1// SPDX-License-Identifier: GPL-2.0-only 2/* 3 * Framework for buffer objects that can be shared across devices/subsystems. 4 * 5 * Copyright(C) 2011 Linaro Limited. All rights reserved. 6 * Author: Sumit Semwal <sumit.semwal@ti.com> 7 * 8 * Many thanks to linaro-mm-sig list, and specially 9 * Arnd Bergmann <arnd@arndb.de>, Rob Clark <rob@ti.com> and 10 * Daniel Vetter <daniel@ffwll.ch> for their support in creation and 11 * refining of this idea. 12 */ 13 14#include <linux/fs.h> 15#include <linux/slab.h> 16#include <linux/dma-buf.h> 17#include <linux/dma-fence.h> 18#include <linux/anon_inodes.h> 19#include <linux/export.h> 20#include <linux/debugfs.h> 21#include <linux/module.h> 22#include <linux/seq_file.h> 23#include <linux/poll.h> 24#include <linux/dma-resv.h> 25#include <linux/mm.h> 26#include <linux/mount.h> 27#include <linux/pseudo_fs.h> 28 29#include <uapi/linux/dma-buf.h> 30#include <uapi/linux/magic.h> 31 32#include "dma-buf-sysfs-stats.h" 33#include "dma-buf-process-info.h" 34 35struct dma_buf_list { 36 struct list_head head; 37 struct mutex lock; 38}; 39 40static struct dma_buf_list db_list; 41 42/* 43 * This function helps in traversing the db_list and calls the 44 * callback function which can extract required info out of each 45 * dmabuf. 46 */ 47int get_each_dmabuf(int (*callback)(const struct dma_buf *dmabuf, void *private), void *private) 48{ 49 struct dma_buf *buf; 50 int ret = mutex_lock_interruptible(&db_list.lock); 51 if (ret) { 52 return ret; 53 } 54 55 list_for_each_entry(buf, &db_list.head, list_node) 56 { 57 ret = callback(buf, private); 58 if (ret) { 59 break; 60 } 61 } 62 mutex_unlock(&db_list.lock); 63 return ret; 64} 65EXPORT_SYMBOL_GPL(get_each_dmabuf); 66 67static char *dmabuffs_dname(struct dentry *dentry, char *buffer, int buflen) 68{ 69 struct dma_buf *dmabuf; 70 char name[DMA_BUF_NAME_LEN]; 71 size_t ret = 0; 72 73 dmabuf = dentry->d_fsdata; 74 spin_lock(&dmabuf->name_lock); 75 if (dmabuf->name) { 76 ret = strlcpy(name, dmabuf->name, DMA_BUF_NAME_LEN); 77 } 78 spin_unlock(&dmabuf->name_lock); 79 80 return dynamic_dname(dentry, buffer, buflen, "/%s:%s", dentry->d_name.name, ret > 0 ? name : ""); 81} 82 83static void dma_buf_release(struct dentry *dentry) 84{ 85 struct dma_buf *dmabuf; 86 87 dmabuf = dentry->d_fsdata; 88 if (unlikely(!dmabuf)) { 89 return; 90 } 91 92 BUG_ON(dmabuf->vmapping_counter); 93 94 /* 95 * Any fences that a dma-buf poll can wait on should be signaled 96 * before releasing dma-buf. This is the responsibility of each 97 * driver that uses the reservation objects. 98 * 99 * If you hit this BUG() it means someone dropped their ref to the 100 * dma-buf while still having pending operation to the buffer. 101 */ 102 BUG_ON(dmabuf->cb_shared.active || dmabuf->cb_excl.active); 103 104 dmabuf->ops->release(dmabuf); 105 106 if (dmabuf->resv == (struct dma_resv *)&dmabuf[1]) { 107 dma_resv_fini(dmabuf->resv); 108 } 109 110 WARN_ON(!list_empty(&dmabuf->attachments)); 111 dma_buf_stats_teardown(dmabuf); 112 module_put(dmabuf->owner); 113 kfree(dmabuf->name); 114 kfree(dmabuf); 115} 116 117static int dma_buf_file_release(struct inode *inode, struct file *file) 118{ 119 struct dma_buf *dmabuf; 120 121 if (!is_dma_buf_file(file)) { 122 return -EINVAL; 123 } 124 125 dmabuf = file->private_data; 126 127 mutex_lock(&db_list.lock); 128 list_del(&dmabuf->list_node); 129 mutex_unlock(&db_list.lock); 130 131 return 0; 132} 133 134static const struct dentry_operations dma_buf_dentry_ops = { 135 .d_dname = dmabuffs_dname, 136 .d_release = dma_buf_release, 137}; 138 139static struct vfsmount *dma_buf_mnt; 140 141static int dma_buf_fs_init_context(struct fs_context *fc) 142{ 143 struct pseudo_fs_context *ctx; 144 145 ctx = init_pseudo(fc, DMA_BUF_MAGIC); 146 if (!ctx) { 147 return -ENOMEM; 148 } 149 ctx->dops = &dma_buf_dentry_ops; 150 return 0; 151} 152 153static struct file_system_type dma_buf_fs_type = { 154 .name = "dmabuf", 155 .init_fs_context = dma_buf_fs_init_context, 156 .kill_sb = kill_anon_super, 157}; 158 159#ifdef CONFIG_DMABUF_SYSFS_STATS 160static void dma_buf_vma_open(struct vm_area_struct *vma) 161{ 162 struct dma_buf *dmabuf = vma->vm_file->private_data; 163 164 dmabuf->mmap_count++; 165 /* call the heap provided vma open() op */ 166 if (dmabuf->exp_vm_ops->open) { 167 dmabuf->exp_vm_ops->open(vma); 168 } 169} 170 171static void dma_buf_vma_close(struct vm_area_struct *vma) 172{ 173 struct dma_buf *dmabuf = vma->vm_file->private_data; 174 175 if (dmabuf->mmap_count) { 176 dmabuf->mmap_count--; 177 } 178 /* call the heap provided vma close() op */ 179 if (dmabuf->exp_vm_ops->close) { 180 dmabuf->exp_vm_ops->close(vma); 181 } 182} 183 184static int dma_buf_do_mmap(struct dma_buf *dmabuf, struct vm_area_struct *vma) 185{ 186 /* call this first because the exporter might override vma->vm_ops */ 187 int ret = dmabuf->ops->mmap(dmabuf, vma); 188 if (ret) { 189 return ret; 190 } 191 192 /* save the exporter provided vm_ops */ 193 dmabuf->exp_vm_ops = vma->vm_ops; 194 dmabuf->vm_ops = *(dmabuf->exp_vm_ops); 195 /* override open() and close() to provide buffer mmap count */ 196 dmabuf->vm_ops.open = dma_buf_vma_open; 197 dmabuf->vm_ops.close = dma_buf_vma_close; 198 vma->vm_ops = &dmabuf->vm_ops; 199 dmabuf->mmap_count++; 200 201 return ret; 202} 203#else /* CONFIG_DMABUF_SYSFS_STATS */ 204static int dma_buf_do_mmap(struct dma_buf *dmabuf, struct vm_area_struct *vma) 205{ 206 return dmabuf->ops->mmap(dmabuf, vma); 207} 208#endif /* CONFIG_DMABUF_SYSFS_STATS */ 209 210static int dma_buf_mmap_internal(struct file *file, struct vm_area_struct *vma) 211{ 212 struct dma_buf *dmabuf; 213 214 if (!is_dma_buf_file(file)) { 215 return -EINVAL; 216 } 217 218 dmabuf = file->private_data; 219 220 /* check if buffer supports mmap */ 221 if (!dmabuf->ops->mmap) { 222 return -EINVAL; 223 } 224 225 /* check for overflowing the buffer's size */ 226 if ((vma->vm_pgoff + vma_pages(vma)) > (dmabuf->size >> PAGE_SHIFT)) { 227 return -EINVAL; 228 } 229 230 return dma_buf_do_mmap(dmabuf, vma); 231} 232 233static loff_t dma_buf_llseek(struct file *file, loff_t offset, int whence) 234{ 235 struct dma_buf *dmabuf; 236 loff_t base; 237 238 if (!is_dma_buf_file(file)) { 239 return -EBADF; 240 } 241 242 dmabuf = file->private_data; 243 244 /* only support discovering the end of the buffer, 245 but also allow SEEK_SET to maintain the idiomatic 246 SEEK_END(0), SEEK_CUR(0) pattern */ 247 if (whence == SEEK_END) { 248 base = dmabuf->size; 249 } else if (whence == SEEK_SET) { 250 base = 0; 251 } else { 252 return -EINVAL; 253 } 254 255 if (offset != 0) { 256 return -EINVAL; 257 } 258 259 return base + offset; 260} 261 262/** 263 * DOC: implicit fence polling 264 * 265 * To support cross-device and cross-driver synchronization of buffer access 266 * implicit fences (represented internally in the kernel with &struct dma_fence) 267 * can be attached to a &dma_buf. The glue for that and a few related things are 268 * provided in the &dma_resv structure. 269 * 270 * Userspace can query the state of these implicitly tracked fences using poll() 271 * and related system calls 272 * 273 * - Checking for EPOLLIN, i.e. read access, can be use to query the state of the 274 * most recent write or exclusive fence. 275 * 276 * - Checking for EPOLLOUT, i.e. write access, can be used to query the state of 277 * all attached fences, shared and exclusive ones. 278 * 279 * Note that this only signals the completion of the respective fences, i.e. the 280 * DMA transfers are complete. Cache flushing and any other necessary 281 * preparations before CPU access can begin still need to happen. 282 */ 283 284static void dma_buf_poll_cb(struct dma_fence *fence, struct dma_fence_cb *cb) 285{ 286 struct dma_buf_poll_cb_t *dcb = (struct dma_buf_poll_cb_t *)cb; 287 unsigned long flags; 288 289 spin_lock_irqsave(&dcb->poll->lock, flags); 290 wake_up_locked_poll(dcb->poll, dcb->active); 291 dcb->active = 0; 292 spin_unlock_irqrestore(&dcb->poll->lock, flags); 293} 294 295static __poll_t dma_buf_poll(struct file *file, poll_table *poll) 296{ 297 struct dma_buf *dmabuf; 298 struct dma_resv *resv; 299 struct dma_resv_list *fobj; 300 struct dma_fence *fence_excl; 301 __poll_t events; 302 unsigned shared_count, seq; 303 304 dmabuf = file->private_data; 305 if (!dmabuf || !dmabuf->resv) { 306 return EPOLLERR; 307 } 308 309 resv = dmabuf->resv; 310 311 poll_wait(file, &dmabuf->poll, poll); 312 313 events = poll_requested_events(poll) & (EPOLLIN | EPOLLOUT); 314 if (!events) { 315 return 0; 316 } 317 318 while (1) { 319 seq = read_seqcount_begin(&resv->seq); 320 rcu_read_lock(); 321 322 fobj = rcu_dereference(resv->fence); 323 if (fobj) { 324 shared_count = fobj->shared_count; 325 } else { 326 shared_count = 0; 327 } 328 fence_excl = rcu_dereference(resv->fence_excl); 329 if (read_seqcount_retry(&resv->seq, seq)) { 330 rcu_read_unlock(); 331 continue; 332 } 333 break; 334 } 335 if (fence_excl && (!(events & EPOLLOUT) || shared_count == 0)) { 336 struct dma_buf_poll_cb_t *dcb = &dmabuf->cb_excl; 337 __poll_t pevents = EPOLLIN; 338 339 if (shared_count == 0) { 340 pevents |= EPOLLOUT; 341 } 342 343 spin_lock_irq(&dmabuf->poll.lock); 344 if (dcb->active) { 345 dcb->active |= pevents; 346 events &= ~pevents; 347 } else { 348 dcb->active = pevents; 349 } 350 spin_unlock_irq(&dmabuf->poll.lock); 351 352 if (events & pevents) { 353 if (!dma_fence_get_rcu(fence_excl)) { 354 /* force a recheck */ 355 events &= ~pevents; 356 dma_buf_poll_cb(NULL, &dcb->cb); 357 } else if (!dma_fence_add_callback(fence_excl, &dcb->cb, dma_buf_poll_cb)) { 358 events &= ~pevents; 359 dma_fence_put(fence_excl); 360 } else { 361 /* 362 * No callback queued, wake up any additional 363 * waiters. 364 */ 365 dma_fence_put(fence_excl); 366 dma_buf_poll_cb(NULL, &dcb->cb); 367 } 368 } 369 } 370 371 if ((events & EPOLLOUT) && shared_count > 0) { 372 struct dma_buf_poll_cb_t *dcb = &dmabuf->cb_shared; 373 int i; 374 375 /* Only queue a new callback if no event has fired yet */ 376 spin_lock_irq(&dmabuf->poll.lock); 377 if (dcb->active) { 378 events &= ~EPOLLOUT; 379 } else { 380 dcb->active = EPOLLOUT; 381 } 382 spin_unlock_irq(&dmabuf->poll.lock); 383 384 if (!(events & EPOLLOUT)) { 385 goto out; 386 } 387 388 for (i = 0; i < shared_count; ++i) { 389 struct dma_fence *fence = rcu_dereference(fobj->shared[i]); 390 391 if (!dma_fence_get_rcu(fence)) { 392 /* 393 * fence refcount dropped to zero, this means 394 * that fobj has been freed 395 * 396 * call dma_buf_poll_cb and force a recheck! 397 */ 398 events &= ~EPOLLOUT; 399 dma_buf_poll_cb(NULL, &dcb->cb); 400 break; 401 } 402 if (!dma_fence_add_callback(fence, &dcb->cb, dma_buf_poll_cb)) { 403 dma_fence_put(fence); 404 events &= ~EPOLLOUT; 405 break; 406 } 407 dma_fence_put(fence); 408 } 409 410 /* No callback queued, wake up any additional waiters. */ 411 if (i == shared_count) { 412 dma_buf_poll_cb(NULL, &dcb->cb); 413 } 414 } 415 416out: 417 rcu_read_unlock(); 418 return events; 419} 420 421/** 422 * dma_buf_set_name - Set a name to a specific dma_buf to track the usage. 423 * The name of the dma-buf buffer can only be set when the dma-buf is not 424 * attached to any devices. It could theoritically support changing the 425 * name of the dma-buf if the same piece of memory is used for multiple 426 * purpose between different devices. 427 * 428 * @dmabuf: [in] dmabuf buffer that will be renamed. 429 * @buf: [in] A piece of userspace memory that contains the name of 430 * the dma-buf. 431 * 432 * Returns 0 on success. If the dma-buf buffer is already attached to 433 * devices, return -EBUSY. 434 * 435 */ 436static long dma_buf_set_name(struct dma_buf *dmabuf, const char __user *buf) 437{ 438 char *name = strndup_user(buf, DMA_BUF_NAME_LEN); 439 long ret = 0; 440 441 if (IS_ERR(name)) { 442 return PTR_ERR(name); 443 } 444 445 dma_resv_lock(dmabuf->resv, NULL); 446 if (!list_empty(&dmabuf->attachments)) { 447 ret = -EBUSY; 448 kfree(name); 449 goto out_unlock; 450 } 451 spin_lock(&dmabuf->name_lock); 452 kfree(dmabuf->name); 453 dmabuf->name = name; 454 spin_unlock(&dmabuf->name_lock); 455 456out_unlock: 457 dma_resv_unlock(dmabuf->resv); 458 return ret; 459} 460 461static long dma_buf_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 462{ 463 struct dma_buf *dmabuf; 464 struct dma_buf_sync sync; 465 enum dma_data_direction direction; 466 int ret; 467 468 dmabuf = file->private_data; 469 470 switch (cmd) { 471 case DMA_BUF_IOCTL_SYNC: 472 if (copy_from_user(&sync, (void __user *)arg, sizeof(sync))) { 473 return -EFAULT; 474 } 475 476 if (sync.flags & ~DMA_BUF_SYNC_VALID_FLAGS_MASK) { 477 return -EINVAL; 478 } 479 480 switch (sync.flags & DMA_BUF_SYNC_RW) { 481 case DMA_BUF_SYNC_READ: 482 direction = DMA_FROM_DEVICE; 483 break; 484 case DMA_BUF_SYNC_WRITE: 485 direction = DMA_TO_DEVICE; 486 break; 487 case DMA_BUF_SYNC_RW: 488 direction = DMA_BIDIRECTIONAL; 489 break; 490 default: 491 return -EINVAL; 492 } 493 494 if (sync.flags & DMA_BUF_SYNC_END) { 495 ret = dma_buf_end_cpu_access(dmabuf, direction); 496 } else { 497 ret = dma_buf_begin_cpu_access(dmabuf, direction); 498 } 499 500 return ret; 501 502 case DMA_BUF_SET_NAME_A: 503 case DMA_BUF_SET_NAME_B: 504 return dma_buf_set_name(dmabuf, (const char __user *)arg); 505 506 default: 507 return -ENOTTY; 508 } 509} 510 511static void dma_buf_show_fdinfo(struct seq_file *m, struct file *file) 512{ 513 struct dma_buf *dmabuf = file->private_data; 514 515 seq_printf(m, "size:\t%zu\n", dmabuf->size); 516 /* Don't count the temporary reference taken inside procfs seq_show */ 517 seq_printf(m, "count:\t%ld\n", file_count(dmabuf->file) - 1); 518 seq_printf(m, "exp_name:\t%s\n", dmabuf->exp_name); 519 spin_lock(&dmabuf->name_lock); 520 if (dmabuf->name) { 521 seq_printf(m, "name:\t%s\n", dmabuf->name); 522 } 523 spin_unlock(&dmabuf->name_lock); 524} 525 526static const struct file_operations dma_buf_fops = { 527 .release = dma_buf_file_release, 528 .mmap = dma_buf_mmap_internal, 529 .llseek = dma_buf_llseek, 530 .poll = dma_buf_poll, 531 .unlocked_ioctl = dma_buf_ioctl, 532 .compat_ioctl = compat_ptr_ioctl, 533 .show_fdinfo = dma_buf_show_fdinfo, 534}; 535 536/* 537 * is_dma_buf_file - Check if struct file* is associated with dma_buf 538 */ 539int is_dma_buf_file(struct file *file) 540{ 541 return file->f_op == &dma_buf_fops; 542} 543EXPORT_SYMBOL_GPL(is_dma_buf_file); 544 545static struct file *dma_buf_getfile(struct dma_buf *dmabuf, int flags) 546{ 547 struct file *file; 548 struct inode *inode = alloc_anon_inode(dma_buf_mnt->mnt_sb); 549 550 if (IS_ERR(inode)) { 551 return ERR_CAST(inode); 552 } 553 554 inode->i_size = dmabuf->size; 555 inode_set_bytes(inode, dmabuf->size); 556 557 file = alloc_file_pseudo(inode, dma_buf_mnt, "dmabuf", flags, &dma_buf_fops); 558 if (IS_ERR(file)) { 559 goto err_alloc_file; 560 } 561 file->f_flags = flags & (O_ACCMODE | O_NONBLOCK); 562 file->private_data = dmabuf; 563 file->f_path.dentry->d_fsdata = dmabuf; 564 565 return file; 566 567err_alloc_file: 568 iput(inode); 569 return file; 570} 571 572/** 573 * DOC: dma buf device access 574 * 575 * For device DMA access to a shared DMA buffer the usual sequence of operations 576 * is fairly simple 577 * 578 * 1. The exporter defines his exporter instance using 579 * DEFINE_DMA_BUF_EXPORT_INFO() and calls dma_buf_export() to wrap a private 580 * buffer object into a &dma_buf. It then exports that &dma_buf to userspace 581 * as a file descriptor by calling dma_buf_fd(). 582 * 583 * 2. Userspace passes this file-descriptors to all drivers it wants this buffer 584 * to share with: First the filedescriptor is converted to a &dma_buf using 585 * dma_buf_get(). Then the buffer is attached to the device using 586 * dma_buf_attach(). 587 * 588 * Up to this stage the exporter is still free to migrate or reallocate the 589 * backing storage. 590 * 591 * 3. Once the buffer is attached to all devices userspace can initiate DMA 592 * access to the shared buffer. In the kernel this is done by calling 593 * dma_buf_map_attachment() and dma_buf_unmap_attachment(). 594 * 595 * 4. Once a driver is done with a shared buffer it needs to call 596 * dma_buf_detach() (after cleaning up any mappings) and then release the 597 * reference acquired with dma_buf_get by calling dma_buf_put(). 598 * 599 * For the detailed semantics exporters are expected to implement see 600 * &dma_buf_ops. 601 */ 602 603/** 604 * dma_buf_export - Creates a new dma_buf, and associates an anon file 605 * with this buffer, so it can be exported. 606 * Also connect the allocator specific data and ops to the buffer. 607 * Additionally, provide a name string for exporter; useful in debugging. 608 * 609 * @exp_info: [in] holds all the export related information provided 610 * by the exporter. see &struct dma_buf_export_info 611 * for further details. 612 * 613 * Returns, on success, a newly created dma_buf object, which wraps the 614 * supplied private data and operations for dma_buf_ops. On either missing 615 * ops, or error in allocating struct dma_buf, will return negative error. 616 * 617 * For most cases the easiest way to create @exp_info is through the 618 * %DEFINE_DMA_BUF_EXPORT_INFO macro. 619 */ 620struct dma_buf *dma_buf_export(const struct dma_buf_export_info *exp_info) 621{ 622 struct dma_buf *dmabuf; 623 struct dma_resv *resv = exp_info->resv; 624 struct file *file; 625 size_t alloc_size = sizeof(struct dma_buf); 626 int ret; 627 628 if (!exp_info->resv) { 629 alloc_size += sizeof(struct dma_resv); 630 } else { 631 /* prevent &dma_buf[1] == dma_buf->resv */ 632 alloc_size += 1; 633 } 634 635 if (WARN_ON(!exp_info->priv || !exp_info->ops || !exp_info->ops->map_dma_buf || !exp_info->ops->unmap_dma_buf || 636 !exp_info->ops->release)) { 637 return ERR_PTR(-EINVAL); 638 } 639 640 if (WARN_ON(exp_info->ops->cache_sgt_mapping && (exp_info->ops->pin || exp_info->ops->unpin))) { 641 return ERR_PTR(-EINVAL); 642 } 643 644 if (WARN_ON(!exp_info->ops->pin != !exp_info->ops->unpin)) { 645 return ERR_PTR(-EINVAL); 646 } 647 648 if (!try_module_get(exp_info->owner)) { 649 return ERR_PTR(-ENOENT); 650 } 651 652 dmabuf = kzalloc(alloc_size, GFP_KERNEL); 653 if (!dmabuf) { 654 ret = -ENOMEM; 655 goto err_module; 656 } 657 658 dmabuf->priv = exp_info->priv; 659 dmabuf->ops = exp_info->ops; 660 dmabuf->size = exp_info->size; 661 dmabuf->exp_name = exp_info->exp_name; 662 dmabuf->owner = exp_info->owner; 663 spin_lock_init(&dmabuf->name_lock); 664 init_waitqueue_head(&dmabuf->poll); 665 dmabuf->cb_excl.poll = dmabuf->cb_shared.poll = &dmabuf->poll; 666 dmabuf->cb_excl.active = dmabuf->cb_shared.active = 0; 667 668 if (!resv) { 669 resv = (struct dma_resv *)&dmabuf[1]; 670 dma_resv_init(resv); 671 } 672 dmabuf->resv = resv; 673 674 file = dma_buf_getfile(dmabuf, exp_info->flags); 675 if (IS_ERR(file)) { 676 ret = PTR_ERR(file); 677 goto err_dmabuf; 678 } 679 680 file->f_mode |= FMODE_LSEEK; 681 dmabuf->file = file; 682 683 ret = dma_buf_stats_setup(dmabuf); 684 if (ret) { 685 goto err_sysfs; 686 } 687 688 mutex_init(&dmabuf->lock); 689 INIT_LIST_HEAD(&dmabuf->attachments); 690 691 mutex_lock(&db_list.lock); 692 list_add(&dmabuf->list_node, &db_list.head); 693 mutex_unlock(&db_list.lock); 694 695 init_dma_buf_task_info(dmabuf); 696 return dmabuf; 697 698err_sysfs: 699 /* 700 * Set file->f_path.dentry->d_fsdata to NULL so that when 701 * dma_buf_release() gets invoked by dentry_ops, it exits 702 * early before calling the release() dma_buf op. 703 */ 704 file->f_path.dentry->d_fsdata = NULL; 705 fput(file); 706err_dmabuf: 707 kfree(dmabuf); 708err_module: 709 module_put(exp_info->owner); 710 return ERR_PTR(ret); 711} 712EXPORT_SYMBOL_GPL(dma_buf_export); 713 714/** 715 * dma_buf_fd - returns a file descriptor for the given dma_buf 716 * @dmabuf: [in] pointer to dma_buf for which fd is required. 717 * @flags: [in] flags to give to fd 718 * 719 * On success, returns an associated 'fd'. Else, returns error. 720 */ 721int dma_buf_fd(struct dma_buf *dmabuf, int flags) 722{ 723 int fd; 724 725 if (!dmabuf || !dmabuf->file) { 726 return -EINVAL; 727 } 728 729 fd = get_unused_fd_flags(flags); 730 if (fd < 0) { 731 return fd; 732 } 733 734 fd_install(fd, dmabuf->file); 735 736 return fd; 737} 738EXPORT_SYMBOL_GPL(dma_buf_fd); 739 740/** 741 * dma_buf_get - returns the dma_buf structure related to an fd 742 * @fd: [in] fd associated with the dma_buf to be returned 743 * 744 * On success, returns the dma_buf structure associated with an fd; uses 745 * file's refcounting done by fget to increase refcount. returns ERR_PTR 746 * otherwise. 747 */ 748struct dma_buf *dma_buf_get(int fd) 749{ 750 struct file *file; 751 752 file = fget(fd); 753 if (!file) { 754 return ERR_PTR(-EBADF); 755 } 756 757 if (!is_dma_buf_file(file)) { 758 fput(file); 759 return ERR_PTR(-EINVAL); 760 } 761 762 return file->private_data; 763} 764EXPORT_SYMBOL_GPL(dma_buf_get); 765 766/** 767 * dma_buf_put - decreases refcount of the buffer 768 * @dmabuf: [in] buffer to reduce refcount of 769 * 770 * Uses file's refcounting done implicitly by fput(). 771 * 772 * If, as a result of this call, the refcount becomes 0, the 'release' file 773 * operation related to this fd is called. It calls &dma_buf_ops.release vfunc 774 * in turn, and frees the memory allocated for dmabuf when exported. 775 */ 776void dma_buf_put(struct dma_buf *dmabuf) 777{ 778 if (WARN_ON(!dmabuf || !dmabuf->file)) { 779 return; 780 } 781 782 fput(dmabuf->file); 783} 784EXPORT_SYMBOL_GPL(dma_buf_put); 785 786/** 787 * dma_buf_pin - Lock down the DMA-buf 788 * 789 * @attach: [in] attachment which should be pinned 790 * 791 * Returns: 792 * 0 on success, negative error code on failure. 793 */ 794int dma_buf_pin(struct dma_buf_attachment *attach) 795{ 796 struct dma_buf *dmabuf = attach->dmabuf; 797 int ret = 0; 798 799 dma_resv_assert_held(dmabuf->resv); 800 801 if (dmabuf->ops->pin) { 802 ret = dmabuf->ops->pin(attach); 803 } 804 805 return ret; 806} 807EXPORT_SYMBOL_GPL(dma_buf_pin); 808 809/** 810 * dma_buf_dynamic_attach - Add the device to dma_buf's attachments list; optionally, 811 * calls attach() of dma_buf_ops to allow device-specific attach functionality 812 * @dmabuf: [in] buffer to attach device to. 813 * @dev: [in] device to be attached. 814 * @importer_ops: [in] importer operations for the attachment 815 * @importer_priv: [in] importer private pointer for the attachment 816 * 817 * Returns struct dma_buf_attachment pointer for this attachment. Attachments 818 * must be cleaned up by calling dma_buf_detach(). 819 * 820 * Returns 821 * 822 * A pointer to newly created &dma_buf_attachment on success, or a negative 823 * error code wrapped into a pointer on failure. 824 * 825 * Note that this can fail if the backing storage of @dmabuf is in a place not 826 * accessible to @dev, and cannot be moved to a more suitable place. This is 827 * indicated with the error code -EBUSY. 828 */ 829struct dma_buf_attachment *dma_buf_dynamic_attach(struct dma_buf *dmabuf, struct device *dev, 830 const struct dma_buf_attach_ops *importer_ops, void *importer_priv) 831{ 832 struct dma_buf_attachment *attach; 833 int ret; 834 835 if (WARN_ON(!dmabuf || !dev)) { 836 return ERR_PTR(-EINVAL); 837 } 838 839 if (WARN_ON(importer_ops && !importer_ops->move_notify)) { 840 return ERR_PTR(-EINVAL); 841 } 842 843 attach = kzalloc(sizeof(*attach), GFP_KERNEL); 844 if (!attach) { 845 return ERR_PTR(-ENOMEM); 846 } 847 848 attach->dev = dev; 849 attach->dmabuf = dmabuf; 850 if (importer_ops) { 851 attach->peer2peer = importer_ops->allow_peer2peer; 852 } 853 attach->importer_ops = importer_ops; 854 attach->importer_priv = importer_priv; 855 856 if (dmabuf->ops->attach) { 857 ret = dmabuf->ops->attach(dmabuf, attach); 858 if (ret) { 859 goto err_attach; 860 } 861 } 862 dma_resv_lock(dmabuf->resv, NULL); 863 list_add(&attach->node, &dmabuf->attachments); 864 dma_resv_unlock(dmabuf->resv); 865 866 /* When either the importer or the exporter can't handle dynamic 867 * mappings we cache the mapping here to avoid issues with the 868 * reservation object lock. 869 */ 870 if (dma_buf_attachment_is_dynamic(attach) != dma_buf_is_dynamic(dmabuf)) { 871 struct sg_table *sgt; 872 873 if (dma_buf_is_dynamic(attach->dmabuf)) { 874 dma_resv_lock(attach->dmabuf->resv, NULL); 875 ret = dma_buf_pin(attach); 876 if (ret) { 877 goto err_unlock; 878 } 879 } 880 881 sgt = dmabuf->ops->map_dma_buf(attach, DMA_BIDIRECTIONAL); 882 if (!sgt) { 883 sgt = ERR_PTR(-ENOMEM); 884 } 885 if (IS_ERR(sgt)) { 886 ret = PTR_ERR(sgt); 887 goto err_unpin; 888 } 889 if (dma_buf_is_dynamic(attach->dmabuf)) { 890 dma_resv_unlock(attach->dmabuf->resv); 891 } 892 attach->sgt = sgt; 893 attach->dir = DMA_BIDIRECTIONAL; 894 } 895 896 return attach; 897 898err_attach: 899 kfree(attach); 900 return ERR_PTR(ret); 901 902err_unpin: 903 if (dma_buf_is_dynamic(attach->dmabuf)) { 904 dma_buf_unpin(attach); 905 } 906 907err_unlock: 908 if (dma_buf_is_dynamic(attach->dmabuf)) { 909 dma_resv_unlock(attach->dmabuf->resv); 910 } 911 912 dma_buf_detach(dmabuf, attach); 913 return ERR_PTR(ret); 914} 915EXPORT_SYMBOL_GPL(dma_buf_dynamic_attach); 916 917/** 918 * dma_buf_attach - Wrapper for dma_buf_dynamic_attach 919 * @dmabuf: [in] buffer to attach device to. 920 * @dev: [in] device to be attached. 921 * 922 * Wrapper to call dma_buf_dynamic_attach() for drivers which still use a static 923 * mapping. 924 */ 925struct dma_buf_attachment *dma_buf_attach(struct dma_buf *dmabuf, struct device *dev) 926{ 927 return dma_buf_dynamic_attach(dmabuf, dev, NULL, NULL); 928} 929EXPORT_SYMBOL_GPL(dma_buf_attach); 930 931/** 932 * dma_buf_detach - Remove the given attachment from dmabuf's attachments list; 933 * optionally calls detach() of dma_buf_ops for device-specific detach 934 * @dmabuf: [in] buffer to detach from. 935 * @attach: [in] attachment to be detached; is free'd after this call. 936 * 937 * Clean up a device attachment obtained by calling dma_buf_attach(). 938 */ 939void dma_buf_detach(struct dma_buf *dmabuf, struct dma_buf_attachment *attach) 940{ 941 if (WARN_ON(!dmabuf || !attach)) { 942 return; 943 } 944 945 if (attach->sgt) { 946 if (dma_buf_is_dynamic(attach->dmabuf)) { 947 dma_resv_lock(attach->dmabuf->resv, NULL); 948 } 949 950 dmabuf->ops->unmap_dma_buf(attach, attach->sgt, attach->dir); 951 952 if (dma_buf_is_dynamic(attach->dmabuf)) { 953 dma_buf_unpin(attach); 954 dma_resv_unlock(attach->dmabuf->resv); 955 } 956 } 957 958 dma_resv_lock(dmabuf->resv, NULL); 959 list_del(&attach->node); 960 dma_resv_unlock(dmabuf->resv); 961 if (dmabuf->ops->detach) { 962 dmabuf->ops->detach(dmabuf, attach); 963 } 964 965 kfree(attach); 966} 967EXPORT_SYMBOL_GPL(dma_buf_detach); 968 969/** 970 * dma_buf_unpin - Remove lock from DMA-buf 971 * 972 * @attach: [in] attachment which should be unpinned 973 */ 974void dma_buf_unpin(struct dma_buf_attachment *attach) 975{ 976 struct dma_buf *dmabuf = attach->dmabuf; 977 978 dma_resv_assert_held(dmabuf->resv); 979 980 if (dmabuf->ops->unpin) { 981 dmabuf->ops->unpin(attach); 982 } 983} 984EXPORT_SYMBOL_GPL(dma_buf_unpin); 985 986/** 987 * dma_buf_map_attachment - Returns the scatterlist table of the attachment; 988 * mapped into _device_ address space. Is a wrapper for map_dma_buf() of the 989 * dma_buf_ops. 990 * @attach: [in] attachment whose scatterlist is to be returned 991 * @direction: [in] direction of DMA transfer 992 * 993 * Returns sg_table containing the scatterlist to be returned; returns ERR_PTR 994 * on error. May return -EINTR if it is interrupted by a signal. 995 * 996 * A mapping must be unmapped by using dma_buf_unmap_attachment(). Note that 997 * the underlying backing storage is pinned for as long as a mapping exists, 998 * therefore users/importers should not hold onto a mapping for undue amounts of 999 * time. 1000 */ 1001struct sg_table *dma_buf_map_attachment(struct dma_buf_attachment *attach, enum dma_data_direction direction) 1002{ 1003 struct sg_table *sg_table; 1004 int r; 1005 1006 might_sleep(); 1007 1008 if (WARN_ON(!attach || !attach->dmabuf)) { 1009 return ERR_PTR(-EINVAL); 1010 } 1011 1012 if (dma_buf_attachment_is_dynamic(attach)) { 1013 dma_resv_assert_held(attach->dmabuf->resv); 1014 } 1015 1016 if (attach->sgt) { 1017 /* 1018 * Two mappings with different directions for the same 1019 * attachment are not allowed. 1020 */ 1021 if (attach->dir != direction && attach->dir != DMA_BIDIRECTIONAL) { 1022 return ERR_PTR(-EBUSY); 1023 } 1024 1025 return attach->sgt; 1026 } 1027 1028 if (dma_buf_is_dynamic(attach->dmabuf)) { 1029 dma_resv_assert_held(attach->dmabuf->resv); 1030 if (!IS_ENABLED(CONFIG_DMABUF_MOVE_NOTIFY)) { 1031 r = dma_buf_pin(attach); 1032 if (r) { 1033 return ERR_PTR(r); 1034 } 1035 } 1036 } 1037 1038 sg_table = attach->dmabuf->ops->map_dma_buf(attach, direction); 1039 if (!sg_table) { 1040 sg_table = ERR_PTR(-ENOMEM); 1041 } 1042 1043 if (IS_ERR(sg_table) && dma_buf_is_dynamic(attach->dmabuf) && !IS_ENABLED(CONFIG_DMABUF_MOVE_NOTIFY)) { 1044 dma_buf_unpin(attach); 1045 } 1046 1047 if (!IS_ERR(sg_table) && attach->dmabuf->ops->cache_sgt_mapping) { 1048 attach->sgt = sg_table; 1049 attach->dir = direction; 1050 } 1051 1052 return sg_table; 1053} 1054EXPORT_SYMBOL_GPL(dma_buf_map_attachment); 1055 1056/** 1057 * dma_buf_unmap_attachment - unmaps and decreases usecount of the buffer;might 1058 * deallocate the scatterlist associated. Is a wrapper for unmap_dma_buf() of 1059 * dma_buf_ops. 1060 * @attach: [in] attachment to unmap buffer from 1061 * @sg_table: [in] scatterlist info of the buffer to unmap 1062 * @direction: [in] direction of DMA transfer 1063 * 1064 * This unmaps a DMA mapping for @attached obtained by dma_buf_map_attachment(). 1065 */ 1066void dma_buf_unmap_attachment(struct dma_buf_attachment *attach, struct sg_table *sg_table, 1067 enum dma_data_direction direction) 1068{ 1069 might_sleep(); 1070 1071 if (WARN_ON(!attach || !attach->dmabuf || !sg_table)) { 1072 return; 1073 } 1074 1075 if (dma_buf_attachment_is_dynamic(attach)) { 1076 dma_resv_assert_held(attach->dmabuf->resv); 1077 } 1078 1079 if (attach->sgt == sg_table) { 1080 return; 1081 } 1082 1083 if (dma_buf_is_dynamic(attach->dmabuf)) { 1084 dma_resv_assert_held(attach->dmabuf->resv); 1085 } 1086 1087 attach->dmabuf->ops->unmap_dma_buf(attach, sg_table, direction); 1088 1089 if (dma_buf_is_dynamic(attach->dmabuf) && !IS_ENABLED(CONFIG_DMABUF_MOVE_NOTIFY)) { 1090 dma_buf_unpin(attach); 1091 } 1092} 1093EXPORT_SYMBOL_GPL(dma_buf_unmap_attachment); 1094 1095/** 1096 * dma_buf_move_notify - notify attachments that DMA-buf is moving 1097 * 1098 * @dmabuf: [in] buffer which is moving 1099 * 1100 * Informs all attachmenst that they need to destroy and recreated all their 1101 * mappings. 1102 */ 1103void dma_buf_move_notify(struct dma_buf *dmabuf) 1104{ 1105 struct dma_buf_attachment *attach; 1106 1107 dma_resv_assert_held(dmabuf->resv); 1108 1109 list_for_each_entry(attach, &dmabuf->attachments, node) if (attach->importer_ops) 1110 attach->importer_ops->move_notify(attach); 1111} 1112EXPORT_SYMBOL_GPL(dma_buf_move_notify); 1113 1114/** 1115 * DOC: cpu access 1116 * 1117 * There are mutliple reasons for supporting CPU access to a dma buffer object: 1118 * 1119 * - Fallback operations in the kernel, for example when a device is connected 1120 * over USB and the kernel needs to shuffle the data around first before 1121 * sending it away. Cache coherency is handled by braketing any transactions 1122 * with calls to dma_buf_begin_cpu_access() and dma_buf_end_cpu_access() 1123 * access. 1124 * 1125 * Since for most kernel internal dma-buf accesses need the entire buffer, a 1126 * vmap interface is introduced. Note that on very old 32-bit architectures 1127 * vmalloc space might be limited and result in vmap calls failing. 1128 * 1129 * Interfaces:: 1130 * void \*dma_buf_vmap(struct dma_buf \*dmabuf) 1131 * void dma_buf_vunmap(struct dma_buf \*dmabuf, void \*vaddr) 1132 * 1133 * The vmap call can fail if there is no vmap support in the exporter, or if 1134 * it runs out of vmalloc space. Fallback to kmap should be implemented. Note 1135 * that the dma-buf layer keeps a reference count for all vmap access and 1136 * calls down into the exporter's vmap function only when no vmapping exists, 1137 * and only unmaps it once. Protection against concurrent vmap/vunmap calls is 1138 * provided by taking the dma_buf->lock mutex. 1139 * 1140 * - For full compatibility on the importer side with existing userspace 1141 * interfaces, which might already support mmap'ing buffers. This is needed in 1142 * many processing pipelines (e.g. feeding a software rendered image into a 1143 * hardware pipeline, thumbnail creation, snapshots, ...). Also, Android's ION 1144 * framework already supported this and for DMA buffer file descriptors to 1145 * replace ION buffers mmap support was needed. 1146 * 1147 * There is no special interfaces, userspace simply calls mmap on the dma-buf 1148 * fd. But like for CPU access there's a need to braket the actual access, 1149 * which is handled by the ioctl (DMA_BUF_IOCTL_SYNC). Note that 1150 * DMA_BUF_IOCTL_SYNC can fail with -EAGAIN or -EINTR, in which case it must 1151 * be restarted. 1152 * 1153 * Some systems might need some sort of cache coherency management e.g. when 1154 * CPU and GPU domains are being accessed through dma-buf at the same time. 1155 * To circumvent this problem there are begin/end coherency markers, that 1156 * forward directly to existing dma-buf device drivers vfunc hooks. Userspace 1157 * can make use of those markers through the DMA_BUF_IOCTL_SYNC ioctl. The 1158 * sequence would be used like following: 1159 * 1160 * - mmap dma-buf fd 1161 * - for each drawing/upload cycle in CPU 1. SYNC_START ioctl, 2. read/write 1162 * to mmap area 3. SYNC_END ioctl. This can be repeated as often as you 1163 * want (with the new data being consumed by say the GPU or the scanout 1164 * device) 1165 * - munmap once you don't need the buffer any more 1166 * 1167 * For correctness and optimal performance, it is always required to use 1168 * SYNC_START and SYNC_END before and after, respectively, when accessing the 1169 * mapped address. Userspace cannot rely on coherent access, even when there 1170 * are systems where it just works without calling these ioctls. 1171 * 1172 * - And as a CPU fallback in userspace processing pipelines. 1173 * 1174 * Similar to the motivation for kernel cpu access it is again important that 1175 * the userspace code of a given importing subsystem can use the same 1176 * interfaces with a imported dma-buf buffer object as with a native buffer 1177 * object. This is especially important for drm where the userspace part of 1178 * contemporary OpenGL, X, and other drivers is huge, and reworking them to 1179 * use a different way to mmap a buffer rather invasive. 1180 * 1181 * The assumption in the current dma-buf interfaces is that redirecting the 1182 * initial mmap is all that's needed. A survey of some of the existing 1183 * subsystems shows that no driver seems to do any nefarious thing like 1184 * syncing up with outstanding asynchronous processing on the device or 1185 * allocating special resources at fault time. So hopefully this is good 1186 * enough, since adding interfaces to intercept pagefaults and allow pte 1187 * shootdowns would increase the complexity quite a bit. 1188 * 1189 * Interface:: 1190 * int dma_buf_mmap(struct dma_buf \*, struct vm_area_struct \*, 1191 * unsigned long); 1192 * 1193 * If the importing subsystem simply provides a special-purpose mmap call to 1194 * set up a mapping in userspace, calling do_mmap with dma_buf->file will 1195 * equally achieve that for a dma-buf object. 1196 */ 1197 1198static int _dma_buf_begin_cpu_access(struct dma_buf *dmabuf, enum dma_data_direction direction) 1199{ 1200 bool write = (direction == DMA_BIDIRECTIONAL || direction == DMA_TO_DEVICE); 1201 struct dma_resv *resv = dmabuf->resv; 1202 long ret; 1203 1204 /* Wait on any implicit rendering fences */ 1205 ret = dma_resv_wait_timeout_rcu(resv, write, true, MAX_SCHEDULE_TIMEOUT); 1206 if (ret < 0) { 1207 return ret; 1208 } 1209 1210 return 0; 1211} 1212 1213/** 1214 * dma_buf_begin_cpu_access - Must be called before accessing a dma_buf from the 1215 * cpu in the kernel context. Calls begin_cpu_access to allow exporter-specific 1216 * preparations. Coherency is only guaranteed in the specified range for the 1217 * specified access direction. 1218 * @dmabuf: [in] buffer to prepare cpu access for. 1219 * @direction: [in] length of range for cpu access. 1220 * 1221 * After the cpu access is complete the caller should call 1222 * dma_buf_end_cpu_access(). Only when cpu access is braketed by both calls is 1223 * it guaranteed to be coherent with other DMA access. 1224 * 1225 * Can return negative error values, returns 0 on success. 1226 */ 1227int dma_buf_begin_cpu_access(struct dma_buf *dmabuf, enum dma_data_direction direction) 1228{ 1229 int ret = 0; 1230 1231 if (WARN_ON(!dmabuf)) { 1232 return -EINVAL; 1233 } 1234 1235 if (dmabuf->ops->begin_cpu_access) { 1236 ret = dmabuf->ops->begin_cpu_access(dmabuf, direction); 1237 } 1238 1239 /* Ensure that all fences are waited upon - but we first allow 1240 * the native handler the chance to do so more efficiently if it 1241 * chooses. A double invocation here will be reasonably cheap no-op. 1242 */ 1243 if (ret == 0) { 1244 ret = _dma_buf_begin_cpu_access(dmabuf, direction); 1245 } 1246 1247 return ret; 1248} 1249EXPORT_SYMBOL_GPL(dma_buf_begin_cpu_access); 1250 1251int dma_buf_begin_cpu_access_partial(struct dma_buf *dmabuf, enum dma_data_direction direction, unsigned int offset, 1252 unsigned int len) 1253{ 1254 int ret = 0; 1255 1256 if (WARN_ON(!dmabuf)) { 1257 return -EINVAL; 1258 } 1259 1260 if (dmabuf->ops->begin_cpu_access_partial) { 1261 ret = dmabuf->ops->begin_cpu_access_partial(dmabuf, direction, offset, len); 1262 } 1263 1264 /* Ensure that all fences are waited upon - but we first allow 1265 * the native handler the chance to do so more efficiently if it 1266 * chooses. A double invocation here will be reasonably cheap no-op. 1267 */ 1268 if (ret == 0) { 1269 ret = _dma_buf_begin_cpu_access(dmabuf, direction); 1270 } 1271 1272 return ret; 1273} 1274EXPORT_SYMBOL_GPL(dma_buf_begin_cpu_access_partial); 1275 1276/** 1277 * dma_buf_end_cpu_access - Must be called after accessing a dma_buf from the 1278 * cpu in the kernel context. Calls end_cpu_access to allow exporter-specific 1279 * actions. Coherency is only guaranteed in the specified range for the 1280 * specified access direction. 1281 * @dmabuf: [in] buffer to complete cpu access for. 1282 * @direction: [in] length of range for cpu access. 1283 * 1284 * This terminates CPU access started with dma_buf_begin_cpu_access(). 1285 * 1286 * Can return negative error values, returns 0 on success. 1287 */ 1288int dma_buf_end_cpu_access(struct dma_buf *dmabuf, enum dma_data_direction direction) 1289{ 1290 int ret = 0; 1291 1292 WARN_ON(!dmabuf); 1293 1294 if (dmabuf->ops->end_cpu_access) { 1295 ret = dmabuf->ops->end_cpu_access(dmabuf, direction); 1296 } 1297 1298 return ret; 1299} 1300EXPORT_SYMBOL_GPL(dma_buf_end_cpu_access); 1301 1302int dma_buf_end_cpu_access_partial(struct dma_buf *dmabuf, enum dma_data_direction direction, unsigned int offset, 1303 unsigned int len) 1304{ 1305 int ret = 0; 1306 1307 WARN_ON(!dmabuf); 1308 1309 if (dmabuf->ops->end_cpu_access_partial) { 1310 ret = dmabuf->ops->end_cpu_access_partial(dmabuf, direction, offset, len); 1311 } 1312 1313 return ret; 1314} 1315EXPORT_SYMBOL_GPL(dma_buf_end_cpu_access_partial); 1316 1317/** 1318 * dma_buf_mmap - Setup up a userspace mmap with the given vma 1319 * @dmabuf: [in] buffer that should back the vma 1320 * @vma: [in] vma for the mmap 1321 * @pgoff: [in] offset in pages where this mmap should start within the 1322 * dma-buf buffer. 1323 * 1324 * This function adjusts the passed in vma so that it points at the file of the 1325 * dma_buf operation. It also adjusts the starting pgoff and does bounds 1326 * checking on the size of the vma. Then it calls the exporters mmap function to 1327 * set up the mapping. 1328 * 1329 * Can return negative error values, returns 0 on success. 1330 */ 1331int dma_buf_mmap(struct dma_buf *dmabuf, struct vm_area_struct *vma, unsigned long pgoff) 1332{ 1333 struct file *oldfile; 1334 int ret; 1335 1336 if (WARN_ON(!dmabuf || !vma)) { 1337 return -EINVAL; 1338 } 1339 1340 /* check if buffer supports mmap */ 1341 if (!dmabuf->ops->mmap) { 1342 return -EINVAL; 1343 } 1344 1345 /* check for offset overflow */ 1346 if (pgoff + vma_pages(vma) < pgoff) { 1347 return -EOVERFLOW; 1348 } 1349 1350 /* check for overflowing the buffer's size */ 1351 if ((pgoff + vma_pages(vma)) > (dmabuf->size >> PAGE_SHIFT)) { 1352 return -EINVAL; 1353 } 1354 1355 /* readjust the vma */ 1356 get_file(dmabuf->file); 1357 oldfile = vma->vm_file; 1358 vma->vm_file = dmabuf->file; 1359 vma->vm_pgoff = pgoff; 1360 1361 ret = dmabuf->ops->mmap(dmabuf, vma); 1362 if (ret) { 1363 /* restore old parameters on failure */ 1364 vma->vm_file = oldfile; 1365 fput(dmabuf->file); 1366 } else { 1367 if (oldfile) { 1368 fput(oldfile); 1369 } 1370 } 1371 return ret; 1372} 1373EXPORT_SYMBOL_GPL(dma_buf_mmap); 1374 1375/** 1376 * dma_buf_vmap - Create virtual mapping for the buffer object into kernel 1377 * address space. Same restrictions as for vmap and friends apply. 1378 * @dmabuf: [in] buffer to vmap 1379 * 1380 * This call may fail due to lack of virtual mapping address space. 1381 * These calls are optional in drivers. The intended use for them 1382 * is for mapping objects linear in kernel space for high use objects. 1383 * Please attempt to use kmap/kunmap before thinking about these interfaces. 1384 * 1385 * Returns NULL on error. 1386 */ 1387void *dma_buf_vmap(struct dma_buf *dmabuf) 1388{ 1389 void *ptr; 1390 1391 if (WARN_ON(!dmabuf)) { 1392 return NULL; 1393 } 1394 1395 if (!dmabuf->ops->vmap) { 1396 return NULL; 1397 } 1398 1399 mutex_lock(&dmabuf->lock); 1400 if (dmabuf->vmapping_counter) { 1401 dmabuf->vmapping_counter++; 1402 BUG_ON(!dmabuf->vmap_ptr); 1403 ptr = dmabuf->vmap_ptr; 1404 goto out_unlock; 1405 } 1406 1407 BUG_ON(dmabuf->vmap_ptr); 1408 1409 ptr = dmabuf->ops->vmap(dmabuf); 1410 if (WARN_ON_ONCE(IS_ERR(ptr))) { 1411 ptr = NULL; 1412 } 1413 if (!ptr) { 1414 goto out_unlock; 1415 } 1416 1417 dmabuf->vmap_ptr = ptr; 1418 dmabuf->vmapping_counter = 1; 1419 1420out_unlock: 1421 mutex_unlock(&dmabuf->lock); 1422 return ptr; 1423} 1424EXPORT_SYMBOL_GPL(dma_buf_vmap); 1425 1426/** 1427 * dma_buf_vunmap - Unmap a vmap obtained by dma_buf_vmap. 1428 * @dmabuf: [in] buffer to vunmap 1429 * @vaddr: [in] vmap to vunmap 1430 */ 1431void dma_buf_vunmap(struct dma_buf *dmabuf, void *vaddr) 1432{ 1433 if (WARN_ON(!dmabuf)) { 1434 return; 1435 } 1436 1437 BUG_ON(!dmabuf->vmap_ptr); 1438 BUG_ON(dmabuf->vmapping_counter == 0); 1439 BUG_ON(dmabuf->vmap_ptr != vaddr); 1440 1441 mutex_lock(&dmabuf->lock); 1442 if (--dmabuf->vmapping_counter == 0) { 1443 if (dmabuf->ops->vunmap) { 1444 dmabuf->ops->vunmap(dmabuf, vaddr); 1445 } 1446 dmabuf->vmap_ptr = NULL; 1447 } 1448 mutex_unlock(&dmabuf->lock); 1449} 1450EXPORT_SYMBOL_GPL(dma_buf_vunmap); 1451 1452int dma_buf_get_flags(struct dma_buf *dmabuf, unsigned long *flags) 1453{ 1454 int ret = 0; 1455 1456 if (WARN_ON(!dmabuf) || !flags) { 1457 return -EINVAL; 1458 } 1459 1460 if (dmabuf->ops->get_flags) { 1461 ret = dmabuf->ops->get_flags(dmabuf, flags); 1462 } 1463 1464 return ret; 1465} 1466EXPORT_SYMBOL_GPL(dma_buf_get_flags); 1467 1468int dma_buf_get_uuid(struct dma_buf *dmabuf, uuid_t *uuid) 1469{ 1470 if (WARN_ON(!dmabuf) || !uuid) { 1471 return -EINVAL; 1472 } 1473 1474 if (!dmabuf->ops->get_uuid) { 1475 return -ENODEV; 1476 } 1477 1478 return dmabuf->ops->get_uuid(dmabuf, uuid); 1479} 1480EXPORT_SYMBOL_GPL(dma_buf_get_uuid); 1481 1482#ifdef CONFIG_DEBUG_FS 1483static int dma_buf_debug_show(struct seq_file *s, void *unused) 1484{ 1485 int ret; 1486 struct dma_buf *buf_obj; 1487 struct dma_buf_attachment *attach_obj; 1488 struct dma_resv *robj; 1489 struct dma_resv_list *fobj; 1490 struct dma_fence *fence; 1491 unsigned seq; 1492 int count = 0, attach_count, shared_count, i; 1493 size_t size = 0; 1494 1495 ret = mutex_lock_interruptible(&db_list.lock); 1496 if (ret) { 1497 return ret; 1498 } 1499 1500 seq_puts(s, "\nDma-buf Objects:\n"); 1501 seq_printf(s, 1502 "%-8s\t%-8s\t%-8s\t%-8s\texp_name\t%-8s\t" 1503 "%-16s\t%-16s\t%-16s\n", 1504 "size", "flags", "mode", "count", "ino", "buf_name", "exp_pid", "exp_task_comm"); 1505 1506 list_for_each_entry(buf_obj, &db_list.head, list_node) 1507 { 1508 ret = dma_resv_lock_interruptible(buf_obj->resv, NULL); 1509 if (ret) { 1510 goto error_unlock; 1511 } 1512 1513 seq_printf(s, 1514 "%08zu\t%08x\t%08x\t%08ld\t%s\t%08lu\t%s\t" 1515 "%-16d\t%-16s\n", 1516 buf_obj->size, buf_obj->file->f_flags, buf_obj->file->f_mode, file_count(buf_obj->file), 1517 buf_obj->exp_name, file_inode(buf_obj->file)->i_ino, buf_obj->name ?: "NULL", 1518 dma_buf_exp_pid(buf_obj), dma_buf_exp_task_comm(buf_obj) ?: "NULL"); 1519 1520 robj = buf_obj->resv; 1521 while (true) { 1522 seq = read_seqcount_begin(&robj->seq); 1523 rcu_read_lock(); 1524 fobj = rcu_dereference(robj->fence); 1525 shared_count = fobj ? fobj->shared_count : 0; 1526 fence = rcu_dereference(robj->fence_excl); 1527 if (!read_seqcount_retry(&robj->seq, seq)) { 1528 break; 1529 } 1530 rcu_read_unlock(); 1531 } 1532 1533 if (fence) { 1534 seq_printf(s, "\tExclusive fence: %s %s %ssignalled\n", fence->ops->get_driver_name(fence), 1535 fence->ops->get_timeline_name(fence), dma_fence_is_signaled(fence) ? "" : "un"); 1536 } 1537 for (i = 0; i < shared_count; i++) { 1538 fence = rcu_dereference(fobj->shared[i]); 1539 if (!dma_fence_get_rcu(fence)) { 1540 continue; 1541 } 1542 seq_printf(s, "\tShared fence: %s %s %ssignalled\n", fence->ops->get_driver_name(fence), 1543 fence->ops->get_timeline_name(fence), dma_fence_is_signaled(fence) ? "" : "un"); 1544 dma_fence_put(fence); 1545 } 1546 rcu_read_unlock(); 1547 1548 seq_puts(s, "\tAttached Devices:\n"); 1549 attach_count = 0; 1550 1551 list_for_each_entry(attach_obj, &buf_obj->attachments, node) 1552 { 1553 seq_printf(s, "\t%s\n", dev_name(attach_obj->dev)); 1554 attach_count++; 1555 } 1556 dma_resv_unlock(buf_obj->resv); 1557 1558 seq_printf(s, "Total %d devices attached\n\n", attach_count); 1559 1560 count++; 1561 size += buf_obj->size; 1562 } 1563 1564 seq_printf(s, "\nTotal %d objects, %zu bytes\n", count, size); 1565 1566 mutex_unlock(&db_list.lock); 1567 return 0; 1568 1569error_unlock: 1570 mutex_unlock(&db_list.lock); 1571 return ret; 1572} 1573 1574DEFINE_SHOW_ATTRIBUTE(dma_buf_debug); 1575 1576static struct dentry *dma_buf_debugfs_dir; 1577 1578static int dma_buf_init_debugfs(void) 1579{ 1580 struct dentry *d; 1581 int err = 0; 1582 1583 d = debugfs_create_dir("dma_buf", NULL); 1584 if (IS_ERR(d)) { 1585 return PTR_ERR(d); 1586 } 1587 1588 dma_buf_debugfs_dir = d; 1589 1590 d = debugfs_create_file("bufinfo", S_IRUGO, dma_buf_debugfs_dir, NULL, &dma_buf_debug_fops); 1591 if (IS_ERR(d)) { 1592 pr_debug("dma_buf: debugfs: failed to create node bufinfo\n"); 1593 debugfs_remove_recursive(dma_buf_debugfs_dir); 1594 dma_buf_debugfs_dir = NULL; 1595 err = PTR_ERR(d); 1596 } 1597 1598 dma_buf_process_info_init_debugfs(dma_buf_debugfs_dir); 1599 return err; 1600} 1601 1602static void dma_buf_uninit_debugfs(void) 1603{ 1604 debugfs_remove_recursive(dma_buf_debugfs_dir); 1605} 1606#else 1607static inline int dma_buf_init_debugfs(void) 1608{ 1609 return 0; 1610} 1611static inline void dma_buf_uninit_debugfs(void) 1612{ 1613} 1614#endif 1615 1616#ifdef CONFIG_DMABUF_PROCESS_INFO 1617struct dma_buf *get_dma_buf_from_file(struct file *f) 1618{ 1619 if (IS_ERR_OR_NULL(f)) { 1620 return NULL; 1621 } 1622 1623 if (!is_dma_buf_file(f)) { 1624 return NULL; 1625 } 1626 1627 return f->private_data; 1628} 1629#endif /* CONFIG_DMABUF_PROCESS_INFO */ 1630 1631static int __init dma_buf_init(void) 1632{ 1633 int ret; 1634 1635 ret = dma_buf_init_sysfs_statistics(); 1636 if (ret) { 1637 return ret; 1638 } 1639 1640 dma_buf_mnt = kern_mount(&dma_buf_fs_type); 1641 if (IS_ERR(dma_buf_mnt)) { 1642 return PTR_ERR(dma_buf_mnt); 1643 } 1644 1645 mutex_init(&db_list.lock); 1646 INIT_LIST_HEAD(&db_list.head); 1647 dma_buf_init_debugfs(); 1648 dma_buf_process_info_init_procfs(); 1649 return 0; 1650} 1651subsys_initcall(dma_buf_init); 1652 1653static void __exit dma_buf_deinit(void) 1654{ 1655 dma_buf_uninit_debugfs(); 1656 kern_unmount(dma_buf_mnt); 1657 dma_buf_uninit_sysfs_statistics(); 1658 dma_buf_process_info_uninit_procfs(); 1659} 1660__exitcall(dma_buf_deinit); 1661