1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Copyright (C) 2013 Red Hat 4 * Author: Rob Clark <robdclark@gmail.com> 5 */ 6 7 #include <linux/dma-map-ops.h> 8 #include <linux/spinlock.h> 9 #include <linux/shmem_fs.h> 10 #include <linux/dma-buf.h> 11 #include <linux/pfn_t.h> 12 13 #include <drm/drm_prime.h> 14 15 #include "msm_drv.h" 16 #include "msm_fence.h" 17 #include "msm_gem.h" 18 #include "msm_gpu.h" 19 #include "msm_mmu.h" 20 21 static void update_inactive(struct msm_gem_object *msm_obj); 22 23 static dma_addr_t physaddr(struct drm_gem_object *obj) 24 { 25 struct msm_gem_object *msm_obj = to_msm_bo(obj); 26 struct msm_drm_private *priv = obj->dev->dev_private; 27 return (((dma_addr_t)msm_obj->vram_node->start) << PAGE_SHIFT) + 28 priv->vram.paddr; 29 } 30 31 static bool use_pages(struct drm_gem_object *obj) 32 { 33 struct msm_gem_object *msm_obj = to_msm_bo(obj); 34 return !msm_obj->vram_node; 35 } 36 37 /* 38 * Cache sync.. this is a bit over-complicated, to fit dma-mapping 39 * API. Really GPU cache is out of scope here (handled on cmdstream) 40 * and all we need to do is invalidate newly allocated pages before 41 * mapping to CPU as uncached/writecombine. 42 * 43 * On top of this, we have the added headache, that depending on 44 * display generation, the display's iommu may be wired up to either 45 * the toplevel drm device (mdss), or to the mdp sub-node, meaning 46 * that here we either have dma-direct or iommu ops. 47 * 48 * Let this be a cautionary tail of abstraction gone wrong. 49 */ 50 51 static void sync_for_device(struct msm_gem_object *msm_obj) 52 { 53 struct device *dev = msm_obj->base.dev->dev; 54 55 dma_map_sgtable(dev, msm_obj->sgt, DMA_BIDIRECTIONAL, 0); 56 } 57 58 static void sync_for_cpu(struct msm_gem_object *msm_obj) 59 { 60 struct device *dev = msm_obj->base.dev->dev; 61 62 dma_unmap_sgtable(dev, msm_obj->sgt, DMA_BIDIRECTIONAL, 0); 63 } 64 65 /* allocate pages from VRAM carveout, used when no IOMMU: */ 66 static struct page **get_pages_vram(struct drm_gem_object *obj, int npages) 67 { 68 struct msm_gem_object *msm_obj = to_msm_bo(obj); 69 struct msm_drm_private *priv = obj->dev->dev_private; 70 dma_addr_t paddr; 71 struct page **p; 72 int ret, i; 73 74 p = kvmalloc_array(npages, sizeof(struct page *), GFP_KERNEL); 75 if (!p) 76 return ERR_PTR(-ENOMEM); 77 78 spin_lock(&priv->vram.lock); 79 ret = drm_mm_insert_node(&priv->vram.mm, msm_obj->vram_node, npages); 80 spin_unlock(&priv->vram.lock); 81 if (ret) { 82 kvfree(p); 83 return ERR_PTR(ret); 84 } 85 86 paddr = physaddr(obj); 87 for (i = 0; i < npages; i++) { 88 p[i] = phys_to_page(paddr); 89 paddr += PAGE_SIZE; 90 } 91 92 return p; 93 } 94 95 static struct page **get_pages(struct drm_gem_object *obj) 96 { 97 struct msm_gem_object *msm_obj = to_msm_bo(obj); 98 99 GEM_WARN_ON(!msm_gem_is_locked(obj)); 100 101 if (!msm_obj->pages) { 102 struct drm_device *dev = obj->dev; 103 struct page **p; 104 int npages = obj->size >> PAGE_SHIFT; 105 106 if (use_pages(obj)) 107 p = drm_gem_get_pages(obj); 108 else 109 p = get_pages_vram(obj, npages); 110 111 if (IS_ERR(p)) { 112 DRM_DEV_ERROR(dev->dev, "could not get pages: %ld\n", 113 PTR_ERR(p)); 114 return p; 115 } 116 117 msm_obj->pages = p; 118 119 msm_obj->sgt = drm_prime_pages_to_sg(obj->dev, p, npages); 120 if (IS_ERR(msm_obj->sgt)) { 121 void *ptr = ERR_CAST(msm_obj->sgt); 122 123 DRM_DEV_ERROR(dev->dev, "failed to allocate sgt\n"); 124 msm_obj->sgt = NULL; 125 return ptr; 126 } 127 128 /* For non-cached buffers, ensure the new pages are clean 129 * because display controller, GPU, etc. are not coherent: 130 */ 131 if (msm_obj->flags & (MSM_BO_WC|MSM_BO_UNCACHED)) 132 sync_for_device(msm_obj); 133 134 GEM_WARN_ON(msm_obj->active_count); 135 update_inactive(msm_obj); 136 } 137 138 return msm_obj->pages; 139 } 140 141 static void put_pages_vram(struct drm_gem_object *obj) 142 { 143 struct msm_gem_object *msm_obj = to_msm_bo(obj); 144 struct msm_drm_private *priv = obj->dev->dev_private; 145 146 spin_lock(&priv->vram.lock); 147 drm_mm_remove_node(msm_obj->vram_node); 148 spin_unlock(&priv->vram.lock); 149 150 kvfree(msm_obj->pages); 151 } 152 153 static void put_pages(struct drm_gem_object *obj) 154 { 155 struct msm_gem_object *msm_obj = to_msm_bo(obj); 156 157 if (msm_obj->pages) { 158 if (msm_obj->sgt) { 159 /* For non-cached buffers, ensure the new 160 * pages are clean because display controller, 161 * GPU, etc. are not coherent: 162 */ 163 if (msm_obj->flags & (MSM_BO_WC|MSM_BO_UNCACHED)) 164 sync_for_cpu(msm_obj); 165 166 sg_free_table(msm_obj->sgt); 167 kfree(msm_obj->sgt); 168 msm_obj->sgt = NULL; 169 } 170 171 if (use_pages(obj)) 172 drm_gem_put_pages(obj, msm_obj->pages, true, false); 173 else 174 put_pages_vram(obj); 175 176 msm_obj->pages = NULL; 177 } 178 } 179 180 struct page **msm_gem_get_pages(struct drm_gem_object *obj) 181 { 182 struct msm_gem_object *msm_obj = to_msm_bo(obj); 183 struct page **p; 184 185 msm_gem_lock(obj); 186 187 if (GEM_WARN_ON(msm_obj->madv != MSM_MADV_WILLNEED)) { 188 msm_gem_unlock(obj); 189 return ERR_PTR(-EBUSY); 190 } 191 192 p = get_pages(obj); 193 194 if (!IS_ERR(p)) { 195 msm_obj->pin_count++; 196 update_inactive(msm_obj); 197 } 198 199 msm_gem_unlock(obj); 200 return p; 201 } 202 203 void msm_gem_put_pages(struct drm_gem_object *obj) 204 { 205 struct msm_gem_object *msm_obj = to_msm_bo(obj); 206 207 msm_gem_lock(obj); 208 msm_obj->pin_count--; 209 GEM_WARN_ON(msm_obj->pin_count < 0); 210 update_inactive(msm_obj); 211 msm_gem_unlock(obj); 212 } 213 214 static pgprot_t msm_gem_pgprot(struct msm_gem_object *msm_obj, pgprot_t prot) 215 { 216 if (msm_obj->flags & (MSM_BO_WC|MSM_BO_UNCACHED)) 217 return pgprot_writecombine(prot); 218 return prot; 219 } 220 221 int msm_gem_mmap_obj(struct drm_gem_object *obj, 222 struct vm_area_struct *vma) 223 { 224 struct msm_gem_object *msm_obj = to_msm_bo(obj); 225 226 vma->vm_flags &= ~VM_PFNMAP; 227 vma->vm_flags |= VM_MIXEDMAP; 228 vma->vm_page_prot = msm_gem_pgprot(msm_obj, vm_get_page_prot(vma->vm_flags)); 229 230 return 0; 231 } 232 233 int msm_gem_mmap(struct file *filp, struct vm_area_struct *vma) 234 { 235 int ret; 236 237 ret = drm_gem_mmap(filp, vma); 238 if (ret) { 239 DBG("mmap failed: %d", ret); 240 return ret; 241 } 242 243 return msm_gem_mmap_obj(vma->vm_private_data, vma); 244 } 245 246 static vm_fault_t msm_gem_fault(struct vm_fault *vmf) 247 { 248 struct vm_area_struct *vma = vmf->vma; 249 struct drm_gem_object *obj = vma->vm_private_data; 250 struct msm_gem_object *msm_obj = to_msm_bo(obj); 251 struct page **pages; 252 unsigned long pfn; 253 pgoff_t pgoff; 254 int err; 255 vm_fault_t ret; 256 257 /* 258 * vm_ops.open/drm_gem_mmap_obj and close get and put 259 * a reference on obj. So, we dont need to hold one here. 260 */ 261 err = msm_gem_lock_interruptible(obj); 262 if (err) { 263 ret = VM_FAULT_NOPAGE; 264 goto out; 265 } 266 267 if (GEM_WARN_ON(msm_obj->madv != MSM_MADV_WILLNEED)) { 268 msm_gem_unlock(obj); 269 return VM_FAULT_SIGBUS; 270 } 271 272 /* make sure we have pages attached now */ 273 pages = get_pages(obj); 274 if (IS_ERR(pages)) { 275 ret = vmf_error(PTR_ERR(pages)); 276 goto out_unlock; 277 } 278 279 /* We don't use vmf->pgoff since that has the fake offset: */ 280 pgoff = (vmf->address - vma->vm_start) >> PAGE_SHIFT; 281 282 pfn = page_to_pfn(pages[pgoff]); 283 284 VERB("Inserting %p pfn %lx, pa %lx", (void *)vmf->address, 285 pfn, pfn << PAGE_SHIFT); 286 287 ret = vmf_insert_mixed(vma, vmf->address, __pfn_to_pfn_t(pfn, PFN_DEV)); 288 out_unlock: 289 msm_gem_unlock(obj); 290 out: 291 return ret; 292 } 293 294 /** get mmap offset */ 295 static uint64_t mmap_offset(struct drm_gem_object *obj) 296 { 297 struct drm_device *dev = obj->dev; 298 int ret; 299 300 GEM_WARN_ON(!msm_gem_is_locked(obj)); 301 302 /* Make it mmapable */ 303 ret = drm_gem_create_mmap_offset(obj); 304 305 if (ret) { 306 DRM_DEV_ERROR(dev->dev, "could not allocate mmap offset\n"); 307 return 0; 308 } 309 310 return drm_vma_node_offset_addr(&obj->vma_node); 311 } 312 313 uint64_t msm_gem_mmap_offset(struct drm_gem_object *obj) 314 { 315 uint64_t offset; 316 317 msm_gem_lock(obj); 318 offset = mmap_offset(obj); 319 msm_gem_unlock(obj); 320 return offset; 321 } 322 323 static struct msm_gem_vma *add_vma(struct drm_gem_object *obj, 324 struct msm_gem_address_space *aspace) 325 { 326 struct msm_gem_object *msm_obj = to_msm_bo(obj); 327 struct msm_gem_vma *vma; 328 329 GEM_WARN_ON(!msm_gem_is_locked(obj)); 330 331 vma = kzalloc(sizeof(*vma), GFP_KERNEL); 332 if (!vma) 333 return ERR_PTR(-ENOMEM); 334 335 vma->aspace = aspace; 336 337 list_add_tail(&vma->list, &msm_obj->vmas); 338 339 return vma; 340 } 341 342 static struct msm_gem_vma *lookup_vma(struct drm_gem_object *obj, 343 struct msm_gem_address_space *aspace) 344 { 345 struct msm_gem_object *msm_obj = to_msm_bo(obj); 346 struct msm_gem_vma *vma; 347 348 GEM_WARN_ON(!msm_gem_is_locked(obj)); 349 350 list_for_each_entry(vma, &msm_obj->vmas, list) { 351 if (vma->aspace == aspace) 352 return vma; 353 } 354 355 return NULL; 356 } 357 358 static void del_vma(struct msm_gem_vma *vma) 359 { 360 if (!vma) 361 return; 362 363 list_del(&vma->list); 364 kfree(vma); 365 } 366 367 /* 368 * If close is true, this also closes the VMA (releasing the allocated 369 * iova range) in addition to removing the iommu mapping. In the eviction 370 * case (!close), we keep the iova allocated, but only remove the iommu 371 * mapping. 372 */ 373 static void 374 put_iova_spaces(struct drm_gem_object *obj, bool close) 375 { 376 struct msm_gem_object *msm_obj = to_msm_bo(obj); 377 struct msm_gem_vma *vma; 378 379 GEM_WARN_ON(!msm_gem_is_locked(obj)); 380 381 list_for_each_entry(vma, &msm_obj->vmas, list) { 382 if (vma->aspace) { 383 msm_gem_purge_vma(vma->aspace, vma); 384 if (close) 385 msm_gem_close_vma(vma->aspace, vma); 386 } 387 } 388 } 389 390 /* Called with msm_obj locked */ 391 static void 392 put_iova_vmas(struct drm_gem_object *obj) 393 { 394 struct msm_gem_object *msm_obj = to_msm_bo(obj); 395 struct msm_gem_vma *vma, *tmp; 396 397 GEM_WARN_ON(!msm_gem_is_locked(obj)); 398 399 list_for_each_entry_safe(vma, tmp, &msm_obj->vmas, list) { 400 del_vma(vma); 401 } 402 } 403 404 static int get_iova_locked(struct drm_gem_object *obj, 405 struct msm_gem_address_space *aspace, uint64_t *iova, 406 u64 range_start, u64 range_end) 407 { 408 struct msm_gem_vma *vma; 409 int ret = 0; 410 411 GEM_WARN_ON(!msm_gem_is_locked(obj)); 412 413 vma = lookup_vma(obj, aspace); 414 415 if (!vma) { 416 vma = add_vma(obj, aspace); 417 if (IS_ERR(vma)) 418 return PTR_ERR(vma); 419 420 ret = msm_gem_init_vma(aspace, vma, obj->size >> PAGE_SHIFT, 421 range_start, range_end); 422 if (ret) { 423 del_vma(vma); 424 return ret; 425 } 426 } 427 428 *iova = vma->iova; 429 return 0; 430 } 431 432 static int msm_gem_pin_iova(struct drm_gem_object *obj, 433 struct msm_gem_address_space *aspace) 434 { 435 struct msm_gem_object *msm_obj = to_msm_bo(obj); 436 struct msm_gem_vma *vma; 437 struct page **pages; 438 int ret, prot = IOMMU_READ; 439 440 if (!(msm_obj->flags & MSM_BO_GPU_READONLY)) 441 prot |= IOMMU_WRITE; 442 443 if (msm_obj->flags & MSM_BO_MAP_PRIV) 444 prot |= IOMMU_PRIV; 445 446 if (msm_obj->flags & MSM_BO_CACHED_COHERENT) 447 prot |= IOMMU_CACHE; 448 449 GEM_WARN_ON(!msm_gem_is_locked(obj)); 450 451 if (GEM_WARN_ON(msm_obj->madv != MSM_MADV_WILLNEED)) 452 return -EBUSY; 453 454 vma = lookup_vma(obj, aspace); 455 if (GEM_WARN_ON(!vma)) 456 return -EINVAL; 457 458 pages = get_pages(obj); 459 if (IS_ERR(pages)) 460 return PTR_ERR(pages); 461 462 ret = msm_gem_map_vma(aspace, vma, prot, 463 msm_obj->sgt, obj->size >> PAGE_SHIFT); 464 465 if (!ret) 466 msm_obj->pin_count++; 467 468 return ret; 469 } 470 471 static int get_and_pin_iova_range_locked(struct drm_gem_object *obj, 472 struct msm_gem_address_space *aspace, uint64_t *iova, 473 u64 range_start, u64 range_end) 474 { 475 u64 local; 476 int ret; 477 478 GEM_WARN_ON(!msm_gem_is_locked(obj)); 479 480 ret = get_iova_locked(obj, aspace, &local, 481 range_start, range_end); 482 483 if (!ret) 484 ret = msm_gem_pin_iova(obj, aspace); 485 486 if (!ret) 487 *iova = local; 488 489 return ret; 490 } 491 492 /* 493 * get iova and pin it. Should have a matching put 494 * limits iova to specified range (in pages) 495 */ 496 int msm_gem_get_and_pin_iova_range(struct drm_gem_object *obj, 497 struct msm_gem_address_space *aspace, uint64_t *iova, 498 u64 range_start, u64 range_end) 499 { 500 int ret; 501 502 msm_gem_lock(obj); 503 ret = get_and_pin_iova_range_locked(obj, aspace, iova, range_start, range_end); 504 msm_gem_unlock(obj); 505 506 return ret; 507 } 508 509 int msm_gem_get_and_pin_iova_locked(struct drm_gem_object *obj, 510 struct msm_gem_address_space *aspace, uint64_t *iova) 511 { 512 return get_and_pin_iova_range_locked(obj, aspace, iova, 0, U64_MAX); 513 } 514 515 /* get iova and pin it. Should have a matching put */ 516 int msm_gem_get_and_pin_iova(struct drm_gem_object *obj, 517 struct msm_gem_address_space *aspace, uint64_t *iova) 518 { 519 return msm_gem_get_and_pin_iova_range(obj, aspace, iova, 0, U64_MAX); 520 } 521 522 /* 523 * Get an iova but don't pin it. Doesn't need a put because iovas are currently 524 * valid for the life of the object 525 */ 526 int msm_gem_get_iova(struct drm_gem_object *obj, 527 struct msm_gem_address_space *aspace, uint64_t *iova) 528 { 529 int ret; 530 531 msm_gem_lock(obj); 532 ret = get_iova_locked(obj, aspace, iova, 0, U64_MAX); 533 msm_gem_unlock(obj); 534 535 return ret; 536 } 537 538 /* get iova without taking a reference, used in places where you have 539 * already done a 'msm_gem_get_and_pin_iova' or 'msm_gem_get_iova' 540 */ 541 uint64_t msm_gem_iova(struct drm_gem_object *obj, 542 struct msm_gem_address_space *aspace) 543 { 544 struct msm_gem_vma *vma; 545 546 msm_gem_lock(obj); 547 vma = lookup_vma(obj, aspace); 548 msm_gem_unlock(obj); 549 GEM_WARN_ON(!vma); 550 551 return vma ? vma->iova : 0; 552 } 553 554 /* 555 * Locked variant of msm_gem_unpin_iova() 556 */ 557 void msm_gem_unpin_iova_locked(struct drm_gem_object *obj, 558 struct msm_gem_address_space *aspace) 559 { 560 struct msm_gem_object *msm_obj = to_msm_bo(obj); 561 struct msm_gem_vma *vma; 562 563 GEM_WARN_ON(!msm_gem_is_locked(obj)); 564 565 vma = lookup_vma(obj, aspace); 566 567 if (!GEM_WARN_ON(!vma)) { 568 msm_gem_unmap_vma(aspace, vma); 569 570 msm_obj->pin_count--; 571 GEM_WARN_ON(msm_obj->pin_count < 0); 572 573 update_inactive(msm_obj); 574 } 575 } 576 577 /* 578 * Unpin a iova by updating the reference counts. The memory isn't actually 579 * purged until something else (shrinker, mm_notifier, destroy, etc) decides 580 * to get rid of it 581 */ 582 void msm_gem_unpin_iova(struct drm_gem_object *obj, 583 struct msm_gem_address_space *aspace) 584 { 585 msm_gem_lock(obj); 586 msm_gem_unpin_iova_locked(obj, aspace); 587 msm_gem_unlock(obj); 588 } 589 590 int msm_gem_dumb_create(struct drm_file *file, struct drm_device *dev, 591 struct drm_mode_create_dumb *args) 592 { 593 args->pitch = align_pitch(args->width, args->bpp); 594 args->size = PAGE_ALIGN(args->pitch * args->height); 595 return msm_gem_new_handle(dev, file, args->size, 596 MSM_BO_SCANOUT | MSM_BO_WC, &args->handle, "dumb"); 597 } 598 599 int msm_gem_dumb_map_offset(struct drm_file *file, struct drm_device *dev, 600 uint32_t handle, uint64_t *offset) 601 { 602 struct drm_gem_object *obj; 603 int ret = 0; 604 605 /* GEM does all our handle to object mapping */ 606 obj = drm_gem_object_lookup(file, handle); 607 if (obj == NULL) { 608 ret = -ENOENT; 609 goto fail; 610 } 611 612 *offset = msm_gem_mmap_offset(obj); 613 614 drm_gem_object_put(obj); 615 616 fail: 617 return ret; 618 } 619 620 static void *get_vaddr(struct drm_gem_object *obj, unsigned madv) 621 { 622 struct msm_gem_object *msm_obj = to_msm_bo(obj); 623 int ret = 0; 624 625 GEM_WARN_ON(!msm_gem_is_locked(obj)); 626 627 if (obj->import_attach) 628 return ERR_PTR(-ENODEV); 629 630 if (GEM_WARN_ON(msm_obj->madv > madv)) { 631 DRM_DEV_ERROR(obj->dev->dev, "Invalid madv state: %u vs %u\n", 632 msm_obj->madv, madv); 633 return ERR_PTR(-EBUSY); 634 } 635 636 /* increment vmap_count *before* vmap() call, so shrinker can 637 * check vmap_count (is_vunmapable()) outside of msm_obj lock. 638 * This guarantees that we won't try to msm_gem_vunmap() this 639 * same object from within the vmap() call (while we already 640 * hold msm_obj lock) 641 */ 642 msm_obj->vmap_count++; 643 644 if (!msm_obj->vaddr) { 645 struct page **pages = get_pages(obj); 646 if (IS_ERR(pages)) { 647 ret = PTR_ERR(pages); 648 goto fail; 649 } 650 msm_obj->vaddr = vmap(pages, obj->size >> PAGE_SHIFT, 651 VM_MAP, msm_gem_pgprot(msm_obj, PAGE_KERNEL)); 652 if (msm_obj->vaddr == NULL) { 653 ret = -ENOMEM; 654 goto fail; 655 } 656 657 update_inactive(msm_obj); 658 } 659 660 return msm_obj->vaddr; 661 662 fail: 663 msm_obj->vmap_count--; 664 return ERR_PTR(ret); 665 } 666 667 void *msm_gem_get_vaddr_locked(struct drm_gem_object *obj) 668 { 669 return get_vaddr(obj, MSM_MADV_WILLNEED); 670 } 671 672 void *msm_gem_get_vaddr(struct drm_gem_object *obj) 673 { 674 void *ret; 675 676 msm_gem_lock(obj); 677 ret = msm_gem_get_vaddr_locked(obj); 678 msm_gem_unlock(obj); 679 680 return ret; 681 } 682 683 /* 684 * Don't use this! It is for the very special case of dumping 685 * submits from GPU hangs or faults, were the bo may already 686 * be MSM_MADV_DONTNEED, but we know the buffer is still on the 687 * active list. 688 */ 689 void *msm_gem_get_vaddr_active(struct drm_gem_object *obj) 690 { 691 return get_vaddr(obj, __MSM_MADV_PURGED); 692 } 693 694 void msm_gem_put_vaddr_locked(struct drm_gem_object *obj) 695 { 696 struct msm_gem_object *msm_obj = to_msm_bo(obj); 697 698 GEM_WARN_ON(!msm_gem_is_locked(obj)); 699 GEM_WARN_ON(msm_obj->vmap_count < 1); 700 701 msm_obj->vmap_count--; 702 } 703 704 void msm_gem_put_vaddr(struct drm_gem_object *obj) 705 { 706 msm_gem_lock(obj); 707 msm_gem_put_vaddr_locked(obj); 708 msm_gem_unlock(obj); 709 } 710 711 /* Update madvise status, returns true if not purged, else 712 * false or -errno. 713 */ 714 int msm_gem_madvise(struct drm_gem_object *obj, unsigned madv) 715 { 716 struct msm_gem_object *msm_obj = to_msm_bo(obj); 717 718 msm_gem_lock(obj); 719 720 if (msm_obj->madv != __MSM_MADV_PURGED) 721 msm_obj->madv = madv; 722 723 madv = msm_obj->madv; 724 725 /* If the obj is inactive, we might need to move it 726 * between inactive lists 727 */ 728 if (msm_obj->active_count == 0) 729 update_inactive(msm_obj); 730 731 msm_gem_unlock(obj); 732 733 return (madv != __MSM_MADV_PURGED); 734 } 735 736 void msm_gem_purge(struct drm_gem_object *obj) 737 { 738 struct drm_device *dev = obj->dev; 739 struct msm_gem_object *msm_obj = to_msm_bo(obj); 740 741 GEM_WARN_ON(!msm_gem_is_locked(obj)); 742 GEM_WARN_ON(!is_purgeable(msm_obj)); 743 744 /* Get rid of any iommu mapping(s): */ 745 put_iova_spaces(obj, true); 746 747 msm_gem_vunmap(obj); 748 749 drm_vma_node_unmap(&obj->vma_node, dev->anon_inode->i_mapping); 750 751 put_pages(obj); 752 753 put_iova_vmas(obj); 754 755 msm_obj->madv = __MSM_MADV_PURGED; 756 update_inactive(msm_obj); 757 758 drm_gem_free_mmap_offset(obj); 759 760 /* Our goal here is to return as much of the memory as 761 * is possible back to the system as we are called from OOM. 762 * To do this we must instruct the shmfs to drop all of its 763 * backing pages, *now*. 764 */ 765 shmem_truncate_range(file_inode(obj->filp), 0, (loff_t)-1); 766 767 invalidate_mapping_pages(file_inode(obj->filp)->i_mapping, 768 0, (loff_t)-1); 769 } 770 771 /* 772 * Unpin the backing pages and make them available to be swapped out. 773 */ 774 void msm_gem_evict(struct drm_gem_object *obj) 775 { 776 struct drm_device *dev = obj->dev; 777 struct msm_gem_object *msm_obj = to_msm_bo(obj); 778 779 GEM_WARN_ON(!msm_gem_is_locked(obj)); 780 GEM_WARN_ON(is_unevictable(msm_obj)); 781 GEM_WARN_ON(!msm_obj->evictable); 782 GEM_WARN_ON(msm_obj->active_count); 783 784 /* Get rid of any iommu mapping(s): */ 785 put_iova_spaces(obj, false); 786 787 drm_vma_node_unmap(&obj->vma_node, dev->anon_inode->i_mapping); 788 789 put_pages(obj); 790 791 update_inactive(msm_obj); 792 } 793 794 void msm_gem_vunmap(struct drm_gem_object *obj) 795 { 796 struct msm_gem_object *msm_obj = to_msm_bo(obj); 797 798 GEM_WARN_ON(!msm_gem_is_locked(obj)); 799 800 if (!msm_obj->vaddr || GEM_WARN_ON(!is_vunmapable(msm_obj))) 801 return; 802 803 vunmap(msm_obj->vaddr); 804 msm_obj->vaddr = NULL; 805 } 806 807 void msm_gem_active_get(struct drm_gem_object *obj, struct msm_gpu *gpu) 808 { 809 struct msm_gem_object *msm_obj = to_msm_bo(obj); 810 struct msm_drm_private *priv = obj->dev->dev_private; 811 812 might_sleep(); 813 GEM_WARN_ON(!msm_gem_is_locked(obj)); 814 GEM_WARN_ON(msm_obj->madv != MSM_MADV_WILLNEED); 815 GEM_WARN_ON(msm_obj->dontneed); 816 GEM_WARN_ON(!msm_obj->sgt); 817 818 if (msm_obj->active_count++ == 0) { 819 mutex_lock(&priv->mm_lock); 820 if (msm_obj->evictable) 821 mark_unevictable(msm_obj); 822 list_del(&msm_obj->mm_list); 823 list_add_tail(&msm_obj->mm_list, &gpu->active_list); 824 mutex_unlock(&priv->mm_lock); 825 } 826 } 827 828 void msm_gem_active_put(struct drm_gem_object *obj) 829 { 830 struct msm_gem_object *msm_obj = to_msm_bo(obj); 831 832 might_sleep(); 833 GEM_WARN_ON(!msm_gem_is_locked(obj)); 834 835 if (--msm_obj->active_count == 0) { 836 update_inactive(msm_obj); 837 } 838 } 839 840 static void update_inactive(struct msm_gem_object *msm_obj) 841 { 842 struct msm_drm_private *priv = msm_obj->base.dev->dev_private; 843 844 GEM_WARN_ON(!msm_gem_is_locked(&msm_obj->base)); 845 846 if (msm_obj->active_count != 0) 847 return; 848 849 mutex_lock(&priv->mm_lock); 850 851 if (msm_obj->dontneed) 852 mark_unpurgeable(msm_obj); 853 if (msm_obj->evictable) 854 mark_unevictable(msm_obj); 855 856 list_del(&msm_obj->mm_list); 857 if ((msm_obj->madv == MSM_MADV_WILLNEED) && msm_obj->sgt) { 858 list_add_tail(&msm_obj->mm_list, &priv->inactive_willneed); 859 mark_evictable(msm_obj); 860 } else if (msm_obj->madv == MSM_MADV_DONTNEED) { 861 list_add_tail(&msm_obj->mm_list, &priv->inactive_dontneed); 862 mark_purgeable(msm_obj); 863 } else { 864 GEM_WARN_ON((msm_obj->madv != __MSM_MADV_PURGED) && msm_obj->sgt); 865 list_add_tail(&msm_obj->mm_list, &priv->inactive_unpinned); 866 } 867 868 mutex_unlock(&priv->mm_lock); 869 } 870 871 int msm_gem_cpu_prep(struct drm_gem_object *obj, uint32_t op, ktime_t *timeout) 872 { 873 bool write = !!(op & MSM_PREP_WRITE); 874 unsigned long remain = 875 op & MSM_PREP_NOSYNC ? 0 : timeout_to_jiffies(timeout); 876 long ret; 877 878 ret = dma_resv_wait_timeout(obj->resv, write, true, remain); 879 if (ret == 0) 880 return remain == 0 ? -EBUSY : -ETIMEDOUT; 881 else if (ret < 0) 882 return ret; 883 884 /* TODO cache maintenance */ 885 886 return 0; 887 } 888 889 int msm_gem_cpu_fini(struct drm_gem_object *obj) 890 { 891 /* TODO cache maintenance */ 892 return 0; 893 } 894 895 #ifdef CONFIG_DEBUG_FS 896 static void describe_fence(struct dma_fence *fence, const char *type, 897 struct seq_file *m) 898 { 899 if (!dma_fence_is_signaled(fence)) 900 seq_printf(m, "\t%9s: %s %s seq %llu\n", type, 901 fence->ops->get_driver_name(fence), 902 fence->ops->get_timeline_name(fence), 903 fence->seqno); 904 } 905 906 void msm_gem_describe(struct drm_gem_object *obj, struct seq_file *m, 907 struct msm_gem_stats *stats) 908 { 909 struct msm_gem_object *msm_obj = to_msm_bo(obj); 910 struct dma_resv *robj = obj->resv; 911 struct dma_resv_list *fobj; 912 struct dma_fence *fence; 913 struct msm_gem_vma *vma; 914 uint64_t off = drm_vma_node_start(&obj->vma_node); 915 const char *madv; 916 917 msm_gem_lock(obj); 918 919 stats->all.count++; 920 stats->all.size += obj->size; 921 922 if (is_active(msm_obj)) { 923 stats->active.count++; 924 stats->active.size += obj->size; 925 } 926 927 if (msm_obj->pages) { 928 stats->resident.count++; 929 stats->resident.size += obj->size; 930 } 931 932 switch (msm_obj->madv) { 933 case __MSM_MADV_PURGED: 934 stats->purged.count++; 935 stats->purged.size += obj->size; 936 madv = " purged"; 937 break; 938 case MSM_MADV_DONTNEED: 939 stats->purgeable.count++; 940 stats->purgeable.size += obj->size; 941 madv = " purgeable"; 942 break; 943 case MSM_MADV_WILLNEED: 944 default: 945 madv = ""; 946 break; 947 } 948 949 seq_printf(m, "%08x: %c %2d (%2d) %08llx %p", 950 msm_obj->flags, is_active(msm_obj) ? 'A' : 'I', 951 obj->name, kref_read(&obj->refcount), 952 off, msm_obj->vaddr); 953 954 seq_printf(m, " %08zu %9s %-32s\n", obj->size, madv, msm_obj->name); 955 956 if (!list_empty(&msm_obj->vmas)) { 957 958 seq_puts(m, " vmas:"); 959 960 list_for_each_entry(vma, &msm_obj->vmas, list) { 961 const char *name, *comm; 962 if (vma->aspace) { 963 struct msm_gem_address_space *aspace = vma->aspace; 964 struct task_struct *task = 965 get_pid_task(aspace->pid, PIDTYPE_PID); 966 if (task) { 967 comm = kstrdup(task->comm, GFP_KERNEL); 968 } else { 969 comm = NULL; 970 } 971 name = aspace->name; 972 } else { 973 name = comm = NULL; 974 } 975 seq_printf(m, " [%s%s%s: aspace=%p, %08llx,%s,inuse=%d]", 976 name, comm ? ":" : "", comm ? comm : "", 977 vma->aspace, vma->iova, 978 vma->mapped ? "mapped" : "unmapped", 979 vma->inuse); 980 kfree(comm); 981 } 982 983 seq_puts(m, "\n"); 984 } 985 986 rcu_read_lock(); 987 fobj = dma_resv_shared_list(robj); 988 if (fobj) { 989 unsigned int i, shared_count = fobj->shared_count; 990 991 for (i = 0; i < shared_count; i++) { 992 fence = rcu_dereference(fobj->shared[i]); 993 describe_fence(fence, "Shared", m); 994 } 995 } 996 997 fence = dma_resv_excl_fence(robj); 998 if (fence) 999 describe_fence(fence, "Exclusive", m); 1000 rcu_read_unlock(); 1001 1002 msm_gem_unlock(obj); 1003 } 1004 1005 void msm_gem_describe_objects(struct list_head *list, struct seq_file *m) 1006 { 1007 struct msm_gem_stats stats = {}; 1008 struct msm_gem_object *msm_obj; 1009 1010 seq_puts(m, " flags id ref offset kaddr size madv name\n"); 1011 list_for_each_entry(msm_obj, list, node) { 1012 struct drm_gem_object *obj = &msm_obj->base; 1013 seq_puts(m, " "); 1014 msm_gem_describe(obj, m, &stats); 1015 } 1016 1017 seq_printf(m, "Total: %4d objects, %9zu bytes\n", 1018 stats.all.count, stats.all.size); 1019 seq_printf(m, "Active: %4d objects, %9zu bytes\n", 1020 stats.active.count, stats.active.size); 1021 seq_printf(m, "Resident: %4d objects, %9zu bytes\n", 1022 stats.resident.count, stats.resident.size); 1023 seq_printf(m, "Purgeable: %4d objects, %9zu bytes\n", 1024 stats.purgeable.count, stats.purgeable.size); 1025 seq_printf(m, "Purged: %4d objects, %9zu bytes\n", 1026 stats.purged.count, stats.purged.size); 1027 } 1028 #endif 1029 1030 /* don't call directly! Use drm_gem_object_put() */ 1031 void msm_gem_free_object(struct drm_gem_object *obj) 1032 { 1033 struct msm_gem_object *msm_obj = to_msm_bo(obj); 1034 struct drm_device *dev = obj->dev; 1035 struct msm_drm_private *priv = dev->dev_private; 1036 1037 mutex_lock(&priv->obj_lock); 1038 list_del(&msm_obj->node); 1039 mutex_unlock(&priv->obj_lock); 1040 1041 mutex_lock(&priv->mm_lock); 1042 if (msm_obj->dontneed) 1043 mark_unpurgeable(msm_obj); 1044 list_del(&msm_obj->mm_list); 1045 mutex_unlock(&priv->mm_lock); 1046 1047 msm_gem_lock(obj); 1048 1049 /* object should not be on active list: */ 1050 GEM_WARN_ON(is_active(msm_obj)); 1051 1052 put_iova_spaces(obj, true); 1053 1054 if (obj->import_attach) { 1055 GEM_WARN_ON(msm_obj->vaddr); 1056 1057 /* Don't drop the pages for imported dmabuf, as they are not 1058 * ours, just free the array we allocated: 1059 */ 1060 kvfree(msm_obj->pages); 1061 1062 put_iova_vmas(obj); 1063 1064 /* dma_buf_detach() grabs resv lock, so we need to unlock 1065 * prior to drm_prime_gem_destroy 1066 */ 1067 msm_gem_unlock(obj); 1068 1069 drm_prime_gem_destroy(obj, msm_obj->sgt); 1070 } else { 1071 msm_gem_vunmap(obj); 1072 put_pages(obj); 1073 put_iova_vmas(obj); 1074 msm_gem_unlock(obj); 1075 } 1076 1077 drm_gem_object_release(obj); 1078 1079 kfree(msm_obj); 1080 } 1081 1082 /* convenience method to construct a GEM buffer object, and userspace handle */ 1083 int msm_gem_new_handle(struct drm_device *dev, struct drm_file *file, 1084 uint32_t size, uint32_t flags, uint32_t *handle, 1085 char *name) 1086 { 1087 struct drm_gem_object *obj; 1088 int ret; 1089 1090 obj = msm_gem_new(dev, size, flags); 1091 1092 if (IS_ERR(obj)) 1093 return PTR_ERR(obj); 1094 1095 if (name) 1096 msm_gem_object_set_name(obj, "%s", name); 1097 1098 ret = drm_gem_handle_create(file, obj, handle); 1099 1100 /* drop reference from allocate - handle holds it now */ 1101 drm_gem_object_put(obj); 1102 1103 return ret; 1104 } 1105 1106 static const struct vm_operations_struct vm_ops = { 1107 .fault = msm_gem_fault, 1108 .open = drm_gem_vm_open, 1109 .close = drm_gem_vm_close, 1110 }; 1111 1112 static const struct drm_gem_object_funcs msm_gem_object_funcs = { 1113 .free = msm_gem_free_object, 1114 .pin = msm_gem_prime_pin, 1115 .unpin = msm_gem_prime_unpin, 1116 .get_sg_table = msm_gem_prime_get_sg_table, 1117 .vmap = msm_gem_prime_vmap, 1118 .vunmap = msm_gem_prime_vunmap, 1119 .vm_ops = &vm_ops, 1120 }; 1121 1122 static int msm_gem_new_impl(struct drm_device *dev, 1123 uint32_t size, uint32_t flags, 1124 struct drm_gem_object **obj) 1125 { 1126 struct msm_drm_private *priv = dev->dev_private; 1127 struct msm_gem_object *msm_obj; 1128 1129 switch (flags & MSM_BO_CACHE_MASK) { 1130 case MSM_BO_UNCACHED: 1131 case MSM_BO_CACHED: 1132 case MSM_BO_WC: 1133 break; 1134 case MSM_BO_CACHED_COHERENT: 1135 if (priv->has_cached_coherent) 1136 break; 1137 fallthrough; 1138 default: 1139 DRM_DEV_ERROR(dev->dev, "invalid cache flag: %x\n", 1140 (flags & MSM_BO_CACHE_MASK)); 1141 return -EINVAL; 1142 } 1143 1144 msm_obj = kzalloc(sizeof(*msm_obj), GFP_KERNEL); 1145 if (!msm_obj) 1146 return -ENOMEM; 1147 1148 msm_obj->flags = flags; 1149 msm_obj->madv = MSM_MADV_WILLNEED; 1150 1151 INIT_LIST_HEAD(&msm_obj->submit_entry); 1152 INIT_LIST_HEAD(&msm_obj->vmas); 1153 1154 *obj = &msm_obj->base; 1155 (*obj)->funcs = &msm_gem_object_funcs; 1156 1157 return 0; 1158 } 1159 1160 struct drm_gem_object *msm_gem_new(struct drm_device *dev, uint32_t size, uint32_t flags) 1161 { 1162 struct msm_drm_private *priv = dev->dev_private; 1163 struct msm_gem_object *msm_obj; 1164 struct drm_gem_object *obj = NULL; 1165 bool use_vram = false; 1166 int ret; 1167 1168 size = PAGE_ALIGN(size); 1169 1170 if (!msm_use_mmu(dev)) 1171 use_vram = true; 1172 else if ((flags & (MSM_BO_STOLEN | MSM_BO_SCANOUT)) && priv->vram.size) 1173 use_vram = true; 1174 1175 if (GEM_WARN_ON(use_vram && !priv->vram.size)) 1176 return ERR_PTR(-EINVAL); 1177 1178 /* Disallow zero sized objects as they make the underlying 1179 * infrastructure grumpy 1180 */ 1181 if (size == 0) 1182 return ERR_PTR(-EINVAL); 1183 1184 ret = msm_gem_new_impl(dev, size, flags, &obj); 1185 if (ret) 1186 goto fail; 1187 1188 msm_obj = to_msm_bo(obj); 1189 1190 if (use_vram) { 1191 struct msm_gem_vma *vma; 1192 struct page **pages; 1193 1194 drm_gem_private_object_init(dev, obj, size); 1195 1196 msm_gem_lock(obj); 1197 1198 vma = add_vma(obj, NULL); 1199 msm_gem_unlock(obj); 1200 if (IS_ERR(vma)) { 1201 ret = PTR_ERR(vma); 1202 goto fail; 1203 } 1204 1205 to_msm_bo(obj)->vram_node = &vma->node; 1206 1207 /* Call chain get_pages() -> update_inactive() tries to 1208 * access msm_obj->mm_list, but it is not initialized yet. 1209 * To avoid NULL pointer dereference error, initialize 1210 * mm_list to be empty. 1211 */ 1212 INIT_LIST_HEAD(&msm_obj->mm_list); 1213 1214 msm_gem_lock(obj); 1215 pages = get_pages(obj); 1216 msm_gem_unlock(obj); 1217 if (IS_ERR(pages)) { 1218 ret = PTR_ERR(pages); 1219 goto fail; 1220 } 1221 1222 vma->iova = physaddr(obj); 1223 } else { 1224 ret = drm_gem_object_init(dev, obj, size); 1225 if (ret) 1226 goto fail; 1227 /* 1228 * Our buffers are kept pinned, so allocating them from the 1229 * MOVABLE zone is a really bad idea, and conflicts with CMA. 1230 * See comments above new_inode() why this is required _and_ 1231 * expected if you're going to pin these pages. 1232 */ 1233 mapping_set_gfp_mask(obj->filp->f_mapping, GFP_HIGHUSER); 1234 } 1235 1236 mutex_lock(&priv->mm_lock); 1237 list_add_tail(&msm_obj->mm_list, &priv->inactive_unpinned); 1238 mutex_unlock(&priv->mm_lock); 1239 1240 mutex_lock(&priv->obj_lock); 1241 list_add_tail(&msm_obj->node, &priv->objects); 1242 mutex_unlock(&priv->obj_lock); 1243 1244 return obj; 1245 1246 fail: 1247 drm_gem_object_put(obj); 1248 return ERR_PTR(ret); 1249 } 1250 1251 struct drm_gem_object *msm_gem_import(struct drm_device *dev, 1252 struct dma_buf *dmabuf, struct sg_table *sgt) 1253 { 1254 struct msm_drm_private *priv = dev->dev_private; 1255 struct msm_gem_object *msm_obj; 1256 struct drm_gem_object *obj; 1257 uint32_t size; 1258 int ret, npages; 1259 1260 /* if we don't have IOMMU, don't bother pretending we can import: */ 1261 if (!msm_use_mmu(dev)) { 1262 DRM_DEV_ERROR(dev->dev, "cannot import without IOMMU\n"); 1263 return ERR_PTR(-EINVAL); 1264 } 1265 1266 size = PAGE_ALIGN(dmabuf->size); 1267 1268 ret = msm_gem_new_impl(dev, size, MSM_BO_WC, &obj); 1269 if (ret) 1270 goto fail; 1271 1272 drm_gem_private_object_init(dev, obj, size); 1273 1274 npages = size / PAGE_SIZE; 1275 1276 msm_obj = to_msm_bo(obj); 1277 msm_gem_lock(obj); 1278 msm_obj->sgt = sgt; 1279 msm_obj->pages = kvmalloc_array(npages, sizeof(struct page *), GFP_KERNEL); 1280 if (!msm_obj->pages) { 1281 msm_gem_unlock(obj); 1282 ret = -ENOMEM; 1283 goto fail; 1284 } 1285 1286 ret = drm_prime_sg_to_page_array(sgt, msm_obj->pages, npages); 1287 if (ret) { 1288 msm_gem_unlock(obj); 1289 goto fail; 1290 } 1291 1292 msm_gem_unlock(obj); 1293 1294 mutex_lock(&priv->mm_lock); 1295 list_add_tail(&msm_obj->mm_list, &priv->inactive_unpinned); 1296 mutex_unlock(&priv->mm_lock); 1297 1298 mutex_lock(&priv->obj_lock); 1299 list_add_tail(&msm_obj->node, &priv->objects); 1300 mutex_unlock(&priv->obj_lock); 1301 1302 return obj; 1303 1304 fail: 1305 drm_gem_object_put(obj); 1306 return ERR_PTR(ret); 1307 } 1308 1309 void *msm_gem_kernel_new(struct drm_device *dev, uint32_t size, 1310 uint32_t flags, struct msm_gem_address_space *aspace, 1311 struct drm_gem_object **bo, uint64_t *iova) 1312 { 1313 void *vaddr; 1314 struct drm_gem_object *obj = msm_gem_new(dev, size, flags); 1315 int ret; 1316 1317 if (IS_ERR(obj)) 1318 return ERR_CAST(obj); 1319 1320 if (iova) { 1321 ret = msm_gem_get_and_pin_iova(obj, aspace, iova); 1322 if (ret) 1323 goto err; 1324 } 1325 1326 vaddr = msm_gem_get_vaddr(obj); 1327 if (IS_ERR(vaddr)) { 1328 msm_gem_unpin_iova(obj, aspace); 1329 ret = PTR_ERR(vaddr); 1330 goto err; 1331 } 1332 1333 if (bo) 1334 *bo = obj; 1335 1336 return vaddr; 1337 err: 1338 drm_gem_object_put(obj); 1339 1340 return ERR_PTR(ret); 1341 1342 } 1343 1344 void msm_gem_kernel_put(struct drm_gem_object *bo, 1345 struct msm_gem_address_space *aspace) 1346 { 1347 if (IS_ERR_OR_NULL(bo)) 1348 return; 1349 1350 msm_gem_put_vaddr(bo); 1351 msm_gem_unpin_iova(bo, aspace); 1352 drm_gem_object_put(bo); 1353 } 1354 1355 void msm_gem_object_set_name(struct drm_gem_object *bo, const char *fmt, ...) 1356 { 1357 struct msm_gem_object *msm_obj = to_msm_bo(bo); 1358 va_list ap; 1359 1360 if (!fmt) 1361 return; 1362 1363 va_start(ap, fmt); 1364 vsnprintf(msm_obj->name, sizeof(msm_obj->name), fmt, ap); 1365 va_end(ap); 1366 } 1367