projects / mesa.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
vc4: Write the alignment of level width consistently in validation.
[mesa.git] / src / gallium / drivers / vc4 / kernel / vc4_validate.c
1 /*
2 * Copyright © 2014 Broadcom
3 *
4 * Permission is hereby granted, free of charge, to any person obtaining a
5 * copy of this software and associated documentation files (the "Software"),
6 * to deal in the Software without restriction, including without limitation
7 * the rights to use, copy, modify, merge, publish, distribute, sublicense,
8 * and/or sell copies of the Software, and to permit persons to whom the
9 * Software is furnished to do so, subject to the following conditions:
10 *
11 * The above copyright notice and this permission notice (including the next
12 * paragraph) shall be included in all copies or substantial portions of the
13 * Software.
14 *
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
18 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
20 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
21 * IN THE SOFTWARE.
22 */
23
24 /**
25 * Command list validator for VC4.
26 *
27 * The VC4 has no IOMMU between it and system memory. So, a user with
28 * access to execute command lists could escalate privilege by
29 * overwriting system memory (drawing to it as a framebuffer) or
30 * reading system memory it shouldn't (reading it as a texture, or
31 * uniform data, or vertex data).
32 *
33 * This validates command lists to ensure that all accesses are within
34 * the bounds of the GEM objects referenced. It explicitly whitelists
35 * packets, and looks at the offsets in any address fields to make
36 * sure they're constrained within the BOs they reference.
37 *
38 * Note that because of the validation that's happening anyway, this
39 * is where GEM relocation processing happens.
40 */
41
42 #include "vc4_drv.h"
43 #include "vc4_packet.h"
44
45 #define VALIDATE_ARGS \
46 struct vc4_exec_info *exec, \
47 void *validated, \
48 void *untrusted
49
50
51 /** Return the width in pixels of a 64-byte microtile. */
52 static uint32_t
53 utile_width(int cpp)
54 {
55 switch (cpp) {
56 case 1:
57 case 2:
58 return 8;
59 case 4:
60 return 4;
61 case 8:
62 return 2;
63 default:
64 DRM_ERROR("unknown cpp: %d\n", cpp);
65 return 1;
66 }
67 }
68
69 /** Return the height in pixels of a 64-byte microtile. */
70 static uint32_t
71 utile_height(int cpp)
72 {
73 switch (cpp) {
74 case 1:
75 return 8;
76 case 2:
77 case 4:
78 case 8:
79 return 4;
80 default:
81 DRM_ERROR("unknown cpp: %d\n", cpp);
82 return 1;
83 }
84 }
85
86 /**
87 * The texture unit decides what tiling format a particular miplevel is using
88 * this function, so we lay out our miptrees accordingly.
89 */
90 static bool
91 size_is_lt(uint32_t width, uint32_t height, int cpp)
92 {
93 return (width <= 4 * utile_width(cpp) ||
94 height <= 4 * utile_height(cpp));
95 }
96
97 static bool
98 vc4_use_bo(struct vc4_exec_info *exec,
99 uint32_t hindex,
100 enum vc4_bo_mode mode,
101 struct drm_gem_cma_object **obj)
102 {
103 *obj = NULL;
104
105 if (hindex >= exec->bo_count) {
106 DRM_ERROR("BO index %d greater than BO count %d\n",
107 hindex, exec->bo_count);
108 return false;
109 }
110
111 if (exec->bo[hindex].mode != mode) {
112 if (exec->bo[hindex].mode == VC4_MODE_UNDECIDED) {
113 exec->bo[hindex].mode = mode;
114 } else {
115 DRM_ERROR("BO index %d reused with mode %d vs %d\n",
116 hindex, exec->bo[hindex].mode, mode);
117 return false;
118 }
119 }
120
121 *obj = exec->bo[hindex].bo;
122 return true;
123 }
124
125 static bool
126 vc4_use_handle(struct vc4_exec_info *exec,
127 uint32_t gem_handles_packet_index,
128 enum vc4_bo_mode mode,
129 struct drm_gem_cma_object **obj)
130 {
131 return vc4_use_bo(exec, exec->bo_index[gem_handles_packet_index],
132 mode, obj);
133 }
134
135 static uint32_t
136 gl_shader_rec_size(uint32_t pointer_bits)
137 {
138 uint32_t attribute_count = pointer_bits & 7;
139 bool extended = pointer_bits & 8;
140
141 if (attribute_count == 0)
142 attribute_count = 8;
143
144 if (extended)
145 return 100 + attribute_count * 4;
146 else
147 return 36 + attribute_count * 8;
148 }
149
150 static bool
151 check_tex_size(struct vc4_exec_info *exec, struct drm_gem_cma_object *fbo,
152 uint32_t offset, uint8_t tiling_format,
153 uint32_t width, uint32_t height, uint8_t cpp)
154 {
155 uint32_t aligned_width, aligned_height, stride, size;
156 uint32_t utile_w = utile_width(cpp);
157 uint32_t utile_h = utile_height(cpp);
158
159 /* The values are limited by the packet/texture parameter bitfields,
160 * so we don't need to worry as much about integer overflow.
161 */
162 BUG_ON(width > 65535);
163 BUG_ON(height > 65535);
164
165 switch (tiling_format) {
166 case VC4_TILING_FORMAT_LINEAR:
167 aligned_width = roundup(width, utile_w);
168 aligned_height = height;
169 break;
170 case VC4_TILING_FORMAT_T:
171 aligned_width = roundup(width, utile_w * 8);
172 aligned_height = roundup(height, utile_h * 8);
173 break;
174 case VC4_TILING_FORMAT_LT:
175 aligned_width = roundup(width, utile_w);
176 aligned_height = roundup(height, utile_h);
177 break;
178 default:
179 DRM_ERROR("buffer tiling %d unsupported\n", tiling_format);
180 return false;
181 }
182
183 stride = aligned_width * cpp;
184
185 if (INT_MAX / stride < aligned_height) {
186 DRM_ERROR("Overflow in fbo size (%dx%d -> %dx%d)\n",
187 width, height,
188 aligned_width, aligned_height);
189 return false;
190 }
191 size = stride * aligned_height;
192
193 if (size + offset < size ||
194 size + offset > fbo->base.size) {
195 DRM_ERROR("Overflow in %dx%d (%dx%d) fbo size (%d + %d > %d)\n",
196 width, height,
197 aligned_width, aligned_height,
198 size, offset, fbo->base.size);
199 return false;
200 }
201
202 return true;
203 }
204
205 static int
206 validate_flush_all(VALIDATE_ARGS)
207 {
208 if (exec->found_increment_semaphore_packet) {
209 DRM_ERROR("VC4_PACKET_FLUSH_ALL after "
210 "VC4_PACKET_INCREMENT_SEMAPHORE\n");
211 return -EINVAL;
212 }
213
214 return 0;
215 }
216
217 static int
218 validate_start_tile_binning(VALIDATE_ARGS)
219 {
220 if (exec->found_start_tile_binning_packet) {
221 DRM_ERROR("Duplicate VC4_PACKET_START_TILE_BINNING\n");
222 return -EINVAL;
223 }
224 exec->found_start_tile_binning_packet = true;
225
226 if (!exec->found_tile_binning_mode_config_packet) {
227 DRM_ERROR("missing VC4_PACKET_TILE_BINNING_MODE_CONFIG\n");
228 return -EINVAL;
229 }
230
231 return 0;
232 }
233
234 static int
235 validate_increment_semaphore(VALIDATE_ARGS)
236 {
237 if (exec->found_increment_semaphore_packet) {
238 DRM_ERROR("Duplicate VC4_PACKET_INCREMENT_SEMAPHORE\n");
239 return -EINVAL;
240 }
241 exec->found_increment_semaphore_packet = true;
242
243 /* Once we've found the semaphore increment, there should be one FLUSH
244 * then the end of the command list. The FLUSH actually triggers the
245 * increment, so we only need to make sure there
246 */
247
248 return 0;
249 }
250
251 static int
252 validate_wait_on_semaphore(VALIDATE_ARGS)
253 {
254 if (exec->found_wait_on_semaphore_packet) {
255 DRM_ERROR("Duplicate VC4_PACKET_WAIT_ON_SEMAPHORE\n");
256 return -EINVAL;
257 }
258 exec->found_wait_on_semaphore_packet = true;
259
260 if (!exec->found_increment_semaphore_packet) {
261 DRM_ERROR("VC4_PACKET_WAIT_ON_SEMAPHORE without "
262 "VC4_PACKET_INCREMENT_SEMAPHORE\n");
263 return -EINVAL;
264 }
265
266 return 0;
267 }
268
269 static int
270 validate_branch_to_sublist(VALIDATE_ARGS)
271 {
272 struct drm_gem_cma_object *target;
273 uint32_t offset;
274
275 if (!vc4_use_handle(exec, 0, VC4_MODE_TILE_ALLOC, &target))
276 return -EINVAL;
277
278 if (target != exec->tile_alloc_bo) {
279 DRM_ERROR("Jumping to BOs other than tile alloc unsupported\n");
280 return -EINVAL;
281 }
282
283 if (!exec->found_wait_on_semaphore_packet) {
284 DRM_ERROR("Jumping to tile alloc before binning finished.\n");
285 return -EINVAL;
286 }
287
288 offset = *(uint32_t *)(untrusted + 0);
289 if (offset % exec->tile_alloc_init_block_size ||
290 offset / exec->tile_alloc_init_block_size >
291 exec->bin_tiles_x * exec->bin_tiles_y) {
292 DRM_ERROR("VC4_PACKET_BRANCH_TO_SUB_LIST must jump to initial "
293 "tile allocation space.\n");
294 return -EINVAL;
295 }
296
297 *(uint32_t *)(validated + 0) = target->paddr + offset;
298
299 return 0;
300 }
301
302 /**
303 * validate_loadstore_tile_buffer_general() - Validation for
304 * VC4_PACKET_LOAD_TILE_BUFFER_GENERAL and
305 * VC4_PACKET_STORE_TILE_BUFFER_GENERAL.
306 *
307 * The two packets are nearly the same, except for the TLB-clearing management
308 * bits not being present for loads. Additionally, while stores are executed
309 * immediately (using the current tile coordinates), loads are queued to be
310 * executed when the tile coordinates packet occurs.
311 *
312 * Note that coordinates packets are validated to be within the declared
313 * bin_x/y, which themselves are verified to match the rendering-configuration
314 * FB width and height (which the hardware uses to clip loads and stores).
315 */
316 static int
317 validate_loadstore_tile_buffer_general(VALIDATE_ARGS)
318 {
319 uint32_t packet_b0 = *(uint8_t *)(untrusted + 0);
320 uint32_t packet_b1 = *(uint8_t *)(untrusted + 1);
321 struct drm_gem_cma_object *fbo;
322 uint32_t buffer_type = packet_b0 & 0xf;
323 uint32_t untrusted_address, offset, cpp;
324
325 switch (buffer_type) {
326 case VC4_LOADSTORE_TILE_BUFFER_NONE:
327 return 0;
328 case VC4_LOADSTORE_TILE_BUFFER_COLOR:
329 if ((packet_b1 & VC4_LOADSTORE_TILE_BUFFER_MASK) ==
330 VC4_LOADSTORE_TILE_BUFFER_RGBA8888) {
331 cpp = 4;
332 } else {
333 cpp = 2;
334 }
335 break;
336
337 case VC4_LOADSTORE_TILE_BUFFER_Z:
338 case VC4_LOADSTORE_TILE_BUFFER_ZS:
339 cpp = 4;
340 break;
341
342 default:
343 DRM_ERROR("Load/store type %d unsupported\n", buffer_type);
344 return -EINVAL;
345 }
346
347 if (!vc4_use_handle(exec, 0, VC4_MODE_RENDER, &fbo))
348 return -EINVAL;
349
350 untrusted_address = *(uint32_t *)(untrusted + 2);
351 offset = untrusted_address & ~0xf;
352
353 if (!check_tex_size(exec, fbo, offset,
354 ((packet_b0 &
355 VC4_LOADSTORE_TILE_BUFFER_FORMAT_MASK) >>
356 VC4_LOADSTORE_TILE_BUFFER_FORMAT_SHIFT),
357 exec->fb_width, exec->fb_height, cpp)) {
358 return -EINVAL;
359 }
360
361 *(uint32_t *)(validated + 2) = (offset + fbo->paddr +
362 (untrusted_address & 0xf));
363
364 return 0;
365 }
366
367 static int
368 validate_indexed_prim_list(VALIDATE_ARGS)
369 {
370 struct drm_gem_cma_object *ib;
371 uint32_t length = *(uint32_t *)(untrusted + 1);
372 uint32_t offset = *(uint32_t *)(untrusted + 5);
373 uint32_t max_index = *(uint32_t *)(untrusted + 9);
374 uint32_t index_size = (*(uint8_t *)(untrusted + 0) >> 4) ? 2 : 1;
375 struct vc4_shader_state *shader_state;
376
377 if (exec->found_increment_semaphore_packet) {
378 DRM_ERROR("Drawing after VC4_PACKET_INCREMENT_SEMAPHORE\n");
379 return -EINVAL;
380 }
381
382 /* Check overflow condition */
383 if (exec->shader_state_count == 0) {
384 DRM_ERROR("shader state must precede primitives\n");
385 return -EINVAL;
386 }
387 shader_state = &exec->shader_state[exec->shader_state_count - 1];
388
389 if (max_index > shader_state->max_index)
390 shader_state->max_index = max_index;
391
392 if (!vc4_use_handle(exec, 0, VC4_MODE_RENDER, &ib))
393 return -EINVAL;
394
395 if (offset > ib->base.size ||
396 (ib->base.size - offset) / index_size < length) {
397 DRM_ERROR("IB access overflow (%d + %d*%d > %d)\n",
398 offset, length, index_size, ib->base.size);
399 return -EINVAL;
400 }
401
402 *(uint32_t *)(validated + 5) = ib->paddr + offset;
403
404 return 0;
405 }
406
407 static int
408 validate_gl_array_primitive(VALIDATE_ARGS)
409 {
410 uint32_t length = *(uint32_t *)(untrusted + 1);
411 uint32_t base_index = *(uint32_t *)(untrusted + 5);
412 uint32_t max_index;
413 struct vc4_shader_state *shader_state;
414
415 if (exec->found_increment_semaphore_packet) {
416 DRM_ERROR("Drawing after VC4_PACKET_INCREMENT_SEMAPHORE\n");
417 return -EINVAL;
418 }
419
420 /* Check overflow condition */
421 if (exec->shader_state_count == 0) {
422 DRM_ERROR("shader state must precede primitives\n");
423 return -EINVAL;
424 }
425 shader_state = &exec->shader_state[exec->shader_state_count - 1];
426
427 if (length + base_index < length) {
428 DRM_ERROR("primitive vertex count overflow\n");
429 return -EINVAL;
430 }
431 max_index = length + base_index - 1;
432
433 if (max_index > shader_state->max_index)
434 shader_state->max_index = max_index;
435
436 return 0;
437 }
438
439 static int
440 validate_gl_shader_state(VALIDATE_ARGS)
441 {
442 uint32_t i = exec->shader_state_count++;
443
444 if (i >= exec->shader_state_size) {
445 DRM_ERROR("More requests for shader states than declared\n");
446 return -EINVAL;
447 }
448
449 exec->shader_state[i].packet = VC4_PACKET_GL_SHADER_STATE;
450 exec->shader_state[i].addr = *(uint32_t *)untrusted;
451 exec->shader_state[i].max_index = 0;
452
453 if (exec->shader_state[i].addr & ~0xf) {
454 DRM_ERROR("high bits set in GL shader rec reference\n");
455 return -EINVAL;
456 }
457
458 *(uint32_t *)validated = (exec->shader_rec_p +
459 exec->shader_state[i].addr);
460
461 exec->shader_rec_p +=
462 roundup(gl_shader_rec_size(exec->shader_state[i].addr), 16);
463
464 return 0;
465 }
466
467 static int
468 validate_nv_shader_state(VALIDATE_ARGS)
469 {
470 uint32_t i = exec->shader_state_count++;
471
472 if (i >= exec->shader_state_size) {
473 DRM_ERROR("More requests for shader states than declared\n");
474 return -EINVAL;
475 }
476
477 exec->shader_state[i].packet = VC4_PACKET_NV_SHADER_STATE;
478 exec->shader_state[i].addr = *(uint32_t *)untrusted;
479
480 if (exec->shader_state[i].addr & 15) {
481 DRM_ERROR("NV shader state address 0x%08x misaligned\n",
482 exec->shader_state[i].addr);
483 return -EINVAL;
484 }
485
486 *(uint32_t *)validated = (exec->shader_state[i].addr +
487 exec->shader_rec_p);
488
489 return 0;
490 }
491
492 static int
493 validate_tile_binning_config(VALIDATE_ARGS)
494 {
495 struct drm_gem_cma_object *tile_allocation;
496 struct drm_gem_cma_object *tile_state_data_array;
497 uint8_t flags;
498 uint32_t tile_allocation_size;
499
500 if (!vc4_use_handle(exec, 0, VC4_MODE_TILE_ALLOC, &tile_allocation) ||
501 !vc4_use_handle(exec, 1, VC4_MODE_TSDA, &tile_state_data_array))
502 return -EINVAL;
503
504 if (exec->found_tile_binning_mode_config_packet) {
505 DRM_ERROR("Duplicate VC4_PACKET_TILE_BINNING_MODE_CONFIG\n");
506 return -EINVAL;
507 }
508 exec->found_tile_binning_mode_config_packet = true;
509
510 exec->bin_tiles_x = *(uint8_t *)(untrusted + 12);
511 exec->bin_tiles_y = *(uint8_t *)(untrusted + 13);
512 flags = *(uint8_t *)(untrusted + 14);
513
514 if (exec->bin_tiles_x == 0 ||
515 exec->bin_tiles_y == 0) {
516 DRM_ERROR("Tile binning config of %dx%d too small\n",
517 exec->bin_tiles_x, exec->bin_tiles_y);
518 return -EINVAL;
519 }
520
521 /* Our validation relies on the user not getting to set up their own
522 * tile state/tile allocation BO contents.
523 */
524 if (!(flags & VC4_BIN_CONFIG_AUTO_INIT_TSDA)) {
525 DRM_ERROR("binning config missing "
526 "VC4_BIN_CONFIG_AUTO_INIT_TSDA\n");
527 return -EINVAL;
528 }
529
530 if (flags & (VC4_BIN_CONFIG_DB_NON_MS |
531 VC4_BIN_CONFIG_TILE_BUFFER_64BIT |
532 VC4_BIN_CONFIG_MS_MODE_4X)) {
533 DRM_ERROR("unsupported bining config flags 0x%02x\n", flags);
534 return -EINVAL;
535 }
536
537 if (*(uint32_t *)(untrusted + 0) != 0) {
538 DRM_ERROR("tile allocation offset != 0 unsupported\n");
539 return -EINVAL;
540 }
541 tile_allocation_size = *(uint32_t *)(untrusted + 4);
542 if (tile_allocation_size > tile_allocation->base.size) {
543 DRM_ERROR("tile allocation size %d > BO size %d\n",
544 tile_allocation_size, tile_allocation->base.size);
545 return -EINVAL;
546 }
547 *(uint32_t *)validated = tile_allocation->paddr;
548 exec->tile_alloc_bo = tile_allocation;
549
550 exec->tile_alloc_init_block_size = 1 << (5 + ((flags >> 5) & 3));
551 if (exec->bin_tiles_x * exec->bin_tiles_y *
552 exec->tile_alloc_init_block_size > tile_allocation_size) {
553 DRM_ERROR("tile init exceeds tile alloc size (%d vs %d)\n",
554 exec->bin_tiles_x * exec->bin_tiles_y *
555 exec->tile_alloc_init_block_size,
556 tile_allocation_size);
557 return -EINVAL;
558 }
559 if (*(uint32_t *)(untrusted + 8) != 0) {
560 DRM_ERROR("TSDA offset != 0 unsupported\n");
561 return -EINVAL;
562 }
563 if (exec->bin_tiles_x * exec->bin_tiles_y * 48 >
564 tile_state_data_array->base.size) {
565 DRM_ERROR("TSDA of %db too small for %dx%d bin config\n",
566 tile_state_data_array->base.size,
567 exec->bin_tiles_x, exec->bin_tiles_y);
568 }
569 *(uint32_t *)(validated + 8) = tile_state_data_array->paddr;
570
571 return 0;
572 }
573
574 static int
575 validate_tile_rendering_mode_config(VALIDATE_ARGS)
576 {
577 struct drm_gem_cma_object *fbo;
578 uint32_t flags, offset, cpp;
579
580 if (exec->found_tile_rendering_mode_config_packet) {
581 DRM_ERROR("Duplicate VC4_PACKET_TILE_RENDERING_MODE_CONFIG\n");
582 return -EINVAL;
583 }
584 exec->found_tile_rendering_mode_config_packet = true;
585
586 if (!vc4_use_handle(exec, 0, VC4_MODE_RENDER, &fbo))
587 return -EINVAL;
588
589 exec->fb_width = *(uint16_t *)(untrusted + 4);
590 exec->fb_height = *(uint16_t *)(untrusted + 6);
591
592 /* Make sure that the fb width/height matches the binning config -- we
593 * rely on being able to interchange these for various assertions.
594 * (Within a tile, loads and stores will be clipped to the
595 * width/height, but we allow load/storing to any binned tile).
596 */
597 if (exec->fb_width <= (exec->bin_tiles_x - 1) * 64 ||
598 exec->fb_width > exec->bin_tiles_x * 64 ||
599 exec->fb_height <= (exec->bin_tiles_y - 1) * 64 ||
600 exec->fb_height > exec->bin_tiles_y * 64) {
601 DRM_ERROR("bin config %dx%d doesn't match FB %dx%d\n",
602 exec->bin_tiles_x, exec->bin_tiles_y,
603 exec->fb_width, exec->fb_height);
604 return -EINVAL;
605 }
606
607 flags = *(uint16_t *)(untrusted + 8);
608 if ((flags & VC4_RENDER_CONFIG_FORMAT_MASK) ==
609 VC4_RENDER_CONFIG_FORMAT_RGBA8888) {
610 cpp = 4;
611 } else {
612 cpp = 2;
613 }
614
615 offset = *(uint32_t *)untrusted;
616 if (!check_tex_size(exec, fbo, offset,
617 ((flags &
618 VC4_RENDER_CONFIG_MEMORY_FORMAT_MASK) >>
619 VC4_RENDER_CONFIG_MEMORY_FORMAT_SHIFT),
620 exec->fb_width, exec->fb_height, cpp)) {
621 return -EINVAL;
622 }
623
624 *(uint32_t *)validated = fbo->paddr + offset;
625
626 return 0;
627 }
628
629 static int
630 validate_tile_coordinates(VALIDATE_ARGS)
631 {
632 uint8_t tile_x = *(uint8_t *)(untrusted + 0);
633 uint8_t tile_y = *(uint8_t *)(untrusted + 1);
634
635 if (tile_x >= exec->bin_tiles_x ||
636 tile_y >= exec->bin_tiles_y) {
637 DRM_ERROR("Tile coordinates %d,%d > bin config %d,%d\n",
638 tile_x,
639 tile_y,
640 exec->bin_tiles_x,
641 exec->bin_tiles_y);
642 return -EINVAL;
643 }
644
645 return 0;
646 }
647
648 static int
649 validate_gem_handles(VALIDATE_ARGS)
650 {
651 memcpy(exec->bo_index, untrusted, sizeof(exec->bo_index));
652 return 0;
653 }
654
655 static const struct cmd_info {
656 bool bin;
657 bool render;
658 uint16_t len;
659 const char *name;
660 int (*func)(struct vc4_exec_info *exec, void *validated,
661 void *untrusted);
662 } cmd_info[] = {
663 [VC4_PACKET_HALT] = { 1, 1, 1, "halt", NULL },
664 [VC4_PACKET_NOP] = { 1, 1, 1, "nop", NULL },
665 [VC4_PACKET_FLUSH] = { 1, 1, 1, "flush", NULL },
666 [VC4_PACKET_FLUSH_ALL] = { 1, 0, 1, "flush all state", validate_flush_all },
667 [VC4_PACKET_START_TILE_BINNING] = { 1, 0, 1, "start tile binning", validate_start_tile_binning },
668 [VC4_PACKET_INCREMENT_SEMAPHORE] = { 1, 0, 1, "increment semaphore", validate_increment_semaphore },
669 [VC4_PACKET_WAIT_ON_SEMAPHORE] = { 0, 1, 1, "wait on semaphore", validate_wait_on_semaphore },
670 /* BRANCH_TO_SUB_LIST is actually supported in the binner as well, but
671 * we only use it from the render CL in order to jump into the tile
672 * allocation BO.
673 */
674 [VC4_PACKET_BRANCH_TO_SUB_LIST] = { 0, 1, 5, "branch to sublist", validate_branch_to_sublist },
675 [VC4_PACKET_STORE_MS_TILE_BUFFER] = { 0, 1, 1, "store MS resolved tile color buffer", NULL },
676 [VC4_PACKET_STORE_MS_TILE_BUFFER_AND_EOF] = { 0, 1, 1, "store MS resolved tile color buffer and EOF", NULL },
677
678 [VC4_PACKET_STORE_TILE_BUFFER_GENERAL] = { 0, 1, 7, "Store Tile Buffer General", validate_loadstore_tile_buffer_general },
679 [VC4_PACKET_LOAD_TILE_BUFFER_GENERAL] = { 0, 1, 7, "Load Tile Buffer General", validate_loadstore_tile_buffer_general },
680
681 [VC4_PACKET_GL_INDEXED_PRIMITIVE] = { 1, 1, 14, "Indexed Primitive List", validate_indexed_prim_list },
682
683 [VC4_PACKET_GL_ARRAY_PRIMITIVE] = { 1, 1, 10, "Vertex Array Primitives", validate_gl_array_primitive },
684
685 /* This is only used by clipped primitives (packets 48 and 49), which
686 * we don't support parsing yet.
687 */
688 [VC4_PACKET_PRIMITIVE_LIST_FORMAT] = { 1, 1, 2, "primitive list format", NULL },
689
690 [VC4_PACKET_GL_SHADER_STATE] = { 1, 1, 5, "GL Shader State", validate_gl_shader_state },
691 [VC4_PACKET_NV_SHADER_STATE] = { 1, 1, 5, "NV Shader State", validate_nv_shader_state },
692
693 [VC4_PACKET_CONFIGURATION_BITS] = { 1, 1, 4, "configuration bits", NULL },
694 [VC4_PACKET_FLAT_SHADE_FLAGS] = { 1, 1, 5, "flat shade flags", NULL },
695 [VC4_PACKET_POINT_SIZE] = { 1, 1, 5, "point size", NULL },
696 [VC4_PACKET_LINE_WIDTH] = { 1, 1, 5, "line width", NULL },
697 [VC4_PACKET_RHT_X_BOUNDARY] = { 1, 1, 3, "RHT X boundary", NULL },
698 [VC4_PACKET_DEPTH_OFFSET] = { 1, 1, 5, "Depth Offset", NULL },
699 [VC4_PACKET_CLIP_WINDOW] = { 1, 1, 9, "Clip Window", NULL },
700 [VC4_PACKET_VIEWPORT_OFFSET] = { 1, 1, 5, "Viewport Offset", NULL },
701 [VC4_PACKET_CLIPPER_XY_SCALING] = { 1, 1, 9, "Clipper XY Scaling", NULL },
702 /* Note: The docs say this was also 105, but it was 106 in the
703 * initial userland code drop.
704 */
705 [VC4_PACKET_CLIPPER_Z_SCALING] = { 1, 1, 9, "Clipper Z Scale and Offset", NULL },
706
707 [VC4_PACKET_TILE_BINNING_MODE_CONFIG] = { 1, 0, 16, "tile binning configuration", validate_tile_binning_config },
708
709 [VC4_PACKET_TILE_RENDERING_MODE_CONFIG] = { 0, 1, 11, "tile rendering mode configuration", validate_tile_rendering_mode_config},
710
711 [VC4_PACKET_CLEAR_COLORS] = { 0, 1, 14, "Clear Colors", NULL },
712
713 [VC4_PACKET_TILE_COORDINATES] = { 0, 1, 3, "Tile Coordinates", validate_tile_coordinates },
714
715 [VC4_PACKET_GEM_HANDLES] = { 1, 1, 9, "GEM handles", validate_gem_handles },
716 };
717
718 int
719 vc4_validate_cl(struct drm_device *dev,
720 void *validated,
721 void *unvalidated,
722 uint32_t len,
723 bool is_bin,
724 struct vc4_exec_info *exec)
725 {
726 uint32_t dst_offset = 0;
727 uint32_t src_offset = 0;
728
729 while (src_offset < len) {
730 void *dst_pkt = validated + dst_offset;
731 void *src_pkt = unvalidated + src_offset;
732 u8 cmd = *(uint8_t *)src_pkt;
733 const struct cmd_info *info;
734
735 if (cmd > ARRAY_SIZE(cmd_info)) {
736 DRM_ERROR("0x%08x: packet %d out of bounds\n",
737 src_offset, cmd);
738 return -EINVAL;
739 }
740
741 info = &cmd_info[cmd];
742 if (!info->name) {
743 DRM_ERROR("0x%08x: packet %d invalid\n",
744 src_offset, cmd);
745 return -EINVAL;
746 }
747
748 #if 0
749 DRM_INFO("0x%08x: packet %d (%s) size %d processing...\n",
750 src_offset, cmd, info->name, info->len);
751 #endif
752
753 if ((is_bin && !info->bin) ||
754 (!is_bin && !info->render)) {
755 DRM_ERROR("0x%08x: packet %d (%s) invalid for %s\n",
756 src_offset, cmd, info->name,
757 is_bin ? "binner" : "render");
758 return -EINVAL;
759 }
760
761 if (src_offset + info->len > len) {
762 DRM_ERROR("0x%08x: packet %d (%s) length 0x%08x "
763 "exceeds bounds (0x%08x)\n",
764 src_offset, cmd, info->name, info->len,
765 src_offset + len);
766 return -EINVAL;
767 }
768
769 if (cmd != VC4_PACKET_GEM_HANDLES)
770 memcpy(dst_pkt, src_pkt, info->len);
771
772 if (info->func && info->func(exec,
773 dst_pkt + 1,
774 src_pkt + 1)) {
775 DRM_ERROR("0x%08x: packet %d (%s) failed to "
776 "validate\n",
777 src_offset, cmd, info->name);
778 return -EINVAL;
779 }
780
781 src_offset += info->len;
782 /* GEM handle loading doesn't produce HW packets. */
783 if (cmd != VC4_PACKET_GEM_HANDLES)
784 dst_offset += info->len;
785
786 /* When the CL hits halt, it'll stop reading anything else. */
787 if (cmd == VC4_PACKET_HALT)
788 break;
789 }
790
791 if (is_bin) {
792 exec->ct0ea = exec->ct0ca + dst_offset;
793
794 if (!exec->found_start_tile_binning_packet) {
795 DRM_ERROR("Bin CL missing VC4_PACKET_START_TILE_BINNING\n");
796 return -EINVAL;
797 }
798 } else {
799 if (!exec->found_tile_rendering_mode_config_packet) {
800 DRM_ERROR("Render CL missing VC4_PACKET_TILE_RENDERING_MODE_CONFIG\n");
801 return -EINVAL;
802 }
803
804 /* Make sure that they actually consumed the semaphore
805 * increment from the bin CL. Otherwise a later submit would
806 * have render execute immediately.
807 */
808 if (!exec->found_wait_on_semaphore_packet) {
809 DRM_ERROR("Render CL missing VC4_PACKET_WAIT_ON_SEMAPHORE\n");
810 return -EINVAL;
811 }
812 exec->ct1ea = exec->ct1ca + dst_offset;
813 }
814
815 return 0;
816 }
817
818 static bool
819 reloc_tex(struct vc4_exec_info *exec,
820 void *uniform_data_u,
821 struct vc4_texture_sample_info *sample,
822 uint32_t texture_handle_index)
823
824 {
825 struct drm_gem_cma_object *tex;
826 uint32_t p0 = *(uint32_t *)(uniform_data_u + sample->p_offset[0]);
827 uint32_t p1 = *(uint32_t *)(uniform_data_u + sample->p_offset[1]);
828 uint32_t p2 = (sample->p_offset[2] != ~0 ?
829 *(uint32_t *)(uniform_data_u + sample->p_offset[2]) : 0);
830 uint32_t p3 = (sample->p_offset[3] != ~0 ?
831 *(uint32_t *)(uniform_data_u + sample->p_offset[3]) : 0);
832 uint32_t *validated_p0 = exec->uniforms_v + sample->p_offset[0];
833 uint32_t offset = p0 & ~0xfff;
834 uint32_t miplevels = (p0 & 15);
835 uint32_t width = (p1 >> 8) & 2047;
836 uint32_t height = (p1 >> 20) & 2047;
837 uint32_t cpp, tiling_format, utile_w, utile_h;
838 uint32_t i;
839 uint32_t cube_map_stride = 0;
840 enum vc4_texture_data_type type;
841
842 if (!vc4_use_bo(exec, texture_handle_index, VC4_MODE_RENDER, &tex))
843 return false;
844
845 if (sample->is_direct) {
846 uint32_t remaining_size = tex->base.size - p0;
847 if (p0 > tex->base.size - 4) {
848 DRM_ERROR("UBO offset greater than UBO size\n");
849 return false;
850 }
851 if (p1 > remaining_size - 4) {
852 DRM_ERROR("UBO clamp would allow reads outside of UBO\n");
853 return false;
854 }
855 *validated_p0 = tex->paddr + p0;
856 return true;
857 }
858
859 if (width == 0)
860 width = 2048;
861 if (height == 0)
862 height = 2048;
863
864 if (p0 & (1 << 9)) {
865 if ((p2 & (3 << 30)) == (1 << 30))
866 cube_map_stride = p2 & 0x3ffff000;
867 if ((p3 & (3 << 30)) == (1 << 30)) {
868 if (cube_map_stride) {
869 DRM_ERROR("Cube map stride set twice\n");
870 return false;
871 }
872
873 cube_map_stride = p3 & 0x3ffff000;
874 }
875 if (!cube_map_stride) {
876 DRM_ERROR("Cube map stride not set\n");
877 return false;
878 }
879 }
880
881 type = ((p0 >> 4) & 15) | ((p1 >> 31) << 4);
882
883 switch (type) {
884 case VC4_TEXTURE_TYPE_RGBA8888:
885 case VC4_TEXTURE_TYPE_RGBX8888:
886 case VC4_TEXTURE_TYPE_RGBA32R:
887 cpp = 4;
888 break;
889 case VC4_TEXTURE_TYPE_RGBA4444:
890 case VC4_TEXTURE_TYPE_RGBA5551:
891 case VC4_TEXTURE_TYPE_RGB565:
892 case VC4_TEXTURE_TYPE_LUMALPHA:
893 case VC4_TEXTURE_TYPE_S16F:
894 case VC4_TEXTURE_TYPE_S16:
895 cpp = 2;
896 break;
897 case VC4_TEXTURE_TYPE_LUMINANCE:
898 case VC4_TEXTURE_TYPE_ALPHA:
899 case VC4_TEXTURE_TYPE_S8:
900 cpp = 1;
901 break;
902 case VC4_TEXTURE_TYPE_ETC1:
903 case VC4_TEXTURE_TYPE_BW1:
904 case VC4_TEXTURE_TYPE_A4:
905 case VC4_TEXTURE_TYPE_A1:
906 case VC4_TEXTURE_TYPE_RGBA64:
907 case VC4_TEXTURE_TYPE_YUV422R:
908 default:
909 DRM_ERROR("Texture format %d unsupported\n", type);
910 return false;
911 }
912 utile_w = utile_width(cpp);
913 utile_h = utile_height(cpp);
914
915 if (type == VC4_TEXTURE_TYPE_RGBA32R) {
916 tiling_format = VC4_TILING_FORMAT_LINEAR;
917 } else {
918 if (size_is_lt(width, height, cpp))
919 tiling_format = VC4_TILING_FORMAT_LT;
920 else
921 tiling_format = VC4_TILING_FORMAT_T;
922 }
923
924 if (!check_tex_size(exec, tex, offset + cube_map_stride * 5,
925 tiling_format, width, height, cpp)) {
926 return false;
927 }
928
929 /* The mipmap levels are stored before the base of the texture. Make
930 * sure there is actually space in the BO.
931 */
932 for (i = 1; i <= miplevels; i++) {
933 uint32_t level_width = max(width >> i, 1u);
934 uint32_t level_height = max(height >> i, 1u);
935 uint32_t aligned_width, aligned_height;
936 uint32_t level_size;
937
938 /* Once the levels get small enough, they drop from T to LT. */
939 if (tiling_format == VC4_TILING_FORMAT_T &&
940 size_is_lt(level_width, level_height, cpp)) {
941 tiling_format = VC4_TILING_FORMAT_LT;
942 }
943
944 switch (tiling_format) {
945 case VC4_TILING_FORMAT_T:
946 aligned_width = roundup(level_width, utile_w * 8);
947 aligned_height = roundup(level_height, utile_h * 8);
948 break;
949 case VC4_TILING_FORMAT_LT:
950 aligned_width = roundup(level_width, utile_w);
951 aligned_height = roundup(level_height, utile_h);
952 break;
953 default:
954 aligned_width = roundup(level_width, utile_w);
955 aligned_height = level_height;
956 break;
957 }
958
959 level_size = aligned_width * cpp * aligned_height;
960
961 if (offset < level_size) {
962 DRM_ERROR("Level %d (%dx%d -> %dx%d) size %db "
963 "overflowed buffer bounds (offset %d)\n",
964 i, level_width, level_height,
965 aligned_width, aligned_height,
966 level_size, offset);
967 return false;
968 }
969
970 offset -= level_size;
971 }
972
973 *validated_p0 = tex->paddr + p0;
974
975 return true;
976 }
977
978 static int
979 validate_shader_rec(struct drm_device *dev,
980 struct vc4_exec_info *exec,
981 struct vc4_shader_state *state)
982 {
983 uint32_t *src_handles;
984 void *pkt_u, *pkt_v;
985 enum shader_rec_reloc_type {
986 RELOC_CODE,
987 RELOC_VBO,
988 };
989 struct shader_rec_reloc {
990 enum shader_rec_reloc_type type;
991 uint32_t offset;
992 };
993 static const struct shader_rec_reloc gl_relocs[] = {
994 { RELOC_CODE, 4 }, /* fs */
995 { RELOC_CODE, 16 }, /* vs */
996 { RELOC_CODE, 28 }, /* cs */
997 };
998 static const struct shader_rec_reloc nv_relocs[] = {
999 { RELOC_CODE, 4 }, /* fs */
1000 { RELOC_VBO, 12 }
1001 };
1002 const struct shader_rec_reloc *relocs;
1003 struct drm_gem_cma_object *bo[ARRAY_SIZE(gl_relocs) + 8];
1004 uint32_t nr_attributes = 0, nr_fixed_relocs, nr_relocs, packet_size;
1005 int i;
1006 struct vc4_validated_shader_info *validated_shader = NULL;
1007
1008 if (state->packet == VC4_PACKET_NV_SHADER_STATE) {
1009 relocs = nv_relocs;
1010 nr_fixed_relocs = ARRAY_SIZE(nv_relocs);
1011
1012 packet_size = 16;
1013 } else {
1014 relocs = gl_relocs;
1015 nr_fixed_relocs = ARRAY_SIZE(gl_relocs);
1016
1017 nr_attributes = state->addr & 0x7;
1018 if (nr_attributes == 0)
1019 nr_attributes = 8;
1020 packet_size = gl_shader_rec_size(state->addr);
1021 }
1022 nr_relocs = nr_fixed_relocs + nr_attributes;
1023
1024 if (nr_relocs * 4 > exec->shader_rec_size) {
1025 DRM_ERROR("overflowed shader recs reading %d handles "
1026 "from %d bytes left\n",
1027 nr_relocs, exec->shader_rec_size);
1028 return -EINVAL;
1029 }
1030 src_handles = exec->shader_rec_u;
1031 exec->shader_rec_u += nr_relocs * 4;
1032 exec->shader_rec_size -= nr_relocs * 4;
1033
1034 if (packet_size > exec->shader_rec_size) {
1035 DRM_ERROR("overflowed shader recs copying %db packet "
1036 "from %d bytes left\n",
1037 packet_size, exec->shader_rec_size);
1038 return -EINVAL;
1039 }
1040 pkt_u = exec->shader_rec_u;
1041 pkt_v = exec->shader_rec_v;
1042 memcpy(pkt_v, pkt_u, packet_size);
1043 exec->shader_rec_u += packet_size;
1044 /* Shader recs have to be aligned to 16 bytes (due to the attribute
1045 * flags being in the low bytes), so round the next validated shader
1046 * rec address up. This should be safe, since we've got so many
1047 * relocations in a shader rec packet.
1048 */
1049 BUG_ON(roundup(packet_size, 16) - packet_size > nr_relocs * 4);
1050 exec->shader_rec_v += roundup(packet_size, 16);
1051 exec->shader_rec_size -= packet_size;
1052
1053 for (i = 0; i < nr_relocs; i++) {
1054 enum vc4_bo_mode mode;
1055
1056 if (i < nr_fixed_relocs && relocs[i].type == RELOC_CODE)
1057 mode = VC4_MODE_SHADER;
1058 else
1059 mode = VC4_MODE_RENDER;
1060
1061 if (!vc4_use_bo(exec, src_handles[i], mode, &bo[i])) {
1062 return false;
1063 }
1064 }
1065
1066 for (i = 0; i < nr_fixed_relocs; i++) {
1067 uint32_t o = relocs[i].offset;
1068 uint32_t src_offset = *(uint32_t *)(pkt_u + o);
1069 uint32_t *texture_handles_u;
1070 void *uniform_data_u;
1071 uint32_t tex;
1072
1073 *(uint32_t *)(pkt_v + o) = bo[i]->paddr + src_offset;
1074
1075 switch (relocs[i].type) {
1076 case RELOC_CODE:
1077 if (src_offset != 0) {
1078 DRM_ERROR("Shaders must be at offset 0 of "
1079 "the BO.\n");
1080 goto fail;
1081 }
1082
1083 kfree(validated_shader);
1084 validated_shader = vc4_validate_shader(bo[i]);
1085 if (!validated_shader)
1086 goto fail;
1087
1088 if (validated_shader->uniforms_src_size >
1089 exec->uniforms_size) {
1090 DRM_ERROR("Uniforms src buffer overflow\n");
1091 goto fail;
1092 }
1093
1094 texture_handles_u = exec->uniforms_u;
1095 uniform_data_u = (texture_handles_u +
1096 validated_shader->num_texture_samples);
1097
1098 memcpy(exec->uniforms_v, uniform_data_u,
1099 validated_shader->uniforms_size);
1100
1101 for (tex = 0;
1102 tex < validated_shader->num_texture_samples;
1103 tex++) {
1104 if (!reloc_tex(exec,
1105 uniform_data_u,
1106 &validated_shader->texture_samples[tex],
1107 texture_handles_u[tex])) {
1108 goto fail;
1109 }
1110 }
1111
1112 *(uint32_t *)(pkt_v + o + 4) = exec->uniforms_p;
1113
1114 exec->uniforms_u += validated_shader->uniforms_src_size;
1115 exec->uniforms_v += validated_shader->uniforms_size;
1116 exec->uniforms_p += validated_shader->uniforms_size;
1117
1118 break;
1119
1120 case RELOC_VBO:
1121 break;
1122 }
1123 }
1124
1125 for (i = 0; i < nr_attributes; i++) {
1126 struct drm_gem_cma_object *vbo = bo[nr_fixed_relocs + i];
1127 uint32_t o = 36 + i * 8;
1128 uint32_t offset = *(uint32_t *)(pkt_u + o + 0);
1129 uint32_t attr_size = *(uint8_t *)(pkt_u + o + 4) + 1;
1130 uint32_t stride = *(uint8_t *)(pkt_u + o + 5);
1131 uint32_t max_index;
1132
1133 if (state->addr & 0x8)
1134 stride |= (*(uint32_t *)(pkt_u + 100 + i * 4)) & ~0xff;
1135
1136 if (vbo->base.size < offset ||
1137 vbo->base.size - offset < attr_size) {
1138 DRM_ERROR("BO offset overflow (%d + %d > %d)\n",
1139 offset, attr_size, vbo->base.size);
1140 return -EINVAL;
1141 }
1142
1143 if (stride != 0) {
1144 max_index = ((vbo->base.size - offset - attr_size) /
1145 stride);
1146 if (state->max_index > max_index) {
1147 DRM_ERROR("primitives use index %d out of supplied %d\n",
1148 state->max_index, max_index);
1149 return -EINVAL;
1150 }
1151 }
1152
1153 *(uint32_t *)(pkt_v + o) = vbo->paddr + offset;
1154 }
1155
1156 kfree(validated_shader);
1157
1158 return 0;
1159
1160 fail:
1161 kfree(validated_shader);
1162 return -EINVAL;
1163 }
1164
1165 int
1166 vc4_validate_shader_recs(struct drm_device *dev,
1167 struct vc4_exec_info *exec)
1168 {
1169 uint32_t i;
1170 int ret = 0;
1171
1172 for (i = 0; i < exec->shader_state_count; i++) {
1173 ret = validate_shader_rec(dev, exec, &exec->shader_state[i]);
1174 if (ret)
1175 return ret;
1176 }
1177
1178 return ret;
1179 }