1 /*
2 * Copyright (c) 2006-2009 VMware, Inc., Palo Alto, CA., USA
3 * Copyright (c) 2012 David Airlie <airlied@linux.ie>
4 * Copyright (c) 2013 David Herrmann <dh.herrmann@gmail.com>
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a
7 * copy of this software and associated documentation files (the "Software"),
8 * to deal in the Software without restriction, including without limitation
9 * the rights to use, copy, modify, merge, publish, distribute, sublicense,
10 * and/or sell copies of the Software, and to permit persons to whom the
11 * Software is furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE COPYRIGHT HOLDER(S) OR AUTHOR(S) BE LIABLE FOR ANY CLAIM, DAMAGES OR
20 * OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
21 * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
22 * OTHER DEALINGS IN THE SOFTWARE.
23 */
24
25 #include <drm/drmP.h>
26 #include <drm/drm_mm.h>
27 #include <drm/drm_vma_manager.h>
28 #include <linux/mm.h>
29 #include <linux/module.h>
30 #include <linux/rbtree.h>
31 #include <linux/slab.h>
32 #include <linux/spinlock.h>
33 #include <linux/types.h>
34
35 /**
36 * DOC: vma offset manager
37 *
38 * The vma-manager is responsible to map arbitrary driver-dependent memory
39 * regions into the linear user address-space. It provides offsets to the
40 * caller which can then be used on the address_space of the drm-device. It
41 * takes care to not overlap regions, size them appropriately and to not
42 * confuse mm-core by inconsistent fake vm_pgoff fields.
43 * Drivers shouldn't use this for object placement in VMEM. This manager should
44 * only be used to manage mappings into linear user-space VMs.
45 *
46 * We use drm_mm as backend to manage object allocations. But it is highly
47 * optimized for alloc/free calls, not lookups. Hence, we use an rb-tree to
48 * speed up offset lookups.
49 *
50 * You must not use multiple offset managers on a single address_space.
51 * Otherwise, mm-core will be unable to tear down memory mappings as the VM will
52 * no longer be linear.
53 *
54 * This offset manager works on page-based addresses. That is, every argument
55 * and return code (with the exception of drm_vma_node_offset_addr()) is given
56 * in number of pages, not number of bytes. That means, object sizes and offsets
57 * must always be page-aligned (as usual).
58 * If you want to get a valid byte-based user-space address for a given offset,
59 * please see drm_vma_node_offset_addr().
60 *
61 * Additionally to offset management, the vma offset manager also handles access
62 * management. For every open-file context that is allowed to access a given
63 * node, you must call drm_vma_node_allow(). Otherwise, an mmap() call on this
64 * open-file with the offset of the node will fail with -EACCES. To revoke
65 * access again, use drm_vma_node_revoke(). However, the caller is responsible
66 * for destroying already existing mappings, if required.
67 */
68
69 /**
70 * drm_vma_offset_manager_init - Initialize new offset-manager
71 * @mgr: Manager object
72 * @page_offset: Offset of available memory area (page-based)
73 * @size: Size of available address space range (page-based)
74 *
75 * Initialize a new offset-manager. The offset and area size available for the
76 * manager are given as @page_offset and @size. Both are interpreted as
77 * page-numbers, not bytes.
78 *
79 * Adding/removing nodes from the manager is locked internally and protected
80 * against concurrent access. However, node allocation and destruction is left
81 * for the caller. While calling into the vma-manager, a given node must
82 * always be guaranteed to be referenced.
83 */
drm_vma_offset_manager_init(struct drm_vma_offset_manager * mgr,unsigned long page_offset,unsigned long size)84 void drm_vma_offset_manager_init(struct drm_vma_offset_manager *mgr,
85 unsigned long page_offset, unsigned long size)
86 {
87 lockinit(&mgr->vm_lock, "drmvml", 0, LK_CANRECURSE);
88 mgr->vm_addr_space_rb = LINUX_RB_ROOT;
89 drm_mm_init(&mgr->vm_addr_space_mm, page_offset, size);
90 }
91 EXPORT_SYMBOL(drm_vma_offset_manager_init);
92
93 /**
94 * drm_vma_offset_manager_destroy() - Destroy offset manager
95 * @mgr: Manager object
96 *
97 * Destroy an object manager which was previously created via
98 * drm_vma_offset_manager_init(). The caller must remove all allocated nodes
99 * before destroying the manager. Otherwise, drm_mm will refuse to free the
100 * requested resources.
101 *
102 * The manager must not be accessed after this function is called.
103 */
drm_vma_offset_manager_destroy(struct drm_vma_offset_manager * mgr)104 void drm_vma_offset_manager_destroy(struct drm_vma_offset_manager *mgr)
105 {
106 /* take the lock to protect against buggy drivers */
107 lockmgr(&mgr->vm_lock, LK_EXCLUSIVE);
108 drm_mm_takedown(&mgr->vm_addr_space_mm);
109 lockmgr(&mgr->vm_lock, LK_RELEASE);
110 }
111 EXPORT_SYMBOL(drm_vma_offset_manager_destroy);
112
113 /**
114 * drm_vma_offset_lookup_locked() - Find node in offset space
115 * @mgr: Manager object
116 * @start: Start address for object (page-based)
117 * @pages: Size of object (page-based)
118 *
119 * Find a node given a start address and object size. This returns the _best_
120 * match for the given node. That is, @start may point somewhere into a valid
121 * region and the given node will be returned, as long as the node spans the
122 * whole requested area (given the size in number of pages as @pages).
123 *
124 * Note that before lookup the vma offset manager lookup lock must be acquired
125 * with drm_vma_offset_lock_lookup(). See there for an example. This can then be
126 * used to implement weakly referenced lookups using kref_get_unless_zero().
127 *
128 * Example:
129 *
130 * ::
131 *
132 * drm_vma_offset_lock_lookup(mgr);
133 * node = drm_vma_offset_lookup_locked(mgr);
134 * if (node)
135 * kref_get_unless_zero(container_of(node, sth, entr));
136 * drm_vma_offset_unlock_lookup(mgr);
137 *
138 * RETURNS:
139 * Returns NULL if no suitable node can be found. Otherwise, the best match
140 * is returned. It's the caller's responsibility to make sure the node doesn't
141 * get destroyed before the caller can access it.
142 */
drm_vma_offset_lookup_locked(struct drm_vma_offset_manager * mgr,unsigned long start,unsigned long pages)143 struct drm_vma_offset_node *drm_vma_offset_lookup_locked(struct drm_vma_offset_manager *mgr,
144 unsigned long start,
145 unsigned long pages)
146 {
147 struct drm_vma_offset_node *node, *best;
148 struct rb_node *iter;
149 unsigned long offset;
150
151 iter = mgr->vm_addr_space_rb.rb_node;
152 best = NULL;
153
154 while (likely(iter)) {
155 node = rb_entry(iter, struct drm_vma_offset_node, vm_rb);
156 offset = node->vm_node.start;
157 if (start >= offset) {
158 iter = iter->rb_right;
159 best = node;
160 if (start == offset)
161 break;
162 } else {
163 iter = iter->rb_left;
164 }
165 }
166
167 /* verify that the node spans the requested area */
168 if (best) {
169 offset = best->vm_node.start + best->vm_node.size;
170 if (offset < start + pages)
171 best = NULL;
172 }
173
174 return best;
175 }
176 EXPORT_SYMBOL(drm_vma_offset_lookup_locked);
177
178 /* internal helper to link @node into the rb-tree */
_drm_vma_offset_add_rb(struct drm_vma_offset_manager * mgr,struct drm_vma_offset_node * node)179 static void _drm_vma_offset_add_rb(struct drm_vma_offset_manager *mgr,
180 struct drm_vma_offset_node *node)
181 {
182 struct rb_node **iter = &mgr->vm_addr_space_rb.rb_node;
183 struct rb_node *parent = NULL;
184 struct drm_vma_offset_node *iter_node;
185
186 while (likely(*iter)) {
187 parent = *iter;
188 iter_node = rb_entry(*iter, struct drm_vma_offset_node, vm_rb);
189
190 if (node->vm_node.start < iter_node->vm_node.start)
191 iter = &(*iter)->rb_left;
192 else if (node->vm_node.start > iter_node->vm_node.start)
193 iter = &(*iter)->rb_right;
194 else
195 BUG();
196 }
197
198 rb_link_node(&node->vm_rb, parent, iter);
199 rb_insert_color(&node->vm_rb, &mgr->vm_addr_space_rb);
200 }
201
202 /**
203 * drm_vma_offset_add() - Add offset node to manager
204 * @mgr: Manager object
205 * @node: Node to be added
206 * @pages: Allocation size visible to user-space (in number of pages)
207 *
208 * Add a node to the offset-manager. If the node was already added, this does
209 * nothing and return 0. @pages is the size of the object given in number of
210 * pages.
211 * After this call succeeds, you can access the offset of the node until it
212 * is removed again.
213 *
214 * If this call fails, it is safe to retry the operation or call
215 * drm_vma_offset_remove(), anyway. However, no cleanup is required in that
216 * case.
217 *
218 * @pages is not required to be the same size as the underlying memory object
219 * that you want to map. It only limits the size that user-space can map into
220 * their address space.
221 *
222 * RETURNS:
223 * 0 on success, negative error code on failure.
224 */
drm_vma_offset_add(struct drm_vma_offset_manager * mgr,struct drm_vma_offset_node * node,unsigned long pages)225 int drm_vma_offset_add(struct drm_vma_offset_manager *mgr,
226 struct drm_vma_offset_node *node, unsigned long pages)
227 {
228 int ret;
229
230 lockmgr(&mgr->vm_lock, LK_EXCLUSIVE);
231
232 if (drm_mm_node_allocated(&node->vm_node)) {
233 ret = 0;
234 goto out_unlock;
235 }
236
237 ret = drm_mm_insert_node(&mgr->vm_addr_space_mm, &node->vm_node, pages);
238 if (ret)
239 goto out_unlock;
240
241 _drm_vma_offset_add_rb(mgr, node);
242
243 out_unlock:
244 lockmgr(&mgr->vm_lock, LK_RELEASE);
245 return ret;
246 }
247 EXPORT_SYMBOL(drm_vma_offset_add);
248
249 /**
250 * drm_vma_offset_remove() - Remove offset node from manager
251 * @mgr: Manager object
252 * @node: Node to be removed
253 *
254 * Remove a node from the offset manager. If the node wasn't added before, this
255 * does nothing. After this call returns, the offset and size will be 0 until a
256 * new offset is allocated via drm_vma_offset_add() again. Helper functions like
257 * drm_vma_node_start() and drm_vma_node_offset_addr() will return 0 if no
258 * offset is allocated.
259 */
drm_vma_offset_remove(struct drm_vma_offset_manager * mgr,struct drm_vma_offset_node * node)260 void drm_vma_offset_remove(struct drm_vma_offset_manager *mgr,
261 struct drm_vma_offset_node *node)
262 {
263 lockmgr(&mgr->vm_lock, LK_EXCLUSIVE);
264
265 if (drm_mm_node_allocated(&node->vm_node)) {
266 rb_erase(&node->vm_rb, &mgr->vm_addr_space_rb);
267 drm_mm_remove_node(&node->vm_node);
268 memset(&node->vm_node, 0, sizeof(node->vm_node));
269 }
270
271 lockmgr(&mgr->vm_lock, LK_RELEASE);
272 }
273 EXPORT_SYMBOL(drm_vma_offset_remove);
274
275 /**
276 * drm_vma_node_allow - Add open-file to list of allowed users
277 * @node: Node to modify
278 * @tag: Tag of file to remove
279 *
280 * Add @tag to the list of allowed open-files for this node. If @tag is
281 * already on this list, the ref-count is incremented.
282 *
283 * The list of allowed-users is preserved across drm_vma_offset_add() and
284 * drm_vma_offset_remove() calls. You may even call it if the node is currently
285 * not added to any offset-manager.
286 *
287 * You must remove all open-files the same number of times as you added them
288 * before destroying the node. Otherwise, you will leak memory.
289 *
290 * This is locked against concurrent access internally.
291 *
292 * RETURNS:
293 * 0 on success, negative error code on internal failure (out-of-mem)
294 */
drm_vma_node_allow(struct drm_vma_offset_node * node,struct drm_file * tag)295 int drm_vma_node_allow(struct drm_vma_offset_node *node, struct drm_file *tag)
296 {
297 struct rb_node **iter;
298 struct rb_node *parent = NULL;
299 struct drm_vma_offset_file *new, *entry;
300 int ret = 0;
301
302 /* Preallocate entry to avoid atomic allocations below. It is quite
303 * unlikely that an open-file is added twice to a single node so we
304 * don't optimize for this case. OOM is checked below only if the entry
305 * is actually used. */
306 new = kmalloc(sizeof(*entry), M_DRM, M_WAITOK);
307
308 lockmgr(&node->vm_lock, LK_EXCLUSIVE);
309
310 iter = &node->vm_files.rb_node;
311
312 while (likely(*iter)) {
313 parent = *iter;
314 entry = rb_entry(*iter, struct drm_vma_offset_file, vm_rb);
315
316 if (tag == entry->vm_tag) {
317 entry->vm_count++;
318 goto unlock;
319 } else if (tag > entry->vm_tag) {
320 iter = &(*iter)->rb_right;
321 } else {
322 iter = &(*iter)->rb_left;
323 }
324 }
325
326 if (!new) {
327 ret = -ENOMEM;
328 goto unlock;
329 }
330
331 new->vm_tag = tag;
332 new->vm_count = 1;
333 rb_link_node(&new->vm_rb, parent, iter);
334 rb_insert_color(&new->vm_rb, &node->vm_files);
335 new = NULL;
336
337 unlock:
338 lockmgr(&node->vm_lock, LK_RELEASE);
339 kfree(new);
340 return ret;
341 }
342 EXPORT_SYMBOL(drm_vma_node_allow);
343
344 /**
345 * drm_vma_node_revoke - Remove open-file from list of allowed users
346 * @node: Node to modify
347 * @tag: Tag of file to remove
348 *
349 * Decrement the ref-count of @tag in the list of allowed open-files on @node.
350 * If the ref-count drops to zero, remove @tag from the list. You must call
351 * this once for every drm_vma_node_allow() on @tag.
352 *
353 * This is locked against concurrent access internally.
354 *
355 * If @tag is not on the list, nothing is done.
356 */
drm_vma_node_revoke(struct drm_vma_offset_node * node,struct drm_file * tag)357 void drm_vma_node_revoke(struct drm_vma_offset_node *node,
358 struct drm_file *tag)
359 {
360 struct drm_vma_offset_file *entry;
361 struct rb_node *iter;
362
363 lockmgr(&node->vm_lock, LK_EXCLUSIVE);
364
365 iter = node->vm_files.rb_node;
366 while (likely(iter)) {
367 entry = rb_entry(iter, struct drm_vma_offset_file, vm_rb);
368 if (tag == entry->vm_tag) {
369 if (!--entry->vm_count) {
370 rb_erase(&entry->vm_rb, &node->vm_files);
371 kfree(entry);
372 }
373 break;
374 } else if (tag > entry->vm_tag) {
375 iter = iter->rb_right;
376 } else {
377 iter = iter->rb_left;
378 }
379 }
380
381 lockmgr(&node->vm_lock, LK_RELEASE);
382 }
383 EXPORT_SYMBOL(drm_vma_node_revoke);
384
385 /**
386 * drm_vma_node_is_allowed - Check whether an open-file is granted access
387 * @node: Node to check
388 * @tag: Tag of file to remove
389 *
390 * Search the list in @node whether @tag is currently on the list of allowed
391 * open-files (see drm_vma_node_allow()).
392 *
393 * This is locked against concurrent access internally.
394 *
395 * RETURNS:
396 * true iff @filp is on the list
397 */
drm_vma_node_is_allowed(struct drm_vma_offset_node * node,struct drm_file * tag)398 bool drm_vma_node_is_allowed(struct drm_vma_offset_node *node,
399 struct drm_file *tag)
400 {
401 struct drm_vma_offset_file *entry;
402 struct rb_node *iter;
403
404 lockmgr(&node->vm_lock, LK_EXCLUSIVE);
405
406 iter = node->vm_files.rb_node;
407 while (likely(iter)) {
408 entry = rb_entry(iter, struct drm_vma_offset_file, vm_rb);
409 if (tag == entry->vm_tag)
410 break;
411 else if (tag > entry->vm_tag)
412 iter = iter->rb_right;
413 else
414 iter = iter->rb_left;
415 }
416
417 lockmgr(&node->vm_lock, LK_RELEASE);
418
419 return iter;
420 }
421 EXPORT_SYMBOL(drm_vma_node_is_allowed);
422