Loading...
1// SPDX-License-Identifier: GPL-2.0-only
2/*
3 * Copyright (C) 2013 Red Hat
4 * Author: Rob Clark <robdclark@gmail.com>
5 */
6
7#include <linux/spinlock.h>
8#include <linux/shmem_fs.h>
9#include <linux/dma-buf.h>
10#include <linux/pfn_t.h>
11
12#include <drm/drm_prime.h>
13
14#include "msm_drv.h"
15#include "msm_fence.h"
16#include "msm_gem.h"
17#include "msm_gpu.h"
18#include "msm_mmu.h"
19
20static void msm_gem_vunmap_locked(struct drm_gem_object *obj);
21
22
23static dma_addr_t physaddr(struct drm_gem_object *obj)
24{
25 struct msm_gem_object *msm_obj = to_msm_bo(obj);
26 struct msm_drm_private *priv = obj->dev->dev_private;
27 return (((dma_addr_t)msm_obj->vram_node->start) << PAGE_SHIFT) +
28 priv->vram.paddr;
29}
30
31static bool use_pages(struct drm_gem_object *obj)
32{
33 struct msm_gem_object *msm_obj = to_msm_bo(obj);
34 return !msm_obj->vram_node;
35}
36
37/*
38 * Cache sync.. this is a bit over-complicated, to fit dma-mapping
39 * API. Really GPU cache is out of scope here (handled on cmdstream)
40 * and all we need to do is invalidate newly allocated pages before
41 * mapping to CPU as uncached/writecombine.
42 *
43 * On top of this, we have the added headache, that depending on
44 * display generation, the display's iommu may be wired up to either
45 * the toplevel drm device (mdss), or to the mdp sub-node, meaning
46 * that here we either have dma-direct or iommu ops.
47 *
48 * Let this be a cautionary tail of abstraction gone wrong.
49 */
50
51static void sync_for_device(struct msm_gem_object *msm_obj)
52{
53 struct device *dev = msm_obj->base.dev->dev;
54
55 if (get_dma_ops(dev) && IS_ENABLED(CONFIG_ARM64)) {
56 dma_sync_sg_for_device(dev, msm_obj->sgt->sgl,
57 msm_obj->sgt->nents, DMA_BIDIRECTIONAL);
58 } else {
59 dma_map_sg(dev, msm_obj->sgt->sgl,
60 msm_obj->sgt->nents, DMA_BIDIRECTIONAL);
61 }
62}
63
64static void sync_for_cpu(struct msm_gem_object *msm_obj)
65{
66 struct device *dev = msm_obj->base.dev->dev;
67
68 if (get_dma_ops(dev) && IS_ENABLED(CONFIG_ARM64)) {
69 dma_sync_sg_for_cpu(dev, msm_obj->sgt->sgl,
70 msm_obj->sgt->nents, DMA_BIDIRECTIONAL);
71 } else {
72 dma_unmap_sg(dev, msm_obj->sgt->sgl,
73 msm_obj->sgt->nents, DMA_BIDIRECTIONAL);
74 }
75}
76
77/* allocate pages from VRAM carveout, used when no IOMMU: */
78static struct page **get_pages_vram(struct drm_gem_object *obj, int npages)
79{
80 struct msm_gem_object *msm_obj = to_msm_bo(obj);
81 struct msm_drm_private *priv = obj->dev->dev_private;
82 dma_addr_t paddr;
83 struct page **p;
84 int ret, i;
85
86 p = kvmalloc_array(npages, sizeof(struct page *), GFP_KERNEL);
87 if (!p)
88 return ERR_PTR(-ENOMEM);
89
90 spin_lock(&priv->vram.lock);
91 ret = drm_mm_insert_node(&priv->vram.mm, msm_obj->vram_node, npages);
92 spin_unlock(&priv->vram.lock);
93 if (ret) {
94 kvfree(p);
95 return ERR_PTR(ret);
96 }
97
98 paddr = physaddr(obj);
99 for (i = 0; i < npages; i++) {
100 p[i] = phys_to_page(paddr);
101 paddr += PAGE_SIZE;
102 }
103
104 return p;
105}
106
107static struct page **get_pages(struct drm_gem_object *obj)
108{
109 struct msm_gem_object *msm_obj = to_msm_bo(obj);
110
111 if (!msm_obj->pages) {
112 struct drm_device *dev = obj->dev;
113 struct page **p;
114 int npages = obj->size >> PAGE_SHIFT;
115
116 if (use_pages(obj))
117 p = drm_gem_get_pages(obj);
118 else
119 p = get_pages_vram(obj, npages);
120
121 if (IS_ERR(p)) {
122 DRM_DEV_ERROR(dev->dev, "could not get pages: %ld\n",
123 PTR_ERR(p));
124 return p;
125 }
126
127 msm_obj->pages = p;
128
129 msm_obj->sgt = drm_prime_pages_to_sg(p, npages);
130 if (IS_ERR(msm_obj->sgt)) {
131 void *ptr = ERR_CAST(msm_obj->sgt);
132
133 DRM_DEV_ERROR(dev->dev, "failed to allocate sgt\n");
134 msm_obj->sgt = NULL;
135 return ptr;
136 }
137
138 /* For non-cached buffers, ensure the new pages are clean
139 * because display controller, GPU, etc. are not coherent:
140 */
141 if (msm_obj->flags & (MSM_BO_WC|MSM_BO_UNCACHED))
142 sync_for_device(msm_obj);
143 }
144
145 return msm_obj->pages;
146}
147
148static void put_pages_vram(struct drm_gem_object *obj)
149{
150 struct msm_gem_object *msm_obj = to_msm_bo(obj);
151 struct msm_drm_private *priv = obj->dev->dev_private;
152
153 spin_lock(&priv->vram.lock);
154 drm_mm_remove_node(msm_obj->vram_node);
155 spin_unlock(&priv->vram.lock);
156
157 kvfree(msm_obj->pages);
158}
159
160static void put_pages(struct drm_gem_object *obj)
161{
162 struct msm_gem_object *msm_obj = to_msm_bo(obj);
163
164 if (msm_obj->pages) {
165 if (msm_obj->sgt) {
166 /* For non-cached buffers, ensure the new
167 * pages are clean because display controller,
168 * GPU, etc. are not coherent:
169 */
170 if (msm_obj->flags & (MSM_BO_WC|MSM_BO_UNCACHED))
171 sync_for_cpu(msm_obj);
172
173 sg_free_table(msm_obj->sgt);
174 kfree(msm_obj->sgt);
175 }
176
177 if (use_pages(obj))
178 drm_gem_put_pages(obj, msm_obj->pages, true, false);
179 else
180 put_pages_vram(obj);
181
182 msm_obj->pages = NULL;
183 }
184}
185
186struct page **msm_gem_get_pages(struct drm_gem_object *obj)
187{
188 struct msm_gem_object *msm_obj = to_msm_bo(obj);
189 struct page **p;
190
191 mutex_lock(&msm_obj->lock);
192
193 if (WARN_ON(msm_obj->madv != MSM_MADV_WILLNEED)) {
194 mutex_unlock(&msm_obj->lock);
195 return ERR_PTR(-EBUSY);
196 }
197
198 p = get_pages(obj);
199 mutex_unlock(&msm_obj->lock);
200 return p;
201}
202
203void msm_gem_put_pages(struct drm_gem_object *obj)
204{
205 /* when we start tracking the pin count, then do something here */
206}
207
208int msm_gem_mmap_obj(struct drm_gem_object *obj,
209 struct vm_area_struct *vma)
210{
211 struct msm_gem_object *msm_obj = to_msm_bo(obj);
212
213 vma->vm_flags &= ~VM_PFNMAP;
214 vma->vm_flags |= VM_MIXEDMAP;
215
216 if (msm_obj->flags & MSM_BO_WC) {
217 vma->vm_page_prot = pgprot_writecombine(vm_get_page_prot(vma->vm_flags));
218 } else if (msm_obj->flags & MSM_BO_UNCACHED) {
219 vma->vm_page_prot = pgprot_noncached(vm_get_page_prot(vma->vm_flags));
220 } else {
221 /*
222 * Shunt off cached objs to shmem file so they have their own
223 * address_space (so unmap_mapping_range does what we want,
224 * in particular in the case of mmap'd dmabufs)
225 */
226 fput(vma->vm_file);
227 get_file(obj->filp);
228 vma->vm_pgoff = 0;
229 vma->vm_file = obj->filp;
230
231 vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
232 }
233
234 return 0;
235}
236
237int msm_gem_mmap(struct file *filp, struct vm_area_struct *vma)
238{
239 int ret;
240
241 ret = drm_gem_mmap(filp, vma);
242 if (ret) {
243 DBG("mmap failed: %d", ret);
244 return ret;
245 }
246
247 return msm_gem_mmap_obj(vma->vm_private_data, vma);
248}
249
250vm_fault_t msm_gem_fault(struct vm_fault *vmf)
251{
252 struct vm_area_struct *vma = vmf->vma;
253 struct drm_gem_object *obj = vma->vm_private_data;
254 struct msm_gem_object *msm_obj = to_msm_bo(obj);
255 struct page **pages;
256 unsigned long pfn;
257 pgoff_t pgoff;
258 int err;
259 vm_fault_t ret;
260
261 /*
262 * vm_ops.open/drm_gem_mmap_obj and close get and put
263 * a reference on obj. So, we dont need to hold one here.
264 */
265 err = mutex_lock_interruptible(&msm_obj->lock);
266 if (err) {
267 ret = VM_FAULT_NOPAGE;
268 goto out;
269 }
270
271 if (WARN_ON(msm_obj->madv != MSM_MADV_WILLNEED)) {
272 mutex_unlock(&msm_obj->lock);
273 return VM_FAULT_SIGBUS;
274 }
275
276 /* make sure we have pages attached now */
277 pages = get_pages(obj);
278 if (IS_ERR(pages)) {
279 ret = vmf_error(PTR_ERR(pages));
280 goto out_unlock;
281 }
282
283 /* We don't use vmf->pgoff since that has the fake offset: */
284 pgoff = (vmf->address - vma->vm_start) >> PAGE_SHIFT;
285
286 pfn = page_to_pfn(pages[pgoff]);
287
288 VERB("Inserting %p pfn %lx, pa %lx", (void *)vmf->address,
289 pfn, pfn << PAGE_SHIFT);
290
291 ret = vmf_insert_mixed(vma, vmf->address, __pfn_to_pfn_t(pfn, PFN_DEV));
292out_unlock:
293 mutex_unlock(&msm_obj->lock);
294out:
295 return ret;
296}
297
298/** get mmap offset */
299static uint64_t mmap_offset(struct drm_gem_object *obj)
300{
301 struct drm_device *dev = obj->dev;
302 struct msm_gem_object *msm_obj = to_msm_bo(obj);
303 int ret;
304
305 WARN_ON(!mutex_is_locked(&msm_obj->lock));
306
307 /* Make it mmapable */
308 ret = drm_gem_create_mmap_offset(obj);
309
310 if (ret) {
311 DRM_DEV_ERROR(dev->dev, "could not allocate mmap offset\n");
312 return 0;
313 }
314
315 return drm_vma_node_offset_addr(&obj->vma_node);
316}
317
318uint64_t msm_gem_mmap_offset(struct drm_gem_object *obj)
319{
320 uint64_t offset;
321 struct msm_gem_object *msm_obj = to_msm_bo(obj);
322
323 mutex_lock(&msm_obj->lock);
324 offset = mmap_offset(obj);
325 mutex_unlock(&msm_obj->lock);
326 return offset;
327}
328
329static struct msm_gem_vma *add_vma(struct drm_gem_object *obj,
330 struct msm_gem_address_space *aspace)
331{
332 struct msm_gem_object *msm_obj = to_msm_bo(obj);
333 struct msm_gem_vma *vma;
334
335 WARN_ON(!mutex_is_locked(&msm_obj->lock));
336
337 vma = kzalloc(sizeof(*vma), GFP_KERNEL);
338 if (!vma)
339 return ERR_PTR(-ENOMEM);
340
341 vma->aspace = aspace;
342
343 list_add_tail(&vma->list, &msm_obj->vmas);
344
345 return vma;
346}
347
348static struct msm_gem_vma *lookup_vma(struct drm_gem_object *obj,
349 struct msm_gem_address_space *aspace)
350{
351 struct msm_gem_object *msm_obj = to_msm_bo(obj);
352 struct msm_gem_vma *vma;
353
354 WARN_ON(!mutex_is_locked(&msm_obj->lock));
355
356 list_for_each_entry(vma, &msm_obj->vmas, list) {
357 if (vma->aspace == aspace)
358 return vma;
359 }
360
361 return NULL;
362}
363
364static void del_vma(struct msm_gem_vma *vma)
365{
366 if (!vma)
367 return;
368
369 list_del(&vma->list);
370 kfree(vma);
371}
372
373/* Called with msm_obj->lock locked */
374static void
375put_iova(struct drm_gem_object *obj)
376{
377 struct msm_gem_object *msm_obj = to_msm_bo(obj);
378 struct msm_gem_vma *vma, *tmp;
379
380 WARN_ON(!mutex_is_locked(&msm_obj->lock));
381
382 list_for_each_entry_safe(vma, tmp, &msm_obj->vmas, list) {
383 if (vma->aspace) {
384 msm_gem_purge_vma(vma->aspace, vma);
385 msm_gem_close_vma(vma->aspace, vma);
386 }
387 del_vma(vma);
388 }
389}
390
391static int msm_gem_get_iova_locked(struct drm_gem_object *obj,
392 struct msm_gem_address_space *aspace, uint64_t *iova)
393{
394 struct msm_gem_object *msm_obj = to_msm_bo(obj);
395 struct msm_gem_vma *vma;
396 int ret = 0;
397
398 WARN_ON(!mutex_is_locked(&msm_obj->lock));
399
400 vma = lookup_vma(obj, aspace);
401
402 if (!vma) {
403 vma = add_vma(obj, aspace);
404 if (IS_ERR(vma))
405 return PTR_ERR(vma);
406
407 ret = msm_gem_init_vma(aspace, vma, obj->size >> PAGE_SHIFT);
408 if (ret) {
409 del_vma(vma);
410 return ret;
411 }
412 }
413
414 *iova = vma->iova;
415 return 0;
416}
417
418static int msm_gem_pin_iova(struct drm_gem_object *obj,
419 struct msm_gem_address_space *aspace)
420{
421 struct msm_gem_object *msm_obj = to_msm_bo(obj);
422 struct msm_gem_vma *vma;
423 struct page **pages;
424 int prot = IOMMU_READ;
425
426 if (!(msm_obj->flags & MSM_BO_GPU_READONLY))
427 prot |= IOMMU_WRITE;
428
429 WARN_ON(!mutex_is_locked(&msm_obj->lock));
430
431 if (WARN_ON(msm_obj->madv != MSM_MADV_WILLNEED))
432 return -EBUSY;
433
434 vma = lookup_vma(obj, aspace);
435 if (WARN_ON(!vma))
436 return -EINVAL;
437
438 pages = get_pages(obj);
439 if (IS_ERR(pages))
440 return PTR_ERR(pages);
441
442 return msm_gem_map_vma(aspace, vma, prot,
443 msm_obj->sgt, obj->size >> PAGE_SHIFT);
444}
445
446/* get iova and pin it. Should have a matching put */
447int msm_gem_get_and_pin_iova(struct drm_gem_object *obj,
448 struct msm_gem_address_space *aspace, uint64_t *iova)
449{
450 struct msm_gem_object *msm_obj = to_msm_bo(obj);
451 u64 local;
452 int ret;
453
454 mutex_lock(&msm_obj->lock);
455
456 ret = msm_gem_get_iova_locked(obj, aspace, &local);
457
458 if (!ret)
459 ret = msm_gem_pin_iova(obj, aspace);
460
461 if (!ret)
462 *iova = local;
463
464 mutex_unlock(&msm_obj->lock);
465 return ret;
466}
467
468/*
469 * Get an iova but don't pin it. Doesn't need a put because iovas are currently
470 * valid for the life of the object
471 */
472int msm_gem_get_iova(struct drm_gem_object *obj,
473 struct msm_gem_address_space *aspace, uint64_t *iova)
474{
475 struct msm_gem_object *msm_obj = to_msm_bo(obj);
476 int ret;
477
478 mutex_lock(&msm_obj->lock);
479 ret = msm_gem_get_iova_locked(obj, aspace, iova);
480 mutex_unlock(&msm_obj->lock);
481
482 return ret;
483}
484
485/* get iova without taking a reference, used in places where you have
486 * already done a 'msm_gem_get_and_pin_iova' or 'msm_gem_get_iova'
487 */
488uint64_t msm_gem_iova(struct drm_gem_object *obj,
489 struct msm_gem_address_space *aspace)
490{
491 struct msm_gem_object *msm_obj = to_msm_bo(obj);
492 struct msm_gem_vma *vma;
493
494 mutex_lock(&msm_obj->lock);
495 vma = lookup_vma(obj, aspace);
496 mutex_unlock(&msm_obj->lock);
497 WARN_ON(!vma);
498
499 return vma ? vma->iova : 0;
500}
501
502/*
503 * Unpin a iova by updating the reference counts. The memory isn't actually
504 * purged until something else (shrinker, mm_notifier, destroy, etc) decides
505 * to get rid of it
506 */
507void msm_gem_unpin_iova(struct drm_gem_object *obj,
508 struct msm_gem_address_space *aspace)
509{
510 struct msm_gem_object *msm_obj = to_msm_bo(obj);
511 struct msm_gem_vma *vma;
512
513 mutex_lock(&msm_obj->lock);
514 vma = lookup_vma(obj, aspace);
515
516 if (!WARN_ON(!vma))
517 msm_gem_unmap_vma(aspace, vma);
518
519 mutex_unlock(&msm_obj->lock);
520}
521
522int msm_gem_dumb_create(struct drm_file *file, struct drm_device *dev,
523 struct drm_mode_create_dumb *args)
524{
525 args->pitch = align_pitch(args->width, args->bpp);
526 args->size = PAGE_ALIGN(args->pitch * args->height);
527 return msm_gem_new_handle(dev, file, args->size,
528 MSM_BO_SCANOUT | MSM_BO_WC, &args->handle, "dumb");
529}
530
531int msm_gem_dumb_map_offset(struct drm_file *file, struct drm_device *dev,
532 uint32_t handle, uint64_t *offset)
533{
534 struct drm_gem_object *obj;
535 int ret = 0;
536
537 /* GEM does all our handle to object mapping */
538 obj = drm_gem_object_lookup(file, handle);
539 if (obj == NULL) {
540 ret = -ENOENT;
541 goto fail;
542 }
543
544 *offset = msm_gem_mmap_offset(obj);
545
546 drm_gem_object_put_unlocked(obj);
547
548fail:
549 return ret;
550}
551
552static void *get_vaddr(struct drm_gem_object *obj, unsigned madv)
553{
554 struct msm_gem_object *msm_obj = to_msm_bo(obj);
555 int ret = 0;
556
557 mutex_lock(&msm_obj->lock);
558
559 if (WARN_ON(msm_obj->madv > madv)) {
560 DRM_DEV_ERROR(obj->dev->dev, "Invalid madv state: %u vs %u\n",
561 msm_obj->madv, madv);
562 mutex_unlock(&msm_obj->lock);
563 return ERR_PTR(-EBUSY);
564 }
565
566 /* increment vmap_count *before* vmap() call, so shrinker can
567 * check vmap_count (is_vunmapable()) outside of msm_obj->lock.
568 * This guarantees that we won't try to msm_gem_vunmap() this
569 * same object from within the vmap() call (while we already
570 * hold msm_obj->lock)
571 */
572 msm_obj->vmap_count++;
573
574 if (!msm_obj->vaddr) {
575 struct page **pages = get_pages(obj);
576 if (IS_ERR(pages)) {
577 ret = PTR_ERR(pages);
578 goto fail;
579 }
580 msm_obj->vaddr = vmap(pages, obj->size >> PAGE_SHIFT,
581 VM_MAP, pgprot_writecombine(PAGE_KERNEL));
582 if (msm_obj->vaddr == NULL) {
583 ret = -ENOMEM;
584 goto fail;
585 }
586 }
587
588 mutex_unlock(&msm_obj->lock);
589 return msm_obj->vaddr;
590
591fail:
592 msm_obj->vmap_count--;
593 mutex_unlock(&msm_obj->lock);
594 return ERR_PTR(ret);
595}
596
597void *msm_gem_get_vaddr(struct drm_gem_object *obj)
598{
599 return get_vaddr(obj, MSM_MADV_WILLNEED);
600}
601
602/*
603 * Don't use this! It is for the very special case of dumping
604 * submits from GPU hangs or faults, were the bo may already
605 * be MSM_MADV_DONTNEED, but we know the buffer is still on the
606 * active list.
607 */
608void *msm_gem_get_vaddr_active(struct drm_gem_object *obj)
609{
610 return get_vaddr(obj, __MSM_MADV_PURGED);
611}
612
613void msm_gem_put_vaddr(struct drm_gem_object *obj)
614{
615 struct msm_gem_object *msm_obj = to_msm_bo(obj);
616
617 mutex_lock(&msm_obj->lock);
618 WARN_ON(msm_obj->vmap_count < 1);
619 msm_obj->vmap_count--;
620 mutex_unlock(&msm_obj->lock);
621}
622
623/* Update madvise status, returns true if not purged, else
624 * false or -errno.
625 */
626int msm_gem_madvise(struct drm_gem_object *obj, unsigned madv)
627{
628 struct msm_gem_object *msm_obj = to_msm_bo(obj);
629
630 mutex_lock(&msm_obj->lock);
631
632 WARN_ON(!mutex_is_locked(&obj->dev->struct_mutex));
633
634 if (msm_obj->madv != __MSM_MADV_PURGED)
635 msm_obj->madv = madv;
636
637 madv = msm_obj->madv;
638
639 mutex_unlock(&msm_obj->lock);
640
641 return (madv != __MSM_MADV_PURGED);
642}
643
644void msm_gem_purge(struct drm_gem_object *obj, enum msm_gem_lock subclass)
645{
646 struct drm_device *dev = obj->dev;
647 struct msm_gem_object *msm_obj = to_msm_bo(obj);
648
649 WARN_ON(!mutex_is_locked(&dev->struct_mutex));
650 WARN_ON(!is_purgeable(msm_obj));
651 WARN_ON(obj->import_attach);
652
653 mutex_lock_nested(&msm_obj->lock, subclass);
654
655 put_iova(obj);
656
657 msm_gem_vunmap_locked(obj);
658
659 put_pages(obj);
660
661 msm_obj->madv = __MSM_MADV_PURGED;
662
663 drm_vma_node_unmap(&obj->vma_node, dev->anon_inode->i_mapping);
664 drm_gem_free_mmap_offset(obj);
665
666 /* Our goal here is to return as much of the memory as
667 * is possible back to the system as we are called from OOM.
668 * To do this we must instruct the shmfs to drop all of its
669 * backing pages, *now*.
670 */
671 shmem_truncate_range(file_inode(obj->filp), 0, (loff_t)-1);
672
673 invalidate_mapping_pages(file_inode(obj->filp)->i_mapping,
674 0, (loff_t)-1);
675
676 mutex_unlock(&msm_obj->lock);
677}
678
679static void msm_gem_vunmap_locked(struct drm_gem_object *obj)
680{
681 struct msm_gem_object *msm_obj = to_msm_bo(obj);
682
683 WARN_ON(!mutex_is_locked(&msm_obj->lock));
684
685 if (!msm_obj->vaddr || WARN_ON(!is_vunmapable(msm_obj)))
686 return;
687
688 vunmap(msm_obj->vaddr);
689 msm_obj->vaddr = NULL;
690}
691
692void msm_gem_vunmap(struct drm_gem_object *obj, enum msm_gem_lock subclass)
693{
694 struct msm_gem_object *msm_obj = to_msm_bo(obj);
695
696 mutex_lock_nested(&msm_obj->lock, subclass);
697 msm_gem_vunmap_locked(obj);
698 mutex_unlock(&msm_obj->lock);
699}
700
701/* must be called before _move_to_active().. */
702int msm_gem_sync_object(struct drm_gem_object *obj,
703 struct msm_fence_context *fctx, bool exclusive)
704{
705 struct dma_resv_list *fobj;
706 struct dma_fence *fence;
707 int i, ret;
708
709 fobj = dma_resv_get_list(obj->resv);
710 if (!fobj || (fobj->shared_count == 0)) {
711 fence = dma_resv_get_excl(obj->resv);
712 /* don't need to wait on our own fences, since ring is fifo */
713 if (fence && (fence->context != fctx->context)) {
714 ret = dma_fence_wait(fence, true);
715 if (ret)
716 return ret;
717 }
718 }
719
720 if (!exclusive || !fobj)
721 return 0;
722
723 for (i = 0; i < fobj->shared_count; i++) {
724 fence = rcu_dereference_protected(fobj->shared[i],
725 dma_resv_held(obj->resv));
726 if (fence->context != fctx->context) {
727 ret = dma_fence_wait(fence, true);
728 if (ret)
729 return ret;
730 }
731 }
732
733 return 0;
734}
735
736void msm_gem_move_to_active(struct drm_gem_object *obj,
737 struct msm_gpu *gpu, bool exclusive, struct dma_fence *fence)
738{
739 struct msm_gem_object *msm_obj = to_msm_bo(obj);
740 WARN_ON(msm_obj->madv != MSM_MADV_WILLNEED);
741 msm_obj->gpu = gpu;
742 if (exclusive)
743 dma_resv_add_excl_fence(obj->resv, fence);
744 else
745 dma_resv_add_shared_fence(obj->resv, fence);
746 list_del_init(&msm_obj->mm_list);
747 list_add_tail(&msm_obj->mm_list, &gpu->active_list);
748}
749
750void msm_gem_move_to_inactive(struct drm_gem_object *obj)
751{
752 struct drm_device *dev = obj->dev;
753 struct msm_drm_private *priv = dev->dev_private;
754 struct msm_gem_object *msm_obj = to_msm_bo(obj);
755
756 WARN_ON(!mutex_is_locked(&dev->struct_mutex));
757
758 msm_obj->gpu = NULL;
759 list_del_init(&msm_obj->mm_list);
760 list_add_tail(&msm_obj->mm_list, &priv->inactive_list);
761}
762
763int msm_gem_cpu_prep(struct drm_gem_object *obj, uint32_t op, ktime_t *timeout)
764{
765 bool write = !!(op & MSM_PREP_WRITE);
766 unsigned long remain =
767 op & MSM_PREP_NOSYNC ? 0 : timeout_to_jiffies(timeout);
768 long ret;
769
770 ret = dma_resv_wait_timeout_rcu(obj->resv, write,
771 true, remain);
772 if (ret == 0)
773 return remain == 0 ? -EBUSY : -ETIMEDOUT;
774 else if (ret < 0)
775 return ret;
776
777 /* TODO cache maintenance */
778
779 return 0;
780}
781
782int msm_gem_cpu_fini(struct drm_gem_object *obj)
783{
784 /* TODO cache maintenance */
785 return 0;
786}
787
788#ifdef CONFIG_DEBUG_FS
789static void describe_fence(struct dma_fence *fence, const char *type,
790 struct seq_file *m)
791{
792 if (!dma_fence_is_signaled(fence))
793 seq_printf(m, "\t%9s: %s %s seq %llu\n", type,
794 fence->ops->get_driver_name(fence),
795 fence->ops->get_timeline_name(fence),
796 fence->seqno);
797}
798
799void msm_gem_describe(struct drm_gem_object *obj, struct seq_file *m)
800{
801 struct msm_gem_object *msm_obj = to_msm_bo(obj);
802 struct dma_resv *robj = obj->resv;
803 struct dma_resv_list *fobj;
804 struct dma_fence *fence;
805 struct msm_gem_vma *vma;
806 uint64_t off = drm_vma_node_start(&obj->vma_node);
807 const char *madv;
808
809 mutex_lock(&msm_obj->lock);
810
811 switch (msm_obj->madv) {
812 case __MSM_MADV_PURGED:
813 madv = " purged";
814 break;
815 case MSM_MADV_DONTNEED:
816 madv = " purgeable";
817 break;
818 case MSM_MADV_WILLNEED:
819 default:
820 madv = "";
821 break;
822 }
823
824 seq_printf(m, "%08x: %c %2d (%2d) %08llx %p",
825 msm_obj->flags, is_active(msm_obj) ? 'A' : 'I',
826 obj->name, kref_read(&obj->refcount),
827 off, msm_obj->vaddr);
828
829 seq_printf(m, " %08zu %9s %-32s\n", obj->size, madv, msm_obj->name);
830
831 if (!list_empty(&msm_obj->vmas)) {
832
833 seq_puts(m, " vmas:");
834
835 list_for_each_entry(vma, &msm_obj->vmas, list)
836 seq_printf(m, " [%s: %08llx,%s,inuse=%d]",
837 vma->aspace != NULL ? vma->aspace->name : NULL,
838 vma->iova, vma->mapped ? "mapped" : "unmapped",
839 vma->inuse);
840
841 seq_puts(m, "\n");
842 }
843
844 rcu_read_lock();
845 fobj = rcu_dereference(robj->fence);
846 if (fobj) {
847 unsigned int i, shared_count = fobj->shared_count;
848
849 for (i = 0; i < shared_count; i++) {
850 fence = rcu_dereference(fobj->shared[i]);
851 describe_fence(fence, "Shared", m);
852 }
853 }
854
855 fence = rcu_dereference(robj->fence_excl);
856 if (fence)
857 describe_fence(fence, "Exclusive", m);
858 rcu_read_unlock();
859
860 mutex_unlock(&msm_obj->lock);
861}
862
863void msm_gem_describe_objects(struct list_head *list, struct seq_file *m)
864{
865 struct msm_gem_object *msm_obj;
866 int count = 0;
867 size_t size = 0;
868
869 seq_puts(m, " flags id ref offset kaddr size madv name\n");
870 list_for_each_entry(msm_obj, list, mm_list) {
871 struct drm_gem_object *obj = &msm_obj->base;
872 seq_puts(m, " ");
873 msm_gem_describe(obj, m);
874 count++;
875 size += obj->size;
876 }
877
878 seq_printf(m, "Total %d objects, %zu bytes\n", count, size);
879}
880#endif
881
882/* don't call directly! Use drm_gem_object_put() and friends */
883void msm_gem_free_object(struct drm_gem_object *obj)
884{
885 struct msm_gem_object *msm_obj = to_msm_bo(obj);
886 struct drm_device *dev = obj->dev;
887 struct msm_drm_private *priv = dev->dev_private;
888
889 if (llist_add(&msm_obj->freed, &priv->free_list))
890 queue_work(priv->wq, &priv->free_work);
891}
892
893static void free_object(struct msm_gem_object *msm_obj)
894{
895 struct drm_gem_object *obj = &msm_obj->base;
896 struct drm_device *dev = obj->dev;
897
898 WARN_ON(!mutex_is_locked(&dev->struct_mutex));
899
900 /* object should not be on active list: */
901 WARN_ON(is_active(msm_obj));
902
903 list_del(&msm_obj->mm_list);
904
905 mutex_lock(&msm_obj->lock);
906
907 put_iova(obj);
908
909 if (obj->import_attach) {
910 if (msm_obj->vaddr)
911 dma_buf_vunmap(obj->import_attach->dmabuf, msm_obj->vaddr);
912
913 /* Don't drop the pages for imported dmabuf, as they are not
914 * ours, just free the array we allocated:
915 */
916 if (msm_obj->pages)
917 kvfree(msm_obj->pages);
918
919 drm_prime_gem_destroy(obj, msm_obj->sgt);
920 } else {
921 msm_gem_vunmap_locked(obj);
922 put_pages(obj);
923 }
924
925 drm_gem_object_release(obj);
926
927 mutex_unlock(&msm_obj->lock);
928 kfree(msm_obj);
929}
930
931void msm_gem_free_work(struct work_struct *work)
932{
933 struct msm_drm_private *priv =
934 container_of(work, struct msm_drm_private, free_work);
935 struct drm_device *dev = priv->dev;
936 struct llist_node *freed;
937 struct msm_gem_object *msm_obj, *next;
938
939 while ((freed = llist_del_all(&priv->free_list))) {
940
941 mutex_lock(&dev->struct_mutex);
942
943 llist_for_each_entry_safe(msm_obj, next,
944 freed, freed)
945 free_object(msm_obj);
946
947 mutex_unlock(&dev->struct_mutex);
948
949 if (need_resched())
950 break;
951 }
952}
953
954/* convenience method to construct a GEM buffer object, and userspace handle */
955int msm_gem_new_handle(struct drm_device *dev, struct drm_file *file,
956 uint32_t size, uint32_t flags, uint32_t *handle,
957 char *name)
958{
959 struct drm_gem_object *obj;
960 int ret;
961
962 obj = msm_gem_new(dev, size, flags);
963
964 if (IS_ERR(obj))
965 return PTR_ERR(obj);
966
967 if (name)
968 msm_gem_object_set_name(obj, "%s", name);
969
970 ret = drm_gem_handle_create(file, obj, handle);
971
972 /* drop reference from allocate - handle holds it now */
973 drm_gem_object_put_unlocked(obj);
974
975 return ret;
976}
977
978static int msm_gem_new_impl(struct drm_device *dev,
979 uint32_t size, uint32_t flags,
980 struct drm_gem_object **obj,
981 bool struct_mutex_locked)
982{
983 struct msm_drm_private *priv = dev->dev_private;
984 struct msm_gem_object *msm_obj;
985
986 switch (flags & MSM_BO_CACHE_MASK) {
987 case MSM_BO_UNCACHED:
988 case MSM_BO_CACHED:
989 case MSM_BO_WC:
990 break;
991 default:
992 DRM_DEV_ERROR(dev->dev, "invalid cache flag: %x\n",
993 (flags & MSM_BO_CACHE_MASK));
994 return -EINVAL;
995 }
996
997 msm_obj = kzalloc(sizeof(*msm_obj), GFP_KERNEL);
998 if (!msm_obj)
999 return -ENOMEM;
1000
1001 mutex_init(&msm_obj->lock);
1002
1003 msm_obj->flags = flags;
1004 msm_obj->madv = MSM_MADV_WILLNEED;
1005
1006 INIT_LIST_HEAD(&msm_obj->submit_entry);
1007 INIT_LIST_HEAD(&msm_obj->vmas);
1008
1009 if (struct_mutex_locked) {
1010 WARN_ON(!mutex_is_locked(&dev->struct_mutex));
1011 list_add_tail(&msm_obj->mm_list, &priv->inactive_list);
1012 } else {
1013 mutex_lock(&dev->struct_mutex);
1014 list_add_tail(&msm_obj->mm_list, &priv->inactive_list);
1015 mutex_unlock(&dev->struct_mutex);
1016 }
1017
1018 *obj = &msm_obj->base;
1019
1020 return 0;
1021}
1022
1023static struct drm_gem_object *_msm_gem_new(struct drm_device *dev,
1024 uint32_t size, uint32_t flags, bool struct_mutex_locked)
1025{
1026 struct msm_drm_private *priv = dev->dev_private;
1027 struct drm_gem_object *obj = NULL;
1028 bool use_vram = false;
1029 int ret;
1030
1031 size = PAGE_ALIGN(size);
1032
1033 if (!msm_use_mmu(dev))
1034 use_vram = true;
1035 else if ((flags & (MSM_BO_STOLEN | MSM_BO_SCANOUT)) && priv->vram.size)
1036 use_vram = true;
1037
1038 if (WARN_ON(use_vram && !priv->vram.size))
1039 return ERR_PTR(-EINVAL);
1040
1041 /* Disallow zero sized objects as they make the underlying
1042 * infrastructure grumpy
1043 */
1044 if (size == 0)
1045 return ERR_PTR(-EINVAL);
1046
1047 ret = msm_gem_new_impl(dev, size, flags, &obj, struct_mutex_locked);
1048 if (ret)
1049 goto fail;
1050
1051 if (use_vram) {
1052 struct msm_gem_vma *vma;
1053 struct page **pages;
1054 struct msm_gem_object *msm_obj = to_msm_bo(obj);
1055
1056 mutex_lock(&msm_obj->lock);
1057
1058 vma = add_vma(obj, NULL);
1059 mutex_unlock(&msm_obj->lock);
1060 if (IS_ERR(vma)) {
1061 ret = PTR_ERR(vma);
1062 goto fail;
1063 }
1064
1065 to_msm_bo(obj)->vram_node = &vma->node;
1066
1067 drm_gem_private_object_init(dev, obj, size);
1068
1069 pages = get_pages(obj);
1070 if (IS_ERR(pages)) {
1071 ret = PTR_ERR(pages);
1072 goto fail;
1073 }
1074
1075 vma->iova = physaddr(obj);
1076 } else {
1077 ret = drm_gem_object_init(dev, obj, size);
1078 if (ret)
1079 goto fail;
1080 /*
1081 * Our buffers are kept pinned, so allocating them from the
1082 * MOVABLE zone is a really bad idea, and conflicts with CMA.
1083 * See comments above new_inode() why this is required _and_
1084 * expected if you're going to pin these pages.
1085 */
1086 mapping_set_gfp_mask(obj->filp->f_mapping, GFP_HIGHUSER);
1087 }
1088
1089 return obj;
1090
1091fail:
1092 drm_gem_object_put_unlocked(obj);
1093 return ERR_PTR(ret);
1094}
1095
1096struct drm_gem_object *msm_gem_new_locked(struct drm_device *dev,
1097 uint32_t size, uint32_t flags)
1098{
1099 return _msm_gem_new(dev, size, flags, true);
1100}
1101
1102struct drm_gem_object *msm_gem_new(struct drm_device *dev,
1103 uint32_t size, uint32_t flags)
1104{
1105 return _msm_gem_new(dev, size, flags, false);
1106}
1107
1108struct drm_gem_object *msm_gem_import(struct drm_device *dev,
1109 struct dma_buf *dmabuf, struct sg_table *sgt)
1110{
1111 struct msm_gem_object *msm_obj;
1112 struct drm_gem_object *obj;
1113 uint32_t size;
1114 int ret, npages;
1115
1116 /* if we don't have IOMMU, don't bother pretending we can import: */
1117 if (!msm_use_mmu(dev)) {
1118 DRM_DEV_ERROR(dev->dev, "cannot import without IOMMU\n");
1119 return ERR_PTR(-EINVAL);
1120 }
1121
1122 size = PAGE_ALIGN(dmabuf->size);
1123
1124 ret = msm_gem_new_impl(dev, size, MSM_BO_WC, &obj, false);
1125 if (ret)
1126 goto fail;
1127
1128 drm_gem_private_object_init(dev, obj, size);
1129
1130 npages = size / PAGE_SIZE;
1131
1132 msm_obj = to_msm_bo(obj);
1133 mutex_lock(&msm_obj->lock);
1134 msm_obj->sgt = sgt;
1135 msm_obj->pages = kvmalloc_array(npages, sizeof(struct page *), GFP_KERNEL);
1136 if (!msm_obj->pages) {
1137 mutex_unlock(&msm_obj->lock);
1138 ret = -ENOMEM;
1139 goto fail;
1140 }
1141
1142 ret = drm_prime_sg_to_page_addr_arrays(sgt, msm_obj->pages, NULL, npages);
1143 if (ret) {
1144 mutex_unlock(&msm_obj->lock);
1145 goto fail;
1146 }
1147
1148 mutex_unlock(&msm_obj->lock);
1149 return obj;
1150
1151fail:
1152 drm_gem_object_put_unlocked(obj);
1153 return ERR_PTR(ret);
1154}
1155
1156static void *_msm_gem_kernel_new(struct drm_device *dev, uint32_t size,
1157 uint32_t flags, struct msm_gem_address_space *aspace,
1158 struct drm_gem_object **bo, uint64_t *iova, bool locked)
1159{
1160 void *vaddr;
1161 struct drm_gem_object *obj = _msm_gem_new(dev, size, flags, locked);
1162 int ret;
1163
1164 if (IS_ERR(obj))
1165 return ERR_CAST(obj);
1166
1167 if (iova) {
1168 ret = msm_gem_get_and_pin_iova(obj, aspace, iova);
1169 if (ret)
1170 goto err;
1171 }
1172
1173 vaddr = msm_gem_get_vaddr(obj);
1174 if (IS_ERR(vaddr)) {
1175 msm_gem_unpin_iova(obj, aspace);
1176 ret = PTR_ERR(vaddr);
1177 goto err;
1178 }
1179
1180 if (bo)
1181 *bo = obj;
1182
1183 return vaddr;
1184err:
1185 if (locked)
1186 drm_gem_object_put(obj);
1187 else
1188 drm_gem_object_put_unlocked(obj);
1189
1190 return ERR_PTR(ret);
1191
1192}
1193
1194void *msm_gem_kernel_new(struct drm_device *dev, uint32_t size,
1195 uint32_t flags, struct msm_gem_address_space *aspace,
1196 struct drm_gem_object **bo, uint64_t *iova)
1197{
1198 return _msm_gem_kernel_new(dev, size, flags, aspace, bo, iova, false);
1199}
1200
1201void *msm_gem_kernel_new_locked(struct drm_device *dev, uint32_t size,
1202 uint32_t flags, struct msm_gem_address_space *aspace,
1203 struct drm_gem_object **bo, uint64_t *iova)
1204{
1205 return _msm_gem_kernel_new(dev, size, flags, aspace, bo, iova, true);
1206}
1207
1208void msm_gem_kernel_put(struct drm_gem_object *bo,
1209 struct msm_gem_address_space *aspace, bool locked)
1210{
1211 if (IS_ERR_OR_NULL(bo))
1212 return;
1213
1214 msm_gem_put_vaddr(bo);
1215 msm_gem_unpin_iova(bo, aspace);
1216
1217 if (locked)
1218 drm_gem_object_put(bo);
1219 else
1220 drm_gem_object_put_unlocked(bo);
1221}
1222
1223void msm_gem_object_set_name(struct drm_gem_object *bo, const char *fmt, ...)
1224{
1225 struct msm_gem_object *msm_obj = to_msm_bo(bo);
1226 va_list ap;
1227
1228 if (!fmt)
1229 return;
1230
1231 va_start(ap, fmt);
1232 vsnprintf(msm_obj->name, sizeof(msm_obj->name), fmt, ap);
1233 va_end(ap);
1234}
1// SPDX-License-Identifier: GPL-2.0-only
2/*
3 * Copyright (C) 2013 Red Hat
4 * Author: Rob Clark <robdclark@gmail.com>
5 */
6
7#include <linux/dma-map-ops.h>
8#include <linux/vmalloc.h>
9#include <linux/spinlock.h>
10#include <linux/shmem_fs.h>
11#include <linux/dma-buf.h>
12#include <linux/pfn_t.h>
13
14#include <drm/drm_prime.h>
15
16#include "msm_drv.h"
17#include "msm_fence.h"
18#include "msm_gem.h"
19#include "msm_gpu.h"
20#include "msm_mmu.h"
21
22static void update_lru(struct drm_gem_object *obj);
23
24static dma_addr_t physaddr(struct drm_gem_object *obj)
25{
26 struct msm_gem_object *msm_obj = to_msm_bo(obj);
27 struct msm_drm_private *priv = obj->dev->dev_private;
28 return (((dma_addr_t)msm_obj->vram_node->start) << PAGE_SHIFT) +
29 priv->vram.paddr;
30}
31
32static bool use_pages(struct drm_gem_object *obj)
33{
34 struct msm_gem_object *msm_obj = to_msm_bo(obj);
35 return !msm_obj->vram_node;
36}
37
38/*
39 * Cache sync.. this is a bit over-complicated, to fit dma-mapping
40 * API. Really GPU cache is out of scope here (handled on cmdstream)
41 * and all we need to do is invalidate newly allocated pages before
42 * mapping to CPU as uncached/writecombine.
43 *
44 * On top of this, we have the added headache, that depending on
45 * display generation, the display's iommu may be wired up to either
46 * the toplevel drm device (mdss), or to the mdp sub-node, meaning
47 * that here we either have dma-direct or iommu ops.
48 *
49 * Let this be a cautionary tail of abstraction gone wrong.
50 */
51
52static void sync_for_device(struct msm_gem_object *msm_obj)
53{
54 struct device *dev = msm_obj->base.dev->dev;
55
56 dma_map_sgtable(dev, msm_obj->sgt, DMA_BIDIRECTIONAL, 0);
57}
58
59static void sync_for_cpu(struct msm_gem_object *msm_obj)
60{
61 struct device *dev = msm_obj->base.dev->dev;
62
63 dma_unmap_sgtable(dev, msm_obj->sgt, DMA_BIDIRECTIONAL, 0);
64}
65
66/* allocate pages from VRAM carveout, used when no IOMMU: */
67static struct page **get_pages_vram(struct drm_gem_object *obj, int npages)
68{
69 struct msm_gem_object *msm_obj = to_msm_bo(obj);
70 struct msm_drm_private *priv = obj->dev->dev_private;
71 dma_addr_t paddr;
72 struct page **p;
73 int ret, i;
74
75 p = kvmalloc_array(npages, sizeof(struct page *), GFP_KERNEL);
76 if (!p)
77 return ERR_PTR(-ENOMEM);
78
79 spin_lock(&priv->vram.lock);
80 ret = drm_mm_insert_node(&priv->vram.mm, msm_obj->vram_node, npages);
81 spin_unlock(&priv->vram.lock);
82 if (ret) {
83 kvfree(p);
84 return ERR_PTR(ret);
85 }
86
87 paddr = physaddr(obj);
88 for (i = 0; i < npages; i++) {
89 p[i] = pfn_to_page(__phys_to_pfn(paddr));
90 paddr += PAGE_SIZE;
91 }
92
93 return p;
94}
95
96static struct page **get_pages(struct drm_gem_object *obj)
97{
98 struct msm_gem_object *msm_obj = to_msm_bo(obj);
99
100 msm_gem_assert_locked(obj);
101
102 if (!msm_obj->pages) {
103 struct drm_device *dev = obj->dev;
104 struct page **p;
105 int npages = obj->size >> PAGE_SHIFT;
106
107 if (use_pages(obj))
108 p = drm_gem_get_pages(obj);
109 else
110 p = get_pages_vram(obj, npages);
111
112 if (IS_ERR(p)) {
113 DRM_DEV_ERROR(dev->dev, "could not get pages: %ld\n",
114 PTR_ERR(p));
115 return p;
116 }
117
118 msm_obj->pages = p;
119
120 msm_obj->sgt = drm_prime_pages_to_sg(obj->dev, p, npages);
121 if (IS_ERR(msm_obj->sgt)) {
122 void *ptr = ERR_CAST(msm_obj->sgt);
123
124 DRM_DEV_ERROR(dev->dev, "failed to allocate sgt\n");
125 msm_obj->sgt = NULL;
126 return ptr;
127 }
128
129 /* For non-cached buffers, ensure the new pages are clean
130 * because display controller, GPU, etc. are not coherent:
131 */
132 if (msm_obj->flags & MSM_BO_WC)
133 sync_for_device(msm_obj);
134
135 update_lru(obj);
136 }
137
138 return msm_obj->pages;
139}
140
141static void put_pages_vram(struct drm_gem_object *obj)
142{
143 struct msm_gem_object *msm_obj = to_msm_bo(obj);
144 struct msm_drm_private *priv = obj->dev->dev_private;
145
146 spin_lock(&priv->vram.lock);
147 drm_mm_remove_node(msm_obj->vram_node);
148 spin_unlock(&priv->vram.lock);
149
150 kvfree(msm_obj->pages);
151}
152
153static void put_pages(struct drm_gem_object *obj)
154{
155 struct msm_gem_object *msm_obj = to_msm_bo(obj);
156
157 if (msm_obj->pages) {
158 if (msm_obj->sgt) {
159 /* For non-cached buffers, ensure the new
160 * pages are clean because display controller,
161 * GPU, etc. are not coherent:
162 */
163 if (msm_obj->flags & MSM_BO_WC)
164 sync_for_cpu(msm_obj);
165
166 sg_free_table(msm_obj->sgt);
167 kfree(msm_obj->sgt);
168 msm_obj->sgt = NULL;
169 }
170
171 if (use_pages(obj))
172 drm_gem_put_pages(obj, msm_obj->pages, true, false);
173 else
174 put_pages_vram(obj);
175
176 msm_obj->pages = NULL;
177 update_lru(obj);
178 }
179}
180
181static struct page **msm_gem_pin_pages_locked(struct drm_gem_object *obj)
182{
183 struct msm_gem_object *msm_obj = to_msm_bo(obj);
184 struct page **p;
185
186 msm_gem_assert_locked(obj);
187
188 if (GEM_WARN_ON(msm_obj->madv != MSM_MADV_WILLNEED)) {
189 return ERR_PTR(-EBUSY);
190 }
191
192 p = get_pages(obj);
193 if (!IS_ERR(p)) {
194 to_msm_bo(obj)->pin_count++;
195 update_lru(obj);
196 }
197
198 return p;
199}
200
201struct page **msm_gem_pin_pages(struct drm_gem_object *obj)
202{
203 struct page **p;
204
205 msm_gem_lock(obj);
206 p = msm_gem_pin_pages_locked(obj);
207 msm_gem_unlock(obj);
208
209 return p;
210}
211
212void msm_gem_unpin_pages(struct drm_gem_object *obj)
213{
214 msm_gem_lock(obj);
215 msm_gem_unpin_locked(obj);
216 msm_gem_unlock(obj);
217}
218
219static pgprot_t msm_gem_pgprot(struct msm_gem_object *msm_obj, pgprot_t prot)
220{
221 if (msm_obj->flags & MSM_BO_WC)
222 return pgprot_writecombine(prot);
223 return prot;
224}
225
226static vm_fault_t msm_gem_fault(struct vm_fault *vmf)
227{
228 struct vm_area_struct *vma = vmf->vma;
229 struct drm_gem_object *obj = vma->vm_private_data;
230 struct msm_gem_object *msm_obj = to_msm_bo(obj);
231 struct page **pages;
232 unsigned long pfn;
233 pgoff_t pgoff;
234 int err;
235 vm_fault_t ret;
236
237 /*
238 * vm_ops.open/drm_gem_mmap_obj and close get and put
239 * a reference on obj. So, we dont need to hold one here.
240 */
241 err = msm_gem_lock_interruptible(obj);
242 if (err) {
243 ret = VM_FAULT_NOPAGE;
244 goto out;
245 }
246
247 if (GEM_WARN_ON(msm_obj->madv != MSM_MADV_WILLNEED)) {
248 msm_gem_unlock(obj);
249 return VM_FAULT_SIGBUS;
250 }
251
252 /* make sure we have pages attached now */
253 pages = get_pages(obj);
254 if (IS_ERR(pages)) {
255 ret = vmf_error(PTR_ERR(pages));
256 goto out_unlock;
257 }
258
259 /* We don't use vmf->pgoff since that has the fake offset: */
260 pgoff = (vmf->address - vma->vm_start) >> PAGE_SHIFT;
261
262 pfn = page_to_pfn(pages[pgoff]);
263
264 VERB("Inserting %p pfn %lx, pa %lx", (void *)vmf->address,
265 pfn, pfn << PAGE_SHIFT);
266
267 ret = vmf_insert_pfn(vma, vmf->address, pfn);
268
269out_unlock:
270 msm_gem_unlock(obj);
271out:
272 return ret;
273}
274
275/** get mmap offset */
276static uint64_t mmap_offset(struct drm_gem_object *obj)
277{
278 struct drm_device *dev = obj->dev;
279 int ret;
280
281 msm_gem_assert_locked(obj);
282
283 /* Make it mmapable */
284 ret = drm_gem_create_mmap_offset(obj);
285
286 if (ret) {
287 DRM_DEV_ERROR(dev->dev, "could not allocate mmap offset\n");
288 return 0;
289 }
290
291 return drm_vma_node_offset_addr(&obj->vma_node);
292}
293
294uint64_t msm_gem_mmap_offset(struct drm_gem_object *obj)
295{
296 uint64_t offset;
297
298 msm_gem_lock(obj);
299 offset = mmap_offset(obj);
300 msm_gem_unlock(obj);
301 return offset;
302}
303
304static struct msm_gem_vma *add_vma(struct drm_gem_object *obj,
305 struct msm_gem_address_space *aspace)
306{
307 struct msm_gem_object *msm_obj = to_msm_bo(obj);
308 struct msm_gem_vma *vma;
309
310 msm_gem_assert_locked(obj);
311
312 vma = kzalloc(sizeof(*vma), GFP_KERNEL);
313 if (!vma)
314 return ERR_PTR(-ENOMEM);
315
316 vma->aspace = aspace;
317
318 list_add_tail(&vma->list, &msm_obj->vmas);
319
320 return vma;
321}
322
323static struct msm_gem_vma *lookup_vma(struct drm_gem_object *obj,
324 struct msm_gem_address_space *aspace)
325{
326 struct msm_gem_object *msm_obj = to_msm_bo(obj);
327 struct msm_gem_vma *vma;
328
329 msm_gem_assert_locked(obj);
330
331 list_for_each_entry(vma, &msm_obj->vmas, list) {
332 if (vma->aspace == aspace)
333 return vma;
334 }
335
336 return NULL;
337}
338
339static void del_vma(struct msm_gem_vma *vma)
340{
341 if (!vma)
342 return;
343
344 list_del(&vma->list);
345 kfree(vma);
346}
347
348/*
349 * If close is true, this also closes the VMA (releasing the allocated
350 * iova range) in addition to removing the iommu mapping. In the eviction
351 * case (!close), we keep the iova allocated, but only remove the iommu
352 * mapping.
353 */
354static void
355put_iova_spaces(struct drm_gem_object *obj, bool close)
356{
357 struct msm_gem_object *msm_obj = to_msm_bo(obj);
358 struct msm_gem_vma *vma;
359
360 msm_gem_assert_locked(obj);
361
362 list_for_each_entry(vma, &msm_obj->vmas, list) {
363 if (vma->aspace) {
364 msm_gem_purge_vma(vma->aspace, vma);
365 if (close)
366 msm_gem_close_vma(vma->aspace, vma);
367 }
368 }
369}
370
371/* Called with msm_obj locked */
372static void
373put_iova_vmas(struct drm_gem_object *obj)
374{
375 struct msm_gem_object *msm_obj = to_msm_bo(obj);
376 struct msm_gem_vma *vma, *tmp;
377
378 msm_gem_assert_locked(obj);
379
380 list_for_each_entry_safe(vma, tmp, &msm_obj->vmas, list) {
381 del_vma(vma);
382 }
383}
384
385static struct msm_gem_vma *get_vma_locked(struct drm_gem_object *obj,
386 struct msm_gem_address_space *aspace,
387 u64 range_start, u64 range_end)
388{
389 struct msm_gem_vma *vma;
390
391 msm_gem_assert_locked(obj);
392
393 vma = lookup_vma(obj, aspace);
394
395 if (!vma) {
396 int ret;
397
398 vma = add_vma(obj, aspace);
399 if (IS_ERR(vma))
400 return vma;
401
402 ret = msm_gem_init_vma(aspace, vma, obj->size,
403 range_start, range_end);
404 if (ret) {
405 del_vma(vma);
406 return ERR_PTR(ret);
407 }
408 } else {
409 GEM_WARN_ON(vma->iova < range_start);
410 GEM_WARN_ON((vma->iova + obj->size) > range_end);
411 }
412
413 return vma;
414}
415
416int msm_gem_pin_vma_locked(struct drm_gem_object *obj, struct msm_gem_vma *vma)
417{
418 struct msm_gem_object *msm_obj = to_msm_bo(obj);
419 struct page **pages;
420 int ret, prot = IOMMU_READ;
421
422 if (!(msm_obj->flags & MSM_BO_GPU_READONLY))
423 prot |= IOMMU_WRITE;
424
425 if (msm_obj->flags & MSM_BO_MAP_PRIV)
426 prot |= IOMMU_PRIV;
427
428 if (msm_obj->flags & MSM_BO_CACHED_COHERENT)
429 prot |= IOMMU_CACHE;
430
431 msm_gem_assert_locked(obj);
432
433 if (GEM_WARN_ON(msm_obj->madv != MSM_MADV_WILLNEED))
434 return -EBUSY;
435
436 pages = msm_gem_pin_pages_locked(obj);
437 if (IS_ERR(pages))
438 return PTR_ERR(pages);
439
440 ret = msm_gem_map_vma(vma->aspace, vma, prot, msm_obj->sgt, obj->size);
441 if (ret)
442 msm_gem_unpin_locked(obj);
443
444 return ret;
445}
446
447void msm_gem_unpin_locked(struct drm_gem_object *obj)
448{
449 struct msm_gem_object *msm_obj = to_msm_bo(obj);
450
451 msm_gem_assert_locked(obj);
452
453 msm_obj->pin_count--;
454 GEM_WARN_ON(msm_obj->pin_count < 0);
455
456 update_lru(obj);
457}
458
459struct msm_gem_vma *msm_gem_get_vma_locked(struct drm_gem_object *obj,
460 struct msm_gem_address_space *aspace)
461{
462 return get_vma_locked(obj, aspace, 0, U64_MAX);
463}
464
465static int get_and_pin_iova_range_locked(struct drm_gem_object *obj,
466 struct msm_gem_address_space *aspace, uint64_t *iova,
467 u64 range_start, u64 range_end)
468{
469 struct msm_gem_vma *vma;
470 int ret;
471
472 msm_gem_assert_locked(obj);
473
474 vma = get_vma_locked(obj, aspace, range_start, range_end);
475 if (IS_ERR(vma))
476 return PTR_ERR(vma);
477
478 ret = msm_gem_pin_vma_locked(obj, vma);
479 if (!ret)
480 *iova = vma->iova;
481
482 return ret;
483}
484
485/*
486 * get iova and pin it. Should have a matching put
487 * limits iova to specified range (in pages)
488 */
489int msm_gem_get_and_pin_iova_range(struct drm_gem_object *obj,
490 struct msm_gem_address_space *aspace, uint64_t *iova,
491 u64 range_start, u64 range_end)
492{
493 int ret;
494
495 msm_gem_lock(obj);
496 ret = get_and_pin_iova_range_locked(obj, aspace, iova, range_start, range_end);
497 msm_gem_unlock(obj);
498
499 return ret;
500}
501
502/* get iova and pin it. Should have a matching put */
503int msm_gem_get_and_pin_iova(struct drm_gem_object *obj,
504 struct msm_gem_address_space *aspace, uint64_t *iova)
505{
506 return msm_gem_get_and_pin_iova_range(obj, aspace, iova, 0, U64_MAX);
507}
508
509/*
510 * Get an iova but don't pin it. Doesn't need a put because iovas are currently
511 * valid for the life of the object
512 */
513int msm_gem_get_iova(struct drm_gem_object *obj,
514 struct msm_gem_address_space *aspace, uint64_t *iova)
515{
516 struct msm_gem_vma *vma;
517 int ret = 0;
518
519 msm_gem_lock(obj);
520 vma = get_vma_locked(obj, aspace, 0, U64_MAX);
521 if (IS_ERR(vma)) {
522 ret = PTR_ERR(vma);
523 } else {
524 *iova = vma->iova;
525 }
526 msm_gem_unlock(obj);
527
528 return ret;
529}
530
531static int clear_iova(struct drm_gem_object *obj,
532 struct msm_gem_address_space *aspace)
533{
534 struct msm_gem_vma *vma = lookup_vma(obj, aspace);
535
536 if (!vma)
537 return 0;
538
539 if (msm_gem_vma_inuse(vma))
540 return -EBUSY;
541
542 msm_gem_purge_vma(vma->aspace, vma);
543 msm_gem_close_vma(vma->aspace, vma);
544 del_vma(vma);
545
546 return 0;
547}
548
549/*
550 * Get the requested iova but don't pin it. Fails if the requested iova is
551 * not available. Doesn't need a put because iovas are currently valid for
552 * the life of the object.
553 *
554 * Setting an iova of zero will clear the vma.
555 */
556int msm_gem_set_iova(struct drm_gem_object *obj,
557 struct msm_gem_address_space *aspace, uint64_t iova)
558{
559 int ret = 0;
560
561 msm_gem_lock(obj);
562 if (!iova) {
563 ret = clear_iova(obj, aspace);
564 } else {
565 struct msm_gem_vma *vma;
566 vma = get_vma_locked(obj, aspace, iova, iova + obj->size);
567 if (IS_ERR(vma)) {
568 ret = PTR_ERR(vma);
569 } else if (GEM_WARN_ON(vma->iova != iova)) {
570 clear_iova(obj, aspace);
571 ret = -EBUSY;
572 }
573 }
574 msm_gem_unlock(obj);
575
576 return ret;
577}
578
579/*
580 * Unpin a iova by updating the reference counts. The memory isn't actually
581 * purged until something else (shrinker, mm_notifier, destroy, etc) decides
582 * to get rid of it
583 */
584void msm_gem_unpin_iova(struct drm_gem_object *obj,
585 struct msm_gem_address_space *aspace)
586{
587 struct msm_gem_vma *vma;
588
589 msm_gem_lock(obj);
590 vma = lookup_vma(obj, aspace);
591 if (!GEM_WARN_ON(!vma)) {
592 msm_gem_unpin_vma(vma);
593 msm_gem_unpin_locked(obj);
594 }
595 msm_gem_unlock(obj);
596}
597
598int msm_gem_dumb_create(struct drm_file *file, struct drm_device *dev,
599 struct drm_mode_create_dumb *args)
600{
601 args->pitch = align_pitch(args->width, args->bpp);
602 args->size = PAGE_ALIGN(args->pitch * args->height);
603 return msm_gem_new_handle(dev, file, args->size,
604 MSM_BO_SCANOUT | MSM_BO_WC, &args->handle, "dumb");
605}
606
607int msm_gem_dumb_map_offset(struct drm_file *file, struct drm_device *dev,
608 uint32_t handle, uint64_t *offset)
609{
610 struct drm_gem_object *obj;
611 int ret = 0;
612
613 /* GEM does all our handle to object mapping */
614 obj = drm_gem_object_lookup(file, handle);
615 if (obj == NULL) {
616 ret = -ENOENT;
617 goto fail;
618 }
619
620 *offset = msm_gem_mmap_offset(obj);
621
622 drm_gem_object_put(obj);
623
624fail:
625 return ret;
626}
627
628static void *get_vaddr(struct drm_gem_object *obj, unsigned madv)
629{
630 struct msm_gem_object *msm_obj = to_msm_bo(obj);
631 int ret = 0;
632
633 msm_gem_assert_locked(obj);
634
635 if (obj->import_attach)
636 return ERR_PTR(-ENODEV);
637
638 if (GEM_WARN_ON(msm_obj->madv > madv)) {
639 DRM_DEV_ERROR(obj->dev->dev, "Invalid madv state: %u vs %u\n",
640 msm_obj->madv, madv);
641 return ERR_PTR(-EBUSY);
642 }
643
644 /* increment vmap_count *before* vmap() call, so shrinker can
645 * check vmap_count (is_vunmapable()) outside of msm_obj lock.
646 * This guarantees that we won't try to msm_gem_vunmap() this
647 * same object from within the vmap() call (while we already
648 * hold msm_obj lock)
649 */
650 msm_obj->vmap_count++;
651
652 if (!msm_obj->vaddr) {
653 struct page **pages = get_pages(obj);
654 if (IS_ERR(pages)) {
655 ret = PTR_ERR(pages);
656 goto fail;
657 }
658 msm_obj->vaddr = vmap(pages, obj->size >> PAGE_SHIFT,
659 VM_MAP, msm_gem_pgprot(msm_obj, PAGE_KERNEL));
660 if (msm_obj->vaddr == NULL) {
661 ret = -ENOMEM;
662 goto fail;
663 }
664
665 update_lru(obj);
666 }
667
668 return msm_obj->vaddr;
669
670fail:
671 msm_obj->vmap_count--;
672 return ERR_PTR(ret);
673}
674
675void *msm_gem_get_vaddr_locked(struct drm_gem_object *obj)
676{
677 return get_vaddr(obj, MSM_MADV_WILLNEED);
678}
679
680void *msm_gem_get_vaddr(struct drm_gem_object *obj)
681{
682 void *ret;
683
684 msm_gem_lock(obj);
685 ret = msm_gem_get_vaddr_locked(obj);
686 msm_gem_unlock(obj);
687
688 return ret;
689}
690
691/*
692 * Don't use this! It is for the very special case of dumping
693 * submits from GPU hangs or faults, were the bo may already
694 * be MSM_MADV_DONTNEED, but we know the buffer is still on the
695 * active list.
696 */
697void *msm_gem_get_vaddr_active(struct drm_gem_object *obj)
698{
699 return get_vaddr(obj, __MSM_MADV_PURGED);
700}
701
702void msm_gem_put_vaddr_locked(struct drm_gem_object *obj)
703{
704 struct msm_gem_object *msm_obj = to_msm_bo(obj);
705
706 msm_gem_assert_locked(obj);
707 GEM_WARN_ON(msm_obj->vmap_count < 1);
708
709 msm_obj->vmap_count--;
710}
711
712void msm_gem_put_vaddr(struct drm_gem_object *obj)
713{
714 msm_gem_lock(obj);
715 msm_gem_put_vaddr_locked(obj);
716 msm_gem_unlock(obj);
717}
718
719/* Update madvise status, returns true if not purged, else
720 * false or -errno.
721 */
722int msm_gem_madvise(struct drm_gem_object *obj, unsigned madv)
723{
724 struct msm_gem_object *msm_obj = to_msm_bo(obj);
725
726 msm_gem_lock(obj);
727
728 if (msm_obj->madv != __MSM_MADV_PURGED)
729 msm_obj->madv = madv;
730
731 madv = msm_obj->madv;
732
733 /* If the obj is inactive, we might need to move it
734 * between inactive lists
735 */
736 update_lru(obj);
737
738 msm_gem_unlock(obj);
739
740 return (madv != __MSM_MADV_PURGED);
741}
742
743void msm_gem_purge(struct drm_gem_object *obj)
744{
745 struct drm_device *dev = obj->dev;
746 struct msm_gem_object *msm_obj = to_msm_bo(obj);
747
748 msm_gem_assert_locked(obj);
749 GEM_WARN_ON(!is_purgeable(msm_obj));
750
751 /* Get rid of any iommu mapping(s): */
752 put_iova_spaces(obj, true);
753
754 msm_gem_vunmap(obj);
755
756 drm_vma_node_unmap(&obj->vma_node, dev->anon_inode->i_mapping);
757
758 put_pages(obj);
759
760 put_iova_vmas(obj);
761
762 msm_obj->madv = __MSM_MADV_PURGED;
763
764 drm_gem_free_mmap_offset(obj);
765
766 /* Our goal here is to return as much of the memory as
767 * is possible back to the system as we are called from OOM.
768 * To do this we must instruct the shmfs to drop all of its
769 * backing pages, *now*.
770 */
771 shmem_truncate_range(file_inode(obj->filp), 0, (loff_t)-1);
772
773 invalidate_mapping_pages(file_inode(obj->filp)->i_mapping,
774 0, (loff_t)-1);
775}
776
777/*
778 * Unpin the backing pages and make them available to be swapped out.
779 */
780void msm_gem_evict(struct drm_gem_object *obj)
781{
782 struct drm_device *dev = obj->dev;
783 struct msm_gem_object *msm_obj = to_msm_bo(obj);
784
785 msm_gem_assert_locked(obj);
786 GEM_WARN_ON(is_unevictable(msm_obj));
787
788 /* Get rid of any iommu mapping(s): */
789 put_iova_spaces(obj, false);
790
791 drm_vma_node_unmap(&obj->vma_node, dev->anon_inode->i_mapping);
792
793 put_pages(obj);
794}
795
796void msm_gem_vunmap(struct drm_gem_object *obj)
797{
798 struct msm_gem_object *msm_obj = to_msm_bo(obj);
799
800 msm_gem_assert_locked(obj);
801
802 if (!msm_obj->vaddr || GEM_WARN_ON(!is_vunmapable(msm_obj)))
803 return;
804
805 vunmap(msm_obj->vaddr);
806 msm_obj->vaddr = NULL;
807}
808
809static void update_lru(struct drm_gem_object *obj)
810{
811 struct msm_drm_private *priv = obj->dev->dev_private;
812 struct msm_gem_object *msm_obj = to_msm_bo(obj);
813
814 msm_gem_assert_locked(&msm_obj->base);
815
816 if (!msm_obj->pages) {
817 GEM_WARN_ON(msm_obj->pin_count);
818 GEM_WARN_ON(msm_obj->vmap_count);
819
820 drm_gem_lru_move_tail(&priv->lru.unbacked, obj);
821 } else if (msm_obj->pin_count || msm_obj->vmap_count) {
822 drm_gem_lru_move_tail(&priv->lru.pinned, obj);
823 } else if (msm_obj->madv == MSM_MADV_WILLNEED) {
824 drm_gem_lru_move_tail(&priv->lru.willneed, obj);
825 } else {
826 GEM_WARN_ON(msm_obj->madv != MSM_MADV_DONTNEED);
827
828 drm_gem_lru_move_tail(&priv->lru.dontneed, obj);
829 }
830}
831
832bool msm_gem_active(struct drm_gem_object *obj)
833{
834 msm_gem_assert_locked(obj);
835
836 if (to_msm_bo(obj)->pin_count)
837 return true;
838
839 return !dma_resv_test_signaled(obj->resv, dma_resv_usage_rw(true));
840}
841
842int msm_gem_cpu_prep(struct drm_gem_object *obj, uint32_t op, ktime_t *timeout)
843{
844 bool write = !!(op & MSM_PREP_WRITE);
845 unsigned long remain =
846 op & MSM_PREP_NOSYNC ? 0 : timeout_to_jiffies(timeout);
847 long ret;
848
849 ret = dma_resv_wait_timeout(obj->resv, dma_resv_usage_rw(write),
850 true, remain);
851 if (ret == 0)
852 return remain == 0 ? -EBUSY : -ETIMEDOUT;
853 else if (ret < 0)
854 return ret;
855
856 /* TODO cache maintenance */
857
858 return 0;
859}
860
861int msm_gem_cpu_fini(struct drm_gem_object *obj)
862{
863 /* TODO cache maintenance */
864 return 0;
865}
866
867#ifdef CONFIG_DEBUG_FS
868void msm_gem_describe(struct drm_gem_object *obj, struct seq_file *m,
869 struct msm_gem_stats *stats)
870{
871 struct msm_gem_object *msm_obj = to_msm_bo(obj);
872 struct dma_resv *robj = obj->resv;
873 struct msm_gem_vma *vma;
874 uint64_t off = drm_vma_node_start(&obj->vma_node);
875 const char *madv;
876
877 msm_gem_lock(obj);
878
879 stats->all.count++;
880 stats->all.size += obj->size;
881
882 if (msm_gem_active(obj)) {
883 stats->active.count++;
884 stats->active.size += obj->size;
885 }
886
887 if (msm_obj->pages) {
888 stats->resident.count++;
889 stats->resident.size += obj->size;
890 }
891
892 switch (msm_obj->madv) {
893 case __MSM_MADV_PURGED:
894 stats->purged.count++;
895 stats->purged.size += obj->size;
896 madv = " purged";
897 break;
898 case MSM_MADV_DONTNEED:
899 stats->purgeable.count++;
900 stats->purgeable.size += obj->size;
901 madv = " purgeable";
902 break;
903 case MSM_MADV_WILLNEED:
904 default:
905 madv = "";
906 break;
907 }
908
909 seq_printf(m, "%08x: %c %2d (%2d) %08llx %p",
910 msm_obj->flags, msm_gem_active(obj) ? 'A' : 'I',
911 obj->name, kref_read(&obj->refcount),
912 off, msm_obj->vaddr);
913
914 seq_printf(m, " %08zu %9s %-32s\n", obj->size, madv, msm_obj->name);
915
916 if (!list_empty(&msm_obj->vmas)) {
917
918 seq_puts(m, " vmas:");
919
920 list_for_each_entry(vma, &msm_obj->vmas, list) {
921 const char *name, *comm;
922 if (vma->aspace) {
923 struct msm_gem_address_space *aspace = vma->aspace;
924 struct task_struct *task =
925 get_pid_task(aspace->pid, PIDTYPE_PID);
926 if (task) {
927 comm = kstrdup(task->comm, GFP_KERNEL);
928 put_task_struct(task);
929 } else {
930 comm = NULL;
931 }
932 name = aspace->name;
933 } else {
934 name = comm = NULL;
935 }
936 seq_printf(m, " [%s%s%s: aspace=%p, %08llx,%s,inuse=%d]",
937 name, comm ? ":" : "", comm ? comm : "",
938 vma->aspace, vma->iova,
939 vma->mapped ? "mapped" : "unmapped",
940 msm_gem_vma_inuse(vma));
941 kfree(comm);
942 }
943
944 seq_puts(m, "\n");
945 }
946
947 dma_resv_describe(robj, m);
948 msm_gem_unlock(obj);
949}
950
951void msm_gem_describe_objects(struct list_head *list, struct seq_file *m)
952{
953 struct msm_gem_stats stats = {};
954 struct msm_gem_object *msm_obj;
955
956 seq_puts(m, " flags id ref offset kaddr size madv name\n");
957 list_for_each_entry(msm_obj, list, node) {
958 struct drm_gem_object *obj = &msm_obj->base;
959 seq_puts(m, " ");
960 msm_gem_describe(obj, m, &stats);
961 }
962
963 seq_printf(m, "Total: %4d objects, %9zu bytes\n",
964 stats.all.count, stats.all.size);
965 seq_printf(m, "Active: %4d objects, %9zu bytes\n",
966 stats.active.count, stats.active.size);
967 seq_printf(m, "Resident: %4d objects, %9zu bytes\n",
968 stats.resident.count, stats.resident.size);
969 seq_printf(m, "Purgeable: %4d objects, %9zu bytes\n",
970 stats.purgeable.count, stats.purgeable.size);
971 seq_printf(m, "Purged: %4d objects, %9zu bytes\n",
972 stats.purged.count, stats.purged.size);
973}
974#endif
975
976/* don't call directly! Use drm_gem_object_put() */
977static void msm_gem_free_object(struct drm_gem_object *obj)
978{
979 struct msm_gem_object *msm_obj = to_msm_bo(obj);
980 struct drm_device *dev = obj->dev;
981 struct msm_drm_private *priv = dev->dev_private;
982
983 mutex_lock(&priv->obj_lock);
984 list_del(&msm_obj->node);
985 mutex_unlock(&priv->obj_lock);
986
987 put_iova_spaces(obj, true);
988
989 if (obj->import_attach) {
990 GEM_WARN_ON(msm_obj->vaddr);
991
992 /* Don't drop the pages for imported dmabuf, as they are not
993 * ours, just free the array we allocated:
994 */
995 kvfree(msm_obj->pages);
996
997 put_iova_vmas(obj);
998
999 drm_prime_gem_destroy(obj, msm_obj->sgt);
1000 } else {
1001 msm_gem_vunmap(obj);
1002 put_pages(obj);
1003 put_iova_vmas(obj);
1004 }
1005
1006 drm_gem_object_release(obj);
1007
1008 kfree(msm_obj);
1009}
1010
1011static int msm_gem_object_mmap(struct drm_gem_object *obj, struct vm_area_struct *vma)
1012{
1013 struct msm_gem_object *msm_obj = to_msm_bo(obj);
1014
1015 vma->vm_flags |= VM_PFNMAP | VM_DONTEXPAND | VM_DONTDUMP;
1016 vma->vm_page_prot = msm_gem_pgprot(msm_obj, vm_get_page_prot(vma->vm_flags));
1017
1018 return 0;
1019}
1020
1021/* convenience method to construct a GEM buffer object, and userspace handle */
1022int msm_gem_new_handle(struct drm_device *dev, struct drm_file *file,
1023 uint32_t size, uint32_t flags, uint32_t *handle,
1024 char *name)
1025{
1026 struct drm_gem_object *obj;
1027 int ret;
1028
1029 obj = msm_gem_new(dev, size, flags);
1030
1031 if (IS_ERR(obj))
1032 return PTR_ERR(obj);
1033
1034 if (name)
1035 msm_gem_object_set_name(obj, "%s", name);
1036
1037 ret = drm_gem_handle_create(file, obj, handle);
1038
1039 /* drop reference from allocate - handle holds it now */
1040 drm_gem_object_put(obj);
1041
1042 return ret;
1043}
1044
1045static const struct vm_operations_struct vm_ops = {
1046 .fault = msm_gem_fault,
1047 .open = drm_gem_vm_open,
1048 .close = drm_gem_vm_close,
1049};
1050
1051static const struct drm_gem_object_funcs msm_gem_object_funcs = {
1052 .free = msm_gem_free_object,
1053 .pin = msm_gem_prime_pin,
1054 .unpin = msm_gem_prime_unpin,
1055 .get_sg_table = msm_gem_prime_get_sg_table,
1056 .vmap = msm_gem_prime_vmap,
1057 .vunmap = msm_gem_prime_vunmap,
1058 .mmap = msm_gem_object_mmap,
1059 .vm_ops = &vm_ops,
1060};
1061
1062static int msm_gem_new_impl(struct drm_device *dev,
1063 uint32_t size, uint32_t flags,
1064 struct drm_gem_object **obj)
1065{
1066 struct msm_drm_private *priv = dev->dev_private;
1067 struct msm_gem_object *msm_obj;
1068
1069 switch (flags & MSM_BO_CACHE_MASK) {
1070 case MSM_BO_CACHED:
1071 case MSM_BO_WC:
1072 break;
1073 case MSM_BO_CACHED_COHERENT:
1074 if (priv->has_cached_coherent)
1075 break;
1076 fallthrough;
1077 default:
1078 DRM_DEV_DEBUG(dev->dev, "invalid cache flag: %x\n",
1079 (flags & MSM_BO_CACHE_MASK));
1080 return -EINVAL;
1081 }
1082
1083 msm_obj = kzalloc(sizeof(*msm_obj), GFP_KERNEL);
1084 if (!msm_obj)
1085 return -ENOMEM;
1086
1087 msm_obj->flags = flags;
1088 msm_obj->madv = MSM_MADV_WILLNEED;
1089
1090 INIT_LIST_HEAD(&msm_obj->node);
1091 INIT_LIST_HEAD(&msm_obj->vmas);
1092
1093 *obj = &msm_obj->base;
1094 (*obj)->funcs = &msm_gem_object_funcs;
1095
1096 return 0;
1097}
1098
1099struct drm_gem_object *msm_gem_new(struct drm_device *dev, uint32_t size, uint32_t flags)
1100{
1101 struct msm_drm_private *priv = dev->dev_private;
1102 struct msm_gem_object *msm_obj;
1103 struct drm_gem_object *obj = NULL;
1104 bool use_vram = false;
1105 int ret;
1106
1107 size = PAGE_ALIGN(size);
1108
1109 if (!msm_use_mmu(dev))
1110 use_vram = true;
1111 else if ((flags & (MSM_BO_STOLEN | MSM_BO_SCANOUT)) && priv->vram.size)
1112 use_vram = true;
1113
1114 if (GEM_WARN_ON(use_vram && !priv->vram.size))
1115 return ERR_PTR(-EINVAL);
1116
1117 /* Disallow zero sized objects as they make the underlying
1118 * infrastructure grumpy
1119 */
1120 if (size == 0)
1121 return ERR_PTR(-EINVAL);
1122
1123 ret = msm_gem_new_impl(dev, size, flags, &obj);
1124 if (ret)
1125 return ERR_PTR(ret);
1126
1127 msm_obj = to_msm_bo(obj);
1128
1129 if (use_vram) {
1130 struct msm_gem_vma *vma;
1131 struct page **pages;
1132
1133 drm_gem_private_object_init(dev, obj, size);
1134
1135 msm_gem_lock(obj);
1136
1137 vma = add_vma(obj, NULL);
1138 msm_gem_unlock(obj);
1139 if (IS_ERR(vma)) {
1140 ret = PTR_ERR(vma);
1141 goto fail;
1142 }
1143
1144 to_msm_bo(obj)->vram_node = &vma->node;
1145
1146 msm_gem_lock(obj);
1147 pages = get_pages(obj);
1148 msm_gem_unlock(obj);
1149 if (IS_ERR(pages)) {
1150 ret = PTR_ERR(pages);
1151 goto fail;
1152 }
1153
1154 vma->iova = physaddr(obj);
1155 } else {
1156 ret = drm_gem_object_init(dev, obj, size);
1157 if (ret)
1158 goto fail;
1159 /*
1160 * Our buffers are kept pinned, so allocating them from the
1161 * MOVABLE zone is a really bad idea, and conflicts with CMA.
1162 * See comments above new_inode() why this is required _and_
1163 * expected if you're going to pin these pages.
1164 */
1165 mapping_set_gfp_mask(obj->filp->f_mapping, GFP_HIGHUSER);
1166 }
1167
1168 drm_gem_lru_move_tail(&priv->lru.unbacked, obj);
1169
1170 mutex_lock(&priv->obj_lock);
1171 list_add_tail(&msm_obj->node, &priv->objects);
1172 mutex_unlock(&priv->obj_lock);
1173
1174 return obj;
1175
1176fail:
1177 drm_gem_object_put(obj);
1178 return ERR_PTR(ret);
1179}
1180
1181struct drm_gem_object *msm_gem_import(struct drm_device *dev,
1182 struct dma_buf *dmabuf, struct sg_table *sgt)
1183{
1184 struct msm_drm_private *priv = dev->dev_private;
1185 struct msm_gem_object *msm_obj;
1186 struct drm_gem_object *obj;
1187 uint32_t size;
1188 int ret, npages;
1189
1190 /* if we don't have IOMMU, don't bother pretending we can import: */
1191 if (!msm_use_mmu(dev)) {
1192 DRM_DEV_ERROR(dev->dev, "cannot import without IOMMU\n");
1193 return ERR_PTR(-EINVAL);
1194 }
1195
1196 size = PAGE_ALIGN(dmabuf->size);
1197
1198 ret = msm_gem_new_impl(dev, size, MSM_BO_WC, &obj);
1199 if (ret)
1200 return ERR_PTR(ret);
1201
1202 drm_gem_private_object_init(dev, obj, size);
1203
1204 npages = size / PAGE_SIZE;
1205
1206 msm_obj = to_msm_bo(obj);
1207 msm_gem_lock(obj);
1208 msm_obj->sgt = sgt;
1209 msm_obj->pages = kvmalloc_array(npages, sizeof(struct page *), GFP_KERNEL);
1210 if (!msm_obj->pages) {
1211 msm_gem_unlock(obj);
1212 ret = -ENOMEM;
1213 goto fail;
1214 }
1215
1216 ret = drm_prime_sg_to_page_array(sgt, msm_obj->pages, npages);
1217 if (ret) {
1218 msm_gem_unlock(obj);
1219 goto fail;
1220 }
1221
1222 msm_gem_unlock(obj);
1223
1224 drm_gem_lru_move_tail(&priv->lru.pinned, obj);
1225
1226 mutex_lock(&priv->obj_lock);
1227 list_add_tail(&msm_obj->node, &priv->objects);
1228 mutex_unlock(&priv->obj_lock);
1229
1230 return obj;
1231
1232fail:
1233 drm_gem_object_put(obj);
1234 return ERR_PTR(ret);
1235}
1236
1237void *msm_gem_kernel_new(struct drm_device *dev, uint32_t size,
1238 uint32_t flags, struct msm_gem_address_space *aspace,
1239 struct drm_gem_object **bo, uint64_t *iova)
1240{
1241 void *vaddr;
1242 struct drm_gem_object *obj = msm_gem_new(dev, size, flags);
1243 int ret;
1244
1245 if (IS_ERR(obj))
1246 return ERR_CAST(obj);
1247
1248 if (iova) {
1249 ret = msm_gem_get_and_pin_iova(obj, aspace, iova);
1250 if (ret)
1251 goto err;
1252 }
1253
1254 vaddr = msm_gem_get_vaddr(obj);
1255 if (IS_ERR(vaddr)) {
1256 msm_gem_unpin_iova(obj, aspace);
1257 ret = PTR_ERR(vaddr);
1258 goto err;
1259 }
1260
1261 if (bo)
1262 *bo = obj;
1263
1264 return vaddr;
1265err:
1266 drm_gem_object_put(obj);
1267
1268 return ERR_PTR(ret);
1269
1270}
1271
1272void msm_gem_kernel_put(struct drm_gem_object *bo,
1273 struct msm_gem_address_space *aspace)
1274{
1275 if (IS_ERR_OR_NULL(bo))
1276 return;
1277
1278 msm_gem_put_vaddr(bo);
1279 msm_gem_unpin_iova(bo, aspace);
1280 drm_gem_object_put(bo);
1281}
1282
1283void msm_gem_object_set_name(struct drm_gem_object *bo, const char *fmt, ...)
1284{
1285 struct msm_gem_object *msm_obj = to_msm_bo(bo);
1286 va_list ap;
1287
1288 if (!fmt)
1289 return;
1290
1291 va_start(ap, fmt);
1292 vsnprintf(msm_obj->name, sizeof(msm_obj->name), fmt, ap);
1293 va_end(ap);
1294}