From: Daniel Kurtz <djkurtz@xxxxxxxxxxxx> A framebuffer gets committed to FIMD's default window like this: exynos_drm_crtc_update() exynos_plane_commit() fimd_win_commit() fimd_win_commit() programs BUF_START[0]. At each vblank, FIMD hardware copies the value from BUF_START to BUF_START_S (BUF_START's shadow register), starts scanning out from BUF_START_S, and asserts its irq. This irq is handled by fimd_irq_handler(), which calls exynos_drm_crtc_finish_pageflip() to free the old buffer that FIMD just finished scanning out, and potentially commit the next pending flip. There is a race, however, if fimd_win_commit() programs BUF_START(0) between the actual vblank irq, and its corresponding fimd_irq_handler(). => FIMD vblank: BUF_START_S[0] := BUF_START[0], and irq asserted | => fimd_win_commit(0) writes new BUF_START[0] | exynos_drm_crtc_try_do_flip() marks exynos_fb as prepared => fimd_irq_handler() exynos_drm_crtc_finish_pageflip() sees prepared exynos_fb, and unmaps "old" fb ==> but, since BUF_START_S[0] still points to that "old" fb... ==> FIMD iommu fault This patch ensures that fimd_irq_handler() only calls exynos_drm_crtc_finish_pageflip() if any previously scheduled flip has really completed. This works because exynos_drm_crtc's flip fifo ensures that fimd_win_commit() is never called more than once per exynos_drm_crtc_finish_pageflip(). Signed-off-by: Daniel Kurtz <djkurtz@xxxxxxxxxxxx> Reviewed-by: Sean Paul <seanpaul@xxxxxxxxxxxx> Signed-off-by: Gustavo Padovan <gustavo.padovan@xxxxxxxxxxxxxxx> --- drivers/gpu/drm/exynos/exynos_drm_fimd.c | 26 ++++++++++++++++++++++---- include/video/samsung_fimd.h | 1 + 2 files changed, 23 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/exynos/exynos_drm_fimd.c b/drivers/gpu/drm/exynos/exynos_drm_fimd.c index e5810d1..b379182 100644 --- a/drivers/gpu/drm/exynos/exynos_drm_fimd.c +++ b/drivers/gpu/drm/exynos/exynos_drm_fimd.c @@ -55,6 +55,7 @@ #define VIDOSD_D(win) (VIDOSD_BASE + 0x0C + (win) * 16) #define VIDWx_BUF_START(win, buf) (VIDW_BUF_START(buf) + (win) * 8) +#define VIDWx_BUF_START_S(win, buf) (VIDW_BUF_START_S(buf) + (win) * 8) #define VIDWx_BUF_END(win, buf) (VIDW_BUF_END(buf) + (win) * 8) #define VIDWx_BUF_SIZE(win, buf) (VIDW_BUF_SIZE(buf) + (win) * 4) @@ -1039,6 +1040,7 @@ static irqreturn_t fimd_irq_handler(int irq, void *dev_id) { struct fimd_context *ctx = (struct fimd_context *)dev_id; u32 val, clear_bit; + u32 start, start_s; val = readl(ctx->regs + VIDINTCON1); @@ -1050,15 +1052,31 @@ static irqreturn_t fimd_irq_handler(int irq, void *dev_id) if (ctx->pipe < 0 || !ctx->drm_dev) goto out; - if (ctx->i80_if) { + if (!ctx->i80_if) + drm_handle_vblank(ctx->drm_dev, ctx->pipe); + + /* + * Ensure finish_pageflip is called iff a pending flip has completed. + * This works around a race between a page_flip request and the latency + * between vblank interrupt and this irq_handler: + * => FIMD vblank: BUF_START_S[0] := BUF_START[0], and asserts irq + * | => fimd_win_commit(0) writes new BUF_START[0] + * | exynos_drm_crtc_try_do_flip() marks exynos_fb as prepared + * => fimd_irq_handler() + * exynos_drm_crtc_finish_pageflip() sees prepared exynos_fb, + * and unmaps "old" fb + * ==> but, since BUF_START_S[0] still points to that "old" fb... + * ==> FIMD iommu fault + */ + start = readl(ctx->regs + VIDWx_BUF_START(0, 0)); + start_s = readl(ctx->regs + VIDWx_BUF_START_S(0, 0)); + if (start == start_s) exynos_drm_crtc_finish_pageflip(ctx->drm_dev, ctx->pipe); + if (ctx->i80_if) { /* Exits triggering mode */ atomic_set(&ctx->triggering, 0); } else { - drm_handle_vblank(ctx->drm_dev, ctx->pipe); - exynos_drm_crtc_finish_pageflip(ctx->drm_dev, ctx->pipe); - /* set wait vsync event to zero and wake up queue. */ if (atomic_read(&ctx->wait_vsync_event)) { atomic_set(&ctx->wait_vsync_event, 0); diff --git a/include/video/samsung_fimd.h b/include/video/samsung_fimd.h index a20e4a3..f81d081 100644 --- a/include/video/samsung_fimd.h +++ b/include/video/samsung_fimd.h @@ -291,6 +291,7 @@ /* Video buffer addresses */ #define VIDW_BUF_START(_buff) (0xA0 + ((_buff) * 8)) +#define VIDW_BUF_START_S(_buff) (0x40A0 + ((_buff) * 8)) #define VIDW_BUF_START1(_buff) (0xA4 + ((_buff) * 8)) #define VIDW_BUF_END(_buff) (0xD0 + ((_buff) * 8)) #define VIDW_BUF_END1(_buff) (0xD4 + ((_buff) * 8)) -- 1.9.3 -- To unsubscribe from this list: send the line "unsubscribe linux-samsung-soc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html