projects / mesa.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
anv/allocator: Allow state pools to allocate large states
[mesa.git] / src / intel / vulkan / anv_allocator.c
1 /*
2 * Copyright © 2015 Intel Corporation
3 *
4 * Permission is hereby granted, free of charge, to any person obtaining a
5 * copy of this software and associated documentation files (the "Software"),
6 * to deal in the Software without restriction, including without limitation
7 * the rights to use, copy, modify, merge, publish, distribute, sublicense,
8 * and/or sell copies of the Software, and to permit persons to whom the
9 * Software is furnished to do so, subject to the following conditions:
10 *
11 * The above copyright notice and this permission notice (including the next
12 * paragraph) shall be included in all copies or substantial portions of the
13 * Software.
14 *
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
18 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
20 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
21 * IN THE SOFTWARE.
22 */
23
24 #include <stdint.h>
25 #include <stdlib.h>
26 #include <unistd.h>
27 #include <limits.h>
28 #include <assert.h>
29 #include <linux/futex.h>
30 #include <linux/memfd.h>
31 #include <sys/time.h>
32 #include <sys/mman.h>
33 #include <sys/syscall.h>
34
35 #include "anv_private.h"
36
37 #include "util/hash_table.h"
38
39 #ifdef HAVE_VALGRIND
40 #define VG_NOACCESS_READ(__ptr) ({ \
41 VALGRIND_MAKE_MEM_DEFINED((__ptr), sizeof(*(__ptr))); \
42 __typeof(*(__ptr)) __val = *(__ptr); \
43 VALGRIND_MAKE_MEM_NOACCESS((__ptr), sizeof(*(__ptr)));\
44 __val; \
45 })
46 #define VG_NOACCESS_WRITE(__ptr, __val) ({ \
47 VALGRIND_MAKE_MEM_UNDEFINED((__ptr), sizeof(*(__ptr))); \
48 *(__ptr) = (__val); \
49 VALGRIND_MAKE_MEM_NOACCESS((__ptr), sizeof(*(__ptr))); \
50 })
51 #else
52 #define VG_NOACCESS_READ(__ptr) (*(__ptr))
53 #define VG_NOACCESS_WRITE(__ptr, __val) (*(__ptr) = (__val))
54 #endif
55
56 /* Design goals:
57 *
58 * - Lock free (except when resizing underlying bos)
59 *
60 * - Constant time allocation with typically only one atomic
61 *
62 * - Multiple allocation sizes without fragmentation
63 *
64 * - Can grow while keeping addresses and offset of contents stable
65 *
66 * - All allocations within one bo so we can point one of the
67 * STATE_BASE_ADDRESS pointers at it.
68 *
69 * The overall design is a two-level allocator: top level is a fixed size, big
70 * block (8k) allocator, which operates out of a bo. Allocation is done by
71 * either pulling a block from the free list or growing the used range of the
72 * bo. Growing the range may run out of space in the bo which we then need to
73 * grow. Growing the bo is tricky in a multi-threaded, lockless environment:
74 * we need to keep all pointers and contents in the old map valid. GEM bos in
75 * general can't grow, but we use a trick: we create a memfd and use ftruncate
76 * to grow it as necessary. We mmap the new size and then create a gem bo for
77 * it using the new gem userptr ioctl. Without heavy-handed locking around
78 * our allocation fast-path, there isn't really a way to munmap the old mmap,
79 * so we just keep it around until garbage collection time. While the block
80 * allocator is lockless for normal operations, we block other threads trying
81 * to allocate while we're growing the map. It sholdn't happen often, and
82 * growing is fast anyway.
83 *
84 * At the next level we can use various sub-allocators. The state pool is a
85 * pool of smaller, fixed size objects, which operates much like the block
86 * pool. It uses a free list for freeing objects, but when it runs out of
87 * space it just allocates a new block from the block pool. This allocator is
88 * intended for longer lived state objects such as SURFACE_STATE and most
89 * other persistent state objects in the API. We may need to track more info
90 * with these object and a pointer back to the CPU object (eg VkImage). In
91 * those cases we just allocate a slightly bigger object and put the extra
92 * state after the GPU state object.
93 *
94 * The state stream allocator works similar to how the i965 DRI driver streams
95 * all its state. Even with Vulkan, we need to emit transient state (whether
96 * surface state base or dynamic state base), and for that we can just get a
97 * block and fill it up. These cases are local to a command buffer and the
98 * sub-allocator need not be thread safe. The streaming allocator gets a new
99 * block when it runs out of space and chains them together so they can be
100 * easily freed.
101 */
102
103 /* Allocations are always at least 64 byte aligned, so 1 is an invalid value.
104 * We use it to indicate the free list is empty. */
105 #define EMPTY 1
106
107 struct anv_mmap_cleanup {
108 void *map;
109 size_t size;
110 uint32_t gem_handle;
111 };
112
113 #define ANV_MMAP_CLEANUP_INIT ((struct anv_mmap_cleanup){0})
114
115 static inline long
116 sys_futex(void *addr1, int op, int val1,
117 struct timespec *timeout, void *addr2, int val3)
118 {
119 return syscall(SYS_futex, addr1, op, val1, timeout, addr2, val3);
120 }
121
122 static inline int
123 futex_wake(uint32_t *addr, int count)
124 {
125 return sys_futex(addr, FUTEX_WAKE, count, NULL, NULL, 0);
126 }
127
128 static inline int
129 futex_wait(uint32_t *addr, int32_t value)
130 {
131 return sys_futex(addr, FUTEX_WAIT, value, NULL, NULL, 0);
132 }
133
134 static inline int
135 memfd_create(const char *name, unsigned int flags)
136 {
137 return syscall(SYS_memfd_create, name, flags);
138 }
139
140 static inline uint32_t
141 ilog2_round_up(uint32_t value)
142 {
143 assert(value != 0);
144 return 32 - __builtin_clz(value - 1);
145 }
146
147 static inline uint32_t
148 round_to_power_of_two(uint32_t value)
149 {
150 return 1 << ilog2_round_up(value);
151 }
152
153 static bool
154 anv_free_list_pop(union anv_free_list *list, void **map, int32_t *offset)
155 {
156 union anv_free_list current, new, old;
157
158 current.u64 = list->u64;
159 while (current.offset != EMPTY) {
160 /* We have to add a memory barrier here so that the list head (and
161 * offset) gets read before we read the map pointer. This way we
162 * know that the map pointer is valid for the given offset at the
163 * point where we read it.
164 */
165 __sync_synchronize();
166
167 int32_t *next_ptr = *map + current.offset;
168 new.offset = VG_NOACCESS_READ(next_ptr);
169 new.count = current.count + 1;
170 old.u64 = __sync_val_compare_and_swap(&list->u64, current.u64, new.u64);
171 if (old.u64 == current.u64) {
172 *offset = current.offset;
173 return true;
174 }
175 current = old;
176 }
177
178 return false;
179 }
180
181 static void
182 anv_free_list_push(union anv_free_list *list, void *map, int32_t offset,
183 uint32_t size, uint32_t count)
184 {
185 union anv_free_list current, old, new;
186 int32_t *next_ptr = map + offset;
187
188 /* If we're returning more than one chunk, we need to build a chain to add
189 * to the list. Fortunately, we can do this without any atomics since we
190 * own everything in the chain right now. `offset` is left pointing to the
191 * head of our chain list while `next_ptr` points to the tail.
192 */
193 for (uint32_t i = 1; i < count; i++) {
194 VG_NOACCESS_WRITE(next_ptr, offset + i * size);
195 next_ptr = map + offset + i * size;
196 }
197
198 old = *list;
199 do {
200 current = old;
201 VG_NOACCESS_WRITE(next_ptr, current.offset);
202 new.offset = offset;
203 new.count = current.count + 1;
204 old.u64 = __sync_val_compare_and_swap(&list->u64, current.u64, new.u64);
205 } while (old.u64 != current.u64);
206 }
207
208 /* All pointers in the ptr_free_list are assumed to be page-aligned. This
209 * means that the bottom 12 bits should all be zero.
210 */
211 #define PFL_COUNT(x) ((uintptr_t)(x) & 0xfff)
212 #define PFL_PTR(x) ((void *)((uintptr_t)(x) & ~(uintptr_t)0xfff))
213 #define PFL_PACK(ptr, count) ({ \
214 (void *)(((uintptr_t)(ptr) & ~(uintptr_t)0xfff) | ((count) & 0xfff)); \
215 })
216
217 static bool
218 anv_ptr_free_list_pop(void **list, void **elem)
219 {
220 void *current = *list;
221 while (PFL_PTR(current) != NULL) {
222 void **next_ptr = PFL_PTR(current);
223 void *new_ptr = VG_NOACCESS_READ(next_ptr);
224 unsigned new_count = PFL_COUNT(current) + 1;
225 void *new = PFL_PACK(new_ptr, new_count);
226 void *old = __sync_val_compare_and_swap(list, current, new);
227 if (old == current) {
228 *elem = PFL_PTR(current);
229 return true;
230 }
231 current = old;
232 }
233
234 return false;
235 }
236
237 static void
238 anv_ptr_free_list_push(void **list, void *elem)
239 {
240 void *old, *current;
241 void **next_ptr = elem;
242
243 /* The pointer-based free list requires that the pointer be
244 * page-aligned. This is because we use the bottom 12 bits of the
245 * pointer to store a counter to solve the ABA concurrency problem.
246 */
247 assert(((uintptr_t)elem & 0xfff) == 0);
248
249 old = *list;
250 do {
251 current = old;
252 VG_NOACCESS_WRITE(next_ptr, PFL_PTR(current));
253 unsigned new_count = PFL_COUNT(current) + 1;
254 void *new = PFL_PACK(elem, new_count);
255 old = __sync_val_compare_and_swap(list, current, new);
256 } while (old != current);
257 }
258
259 static VkResult
260 anv_block_pool_expand_range(struct anv_block_pool *pool,
261 uint32_t center_bo_offset, uint32_t size);
262
263 VkResult
264 anv_block_pool_init(struct anv_block_pool *pool,
265 struct anv_device *device,
266 uint32_t initial_size)
267 {
268 VkResult result;
269
270 pool->device = device;
271 anv_bo_init(&pool->bo, 0, 0);
272
273 pool->fd = memfd_create("block pool", MFD_CLOEXEC);
274 if (pool->fd == -1)
275 return vk_error(VK_ERROR_INITIALIZATION_FAILED);
276
277 /* Just make it 2GB up-front. The Linux kernel won't actually back it
278 * with pages until we either map and fault on one of them or we use
279 * userptr and send a chunk of it off to the GPU.
280 */
281 if (ftruncate(pool->fd, BLOCK_POOL_MEMFD_SIZE) == -1) {
282 result = vk_error(VK_ERROR_INITIALIZATION_FAILED);
283 goto fail_fd;
284 }
285
286 if (!u_vector_init(&pool->mmap_cleanups,
287 round_to_power_of_two(sizeof(struct anv_mmap_cleanup)),
288 128)) {
289 result = vk_error(VK_ERROR_INITIALIZATION_FAILED);
290 goto fail_fd;
291 }
292
293 pool->state.next = 0;
294 pool->state.end = 0;
295 pool->back_state.next = 0;
296 pool->back_state.end = 0;
297
298 result = anv_block_pool_expand_range(pool, 0, initial_size);
299 if (result != VK_SUCCESS)
300 goto fail_mmap_cleanups;
301
302 return VK_SUCCESS;
303
304 fail_mmap_cleanups:
305 u_vector_finish(&pool->mmap_cleanups);
306 fail_fd:
307 close(pool->fd);
308
309 return result;
310 }
311
312 void
313 anv_block_pool_finish(struct anv_block_pool *pool)
314 {
315 struct anv_mmap_cleanup *cleanup;
316
317 u_vector_foreach(cleanup, &pool->mmap_cleanups) {
318 if (cleanup->map)
319 munmap(cleanup->map, cleanup->size);
320 if (cleanup->gem_handle)
321 anv_gem_close(pool->device, cleanup->gem_handle);
322 }
323
324 u_vector_finish(&pool->mmap_cleanups);
325
326 close(pool->fd);
327 }
328
329 #define PAGE_SIZE 4096
330
331 static VkResult
332 anv_block_pool_expand_range(struct anv_block_pool *pool,
333 uint32_t center_bo_offset, uint32_t size)
334 {
335 void *map;
336 uint32_t gem_handle;
337 struct anv_mmap_cleanup *cleanup;
338
339 /* Assert that we only ever grow the pool */
340 assert(center_bo_offset >= pool->back_state.end);
341 assert(size - center_bo_offset >= pool->state.end);
342
343 cleanup = u_vector_add(&pool->mmap_cleanups);
344 if (!cleanup)
345 return vk_error(VK_ERROR_OUT_OF_HOST_MEMORY);
346
347 *cleanup = ANV_MMAP_CLEANUP_INIT;
348
349 /* Just leak the old map until we destroy the pool. We can't munmap it
350 * without races or imposing locking on the block allocate fast path. On
351 * the whole the leaked maps adds up to less than the size of the
352 * current map. MAP_POPULATE seems like the right thing to do, but we
353 * should try to get some numbers.
354 */
355 map = mmap(NULL, size, PROT_READ | PROT_WRITE,
356 MAP_SHARED | MAP_POPULATE, pool->fd,
357 BLOCK_POOL_MEMFD_CENTER - center_bo_offset);
358 if (map == MAP_FAILED)
359 return vk_errorf(VK_ERROR_MEMORY_MAP_FAILED, "mmap failed: %m");
360
361 gem_handle = anv_gem_userptr(pool->device, map, size);
362 if (gem_handle == 0) {
363 munmap(map, size);
364 return vk_errorf(VK_ERROR_TOO_MANY_OBJECTS, "userptr failed: %m");
365 }
366
367 cleanup->map = map;
368 cleanup->size = size;
369 cleanup->gem_handle = gem_handle;
370
371 #if 0
372 /* Regular objects are created I915_CACHING_CACHED on LLC platforms and
373 * I915_CACHING_NONE on non-LLC platforms. However, userptr objects are
374 * always created as I915_CACHING_CACHED, which on non-LLC means
375 * snooped. That can be useful but comes with a bit of overheard. Since
376 * we're eplicitly clflushing and don't want the overhead we need to turn
377 * it off. */
378 if (!pool->device->info.has_llc) {
379 anv_gem_set_caching(pool->device, gem_handle, I915_CACHING_NONE);
380 anv_gem_set_domain(pool->device, gem_handle,
381 I915_GEM_DOMAIN_GTT, I915_GEM_DOMAIN_GTT);
382 }
383 #endif
384
385 /* Now that we successfull allocated everything, we can write the new
386 * values back into pool. */
387 pool->map = map + center_bo_offset;
388 pool->center_bo_offset = center_bo_offset;
389
390 /* For block pool BOs we have to be a bit careful about where we place them
391 * in the GTT. There are two documented workarounds for state base address
392 * placement : Wa32bitGeneralStateOffset and Wa32bitInstructionBaseOffset
393 * which state that those two base addresses do not support 48-bit
394 * addresses and need to be placed in the bottom 32-bit range.
395 * Unfortunately, this is not quite accurate.
396 *
397 * The real problem is that we always set the size of our state pools in
398 * STATE_BASE_ADDRESS to 0xfffff (the maximum) even though the BO is most
399 * likely significantly smaller. We do this because we do not no at the
400 * time we emit STATE_BASE_ADDRESS whether or not we will need to expand
401 * the pool during command buffer building so we don't actually have a
402 * valid final size. If the address + size, as seen by STATE_BASE_ADDRESS
403 * overflows 48 bits, the GPU appears to treat all accesses to the buffer
404 * as being out of bounds and returns zero. For dynamic state, this
405 * usually just leads to rendering corruptions, but shaders that are all
406 * zero hang the GPU immediately.
407 *
408 * The easiest solution to do is exactly what the bogus workarounds say to
409 * do: restrict these buffers to 32-bit addresses. We could also pin the
410 * BO to some particular location of our choosing, but that's significantly
411 * more work than just not setting a flag. So, we explicitly DO NOT set
412 * the EXEC_OBJECT_SUPPORTS_48B_ADDRESS flag and the kernel does all of the
413 * hard work for us.
414 */
415 anv_bo_init(&pool->bo, gem_handle, size);
416 pool->bo.map = map;
417
418 return VK_SUCCESS;
419 }
420
421 /** Grows and re-centers the block pool.
422 *
423 * We grow the block pool in one or both directions in such a way that the
424 * following conditions are met:
425 *
426 * 1) The size of the entire pool is always a power of two.
427 *
428 * 2) The pool only grows on both ends. Neither end can get
429 * shortened.
430 *
431 * 3) At the end of the allocation, we have about twice as much space
432 * allocated for each end as we have used. This way the pool doesn't
433 * grow too far in one direction or the other.
434 *
435 * 4) If the _alloc_back() has never been called, then the back portion of
436 * the pool retains a size of zero. (This makes it easier for users of
437 * the block pool that only want a one-sided pool.)
438 *
439 * 5) We have enough space allocated for at least one more block in
440 * whichever side `state` points to.
441 *
442 * 6) The center of the pool is always aligned to both the block_size of
443 * the pool and a 4K CPU page.
444 */
445 static uint32_t
446 anv_block_pool_grow(struct anv_block_pool *pool, struct anv_block_state *state)
447 {
448 VkResult result = VK_SUCCESS;
449
450 pthread_mutex_lock(&pool->device->mutex);
451
452 assert(state == &pool->state || state == &pool->back_state);
453
454 /* Gather a little usage information on the pool. Since we may have
455 * threadsd waiting in queue to get some storage while we resize, it's
456 * actually possible that total_used will be larger than old_size. In
457 * particular, block_pool_alloc() increments state->next prior to
458 * calling block_pool_grow, so this ensures that we get enough space for
459 * which ever side tries to grow the pool.
460 *
461 * We align to a page size because it makes it easier to do our
462 * calculations later in such a way that we state page-aigned.
463 */
464 uint32_t back_used = align_u32(pool->back_state.next, PAGE_SIZE);
465 uint32_t front_used = align_u32(pool->state.next, PAGE_SIZE);
466 uint32_t total_used = front_used + back_used;
467
468 assert(state == &pool->state || back_used > 0);
469
470 uint32_t old_size = pool->bo.size;
471
472 /* The block pool is always initialized to a nonzero size and this function
473 * is always called after initialization.
474 */
475 assert(old_size > 0);
476
477 /* The back_used and front_used may actually be smaller than the actual
478 * requirement because they are based on the next pointers which are
479 * updated prior to calling this function.
480 */
481 uint32_t back_required = MAX2(back_used, pool->center_bo_offset);
482 uint32_t front_required = MAX2(front_used, old_size - pool->center_bo_offset);
483
484 if (back_used * 2 <= back_required && front_used * 2 <= front_required) {
485 /* If we're in this case then this isn't the firsta allocation and we
486 * already have enough space on both sides to hold double what we
487 * have allocated. There's nothing for us to do.
488 */
489 goto done;
490 }
491
492 uint32_t size = old_size * 2;
493 while (size < back_required + front_required)
494 size *= 2;
495
496 assert(size > pool->bo.size);
497
498 /* We can't have a block pool bigger than 1GB because we use signed
499 * 32-bit offsets in the free list and we don't want overflow. We
500 * should never need a block pool bigger than 1GB anyway.
501 */
502 assert(size <= (1u << 31));
503
504 /* We compute a new center_bo_offset such that, when we double the size
505 * of the pool, we maintain the ratio of how much is used by each side.
506 * This way things should remain more-or-less balanced.
507 */
508 uint32_t center_bo_offset;
509 if (back_used == 0) {
510 /* If we're in this case then we have never called alloc_back(). In
511 * this case, we want keep the offset at 0 to make things as simple
512 * as possible for users that don't care about back allocations.
513 */
514 center_bo_offset = 0;
515 } else {
516 /* Try to "center" the allocation based on how much is currently in
517 * use on each side of the center line.
518 */
519 center_bo_offset = ((uint64_t)size * back_used) / total_used;
520
521 /* Align down to a multiple of the page size */
522 center_bo_offset &= ~(PAGE_SIZE - 1);
523
524 assert(center_bo_offset >= back_used);
525
526 /* Make sure we don't shrink the back end of the pool */
527 if (center_bo_offset < pool->back_state.end)
528 center_bo_offset = pool->back_state.end;
529
530 /* Make sure that we don't shrink the front end of the pool */
531 if (size - center_bo_offset < pool->state.end)
532 center_bo_offset = size - pool->state.end;
533 }
534
535 assert(center_bo_offset % PAGE_SIZE == 0);
536
537 result = anv_block_pool_expand_range(pool, center_bo_offset, size);
538
539 if (pool->device->instance->physicalDevice.has_exec_async)
540 pool->bo.flags |= EXEC_OBJECT_ASYNC;
541
542 done:
543 pthread_mutex_unlock(&pool->device->mutex);
544
545 if (result == VK_SUCCESS) {
546 /* Return the appropriate new size. This function never actually
547 * updates state->next. Instead, we let the caller do that because it
548 * needs to do so in order to maintain its concurrency model.
549 */
550 if (state == &pool->state) {
551 return pool->bo.size - pool->center_bo_offset;
552 } else {
553 assert(pool->center_bo_offset > 0);
554 return pool->center_bo_offset;
555 }
556 } else {
557 return 0;
558 }
559 }
560
561 static uint32_t
562 anv_block_pool_alloc_new(struct anv_block_pool *pool,
563 struct anv_block_state *pool_state,
564 uint32_t block_size)
565 {
566 struct anv_block_state state, old, new;
567
568 while (1) {
569 state.u64 = __sync_fetch_and_add(&pool_state->u64, block_size);
570 if (state.next + block_size <= state.end) {
571 assert(pool->map);
572 return state.next;
573 } else if (state.next <= state.end) {
574 /* We allocated the first block outside the pool so we have to grow
575 * the pool. pool_state->next acts a mutex: threads who try to
576 * allocate now will get block indexes above the current limit and
577 * hit futex_wait below.
578 */
579 new.next = state.next + block_size;
580 do {
581 new.end = anv_block_pool_grow(pool, pool_state);
582 } while (new.end < new.next);
583
584 old.u64 = __sync_lock_test_and_set(&pool_state->u64, new.u64);
585 if (old.next != state.next)
586 futex_wake(&pool_state->end, INT_MAX);
587 return state.next;
588 } else {
589 futex_wait(&pool_state->end, state.end);
590 continue;
591 }
592 }
593 }
594
595 int32_t
596 anv_block_pool_alloc(struct anv_block_pool *pool,
597 uint32_t block_size)
598 {
599 return anv_block_pool_alloc_new(pool, &pool->state, block_size);
600 }
601
602 /* Allocates a block out of the back of the block pool.
603 *
604 * This will allocated a block earlier than the "start" of the block pool.
605 * The offsets returned from this function will be negative but will still
606 * be correct relative to the block pool's map pointer.
607 *
608 * If you ever use anv_block_pool_alloc_back, then you will have to do
609 * gymnastics with the block pool's BO when doing relocations.
610 */
611 int32_t
612 anv_block_pool_alloc_back(struct anv_block_pool *pool,
613 uint32_t block_size)
614 {
615 int32_t offset = anv_block_pool_alloc_new(pool, &pool->back_state,
616 block_size);
617
618 /* The offset we get out of anv_block_pool_alloc_new() is actually the
619 * number of bytes downwards from the middle to the end of the block.
620 * We need to turn it into a (negative) offset from the middle to the
621 * start of the block.
622 */
623 assert(offset >= 0);
624 return -(offset + block_size);
625 }
626
627 VkResult
628 anv_state_pool_init(struct anv_state_pool *pool,
629 struct anv_device *device,
630 uint32_t block_size)
631 {
632 VkResult result = anv_block_pool_init(&pool->block_pool, device,
633 block_size * 16);
634 if (result != VK_SUCCESS)
635 return result;
636
637 assert(util_is_power_of_two(block_size));
638 pool->block_size = block_size;
639 pool->back_alloc_free_list = ANV_FREE_LIST_EMPTY;
640 for (unsigned i = 0; i < ANV_STATE_BUCKETS; i++) {
641 pool->buckets[i].free_list = ANV_FREE_LIST_EMPTY;
642 pool->buckets[i].block.next = 0;
643 pool->buckets[i].block.end = 0;
644 }
645 VG(VALGRIND_CREATE_MEMPOOL(pool, 0, false));
646
647 return VK_SUCCESS;
648 }
649
650 void
651 anv_state_pool_finish(struct anv_state_pool *pool)
652 {
653 VG(VALGRIND_DESTROY_MEMPOOL(pool));
654 anv_block_pool_finish(&pool->block_pool);
655 }
656
657 static uint32_t
658 anv_fixed_size_state_pool_alloc_new(struct anv_fixed_size_state_pool *pool,
659 struct anv_block_pool *block_pool,
660 uint32_t state_size,
661 uint32_t block_size)
662 {
663 struct anv_block_state block, old, new;
664 uint32_t offset;
665
666 /* If our state is large, we don't need any sub-allocation from a block.
667 * Instead, we just grab whole (potentially large) blocks.
668 */
669 if (state_size >= block_size)
670 return anv_block_pool_alloc(block_pool, state_size);
671
672 restart:
673 block.u64 = __sync_fetch_and_add(&pool->block.u64, state_size);
674
675 if (block.next < block.end) {
676 return block.next;
677 } else if (block.next == block.end) {
678 offset = anv_block_pool_alloc(block_pool, block_size);
679 new.next = offset + state_size;
680 new.end = offset + block_size;
681 old.u64 = __sync_lock_test_and_set(&pool->block.u64, new.u64);
682 if (old.next != block.next)
683 futex_wake(&pool->block.end, INT_MAX);
684 return offset;
685 } else {
686 futex_wait(&pool->block.end, block.end);
687 goto restart;
688 }
689 }
690
691 static uint32_t
692 anv_state_pool_get_bucket(uint32_t size)
693 {
694 unsigned size_log2 = ilog2_round_up(size);
695 assert(size_log2 <= ANV_MAX_STATE_SIZE_LOG2);
696 if (size_log2 < ANV_MIN_STATE_SIZE_LOG2)
697 size_log2 = ANV_MIN_STATE_SIZE_LOG2;
698 return size_log2 - ANV_MIN_STATE_SIZE_LOG2;
699 }
700
701 static uint32_t
702 anv_state_pool_get_bucket_size(uint32_t bucket)
703 {
704 uint32_t size_log2 = bucket + ANV_MIN_STATE_SIZE_LOG2;
705 return 1 << size_log2;
706 }
707
708 static struct anv_state
709 anv_state_pool_alloc_no_vg(struct anv_state_pool *pool,
710 uint32_t size, uint32_t align)
711 {
712 uint32_t bucket = anv_state_pool_get_bucket(MAX2(size, align));
713
714 struct anv_state state;
715 state.alloc_size = anv_state_pool_get_bucket_size(bucket);
716
717 /* Try free list first. */
718 if (anv_free_list_pop(&pool->buckets[bucket].free_list,
719 &pool->block_pool.map, &state.offset)) {
720 assert(state.offset >= 0);
721 goto done;
722 }
723
724 /* Try to grab a chunk from some larger bucket and split it up */
725 for (unsigned b = bucket + 1; b < ANV_STATE_BUCKETS; b++) {
726 int32_t chunk_offset;
727 if (anv_free_list_pop(&pool->buckets[b].free_list,
728 &pool->block_pool.map, &chunk_offset)) {
729 unsigned chunk_size = anv_state_pool_get_bucket_size(b);
730
731 /* We've found a chunk that's larger than the requested state size.
732 * There are a couple of options as to what we do with it:
733 *
734 * 1) We could fully split the chunk into state.alloc_size sized
735 * pieces. However, this would mean that allocating a 16B
736 * state could potentially split a 2MB chunk into 512K smaller
737 * chunks. This would lead to unnecessary fragmentation.
738 *
739 * 2) The classic "buddy allocator" method would have us split the
740 * chunk in half and return one half. Then we would split the
741 * remaining half in half and return one half, and repeat as
742 * needed until we get down to the size we want. However, if
743 * you are allocating a bunch of the same size state (which is
744 * the common case), this means that every other allocation has
745 * to go up a level and every fourth goes up two levels, etc.
746 * This is not nearly as efficient as it could be if we did a
747 * little more work up-front.
748 *
749 * 3) Split the difference between (1) and (2) by doing a
750 * two-level split. If it's bigger than some fixed block_size,
751 * we split it into block_size sized chunks and return all but
752 * one of them. Then we split what remains into
753 * state.alloc_size sized chunks and return all but one.
754 *
755 * We choose option (3).
756 */
757 if (chunk_size > pool->block_size &&
758 state.alloc_size < pool->block_size) {
759 assert(chunk_size % pool->block_size == 0);
760 /* We don't want to split giant chunks into tiny chunks. Instead,
761 * break anything bigger than a block into block-sized chunks and
762 * then break it down into bucket-sized chunks from there. Return
763 * all but the first block of the chunk to the block bucket.
764 */
765 const uint32_t block_bucket =
766 anv_state_pool_get_bucket(pool->block_size);
767 anv_free_list_push(&pool->buckets[block_bucket].free_list,
768 pool->block_pool.map,
769 chunk_offset + pool->block_size,
770 pool->block_size,
771 (chunk_size / pool->block_size) - 1);
772 chunk_size = pool->block_size;
773 }
774
775 assert(chunk_size % state.alloc_size == 0);
776 anv_free_list_push(&pool->buckets[bucket].free_list,
777 pool->block_pool.map,
778 chunk_offset + state.alloc_size,
779 state.alloc_size,
780 (chunk_size / state.alloc_size) - 1);
781
782 state.offset = chunk_offset;
783 goto done;
784 }
785 }
786
787 state.offset = anv_fixed_size_state_pool_alloc_new(&pool->buckets[bucket],
788 &pool->block_pool,
789 state.alloc_size,
790 pool->block_size);
791
792 done:
793 state.map = pool->block_pool.map + state.offset;
794 return state;
795 }
796
797 struct anv_state
798 anv_state_pool_alloc(struct anv_state_pool *pool, uint32_t size, uint32_t align)
799 {
800 if (size == 0)
801 return ANV_STATE_NULL;
802
803 struct anv_state state = anv_state_pool_alloc_no_vg(pool, size, align);
804 VG(VALGRIND_MEMPOOL_ALLOC(pool, state.map, size));
805 return state;
806 }
807
808 struct anv_state
809 anv_state_pool_alloc_back(struct anv_state_pool *pool)
810 {
811 struct anv_state state;
812 state.alloc_size = pool->block_size;
813
814 if (anv_free_list_pop(&pool->back_alloc_free_list,
815 &pool->block_pool.map, &state.offset)) {
816 assert(state.offset < 0);
817 goto done;
818 }
819
820 state.offset = anv_block_pool_alloc_back(&pool->block_pool,
821 pool->block_size);
822
823 done:
824 state.map = pool->block_pool.map + state.offset;
825 VG(VALGRIND_MEMPOOL_ALLOC(pool, state.map, state.alloc_size));
826 return state;
827 }
828
829 static void
830 anv_state_pool_free_no_vg(struct anv_state_pool *pool, struct anv_state state)
831 {
832 assert(util_is_power_of_two(state.alloc_size));
833 unsigned bucket = anv_state_pool_get_bucket(state.alloc_size);
834
835 if (state.offset < 0) {
836 assert(state.alloc_size == pool->block_size);
837 anv_free_list_push(&pool->back_alloc_free_list,
838 pool->block_pool.map, state.offset,
839 state.alloc_size, 1);
840 } else {
841 anv_free_list_push(&pool->buckets[bucket].free_list,
842 pool->block_pool.map, state.offset,
843 state.alloc_size, 1);
844 }
845 }
846
847 void
848 anv_state_pool_free(struct anv_state_pool *pool, struct anv_state state)
849 {
850 if (state.alloc_size == 0)
851 return;
852
853 VG(VALGRIND_MEMPOOL_FREE(pool, state.map));
854 anv_state_pool_free_no_vg(pool, state);
855 }
856
857 struct anv_state_stream_block {
858 struct anv_state block;
859
860 /* The next block */
861 struct anv_state_stream_block *next;
862
863 #ifdef HAVE_VALGRIND
864 /* A pointer to the first user-allocated thing in this block. This is
865 * what valgrind sees as the start of the block.
866 */
867 void *_vg_ptr;
868 #endif
869 };
870
871 /* The state stream allocator is a one-shot, single threaded allocator for
872 * variable sized blocks. We use it for allocating dynamic state.
873 */
874 void
875 anv_state_stream_init(struct anv_state_stream *stream,
876 struct anv_state_pool *state_pool,
877 uint32_t block_size)
878 {
879 stream->state_pool = state_pool;
880 stream->block_size = block_size;
881
882 stream->block = ANV_STATE_NULL;
883
884 stream->block_list = NULL;
885
886 /* Ensure that next + whatever > block_size. This way the first call to
887 * state_stream_alloc fetches a new block.
888 */
889 stream->next = block_size;
890
891 VG(VALGRIND_CREATE_MEMPOOL(stream, 0, false));
892 }
893
894 void
895 anv_state_stream_finish(struct anv_state_stream *stream)
896 {
897 struct anv_state_stream_block *next = stream->block_list;
898 while (next != NULL) {
899 struct anv_state_stream_block sb = VG_NOACCESS_READ(next);
900 VG(VALGRIND_MEMPOOL_FREE(stream, sb._vg_ptr));
901 VG(VALGRIND_MAKE_MEM_UNDEFINED(next, stream->block_size));
902 anv_state_pool_free_no_vg(stream->state_pool, sb.block);
903 next = sb.next;
904 }
905
906 VG(VALGRIND_DESTROY_MEMPOOL(stream));
907 }
908
909 struct anv_state
910 anv_state_stream_alloc(struct anv_state_stream *stream,
911 uint32_t size, uint32_t alignment)
912 {
913 if (size == 0)
914 return ANV_STATE_NULL;
915
916 assert(alignment <= PAGE_SIZE);
917
918 uint32_t offset = align_u32(stream->next, alignment);
919 if (offset + size > stream->block_size) {
920 stream->block = anv_state_pool_alloc_no_vg(stream->state_pool,
921 stream->block_size,
922 PAGE_SIZE);
923
924 struct anv_state_stream_block *sb = stream->block.map;
925 VG_NOACCESS_WRITE(&sb->block, stream->block);
926 VG_NOACCESS_WRITE(&sb->next, stream->block_list);
927 stream->block_list = sb;
928 VG_NOACCESS_WRITE(&sb->_vg_ptr, NULL);
929
930 VG(VALGRIND_MAKE_MEM_NOACCESS(stream->block.map, stream->block_size));
931
932 /* Reset back to the start plus space for the header */
933 stream->next = sizeof(*sb);
934
935 offset = align_u32(stream->next, alignment);
936 assert(offset + size <= stream->block_size);
937 }
938
939 struct anv_state state = stream->block;
940 state.offset += offset;
941 state.alloc_size = size;
942 state.map += offset;
943
944 stream->next = offset + size;
945
946 #ifdef HAVE_VALGRIND
947 struct anv_state_stream_block *sb = stream->block_list;
948 void *vg_ptr = VG_NOACCESS_READ(&sb->_vg_ptr);
949 if (vg_ptr == NULL) {
950 vg_ptr = state.map;
951 VG_NOACCESS_WRITE(&sb->_vg_ptr, vg_ptr);
952 VALGRIND_MEMPOOL_ALLOC(stream, vg_ptr, size);
953 } else {
954 void *state_end = state.map + state.alloc_size;
955 /* This only updates the mempool. The newly allocated chunk is still
956 * marked as NOACCESS. */
957 VALGRIND_MEMPOOL_CHANGE(stream, vg_ptr, vg_ptr, state_end - vg_ptr);
958 /* Mark the newly allocated chunk as undefined */
959 VALGRIND_MAKE_MEM_UNDEFINED(state.map, state.alloc_size);
960 }
961 #endif
962
963 return state;
964 }
965
966 struct bo_pool_bo_link {
967 struct bo_pool_bo_link *next;
968 struct anv_bo bo;
969 };
970
971 void
972 anv_bo_pool_init(struct anv_bo_pool *pool, struct anv_device *device)
973 {
974 pool->device = device;
975 memset(pool->free_list, 0, sizeof(pool->free_list));
976
977 VG(VALGRIND_CREATE_MEMPOOL(pool, 0, false));
978 }
979
980 void
981 anv_bo_pool_finish(struct anv_bo_pool *pool)
982 {
983 for (unsigned i = 0; i < ARRAY_SIZE(pool->free_list); i++) {
984 struct bo_pool_bo_link *link = PFL_PTR(pool->free_list[i]);
985 while (link != NULL) {
986 struct bo_pool_bo_link link_copy = VG_NOACCESS_READ(link);
987
988 anv_gem_munmap(link_copy.bo.map, link_copy.bo.size);
989 anv_gem_close(pool->device, link_copy.bo.gem_handle);
990 link = link_copy.next;
991 }
992 }
993
994 VG(VALGRIND_DESTROY_MEMPOOL(pool));
995 }
996
997 VkResult
998 anv_bo_pool_alloc(struct anv_bo_pool *pool, struct anv_bo *bo, uint32_t size)
999 {
1000 VkResult result;
1001
1002 const unsigned size_log2 = size < 4096 ? 12 : ilog2_round_up(size);
1003 const unsigned pow2_size = 1 << size_log2;
1004 const unsigned bucket = size_log2 - 12;
1005 assert(bucket < ARRAY_SIZE(pool->free_list));
1006
1007 void *next_free_void;
1008 if (anv_ptr_free_list_pop(&pool->free_list[bucket], &next_free_void)) {
1009 struct bo_pool_bo_link *next_free = next_free_void;
1010 *bo = VG_NOACCESS_READ(&next_free->bo);
1011 assert(bo->gem_handle);
1012 assert(bo->map == next_free);
1013 assert(size <= bo->size);
1014
1015 VG(VALGRIND_MEMPOOL_ALLOC(pool, bo->map, size));
1016
1017 return VK_SUCCESS;
1018 }
1019
1020 struct anv_bo new_bo;
1021
1022 result = anv_bo_init_new(&new_bo, pool->device, pow2_size);
1023 if (result != VK_SUCCESS)
1024 return result;
1025
1026 assert(new_bo.size == pow2_size);
1027
1028 new_bo.map = anv_gem_mmap(pool->device, new_bo.gem_handle, 0, pow2_size, 0);
1029 if (new_bo.map == MAP_FAILED) {
1030 anv_gem_close(pool->device, new_bo.gem_handle);
1031 return vk_error(VK_ERROR_MEMORY_MAP_FAILED);
1032 }
1033
1034 *bo = new_bo;
1035
1036 VG(VALGRIND_MEMPOOL_ALLOC(pool, bo->map, size));
1037
1038 return VK_SUCCESS;
1039 }
1040
1041 void
1042 anv_bo_pool_free(struct anv_bo_pool *pool, const struct anv_bo *bo_in)
1043 {
1044 /* Make a copy in case the anv_bo happens to be storred in the BO */
1045 struct anv_bo bo = *bo_in;
1046
1047 VG(VALGRIND_MEMPOOL_FREE(pool, bo.map));
1048
1049 struct bo_pool_bo_link *link = bo.map;
1050 VG_NOACCESS_WRITE(&link->bo, bo);
1051
1052 assert(util_is_power_of_two(bo.size));
1053 const unsigned size_log2 = ilog2_round_up(bo.size);
1054 const unsigned bucket = size_log2 - 12;
1055 assert(bucket < ARRAY_SIZE(pool->free_list));
1056
1057 anv_ptr_free_list_push(&pool->free_list[bucket], link);
1058 }
1059
1060 // Scratch pool
1061
1062 void
1063 anv_scratch_pool_init(struct anv_device *device, struct anv_scratch_pool *pool)
1064 {
1065 memset(pool, 0, sizeof(*pool));
1066 }
1067
1068 void
1069 anv_scratch_pool_finish(struct anv_device *device, struct anv_scratch_pool *pool)
1070 {
1071 for (unsigned s = 0; s < MESA_SHADER_STAGES; s++) {
1072 for (unsigned i = 0; i < 16; i++) {
1073 struct anv_scratch_bo *bo = &pool->bos[i][s];
1074 if (bo->exists > 0)
1075 anv_gem_close(device, bo->bo.gem_handle);
1076 }
1077 }
1078 }
1079
1080 struct anv_bo *
1081 anv_scratch_pool_alloc(struct anv_device *device, struct anv_scratch_pool *pool,
1082 gl_shader_stage stage, unsigned per_thread_scratch)
1083 {
1084 if (per_thread_scratch == 0)
1085 return NULL;
1086
1087 unsigned scratch_size_log2 = ffs(per_thread_scratch / 2048);
1088 assert(scratch_size_log2 < 16);
1089
1090 struct anv_scratch_bo *bo = &pool->bos[scratch_size_log2][stage];
1091
1092 /* We can use "exists" to shortcut and ignore the critical section */
1093 if (bo->exists)
1094 return &bo->bo;
1095
1096 pthread_mutex_lock(&device->mutex);
1097
1098 __sync_synchronize();
1099 if (bo->exists)
1100 return &bo->bo;
1101
1102 const struct anv_physical_device *physical_device =
1103 &device->instance->physicalDevice;
1104 const struct gen_device_info *devinfo = &physical_device->info;
1105
1106 /* WaCSScratchSize:hsw
1107 *
1108 * Haswell's scratch space address calculation appears to be sparse
1109 * rather than tightly packed. The Thread ID has bits indicating which
1110 * subslice, EU within a subslice, and thread within an EU it is.
1111 * There's a maximum of two slices and two subslices, so these can be
1112 * stored with a single bit. Even though there are only 10 EUs per
1113 * subslice, this is stored in 4 bits, so there's an effective maximum
1114 * value of 16 EUs. Similarly, although there are only 7 threads per EU,
1115 * this is stored in a 3 bit number, giving an effective maximum value
1116 * of 8 threads per EU.
1117 *
1118 * This means that we need to use 16 * 8 instead of 10 * 7 for the
1119 * number of threads per subslice.
1120 */
1121 const unsigned subslices = MAX2(physical_device->subslice_total, 1);
1122 const unsigned scratch_ids_per_subslice =
1123 device->info.is_haswell ? 16 * 8 : devinfo->max_cs_threads;
1124
1125 uint32_t max_threads[] = {
1126 [MESA_SHADER_VERTEX] = devinfo->max_vs_threads,
1127 [MESA_SHADER_TESS_CTRL] = devinfo->max_tcs_threads,
1128 [MESA_SHADER_TESS_EVAL] = devinfo->max_tes_threads,
1129 [MESA_SHADER_GEOMETRY] = devinfo->max_gs_threads,
1130 [MESA_SHADER_FRAGMENT] = devinfo->max_wm_threads,
1131 [MESA_SHADER_COMPUTE] = scratch_ids_per_subslice * subslices,
1132 };
1133
1134 uint32_t size = per_thread_scratch * max_threads[stage];
1135
1136 anv_bo_init_new(&bo->bo, device, size);
1137
1138 /* Even though the Scratch base pointers in 3DSTATE_*S are 64 bits, they
1139 * are still relative to the general state base address. When we emit
1140 * STATE_BASE_ADDRESS, we set general state base address to 0 and the size
1141 * to the maximum (1 page under 4GB). This allows us to just place the
1142 * scratch buffers anywhere we wish in the bottom 32 bits of address space
1143 * and just set the scratch base pointer in 3DSTATE_*S using a relocation.
1144 * However, in order to do so, we need to ensure that the kernel does not
1145 * place the scratch BO above the 32-bit boundary.
1146 *
1147 * NOTE: Technically, it can't go "anywhere" because the top page is off
1148 * limits. However, when EXEC_OBJECT_SUPPORTS_48B_ADDRESS is set, the
1149 * kernel allocates space using
1150 *
1151 * end = min_t(u64, end, (1ULL << 32) - I915_GTT_PAGE_SIZE);
1152 *
1153 * so nothing will ever touch the top page.
1154 */
1155 bo->bo.flags &= ~EXEC_OBJECT_SUPPORTS_48B_ADDRESS;
1156
1157 /* Set the exists last because it may be read by other threads */
1158 __sync_synchronize();
1159 bo->exists = true;
1160
1161 pthread_mutex_unlock(&device->mutex);
1162
1163 return &bo->bo;
1164 }
1165
1166 struct anv_cached_bo {
1167 struct anv_bo bo;
1168
1169 uint32_t refcount;
1170 };
1171
1172 VkResult
1173 anv_bo_cache_init(struct anv_bo_cache *cache)
1174 {
1175 cache->bo_map = _mesa_hash_table_create(NULL, _mesa_hash_pointer,
1176 _mesa_key_pointer_equal);
1177 if (!cache->bo_map)
1178 return vk_error(VK_ERROR_OUT_OF_HOST_MEMORY);
1179
1180 if (pthread_mutex_init(&cache->mutex, NULL)) {
1181 _mesa_hash_table_destroy(cache->bo_map, NULL);
1182 return vk_errorf(VK_ERROR_OUT_OF_HOST_MEMORY,
1183 "pthread_mutex_init failed: %m");
1184 }
1185
1186 return VK_SUCCESS;
1187 }
1188
1189 void
1190 anv_bo_cache_finish(struct anv_bo_cache *cache)
1191 {
1192 _mesa_hash_table_destroy(cache->bo_map, NULL);
1193 pthread_mutex_destroy(&cache->mutex);
1194 }
1195
1196 static struct anv_cached_bo *
1197 anv_bo_cache_lookup_locked(struct anv_bo_cache *cache, uint32_t gem_handle)
1198 {
1199 struct hash_entry *entry =
1200 _mesa_hash_table_search(cache->bo_map,
1201 (const void *)(uintptr_t)gem_handle);
1202 if (!entry)
1203 return NULL;
1204
1205 struct anv_cached_bo *bo = (struct anv_cached_bo *)entry->data;
1206 assert(bo->bo.gem_handle == gem_handle);
1207
1208 return bo;
1209 }
1210
1211 static struct anv_bo *
1212 anv_bo_cache_lookup(struct anv_bo_cache *cache, uint32_t gem_handle)
1213 {
1214 pthread_mutex_lock(&cache->mutex);
1215
1216 struct anv_cached_bo *bo = anv_bo_cache_lookup_locked(cache, gem_handle);
1217
1218 pthread_mutex_unlock(&cache->mutex);
1219
1220 return bo ? &bo->bo : NULL;
1221 }
1222
1223 VkResult
1224 anv_bo_cache_alloc(struct anv_device *device,
1225 struct anv_bo_cache *cache,
1226 uint64_t size, struct anv_bo **bo_out)
1227 {
1228 struct anv_cached_bo *bo =
1229 vk_alloc(&device->alloc, sizeof(struct anv_cached_bo), 8,
1230 VK_SYSTEM_ALLOCATION_SCOPE_OBJECT);
1231 if (!bo)
1232 return vk_error(VK_ERROR_OUT_OF_HOST_MEMORY);
1233
1234 bo->refcount = 1;
1235
1236 /* The kernel is going to give us whole pages anyway */
1237 size = align_u64(size, 4096);
1238
1239 VkResult result = anv_bo_init_new(&bo->bo, device, size);
1240 if (result != VK_SUCCESS) {
1241 vk_free(&device->alloc, bo);
1242 return result;
1243 }
1244
1245 assert(bo->bo.gem_handle);
1246
1247 pthread_mutex_lock(&cache->mutex);
1248
1249 _mesa_hash_table_insert(cache->bo_map,
1250 (void *)(uintptr_t)bo->bo.gem_handle, bo);
1251
1252 pthread_mutex_unlock(&cache->mutex);
1253
1254 *bo_out = &bo->bo;
1255
1256 return VK_SUCCESS;
1257 }
1258
1259 VkResult
1260 anv_bo_cache_import(struct anv_device *device,
1261 struct anv_bo_cache *cache,
1262 int fd, uint64_t size, struct anv_bo **bo_out)
1263 {
1264 pthread_mutex_lock(&cache->mutex);
1265
1266 /* The kernel is going to give us whole pages anyway */
1267 size = align_u64(size, 4096);
1268
1269 uint32_t gem_handle = anv_gem_fd_to_handle(device, fd);
1270 if (!gem_handle) {
1271 pthread_mutex_unlock(&cache->mutex);
1272 return vk_error(VK_ERROR_INVALID_EXTERNAL_HANDLE_KHX);
1273 }
1274
1275 struct anv_cached_bo *bo = anv_bo_cache_lookup_locked(cache, gem_handle);
1276 if (bo) {
1277 if (bo->bo.size != size) {
1278 pthread_mutex_unlock(&cache->mutex);
1279 return vk_error(VK_ERROR_INVALID_EXTERNAL_HANDLE_KHX);
1280 }
1281 __sync_fetch_and_add(&bo->refcount, 1);
1282 } else {
1283 /* For security purposes, we reject BO imports where the size does not
1284 * match exactly. This prevents a malicious client from passing a
1285 * buffer to a trusted client, lying about the size, and telling the
1286 * trusted client to try and texture from an image that goes
1287 * out-of-bounds. This sort of thing could lead to GPU hangs or worse
1288 * in the trusted client. The trusted client can protect itself against
1289 * this sort of attack but only if it can trust the buffer size.
1290 */
1291 off_t import_size = lseek(fd, 0, SEEK_END);
1292 if (import_size == (off_t)-1 || import_size != size) {
1293 anv_gem_close(device, gem_handle);
1294 pthread_mutex_unlock(&cache->mutex);
1295 return vk_error(VK_ERROR_INVALID_EXTERNAL_HANDLE_KHX);
1296 }
1297
1298 bo = vk_alloc(&device->alloc, sizeof(struct anv_cached_bo), 8,
1299 VK_SYSTEM_ALLOCATION_SCOPE_OBJECT);
1300 if (!bo) {
1301 anv_gem_close(device, gem_handle);
1302 pthread_mutex_unlock(&cache->mutex);
1303 return vk_error(VK_ERROR_OUT_OF_HOST_MEMORY);
1304 }
1305
1306 bo->refcount = 1;
1307
1308 anv_bo_init(&bo->bo, gem_handle, size);
1309
1310 if (device->instance->physicalDevice.supports_48bit_addresses)
1311 bo->bo.flags |= EXEC_OBJECT_SUPPORTS_48B_ADDRESS;
1312
1313 if (device->instance->physicalDevice.has_exec_async)
1314 bo->bo.flags |= EXEC_OBJECT_ASYNC;
1315
1316 _mesa_hash_table_insert(cache->bo_map, (void *)(uintptr_t)gem_handle, bo);
1317 }
1318
1319 pthread_mutex_unlock(&cache->mutex);
1320
1321 /* From the Vulkan spec:
1322 *
1323 * "Importing memory from a file descriptor transfers ownership of
1324 * the file descriptor from the application to the Vulkan
1325 * implementation. The application must not perform any operations on
1326 * the file descriptor after a successful import."
1327 *
1328 * If the import fails, we leave the file descriptor open.
1329 */
1330 close(fd);
1331
1332 *bo_out = &bo->bo;
1333
1334 return VK_SUCCESS;
1335 }
1336
1337 VkResult
1338 anv_bo_cache_export(struct anv_device *device,
1339 struct anv_bo_cache *cache,
1340 struct anv_bo *bo_in, int *fd_out)
1341 {
1342 assert(anv_bo_cache_lookup(cache, bo_in->gem_handle) == bo_in);
1343 struct anv_cached_bo *bo = (struct anv_cached_bo *)bo_in;
1344
1345 int fd = anv_gem_handle_to_fd(device, bo->bo.gem_handle);
1346 if (fd < 0)
1347 return vk_error(VK_ERROR_TOO_MANY_OBJECTS);
1348
1349 *fd_out = fd;
1350
1351 return VK_SUCCESS;
1352 }
1353
1354 static bool
1355 atomic_dec_not_one(uint32_t *counter)
1356 {
1357 uint32_t old, val;
1358
1359 val = *counter;
1360 while (1) {
1361 if (val == 1)
1362 return false;
1363
1364 old = __sync_val_compare_and_swap(counter, val, val - 1);
1365 if (old == val)
1366 return true;
1367
1368 val = old;
1369 }
1370 }
1371
1372 void
1373 anv_bo_cache_release(struct anv_device *device,
1374 struct anv_bo_cache *cache,
1375 struct anv_bo *bo_in)
1376 {
1377 assert(anv_bo_cache_lookup(cache, bo_in->gem_handle) == bo_in);
1378 struct anv_cached_bo *bo = (struct anv_cached_bo *)bo_in;
1379
1380 /* Try to decrement the counter but don't go below one. If this succeeds
1381 * then the refcount has been decremented and we are not the last
1382 * reference.
1383 */
1384 if (atomic_dec_not_one(&bo->refcount))
1385 return;
1386
1387 pthread_mutex_lock(&cache->mutex);
1388
1389 /* We are probably the last reference since our attempt to decrement above
1390 * failed. However, we can't actually know until we are inside the mutex.
1391 * Otherwise, someone could import the BO between the decrement and our
1392 * taking the mutex.
1393 */
1394 if (unlikely(__sync_sub_and_fetch(&bo->refcount, 1) > 0)) {
1395 /* Turns out we're not the last reference. Unlock and bail. */
1396 pthread_mutex_unlock(&cache->mutex);
1397 return;
1398 }
1399
1400 struct hash_entry *entry =
1401 _mesa_hash_table_search(cache->bo_map,
1402 (const void *)(uintptr_t)bo->bo.gem_handle);
1403 assert(entry);
1404 _mesa_hash_table_remove(cache->bo_map, entry);
1405
1406 if (bo->bo.map)
1407 anv_gem_munmap(bo->bo.map, bo->bo.size);
1408
1409 anv_gem_close(device, bo->bo.gem_handle);
1410
1411 /* Don't unlock until we've actually closed the BO. The whole point of
1412 * the BO cache is to ensure that we correctly handle races with creating
1413 * and releasing GEM handles and we don't want to let someone import the BO
1414 * again between mutex unlock and closing the GEM handle.
1415 */
1416 pthread_mutex_unlock(&cache->mutex);
1417
1418 vk_free(&device->alloc, bo);
1419 }