xref: /openbmc/linux/drivers/gpu/drm/drm_gem.c (revision 9c784855067a8d10cef6088b14a58083e3918fdc) 
1673a394bSEric Anholt /*
2673a394bSEric Anholt  * Copyright © 2008 Intel Corporation
3673a394bSEric Anholt  *
4673a394bSEric Anholt  * Permission is hereby granted, free of charge, to any person obtaining a
5673a394bSEric Anholt  * copy of this software and associated documentation files (the "Software"),
6673a394bSEric Anholt  * to deal in the Software without restriction, including without limitation
7673a394bSEric Anholt  * the rights to use, copy, modify, merge, publish, distribute, sublicense,
8673a394bSEric Anholt  * and/or sell copies of the Software, and to permit persons to whom the
9673a394bSEric Anholt  * Software is furnished to do so, subject to the following conditions:
10673a394bSEric Anholt  *
11673a394bSEric Anholt  * The above copyright notice and this permission notice (including the next
12673a394bSEric Anholt  * paragraph) shall be included in all copies or substantial portions of the
13673a394bSEric Anholt  * Software.
14673a394bSEric Anholt  *
15673a394bSEric Anholt  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16673a394bSEric Anholt  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17673a394bSEric Anholt  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL
18673a394bSEric Anholt  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19673a394bSEric Anholt  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
20673a394bSEric Anholt  * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
21673a394bSEric Anholt  * IN THE SOFTWARE.
22673a394bSEric Anholt  *
23673a394bSEric Anholt  * Authors:
24673a394bSEric Anholt  *    Eric Anholt <eric@anholt.net>
25673a394bSEric Anholt  *
26673a394bSEric Anholt  */
27673a394bSEric Anholt 
28673a394bSEric Anholt #include <linux/types.h>
29673a394bSEric Anholt #include <linux/slab.h>
30673a394bSEric Anholt #include <linux/mm.h>
31673a394bSEric Anholt #include <linux/uaccess.h>
32673a394bSEric Anholt #include <linux/fs.h>
33673a394bSEric Anholt #include <linux/file.h>
34673a394bSEric Anholt #include <linux/module.h>
35673a394bSEric Anholt #include <linux/mman.h>
36673a394bSEric Anholt #include <linux/pagemap.h>
375949eac4SHugh Dickins #include <linux/shmem_fs.h>
383248877eSDave Airlie #include <linux/dma-buf.h>
39760285e7SDavid Howells #include <drm/drmP.h>
400de23977SDavid Herrmann #include <drm/drm_vma_manager.h>
41673a394bSEric Anholt 
42673a394bSEric Anholt /** @file drm_gem.c
43673a394bSEric Anholt  *
44673a394bSEric Anholt  * This file provides some of the base ioctls and library routines for
45673a394bSEric Anholt  * the graphics memory manager implemented by each device driver.
46673a394bSEric Anholt  *
47673a394bSEric Anholt  * Because various devices have different requirements in terms of
48673a394bSEric Anholt  * synchronization and migration strategies, implementing that is left up to
49673a394bSEric Anholt  * the driver, and all that the general API provides should be generic --
50673a394bSEric Anholt  * allocating objects, reading/writing data with the cpu, freeing objects.
51673a394bSEric Anholt  * Even there, platform-dependent optimizations for reading/writing data with
52673a394bSEric Anholt  * the CPU mean we'll likely hook those out to driver-specific calls.  However,
53673a394bSEric Anholt  * the DRI2 implementation wants to have at least allocate/mmap be generic.
54673a394bSEric Anholt  *
55673a394bSEric Anholt  * The goal was to have swap-backed object allocation managed through
56673a394bSEric Anholt  * struct file.  However, file descriptors as handles to a struct file have
57673a394bSEric Anholt  * two major failings:
58673a394bSEric Anholt  * - Process limits prevent more than 1024 or so being used at a time by
59673a394bSEric Anholt  *   default.
60673a394bSEric Anholt  * - Inability to allocate high fds will aggravate the X Server's select()
61673a394bSEric Anholt  *   handling, and likely that of many GL client applications as well.
62673a394bSEric Anholt  *
63673a394bSEric Anholt  * This led to a plan of using our own integer IDs (called handles, following
64673a394bSEric Anholt  * DRM terminology) to mimic fds, and implement the fd syscalls we need as
65673a394bSEric Anholt  * ioctls.  The objects themselves will still include the struct file so
66673a394bSEric Anholt  * that we can transition to fds if the required kernel infrastructure shows
67673a394bSEric Anholt  * up at a later date, and as our interface with shmfs for memory allocation.
68673a394bSEric Anholt  */
69673a394bSEric Anholt 
70a2c0a97bSJesse Barnes /*
71a2c0a97bSJesse Barnes  * We make up offsets for buffer objects so we can recognize them at
72a2c0a97bSJesse Barnes  * mmap time.
73a2c0a97bSJesse Barnes  */
7405269a3aSJordan Crouse 
7505269a3aSJordan Crouse /* pgoff in mmap is an unsigned long, so we need to make sure that
7605269a3aSJordan Crouse  * the faked up offset will fit
7705269a3aSJordan Crouse  */
7805269a3aSJordan Crouse 
7905269a3aSJordan Crouse #if BITS_PER_LONG == 64
80a2c0a97bSJesse Barnes #define DRM_FILE_PAGE_OFFSET_START ((0xFFFFFFFFUL >> PAGE_SHIFT) + 1)
81a2c0a97bSJesse Barnes #define DRM_FILE_PAGE_OFFSET_SIZE ((0xFFFFFFFFUL >> PAGE_SHIFT) * 16)
8205269a3aSJordan Crouse #else
8305269a3aSJordan Crouse #define DRM_FILE_PAGE_OFFSET_START ((0xFFFFFFFUL >> PAGE_SHIFT) + 1)
8405269a3aSJordan Crouse #define DRM_FILE_PAGE_OFFSET_SIZE ((0xFFFFFFFUL >> PAGE_SHIFT) * 16)
8505269a3aSJordan Crouse #endif
86a2c0a97bSJesse Barnes 
87673a394bSEric Anholt /**
88673a394bSEric Anholt  * Initialize the GEM device fields
89673a394bSEric Anholt  */
90673a394bSEric Anholt 
91673a394bSEric Anholt int
92673a394bSEric Anholt drm_gem_init(struct drm_device *dev)
93673a394bSEric Anholt {
94a2c0a97bSJesse Barnes 	struct drm_gem_mm *mm;
95a2c0a97bSJesse Barnes 
96cd4f013fSDaniel Vetter 	mutex_init(&dev->object_name_lock);
97673a394bSEric Anholt 	idr_init(&dev->object_name_idr);
98a2c0a97bSJesse Barnes 
999a298b2aSEric Anholt 	mm = kzalloc(sizeof(struct drm_gem_mm), GFP_KERNEL);
100a2c0a97bSJesse Barnes 	if (!mm) {
101a2c0a97bSJesse Barnes 		DRM_ERROR("out of memory\n");
102a2c0a97bSJesse Barnes 		return -ENOMEM;
103a2c0a97bSJesse Barnes 	}
104a2c0a97bSJesse Barnes 
105a2c0a97bSJesse Barnes 	dev->mm_private = mm;
1060de23977SDavid Herrmann 	drm_vma_offset_manager_init(&mm->vma_manager,
1070de23977SDavid Herrmann 				    DRM_FILE_PAGE_OFFSET_START,
10877ef8bbcSDavid Herrmann 				    DRM_FILE_PAGE_OFFSET_SIZE);
109a2c0a97bSJesse Barnes 
110673a394bSEric Anholt 	return 0;
111673a394bSEric Anholt }
112673a394bSEric Anholt 
113a2c0a97bSJesse Barnes void
114a2c0a97bSJesse Barnes drm_gem_destroy(struct drm_device *dev)
115a2c0a97bSJesse Barnes {
116a2c0a97bSJesse Barnes 	struct drm_gem_mm *mm = dev->mm_private;
117a2c0a97bSJesse Barnes 
1180de23977SDavid Herrmann 	drm_vma_offset_manager_destroy(&mm->vma_manager);
1199a298b2aSEric Anholt 	kfree(mm);
120a2c0a97bSJesse Barnes 	dev->mm_private = NULL;
121a2c0a97bSJesse Barnes }
122a2c0a97bSJesse Barnes 
123673a394bSEric Anholt /**
12462cb7011SAlan Cox  * Initialize an already allocated GEM object of the specified size with
1251d397043SDaniel Vetter  * shmfs backing store.
1261d397043SDaniel Vetter  */
1271d397043SDaniel Vetter int drm_gem_object_init(struct drm_device *dev,
1281d397043SDaniel Vetter 			struct drm_gem_object *obj, size_t size)
1291d397043SDaniel Vetter {
13089c8233fSDavid Herrmann 	struct file *filp;
1311d397043SDaniel Vetter 
13289c8233fSDavid Herrmann 	filp = shmem_file_setup("drm mm object", size, VM_NORESERVE);
13389c8233fSDavid Herrmann 	if (IS_ERR(filp))
13489c8233fSDavid Herrmann 		return PTR_ERR(filp);
1351d397043SDaniel Vetter 
13689c8233fSDavid Herrmann 	drm_gem_private_object_init(dev, obj, size);
13789c8233fSDavid Herrmann 	obj->filp = filp;
1381d397043SDaniel Vetter 
1391d397043SDaniel Vetter 	return 0;
1401d397043SDaniel Vetter }
1411d397043SDaniel Vetter EXPORT_SYMBOL(drm_gem_object_init);
1421d397043SDaniel Vetter 
1431d397043SDaniel Vetter /**
14462cb7011SAlan Cox  * Initialize an already allocated GEM object of the specified size with
14562cb7011SAlan Cox  * no GEM provided backing store. Instead the caller is responsible for
14662cb7011SAlan Cox  * backing the object and handling it.
14762cb7011SAlan Cox  */
14889c8233fSDavid Herrmann void drm_gem_private_object_init(struct drm_device *dev,
14962cb7011SAlan Cox 				 struct drm_gem_object *obj, size_t size)
15062cb7011SAlan Cox {
15162cb7011SAlan Cox 	BUG_ON((size & (PAGE_SIZE - 1)) != 0);
15262cb7011SAlan Cox 
15362cb7011SAlan Cox 	obj->dev = dev;
15462cb7011SAlan Cox 	obj->filp = NULL;
15562cb7011SAlan Cox 
15662cb7011SAlan Cox 	kref_init(&obj->refcount);
157a8e11d1cSDaniel Vetter 	obj->handle_count = 0;
15862cb7011SAlan Cox 	obj->size = size;
15988d7ebe5SDavid Herrmann 	drm_vma_node_reset(&obj->vma_node);
16062cb7011SAlan Cox }
16162cb7011SAlan Cox EXPORT_SYMBOL(drm_gem_private_object_init);
16262cb7011SAlan Cox 
16362cb7011SAlan Cox /**
164673a394bSEric Anholt  * Allocate a GEM object of the specified size with shmfs backing store
165673a394bSEric Anholt  */
166673a394bSEric Anholt struct drm_gem_object *
167673a394bSEric Anholt drm_gem_object_alloc(struct drm_device *dev, size_t size)
168673a394bSEric Anholt {
169673a394bSEric Anholt 	struct drm_gem_object *obj;
170673a394bSEric Anholt 
171b798b1feSRobert P. J. Day 	obj = kzalloc(sizeof(*obj), GFP_KERNEL);
172845792d9SJiri Slaby 	if (!obj)
173845792d9SJiri Slaby 		goto free;
174673a394bSEric Anholt 
1751d397043SDaniel Vetter 	if (drm_gem_object_init(dev, obj, size) != 0)
176845792d9SJiri Slaby 		goto free;
177673a394bSEric Anholt 
178673a394bSEric Anholt 	if (dev->driver->gem_init_object != NULL &&
179673a394bSEric Anholt 	    dev->driver->gem_init_object(obj) != 0) {
180845792d9SJiri Slaby 		goto fput;
181673a394bSEric Anholt 	}
182673a394bSEric Anholt 	return obj;
183845792d9SJiri Slaby fput:
1841d397043SDaniel Vetter 	/* Object_init mangles the global counters - readjust them. */
185845792d9SJiri Slaby 	fput(obj->filp);
186845792d9SJiri Slaby free:
187845792d9SJiri Slaby 	kfree(obj);
188845792d9SJiri Slaby 	return NULL;
189673a394bSEric Anholt }
190673a394bSEric Anholt EXPORT_SYMBOL(drm_gem_object_alloc);
191673a394bSEric Anholt 
1920ff926c7SDave Airlie static void
1930ff926c7SDave Airlie drm_gem_remove_prime_handles(struct drm_gem_object *obj, struct drm_file *filp)
1940ff926c7SDave Airlie {
195319c933cSDaniel Vetter 	/*
196319c933cSDaniel Vetter 	 * Note: obj->dma_buf can't disappear as long as we still hold a
197319c933cSDaniel Vetter 	 * handle reference in obj->handle_count.
198319c933cSDaniel Vetter 	 */
199d0b2c533SDaniel Vetter 	mutex_lock(&filp->prime.lock);
200319c933cSDaniel Vetter 	if (obj->dma_buf) {
201d0b2c533SDaniel Vetter 		drm_prime_remove_buf_handle_locked(&filp->prime,
202319c933cSDaniel Vetter 						   obj->dma_buf);
2030ff926c7SDave Airlie 	}
204d0b2c533SDaniel Vetter 	mutex_unlock(&filp->prime.lock);
2050ff926c7SDave Airlie }
2060ff926c7SDave Airlie 
20736da5908SDaniel Vetter static void drm_gem_object_ref_bug(struct kref *list_kref)
20836da5908SDaniel Vetter {
20936da5908SDaniel Vetter 	BUG();
21036da5908SDaniel Vetter }
21136da5908SDaniel Vetter 
21236da5908SDaniel Vetter /**
21336da5908SDaniel Vetter  * Called after the last handle to the object has been closed
21436da5908SDaniel Vetter  *
21536da5908SDaniel Vetter  * Removes any name for the object. Note that this must be
21636da5908SDaniel Vetter  * called before drm_gem_object_free or we'll be touching
21736da5908SDaniel Vetter  * freed memory
21836da5908SDaniel Vetter  */
21936da5908SDaniel Vetter static void drm_gem_object_handle_free(struct drm_gem_object *obj)
22036da5908SDaniel Vetter {
22136da5908SDaniel Vetter 	struct drm_device *dev = obj->dev;
22236da5908SDaniel Vetter 
22336da5908SDaniel Vetter 	/* Remove any name for this object */
22436da5908SDaniel Vetter 	if (obj->name) {
22536da5908SDaniel Vetter 		idr_remove(&dev->object_name_idr, obj->name);
22636da5908SDaniel Vetter 		obj->name = 0;
22736da5908SDaniel Vetter 		/*
22836da5908SDaniel Vetter 		 * The object name held a reference to this object, drop
22936da5908SDaniel Vetter 		 * that now.
23036da5908SDaniel Vetter 		*
23136da5908SDaniel Vetter 		* This cannot be the last reference, since the handle holds one too.
23236da5908SDaniel Vetter 		 */
23336da5908SDaniel Vetter 		kref_put(&obj->refcount, drm_gem_object_ref_bug);
234a8e11d1cSDaniel Vetter 	}
23536da5908SDaniel Vetter }
23636da5908SDaniel Vetter 
237319c933cSDaniel Vetter static void drm_gem_object_exported_dma_buf_free(struct drm_gem_object *obj)
238319c933cSDaniel Vetter {
239319c933cSDaniel Vetter 	/* Unbreak the reference cycle if we have an exported dma_buf. */
240319c933cSDaniel Vetter 	if (obj->dma_buf) {
241319c933cSDaniel Vetter 		dma_buf_put(obj->dma_buf);
242319c933cSDaniel Vetter 		obj->dma_buf = NULL;
243319c933cSDaniel Vetter 	}
244319c933cSDaniel Vetter }
245319c933cSDaniel Vetter 
246becee2a5SDaniel Vetter static void
24736da5908SDaniel Vetter drm_gem_object_handle_unreference_unlocked(struct drm_gem_object *obj)
24836da5908SDaniel Vetter {
249a8e11d1cSDaniel Vetter 	if (WARN_ON(obj->handle_count == 0))
25036da5908SDaniel Vetter 		return;
25136da5908SDaniel Vetter 
25236da5908SDaniel Vetter 	/*
25336da5908SDaniel Vetter 	* Must bump handle count first as this may be the last
25436da5908SDaniel Vetter 	* ref, in which case the object would disappear before we
25536da5908SDaniel Vetter 	* checked for a name
25636da5908SDaniel Vetter 	*/
25736da5908SDaniel Vetter 
258cd4f013fSDaniel Vetter 	mutex_lock(&obj->dev->object_name_lock);
259319c933cSDaniel Vetter 	if (--obj->handle_count == 0) {
26036da5908SDaniel Vetter 		drm_gem_object_handle_free(obj);
261319c933cSDaniel Vetter 		drm_gem_object_exported_dma_buf_free(obj);
262319c933cSDaniel Vetter 	}
263cd4f013fSDaniel Vetter 	mutex_unlock(&obj->dev->object_name_lock);
264a8e11d1cSDaniel Vetter 
26536da5908SDaniel Vetter 	drm_gem_object_unreference_unlocked(obj);
26636da5908SDaniel Vetter }
26736da5908SDaniel Vetter 
268673a394bSEric Anholt /**
269673a394bSEric Anholt  * Removes the mapping from handle to filp for this object.
270673a394bSEric Anholt  */
271ff72145bSDave Airlie int
272a1a2d1d3SPekka Paalanen drm_gem_handle_delete(struct drm_file *filp, u32 handle)
273673a394bSEric Anholt {
274673a394bSEric Anholt 	struct drm_device *dev;
275673a394bSEric Anholt 	struct drm_gem_object *obj;
276673a394bSEric Anholt 
277673a394bSEric Anholt 	/* This is gross. The idr system doesn't let us try a delete and
278673a394bSEric Anholt 	 * return an error code.  It just spews if you fail at deleting.
279673a394bSEric Anholt 	 * So, we have to grab a lock around finding the object and then
280673a394bSEric Anholt 	 * doing the delete on it and dropping the refcount, or the user
281673a394bSEric Anholt 	 * could race us to double-decrement the refcount and cause a
282673a394bSEric Anholt 	 * use-after-free later.  Given the frequency of our handle lookups,
283673a394bSEric Anholt 	 * we may want to use ida for number allocation and a hash table
284673a394bSEric Anholt 	 * for the pointers, anyway.
285673a394bSEric Anholt 	 */
286673a394bSEric Anholt 	spin_lock(&filp->table_lock);
287673a394bSEric Anholt 
288673a394bSEric Anholt 	/* Check if we currently have a reference on the object */
289673a394bSEric Anholt 	obj = idr_find(&filp->object_idr, handle);
290673a394bSEric Anholt 	if (obj == NULL) {
291673a394bSEric Anholt 		spin_unlock(&filp->table_lock);
292673a394bSEric Anholt 		return -EINVAL;
293673a394bSEric Anholt 	}
294673a394bSEric Anholt 	dev = obj->dev;
295673a394bSEric Anholt 
296673a394bSEric Anholt 	/* Release reference and decrement refcount. */
297673a394bSEric Anholt 	idr_remove(&filp->object_idr, handle);
298673a394bSEric Anholt 	spin_unlock(&filp->table_lock);
299673a394bSEric Anholt 
300*9c784855SThierry Reding 	if (drm_core_check_feature(dev, DRIVER_PRIME))
3010ff926c7SDave Airlie 		drm_gem_remove_prime_handles(obj, filp);
302ca481c9bSDavid Herrmann 	drm_vma_node_revoke(&obj->vma_node, filp->filp);
3033248877eSDave Airlie 
304304eda32SBen Skeggs 	if (dev->driver->gem_close_object)
305304eda32SBen Skeggs 		dev->driver->gem_close_object(obj, filp);
306bc9025bdSLuca Barbieri 	drm_gem_object_handle_unreference_unlocked(obj);
307673a394bSEric Anholt 
308673a394bSEric Anholt 	return 0;
309673a394bSEric Anholt }
310ff72145bSDave Airlie EXPORT_SYMBOL(drm_gem_handle_delete);
311673a394bSEric Anholt 
312673a394bSEric Anholt /**
31343387b37SDaniel Vetter  * drm_gem_dumb_destroy - dumb fb callback helper for gem based drivers
31443387b37SDaniel Vetter  *
31543387b37SDaniel Vetter  * This implements the ->dumb_destroy kms driver callback for drivers which use
31643387b37SDaniel Vetter  * gem to manage their backing storage.
31743387b37SDaniel Vetter  */
31843387b37SDaniel Vetter int drm_gem_dumb_destroy(struct drm_file *file,
31943387b37SDaniel Vetter 			 struct drm_device *dev,
32043387b37SDaniel Vetter 			 uint32_t handle)
32143387b37SDaniel Vetter {
32243387b37SDaniel Vetter 	return drm_gem_handle_delete(file, handle);
32343387b37SDaniel Vetter }
32443387b37SDaniel Vetter EXPORT_SYMBOL(drm_gem_dumb_destroy);
32543387b37SDaniel Vetter 
32643387b37SDaniel Vetter /**
32720228c44SDaniel Vetter  * drm_gem_handle_create_tail - internal functions to create a handle
32820228c44SDaniel Vetter  *
32920228c44SDaniel Vetter  * This expects the dev->object_name_lock to be held already and will drop it
33020228c44SDaniel Vetter  * before returning. Used to avoid races in establishing new handles when
33120228c44SDaniel Vetter  * importing an object from either an flink name or a dma-buf.
332673a394bSEric Anholt  */
333673a394bSEric Anholt int
33420228c44SDaniel Vetter drm_gem_handle_create_tail(struct drm_file *file_priv,
335673a394bSEric Anholt 			   struct drm_gem_object *obj,
336a1a2d1d3SPekka Paalanen 			   u32 *handlep)
337673a394bSEric Anholt {
338304eda32SBen Skeggs 	struct drm_device *dev = obj->dev;
339673a394bSEric Anholt 	int ret;
340673a394bSEric Anholt 
34120228c44SDaniel Vetter 	WARN_ON(!mutex_is_locked(&dev->object_name_lock));
34220228c44SDaniel Vetter 
343673a394bSEric Anholt 	/*
3442e928815STejun Heo 	 * Get the user-visible handle using idr.  Preload and perform
3452e928815STejun Heo 	 * allocation under our spinlock.
346673a394bSEric Anholt 	 */
3472e928815STejun Heo 	idr_preload(GFP_KERNEL);
348673a394bSEric Anholt 	spin_lock(&file_priv->table_lock);
3492e928815STejun Heo 
3502e928815STejun Heo 	ret = idr_alloc(&file_priv->object_idr, obj, 1, 0, GFP_NOWAIT);
351a8e11d1cSDaniel Vetter 	drm_gem_object_reference(obj);
352a8e11d1cSDaniel Vetter 	obj->handle_count++;
353673a394bSEric Anholt 	spin_unlock(&file_priv->table_lock);
3542e928815STejun Heo 	idr_preload_end();
355cd4f013fSDaniel Vetter 	mutex_unlock(&dev->object_name_lock);
356a8e11d1cSDaniel Vetter 	if (ret < 0) {
357a8e11d1cSDaniel Vetter 		drm_gem_object_handle_unreference_unlocked(obj);
358673a394bSEric Anholt 		return ret;
359a8e11d1cSDaniel Vetter 	}
3602e928815STejun Heo 	*handlep = ret;
361673a394bSEric Anholt 
362ca481c9bSDavid Herrmann 	ret = drm_vma_node_allow(&obj->vma_node, file_priv->filp);
363ca481c9bSDavid Herrmann 	if (ret) {
364ca481c9bSDavid Herrmann 		drm_gem_handle_delete(file_priv, *handlep);
365ca481c9bSDavid Herrmann 		return ret;
366ca481c9bSDavid Herrmann 	}
367304eda32SBen Skeggs 
368304eda32SBen Skeggs 	if (dev->driver->gem_open_object) {
369304eda32SBen Skeggs 		ret = dev->driver->gem_open_object(obj, file_priv);
370304eda32SBen Skeggs 		if (ret) {
371304eda32SBen Skeggs 			drm_gem_handle_delete(file_priv, *handlep);
372304eda32SBen Skeggs 			return ret;
373304eda32SBen Skeggs 		}
374304eda32SBen Skeggs 	}
375304eda32SBen Skeggs 
376673a394bSEric Anholt 	return 0;
377673a394bSEric Anholt }
37820228c44SDaniel Vetter 
37920228c44SDaniel Vetter /**
38020228c44SDaniel Vetter  * Create a handle for this object. This adds a handle reference
38120228c44SDaniel Vetter  * to the object, which includes a regular reference count. Callers
38220228c44SDaniel Vetter  * will likely want to dereference the object afterwards.
38320228c44SDaniel Vetter  */
38420228c44SDaniel Vetter int
38520228c44SDaniel Vetter drm_gem_handle_create(struct drm_file *file_priv,
38620228c44SDaniel Vetter 		       struct drm_gem_object *obj,
38720228c44SDaniel Vetter 		       u32 *handlep)
38820228c44SDaniel Vetter {
38920228c44SDaniel Vetter 	mutex_lock(&obj->dev->object_name_lock);
39020228c44SDaniel Vetter 
39120228c44SDaniel Vetter 	return drm_gem_handle_create_tail(file_priv, obj, handlep);
39220228c44SDaniel Vetter }
393673a394bSEric Anholt EXPORT_SYMBOL(drm_gem_handle_create);
394673a394bSEric Anholt 
39575ef8b3bSRob Clark 
39675ef8b3bSRob Clark /**
39775ef8b3bSRob Clark  * drm_gem_free_mmap_offset - release a fake mmap offset for an object
39875ef8b3bSRob Clark  * @obj: obj in question
39975ef8b3bSRob Clark  *
40075ef8b3bSRob Clark  * This routine frees fake offsets allocated by drm_gem_create_mmap_offset().
40175ef8b3bSRob Clark  */
40275ef8b3bSRob Clark void
40375ef8b3bSRob Clark drm_gem_free_mmap_offset(struct drm_gem_object *obj)
40475ef8b3bSRob Clark {
40575ef8b3bSRob Clark 	struct drm_device *dev = obj->dev;
40675ef8b3bSRob Clark 	struct drm_gem_mm *mm = dev->mm_private;
40775ef8b3bSRob Clark 
4080de23977SDavid Herrmann 	drm_vma_offset_remove(&mm->vma_manager, &obj->vma_node);
40975ef8b3bSRob Clark }
41075ef8b3bSRob Clark EXPORT_SYMBOL(drm_gem_free_mmap_offset);
41175ef8b3bSRob Clark 
41275ef8b3bSRob Clark /**
413367bbd49SRob Clark  * drm_gem_create_mmap_offset_size - create a fake mmap offset for an object
414367bbd49SRob Clark  * @obj: obj in question
415367bbd49SRob Clark  * @size: the virtual size
416367bbd49SRob Clark  *
417367bbd49SRob Clark  * GEM memory mapping works by handing back to userspace a fake mmap offset
418367bbd49SRob Clark  * it can use in a subsequent mmap(2) call.  The DRM core code then looks
419367bbd49SRob Clark  * up the object based on the offset and sets up the various memory mapping
420367bbd49SRob Clark  * structures.
421367bbd49SRob Clark  *
422367bbd49SRob Clark  * This routine allocates and attaches a fake offset for @obj, in cases where
423367bbd49SRob Clark  * the virtual size differs from the physical size (ie. obj->size).  Otherwise
424367bbd49SRob Clark  * just use drm_gem_create_mmap_offset().
425367bbd49SRob Clark  */
426367bbd49SRob Clark int
427367bbd49SRob Clark drm_gem_create_mmap_offset_size(struct drm_gem_object *obj, size_t size)
428367bbd49SRob Clark {
429367bbd49SRob Clark 	struct drm_device *dev = obj->dev;
430367bbd49SRob Clark 	struct drm_gem_mm *mm = dev->mm_private;
431367bbd49SRob Clark 
432367bbd49SRob Clark 	return drm_vma_offset_add(&mm->vma_manager, &obj->vma_node,
433367bbd49SRob Clark 				  size / PAGE_SIZE);
434367bbd49SRob Clark }
435367bbd49SRob Clark EXPORT_SYMBOL(drm_gem_create_mmap_offset_size);
436367bbd49SRob Clark 
437367bbd49SRob Clark /**
43875ef8b3bSRob Clark  * drm_gem_create_mmap_offset - create a fake mmap offset for an object
43975ef8b3bSRob Clark  * @obj: obj in question
44075ef8b3bSRob Clark  *
44175ef8b3bSRob Clark  * GEM memory mapping works by handing back to userspace a fake mmap offset
44275ef8b3bSRob Clark  * it can use in a subsequent mmap(2) call.  The DRM core code then looks
44375ef8b3bSRob Clark  * up the object based on the offset and sets up the various memory mapping
44475ef8b3bSRob Clark  * structures.
44575ef8b3bSRob Clark  *
44675ef8b3bSRob Clark  * This routine allocates and attaches a fake offset for @obj.
44775ef8b3bSRob Clark  */
448367bbd49SRob Clark int drm_gem_create_mmap_offset(struct drm_gem_object *obj)
44975ef8b3bSRob Clark {
450367bbd49SRob Clark 	return drm_gem_create_mmap_offset_size(obj, obj->size);
45175ef8b3bSRob Clark }
45275ef8b3bSRob Clark EXPORT_SYMBOL(drm_gem_create_mmap_offset);
45375ef8b3bSRob Clark 
454bcc5c9d5SRob Clark /**
455bcc5c9d5SRob Clark  * drm_gem_get_pages - helper to allocate backing pages for a GEM object
456bcc5c9d5SRob Clark  * from shmem
457bcc5c9d5SRob Clark  * @obj: obj in question
458bcc5c9d5SRob Clark  * @gfpmask: gfp mask of requested pages
459bcc5c9d5SRob Clark  */
460bcc5c9d5SRob Clark struct page **drm_gem_get_pages(struct drm_gem_object *obj, gfp_t gfpmask)
461bcc5c9d5SRob Clark {
462bcc5c9d5SRob Clark 	struct inode *inode;
463bcc5c9d5SRob Clark 	struct address_space *mapping;
464bcc5c9d5SRob Clark 	struct page *p, **pages;
465bcc5c9d5SRob Clark 	int i, npages;
466bcc5c9d5SRob Clark 
467bcc5c9d5SRob Clark 	/* This is the shared memory object that backs the GEM resource */
468bcc5c9d5SRob Clark 	inode = file_inode(obj->filp);
469bcc5c9d5SRob Clark 	mapping = inode->i_mapping;
470bcc5c9d5SRob Clark 
471bcc5c9d5SRob Clark 	/* We already BUG_ON() for non-page-aligned sizes in
472bcc5c9d5SRob Clark 	 * drm_gem_object_init(), so we should never hit this unless
473bcc5c9d5SRob Clark 	 * driver author is doing something really wrong:
474bcc5c9d5SRob Clark 	 */
475bcc5c9d5SRob Clark 	WARN_ON((obj->size & (PAGE_SIZE - 1)) != 0);
476bcc5c9d5SRob Clark 
477bcc5c9d5SRob Clark 	npages = obj->size >> PAGE_SHIFT;
478bcc5c9d5SRob Clark 
479bcc5c9d5SRob Clark 	pages = drm_malloc_ab(npages, sizeof(struct page *));
480bcc5c9d5SRob Clark 	if (pages == NULL)
481bcc5c9d5SRob Clark 		return ERR_PTR(-ENOMEM);
482bcc5c9d5SRob Clark 
483bcc5c9d5SRob Clark 	gfpmask |= mapping_gfp_mask(mapping);
484bcc5c9d5SRob Clark 
485bcc5c9d5SRob Clark 	for (i = 0; i < npages; i++) {
486bcc5c9d5SRob Clark 		p = shmem_read_mapping_page_gfp(mapping, i, gfpmask);
487bcc5c9d5SRob Clark 		if (IS_ERR(p))
488bcc5c9d5SRob Clark 			goto fail;
489bcc5c9d5SRob Clark 		pages[i] = p;
490bcc5c9d5SRob Clark 
491bcc5c9d5SRob Clark 		/* There is a hypothetical issue w/ drivers that require
492bcc5c9d5SRob Clark 		 * buffer memory in the low 4GB.. if the pages are un-
493bcc5c9d5SRob Clark 		 * pinned, and swapped out, they can end up swapped back
494bcc5c9d5SRob Clark 		 * in above 4GB.  If pages are already in memory, then
495bcc5c9d5SRob Clark 		 * shmem_read_mapping_page_gfp will ignore the gfpmask,
496bcc5c9d5SRob Clark 		 * even if the already in-memory page disobeys the mask.
497bcc5c9d5SRob Clark 		 *
498bcc5c9d5SRob Clark 		 * It is only a theoretical issue today, because none of
499bcc5c9d5SRob Clark 		 * the devices with this limitation can be populated with
500bcc5c9d5SRob Clark 		 * enough memory to trigger the issue.  But this BUG_ON()
501bcc5c9d5SRob Clark 		 * is here as a reminder in case the problem with
502bcc5c9d5SRob Clark 		 * shmem_read_mapping_page_gfp() isn't solved by the time
503bcc5c9d5SRob Clark 		 * it does become a real issue.
504bcc5c9d5SRob Clark 		 *
505bcc5c9d5SRob Clark 		 * See this thread: http://lkml.org/lkml/2011/7/11/238
506bcc5c9d5SRob Clark 		 */
507bcc5c9d5SRob Clark 		BUG_ON((gfpmask & __GFP_DMA32) &&
508bcc5c9d5SRob Clark 				(page_to_pfn(p) >= 0x00100000UL));
509bcc5c9d5SRob Clark 	}
510bcc5c9d5SRob Clark 
511bcc5c9d5SRob Clark 	return pages;
512bcc5c9d5SRob Clark 
513bcc5c9d5SRob Clark fail:
514bcc5c9d5SRob Clark 	while (i--)
515bcc5c9d5SRob Clark 		page_cache_release(pages[i]);
516bcc5c9d5SRob Clark 
517bcc5c9d5SRob Clark 	drm_free_large(pages);
518bcc5c9d5SRob Clark 	return ERR_CAST(p);
519bcc5c9d5SRob Clark }
520bcc5c9d5SRob Clark EXPORT_SYMBOL(drm_gem_get_pages);
521bcc5c9d5SRob Clark 
522bcc5c9d5SRob Clark /**
523bcc5c9d5SRob Clark  * drm_gem_put_pages - helper to free backing pages for a GEM object
524bcc5c9d5SRob Clark  * @obj: obj in question
525bcc5c9d5SRob Clark  * @pages: pages to free
526bcc5c9d5SRob Clark  * @dirty: if true, pages will be marked as dirty
527bcc5c9d5SRob Clark  * @accessed: if true, the pages will be marked as accessed
528bcc5c9d5SRob Clark  */
529bcc5c9d5SRob Clark void drm_gem_put_pages(struct drm_gem_object *obj, struct page **pages,
530bcc5c9d5SRob Clark 		bool dirty, bool accessed)
531bcc5c9d5SRob Clark {
532bcc5c9d5SRob Clark 	int i, npages;
533bcc5c9d5SRob Clark 
534bcc5c9d5SRob Clark 	/* We already BUG_ON() for non-page-aligned sizes in
535bcc5c9d5SRob Clark 	 * drm_gem_object_init(), so we should never hit this unless
536bcc5c9d5SRob Clark 	 * driver author is doing something really wrong:
537bcc5c9d5SRob Clark 	 */
538bcc5c9d5SRob Clark 	WARN_ON((obj->size & (PAGE_SIZE - 1)) != 0);
539bcc5c9d5SRob Clark 
540bcc5c9d5SRob Clark 	npages = obj->size >> PAGE_SHIFT;
541bcc5c9d5SRob Clark 
542bcc5c9d5SRob Clark 	for (i = 0; i < npages; i++) {
543bcc5c9d5SRob Clark 		if (dirty)
544bcc5c9d5SRob Clark 			set_page_dirty(pages[i]);
545bcc5c9d5SRob Clark 
546bcc5c9d5SRob Clark 		if (accessed)
547bcc5c9d5SRob Clark 			mark_page_accessed(pages[i]);
548bcc5c9d5SRob Clark 
549bcc5c9d5SRob Clark 		/* Undo the reference we took when populating the table */
550bcc5c9d5SRob Clark 		page_cache_release(pages[i]);
551bcc5c9d5SRob Clark 	}
552bcc5c9d5SRob Clark 
553bcc5c9d5SRob Clark 	drm_free_large(pages);
554bcc5c9d5SRob Clark }
555bcc5c9d5SRob Clark EXPORT_SYMBOL(drm_gem_put_pages);
556bcc5c9d5SRob Clark 
557673a394bSEric Anholt /** Returns a reference to the object named by the handle. */
558673a394bSEric Anholt struct drm_gem_object *
559673a394bSEric Anholt drm_gem_object_lookup(struct drm_device *dev, struct drm_file *filp,
560a1a2d1d3SPekka Paalanen 		      u32 handle)
561673a394bSEric Anholt {
562673a394bSEric Anholt 	struct drm_gem_object *obj;
563673a394bSEric Anholt 
564673a394bSEric Anholt 	spin_lock(&filp->table_lock);
565673a394bSEric Anholt 
566673a394bSEric Anholt 	/* Check if we currently have a reference on the object */
567673a394bSEric Anholt 	obj = idr_find(&filp->object_idr, handle);
568673a394bSEric Anholt 	if (obj == NULL) {
569673a394bSEric Anholt 		spin_unlock(&filp->table_lock);
570673a394bSEric Anholt 		return NULL;
571673a394bSEric Anholt 	}
572673a394bSEric Anholt 
573673a394bSEric Anholt 	drm_gem_object_reference(obj);
574673a394bSEric Anholt 
575673a394bSEric Anholt 	spin_unlock(&filp->table_lock);
576673a394bSEric Anholt 
577673a394bSEric Anholt 	return obj;
578673a394bSEric Anholt }
579673a394bSEric Anholt EXPORT_SYMBOL(drm_gem_object_lookup);
580673a394bSEric Anholt 
581673a394bSEric Anholt /**
582673a394bSEric Anholt  * Releases the handle to an mm object.
583673a394bSEric Anholt  */
584673a394bSEric Anholt int
585673a394bSEric Anholt drm_gem_close_ioctl(struct drm_device *dev, void *data,
586673a394bSEric Anholt 		    struct drm_file *file_priv)
587673a394bSEric Anholt {
588673a394bSEric Anholt 	struct drm_gem_close *args = data;
589673a394bSEric Anholt 	int ret;
590673a394bSEric Anholt 
591673a394bSEric Anholt 	if (!(dev->driver->driver_features & DRIVER_GEM))
592673a394bSEric Anholt 		return -ENODEV;
593673a394bSEric Anholt 
594673a394bSEric Anholt 	ret = drm_gem_handle_delete(file_priv, args->handle);
595673a394bSEric Anholt 
596673a394bSEric Anholt 	return ret;
597673a394bSEric Anholt }
598673a394bSEric Anholt 
599673a394bSEric Anholt /**
600673a394bSEric Anholt  * Create a global name for an object, returning the name.
601673a394bSEric Anholt  *
602673a394bSEric Anholt  * Note that the name does not hold a reference; when the object
603673a394bSEric Anholt  * is freed, the name goes away.
604673a394bSEric Anholt  */
605673a394bSEric Anholt int
606673a394bSEric Anholt drm_gem_flink_ioctl(struct drm_device *dev, void *data,
607673a394bSEric Anholt 		    struct drm_file *file_priv)
608673a394bSEric Anholt {
609673a394bSEric Anholt 	struct drm_gem_flink *args = data;
610673a394bSEric Anholt 	struct drm_gem_object *obj;
611673a394bSEric Anholt 	int ret;
612673a394bSEric Anholt 
613673a394bSEric Anholt 	if (!(dev->driver->driver_features & DRIVER_GEM))
614673a394bSEric Anholt 		return -ENODEV;
615673a394bSEric Anholt 
616673a394bSEric Anholt 	obj = drm_gem_object_lookup(dev, file_priv, args->handle);
617673a394bSEric Anholt 	if (obj == NULL)
618bf79cb91SChris Wilson 		return -ENOENT;
619673a394bSEric Anholt 
620cd4f013fSDaniel Vetter 	mutex_lock(&dev->object_name_lock);
6212e928815STejun Heo 	idr_preload(GFP_KERNEL);
622a8e11d1cSDaniel Vetter 	/* prevent races with concurrent gem_close. */
623a8e11d1cSDaniel Vetter 	if (obj->handle_count == 0) {
624a8e11d1cSDaniel Vetter 		ret = -ENOENT;
625a8e11d1cSDaniel Vetter 		goto err;
626a8e11d1cSDaniel Vetter 	}
627a8e11d1cSDaniel Vetter 
6288d59bae5SChris Wilson 	if (!obj->name) {
6292e928815STejun Heo 		ret = idr_alloc(&dev->object_name_idr, obj, 1, 0, GFP_NOWAIT);
6302e928815STejun Heo 		if (ret < 0)
6313e49c4f4SChris Wilson 			goto err;
6322e07fb22SYoungJun Cho 
6332e07fb22SYoungJun Cho 		obj->name = ret;
634673a394bSEric Anholt 
6358d59bae5SChris Wilson 		/* Allocate a reference for the name table.  */
6368d59bae5SChris Wilson 		drm_gem_object_reference(obj);
6378d59bae5SChris Wilson 	}
6383e49c4f4SChris Wilson 
6392e07fb22SYoungJun Cho 	args->name = (uint64_t) obj->name;
6402e07fb22SYoungJun Cho 	ret = 0;
6412e07fb22SYoungJun Cho 
6423e49c4f4SChris Wilson err:
6432e07fb22SYoungJun Cho 	idr_preload_end();
644cd4f013fSDaniel Vetter 	mutex_unlock(&dev->object_name_lock);
645bc9025bdSLuca Barbieri 	drm_gem_object_unreference_unlocked(obj);
6463e49c4f4SChris Wilson 	return ret;
647673a394bSEric Anholt }
648673a394bSEric Anholt 
649673a394bSEric Anholt /**
650673a394bSEric Anholt  * Open an object using the global name, returning a handle and the size.
651673a394bSEric Anholt  *
652673a394bSEric Anholt  * This handle (of course) holds a reference to the object, so the object
653673a394bSEric Anholt  * will not go away until the handle is deleted.
654673a394bSEric Anholt  */
655673a394bSEric Anholt int
656673a394bSEric Anholt drm_gem_open_ioctl(struct drm_device *dev, void *data,
657673a394bSEric Anholt 		   struct drm_file *file_priv)
658673a394bSEric Anholt {
659673a394bSEric Anholt 	struct drm_gem_open *args = data;
660673a394bSEric Anholt 	struct drm_gem_object *obj;
661673a394bSEric Anholt 	int ret;
662a1a2d1d3SPekka Paalanen 	u32 handle;
663673a394bSEric Anholt 
664673a394bSEric Anholt 	if (!(dev->driver->driver_features & DRIVER_GEM))
665673a394bSEric Anholt 		return -ENODEV;
666673a394bSEric Anholt 
667cd4f013fSDaniel Vetter 	mutex_lock(&dev->object_name_lock);
668673a394bSEric Anholt 	obj = idr_find(&dev->object_name_idr, (int) args->name);
66920228c44SDaniel Vetter 	if (obj) {
670673a394bSEric Anholt 		drm_gem_object_reference(obj);
67120228c44SDaniel Vetter 	} else {
672cd4f013fSDaniel Vetter 		mutex_unlock(&dev->object_name_lock);
673673a394bSEric Anholt 		return -ENOENT;
67420228c44SDaniel Vetter 	}
675673a394bSEric Anholt 
67620228c44SDaniel Vetter 	/* drm_gem_handle_create_tail unlocks dev->object_name_lock. */
67720228c44SDaniel Vetter 	ret = drm_gem_handle_create_tail(file_priv, obj, &handle);
678bc9025bdSLuca Barbieri 	drm_gem_object_unreference_unlocked(obj);
679673a394bSEric Anholt 	if (ret)
680673a394bSEric Anholt 		return ret;
681673a394bSEric Anholt 
682673a394bSEric Anholt 	args->handle = handle;
683673a394bSEric Anholt 	args->size = obj->size;
684673a394bSEric Anholt 
685673a394bSEric Anholt 	return 0;
686673a394bSEric Anholt }
687673a394bSEric Anholt 
688673a394bSEric Anholt /**
689673a394bSEric Anholt  * Called at device open time, sets up the structure for handling refcounting
690673a394bSEric Anholt  * of mm objects.
691673a394bSEric Anholt  */
692673a394bSEric Anholt void
693673a394bSEric Anholt drm_gem_open(struct drm_device *dev, struct drm_file *file_private)
694673a394bSEric Anholt {
695673a394bSEric Anholt 	idr_init(&file_private->object_idr);
696673a394bSEric Anholt 	spin_lock_init(&file_private->table_lock);
697673a394bSEric Anholt }
698673a394bSEric Anholt 
699673a394bSEric Anholt /**
700673a394bSEric Anholt  * Called at device close to release the file's
701673a394bSEric Anholt  * handle references on objects.
702673a394bSEric Anholt  */
703673a394bSEric Anholt static int
704673a394bSEric Anholt drm_gem_object_release_handle(int id, void *ptr, void *data)
705673a394bSEric Anholt {
706304eda32SBen Skeggs 	struct drm_file *file_priv = data;
707673a394bSEric Anholt 	struct drm_gem_object *obj = ptr;
708304eda32SBen Skeggs 	struct drm_device *dev = obj->dev;
709304eda32SBen Skeggs 
710*9c784855SThierry Reding 	if (drm_core_check_feature(dev, DRIVER_PRIME))
7110ff926c7SDave Airlie 		drm_gem_remove_prime_handles(obj, file_priv);
712ca481c9bSDavid Herrmann 	drm_vma_node_revoke(&obj->vma_node, file_priv->filp);
7133248877eSDave Airlie 
714304eda32SBen Skeggs 	if (dev->driver->gem_close_object)
715304eda32SBen Skeggs 		dev->driver->gem_close_object(obj, file_priv);
716673a394bSEric Anholt 
717bc9025bdSLuca Barbieri 	drm_gem_object_handle_unreference_unlocked(obj);
718673a394bSEric Anholt 
719673a394bSEric Anholt 	return 0;
720673a394bSEric Anholt }
721673a394bSEric Anholt 
722673a394bSEric Anholt /**
723673a394bSEric Anholt  * Called at close time when the filp is going away.
724673a394bSEric Anholt  *
725673a394bSEric Anholt  * Releases any remaining references on objects by this filp.
726673a394bSEric Anholt  */
727673a394bSEric Anholt void
728673a394bSEric Anholt drm_gem_release(struct drm_device *dev, struct drm_file *file_private)
729673a394bSEric Anholt {
730673a394bSEric Anholt 	idr_for_each(&file_private->object_idr,
731304eda32SBen Skeggs 		     &drm_gem_object_release_handle, file_private);
732673a394bSEric Anholt 	idr_destroy(&file_private->object_idr);
733673a394bSEric Anholt }
734673a394bSEric Anholt 
735fd632aa3SDaniel Vetter void
736fd632aa3SDaniel Vetter drm_gem_object_release(struct drm_gem_object *obj)
737c3ae90c0SLuca Barbieri {
738319c933cSDaniel Vetter 	WARN_ON(obj->dma_buf);
739319c933cSDaniel Vetter 
74062cb7011SAlan Cox 	if (obj->filp)
741c3ae90c0SLuca Barbieri 	    fput(obj->filp);
742c3ae90c0SLuca Barbieri }
743fd632aa3SDaniel Vetter EXPORT_SYMBOL(drm_gem_object_release);
744c3ae90c0SLuca Barbieri 
745673a394bSEric Anholt /**
746673a394bSEric Anholt  * Called after the last reference to the object has been lost.
747c3ae90c0SLuca Barbieri  * Must be called holding struct_ mutex
748673a394bSEric Anholt  *
749673a394bSEric Anholt  * Frees the object
750673a394bSEric Anholt  */
751673a394bSEric Anholt void
752673a394bSEric Anholt drm_gem_object_free(struct kref *kref)
753673a394bSEric Anholt {
754673a394bSEric Anholt 	struct drm_gem_object *obj = (struct drm_gem_object *) kref;
755673a394bSEric Anholt 	struct drm_device *dev = obj->dev;
756673a394bSEric Anholt 
757673a394bSEric Anholt 	BUG_ON(!mutex_is_locked(&dev->struct_mutex));
758673a394bSEric Anholt 
759673a394bSEric Anholt 	if (dev->driver->gem_free_object != NULL)
760673a394bSEric Anholt 		dev->driver->gem_free_object(obj);
761673a394bSEric Anholt }
762673a394bSEric Anholt EXPORT_SYMBOL(drm_gem_object_free);
763673a394bSEric Anholt 
764ab00b3e5SJesse Barnes void drm_gem_vm_open(struct vm_area_struct *vma)
765ab00b3e5SJesse Barnes {
766ab00b3e5SJesse Barnes 	struct drm_gem_object *obj = vma->vm_private_data;
767ab00b3e5SJesse Barnes 
768ab00b3e5SJesse Barnes 	drm_gem_object_reference(obj);
76931dfbc93SChris Wilson 
77031dfbc93SChris Wilson 	mutex_lock(&obj->dev->struct_mutex);
771b06d66beSRob Clark 	drm_vm_open_locked(obj->dev, vma);
77231dfbc93SChris Wilson 	mutex_unlock(&obj->dev->struct_mutex);
773ab00b3e5SJesse Barnes }
774ab00b3e5SJesse Barnes EXPORT_SYMBOL(drm_gem_vm_open);
775ab00b3e5SJesse Barnes 
776ab00b3e5SJesse Barnes void drm_gem_vm_close(struct vm_area_struct *vma)
777ab00b3e5SJesse Barnes {
778ab00b3e5SJesse Barnes 	struct drm_gem_object *obj = vma->vm_private_data;
779b74ad5aeSChris Wilson 	struct drm_device *dev = obj->dev;
780ab00b3e5SJesse Barnes 
781b74ad5aeSChris Wilson 	mutex_lock(&dev->struct_mutex);
782b06d66beSRob Clark 	drm_vm_close_locked(obj->dev, vma);
78331dfbc93SChris Wilson 	drm_gem_object_unreference(obj);
784b74ad5aeSChris Wilson 	mutex_unlock(&dev->struct_mutex);
785ab00b3e5SJesse Barnes }
786ab00b3e5SJesse Barnes EXPORT_SYMBOL(drm_gem_vm_close);
787ab00b3e5SJesse Barnes 
7881c5aafa6SLaurent Pinchart /**
7891c5aafa6SLaurent Pinchart  * drm_gem_mmap_obj - memory map a GEM object
7901c5aafa6SLaurent Pinchart  * @obj: the GEM object to map
7911c5aafa6SLaurent Pinchart  * @obj_size: the object size to be mapped, in bytes
7921c5aafa6SLaurent Pinchart  * @vma: VMA for the area to be mapped
7931c5aafa6SLaurent Pinchart  *
7941c5aafa6SLaurent Pinchart  * Set up the VMA to prepare mapping of the GEM object using the gem_vm_ops
7951c5aafa6SLaurent Pinchart  * provided by the driver. Depending on their requirements, drivers can either
7961c5aafa6SLaurent Pinchart  * provide a fault handler in their gem_vm_ops (in which case any accesses to
7971c5aafa6SLaurent Pinchart  * the object will be trapped, to perform migration, GTT binding, surface
7981c5aafa6SLaurent Pinchart  * register allocation, or performance monitoring), or mmap the buffer memory
7991c5aafa6SLaurent Pinchart  * synchronously after calling drm_gem_mmap_obj.
8001c5aafa6SLaurent Pinchart  *
8011c5aafa6SLaurent Pinchart  * This function is mainly intended to implement the DMABUF mmap operation, when
8021c5aafa6SLaurent Pinchart  * the GEM object is not looked up based on its fake offset. To implement the
8031c5aafa6SLaurent Pinchart  * DRM mmap operation, drivers should use the drm_gem_mmap() function.
8041c5aafa6SLaurent Pinchart  *
805ca481c9bSDavid Herrmann  * drm_gem_mmap_obj() assumes the user is granted access to the buffer while
806ca481c9bSDavid Herrmann  * drm_gem_mmap() prevents unprivileged users from mapping random objects. So
807ca481c9bSDavid Herrmann  * callers must verify access restrictions before calling this helper.
808ca481c9bSDavid Herrmann  *
8094368dd84SYoungJun Cho  * NOTE: This function has to be protected with dev->struct_mutex
8104368dd84SYoungJun Cho  *
8111c5aafa6SLaurent Pinchart  * Return 0 or success or -EINVAL if the object size is smaller than the VMA
8121c5aafa6SLaurent Pinchart  * size, or if no gem_vm_ops are provided.
8131c5aafa6SLaurent Pinchart  */
8141c5aafa6SLaurent Pinchart int drm_gem_mmap_obj(struct drm_gem_object *obj, unsigned long obj_size,
8151c5aafa6SLaurent Pinchart 		     struct vm_area_struct *vma)
8161c5aafa6SLaurent Pinchart {
8171c5aafa6SLaurent Pinchart 	struct drm_device *dev = obj->dev;
8181c5aafa6SLaurent Pinchart 
8194368dd84SYoungJun Cho 	lockdep_assert_held(&dev->struct_mutex);
8204368dd84SYoungJun Cho 
8211c5aafa6SLaurent Pinchart 	/* Check for valid size. */
8221c5aafa6SLaurent Pinchart 	if (obj_size < vma->vm_end - vma->vm_start)
8231c5aafa6SLaurent Pinchart 		return -EINVAL;
8241c5aafa6SLaurent Pinchart 
8251c5aafa6SLaurent Pinchart 	if (!dev->driver->gem_vm_ops)
8261c5aafa6SLaurent Pinchart 		return -EINVAL;
8271c5aafa6SLaurent Pinchart 
8281c5aafa6SLaurent Pinchart 	vma->vm_flags |= VM_IO | VM_PFNMAP | VM_DONTEXPAND | VM_DONTDUMP;
8291c5aafa6SLaurent Pinchart 	vma->vm_ops = dev->driver->gem_vm_ops;
8301c5aafa6SLaurent Pinchart 	vma->vm_private_data = obj;
8311c5aafa6SLaurent Pinchart 	vma->vm_page_prot =  pgprot_writecombine(vm_get_page_prot(vma->vm_flags));
8321c5aafa6SLaurent Pinchart 
8331c5aafa6SLaurent Pinchart 	/* Take a ref for this mapping of the object, so that the fault
8341c5aafa6SLaurent Pinchart 	 * handler can dereference the mmap offset's pointer to the object.
8351c5aafa6SLaurent Pinchart 	 * This reference is cleaned up by the corresponding vm_close
8361c5aafa6SLaurent Pinchart 	 * (which should happen whether the vma was created by this call, or
8371c5aafa6SLaurent Pinchart 	 * by a vm_open due to mremap or partial unmap or whatever).
8381c5aafa6SLaurent Pinchart 	 */
8391c5aafa6SLaurent Pinchart 	drm_gem_object_reference(obj);
8401c5aafa6SLaurent Pinchart 
8411c5aafa6SLaurent Pinchart 	drm_vm_open_locked(dev, vma);
8421c5aafa6SLaurent Pinchart 	return 0;
8431c5aafa6SLaurent Pinchart }
8441c5aafa6SLaurent Pinchart EXPORT_SYMBOL(drm_gem_mmap_obj);
845ab00b3e5SJesse Barnes 
846a2c0a97bSJesse Barnes /**
847a2c0a97bSJesse Barnes  * drm_gem_mmap - memory map routine for GEM objects
848a2c0a97bSJesse Barnes  * @filp: DRM file pointer
849a2c0a97bSJesse Barnes  * @vma: VMA for the area to be mapped
850a2c0a97bSJesse Barnes  *
851a2c0a97bSJesse Barnes  * If a driver supports GEM object mapping, mmap calls on the DRM file
852a2c0a97bSJesse Barnes  * descriptor will end up here.
853a2c0a97bSJesse Barnes  *
8541c5aafa6SLaurent Pinchart  * Look up the GEM object based on the offset passed in (vma->vm_pgoff will
855a2c0a97bSJesse Barnes  * contain the fake offset we created when the GTT map ioctl was called on
8561c5aafa6SLaurent Pinchart  * the object) and map it with a call to drm_gem_mmap_obj().
857ca481c9bSDavid Herrmann  *
858ca481c9bSDavid Herrmann  * If the caller is not granted access to the buffer object, the mmap will fail
859ca481c9bSDavid Herrmann  * with EACCES. Please see the vma manager for more information.
860a2c0a97bSJesse Barnes  */
861a2c0a97bSJesse Barnes int drm_gem_mmap(struct file *filp, struct vm_area_struct *vma)
862a2c0a97bSJesse Barnes {
863a2c0a97bSJesse Barnes 	struct drm_file *priv = filp->private_data;
864a2c0a97bSJesse Barnes 	struct drm_device *dev = priv->minor->dev;
865a2c0a97bSJesse Barnes 	struct drm_gem_mm *mm = dev->mm_private;
8660de23977SDavid Herrmann 	struct drm_gem_object *obj;
8670de23977SDavid Herrmann 	struct drm_vma_offset_node *node;
868a2c0a97bSJesse Barnes 	int ret = 0;
869a2c0a97bSJesse Barnes 
8702c07a21dSDave Airlie 	if (drm_device_is_unplugged(dev))
8712c07a21dSDave Airlie 		return -ENODEV;
8722c07a21dSDave Airlie 
873a2c0a97bSJesse Barnes 	mutex_lock(&dev->struct_mutex);
874a2c0a97bSJesse Barnes 
8750de23977SDavid Herrmann 	node = drm_vma_offset_exact_lookup(&mm->vma_manager, vma->vm_pgoff,
8760de23977SDavid Herrmann 					   vma_pages(vma));
8770de23977SDavid Herrmann 	if (!node) {
878a2c0a97bSJesse Barnes 		mutex_unlock(&dev->struct_mutex);
879a2c0a97bSJesse Barnes 		return drm_mmap(filp, vma);
880ca481c9bSDavid Herrmann 	} else if (!drm_vma_node_is_allowed(node, filp)) {
881ca481c9bSDavid Herrmann 		mutex_unlock(&dev->struct_mutex);
882ca481c9bSDavid Herrmann 		return -EACCES;
883a2c0a97bSJesse Barnes 	}
884a2c0a97bSJesse Barnes 
8850de23977SDavid Herrmann 	obj = container_of(node, struct drm_gem_object, vma_node);
886aed2c03cSDavid Herrmann 	ret = drm_gem_mmap_obj(obj, drm_vma_node_size(node) << PAGE_SHIFT, vma);
887a2c0a97bSJesse Barnes 
888a2c0a97bSJesse Barnes 	mutex_unlock(&dev->struct_mutex);
889a2c0a97bSJesse Barnes 
890a2c0a97bSJesse Barnes 	return ret;
891a2c0a97bSJesse Barnes }
892a2c0a97bSJesse Barnes EXPORT_SYMBOL(drm_gem_mmap);
893