Commit | Line | Data |
---|---|---|
673a394b EA |
1 | /* |
2 | * Copyright © 2008 Intel Corporation | |
3 | * | |
4 | * Permission is hereby granted, free of charge, to any person obtaining a | |
5 | * copy of this software and associated documentation files (the "Software"), | |
6 | * to deal in the Software without restriction, including without limitation | |
7 | * the rights to use, copy, modify, merge, publish, distribute, sublicense, | |
8 | * and/or sell copies of the Software, and to permit persons to whom the | |
9 | * Software is furnished to do so, subject to the following conditions: | |
10 | * | |
11 | * The above copyright notice and this permission notice (including the next | |
12 | * paragraph) shall be included in all copies or substantial portions of the | |
13 | * Software. | |
14 | * | |
15 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | |
16 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | |
17 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL | |
18 | * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | |
19 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING | |
20 | * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS | |
21 | * IN THE SOFTWARE. | |
22 | * | |
23 | * Authors: | |
24 | * Eric Anholt <eric@anholt.net> | |
25 | * | |
26 | */ | |
27 | ||
28 | #include <linux/types.h> | |
29 | #include <linux/slab.h> | |
30 | #include <linux/mm.h> | |
31 | #include <linux/uaccess.h> | |
32 | #include <linux/fs.h> | |
33 | #include <linux/file.h> | |
34 | #include <linux/module.h> | |
35 | #include <linux/mman.h> | |
36 | #include <linux/pagemap.h> | |
37 | #include "drmP.h" | |
38 | ||
39 | /** @file drm_gem.c | |
40 | * | |
41 | * This file provides some of the base ioctls and library routines for | |
42 | * the graphics memory manager implemented by each device driver. | |
43 | * | |
44 | * Because various devices have different requirements in terms of | |
45 | * synchronization and migration strategies, implementing that is left up to | |
46 | * the driver, and all that the general API provides should be generic -- | |
47 | * allocating objects, reading/writing data with the cpu, freeing objects. | |
48 | * Even there, platform-dependent optimizations for reading/writing data with | |
49 | * the CPU mean we'll likely hook those out to driver-specific calls. However, | |
50 | * the DRI2 implementation wants to have at least allocate/mmap be generic. | |
51 | * | |
52 | * The goal was to have swap-backed object allocation managed through | |
53 | * struct file. However, file descriptors as handles to a struct file have | |
54 | * two major failings: | |
55 | * - Process limits prevent more than 1024 or so being used at a time by | |
56 | * default. | |
57 | * - Inability to allocate high fds will aggravate the X Server's select() | |
58 | * handling, and likely that of many GL client applications as well. | |
59 | * | |
60 | * This led to a plan of using our own integer IDs (called handles, following | |
61 | * DRM terminology) to mimic fds, and implement the fd syscalls we need as | |
62 | * ioctls. The objects themselves will still include the struct file so | |
63 | * that we can transition to fds if the required kernel infrastructure shows | |
64 | * up at a later date, and as our interface with shmfs for memory allocation. | |
65 | */ | |
66 | ||
a2c0a97b JB |
67 | /* |
68 | * We make up offsets for buffer objects so we can recognize them at | |
69 | * mmap time. | |
70 | */ | |
05269a3a JC |
71 | |
72 | /* pgoff in mmap is an unsigned long, so we need to make sure that | |
73 | * the faked up offset will fit | |
74 | */ | |
75 | ||
76 | #if BITS_PER_LONG == 64 | |
a2c0a97b JB |
77 | #define DRM_FILE_PAGE_OFFSET_START ((0xFFFFFFFFUL >> PAGE_SHIFT) + 1) |
78 | #define DRM_FILE_PAGE_OFFSET_SIZE ((0xFFFFFFFFUL >> PAGE_SHIFT) * 16) | |
05269a3a JC |
79 | #else |
80 | #define DRM_FILE_PAGE_OFFSET_START ((0xFFFFFFFUL >> PAGE_SHIFT) + 1) | |
81 | #define DRM_FILE_PAGE_OFFSET_SIZE ((0xFFFFFFFUL >> PAGE_SHIFT) * 16) | |
82 | #endif | |
a2c0a97b | 83 | |
673a394b EA |
84 | /** |
85 | * Initialize the GEM device fields | |
86 | */ | |
87 | ||
88 | int | |
89 | drm_gem_init(struct drm_device *dev) | |
90 | { | |
a2c0a97b JB |
91 | struct drm_gem_mm *mm; |
92 | ||
673a394b EA |
93 | spin_lock_init(&dev->object_name_lock); |
94 | idr_init(&dev->object_name_idr); | |
a2c0a97b | 95 | |
9a298b2a | 96 | mm = kzalloc(sizeof(struct drm_gem_mm), GFP_KERNEL); |
a2c0a97b JB |
97 | if (!mm) { |
98 | DRM_ERROR("out of memory\n"); | |
99 | return -ENOMEM; | |
100 | } | |
101 | ||
102 | dev->mm_private = mm; | |
103 | ||
4cb81ac2 | 104 | if (drm_ht_create(&mm->offset_hash, 12)) { |
9a298b2a | 105 | kfree(mm); |
a2c0a97b JB |
106 | return -ENOMEM; |
107 | } | |
108 | ||
109 | if (drm_mm_init(&mm->offset_manager, DRM_FILE_PAGE_OFFSET_START, | |
110 | DRM_FILE_PAGE_OFFSET_SIZE)) { | |
a2c0a97b | 111 | drm_ht_remove(&mm->offset_hash); |
9a298b2a | 112 | kfree(mm); |
a2c0a97b JB |
113 | return -ENOMEM; |
114 | } | |
115 | ||
673a394b EA |
116 | return 0; |
117 | } | |
118 | ||
a2c0a97b JB |
119 | void |
120 | drm_gem_destroy(struct drm_device *dev) | |
121 | { | |
122 | struct drm_gem_mm *mm = dev->mm_private; | |
123 | ||
124 | drm_mm_takedown(&mm->offset_manager); | |
125 | drm_ht_remove(&mm->offset_hash); | |
9a298b2a | 126 | kfree(mm); |
a2c0a97b JB |
127 | dev->mm_private = NULL; |
128 | } | |
129 | ||
1d397043 DV |
130 | /** |
131 | * Initialize an already allocate GEM object of the specified size with | |
132 | * shmfs backing store. | |
133 | */ | |
134 | int drm_gem_object_init(struct drm_device *dev, | |
135 | struct drm_gem_object *obj, size_t size) | |
136 | { | |
137 | BUG_ON((size & (PAGE_SIZE - 1)) != 0); | |
138 | ||
139 | obj->dev = dev; | |
140 | obj->filp = shmem_file_setup("drm mm object", size, VM_NORESERVE); | |
141 | if (IS_ERR(obj->filp)) | |
142 | return -ENOMEM; | |
143 | ||
144 | kref_init(&obj->refcount); | |
29d08b3e | 145 | atomic_set(&obj->handle_count, 0); |
1d397043 DV |
146 | obj->size = size; |
147 | ||
1d397043 DV |
148 | return 0; |
149 | } | |
150 | EXPORT_SYMBOL(drm_gem_object_init); | |
151 | ||
673a394b EA |
152 | /** |
153 | * Allocate a GEM object of the specified size with shmfs backing store | |
154 | */ | |
155 | struct drm_gem_object * | |
156 | drm_gem_object_alloc(struct drm_device *dev, size_t size) | |
157 | { | |
158 | struct drm_gem_object *obj; | |
159 | ||
b798b1fe | 160 | obj = kzalloc(sizeof(*obj), GFP_KERNEL); |
845792d9 JS |
161 | if (!obj) |
162 | goto free; | |
673a394b | 163 | |
1d397043 | 164 | if (drm_gem_object_init(dev, obj, size) != 0) |
845792d9 | 165 | goto free; |
673a394b | 166 | |
673a394b EA |
167 | if (dev->driver->gem_init_object != NULL && |
168 | dev->driver->gem_init_object(obj) != 0) { | |
845792d9 | 169 | goto fput; |
673a394b | 170 | } |
673a394b | 171 | return obj; |
845792d9 | 172 | fput: |
1d397043 | 173 | /* Object_init mangles the global counters - readjust them. */ |
845792d9 JS |
174 | fput(obj->filp); |
175 | free: | |
176 | kfree(obj); | |
177 | return NULL; | |
673a394b EA |
178 | } |
179 | EXPORT_SYMBOL(drm_gem_object_alloc); | |
180 | ||
181 | /** | |
182 | * Removes the mapping from handle to filp for this object. | |
183 | */ | |
ff72145b | 184 | int |
a1a2d1d3 | 185 | drm_gem_handle_delete(struct drm_file *filp, u32 handle) |
673a394b EA |
186 | { |
187 | struct drm_device *dev; | |
188 | struct drm_gem_object *obj; | |
189 | ||
190 | /* This is gross. The idr system doesn't let us try a delete and | |
191 | * return an error code. It just spews if you fail at deleting. | |
192 | * So, we have to grab a lock around finding the object and then | |
193 | * doing the delete on it and dropping the refcount, or the user | |
194 | * could race us to double-decrement the refcount and cause a | |
195 | * use-after-free later. Given the frequency of our handle lookups, | |
196 | * we may want to use ida for number allocation and a hash table | |
197 | * for the pointers, anyway. | |
198 | */ | |
199 | spin_lock(&filp->table_lock); | |
200 | ||
201 | /* Check if we currently have a reference on the object */ | |
202 | obj = idr_find(&filp->object_idr, handle); | |
203 | if (obj == NULL) { | |
204 | spin_unlock(&filp->table_lock); | |
205 | return -EINVAL; | |
206 | } | |
207 | dev = obj->dev; | |
208 | ||
209 | /* Release reference and decrement refcount. */ | |
210 | idr_remove(&filp->object_idr, handle); | |
211 | spin_unlock(&filp->table_lock); | |
212 | ||
bc9025bd | 213 | drm_gem_object_handle_unreference_unlocked(obj); |
673a394b EA |
214 | |
215 | return 0; | |
216 | } | |
ff72145b | 217 | EXPORT_SYMBOL(drm_gem_handle_delete); |
673a394b EA |
218 | |
219 | /** | |
220 | * Create a handle for this object. This adds a handle reference | |
221 | * to the object, which includes a regular reference count. Callers | |
222 | * will likely want to dereference the object afterwards. | |
223 | */ | |
224 | int | |
225 | drm_gem_handle_create(struct drm_file *file_priv, | |
226 | struct drm_gem_object *obj, | |
a1a2d1d3 | 227 | u32 *handlep) |
673a394b EA |
228 | { |
229 | int ret; | |
230 | ||
231 | /* | |
232 | * Get the user-visible handle using idr. | |
233 | */ | |
234 | again: | |
235 | /* ensure there is space available to allocate a handle */ | |
236 | if (idr_pre_get(&file_priv->object_idr, GFP_KERNEL) == 0) | |
237 | return -ENOMEM; | |
238 | ||
239 | /* do the allocation under our spinlock */ | |
240 | spin_lock(&file_priv->table_lock); | |
a1a2d1d3 | 241 | ret = idr_get_new_above(&file_priv->object_idr, obj, 1, (int *)handlep); |
673a394b EA |
242 | spin_unlock(&file_priv->table_lock); |
243 | if (ret == -EAGAIN) | |
244 | goto again; | |
245 | ||
246 | if (ret != 0) | |
247 | return ret; | |
248 | ||
249 | drm_gem_object_handle_reference(obj); | |
250 | return 0; | |
251 | } | |
252 | EXPORT_SYMBOL(drm_gem_handle_create); | |
253 | ||
254 | /** Returns a reference to the object named by the handle. */ | |
255 | struct drm_gem_object * | |
256 | drm_gem_object_lookup(struct drm_device *dev, struct drm_file *filp, | |
a1a2d1d3 | 257 | u32 handle) |
673a394b EA |
258 | { |
259 | struct drm_gem_object *obj; | |
260 | ||
261 | spin_lock(&filp->table_lock); | |
262 | ||
263 | /* Check if we currently have a reference on the object */ | |
264 | obj = idr_find(&filp->object_idr, handle); | |
265 | if (obj == NULL) { | |
266 | spin_unlock(&filp->table_lock); | |
267 | return NULL; | |
268 | } | |
269 | ||
270 | drm_gem_object_reference(obj); | |
271 | ||
272 | spin_unlock(&filp->table_lock); | |
273 | ||
274 | return obj; | |
275 | } | |
276 | EXPORT_SYMBOL(drm_gem_object_lookup); | |
277 | ||
278 | /** | |
279 | * Releases the handle to an mm object. | |
280 | */ | |
281 | int | |
282 | drm_gem_close_ioctl(struct drm_device *dev, void *data, | |
283 | struct drm_file *file_priv) | |
284 | { | |
285 | struct drm_gem_close *args = data; | |
286 | int ret; | |
287 | ||
288 | if (!(dev->driver->driver_features & DRIVER_GEM)) | |
289 | return -ENODEV; | |
290 | ||
291 | ret = drm_gem_handle_delete(file_priv, args->handle); | |
292 | ||
293 | return ret; | |
294 | } | |
295 | ||
296 | /** | |
297 | * Create a global name for an object, returning the name. | |
298 | * | |
299 | * Note that the name does not hold a reference; when the object | |
300 | * is freed, the name goes away. | |
301 | */ | |
302 | int | |
303 | drm_gem_flink_ioctl(struct drm_device *dev, void *data, | |
304 | struct drm_file *file_priv) | |
305 | { | |
306 | struct drm_gem_flink *args = data; | |
307 | struct drm_gem_object *obj; | |
308 | int ret; | |
309 | ||
310 | if (!(dev->driver->driver_features & DRIVER_GEM)) | |
311 | return -ENODEV; | |
312 | ||
313 | obj = drm_gem_object_lookup(dev, file_priv, args->handle); | |
314 | if (obj == NULL) | |
bf79cb91 | 315 | return -ENOENT; |
673a394b EA |
316 | |
317 | again: | |
3e49c4f4 CW |
318 | if (idr_pre_get(&dev->object_name_idr, GFP_KERNEL) == 0) { |
319 | ret = -ENOMEM; | |
320 | goto err; | |
321 | } | |
673a394b EA |
322 | |
323 | spin_lock(&dev->object_name_lock); | |
8d59bae5 CW |
324 | if (!obj->name) { |
325 | ret = idr_get_new_above(&dev->object_name_idr, obj, 1, | |
326 | &obj->name); | |
327 | args->name = (uint64_t) obj->name; | |
673a394b | 328 | spin_unlock(&dev->object_name_lock); |
673a394b | 329 | |
8d59bae5 CW |
330 | if (ret == -EAGAIN) |
331 | goto again; | |
673a394b | 332 | |
8d59bae5 CW |
333 | if (ret != 0) |
334 | goto err; | |
673a394b | 335 | |
8d59bae5 CW |
336 | /* Allocate a reference for the name table. */ |
337 | drm_gem_object_reference(obj); | |
338 | } else { | |
339 | args->name = (uint64_t) obj->name; | |
340 | spin_unlock(&dev->object_name_lock); | |
341 | ret = 0; | |
342 | } | |
3e49c4f4 CW |
343 | |
344 | err: | |
bc9025bd | 345 | drm_gem_object_unreference_unlocked(obj); |
3e49c4f4 | 346 | return ret; |
673a394b EA |
347 | } |
348 | ||
349 | /** | |
350 | * Open an object using the global name, returning a handle and the size. | |
351 | * | |
352 | * This handle (of course) holds a reference to the object, so the object | |
353 | * will not go away until the handle is deleted. | |
354 | */ | |
355 | int | |
356 | drm_gem_open_ioctl(struct drm_device *dev, void *data, | |
357 | struct drm_file *file_priv) | |
358 | { | |
359 | struct drm_gem_open *args = data; | |
360 | struct drm_gem_object *obj; | |
361 | int ret; | |
a1a2d1d3 | 362 | u32 handle; |
673a394b EA |
363 | |
364 | if (!(dev->driver->driver_features & DRIVER_GEM)) | |
365 | return -ENODEV; | |
366 | ||
367 | spin_lock(&dev->object_name_lock); | |
368 | obj = idr_find(&dev->object_name_idr, (int) args->name); | |
369 | if (obj) | |
370 | drm_gem_object_reference(obj); | |
371 | spin_unlock(&dev->object_name_lock); | |
372 | if (!obj) | |
373 | return -ENOENT; | |
374 | ||
375 | ret = drm_gem_handle_create(file_priv, obj, &handle); | |
bc9025bd | 376 | drm_gem_object_unreference_unlocked(obj); |
673a394b EA |
377 | if (ret) |
378 | return ret; | |
379 | ||
380 | args->handle = handle; | |
381 | args->size = obj->size; | |
382 | ||
383 | return 0; | |
384 | } | |
385 | ||
386 | /** | |
387 | * Called at device open time, sets up the structure for handling refcounting | |
388 | * of mm objects. | |
389 | */ | |
390 | void | |
391 | drm_gem_open(struct drm_device *dev, struct drm_file *file_private) | |
392 | { | |
393 | idr_init(&file_private->object_idr); | |
394 | spin_lock_init(&file_private->table_lock); | |
395 | } | |
396 | ||
397 | /** | |
398 | * Called at device close to release the file's | |
399 | * handle references on objects. | |
400 | */ | |
401 | static int | |
402 | drm_gem_object_release_handle(int id, void *ptr, void *data) | |
403 | { | |
404 | struct drm_gem_object *obj = ptr; | |
405 | ||
bc9025bd | 406 | drm_gem_object_handle_unreference_unlocked(obj); |
673a394b EA |
407 | |
408 | return 0; | |
409 | } | |
410 | ||
411 | /** | |
412 | * Called at close time when the filp is going away. | |
413 | * | |
414 | * Releases any remaining references on objects by this filp. | |
415 | */ | |
416 | void | |
417 | drm_gem_release(struct drm_device *dev, struct drm_file *file_private) | |
418 | { | |
673a394b EA |
419 | idr_for_each(&file_private->object_idr, |
420 | &drm_gem_object_release_handle, NULL); | |
421 | ||
ddd3d069 | 422 | idr_remove_all(&file_private->object_idr); |
673a394b | 423 | idr_destroy(&file_private->object_idr); |
673a394b EA |
424 | } |
425 | ||
fd632aa3 DV |
426 | void |
427 | drm_gem_object_release(struct drm_gem_object *obj) | |
c3ae90c0 | 428 | { |
c3ae90c0 | 429 | fput(obj->filp); |
c3ae90c0 | 430 | } |
fd632aa3 | 431 | EXPORT_SYMBOL(drm_gem_object_release); |
c3ae90c0 | 432 | |
673a394b EA |
433 | /** |
434 | * Called after the last reference to the object has been lost. | |
c3ae90c0 | 435 | * Must be called holding struct_ mutex |
673a394b EA |
436 | * |
437 | * Frees the object | |
438 | */ | |
439 | void | |
440 | drm_gem_object_free(struct kref *kref) | |
441 | { | |
442 | struct drm_gem_object *obj = (struct drm_gem_object *) kref; | |
443 | struct drm_device *dev = obj->dev; | |
444 | ||
445 | BUG_ON(!mutex_is_locked(&dev->struct_mutex)); | |
446 | ||
447 | if (dev->driver->gem_free_object != NULL) | |
448 | dev->driver->gem_free_object(obj); | |
673a394b EA |
449 | } |
450 | EXPORT_SYMBOL(drm_gem_object_free); | |
451 | ||
c3ae90c0 LB |
452 | static void drm_gem_object_ref_bug(struct kref *list_kref) |
453 | { | |
454 | BUG(); | |
455 | } | |
456 | ||
673a394b EA |
457 | /** |
458 | * Called after the last handle to the object has been closed | |
459 | * | |
460 | * Removes any name for the object. Note that this must be | |
461 | * called before drm_gem_object_free or we'll be touching | |
462 | * freed memory | |
463 | */ | |
29d08b3e | 464 | void drm_gem_object_handle_free(struct drm_gem_object *obj) |
673a394b | 465 | { |
673a394b EA |
466 | struct drm_device *dev = obj->dev; |
467 | ||
468 | /* Remove any name for this object */ | |
469 | spin_lock(&dev->object_name_lock); | |
470 | if (obj->name) { | |
471 | idr_remove(&dev->object_name_idr, obj->name); | |
8d59bae5 | 472 | obj->name = 0; |
673a394b EA |
473 | spin_unlock(&dev->object_name_lock); |
474 | /* | |
475 | * The object name held a reference to this object, drop | |
476 | * that now. | |
c3ae90c0 LB |
477 | * |
478 | * This cannot be the last reference, since the handle holds one too. | |
673a394b | 479 | */ |
c3ae90c0 | 480 | kref_put(&obj->refcount, drm_gem_object_ref_bug); |
673a394b EA |
481 | } else |
482 | spin_unlock(&dev->object_name_lock); | |
483 | ||
484 | } | |
485 | EXPORT_SYMBOL(drm_gem_object_handle_free); | |
486 | ||
ab00b3e5 JB |
487 | void drm_gem_vm_open(struct vm_area_struct *vma) |
488 | { | |
489 | struct drm_gem_object *obj = vma->vm_private_data; | |
490 | ||
491 | drm_gem_object_reference(obj); | |
31dfbc93 CW |
492 | |
493 | mutex_lock(&obj->dev->struct_mutex); | |
494 | drm_vm_open_locked(vma); | |
495 | mutex_unlock(&obj->dev->struct_mutex); | |
ab00b3e5 JB |
496 | } |
497 | EXPORT_SYMBOL(drm_gem_vm_open); | |
498 | ||
499 | void drm_gem_vm_close(struct vm_area_struct *vma) | |
500 | { | |
501 | struct drm_gem_object *obj = vma->vm_private_data; | |
b74ad5ae | 502 | struct drm_device *dev = obj->dev; |
ab00b3e5 | 503 | |
b74ad5ae | 504 | mutex_lock(&dev->struct_mutex); |
31dfbc93 CW |
505 | drm_vm_close_locked(vma); |
506 | drm_gem_object_unreference(obj); | |
b74ad5ae | 507 | mutex_unlock(&dev->struct_mutex); |
ab00b3e5 JB |
508 | } |
509 | EXPORT_SYMBOL(drm_gem_vm_close); | |
510 | ||
511 | ||
a2c0a97b JB |
512 | /** |
513 | * drm_gem_mmap - memory map routine for GEM objects | |
514 | * @filp: DRM file pointer | |
515 | * @vma: VMA for the area to be mapped | |
516 | * | |
517 | * If a driver supports GEM object mapping, mmap calls on the DRM file | |
518 | * descriptor will end up here. | |
519 | * | |
520 | * If we find the object based on the offset passed in (vma->vm_pgoff will | |
521 | * contain the fake offset we created when the GTT map ioctl was called on | |
522 | * the object), we set up the driver fault handler so that any accesses | |
523 | * to the object can be trapped, to perform migration, GTT binding, surface | |
524 | * register allocation, or performance monitoring. | |
525 | */ | |
526 | int drm_gem_mmap(struct file *filp, struct vm_area_struct *vma) | |
527 | { | |
528 | struct drm_file *priv = filp->private_data; | |
529 | struct drm_device *dev = priv->minor->dev; | |
530 | struct drm_gem_mm *mm = dev->mm_private; | |
f77d390c | 531 | struct drm_local_map *map = NULL; |
a2c0a97b JB |
532 | struct drm_gem_object *obj; |
533 | struct drm_hash_item *hash; | |
a2c0a97b JB |
534 | int ret = 0; |
535 | ||
536 | mutex_lock(&dev->struct_mutex); | |
537 | ||
538 | if (drm_ht_find_item(&mm->offset_hash, vma->vm_pgoff, &hash)) { | |
539 | mutex_unlock(&dev->struct_mutex); | |
540 | return drm_mmap(filp, vma); | |
541 | } | |
542 | ||
543 | map = drm_hash_entry(hash, struct drm_map_list, hash)->map; | |
544 | if (!map || | |
545 | ((map->flags & _DRM_RESTRICTED) && !capable(CAP_SYS_ADMIN))) { | |
546 | ret = -EPERM; | |
547 | goto out_unlock; | |
548 | } | |
549 | ||
550 | /* Check for valid size. */ | |
551 | if (map->size < vma->vm_end - vma->vm_start) { | |
552 | ret = -EINVAL; | |
553 | goto out_unlock; | |
554 | } | |
555 | ||
556 | obj = map->handle; | |
557 | if (!obj->dev->driver->gem_vm_ops) { | |
558 | ret = -EINVAL; | |
559 | goto out_unlock; | |
560 | } | |
561 | ||
562 | vma->vm_flags |= VM_RESERVED | VM_IO | VM_PFNMAP | VM_DONTEXPAND; | |
563 | vma->vm_ops = obj->dev->driver->gem_vm_ops; | |
564 | vma->vm_private_data = map->handle; | |
79cc304f | 565 | vma->vm_page_prot = pgprot_writecombine(vm_get_page_prot(vma->vm_flags)); |
a2c0a97b | 566 | |
ab00b3e5 JB |
567 | /* Take a ref for this mapping of the object, so that the fault |
568 | * handler can dereference the mmap offset's pointer to the object. | |
569 | * This reference is cleaned up by the corresponding vm_close | |
570 | * (which should happen whether the vma was created by this call, or | |
571 | * by a vm_open due to mremap or partial unmap or whatever). | |
572 | */ | |
573 | drm_gem_object_reference(obj); | |
574 | ||
a2c0a97b JB |
575 | vma->vm_file = filp; /* Needed for drm_vm_open() */ |
576 | drm_vm_open_locked(vma); | |
577 | ||
578 | out_unlock: | |
579 | mutex_unlock(&dev->struct_mutex); | |
580 | ||
581 | return ret; | |
582 | } | |
583 | EXPORT_SYMBOL(drm_gem_mmap); |