1 // SPDX-License-Identifier: GPL-2.0-only
3 * Framework for buffer objects that can be shared across devices/subsystems.
5 * Copyright(C) 2011 Linaro Limited. All rights reserved.
6 * Author: Sumit Semwal <sumit.semwal@ti.com>
8 * Many thanks to linaro-mm-sig list, and specially
9 * Arnd Bergmann <arnd@arndb.de>, Rob Clark <rob@ti.com> and
10 * Daniel Vetter <daniel@ffwll.ch> for their support in creation and
11 * refining of this idea.
15 #include <linux/slab.h>
16 #include <linux/dma-buf.h>
17 #include <linux/dma-fence.h>
18 #include <linux/anon_inodes.h>
19 #include <linux/export.h>
20 #include <linux/debugfs.h>
21 #include <linux/module.h>
22 #include <linux/seq_file.h>
23 #include <linux/poll.h>
24 #include <linux/reservation.h>
26 #include <linux/mount.h>
27 #include <linux/pseudo_fs.h>
29 #include <uapi/linux/dma-buf.h>
30 #include <uapi/linux/magic.h>
32 static inline int is_dma_buf_file(struct file *);
35 struct list_head head;
39 static struct dma_buf_list db_list;
41 static char *dmabuffs_dname(struct dentry *dentry, char *buffer, int buflen)
43 struct dma_buf *dmabuf;
44 char name[DMA_BUF_NAME_LEN];
47 dmabuf = dentry->d_fsdata;
48 mutex_lock(&dmabuf->lock);
50 ret = strlcpy(name, dmabuf->name, DMA_BUF_NAME_LEN);
51 mutex_unlock(&dmabuf->lock);
53 return dynamic_dname(dentry, buffer, buflen, "/%s:%s",
54 dentry->d_name.name, ret > 0 ? name : "");
57 static const struct dentry_operations dma_buf_dentry_ops = {
58 .d_dname = dmabuffs_dname,
61 static struct vfsmount *dma_buf_mnt;
63 static int dma_buf_fs_init_context(struct fs_context *fc)
65 struct pseudo_fs_context *ctx;
67 ctx = init_pseudo(fc, DMA_BUF_MAGIC);
70 ctx->dops = &dma_buf_dentry_ops;
74 static struct file_system_type dma_buf_fs_type = {
76 .init_fs_context = dma_buf_fs_init_context,
77 .kill_sb = kill_anon_super,
80 static int dma_buf_release(struct inode *inode, struct file *file)
82 struct dma_buf *dmabuf;
84 if (!is_dma_buf_file(file))
87 dmabuf = file->private_data;
89 BUG_ON(dmabuf->vmapping_counter);
92 * Any fences that a dma-buf poll can wait on should be signaled
93 * before releasing dma-buf. This is the responsibility of each
94 * driver that uses the reservation objects.
96 * If you hit this BUG() it means someone dropped their ref to the
97 * dma-buf while still having pending operation to the buffer.
99 BUG_ON(dmabuf->cb_shared.active || dmabuf->cb_excl.active);
101 dmabuf->ops->release(dmabuf);
103 mutex_lock(&db_list.lock);
104 list_del(&dmabuf->list_node);
105 mutex_unlock(&db_list.lock);
107 if (dmabuf->resv == (struct reservation_object *)&dmabuf[1])
108 reservation_object_fini(dmabuf->resv);
110 module_put(dmabuf->owner);
115 static int dma_buf_mmap_internal(struct file *file, struct vm_area_struct *vma)
117 struct dma_buf *dmabuf;
119 if (!is_dma_buf_file(file))
122 dmabuf = file->private_data;
124 /* check if buffer supports mmap */
125 if (!dmabuf->ops->mmap)
128 /* check for overflowing the buffer's size */
129 if (vma->vm_pgoff + vma_pages(vma) >
130 dmabuf->size >> PAGE_SHIFT)
133 return dmabuf->ops->mmap(dmabuf, vma);
136 static loff_t dma_buf_llseek(struct file *file, loff_t offset, int whence)
138 struct dma_buf *dmabuf;
141 if (!is_dma_buf_file(file))
144 dmabuf = file->private_data;
146 /* only support discovering the end of the buffer,
147 but also allow SEEK_SET to maintain the idiomatic
148 SEEK_END(0), SEEK_CUR(0) pattern */
149 if (whence == SEEK_END)
151 else if (whence == SEEK_SET)
159 return base + offset;
165 * To support cross-device and cross-driver synchronization of buffer access
166 * implicit fences (represented internally in the kernel with &struct fence) can
167 * be attached to a &dma_buf. The glue for that and a few related things are
168 * provided in the &reservation_object structure.
170 * Userspace can query the state of these implicitly tracked fences using poll()
171 * and related system calls:
173 * - Checking for EPOLLIN, i.e. read access, can be use to query the state of the
174 * most recent write or exclusive fence.
176 * - Checking for EPOLLOUT, i.e. write access, can be used to query the state of
177 * all attached fences, shared and exclusive ones.
179 * Note that this only signals the completion of the respective fences, i.e. the
180 * DMA transfers are complete. Cache flushing and any other necessary
181 * preparations before CPU access can begin still need to happen.
184 static void dma_buf_poll_cb(struct dma_fence *fence, struct dma_fence_cb *cb)
186 struct dma_buf_poll_cb_t *dcb = (struct dma_buf_poll_cb_t *)cb;
189 spin_lock_irqsave(&dcb->poll->lock, flags);
190 wake_up_locked_poll(dcb->poll, dcb->active);
192 spin_unlock_irqrestore(&dcb->poll->lock, flags);
195 static __poll_t dma_buf_poll(struct file *file, poll_table *poll)
197 struct dma_buf *dmabuf;
198 struct reservation_object *resv;
199 struct reservation_object_list *fobj;
200 struct dma_fence *fence_excl;
202 unsigned shared_count, seq;
204 dmabuf = file->private_data;
205 if (!dmabuf || !dmabuf->resv)
210 poll_wait(file, &dmabuf->poll, poll);
212 events = poll_requested_events(poll) & (EPOLLIN | EPOLLOUT);
217 seq = read_seqcount_begin(&resv->seq);
220 fobj = rcu_dereference(resv->fence);
222 shared_count = fobj->shared_count;
225 fence_excl = rcu_dereference(resv->fence_excl);
226 if (read_seqcount_retry(&resv->seq, seq)) {
231 if (fence_excl && (!(events & EPOLLOUT) || shared_count == 0)) {
232 struct dma_buf_poll_cb_t *dcb = &dmabuf->cb_excl;
233 __poll_t pevents = EPOLLIN;
235 if (shared_count == 0)
238 spin_lock_irq(&dmabuf->poll.lock);
240 dcb->active |= pevents;
243 dcb->active = pevents;
244 spin_unlock_irq(&dmabuf->poll.lock);
246 if (events & pevents) {
247 if (!dma_fence_get_rcu(fence_excl)) {
248 /* force a recheck */
250 dma_buf_poll_cb(NULL, &dcb->cb);
251 } else if (!dma_fence_add_callback(fence_excl, &dcb->cb,
254 dma_fence_put(fence_excl);
257 * No callback queued, wake up any additional
260 dma_fence_put(fence_excl);
261 dma_buf_poll_cb(NULL, &dcb->cb);
266 if ((events & EPOLLOUT) && shared_count > 0) {
267 struct dma_buf_poll_cb_t *dcb = &dmabuf->cb_shared;
270 /* Only queue a new callback if no event has fired yet */
271 spin_lock_irq(&dmabuf->poll.lock);
275 dcb->active = EPOLLOUT;
276 spin_unlock_irq(&dmabuf->poll.lock);
278 if (!(events & EPOLLOUT))
281 for (i = 0; i < shared_count; ++i) {
282 struct dma_fence *fence = rcu_dereference(fobj->shared[i]);
284 if (!dma_fence_get_rcu(fence)) {
286 * fence refcount dropped to zero, this means
287 * that fobj has been freed
289 * call dma_buf_poll_cb and force a recheck!
292 dma_buf_poll_cb(NULL, &dcb->cb);
295 if (!dma_fence_add_callback(fence, &dcb->cb,
297 dma_fence_put(fence);
301 dma_fence_put(fence);
304 /* No callback queued, wake up any additional waiters. */
305 if (i == shared_count)
306 dma_buf_poll_cb(NULL, &dcb->cb);
315 * dma_buf_set_name - Set a name to a specific dma_buf to track the usage.
316 * The name of the dma-buf buffer can only be set when the dma-buf is not
317 * attached to any devices. It could theoritically support changing the
318 * name of the dma-buf if the same piece of memory is used for multiple
319 * purpose between different devices.
321 * @dmabuf [in] dmabuf buffer that will be renamed.
322 * @buf: [in] A piece of userspace memory that contains the name of
325 * Returns 0 on success. If the dma-buf buffer is already attached to
326 * devices, return -EBUSY.
329 static long dma_buf_set_name(struct dma_buf *dmabuf, const char __user *buf)
331 char *name = strndup_user(buf, DMA_BUF_NAME_LEN);
335 return PTR_ERR(name);
337 mutex_lock(&dmabuf->lock);
338 if (!list_empty(&dmabuf->attachments)) {
347 mutex_unlock(&dmabuf->lock);
351 static long dma_buf_ioctl(struct file *file,
352 unsigned int cmd, unsigned long arg)
354 struct dma_buf *dmabuf;
355 struct dma_buf_sync sync;
356 enum dma_data_direction direction;
359 dmabuf = file->private_data;
362 case DMA_BUF_IOCTL_SYNC:
363 if (copy_from_user(&sync, (void __user *) arg, sizeof(sync)))
366 if (sync.flags & ~DMA_BUF_SYNC_VALID_FLAGS_MASK)
369 switch (sync.flags & DMA_BUF_SYNC_RW) {
370 case DMA_BUF_SYNC_READ:
371 direction = DMA_FROM_DEVICE;
373 case DMA_BUF_SYNC_WRITE:
374 direction = DMA_TO_DEVICE;
376 case DMA_BUF_SYNC_RW:
377 direction = DMA_BIDIRECTIONAL;
383 if (sync.flags & DMA_BUF_SYNC_END)
384 ret = dma_buf_end_cpu_access(dmabuf, direction);
386 ret = dma_buf_begin_cpu_access(dmabuf, direction);
390 case DMA_BUF_SET_NAME:
391 return dma_buf_set_name(dmabuf, (const char __user *)arg);
398 static void dma_buf_show_fdinfo(struct seq_file *m, struct file *file)
400 struct dma_buf *dmabuf = file->private_data;
402 seq_printf(m, "size:\t%zu\n", dmabuf->size);
403 /* Don't count the temporary reference taken inside procfs seq_show */
404 seq_printf(m, "count:\t%ld\n", file_count(dmabuf->file) - 1);
405 seq_printf(m, "exp_name:\t%s\n", dmabuf->exp_name);
406 mutex_lock(&dmabuf->lock);
408 seq_printf(m, "name:\t%s\n", dmabuf->name);
409 mutex_unlock(&dmabuf->lock);
412 static const struct file_operations dma_buf_fops = {
413 .release = dma_buf_release,
414 .mmap = dma_buf_mmap_internal,
415 .llseek = dma_buf_llseek,
416 .poll = dma_buf_poll,
417 .unlocked_ioctl = dma_buf_ioctl,
419 .compat_ioctl = dma_buf_ioctl,
421 .show_fdinfo = dma_buf_show_fdinfo,
425 * is_dma_buf_file - Check if struct file* is associated with dma_buf
427 static inline int is_dma_buf_file(struct file *file)
429 return file->f_op == &dma_buf_fops;
432 static struct file *dma_buf_getfile(struct dma_buf *dmabuf, int flags)
435 struct inode *inode = alloc_anon_inode(dma_buf_mnt->mnt_sb);
438 return ERR_CAST(inode);
440 inode->i_size = dmabuf->size;
441 inode_set_bytes(inode, dmabuf->size);
443 file = alloc_file_pseudo(inode, dma_buf_mnt, "dmabuf",
444 flags, &dma_buf_fops);
447 file->f_flags = flags & (O_ACCMODE | O_NONBLOCK);
448 file->private_data = dmabuf;
449 file->f_path.dentry->d_fsdata = dmabuf;
459 * DOC: dma buf device access
461 * For device DMA access to a shared DMA buffer the usual sequence of operations
464 * 1. The exporter defines his exporter instance using
465 * DEFINE_DMA_BUF_EXPORT_INFO() and calls dma_buf_export() to wrap a private
466 * buffer object into a &dma_buf. It then exports that &dma_buf to userspace
467 * as a file descriptor by calling dma_buf_fd().
469 * 2. Userspace passes this file-descriptors to all drivers it wants this buffer
470 * to share with: First the filedescriptor is converted to a &dma_buf using
471 * dma_buf_get(). Then the buffer is attached to the device using
474 * Up to this stage the exporter is still free to migrate or reallocate the
477 * 3. Once the buffer is attached to all devices userspace can initiate DMA
478 * access to the shared buffer. In the kernel this is done by calling
479 * dma_buf_map_attachment() and dma_buf_unmap_attachment().
481 * 4. Once a driver is done with a shared buffer it needs to call
482 * dma_buf_detach() (after cleaning up any mappings) and then release the
483 * reference acquired with dma_buf_get by calling dma_buf_put().
485 * For the detailed semantics exporters are expected to implement see
490 * dma_buf_export - Creates a new dma_buf, and associates an anon file
491 * with this buffer, so it can be exported.
492 * Also connect the allocator specific data and ops to the buffer.
493 * Additionally, provide a name string for exporter; useful in debugging.
495 * @exp_info: [in] holds all the export related information provided
496 * by the exporter. see &struct dma_buf_export_info
497 * for further details.
499 * Returns, on success, a newly created dma_buf object, which wraps the
500 * supplied private data and operations for dma_buf_ops. On either missing
501 * ops, or error in allocating struct dma_buf, will return negative error.
503 * For most cases the easiest way to create @exp_info is through the
504 * %DEFINE_DMA_BUF_EXPORT_INFO macro.
506 struct dma_buf *dma_buf_export(const struct dma_buf_export_info *exp_info)
508 struct dma_buf *dmabuf;
509 struct reservation_object *resv = exp_info->resv;
511 size_t alloc_size = sizeof(struct dma_buf);
515 alloc_size += sizeof(struct reservation_object);
517 /* prevent &dma_buf[1] == dma_buf->resv */
520 if (WARN_ON(!exp_info->priv
522 || !exp_info->ops->map_dma_buf
523 || !exp_info->ops->unmap_dma_buf
524 || !exp_info->ops->release)) {
525 return ERR_PTR(-EINVAL);
528 if (!try_module_get(exp_info->owner))
529 return ERR_PTR(-ENOENT);
531 dmabuf = kzalloc(alloc_size, GFP_KERNEL);
537 dmabuf->priv = exp_info->priv;
538 dmabuf->ops = exp_info->ops;
539 dmabuf->size = exp_info->size;
540 dmabuf->exp_name = exp_info->exp_name;
541 dmabuf->owner = exp_info->owner;
542 init_waitqueue_head(&dmabuf->poll);
543 dmabuf->cb_excl.poll = dmabuf->cb_shared.poll = &dmabuf->poll;
544 dmabuf->cb_excl.active = dmabuf->cb_shared.active = 0;
547 resv = (struct reservation_object *)&dmabuf[1];
548 reservation_object_init(resv);
552 file = dma_buf_getfile(dmabuf, exp_info->flags);
558 file->f_mode |= FMODE_LSEEK;
561 mutex_init(&dmabuf->lock);
562 INIT_LIST_HEAD(&dmabuf->attachments);
564 mutex_lock(&db_list.lock);
565 list_add(&dmabuf->list_node, &db_list.head);
566 mutex_unlock(&db_list.lock);
573 module_put(exp_info->owner);
576 EXPORT_SYMBOL_GPL(dma_buf_export);
579 * dma_buf_fd - returns a file descriptor for the given dma_buf
580 * @dmabuf: [in] pointer to dma_buf for which fd is required.
581 * @flags: [in] flags to give to fd
583 * On success, returns an associated 'fd'. Else, returns error.
585 int dma_buf_fd(struct dma_buf *dmabuf, int flags)
589 if (!dmabuf || !dmabuf->file)
592 fd = get_unused_fd_flags(flags);
596 fd_install(fd, dmabuf->file);
600 EXPORT_SYMBOL_GPL(dma_buf_fd);
603 * dma_buf_get - returns the dma_buf structure related to an fd
604 * @fd: [in] fd associated with the dma_buf to be returned
606 * On success, returns the dma_buf structure associated with an fd; uses
607 * file's refcounting done by fget to increase refcount. returns ERR_PTR
610 struct dma_buf *dma_buf_get(int fd)
617 return ERR_PTR(-EBADF);
619 if (!is_dma_buf_file(file)) {
621 return ERR_PTR(-EINVAL);
624 return file->private_data;
626 EXPORT_SYMBOL_GPL(dma_buf_get);
629 * dma_buf_put - decreases refcount of the buffer
630 * @dmabuf: [in] buffer to reduce refcount of
632 * Uses file's refcounting done implicitly by fput().
634 * If, as a result of this call, the refcount becomes 0, the 'release' file
635 * operation related to this fd is called. It calls &dma_buf_ops.release vfunc
636 * in turn, and frees the memory allocated for dmabuf when exported.
638 void dma_buf_put(struct dma_buf *dmabuf)
640 if (WARN_ON(!dmabuf || !dmabuf->file))
645 EXPORT_SYMBOL_GPL(dma_buf_put);
648 * dma_buf_attach - Add the device to dma_buf's attachments list; optionally,
649 * calls attach() of dma_buf_ops to allow device-specific attach functionality
650 * @dmabuf: [in] buffer to attach device to.
651 * @dev: [in] device to be attached.
653 * Returns struct dma_buf_attachment pointer for this attachment. Attachments
654 * must be cleaned up by calling dma_buf_detach().
658 * A pointer to newly created &dma_buf_attachment on success, or a negative
659 * error code wrapped into a pointer on failure.
661 * Note that this can fail if the backing storage of @dmabuf is in a place not
662 * accessible to @dev, and cannot be moved to a more suitable place. This is
663 * indicated with the error code -EBUSY.
665 struct dma_buf_attachment *dma_buf_attach(struct dma_buf *dmabuf,
668 struct dma_buf_attachment *attach;
671 if (WARN_ON(!dmabuf || !dev))
672 return ERR_PTR(-EINVAL);
674 attach = kzalloc(sizeof(*attach), GFP_KERNEL);
676 return ERR_PTR(-ENOMEM);
679 attach->dmabuf = dmabuf;
681 mutex_lock(&dmabuf->lock);
683 if (dmabuf->ops->attach) {
684 ret = dmabuf->ops->attach(dmabuf, attach);
688 list_add(&attach->node, &dmabuf->attachments);
690 mutex_unlock(&dmabuf->lock);
696 mutex_unlock(&dmabuf->lock);
699 EXPORT_SYMBOL_GPL(dma_buf_attach);
702 * dma_buf_detach - Remove the given attachment from dmabuf's attachments list;
703 * optionally calls detach() of dma_buf_ops for device-specific detach
704 * @dmabuf: [in] buffer to detach from.
705 * @attach: [in] attachment to be detached; is free'd after this call.
707 * Clean up a device attachment obtained by calling dma_buf_attach().
709 void dma_buf_detach(struct dma_buf *dmabuf, struct dma_buf_attachment *attach)
711 if (WARN_ON(!dmabuf || !attach))
715 dmabuf->ops->unmap_dma_buf(attach, attach->sgt, attach->dir);
717 mutex_lock(&dmabuf->lock);
718 list_del(&attach->node);
719 if (dmabuf->ops->detach)
720 dmabuf->ops->detach(dmabuf, attach);
722 mutex_unlock(&dmabuf->lock);
725 EXPORT_SYMBOL_GPL(dma_buf_detach);
728 * dma_buf_map_attachment - Returns the scatterlist table of the attachment;
729 * mapped into _device_ address space. Is a wrapper for map_dma_buf() of the
731 * @attach: [in] attachment whose scatterlist is to be returned
732 * @direction: [in] direction of DMA transfer
734 * Returns sg_table containing the scatterlist to be returned; returns ERR_PTR
735 * on error. May return -EINTR if it is interrupted by a signal.
737 * A mapping must be unmapped by using dma_buf_unmap_attachment(). Note that
738 * the underlying backing storage is pinned for as long as a mapping exists,
739 * therefore users/importers should not hold onto a mapping for undue amounts of
742 struct sg_table *dma_buf_map_attachment(struct dma_buf_attachment *attach,
743 enum dma_data_direction direction)
745 struct sg_table *sg_table;
749 if (WARN_ON(!attach || !attach->dmabuf))
750 return ERR_PTR(-EINVAL);
754 * Two mappings with different directions for the same
755 * attachment are not allowed.
757 if (attach->dir != direction &&
758 attach->dir != DMA_BIDIRECTIONAL)
759 return ERR_PTR(-EBUSY);
764 sg_table = attach->dmabuf->ops->map_dma_buf(attach, direction);
766 sg_table = ERR_PTR(-ENOMEM);
768 if (!IS_ERR(sg_table) && attach->dmabuf->ops->cache_sgt_mapping) {
769 attach->sgt = sg_table;
770 attach->dir = direction;
775 EXPORT_SYMBOL_GPL(dma_buf_map_attachment);
778 * dma_buf_unmap_attachment - unmaps and decreases usecount of the buffer;might
779 * deallocate the scatterlist associated. Is a wrapper for unmap_dma_buf() of
781 * @attach: [in] attachment to unmap buffer from
782 * @sg_table: [in] scatterlist info of the buffer to unmap
783 * @direction: [in] direction of DMA transfer
785 * This unmaps a DMA mapping for @attached obtained by dma_buf_map_attachment().
787 void dma_buf_unmap_attachment(struct dma_buf_attachment *attach,
788 struct sg_table *sg_table,
789 enum dma_data_direction direction)
793 if (WARN_ON(!attach || !attach->dmabuf || !sg_table))
796 if (attach->sgt == sg_table)
799 attach->dmabuf->ops->unmap_dma_buf(attach, sg_table, direction);
801 EXPORT_SYMBOL_GPL(dma_buf_unmap_attachment);
806 * There are mutliple reasons for supporting CPU access to a dma buffer object:
808 * - Fallback operations in the kernel, for example when a device is connected
809 * over USB and the kernel needs to shuffle the data around first before
810 * sending it away. Cache coherency is handled by braketing any transactions
811 * with calls to dma_buf_begin_cpu_access() and dma_buf_end_cpu_access()
814 * To support dma_buf objects residing in highmem cpu access is page-based
815 * using an api similar to kmap. Accessing a dma_buf is done in aligned chunks
816 * of PAGE_SIZE size. Before accessing a chunk it needs to be mapped, which
817 * returns a pointer in kernel virtual address space. Afterwards the chunk
818 * needs to be unmapped again. There is no limit on how often a given chunk
819 * can be mapped and unmapped, i.e. the importer does not need to call
820 * begin_cpu_access again before mapping the same chunk again.
823 * void \*dma_buf_kmap(struct dma_buf \*, unsigned long);
824 * void dma_buf_kunmap(struct dma_buf \*, unsigned long, void \*);
826 * Implementing the functions is optional for exporters and for importers all
827 * the restrictions of using kmap apply.
829 * dma_buf kmap calls outside of the range specified in begin_cpu_access are
830 * undefined. If the range is not PAGE_SIZE aligned, kmap needs to succeed on
831 * the partial chunks at the beginning and end but may return stale or bogus
832 * data outside of the range (in these partial chunks).
834 * For some cases the overhead of kmap can be too high, a vmap interface
835 * is introduced. This interface should be used very carefully, as vmalloc
836 * space is a limited resources on many architectures.
839 * void \*dma_buf_vmap(struct dma_buf \*dmabuf)
840 * void dma_buf_vunmap(struct dma_buf \*dmabuf, void \*vaddr)
842 * The vmap call can fail if there is no vmap support in the exporter, or if
843 * it runs out of vmalloc space. Fallback to kmap should be implemented. Note
844 * that the dma-buf layer keeps a reference count for all vmap access and
845 * calls down into the exporter's vmap function only when no vmapping exists,
846 * and only unmaps it once. Protection against concurrent vmap/vunmap calls is
847 * provided by taking the dma_buf->lock mutex.
849 * - For full compatibility on the importer side with existing userspace
850 * interfaces, which might already support mmap'ing buffers. This is needed in
851 * many processing pipelines (e.g. feeding a software rendered image into a
852 * hardware pipeline, thumbnail creation, snapshots, ...). Also, Android's ION
853 * framework already supported this and for DMA buffer file descriptors to
854 * replace ION buffers mmap support was needed.
856 * There is no special interfaces, userspace simply calls mmap on the dma-buf
857 * fd. But like for CPU access there's a need to braket the actual access,
858 * which is handled by the ioctl (DMA_BUF_IOCTL_SYNC). Note that
859 * DMA_BUF_IOCTL_SYNC can fail with -EAGAIN or -EINTR, in which case it must
862 * Some systems might need some sort of cache coherency management e.g. when
863 * CPU and GPU domains are being accessed through dma-buf at the same time.
864 * To circumvent this problem there are begin/end coherency markers, that
865 * forward directly to existing dma-buf device drivers vfunc hooks. Userspace
866 * can make use of those markers through the DMA_BUF_IOCTL_SYNC ioctl. The
867 * sequence would be used like following:
870 * - for each drawing/upload cycle in CPU 1. SYNC_START ioctl, 2. read/write
871 * to mmap area 3. SYNC_END ioctl. This can be repeated as often as you
872 * want (with the new data being consumed by say the GPU or the scanout
874 * - munmap once you don't need the buffer any more
876 * For correctness and optimal performance, it is always required to use
877 * SYNC_START and SYNC_END before and after, respectively, when accessing the
878 * mapped address. Userspace cannot rely on coherent access, even when there
879 * are systems where it just works without calling these ioctls.
881 * - And as a CPU fallback in userspace processing pipelines.
883 * Similar to the motivation for kernel cpu access it is again important that
884 * the userspace code of a given importing subsystem can use the same
885 * interfaces with a imported dma-buf buffer object as with a native buffer
886 * object. This is especially important for drm where the userspace part of
887 * contemporary OpenGL, X, and other drivers is huge, and reworking them to
888 * use a different way to mmap a buffer rather invasive.
890 * The assumption in the current dma-buf interfaces is that redirecting the
891 * initial mmap is all that's needed. A survey of some of the existing
892 * subsystems shows that no driver seems to do any nefarious thing like
893 * syncing up with outstanding asynchronous processing on the device or
894 * allocating special resources at fault time. So hopefully this is good
895 * enough, since adding interfaces to intercept pagefaults and allow pte
896 * shootdowns would increase the complexity quite a bit.
899 * int dma_buf_mmap(struct dma_buf \*, struct vm_area_struct \*,
902 * If the importing subsystem simply provides a special-purpose mmap call to
903 * set up a mapping in userspace, calling do_mmap with dma_buf->file will
904 * equally achieve that for a dma-buf object.
907 static int __dma_buf_begin_cpu_access(struct dma_buf *dmabuf,
908 enum dma_data_direction direction)
910 bool write = (direction == DMA_BIDIRECTIONAL ||
911 direction == DMA_TO_DEVICE);
912 struct reservation_object *resv = dmabuf->resv;
915 /* Wait on any implicit rendering fences */
916 ret = reservation_object_wait_timeout_rcu(resv, write, true,
917 MAX_SCHEDULE_TIMEOUT);
925 * dma_buf_begin_cpu_access - Must be called before accessing a dma_buf from the
926 * cpu in the kernel context. Calls begin_cpu_access to allow exporter-specific
927 * preparations. Coherency is only guaranteed in the specified range for the
928 * specified access direction.
929 * @dmabuf: [in] buffer to prepare cpu access for.
930 * @direction: [in] length of range for cpu access.
932 * After the cpu access is complete the caller should call
933 * dma_buf_end_cpu_access(). Only when cpu access is braketed by both calls is
934 * it guaranteed to be coherent with other DMA access.
936 * Can return negative error values, returns 0 on success.
938 int dma_buf_begin_cpu_access(struct dma_buf *dmabuf,
939 enum dma_data_direction direction)
943 if (WARN_ON(!dmabuf))
946 if (dmabuf->ops->begin_cpu_access)
947 ret = dmabuf->ops->begin_cpu_access(dmabuf, direction);
949 /* Ensure that all fences are waited upon - but we first allow
950 * the native handler the chance to do so more efficiently if it
951 * chooses. A double invocation here will be reasonably cheap no-op.
954 ret = __dma_buf_begin_cpu_access(dmabuf, direction);
958 EXPORT_SYMBOL_GPL(dma_buf_begin_cpu_access);
961 * dma_buf_end_cpu_access - Must be called after accessing a dma_buf from the
962 * cpu in the kernel context. Calls end_cpu_access to allow exporter-specific
963 * actions. Coherency is only guaranteed in the specified range for the
964 * specified access direction.
965 * @dmabuf: [in] buffer to complete cpu access for.
966 * @direction: [in] length of range for cpu access.
968 * This terminates CPU access started with dma_buf_begin_cpu_access().
970 * Can return negative error values, returns 0 on success.
972 int dma_buf_end_cpu_access(struct dma_buf *dmabuf,
973 enum dma_data_direction direction)
979 if (dmabuf->ops->end_cpu_access)
980 ret = dmabuf->ops->end_cpu_access(dmabuf, direction);
984 EXPORT_SYMBOL_GPL(dma_buf_end_cpu_access);
987 * dma_buf_kmap - Map a page of the buffer object into kernel address space. The
988 * same restrictions as for kmap and friends apply.
989 * @dmabuf: [in] buffer to map page from.
990 * @page_num: [in] page in PAGE_SIZE units to map.
992 * This call must always succeed, any necessary preparations that might fail
993 * need to be done in begin_cpu_access.
995 void *dma_buf_kmap(struct dma_buf *dmabuf, unsigned long page_num)
999 if (!dmabuf->ops->map)
1001 return dmabuf->ops->map(dmabuf, page_num);
1003 EXPORT_SYMBOL_GPL(dma_buf_kmap);
1006 * dma_buf_kunmap - Unmap a page obtained by dma_buf_kmap.
1007 * @dmabuf: [in] buffer to unmap page from.
1008 * @page_num: [in] page in PAGE_SIZE units to unmap.
1009 * @vaddr: [in] kernel space pointer obtained from dma_buf_kmap.
1011 * This call must always succeed.
1013 void dma_buf_kunmap(struct dma_buf *dmabuf, unsigned long page_num,
1018 if (dmabuf->ops->unmap)
1019 dmabuf->ops->unmap(dmabuf, page_num, vaddr);
1021 EXPORT_SYMBOL_GPL(dma_buf_kunmap);
1025 * dma_buf_mmap - Setup up a userspace mmap with the given vma
1026 * @dmabuf: [in] buffer that should back the vma
1027 * @vma: [in] vma for the mmap
1028 * @pgoff: [in] offset in pages where this mmap should start within the
1031 * This function adjusts the passed in vma so that it points at the file of the
1032 * dma_buf operation. It also adjusts the starting pgoff and does bounds
1033 * checking on the size of the vma. Then it calls the exporters mmap function to
1034 * set up the mapping.
1036 * Can return negative error values, returns 0 on success.
1038 int dma_buf_mmap(struct dma_buf *dmabuf, struct vm_area_struct *vma,
1039 unsigned long pgoff)
1041 struct file *oldfile;
1044 if (WARN_ON(!dmabuf || !vma))
1047 /* check if buffer supports mmap */
1048 if (!dmabuf->ops->mmap)
1051 /* check for offset overflow */
1052 if (pgoff + vma_pages(vma) < pgoff)
1055 /* check for overflowing the buffer's size */
1056 if (pgoff + vma_pages(vma) >
1057 dmabuf->size >> PAGE_SHIFT)
1060 /* readjust the vma */
1061 get_file(dmabuf->file);
1062 oldfile = vma->vm_file;
1063 vma->vm_file = dmabuf->file;
1064 vma->vm_pgoff = pgoff;
1066 ret = dmabuf->ops->mmap(dmabuf, vma);
1068 /* restore old parameters on failure */
1069 vma->vm_file = oldfile;
1078 EXPORT_SYMBOL_GPL(dma_buf_mmap);
1081 * dma_buf_vmap - Create virtual mapping for the buffer object into kernel
1082 * address space. Same restrictions as for vmap and friends apply.
1083 * @dmabuf: [in] buffer to vmap
1085 * This call may fail due to lack of virtual mapping address space.
1086 * These calls are optional in drivers. The intended use for them
1087 * is for mapping objects linear in kernel space for high use objects.
1088 * Please attempt to use kmap/kunmap before thinking about these interfaces.
1090 * Returns NULL on error.
1092 void *dma_buf_vmap(struct dma_buf *dmabuf)
1096 if (WARN_ON(!dmabuf))
1099 if (!dmabuf->ops->vmap)
1102 mutex_lock(&dmabuf->lock);
1103 if (dmabuf->vmapping_counter) {
1104 dmabuf->vmapping_counter++;
1105 BUG_ON(!dmabuf->vmap_ptr);
1106 ptr = dmabuf->vmap_ptr;
1110 BUG_ON(dmabuf->vmap_ptr);
1112 ptr = dmabuf->ops->vmap(dmabuf);
1113 if (WARN_ON_ONCE(IS_ERR(ptr)))
1118 dmabuf->vmap_ptr = ptr;
1119 dmabuf->vmapping_counter = 1;
1122 mutex_unlock(&dmabuf->lock);
1125 EXPORT_SYMBOL_GPL(dma_buf_vmap);
1128 * dma_buf_vunmap - Unmap a vmap obtained by dma_buf_vmap.
1129 * @dmabuf: [in] buffer to vunmap
1130 * @vaddr: [in] vmap to vunmap
1132 void dma_buf_vunmap(struct dma_buf *dmabuf, void *vaddr)
1134 if (WARN_ON(!dmabuf))
1137 BUG_ON(!dmabuf->vmap_ptr);
1138 BUG_ON(dmabuf->vmapping_counter == 0);
1139 BUG_ON(dmabuf->vmap_ptr != vaddr);
1141 mutex_lock(&dmabuf->lock);
1142 if (--dmabuf->vmapping_counter == 0) {
1143 if (dmabuf->ops->vunmap)
1144 dmabuf->ops->vunmap(dmabuf, vaddr);
1145 dmabuf->vmap_ptr = NULL;
1147 mutex_unlock(&dmabuf->lock);
1149 EXPORT_SYMBOL_GPL(dma_buf_vunmap);
1151 #ifdef CONFIG_DEBUG_FS
1152 static int dma_buf_debug_show(struct seq_file *s, void *unused)
1155 struct dma_buf *buf_obj;
1156 struct dma_buf_attachment *attach_obj;
1157 struct reservation_object *robj;
1158 struct reservation_object_list *fobj;
1159 struct dma_fence *fence;
1161 int count = 0, attach_count, shared_count, i;
1164 ret = mutex_lock_interruptible(&db_list.lock);
1169 seq_puts(s, "\nDma-buf Objects:\n");
1170 seq_printf(s, "%-8s\t%-8s\t%-8s\t%-8s\texp_name\t%-8s\n",
1171 "size", "flags", "mode", "count", "ino");
1173 list_for_each_entry(buf_obj, &db_list.head, list_node) {
1174 ret = mutex_lock_interruptible(&buf_obj->lock);
1178 "\tERROR locking buffer object: skipping\n");
1182 seq_printf(s, "%08zu\t%08x\t%08x\t%08ld\t%s\t%08lu\t%s\n",
1184 buf_obj->file->f_flags, buf_obj->file->f_mode,
1185 file_count(buf_obj->file),
1187 file_inode(buf_obj->file)->i_ino,
1188 buf_obj->name ?: "");
1190 robj = buf_obj->resv;
1192 seq = read_seqcount_begin(&robj->seq);
1194 fobj = rcu_dereference(robj->fence);
1195 shared_count = fobj ? fobj->shared_count : 0;
1196 fence = rcu_dereference(robj->fence_excl);
1197 if (!read_seqcount_retry(&robj->seq, seq))
1203 seq_printf(s, "\tExclusive fence: %s %s %ssignalled\n",
1204 fence->ops->get_driver_name(fence),
1205 fence->ops->get_timeline_name(fence),
1206 dma_fence_is_signaled(fence) ? "" : "un");
1207 for (i = 0; i < shared_count; i++) {
1208 fence = rcu_dereference(fobj->shared[i]);
1209 if (!dma_fence_get_rcu(fence))
1211 seq_printf(s, "\tShared fence: %s %s %ssignalled\n",
1212 fence->ops->get_driver_name(fence),
1213 fence->ops->get_timeline_name(fence),
1214 dma_fence_is_signaled(fence) ? "" : "un");
1215 dma_fence_put(fence);
1219 seq_puts(s, "\tAttached Devices:\n");
1222 list_for_each_entry(attach_obj, &buf_obj->attachments, node) {
1223 seq_printf(s, "\t%s\n", dev_name(attach_obj->dev));
1227 seq_printf(s, "Total %d devices attached\n\n",
1231 size += buf_obj->size;
1232 mutex_unlock(&buf_obj->lock);
1235 seq_printf(s, "\nTotal %d objects, %zu bytes\n", count, size);
1237 mutex_unlock(&db_list.lock);
1241 DEFINE_SHOW_ATTRIBUTE(dma_buf_debug);
1243 static struct dentry *dma_buf_debugfs_dir;
1245 static int dma_buf_init_debugfs(void)
1250 d = debugfs_create_dir("dma_buf", NULL);
1254 dma_buf_debugfs_dir = d;
1256 d = debugfs_create_file("bufinfo", S_IRUGO, dma_buf_debugfs_dir,
1257 NULL, &dma_buf_debug_fops);
1259 pr_debug("dma_buf: debugfs: failed to create node bufinfo\n");
1260 debugfs_remove_recursive(dma_buf_debugfs_dir);
1261 dma_buf_debugfs_dir = NULL;
1268 static void dma_buf_uninit_debugfs(void)
1270 debugfs_remove_recursive(dma_buf_debugfs_dir);
1273 static inline int dma_buf_init_debugfs(void)
1277 static inline void dma_buf_uninit_debugfs(void)
1282 static int __init dma_buf_init(void)
1284 dma_buf_mnt = kern_mount(&dma_buf_fs_type);
1285 if (IS_ERR(dma_buf_mnt))
1286 return PTR_ERR(dma_buf_mnt);
1288 mutex_init(&db_list.lock);
1289 INIT_LIST_HEAD(&db_list.head);
1290 dma_buf_init_debugfs();
1293 subsys_initcall(dma_buf_init);
1295 static void __exit dma_buf_deinit(void)
1297 dma_buf_uninit_debugfs();
1298 kern_unmount(dma_buf_mnt);
1300 __exitcall(dma_buf_deinit);
git.samba.org / sfrench / cifs-2.6.git / blob