From ab59dd285c4ccdec92adadfcb869fc83edd96e86 Mon Sep 17 00:00:00 2001 From: Eric Anholt Date: Wed, 20 Jul 2005 21:17:47 +0000 Subject: Add latest r300 support from r300.sf.net CVS. Patch submitted by volodya, with BSD fix from jkim and the r300_reg.h license from Nicolai Haehnle. Big thanks to everyone involved! --- shared-core/r300_cmdbuf.c | 803 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 803 insertions(+) create mode 100644 shared-core/r300_cmdbuf.c (limited to 'shared-core/r300_cmdbuf.c') diff --git a/shared-core/r300_cmdbuf.c b/shared-core/r300_cmdbuf.c new file mode 100644 index 00000000..af5b77f0 --- /dev/null +++ b/shared-core/r300_cmdbuf.c @@ -0,0 +1,803 @@ +/* r300_cmdbuf.c -- Command buffer emission for R300 -*- linux-c -*- + * + * Copyright (C) The Weather Channel, Inc. 2002. + * Copyright (C) 2004 Nicolai Haehnle. + * All Rights Reserved. + * + * The Weather Channel (TM) funded Tungsten Graphics to develop the + * initial release of the Radeon 8500 driver under the XFree86 license. + * This notice must be preserved. + * + * Permission is hereby granted, free of charge, to any person obtaining a + * copy of this software and associated documentation files (the "Software"), + * to deal in the Software without restriction, including without limitation + * the rights to use, copy, modify, merge, publish, distribute, sublicense, + * and/or sell copies of the Software, and to permit persons to whom the + * Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice (including the next + * paragraph) shall be included in all copies or substantial portions of the + * Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * PRECISION INSIGHT AND/OR ITS SUPPLIERS BE LIABLE FOR ANY CLAIM, DAMAGES OR + * OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, + * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER + * DEALINGS IN THE SOFTWARE. + * + * Authors: + * Nicolai Haehnle + */ + +#include "drmP.h" +#include "drm.h" +#include "radeon_drm.h" +#include "radeon_drv.h" +#include "r300_reg.h" + + +#define R300_SIMULTANEOUS_CLIPRECTS 4 + +/* Values for R300_RE_CLIPRECT_CNTL depending on the number of cliprects + */ +static const int r300_cliprect_cntl[4] = { + 0xAAAA, + 0xEEEE, + 0xFEFE, + 0xFFFE +}; + + +/** + * Emit up to R300_SIMULTANEOUS_CLIPRECTS cliprects from the given command + * buffer, starting with index n. + */ +static int r300_emit_cliprects(drm_radeon_private_t* dev_priv, + drm_radeon_cmd_buffer_t* cmdbuf, + int n) +{ + drm_clip_rect_t box; + int nr; + int i; + RING_LOCALS; + + nr = cmdbuf->nbox - n; + if (nr > R300_SIMULTANEOUS_CLIPRECTS) + nr = R300_SIMULTANEOUS_CLIPRECTS; + + DRM_DEBUG("%i cliprects\n", nr); + + if (nr) { + BEGIN_RING(6 + nr*2); + OUT_RING( CP_PACKET0( R300_RE_CLIPRECT_TL_0, nr*2 - 1 ) ); + + for(i = 0; i < nr; ++i) { + if (DRM_COPY_FROM_USER_UNCHECKED(&box, &cmdbuf->boxes[n+i], sizeof(box))) { + DRM_ERROR("copy cliprect faulted\n"); + return DRM_ERR(EFAULT); + } + + box.x1 = (box.x1 + R300_CLIPRECT_OFFSET) & R300_CLIPRECT_MASK; + box.y1 = (box.y1 + R300_CLIPRECT_OFFSET) & R300_CLIPRECT_MASK; + box.x2 = (box.x2 + R300_CLIPRECT_OFFSET) & R300_CLIPRECT_MASK; + box.y2 = (box.y2 + R300_CLIPRECT_OFFSET) & R300_CLIPRECT_MASK; + + OUT_RING((box.x1 << R300_CLIPRECT_X_SHIFT) | + (box.y1 << R300_CLIPRECT_Y_SHIFT)); + OUT_RING((box.x2 << R300_CLIPRECT_X_SHIFT) | + (box.y2 << R300_CLIPRECT_Y_SHIFT)); + } + + OUT_RING_REG( R300_RE_CLIPRECT_CNTL, r300_cliprect_cntl[nr-1] ); + + /* TODO/SECURITY: Force scissors to a safe value, otherwise the + * client might be able to trample over memory. + * The impact should be very limited, but I'd rather be safe than + * sorry. + */ + OUT_RING( CP_PACKET0( R300_RE_SCISSORS_TL, 1 ) ); + OUT_RING( 0 ); + OUT_RING( R300_SCISSORS_X_MASK | R300_SCISSORS_Y_MASK ); + ADVANCE_RING(); + } else { + /* Why we allow zero cliprect rendering: + * There are some commands in a command buffer that must be submitted + * even when there are no cliprects, e.g. DMA buffer discard + * or state setting (though state setting could be avoided by + * simulating a loss of context). + * + * Now since the cmdbuf interface is so chaotic right now (and is + * bound to remain that way for a bit until things settle down), + * it is basically impossible to filter out the commands that are + * necessary and those that aren't. + * + * So I choose the safe way and don't do any filtering at all; + * instead, I simply set up the engine so that all rendering + * can't produce any fragments. + */ + BEGIN_RING(2); + OUT_RING_REG( R300_RE_CLIPRECT_CNTL, 0 ); + ADVANCE_RING(); + } + + return 0; +} + +u8 r300_reg_flags[0x10000>>2]; + + +void r300_init_reg_flags(void) +{ + int i; + memset(r300_reg_flags, 0, 0x10000>>2); + #define ADD_RANGE_MARK(reg, count,mark) \ + for(i=((reg)>>2);i<((reg)>>2)+(count);i++)\ + r300_reg_flags[i]|=(mark); + + #define MARK_SAFE 1 + #define MARK_CHECK_OFFSET 2 + + #define ADD_RANGE(reg, count) ADD_RANGE_MARK(reg, count, MARK_SAFE) + + /* these match cmducs() command in r300_driver/r300/r300_cmdbuf.c */ + ADD_RANGE(R300_SE_VPORT_XSCALE, 6); + ADD_RANGE(0x2080, 1); + ADD_RANGE(R300_SE_VTE_CNTL, 2); + ADD_RANGE(0x2134, 2); + ADD_RANGE(0x2140, 1); + ADD_RANGE(R300_VAP_INPUT_CNTL_0, 2); + ADD_RANGE(0x21DC, 1); + ADD_RANGE(0x221C, 1); + ADD_RANGE(0x2220, 4); + ADD_RANGE(0x2288, 1); + ADD_RANGE(R300_VAP_OUTPUT_VTX_FMT_0, 2); + ADD_RANGE(R300_VAP_PVS_CNTL_1, 3); + ADD_RANGE(R300_GB_ENABLE, 1); + ADD_RANGE(R300_GB_MSPOS0, 5); + ADD_RANGE(R300_TX_ENABLE, 1); + ADD_RANGE(0x4200, 4); + ADD_RANGE(0x4214, 1); + ADD_RANGE(R300_RE_POINTSIZE, 1); + ADD_RANGE(0x4230, 3); + ADD_RANGE(R300_RE_LINE_CNT, 1); + ADD_RANGE(0x4238, 1); + ADD_RANGE(0x4260, 3); + ADD_RANGE(0x4274, 4); + ADD_RANGE(0x4288, 5); + ADD_RANGE(0x42A0, 1); + ADD_RANGE(R300_RE_ZBIAS_T_FACTOR, 4); + ADD_RANGE(0x42B4, 1); + ADD_RANGE(R300_RE_CULL_CNTL, 1); + ADD_RANGE(0x42C0, 2); + ADD_RANGE(R300_RS_CNTL_0, 2); + ADD_RANGE(R300_RS_INTERP_0, 8); + ADD_RANGE(R300_RS_ROUTE_0, 8); + ADD_RANGE(0x43A4, 2); + ADD_RANGE(0x43E8, 1); + ADD_RANGE(R300_PFS_CNTL_0, 3); + ADD_RANGE(R300_PFS_NODE_0, 4); + ADD_RANGE(R300_PFS_TEXI_0, 64); + ADD_RANGE(0x46A4, 5); + ADD_RANGE(R300_PFS_INSTR0_0, 64); + ADD_RANGE(R300_PFS_INSTR1_0, 64); + ADD_RANGE(R300_PFS_INSTR2_0, 64); + ADD_RANGE(R300_PFS_INSTR3_0, 64); + ADD_RANGE(0x4BC0, 1); + ADD_RANGE(0x4BC8, 3); + ADD_RANGE(R300_PP_ALPHA_TEST, 2); + ADD_RANGE(0x4BD8, 1); + ADD_RANGE(R300_PFS_PARAM_0_X, 64); + ADD_RANGE(0x4E00, 1); + ADD_RANGE(R300_RB3D_CBLEND, 2); + ADD_RANGE(R300_RB3D_COLORMASK, 1); + ADD_RANGE(0x4E10, 3); + ADD_RANGE_MARK(R300_RB3D_COLOROFFSET0, 1, MARK_CHECK_OFFSET); /* check offset */ + ADD_RANGE(R300_RB3D_COLORPITCH0, 1); + ADD_RANGE(0x4E50, 9); + ADD_RANGE(0x4E88, 1); + ADD_RANGE(0x4EA0, 2); + ADD_RANGE(R300_RB3D_ZSTENCIL_CNTL_0, 3); + ADD_RANGE(0x4F10, 4); + ADD_RANGE_MARK(R300_RB3D_DEPTHOFFSET, 1, MARK_CHECK_OFFSET); /* check offset */ + ADD_RANGE(R300_RB3D_DEPTHPITCH, 1); + ADD_RANGE(0x4F28, 1); + ADD_RANGE(0x4F30, 2); + ADD_RANGE(0x4F44, 1); + ADD_RANGE(0x4F54, 1); + + ADD_RANGE(R300_TX_FILTER_0, 16); + ADD_RANGE(R300_TX_UNK1_0, 16); + ADD_RANGE(R300_TX_SIZE_0, 16); + ADD_RANGE(R300_TX_FORMAT_0, 16); + /* Texture offset is dangerous and needs more checking */ + ADD_RANGE_MARK(R300_TX_OFFSET_0, 16, MARK_CHECK_OFFSET); + ADD_RANGE(R300_TX_UNK4_0, 16); + ADD_RANGE(R300_TX_BORDER_COLOR_0, 16); + + /* Sporadic registers used as primitives are emitted */ + ADD_RANGE(0x4f18, 1); + ADD_RANGE(R300_RB3D_DSTCACHE_CTLSTAT, 1); + ADD_RANGE(R300_VAP_INPUT_ROUTE_0_0, 8); + ADD_RANGE(R300_VAP_INPUT_ROUTE_1_0, 8); + +} + +static __inline__ int r300_check_range(unsigned reg, int count) +{ + int i; + if(reg & ~0xffff)return -1; + for(i=(reg>>2);i<(reg>>2)+count;i++) + if(r300_reg_flags[i]!=MARK_SAFE)return 1; + return 0; +} + + /* we expect offsets passed to the framebuffer to be either within video memory or + within AGP space */ +static __inline__ int r300_check_offset(drm_radeon_private_t* dev_priv, u32 offset) +{ + /* we realy want to check against end of video aperture + but this value is not being kept. + This code is correct for now (does the same thing as the + code that sets MC_FB_LOCATION) in radeon_cp.c */ + if((offset>=dev_priv->fb_location) && + (offsetgart_vm_start))return 0; + if((offset>=dev_priv->gart_vm_start) && + (offsetgart_vm_start+dev_priv->gart_size))return 0; + return 1; +} + +static __inline__ int r300_emit_carefully_checked_packet0(drm_radeon_private_t* dev_priv, + drm_radeon_cmd_buffer_t* cmdbuf, + drm_r300_cmd_header_t header) +{ + int reg; + int sz; + int i; + int values[64]; + RING_LOCALS; + + sz = header.packet0.count; + reg = (header.packet0.reghi << 8) | header.packet0.reglo; + + if((sz>64)||(sz<0)){ + DRM_ERROR("Cannot emit more than 64 values at a time (reg=%04x sz=%d)\n", reg, sz); + return DRM_ERR(EINVAL); + } + for(i=0;ibuf)[i]; + switch(r300_reg_flags[(reg>>2)+i]){ + case MARK_SAFE: + break; + case MARK_CHECK_OFFSET: + if(r300_check_offset(dev_priv, (u32)values[i])){ + DRM_ERROR("Offset failed range check (reg=%04x sz=%d)\n", reg, sz); + return DRM_ERR(EINVAL); + } + break; + default: + DRM_ERROR("Register %04x failed check as flag=%02x\n", reg+i*4, r300_reg_flags[(reg>>2)+i]); + return DRM_ERR(EINVAL); + } + } + + BEGIN_RING(1+sz); + OUT_RING( CP_PACKET0( reg, sz-1 ) ); + OUT_RING_TABLE( values, sz ); + ADVANCE_RING(); + + cmdbuf->buf += sz*4; + cmdbuf->bufsz -= sz*4; + + return 0; +} + +/** + * Emits a packet0 setting arbitrary registers. + * Called by r300_do_cp_cmdbuf. + * + * Note that checks are performed on contents and addresses of the registers + */ +static __inline__ int r300_emit_packet0(drm_radeon_private_t* dev_priv, + drm_radeon_cmd_buffer_t* cmdbuf, + drm_r300_cmd_header_t header) +{ + int reg; + int sz; + RING_LOCALS; + + sz = header.packet0.count; + reg = (header.packet0.reghi << 8) | header.packet0.reglo; + + if (!sz) + return 0; + + if (sz*4 > cmdbuf->bufsz) + return DRM_ERR(EINVAL); + + if (reg+sz*4 >= 0x10000){ + DRM_ERROR("No such registers in hardware reg=%04x sz=%d\n", reg, sz); + return DRM_ERR(EINVAL); + } + + if(r300_check_range(reg, sz)){ + /* go and check everything */ + return r300_emit_carefully_checked_packet0(dev_priv, cmdbuf, header); + } + /* the rest of the data is safe to emit, whatever the values the user passed */ + + BEGIN_RING(1+sz); + OUT_RING( CP_PACKET0( reg, sz-1 ) ); + OUT_RING_TABLE( (int __user*)cmdbuf->buf, sz ); + ADVANCE_RING(); + + cmdbuf->buf += sz*4; + cmdbuf->bufsz -= sz*4; + + return 0; +} + + +/** + * Uploads user-supplied vertex program instructions or parameters onto + * the graphics card. + * Called by r300_do_cp_cmdbuf. + */ +static __inline__ int r300_emit_vpu(drm_radeon_private_t* dev_priv, + drm_radeon_cmd_buffer_t* cmdbuf, + drm_r300_cmd_header_t header) +{ + int sz; + int addr; + RING_LOCALS; + + sz = header.vpu.count; + addr = (header.vpu.adrhi << 8) | header.vpu.adrlo; + + if (!sz) + return 0; + if (sz*16 > cmdbuf->bufsz) + return DRM_ERR(EINVAL); + + BEGIN_RING(5+sz*4); + /* Wait for VAP to come to senses.. */ + /* there is no need to emit it multiple times, (only once before VAP is programmed, + but this optimization is for later */ + OUT_RING_REG( R300_VAP_PVS_WAITIDLE, 0 ); + OUT_RING_REG( R300_VAP_PVS_UPLOAD_ADDRESS, addr ); + OUT_RING( CP_PACKET0_TABLE( R300_VAP_PVS_UPLOAD_DATA, sz*4 - 1 ) ); + OUT_RING_TABLE( (int __user*)cmdbuf->buf, sz*4 ); + + ADVANCE_RING(); + + cmdbuf->buf += sz*16; + cmdbuf->bufsz -= sz*16; + + return 0; +} + + +/** + * Emit a clear packet from userspace. + * Called by r300_emit_packet3. + */ +static __inline__ int r300_emit_clear(drm_radeon_private_t* dev_priv, + drm_radeon_cmd_buffer_t* cmdbuf) +{ + RING_LOCALS; + + if (8*4 > cmdbuf->bufsz) + return DRM_ERR(EINVAL); + + BEGIN_RING(10); + OUT_RING( CP_PACKET3( R200_3D_DRAW_IMMD_2, 8 ) ); + OUT_RING( R300_PRIM_TYPE_POINT|R300_PRIM_WALK_RING| + (1<buf, 8 ); + ADVANCE_RING(); + + cmdbuf->buf += 8*4; + cmdbuf->bufsz -= 8*4; + + return 0; +} + +static __inline__ int r300_emit_3d_load_vbpntr(drm_radeon_private_t* dev_priv, + drm_radeon_cmd_buffer_t* cmdbuf, + u32 header) +{ + int count, i,k; + #define MAX_ARRAY_PACKET 64 + u32 payload[MAX_ARRAY_PACKET]; + u32 narrays; + RING_LOCALS; + + count=(header>>16) & 0x3fff; + + if((count+1)>MAX_ARRAY_PACKET){ + DRM_ERROR("Too large payload in 3D_LOAD_VBPNTR (count=%d)\n", count); + return DRM_ERR(EINVAL); + } + memset(payload, 0, MAX_ARRAY_PACKET*4); + memcpy(payload, cmdbuf->buf+4, (count+1)*4); + + /* carefully check packet contents */ + + narrays=payload[0]; + k=0; + i=1; + while((kbuf += (count+2)*4; + cmdbuf->bufsz -= (count+2)*4; + + return 0; +} + +static __inline__ int r300_emit_raw_packet3(drm_radeon_private_t* dev_priv, + drm_radeon_cmd_buffer_t* cmdbuf) +{ + u32 header; + int count; + RING_LOCALS; + + if (4 > cmdbuf->bufsz) + return DRM_ERR(EINVAL); + + /* Fixme !! This simply emits a packet without much checking. + We need to be smarter. */ + + /* obtain first word - actual packet3 header */ + header = *(u32 __user*)cmdbuf->buf; + + /* Is it packet 3 ? */ + if( (header>>30)!=0x3 ) { + DRM_ERROR("Not a packet3 header (0x%08x)\n", header); + return DRM_ERR(EINVAL); + } + + count=(header>>16) & 0x3fff; + + /* Check again now that we know how much data to expect */ + if ((count+2)*4 > cmdbuf->bufsz){ + DRM_ERROR("Expected packet3 of length %d but have only %d bytes left\n", + (count+2)*4, cmdbuf->bufsz); + return DRM_ERR(EINVAL); + } + + /* Is it a packet type we know about ? */ + switch(header & 0xff00){ + case RADEON_3D_LOAD_VBPNTR: /* load vertex array pointers */ + return r300_emit_3d_load_vbpntr(dev_priv, cmdbuf, header); + + case RADEON_CP_3D_DRAW_IMMD_2: /* triggers drawing using in-packet vertex data */ + case RADEON_CP_3D_DRAW_VBUF_2: /* triggers drawing of vertex buffers setup elsewhere */ + case RADEON_CP_3D_DRAW_INDX_2: /* triggers drawing using indices to vertex buffer */ + case RADEON_CP_INDX_BUFFER: /* DRAW_INDX_2 without INDX_BUFFER seems to lock up the gpu */ + case RADEON_WAIT_FOR_IDLE: + case RADEON_CP_NOP: + /* these packets are safe */ + break; + default: + DRM_ERROR("Unknown packet3 header (0x%08x)\n", header); + return DRM_ERR(EINVAL); + } + + + BEGIN_RING(count+2); + OUT_RING(header); + OUT_RING_TABLE( (int __user*)(cmdbuf->buf+4), count+1); + ADVANCE_RING(); + + cmdbuf->buf += (count+2)*4; + cmdbuf->bufsz -= (count+2)*4; + + return 0; +} + + +/** + * Emit a rendering packet3 from userspace. + * Called by r300_do_cp_cmdbuf. + */ +static __inline__ int r300_emit_packet3(drm_radeon_private_t* dev_priv, + drm_radeon_cmd_buffer_t* cmdbuf, + drm_r300_cmd_header_t header) +{ + int n; + int ret; + char __user* orig_buf = cmdbuf->buf; + int orig_bufsz = cmdbuf->bufsz; + + /* This is a do-while-loop so that we run the interior at least once, + * even if cmdbuf->nbox is 0. Compare r300_emit_cliprects for rationale. + */ + n = 0; + do { + if (cmdbuf->nbox > R300_SIMULTANEOUS_CLIPRECTS) { + ret = r300_emit_cliprects(dev_priv, cmdbuf, n); + if (ret) + return ret; + + cmdbuf->buf = orig_buf; + cmdbuf->bufsz = orig_bufsz; + } + + switch(header.packet3.packet) { + case R300_CMD_PACKET3_CLEAR: + DRM_DEBUG("R300_CMD_PACKET3_CLEAR\n"); + ret = r300_emit_clear(dev_priv, cmdbuf); + if (ret) { + DRM_ERROR("r300_emit_clear failed\n"); + return ret; + } + break; + + case R300_CMD_PACKET3_RAW: + DRM_DEBUG("R300_CMD_PACKET3_RAW\n"); + ret = r300_emit_raw_packet3(dev_priv, cmdbuf); + if (ret) { + DRM_ERROR("r300_emit_raw_packet3 failed\n"); + return ret; + } + break; + + default: + DRM_ERROR("bad packet3 type %i at %p\n", + header.packet3.packet, + cmdbuf->buf - sizeof(header)); + return DRM_ERR(EINVAL); + } + + n += R300_SIMULTANEOUS_CLIPRECTS; + } while(n < cmdbuf->nbox); + + return 0; +} + +/* Some of the R300 chips seem to be extremely touchy about the two registers + * that are configured in r300_pacify. + * Among the worst offenders seems to be the R300 ND (0x4E44): When userspace + * sends a command buffer that contains only state setting commands and a + * vertex program/parameter upload sequence, this will eventually lead to a + * lockup, unless the sequence is bracketed by calls to r300_pacify. + * So we should take great care to *always* call r300_pacify before + * *anything* 3D related, and again afterwards. This is what the + * call bracket in r300_do_cp_cmdbuf is for. + */ + +/** + * Emit the sequence to pacify R300. + */ +static __inline__ void r300_pacify(drm_radeon_private_t* dev_priv) +{ + RING_LOCALS; + + BEGIN_RING(6); + OUT_RING( CP_PACKET0( R300_RB3D_DSTCACHE_CTLSTAT, 0 ) ); + OUT_RING( 0xa ); + OUT_RING( CP_PACKET0( 0x4f18, 0 ) ); + OUT_RING( 0x3 ); + OUT_RING( CP_PACKET3( RADEON_CP_NOP, 0 ) ); + OUT_RING( 0x0 ); + ADVANCE_RING(); +} + + +/** + * Called by r300_do_cp_cmdbuf to update the internal buffer age and state. + * The actual age emit is done by r300_do_cp_cmdbuf, which is why you must + * be careful about how this function is called. + */ +static void r300_discard_buffer(drm_device_t * dev, drm_buf_t * buf) +{ + drm_radeon_private_t *dev_priv = dev->dev_private; + drm_radeon_buf_priv_t *buf_priv = buf->dev_private; + + buf_priv->age = dev_priv->sarea_priv->last_dispatch+1; + buf->pending = 1; + buf->used = 0; +} + + +/** + * Parses and validates a user-supplied command buffer and emits appropriate + * commands on the DMA ring buffer. + * Called by the ioctl handler function radeon_cp_cmdbuf. + */ +int r300_do_cp_cmdbuf(drm_device_t* dev, + DRMFILE filp, + drm_file_t* filp_priv, + drm_radeon_cmd_buffer_t* cmdbuf) +{ + drm_radeon_private_t *dev_priv = dev->dev_private; + drm_device_dma_t *dma = dev->dma; + drm_buf_t *buf = NULL; + int emit_dispatch_age = 0; + int ret = 0; + + DRM_DEBUG("\n"); + + /* See the comment above r300_emit_begin3d for why this call must be here, + * and what the cleanup gotos are for. */ + r300_pacify(dev_priv); + + if (cmdbuf->nbox <= R300_SIMULTANEOUS_CLIPRECTS) { + ret = r300_emit_cliprects(dev_priv, cmdbuf, 0); + if (ret) + goto cleanup; + } + + while(cmdbuf->bufsz >= sizeof(drm_r300_cmd_header_t)) { + int idx; + drm_r300_cmd_header_t header; + + header.u = *(unsigned int *)cmdbuf->buf; + + cmdbuf->buf += sizeof(header); + cmdbuf->bufsz -= sizeof(header); + + switch(header.header.cmd_type) { + case R300_CMD_PACKET0: + DRM_DEBUG("R300_CMD_PACKET0\n"); + ret = r300_emit_packet0(dev_priv, cmdbuf, header); + if (ret) { + DRM_ERROR("r300_emit_packet0 failed\n"); + goto cleanup; + } + break; + + case R300_CMD_VPU: + DRM_DEBUG("R300_CMD_VPU\n"); + ret = r300_emit_vpu(dev_priv, cmdbuf, header); + if (ret) { + DRM_ERROR("r300_emit_vpu failed\n"); + goto cleanup; + } + break; + + case R300_CMD_PACKET3: + DRM_DEBUG("R300_CMD_PACKET3\n"); + ret = r300_emit_packet3(dev_priv, cmdbuf, header); + if (ret) { + DRM_ERROR("r300_emit_packet3 failed\n"); + goto cleanup; + } + break; + + case R300_CMD_END3D: + DRM_DEBUG("R300_CMD_END3D\n"); + /* TODO: + Ideally userspace driver should not need to issue this call, + i.e. the drm driver should issue it automatically and prevent + lockups. + + In practice, we do not understand why this call is needed and what + it does (except for some vague guesses that it has to do with cache + coherence) and so the user space driver does it. + + Once we are sure which uses prevent lockups the code could be moved + into the kernel and the userspace driver will not + need to use this command. + + Note that issuing this command does not hurt anything + except, possibly, performance */ + r300_pacify(dev_priv); + break; + + case R300_CMD_CP_DELAY: + /* simple enough, we can do it here */ + DRM_DEBUG("R300_CMD_CP_DELAY\n"); + { + int i; + RING_LOCALS; + + BEGIN_RING(header.delay.count); + for(i=0;i= dma->buf_count) { + DRM_ERROR("buffer index %d (of %d max)\n", + idx, dma->buf_count - 1); + ret = DRM_ERR(EINVAL); + goto cleanup; + } + + buf = dma->buflist[idx]; + if (buf->filp != filp || buf->pending) { + DRM_ERROR("bad buffer %p %p %d\n", + buf->filp, filp, buf->pending); + ret = DRM_ERR(EINVAL); + goto cleanup; + } + + emit_dispatch_age = 1; + r300_discard_buffer(dev, buf); + break; + + case R300_CMD_WAIT: + /* simple enough, we can do it here */ + DRM_DEBUG("R300_CMD_WAIT\n"); + if(header.wait.flags==0)break; /* nothing to do */ + + { + RING_LOCALS; + + BEGIN_RING(2); + OUT_RING( CP_PACKET0( RADEON_WAIT_UNTIL, 0 ) ); + OUT_RING( (header.wait.flags & 0xf)<<14 ); + ADVANCE_RING(); + } + break; + + default: + DRM_ERROR("bad cmd_type %i at %p\n", + header.header.cmd_type, + cmdbuf->buf - sizeof(header)); + ret = DRM_ERR(EINVAL); + goto cleanup; + } + } + + DRM_DEBUG("END\n"); + +cleanup: + r300_pacify(dev_priv); + + /* We emit the vertex buffer age here, outside the pacifier "brackets" + * for two reasons: + * (1) This may coalesce multiple age emissions into a single one and + * (2) more importantly, some chips lock up hard when scratch registers + * are written inside the pacifier bracket. + */ + if (emit_dispatch_age) { + RING_LOCALS; + + dev_priv->sarea_priv->last_dispatch++; + + /* Emit the vertex buffer age */ + BEGIN_RING(2); + RADEON_DISPATCH_AGE(dev_priv->sarea_priv->last_dispatch); + ADVANCE_RING(); + } + + COMMIT_RING(); + + return ret; +} + -- cgit v1.2.3