1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Copyright (C) 2013 Red Hat 4 * Author: Rob Clark <robdclark@gmail.com> 5 */ 6 7 #include <linux/dma-map-ops.h> 8 #include <linux/vmalloc.h> 9 #include <linux/spinlock.h> 10 #include <linux/shmem_fs.h> 11 #include <linux/dma-buf.h> 12 #include <linux/pfn_t.h> 13 14 #include <drm/drm_prime.h> 15 #include <drm/drm_file.h> 16 17 #include <trace/events/gpu_mem.h> 18 19 #include "msm_drv.h" 20 #include "msm_gem.h" 21 #include "msm_gpu.h" 22 #include "msm_kms.h" 23 24 static void update_device_mem(struct msm_drm_private *priv, ssize_t size) 25 { 26 uint64_t total_mem = atomic64_add_return(size, &priv->total_mem); 27 trace_gpu_mem_total(0, 0, total_mem); 28 } 29 30 static void update_ctx_mem(struct drm_file *file, ssize_t size) 31 { 32 struct msm_context *ctx = file->driver_priv; 33 uint64_t ctx_mem = atomic64_add_return(size, &ctx->ctx_mem); 34 35 rcu_read_lock(); /* Locks file->pid! */ 36 trace_gpu_mem_total(0, pid_nr(rcu_dereference(file->pid)), ctx_mem); 37 rcu_read_unlock(); 38 39 } 40 41 static int msm_gem_open(struct drm_gem_object *obj, struct drm_file *file) 42 { 43 msm_gem_vma_get(obj); 44 update_ctx_mem(file, obj->size); 45 return 0; 46 } 47 48 static void put_iova_spaces(struct drm_gem_object *obj, struct drm_gpuvm *vm, 49 bool close, const char *reason); 50 51 static void msm_gem_close(struct drm_gem_object *obj, struct drm_file *file) 52 { 53 struct msm_context *ctx = file->driver_priv; 54 struct drm_exec exec; 55 56 update_ctx_mem(file, -obj->size); 57 msm_gem_vma_put(obj); 58 59 /* 60 * If VM isn't created yet, nothing to cleanup. And in fact calling 61 * put_iova_spaces() with vm=NULL would be bad, in that it will tear- 62 * down the mappings of shared buffers in other contexts. 63 */ 64 if (!ctx->vm) 65 return; 66 67 /* 68 * VM_BIND does not depend on implicit teardown of VMAs on handle 69 * close, but instead on implicit teardown of the VM when the device 70 * is closed (see msm_gem_vm_close()) 71 */ 72 if (msm_context_is_vmbind(ctx)) 73 return; 74 75 /* 76 * TODO we might need to kick this to a queue to avoid blocking 77 * in CLOSE ioctl 78 */ 79 dma_resv_wait_timeout(obj->resv, DMA_RESV_USAGE_BOOKKEEP, false, 80 MAX_SCHEDULE_TIMEOUT); 81 82 msm_gem_lock_vm_and_obj(&exec, obj, ctx->vm); 83 put_iova_spaces(obj, ctx->vm, true, "close"); 84 drm_exec_fini(&exec); /* drop locks */ 85 } 86 87 /* 88 * Get/put for kms->vm VMA 89 */ 90 91 void msm_gem_vma_get(struct drm_gem_object *obj) 92 { 93 atomic_inc(&to_msm_bo(obj)->vma_ref); 94 } 95 96 void msm_gem_vma_put(struct drm_gem_object *obj) 97 { 98 struct msm_drm_private *priv = obj->dev->dev_private; 99 struct drm_exec exec; 100 101 if (atomic_dec_return(&to_msm_bo(obj)->vma_ref)) 102 return; 103 104 if (!priv->kms) 105 return; 106 107 msm_gem_lock_vm_and_obj(&exec, obj, priv->kms->vm); 108 put_iova_spaces(obj, priv->kms->vm, true, "vma_put"); 109 drm_exec_fini(&exec); /* drop locks */ 110 } 111 112 /* 113 * Cache sync.. this is a bit over-complicated, to fit dma-mapping 114 * API. Really GPU cache is out of scope here (handled on cmdstream) 115 * and all we need to do is invalidate newly allocated pages before 116 * mapping to CPU as uncached/writecombine. 117 * 118 * On top of this, we have the added headache, that depending on 119 * display generation, the display's iommu may be wired up to either 120 * the toplevel drm device (mdss), or to the mdp sub-node, meaning 121 * that here we either have dma-direct or iommu ops. 122 * 123 * Let this be a cautionary tail of abstraction gone wrong. 124 */ 125 126 static void sync_for_device(struct msm_gem_object *msm_obj) 127 { 128 struct device *dev = msm_obj->base.dev->dev; 129 130 dma_map_sgtable(dev, msm_obj->sgt, DMA_BIDIRECTIONAL, 0); 131 } 132 133 static void sync_for_cpu(struct msm_gem_object *msm_obj) 134 { 135 struct device *dev = msm_obj->base.dev->dev; 136 137 dma_unmap_sgtable(dev, msm_obj->sgt, DMA_BIDIRECTIONAL, 0); 138 } 139 140 static void update_lru_active(struct drm_gem_object *obj) 141 { 142 struct msm_drm_private *priv = obj->dev->dev_private; 143 struct msm_gem_object *msm_obj = to_msm_bo(obj); 144 145 GEM_WARN_ON(!msm_obj->pages); 146 147 if (msm_obj->pin_count) { 148 drm_gem_lru_move_tail_locked(&priv->lru.pinned, obj); 149 } else if (msm_obj->madv == MSM_MADV_WILLNEED) { 150 drm_gem_lru_move_tail_locked(&priv->lru.willneed, obj); 151 } else { 152 GEM_WARN_ON(msm_obj->madv != MSM_MADV_DONTNEED); 153 154 drm_gem_lru_move_tail_locked(&priv->lru.dontneed, obj); 155 } 156 } 157 158 static void update_lru_locked(struct drm_gem_object *obj) 159 { 160 struct msm_drm_private *priv = obj->dev->dev_private; 161 struct msm_gem_object *msm_obj = to_msm_bo(obj); 162 163 msm_gem_assert_locked(&msm_obj->base); 164 165 if (!msm_obj->pages) { 166 GEM_WARN_ON(msm_obj->pin_count); 167 168 drm_gem_lru_move_tail_locked(&priv->lru.unbacked, obj); 169 } else { 170 update_lru_active(obj); 171 } 172 } 173 174 static void update_lru(struct drm_gem_object *obj) 175 { 176 struct msm_drm_private *priv = obj->dev->dev_private; 177 178 mutex_lock(&priv->lru.lock); 179 update_lru_locked(obj); 180 mutex_unlock(&priv->lru.lock); 181 } 182 183 static struct page **get_pages(struct drm_gem_object *obj) 184 { 185 struct msm_gem_object *msm_obj = to_msm_bo(obj); 186 187 msm_gem_assert_locked(obj); 188 189 if (!msm_obj->pages) { 190 struct drm_device *dev = obj->dev; 191 struct page **p; 192 int npages = obj->size >> PAGE_SHIFT; 193 194 p = drm_gem_get_pages(obj); 195 196 if (IS_ERR(p)) { 197 DRM_DEV_ERROR(dev->dev, "could not get pages: %ld\n", 198 PTR_ERR(p)); 199 return p; 200 } 201 202 update_device_mem(dev->dev_private, obj->size); 203 204 msm_obj->pages = p; 205 206 msm_obj->sgt = drm_prime_pages_to_sg(obj->dev, p, npages); 207 if (IS_ERR(msm_obj->sgt)) { 208 void *ptr = ERR_CAST(msm_obj->sgt); 209 210 DRM_DEV_ERROR(dev->dev, "failed to allocate sgt\n"); 211 msm_obj->sgt = NULL; 212 return ptr; 213 } 214 215 /* For non-cached buffers, ensure the new pages are clean 216 * because display controller, GPU, etc. are not coherent: 217 */ 218 if (msm_obj->flags & MSM_BO_WC) 219 sync_for_device(msm_obj); 220 221 update_lru(obj); 222 } 223 224 return msm_obj->pages; 225 } 226 227 static void put_pages(struct drm_gem_object *obj) 228 { 229 struct msm_gem_object *msm_obj = to_msm_bo(obj); 230 231 /* 232 * Skip gpuvm in the object free path to avoid a WARN_ON() splat. 233 * See explaination in msm_gem_assert_locked() 234 */ 235 if (kref_read(&obj->refcount)) 236 drm_gpuvm_bo_gem_evict(obj, true); 237 238 if (msm_obj->pages) { 239 if (msm_obj->sgt) { 240 /* For non-cached buffers, ensure the new 241 * pages are clean because display controller, 242 * GPU, etc. are not coherent: 243 */ 244 if (msm_obj->flags & MSM_BO_WC) 245 sync_for_cpu(msm_obj); 246 247 sg_free_table(msm_obj->sgt); 248 kfree(msm_obj->sgt); 249 msm_obj->sgt = NULL; 250 } 251 252 update_device_mem(obj->dev->dev_private, -obj->size); 253 254 drm_gem_put_pages(obj, msm_obj->pages, true, false); 255 256 msm_obj->pages = NULL; 257 update_lru(obj); 258 } 259 } 260 261 struct page **msm_gem_get_pages_locked(struct drm_gem_object *obj, unsigned madv) 262 { 263 struct msm_gem_object *msm_obj = to_msm_bo(obj); 264 265 msm_gem_assert_locked(obj); 266 267 if (msm_obj->madv > madv) { 268 DRM_DEV_DEBUG_DRIVER(obj->dev->dev, "Invalid madv state: %u vs %u\n", 269 msm_obj->madv, madv); 270 return ERR_PTR(-EBUSY); 271 } 272 273 return get_pages(obj); 274 } 275 276 /* 277 * Update the pin count of the object, call under lru.lock 278 */ 279 void msm_gem_pin_obj_locked(struct drm_gem_object *obj) 280 { 281 struct msm_drm_private *priv = obj->dev->dev_private; 282 283 msm_gem_assert_locked(obj); 284 285 to_msm_bo(obj)->pin_count++; 286 drm_gem_lru_move_tail_locked(&priv->lru.pinned, obj); 287 } 288 289 static void pin_obj_locked(struct drm_gem_object *obj) 290 { 291 struct msm_drm_private *priv = obj->dev->dev_private; 292 293 mutex_lock(&priv->lru.lock); 294 msm_gem_pin_obj_locked(obj); 295 mutex_unlock(&priv->lru.lock); 296 } 297 298 struct page **msm_gem_pin_pages_locked(struct drm_gem_object *obj) 299 { 300 struct page **p; 301 302 msm_gem_assert_locked(obj); 303 304 p = msm_gem_get_pages_locked(obj, MSM_MADV_WILLNEED); 305 if (!IS_ERR(p)) 306 pin_obj_locked(obj); 307 308 return p; 309 } 310 311 void msm_gem_unpin_pages_locked(struct drm_gem_object *obj) 312 { 313 msm_gem_assert_locked(obj); 314 315 msm_gem_unpin_locked(obj); 316 } 317 318 static pgprot_t msm_gem_pgprot(struct msm_gem_object *msm_obj, pgprot_t prot) 319 { 320 if (msm_obj->flags & MSM_BO_WC) 321 return pgprot_writecombine(prot); 322 return prot; 323 } 324 325 static vm_fault_t msm_gem_fault(struct vm_fault *vmf) 326 { 327 struct vm_area_struct *vma = vmf->vma; 328 struct drm_gem_object *obj = vma->vm_private_data; 329 struct msm_gem_object *msm_obj = to_msm_bo(obj); 330 struct page **pages; 331 unsigned long pfn; 332 pgoff_t pgoff; 333 int err; 334 vm_fault_t ret; 335 336 /* 337 * vm_ops.open/drm_gem_mmap_obj and close get and put 338 * a reference on obj. So, we dont need to hold one here. 339 */ 340 err = msm_gem_lock_interruptible(obj); 341 if (err) { 342 ret = VM_FAULT_NOPAGE; 343 goto out; 344 } 345 346 if (GEM_WARN_ON(msm_obj->madv != MSM_MADV_WILLNEED)) { 347 msm_gem_unlock(obj); 348 return VM_FAULT_SIGBUS; 349 } 350 351 /* make sure we have pages attached now */ 352 pages = get_pages(obj); 353 if (IS_ERR(pages)) { 354 ret = vmf_error(PTR_ERR(pages)); 355 goto out_unlock; 356 } 357 358 /* We don't use vmf->pgoff since that has the fake offset: */ 359 pgoff = (vmf->address - vma->vm_start) >> PAGE_SHIFT; 360 361 pfn = page_to_pfn(pages[pgoff]); 362 363 VERB("Inserting %p pfn %lx, pa %lx", (void *)vmf->address, 364 pfn, pfn << PAGE_SHIFT); 365 366 ret = vmf_insert_pfn(vma, vmf->address, pfn); 367 368 out_unlock: 369 msm_gem_unlock(obj); 370 out: 371 return ret; 372 } 373 374 /** get mmap offset */ 375 static uint64_t mmap_offset(struct drm_gem_object *obj) 376 { 377 struct drm_device *dev = obj->dev; 378 int ret; 379 380 msm_gem_assert_locked(obj); 381 382 /* Make it mmapable */ 383 ret = drm_gem_create_mmap_offset(obj); 384 385 if (ret) { 386 DRM_DEV_ERROR(dev->dev, "could not allocate mmap offset\n"); 387 return 0; 388 } 389 390 return drm_vma_node_offset_addr(&obj->vma_node); 391 } 392 393 uint64_t msm_gem_mmap_offset(struct drm_gem_object *obj) 394 { 395 uint64_t offset; 396 397 msm_gem_lock(obj); 398 offset = mmap_offset(obj); 399 msm_gem_unlock(obj); 400 return offset; 401 } 402 403 static struct drm_gpuva *lookup_vma(struct drm_gem_object *obj, 404 struct drm_gpuvm *vm) 405 { 406 struct drm_gpuvm_bo *vm_bo; 407 408 msm_gem_assert_locked(obj); 409 410 drm_gem_for_each_gpuvm_bo (vm_bo, obj) { 411 struct drm_gpuva *vma; 412 413 drm_gpuvm_bo_for_each_va (vma, vm_bo) { 414 if (vma->vm == vm) { 415 /* lookup_vma() should only be used in paths 416 * with at most one vma per vm 417 */ 418 GEM_WARN_ON(!list_is_singular(&vm_bo->list.gpuva)); 419 420 return vma; 421 } 422 } 423 } 424 425 return NULL; 426 } 427 428 /* 429 * If close is true, this also closes the VMA (releasing the allocated 430 * iova range) in addition to removing the iommu mapping. In the eviction 431 * case (!close), we keep the iova allocated, but only remove the iommu 432 * mapping. 433 */ 434 static void 435 put_iova_spaces(struct drm_gem_object *obj, struct drm_gpuvm *vm, 436 bool close, const char *reason) 437 { 438 struct drm_gpuvm_bo *vm_bo, *tmp; 439 440 msm_gem_assert_locked(obj); 441 442 drm_gem_for_each_gpuvm_bo_safe (vm_bo, tmp, obj) { 443 struct drm_gpuva *vma, *vmatmp; 444 445 if (vm && vm_bo->vm != vm) 446 continue; 447 448 drm_gpuvm_bo_get(vm_bo); 449 450 drm_gpuvm_bo_for_each_va_safe (vma, vmatmp, vm_bo) { 451 msm_gem_vma_unmap(vma, reason); 452 if (close) 453 msm_gem_vma_close(vma); 454 } 455 456 drm_gpuvm_bo_put(vm_bo); 457 } 458 } 459 460 static struct drm_gpuva *get_vma_locked(struct drm_gem_object *obj, 461 struct drm_gpuvm *vm, u64 range_start, 462 u64 range_end) 463 { 464 struct drm_gpuva *vma; 465 466 msm_gem_assert_locked(obj); 467 468 vma = lookup_vma(obj, vm); 469 470 if (!vma) { 471 vma = msm_gem_vma_new(vm, obj, 0, range_start, range_end); 472 } else { 473 GEM_WARN_ON(vma->va.addr < range_start); 474 GEM_WARN_ON((vma->va.addr + obj->size) > range_end); 475 } 476 477 return vma; 478 } 479 480 int msm_gem_prot(struct drm_gem_object *obj) 481 { 482 struct msm_gem_object *msm_obj = to_msm_bo(obj); 483 int prot = IOMMU_READ; 484 485 if (!(msm_obj->flags & MSM_BO_GPU_READONLY)) 486 prot |= IOMMU_WRITE; 487 488 if (msm_obj->flags & MSM_BO_MAP_PRIV) 489 prot |= IOMMU_PRIV; 490 491 if (msm_obj->flags & MSM_BO_CACHED_COHERENT) 492 prot |= IOMMU_CACHE; 493 494 return prot; 495 } 496 497 int msm_gem_pin_vma_locked(struct drm_gem_object *obj, struct drm_gpuva *vma) 498 { 499 struct msm_gem_object *msm_obj = to_msm_bo(obj); 500 struct page **pages; 501 int prot = msm_gem_prot(obj); 502 503 msm_gem_assert_locked(obj); 504 505 pages = msm_gem_get_pages_locked(obj, MSM_MADV_WILLNEED); 506 if (IS_ERR(pages)) 507 return PTR_ERR(pages); 508 509 return msm_gem_vma_map(vma, prot, msm_obj->sgt); 510 } 511 512 void msm_gem_unpin_locked(struct drm_gem_object *obj) 513 { 514 struct msm_drm_private *priv = obj->dev->dev_private; 515 struct msm_gem_object *msm_obj = to_msm_bo(obj); 516 517 msm_gem_assert_locked(obj); 518 519 mutex_lock(&priv->lru.lock); 520 msm_obj->pin_count--; 521 GEM_WARN_ON(msm_obj->pin_count < 0); 522 update_lru_locked(obj); 523 mutex_unlock(&priv->lru.lock); 524 } 525 526 /* Special unpin path for use in fence-signaling path, avoiding the need 527 * to hold the obj lock by only depending on things that a protected by 528 * the LRU lock. In particular we know that that we already have backing 529 * and and that the object's dma_resv has the fence for the current 530 * submit/job which will prevent us racing against page eviction. 531 */ 532 void msm_gem_unpin_active(struct drm_gem_object *obj) 533 { 534 struct msm_gem_object *msm_obj = to_msm_bo(obj); 535 536 msm_obj->pin_count--; 537 GEM_WARN_ON(msm_obj->pin_count < 0); 538 update_lru_active(obj); 539 } 540 541 struct drm_gpuva *msm_gem_get_vma_locked(struct drm_gem_object *obj, 542 struct drm_gpuvm *vm) 543 { 544 return get_vma_locked(obj, vm, 0, U64_MAX); 545 } 546 547 static int get_and_pin_iova_range_locked(struct drm_gem_object *obj, 548 struct drm_gpuvm *vm, uint64_t *iova, 549 u64 range_start, u64 range_end) 550 { 551 struct drm_gpuva *vma; 552 int ret; 553 554 msm_gem_assert_locked(obj); 555 556 if (to_msm_bo(obj)->flags & MSM_BO_NO_SHARE) 557 return -EINVAL; 558 559 vma = get_vma_locked(obj, vm, range_start, range_end); 560 if (IS_ERR(vma)) 561 return PTR_ERR(vma); 562 563 ret = msm_gem_pin_vma_locked(obj, vma); 564 if (!ret) { 565 *iova = vma->va.addr; 566 pin_obj_locked(obj); 567 } 568 569 return ret; 570 } 571 572 /* 573 * get iova and pin it. Should have a matching put 574 * limits iova to specified range (in pages) 575 */ 576 int msm_gem_get_and_pin_iova_range(struct drm_gem_object *obj, 577 struct drm_gpuvm *vm, uint64_t *iova, 578 u64 range_start, u64 range_end) 579 { 580 struct drm_exec exec; 581 int ret; 582 583 msm_gem_lock_vm_and_obj(&exec, obj, vm); 584 ret = get_and_pin_iova_range_locked(obj, vm, iova, range_start, range_end); 585 drm_exec_fini(&exec); /* drop locks */ 586 587 return ret; 588 } 589 590 /* get iova and pin it. Should have a matching put */ 591 int msm_gem_get_and_pin_iova(struct drm_gem_object *obj, struct drm_gpuvm *vm, 592 uint64_t *iova) 593 { 594 return msm_gem_get_and_pin_iova_range(obj, vm, iova, 0, U64_MAX); 595 } 596 597 /* 598 * Get an iova but don't pin it. Doesn't need a put because iovas are currently 599 * valid for the life of the object 600 */ 601 int msm_gem_get_iova(struct drm_gem_object *obj, struct drm_gpuvm *vm, 602 uint64_t *iova) 603 { 604 struct drm_gpuva *vma; 605 struct drm_exec exec; 606 int ret = 0; 607 608 msm_gem_lock_vm_and_obj(&exec, obj, vm); 609 vma = get_vma_locked(obj, vm, 0, U64_MAX); 610 if (IS_ERR(vma)) { 611 ret = PTR_ERR(vma); 612 } else { 613 *iova = vma->va.addr; 614 } 615 drm_exec_fini(&exec); /* drop locks */ 616 617 return ret; 618 } 619 620 static int clear_iova(struct drm_gem_object *obj, 621 struct drm_gpuvm *vm) 622 { 623 struct drm_gpuva *vma = lookup_vma(obj, vm); 624 625 if (!vma) 626 return 0; 627 628 msm_gem_vma_unmap(vma, NULL); 629 msm_gem_vma_close(vma); 630 631 return 0; 632 } 633 634 /* 635 * Get the requested iova but don't pin it. Fails if the requested iova is 636 * not available. Doesn't need a put because iovas are currently valid for 637 * the life of the object. 638 * 639 * Setting an iova of zero will clear the vma. 640 */ 641 int msm_gem_set_iova(struct drm_gem_object *obj, 642 struct drm_gpuvm *vm, uint64_t iova) 643 { 644 struct drm_exec exec; 645 int ret = 0; 646 647 msm_gem_lock_vm_and_obj(&exec, obj, vm); 648 if (!iova) { 649 ret = clear_iova(obj, vm); 650 } else { 651 struct drm_gpuva *vma; 652 vma = get_vma_locked(obj, vm, iova, iova + obj->size); 653 if (IS_ERR(vma)) { 654 ret = PTR_ERR(vma); 655 } else if (GEM_WARN_ON(vma->va.addr != iova)) { 656 clear_iova(obj, vm); 657 ret = -EBUSY; 658 } 659 } 660 drm_exec_fini(&exec); /* drop locks */ 661 662 return ret; 663 } 664 665 static bool is_kms_vm(struct drm_gpuvm *vm) 666 { 667 struct msm_drm_private *priv = vm->drm->dev_private; 668 669 return priv->kms && (priv->kms->vm == vm); 670 } 671 672 /* 673 * Unpin a iova by updating the reference counts. The memory isn't actually 674 * purged until something else (shrinker, mm_notifier, destroy, etc) decides 675 * to get rid of it 676 */ 677 void msm_gem_unpin_iova(struct drm_gem_object *obj, struct drm_gpuvm *vm) 678 { 679 struct drm_gpuva *vma; 680 struct drm_exec exec; 681 682 msm_gem_lock_vm_and_obj(&exec, obj, vm); 683 vma = lookup_vma(obj, vm); 684 if (vma) { 685 msm_gem_unpin_locked(obj); 686 } 687 if (!is_kms_vm(vm)) 688 put_iova_spaces(obj, vm, true, "close"); 689 drm_exec_fini(&exec); /* drop locks */ 690 } 691 692 int msm_gem_dumb_create(struct drm_file *file, struct drm_device *dev, 693 struct drm_mode_create_dumb *args) 694 { 695 args->pitch = align_pitch(args->width, args->bpp); 696 args->size = PAGE_ALIGN(args->pitch * args->height); 697 return msm_gem_new_handle(dev, file, args->size, 698 MSM_BO_SCANOUT | MSM_BO_WC, &args->handle, "dumb"); 699 } 700 701 int msm_gem_dumb_map_offset(struct drm_file *file, struct drm_device *dev, 702 uint32_t handle, uint64_t *offset) 703 { 704 struct drm_gem_object *obj; 705 int ret = 0; 706 707 /* GEM does all our handle to object mapping */ 708 obj = drm_gem_object_lookup(file, handle); 709 if (obj == NULL) { 710 ret = -ENOENT; 711 goto fail; 712 } 713 714 *offset = msm_gem_mmap_offset(obj); 715 716 drm_gem_object_put(obj); 717 718 fail: 719 return ret; 720 } 721 722 static void *get_vaddr(struct drm_gem_object *obj, unsigned madv) 723 { 724 struct msm_gem_object *msm_obj = to_msm_bo(obj); 725 struct page **pages; 726 int ret = 0; 727 728 msm_gem_assert_locked(obj); 729 730 if (drm_gem_is_imported(obj)) 731 return ERR_PTR(-ENODEV); 732 733 pages = msm_gem_get_pages_locked(obj, madv); 734 if (IS_ERR(pages)) 735 return ERR_CAST(pages); 736 737 pin_obj_locked(obj); 738 739 /* increment vmap_count *before* vmap() call, so shrinker can 740 * check vmap_count (is_vunmapable()) outside of msm_obj lock. 741 * This guarantees that we won't try to msm_gem_vunmap() this 742 * same object from within the vmap() call (while we already 743 * hold msm_obj lock) 744 */ 745 msm_obj->vmap_count++; 746 747 if (!msm_obj->vaddr) { 748 msm_obj->vaddr = vmap(pages, obj->size >> PAGE_SHIFT, 749 VM_MAP, msm_gem_pgprot(msm_obj, PAGE_KERNEL)); 750 if (msm_obj->vaddr == NULL) { 751 ret = -ENOMEM; 752 goto fail; 753 } 754 } 755 756 return msm_obj->vaddr; 757 758 fail: 759 msm_obj->vmap_count--; 760 msm_gem_unpin_locked(obj); 761 return ERR_PTR(ret); 762 } 763 764 void *msm_gem_get_vaddr_locked(struct drm_gem_object *obj) 765 { 766 return get_vaddr(obj, MSM_MADV_WILLNEED); 767 } 768 769 void *msm_gem_get_vaddr(struct drm_gem_object *obj) 770 { 771 void *ret; 772 773 msm_gem_lock(obj); 774 ret = msm_gem_get_vaddr_locked(obj); 775 msm_gem_unlock(obj); 776 777 return ret; 778 } 779 780 /* 781 * Don't use this! It is for the very special case of dumping 782 * submits from GPU hangs or faults, were the bo may already 783 * be MSM_MADV_DONTNEED, but we know the buffer is still on the 784 * active list. 785 */ 786 void *msm_gem_get_vaddr_active(struct drm_gem_object *obj) 787 { 788 return get_vaddr(obj, __MSM_MADV_PURGED); 789 } 790 791 void msm_gem_put_vaddr_locked(struct drm_gem_object *obj) 792 { 793 struct msm_gem_object *msm_obj = to_msm_bo(obj); 794 795 msm_gem_assert_locked(obj); 796 GEM_WARN_ON(msm_obj->vmap_count < 1); 797 798 msm_obj->vmap_count--; 799 msm_gem_unpin_locked(obj); 800 } 801 802 void msm_gem_put_vaddr(struct drm_gem_object *obj) 803 { 804 msm_gem_lock(obj); 805 msm_gem_put_vaddr_locked(obj); 806 msm_gem_unlock(obj); 807 } 808 809 /* Update madvise status, returns true if not purged, else 810 * false or -errno. 811 */ 812 int msm_gem_madvise(struct drm_gem_object *obj, unsigned madv) 813 { 814 struct msm_drm_private *priv = obj->dev->dev_private; 815 struct msm_gem_object *msm_obj = to_msm_bo(obj); 816 817 msm_gem_lock(obj); 818 819 mutex_lock(&priv->lru.lock); 820 821 if (msm_obj->madv != __MSM_MADV_PURGED) 822 msm_obj->madv = madv; 823 824 madv = msm_obj->madv; 825 826 /* If the obj is inactive, we might need to move it 827 * between inactive lists 828 */ 829 update_lru_locked(obj); 830 831 mutex_unlock(&priv->lru.lock); 832 833 msm_gem_unlock(obj); 834 835 return (madv != __MSM_MADV_PURGED); 836 } 837 838 void msm_gem_purge(struct drm_gem_object *obj) 839 { 840 struct drm_device *dev = obj->dev; 841 struct msm_drm_private *priv = obj->dev->dev_private; 842 struct msm_gem_object *msm_obj = to_msm_bo(obj); 843 844 msm_gem_assert_locked(obj); 845 GEM_WARN_ON(!is_purgeable(msm_obj)); 846 847 /* Get rid of any iommu mapping(s): */ 848 put_iova_spaces(obj, NULL, false, "purge"); 849 850 msm_gem_vunmap(obj); 851 852 drm_vma_node_unmap(&obj->vma_node, dev->anon_inode->i_mapping); 853 854 put_pages(obj); 855 856 mutex_lock(&priv->lru.lock); 857 /* A one-way transition: */ 858 msm_obj->madv = __MSM_MADV_PURGED; 859 mutex_unlock(&priv->lru.lock); 860 861 drm_gem_free_mmap_offset(obj); 862 863 /* Our goal here is to return as much of the memory as 864 * is possible back to the system as we are called from OOM. 865 * To do this we must instruct the shmfs to drop all of its 866 * backing pages, *now*. 867 */ 868 shmem_truncate_range(file_inode(obj->filp), 0, (loff_t)-1); 869 870 invalidate_mapping_pages(file_inode(obj->filp)->i_mapping, 871 0, (loff_t)-1); 872 } 873 874 /* 875 * Unpin the backing pages and make them available to be swapped out. 876 */ 877 void msm_gem_evict(struct drm_gem_object *obj) 878 { 879 struct drm_device *dev = obj->dev; 880 struct msm_gem_object *msm_obj = to_msm_bo(obj); 881 882 msm_gem_assert_locked(obj); 883 GEM_WARN_ON(is_unevictable(msm_obj)); 884 885 /* Get rid of any iommu mapping(s): */ 886 put_iova_spaces(obj, NULL, false, "evict"); 887 888 drm_vma_node_unmap(&obj->vma_node, dev->anon_inode->i_mapping); 889 890 put_pages(obj); 891 } 892 893 void msm_gem_vunmap(struct drm_gem_object *obj) 894 { 895 struct msm_gem_object *msm_obj = to_msm_bo(obj); 896 897 msm_gem_assert_locked(obj); 898 899 if (!msm_obj->vaddr || GEM_WARN_ON(!is_vunmapable(msm_obj))) 900 return; 901 902 vunmap(msm_obj->vaddr); 903 msm_obj->vaddr = NULL; 904 } 905 906 bool msm_gem_active(struct drm_gem_object *obj) 907 { 908 msm_gem_assert_locked(obj); 909 910 if (to_msm_bo(obj)->pin_count) 911 return true; 912 913 return !dma_resv_test_signaled(obj->resv, DMA_RESV_USAGE_BOOKKEEP); 914 } 915 916 int msm_gem_cpu_prep(struct drm_gem_object *obj, uint32_t op, ktime_t *timeout) 917 { 918 bool write = !!(op & MSM_PREP_WRITE); 919 unsigned long remain = 920 op & MSM_PREP_NOSYNC ? 0 : timeout_to_jiffies(timeout); 921 long ret; 922 923 if (op & MSM_PREP_BOOST) { 924 dma_resv_set_deadline(obj->resv, dma_resv_usage_rw(write), 925 ktime_get()); 926 } 927 928 ret = dma_resv_wait_timeout(obj->resv, dma_resv_usage_rw(write), 929 true, remain); 930 if (ret == 0) 931 return remain == 0 ? -EBUSY : -ETIMEDOUT; 932 else if (ret < 0) 933 return ret; 934 935 /* TODO cache maintenance */ 936 937 return 0; 938 } 939 940 int msm_gem_cpu_fini(struct drm_gem_object *obj) 941 { 942 /* TODO cache maintenance */ 943 return 0; 944 } 945 946 #ifdef CONFIG_DEBUG_FS 947 void msm_gem_describe(struct drm_gem_object *obj, struct seq_file *m, 948 struct msm_gem_stats *stats) 949 { 950 struct msm_gem_object *msm_obj = to_msm_bo(obj); 951 struct dma_resv *robj = obj->resv; 952 uint64_t off = drm_vma_node_start(&obj->vma_node); 953 const char *madv; 954 955 if (!msm_gem_trylock(obj)) 956 return; 957 958 stats->all.count++; 959 stats->all.size += obj->size; 960 961 if (msm_gem_active(obj)) { 962 stats->active.count++; 963 stats->active.size += obj->size; 964 } 965 966 if (msm_obj->pages) { 967 stats->resident.count++; 968 stats->resident.size += obj->size; 969 } 970 971 switch (msm_obj->madv) { 972 case __MSM_MADV_PURGED: 973 stats->purged.count++; 974 stats->purged.size += obj->size; 975 madv = " purged"; 976 break; 977 case MSM_MADV_DONTNEED: 978 stats->purgeable.count++; 979 stats->purgeable.size += obj->size; 980 madv = " purgeable"; 981 break; 982 case MSM_MADV_WILLNEED: 983 default: 984 madv = ""; 985 break; 986 } 987 988 seq_printf(m, "%08x: %c %2d (%2d) %08llx %p", 989 msm_obj->flags, msm_gem_active(obj) ? 'A' : 'I', 990 obj->name, kref_read(&obj->refcount), 991 off, msm_obj->vaddr); 992 993 seq_printf(m, " %08zu %9s %-32s\n", obj->size, madv, msm_obj->name); 994 995 if (!list_empty(&obj->gpuva.list)) { 996 struct drm_gpuvm_bo *vm_bo; 997 998 seq_puts(m, " vmas:"); 999 1000 drm_gem_for_each_gpuvm_bo (vm_bo, obj) { 1001 struct drm_gpuva *vma; 1002 1003 drm_gpuvm_bo_for_each_va (vma, vm_bo) { 1004 const char *name, *comm; 1005 struct msm_gem_vm *vm = to_msm_vm(vma->vm); 1006 struct task_struct *task = 1007 get_pid_task(vm->pid, PIDTYPE_PID); 1008 if (task) { 1009 comm = kstrdup(task->comm, GFP_KERNEL); 1010 put_task_struct(task); 1011 } else { 1012 comm = NULL; 1013 } 1014 name = vm->base.name; 1015 1016 seq_printf(m, " [%s%s%s: vm=%p, %08llx, %smapped]", 1017 name, comm ? ":" : "", comm ? comm : "", 1018 vma->vm, vma->va.addr, 1019 to_msm_vma(vma)->mapped ? "" : "un"); 1020 kfree(comm); 1021 } 1022 } 1023 1024 seq_puts(m, "\n"); 1025 } 1026 1027 dma_resv_describe(robj, m); 1028 msm_gem_unlock(obj); 1029 } 1030 1031 void msm_gem_describe_objects(struct list_head *list, struct seq_file *m) 1032 { 1033 struct msm_gem_stats stats = {}; 1034 struct msm_gem_object *msm_obj; 1035 1036 seq_puts(m, " flags id ref offset kaddr size madv name\n"); 1037 list_for_each_entry(msm_obj, list, node) { 1038 struct drm_gem_object *obj = &msm_obj->base; 1039 seq_puts(m, " "); 1040 msm_gem_describe(obj, m, &stats); 1041 } 1042 1043 seq_printf(m, "Total: %4d objects, %9zu bytes\n", 1044 stats.all.count, stats.all.size); 1045 seq_printf(m, "Active: %4d objects, %9zu bytes\n", 1046 stats.active.count, stats.active.size); 1047 seq_printf(m, "Resident: %4d objects, %9zu bytes\n", 1048 stats.resident.count, stats.resident.size); 1049 seq_printf(m, "Purgeable: %4d objects, %9zu bytes\n", 1050 stats.purgeable.count, stats.purgeable.size); 1051 seq_printf(m, "Purged: %4d objects, %9zu bytes\n", 1052 stats.purged.count, stats.purged.size); 1053 } 1054 #endif 1055 1056 /* don't call directly! Use drm_gem_object_put() */ 1057 static void msm_gem_free_object(struct drm_gem_object *obj) 1058 { 1059 struct msm_gem_object *msm_obj = to_msm_bo(obj); 1060 struct drm_device *dev = obj->dev; 1061 struct msm_drm_private *priv = dev->dev_private; 1062 struct drm_exec exec; 1063 1064 mutex_lock(&priv->obj_lock); 1065 list_del(&msm_obj->node); 1066 mutex_unlock(&priv->obj_lock); 1067 1068 /* 1069 * We need to lock any VMs the object is still attached to, but not 1070 * the object itself (see explaination in msm_gem_assert_locked()), 1071 * so just open-code this special case. 1072 * 1073 * Note that we skip the dance if we aren't attached to any VM. This 1074 * is load bearing. The driver needs to support two usage models: 1075 * 1076 * 1. Legacy kernel managed VM: Userspace expects the VMA's to be 1077 * implicitly torn down when the object is freed, the VMA's do 1078 * not hold a hard reference to the BO. 1079 * 1080 * 2. VM_BIND, userspace managed VM: The VMA holds a reference to the 1081 * BO. This can be dropped when the VM is closed and it's associated 1082 * VMAs are torn down. (See msm_gem_vm_close()). 1083 * 1084 * In the latter case the last reference to a BO can be dropped while 1085 * we already have the VM locked. It would have already been removed 1086 * from the gpuva list, but lockdep doesn't know that. Or understand 1087 * the differences between the two usage models. 1088 */ 1089 if (!list_empty(&obj->gpuva.list)) { 1090 drm_exec_init(&exec, 0, 0); 1091 drm_exec_until_all_locked (&exec) { 1092 struct drm_gpuvm_bo *vm_bo; 1093 drm_gem_for_each_gpuvm_bo (vm_bo, obj) { 1094 drm_exec_lock_obj(&exec, 1095 drm_gpuvm_resv_obj(vm_bo->vm)); 1096 drm_exec_retry_on_contention(&exec); 1097 } 1098 } 1099 put_iova_spaces(obj, NULL, true, "free"); 1100 drm_exec_fini(&exec); /* drop locks */ 1101 } 1102 1103 if (drm_gem_is_imported(obj)) { 1104 GEM_WARN_ON(msm_obj->vaddr); 1105 1106 /* Don't drop the pages for imported dmabuf, as they are not 1107 * ours, just free the array we allocated: 1108 */ 1109 kvfree(msm_obj->pages); 1110 1111 drm_prime_gem_destroy(obj, msm_obj->sgt); 1112 } else { 1113 msm_gem_vunmap(obj); 1114 put_pages(obj); 1115 } 1116 1117 if (msm_obj->flags & MSM_BO_NO_SHARE) { 1118 struct drm_gem_object *r_obj = 1119 container_of(obj->resv, struct drm_gem_object, _resv); 1120 1121 /* Drop reference we hold to shared resv obj: */ 1122 drm_gem_object_put(r_obj); 1123 } 1124 1125 drm_gem_object_release(obj); 1126 1127 kfree(msm_obj->metadata); 1128 kfree(msm_obj); 1129 } 1130 1131 static int msm_gem_object_mmap(struct drm_gem_object *obj, struct vm_area_struct *vma) 1132 { 1133 struct msm_gem_object *msm_obj = to_msm_bo(obj); 1134 1135 vm_flags_set(vma, VM_PFNMAP | VM_DONTEXPAND | VM_DONTDUMP); 1136 vma->vm_page_prot = msm_gem_pgprot(msm_obj, vm_get_page_prot(vma->vm_flags)); 1137 1138 return 0; 1139 } 1140 1141 /* convenience method to construct a GEM buffer object, and userspace handle */ 1142 int msm_gem_new_handle(struct drm_device *dev, struct drm_file *file, 1143 uint32_t size, uint32_t flags, uint32_t *handle, 1144 char *name) 1145 { 1146 struct drm_gem_object *obj; 1147 int ret; 1148 1149 obj = msm_gem_new(dev, size, flags); 1150 1151 if (IS_ERR(obj)) 1152 return PTR_ERR(obj); 1153 1154 if (name) 1155 msm_gem_object_set_name(obj, "%s", name); 1156 1157 if (flags & MSM_BO_NO_SHARE) { 1158 struct msm_context *ctx = file->driver_priv; 1159 struct drm_gem_object *r_obj = drm_gpuvm_resv_obj(ctx->vm); 1160 1161 drm_gem_object_get(r_obj); 1162 1163 obj->resv = r_obj->resv; 1164 } 1165 1166 ret = drm_gem_handle_create(file, obj, handle); 1167 1168 /* drop reference from allocate - handle holds it now */ 1169 drm_gem_object_put(obj); 1170 1171 return ret; 1172 } 1173 1174 static enum drm_gem_object_status msm_gem_status(struct drm_gem_object *obj) 1175 { 1176 struct msm_gem_object *msm_obj = to_msm_bo(obj); 1177 enum drm_gem_object_status status = 0; 1178 1179 if (msm_obj->pages) 1180 status |= DRM_GEM_OBJECT_RESIDENT; 1181 1182 if (msm_obj->madv == MSM_MADV_DONTNEED) 1183 status |= DRM_GEM_OBJECT_PURGEABLE; 1184 1185 return status; 1186 } 1187 1188 static const struct vm_operations_struct vm_ops = { 1189 .fault = msm_gem_fault, 1190 .open = drm_gem_vm_open, 1191 .close = drm_gem_vm_close, 1192 }; 1193 1194 static const struct drm_gem_object_funcs msm_gem_object_funcs = { 1195 .free = msm_gem_free_object, 1196 .open = msm_gem_open, 1197 .close = msm_gem_close, 1198 .export = msm_gem_prime_export, 1199 .pin = msm_gem_prime_pin, 1200 .unpin = msm_gem_prime_unpin, 1201 .get_sg_table = msm_gem_prime_get_sg_table, 1202 .vmap = msm_gem_prime_vmap, 1203 .vunmap = msm_gem_prime_vunmap, 1204 .mmap = msm_gem_object_mmap, 1205 .status = msm_gem_status, 1206 .vm_ops = &vm_ops, 1207 }; 1208 1209 static int msm_gem_new_impl(struct drm_device *dev, 1210 uint32_t size, uint32_t flags, 1211 struct drm_gem_object **obj) 1212 { 1213 struct msm_drm_private *priv = dev->dev_private; 1214 struct msm_gem_object *msm_obj; 1215 1216 switch (flags & MSM_BO_CACHE_MASK) { 1217 case MSM_BO_CACHED: 1218 case MSM_BO_WC: 1219 break; 1220 case MSM_BO_CACHED_COHERENT: 1221 if (priv->has_cached_coherent) 1222 break; 1223 fallthrough; 1224 default: 1225 DRM_DEV_DEBUG(dev->dev, "invalid cache flag: %x\n", 1226 (flags & MSM_BO_CACHE_MASK)); 1227 return -EINVAL; 1228 } 1229 1230 msm_obj = kzalloc(sizeof(*msm_obj), GFP_KERNEL); 1231 if (!msm_obj) 1232 return -ENOMEM; 1233 1234 msm_obj->flags = flags; 1235 msm_obj->madv = MSM_MADV_WILLNEED; 1236 1237 INIT_LIST_HEAD(&msm_obj->node); 1238 1239 *obj = &msm_obj->base; 1240 (*obj)->funcs = &msm_gem_object_funcs; 1241 1242 return 0; 1243 } 1244 1245 struct drm_gem_object *msm_gem_new(struct drm_device *dev, uint32_t size, uint32_t flags) 1246 { 1247 struct msm_drm_private *priv = dev->dev_private; 1248 struct msm_gem_object *msm_obj; 1249 struct drm_gem_object *obj = NULL; 1250 int ret; 1251 1252 size = PAGE_ALIGN(size); 1253 1254 /* Disallow zero sized objects as they make the underlying 1255 * infrastructure grumpy 1256 */ 1257 if (size == 0) 1258 return ERR_PTR(-EINVAL); 1259 1260 ret = msm_gem_new_impl(dev, size, flags, &obj); 1261 if (ret) 1262 return ERR_PTR(ret); 1263 1264 msm_obj = to_msm_bo(obj); 1265 1266 ret = drm_gem_object_init(dev, obj, size); 1267 if (ret) 1268 goto fail; 1269 /* 1270 * Our buffers are kept pinned, so allocating them from the 1271 * MOVABLE zone is a really bad idea, and conflicts with CMA. 1272 * See comments above new_inode() why this is required _and_ 1273 * expected if you're going to pin these pages. 1274 */ 1275 mapping_set_gfp_mask(obj->filp->f_mapping, GFP_HIGHUSER); 1276 1277 drm_gem_lru_move_tail(&priv->lru.unbacked, obj); 1278 1279 mutex_lock(&priv->obj_lock); 1280 list_add_tail(&msm_obj->node, &priv->objects); 1281 mutex_unlock(&priv->obj_lock); 1282 1283 ret = drm_gem_create_mmap_offset(obj); 1284 if (ret) 1285 goto fail; 1286 1287 return obj; 1288 1289 fail: 1290 drm_gem_object_put(obj); 1291 return ERR_PTR(ret); 1292 } 1293 1294 struct drm_gem_object *msm_gem_import(struct drm_device *dev, 1295 struct dma_buf *dmabuf, struct sg_table *sgt) 1296 { 1297 struct msm_drm_private *priv = dev->dev_private; 1298 struct msm_gem_object *msm_obj; 1299 struct drm_gem_object *obj; 1300 uint32_t size; 1301 int ret, npages; 1302 1303 size = PAGE_ALIGN(dmabuf->size); 1304 1305 ret = msm_gem_new_impl(dev, size, MSM_BO_WC, &obj); 1306 if (ret) 1307 return ERR_PTR(ret); 1308 1309 drm_gem_private_object_init(dev, obj, size); 1310 1311 npages = size / PAGE_SIZE; 1312 1313 msm_obj = to_msm_bo(obj); 1314 msm_gem_lock(obj); 1315 msm_obj->sgt = sgt; 1316 msm_obj->pages = kvmalloc_array(npages, sizeof(struct page *), GFP_KERNEL); 1317 if (!msm_obj->pages) { 1318 msm_gem_unlock(obj); 1319 ret = -ENOMEM; 1320 goto fail; 1321 } 1322 1323 ret = drm_prime_sg_to_page_array(sgt, msm_obj->pages, npages); 1324 if (ret) { 1325 msm_gem_unlock(obj); 1326 goto fail; 1327 } 1328 1329 msm_gem_unlock(obj); 1330 1331 drm_gem_lru_move_tail(&priv->lru.pinned, obj); 1332 1333 mutex_lock(&priv->obj_lock); 1334 list_add_tail(&msm_obj->node, &priv->objects); 1335 mutex_unlock(&priv->obj_lock); 1336 1337 ret = drm_gem_create_mmap_offset(obj); 1338 if (ret) 1339 goto fail; 1340 1341 return obj; 1342 1343 fail: 1344 drm_gem_object_put(obj); 1345 return ERR_PTR(ret); 1346 } 1347 1348 void *msm_gem_kernel_new(struct drm_device *dev, uint32_t size, uint32_t flags, 1349 struct drm_gpuvm *vm, struct drm_gem_object **bo, 1350 uint64_t *iova) 1351 { 1352 void *vaddr; 1353 struct drm_gem_object *obj = msm_gem_new(dev, size, flags); 1354 int ret; 1355 1356 if (IS_ERR(obj)) 1357 return ERR_CAST(obj); 1358 1359 if (iova) { 1360 ret = msm_gem_get_and_pin_iova(obj, vm, iova); 1361 if (ret) 1362 goto err; 1363 } 1364 1365 vaddr = msm_gem_get_vaddr(obj); 1366 if (IS_ERR(vaddr)) { 1367 msm_gem_unpin_iova(obj, vm); 1368 ret = PTR_ERR(vaddr); 1369 goto err; 1370 } 1371 1372 if (bo) 1373 *bo = obj; 1374 1375 return vaddr; 1376 err: 1377 drm_gem_object_put(obj); 1378 1379 return ERR_PTR(ret); 1380 1381 } 1382 1383 void msm_gem_kernel_put(struct drm_gem_object *bo, struct drm_gpuvm *vm) 1384 { 1385 if (IS_ERR_OR_NULL(bo)) 1386 return; 1387 1388 msm_gem_put_vaddr(bo); 1389 msm_gem_unpin_iova(bo, vm); 1390 drm_gem_object_put(bo); 1391 } 1392 1393 void msm_gem_object_set_name(struct drm_gem_object *bo, const char *fmt, ...) 1394 { 1395 struct msm_gem_object *msm_obj = to_msm_bo(bo); 1396 va_list ap; 1397 1398 if (!fmt) 1399 return; 1400 1401 va_start(ap, fmt); 1402 vsnprintf(msm_obj->name, sizeof(msm_obj->name), fmt, ap); 1403 va_end(ap); 1404 } 1405