1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
|
/*
* Copyright © 2008 Intel Corporation
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the "Software"),
* to deal in the Software without restriction, including without limitation
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice (including the next
* paragraph) shall be included in all copies or substantial portions of the
* Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
* IN THE SOFTWARE.
*
* Authors:
* Eric Anholt <eric@anholt.net>
*
*/
#include <linux/types.h>
#include <linux/slab.h>
#include <linux/mm.h>
#include <linux/uaccess.h>
#include <linux/fs.h>
#include <linux/file.h>
#include <linux/module.h>
#include <linux/mman.h>
#include <linux/pagemap.h>
#include "drmP.h"
/** @file drm_mm.c
*
* This file provides some of the base ioctls and library routines for
* the graphics memory manager implemented by each device driver.
*
* Because various devices have different requirements in terms of
* synchronization and migration strategies, implementing that is left up to
* the driver, and all that the general API provides should be generic --
* allocating objects, reading/writing data with the cpu, freeing objects.
* Even there, platform-dependent optimizations for reading/writing data with
* the CPU mean we'll likely hook those out to driver-specific calls. However,
* the DRI2 implementation wants to have at least allocate/mmap be generic.
*
* The goal was to have swap-backed object allocation managed through
* struct file. However, file descriptors as handles to a struct file have
* two major failings:
* - Process limits prevent more than 1024 or so being used at a time by
* default.
* - Inability to allocate high fds will aggravate the X Server's select()
* handling, and likely that of many GL client applications as well.
*
* This led to a plan of using our own integer IDs (called handles, following
* DRM terminology) to mimic fds, and implement the fd syscalls we need as
* ioctls. The objects themselves will still include the struct file so
* that we can transition to fds if the required kernel infrastructure shows
* up at a later data, and as our interface with shmfs for memory allocation.
*/
static struct drm_mm_object *
drm_mm_object_alloc(size_t size)
{
struct drm_mm_object *obj;
BUG_ON((size & (PAGE_SIZE - 1)) != 0);
obj = kcalloc(1, sizeof(*obj), GFP_KERNEL);
obj->filp = shmem_file_setup("drm mm object", size, 0);
if (IS_ERR(obj->filp)) {
kfree(obj);
return NULL;
}
obj->refcount = 1;
return obj;
}
/**
* Removes the mapping from handle to filp for this object.
*/
static int
drm_mm_handle_delete(struct drm_file *filp, int handle)
{
struct drm_mm_object *obj;
/* This is gross. The idr system doesn't let us try a delete and
* return an error code. It just spews if you fail at deleting.
* So, we have to grab a lock around finding the object and then
* doing the delete on it and dropping the refcount, or the user
* could race us to double-decrement the refcount and cause a
* use-after-free later. Given the frequency of our handle lookups,
* we may want to use ida for number allocation and a hash table
* for the pointers, anyway.
*/
spin_lock(&filp->table_lock);
/* Check if we currently have a reference on the object */
obj = idr_find(&filp->object_idr, handle);
if (obj == NULL) {
spin_unlock(&filp->table_lock);
return -EINVAL;
}
/* Release reference and decrement refcount. */
idr_remove(&filp->object_idr, handle);
drm_mm_object_unreference(obj);
spin_unlock(&filp->table_lock);
return 0;
}
/** Returns a reference to the object named by the handle. */
static struct drm_mm_object *
drm_mm_object_lookup(struct drm_file *filp, int handle)
{
struct drm_mm_object *obj;
spin_lock(&filp->table_lock);
/* Check if we currently have a reference on the object */
obj = idr_find(&filp->object_idr, handle);
if (obj == NULL) {
spin_unlock(&filp->table_lock);
return NULL;
}
drm_mm_object_reference(obj);
spin_unlock(&filp->table_lock);
return obj;
}
/**
* Allocates a new mm object and returns a handle to it.
*/
int
drm_mm_alloc_ioctl(struct drm_device *dev, void *data,
struct drm_file *file_priv)
{
struct drm_mm_alloc_args *args = data;
struct drm_mm_object *obj;
int handle, ret;
/* Round requested size up to page size */
args->size = (args->size + PAGE_SIZE - 1) & ~(PAGE_SIZE - 1);
/* Allocate the new object */
obj = drm_mm_object_alloc(args->size);
if (obj == NULL)
return -ENOMEM;
/* Get the user-visible handle using idr.
*
* I'm not really sure why the idr api needs us to do this in two
* repeating steps. It handles internal locking of its data
* structure, yet insists that we keep its memory allocation step
* separate from its slot-finding step for locking purposes.
*/
do {
if (idr_pre_get(&file_priv->object_idr, GFP_KERNEL) == 0) {
kfree(obj);
return -EFAULT;
}
ret = idr_get_new(&file_priv->object_idr, obj, &handle);
} while (ret == -EAGAIN);
if (ret != 0) {
drm_mm_object_unreference(obj);
return -EFAULT;
}
args->handle = handle;
return 0;
}
/**
* Releases the handle to an mm object.
*/
int
drm_mm_unreference_ioctl(struct drm_device *dev, void *data,
struct drm_file *file_priv)
{
struct drm_mm_unreference_args *args = data;
int ret;
ret = drm_mm_handle_delete(file_priv, args->handle);
return ret;
}
/**
* Reads data from the object referenced by handle.
*
* On error, the contents of *data are undefined.
*/
int
drm_mm_pread_ioctl(struct drm_device *dev, void *data,
struct drm_file *file_priv)
{
struct drm_mm_pread_args *args = data;
struct drm_mm_object *obj;
ssize_t read;
loff_t offset;
obj = drm_mm_object_lookup(file_priv, args->handle);
if (obj == NULL)
return -EINVAL;
offset = args->offset;
read = obj->filp->f_op->read(obj->filp, (char __user *)args->data,
args->size, &offset);
if (read != args->size) {
drm_mm_object_unreference(obj);
if (read < 0)
return read;
else
return -EINVAL;
}
drm_mm_object_unreference(obj);
return 0;
}
/**
* Maps the contents of an object, returning the address it is mapped
* into.
*
* While the mapping holds a reference on the contents of the object, it doesn't
* imply a ref on the object itself.
*/
int
drm_mm_mmap_ioctl(struct drm_device *dev, void *data,
struct drm_file *file_priv)
{
struct drm_mm_mmap_args *args = data;
struct drm_mm_object *obj;
loff_t offset;
obj = drm_mm_object_lookup(file_priv, args->handle);
if (obj == NULL)
return -EINVAL;
offset = args->offset;
down_write(¤t->mm->mmap_sem);
args->addr = (void *)do_mmap(obj->filp, 0, args->size,
PROT_READ | PROT_WRITE, MAP_SHARED,
args->offset);
up_write(¤t->mm->mmap_sem);
drm_mm_object_unreference(obj);
return 0;
}
/**
* Writes data to the object referenced by handle.
*
* On error, the contents of the buffer that were to be modified are undefined.
*/
int
drm_mm_pwrite_ioctl(struct drm_device *dev, void *data,
struct drm_file *file_priv)
{
struct drm_mm_pwrite_args *args = data;
struct drm_mm_object *obj;
ssize_t written;
loff_t offset;
obj = drm_mm_object_lookup(file_priv, args->handle);
if (obj == NULL)
return -EINVAL;
offset = args->offset;
written = obj->filp->f_op->write(obj->filp, (char __user *)args->data,
args->size, &offset);
if (written != args->size) {
drm_mm_object_unreference(obj);
if (written < 0)
return written;
else
return -EINVAL;
}
drm_mm_object_unreference(obj);
return 0;
}
/**
* Called at device open time, sets up the structure for handling refcounting
* of mm objects.
*/
void
drm_mm_open(struct drm_file *file_private)
{
idr_init(&file_private->object_idr);
}
/** Called at device close to release the file's references on objects. */
static int
drm_mm_object_release(int id, void *ptr, void *data)
{
struct drm_mm_object *obj = ptr;
drm_mm_object_unreference(obj);
return 0;
}
/**
* Called at close time when the filp is going away.
*
* Releases any remaining references on objects by this filp.
*/
void
drm_mm_release(struct drm_file *file_private)
{
idr_for_each(&file_private->object_idr, &drm_mm_object_release, NULL);
idr_destroy(&file_private->object_idr);
}
void
drm_mm_object_reference(struct drm_mm_object *obj)
{
spin_lock(&obj->lock);
obj->refcount++;
spin_unlock(&obj->lock);
}
void
drm_mm_object_unreference(struct drm_mm_object *obj)
{
spin_lock(&obj->lock);
obj->refcount--;
spin_unlock(&obj->lock);
if (obj->refcount == 0) {
fput(obj->filp);
kfree(obj);
}
}
|