1// SPDX-License-Identifier: GPL-2.0-only 2/* 3 * Framework for buffer objects that can be shared across devices/subsystems. 4 * 5 * Copyright(C) 2011 Linaro Limited. All rights reserved. 6 * Author: Sumit Semwal <sumit.semwal@ti.com> 7 * 8 * Many thanks to linaro-mm-sig list, and specially 9 * Arnd Bergmann <arnd@arndb.de>, Rob Clark <rob@ti.com> and 10 * Daniel Vetter <daniel@ffwll.ch> for their support in creation and 11 * refining of this idea. 12 */ 13 14#include <linux/fs.h> 15#include <linux/slab.h> 16#include <linux/dma-buf.h> 17#include <linux/dma-fence.h> 18#include <linux/dma-fence-unwrap.h> 19#include <linux/anon_inodes.h> 20#include <linux/export.h> 21#include <linux/debugfs.h> 22#include <linux/module.h> 23#include <linux/seq_file.h> 24#include <linux/sync_file.h> 25#include <linux/poll.h> 26#include <linux/dma-resv.h> 27#include <linux/mm.h> 28#include <linux/mount.h> 29#include <linux/pseudo_fs.h> 30 31#include <uapi/linux/dma-buf.h> 32#include <uapi/linux/magic.h> 33 34#include "dma-buf-sysfs-stats.h" 35#include "dma-buf-process-info.h" 36 37static inline int is_dma_buf_file(struct file *); 38 39struct dma_buf_list { 40 struct list_head head; 41 struct mutex lock; 42}; 43 44static struct dma_buf_list db_list; 45 46static char *dmabuffs_dname(struct dentry *dentry, char *buffer, int buflen) 47{ 48 struct dma_buf *dmabuf; 49 char name[DMA_BUF_NAME_LEN]; 50 size_t ret = 0; 51 52 dmabuf = dentry->d_fsdata; 53 spin_lock(&dmabuf->name_lock); 54 if (dmabuf->name) 55 ret = strlcpy(name, dmabuf->name, DMA_BUF_NAME_LEN); 56 spin_unlock(&dmabuf->name_lock); 57 58 return dynamic_dname(buffer, buflen, "/%s:%s", 59 dentry->d_name.name, ret > 0 ? name : ""); 60} 61 62static void dma_buf_release(struct dentry *dentry) 63{ 64 struct dma_buf *dmabuf; 65 66 dmabuf = dentry->d_fsdata; 67 if (unlikely(!dmabuf)) 68 return; 69 70 BUG_ON(dmabuf->vmapping_counter); 71 72 /* 73 * If you hit this BUG() it could mean: 74 * * There's a file reference imbalance in dma_buf_poll / dma_buf_poll_cb or somewhere else 75 * * dmabuf->cb_in/out.active are non-0 despite no pending fence callback 76 */ 77 BUG_ON(dmabuf->cb_in.active || dmabuf->cb_out.active); 78 79 dma_buf_stats_teardown(dmabuf); 80 dmabuf->ops->release(dmabuf); 81 82 if (dmabuf->resv == (struct dma_resv *)&dmabuf[1]) 83 dma_resv_fini(dmabuf->resv); 84 85 WARN_ON(!list_empty(&dmabuf->attachments)); 86 module_put(dmabuf->owner); 87 kfree(dmabuf->name); 88 kfree(dmabuf); 89} 90 91static int dma_buf_file_release(struct inode *inode, struct file *file) 92{ 93 struct dma_buf *dmabuf; 94 95 if (!is_dma_buf_file(file)) 96 return -EINVAL; 97 98 dmabuf = file->private_data; 99 if (dmabuf) { 100 mutex_lock(&db_list.lock); 101 list_del(&dmabuf->list_node); 102 mutex_unlock(&db_list.lock); 103 } 104 105 return 0; 106} 107 108static const struct dentry_operations dma_buf_dentry_ops = { 109 .d_dname = dmabuffs_dname, 110 .d_release = dma_buf_release, 111}; 112 113static struct vfsmount *dma_buf_mnt; 114 115static int dma_buf_fs_init_context(struct fs_context *fc) 116{ 117 struct pseudo_fs_context *ctx; 118 119 ctx = init_pseudo(fc, DMA_BUF_MAGIC); 120 if (!ctx) 121 return -ENOMEM; 122 ctx->dops = &dma_buf_dentry_ops; 123 return 0; 124} 125 126static struct file_system_type dma_buf_fs_type = { 127 .name = "dmabuf", 128 .init_fs_context = dma_buf_fs_init_context, 129 .kill_sb = kill_anon_super, 130}; 131 132static int dma_buf_mmap_internal(struct file *file, struct vm_area_struct *vma) 133{ 134 struct dma_buf *dmabuf; 135 136 if (!is_dma_buf_file(file)) 137 return -EINVAL; 138 139 dmabuf = file->private_data; 140 141 /* check if buffer supports mmap */ 142 if (!dmabuf->ops->mmap) 143 return -EINVAL; 144 145 /* check for overflowing the buffer's size */ 146 if (vma->vm_pgoff + vma_pages(vma) > 147 dmabuf->size >> PAGE_SHIFT) 148 return -EINVAL; 149 150 return dmabuf->ops->mmap(dmabuf, vma); 151} 152 153static loff_t dma_buf_llseek(struct file *file, loff_t offset, int whence) 154{ 155 struct dma_buf *dmabuf; 156 loff_t base; 157 158 if (!is_dma_buf_file(file)) 159 return -EBADF; 160 161 dmabuf = file->private_data; 162 163 /* only support discovering the end of the buffer, 164 but also allow SEEK_SET to maintain the idiomatic 165 SEEK_END(0), SEEK_CUR(0) pattern */ 166 if (whence == SEEK_END) 167 base = dmabuf->size; 168 else if (whence == SEEK_SET) 169 base = 0; 170 else 171 return -EINVAL; 172 173 if (offset != 0) 174 return -EINVAL; 175 176 return base + offset; 177} 178 179/** 180 * DOC: implicit fence polling 181 * 182 * To support cross-device and cross-driver synchronization of buffer access 183 * implicit fences (represented internally in the kernel with &struct dma_fence) 184 * can be attached to a &dma_buf. The glue for that and a few related things are 185 * provided in the &dma_resv structure. 186 * 187 * Userspace can query the state of these implicitly tracked fences using poll() 188 * and related system calls: 189 * 190 * - Checking for EPOLLIN, i.e. read access, can be use to query the state of the 191 * most recent write or exclusive fence. 192 * 193 * - Checking for EPOLLOUT, i.e. write access, can be used to query the state of 194 * all attached fences, shared and exclusive ones. 195 * 196 * Note that this only signals the completion of the respective fences, i.e. the 197 * DMA transfers are complete. Cache flushing and any other necessary 198 * preparations before CPU access can begin still need to happen. 199 * 200 * As an alternative to poll(), the set of fences on DMA buffer can be 201 * exported as a &sync_file using &dma_buf_sync_file_export. 202 */ 203 204static void dma_buf_poll_cb(struct dma_fence *fence, struct dma_fence_cb *cb) 205{ 206 struct dma_buf_poll_cb_t *dcb = (struct dma_buf_poll_cb_t *)cb; 207 struct dma_buf *dmabuf = container_of(dcb->poll, struct dma_buf, poll); 208 unsigned long flags; 209 210 spin_lock_irqsave(&dcb->poll->lock, flags); 211 wake_up_locked_poll(dcb->poll, dcb->active); 212 dcb->active = 0; 213 spin_unlock_irqrestore(&dcb->poll->lock, flags); 214 dma_fence_put(fence); 215 /* Paired with get_file in dma_buf_poll */ 216 fput(dmabuf->file); 217} 218 219static bool dma_buf_poll_add_cb(struct dma_resv *resv, bool write, 220 struct dma_buf_poll_cb_t *dcb) 221{ 222 struct dma_resv_iter cursor; 223 struct dma_fence *fence; 224 int r; 225 226 dma_resv_for_each_fence(&cursor, resv, dma_resv_usage_rw(write), 227 fence) { 228 dma_fence_get(fence); 229 r = dma_fence_add_callback(fence, &dcb->cb, dma_buf_poll_cb); 230 if (!r) 231 return true; 232 dma_fence_put(fence); 233 } 234 235 return false; 236} 237 238static __poll_t dma_buf_poll(struct file *file, poll_table *poll) 239{ 240 struct dma_buf *dmabuf; 241 struct dma_resv *resv; 242 __poll_t events; 243 244 dmabuf = file->private_data; 245 if (!dmabuf || !dmabuf->resv) 246 return EPOLLERR; 247 248 resv = dmabuf->resv; 249 250 poll_wait(file, &dmabuf->poll, poll); 251 252 events = poll_requested_events(poll) & (EPOLLIN | EPOLLOUT); 253 if (!events) 254 return 0; 255 256 dma_resv_lock(resv, NULL); 257 258 if (events & EPOLLOUT) { 259 struct dma_buf_poll_cb_t *dcb = &dmabuf->cb_out; 260 261 /* Check that callback isn't busy */ 262 spin_lock_irq(&dmabuf->poll.lock); 263 if (dcb->active) 264 events &= ~EPOLLOUT; 265 else 266 dcb->active = EPOLLOUT; 267 spin_unlock_irq(&dmabuf->poll.lock); 268 269 if (events & EPOLLOUT) { 270 /* Paired with fput in dma_buf_poll_cb */ 271 get_file(dmabuf->file); 272 273 if (!dma_buf_poll_add_cb(resv, true, dcb)) 274 /* No callback queued, wake up any other waiters */ 275 dma_buf_poll_cb(NULL, &dcb->cb); 276 else 277 events &= ~EPOLLOUT; 278 } 279 } 280 281 if (events & EPOLLIN) { 282 struct dma_buf_poll_cb_t *dcb = &dmabuf->cb_in; 283 284 /* Check that callback isn't busy */ 285 spin_lock_irq(&dmabuf->poll.lock); 286 if (dcb->active) 287 events &= ~EPOLLIN; 288 else 289 dcb->active = EPOLLIN; 290 spin_unlock_irq(&dmabuf->poll.lock); 291 292 if (events & EPOLLIN) { 293 /* Paired with fput in dma_buf_poll_cb */ 294 get_file(dmabuf->file); 295 296 if (!dma_buf_poll_add_cb(resv, false, dcb)) 297 /* No callback queued, wake up any other waiters */ 298 dma_buf_poll_cb(NULL, &dcb->cb); 299 else 300 events &= ~EPOLLIN; 301 } 302 } 303 304 dma_resv_unlock(resv); 305 return events; 306} 307 308/** 309 * dma_buf_set_name - Set a name to a specific dma_buf to track the usage. 310 * It could support changing the name of the dma-buf if the same 311 * piece of memory is used for multiple purpose between different devices. 312 * 313 * @dmabuf: [in] dmabuf buffer that will be renamed. 314 * @buf: [in] A piece of userspace memory that contains the name of 315 * the dma-buf. 316 * 317 * Returns 0 on success. If the dma-buf buffer is already attached to 318 * devices, return -EBUSY. 319 * 320 */ 321static long dma_buf_set_name(struct dma_buf *dmabuf, const char __user *buf) 322{ 323 char *name = strndup_user(buf, DMA_BUF_NAME_LEN); 324 325 if (IS_ERR(name)) 326 return PTR_ERR(name); 327 328 spin_lock(&dmabuf->name_lock); 329 kfree(dmabuf->name); 330 dmabuf->name = name; 331 spin_unlock(&dmabuf->name_lock); 332 333 return 0; 334} 335 336#if IS_ENABLED(CONFIG_SYNC_FILE) 337static long dma_buf_export_sync_file(struct dma_buf *dmabuf, 338 void __user *user_data) 339{ 340 struct dma_buf_export_sync_file arg; 341 enum dma_resv_usage usage; 342 struct dma_fence *fence = NULL; 343 struct sync_file *sync_file; 344 int fd, ret; 345 346 if (copy_from_user(&arg, user_data, sizeof(arg))) 347 return -EFAULT; 348 349 if (arg.flags & ~DMA_BUF_SYNC_RW) 350 return -EINVAL; 351 352 if ((arg.flags & DMA_BUF_SYNC_RW) == 0) 353 return -EINVAL; 354 355 fd = get_unused_fd_flags(O_CLOEXEC); 356 if (fd < 0) 357 return fd; 358 359 usage = dma_resv_usage_rw(arg.flags & DMA_BUF_SYNC_WRITE); 360 ret = dma_resv_get_singleton(dmabuf->resv, usage, &fence); 361 if (ret) 362 goto err_put_fd; 363 364 if (!fence) 365 fence = dma_fence_get_stub(); 366 367 sync_file = sync_file_create(fence); 368 369 dma_fence_put(fence); 370 371 if (!sync_file) { 372 ret = -ENOMEM; 373 goto err_put_fd; 374 } 375 376 arg.fd = fd; 377 if (copy_to_user(user_data, &arg, sizeof(arg))) { 378 ret = -EFAULT; 379 goto err_put_file; 380 } 381 382 fd_install(fd, sync_file->file); 383 384 return 0; 385 386err_put_file: 387 fput(sync_file->file); 388err_put_fd: 389 put_unused_fd(fd); 390 return ret; 391} 392 393static long dma_buf_import_sync_file(struct dma_buf *dmabuf, 394 const void __user *user_data) 395{ 396 struct dma_buf_import_sync_file arg; 397 struct dma_fence *fence, *f; 398 enum dma_resv_usage usage; 399 struct dma_fence_unwrap iter; 400 unsigned int num_fences; 401 int ret = 0; 402 403 if (copy_from_user(&arg, user_data, sizeof(arg))) 404 return -EFAULT; 405 406 if (arg.flags & ~DMA_BUF_SYNC_RW) 407 return -EINVAL; 408 409 if ((arg.flags & DMA_BUF_SYNC_RW) == 0) 410 return -EINVAL; 411 412 fence = sync_file_get_fence(arg.fd); 413 if (!fence) 414 return -EINVAL; 415 416 usage = (arg.flags & DMA_BUF_SYNC_WRITE) ? DMA_RESV_USAGE_WRITE : 417 DMA_RESV_USAGE_READ; 418 419 num_fences = 0; 420 dma_fence_unwrap_for_each(f, &iter, fence) 421 ++num_fences; 422 423 if (num_fences > 0) { 424 dma_resv_lock(dmabuf->resv, NULL); 425 426 ret = dma_resv_reserve_fences(dmabuf->resv, num_fences); 427 if (!ret) { 428 dma_fence_unwrap_for_each(f, &iter, fence) 429 dma_resv_add_fence(dmabuf->resv, f, usage); 430 } 431 432 dma_resv_unlock(dmabuf->resv); 433 } 434 435 dma_fence_put(fence); 436 437 return ret; 438} 439#endif 440 441static long dma_buf_ioctl(struct file *file, 442 unsigned int cmd, unsigned long arg) 443{ 444 struct dma_buf *dmabuf; 445 struct dma_buf_sync sync; 446 enum dma_data_direction direction; 447 int ret; 448 449 dmabuf = file->private_data; 450 451 switch (cmd) { 452 case DMA_BUF_IOCTL_SYNC: 453 if (copy_from_user(&sync, (void __user *) arg, sizeof(sync))) 454 return -EFAULT; 455 456 if (sync.flags & ~DMA_BUF_SYNC_VALID_FLAGS_MASK) 457 return -EINVAL; 458 459 switch (sync.flags & DMA_BUF_SYNC_RW) { 460 case DMA_BUF_SYNC_READ: 461 direction = DMA_FROM_DEVICE; 462 break; 463 case DMA_BUF_SYNC_WRITE: 464 direction = DMA_TO_DEVICE; 465 break; 466 case DMA_BUF_SYNC_RW: 467 direction = DMA_BIDIRECTIONAL; 468 break; 469 default: 470 return -EINVAL; 471 } 472 473 if (sync.flags & DMA_BUF_SYNC_END) 474 ret = dma_buf_end_cpu_access(dmabuf, direction); 475 else 476 ret = dma_buf_begin_cpu_access(dmabuf, direction); 477 478 return ret; 479 480 case DMA_BUF_SET_NAME_A: 481 case DMA_BUF_SET_NAME_B: 482 return dma_buf_set_name(dmabuf, (const char __user *)arg); 483 484#if IS_ENABLED(CONFIG_SYNC_FILE) 485 case DMA_BUF_IOCTL_EXPORT_SYNC_FILE: 486 return dma_buf_export_sync_file(dmabuf, (void __user *)arg); 487 case DMA_BUF_IOCTL_IMPORT_SYNC_FILE: 488 return dma_buf_import_sync_file(dmabuf, (const void __user *)arg); 489#endif 490 491 default: 492 return -ENOTTY; 493 } 494} 495 496static void dma_buf_show_fdinfo(struct seq_file *m, struct file *file) 497{ 498 struct dma_buf *dmabuf = file->private_data; 499 500 seq_printf(m, "size:\t%zu\n", dmabuf->size); 501 /* Don't count the temporary reference taken inside procfs seq_show */ 502 seq_printf(m, "count:\t%ld\n", file_count(dmabuf->file) - 1); 503 seq_printf(m, "exp_name:\t%s\n", dmabuf->exp_name); 504 spin_lock(&dmabuf->name_lock); 505 if (dmabuf->name) 506 seq_printf(m, "name:\t%s\n", dmabuf->name); 507 spin_unlock(&dmabuf->name_lock); 508} 509 510static const struct file_operations dma_buf_fops = { 511 .release = dma_buf_file_release, 512 .mmap = dma_buf_mmap_internal, 513 .llseek = dma_buf_llseek, 514 .poll = dma_buf_poll, 515 .unlocked_ioctl = dma_buf_ioctl, 516 .compat_ioctl = compat_ptr_ioctl, 517 .show_fdinfo = dma_buf_show_fdinfo, 518}; 519 520/* 521 * is_dma_buf_file - Check if struct file* is associated with dma_buf 522 */ 523static inline int is_dma_buf_file(struct file *file) 524{ 525 return file->f_op == &dma_buf_fops; 526} 527 528static struct file *dma_buf_getfile(size_t size, int flags) 529{ 530 static atomic64_t dmabuf_inode = ATOMIC64_INIT(0); 531 struct inode *inode = alloc_anon_inode(dma_buf_mnt->mnt_sb); 532 struct file *file; 533 534 if (IS_ERR(inode)) 535 return ERR_CAST(inode); 536 537 inode->i_size = size; 538 inode_set_bytes(inode, size); 539 540 /* 541 * The ->i_ino acquired from get_next_ino() is not unique thus 542 * not suitable for using it as dentry name by dmabuf stats. 543 * Override ->i_ino with the unique and dmabuffs specific 544 * value. 545 */ 546 inode->i_ino = atomic64_add_return(1, &dmabuf_inode); 547 flags &= O_ACCMODE | O_NONBLOCK; 548 file = alloc_file_pseudo(inode, dma_buf_mnt, "dmabuf", 549 flags, &dma_buf_fops); 550 if (IS_ERR(file)) 551 goto err_alloc_file; 552 553 return file; 554 555err_alloc_file: 556 iput(inode); 557 return file; 558} 559 560/** 561 * DOC: dma buf device access 562 * 563 * For device DMA access to a shared DMA buffer the usual sequence of operations 564 * is fairly simple: 565 * 566 * 1. The exporter defines his exporter instance using 567 * DEFINE_DMA_BUF_EXPORT_INFO() and calls dma_buf_export() to wrap a private 568 * buffer object into a &dma_buf. It then exports that &dma_buf to userspace 569 * as a file descriptor by calling dma_buf_fd(). 570 * 571 * 2. Userspace passes this file-descriptors to all drivers it wants this buffer 572 * to share with: First the file descriptor is converted to a &dma_buf using 573 * dma_buf_get(). Then the buffer is attached to the device using 574 * dma_buf_attach(). 575 * 576 * Up to this stage the exporter is still free to migrate or reallocate the 577 * backing storage. 578 * 579 * 3. Once the buffer is attached to all devices userspace can initiate DMA 580 * access to the shared buffer. In the kernel this is done by calling 581 * dma_buf_map_attachment() and dma_buf_unmap_attachment(). 582 * 583 * 4. Once a driver is done with a shared buffer it needs to call 584 * dma_buf_detach() (after cleaning up any mappings) and then release the 585 * reference acquired with dma_buf_get() by calling dma_buf_put(). 586 * 587 * For the detailed semantics exporters are expected to implement see 588 * &dma_buf_ops. 589 */ 590 591/** 592 * dma_buf_export - Creates a new dma_buf, and associates an anon file 593 * with this buffer, so it can be exported. 594 * Also connect the allocator specific data and ops to the buffer. 595 * Additionally, provide a name string for exporter; useful in debugging. 596 * 597 * @exp_info: [in] holds all the export related information provided 598 * by the exporter. see &struct dma_buf_export_info 599 * for further details. 600 * 601 * Returns, on success, a newly created struct dma_buf object, which wraps the 602 * supplied private data and operations for struct dma_buf_ops. On either 603 * missing ops, or error in allocating struct dma_buf, will return negative 604 * error. 605 * 606 * For most cases the easiest way to create @exp_info is through the 607 * %DEFINE_DMA_BUF_EXPORT_INFO macro. 608 */ 609struct dma_buf *dma_buf_export(const struct dma_buf_export_info *exp_info) 610{ 611 struct dma_buf *dmabuf; 612 struct dma_resv *resv = exp_info->resv; 613 struct file *file; 614 size_t alloc_size = sizeof(struct dma_buf); 615 int ret; 616 617 if (WARN_ON(!exp_info->priv || !exp_info->ops 618 || !exp_info->ops->map_dma_buf 619 || !exp_info->ops->unmap_dma_buf 620 || !exp_info->ops->release)) 621 return ERR_PTR(-EINVAL); 622 623 if (WARN_ON(exp_info->ops->cache_sgt_mapping && 624 (exp_info->ops->pin || exp_info->ops->unpin))) 625 return ERR_PTR(-EINVAL); 626 627 if (WARN_ON(!exp_info->ops->pin != !exp_info->ops->unpin)) 628 return ERR_PTR(-EINVAL); 629 630 if (!try_module_get(exp_info->owner)) 631 return ERR_PTR(-ENOENT); 632 633 file = dma_buf_getfile(exp_info->size, exp_info->flags); 634 if (IS_ERR(file)) { 635 ret = PTR_ERR(file); 636 goto err_module; 637 } 638 639 if (!exp_info->resv) 640 alloc_size += sizeof(struct dma_resv); 641 else 642 /* prevent &dma_buf[1] == dma_buf->resv */ 643 alloc_size += 1; 644 dmabuf = kzalloc(alloc_size, GFP_KERNEL); 645 if (!dmabuf) { 646 ret = -ENOMEM; 647 goto err_file; 648 } 649 650 dmabuf->priv = exp_info->priv; 651 dmabuf->ops = exp_info->ops; 652 dmabuf->size = exp_info->size; 653 dmabuf->exp_name = exp_info->exp_name; 654 dmabuf->owner = exp_info->owner; 655 spin_lock_init(&dmabuf->name_lock); 656 init_waitqueue_head(&dmabuf->poll); 657 dmabuf->cb_in.poll = dmabuf->cb_out.poll = &dmabuf->poll; 658 dmabuf->cb_in.active = dmabuf->cb_out.active = 0; 659 INIT_LIST_HEAD(&dmabuf->attachments); 660 661 if (!resv) { 662 dmabuf->resv = (struct dma_resv *)&dmabuf[1]; 663 dma_resv_init(dmabuf->resv); 664 } else { 665 dmabuf->resv = resv; 666 } 667 668 ret = dma_buf_stats_setup(dmabuf, file); 669 if (ret) 670 goto err_dmabuf; 671 672 file->private_data = dmabuf; 673 file->f_path.dentry->d_fsdata = dmabuf; 674 dmabuf->file = file; 675 676 mutex_lock(&db_list.lock); 677 list_add(&dmabuf->list_node, &db_list.head); 678 mutex_unlock(&db_list.lock); 679 680 return dmabuf; 681 682err_dmabuf: 683 if (!resv) 684 dma_resv_fini(dmabuf->resv); 685 kfree(dmabuf); 686err_file: 687 fput(file); 688err_module: 689 module_put(exp_info->owner); 690 return ERR_PTR(ret); 691} 692EXPORT_SYMBOL_NS_GPL(dma_buf_export, DMA_BUF); 693 694/** 695 * dma_buf_fd - returns a file descriptor for the given struct dma_buf 696 * @dmabuf: [in] pointer to dma_buf for which fd is required. 697 * @flags: [in] flags to give to fd 698 * 699 * On success, returns an associated 'fd'. Else, returns error. 700 */ 701int dma_buf_fd(struct dma_buf *dmabuf, int flags) 702{ 703 int fd; 704 705 if (!dmabuf || !dmabuf->file) 706 return -EINVAL; 707 708 fd = get_unused_fd_flags(flags); 709 if (fd < 0) 710 return fd; 711 712 fd_install(fd, dmabuf->file); 713 714 return fd; 715} 716EXPORT_SYMBOL_NS_GPL(dma_buf_fd, DMA_BUF); 717 718/** 719 * dma_buf_get - returns the struct dma_buf related to an fd 720 * @fd: [in] fd associated with the struct dma_buf to be returned 721 * 722 * On success, returns the struct dma_buf associated with an fd; uses 723 * file's refcounting done by fget to increase refcount. returns ERR_PTR 724 * otherwise. 725 */ 726struct dma_buf *dma_buf_get(int fd) 727{ 728 struct file *file; 729 730 file = fget(fd); 731 732 if (!file) 733 return ERR_PTR(-EBADF); 734 735 if (!is_dma_buf_file(file)) { 736 fput(file); 737 return ERR_PTR(-EINVAL); 738 } 739 740 return file->private_data; 741} 742EXPORT_SYMBOL_NS_GPL(dma_buf_get, DMA_BUF); 743 744/** 745 * dma_buf_put - decreases refcount of the buffer 746 * @dmabuf: [in] buffer to reduce refcount of 747 * 748 * Uses file's refcounting done implicitly by fput(). 749 * 750 * If, as a result of this call, the refcount becomes 0, the 'release' file 751 * operation related to this fd is called. It calls &dma_buf_ops.release vfunc 752 * in turn, and frees the memory allocated for dmabuf when exported. 753 */ 754void dma_buf_put(struct dma_buf *dmabuf) 755{ 756 if (WARN_ON(!dmabuf || !dmabuf->file)) 757 return; 758 759 fput(dmabuf->file); 760} 761EXPORT_SYMBOL_NS_GPL(dma_buf_put, DMA_BUF); 762 763static void mangle_sg_table(struct sg_table *sg_table) 764{ 765#ifdef CONFIG_DMABUF_DEBUG 766 int i; 767 struct scatterlist *sg; 768 769 /* To catch abuse of the underlying struct page by importers mix 770 * up the bits, but take care to preserve the low SG_ bits to 771 * not corrupt the sgt. The mixing is undone in __unmap_dma_buf 772 * before passing the sgt back to the exporter. */ 773 for_each_sgtable_sg(sg_table, sg, i) 774 sg->page_link ^= ~0xffUL; 775#endif 776 777} 778static struct sg_table * __map_dma_buf(struct dma_buf_attachment *attach, 779 enum dma_data_direction direction) 780{ 781 struct sg_table *sg_table; 782 signed long ret; 783 784 sg_table = attach->dmabuf->ops->map_dma_buf(attach, direction); 785 if (IS_ERR_OR_NULL(sg_table)) 786 return sg_table; 787 788 if (!dma_buf_attachment_is_dynamic(attach)) { 789 ret = dma_resv_wait_timeout(attach->dmabuf->resv, 790 DMA_RESV_USAGE_KERNEL, true, 791 MAX_SCHEDULE_TIMEOUT); 792 if (ret < 0) { 793 attach->dmabuf->ops->unmap_dma_buf(attach, sg_table, 794 direction); 795 return ERR_PTR(ret); 796 } 797 } 798 799 mangle_sg_table(sg_table); 800 return sg_table; 801} 802 803/** 804 * DOC: locking convention 805 * 806 * In order to avoid deadlock situations between dma-buf exports and importers, 807 * all dma-buf API users must follow the common dma-buf locking convention. 808 * 809 * Convention for importers 810 * 811 * 1. Importers must hold the dma-buf reservation lock when calling these 812 * functions: 813 * 814 * - dma_buf_pin() 815 * - dma_buf_unpin() 816 * - dma_buf_map_attachment() 817 * - dma_buf_unmap_attachment() 818 * - dma_buf_vmap() 819 * - dma_buf_vunmap() 820 * 821 * 2. Importers must not hold the dma-buf reservation lock when calling these 822 * functions: 823 * 824 * - dma_buf_attach() 825 * - dma_buf_dynamic_attach() 826 * - dma_buf_detach() 827 * - dma_buf_export() 828 * - dma_buf_fd() 829 * - dma_buf_get() 830 * - dma_buf_put() 831 * - dma_buf_mmap() 832 * - dma_buf_begin_cpu_access() 833 * - dma_buf_end_cpu_access() 834 * - dma_buf_map_attachment_unlocked() 835 * - dma_buf_unmap_attachment_unlocked() 836 * - dma_buf_vmap_unlocked() 837 * - dma_buf_vunmap_unlocked() 838 * 839 * Convention for exporters 840 * 841 * 1. These &dma_buf_ops callbacks are invoked with unlocked dma-buf 842 * reservation and exporter can take the lock: 843 * 844 * - &dma_buf_ops.attach() 845 * - &dma_buf_ops.detach() 846 * - &dma_buf_ops.release() 847 * - &dma_buf_ops.begin_cpu_access() 848 * - &dma_buf_ops.end_cpu_access() 849 * - &dma_buf_ops.mmap() 850 * 851 * 2. These &dma_buf_ops callbacks are invoked with locked dma-buf 852 * reservation and exporter can't take the lock: 853 * 854 * - &dma_buf_ops.pin() 855 * - &dma_buf_ops.unpin() 856 * - &dma_buf_ops.map_dma_buf() 857 * - &dma_buf_ops.unmap_dma_buf() 858 * - &dma_buf_ops.vmap() 859 * - &dma_buf_ops.vunmap() 860 * 861 * 3. Exporters must hold the dma-buf reservation lock when calling these 862 * functions: 863 * 864 * - dma_buf_move_notify() 865 */ 866 867/** 868 * dma_buf_dynamic_attach - Add the device to dma_buf's attachments list 869 * @dmabuf: [in] buffer to attach device to. 870 * @dev: [in] device to be attached. 871 * @importer_ops: [in] importer operations for the attachment 872 * @importer_priv: [in] importer private pointer for the attachment 873 * 874 * Returns struct dma_buf_attachment pointer for this attachment. Attachments 875 * must be cleaned up by calling dma_buf_detach(). 876 * 877 * Optionally this calls &dma_buf_ops.attach to allow device-specific attach 878 * functionality. 879 * 880 * Returns: 881 * 882 * A pointer to newly created &dma_buf_attachment on success, or a negative 883 * error code wrapped into a pointer on failure. 884 * 885 * Note that this can fail if the backing storage of @dmabuf is in a place not 886 * accessible to @dev, and cannot be moved to a more suitable place. This is 887 * indicated with the error code -EBUSY. 888 */ 889struct dma_buf_attachment * 890dma_buf_dynamic_attach(struct dma_buf *dmabuf, struct device *dev, 891 const struct dma_buf_attach_ops *importer_ops, 892 void *importer_priv) 893{ 894 struct dma_buf_attachment *attach; 895 int ret; 896 897 if (WARN_ON(!dmabuf || !dev)) 898 return ERR_PTR(-EINVAL); 899 900 if (WARN_ON(importer_ops && !importer_ops->move_notify)) 901 return ERR_PTR(-EINVAL); 902 903 attach = kzalloc(sizeof(*attach), GFP_KERNEL); 904 if (!attach) 905 return ERR_PTR(-ENOMEM); 906 907 attach->dev = dev; 908 attach->dmabuf = dmabuf; 909 if (importer_ops) 910 attach->peer2peer = importer_ops->allow_peer2peer; 911 attach->importer_ops = importer_ops; 912 attach->importer_priv = importer_priv; 913 914 if (dmabuf->ops->attach) { 915 ret = dmabuf->ops->attach(dmabuf, attach); 916 if (ret) 917 goto err_attach; 918 } 919 dma_resv_lock(dmabuf->resv, NULL); 920 list_add(&attach->node, &dmabuf->attachments); 921 dma_resv_unlock(dmabuf->resv); 922 923 /* When either the importer or the exporter can't handle dynamic 924 * mappings we cache the mapping here to avoid issues with the 925 * reservation object lock. 926 */ 927 if (dma_buf_attachment_is_dynamic(attach) != 928 dma_buf_is_dynamic(dmabuf)) { 929 struct sg_table *sgt; 930 931 dma_resv_lock(attach->dmabuf->resv, NULL); 932 if (dma_buf_is_dynamic(attach->dmabuf)) { 933 ret = dmabuf->ops->pin(attach); 934 if (ret) 935 goto err_unlock; 936 } 937 938 sgt = __map_dma_buf(attach, DMA_BIDIRECTIONAL); 939 if (!sgt) 940 sgt = ERR_PTR(-ENOMEM); 941 if (IS_ERR(sgt)) { 942 ret = PTR_ERR(sgt); 943 goto err_unpin; 944 } 945 dma_resv_unlock(attach->dmabuf->resv); 946 attach->sgt = sgt; 947 attach->dir = DMA_BIDIRECTIONAL; 948 } 949 950 return attach; 951 952err_attach: 953 kfree(attach); 954 return ERR_PTR(ret); 955 956err_unpin: 957 if (dma_buf_is_dynamic(attach->dmabuf)) 958 dmabuf->ops->unpin(attach); 959 960err_unlock: 961 dma_resv_unlock(attach->dmabuf->resv); 962 963 dma_buf_detach(dmabuf, attach); 964 return ERR_PTR(ret); 965} 966EXPORT_SYMBOL_NS_GPL(dma_buf_dynamic_attach, DMA_BUF); 967 968/** 969 * dma_buf_attach - Wrapper for dma_buf_dynamic_attach 970 * @dmabuf: [in] buffer to attach device to. 971 * @dev: [in] device to be attached. 972 * 973 * Wrapper to call dma_buf_dynamic_attach() for drivers which still use a static 974 * mapping. 975 */ 976struct dma_buf_attachment *dma_buf_attach(struct dma_buf *dmabuf, 977 struct device *dev) 978{ 979 return dma_buf_dynamic_attach(dmabuf, dev, NULL, NULL); 980} 981EXPORT_SYMBOL_NS_GPL(dma_buf_attach, DMA_BUF); 982 983static void __unmap_dma_buf(struct dma_buf_attachment *attach, 984 struct sg_table *sg_table, 985 enum dma_data_direction direction) 986{ 987 /* uses XOR, hence this unmangles */ 988 mangle_sg_table(sg_table); 989 990 attach->dmabuf->ops->unmap_dma_buf(attach, sg_table, direction); 991} 992 993/** 994 * dma_buf_detach - Remove the given attachment from dmabuf's attachments list 995 * @dmabuf: [in] buffer to detach from. 996 * @attach: [in] attachment to be detached; is free'd after this call. 997 * 998 * Clean up a device attachment obtained by calling dma_buf_attach(). 999 * 1000 * Optionally this calls &dma_buf_ops.detach for device-specific detach. 1001 */ 1002void dma_buf_detach(struct dma_buf *dmabuf, struct dma_buf_attachment *attach) 1003{ 1004 if (WARN_ON(!dmabuf || !attach || dmabuf != attach->dmabuf)) 1005 return; 1006 1007 dma_resv_lock(dmabuf->resv, NULL); 1008 1009 if (attach->sgt) { 1010 1011 __unmap_dma_buf(attach, attach->sgt, attach->dir); 1012 1013 if (dma_buf_is_dynamic(attach->dmabuf)) 1014 dmabuf->ops->unpin(attach); 1015 } 1016 list_del(&attach->node); 1017 1018 dma_resv_unlock(dmabuf->resv); 1019 1020 if (dmabuf->ops->detach) 1021 dmabuf->ops->detach(dmabuf, attach); 1022 1023 kfree(attach); 1024} 1025EXPORT_SYMBOL_NS_GPL(dma_buf_detach, DMA_BUF); 1026 1027/** 1028 * dma_buf_pin - Lock down the DMA-buf 1029 * @attach: [in] attachment which should be pinned 1030 * 1031 * Only dynamic importers (who set up @attach with dma_buf_dynamic_attach()) may 1032 * call this, and only for limited use cases like scanout and not for temporary 1033 * pin operations. It is not permitted to allow userspace to pin arbitrary 1034 * amounts of buffers through this interface. 1035 * 1036 * Buffers must be unpinned by calling dma_buf_unpin(). 1037 * 1038 * Returns: 1039 * 0 on success, negative error code on failure. 1040 */ 1041int dma_buf_pin(struct dma_buf_attachment *attach) 1042{ 1043 struct dma_buf *dmabuf = attach->dmabuf; 1044 int ret = 0; 1045 1046 WARN_ON(!dma_buf_attachment_is_dynamic(attach)); 1047 1048 dma_resv_assert_held(dmabuf->resv); 1049 1050 if (dmabuf->ops->pin) 1051 ret = dmabuf->ops->pin(attach); 1052 1053 return ret; 1054} 1055EXPORT_SYMBOL_NS_GPL(dma_buf_pin, DMA_BUF); 1056 1057/** 1058 * dma_buf_unpin - Unpin a DMA-buf 1059 * @attach: [in] attachment which should be unpinned 1060 * 1061 * This unpins a buffer pinned by dma_buf_pin() and allows the exporter to move 1062 * any mapping of @attach again and inform the importer through 1063 * &dma_buf_attach_ops.move_notify. 1064 */ 1065void dma_buf_unpin(struct dma_buf_attachment *attach) 1066{ 1067 struct dma_buf *dmabuf = attach->dmabuf; 1068 1069 WARN_ON(!dma_buf_attachment_is_dynamic(attach)); 1070 1071 dma_resv_assert_held(dmabuf->resv); 1072 1073 if (dmabuf->ops->unpin) 1074 dmabuf->ops->unpin(attach); 1075} 1076EXPORT_SYMBOL_NS_GPL(dma_buf_unpin, DMA_BUF); 1077 1078/** 1079 * dma_buf_map_attachment - Returns the scatterlist table of the attachment; 1080 * mapped into _device_ address space. Is a wrapper for map_dma_buf() of the 1081 * dma_buf_ops. 1082 * @attach: [in] attachment whose scatterlist is to be returned 1083 * @direction: [in] direction of DMA transfer 1084 * 1085 * Returns sg_table containing the scatterlist to be returned; returns ERR_PTR 1086 * on error. May return -EINTR if it is interrupted by a signal. 1087 * 1088 * On success, the DMA addresses and lengths in the returned scatterlist are 1089 * PAGE_SIZE aligned. 1090 * 1091 * A mapping must be unmapped by using dma_buf_unmap_attachment(). Note that 1092 * the underlying backing storage is pinned for as long as a mapping exists, 1093 * therefore users/importers should not hold onto a mapping for undue amounts of 1094 * time. 1095 * 1096 * Important: Dynamic importers must wait for the exclusive fence of the struct 1097 * dma_resv attached to the DMA-BUF first. 1098 */ 1099struct sg_table *dma_buf_map_attachment(struct dma_buf_attachment *attach, 1100 enum dma_data_direction direction) 1101{ 1102 struct sg_table *sg_table; 1103 int r; 1104 1105 might_sleep(); 1106 1107 if (WARN_ON(!attach || !attach->dmabuf)) 1108 return ERR_PTR(-EINVAL); 1109 1110 dma_resv_assert_held(attach->dmabuf->resv); 1111 1112 if (attach->sgt) { 1113 /* 1114 * Two mappings with different directions for the same 1115 * attachment are not allowed. 1116 */ 1117 if (attach->dir != direction && 1118 attach->dir != DMA_BIDIRECTIONAL) 1119 return ERR_PTR(-EBUSY); 1120 1121 return attach->sgt; 1122 } 1123 1124 if (dma_buf_is_dynamic(attach->dmabuf)) { 1125 if (!IS_ENABLED(CONFIG_DMABUF_MOVE_NOTIFY)) { 1126 r = attach->dmabuf->ops->pin(attach); 1127 if (r) 1128 return ERR_PTR(r); 1129 } 1130 } 1131 1132 sg_table = __map_dma_buf(attach, direction); 1133 if (!sg_table) 1134 sg_table = ERR_PTR(-ENOMEM); 1135 1136 if (IS_ERR(sg_table) && dma_buf_is_dynamic(attach->dmabuf) && 1137 !IS_ENABLED(CONFIG_DMABUF_MOVE_NOTIFY)) 1138 attach->dmabuf->ops->unpin(attach); 1139 1140 if (!IS_ERR(sg_table) && attach->dmabuf->ops->cache_sgt_mapping) { 1141 attach->sgt = sg_table; 1142 attach->dir = direction; 1143 } 1144 1145#ifdef CONFIG_DMA_API_DEBUG 1146 if (!IS_ERR(sg_table)) { 1147 struct scatterlist *sg; 1148 u64 addr; 1149 int len; 1150 int i; 1151 1152 for_each_sgtable_dma_sg(sg_table, sg, i) { 1153 addr = sg_dma_address(sg); 1154 len = sg_dma_len(sg); 1155 if (!PAGE_ALIGNED(addr) || !PAGE_ALIGNED(len)) { 1156 pr_debug("%s: addr %llx or len %x is not page aligned!\n", 1157 __func__, addr, len); 1158 } 1159 } 1160 } 1161#endif /* CONFIG_DMA_API_DEBUG */ 1162 return sg_table; 1163} 1164EXPORT_SYMBOL_NS_GPL(dma_buf_map_attachment, DMA_BUF); 1165 1166/** 1167 * dma_buf_map_attachment_unlocked - Returns the scatterlist table of the attachment; 1168 * mapped into _device_ address space. Is a wrapper for map_dma_buf() of the 1169 * dma_buf_ops. 1170 * @attach: [in] attachment whose scatterlist is to be returned 1171 * @direction: [in] direction of DMA transfer 1172 * 1173 * Unlocked variant of dma_buf_map_attachment(). 1174 */ 1175struct sg_table * 1176dma_buf_map_attachment_unlocked(struct dma_buf_attachment *attach, 1177 enum dma_data_direction direction) 1178{ 1179 struct sg_table *sg_table; 1180 1181 might_sleep(); 1182 1183 if (WARN_ON(!attach || !attach->dmabuf)) 1184 return ERR_PTR(-EINVAL); 1185 1186 dma_resv_lock(attach->dmabuf->resv, NULL); 1187 sg_table = dma_buf_map_attachment(attach, direction); 1188 dma_resv_unlock(attach->dmabuf->resv); 1189 1190 return sg_table; 1191} 1192EXPORT_SYMBOL_NS_GPL(dma_buf_map_attachment_unlocked, DMA_BUF); 1193 1194/** 1195 * dma_buf_unmap_attachment - unmaps and decreases usecount of the buffer;might 1196 * deallocate the scatterlist associated. Is a wrapper for unmap_dma_buf() of 1197 * dma_buf_ops. 1198 * @attach: [in] attachment to unmap buffer from 1199 * @sg_table: [in] scatterlist info of the buffer to unmap 1200 * @direction: [in] direction of DMA transfer 1201 * 1202 * This unmaps a DMA mapping for @attached obtained by dma_buf_map_attachment(). 1203 */ 1204void dma_buf_unmap_attachment(struct dma_buf_attachment *attach, 1205 struct sg_table *sg_table, 1206 enum dma_data_direction direction) 1207{ 1208 might_sleep(); 1209 1210 if (WARN_ON(!attach || !attach->dmabuf || !sg_table)) 1211 return; 1212 1213 dma_resv_assert_held(attach->dmabuf->resv); 1214 1215 if (attach->sgt == sg_table) 1216 return; 1217 1218 __unmap_dma_buf(attach, sg_table, direction); 1219 1220 if (dma_buf_is_dynamic(attach->dmabuf) && 1221 !IS_ENABLED(CONFIG_DMABUF_MOVE_NOTIFY)) 1222 dma_buf_unpin(attach); 1223} 1224EXPORT_SYMBOL_NS_GPL(dma_buf_unmap_attachment, DMA_BUF); 1225 1226/** 1227 * dma_buf_unmap_attachment_unlocked - unmaps and decreases usecount of the buffer;might 1228 * deallocate the scatterlist associated. Is a wrapper for unmap_dma_buf() of 1229 * dma_buf_ops. 1230 * @attach: [in] attachment to unmap buffer from 1231 * @sg_table: [in] scatterlist info of the buffer to unmap 1232 * @direction: [in] direction of DMA transfer 1233 * 1234 * Unlocked variant of dma_buf_unmap_attachment(). 1235 */ 1236void dma_buf_unmap_attachment_unlocked(struct dma_buf_attachment *attach, 1237 struct sg_table *sg_table, 1238 enum dma_data_direction direction) 1239{ 1240 might_sleep(); 1241 1242 if (WARN_ON(!attach || !attach->dmabuf || !sg_table)) 1243 return; 1244 1245 dma_resv_lock(attach->dmabuf->resv, NULL); 1246 dma_buf_unmap_attachment(attach, sg_table, direction); 1247 dma_resv_unlock(attach->dmabuf->resv); 1248} 1249EXPORT_SYMBOL_NS_GPL(dma_buf_unmap_attachment_unlocked, DMA_BUF); 1250 1251/** 1252 * dma_buf_move_notify - notify attachments that DMA-buf is moving 1253 * 1254 * @dmabuf: [in] buffer which is moving 1255 * 1256 * Informs all attachments that they need to destroy and recreate all their 1257 * mappings. 1258 */ 1259void dma_buf_move_notify(struct dma_buf *dmabuf) 1260{ 1261 struct dma_buf_attachment *attach; 1262 1263 dma_resv_assert_held(dmabuf->resv); 1264 1265 list_for_each_entry(attach, &dmabuf->attachments, node) 1266 if (attach->importer_ops) 1267 attach->importer_ops->move_notify(attach); 1268} 1269EXPORT_SYMBOL_NS_GPL(dma_buf_move_notify, DMA_BUF); 1270 1271/** 1272 * DOC: cpu access 1273 * 1274 * There are multiple reasons for supporting CPU access to a dma buffer object: 1275 * 1276 * - Fallback operations in the kernel, for example when a device is connected 1277 * over USB and the kernel needs to shuffle the data around first before 1278 * sending it away. Cache coherency is handled by bracketing any transactions 1279 * with calls to dma_buf_begin_cpu_access() and dma_buf_end_cpu_access() 1280 * access. 1281 * 1282 * Since for most kernel internal dma-buf accesses need the entire buffer, a 1283 * vmap interface is introduced. Note that on very old 32-bit architectures 1284 * vmalloc space might be limited and result in vmap calls failing. 1285 * 1286 * Interfaces:: 1287 * 1288 * void \*dma_buf_vmap(struct dma_buf \*dmabuf, struct iosys_map \*map) 1289 * void dma_buf_vunmap(struct dma_buf \*dmabuf, struct iosys_map \*map) 1290 * 1291 * The vmap call can fail if there is no vmap support in the exporter, or if 1292 * it runs out of vmalloc space. Note that the dma-buf layer keeps a reference 1293 * count for all vmap access and calls down into the exporter's vmap function 1294 * only when no vmapping exists, and only unmaps it once. Protection against 1295 * concurrent vmap/vunmap calls is provided by taking the &dma_buf.lock mutex. 1296 * 1297 * - For full compatibility on the importer side with existing userspace 1298 * interfaces, which might already support mmap'ing buffers. This is needed in 1299 * many processing pipelines (e.g. feeding a software rendered image into a 1300 * hardware pipeline, thumbnail creation, snapshots, ...). Also, Android's ION 1301 * framework already supported this and for DMA buffer file descriptors to 1302 * replace ION buffers mmap support was needed. 1303 * 1304 * There is no special interfaces, userspace simply calls mmap on the dma-buf 1305 * fd. But like for CPU access there's a need to bracket the actual access, 1306 * which is handled by the ioctl (DMA_BUF_IOCTL_SYNC). Note that 1307 * DMA_BUF_IOCTL_SYNC can fail with -EAGAIN or -EINTR, in which case it must 1308 * be restarted. 1309 * 1310 * Some systems might need some sort of cache coherency management e.g. when 1311 * CPU and GPU domains are being accessed through dma-buf at the same time. 1312 * To circumvent this problem there are begin/end coherency markers, that 1313 * forward directly to existing dma-buf device drivers vfunc hooks. Userspace 1314 * can make use of those markers through the DMA_BUF_IOCTL_SYNC ioctl. The 1315 * sequence would be used like following: 1316 * 1317 * - mmap dma-buf fd 1318 * - for each drawing/upload cycle in CPU 1. SYNC_START ioctl, 2. read/write 1319 * to mmap area 3. SYNC_END ioctl. This can be repeated as often as you 1320 * want (with the new data being consumed by say the GPU or the scanout 1321 * device) 1322 * - munmap once you don't need the buffer any more 1323 * 1324 * For correctness and optimal performance, it is always required to use 1325 * SYNC_START and SYNC_END before and after, respectively, when accessing the 1326 * mapped address. Userspace cannot rely on coherent access, even when there 1327 * are systems where it just works without calling these ioctls. 1328 * 1329 * - And as a CPU fallback in userspace processing pipelines. 1330 * 1331 * Similar to the motivation for kernel cpu access it is again important that 1332 * the userspace code of a given importing subsystem can use the same 1333 * interfaces with a imported dma-buf buffer object as with a native buffer 1334 * object. This is especially important for drm where the userspace part of 1335 * contemporary OpenGL, X, and other drivers is huge, and reworking them to 1336 * use a different way to mmap a buffer rather invasive. 1337 * 1338 * The assumption in the current dma-buf interfaces is that redirecting the 1339 * initial mmap is all that's needed. A survey of some of the existing 1340 * subsystems shows that no driver seems to do any nefarious thing like 1341 * syncing up with outstanding asynchronous processing on the device or 1342 * allocating special resources at fault time. So hopefully this is good 1343 * enough, since adding interfaces to intercept pagefaults and allow pte 1344 * shootdowns would increase the complexity quite a bit. 1345 * 1346 * Interface:: 1347 * 1348 * int dma_buf_mmap(struct dma_buf \*, struct vm_area_struct \*, 1349 * unsigned long); 1350 * 1351 * If the importing subsystem simply provides a special-purpose mmap call to 1352 * set up a mapping in userspace, calling do_mmap with &dma_buf.file will 1353 * equally achieve that for a dma-buf object. 1354 */ 1355 1356static int __dma_buf_begin_cpu_access(struct dma_buf *dmabuf, 1357 enum dma_data_direction direction) 1358{ 1359 bool write = (direction == DMA_BIDIRECTIONAL || 1360 direction == DMA_TO_DEVICE); 1361 struct dma_resv *resv = dmabuf->resv; 1362 long ret; 1363 1364 /* Wait on any implicit rendering fences */ 1365 ret = dma_resv_wait_timeout(resv, dma_resv_usage_rw(write), 1366 true, MAX_SCHEDULE_TIMEOUT); 1367 if (ret < 0) 1368 return ret; 1369 1370 return 0; 1371} 1372 1373/** 1374 * dma_buf_begin_cpu_access - Must be called before accessing a dma_buf from the 1375 * cpu in the kernel context. Calls begin_cpu_access to allow exporter-specific 1376 * preparations. Coherency is only guaranteed in the specified range for the 1377 * specified access direction. 1378 * @dmabuf: [in] buffer to prepare cpu access for. 1379 * @direction: [in] direction of access. 1380 * 1381 * After the cpu access is complete the caller should call 1382 * dma_buf_end_cpu_access(). Only when cpu access is bracketed by both calls is 1383 * it guaranteed to be coherent with other DMA access. 1384 * 1385 * This function will also wait for any DMA transactions tracked through 1386 * implicit synchronization in &dma_buf.resv. For DMA transactions with explicit 1387 * synchronization this function will only ensure cache coherency, callers must 1388 * ensure synchronization with such DMA transactions on their own. 1389 * 1390 * Can return negative error values, returns 0 on success. 1391 */ 1392int dma_buf_begin_cpu_access(struct dma_buf *dmabuf, 1393 enum dma_data_direction direction) 1394{ 1395 int ret = 0; 1396 1397 if (WARN_ON(!dmabuf)) 1398 return -EINVAL; 1399 1400 might_lock(&dmabuf->resv->lock.base); 1401 1402 if (dmabuf->ops->begin_cpu_access) 1403 ret = dmabuf->ops->begin_cpu_access(dmabuf, direction); 1404 1405 /* Ensure that all fences are waited upon - but we first allow 1406 * the native handler the chance to do so more efficiently if it 1407 * chooses. A double invocation here will be reasonably cheap no-op. 1408 */ 1409 if (ret == 0) 1410 ret = __dma_buf_begin_cpu_access(dmabuf, direction); 1411 1412 return ret; 1413} 1414EXPORT_SYMBOL_NS_GPL(dma_buf_begin_cpu_access, DMA_BUF); 1415 1416/** 1417 * dma_buf_end_cpu_access - Must be called after accessing a dma_buf from the 1418 * cpu in the kernel context. Calls end_cpu_access to allow exporter-specific 1419 * actions. Coherency is only guaranteed in the specified range for the 1420 * specified access direction. 1421 * @dmabuf: [in] buffer to complete cpu access for. 1422 * @direction: [in] direction of access. 1423 * 1424 * This terminates CPU access started with dma_buf_begin_cpu_access(). 1425 * 1426 * Can return negative error values, returns 0 on success. 1427 */ 1428int dma_buf_end_cpu_access(struct dma_buf *dmabuf, 1429 enum dma_data_direction direction) 1430{ 1431 int ret = 0; 1432 1433 WARN_ON(!dmabuf); 1434 1435 might_lock(&dmabuf->resv->lock.base); 1436 1437 if (dmabuf->ops->end_cpu_access) 1438 ret = dmabuf->ops->end_cpu_access(dmabuf, direction); 1439 1440 return ret; 1441} 1442EXPORT_SYMBOL_NS_GPL(dma_buf_end_cpu_access, DMA_BUF); 1443 1444 1445/** 1446 * dma_buf_mmap - Setup up a userspace mmap with the given vma 1447 * @dmabuf: [in] buffer that should back the vma 1448 * @vma: [in] vma for the mmap 1449 * @pgoff: [in] offset in pages where this mmap should start within the 1450 * dma-buf buffer. 1451 * 1452 * This function adjusts the passed in vma so that it points at the file of the 1453 * dma_buf operation. It also adjusts the starting pgoff and does bounds 1454 * checking on the size of the vma. Then it calls the exporters mmap function to 1455 * set up the mapping. 1456 * 1457 * Can return negative error values, returns 0 on success. 1458 */ 1459int dma_buf_mmap(struct dma_buf *dmabuf, struct vm_area_struct *vma, 1460 unsigned long pgoff) 1461{ 1462 if (WARN_ON(!dmabuf || !vma)) 1463 return -EINVAL; 1464 1465 /* check if buffer supports mmap */ 1466 if (!dmabuf->ops->mmap) 1467 return -EINVAL; 1468 1469 /* check for offset overflow */ 1470 if (pgoff + vma_pages(vma) < pgoff) 1471 return -EOVERFLOW; 1472 1473 /* check for overflowing the buffer's size */ 1474 if (pgoff + vma_pages(vma) > 1475 dmabuf->size >> PAGE_SHIFT) 1476 return -EINVAL; 1477 1478 /* readjust the vma */ 1479 vma_set_file(vma, dmabuf->file); 1480 vma->vm_pgoff = pgoff; 1481 1482 return dmabuf->ops->mmap(dmabuf, vma); 1483} 1484EXPORT_SYMBOL_NS_GPL(dma_buf_mmap, DMA_BUF); 1485 1486/** 1487 * dma_buf_vmap - Create virtual mapping for the buffer object into kernel 1488 * address space. Same restrictions as for vmap and friends apply. 1489 * @dmabuf: [in] buffer to vmap 1490 * @map: [out] returns the vmap pointer 1491 * 1492 * This call may fail due to lack of virtual mapping address space. 1493 * These calls are optional in drivers. The intended use for them 1494 * is for mapping objects linear in kernel space for high use objects. 1495 * 1496 * To ensure coherency users must call dma_buf_begin_cpu_access() and 1497 * dma_buf_end_cpu_access() around any cpu access performed through this 1498 * mapping. 1499 * 1500 * Returns 0 on success, or a negative errno code otherwise. 1501 */ 1502int dma_buf_vmap(struct dma_buf *dmabuf, struct iosys_map *map) 1503{ 1504 struct iosys_map ptr; 1505 int ret; 1506 1507 iosys_map_clear(map); 1508 1509 if (WARN_ON(!dmabuf)) 1510 return -EINVAL; 1511 1512 dma_resv_assert_held(dmabuf->resv); 1513 1514 if (!dmabuf->ops->vmap) 1515 return -EINVAL; 1516 1517 if (dmabuf->vmapping_counter) { 1518 dmabuf->vmapping_counter++; 1519 BUG_ON(iosys_map_is_null(&dmabuf->vmap_ptr)); 1520 *map = dmabuf->vmap_ptr; 1521 return 0; 1522 } 1523 1524 BUG_ON(iosys_map_is_set(&dmabuf->vmap_ptr)); 1525 1526 ret = dmabuf->ops->vmap(dmabuf, &ptr); 1527 if (WARN_ON_ONCE(ret)) 1528 return ret; 1529 1530 dmabuf->vmap_ptr = ptr; 1531 dmabuf->vmapping_counter = 1; 1532 1533 *map = dmabuf->vmap_ptr; 1534 1535 return 0; 1536} 1537EXPORT_SYMBOL_NS_GPL(dma_buf_vmap, DMA_BUF); 1538 1539/** 1540 * dma_buf_vmap_unlocked - Create virtual mapping for the buffer object into kernel 1541 * address space. Same restrictions as for vmap and friends apply. 1542 * @dmabuf: [in] buffer to vmap 1543 * @map: [out] returns the vmap pointer 1544 * 1545 * Unlocked version of dma_buf_vmap() 1546 * 1547 * Returns 0 on success, or a negative errno code otherwise. 1548 */ 1549int dma_buf_vmap_unlocked(struct dma_buf *dmabuf, struct iosys_map *map) 1550{ 1551 int ret; 1552 1553 iosys_map_clear(map); 1554 1555 if (WARN_ON(!dmabuf)) 1556 return -EINVAL; 1557 1558 dma_resv_lock(dmabuf->resv, NULL); 1559 ret = dma_buf_vmap(dmabuf, map); 1560 dma_resv_unlock(dmabuf->resv); 1561 1562 return ret; 1563} 1564EXPORT_SYMBOL_NS_GPL(dma_buf_vmap_unlocked, DMA_BUF); 1565 1566/** 1567 * dma_buf_vunmap - Unmap a vmap obtained by dma_buf_vmap. 1568 * @dmabuf: [in] buffer to vunmap 1569 * @map: [in] vmap pointer to vunmap 1570 */ 1571void dma_buf_vunmap(struct dma_buf *dmabuf, struct iosys_map *map) 1572{ 1573 if (WARN_ON(!dmabuf)) 1574 return; 1575 1576 dma_resv_assert_held(dmabuf->resv); 1577 1578 BUG_ON(iosys_map_is_null(&dmabuf->vmap_ptr)); 1579 BUG_ON(dmabuf->vmapping_counter == 0); 1580 BUG_ON(!iosys_map_is_equal(&dmabuf->vmap_ptr, map)); 1581 1582 if (--dmabuf->vmapping_counter == 0) { 1583 if (dmabuf->ops->vunmap) 1584 dmabuf->ops->vunmap(dmabuf, map); 1585 iosys_map_clear(&dmabuf->vmap_ptr); 1586 } 1587} 1588EXPORT_SYMBOL_NS_GPL(dma_buf_vunmap, DMA_BUF); 1589 1590/** 1591 * dma_buf_vunmap_unlocked - Unmap a vmap obtained by dma_buf_vmap. 1592 * @dmabuf: [in] buffer to vunmap 1593 * @map: [in] vmap pointer to vunmap 1594 */ 1595void dma_buf_vunmap_unlocked(struct dma_buf *dmabuf, struct iosys_map *map) 1596{ 1597 if (WARN_ON(!dmabuf)) 1598 return; 1599 1600 dma_resv_lock(dmabuf->resv, NULL); 1601 dma_buf_vunmap(dmabuf, map); 1602 dma_resv_unlock(dmabuf->resv); 1603} 1604EXPORT_SYMBOL_NS_GPL(dma_buf_vunmap_unlocked, DMA_BUF); 1605 1606#ifdef CONFIG_DEBUG_FS 1607static int dma_buf_debug_show(struct seq_file *s, void *unused) 1608{ 1609 struct dma_buf *buf_obj; 1610 struct dma_buf_attachment *attach_obj; 1611 int count = 0, attach_count; 1612 size_t size = 0; 1613 int ret; 1614 1615 ret = mutex_lock_interruptible(&db_list.lock); 1616 1617 if (ret) 1618 return ret; 1619 1620 seq_puts(s, "\nDma-buf Objects:\n"); 1621 seq_printf(s, "%-8s\t%-8s\t%-8s\t%-8s\texp_name\t%-8s\tname\n", 1622 "size", "flags", "mode", "count", "ino"); 1623 1624 list_for_each_entry(buf_obj, &db_list.head, list_node) { 1625 1626 ret = dma_resv_lock_interruptible(buf_obj->resv, NULL); 1627 if (ret) 1628 goto error_unlock; 1629 1630 1631 spin_lock(&buf_obj->name_lock); 1632 seq_printf(s, "%08zu\t%08x\t%08x\t%08ld\t%s\t%08lu\t%s\n", 1633 buf_obj->size, 1634 buf_obj->file->f_flags, buf_obj->file->f_mode, 1635 file_count(buf_obj->file), 1636 buf_obj->exp_name, 1637 file_inode(buf_obj->file)->i_ino, 1638 buf_obj->name ?: "<none>"); 1639 spin_unlock(&buf_obj->name_lock); 1640 1641 dma_resv_describe(buf_obj->resv, s); 1642 1643 seq_puts(s, "\tAttached Devices:\n"); 1644 attach_count = 0; 1645 1646 list_for_each_entry(attach_obj, &buf_obj->attachments, node) { 1647 seq_printf(s, "\t%s\n", dev_name(attach_obj->dev)); 1648 attach_count++; 1649 } 1650 dma_resv_unlock(buf_obj->resv); 1651 1652 seq_printf(s, "Total %d devices attached\n\n", 1653 attach_count); 1654 1655 count++; 1656 size += buf_obj->size; 1657 } 1658 1659 seq_printf(s, "\nTotal %d objects, %zu bytes\n", count, size); 1660 1661 mutex_unlock(&db_list.lock); 1662 return 0; 1663 1664error_unlock: 1665 mutex_unlock(&db_list.lock); 1666 return ret; 1667} 1668 1669DEFINE_SHOW_ATTRIBUTE(dma_buf_debug); 1670 1671static struct dentry *dma_buf_debugfs_dir; 1672 1673static int dma_buf_init_debugfs(void) 1674{ 1675 struct dentry *d; 1676 int err = 0; 1677 1678 d = debugfs_create_dir("dma_buf", NULL); 1679 if (IS_ERR(d)) 1680 return PTR_ERR(d); 1681 1682 dma_buf_debugfs_dir = d; 1683 1684 d = debugfs_create_file("bufinfo", S_IRUGO, dma_buf_debugfs_dir, 1685 NULL, &dma_buf_debug_fops); 1686 if (IS_ERR(d)) { 1687 pr_debug("dma_buf: debugfs: failed to create node bufinfo\n"); 1688 debugfs_remove_recursive(dma_buf_debugfs_dir); 1689 dma_buf_debugfs_dir = NULL; 1690 err = PTR_ERR(d); 1691 } 1692 1693 dma_buf_process_info_init_debugfs(dma_buf_debugfs_dir); 1694 return err; 1695} 1696 1697static void dma_buf_uninit_debugfs(void) 1698{ 1699 debugfs_remove_recursive(dma_buf_debugfs_dir); 1700} 1701#else 1702static inline int dma_buf_init_debugfs(void) 1703{ 1704 return 0; 1705} 1706static inline void dma_buf_uninit_debugfs(void) 1707{ 1708} 1709#endif 1710 1711#ifdef CONFIG_DMABUF_PROCESS_INFO 1712struct dma_buf *get_dma_buf_from_file(struct file *f) 1713{ 1714 if (IS_ERR_OR_NULL(f)) 1715 return NULL; 1716 1717 if (!is_dma_buf_file(f)) 1718 return NULL; 1719 1720 return f->private_data; 1721} 1722#endif /* CONFIG_DMABUF_PROCESS_INFO */ 1723 1724static int __init dma_buf_init(void) 1725{ 1726 int ret; 1727 1728 ret = dma_buf_init_sysfs_statistics(); 1729 if (ret) 1730 return ret; 1731 1732 dma_buf_mnt = kern_mount(&dma_buf_fs_type); 1733 if (IS_ERR(dma_buf_mnt)) 1734 return PTR_ERR(dma_buf_mnt); 1735 1736 mutex_init(&db_list.lock); 1737 INIT_LIST_HEAD(&db_list.head); 1738 dma_buf_init_debugfs(); 1739 dma_buf_process_info_init_procfs(); 1740 return 0; 1741} 1742subsys_initcall(dma_buf_init); 1743 1744static void __exit dma_buf_deinit(void) 1745{ 1746 dma_buf_uninit_debugfs(); 1747 kern_unmount(dma_buf_mnt); 1748 dma_buf_uninit_sysfs_statistics(); 1749 dma_buf_process_info_uninit_procfs(); 1750} 1751__exitcall(dma_buf_deinit); 1752