
403 * AND-ed with mask, and the command will be rejected if the result
404 * doesn't match value.
406 * Registers with non-zero mask are only allowed to be written using
409 struct drm_i915_reg_descriptor {
415 /* Convenience macro for adding 32-bit registers. */
416 #define REG32(address, ...) \
417 { .addr = address, __VA_ARGS__ }
420 * Convenience macro for adding 64-bit registers.
422 * Some registers that userspace accesses are 64 bits. The register
423 * access commands only allow 32-bit accesses. Hence, we have to include
424 * entries for both halves of the 64-bit registers.
426 #define REG64(addr) \
427 REG32(addr), REG32(addr + sizeof(u32))
429 static const struct drm_i915_reg_descriptor gen7_render_regs[] = {
430 REG64(GPGPU_THREADS_DISPATCHED),
431 REG64(HS_INVOCATION_COUNT),
432 REG64(DS_INVOCATION_COUNT),
433 REG64(IA_VERTICES_COUNT),
434 REG64(IA_PRIMITIVES_COUNT),
435 REG64(VS_INVOCATION_COUNT),
436 REG64(GS_INVOCATION_COUNT),
437 REG64(GS_PRIMITIVES_COUNT),
438 REG64(CL_INVOCATION_COUNT),
439 REG64(CL_PRIMITIVES_COUNT),
440 REG64(PS_INVOCATION_COUNT),
441 REG64(PS_DEPTH_COUNT),
442 REG32(OACONTROL), /* Only allowed for LRI and SRM. See below. */
443 REG64(MI_PREDICATE_SRC0),
444 REG64(MI_PREDICATE_SRC1),
445 REG32(GEN7_3DPRIM_END_OFFSET),
446 REG32(GEN7_3DPRIM_START_VERTEX),
447 REG32(GEN7_3DPRIM_VERTEX_COUNT),
448 REG32(GEN7_3DPRIM_INSTANCE_COUNT),
449 REG32(GEN7_3DPRIM_START_INSTANCE),
450 REG32(GEN7_3DPRIM_BASE_VERTEX),
451 REG64(GEN7_SO_NUM_PRIMS_WRITTEN(0)),
452 REG64(GEN7_SO_NUM_PRIMS_WRITTEN(1)),
453 REG64(GEN7_SO_NUM_PRIMS_WRITTEN(2)),
454 REG64(GEN7_SO_NUM_PRIMS_WRITTEN(3)),
455 REG64(GEN7_SO_PRIM_STORAGE_NEEDED(0)),
456 REG64(GEN7_SO_PRIM_STORAGE_NEEDED(1)),
457 REG64(GEN7_SO_PRIM_STORAGE_NEEDED(2)),
458 REG64(GEN7_SO_PRIM_STORAGE_NEEDED(3)),
459 REG32(GEN7_SO_WRITE_OFFSET(0)),
460 REG32(GEN7_SO_WRITE_OFFSET(1)),
461 REG32(GEN7_SO_WRITE_OFFSET(2)),
462 REG32(GEN7_SO_WRITE_OFFSET(3)),
463 REG32(GEN7_L3SQCREG1),
464 REG32(GEN7_L3CNTLREG2),
465 REG32(GEN7_L3CNTLREG3),
467 .mask = ~HSW_SCRATCH1_L3_DATA_ATOMICS_DISABLE,
469 REG32(HSW_ROW_CHICKEN3,
470 .mask = ~(HSW_ROW_CHICKEN3_L3_GLOBAL_ATOMICS_DISABLE << 16 |
471 HSW_ROW_CHICKEN3_L3_GLOBAL_ATOMICS_DISABLE),
475 static const struct drm_i915_reg_descriptor gen7_blt_regs[] = {
479 static const struct drm_i915_reg_descriptor ivb_master_regs[] = {
482 REG32(GEN7_PIPE_DE_LOAD_SL(PIPE_A)),
483 REG32(GEN7_PIPE_DE_LOAD_SL(PIPE_B)),
484 REG32(GEN7_PIPE_DE_LOAD_SL(PIPE_C)),
487 static const struct drm_i915_reg_descriptor hsw_master_regs[] = {
495 static u32 gen7_render_get_cmd_length_mask(u32 cmd_header)
497 u32 client = (cmd_header & INSTR_CLIENT_MASK) >> INSTR_CLIENT_SHIFT;
499 (cmd_header & INSTR_SUBCLIENT_MASK) >> INSTR_SUBCLIENT_SHIFT;
501 if (client == INSTR_MI_CLIENT)
503 else if (client == INSTR_RC_CLIENT) {
504 if (subclient == INSTR_MEDIA_SUBCLIENT)
510 DRM_DEBUG_DRIVER("CMD: Abnormal rcs cmd length! 0x%08X\n", cmd_header);
514 static u32 gen7_bsd_get_cmd_length_mask(u32 cmd_header)
516 u32 client = (cmd_header & INSTR_CLIENT_MASK) >> INSTR_CLIENT_SHIFT;
518 (cmd_header & INSTR_SUBCLIENT_MASK) >> INSTR_SUBCLIENT_SHIFT;
519 u32 op = (cmd_header & INSTR_26_TO_24_MASK) >> INSTR_26_TO_24_SHIFT;
521 if (client == INSTR_MI_CLIENT)
523 else if (client == INSTR_RC_CLIENT) {
524 if (subclient == INSTR_MEDIA_SUBCLIENT) {
533 DRM_DEBUG_DRIVER("CMD: Abnormal bsd cmd length! 0x%08X\n", cmd_header);
537 static u32 gen7_blt_get_cmd_length_mask(u32 cmd_header)
539 u32 client = (cmd_header & INSTR_CLIENT_MASK) >> INSTR_CLIENT_SHIFT;
541 if (client == INSTR_MI_CLIENT)
543 else if (client == INSTR_BC_CLIENT)
546 DRM_DEBUG_DRIVER("CMD: Abnormal blt cmd length! 0x%08X\n", cmd_header);
550 static bool validate_cmds_sorted(struct intel_engine_cs *ring,
551 const struct drm_i915_cmd_table *cmd_tables,
557 if (!cmd_tables || cmd_table_count == 0)
560 for (i = 0; i < cmd_table_count; i++) {
561 const struct drm_i915_cmd_table *table = &cmd_tables[i];
565 for (j = 0; j < table->count; j++) {
566 const struct drm_i915_cmd_descriptor *desc =
568 u32 curr = desc->cmd.value & desc->cmd.mask;
570 if (curr < previous) {
571 DRM_ERROR("CMD: table not sorted ring=%d table=%d entry=%d cmd=0x%08X prev=0x%08X\n",
572 ring->id, i, j, curr, previous);
583 static bool check_sorted(int ring_id,
584 const struct drm_i915_reg_descriptor *reg_table,
591 for (i = 0; i < reg_count; i++) {
592 u32 curr = reg_table[i].addr;
594 if (curr < previous) {
595 DRM_ERROR("CMD: table not sorted ring=%d entry=%d reg=0x%08X prev=0x%08X\n",
596 ring_id, i, curr, previous);
606 static bool validate_regs_sorted(struct intel_engine_cs *ring)
608 return check_sorted(ring->id, ring->reg_table, ring->reg_count) &&
609 check_sorted(ring->id, ring->master_reg_table,
610 ring->master_reg_count);
614 const struct drm_i915_cmd_descriptor *desc;
615 struct hlist_node node;
619 * Different command ranges have different numbers of bits for the opcode. For
620 * example, MI commands use bits 31:23 while 3D commands use bits 31:16. The
621 * problem is that, for example, MI commands use bits 22:16 for other fields
622 * such as GGTT vs PPGTT bits. If we include those bits in the mask then when
623 * we mask a command from a batch it could hash to the wrong bucket due to
624 * non-opcode bits being set. But if we don't include those bits, some 3D
625 * commands may hash to the same bucket due to not including opcode bits that
626 * make the command unique. For now, we will risk hashing to the same bucket.
628 * If we attempt to generate a perfect hash, we should be able to look at bits
629 * 31:29 of a command from a batch buffer and use the full mask for that
630 * client. The existing INSTR_CLIENT_MASK/SHIFT defines can be used for this.
632 #define CMD_HASH_MASK STD_MI_OPCODE_MASK
634 static int init_hash_table(struct intel_engine_cs *ring,
635 const struct drm_i915_cmd_table *cmd_tables,
640 hash_init(ring->cmd_hash);
642 for (i = 0; i < cmd_table_count; i++) {
643 const struct drm_i915_cmd_table *table = &cmd_tables[i];
645 for (j = 0; j < table->count; j++) {
646 const struct drm_i915_cmd_descriptor *desc =
648 struct cmd_node *desc_node =
649 kmalloc(sizeof(*desc_node), GFP_KERNEL);
654 desc_node->desc = desc;
655 hash_add(ring->cmd_hash, &desc_node->node,
656 desc->cmd.value & CMD_HASH_MASK);
663 static void fini_hash_table(struct intel_engine_cs *ring)
665 struct hlist_node *tmp;
666 struct cmd_node *desc_node;
669 hash_for_each_safe(ring->cmd_hash, i, tmp, desc_node, node) {
670 hash_del(&desc_node->node);
676 * i915_cmd_parser_init_ring() - set cmd parser related fields for a ringbuffer
677 * @ring: the ringbuffer to initialize
679 * Optionally initializes fields related to batch buffer command parsing in the
680 * struct intel_engine_cs based on whether the platform requires software
683 * Return: non-zero if initialization fails
685 int i915_cmd_parser_init_ring(struct intel_engine_cs *ring)
687 const struct drm_i915_cmd_table *cmd_tables;
691 if (!IS_GEN7(ring->dev))
696 if (IS_HASWELL(ring->dev)) {
697 cmd_tables = hsw_render_ring_cmds;
699 ARRAY_SIZE(hsw_render_ring_cmds);
701 cmd_tables = gen7_render_cmds;
702 cmd_table_count = ARRAY_SIZE(gen7_render_cmds);
705 ring->reg_table = gen7_render_regs;
706 ring->reg_count = ARRAY_SIZE(gen7_render_regs);
708 if (IS_HASWELL(ring->dev)) {
709 ring->master_reg_table = hsw_master_regs;
710 ring->master_reg_count = ARRAY_SIZE(hsw_master_regs);
712 ring->master_reg_table = ivb_master_regs;
713 ring->master_reg_count = ARRAY_SIZE(ivb_master_regs);
716 ring->get_cmd_length_mask = gen7_render_get_cmd_length_mask;
719 cmd_tables = gen7_video_cmds;
720 cmd_table_count = ARRAY_SIZE(gen7_video_cmds);
721 ring->get_cmd_length_mask = gen7_bsd_get_cmd_length_mask;
724 if (IS_HASWELL(ring->dev)) {
725 cmd_tables = hsw_blt_ring_cmds;
726 cmd_table_count = ARRAY_SIZE(hsw_blt_ring_cmds);
728 cmd_tables = gen7_blt_cmds;
729 cmd_table_count = ARRAY_SIZE(gen7_blt_cmds);
732 ring->reg_table = gen7_blt_regs;
733 ring->reg_count = ARRAY_SIZE(gen7_blt_regs);
735 if (IS_HASWELL(ring->dev)) {
736 ring->master_reg_table = hsw_master_regs;
737 ring->master_reg_count = ARRAY_SIZE(hsw_master_regs);
739 ring->master_reg_table = ivb_master_regs;
740 ring->master_reg_count = ARRAY_SIZE(ivb_master_regs);
743 ring->get_cmd_length_mask = gen7_blt_get_cmd_length_mask;
746 cmd_tables = hsw_vebox_cmds;
747 cmd_table_count = ARRAY_SIZE(hsw_vebox_cmds);
748 /* VECS can use the same length_mask function as VCS */
749 ring->get_cmd_length_mask = gen7_bsd_get_cmd_length_mask;
752 DRM_ERROR("CMD: cmd_parser_init with unknown ring: %d\n",
757 BUG_ON(!validate_cmds_sorted(ring, cmd_tables, cmd_table_count));
758 BUG_ON(!validate_regs_sorted(ring));
760 WARN_ON(!hash_empty(ring->cmd_hash));
762 ret = init_hash_table(ring, cmd_tables, cmd_table_count);
764 DRM_ERROR("CMD: cmd_parser_init failed!\n");
765 fini_hash_table(ring);
769 ring->needs_cmd_parser = true;
775 * i915_cmd_parser_fini_ring() - clean up cmd parser related fields
776 * @ring: the ringbuffer to clean up
778 * Releases any resources related to command parsing that may have been
779 * initialized for the specified ring.
781 void i915_cmd_parser_fini_ring(struct intel_engine_cs *ring)
783 if (!ring->needs_cmd_parser)
786 fini_hash_table(ring);
789 static const struct drm_i915_cmd_descriptor*
790 find_cmd_in_table(struct intel_engine_cs *ring,
793 struct cmd_node *desc_node;
795 hash_for_each_possible(ring->cmd_hash, desc_node, node,
796 cmd_header & CMD_HASH_MASK) {
797 const struct drm_i915_cmd_descriptor *desc = desc_node->desc;
798 u32 masked_cmd = desc->cmd.mask & cmd_header;
799 u32 masked_value = desc->cmd.value & desc->cmd.mask;
801 if (masked_cmd == masked_value)
809 * Returns a pointer to a descriptor for the command specified by cmd_header.
811 * The caller must supply space for a default descriptor via the default_desc
812 * parameter. If no descriptor for the specified command exists in the ring's
813 * command parser tables, this function fills in default_desc based on the
814 * ring's default length encoding and returns default_desc.
816 static const struct drm_i915_cmd_descriptor*
817 find_cmd(struct intel_engine_cs *ring,
819 struct drm_i915_cmd_descriptor *default_desc)
821 const struct drm_i915_cmd_descriptor *desc;
824 desc = find_cmd_in_table(ring, cmd_header);
828 mask = ring->get_cmd_length_mask(cmd_header);
832 BUG_ON(!default_desc);
833 default_desc->flags = CMD_DESC_SKIP;
834 default_desc->length.mask = mask;
839 static const struct drm_i915_reg_descriptor *
840 find_reg(const struct drm_i915_reg_descriptor *table,
846 for (i = 0; i < count; i++) {
847 if (table[i].addr == addr)
855 static u32 *vmap_batch(struct drm_i915_gem_object *obj,
856 unsigned start, unsigned len)
860 struct sg_page_iter sg_iter;
861 int first_page = start >> PAGE_SHIFT;
862 int last_page = (len + start + 4095) >> PAGE_SHIFT;
863 int npages = last_page - first_page;
866 pages = drm_malloc_ab(npages, sizeof(*pages));
868 DRM_DEBUG_DRIVER("Failed to get space for pages\n");
873 for_each_sg_page(obj->pages->sgl, &sg_iter, obj->pages->nents, first_page) {
874 pages[i++] = sg_page_iter_page(&sg_iter);
879 addr = vmap(pages, i, 0, PAGE_KERNEL);
881 DRM_DEBUG_DRIVER("Failed to vmap pages\n");
887 drm_free_large(pages);
891 /* Returns a vmap'd pointer to dest_obj, which the caller must unmap */
892 static u32 *copy_batch(struct drm_i915_gem_object *dest_obj,
893 struct drm_i915_gem_object *src_obj,
894 u32 batch_start_offset,
897 int needs_clflush = 0;
898 void *src_base, *src;
902 if (batch_len > dest_obj->base.size ||
903 batch_len + batch_start_offset > src_obj->base.size)
904 return ERR_PTR(-E2BIG);
906 if (WARN_ON(dest_obj->pages_pin_count == 0))
907 return ERR_PTR(-ENODEV);
909 ret = i915_gem_obj_prepare_shmem_read(src_obj, &needs_clflush);
911 DRM_DEBUG_DRIVER("CMD: failed to prepare shadow batch\n");
915 src_base = vmap_batch(src_obj, batch_start_offset, batch_len);
917 DRM_DEBUG_DRIVER("CMD: Failed to vmap batch\n");
922 ret = i915_gem_object_set_to_cpu_domain(dest_obj, true);
924 DRM_DEBUG_DRIVER("CMD: Failed to set shadow batch to CPU\n");
928 dst = vmap_batch(dest_obj, 0, batch_len);
930 DRM_DEBUG_DRIVER("CMD: Failed to vmap shadow batch\n");
935 src = src_base + offset_in_page(batch_start_offset);
937 drm_clflush_virt_range(src, batch_len);
939 memcpy(dst, src, batch_len);
944 i915_gem_object_unpin_pages(src_obj);
946 return ret ? ERR_PTR(ret) : dst;
950 * i915_needs_cmd_parser() - should a given ring use software command parsing?
951 * @ring: the ring in question
953 * Only certain platforms require software batch buffer command parsing, and
954 * only when enabled via module parameter.
956 * Return: true if the ring requires software command parsing
958 bool i915_needs_cmd_parser(struct intel_engine_cs *ring)
960 if (!ring->needs_cmd_parser)
963 if (!USES_PPGTT(ring->dev))
966 return (i915.enable_cmd_parser == 1);
969 static bool check_cmd(const struct intel_engine_cs *ring,
970 const struct drm_i915_cmd_descriptor *desc,
971 const u32 *cmd, u32 length,
972 const bool is_master,
975 if (desc->flags & CMD_DESC_REJECT) {
976 DRM_DEBUG_DRIVER("CMD: Rejected command: 0x%08X\n", *cmd);
980 if ((desc->flags & CMD_DESC_MASTER) && !is_master) {
981 DRM_DEBUG_DRIVER("CMD: Rejected master-only command: 0x%08X\n",
986 if (desc->flags & CMD_DESC_REGISTER) {
988 * Get the distance between individual register offset
989 * fields if the command can perform more than one
992 const u32 step = desc->reg.step ? desc->reg.step : length;
995 for (offset = desc->reg.offset; offset < length;
997 const u32 reg_addr = cmd[offset] & desc->reg.mask;
998 const struct drm_i915_reg_descriptor *reg =
999 find_reg(ring->reg_table, ring->reg_count,
1002 if (!reg && is_master)
1003 reg = find_reg(ring->master_reg_table,
1004 ring->master_reg_count,
1008 DRM_DEBUG_DRIVER("CMD: Rejected register 0x%08X in command: 0x%08X (ring=%d)\n",
1009 reg_addr, *cmd, ring->id);
1014 * OACONTROL requires some special handling for
1015 * writes. We want to make sure that any batch which
1016 * enables OA also disables it before the end of the
1017 * batch. The goal is to prevent one process from
1018 * snooping on the perf data from another process. To do
1019 * that, we need to check the value that will be written
1020 * to the register. Hence, limit OACONTROL writes to
1021 * only MI_LOAD_REGISTER_IMM commands.
1023 if (reg_addr == OACONTROL) {
1024 if (desc->cmd.value == MI_LOAD_REGISTER_MEM) {
1025 DRM_DEBUG_DRIVER("CMD: Rejected LRM to OACONTROL\n");
1029 if (desc->cmd.value == MI_LOAD_REGISTER_IMM(1))
1030 *oacontrol_set = (cmd[offset + 1] != 0);
1034 * Check the value written to the register against the
1035 * allowed mask/value pair given in the whitelist entry.
1038 if (desc->cmd.value == MI_LOAD_REGISTER_MEM) {
1039 DRM_DEBUG_DRIVER("CMD: Rejected LRM to masked register 0x%08X\n",
1044 if (desc->cmd.value == MI_LOAD_REGISTER_IMM(1) &&
1045 (offset + 2 > length ||
1046 (cmd[offset + 1] & reg->mask) != reg->value)) {
1047 DRM_DEBUG_DRIVER("CMD: Rejected LRI to masked register 0x%08X\n",
1055 if (desc->flags & CMD_DESC_BITMASK) {
1058 for (i = 0; i < MAX_CMD_DESC_BITMASKS; i++) {
1061 if (desc->bits[i].mask == 0)
1064 if (desc->bits[i].condition_mask != 0) {
1066 desc->bits[i].condition_offset;
1067 u32 condition = cmd[offset] &
1068 desc->bits[i].condition_mask;
1074 dword = cmd[desc->bits[i].offset] &
1077 if (dword != desc->bits[i].expected) {
1078 DRM_DEBUG_DRIVER("CMD: Rejected command 0x%08X for bitmask 0x%08X (exp=0x%08X act=0x%08X) (ring=%d)\n",
1081 desc->bits[i].expected,
1091 #define LENGTH_BIAS 2
1094 * i915_parse_cmds() - parse a submitted batch buffer for privilege violations
1095 * @ring: the ring on which the batch is to execute
1096 * @batch_obj: the batch buffer in question
1097 * @shadow_batch_obj: copy of the batch buffer in question
1098 * @batch_start_offset: byte offset in the batch at which execution starts
1099 * @batch_len: length of the commands in batch_obj
1100 * @is_master: is the submitting process the drm master?
1102 * Parses the specified batch buffer looking for privilege violations as
1103 * described in the overview.
1105 * Return: non-zero if the parser finds violations or otherwise fails; -EACCES
1106 * if the batch appears legal but should use hardware parsing
1108 int i915_parse_cmds(struct intel_engine_cs *ring,
1109 struct drm_i915_gem_object *batch_obj,
1110 struct drm_i915_gem_object *shadow_batch_obj,
1111 u32 batch_start_offset,
1115 u32 *cmd, *batch_base, *batch_end;
1116 struct drm_i915_cmd_descriptor default_desc = { 0 };
1117 bool oacontrol_set = false; /* OACONTROL tracking. See check_cmd() */
1120 batch_base = copy_batch(shadow_batch_obj, batch_obj,
1121 batch_start_offset, batch_len);
1122 if (IS_ERR(batch_base)) {
1123 DRM_DEBUG_DRIVER("CMD: Failed to copy batch\n");
1124 return PTR_ERR(batch_base);
1128 * We use the batch length as size because the shadow object is as
1129 * large or larger and copy_batch() will write MI_NOPs to the extra
1130 * space. Parsing should be faster in some cases this way.
1132 batch_end = batch_base + (batch_len / sizeof(*batch_end));
1135 while (cmd < batch_end) {
1136 const struct drm_i915_cmd_descriptor *desc;
1139 if (*cmd == MI_BATCH_BUFFER_END)
1142 desc = find_cmd(ring, *cmd, &default_desc);
1144 DRM_DEBUG_DRIVER("CMD: Unrecognized command: 0x%08X\n",
1151 * If the batch buffer contains a chained batch, return an
1152 * error that tells the caller to abort and dispatch the
1153 * workload as a non-secure batch.
1155 if (desc->cmd.value == MI_BATCH_BUFFER_START) {
1160 if (desc->flags & CMD_DESC_FIXED)
1161 length = desc->length.fixed;
1163 length = ((*cmd & desc->length.mask) + LENGTH_BIAS);
1165 if ((batch_end - cmd) < length) {
1166 DRM_DEBUG_DRIVER("CMD: Command length exceeds batch length: 0x%08X length=%u batchlen=%td\n",
1174 if (!check_cmd(ring, desc, cmd, length, is_master,
1183 if (oacontrol_set) {
1184 DRM_DEBUG_DRIVER("CMD: batch set OACONTROL but did not clear it\n");
1188 if (cmd >= batch_end) {
1189 DRM_DEBUG_DRIVER("CMD: Got to the end of the buffer w/o a BBE cmd!\n");
1199 * i915_cmd_parser_get_version() - get the cmd parser version number
1201 * The cmd parser maintains a simple increasing integer version number suitable
1202 * for passing to userspace clients to determine what operations are permitted.
1204 * Return: the current version number of the cmd parser
1206 int i915_cmd_parser_get_version(void)
1209 * Command parser version history
1211 * 1. Initial version. Checks batches and reports violations, but leaves
1212 * hardware parsing enabled (so does not allow new use cases).
1213 * 2. Allow access to the MI_PREDICATE_SRC0 and
1214 * MI_PREDICATE_SRC1 registers.
1215 * 3. Allow access to the GPGPU_THREADS_DISPATCHED register.
projects / linux.git / blob