xref: /openbmc/linux/drivers/dma-buf/sw_sync.c (revision e2c75e76) 
1 /*
2  * Sync File validation framework
3  *
4  * Copyright (C) 2012 Google, Inc.
5  *
6  * This software is licensed under the terms of the GNU General Public
7  * License version 2, as published by the Free Software Foundation, and
8  * may be copied, distributed, and modified under those terms.
9  *
10  * This program is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13  * GNU General Public License for more details.
14  *
15  */
16 
17 #include <linux/file.h>
18 #include <linux/fs.h>
19 #include <linux/uaccess.h>
20 #include <linux/slab.h>
21 #include <linux/sync_file.h>
22 
23 #include "sync_debug.h"
24 
25 #define CREATE_TRACE_POINTS
26 #include "sync_trace.h"
27 
28 /*
29  * SW SYNC validation framework
30  *
31  * A sync object driver that uses a 32bit counter to coordinate
32  * synchronization.  Useful when there is no hardware primitive backing
33  * the synchronization.
34  *
35  * To start the framework just open:
36  *
37  * <debugfs>/sync/sw_sync
38  *
39  * That will create a sync timeline, all fences created under this timeline
40  * file descriptor will belong to the this timeline.
41  *
42  * The 'sw_sync' file can be opened many times as to create different
43  * timelines.
44  *
45  * Fences can be created with SW_SYNC_IOC_CREATE_FENCE ioctl with struct
46  * sw_sync_ioctl_create_fence as parameter.
47  *
48  * To increment the timeline counter, SW_SYNC_IOC_INC ioctl should be used
49  * with the increment as u32. This will update the last signaled value
50  * from the timeline and signal any fence that has a seqno smaller or equal
51  * to it.
52  *
53  * struct sw_sync_ioctl_create_fence
54  * @value:	the seqno to initialise the fence with
55  * @name:	the name of the new sync point
56  * @fence:	return the fd of the new sync_file with the created fence
57  */
58 struct sw_sync_create_fence_data {
59 	__u32	value;
60 	char	name[32];
61 	__s32	fence; /* fd of new fence */
62 };
63 
64 #define SW_SYNC_IOC_MAGIC	'W'
65 
66 #define SW_SYNC_IOC_CREATE_FENCE	_IOWR(SW_SYNC_IOC_MAGIC, 0,\
67 		struct sw_sync_create_fence_data)
68 
69 #define SW_SYNC_IOC_INC			_IOW(SW_SYNC_IOC_MAGIC, 1, __u32)
70 
71 static const struct dma_fence_ops timeline_fence_ops;
72 
73 static inline struct sync_pt *dma_fence_to_sync_pt(struct dma_fence *fence)
74 {
75 	if (fence->ops != &timeline_fence_ops)
76 		return NULL;
77 	return container_of(fence, struct sync_pt, base);
78 }
79 
80 /**
81  * sync_timeline_create() - creates a sync object
82  * @name:	sync_timeline name
83  *
84  * Creates a new sync_timeline. Returns the sync_timeline object or NULL in
85  * case of error.
86  */
87 static struct sync_timeline *sync_timeline_create(const char *name)
88 {
89 	struct sync_timeline *obj;
90 
91 	obj = kzalloc(sizeof(*obj), GFP_KERNEL);
92 	if (!obj)
93 		return NULL;
94 
95 	kref_init(&obj->kref);
96 	obj->context = dma_fence_context_alloc(1);
97 	strlcpy(obj->name, name, sizeof(obj->name));
98 
99 	obj->pt_tree = RB_ROOT;
100 	INIT_LIST_HEAD(&obj->pt_list);
101 	spin_lock_init(&obj->lock);
102 
103 	sync_timeline_debug_add(obj);
104 
105 	return obj;
106 }
107 
108 static void sync_timeline_free(struct kref *kref)
109 {
110 	struct sync_timeline *obj =
111 		container_of(kref, struct sync_timeline, kref);
112 
113 	sync_timeline_debug_remove(obj);
114 
115 	kfree(obj);
116 }
117 
118 static void sync_timeline_get(struct sync_timeline *obj)
119 {
120 	kref_get(&obj->kref);
121 }
122 
123 static void sync_timeline_put(struct sync_timeline *obj)
124 {
125 	kref_put(&obj->kref, sync_timeline_free);
126 }
127 
128 static const char *timeline_fence_get_driver_name(struct dma_fence *fence)
129 {
130 	return "sw_sync";
131 }
132 
133 static const char *timeline_fence_get_timeline_name(struct dma_fence *fence)
134 {
135 	struct sync_timeline *parent = dma_fence_parent(fence);
136 
137 	return parent->name;
138 }
139 
140 static void timeline_fence_release(struct dma_fence *fence)
141 {
142 	struct sync_pt *pt = dma_fence_to_sync_pt(fence);
143 	struct sync_timeline *parent = dma_fence_parent(fence);
144 
145 	if (!list_empty(&pt->link)) {
146 		unsigned long flags;
147 
148 		spin_lock_irqsave(fence->lock, flags);
149 		if (!list_empty(&pt->link)) {
150 			list_del(&pt->link);
151 			rb_erase(&pt->node, &parent->pt_tree);
152 		}
153 		spin_unlock_irqrestore(fence->lock, flags);
154 	}
155 
156 	sync_timeline_put(parent);
157 	dma_fence_free(fence);
158 }
159 
160 static bool timeline_fence_signaled(struct dma_fence *fence)
161 {
162 	struct sync_timeline *parent = dma_fence_parent(fence);
163 
164 	return !__dma_fence_is_later(fence->seqno, parent->value);
165 }
166 
167 static bool timeline_fence_enable_signaling(struct dma_fence *fence)
168 {
169 	return true;
170 }
171 
172 static void timeline_fence_value_str(struct dma_fence *fence,
173 				    char *str, int size)
174 {
175 	snprintf(str, size, "%d", fence->seqno);
176 }
177 
178 static void timeline_fence_timeline_value_str(struct dma_fence *fence,
179 					     char *str, int size)
180 {
181 	struct sync_timeline *parent = dma_fence_parent(fence);
182 
183 	snprintf(str, size, "%d", parent->value);
184 }
185 
186 static const struct dma_fence_ops timeline_fence_ops = {
187 	.get_driver_name = timeline_fence_get_driver_name,
188 	.get_timeline_name = timeline_fence_get_timeline_name,
189 	.enable_signaling = timeline_fence_enable_signaling,
190 	.signaled = timeline_fence_signaled,
191 	.wait = dma_fence_default_wait,
192 	.release = timeline_fence_release,
193 	.fence_value_str = timeline_fence_value_str,
194 	.timeline_value_str = timeline_fence_timeline_value_str,
195 };
196 
197 /**
198  * sync_timeline_signal() - signal a status change on a sync_timeline
199  * @obj:	sync_timeline to signal
200  * @inc:	num to increment on timeline->value
201  *
202  * A sync implementation should call this any time one of it's fences
203  * has signaled or has an error condition.
204  */
205 static void sync_timeline_signal(struct sync_timeline *obj, unsigned int inc)
206 {
207 	struct sync_pt *pt, *next;
208 
209 	trace_sync_timeline(obj);
210 
211 	spin_lock_irq(&obj->lock);
212 
213 	obj->value += inc;
214 
215 	list_for_each_entry_safe(pt, next, &obj->pt_list, link) {
216 		if (!timeline_fence_signaled(&pt->base))
217 			break;
218 
219 		list_del_init(&pt->link);
220 		rb_erase(&pt->node, &obj->pt_tree);
221 
222 		/*
223 		 * A signal callback may release the last reference to this
224 		 * fence, causing it to be freed. That operation has to be
225 		 * last to avoid a use after free inside this loop, and must
226 		 * be after we remove the fence from the timeline in order to
227 		 * prevent deadlocking on timeline->lock inside
228 		 * timeline_fence_release().
229 		 */
230 		dma_fence_signal_locked(&pt->base);
231 	}
232 
233 	spin_unlock_irq(&obj->lock);
234 }
235 
236 /**
237  * sync_pt_create() - creates a sync pt
238  * @parent:	fence's parent sync_timeline
239  * @inc:	value of the fence
240  *
241  * Creates a new sync_pt as a child of @parent.  @size bytes will be
242  * allocated allowing for implementation specific data to be kept after
243  * the generic sync_timeline struct. Returns the sync_pt object or
244  * NULL in case of error.
245  */
246 static struct sync_pt *sync_pt_create(struct sync_timeline *obj,
247 				      unsigned int value)
248 {
249 	struct sync_pt *pt;
250 
251 	pt = kzalloc(sizeof(*pt), GFP_KERNEL);
252 	if (!pt)
253 		return NULL;
254 
255 	sync_timeline_get(obj);
256 	dma_fence_init(&pt->base, &timeline_fence_ops, &obj->lock,
257 		       obj->context, value);
258 	INIT_LIST_HEAD(&pt->link);
259 
260 	spin_lock_irq(&obj->lock);
261 	if (!dma_fence_is_signaled_locked(&pt->base)) {
262 		struct rb_node **p = &obj->pt_tree.rb_node;
263 		struct rb_node *parent = NULL;
264 
265 		while (*p) {
266 			struct sync_pt *other;
267 			int cmp;
268 
269 			parent = *p;
270 			other = rb_entry(parent, typeof(*pt), node);
271 			cmp = value - other->base.seqno;
272 			if (cmp > 0) {
273 				p = &parent->rb_right;
274 			} else if (cmp < 0) {
275 				p = &parent->rb_left;
276 			} else {
277 				if (dma_fence_get_rcu(&other->base)) {
278 					dma_fence_put(&pt->base);
279 					pt = other;
280 					goto unlock;
281 				}
282 				p = &parent->rb_left;
283 			}
284 		}
285 		rb_link_node(&pt->node, parent, p);
286 		rb_insert_color(&pt->node, &obj->pt_tree);
287 
288 		parent = rb_next(&pt->node);
289 		list_add_tail(&pt->link,
290 			      parent ? &rb_entry(parent, typeof(*pt), node)->link : &obj->pt_list);
291 	}
292 unlock:
293 	spin_unlock_irq(&obj->lock);
294 
295 	return pt;
296 }
297 
298 /*
299  * *WARNING*
300  *
301  * improper use of this can result in deadlocking kernel drivers from userspace.
302  */
303 
304 /* opening sw_sync create a new sync obj */
305 static int sw_sync_debugfs_open(struct inode *inode, struct file *file)
306 {
307 	struct sync_timeline *obj;
308 	char task_comm[TASK_COMM_LEN];
309 
310 	get_task_comm(task_comm, current);
311 
312 	obj = sync_timeline_create(task_comm);
313 	if (!obj)
314 		return -ENOMEM;
315 
316 	file->private_data = obj;
317 
318 	return 0;
319 }
320 
321 static int sw_sync_debugfs_release(struct inode *inode, struct file *file)
322 {
323 	struct sync_timeline *obj = file->private_data;
324 	struct sync_pt *pt, *next;
325 
326 	spin_lock_irq(&obj->lock);
327 
328 	list_for_each_entry_safe(pt, next, &obj->pt_list, link) {
329 		dma_fence_set_error(&pt->base, -ENOENT);
330 		dma_fence_signal_locked(&pt->base);
331 	}
332 
333 	spin_unlock_irq(&obj->lock);
334 
335 	sync_timeline_put(obj);
336 	return 0;
337 }
338 
339 static long sw_sync_ioctl_create_fence(struct sync_timeline *obj,
340 				       unsigned long arg)
341 {
342 	int fd = get_unused_fd_flags(O_CLOEXEC);
343 	int err;
344 	struct sync_pt *pt;
345 	struct sync_file *sync_file;
346 	struct sw_sync_create_fence_data data;
347 
348 	if (fd < 0)
349 		return fd;
350 
351 	if (copy_from_user(&data, (void __user *)arg, sizeof(data))) {
352 		err = -EFAULT;
353 		goto err;
354 	}
355 
356 	pt = sync_pt_create(obj, data.value);
357 	if (!pt) {
358 		err = -ENOMEM;
359 		goto err;
360 	}
361 
362 	sync_file = sync_file_create(&pt->base);
363 	dma_fence_put(&pt->base);
364 	if (!sync_file) {
365 		err = -ENOMEM;
366 		goto err;
367 	}
368 
369 	data.fence = fd;
370 	if (copy_to_user((void __user *)arg, &data, sizeof(data))) {
371 		fput(sync_file->file);
372 		err = -EFAULT;
373 		goto err;
374 	}
375 
376 	fd_install(fd, sync_file->file);
377 
378 	return 0;
379 
380 err:
381 	put_unused_fd(fd);
382 	return err;
383 }
384 
385 static long sw_sync_ioctl_inc(struct sync_timeline *obj, unsigned long arg)
386 {
387 	u32 value;
388 
389 	if (copy_from_user(&value, (void __user *)arg, sizeof(value)))
390 		return -EFAULT;
391 
392 	while (value > INT_MAX)  {
393 		sync_timeline_signal(obj, INT_MAX);
394 		value -= INT_MAX;
395 	}
396 
397 	sync_timeline_signal(obj, value);
398 
399 	return 0;
400 }
401 
402 static long sw_sync_ioctl(struct file *file, unsigned int cmd,
403 			  unsigned long arg)
404 {
405 	struct sync_timeline *obj = file->private_data;
406 
407 	switch (cmd) {
408 	case SW_SYNC_IOC_CREATE_FENCE:
409 		return sw_sync_ioctl_create_fence(obj, arg);
410 
411 	case SW_SYNC_IOC_INC:
412 		return sw_sync_ioctl_inc(obj, arg);
413 
414 	default:
415 		return -ENOTTY;
416 	}
417 }
418 
419 const struct file_operations sw_sync_debugfs_fops = {
420 	.open           = sw_sync_debugfs_open,
421 	.release        = sw_sync_debugfs_release,
422 	.unlocked_ioctl = sw_sync_ioctl,
423 	.compat_ioctl	= sw_sync_ioctl,
424 };
425