1 /* 2 * SPDX-License-Identifier: MIT 3 * 4 * Copyright © 2012-2014 Intel Corporation 5 * 6 * Based on amdgpu_mn, which bears the following notice: 7 * 8 * Copyright 2014 Advanced Micro Devices, Inc. 9 * All Rights Reserved. 10 * 11 * Permission is hereby granted, free of charge, to any person obtaining a 12 * copy of this software and associated documentation files (the 13 * "Software"), to deal in the Software without restriction, including 14 * without limitation the rights to use, copy, modify, merge, publish, 15 * distribute, sub license, and/or sell copies of the Software, and to 16 * permit persons to whom the Software is furnished to do so, subject to 17 * the following conditions: 18 * 19 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 20 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 21 * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL 22 * THE COPYRIGHT HOLDERS, AUTHORS AND/OR ITS SUPPLIERS BE LIABLE FOR ANY CLAIM, 23 * DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR 24 * OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE 25 * USE OR OTHER DEALINGS IN THE SOFTWARE. 26 * 27 * The above copyright notice and this permission notice (including the 28 * next paragraph) shall be included in all copies or substantial portions 29 * of the Software. 30 * 31 */ 32 /* 33 * Authors: 34 * Christian König <christian.koenig@amd.com> 35 */ 36 37 #include <linux/mmu_context.h> 38 #include <linux/mempolicy.h> 39 #include <linux/swap.h> 40 #include <linux/sched/mm.h> 41 42 #include "i915_drv.h" 43 #include "i915_gem_ioctls.h" 44 #include "i915_gem_object.h" 45 #include "i915_gem_userptr.h" 46 #include "i915_scatterlist.h" 47 48 #ifdef CONFIG_MMU_NOTIFIER 49 50 /** 51 * i915_gem_userptr_invalidate - callback to notify about mm change 52 * 53 * @mni: the range (mm) is about to update 54 * @range: details on the invalidation 55 * @cur_seq: Value to pass to mmu_interval_set_seq() 56 * 57 * Block for operations on BOs to finish and mark pages as accessed and 58 * potentially dirty. 59 */ 60 static bool i915_gem_userptr_invalidate(struct mmu_interval_notifier *mni, 61 const struct mmu_notifier_range *range, 62 unsigned long cur_seq) 63 { 64 struct drm_i915_gem_object *obj = container_of(mni, struct drm_i915_gem_object, userptr.notifier); 65 struct drm_i915_private *i915 = to_i915(obj->base.dev); 66 long r; 67 68 if (!mmu_notifier_range_blockable(range)) 69 return false; 70 71 write_lock(&i915->mm.notifier_lock); 72 73 mmu_interval_set_seq(mni, cur_seq); 74 75 write_unlock(&i915->mm.notifier_lock); 76 77 /* 78 * We don't wait when the process is exiting. This is valid 79 * because the object will be cleaned up anyway. 80 * 81 * This is also temporarily required as a hack, because we 82 * cannot currently force non-consistent batch buffers to preempt 83 * and reschedule by waiting on it, hanging processes on exit. 84 */ 85 if (current->flags & PF_EXITING) 86 return true; 87 88 /* we will unbind on next submission, still have userptr pins */ 89 r = dma_resv_wait_timeout(obj->base.resv, DMA_RESV_USAGE_BOOKKEEP, false, 90 MAX_SCHEDULE_TIMEOUT); 91 if (r <= 0) 92 drm_err(&i915->drm, "(%ld) failed to wait for idle\n", r); 93 94 return true; 95 } 96 97 static const struct mmu_interval_notifier_ops i915_gem_userptr_notifier_ops = { 98 .invalidate = i915_gem_userptr_invalidate, 99 }; 100 101 static int 102 i915_gem_userptr_init__mmu_notifier(struct drm_i915_gem_object *obj) 103 { 104 return mmu_interval_notifier_insert(&obj->userptr.notifier, current->mm, 105 obj->userptr.ptr, obj->base.size, 106 &i915_gem_userptr_notifier_ops); 107 } 108 109 static void i915_gem_object_userptr_drop_ref(struct drm_i915_gem_object *obj) 110 { 111 struct page **pvec = NULL; 112 113 assert_object_held_shared(obj); 114 115 if (!--obj->userptr.page_ref) { 116 pvec = obj->userptr.pvec; 117 obj->userptr.pvec = NULL; 118 } 119 GEM_BUG_ON(obj->userptr.page_ref < 0); 120 121 if (pvec) { 122 const unsigned long num_pages = obj->base.size >> PAGE_SHIFT; 123 124 unpin_user_pages(pvec, num_pages); 125 kvfree(pvec); 126 } 127 } 128 129 static int i915_gem_userptr_get_pages(struct drm_i915_gem_object *obj) 130 { 131 unsigned int max_segment = i915_sg_segment_size(obj->base.dev->dev); 132 struct sg_table *st; 133 struct page **pvec; 134 unsigned int num_pages; /* limited by sg_alloc_table_from_pages_segment */ 135 int ret; 136 137 if (overflows_type(obj->base.size >> PAGE_SHIFT, num_pages)) 138 return -E2BIG; 139 140 num_pages = obj->base.size >> PAGE_SHIFT; 141 st = kmalloc(sizeof(*st), GFP_KERNEL); 142 if (!st) 143 return -ENOMEM; 144 145 if (!obj->userptr.page_ref) { 146 ret = -EAGAIN; 147 goto err_free; 148 } 149 150 obj->userptr.page_ref++; 151 pvec = obj->userptr.pvec; 152 153 alloc_table: 154 ret = sg_alloc_table_from_pages_segment(st, pvec, num_pages, 0, 155 num_pages << PAGE_SHIFT, 156 max_segment, GFP_KERNEL); 157 if (ret) 158 goto err; 159 160 ret = i915_gem_gtt_prepare_pages(obj, st); 161 if (ret) { 162 sg_free_table(st); 163 164 if (max_segment > PAGE_SIZE) { 165 max_segment = PAGE_SIZE; 166 goto alloc_table; 167 } 168 169 goto err; 170 } 171 172 WARN_ON_ONCE(!(obj->cache_coherent & I915_BO_CACHE_COHERENT_FOR_WRITE)); 173 if (i915_gem_object_can_bypass_llc(obj)) 174 obj->cache_dirty = true; 175 176 __i915_gem_object_set_pages(obj, st); 177 178 return 0; 179 180 err: 181 i915_gem_object_userptr_drop_ref(obj); 182 err_free: 183 kfree(st); 184 return ret; 185 } 186 187 static void 188 i915_gem_userptr_put_pages(struct drm_i915_gem_object *obj, 189 struct sg_table *pages) 190 { 191 struct sgt_iter sgt_iter; 192 struct page *page; 193 194 if (!pages) 195 return; 196 197 __i915_gem_object_release_shmem(obj, pages, true); 198 i915_gem_gtt_finish_pages(obj, pages); 199 200 /* 201 * We always mark objects as dirty when they are used by the GPU, 202 * just in case. However, if we set the vma as being read-only we know 203 * that the object will never have been written to. 204 */ 205 if (i915_gem_object_is_readonly(obj)) 206 obj->mm.dirty = false; 207 208 for_each_sgt_page(page, sgt_iter, pages) { 209 if (obj->mm.dirty && trylock_page(page)) { 210 /* 211 * As this may not be anonymous memory (e.g. shmem) 212 * but exist on a real mapping, we have to lock 213 * the page in order to dirty it -- holding 214 * the page reference is not sufficient to 215 * prevent the inode from being truncated. 216 * Play safe and take the lock. 217 * 218 * However...! 219 * 220 * The mmu-notifier can be invalidated for a 221 * migrate_folio, that is alreadying holding the lock 222 * on the folio. Such a try_to_unmap() will result 223 * in us calling put_pages() and so recursively try 224 * to lock the page. We avoid that deadlock with 225 * a trylock_page() and in exchange we risk missing 226 * some page dirtying. 227 */ 228 set_page_dirty(page); 229 unlock_page(page); 230 } 231 232 mark_page_accessed(page); 233 } 234 obj->mm.dirty = false; 235 236 sg_free_table(pages); 237 kfree(pages); 238 239 i915_gem_object_userptr_drop_ref(obj); 240 } 241 242 static int i915_gem_object_userptr_unbind(struct drm_i915_gem_object *obj) 243 { 244 struct sg_table *pages; 245 int err; 246 247 err = i915_gem_object_unbind(obj, I915_GEM_OBJECT_UNBIND_ACTIVE); 248 if (err) 249 return err; 250 251 if (GEM_WARN_ON(i915_gem_object_has_pinned_pages(obj))) 252 return -EBUSY; 253 254 assert_object_held(obj); 255 256 pages = __i915_gem_object_unset_pages(obj); 257 if (!IS_ERR_OR_NULL(pages)) 258 i915_gem_userptr_put_pages(obj, pages); 259 260 return err; 261 } 262 263 int i915_gem_object_userptr_submit_init(struct drm_i915_gem_object *obj) 264 { 265 const unsigned long num_pages = obj->base.size >> PAGE_SHIFT; 266 struct page **pvec; 267 unsigned int gup_flags = 0; 268 unsigned long notifier_seq; 269 int pinned, ret; 270 271 if (obj->userptr.notifier.mm != current->mm) 272 return -EFAULT; 273 274 notifier_seq = mmu_interval_read_begin(&obj->userptr.notifier); 275 276 ret = i915_gem_object_lock_interruptible(obj, NULL); 277 if (ret) 278 return ret; 279 280 if (notifier_seq == obj->userptr.notifier_seq && obj->userptr.pvec) { 281 i915_gem_object_unlock(obj); 282 return 0; 283 } 284 285 ret = i915_gem_object_userptr_unbind(obj); 286 i915_gem_object_unlock(obj); 287 if (ret) 288 return ret; 289 290 pvec = kvmalloc_array(num_pages, sizeof(struct page *), GFP_KERNEL); 291 if (!pvec) 292 return -ENOMEM; 293 294 if (!i915_gem_object_is_readonly(obj)) 295 gup_flags |= FOLL_WRITE; 296 297 pinned = 0; 298 while (pinned < num_pages) { 299 ret = pin_user_pages_fast(obj->userptr.ptr + pinned * PAGE_SIZE, 300 num_pages - pinned, gup_flags, 301 &pvec[pinned]); 302 if (ret < 0) 303 goto out; 304 305 pinned += ret; 306 } 307 308 ret = i915_gem_object_lock_interruptible(obj, NULL); 309 if (ret) 310 goto out; 311 312 if (mmu_interval_read_retry(&obj->userptr.notifier, 313 !obj->userptr.page_ref ? notifier_seq : 314 obj->userptr.notifier_seq)) { 315 ret = -EAGAIN; 316 goto out_unlock; 317 } 318 319 if (!obj->userptr.page_ref++) { 320 obj->userptr.pvec = pvec; 321 obj->userptr.notifier_seq = notifier_seq; 322 pvec = NULL; 323 ret = ____i915_gem_object_get_pages(obj); 324 } 325 326 obj->userptr.page_ref--; 327 328 out_unlock: 329 i915_gem_object_unlock(obj); 330 331 out: 332 if (pvec) { 333 unpin_user_pages(pvec, pinned); 334 kvfree(pvec); 335 } 336 337 return ret; 338 } 339 340 int i915_gem_object_userptr_submit_done(struct drm_i915_gem_object *obj) 341 { 342 if (mmu_interval_read_retry(&obj->userptr.notifier, 343 obj->userptr.notifier_seq)) { 344 /* We collided with the mmu notifier, need to retry */ 345 346 return -EAGAIN; 347 } 348 349 return 0; 350 } 351 352 int i915_gem_object_userptr_validate(struct drm_i915_gem_object *obj) 353 { 354 int err; 355 356 err = i915_gem_object_userptr_submit_init(obj); 357 if (err) 358 return err; 359 360 err = i915_gem_object_lock_interruptible(obj, NULL); 361 if (!err) { 362 /* 363 * Since we only check validity, not use the pages, 364 * it doesn't matter if we collide with the mmu notifier, 365 * and -EAGAIN handling is not required. 366 */ 367 err = i915_gem_object_pin_pages(obj); 368 if (!err) 369 i915_gem_object_unpin_pages(obj); 370 371 i915_gem_object_unlock(obj); 372 } 373 374 return err; 375 } 376 377 static void 378 i915_gem_userptr_release(struct drm_i915_gem_object *obj) 379 { 380 GEM_WARN_ON(obj->userptr.page_ref); 381 382 mmu_interval_notifier_remove(&obj->userptr.notifier); 383 obj->userptr.notifier.mm = NULL; 384 } 385 386 static int 387 i915_gem_userptr_dmabuf_export(struct drm_i915_gem_object *obj) 388 { 389 drm_dbg(obj->base.dev, "Exporting userptr no longer allowed\n"); 390 391 return -EINVAL; 392 } 393 394 static int 395 i915_gem_userptr_pwrite(struct drm_i915_gem_object *obj, 396 const struct drm_i915_gem_pwrite *args) 397 { 398 drm_dbg(obj->base.dev, "pwrite to userptr no longer allowed\n"); 399 400 return -EINVAL; 401 } 402 403 static int 404 i915_gem_userptr_pread(struct drm_i915_gem_object *obj, 405 const struct drm_i915_gem_pread *args) 406 { 407 drm_dbg(obj->base.dev, "pread from userptr no longer allowed\n"); 408 409 return -EINVAL; 410 } 411 412 static const struct drm_i915_gem_object_ops i915_gem_userptr_ops = { 413 .name = "i915_gem_object_userptr", 414 .flags = I915_GEM_OBJECT_IS_SHRINKABLE | 415 I915_GEM_OBJECT_NO_MMAP | 416 I915_GEM_OBJECT_IS_PROXY, 417 .get_pages = i915_gem_userptr_get_pages, 418 .put_pages = i915_gem_userptr_put_pages, 419 .dmabuf_export = i915_gem_userptr_dmabuf_export, 420 .pwrite = i915_gem_userptr_pwrite, 421 .pread = i915_gem_userptr_pread, 422 .release = i915_gem_userptr_release, 423 }; 424 425 #endif 426 427 static int 428 probe_range(struct mm_struct *mm, unsigned long addr, unsigned long len) 429 { 430 VMA_ITERATOR(vmi, mm, addr); 431 struct vm_area_struct *vma; 432 unsigned long end = addr + len; 433 434 mmap_read_lock(mm); 435 for_each_vma_range(vmi, vma, end) { 436 /* Check for holes, note that we also update the addr below */ 437 if (vma->vm_start > addr) 438 break; 439 440 if (vma->vm_flags & (VM_PFNMAP | VM_MIXEDMAP)) 441 break; 442 443 addr = vma->vm_end; 444 } 445 mmap_read_unlock(mm); 446 447 if (vma || addr < end) 448 return -EFAULT; 449 return 0; 450 } 451 452 /* 453 * Creates a new mm object that wraps some normal memory from the process 454 * context - user memory. 455 * 456 * We impose several restrictions upon the memory being mapped 457 * into the GPU. 458 * 1. It must be page aligned (both start/end addresses, i.e ptr and size). 459 * 2. It must be normal system memory, not a pointer into another map of IO 460 * space (e.g. it must not be a GTT mmapping of another object). 461 * 3. We only allow a bo as large as we could in theory map into the GTT, 462 * that is we limit the size to the total size of the GTT. 463 * 4. The bo is marked as being snoopable. The backing pages are left 464 * accessible directly by the CPU, but reads and writes by the GPU may 465 * incur the cost of a snoop (unless you have an LLC architecture). 466 * 467 * Synchronisation between multiple users and the GPU is left to userspace 468 * through the normal set-domain-ioctl. The kernel will enforce that the 469 * GPU relinquishes the VMA before it is returned back to the system 470 * i.e. upon free(), munmap() or process termination. However, the userspace 471 * malloc() library may not immediately relinquish the VMA after free() and 472 * instead reuse it whilst the GPU is still reading and writing to the VMA. 473 * Caveat emptor. 474 * 475 * Also note, that the object created here is not currently a "first class" 476 * object, in that several ioctls are banned. These are the CPU access 477 * ioctls: mmap(), pwrite and pread. In practice, you are expected to use 478 * direct access via your pointer rather than use those ioctls. Another 479 * restriction is that we do not allow userptr surfaces to be pinned to the 480 * hardware and so we reject any attempt to create a framebuffer out of a 481 * userptr. 482 * 483 * If you think this is a good interface to use to pass GPU memory between 484 * drivers, please use dma-buf instead. In fact, wherever possible use 485 * dma-buf instead. 486 */ 487 int 488 i915_gem_userptr_ioctl(struct drm_device *dev, 489 void *data, 490 struct drm_file *file) 491 { 492 static struct lock_class_key __maybe_unused lock_class; 493 struct drm_i915_private *dev_priv = to_i915(dev); 494 struct drm_i915_gem_userptr *args = data; 495 struct drm_i915_gem_object __maybe_unused *obj; 496 int __maybe_unused ret; 497 u32 __maybe_unused handle; 498 499 if (!HAS_LLC(dev_priv) && !HAS_SNOOP(dev_priv)) { 500 /* We cannot support coherent userptr objects on hw without 501 * LLC and broken snooping. 502 */ 503 return -ENODEV; 504 } 505 506 if (args->flags & ~(I915_USERPTR_READ_ONLY | 507 I915_USERPTR_UNSYNCHRONIZED | 508 I915_USERPTR_PROBE)) 509 return -EINVAL; 510 511 if (i915_gem_object_size_2big(args->user_size)) 512 return -E2BIG; 513 514 if (!args->user_size) 515 return -EINVAL; 516 517 if (offset_in_page(args->user_ptr | args->user_size)) 518 return -EINVAL; 519 520 if (!access_ok((char __user *)(unsigned long)args->user_ptr, args->user_size)) 521 return -EFAULT; 522 523 if (args->flags & I915_USERPTR_UNSYNCHRONIZED) 524 return -ENODEV; 525 526 if (args->flags & I915_USERPTR_READ_ONLY) { 527 /* 528 * On almost all of the older hw, we cannot tell the GPU that 529 * a page is readonly. 530 */ 531 if (!to_gt(dev_priv)->vm->has_read_only) 532 return -ENODEV; 533 } 534 535 if (args->flags & I915_USERPTR_PROBE) { 536 /* 537 * Check that the range pointed to represents real struct 538 * pages and not iomappings (at this moment in time!) 539 */ 540 ret = probe_range(current->mm, args->user_ptr, args->user_size); 541 if (ret) 542 return ret; 543 } 544 545 #ifdef CONFIG_MMU_NOTIFIER 546 obj = i915_gem_object_alloc(); 547 if (obj == NULL) 548 return -ENOMEM; 549 550 drm_gem_private_object_init(dev, &obj->base, args->user_size); 551 i915_gem_object_init(obj, &i915_gem_userptr_ops, &lock_class, 552 I915_BO_ALLOC_USER); 553 obj->mem_flags = I915_BO_FLAG_STRUCT_PAGE; 554 obj->read_domains = I915_GEM_DOMAIN_CPU; 555 obj->write_domain = I915_GEM_DOMAIN_CPU; 556 i915_gem_object_set_cache_coherency(obj, I915_CACHE_LLC); 557 558 obj->userptr.ptr = args->user_ptr; 559 obj->userptr.notifier_seq = ULONG_MAX; 560 if (args->flags & I915_USERPTR_READ_ONLY) 561 i915_gem_object_set_readonly(obj); 562 563 /* And keep a pointer to the current->mm for resolving the user pages 564 * at binding. This means that we need to hook into the mmu_notifier 565 * in order to detect if the mmu is destroyed. 566 */ 567 ret = i915_gem_userptr_init__mmu_notifier(obj); 568 if (ret == 0) 569 ret = drm_gem_handle_create(file, &obj->base, &handle); 570 571 /* drop reference from allocate - handle holds it now */ 572 i915_gem_object_put(obj); 573 if (ret) 574 return ret; 575 576 args->handle = handle; 577 return 0; 578 #else 579 return -ENODEV; 580 #endif 581 } 582 583 int i915_gem_init_userptr(struct drm_i915_private *dev_priv) 584 { 585 #ifdef CONFIG_MMU_NOTIFIER 586 rwlock_init(&dev_priv->mm.notifier_lock); 587 #endif 588 589 return 0; 590 } 591 592 void i915_gem_cleanup_userptr(struct drm_i915_private *dev_priv) 593 { 594 } 595