1 /* 2 * Copyright © 2008 Intel Corporation 3 * 4 * Permission is hereby granted, free of charge, to any person obtaining a 5 * copy of this software and associated documentation files (the "Software"), 6 * to deal in the Software without restriction, including without limitation 7 * the rights to use, copy, modify, merge, publish, distribute, sublicense, 8 * and/or sell copies of the Software, and to permit persons to whom the 9 * Software is furnished to do so, subject to the following conditions: 10 * 11 * The above copyright notice and this permission notice (including the next 12 * paragraph) shall be included in all copies or substantial portions of the 13 * Software. 14 * 15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 18 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 20 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS 21 * IN THE SOFTWARE. 22 * 23 * Authors: 24 * Eric Anholt <eric@anholt.net> 25 * 26 */ 27 /*- 28 * Copyright (c) 2011 The FreeBSD Foundation 29 * All rights reserved. 30 * 31 * This software was developed by Konstantin Belousov under sponsorship from 32 * the FreeBSD Foundation. 33 * 34 * Redistribution and use in source and binary forms, with or without 35 * modification, are permitted provided that the following conditions 36 * are met: 37 * 1. Redistributions of source code must retain the above copyright 38 * notice, this list of conditions and the following disclaimer. 39 * 2. Redistributions in binary form must reproduce the above copyright 40 * notice, this list of conditions and the following disclaimer in the 41 * documentation and/or other materials provided with the distribution. 42 * 43 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 44 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 45 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 46 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 47 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 48 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 49 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 50 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 51 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 52 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 53 * SUCH DAMAGE. 54 */ 55 56 #ifdef __DragonFly__ 57 #include "opt_vm.h" 58 #endif 59 60 #include <linux/types.h> 61 #include <linux/slab.h> 62 #include <linux/mm.h> 63 #include <linux/uaccess.h> 64 #include <linux/fs.h> 65 #include <linux/file.h> 66 #include <linux/module.h> 67 #include <linux/pagemap.h> 68 #include <linux/shmem_fs.h> 69 #include <linux/dma-buf.h> 70 #include <drm/drmP.h> 71 #include <drm/drm_vma_manager.h> 72 #include <drm/drm_gem.h> 73 #include "drm_internal.h" 74 75 #include <sys/param.h> 76 #include <sys/systm.h> 77 #include <sys/limits.h> 78 #include <sys/lock.h> 79 #include <sys/conf.h> 80 81 #include <vm/vm.h> 82 #include <vm/vm_page.h> 83 84 #ifdef __DragonFly__ 85 struct drm_gem_mm { 86 struct drm_vma_offset_manager vma_manager; 87 struct drm_mm offset_manager; /**< Offset mgmt for buffer objects */ 88 struct drm_open_hash offset_hash; /**< User token hash table for maps */ 89 struct unrhdr *idxunr; 90 }; 91 #endif 92 93 /** @file drm_gem.c 94 * 95 * This file provides some of the base ioctls and library routines for 96 * the graphics memory manager implemented by each device driver. 97 * 98 * Because various devices have different requirements in terms of 99 * synchronization and migration strategies, implementing that is left up to 100 * the driver, and all that the general API provides should be generic -- 101 * allocating objects, reading/writing data with the cpu, freeing objects. 102 * Even there, platform-dependent optimizations for reading/writing data with 103 * the CPU mean we'll likely hook those out to driver-specific calls. However, 104 * the DRI2 implementation wants to have at least allocate/mmap be generic. 105 * 106 * The goal was to have swap-backed object allocation managed through 107 * struct file. However, file descriptors as handles to a struct file have 108 * two major failings: 109 * - Process limits prevent more than 1024 or so being used at a time by 110 * default. 111 * - Inability to allocate high fds will aggravate the X Server's select() 112 * handling, and likely that of many GL client applications as well. 113 * 114 * This led to a plan of using our own integer IDs (called handles, following 115 * DRM terminology) to mimic fds, and implement the fd syscalls we need as 116 * ioctls. The objects themselves will still include the struct file so 117 * that we can transition to fds if the required kernel infrastructure shows 118 * up at a later date, and as our interface with shmfs for memory allocation. 119 */ 120 121 /* 122 * We make up offsets for buffer objects so we can recognize them at 123 * mmap time. 124 */ 125 126 /* pgoff in mmap is an unsigned long, so we need to make sure that 127 * the faked up offset will fit 128 */ 129 130 #if BITS_PER_LONG == 64 131 #define DRM_FILE_PAGE_OFFSET_START ((0xFFFFFFFFUL >> PAGE_SHIFT) + 1) 132 #define DRM_FILE_PAGE_OFFSET_SIZE ((0xFFFFFFFFUL >> PAGE_SHIFT) * 16) 133 #else 134 #define DRM_FILE_PAGE_OFFSET_START ((0xFFFFFFFUL >> PAGE_SHIFT) + 1) 135 #define DRM_FILE_PAGE_OFFSET_SIZE ((0xFFFFFFFUL >> PAGE_SHIFT) * 16) 136 #endif 137 138 /** 139 * drm_gem_init - Initialize the GEM device fields 140 * @dev: drm_devic structure to initialize 141 */ 142 int 143 drm_gem_init(struct drm_device *dev) 144 { 145 struct drm_gem_mm *mm; 146 147 lockinit(&dev->object_name_lock, "objnam", 0, LK_CANRECURSE); 148 idr_init(&dev->object_name_idr); 149 150 mm = kzalloc(sizeof(struct drm_gem_mm), GFP_KERNEL); 151 if (!mm) { 152 DRM_ERROR("out of memory\n"); 153 return -ENOMEM; 154 } 155 156 dev->mm_private = mm; 157 158 if (drm_ht_create(&mm->offset_hash, 12)) { 159 kfree(mm); 160 return -ENOMEM; 161 } 162 163 mm->idxunr = new_unrhdr(0, DRM_GEM_MAX_IDX, NULL); 164 drm_mm_init(&mm->offset_manager, DRM_FILE_PAGE_OFFSET_START, 165 DRM_FILE_PAGE_OFFSET_SIZE); 166 drm_vma_offset_manager_init(&mm->vma_manager, 167 DRM_FILE_PAGE_OFFSET_START, 168 DRM_FILE_PAGE_OFFSET_SIZE); 169 170 return 0; 171 } 172 173 void 174 drm_gem_destroy(struct drm_device *dev) 175 { 176 struct drm_gem_mm *mm = dev->mm_private; 177 178 drm_mm_takedown(&mm->offset_manager); 179 drm_ht_remove(&mm->offset_hash); 180 181 drm_vma_offset_manager_destroy(&mm->vma_manager); 182 delete_unrhdr(mm->idxunr); 183 kfree(mm); 184 dev->mm_private = NULL; 185 } 186 187 /** 188 * drm_gem_object_init - initialize an allocated shmem-backed GEM object 189 * @dev: drm_device the object should be initialized for 190 * @obj: drm_gem_object to initialize 191 * @size: object size 192 * 193 * Initialize an already allocated GEM object of the specified size with 194 * shmfs backing store. 195 */ 196 int drm_gem_object_init(struct drm_device *dev, 197 struct drm_gem_object *obj, size_t size) 198 { 199 drm_gem_private_object_init(dev, obj, size); 200 201 obj->filp = default_pager_alloc(NULL, size, 202 VM_PROT_READ | VM_PROT_WRITE, 0); 203 204 return 0; 205 } 206 EXPORT_SYMBOL(drm_gem_object_init); 207 208 /** 209 * drm_gem_private_object_init - initialize an allocated private GEM object 210 * @dev: drm_device the object should be initialized for 211 * @obj: drm_gem_object to initialize 212 * @size: object size 213 * 214 * Initialize an already allocated GEM object of the specified size with 215 * no GEM provided backing store. Instead the caller is responsible for 216 * backing the object and handling it. 217 */ 218 void drm_gem_private_object_init(struct drm_device *dev, 219 struct drm_gem_object *obj, size_t size) 220 { 221 BUG_ON((size & (PAGE_SIZE - 1)) != 0); 222 223 obj->dev = dev; 224 obj->filp = NULL; 225 226 kref_init(&obj->refcount); 227 obj->handle_count = 0; 228 obj->size = size; 229 drm_vma_node_reset(&obj->vma_node); 230 } 231 EXPORT_SYMBOL(drm_gem_private_object_init); 232 233 static void 234 drm_gem_remove_prime_handles(struct drm_gem_object *obj, struct drm_file *filp) 235 { 236 /* 237 * Note: obj->dma_buf can't disappear as long as we still hold a 238 * handle reference in obj->handle_count. 239 */ 240 mutex_lock(&filp->prime.lock); 241 #if 0 242 if (obj->dma_buf) { 243 drm_prime_remove_buf_handle_locked(&filp->prime, 244 obj->dma_buf); 245 } 246 #endif 247 mutex_unlock(&filp->prime.lock); 248 } 249 250 /** 251 * drm_gem_object_handle_free - release resources bound to userspace handles 252 * @obj: GEM object to clean up. 253 * 254 * Called after the last handle to the object has been closed 255 * 256 * Removes any name for the object. Note that this must be 257 * called before drm_gem_object_free or we'll be touching 258 * freed memory 259 */ 260 static void drm_gem_object_handle_free(struct drm_gem_object *obj) 261 { 262 struct drm_device *dev = obj->dev; 263 264 /* Remove any name for this object */ 265 if (obj->name) { 266 idr_remove(&dev->object_name_idr, obj->name); 267 obj->name = 0; 268 } 269 } 270 271 static void drm_gem_object_exported_dma_buf_free(struct drm_gem_object *obj) 272 { 273 #if 0 274 /* Unbreak the reference cycle if we have an exported dma_buf. */ 275 if (obj->dma_buf) { 276 dma_buf_put(obj->dma_buf); 277 obj->dma_buf = NULL; 278 } 279 #endif 280 } 281 282 static void 283 drm_gem_object_handle_put_unlocked(struct drm_gem_object *obj) 284 { 285 struct drm_device *dev = obj->dev; 286 bool final = false; 287 288 if (WARN_ON(obj->handle_count == 0)) 289 return; 290 291 /* 292 * Must bump handle count first as this may be the last 293 * ref, in which case the object would disappear before we 294 * checked for a name 295 */ 296 297 mutex_lock(&dev->object_name_lock); 298 if (--obj->handle_count == 0) { 299 drm_gem_object_handle_free(obj); 300 drm_gem_object_exported_dma_buf_free(obj); 301 final = true; 302 } 303 mutex_unlock(&dev->object_name_lock); 304 305 if (final) 306 drm_gem_object_put_unlocked(obj); 307 } 308 309 /* 310 * Called at device or object close to release the file's 311 * handle references on objects. 312 */ 313 static int 314 drm_gem_object_release_handle(int id, void *ptr, void *data) 315 { 316 struct drm_file *file_priv = data; 317 struct drm_gem_object *obj = ptr; 318 struct drm_device *dev = obj->dev; 319 320 if (dev->driver->gem_close_object) 321 dev->driver->gem_close_object(obj, file_priv); 322 323 if (drm_core_check_feature(dev, DRIVER_PRIME)) 324 drm_gem_remove_prime_handles(obj, file_priv); 325 drm_vma_node_revoke(&obj->vma_node, file_priv); 326 327 drm_gem_object_handle_put_unlocked(obj); 328 329 return 0; 330 } 331 332 /** 333 * drm_gem_handle_delete - deletes the given file-private handle 334 * @filp: drm file-private structure to use for the handle look up 335 * @handle: userspace handle to delete 336 * 337 * Removes the GEM handle from the @filp lookup table which has been added with 338 * drm_gem_handle_create(). If this is the last handle also cleans up linked 339 * resources like GEM names. 340 */ 341 int 342 drm_gem_handle_delete(struct drm_file *filp, u32 handle) 343 { 344 struct drm_gem_object *obj; 345 346 /* This is gross. The idr system doesn't let us try a delete and 347 * return an error code. It just spews if you fail at deleting. 348 * So, we have to grab a lock around finding the object and then 349 * doing the delete on it and dropping the refcount, or the user 350 * could race us to double-decrement the refcount and cause a 351 * use-after-free later. Given the frequency of our handle lookups, 352 * we may want to use ida for number allocation and a hash table 353 * for the pointers, anyway. 354 */ 355 lockmgr(&filp->table_lock, LK_EXCLUSIVE); 356 357 /* Check if we currently have a reference on the object */ 358 obj = idr_replace(&filp->object_idr, NULL, handle); 359 lockmgr(&filp->table_lock, LK_RELEASE); 360 if (IS_ERR_OR_NULL(obj)) 361 return -EINVAL; 362 363 /* Release driver's reference and decrement refcount. */ 364 drm_gem_object_release_handle(handle, obj, filp); 365 366 /* And finally make the handle available for future allocations. */ 367 lockmgr(&filp->table_lock, LK_EXCLUSIVE); 368 idr_remove(&filp->object_idr, handle); 369 lockmgr(&filp->table_lock, LK_RELEASE); 370 371 return 0; 372 } 373 EXPORT_SYMBOL(drm_gem_handle_delete); 374 375 /** 376 * drm_gem_dumb_destroy - dumb fb callback helper for gem based drivers 377 * @file: drm file-private structure to remove the dumb handle from 378 * @dev: corresponding drm_device 379 * @handle: the dumb handle to remove 380 * 381 * This implements the &drm_driver.dumb_destroy kms driver callback for drivers 382 * which use gem to manage their backing storage. 383 */ 384 int drm_gem_dumb_destroy(struct drm_file *file, 385 struct drm_device *dev, 386 uint32_t handle) 387 { 388 return drm_gem_handle_delete(file, handle); 389 } 390 EXPORT_SYMBOL(drm_gem_dumb_destroy); 391 392 /** 393 * drm_gem_handle_create_tail - internal functions to create a handle 394 * @file_priv: drm file-private structure to register the handle for 395 * @obj: object to register 396 * @handlep: pointer to return the created handle to the caller 397 * 398 * This expects the &drm_device.object_name_lock to be held already and will 399 * drop it before returning. Used to avoid races in establishing new handles 400 * when importing an object from either an flink name or a dma-buf. 401 * 402 * Handles must be release again through drm_gem_handle_delete(). This is done 403 * when userspace closes @file_priv for all attached handles, or through the 404 * GEM_CLOSE ioctl for individual handles. 405 */ 406 int 407 drm_gem_handle_create_tail(struct drm_file *file_priv, 408 struct drm_gem_object *obj, 409 u32 *handlep) 410 { 411 struct drm_device *dev = obj->dev; 412 u32 handle; 413 int ret; 414 415 WARN_ON(!mutex_is_locked(&dev->object_name_lock)); 416 if (obj->handle_count++ == 0) 417 drm_gem_object_get(obj); 418 419 /* 420 * Get the user-visible handle using idr. Preload and perform 421 * allocation under our spinlock. 422 */ 423 idr_preload(GFP_KERNEL); 424 lockmgr(&file_priv->table_lock, LK_EXCLUSIVE); 425 426 ret = idr_alloc(&file_priv->object_idr, obj, 1, 0, GFP_NOWAIT); 427 428 lockmgr(&file_priv->table_lock, LK_RELEASE); 429 idr_preload_end(); 430 431 mutex_unlock(&dev->object_name_lock); 432 if (ret < 0) 433 goto err_unref; 434 435 handle = ret; 436 437 ret = drm_vma_node_allow(&obj->vma_node, file_priv); 438 if (ret) 439 goto err_remove; 440 441 if (dev->driver->gem_open_object) { 442 ret = dev->driver->gem_open_object(obj, file_priv); 443 if (ret) 444 goto err_revoke; 445 } 446 447 *handlep = handle; 448 return 0; 449 450 err_revoke: 451 drm_vma_node_revoke(&obj->vma_node, file_priv); 452 err_remove: 453 lockmgr(&file_priv->table_lock, LK_EXCLUSIVE); 454 idr_remove(&file_priv->object_idr, handle); 455 lockmgr(&file_priv->table_lock, LK_RELEASE); 456 err_unref: 457 drm_gem_object_handle_put_unlocked(obj); 458 return ret; 459 } 460 461 /** 462 * drm_gem_handle_create - create a gem handle for an object 463 * @file_priv: drm file-private structure to register the handle for 464 * @obj: object to register 465 * @handlep: pionter to return the created handle to the caller 466 * 467 * Create a handle for this object. This adds a handle reference 468 * to the object, which includes a regular reference count. Callers 469 * will likely want to dereference the object afterwards. 470 */ 471 int drm_gem_handle_create(struct drm_file *file_priv, 472 struct drm_gem_object *obj, 473 u32 *handlep) 474 { 475 mutex_lock(&obj->dev->object_name_lock); 476 477 return drm_gem_handle_create_tail(file_priv, obj, handlep); 478 } 479 EXPORT_SYMBOL(drm_gem_handle_create); 480 481 /** 482 * drm_gem_free_mmap_offset - release a fake mmap offset for an object 483 * @obj: obj in question 484 * 485 * This routine frees fake offsets allocated by drm_gem_create_mmap_offset(). 486 * 487 * Note that drm_gem_object_release() already calls this function, so drivers 488 * don't have to take care of releasing the mmap offset themselves when freeing 489 * the GEM object. 490 */ 491 void 492 drm_gem_free_mmap_offset(struct drm_gem_object *obj) 493 { 494 struct drm_device *dev = obj->dev; 495 struct drm_gem_mm *mm = dev->mm_private; 496 struct drm_hash_item *list; 497 498 if (!obj->on_map) 499 return; 500 list = &obj->map_list; 501 502 drm_ht_remove_item(&mm->offset_hash, list); 503 free_unr(mm->idxunr, list->key); 504 obj->on_map = false; 505 506 drm_vma_offset_remove(&mm->vma_manager, &obj->vma_node); 507 } 508 EXPORT_SYMBOL(drm_gem_free_mmap_offset); 509 510 /** 511 * drm_gem_create_mmap_offset_size - create a fake mmap offset for an object 512 * @obj: obj in question 513 * @size: the virtual size 514 * 515 * GEM memory mapping works by handing back to userspace a fake mmap offset 516 * it can use in a subsequent mmap(2) call. The DRM core code then looks 517 * up the object based on the offset and sets up the various memory mapping 518 * structures. 519 * 520 * This routine allocates and attaches a fake offset for @obj, in cases where 521 * the virtual size differs from the physical size (ie. &drm_gem_object.size). 522 * Otherwise just use drm_gem_create_mmap_offset(). 523 * 524 * This function is idempotent and handles an already allocated mmap offset 525 * transparently. Drivers do not need to check for this case. 526 */ 527 int 528 drm_gem_create_mmap_offset_size(struct drm_gem_object *obj, size_t size) 529 { 530 struct drm_device *dev = obj->dev; 531 struct drm_gem_mm *mm = dev->mm_private; 532 int ret = 0; 533 534 if (obj->on_map) 535 return (0); 536 537 obj->map_list.key = alloc_unr(mm->idxunr); 538 ret = drm_ht_insert_item(&mm->offset_hash, &obj->map_list); 539 if (ret != 0) { 540 DRM_ERROR("failed to add to map hash\n"); 541 free_unr(mm->idxunr, obj->map_list.key); 542 return (ret); 543 } 544 obj->on_map = true; 545 return 0; 546 547 return drm_vma_offset_add(&mm->vma_manager, &obj->vma_node, 548 size / PAGE_SIZE); 549 } 550 EXPORT_SYMBOL(drm_gem_create_mmap_offset_size); 551 552 /** 553 * drm_gem_create_mmap_offset - create a fake mmap offset for an object 554 * @obj: obj in question 555 * 556 * GEM memory mapping works by handing back to userspace a fake mmap offset 557 * it can use in a subsequent mmap(2) call. The DRM core code then looks 558 * up the object based on the offset and sets up the various memory mapping 559 * structures. 560 * 561 * This routine allocates and attaches a fake offset for @obj. 562 * 563 * Drivers can call drm_gem_free_mmap_offset() before freeing @obj to release 564 * the fake offset again. 565 */ 566 int drm_gem_create_mmap_offset(struct drm_gem_object *obj) 567 { 568 return drm_gem_create_mmap_offset_size(obj, obj->size); 569 } 570 EXPORT_SYMBOL(drm_gem_create_mmap_offset); 571 572 /** 573 * drm_gem_object_lookup - look up a GEM object from it's handle 574 * @filp: DRM file private date 575 * @handle: userspace handle 576 * 577 * Returns: 578 * 579 * A reference to the object named by the handle if such exists on @filp, NULL 580 * otherwise. 581 */ 582 struct drm_gem_object * 583 drm_gem_object_lookup(struct drm_file *filp, u32 handle) 584 { 585 struct drm_gem_object *obj; 586 587 lockmgr(&filp->table_lock, LK_EXCLUSIVE); 588 589 /* Check if we currently have a reference on the object */ 590 obj = idr_find(&filp->object_idr, handle); 591 if (obj) 592 drm_gem_object_get(obj); 593 594 lockmgr(&filp->table_lock, LK_RELEASE); 595 596 return obj; 597 } 598 EXPORT_SYMBOL(drm_gem_object_lookup); 599 600 /** 601 * drm_gem_close_ioctl - implementation of the GEM_CLOSE ioctl 602 * @dev: drm_device 603 * @data: ioctl data 604 * @file_priv: drm file-private structure 605 * 606 * Releases the handle to an mm object. 607 */ 608 int 609 drm_gem_close_ioctl(struct drm_device *dev, void *data, 610 struct drm_file *file_priv) 611 { 612 struct drm_gem_close *args = data; 613 int ret; 614 615 if (!drm_core_check_feature(dev, DRIVER_GEM)) 616 return -ENODEV; 617 618 ret = drm_gem_handle_delete(file_priv, args->handle); 619 620 return ret; 621 } 622 623 /** 624 * drm_gem_flink_ioctl - implementation of the GEM_FLINK ioctl 625 * @dev: drm_device 626 * @data: ioctl data 627 * @file_priv: drm file-private structure 628 * 629 * Create a global name for an object, returning the name. 630 * 631 * Note that the name does not hold a reference; when the object 632 * is freed, the name goes away. 633 */ 634 int 635 drm_gem_flink_ioctl(struct drm_device *dev, void *data, 636 struct drm_file *file_priv) 637 { 638 struct drm_gem_flink *args = data; 639 struct drm_gem_object *obj; 640 int ret; 641 642 if (!drm_core_check_feature(dev, DRIVER_GEM)) 643 return -ENODEV; 644 645 obj = drm_gem_object_lookup(file_priv, args->handle); 646 if (obj == NULL) 647 return -ENOENT; 648 649 mutex_lock(&dev->object_name_lock); 650 /* prevent races with concurrent gem_close. */ 651 if (obj->handle_count == 0) { 652 ret = -ENOENT; 653 goto err; 654 } 655 656 if (!obj->name) { 657 ret = idr_alloc(&dev->object_name_idr, obj, 1, 0, GFP_KERNEL); 658 if (ret < 0) 659 goto err; 660 661 obj->name = ret; 662 } 663 664 args->name = (uint64_t) obj->name; 665 ret = 0; 666 667 err: 668 mutex_unlock(&dev->object_name_lock); 669 drm_gem_object_put_unlocked(obj); 670 return ret; 671 } 672 673 /** 674 * drm_gem_open - implementation of the GEM_OPEN ioctl 675 * @dev: drm_device 676 * @data: ioctl data 677 * @file_priv: drm file-private structure 678 * 679 * Open an object using the global name, returning a handle and the size. 680 * 681 * This handle (of course) holds a reference to the object, so the object 682 * will not go away until the handle is deleted. 683 */ 684 int 685 drm_gem_open_ioctl(struct drm_device *dev, void *data, 686 struct drm_file *file_priv) 687 { 688 struct drm_gem_open *args = data; 689 struct drm_gem_object *obj; 690 int ret; 691 u32 handle; 692 693 if (!drm_core_check_feature(dev, DRIVER_GEM)) 694 return -ENODEV; 695 696 mutex_lock(&dev->object_name_lock); 697 obj = idr_find(&dev->object_name_idr, (int) args->name); 698 if (obj) { 699 drm_gem_object_get(obj); 700 } else { 701 mutex_unlock(&dev->object_name_lock); 702 return -ENOENT; 703 } 704 705 /* drm_gem_handle_create_tail unlocks dev->object_name_lock. */ 706 ret = drm_gem_handle_create_tail(file_priv, obj, &handle); 707 drm_gem_object_put_unlocked(obj); 708 if (ret) 709 return ret; 710 711 args->handle = handle; 712 args->size = obj->size; 713 714 return 0; 715 } 716 717 /** 718 * gem_gem_open - initalizes GEM file-private structures at devnode open time 719 * @dev: drm_device which is being opened by userspace 720 * @file_private: drm file-private structure to set up 721 * 722 * Called at device open time, sets up the structure for handling refcounting 723 * of mm objects. 724 */ 725 void 726 drm_gem_open(struct drm_device *dev, struct drm_file *file_private) 727 { 728 idr_init(&file_private->object_idr); 729 lockinit(&file_private->table_lock, "fptab", 0, 0); 730 } 731 732 /** 733 * drm_gem_release - release file-private GEM resources 734 * @dev: drm_device which is being closed by userspace 735 * @file_private: drm file-private structure to clean up 736 * 737 * Called at close time when the filp is going away. 738 * 739 * Releases any remaining references on objects by this filp. 740 */ 741 void 742 drm_gem_release(struct drm_device *dev, struct drm_file *file_private) 743 { 744 idr_for_each(&file_private->object_idr, 745 &drm_gem_object_release_handle, file_private); 746 idr_destroy(&file_private->object_idr); 747 } 748 749 /** 750 * drm_gem_object_release - release GEM buffer object resources 751 * @obj: GEM buffer object 752 * 753 * This releases any structures and resources used by @obj and is the invers of 754 * drm_gem_object_init(). 755 */ 756 void 757 drm_gem_object_release(struct drm_gem_object *obj) 758 { 759 WARN_ON(obj->dma_buf); 760 761 /* 762 * obj->vm_obj can be NULL for private gem objects. 763 */ 764 vm_object_deallocate(obj->filp); 765 766 drm_gem_free_mmap_offset(obj); 767 } 768 EXPORT_SYMBOL(drm_gem_object_release); 769 770 /** 771 * drm_gem_object_free - free a GEM object 772 * @kref: kref of the object to free 773 * 774 * Called after the last reference to the object has been lost. 775 * Must be called holding &drm_device.struct_mutex. 776 * 777 * Frees the object 778 */ 779 void 780 drm_gem_object_free(struct kref *kref) 781 { 782 struct drm_gem_object *obj = 783 container_of(kref, struct drm_gem_object, refcount); 784 struct drm_device *dev = obj->dev; 785 786 if (dev->driver->gem_free_object_unlocked) { 787 dev->driver->gem_free_object_unlocked(obj); 788 } else if (dev->driver->gem_free_object) { 789 WARN_ON(!mutex_is_locked(&dev->struct_mutex)); 790 791 dev->driver->gem_free_object(obj); 792 } 793 } 794 EXPORT_SYMBOL(drm_gem_object_free); 795 796 /** 797 * drm_gem_object_put_unlocked - drop a GEM buffer object reference 798 * @obj: GEM buffer object 799 * 800 * This releases a reference to @obj. Callers must not hold the 801 * &drm_device.struct_mutex lock when calling this function. 802 * 803 * See also __drm_gem_object_put(). 804 */ 805 void 806 drm_gem_object_put_unlocked(struct drm_gem_object *obj) 807 { 808 struct drm_device *dev; 809 810 if (!obj) 811 return; 812 813 dev = obj->dev; 814 might_lock(&dev->struct_mutex); 815 816 if (dev->driver->gem_free_object_unlocked) 817 kref_put(&obj->refcount, drm_gem_object_free); 818 else if (kref_put_mutex(&obj->refcount, drm_gem_object_free, 819 &dev->struct_mutex)) 820 mutex_unlock(&dev->struct_mutex); 821 } 822 EXPORT_SYMBOL(drm_gem_object_put_unlocked); 823 824 /** 825 * drm_gem_object_put - release a GEM buffer object reference 826 * @obj: GEM buffer object 827 * 828 * This releases a reference to @obj. Callers must hold the 829 * &drm_device.struct_mutex lock when calling this function, even when the 830 * driver doesn't use &drm_device.struct_mutex for anything. 831 * 832 * For drivers not encumbered with legacy locking use 833 * drm_gem_object_put_unlocked() instead. 834 */ 835 void 836 drm_gem_object_put(struct drm_gem_object *obj) 837 { 838 if (obj) { 839 WARN_ON(!mutex_is_locked(&obj->dev->struct_mutex)); 840 841 kref_put(&obj->refcount, drm_gem_object_free); 842 } 843 } 844 EXPORT_SYMBOL(drm_gem_object_put); 845 846 /** 847 * drm_gem_vm_open - vma->ops->open implementation for GEM 848 * @vma: VM area structure 849 * 850 * This function implements the #vm_operations_struct open() callback for GEM 851 * drivers. This must be used together with drm_gem_vm_close(). 852 */ 853 void drm_gem_vm_open(struct vm_area_struct *vma) 854 { 855 struct drm_gem_object *obj = vma->vm_private_data; 856 857 drm_gem_object_get(obj); 858 } 859 EXPORT_SYMBOL(drm_gem_vm_open); 860 861 /** 862 * drm_gem_vm_close - vma->ops->close implementation for GEM 863 * @vma: VM area structure 864 * 865 * This function implements the #vm_operations_struct close() callback for GEM 866 * drivers. This must be used together with drm_gem_vm_open(). 867 */ 868 void drm_gem_vm_close(struct vm_area_struct *vma) 869 { 870 struct drm_gem_object *obj = vma->vm_private_data; 871 872 drm_gem_object_put_unlocked(obj); 873 } 874 EXPORT_SYMBOL(drm_gem_vm_close); 875 876 static struct drm_gem_object * 877 drm_gem_object_from_offset(struct drm_device *dev, vm_ooffset_t offset) 878 { 879 struct drm_gem_object *obj; 880 struct drm_gem_mm *mm = dev->mm_private; 881 struct drm_hash_item *hash; 882 883 if ((offset & DRM_GEM_MAPPING_MASK) != DRM_GEM_MAPPING_KEY) 884 return (NULL); 885 offset &= ~DRM_GEM_MAPPING_KEY; 886 887 if (drm_ht_find_item(&mm->offset_hash, DRM_GEM_MAPPING_IDX(offset), 888 &hash) != 0) { 889 return (NULL); 890 } 891 obj = container_of(hash, struct drm_gem_object, map_list); 892 return (obj); 893 } 894 895 int 896 drm_gem_mmap_single(struct drm_device *dev, vm_ooffset_t *offset, vm_size_t size, 897 struct vm_object **obj_res, int nprot) 898 { 899 struct drm_gem_object *gem_obj; 900 struct vm_object *vm_obj; 901 902 DRM_LOCK(dev); 903 gem_obj = drm_gem_object_from_offset(dev, *offset); 904 if (gem_obj == NULL) { 905 DRM_UNLOCK(dev); 906 return (ENODEV); 907 } 908 909 drm_gem_object_reference(gem_obj); 910 DRM_UNLOCK(dev); 911 vm_obj = cdev_pager_allocate(gem_obj, OBJT_MGTDEVICE, 912 dev->driver->gem_vm_ops, size, nprot, 913 DRM_GEM_MAPPING_MAPOFF(*offset), curthread->td_ucred); 914 if (vm_obj == NULL) { 915 drm_gem_object_unreference_unlocked(gem_obj); 916 return (EINVAL); 917 } 918 *offset = DRM_GEM_MAPPING_MAPOFF(*offset); 919 *obj_res = vm_obj; 920 return (0); 921 } 922