1 /* 2 * Copyright © 2008 Intel Corporation 3 * 4 * Permission is hereby granted, free of charge, to any person obtaining a 5 * copy of this software and associated documentation files (the "Software"), 6 * to deal in the Software without restriction, including without limitation 7 * the rights to use, copy, modify, merge, publish, distribute, sublicense, 8 * and/or sell copies of the Software, and to permit persons to whom the 9 * Software is furnished to do so, subject to the following conditions: 10 * 11 * The above copyright notice and this permission notice (including the next 12 * paragraph) shall be included in all copies or substantial portions of the 13 * Software. 14 * 15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 18 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 20 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS 21 * IN THE SOFTWARE. 22 * 23 * Authors: 24 * Eric Anholt <eric@anholt.net> 25 * 26 */ 27 /*- 28 * Copyright (c) 2011 The FreeBSD Foundation 29 * All rights reserved. 30 * 31 * This software was developed by Konstantin Belousov under sponsorship from 32 * the FreeBSD Foundation. 33 * 34 * Redistribution and use in source and binary forms, with or without 35 * modification, are permitted provided that the following conditions 36 * are met: 37 * 1. Redistributions of source code must retain the above copyright 38 * notice, this list of conditions and the following disclaimer. 39 * 2. Redistributions in binary form must reproduce the above copyright 40 * notice, this list of conditions and the following disclaimer in the 41 * documentation and/or other materials provided with the distribution. 42 * 43 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 44 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 45 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 46 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 47 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 48 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 49 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 50 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 51 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 52 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 53 * SUCH DAMAGE. 54 */ 55 56 #include "opt_vm.h" 57 58 #include <sys/param.h> 59 #include <sys/systm.h> 60 #include <sys/limits.h> 61 #include <sys/lock.h> 62 #include <sys/conf.h> 63 64 #include <vm/vm.h> 65 #include <vm/vm_page.h> 66 67 #include <linux/types.h> 68 #include <linux/mm.h> 69 #include <linux/module.h> 70 #include <drm/drmP.h> 71 #include <drm/drm_vma_manager.h> 72 #include <drm/drm_gem.h> 73 #include "drm_internal.h" 74 75 /** @file drm_gem.c 76 * 77 * This file provides some of the base ioctls and library routines for 78 * the graphics memory manager implemented by each device driver. 79 * 80 * Because various devices have different requirements in terms of 81 * synchronization and migration strategies, implementing that is left up to 82 * the driver, and all that the general API provides should be generic -- 83 * allocating objects, reading/writing data with the cpu, freeing objects. 84 * Even there, platform-dependent optimizations for reading/writing data with 85 * the CPU mean we'll likely hook those out to driver-specific calls. However, 86 * the DRI2 implementation wants to have at least allocate/mmap be generic. 87 * 88 * The goal was to have swap-backed object allocation managed through 89 * struct file. However, file descriptors as handles to a struct file have 90 * two major failings: 91 * - Process limits prevent more than 1024 or so being used at a time by 92 * default. 93 * - Inability to allocate high fds will aggravate the X Server's select() 94 * handling, and likely that of many GL client applications as well. 95 * 96 * This led to a plan of using our own integer IDs (called handles, following 97 * DRM terminology) to mimic fds, and implement the fd syscalls we need as 98 * ioctls. The objects themselves will still include the struct file so 99 * that we can transition to fds if the required kernel infrastructure shows 100 * up at a later date, and as our interface with shmfs for memory allocation. 101 */ 102 103 /* 104 * We make up offsets for buffer objects so we can recognize them at 105 * mmap time. 106 */ 107 108 /* pgoff in mmap is an unsigned long, so we need to make sure that 109 * the faked up offset will fit 110 */ 111 112 #if BITS_PER_LONG == 64 113 #define DRM_FILE_PAGE_OFFSET_START ((0xFFFFFFFFUL >> PAGE_SHIFT) + 1) 114 #define DRM_FILE_PAGE_OFFSET_SIZE ((0xFFFFFFFFUL >> PAGE_SHIFT) * 16) 115 #else 116 #define DRM_FILE_PAGE_OFFSET_START ((0xFFFFFFFUL >> PAGE_SHIFT) + 1) 117 #define DRM_FILE_PAGE_OFFSET_SIZE ((0xFFFFFFFUL >> PAGE_SHIFT) * 16) 118 #endif 119 120 /** 121 * drm_gem_init - Initialize the GEM device fields 122 * @dev: drm_devic structure to initialize 123 */ 124 int 125 drm_gem_init(struct drm_device *dev) 126 { 127 struct drm_gem_mm *mm; 128 129 lockinit(&dev->object_name_lock, "objnam", 0, LK_CANRECURSE); 130 idr_init(&dev->object_name_idr); 131 132 mm = kzalloc(sizeof(struct drm_gem_mm), GFP_KERNEL); 133 if (!mm) { 134 DRM_ERROR("out of memory\n"); 135 return -ENOMEM; 136 } 137 138 dev->mm_private = mm; 139 140 if (drm_ht_create(&mm->offset_hash, 12)) { 141 kfree(mm); 142 return -ENOMEM; 143 } 144 145 mm->idxunr = new_unrhdr(0, DRM_GEM_MAX_IDX, NULL); 146 drm_mm_init(&mm->offset_manager, DRM_FILE_PAGE_OFFSET_START, 147 DRM_FILE_PAGE_OFFSET_SIZE); 148 drm_vma_offset_manager_init(&mm->vma_manager, 149 DRM_FILE_PAGE_OFFSET_START, 150 DRM_FILE_PAGE_OFFSET_SIZE); 151 152 return 0; 153 } 154 155 void 156 drm_gem_destroy(struct drm_device *dev) 157 { 158 struct drm_gem_mm *mm = dev->mm_private; 159 160 drm_mm_takedown(&mm->offset_manager); 161 drm_ht_remove(&mm->offset_hash); 162 163 drm_vma_offset_manager_destroy(&mm->vma_manager); 164 delete_unrhdr(mm->idxunr); 165 kfree(mm); 166 dev->mm_private = NULL; 167 } 168 169 /** 170 * Initialize an already allocated GEM object of the specified size with 171 * shmfs backing store. 172 */ 173 int drm_gem_object_init(struct drm_device *dev, 174 struct drm_gem_object *obj, size_t size) 175 { 176 drm_gem_private_object_init(dev, obj, size); 177 178 obj->filp = default_pager_alloc(NULL, size, 179 VM_PROT_READ | VM_PROT_WRITE, 0); 180 181 return 0; 182 } 183 EXPORT_SYMBOL(drm_gem_object_init); 184 185 /** 186 * drm_gem_object_init - initialize an allocated private GEM object 187 * @dev: drm_device the object should be initialized for 188 * @obj: drm_gem_object to initialize 189 * @size: object size 190 * 191 * Initialize an already allocated GEM object of the specified size with 192 * no GEM provided backing store. Instead the caller is responsible for 193 * backing the object and handling it. 194 */ 195 void drm_gem_private_object_init(struct drm_device *dev, 196 struct drm_gem_object *obj, size_t size) 197 { 198 BUG_ON((size & (PAGE_SIZE - 1)) != 0); 199 200 obj->dev = dev; 201 obj->filp = NULL; 202 203 kref_init(&obj->refcount); 204 obj->handle_count = 0; 205 obj->size = size; 206 drm_vma_node_reset(&obj->vma_node); 207 } 208 EXPORT_SYMBOL(drm_gem_private_object_init); 209 210 static void 211 drm_gem_remove_prime_handles(struct drm_gem_object *obj, struct drm_file *filp) 212 { 213 /* 214 * Note: obj->dma_buf can't disappear as long as we still hold a 215 * handle reference in obj->handle_count. 216 */ 217 mutex_lock(&filp->prime.lock); 218 #if 0 219 if (obj->dma_buf) { 220 drm_prime_remove_buf_handle_locked(&filp->prime, 221 obj->dma_buf); 222 } 223 #endif 224 mutex_unlock(&filp->prime.lock); 225 } 226 227 /** 228 * drm_gem_object_handle_free - release resources bound to userspace handles 229 * @obj: GEM object to clean up. 230 * 231 * Called after the last handle to the object has been closed 232 * 233 * Removes any name for the object. Note that this must be 234 * called before drm_gem_object_free or we'll be touching 235 * freed memory 236 */ 237 static void drm_gem_object_handle_free(struct drm_gem_object *obj) 238 { 239 struct drm_device *dev = obj->dev; 240 241 /* Remove any name for this object */ 242 if (obj->name) { 243 idr_remove(&dev->object_name_idr, obj->name); 244 obj->name = 0; 245 } 246 } 247 248 static void drm_gem_object_exported_dma_buf_free(struct drm_gem_object *obj) 249 { 250 #if 0 251 /* Unbreak the reference cycle if we have an exported dma_buf. */ 252 if (obj->dma_buf) { 253 dma_buf_put(obj->dma_buf); 254 obj->dma_buf = NULL; 255 } 256 #endif 257 } 258 259 static void 260 drm_gem_object_handle_unreference_unlocked(struct drm_gem_object *obj) 261 { 262 struct drm_device *dev = obj->dev; 263 bool final = false; 264 265 if (WARN_ON(obj->handle_count == 0)) 266 return; 267 268 /* 269 * Must bump handle count first as this may be the last 270 * ref, in which case the object would disappear before we 271 * checked for a name 272 */ 273 274 mutex_lock(&dev->object_name_lock); 275 if (--obj->handle_count == 0) { 276 drm_gem_object_handle_free(obj); 277 drm_gem_object_exported_dma_buf_free(obj); 278 final = true; 279 } 280 mutex_unlock(&dev->object_name_lock); 281 282 if (final) 283 drm_gem_object_unreference_unlocked(obj); 284 } 285 286 /* 287 * Called at device or object close to release the file's 288 * handle references on objects. 289 */ 290 static int 291 drm_gem_object_release_handle(int id, void *ptr, void *data) 292 { 293 struct drm_file *file_priv = data; 294 struct drm_gem_object *obj = ptr; 295 struct drm_device *dev = obj->dev; 296 297 if (drm_core_check_feature(dev, DRIVER_PRIME)) 298 drm_gem_remove_prime_handles(obj, file_priv); 299 drm_vma_node_revoke(&obj->vma_node, file_priv); 300 301 if (dev->driver->gem_close_object) 302 dev->driver->gem_close_object(obj, file_priv); 303 304 drm_gem_object_handle_unreference_unlocked(obj); 305 306 return 0; 307 } 308 309 /** 310 * drm_gem_handle_delete - deletes the given file-private handle 311 * @filp: drm file-private structure to use for the handle look up 312 * @handle: userspace handle to delete 313 * 314 * Removes the GEM handle from the @filp lookup table which has been added with 315 * drm_gem_handle_create(). If this is the last handle also cleans up linked 316 * resources like GEM names. 317 */ 318 int 319 drm_gem_handle_delete(struct drm_file *filp, u32 handle) 320 { 321 struct drm_gem_object *obj; 322 323 /* This is gross. The idr system doesn't let us try a delete and 324 * return an error code. It just spews if you fail at deleting. 325 * So, we have to grab a lock around finding the object and then 326 * doing the delete on it and dropping the refcount, or the user 327 * could race us to double-decrement the refcount and cause a 328 * use-after-free later. Given the frequency of our handle lookups, 329 * we may want to use ida for number allocation and a hash table 330 * for the pointers, anyway. 331 */ 332 lockmgr(&filp->table_lock, LK_EXCLUSIVE); 333 334 /* Check if we currently have a reference on the object */ 335 obj = idr_replace(&filp->object_idr, NULL, handle); 336 lockmgr(&filp->table_lock, LK_RELEASE); 337 if (IS_ERR_OR_NULL(obj)) 338 return -EINVAL; 339 340 /* Release driver's reference and decrement refcount. */ 341 drm_gem_object_release_handle(handle, obj, filp); 342 343 /* And finally make the handle available for future allocations. */ 344 lockmgr(&filp->table_lock, LK_EXCLUSIVE); 345 idr_remove(&filp->object_idr, handle); 346 lockmgr(&filp->table_lock, LK_RELEASE); 347 348 return 0; 349 } 350 EXPORT_SYMBOL(drm_gem_handle_delete); 351 352 /** 353 * drm_gem_dumb_destroy - dumb fb callback helper for gem based drivers 354 * @file: drm file-private structure to remove the dumb handle from 355 * @dev: corresponding drm_device 356 * @handle: the dumb handle to remove 357 * 358 * This implements the ->dumb_destroy kms driver callback for drivers which use 359 * gem to manage their backing storage. 360 */ 361 int drm_gem_dumb_destroy(struct drm_file *file, 362 struct drm_device *dev, 363 uint32_t handle) 364 { 365 return drm_gem_handle_delete(file, handle); 366 } 367 EXPORT_SYMBOL(drm_gem_dumb_destroy); 368 369 /** 370 * drm_gem_handle_create_tail - internal functions to create a handle 371 * @file_priv: drm file-private structure to register the handle for 372 * @obj: object to register 373 * @handlep: pointer to return the created handle to the caller 374 * 375 * This expects the dev->object_name_lock to be held already and will drop it 376 * before returning. Used to avoid races in establishing new handles when 377 * importing an object from either an flink name or a dma-buf. 378 * 379 * Handles must be release again through drm_gem_handle_delete(). This is done 380 * when userspace closes @file_priv for all attached handles, or through the 381 * GEM_CLOSE ioctl for individual handles. 382 */ 383 int 384 drm_gem_handle_create_tail(struct drm_file *file_priv, 385 struct drm_gem_object *obj, 386 u32 *handlep) 387 { 388 struct drm_device *dev = obj->dev; 389 u32 handle; 390 int ret; 391 392 WARN_ON(!mutex_is_locked(&dev->object_name_lock)); 393 if (obj->handle_count++ == 0) 394 drm_gem_object_reference(obj); 395 396 /* 397 * Get the user-visible handle using idr. Preload and perform 398 * allocation under our spinlock. 399 */ 400 idr_preload(GFP_KERNEL); 401 lockmgr(&file_priv->table_lock, LK_EXCLUSIVE); 402 403 ret = idr_alloc(&file_priv->object_idr, obj, 1, 0, GFP_NOWAIT); 404 405 lockmgr(&file_priv->table_lock, LK_RELEASE); 406 idr_preload_end(); 407 408 mutex_unlock(&dev->object_name_lock); 409 if (ret < 0) 410 goto err_unref; 411 412 handle = ret; 413 414 ret = drm_vma_node_allow(&obj->vma_node, file_priv); 415 if (ret) 416 goto err_remove; 417 418 if (dev->driver->gem_open_object) { 419 ret = dev->driver->gem_open_object(obj, file_priv); 420 if (ret) 421 goto err_revoke; 422 } 423 424 *handlep = handle; 425 return 0; 426 427 err_revoke: 428 drm_vma_node_revoke(&obj->vma_node, file_priv); 429 err_remove: 430 lockmgr(&file_priv->table_lock, LK_EXCLUSIVE); 431 idr_remove(&file_priv->object_idr, handle); 432 lockmgr(&file_priv->table_lock, LK_RELEASE); 433 err_unref: 434 drm_gem_object_handle_unreference_unlocked(obj); 435 return ret; 436 } 437 438 /** 439 * drm_gem_handle_create - create a gem handle for an object 440 * @file_priv: drm file-private structure to register the handle for 441 * @obj: object to register 442 * @handlep: pionter to return the created handle to the caller 443 * 444 * Create a handle for this object. This adds a handle reference 445 * to the object, which includes a regular reference count. Callers 446 * will likely want to dereference the object afterwards. 447 */ 448 int drm_gem_handle_create(struct drm_file *file_priv, 449 struct drm_gem_object *obj, 450 u32 *handlep) 451 { 452 mutex_lock(&obj->dev->object_name_lock); 453 454 return drm_gem_handle_create_tail(file_priv, obj, handlep); 455 } 456 EXPORT_SYMBOL(drm_gem_handle_create); 457 458 /** 459 * drm_gem_free_mmap_offset - release a fake mmap offset for an object 460 * @obj: obj in question 461 * 462 * This routine frees fake offsets allocated by drm_gem_create_mmap_offset(). 463 * 464 * Note that drm_gem_object_release() already calls this function, so drivers 465 * don't have to take care of releasing the mmap offset themselves when freeing 466 * the GEM object. 467 */ 468 void 469 drm_gem_free_mmap_offset(struct drm_gem_object *obj) 470 { 471 struct drm_device *dev = obj->dev; 472 struct drm_gem_mm *mm = dev->mm_private; 473 struct drm_hash_item *list; 474 475 if (!obj->on_map) 476 return; 477 list = &obj->map_list; 478 479 drm_ht_remove_item(&mm->offset_hash, list); 480 free_unr(mm->idxunr, list->key); 481 obj->on_map = false; 482 483 drm_vma_offset_remove(&mm->vma_manager, &obj->vma_node); 484 } 485 EXPORT_SYMBOL(drm_gem_free_mmap_offset); 486 487 /** 488 * drm_gem_create_mmap_offset_size - create a fake mmap offset for an object 489 * @obj: obj in question 490 * @size: the virtual size 491 * 492 * GEM memory mapping works by handing back to userspace a fake mmap offset 493 * it can use in a subsequent mmap(2) call. The DRM core code then looks 494 * up the object based on the offset and sets up the various memory mapping 495 * structures. 496 * 497 * This routine allocates and attaches a fake offset for @obj, in cases where 498 * the virtual size differs from the physical size (ie. obj->size). Otherwise 499 * just use drm_gem_create_mmap_offset(). 500 * 501 * This function is idempotent and handles an already allocated mmap offset 502 * transparently. Drivers do not need to check for this case. 503 */ 504 int 505 drm_gem_create_mmap_offset_size(struct drm_gem_object *obj, size_t size) 506 { 507 struct drm_device *dev = obj->dev; 508 struct drm_gem_mm *mm = dev->mm_private; 509 int ret = 0; 510 511 if (obj->on_map) 512 return (0); 513 514 obj->map_list.key = alloc_unr(mm->idxunr); 515 ret = drm_ht_insert_item(&mm->offset_hash, &obj->map_list); 516 if (ret != 0) { 517 DRM_ERROR("failed to add to map hash\n"); 518 free_unr(mm->idxunr, obj->map_list.key); 519 return (ret); 520 } 521 obj->on_map = true; 522 return 0; 523 524 return drm_vma_offset_add(&mm->vma_manager, &obj->vma_node, 525 size / PAGE_SIZE); 526 } 527 EXPORT_SYMBOL(drm_gem_create_mmap_offset_size); 528 529 /** 530 * drm_gem_create_mmap_offset - create a fake mmap offset for an object 531 * @obj: obj in question 532 * 533 * GEM memory mapping works by handing back to userspace a fake mmap offset 534 * it can use in a subsequent mmap(2) call. The DRM core code then looks 535 * up the object based on the offset and sets up the various memory mapping 536 * structures. 537 * 538 * This routine allocates and attaches a fake offset for @obj. 539 * 540 * Drivers can call drm_gem_free_mmap_offset() before freeing @obj to release 541 * the fake offset again. 542 */ 543 int drm_gem_create_mmap_offset(struct drm_gem_object *obj) 544 { 545 return drm_gem_create_mmap_offset_size(obj, obj->size); 546 } 547 EXPORT_SYMBOL(drm_gem_create_mmap_offset); 548 549 /** 550 * drm_gem_object_lookup - look up a GEM object from it's handle 551 * @filp: DRM file private date 552 * @handle: userspace handle 553 * 554 * Returns: 555 * 556 * A reference to the object named by the handle if such exists on @filp, NULL 557 * otherwise. 558 */ 559 struct drm_gem_object * 560 drm_gem_object_lookup(struct drm_file *filp, u32 handle) 561 { 562 struct drm_gem_object *obj; 563 564 lockmgr(&filp->table_lock, LK_EXCLUSIVE); 565 566 /* Check if we currently have a reference on the object */ 567 obj = idr_find(&filp->object_idr, handle); 568 if (obj) 569 drm_gem_object_reference(obj); 570 571 lockmgr(&filp->table_lock, LK_RELEASE); 572 573 return obj; 574 } 575 EXPORT_SYMBOL(drm_gem_object_lookup); 576 577 /** 578 * drm_gem_close_ioctl - implementation of the GEM_CLOSE ioctl 579 * @dev: drm_device 580 * @data: ioctl data 581 * @file_priv: drm file-private structure 582 * 583 * Releases the handle to an mm object. 584 */ 585 int 586 drm_gem_close_ioctl(struct drm_device *dev, void *data, 587 struct drm_file *file_priv) 588 { 589 struct drm_gem_close *args = data; 590 int ret; 591 592 if (!drm_core_check_feature(dev, DRIVER_GEM)) 593 return -ENODEV; 594 595 ret = drm_gem_handle_delete(file_priv, args->handle); 596 597 return ret; 598 } 599 600 /** 601 * drm_gem_flink_ioctl - implementation of the GEM_FLINK ioctl 602 * @dev: drm_device 603 * @data: ioctl data 604 * @file_priv: drm file-private structure 605 * 606 * Create a global name for an object, returning the name. 607 * 608 * Note that the name does not hold a reference; when the object 609 * is freed, the name goes away. 610 */ 611 int 612 drm_gem_flink_ioctl(struct drm_device *dev, void *data, 613 struct drm_file *file_priv) 614 { 615 struct drm_gem_flink *args = data; 616 struct drm_gem_object *obj; 617 int ret; 618 619 if (!drm_core_check_feature(dev, DRIVER_GEM)) 620 return -ENODEV; 621 622 obj = drm_gem_object_lookup(file_priv, args->handle); 623 if (obj == NULL) 624 return -ENOENT; 625 626 mutex_lock(&dev->object_name_lock); 627 /* prevent races with concurrent gem_close. */ 628 if (obj->handle_count == 0) { 629 ret = -ENOENT; 630 goto err; 631 } 632 633 if (!obj->name) { 634 ret = idr_alloc(&dev->object_name_idr, obj, 1, 0, GFP_KERNEL); 635 if (ret < 0) 636 goto err; 637 638 obj->name = ret; 639 } 640 641 args->name = (uint64_t) obj->name; 642 ret = 0; 643 644 err: 645 mutex_unlock(&dev->object_name_lock); 646 drm_gem_object_unreference_unlocked(obj); 647 return ret; 648 } 649 650 /** 651 * drm_gem_open - implementation of the GEM_OPEN ioctl 652 * @dev: drm_device 653 * @data: ioctl data 654 * @file_priv: drm file-private structure 655 * 656 * Open an object using the global name, returning a handle and the size. 657 * 658 * This handle (of course) holds a reference to the object, so the object 659 * will not go away until the handle is deleted. 660 */ 661 int 662 drm_gem_open_ioctl(struct drm_device *dev, void *data, 663 struct drm_file *file_priv) 664 { 665 struct drm_gem_open *args = data; 666 struct drm_gem_object *obj; 667 int ret; 668 u32 handle; 669 670 if (!drm_core_check_feature(dev, DRIVER_GEM)) 671 return -ENODEV; 672 673 mutex_lock(&dev->object_name_lock); 674 obj = idr_find(&dev->object_name_idr, (int) args->name); 675 if (obj) { 676 drm_gem_object_reference(obj); 677 } else { 678 mutex_unlock(&dev->object_name_lock); 679 return -ENOENT; 680 } 681 682 /* drm_gem_handle_create_tail unlocks dev->object_name_lock. */ 683 ret = drm_gem_handle_create_tail(file_priv, obj, &handle); 684 drm_gem_object_unreference_unlocked(obj); 685 if (ret) 686 return ret; 687 688 args->handle = handle; 689 args->size = obj->size; 690 691 return 0; 692 } 693 694 /** 695 * gem_gem_open - initalizes GEM file-private structures at devnode open time 696 * @dev: drm_device which is being opened by userspace 697 * @file_private: drm file-private structure to set up 698 * 699 * Called at device open time, sets up the structure for handling refcounting 700 * of mm objects. 701 */ 702 void 703 drm_gem_open(struct drm_device *dev, struct drm_file *file_private) 704 { 705 idr_init(&file_private->object_idr); 706 lockinit(&file_private->table_lock, "fptab", 0, LK_CANRECURSE); 707 } 708 709 /** 710 * drm_gem_release - release file-private GEM resources 711 * @dev: drm_device which is being closed by userspace 712 * @file_private: drm file-private structure to clean up 713 * 714 * Called at close time when the filp is going away. 715 * 716 * Releases any remaining references on objects by this filp. 717 */ 718 void 719 drm_gem_release(struct drm_device *dev, struct drm_file *file_private) 720 { 721 idr_for_each(&file_private->object_idr, 722 &drm_gem_object_release_handle, file_private); 723 idr_destroy(&file_private->object_idr); 724 } 725 726 /** 727 * drm_gem_object_release - release GEM buffer object resources 728 * @obj: GEM buffer object 729 * 730 * This releases any structures and resources used by @obj and is the invers of 731 * drm_gem_object_init(). 732 */ 733 void 734 drm_gem_object_release(struct drm_gem_object *obj) 735 { 736 737 /* 738 * obj->vm_obj can be NULL for private gem objects. 739 */ 740 vm_object_deallocate(obj->filp); 741 } 742 EXPORT_SYMBOL(drm_gem_object_release); 743 744 /** 745 * drm_gem_object_free - free a GEM object 746 * @kref: kref of the object to free 747 * 748 * Called after the last reference to the object has been lost. 749 * Must be called holding &drm_device->struct_mutex. 750 * 751 * Frees the object 752 */ 753 void 754 drm_gem_object_free(struct kref *kref) 755 { 756 struct drm_gem_object *obj = 757 container_of(kref, struct drm_gem_object, refcount); 758 struct drm_device *dev = obj->dev; 759 760 if (dev->driver->gem_free_object_unlocked) { 761 dev->driver->gem_free_object_unlocked(obj); 762 } else if (dev->driver->gem_free_object) { 763 WARN_ON(!mutex_is_locked(&dev->struct_mutex)); 764 765 dev->driver->gem_free_object(obj); 766 } 767 } 768 EXPORT_SYMBOL(drm_gem_object_free); 769 770 /** 771 * drm_gem_object_unreference_unlocked - release a GEM BO reference 772 * @obj: GEM buffer object 773 * 774 * This releases a reference to @obj. Callers must not hold the 775 * dev->struct_mutex lock when calling this function. 776 * 777 * See also __drm_gem_object_unreference(). 778 */ 779 void 780 drm_gem_object_unreference_unlocked(struct drm_gem_object *obj) 781 { 782 struct drm_device *dev; 783 784 if (!obj) 785 return; 786 787 dev = obj->dev; 788 might_lock(&dev->struct_mutex); 789 790 if (dev->driver->gem_free_object_unlocked) 791 kref_put(&obj->refcount, drm_gem_object_free); 792 else if (kref_put_mutex(&obj->refcount, drm_gem_object_free, 793 &dev->struct_mutex)) 794 mutex_unlock(&dev->struct_mutex); 795 } 796 EXPORT_SYMBOL(drm_gem_object_unreference_unlocked); 797 798 /** 799 * drm_gem_object_unreference - release a GEM BO reference 800 * @obj: GEM buffer object 801 * 802 * This releases a reference to @obj. Callers must hold the dev->struct_mutex 803 * lock when calling this function, even when the driver doesn't use 804 * dev->struct_mutex for anything. 805 * 806 * For drivers not encumbered with legacy locking use 807 * drm_gem_object_unreference_unlocked() instead. 808 */ 809 void 810 drm_gem_object_unreference(struct drm_gem_object *obj) 811 { 812 if (obj) { 813 WARN_ON(!mutex_is_locked(&obj->dev->struct_mutex)); 814 815 kref_put(&obj->refcount, drm_gem_object_free); 816 } 817 } 818 EXPORT_SYMBOL(drm_gem_object_unreference); 819 820 static struct drm_gem_object * 821 drm_gem_object_from_offset(struct drm_device *dev, vm_ooffset_t offset) 822 { 823 struct drm_gem_object *obj; 824 struct drm_gem_mm *mm = dev->mm_private; 825 struct drm_hash_item *hash; 826 827 if ((offset & DRM_GEM_MAPPING_MASK) != DRM_GEM_MAPPING_KEY) 828 return (NULL); 829 offset &= ~DRM_GEM_MAPPING_KEY; 830 831 if (drm_ht_find_item(&mm->offset_hash, DRM_GEM_MAPPING_IDX(offset), 832 &hash) != 0) { 833 return (NULL); 834 } 835 obj = container_of(hash, struct drm_gem_object, map_list); 836 return (obj); 837 } 838 839 int 840 drm_gem_mmap_single(struct drm_device *dev, vm_ooffset_t *offset, vm_size_t size, 841 struct vm_object **obj_res, int nprot) 842 { 843 struct drm_gem_object *gem_obj; 844 struct vm_object *vm_obj; 845 846 DRM_LOCK(dev); 847 gem_obj = drm_gem_object_from_offset(dev, *offset); 848 if (gem_obj == NULL) { 849 DRM_UNLOCK(dev); 850 return (ENODEV); 851 } 852 853 drm_gem_object_reference(gem_obj); 854 DRM_UNLOCK(dev); 855 vm_obj = cdev_pager_allocate(gem_obj, OBJT_MGTDEVICE, 856 dev->driver->gem_vm_ops, size, nprot, 857 DRM_GEM_MAPPING_MAPOFF(*offset), curthread->td_ucred); 858 if (vm_obj == NULL) { 859 drm_gem_object_unreference_unlocked(gem_obj); 860 return (EINVAL); 861 } 862 *offset = DRM_GEM_MAPPING_MAPOFF(*offset); 863 *obj_res = vm_obj; 864 return (0); 865 } 866