1 /* r300_cmdbuf.c -- Command buffer emission for R300 -*- linux-c -*-
3 * Copyright (C) The Weather Channel, Inc. 2002.
4 * Copyright (C) 2004 Nicolai Haehnle.
7 * The Weather Channel (TM) funded Tungsten Graphics to develop the
8 * initial release of the Radeon 8500 driver under the XFree86 license.
9 * This notice must be preserved.
11 * Permission is hereby granted, free of charge, to any person obtaining a
12 * copy of this software and associated documentation files (the "Software"),
13 * to deal in the Software without restriction, including without limitation
14 * the rights to use, copy, modify, merge, publish, distribute, sublicense,
15 * and/or sell copies of the Software, and to permit persons to whom the
16 * Software is furnished to do so, subject to the following conditions:
18 * The above copyright notice and this permission notice (including the next
19 * paragraph) shall be included in all copies or substantial portions of the
22 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
23 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
24 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
25 * PRECISION INSIGHT AND/OR ITS SUPPLIERS BE LIABLE FOR ANY CLAIM, DAMAGES OR
26 * OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
27 * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
28 * DEALINGS IN THE SOFTWARE.
31 * Nicolai Haehnle <prefect_@gmx.net>
36 #include "radeon_drm.h"
37 #include "radeon_drv.h"
40 #define R300_SIMULTANEOUS_CLIPRECTS 4
42 /* Values for R300_RE_CLIPRECT_CNTL depending on the number of cliprects
44 static const int r300_cliprect_cntl[4] = {
52 * Emit up to R300_SIMULTANEOUS_CLIPRECTS cliprects from the given command
53 * buffer, starting with index n.
55 static int r300_emit_cliprects(drm_radeon_private_t *dev_priv,
56 drm_radeon_kcmd_buffer_t *cmdbuf, int n)
63 nr = cmdbuf->nbox - n;
64 if (nr > R300_SIMULTANEOUS_CLIPRECTS)
65 nr = R300_SIMULTANEOUS_CLIPRECTS;
67 DRM_DEBUG("%i cliprects\n", nr);
70 BEGIN_RING(6 + nr * 2);
71 OUT_RING(CP_PACKET0(R300_RE_CLIPRECT_TL_0, nr * 2 - 1));
73 for (i = 0; i < nr; ++i) {
74 if (DRM_COPY_FROM_USER_UNCHECKED
75 (&box, &cmdbuf->boxes[n + i], sizeof(box))) {
76 DRM_ERROR("copy cliprect faulted\n");
77 return DRM_ERR(EFAULT);
82 R300_CLIPRECT_OFFSET) & R300_CLIPRECT_MASK;
85 R300_CLIPRECT_OFFSET) & R300_CLIPRECT_MASK;
88 R300_CLIPRECT_OFFSET) & R300_CLIPRECT_MASK;
91 R300_CLIPRECT_OFFSET) & R300_CLIPRECT_MASK;
93 OUT_RING((box.x1 << R300_CLIPRECT_X_SHIFT) |
94 (box.y1 << R300_CLIPRECT_Y_SHIFT));
95 OUT_RING((box.x2 << R300_CLIPRECT_X_SHIFT) |
96 (box.y2 << R300_CLIPRECT_Y_SHIFT));
99 OUT_RING_REG(R300_RE_CLIPRECT_CNTL, r300_cliprect_cntl[nr - 1]);
101 /* TODO/SECURITY: Force scissors to a safe value, otherwise the
102 * client might be able to trample over memory.
103 * The impact should be very limited, but I'd rather be safe than
106 OUT_RING(CP_PACKET0(R300_RE_SCISSORS_TL, 1));
108 OUT_RING(R300_SCISSORS_X_MASK | R300_SCISSORS_Y_MASK);
111 /* Why we allow zero cliprect rendering:
112 * There are some commands in a command buffer that must be submitted
113 * even when there are no cliprects, e.g. DMA buffer discard
114 * or state setting (though state setting could be avoided by
115 * simulating a loss of context).
117 * Now since the cmdbuf interface is so chaotic right now (and is
118 * bound to remain that way for a bit until things settle down),
119 * it is basically impossible to filter out the commands that are
120 * necessary and those that aren't.
122 * So I choose the safe way and don't do any filtering at all;
123 * instead, I simply set up the engine so that all rendering
124 * can't produce any fragments.
127 OUT_RING_REG(R300_RE_CLIPRECT_CNTL, 0);
134 static u8 r300_reg_flags[0x10000 >> 2];
136 void r300_init_reg_flags(void)
139 memset(r300_reg_flags, 0, 0x10000 >> 2);
140 #define ADD_RANGE_MARK(reg, count,mark) \
141 for(i=((reg)>>2);i<((reg)>>2)+(count);i++)\
142 r300_reg_flags[i]|=(mark);
145 #define MARK_CHECK_OFFSET 2
147 #define ADD_RANGE(reg, count) ADD_RANGE_MARK(reg, count, MARK_SAFE)
149 /* these match cmducs() command in r300_driver/r300/r300_cmdbuf.c */
150 ADD_RANGE(R300_SE_VPORT_XSCALE, 6);
151 ADD_RANGE(0x2080, 1);
152 ADD_RANGE(R300_SE_VTE_CNTL, 2);
153 ADD_RANGE(0x2134, 2);
154 ADD_RANGE(0x2140, 1);
155 ADD_RANGE(R300_VAP_INPUT_CNTL_0, 2);
156 ADD_RANGE(0x21DC, 1);
157 ADD_RANGE(0x221C, 1);
158 ADD_RANGE(0x2220, 4);
159 ADD_RANGE(0x2288, 1);
160 ADD_RANGE(R300_VAP_OUTPUT_VTX_FMT_0, 2);
161 ADD_RANGE(R300_VAP_PVS_CNTL_1, 3);
162 ADD_RANGE(R300_GB_ENABLE, 1);
163 ADD_RANGE(R300_GB_MSPOS0, 5);
164 ADD_RANGE(R300_TX_CNTL, 1);
165 ADD_RANGE(R300_TX_ENABLE, 1);
166 ADD_RANGE(0x4200, 4);
167 ADD_RANGE(0x4214, 1);
168 ADD_RANGE(R300_RE_POINTSIZE, 1);
169 ADD_RANGE(0x4230, 3);
170 ADD_RANGE(R300_RE_LINE_CNT, 1);
171 ADD_RANGE(0x4238, 1);
172 ADD_RANGE(0x4260, 3);
173 ADD_RANGE(0x4274, 4);
174 ADD_RANGE(0x4288, 5);
175 ADD_RANGE(0x42A0, 1);
176 ADD_RANGE(R300_RE_ZBIAS_T_FACTOR, 4);
177 ADD_RANGE(0x42B4, 1);
178 ADD_RANGE(R300_RE_CULL_CNTL, 1);
179 ADD_RANGE(0x42C0, 2);
180 ADD_RANGE(R300_RS_CNTL_0, 2);
181 ADD_RANGE(R300_RS_INTERP_0, 8);
182 ADD_RANGE(R300_RS_ROUTE_0, 8);
183 ADD_RANGE(0x43A4, 2);
184 ADD_RANGE(0x43E8, 1);
185 ADD_RANGE(R300_PFS_CNTL_0, 3);
186 ADD_RANGE(R300_PFS_NODE_0, 4);
187 ADD_RANGE(R300_PFS_TEXI_0, 64);
188 ADD_RANGE(0x46A4, 5);
189 ADD_RANGE(R300_PFS_INSTR0_0, 64);
190 ADD_RANGE(R300_PFS_INSTR1_0, 64);
191 ADD_RANGE(R300_PFS_INSTR2_0, 64);
192 ADD_RANGE(R300_PFS_INSTR3_0, 64);
193 ADD_RANGE(0x4BC0, 1);
194 ADD_RANGE(0x4BC8, 3);
195 ADD_RANGE(R300_PP_ALPHA_TEST, 2);
196 ADD_RANGE(0x4BD8, 1);
197 ADD_RANGE(R300_PFS_PARAM_0_X, 64);
198 ADD_RANGE(0x4E00, 1);
199 ADD_RANGE(R300_RB3D_CBLEND, 2);
200 ADD_RANGE(R300_RB3D_COLORMASK, 1);
201 ADD_RANGE(0x4E10, 3);
202 ADD_RANGE_MARK(R300_RB3D_COLOROFFSET0, 1, MARK_CHECK_OFFSET); /* check offset */
203 ADD_RANGE(R300_RB3D_COLORPITCH0, 1);
204 ADD_RANGE(0x4E50, 9);
205 ADD_RANGE(0x4E88, 1);
206 ADD_RANGE(0x4EA0, 2);
207 ADD_RANGE(R300_RB3D_ZSTENCIL_CNTL_0, 3);
208 ADD_RANGE(0x4F10, 4);
209 ADD_RANGE_MARK(R300_RB3D_DEPTHOFFSET, 1, MARK_CHECK_OFFSET); /* check offset */
210 ADD_RANGE(R300_RB3D_DEPTHPITCH, 1);
211 ADD_RANGE(0x4F28, 1);
212 ADD_RANGE(0x4F30, 2);
213 ADD_RANGE(0x4F44, 1);
214 ADD_RANGE(0x4F54, 1);
216 ADD_RANGE(R300_TX_FILTER_0, 16);
217 ADD_RANGE(R300_TX_FILTER1_0, 16);
218 ADD_RANGE(R300_TX_SIZE_0, 16);
219 ADD_RANGE(R300_TX_FORMAT_0, 16);
220 ADD_RANGE(R300_TX_PITCH_0, 16);
221 /* Texture offset is dangerous and needs more checking */
222 ADD_RANGE_MARK(R300_TX_OFFSET_0, 16, MARK_CHECK_OFFSET);
223 ADD_RANGE(R300_TX_CHROMA_KEY_0, 16);
224 ADD_RANGE(R300_TX_BORDER_COLOR_0, 16);
226 /* Sporadic registers used as primitives are emitted */
227 ADD_RANGE(0x4f18, 1);
228 ADD_RANGE(R300_RB3D_DSTCACHE_CTLSTAT, 1);
229 ADD_RANGE(R300_VAP_INPUT_ROUTE_0_0, 8);
230 ADD_RANGE(R300_VAP_INPUT_ROUTE_1_0, 8);
234 static __inline__ int r300_check_range(unsigned reg, int count)
239 for (i = (reg >> 2); i < (reg >> 2) + count; i++)
240 if (r300_reg_flags[i] != MARK_SAFE)
246 * we expect offsets passed to the framebuffer to be either within video
247 * memory or within AGP space
249 static __inline__ int r300_check_offset(drm_radeon_private_t *dev_priv,
252 /* we realy want to check against end of video aperture
253 but this value is not being kept.
254 This code is correct for now (does the same thing as the
255 code that sets MC_FB_LOCATION) in radeon_cp.c */
256 if (offset >= dev_priv->fb_location &&
257 offset < (dev_priv->fb_location + dev_priv->fb_size))
259 if (offset >= dev_priv->gart_vm_start &&
260 offset < (dev_priv->gart_vm_start + dev_priv->gart_size))
265 static __inline__ int r300_emit_carefully_checked_packet0(drm_radeon_private_t *
267 drm_radeon_kcmd_buffer_t
269 drm_r300_cmd_header_t
278 sz = header.packet0.count;
279 reg = (header.packet0.reghi << 8) | header.packet0.reglo;
281 if ((sz > 64) || (sz < 0)) {
283 ("Cannot emit more than 64 values at a time (reg=%04x sz=%d)\n",
285 return DRM_ERR(EINVAL);
287 for (i = 0; i < sz; i++) {
288 values[i] = ((int *)cmdbuf->buf)[i];
289 switch (r300_reg_flags[(reg >> 2) + i]) {
292 case MARK_CHECK_OFFSET:
293 if (r300_check_offset(dev_priv, (u32) values[i])) {
295 ("Offset failed range check (reg=%04x sz=%d)\n",
297 return DRM_ERR(EINVAL);
301 DRM_ERROR("Register %04x failed check as flag=%02x\n",
302 reg + i * 4, r300_reg_flags[(reg >> 2) + i]);
303 return DRM_ERR(EINVAL);
308 OUT_RING(CP_PACKET0(reg, sz - 1));
309 OUT_RING_TABLE(values, sz);
312 cmdbuf->buf += sz * 4;
313 cmdbuf->bufsz -= sz * 4;
319 * Emits a packet0 setting arbitrary registers.
320 * Called by r300_do_cp_cmdbuf.
322 * Note that checks are performed on contents and addresses of the registers
324 static __inline__ int r300_emit_packet0(drm_radeon_private_t *dev_priv,
325 drm_radeon_kcmd_buffer_t *cmdbuf,
326 drm_r300_cmd_header_t header)
332 sz = header.packet0.count;
333 reg = (header.packet0.reghi << 8) | header.packet0.reglo;
338 if (sz * 4 > cmdbuf->bufsz)
339 return DRM_ERR(EINVAL);
341 if (reg + sz * 4 >= 0x10000) {
342 DRM_ERROR("No such registers in hardware reg=%04x sz=%d\n", reg,
344 return DRM_ERR(EINVAL);
347 if (r300_check_range(reg, sz)) {
348 /* go and check everything */
349 return r300_emit_carefully_checked_packet0(dev_priv, cmdbuf,
352 /* the rest of the data is safe to emit, whatever the values the user passed */
355 OUT_RING(CP_PACKET0(reg, sz - 1));
356 OUT_RING_TABLE((int *)cmdbuf->buf, sz);
359 cmdbuf->buf += sz * 4;
360 cmdbuf->bufsz -= sz * 4;
366 * Uploads user-supplied vertex program instructions or parameters onto
368 * Called by r300_do_cp_cmdbuf.
370 static __inline__ int r300_emit_vpu(drm_radeon_private_t *dev_priv,
371 drm_radeon_kcmd_buffer_t *cmdbuf,
372 drm_r300_cmd_header_t header)
378 sz = header.vpu.count;
379 addr = (header.vpu.adrhi << 8) | header.vpu.adrlo;
383 if (sz * 16 > cmdbuf->bufsz)
384 return DRM_ERR(EINVAL);
386 BEGIN_RING(5 + sz * 4);
387 /* Wait for VAP to come to senses.. */
388 /* there is no need to emit it multiple times, (only once before VAP is programmed,
389 but this optimization is for later */
390 OUT_RING_REG(R300_VAP_PVS_WAITIDLE, 0);
391 OUT_RING_REG(R300_VAP_PVS_UPLOAD_ADDRESS, addr);
392 OUT_RING(CP_PACKET0_TABLE(R300_VAP_PVS_UPLOAD_DATA, sz * 4 - 1));
393 OUT_RING_TABLE((int *)cmdbuf->buf, sz * 4);
397 cmdbuf->buf += sz * 16;
398 cmdbuf->bufsz -= sz * 16;
404 * Emit a clear packet from userspace.
405 * Called by r300_emit_packet3.
407 static __inline__ int r300_emit_clear(drm_radeon_private_t *dev_priv,
408 drm_radeon_kcmd_buffer_t *cmdbuf)
412 if (8 * 4 > cmdbuf->bufsz)
413 return DRM_ERR(EINVAL);
416 OUT_RING(CP_PACKET3(R200_3D_DRAW_IMMD_2, 8));
417 OUT_RING(R300_PRIM_TYPE_POINT | R300_PRIM_WALK_RING |
418 (1 << R300_PRIM_NUM_VERTICES_SHIFT));
419 OUT_RING_TABLE((int *)cmdbuf->buf, 8);
422 cmdbuf->buf += 8 * 4;
423 cmdbuf->bufsz -= 8 * 4;
428 static __inline__ int r300_emit_3d_load_vbpntr(drm_radeon_private_t *dev_priv,
429 drm_radeon_kcmd_buffer_t *cmdbuf,
433 #define MAX_ARRAY_PACKET 64
434 u32 payload[MAX_ARRAY_PACKET];
438 count = (header >> 16) & 0x3fff;
440 if ((count + 1) > MAX_ARRAY_PACKET) {
441 DRM_ERROR("Too large payload in 3D_LOAD_VBPNTR (count=%d)\n",
443 return DRM_ERR(EINVAL);
445 memset(payload, 0, MAX_ARRAY_PACKET * 4);
446 memcpy(payload, cmdbuf->buf + 4, (count + 1) * 4);
448 /* carefully check packet contents */
450 narrays = payload[0];
453 while ((k < narrays) && (i < (count + 1))) {
454 i++; /* skip attribute field */
455 if (r300_check_offset(dev_priv, payload[i])) {
457 ("Offset failed range check (k=%d i=%d) while processing 3D_LOAD_VBPNTR packet.\n",
459 return DRM_ERR(EINVAL);
465 /* have one more to process, they come in pairs */
466 if (r300_check_offset(dev_priv, payload[i])) {
468 ("Offset failed range check (k=%d i=%d) while processing 3D_LOAD_VBPNTR packet.\n",
470 return DRM_ERR(EINVAL);
475 /* do the counts match what we expect ? */
476 if ((k != narrays) || (i != (count + 1))) {
478 ("Malformed 3D_LOAD_VBPNTR packet (k=%d i=%d narrays=%d count+1=%d).\n",
479 k, i, narrays, count + 1);
480 return DRM_ERR(EINVAL);
483 /* all clear, output packet */
485 BEGIN_RING(count + 2);
487 OUT_RING_TABLE(payload, count + 1);
490 cmdbuf->buf += (count + 2) * 4;
491 cmdbuf->bufsz -= (count + 2) * 4;
496 static __inline__ int r300_emit_bitblt_multi(drm_radeon_private_t *dev_priv,
497 drm_radeon_kcmd_buffer_t *cmdbuf)
499 u32 *cmd = (u32 *) cmdbuf->buf;
503 count=(cmd[0]>>16) & 0x3fff;
505 if (cmd[0] & 0x8000) {
508 if (cmd[1] & (RADEON_GMC_SRC_PITCH_OFFSET_CNTL
509 | RADEON_GMC_DST_PITCH_OFFSET_CNTL)) {
510 offset = cmd[2] << 10;
511 ret = r300_check_offset(dev_priv, offset);
513 DRM_ERROR("Invalid bitblt first offset is %08X\n", offset);
514 return DRM_ERR(EINVAL);
518 if ((cmd[1] & RADEON_GMC_SRC_PITCH_OFFSET_CNTL) &&
519 (cmd[1] & RADEON_GMC_DST_PITCH_OFFSET_CNTL)) {
520 offset = cmd[3] << 10;
521 ret = r300_check_offset(dev_priv, offset);
523 DRM_ERROR("Invalid bitblt second offset is %08X\n", offset);
524 return DRM_ERR(EINVAL);
532 OUT_RING_TABLE((int *)(cmdbuf->buf + 4), count + 1);
535 cmdbuf->buf += (count+2)*4;
536 cmdbuf->bufsz -= (count+2)*4;
541 static __inline__ int r300_emit_indx_buffer(drm_radeon_private_t *dev_priv,
542 drm_radeon_kcmd_buffer_t *cmdbuf)
544 u32 *cmd = (u32 *) cmdbuf->buf;
548 count=(cmd[0]>>16) & 0x3fff;
550 if ((cmd[1] & 0x8000ffff) != 0x80000810) {
551 DRM_ERROR("Invalid indx_buffer reg address %08X\n", cmd[1]);
552 return DRM_ERR(EINVAL);
554 ret = r300_check_offset(dev_priv, cmd[2]);
556 DRM_ERROR("Invalid indx_buffer offset is %08X\n", cmd[2]);
557 return DRM_ERR(EINVAL);
562 OUT_RING_TABLE((int *)(cmdbuf->buf + 4), count + 1);
565 cmdbuf->buf += (count+2)*4;
566 cmdbuf->bufsz -= (count+2)*4;
571 static __inline__ int r300_emit_raw_packet3(drm_radeon_private_t *dev_priv,
572 drm_radeon_kcmd_buffer_t *cmdbuf)
578 if (4 > cmdbuf->bufsz)
579 return DRM_ERR(EINVAL);
581 /* Fixme !! This simply emits a packet without much checking.
582 We need to be smarter. */
584 /* obtain first word - actual packet3 header */
585 header = *(u32 *) cmdbuf->buf;
587 /* Is it packet 3 ? */
588 if ((header >> 30) != 0x3) {
589 DRM_ERROR("Not a packet3 header (0x%08x)\n", header);
590 return DRM_ERR(EINVAL);
593 count = (header >> 16) & 0x3fff;
595 /* Check again now that we know how much data to expect */
596 if ((count + 2) * 4 > cmdbuf->bufsz) {
598 ("Expected packet3 of length %d but have only %d bytes left\n",
599 (count + 2) * 4, cmdbuf->bufsz);
600 return DRM_ERR(EINVAL);
603 /* Is it a packet type we know about ? */
604 switch (header & 0xff00) {
605 case RADEON_3D_LOAD_VBPNTR: /* load vertex array pointers */
606 return r300_emit_3d_load_vbpntr(dev_priv, cmdbuf, header);
608 case RADEON_CNTL_BITBLT_MULTI:
609 return r300_emit_bitblt_multi(dev_priv, cmdbuf);
611 case RADEON_CP_INDX_BUFFER: /* DRAW_INDX_2 without INDX_BUFFER seems to lock up the gpu */
612 return r300_emit_indx_buffer(dev_priv, cmdbuf);
613 case RADEON_CP_3D_DRAW_IMMD_2: /* triggers drawing using in-packet vertex data */
614 case RADEON_CP_3D_DRAW_VBUF_2: /* triggers drawing of vertex buffers setup elsewhere */
615 case RADEON_CP_3D_DRAW_INDX_2: /* triggers drawing using indices to vertex buffer */
616 case RADEON_WAIT_FOR_IDLE:
618 /* these packets are safe */
621 DRM_ERROR("Unknown packet3 header (0x%08x)\n", header);
622 return DRM_ERR(EINVAL);
625 BEGIN_RING(count + 2);
627 OUT_RING_TABLE((int *)(cmdbuf->buf + 4), count + 1);
630 cmdbuf->buf += (count + 2) * 4;
631 cmdbuf->bufsz -= (count + 2) * 4;
637 * Emit a rendering packet3 from userspace.
638 * Called by r300_do_cp_cmdbuf.
640 static __inline__ int r300_emit_packet3(drm_radeon_private_t *dev_priv,
641 drm_radeon_kcmd_buffer_t *cmdbuf,
642 drm_r300_cmd_header_t header)
646 char *orig_buf = cmdbuf->buf;
647 int orig_bufsz = cmdbuf->bufsz;
649 /* This is a do-while-loop so that we run the interior at least once,
650 * even if cmdbuf->nbox is 0. Compare r300_emit_cliprects for rationale.
654 if (cmdbuf->nbox > R300_SIMULTANEOUS_CLIPRECTS) {
655 ret = r300_emit_cliprects(dev_priv, cmdbuf, n);
659 cmdbuf->buf = orig_buf;
660 cmdbuf->bufsz = orig_bufsz;
663 switch (header.packet3.packet) {
664 case R300_CMD_PACKET3_CLEAR:
665 DRM_DEBUG("R300_CMD_PACKET3_CLEAR\n");
666 ret = r300_emit_clear(dev_priv, cmdbuf);
668 DRM_ERROR("r300_emit_clear failed\n");
673 case R300_CMD_PACKET3_RAW:
674 DRM_DEBUG("R300_CMD_PACKET3_RAW\n");
675 ret = r300_emit_raw_packet3(dev_priv, cmdbuf);
677 DRM_ERROR("r300_emit_raw_packet3 failed\n");
683 DRM_ERROR("bad packet3 type %i at %p\n",
684 header.packet3.packet,
685 cmdbuf->buf - sizeof(header));
686 return DRM_ERR(EINVAL);
689 n += R300_SIMULTANEOUS_CLIPRECTS;
690 } while (n < cmdbuf->nbox);
695 /* Some of the R300 chips seem to be extremely touchy about the two registers
696 * that are configured in r300_pacify.
697 * Among the worst offenders seems to be the R300 ND (0x4E44): When userspace
698 * sends a command buffer that contains only state setting commands and a
699 * vertex program/parameter upload sequence, this will eventually lead to a
700 * lockup, unless the sequence is bracketed by calls to r300_pacify.
701 * So we should take great care to *always* call r300_pacify before
702 * *anything* 3D related, and again afterwards. This is what the
703 * call bracket in r300_do_cp_cmdbuf is for.
707 * Emit the sequence to pacify R300.
709 static __inline__ void r300_pacify(drm_radeon_private_t *dev_priv)
714 OUT_RING(CP_PACKET0(R300_RB3D_DSTCACHE_CTLSTAT, 0));
716 OUT_RING(CP_PACKET0(0x4f18, 0));
718 OUT_RING(CP_PACKET3(RADEON_CP_NOP, 0));
724 * Called by r300_do_cp_cmdbuf to update the internal buffer age and state.
725 * The actual age emit is done by r300_do_cp_cmdbuf, which is why you must
726 * be careful about how this function is called.
728 static void r300_discard_buffer(drm_device_t * dev, drm_buf_t * buf)
730 drm_radeon_private_t *dev_priv = dev->dev_private;
731 drm_radeon_buf_priv_t *buf_priv = buf->dev_private;
733 buf_priv->age = ++dev_priv->sarea_priv->last_dispatch;
738 static int r300_scratch(drm_radeon_private_t *dev_priv,
739 drm_radeon_kcmd_buffer_t *cmdbuf,
740 drm_r300_cmd_header_t header)
743 u32 i, buf_idx, h_pending;
747 (sizeof(u64) + header.scratch.n_bufs * sizeof(buf_idx))) {
748 return DRM_ERR(EINVAL);
751 if (header.scratch.reg >= 5) {
752 return DRM_ERR(EINVAL);
755 dev_priv->scratch_ages[header.scratch.reg]++;
757 ref_age_base = (u32 *)(unsigned long)*((uint64_t *)cmdbuf->buf);
759 cmdbuf->buf += sizeof(u64);
760 cmdbuf->bufsz -= sizeof(u64);
762 for (i=0; i < header.scratch.n_bufs; i++) {
763 buf_idx = *(u32 *)cmdbuf->buf;
764 buf_idx *= 2; /* 8 bytes per buf */
766 if (DRM_COPY_TO_USER(ref_age_base + buf_idx, &dev_priv->scratch_ages[header.scratch.reg], sizeof(u32))) {
767 return DRM_ERR(EINVAL);
770 if (DRM_COPY_FROM_USER(&h_pending, ref_age_base + buf_idx + 1, sizeof(u32))) {
771 return DRM_ERR(EINVAL);
774 if (h_pending == 0) {
775 return DRM_ERR(EINVAL);
780 if (DRM_COPY_TO_USER(ref_age_base + buf_idx + 1, &h_pending, sizeof(u32))) {
781 return DRM_ERR(EINVAL);
784 cmdbuf->buf += sizeof(buf_idx);
785 cmdbuf->bufsz -= sizeof(buf_idx);
789 OUT_RING(CP_PACKET0(RADEON_SCRATCH_REG0 + header.scratch.reg * 4, 0));
790 OUT_RING(dev_priv->scratch_ages[header.scratch.reg]);
797 * Parses and validates a user-supplied command buffer and emits appropriate
798 * commands on the DMA ring buffer.
799 * Called by the ioctl handler function radeon_cp_cmdbuf.
801 int r300_do_cp_cmdbuf(drm_device_t *dev,
803 drm_file_t *filp_priv,
804 drm_radeon_kcmd_buffer_t *cmdbuf)
806 drm_radeon_private_t *dev_priv = dev->dev_private;
807 drm_device_dma_t *dma = dev->dma;
808 drm_buf_t *buf = NULL;
809 int emit_dispatch_age = 0;
814 /* See the comment above r300_emit_begin3d for why this call must be here,
815 * and what the cleanup gotos are for. */
816 r300_pacify(dev_priv);
818 if (cmdbuf->nbox <= R300_SIMULTANEOUS_CLIPRECTS) {
819 ret = r300_emit_cliprects(dev_priv, cmdbuf, 0);
824 while (cmdbuf->bufsz >= sizeof(drm_r300_cmd_header_t)) {
826 drm_r300_cmd_header_t header;
828 header.u = *(unsigned int *)cmdbuf->buf;
830 cmdbuf->buf += sizeof(header);
831 cmdbuf->bufsz -= sizeof(header);
833 switch (header.header.cmd_type) {
834 case R300_CMD_PACKET0:
835 DRM_DEBUG("R300_CMD_PACKET0\n");
836 ret = r300_emit_packet0(dev_priv, cmdbuf, header);
838 DRM_ERROR("r300_emit_packet0 failed\n");
844 DRM_DEBUG("R300_CMD_VPU\n");
845 ret = r300_emit_vpu(dev_priv, cmdbuf, header);
847 DRM_ERROR("r300_emit_vpu failed\n");
852 case R300_CMD_PACKET3:
853 DRM_DEBUG("R300_CMD_PACKET3\n");
854 ret = r300_emit_packet3(dev_priv, cmdbuf, header);
856 DRM_ERROR("r300_emit_packet3 failed\n");
862 DRM_DEBUG("R300_CMD_END3D\n");
864 Ideally userspace driver should not need to issue this call,
865 i.e. the drm driver should issue it automatically and prevent
868 In practice, we do not understand why this call is needed and what
869 it does (except for some vague guesses that it has to do with cache
870 coherence) and so the user space driver does it.
872 Once we are sure which uses prevent lockups the code could be moved
873 into the kernel and the userspace driver will not
874 need to use this command.
876 Note that issuing this command does not hurt anything
877 except, possibly, performance */
878 r300_pacify(dev_priv);
881 case R300_CMD_CP_DELAY:
882 /* simple enough, we can do it here */
883 DRM_DEBUG("R300_CMD_CP_DELAY\n");
888 BEGIN_RING(header.delay.count);
889 for (i = 0; i < header.delay.count; i++)
890 OUT_RING(RADEON_CP_PACKET2);
895 case R300_CMD_DMA_DISCARD:
896 DRM_DEBUG("RADEON_CMD_DMA_DISCARD\n");
897 idx = header.dma.buf_idx;
898 if (idx < 0 || idx >= dma->buf_count) {
899 DRM_ERROR("buffer index %d (of %d max)\n",
900 idx, dma->buf_count - 1);
901 ret = DRM_ERR(EINVAL);
905 buf = dma->buflist[idx];
906 if (buf->filp != filp || buf->pending) {
907 DRM_ERROR("bad buffer %p %p %d\n",
908 buf->filp, filp, buf->pending);
909 ret = DRM_ERR(EINVAL);
913 emit_dispatch_age = 1;
914 r300_discard_buffer(dev, buf);
918 /* simple enough, we can do it here */
919 DRM_DEBUG("R300_CMD_WAIT\n");
920 if (header.wait.flags == 0)
921 break; /* nothing to do */
927 OUT_RING(CP_PACKET0(RADEON_WAIT_UNTIL, 0));
928 OUT_RING((header.wait.flags & 0xf) << 14);
933 case R300_CMD_SCRATCH:
934 DRM_DEBUG("R300_CMD_SCRATCH\n");
935 ret = r300_scratch(dev_priv, cmdbuf, header);
937 DRM_ERROR("r300_scratch failed\n");
943 DRM_ERROR("bad cmd_type %i at %p\n",
944 header.header.cmd_type,
945 cmdbuf->buf - sizeof(header));
946 ret = DRM_ERR(EINVAL);
954 r300_pacify(dev_priv);
956 /* We emit the vertex buffer age here, outside the pacifier "brackets"
958 * (1) This may coalesce multiple age emissions into a single one and
959 * (2) more importantly, some chips lock up hard when scratch registers
960 * are written inside the pacifier bracket.
962 if (emit_dispatch_age) {
965 /* Emit the vertex buffer age */
967 RADEON_DISPATCH_AGE(dev_priv->sarea_priv->last_dispatch);
projects / linux-drm-fsl-dcu.git / blob