drm-uapi.rst 32 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764
  1. .. Copyright 2020 DisplayLink (UK) Ltd.
  2. ===================
  3. Userland interfaces
  4. ===================
  5. The DRM core exports several interfaces to applications, generally
  6. intended to be used through corresponding libdrm wrapper functions. In
  7. addition, drivers export device-specific interfaces for use by userspace
  8. drivers & device-aware applications through ioctls and sysfs files.
  9. External interfaces include: memory mapping, context management, DMA
  10. operations, AGP management, vblank control, fence management, memory
  11. management, and output management.
  12. Cover generic ioctls and sysfs layout here. We only need high-level
  13. info, since man pages should cover the rest.
  14. libdrm Device Lookup
  15. ====================
  16. .. kernel-doc:: drivers/gpu/drm/drm_ioctl.c
  17. :doc: getunique and setversion story
  18. .. _drm_primary_node:
  19. Primary Nodes, DRM Master and Authentication
  20. ============================================
  21. .. kernel-doc:: drivers/gpu/drm/drm_auth.c
  22. :doc: master and authentication
  23. .. kernel-doc:: drivers/gpu/drm/drm_auth.c
  24. :export:
  25. .. kernel-doc:: include/drm/drm_auth.h
  26. :internal:
  27. .. _drm_leasing:
  28. DRM Display Resource Leasing
  29. ============================
  30. .. kernel-doc:: drivers/gpu/drm/drm_lease.c
  31. :doc: drm leasing
  32. Open-Source Userspace Requirements
  33. ==================================
  34. The DRM subsystem has stricter requirements than most other kernel subsystems on
  35. what the userspace side for new uAPI needs to look like. This section here
  36. explains what exactly those requirements are, and why they exist.
  37. The short summary is that any addition of DRM uAPI requires corresponding
  38. open-sourced userspace patches, and those patches must be reviewed and ready for
  39. merging into a suitable and canonical upstream project.
  40. GFX devices (both display and render/GPU side) are really complex bits of
  41. hardware, with userspace and kernel by necessity having to work together really
  42. closely. The interfaces, for rendering and modesetting, must be extremely wide
  43. and flexible, and therefore it is almost always impossible to precisely define
  44. them for every possible corner case. This in turn makes it really practically
  45. infeasible to differentiate between behaviour that's required by userspace, and
  46. which must not be changed to avoid regressions, and behaviour which is only an
  47. accidental artifact of the current implementation.
  48. Without access to the full source code of all userspace users that means it
  49. becomes impossible to change the implementation details, since userspace could
  50. depend upon the accidental behaviour of the current implementation in minute
  51. details. And debugging such regressions without access to source code is pretty
  52. much impossible. As a consequence this means:
  53. - The Linux kernel's "no regression" policy holds in practice only for
  54. open-source userspace of the DRM subsystem. DRM developers are perfectly fine
  55. if closed-source blob drivers in userspace use the same uAPI as the open
  56. drivers, but they must do so in the exact same way as the open drivers.
  57. Creative (ab)use of the interfaces will, and in the past routinely has, lead
  58. to breakage.
  59. - Any new userspace interface must have an open-source implementation as
  60. demonstration vehicle.
  61. The other reason for requiring open-source userspace is uAPI review. Since the
  62. kernel and userspace parts of a GFX stack must work together so closely, code
  63. review can only assess whether a new interface achieves its goals by looking at
  64. both sides. Making sure that the interface indeed covers the use-case fully
  65. leads to a few additional requirements:
  66. - The open-source userspace must not be a toy/test application, but the real
  67. thing. Specifically it needs to handle all the usual error and corner cases.
  68. These are often the places where new uAPI falls apart and hence essential to
  69. assess the fitness of a proposed interface.
  70. - The userspace side must be fully reviewed and tested to the standards of that
  71. userspace project. For e.g. mesa this means piglit testcases and review on the
  72. mailing list. This is again to ensure that the new interface actually gets the
  73. job done. The userspace-side reviewer should also provide an Acked-by on the
  74. kernel uAPI patch indicating that they believe the proposed uAPI is sound and
  75. sufficiently documented and validated for userspace's consumption.
  76. - The userspace patches must be against the canonical upstream, not some vendor
  77. fork. This is to make sure that no one cheats on the review and testing
  78. requirements by doing a quick fork.
  79. - The kernel patch can only be merged after all the above requirements are met,
  80. but it **must** be merged to either drm-next or drm-misc-next **before** the
  81. userspace patches land. uAPI always flows from the kernel, doing things the
  82. other way round risks divergence of the uAPI definitions and header files.
  83. These are fairly steep requirements, but have grown out from years of shared
  84. pain and experience with uAPI added hastily, and almost always regretted about
  85. just as fast. GFX devices change really fast, requiring a paradigm shift and
  86. entire new set of uAPI interfaces every few years at least. Together with the
  87. Linux kernel's guarantee to keep existing userspace running for 10+ years this
  88. is already rather painful for the DRM subsystem, with multiple different uAPIs
  89. for the same thing co-existing. If we add a few more complete mistakes into the
  90. mix every year it would be entirely unmanageable.
  91. .. _drm_render_node:
  92. Render nodes
  93. ============
  94. DRM core provides multiple character-devices for user-space to use.
  95. Depending on which device is opened, user-space can perform a different
  96. set of operations (mainly ioctls). The primary node is always created
  97. and called card<num>. Additionally, a currently unused control node,
  98. called controlD<num> is also created. The primary node provides all
  99. legacy operations and historically was the only interface used by
  100. userspace. With KMS, the control node was introduced. However, the
  101. planned KMS control interface has never been written and so the control
  102. node stays unused to date.
  103. With the increased use of offscreen renderers and GPGPU applications,
  104. clients no longer require running compositors or graphics servers to
  105. make use of a GPU. But the DRM API required unprivileged clients to
  106. authenticate to a DRM-Master prior to getting GPU access. To avoid this
  107. step and to grant clients GPU access without authenticating, render
  108. nodes were introduced. Render nodes solely serve render clients, that
  109. is, no modesetting or privileged ioctls can be issued on render nodes.
  110. Only non-global rendering commands are allowed. If a driver supports
  111. render nodes, it must advertise it via the DRIVER_RENDER DRM driver
  112. capability. If not supported, the primary node must be used for render
  113. clients together with the legacy drmAuth authentication procedure.
  114. If a driver advertises render node support, DRM core will create a
  115. separate render node called renderD<num>. There will be one render node
  116. per device. No ioctls except PRIME-related ioctls will be allowed on
  117. this node. Especially GEM_OPEN will be explicitly prohibited. For a
  118. complete list of driver-independent ioctls that can be used on render
  119. nodes, see the ioctls marked DRM_RENDER_ALLOW in drm_ioctl.c Render
  120. nodes are designed to avoid the buffer-leaks, which occur if clients
  121. guess the flink names or mmap offsets on the legacy interface.
  122. Additionally to this basic interface, drivers must mark their
  123. driver-dependent render-only ioctls as DRM_RENDER_ALLOW so render
  124. clients can use them. Driver authors must be careful not to allow any
  125. privileged ioctls on render nodes.
  126. With render nodes, user-space can now control access to the render node
  127. via basic file-system access-modes. A running graphics server which
  128. authenticates clients on the privileged primary/legacy node is no longer
  129. required. Instead, a client can open the render node and is immediately
  130. granted GPU access. Communication between clients (or servers) is done
  131. via PRIME. FLINK from render node to legacy node is not supported. New
  132. clients must not use the insecure FLINK interface.
  133. Besides dropping all modeset/global ioctls, render nodes also drop the
  134. DRM-Master concept. There is no reason to associate render clients with
  135. a DRM-Master as they are independent of any graphics server. Besides,
  136. they must work without any running master, anyway. Drivers must be able
  137. to run without a master object if they support render nodes. If, on the
  138. other hand, a driver requires shared state between clients which is
  139. visible to user-space and accessible beyond open-file boundaries, they
  140. cannot support render nodes.
  141. Device Hot-Unplug
  142. =================
  143. .. note::
  144. The following is the plan. Implementation is not there yet
  145. (2020 May).
  146. Graphics devices (display and/or render) may be connected via USB (e.g.
  147. display adapters or docking stations) or Thunderbolt (e.g. eGPU). An end
  148. user is able to hot-unplug this kind of devices while they are being
  149. used, and expects that the very least the machine does not crash. Any
  150. damage from hot-unplugging a DRM device needs to be limited as much as
  151. possible and userspace must be given the chance to handle it if it wants
  152. to. Ideally, unplugging a DRM device still lets a desktop continue to
  153. run, but that is going to need explicit support throughout the whole
  154. graphics stack: from kernel and userspace drivers, through display
  155. servers, via window system protocols, and in applications and libraries.
  156. Other scenarios that should lead to the same are: unrecoverable GPU
  157. crash, PCI device disappearing off the bus, or forced unbind of a driver
  158. from the physical device.
  159. In other words, from userspace perspective everything needs to keep on
  160. working more or less, until userspace stops using the disappeared DRM
  161. device and closes it completely. Userspace will learn of the device
  162. disappearance from the device removed uevent, ioctls returning ENODEV
  163. (or driver-specific ioctls returning driver-specific things), or open()
  164. returning ENXIO.
  165. Only after userspace has closed all relevant DRM device and dmabuf file
  166. descriptors and removed all mmaps, the DRM driver can tear down its
  167. instance for the device that no longer exists. If the same physical
  168. device somehow comes back in the mean time, it shall be a new DRM
  169. device.
  170. Similar to PIDs, chardev minor numbers are not recycled immediately. A
  171. new DRM device always picks the next free minor number compared to the
  172. previous one allocated, and wraps around when minor numbers are
  173. exhausted.
  174. The goal raises at least the following requirements for the kernel and
  175. drivers.
  176. Requirements for KMS UAPI
  177. -------------------------
  178. - KMS connectors must change their status to disconnected.
  179. - Legacy modesets and pageflips, and atomic commits, both real and
  180. TEST_ONLY, and any other ioctls either fail with ENODEV or fake
  181. success.
  182. - Pending non-blocking KMS operations deliver the DRM events userspace
  183. is expecting. This applies also to ioctls that faked success.
  184. - open() on a device node whose underlying device has disappeared will
  185. fail with ENXIO.
  186. - Attempting to create a DRM lease on a disappeared DRM device will
  187. fail with ENODEV. Existing DRM leases remain and work as listed
  188. above.
  189. Requirements for Render and Cross-Device UAPI
  190. ---------------------------------------------
  191. - All GPU jobs that can no longer run must have their fences
  192. force-signalled to avoid inflicting hangs on userspace.
  193. The associated error code is ENODEV.
  194. - Some userspace APIs already define what should happen when the device
  195. disappears (OpenGL, GL ES: `GL_KHR_robustness`_; `Vulkan`_:
  196. VK_ERROR_DEVICE_LOST; etc.). DRM drivers are free to implement this
  197. behaviour the way they see best, e.g. returning failures in
  198. driver-specific ioctls and handling those in userspace drivers, or
  199. rely on uevents, and so on.
  200. - dmabuf which point to memory that has disappeared will either fail to
  201. import with ENODEV or continue to be successfully imported if it would
  202. have succeeded before the disappearance. See also about memory maps
  203. below for already imported dmabufs.
  204. - Attempting to import a dmabuf to a disappeared device will either fail
  205. with ENODEV or succeed if it would have succeeded without the
  206. disappearance.
  207. - open() on a device node whose underlying device has disappeared will
  208. fail with ENXIO.
  209. .. _GL_KHR_robustness: https://www.khronos.org/registry/OpenGL/extensions/KHR/KHR_robustness.txt
  210. .. _Vulkan: https://www.khronos.org/vulkan/
  211. Requirements for Memory Maps
  212. ----------------------------
  213. Memory maps have further requirements that apply to both existing maps
  214. and maps created after the device has disappeared. If the underlying
  215. memory disappears, the map is created or modified such that reads and
  216. writes will still complete successfully but the result is undefined.
  217. This applies to both userspace mmap()'d memory and memory pointed to by
  218. dmabuf which might be mapped to other devices (cross-device dmabuf
  219. imports).
  220. Raising SIGBUS is not an option, because userspace cannot realistically
  221. handle it. Signal handlers are global, which makes them extremely
  222. difficult to use correctly from libraries like those that Mesa produces.
  223. Signal handlers are not composable, you can't have different handlers
  224. for GPU1 and GPU2 from different vendors, and a third handler for
  225. mmapped regular files. Threads cause additional pain with signal
  226. handling as well.
  227. Device reset
  228. ============
  229. The GPU stack is really complex and is prone to errors, from hardware bugs,
  230. faulty applications and everything in between the many layers. Some errors
  231. require resetting the device in order to make the device usable again. This
  232. section describes the expectations for DRM and usermode drivers when a
  233. device resets and how to propagate the reset status.
  234. Device resets can not be disabled without tainting the kernel, which can lead to
  235. hanging the entire kernel through shrinkers/mmu_notifiers. Userspace role in
  236. device resets is to propagate the message to the application and apply any
  237. special policy for blocking guilty applications, if any. Corollary is that
  238. debugging a hung GPU context require hardware support to be able to preempt such
  239. a GPU context while it's stopped.
  240. Kernel Mode Driver
  241. ------------------
  242. The KMD is responsible for checking if the device needs a reset, and to perform
  243. it as needed. Usually a hang is detected when a job gets stuck executing.
  244. Propagation of errors to userspace has proven to be tricky since it goes in
  245. the opposite direction of the usual flow of commands. Because of this vendor
  246. independent error handling was added to the &dma_fence object, this way drivers
  247. can add an error code to their fences before signaling them. See function
  248. dma_fence_set_error() on how to do this and for examples of error codes to use.
  249. The DRM scheduler also allows setting error codes on all pending fences when
  250. hardware submissions are restarted after an reset. Error codes are also
  251. forwarded from the hardware fence to the scheduler fence to bubble up errors
  252. to the higher levels of the stack and eventually userspace.
  253. Fence errors can be queried by userspace through the generic SYNC_IOC_FILE_INFO
  254. IOCTL as well as through driver specific interfaces.
  255. Additional to setting fence errors drivers should also keep track of resets per
  256. context, the DRM scheduler provides the drm_sched_entity_error() function as
  257. helper for this use case. After a reset, KMD should reject new command
  258. submissions for affected contexts.
  259. User Mode Driver
  260. ----------------
  261. After command submission, UMD should check if the submission was accepted or
  262. rejected. After a reset, KMD should reject submissions, and UMD can issue an
  263. ioctl to the KMD to check the reset status, and this can be checked more often
  264. if the UMD requires it. After detecting a reset, UMD will then proceed to report
  265. it to the application using the appropriate API error code, as explained in the
  266. section below about robustness.
  267. Robustness
  268. ----------
  269. The only way to try to keep a graphical API context working after a reset is if
  270. it complies with the robustness aspects of the graphical API that it is using.
  271. Graphical APIs provide ways to applications to deal with device resets. However,
  272. there is no guarantee that the app will use such features correctly, and a
  273. userspace that doesn't support robust interfaces (like a non-robust
  274. OpenGL context or API without any robustness support like libva) leave the
  275. robustness handling entirely to the userspace driver. There is no strong
  276. community consensus on what the userspace driver should do in that case,
  277. since all reasonable approaches have some clear downsides.
  278. OpenGL
  279. ~~~~~~
  280. Apps using OpenGL should use the available robust interfaces, like the
  281. extension ``GL_ARB_robustness`` (or ``GL_EXT_robustness`` for OpenGL ES). This
  282. interface tells if a reset has happened, and if so, all the context state is
  283. considered lost and the app proceeds by creating new ones. There's no consensus
  284. on what to do to if robustness is not in use.
  285. Vulkan
  286. ~~~~~~
  287. Apps using Vulkan should check for ``VK_ERROR_DEVICE_LOST`` for submissions.
  288. This error code means, among other things, that a device reset has happened and
  289. it needs to recreate the contexts to keep going.
  290. Reporting causes of resets
  291. --------------------------
  292. Apart from propagating the reset through the stack so apps can recover, it's
  293. really useful for driver developers to learn more about what caused the reset in
  294. the first place. For this, drivers can make use of devcoredump to store relevant
  295. information about the reset and send device wedged event with ``none`` recovery
  296. method (as explained in "Device Wedging" chapter) to notify userspace, so this
  297. information can be collected and added to user bug reports.
  298. Device Wedging
  299. ==============
  300. Drivers can optionally make use of device wedged event (implemented as
  301. drm_dev_wedged_event() in DRM subsystem), which notifies userspace of 'wedged'
  302. (hanged/unusable) state of the DRM device through a uevent. This is useful
  303. especially in cases where the device is no longer operating as expected and has
  304. become unrecoverable from driver context. Purpose of this implementation is to
  305. provide drivers a generic way to recover the device with the help of userspace
  306. intervention, without taking any drastic measures (like resetting or
  307. re-enumerating the full bus, on which the underlying physical device is sitting)
  308. in the driver.
  309. A 'wedged' device is basically a device that is declared dead by the driver
  310. after exhausting all possible attempts to recover it from driver context. The
  311. uevent is the notification that is sent to userspace along with a hint about
  312. what could possibly be attempted to recover the device from userspace and bring
  313. it back to usable state. Different drivers may have different ideas of a
  314. 'wedged' device depending on hardware implementation of the underlying physical
  315. device, and hence the vendor agnostic nature of the event. It is up to the
  316. drivers to decide when they see the need for device recovery and how they want
  317. to recover from the available methods.
  318. Driver prerequisites
  319. --------------------
  320. The driver, before opting for recovery, needs to make sure that the 'wedged'
  321. device doesn't harm the system as a whole by taking care of the prerequisites.
  322. Necessary actions must include disabling DMA to system memory as well as any
  323. communication channels with other devices. Further, the driver must ensure
  324. that all dma_fences are signalled and any device state that the core kernel
  325. might depend on is cleaned up. All existing mmaps should be invalidated and
  326. page faults should be redirected to a dummy page. Once the event is sent, the
  327. device must be kept in 'wedged' state until the recovery is performed. New
  328. accesses to the device (IOCTLs) should be rejected, preferably with an error
  329. code that resembles the type of failure the device has encountered. This will
  330. signify the reason for wedging, which can be reported to the application if
  331. needed.
  332. Recovery
  333. --------
  334. Current implementation defines four recovery methods, out of which, drivers
  335. can use any one, multiple or none. Method(s) of choice will be sent in the
  336. uevent environment as ``WEDGED=<method1>[,..,<methodN>]`` in order of less to
  337. more side-effects. See the section `Vendor Specific Recovery`_
  338. for ``WEDGED=vendor-specific``. If driver is unsure about recovery or
  339. method is unknown, ``WEDGED=unknown`` will be sent instead.
  340. Userspace consumers can parse this event and attempt recovery as per the
  341. following expectations.
  342. =============== ========================================
  343. Recovery method Consumer expectations
  344. =============== ========================================
  345. none optional telemetry collection
  346. rebind unbind + bind driver
  347. bus-reset unbind + bus reset/re-enumeration + bind
  348. vendor-specific vendor specific recovery method
  349. unknown consumer policy
  350. =============== ========================================
  351. The only exception to this is ``WEDGED=none``, which signifies that the device
  352. was temporarily 'wedged' at some point but was recovered from driver context
  353. using device specific methods like reset. No explicit recovery is expected from
  354. the consumer in this case, but it can still take additional steps like gathering
  355. telemetry information (devcoredump, syslog). This is useful because the first
  356. hang is usually the most critical one which can result in consequential hangs or
  357. complete wedging.
  358. Vendor Specific Recovery
  359. ------------------------
  360. When ``WEDGED=vendor-specific`` is sent, it indicates that the device requires
  361. a recovery procedure specific to the hardware vendor and is not one of the
  362. standardized approaches.
  363. ``WEDGED=vendor-specific`` may be used to indicate different cases within a
  364. single vendor driver, each requiring a distinct recovery procedure.
  365. In such scenarios, the vendor driver must provide comprehensive documentation
  366. that describes each case, include additional hints to identify specific case and
  367. outline the corresponding recovery procedure. The documentation includes:
  368. Case - A list of all cases that sends the ``WEDGED=vendor-specific`` recovery method.
  369. Hints - Additional Information to assist the userspace consumer in identifying and
  370. differentiating between different cases. This can be exposed through sysfs, debugfs,
  371. traces, dmesg etc.
  372. Recovery Procedure - Clear instructions and guidance for recovering each case.
  373. This may include userspace scripts, tools needed for the recovery procedure.
  374. It is the responsibility of the admin/userspace consumer to identify the case and
  375. verify additional identification hints before attempting a recovery procedure.
  376. Example: If the device uses the Xe driver, then userspace consumer should refer to
  377. :ref:`Xe Device Wedging <xe-device-wedging>` for the detailed documentation.
  378. Task information
  379. ----------------
  380. The information about which application (if any) was involved in the device
  381. wedging is useful for userspace if they want to notify the user about what
  382. happened (e.g. the compositor display a message to the user "The <task name>
  383. caused a graphical error and the system recovered") or to implement policies
  384. (e.g. the daemon may "ban" an task that keeps resetting the device). If the task
  385. information is available, the uevent will display as ``PID=<pid>`` and
  386. ``TASK=<task name>``. Otherwise, ``PID`` and ``TASK`` will not appear in the
  387. event string.
  388. The reliability of this information is driver and hardware specific, and should
  389. be taken with a caution regarding it's precision. To have a big picture of what
  390. really happened, the devcoredump file provides much more detailed information
  391. about the device state and about the event.
  392. Consumer prerequisites
  393. ----------------------
  394. It is the responsibility of the consumer to make sure that the device or its
  395. resources are not in use by any process before attempting recovery. With IOCTLs
  396. erroring out, all device memory should be unmapped and file descriptors should
  397. be closed to prevent leaks or undefined behaviour. The idea here is to clear the
  398. device of all user context beforehand and set the stage for a clean recovery.
  399. For ``WEDGED=vendor-specific`` recovery method, it is the responsibility of the
  400. consumer to check the driver documentation and the usecase before attempting
  401. a recovery.
  402. Example - rebind
  403. ----------------
  404. Udev rule::
  405. SUBSYSTEM=="drm", ENV{WEDGED}=="rebind", DEVPATH=="*/drm/card[0-9]",
  406. RUN+="/path/to/rebind.sh $env{DEVPATH}"
  407. Recovery script::
  408. #!/bin/sh
  409. DEVPATH=$(readlink -f /sys/$1/device)
  410. DEVICE=$(basename $DEVPATH)
  411. DRIVER=$(readlink -f $DEVPATH/driver)
  412. echo -n $DEVICE > $DRIVER/unbind
  413. echo -n $DEVICE > $DRIVER/bind
  414. Customization
  415. -------------
  416. Although basic recovery is possible with a simple script, consumers can define
  417. custom policies around recovery. For example, if the driver supports multiple
  418. recovery methods, consumers can opt for the suitable one depending on scenarios
  419. like repeat offences or vendor specific failures. Consumers can also choose to
  420. have the device available for debugging or telemetry collection and base their
  421. recovery decision on the findings. This is useful especially when the driver is
  422. unsure about recovery or method is unknown.
  423. .. _drm_driver_ioctl:
  424. IOCTL Support on Device Nodes
  425. =============================
  426. .. kernel-doc:: drivers/gpu/drm/drm_ioctl.c
  427. :doc: driver specific ioctls
  428. Recommended IOCTL Return Values
  429. -------------------------------
  430. In theory a driver's IOCTL callback is only allowed to return very few error
  431. codes. In practice it's good to abuse a few more. This section documents common
  432. practice within the DRM subsystem:
  433. ENOENT:
  434. Strictly this should only be used when a file doesn't exist e.g. when
  435. calling the open() syscall. We reuse that to signal any kind of object
  436. lookup failure, e.g. for unknown GEM buffer object handles, unknown KMS
  437. object handles and similar cases.
  438. ENOSPC:
  439. Some drivers use this to differentiate "out of kernel memory" from "out
  440. of VRAM". Sometimes also applies to other limited gpu resources used for
  441. rendering (e.g. when you have a special limited compression buffer).
  442. Sometimes resource allocation/reservation issues in command submission
  443. IOCTLs are also signalled through EDEADLK.
  444. Simply running out of kernel/system memory is signalled through ENOMEM.
  445. EPERM/EACCES:
  446. Returned for an operation that is valid, but needs more privileges.
  447. E.g. root-only or much more common, DRM master-only operations return
  448. this when called by unpriviledged clients. There's no clear
  449. difference between EACCES and EPERM.
  450. ENODEV:
  451. The device is not present anymore or is not yet fully initialized.
  452. EOPNOTSUPP:
  453. Feature (like PRIME, modesetting, GEM) is not supported by the driver.
  454. ENXIO:
  455. Remote failure, either a hardware transaction (like i2c), but also used
  456. when the exporting driver of a shared dma-buf or fence doesn't support a
  457. feature needed.
  458. EINTR:
  459. DRM drivers assume that userspace restarts all IOCTLs. Any DRM IOCTL can
  460. return EINTR and in such a case should be restarted with the IOCTL
  461. parameters left unchanged.
  462. EIO:
  463. The GPU died and couldn't be resurrected through a reset. Modesetting
  464. hardware failures are signalled through the "link status" connector
  465. property.
  466. EINVAL:
  467. Catch-all for anything that is an invalid argument combination which
  468. cannot work.
  469. IOCTL also use other error codes like ETIME, EFAULT, EBUSY, ENOTTY but their
  470. usage is in line with the common meanings. The above list tries to just document
  471. DRM specific patterns. Note that ENOTTY has the slightly unintuitive meaning of
  472. "this IOCTL does not exist", and is used exactly as such in DRM.
  473. .. kernel-doc:: include/drm/drm_ioctl.h
  474. :internal:
  475. .. kernel-doc:: drivers/gpu/drm/drm_ioctl.c
  476. :export:
  477. .. kernel-doc:: drivers/gpu/drm/drm_ioc32.c
  478. :export:
  479. Testing and validation
  480. ======================
  481. Testing Requirements for userspace API
  482. --------------------------------------
  483. New cross-driver userspace interface extensions, like new IOCTL, new KMS
  484. properties, new files in sysfs or anything else that constitutes an API change
  485. should have driver-agnostic testcases in IGT for that feature, if such a test
  486. can be reasonably made using IGT for the target hardware.
  487. Validating changes with IGT
  488. ---------------------------
  489. There's a collection of tests that aims to cover the whole functionality of
  490. DRM drivers and that can be used to check that changes to DRM drivers or the
  491. core don't regress existing functionality. This test suite is called IGT and
  492. its code and instructions to build and run can be found in
  493. https://gitlab.freedesktop.org/drm/igt-gpu-tools/.
  494. Using VKMS to test DRM API
  495. --------------------------
  496. VKMS is a software-only model of a KMS driver that is useful for testing
  497. and for running compositors. VKMS aims to enable a virtual display without
  498. the need for a hardware display capability. These characteristics made VKMS
  499. a perfect tool for validating the DRM core behavior and also support the
  500. compositor developer. VKMS makes it possible to test DRM functions in a
  501. virtual machine without display, simplifying the validation of some of the
  502. core changes.
  503. To Validate changes in DRM API with VKMS, start setting the kernel: make
  504. sure to enable VKMS module; compile the kernel with the VKMS enabled and
  505. install it in the target machine. VKMS can be run in a Virtual Machine
  506. (QEMU, virtme or similar). It's recommended the use of KVM with the minimum
  507. of 1GB of RAM and four cores.
  508. It's possible to run the IGT-tests in a VM in two ways:
  509. 1. Use IGT inside a VM
  510. 2. Use IGT from the host machine and write the results in a shared directory.
  511. Following is an example of using a VM with a shared directory with
  512. the host machine to run igt-tests. This example uses virtme::
  513. $ virtme-run --rwdir /path/for/shared_dir --kdir=path/for/kernel/directory --mods=auto
  514. Run the igt-tests in the guest machine. This example runs the 'kms_flip'
  515. tests::
  516. $ /path/for/igt-gpu-tools/scripts/run-tests.sh -p -s -t "kms_flip.*" -v
  517. In this example, instead of building the igt_runner, Piglit is used
  518. (-p option). It creates an HTML summary of the test results and saves
  519. them in the folder "igt-gpu-tools/results". It executes only the igt-tests
  520. matching the -t option.
  521. Display CRC Support
  522. -------------------
  523. .. kernel-doc:: drivers/gpu/drm/drm_debugfs_crc.c
  524. :doc: CRC ABI
  525. .. kernel-doc:: drivers/gpu/drm/drm_debugfs_crc.c
  526. :export:
  527. Debugfs Support
  528. ---------------
  529. .. kernel-doc:: include/drm/drm_debugfs.h
  530. :internal:
  531. .. kernel-doc:: drivers/gpu/drm/drm_debugfs.c
  532. :export:
  533. Sysfs Support
  534. =============
  535. .. kernel-doc:: drivers/gpu/drm/drm_sysfs.c
  536. :doc: overview
  537. .. kernel-doc:: drivers/gpu/drm/drm_sysfs.c
  538. :export:
  539. VBlank event handling
  540. =====================
  541. The DRM core exposes two vertical blank related ioctls:
  542. :c:macro:`DRM_IOCTL_WAIT_VBLANK`
  543. This takes a struct drm_wait_vblank structure as its argument, and
  544. it is used to block or request a signal when a specified vblank
  545. event occurs.
  546. :c:macro:`DRM_IOCTL_MODESET_CTL`
  547. This was only used for user-mode-settind drivers around modesetting
  548. changes to allow the kernel to update the vblank interrupt after
  549. mode setting, since on many devices the vertical blank counter is
  550. reset to 0 at some point during modeset. Modern drivers should not
  551. call this any more since with kernel mode setting it is a no-op.
  552. Userspace API Structures
  553. ========================
  554. .. kernel-doc:: include/uapi/drm/drm_mode.h
  555. :doc: overview
  556. .. _crtc_index:
  557. CRTC index
  558. ----------
  559. CRTC's have both an object ID and an index, and they are not the same thing.
  560. The index is used in cases where a densely packed identifier for a CRTC is
  561. needed, for instance a bitmask of CRTC's. The member possible_crtcs of struct
  562. drm_mode_get_plane is an example.
  563. :c:macro:`DRM_IOCTL_MODE_GETRESOURCES` populates a structure with an array of
  564. CRTC ID's, and the CRTC index is its position in this array.
  565. .. kernel-doc:: include/uapi/drm/drm.h
  566. :internal:
  567. .. kernel-doc:: include/uapi/drm/drm_mode.h
  568. :internal:
  569. dma-buf interoperability
  570. ========================
  571. Please see Documentation/userspace-api/dma-buf-alloc-exchange.rst for
  572. information on how dma-buf is integrated and exposed within DRM.
  573. Trace events
  574. ============
  575. See Documentation/trace/tracepoints.rst for information about using
  576. Linux Kernel Tracepoints.
  577. In the DRM subsystem, some events are considered stable uAPI to avoid
  578. breaking tools (e.g.: GPUVis, umr) relying on them. Stable means that fields
  579. cannot be removed, nor their formatting updated. Adding new fields is
  580. possible, under the normal uAPI requirements.
  581. Stable uAPI events
  582. ------------------
  583. From ``drivers/gpu/drm/scheduler/gpu_scheduler_trace.h``
  584. .. kernel-doc:: drivers/gpu/drm/scheduler/gpu_scheduler_trace.h
  585. :doc: uAPI trace events