1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Framework for buffer objects that can be shared across devices/subsystems. 4 * 5 * Copyright(C) 2011 Linaro Limited. All rights reserved. 6 * Author: Sumit Semwal <sumit.semwal@ti.com> 7 * 8 * Many thanks to linaro-mm-sig list, and specially 9 * Arnd Bergmann <arnd@arndb.de>, Rob Clark <rob@ti.com> and 10 * Daniel Vetter <daniel@ffwll.ch> for their support in creation and 11 * refining of this idea. 12 */ 13 14 #include <linux/fs.h> 15 #include <linux/slab.h> 16 #include <linux/dma-buf.h> 17 #include <linux/dma-fence.h> 18 #include <linux/anon_inodes.h> 19 #include <linux/export.h> 20 #include <linux/debugfs.h> 21 #include <linux/module.h> 22 #include <linux/seq_file.h> 23 #include <linux/poll.h> 24 #include <linux/dma-resv.h> 25 #include <linux/mm.h> 26 #include <linux/mount.h> 27 #include <linux/pseudo_fs.h> 28 29 #include <uapi/linux/dma-buf.h> 30 #include <uapi/linux/magic.h> 31 32 #include "dma-buf-sysfs-stats.h" 33 34 static inline int is_dma_buf_file(struct file *); 35 36 struct dma_buf_list { 37 struct list_head head; 38 struct mutex lock; 39 }; 40 41 static struct dma_buf_list db_list; 42 43 static char *dmabuffs_dname(struct dentry *dentry, char *buffer, int buflen) 44 { 45 struct dma_buf *dmabuf; 46 char name[DMA_BUF_NAME_LEN]; 47 size_t ret = 0; 48 49 dmabuf = dentry->d_fsdata; 50 spin_lock(&dmabuf->name_lock); 51 if (dmabuf->name) 52 ret = strlcpy(name, dmabuf->name, DMA_BUF_NAME_LEN); 53 spin_unlock(&dmabuf->name_lock); 54 55 return dynamic_dname(dentry, buffer, buflen, "/%s:%s", 56 dentry->d_name.name, ret > 0 ? name : ""); 57 } 58 59 static void dma_buf_release(struct dentry *dentry) 60 { 61 struct dma_buf *dmabuf; 62 63 dmabuf = dentry->d_fsdata; 64 if (unlikely(!dmabuf)) 65 return; 66 67 BUG_ON(dmabuf->vmapping_counter); 68 69 /* 70 * Any fences that a dma-buf poll can wait on should be signaled 71 * before releasing dma-buf. This is the responsibility of each 72 * driver that uses the reservation objects. 73 * 74 * If you hit this BUG() it means someone dropped their ref to the 75 * dma-buf while still having pending operation to the buffer. 76 */ 77 BUG_ON(dmabuf->cb_shared.active || dmabuf->cb_excl.active); 78 79 dma_buf_stats_teardown(dmabuf); 80 dmabuf->ops->release(dmabuf); 81 82 if (dmabuf->resv == (struct dma_resv *)&dmabuf[1]) 83 dma_resv_fini(dmabuf->resv); 84 85 WARN_ON(!list_empty(&dmabuf->attachments)); 86 module_put(dmabuf->owner); 87 kfree(dmabuf->name); 88 kfree(dmabuf); 89 } 90 91 static int dma_buf_file_release(struct inode *inode, struct file *file) 92 { 93 struct dma_buf *dmabuf; 94 95 if (!is_dma_buf_file(file)) 96 return -EINVAL; 97 98 dmabuf = file->private_data; 99 100 mutex_lock(&db_list.lock); 101 list_del(&dmabuf->list_node); 102 mutex_unlock(&db_list.lock); 103 104 return 0; 105 } 106 107 static const struct dentry_operations dma_buf_dentry_ops = { 108 .d_dname = dmabuffs_dname, 109 .d_release = dma_buf_release, 110 }; 111 112 static struct vfsmount *dma_buf_mnt; 113 114 static int dma_buf_fs_init_context(struct fs_context *fc) 115 { 116 struct pseudo_fs_context *ctx; 117 118 ctx = init_pseudo(fc, DMA_BUF_MAGIC); 119 if (!ctx) 120 return -ENOMEM; 121 ctx->dops = &dma_buf_dentry_ops; 122 return 0; 123 } 124 125 static struct file_system_type dma_buf_fs_type = { 126 .name = "dmabuf", 127 .init_fs_context = dma_buf_fs_init_context, 128 .kill_sb = kill_anon_super, 129 }; 130 131 static int dma_buf_mmap_internal(struct file *file, struct vm_area_struct *vma) 132 { 133 struct dma_buf *dmabuf; 134 135 if (!is_dma_buf_file(file)) 136 return -EINVAL; 137 138 dmabuf = file->private_data; 139 140 /* check if buffer supports mmap */ 141 if (!dmabuf->ops->mmap) 142 return -EINVAL; 143 144 /* check for overflowing the buffer's size */ 145 if (vma->vm_pgoff + vma_pages(vma) > 146 dmabuf->size >> PAGE_SHIFT) 147 return -EINVAL; 148 149 return dmabuf->ops->mmap(dmabuf, vma); 150 } 151 152 static loff_t dma_buf_llseek(struct file *file, loff_t offset, int whence) 153 { 154 struct dma_buf *dmabuf; 155 loff_t base; 156 157 if (!is_dma_buf_file(file)) 158 return -EBADF; 159 160 dmabuf = file->private_data; 161 162 /* only support discovering the end of the buffer, 163 but also allow SEEK_SET to maintain the idiomatic 164 SEEK_END(0), SEEK_CUR(0) pattern */ 165 if (whence == SEEK_END) 166 base = dmabuf->size; 167 else if (whence == SEEK_SET) 168 base = 0; 169 else 170 return -EINVAL; 171 172 if (offset != 0) 173 return -EINVAL; 174 175 return base + offset; 176 } 177 178 /** 179 * DOC: implicit fence polling 180 * 181 * To support cross-device and cross-driver synchronization of buffer access 182 * implicit fences (represented internally in the kernel with &struct dma_fence) 183 * can be attached to a &dma_buf. The glue for that and a few related things are 184 * provided in the &dma_resv structure. 185 * 186 * Userspace can query the state of these implicitly tracked fences using poll() 187 * and related system calls: 188 * 189 * - Checking for EPOLLIN, i.e. read access, can be use to query the state of the 190 * most recent write or exclusive fence. 191 * 192 * - Checking for EPOLLOUT, i.e. write access, can be used to query the state of 193 * all attached fences, shared and exclusive ones. 194 * 195 * Note that this only signals the completion of the respective fences, i.e. the 196 * DMA transfers are complete. Cache flushing and any other necessary 197 * preparations before CPU access can begin still need to happen. 198 */ 199 200 static void dma_buf_poll_cb(struct dma_fence *fence, struct dma_fence_cb *cb) 201 { 202 struct dma_buf_poll_cb_t *dcb = (struct dma_buf_poll_cb_t *)cb; 203 unsigned long flags; 204 205 spin_lock_irqsave(&dcb->poll->lock, flags); 206 wake_up_locked_poll(dcb->poll, dcb->active); 207 dcb->active = 0; 208 spin_unlock_irqrestore(&dcb->poll->lock, flags); 209 } 210 211 static __poll_t dma_buf_poll(struct file *file, poll_table *poll) 212 { 213 struct dma_buf *dmabuf; 214 struct dma_resv *resv; 215 struct dma_resv_list *fobj; 216 struct dma_fence *fence_excl; 217 __poll_t events; 218 unsigned shared_count, seq; 219 220 dmabuf = file->private_data; 221 if (!dmabuf || !dmabuf->resv) 222 return EPOLLERR; 223 224 resv = dmabuf->resv; 225 226 poll_wait(file, &dmabuf->poll, poll); 227 228 events = poll_requested_events(poll) & (EPOLLIN | EPOLLOUT); 229 if (!events) 230 return 0; 231 232 retry: 233 seq = read_seqcount_begin(&resv->seq); 234 rcu_read_lock(); 235 236 fobj = rcu_dereference(resv->fence); 237 if (fobj) 238 shared_count = fobj->shared_count; 239 else 240 shared_count = 0; 241 fence_excl = dma_resv_excl_fence(resv); 242 if (read_seqcount_retry(&resv->seq, seq)) { 243 rcu_read_unlock(); 244 goto retry; 245 } 246 247 if (fence_excl && (!(events & EPOLLOUT) || shared_count == 0)) { 248 struct dma_buf_poll_cb_t *dcb = &dmabuf->cb_excl; 249 __poll_t pevents = EPOLLIN; 250 251 if (shared_count == 0) 252 pevents |= EPOLLOUT; 253 254 spin_lock_irq(&dmabuf->poll.lock); 255 if (dcb->active) { 256 dcb->active |= pevents; 257 events &= ~pevents; 258 } else 259 dcb->active = pevents; 260 spin_unlock_irq(&dmabuf->poll.lock); 261 262 if (events & pevents) { 263 if (!dma_fence_get_rcu(fence_excl)) { 264 /* force a recheck */ 265 events &= ~pevents; 266 dma_buf_poll_cb(NULL, &dcb->cb); 267 } else if (!dma_fence_add_callback(fence_excl, &dcb->cb, 268 dma_buf_poll_cb)) { 269 events &= ~pevents; 270 dma_fence_put(fence_excl); 271 } else { 272 /* 273 * No callback queued, wake up any additional 274 * waiters. 275 */ 276 dma_fence_put(fence_excl); 277 dma_buf_poll_cb(NULL, &dcb->cb); 278 } 279 } 280 } 281 282 if ((events & EPOLLOUT) && shared_count > 0) { 283 struct dma_buf_poll_cb_t *dcb = &dmabuf->cb_shared; 284 int i; 285 286 /* Only queue a new callback if no event has fired yet */ 287 spin_lock_irq(&dmabuf->poll.lock); 288 if (dcb->active) 289 events &= ~EPOLLOUT; 290 else 291 dcb->active = EPOLLOUT; 292 spin_unlock_irq(&dmabuf->poll.lock); 293 294 if (!(events & EPOLLOUT)) 295 goto out; 296 297 for (i = 0; i < shared_count; ++i) { 298 struct dma_fence *fence = rcu_dereference(fobj->shared[i]); 299 300 if (!dma_fence_get_rcu(fence)) { 301 /* 302 * fence refcount dropped to zero, this means 303 * that fobj has been freed 304 * 305 * call dma_buf_poll_cb and force a recheck! 306 */ 307 events &= ~EPOLLOUT; 308 dma_buf_poll_cb(NULL, &dcb->cb); 309 break; 310 } 311 if (!dma_fence_add_callback(fence, &dcb->cb, 312 dma_buf_poll_cb)) { 313 dma_fence_put(fence); 314 events &= ~EPOLLOUT; 315 break; 316 } 317 dma_fence_put(fence); 318 } 319 320 /* No callback queued, wake up any additional waiters. */ 321 if (i == shared_count) 322 dma_buf_poll_cb(NULL, &dcb->cb); 323 } 324 325 out: 326 rcu_read_unlock(); 327 return events; 328 } 329 330 /** 331 * dma_buf_set_name - Set a name to a specific dma_buf to track the usage. 332 * The name of the dma-buf buffer can only be set when the dma-buf is not 333 * attached to any devices. It could theoritically support changing the 334 * name of the dma-buf if the same piece of memory is used for multiple 335 * purpose between different devices. 336 * 337 * @dmabuf: [in] dmabuf buffer that will be renamed. 338 * @buf: [in] A piece of userspace memory that contains the name of 339 * the dma-buf. 340 * 341 * Returns 0 on success. If the dma-buf buffer is already attached to 342 * devices, return -EBUSY. 343 * 344 */ 345 static long dma_buf_set_name(struct dma_buf *dmabuf, const char __user *buf) 346 { 347 char *name = strndup_user(buf, DMA_BUF_NAME_LEN); 348 long ret = 0; 349 350 if (IS_ERR(name)) 351 return PTR_ERR(name); 352 353 dma_resv_lock(dmabuf->resv, NULL); 354 if (!list_empty(&dmabuf->attachments)) { 355 ret = -EBUSY; 356 kfree(name); 357 goto out_unlock; 358 } 359 spin_lock(&dmabuf->name_lock); 360 kfree(dmabuf->name); 361 dmabuf->name = name; 362 spin_unlock(&dmabuf->name_lock); 363 364 out_unlock: 365 dma_resv_unlock(dmabuf->resv); 366 return ret; 367 } 368 369 static long dma_buf_ioctl(struct file *file, 370 unsigned int cmd, unsigned long arg) 371 { 372 struct dma_buf *dmabuf; 373 struct dma_buf_sync sync; 374 enum dma_data_direction direction; 375 int ret; 376 377 dmabuf = file->private_data; 378 379 switch (cmd) { 380 case DMA_BUF_IOCTL_SYNC: 381 if (copy_from_user(&sync, (void __user *) arg, sizeof(sync))) 382 return -EFAULT; 383 384 if (sync.flags & ~DMA_BUF_SYNC_VALID_FLAGS_MASK) 385 return -EINVAL; 386 387 switch (sync.flags & DMA_BUF_SYNC_RW) { 388 case DMA_BUF_SYNC_READ: 389 direction = DMA_FROM_DEVICE; 390 break; 391 case DMA_BUF_SYNC_WRITE: 392 direction = DMA_TO_DEVICE; 393 break; 394 case DMA_BUF_SYNC_RW: 395 direction = DMA_BIDIRECTIONAL; 396 break; 397 default: 398 return -EINVAL; 399 } 400 401 if (sync.flags & DMA_BUF_SYNC_END) 402 ret = dma_buf_end_cpu_access(dmabuf, direction); 403 else 404 ret = dma_buf_begin_cpu_access(dmabuf, direction); 405 406 return ret; 407 408 case DMA_BUF_SET_NAME_A: 409 case DMA_BUF_SET_NAME_B: 410 return dma_buf_set_name(dmabuf, (const char __user *)arg); 411 412 default: 413 return -ENOTTY; 414 } 415 } 416 417 static void dma_buf_show_fdinfo(struct seq_file *m, struct file *file) 418 { 419 struct dma_buf *dmabuf = file->private_data; 420 421 seq_printf(m, "size:\t%zu\n", dmabuf->size); 422 /* Don't count the temporary reference taken inside procfs seq_show */ 423 seq_printf(m, "count:\t%ld\n", file_count(dmabuf->file) - 1); 424 seq_printf(m, "exp_name:\t%s\n", dmabuf->exp_name); 425 spin_lock(&dmabuf->name_lock); 426 if (dmabuf->name) 427 seq_printf(m, "name:\t%s\n", dmabuf->name); 428 spin_unlock(&dmabuf->name_lock); 429 } 430 431 static const struct file_operations dma_buf_fops = { 432 .release = dma_buf_file_release, 433 .mmap = dma_buf_mmap_internal, 434 .llseek = dma_buf_llseek, 435 .poll = dma_buf_poll, 436 .unlocked_ioctl = dma_buf_ioctl, 437 .compat_ioctl = compat_ptr_ioctl, 438 .show_fdinfo = dma_buf_show_fdinfo, 439 }; 440 441 /* 442 * is_dma_buf_file - Check if struct file* is associated with dma_buf 443 */ 444 static inline int is_dma_buf_file(struct file *file) 445 { 446 return file->f_op == &dma_buf_fops; 447 } 448 449 static struct file *dma_buf_getfile(struct dma_buf *dmabuf, int flags) 450 { 451 struct file *file; 452 struct inode *inode = alloc_anon_inode(dma_buf_mnt->mnt_sb); 453 454 if (IS_ERR(inode)) 455 return ERR_CAST(inode); 456 457 inode->i_size = dmabuf->size; 458 inode_set_bytes(inode, dmabuf->size); 459 460 file = alloc_file_pseudo(inode, dma_buf_mnt, "dmabuf", 461 flags, &dma_buf_fops); 462 if (IS_ERR(file)) 463 goto err_alloc_file; 464 file->f_flags = flags & (O_ACCMODE | O_NONBLOCK); 465 file->private_data = dmabuf; 466 file->f_path.dentry->d_fsdata = dmabuf; 467 468 return file; 469 470 err_alloc_file: 471 iput(inode); 472 return file; 473 } 474 475 /** 476 * DOC: dma buf device access 477 * 478 * For device DMA access to a shared DMA buffer the usual sequence of operations 479 * is fairly simple: 480 * 481 * 1. The exporter defines his exporter instance using 482 * DEFINE_DMA_BUF_EXPORT_INFO() and calls dma_buf_export() to wrap a private 483 * buffer object into a &dma_buf. It then exports that &dma_buf to userspace 484 * as a file descriptor by calling dma_buf_fd(). 485 * 486 * 2. Userspace passes this file-descriptors to all drivers it wants this buffer 487 * to share with: First the filedescriptor is converted to a &dma_buf using 488 * dma_buf_get(). Then the buffer is attached to the device using 489 * dma_buf_attach(). 490 * 491 * Up to this stage the exporter is still free to migrate or reallocate the 492 * backing storage. 493 * 494 * 3. Once the buffer is attached to all devices userspace can initiate DMA 495 * access to the shared buffer. In the kernel this is done by calling 496 * dma_buf_map_attachment() and dma_buf_unmap_attachment(). 497 * 498 * 4. Once a driver is done with a shared buffer it needs to call 499 * dma_buf_detach() (after cleaning up any mappings) and then release the 500 * reference acquired with dma_buf_get() by calling dma_buf_put(). 501 * 502 * For the detailed semantics exporters are expected to implement see 503 * &dma_buf_ops. 504 */ 505 506 /** 507 * dma_buf_export - Creates a new dma_buf, and associates an anon file 508 * with this buffer, so it can be exported. 509 * Also connect the allocator specific data and ops to the buffer. 510 * Additionally, provide a name string for exporter; useful in debugging. 511 * 512 * @exp_info: [in] holds all the export related information provided 513 * by the exporter. see &struct dma_buf_export_info 514 * for further details. 515 * 516 * Returns, on success, a newly created struct dma_buf object, which wraps the 517 * supplied private data and operations for struct dma_buf_ops. On either 518 * missing ops, or error in allocating struct dma_buf, will return negative 519 * error. 520 * 521 * For most cases the easiest way to create @exp_info is through the 522 * %DEFINE_DMA_BUF_EXPORT_INFO macro. 523 */ 524 struct dma_buf *dma_buf_export(const struct dma_buf_export_info *exp_info) 525 { 526 struct dma_buf *dmabuf; 527 struct dma_resv *resv = exp_info->resv; 528 struct file *file; 529 size_t alloc_size = sizeof(struct dma_buf); 530 int ret; 531 532 if (!exp_info->resv) 533 alloc_size += sizeof(struct dma_resv); 534 else 535 /* prevent &dma_buf[1] == dma_buf->resv */ 536 alloc_size += 1; 537 538 if (WARN_ON(!exp_info->priv 539 || !exp_info->ops 540 || !exp_info->ops->map_dma_buf 541 || !exp_info->ops->unmap_dma_buf 542 || !exp_info->ops->release)) { 543 return ERR_PTR(-EINVAL); 544 } 545 546 if (WARN_ON(exp_info->ops->cache_sgt_mapping && 547 (exp_info->ops->pin || exp_info->ops->unpin))) 548 return ERR_PTR(-EINVAL); 549 550 if (WARN_ON(!exp_info->ops->pin != !exp_info->ops->unpin)) 551 return ERR_PTR(-EINVAL); 552 553 if (!try_module_get(exp_info->owner)) 554 return ERR_PTR(-ENOENT); 555 556 dmabuf = kzalloc(alloc_size, GFP_KERNEL); 557 if (!dmabuf) { 558 ret = -ENOMEM; 559 goto err_module; 560 } 561 562 dmabuf->priv = exp_info->priv; 563 dmabuf->ops = exp_info->ops; 564 dmabuf->size = exp_info->size; 565 dmabuf->exp_name = exp_info->exp_name; 566 dmabuf->owner = exp_info->owner; 567 spin_lock_init(&dmabuf->name_lock); 568 init_waitqueue_head(&dmabuf->poll); 569 dmabuf->cb_excl.poll = dmabuf->cb_shared.poll = &dmabuf->poll; 570 dmabuf->cb_excl.active = dmabuf->cb_shared.active = 0; 571 572 if (!resv) { 573 resv = (struct dma_resv *)&dmabuf[1]; 574 dma_resv_init(resv); 575 } 576 dmabuf->resv = resv; 577 578 file = dma_buf_getfile(dmabuf, exp_info->flags); 579 if (IS_ERR(file)) { 580 ret = PTR_ERR(file); 581 goto err_dmabuf; 582 } 583 584 file->f_mode |= FMODE_LSEEK; 585 dmabuf->file = file; 586 587 ret = dma_buf_stats_setup(dmabuf); 588 if (ret) 589 goto err_sysfs; 590 591 mutex_init(&dmabuf->lock); 592 INIT_LIST_HEAD(&dmabuf->attachments); 593 594 mutex_lock(&db_list.lock); 595 list_add(&dmabuf->list_node, &db_list.head); 596 mutex_unlock(&db_list.lock); 597 598 return dmabuf; 599 600 err_sysfs: 601 /* 602 * Set file->f_path.dentry->d_fsdata to NULL so that when 603 * dma_buf_release() gets invoked by dentry_ops, it exits 604 * early before calling the release() dma_buf op. 605 */ 606 file->f_path.dentry->d_fsdata = NULL; 607 fput(file); 608 err_dmabuf: 609 kfree(dmabuf); 610 err_module: 611 module_put(exp_info->owner); 612 return ERR_PTR(ret); 613 } 614 EXPORT_SYMBOL_GPL(dma_buf_export); 615 616 /** 617 * dma_buf_fd - returns a file descriptor for the given struct dma_buf 618 * @dmabuf: [in] pointer to dma_buf for which fd is required. 619 * @flags: [in] flags to give to fd 620 * 621 * On success, returns an associated 'fd'. Else, returns error. 622 */ 623 int dma_buf_fd(struct dma_buf *dmabuf, int flags) 624 { 625 int fd; 626 627 if (!dmabuf || !dmabuf->file) 628 return -EINVAL; 629 630 fd = get_unused_fd_flags(flags); 631 if (fd < 0) 632 return fd; 633 634 fd_install(fd, dmabuf->file); 635 636 return fd; 637 } 638 EXPORT_SYMBOL_GPL(dma_buf_fd); 639 640 /** 641 * dma_buf_get - returns the struct dma_buf related to an fd 642 * @fd: [in] fd associated with the struct dma_buf to be returned 643 * 644 * On success, returns the struct dma_buf associated with an fd; uses 645 * file's refcounting done by fget to increase refcount. returns ERR_PTR 646 * otherwise. 647 */ 648 struct dma_buf *dma_buf_get(int fd) 649 { 650 struct file *file; 651 652 file = fget(fd); 653 654 if (!file) 655 return ERR_PTR(-EBADF); 656 657 if (!is_dma_buf_file(file)) { 658 fput(file); 659 return ERR_PTR(-EINVAL); 660 } 661 662 return file->private_data; 663 } 664 EXPORT_SYMBOL_GPL(dma_buf_get); 665 666 /** 667 * dma_buf_put - decreases refcount of the buffer 668 * @dmabuf: [in] buffer to reduce refcount of 669 * 670 * Uses file's refcounting done implicitly by fput(). 671 * 672 * If, as a result of this call, the refcount becomes 0, the 'release' file 673 * operation related to this fd is called. It calls &dma_buf_ops.release vfunc 674 * in turn, and frees the memory allocated for dmabuf when exported. 675 */ 676 void dma_buf_put(struct dma_buf *dmabuf) 677 { 678 if (WARN_ON(!dmabuf || !dmabuf->file)) 679 return; 680 681 fput(dmabuf->file); 682 } 683 EXPORT_SYMBOL_GPL(dma_buf_put); 684 685 static void mangle_sg_table(struct sg_table *sg_table) 686 { 687 #ifdef CONFIG_DMABUF_DEBUG 688 int i; 689 struct scatterlist *sg; 690 691 /* To catch abuse of the underlying struct page by importers mix 692 * up the bits, but take care to preserve the low SG_ bits to 693 * not corrupt the sgt. The mixing is undone in __unmap_dma_buf 694 * before passing the sgt back to the exporter. */ 695 for_each_sgtable_sg(sg_table, sg, i) 696 sg->page_link ^= ~0xffUL; 697 #endif 698 699 } 700 static struct sg_table * __map_dma_buf(struct dma_buf_attachment *attach, 701 enum dma_data_direction direction) 702 { 703 struct sg_table *sg_table; 704 705 sg_table = attach->dmabuf->ops->map_dma_buf(attach, direction); 706 707 if (!IS_ERR_OR_NULL(sg_table)) 708 mangle_sg_table(sg_table); 709 710 return sg_table; 711 } 712 713 /** 714 * dma_buf_dynamic_attach - Add the device to dma_buf's attachments list 715 * @dmabuf: [in] buffer to attach device to. 716 * @dev: [in] device to be attached. 717 * @importer_ops: [in] importer operations for the attachment 718 * @importer_priv: [in] importer private pointer for the attachment 719 * 720 * Returns struct dma_buf_attachment pointer for this attachment. Attachments 721 * must be cleaned up by calling dma_buf_detach(). 722 * 723 * Optionally this calls &dma_buf_ops.attach to allow device-specific attach 724 * functionality. 725 * 726 * Returns: 727 * 728 * A pointer to newly created &dma_buf_attachment on success, or a negative 729 * error code wrapped into a pointer on failure. 730 * 731 * Note that this can fail if the backing storage of @dmabuf is in a place not 732 * accessible to @dev, and cannot be moved to a more suitable place. This is 733 * indicated with the error code -EBUSY. 734 */ 735 struct dma_buf_attachment * 736 dma_buf_dynamic_attach(struct dma_buf *dmabuf, struct device *dev, 737 const struct dma_buf_attach_ops *importer_ops, 738 void *importer_priv) 739 { 740 struct dma_buf_attachment *attach; 741 int ret; 742 743 if (WARN_ON(!dmabuf || !dev)) 744 return ERR_PTR(-EINVAL); 745 746 if (WARN_ON(importer_ops && !importer_ops->move_notify)) 747 return ERR_PTR(-EINVAL); 748 749 attach = kzalloc(sizeof(*attach), GFP_KERNEL); 750 if (!attach) 751 return ERR_PTR(-ENOMEM); 752 753 attach->dev = dev; 754 attach->dmabuf = dmabuf; 755 if (importer_ops) 756 attach->peer2peer = importer_ops->allow_peer2peer; 757 attach->importer_ops = importer_ops; 758 attach->importer_priv = importer_priv; 759 760 if (dmabuf->ops->attach) { 761 ret = dmabuf->ops->attach(dmabuf, attach); 762 if (ret) 763 goto err_attach; 764 } 765 dma_resv_lock(dmabuf->resv, NULL); 766 list_add(&attach->node, &dmabuf->attachments); 767 dma_resv_unlock(dmabuf->resv); 768 769 /* When either the importer or the exporter can't handle dynamic 770 * mappings we cache the mapping here to avoid issues with the 771 * reservation object lock. 772 */ 773 if (dma_buf_attachment_is_dynamic(attach) != 774 dma_buf_is_dynamic(dmabuf)) { 775 struct sg_table *sgt; 776 777 if (dma_buf_is_dynamic(attach->dmabuf)) { 778 dma_resv_lock(attach->dmabuf->resv, NULL); 779 ret = dmabuf->ops->pin(attach); 780 if (ret) 781 goto err_unlock; 782 } 783 784 sgt = __map_dma_buf(attach, DMA_BIDIRECTIONAL); 785 if (!sgt) 786 sgt = ERR_PTR(-ENOMEM); 787 if (IS_ERR(sgt)) { 788 ret = PTR_ERR(sgt); 789 goto err_unpin; 790 } 791 if (dma_buf_is_dynamic(attach->dmabuf)) 792 dma_resv_unlock(attach->dmabuf->resv); 793 attach->sgt = sgt; 794 attach->dir = DMA_BIDIRECTIONAL; 795 } 796 797 return attach; 798 799 err_attach: 800 kfree(attach); 801 return ERR_PTR(ret); 802 803 err_unpin: 804 if (dma_buf_is_dynamic(attach->dmabuf)) 805 dmabuf->ops->unpin(attach); 806 807 err_unlock: 808 if (dma_buf_is_dynamic(attach->dmabuf)) 809 dma_resv_unlock(attach->dmabuf->resv); 810 811 dma_buf_detach(dmabuf, attach); 812 return ERR_PTR(ret); 813 } 814 EXPORT_SYMBOL_GPL(dma_buf_dynamic_attach); 815 816 /** 817 * dma_buf_attach - Wrapper for dma_buf_dynamic_attach 818 * @dmabuf: [in] buffer to attach device to. 819 * @dev: [in] device to be attached. 820 * 821 * Wrapper to call dma_buf_dynamic_attach() for drivers which still use a static 822 * mapping. 823 */ 824 struct dma_buf_attachment *dma_buf_attach(struct dma_buf *dmabuf, 825 struct device *dev) 826 { 827 return dma_buf_dynamic_attach(dmabuf, dev, NULL, NULL); 828 } 829 EXPORT_SYMBOL_GPL(dma_buf_attach); 830 831 static void __unmap_dma_buf(struct dma_buf_attachment *attach, 832 struct sg_table *sg_table, 833 enum dma_data_direction direction) 834 { 835 /* uses XOR, hence this unmangles */ 836 mangle_sg_table(sg_table); 837 838 attach->dmabuf->ops->unmap_dma_buf(attach, sg_table, direction); 839 } 840 841 /** 842 * dma_buf_detach - Remove the given attachment from dmabuf's attachments list 843 * @dmabuf: [in] buffer to detach from. 844 * @attach: [in] attachment to be detached; is free'd after this call. 845 * 846 * Clean up a device attachment obtained by calling dma_buf_attach(). 847 * 848 * Optionally this calls &dma_buf_ops.detach for device-specific detach. 849 */ 850 void dma_buf_detach(struct dma_buf *dmabuf, struct dma_buf_attachment *attach) 851 { 852 if (WARN_ON(!dmabuf || !attach)) 853 return; 854 855 if (attach->sgt) { 856 if (dma_buf_is_dynamic(attach->dmabuf)) 857 dma_resv_lock(attach->dmabuf->resv, NULL); 858 859 __unmap_dma_buf(attach, attach->sgt, attach->dir); 860 861 if (dma_buf_is_dynamic(attach->dmabuf)) { 862 dmabuf->ops->unpin(attach); 863 dma_resv_unlock(attach->dmabuf->resv); 864 } 865 } 866 867 dma_resv_lock(dmabuf->resv, NULL); 868 list_del(&attach->node); 869 dma_resv_unlock(dmabuf->resv); 870 if (dmabuf->ops->detach) 871 dmabuf->ops->detach(dmabuf, attach); 872 873 kfree(attach); 874 } 875 EXPORT_SYMBOL_GPL(dma_buf_detach); 876 877 /** 878 * dma_buf_pin - Lock down the DMA-buf 879 * @attach: [in] attachment which should be pinned 880 * 881 * Only dynamic importers (who set up @attach with dma_buf_dynamic_attach()) may 882 * call this, and only for limited use cases like scanout and not for temporary 883 * pin operations. It is not permitted to allow userspace to pin arbitrary 884 * amounts of buffers through this interface. 885 * 886 * Buffers must be unpinned by calling dma_buf_unpin(). 887 * 888 * Returns: 889 * 0 on success, negative error code on failure. 890 */ 891 int dma_buf_pin(struct dma_buf_attachment *attach) 892 { 893 struct dma_buf *dmabuf = attach->dmabuf; 894 int ret = 0; 895 896 WARN_ON(!dma_buf_attachment_is_dynamic(attach)); 897 898 dma_resv_assert_held(dmabuf->resv); 899 900 if (dmabuf->ops->pin) 901 ret = dmabuf->ops->pin(attach); 902 903 return ret; 904 } 905 EXPORT_SYMBOL_GPL(dma_buf_pin); 906 907 /** 908 * dma_buf_unpin - Unpin a DMA-buf 909 * @attach: [in] attachment which should be unpinned 910 * 911 * This unpins a buffer pinned by dma_buf_pin() and allows the exporter to move 912 * any mapping of @attach again and inform the importer through 913 * &dma_buf_attach_ops.move_notify. 914 */ 915 void dma_buf_unpin(struct dma_buf_attachment *attach) 916 { 917 struct dma_buf *dmabuf = attach->dmabuf; 918 919 WARN_ON(!dma_buf_attachment_is_dynamic(attach)); 920 921 dma_resv_assert_held(dmabuf->resv); 922 923 if (dmabuf->ops->unpin) 924 dmabuf->ops->unpin(attach); 925 } 926 EXPORT_SYMBOL_GPL(dma_buf_unpin); 927 928 /** 929 * dma_buf_map_attachment - Returns the scatterlist table of the attachment; 930 * mapped into _device_ address space. Is a wrapper for map_dma_buf() of the 931 * dma_buf_ops. 932 * @attach: [in] attachment whose scatterlist is to be returned 933 * @direction: [in] direction of DMA transfer 934 * 935 * Returns sg_table containing the scatterlist to be returned; returns ERR_PTR 936 * on error. May return -EINTR if it is interrupted by a signal. 937 * 938 * On success, the DMA addresses and lengths in the returned scatterlist are 939 * PAGE_SIZE aligned. 940 * 941 * A mapping must be unmapped by using dma_buf_unmap_attachment(). Note that 942 * the underlying backing storage is pinned for as long as a mapping exists, 943 * therefore users/importers should not hold onto a mapping for undue amounts of 944 * time. 945 * 946 * Important: Dynamic importers must wait for the exclusive fence of the struct 947 * dma_resv attached to the DMA-BUF first. 948 */ 949 struct sg_table *dma_buf_map_attachment(struct dma_buf_attachment *attach, 950 enum dma_data_direction direction) 951 { 952 struct sg_table *sg_table; 953 int r; 954 955 might_sleep(); 956 957 if (WARN_ON(!attach || !attach->dmabuf)) 958 return ERR_PTR(-EINVAL); 959 960 if (dma_buf_attachment_is_dynamic(attach)) 961 dma_resv_assert_held(attach->dmabuf->resv); 962 963 if (attach->sgt) { 964 /* 965 * Two mappings with different directions for the same 966 * attachment are not allowed. 967 */ 968 if (attach->dir != direction && 969 attach->dir != DMA_BIDIRECTIONAL) 970 return ERR_PTR(-EBUSY); 971 972 return attach->sgt; 973 } 974 975 if (dma_buf_is_dynamic(attach->dmabuf)) { 976 dma_resv_assert_held(attach->dmabuf->resv); 977 if (!IS_ENABLED(CONFIG_DMABUF_MOVE_NOTIFY)) { 978 r = attach->dmabuf->ops->pin(attach); 979 if (r) 980 return ERR_PTR(r); 981 } 982 } 983 984 sg_table = __map_dma_buf(attach, direction); 985 if (!sg_table) 986 sg_table = ERR_PTR(-ENOMEM); 987 988 if (IS_ERR(sg_table) && dma_buf_is_dynamic(attach->dmabuf) && 989 !IS_ENABLED(CONFIG_DMABUF_MOVE_NOTIFY)) 990 attach->dmabuf->ops->unpin(attach); 991 992 if (!IS_ERR(sg_table) && attach->dmabuf->ops->cache_sgt_mapping) { 993 attach->sgt = sg_table; 994 attach->dir = direction; 995 } 996 997 #ifdef CONFIG_DMA_API_DEBUG 998 if (!IS_ERR(sg_table)) { 999 struct scatterlist *sg; 1000 u64 addr; 1001 int len; 1002 int i; 1003 1004 for_each_sgtable_dma_sg(sg_table, sg, i) { 1005 addr = sg_dma_address(sg); 1006 len = sg_dma_len(sg); 1007 if (!PAGE_ALIGNED(addr) || !PAGE_ALIGNED(len)) { 1008 pr_debug("%s: addr %llx or len %x is not page aligned!\n", 1009 __func__, addr, len); 1010 } 1011 } 1012 } 1013 #endif /* CONFIG_DMA_API_DEBUG */ 1014 return sg_table; 1015 } 1016 EXPORT_SYMBOL_GPL(dma_buf_map_attachment); 1017 1018 /** 1019 * dma_buf_unmap_attachment - unmaps and decreases usecount of the buffer;might 1020 * deallocate the scatterlist associated. Is a wrapper for unmap_dma_buf() of 1021 * dma_buf_ops. 1022 * @attach: [in] attachment to unmap buffer from 1023 * @sg_table: [in] scatterlist info of the buffer to unmap 1024 * @direction: [in] direction of DMA transfer 1025 * 1026 * This unmaps a DMA mapping for @attached obtained by dma_buf_map_attachment(). 1027 */ 1028 void dma_buf_unmap_attachment(struct dma_buf_attachment *attach, 1029 struct sg_table *sg_table, 1030 enum dma_data_direction direction) 1031 { 1032 might_sleep(); 1033 1034 if (WARN_ON(!attach || !attach->dmabuf || !sg_table)) 1035 return; 1036 1037 if (dma_buf_attachment_is_dynamic(attach)) 1038 dma_resv_assert_held(attach->dmabuf->resv); 1039 1040 if (attach->sgt == sg_table) 1041 return; 1042 1043 if (dma_buf_is_dynamic(attach->dmabuf)) 1044 dma_resv_assert_held(attach->dmabuf->resv); 1045 1046 __unmap_dma_buf(attach, sg_table, direction); 1047 1048 if (dma_buf_is_dynamic(attach->dmabuf) && 1049 !IS_ENABLED(CONFIG_DMABUF_MOVE_NOTIFY)) 1050 dma_buf_unpin(attach); 1051 } 1052 EXPORT_SYMBOL_GPL(dma_buf_unmap_attachment); 1053 1054 /** 1055 * dma_buf_move_notify - notify attachments that DMA-buf is moving 1056 * 1057 * @dmabuf: [in] buffer which is moving 1058 * 1059 * Informs all attachmenst that they need to destroy and recreated all their 1060 * mappings. 1061 */ 1062 void dma_buf_move_notify(struct dma_buf *dmabuf) 1063 { 1064 struct dma_buf_attachment *attach; 1065 1066 dma_resv_assert_held(dmabuf->resv); 1067 1068 list_for_each_entry(attach, &dmabuf->attachments, node) 1069 if (attach->importer_ops) 1070 attach->importer_ops->move_notify(attach); 1071 } 1072 EXPORT_SYMBOL_GPL(dma_buf_move_notify); 1073 1074 /** 1075 * DOC: cpu access 1076 * 1077 * There are mutliple reasons for supporting CPU access to a dma buffer object: 1078 * 1079 * - Fallback operations in the kernel, for example when a device is connected 1080 * over USB and the kernel needs to shuffle the data around first before 1081 * sending it away. Cache coherency is handled by braketing any transactions 1082 * with calls to dma_buf_begin_cpu_access() and dma_buf_end_cpu_access() 1083 * access. 1084 * 1085 * Since for most kernel internal dma-buf accesses need the entire buffer, a 1086 * vmap interface is introduced. Note that on very old 32-bit architectures 1087 * vmalloc space might be limited and result in vmap calls failing. 1088 * 1089 * Interfaces:: 1090 * 1091 * void \*dma_buf_vmap(struct dma_buf \*dmabuf) 1092 * void dma_buf_vunmap(struct dma_buf \*dmabuf, void \*vaddr) 1093 * 1094 * The vmap call can fail if there is no vmap support in the exporter, or if 1095 * it runs out of vmalloc space. Note that the dma-buf layer keeps a reference 1096 * count for all vmap access and calls down into the exporter's vmap function 1097 * only when no vmapping exists, and only unmaps it once. Protection against 1098 * concurrent vmap/vunmap calls is provided by taking the &dma_buf.lock mutex. 1099 * 1100 * - For full compatibility on the importer side with existing userspace 1101 * interfaces, which might already support mmap'ing buffers. This is needed in 1102 * many processing pipelines (e.g. feeding a software rendered image into a 1103 * hardware pipeline, thumbnail creation, snapshots, ...). Also, Android's ION 1104 * framework already supported this and for DMA buffer file descriptors to 1105 * replace ION buffers mmap support was needed. 1106 * 1107 * There is no special interfaces, userspace simply calls mmap on the dma-buf 1108 * fd. But like for CPU access there's a need to braket the actual access, 1109 * which is handled by the ioctl (DMA_BUF_IOCTL_SYNC). Note that 1110 * DMA_BUF_IOCTL_SYNC can fail with -EAGAIN or -EINTR, in which case it must 1111 * be restarted. 1112 * 1113 * Some systems might need some sort of cache coherency management e.g. when 1114 * CPU and GPU domains are being accessed through dma-buf at the same time. 1115 * To circumvent this problem there are begin/end coherency markers, that 1116 * forward directly to existing dma-buf device drivers vfunc hooks. Userspace 1117 * can make use of those markers through the DMA_BUF_IOCTL_SYNC ioctl. The 1118 * sequence would be used like following: 1119 * 1120 * - mmap dma-buf fd 1121 * - for each drawing/upload cycle in CPU 1. SYNC_START ioctl, 2. read/write 1122 * to mmap area 3. SYNC_END ioctl. This can be repeated as often as you 1123 * want (with the new data being consumed by say the GPU or the scanout 1124 * device) 1125 * - munmap once you don't need the buffer any more 1126 * 1127 * For correctness and optimal performance, it is always required to use 1128 * SYNC_START and SYNC_END before and after, respectively, when accessing the 1129 * mapped address. Userspace cannot rely on coherent access, even when there 1130 * are systems where it just works without calling these ioctls. 1131 * 1132 * - And as a CPU fallback in userspace processing pipelines. 1133 * 1134 * Similar to the motivation for kernel cpu access it is again important that 1135 * the userspace code of a given importing subsystem can use the same 1136 * interfaces with a imported dma-buf buffer object as with a native buffer 1137 * object. This is especially important for drm where the userspace part of 1138 * contemporary OpenGL, X, and other drivers is huge, and reworking them to 1139 * use a different way to mmap a buffer rather invasive. 1140 * 1141 * The assumption in the current dma-buf interfaces is that redirecting the 1142 * initial mmap is all that's needed. A survey of some of the existing 1143 * subsystems shows that no driver seems to do any nefarious thing like 1144 * syncing up with outstanding asynchronous processing on the device or 1145 * allocating special resources at fault time. So hopefully this is good 1146 * enough, since adding interfaces to intercept pagefaults and allow pte 1147 * shootdowns would increase the complexity quite a bit. 1148 * 1149 * Interface:: 1150 * 1151 * int dma_buf_mmap(struct dma_buf \*, struct vm_area_struct \*, 1152 * unsigned long); 1153 * 1154 * If the importing subsystem simply provides a special-purpose mmap call to 1155 * set up a mapping in userspace, calling do_mmap with &dma_buf.file will 1156 * equally achieve that for a dma-buf object. 1157 */ 1158 1159 static int __dma_buf_begin_cpu_access(struct dma_buf *dmabuf, 1160 enum dma_data_direction direction) 1161 { 1162 bool write = (direction == DMA_BIDIRECTIONAL || 1163 direction == DMA_TO_DEVICE); 1164 struct dma_resv *resv = dmabuf->resv; 1165 long ret; 1166 1167 /* Wait on any implicit rendering fences */ 1168 ret = dma_resv_wait_timeout(resv, write, true, MAX_SCHEDULE_TIMEOUT); 1169 if (ret < 0) 1170 return ret; 1171 1172 return 0; 1173 } 1174 1175 /** 1176 * dma_buf_begin_cpu_access - Must be called before accessing a dma_buf from the 1177 * cpu in the kernel context. Calls begin_cpu_access to allow exporter-specific 1178 * preparations. Coherency is only guaranteed in the specified range for the 1179 * specified access direction. 1180 * @dmabuf: [in] buffer to prepare cpu access for. 1181 * @direction: [in] length of range for cpu access. 1182 * 1183 * After the cpu access is complete the caller should call 1184 * dma_buf_end_cpu_access(). Only when cpu access is braketed by both calls is 1185 * it guaranteed to be coherent with other DMA access. 1186 * 1187 * This function will also wait for any DMA transactions tracked through 1188 * implicit synchronization in &dma_buf.resv. For DMA transactions with explicit 1189 * synchronization this function will only ensure cache coherency, callers must 1190 * ensure synchronization with such DMA transactions on their own. 1191 * 1192 * Can return negative error values, returns 0 on success. 1193 */ 1194 int dma_buf_begin_cpu_access(struct dma_buf *dmabuf, 1195 enum dma_data_direction direction) 1196 { 1197 int ret = 0; 1198 1199 if (WARN_ON(!dmabuf)) 1200 return -EINVAL; 1201 1202 might_lock(&dmabuf->resv->lock.base); 1203 1204 if (dmabuf->ops->begin_cpu_access) 1205 ret = dmabuf->ops->begin_cpu_access(dmabuf, direction); 1206 1207 /* Ensure that all fences are waited upon - but we first allow 1208 * the native handler the chance to do so more efficiently if it 1209 * chooses. A double invocation here will be reasonably cheap no-op. 1210 */ 1211 if (ret == 0) 1212 ret = __dma_buf_begin_cpu_access(dmabuf, direction); 1213 1214 return ret; 1215 } 1216 EXPORT_SYMBOL_GPL(dma_buf_begin_cpu_access); 1217 1218 /** 1219 * dma_buf_end_cpu_access - Must be called after accessing a dma_buf from the 1220 * cpu in the kernel context. Calls end_cpu_access to allow exporter-specific 1221 * actions. Coherency is only guaranteed in the specified range for the 1222 * specified access direction. 1223 * @dmabuf: [in] buffer to complete cpu access for. 1224 * @direction: [in] length of range for cpu access. 1225 * 1226 * This terminates CPU access started with dma_buf_begin_cpu_access(). 1227 * 1228 * Can return negative error values, returns 0 on success. 1229 */ 1230 int dma_buf_end_cpu_access(struct dma_buf *dmabuf, 1231 enum dma_data_direction direction) 1232 { 1233 int ret = 0; 1234 1235 WARN_ON(!dmabuf); 1236 1237 might_lock(&dmabuf->resv->lock.base); 1238 1239 if (dmabuf->ops->end_cpu_access) 1240 ret = dmabuf->ops->end_cpu_access(dmabuf, direction); 1241 1242 return ret; 1243 } 1244 EXPORT_SYMBOL_GPL(dma_buf_end_cpu_access); 1245 1246 1247 /** 1248 * dma_buf_mmap - Setup up a userspace mmap with the given vma 1249 * @dmabuf: [in] buffer that should back the vma 1250 * @vma: [in] vma for the mmap 1251 * @pgoff: [in] offset in pages where this mmap should start within the 1252 * dma-buf buffer. 1253 * 1254 * This function adjusts the passed in vma so that it points at the file of the 1255 * dma_buf operation. It also adjusts the starting pgoff and does bounds 1256 * checking on the size of the vma. Then it calls the exporters mmap function to 1257 * set up the mapping. 1258 * 1259 * Can return negative error values, returns 0 on success. 1260 */ 1261 int dma_buf_mmap(struct dma_buf *dmabuf, struct vm_area_struct *vma, 1262 unsigned long pgoff) 1263 { 1264 if (WARN_ON(!dmabuf || !vma)) 1265 return -EINVAL; 1266 1267 /* check if buffer supports mmap */ 1268 if (!dmabuf->ops->mmap) 1269 return -EINVAL; 1270 1271 /* check for offset overflow */ 1272 if (pgoff + vma_pages(vma) < pgoff) 1273 return -EOVERFLOW; 1274 1275 /* check for overflowing the buffer's size */ 1276 if (pgoff + vma_pages(vma) > 1277 dmabuf->size >> PAGE_SHIFT) 1278 return -EINVAL; 1279 1280 /* readjust the vma */ 1281 vma_set_file(vma, dmabuf->file); 1282 vma->vm_pgoff = pgoff; 1283 1284 return dmabuf->ops->mmap(dmabuf, vma); 1285 } 1286 EXPORT_SYMBOL_GPL(dma_buf_mmap); 1287 1288 /** 1289 * dma_buf_vmap - Create virtual mapping for the buffer object into kernel 1290 * address space. Same restrictions as for vmap and friends apply. 1291 * @dmabuf: [in] buffer to vmap 1292 * @map: [out] returns the vmap pointer 1293 * 1294 * This call may fail due to lack of virtual mapping address space. 1295 * These calls are optional in drivers. The intended use for them 1296 * is for mapping objects linear in kernel space for high use objects. 1297 * 1298 * To ensure coherency users must call dma_buf_begin_cpu_access() and 1299 * dma_buf_end_cpu_access() around any cpu access performed through this 1300 * mapping. 1301 * 1302 * Returns 0 on success, or a negative errno code otherwise. 1303 */ 1304 int dma_buf_vmap(struct dma_buf *dmabuf, struct dma_buf_map *map) 1305 { 1306 struct dma_buf_map ptr; 1307 int ret = 0; 1308 1309 dma_buf_map_clear(map); 1310 1311 if (WARN_ON(!dmabuf)) 1312 return -EINVAL; 1313 1314 if (!dmabuf->ops->vmap) 1315 return -EINVAL; 1316 1317 mutex_lock(&dmabuf->lock); 1318 if (dmabuf->vmapping_counter) { 1319 dmabuf->vmapping_counter++; 1320 BUG_ON(dma_buf_map_is_null(&dmabuf->vmap_ptr)); 1321 *map = dmabuf->vmap_ptr; 1322 goto out_unlock; 1323 } 1324 1325 BUG_ON(dma_buf_map_is_set(&dmabuf->vmap_ptr)); 1326 1327 ret = dmabuf->ops->vmap(dmabuf, &ptr); 1328 if (WARN_ON_ONCE(ret)) 1329 goto out_unlock; 1330 1331 dmabuf->vmap_ptr = ptr; 1332 dmabuf->vmapping_counter = 1; 1333 1334 *map = dmabuf->vmap_ptr; 1335 1336 out_unlock: 1337 mutex_unlock(&dmabuf->lock); 1338 return ret; 1339 } 1340 EXPORT_SYMBOL_GPL(dma_buf_vmap); 1341 1342 /** 1343 * dma_buf_vunmap - Unmap a vmap obtained by dma_buf_vmap. 1344 * @dmabuf: [in] buffer to vunmap 1345 * @map: [in] vmap pointer to vunmap 1346 */ 1347 void dma_buf_vunmap(struct dma_buf *dmabuf, struct dma_buf_map *map) 1348 { 1349 if (WARN_ON(!dmabuf)) 1350 return; 1351 1352 BUG_ON(dma_buf_map_is_null(&dmabuf->vmap_ptr)); 1353 BUG_ON(dmabuf->vmapping_counter == 0); 1354 BUG_ON(!dma_buf_map_is_equal(&dmabuf->vmap_ptr, map)); 1355 1356 mutex_lock(&dmabuf->lock); 1357 if (--dmabuf->vmapping_counter == 0) { 1358 if (dmabuf->ops->vunmap) 1359 dmabuf->ops->vunmap(dmabuf, map); 1360 dma_buf_map_clear(&dmabuf->vmap_ptr); 1361 } 1362 mutex_unlock(&dmabuf->lock); 1363 } 1364 EXPORT_SYMBOL_GPL(dma_buf_vunmap); 1365 1366 #ifdef CONFIG_DEBUG_FS 1367 static int dma_buf_debug_show(struct seq_file *s, void *unused) 1368 { 1369 struct dma_buf *buf_obj; 1370 struct dma_buf_attachment *attach_obj; 1371 struct dma_resv *robj; 1372 struct dma_resv_list *fobj; 1373 struct dma_fence *fence; 1374 int count = 0, attach_count, shared_count, i; 1375 size_t size = 0; 1376 int ret; 1377 1378 ret = mutex_lock_interruptible(&db_list.lock); 1379 1380 if (ret) 1381 return ret; 1382 1383 seq_puts(s, "\nDma-buf Objects:\n"); 1384 seq_printf(s, "%-8s\t%-8s\t%-8s\t%-8s\texp_name\t%-8s\n", 1385 "size", "flags", "mode", "count", "ino"); 1386 1387 list_for_each_entry(buf_obj, &db_list.head, list_node) { 1388 1389 ret = dma_resv_lock_interruptible(buf_obj->resv, NULL); 1390 if (ret) 1391 goto error_unlock; 1392 1393 seq_printf(s, "%08zu\t%08x\t%08x\t%08ld\t%s\t%08lu\t%s\n", 1394 buf_obj->size, 1395 buf_obj->file->f_flags, buf_obj->file->f_mode, 1396 file_count(buf_obj->file), 1397 buf_obj->exp_name, 1398 file_inode(buf_obj->file)->i_ino, 1399 buf_obj->name ?: ""); 1400 1401 robj = buf_obj->resv; 1402 fence = dma_resv_excl_fence(robj); 1403 if (fence) 1404 seq_printf(s, "\tExclusive fence: %s %s %ssignalled\n", 1405 fence->ops->get_driver_name(fence), 1406 fence->ops->get_timeline_name(fence), 1407 dma_fence_is_signaled(fence) ? "" : "un"); 1408 1409 fobj = rcu_dereference_protected(robj->fence, 1410 dma_resv_held(robj)); 1411 shared_count = fobj ? fobj->shared_count : 0; 1412 for (i = 0; i < shared_count; i++) { 1413 fence = rcu_dereference_protected(fobj->shared[i], 1414 dma_resv_held(robj)); 1415 seq_printf(s, "\tShared fence: %s %s %ssignalled\n", 1416 fence->ops->get_driver_name(fence), 1417 fence->ops->get_timeline_name(fence), 1418 dma_fence_is_signaled(fence) ? "" : "un"); 1419 } 1420 1421 seq_puts(s, "\tAttached Devices:\n"); 1422 attach_count = 0; 1423 1424 list_for_each_entry(attach_obj, &buf_obj->attachments, node) { 1425 seq_printf(s, "\t%s\n", dev_name(attach_obj->dev)); 1426 attach_count++; 1427 } 1428 dma_resv_unlock(buf_obj->resv); 1429 1430 seq_printf(s, "Total %d devices attached\n\n", 1431 attach_count); 1432 1433 count++; 1434 size += buf_obj->size; 1435 } 1436 1437 seq_printf(s, "\nTotal %d objects, %zu bytes\n", count, size); 1438 1439 mutex_unlock(&db_list.lock); 1440 return 0; 1441 1442 error_unlock: 1443 mutex_unlock(&db_list.lock); 1444 return ret; 1445 } 1446 1447 DEFINE_SHOW_ATTRIBUTE(dma_buf_debug); 1448 1449 static struct dentry *dma_buf_debugfs_dir; 1450 1451 static int dma_buf_init_debugfs(void) 1452 { 1453 struct dentry *d; 1454 int err = 0; 1455 1456 d = debugfs_create_dir("dma_buf", NULL); 1457 if (IS_ERR(d)) 1458 return PTR_ERR(d); 1459 1460 dma_buf_debugfs_dir = d; 1461 1462 d = debugfs_create_file("bufinfo", S_IRUGO, dma_buf_debugfs_dir, 1463 NULL, &dma_buf_debug_fops); 1464 if (IS_ERR(d)) { 1465 pr_debug("dma_buf: debugfs: failed to create node bufinfo\n"); 1466 debugfs_remove_recursive(dma_buf_debugfs_dir); 1467 dma_buf_debugfs_dir = NULL; 1468 err = PTR_ERR(d); 1469 } 1470 1471 return err; 1472 } 1473 1474 static void dma_buf_uninit_debugfs(void) 1475 { 1476 debugfs_remove_recursive(dma_buf_debugfs_dir); 1477 } 1478 #else 1479 static inline int dma_buf_init_debugfs(void) 1480 { 1481 return 0; 1482 } 1483 static inline void dma_buf_uninit_debugfs(void) 1484 { 1485 } 1486 #endif 1487 1488 static int __init dma_buf_init(void) 1489 { 1490 int ret; 1491 1492 ret = dma_buf_init_sysfs_statistics(); 1493 if (ret) 1494 return ret; 1495 1496 dma_buf_mnt = kern_mount(&dma_buf_fs_type); 1497 if (IS_ERR(dma_buf_mnt)) 1498 return PTR_ERR(dma_buf_mnt); 1499 1500 mutex_init(&db_list.lock); 1501 INIT_LIST_HEAD(&db_list.head); 1502 dma_buf_init_debugfs(); 1503 return 0; 1504 } 1505 subsys_initcall(dma_buf_init); 1506 1507 static void __exit dma_buf_deinit(void) 1508 { 1509 dma_buf_uninit_debugfs(); 1510 kern_unmount(dma_buf_mnt); 1511 dma_buf_uninit_sysfs_statistics(); 1512 } 1513 __exitcall(dma_buf_deinit); 1514