1 /* 2 * Copyright © 2013 Intel Corporation 3 * 4 * Permission is hereby granted, free of charge, to any person obtaining a 5 * copy of this software and associated documentation files (the "Software"), 6 * to deal in the Software without restriction, including without limitation 7 * the rights to use, copy, modify, merge, publish, distribute, sublicense, 8 * and/or sell copies of the Software, and to permit persons to whom the 9 * Software is furnished to do so, subject to the following conditions: 10 * 11 * The above copyright notice and this permission notice (including the next 12 * paragraph) shall be included in all copies or substantial portions of the 13 * Software. 14 * 15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 18 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 20 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS 21 * IN THE SOFTWARE. 22 * 23 * Authors: 24 * Brad Volkin <bradley.d.volkin@intel.com> 25 * 26 */ 27 28 #include "i915_drv.h" 29 30 /** 31 * DOC: batch buffer command parser 32 * 33 * Motivation: 34 * Certain OpenGL features (e.g. transform feedback, performance monitoring) 35 * require userspace code to submit batches containing commands such as 36 * MI_LOAD_REGISTER_IMM to access various registers. Unfortunately, some 37 * generations of the hardware will noop these commands in "unsecure" batches 38 * (which includes all userspace batches submitted via i915) even though the 39 * commands may be safe and represent the intended programming model of the 40 * device. 41 * 42 * The software command parser is similar in operation to the command parsing 43 * done in hardware for unsecure batches. However, the software parser allows 44 * some operations that would be noop'd by hardware, if the parser determines 45 * the operation is safe, and submits the batch as "secure" to prevent hardware 46 * parsing. 47 * 48 * Threats: 49 * At a high level, the hardware (and software) checks attempt to prevent 50 * granting userspace undue privileges. There are three categories of privilege. 51 * 52 * First, commands which are explicitly defined as privileged or which should 53 * only be used by the kernel driver. The parser generally rejects such 54 * commands, though it may allow some from the drm master process. 55 * 56 * Second, commands which access registers. To support correct/enhanced 57 * userspace functionality, particularly certain OpenGL extensions, the parser 58 * provides a whitelist of registers which userspace may safely access (for both 59 * normal and drm master processes). 60 * 61 * Third, commands which access privileged memory (i.e. GGTT, HWS page, etc). 62 * The parser always rejects such commands. 63 * 64 * The majority of the problematic commands fall in the MI_* range, with only a 65 * few specific commands on each ring (e.g. PIPE_CONTROL and MI_FLUSH_DW). 66 * 67 * Implementation: 68 * Each ring maintains tables of commands and registers which the parser uses in 69 * scanning batch buffers submitted to that ring. 70 * 71 * Since the set of commands that the parser must check for is significantly 72 * smaller than the number of commands supported, the parser tables contain only 73 * those commands required by the parser. This generally works because command 74 * opcode ranges have standard command length encodings. So for commands that 75 * the parser does not need to check, it can easily skip them. This is 76 * implemented via a per-ring length decoding vfunc. 77 * 78 * Unfortunately, there are a number of commands that do not follow the standard 79 * length encoding for their opcode range, primarily amongst the MI_* commands. 80 * To handle this, the parser provides a way to define explicit "skip" entries 81 * in the per-ring command tables. 82 * 83 * Other command table entries map fairly directly to high level categories 84 * mentioned above: rejected, master-only, register whitelist. The parser 85 * implements a number of checks, including the privileged memory checks, via a 86 * general bitmasking mechanism. 87 */ 88 89 #define STD_MI_OPCODE_MASK 0xFF800000 90 #define STD_3D_OPCODE_MASK 0xFFFF0000 91 #define STD_2D_OPCODE_MASK 0xFFC00000 92 #define STD_MFX_OPCODE_MASK 0xFFFF0000 93 94 #define CMD(op, opm, f, lm, fl, ...) \ 95 { \ 96 .flags = (fl) | ((f) ? CMD_DESC_FIXED : 0), \ 97 .cmd = { (op), (opm) }, \ 98 .length = { (lm) }, \ 99 __VA_ARGS__ \ 100 } 101 102 /* Convenience macros to compress the tables */ 103 #define SMI STD_MI_OPCODE_MASK 104 #define S3D STD_3D_OPCODE_MASK 105 #define S2D STD_2D_OPCODE_MASK 106 #define SMFX STD_MFX_OPCODE_MASK 107 #define F true 108 #define S CMD_DESC_SKIP 109 #define R CMD_DESC_REJECT 110 #define W CMD_DESC_REGISTER 111 #define B CMD_DESC_BITMASK 112 #define M CMD_DESC_MASTER 113 114 /* Command Mask Fixed Len Action 115 ---------------------------------------------------------- */ 116 static const struct drm_i915_cmd_descriptor common_cmds[] = { 117 CMD( MI_NOOP, SMI, F, 1, S ), 118 CMD( MI_USER_INTERRUPT, SMI, F, 1, R ), 119 CMD( MI_WAIT_FOR_EVENT, SMI, F, 1, M ), 120 CMD( MI_ARB_CHECK, SMI, F, 1, S ), 121 CMD( MI_REPORT_HEAD, SMI, F, 1, S ), 122 CMD( MI_SUSPEND_FLUSH, SMI, F, 1, S ), 123 CMD( MI_SEMAPHORE_MBOX, SMI, !F, 0xFF, R ), 124 CMD( MI_STORE_DWORD_INDEX, SMI, !F, 0xFF, R ), 125 CMD( MI_LOAD_REGISTER_IMM(1), SMI, !F, 0xFF, W, 126 .reg = { .offset = 1, .mask = 0x007FFFFC, .step = 2 } ), 127 CMD( MI_STORE_REGISTER_MEM, SMI, F, 3, W | B, 128 .reg = { .offset = 1, .mask = 0x007FFFFC }, 129 .bits = {{ 130 .offset = 0, 131 .mask = MI_GLOBAL_GTT, 132 .expected = 0, 133 }}, ), 134 CMD( MI_LOAD_REGISTER_MEM, SMI, F, 3, W | B, 135 .reg = { .offset = 1, .mask = 0x007FFFFC }, 136 .bits = {{ 137 .offset = 0, 138 .mask = MI_GLOBAL_GTT, 139 .expected = 0, 140 }}, ), 141 /* 142 * MI_BATCH_BUFFER_START requires some special handling. It's not 143 * really a 'skip' action but it doesn't seem like it's worth adding 144 * a new action. See i915_parse_cmds(). 145 */ 146 CMD( MI_BATCH_BUFFER_START, SMI, !F, 0xFF, S ), 147 }; 148 149 static const struct drm_i915_cmd_descriptor render_cmds[] = { 150 CMD( MI_FLUSH, SMI, F, 1, S ), 151 CMD( MI_ARB_ON_OFF, SMI, F, 1, R ), 152 CMD( MI_PREDICATE, SMI, F, 1, S ), 153 CMD( MI_TOPOLOGY_FILTER, SMI, F, 1, S ), 154 CMD( MI_SET_APPID, SMI, F, 1, S ), 155 CMD( MI_DISPLAY_FLIP, SMI, !F, 0xFF, R ), 156 CMD( MI_SET_CONTEXT, SMI, !F, 0xFF, R ), 157 CMD( MI_URB_CLEAR, SMI, !F, 0xFF, S ), 158 CMD( MI_STORE_DWORD_IMM, SMI, !F, 0x3F, B, 159 .bits = {{ 160 .offset = 0, 161 .mask = MI_GLOBAL_GTT, 162 .expected = 0, 163 }}, ), 164 CMD( MI_UPDATE_GTT, SMI, !F, 0xFF, R ), 165 CMD( MI_CLFLUSH, SMI, !F, 0x3FF, B, 166 .bits = {{ 167 .offset = 0, 168 .mask = MI_GLOBAL_GTT, 169 .expected = 0, 170 }}, ), 171 CMD( MI_REPORT_PERF_COUNT, SMI, !F, 0x3F, B, 172 .bits = {{ 173 .offset = 1, 174 .mask = MI_REPORT_PERF_COUNT_GGTT, 175 .expected = 0, 176 }}, ), 177 CMD( MI_CONDITIONAL_BATCH_BUFFER_END, SMI, !F, 0xFF, B, 178 .bits = {{ 179 .offset = 0, 180 .mask = MI_GLOBAL_GTT, 181 .expected = 0, 182 }}, ), 183 CMD( GFX_OP_3DSTATE_VF_STATISTICS, S3D, F, 1, S ), 184 CMD( PIPELINE_SELECT, S3D, F, 1, S ), 185 CMD( MEDIA_VFE_STATE, S3D, !F, 0xFFFF, B, 186 .bits = {{ 187 .offset = 2, 188 .mask = MEDIA_VFE_STATE_MMIO_ACCESS_MASK, 189 .expected = 0, 190 }}, ), 191 CMD( GPGPU_OBJECT, S3D, !F, 0xFF, S ), 192 CMD( GPGPU_WALKER, S3D, !F, 0xFF, S ), 193 CMD( GFX_OP_3DSTATE_SO_DECL_LIST, S3D, !F, 0x1FF, S ), 194 CMD( GFX_OP_PIPE_CONTROL(5), S3D, !F, 0xFF, B, 195 .bits = {{ 196 .offset = 1, 197 .mask = (PIPE_CONTROL_MMIO_WRITE | PIPE_CONTROL_NOTIFY), 198 .expected = 0, 199 }, 200 { 201 .offset = 1, 202 .mask = (PIPE_CONTROL_GLOBAL_GTT_IVB | 203 PIPE_CONTROL_STORE_DATA_INDEX), 204 .expected = 0, 205 .condition_offset = 1, 206 .condition_mask = PIPE_CONTROL_POST_SYNC_OP_MASK, 207 }}, ), 208 }; 209 210 static const struct drm_i915_cmd_descriptor hsw_render_cmds[] = { 211 CMD( MI_SET_PREDICATE, SMI, F, 1, S ), 212 CMD( MI_RS_CONTROL, SMI, F, 1, S ), 213 CMD( MI_URB_ATOMIC_ALLOC, SMI, F, 1, S ), 214 CMD( MI_SET_APPID, SMI, F, 1, S ), 215 CMD( MI_RS_CONTEXT, SMI, F, 1, S ), 216 CMD( MI_LOAD_SCAN_LINES_INCL, SMI, !F, 0x3F, M ), 217 CMD( MI_LOAD_SCAN_LINES_EXCL, SMI, !F, 0x3F, R ), 218 CMD( MI_LOAD_REGISTER_REG, SMI, !F, 0xFF, W, 219 .reg = { .offset = 1, .mask = 0x007FFFFC, .step = 1 } ), 220 CMD( MI_RS_STORE_DATA_IMM, SMI, !F, 0xFF, S ), 221 CMD( MI_LOAD_URB_MEM, SMI, !F, 0xFF, S ), 222 CMD( MI_STORE_URB_MEM, SMI, !F, 0xFF, S ), 223 CMD( GFX_OP_3DSTATE_DX9_CONSTANTF_VS, S3D, !F, 0x7FF, S ), 224 CMD( GFX_OP_3DSTATE_DX9_CONSTANTF_PS, S3D, !F, 0x7FF, S ), 225 226 CMD( GFX_OP_3DSTATE_BINDING_TABLE_EDIT_VS, S3D, !F, 0x1FF, S ), 227 CMD( GFX_OP_3DSTATE_BINDING_TABLE_EDIT_GS, S3D, !F, 0x1FF, S ), 228 CMD( GFX_OP_3DSTATE_BINDING_TABLE_EDIT_HS, S3D, !F, 0x1FF, S ), 229 CMD( GFX_OP_3DSTATE_BINDING_TABLE_EDIT_DS, S3D, !F, 0x1FF, S ), 230 CMD( GFX_OP_3DSTATE_BINDING_TABLE_EDIT_PS, S3D, !F, 0x1FF, S ), 231 }; 232 233 static const struct drm_i915_cmd_descriptor video_cmds[] = { 234 CMD( MI_ARB_ON_OFF, SMI, F, 1, R ), 235 CMD( MI_SET_APPID, SMI, F, 1, S ), 236 CMD( MI_STORE_DWORD_IMM, SMI, !F, 0xFF, B, 237 .bits = {{ 238 .offset = 0, 239 .mask = MI_GLOBAL_GTT, 240 .expected = 0, 241 }}, ), 242 CMD( MI_UPDATE_GTT, SMI, !F, 0x3F, R ), 243 CMD( MI_FLUSH_DW, SMI, !F, 0x3F, B, 244 .bits = {{ 245 .offset = 0, 246 .mask = MI_FLUSH_DW_NOTIFY, 247 .expected = 0, 248 }, 249 { 250 .offset = 1, 251 .mask = MI_FLUSH_DW_USE_GTT, 252 .expected = 0, 253 .condition_offset = 0, 254 .condition_mask = MI_FLUSH_DW_OP_MASK, 255 }, 256 { 257 .offset = 0, 258 .mask = MI_FLUSH_DW_STORE_INDEX, 259 .expected = 0, 260 .condition_offset = 0, 261 .condition_mask = MI_FLUSH_DW_OP_MASK, 262 }}, ), 263 CMD( MI_CONDITIONAL_BATCH_BUFFER_END, SMI, !F, 0xFF, B, 264 .bits = {{ 265 .offset = 0, 266 .mask = MI_GLOBAL_GTT, 267 .expected = 0, 268 }}, ), 269 /* 270 * MFX_WAIT doesn't fit the way we handle length for most commands. 271 * It has a length field but it uses a non-standard length bias. 272 * It is always 1 dword though, so just treat it as fixed length. 273 */ 274 CMD( MFX_WAIT, SMFX, F, 1, S ), 275 }; 276 277 static const struct drm_i915_cmd_descriptor vecs_cmds[] = { 278 CMD( MI_ARB_ON_OFF, SMI, F, 1, R ), 279 CMD( MI_SET_APPID, SMI, F, 1, S ), 280 CMD( MI_STORE_DWORD_IMM, SMI, !F, 0xFF, B, 281 .bits = {{ 282 .offset = 0, 283 .mask = MI_GLOBAL_GTT, 284 .expected = 0, 285 }}, ), 286 CMD( MI_UPDATE_GTT, SMI, !F, 0x3F, R ), 287 CMD( MI_FLUSH_DW, SMI, !F, 0x3F, B, 288 .bits = {{ 289 .offset = 0, 290 .mask = MI_FLUSH_DW_NOTIFY, 291 .expected = 0, 292 }, 293 { 294 .offset = 1, 295 .mask = MI_FLUSH_DW_USE_GTT, 296 .expected = 0, 297 .condition_offset = 0, 298 .condition_mask = MI_FLUSH_DW_OP_MASK, 299 }, 300 { 301 .offset = 0, 302 .mask = MI_FLUSH_DW_STORE_INDEX, 303 .expected = 0, 304 .condition_offset = 0, 305 .condition_mask = MI_FLUSH_DW_OP_MASK, 306 }}, ), 307 CMD( MI_CONDITIONAL_BATCH_BUFFER_END, SMI, !F, 0xFF, B, 308 .bits = {{ 309 .offset = 0, 310 .mask = MI_GLOBAL_GTT, 311 .expected = 0, 312 }}, ), 313 }; 314 315 static const struct drm_i915_cmd_descriptor blt_cmds[] = { 316 CMD( MI_DISPLAY_FLIP, SMI, !F, 0xFF, R ), 317 CMD( MI_STORE_DWORD_IMM, SMI, !F, 0x3FF, B, 318 .bits = {{ 319 .offset = 0, 320 .mask = MI_GLOBAL_GTT, 321 .expected = 0, 322 }}, ), 323 CMD( MI_UPDATE_GTT, SMI, !F, 0x3F, R ), 324 CMD( MI_FLUSH_DW, SMI, !F, 0x3F, B, 325 .bits = {{ 326 .offset = 0, 327 .mask = MI_FLUSH_DW_NOTIFY, 328 .expected = 0, 329 }, 330 { 331 .offset = 1, 332 .mask = MI_FLUSH_DW_USE_GTT, 333 .expected = 0, 334 .condition_offset = 0, 335 .condition_mask = MI_FLUSH_DW_OP_MASK, 336 }, 337 { 338 .offset = 0, 339 .mask = MI_FLUSH_DW_STORE_INDEX, 340 .expected = 0, 341 .condition_offset = 0, 342 .condition_mask = MI_FLUSH_DW_OP_MASK, 343 }}, ), 344 CMD( COLOR_BLT, S2D, !F, 0x3F, S ), 345 CMD( SRC_COPY_BLT, S2D, !F, 0x3F, S ), 346 }; 347 348 static const struct drm_i915_cmd_descriptor hsw_blt_cmds[] = { 349 CMD( MI_LOAD_SCAN_LINES_INCL, SMI, !F, 0x3F, M ), 350 CMD( MI_LOAD_SCAN_LINES_EXCL, SMI, !F, 0x3F, R ), 351 }; 352 353 #undef CMD 354 #undef SMI 355 #undef S3D 356 #undef S2D 357 #undef SMFX 358 #undef F 359 #undef S 360 #undef R 361 #undef W 362 #undef B 363 #undef M 364 365 static const struct drm_i915_cmd_table gen7_render_cmds[] = { 366 { common_cmds, ARRAY_SIZE(common_cmds) }, 367 { render_cmds, ARRAY_SIZE(render_cmds) }, 368 }; 369 370 static const struct drm_i915_cmd_table hsw_render_ring_cmds[] = { 371 { common_cmds, ARRAY_SIZE(common_cmds) }, 372 { render_cmds, ARRAY_SIZE(render_cmds) }, 373 { hsw_render_cmds, ARRAY_SIZE(hsw_render_cmds) }, 374 }; 375 376 static const struct drm_i915_cmd_table gen7_video_cmds[] = { 377 { common_cmds, ARRAY_SIZE(common_cmds) }, 378 { video_cmds, ARRAY_SIZE(video_cmds) }, 379 }; 380 381 static const struct drm_i915_cmd_table hsw_vebox_cmds[] = { 382 { common_cmds, ARRAY_SIZE(common_cmds) }, 383 { vecs_cmds, ARRAY_SIZE(vecs_cmds) }, 384 }; 385 386 static const struct drm_i915_cmd_table gen7_blt_cmds[] = { 387 { common_cmds, ARRAY_SIZE(common_cmds) }, 388 { blt_cmds, ARRAY_SIZE(blt_cmds) }, 389 }; 390 391 static const struct drm_i915_cmd_table hsw_blt_ring_cmds[] = { 392 { common_cmds, ARRAY_SIZE(common_cmds) }, 393 { blt_cmds, ARRAY_SIZE(blt_cmds) }, 394 { hsw_blt_cmds, ARRAY_SIZE(hsw_blt_cmds) }, 395 }; 396 397 /* 398 * Register whitelists, sorted by increasing register offset. 399 */ 400 401 /* 402 * An individual whitelist entry granting access to register addr. If 403 * mask is non-zero the argument of immediate register writes will be 404 * AND-ed with mask, and the command will be rejected if the result 405 * doesn't match value. 406 * 407 * Registers with non-zero mask are only allowed to be written using 408 * LRI. 409 */ 410 struct drm_i915_reg_descriptor { 411 i915_reg_t addr; 412 u32 mask; 413 u32 value; 414 }; 415 416 /* Convenience macro for adding 32-bit registers. */ 417 #define REG32(_reg, ...) \ 418 { .addr = (_reg), __VA_ARGS__ } 419 420 /* 421 * Convenience macro for adding 64-bit registers. 422 * 423 * Some registers that userspace accesses are 64 bits. The register 424 * access commands only allow 32-bit accesses. Hence, we have to include 425 * entries for both halves of the 64-bit registers. 426 */ 427 #define REG64(_reg) \ 428 { .addr = _reg }, \ 429 { .addr = _reg ## _UDW } 430 431 #define REG64_IDX(_reg, idx) \ 432 { .addr = _reg(idx) }, \ 433 { .addr = _reg ## _UDW(idx) } 434 435 static const struct drm_i915_reg_descriptor gen7_render_regs[] = { 436 REG64(GPGPU_THREADS_DISPATCHED), 437 REG64(HS_INVOCATION_COUNT), 438 REG64(DS_INVOCATION_COUNT), 439 REG64(IA_VERTICES_COUNT), 440 REG64(IA_PRIMITIVES_COUNT), 441 REG64(VS_INVOCATION_COUNT), 442 REG64(GS_INVOCATION_COUNT), 443 REG64(GS_PRIMITIVES_COUNT), 444 REG64(CL_INVOCATION_COUNT), 445 REG64(CL_PRIMITIVES_COUNT), 446 REG64(PS_INVOCATION_COUNT), 447 REG64(PS_DEPTH_COUNT), 448 REG64_IDX(RING_TIMESTAMP, RENDER_RING_BASE), 449 REG32(OACONTROL), /* Only allowed for LRI and SRM. See below. */ 450 REG64(MI_PREDICATE_SRC0), 451 REG64(MI_PREDICATE_SRC1), 452 REG32(GEN7_3DPRIM_END_OFFSET), 453 REG32(GEN7_3DPRIM_START_VERTEX), 454 REG32(GEN7_3DPRIM_VERTEX_COUNT), 455 REG32(GEN7_3DPRIM_INSTANCE_COUNT), 456 REG32(GEN7_3DPRIM_START_INSTANCE), 457 REG32(GEN7_3DPRIM_BASE_VERTEX), 458 REG32(GEN7_GPGPU_DISPATCHDIMX), 459 REG32(GEN7_GPGPU_DISPATCHDIMY), 460 REG32(GEN7_GPGPU_DISPATCHDIMZ), 461 REG64_IDX(GEN7_SO_NUM_PRIMS_WRITTEN, 0), 462 REG64_IDX(GEN7_SO_NUM_PRIMS_WRITTEN, 1), 463 REG64_IDX(GEN7_SO_NUM_PRIMS_WRITTEN, 2), 464 REG64_IDX(GEN7_SO_NUM_PRIMS_WRITTEN, 3), 465 REG64_IDX(GEN7_SO_PRIM_STORAGE_NEEDED, 0), 466 REG64_IDX(GEN7_SO_PRIM_STORAGE_NEEDED, 1), 467 REG64_IDX(GEN7_SO_PRIM_STORAGE_NEEDED, 2), 468 REG64_IDX(GEN7_SO_PRIM_STORAGE_NEEDED, 3), 469 REG32(GEN7_SO_WRITE_OFFSET(0)), 470 REG32(GEN7_SO_WRITE_OFFSET(1)), 471 REG32(GEN7_SO_WRITE_OFFSET(2)), 472 REG32(GEN7_SO_WRITE_OFFSET(3)), 473 REG32(GEN7_L3SQCREG1), 474 REG32(GEN7_L3CNTLREG2), 475 REG32(GEN7_L3CNTLREG3), 476 }; 477 478 static const struct drm_i915_reg_descriptor hsw_render_regs[] = { 479 REG64_IDX(HSW_CS_GPR, 0), 480 REG64_IDX(HSW_CS_GPR, 1), 481 REG64_IDX(HSW_CS_GPR, 2), 482 REG64_IDX(HSW_CS_GPR, 3), 483 REG64_IDX(HSW_CS_GPR, 4), 484 REG64_IDX(HSW_CS_GPR, 5), 485 REG64_IDX(HSW_CS_GPR, 6), 486 REG64_IDX(HSW_CS_GPR, 7), 487 REG64_IDX(HSW_CS_GPR, 8), 488 REG64_IDX(HSW_CS_GPR, 9), 489 REG64_IDX(HSW_CS_GPR, 10), 490 REG64_IDX(HSW_CS_GPR, 11), 491 REG64_IDX(HSW_CS_GPR, 12), 492 REG64_IDX(HSW_CS_GPR, 13), 493 REG64_IDX(HSW_CS_GPR, 14), 494 REG64_IDX(HSW_CS_GPR, 15), 495 REG32(HSW_SCRATCH1, 496 .mask = ~HSW_SCRATCH1_L3_DATA_ATOMICS_DISABLE, 497 .value = 0), 498 REG32(HSW_ROW_CHICKEN3, 499 .mask = ~(HSW_ROW_CHICKEN3_L3_GLOBAL_ATOMICS_DISABLE << 16 | 500 HSW_ROW_CHICKEN3_L3_GLOBAL_ATOMICS_DISABLE), 501 .value = 0), 502 }; 503 504 static const struct drm_i915_reg_descriptor gen7_blt_regs[] = { 505 REG32(BCS_SWCTRL), 506 }; 507 508 static const struct drm_i915_reg_descriptor ivb_master_regs[] = { 509 REG32(FORCEWAKE_MT), 510 REG32(DERRMR), 511 REG32(GEN7_PIPE_DE_LOAD_SL(PIPE_A)), 512 REG32(GEN7_PIPE_DE_LOAD_SL(PIPE_B)), 513 REG32(GEN7_PIPE_DE_LOAD_SL(PIPE_C)), 514 }; 515 516 static const struct drm_i915_reg_descriptor hsw_master_regs[] = { 517 REG32(FORCEWAKE_MT), 518 REG32(DERRMR), 519 }; 520 521 #undef REG64 522 #undef REG32 523 524 struct drm_i915_reg_table { 525 const struct drm_i915_reg_descriptor *regs; 526 int num_regs; 527 bool master; 528 }; 529 530 static const struct drm_i915_reg_table ivb_render_reg_tables[] = { 531 { gen7_render_regs, ARRAY_SIZE(gen7_render_regs), false }, 532 { ivb_master_regs, ARRAY_SIZE(ivb_master_regs), true }, 533 }; 534 535 static const struct drm_i915_reg_table ivb_blt_reg_tables[] = { 536 { gen7_blt_regs, ARRAY_SIZE(gen7_blt_regs), false }, 537 { ivb_master_regs, ARRAY_SIZE(ivb_master_regs), true }, 538 }; 539 540 static const struct drm_i915_reg_table hsw_render_reg_tables[] = { 541 { gen7_render_regs, ARRAY_SIZE(gen7_render_regs), false }, 542 { hsw_render_regs, ARRAY_SIZE(hsw_render_regs), false }, 543 { hsw_master_regs, ARRAY_SIZE(hsw_master_regs), true }, 544 }; 545 546 static const struct drm_i915_reg_table hsw_blt_reg_tables[] = { 547 { gen7_blt_regs, ARRAY_SIZE(gen7_blt_regs), false }, 548 { hsw_master_regs, ARRAY_SIZE(hsw_master_regs), true }, 549 }; 550 551 static u32 gen7_render_get_cmd_length_mask(u32 cmd_header) 552 { 553 u32 client = (cmd_header & INSTR_CLIENT_MASK) >> INSTR_CLIENT_SHIFT; 554 u32 subclient = 555 (cmd_header & INSTR_SUBCLIENT_MASK) >> INSTR_SUBCLIENT_SHIFT; 556 557 if (client == INSTR_MI_CLIENT) 558 return 0x3F; 559 else if (client == INSTR_RC_CLIENT) { 560 if (subclient == INSTR_MEDIA_SUBCLIENT) 561 return 0xFFFF; 562 else 563 return 0xFF; 564 } 565 566 DRM_DEBUG_DRIVER("CMD: Abnormal rcs cmd length! 0x%08X\n", cmd_header); 567 return 0; 568 } 569 570 static u32 gen7_bsd_get_cmd_length_mask(u32 cmd_header) 571 { 572 u32 client = (cmd_header & INSTR_CLIENT_MASK) >> INSTR_CLIENT_SHIFT; 573 u32 subclient = 574 (cmd_header & INSTR_SUBCLIENT_MASK) >> INSTR_SUBCLIENT_SHIFT; 575 u32 op = (cmd_header & INSTR_26_TO_24_MASK) >> INSTR_26_TO_24_SHIFT; 576 577 if (client == INSTR_MI_CLIENT) 578 return 0x3F; 579 else if (client == INSTR_RC_CLIENT) { 580 if (subclient == INSTR_MEDIA_SUBCLIENT) { 581 if (op == 6) 582 return 0xFFFF; 583 else 584 return 0xFFF; 585 } else 586 return 0xFF; 587 } 588 589 DRM_DEBUG_DRIVER("CMD: Abnormal bsd cmd length! 0x%08X\n", cmd_header); 590 return 0; 591 } 592 593 static u32 gen7_blt_get_cmd_length_mask(u32 cmd_header) 594 { 595 u32 client = (cmd_header & INSTR_CLIENT_MASK) >> INSTR_CLIENT_SHIFT; 596 597 if (client == INSTR_MI_CLIENT) 598 return 0x3F; 599 else if (client == INSTR_BC_CLIENT) 600 return 0xFF; 601 602 DRM_DEBUG_DRIVER("CMD: Abnormal blt cmd length! 0x%08X\n", cmd_header); 603 return 0; 604 } 605 606 static bool validate_cmds_sorted(struct intel_engine_cs *engine, 607 const struct drm_i915_cmd_table *cmd_tables, 608 int cmd_table_count) 609 { 610 int i; 611 bool ret = true; 612 613 if (!cmd_tables || cmd_table_count == 0) 614 return true; 615 616 for (i = 0; i < cmd_table_count; i++) { 617 const struct drm_i915_cmd_table *table = &cmd_tables[i]; 618 u32 previous = 0; 619 int j; 620 621 for (j = 0; j < table->count; j++) { 622 const struct drm_i915_cmd_descriptor *desc = 623 &table->table[j]; 624 u32 curr = desc->cmd.value & desc->cmd.mask; 625 626 if (curr < previous) { 627 DRM_ERROR("CMD: table not sorted ring=%d table=%d entry=%d cmd=0x%08X prev=0x%08X\n", 628 engine->id, i, j, curr, previous); 629 ret = false; 630 } 631 632 previous = curr; 633 } 634 } 635 636 return ret; 637 } 638 639 static bool check_sorted(int ring_id, 640 const struct drm_i915_reg_descriptor *reg_table, 641 int reg_count) 642 { 643 int i; 644 u32 previous = 0; 645 bool ret = true; 646 647 for (i = 0; i < reg_count; i++) { 648 u32 curr = i915_mmio_reg_offset(reg_table[i].addr); 649 650 if (curr < previous) { 651 DRM_ERROR("CMD: table not sorted ring=%d entry=%d reg=0x%08X prev=0x%08X\n", 652 ring_id, i, curr, previous); 653 ret = false; 654 } 655 656 previous = curr; 657 } 658 659 return ret; 660 } 661 662 static bool validate_regs_sorted(struct intel_engine_cs *engine) 663 { 664 int i; 665 const struct drm_i915_reg_table *table; 666 667 for (i = 0; i < engine->reg_table_count; i++) { 668 table = &engine->reg_tables[i]; 669 if (!check_sorted(engine->id, table->regs, table->num_regs)) 670 return false; 671 } 672 673 return true; 674 } 675 676 struct cmd_node { 677 const struct drm_i915_cmd_descriptor *desc; 678 struct hlist_node node; 679 }; 680 681 /* 682 * Different command ranges have different numbers of bits for the opcode. For 683 * example, MI commands use bits 31:23 while 3D commands use bits 31:16. The 684 * problem is that, for example, MI commands use bits 22:16 for other fields 685 * such as GGTT vs PPGTT bits. If we include those bits in the mask then when 686 * we mask a command from a batch it could hash to the wrong bucket due to 687 * non-opcode bits being set. But if we don't include those bits, some 3D 688 * commands may hash to the same bucket due to not including opcode bits that 689 * make the command unique. For now, we will risk hashing to the same bucket. 690 * 691 * If we attempt to generate a perfect hash, we should be able to look at bits 692 * 31:29 of a command from a batch buffer and use the full mask for that 693 * client. The existing INSTR_CLIENT_MASK/SHIFT defines can be used for this. 694 */ 695 #define CMD_HASH_MASK STD_MI_OPCODE_MASK 696 697 static int init_hash_table(struct intel_engine_cs *engine, 698 const struct drm_i915_cmd_table *cmd_tables, 699 int cmd_table_count) 700 { 701 int i, j; 702 703 hash_init(engine->cmd_hash); 704 705 for (i = 0; i < cmd_table_count; i++) { 706 const struct drm_i915_cmd_table *table = &cmd_tables[i]; 707 708 for (j = 0; j < table->count; j++) { 709 const struct drm_i915_cmd_descriptor *desc = 710 &table->table[j]; 711 struct cmd_node *desc_node = 712 kmalloc(sizeof(*desc_node), M_DRM, GFP_KERNEL); 713 714 if (!desc_node) 715 return -ENOMEM; 716 717 desc_node->desc = desc; 718 hash_add(engine->cmd_hash, &desc_node->node, 719 desc->cmd.value & CMD_HASH_MASK); 720 } 721 } 722 723 return 0; 724 } 725 726 static void fini_hash_table(struct intel_engine_cs *engine) 727 { 728 struct hlist_node *tmp; 729 struct cmd_node *desc_node; 730 int i; 731 732 hash_for_each_safe(engine->cmd_hash, i, tmp, desc_node, node) { 733 hash_del(&desc_node->node); 734 kfree(desc_node); 735 } 736 } 737 738 /** 739 * i915_cmd_parser_init_ring() - set cmd parser related fields for a ringbuffer 740 * @engine: the engine to initialize 741 * 742 * Optionally initializes fields related to batch buffer command parsing in the 743 * struct intel_engine_cs based on whether the platform requires software 744 * command parsing. 745 * 746 * Return: non-zero if initialization fails 747 */ 748 int i915_cmd_parser_init_ring(struct intel_engine_cs *engine) 749 { 750 const struct drm_i915_cmd_table *cmd_tables; 751 int cmd_table_count; 752 int ret; 753 754 if (!IS_GEN7(engine->i915)) 755 return 0; 756 757 switch (engine->id) { 758 case RCS: 759 if (IS_HASWELL(engine->i915)) { 760 cmd_tables = hsw_render_ring_cmds; 761 cmd_table_count = 762 ARRAY_SIZE(hsw_render_ring_cmds); 763 } else { 764 cmd_tables = gen7_render_cmds; 765 cmd_table_count = ARRAY_SIZE(gen7_render_cmds); 766 } 767 768 if (IS_HASWELL(engine->i915)) { 769 engine->reg_tables = hsw_render_reg_tables; 770 engine->reg_table_count = ARRAY_SIZE(hsw_render_reg_tables); 771 } else { 772 engine->reg_tables = ivb_render_reg_tables; 773 engine->reg_table_count = ARRAY_SIZE(ivb_render_reg_tables); 774 } 775 776 engine->get_cmd_length_mask = gen7_render_get_cmd_length_mask; 777 break; 778 case VCS: 779 cmd_tables = gen7_video_cmds; 780 cmd_table_count = ARRAY_SIZE(gen7_video_cmds); 781 engine->get_cmd_length_mask = gen7_bsd_get_cmd_length_mask; 782 break; 783 case BCS: 784 if (IS_HASWELL(engine->i915)) { 785 cmd_tables = hsw_blt_ring_cmds; 786 cmd_table_count = ARRAY_SIZE(hsw_blt_ring_cmds); 787 } else { 788 cmd_tables = gen7_blt_cmds; 789 cmd_table_count = ARRAY_SIZE(gen7_blt_cmds); 790 } 791 792 if (IS_HASWELL(engine->i915)) { 793 engine->reg_tables = hsw_blt_reg_tables; 794 engine->reg_table_count = ARRAY_SIZE(hsw_blt_reg_tables); 795 } else { 796 engine->reg_tables = ivb_blt_reg_tables; 797 engine->reg_table_count = ARRAY_SIZE(ivb_blt_reg_tables); 798 } 799 800 engine->get_cmd_length_mask = gen7_blt_get_cmd_length_mask; 801 break; 802 case VECS: 803 cmd_tables = hsw_vebox_cmds; 804 cmd_table_count = ARRAY_SIZE(hsw_vebox_cmds); 805 /* VECS can use the same length_mask function as VCS */ 806 engine->get_cmd_length_mask = gen7_bsd_get_cmd_length_mask; 807 break; 808 default: 809 DRM_ERROR("CMD: cmd_parser_init with unknown ring: %d\n", 810 engine->id); 811 BUG(); 812 } 813 814 BUG_ON(!validate_cmds_sorted(engine, cmd_tables, cmd_table_count)); 815 BUG_ON(!validate_regs_sorted(engine)); 816 817 WARN_ON(!hash_empty(engine->cmd_hash)); 818 819 ret = init_hash_table(engine, cmd_tables, cmd_table_count); 820 if (ret) { 821 DRM_ERROR("CMD: cmd_parser_init failed!\n"); 822 fini_hash_table(engine); 823 return ret; 824 } 825 826 engine->needs_cmd_parser = true; 827 828 return 0; 829 } 830 831 /** 832 * i915_cmd_parser_fini_ring() - clean up cmd parser related fields 833 * @engine: the engine to clean up 834 * 835 * Releases any resources related to command parsing that may have been 836 * initialized for the specified ring. 837 */ 838 void i915_cmd_parser_fini_ring(struct intel_engine_cs *engine) 839 { 840 if (!engine->needs_cmd_parser) 841 return; 842 843 fini_hash_table(engine); 844 } 845 846 static const struct drm_i915_cmd_descriptor* 847 find_cmd_in_table(struct intel_engine_cs *engine, 848 u32 cmd_header) 849 { 850 struct cmd_node *desc_node; 851 852 hash_for_each_possible(engine->cmd_hash, desc_node, node, 853 cmd_header & CMD_HASH_MASK) { 854 const struct drm_i915_cmd_descriptor *desc = desc_node->desc; 855 u32 masked_cmd = desc->cmd.mask & cmd_header; 856 u32 masked_value = desc->cmd.value & desc->cmd.mask; 857 858 if (masked_cmd == masked_value) 859 return desc; 860 } 861 862 return NULL; 863 } 864 865 /* 866 * Returns a pointer to a descriptor for the command specified by cmd_header. 867 * 868 * The caller must supply space for a default descriptor via the default_desc 869 * parameter. If no descriptor for the specified command exists in the ring's 870 * command parser tables, this function fills in default_desc based on the 871 * ring's default length encoding and returns default_desc. 872 */ 873 static const struct drm_i915_cmd_descriptor* 874 find_cmd(struct intel_engine_cs *engine, 875 u32 cmd_header, 876 struct drm_i915_cmd_descriptor *default_desc) 877 { 878 const struct drm_i915_cmd_descriptor *desc; 879 u32 mask; 880 881 desc = find_cmd_in_table(engine, cmd_header); 882 if (desc) 883 return desc; 884 885 mask = engine->get_cmd_length_mask(cmd_header); 886 if (!mask) 887 return NULL; 888 889 BUG_ON(!default_desc); 890 default_desc->flags = CMD_DESC_SKIP; 891 default_desc->length.mask = mask; 892 893 return default_desc; 894 } 895 896 static const struct drm_i915_reg_descriptor * 897 find_reg(const struct drm_i915_reg_descriptor *table, 898 int count, u32 addr) 899 { 900 int i; 901 902 for (i = 0; i < count; i++) { 903 if (i915_mmio_reg_offset(table[i].addr) == addr) 904 return &table[i]; 905 } 906 907 return NULL; 908 } 909 910 static const struct drm_i915_reg_descriptor * 911 find_reg_in_tables(const struct drm_i915_reg_table *tables, 912 int count, bool is_master, u32 addr) 913 { 914 int i; 915 const struct drm_i915_reg_table *table; 916 const struct drm_i915_reg_descriptor *reg; 917 918 for (i = 0; i < count; i++) { 919 table = &tables[i]; 920 if (!table->master || is_master) { 921 reg = find_reg(table->regs, table->num_regs, 922 addr); 923 if (reg != NULL) 924 return reg; 925 } 926 } 927 928 return NULL; 929 } 930 931 static u32 *vmap_batch(struct drm_i915_gem_object *obj, 932 unsigned start, unsigned len) 933 { 934 int i; 935 void *addr = NULL; 936 struct sg_page_iter sg_iter; 937 int first_page = start >> PAGE_SHIFT; 938 int last_page = (len + start + 4095) >> PAGE_SHIFT; 939 int npages = last_page - first_page; 940 struct page **pages; 941 942 pages = drm_malloc_ab(npages, sizeof(*pages)); 943 if (pages == NULL) { 944 DRM_DEBUG_DRIVER("Failed to get space for pages\n"); 945 goto finish; 946 } 947 948 i = 0; 949 for_each_sg_page(obj->pages->sgl, &sg_iter, obj->pages->nents, first_page) { 950 pages[i++] = sg_page_iter_page(&sg_iter); 951 if (i == npages) 952 break; 953 } 954 955 addr = vmap(pages, i, 0, PAGE_KERNEL); 956 if (addr == NULL) { 957 DRM_DEBUG_DRIVER("Failed to vmap pages\n"); 958 goto finish; 959 } 960 961 finish: 962 if (pages) 963 drm_free_large(pages); 964 return (u32*)addr; 965 } 966 967 /* Returns a vmap'd pointer to dest_obj, which the caller must unmap */ 968 static u32 *copy_batch(struct drm_i915_gem_object *dest_obj, 969 struct drm_i915_gem_object *src_obj, 970 u32 batch_start_offset, 971 u32 batch_len) 972 { 973 int needs_clflush = 0; 974 void *src_base, *src; 975 void *dst = NULL; 976 int ret; 977 978 if (batch_len > dest_obj->base.size || 979 batch_len + batch_start_offset > src_obj->base.size) 980 return ERR_PTR(-E2BIG); 981 982 if (WARN_ON(dest_obj->pages_pin_count == 0)) 983 return ERR_PTR(-ENODEV); 984 985 ret = i915_gem_obj_prepare_shmem_read(src_obj, &needs_clflush); 986 if (ret) { 987 DRM_DEBUG_DRIVER("CMD: failed to prepare shadow batch\n"); 988 return ERR_PTR(ret); 989 } 990 991 src_base = vmap_batch(src_obj, batch_start_offset, batch_len); 992 if (!src_base) { 993 DRM_DEBUG_DRIVER("CMD: Failed to vmap batch\n"); 994 ret = -ENOMEM; 995 goto unpin_src; 996 } 997 998 ret = i915_gem_object_set_to_cpu_domain(dest_obj, true); 999 if (ret) { 1000 DRM_DEBUG_DRIVER("CMD: Failed to set shadow batch to CPU\n"); 1001 goto unmap_src; 1002 } 1003 1004 dst = vmap_batch(dest_obj, 0, batch_len); 1005 if (!dst) { 1006 DRM_DEBUG_DRIVER("CMD: Failed to vmap shadow batch\n"); 1007 ret = -ENOMEM; 1008 goto unmap_src; 1009 } 1010 1011 src = src_base + offset_in_page(batch_start_offset); 1012 if (needs_clflush) 1013 drm_clflush_virt_range(src, batch_len); 1014 1015 memcpy(dst, src, batch_len); 1016 1017 unmap_src: 1018 vunmap(src_base); 1019 unpin_src: 1020 i915_gem_object_unpin_pages(src_obj); 1021 1022 return ret ? ERR_PTR(ret) : dst; 1023 } 1024 1025 /** 1026 * i915_needs_cmd_parser() - should a given ring use software command parsing? 1027 * @engine: the engine in question 1028 * 1029 * Only certain platforms require software batch buffer command parsing, and 1030 * only when enabled via module parameter. 1031 * 1032 * Return: true if the ring requires software command parsing 1033 */ 1034 bool i915_needs_cmd_parser(struct intel_engine_cs *engine) 1035 { 1036 if (!engine->needs_cmd_parser) 1037 return false; 1038 1039 if (!USES_PPGTT(engine->i915)) 1040 return false; 1041 1042 return (i915.enable_cmd_parser == 1); 1043 } 1044 1045 static bool check_cmd(const struct intel_engine_cs *engine, 1046 const struct drm_i915_cmd_descriptor *desc, 1047 const u32 *cmd, u32 length, 1048 const bool is_master, 1049 bool *oacontrol_set) 1050 { 1051 if (desc->flags & CMD_DESC_REJECT) { 1052 DRM_DEBUG_DRIVER("CMD: Rejected command: 0x%08X\n", *cmd); 1053 return false; 1054 } 1055 1056 if ((desc->flags & CMD_DESC_MASTER) && !is_master) { 1057 DRM_DEBUG_DRIVER("CMD: Rejected master-only command: 0x%08X\n", 1058 *cmd); 1059 return false; 1060 } 1061 1062 if (desc->flags & CMD_DESC_REGISTER) { 1063 /* 1064 * Get the distance between individual register offset 1065 * fields if the command can perform more than one 1066 * access at a time. 1067 */ 1068 const u32 step = desc->reg.step ? desc->reg.step : length; 1069 u32 offset; 1070 1071 for (offset = desc->reg.offset; offset < length; 1072 offset += step) { 1073 const u32 reg_addr = cmd[offset] & desc->reg.mask; 1074 const struct drm_i915_reg_descriptor *reg = 1075 find_reg_in_tables(engine->reg_tables, 1076 engine->reg_table_count, 1077 is_master, 1078 reg_addr); 1079 1080 if (!reg) { 1081 DRM_DEBUG_DRIVER("CMD: Rejected register 0x%08X in command: 0x%08X (ring=%d)\n", 1082 reg_addr, *cmd, engine->id); 1083 return false; 1084 } 1085 1086 /* 1087 * OACONTROL requires some special handling for 1088 * writes. We want to make sure that any batch which 1089 * enables OA also disables it before the end of the 1090 * batch. The goal is to prevent one process from 1091 * snooping on the perf data from another process. To do 1092 * that, we need to check the value that will be written 1093 * to the register. Hence, limit OACONTROL writes to 1094 * only MI_LOAD_REGISTER_IMM commands. 1095 */ 1096 if (reg_addr == i915_mmio_reg_offset(OACONTROL)) { 1097 if (desc->cmd.value == MI_LOAD_REGISTER_MEM) { 1098 DRM_DEBUG_DRIVER("CMD: Rejected LRM to OACONTROL\n"); 1099 return false; 1100 } 1101 1102 if (desc->cmd.value == MI_LOAD_REGISTER_REG) { 1103 DRM_DEBUG_DRIVER("CMD: Rejected LRR to OACONTROL\n"); 1104 return false; 1105 } 1106 1107 if (desc->cmd.value == MI_LOAD_REGISTER_IMM(1)) 1108 *oacontrol_set = (cmd[offset + 1] != 0); 1109 } 1110 1111 /* 1112 * Check the value written to the register against the 1113 * allowed mask/value pair given in the whitelist entry. 1114 */ 1115 if (reg->mask) { 1116 if (desc->cmd.value == MI_LOAD_REGISTER_MEM) { 1117 DRM_DEBUG_DRIVER("CMD: Rejected LRM to masked register 0x%08X\n", 1118 reg_addr); 1119 return false; 1120 } 1121 1122 if (desc->cmd.value == MI_LOAD_REGISTER_REG) { 1123 DRM_DEBUG_DRIVER("CMD: Rejected LRR to masked register 0x%08X\n", 1124 reg_addr); 1125 return false; 1126 } 1127 1128 if (desc->cmd.value == MI_LOAD_REGISTER_IMM(1) && 1129 (offset + 2 > length || 1130 (cmd[offset + 1] & reg->mask) != reg->value)) { 1131 DRM_DEBUG_DRIVER("CMD: Rejected LRI to masked register 0x%08X\n", 1132 reg_addr); 1133 return false; 1134 } 1135 } 1136 } 1137 } 1138 1139 if (desc->flags & CMD_DESC_BITMASK) { 1140 int i; 1141 1142 for (i = 0; i < MAX_CMD_DESC_BITMASKS; i++) { 1143 u32 dword; 1144 1145 if (desc->bits[i].mask == 0) 1146 break; 1147 1148 if (desc->bits[i].condition_mask != 0) { 1149 u32 offset = 1150 desc->bits[i].condition_offset; 1151 u32 condition = cmd[offset] & 1152 desc->bits[i].condition_mask; 1153 1154 if (condition == 0) 1155 continue; 1156 } 1157 1158 dword = cmd[desc->bits[i].offset] & 1159 desc->bits[i].mask; 1160 1161 if (dword != desc->bits[i].expected) { 1162 DRM_DEBUG_DRIVER("CMD: Rejected command 0x%08X for bitmask 0x%08X (exp=0x%08X act=0x%08X) (ring=%d)\n", 1163 *cmd, 1164 desc->bits[i].mask, 1165 desc->bits[i].expected, 1166 dword, engine->id); 1167 return false; 1168 } 1169 } 1170 } 1171 1172 return true; 1173 } 1174 1175 #define LENGTH_BIAS 2 1176 1177 /** 1178 * i915_parse_cmds() - parse a submitted batch buffer for privilege violations 1179 * @engine: the engine on which the batch is to execute 1180 * @batch_obj: the batch buffer in question 1181 * @shadow_batch_obj: copy of the batch buffer in question 1182 * @batch_start_offset: byte offset in the batch at which execution starts 1183 * @batch_len: length of the commands in batch_obj 1184 * @is_master: is the submitting process the drm master? 1185 * 1186 * Parses the specified batch buffer looking for privilege violations as 1187 * described in the overview. 1188 * 1189 * Return: non-zero if the parser finds violations or otherwise fails; -EACCES 1190 * if the batch appears legal but should use hardware parsing 1191 */ 1192 int i915_parse_cmds(struct intel_engine_cs *engine, 1193 struct drm_i915_gem_object *batch_obj, 1194 struct drm_i915_gem_object *shadow_batch_obj, 1195 u32 batch_start_offset, 1196 u32 batch_len, 1197 bool is_master) 1198 { 1199 u32 *cmd, *batch_base, *batch_end; 1200 struct drm_i915_cmd_descriptor default_desc = { 0 }; 1201 bool oacontrol_set = false; /* OACONTROL tracking. See check_cmd() */ 1202 int ret = 0; 1203 1204 batch_base = copy_batch(shadow_batch_obj, batch_obj, 1205 batch_start_offset, batch_len); 1206 if (IS_ERR(batch_base)) { 1207 DRM_DEBUG_DRIVER("CMD: Failed to copy batch\n"); 1208 return PTR_ERR(batch_base); 1209 } 1210 1211 /* 1212 * We use the batch length as size because the shadow object is as 1213 * large or larger and copy_batch() will write MI_NOPs to the extra 1214 * space. Parsing should be faster in some cases this way. 1215 */ 1216 batch_end = batch_base + (batch_len / sizeof(*batch_end)); 1217 1218 cmd = batch_base; 1219 while (cmd < batch_end) { 1220 const struct drm_i915_cmd_descriptor *desc; 1221 u32 length; 1222 1223 if (*cmd == MI_BATCH_BUFFER_END) 1224 break; 1225 1226 desc = find_cmd(engine, *cmd, &default_desc); 1227 if (!desc) { 1228 DRM_DEBUG_DRIVER("CMD: Unrecognized command: 0x%08X\n", 1229 *cmd); 1230 ret = -EINVAL; 1231 break; 1232 } 1233 1234 /* 1235 * If the batch buffer contains a chained batch, return an 1236 * error that tells the caller to abort and dispatch the 1237 * workload as a non-secure batch. 1238 */ 1239 if (desc->cmd.value == MI_BATCH_BUFFER_START) { 1240 ret = -EACCES; 1241 break; 1242 } 1243 1244 if (desc->flags & CMD_DESC_FIXED) 1245 length = desc->length.fixed; 1246 else 1247 length = ((*cmd & desc->length.mask) + LENGTH_BIAS); 1248 1249 if ((batch_end - cmd) < length) { 1250 DRM_DEBUG_DRIVER("CMD: Command length exceeds batch length: 0x%08X length=%u batchlen=%td\n", 1251 *cmd, 1252 length, 1253 batch_end - cmd); 1254 ret = -EINVAL; 1255 break; 1256 } 1257 1258 if (!check_cmd(engine, desc, cmd, length, is_master, 1259 &oacontrol_set)) { 1260 ret = -EINVAL; 1261 break; 1262 } 1263 1264 cmd += length; 1265 } 1266 1267 if (oacontrol_set) { 1268 DRM_DEBUG_DRIVER("CMD: batch set OACONTROL but did not clear it\n"); 1269 ret = -EINVAL; 1270 } 1271 1272 if (cmd >= batch_end) { 1273 DRM_DEBUG_DRIVER("CMD: Got to the end of the buffer w/o a BBE cmd!\n"); 1274 ret = -EINVAL; 1275 } 1276 1277 vunmap(batch_base); 1278 1279 return ret; 1280 } 1281 1282 /** 1283 * i915_cmd_parser_get_version() - get the cmd parser version number 1284 * @dev_priv: i915 device private 1285 * 1286 * The cmd parser maintains a simple increasing integer version number suitable 1287 * for passing to userspace clients to determine what operations are permitted. 1288 * 1289 * Return: the current version number of the cmd parser 1290 */ 1291 int i915_cmd_parser_get_version(struct drm_i915_private *dev_priv) 1292 { 1293 struct intel_engine_cs *engine; 1294 bool active = false; 1295 1296 /* If the command parser is not enabled, report 0 - unsupported */ 1297 for_each_engine(engine, dev_priv) { 1298 if (i915_needs_cmd_parser(engine)) { 1299 active = true; 1300 break; 1301 } 1302 } 1303 if (!active) 1304 return 0; 1305 1306 /* 1307 * Command parser version history 1308 * 1309 * 1. Initial version. Checks batches and reports violations, but leaves 1310 * hardware parsing enabled (so does not allow new use cases). 1311 * 2. Allow access to the MI_PREDICATE_SRC0 and 1312 * MI_PREDICATE_SRC1 registers. 1313 * 3. Allow access to the GPGPU_THREADS_DISPATCHED register. 1314 * 4. L3 atomic chicken bits of HSW_SCRATCH1 and HSW_ROW_CHICKEN3. 1315 * 5. GPGPU dispatch compute indirect registers. 1316 * 6. TIMESTAMP register and Haswell CS GPR registers 1317 * 7. Allow MI_LOAD_REGISTER_REG between whitelisted registers. 1318 */ 1319 return 7; 1320 } 1321