1 /*
2 *
3 * (C) COPYRIGHT 2011-2020 ARM Limited. All rights reserved.
4 *
5 * This program is free software and is provided to you under the terms of the
6 * GNU General Public License version 2 as published by the Free Software
7 * Foundation, and any use by you of this program is subject to the terms
8 * of such GNU licence.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, you can access it online at
17 * http://www.gnu.org/licenses/gpl-2.0.html.
18 *
19 * SPDX-License-Identifier: GPL-2.0
20 *
21 */
22
23 #include <mali_kbase.h>
24
25 #include <linux/dma-buf.h>
26 #include <asm/cacheflush.h>
27 #if defined(CONFIG_SYNC) || defined(CONFIG_SYNC_FILE)
28 #include <mali_kbase_sync.h>
29 #endif
30 #include <linux/dma-mapping.h>
31 #include <mali_base_kernel.h>
32 #include <mali_kbase_hwaccess_time.h>
33 #include <mali_kbase_kinstr_jm.h>
34 #include <mali_kbase_mem_linux.h>
35 #include <tl/mali_kbase_tracepoints.h>
36 #include <mali_linux_trace.h>
37 #include <linux/version.h>
38 #include <linux/ktime.h>
39 #include <linux/pfn.h>
40 #include <linux/sched.h>
41 #include <linux/kernel.h>
42 #include <linux/cache.h>
43
44 #if !MALI_USE_CSF
45 /**
46 * @file mali_kbase_softjobs.c
47 *
48 * This file implements the logic behind software only jobs that are
49 * executed within the driver rather than being handed over to the GPU.
50 */
51
kbasep_add_waiting_soft_job(struct kbase_jd_atom * katom)52 static void kbasep_add_waiting_soft_job(struct kbase_jd_atom *katom)
53 {
54 struct kbase_context *kctx = katom->kctx;
55 unsigned long lflags;
56
57 spin_lock_irqsave(&kctx->waiting_soft_jobs_lock, lflags);
58 list_add_tail(&katom->queue, &kctx->waiting_soft_jobs);
59 spin_unlock_irqrestore(&kctx->waiting_soft_jobs_lock, lflags);
60 }
61
kbasep_remove_waiting_soft_job(struct kbase_jd_atom * katom)62 void kbasep_remove_waiting_soft_job(struct kbase_jd_atom *katom)
63 {
64 struct kbase_context *kctx = katom->kctx;
65 unsigned long lflags;
66
67 spin_lock_irqsave(&kctx->waiting_soft_jobs_lock, lflags);
68 list_del(&katom->queue);
69 spin_unlock_irqrestore(&kctx->waiting_soft_jobs_lock, lflags);
70 }
71
kbasep_add_waiting_with_timeout(struct kbase_jd_atom * katom)72 static void kbasep_add_waiting_with_timeout(struct kbase_jd_atom *katom)
73 {
74 struct kbase_context *kctx = katom->kctx;
75
76 /* Record the start time of this atom so we could cancel it at
77 * the right time.
78 */
79 katom->start_timestamp = ktime_get();
80
81 /* Add the atom to the waiting list before the timer is
82 * (re)started to make sure that it gets processed.
83 */
84 kbasep_add_waiting_soft_job(katom);
85
86 /* Schedule timeout of this atom after a period if it is not active */
87 if (!timer_pending(&kctx->soft_job_timeout)) {
88 int timeout_ms = atomic_read(&kctx->kbdev->js_data.soft_job_timeout_ms);
89 mod_timer(&kctx->soft_job_timeout, jiffies + msecs_to_jiffies(timeout_ms));
90 }
91 }
92
kbasep_read_soft_event_status(struct kbase_context * kctx,u64 evt,unsigned char * status)93 static int kbasep_read_soft_event_status(struct kbase_context *kctx, u64 evt, unsigned char *status)
94 {
95 unsigned char *mapped_evt;
96 struct kbase_vmap_struct map;
97
98 mapped_evt = kbase_vmap(kctx, evt, sizeof(*mapped_evt), &map);
99 if (!mapped_evt) {
100 return -EFAULT;
101 }
102
103 *status = *mapped_evt;
104
105 kbase_vunmap(kctx, &map);
106
107 return 0;
108 }
109
kbasep_write_soft_event_status(struct kbase_context * kctx,u64 evt,unsigned char new_status)110 static int kbasep_write_soft_event_status(struct kbase_context *kctx, u64 evt, unsigned char new_status)
111 {
112 unsigned char *mapped_evt;
113 struct kbase_vmap_struct map;
114
115 if ((new_status != BASE_JD_SOFT_EVENT_SET) && (new_status != BASE_JD_SOFT_EVENT_RESET)) {
116 return -EINVAL;
117 }
118
119 mapped_evt = kbase_vmap(kctx, evt, sizeof(*mapped_evt), &map);
120 if (!mapped_evt) {
121 return -EFAULT;
122 }
123
124 *mapped_evt = new_status;
125
126 kbase_vunmap(kctx, &map);
127
128 return 0;
129 }
130
kbase_dump_cpu_gpu_time(struct kbase_jd_atom * katom)131 static int kbase_dump_cpu_gpu_time(struct kbase_jd_atom *katom)
132 {
133 struct kbase_vmap_struct map;
134 void *user_result;
135 struct timespec64 ts;
136 struct base_dump_cpu_gpu_counters data;
137 u64 system_time;
138 u64 cycle_counter;
139 u64 jc = katom->jc;
140 struct kbase_context *kctx = katom->kctx;
141 int pm_active_err;
142
143 memset(&data, 0, sizeof(data));
144
145 /* Take the PM active reference as late as possible - otherwise, it could
146 * delay suspend until we process the atom (which may be at the end of a
147 * long chain of dependencies */
148 pm_active_err = kbase_pm_context_active_handle_suspend(kctx->kbdev, KBASE_PM_SUSPEND_HANDLER_DONT_REACTIVATE);
149 if (pm_active_err) {
150 struct kbasep_js_device_data *js_devdata = &kctx->kbdev->js_data;
151
152 /* We're suspended - queue this on the list of suspended jobs
153 * Use dep_item[1], because dep_item[0] was previously in use
154 * for 'waiting_soft_jobs'.
155 */
156 mutex_lock(&js_devdata->runpool_mutex);
157 list_add_tail(&katom->dep_item[1], &js_devdata->suspended_soft_jobs_list);
158 mutex_unlock(&js_devdata->runpool_mutex);
159
160 /* Also adding this to the list of waiting soft job */
161 kbasep_add_waiting_soft_job(katom);
162
163 return pm_active_err;
164 }
165
166 kbase_backend_get_gpu_time(kctx->kbdev, &cycle_counter, &system_time, &ts);
167
168 kbase_pm_context_idle(kctx->kbdev);
169
170 data.sec = ts.tv_sec;
171 data.usec = ts.tv_nsec / 0x3e8;
172 data.system_time = system_time;
173 data.cycle_counter = cycle_counter;
174
175 /* Assume this atom will be cancelled until we know otherwise */
176 katom->event_code = BASE_JD_EVENT_JOB_CANCELLED;
177
178 /* GPU_WR access is checked on the range for returning the result to
179 * userspace for the following reasons:
180 * - security, this is currently how imported user bufs are checked.
181 * - userspace ddk guaranteed to assume region was mapped as GPU_WR */
182 user_result = kbase_vmap_prot(kctx, jc, sizeof(data), KBASE_REG_GPU_WR, &map);
183 if (!user_result) {
184 return 0;
185 }
186
187 memcpy(user_result, &data, sizeof(data));
188
189 kbase_vunmap(kctx, &map);
190
191 /* Atom was fine - mark it as done */
192 katom->event_code = BASE_JD_EVENT_DONE;
193
194 return 0;
195 }
196
197 #if defined(CONFIG_SYNC) || defined(CONFIG_SYNC_FILE)
198 /* Called by the explicit fence mechanism when a fence wait has completed */
kbase_soft_event_wait_callback(struct kbase_jd_atom * katom)199 void kbase_soft_event_wait_callback(struct kbase_jd_atom *katom)
200 {
201 struct kbase_context *kctx = katom->kctx;
202
203 mutex_lock(&kctx->jctx.lock);
204 kbasep_remove_waiting_soft_job(katom);
205 kbase_finish_soft_job(katom);
206 if (jd_done_nolock(katom, NULL)) {
207 kbase_js_sched_all(kctx->kbdev);
208 }
209 mutex_unlock(&kctx->jctx.lock);
210 }
211 #endif
212
kbasep_soft_event_complete_job(struct work_struct * work)213 static void kbasep_soft_event_complete_job(struct work_struct *work)
214 {
215 struct kbase_jd_atom *katom = container_of(work, struct kbase_jd_atom, work);
216 struct kbase_context *kctx = katom->kctx;
217 int resched;
218
219 mutex_lock(&kctx->jctx.lock);
220 resched = jd_done_nolock(katom, NULL);
221 mutex_unlock(&kctx->jctx.lock);
222
223 if (resched) {
224 kbase_js_sched_all(kctx->kbdev);
225 }
226 }
227
kbasep_complete_triggered_soft_events(struct kbase_context * kctx,u64 evt)228 void kbasep_complete_triggered_soft_events(struct kbase_context *kctx, u64 evt)
229 {
230 int cancel_timer = 1;
231 struct list_head *entry, *tmp;
232 unsigned long lflags;
233
234 spin_lock_irqsave(&kctx->waiting_soft_jobs_lock, lflags);
235 list_for_each_safe(entry, tmp, &kctx->waiting_soft_jobs)
236 {
237 struct kbase_jd_atom *katom = list_entry(entry, struct kbase_jd_atom, queue);
238
239 switch (katom->core_req & BASE_JD_REQ_SOFT_JOB_TYPE) {
240 case BASE_JD_REQ_SOFT_EVENT_WAIT:
241 if (katom->jc == evt) {
242 list_del(&katom->queue);
243
244 katom->event_code = BASE_JD_EVENT_DONE;
245 INIT_WORK(&katom->work, kbasep_soft_event_complete_job);
246 queue_work(kctx->jctx.job_done_wq, &katom->work);
247 } else {
248 /* There are still other waiting jobs, we cannot
249 * cancel the timer yet.
250 */
251 cancel_timer = 0;
252 }
253 break;
254 #ifdef CONFIG_MALI_BIFROST_FENCE_DEBUG
255 case BASE_JD_REQ_SOFT_FENCE_WAIT:
256 /* Keep the timer running if fence debug is enabled and
257 * there are waiting fence jobs.
258 */
259 cancel_timer = 0;
260 break;
261 #endif
262 }
263 }
264
265 if (cancel_timer) {
266 del_timer(&kctx->soft_job_timeout);
267 }
268 spin_unlock_irqrestore(&kctx->waiting_soft_jobs_lock, lflags);
269 }
270
271 #ifdef CONFIG_MALI_BIFROST_FENCE_DEBUG
kbase_fence_debug_check_atom(struct kbase_jd_atom * katom)272 static void kbase_fence_debug_check_atom(struct kbase_jd_atom *katom)
273 {
274 struct kbase_context *kctx = katom->kctx;
275 struct device *dev = kctx->kbdev->dev;
276 int i;
277
278 for (i = 0; i < 0x2; i++) {
279 struct kbase_jd_atom *dep;
280
281 list_for_each_entry(dep, &katom->dep_head[i], dep_item[i])
282 {
283 if (dep->status == KBASE_JD_ATOM_STATE_UNUSED || dep->status == KBASE_JD_ATOM_STATE_COMPLETED) {
284 continue;
285 }
286
287 if ((dep->core_req & BASE_JD_REQ_SOFT_JOB_TYPE) == BASE_JD_REQ_SOFT_FENCE_TRIGGER) {
288 /* Found blocked trigger fence. */
289 struct kbase_sync_fence_info info;
290
291 if (!kbase_sync_fence_in_info_get(dep, &info)) {
292 dev_warn(dev, "\tVictim trigger atom %d fence [%p] %s: %s\n", kbase_jd_atom_id(kctx, dep),
293 info.fence, info.name, kbase_sync_status_string(info.status));
294 }
295 }
296
297 kbase_fence_debug_check_atom(dep);
298 }
299 }
300 }
301
kbase_fence_debug_wait_timeout(struct kbase_jd_atom * katom)302 static void kbase_fence_debug_wait_timeout(struct kbase_jd_atom *katom)
303 {
304 struct kbase_context *kctx = katom->kctx;
305 struct device *dev = katom->kctx->kbdev->dev;
306 int timeout_ms = atomic_read(&kctx->kbdev->js_data.soft_job_timeout_ms);
307 unsigned long lflags;
308 struct kbase_sync_fence_info info;
309
310 spin_lock_irqsave(&kctx->waiting_soft_jobs_lock, lflags);
311
312 if (kbase_sync_fence_in_info_get(katom, &info)) {
313 /* Fence must have signaled just after timeout. */
314 spin_unlock_irqrestore(&kctx->waiting_soft_jobs_lock, lflags);
315 return;
316 }
317
318 dev_warn(dev, "ctx %d_%d: Atom %d still waiting for fence [%p] after %dms\n", kctx->tgid, kctx->id,
319 kbase_jd_atom_id(kctx, katom), info.fence, timeout_ms);
320 dev_warn(dev, "\tGuilty fence [%p] %s: %s\n", info.fence, info.name, kbase_sync_status_string(info.status));
321
322 /* Search for blocked trigger atoms */
323 kbase_fence_debug_check_atom(katom);
324
325 spin_unlock_irqrestore(&kctx->waiting_soft_jobs_lock, lflags);
326
327 kbase_sync_fence_in_dump(katom);
328 }
329
330 struct kbase_fence_debug_work {
331 struct kbase_jd_atom *katom;
332 struct work_struct work;
333 };
334
kbase_fence_debug_wait_timeout_worker(struct work_struct * work)335 static void kbase_fence_debug_wait_timeout_worker(struct work_struct *work)
336 {
337 struct kbase_fence_debug_work *w = container_of(work, struct kbase_fence_debug_work, work);
338 struct kbase_jd_atom *katom = w->katom;
339 struct kbase_context *kctx = katom->kctx;
340
341 mutex_lock(&kctx->jctx.lock);
342 kbase_fence_debug_wait_timeout(katom);
343 mutex_unlock(&kctx->jctx.lock);
344
345 kfree(w);
346 }
347
kbase_fence_debug_timeout(struct kbase_jd_atom * katom)348 static void kbase_fence_debug_timeout(struct kbase_jd_atom *katom)
349 {
350 struct kbase_fence_debug_work *work;
351 struct kbase_context *kctx = katom->kctx;
352
353 /* Enqueue fence debug worker. Use job_done_wq to get
354 * debug print ordered with job completion.
355 */
356 work = kzalloc(sizeof(struct kbase_fence_debug_work), GFP_ATOMIC);
357 /* Ignore allocation failure. */
358 if (work) {
359 work->katom = katom;
360 INIT_WORK(&work->work, kbase_fence_debug_wait_timeout_worker);
361 queue_work(kctx->jctx.job_done_wq, &work->work);
362 }
363 }
364 #endif /* CONFIG_MALI_BIFROST_FENCE_DEBUG */
365
kbasep_soft_job_timeout_worker(struct timer_list * timer)366 void kbasep_soft_job_timeout_worker(struct timer_list *timer)
367 {
368 struct kbase_context *kctx = container_of(timer, struct kbase_context, soft_job_timeout);
369 u32 timeout_ms = (u32)atomic_read(&kctx->kbdev->js_data.soft_job_timeout_ms);
370 ktime_t cur_time = ktime_get();
371 bool restarting = false;
372 unsigned long lflags;
373 struct list_head *entry, *tmp;
374
375 spin_lock_irqsave(&kctx->waiting_soft_jobs_lock, lflags);
376 list_for_each_safe(entry, tmp, &kctx->waiting_soft_jobs)
377 {
378 struct kbase_jd_atom *katom = list_entry(entry, struct kbase_jd_atom, queue);
379 s64 elapsed_time = ktime_to_ms(ktime_sub(cur_time, katom->start_timestamp));
380 if (elapsed_time < (s64)timeout_ms) {
381 restarting = true;
382 continue;
383 }
384
385 switch (katom->core_req & BASE_JD_REQ_SOFT_JOB_TYPE) {
386 case BASE_JD_REQ_SOFT_EVENT_WAIT:
387 /* Take it out of the list to ensure that it
388 * will be cancelled in all cases
389 */
390 list_del(&katom->queue);
391
392 katom->event_code = BASE_JD_EVENT_JOB_CANCELLED;
393 INIT_WORK(&katom->work, kbasep_soft_event_complete_job);
394 queue_work(kctx->jctx.job_done_wq, &katom->work);
395 break;
396 #ifdef CONFIG_MALI_BIFROST_FENCE_DEBUG
397 case BASE_JD_REQ_SOFT_FENCE_WAIT:
398 kbase_fence_debug_timeout(katom);
399 break;
400 #endif
401 }
402 }
403
404 if (restarting) {
405 mod_timer(timer, jiffies + msecs_to_jiffies(timeout_ms));
406 }
407 spin_unlock_irqrestore(&kctx->waiting_soft_jobs_lock, lflags);
408 }
409
kbasep_soft_event_wait(struct kbase_jd_atom * katom)410 static int kbasep_soft_event_wait(struct kbase_jd_atom *katom)
411 {
412 struct kbase_context *kctx = katom->kctx;
413 unsigned char status;
414
415 /* The status of this soft-job is stored in jc */
416 if (kbasep_read_soft_event_status(kctx, katom->jc, &status)) {
417 katom->event_code = BASE_JD_EVENT_JOB_CANCELLED;
418 return 0;
419 }
420
421 if (status == BASE_JD_SOFT_EVENT_SET) {
422 return 0; /* Event already set, nothing to do */
423 }
424
425 kbasep_add_waiting_with_timeout(katom);
426
427 return 1;
428 }
429
kbasep_soft_event_update_locked(struct kbase_jd_atom * katom,unsigned char new_status)430 static void kbasep_soft_event_update_locked(struct kbase_jd_atom *katom, unsigned char new_status)
431 {
432 /* Complete jobs waiting on the same event */
433 struct kbase_context *kctx = katom->kctx;
434
435 if (kbasep_write_soft_event_status(kctx, katom->jc, new_status) != 0) {
436 katom->event_code = BASE_JD_EVENT_JOB_CANCELLED;
437 return;
438 }
439
440 if (new_status == BASE_JD_SOFT_EVENT_SET) {
441 kbasep_complete_triggered_soft_events(kctx, katom->jc);
442 }
443 }
444
445 /**
446 * kbase_soft_event_update() - Update soft event state
447 * @kctx: Pointer to context
448 * @event: Event to update
449 * @new_status: New status value of event
450 *
451 * Update the event, and wake up any atoms waiting for the event.
452 *
453 * Return: 0 on success, a negative error code on failure.
454 */
kbase_soft_event_update(struct kbase_context * kctx,u64 event,unsigned char new_status)455 int kbase_soft_event_update(struct kbase_context *kctx, u64 event, unsigned char new_status)
456 {
457 int err = 0;
458
459 mutex_lock(&kctx->jctx.lock);
460
461 if (kbasep_write_soft_event_status(kctx, event, new_status)) {
462 err = -ENOENT;
463 goto out;
464 }
465
466 if (new_status == BASE_JD_SOFT_EVENT_SET) {
467 kbasep_complete_triggered_soft_events(kctx, event);
468 }
469
470 out:
471 mutex_unlock(&kctx->jctx.lock);
472
473 return err;
474 }
475
kbasep_soft_event_cancel_job(struct kbase_jd_atom * katom)476 static void kbasep_soft_event_cancel_job(struct kbase_jd_atom *katom)
477 {
478 katom->event_code = BASE_JD_EVENT_JOB_CANCELLED;
479 if (jd_done_nolock(katom, NULL)) {
480 kbase_js_sched_all(katom->kctx->kbdev);
481 }
482 }
483
kbase_debug_copy_finish(struct kbase_jd_atom * katom)484 static void kbase_debug_copy_finish(struct kbase_jd_atom *katom)
485 {
486 struct kbase_debug_copy_buffer *buffers = katom->softjob_data;
487 unsigned int i;
488 unsigned int nr = katom->nr_extres;
489
490 if (!buffers) {
491 return;
492 }
493
494 kbase_gpu_vm_lock(katom->kctx);
495 for (i = 0; i < nr; i++) {
496 int p;
497 struct kbase_mem_phy_alloc *gpu_alloc = buffers[i].gpu_alloc;
498
499 if (!buffers[i].pages) {
500 break;
501 }
502 for (p = 0; p < buffers[i].nr_pages; p++) {
503 struct page *pg = buffers[i].pages[p];
504
505 if (pg) {
506 put_page(pg);
507 }
508 }
509 if (buffers[i].is_vmalloc) {
510 vfree(buffers[i].pages);
511 } else {
512 kfree(buffers[i].pages);
513 }
514 if (gpu_alloc) {
515 switch (gpu_alloc->type) {
516 case KBASE_MEM_TYPE_IMPORTED_USER_BUF: {
517 kbase_free_user_buffer(&buffers[i]);
518 break;
519 }
520 default:
521 /* Nothing to be done. */
522 break;
523 }
524 kbase_mem_phy_alloc_put(gpu_alloc);
525 }
526 }
527 kbase_gpu_vm_unlock(katom->kctx);
528 kfree(buffers);
529
530 katom->softjob_data = NULL;
531 }
532
kbase_debug_copy_prepare(struct kbase_jd_atom * katom)533 static int kbase_debug_copy_prepare(struct kbase_jd_atom *katom)
534 {
535 struct kbase_debug_copy_buffer *buffers;
536 struct base_jd_debug_copy_buffer *user_buffers = NULL;
537 unsigned int i;
538 unsigned int nr = katom->nr_extres;
539 int ret = 0;
540 void __user *user_structs = (void __user *)(uintptr_t)katom->jc;
541
542 if (!user_structs) {
543 return -EINVAL;
544 }
545
546 buffers = kcalloc(nr, sizeof(*buffers), GFP_KERNEL);
547 if (!buffers) {
548 ret = -ENOMEM;
549 goto out_cleanup;
550 }
551 katom->softjob_data = buffers;
552
553 user_buffers = kmalloc_array(nr, sizeof(*user_buffers), GFP_KERNEL);
554 if (!user_buffers) {
555 ret = -ENOMEM;
556 goto out_cleanup;
557 }
558
559 ret = copy_from_user(user_buffers, user_structs, sizeof(*user_buffers) * nr);
560 if (ret) {
561 ret = -EFAULT;
562 goto out_cleanup;
563 }
564
565 for (i = 0; i < nr; i++) {
566 u64 addr = user_buffers[i].address;
567 u64 page_addr = addr & PAGE_MASK;
568 u64 end_page_addr = addr + user_buffers[i].size - 1;
569 u64 last_page_addr = end_page_addr & PAGE_MASK;
570 int nr_pages = (last_page_addr - page_addr) / PAGE_SIZE + 1;
571 int pinned_pages;
572 struct kbase_va_region *reg;
573 struct base_external_resource user_extres;
574
575 if (!addr) {
576 continue;
577 }
578
579 if (last_page_addr < page_addr) {
580 ret = -EINVAL;
581 goto out_cleanup;
582 }
583
584 buffers[i].nr_pages = nr_pages;
585 buffers[i].offset = addr & ~PAGE_MASK;
586 if (buffers[i].offset >= PAGE_SIZE) {
587 ret = -EINVAL;
588 goto out_cleanup;
589 }
590 buffers[i].size = user_buffers[i].size;
591
592 if (nr_pages > (KBASE_MEM_PHY_ALLOC_LARGE_THRESHOLD / sizeof(struct page *))) {
593 buffers[i].is_vmalloc = true;
594 buffers[i].pages = vzalloc(nr_pages * sizeof(struct page *));
595 } else {
596 buffers[i].is_vmalloc = false;
597 buffers[i].pages = kcalloc(nr_pages, sizeof(struct page *), GFP_KERNEL);
598 }
599
600 if (!buffers[i].pages) {
601 ret = -ENOMEM;
602 goto out_cleanup;
603 }
604
605 pinned_pages = get_user_pages_fast(page_addr, nr_pages, 1, /* Write */
606 buffers[i].pages);
607 if (pinned_pages < 0) {
608 /* get_user_pages_fast has failed - page array is not
609 * valid. Don't try to release any pages.
610 */
611 buffers[i].nr_pages = 0;
612
613 ret = pinned_pages;
614 goto out_cleanup;
615 }
616 if (pinned_pages != nr_pages) {
617 /* Adjust number of pages, so that we only attempt to
618 * release pages in the array that we know are valid.
619 */
620 buffers[i].nr_pages = pinned_pages;
621
622 ret = -EINVAL;
623 goto out_cleanup;
624 }
625
626 user_extres = user_buffers[i].extres;
627 if (user_extres.ext_resource == 0ULL) {
628 ret = -EINVAL;
629 goto out_cleanup;
630 }
631
632 kbase_gpu_vm_lock(katom->kctx);
633 reg = kbase_region_tracker_find_region_enclosing_address(katom->kctx, user_extres.ext_resource &
634 ~BASE_EXT_RES_ACCESS_EXCLUSIVE);
635 if (kbase_is_region_invalid_or_free(reg) || reg->gpu_alloc == NULL) {
636 ret = -EINVAL;
637 goto out_unlock;
638 }
639
640 buffers[i].gpu_alloc = kbase_mem_phy_alloc_get(reg->gpu_alloc);
641 buffers[i].nr_extres_pages = reg->nr_pages;
642
643 if (reg->nr_pages * PAGE_SIZE != buffers[i].size) {
644 dev_warn(katom->kctx->kbdev->dev, "Copy buffer is not of same size as the external resource to copy.\n");
645 }
646
647 switch (reg->gpu_alloc->type) {
648 case KBASE_MEM_TYPE_IMPORTED_USER_BUF: {
649 struct kbase_mem_phy_alloc *alloc = reg->gpu_alloc;
650 unsigned long nr_pages2 = alloc->imported.user_buf.nr_pages;
651
652 if (alloc->imported.user_buf.mm != current->mm) {
653 ret = -EINVAL;
654 goto out_unlock;
655 }
656 buffers[i].extres_pages = kcalloc(nr_pages2, sizeof(struct page *), GFP_KERNEL);
657 if (!buffers[i].extres_pages) {
658 ret = -ENOMEM;
659 goto out_unlock;
660 }
661
662 ret = get_user_pages_fast(alloc->imported.user_buf.address, nr_pages2, 0, buffers[i].extres_pages);
663 if (ret != nr_pages2) {
664 /* Adjust number of pages, so that we only
665 * attempt to release pages in the array that we
666 * know are valid.
667 */
668 if (ret < 0) {
669 buffers[i].nr_extres_pages = 0;
670 } else {
671 buffers[i].nr_extres_pages = ret;
672 }
673
674 goto out_unlock;
675 }
676 ret = 0;
677 break;
678 }
679 default:
680 /* Nothing to be done. */
681 break;
682 }
683 kbase_gpu_vm_unlock(katom->kctx);
684 }
685 kfree(user_buffers);
686
687 return ret;
688
689 out_unlock:
690 kbase_gpu_vm_unlock(katom->kctx);
691
692 out_cleanup:
693 /* Frees allocated memory for kbase_debug_copy_job struct, including
694 * members, and sets jc to 0 */
695 kbase_debug_copy_finish(katom);
696 kfree(user_buffers);
697
698 return ret;
699 }
700 #endif /* !MALI_USE_CSF */
701
702 #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 6, 0)
dma_buf_kmap_page(struct kbase_mem_phy_alloc * gpu_alloc,unsigned long page_num,struct page ** page)703 static void *dma_buf_kmap_page(struct kbase_mem_phy_alloc *gpu_alloc, unsigned long page_num, struct page **page)
704 {
705 struct sg_table *sgt = gpu_alloc->imported.umm.sgt;
706 struct sg_page_iter sg_iter;
707 unsigned long page_index = 0;
708
709 if (WARN_ON(gpu_alloc->type != KBASE_MEM_TYPE_IMPORTED_UMM)) {
710 return NULL;
711 }
712
713 if (!sgt) {
714 return NULL;
715 }
716
717 if (WARN_ON(page_num >= gpu_alloc->nents)) {
718 return NULL;
719 }
720
721 for_each_sg_page(sgt->sgl, &sg_iter, sgt->nents, 0)
722 {
723 if (page_index == page_num) {
724 *page = sg_page_iter_page(&sg_iter);
725
726 return kmap(*page);
727 }
728 page_index++;
729 }
730
731 return NULL;
732 }
733 #endif
734
kbase_mem_copy_from_extres(struct kbase_context * kctx,struct kbase_debug_copy_buffer * buf_data)735 int kbase_mem_copy_from_extres(struct kbase_context *kctx, struct kbase_debug_copy_buffer *buf_data)
736 {
737 unsigned int i;
738 unsigned int target_page_nr = 0;
739 struct page **pages = buf_data->pages;
740 u64 offset = buf_data->offset;
741 size_t extres_size = buf_data->nr_extres_pages * PAGE_SIZE;
742 size_t to_copy = min(extres_size, buf_data->size);
743 struct kbase_mem_phy_alloc *gpu_alloc = buf_data->gpu_alloc;
744 int ret = 0;
745 size_t dma_to_copy;
746
747 KBASE_DEBUG_ASSERT(pages != NULL);
748
749 kbase_gpu_vm_lock(kctx);
750 if (!gpu_alloc) {
751 ret = -EINVAL;
752 goto out_unlock;
753 }
754
755 switch (gpu_alloc->type) {
756 case KBASE_MEM_TYPE_IMPORTED_USER_BUF: {
757 for (i = 0; i < buf_data->nr_extres_pages && target_page_nr < buf_data->nr_pages; i++) {
758 struct page *pg = buf_data->extres_pages[i];
759 void *extres_page = kmap(pg);
760
761 if (extres_page) {
762 ret = kbase_mem_copy_to_pinned_user_pages(pages, extres_page, &to_copy, buf_data->nr_pages,
763 &target_page_nr, offset);
764 kunmap(pg);
765 if (ret) {
766 goto out_unlock;
767 }
768 }
769 }
770 break;
771 }
772 case KBASE_MEM_TYPE_IMPORTED_UMM: {
773 struct dma_buf *dma_buf = gpu_alloc->imported.umm.dma_buf;
774 KBASE_DEBUG_ASSERT(dma_buf != NULL);
775 if (dma_buf->size > buf_data->nr_extres_pages * PAGE_SIZE) {
776 dev_warn(kctx->kbdev->dev, "External resources buffer size mismatch");
777 }
778
779 dma_to_copy = min(dma_buf->size, (size_t)(buf_data->nr_extres_pages * PAGE_SIZE));
780 ret = dma_buf_begin_cpu_access(dma_buf,
781 #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 6, 0) && !defined(CONFIG_CHROMEOS)
782 0, dma_to_copy,
783 #endif
784 DMA_FROM_DEVICE);
785 if (ret) {
786 goto out_unlock;
787 }
788
789 for (i = 0; i < dma_to_copy / PAGE_SIZE && target_page_nr < buf_data->nr_pages; i++) {
790 #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 6, 0)
791 struct page *pg;
792 void *extres_page = dma_buf_kmap_page(gpu_alloc, i, &pg);
793 #else
794 void *extres_page = dma_buf_kmap(dma_buf, i);
795 #endif
796 if (extres_page) {
797 ret = kbase_mem_copy_to_pinned_user_pages(pages, extres_page, &to_copy, buf_data->nr_pages,
798 &target_page_nr, offset);
799
800 #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 6, 0)
801 kunmap(pg);
802 #else
803 dma_buf_kunmap(dma_buf, i, extres_page);
804 #endif
805 if (ret) {
806 goto out_unlock;
807 }
808 }
809 }
810 dma_buf_end_cpu_access(dma_buf,
811 #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 6, 0) && !defined(CONFIG_CHROMEOS)
812 0, dma_to_copy,
813 #endif
814 DMA_FROM_DEVICE);
815 break;
816 }
817 default:
818 ret = -EINVAL;
819 }
820 out_unlock:
821 kbase_gpu_vm_unlock(kctx);
822 return ret;
823 }
824
825 #if !MALI_USE_CSF
kbase_debug_copy(struct kbase_jd_atom * katom)826 static int kbase_debug_copy(struct kbase_jd_atom *katom)
827 {
828 struct kbase_debug_copy_buffer *buffers = katom->softjob_data;
829 unsigned int i;
830
831 if (WARN_ON(!buffers)) {
832 return -EINVAL;
833 }
834
835 for (i = 0; i < katom->nr_extres; i++) {
836 int res = kbase_mem_copy_from_extres(katom->kctx, &buffers[i]);
837 if (res) {
838 return res;
839 }
840 }
841
842 return 0;
843 }
844 #endif /* !MALI_USE_CSF */
845
846 #define KBASEP_JIT_ALLOC_GPU_ADDR_ALIGNMENT ((u32)0x7)
847
kbasep_jit_alloc_validate(struct kbase_context * kctx,struct base_jit_alloc_info * info)848 int kbasep_jit_alloc_validate(struct kbase_context *kctx, struct base_jit_alloc_info *info)
849 {
850 int j;
851 /* If the ID is zero, then fail the job */
852 if (info->id == 0) {
853 return -EINVAL;
854 }
855
856 /* Sanity check that the PA fits within the VA */
857 if (info->va_pages < info->commit_pages) {
858 return -EINVAL;
859 }
860
861 /* Ensure the GPU address is correctly aligned */
862 if ((info->gpu_alloc_addr & KBASEP_JIT_ALLOC_GPU_ADDR_ALIGNMENT) != 0) {
863 return -EINVAL;
864 }
865
866 /* Interface version 2 (introduced with kernel driver version 11.5)
867 * onward has padding and a flags member to validate.
868 *
869 * Note: To support earlier versions the extra bytes will have been set
870 * to 0 by the caller.
871 */
872
873 /* Check padding is all zeroed */
874 for (j = 0; j < sizeof(info->padding); j++) {
875 if (info->padding[j] != 0) {
876 return -EINVAL;
877 }
878 }
879
880 /* Only valid flags shall be set */
881 if (info->flags & ~(BASE_JIT_ALLOC_VALID_FLAGS)) {
882 return -EINVAL;
883 }
884
885 #if !MALI_JIT_PRESSURE_LIMIT_BASE
886 /* If just-in-time memory allocation pressure limit feature is disabled,
887 * heap_info_gpu_addr must be zeroed-out
888 */
889 if (info->heap_info_gpu_addr) {
890 return -EINVAL;
891 }
892 #endif
893
894 #if !MALI_USE_CSF
895 /* If BASE_JIT_ALLOC_HEAP_INFO_IS_SIZE is set, heap_info_gpu_addr
896 * cannot be 0
897 */
898 if ((info->flags & BASE_JIT_ALLOC_HEAP_INFO_IS_SIZE) && !info->heap_info_gpu_addr) {
899 return -EINVAL;
900 }
901 #endif /* !MALI_USE_CSF */
902
903 return 0;
904 }
905
906 #if !MALI_USE_CSF
907
908 #if (KERNEL_VERSION(3, 18, 63) > LINUX_VERSION_CODE)
909 #define offsetofend(TYPE, MEMBER) (offsetof(TYPE, MEMBER) + sizeof(((TYPE *)0)->MEMBER))
910 #endif
911
912 /*
913 * Sizes of user data to copy for each just-in-time memory interface version
914 *
915 * In interface version 2 onwards this is the same as the struct size, allowing
916 * copying of arrays of structures from userspace.
917 *
918 * In interface version 1 the structure size was variable, and hence arrays of
919 * structures cannot be supported easily, and were not a feature present in
920 * version 1 anyway.
921 */
922 static const size_t jit_info_copy_size_for_jit_version[] = {
923 /* in jit_version 1, the structure did not have any end padding, hence
924 * it could be a different size on 32 and 64-bit clients. We therefore
925 * do not copy past the last member
926 */
927 [1] = offsetofend(struct base_jit_alloc_info_10_2, id),
928 [2] = sizeof(struct base_jit_alloc_info_11_5),
929 [3] = sizeof(struct base_jit_alloc_info)};
930
kbase_jit_allocate_prepare(struct kbase_jd_atom * katom)931 static int kbase_jit_allocate_prepare(struct kbase_jd_atom *katom)
932 {
933 __user u8 *data = (__user u8 *)(uintptr_t)katom->jc;
934 struct base_jit_alloc_info *info;
935 struct kbase_context *kctx = katom->kctx;
936 struct kbase_device *kbdev = kctx->kbdev;
937 u32 count;
938 int ret;
939 u32 i;
940 size_t jit_info_user_copy_size;
941
942 WARN_ON(kctx->jit_version >= ARRAY_SIZE(jit_info_copy_size_for_jit_version));
943 jit_info_user_copy_size = jit_info_copy_size_for_jit_version[kctx->jit_version];
944 WARN_ON(jit_info_user_copy_size > sizeof(*info));
945
946 /* For backwards compatibility, and to prevent reading more than 1 jit
947 * info struct on jit version 1
948 */
949 if (katom->nr_extres == 0 || kctx->jit_version == 1) {
950 katom->nr_extres = 1;
951 }
952 count = katom->nr_extres;
953
954 /* Sanity checks */
955 if (!data || count > kctx->jit_max_allocations || count > ARRAY_SIZE(kctx->jit_alloc)) {
956 ret = -EINVAL;
957 goto fail;
958 }
959
960 /* Copy the information for safe access and future storage */
961 info = kmalloc_array(count, sizeof(*info), GFP_KERNEL);
962 if (!info) {
963 ret = -ENOMEM;
964 goto fail;
965 }
966
967 katom->softjob_data = info;
968
969 for (i = 0; i < count; i++, info++, data += jit_info_user_copy_size) {
970 if (copy_from_user(info, data, jit_info_user_copy_size) != 0) {
971 ret = -EINVAL;
972 goto free_info;
973 }
974 /* Clear any remaining bytes when user struct is smaller than
975 * kernel struct. For jit version 1, this also clears the
976 * padding bytes
977 */
978 memset(((u8 *)info) + jit_info_user_copy_size, 0, sizeof(*info) - jit_info_user_copy_size);
979
980 ret = kbasep_jit_alloc_validate(kctx, info);
981 if (ret) {
982 goto free_info;
983 }
984 KBASE_TLSTREAM_TL_ATTRIB_ATOM_JITALLOCINFO(kbdev, katom, info->va_pages, info->commit_pages, info->extent,
985 info->id, info->bin_id, info->max_allocations, info->flags,
986 info->usage_id);
987 }
988
989 katom->jit_blocked = false;
990
991 lockdep_assert_held(&kctx->jctx.lock);
992 list_add_tail(&katom->jit_node, &kctx->jctx.jit_atoms_head);
993
994 /*
995 * Note:
996 * The provided info->gpu_alloc_addr isn't validated here as
997 * userland can cache allocations which means that even
998 * though the region is valid it doesn't represent the
999 * same thing it used to.
1000 *
1001 * Complete validation of va_pages, commit_pages and extent
1002 * isn't done here as it will be done during the call to
1003 * kbase_mem_alloc.
1004 */
1005 return 0;
1006
1007 free_info:
1008 kfree(katom->softjob_data);
1009 katom->softjob_data = NULL;
1010 fail:
1011 return ret;
1012 }
1013
kbase_jit_free_get_ids(struct kbase_jd_atom * katom)1014 static u8 *kbase_jit_free_get_ids(struct kbase_jd_atom *katom)
1015 {
1016 if (WARN_ON((katom->core_req & BASE_JD_REQ_SOFT_JOB_TYPE) != BASE_JD_REQ_SOFT_JIT_FREE)) {
1017 return NULL;
1018 }
1019
1020 return (u8 *)katom->softjob_data;
1021 }
1022
kbase_jit_add_to_pending_alloc_list(struct kbase_jd_atom * katom)1023 static void kbase_jit_add_to_pending_alloc_list(struct kbase_jd_atom *katom)
1024 {
1025 struct kbase_context *kctx = katom->kctx;
1026 struct list_head *target_list_head = NULL;
1027 struct kbase_jd_atom *entry;
1028
1029 list_for_each_entry(entry, &kctx->jctx.jit_pending_alloc, queue)
1030 {
1031 if (katom->age < entry->age) {
1032 target_list_head = &entry->queue;
1033 break;
1034 }
1035 }
1036
1037 if (target_list_head == NULL) {
1038 target_list_head = &kctx->jctx.jit_pending_alloc;
1039 }
1040
1041 list_add_tail(&katom->queue, target_list_head);
1042 }
1043
kbase_jit_allocate_process(struct kbase_jd_atom * katom)1044 static int kbase_jit_allocate_process(struct kbase_jd_atom *katom)
1045 {
1046 struct kbase_context *kctx = katom->kctx;
1047 struct kbase_device *kbdev = kctx->kbdev;
1048 struct base_jit_alloc_info *info;
1049 struct kbase_va_region *reg;
1050 struct kbase_vmap_struct mapping;
1051 u64 *ptr, new_addr;
1052 u32 count = katom->nr_extres;
1053 u32 i;
1054 bool ignore_pressure_limit = false;
1055
1056 trace_sysgraph(SGR_SUBMIT, kctx->id, kbase_jd_atom_id(kctx, katom));
1057
1058 if (katom->jit_blocked) {
1059 list_del(&katom->queue);
1060 katom->jit_blocked = false;
1061 }
1062
1063 info = katom->softjob_data;
1064 if (WARN_ON(!info)) {
1065 katom->event_code = BASE_JD_EVENT_JOB_INVALID;
1066 return 0;
1067 }
1068
1069 for (i = 0; i < count; i++, info++) {
1070 /* The JIT ID is still in use so fail the allocation */
1071 if (kctx->jit_alloc[info->id]) {
1072 katom->event_code = BASE_JD_EVENT_MEM_GROWTH_FAILED;
1073 return 0;
1074 }
1075 }
1076
1077 #if MALI_JIT_PRESSURE_LIMIT_BASE
1078 /**
1079 * If this is the only JIT_ALLOC atom in-flight or if JIT pressure limit
1080 * is disabled at the context scope, then bypass JIT pressure limit
1081 * logic in kbase_jit_allocate().
1082 */
1083 if (!kbase_ctx_flag(kctx, KCTX_JPL_ENABLED) || (kctx->jit_current_allocations == 0)) {
1084 ignore_pressure_limit = true;
1085 }
1086 #else
1087 ignore_pressure_limit = true;
1088 #endif /* MALI_JIT_PRESSURE_LIMIT_BASE */
1089
1090 for (i = 0, info = katom->softjob_data; i < count; i++, info++) {
1091 if (kctx->jit_alloc[info->id]) {
1092 /* The JIT ID is duplicated in this atom. Roll back
1093 * previous allocations and fail.
1094 */
1095 u32 j;
1096
1097 info = katom->softjob_data;
1098 for (j = 0; j < i; j++, info++) {
1099 kbase_jit_free(kctx, kctx->jit_alloc[info->id]);
1100 kctx->jit_alloc[info->id] = KBASE_RESERVED_REG_JIT_ALLOC;
1101 }
1102
1103 katom->event_code = BASE_JD_EVENT_MEM_GROWTH_FAILED;
1104 return 0;
1105 }
1106
1107 /* Create a JIT allocation */
1108 reg = kbase_jit_allocate(kctx, info, ignore_pressure_limit);
1109 if (!reg) {
1110 struct kbase_jd_atom *jit_atom;
1111 bool can_block = false;
1112
1113 lockdep_assert_held(&kctx->jctx.lock);
1114
1115 list_for_each_entry(jit_atom, &kctx->jctx.jit_atoms_head, jit_node)
1116 {
1117 if (jit_atom == katom) {
1118 break;
1119 }
1120
1121 if ((jit_atom->core_req & BASE_JD_REQ_SOFT_JOB_TYPE) == BASE_JD_REQ_SOFT_JIT_FREE) {
1122 u8 *free_ids = kbase_jit_free_get_ids(jit_atom);
1123
1124 if (free_ids && *free_ids && kctx->jit_alloc[*free_ids]) {
1125 /* A JIT free which is active and
1126 * submitted before this atom
1127 */
1128 can_block = true;
1129 break;
1130 }
1131 }
1132 }
1133
1134 if (!can_block) {
1135 /* Mark the failed allocation as well as the
1136 * other un-attempted allocations in the set,
1137 * so we know they are in use even if the
1138 * allocation itself failed.
1139 */
1140 for (; i < count; i++, info++) {
1141 kctx->jit_alloc[info->id] = KBASE_RESERVED_REG_JIT_ALLOC;
1142 }
1143
1144 katom->event_code = BASE_JD_EVENT_MEM_GROWTH_FAILED;
1145 dev_warn_ratelimited(kbdev->dev, "JIT alloc softjob failed: atom id %d\n",
1146 kbase_jd_atom_id(kctx, katom));
1147 return 0;
1148 }
1149
1150 /* There are pending frees for an active allocation
1151 * so we should wait to see whether they free the
1152 * memory. Add to the list of atoms for which JIT
1153 * allocation is pending.
1154 */
1155 kbase_jit_add_to_pending_alloc_list(katom);
1156 katom->jit_blocked = true;
1157
1158 /* Rollback, the whole set will be re-attempted */
1159 while (i-- > 0) {
1160 info--;
1161 kbase_jit_free(kctx, kctx->jit_alloc[info->id]);
1162 kctx->jit_alloc[info->id] = NULL;
1163 }
1164
1165 return 1;
1166 }
1167
1168 /* Bind it to the user provided ID. */
1169 kctx->jit_alloc[info->id] = reg;
1170 }
1171
1172 for (i = 0, info = katom->softjob_data; i < count; i++, info++) {
1173 u64 entry_mmu_flags = 0;
1174 /*
1175 * Write the address of the JIT allocation to the user provided
1176 * GPU allocation.
1177 */
1178 ptr = kbase_vmap(kctx, info->gpu_alloc_addr, sizeof(*ptr), &mapping);
1179 if (!ptr) {
1180 /*
1181 * Leave the allocations "live" as the JIT free atom
1182 * will be submitted anyway.
1183 */
1184 katom->event_code = BASE_JD_EVENT_JOB_INVALID;
1185 return 0;
1186 }
1187
1188 reg = kctx->jit_alloc[info->id];
1189 new_addr = reg->start_pfn << PAGE_SHIFT;
1190 *ptr = new_addr;
1191
1192 #if defined(CONFIG_MALI_VECTOR_DUMP)
1193 /*
1194 * Retrieve the mmu flags for JIT allocation
1195 * only if dumping is enabled
1196 */
1197 entry_mmu_flags = kbase_mmu_create_ate(kbdev, (struct tagged_addr) {0}, reg->flags, MIDGARD_MMU_BOTTOMLEVEL,
1198 kctx->jit_group_id);
1199 #endif
1200
1201 KBASE_TLSTREAM_TL_ATTRIB_ATOM_JIT(kbdev, katom, info->gpu_alloc_addr, new_addr, info->flags, entry_mmu_flags,
1202 info->id, info->commit_pages, info->extent, info->va_pages);
1203 kbase_vunmap(kctx, &mapping);
1204
1205 kbase_trace_jit_report_gpu_mem(kctx, reg, KBASE_JIT_REPORT_ON_ALLOC_OR_FREE);
1206 }
1207
1208 katom->event_code = BASE_JD_EVENT_DONE;
1209
1210 return 0;
1211 }
1212
kbase_jit_allocate_finish(struct kbase_jd_atom * katom)1213 static void kbase_jit_allocate_finish(struct kbase_jd_atom *katom)
1214 {
1215 struct base_jit_alloc_info *info;
1216
1217 lockdep_assert_held(&katom->kctx->jctx.lock);
1218
1219 if (WARN_ON(!katom->softjob_data)) {
1220 return;
1221 }
1222
1223 /* Remove atom from jit_atoms_head list */
1224 list_del(&katom->jit_node);
1225
1226 if (katom->jit_blocked) {
1227 list_del(&katom->queue);
1228 katom->jit_blocked = false;
1229 }
1230
1231 info = katom->softjob_data;
1232 /* Free the info structure */
1233 kfree(info);
1234 }
1235
kbase_jit_free_prepare(struct kbase_jd_atom * katom)1236 static int kbase_jit_free_prepare(struct kbase_jd_atom *katom)
1237 {
1238 struct kbase_context *kctx = katom->kctx;
1239 struct kbase_device *kbdev = kctx->kbdev;
1240 __user void *data = (__user void *)(uintptr_t)katom->jc;
1241 u8 *ids;
1242 u32 count = MAX(katom->nr_extres, 1);
1243 u32 i;
1244 int ret;
1245
1246 /* Sanity checks */
1247 if (count > ARRAY_SIZE(kctx->jit_alloc)) {
1248 ret = -EINVAL;
1249 goto fail;
1250 }
1251
1252 /* Copy the information for safe access and future storage */
1253 ids = kmalloc_array(count, sizeof(*ids), GFP_KERNEL);
1254 if (!ids) {
1255 ret = -ENOMEM;
1256 goto fail;
1257 }
1258
1259 lockdep_assert_held(&kctx->jctx.lock);
1260 katom->softjob_data = ids;
1261
1262 /* For backwards compatibility */
1263 if (katom->nr_extres) {
1264 /* Fail the job if there is no list of ids */
1265 if (!data) {
1266 ret = -EINVAL;
1267 goto free_info;
1268 }
1269
1270 if (copy_from_user(ids, data, sizeof(*ids) * count) != 0) {
1271 ret = -EINVAL;
1272 goto free_info;
1273 }
1274 } else {
1275 katom->nr_extres = 1;
1276 *ids = (u8)katom->jc;
1277 }
1278 for (i = 0; i < count; i++) {
1279 KBASE_TLSTREAM_TL_ATTRIB_ATOM_JITFREEINFO(kbdev, katom, ids[i]);
1280 }
1281
1282 list_add_tail(&katom->jit_node, &kctx->jctx.jit_atoms_head);
1283
1284 return 0;
1285
1286 free_info:
1287 kfree(katom->softjob_data);
1288 katom->softjob_data = NULL;
1289 fail:
1290 return ret;
1291 }
1292
kbase_jit_free_process(struct kbase_jd_atom * katom)1293 static void kbase_jit_free_process(struct kbase_jd_atom *katom)
1294 {
1295 struct kbase_context *kctx = katom->kctx;
1296 u8 *ids = kbase_jit_free_get_ids(katom);
1297 u32 count = katom->nr_extres;
1298 u32 i;
1299
1300 if (ids == NULL) {
1301 katom->event_code = BASE_JD_EVENT_JOB_INVALID;
1302 return;
1303 }
1304
1305 for (i = 0; i < count; i++, ids++) {
1306 /*
1307 * If the ID is zero or it is not in use yet then fail the job.
1308 */
1309 if ((*ids == 0) || (kctx->jit_alloc[*ids] == NULL)) {
1310 katom->event_code = BASE_JD_EVENT_JOB_INVALID;
1311 return;
1312 }
1313 }
1314 }
1315
kbasep_jit_finish_worker(struct work_struct * work)1316 static void kbasep_jit_finish_worker(struct work_struct *work)
1317 {
1318 struct kbase_jd_atom *katom = container_of(work, struct kbase_jd_atom, work);
1319 struct kbase_context *kctx = katom->kctx;
1320 int resched;
1321
1322 mutex_lock(&kctx->jctx.lock);
1323 kbase_finish_soft_job(katom);
1324 resched = jd_done_nolock(katom, NULL);
1325 mutex_unlock(&kctx->jctx.lock);
1326
1327 if (resched) {
1328 kbase_js_sched_all(kctx->kbdev);
1329 }
1330 }
1331
kbase_jit_retry_pending_alloc(struct kbase_context * kctx)1332 void kbase_jit_retry_pending_alloc(struct kbase_context *kctx)
1333 {
1334 LIST_HEAD(jit_pending_alloc_list);
1335 struct list_head *i, *tmp;
1336
1337 list_splice_tail_init(&kctx->jctx.jit_pending_alloc, &jit_pending_alloc_list);
1338
1339 list_for_each_safe(i, tmp, &jit_pending_alloc_list)
1340 {
1341 struct kbase_jd_atom *pending_atom = list_entry(i, struct kbase_jd_atom, queue);
1342 KBASE_TLSTREAM_TL_EVENT_ATOM_SOFTJOB_START(kctx->kbdev, pending_atom);
1343 kbase_kinstr_jm_atom_sw_start(pending_atom);
1344 if (kbase_jit_allocate_process(pending_atom) == 0) {
1345 /* Atom has completed */
1346 INIT_WORK(&pending_atom->work, kbasep_jit_finish_worker);
1347 queue_work(kctx->jctx.job_done_wq, &pending_atom->work);
1348 }
1349 KBASE_TLSTREAM_TL_EVENT_ATOM_SOFTJOB_END(kctx->kbdev, pending_atom);
1350 kbase_kinstr_jm_atom_sw_stop(pending_atom);
1351 }
1352 }
1353
kbase_jit_free_finish(struct kbase_jd_atom * katom)1354 static void kbase_jit_free_finish(struct kbase_jd_atom *katom)
1355 {
1356 struct kbase_context *kctx = katom->kctx;
1357 u8 *ids;
1358 size_t j;
1359
1360 lockdep_assert_held(&kctx->jctx.lock);
1361
1362 ids = kbase_jit_free_get_ids(katom);
1363 if (WARN_ON(ids == NULL)) {
1364 return;
1365 }
1366
1367 /* Remove this atom from the jit_atoms_head list */
1368 list_del(&katom->jit_node);
1369
1370 for (j = 0; j != katom->nr_extres; ++j) {
1371 if ((ids[j] != 0) && (kctx->jit_alloc[ids[j]] != NULL)) {
1372 /*
1373 * If the ID is valid but the allocation request failed
1374 * still succeed this soft job but don't try and free
1375 * the allocation.
1376 */
1377 if (kctx->jit_alloc[ids[j]] != KBASE_RESERVED_REG_JIT_ALLOC) {
1378 KBASE_TLSTREAM_TL_JIT_USEDPAGES(kctx->kbdev, kctx->jit_alloc[ids[j]]->gpu_alloc->nents, ids[j]);
1379 kbase_jit_free(kctx, kctx->jit_alloc[ids[j]]);
1380 }
1381 kctx->jit_alloc[ids[j]] = NULL;
1382 }
1383 }
1384 /* Free the list of ids */
1385 kfree(ids);
1386
1387 kbase_jit_retry_pending_alloc(kctx);
1388 }
1389
kbase_ext_res_prepare(struct kbase_jd_atom * katom)1390 static int kbase_ext_res_prepare(struct kbase_jd_atom *katom)
1391 {
1392 __user struct base_external_resource_list *user_ext_res;
1393 struct base_external_resource_list *ext_res;
1394 u64 count = 0;
1395 size_t copy_size;
1396 int ret;
1397
1398 user_ext_res = (__user struct base_external_resource_list *)(uintptr_t)katom->jc;
1399
1400 /* Fail the job if there is no info structure */
1401 if (!user_ext_res) {
1402 ret = -EINVAL;
1403 goto fail;
1404 }
1405
1406 if (copy_from_user(&count, &user_ext_res->count, sizeof(u64)) != 0) {
1407 ret = -EINVAL;
1408 goto fail;
1409 }
1410
1411 /* Is the number of external resources in range? */
1412 if (!count || count > BASE_EXT_RES_COUNT_MAX) {
1413 ret = -EINVAL;
1414 goto fail;
1415 }
1416
1417 /* Copy the information for safe access and future storage */
1418 copy_size = sizeof(*ext_res);
1419 copy_size += sizeof(struct base_external_resource) * (count - 1);
1420 ext_res = kzalloc(copy_size, GFP_KERNEL);
1421 if (!ext_res) {
1422 ret = -ENOMEM;
1423 goto fail;
1424 }
1425
1426 if (copy_from_user(ext_res, user_ext_res, copy_size) != 0) {
1427 ret = -EINVAL;
1428 goto free_info;
1429 }
1430
1431 /*
1432 * Overwrite the count with the first value incase it was changed
1433 * after the fact.
1434 */
1435 ext_res->count = count;
1436
1437 katom->softjob_data = ext_res;
1438
1439 return 0;
1440
1441 free_info:
1442 kfree(ext_res);
1443 fail:
1444 return ret;
1445 }
1446
kbase_ext_res_process(struct kbase_jd_atom * katom,bool map)1447 static void kbase_ext_res_process(struct kbase_jd_atom *katom, bool map)
1448 {
1449 struct base_external_resource_list *ext_res;
1450 int i;
1451 bool failed = false;
1452
1453 ext_res = katom->softjob_data;
1454 if (!ext_res) {
1455 goto failed_jc;
1456 }
1457
1458 kbase_gpu_vm_lock(katom->kctx);
1459
1460 for (i = 0; i < ext_res->count; i++) {
1461 u64 gpu_addr;
1462
1463 gpu_addr = ext_res->ext_res[i].ext_resource & ~BASE_EXT_RES_ACCESS_EXCLUSIVE;
1464 if (map) {
1465 if (!kbase_sticky_resource_acquire(katom->kctx, gpu_addr)) {
1466 goto failed_loop;
1467 }
1468 } else if (!kbase_sticky_resource_release_force(katom->kctx, NULL, gpu_addr)) {
1469 failed = true;
1470 }
1471 }
1472
1473 /*
1474 * In the case of unmap we continue unmapping other resources in the
1475 * case of failure but will always report failure if _any_ unmap
1476 * request fails.
1477 */
1478 if (failed) {
1479 katom->event_code = BASE_JD_EVENT_JOB_INVALID;
1480 } else {
1481 katom->event_code = BASE_JD_EVENT_DONE;
1482 }
1483
1484 kbase_gpu_vm_unlock(katom->kctx);
1485
1486 return;
1487
1488 failed_loop:
1489 while (i > 0) {
1490 u64 const gpu_addr = ext_res->ext_res[i - 1].ext_resource & ~BASE_EXT_RES_ACCESS_EXCLUSIVE;
1491
1492 kbase_sticky_resource_release_force(katom->kctx, NULL, gpu_addr);
1493
1494 --i;
1495 }
1496
1497 katom->event_code = BASE_JD_EVENT_JOB_INVALID;
1498 kbase_gpu_vm_unlock(katom->kctx);
1499
1500 failed_jc:
1501 return;
1502 }
1503
kbase_ext_res_finish(struct kbase_jd_atom * katom)1504 static void kbase_ext_res_finish(struct kbase_jd_atom *katom)
1505 {
1506 struct base_external_resource_list *ext_res;
1507
1508 ext_res = katom->softjob_data;
1509 /* Free the info structure */
1510 kfree(ext_res);
1511 }
1512
kbase_process_soft_job(struct kbase_jd_atom * katom)1513 int kbase_process_soft_job(struct kbase_jd_atom *katom)
1514 {
1515 int ret = 0;
1516 struct kbase_context *kctx = katom->kctx;
1517 struct kbase_device *kbdev = kctx->kbdev;
1518
1519 KBASE_TLSTREAM_TL_EVENT_ATOM_SOFTJOB_START(kbdev, katom);
1520 kbase_kinstr_jm_atom_sw_start(katom);
1521
1522 trace_sysgraph(SGR_SUBMIT, kctx->id, kbase_jd_atom_id(kctx, katom));
1523
1524 switch (katom->core_req & BASE_JD_REQ_SOFT_JOB_TYPE) {
1525 case BASE_JD_REQ_SOFT_DUMP_CPU_GPU_TIME:
1526 ret = kbase_dump_cpu_gpu_time(katom);
1527 break;
1528
1529 #if defined(CONFIG_SYNC) || defined(CONFIG_SYNC_FILE)
1530 case BASE_JD_REQ_SOFT_FENCE_TRIGGER:
1531 katom->event_code =
1532 kbase_sync_fence_out_trigger(katom, katom->event_code == BASE_JD_EVENT_DONE ? 0 : -EFAULT);
1533 break;
1534 case BASE_JD_REQ_SOFT_FENCE_WAIT: {
1535 ret = kbase_sync_fence_in_wait(katom);
1536 if (ret == 1) {
1537 #ifdef CONFIG_MALI_BIFROST_FENCE_DEBUG
1538 kbasep_add_waiting_with_timeout(katom);
1539 #else
1540 kbasep_add_waiting_soft_job(katom);
1541 #endif
1542 }
1543 break;
1544 }
1545 #endif
1546 case BASE_JD_REQ_SOFT_EVENT_WAIT:
1547 ret = kbasep_soft_event_wait(katom);
1548 break;
1549 case BASE_JD_REQ_SOFT_EVENT_SET:
1550 kbasep_soft_event_update_locked(katom, BASE_JD_SOFT_EVENT_SET);
1551 break;
1552 case BASE_JD_REQ_SOFT_EVENT_RESET:
1553 kbasep_soft_event_update_locked(katom, BASE_JD_SOFT_EVENT_RESET);
1554 break;
1555 case BASE_JD_REQ_SOFT_DEBUG_COPY: {
1556 int res = kbase_debug_copy(katom);
1557 if (res) {
1558 katom->event_code = BASE_JD_EVENT_JOB_INVALID;
1559 }
1560 break;
1561 }
1562 case BASE_JD_REQ_SOFT_JIT_ALLOC:
1563 ret = kbase_jit_allocate_process(katom);
1564 break;
1565 case BASE_JD_REQ_SOFT_JIT_FREE:
1566 kbase_jit_free_process(katom);
1567 break;
1568 case BASE_JD_REQ_SOFT_EXT_RES_MAP:
1569 kbase_ext_res_process(katom, true);
1570 break;
1571 case BASE_JD_REQ_SOFT_EXT_RES_UNMAP:
1572 kbase_ext_res_process(katom, false);
1573 break;
1574 default:
1575 break;
1576 }
1577
1578 /* Atom is complete */
1579 KBASE_TLSTREAM_TL_EVENT_ATOM_SOFTJOB_END(kbdev, katom);
1580 kbase_kinstr_jm_atom_sw_stop(katom);
1581 return ret;
1582 }
1583
kbase_cancel_soft_job(struct kbase_jd_atom * katom)1584 void kbase_cancel_soft_job(struct kbase_jd_atom *katom)
1585 {
1586 switch (katom->core_req & BASE_JD_REQ_SOFT_JOB_TYPE) {
1587 #if defined(CONFIG_SYNC) || defined(CONFIG_SYNC_FILE)
1588 case BASE_JD_REQ_SOFT_FENCE_WAIT:
1589 kbase_sync_fence_in_cancel_wait(katom);
1590 break;
1591 #endif
1592 case BASE_JD_REQ_SOFT_EVENT_WAIT:
1593 kbasep_soft_event_cancel_job(katom);
1594 break;
1595 default:
1596 /* This soft-job doesn't support cancellation! */
1597 KBASE_DEBUG_ASSERT(0);
1598 }
1599 }
1600
kbase_prepare_soft_job(struct kbase_jd_atom * katom)1601 int kbase_prepare_soft_job(struct kbase_jd_atom *katom)
1602 {
1603 switch (katom->core_req & BASE_JD_REQ_SOFT_JOB_TYPE) {
1604 case BASE_JD_REQ_SOFT_DUMP_CPU_GPU_TIME: {
1605 if (!IS_ALIGNED(katom->jc, cache_line_size())) {
1606 return -EINVAL;
1607 }
1608 break;
1609 }
1610 #if defined(CONFIG_SYNC) || defined(CONFIG_SYNC_FILE)
1611 case BASE_JD_REQ_SOFT_FENCE_TRIGGER: {
1612 struct base_fence fence;
1613 int fd;
1614
1615 if (0 != copy_from_user(&fence, (__user void *)(uintptr_t)katom->jc, sizeof(fence))) {
1616 return -EINVAL;
1617 }
1618
1619 fd = kbase_sync_fence_out_create(katom, fence.basep.stream_fd);
1620 if (fd < 0) {
1621 return -EINVAL;
1622 }
1623
1624 fence.basep.fd = fd;
1625 if (0 != copy_to_user((__user void *)(uintptr_t)katom->jc, &fence, sizeof(fence))) {
1626 kbase_sync_fence_out_remove(katom);
1627 kbase_sync_fence_close_fd(fd);
1628 fence.basep.fd = -EINVAL;
1629 return -EINVAL;
1630 }
1631 break;
1632 }
1633 case BASE_JD_REQ_SOFT_FENCE_WAIT: {
1634 struct base_fence fence;
1635 int ret;
1636
1637 if (0 != copy_from_user(&fence, (__user void *)(uintptr_t)katom->jc, sizeof(fence))) {
1638 return -EINVAL;
1639 }
1640
1641 /* Get a reference to the fence object */
1642 ret = kbase_sync_fence_in_from_fd(katom, fence.basep.fd);
1643 if (ret < 0) {
1644 return ret;
1645 }
1646
1647 #ifdef CONFIG_MALI_BIFROST_DMA_FENCE
1648 /*
1649 * Set KCTX_NO_IMPLICIT_FENCE in the context the first
1650 * time a soft fence wait job is observed. This will
1651 * prevent the implicit dma-buf fence to conflict with
1652 * the Android native sync fences.
1653 */
1654 if (!kbase_ctx_flag(katom->kctx, KCTX_NO_IMPLICIT_SYNC)) {
1655 kbase_ctx_flag_set(katom->kctx, KCTX_NO_IMPLICIT_SYNC);
1656 }
1657 #endif /* CONFIG_MALI_BIFROST_DMA_FENCE */
1658 break;
1659 }
1660 #endif /* CONFIG_SYNC || CONFIG_SYNC_FILE */
1661 case BASE_JD_REQ_SOFT_JIT_ALLOC:
1662 return kbase_jit_allocate_prepare(katom);
1663 case BASE_JD_REQ_SOFT_JIT_FREE:
1664 return kbase_jit_free_prepare(katom);
1665 case BASE_JD_REQ_SOFT_EVENT_WAIT:
1666 case BASE_JD_REQ_SOFT_EVENT_SET:
1667 case BASE_JD_REQ_SOFT_EVENT_RESET:
1668 if (katom->jc == 0) {
1669 return -EINVAL;
1670 }
1671 break;
1672 case BASE_JD_REQ_SOFT_DEBUG_COPY:
1673 return kbase_debug_copy_prepare(katom);
1674 case BASE_JD_REQ_SOFT_EXT_RES_MAP:
1675 return kbase_ext_res_prepare(katom);
1676 case BASE_JD_REQ_SOFT_EXT_RES_UNMAP:
1677 return kbase_ext_res_prepare(katom);
1678 default:
1679 /* Unsupported soft-job */
1680 return -EINVAL;
1681 }
1682 return 0;
1683 }
1684
kbase_finish_soft_job(struct kbase_jd_atom * katom)1685 void kbase_finish_soft_job(struct kbase_jd_atom *katom)
1686 {
1687 trace_sysgraph(SGR_COMPLETE, katom->kctx->id, kbase_jd_atom_id(katom->kctx, katom));
1688
1689 switch (katom->core_req & BASE_JD_REQ_SOFT_JOB_TYPE) {
1690 case BASE_JD_REQ_SOFT_DUMP_CPU_GPU_TIME:
1691 /* Nothing to do */
1692 break;
1693 #if defined(CONFIG_SYNC) || defined(CONFIG_SYNC_FILE)
1694 case BASE_JD_REQ_SOFT_FENCE_TRIGGER:
1695 /* If fence has not yet been signaled, do it now */
1696 kbase_sync_fence_out_trigger(katom, katom->event_code == BASE_JD_EVENT_DONE ? 0 : -EFAULT);
1697 break;
1698 case BASE_JD_REQ_SOFT_FENCE_WAIT:
1699 /* Release katom's reference to fence object */
1700 kbase_sync_fence_in_remove(katom);
1701 break;
1702 #endif /* CONFIG_SYNC || CONFIG_SYNC_FILE */
1703 case BASE_JD_REQ_SOFT_DEBUG_COPY:
1704 kbase_debug_copy_finish(katom);
1705 break;
1706 case BASE_JD_REQ_SOFT_JIT_ALLOC:
1707 kbase_jit_allocate_finish(katom);
1708 break;
1709 case BASE_JD_REQ_SOFT_EXT_RES_MAP:
1710 kbase_ext_res_finish(katom);
1711 break;
1712 case BASE_JD_REQ_SOFT_EXT_RES_UNMAP:
1713 kbase_ext_res_finish(katom);
1714 break;
1715 case BASE_JD_REQ_SOFT_JIT_FREE:
1716 kbase_jit_free_finish(katom);
1717 break;
1718 default:
1719 break;
1720 }
1721 }
1722
kbase_resume_suspended_soft_jobs(struct kbase_device * kbdev)1723 void kbase_resume_suspended_soft_jobs(struct kbase_device *kbdev)
1724 {
1725 LIST_HEAD(local_suspended_soft_jobs);
1726 struct kbase_jd_atom *tmp_iter;
1727 struct kbase_jd_atom *katom_iter;
1728 struct kbasep_js_device_data *js_devdata;
1729 bool resched = false;
1730
1731 KBASE_DEBUG_ASSERT(kbdev);
1732
1733 js_devdata = &kbdev->js_data;
1734
1735 /* Move out the entire list */
1736 mutex_lock(&js_devdata->runpool_mutex);
1737 list_splice_init(&js_devdata->suspended_soft_jobs_list, &local_suspended_soft_jobs);
1738 mutex_unlock(&js_devdata->runpool_mutex);
1739
1740 /*
1741 * Each atom must be detached from the list and ran separately -
1742 * it could be re-added to the old list, but this is unlikely
1743 */
1744 list_for_each_entry_safe(katom_iter, tmp_iter, &local_suspended_soft_jobs, dep_item[1])
1745 {
1746 struct kbase_context *kctx = katom_iter->kctx;
1747
1748 mutex_lock(&kctx->jctx.lock);
1749
1750 /* Remove from the global list */
1751 list_del(&katom_iter->dep_item[1]);
1752 /* Remove from the context's list of waiting soft jobs */
1753 kbasep_remove_waiting_soft_job(katom_iter);
1754
1755 if (kbase_process_soft_job(katom_iter) == 0) {
1756 kbase_finish_soft_job(katom_iter);
1757 resched |= jd_done_nolock(katom_iter, NULL);
1758 }
1759 mutex_unlock(&kctx->jctx.lock);
1760 }
1761
1762 if (resched) {
1763 kbase_js_sched_all(kbdev);
1764 }
1765 }
1766 #endif /* !MALI_USE_CSF */
1767