1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Copyright (C) 2013 Red Hat 4 * Author: Rob Clark <robdclark@gmail.com> 5 */ 6 7 #include <linux/dma-map-ops.h> 8 #include <linux/spinlock.h> 9 #include <linux/shmem_fs.h> 10 #include <linux/dma-buf.h> 11 #include <linux/pfn_t.h> 12 13 #include <drm/drm_prime.h> 14 15 #include "msm_drv.h" 16 #include "msm_fence.h" 17 #include "msm_gem.h" 18 #include "msm_gpu.h" 19 #include "msm_mmu.h" 20 21 static void msm_gem_vunmap_locked(struct drm_gem_object *obj); 22 23 24 static dma_addr_t physaddr(struct drm_gem_object *obj) 25 { 26 struct msm_gem_object *msm_obj = to_msm_bo(obj); 27 struct msm_drm_private *priv = obj->dev->dev_private; 28 return (((dma_addr_t)msm_obj->vram_node->start) << PAGE_SHIFT) + 29 priv->vram.paddr; 30 } 31 32 static bool use_pages(struct drm_gem_object *obj) 33 { 34 struct msm_gem_object *msm_obj = to_msm_bo(obj); 35 return !msm_obj->vram_node; 36 } 37 38 /* 39 * Cache sync.. this is a bit over-complicated, to fit dma-mapping 40 * API. Really GPU cache is out of scope here (handled on cmdstream) 41 * and all we need to do is invalidate newly allocated pages before 42 * mapping to CPU as uncached/writecombine. 43 * 44 * On top of this, we have the added headache, that depending on 45 * display generation, the display's iommu may be wired up to either 46 * the toplevel drm device (mdss), or to the mdp sub-node, meaning 47 * that here we either have dma-direct or iommu ops. 48 * 49 * Let this be a cautionary tail of abstraction gone wrong. 50 */ 51 52 static void sync_for_device(struct msm_gem_object *msm_obj) 53 { 54 struct device *dev = msm_obj->base.dev->dev; 55 56 if (get_dma_ops(dev) && IS_ENABLED(CONFIG_ARM64)) { 57 dma_sync_sg_for_device(dev, msm_obj->sgt->sgl, 58 msm_obj->sgt->nents, DMA_BIDIRECTIONAL); 59 } else { 60 dma_map_sg(dev, msm_obj->sgt->sgl, 61 msm_obj->sgt->nents, DMA_BIDIRECTIONAL); 62 } 63 } 64 65 static void sync_for_cpu(struct msm_gem_object *msm_obj) 66 { 67 struct device *dev = msm_obj->base.dev->dev; 68 69 if (get_dma_ops(dev) && IS_ENABLED(CONFIG_ARM64)) { 70 dma_sync_sg_for_cpu(dev, msm_obj->sgt->sgl, 71 msm_obj->sgt->nents, DMA_BIDIRECTIONAL); 72 } else { 73 dma_unmap_sg(dev, msm_obj->sgt->sgl, 74 msm_obj->sgt->nents, DMA_BIDIRECTIONAL); 75 } 76 } 77 78 /* allocate pages from VRAM carveout, used when no IOMMU: */ 79 static struct page **get_pages_vram(struct drm_gem_object *obj, int npages) 80 { 81 struct msm_gem_object *msm_obj = to_msm_bo(obj); 82 struct msm_drm_private *priv = obj->dev->dev_private; 83 dma_addr_t paddr; 84 struct page **p; 85 int ret, i; 86 87 p = kvmalloc_array(npages, sizeof(struct page *), GFP_KERNEL); 88 if (!p) 89 return ERR_PTR(-ENOMEM); 90 91 spin_lock(&priv->vram.lock); 92 ret = drm_mm_insert_node(&priv->vram.mm, msm_obj->vram_node, npages); 93 spin_unlock(&priv->vram.lock); 94 if (ret) { 95 kvfree(p); 96 return ERR_PTR(ret); 97 } 98 99 paddr = physaddr(obj); 100 for (i = 0; i < npages; i++) { 101 p[i] = phys_to_page(paddr); 102 paddr += PAGE_SIZE; 103 } 104 105 return p; 106 } 107 108 static struct page **get_pages(struct drm_gem_object *obj) 109 { 110 struct msm_gem_object *msm_obj = to_msm_bo(obj); 111 112 if (!msm_obj->pages) { 113 struct drm_device *dev = obj->dev; 114 struct page **p; 115 int npages = obj->size >> PAGE_SHIFT; 116 117 if (use_pages(obj)) 118 p = drm_gem_get_pages(obj); 119 else 120 p = get_pages_vram(obj, npages); 121 122 if (IS_ERR(p)) { 123 DRM_DEV_ERROR(dev->dev, "could not get pages: %ld\n", 124 PTR_ERR(p)); 125 return p; 126 } 127 128 msm_obj->pages = p; 129 130 msm_obj->sgt = drm_prime_pages_to_sg(p, npages); 131 if (IS_ERR(msm_obj->sgt)) { 132 void *ptr = ERR_CAST(msm_obj->sgt); 133 134 DRM_DEV_ERROR(dev->dev, "failed to allocate sgt\n"); 135 msm_obj->sgt = NULL; 136 return ptr; 137 } 138 139 /* For non-cached buffers, ensure the new pages are clean 140 * because display controller, GPU, etc. are not coherent: 141 */ 142 if (msm_obj->flags & (MSM_BO_WC|MSM_BO_UNCACHED)) 143 sync_for_device(msm_obj); 144 } 145 146 return msm_obj->pages; 147 } 148 149 static void put_pages_vram(struct drm_gem_object *obj) 150 { 151 struct msm_gem_object *msm_obj = to_msm_bo(obj); 152 struct msm_drm_private *priv = obj->dev->dev_private; 153 154 spin_lock(&priv->vram.lock); 155 drm_mm_remove_node(msm_obj->vram_node); 156 spin_unlock(&priv->vram.lock); 157 158 kvfree(msm_obj->pages); 159 } 160 161 static void put_pages(struct drm_gem_object *obj) 162 { 163 struct msm_gem_object *msm_obj = to_msm_bo(obj); 164 165 if (msm_obj->pages) { 166 if (msm_obj->sgt) { 167 /* For non-cached buffers, ensure the new 168 * pages are clean because display controller, 169 * GPU, etc. are not coherent: 170 */ 171 if (msm_obj->flags & (MSM_BO_WC|MSM_BO_UNCACHED)) 172 sync_for_cpu(msm_obj); 173 174 sg_free_table(msm_obj->sgt); 175 kfree(msm_obj->sgt); 176 } 177 178 if (use_pages(obj)) 179 drm_gem_put_pages(obj, msm_obj->pages, true, false); 180 else 181 put_pages_vram(obj); 182 183 msm_obj->pages = NULL; 184 } 185 } 186 187 struct page **msm_gem_get_pages(struct drm_gem_object *obj) 188 { 189 struct msm_gem_object *msm_obj = to_msm_bo(obj); 190 struct page **p; 191 192 mutex_lock(&msm_obj->lock); 193 194 if (WARN_ON(msm_obj->madv != MSM_MADV_WILLNEED)) { 195 mutex_unlock(&msm_obj->lock); 196 return ERR_PTR(-EBUSY); 197 } 198 199 p = get_pages(obj); 200 mutex_unlock(&msm_obj->lock); 201 return p; 202 } 203 204 void msm_gem_put_pages(struct drm_gem_object *obj) 205 { 206 /* when we start tracking the pin count, then do something here */ 207 } 208 209 int msm_gem_mmap_obj(struct drm_gem_object *obj, 210 struct vm_area_struct *vma) 211 { 212 struct msm_gem_object *msm_obj = to_msm_bo(obj); 213 214 vma->vm_flags &= ~VM_PFNMAP; 215 vma->vm_flags |= VM_MIXEDMAP; 216 217 if (msm_obj->flags & MSM_BO_WC) { 218 vma->vm_page_prot = pgprot_writecombine(vm_get_page_prot(vma->vm_flags)); 219 } else if (msm_obj->flags & MSM_BO_UNCACHED) { 220 vma->vm_page_prot = pgprot_noncached(vm_get_page_prot(vma->vm_flags)); 221 } else { 222 /* 223 * Shunt off cached objs to shmem file so they have their own 224 * address_space (so unmap_mapping_range does what we want, 225 * in particular in the case of mmap'd dmabufs) 226 */ 227 fput(vma->vm_file); 228 get_file(obj->filp); 229 vma->vm_pgoff = 0; 230 vma->vm_file = obj->filp; 231 232 vma->vm_page_prot = vm_get_page_prot(vma->vm_flags); 233 } 234 235 return 0; 236 } 237 238 int msm_gem_mmap(struct file *filp, struct vm_area_struct *vma) 239 { 240 int ret; 241 242 ret = drm_gem_mmap(filp, vma); 243 if (ret) { 244 DBG("mmap failed: %d", ret); 245 return ret; 246 } 247 248 return msm_gem_mmap_obj(vma->vm_private_data, vma); 249 } 250 251 vm_fault_t msm_gem_fault(struct vm_fault *vmf) 252 { 253 struct vm_area_struct *vma = vmf->vma; 254 struct drm_gem_object *obj = vma->vm_private_data; 255 struct msm_gem_object *msm_obj = to_msm_bo(obj); 256 struct page **pages; 257 unsigned long pfn; 258 pgoff_t pgoff; 259 int err; 260 vm_fault_t ret; 261 262 /* 263 * vm_ops.open/drm_gem_mmap_obj and close get and put 264 * a reference on obj. So, we dont need to hold one here. 265 */ 266 err = mutex_lock_interruptible(&msm_obj->lock); 267 if (err) { 268 ret = VM_FAULT_NOPAGE; 269 goto out; 270 } 271 272 if (WARN_ON(msm_obj->madv != MSM_MADV_WILLNEED)) { 273 mutex_unlock(&msm_obj->lock); 274 return VM_FAULT_SIGBUS; 275 } 276 277 /* make sure we have pages attached now */ 278 pages = get_pages(obj); 279 if (IS_ERR(pages)) { 280 ret = vmf_error(PTR_ERR(pages)); 281 goto out_unlock; 282 } 283 284 /* We don't use vmf->pgoff since that has the fake offset: */ 285 pgoff = (vmf->address - vma->vm_start) >> PAGE_SHIFT; 286 287 pfn = page_to_pfn(pages[pgoff]); 288 289 VERB("Inserting %p pfn %lx, pa %lx", (void *)vmf->address, 290 pfn, pfn << PAGE_SHIFT); 291 292 ret = vmf_insert_mixed(vma, vmf->address, __pfn_to_pfn_t(pfn, PFN_DEV)); 293 out_unlock: 294 mutex_unlock(&msm_obj->lock); 295 out: 296 return ret; 297 } 298 299 /** get mmap offset */ 300 static uint64_t mmap_offset(struct drm_gem_object *obj) 301 { 302 struct drm_device *dev = obj->dev; 303 struct msm_gem_object *msm_obj = to_msm_bo(obj); 304 int ret; 305 306 WARN_ON(!mutex_is_locked(&msm_obj->lock)); 307 308 /* Make it mmapable */ 309 ret = drm_gem_create_mmap_offset(obj); 310 311 if (ret) { 312 DRM_DEV_ERROR(dev->dev, "could not allocate mmap offset\n"); 313 return 0; 314 } 315 316 return drm_vma_node_offset_addr(&obj->vma_node); 317 } 318 319 uint64_t msm_gem_mmap_offset(struct drm_gem_object *obj) 320 { 321 uint64_t offset; 322 struct msm_gem_object *msm_obj = to_msm_bo(obj); 323 324 mutex_lock(&msm_obj->lock); 325 offset = mmap_offset(obj); 326 mutex_unlock(&msm_obj->lock); 327 return offset; 328 } 329 330 static struct msm_gem_vma *add_vma(struct drm_gem_object *obj, 331 struct msm_gem_address_space *aspace) 332 { 333 struct msm_gem_object *msm_obj = to_msm_bo(obj); 334 struct msm_gem_vma *vma; 335 336 WARN_ON(!mutex_is_locked(&msm_obj->lock)); 337 338 vma = kzalloc(sizeof(*vma), GFP_KERNEL); 339 if (!vma) 340 return ERR_PTR(-ENOMEM); 341 342 vma->aspace = aspace; 343 344 list_add_tail(&vma->list, &msm_obj->vmas); 345 346 return vma; 347 } 348 349 static struct msm_gem_vma *lookup_vma(struct drm_gem_object *obj, 350 struct msm_gem_address_space *aspace) 351 { 352 struct msm_gem_object *msm_obj = to_msm_bo(obj); 353 struct msm_gem_vma *vma; 354 355 WARN_ON(!mutex_is_locked(&msm_obj->lock)); 356 357 list_for_each_entry(vma, &msm_obj->vmas, list) { 358 if (vma->aspace == aspace) 359 return vma; 360 } 361 362 return NULL; 363 } 364 365 static void del_vma(struct msm_gem_vma *vma) 366 { 367 if (!vma) 368 return; 369 370 list_del(&vma->list); 371 kfree(vma); 372 } 373 374 /* Called with msm_obj->lock locked */ 375 static void 376 put_iova(struct drm_gem_object *obj) 377 { 378 struct msm_gem_object *msm_obj = to_msm_bo(obj); 379 struct msm_gem_vma *vma, *tmp; 380 381 WARN_ON(!mutex_is_locked(&msm_obj->lock)); 382 383 list_for_each_entry_safe(vma, tmp, &msm_obj->vmas, list) { 384 if (vma->aspace) { 385 msm_gem_purge_vma(vma->aspace, vma); 386 msm_gem_close_vma(vma->aspace, vma); 387 } 388 del_vma(vma); 389 } 390 } 391 392 static int msm_gem_get_iova_locked(struct drm_gem_object *obj, 393 struct msm_gem_address_space *aspace, uint64_t *iova, 394 u64 range_start, u64 range_end) 395 { 396 struct msm_gem_object *msm_obj = to_msm_bo(obj); 397 struct msm_gem_vma *vma; 398 int ret = 0; 399 400 WARN_ON(!mutex_is_locked(&msm_obj->lock)); 401 402 vma = lookup_vma(obj, aspace); 403 404 if (!vma) { 405 vma = add_vma(obj, aspace); 406 if (IS_ERR(vma)) 407 return PTR_ERR(vma); 408 409 ret = msm_gem_init_vma(aspace, vma, obj->size >> PAGE_SHIFT, 410 range_start, range_end); 411 if (ret) { 412 del_vma(vma); 413 return ret; 414 } 415 } 416 417 *iova = vma->iova; 418 return 0; 419 } 420 421 static int msm_gem_pin_iova(struct drm_gem_object *obj, 422 struct msm_gem_address_space *aspace) 423 { 424 struct msm_gem_object *msm_obj = to_msm_bo(obj); 425 struct msm_gem_vma *vma; 426 struct page **pages; 427 int prot = IOMMU_READ; 428 429 if (!(msm_obj->flags & MSM_BO_GPU_READONLY)) 430 prot |= IOMMU_WRITE; 431 432 if (msm_obj->flags & MSM_BO_MAP_PRIV) 433 prot |= IOMMU_PRIV; 434 435 WARN_ON(!mutex_is_locked(&msm_obj->lock)); 436 437 if (WARN_ON(msm_obj->madv != MSM_MADV_WILLNEED)) 438 return -EBUSY; 439 440 vma = lookup_vma(obj, aspace); 441 if (WARN_ON(!vma)) 442 return -EINVAL; 443 444 pages = get_pages(obj); 445 if (IS_ERR(pages)) 446 return PTR_ERR(pages); 447 448 return msm_gem_map_vma(aspace, vma, prot, 449 msm_obj->sgt, obj->size >> PAGE_SHIFT); 450 } 451 452 /* 453 * get iova and pin it. Should have a matching put 454 * limits iova to specified range (in pages) 455 */ 456 int msm_gem_get_and_pin_iova_range(struct drm_gem_object *obj, 457 struct msm_gem_address_space *aspace, uint64_t *iova, 458 u64 range_start, u64 range_end) 459 { 460 struct msm_gem_object *msm_obj = to_msm_bo(obj); 461 u64 local; 462 int ret; 463 464 mutex_lock(&msm_obj->lock); 465 466 ret = msm_gem_get_iova_locked(obj, aspace, &local, 467 range_start, range_end); 468 469 if (!ret) 470 ret = msm_gem_pin_iova(obj, aspace); 471 472 if (!ret) 473 *iova = local; 474 475 mutex_unlock(&msm_obj->lock); 476 return ret; 477 } 478 479 /* get iova and pin it. Should have a matching put */ 480 int msm_gem_get_and_pin_iova(struct drm_gem_object *obj, 481 struct msm_gem_address_space *aspace, uint64_t *iova) 482 { 483 return msm_gem_get_and_pin_iova_range(obj, aspace, iova, 0, U64_MAX); 484 } 485 486 /* 487 * Get an iova but don't pin it. Doesn't need a put because iovas are currently 488 * valid for the life of the object 489 */ 490 int msm_gem_get_iova(struct drm_gem_object *obj, 491 struct msm_gem_address_space *aspace, uint64_t *iova) 492 { 493 struct msm_gem_object *msm_obj = to_msm_bo(obj); 494 int ret; 495 496 mutex_lock(&msm_obj->lock); 497 ret = msm_gem_get_iova_locked(obj, aspace, iova, 0, U64_MAX); 498 mutex_unlock(&msm_obj->lock); 499 500 return ret; 501 } 502 503 /* get iova without taking a reference, used in places where you have 504 * already done a 'msm_gem_get_and_pin_iova' or 'msm_gem_get_iova' 505 */ 506 uint64_t msm_gem_iova(struct drm_gem_object *obj, 507 struct msm_gem_address_space *aspace) 508 { 509 struct msm_gem_object *msm_obj = to_msm_bo(obj); 510 struct msm_gem_vma *vma; 511 512 mutex_lock(&msm_obj->lock); 513 vma = lookup_vma(obj, aspace); 514 mutex_unlock(&msm_obj->lock); 515 WARN_ON(!vma); 516 517 return vma ? vma->iova : 0; 518 } 519 520 /* 521 * Unpin a iova by updating the reference counts. The memory isn't actually 522 * purged until something else (shrinker, mm_notifier, destroy, etc) decides 523 * to get rid of it 524 */ 525 void msm_gem_unpin_iova(struct drm_gem_object *obj, 526 struct msm_gem_address_space *aspace) 527 { 528 struct msm_gem_object *msm_obj = to_msm_bo(obj); 529 struct msm_gem_vma *vma; 530 531 mutex_lock(&msm_obj->lock); 532 vma = lookup_vma(obj, aspace); 533 534 if (!WARN_ON(!vma)) 535 msm_gem_unmap_vma(aspace, vma); 536 537 mutex_unlock(&msm_obj->lock); 538 } 539 540 int msm_gem_dumb_create(struct drm_file *file, struct drm_device *dev, 541 struct drm_mode_create_dumb *args) 542 { 543 args->pitch = align_pitch(args->width, args->bpp); 544 args->size = PAGE_ALIGN(args->pitch * args->height); 545 return msm_gem_new_handle(dev, file, args->size, 546 MSM_BO_SCANOUT | MSM_BO_WC, &args->handle, "dumb"); 547 } 548 549 int msm_gem_dumb_map_offset(struct drm_file *file, struct drm_device *dev, 550 uint32_t handle, uint64_t *offset) 551 { 552 struct drm_gem_object *obj; 553 int ret = 0; 554 555 /* GEM does all our handle to object mapping */ 556 obj = drm_gem_object_lookup(file, handle); 557 if (obj == NULL) { 558 ret = -ENOENT; 559 goto fail; 560 } 561 562 *offset = msm_gem_mmap_offset(obj); 563 564 drm_gem_object_put(obj); 565 566 fail: 567 return ret; 568 } 569 570 static void *get_vaddr(struct drm_gem_object *obj, unsigned madv) 571 { 572 struct msm_gem_object *msm_obj = to_msm_bo(obj); 573 int ret = 0; 574 575 if (obj->import_attach) 576 return ERR_PTR(-ENODEV); 577 578 mutex_lock(&msm_obj->lock); 579 580 if (WARN_ON(msm_obj->madv > madv)) { 581 DRM_DEV_ERROR(obj->dev->dev, "Invalid madv state: %u vs %u\n", 582 msm_obj->madv, madv); 583 mutex_unlock(&msm_obj->lock); 584 return ERR_PTR(-EBUSY); 585 } 586 587 /* increment vmap_count *before* vmap() call, so shrinker can 588 * check vmap_count (is_vunmapable()) outside of msm_obj->lock. 589 * This guarantees that we won't try to msm_gem_vunmap() this 590 * same object from within the vmap() call (while we already 591 * hold msm_obj->lock) 592 */ 593 msm_obj->vmap_count++; 594 595 if (!msm_obj->vaddr) { 596 struct page **pages = get_pages(obj); 597 if (IS_ERR(pages)) { 598 ret = PTR_ERR(pages); 599 goto fail; 600 } 601 msm_obj->vaddr = vmap(pages, obj->size >> PAGE_SHIFT, 602 VM_MAP, pgprot_writecombine(PAGE_KERNEL)); 603 if (msm_obj->vaddr == NULL) { 604 ret = -ENOMEM; 605 goto fail; 606 } 607 } 608 609 mutex_unlock(&msm_obj->lock); 610 return msm_obj->vaddr; 611 612 fail: 613 msm_obj->vmap_count--; 614 mutex_unlock(&msm_obj->lock); 615 return ERR_PTR(ret); 616 } 617 618 void *msm_gem_get_vaddr(struct drm_gem_object *obj) 619 { 620 return get_vaddr(obj, MSM_MADV_WILLNEED); 621 } 622 623 /* 624 * Don't use this! It is for the very special case of dumping 625 * submits from GPU hangs or faults, were the bo may already 626 * be MSM_MADV_DONTNEED, but we know the buffer is still on the 627 * active list. 628 */ 629 void *msm_gem_get_vaddr_active(struct drm_gem_object *obj) 630 { 631 return get_vaddr(obj, __MSM_MADV_PURGED); 632 } 633 634 void msm_gem_put_vaddr(struct drm_gem_object *obj) 635 { 636 struct msm_gem_object *msm_obj = to_msm_bo(obj); 637 638 mutex_lock(&msm_obj->lock); 639 WARN_ON(msm_obj->vmap_count < 1); 640 msm_obj->vmap_count--; 641 mutex_unlock(&msm_obj->lock); 642 } 643 644 /* Update madvise status, returns true if not purged, else 645 * false or -errno. 646 */ 647 int msm_gem_madvise(struct drm_gem_object *obj, unsigned madv) 648 { 649 struct msm_gem_object *msm_obj = to_msm_bo(obj); 650 651 mutex_lock(&msm_obj->lock); 652 653 WARN_ON(!mutex_is_locked(&obj->dev->struct_mutex)); 654 655 if (msm_obj->madv != __MSM_MADV_PURGED) 656 msm_obj->madv = madv; 657 658 madv = msm_obj->madv; 659 660 mutex_unlock(&msm_obj->lock); 661 662 return (madv != __MSM_MADV_PURGED); 663 } 664 665 void msm_gem_purge(struct drm_gem_object *obj, enum msm_gem_lock subclass) 666 { 667 struct drm_device *dev = obj->dev; 668 struct msm_gem_object *msm_obj = to_msm_bo(obj); 669 670 WARN_ON(!mutex_is_locked(&dev->struct_mutex)); 671 WARN_ON(!is_purgeable(msm_obj)); 672 WARN_ON(obj->import_attach); 673 674 mutex_lock_nested(&msm_obj->lock, subclass); 675 676 put_iova(obj); 677 678 msm_gem_vunmap_locked(obj); 679 680 put_pages(obj); 681 682 msm_obj->madv = __MSM_MADV_PURGED; 683 684 drm_vma_node_unmap(&obj->vma_node, dev->anon_inode->i_mapping); 685 drm_gem_free_mmap_offset(obj); 686 687 /* Our goal here is to return as much of the memory as 688 * is possible back to the system as we are called from OOM. 689 * To do this we must instruct the shmfs to drop all of its 690 * backing pages, *now*. 691 */ 692 shmem_truncate_range(file_inode(obj->filp), 0, (loff_t)-1); 693 694 invalidate_mapping_pages(file_inode(obj->filp)->i_mapping, 695 0, (loff_t)-1); 696 697 mutex_unlock(&msm_obj->lock); 698 } 699 700 static void msm_gem_vunmap_locked(struct drm_gem_object *obj) 701 { 702 struct msm_gem_object *msm_obj = to_msm_bo(obj); 703 704 WARN_ON(!mutex_is_locked(&msm_obj->lock)); 705 706 if (!msm_obj->vaddr || WARN_ON(!is_vunmapable(msm_obj))) 707 return; 708 709 vunmap(msm_obj->vaddr); 710 msm_obj->vaddr = NULL; 711 } 712 713 void msm_gem_vunmap(struct drm_gem_object *obj, enum msm_gem_lock subclass) 714 { 715 struct msm_gem_object *msm_obj = to_msm_bo(obj); 716 717 mutex_lock_nested(&msm_obj->lock, subclass); 718 msm_gem_vunmap_locked(obj); 719 mutex_unlock(&msm_obj->lock); 720 } 721 722 /* must be called before _move_to_active().. */ 723 int msm_gem_sync_object(struct drm_gem_object *obj, 724 struct msm_fence_context *fctx, bool exclusive) 725 { 726 struct dma_resv_list *fobj; 727 struct dma_fence *fence; 728 int i, ret; 729 730 fobj = dma_resv_get_list(obj->resv); 731 if (!fobj || (fobj->shared_count == 0)) { 732 fence = dma_resv_get_excl(obj->resv); 733 /* don't need to wait on our own fences, since ring is fifo */ 734 if (fence && (fence->context != fctx->context)) { 735 ret = dma_fence_wait(fence, true); 736 if (ret) 737 return ret; 738 } 739 } 740 741 if (!exclusive || !fobj) 742 return 0; 743 744 for (i = 0; i < fobj->shared_count; i++) { 745 fence = rcu_dereference_protected(fobj->shared[i], 746 dma_resv_held(obj->resv)); 747 if (fence->context != fctx->context) { 748 ret = dma_fence_wait(fence, true); 749 if (ret) 750 return ret; 751 } 752 } 753 754 return 0; 755 } 756 757 void msm_gem_move_to_active(struct drm_gem_object *obj, 758 struct msm_gpu *gpu, bool exclusive, struct dma_fence *fence) 759 { 760 struct msm_gem_object *msm_obj = to_msm_bo(obj); 761 WARN_ON(msm_obj->madv != MSM_MADV_WILLNEED); 762 msm_obj->gpu = gpu; 763 if (exclusive) 764 dma_resv_add_excl_fence(obj->resv, fence); 765 else 766 dma_resv_add_shared_fence(obj->resv, fence); 767 list_del_init(&msm_obj->mm_list); 768 list_add_tail(&msm_obj->mm_list, &gpu->active_list); 769 } 770 771 void msm_gem_move_to_inactive(struct drm_gem_object *obj) 772 { 773 struct drm_device *dev = obj->dev; 774 struct msm_drm_private *priv = dev->dev_private; 775 struct msm_gem_object *msm_obj = to_msm_bo(obj); 776 777 WARN_ON(!mutex_is_locked(&dev->struct_mutex)); 778 779 msm_obj->gpu = NULL; 780 list_del_init(&msm_obj->mm_list); 781 list_add_tail(&msm_obj->mm_list, &priv->inactive_list); 782 } 783 784 int msm_gem_cpu_prep(struct drm_gem_object *obj, uint32_t op, ktime_t *timeout) 785 { 786 bool write = !!(op & MSM_PREP_WRITE); 787 unsigned long remain = 788 op & MSM_PREP_NOSYNC ? 0 : timeout_to_jiffies(timeout); 789 long ret; 790 791 ret = dma_resv_wait_timeout_rcu(obj->resv, write, 792 true, remain); 793 if (ret == 0) 794 return remain == 0 ? -EBUSY : -ETIMEDOUT; 795 else if (ret < 0) 796 return ret; 797 798 /* TODO cache maintenance */ 799 800 return 0; 801 } 802 803 int msm_gem_cpu_fini(struct drm_gem_object *obj) 804 { 805 /* TODO cache maintenance */ 806 return 0; 807 } 808 809 #ifdef CONFIG_DEBUG_FS 810 static void describe_fence(struct dma_fence *fence, const char *type, 811 struct seq_file *m) 812 { 813 if (!dma_fence_is_signaled(fence)) 814 seq_printf(m, "\t%9s: %s %s seq %llu\n", type, 815 fence->ops->get_driver_name(fence), 816 fence->ops->get_timeline_name(fence), 817 fence->seqno); 818 } 819 820 void msm_gem_describe(struct drm_gem_object *obj, struct seq_file *m) 821 { 822 struct msm_gem_object *msm_obj = to_msm_bo(obj); 823 struct dma_resv *robj = obj->resv; 824 struct dma_resv_list *fobj; 825 struct dma_fence *fence; 826 struct msm_gem_vma *vma; 827 uint64_t off = drm_vma_node_start(&obj->vma_node); 828 const char *madv; 829 830 mutex_lock(&msm_obj->lock); 831 832 switch (msm_obj->madv) { 833 case __MSM_MADV_PURGED: 834 madv = " purged"; 835 break; 836 case MSM_MADV_DONTNEED: 837 madv = " purgeable"; 838 break; 839 case MSM_MADV_WILLNEED: 840 default: 841 madv = ""; 842 break; 843 } 844 845 seq_printf(m, "%08x: %c %2d (%2d) %08llx %p", 846 msm_obj->flags, is_active(msm_obj) ? 'A' : 'I', 847 obj->name, kref_read(&obj->refcount), 848 off, msm_obj->vaddr); 849 850 seq_printf(m, " %08zu %9s %-32s\n", obj->size, madv, msm_obj->name); 851 852 if (!list_empty(&msm_obj->vmas)) { 853 854 seq_puts(m, " vmas:"); 855 856 list_for_each_entry(vma, &msm_obj->vmas, list) 857 seq_printf(m, " [%s: %08llx,%s,inuse=%d]", 858 vma->aspace != NULL ? vma->aspace->name : NULL, 859 vma->iova, vma->mapped ? "mapped" : "unmapped", 860 vma->inuse); 861 862 seq_puts(m, "\n"); 863 } 864 865 rcu_read_lock(); 866 fobj = rcu_dereference(robj->fence); 867 if (fobj) { 868 unsigned int i, shared_count = fobj->shared_count; 869 870 for (i = 0; i < shared_count; i++) { 871 fence = rcu_dereference(fobj->shared[i]); 872 describe_fence(fence, "Shared", m); 873 } 874 } 875 876 fence = rcu_dereference(robj->fence_excl); 877 if (fence) 878 describe_fence(fence, "Exclusive", m); 879 rcu_read_unlock(); 880 881 mutex_unlock(&msm_obj->lock); 882 } 883 884 void msm_gem_describe_objects(struct list_head *list, struct seq_file *m) 885 { 886 struct msm_gem_object *msm_obj; 887 int count = 0; 888 size_t size = 0; 889 890 seq_puts(m, " flags id ref offset kaddr size madv name\n"); 891 list_for_each_entry(msm_obj, list, mm_list) { 892 struct drm_gem_object *obj = &msm_obj->base; 893 seq_puts(m, " "); 894 msm_gem_describe(obj, m); 895 count++; 896 size += obj->size; 897 } 898 899 seq_printf(m, "Total %d objects, %zu bytes\n", count, size); 900 } 901 #endif 902 903 /* don't call directly! Use drm_gem_object_put_locked() and friends */ 904 void msm_gem_free_object(struct drm_gem_object *obj) 905 { 906 struct msm_gem_object *msm_obj = to_msm_bo(obj); 907 struct drm_device *dev = obj->dev; 908 struct msm_drm_private *priv = dev->dev_private; 909 910 if (llist_add(&msm_obj->freed, &priv->free_list)) 911 queue_work(priv->wq, &priv->free_work); 912 } 913 914 static void free_object(struct msm_gem_object *msm_obj) 915 { 916 struct drm_gem_object *obj = &msm_obj->base; 917 struct drm_device *dev = obj->dev; 918 919 WARN_ON(!mutex_is_locked(&dev->struct_mutex)); 920 921 /* object should not be on active list: */ 922 WARN_ON(is_active(msm_obj)); 923 924 list_del(&msm_obj->mm_list); 925 926 mutex_lock(&msm_obj->lock); 927 928 put_iova(obj); 929 930 if (obj->import_attach) { 931 WARN_ON(msm_obj->vaddr); 932 933 /* Don't drop the pages for imported dmabuf, as they are not 934 * ours, just free the array we allocated: 935 */ 936 if (msm_obj->pages) 937 kvfree(msm_obj->pages); 938 939 drm_prime_gem_destroy(obj, msm_obj->sgt); 940 } else { 941 msm_gem_vunmap_locked(obj); 942 put_pages(obj); 943 } 944 945 drm_gem_object_release(obj); 946 947 mutex_unlock(&msm_obj->lock); 948 kfree(msm_obj); 949 } 950 951 void msm_gem_free_work(struct work_struct *work) 952 { 953 struct msm_drm_private *priv = 954 container_of(work, struct msm_drm_private, free_work); 955 struct drm_device *dev = priv->dev; 956 struct llist_node *freed; 957 struct msm_gem_object *msm_obj, *next; 958 959 while ((freed = llist_del_all(&priv->free_list))) { 960 961 mutex_lock(&dev->struct_mutex); 962 963 llist_for_each_entry_safe(msm_obj, next, 964 freed, freed) 965 free_object(msm_obj); 966 967 mutex_unlock(&dev->struct_mutex); 968 969 if (need_resched()) 970 break; 971 } 972 } 973 974 /* convenience method to construct a GEM buffer object, and userspace handle */ 975 int msm_gem_new_handle(struct drm_device *dev, struct drm_file *file, 976 uint32_t size, uint32_t flags, uint32_t *handle, 977 char *name) 978 { 979 struct drm_gem_object *obj; 980 int ret; 981 982 obj = msm_gem_new(dev, size, flags); 983 984 if (IS_ERR(obj)) 985 return PTR_ERR(obj); 986 987 if (name) 988 msm_gem_object_set_name(obj, "%s", name); 989 990 ret = drm_gem_handle_create(file, obj, handle); 991 992 /* drop reference from allocate - handle holds it now */ 993 drm_gem_object_put(obj); 994 995 return ret; 996 } 997 998 static int msm_gem_new_impl(struct drm_device *dev, 999 uint32_t size, uint32_t flags, 1000 struct drm_gem_object **obj) 1001 { 1002 struct msm_gem_object *msm_obj; 1003 1004 switch (flags & MSM_BO_CACHE_MASK) { 1005 case MSM_BO_UNCACHED: 1006 case MSM_BO_CACHED: 1007 case MSM_BO_WC: 1008 break; 1009 default: 1010 DRM_DEV_ERROR(dev->dev, "invalid cache flag: %x\n", 1011 (flags & MSM_BO_CACHE_MASK)); 1012 return -EINVAL; 1013 } 1014 1015 msm_obj = kzalloc(sizeof(*msm_obj), GFP_KERNEL); 1016 if (!msm_obj) 1017 return -ENOMEM; 1018 1019 mutex_init(&msm_obj->lock); 1020 1021 msm_obj->flags = flags; 1022 msm_obj->madv = MSM_MADV_WILLNEED; 1023 1024 INIT_LIST_HEAD(&msm_obj->submit_entry); 1025 INIT_LIST_HEAD(&msm_obj->vmas); 1026 1027 *obj = &msm_obj->base; 1028 1029 return 0; 1030 } 1031 1032 static struct drm_gem_object *_msm_gem_new(struct drm_device *dev, 1033 uint32_t size, uint32_t flags, bool struct_mutex_locked) 1034 { 1035 struct msm_drm_private *priv = dev->dev_private; 1036 struct msm_gem_object *msm_obj; 1037 struct drm_gem_object *obj = NULL; 1038 bool use_vram = false; 1039 int ret; 1040 1041 size = PAGE_ALIGN(size); 1042 1043 if (!msm_use_mmu(dev)) 1044 use_vram = true; 1045 else if ((flags & (MSM_BO_STOLEN | MSM_BO_SCANOUT)) && priv->vram.size) 1046 use_vram = true; 1047 1048 if (WARN_ON(use_vram && !priv->vram.size)) 1049 return ERR_PTR(-EINVAL); 1050 1051 /* Disallow zero sized objects as they make the underlying 1052 * infrastructure grumpy 1053 */ 1054 if (size == 0) 1055 return ERR_PTR(-EINVAL); 1056 1057 ret = msm_gem_new_impl(dev, size, flags, &obj); 1058 if (ret) 1059 goto fail; 1060 1061 msm_obj = to_msm_bo(obj); 1062 1063 if (use_vram) { 1064 struct msm_gem_vma *vma; 1065 struct page **pages; 1066 1067 mutex_lock(&msm_obj->lock); 1068 1069 vma = add_vma(obj, NULL); 1070 mutex_unlock(&msm_obj->lock); 1071 if (IS_ERR(vma)) { 1072 ret = PTR_ERR(vma); 1073 goto fail; 1074 } 1075 1076 to_msm_bo(obj)->vram_node = &vma->node; 1077 1078 drm_gem_private_object_init(dev, obj, size); 1079 1080 pages = get_pages(obj); 1081 if (IS_ERR(pages)) { 1082 ret = PTR_ERR(pages); 1083 goto fail; 1084 } 1085 1086 vma->iova = physaddr(obj); 1087 } else { 1088 ret = drm_gem_object_init(dev, obj, size); 1089 if (ret) 1090 goto fail; 1091 /* 1092 * Our buffers are kept pinned, so allocating them from the 1093 * MOVABLE zone is a really bad idea, and conflicts with CMA. 1094 * See comments above new_inode() why this is required _and_ 1095 * expected if you're going to pin these pages. 1096 */ 1097 mapping_set_gfp_mask(obj->filp->f_mapping, GFP_HIGHUSER); 1098 } 1099 1100 if (struct_mutex_locked) { 1101 WARN_ON(!mutex_is_locked(&dev->struct_mutex)); 1102 list_add_tail(&msm_obj->mm_list, &priv->inactive_list); 1103 } else { 1104 mutex_lock(&dev->struct_mutex); 1105 list_add_tail(&msm_obj->mm_list, &priv->inactive_list); 1106 mutex_unlock(&dev->struct_mutex); 1107 } 1108 1109 return obj; 1110 1111 fail: 1112 drm_gem_object_put(obj); 1113 return ERR_PTR(ret); 1114 } 1115 1116 struct drm_gem_object *msm_gem_new_locked(struct drm_device *dev, 1117 uint32_t size, uint32_t flags) 1118 { 1119 return _msm_gem_new(dev, size, flags, true); 1120 } 1121 1122 struct drm_gem_object *msm_gem_new(struct drm_device *dev, 1123 uint32_t size, uint32_t flags) 1124 { 1125 return _msm_gem_new(dev, size, flags, false); 1126 } 1127 1128 struct drm_gem_object *msm_gem_import(struct drm_device *dev, 1129 struct dma_buf *dmabuf, struct sg_table *sgt) 1130 { 1131 struct msm_drm_private *priv = dev->dev_private; 1132 struct msm_gem_object *msm_obj; 1133 struct drm_gem_object *obj; 1134 uint32_t size; 1135 int ret, npages; 1136 1137 /* if we don't have IOMMU, don't bother pretending we can import: */ 1138 if (!msm_use_mmu(dev)) { 1139 DRM_DEV_ERROR(dev->dev, "cannot import without IOMMU\n"); 1140 return ERR_PTR(-EINVAL); 1141 } 1142 1143 size = PAGE_ALIGN(dmabuf->size); 1144 1145 ret = msm_gem_new_impl(dev, size, MSM_BO_WC, &obj); 1146 if (ret) 1147 goto fail; 1148 1149 drm_gem_private_object_init(dev, obj, size); 1150 1151 npages = size / PAGE_SIZE; 1152 1153 msm_obj = to_msm_bo(obj); 1154 mutex_lock(&msm_obj->lock); 1155 msm_obj->sgt = sgt; 1156 msm_obj->pages = kvmalloc_array(npages, sizeof(struct page *), GFP_KERNEL); 1157 if (!msm_obj->pages) { 1158 mutex_unlock(&msm_obj->lock); 1159 ret = -ENOMEM; 1160 goto fail; 1161 } 1162 1163 ret = drm_prime_sg_to_page_addr_arrays(sgt, msm_obj->pages, NULL, npages); 1164 if (ret) { 1165 mutex_unlock(&msm_obj->lock); 1166 goto fail; 1167 } 1168 1169 mutex_unlock(&msm_obj->lock); 1170 1171 mutex_lock(&dev->struct_mutex); 1172 list_add_tail(&msm_obj->mm_list, &priv->inactive_list); 1173 mutex_unlock(&dev->struct_mutex); 1174 1175 return obj; 1176 1177 fail: 1178 drm_gem_object_put(obj); 1179 return ERR_PTR(ret); 1180 } 1181 1182 static void *_msm_gem_kernel_new(struct drm_device *dev, uint32_t size, 1183 uint32_t flags, struct msm_gem_address_space *aspace, 1184 struct drm_gem_object **bo, uint64_t *iova, bool locked) 1185 { 1186 void *vaddr; 1187 struct drm_gem_object *obj = _msm_gem_new(dev, size, flags, locked); 1188 int ret; 1189 1190 if (IS_ERR(obj)) 1191 return ERR_CAST(obj); 1192 1193 if (iova) { 1194 ret = msm_gem_get_and_pin_iova(obj, aspace, iova); 1195 if (ret) 1196 goto err; 1197 } 1198 1199 vaddr = msm_gem_get_vaddr(obj); 1200 if (IS_ERR(vaddr)) { 1201 msm_gem_unpin_iova(obj, aspace); 1202 ret = PTR_ERR(vaddr); 1203 goto err; 1204 } 1205 1206 if (bo) 1207 *bo = obj; 1208 1209 return vaddr; 1210 err: 1211 if (locked) 1212 drm_gem_object_put_locked(obj); 1213 else 1214 drm_gem_object_put(obj); 1215 1216 return ERR_PTR(ret); 1217 1218 } 1219 1220 void *msm_gem_kernel_new(struct drm_device *dev, uint32_t size, 1221 uint32_t flags, struct msm_gem_address_space *aspace, 1222 struct drm_gem_object **bo, uint64_t *iova) 1223 { 1224 return _msm_gem_kernel_new(dev, size, flags, aspace, bo, iova, false); 1225 } 1226 1227 void *msm_gem_kernel_new_locked(struct drm_device *dev, uint32_t size, 1228 uint32_t flags, struct msm_gem_address_space *aspace, 1229 struct drm_gem_object **bo, uint64_t *iova) 1230 { 1231 return _msm_gem_kernel_new(dev, size, flags, aspace, bo, iova, true); 1232 } 1233 1234 void msm_gem_kernel_put(struct drm_gem_object *bo, 1235 struct msm_gem_address_space *aspace, bool locked) 1236 { 1237 if (IS_ERR_OR_NULL(bo)) 1238 return; 1239 1240 msm_gem_put_vaddr(bo); 1241 msm_gem_unpin_iova(bo, aspace); 1242 1243 if (locked) 1244 drm_gem_object_put_locked(bo); 1245 else 1246 drm_gem_object_put(bo); 1247 } 1248 1249 void msm_gem_object_set_name(struct drm_gem_object *bo, const char *fmt, ...) 1250 { 1251 struct msm_gem_object *msm_obj = to_msm_bo(bo); 1252 va_list ap; 1253 1254 if (!fmt) 1255 return; 1256 1257 va_start(ap, fmt); 1258 vsnprintf(msm_obj->name, sizeof(msm_obj->name), fmt, ap); 1259 va_end(ap); 1260 } 1261