1 /* r300_cmdbuf.c -- Command buffer emission for R300 -*- linux-c -*-
3 * Copyright (C) The Weather Channel, Inc. 2002.
4 * Copyright (C) 2004 Nicolai Haehnle.
7 * The Weather Channel (TM) funded Tungsten Graphics to develop the
8 * initial release of the Radeon 8500 driver under the XFree86 license.
9 * This notice must be preserved.
11 * Permission is hereby granted, free of charge, to any person obtaining a
12 * copy of this software and associated documentation files (the "Software"),
13 * to deal in the Software without restriction, including without limitation
14 * the rights to use, copy, modify, merge, publish, distribute, sublicense,
15 * and/or sell copies of the Software, and to permit persons to whom the
16 * Software is furnished to do so, subject to the following conditions:
18 * The above copyright notice and this permission notice (including the next
19 * paragraph) shall be included in all copies or substantial portions of the
22 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
23 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
24 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
25 * PRECISION INSIGHT AND/OR ITS SUPPLIERS BE LIABLE FOR ANY CLAIM, DAMAGES OR
26 * OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
27 * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
28 * DEALINGS IN THE SOFTWARE.
31 * Nicolai Haehnle <prefect_@gmx.net>
36 #include "radeon_drm.h"
37 #include "radeon_drv.h"
40 #define R300_SIMULTANEOUS_CLIPRECTS 4
42 /* Values for R300_RE_CLIPRECT_CNTL depending on the number of cliprects
44 static const int r300_cliprect_cntl[4] = {
52 * Emit up to R300_SIMULTANEOUS_CLIPRECTS cliprects from the given command
53 * buffer, starting with index n.
55 static int r300_emit_cliprects(drm_radeon_private_t *dev_priv,
56 drm_radeon_kcmd_buffer_t *cmdbuf, int n)
63 nr = cmdbuf->nbox - n;
64 if (nr > R300_SIMULTANEOUS_CLIPRECTS)
65 nr = R300_SIMULTANEOUS_CLIPRECTS;
67 DRM_DEBUG("%i cliprects\n", nr);
70 BEGIN_RING(6 + nr * 2);
71 OUT_RING(CP_PACKET0(R300_RE_CLIPRECT_TL_0, nr * 2 - 1));
73 for (i = 0; i < nr; ++i) {
74 if (DRM_COPY_FROM_USER_UNCHECKED
75 (&box, &cmdbuf->boxes[n + i], sizeof(box))) {
76 DRM_ERROR("copy cliprect faulted\n");
77 return DRM_ERR(EFAULT);
82 R300_CLIPRECT_OFFSET) & R300_CLIPRECT_MASK;
85 R300_CLIPRECT_OFFSET) & R300_CLIPRECT_MASK;
88 R300_CLIPRECT_OFFSET) & R300_CLIPRECT_MASK;
91 R300_CLIPRECT_OFFSET) & R300_CLIPRECT_MASK;
93 OUT_RING((box.x1 << R300_CLIPRECT_X_SHIFT) |
94 (box.y1 << R300_CLIPRECT_Y_SHIFT));
95 OUT_RING((box.x2 << R300_CLIPRECT_X_SHIFT) |
96 (box.y2 << R300_CLIPRECT_Y_SHIFT));
99 OUT_RING_REG(R300_RE_CLIPRECT_CNTL, r300_cliprect_cntl[nr - 1]);
101 /* TODO/SECURITY: Force scissors to a safe value, otherwise the
102 * client might be able to trample over memory.
103 * The impact should be very limited, but I'd rather be safe than
106 OUT_RING(CP_PACKET0(R300_RE_SCISSORS_TL, 1));
108 OUT_RING(R300_SCISSORS_X_MASK | R300_SCISSORS_Y_MASK);
111 /* Why we allow zero cliprect rendering:
112 * There are some commands in a command buffer that must be submitted
113 * even when there are no cliprects, e.g. DMA buffer discard
114 * or state setting (though state setting could be avoided by
115 * simulating a loss of context).
117 * Now since the cmdbuf interface is so chaotic right now (and is
118 * bound to remain that way for a bit until things settle down),
119 * it is basically impossible to filter out the commands that are
120 * necessary and those that aren't.
122 * So I choose the safe way and don't do any filtering at all;
123 * instead, I simply set up the engine so that all rendering
124 * can't produce any fragments.
127 OUT_RING_REG(R300_RE_CLIPRECT_CNTL, 0);
134 static u8 r300_reg_flags[0x10000 >> 2];
136 void r300_init_reg_flags(void)
139 memset(r300_reg_flags, 0, 0x10000 >> 2);
140 #define ADD_RANGE_MARK(reg, count,mark) \
141 for(i=((reg)>>2);i<((reg)>>2)+(count);i++)\
142 r300_reg_flags[i]|=(mark);
145 #define MARK_CHECK_OFFSET 2
147 #define ADD_RANGE(reg, count) ADD_RANGE_MARK(reg, count, MARK_SAFE)
149 /* these match cmducs() command in r300_driver/r300/r300_cmdbuf.c */
150 ADD_RANGE(R300_SE_VPORT_XSCALE, 6);
151 ADD_RANGE(0x2080, 1);
152 ADD_RANGE(R300_SE_VTE_CNTL, 2);
153 ADD_RANGE(0x2134, 2);
154 ADD_RANGE(0x2140, 1);
155 ADD_RANGE(R300_VAP_INPUT_CNTL_0, 2);
156 ADD_RANGE(0x21DC, 1);
157 ADD_RANGE(0x221C, 1);
158 ADD_RANGE(0x2220, 4);
159 ADD_RANGE(0x2288, 1);
160 ADD_RANGE(R300_VAP_OUTPUT_VTX_FMT_0, 2);
161 ADD_RANGE(R300_VAP_PVS_CNTL_1, 3);
162 ADD_RANGE(R300_GB_ENABLE, 1);
163 ADD_RANGE(R300_GB_MSPOS0, 5);
164 ADD_RANGE(R300_TX_CNTL, 1);
165 ADD_RANGE(R300_TX_ENABLE, 1);
166 ADD_RANGE(0x4200, 4);
167 ADD_RANGE(0x4214, 1);
168 ADD_RANGE(R300_RE_POINTSIZE, 1);
169 ADD_RANGE(0x4230, 3);
170 ADD_RANGE(R300_RE_LINE_CNT, 1);
171 ADD_RANGE(0x4238, 1);
172 ADD_RANGE(0x4260, 3);
173 ADD_RANGE(0x4274, 4);
174 ADD_RANGE(0x4288, 5);
175 ADD_RANGE(0x42A0, 1);
176 ADD_RANGE(R300_RE_ZBIAS_T_FACTOR, 4);
177 ADD_RANGE(0x42B4, 1);
178 ADD_RANGE(R300_RE_CULL_CNTL, 1);
179 ADD_RANGE(0x42C0, 2);
180 ADD_RANGE(R300_RS_CNTL_0, 2);
181 ADD_RANGE(R300_RS_INTERP_0, 8);
182 ADD_RANGE(R300_RS_ROUTE_0, 8);
183 ADD_RANGE(0x43A4, 2);
184 ADD_RANGE(0x43E8, 1);
185 ADD_RANGE(R300_PFS_CNTL_0, 3);
186 ADD_RANGE(R300_PFS_NODE_0, 4);
187 ADD_RANGE(R300_PFS_TEXI_0, 64);
188 ADD_RANGE(0x46A4, 5);
189 ADD_RANGE(R300_PFS_INSTR0_0, 64);
190 ADD_RANGE(R300_PFS_INSTR1_0, 64);
191 ADD_RANGE(R300_PFS_INSTR2_0, 64);
192 ADD_RANGE(R300_PFS_INSTR3_0, 64);
193 ADD_RANGE(0x4BC0, 1);
194 ADD_RANGE(0x4BC8, 3);
195 ADD_RANGE(R300_PP_ALPHA_TEST, 2);
196 ADD_RANGE(0x4BD8, 1);
197 ADD_RANGE(R300_PFS_PARAM_0_X, 64);
198 ADD_RANGE(0x4E00, 1);
199 ADD_RANGE(R300_RB3D_CBLEND, 2);
200 ADD_RANGE(R300_RB3D_COLORMASK, 1);
201 ADD_RANGE(0x4E10, 3);
202 ADD_RANGE_MARK(R300_RB3D_COLOROFFSET0, 1, MARK_CHECK_OFFSET); /* check offset */
203 ADD_RANGE(R300_RB3D_COLORPITCH0, 1);
204 ADD_RANGE(0x4E50, 9);
205 ADD_RANGE(0x4E88, 1);
206 ADD_RANGE(0x4EA0, 2);
207 ADD_RANGE(R300_RB3D_ZSTENCIL_CNTL_0, 3);
208 ADD_RANGE(0x4F10, 4);
209 ADD_RANGE_MARK(R300_RB3D_DEPTHOFFSET, 1, MARK_CHECK_OFFSET); /* check offset */
210 ADD_RANGE(R300_RB3D_DEPTHPITCH, 1);
211 ADD_RANGE(0x4F28, 1);
212 ADD_RANGE(0x4F30, 2);
213 ADD_RANGE(0x4F44, 1);
214 ADD_RANGE(0x4F54, 1);
216 ADD_RANGE(R300_TX_FILTER_0, 16);
217 ADD_RANGE(R300_TX_FILTER1_0, 16);
218 ADD_RANGE(R300_TX_SIZE_0, 16);
219 ADD_RANGE(R300_TX_FORMAT_0, 16);
220 ADD_RANGE(R300_TX_PITCH_0, 16);
221 /* Texture offset is dangerous and needs more checking */
222 ADD_RANGE_MARK(R300_TX_OFFSET_0, 16, MARK_CHECK_OFFSET);
223 ADD_RANGE(R300_TX_CHROMA_KEY_0, 16);
224 ADD_RANGE(R300_TX_BORDER_COLOR_0, 16);
226 /* Sporadic registers used as primitives are emitted */
227 ADD_RANGE(0x4f18, 1);
228 ADD_RANGE(R300_RB3D_DSTCACHE_CTLSTAT, 1);
229 ADD_RANGE(R300_VAP_INPUT_ROUTE_0_0, 8);
230 ADD_RANGE(R300_VAP_INPUT_ROUTE_1_0, 8);
234 static __inline__ int r300_check_range(unsigned reg, int count)
239 for (i = (reg >> 2); i < (reg >> 2) + count; i++)
240 if (r300_reg_flags[i] != MARK_SAFE)
246 * we expect offsets passed to the framebuffer to be either within video
247 * memory or within AGP space
249 static __inline__ int r300_check_offset(drm_radeon_private_t *dev_priv,
252 /* we realy want to check against end of video aperture
253 but this value is not being kept.
254 This code is correct for now (does the same thing as the
255 code that sets MC_FB_LOCATION) in radeon_cp.c */
256 if (offset >= dev_priv->fb_location &&
257 offset < (dev_priv->fb_location + dev_priv->fb_size))
259 if (offset >= dev_priv->gart_vm_start &&
260 offset < (dev_priv->gart_vm_start + dev_priv->gart_size))
265 static __inline__ int r300_emit_carefully_checked_packet0(drm_radeon_private_t *
267 drm_radeon_kcmd_buffer_t
269 drm_r300_cmd_header_t
278 sz = header.packet0.count;
279 reg = (header.packet0.reghi << 8) | header.packet0.reglo;
281 if ((sz > 64) || (sz < 0)) {
283 ("Cannot emit more than 64 values at a time (reg=%04x sz=%d)\n",
285 return DRM_ERR(EINVAL);
287 for (i = 0; i < sz; i++) {
288 values[i] = ((int *)cmdbuf->buf)[i];
289 switch (r300_reg_flags[(reg >> 2) + i]) {
292 case MARK_CHECK_OFFSET:
293 if (r300_check_offset(dev_priv, (u32) values[i])) {
295 ("Offset failed range check (reg=%04x sz=%d)\n",
297 return DRM_ERR(EINVAL);
301 DRM_ERROR("Register %04x failed check as flag=%02x\n",
302 reg + i * 4, r300_reg_flags[(reg >> 2) + i]);
303 return DRM_ERR(EINVAL);
308 OUT_RING(CP_PACKET0(reg, sz - 1));
309 OUT_RING_TABLE(values, sz);
312 cmdbuf->buf += sz * 4;
313 cmdbuf->bufsz -= sz * 4;
319 * Emits a packet0 setting arbitrary registers.
320 * Called by r300_do_cp_cmdbuf.
322 * Note that checks are performed on contents and addresses of the registers
324 static __inline__ int r300_emit_packet0(drm_radeon_private_t *dev_priv,
325 drm_radeon_kcmd_buffer_t *cmdbuf,
326 drm_r300_cmd_header_t header)
332 sz = header.packet0.count;
333 reg = (header.packet0.reghi << 8) | header.packet0.reglo;
338 if (sz * 4 > cmdbuf->bufsz)
339 return DRM_ERR(EINVAL);
341 if (reg + sz * 4 >= 0x10000) {
342 DRM_ERROR("No such registers in hardware reg=%04x sz=%d\n", reg,
344 return DRM_ERR(EINVAL);
347 if (r300_check_range(reg, sz)) {
348 /* go and check everything */
349 return r300_emit_carefully_checked_packet0(dev_priv, cmdbuf,
352 /* the rest of the data is safe to emit, whatever the values the user passed */
355 OUT_RING(CP_PACKET0(reg, sz - 1));
356 OUT_RING_TABLE((int *)cmdbuf->buf, sz);
359 cmdbuf->buf += sz * 4;
360 cmdbuf->bufsz -= sz * 4;
366 * Uploads user-supplied vertex program instructions or parameters onto
368 * Called by r300_do_cp_cmdbuf.
370 static __inline__ int r300_emit_vpu(drm_radeon_private_t *dev_priv,
371 drm_radeon_kcmd_buffer_t *cmdbuf,
372 drm_r300_cmd_header_t header)
378 sz = header.vpu.count;
379 addr = (header.vpu.adrhi << 8) | header.vpu.adrlo;
383 if (sz * 16 > cmdbuf->bufsz)
384 return DRM_ERR(EINVAL);
386 BEGIN_RING(5 + sz * 4);
387 /* Wait for VAP to come to senses.. */
388 /* there is no need to emit it multiple times, (only once before VAP is programmed,
389 but this optimization is for later */
390 OUT_RING_REG(R300_VAP_PVS_WAITIDLE, 0);
391 OUT_RING_REG(R300_VAP_PVS_UPLOAD_ADDRESS, addr);
392 OUT_RING(CP_PACKET0_TABLE(R300_VAP_PVS_UPLOAD_DATA, sz * 4 - 1));
393 OUT_RING_TABLE((int *)cmdbuf->buf, sz * 4);
397 cmdbuf->buf += sz * 16;
398 cmdbuf->bufsz -= sz * 16;
404 * Emit a clear packet from userspace.
405 * Called by r300_emit_packet3.
407 static __inline__ int r300_emit_clear(drm_radeon_private_t *dev_priv,
408 drm_radeon_kcmd_buffer_t *cmdbuf)
412 if (8 * 4 > cmdbuf->bufsz)
413 return DRM_ERR(EINVAL);
416 OUT_RING(CP_PACKET3(R200_3D_DRAW_IMMD_2, 8));
417 OUT_RING(R300_PRIM_TYPE_POINT | R300_PRIM_WALK_RING |
418 (1 << R300_PRIM_NUM_VERTICES_SHIFT));
419 OUT_RING_TABLE((int *)cmdbuf->buf, 8);
422 cmdbuf->buf += 8 * 4;
423 cmdbuf->bufsz -= 8 * 4;
428 static __inline__ int r300_emit_3d_load_vbpntr(drm_radeon_private_t *dev_priv,
429 drm_radeon_kcmd_buffer_t *cmdbuf,
433 #define MAX_ARRAY_PACKET 64
434 u32 payload[MAX_ARRAY_PACKET];
438 count = (header >> 16) & 0x3fff;
440 if ((count + 1) > MAX_ARRAY_PACKET) {
441 DRM_ERROR("Too large payload in 3D_LOAD_VBPNTR (count=%d)\n",
443 return DRM_ERR(EINVAL);
445 memset(payload, 0, MAX_ARRAY_PACKET * 4);
446 memcpy(payload, cmdbuf->buf + 4, (count + 1) * 4);
448 /* carefully check packet contents */
450 narrays = payload[0];
453 while ((k < narrays) && (i < (count + 1))) {
454 i++; /* skip attribute field */
455 if (r300_check_offset(dev_priv, payload[i])) {
457 ("Offset failed range check (k=%d i=%d) while processing 3D_LOAD_VBPNTR packet.\n",
459 return DRM_ERR(EINVAL);
465 /* have one more to process, they come in pairs */
466 if (r300_check_offset(dev_priv, payload[i])) {
468 ("Offset failed range check (k=%d i=%d) while processing 3D_LOAD_VBPNTR packet.\n",
470 return DRM_ERR(EINVAL);
475 /* do the counts match what we expect ? */
476 if ((k != narrays) || (i != (count + 1))) {
478 ("Malformed 3D_LOAD_VBPNTR packet (k=%d i=%d narrays=%d count+1=%d).\n",
479 k, i, narrays, count + 1);
480 return DRM_ERR(EINVAL);
483 /* all clear, output packet */
485 BEGIN_RING(count + 2);
487 OUT_RING_TABLE(payload, count + 1);
490 cmdbuf->buf += (count + 2) * 4;
491 cmdbuf->bufsz -= (count + 2) * 4;
496 static __inline__ int r300_emit_bitblt_multi(drm_radeon_private_t *dev_priv,
497 drm_radeon_kcmd_buffer_t *cmdbuf)
499 u32 *cmd = (u32 *) cmdbuf->buf;
503 count=(cmd[0]>>16) & 0x3fff;
505 if (cmd[0] & 0x8000) {
508 if (cmd[1] & (RADEON_GMC_SRC_PITCH_OFFSET_CNTL
509 | RADEON_GMC_DST_PITCH_OFFSET_CNTL)) {
510 offset = cmd[2] << 10;
511 ret = r300_check_offset(dev_priv, offset);
513 DRM_ERROR("Invalid bitblt first offset is %08X\n", offset);
514 return DRM_ERR(EINVAL);
518 if ((cmd[1] & RADEON_GMC_SRC_PITCH_OFFSET_CNTL) &&
519 (cmd[1] & RADEON_GMC_DST_PITCH_OFFSET_CNTL)) {
520 offset = cmd[3] << 10;
521 ret = r300_check_offset(dev_priv, offset);
523 DRM_ERROR("Invalid bitblt second offset is %08X\n", offset);
524 return DRM_ERR(EINVAL);
532 OUT_RING_TABLE((int *)(cmdbuf->buf + 4), count + 1);
535 cmdbuf->buf += (count+2)*4;
536 cmdbuf->bufsz -= (count+2)*4;
541 static __inline__ int r300_emit_raw_packet3(drm_radeon_private_t *dev_priv,
542 drm_radeon_kcmd_buffer_t *cmdbuf)
548 if (4 > cmdbuf->bufsz)
549 return DRM_ERR(EINVAL);
551 /* Fixme !! This simply emits a packet without much checking.
552 We need to be smarter. */
554 /* obtain first word - actual packet3 header */
555 header = *(u32 *) cmdbuf->buf;
557 /* Is it packet 3 ? */
558 if ((header >> 30) != 0x3) {
559 DRM_ERROR("Not a packet3 header (0x%08x)\n", header);
560 return DRM_ERR(EINVAL);
563 count = (header >> 16) & 0x3fff;
565 /* Check again now that we know how much data to expect */
566 if ((count + 2) * 4 > cmdbuf->bufsz) {
568 ("Expected packet3 of length %d but have only %d bytes left\n",
569 (count + 2) * 4, cmdbuf->bufsz);
570 return DRM_ERR(EINVAL);
573 /* Is it a packet type we know about ? */
574 switch (header & 0xff00) {
575 case RADEON_3D_LOAD_VBPNTR: /* load vertex array pointers */
576 return r300_emit_3d_load_vbpntr(dev_priv, cmdbuf, header);
578 case RADEON_CNTL_BITBLT_MULTI:
579 return r300_emit_bitblt_multi(dev_priv, cmdbuf);
581 case RADEON_CP_3D_DRAW_IMMD_2: /* triggers drawing using in-packet vertex data */
582 case RADEON_CP_3D_DRAW_VBUF_2: /* triggers drawing of vertex buffers setup elsewhere */
583 case RADEON_CP_3D_DRAW_INDX_2: /* triggers drawing using indices to vertex buffer */
584 case RADEON_CP_INDX_BUFFER: /* DRAW_INDX_2 without INDX_BUFFER seems to lock up the gpu */
585 case RADEON_WAIT_FOR_IDLE:
587 /* these packets are safe */
590 DRM_ERROR("Unknown packet3 header (0x%08x)\n", header);
591 return DRM_ERR(EINVAL);
594 BEGIN_RING(count + 2);
596 OUT_RING_TABLE((int *)(cmdbuf->buf + 4), count + 1);
599 cmdbuf->buf += (count + 2) * 4;
600 cmdbuf->bufsz -= (count + 2) * 4;
606 * Emit a rendering packet3 from userspace.
607 * Called by r300_do_cp_cmdbuf.
609 static __inline__ int r300_emit_packet3(drm_radeon_private_t *dev_priv,
610 drm_radeon_kcmd_buffer_t *cmdbuf,
611 drm_r300_cmd_header_t header)
615 char *orig_buf = cmdbuf->buf;
616 int orig_bufsz = cmdbuf->bufsz;
618 /* This is a do-while-loop so that we run the interior at least once,
619 * even if cmdbuf->nbox is 0. Compare r300_emit_cliprects for rationale.
623 if (cmdbuf->nbox > R300_SIMULTANEOUS_CLIPRECTS) {
624 ret = r300_emit_cliprects(dev_priv, cmdbuf, n);
628 cmdbuf->buf = orig_buf;
629 cmdbuf->bufsz = orig_bufsz;
632 switch (header.packet3.packet) {
633 case R300_CMD_PACKET3_CLEAR:
634 DRM_DEBUG("R300_CMD_PACKET3_CLEAR\n");
635 ret = r300_emit_clear(dev_priv, cmdbuf);
637 DRM_ERROR("r300_emit_clear failed\n");
642 case R300_CMD_PACKET3_RAW:
643 DRM_DEBUG("R300_CMD_PACKET3_RAW\n");
644 ret = r300_emit_raw_packet3(dev_priv, cmdbuf);
646 DRM_ERROR("r300_emit_raw_packet3 failed\n");
652 DRM_ERROR("bad packet3 type %i at %p\n",
653 header.packet3.packet,
654 cmdbuf->buf - sizeof(header));
655 return DRM_ERR(EINVAL);
658 n += R300_SIMULTANEOUS_CLIPRECTS;
659 } while (n < cmdbuf->nbox);
664 /* Some of the R300 chips seem to be extremely touchy about the two registers
665 * that are configured in r300_pacify.
666 * Among the worst offenders seems to be the R300 ND (0x4E44): When userspace
667 * sends a command buffer that contains only state setting commands and a
668 * vertex program/parameter upload sequence, this will eventually lead to a
669 * lockup, unless the sequence is bracketed by calls to r300_pacify.
670 * So we should take great care to *always* call r300_pacify before
671 * *anything* 3D related, and again afterwards. This is what the
672 * call bracket in r300_do_cp_cmdbuf is for.
676 * Emit the sequence to pacify R300.
678 static __inline__ void r300_pacify(drm_radeon_private_t *dev_priv)
683 OUT_RING(CP_PACKET0(R300_RB3D_DSTCACHE_CTLSTAT, 0));
685 OUT_RING(CP_PACKET0(0x4f18, 0));
687 OUT_RING(CP_PACKET3(RADEON_CP_NOP, 0));
693 * Called by r300_do_cp_cmdbuf to update the internal buffer age and state.
694 * The actual age emit is done by r300_do_cp_cmdbuf, which is why you must
695 * be careful about how this function is called.
697 static void r300_discard_buffer(drm_device_t * dev, drm_buf_t * buf)
699 drm_radeon_private_t *dev_priv = dev->dev_private;
700 drm_radeon_buf_priv_t *buf_priv = buf->dev_private;
702 buf_priv->age = ++dev_priv->sarea_priv->last_dispatch;
707 static int r300_scratch(drm_radeon_private_t *dev_priv,
708 drm_radeon_kcmd_buffer_t *cmdbuf,
709 drm_r300_cmd_header_t header)
712 u32 i, buf_idx, h_pending;
716 (sizeof(u64) + header.scratch.n_bufs * sizeof(buf_idx))) {
717 return DRM_ERR(EINVAL);
720 if (header.scratch.reg >= 5) {
721 return DRM_ERR(EINVAL);
724 dev_priv->scratch_ages[header.scratch.reg]++;
726 ref_age_base = (u32 *)(unsigned long)*((uint64_t *)cmdbuf->buf);
728 cmdbuf->buf += sizeof(u64);
729 cmdbuf->bufsz -= sizeof(u64);
731 for (i=0; i < header.scratch.n_bufs; i++) {
732 buf_idx = *(u32 *)cmdbuf->buf;
733 buf_idx *= 2; /* 8 bytes per buf */
735 if (DRM_COPY_TO_USER(ref_age_base + buf_idx, &dev_priv->scratch_ages[header.scratch.reg], sizeof(u32))) {
736 return DRM_ERR(EINVAL);
739 if (DRM_COPY_FROM_USER(&h_pending, ref_age_base + buf_idx + 1, sizeof(u32))) {
740 return DRM_ERR(EINVAL);
743 if (h_pending == 0) {
744 return DRM_ERR(EINVAL);
749 if (DRM_COPY_TO_USER(ref_age_base + buf_idx + 1, &h_pending, sizeof(u32))) {
750 return DRM_ERR(EINVAL);
753 cmdbuf->buf += sizeof(buf_idx);
754 cmdbuf->bufsz -= sizeof(buf_idx);
758 OUT_RING(CP_PACKET0(RADEON_SCRATCH_REG0 + header.scratch.reg * 4, 0));
759 OUT_RING(dev_priv->scratch_ages[header.scratch.reg]);
766 * Parses and validates a user-supplied command buffer and emits appropriate
767 * commands on the DMA ring buffer.
768 * Called by the ioctl handler function radeon_cp_cmdbuf.
770 int r300_do_cp_cmdbuf(drm_device_t *dev,
772 drm_file_t *filp_priv,
773 drm_radeon_kcmd_buffer_t *cmdbuf)
775 drm_radeon_private_t *dev_priv = dev->dev_private;
776 drm_device_dma_t *dma = dev->dma;
777 drm_buf_t *buf = NULL;
778 int emit_dispatch_age = 0;
783 /* See the comment above r300_emit_begin3d for why this call must be here,
784 * and what the cleanup gotos are for. */
785 r300_pacify(dev_priv);
787 if (cmdbuf->nbox <= R300_SIMULTANEOUS_CLIPRECTS) {
788 ret = r300_emit_cliprects(dev_priv, cmdbuf, 0);
793 while (cmdbuf->bufsz >= sizeof(drm_r300_cmd_header_t)) {
795 drm_r300_cmd_header_t header;
797 header.u = *(unsigned int *)cmdbuf->buf;
799 cmdbuf->buf += sizeof(header);
800 cmdbuf->bufsz -= sizeof(header);
802 switch (header.header.cmd_type) {
803 case R300_CMD_PACKET0:
804 DRM_DEBUG("R300_CMD_PACKET0\n");
805 ret = r300_emit_packet0(dev_priv, cmdbuf, header);
807 DRM_ERROR("r300_emit_packet0 failed\n");
813 DRM_DEBUG("R300_CMD_VPU\n");
814 ret = r300_emit_vpu(dev_priv, cmdbuf, header);
816 DRM_ERROR("r300_emit_vpu failed\n");
821 case R300_CMD_PACKET3:
822 DRM_DEBUG("R300_CMD_PACKET3\n");
823 ret = r300_emit_packet3(dev_priv, cmdbuf, header);
825 DRM_ERROR("r300_emit_packet3 failed\n");
831 DRM_DEBUG("R300_CMD_END3D\n");
833 Ideally userspace driver should not need to issue this call,
834 i.e. the drm driver should issue it automatically and prevent
837 In practice, we do not understand why this call is needed and what
838 it does (except for some vague guesses that it has to do with cache
839 coherence) and so the user space driver does it.
841 Once we are sure which uses prevent lockups the code could be moved
842 into the kernel and the userspace driver will not
843 need to use this command.
845 Note that issuing this command does not hurt anything
846 except, possibly, performance */
847 r300_pacify(dev_priv);
850 case R300_CMD_CP_DELAY:
851 /* simple enough, we can do it here */
852 DRM_DEBUG("R300_CMD_CP_DELAY\n");
857 BEGIN_RING(header.delay.count);
858 for (i = 0; i < header.delay.count; i++)
859 OUT_RING(RADEON_CP_PACKET2);
864 case R300_CMD_DMA_DISCARD:
865 DRM_DEBUG("RADEON_CMD_DMA_DISCARD\n");
866 idx = header.dma.buf_idx;
867 if (idx < 0 || idx >= dma->buf_count) {
868 DRM_ERROR("buffer index %d (of %d max)\n",
869 idx, dma->buf_count - 1);
870 ret = DRM_ERR(EINVAL);
874 buf = dma->buflist[idx];
875 if (buf->filp != filp || buf->pending) {
876 DRM_ERROR("bad buffer %p %p %d\n",
877 buf->filp, filp, buf->pending);
878 ret = DRM_ERR(EINVAL);
882 emit_dispatch_age = 1;
883 r300_discard_buffer(dev, buf);
887 /* simple enough, we can do it here */
888 DRM_DEBUG("R300_CMD_WAIT\n");
889 if (header.wait.flags == 0)
890 break; /* nothing to do */
896 OUT_RING(CP_PACKET0(RADEON_WAIT_UNTIL, 0));
897 OUT_RING((header.wait.flags & 0xf) << 14);
902 case R300_CMD_SCRATCH:
903 DRM_DEBUG("R300_CMD_SCRATCH\n");
904 ret = r300_scratch(dev_priv, cmdbuf, header);
906 DRM_ERROR("r300_scratch failed\n");
912 DRM_ERROR("bad cmd_type %i at %p\n",
913 header.header.cmd_type,
914 cmdbuf->buf - sizeof(header));
915 ret = DRM_ERR(EINVAL);
923 r300_pacify(dev_priv);
925 /* We emit the vertex buffer age here, outside the pacifier "brackets"
927 * (1) This may coalesce multiple age emissions into a single one and
928 * (2) more importantly, some chips lock up hard when scratch registers
929 * are written inside the pacifier bracket.
931 if (emit_dispatch_age) {
934 /* Emit the vertex buffer age */
936 RADEON_DISPATCH_AGE(dev_priv->sarea_priv->last_dispatch);
git.openpandora.org / pandora-kernel.git / blob