1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Copyright (C) 2013 Red Hat 4 * Author: Rob Clark <robdclark@gmail.com> 5 */ 6 7 #include <linux/dma-map-ops.h> 8 #include <linux/vmalloc.h> 9 #include <linux/spinlock.h> 10 #include <linux/shmem_fs.h> 11 #include <linux/dma-buf.h> 12 #include <linux/pfn_t.h> 13 14 #include <drm/drm_prime.h> 15 16 #include "msm_drv.h" 17 #include "msm_fence.h" 18 #include "msm_gem.h" 19 #include "msm_gpu.h" 20 #include "msm_mmu.h" 21 22 static void update_lru(struct drm_gem_object *obj); 23 24 static dma_addr_t physaddr(struct drm_gem_object *obj) 25 { 26 struct msm_gem_object *msm_obj = to_msm_bo(obj); 27 struct msm_drm_private *priv = obj->dev->dev_private; 28 return (((dma_addr_t)msm_obj->vram_node->start) << PAGE_SHIFT) + 29 priv->vram.paddr; 30 } 31 32 static bool use_pages(struct drm_gem_object *obj) 33 { 34 struct msm_gem_object *msm_obj = to_msm_bo(obj); 35 return !msm_obj->vram_node; 36 } 37 38 /* 39 * Cache sync.. this is a bit over-complicated, to fit dma-mapping 40 * API. Really GPU cache is out of scope here (handled on cmdstream) 41 * and all we need to do is invalidate newly allocated pages before 42 * mapping to CPU as uncached/writecombine. 43 * 44 * On top of this, we have the added headache, that depending on 45 * display generation, the display's iommu may be wired up to either 46 * the toplevel drm device (mdss), or to the mdp sub-node, meaning 47 * that here we either have dma-direct or iommu ops. 48 * 49 * Let this be a cautionary tail of abstraction gone wrong. 50 */ 51 52 static void sync_for_device(struct msm_gem_object *msm_obj) 53 { 54 struct device *dev = msm_obj->base.dev->dev; 55 56 dma_map_sgtable(dev, msm_obj->sgt, DMA_BIDIRECTIONAL, 0); 57 } 58 59 static void sync_for_cpu(struct msm_gem_object *msm_obj) 60 { 61 struct device *dev = msm_obj->base.dev->dev; 62 63 dma_unmap_sgtable(dev, msm_obj->sgt, DMA_BIDIRECTIONAL, 0); 64 } 65 66 /* allocate pages from VRAM carveout, used when no IOMMU: */ 67 static struct page **get_pages_vram(struct drm_gem_object *obj, int npages) 68 { 69 struct msm_gem_object *msm_obj = to_msm_bo(obj); 70 struct msm_drm_private *priv = obj->dev->dev_private; 71 dma_addr_t paddr; 72 struct page **p; 73 int ret, i; 74 75 p = kvmalloc_array(npages, sizeof(struct page *), GFP_KERNEL); 76 if (!p) 77 return ERR_PTR(-ENOMEM); 78 79 spin_lock(&priv->vram.lock); 80 ret = drm_mm_insert_node(&priv->vram.mm, msm_obj->vram_node, npages); 81 spin_unlock(&priv->vram.lock); 82 if (ret) { 83 kvfree(p); 84 return ERR_PTR(ret); 85 } 86 87 paddr = physaddr(obj); 88 for (i = 0; i < npages; i++) { 89 p[i] = pfn_to_page(__phys_to_pfn(paddr)); 90 paddr += PAGE_SIZE; 91 } 92 93 return p; 94 } 95 96 static struct page **get_pages(struct drm_gem_object *obj) 97 { 98 struct msm_gem_object *msm_obj = to_msm_bo(obj); 99 100 GEM_WARN_ON(!msm_gem_is_locked(obj)); 101 102 if (!msm_obj->pages) { 103 struct drm_device *dev = obj->dev; 104 struct page **p; 105 int npages = obj->size >> PAGE_SHIFT; 106 107 if (use_pages(obj)) 108 p = drm_gem_get_pages(obj); 109 else 110 p = get_pages_vram(obj, npages); 111 112 if (IS_ERR(p)) { 113 DRM_DEV_ERROR(dev->dev, "could not get pages: %ld\n", 114 PTR_ERR(p)); 115 return p; 116 } 117 118 msm_obj->pages = p; 119 120 msm_obj->sgt = drm_prime_pages_to_sg(obj->dev, p, npages); 121 if (IS_ERR(msm_obj->sgt)) { 122 void *ptr = ERR_CAST(msm_obj->sgt); 123 124 DRM_DEV_ERROR(dev->dev, "failed to allocate sgt\n"); 125 msm_obj->sgt = NULL; 126 return ptr; 127 } 128 129 /* For non-cached buffers, ensure the new pages are clean 130 * because display controller, GPU, etc. are not coherent: 131 */ 132 if (msm_obj->flags & MSM_BO_WC) 133 sync_for_device(msm_obj); 134 135 update_lru(obj); 136 } 137 138 return msm_obj->pages; 139 } 140 141 static void put_pages_vram(struct drm_gem_object *obj) 142 { 143 struct msm_gem_object *msm_obj = to_msm_bo(obj); 144 struct msm_drm_private *priv = obj->dev->dev_private; 145 146 spin_lock(&priv->vram.lock); 147 drm_mm_remove_node(msm_obj->vram_node); 148 spin_unlock(&priv->vram.lock); 149 150 kvfree(msm_obj->pages); 151 } 152 153 static void put_pages(struct drm_gem_object *obj) 154 { 155 struct msm_gem_object *msm_obj = to_msm_bo(obj); 156 157 if (msm_obj->pages) { 158 if (msm_obj->sgt) { 159 /* For non-cached buffers, ensure the new 160 * pages are clean because display controller, 161 * GPU, etc. are not coherent: 162 */ 163 if (msm_obj->flags & MSM_BO_WC) 164 sync_for_cpu(msm_obj); 165 166 sg_free_table(msm_obj->sgt); 167 kfree(msm_obj->sgt); 168 msm_obj->sgt = NULL; 169 } 170 171 if (use_pages(obj)) 172 drm_gem_put_pages(obj, msm_obj->pages, true, false); 173 else 174 put_pages_vram(obj); 175 176 msm_obj->pages = NULL; 177 } 178 } 179 180 struct page **msm_gem_get_pages(struct drm_gem_object *obj) 181 { 182 struct msm_gem_object *msm_obj = to_msm_bo(obj); 183 struct page **p; 184 185 msm_gem_lock(obj); 186 187 if (GEM_WARN_ON(msm_obj->madv != MSM_MADV_WILLNEED)) { 188 msm_gem_unlock(obj); 189 return ERR_PTR(-EBUSY); 190 } 191 192 p = get_pages(obj); 193 194 if (!IS_ERR(p)) { 195 msm_obj->pin_count++; 196 update_lru(obj); 197 } 198 199 msm_gem_unlock(obj); 200 return p; 201 } 202 203 void msm_gem_put_pages(struct drm_gem_object *obj) 204 { 205 struct msm_gem_object *msm_obj = to_msm_bo(obj); 206 207 msm_gem_lock(obj); 208 msm_obj->pin_count--; 209 GEM_WARN_ON(msm_obj->pin_count < 0); 210 update_lru(obj); 211 msm_gem_unlock(obj); 212 } 213 214 static pgprot_t msm_gem_pgprot(struct msm_gem_object *msm_obj, pgprot_t prot) 215 { 216 if (msm_obj->flags & MSM_BO_WC) 217 return pgprot_writecombine(prot); 218 return prot; 219 } 220 221 static vm_fault_t msm_gem_fault(struct vm_fault *vmf) 222 { 223 struct vm_area_struct *vma = vmf->vma; 224 struct drm_gem_object *obj = vma->vm_private_data; 225 struct msm_gem_object *msm_obj = to_msm_bo(obj); 226 struct page **pages; 227 unsigned long pfn; 228 pgoff_t pgoff; 229 int err; 230 vm_fault_t ret; 231 232 /* 233 * vm_ops.open/drm_gem_mmap_obj and close get and put 234 * a reference on obj. So, we dont need to hold one here. 235 */ 236 err = msm_gem_lock_interruptible(obj); 237 if (err) { 238 ret = VM_FAULT_NOPAGE; 239 goto out; 240 } 241 242 if (GEM_WARN_ON(msm_obj->madv != MSM_MADV_WILLNEED)) { 243 msm_gem_unlock(obj); 244 return VM_FAULT_SIGBUS; 245 } 246 247 /* make sure we have pages attached now */ 248 pages = get_pages(obj); 249 if (IS_ERR(pages)) { 250 ret = vmf_error(PTR_ERR(pages)); 251 goto out_unlock; 252 } 253 254 /* We don't use vmf->pgoff since that has the fake offset: */ 255 pgoff = (vmf->address - vma->vm_start) >> PAGE_SHIFT; 256 257 pfn = page_to_pfn(pages[pgoff]); 258 259 VERB("Inserting %p pfn %lx, pa %lx", (void *)vmf->address, 260 pfn, pfn << PAGE_SHIFT); 261 262 ret = vmf_insert_pfn(vma, vmf->address, pfn); 263 264 out_unlock: 265 msm_gem_unlock(obj); 266 out: 267 return ret; 268 } 269 270 /** get mmap offset */ 271 static uint64_t mmap_offset(struct drm_gem_object *obj) 272 { 273 struct drm_device *dev = obj->dev; 274 int ret; 275 276 GEM_WARN_ON(!msm_gem_is_locked(obj)); 277 278 /* Make it mmapable */ 279 ret = drm_gem_create_mmap_offset(obj); 280 281 if (ret) { 282 DRM_DEV_ERROR(dev->dev, "could not allocate mmap offset\n"); 283 return 0; 284 } 285 286 return drm_vma_node_offset_addr(&obj->vma_node); 287 } 288 289 uint64_t msm_gem_mmap_offset(struct drm_gem_object *obj) 290 { 291 uint64_t offset; 292 293 msm_gem_lock(obj); 294 offset = mmap_offset(obj); 295 msm_gem_unlock(obj); 296 return offset; 297 } 298 299 static struct msm_gem_vma *add_vma(struct drm_gem_object *obj, 300 struct msm_gem_address_space *aspace) 301 { 302 struct msm_gem_object *msm_obj = to_msm_bo(obj); 303 struct msm_gem_vma *vma; 304 305 GEM_WARN_ON(!msm_gem_is_locked(obj)); 306 307 vma = kzalloc(sizeof(*vma), GFP_KERNEL); 308 if (!vma) 309 return ERR_PTR(-ENOMEM); 310 311 vma->aspace = aspace; 312 313 list_add_tail(&vma->list, &msm_obj->vmas); 314 315 return vma; 316 } 317 318 static struct msm_gem_vma *lookup_vma(struct drm_gem_object *obj, 319 struct msm_gem_address_space *aspace) 320 { 321 struct msm_gem_object *msm_obj = to_msm_bo(obj); 322 struct msm_gem_vma *vma; 323 324 GEM_WARN_ON(!msm_gem_is_locked(obj)); 325 326 list_for_each_entry(vma, &msm_obj->vmas, list) { 327 if (vma->aspace == aspace) 328 return vma; 329 } 330 331 return NULL; 332 } 333 334 static void del_vma(struct msm_gem_vma *vma) 335 { 336 if (!vma) 337 return; 338 339 list_del(&vma->list); 340 kfree(vma); 341 } 342 343 /* 344 * If close is true, this also closes the VMA (releasing the allocated 345 * iova range) in addition to removing the iommu mapping. In the eviction 346 * case (!close), we keep the iova allocated, but only remove the iommu 347 * mapping. 348 */ 349 static void 350 put_iova_spaces(struct drm_gem_object *obj, bool close) 351 { 352 struct msm_gem_object *msm_obj = to_msm_bo(obj); 353 struct msm_gem_vma *vma; 354 355 GEM_WARN_ON(!msm_gem_is_locked(obj)); 356 357 list_for_each_entry(vma, &msm_obj->vmas, list) { 358 if (vma->aspace) { 359 msm_gem_purge_vma(vma->aspace, vma); 360 if (close) 361 msm_gem_close_vma(vma->aspace, vma); 362 } 363 } 364 } 365 366 /* Called with msm_obj locked */ 367 static void 368 put_iova_vmas(struct drm_gem_object *obj) 369 { 370 struct msm_gem_object *msm_obj = to_msm_bo(obj); 371 struct msm_gem_vma *vma, *tmp; 372 373 GEM_WARN_ON(!msm_gem_is_locked(obj)); 374 375 list_for_each_entry_safe(vma, tmp, &msm_obj->vmas, list) { 376 del_vma(vma); 377 } 378 } 379 380 static struct msm_gem_vma *get_vma_locked(struct drm_gem_object *obj, 381 struct msm_gem_address_space *aspace, 382 u64 range_start, u64 range_end) 383 { 384 struct msm_gem_vma *vma; 385 386 GEM_WARN_ON(!msm_gem_is_locked(obj)); 387 388 vma = lookup_vma(obj, aspace); 389 390 if (!vma) { 391 int ret; 392 393 vma = add_vma(obj, aspace); 394 if (IS_ERR(vma)) 395 return vma; 396 397 ret = msm_gem_init_vma(aspace, vma, obj->size, 398 range_start, range_end); 399 if (ret) { 400 del_vma(vma); 401 return ERR_PTR(ret); 402 } 403 } else { 404 GEM_WARN_ON(vma->iova < range_start); 405 GEM_WARN_ON((vma->iova + obj->size) > range_end); 406 } 407 408 return vma; 409 } 410 411 int msm_gem_pin_vma_locked(struct drm_gem_object *obj, struct msm_gem_vma *vma) 412 { 413 struct msm_gem_object *msm_obj = to_msm_bo(obj); 414 struct page **pages; 415 int ret, prot = IOMMU_READ; 416 417 if (!(msm_obj->flags & MSM_BO_GPU_READONLY)) 418 prot |= IOMMU_WRITE; 419 420 if (msm_obj->flags & MSM_BO_MAP_PRIV) 421 prot |= IOMMU_PRIV; 422 423 if (msm_obj->flags & MSM_BO_CACHED_COHERENT) 424 prot |= IOMMU_CACHE; 425 426 GEM_WARN_ON(!msm_gem_is_locked(obj)); 427 428 if (GEM_WARN_ON(msm_obj->madv != MSM_MADV_WILLNEED)) 429 return -EBUSY; 430 431 pages = get_pages(obj); 432 if (IS_ERR(pages)) 433 return PTR_ERR(pages); 434 435 ret = msm_gem_map_vma(vma->aspace, vma, prot, msm_obj->sgt, obj->size); 436 437 if (!ret) 438 msm_obj->pin_count++; 439 440 return ret; 441 } 442 443 void msm_gem_unpin_locked(struct drm_gem_object *obj) 444 { 445 struct msm_gem_object *msm_obj = to_msm_bo(obj); 446 447 GEM_WARN_ON(!msm_gem_is_locked(obj)); 448 449 msm_obj->pin_count--; 450 GEM_WARN_ON(msm_obj->pin_count < 0); 451 452 update_lru(obj); 453 } 454 455 struct msm_gem_vma *msm_gem_get_vma_locked(struct drm_gem_object *obj, 456 struct msm_gem_address_space *aspace) 457 { 458 return get_vma_locked(obj, aspace, 0, U64_MAX); 459 } 460 461 static int get_and_pin_iova_range_locked(struct drm_gem_object *obj, 462 struct msm_gem_address_space *aspace, uint64_t *iova, 463 u64 range_start, u64 range_end) 464 { 465 struct msm_gem_vma *vma; 466 int ret; 467 468 GEM_WARN_ON(!msm_gem_is_locked(obj)); 469 470 vma = get_vma_locked(obj, aspace, range_start, range_end); 471 if (IS_ERR(vma)) 472 return PTR_ERR(vma); 473 474 ret = msm_gem_pin_vma_locked(obj, vma); 475 if (!ret) 476 *iova = vma->iova; 477 478 return ret; 479 } 480 481 /* 482 * get iova and pin it. Should have a matching put 483 * limits iova to specified range (in pages) 484 */ 485 int msm_gem_get_and_pin_iova_range(struct drm_gem_object *obj, 486 struct msm_gem_address_space *aspace, uint64_t *iova, 487 u64 range_start, u64 range_end) 488 { 489 int ret; 490 491 msm_gem_lock(obj); 492 ret = get_and_pin_iova_range_locked(obj, aspace, iova, range_start, range_end); 493 msm_gem_unlock(obj); 494 495 return ret; 496 } 497 498 /* get iova and pin it. Should have a matching put */ 499 int msm_gem_get_and_pin_iova(struct drm_gem_object *obj, 500 struct msm_gem_address_space *aspace, uint64_t *iova) 501 { 502 return msm_gem_get_and_pin_iova_range(obj, aspace, iova, 0, U64_MAX); 503 } 504 505 /* 506 * Get an iova but don't pin it. Doesn't need a put because iovas are currently 507 * valid for the life of the object 508 */ 509 int msm_gem_get_iova(struct drm_gem_object *obj, 510 struct msm_gem_address_space *aspace, uint64_t *iova) 511 { 512 struct msm_gem_vma *vma; 513 int ret = 0; 514 515 msm_gem_lock(obj); 516 vma = get_vma_locked(obj, aspace, 0, U64_MAX); 517 if (IS_ERR(vma)) { 518 ret = PTR_ERR(vma); 519 } else { 520 *iova = vma->iova; 521 } 522 msm_gem_unlock(obj); 523 524 return ret; 525 } 526 527 static int clear_iova(struct drm_gem_object *obj, 528 struct msm_gem_address_space *aspace) 529 { 530 struct msm_gem_vma *vma = lookup_vma(obj, aspace); 531 532 if (!vma) 533 return 0; 534 535 if (msm_gem_vma_inuse(vma)) 536 return -EBUSY; 537 538 msm_gem_purge_vma(vma->aspace, vma); 539 msm_gem_close_vma(vma->aspace, vma); 540 del_vma(vma); 541 542 return 0; 543 } 544 545 /* 546 * Get the requested iova but don't pin it. Fails if the requested iova is 547 * not available. Doesn't need a put because iovas are currently valid for 548 * the life of the object. 549 * 550 * Setting an iova of zero will clear the vma. 551 */ 552 int msm_gem_set_iova(struct drm_gem_object *obj, 553 struct msm_gem_address_space *aspace, uint64_t iova) 554 { 555 int ret = 0; 556 557 msm_gem_lock(obj); 558 if (!iova) { 559 ret = clear_iova(obj, aspace); 560 } else { 561 struct msm_gem_vma *vma; 562 vma = get_vma_locked(obj, aspace, iova, iova + obj->size); 563 if (IS_ERR(vma)) { 564 ret = PTR_ERR(vma); 565 } else if (GEM_WARN_ON(vma->iova != iova)) { 566 clear_iova(obj, aspace); 567 ret = -EBUSY; 568 } 569 } 570 msm_gem_unlock(obj); 571 572 return ret; 573 } 574 575 /* 576 * Unpin a iova by updating the reference counts. The memory isn't actually 577 * purged until something else (shrinker, mm_notifier, destroy, etc) decides 578 * to get rid of it 579 */ 580 void msm_gem_unpin_iova(struct drm_gem_object *obj, 581 struct msm_gem_address_space *aspace) 582 { 583 struct msm_gem_vma *vma; 584 585 msm_gem_lock(obj); 586 vma = lookup_vma(obj, aspace); 587 if (!GEM_WARN_ON(!vma)) { 588 msm_gem_unpin_vma(vma); 589 msm_gem_unpin_locked(obj); 590 } 591 msm_gem_unlock(obj); 592 } 593 594 int msm_gem_dumb_create(struct drm_file *file, struct drm_device *dev, 595 struct drm_mode_create_dumb *args) 596 { 597 args->pitch = align_pitch(args->width, args->bpp); 598 args->size = PAGE_ALIGN(args->pitch * args->height); 599 return msm_gem_new_handle(dev, file, args->size, 600 MSM_BO_SCANOUT | MSM_BO_WC, &args->handle, "dumb"); 601 } 602 603 int msm_gem_dumb_map_offset(struct drm_file *file, struct drm_device *dev, 604 uint32_t handle, uint64_t *offset) 605 { 606 struct drm_gem_object *obj; 607 int ret = 0; 608 609 /* GEM does all our handle to object mapping */ 610 obj = drm_gem_object_lookup(file, handle); 611 if (obj == NULL) { 612 ret = -ENOENT; 613 goto fail; 614 } 615 616 *offset = msm_gem_mmap_offset(obj); 617 618 drm_gem_object_put(obj); 619 620 fail: 621 return ret; 622 } 623 624 static void *get_vaddr(struct drm_gem_object *obj, unsigned madv) 625 { 626 struct msm_gem_object *msm_obj = to_msm_bo(obj); 627 int ret = 0; 628 629 GEM_WARN_ON(!msm_gem_is_locked(obj)); 630 631 if (obj->import_attach) 632 return ERR_PTR(-ENODEV); 633 634 if (GEM_WARN_ON(msm_obj->madv > madv)) { 635 DRM_DEV_ERROR(obj->dev->dev, "Invalid madv state: %u vs %u\n", 636 msm_obj->madv, madv); 637 return ERR_PTR(-EBUSY); 638 } 639 640 /* increment vmap_count *before* vmap() call, so shrinker can 641 * check vmap_count (is_vunmapable()) outside of msm_obj lock. 642 * This guarantees that we won't try to msm_gem_vunmap() this 643 * same object from within the vmap() call (while we already 644 * hold msm_obj lock) 645 */ 646 msm_obj->vmap_count++; 647 648 if (!msm_obj->vaddr) { 649 struct page **pages = get_pages(obj); 650 if (IS_ERR(pages)) { 651 ret = PTR_ERR(pages); 652 goto fail; 653 } 654 msm_obj->vaddr = vmap(pages, obj->size >> PAGE_SHIFT, 655 VM_MAP, msm_gem_pgprot(msm_obj, PAGE_KERNEL)); 656 if (msm_obj->vaddr == NULL) { 657 ret = -ENOMEM; 658 goto fail; 659 } 660 661 update_lru(obj); 662 } 663 664 return msm_obj->vaddr; 665 666 fail: 667 msm_obj->vmap_count--; 668 return ERR_PTR(ret); 669 } 670 671 void *msm_gem_get_vaddr_locked(struct drm_gem_object *obj) 672 { 673 return get_vaddr(obj, MSM_MADV_WILLNEED); 674 } 675 676 void *msm_gem_get_vaddr(struct drm_gem_object *obj) 677 { 678 void *ret; 679 680 msm_gem_lock(obj); 681 ret = msm_gem_get_vaddr_locked(obj); 682 msm_gem_unlock(obj); 683 684 return ret; 685 } 686 687 /* 688 * Don't use this! It is for the very special case of dumping 689 * submits from GPU hangs or faults, were the bo may already 690 * be MSM_MADV_DONTNEED, but we know the buffer is still on the 691 * active list. 692 */ 693 void *msm_gem_get_vaddr_active(struct drm_gem_object *obj) 694 { 695 return get_vaddr(obj, __MSM_MADV_PURGED); 696 } 697 698 void msm_gem_put_vaddr_locked(struct drm_gem_object *obj) 699 { 700 struct msm_gem_object *msm_obj = to_msm_bo(obj); 701 702 GEM_WARN_ON(!msm_gem_is_locked(obj)); 703 GEM_WARN_ON(msm_obj->vmap_count < 1); 704 705 msm_obj->vmap_count--; 706 } 707 708 void msm_gem_put_vaddr(struct drm_gem_object *obj) 709 { 710 msm_gem_lock(obj); 711 msm_gem_put_vaddr_locked(obj); 712 msm_gem_unlock(obj); 713 } 714 715 /* Update madvise status, returns true if not purged, else 716 * false or -errno. 717 */ 718 int msm_gem_madvise(struct drm_gem_object *obj, unsigned madv) 719 { 720 struct msm_gem_object *msm_obj = to_msm_bo(obj); 721 722 msm_gem_lock(obj); 723 724 if (msm_obj->madv != __MSM_MADV_PURGED) 725 msm_obj->madv = madv; 726 727 madv = msm_obj->madv; 728 729 /* If the obj is inactive, we might need to move it 730 * between inactive lists 731 */ 732 if (msm_obj->active_count == 0) 733 update_lru(obj); 734 735 msm_gem_unlock(obj); 736 737 return (madv != __MSM_MADV_PURGED); 738 } 739 740 void msm_gem_purge(struct drm_gem_object *obj) 741 { 742 struct drm_device *dev = obj->dev; 743 struct msm_gem_object *msm_obj = to_msm_bo(obj); 744 745 GEM_WARN_ON(!msm_gem_is_locked(obj)); 746 GEM_WARN_ON(!is_purgeable(msm_obj)); 747 748 /* Get rid of any iommu mapping(s): */ 749 put_iova_spaces(obj, true); 750 751 msm_gem_vunmap(obj); 752 753 drm_vma_node_unmap(&obj->vma_node, dev->anon_inode->i_mapping); 754 755 put_pages(obj); 756 757 put_iova_vmas(obj); 758 759 msm_obj->madv = __MSM_MADV_PURGED; 760 update_lru(obj); 761 762 drm_gem_free_mmap_offset(obj); 763 764 /* Our goal here is to return as much of the memory as 765 * is possible back to the system as we are called from OOM. 766 * To do this we must instruct the shmfs to drop all of its 767 * backing pages, *now*. 768 */ 769 shmem_truncate_range(file_inode(obj->filp), 0, (loff_t)-1); 770 771 invalidate_mapping_pages(file_inode(obj->filp)->i_mapping, 772 0, (loff_t)-1); 773 } 774 775 /* 776 * Unpin the backing pages and make them available to be swapped out. 777 */ 778 void msm_gem_evict(struct drm_gem_object *obj) 779 { 780 struct drm_device *dev = obj->dev; 781 struct msm_gem_object *msm_obj = to_msm_bo(obj); 782 783 GEM_WARN_ON(!msm_gem_is_locked(obj)); 784 GEM_WARN_ON(is_unevictable(msm_obj)); 785 GEM_WARN_ON(!msm_obj->evictable); 786 GEM_WARN_ON(msm_obj->active_count); 787 788 /* Get rid of any iommu mapping(s): */ 789 put_iova_spaces(obj, false); 790 791 drm_vma_node_unmap(&obj->vma_node, dev->anon_inode->i_mapping); 792 793 put_pages(obj); 794 795 update_lru(obj); 796 } 797 798 void msm_gem_vunmap(struct drm_gem_object *obj) 799 { 800 struct msm_gem_object *msm_obj = to_msm_bo(obj); 801 802 GEM_WARN_ON(!msm_gem_is_locked(obj)); 803 804 if (!msm_obj->vaddr || GEM_WARN_ON(!is_vunmapable(msm_obj))) 805 return; 806 807 vunmap(msm_obj->vaddr); 808 msm_obj->vaddr = NULL; 809 } 810 811 void msm_gem_active_get(struct drm_gem_object *obj, struct msm_gpu *gpu) 812 { 813 struct msm_gem_object *msm_obj = to_msm_bo(obj); 814 struct msm_drm_private *priv = obj->dev->dev_private; 815 816 might_sleep(); 817 GEM_WARN_ON(!msm_gem_is_locked(obj)); 818 GEM_WARN_ON(msm_obj->madv != MSM_MADV_WILLNEED); 819 GEM_WARN_ON(msm_obj->dontneed); 820 821 if (msm_obj->active_count++ == 0) { 822 mutex_lock(&priv->mm_lock); 823 if (msm_obj->evictable) 824 mark_unevictable(msm_obj); 825 list_move_tail(&msm_obj->mm_list, &gpu->active_list); 826 mutex_unlock(&priv->mm_lock); 827 } 828 } 829 830 void msm_gem_active_put(struct drm_gem_object *obj) 831 { 832 struct msm_gem_object *msm_obj = to_msm_bo(obj); 833 834 might_sleep(); 835 GEM_WARN_ON(!msm_gem_is_locked(obj)); 836 837 if (--msm_obj->active_count == 0) { 838 update_lru(obj); 839 } 840 } 841 842 static void update_lru(struct drm_gem_object *obj) 843 { 844 struct msm_drm_private *priv = obj->dev->dev_private; 845 struct msm_gem_object *msm_obj = to_msm_bo(obj); 846 847 GEM_WARN_ON(!msm_gem_is_locked(&msm_obj->base)); 848 849 if (msm_obj->active_count != 0) 850 return; 851 852 mutex_lock(&priv->mm_lock); 853 854 if (msm_obj->dontneed) 855 mark_unpurgeable(msm_obj); 856 if (msm_obj->evictable) 857 mark_unevictable(msm_obj); 858 859 list_del(&msm_obj->mm_list); 860 if ((msm_obj->madv == MSM_MADV_WILLNEED) && msm_obj->sgt) { 861 list_add_tail(&msm_obj->mm_list, &priv->inactive_willneed); 862 mark_evictable(msm_obj); 863 } else if (msm_obj->madv == MSM_MADV_DONTNEED) { 864 list_add_tail(&msm_obj->mm_list, &priv->inactive_dontneed); 865 mark_purgeable(msm_obj); 866 } else { 867 GEM_WARN_ON((msm_obj->madv != __MSM_MADV_PURGED) && msm_obj->sgt); 868 list_add_tail(&msm_obj->mm_list, &priv->inactive_unpinned); 869 } 870 871 mutex_unlock(&priv->mm_lock); 872 } 873 874 bool msm_gem_active(struct drm_gem_object *obj) 875 { 876 GEM_WARN_ON(!msm_gem_is_locked(obj)); 877 878 if (to_msm_bo(obj)->pin_count) 879 return true; 880 881 return !dma_resv_test_signaled(obj->resv, dma_resv_usage_rw(true)); 882 } 883 884 int msm_gem_cpu_prep(struct drm_gem_object *obj, uint32_t op, ktime_t *timeout) 885 { 886 bool write = !!(op & MSM_PREP_WRITE); 887 unsigned long remain = 888 op & MSM_PREP_NOSYNC ? 0 : timeout_to_jiffies(timeout); 889 long ret; 890 891 ret = dma_resv_wait_timeout(obj->resv, dma_resv_usage_rw(write), 892 true, remain); 893 if (ret == 0) 894 return remain == 0 ? -EBUSY : -ETIMEDOUT; 895 else if (ret < 0) 896 return ret; 897 898 /* TODO cache maintenance */ 899 900 return 0; 901 } 902 903 int msm_gem_cpu_fini(struct drm_gem_object *obj) 904 { 905 /* TODO cache maintenance */ 906 return 0; 907 } 908 909 #ifdef CONFIG_DEBUG_FS 910 void msm_gem_describe(struct drm_gem_object *obj, struct seq_file *m, 911 struct msm_gem_stats *stats) 912 { 913 struct msm_gem_object *msm_obj = to_msm_bo(obj); 914 struct dma_resv *robj = obj->resv; 915 struct msm_gem_vma *vma; 916 uint64_t off = drm_vma_node_start(&obj->vma_node); 917 const char *madv; 918 919 msm_gem_lock(obj); 920 921 stats->all.count++; 922 stats->all.size += obj->size; 923 924 if (is_active(msm_obj)) { 925 stats->active.count++; 926 stats->active.size += obj->size; 927 } 928 929 if (msm_obj->pages) { 930 stats->resident.count++; 931 stats->resident.size += obj->size; 932 } 933 934 switch (msm_obj->madv) { 935 case __MSM_MADV_PURGED: 936 stats->purged.count++; 937 stats->purged.size += obj->size; 938 madv = " purged"; 939 break; 940 case MSM_MADV_DONTNEED: 941 stats->purgeable.count++; 942 stats->purgeable.size += obj->size; 943 madv = " purgeable"; 944 break; 945 case MSM_MADV_WILLNEED: 946 default: 947 madv = ""; 948 break; 949 } 950 951 seq_printf(m, "%08x: %c %2d (%2d) %08llx %p", 952 msm_obj->flags, is_active(msm_obj) ? 'A' : 'I', 953 obj->name, kref_read(&obj->refcount), 954 off, msm_obj->vaddr); 955 956 seq_printf(m, " %08zu %9s %-32s\n", obj->size, madv, msm_obj->name); 957 958 if (!list_empty(&msm_obj->vmas)) { 959 960 seq_puts(m, " vmas:"); 961 962 list_for_each_entry(vma, &msm_obj->vmas, list) { 963 const char *name, *comm; 964 if (vma->aspace) { 965 struct msm_gem_address_space *aspace = vma->aspace; 966 struct task_struct *task = 967 get_pid_task(aspace->pid, PIDTYPE_PID); 968 if (task) { 969 comm = kstrdup(task->comm, GFP_KERNEL); 970 put_task_struct(task); 971 } else { 972 comm = NULL; 973 } 974 name = aspace->name; 975 } else { 976 name = comm = NULL; 977 } 978 seq_printf(m, " [%s%s%s: aspace=%p, %08llx,%s,inuse=%d]", 979 name, comm ? ":" : "", comm ? comm : "", 980 vma->aspace, vma->iova, 981 vma->mapped ? "mapped" : "unmapped", 982 msm_gem_vma_inuse(vma)); 983 kfree(comm); 984 } 985 986 seq_puts(m, "\n"); 987 } 988 989 dma_resv_describe(robj, m); 990 msm_gem_unlock(obj); 991 } 992 993 void msm_gem_describe_objects(struct list_head *list, struct seq_file *m) 994 { 995 struct msm_gem_stats stats = {}; 996 struct msm_gem_object *msm_obj; 997 998 seq_puts(m, " flags id ref offset kaddr size madv name\n"); 999 list_for_each_entry(msm_obj, list, node) { 1000 struct drm_gem_object *obj = &msm_obj->base; 1001 seq_puts(m, " "); 1002 msm_gem_describe(obj, m, &stats); 1003 } 1004 1005 seq_printf(m, "Total: %4d objects, %9zu bytes\n", 1006 stats.all.count, stats.all.size); 1007 seq_printf(m, "Active: %4d objects, %9zu bytes\n", 1008 stats.active.count, stats.active.size); 1009 seq_printf(m, "Resident: %4d objects, %9zu bytes\n", 1010 stats.resident.count, stats.resident.size); 1011 seq_printf(m, "Purgeable: %4d objects, %9zu bytes\n", 1012 stats.purgeable.count, stats.purgeable.size); 1013 seq_printf(m, "Purged: %4d objects, %9zu bytes\n", 1014 stats.purged.count, stats.purged.size); 1015 } 1016 #endif 1017 1018 /* don't call directly! Use drm_gem_object_put() */ 1019 static void msm_gem_free_object(struct drm_gem_object *obj) 1020 { 1021 struct msm_gem_object *msm_obj = to_msm_bo(obj); 1022 struct drm_device *dev = obj->dev; 1023 struct msm_drm_private *priv = dev->dev_private; 1024 1025 mutex_lock(&priv->obj_lock); 1026 list_del(&msm_obj->node); 1027 mutex_unlock(&priv->obj_lock); 1028 1029 mutex_lock(&priv->mm_lock); 1030 if (msm_obj->dontneed) 1031 mark_unpurgeable(msm_obj); 1032 list_del(&msm_obj->mm_list); 1033 mutex_unlock(&priv->mm_lock); 1034 1035 /* object should not be on active list: */ 1036 GEM_WARN_ON(is_active(msm_obj)); 1037 1038 put_iova_spaces(obj, true); 1039 1040 if (obj->import_attach) { 1041 GEM_WARN_ON(msm_obj->vaddr); 1042 1043 /* Don't drop the pages for imported dmabuf, as they are not 1044 * ours, just free the array we allocated: 1045 */ 1046 kvfree(msm_obj->pages); 1047 1048 put_iova_vmas(obj); 1049 1050 drm_prime_gem_destroy(obj, msm_obj->sgt); 1051 } else { 1052 msm_gem_vunmap(obj); 1053 put_pages(obj); 1054 put_iova_vmas(obj); 1055 } 1056 1057 drm_gem_object_release(obj); 1058 1059 kfree(msm_obj); 1060 } 1061 1062 static int msm_gem_object_mmap(struct drm_gem_object *obj, struct vm_area_struct *vma) 1063 { 1064 struct msm_gem_object *msm_obj = to_msm_bo(obj); 1065 1066 vma->vm_flags |= VM_PFNMAP | VM_DONTEXPAND | VM_DONTDUMP; 1067 vma->vm_page_prot = msm_gem_pgprot(msm_obj, vm_get_page_prot(vma->vm_flags)); 1068 1069 return 0; 1070 } 1071 1072 /* convenience method to construct a GEM buffer object, and userspace handle */ 1073 int msm_gem_new_handle(struct drm_device *dev, struct drm_file *file, 1074 uint32_t size, uint32_t flags, uint32_t *handle, 1075 char *name) 1076 { 1077 struct drm_gem_object *obj; 1078 int ret; 1079 1080 obj = msm_gem_new(dev, size, flags); 1081 1082 if (IS_ERR(obj)) 1083 return PTR_ERR(obj); 1084 1085 if (name) 1086 msm_gem_object_set_name(obj, "%s", name); 1087 1088 ret = drm_gem_handle_create(file, obj, handle); 1089 1090 /* drop reference from allocate - handle holds it now */ 1091 drm_gem_object_put(obj); 1092 1093 return ret; 1094 } 1095 1096 static const struct vm_operations_struct vm_ops = { 1097 .fault = msm_gem_fault, 1098 .open = drm_gem_vm_open, 1099 .close = drm_gem_vm_close, 1100 }; 1101 1102 static const struct drm_gem_object_funcs msm_gem_object_funcs = { 1103 .free = msm_gem_free_object, 1104 .pin = msm_gem_prime_pin, 1105 .unpin = msm_gem_prime_unpin, 1106 .get_sg_table = msm_gem_prime_get_sg_table, 1107 .vmap = msm_gem_prime_vmap, 1108 .vunmap = msm_gem_prime_vunmap, 1109 .mmap = msm_gem_object_mmap, 1110 .vm_ops = &vm_ops, 1111 }; 1112 1113 static int msm_gem_new_impl(struct drm_device *dev, 1114 uint32_t size, uint32_t flags, 1115 struct drm_gem_object **obj) 1116 { 1117 struct msm_drm_private *priv = dev->dev_private; 1118 struct msm_gem_object *msm_obj; 1119 1120 switch (flags & MSM_BO_CACHE_MASK) { 1121 case MSM_BO_CACHED: 1122 case MSM_BO_WC: 1123 break; 1124 case MSM_BO_CACHED_COHERENT: 1125 if (priv->has_cached_coherent) 1126 break; 1127 fallthrough; 1128 default: 1129 DRM_DEV_DEBUG(dev->dev, "invalid cache flag: %x\n", 1130 (flags & MSM_BO_CACHE_MASK)); 1131 return -EINVAL; 1132 } 1133 1134 msm_obj = kzalloc(sizeof(*msm_obj), GFP_KERNEL); 1135 if (!msm_obj) 1136 return -ENOMEM; 1137 1138 msm_obj->flags = flags; 1139 msm_obj->madv = MSM_MADV_WILLNEED; 1140 1141 INIT_LIST_HEAD(&msm_obj->node); 1142 INIT_LIST_HEAD(&msm_obj->vmas); 1143 1144 *obj = &msm_obj->base; 1145 (*obj)->funcs = &msm_gem_object_funcs; 1146 1147 return 0; 1148 } 1149 1150 struct drm_gem_object *msm_gem_new(struct drm_device *dev, uint32_t size, uint32_t flags) 1151 { 1152 struct msm_drm_private *priv = dev->dev_private; 1153 struct msm_gem_object *msm_obj; 1154 struct drm_gem_object *obj = NULL; 1155 bool use_vram = false; 1156 int ret; 1157 1158 size = PAGE_ALIGN(size); 1159 1160 if (!msm_use_mmu(dev)) 1161 use_vram = true; 1162 else if ((flags & (MSM_BO_STOLEN | MSM_BO_SCANOUT)) && priv->vram.size) 1163 use_vram = true; 1164 1165 if (GEM_WARN_ON(use_vram && !priv->vram.size)) 1166 return ERR_PTR(-EINVAL); 1167 1168 /* Disallow zero sized objects as they make the underlying 1169 * infrastructure grumpy 1170 */ 1171 if (size == 0) 1172 return ERR_PTR(-EINVAL); 1173 1174 ret = msm_gem_new_impl(dev, size, flags, &obj); 1175 if (ret) 1176 return ERR_PTR(ret); 1177 1178 msm_obj = to_msm_bo(obj); 1179 1180 if (use_vram) { 1181 struct msm_gem_vma *vma; 1182 struct page **pages; 1183 1184 drm_gem_private_object_init(dev, obj, size); 1185 1186 msm_gem_lock(obj); 1187 1188 vma = add_vma(obj, NULL); 1189 msm_gem_unlock(obj); 1190 if (IS_ERR(vma)) { 1191 ret = PTR_ERR(vma); 1192 goto fail; 1193 } 1194 1195 to_msm_bo(obj)->vram_node = &vma->node; 1196 1197 /* Call chain get_pages() -> update_inactive() tries to 1198 * access msm_obj->mm_list, but it is not initialized yet. 1199 * To avoid NULL pointer dereference error, initialize 1200 * mm_list to be empty. 1201 */ 1202 INIT_LIST_HEAD(&msm_obj->mm_list); 1203 1204 msm_gem_lock(obj); 1205 pages = get_pages(obj); 1206 msm_gem_unlock(obj); 1207 if (IS_ERR(pages)) { 1208 ret = PTR_ERR(pages); 1209 goto fail; 1210 } 1211 1212 vma->iova = physaddr(obj); 1213 } else { 1214 ret = drm_gem_object_init(dev, obj, size); 1215 if (ret) 1216 goto fail; 1217 /* 1218 * Our buffers are kept pinned, so allocating them from the 1219 * MOVABLE zone is a really bad idea, and conflicts with CMA. 1220 * See comments above new_inode() why this is required _and_ 1221 * expected if you're going to pin these pages. 1222 */ 1223 mapping_set_gfp_mask(obj->filp->f_mapping, GFP_HIGHUSER); 1224 } 1225 1226 mutex_lock(&priv->mm_lock); 1227 list_add_tail(&msm_obj->mm_list, &priv->inactive_unpinned); 1228 mutex_unlock(&priv->mm_lock); 1229 1230 mutex_lock(&priv->obj_lock); 1231 list_add_tail(&msm_obj->node, &priv->objects); 1232 mutex_unlock(&priv->obj_lock); 1233 1234 return obj; 1235 1236 fail: 1237 drm_gem_object_put(obj); 1238 return ERR_PTR(ret); 1239 } 1240 1241 struct drm_gem_object *msm_gem_import(struct drm_device *dev, 1242 struct dma_buf *dmabuf, struct sg_table *sgt) 1243 { 1244 struct msm_drm_private *priv = dev->dev_private; 1245 struct msm_gem_object *msm_obj; 1246 struct drm_gem_object *obj; 1247 uint32_t size; 1248 int ret, npages; 1249 1250 /* if we don't have IOMMU, don't bother pretending we can import: */ 1251 if (!msm_use_mmu(dev)) { 1252 DRM_DEV_ERROR(dev->dev, "cannot import without IOMMU\n"); 1253 return ERR_PTR(-EINVAL); 1254 } 1255 1256 size = PAGE_ALIGN(dmabuf->size); 1257 1258 ret = msm_gem_new_impl(dev, size, MSM_BO_WC, &obj); 1259 if (ret) 1260 return ERR_PTR(ret); 1261 1262 drm_gem_private_object_init(dev, obj, size); 1263 1264 npages = size / PAGE_SIZE; 1265 1266 msm_obj = to_msm_bo(obj); 1267 msm_gem_lock(obj); 1268 msm_obj->sgt = sgt; 1269 msm_obj->pages = kvmalloc_array(npages, sizeof(struct page *), GFP_KERNEL); 1270 if (!msm_obj->pages) { 1271 msm_gem_unlock(obj); 1272 ret = -ENOMEM; 1273 goto fail; 1274 } 1275 1276 ret = drm_prime_sg_to_page_array(sgt, msm_obj->pages, npages); 1277 if (ret) { 1278 msm_gem_unlock(obj); 1279 goto fail; 1280 } 1281 1282 msm_gem_unlock(obj); 1283 1284 mutex_lock(&priv->mm_lock); 1285 list_add_tail(&msm_obj->mm_list, &priv->inactive_unpinned); 1286 mutex_unlock(&priv->mm_lock); 1287 1288 mutex_lock(&priv->obj_lock); 1289 list_add_tail(&msm_obj->node, &priv->objects); 1290 mutex_unlock(&priv->obj_lock); 1291 1292 return obj; 1293 1294 fail: 1295 drm_gem_object_put(obj); 1296 return ERR_PTR(ret); 1297 } 1298 1299 void *msm_gem_kernel_new(struct drm_device *dev, uint32_t size, 1300 uint32_t flags, struct msm_gem_address_space *aspace, 1301 struct drm_gem_object **bo, uint64_t *iova) 1302 { 1303 void *vaddr; 1304 struct drm_gem_object *obj = msm_gem_new(dev, size, flags); 1305 int ret; 1306 1307 if (IS_ERR(obj)) 1308 return ERR_CAST(obj); 1309 1310 if (iova) { 1311 ret = msm_gem_get_and_pin_iova(obj, aspace, iova); 1312 if (ret) 1313 goto err; 1314 } 1315 1316 vaddr = msm_gem_get_vaddr(obj); 1317 if (IS_ERR(vaddr)) { 1318 msm_gem_unpin_iova(obj, aspace); 1319 ret = PTR_ERR(vaddr); 1320 goto err; 1321 } 1322 1323 if (bo) 1324 *bo = obj; 1325 1326 return vaddr; 1327 err: 1328 drm_gem_object_put(obj); 1329 1330 return ERR_PTR(ret); 1331 1332 } 1333 1334 void msm_gem_kernel_put(struct drm_gem_object *bo, 1335 struct msm_gem_address_space *aspace) 1336 { 1337 if (IS_ERR_OR_NULL(bo)) 1338 return; 1339 1340 msm_gem_put_vaddr(bo); 1341 msm_gem_unpin_iova(bo, aspace); 1342 drm_gem_object_put(bo); 1343 } 1344 1345 void msm_gem_object_set_name(struct drm_gem_object *bo, const char *fmt, ...) 1346 { 1347 struct msm_gem_object *msm_obj = to_msm_bo(bo); 1348 va_list ap; 1349 1350 if (!fmt) 1351 return; 1352 1353 va_start(ap, fmt); 1354 vsnprintf(msm_obj->name, sizeof(msm_obj->name), fmt, ap); 1355 va_end(ap); 1356 } 1357