1673a394bSEric Anholt /* 2673a394bSEric Anholt * Copyright © 2008 Intel Corporation 3673a394bSEric Anholt * 4673a394bSEric Anholt * Permission is hereby granted, free of charge, to any person obtaining a 5673a394bSEric Anholt * copy of this software and associated documentation files (the "Software"), 6673a394bSEric Anholt * to deal in the Software without restriction, including without limitation 7673a394bSEric Anholt * the rights to use, copy, modify, merge, publish, distribute, sublicense, 8673a394bSEric Anholt * and/or sell copies of the Software, and to permit persons to whom the 9673a394bSEric Anholt * Software is furnished to do so, subject to the following conditions: 10673a394bSEric Anholt * 11673a394bSEric Anholt * The above copyright notice and this permission notice (including the next 12673a394bSEric Anholt * paragraph) shall be included in all copies or substantial portions of the 13673a394bSEric Anholt * Software. 14673a394bSEric Anholt * 15673a394bSEric Anholt * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16673a394bSEric Anholt * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17673a394bSEric Anholt * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 18673a394bSEric Anholt * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19673a394bSEric Anholt * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 20673a394bSEric Anholt * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS 21673a394bSEric Anholt * IN THE SOFTWARE. 22673a394bSEric Anholt * 23673a394bSEric Anholt * Authors: 24673a394bSEric Anholt * Eric Anholt <eric@anholt.net> 25673a394bSEric Anholt * 26673a394bSEric Anholt */ 27673a394bSEric Anholt 28673a394bSEric Anholt #include <linux/types.h> 29673a394bSEric Anholt #include <linux/slab.h> 30673a394bSEric Anholt #include <linux/mm.h> 31673a394bSEric Anholt #include <linux/uaccess.h> 32673a394bSEric Anholt #include <linux/fs.h> 33673a394bSEric Anholt #include <linux/file.h> 34673a394bSEric Anholt #include <linux/module.h> 35673a394bSEric Anholt #include <linux/mman.h> 36673a394bSEric Anholt #include <linux/pagemap.h> 375949eac4SHugh Dickins #include <linux/shmem_fs.h> 383248877eSDave Airlie #include <linux/dma-buf.h> 39760285e7SDavid Howells #include <drm/drmP.h> 400de23977SDavid Herrmann #include <drm/drm_vma_manager.h> 41673a394bSEric Anholt 42673a394bSEric Anholt /** @file drm_gem.c 43673a394bSEric Anholt * 44673a394bSEric Anholt * This file provides some of the base ioctls and library routines for 45673a394bSEric Anholt * the graphics memory manager implemented by each device driver. 46673a394bSEric Anholt * 47673a394bSEric Anholt * Because various devices have different requirements in terms of 48673a394bSEric Anholt * synchronization and migration strategies, implementing that is left up to 49673a394bSEric Anholt * the driver, and all that the general API provides should be generic -- 50673a394bSEric Anholt * allocating objects, reading/writing data with the cpu, freeing objects. 51673a394bSEric Anholt * Even there, platform-dependent optimizations for reading/writing data with 52673a394bSEric Anholt * the CPU mean we'll likely hook those out to driver-specific calls. However, 53673a394bSEric Anholt * the DRI2 implementation wants to have at least allocate/mmap be generic. 54673a394bSEric Anholt * 55673a394bSEric Anholt * The goal was to have swap-backed object allocation managed through 56673a394bSEric Anholt * struct file. However, file descriptors as handles to a struct file have 57673a394bSEric Anholt * two major failings: 58673a394bSEric Anholt * - Process limits prevent more than 1024 or so being used at a time by 59673a394bSEric Anholt * default. 60673a394bSEric Anholt * - Inability to allocate high fds will aggravate the X Server's select() 61673a394bSEric Anholt * handling, and likely that of many GL client applications as well. 62673a394bSEric Anholt * 63673a394bSEric Anholt * This led to a plan of using our own integer IDs (called handles, following 64673a394bSEric Anholt * DRM terminology) to mimic fds, and implement the fd syscalls we need as 65673a394bSEric Anholt * ioctls. The objects themselves will still include the struct file so 66673a394bSEric Anholt * that we can transition to fds if the required kernel infrastructure shows 67673a394bSEric Anholt * up at a later date, and as our interface with shmfs for memory allocation. 68673a394bSEric Anholt */ 69673a394bSEric Anholt 70a2c0a97bSJesse Barnes /* 71a2c0a97bSJesse Barnes * We make up offsets for buffer objects so we can recognize them at 72a2c0a97bSJesse Barnes * mmap time. 73a2c0a97bSJesse Barnes */ 7405269a3aSJordan Crouse 7505269a3aSJordan Crouse /* pgoff in mmap is an unsigned long, so we need to make sure that 7605269a3aSJordan Crouse * the faked up offset will fit 7705269a3aSJordan Crouse */ 7805269a3aSJordan Crouse 7905269a3aSJordan Crouse #if BITS_PER_LONG == 64 80a2c0a97bSJesse Barnes #define DRM_FILE_PAGE_OFFSET_START ((0xFFFFFFFFUL >> PAGE_SHIFT) + 1) 81a2c0a97bSJesse Barnes #define DRM_FILE_PAGE_OFFSET_SIZE ((0xFFFFFFFFUL >> PAGE_SHIFT) * 16) 8205269a3aSJordan Crouse #else 8305269a3aSJordan Crouse #define DRM_FILE_PAGE_OFFSET_START ((0xFFFFFFFUL >> PAGE_SHIFT) + 1) 8405269a3aSJordan Crouse #define DRM_FILE_PAGE_OFFSET_SIZE ((0xFFFFFFFUL >> PAGE_SHIFT) * 16) 8505269a3aSJordan Crouse #endif 86a2c0a97bSJesse Barnes 87673a394bSEric Anholt /** 88673a394bSEric Anholt * Initialize the GEM device fields 89673a394bSEric Anholt */ 90673a394bSEric Anholt 91673a394bSEric Anholt int 92673a394bSEric Anholt drm_gem_init(struct drm_device *dev) 93673a394bSEric Anholt { 94a2c0a97bSJesse Barnes struct drm_gem_mm *mm; 95a2c0a97bSJesse Barnes 96cd4f013fSDaniel Vetter mutex_init(&dev->object_name_lock); 97673a394bSEric Anholt idr_init(&dev->object_name_idr); 98a2c0a97bSJesse Barnes 999a298b2aSEric Anholt mm = kzalloc(sizeof(struct drm_gem_mm), GFP_KERNEL); 100a2c0a97bSJesse Barnes if (!mm) { 101a2c0a97bSJesse Barnes DRM_ERROR("out of memory\n"); 102a2c0a97bSJesse Barnes return -ENOMEM; 103a2c0a97bSJesse Barnes } 104a2c0a97bSJesse Barnes 105a2c0a97bSJesse Barnes dev->mm_private = mm; 1060de23977SDavid Herrmann drm_vma_offset_manager_init(&mm->vma_manager, 1070de23977SDavid Herrmann DRM_FILE_PAGE_OFFSET_START, 10877ef8bbcSDavid Herrmann DRM_FILE_PAGE_OFFSET_SIZE); 109a2c0a97bSJesse Barnes 110673a394bSEric Anholt return 0; 111673a394bSEric Anholt } 112673a394bSEric Anholt 113a2c0a97bSJesse Barnes void 114a2c0a97bSJesse Barnes drm_gem_destroy(struct drm_device *dev) 115a2c0a97bSJesse Barnes { 116a2c0a97bSJesse Barnes struct drm_gem_mm *mm = dev->mm_private; 117a2c0a97bSJesse Barnes 1180de23977SDavid Herrmann drm_vma_offset_manager_destroy(&mm->vma_manager); 1199a298b2aSEric Anholt kfree(mm); 120a2c0a97bSJesse Barnes dev->mm_private = NULL; 121a2c0a97bSJesse Barnes } 122a2c0a97bSJesse Barnes 123673a394bSEric Anholt /** 12462cb7011SAlan Cox * Initialize an already allocated GEM object of the specified size with 1251d397043SDaniel Vetter * shmfs backing store. 1261d397043SDaniel Vetter */ 1271d397043SDaniel Vetter int drm_gem_object_init(struct drm_device *dev, 1281d397043SDaniel Vetter struct drm_gem_object *obj, size_t size) 1291d397043SDaniel Vetter { 13089c8233fSDavid Herrmann struct file *filp; 1311d397043SDaniel Vetter 13289c8233fSDavid Herrmann filp = shmem_file_setup("drm mm object", size, VM_NORESERVE); 13389c8233fSDavid Herrmann if (IS_ERR(filp)) 13489c8233fSDavid Herrmann return PTR_ERR(filp); 1351d397043SDaniel Vetter 13689c8233fSDavid Herrmann drm_gem_private_object_init(dev, obj, size); 13789c8233fSDavid Herrmann obj->filp = filp; 1381d397043SDaniel Vetter 1391d397043SDaniel Vetter return 0; 1401d397043SDaniel Vetter } 1411d397043SDaniel Vetter EXPORT_SYMBOL(drm_gem_object_init); 1421d397043SDaniel Vetter 1431d397043SDaniel Vetter /** 14462cb7011SAlan Cox * Initialize an already allocated GEM object of the specified size with 14562cb7011SAlan Cox * no GEM provided backing store. Instead the caller is responsible for 14662cb7011SAlan Cox * backing the object and handling it. 14762cb7011SAlan Cox */ 14889c8233fSDavid Herrmann void drm_gem_private_object_init(struct drm_device *dev, 14962cb7011SAlan Cox struct drm_gem_object *obj, size_t size) 15062cb7011SAlan Cox { 15162cb7011SAlan Cox BUG_ON((size & (PAGE_SIZE - 1)) != 0); 15262cb7011SAlan Cox 15362cb7011SAlan Cox obj->dev = dev; 15462cb7011SAlan Cox obj->filp = NULL; 15562cb7011SAlan Cox 15662cb7011SAlan Cox kref_init(&obj->refcount); 157a8e11d1cSDaniel Vetter obj->handle_count = 0; 15862cb7011SAlan Cox obj->size = size; 15988d7ebe5SDavid Herrmann drm_vma_node_reset(&obj->vma_node); 16062cb7011SAlan Cox } 16162cb7011SAlan Cox EXPORT_SYMBOL(drm_gem_private_object_init); 16262cb7011SAlan Cox 16362cb7011SAlan Cox /** 164673a394bSEric Anholt * Allocate a GEM object of the specified size with shmfs backing store 165673a394bSEric Anholt */ 166673a394bSEric Anholt struct drm_gem_object * 167673a394bSEric Anholt drm_gem_object_alloc(struct drm_device *dev, size_t size) 168673a394bSEric Anholt { 169673a394bSEric Anholt struct drm_gem_object *obj; 170673a394bSEric Anholt 171b798b1feSRobert P. J. Day obj = kzalloc(sizeof(*obj), GFP_KERNEL); 172845792d9SJiri Slaby if (!obj) 173845792d9SJiri Slaby goto free; 174673a394bSEric Anholt 1751d397043SDaniel Vetter if (drm_gem_object_init(dev, obj, size) != 0) 176845792d9SJiri Slaby goto free; 177673a394bSEric Anholt 178673a394bSEric Anholt if (dev->driver->gem_init_object != NULL && 179673a394bSEric Anholt dev->driver->gem_init_object(obj) != 0) { 180845792d9SJiri Slaby goto fput; 181673a394bSEric Anholt } 182673a394bSEric Anholt return obj; 183845792d9SJiri Slaby fput: 1841d397043SDaniel Vetter /* Object_init mangles the global counters - readjust them. */ 185845792d9SJiri Slaby fput(obj->filp); 186845792d9SJiri Slaby free: 187845792d9SJiri Slaby kfree(obj); 188845792d9SJiri Slaby return NULL; 189673a394bSEric Anholt } 190673a394bSEric Anholt EXPORT_SYMBOL(drm_gem_object_alloc); 191673a394bSEric Anholt 1920ff926c7SDave Airlie static void 1930ff926c7SDave Airlie drm_gem_remove_prime_handles(struct drm_gem_object *obj, struct drm_file *filp) 1940ff926c7SDave Airlie { 195319c933cSDaniel Vetter /* 196319c933cSDaniel Vetter * Note: obj->dma_buf can't disappear as long as we still hold a 197319c933cSDaniel Vetter * handle reference in obj->handle_count. 198319c933cSDaniel Vetter */ 199d0b2c533SDaniel Vetter mutex_lock(&filp->prime.lock); 200319c933cSDaniel Vetter if (obj->dma_buf) { 201d0b2c533SDaniel Vetter drm_prime_remove_buf_handle_locked(&filp->prime, 202319c933cSDaniel Vetter obj->dma_buf); 2030ff926c7SDave Airlie } 204d0b2c533SDaniel Vetter mutex_unlock(&filp->prime.lock); 2050ff926c7SDave Airlie } 2060ff926c7SDave Airlie 20736da5908SDaniel Vetter static void drm_gem_object_ref_bug(struct kref *list_kref) 20836da5908SDaniel Vetter { 20936da5908SDaniel Vetter BUG(); 21036da5908SDaniel Vetter } 21136da5908SDaniel Vetter 21236da5908SDaniel Vetter /** 21336da5908SDaniel Vetter * Called after the last handle to the object has been closed 21436da5908SDaniel Vetter * 21536da5908SDaniel Vetter * Removes any name for the object. Note that this must be 21636da5908SDaniel Vetter * called before drm_gem_object_free or we'll be touching 21736da5908SDaniel Vetter * freed memory 21836da5908SDaniel Vetter */ 21936da5908SDaniel Vetter static void drm_gem_object_handle_free(struct drm_gem_object *obj) 22036da5908SDaniel Vetter { 22136da5908SDaniel Vetter struct drm_device *dev = obj->dev; 22236da5908SDaniel Vetter 22336da5908SDaniel Vetter /* Remove any name for this object */ 22436da5908SDaniel Vetter if (obj->name) { 22536da5908SDaniel Vetter idr_remove(&dev->object_name_idr, obj->name); 22636da5908SDaniel Vetter obj->name = 0; 22736da5908SDaniel Vetter /* 22836da5908SDaniel Vetter * The object name held a reference to this object, drop 22936da5908SDaniel Vetter * that now. 23036da5908SDaniel Vetter * 23136da5908SDaniel Vetter * This cannot be the last reference, since the handle holds one too. 23236da5908SDaniel Vetter */ 23336da5908SDaniel Vetter kref_put(&obj->refcount, drm_gem_object_ref_bug); 234a8e11d1cSDaniel Vetter } 23536da5908SDaniel Vetter } 23636da5908SDaniel Vetter 237319c933cSDaniel Vetter static void drm_gem_object_exported_dma_buf_free(struct drm_gem_object *obj) 238319c933cSDaniel Vetter { 239319c933cSDaniel Vetter /* Unbreak the reference cycle if we have an exported dma_buf. */ 240319c933cSDaniel Vetter if (obj->dma_buf) { 241319c933cSDaniel Vetter dma_buf_put(obj->dma_buf); 242319c933cSDaniel Vetter obj->dma_buf = NULL; 243319c933cSDaniel Vetter } 244319c933cSDaniel Vetter } 245319c933cSDaniel Vetter 246becee2a5SDaniel Vetter static void 24736da5908SDaniel Vetter drm_gem_object_handle_unreference_unlocked(struct drm_gem_object *obj) 24836da5908SDaniel Vetter { 249a8e11d1cSDaniel Vetter if (WARN_ON(obj->handle_count == 0)) 25036da5908SDaniel Vetter return; 25136da5908SDaniel Vetter 25236da5908SDaniel Vetter /* 25336da5908SDaniel Vetter * Must bump handle count first as this may be the last 25436da5908SDaniel Vetter * ref, in which case the object would disappear before we 25536da5908SDaniel Vetter * checked for a name 25636da5908SDaniel Vetter */ 25736da5908SDaniel Vetter 258cd4f013fSDaniel Vetter mutex_lock(&obj->dev->object_name_lock); 259319c933cSDaniel Vetter if (--obj->handle_count == 0) { 26036da5908SDaniel Vetter drm_gem_object_handle_free(obj); 261319c933cSDaniel Vetter drm_gem_object_exported_dma_buf_free(obj); 262319c933cSDaniel Vetter } 263cd4f013fSDaniel Vetter mutex_unlock(&obj->dev->object_name_lock); 264a8e11d1cSDaniel Vetter 26536da5908SDaniel Vetter drm_gem_object_unreference_unlocked(obj); 26636da5908SDaniel Vetter } 26736da5908SDaniel Vetter 268673a394bSEric Anholt /** 269673a394bSEric Anholt * Removes the mapping from handle to filp for this object. 270673a394bSEric Anholt */ 271ff72145bSDave Airlie int 272a1a2d1d3SPekka Paalanen drm_gem_handle_delete(struct drm_file *filp, u32 handle) 273673a394bSEric Anholt { 274673a394bSEric Anholt struct drm_device *dev; 275673a394bSEric Anholt struct drm_gem_object *obj; 276673a394bSEric Anholt 277673a394bSEric Anholt /* This is gross. The idr system doesn't let us try a delete and 278673a394bSEric Anholt * return an error code. It just spews if you fail at deleting. 279673a394bSEric Anholt * So, we have to grab a lock around finding the object and then 280673a394bSEric Anholt * doing the delete on it and dropping the refcount, or the user 281673a394bSEric Anholt * could race us to double-decrement the refcount and cause a 282673a394bSEric Anholt * use-after-free later. Given the frequency of our handle lookups, 283673a394bSEric Anholt * we may want to use ida for number allocation and a hash table 284673a394bSEric Anholt * for the pointers, anyway. 285673a394bSEric Anholt */ 286673a394bSEric Anholt spin_lock(&filp->table_lock); 287673a394bSEric Anholt 288673a394bSEric Anholt /* Check if we currently have a reference on the object */ 289673a394bSEric Anholt obj = idr_find(&filp->object_idr, handle); 290673a394bSEric Anholt if (obj == NULL) { 291673a394bSEric Anholt spin_unlock(&filp->table_lock); 292673a394bSEric Anholt return -EINVAL; 293673a394bSEric Anholt } 294673a394bSEric Anholt dev = obj->dev; 295673a394bSEric Anholt 296673a394bSEric Anholt /* Release reference and decrement refcount. */ 297673a394bSEric Anholt idr_remove(&filp->object_idr, handle); 298673a394bSEric Anholt spin_unlock(&filp->table_lock); 299673a394bSEric Anholt 3000ff926c7SDave Airlie drm_gem_remove_prime_handles(obj, filp); 301*ca481c9bSDavid Herrmann drm_vma_node_revoke(&obj->vma_node, filp->filp); 3023248877eSDave Airlie 303304eda32SBen Skeggs if (dev->driver->gem_close_object) 304304eda32SBen Skeggs dev->driver->gem_close_object(obj, filp); 305bc9025bdSLuca Barbieri drm_gem_object_handle_unreference_unlocked(obj); 306673a394bSEric Anholt 307673a394bSEric Anholt return 0; 308673a394bSEric Anholt } 309ff72145bSDave Airlie EXPORT_SYMBOL(drm_gem_handle_delete); 310673a394bSEric Anholt 311673a394bSEric Anholt /** 31243387b37SDaniel Vetter * drm_gem_dumb_destroy - dumb fb callback helper for gem based drivers 31343387b37SDaniel Vetter * 31443387b37SDaniel Vetter * This implements the ->dumb_destroy kms driver callback for drivers which use 31543387b37SDaniel Vetter * gem to manage their backing storage. 31643387b37SDaniel Vetter */ 31743387b37SDaniel Vetter int drm_gem_dumb_destroy(struct drm_file *file, 31843387b37SDaniel Vetter struct drm_device *dev, 31943387b37SDaniel Vetter uint32_t handle) 32043387b37SDaniel Vetter { 32143387b37SDaniel Vetter return drm_gem_handle_delete(file, handle); 32243387b37SDaniel Vetter } 32343387b37SDaniel Vetter EXPORT_SYMBOL(drm_gem_dumb_destroy); 32443387b37SDaniel Vetter 32543387b37SDaniel Vetter /** 32620228c44SDaniel Vetter * drm_gem_handle_create_tail - internal functions to create a handle 32720228c44SDaniel Vetter * 32820228c44SDaniel Vetter * This expects the dev->object_name_lock to be held already and will drop it 32920228c44SDaniel Vetter * before returning. Used to avoid races in establishing new handles when 33020228c44SDaniel Vetter * importing an object from either an flink name or a dma-buf. 331673a394bSEric Anholt */ 332673a394bSEric Anholt int 33320228c44SDaniel Vetter drm_gem_handle_create_tail(struct drm_file *file_priv, 334673a394bSEric Anholt struct drm_gem_object *obj, 335a1a2d1d3SPekka Paalanen u32 *handlep) 336673a394bSEric Anholt { 337304eda32SBen Skeggs struct drm_device *dev = obj->dev; 338673a394bSEric Anholt int ret; 339673a394bSEric Anholt 34020228c44SDaniel Vetter WARN_ON(!mutex_is_locked(&dev->object_name_lock)); 34120228c44SDaniel Vetter 342673a394bSEric Anholt /* 3432e928815STejun Heo * Get the user-visible handle using idr. Preload and perform 3442e928815STejun Heo * allocation under our spinlock. 345673a394bSEric Anholt */ 3462e928815STejun Heo idr_preload(GFP_KERNEL); 347673a394bSEric Anholt spin_lock(&file_priv->table_lock); 3482e928815STejun Heo 3492e928815STejun Heo ret = idr_alloc(&file_priv->object_idr, obj, 1, 0, GFP_NOWAIT); 350a8e11d1cSDaniel Vetter drm_gem_object_reference(obj); 351a8e11d1cSDaniel Vetter obj->handle_count++; 352673a394bSEric Anholt spin_unlock(&file_priv->table_lock); 3532e928815STejun Heo idr_preload_end(); 354cd4f013fSDaniel Vetter mutex_unlock(&dev->object_name_lock); 355a8e11d1cSDaniel Vetter if (ret < 0) { 356a8e11d1cSDaniel Vetter drm_gem_object_handle_unreference_unlocked(obj); 357673a394bSEric Anholt return ret; 358a8e11d1cSDaniel Vetter } 3592e928815STejun Heo *handlep = ret; 360673a394bSEric Anholt 361*ca481c9bSDavid Herrmann ret = drm_vma_node_allow(&obj->vma_node, file_priv->filp); 362*ca481c9bSDavid Herrmann if (ret) { 363*ca481c9bSDavid Herrmann drm_gem_handle_delete(file_priv, *handlep); 364*ca481c9bSDavid Herrmann return ret; 365*ca481c9bSDavid Herrmann } 366304eda32SBen Skeggs 367304eda32SBen Skeggs if (dev->driver->gem_open_object) { 368304eda32SBen Skeggs ret = dev->driver->gem_open_object(obj, file_priv); 369304eda32SBen Skeggs if (ret) { 370304eda32SBen Skeggs drm_gem_handle_delete(file_priv, *handlep); 371304eda32SBen Skeggs return ret; 372304eda32SBen Skeggs } 373304eda32SBen Skeggs } 374304eda32SBen Skeggs 375673a394bSEric Anholt return 0; 376673a394bSEric Anholt } 37720228c44SDaniel Vetter 37820228c44SDaniel Vetter /** 37920228c44SDaniel Vetter * Create a handle for this object. This adds a handle reference 38020228c44SDaniel Vetter * to the object, which includes a regular reference count. Callers 38120228c44SDaniel Vetter * will likely want to dereference the object afterwards. 38220228c44SDaniel Vetter */ 38320228c44SDaniel Vetter int 38420228c44SDaniel Vetter drm_gem_handle_create(struct drm_file *file_priv, 38520228c44SDaniel Vetter struct drm_gem_object *obj, 38620228c44SDaniel Vetter u32 *handlep) 38720228c44SDaniel Vetter { 38820228c44SDaniel Vetter mutex_lock(&obj->dev->object_name_lock); 38920228c44SDaniel Vetter 39020228c44SDaniel Vetter return drm_gem_handle_create_tail(file_priv, obj, handlep); 39120228c44SDaniel Vetter } 392673a394bSEric Anholt EXPORT_SYMBOL(drm_gem_handle_create); 393673a394bSEric Anholt 39475ef8b3bSRob Clark 39575ef8b3bSRob Clark /** 39675ef8b3bSRob Clark * drm_gem_free_mmap_offset - release a fake mmap offset for an object 39775ef8b3bSRob Clark * @obj: obj in question 39875ef8b3bSRob Clark * 39975ef8b3bSRob Clark * This routine frees fake offsets allocated by drm_gem_create_mmap_offset(). 40075ef8b3bSRob Clark */ 40175ef8b3bSRob Clark void 40275ef8b3bSRob Clark drm_gem_free_mmap_offset(struct drm_gem_object *obj) 40375ef8b3bSRob Clark { 40475ef8b3bSRob Clark struct drm_device *dev = obj->dev; 40575ef8b3bSRob Clark struct drm_gem_mm *mm = dev->mm_private; 40675ef8b3bSRob Clark 4070de23977SDavid Herrmann drm_vma_offset_remove(&mm->vma_manager, &obj->vma_node); 40875ef8b3bSRob Clark } 40975ef8b3bSRob Clark EXPORT_SYMBOL(drm_gem_free_mmap_offset); 41075ef8b3bSRob Clark 41175ef8b3bSRob Clark /** 412367bbd49SRob Clark * drm_gem_create_mmap_offset_size - create a fake mmap offset for an object 413367bbd49SRob Clark * @obj: obj in question 414367bbd49SRob Clark * @size: the virtual size 415367bbd49SRob Clark * 416367bbd49SRob Clark * GEM memory mapping works by handing back to userspace a fake mmap offset 417367bbd49SRob Clark * it can use in a subsequent mmap(2) call. The DRM core code then looks 418367bbd49SRob Clark * up the object based on the offset and sets up the various memory mapping 419367bbd49SRob Clark * structures. 420367bbd49SRob Clark * 421367bbd49SRob Clark * This routine allocates and attaches a fake offset for @obj, in cases where 422367bbd49SRob Clark * the virtual size differs from the physical size (ie. obj->size). Otherwise 423367bbd49SRob Clark * just use drm_gem_create_mmap_offset(). 424367bbd49SRob Clark */ 425367bbd49SRob Clark int 426367bbd49SRob Clark drm_gem_create_mmap_offset_size(struct drm_gem_object *obj, size_t size) 427367bbd49SRob Clark { 428367bbd49SRob Clark struct drm_device *dev = obj->dev; 429367bbd49SRob Clark struct drm_gem_mm *mm = dev->mm_private; 430367bbd49SRob Clark 431367bbd49SRob Clark return drm_vma_offset_add(&mm->vma_manager, &obj->vma_node, 432367bbd49SRob Clark size / PAGE_SIZE); 433367bbd49SRob Clark } 434367bbd49SRob Clark EXPORT_SYMBOL(drm_gem_create_mmap_offset_size); 435367bbd49SRob Clark 436367bbd49SRob Clark /** 43775ef8b3bSRob Clark * drm_gem_create_mmap_offset - create a fake mmap offset for an object 43875ef8b3bSRob Clark * @obj: obj in question 43975ef8b3bSRob Clark * 44075ef8b3bSRob Clark * GEM memory mapping works by handing back to userspace a fake mmap offset 44175ef8b3bSRob Clark * it can use in a subsequent mmap(2) call. The DRM core code then looks 44275ef8b3bSRob Clark * up the object based on the offset and sets up the various memory mapping 44375ef8b3bSRob Clark * structures. 44475ef8b3bSRob Clark * 44575ef8b3bSRob Clark * This routine allocates and attaches a fake offset for @obj. 44675ef8b3bSRob Clark */ 447367bbd49SRob Clark int drm_gem_create_mmap_offset(struct drm_gem_object *obj) 44875ef8b3bSRob Clark { 449367bbd49SRob Clark return drm_gem_create_mmap_offset_size(obj, obj->size); 45075ef8b3bSRob Clark } 45175ef8b3bSRob Clark EXPORT_SYMBOL(drm_gem_create_mmap_offset); 45275ef8b3bSRob Clark 453bcc5c9d5SRob Clark /** 454bcc5c9d5SRob Clark * drm_gem_get_pages - helper to allocate backing pages for a GEM object 455bcc5c9d5SRob Clark * from shmem 456bcc5c9d5SRob Clark * @obj: obj in question 457bcc5c9d5SRob Clark * @gfpmask: gfp mask of requested pages 458bcc5c9d5SRob Clark */ 459bcc5c9d5SRob Clark struct page **drm_gem_get_pages(struct drm_gem_object *obj, gfp_t gfpmask) 460bcc5c9d5SRob Clark { 461bcc5c9d5SRob Clark struct inode *inode; 462bcc5c9d5SRob Clark struct address_space *mapping; 463bcc5c9d5SRob Clark struct page *p, **pages; 464bcc5c9d5SRob Clark int i, npages; 465bcc5c9d5SRob Clark 466bcc5c9d5SRob Clark /* This is the shared memory object that backs the GEM resource */ 467bcc5c9d5SRob Clark inode = file_inode(obj->filp); 468bcc5c9d5SRob Clark mapping = inode->i_mapping; 469bcc5c9d5SRob Clark 470bcc5c9d5SRob Clark /* We already BUG_ON() for non-page-aligned sizes in 471bcc5c9d5SRob Clark * drm_gem_object_init(), so we should never hit this unless 472bcc5c9d5SRob Clark * driver author is doing something really wrong: 473bcc5c9d5SRob Clark */ 474bcc5c9d5SRob Clark WARN_ON((obj->size & (PAGE_SIZE - 1)) != 0); 475bcc5c9d5SRob Clark 476bcc5c9d5SRob Clark npages = obj->size >> PAGE_SHIFT; 477bcc5c9d5SRob Clark 478bcc5c9d5SRob Clark pages = drm_malloc_ab(npages, sizeof(struct page *)); 479bcc5c9d5SRob Clark if (pages == NULL) 480bcc5c9d5SRob Clark return ERR_PTR(-ENOMEM); 481bcc5c9d5SRob Clark 482bcc5c9d5SRob Clark gfpmask |= mapping_gfp_mask(mapping); 483bcc5c9d5SRob Clark 484bcc5c9d5SRob Clark for (i = 0; i < npages; i++) { 485bcc5c9d5SRob Clark p = shmem_read_mapping_page_gfp(mapping, i, gfpmask); 486bcc5c9d5SRob Clark if (IS_ERR(p)) 487bcc5c9d5SRob Clark goto fail; 488bcc5c9d5SRob Clark pages[i] = p; 489bcc5c9d5SRob Clark 490bcc5c9d5SRob Clark /* There is a hypothetical issue w/ drivers that require 491bcc5c9d5SRob Clark * buffer memory in the low 4GB.. if the pages are un- 492bcc5c9d5SRob Clark * pinned, and swapped out, they can end up swapped back 493bcc5c9d5SRob Clark * in above 4GB. If pages are already in memory, then 494bcc5c9d5SRob Clark * shmem_read_mapping_page_gfp will ignore the gfpmask, 495bcc5c9d5SRob Clark * even if the already in-memory page disobeys the mask. 496bcc5c9d5SRob Clark * 497bcc5c9d5SRob Clark * It is only a theoretical issue today, because none of 498bcc5c9d5SRob Clark * the devices with this limitation can be populated with 499bcc5c9d5SRob Clark * enough memory to trigger the issue. But this BUG_ON() 500bcc5c9d5SRob Clark * is here as a reminder in case the problem with 501bcc5c9d5SRob Clark * shmem_read_mapping_page_gfp() isn't solved by the time 502bcc5c9d5SRob Clark * it does become a real issue. 503bcc5c9d5SRob Clark * 504bcc5c9d5SRob Clark * See this thread: http://lkml.org/lkml/2011/7/11/238 505bcc5c9d5SRob Clark */ 506bcc5c9d5SRob Clark BUG_ON((gfpmask & __GFP_DMA32) && 507bcc5c9d5SRob Clark (page_to_pfn(p) >= 0x00100000UL)); 508bcc5c9d5SRob Clark } 509bcc5c9d5SRob Clark 510bcc5c9d5SRob Clark return pages; 511bcc5c9d5SRob Clark 512bcc5c9d5SRob Clark fail: 513bcc5c9d5SRob Clark while (i--) 514bcc5c9d5SRob Clark page_cache_release(pages[i]); 515bcc5c9d5SRob Clark 516bcc5c9d5SRob Clark drm_free_large(pages); 517bcc5c9d5SRob Clark return ERR_CAST(p); 518bcc5c9d5SRob Clark } 519bcc5c9d5SRob Clark EXPORT_SYMBOL(drm_gem_get_pages); 520bcc5c9d5SRob Clark 521bcc5c9d5SRob Clark /** 522bcc5c9d5SRob Clark * drm_gem_put_pages - helper to free backing pages for a GEM object 523bcc5c9d5SRob Clark * @obj: obj in question 524bcc5c9d5SRob Clark * @pages: pages to free 525bcc5c9d5SRob Clark * @dirty: if true, pages will be marked as dirty 526bcc5c9d5SRob Clark * @accessed: if true, the pages will be marked as accessed 527bcc5c9d5SRob Clark */ 528bcc5c9d5SRob Clark void drm_gem_put_pages(struct drm_gem_object *obj, struct page **pages, 529bcc5c9d5SRob Clark bool dirty, bool accessed) 530bcc5c9d5SRob Clark { 531bcc5c9d5SRob Clark int i, npages; 532bcc5c9d5SRob Clark 533bcc5c9d5SRob Clark /* We already BUG_ON() for non-page-aligned sizes in 534bcc5c9d5SRob Clark * drm_gem_object_init(), so we should never hit this unless 535bcc5c9d5SRob Clark * driver author is doing something really wrong: 536bcc5c9d5SRob Clark */ 537bcc5c9d5SRob Clark WARN_ON((obj->size & (PAGE_SIZE - 1)) != 0); 538bcc5c9d5SRob Clark 539bcc5c9d5SRob Clark npages = obj->size >> PAGE_SHIFT; 540bcc5c9d5SRob Clark 541bcc5c9d5SRob Clark for (i = 0; i < npages; i++) { 542bcc5c9d5SRob Clark if (dirty) 543bcc5c9d5SRob Clark set_page_dirty(pages[i]); 544bcc5c9d5SRob Clark 545bcc5c9d5SRob Clark if (accessed) 546bcc5c9d5SRob Clark mark_page_accessed(pages[i]); 547bcc5c9d5SRob Clark 548bcc5c9d5SRob Clark /* Undo the reference we took when populating the table */ 549bcc5c9d5SRob Clark page_cache_release(pages[i]); 550bcc5c9d5SRob Clark } 551bcc5c9d5SRob Clark 552bcc5c9d5SRob Clark drm_free_large(pages); 553bcc5c9d5SRob Clark } 554bcc5c9d5SRob Clark EXPORT_SYMBOL(drm_gem_put_pages); 555bcc5c9d5SRob Clark 556673a394bSEric Anholt /** Returns a reference to the object named by the handle. */ 557673a394bSEric Anholt struct drm_gem_object * 558673a394bSEric Anholt drm_gem_object_lookup(struct drm_device *dev, struct drm_file *filp, 559a1a2d1d3SPekka Paalanen u32 handle) 560673a394bSEric Anholt { 561673a394bSEric Anholt struct drm_gem_object *obj; 562673a394bSEric Anholt 563673a394bSEric Anholt spin_lock(&filp->table_lock); 564673a394bSEric Anholt 565673a394bSEric Anholt /* Check if we currently have a reference on the object */ 566673a394bSEric Anholt obj = idr_find(&filp->object_idr, handle); 567673a394bSEric Anholt if (obj == NULL) { 568673a394bSEric Anholt spin_unlock(&filp->table_lock); 569673a394bSEric Anholt return NULL; 570673a394bSEric Anholt } 571673a394bSEric Anholt 572673a394bSEric Anholt drm_gem_object_reference(obj); 573673a394bSEric Anholt 574673a394bSEric Anholt spin_unlock(&filp->table_lock); 575673a394bSEric Anholt 576673a394bSEric Anholt return obj; 577673a394bSEric Anholt } 578673a394bSEric Anholt EXPORT_SYMBOL(drm_gem_object_lookup); 579673a394bSEric Anholt 580673a394bSEric Anholt /** 581673a394bSEric Anholt * Releases the handle to an mm object. 582673a394bSEric Anholt */ 583673a394bSEric Anholt int 584673a394bSEric Anholt drm_gem_close_ioctl(struct drm_device *dev, void *data, 585673a394bSEric Anholt struct drm_file *file_priv) 586673a394bSEric Anholt { 587673a394bSEric Anholt struct drm_gem_close *args = data; 588673a394bSEric Anholt int ret; 589673a394bSEric Anholt 590673a394bSEric Anholt if (!(dev->driver->driver_features & DRIVER_GEM)) 591673a394bSEric Anholt return -ENODEV; 592673a394bSEric Anholt 593673a394bSEric Anholt ret = drm_gem_handle_delete(file_priv, args->handle); 594673a394bSEric Anholt 595673a394bSEric Anholt return ret; 596673a394bSEric Anholt } 597673a394bSEric Anholt 598673a394bSEric Anholt /** 599673a394bSEric Anholt * Create a global name for an object, returning the name. 600673a394bSEric Anholt * 601673a394bSEric Anholt * Note that the name does not hold a reference; when the object 602673a394bSEric Anholt * is freed, the name goes away. 603673a394bSEric Anholt */ 604673a394bSEric Anholt int 605673a394bSEric Anholt drm_gem_flink_ioctl(struct drm_device *dev, void *data, 606673a394bSEric Anholt struct drm_file *file_priv) 607673a394bSEric Anholt { 608673a394bSEric Anholt struct drm_gem_flink *args = data; 609673a394bSEric Anholt struct drm_gem_object *obj; 610673a394bSEric Anholt int ret; 611673a394bSEric Anholt 612673a394bSEric Anholt if (!(dev->driver->driver_features & DRIVER_GEM)) 613673a394bSEric Anholt return -ENODEV; 614673a394bSEric Anholt 615673a394bSEric Anholt obj = drm_gem_object_lookup(dev, file_priv, args->handle); 616673a394bSEric Anholt if (obj == NULL) 617bf79cb91SChris Wilson return -ENOENT; 618673a394bSEric Anholt 619cd4f013fSDaniel Vetter mutex_lock(&dev->object_name_lock); 6202e928815STejun Heo idr_preload(GFP_KERNEL); 621a8e11d1cSDaniel Vetter /* prevent races with concurrent gem_close. */ 622a8e11d1cSDaniel Vetter if (obj->handle_count == 0) { 623a8e11d1cSDaniel Vetter ret = -ENOENT; 624a8e11d1cSDaniel Vetter goto err; 625a8e11d1cSDaniel Vetter } 626a8e11d1cSDaniel Vetter 6278d59bae5SChris Wilson if (!obj->name) { 6282e928815STejun Heo ret = idr_alloc(&dev->object_name_idr, obj, 1, 0, GFP_NOWAIT); 6292e928815STejun Heo if (ret < 0) 6303e49c4f4SChris Wilson goto err; 6312e07fb22SYoungJun Cho 6322e07fb22SYoungJun Cho obj->name = ret; 633673a394bSEric Anholt 6348d59bae5SChris Wilson /* Allocate a reference for the name table. */ 6358d59bae5SChris Wilson drm_gem_object_reference(obj); 6368d59bae5SChris Wilson } 6373e49c4f4SChris Wilson 6382e07fb22SYoungJun Cho args->name = (uint64_t) obj->name; 6392e07fb22SYoungJun Cho ret = 0; 6402e07fb22SYoungJun Cho 6413e49c4f4SChris Wilson err: 6422e07fb22SYoungJun Cho idr_preload_end(); 643cd4f013fSDaniel Vetter mutex_unlock(&dev->object_name_lock); 644bc9025bdSLuca Barbieri drm_gem_object_unreference_unlocked(obj); 6453e49c4f4SChris Wilson return ret; 646673a394bSEric Anholt } 647673a394bSEric Anholt 648673a394bSEric Anholt /** 649673a394bSEric Anholt * Open an object using the global name, returning a handle and the size. 650673a394bSEric Anholt * 651673a394bSEric Anholt * This handle (of course) holds a reference to the object, so the object 652673a394bSEric Anholt * will not go away until the handle is deleted. 653673a394bSEric Anholt */ 654673a394bSEric Anholt int 655673a394bSEric Anholt drm_gem_open_ioctl(struct drm_device *dev, void *data, 656673a394bSEric Anholt struct drm_file *file_priv) 657673a394bSEric Anholt { 658673a394bSEric Anholt struct drm_gem_open *args = data; 659673a394bSEric Anholt struct drm_gem_object *obj; 660673a394bSEric Anholt int ret; 661a1a2d1d3SPekka Paalanen u32 handle; 662673a394bSEric Anholt 663673a394bSEric Anholt if (!(dev->driver->driver_features & DRIVER_GEM)) 664673a394bSEric Anholt return -ENODEV; 665673a394bSEric Anholt 666cd4f013fSDaniel Vetter mutex_lock(&dev->object_name_lock); 667673a394bSEric Anholt obj = idr_find(&dev->object_name_idr, (int) args->name); 66820228c44SDaniel Vetter if (obj) { 669673a394bSEric Anholt drm_gem_object_reference(obj); 67020228c44SDaniel Vetter } else { 671cd4f013fSDaniel Vetter mutex_unlock(&dev->object_name_lock); 672673a394bSEric Anholt return -ENOENT; 67320228c44SDaniel Vetter } 674673a394bSEric Anholt 67520228c44SDaniel Vetter /* drm_gem_handle_create_tail unlocks dev->object_name_lock. */ 67620228c44SDaniel Vetter ret = drm_gem_handle_create_tail(file_priv, obj, &handle); 677bc9025bdSLuca Barbieri drm_gem_object_unreference_unlocked(obj); 678673a394bSEric Anholt if (ret) 679673a394bSEric Anholt return ret; 680673a394bSEric Anholt 681673a394bSEric Anholt args->handle = handle; 682673a394bSEric Anholt args->size = obj->size; 683673a394bSEric Anholt 684673a394bSEric Anholt return 0; 685673a394bSEric Anholt } 686673a394bSEric Anholt 687673a394bSEric Anholt /** 688673a394bSEric Anholt * Called at device open time, sets up the structure for handling refcounting 689673a394bSEric Anholt * of mm objects. 690673a394bSEric Anholt */ 691673a394bSEric Anholt void 692673a394bSEric Anholt drm_gem_open(struct drm_device *dev, struct drm_file *file_private) 693673a394bSEric Anholt { 694673a394bSEric Anholt idr_init(&file_private->object_idr); 695673a394bSEric Anholt spin_lock_init(&file_private->table_lock); 696673a394bSEric Anholt } 697673a394bSEric Anholt 698673a394bSEric Anholt /** 699673a394bSEric Anholt * Called at device close to release the file's 700673a394bSEric Anholt * handle references on objects. 701673a394bSEric Anholt */ 702673a394bSEric Anholt static int 703673a394bSEric Anholt drm_gem_object_release_handle(int id, void *ptr, void *data) 704673a394bSEric Anholt { 705304eda32SBen Skeggs struct drm_file *file_priv = data; 706673a394bSEric Anholt struct drm_gem_object *obj = ptr; 707304eda32SBen Skeggs struct drm_device *dev = obj->dev; 708304eda32SBen Skeggs 7090ff926c7SDave Airlie drm_gem_remove_prime_handles(obj, file_priv); 710*ca481c9bSDavid Herrmann drm_vma_node_revoke(&obj->vma_node, file_priv->filp); 7113248877eSDave Airlie 712304eda32SBen Skeggs if (dev->driver->gem_close_object) 713304eda32SBen Skeggs dev->driver->gem_close_object(obj, file_priv); 714673a394bSEric Anholt 715bc9025bdSLuca Barbieri drm_gem_object_handle_unreference_unlocked(obj); 716673a394bSEric Anholt 717673a394bSEric Anholt return 0; 718673a394bSEric Anholt } 719673a394bSEric Anholt 720673a394bSEric Anholt /** 721673a394bSEric Anholt * Called at close time when the filp is going away. 722673a394bSEric Anholt * 723673a394bSEric Anholt * Releases any remaining references on objects by this filp. 724673a394bSEric Anholt */ 725673a394bSEric Anholt void 726673a394bSEric Anholt drm_gem_release(struct drm_device *dev, struct drm_file *file_private) 727673a394bSEric Anholt { 728673a394bSEric Anholt idr_for_each(&file_private->object_idr, 729304eda32SBen Skeggs &drm_gem_object_release_handle, file_private); 730673a394bSEric Anholt idr_destroy(&file_private->object_idr); 731673a394bSEric Anholt } 732673a394bSEric Anholt 733fd632aa3SDaniel Vetter void 734fd632aa3SDaniel Vetter drm_gem_object_release(struct drm_gem_object *obj) 735c3ae90c0SLuca Barbieri { 736319c933cSDaniel Vetter WARN_ON(obj->dma_buf); 737319c933cSDaniel Vetter 73862cb7011SAlan Cox if (obj->filp) 739c3ae90c0SLuca Barbieri fput(obj->filp); 740c3ae90c0SLuca Barbieri } 741fd632aa3SDaniel Vetter EXPORT_SYMBOL(drm_gem_object_release); 742c3ae90c0SLuca Barbieri 743673a394bSEric Anholt /** 744673a394bSEric Anholt * Called after the last reference to the object has been lost. 745c3ae90c0SLuca Barbieri * Must be called holding struct_ mutex 746673a394bSEric Anholt * 747673a394bSEric Anholt * Frees the object 748673a394bSEric Anholt */ 749673a394bSEric Anholt void 750673a394bSEric Anholt drm_gem_object_free(struct kref *kref) 751673a394bSEric Anholt { 752673a394bSEric Anholt struct drm_gem_object *obj = (struct drm_gem_object *) kref; 753673a394bSEric Anholt struct drm_device *dev = obj->dev; 754673a394bSEric Anholt 755673a394bSEric Anholt BUG_ON(!mutex_is_locked(&dev->struct_mutex)); 756673a394bSEric Anholt 757673a394bSEric Anholt if (dev->driver->gem_free_object != NULL) 758673a394bSEric Anholt dev->driver->gem_free_object(obj); 759673a394bSEric Anholt } 760673a394bSEric Anholt EXPORT_SYMBOL(drm_gem_object_free); 761673a394bSEric Anholt 762ab00b3e5SJesse Barnes void drm_gem_vm_open(struct vm_area_struct *vma) 763ab00b3e5SJesse Barnes { 764ab00b3e5SJesse Barnes struct drm_gem_object *obj = vma->vm_private_data; 765ab00b3e5SJesse Barnes 766ab00b3e5SJesse Barnes drm_gem_object_reference(obj); 76731dfbc93SChris Wilson 76831dfbc93SChris Wilson mutex_lock(&obj->dev->struct_mutex); 769b06d66beSRob Clark drm_vm_open_locked(obj->dev, vma); 77031dfbc93SChris Wilson mutex_unlock(&obj->dev->struct_mutex); 771ab00b3e5SJesse Barnes } 772ab00b3e5SJesse Barnes EXPORT_SYMBOL(drm_gem_vm_open); 773ab00b3e5SJesse Barnes 774ab00b3e5SJesse Barnes void drm_gem_vm_close(struct vm_area_struct *vma) 775ab00b3e5SJesse Barnes { 776ab00b3e5SJesse Barnes struct drm_gem_object *obj = vma->vm_private_data; 777b74ad5aeSChris Wilson struct drm_device *dev = obj->dev; 778ab00b3e5SJesse Barnes 779b74ad5aeSChris Wilson mutex_lock(&dev->struct_mutex); 780b06d66beSRob Clark drm_vm_close_locked(obj->dev, vma); 78131dfbc93SChris Wilson drm_gem_object_unreference(obj); 782b74ad5aeSChris Wilson mutex_unlock(&dev->struct_mutex); 783ab00b3e5SJesse Barnes } 784ab00b3e5SJesse Barnes EXPORT_SYMBOL(drm_gem_vm_close); 785ab00b3e5SJesse Barnes 7861c5aafa6SLaurent Pinchart /** 7871c5aafa6SLaurent Pinchart * drm_gem_mmap_obj - memory map a GEM object 7881c5aafa6SLaurent Pinchart * @obj: the GEM object to map 7891c5aafa6SLaurent Pinchart * @obj_size: the object size to be mapped, in bytes 7901c5aafa6SLaurent Pinchart * @vma: VMA for the area to be mapped 7911c5aafa6SLaurent Pinchart * 7921c5aafa6SLaurent Pinchart * Set up the VMA to prepare mapping of the GEM object using the gem_vm_ops 7931c5aafa6SLaurent Pinchart * provided by the driver. Depending on their requirements, drivers can either 7941c5aafa6SLaurent Pinchart * provide a fault handler in their gem_vm_ops (in which case any accesses to 7951c5aafa6SLaurent Pinchart * the object will be trapped, to perform migration, GTT binding, surface 7961c5aafa6SLaurent Pinchart * register allocation, or performance monitoring), or mmap the buffer memory 7971c5aafa6SLaurent Pinchart * synchronously after calling drm_gem_mmap_obj. 7981c5aafa6SLaurent Pinchart * 7991c5aafa6SLaurent Pinchart * This function is mainly intended to implement the DMABUF mmap operation, when 8001c5aafa6SLaurent Pinchart * the GEM object is not looked up based on its fake offset. To implement the 8011c5aafa6SLaurent Pinchart * DRM mmap operation, drivers should use the drm_gem_mmap() function. 8021c5aafa6SLaurent Pinchart * 803*ca481c9bSDavid Herrmann * drm_gem_mmap_obj() assumes the user is granted access to the buffer while 804*ca481c9bSDavid Herrmann * drm_gem_mmap() prevents unprivileged users from mapping random objects. So 805*ca481c9bSDavid Herrmann * callers must verify access restrictions before calling this helper. 806*ca481c9bSDavid Herrmann * 8074368dd84SYoungJun Cho * NOTE: This function has to be protected with dev->struct_mutex 8084368dd84SYoungJun Cho * 8091c5aafa6SLaurent Pinchart * Return 0 or success or -EINVAL if the object size is smaller than the VMA 8101c5aafa6SLaurent Pinchart * size, or if no gem_vm_ops are provided. 8111c5aafa6SLaurent Pinchart */ 8121c5aafa6SLaurent Pinchart int drm_gem_mmap_obj(struct drm_gem_object *obj, unsigned long obj_size, 8131c5aafa6SLaurent Pinchart struct vm_area_struct *vma) 8141c5aafa6SLaurent Pinchart { 8151c5aafa6SLaurent Pinchart struct drm_device *dev = obj->dev; 8161c5aafa6SLaurent Pinchart 8174368dd84SYoungJun Cho lockdep_assert_held(&dev->struct_mutex); 8184368dd84SYoungJun Cho 8191c5aafa6SLaurent Pinchart /* Check for valid size. */ 8201c5aafa6SLaurent Pinchart if (obj_size < vma->vm_end - vma->vm_start) 8211c5aafa6SLaurent Pinchart return -EINVAL; 8221c5aafa6SLaurent Pinchart 8231c5aafa6SLaurent Pinchart if (!dev->driver->gem_vm_ops) 8241c5aafa6SLaurent Pinchart return -EINVAL; 8251c5aafa6SLaurent Pinchart 8261c5aafa6SLaurent Pinchart vma->vm_flags |= VM_IO | VM_PFNMAP | VM_DONTEXPAND | VM_DONTDUMP; 8271c5aafa6SLaurent Pinchart vma->vm_ops = dev->driver->gem_vm_ops; 8281c5aafa6SLaurent Pinchart vma->vm_private_data = obj; 8291c5aafa6SLaurent Pinchart vma->vm_page_prot = pgprot_writecombine(vm_get_page_prot(vma->vm_flags)); 8301c5aafa6SLaurent Pinchart 8311c5aafa6SLaurent Pinchart /* Take a ref for this mapping of the object, so that the fault 8321c5aafa6SLaurent Pinchart * handler can dereference the mmap offset's pointer to the object. 8331c5aafa6SLaurent Pinchart * This reference is cleaned up by the corresponding vm_close 8341c5aafa6SLaurent Pinchart * (which should happen whether the vma was created by this call, or 8351c5aafa6SLaurent Pinchart * by a vm_open due to mremap or partial unmap or whatever). 8361c5aafa6SLaurent Pinchart */ 8371c5aafa6SLaurent Pinchart drm_gem_object_reference(obj); 8381c5aafa6SLaurent Pinchart 8391c5aafa6SLaurent Pinchart drm_vm_open_locked(dev, vma); 8401c5aafa6SLaurent Pinchart return 0; 8411c5aafa6SLaurent Pinchart } 8421c5aafa6SLaurent Pinchart EXPORT_SYMBOL(drm_gem_mmap_obj); 843ab00b3e5SJesse Barnes 844a2c0a97bSJesse Barnes /** 845a2c0a97bSJesse Barnes * drm_gem_mmap - memory map routine for GEM objects 846a2c0a97bSJesse Barnes * @filp: DRM file pointer 847a2c0a97bSJesse Barnes * @vma: VMA for the area to be mapped 848a2c0a97bSJesse Barnes * 849a2c0a97bSJesse Barnes * If a driver supports GEM object mapping, mmap calls on the DRM file 850a2c0a97bSJesse Barnes * descriptor will end up here. 851a2c0a97bSJesse Barnes * 8521c5aafa6SLaurent Pinchart * Look up the GEM object based on the offset passed in (vma->vm_pgoff will 853a2c0a97bSJesse Barnes * contain the fake offset we created when the GTT map ioctl was called on 8541c5aafa6SLaurent Pinchart * the object) and map it with a call to drm_gem_mmap_obj(). 855*ca481c9bSDavid Herrmann * 856*ca481c9bSDavid Herrmann * If the caller is not granted access to the buffer object, the mmap will fail 857*ca481c9bSDavid Herrmann * with EACCES. Please see the vma manager for more information. 858a2c0a97bSJesse Barnes */ 859a2c0a97bSJesse Barnes int drm_gem_mmap(struct file *filp, struct vm_area_struct *vma) 860a2c0a97bSJesse Barnes { 861a2c0a97bSJesse Barnes struct drm_file *priv = filp->private_data; 862a2c0a97bSJesse Barnes struct drm_device *dev = priv->minor->dev; 863a2c0a97bSJesse Barnes struct drm_gem_mm *mm = dev->mm_private; 8640de23977SDavid Herrmann struct drm_gem_object *obj; 8650de23977SDavid Herrmann struct drm_vma_offset_node *node; 866a2c0a97bSJesse Barnes int ret = 0; 867a2c0a97bSJesse Barnes 8682c07a21dSDave Airlie if (drm_device_is_unplugged(dev)) 8692c07a21dSDave Airlie return -ENODEV; 8702c07a21dSDave Airlie 871a2c0a97bSJesse Barnes mutex_lock(&dev->struct_mutex); 872a2c0a97bSJesse Barnes 8730de23977SDavid Herrmann node = drm_vma_offset_exact_lookup(&mm->vma_manager, vma->vm_pgoff, 8740de23977SDavid Herrmann vma_pages(vma)); 8750de23977SDavid Herrmann if (!node) { 876a2c0a97bSJesse Barnes mutex_unlock(&dev->struct_mutex); 877a2c0a97bSJesse Barnes return drm_mmap(filp, vma); 878*ca481c9bSDavid Herrmann } else if (!drm_vma_node_is_allowed(node, filp)) { 879*ca481c9bSDavid Herrmann mutex_unlock(&dev->struct_mutex); 880*ca481c9bSDavid Herrmann return -EACCES; 881a2c0a97bSJesse Barnes } 882a2c0a97bSJesse Barnes 8830de23977SDavid Herrmann obj = container_of(node, struct drm_gem_object, vma_node); 884aed2c03cSDavid Herrmann ret = drm_gem_mmap_obj(obj, drm_vma_node_size(node) << PAGE_SHIFT, vma); 885a2c0a97bSJesse Barnes 886a2c0a97bSJesse Barnes mutex_unlock(&dev->struct_mutex); 887a2c0a97bSJesse Barnes 888a2c0a97bSJesse Barnes return ret; 889a2c0a97bSJesse Barnes } 890a2c0a97bSJesse Barnes EXPORT_SYMBOL(drm_gem_mmap); 891