1 /* 2 * Copyright © 2008 Intel Corporation 3 * 4 * Permission is hereby granted, free of charge, to any person obtaining a 5 * copy of this software and associated documentation files (the "Software"), 6 * to deal in the Software without restriction, including without limitation 7 * the rights to use, copy, modify, merge, publish, distribute, sublicense, 8 * and/or sell copies of the Software, and to permit persons to whom the 9 * Software is furnished to do so, subject to the following conditions: 10 * 11 * The above copyright notice and this permission notice (including the next 12 * paragraph) shall be included in all copies or substantial portions of the 13 * Software. 14 * 15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 18 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 20 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS 21 * IN THE SOFTWARE. 22 * 23 * Authors: 24 * Eric Anholt <eric@anholt.net> 25 * 26 */ 27 /*- 28 * Copyright (c) 2011 The FreeBSD Foundation 29 * All rights reserved. 30 * 31 * This software was developed by Konstantin Belousov under sponsorship from 32 * the FreeBSD Foundation. 33 * 34 * Redistribution and use in source and binary forms, with or without 35 * modification, are permitted provided that the following conditions 36 * are met: 37 * 1. Redistributions of source code must retain the above copyright 38 * notice, this list of conditions and the following disclaimer. 39 * 2. Redistributions in binary form must reproduce the above copyright 40 * notice, this list of conditions and the following disclaimer in the 41 * documentation and/or other materials provided with the distribution. 42 * 43 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 44 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 45 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 46 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 47 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 48 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 49 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 50 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 51 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 52 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 53 * SUCH DAMAGE. 54 */ 55 56 #include "opt_vm.h" 57 58 #include <sys/param.h> 59 #include <sys/systm.h> 60 #include <sys/limits.h> 61 #include <sys/lock.h> 62 #include <sys/conf.h> 63 64 #include <vm/vm.h> 65 #include <vm/vm_page.h> 66 67 #include <linux/types.h> 68 #include <linux/mm.h> 69 #include <linux/module.h> 70 #include <drm/drmP.h> 71 #include <drm/drm_vma_manager.h> 72 #include <drm/drm_gem.h> 73 #include "drm_internal.h" 74 75 /** @file drm_gem.c 76 * 77 * This file provides some of the base ioctls and library routines for 78 * the graphics memory manager implemented by each device driver. 79 * 80 * Because various devices have different requirements in terms of 81 * synchronization and migration strategies, implementing that is left up to 82 * the driver, and all that the general API provides should be generic -- 83 * allocating objects, reading/writing data with the cpu, freeing objects. 84 * Even there, platform-dependent optimizations for reading/writing data with 85 * the CPU mean we'll likely hook those out to driver-specific calls. However, 86 * the DRI2 implementation wants to have at least allocate/mmap be generic. 87 * 88 * The goal was to have swap-backed object allocation managed through 89 * struct file. However, file descriptors as handles to a struct file have 90 * two major failings: 91 * - Process limits prevent more than 1024 or so being used at a time by 92 * default. 93 * - Inability to allocate high fds will aggravate the X Server's select() 94 * handling, and likely that of many GL client applications as well. 95 * 96 * This led to a plan of using our own integer IDs (called handles, following 97 * DRM terminology) to mimic fds, and implement the fd syscalls we need as 98 * ioctls. The objects themselves will still include the struct file so 99 * that we can transition to fds if the required kernel infrastructure shows 100 * up at a later date, and as our interface with shmfs for memory allocation. 101 */ 102 103 /* 104 * We make up offsets for buffer objects so we can recognize them at 105 * mmap time. 106 */ 107 108 /* pgoff in mmap is an unsigned long, so we need to make sure that 109 * the faked up offset will fit 110 */ 111 112 #if BITS_PER_LONG == 64 113 #define DRM_FILE_PAGE_OFFSET_START ((0xFFFFFFFFUL >> PAGE_SHIFT) + 1) 114 #define DRM_FILE_PAGE_OFFSET_SIZE ((0xFFFFFFFFUL >> PAGE_SHIFT) * 16) 115 #else 116 #define DRM_FILE_PAGE_OFFSET_START ((0xFFFFFFFUL >> PAGE_SHIFT) + 1) 117 #define DRM_FILE_PAGE_OFFSET_SIZE ((0xFFFFFFFUL >> PAGE_SHIFT) * 16) 118 #endif 119 120 /** 121 * drm_gem_init - Initialize the GEM device fields 122 * @dev: drm_devic structure to initialize 123 */ 124 int 125 drm_gem_init(struct drm_device *dev) 126 { 127 struct drm_gem_mm *mm; 128 129 lockinit(&dev->object_name_lock, "objnam", 0, LK_CANRECURSE); 130 idr_init(&dev->object_name_idr); 131 132 mm = kzalloc(sizeof(struct drm_gem_mm), GFP_KERNEL); 133 if (!mm) { 134 DRM_ERROR("out of memory\n"); 135 return -ENOMEM; 136 } 137 138 dev->mm_private = mm; 139 140 if (drm_ht_create(&mm->offset_hash, 12)) { 141 kfree(mm); 142 return -ENOMEM; 143 } 144 145 mm->idxunr = new_unrhdr(0, DRM_GEM_MAX_IDX, NULL); 146 drm_mm_init(&mm->offset_manager, DRM_FILE_PAGE_OFFSET_START, 147 DRM_FILE_PAGE_OFFSET_SIZE); 148 drm_vma_offset_manager_init(&mm->vma_manager, 149 DRM_FILE_PAGE_OFFSET_START, 150 DRM_FILE_PAGE_OFFSET_SIZE); 151 152 return 0; 153 } 154 155 void 156 drm_gem_destroy(struct drm_device *dev) 157 { 158 struct drm_gem_mm *mm = dev->mm_private; 159 160 drm_mm_takedown(&mm->offset_manager); 161 drm_ht_remove(&mm->offset_hash); 162 163 drm_vma_offset_manager_destroy(&mm->vma_manager); 164 delete_unrhdr(mm->idxunr); 165 kfree(mm); 166 dev->mm_private = NULL; 167 } 168 169 /** 170 * Initialize an already allocated GEM object of the specified size with 171 * shmfs backing store. 172 */ 173 int drm_gem_object_init(struct drm_device *dev, 174 struct drm_gem_object *obj, size_t size) 175 { 176 drm_gem_private_object_init(dev, obj, size); 177 178 obj->filp = default_pager_alloc(NULL, size, 179 VM_PROT_READ | VM_PROT_WRITE, 0); 180 181 return 0; 182 } 183 EXPORT_SYMBOL(drm_gem_object_init); 184 185 /** 186 * drm_gem_object_init - initialize an allocated private GEM object 187 * @dev: drm_device the object should be initialized for 188 * @obj: drm_gem_object to initialize 189 * @size: object size 190 * 191 * Initialize an already allocated GEM object of the specified size with 192 * no GEM provided backing store. Instead the caller is responsible for 193 * backing the object and handling it. 194 */ 195 void drm_gem_private_object_init(struct drm_device *dev, 196 struct drm_gem_object *obj, size_t size) 197 { 198 BUG_ON((size & (PAGE_SIZE - 1)) != 0); 199 200 obj->dev = dev; 201 obj->filp = NULL; 202 203 kref_init(&obj->refcount); 204 obj->handle_count = 0; 205 obj->size = size; 206 drm_vma_node_reset(&obj->vma_node); 207 } 208 EXPORT_SYMBOL(drm_gem_private_object_init); 209 210 static void 211 drm_gem_remove_prime_handles(struct drm_gem_object *obj, struct drm_file *filp) 212 { 213 /* 214 * Note: obj->dma_buf can't disappear as long as we still hold a 215 * handle reference in obj->handle_count. 216 */ 217 mutex_lock(&filp->prime.lock); 218 #if 0 219 if (obj->dma_buf) { 220 drm_prime_remove_buf_handle_locked(&filp->prime, 221 obj->dma_buf); 222 } 223 #endif 224 mutex_unlock(&filp->prime.lock); 225 } 226 227 static void drm_gem_object_ref_bug(struct kref *list_kref) 228 { 229 BUG(); 230 } 231 232 /** 233 * drm_gem_object_handle_free - release resources bound to userspace handles 234 * @obj: GEM object to clean up. 235 * 236 * Called after the last handle to the object has been closed 237 * 238 * Removes any name for the object. Note that this must be 239 * called before drm_gem_object_free or we'll be touching 240 * freed memory 241 */ 242 static void drm_gem_object_handle_free(struct drm_gem_object *obj) 243 { 244 struct drm_device *dev = obj->dev; 245 246 /* Remove any name for this object */ 247 if (obj->name) { 248 idr_remove(&dev->object_name_idr, obj->name); 249 obj->name = 0; 250 /* 251 * The object name held a reference to this object, drop 252 * that now. 253 * 254 * This cannot be the last reference, since the handle holds one too. 255 */ 256 kref_put(&obj->refcount, drm_gem_object_ref_bug); 257 } 258 } 259 260 static void drm_gem_object_exported_dma_buf_free(struct drm_gem_object *obj) 261 { 262 #if 0 263 /* Unbreak the reference cycle if we have an exported dma_buf. */ 264 if (obj->dma_buf) { 265 dma_buf_put(obj->dma_buf); 266 obj->dma_buf = NULL; 267 } 268 #endif 269 } 270 271 static void 272 drm_gem_object_handle_unreference_unlocked(struct drm_gem_object *obj) 273 { 274 struct drm_device *dev = obj->dev; 275 276 if (WARN_ON(obj->handle_count == 0)) 277 return; 278 279 /* 280 * Must bump handle count first as this may be the last 281 * ref, in which case the object would disappear before we 282 * checked for a name 283 */ 284 285 mutex_lock(&dev->object_name_lock); 286 if (--obj->handle_count == 0) { 287 drm_gem_object_handle_free(obj); 288 drm_gem_object_exported_dma_buf_free(obj); 289 } 290 mutex_unlock(&dev->object_name_lock); 291 292 drm_gem_object_unreference_unlocked(obj); 293 } 294 295 /* 296 * Called at device or object close to release the file's 297 * handle references on objects. 298 */ 299 static int 300 drm_gem_object_release_handle(int id, void *ptr, void *data) 301 { 302 struct drm_file *file_priv = data; 303 struct drm_gem_object *obj = ptr; 304 struct drm_device *dev = obj->dev; 305 306 drm_gem_remove_prime_handles(obj, file_priv); 307 308 if (dev->driver->gem_close_object) 309 dev->driver->gem_close_object(obj, file_priv); 310 311 drm_gem_object_handle_unreference_unlocked(obj); 312 313 return 0; 314 } 315 316 /** 317 * drm_gem_handle_delete - deletes the given file-private handle 318 * @filp: drm file-private structure to use for the handle look up 319 * @handle: userspace handle to delete 320 * 321 * Removes the GEM handle from the @filp lookup table which has been added with 322 * drm_gem_handle_create(). If this is the last handle also cleans up linked 323 * resources like GEM names. 324 */ 325 int 326 drm_gem_handle_delete(struct drm_file *filp, u32 handle) 327 { 328 struct drm_device *dev; 329 struct drm_gem_object *obj; 330 331 /* This is gross. The idr system doesn't let us try a delete and 332 * return an error code. It just spews if you fail at deleting. 333 * So, we have to grab a lock around finding the object and then 334 * doing the delete on it and dropping the refcount, or the user 335 * could race us to double-decrement the refcount and cause a 336 * use-after-free later. Given the frequency of our handle lookups, 337 * we may want to use ida for number allocation and a hash table 338 * for the pointers, anyway. 339 */ 340 lockmgr(&filp->table_lock, LK_EXCLUSIVE); 341 342 /* Check if we currently have a reference on the object */ 343 obj = idr_find(&filp->object_idr, handle); 344 if (obj == NULL) { 345 lockmgr(&filp->table_lock, LK_RELEASE); 346 return -EINVAL; 347 } 348 dev = obj->dev; 349 350 /* Release reference and decrement refcount. */ 351 idr_remove(&filp->object_idr, handle); 352 lockmgr(&filp->table_lock, LK_RELEASE); 353 354 drm_gem_remove_prime_handles(obj, filp); 355 356 if (dev->driver->gem_close_object) 357 dev->driver->gem_close_object(obj, filp); 358 drm_gem_object_handle_unreference_unlocked(obj); 359 360 return 0; 361 } 362 EXPORT_SYMBOL(drm_gem_handle_delete); 363 364 /** 365 * drm_gem_dumb_destroy - dumb fb callback helper for gem based drivers 366 * @file: drm file-private structure to remove the dumb handle from 367 * @dev: corresponding drm_device 368 * @handle: the dumb handle to remove 369 * 370 * This implements the ->dumb_destroy kms driver callback for drivers which use 371 * gem to manage their backing storage. 372 */ 373 int drm_gem_dumb_destroy(struct drm_file *file, 374 struct drm_device *dev, 375 uint32_t handle) 376 { 377 return drm_gem_handle_delete(file, handle); 378 } 379 EXPORT_SYMBOL(drm_gem_dumb_destroy); 380 381 /** 382 * drm_gem_handle_create_tail - internal functions to create a handle 383 * @file_priv: drm file-private structure to register the handle for 384 * @obj: object to register 385 * @handlep: pointer to return the created handle to the caller 386 * 387 * This expects the dev->object_name_lock to be held already and will drop it 388 * before returning. Used to avoid races in establishing new handles when 389 * importing an object from either an flink name or a dma-buf. 390 * 391 * Handles must be release again through drm_gem_handle_delete(). This is done 392 * when userspace closes @file_priv for all attached handles, or through the 393 * GEM_CLOSE ioctl for individual handles. 394 */ 395 int 396 drm_gem_handle_create_tail(struct drm_file *file_priv, 397 struct drm_gem_object *obj, 398 u32 *handlep) 399 { 400 struct drm_device *dev = obj->dev; 401 int ret; 402 403 *handlep = 0; /* whack gcc warning */ 404 WARN_ON(!mutex_is_locked(&dev->object_name_lock)); 405 406 /* 407 * Get the user-visible handle using idr. Preload and perform 408 * allocation under our spinlock. 409 */ 410 idr_preload(GFP_KERNEL); 411 lockmgr(&file_priv->table_lock, LK_EXCLUSIVE); 412 413 ret = idr_alloc(&file_priv->object_idr, obj, 1, 0, GFP_NOWAIT); 414 drm_gem_object_reference(obj); 415 obj->handle_count++; 416 lockmgr(&file_priv->table_lock, LK_RELEASE); 417 idr_preload_end(); 418 mutex_unlock(&dev->object_name_lock); 419 if (ret < 0) { 420 drm_gem_object_handle_unreference_unlocked(obj); 421 return ret; 422 } 423 *handlep = ret; 424 425 #if 0 426 ret = drm_vma_node_allow(&obj->vma_node, file_priv->filp); 427 if (ret) { 428 drm_gem_handle_delete(file_priv, *handlep); 429 return ret; 430 } 431 #endif 432 433 if (dev->driver->gem_open_object) { 434 ret = dev->driver->gem_open_object(obj, file_priv); 435 if (ret) { 436 drm_gem_handle_delete(file_priv, *handlep); 437 return ret; 438 } 439 } 440 441 return 0; 442 } 443 444 /** 445 * drm_gem_handle_create - create a gem handle for an object 446 * @file_priv: drm file-private structure to register the handle for 447 * @obj: object to register 448 * @handlep: pionter to return the created handle to the caller 449 * 450 * Create a handle for this object. This adds a handle reference 451 * to the object, which includes a regular reference count. Callers 452 * will likely want to dereference the object afterwards. 453 */ 454 int drm_gem_handle_create(struct drm_file *file_priv, 455 struct drm_gem_object *obj, 456 u32 *handlep) 457 { 458 mutex_lock(&obj->dev->object_name_lock); 459 460 return drm_gem_handle_create_tail(file_priv, obj, handlep); 461 } 462 EXPORT_SYMBOL(drm_gem_handle_create); 463 464 /** 465 * drm_gem_free_mmap_offset - release a fake mmap offset for an object 466 * @obj: obj in question 467 * 468 * This routine frees fake offsets allocated by drm_gem_create_mmap_offset(). 469 * 470 * Note that drm_gem_object_release() already calls this function, so drivers 471 * don't have to take care of releasing the mmap offset themselves when freeing 472 * the GEM object. 473 */ 474 void 475 drm_gem_free_mmap_offset(struct drm_gem_object *obj) 476 { 477 struct drm_device *dev = obj->dev; 478 struct drm_gem_mm *mm = dev->mm_private; 479 struct drm_hash_item *list; 480 481 if (!obj->on_map) 482 return; 483 list = &obj->map_list; 484 485 drm_ht_remove_item(&mm->offset_hash, list); 486 free_unr(mm->idxunr, list->key); 487 obj->on_map = false; 488 489 drm_vma_offset_remove(&mm->vma_manager, &obj->vma_node); 490 } 491 EXPORT_SYMBOL(drm_gem_free_mmap_offset); 492 493 /** 494 * drm_gem_create_mmap_offset_size - create a fake mmap offset for an object 495 * @obj: obj in question 496 * @size: the virtual size 497 * 498 * GEM memory mapping works by handing back to userspace a fake mmap offset 499 * it can use in a subsequent mmap(2) call. The DRM core code then looks 500 * up the object based on the offset and sets up the various memory mapping 501 * structures. 502 * 503 * This routine allocates and attaches a fake offset for @obj, in cases where 504 * the virtual size differs from the physical size (ie. obj->size). Otherwise 505 * just use drm_gem_create_mmap_offset(). 506 * 507 * This function is idempotent and handles an already allocated mmap offset 508 * transparently. Drivers do not need to check for this case. 509 */ 510 int 511 drm_gem_create_mmap_offset_size(struct drm_gem_object *obj, size_t size) 512 { 513 struct drm_device *dev = obj->dev; 514 struct drm_gem_mm *mm = dev->mm_private; 515 int ret = 0; 516 517 if (obj->on_map) 518 return (0); 519 520 obj->map_list.key = alloc_unr(mm->idxunr); 521 ret = drm_ht_insert_item(&mm->offset_hash, &obj->map_list); 522 if (ret != 0) { 523 DRM_ERROR("failed to add to map hash\n"); 524 free_unr(mm->idxunr, obj->map_list.key); 525 return (ret); 526 } 527 obj->on_map = true; 528 return 0; 529 530 return drm_vma_offset_add(&mm->vma_manager, &obj->vma_node, 531 size / PAGE_SIZE); 532 } 533 EXPORT_SYMBOL(drm_gem_create_mmap_offset_size); 534 535 /** 536 * drm_gem_create_mmap_offset - create a fake mmap offset for an object 537 * @obj: obj in question 538 * 539 * GEM memory mapping works by handing back to userspace a fake mmap offset 540 * it can use in a subsequent mmap(2) call. The DRM core code then looks 541 * up the object based on the offset and sets up the various memory mapping 542 * structures. 543 * 544 * This routine allocates and attaches a fake offset for @obj. 545 * 546 * Drivers can call drm_gem_free_mmap_offset() before freeing @obj to release 547 * the fake offset again. 548 */ 549 int drm_gem_create_mmap_offset(struct drm_gem_object *obj) 550 { 551 return drm_gem_create_mmap_offset_size(obj, obj->size); 552 } 553 EXPORT_SYMBOL(drm_gem_create_mmap_offset); 554 555 /** 556 * drm_gem_object_lookup - look up a GEM object from it's handle 557 * @filp: DRM file private date 558 * @handle: userspace handle 559 * 560 * Returns: 561 * 562 * A reference to the object named by the handle if such exists on @filp, NULL 563 * otherwise. 564 */ 565 struct drm_gem_object * 566 drm_gem_object_lookup(struct drm_file *filp, u32 handle) 567 { 568 struct drm_gem_object *obj; 569 570 lockmgr(&filp->table_lock, LK_EXCLUSIVE); 571 572 /* Check if we currently have a reference on the object */ 573 obj = idr_find(&filp->object_idr, handle); 574 if (obj) 575 drm_gem_object_reference(obj); 576 577 lockmgr(&filp->table_lock, LK_RELEASE); 578 579 return obj; 580 } 581 EXPORT_SYMBOL(drm_gem_object_lookup); 582 583 /** 584 * drm_gem_close_ioctl - implementation of the GEM_CLOSE ioctl 585 * @dev: drm_device 586 * @data: ioctl data 587 * @file_priv: drm file-private structure 588 * 589 * Releases the handle to an mm object. 590 */ 591 int 592 drm_gem_close_ioctl(struct drm_device *dev, void *data, 593 struct drm_file *file_priv) 594 { 595 struct drm_gem_close *args = data; 596 int ret; 597 598 if (!drm_core_check_feature(dev, DRIVER_GEM)) 599 return -ENODEV; 600 601 ret = drm_gem_handle_delete(file_priv, args->handle); 602 603 return ret; 604 } 605 606 /** 607 * Create a global name for an object, returning the name. 608 * 609 * Note that the name does not hold a reference; when the object 610 * is freed, the name goes away. 611 */ 612 int 613 drm_gem_flink_ioctl(struct drm_device *dev, void *data, 614 struct drm_file *file_priv) 615 { 616 struct drm_gem_flink *args = data; 617 struct drm_gem_object *obj; 618 int ret; 619 620 if (!drm_core_check_feature(dev, DRIVER_GEM)) 621 return -ENODEV; 622 623 obj = drm_gem_object_lookup(file_priv, args->handle); 624 if (obj == NULL) 625 return -ENOENT; 626 627 idr_preload(GFP_KERNEL); 628 lockmgr(&dev->object_name_lock, LK_EXCLUSIVE); 629 /* prevent races with concurrent gem_close. */ 630 if (obj->handle_count == 0) { 631 ret = -ENOENT; 632 goto err; 633 } 634 635 if (!obj->name) { 636 ret = idr_alloc(&dev->object_name_idr, obj, 1, 0, GFP_NOWAIT); 637 if (ret < 0) 638 goto err; 639 640 obj->name = ret; 641 642 /* Allocate a reference for the name table. */ 643 drm_gem_object_reference(obj); 644 } 645 646 args->name = (uint64_t) obj->name; 647 ret = 0; 648 649 err: 650 lockmgr(&dev->object_name_lock, LK_RELEASE); 651 idr_preload_end(); 652 drm_gem_object_unreference_unlocked(obj); 653 return ret; 654 } 655 656 /** 657 * drm_gem_open - implementation of the GEM_OPEN ioctl 658 * @dev: drm_device 659 * @data: ioctl data 660 * @file_priv: drm file-private structure 661 * 662 * Open an object using the global name, returning a handle and the size. 663 * 664 * This handle (of course) holds a reference to the object, so the object 665 * will not go away until the handle is deleted. 666 */ 667 int 668 drm_gem_open_ioctl(struct drm_device *dev, void *data, 669 struct drm_file *file_priv) 670 { 671 struct drm_gem_open *args = data; 672 struct drm_gem_object *obj; 673 int ret; 674 u32 handle; 675 676 if (!drm_core_check_feature(dev, DRIVER_GEM)) 677 return -ENODEV; 678 679 lockmgr(&dev->object_name_lock, LK_EXCLUSIVE); 680 obj = idr_find(&dev->object_name_idr, (int) args->name); 681 if (obj) 682 drm_gem_object_reference(obj); 683 lockmgr(&dev->object_name_lock, LK_RELEASE); 684 if (!obj) 685 return -ENOENT; 686 687 ret = drm_gem_handle_create(file_priv, obj, &handle); 688 drm_gem_object_unreference_unlocked(obj); 689 if (ret) 690 return ret; 691 692 args->handle = handle; 693 args->size = obj->size; 694 695 return 0; 696 } 697 698 /** 699 * gem_gem_open - initalizes GEM file-private structures at devnode open time 700 * @dev: drm_device which is being opened by userspace 701 * @file_private: drm file-private structure to set up 702 * 703 * Called at device open time, sets up the structure for handling refcounting 704 * of mm objects. 705 */ 706 void 707 drm_gem_open(struct drm_device *dev, struct drm_file *file_private) 708 { 709 idr_init(&file_private->object_idr); 710 lockinit(&file_private->table_lock, "fptab", 0, LK_CANRECURSE); 711 } 712 713 /** 714 * drm_gem_release - release file-private GEM resources 715 * @dev: drm_device which is being closed by userspace 716 * @file_private: drm file-private structure to clean up 717 * 718 * Called at close time when the filp is going away. 719 * 720 * Releases any remaining references on objects by this filp. 721 */ 722 void 723 drm_gem_release(struct drm_device *dev, struct drm_file *file_private) 724 { 725 idr_for_each(&file_private->object_idr, 726 &drm_gem_object_release_handle, file_private); 727 idr_destroy(&file_private->object_idr); 728 } 729 730 /** 731 * drm_gem_object_release - release GEM buffer object resources 732 * @obj: GEM buffer object 733 * 734 * This releases any structures and resources used by @obj and is the invers of 735 * drm_gem_object_init(). 736 */ 737 void 738 drm_gem_object_release(struct drm_gem_object *obj) 739 { 740 741 /* 742 * obj->vm_obj can be NULL for private gem objects. 743 */ 744 vm_object_deallocate(obj->filp); 745 } 746 EXPORT_SYMBOL(drm_gem_object_release); 747 748 /** 749 * drm_gem_object_free - free a GEM object 750 * @kref: kref of the object to free 751 * 752 * Called after the last reference to the object has been lost. 753 * Must be called holding &drm_device->struct_mutex. 754 * 755 * Frees the object 756 */ 757 void 758 drm_gem_object_free(struct kref *kref) 759 { 760 struct drm_gem_object *obj = 761 container_of(kref, struct drm_gem_object, refcount); 762 struct drm_device *dev = obj->dev; 763 764 if (dev->driver->gem_free_object_unlocked) { 765 dev->driver->gem_free_object_unlocked(obj); 766 } else if (dev->driver->gem_free_object) { 767 WARN_ON(!mutex_is_locked(&dev->struct_mutex)); 768 769 dev->driver->gem_free_object(obj); 770 } 771 } 772 EXPORT_SYMBOL(drm_gem_object_free); 773 774 /** 775 * drm_gem_object_unreference_unlocked - release a GEM BO reference 776 * @obj: GEM buffer object 777 * 778 * This releases a reference to @obj. Callers must not hold the 779 * dev->struct_mutex lock when calling this function. 780 * 781 * See also __drm_gem_object_unreference(). 782 */ 783 void 784 drm_gem_object_unreference_unlocked(struct drm_gem_object *obj) 785 { 786 struct drm_device *dev; 787 788 if (!obj) 789 return; 790 791 dev = obj->dev; 792 might_lock(&dev->struct_mutex); 793 794 if (dev->driver->gem_free_object_unlocked) 795 kref_put(&obj->refcount, drm_gem_object_free); 796 else if (kref_put_mutex(&obj->refcount, drm_gem_object_free, 797 &dev->struct_mutex)) 798 mutex_unlock(&dev->struct_mutex); 799 } 800 EXPORT_SYMBOL(drm_gem_object_unreference_unlocked); 801 802 /** 803 * drm_gem_object_unreference - release a GEM BO reference 804 * @obj: GEM buffer object 805 * 806 * This releases a reference to @obj. Callers must hold the dev->struct_mutex 807 * lock when calling this function, even when the driver doesn't use 808 * dev->struct_mutex for anything. 809 * 810 * For drivers not encumbered with legacy locking use 811 * drm_gem_object_unreference_unlocked() instead. 812 */ 813 void 814 drm_gem_object_unreference(struct drm_gem_object *obj) 815 { 816 if (obj) { 817 #if 0 818 WARN_ON(!mutex_is_locked(&obj->dev->struct_mutex)); 819 #endif 820 821 kref_put(&obj->refcount, drm_gem_object_free); 822 } 823 } 824 EXPORT_SYMBOL(drm_gem_object_unreference); 825 826 static struct drm_gem_object * 827 drm_gem_object_from_offset(struct drm_device *dev, vm_ooffset_t offset) 828 { 829 struct drm_gem_object *obj; 830 struct drm_gem_mm *mm = dev->mm_private; 831 struct drm_hash_item *hash; 832 833 if ((offset & DRM_GEM_MAPPING_MASK) != DRM_GEM_MAPPING_KEY) 834 return (NULL); 835 offset &= ~DRM_GEM_MAPPING_KEY; 836 837 if (drm_ht_find_item(&mm->offset_hash, DRM_GEM_MAPPING_IDX(offset), 838 &hash) != 0) { 839 return (NULL); 840 } 841 obj = container_of(hash, struct drm_gem_object, map_list); 842 return (obj); 843 } 844 845 int 846 drm_gem_mmap_single(struct drm_device *dev, vm_ooffset_t *offset, vm_size_t size, 847 struct vm_object **obj_res, int nprot) 848 { 849 struct drm_gem_object *gem_obj; 850 struct vm_object *vm_obj; 851 852 DRM_LOCK(dev); 853 gem_obj = drm_gem_object_from_offset(dev, *offset); 854 if (gem_obj == NULL) { 855 DRM_UNLOCK(dev); 856 return (ENODEV); 857 } 858 859 drm_gem_object_reference(gem_obj); 860 DRM_UNLOCK(dev); 861 vm_obj = cdev_pager_allocate(gem_obj, OBJT_MGTDEVICE, 862 dev->driver->gem_vm_ops, size, nprot, 863 DRM_GEM_MAPPING_MAPOFF(*offset), curthread->td_ucred); 864 if (vm_obj == NULL) { 865 drm_gem_object_unreference_unlocked(gem_obj); 866 return (EINVAL); 867 } 868 *offset = DRM_GEM_MAPPING_MAPOFF(*offset); 869 *obj_res = vm_obj; 870 return (0); 871 } 872