msm_gem_vma.c 38 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619
  1. // SPDX-License-Identifier: GPL-2.0-only
  2. /*
  3. * Copyright (C) 2016 Red Hat
  4. * Author: Rob Clark <robdclark@gmail.com>
  5. */
  6. #include "drm/drm_file.h"
  7. #include "drm/msm_drm.h"
  8. #include "linux/file.h"
  9. #include "linux/sync_file.h"
  10. #include "msm_drv.h"
  11. #include "msm_gem.h"
  12. #include "msm_gpu.h"
  13. #include "msm_mmu.h"
  14. #include "msm_syncobj.h"
  15. #define vm_dbg(fmt, ...) pr_debug("%s:%d: "fmt"\n", __func__, __LINE__, ##__VA_ARGS__)
  16. static uint vm_log_shift = 0;
  17. MODULE_PARM_DESC(vm_log_shift, "Length of VM op log");
  18. module_param_named(vm_log_shift, vm_log_shift, uint, 0600);
  19. /**
  20. * struct msm_vm_map_op - create new pgtable mapping
  21. */
  22. struct msm_vm_map_op {
  23. /** @iova: start address for mapping */
  24. uint64_t iova;
  25. /** @range: size of the region to map */
  26. uint64_t range;
  27. /** @offset: offset into @sgt to map */
  28. uint64_t offset;
  29. /** @sgt: pages to map, or NULL for a PRR mapping */
  30. struct sg_table *sgt;
  31. /** @prot: the mapping protection flags */
  32. int prot;
  33. /**
  34. * @queue_id: The id of the submitqueue the operation is performed
  35. * on, or zero for (in particular) UNMAP ops triggered outside of
  36. * a submitqueue (ie. process cleanup)
  37. */
  38. int queue_id;
  39. };
  40. /**
  41. * struct msm_vm_unmap_op - unmap a range of pages from pgtable
  42. */
  43. struct msm_vm_unmap_op {
  44. /** @iova: start address for unmap */
  45. uint64_t iova;
  46. /** @range: size of region to unmap */
  47. uint64_t range;
  48. /** @reason: The reason for the unmap */
  49. const char *reason;
  50. /**
  51. * @queue_id: The id of the submitqueue the operation is performed
  52. * on, or zero for (in particular) UNMAP ops triggered outside of
  53. * a submitqueue (ie. process cleanup)
  54. */
  55. int queue_id;
  56. };
  57. /**
  58. * struct msm_vm_op - A MAP or UNMAP operation
  59. */
  60. struct msm_vm_op {
  61. /** @op: The operation type */
  62. enum {
  63. MSM_VM_OP_MAP = 1,
  64. MSM_VM_OP_UNMAP,
  65. } op;
  66. union {
  67. /** @map: Parameters used if op == MSM_VMA_OP_MAP */
  68. struct msm_vm_map_op map;
  69. /** @unmap: Parameters used if op == MSM_VMA_OP_UNMAP */
  70. struct msm_vm_unmap_op unmap;
  71. };
  72. /** @node: list head in msm_vm_bind_job::vm_ops */
  73. struct list_head node;
  74. /**
  75. * @obj: backing object for pages to be mapped/unmapped
  76. *
  77. * Async unmap ops, in particular, must hold a reference to the
  78. * original GEM object backing the mapping that will be unmapped.
  79. * But the same can be required in the map path, for example if
  80. * there is not a corresponding unmap op, such as process exit.
  81. *
  82. * This ensures that the pages backing the mapping are not freed
  83. * before the mapping is torn down.
  84. */
  85. struct drm_gem_object *obj;
  86. };
  87. /**
  88. * struct msm_vm_bind_job - Tracking for a VM_BIND ioctl
  89. *
  90. * A table of userspace requested VM updates (MSM_VM_BIND_OP_UNMAP/MAP/MAP_NULL)
  91. * gets applied to the vm, generating a list of VM ops (MSM_VM_OP_MAP/UNMAP)
  92. * which are applied to the pgtables asynchronously. For example a userspace
  93. * requested MSM_VM_BIND_OP_MAP could end up generating both an MSM_VM_OP_UNMAP
  94. * to unmap an existing mapping, and a MSM_VM_OP_MAP to apply the new mapping.
  95. */
  96. struct msm_vm_bind_job {
  97. /** @base: base class for drm_sched jobs */
  98. struct drm_sched_job base;
  99. /** @vm: The VM being operated on */
  100. struct drm_gpuvm *vm;
  101. /** @fence: The fence that is signaled when job completes */
  102. struct dma_fence *fence;
  103. /** @queue: The queue that the job runs on */
  104. struct msm_gpu_submitqueue *queue;
  105. /** @prealloc: Tracking for pre-allocated MMU pgtable pages */
  106. struct msm_mmu_prealloc prealloc;
  107. /** @vm_ops: a list of struct msm_vm_op */
  108. struct list_head vm_ops;
  109. /** @bos_pinned: are the GEM objects being bound pinned? */
  110. bool bos_pinned;
  111. /** @nr_ops: the number of userspace requested ops */
  112. unsigned int nr_ops;
  113. /**
  114. * @ops: the userspace requested ops
  115. *
  116. * The userspace requested ops are copied/parsed and validated
  117. * before we start applying the updates to try to do as much up-
  118. * front error checking as possible, to avoid the VM being in an
  119. * undefined state due to partially executed VM_BIND.
  120. *
  121. * This table also serves to hold a reference to the backing GEM
  122. * objects.
  123. */
  124. struct msm_vm_bind_op {
  125. uint32_t op;
  126. uint32_t flags;
  127. union {
  128. struct drm_gem_object *obj;
  129. uint32_t handle;
  130. };
  131. uint64_t obj_offset;
  132. uint64_t iova;
  133. uint64_t range;
  134. } ops[];
  135. };
  136. #define job_foreach_bo(obj, _job) \
  137. for (unsigned i = 0; i < (_job)->nr_ops; i++) \
  138. if ((obj = (_job)->ops[i].obj))
  139. static inline struct msm_vm_bind_job *to_msm_vm_bind_job(struct drm_sched_job *job)
  140. {
  141. return container_of(job, struct msm_vm_bind_job, base);
  142. }
  143. static void
  144. msm_gem_vm_free(struct drm_gpuvm *gpuvm)
  145. {
  146. struct msm_gem_vm *vm = container_of(gpuvm, struct msm_gem_vm, base);
  147. drm_mm_takedown(&vm->mm);
  148. if (vm->mmu)
  149. vm->mmu->funcs->destroy(vm->mmu);
  150. dma_fence_put(vm->last_fence);
  151. put_pid(vm->pid);
  152. kfree(vm->log);
  153. kfree(vm);
  154. }
  155. /**
  156. * msm_gem_vm_unusable() - Mark a VM as unusable
  157. * @gpuvm: the VM to mark unusable
  158. */
  159. void
  160. msm_gem_vm_unusable(struct drm_gpuvm *gpuvm)
  161. {
  162. struct msm_gem_vm *vm = to_msm_vm(gpuvm);
  163. uint32_t vm_log_len = (1 << vm->log_shift);
  164. uint32_t vm_log_mask = vm_log_len - 1;
  165. uint32_t nr_vm_logs;
  166. int first;
  167. vm->unusable = true;
  168. /* Bail if no log, or empty log: */
  169. if (!vm->log || !vm->log[0].op)
  170. return;
  171. mutex_lock(&vm->mmu_lock);
  172. /*
  173. * log_idx is the next entry to overwrite, meaning it is the oldest, or
  174. * first, entry (other than the special case handled below where the
  175. * log hasn't wrapped around yet)
  176. */
  177. first = vm->log_idx;
  178. if (!vm->log[first].op) {
  179. /*
  180. * If the next log entry has not been written yet, then only
  181. * entries 0 to idx-1 are valid (ie. we haven't wrapped around
  182. * yet)
  183. */
  184. nr_vm_logs = MAX(0, first - 1);
  185. first = 0;
  186. } else {
  187. nr_vm_logs = vm_log_len;
  188. }
  189. pr_err("vm-log:\n");
  190. for (int i = 0; i < nr_vm_logs; i++) {
  191. int idx = (i + first) & vm_log_mask;
  192. struct msm_gem_vm_log_entry *e = &vm->log[idx];
  193. pr_err(" - %s:%d: 0x%016llx-0x%016llx\n",
  194. e->op, e->queue_id, e->iova,
  195. e->iova + e->range);
  196. }
  197. mutex_unlock(&vm->mmu_lock);
  198. }
  199. static void
  200. vm_log(struct msm_gem_vm *vm, const char *op, uint64_t iova, uint64_t range, int queue_id)
  201. {
  202. int idx;
  203. if (!vm->managed)
  204. lockdep_assert_held(&vm->mmu_lock);
  205. vm_dbg("%s:%p:%d: %016llx %016llx", op, vm, queue_id, iova, iova + range);
  206. if (!vm->log)
  207. return;
  208. idx = vm->log_idx;
  209. vm->log[idx].op = op;
  210. vm->log[idx].iova = iova;
  211. vm->log[idx].range = range;
  212. vm->log[idx].queue_id = queue_id;
  213. vm->log_idx = (vm->log_idx + 1) & ((1 << vm->log_shift) - 1);
  214. }
  215. static void
  216. vm_unmap_op(struct msm_gem_vm *vm, const struct msm_vm_unmap_op *op)
  217. {
  218. const char *reason = op->reason;
  219. if (!reason)
  220. reason = "unmap";
  221. vm_log(vm, reason, op->iova, op->range, op->queue_id);
  222. vm->mmu->funcs->unmap(vm->mmu, op->iova, op->range);
  223. }
  224. static int
  225. vm_map_op(struct msm_gem_vm *vm, const struct msm_vm_map_op *op)
  226. {
  227. vm_log(vm, "map", op->iova, op->range, op->queue_id);
  228. return vm->mmu->funcs->map(vm->mmu, op->iova, op->sgt, op->offset,
  229. op->range, op->prot);
  230. }
  231. /* Actually unmap memory for the vma */
  232. void msm_gem_vma_unmap(struct drm_gpuva *vma, const char *reason)
  233. {
  234. struct msm_gem_vm *vm = to_msm_vm(vma->vm);
  235. struct msm_gem_vma *msm_vma = to_msm_vma(vma);
  236. /* Don't do anything if the memory isn't mapped */
  237. if (!msm_vma->mapped)
  238. return;
  239. /*
  240. * The mmu_lock is only needed when preallocation is used. But
  241. * in that case we don't need to worry about recursion into
  242. * shrinker
  243. */
  244. if (!vm->managed)
  245. mutex_lock(&vm->mmu_lock);
  246. vm_unmap_op(vm, &(struct msm_vm_unmap_op){
  247. .iova = vma->va.addr,
  248. .range = vma->va.range,
  249. .reason = reason,
  250. });
  251. if (!vm->managed)
  252. mutex_unlock(&vm->mmu_lock);
  253. msm_vma->mapped = false;
  254. }
  255. /* Map and pin vma: */
  256. int
  257. msm_gem_vma_map(struct drm_gpuva *vma, int prot, struct sg_table *sgt)
  258. {
  259. struct msm_gem_vm *vm = to_msm_vm(vma->vm);
  260. struct msm_gem_vma *msm_vma = to_msm_vma(vma);
  261. int ret;
  262. if (GEM_WARN_ON(!vma->va.addr))
  263. return -EINVAL;
  264. if (msm_vma->mapped)
  265. return 0;
  266. msm_vma->mapped = true;
  267. /*
  268. * The mmu_lock is only needed when preallocation is used. But
  269. * in that case we don't need to worry about recursion into
  270. * shrinker
  271. */
  272. if (!vm->managed)
  273. mutex_lock(&vm->mmu_lock);
  274. /*
  275. * NOTE: if not using pgtable preallocation, we cannot hold
  276. * a lock across map/unmap which is also used in the job_run()
  277. * path, as this can cause deadlock in job_run() vs shrinker/
  278. * reclaim.
  279. */
  280. ret = vm_map_op(vm, &(struct msm_vm_map_op){
  281. .iova = vma->va.addr,
  282. .range = vma->va.range,
  283. .offset = vma->gem.offset,
  284. .sgt = sgt,
  285. .prot = prot,
  286. });
  287. if (!vm->managed)
  288. mutex_unlock(&vm->mmu_lock);
  289. if (ret)
  290. msm_vma->mapped = false;
  291. return ret;
  292. }
  293. /* Close an iova. Warn if it is still in use */
  294. void msm_gem_vma_close(struct drm_gpuva *vma)
  295. {
  296. struct msm_gem_vm *vm = to_msm_vm(vma->vm);
  297. struct msm_gem_vma *msm_vma = to_msm_vma(vma);
  298. GEM_WARN_ON(msm_vma->mapped);
  299. drm_gpuvm_resv_assert_held(&vm->base);
  300. if (vma->gem.obj)
  301. msm_gem_assert_locked(vma->gem.obj);
  302. if (vma->va.addr && vm->managed)
  303. drm_mm_remove_node(&msm_vma->node);
  304. drm_gpuva_remove(vma);
  305. drm_gpuva_unlink(vma);
  306. kfree(vma);
  307. }
  308. /* Create a new vma and allocate an iova for it */
  309. struct drm_gpuva *
  310. msm_gem_vma_new(struct drm_gpuvm *gpuvm, struct drm_gem_object *obj,
  311. u64 offset, u64 range_start, u64 range_end)
  312. {
  313. struct msm_gem_vm *vm = to_msm_vm(gpuvm);
  314. struct drm_gpuvm_bo *vm_bo;
  315. struct msm_gem_vma *vma;
  316. int ret;
  317. drm_gpuvm_resv_assert_held(&vm->base);
  318. vma = kzalloc_obj(*vma);
  319. if (!vma)
  320. return ERR_PTR(-ENOMEM);
  321. if (vm->managed) {
  322. BUG_ON(offset != 0);
  323. BUG_ON(!obj); /* NULL mappings not valid for kernel managed VM */
  324. ret = drm_mm_insert_node_in_range(&vm->mm, &vma->node,
  325. obj->size, PAGE_SIZE, 0,
  326. range_start, range_end, 0);
  327. if (ret)
  328. goto err_free_vma;
  329. range_start = vma->node.start;
  330. range_end = range_start + obj->size;
  331. }
  332. if (obj)
  333. GEM_WARN_ON((range_end - range_start) > obj->size);
  334. struct drm_gpuva_op_map op_map = {
  335. .va.addr = range_start,
  336. .va.range = range_end - range_start,
  337. .gem.obj = obj,
  338. .gem.offset = offset,
  339. };
  340. drm_gpuva_init_from_op(&vma->base, &op_map);
  341. vma->mapped = false;
  342. ret = drm_gpuva_insert(&vm->base, &vma->base);
  343. if (ret)
  344. goto err_free_range;
  345. if (!obj)
  346. return &vma->base;
  347. vm_bo = drm_gpuvm_bo_obtain_locked(&vm->base, obj);
  348. if (IS_ERR(vm_bo)) {
  349. ret = PTR_ERR(vm_bo);
  350. goto err_va_remove;
  351. }
  352. drm_gpuvm_bo_extobj_add(vm_bo);
  353. drm_gpuva_link(&vma->base, vm_bo);
  354. GEM_WARN_ON(drm_gpuvm_bo_put(vm_bo));
  355. return &vma->base;
  356. err_va_remove:
  357. drm_gpuva_remove(&vma->base);
  358. err_free_range:
  359. if (vm->managed)
  360. drm_mm_remove_node(&vma->node);
  361. err_free_vma:
  362. kfree(vma);
  363. return ERR_PTR(ret);
  364. }
  365. static int
  366. msm_gem_vm_bo_validate(struct drm_gpuvm_bo *vm_bo, struct drm_exec *exec)
  367. {
  368. struct drm_gem_object *obj = vm_bo->obj;
  369. struct drm_gpuva *vma;
  370. int ret;
  371. vm_dbg("validate: %p", obj);
  372. msm_gem_assert_locked(obj);
  373. drm_gpuvm_bo_for_each_va (vma, vm_bo) {
  374. ret = msm_gem_pin_vma_locked(obj, vma);
  375. if (ret)
  376. return ret;
  377. }
  378. return 0;
  379. }
  380. struct op_arg {
  381. unsigned flags;
  382. struct msm_vm_bind_job *job;
  383. const struct msm_vm_bind_op *op;
  384. bool kept;
  385. };
  386. static int
  387. vm_op_enqueue(struct op_arg *arg, struct msm_vm_op _op)
  388. {
  389. struct msm_vm_op *op = kmalloc_obj(*op);
  390. if (!op)
  391. return -ENOMEM;
  392. *op = _op;
  393. list_add_tail(&op->node, &arg->job->vm_ops);
  394. if (op->obj)
  395. drm_gem_object_get(op->obj);
  396. return 0;
  397. }
  398. static struct drm_gpuva *
  399. vma_from_op(struct op_arg *arg, struct drm_gpuva_op_map *op)
  400. {
  401. return msm_gem_vma_new(arg->job->vm, op->gem.obj, op->gem.offset,
  402. op->va.addr, op->va.addr + op->va.range);
  403. }
  404. static int
  405. msm_gem_vm_sm_step_map(struct drm_gpuva_op *op, void *_arg)
  406. {
  407. struct op_arg *arg = _arg;
  408. struct msm_vm_bind_job *job = arg->job;
  409. struct drm_gem_object *obj = op->map.gem.obj;
  410. struct drm_gpuva *vma;
  411. struct sg_table *sgt;
  412. unsigned prot;
  413. int ret;
  414. if (arg->kept)
  415. return 0;
  416. vma = vma_from_op(arg, &op->map);
  417. if (WARN_ON(IS_ERR(vma)))
  418. return PTR_ERR(vma);
  419. vm_dbg("%p:%p:%p: %016llx %016llx", vma->vm, vma, vma->gem.obj,
  420. vma->va.addr, vma->va.range);
  421. if (obj) {
  422. sgt = to_msm_bo(obj)->sgt;
  423. prot = msm_gem_prot(obj);
  424. } else {
  425. sgt = NULL;
  426. prot = IOMMU_READ | IOMMU_WRITE;
  427. }
  428. ret = vm_op_enqueue(arg, (struct msm_vm_op){
  429. .op = MSM_VM_OP_MAP,
  430. .map = {
  431. .sgt = sgt,
  432. .iova = vma->va.addr,
  433. .range = vma->va.range,
  434. .offset = vma->gem.offset,
  435. .prot = prot,
  436. .queue_id = job->queue->id,
  437. },
  438. .obj = vma->gem.obj,
  439. });
  440. if (ret)
  441. return ret;
  442. vma->flags = ((struct op_arg *)arg)->flags;
  443. to_msm_vma(vma)->mapped = true;
  444. return 0;
  445. }
  446. static int
  447. msm_gem_vm_sm_step_remap(struct drm_gpuva_op *op, void *arg)
  448. {
  449. struct msm_vm_bind_job *job = ((struct op_arg *)arg)->job;
  450. struct drm_gpuvm *vm = job->vm;
  451. struct drm_gpuva *orig_vma = op->remap.unmap->va;
  452. struct drm_gpuva *prev_vma = NULL, *next_vma = NULL;
  453. struct drm_gpuvm_bo *vm_bo = orig_vma->vm_bo;
  454. bool mapped = to_msm_vma(orig_vma)->mapped;
  455. unsigned flags;
  456. int ret;
  457. vm_dbg("orig_vma: %p:%p:%p: %016llx %016llx", vm, orig_vma,
  458. orig_vma->gem.obj, orig_vma->va.addr, orig_vma->va.range);
  459. if (mapped) {
  460. uint64_t unmap_start, unmap_range;
  461. drm_gpuva_op_remap_to_unmap_range(&op->remap, &unmap_start, &unmap_range);
  462. ret = vm_op_enqueue(arg, (struct msm_vm_op){
  463. .op = MSM_VM_OP_UNMAP,
  464. .unmap = {
  465. .iova = unmap_start,
  466. .range = unmap_range,
  467. .queue_id = job->queue->id,
  468. },
  469. .obj = orig_vma->gem.obj,
  470. });
  471. if (ret)
  472. return ret;
  473. /*
  474. * Part of this GEM obj is still mapped, but we're going to kill the
  475. * existing VMA and replace it with one or two new ones (ie. two if
  476. * the unmapped range is in the middle of the existing (unmap) VMA).
  477. * So just set the state to unmapped:
  478. */
  479. to_msm_vma(orig_vma)->mapped = false;
  480. }
  481. /*
  482. * Hold a ref to the vm_bo between the msm_gem_vma_close() and the
  483. * creation of the new prev/next vma's, in case the vm_bo is tracked
  484. * in the VM's evict list:
  485. */
  486. if (vm_bo)
  487. drm_gpuvm_bo_get(vm_bo);
  488. /*
  489. * The prev_vma and/or next_vma are replacing the unmapped vma, and
  490. * therefore should preserve it's flags:
  491. */
  492. flags = orig_vma->flags;
  493. msm_gem_vma_close(orig_vma);
  494. if (op->remap.prev) {
  495. prev_vma = vma_from_op(arg, op->remap.prev);
  496. if (WARN_ON(IS_ERR(prev_vma)))
  497. return PTR_ERR(prev_vma);
  498. vm_dbg("prev_vma: %p:%p: %016llx %016llx", vm, prev_vma, prev_vma->va.addr, prev_vma->va.range);
  499. to_msm_vma(prev_vma)->mapped = mapped;
  500. prev_vma->flags = flags;
  501. }
  502. if (op->remap.next) {
  503. next_vma = vma_from_op(arg, op->remap.next);
  504. if (WARN_ON(IS_ERR(next_vma)))
  505. return PTR_ERR(next_vma);
  506. vm_dbg("next_vma: %p:%p: %016llx %016llx", vm, next_vma, next_vma->va.addr, next_vma->va.range);
  507. to_msm_vma(next_vma)->mapped = mapped;
  508. next_vma->flags = flags;
  509. }
  510. if (!mapped)
  511. drm_gpuvm_bo_evict(vm_bo, true);
  512. /* Drop the previous ref: */
  513. drm_gpuvm_bo_put(vm_bo);
  514. return 0;
  515. }
  516. static int
  517. msm_gem_vm_sm_step_unmap(struct drm_gpuva_op *op, void *_arg)
  518. {
  519. struct op_arg *arg = _arg;
  520. struct msm_vm_bind_job *job = arg->job;
  521. struct drm_gpuva *vma = op->unmap.va;
  522. struct msm_gem_vma *msm_vma = to_msm_vma(vma);
  523. int ret;
  524. vm_dbg("%p:%p:%p: %016llx %016llx", vma->vm, vma, vma->gem.obj,
  525. vma->va.addr, vma->va.range);
  526. /*
  527. * Detect in-place remap. Turnip does this to change the vma flags,
  528. * in particular MSM_VMA_DUMP. In this case we want to avoid actually
  529. * touching the page tables, as that would require synchronization
  530. * against SUBMIT jobs running on the GPU.
  531. */
  532. if (op->unmap.keep &&
  533. (arg->op->op == MSM_VM_BIND_OP_MAP) &&
  534. (vma->gem.obj == arg->op->obj) &&
  535. (vma->gem.offset == arg->op->obj_offset) &&
  536. (vma->va.addr == arg->op->iova) &&
  537. (vma->va.range == arg->op->range)) {
  538. /* We are only expecting a single in-place unmap+map cb pair: */
  539. WARN_ON(arg->kept);
  540. /* Leave the existing VMA in place, but signal that to the map cb: */
  541. arg->kept = true;
  542. /* Only flags are changing, so update that in-place: */
  543. unsigned orig_flags = vma->flags & (DRM_GPUVA_USERBITS - 1);
  544. vma->flags = orig_flags | arg->flags;
  545. return 0;
  546. }
  547. if (!msm_vma->mapped)
  548. goto out_close;
  549. ret = vm_op_enqueue(arg, (struct msm_vm_op){
  550. .op = MSM_VM_OP_UNMAP,
  551. .unmap = {
  552. .iova = vma->va.addr,
  553. .range = vma->va.range,
  554. .queue_id = job->queue->id,
  555. },
  556. .obj = vma->gem.obj,
  557. });
  558. if (ret)
  559. return ret;
  560. msm_vma->mapped = false;
  561. out_close:
  562. msm_gem_vma_close(vma);
  563. return 0;
  564. }
  565. static const struct drm_gpuvm_ops msm_gpuvm_ops = {
  566. .vm_free = msm_gem_vm_free,
  567. .vm_bo_validate = msm_gem_vm_bo_validate,
  568. .sm_step_map = msm_gem_vm_sm_step_map,
  569. .sm_step_remap = msm_gem_vm_sm_step_remap,
  570. .sm_step_unmap = msm_gem_vm_sm_step_unmap,
  571. };
  572. static struct dma_fence *
  573. msm_vma_job_run(struct drm_sched_job *_job)
  574. {
  575. struct msm_vm_bind_job *job = to_msm_vm_bind_job(_job);
  576. struct msm_gem_vm *vm = to_msm_vm(job->vm);
  577. struct drm_gem_object *obj;
  578. int ret = vm->unusable ? -EINVAL : 0;
  579. vm_dbg("");
  580. mutex_lock(&vm->mmu_lock);
  581. vm->mmu->prealloc = &job->prealloc;
  582. while (!list_empty(&job->vm_ops)) {
  583. struct msm_vm_op *op =
  584. list_first_entry(&job->vm_ops, struct msm_vm_op, node);
  585. switch (op->op) {
  586. case MSM_VM_OP_MAP:
  587. /*
  588. * On error, stop trying to map new things.. but we
  589. * still want to process the unmaps (or in particular,
  590. * the drm_gem_object_put()s)
  591. */
  592. if (!ret)
  593. ret = vm_map_op(vm, &op->map);
  594. break;
  595. case MSM_VM_OP_UNMAP:
  596. vm_unmap_op(vm, &op->unmap);
  597. break;
  598. }
  599. drm_gem_object_put(op->obj);
  600. list_del(&op->node);
  601. kfree(op);
  602. }
  603. vm->mmu->prealloc = NULL;
  604. mutex_unlock(&vm->mmu_lock);
  605. /*
  606. * We failed to perform at least _some_ of the pgtable updates, so
  607. * now the VM is in an undefined state. Game over!
  608. */
  609. if (ret)
  610. msm_gem_vm_unusable(job->vm);
  611. job_foreach_bo (obj, job) {
  612. msm_gem_lock(obj);
  613. msm_gem_unpin_locked(obj);
  614. msm_gem_unlock(obj);
  615. }
  616. /* VM_BIND ops are synchronous, so no fence to wait on: */
  617. return NULL;
  618. }
  619. static void
  620. msm_vma_job_free(struct drm_sched_job *_job)
  621. {
  622. struct msm_vm_bind_job *job = to_msm_vm_bind_job(_job);
  623. struct msm_gem_vm *vm = to_msm_vm(job->vm);
  624. struct drm_gem_object *obj;
  625. vm->mmu->funcs->prealloc_cleanup(vm->mmu, &job->prealloc);
  626. atomic_sub(job->prealloc.count, &vm->prealloc_throttle.in_flight);
  627. drm_sched_job_cleanup(_job);
  628. job_foreach_bo (obj, job)
  629. drm_gem_object_put(obj);
  630. msm_submitqueue_put(job->queue);
  631. dma_fence_put(job->fence);
  632. /* In error paths, we could have unexecuted ops: */
  633. while (!list_empty(&job->vm_ops)) {
  634. struct msm_vm_op *op =
  635. list_first_entry(&job->vm_ops, struct msm_vm_op, node);
  636. list_del(&op->node);
  637. kfree(op);
  638. }
  639. wake_up(&vm->prealloc_throttle.wait);
  640. kfree(job);
  641. }
  642. static const struct drm_sched_backend_ops msm_vm_bind_ops = {
  643. .run_job = msm_vma_job_run,
  644. .free_job = msm_vma_job_free
  645. };
  646. /**
  647. * msm_gem_vm_create() - Create and initialize a &msm_gem_vm
  648. * @drm: the drm device
  649. * @mmu: the backing MMU objects handling mapping/unmapping
  650. * @name: the name of the VM
  651. * @va_start: the start offset of the VA space
  652. * @va_size: the size of the VA space
  653. * @managed: is it a kernel managed VM?
  654. *
  655. * In a kernel managed VM, the kernel handles address allocation, and only
  656. * synchronous operations are supported. In a user managed VM, userspace
  657. * handles virtual address allocation, and both async and sync operations
  658. * are supported.
  659. *
  660. * Returns: pointer to the created &struct drm_gpuvm on success
  661. * or an ERR_PTR(-errno) on failure.
  662. */
  663. struct drm_gpuvm *
  664. msm_gem_vm_create(struct drm_device *drm, struct msm_mmu *mmu, const char *name,
  665. u64 va_start, u64 va_size, bool managed)
  666. {
  667. /*
  668. * We mostly want to use DRM_GPUVM_RESV_PROTECTED, except that
  669. * makes drm_gpuvm_bo_evict() a no-op for extobjs (ie. we loose
  670. * tracking that an extobj is evicted) :facepalm:
  671. */
  672. enum drm_gpuvm_flags flags = 0;
  673. struct msm_gem_vm *vm;
  674. struct drm_gem_object *dummy_gem;
  675. int ret = 0;
  676. if (IS_ERR(mmu))
  677. return ERR_CAST(mmu);
  678. vm = kzalloc_obj(*vm);
  679. if (!vm)
  680. return ERR_PTR(-ENOMEM);
  681. dummy_gem = drm_gpuvm_resv_object_alloc(drm);
  682. if (!dummy_gem) {
  683. ret = -ENOMEM;
  684. goto err_free_vm;
  685. }
  686. if (!managed) {
  687. struct drm_sched_init_args args = {
  688. .ops = &msm_vm_bind_ops,
  689. .num_rqs = 1,
  690. .credit_limit = 1,
  691. .timeout = MAX_SCHEDULE_TIMEOUT,
  692. .name = "msm-vm-bind",
  693. .dev = drm->dev,
  694. };
  695. ret = drm_sched_init(&vm->sched, &args);
  696. if (ret)
  697. goto err_free_dummy;
  698. init_waitqueue_head(&vm->prealloc_throttle.wait);
  699. }
  700. drm_gpuvm_init(&vm->base, name, flags, drm, dummy_gem,
  701. va_start, va_size, 0, 0, &msm_gpuvm_ops);
  702. drm_gem_object_put(dummy_gem);
  703. vm->mmu = mmu;
  704. mutex_init(&vm->mmu_lock);
  705. vm->managed = managed;
  706. drm_mm_init(&vm->mm, va_start, va_size);
  707. /*
  708. * We don't really need vm log for kernel managed VMs, as the kernel
  709. * is responsible for ensuring that GEM objs are mapped if they are
  710. * used by a submit. Furthermore we piggyback on mmu_lock to serialize
  711. * access to the log.
  712. *
  713. * Limit the max log_shift to 8 to prevent userspace from asking us
  714. * for an unreasonable log size.
  715. */
  716. if (!managed)
  717. vm->log_shift = MIN(vm_log_shift, 8);
  718. if (vm->log_shift) {
  719. vm->log = kmalloc_objs(vm->log[0], 1 << vm->log_shift,
  720. GFP_KERNEL | __GFP_ZERO);
  721. }
  722. return &vm->base;
  723. err_free_dummy:
  724. drm_gem_object_put(dummy_gem);
  725. err_free_vm:
  726. kfree(vm);
  727. return ERR_PTR(ret);
  728. }
  729. /**
  730. * msm_gem_vm_close() - Close a VM
  731. * @gpuvm: The VM to close
  732. *
  733. * Called when the drm device file is closed, to tear down VM related resources
  734. * (which will drop refcounts to GEM objects that were still mapped into the
  735. * VM at the time).
  736. */
  737. void
  738. msm_gem_vm_close(struct drm_gpuvm *gpuvm)
  739. {
  740. struct msm_gem_vm *vm = to_msm_vm(gpuvm);
  741. struct drm_gpuva *vma, *tmp;
  742. struct drm_exec exec;
  743. /*
  744. * For kernel managed VMs, the VMAs are torn down when the handle is
  745. * closed, so nothing more to do.
  746. */
  747. if (vm->managed)
  748. return;
  749. if (vm->last_fence)
  750. dma_fence_wait(vm->last_fence, false);
  751. /* Kill the scheduler now, so we aren't racing with it for cleanup: */
  752. drm_sched_stop(&vm->sched, NULL);
  753. drm_sched_fini(&vm->sched);
  754. /* Tear down any remaining mappings: */
  755. drm_exec_init(&exec, 0, 2);
  756. drm_exec_until_all_locked (&exec) {
  757. drm_exec_lock_obj(&exec, drm_gpuvm_resv_obj(gpuvm));
  758. drm_exec_retry_on_contention(&exec);
  759. drm_gpuvm_for_each_va_safe (vma, tmp, gpuvm) {
  760. struct drm_gem_object *obj = vma->gem.obj;
  761. /*
  762. * MSM_BO_NO_SHARE objects share the same resv as the
  763. * VM, in which case the obj is already locked:
  764. */
  765. if (obj && (obj->resv == drm_gpuvm_resv(gpuvm)))
  766. obj = NULL;
  767. if (obj) {
  768. drm_exec_lock_obj(&exec, obj);
  769. drm_exec_retry_on_contention(&exec);
  770. }
  771. msm_gem_vma_unmap(vma, "close");
  772. msm_gem_vma_close(vma);
  773. if (obj) {
  774. drm_exec_unlock_obj(&exec, obj);
  775. }
  776. }
  777. }
  778. drm_exec_fini(&exec);
  779. }
  780. static struct msm_vm_bind_job *
  781. vm_bind_job_create(struct drm_device *dev, struct drm_file *file,
  782. struct msm_gpu_submitqueue *queue, uint32_t nr_ops)
  783. {
  784. struct msm_vm_bind_job *job;
  785. int ret;
  786. job = kzalloc_flex(*job, ops, nr_ops, GFP_KERNEL | __GFP_NOWARN);
  787. if (!job)
  788. return ERR_PTR(-ENOMEM);
  789. ret = drm_sched_job_init(&job->base, queue->entity, 1, queue,
  790. file->client_id);
  791. if (ret) {
  792. kfree(job);
  793. return ERR_PTR(ret);
  794. }
  795. job->vm = msm_context_vm(dev, queue->ctx);
  796. job->queue = queue;
  797. INIT_LIST_HEAD(&job->vm_ops);
  798. return job;
  799. }
  800. static bool invalid_alignment(uint64_t addr)
  801. {
  802. /*
  803. * Technically this is about GPU alignment, not CPU alignment. But
  804. * I've not seen any qcom SoC where the SMMU does not support the
  805. * CPU's smallest page size.
  806. */
  807. return !PAGE_ALIGNED(addr);
  808. }
  809. static int
  810. lookup_op(struct msm_vm_bind_job *job, const struct drm_msm_vm_bind_op *op)
  811. {
  812. struct drm_device *dev = job->vm->drm;
  813. struct msm_drm_private *priv = dev->dev_private;
  814. int i = job->nr_ops++;
  815. int ret = 0;
  816. job->ops[i].op = op->op;
  817. job->ops[i].handle = op->handle;
  818. job->ops[i].obj_offset = op->obj_offset;
  819. job->ops[i].iova = op->iova;
  820. job->ops[i].range = op->range;
  821. job->ops[i].flags = op->flags;
  822. if (op->flags & ~MSM_VM_BIND_OP_FLAGS)
  823. ret = UERR(EINVAL, dev, "invalid flags: %x\n", op->flags);
  824. if (invalid_alignment(op->iova))
  825. ret = UERR(EINVAL, dev, "invalid address: %016llx\n", op->iova);
  826. if (invalid_alignment(op->obj_offset))
  827. ret = UERR(EINVAL, dev, "invalid bo_offset: %016llx\n", op->obj_offset);
  828. if (invalid_alignment(op->range))
  829. ret = UERR(EINVAL, dev, "invalid range: %016llx\n", op->range);
  830. if (!drm_gpuvm_range_valid(job->vm, op->iova, op->range))
  831. ret = UERR(EINVAL, dev, "invalid range: %016llx, %016llx\n", op->iova, op->range);
  832. /*
  833. * MAP must specify a valid handle. But the handle MBZ for
  834. * UNMAP or MAP_NULL.
  835. */
  836. if (op->op == MSM_VM_BIND_OP_MAP) {
  837. if (!op->handle)
  838. ret = UERR(EINVAL, dev, "invalid handle\n");
  839. } else if (op->handle) {
  840. ret = UERR(EINVAL, dev, "handle must be zero\n");
  841. }
  842. switch (op->op) {
  843. case MSM_VM_BIND_OP_MAP:
  844. case MSM_VM_BIND_OP_MAP_NULL:
  845. case MSM_VM_BIND_OP_UNMAP:
  846. break;
  847. default:
  848. ret = UERR(EINVAL, dev, "invalid op: %u\n", op->op);
  849. break;
  850. }
  851. if ((op->op == MSM_VM_BIND_OP_MAP_NULL) &&
  852. !adreno_smmu_has_prr(priv->gpu)) {
  853. ret = UERR(EINVAL, dev, "PRR not supported\n");
  854. }
  855. return ret;
  856. }
  857. /*
  858. * ioctl parsing, parameter validation, and GEM handle lookup
  859. */
  860. static int
  861. vm_bind_job_lookup_ops(struct msm_vm_bind_job *job, struct drm_msm_vm_bind *args,
  862. struct drm_file *file, int *nr_bos)
  863. {
  864. struct drm_device *dev = job->vm->drm;
  865. int ret = 0;
  866. int cnt = 0;
  867. int i = -1;
  868. if (args->nr_ops == 1) {
  869. /* Single op case, the op is inlined: */
  870. ret = lookup_op(job, &args->op);
  871. } else {
  872. for (unsigned i = 0; i < args->nr_ops; i++) {
  873. struct drm_msm_vm_bind_op op;
  874. void __user *userptr =
  875. u64_to_user_ptr(args->ops + (i * sizeof(op)));
  876. /* make sure we don't have garbage flags, in case we hit
  877. * error path before flags is initialized:
  878. */
  879. job->ops[i].flags = 0;
  880. if (copy_from_user(&op, userptr, sizeof(op))) {
  881. ret = -EFAULT;
  882. break;
  883. }
  884. ret = lookup_op(job, &op);
  885. if (ret)
  886. break;
  887. }
  888. }
  889. if (ret) {
  890. job->nr_ops = 0;
  891. goto out;
  892. }
  893. spin_lock(&file->table_lock);
  894. for (i = 0; i < args->nr_ops; i++) {
  895. struct msm_vm_bind_op *op = &job->ops[i];
  896. struct drm_gem_object *obj;
  897. if (!op->handle) {
  898. op->obj = NULL;
  899. continue;
  900. }
  901. /*
  902. * normally use drm_gem_object_lookup(), but for bulk lookup
  903. * all under single table_lock just hit object_idr directly:
  904. */
  905. obj = idr_find(&file->object_idr, op->handle);
  906. if (!obj) {
  907. ret = UERR(EINVAL, dev, "invalid handle %u at index %u\n", op->handle, i);
  908. goto out_unlock;
  909. }
  910. drm_gem_object_get(obj);
  911. op->obj = obj;
  912. cnt++;
  913. if ((op->range + op->obj_offset) > obj->size) {
  914. ret = UERR(EINVAL, dev, "invalid range: %016llx + %016llx > %016zx\n",
  915. op->range, op->obj_offset, obj->size);
  916. goto out_unlock;
  917. }
  918. }
  919. *nr_bos = cnt;
  920. out_unlock:
  921. spin_unlock(&file->table_lock);
  922. if (ret) {
  923. for (; i >= 0; i--) {
  924. struct msm_vm_bind_op *op = &job->ops[i];
  925. if (!op->obj)
  926. continue;
  927. drm_gem_object_put(op->obj);
  928. op->obj = NULL;
  929. }
  930. }
  931. out:
  932. return ret;
  933. }
  934. static void
  935. prealloc_count(struct msm_vm_bind_job *job,
  936. struct msm_vm_bind_op *first,
  937. struct msm_vm_bind_op *last)
  938. {
  939. struct msm_mmu *mmu = to_msm_vm(job->vm)->mmu;
  940. if (!first)
  941. return;
  942. uint64_t start_iova = first->iova;
  943. uint64_t end_iova = last->iova + last->range;
  944. mmu->funcs->prealloc_count(mmu, &job->prealloc, start_iova, end_iova - start_iova);
  945. }
  946. static bool
  947. ops_are_same_pte(struct msm_vm_bind_op *first, struct msm_vm_bind_op *next)
  948. {
  949. /*
  950. * Last level pte covers 2MB.. so we should merge two ops, from
  951. * the PoV of figuring out how much pgtable pages to pre-allocate
  952. * if they land in the same 2MB range:
  953. */
  954. uint64_t pte_mask = ~(SZ_2M - 1);
  955. return ((first->iova + first->range) & pte_mask) == (next->iova & pte_mask);
  956. }
  957. /*
  958. * Determine the amount of memory to prealloc for pgtables. For sparse images,
  959. * in particular, userspace plays some tricks with the order of page mappings
  960. * to get the desired swizzle pattern, resulting in a large # of tiny MAP ops.
  961. * So detect when multiple MAP operations are physically contiguous, and count
  962. * them as a single mapping. Otherwise the prealloc_count() will not realize
  963. * they can share pagetable pages and vastly overcount.
  964. */
  965. static int
  966. vm_bind_prealloc_count(struct msm_vm_bind_job *job)
  967. {
  968. struct msm_vm_bind_op *first = NULL, *last = NULL;
  969. struct msm_gem_vm *vm = to_msm_vm(job->vm);
  970. int ret;
  971. for (int i = 0; i < job->nr_ops; i++) {
  972. struct msm_vm_bind_op *op = &job->ops[i];
  973. /* We only care about MAP/MAP_NULL: */
  974. if (op->op == MSM_VM_BIND_OP_UNMAP)
  975. continue;
  976. /*
  977. * If op is contiguous with last in the current range, then
  978. * it becomes the new last in the range and we continue
  979. * looping:
  980. */
  981. if (last && ops_are_same_pte(last, op)) {
  982. last = op;
  983. continue;
  984. }
  985. /*
  986. * If op is not contiguous with the current range, flush
  987. * the current range and start anew:
  988. */
  989. prealloc_count(job, first, last);
  990. first = last = op;
  991. }
  992. /* Flush the remaining range: */
  993. prealloc_count(job, first, last);
  994. /*
  995. * Now that we know the needed amount to pre-alloc, throttle on pending
  996. * VM_BIND jobs if we already have too much pre-alloc memory in flight
  997. */
  998. ret = wait_event_interruptible(
  999. vm->prealloc_throttle.wait,
  1000. atomic_read(&vm->prealloc_throttle.in_flight) <= 1024);
  1001. if (ret)
  1002. return ret;
  1003. atomic_add(job->prealloc.count, &vm->prealloc_throttle.in_flight);
  1004. return 0;
  1005. }
  1006. /*
  1007. * Lock VM and GEM objects
  1008. */
  1009. static int
  1010. vm_bind_job_lock_objects(struct msm_vm_bind_job *job, struct drm_exec *exec)
  1011. {
  1012. int ret;
  1013. /* Lock VM and objects: */
  1014. drm_exec_until_all_locked (exec) {
  1015. ret = drm_exec_lock_obj(exec, drm_gpuvm_resv_obj(job->vm));
  1016. drm_exec_retry_on_contention(exec);
  1017. if (ret)
  1018. return ret;
  1019. for (unsigned i = 0; i < job->nr_ops; i++) {
  1020. const struct msm_vm_bind_op *op = &job->ops[i];
  1021. switch (op->op) {
  1022. case MSM_VM_BIND_OP_UNMAP:
  1023. ret = drm_gpuvm_sm_unmap_exec_lock(job->vm, exec,
  1024. op->iova,
  1025. op->obj_offset);
  1026. break;
  1027. case MSM_VM_BIND_OP_MAP:
  1028. case MSM_VM_BIND_OP_MAP_NULL: {
  1029. struct drm_gpuvm_map_req map_req = {
  1030. .map.va.addr = op->iova,
  1031. .map.va.range = op->range,
  1032. .map.gem.obj = op->obj,
  1033. .map.gem.offset = op->obj_offset,
  1034. };
  1035. ret = drm_gpuvm_sm_map_exec_lock(job->vm, exec, 1, &map_req);
  1036. break;
  1037. }
  1038. default:
  1039. /*
  1040. * lookup_op() should have already thrown an error for
  1041. * invalid ops
  1042. */
  1043. WARN_ON("unreachable");
  1044. }
  1045. drm_exec_retry_on_contention(exec);
  1046. if (ret)
  1047. return ret;
  1048. }
  1049. }
  1050. return 0;
  1051. }
  1052. /*
  1053. * Pin GEM objects, ensuring that we have backing pages. Pinning will move
  1054. * the object to the pinned LRU so that the shrinker knows to first consider
  1055. * other objects for evicting.
  1056. */
  1057. static int
  1058. vm_bind_job_pin_objects(struct msm_vm_bind_job *job)
  1059. {
  1060. struct drm_gem_object *obj;
  1061. /*
  1062. * First loop, before holding the LRU lock, avoids holding the
  1063. * LRU lock while calling msm_gem_pin_vma_locked (which could
  1064. * trigger get_pages())
  1065. */
  1066. job_foreach_bo (obj, job) {
  1067. struct page **pages;
  1068. pages = msm_gem_get_pages_locked(obj, MSM_MADV_WILLNEED);
  1069. if (IS_ERR(pages))
  1070. return PTR_ERR(pages);
  1071. }
  1072. struct msm_drm_private *priv = job->vm->drm->dev_private;
  1073. /*
  1074. * A second loop while holding the LRU lock (a) avoids acquiring/dropping
  1075. * the LRU lock for each individual bo, while (b) avoiding holding the
  1076. * LRU lock while calling msm_gem_pin_vma_locked() (which could trigger
  1077. * get_pages() which could trigger reclaim.. and if we held the LRU lock
  1078. * could trigger deadlock with the shrinker).
  1079. */
  1080. mutex_lock(&priv->lru.lock);
  1081. job_foreach_bo (obj, job)
  1082. msm_gem_pin_obj_locked(obj);
  1083. mutex_unlock(&priv->lru.lock);
  1084. job->bos_pinned = true;
  1085. return 0;
  1086. }
  1087. /*
  1088. * Unpin GEM objects. Normally this is done after the bind job is run.
  1089. */
  1090. static void
  1091. vm_bind_job_unpin_objects(struct msm_vm_bind_job *job)
  1092. {
  1093. struct drm_gem_object *obj;
  1094. if (!job->bos_pinned)
  1095. return;
  1096. job_foreach_bo (obj, job)
  1097. msm_gem_unpin_locked(obj);
  1098. job->bos_pinned = false;
  1099. }
  1100. /*
  1101. * Pre-allocate pgtable memory, and translate the VM bind requests into a
  1102. * sequence of pgtable updates to be applied asynchronously.
  1103. */
  1104. static int
  1105. vm_bind_job_prepare(struct msm_vm_bind_job *job)
  1106. {
  1107. struct msm_gem_vm *vm = to_msm_vm(job->vm);
  1108. struct msm_mmu *mmu = vm->mmu;
  1109. int ret;
  1110. ret = mmu->funcs->prealloc_allocate(mmu, &job->prealloc);
  1111. if (ret)
  1112. return ret;
  1113. for (unsigned i = 0; i < job->nr_ops; i++) {
  1114. const struct msm_vm_bind_op *op = &job->ops[i];
  1115. struct op_arg arg = {
  1116. .job = job,
  1117. .op = op,
  1118. };
  1119. switch (op->op) {
  1120. case MSM_VM_BIND_OP_UNMAP:
  1121. ret = drm_gpuvm_sm_unmap(job->vm, &arg, op->iova,
  1122. op->range);
  1123. break;
  1124. case MSM_VM_BIND_OP_MAP:
  1125. if (op->flags & MSM_VM_BIND_OP_DUMP)
  1126. arg.flags |= MSM_VMA_DUMP;
  1127. fallthrough;
  1128. case MSM_VM_BIND_OP_MAP_NULL: {
  1129. struct drm_gpuvm_map_req map_req = {
  1130. .map.va.addr = op->iova,
  1131. .map.va.range = op->range,
  1132. .map.gem.obj = op->obj,
  1133. .map.gem.offset = op->obj_offset,
  1134. };
  1135. ret = drm_gpuvm_sm_map(job->vm, &arg, &map_req);
  1136. break;
  1137. }
  1138. default:
  1139. /*
  1140. * lookup_op() should have already thrown an error for
  1141. * invalid ops
  1142. */
  1143. BUG_ON("unreachable");
  1144. }
  1145. if (ret) {
  1146. /*
  1147. * If we've already started modifying the vm, we can't
  1148. * adequetly describe to userspace the intermediate
  1149. * state the vm is in. So throw up our hands!
  1150. */
  1151. if (i > 0)
  1152. msm_gem_vm_unusable(job->vm);
  1153. return ret;
  1154. }
  1155. }
  1156. return 0;
  1157. }
  1158. /*
  1159. * Attach fences to the GEM objects being bound. This will signify to
  1160. * the shrinker that they are busy even after dropping the locks (ie.
  1161. * drm_exec_fini())
  1162. */
  1163. static void
  1164. vm_bind_job_attach_fences(struct msm_vm_bind_job *job)
  1165. {
  1166. for (unsigned i = 0; i < job->nr_ops; i++) {
  1167. struct drm_gem_object *obj = job->ops[i].obj;
  1168. if (!obj)
  1169. continue;
  1170. dma_resv_add_fence(obj->resv, job->fence,
  1171. DMA_RESV_USAGE_KERNEL);
  1172. }
  1173. }
  1174. int
  1175. msm_ioctl_vm_bind(struct drm_device *dev, void *data, struct drm_file *file)
  1176. {
  1177. struct msm_drm_private *priv = dev->dev_private;
  1178. struct drm_msm_vm_bind *args = data;
  1179. struct msm_context *ctx = file->driver_priv;
  1180. struct msm_vm_bind_job *job = NULL;
  1181. struct msm_gpu *gpu = priv->gpu;
  1182. struct msm_gpu_submitqueue *queue;
  1183. struct msm_syncobj_post_dep *post_deps = NULL;
  1184. struct drm_syncobj **syncobjs_to_reset = NULL;
  1185. struct sync_file *sync_file = NULL;
  1186. struct dma_fence *fence;
  1187. int out_fence_fd = -1;
  1188. int ret, nr_bos = 0;
  1189. unsigned i;
  1190. if (!gpu)
  1191. return -ENXIO;
  1192. /*
  1193. * Maybe we could allow just UNMAP ops? OTOH userspace should just
  1194. * immediately close the device file and all will be torn down.
  1195. */
  1196. if (to_msm_vm(msm_context_vm(dev, ctx))->unusable)
  1197. return UERR(EPIPE, dev, "context is unusable");
  1198. /*
  1199. * Technically, you cannot create a VM_BIND submitqueue in the first
  1200. * place, if you haven't opted in to VM_BIND context. But it is
  1201. * cleaner / less confusing, to check this case directly.
  1202. */
  1203. if (!msm_context_is_vmbind(ctx))
  1204. return UERR(EINVAL, dev, "context does not support vmbind");
  1205. if (args->flags & ~MSM_VM_BIND_FLAGS)
  1206. return UERR(EINVAL, dev, "invalid flags");
  1207. queue = msm_submitqueue_get(ctx, args->queue_id);
  1208. if (!queue)
  1209. return -ENOENT;
  1210. if (!(queue->flags & MSM_SUBMITQUEUE_VM_BIND)) {
  1211. ret = UERR(EINVAL, dev, "Invalid queue type");
  1212. goto out_post_unlock;
  1213. }
  1214. if (args->flags & MSM_VM_BIND_FENCE_FD_OUT) {
  1215. out_fence_fd = get_unused_fd_flags(O_CLOEXEC);
  1216. if (out_fence_fd < 0) {
  1217. ret = out_fence_fd;
  1218. goto out_post_unlock;
  1219. }
  1220. }
  1221. job = vm_bind_job_create(dev, file, queue, args->nr_ops);
  1222. if (IS_ERR(job)) {
  1223. ret = PTR_ERR(job);
  1224. goto out_post_unlock;
  1225. }
  1226. ret = mutex_lock_interruptible(&queue->lock);
  1227. if (ret)
  1228. goto out_post_unlock;
  1229. if (args->flags & MSM_VM_BIND_FENCE_FD_IN) {
  1230. struct dma_fence *in_fence;
  1231. in_fence = sync_file_get_fence(args->fence_fd);
  1232. if (!in_fence) {
  1233. ret = UERR(EINVAL, dev, "invalid in-fence");
  1234. goto out_unlock;
  1235. }
  1236. ret = drm_sched_job_add_dependency(&job->base, in_fence);
  1237. if (ret)
  1238. goto out_unlock;
  1239. }
  1240. if (args->in_syncobjs > 0) {
  1241. syncobjs_to_reset = msm_syncobj_parse_deps(dev, &job->base,
  1242. file, args->in_syncobjs,
  1243. args->nr_in_syncobjs,
  1244. args->syncobj_stride);
  1245. if (IS_ERR(syncobjs_to_reset)) {
  1246. ret = PTR_ERR(syncobjs_to_reset);
  1247. goto out_unlock;
  1248. }
  1249. }
  1250. if (args->out_syncobjs > 0) {
  1251. post_deps = msm_syncobj_parse_post_deps(dev, file,
  1252. args->out_syncobjs,
  1253. args->nr_out_syncobjs,
  1254. args->syncobj_stride);
  1255. if (IS_ERR(post_deps)) {
  1256. ret = PTR_ERR(post_deps);
  1257. goto out_unlock;
  1258. }
  1259. }
  1260. ret = vm_bind_job_lookup_ops(job, args, file, &nr_bos);
  1261. if (ret)
  1262. goto out_unlock;
  1263. ret = vm_bind_prealloc_count(job);
  1264. if (ret)
  1265. goto out_unlock;
  1266. struct drm_exec exec;
  1267. unsigned flags = DRM_EXEC_IGNORE_DUPLICATES | DRM_EXEC_INTERRUPTIBLE_WAIT;
  1268. drm_exec_init(&exec, flags, nr_bos + 1);
  1269. ret = vm_bind_job_lock_objects(job, &exec);
  1270. if (ret)
  1271. goto out;
  1272. ret = vm_bind_job_pin_objects(job);
  1273. if (ret)
  1274. goto out;
  1275. ret = vm_bind_job_prepare(job);
  1276. if (ret)
  1277. goto out;
  1278. drm_sched_job_arm(&job->base);
  1279. job->fence = dma_fence_get(&job->base.s_fence->finished);
  1280. if (args->flags & MSM_VM_BIND_FENCE_FD_OUT) {
  1281. sync_file = sync_file_create(job->fence);
  1282. if (!sync_file)
  1283. ret = -ENOMEM;
  1284. }
  1285. if (ret)
  1286. goto out;
  1287. vm_bind_job_attach_fences(job);
  1288. /*
  1289. * The job can be free'd (and fence unref'd) at any point after
  1290. * drm_sched_entity_push_job(), so we need to hold our own ref
  1291. */
  1292. fence = dma_fence_get(job->fence);
  1293. drm_sched_entity_push_job(&job->base);
  1294. msm_syncobj_reset(syncobjs_to_reset, args->nr_in_syncobjs);
  1295. msm_syncobj_process_post_deps(post_deps, args->nr_out_syncobjs, fence);
  1296. dma_fence_put(fence);
  1297. out:
  1298. if (ret)
  1299. vm_bind_job_unpin_objects(job);
  1300. drm_exec_fini(&exec);
  1301. out_unlock:
  1302. mutex_unlock(&queue->lock);
  1303. out_post_unlock:
  1304. if (ret) {
  1305. if (out_fence_fd >= 0)
  1306. put_unused_fd(out_fence_fd);
  1307. if (sync_file)
  1308. fput(sync_file->file);
  1309. } else if (sync_file) {
  1310. fd_install(out_fence_fd, sync_file->file);
  1311. args->fence_fd = out_fence_fd;
  1312. }
  1313. if (!IS_ERR_OR_NULL(job)) {
  1314. if (ret)
  1315. msm_vma_job_free(&job->base);
  1316. } else {
  1317. /*
  1318. * If the submit hasn't yet taken ownership of the queue
  1319. * then we need to drop the reference ourself:
  1320. */
  1321. msm_submitqueue_put(queue);
  1322. }
  1323. if (!IS_ERR_OR_NULL(post_deps)) {
  1324. for (i = 0; i < args->nr_out_syncobjs; ++i) {
  1325. kfree(post_deps[i].chain);
  1326. drm_syncobj_put(post_deps[i].syncobj);
  1327. }
  1328. kfree(post_deps);
  1329. }
  1330. if (!IS_ERR_OR_NULL(syncobjs_to_reset)) {
  1331. for (i = 0; i < args->nr_in_syncobjs; ++i) {
  1332. if (syncobjs_to_reset[i])
  1333. drm_syncobj_put(syncobjs_to_reset[i]);
  1334. }
  1335. kfree(syncobjs_to_reset);
  1336. }
  1337. return ret;
  1338. }