xref: /linux/Documentation/gpu/drm-uapi.rst (revision a4eb44a6435d6d8f9e642407a4a06f65eb90ca04)
1.. Copyright 2020 DisplayLink (UK) Ltd.
2
3===================
4Userland interfaces
5===================
6
7The DRM core exports several interfaces to applications, generally
8intended to be used through corresponding libdrm wrapper functions. In
9addition, drivers export device-specific interfaces for use by userspace
10drivers & device-aware applications through ioctls and sysfs files.
11
12External interfaces include: memory mapping, context management, DMA
13operations, AGP management, vblank control, fence management, memory
14management, and output management.
15
16Cover generic ioctls and sysfs layout here. We only need high-level
17info, since man pages should cover the rest.
18
19libdrm Device Lookup
20====================
21
22.. kernel-doc:: drivers/gpu/drm/drm_ioctl.c
23   :doc: getunique and setversion story
24
25
26.. _drm_primary_node:
27
28Primary Nodes, DRM Master and Authentication
29============================================
30
31.. kernel-doc:: drivers/gpu/drm/drm_auth.c
32   :doc: master and authentication
33
34.. kernel-doc:: drivers/gpu/drm/drm_auth.c
35   :export:
36
37.. kernel-doc:: include/drm/drm_auth.h
38   :internal:
39
40
41.. _drm_leasing:
42
43DRM Display Resource Leasing
44============================
45
46.. kernel-doc:: drivers/gpu/drm/drm_lease.c
47   :doc: drm leasing
48
49Open-Source Userspace Requirements
50==================================
51
52The DRM subsystem has stricter requirements than most other kernel subsystems on
53what the userspace side for new uAPI needs to look like. This section here
54explains what exactly those requirements are, and why they exist.
55
56The short summary is that any addition of DRM uAPI requires corresponding
57open-sourced userspace patches, and those patches must be reviewed and ready for
58merging into a suitable and canonical upstream project.
59
60GFX devices (both display and render/GPU side) are really complex bits of
61hardware, with userspace and kernel by necessity having to work together really
62closely.  The interfaces, for rendering and modesetting, must be extremely wide
63and flexible, and therefore it is almost always impossible to precisely define
64them for every possible corner case. This in turn makes it really practically
65infeasible to differentiate between behaviour that's required by userspace, and
66which must not be changed to avoid regressions, and behaviour which is only an
67accidental artifact of the current implementation.
68
69Without access to the full source code of all userspace users that means it
70becomes impossible to change the implementation details, since userspace could
71depend upon the accidental behaviour of the current implementation in minute
72details. And debugging such regressions without access to source code is pretty
73much impossible. As a consequence this means:
74
75- The Linux kernel's "no regression" policy holds in practice only for
76  open-source userspace of the DRM subsystem. DRM developers are perfectly fine
77  if closed-source blob drivers in userspace use the same uAPI as the open
78  drivers, but they must do so in the exact same way as the open drivers.
79  Creative (ab)use of the interfaces will, and in the past routinely has, lead
80  to breakage.
81
82- Any new userspace interface must have an open-source implementation as
83  demonstration vehicle.
84
85The other reason for requiring open-source userspace is uAPI review. Since the
86kernel and userspace parts of a GFX stack must work together so closely, code
87review can only assess whether a new interface achieves its goals by looking at
88both sides. Making sure that the interface indeed covers the use-case fully
89leads to a few additional requirements:
90
91- The open-source userspace must not be a toy/test application, but the real
92  thing. Specifically it needs to handle all the usual error and corner cases.
93  These are often the places where new uAPI falls apart and hence essential to
94  assess the fitness of a proposed interface.
95
96- The userspace side must be fully reviewed and tested to the standards of that
97  userspace project. For e.g. mesa this means piglit testcases and review on the
98  mailing list. This is again to ensure that the new interface actually gets the
99  job done.  The userspace-side reviewer should also provide an Acked-by on the
100  kernel uAPI patch indicating that they believe the proposed uAPI is sound and
101  sufficiently documented and validated for userspace's consumption.
102
103- The userspace patches must be against the canonical upstream, not some vendor
104  fork. This is to make sure that no one cheats on the review and testing
105  requirements by doing a quick fork.
106
107- The kernel patch can only be merged after all the above requirements are met,
108  but it **must** be merged to either drm-next or drm-misc-next **before** the
109  userspace patches land. uAPI always flows from the kernel, doing things the
110  other way round risks divergence of the uAPI definitions and header files.
111
112These are fairly steep requirements, but have grown out from years of shared
113pain and experience with uAPI added hastily, and almost always regretted about
114just as fast. GFX devices change really fast, requiring a paradigm shift and
115entire new set of uAPI interfaces every few years at least. Together with the
116Linux kernel's guarantee to keep existing userspace running for 10+ years this
117is already rather painful for the DRM subsystem, with multiple different uAPIs
118for the same thing co-existing. If we add a few more complete mistakes into the
119mix every year it would be entirely unmanageable.
120
121.. _drm_render_node:
122
123Render nodes
124============
125
126DRM core provides multiple character-devices for user-space to use.
127Depending on which device is opened, user-space can perform a different
128set of operations (mainly ioctls). The primary node is always created
129and called card<num>. Additionally, a currently unused control node,
130called controlD<num> is also created. The primary node provides all
131legacy operations and historically was the only interface used by
132userspace. With KMS, the control node was introduced. However, the
133planned KMS control interface has never been written and so the control
134node stays unused to date.
135
136With the increased use of offscreen renderers and GPGPU applications,
137clients no longer require running compositors or graphics servers to
138make use of a GPU. But the DRM API required unprivileged clients to
139authenticate to a DRM-Master prior to getting GPU access. To avoid this
140step and to grant clients GPU access without authenticating, render
141nodes were introduced. Render nodes solely serve render clients, that
142is, no modesetting or privileged ioctls can be issued on render nodes.
143Only non-global rendering commands are allowed. If a driver supports
144render nodes, it must advertise it via the DRIVER_RENDER DRM driver
145capability. If not supported, the primary node must be used for render
146clients together with the legacy drmAuth authentication procedure.
147
148If a driver advertises render node support, DRM core will create a
149separate render node called renderD<num>. There will be one render node
150per device. No ioctls except PRIME-related ioctls will be allowed on
151this node. Especially GEM_OPEN will be explicitly prohibited. Render
152nodes are designed to avoid the buffer-leaks, which occur if clients
153guess the flink names or mmap offsets on the legacy interface.
154Additionally to this basic interface, drivers must mark their
155driver-dependent render-only ioctls as DRM_RENDER_ALLOW so render
156clients can use them. Driver authors must be careful not to allow any
157privileged ioctls on render nodes.
158
159With render nodes, user-space can now control access to the render node
160via basic file-system access-modes. A running graphics server which
161authenticates clients on the privileged primary/legacy node is no longer
162required. Instead, a client can open the render node and is immediately
163granted GPU access. Communication between clients (or servers) is done
164via PRIME. FLINK from render node to legacy node is not supported. New
165clients must not use the insecure FLINK interface.
166
167Besides dropping all modeset/global ioctls, render nodes also drop the
168DRM-Master concept. There is no reason to associate render clients with
169a DRM-Master as they are independent of any graphics server. Besides,
170they must work without any running master, anyway. Drivers must be able
171to run without a master object if they support render nodes. If, on the
172other hand, a driver requires shared state between clients which is
173visible to user-space and accessible beyond open-file boundaries, they
174cannot support render nodes.
175
176Device Hot-Unplug
177=================
178
179.. note::
180   The following is the plan. Implementation is not there yet
181   (2020 May).
182
183Graphics devices (display and/or render) may be connected via USB (e.g.
184display adapters or docking stations) or Thunderbolt (e.g. eGPU). An end
185user is able to hot-unplug this kind of devices while they are being
186used, and expects that the very least the machine does not crash. Any
187damage from hot-unplugging a DRM device needs to be limited as much as
188possible and userspace must be given the chance to handle it if it wants
189to. Ideally, unplugging a DRM device still lets a desktop continue to
190run, but that is going to need explicit support throughout the whole
191graphics stack: from kernel and userspace drivers, through display
192servers, via window system protocols, and in applications and libraries.
193
194Other scenarios that should lead to the same are: unrecoverable GPU
195crash, PCI device disappearing off the bus, or forced unbind of a driver
196from the physical device.
197
198In other words, from userspace perspective everything needs to keep on
199working more or less, until userspace stops using the disappeared DRM
200device and closes it completely. Userspace will learn of the device
201disappearance from the device removed uevent, ioctls returning ENODEV
202(or driver-specific ioctls returning driver-specific things), or open()
203returning ENXIO.
204
205Only after userspace has closed all relevant DRM device and dmabuf file
206descriptors and removed all mmaps, the DRM driver can tear down its
207instance for the device that no longer exists. If the same physical
208device somehow comes back in the mean time, it shall be a new DRM
209device.
210
211Similar to PIDs, chardev minor numbers are not recycled immediately. A
212new DRM device always picks the next free minor number compared to the
213previous one allocated, and wraps around when minor numbers are
214exhausted.
215
216The goal raises at least the following requirements for the kernel and
217drivers.
218
219Requirements for KMS UAPI
220-------------------------
221
222- KMS connectors must change their status to disconnected.
223
224- Legacy modesets and pageflips, and atomic commits, both real and
225  TEST_ONLY, and any other ioctls either fail with ENODEV or fake
226  success.
227
228- Pending non-blocking KMS operations deliver the DRM events userspace
229  is expecting. This applies also to ioctls that faked success.
230
231- open() on a device node whose underlying device has disappeared will
232  fail with ENXIO.
233
234- Attempting to create a DRM lease on a disappeared DRM device will
235  fail with ENODEV. Existing DRM leases remain and work as listed
236  above.
237
238Requirements for Render and Cross-Device UAPI
239---------------------------------------------
240
241- All GPU jobs that can no longer run must have their fences
242  force-signalled to avoid inflicting hangs on userspace.
243  The associated error code is ENODEV.
244
245- Some userspace APIs already define what should happen when the device
246  disappears (OpenGL, GL ES: `GL_KHR_robustness`_; `Vulkan`_:
247  VK_ERROR_DEVICE_LOST; etc.). DRM drivers are free to implement this
248  behaviour the way they see best, e.g. returning failures in
249  driver-specific ioctls and handling those in userspace drivers, or
250  rely on uevents, and so on.
251
252- dmabuf which point to memory that has disappeared will either fail to
253  import with ENODEV or continue to be successfully imported if it would
254  have succeeded before the disappearance. See also about memory maps
255  below for already imported dmabufs.
256
257- Attempting to import a dmabuf to a disappeared device will either fail
258  with ENODEV or succeed if it would have succeeded without the
259  disappearance.
260
261- open() on a device node whose underlying device has disappeared will
262  fail with ENXIO.
263
264.. _GL_KHR_robustness: https://www.khronos.org/registry/OpenGL/extensions/KHR/KHR_robustness.txt
265.. _Vulkan: https://www.khronos.org/vulkan/
266
267Requirements for Memory Maps
268----------------------------
269
270Memory maps have further requirements that apply to both existing maps
271and maps created after the device has disappeared. If the underlying
272memory disappears, the map is created or modified such that reads and
273writes will still complete successfully but the result is undefined.
274This applies to both userspace mmap()'d memory and memory pointed to by
275dmabuf which might be mapped to other devices (cross-device dmabuf
276imports).
277
278Raising SIGBUS is not an option, because userspace cannot realistically
279handle it. Signal handlers are global, which makes them extremely
280difficult to use correctly from libraries like those that Mesa produces.
281Signal handlers are not composable, you can't have different handlers
282for GPU1 and GPU2 from different vendors, and a third handler for
283mmapped regular files. Threads cause additional pain with signal
284handling as well.
285
286.. _drm_driver_ioctl:
287
288IOCTL Support on Device Nodes
289=============================
290
291.. kernel-doc:: drivers/gpu/drm/drm_ioctl.c
292   :doc: driver specific ioctls
293
294Recommended IOCTL Return Values
295-------------------------------
296
297In theory a driver's IOCTL callback is only allowed to return very few error
298codes. In practice it's good to abuse a few more. This section documents common
299practice within the DRM subsystem:
300
301ENOENT:
302        Strictly this should only be used when a file doesn't exist e.g. when
303        calling the open() syscall. We reuse that to signal any kind of object
304        lookup failure, e.g. for unknown GEM buffer object handles, unknown KMS
305        object handles and similar cases.
306
307ENOSPC:
308        Some drivers use this to differentiate "out of kernel memory" from "out
309        of VRAM". Sometimes also applies to other limited gpu resources used for
310        rendering (e.g. when you have a special limited compression buffer).
311        Sometimes resource allocation/reservation issues in command submission
312        IOCTLs are also signalled through EDEADLK.
313
314        Simply running out of kernel/system memory is signalled through ENOMEM.
315
316EPERM/EACCES:
317        Returned for an operation that is valid, but needs more privileges.
318        E.g. root-only or much more common, DRM master-only operations return
319        this when called by unpriviledged clients. There's no clear
320        difference between EACCES and EPERM.
321
322ENODEV:
323        The device is not present anymore or is not yet fully initialized.
324
325EOPNOTSUPP:
326        Feature (like PRIME, modesetting, GEM) is not supported by the driver.
327
328ENXIO:
329        Remote failure, either a hardware transaction (like i2c), but also used
330        when the exporting driver of a shared dma-buf or fence doesn't support a
331        feature needed.
332
333EINTR:
334        DRM drivers assume that userspace restarts all IOCTLs. Any DRM IOCTL can
335        return EINTR and in such a case should be restarted with the IOCTL
336        parameters left unchanged.
337
338EIO:
339        The GPU died and couldn't be resurrected through a reset. Modesetting
340        hardware failures are signalled through the "link status" connector
341        property.
342
343EINVAL:
344        Catch-all for anything that is an invalid argument combination which
345        cannot work.
346
347IOCTL also use other error codes like ETIME, EFAULT, EBUSY, ENOTTY but their
348usage is in line with the common meanings. The above list tries to just document
349DRM specific patterns. Note that ENOTTY has the slightly unintuitive meaning of
350"this IOCTL does not exist", and is used exactly as such in DRM.
351
352.. kernel-doc:: include/drm/drm_ioctl.h
353   :internal:
354
355.. kernel-doc:: drivers/gpu/drm/drm_ioctl.c
356   :export:
357
358.. kernel-doc:: drivers/gpu/drm/drm_ioc32.c
359   :export:
360
361Testing and validation
362======================
363
364Testing Requirements for userspace API
365--------------------------------------
366
367New cross-driver userspace interface extensions, like new IOCTL, new KMS
368properties, new files in sysfs or anything else that constitutes an API change
369should have driver-agnostic testcases in IGT for that feature, if such a test
370can be reasonably made using IGT for the target hardware.
371
372Validating changes with IGT
373---------------------------
374
375There's a collection of tests that aims to cover the whole functionality of
376DRM drivers and that can be used to check that changes to DRM drivers or the
377core don't regress existing functionality. This test suite is called IGT and
378its code and instructions to build and run can be found in
379https://gitlab.freedesktop.org/drm/igt-gpu-tools/.
380
381Using VKMS to test DRM API
382--------------------------
383
384VKMS is a software-only model of a KMS driver that is useful for testing
385and for running compositors. VKMS aims to enable a virtual display without
386the need for a hardware display capability. These characteristics made VKMS
387a perfect tool for validating the DRM core behavior and also support the
388compositor developer. VKMS makes it possible to test DRM functions in a
389virtual machine without display, simplifying the validation of some of the
390core changes.
391
392To Validate changes in DRM API with VKMS, start setting the kernel: make
393sure to enable VKMS module; compile the kernel with the VKMS enabled and
394install it in the target machine. VKMS can be run in a Virtual Machine
395(QEMU, virtme or similar). It's recommended the use of KVM with the minimum
396of 1GB of RAM and four cores.
397
398It's possible to run the IGT-tests in a VM in two ways:
399
400	1. Use IGT inside a VM
401	2. Use IGT from the host machine and write the results in a shared directory.
402
403As follow, there is an example of using a VM with a shared directory with
404the host machine to run igt-tests. As an example it's used virtme::
405
406	$ virtme-run --rwdir /path/for/shared_dir --kdir=path/for/kernel/directory --mods=auto
407
408Run the igt-tests in the guest machine, as example it's ran the 'kms_flip'
409tests::
410
411	$ /path/for/igt-gpu-tools/scripts/run-tests.sh -p -s -t "kms_flip.*" -v
412
413In this example, instead of build the igt_runner, Piglit is used
414(-p option); it's created html summary of the tests results and it's saved
415in the folder "igt-gpu-tools/results"; it's executed only the igt-tests
416matching the -t option.
417
418Display CRC Support
419-------------------
420
421.. kernel-doc:: drivers/gpu/drm/drm_debugfs_crc.c
422   :doc: CRC ABI
423
424.. kernel-doc:: drivers/gpu/drm/drm_debugfs_crc.c
425   :export:
426
427Debugfs Support
428---------------
429
430.. kernel-doc:: include/drm/drm_debugfs.h
431   :internal:
432
433.. kernel-doc:: drivers/gpu/drm/drm_debugfs.c
434   :export:
435
436Sysfs Support
437=============
438
439.. kernel-doc:: drivers/gpu/drm/drm_sysfs.c
440   :doc: overview
441
442.. kernel-doc:: drivers/gpu/drm/drm_sysfs.c
443   :export:
444
445
446VBlank event handling
447=====================
448
449The DRM core exposes two vertical blank related ioctls:
450
451DRM_IOCTL_WAIT_VBLANK
452    This takes a struct drm_wait_vblank structure as its argument, and
453    it is used to block or request a signal when a specified vblank
454    event occurs.
455
456DRM_IOCTL_MODESET_CTL
457    This was only used for user-mode-settind drivers around modesetting
458    changes to allow the kernel to update the vblank interrupt after
459    mode setting, since on many devices the vertical blank counter is
460    reset to 0 at some point during modeset. Modern drivers should not
461    call this any more since with kernel mode setting it is a no-op.
462
463Userspace API Structures
464========================
465
466.. kernel-doc:: include/uapi/drm/drm_mode.h
467   :doc: overview
468
469.. _crtc_index:
470
471CRTC index
472----------
473
474CRTC's have both an object ID and an index, and they are not the same thing.
475The index is used in cases where a densely packed identifier for a CRTC is
476needed, for instance a bitmask of CRTC's. The member possible_crtcs of struct
477drm_mode_get_plane is an example.
478
479DRM_IOCTL_MODE_GETRESOURCES populates a structure with an array of CRTC ID's,
480and the CRTC index is its position in this array.
481
482.. kernel-doc:: include/uapi/drm/drm.h
483   :internal:
484
485.. kernel-doc:: include/uapi/drm/drm_mode.h
486   :internal:
487