1 /* 2 * Copyright © 2008 Intel Corporation 3 * 4 * Permission is hereby granted, free of charge, to any person obtaining a 5 * copy of this software and associated documentation files (the "Software"), 6 * to deal in the Software without restriction, including without limitation 7 * the rights to use, copy, modify, merge, publish, distribute, sublicense, 8 * and/or sell copies of the Software, and to permit persons to whom the 9 * Software is furnished to do so, subject to the following conditions: 10 * 11 * The above copyright notice and this permission notice (including the next 12 * paragraph) shall be included in all copies or substantial portions of the 13 * Software. 14 * 15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 18 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 20 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS 21 * IN THE SOFTWARE. 22 * 23 * Authors: 24 * Eric Anholt <eric@anholt.net> 25 * 26 */ 27 /*- 28 * Copyright (c) 2011 The FreeBSD Foundation 29 * All rights reserved. 30 * 31 * This software was developed by Konstantin Belousov under sponsorship from 32 * the FreeBSD Foundation. 33 * 34 * Redistribution and use in source and binary forms, with or without 35 * modification, are permitted provided that the following conditions 36 * are met: 37 * 1. Redistributions of source code must retain the above copyright 38 * notice, this list of conditions and the following disclaimer. 39 * 2. Redistributions in binary form must reproduce the above copyright 40 * notice, this list of conditions and the following disclaimer in the 41 * documentation and/or other materials provided with the distribution. 42 * 43 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 44 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 45 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 46 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 47 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 48 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 49 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 50 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 51 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 52 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 53 * SUCH DAMAGE. 54 */ 55 56 #include "opt_vm.h" 57 58 #include <sys/param.h> 59 #include <sys/systm.h> 60 #include <sys/limits.h> 61 #include <sys/lock.h> 62 #include <sys/mutex.h> 63 #include <sys/conf.h> 64 65 #include <vm/vm.h> 66 #include <vm/vm_page.h> 67 68 #include <linux/types.h> 69 #include <linux/mm.h> 70 #include <linux/module.h> 71 #include <drm/drmP.h> 72 #include <drm/drm_vma_manager.h> 73 #include <drm/drm_gem.h> 74 #include "drm_internal.h" 75 76 /** @file drm_gem.c 77 * 78 * This file provides some of the base ioctls and library routines for 79 * the graphics memory manager implemented by each device driver. 80 * 81 * Because various devices have different requirements in terms of 82 * synchronization and migration strategies, implementing that is left up to 83 * the driver, and all that the general API provides should be generic -- 84 * allocating objects, reading/writing data with the cpu, freeing objects. 85 * Even there, platform-dependent optimizations for reading/writing data with 86 * the CPU mean we'll likely hook those out to driver-specific calls. However, 87 * the DRI2 implementation wants to have at least allocate/mmap be generic. 88 * 89 * The goal was to have swap-backed object allocation managed through 90 * struct file. However, file descriptors as handles to a struct file have 91 * two major failings: 92 * - Process limits prevent more than 1024 or so being used at a time by 93 * default. 94 * - Inability to allocate high fds will aggravate the X Server's select() 95 * handling, and likely that of many GL client applications as well. 96 * 97 * This led to a plan of using our own integer IDs (called handles, following 98 * DRM terminology) to mimic fds, and implement the fd syscalls we need as 99 * ioctls. The objects themselves will still include the struct file so 100 * that we can transition to fds if the required kernel infrastructure shows 101 * up at a later date, and as our interface with shmfs for memory allocation. 102 */ 103 104 /* 105 * We make up offsets for buffer objects so we can recognize them at 106 * mmap time. 107 */ 108 109 /* pgoff in mmap is an unsigned long, so we need to make sure that 110 * the faked up offset will fit 111 */ 112 113 #if BITS_PER_LONG == 64 114 #define DRM_FILE_PAGE_OFFSET_START ((0xFFFFFFFFUL >> PAGE_SHIFT) + 1) 115 #define DRM_FILE_PAGE_OFFSET_SIZE ((0xFFFFFFFFUL >> PAGE_SHIFT) * 16) 116 #else 117 #define DRM_FILE_PAGE_OFFSET_START ((0xFFFFFFFUL >> PAGE_SHIFT) + 1) 118 #define DRM_FILE_PAGE_OFFSET_SIZE ((0xFFFFFFFUL >> PAGE_SHIFT) * 16) 119 #endif 120 121 /** 122 * drm_gem_init - Initialize the GEM device fields 123 * @dev: drm_devic structure to initialize 124 */ 125 int 126 drm_gem_init(struct drm_device *dev) 127 { 128 struct drm_gem_mm *mm; 129 130 lockinit(&dev->object_name_lock, "objnam", 0, LK_CANRECURSE); 131 idr_init(&dev->object_name_idr); 132 133 mm = kzalloc(sizeof(struct drm_gem_mm), GFP_KERNEL); 134 if (!mm) { 135 DRM_ERROR("out of memory\n"); 136 return -ENOMEM; 137 } 138 139 dev->mm_private = mm; 140 141 if (drm_ht_create(&mm->offset_hash, 12)) { 142 kfree(mm); 143 return -ENOMEM; 144 } 145 146 mm->idxunr = new_unrhdr(0, DRM_GEM_MAX_IDX, NULL); 147 drm_mm_init(&mm->offset_manager, DRM_FILE_PAGE_OFFSET_START, 148 DRM_FILE_PAGE_OFFSET_SIZE); 149 drm_vma_offset_manager_init(&mm->vma_manager, 150 DRM_FILE_PAGE_OFFSET_START, 151 DRM_FILE_PAGE_OFFSET_SIZE); 152 153 return 0; 154 } 155 156 void 157 drm_gem_destroy(struct drm_device *dev) 158 { 159 struct drm_gem_mm *mm = dev->mm_private; 160 161 drm_mm_takedown(&mm->offset_manager); 162 drm_ht_remove(&mm->offset_hash); 163 164 drm_vma_offset_manager_destroy(&mm->vma_manager); 165 delete_unrhdr(mm->idxunr); 166 kfree(mm); 167 dev->mm_private = NULL; 168 } 169 170 /** 171 * Initialize an already allocated GEM object of the specified size with 172 * shmfs backing store. 173 */ 174 int drm_gem_object_init(struct drm_device *dev, 175 struct drm_gem_object *obj, size_t size) 176 { 177 drm_gem_private_object_init(dev, obj, size); 178 179 obj->filp = default_pager_alloc(NULL, size, 180 VM_PROT_READ | VM_PROT_WRITE, 0); 181 182 return 0; 183 } 184 EXPORT_SYMBOL(drm_gem_object_init); 185 186 /** 187 * drm_gem_object_init - initialize an allocated private GEM object 188 * @dev: drm_device the object should be initialized for 189 * @obj: drm_gem_object to initialize 190 * @size: object size 191 * 192 * Initialize an already allocated GEM object of the specified size with 193 * no GEM provided backing store. Instead the caller is responsible for 194 * backing the object and handling it. 195 */ 196 void drm_gem_private_object_init(struct drm_device *dev, 197 struct drm_gem_object *obj, size_t size) 198 { 199 BUG_ON((size & (PAGE_SIZE - 1)) != 0); 200 201 obj->dev = dev; 202 obj->filp = NULL; 203 204 kref_init(&obj->refcount); 205 obj->handle_count = 0; 206 obj->size = size; 207 drm_vma_node_reset(&obj->vma_node); 208 } 209 EXPORT_SYMBOL(drm_gem_private_object_init); 210 211 static void 212 drm_gem_remove_prime_handles(struct drm_gem_object *obj, struct drm_file *filp) 213 { 214 /* 215 * Note: obj->dma_buf can't disappear as long as we still hold a 216 * handle reference in obj->handle_count. 217 */ 218 mutex_lock(&filp->prime.lock); 219 #if 0 220 if (obj->dma_buf) { 221 drm_prime_remove_buf_handle_locked(&filp->prime, 222 obj->dma_buf); 223 } 224 #endif 225 mutex_unlock(&filp->prime.lock); 226 } 227 228 static void drm_gem_object_ref_bug(struct kref *list_kref) 229 { 230 BUG(); 231 } 232 233 /** 234 * drm_gem_object_handle_free - release resources bound to userspace handles 235 * @obj: GEM object to clean up. 236 * 237 * Called after the last handle to the object has been closed 238 * 239 * Removes any name for the object. Note that this must be 240 * called before drm_gem_object_free or we'll be touching 241 * freed memory 242 */ 243 static void drm_gem_object_handle_free(struct drm_gem_object *obj) 244 { 245 struct drm_device *dev = obj->dev; 246 247 /* Remove any name for this object */ 248 if (obj->name) { 249 idr_remove(&dev->object_name_idr, obj->name); 250 obj->name = 0; 251 /* 252 * The object name held a reference to this object, drop 253 * that now. 254 * 255 * This cannot be the last reference, since the handle holds one too. 256 */ 257 kref_put(&obj->refcount, drm_gem_object_ref_bug); 258 } 259 } 260 261 static void drm_gem_object_exported_dma_buf_free(struct drm_gem_object *obj) 262 { 263 #if 0 264 /* Unbreak the reference cycle if we have an exported dma_buf. */ 265 if (obj->dma_buf) { 266 dma_buf_put(obj->dma_buf); 267 obj->dma_buf = NULL; 268 } 269 #endif 270 } 271 272 static void 273 drm_gem_object_handle_unreference_unlocked(struct drm_gem_object *obj) 274 { 275 struct drm_device *dev = obj->dev; 276 277 if (WARN_ON(obj->handle_count == 0)) 278 return; 279 280 /* 281 * Must bump handle count first as this may be the last 282 * ref, in which case the object would disappear before we 283 * checked for a name 284 */ 285 286 mutex_lock(&dev->object_name_lock); 287 if (--obj->handle_count == 0) { 288 drm_gem_object_handle_free(obj); 289 drm_gem_object_exported_dma_buf_free(obj); 290 } 291 mutex_unlock(&dev->object_name_lock); 292 293 drm_gem_object_unreference_unlocked(obj); 294 } 295 296 /* 297 * Called at device or object close to release the file's 298 * handle references on objects. 299 */ 300 static int 301 drm_gem_object_release_handle(int id, void *ptr, void *data) 302 { 303 struct drm_file *file_priv = data; 304 struct drm_gem_object *obj = ptr; 305 struct drm_device *dev = obj->dev; 306 307 drm_gem_remove_prime_handles(obj, file_priv); 308 309 if (dev->driver->gem_close_object) 310 dev->driver->gem_close_object(obj, file_priv); 311 312 drm_gem_object_handle_unreference_unlocked(obj); 313 314 return 0; 315 } 316 317 /** 318 * drm_gem_handle_delete - deletes the given file-private handle 319 * @filp: drm file-private structure to use for the handle look up 320 * @handle: userspace handle to delete 321 * 322 * Removes the GEM handle from the @filp lookup table which has been added with 323 * drm_gem_handle_create(). If this is the last handle also cleans up linked 324 * resources like GEM names. 325 */ 326 int 327 drm_gem_handle_delete(struct drm_file *filp, u32 handle) 328 { 329 struct drm_device *dev; 330 struct drm_gem_object *obj; 331 332 /* This is gross. The idr system doesn't let us try a delete and 333 * return an error code. It just spews if you fail at deleting. 334 * So, we have to grab a lock around finding the object and then 335 * doing the delete on it and dropping the refcount, or the user 336 * could race us to double-decrement the refcount and cause a 337 * use-after-free later. Given the frequency of our handle lookups, 338 * we may want to use ida for number allocation and a hash table 339 * for the pointers, anyway. 340 */ 341 lockmgr(&filp->table_lock, LK_EXCLUSIVE); 342 343 /* Check if we currently have a reference on the object */ 344 obj = idr_find(&filp->object_idr, handle); 345 if (obj == NULL) { 346 lockmgr(&filp->table_lock, LK_RELEASE); 347 return -EINVAL; 348 } 349 dev = obj->dev; 350 351 /* Release reference and decrement refcount. */ 352 idr_remove(&filp->object_idr, handle); 353 lockmgr(&filp->table_lock, LK_RELEASE); 354 355 drm_gem_remove_prime_handles(obj, filp); 356 357 if (dev->driver->gem_close_object) 358 dev->driver->gem_close_object(obj, filp); 359 drm_gem_object_handle_unreference_unlocked(obj); 360 361 return 0; 362 } 363 EXPORT_SYMBOL(drm_gem_handle_delete); 364 365 /** 366 * drm_gem_dumb_destroy - dumb fb callback helper for gem based drivers 367 * @file: drm file-private structure to remove the dumb handle from 368 * @dev: corresponding drm_device 369 * @handle: the dumb handle to remove 370 * 371 * This implements the ->dumb_destroy kms driver callback for drivers which use 372 * gem to manage their backing storage. 373 */ 374 int drm_gem_dumb_destroy(struct drm_file *file, 375 struct drm_device *dev, 376 uint32_t handle) 377 { 378 return drm_gem_handle_delete(file, handle); 379 } 380 EXPORT_SYMBOL(drm_gem_dumb_destroy); 381 382 /** 383 * drm_gem_handle_create_tail - internal functions to create a handle 384 * @file_priv: drm file-private structure to register the handle for 385 * @obj: object to register 386 * @handlep: pointer to return the created handle to the caller 387 * 388 * This expects the dev->object_name_lock to be held already and will drop it 389 * before returning. Used to avoid races in establishing new handles when 390 * importing an object from either an flink name or a dma-buf. 391 * 392 * Handles must be release again through drm_gem_handle_delete(). This is done 393 * when userspace closes @file_priv for all attached handles, or through the 394 * GEM_CLOSE ioctl for individual handles. 395 */ 396 int 397 drm_gem_handle_create_tail(struct drm_file *file_priv, 398 struct drm_gem_object *obj, 399 u32 *handlep) 400 { 401 struct drm_device *dev = obj->dev; 402 int ret; 403 404 *handlep = 0; /* whack gcc warning */ 405 WARN_ON(!mutex_is_locked(&dev->object_name_lock)); 406 407 /* 408 * Get the user-visible handle using idr. Preload and perform 409 * allocation under our spinlock. 410 */ 411 idr_preload(GFP_KERNEL); 412 lockmgr(&file_priv->table_lock, LK_EXCLUSIVE); 413 414 ret = idr_alloc(&file_priv->object_idr, obj, 1, 0, GFP_NOWAIT); 415 drm_gem_object_reference(obj); 416 obj->handle_count++; 417 lockmgr(&file_priv->table_lock, LK_RELEASE); 418 idr_preload_end(); 419 mutex_unlock(&dev->object_name_lock); 420 if (ret < 0) { 421 drm_gem_object_handle_unreference_unlocked(obj); 422 return ret; 423 } 424 *handlep = ret; 425 426 #if 0 427 ret = drm_vma_node_allow(&obj->vma_node, file_priv->filp); 428 if (ret) { 429 drm_gem_handle_delete(file_priv, *handlep); 430 return ret; 431 } 432 #endif 433 434 if (dev->driver->gem_open_object) { 435 ret = dev->driver->gem_open_object(obj, file_priv); 436 if (ret) { 437 drm_gem_handle_delete(file_priv, *handlep); 438 return ret; 439 } 440 } 441 442 return 0; 443 } 444 445 /** 446 * drm_gem_handle_create - create a gem handle for an object 447 * @file_priv: drm file-private structure to register the handle for 448 * @obj: object to register 449 * @handlep: pionter to return the created handle to the caller 450 * 451 * Create a handle for this object. This adds a handle reference 452 * to the object, which includes a regular reference count. Callers 453 * will likely want to dereference the object afterwards. 454 */ 455 int drm_gem_handle_create(struct drm_file *file_priv, 456 struct drm_gem_object *obj, 457 u32 *handlep) 458 { 459 mutex_lock(&obj->dev->object_name_lock); 460 461 return drm_gem_handle_create_tail(file_priv, obj, handlep); 462 } 463 EXPORT_SYMBOL(drm_gem_handle_create); 464 465 /** 466 * drm_gem_free_mmap_offset - release a fake mmap offset for an object 467 * @obj: obj in question 468 * 469 * This routine frees fake offsets allocated by drm_gem_create_mmap_offset(). 470 * 471 * Note that drm_gem_object_release() already calls this function, so drivers 472 * don't have to take care of releasing the mmap offset themselves when freeing 473 * the GEM object. 474 */ 475 void 476 drm_gem_free_mmap_offset(struct drm_gem_object *obj) 477 { 478 struct drm_device *dev = obj->dev; 479 struct drm_gem_mm *mm = dev->mm_private; 480 struct drm_hash_item *list; 481 482 if (!obj->on_map) 483 return; 484 list = &obj->map_list; 485 486 drm_ht_remove_item(&mm->offset_hash, list); 487 free_unr(mm->idxunr, list->key); 488 obj->on_map = false; 489 490 drm_vma_offset_remove(&mm->vma_manager, &obj->vma_node); 491 } 492 EXPORT_SYMBOL(drm_gem_free_mmap_offset); 493 494 /** 495 * drm_gem_create_mmap_offset_size - create a fake mmap offset for an object 496 * @obj: obj in question 497 * @size: the virtual size 498 * 499 * GEM memory mapping works by handing back to userspace a fake mmap offset 500 * it can use in a subsequent mmap(2) call. The DRM core code then looks 501 * up the object based on the offset and sets up the various memory mapping 502 * structures. 503 * 504 * This routine allocates and attaches a fake offset for @obj, in cases where 505 * the virtual size differs from the physical size (ie. obj->size). Otherwise 506 * just use drm_gem_create_mmap_offset(). 507 * 508 * This function is idempotent and handles an already allocated mmap offset 509 * transparently. Drivers do not need to check for this case. 510 */ 511 int 512 drm_gem_create_mmap_offset_size(struct drm_gem_object *obj, size_t size) 513 { 514 struct drm_device *dev = obj->dev; 515 struct drm_gem_mm *mm = dev->mm_private; 516 int ret = 0; 517 518 if (obj->on_map) 519 return (0); 520 521 obj->map_list.key = alloc_unr(mm->idxunr); 522 ret = drm_ht_insert_item(&mm->offset_hash, &obj->map_list); 523 if (ret != 0) { 524 DRM_ERROR("failed to add to map hash\n"); 525 free_unr(mm->idxunr, obj->map_list.key); 526 return (ret); 527 } 528 obj->on_map = true; 529 return 0; 530 531 return drm_vma_offset_add(&mm->vma_manager, &obj->vma_node, 532 size / PAGE_SIZE); 533 } 534 EXPORT_SYMBOL(drm_gem_create_mmap_offset_size); 535 536 /** 537 * drm_gem_create_mmap_offset - create a fake mmap offset for an object 538 * @obj: obj in question 539 * 540 * GEM memory mapping works by handing back to userspace a fake mmap offset 541 * it can use in a subsequent mmap(2) call. The DRM core code then looks 542 * up the object based on the offset and sets up the various memory mapping 543 * structures. 544 * 545 * This routine allocates and attaches a fake offset for @obj. 546 * 547 * Drivers can call drm_gem_free_mmap_offset() before freeing @obj to release 548 * the fake offset again. 549 */ 550 int drm_gem_create_mmap_offset(struct drm_gem_object *obj) 551 { 552 return drm_gem_create_mmap_offset_size(obj, obj->size); 553 } 554 EXPORT_SYMBOL(drm_gem_create_mmap_offset); 555 556 /** 557 * drm_gem_object_lookup - look up a GEM object from it's handle 558 * @dev: DRM device 559 * @filp: DRM file private date 560 * @handle: userspace handle 561 * 562 * Returns: 563 * 564 * A reference to the object named by the handle if such exists on @filp, NULL 565 * otherwise. 566 */ 567 struct drm_gem_object * 568 drm_gem_object_lookup(struct drm_file *filp, u32 handle) 569 { 570 struct drm_gem_object *obj; 571 572 lockmgr(&filp->table_lock, LK_EXCLUSIVE); 573 574 /* Check if we currently have a reference on the object */ 575 obj = idr_find(&filp->object_idr, handle); 576 if (obj == NULL) { 577 lockmgr(&filp->table_lock, LK_RELEASE); 578 return NULL; 579 } 580 581 drm_gem_object_reference(obj); 582 583 lockmgr(&filp->table_lock, LK_RELEASE); 584 585 return obj; 586 } 587 EXPORT_SYMBOL(drm_gem_object_lookup); 588 589 /** 590 * drm_gem_close_ioctl - implementation of the GEM_CLOSE ioctl 591 * @dev: drm_device 592 * @data: ioctl data 593 * @file_priv: drm file-private structure 594 * 595 * Releases the handle to an mm object. 596 */ 597 int 598 drm_gem_close_ioctl(struct drm_device *dev, void *data, 599 struct drm_file *file_priv) 600 { 601 struct drm_gem_close *args = data; 602 int ret; 603 604 if (!drm_core_check_feature(dev, DRIVER_GEM)) 605 return -ENODEV; 606 607 ret = drm_gem_handle_delete(file_priv, args->handle); 608 609 return ret; 610 } 611 612 /** 613 * Create a global name for an object, returning the name. 614 * 615 * Note that the name does not hold a reference; when the object 616 * is freed, the name goes away. 617 */ 618 int 619 drm_gem_flink_ioctl(struct drm_device *dev, void *data, 620 struct drm_file *file_priv) 621 { 622 struct drm_gem_flink *args = data; 623 struct drm_gem_object *obj; 624 int ret; 625 626 if (!drm_core_check_feature(dev, DRIVER_GEM)) 627 return -ENODEV; 628 629 obj = drm_gem_object_lookup(file_priv, args->handle); 630 if (obj == NULL) 631 return -ENOENT; 632 633 idr_preload(GFP_KERNEL); 634 lockmgr(&dev->object_name_lock, LK_EXCLUSIVE); 635 /* prevent races with concurrent gem_close. */ 636 if (obj->handle_count == 0) { 637 ret = -ENOENT; 638 goto err; 639 } 640 641 if (!obj->name) { 642 ret = idr_alloc(&dev->object_name_idr, obj, 1, 0, GFP_NOWAIT); 643 if (ret < 0) 644 goto err; 645 646 obj->name = ret; 647 648 /* Allocate a reference for the name table. */ 649 drm_gem_object_reference(obj); 650 } 651 652 args->name = (uint64_t) obj->name; 653 ret = 0; 654 655 err: 656 lockmgr(&dev->object_name_lock, LK_RELEASE); 657 idr_preload_end(); 658 drm_gem_object_unreference_unlocked(obj); 659 return ret; 660 } 661 662 /** 663 * drm_gem_open - implementation of the GEM_OPEN ioctl 664 * @dev: drm_device 665 * @data: ioctl data 666 * @file_priv: drm file-private structure 667 * 668 * Open an object using the global name, returning a handle and the size. 669 * 670 * This handle (of course) holds a reference to the object, so the object 671 * will not go away until the handle is deleted. 672 */ 673 int 674 drm_gem_open_ioctl(struct drm_device *dev, void *data, 675 struct drm_file *file_priv) 676 { 677 struct drm_gem_open *args = data; 678 struct drm_gem_object *obj; 679 int ret; 680 u32 handle; 681 682 if (!drm_core_check_feature(dev, DRIVER_GEM)) 683 return -ENODEV; 684 685 lockmgr(&dev->object_name_lock, LK_EXCLUSIVE); 686 obj = idr_find(&dev->object_name_idr, (int) args->name); 687 if (obj) 688 drm_gem_object_reference(obj); 689 lockmgr(&dev->object_name_lock, LK_RELEASE); 690 if (!obj) 691 return -ENOENT; 692 693 ret = drm_gem_handle_create(file_priv, obj, &handle); 694 drm_gem_object_unreference_unlocked(obj); 695 if (ret) 696 return ret; 697 698 args->handle = handle; 699 args->size = obj->size; 700 701 return 0; 702 } 703 704 /** 705 * gem_gem_open - initalizes GEM file-private structures at devnode open time 706 * @dev: drm_device which is being opened by userspace 707 * @file_private: drm file-private structure to set up 708 * 709 * Called at device open time, sets up the structure for handling refcounting 710 * of mm objects. 711 */ 712 void 713 drm_gem_open(struct drm_device *dev, struct drm_file *file_private) 714 { 715 idr_init(&file_private->object_idr); 716 lockinit(&file_private->table_lock, "fptab", 0, LK_CANRECURSE); 717 } 718 719 /** 720 * drm_gem_release - release file-private GEM resources 721 * @dev: drm_device which is being closed by userspace 722 * @file_private: drm file-private structure to clean up 723 * 724 * Called at close time when the filp is going away. 725 * 726 * Releases any remaining references on objects by this filp. 727 */ 728 void 729 drm_gem_release(struct drm_device *dev, struct drm_file *file_private) 730 { 731 idr_for_each(&file_private->object_idr, 732 &drm_gem_object_release_handle, file_private); 733 idr_destroy(&file_private->object_idr); 734 } 735 736 /** 737 * drm_gem_object_release - release GEM buffer object resources 738 * @obj: GEM buffer object 739 * 740 * This releases any structures and resources used by @obj and is the invers of 741 * drm_gem_object_init(). 742 */ 743 void 744 drm_gem_object_release(struct drm_gem_object *obj) 745 { 746 747 /* 748 * obj->vm_obj can be NULL for private gem objects. 749 */ 750 vm_object_deallocate(obj->filp); 751 } 752 EXPORT_SYMBOL(drm_gem_object_release); 753 754 /** 755 * drm_gem_object_free - free a GEM object 756 * @kref: kref of the object to free 757 * 758 * Called after the last reference to the object has been lost. 759 * Must be called holding struct_ mutex 760 * 761 * Frees the object 762 */ 763 void 764 drm_gem_object_free(struct kref *kref) 765 { 766 struct drm_gem_object *obj = 767 container_of(kref, struct drm_gem_object, refcount); 768 struct drm_device *dev = obj->dev; 769 770 WARN_ON(!mutex_is_locked(&dev->struct_mutex)); 771 772 if (dev->driver->gem_free_object != NULL) 773 dev->driver->gem_free_object(obj); 774 } 775 EXPORT_SYMBOL(drm_gem_object_free); 776 777 /** 778 * drm_gem_object_unreference_unlocked - release a GEM BO reference 779 * @obj: GEM buffer object 780 * 781 * This releases a reference to @obj. Callers must not hold the 782 * dev->struct_mutex lock when calling this function. 783 * 784 * See also __drm_gem_object_unreference(). 785 */ 786 void 787 drm_gem_object_unreference_unlocked(struct drm_gem_object *obj) 788 { 789 struct drm_device *dev; 790 791 if (!obj) 792 return; 793 794 dev = obj->dev; 795 if (kref_put_mutex(&obj->refcount, drm_gem_object_free, &dev->struct_mutex)) 796 mutex_unlock(&dev->struct_mutex); 797 else 798 might_lock(&dev->struct_mutex); 799 } 800 EXPORT_SYMBOL(drm_gem_object_unreference_unlocked); 801 802 /** 803 * drm_gem_object_unreference - release a GEM BO reference 804 * @obj: GEM buffer object 805 * 806 * This releases a reference to @obj. Callers must hold the dev->struct_mutex 807 * lock when calling this function, even when the driver doesn't use 808 * dev->struct_mutex for anything. 809 * 810 * For drivers not encumbered with legacy locking use 811 * drm_gem_object_unreference_unlocked() instead. 812 */ 813 void 814 drm_gem_object_unreference(struct drm_gem_object *obj) 815 { 816 if (obj != NULL) { 817 #if 0 818 WARN_ON(!mutex_is_locked(&obj->dev->struct_mutex)); 819 #endif 820 821 kref_put(&obj->refcount, drm_gem_object_free); 822 } 823 } 824 EXPORT_SYMBOL(drm_gem_object_unreference); 825 826 static struct drm_gem_object * 827 drm_gem_object_from_offset(struct drm_device *dev, vm_ooffset_t offset) 828 { 829 struct drm_gem_object *obj; 830 struct drm_gem_mm *mm = dev->mm_private; 831 struct drm_hash_item *hash; 832 833 if ((offset & DRM_GEM_MAPPING_MASK) != DRM_GEM_MAPPING_KEY) 834 return (NULL); 835 offset &= ~DRM_GEM_MAPPING_KEY; 836 837 if (drm_ht_find_item(&mm->offset_hash, DRM_GEM_MAPPING_IDX(offset), 838 &hash) != 0) { 839 return (NULL); 840 } 841 obj = container_of(hash, struct drm_gem_object, map_list); 842 return (obj); 843 } 844 845 int 846 drm_gem_mmap_single(struct drm_device *dev, vm_ooffset_t *offset, vm_size_t size, 847 struct vm_object **obj_res, int nprot) 848 { 849 struct drm_gem_object *gem_obj; 850 struct vm_object *vm_obj; 851 852 DRM_LOCK(dev); 853 gem_obj = drm_gem_object_from_offset(dev, *offset); 854 if (gem_obj == NULL) { 855 DRM_UNLOCK(dev); 856 return (ENODEV); 857 } 858 859 drm_gem_object_reference(gem_obj); 860 DRM_UNLOCK(dev); 861 vm_obj = cdev_pager_allocate(gem_obj, OBJT_MGTDEVICE, 862 dev->driver->gem_vm_ops, size, nprot, 863 DRM_GEM_MAPPING_MAPOFF(*offset), curthread->td_ucred); 864 if (vm_obj == NULL) { 865 drm_gem_object_unreference_unlocked(gem_obj); 866 return (EINVAL); 867 } 868 *offset = DRM_GEM_MAPPING_MAPOFF(*offset); 869 *obj_res = vm_obj; 870 return (0); 871 } 872