2 * Copyright © 2012-2014 Intel Corporation
4 * Permission is hereby granted, free of charge, to any person obtaining a
5 * copy of this software and associated documentation files (the "Software"),
6 * to deal in the Software without restriction, including without limitation
7 * the rights to use, copy, modify, merge, publish, distribute, sublicense,
8 * and/or sell copies of the Software, and to permit persons to whom the
9 * Software is furnished to do so, subject to the following conditions:
11 * The above copyright notice and this permission notice (including the next
12 * paragraph) shall be included in all copies or substantial portions of the
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
18 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
20 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
26 #include <drm/i915_drm.h>
28 #include "i915_trace.h"
29 #include "intel_drv.h"
31 #if defined(CONFIG_MMU_NOTIFIER)
32 #include <linux/interval_tree.h>
34 struct i915_mmu_notifier {
36 struct hlist_node node;
37 struct mmu_notifier mn;
38 struct rb_root objects;
39 struct list_head linear;
40 struct drm_device *dev;
42 struct work_struct work;
48 struct i915_mmu_object {
49 struct i915_mmu_notifier *mmu;
50 struct interval_tree_node it;
51 struct list_head link;
52 struct drm_i915_gem_object *obj;
56 static unsigned long cancel_userptr(struct drm_i915_gem_object *obj)
58 struct drm_device *dev = obj->base.dev;
61 mutex_lock(&dev->struct_mutex);
62 /* Cancel any active worker and force us to re-evaluate gup */
63 obj->userptr.work = NULL;
65 if (obj->pages != NULL) {
66 struct drm_i915_private *dev_priv = to_i915(dev);
67 struct i915_vma *vma, *tmp;
68 bool was_interruptible;
70 was_interruptible = dev_priv->mm.interruptible;
71 dev_priv->mm.interruptible = false;
73 list_for_each_entry_safe(vma, tmp, &obj->vma_list, vma_link) {
74 int ret = i915_vma_unbind(vma);
75 WARN_ON(ret && ret != -EIO);
77 WARN_ON(i915_gem_object_put_pages(obj));
79 dev_priv->mm.interruptible = was_interruptible;
82 end = obj->userptr.ptr + obj->base.size;
84 drm_gem_object_unreference(&obj->base);
85 mutex_unlock(&dev->struct_mutex);
90 static void *invalidate_range__linear(struct i915_mmu_notifier *mn,
95 struct i915_mmu_object *mmu;
100 list_for_each_entry(mmu, &mn->linear, link) {
101 struct drm_i915_gem_object *obj;
103 if (mmu->it.last < start || mmu->it.start > end)
107 drm_gem_object_reference(&obj->base);
108 spin_unlock(&mn->lock);
112 spin_lock(&mn->lock);
113 if (serial != mn->serial)
120 static void i915_gem_userptr_mn_invalidate_range_start(struct mmu_notifier *_mn,
121 struct mm_struct *mm,
125 struct i915_mmu_notifier *mn = container_of(_mn, struct i915_mmu_notifier, mn);
126 struct interval_tree_node *it = NULL;
127 unsigned long next = start;
128 unsigned long serial = 0;
130 end--; /* interval ranges are inclusive, but invalidate range is exclusive */
132 struct drm_i915_gem_object *obj = NULL;
134 spin_lock(&mn->lock);
136 it = invalidate_range__linear(mn, mm, start, end);
137 else if (serial == mn->serial)
138 it = interval_tree_iter_next(it, next, end);
140 it = interval_tree_iter_first(&mn->objects, start, end);
142 obj = container_of(it, struct i915_mmu_object, it)->obj;
143 drm_gem_object_reference(&obj->base);
146 spin_unlock(&mn->lock);
150 next = cancel_userptr(obj);
154 static const struct mmu_notifier_ops i915_gem_userptr_notifier = {
155 .invalidate_range_start = i915_gem_userptr_mn_invalidate_range_start,
158 static struct i915_mmu_notifier *
159 __i915_mmu_notifier_lookup(struct drm_device *dev, struct mm_struct *mm)
161 struct drm_i915_private *dev_priv = to_i915(dev);
162 struct i915_mmu_notifier *mmu;
164 /* Protected by dev->struct_mutex */
165 hash_for_each_possible(dev_priv->mmu_notifiers, mmu, node, (unsigned long)mm)
172 static struct i915_mmu_notifier *
173 i915_mmu_notifier_get(struct drm_device *dev, struct mm_struct *mm)
175 struct drm_i915_private *dev_priv = to_i915(dev);
176 struct i915_mmu_notifier *mmu;
179 lockdep_assert_held(&dev->struct_mutex);
181 mmu = __i915_mmu_notifier_lookup(dev, mm);
185 mmu = kmalloc(sizeof(*mmu), GFP_KERNEL);
187 return ERR_PTR(-ENOMEM);
189 spin_lock_init(&mmu->lock);
191 mmu->mn.ops = &i915_gem_userptr_notifier;
193 mmu->objects = RB_ROOT;
196 INIT_LIST_HEAD(&mmu->linear);
197 mmu->has_linear = false;
199 /* Protected by mmap_sem (write-lock) */
200 ret = __mmu_notifier_register(&mmu->mn, mm);
206 /* Protected by dev->struct_mutex */
207 hash_add(dev_priv->mmu_notifiers, &mmu->node, (unsigned long)mm);
212 __i915_mmu_notifier_destroy_worker(struct work_struct *work)
214 struct i915_mmu_notifier *mmu = container_of(work, typeof(*mmu), work);
215 mmu_notifier_unregister(&mmu->mn, mmu->mm);
220 __i915_mmu_notifier_destroy(struct i915_mmu_notifier *mmu)
222 lockdep_assert_held(&mmu->dev->struct_mutex);
224 /* Protected by dev->struct_mutex */
225 hash_del(&mmu->node);
227 /* Our lock ordering is: mmap_sem, mmu_notifier_scru, struct_mutex.
228 * We enter the function holding struct_mutex, therefore we need
229 * to drop our mutex prior to calling mmu_notifier_unregister in
230 * order to prevent lock inversion (and system-wide deadlock)
231 * between the mmap_sem and struct-mutex. Hence we defer the
232 * unregistration to a workqueue where we hold no locks.
234 INIT_WORK(&mmu->work, __i915_mmu_notifier_destroy_worker);
235 schedule_work(&mmu->work);
238 static void __i915_mmu_notifier_update_serial(struct i915_mmu_notifier *mmu)
240 if (++mmu->serial == 0)
244 static bool i915_mmu_notifier_has_linear(struct i915_mmu_notifier *mmu)
246 struct i915_mmu_object *mn;
248 list_for_each_entry(mn, &mmu->linear, link)
256 i915_mmu_notifier_del(struct i915_mmu_notifier *mmu,
257 struct i915_mmu_object *mn)
259 lockdep_assert_held(&mmu->dev->struct_mutex);
261 spin_lock(&mmu->lock);
264 mmu->has_linear = i915_mmu_notifier_has_linear(mmu);
266 interval_tree_remove(&mn->it, &mmu->objects);
267 __i915_mmu_notifier_update_serial(mmu);
268 spin_unlock(&mmu->lock);
270 /* Protected against _add() by dev->struct_mutex */
271 if (--mmu->count == 0)
272 __i915_mmu_notifier_destroy(mmu);
276 i915_mmu_notifier_add(struct i915_mmu_notifier *mmu,
277 struct i915_mmu_object *mn)
279 struct interval_tree_node *it;
282 ret = i915_mutex_lock_interruptible(mmu->dev);
286 /* Make sure we drop the final active reference (and thereby
287 * remove the objects from the interval tree) before we do
288 * the check for overlapping objects.
290 i915_gem_retire_requests(mmu->dev);
292 spin_lock(&mmu->lock);
293 it = interval_tree_iter_first(&mmu->objects,
294 mn->it.start, mn->it.last);
296 struct drm_i915_gem_object *obj;
298 /* We only need to check the first object in the range as it
299 * either has cancelled gup work queued and we need to
300 * return back to the user to give time for the gup-workers
301 * to flush their object references upon which the object will
302 * be removed from the interval-tree, or the the range is
303 * still in use by another client and the overlap is invalid.
305 * If we do have an overlap, we cannot use the interval tree
306 * for fast range invalidation.
309 obj = container_of(it, struct i915_mmu_object, it)->obj;
310 if (!obj->userptr.workers)
311 mmu->has_linear = mn->is_linear = true;
315 interval_tree_insert(&mn->it, &mmu->objects);
318 list_add(&mn->link, &mmu->linear);
319 __i915_mmu_notifier_update_serial(mmu);
321 spin_unlock(&mmu->lock);
322 mutex_unlock(&mmu->dev->struct_mutex);
328 i915_gem_userptr_release__mmu_notifier(struct drm_i915_gem_object *obj)
330 struct i915_mmu_object *mn;
332 mn = obj->userptr.mn;
336 i915_mmu_notifier_del(mn->mmu, mn);
337 obj->userptr.mn = NULL;
340 static struct i915_mmu_notifier *
341 i915_mmu_notifier_find(struct i915_mm_struct *mm)
343 struct i915_mmu_notifier *mn = mm->mn;
349 down_write(&mm->mm->mmap_sem);
350 mutex_lock(&to_i915(mm->dev)->mm_lock);
351 if ((mn = mm->mn) == NULL) {
352 mn = i915_mmu_notifier_create(mm->mm);
356 mutex_unlock(&to_i915(mm->dev)->mm_lock);
357 up_write(&mm->mm->mmap_sem);
363 i915_gem_userptr_init__mmu_notifier(struct drm_i915_gem_object *obj,
366 struct i915_mmu_notifier *mmu;
367 struct i915_mmu_object *mn;
370 if (flags & I915_USERPTR_UNSYNCHRONIZED)
371 return capable(CAP_SYS_ADMIN) ? 0 : -EPERM;
373 down_write(&obj->userptr.mm->mmap_sem);
374 ret = i915_mutex_lock_interruptible(obj->base.dev);
376 mmu = i915_mmu_notifier_get(obj->base.dev, obj->userptr.mm);
378 mmu->count++; /* preemptive add to act as a refcount */
381 mutex_unlock(&obj->base.dev->struct_mutex);
383 up_write(&obj->userptr.mm->mmap_sem);
387 mn = kzalloc(sizeof(*mn), GFP_KERNEL);
394 mn->it.start = obj->userptr.ptr;
395 mn->it.last = mn->it.start + obj->base.size - 1;
398 ret = i915_mmu_notifier_add(mmu, mn);
402 obj->userptr.mn = mn;
408 mutex_lock(&obj->base.dev->struct_mutex);
409 if (--mmu->count == 0)
410 __i915_mmu_notifier_destroy(mmu);
411 mutex_unlock(&obj->base.dev->struct_mutex);
419 i915_gem_userptr_release__mmu_notifier(struct drm_i915_gem_object *obj)
424 i915_gem_userptr_init__mmu_notifier(struct drm_i915_gem_object *obj,
427 if ((flags & I915_USERPTR_UNSYNCHRONIZED) == 0)
436 struct get_pages_work {
437 struct work_struct work;
438 struct drm_i915_gem_object *obj;
439 struct task_struct *task;
443 #if IS_ENABLED(CONFIG_SWIOTLB)
444 #define swiotlb_active() swiotlb_nr_tbl()
446 #define swiotlb_active() 0
451 st_set_pages(struct sg_table **st, struct vm_page **pvec, int num_pages)
453 struct scatterlist *sg;
456 *st = kmalloc(sizeof(**st), M_DRM, M_WAITOK);
460 if (swiotlb_active()) {
461 ret = sg_alloc_table(*st, num_pages, GFP_KERNEL);
465 for_each_sg((*st)->sgl, sg, num_pages, n)
466 sg_set_page(sg, pvec[n], PAGE_SIZE, 0);
468 ret = sg_alloc_table_from_pages(*st, pvec, num_pages,
469 0, num_pages << PAGE_SHIFT,
484 __i915_gem_userptr_get_pages_worker(struct work_struct *_work)
486 struct get_pages_work *work = container_of(_work, typeof(*work), work);
487 struct drm_i915_gem_object *obj = work->obj;
488 struct drm_device *dev = obj->base.dev;
489 const int num_pages = obj->base.size >> PAGE_SHIFT;
496 pvec = kmalloc(num_pages*sizeof(struct page *),
497 GFP_TEMPORARY | __GFP_NOWARN | __GFP_NORETRY);
499 pvec = drm_malloc_ab(num_pages, sizeof(struct page *));
501 struct mm_struct *mm = obj->userptr.mm;
503 down_read(&mm->mmap_sem);
504 while (pinned < num_pages) {
505 ret = get_user_pages(work->task, mm,
506 obj->userptr.ptr + pinned * PAGE_SIZE,
508 !obj->userptr.read_only, 0,
509 pvec + pinned, NULL);
515 up_read(&mm->mmap_sem);
518 mutex_lock(&dev->struct_mutex);
519 if (obj->userptr.work != &work->work) {
521 } else if (pinned == num_pages) {
522 ret = st_set_pages(&obj->pages, pvec, num_pages);
524 list_add_tail(&obj->global_list, &to_i915(dev)->mm.unbound_list);
529 obj->userptr.work = ERR_PTR(ret);
530 obj->userptr.workers--;
531 drm_gem_object_unreference(&obj->base);
532 mutex_unlock(&dev->struct_mutex);
534 release_pages(pvec, pinned, 0);
535 drm_free_large(pvec);
537 put_task_struct(work->task);
542 i915_gem_userptr_get_pages(struct drm_i915_gem_object *obj)
544 const int num_pages = obj->base.size >> PAGE_SHIFT;
548 /* If userspace should engineer that these pages are replaced in
549 * the vma between us binding this page into the GTT and completion
550 * of rendering... Their loss. If they change the mapping of their
551 * pages they need to create a new bo to point to the new vma.
553 * However, that still leaves open the possibility of the vma
554 * being copied upon fork. Which falls under the same userspace
555 * synchronisation issue as a regular bo, except that this time
556 * the process may not be expecting that a particular piece of
557 * memory is tied to the GPU.
559 * Fortunately, we can hook into the mmu_notifier in order to
560 * discard the page references prior to anything nasty happening
561 * to the vma (discard or cloning) which should prevent the more
562 * egregious cases from causing harm.
567 if (obj->userptr.mm == current->mm) {
568 pvec = kmalloc(num_pages*sizeof(struct page *),
569 GFP_TEMPORARY | __GFP_NOWARN | __GFP_NORETRY);
571 pvec = drm_malloc_ab(num_pages, sizeof(struct page *));
576 pinned = __get_user_pages_fast(obj->userptr.ptr, num_pages,
577 !obj->userptr.read_only, pvec);
579 if (pinned < num_pages) {
584 /* Spawn a worker so that we can acquire the
585 * user pages without holding our mutex. Access
586 * to the user pages requires mmap_sem, and we have
587 * a strict lock ordering of mmap_sem, struct_mutex -
588 * we already hold struct_mutex here and so cannot
589 * call gup without encountering a lock inversion.
591 * Userspace will keep on repeating the operation
592 * (thanks to EAGAIN) until either we hit the fast
593 * path or the worker completes. If the worker is
594 * cancelled or superseded, the task is still run
595 * but the results ignored. (This leads to
596 * complications that we may have a stray object
597 * refcount that we need to be wary of when
598 * checking for existing objects during creation.)
599 * If the worker encounters an error, it reports
600 * that error back to this function through
601 * obj->userptr.work = ERR_PTR.
604 if (obj->userptr.work == NULL &&
605 obj->userptr.workers < I915_GEM_USERPTR_MAX_WORKERS) {
606 struct get_pages_work *work;
608 work = kmalloc(sizeof(*work), GFP_KERNEL);
610 obj->userptr.work = &work->work;
611 obj->userptr.workers++;
614 drm_gem_object_reference(&obj->base);
616 work->task = current;
617 get_task_struct(work->task);
619 INIT_WORK(&work->work, __i915_gem_userptr_get_pages_worker);
620 schedule_work(&work->work);
624 if (IS_ERR(obj->userptr.work)) {
625 ret = PTR_ERR(obj->userptr.work);
626 obj->userptr.work = NULL;
631 ret = st_set_pages(&obj->pages, pvec, num_pages);
633 obj->userptr.work = NULL;
638 release_pages(pvec, pinned, 0);
639 drm_free_large(pvec);
644 i915_gem_userptr_put_pages(struct drm_i915_gem_object *obj)
646 struct sg_page_iter sg_iter;
648 BUG_ON(obj->userptr.work != NULL);
650 if (obj->madv != I915_MADV_WILLNEED)
653 for_each_sg_page(obj->pages->sgl, &sg_iter, obj->pages->nents, 0) {
654 struct page *page = sg_page_iter_page(&sg_iter);
657 set_page_dirty(page);
659 mark_page_accessed(page);
660 page_cache_release(page);
664 sg_free_table(obj->pages);
669 i915_gem_userptr_release(struct drm_i915_gem_object *obj)
671 i915_gem_userptr_release__mmu_notifier(obj);
673 if (obj->userptr.mm) {
674 mmput(obj->userptr.mm);
675 obj->userptr.mm = NULL;
680 i915_gem_userptr_dmabuf_export(struct drm_i915_gem_object *obj)
685 return i915_gem_userptr_init__mmu_notifier(obj, 0);
688 static const struct drm_i915_gem_object_ops i915_gem_userptr_ops = {
689 .dmabuf_export = i915_gem_userptr_dmabuf_export,
690 .get_pages = i915_gem_userptr_get_pages,
691 .put_pages = i915_gem_userptr_put_pages,
692 .release = i915_gem_userptr_release,
696 * Creates a new mm object that wraps some normal memory from the process
697 * context - user memory.
699 * We impose several restrictions upon the memory being mapped
701 * 1. It must be page aligned (both start/end addresses, i.e ptr and size).
702 * 2. It must be normal system memory, not a pointer into another map of IO
703 * space (e.g. it must not be a GTT mmapping of another object).
704 * 3. We only allow a bo as large as we could in theory map into the GTT,
705 * that is we limit the size to the total size of the GTT.
706 * 4. The bo is marked as being snoopable. The backing pages are left
707 * accessible directly by the CPU, but reads and writes by the GPU may
708 * incur the cost of a snoop (unless you have an LLC architecture).
710 * Synchronisation between multiple users and the GPU is left to userspace
711 * through the normal set-domain-ioctl. The kernel will enforce that the
712 * GPU relinquishes the VMA before it is returned back to the system
713 * i.e. upon free(), munmap() or process termination. However, the userspace
714 * malloc() library may not immediately relinquish the VMA after free() and
715 * instead reuse it whilst the GPU is still reading and writing to the VMA.
718 * Also note, that the object created here is not currently a "first class"
719 * object, in that several ioctls are banned. These are the CPU access
720 * ioctls: mmap(), pwrite and pread. In practice, you are expected to use
721 * direct access via your pointer rather than use those ioctls.
723 * If you think this is a good interface to use to pass GPU memory between
724 * drivers, please use dma-buf instead. In fact, wherever possible use
728 i915_gem_userptr_ioctl(struct drm_device *dev, void *data, struct drm_file *file)
730 struct drm_i915_private *dev_priv = dev->dev_private;
731 struct drm_i915_gem_userptr *args = data;
732 struct drm_i915_gem_object *obj;
736 if (args->flags & ~(I915_USERPTR_READ_ONLY |
737 I915_USERPTR_UNSYNCHRONIZED))
740 if (offset_in_page(args->user_ptr | args->user_size))
743 if (args->user_size > dev_priv->gtt.base.total)
746 if (!access_ok(args->flags & I915_USERPTR_READ_ONLY ? VERIFY_READ : VERIFY_WRITE,
747 (char __user *)(unsigned long)args->user_ptr, args->user_size))
750 if (args->flags & I915_USERPTR_READ_ONLY) {
751 /* On almost all of the current hw, we cannot tell the GPU that a
752 * page is readonly, so this is just a placeholder in the uAPI.
757 /* Allocate the new object */
758 obj = i915_gem_object_alloc(dev);
762 drm_gem_private_object_init(dev, &obj->base, args->user_size);
763 i915_gem_object_init(obj, &i915_gem_userptr_ops);
764 obj->cache_level = I915_CACHE_LLC;
765 obj->base.write_domain = I915_GEM_DOMAIN_CPU;
766 obj->base.read_domains = I915_GEM_DOMAIN_CPU;
768 obj->userptr.ptr = args->user_ptr;
769 obj->userptr.read_only = !!(args->flags & I915_USERPTR_READ_ONLY);
771 /* And keep a pointer to the current->mm for resolving the user pages
772 * at binding. This means that we need to hook into the mmu_notifier
773 * in order to detect if the mmu is destroyed.
776 if ((obj->userptr.mm = get_task_mm(current)))
777 ret = i915_gem_userptr_init__mmu_notifier(obj, args->flags);
779 ret = drm_gem_handle_create(file, &obj->base, &handle);
781 /* drop reference from allocate - handle holds it now */
782 drm_gem_object_unreference_unlocked(&obj->base);
786 args->handle = handle;
792 i915_gem_init_userptr(struct drm_device *dev)
794 #if defined(CONFIG_MMU_NOTIFIER)
795 struct drm_i915_private *dev_priv = to_i915(dev);
796 hash_init(dev_priv->mmu_notifiers);
tuxillo's projects / dragonfly.git / blob