1 /*
2 * SPDX-License-Identifier: MIT
3 *
4 * Copyright © 2012-2014 Intel Corporation
5 *
6 * Based on amdgpu_mn, which bears the following notice:
7 *
8 * Copyright 2014 Advanced Micro Devices, Inc.
9 * All Rights Reserved.
10 *
11 * Permission is hereby granted, free of charge, to any person obtaining a
12 * copy of this software and associated documentation files (the
13 * "Software"), to deal in the Software without restriction, including
14 * without limitation the rights to use, copy, modify, merge, publish,
15 * distribute, sub license, and/or sell copies of the Software, and to
16 * permit persons to whom the Software is furnished to do so, subject to
17 * the following conditions:
18 *
19 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
20 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
21 * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL
22 * THE COPYRIGHT HOLDERS, AUTHORS AND/OR ITS SUPPLIERS BE LIABLE FOR ANY CLAIM,
23 * DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
24 * OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
25 * USE OR OTHER DEALINGS IN THE SOFTWARE.
26 *
27 * The above copyright notice and this permission notice (including the
28 * next paragraph) shall be included in all copies or substantial portions
29 * of the Software.
30 *
31 */
32 /*
33 * Authors:
34 * Christian König <christian.koenig@amd.com>
35 */
36
37 #include <linux/mmu_context.h>
38 #include <linux/mempolicy.h>
39 #include <linux/swap.h>
40 #include <linux/sched/mm.h>
41
42 #include "i915_drv.h"
43 #include "i915_gem_ioctls.h"
44 #include "i915_gem_object.h"
45 #include "i915_gem_userptr.h"
46 #include "i915_scatterlist.h"
47
48 #ifdef CONFIG_MMU_NOTIFIER
49
50 /**
51 * i915_gem_userptr_invalidate - callback to notify about mm change
52 *
53 * @mni: the range (mm) is about to update
54 * @range: details on the invalidation
55 * @cur_seq: Value to pass to mmu_interval_set_seq()
56 *
57 * Block for operations on BOs to finish and mark pages as accessed and
58 * potentially dirty.
59 */
i915_gem_userptr_invalidate(struct mmu_interval_notifier * mni,const struct mmu_notifier_range * range,unsigned long cur_seq)60 static bool i915_gem_userptr_invalidate(struct mmu_interval_notifier *mni,
61 const struct mmu_notifier_range *range,
62 unsigned long cur_seq)
63 {
64 struct drm_i915_gem_object *obj = container_of(mni, struct drm_i915_gem_object, userptr.notifier);
65 struct drm_i915_private *i915 = to_i915(obj->base.dev);
66 long r;
67
68 if (!mmu_notifier_range_blockable(range))
69 return false;
70
71 write_lock(&i915->mm.notifier_lock);
72
73 mmu_interval_set_seq(mni, cur_seq);
74
75 write_unlock(&i915->mm.notifier_lock);
76
77 /*
78 * We don't wait when the process is exiting. This is valid
79 * because the object will be cleaned up anyway.
80 *
81 * This is also temporarily required as a hack, because we
82 * cannot currently force non-consistent batch buffers to preempt
83 * and reschedule by waiting on it, hanging processes on exit.
84 */
85 if (current->flags & PF_EXITING)
86 return true;
87
88 /* we will unbind on next submission, still have userptr pins */
89 r = dma_resv_wait_timeout(obj->base.resv, DMA_RESV_USAGE_BOOKKEEP, false,
90 MAX_SCHEDULE_TIMEOUT);
91 if (r <= 0)
92 drm_err(&i915->drm, "(%ld) failed to wait for idle\n", r);
93
94 return true;
95 }
96
97 static const struct mmu_interval_notifier_ops i915_gem_userptr_notifier_ops = {
98 .invalidate = i915_gem_userptr_invalidate,
99 };
100
101 static int
i915_gem_userptr_init__mmu_notifier(struct drm_i915_gem_object * obj)102 i915_gem_userptr_init__mmu_notifier(struct drm_i915_gem_object *obj)
103 {
104 return mmu_interval_notifier_insert(&obj->userptr.notifier, current->mm,
105 obj->userptr.ptr, obj->base.size,
106 &i915_gem_userptr_notifier_ops);
107 }
108
i915_gem_object_userptr_drop_ref(struct drm_i915_gem_object * obj)109 static void i915_gem_object_userptr_drop_ref(struct drm_i915_gem_object *obj)
110 {
111 struct page **pvec = NULL;
112
113 assert_object_held_shared(obj);
114
115 if (!--obj->userptr.page_ref) {
116 pvec = obj->userptr.pvec;
117 obj->userptr.pvec = NULL;
118 }
119 GEM_BUG_ON(obj->userptr.page_ref < 0);
120
121 if (pvec) {
122 const unsigned long num_pages = obj->base.size >> PAGE_SHIFT;
123
124 unpin_user_pages(pvec, num_pages);
125 kvfree(pvec);
126 }
127 }
128
i915_gem_userptr_get_pages(struct drm_i915_gem_object * obj)129 static int i915_gem_userptr_get_pages(struct drm_i915_gem_object *obj)
130 {
131 unsigned int max_segment = i915_sg_segment_size(obj->base.dev->dev);
132 struct sg_table *st;
133 struct page **pvec;
134 unsigned int num_pages; /* limited by sg_alloc_table_from_pages_segment */
135 int ret;
136
137 if (overflows_type(obj->base.size >> PAGE_SHIFT, num_pages))
138 return -E2BIG;
139
140 num_pages = obj->base.size >> PAGE_SHIFT;
141 st = kmalloc(sizeof(*st), GFP_KERNEL);
142 if (!st)
143 return -ENOMEM;
144
145 if (!obj->userptr.page_ref) {
146 ret = -EAGAIN;
147 goto err_free;
148 }
149
150 obj->userptr.page_ref++;
151 pvec = obj->userptr.pvec;
152
153 alloc_table:
154 ret = sg_alloc_table_from_pages_segment(st, pvec, num_pages, 0,
155 num_pages << PAGE_SHIFT,
156 max_segment, GFP_KERNEL);
157 if (ret)
158 goto err;
159
160 ret = i915_gem_gtt_prepare_pages(obj, st);
161 if (ret) {
162 sg_free_table(st);
163
164 if (max_segment > PAGE_SIZE) {
165 max_segment = PAGE_SIZE;
166 goto alloc_table;
167 }
168
169 goto err;
170 }
171
172 WARN_ON_ONCE(!(obj->cache_coherent & I915_BO_CACHE_COHERENT_FOR_WRITE));
173 if (i915_gem_object_can_bypass_llc(obj))
174 obj->cache_dirty = true;
175
176 __i915_gem_object_set_pages(obj, st);
177
178 return 0;
179
180 err:
181 i915_gem_object_userptr_drop_ref(obj);
182 err_free:
183 kfree(st);
184 return ret;
185 }
186
187 static void
i915_gem_userptr_put_pages(struct drm_i915_gem_object * obj,struct sg_table * pages)188 i915_gem_userptr_put_pages(struct drm_i915_gem_object *obj,
189 struct sg_table *pages)
190 {
191 struct sgt_iter sgt_iter;
192 struct page *page;
193
194 if (!pages)
195 return;
196
197 __i915_gem_object_release_shmem(obj, pages, true);
198 i915_gem_gtt_finish_pages(obj, pages);
199
200 /*
201 * We always mark objects as dirty when they are used by the GPU,
202 * just in case. However, if we set the vma as being read-only we know
203 * that the object will never have been written to.
204 */
205 if (i915_gem_object_is_readonly(obj))
206 obj->mm.dirty = false;
207
208 for_each_sgt_page(page, sgt_iter, pages) {
209 if (obj->mm.dirty && trylock_page(page)) {
210 /*
211 * As this may not be anonymous memory (e.g. shmem)
212 * but exist on a real mapping, we have to lock
213 * the page in order to dirty it -- holding
214 * the page reference is not sufficient to
215 * prevent the inode from being truncated.
216 * Play safe and take the lock.
217 *
218 * However...!
219 *
220 * The mmu-notifier can be invalidated for a
221 * migrate_folio, that is alreadying holding the lock
222 * on the folio. Such a try_to_unmap() will result
223 * in us calling put_pages() and so recursively try
224 * to lock the page. We avoid that deadlock with
225 * a trylock_page() and in exchange we risk missing
226 * some page dirtying.
227 */
228 set_page_dirty(page);
229 unlock_page(page);
230 }
231
232 mark_page_accessed(page);
233 }
234 obj->mm.dirty = false;
235
236 sg_free_table(pages);
237 kfree(pages);
238
239 i915_gem_object_userptr_drop_ref(obj);
240 }
241
i915_gem_object_userptr_unbind(struct drm_i915_gem_object * obj)242 static int i915_gem_object_userptr_unbind(struct drm_i915_gem_object *obj)
243 {
244 struct sg_table *pages;
245 int err;
246
247 err = i915_gem_object_unbind(obj, I915_GEM_OBJECT_UNBIND_ACTIVE);
248 if (err)
249 return err;
250
251 if (GEM_WARN_ON(i915_gem_object_has_pinned_pages(obj)))
252 return -EBUSY;
253
254 assert_object_held(obj);
255
256 pages = __i915_gem_object_unset_pages(obj);
257 if (!IS_ERR_OR_NULL(pages))
258 i915_gem_userptr_put_pages(obj, pages);
259
260 return err;
261 }
262
i915_gem_object_userptr_submit_init(struct drm_i915_gem_object * obj)263 int i915_gem_object_userptr_submit_init(struct drm_i915_gem_object *obj)
264 {
265 const unsigned long num_pages = obj->base.size >> PAGE_SHIFT;
266 struct page **pvec;
267 unsigned int gup_flags = 0;
268 unsigned long notifier_seq;
269 int pinned, ret;
270
271 if (obj->userptr.notifier.mm != current->mm)
272 return -EFAULT;
273
274 notifier_seq = mmu_interval_read_begin(&obj->userptr.notifier);
275
276 ret = i915_gem_object_lock_interruptible(obj, NULL);
277 if (ret)
278 return ret;
279
280 if (notifier_seq == obj->userptr.notifier_seq && obj->userptr.pvec) {
281 i915_gem_object_unlock(obj);
282 return 0;
283 }
284
285 ret = i915_gem_object_userptr_unbind(obj);
286 i915_gem_object_unlock(obj);
287 if (ret)
288 return ret;
289
290 pvec = kvmalloc_array(num_pages, sizeof(struct page *), GFP_KERNEL);
291 if (!pvec)
292 return -ENOMEM;
293
294 if (!i915_gem_object_is_readonly(obj))
295 gup_flags |= FOLL_WRITE;
296
297 pinned = 0;
298 while (pinned < num_pages) {
299 ret = pin_user_pages_fast(obj->userptr.ptr + pinned * PAGE_SIZE,
300 num_pages - pinned, gup_flags,
301 &pvec[pinned]);
302 if (ret < 0)
303 goto out;
304
305 pinned += ret;
306 }
307
308 ret = i915_gem_object_lock_interruptible(obj, NULL);
309 if (ret)
310 goto out;
311
312 if (mmu_interval_read_retry(&obj->userptr.notifier,
313 !obj->userptr.page_ref ? notifier_seq :
314 obj->userptr.notifier_seq)) {
315 ret = -EAGAIN;
316 goto out_unlock;
317 }
318
319 if (!obj->userptr.page_ref++) {
320 obj->userptr.pvec = pvec;
321 obj->userptr.notifier_seq = notifier_seq;
322 pvec = NULL;
323 ret = ____i915_gem_object_get_pages(obj);
324 }
325
326 obj->userptr.page_ref--;
327
328 out_unlock:
329 i915_gem_object_unlock(obj);
330
331 out:
332 if (pvec) {
333 unpin_user_pages(pvec, pinned);
334 kvfree(pvec);
335 }
336
337 return ret;
338 }
339
i915_gem_object_userptr_submit_done(struct drm_i915_gem_object * obj)340 int i915_gem_object_userptr_submit_done(struct drm_i915_gem_object *obj)
341 {
342 if (mmu_interval_read_retry(&obj->userptr.notifier,
343 obj->userptr.notifier_seq)) {
344 /* We collided with the mmu notifier, need to retry */
345
346 return -EAGAIN;
347 }
348
349 return 0;
350 }
351
i915_gem_object_userptr_validate(struct drm_i915_gem_object * obj)352 int i915_gem_object_userptr_validate(struct drm_i915_gem_object *obj)
353 {
354 int err;
355
356 err = i915_gem_object_userptr_submit_init(obj);
357 if (err)
358 return err;
359
360 err = i915_gem_object_lock_interruptible(obj, NULL);
361 if (!err) {
362 /*
363 * Since we only check validity, not use the pages,
364 * it doesn't matter if we collide with the mmu notifier,
365 * and -EAGAIN handling is not required.
366 */
367 err = i915_gem_object_pin_pages(obj);
368 if (!err)
369 i915_gem_object_unpin_pages(obj);
370
371 i915_gem_object_unlock(obj);
372 }
373
374 return err;
375 }
376
377 static void
i915_gem_userptr_release(struct drm_i915_gem_object * obj)378 i915_gem_userptr_release(struct drm_i915_gem_object *obj)
379 {
380 GEM_WARN_ON(obj->userptr.page_ref);
381
382 if (!obj->userptr.notifier.mm)
383 return;
384
385 mmu_interval_notifier_remove(&obj->userptr.notifier);
386 obj->userptr.notifier.mm = NULL;
387 }
388
389 static int
i915_gem_userptr_dmabuf_export(struct drm_i915_gem_object * obj)390 i915_gem_userptr_dmabuf_export(struct drm_i915_gem_object *obj)
391 {
392 drm_dbg(obj->base.dev, "Exporting userptr no longer allowed\n");
393
394 return -EINVAL;
395 }
396
397 static int
i915_gem_userptr_pwrite(struct drm_i915_gem_object * obj,const struct drm_i915_gem_pwrite * args)398 i915_gem_userptr_pwrite(struct drm_i915_gem_object *obj,
399 const struct drm_i915_gem_pwrite *args)
400 {
401 drm_dbg(obj->base.dev, "pwrite to userptr no longer allowed\n");
402
403 return -EINVAL;
404 }
405
406 static int
i915_gem_userptr_pread(struct drm_i915_gem_object * obj,const struct drm_i915_gem_pread * args)407 i915_gem_userptr_pread(struct drm_i915_gem_object *obj,
408 const struct drm_i915_gem_pread *args)
409 {
410 drm_dbg(obj->base.dev, "pread from userptr no longer allowed\n");
411
412 return -EINVAL;
413 }
414
415 static const struct drm_i915_gem_object_ops i915_gem_userptr_ops = {
416 .name = "i915_gem_object_userptr",
417 .flags = I915_GEM_OBJECT_IS_SHRINKABLE |
418 I915_GEM_OBJECT_NO_MMAP |
419 I915_GEM_OBJECT_IS_PROXY,
420 .get_pages = i915_gem_userptr_get_pages,
421 .put_pages = i915_gem_userptr_put_pages,
422 .dmabuf_export = i915_gem_userptr_dmabuf_export,
423 .pwrite = i915_gem_userptr_pwrite,
424 .pread = i915_gem_userptr_pread,
425 .release = i915_gem_userptr_release,
426 };
427
428 #endif
429
430 #ifdef notyet
431
432 static int
probe_range(struct mm_struct * mm,unsigned long addr,unsigned long len)433 probe_range(struct mm_struct *mm, unsigned long addr, unsigned long len)
434 {
435 VMA_ITERATOR(vmi, mm, addr);
436 struct vm_area_struct *vma;
437 unsigned long end = addr + len;
438
439 mmap_read_lock(mm);
440 for_each_vma_range(vmi, vma, end) {
441 /* Check for holes, note that we also update the addr below */
442 if (vma->vm_start > addr)
443 break;
444
445 if (vma->vm_flags & (VM_PFNMAP | VM_MIXEDMAP))
446 break;
447
448 addr = vma->vm_end;
449 }
450 mmap_read_unlock(mm);
451
452 if (vma || addr < end)
453 return -EFAULT;
454 return 0;
455 }
456 #endif
457
458 /*
459 * Creates a new mm object that wraps some normal memory from the process
460 * context - user memory.
461 *
462 * We impose several restrictions upon the memory being mapped
463 * into the GPU.
464 * 1. It must be page aligned (both start/end addresses, i.e ptr and size).
465 * 2. It must be normal system memory, not a pointer into another map of IO
466 * space (e.g. it must not be a GTT mmapping of another object).
467 * 3. We only allow a bo as large as we could in theory map into the GTT,
468 * that is we limit the size to the total size of the GTT.
469 * 4. The bo is marked as being snoopable. The backing pages are left
470 * accessible directly by the CPU, but reads and writes by the GPU may
471 * incur the cost of a snoop (unless you have an LLC architecture).
472 *
473 * Synchronisation between multiple users and the GPU is left to userspace
474 * through the normal set-domain-ioctl. The kernel will enforce that the
475 * GPU relinquishes the VMA before it is returned back to the system
476 * i.e. upon free(), munmap() or process termination. However, the userspace
477 * malloc() library may not immediately relinquish the VMA after free() and
478 * instead reuse it whilst the GPU is still reading and writing to the VMA.
479 * Caveat emptor.
480 *
481 * Also note, that the object created here is not currently a "first class"
482 * object, in that several ioctls are banned. These are the CPU access
483 * ioctls: mmap(), pwrite and pread. In practice, you are expected to use
484 * direct access via your pointer rather than use those ioctls. Another
485 * restriction is that we do not allow userptr surfaces to be pinned to the
486 * hardware and so we reject any attempt to create a framebuffer out of a
487 * userptr.
488 *
489 * If you think this is a good interface to use to pass GPU memory between
490 * drivers, please use dma-buf instead. In fact, wherever possible use
491 * dma-buf instead.
492 */
493 int
i915_gem_userptr_ioctl(struct drm_device * dev,void * data,struct drm_file * file)494 i915_gem_userptr_ioctl(struct drm_device *dev,
495 void *data,
496 struct drm_file *file)
497 {
498 static struct lock_class_key __maybe_unused lock_class;
499 struct drm_i915_private *dev_priv = to_i915(dev);
500 struct drm_i915_gem_userptr *args = data;
501 struct drm_i915_gem_object __maybe_unused *obj;
502 int __maybe_unused ret;
503 u32 __maybe_unused handle;
504
505 if (!HAS_LLC(dev_priv) && !HAS_SNOOP(dev_priv)) {
506 /* We cannot support coherent userptr objects on hw without
507 * LLC and broken snooping.
508 */
509 return -ENODEV;
510 }
511
512 if (args->flags & ~(I915_USERPTR_READ_ONLY |
513 I915_USERPTR_UNSYNCHRONIZED |
514 I915_USERPTR_PROBE))
515 return -EINVAL;
516
517 if (i915_gem_object_size_2big(args->user_size))
518 return -E2BIG;
519
520 if (!args->user_size)
521 return -EINVAL;
522
523 if (offset_in_page(args->user_ptr | args->user_size))
524 return -EINVAL;
525
526 if (!access_ok((char __user *)(unsigned long)args->user_ptr, args->user_size))
527 return -EFAULT;
528
529 if (args->flags & I915_USERPTR_UNSYNCHRONIZED)
530 return -ENODEV;
531
532 if (args->flags & I915_USERPTR_READ_ONLY) {
533 /*
534 * On almost all of the older hw, we cannot tell the GPU that
535 * a page is readonly.
536 */
537 if (!to_gt(dev_priv)->vm->has_read_only)
538 return -ENODEV;
539 }
540
541 if (args->flags & I915_USERPTR_PROBE) {
542 /*
543 * Check that the range pointed to represents real struct
544 * pages and not iomappings (at this moment in time!)
545 */
546 #ifdef notyet
547 ret = probe_range(current->mm, args->user_ptr, args->user_size);
548 if (ret)
549 return ret;
550 #else
551 STUB();
552 return -ENOSYS;
553 #endif
554 }
555
556 #ifdef CONFIG_MMU_NOTIFIER
557 obj = i915_gem_object_alloc();
558 if (obj == NULL)
559 return -ENOMEM;
560
561 drm_gem_private_object_init(dev, &obj->base, args->user_size);
562 i915_gem_object_init(obj, &i915_gem_userptr_ops, &lock_class,
563 I915_BO_ALLOC_USER);
564 obj->mem_flags = I915_BO_FLAG_STRUCT_PAGE;
565 obj->read_domains = I915_GEM_DOMAIN_CPU;
566 obj->write_domain = I915_GEM_DOMAIN_CPU;
567 i915_gem_object_set_cache_coherency(obj, I915_CACHE_LLC);
568
569 obj->userptr.ptr = args->user_ptr;
570 obj->userptr.notifier_seq = ULONG_MAX;
571 if (args->flags & I915_USERPTR_READ_ONLY)
572 i915_gem_object_set_readonly(obj);
573
574 /* And keep a pointer to the current->mm for resolving the user pages
575 * at binding. This means that we need to hook into the mmu_notifier
576 * in order to detect if the mmu is destroyed.
577 */
578 ret = i915_gem_userptr_init__mmu_notifier(obj);
579 if (ret == 0)
580 ret = drm_gem_handle_create(file, &obj->base, &handle);
581
582 /* drop reference from allocate - handle holds it now */
583 i915_gem_object_put(obj);
584 if (ret)
585 return ret;
586
587 args->handle = handle;
588 return 0;
589 #else
590 return -ENODEV;
591 #endif
592 }
593
i915_gem_init_userptr(struct drm_i915_private * dev_priv)594 int i915_gem_init_userptr(struct drm_i915_private *dev_priv)
595 {
596 #ifdef CONFIG_MMU_NOTIFIER
597 rwlock_init(&dev_priv->mm.notifier_lock);
598 #endif
599
600 return 0;
601 }
602
i915_gem_cleanup_userptr(struct drm_i915_private * dev_priv)603 void i915_gem_cleanup_userptr(struct drm_i915_private *dev_priv)
604 {
605 }
606