xref: /dragonfly/sys/dev/drm/drm_gem.c (revision 3851e4b8) 
1 /*
2  * Copyright © 2008 Intel Corporation
3  *
4  * Permission is hereby granted, free of charge, to any person obtaining a
5  * copy of this software and associated documentation files (the "Software"),
6  * to deal in the Software without restriction, including without limitation
7  * the rights to use, copy, modify, merge, publish, distribute, sublicense,
8  * and/or sell copies of the Software, and to permit persons to whom the
9  * Software is furnished to do so, subject to the following conditions:
10  *
11  * The above copyright notice and this permission notice (including the next
12  * paragraph) shall be included in all copies or substantial portions of the
13  * Software.
14  *
15  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL
18  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
20  * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
21  * IN THE SOFTWARE.
22  *
23  * Authors:
24  *    Eric Anholt <eric@anholt.net>
25  *
26  */
27 /*-
28  * Copyright (c) 2011 The FreeBSD Foundation
29  * All rights reserved.
30  *
31  * This software was developed by Konstantin Belousov under sponsorship from
32  * the FreeBSD Foundation.
33  *
34  * Redistribution and use in source and binary forms, with or without
35  * modification, are permitted provided that the following conditions
36  * are met:
37  * 1. Redistributions of source code must retain the above copyright
38  *    notice, this list of conditions and the following disclaimer.
39  * 2. Redistributions in binary form must reproduce the above copyright
40  *    notice, this list of conditions and the following disclaimer in the
41  *    documentation and/or other materials provided with the distribution.
42  *
43  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
44  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
45  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
46  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
47  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
48  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
49  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
50  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
51  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
52  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
53  * SUCH DAMAGE.
54  */
55 
56 #include "opt_vm.h"
57 
58 #include <sys/param.h>
59 #include <sys/systm.h>
60 #include <sys/limits.h>
61 #include <sys/lock.h>
62 #include <sys/mutex.h>
63 #include <sys/conf.h>
64 
65 #include <vm/vm.h>
66 #include <vm/vm_page.h>
67 
68 #include <linux/types.h>
69 #include <linux/mm.h>
70 #include <linux/module.h>
71 #include <drm/drmP.h>
72 #include <drm/drm_vma_manager.h>
73 #include <drm/drm_gem.h>
74 #include "drm_internal.h"
75 
76 /** @file drm_gem.c
77  *
78  * This file provides some of the base ioctls and library routines for
79  * the graphics memory manager implemented by each device driver.
80  *
81  * Because various devices have different requirements in terms of
82  * synchronization and migration strategies, implementing that is left up to
83  * the driver, and all that the general API provides should be generic --
84  * allocating objects, reading/writing data with the cpu, freeing objects.
85  * Even there, platform-dependent optimizations for reading/writing data with
86  * the CPU mean we'll likely hook those out to driver-specific calls.  However,
87  * the DRI2 implementation wants to have at least allocate/mmap be generic.
88  *
89  * The goal was to have swap-backed object allocation managed through
90  * struct file.  However, file descriptors as handles to a struct file have
91  * two major failings:
92  * - Process limits prevent more than 1024 or so being used at a time by
93  *   default.
94  * - Inability to allocate high fds will aggravate the X Server's select()
95  *   handling, and likely that of many GL client applications as well.
96  *
97  * This led to a plan of using our own integer IDs (called handles, following
98  * DRM terminology) to mimic fds, and implement the fd syscalls we need as
99  * ioctls.  The objects themselves will still include the struct file so
100  * that we can transition to fds if the required kernel infrastructure shows
101  * up at a later date, and as our interface with shmfs for memory allocation.
102  */
103 
104 /*
105  * We make up offsets for buffer objects so we can recognize them at
106  * mmap time.
107  */
108 
109 /* pgoff in mmap is an unsigned long, so we need to make sure that
110  * the faked up offset will fit
111  */
112 
113 #if BITS_PER_LONG == 64
114 #define DRM_FILE_PAGE_OFFSET_START ((0xFFFFFFFFUL >> PAGE_SHIFT) + 1)
115 #define DRM_FILE_PAGE_OFFSET_SIZE ((0xFFFFFFFFUL >> PAGE_SHIFT) * 16)
116 #else
117 #define DRM_FILE_PAGE_OFFSET_START ((0xFFFFFFFUL >> PAGE_SHIFT) + 1)
118 #define DRM_FILE_PAGE_OFFSET_SIZE ((0xFFFFFFFUL >> PAGE_SHIFT) * 16)
119 #endif
120 
121 /**
122  * drm_gem_init - Initialize the GEM device fields
123  * @dev: drm_devic structure to initialize
124  */
125 int
126 drm_gem_init(struct drm_device *dev)
127 {
128 	struct drm_gem_mm *mm;
129 
130 	lockinit(&dev->object_name_lock, "objnam", 0, LK_CANRECURSE);
131 	idr_init(&dev->object_name_idr);
132 
133 	mm = kzalloc(sizeof(struct drm_gem_mm), GFP_KERNEL);
134 	if (!mm) {
135 		DRM_ERROR("out of memory\n");
136 		return -ENOMEM;
137 	}
138 
139 	dev->mm_private = mm;
140 
141 	if (drm_ht_create(&mm->offset_hash, 12)) {
142 		kfree(mm);
143 		return -ENOMEM;
144 	}
145 
146 	mm->idxunr = new_unrhdr(0, DRM_GEM_MAX_IDX, NULL);
147 	drm_mm_init(&mm->offset_manager, DRM_FILE_PAGE_OFFSET_START,
148 		    DRM_FILE_PAGE_OFFSET_SIZE);
149 	drm_vma_offset_manager_init(&mm->vma_manager,
150 				    DRM_FILE_PAGE_OFFSET_START,
151 				    DRM_FILE_PAGE_OFFSET_SIZE);
152 
153 	return 0;
154 }
155 
156 void
157 drm_gem_destroy(struct drm_device *dev)
158 {
159 	struct drm_gem_mm *mm = dev->mm_private;
160 
161 	drm_mm_takedown(&mm->offset_manager);
162 	drm_ht_remove(&mm->offset_hash);
163 
164 	drm_vma_offset_manager_destroy(&mm->vma_manager);
165 	delete_unrhdr(mm->idxunr);
166 	kfree(mm);
167 	dev->mm_private = NULL;
168 }
169 
170 /**
171  * Initialize an already allocated GEM object of the specified size with
172  * shmfs backing store.
173  */
174 int drm_gem_object_init(struct drm_device *dev,
175 			struct drm_gem_object *obj, size_t size)
176 {
177 	drm_gem_private_object_init(dev, obj, size);
178 
179 	obj->filp = default_pager_alloc(NULL, size,
180 	    VM_PROT_READ | VM_PROT_WRITE, 0);
181 
182 	return 0;
183 }
184 EXPORT_SYMBOL(drm_gem_object_init);
185 
186 /**
187  * drm_gem_object_init - initialize an allocated private GEM object
188  * @dev: drm_device the object should be initialized for
189  * @obj: drm_gem_object to initialize
190  * @size: object size
191  *
192  * Initialize an already allocated GEM object of the specified size with
193  * no GEM provided backing store. Instead the caller is responsible for
194  * backing the object and handling it.
195  */
196 void drm_gem_private_object_init(struct drm_device *dev,
197 				 struct drm_gem_object *obj, size_t size)
198 {
199 	BUG_ON((size & (PAGE_SIZE - 1)) != 0);
200 
201 	obj->dev = dev;
202 	obj->filp = NULL;
203 
204 	kref_init(&obj->refcount);
205 	obj->handle_count = 0;
206 	obj->size = size;
207 	drm_vma_node_reset(&obj->vma_node);
208 }
209 EXPORT_SYMBOL(drm_gem_private_object_init);
210 
211 static void
212 drm_gem_remove_prime_handles(struct drm_gem_object *obj, struct drm_file *filp)
213 {
214 	/*
215 	 * Note: obj->dma_buf can't disappear as long as we still hold a
216 	 * handle reference in obj->handle_count.
217 	 */
218 	mutex_lock(&filp->prime.lock);
219 #if 0
220 	if (obj->dma_buf) {
221 		drm_prime_remove_buf_handle_locked(&filp->prime,
222 						   obj->dma_buf);
223 	}
224 #endif
225 	mutex_unlock(&filp->prime.lock);
226 }
227 
228 static void drm_gem_object_ref_bug(struct kref *list_kref)
229 {
230 	BUG();
231 }
232 
233 /**
234  * drm_gem_object_handle_free - release resources bound to userspace handles
235  * @obj: GEM object to clean up.
236  *
237  * Called after the last handle to the object has been closed
238  *
239  * Removes any name for the object. Note that this must be
240  * called before drm_gem_object_free or we'll be touching
241  * freed memory
242  */
243 static void drm_gem_object_handle_free(struct drm_gem_object *obj)
244 {
245 	struct drm_device *dev = obj->dev;
246 
247 	/* Remove any name for this object */
248 	if (obj->name) {
249 		idr_remove(&dev->object_name_idr, obj->name);
250 		obj->name = 0;
251 	/*
252 	 * The object name held a reference to this object, drop
253 	 * that now.
254 	*
255 	* This cannot be the last reference, since the handle holds one too.
256 	 */
257 		kref_put(&obj->refcount, drm_gem_object_ref_bug);
258 	}
259 }
260 
261 static void drm_gem_object_exported_dma_buf_free(struct drm_gem_object *obj)
262 {
263 #if 0
264 	/* Unbreak the reference cycle if we have an exported dma_buf. */
265 	if (obj->dma_buf) {
266 		dma_buf_put(obj->dma_buf);
267 		obj->dma_buf = NULL;
268 	}
269 #endif
270 }
271 
272 static void
273 drm_gem_object_handle_unreference_unlocked(struct drm_gem_object *obj)
274 {
275 	struct drm_device *dev = obj->dev;
276 
277 	if (WARN_ON(obj->handle_count == 0))
278 		return;
279 
280 	/*
281 	* Must bump handle count first as this may be the last
282 	* ref, in which case the object would disappear before we
283 	* checked for a name
284 	*/
285 
286 	mutex_lock(&dev->object_name_lock);
287 	if (--obj->handle_count == 0) {
288 		drm_gem_object_handle_free(obj);
289 		drm_gem_object_exported_dma_buf_free(obj);
290 	}
291 	mutex_unlock(&dev->object_name_lock);
292 
293 	drm_gem_object_unreference_unlocked(obj);
294 }
295 
296 /*
297  * Called at device or object close to release the file's
298  * handle references on objects.
299  */
300 static int
301 drm_gem_object_release_handle(int id, void *ptr, void *data)
302 {
303 	struct drm_file *file_priv = data;
304 	struct drm_gem_object *obj = ptr;
305 	struct drm_device *dev = obj->dev;
306 
307 	drm_gem_remove_prime_handles(obj, file_priv);
308 
309 	if (dev->driver->gem_close_object)
310 		dev->driver->gem_close_object(obj, file_priv);
311 
312 	drm_gem_object_handle_unreference_unlocked(obj);
313 
314 	return 0;
315 }
316 
317 /**
318  * drm_gem_handle_delete - deletes the given file-private handle
319  * @filp: drm file-private structure to use for the handle look up
320  * @handle: userspace handle to delete
321  *
322  * Removes the GEM handle from the @filp lookup table which has been added with
323  * drm_gem_handle_create(). If this is the last handle also cleans up linked
324  * resources like GEM names.
325  */
326 int
327 drm_gem_handle_delete(struct drm_file *filp, u32 handle)
328 {
329 	struct drm_device *dev;
330 	struct drm_gem_object *obj;
331 
332 	/* This is gross. The idr system doesn't let us try a delete and
333 	 * return an error code.  It just spews if you fail at deleting.
334 	 * So, we have to grab a lock around finding the object and then
335 	 * doing the delete on it and dropping the refcount, or the user
336 	 * could race us to double-decrement the refcount and cause a
337 	 * use-after-free later.  Given the frequency of our handle lookups,
338 	 * we may want to use ida for number allocation and a hash table
339 	 * for the pointers, anyway.
340 	 */
341 	lockmgr(&filp->table_lock, LK_EXCLUSIVE);
342 
343 	/* Check if we currently have a reference on the object */
344 	obj = idr_find(&filp->object_idr, handle);
345 	if (obj == NULL) {
346 		lockmgr(&filp->table_lock, LK_RELEASE);
347 		return -EINVAL;
348 	}
349 	dev = obj->dev;
350 
351 	/* Release reference and decrement refcount. */
352 	idr_remove(&filp->object_idr, handle);
353 	lockmgr(&filp->table_lock, LK_RELEASE);
354 
355 	drm_gem_remove_prime_handles(obj, filp);
356 
357 	if (dev->driver->gem_close_object)
358 		dev->driver->gem_close_object(obj, filp);
359 	drm_gem_object_handle_unreference_unlocked(obj);
360 
361 	return 0;
362 }
363 EXPORT_SYMBOL(drm_gem_handle_delete);
364 
365 /**
366  * drm_gem_dumb_destroy - dumb fb callback helper for gem based drivers
367  * @file: drm file-private structure to remove the dumb handle from
368  * @dev: corresponding drm_device
369  * @handle: the dumb handle to remove
370  *
371  * This implements the ->dumb_destroy kms driver callback for drivers which use
372  * gem to manage their backing storage.
373  */
374 int drm_gem_dumb_destroy(struct drm_file *file,
375 			 struct drm_device *dev,
376 			 uint32_t handle)
377 {
378 	return drm_gem_handle_delete(file, handle);
379 }
380 EXPORT_SYMBOL(drm_gem_dumb_destroy);
381 
382 /**
383  * drm_gem_handle_create_tail - internal functions to create a handle
384  * @file_priv: drm file-private structure to register the handle for
385  * @obj: object to register
386  * @handlep: pointer to return the created handle to the caller
387  *
388  * This expects the dev->object_name_lock to be held already and will drop it
389  * before returning. Used to avoid races in establishing new handles when
390  * importing an object from either an flink name or a dma-buf.
391  *
392  * Handles must be release again through drm_gem_handle_delete(). This is done
393  * when userspace closes @file_priv for all attached handles, or through the
394  * GEM_CLOSE ioctl for individual handles.
395  */
396 int
397 drm_gem_handle_create_tail(struct drm_file *file_priv,
398 			   struct drm_gem_object *obj,
399 			   u32 *handlep)
400 {
401 	struct drm_device *dev = obj->dev;
402 	int ret;
403 
404 	*handlep = 0;		/* whack gcc warning */
405 	WARN_ON(!mutex_is_locked(&dev->object_name_lock));
406 
407 	/*
408 	 * Get the user-visible handle using idr.  Preload and perform
409 	 * allocation under our spinlock.
410 	 */
411 	idr_preload(GFP_KERNEL);
412 	lockmgr(&file_priv->table_lock, LK_EXCLUSIVE);
413 
414 	ret = idr_alloc(&file_priv->object_idr, obj, 1, 0, GFP_NOWAIT);
415 	drm_gem_object_reference(obj);
416 	obj->handle_count++;
417 	lockmgr(&file_priv->table_lock, LK_RELEASE);
418 	idr_preload_end();
419 	mutex_unlock(&dev->object_name_lock);
420 	if (ret < 0) {
421 		drm_gem_object_handle_unreference_unlocked(obj);
422 		return ret;
423 	}
424 	*handlep = ret;
425 
426 #if 0
427 	ret = drm_vma_node_allow(&obj->vma_node, file_priv->filp);
428 	if (ret) {
429 		drm_gem_handle_delete(file_priv, *handlep);
430 		return ret;
431 	}
432 #endif
433 
434 	if (dev->driver->gem_open_object) {
435 		ret = dev->driver->gem_open_object(obj, file_priv);
436 		if (ret) {
437 			drm_gem_handle_delete(file_priv, *handlep);
438 			return ret;
439 		}
440 	}
441 
442 	return 0;
443 }
444 
445 /**
446  * drm_gem_handle_create - create a gem handle for an object
447  * @file_priv: drm file-private structure to register the handle for
448  * @obj: object to register
449  * @handlep: pionter to return the created handle to the caller
450  *
451  * Create a handle for this object. This adds a handle reference
452  * to the object, which includes a regular reference count. Callers
453  * will likely want to dereference the object afterwards.
454  */
455 int drm_gem_handle_create(struct drm_file *file_priv,
456 			  struct drm_gem_object *obj,
457 			  u32 *handlep)
458 {
459 	mutex_lock(&obj->dev->object_name_lock);
460 
461 	return drm_gem_handle_create_tail(file_priv, obj, handlep);
462 }
463 EXPORT_SYMBOL(drm_gem_handle_create);
464 
465 /**
466  * drm_gem_free_mmap_offset - release a fake mmap offset for an object
467  * @obj: obj in question
468  *
469  * This routine frees fake offsets allocated by drm_gem_create_mmap_offset().
470  *
471  * Note that drm_gem_object_release() already calls this function, so drivers
472  * don't have to take care of releasing the mmap offset themselves when freeing
473  * the GEM object.
474  */
475 void
476 drm_gem_free_mmap_offset(struct drm_gem_object *obj)
477 {
478 	struct drm_device *dev = obj->dev;
479 	struct drm_gem_mm *mm = dev->mm_private;
480 	struct drm_hash_item *list;
481 
482 	if (!obj->on_map)
483 		return;
484 	list = &obj->map_list;
485 
486 	drm_ht_remove_item(&mm->offset_hash, list);
487 	free_unr(mm->idxunr, list->key);
488 	obj->on_map = false;
489 
490 	drm_vma_offset_remove(&mm->vma_manager, &obj->vma_node);
491 }
492 EXPORT_SYMBOL(drm_gem_free_mmap_offset);
493 
494 /**
495  * drm_gem_create_mmap_offset_size - create a fake mmap offset for an object
496  * @obj: obj in question
497  * @size: the virtual size
498  *
499  * GEM memory mapping works by handing back to userspace a fake mmap offset
500  * it can use in a subsequent mmap(2) call.  The DRM core code then looks
501  * up the object based on the offset and sets up the various memory mapping
502  * structures.
503  *
504  * This routine allocates and attaches a fake offset for @obj, in cases where
505  * the virtual size differs from the physical size (ie. obj->size).  Otherwise
506  * just use drm_gem_create_mmap_offset().
507  *
508  * This function is idempotent and handles an already allocated mmap offset
509  * transparently. Drivers do not need to check for this case.
510  */
511 int
512 drm_gem_create_mmap_offset_size(struct drm_gem_object *obj, size_t size)
513 {
514 	struct drm_device *dev = obj->dev;
515 	struct drm_gem_mm *mm = dev->mm_private;
516 	int ret = 0;
517 
518 	if (obj->on_map)
519 		return (0);
520 
521 	obj->map_list.key = alloc_unr(mm->idxunr);
522 	ret = drm_ht_insert_item(&mm->offset_hash, &obj->map_list);
523 	if (ret != 0) {
524 		DRM_ERROR("failed to add to map hash\n");
525 		free_unr(mm->idxunr, obj->map_list.key);
526 		return (ret);
527 	}
528 	obj->on_map = true;
529 	return 0;
530 
531 	return drm_vma_offset_add(&mm->vma_manager, &obj->vma_node,
532 				  size / PAGE_SIZE);
533 }
534 EXPORT_SYMBOL(drm_gem_create_mmap_offset_size);
535 
536 /**
537  * drm_gem_create_mmap_offset - create a fake mmap offset for an object
538  * @obj: obj in question
539  *
540  * GEM memory mapping works by handing back to userspace a fake mmap offset
541  * it can use in a subsequent mmap(2) call.  The DRM core code then looks
542  * up the object based on the offset and sets up the various memory mapping
543  * structures.
544  *
545  * This routine allocates and attaches a fake offset for @obj.
546  *
547  * Drivers can call drm_gem_free_mmap_offset() before freeing @obj to release
548  * the fake offset again.
549  */
550 int drm_gem_create_mmap_offset(struct drm_gem_object *obj)
551 {
552 	return drm_gem_create_mmap_offset_size(obj, obj->size);
553 }
554 EXPORT_SYMBOL(drm_gem_create_mmap_offset);
555 
556 /**
557  * drm_gem_object_lookup - look up a GEM object from it's handle
558  * @dev: DRM device
559  * @filp: DRM file private date
560  * @handle: userspace handle
561  *
562  * Returns:
563  *
564  * A reference to the object named by the handle if such exists on @filp, NULL
565  * otherwise.
566  */
567 struct drm_gem_object *
568 drm_gem_object_lookup(struct drm_file *filp, u32 handle)
569 {
570 	struct drm_gem_object *obj;
571 
572 	lockmgr(&filp->table_lock, LK_EXCLUSIVE);
573 
574 	/* Check if we currently have a reference on the object */
575 	obj = idr_find(&filp->object_idr, handle);
576 	if (obj == NULL) {
577 		lockmgr(&filp->table_lock, LK_RELEASE);
578 		return NULL;
579 	}
580 
581 	drm_gem_object_reference(obj);
582 
583 	lockmgr(&filp->table_lock, LK_RELEASE);
584 
585 	return obj;
586 }
587 EXPORT_SYMBOL(drm_gem_object_lookup);
588 
589 /**
590  * drm_gem_close_ioctl - implementation of the GEM_CLOSE ioctl
591  * @dev: drm_device
592  * @data: ioctl data
593  * @file_priv: drm file-private structure
594  *
595  * Releases the handle to an mm object.
596  */
597 int
598 drm_gem_close_ioctl(struct drm_device *dev, void *data,
599 		    struct drm_file *file_priv)
600 {
601 	struct drm_gem_close *args = data;
602 	int ret;
603 
604 	if (!drm_core_check_feature(dev, DRIVER_GEM))
605 		return -ENODEV;
606 
607 	ret = drm_gem_handle_delete(file_priv, args->handle);
608 
609 	return ret;
610 }
611 
612 /**
613  * Create a global name for an object, returning the name.
614  *
615  * Note that the name does not hold a reference; when the object
616  * is freed, the name goes away.
617  */
618 int
619 drm_gem_flink_ioctl(struct drm_device *dev, void *data,
620 		    struct drm_file *file_priv)
621 {
622 	struct drm_gem_flink *args = data;
623 	struct drm_gem_object *obj;
624 	int ret;
625 
626 	if (!drm_core_check_feature(dev, DRIVER_GEM))
627 		return -ENODEV;
628 
629 	obj = drm_gem_object_lookup(file_priv, args->handle);
630 	if (obj == NULL)
631 		return -ENOENT;
632 
633 	idr_preload(GFP_KERNEL);
634 	lockmgr(&dev->object_name_lock, LK_EXCLUSIVE);
635 	/* prevent races with concurrent gem_close. */
636 	if (obj->handle_count == 0) {
637 		ret = -ENOENT;
638 		goto err;
639 	}
640 
641 	if (!obj->name) {
642 		ret = idr_alloc(&dev->object_name_idr, obj, 1, 0, GFP_NOWAIT);
643 		if (ret < 0)
644 			goto err;
645 
646 		obj->name = ret;
647 
648 		/* Allocate a reference for the name table.  */
649 		drm_gem_object_reference(obj);
650 	}
651 
652 	args->name = (uint64_t) obj->name;
653 	ret = 0;
654 
655 err:
656 	lockmgr(&dev->object_name_lock, LK_RELEASE);
657 	idr_preload_end();
658 	drm_gem_object_unreference_unlocked(obj);
659 	return ret;
660 }
661 
662 /**
663  * drm_gem_open - implementation of the GEM_OPEN ioctl
664  * @dev: drm_device
665  * @data: ioctl data
666  * @file_priv: drm file-private structure
667  *
668  * Open an object using the global name, returning a handle and the size.
669  *
670  * This handle (of course) holds a reference to the object, so the object
671  * will not go away until the handle is deleted.
672  */
673 int
674 drm_gem_open_ioctl(struct drm_device *dev, void *data,
675 		   struct drm_file *file_priv)
676 {
677 	struct drm_gem_open *args = data;
678 	struct drm_gem_object *obj;
679 	int ret;
680 	u32 handle;
681 
682 	if (!drm_core_check_feature(dev, DRIVER_GEM))
683 		return -ENODEV;
684 
685 	lockmgr(&dev->object_name_lock, LK_EXCLUSIVE);
686 	obj = idr_find(&dev->object_name_idr, (int) args->name);
687 	if (obj)
688 		drm_gem_object_reference(obj);
689 	lockmgr(&dev->object_name_lock, LK_RELEASE);
690 	if (!obj)
691 		return -ENOENT;
692 
693 	ret = drm_gem_handle_create(file_priv, obj, &handle);
694 	drm_gem_object_unreference_unlocked(obj);
695 	if (ret)
696 		return ret;
697 
698 	args->handle = handle;
699 	args->size = obj->size;
700 
701 	return 0;
702 }
703 
704 /**
705  * gem_gem_open - initalizes GEM file-private structures at devnode open time
706  * @dev: drm_device which is being opened by userspace
707  * @file_private: drm file-private structure to set up
708  *
709  * Called at device open time, sets up the structure for handling refcounting
710  * of mm objects.
711  */
712 void
713 drm_gem_open(struct drm_device *dev, struct drm_file *file_private)
714 {
715 	idr_init(&file_private->object_idr);
716 	lockinit(&file_private->table_lock, "fptab", 0, LK_CANRECURSE);
717 }
718 
719 /**
720  * drm_gem_release - release file-private GEM resources
721  * @dev: drm_device which is being closed by userspace
722  * @file_private: drm file-private structure to clean up
723  *
724  * Called at close time when the filp is going away.
725  *
726  * Releases any remaining references on objects by this filp.
727  */
728 void
729 drm_gem_release(struct drm_device *dev, struct drm_file *file_private)
730 {
731 	idr_for_each(&file_private->object_idr,
732 		     &drm_gem_object_release_handle, file_private);
733 	idr_destroy(&file_private->object_idr);
734 }
735 
736 /**
737  * drm_gem_object_release - release GEM buffer object resources
738  * @obj: GEM buffer object
739  *
740  * This releases any structures and resources used by @obj and is the invers of
741  * drm_gem_object_init().
742  */
743 void
744 drm_gem_object_release(struct drm_gem_object *obj)
745 {
746 
747 	/*
748 	 * obj->vm_obj can be NULL for private gem objects.
749 	 */
750 	vm_object_deallocate(obj->filp);
751 }
752 EXPORT_SYMBOL(drm_gem_object_release);
753 
754 /**
755  * drm_gem_object_free - free a GEM object
756  * @kref: kref of the object to free
757  *
758  * Called after the last reference to the object has been lost.
759  * Must be called holding struct_ mutex
760  *
761  * Frees the object
762  */
763 void
764 drm_gem_object_free(struct kref *kref)
765 {
766 	struct drm_gem_object *obj =
767 		container_of(kref, struct drm_gem_object, refcount);
768 	struct drm_device *dev = obj->dev;
769 
770 	WARN_ON(!mutex_is_locked(&dev->struct_mutex));
771 
772 	if (dev->driver->gem_free_object != NULL)
773 		dev->driver->gem_free_object(obj);
774 }
775 EXPORT_SYMBOL(drm_gem_object_free);
776 
777 /**
778  * drm_gem_object_unreference_unlocked - release a GEM BO reference
779  * @obj: GEM buffer object
780  *
781  * This releases a reference to @obj. Callers must not hold the
782  * dev->struct_mutex lock when calling this function.
783  *
784  * See also __drm_gem_object_unreference().
785  */
786 void
787 drm_gem_object_unreference_unlocked(struct drm_gem_object *obj)
788 {
789 	struct drm_device *dev;
790 
791 	if (!obj)
792 		return;
793 
794 	dev = obj->dev;
795 	if (kref_put_mutex(&obj->refcount, drm_gem_object_free, &dev->struct_mutex))
796 		mutex_unlock(&dev->struct_mutex);
797 	else
798 		might_lock(&dev->struct_mutex);
799 }
800 EXPORT_SYMBOL(drm_gem_object_unreference_unlocked);
801 
802 /**
803  * drm_gem_object_unreference - release a GEM BO reference
804  * @obj: GEM buffer object
805  *
806  * This releases a reference to @obj. Callers must hold the dev->struct_mutex
807  * lock when calling this function, even when the driver doesn't use
808  * dev->struct_mutex for anything.
809  *
810  * For drivers not encumbered with legacy locking use
811  * drm_gem_object_unreference_unlocked() instead.
812  */
813 void
814 drm_gem_object_unreference(struct drm_gem_object *obj)
815 {
816 	if (obj != NULL) {
817 #if 0
818 		WARN_ON(!mutex_is_locked(&obj->dev->struct_mutex));
819 #endif
820 
821 		kref_put(&obj->refcount, drm_gem_object_free);
822 	}
823 }
824 EXPORT_SYMBOL(drm_gem_object_unreference);
825 
826 static struct drm_gem_object *
827 drm_gem_object_from_offset(struct drm_device *dev, vm_ooffset_t offset)
828 {
829 	struct drm_gem_object *obj;
830 	struct drm_gem_mm *mm = dev->mm_private;
831 	struct drm_hash_item *hash;
832 
833 	if ((offset & DRM_GEM_MAPPING_MASK) != DRM_GEM_MAPPING_KEY)
834 		return (NULL);
835 	offset &= ~DRM_GEM_MAPPING_KEY;
836 
837 	if (drm_ht_find_item(&mm->offset_hash, DRM_GEM_MAPPING_IDX(offset),
838 	    &hash) != 0) {
839 		return (NULL);
840 	}
841 	obj = container_of(hash, struct drm_gem_object, map_list);
842 	return (obj);
843 }
844 
845 int
846 drm_gem_mmap_single(struct drm_device *dev, vm_ooffset_t *offset, vm_size_t size,
847     struct vm_object **obj_res, int nprot)
848 {
849 	struct drm_gem_object *gem_obj;
850 	struct vm_object *vm_obj;
851 
852 	DRM_LOCK(dev);
853 	gem_obj = drm_gem_object_from_offset(dev, *offset);
854 	if (gem_obj == NULL) {
855 		DRM_UNLOCK(dev);
856 		return (ENODEV);
857 	}
858 
859 	drm_gem_object_reference(gem_obj);
860 	DRM_UNLOCK(dev);
861 	vm_obj = cdev_pager_allocate(gem_obj, OBJT_MGTDEVICE,
862 	    dev->driver->gem_vm_ops, size, nprot,
863 	    DRM_GEM_MAPPING_MAPOFF(*offset), curthread->td_ucred);
864 	if (vm_obj == NULL) {
865 		drm_gem_object_unreference_unlocked(gem_obj);
866 		return (EINVAL);
867 	}
868 	*offset = DRM_GEM_MAPPING_MAPOFF(*offset);
869 	*obj_res = vm_obj;
870 	return (0);
871 }
872