1 /* 2 * Copyright © 2008 Intel Corporation 3 * 4 * Permission is hereby granted, free of charge, to any person obtaining a 5 * copy of this software and associated documentation files (the "Software"), 6 * to deal in the Software without restriction, including without limitation 7 * the rights to use, copy, modify, merge, publish, distribute, sublicense, 8 * and/or sell copies of the Software, and to permit persons to whom the 9 * Software is furnished to do so, subject to the following conditions: 10 * 11 * The above copyright notice and this permission notice (including the next 12 * paragraph) shall be included in all copies or substantial portions of the 13 * Software. 14 * 15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 18 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 20 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS 21 * IN THE SOFTWARE. 22 * 23 * Authors: 24 * Eric Anholt <eric@anholt.net> 25 * 26 */ 27 28 #include <linux/types.h> 29 #include <linux/slab.h> 30 #include <linux/mm.h> 31 #include <linux/uaccess.h> 32 #include <linux/fs.h> 33 #include <linux/file.h> 34 #include <linux/module.h> 35 #include <linux/mman.h> 36 #include <linux/pagemap.h> 37 #include <linux/shmem_fs.h> 38 #include <linux/dma-buf.h> 39 #include <linux/mem_encrypt.h> 40 #include <linux/pagevec.h> 41 #include <drm/drmP.h> 42 #include <drm/drm_vma_manager.h> 43 #include <drm/drm_gem.h> 44 #include <drm/drm_print.h> 45 #include "drm_internal.h" 46 47 /** @file drm_gem.c 48 * 49 * This file provides some of the base ioctls and library routines for 50 * the graphics memory manager implemented by each device driver. 51 * 52 * Because various devices have different requirements in terms of 53 * synchronization and migration strategies, implementing that is left up to 54 * the driver, and all that the general API provides should be generic -- 55 * allocating objects, reading/writing data with the cpu, freeing objects. 56 * Even there, platform-dependent optimizations for reading/writing data with 57 * the CPU mean we'll likely hook those out to driver-specific calls. However, 58 * the DRI2 implementation wants to have at least allocate/mmap be generic. 59 * 60 * The goal was to have swap-backed object allocation managed through 61 * struct file. However, file descriptors as handles to a struct file have 62 * two major failings: 63 * - Process limits prevent more than 1024 or so being used at a time by 64 * default. 65 * - Inability to allocate high fds will aggravate the X Server's select() 66 * handling, and likely that of many GL client applications as well. 67 * 68 * This led to a plan of using our own integer IDs (called handles, following 69 * DRM terminology) to mimic fds, and implement the fd syscalls we need as 70 * ioctls. The objects themselves will still include the struct file so 71 * that we can transition to fds if the required kernel infrastructure shows 72 * up at a later date, and as our interface with shmfs for memory allocation. 73 */ 74 75 /** 76 * drm_gem_init - Initialize the GEM device fields 77 * @dev: drm_devic structure to initialize 78 */ 79 int 80 drm_gem_init(struct drm_device *dev) 81 { 82 struct drm_vma_offset_manager *vma_offset_manager; 83 84 mutex_init(&dev->object_name_lock); 85 idr_init_base(&dev->object_name_idr, 1); 86 87 vma_offset_manager = kzalloc(sizeof(*vma_offset_manager), GFP_KERNEL); 88 if (!vma_offset_manager) { 89 DRM_ERROR("out of memory\n"); 90 return -ENOMEM; 91 } 92 93 dev->vma_offset_manager = vma_offset_manager; 94 drm_vma_offset_manager_init(vma_offset_manager, 95 DRM_FILE_PAGE_OFFSET_START, 96 DRM_FILE_PAGE_OFFSET_SIZE); 97 98 return 0; 99 } 100 101 void 102 drm_gem_destroy(struct drm_device *dev) 103 { 104 105 drm_vma_offset_manager_destroy(dev->vma_offset_manager); 106 kfree(dev->vma_offset_manager); 107 dev->vma_offset_manager = NULL; 108 } 109 110 /** 111 * drm_gem_object_init - initialize an allocated shmem-backed GEM object 112 * @dev: drm_device the object should be initialized for 113 * @obj: drm_gem_object to initialize 114 * @size: object size 115 * 116 * Initialize an already allocated GEM object of the specified size with 117 * shmfs backing store. 118 */ 119 int drm_gem_object_init(struct drm_device *dev, 120 struct drm_gem_object *obj, size_t size) 121 { 122 struct file *filp; 123 124 drm_gem_private_object_init(dev, obj, size); 125 126 filp = shmem_file_setup("drm mm object", size, VM_NORESERVE); 127 if (IS_ERR(filp)) 128 return PTR_ERR(filp); 129 130 obj->filp = filp; 131 132 return 0; 133 } 134 EXPORT_SYMBOL(drm_gem_object_init); 135 136 /** 137 * drm_gem_private_object_init - initialize an allocated private GEM object 138 * @dev: drm_device the object should be initialized for 139 * @obj: drm_gem_object to initialize 140 * @size: object size 141 * 142 * Initialize an already allocated GEM object of the specified size with 143 * no GEM provided backing store. Instead the caller is responsible for 144 * backing the object and handling it. 145 */ 146 void drm_gem_private_object_init(struct drm_device *dev, 147 struct drm_gem_object *obj, size_t size) 148 { 149 BUG_ON((size & (PAGE_SIZE - 1)) != 0); 150 151 obj->dev = dev; 152 obj->filp = NULL; 153 154 kref_init(&obj->refcount); 155 obj->handle_count = 0; 156 obj->size = size; 157 reservation_object_init(&obj->_resv); 158 if (!obj->resv) 159 obj->resv = &obj->_resv; 160 161 drm_vma_node_reset(&obj->vma_node); 162 } 163 EXPORT_SYMBOL(drm_gem_private_object_init); 164 165 static void 166 drm_gem_remove_prime_handles(struct drm_gem_object *obj, struct drm_file *filp) 167 { 168 /* 169 * Note: obj->dma_buf can't disappear as long as we still hold a 170 * handle reference in obj->handle_count. 171 */ 172 mutex_lock(&filp->prime.lock); 173 if (obj->dma_buf) { 174 drm_prime_remove_buf_handle_locked(&filp->prime, 175 obj->dma_buf); 176 } 177 mutex_unlock(&filp->prime.lock); 178 } 179 180 /** 181 * drm_gem_object_handle_free - release resources bound to userspace handles 182 * @obj: GEM object to clean up. 183 * 184 * Called after the last handle to the object has been closed 185 * 186 * Removes any name for the object. Note that this must be 187 * called before drm_gem_object_free or we'll be touching 188 * freed memory 189 */ 190 static void drm_gem_object_handle_free(struct drm_gem_object *obj) 191 { 192 struct drm_device *dev = obj->dev; 193 194 /* Remove any name for this object */ 195 if (obj->name) { 196 idr_remove(&dev->object_name_idr, obj->name); 197 obj->name = 0; 198 } 199 } 200 201 static void drm_gem_object_exported_dma_buf_free(struct drm_gem_object *obj) 202 { 203 /* Unbreak the reference cycle if we have an exported dma_buf. */ 204 if (obj->dma_buf) { 205 dma_buf_put(obj->dma_buf); 206 obj->dma_buf = NULL; 207 } 208 } 209 210 static void 211 drm_gem_object_handle_put_unlocked(struct drm_gem_object *obj) 212 { 213 struct drm_device *dev = obj->dev; 214 bool final = false; 215 216 if (WARN_ON(obj->handle_count == 0)) 217 return; 218 219 /* 220 * Must bump handle count first as this may be the last 221 * ref, in which case the object would disappear before we 222 * checked for a name 223 */ 224 225 mutex_lock(&dev->object_name_lock); 226 if (--obj->handle_count == 0) { 227 drm_gem_object_handle_free(obj); 228 drm_gem_object_exported_dma_buf_free(obj); 229 final = true; 230 } 231 mutex_unlock(&dev->object_name_lock); 232 233 if (final) 234 drm_gem_object_put_unlocked(obj); 235 } 236 237 /* 238 * Called at device or object close to release the file's 239 * handle references on objects. 240 */ 241 static int 242 drm_gem_object_release_handle(int id, void *ptr, void *data) 243 { 244 struct drm_file *file_priv = data; 245 struct drm_gem_object *obj = ptr; 246 struct drm_device *dev = obj->dev; 247 248 if (obj->funcs && obj->funcs->close) 249 obj->funcs->close(obj, file_priv); 250 else if (dev->driver->gem_close_object) 251 dev->driver->gem_close_object(obj, file_priv); 252 253 if (drm_core_check_feature(dev, DRIVER_PRIME)) 254 drm_gem_remove_prime_handles(obj, file_priv); 255 drm_vma_node_revoke(&obj->vma_node, file_priv); 256 257 drm_gem_object_handle_put_unlocked(obj); 258 259 return 0; 260 } 261 262 /** 263 * drm_gem_handle_delete - deletes the given file-private handle 264 * @filp: drm file-private structure to use for the handle look up 265 * @handle: userspace handle to delete 266 * 267 * Removes the GEM handle from the @filp lookup table which has been added with 268 * drm_gem_handle_create(). If this is the last handle also cleans up linked 269 * resources like GEM names. 270 */ 271 int 272 drm_gem_handle_delete(struct drm_file *filp, u32 handle) 273 { 274 struct drm_gem_object *obj; 275 276 spin_lock(&filp->table_lock); 277 278 /* Check if we currently have a reference on the object */ 279 obj = idr_replace(&filp->object_idr, NULL, handle); 280 spin_unlock(&filp->table_lock); 281 if (IS_ERR_OR_NULL(obj)) 282 return -EINVAL; 283 284 /* Release driver's reference and decrement refcount. */ 285 drm_gem_object_release_handle(handle, obj, filp); 286 287 /* And finally make the handle available for future allocations. */ 288 spin_lock(&filp->table_lock); 289 idr_remove(&filp->object_idr, handle); 290 spin_unlock(&filp->table_lock); 291 292 return 0; 293 } 294 EXPORT_SYMBOL(drm_gem_handle_delete); 295 296 /** 297 * drm_gem_dumb_map_offset - return the fake mmap offset for a gem object 298 * @file: drm file-private structure containing the gem object 299 * @dev: corresponding drm_device 300 * @handle: gem object handle 301 * @offset: return location for the fake mmap offset 302 * 303 * This implements the &drm_driver.dumb_map_offset kms driver callback for 304 * drivers which use gem to manage their backing storage. 305 * 306 * Returns: 307 * 0 on success or a negative error code on failure. 308 */ 309 int drm_gem_dumb_map_offset(struct drm_file *file, struct drm_device *dev, 310 u32 handle, u64 *offset) 311 { 312 struct drm_gem_object *obj; 313 int ret; 314 315 obj = drm_gem_object_lookup(file, handle); 316 if (!obj) 317 return -ENOENT; 318 319 /* Don't allow imported objects to be mapped */ 320 if (obj->import_attach) { 321 ret = -EINVAL; 322 goto out; 323 } 324 325 ret = drm_gem_create_mmap_offset(obj); 326 if (ret) 327 goto out; 328 329 *offset = drm_vma_node_offset_addr(&obj->vma_node); 330 out: 331 drm_gem_object_put_unlocked(obj); 332 333 return ret; 334 } 335 EXPORT_SYMBOL_GPL(drm_gem_dumb_map_offset); 336 337 /** 338 * drm_gem_dumb_destroy - dumb fb callback helper for gem based drivers 339 * @file: drm file-private structure to remove the dumb handle from 340 * @dev: corresponding drm_device 341 * @handle: the dumb handle to remove 342 * 343 * This implements the &drm_driver.dumb_destroy kms driver callback for drivers 344 * which use gem to manage their backing storage. 345 */ 346 int drm_gem_dumb_destroy(struct drm_file *file, 347 struct drm_device *dev, 348 uint32_t handle) 349 { 350 return drm_gem_handle_delete(file, handle); 351 } 352 EXPORT_SYMBOL(drm_gem_dumb_destroy); 353 354 /** 355 * drm_gem_handle_create_tail - internal functions to create a handle 356 * @file_priv: drm file-private structure to register the handle for 357 * @obj: object to register 358 * @handlep: pointer to return the created handle to the caller 359 * 360 * This expects the &drm_device.object_name_lock to be held already and will 361 * drop it before returning. Used to avoid races in establishing new handles 362 * when importing an object from either an flink name or a dma-buf. 363 * 364 * Handles must be release again through drm_gem_handle_delete(). This is done 365 * when userspace closes @file_priv for all attached handles, or through the 366 * GEM_CLOSE ioctl for individual handles. 367 */ 368 int 369 drm_gem_handle_create_tail(struct drm_file *file_priv, 370 struct drm_gem_object *obj, 371 u32 *handlep) 372 { 373 struct drm_device *dev = obj->dev; 374 u32 handle; 375 int ret; 376 377 WARN_ON(!mutex_is_locked(&dev->object_name_lock)); 378 if (obj->handle_count++ == 0) 379 drm_gem_object_get(obj); 380 381 /* 382 * Get the user-visible handle using idr. Preload and perform 383 * allocation under our spinlock. 384 */ 385 idr_preload(GFP_KERNEL); 386 spin_lock(&file_priv->table_lock); 387 388 ret = idr_alloc(&file_priv->object_idr, obj, 1, 0, GFP_NOWAIT); 389 390 spin_unlock(&file_priv->table_lock); 391 idr_preload_end(); 392 393 mutex_unlock(&dev->object_name_lock); 394 if (ret < 0) 395 goto err_unref; 396 397 handle = ret; 398 399 ret = drm_vma_node_allow(&obj->vma_node, file_priv); 400 if (ret) 401 goto err_remove; 402 403 if (obj->funcs && obj->funcs->open) { 404 ret = obj->funcs->open(obj, file_priv); 405 if (ret) 406 goto err_revoke; 407 } else if (dev->driver->gem_open_object) { 408 ret = dev->driver->gem_open_object(obj, file_priv); 409 if (ret) 410 goto err_revoke; 411 } 412 413 *handlep = handle; 414 return 0; 415 416 err_revoke: 417 drm_vma_node_revoke(&obj->vma_node, file_priv); 418 err_remove: 419 spin_lock(&file_priv->table_lock); 420 idr_remove(&file_priv->object_idr, handle); 421 spin_unlock(&file_priv->table_lock); 422 err_unref: 423 drm_gem_object_handle_put_unlocked(obj); 424 return ret; 425 } 426 427 /** 428 * drm_gem_handle_create - create a gem handle for an object 429 * @file_priv: drm file-private structure to register the handle for 430 * @obj: object to register 431 * @handlep: pionter to return the created handle to the caller 432 * 433 * Create a handle for this object. This adds a handle reference to the object, 434 * which includes a regular reference count. Callers will likely want to 435 * dereference the object afterwards. 436 * 437 * Since this publishes @obj to userspace it must be fully set up by this point, 438 * drivers must call this last in their buffer object creation callbacks. 439 */ 440 int drm_gem_handle_create(struct drm_file *file_priv, 441 struct drm_gem_object *obj, 442 u32 *handlep) 443 { 444 mutex_lock(&obj->dev->object_name_lock); 445 446 return drm_gem_handle_create_tail(file_priv, obj, handlep); 447 } 448 EXPORT_SYMBOL(drm_gem_handle_create); 449 450 451 /** 452 * drm_gem_free_mmap_offset - release a fake mmap offset for an object 453 * @obj: obj in question 454 * 455 * This routine frees fake offsets allocated by drm_gem_create_mmap_offset(). 456 * 457 * Note that drm_gem_object_release() already calls this function, so drivers 458 * don't have to take care of releasing the mmap offset themselves when freeing 459 * the GEM object. 460 */ 461 void 462 drm_gem_free_mmap_offset(struct drm_gem_object *obj) 463 { 464 struct drm_device *dev = obj->dev; 465 466 drm_vma_offset_remove(dev->vma_offset_manager, &obj->vma_node); 467 } 468 EXPORT_SYMBOL(drm_gem_free_mmap_offset); 469 470 /** 471 * drm_gem_create_mmap_offset_size - create a fake mmap offset for an object 472 * @obj: obj in question 473 * @size: the virtual size 474 * 475 * GEM memory mapping works by handing back to userspace a fake mmap offset 476 * it can use in a subsequent mmap(2) call. The DRM core code then looks 477 * up the object based on the offset and sets up the various memory mapping 478 * structures. 479 * 480 * This routine allocates and attaches a fake offset for @obj, in cases where 481 * the virtual size differs from the physical size (ie. &drm_gem_object.size). 482 * Otherwise just use drm_gem_create_mmap_offset(). 483 * 484 * This function is idempotent and handles an already allocated mmap offset 485 * transparently. Drivers do not need to check for this case. 486 */ 487 int 488 drm_gem_create_mmap_offset_size(struct drm_gem_object *obj, size_t size) 489 { 490 struct drm_device *dev = obj->dev; 491 492 return drm_vma_offset_add(dev->vma_offset_manager, &obj->vma_node, 493 size / PAGE_SIZE); 494 } 495 EXPORT_SYMBOL(drm_gem_create_mmap_offset_size); 496 497 /** 498 * drm_gem_create_mmap_offset - create a fake mmap offset for an object 499 * @obj: obj in question 500 * 501 * GEM memory mapping works by handing back to userspace a fake mmap offset 502 * it can use in a subsequent mmap(2) call. The DRM core code then looks 503 * up the object based on the offset and sets up the various memory mapping 504 * structures. 505 * 506 * This routine allocates and attaches a fake offset for @obj. 507 * 508 * Drivers can call drm_gem_free_mmap_offset() before freeing @obj to release 509 * the fake offset again. 510 */ 511 int drm_gem_create_mmap_offset(struct drm_gem_object *obj) 512 { 513 return drm_gem_create_mmap_offset_size(obj, obj->size); 514 } 515 EXPORT_SYMBOL(drm_gem_create_mmap_offset); 516 517 /* 518 * Move pages to appropriate lru and release the pagevec, decrementing the 519 * ref count of those pages. 520 */ 521 static void drm_gem_check_release_pagevec(struct pagevec *pvec) 522 { 523 check_move_unevictable_pages(pvec); 524 __pagevec_release(pvec); 525 cond_resched(); 526 } 527 528 /** 529 * drm_gem_get_pages - helper to allocate backing pages for a GEM object 530 * from shmem 531 * @obj: obj in question 532 * 533 * This reads the page-array of the shmem-backing storage of the given gem 534 * object. An array of pages is returned. If a page is not allocated or 535 * swapped-out, this will allocate/swap-in the required pages. Note that the 536 * whole object is covered by the page-array and pinned in memory. 537 * 538 * Use drm_gem_put_pages() to release the array and unpin all pages. 539 * 540 * This uses the GFP-mask set on the shmem-mapping (see mapping_set_gfp_mask()). 541 * If you require other GFP-masks, you have to do those allocations yourself. 542 * 543 * Note that you are not allowed to change gfp-zones during runtime. That is, 544 * shmem_read_mapping_page_gfp() must be called with the same gfp_zone(gfp) as 545 * set during initialization. If you have special zone constraints, set them 546 * after drm_gem_object_init() via mapping_set_gfp_mask(). shmem-core takes care 547 * to keep pages in the required zone during swap-in. 548 */ 549 struct page **drm_gem_get_pages(struct drm_gem_object *obj) 550 { 551 struct address_space *mapping; 552 struct page *p, **pages; 553 struct pagevec pvec; 554 int i, npages; 555 556 /* This is the shared memory object that backs the GEM resource */ 557 mapping = obj->filp->f_mapping; 558 559 /* We already BUG_ON() for non-page-aligned sizes in 560 * drm_gem_object_init(), so we should never hit this unless 561 * driver author is doing something really wrong: 562 */ 563 WARN_ON((obj->size & (PAGE_SIZE - 1)) != 0); 564 565 npages = obj->size >> PAGE_SHIFT; 566 567 pages = kvmalloc_array(npages, sizeof(struct page *), GFP_KERNEL); 568 if (pages == NULL) 569 return ERR_PTR(-ENOMEM); 570 571 mapping_set_unevictable(mapping); 572 573 for (i = 0; i < npages; i++) { 574 p = shmem_read_mapping_page(mapping, i); 575 if (IS_ERR(p)) 576 goto fail; 577 pages[i] = p; 578 579 /* Make sure shmem keeps __GFP_DMA32 allocated pages in the 580 * correct region during swapin. Note that this requires 581 * __GFP_DMA32 to be set in mapping_gfp_mask(inode->i_mapping) 582 * so shmem can relocate pages during swapin if required. 583 */ 584 BUG_ON(mapping_gfp_constraint(mapping, __GFP_DMA32) && 585 (page_to_pfn(p) >= 0x00100000UL)); 586 } 587 588 return pages; 589 590 fail: 591 mapping_clear_unevictable(mapping); 592 pagevec_init(&pvec); 593 while (i--) { 594 if (!pagevec_add(&pvec, pages[i])) 595 drm_gem_check_release_pagevec(&pvec); 596 } 597 if (pagevec_count(&pvec)) 598 drm_gem_check_release_pagevec(&pvec); 599 600 kvfree(pages); 601 return ERR_CAST(p); 602 } 603 EXPORT_SYMBOL(drm_gem_get_pages); 604 605 /** 606 * drm_gem_put_pages - helper to free backing pages for a GEM object 607 * @obj: obj in question 608 * @pages: pages to free 609 * @dirty: if true, pages will be marked as dirty 610 * @accessed: if true, the pages will be marked as accessed 611 */ 612 void drm_gem_put_pages(struct drm_gem_object *obj, struct page **pages, 613 bool dirty, bool accessed) 614 { 615 int i, npages; 616 struct address_space *mapping; 617 struct pagevec pvec; 618 619 mapping = file_inode(obj->filp)->i_mapping; 620 mapping_clear_unevictable(mapping); 621 622 /* We already BUG_ON() for non-page-aligned sizes in 623 * drm_gem_object_init(), so we should never hit this unless 624 * driver author is doing something really wrong: 625 */ 626 WARN_ON((obj->size & (PAGE_SIZE - 1)) != 0); 627 628 npages = obj->size >> PAGE_SHIFT; 629 630 pagevec_init(&pvec); 631 for (i = 0; i < npages; i++) { 632 if (dirty) 633 set_page_dirty(pages[i]); 634 635 if (accessed) 636 mark_page_accessed(pages[i]); 637 638 /* Undo the reference we took when populating the table */ 639 if (!pagevec_add(&pvec, pages[i])) 640 drm_gem_check_release_pagevec(&pvec); 641 } 642 if (pagevec_count(&pvec)) 643 drm_gem_check_release_pagevec(&pvec); 644 645 kvfree(pages); 646 } 647 EXPORT_SYMBOL(drm_gem_put_pages); 648 649 /** 650 * drm_gem_object_lookup - look up a GEM object from its handle 651 * @filp: DRM file private date 652 * @handle: userspace handle 653 * 654 * Returns: 655 * 656 * A reference to the object named by the handle if such exists on @filp, NULL 657 * otherwise. 658 */ 659 struct drm_gem_object * 660 drm_gem_object_lookup(struct drm_file *filp, u32 handle) 661 { 662 struct drm_gem_object *obj; 663 664 spin_lock(&filp->table_lock); 665 666 /* Check if we currently have a reference on the object */ 667 obj = idr_find(&filp->object_idr, handle); 668 if (obj) 669 drm_gem_object_get(obj); 670 671 spin_unlock(&filp->table_lock); 672 673 return obj; 674 } 675 EXPORT_SYMBOL(drm_gem_object_lookup); 676 677 /** 678 * drm_gem_reservation_object_wait - Wait on GEM object's reservation's objects 679 * shared and/or exclusive fences. 680 * @filep: DRM file private date 681 * @handle: userspace handle 682 * @wait_all: if true, wait on all fences, else wait on just exclusive fence 683 * @timeout: timeout value in jiffies or zero to return immediately 684 * 685 * Returns: 686 * 687 * Returns -ERESTARTSYS if interrupted, 0 if the wait timed out, or 688 * greater than 0 on success. 689 */ 690 long drm_gem_reservation_object_wait(struct drm_file *filep, u32 handle, 691 bool wait_all, unsigned long timeout) 692 { 693 long ret; 694 struct drm_gem_object *obj; 695 696 obj = drm_gem_object_lookup(filep, handle); 697 if (!obj) { 698 DRM_DEBUG("Failed to look up GEM BO %d\n", handle); 699 return -EINVAL; 700 } 701 702 ret = reservation_object_wait_timeout_rcu(obj->resv, wait_all, 703 true, timeout); 704 if (ret == 0) 705 ret = -ETIME; 706 else if (ret > 0) 707 ret = 0; 708 709 drm_gem_object_put_unlocked(obj); 710 711 return ret; 712 } 713 EXPORT_SYMBOL(drm_gem_reservation_object_wait); 714 715 /** 716 * drm_gem_close_ioctl - implementation of the GEM_CLOSE ioctl 717 * @dev: drm_device 718 * @data: ioctl data 719 * @file_priv: drm file-private structure 720 * 721 * Releases the handle to an mm object. 722 */ 723 int 724 drm_gem_close_ioctl(struct drm_device *dev, void *data, 725 struct drm_file *file_priv) 726 { 727 struct drm_gem_close *args = data; 728 int ret; 729 730 if (!drm_core_check_feature(dev, DRIVER_GEM)) 731 return -EOPNOTSUPP; 732 733 ret = drm_gem_handle_delete(file_priv, args->handle); 734 735 return ret; 736 } 737 738 /** 739 * drm_gem_flink_ioctl - implementation of the GEM_FLINK ioctl 740 * @dev: drm_device 741 * @data: ioctl data 742 * @file_priv: drm file-private structure 743 * 744 * Create a global name for an object, returning the name. 745 * 746 * Note that the name does not hold a reference; when the object 747 * is freed, the name goes away. 748 */ 749 int 750 drm_gem_flink_ioctl(struct drm_device *dev, void *data, 751 struct drm_file *file_priv) 752 { 753 struct drm_gem_flink *args = data; 754 struct drm_gem_object *obj; 755 int ret; 756 757 if (!drm_core_check_feature(dev, DRIVER_GEM)) 758 return -EOPNOTSUPP; 759 760 obj = drm_gem_object_lookup(file_priv, args->handle); 761 if (obj == NULL) 762 return -ENOENT; 763 764 mutex_lock(&dev->object_name_lock); 765 /* prevent races with concurrent gem_close. */ 766 if (obj->handle_count == 0) { 767 ret = -ENOENT; 768 goto err; 769 } 770 771 if (!obj->name) { 772 ret = idr_alloc(&dev->object_name_idr, obj, 1, 0, GFP_KERNEL); 773 if (ret < 0) 774 goto err; 775 776 obj->name = ret; 777 } 778 779 args->name = (uint64_t) obj->name; 780 ret = 0; 781 782 err: 783 mutex_unlock(&dev->object_name_lock); 784 drm_gem_object_put_unlocked(obj); 785 return ret; 786 } 787 788 /** 789 * drm_gem_open - implementation of the GEM_OPEN ioctl 790 * @dev: drm_device 791 * @data: ioctl data 792 * @file_priv: drm file-private structure 793 * 794 * Open an object using the global name, returning a handle and the size. 795 * 796 * This handle (of course) holds a reference to the object, so the object 797 * will not go away until the handle is deleted. 798 */ 799 int 800 drm_gem_open_ioctl(struct drm_device *dev, void *data, 801 struct drm_file *file_priv) 802 { 803 struct drm_gem_open *args = data; 804 struct drm_gem_object *obj; 805 int ret; 806 u32 handle; 807 808 if (!drm_core_check_feature(dev, DRIVER_GEM)) 809 return -EOPNOTSUPP; 810 811 mutex_lock(&dev->object_name_lock); 812 obj = idr_find(&dev->object_name_idr, (int) args->name); 813 if (obj) { 814 drm_gem_object_get(obj); 815 } else { 816 mutex_unlock(&dev->object_name_lock); 817 return -ENOENT; 818 } 819 820 /* drm_gem_handle_create_tail unlocks dev->object_name_lock. */ 821 ret = drm_gem_handle_create_tail(file_priv, obj, &handle); 822 drm_gem_object_put_unlocked(obj); 823 if (ret) 824 return ret; 825 826 args->handle = handle; 827 args->size = obj->size; 828 829 return 0; 830 } 831 832 /** 833 * gem_gem_open - initalizes GEM file-private structures at devnode open time 834 * @dev: drm_device which is being opened by userspace 835 * @file_private: drm file-private structure to set up 836 * 837 * Called at device open time, sets up the structure for handling refcounting 838 * of mm objects. 839 */ 840 void 841 drm_gem_open(struct drm_device *dev, struct drm_file *file_private) 842 { 843 idr_init_base(&file_private->object_idr, 1); 844 spin_lock_init(&file_private->table_lock); 845 } 846 847 /** 848 * drm_gem_release - release file-private GEM resources 849 * @dev: drm_device which is being closed by userspace 850 * @file_private: drm file-private structure to clean up 851 * 852 * Called at close time when the filp is going away. 853 * 854 * Releases any remaining references on objects by this filp. 855 */ 856 void 857 drm_gem_release(struct drm_device *dev, struct drm_file *file_private) 858 { 859 idr_for_each(&file_private->object_idr, 860 &drm_gem_object_release_handle, file_private); 861 idr_destroy(&file_private->object_idr); 862 } 863 864 /** 865 * drm_gem_object_release - release GEM buffer object resources 866 * @obj: GEM buffer object 867 * 868 * This releases any structures and resources used by @obj and is the invers of 869 * drm_gem_object_init(). 870 */ 871 void 872 drm_gem_object_release(struct drm_gem_object *obj) 873 { 874 WARN_ON(obj->dma_buf); 875 876 if (obj->filp) 877 fput(obj->filp); 878 879 reservation_object_fini(&obj->_resv); 880 drm_gem_free_mmap_offset(obj); 881 } 882 EXPORT_SYMBOL(drm_gem_object_release); 883 884 /** 885 * drm_gem_object_free - free a GEM object 886 * @kref: kref of the object to free 887 * 888 * Called after the last reference to the object has been lost. 889 * Must be called holding &drm_device.struct_mutex. 890 * 891 * Frees the object 892 */ 893 void 894 drm_gem_object_free(struct kref *kref) 895 { 896 struct drm_gem_object *obj = 897 container_of(kref, struct drm_gem_object, refcount); 898 struct drm_device *dev = obj->dev; 899 900 if (obj->funcs) { 901 obj->funcs->free(obj); 902 } else if (dev->driver->gem_free_object_unlocked) { 903 dev->driver->gem_free_object_unlocked(obj); 904 } else if (dev->driver->gem_free_object) { 905 WARN_ON(!mutex_is_locked(&dev->struct_mutex)); 906 907 dev->driver->gem_free_object(obj); 908 } 909 } 910 EXPORT_SYMBOL(drm_gem_object_free); 911 912 /** 913 * drm_gem_object_put_unlocked - drop a GEM buffer object reference 914 * @obj: GEM buffer object 915 * 916 * This releases a reference to @obj. Callers must not hold the 917 * &drm_device.struct_mutex lock when calling this function. 918 * 919 * See also __drm_gem_object_put(). 920 */ 921 void 922 drm_gem_object_put_unlocked(struct drm_gem_object *obj) 923 { 924 struct drm_device *dev; 925 926 if (!obj) 927 return; 928 929 dev = obj->dev; 930 931 if (dev->driver->gem_free_object) { 932 might_lock(&dev->struct_mutex); 933 if (kref_put_mutex(&obj->refcount, drm_gem_object_free, 934 &dev->struct_mutex)) 935 mutex_unlock(&dev->struct_mutex); 936 } else { 937 kref_put(&obj->refcount, drm_gem_object_free); 938 } 939 } 940 EXPORT_SYMBOL(drm_gem_object_put_unlocked); 941 942 /** 943 * drm_gem_object_put - release a GEM buffer object reference 944 * @obj: GEM buffer object 945 * 946 * This releases a reference to @obj. Callers must hold the 947 * &drm_device.struct_mutex lock when calling this function, even when the 948 * driver doesn't use &drm_device.struct_mutex for anything. 949 * 950 * For drivers not encumbered with legacy locking use 951 * drm_gem_object_put_unlocked() instead. 952 */ 953 void 954 drm_gem_object_put(struct drm_gem_object *obj) 955 { 956 if (obj) { 957 WARN_ON(!mutex_is_locked(&obj->dev->struct_mutex)); 958 959 kref_put(&obj->refcount, drm_gem_object_free); 960 } 961 } 962 EXPORT_SYMBOL(drm_gem_object_put); 963 964 /** 965 * drm_gem_vm_open - vma->ops->open implementation for GEM 966 * @vma: VM area structure 967 * 968 * This function implements the #vm_operations_struct open() callback for GEM 969 * drivers. This must be used together with drm_gem_vm_close(). 970 */ 971 void drm_gem_vm_open(struct vm_area_struct *vma) 972 { 973 struct drm_gem_object *obj = vma->vm_private_data; 974 975 drm_gem_object_get(obj); 976 } 977 EXPORT_SYMBOL(drm_gem_vm_open); 978 979 /** 980 * drm_gem_vm_close - vma->ops->close implementation for GEM 981 * @vma: VM area structure 982 * 983 * This function implements the #vm_operations_struct close() callback for GEM 984 * drivers. This must be used together with drm_gem_vm_open(). 985 */ 986 void drm_gem_vm_close(struct vm_area_struct *vma) 987 { 988 struct drm_gem_object *obj = vma->vm_private_data; 989 990 drm_gem_object_put_unlocked(obj); 991 } 992 EXPORT_SYMBOL(drm_gem_vm_close); 993 994 /** 995 * drm_gem_mmap_obj - memory map a GEM object 996 * @obj: the GEM object to map 997 * @obj_size: the object size to be mapped, in bytes 998 * @vma: VMA for the area to be mapped 999 * 1000 * Set up the VMA to prepare mapping of the GEM object using the gem_vm_ops 1001 * provided by the driver. Depending on their requirements, drivers can either 1002 * provide a fault handler in their gem_vm_ops (in which case any accesses to 1003 * the object will be trapped, to perform migration, GTT binding, surface 1004 * register allocation, or performance monitoring), or mmap the buffer memory 1005 * synchronously after calling drm_gem_mmap_obj. 1006 * 1007 * This function is mainly intended to implement the DMABUF mmap operation, when 1008 * the GEM object is not looked up based on its fake offset. To implement the 1009 * DRM mmap operation, drivers should use the drm_gem_mmap() function. 1010 * 1011 * drm_gem_mmap_obj() assumes the user is granted access to the buffer while 1012 * drm_gem_mmap() prevents unprivileged users from mapping random objects. So 1013 * callers must verify access restrictions before calling this helper. 1014 * 1015 * Return 0 or success or -EINVAL if the object size is smaller than the VMA 1016 * size, or if no gem_vm_ops are provided. 1017 */ 1018 int drm_gem_mmap_obj(struct drm_gem_object *obj, unsigned long obj_size, 1019 struct vm_area_struct *vma) 1020 { 1021 struct drm_device *dev = obj->dev; 1022 1023 /* Check for valid size. */ 1024 if (obj_size < vma->vm_end - vma->vm_start) 1025 return -EINVAL; 1026 1027 if (obj->funcs && obj->funcs->vm_ops) 1028 vma->vm_ops = obj->funcs->vm_ops; 1029 else if (dev->driver->gem_vm_ops) 1030 vma->vm_ops = dev->driver->gem_vm_ops; 1031 else 1032 return -EINVAL; 1033 1034 vma->vm_flags |= VM_IO | VM_PFNMAP | VM_DONTEXPAND | VM_DONTDUMP; 1035 vma->vm_private_data = obj; 1036 vma->vm_page_prot = pgprot_writecombine(vm_get_page_prot(vma->vm_flags)); 1037 vma->vm_page_prot = pgprot_decrypted(vma->vm_page_prot); 1038 1039 /* Take a ref for this mapping of the object, so that the fault 1040 * handler can dereference the mmap offset's pointer to the object. 1041 * This reference is cleaned up by the corresponding vm_close 1042 * (which should happen whether the vma was created by this call, or 1043 * by a vm_open due to mremap or partial unmap or whatever). 1044 */ 1045 drm_gem_object_get(obj); 1046 1047 return 0; 1048 } 1049 EXPORT_SYMBOL(drm_gem_mmap_obj); 1050 1051 /** 1052 * drm_gem_mmap - memory map routine for GEM objects 1053 * @filp: DRM file pointer 1054 * @vma: VMA for the area to be mapped 1055 * 1056 * If a driver supports GEM object mapping, mmap calls on the DRM file 1057 * descriptor will end up here. 1058 * 1059 * Look up the GEM object based on the offset passed in (vma->vm_pgoff will 1060 * contain the fake offset we created when the GTT map ioctl was called on 1061 * the object) and map it with a call to drm_gem_mmap_obj(). 1062 * 1063 * If the caller is not granted access to the buffer object, the mmap will fail 1064 * with EACCES. Please see the vma manager for more information. 1065 */ 1066 int drm_gem_mmap(struct file *filp, struct vm_area_struct *vma) 1067 { 1068 struct drm_file *priv = filp->private_data; 1069 struct drm_device *dev = priv->minor->dev; 1070 struct drm_gem_object *obj = NULL; 1071 struct drm_vma_offset_node *node; 1072 int ret; 1073 1074 if (drm_dev_is_unplugged(dev)) 1075 return -ENODEV; 1076 1077 drm_vma_offset_lock_lookup(dev->vma_offset_manager); 1078 node = drm_vma_offset_exact_lookup_locked(dev->vma_offset_manager, 1079 vma->vm_pgoff, 1080 vma_pages(vma)); 1081 if (likely(node)) { 1082 obj = container_of(node, struct drm_gem_object, vma_node); 1083 /* 1084 * When the object is being freed, after it hits 0-refcnt it 1085 * proceeds to tear down the object. In the process it will 1086 * attempt to remove the VMA offset and so acquire this 1087 * mgr->vm_lock. Therefore if we find an object with a 0-refcnt 1088 * that matches our range, we know it is in the process of being 1089 * destroyed and will be freed as soon as we release the lock - 1090 * so we have to check for the 0-refcnted object and treat it as 1091 * invalid. 1092 */ 1093 if (!kref_get_unless_zero(&obj->refcount)) 1094 obj = NULL; 1095 } 1096 drm_vma_offset_unlock_lookup(dev->vma_offset_manager); 1097 1098 if (!obj) 1099 return -EINVAL; 1100 1101 if (!drm_vma_node_is_allowed(node, priv)) { 1102 drm_gem_object_put_unlocked(obj); 1103 return -EACCES; 1104 } 1105 1106 if (node->readonly) { 1107 if (vma->vm_flags & VM_WRITE) { 1108 drm_gem_object_put_unlocked(obj); 1109 return -EINVAL; 1110 } 1111 1112 vma->vm_flags &= ~VM_MAYWRITE; 1113 } 1114 1115 ret = drm_gem_mmap_obj(obj, drm_vma_node_size(node) << PAGE_SHIFT, 1116 vma); 1117 1118 drm_gem_object_put_unlocked(obj); 1119 1120 return ret; 1121 } 1122 EXPORT_SYMBOL(drm_gem_mmap); 1123 1124 void drm_gem_print_info(struct drm_printer *p, unsigned int indent, 1125 const struct drm_gem_object *obj) 1126 { 1127 drm_printf_indent(p, indent, "name=%d\n", obj->name); 1128 drm_printf_indent(p, indent, "refcount=%u\n", 1129 kref_read(&obj->refcount)); 1130 drm_printf_indent(p, indent, "start=%08lx\n", 1131 drm_vma_node_start(&obj->vma_node)); 1132 drm_printf_indent(p, indent, "size=%zu\n", obj->size); 1133 drm_printf_indent(p, indent, "imported=%s\n", 1134 obj->import_attach ? "yes" : "no"); 1135 1136 if (obj->funcs && obj->funcs->print_info) 1137 obj->funcs->print_info(p, indent, obj); 1138 else if (obj->dev->driver->gem_print_info) 1139 obj->dev->driver->gem_print_info(p, indent, obj); 1140 } 1141 1142 /** 1143 * drm_gem_pin - Pin backing buffer in memory 1144 * @obj: GEM object 1145 * 1146 * Make sure the backing buffer is pinned in memory. 1147 * 1148 * Returns: 1149 * 0 on success or a negative error code on failure. 1150 */ 1151 int drm_gem_pin(struct drm_gem_object *obj) 1152 { 1153 if (obj->funcs && obj->funcs->pin) 1154 return obj->funcs->pin(obj); 1155 else if (obj->dev->driver->gem_prime_pin) 1156 return obj->dev->driver->gem_prime_pin(obj); 1157 else 1158 return 0; 1159 } 1160 EXPORT_SYMBOL(drm_gem_pin); 1161 1162 /** 1163 * drm_gem_unpin - Unpin backing buffer from memory 1164 * @obj: GEM object 1165 * 1166 * Relax the requirement that the backing buffer is pinned in memory. 1167 */ 1168 void drm_gem_unpin(struct drm_gem_object *obj) 1169 { 1170 if (obj->funcs && obj->funcs->unpin) 1171 obj->funcs->unpin(obj); 1172 else if (obj->dev->driver->gem_prime_unpin) 1173 obj->dev->driver->gem_prime_unpin(obj); 1174 } 1175 EXPORT_SYMBOL(drm_gem_unpin); 1176 1177 /** 1178 * drm_gem_vmap - Map buffer into kernel virtual address space 1179 * @obj: GEM object 1180 * 1181 * Returns: 1182 * A virtual pointer to a newly created GEM object or an ERR_PTR-encoded negative 1183 * error code on failure. 1184 */ 1185 void *drm_gem_vmap(struct drm_gem_object *obj) 1186 { 1187 void *vaddr; 1188 1189 if (obj->funcs && obj->funcs->vmap) 1190 vaddr = obj->funcs->vmap(obj); 1191 else if (obj->dev->driver->gem_prime_vmap) 1192 vaddr = obj->dev->driver->gem_prime_vmap(obj); 1193 else 1194 vaddr = ERR_PTR(-EOPNOTSUPP); 1195 1196 if (!vaddr) 1197 vaddr = ERR_PTR(-ENOMEM); 1198 1199 return vaddr; 1200 } 1201 EXPORT_SYMBOL(drm_gem_vmap); 1202 1203 /** 1204 * drm_gem_vunmap - Remove buffer mapping from kernel virtual address space 1205 * @obj: GEM object 1206 * @vaddr: Virtual address (can be NULL) 1207 */ 1208 void drm_gem_vunmap(struct drm_gem_object *obj, void *vaddr) 1209 { 1210 if (!vaddr) 1211 return; 1212 1213 if (obj->funcs && obj->funcs->vunmap) 1214 obj->funcs->vunmap(obj, vaddr); 1215 else if (obj->dev->driver->gem_prime_vunmap) 1216 obj->dev->driver->gem_prime_vunmap(obj, vaddr); 1217 } 1218 EXPORT_SYMBOL(drm_gem_vunmap); 1219 1220 /** 1221 * drm_gem_lock_reservations - Sets up the ww context and acquires 1222 * the lock on an array of GEM objects. 1223 * 1224 * Once you've locked your reservations, you'll want to set up space 1225 * for your shared fences (if applicable), submit your job, then 1226 * drm_gem_unlock_reservations(). 1227 * 1228 * @objs: drm_gem_objects to lock 1229 * @count: Number of objects in @objs 1230 * @acquire_ctx: struct ww_acquire_ctx that will be initialized as 1231 * part of tracking this set of locked reservations. 1232 */ 1233 int 1234 drm_gem_lock_reservations(struct drm_gem_object **objs, int count, 1235 struct ww_acquire_ctx *acquire_ctx) 1236 { 1237 int contended = -1; 1238 int i, ret; 1239 1240 ww_acquire_init(acquire_ctx, &reservation_ww_class); 1241 1242 retry: 1243 if (contended != -1) { 1244 struct drm_gem_object *obj = objs[contended]; 1245 1246 ret = ww_mutex_lock_slow_interruptible(&obj->resv->lock, 1247 acquire_ctx); 1248 if (ret) { 1249 ww_acquire_done(acquire_ctx); 1250 return ret; 1251 } 1252 } 1253 1254 for (i = 0; i < count; i++) { 1255 if (i == contended) 1256 continue; 1257 1258 ret = ww_mutex_lock_interruptible(&objs[i]->resv->lock, 1259 acquire_ctx); 1260 if (ret) { 1261 int j; 1262 1263 for (j = 0; j < i; j++) 1264 ww_mutex_unlock(&objs[j]->resv->lock); 1265 1266 if (contended != -1 && contended >= i) 1267 ww_mutex_unlock(&objs[contended]->resv->lock); 1268 1269 if (ret == -EDEADLK) { 1270 contended = i; 1271 goto retry; 1272 } 1273 1274 ww_acquire_done(acquire_ctx); 1275 return ret; 1276 } 1277 } 1278 1279 ww_acquire_done(acquire_ctx); 1280 1281 return 0; 1282 } 1283 EXPORT_SYMBOL(drm_gem_lock_reservations); 1284 1285 void 1286 drm_gem_unlock_reservations(struct drm_gem_object **objs, int count, 1287 struct ww_acquire_ctx *acquire_ctx) 1288 { 1289 int i; 1290 1291 for (i = 0; i < count; i++) 1292 ww_mutex_unlock(&objs[i]->resv->lock); 1293 1294 ww_acquire_fini(acquire_ctx); 1295 } 1296 EXPORT_SYMBOL(drm_gem_unlock_reservations); 1297