1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Copyright (C) 2016 Red Hat 4 * Author: Rob Clark <robdclark@gmail.com> 5 */ 6 7 #include "drm/drm_file.h" 8 #include "drm/msm_drm.h" 9 #include "linux/file.h" 10 #include "linux/sync_file.h" 11 12 #include "msm_drv.h" 13 #include "msm_gem.h" 14 #include "msm_gpu.h" 15 #include "msm_mmu.h" 16 #include "msm_syncobj.h" 17 18 #define vm_dbg(fmt, ...) pr_debug("%s:%d: "fmt"\n", __func__, __LINE__, ##__VA_ARGS__) 19 20 static uint vm_log_shift = 0; 21 MODULE_PARM_DESC(vm_log_shift, "Length of VM op log"); 22 module_param_named(vm_log_shift, vm_log_shift, uint, 0600); 23 24 /** 25 * struct msm_vm_map_op - create new pgtable mapping 26 */ 27 struct msm_vm_map_op { 28 /** @iova: start address for mapping */ 29 uint64_t iova; 30 /** @range: size of the region to map */ 31 uint64_t range; 32 /** @offset: offset into @sgt to map */ 33 uint64_t offset; 34 /** @sgt: pages to map, or NULL for a PRR mapping */ 35 struct sg_table *sgt; 36 /** @prot: the mapping protection flags */ 37 int prot; 38 39 /** 40 * @queue_id: The id of the submitqueue the operation is performed 41 * on, or zero for (in particular) UNMAP ops triggered outside of 42 * a submitqueue (ie. process cleanup) 43 */ 44 int queue_id; 45 }; 46 47 /** 48 * struct msm_vm_unmap_op - unmap a range of pages from pgtable 49 */ 50 struct msm_vm_unmap_op { 51 /** @iova: start address for unmap */ 52 uint64_t iova; 53 /** @range: size of region to unmap */ 54 uint64_t range; 55 56 /** @reason: The reason for the unmap */ 57 const char *reason; 58 59 /** 60 * @queue_id: The id of the submitqueue the operation is performed 61 * on, or zero for (in particular) UNMAP ops triggered outside of 62 * a submitqueue (ie. process cleanup) 63 */ 64 int queue_id; 65 }; 66 67 /** 68 * struct msm_vma_op - A MAP or UNMAP operation 69 */ 70 struct msm_vm_op { 71 /** @op: The operation type */ 72 enum { 73 MSM_VM_OP_MAP = 1, 74 MSM_VM_OP_UNMAP, 75 } op; 76 union { 77 /** @map: Parameters used if op == MSM_VMA_OP_MAP */ 78 struct msm_vm_map_op map; 79 /** @unmap: Parameters used if op == MSM_VMA_OP_UNMAP */ 80 struct msm_vm_unmap_op unmap; 81 }; 82 /** @node: list head in msm_vm_bind_job::vm_ops */ 83 struct list_head node; 84 85 /** 86 * @obj: backing object for pages to be mapped/unmapped 87 * 88 * Async unmap ops, in particular, must hold a reference to the 89 * original GEM object backing the mapping that will be unmapped. 90 * But the same can be required in the map path, for example if 91 * there is not a corresponding unmap op, such as process exit. 92 * 93 * This ensures that the pages backing the mapping are not freed 94 * before the mapping is torn down. 95 */ 96 struct drm_gem_object *obj; 97 }; 98 99 /** 100 * struct msm_vm_bind_job - Tracking for a VM_BIND ioctl 101 * 102 * A table of userspace requested VM updates (MSM_VM_BIND_OP_UNMAP/MAP/MAP_NULL) 103 * gets applied to the vm, generating a list of VM ops (MSM_VM_OP_MAP/UNMAP) 104 * which are applied to the pgtables asynchronously. For example a userspace 105 * requested MSM_VM_BIND_OP_MAP could end up generating both an MSM_VM_OP_UNMAP 106 * to unmap an existing mapping, and a MSM_VM_OP_MAP to apply the new mapping. 107 */ 108 struct msm_vm_bind_job { 109 /** @base: base class for drm_sched jobs */ 110 struct drm_sched_job base; 111 /** @vm: The VM being operated on */ 112 struct drm_gpuvm *vm; 113 /** @fence: The fence that is signaled when job completes */ 114 struct dma_fence *fence; 115 /** @queue: The queue that the job runs on */ 116 struct msm_gpu_submitqueue *queue; 117 /** @prealloc: Tracking for pre-allocated MMU pgtable pages */ 118 struct msm_mmu_prealloc prealloc; 119 /** @vm_ops: a list of struct msm_vm_op */ 120 struct list_head vm_ops; 121 /** @bos_pinned: are the GEM objects being bound pinned? */ 122 bool bos_pinned; 123 /** @nr_ops: the number of userspace requested ops */ 124 unsigned int nr_ops; 125 /** 126 * @ops: the userspace requested ops 127 * 128 * The userspace requested ops are copied/parsed and validated 129 * before we start applying the updates to try to do as much up- 130 * front error checking as possible, to avoid the VM being in an 131 * undefined state due to partially executed VM_BIND. 132 * 133 * This table also serves to hold a reference to the backing GEM 134 * objects. 135 */ 136 struct msm_vm_bind_op { 137 uint32_t op; 138 uint32_t flags; 139 union { 140 struct drm_gem_object *obj; 141 uint32_t handle; 142 }; 143 uint64_t obj_offset; 144 uint64_t iova; 145 uint64_t range; 146 } ops[]; 147 }; 148 149 #define job_foreach_bo(obj, _job) \ 150 for (unsigned i = 0; i < (_job)->nr_ops; i++) \ 151 if ((obj = (_job)->ops[i].obj)) 152 153 static inline struct msm_vm_bind_job *to_msm_vm_bind_job(struct drm_sched_job *job) 154 { 155 return container_of(job, struct msm_vm_bind_job, base); 156 } 157 158 static void 159 msm_gem_vm_free(struct drm_gpuvm *gpuvm) 160 { 161 struct msm_gem_vm *vm = container_of(gpuvm, struct msm_gem_vm, base); 162 163 drm_mm_takedown(&vm->mm); 164 if (vm->mmu) 165 vm->mmu->funcs->destroy(vm->mmu); 166 dma_fence_put(vm->last_fence); 167 put_pid(vm->pid); 168 kfree(vm->log); 169 kfree(vm); 170 } 171 172 /** 173 * msm_gem_vm_unusable() - Mark a VM as unusable 174 * @gpuvm: the VM to mark unusable 175 */ 176 void 177 msm_gem_vm_unusable(struct drm_gpuvm *gpuvm) 178 { 179 struct msm_gem_vm *vm = to_msm_vm(gpuvm); 180 uint32_t vm_log_len = (1 << vm->log_shift); 181 uint32_t vm_log_mask = vm_log_len - 1; 182 uint32_t nr_vm_logs; 183 int first; 184 185 vm->unusable = true; 186 187 /* Bail if no log, or empty log: */ 188 if (!vm->log || !vm->log[0].op) 189 return; 190 191 mutex_lock(&vm->mmu_lock); 192 193 /* 194 * log_idx is the next entry to overwrite, meaning it is the oldest, or 195 * first, entry (other than the special case handled below where the 196 * log hasn't wrapped around yet) 197 */ 198 first = vm->log_idx; 199 200 if (!vm->log[first].op) { 201 /* 202 * If the next log entry has not been written yet, then only 203 * entries 0 to idx-1 are valid (ie. we haven't wrapped around 204 * yet) 205 */ 206 nr_vm_logs = MAX(0, first - 1); 207 first = 0; 208 } else { 209 nr_vm_logs = vm_log_len; 210 } 211 212 pr_err("vm-log:\n"); 213 for (int i = 0; i < nr_vm_logs; i++) { 214 int idx = (i + first) & vm_log_mask; 215 struct msm_gem_vm_log_entry *e = &vm->log[idx]; 216 pr_err(" - %s:%d: 0x%016llx-0x%016llx\n", 217 e->op, e->queue_id, e->iova, 218 e->iova + e->range); 219 } 220 221 mutex_unlock(&vm->mmu_lock); 222 } 223 224 static void 225 vm_log(struct msm_gem_vm *vm, const char *op, uint64_t iova, uint64_t range, int queue_id) 226 { 227 int idx; 228 229 if (!vm->managed) 230 lockdep_assert_held(&vm->mmu_lock); 231 232 vm_dbg("%s:%p:%d: %016llx %016llx", op, vm, queue_id, iova, iova + range); 233 234 if (!vm->log) 235 return; 236 237 idx = vm->log_idx; 238 vm->log[idx].op = op; 239 vm->log[idx].iova = iova; 240 vm->log[idx].range = range; 241 vm->log[idx].queue_id = queue_id; 242 vm->log_idx = (vm->log_idx + 1) & ((1 << vm->log_shift) - 1); 243 } 244 245 static void 246 vm_unmap_op(struct msm_gem_vm *vm, const struct msm_vm_unmap_op *op) 247 { 248 const char *reason = op->reason; 249 250 if (!reason) 251 reason = "unmap"; 252 253 vm_log(vm, reason, op->iova, op->range, op->queue_id); 254 255 vm->mmu->funcs->unmap(vm->mmu, op->iova, op->range); 256 } 257 258 static int 259 vm_map_op(struct msm_gem_vm *vm, const struct msm_vm_map_op *op) 260 { 261 vm_log(vm, "map", op->iova, op->range, op->queue_id); 262 263 return vm->mmu->funcs->map(vm->mmu, op->iova, op->sgt, op->offset, 264 op->range, op->prot); 265 } 266 267 /* Actually unmap memory for the vma */ 268 void msm_gem_vma_unmap(struct drm_gpuva *vma, const char *reason) 269 { 270 struct msm_gem_vm *vm = to_msm_vm(vma->vm); 271 struct msm_gem_vma *msm_vma = to_msm_vma(vma); 272 273 /* Don't do anything if the memory isn't mapped */ 274 if (!msm_vma->mapped) 275 return; 276 277 /* 278 * The mmu_lock is only needed when preallocation is used. But 279 * in that case we don't need to worry about recursion into 280 * shrinker 281 */ 282 if (!vm->managed) 283 mutex_lock(&vm->mmu_lock); 284 285 vm_unmap_op(vm, &(struct msm_vm_unmap_op){ 286 .iova = vma->va.addr, 287 .range = vma->va.range, 288 .reason = reason, 289 }); 290 291 if (!vm->managed) 292 mutex_unlock(&vm->mmu_lock); 293 294 msm_vma->mapped = false; 295 } 296 297 /* Map and pin vma: */ 298 int 299 msm_gem_vma_map(struct drm_gpuva *vma, int prot, struct sg_table *sgt) 300 { 301 struct msm_gem_vm *vm = to_msm_vm(vma->vm); 302 struct msm_gem_vma *msm_vma = to_msm_vma(vma); 303 int ret; 304 305 if (GEM_WARN_ON(!vma->va.addr)) 306 return -EINVAL; 307 308 if (msm_vma->mapped) 309 return 0; 310 311 msm_vma->mapped = true; 312 313 /* 314 * The mmu_lock is only needed when preallocation is used. But 315 * in that case we don't need to worry about recursion into 316 * shrinker 317 */ 318 if (!vm->managed) 319 mutex_lock(&vm->mmu_lock); 320 321 /* 322 * NOTE: iommu/io-pgtable can allocate pages, so we cannot hold 323 * a lock across map/unmap which is also used in the job_run() 324 * path, as this can cause deadlock in job_run() vs shrinker/ 325 * reclaim. 326 * 327 * Revisit this if we can come up with a scheme to pre-alloc pages 328 * for the pgtable in map/unmap ops. 329 */ 330 ret = vm_map_op(vm, &(struct msm_vm_map_op){ 331 .iova = vma->va.addr, 332 .range = vma->va.range, 333 .offset = vma->gem.offset, 334 .sgt = sgt, 335 .prot = prot, 336 }); 337 338 if (!vm->managed) 339 mutex_unlock(&vm->mmu_lock); 340 341 if (ret) 342 msm_vma->mapped = false; 343 344 return ret; 345 } 346 347 /* Close an iova. Warn if it is still in use */ 348 void msm_gem_vma_close(struct drm_gpuva *vma) 349 { 350 struct msm_gem_vm *vm = to_msm_vm(vma->vm); 351 struct msm_gem_vma *msm_vma = to_msm_vma(vma); 352 353 GEM_WARN_ON(msm_vma->mapped); 354 355 drm_gpuvm_resv_assert_held(&vm->base); 356 357 if (vma->gem.obj) 358 msm_gem_assert_locked(vma->gem.obj); 359 360 if (vma->va.addr && vm->managed) 361 drm_mm_remove_node(&msm_vma->node); 362 363 drm_gpuva_remove(vma); 364 drm_gpuva_unlink(vma); 365 366 kfree(vma); 367 } 368 369 /* Create a new vma and allocate an iova for it */ 370 struct drm_gpuva * 371 msm_gem_vma_new(struct drm_gpuvm *gpuvm, struct drm_gem_object *obj, 372 u64 offset, u64 range_start, u64 range_end) 373 { 374 struct msm_gem_vm *vm = to_msm_vm(gpuvm); 375 struct drm_gpuvm_bo *vm_bo; 376 struct msm_gem_vma *vma; 377 int ret; 378 379 drm_gpuvm_resv_assert_held(&vm->base); 380 381 vma = kzalloc(sizeof(*vma), GFP_KERNEL); 382 if (!vma) 383 return ERR_PTR(-ENOMEM); 384 385 if (vm->managed) { 386 BUG_ON(offset != 0); 387 BUG_ON(!obj); /* NULL mappings not valid for kernel managed VM */ 388 ret = drm_mm_insert_node_in_range(&vm->mm, &vma->node, 389 obj->size, PAGE_SIZE, 0, 390 range_start, range_end, 0); 391 392 if (ret) 393 goto err_free_vma; 394 395 range_start = vma->node.start; 396 range_end = range_start + obj->size; 397 } 398 399 if (obj) 400 GEM_WARN_ON((range_end - range_start) > obj->size); 401 402 drm_gpuva_init(&vma->base, range_start, range_end - range_start, obj, offset); 403 vma->mapped = false; 404 405 ret = drm_gpuva_insert(&vm->base, &vma->base); 406 if (ret) 407 goto err_free_range; 408 409 if (!obj) 410 return &vma->base; 411 412 vm_bo = drm_gpuvm_bo_obtain(&vm->base, obj); 413 if (IS_ERR(vm_bo)) { 414 ret = PTR_ERR(vm_bo); 415 goto err_va_remove; 416 } 417 418 drm_gpuvm_bo_extobj_add(vm_bo); 419 drm_gpuva_link(&vma->base, vm_bo); 420 GEM_WARN_ON(drm_gpuvm_bo_put(vm_bo)); 421 422 return &vma->base; 423 424 err_va_remove: 425 drm_gpuva_remove(&vma->base); 426 err_free_range: 427 if (vm->managed) 428 drm_mm_remove_node(&vma->node); 429 err_free_vma: 430 kfree(vma); 431 return ERR_PTR(ret); 432 } 433 434 static int 435 msm_gem_vm_bo_validate(struct drm_gpuvm_bo *vm_bo, struct drm_exec *exec) 436 { 437 struct drm_gem_object *obj = vm_bo->obj; 438 struct drm_gpuva *vma; 439 int ret; 440 441 vm_dbg("validate: %p", obj); 442 443 msm_gem_assert_locked(obj); 444 445 drm_gpuvm_bo_for_each_va (vma, vm_bo) { 446 ret = msm_gem_pin_vma_locked(obj, vma); 447 if (ret) 448 return ret; 449 } 450 451 return 0; 452 } 453 454 struct op_arg { 455 unsigned flags; 456 struct msm_vm_bind_job *job; 457 }; 458 459 static void 460 vm_op_enqueue(struct op_arg *arg, struct msm_vm_op _op) 461 { 462 struct msm_vm_op *op = kmalloc(sizeof(*op), GFP_KERNEL); 463 *op = _op; 464 list_add_tail(&op->node, &arg->job->vm_ops); 465 466 if (op->obj) 467 drm_gem_object_get(op->obj); 468 } 469 470 static struct drm_gpuva * 471 vma_from_op(struct op_arg *arg, struct drm_gpuva_op_map *op) 472 { 473 return msm_gem_vma_new(arg->job->vm, op->gem.obj, op->gem.offset, 474 op->va.addr, op->va.addr + op->va.range); 475 } 476 477 static int 478 msm_gem_vm_sm_step_map(struct drm_gpuva_op *op, void *arg) 479 { 480 struct msm_vm_bind_job *job = ((struct op_arg *)arg)->job; 481 struct drm_gem_object *obj = op->map.gem.obj; 482 struct drm_gpuva *vma; 483 struct sg_table *sgt; 484 unsigned prot; 485 486 vma = vma_from_op(arg, &op->map); 487 if (WARN_ON(IS_ERR(vma))) 488 return PTR_ERR(vma); 489 490 vm_dbg("%p:%p:%p: %016llx %016llx", vma->vm, vma, vma->gem.obj, 491 vma->va.addr, vma->va.range); 492 493 vma->flags = ((struct op_arg *)arg)->flags; 494 495 if (obj) { 496 sgt = to_msm_bo(obj)->sgt; 497 prot = msm_gem_prot(obj); 498 } else { 499 sgt = NULL; 500 prot = IOMMU_READ | IOMMU_WRITE; 501 } 502 503 vm_op_enqueue(arg, (struct msm_vm_op){ 504 .op = MSM_VM_OP_MAP, 505 .map = { 506 .sgt = sgt, 507 .iova = vma->va.addr, 508 .range = vma->va.range, 509 .offset = vma->gem.offset, 510 .prot = prot, 511 .queue_id = job->queue->id, 512 }, 513 .obj = vma->gem.obj, 514 }); 515 516 to_msm_vma(vma)->mapped = true; 517 518 return 0; 519 } 520 521 static int 522 msm_gem_vm_sm_step_remap(struct drm_gpuva_op *op, void *arg) 523 { 524 struct msm_vm_bind_job *job = ((struct op_arg *)arg)->job; 525 struct drm_gpuvm *vm = job->vm; 526 struct drm_gpuva *orig_vma = op->remap.unmap->va; 527 struct drm_gpuva *prev_vma = NULL, *next_vma = NULL; 528 struct drm_gpuvm_bo *vm_bo = orig_vma->vm_bo; 529 bool mapped = to_msm_vma(orig_vma)->mapped; 530 unsigned flags; 531 532 vm_dbg("orig_vma: %p:%p:%p: %016llx %016llx", vm, orig_vma, 533 orig_vma->gem.obj, orig_vma->va.addr, orig_vma->va.range); 534 535 if (mapped) { 536 uint64_t unmap_start, unmap_range; 537 538 drm_gpuva_op_remap_to_unmap_range(&op->remap, &unmap_start, &unmap_range); 539 540 vm_op_enqueue(arg, (struct msm_vm_op){ 541 .op = MSM_VM_OP_UNMAP, 542 .unmap = { 543 .iova = unmap_start, 544 .range = unmap_range, 545 .queue_id = job->queue->id, 546 }, 547 .obj = orig_vma->gem.obj, 548 }); 549 550 /* 551 * Part of this GEM obj is still mapped, but we're going to kill the 552 * existing VMA and replace it with one or two new ones (ie. two if 553 * the unmapped range is in the middle of the existing (unmap) VMA). 554 * So just set the state to unmapped: 555 */ 556 to_msm_vma(orig_vma)->mapped = false; 557 } 558 559 /* 560 * Hold a ref to the vm_bo between the msm_gem_vma_close() and the 561 * creation of the new prev/next vma's, in case the vm_bo is tracked 562 * in the VM's evict list: 563 */ 564 if (vm_bo) 565 drm_gpuvm_bo_get(vm_bo); 566 567 /* 568 * The prev_vma and/or next_vma are replacing the unmapped vma, and 569 * therefore should preserve it's flags: 570 */ 571 flags = orig_vma->flags; 572 573 msm_gem_vma_close(orig_vma); 574 575 if (op->remap.prev) { 576 prev_vma = vma_from_op(arg, op->remap.prev); 577 if (WARN_ON(IS_ERR(prev_vma))) 578 return PTR_ERR(prev_vma); 579 580 vm_dbg("prev_vma: %p:%p: %016llx %016llx", vm, prev_vma, prev_vma->va.addr, prev_vma->va.range); 581 to_msm_vma(prev_vma)->mapped = mapped; 582 prev_vma->flags = flags; 583 } 584 585 if (op->remap.next) { 586 next_vma = vma_from_op(arg, op->remap.next); 587 if (WARN_ON(IS_ERR(next_vma))) 588 return PTR_ERR(next_vma); 589 590 vm_dbg("next_vma: %p:%p: %016llx %016llx", vm, next_vma, next_vma->va.addr, next_vma->va.range); 591 to_msm_vma(next_vma)->mapped = mapped; 592 next_vma->flags = flags; 593 } 594 595 if (!mapped) 596 drm_gpuvm_bo_evict(vm_bo, true); 597 598 /* Drop the previous ref: */ 599 drm_gpuvm_bo_put(vm_bo); 600 601 return 0; 602 } 603 604 static int 605 msm_gem_vm_sm_step_unmap(struct drm_gpuva_op *op, void *arg) 606 { 607 struct msm_vm_bind_job *job = ((struct op_arg *)arg)->job; 608 struct drm_gpuva *vma = op->unmap.va; 609 struct msm_gem_vma *msm_vma = to_msm_vma(vma); 610 611 vm_dbg("%p:%p:%p: %016llx %016llx", vma->vm, vma, vma->gem.obj, 612 vma->va.addr, vma->va.range); 613 614 if (!msm_vma->mapped) 615 goto out_close; 616 617 vm_op_enqueue(arg, (struct msm_vm_op){ 618 .op = MSM_VM_OP_UNMAP, 619 .unmap = { 620 .iova = vma->va.addr, 621 .range = vma->va.range, 622 .queue_id = job->queue->id, 623 }, 624 .obj = vma->gem.obj, 625 }); 626 627 msm_vma->mapped = false; 628 629 out_close: 630 msm_gem_vma_close(vma); 631 632 return 0; 633 } 634 635 static const struct drm_gpuvm_ops msm_gpuvm_ops = { 636 .vm_free = msm_gem_vm_free, 637 .vm_bo_validate = msm_gem_vm_bo_validate, 638 .sm_step_map = msm_gem_vm_sm_step_map, 639 .sm_step_remap = msm_gem_vm_sm_step_remap, 640 .sm_step_unmap = msm_gem_vm_sm_step_unmap, 641 }; 642 643 static struct dma_fence * 644 msm_vma_job_run(struct drm_sched_job *_job) 645 { 646 struct msm_vm_bind_job *job = to_msm_vm_bind_job(_job); 647 struct msm_gem_vm *vm = to_msm_vm(job->vm); 648 struct drm_gem_object *obj; 649 int ret = vm->unusable ? -EINVAL : 0; 650 651 vm_dbg(""); 652 653 mutex_lock(&vm->mmu_lock); 654 vm->mmu->prealloc = &job->prealloc; 655 656 while (!list_empty(&job->vm_ops)) { 657 struct msm_vm_op *op = 658 list_first_entry(&job->vm_ops, struct msm_vm_op, node); 659 660 switch (op->op) { 661 case MSM_VM_OP_MAP: 662 /* 663 * On error, stop trying to map new things.. but we 664 * still want to process the unmaps (or in particular, 665 * the drm_gem_object_put()s) 666 */ 667 if (!ret) 668 ret = vm_map_op(vm, &op->map); 669 break; 670 case MSM_VM_OP_UNMAP: 671 vm_unmap_op(vm, &op->unmap); 672 break; 673 } 674 drm_gem_object_put(op->obj); 675 list_del(&op->node); 676 kfree(op); 677 } 678 679 vm->mmu->prealloc = NULL; 680 mutex_unlock(&vm->mmu_lock); 681 682 /* 683 * We failed to perform at least _some_ of the pgtable updates, so 684 * now the VM is in an undefined state. Game over! 685 */ 686 if (ret) 687 msm_gem_vm_unusable(job->vm); 688 689 job_foreach_bo (obj, job) { 690 msm_gem_lock(obj); 691 msm_gem_unpin_locked(obj); 692 msm_gem_unlock(obj); 693 } 694 695 /* VM_BIND ops are synchronous, so no fence to wait on: */ 696 return NULL; 697 } 698 699 static void 700 msm_vma_job_free(struct drm_sched_job *_job) 701 { 702 struct msm_vm_bind_job *job = to_msm_vm_bind_job(_job); 703 struct msm_gem_vm *vm = to_msm_vm(job->vm); 704 struct drm_gem_object *obj; 705 706 vm->mmu->funcs->prealloc_cleanup(vm->mmu, &job->prealloc); 707 708 atomic_sub(job->prealloc.count, &vm->prealloc_throttle.in_flight); 709 710 drm_sched_job_cleanup(_job); 711 712 job_foreach_bo (obj, job) 713 drm_gem_object_put(obj); 714 715 msm_submitqueue_put(job->queue); 716 dma_fence_put(job->fence); 717 718 /* In error paths, we could have unexecuted ops: */ 719 while (!list_empty(&job->vm_ops)) { 720 struct msm_vm_op *op = 721 list_first_entry(&job->vm_ops, struct msm_vm_op, node); 722 list_del(&op->node); 723 kfree(op); 724 } 725 726 wake_up(&vm->prealloc_throttle.wait); 727 728 kfree(job); 729 } 730 731 static const struct drm_sched_backend_ops msm_vm_bind_ops = { 732 .run_job = msm_vma_job_run, 733 .free_job = msm_vma_job_free 734 }; 735 736 /** 737 * msm_gem_vm_create() - Create and initialize a &msm_gem_vm 738 * @drm: the drm device 739 * @mmu: the backing MMU objects handling mapping/unmapping 740 * @name: the name of the VM 741 * @va_start: the start offset of the VA space 742 * @va_size: the size of the VA space 743 * @managed: is it a kernel managed VM? 744 * 745 * In a kernel managed VM, the kernel handles address allocation, and only 746 * synchronous operations are supported. In a user managed VM, userspace 747 * handles virtual address allocation, and both async and sync operations 748 * are supported. 749 */ 750 struct drm_gpuvm * 751 msm_gem_vm_create(struct drm_device *drm, struct msm_mmu *mmu, const char *name, 752 u64 va_start, u64 va_size, bool managed) 753 { 754 /* 755 * We mostly want to use DRM_GPUVM_RESV_PROTECTED, except that 756 * makes drm_gpuvm_bo_evict() a no-op for extobjs (ie. we loose 757 * tracking that an extobj is evicted) :facepalm: 758 */ 759 enum drm_gpuvm_flags flags = 0; 760 struct msm_gem_vm *vm; 761 struct drm_gem_object *dummy_gem; 762 int ret = 0; 763 764 if (IS_ERR(mmu)) 765 return ERR_CAST(mmu); 766 767 vm = kzalloc(sizeof(*vm), GFP_KERNEL); 768 if (!vm) 769 return ERR_PTR(-ENOMEM); 770 771 dummy_gem = drm_gpuvm_resv_object_alloc(drm); 772 if (!dummy_gem) { 773 ret = -ENOMEM; 774 goto err_free_vm; 775 } 776 777 if (!managed) { 778 struct drm_sched_init_args args = { 779 .ops = &msm_vm_bind_ops, 780 .num_rqs = 1, 781 .credit_limit = 1, 782 .timeout = MAX_SCHEDULE_TIMEOUT, 783 .name = "msm-vm-bind", 784 .dev = drm->dev, 785 }; 786 787 ret = drm_sched_init(&vm->sched, &args); 788 if (ret) 789 goto err_free_dummy; 790 791 init_waitqueue_head(&vm->prealloc_throttle.wait); 792 } 793 794 drm_gpuvm_init(&vm->base, name, flags, drm, dummy_gem, 795 va_start, va_size, 0, 0, &msm_gpuvm_ops); 796 drm_gem_object_put(dummy_gem); 797 798 vm->mmu = mmu; 799 mutex_init(&vm->mmu_lock); 800 vm->managed = managed; 801 802 drm_mm_init(&vm->mm, va_start, va_size); 803 804 /* 805 * We don't really need vm log for kernel managed VMs, as the kernel 806 * is responsible for ensuring that GEM objs are mapped if they are 807 * used by a submit. Furthermore we piggyback on mmu_lock to serialize 808 * access to the log. 809 * 810 * Limit the max log_shift to 8 to prevent userspace from asking us 811 * for an unreasonable log size. 812 */ 813 if (!managed) 814 vm->log_shift = MIN(vm_log_shift, 8); 815 816 if (vm->log_shift) { 817 vm->log = kmalloc_array(1 << vm->log_shift, sizeof(vm->log[0]), 818 GFP_KERNEL | __GFP_ZERO); 819 } 820 821 return &vm->base; 822 823 err_free_dummy: 824 drm_gem_object_put(dummy_gem); 825 826 err_free_vm: 827 kfree(vm); 828 return ERR_PTR(ret); 829 } 830 831 /** 832 * msm_gem_vm_close() - Close a VM 833 * @gpuvm: The VM to close 834 * 835 * Called when the drm device file is closed, to tear down VM related resources 836 * (which will drop refcounts to GEM objects that were still mapped into the 837 * VM at the time). 838 */ 839 void 840 msm_gem_vm_close(struct drm_gpuvm *gpuvm) 841 { 842 struct msm_gem_vm *vm = to_msm_vm(gpuvm); 843 struct drm_gpuva *vma, *tmp; 844 struct drm_exec exec; 845 846 /* 847 * For kernel managed VMs, the VMAs are torn down when the handle is 848 * closed, so nothing more to do. 849 */ 850 if (vm->managed) 851 return; 852 853 if (vm->last_fence) 854 dma_fence_wait(vm->last_fence, false); 855 856 /* Kill the scheduler now, so we aren't racing with it for cleanup: */ 857 drm_sched_stop(&vm->sched, NULL); 858 drm_sched_fini(&vm->sched); 859 860 /* Tear down any remaining mappings: */ 861 drm_exec_init(&exec, 0, 2); 862 drm_exec_until_all_locked (&exec) { 863 drm_exec_lock_obj(&exec, drm_gpuvm_resv_obj(gpuvm)); 864 drm_exec_retry_on_contention(&exec); 865 866 drm_gpuvm_for_each_va_safe (vma, tmp, gpuvm) { 867 struct drm_gem_object *obj = vma->gem.obj; 868 869 /* 870 * MSM_BO_NO_SHARE objects share the same resv as the 871 * VM, in which case the obj is already locked: 872 */ 873 if (obj && (obj->resv == drm_gpuvm_resv(gpuvm))) 874 obj = NULL; 875 876 if (obj) { 877 drm_exec_lock_obj(&exec, obj); 878 drm_exec_retry_on_contention(&exec); 879 } 880 881 msm_gem_vma_unmap(vma, "close"); 882 msm_gem_vma_close(vma); 883 884 if (obj) { 885 drm_exec_unlock_obj(&exec, obj); 886 } 887 } 888 } 889 drm_exec_fini(&exec); 890 } 891 892 893 static struct msm_vm_bind_job * 894 vm_bind_job_create(struct drm_device *dev, struct drm_file *file, 895 struct msm_gpu_submitqueue *queue, uint32_t nr_ops) 896 { 897 struct msm_vm_bind_job *job; 898 uint64_t sz; 899 int ret; 900 901 sz = struct_size(job, ops, nr_ops); 902 903 if (sz > SIZE_MAX) 904 return ERR_PTR(-ENOMEM); 905 906 job = kzalloc(sz, GFP_KERNEL | __GFP_NOWARN); 907 if (!job) 908 return ERR_PTR(-ENOMEM); 909 910 ret = drm_sched_job_init(&job->base, queue->entity, 1, queue, 911 file->client_id); 912 if (ret) { 913 kfree(job); 914 return ERR_PTR(ret); 915 } 916 917 job->vm = msm_context_vm(dev, queue->ctx); 918 job->queue = queue; 919 INIT_LIST_HEAD(&job->vm_ops); 920 921 return job; 922 } 923 924 static bool invalid_alignment(uint64_t addr) 925 { 926 /* 927 * Technically this is about GPU alignment, not CPU alignment. But 928 * I've not seen any qcom SoC where the SMMU does not support the 929 * CPU's smallest page size. 930 */ 931 return !PAGE_ALIGNED(addr); 932 } 933 934 static int 935 lookup_op(struct msm_vm_bind_job *job, const struct drm_msm_vm_bind_op *op) 936 { 937 struct drm_device *dev = job->vm->drm; 938 int i = job->nr_ops++; 939 int ret = 0; 940 941 job->ops[i].op = op->op; 942 job->ops[i].handle = op->handle; 943 job->ops[i].obj_offset = op->obj_offset; 944 job->ops[i].iova = op->iova; 945 job->ops[i].range = op->range; 946 job->ops[i].flags = op->flags; 947 948 if (op->flags & ~MSM_VM_BIND_OP_FLAGS) 949 ret = UERR(EINVAL, dev, "invalid flags: %x\n", op->flags); 950 951 if (invalid_alignment(op->iova)) 952 ret = UERR(EINVAL, dev, "invalid address: %016llx\n", op->iova); 953 954 if (invalid_alignment(op->obj_offset)) 955 ret = UERR(EINVAL, dev, "invalid bo_offset: %016llx\n", op->obj_offset); 956 957 if (invalid_alignment(op->range)) 958 ret = UERR(EINVAL, dev, "invalid range: %016llx\n", op->range); 959 960 if (!drm_gpuvm_range_valid(job->vm, op->iova, op->range)) 961 ret = UERR(EINVAL, dev, "invalid range: %016llx, %016llx\n", op->iova, op->range); 962 963 /* 964 * MAP must specify a valid handle. But the handle MBZ for 965 * UNMAP or MAP_NULL. 966 */ 967 if (op->op == MSM_VM_BIND_OP_MAP) { 968 if (!op->handle) 969 ret = UERR(EINVAL, dev, "invalid handle\n"); 970 } else if (op->handle) { 971 ret = UERR(EINVAL, dev, "handle must be zero\n"); 972 } 973 974 switch (op->op) { 975 case MSM_VM_BIND_OP_MAP: 976 case MSM_VM_BIND_OP_MAP_NULL: 977 case MSM_VM_BIND_OP_UNMAP: 978 break; 979 default: 980 ret = UERR(EINVAL, dev, "invalid op: %u\n", op->op); 981 break; 982 } 983 984 return ret; 985 } 986 987 /* 988 * ioctl parsing, parameter validation, and GEM handle lookup 989 */ 990 static int 991 vm_bind_job_lookup_ops(struct msm_vm_bind_job *job, struct drm_msm_vm_bind *args, 992 struct drm_file *file, int *nr_bos) 993 { 994 struct drm_device *dev = job->vm->drm; 995 int ret = 0; 996 int cnt = 0; 997 998 if (args->nr_ops == 1) { 999 /* Single op case, the op is inlined: */ 1000 ret = lookup_op(job, &args->op); 1001 } else { 1002 for (unsigned i = 0; i < args->nr_ops; i++) { 1003 struct drm_msm_vm_bind_op op; 1004 void __user *userptr = 1005 u64_to_user_ptr(args->ops + (i * sizeof(op))); 1006 1007 /* make sure we don't have garbage flags, in case we hit 1008 * error path before flags is initialized: 1009 */ 1010 job->ops[i].flags = 0; 1011 1012 if (copy_from_user(&op, userptr, sizeof(op))) { 1013 ret = -EFAULT; 1014 break; 1015 } 1016 1017 ret = lookup_op(job, &op); 1018 if (ret) 1019 break; 1020 } 1021 } 1022 1023 if (ret) { 1024 job->nr_ops = 0; 1025 goto out; 1026 } 1027 1028 spin_lock(&file->table_lock); 1029 1030 for (unsigned i = 0; i < args->nr_ops; i++) { 1031 struct drm_gem_object *obj; 1032 1033 if (!job->ops[i].handle) { 1034 job->ops[i].obj = NULL; 1035 continue; 1036 } 1037 1038 /* 1039 * normally use drm_gem_object_lookup(), but for bulk lookup 1040 * all under single table_lock just hit object_idr directly: 1041 */ 1042 obj = idr_find(&file->object_idr, job->ops[i].handle); 1043 if (!obj) { 1044 ret = UERR(EINVAL, dev, "invalid handle %u at index %u\n", job->ops[i].handle, i); 1045 goto out_unlock; 1046 } 1047 1048 drm_gem_object_get(obj); 1049 1050 job->ops[i].obj = obj; 1051 cnt++; 1052 } 1053 1054 *nr_bos = cnt; 1055 1056 out_unlock: 1057 spin_unlock(&file->table_lock); 1058 1059 out: 1060 return ret; 1061 } 1062 1063 static void 1064 prealloc_count(struct msm_vm_bind_job *job, 1065 struct msm_vm_bind_op *first, 1066 struct msm_vm_bind_op *last) 1067 { 1068 struct msm_mmu *mmu = to_msm_vm(job->vm)->mmu; 1069 1070 if (!first) 1071 return; 1072 1073 uint64_t start_iova = first->iova; 1074 uint64_t end_iova = last->iova + last->range; 1075 1076 mmu->funcs->prealloc_count(mmu, &job->prealloc, start_iova, end_iova - start_iova); 1077 } 1078 1079 static bool 1080 ops_are_same_pte(struct msm_vm_bind_op *first, struct msm_vm_bind_op *next) 1081 { 1082 /* 1083 * Last level pte covers 2MB.. so we should merge two ops, from 1084 * the PoV of figuring out how much pgtable pages to pre-allocate 1085 * if they land in the same 2MB range: 1086 */ 1087 uint64_t pte_mask = ~(SZ_2M - 1); 1088 return ((first->iova + first->range) & pte_mask) == (next->iova & pte_mask); 1089 } 1090 1091 /* 1092 * Determine the amount of memory to prealloc for pgtables. For sparse images, 1093 * in particular, userspace plays some tricks with the order of page mappings 1094 * to get the desired swizzle pattern, resulting in a large # of tiny MAP ops. 1095 * So detect when multiple MAP operations are physically contiguous, and count 1096 * them as a single mapping. Otherwise the prealloc_count() will not realize 1097 * they can share pagetable pages and vastly overcount. 1098 */ 1099 static int 1100 vm_bind_prealloc_count(struct msm_vm_bind_job *job) 1101 { 1102 struct msm_vm_bind_op *first = NULL, *last = NULL; 1103 struct msm_gem_vm *vm = to_msm_vm(job->vm); 1104 int ret; 1105 1106 for (int i = 0; i < job->nr_ops; i++) { 1107 struct msm_vm_bind_op *op = &job->ops[i]; 1108 1109 /* We only care about MAP/MAP_NULL: */ 1110 if (op->op == MSM_VM_BIND_OP_UNMAP) 1111 continue; 1112 1113 /* 1114 * If op is contiguous with last in the current range, then 1115 * it becomes the new last in the range and we continue 1116 * looping: 1117 */ 1118 if (last && ops_are_same_pte(last, op)) { 1119 last = op; 1120 continue; 1121 } 1122 1123 /* 1124 * If op is not contiguous with the current range, flush 1125 * the current range and start anew: 1126 */ 1127 prealloc_count(job, first, last); 1128 first = last = op; 1129 } 1130 1131 /* Flush the remaining range: */ 1132 prealloc_count(job, first, last); 1133 1134 /* 1135 * Now that we know the needed amount to pre-alloc, throttle on pending 1136 * VM_BIND jobs if we already have too much pre-alloc memory in flight 1137 */ 1138 ret = wait_event_interruptible( 1139 vm->prealloc_throttle.wait, 1140 atomic_read(&vm->prealloc_throttle.in_flight) <= 1024); 1141 if (ret) 1142 return ret; 1143 1144 atomic_add(job->prealloc.count, &vm->prealloc_throttle.in_flight); 1145 1146 return 0; 1147 } 1148 1149 /* 1150 * Lock VM and GEM objects 1151 */ 1152 static int 1153 vm_bind_job_lock_objects(struct msm_vm_bind_job *job, struct drm_exec *exec) 1154 { 1155 int ret; 1156 1157 /* Lock VM and objects: */ 1158 drm_exec_until_all_locked (exec) { 1159 ret = drm_exec_lock_obj(exec, drm_gpuvm_resv_obj(job->vm)); 1160 drm_exec_retry_on_contention(exec); 1161 if (ret) 1162 return ret; 1163 1164 for (unsigned i = 0; i < job->nr_ops; i++) { 1165 const struct msm_vm_bind_op *op = &job->ops[i]; 1166 1167 switch (op->op) { 1168 case MSM_VM_BIND_OP_UNMAP: 1169 ret = drm_gpuvm_sm_unmap_exec_lock(job->vm, exec, 1170 op->iova, 1171 op->obj_offset); 1172 break; 1173 case MSM_VM_BIND_OP_MAP: 1174 case MSM_VM_BIND_OP_MAP_NULL: 1175 ret = drm_gpuvm_sm_map_exec_lock(job->vm, exec, 1, 1176 op->iova, op->range, 1177 op->obj, op->obj_offset); 1178 break; 1179 default: 1180 /* 1181 * lookup_op() should have already thrown an error for 1182 * invalid ops 1183 */ 1184 WARN_ON("unreachable"); 1185 } 1186 1187 drm_exec_retry_on_contention(exec); 1188 if (ret) 1189 return ret; 1190 } 1191 } 1192 1193 return 0; 1194 } 1195 1196 /* 1197 * Pin GEM objects, ensuring that we have backing pages. Pinning will move 1198 * the object to the pinned LRU so that the shrinker knows to first consider 1199 * other objects for evicting. 1200 */ 1201 static int 1202 vm_bind_job_pin_objects(struct msm_vm_bind_job *job) 1203 { 1204 struct drm_gem_object *obj; 1205 1206 /* 1207 * First loop, before holding the LRU lock, avoids holding the 1208 * LRU lock while calling msm_gem_pin_vma_locked (which could 1209 * trigger get_pages()) 1210 */ 1211 job_foreach_bo (obj, job) { 1212 struct page **pages; 1213 1214 pages = msm_gem_get_pages_locked(obj, MSM_MADV_WILLNEED); 1215 if (IS_ERR(pages)) 1216 return PTR_ERR(pages); 1217 } 1218 1219 struct msm_drm_private *priv = job->vm->drm->dev_private; 1220 1221 /* 1222 * A second loop while holding the LRU lock (a) avoids acquiring/dropping 1223 * the LRU lock for each individual bo, while (b) avoiding holding the 1224 * LRU lock while calling msm_gem_pin_vma_locked() (which could trigger 1225 * get_pages() which could trigger reclaim.. and if we held the LRU lock 1226 * could trigger deadlock with the shrinker). 1227 */ 1228 mutex_lock(&priv->lru.lock); 1229 job_foreach_bo (obj, job) 1230 msm_gem_pin_obj_locked(obj); 1231 mutex_unlock(&priv->lru.lock); 1232 1233 job->bos_pinned = true; 1234 1235 return 0; 1236 } 1237 1238 /* 1239 * Unpin GEM objects. Normally this is done after the bind job is run. 1240 */ 1241 static void 1242 vm_bind_job_unpin_objects(struct msm_vm_bind_job *job) 1243 { 1244 struct drm_gem_object *obj; 1245 1246 if (!job->bos_pinned) 1247 return; 1248 1249 job_foreach_bo (obj, job) 1250 msm_gem_unpin_locked(obj); 1251 1252 job->bos_pinned = false; 1253 } 1254 1255 /* 1256 * Pre-allocate pgtable memory, and translate the VM bind requests into a 1257 * sequence of pgtable updates to be applied asynchronously. 1258 */ 1259 static int 1260 vm_bind_job_prepare(struct msm_vm_bind_job *job) 1261 { 1262 struct msm_gem_vm *vm = to_msm_vm(job->vm); 1263 struct msm_mmu *mmu = vm->mmu; 1264 int ret; 1265 1266 ret = mmu->funcs->prealloc_allocate(mmu, &job->prealloc); 1267 if (ret) 1268 return ret; 1269 1270 for (unsigned i = 0; i < job->nr_ops; i++) { 1271 const struct msm_vm_bind_op *op = &job->ops[i]; 1272 struct op_arg arg = { 1273 .job = job, 1274 }; 1275 1276 switch (op->op) { 1277 case MSM_VM_BIND_OP_UNMAP: 1278 ret = drm_gpuvm_sm_unmap(job->vm, &arg, op->iova, 1279 op->range); 1280 break; 1281 case MSM_VM_BIND_OP_MAP: 1282 if (op->flags & MSM_VM_BIND_OP_DUMP) 1283 arg.flags |= MSM_VMA_DUMP; 1284 fallthrough; 1285 case MSM_VM_BIND_OP_MAP_NULL: 1286 ret = drm_gpuvm_sm_map(job->vm, &arg, op->iova, 1287 op->range, op->obj, op->obj_offset); 1288 break; 1289 default: 1290 /* 1291 * lookup_op() should have already thrown an error for 1292 * invalid ops 1293 */ 1294 BUG_ON("unreachable"); 1295 } 1296 1297 if (ret) { 1298 /* 1299 * If we've already started modifying the vm, we can't 1300 * adequetly describe to userspace the intermediate 1301 * state the vm is in. So throw up our hands! 1302 */ 1303 if (i > 0) 1304 msm_gem_vm_unusable(job->vm); 1305 return ret; 1306 } 1307 } 1308 1309 return 0; 1310 } 1311 1312 /* 1313 * Attach fences to the GEM objects being bound. This will signify to 1314 * the shrinker that they are busy even after dropping the locks (ie. 1315 * drm_exec_fini()) 1316 */ 1317 static void 1318 vm_bind_job_attach_fences(struct msm_vm_bind_job *job) 1319 { 1320 for (unsigned i = 0; i < job->nr_ops; i++) { 1321 struct drm_gem_object *obj = job->ops[i].obj; 1322 1323 if (!obj) 1324 continue; 1325 1326 dma_resv_add_fence(obj->resv, job->fence, 1327 DMA_RESV_USAGE_KERNEL); 1328 } 1329 } 1330 1331 int 1332 msm_ioctl_vm_bind(struct drm_device *dev, void *data, struct drm_file *file) 1333 { 1334 struct msm_drm_private *priv = dev->dev_private; 1335 struct drm_msm_vm_bind *args = data; 1336 struct msm_context *ctx = file->driver_priv; 1337 struct msm_vm_bind_job *job = NULL; 1338 struct msm_gpu *gpu = priv->gpu; 1339 struct msm_gpu_submitqueue *queue; 1340 struct msm_syncobj_post_dep *post_deps = NULL; 1341 struct drm_syncobj **syncobjs_to_reset = NULL; 1342 struct sync_file *sync_file = NULL; 1343 struct dma_fence *fence; 1344 int out_fence_fd = -1; 1345 int ret, nr_bos = 0; 1346 unsigned i; 1347 1348 if (!gpu) 1349 return -ENXIO; 1350 1351 /* 1352 * Maybe we could allow just UNMAP ops? OTOH userspace should just 1353 * immediately close the device file and all will be torn down. 1354 */ 1355 if (to_msm_vm(ctx->vm)->unusable) 1356 return UERR(EPIPE, dev, "context is unusable"); 1357 1358 /* 1359 * Technically, you cannot create a VM_BIND submitqueue in the first 1360 * place, if you haven't opted in to VM_BIND context. But it is 1361 * cleaner / less confusing, to check this case directly. 1362 */ 1363 if (!msm_context_is_vmbind(ctx)) 1364 return UERR(EINVAL, dev, "context does not support vmbind"); 1365 1366 if (args->flags & ~MSM_VM_BIND_FLAGS) 1367 return UERR(EINVAL, dev, "invalid flags"); 1368 1369 queue = msm_submitqueue_get(ctx, args->queue_id); 1370 if (!queue) 1371 return -ENOENT; 1372 1373 if (!(queue->flags & MSM_SUBMITQUEUE_VM_BIND)) { 1374 ret = UERR(EINVAL, dev, "Invalid queue type"); 1375 goto out_post_unlock; 1376 } 1377 1378 if (args->flags & MSM_VM_BIND_FENCE_FD_OUT) { 1379 out_fence_fd = get_unused_fd_flags(O_CLOEXEC); 1380 if (out_fence_fd < 0) { 1381 ret = out_fence_fd; 1382 goto out_post_unlock; 1383 } 1384 } 1385 1386 job = vm_bind_job_create(dev, file, queue, args->nr_ops); 1387 if (IS_ERR(job)) { 1388 ret = PTR_ERR(job); 1389 goto out_post_unlock; 1390 } 1391 1392 ret = mutex_lock_interruptible(&queue->lock); 1393 if (ret) 1394 goto out_post_unlock; 1395 1396 if (args->flags & MSM_VM_BIND_FENCE_FD_IN) { 1397 struct dma_fence *in_fence; 1398 1399 in_fence = sync_file_get_fence(args->fence_fd); 1400 1401 if (!in_fence) { 1402 ret = UERR(EINVAL, dev, "invalid in-fence"); 1403 goto out_unlock; 1404 } 1405 1406 ret = drm_sched_job_add_dependency(&job->base, in_fence); 1407 if (ret) 1408 goto out_unlock; 1409 } 1410 1411 if (args->in_syncobjs > 0) { 1412 syncobjs_to_reset = msm_syncobj_parse_deps(dev, &job->base, 1413 file, args->in_syncobjs, 1414 args->nr_in_syncobjs, 1415 args->syncobj_stride); 1416 if (IS_ERR(syncobjs_to_reset)) { 1417 ret = PTR_ERR(syncobjs_to_reset); 1418 goto out_unlock; 1419 } 1420 } 1421 1422 if (args->out_syncobjs > 0) { 1423 post_deps = msm_syncobj_parse_post_deps(dev, file, 1424 args->out_syncobjs, 1425 args->nr_out_syncobjs, 1426 args->syncobj_stride); 1427 if (IS_ERR(post_deps)) { 1428 ret = PTR_ERR(post_deps); 1429 goto out_unlock; 1430 } 1431 } 1432 1433 ret = vm_bind_job_lookup_ops(job, args, file, &nr_bos); 1434 if (ret) 1435 goto out_unlock; 1436 1437 ret = vm_bind_prealloc_count(job); 1438 if (ret) 1439 goto out_unlock; 1440 1441 struct drm_exec exec; 1442 unsigned flags = DRM_EXEC_IGNORE_DUPLICATES | DRM_EXEC_INTERRUPTIBLE_WAIT; 1443 drm_exec_init(&exec, flags, nr_bos + 1); 1444 1445 ret = vm_bind_job_lock_objects(job, &exec); 1446 if (ret) 1447 goto out; 1448 1449 ret = vm_bind_job_pin_objects(job); 1450 if (ret) 1451 goto out; 1452 1453 ret = vm_bind_job_prepare(job); 1454 if (ret) 1455 goto out; 1456 1457 drm_sched_job_arm(&job->base); 1458 1459 job->fence = dma_fence_get(&job->base.s_fence->finished); 1460 1461 if (args->flags & MSM_VM_BIND_FENCE_FD_OUT) { 1462 sync_file = sync_file_create(job->fence); 1463 if (!sync_file) { 1464 ret = -ENOMEM; 1465 } else { 1466 fd_install(out_fence_fd, sync_file->file); 1467 args->fence_fd = out_fence_fd; 1468 } 1469 } 1470 1471 if (ret) 1472 goto out; 1473 1474 vm_bind_job_attach_fences(job); 1475 1476 /* 1477 * The job can be free'd (and fence unref'd) at any point after 1478 * drm_sched_entity_push_job(), so we need to hold our own ref 1479 */ 1480 fence = dma_fence_get(job->fence); 1481 1482 drm_sched_entity_push_job(&job->base); 1483 1484 msm_syncobj_reset(syncobjs_to_reset, args->nr_in_syncobjs); 1485 msm_syncobj_process_post_deps(post_deps, args->nr_out_syncobjs, fence); 1486 1487 dma_fence_put(fence); 1488 1489 out: 1490 if (ret) 1491 vm_bind_job_unpin_objects(job); 1492 1493 drm_exec_fini(&exec); 1494 out_unlock: 1495 mutex_unlock(&queue->lock); 1496 out_post_unlock: 1497 if (ret && (out_fence_fd >= 0)) { 1498 put_unused_fd(out_fence_fd); 1499 if (sync_file) 1500 fput(sync_file->file); 1501 } 1502 1503 if (!IS_ERR_OR_NULL(job)) { 1504 if (ret) 1505 msm_vma_job_free(&job->base); 1506 } else { 1507 /* 1508 * If the submit hasn't yet taken ownership of the queue 1509 * then we need to drop the reference ourself: 1510 */ 1511 msm_submitqueue_put(queue); 1512 } 1513 1514 if (!IS_ERR_OR_NULL(post_deps)) { 1515 for (i = 0; i < args->nr_out_syncobjs; ++i) { 1516 kfree(post_deps[i].chain); 1517 drm_syncobj_put(post_deps[i].syncobj); 1518 } 1519 kfree(post_deps); 1520 } 1521 1522 if (!IS_ERR_OR_NULL(syncobjs_to_reset)) { 1523 for (i = 0; i < args->nr_in_syncobjs; ++i) { 1524 if (syncobjs_to_reset[i]) 1525 drm_syncobj_put(syncobjs_to_reset[i]); 1526 } 1527 kfree(syncobjs_to_reset); 1528 } 1529 1530 return ret; 1531 } 1532