1 // SPDX-License-Identifier: GPL-2.0 OR MIT 2 /* 3 * Copyright (c) 2006-2009 VMware, Inc., Palo Alto, CA., USA 4 * Copyright (c) 2012 David Airlie <airlied@linux.ie> 5 * Copyright (c) 2013 David Herrmann <dh.herrmann@gmail.com> 6 * 7 * Permission is hereby granted, free of charge, to any person obtaining a 8 * copy of this software and associated documentation files (the "Software"), 9 * to deal in the Software without restriction, including without limitation 10 * the rights to use, copy, modify, merge, publish, distribute, sublicense, 11 * and/or sell copies of the Software, and to permit persons to whom the 12 * Software is furnished to do so, subject to the following conditions: 13 * 14 * The above copyright notice and this permission notice shall be included in 15 * all copies or substantial portions of the Software. 16 * 17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 20 * THE COPYRIGHT HOLDER(S) OR AUTHOR(S) BE LIABLE FOR ANY CLAIM, DAMAGES OR 21 * OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, 22 * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR 23 * OTHER DEALINGS IN THE SOFTWARE. 24 */ 25 26 #include <linux/mm.h> 27 #include <linux/module.h> 28 #include <linux/rbtree.h> 29 #include <linux/slab.h> 30 #include <linux/spinlock.h> 31 #include <linux/types.h> 32 33 #include <drm/drm_mm.h> 34 #include <drm/drm_vma_manager.h> 35 36 /** 37 * DOC: vma offset manager 38 * 39 * The vma-manager is responsible to map arbitrary driver-dependent memory 40 * regions into the linear user address-space. It provides offsets to the 41 * caller which can then be used on the address_space of the drm-device. It 42 * takes care to not overlap regions, size them appropriately and to not 43 * confuse mm-core by inconsistent fake vm_pgoff fields. 44 * Drivers shouldn't use this for object placement in VMEM. This manager should 45 * only be used to manage mappings into linear user-space VMs. 46 * 47 * We use drm_mm as backend to manage object allocations. But it is highly 48 * optimized for alloc/free calls, not lookups. Hence, we use an rb-tree to 49 * speed up offset lookups. 50 * 51 * You must not use multiple offset managers on a single address_space. 52 * Otherwise, mm-core will be unable to tear down memory mappings as the VM will 53 * no longer be linear. 54 * 55 * This offset manager works on page-based addresses. That is, every argument 56 * and return code (with the exception of drm_vma_node_offset_addr()) is given 57 * in number of pages, not number of bytes. That means, object sizes and offsets 58 * must always be page-aligned (as usual). 59 * If you want to get a valid byte-based user-space address for a given offset, 60 * please see drm_vma_node_offset_addr(). 61 * 62 * Additionally to offset management, the vma offset manager also handles access 63 * management. For every open-file context that is allowed to access a given 64 * node, you must call drm_vma_node_allow(). Otherwise, an mmap() call on this 65 * open-file with the offset of the node will fail with -EACCES. To revoke 66 * access again, use drm_vma_node_revoke(). However, the caller is responsible 67 * for destroying already existing mappings, if required. 68 */ 69 70 /** 71 * drm_vma_offset_manager_init - Initialize new offset-manager 72 * @mgr: Manager object 73 * @page_offset: Offset of available memory area (page-based) 74 * @size: Size of available address space range (page-based) 75 * 76 * Initialize a new offset-manager. The offset and area size available for the 77 * manager are given as @page_offset and @size. Both are interpreted as 78 * page-numbers, not bytes. 79 * 80 * Adding/removing nodes from the manager is locked internally and protected 81 * against concurrent access. However, node allocation and destruction is left 82 * for the caller. While calling into the vma-manager, a given node must 83 * always be guaranteed to be referenced. 84 */ 85 void drm_vma_offset_manager_init(struct drm_vma_offset_manager *mgr, 86 unsigned long page_offset, unsigned long size) 87 { 88 rwlock_init(&mgr->vm_lock); 89 drm_mm_init(&mgr->vm_addr_space_mm, page_offset, size); 90 } 91 EXPORT_SYMBOL(drm_vma_offset_manager_init); 92 93 /** 94 * drm_vma_offset_manager_destroy() - Destroy offset manager 95 * @mgr: Manager object 96 * 97 * Destroy an object manager which was previously created via 98 * drm_vma_offset_manager_init(). The caller must remove all allocated nodes 99 * before destroying the manager. Otherwise, drm_mm will refuse to free the 100 * requested resources. 101 * 102 * The manager must not be accessed after this function is called. 103 */ 104 void drm_vma_offset_manager_destroy(struct drm_vma_offset_manager *mgr) 105 { 106 drm_mm_takedown(&mgr->vm_addr_space_mm); 107 } 108 EXPORT_SYMBOL(drm_vma_offset_manager_destroy); 109 110 /** 111 * drm_vma_offset_lookup_locked() - Find node in offset space 112 * @mgr: Manager object 113 * @start: Start address for object (page-based) 114 * @pages: Size of object (page-based) 115 * 116 * Find a node given a start address and object size. This returns the _best_ 117 * match for the given node. That is, @start may point somewhere into a valid 118 * region and the given node will be returned, as long as the node spans the 119 * whole requested area (given the size in number of pages as @pages). 120 * 121 * Note that before lookup the vma offset manager lookup lock must be acquired 122 * with drm_vma_offset_lock_lookup(). See there for an example. This can then be 123 * used to implement weakly referenced lookups using kref_get_unless_zero(). 124 * 125 * Example: 126 * 127 * :: 128 * 129 * drm_vma_offset_lock_lookup(mgr); 130 * node = drm_vma_offset_lookup_locked(mgr); 131 * if (node) 132 * kref_get_unless_zero(container_of(node, sth, entr)); 133 * drm_vma_offset_unlock_lookup(mgr); 134 * 135 * RETURNS: 136 * Returns NULL if no suitable node can be found. Otherwise, the best match 137 * is returned. It's the caller's responsibility to make sure the node doesn't 138 * get destroyed before the caller can access it. 139 */ 140 struct drm_vma_offset_node *drm_vma_offset_lookup_locked(struct drm_vma_offset_manager *mgr, 141 unsigned long start, 142 unsigned long pages) 143 { 144 struct drm_mm_node *node, *best; 145 struct rb_node *iter; 146 unsigned long offset; 147 148 iter = mgr->vm_addr_space_mm.interval_tree.rb_root.rb_node; 149 best = NULL; 150 151 while (likely(iter)) { 152 node = rb_entry(iter, struct drm_mm_node, rb); 153 offset = node->start; 154 if (start >= offset) { 155 iter = iter->rb_right; 156 best = node; 157 if (start == offset) 158 break; 159 } else { 160 iter = iter->rb_left; 161 } 162 } 163 164 /* verify that the node spans the requested area */ 165 if (best) { 166 offset = best->start + best->size; 167 if (offset < start + pages) 168 best = NULL; 169 } 170 171 if (!best) 172 return NULL; 173 174 return container_of(best, struct drm_vma_offset_node, vm_node); 175 } 176 EXPORT_SYMBOL(drm_vma_offset_lookup_locked); 177 178 /** 179 * drm_vma_offset_add() - Add offset node to manager 180 * @mgr: Manager object 181 * @node: Node to be added 182 * @pages: Allocation size visible to user-space (in number of pages) 183 * 184 * Add a node to the offset-manager. If the node was already added, this does 185 * nothing and return 0. @pages is the size of the object given in number of 186 * pages. 187 * After this call succeeds, you can access the offset of the node until it 188 * is removed again. 189 * 190 * If this call fails, it is safe to retry the operation or call 191 * drm_vma_offset_remove(), anyway. However, no cleanup is required in that 192 * case. 193 * 194 * @pages is not required to be the same size as the underlying memory object 195 * that you want to map. It only limits the size that user-space can map into 196 * their address space. 197 * 198 * RETURNS: 199 * 0 on success, negative error code on failure. 200 */ 201 int drm_vma_offset_add(struct drm_vma_offset_manager *mgr, 202 struct drm_vma_offset_node *node, unsigned long pages) 203 { 204 int ret = 0; 205 206 write_lock(&mgr->vm_lock); 207 208 if (!drm_mm_node_allocated(&node->vm_node)) 209 ret = drm_mm_insert_node(&mgr->vm_addr_space_mm, 210 &node->vm_node, pages); 211 212 write_unlock(&mgr->vm_lock); 213 214 return ret; 215 } 216 EXPORT_SYMBOL(drm_vma_offset_add); 217 218 /** 219 * drm_vma_offset_remove() - Remove offset node from manager 220 * @mgr: Manager object 221 * @node: Node to be removed 222 * 223 * Remove a node from the offset manager. If the node wasn't added before, this 224 * does nothing. After this call returns, the offset and size will be 0 until a 225 * new offset is allocated via drm_vma_offset_add() again. Helper functions like 226 * drm_vma_node_start() and drm_vma_node_offset_addr() will return 0 if no 227 * offset is allocated. 228 */ 229 void drm_vma_offset_remove(struct drm_vma_offset_manager *mgr, 230 struct drm_vma_offset_node *node) 231 { 232 write_lock(&mgr->vm_lock); 233 234 if (drm_mm_node_allocated(&node->vm_node)) { 235 drm_mm_remove_node(&node->vm_node); 236 memset(&node->vm_node, 0, sizeof(node->vm_node)); 237 } 238 239 write_unlock(&mgr->vm_lock); 240 } 241 EXPORT_SYMBOL(drm_vma_offset_remove); 242 243 static int vma_node_allow(struct drm_vma_offset_node *node, 244 struct drm_file *tag, bool ref_counted) 245 { 246 struct rb_node **iter; 247 struct rb_node *parent = NULL; 248 struct drm_vma_offset_file *new, *entry; 249 int ret = 0; 250 251 /* Preallocate entry to avoid atomic allocations below. It is quite 252 * unlikely that an open-file is added twice to a single node so we 253 * don't optimize for this case. OOM is checked below only if the entry 254 * is actually used. */ 255 new = kmalloc(sizeof(*entry), GFP_KERNEL); 256 257 write_lock(&node->vm_lock); 258 259 iter = &node->vm_files.rb_node; 260 261 while (likely(*iter)) { 262 parent = *iter; 263 entry = rb_entry(*iter, struct drm_vma_offset_file, vm_rb); 264 265 if (tag == entry->vm_tag) { 266 if (ref_counted) 267 entry->vm_count++; 268 goto unlock; 269 } else if (tag > entry->vm_tag) { 270 iter = &(*iter)->rb_right; 271 } else { 272 iter = &(*iter)->rb_left; 273 } 274 } 275 276 if (!new) { 277 ret = -ENOMEM; 278 goto unlock; 279 } 280 281 new->vm_tag = tag; 282 new->vm_count = 1; 283 rb_link_node(&new->vm_rb, parent, iter); 284 rb_insert_color(&new->vm_rb, &node->vm_files); 285 new = NULL; 286 287 unlock: 288 write_unlock(&node->vm_lock); 289 kfree(new); 290 return ret; 291 } 292 293 /** 294 * drm_vma_node_allow - Add open-file to list of allowed users 295 * @node: Node to modify 296 * @tag: Tag of file to remove 297 * 298 * Add @tag to the list of allowed open-files for this node. If @tag is 299 * already on this list, the ref-count is incremented. 300 * 301 * The list of allowed-users is preserved across drm_vma_offset_add() and 302 * drm_vma_offset_remove() calls. You may even call it if the node is currently 303 * not added to any offset-manager. 304 * 305 * You must remove all open-files the same number of times as you added them 306 * before destroying the node. Otherwise, you will leak memory. 307 * 308 * This is locked against concurrent access internally. 309 * 310 * RETURNS: 311 * 0 on success, negative error code on internal failure (out-of-mem) 312 */ 313 int drm_vma_node_allow(struct drm_vma_offset_node *node, struct drm_file *tag) 314 { 315 return vma_node_allow(node, tag, true); 316 } 317 EXPORT_SYMBOL(drm_vma_node_allow); 318 319 /** 320 * drm_vma_node_allow_once - Add open-file to list of allowed users 321 * @node: Node to modify 322 * @tag: Tag of file to remove 323 * 324 * Add @tag to the list of allowed open-files for this node. 325 * 326 * The list of allowed-users is preserved across drm_vma_offset_add() and 327 * drm_vma_offset_remove() calls. You may even call it if the node is currently 328 * not added to any offset-manager. 329 * 330 * This is not ref-counted unlike drm_vma_node_allow() hence drm_vma_node_revoke() 331 * should only be called once after this. 332 * 333 * This is locked against concurrent access internally. 334 * 335 * RETURNS: 336 * 0 on success, negative error code on internal failure (out-of-mem) 337 */ 338 int drm_vma_node_allow_once(struct drm_vma_offset_node *node, struct drm_file *tag) 339 { 340 return vma_node_allow(node, tag, false); 341 } 342 EXPORT_SYMBOL(drm_vma_node_allow_once); 343 344 /** 345 * drm_vma_node_revoke - Remove open-file from list of allowed users 346 * @node: Node to modify 347 * @tag: Tag of file to remove 348 * 349 * Decrement the ref-count of @tag in the list of allowed open-files on @node. 350 * If the ref-count drops to zero, remove @tag from the list. You must call 351 * this once for every drm_vma_node_allow() on @tag. 352 * 353 * This is locked against concurrent access internally. 354 * 355 * If @tag is not on the list, nothing is done. 356 */ 357 void drm_vma_node_revoke(struct drm_vma_offset_node *node, 358 struct drm_file *tag) 359 { 360 struct drm_vma_offset_file *entry; 361 struct rb_node *iter; 362 363 write_lock(&node->vm_lock); 364 365 iter = node->vm_files.rb_node; 366 while (likely(iter)) { 367 entry = rb_entry(iter, struct drm_vma_offset_file, vm_rb); 368 if (tag == entry->vm_tag) { 369 if (!--entry->vm_count) { 370 rb_erase(&entry->vm_rb, &node->vm_files); 371 kfree(entry); 372 } 373 break; 374 } else if (tag > entry->vm_tag) { 375 iter = iter->rb_right; 376 } else { 377 iter = iter->rb_left; 378 } 379 } 380 381 write_unlock(&node->vm_lock); 382 } 383 EXPORT_SYMBOL(drm_vma_node_revoke); 384 385 /** 386 * drm_vma_node_is_allowed - Check whether an open-file is granted access 387 * @node: Node to check 388 * @tag: Tag of file to remove 389 * 390 * Search the list in @node whether @tag is currently on the list of allowed 391 * open-files (see drm_vma_node_allow()). 392 * 393 * This is locked against concurrent access internally. 394 * 395 * RETURNS: 396 * true if @filp is on the list 397 */ 398 bool drm_vma_node_is_allowed(struct drm_vma_offset_node *node, 399 struct drm_file *tag) 400 { 401 struct drm_vma_offset_file *entry; 402 struct rb_node *iter; 403 404 read_lock(&node->vm_lock); 405 406 iter = node->vm_files.rb_node; 407 while (likely(iter)) { 408 entry = rb_entry(iter, struct drm_vma_offset_file, vm_rb); 409 if (tag == entry->vm_tag) 410 break; 411 else if (tag > entry->vm_tag) 412 iter = iter->rb_right; 413 else 414 iter = iter->rb_left; 415 } 416 417 read_unlock(&node->vm_lock); 418 419 return iter; 420 } 421 EXPORT_SYMBOL(drm_vma_node_is_allowed); 422