1 /* 2 * Copyright © 2008 Intel Corporation 3 * 4 * Permission is hereby granted, free of charge, to any person obtaining a 5 * copy of this software and associated documentation files (the "Software"), 6 * to deal in the Software without restriction, including without limitation 7 * the rights to use, copy, modify, merge, publish, distribute, sublicense, 8 * and/or sell copies of the Software, and to permit persons to whom the 9 * Software is furnished to do so, subject to the following conditions: 10 * 11 * The above copyright notice and this permission notice (including the next 12 * paragraph) shall be included in all copies or substantial portions of the 13 * Software. 14 * 15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 18 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 20 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS 21 * IN THE SOFTWARE. 22 * 23 * Authors: 24 * Eric Anholt <eric@anholt.net> 25 * 26 */ 27 /*- 28 * Copyright (c) 2011 The FreeBSD Foundation 29 * All rights reserved. 30 * 31 * This software was developed by Konstantin Belousov under sponsorship from 32 * the FreeBSD Foundation. 33 * 34 * Redistribution and use in source and binary forms, with or without 35 * modification, are permitted provided that the following conditions 36 * are met: 37 * 1. Redistributions of source code must retain the above copyright 38 * notice, this list of conditions and the following disclaimer. 39 * 2. Redistributions in binary form must reproduce the above copyright 40 * notice, this list of conditions and the following disclaimer in the 41 * documentation and/or other materials provided with the distribution. 42 * 43 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 44 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 45 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 46 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 47 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 48 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 49 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 50 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 51 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 52 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 53 * SUCH DAMAGE. 54 */ 55 56 #include "opt_vm.h" 57 58 #include <sys/param.h> 59 #include <sys/systm.h> 60 #include <sys/limits.h> 61 #include <sys/lock.h> 62 #include <sys/mutex.h> 63 #include <sys/conf.h> 64 65 #include <vm/vm.h> 66 #include <vm/vm_page.h> 67 68 #include <linux/types.h> 69 #include <linux/mm.h> 70 #include <linux/module.h> 71 #include <drm/drmP.h> 72 #include <drm/drm_vma_manager.h> 73 #include <drm/drm_gem.h> 74 #include "drm_internal.h" 75 76 /** @file drm_gem.c 77 * 78 * This file provides some of the base ioctls and library routines for 79 * the graphics memory manager implemented by each device driver. 80 * 81 * Because various devices have different requirements in terms of 82 * synchronization and migration strategies, implementing that is left up to 83 * the driver, and all that the general API provides should be generic -- 84 * allocating objects, reading/writing data with the cpu, freeing objects. 85 * Even there, platform-dependent optimizations for reading/writing data with 86 * the CPU mean we'll likely hook those out to driver-specific calls. However, 87 * the DRI2 implementation wants to have at least allocate/mmap be generic. 88 * 89 * The goal was to have swap-backed object allocation managed through 90 * struct file. However, file descriptors as handles to a struct file have 91 * two major failings: 92 * - Process limits prevent more than 1024 or so being used at a time by 93 * default. 94 * - Inability to allocate high fds will aggravate the X Server's select() 95 * handling, and likely that of many GL client applications as well. 96 * 97 * This led to a plan of using our own integer IDs (called handles, following 98 * DRM terminology) to mimic fds, and implement the fd syscalls we need as 99 * ioctls. The objects themselves will still include the struct file so 100 * that we can transition to fds if the required kernel infrastructure shows 101 * up at a later date, and as our interface with shmfs for memory allocation. 102 */ 103 104 /* 105 * We make up offsets for buffer objects so we can recognize them at 106 * mmap time. 107 */ 108 109 /* pgoff in mmap is an unsigned long, so we need to make sure that 110 * the faked up offset will fit 111 */ 112 113 #if BITS_PER_LONG == 64 114 #define DRM_FILE_PAGE_OFFSET_START ((0xFFFFFFFFUL >> PAGE_SHIFT) + 1) 115 #define DRM_FILE_PAGE_OFFSET_SIZE ((0xFFFFFFFFUL >> PAGE_SHIFT) * 16) 116 #else 117 #define DRM_FILE_PAGE_OFFSET_START ((0xFFFFFFFUL >> PAGE_SHIFT) + 1) 118 #define DRM_FILE_PAGE_OFFSET_SIZE ((0xFFFFFFFUL >> PAGE_SHIFT) * 16) 119 #endif 120 121 /** 122 * drm_gem_init - Initialize the GEM device fields 123 * @dev: drm_devic structure to initialize 124 */ 125 int 126 drm_gem_init(struct drm_device *dev) 127 { 128 struct drm_gem_mm *mm; 129 130 lockinit(&dev->object_name_lock, "objnam", 0, LK_CANRECURSE); 131 idr_init(&dev->object_name_idr); 132 133 mm = kzalloc(sizeof(struct drm_gem_mm), GFP_KERNEL); 134 if (!mm) { 135 DRM_ERROR("out of memory\n"); 136 return -ENOMEM; 137 } 138 139 dev->mm_private = mm; 140 141 if (drm_ht_create(&mm->offset_hash, 12)) { 142 kfree(mm); 143 return -ENOMEM; 144 } 145 146 mm->idxunr = new_unrhdr(0, DRM_GEM_MAX_IDX, NULL); 147 drm_mm_init(&mm->offset_manager, DRM_FILE_PAGE_OFFSET_START, 148 DRM_FILE_PAGE_OFFSET_SIZE); 149 drm_vma_offset_manager_init(&mm->vma_manager, 150 DRM_FILE_PAGE_OFFSET_START, 151 DRM_FILE_PAGE_OFFSET_SIZE); 152 153 return 0; 154 } 155 156 void 157 drm_gem_destroy(struct drm_device *dev) 158 { 159 struct drm_gem_mm *mm = dev->mm_private; 160 161 drm_mm_takedown(&mm->offset_manager); 162 drm_ht_remove(&mm->offset_hash); 163 164 drm_vma_offset_manager_destroy(&mm->vma_manager); 165 delete_unrhdr(mm->idxunr); 166 kfree(mm); 167 dev->mm_private = NULL; 168 } 169 170 /** 171 * Initialize an already allocated GEM object of the specified size with 172 * shmfs backing store. 173 */ 174 int drm_gem_object_init(struct drm_device *dev, 175 struct drm_gem_object *obj, size_t size) 176 { 177 drm_gem_private_object_init(dev, obj, size); 178 179 obj->filp = default_pager_alloc(NULL, size, 180 VM_PROT_READ | VM_PROT_WRITE, 0); 181 182 return 0; 183 } 184 EXPORT_SYMBOL(drm_gem_object_init); 185 186 /** 187 * drm_gem_object_init - initialize an allocated private GEM object 188 * @dev: drm_device the object should be initialized for 189 * @obj: drm_gem_object to initialize 190 * @size: object size 191 * 192 * Initialize an already allocated GEM object of the specified size with 193 * no GEM provided backing store. Instead the caller is responsible for 194 * backing the object and handling it. 195 */ 196 void drm_gem_private_object_init(struct drm_device *dev, 197 struct drm_gem_object *obj, size_t size) 198 { 199 BUG_ON((size & (PAGE_SIZE - 1)) != 0); 200 201 obj->dev = dev; 202 obj->filp = NULL; 203 204 kref_init(&obj->refcount); 205 obj->handle_count = 0; 206 obj->size = size; 207 drm_vma_node_reset(&obj->vma_node); 208 } 209 EXPORT_SYMBOL(drm_gem_private_object_init); 210 211 static void 212 drm_gem_remove_prime_handles(struct drm_gem_object *obj, struct drm_file *filp) 213 { 214 /* 215 * Note: obj->dma_buf can't disappear as long as we still hold a 216 * handle reference in obj->handle_count. 217 */ 218 mutex_lock(&filp->prime.lock); 219 #if 0 220 if (obj->dma_buf) { 221 drm_prime_remove_buf_handle_locked(&filp->prime, 222 obj->dma_buf); 223 } 224 #endif 225 mutex_unlock(&filp->prime.lock); 226 } 227 228 static void drm_gem_object_ref_bug(struct kref *list_kref) 229 { 230 BUG(); 231 } 232 233 /** 234 * drm_gem_object_handle_free - release resources bound to userspace handles 235 * @obj: GEM object to clean up. 236 * 237 * Called after the last handle to the object has been closed 238 * 239 * Removes any name for the object. Note that this must be 240 * called before drm_gem_object_free or we'll be touching 241 * freed memory 242 */ 243 static void drm_gem_object_handle_free(struct drm_gem_object *obj) 244 { 245 struct drm_device *dev = obj->dev; 246 247 /* Remove any name for this object */ 248 if (obj->name) { 249 idr_remove(&dev->object_name_idr, obj->name); 250 obj->name = 0; 251 /* 252 * The object name held a reference to this object, drop 253 * that now. 254 * 255 * This cannot be the last reference, since the handle holds one too. 256 */ 257 kref_put(&obj->refcount, drm_gem_object_ref_bug); 258 } 259 } 260 261 static void drm_gem_object_exported_dma_buf_free(struct drm_gem_object *obj) 262 { 263 #if 0 264 /* Unbreak the reference cycle if we have an exported dma_buf. */ 265 if (obj->dma_buf) { 266 dma_buf_put(obj->dma_buf); 267 obj->dma_buf = NULL; 268 } 269 #endif 270 } 271 272 static void 273 drm_gem_object_handle_unreference_unlocked(struct drm_gem_object *obj) 274 { 275 struct drm_device *dev = obj->dev; 276 277 if (WARN_ON(obj->handle_count == 0)) 278 return; 279 280 /* 281 * Must bump handle count first as this may be the last 282 * ref, in which case the object would disappear before we 283 * checked for a name 284 */ 285 286 mutex_lock(&dev->object_name_lock); 287 if (--obj->handle_count == 0) { 288 drm_gem_object_handle_free(obj); 289 drm_gem_object_exported_dma_buf_free(obj); 290 } 291 mutex_unlock(&dev->object_name_lock); 292 293 drm_gem_object_unreference_unlocked(obj); 294 } 295 296 /* 297 * Called at device or object close to release the file's 298 * handle references on objects. 299 */ 300 static int 301 drm_gem_object_release_handle(int id, void *ptr, void *data) 302 { 303 struct drm_file *file_priv = data; 304 struct drm_gem_object *obj = ptr; 305 struct drm_device *dev = obj->dev; 306 307 drm_gem_remove_prime_handles(obj, file_priv); 308 309 if (dev->driver->gem_close_object) 310 dev->driver->gem_close_object(obj, file_priv); 311 312 drm_gem_object_handle_unreference_unlocked(obj); 313 314 return 0; 315 } 316 317 /** 318 * drm_gem_handle_delete - deletes the given file-private handle 319 * @filp: drm file-private structure to use for the handle look up 320 * @handle: userspace handle to delete 321 * 322 * Removes the GEM handle from the @filp lookup table which has been added with 323 * drm_gem_handle_create(). If this is the last handle also cleans up linked 324 * resources like GEM names. 325 */ 326 int 327 drm_gem_handle_delete(struct drm_file *filp, u32 handle) 328 { 329 struct drm_device *dev; 330 struct drm_gem_object *obj; 331 332 /* This is gross. The idr system doesn't let us try a delete and 333 * return an error code. It just spews if you fail at deleting. 334 * So, we have to grab a lock around finding the object and then 335 * doing the delete on it and dropping the refcount, or the user 336 * could race us to double-decrement the refcount and cause a 337 * use-after-free later. Given the frequency of our handle lookups, 338 * we may want to use ida for number allocation and a hash table 339 * for the pointers, anyway. 340 */ 341 lockmgr(&filp->table_lock, LK_EXCLUSIVE); 342 343 /* Check if we currently have a reference on the object */ 344 obj = idr_find(&filp->object_idr, handle); 345 if (obj == NULL) { 346 lockmgr(&filp->table_lock, LK_RELEASE); 347 return -EINVAL; 348 } 349 dev = obj->dev; 350 351 /* Release reference and decrement refcount. */ 352 idr_remove(&filp->object_idr, handle); 353 lockmgr(&filp->table_lock, LK_RELEASE); 354 355 drm_gem_remove_prime_handles(obj, filp); 356 357 if (dev->driver->gem_close_object) 358 dev->driver->gem_close_object(obj, filp); 359 drm_gem_object_handle_unreference_unlocked(obj); 360 361 return 0; 362 } 363 EXPORT_SYMBOL(drm_gem_handle_delete); 364 365 /** 366 * drm_gem_dumb_destroy - dumb fb callback helper for gem based drivers 367 * @file: drm file-private structure to remove the dumb handle from 368 * @dev: corresponding drm_device 369 * @handle: the dumb handle to remove 370 * 371 * This implements the ->dumb_destroy kms driver callback for drivers which use 372 * gem to manage their backing storage. 373 */ 374 int drm_gem_dumb_destroy(struct drm_file *file, 375 struct drm_device *dev, 376 uint32_t handle) 377 { 378 return drm_gem_handle_delete(file, handle); 379 } 380 EXPORT_SYMBOL(drm_gem_dumb_destroy); 381 382 /** 383 * drm_gem_handle_create_tail - internal functions to create a handle 384 * @file_priv: drm file-private structure to register the handle for 385 * @obj: object to register 386 * @handlep: pointer to return the created handle to the caller 387 * 388 * This expects the dev->object_name_lock to be held already and will drop it 389 * before returning. Used to avoid races in establishing new handles when 390 * importing an object from either an flink name or a dma-buf. 391 * 392 * Handles must be release again through drm_gem_handle_delete(). This is done 393 * when userspace closes @file_priv for all attached handles, or through the 394 * GEM_CLOSE ioctl for individual handles. 395 */ 396 int 397 drm_gem_handle_create_tail(struct drm_file *file_priv, 398 struct drm_gem_object *obj, 399 u32 *handlep) 400 { 401 struct drm_device *dev = obj->dev; 402 int ret; 403 404 *handlep = 0; /* whack gcc warning */ 405 WARN_ON(!mutex_is_locked(&dev->object_name_lock)); 406 407 /* 408 * Get the user-visible handle using idr. Preload and perform 409 * allocation under our spinlock. 410 */ 411 idr_preload(GFP_KERNEL); 412 lockmgr(&file_priv->table_lock, LK_EXCLUSIVE); 413 414 ret = idr_alloc(&file_priv->object_idr, obj, 1, 0, GFP_NOWAIT); 415 drm_gem_object_reference(obj); 416 obj->handle_count++; 417 lockmgr(&file_priv->table_lock, LK_RELEASE); 418 idr_preload_end(); 419 mutex_unlock(&dev->object_name_lock); 420 if (ret < 0) { 421 drm_gem_object_handle_unreference_unlocked(obj); 422 return ret; 423 } 424 *handlep = ret; 425 426 #if 0 427 ret = drm_vma_node_allow(&obj->vma_node, file_priv->filp); 428 if (ret) { 429 drm_gem_handle_delete(file_priv, *handlep); 430 return ret; 431 } 432 #endif 433 434 if (dev->driver->gem_open_object) { 435 ret = dev->driver->gem_open_object(obj, file_priv); 436 if (ret) { 437 drm_gem_handle_delete(file_priv, *handlep); 438 return ret; 439 } 440 } 441 442 return 0; 443 } 444 445 /** 446 * drm_gem_handle_create - create a gem handle for an object 447 * @file_priv: drm file-private structure to register the handle for 448 * @obj: object to register 449 * @handlep: pionter to return the created handle to the caller 450 * 451 * Create a handle for this object. This adds a handle reference 452 * to the object, which includes a regular reference count. Callers 453 * will likely want to dereference the object afterwards. 454 */ 455 int drm_gem_handle_create(struct drm_file *file_priv, 456 struct drm_gem_object *obj, 457 u32 *handlep) 458 { 459 mutex_lock(&obj->dev->object_name_lock); 460 461 return drm_gem_handle_create_tail(file_priv, obj, handlep); 462 } 463 EXPORT_SYMBOL(drm_gem_handle_create); 464 465 /** 466 * drm_gem_free_mmap_offset - release a fake mmap offset for an object 467 * @obj: obj in question 468 * 469 * This routine frees fake offsets allocated by drm_gem_create_mmap_offset(). 470 * 471 * Note that drm_gem_object_release() already calls this function, so drivers 472 * don't have to take care of releasing the mmap offset themselves when freeing 473 * the GEM object. 474 */ 475 void 476 drm_gem_free_mmap_offset(struct drm_gem_object *obj) 477 { 478 struct drm_device *dev = obj->dev; 479 struct drm_gem_mm *mm = dev->mm_private; 480 struct drm_hash_item *list; 481 482 if (!obj->on_map) 483 return; 484 list = &obj->map_list; 485 486 drm_ht_remove_item(&mm->offset_hash, list); 487 free_unr(mm->idxunr, list->key); 488 obj->on_map = false; 489 490 drm_vma_offset_remove(&mm->vma_manager, &obj->vma_node); 491 } 492 EXPORT_SYMBOL(drm_gem_free_mmap_offset); 493 494 /** 495 * drm_gem_create_mmap_offset_size - create a fake mmap offset for an object 496 * @obj: obj in question 497 * @size: the virtual size 498 * 499 * GEM memory mapping works by handing back to userspace a fake mmap offset 500 * it can use in a subsequent mmap(2) call. The DRM core code then looks 501 * up the object based on the offset and sets up the various memory mapping 502 * structures. 503 * 504 * This routine allocates and attaches a fake offset for @obj, in cases where 505 * the virtual size differs from the physical size (ie. obj->size). Otherwise 506 * just use drm_gem_create_mmap_offset(). 507 * 508 * This function is idempotent and handles an already allocated mmap offset 509 * transparently. Drivers do not need to check for this case. 510 */ 511 int 512 drm_gem_create_mmap_offset_size(struct drm_gem_object *obj, size_t size) 513 { 514 struct drm_device *dev = obj->dev; 515 struct drm_gem_mm *mm = dev->mm_private; 516 int ret = 0; 517 518 if (obj->on_map) 519 return (0); 520 521 obj->map_list.key = alloc_unr(mm->idxunr); 522 ret = drm_ht_insert_item(&mm->offset_hash, &obj->map_list); 523 if (ret != 0) { 524 DRM_ERROR("failed to add to map hash\n"); 525 free_unr(mm->idxunr, obj->map_list.key); 526 return (ret); 527 } 528 obj->on_map = true; 529 return 0; 530 531 return drm_vma_offset_add(&mm->vma_manager, &obj->vma_node, 532 size / PAGE_SIZE); 533 } 534 EXPORT_SYMBOL(drm_gem_create_mmap_offset_size); 535 536 /** 537 * drm_gem_create_mmap_offset - create a fake mmap offset for an object 538 * @obj: obj in question 539 * 540 * GEM memory mapping works by handing back to userspace a fake mmap offset 541 * it can use in a subsequent mmap(2) call. The DRM core code then looks 542 * up the object based on the offset and sets up the various memory mapping 543 * structures. 544 * 545 * This routine allocates and attaches a fake offset for @obj. 546 * 547 * Drivers can call drm_gem_free_mmap_offset() before freeing @obj to release 548 * the fake offset again. 549 */ 550 int drm_gem_create_mmap_offset(struct drm_gem_object *obj) 551 { 552 return drm_gem_create_mmap_offset_size(obj, obj->size); 553 } 554 EXPORT_SYMBOL(drm_gem_create_mmap_offset); 555 556 /** 557 * drm_gem_object_lookup - look up a GEM object from it's handle 558 * @filp: DRM file private date 559 * @handle: userspace handle 560 * 561 * Returns: 562 * 563 * A reference to the object named by the handle if such exists on @filp, NULL 564 * otherwise. 565 */ 566 struct drm_gem_object * 567 drm_gem_object_lookup(struct drm_file *filp, u32 handle) 568 { 569 struct drm_gem_object *obj; 570 571 lockmgr(&filp->table_lock, LK_EXCLUSIVE); 572 573 /* Check if we currently have a reference on the object */ 574 obj = idr_find(&filp->object_idr, handle); 575 if (obj) 576 drm_gem_object_reference(obj); 577 578 lockmgr(&filp->table_lock, LK_RELEASE); 579 580 return obj; 581 } 582 EXPORT_SYMBOL(drm_gem_object_lookup); 583 584 /** 585 * drm_gem_close_ioctl - implementation of the GEM_CLOSE ioctl 586 * @dev: drm_device 587 * @data: ioctl data 588 * @file_priv: drm file-private structure 589 * 590 * Releases the handle to an mm object. 591 */ 592 int 593 drm_gem_close_ioctl(struct drm_device *dev, void *data, 594 struct drm_file *file_priv) 595 { 596 struct drm_gem_close *args = data; 597 int ret; 598 599 if (!drm_core_check_feature(dev, DRIVER_GEM)) 600 return -ENODEV; 601 602 ret = drm_gem_handle_delete(file_priv, args->handle); 603 604 return ret; 605 } 606 607 /** 608 * Create a global name for an object, returning the name. 609 * 610 * Note that the name does not hold a reference; when the object 611 * is freed, the name goes away. 612 */ 613 int 614 drm_gem_flink_ioctl(struct drm_device *dev, void *data, 615 struct drm_file *file_priv) 616 { 617 struct drm_gem_flink *args = data; 618 struct drm_gem_object *obj; 619 int ret; 620 621 if (!drm_core_check_feature(dev, DRIVER_GEM)) 622 return -ENODEV; 623 624 obj = drm_gem_object_lookup(file_priv, args->handle); 625 if (obj == NULL) 626 return -ENOENT; 627 628 idr_preload(GFP_KERNEL); 629 lockmgr(&dev->object_name_lock, LK_EXCLUSIVE); 630 /* prevent races with concurrent gem_close. */ 631 if (obj->handle_count == 0) { 632 ret = -ENOENT; 633 goto err; 634 } 635 636 if (!obj->name) { 637 ret = idr_alloc(&dev->object_name_idr, obj, 1, 0, GFP_NOWAIT); 638 if (ret < 0) 639 goto err; 640 641 obj->name = ret; 642 643 /* Allocate a reference for the name table. */ 644 drm_gem_object_reference(obj); 645 } 646 647 args->name = (uint64_t) obj->name; 648 ret = 0; 649 650 err: 651 lockmgr(&dev->object_name_lock, LK_RELEASE); 652 idr_preload_end(); 653 drm_gem_object_unreference_unlocked(obj); 654 return ret; 655 } 656 657 /** 658 * drm_gem_open - implementation of the GEM_OPEN ioctl 659 * @dev: drm_device 660 * @data: ioctl data 661 * @file_priv: drm file-private structure 662 * 663 * Open an object using the global name, returning a handle and the size. 664 * 665 * This handle (of course) holds a reference to the object, so the object 666 * will not go away until the handle is deleted. 667 */ 668 int 669 drm_gem_open_ioctl(struct drm_device *dev, void *data, 670 struct drm_file *file_priv) 671 { 672 struct drm_gem_open *args = data; 673 struct drm_gem_object *obj; 674 int ret; 675 u32 handle; 676 677 if (!drm_core_check_feature(dev, DRIVER_GEM)) 678 return -ENODEV; 679 680 lockmgr(&dev->object_name_lock, LK_EXCLUSIVE); 681 obj = idr_find(&dev->object_name_idr, (int) args->name); 682 if (obj) 683 drm_gem_object_reference(obj); 684 lockmgr(&dev->object_name_lock, LK_RELEASE); 685 if (!obj) 686 return -ENOENT; 687 688 ret = drm_gem_handle_create(file_priv, obj, &handle); 689 drm_gem_object_unreference_unlocked(obj); 690 if (ret) 691 return ret; 692 693 args->handle = handle; 694 args->size = obj->size; 695 696 return 0; 697 } 698 699 /** 700 * gem_gem_open - initalizes GEM file-private structures at devnode open time 701 * @dev: drm_device which is being opened by userspace 702 * @file_private: drm file-private structure to set up 703 * 704 * Called at device open time, sets up the structure for handling refcounting 705 * of mm objects. 706 */ 707 void 708 drm_gem_open(struct drm_device *dev, struct drm_file *file_private) 709 { 710 idr_init(&file_private->object_idr); 711 lockinit(&file_private->table_lock, "fptab", 0, LK_CANRECURSE); 712 } 713 714 /** 715 * drm_gem_release - release file-private GEM resources 716 * @dev: drm_device which is being closed by userspace 717 * @file_private: drm file-private structure to clean up 718 * 719 * Called at close time when the filp is going away. 720 * 721 * Releases any remaining references on objects by this filp. 722 */ 723 void 724 drm_gem_release(struct drm_device *dev, struct drm_file *file_private) 725 { 726 idr_for_each(&file_private->object_idr, 727 &drm_gem_object_release_handle, file_private); 728 idr_destroy(&file_private->object_idr); 729 } 730 731 /** 732 * drm_gem_object_release - release GEM buffer object resources 733 * @obj: GEM buffer object 734 * 735 * This releases any structures and resources used by @obj and is the invers of 736 * drm_gem_object_init(). 737 */ 738 void 739 drm_gem_object_release(struct drm_gem_object *obj) 740 { 741 742 /* 743 * obj->vm_obj can be NULL for private gem objects. 744 */ 745 vm_object_deallocate(obj->filp); 746 } 747 EXPORT_SYMBOL(drm_gem_object_release); 748 749 /** 750 * drm_gem_object_free - free a GEM object 751 * @kref: kref of the object to free 752 * 753 * Called after the last reference to the object has been lost. 754 * Must be called holding struct_ mutex 755 * 756 * Frees the object 757 */ 758 void 759 drm_gem_object_free(struct kref *kref) 760 { 761 struct drm_gem_object *obj = 762 container_of(kref, struct drm_gem_object, refcount); 763 struct drm_device *dev = obj->dev; 764 765 if (dev->driver->gem_free_object_unlocked) { 766 dev->driver->gem_free_object_unlocked(obj); 767 } else if (dev->driver->gem_free_object) { 768 WARN_ON(!mutex_is_locked(&dev->struct_mutex)); 769 770 dev->driver->gem_free_object(obj); 771 } 772 } 773 EXPORT_SYMBOL(drm_gem_object_free); 774 775 /** 776 * drm_gem_object_unreference_unlocked - release a GEM BO reference 777 * @obj: GEM buffer object 778 * 779 * This releases a reference to @obj. Callers must not hold the 780 * dev->struct_mutex lock when calling this function. 781 * 782 * See also __drm_gem_object_unreference(). 783 */ 784 void 785 drm_gem_object_unreference_unlocked(struct drm_gem_object *obj) 786 { 787 struct drm_device *dev; 788 789 if (!obj) 790 return; 791 792 dev = obj->dev; 793 might_lock(&dev->struct_mutex); 794 795 if (dev->driver->gem_free_object_unlocked) 796 kref_put(&obj->refcount, drm_gem_object_free); 797 else if (kref_put_mutex(&obj->refcount, drm_gem_object_free, 798 &dev->struct_mutex)) 799 mutex_unlock(&dev->struct_mutex); 800 } 801 EXPORT_SYMBOL(drm_gem_object_unreference_unlocked); 802 803 /** 804 * drm_gem_object_unreference - release a GEM BO reference 805 * @obj: GEM buffer object 806 * 807 * This releases a reference to @obj. Callers must hold the dev->struct_mutex 808 * lock when calling this function, even when the driver doesn't use 809 * dev->struct_mutex for anything. 810 * 811 * For drivers not encumbered with legacy locking use 812 * drm_gem_object_unreference_unlocked() instead. 813 */ 814 void 815 drm_gem_object_unreference(struct drm_gem_object *obj) 816 { 817 if (obj) { 818 #if 0 819 WARN_ON(!mutex_is_locked(&obj->dev->struct_mutex)); 820 #endif 821 822 kref_put(&obj->refcount, drm_gem_object_free); 823 } 824 } 825 EXPORT_SYMBOL(drm_gem_object_unreference); 826 827 static struct drm_gem_object * 828 drm_gem_object_from_offset(struct drm_device *dev, vm_ooffset_t offset) 829 { 830 struct drm_gem_object *obj; 831 struct drm_gem_mm *mm = dev->mm_private; 832 struct drm_hash_item *hash; 833 834 if ((offset & DRM_GEM_MAPPING_MASK) != DRM_GEM_MAPPING_KEY) 835 return (NULL); 836 offset &= ~DRM_GEM_MAPPING_KEY; 837 838 if (drm_ht_find_item(&mm->offset_hash, DRM_GEM_MAPPING_IDX(offset), 839 &hash) != 0) { 840 return (NULL); 841 } 842 obj = container_of(hash, struct drm_gem_object, map_list); 843 return (obj); 844 } 845 846 int 847 drm_gem_mmap_single(struct drm_device *dev, vm_ooffset_t *offset, vm_size_t size, 848 struct vm_object **obj_res, int nprot) 849 { 850 struct drm_gem_object *gem_obj; 851 struct vm_object *vm_obj; 852 853 DRM_LOCK(dev); 854 gem_obj = drm_gem_object_from_offset(dev, *offset); 855 if (gem_obj == NULL) { 856 DRM_UNLOCK(dev); 857 return (ENODEV); 858 } 859 860 drm_gem_object_reference(gem_obj); 861 DRM_UNLOCK(dev); 862 vm_obj = cdev_pager_allocate(gem_obj, OBJT_MGTDEVICE, 863 dev->driver->gem_vm_ops, size, nprot, 864 DRM_GEM_MAPPING_MAPOFF(*offset), curthread->td_ucred); 865 if (vm_obj == NULL) { 866 drm_gem_object_unreference_unlocked(gem_obj); 867 return (EINVAL); 868 } 869 *offset = DRM_GEM_MAPPING_MAPOFF(*offset); 870 *obj_res = vm_obj; 871 return (0); 872 } 873