mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
synced 2025-01-20 07:09:58 +00:00
a309c7194e
User resource lookups used rcu to avoid two extra atomics. Unfortunately
the rcu paths were buggy and it was easy to make the driver crash by
submitting command buffers from two different threads. Because the
lookups never show up in performance profiles replace them with a
regular spin lock which fixes the races in accesses to those shared
resources.
Fixes kernel oops'es in IGT's vmwgfx execution_buffer stress test and
seen crashes with apps using shared resources.
Fixes: e14c02e6b699 ("drm/vmwgfx: Look up objects without taking a reference")
Signed-off-by: Zack Rusin <zackr@vmware.com>
Reviewed-by: Martin Krastev <krastevm@vmware.com>
Reviewed-by: Maaz Mombasawala <mombasawalam@vmware.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20221207172907.959037-1-zack@kde.org
672 lines
17 KiB
C
672 lines
17 KiB
C
/* SPDX-License-Identifier: GPL-2.0 OR MIT */
|
|
/**************************************************************************
|
|
*
|
|
* Copyright (c) 2009-2022 VMware, Inc., Palo Alto, CA., USA
|
|
* All Rights Reserved.
|
|
*
|
|
* Permission is hereby granted, free of charge, to any person obtaining a
|
|
* copy of this software and associated documentation files (the
|
|
* "Software"), to deal in the Software without restriction, including
|
|
* without limitation the rights to use, copy, modify, merge, publish,
|
|
* distribute, sub license, and/or sell copies of the Software, and to
|
|
* permit persons to whom the Software is furnished to do so, subject to
|
|
* the following conditions:
|
|
*
|
|
* The above copyright notice and this permission notice (including the
|
|
* next paragraph) shall be included in all copies or substantial portions
|
|
* of the Software.
|
|
*
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
* FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL
|
|
* THE COPYRIGHT HOLDERS, AUTHORS AND/OR ITS SUPPLIERS BE LIABLE FOR ANY CLAIM,
|
|
* DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
|
|
* OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
|
|
* USE OR OTHER DEALINGS IN THE SOFTWARE.
|
|
*
|
|
**************************************************************************/
|
|
/*
|
|
* Authors: Thomas Hellstrom <thellstrom-at-vmware-dot-com>
|
|
*
|
|
* While no substantial code is shared, the prime code is inspired by
|
|
* drm_prime.c, with
|
|
* Authors:
|
|
* Dave Airlie <airlied@redhat.com>
|
|
* Rob Clark <rob.clark@linaro.org>
|
|
*/
|
|
/** @file ttm_ref_object.c
|
|
*
|
|
* Base- and reference object implementation for the various
|
|
* ttm objects. Implements reference counting, minimal security checks
|
|
* and release on file close.
|
|
*/
|
|
|
|
|
|
#define pr_fmt(fmt) "[TTM] " fmt
|
|
|
|
#include "ttm_object.h"
|
|
#include "vmwgfx_drv.h"
|
|
|
|
#include <linux/list.h>
|
|
#include <linux/spinlock.h>
|
|
#include <linux/slab.h>
|
|
#include <linux/atomic.h>
|
|
#include <linux/module.h>
|
|
#include <linux/hashtable.h>
|
|
|
|
MODULE_IMPORT_NS(DMA_BUF);
|
|
|
|
#define VMW_TTM_OBJECT_REF_HT_ORDER 10
|
|
|
|
/**
|
|
* struct ttm_object_file
|
|
*
|
|
* @tdev: Pointer to the ttm_object_device.
|
|
*
|
|
* @lock: Lock that protects the ref_list list and the
|
|
* ref_hash hash tables.
|
|
*
|
|
* @ref_list: List of ttm_ref_objects to be destroyed at
|
|
* file release.
|
|
*
|
|
* @ref_hash: Hash tables of ref objects, one per ttm_ref_type,
|
|
* for fast lookup of ref objects given a base object.
|
|
*
|
|
* @refcount: reference/usage count
|
|
*/
|
|
struct ttm_object_file {
|
|
struct ttm_object_device *tdev;
|
|
spinlock_t lock;
|
|
struct list_head ref_list;
|
|
DECLARE_HASHTABLE(ref_hash, VMW_TTM_OBJECT_REF_HT_ORDER);
|
|
struct kref refcount;
|
|
};
|
|
|
|
/*
|
|
* struct ttm_object_device
|
|
*
|
|
* @object_lock: lock that protects idr.
|
|
*
|
|
* @object_count: Per device object count.
|
|
*
|
|
* This is the per-device data structure needed for ttm object management.
|
|
*/
|
|
|
|
struct ttm_object_device {
|
|
spinlock_t object_lock;
|
|
atomic_t object_count;
|
|
struct dma_buf_ops ops;
|
|
void (*dmabuf_release)(struct dma_buf *dma_buf);
|
|
struct idr idr;
|
|
};
|
|
|
|
/*
|
|
* struct ttm_ref_object
|
|
*
|
|
* @hash: Hash entry for the per-file object reference hash.
|
|
*
|
|
* @head: List entry for the per-file list of ref-objects.
|
|
*
|
|
* @kref: Ref count.
|
|
*
|
|
* @obj: Base object this ref object is referencing.
|
|
*
|
|
* @ref_type: Type of ref object.
|
|
*
|
|
* This is similar to an idr object, but it also has a hash table entry
|
|
* that allows lookup with a pointer to the referenced object as a key. In
|
|
* that way, one can easily detect whether a base object is referenced by
|
|
* a particular ttm_object_file. It also carries a ref count to avoid creating
|
|
* multiple ref objects if a ttm_object_file references the same base
|
|
* object more than once.
|
|
*/
|
|
|
|
struct ttm_ref_object {
|
|
struct rcu_head rcu_head;
|
|
struct vmwgfx_hash_item hash;
|
|
struct list_head head;
|
|
struct kref kref;
|
|
struct ttm_base_object *obj;
|
|
struct ttm_object_file *tfile;
|
|
};
|
|
|
|
static void ttm_prime_dmabuf_release(struct dma_buf *dma_buf);
|
|
|
|
static inline struct ttm_object_file *
|
|
ttm_object_file_ref(struct ttm_object_file *tfile)
|
|
{
|
|
kref_get(&tfile->refcount);
|
|
return tfile;
|
|
}
|
|
|
|
static int ttm_tfile_find_ref_rcu(struct ttm_object_file *tfile,
|
|
uint64_t key,
|
|
struct vmwgfx_hash_item **p_hash)
|
|
{
|
|
struct vmwgfx_hash_item *hash;
|
|
|
|
hash_for_each_possible_rcu(tfile->ref_hash, hash, head, key) {
|
|
if (hash->key == key) {
|
|
*p_hash = hash;
|
|
return 0;
|
|
}
|
|
}
|
|
return -EINVAL;
|
|
}
|
|
|
|
static int ttm_tfile_find_ref(struct ttm_object_file *tfile,
|
|
uint64_t key,
|
|
struct vmwgfx_hash_item **p_hash)
|
|
{
|
|
struct vmwgfx_hash_item *hash;
|
|
|
|
hash_for_each_possible(tfile->ref_hash, hash, head, key) {
|
|
if (hash->key == key) {
|
|
*p_hash = hash;
|
|
return 0;
|
|
}
|
|
}
|
|
return -EINVAL;
|
|
}
|
|
|
|
static void ttm_object_file_destroy(struct kref *kref)
|
|
{
|
|
struct ttm_object_file *tfile =
|
|
container_of(kref, struct ttm_object_file, refcount);
|
|
|
|
kfree(tfile);
|
|
}
|
|
|
|
|
|
static inline void ttm_object_file_unref(struct ttm_object_file **p_tfile)
|
|
{
|
|
struct ttm_object_file *tfile = *p_tfile;
|
|
|
|
*p_tfile = NULL;
|
|
kref_put(&tfile->refcount, ttm_object_file_destroy);
|
|
}
|
|
|
|
|
|
int ttm_base_object_init(struct ttm_object_file *tfile,
|
|
struct ttm_base_object *base,
|
|
bool shareable,
|
|
enum ttm_object_type object_type,
|
|
void (*refcount_release) (struct ttm_base_object **))
|
|
{
|
|
struct ttm_object_device *tdev = tfile->tdev;
|
|
int ret;
|
|
|
|
base->shareable = shareable;
|
|
base->tfile = ttm_object_file_ref(tfile);
|
|
base->refcount_release = refcount_release;
|
|
base->object_type = object_type;
|
|
kref_init(&base->refcount);
|
|
idr_preload(GFP_KERNEL);
|
|
spin_lock(&tdev->object_lock);
|
|
ret = idr_alloc(&tdev->idr, base, 1, 0, GFP_NOWAIT);
|
|
spin_unlock(&tdev->object_lock);
|
|
idr_preload_end();
|
|
if (ret < 0)
|
|
return ret;
|
|
|
|
base->handle = ret;
|
|
ret = ttm_ref_object_add(tfile, base, NULL, false);
|
|
if (unlikely(ret != 0))
|
|
goto out_err1;
|
|
|
|
ttm_base_object_unref(&base);
|
|
|
|
return 0;
|
|
out_err1:
|
|
spin_lock(&tdev->object_lock);
|
|
idr_remove(&tdev->idr, base->handle);
|
|
spin_unlock(&tdev->object_lock);
|
|
return ret;
|
|
}
|
|
|
|
static void ttm_release_base(struct kref *kref)
|
|
{
|
|
struct ttm_base_object *base =
|
|
container_of(kref, struct ttm_base_object, refcount);
|
|
struct ttm_object_device *tdev = base->tfile->tdev;
|
|
|
|
spin_lock(&tdev->object_lock);
|
|
idr_remove(&tdev->idr, base->handle);
|
|
spin_unlock(&tdev->object_lock);
|
|
|
|
/*
|
|
* Note: We don't use synchronize_rcu() here because it's far
|
|
* too slow. It's up to the user to free the object using
|
|
* call_rcu() or ttm_base_object_kfree().
|
|
*/
|
|
|
|
ttm_object_file_unref(&base->tfile);
|
|
if (base->refcount_release)
|
|
base->refcount_release(&base);
|
|
}
|
|
|
|
void ttm_base_object_unref(struct ttm_base_object **p_base)
|
|
{
|
|
struct ttm_base_object *base = *p_base;
|
|
|
|
*p_base = NULL;
|
|
|
|
kref_put(&base->refcount, ttm_release_base);
|
|
}
|
|
|
|
struct ttm_base_object *ttm_base_object_lookup(struct ttm_object_file *tfile,
|
|
uint64_t key)
|
|
{
|
|
struct ttm_base_object *base = NULL;
|
|
struct vmwgfx_hash_item *hash;
|
|
int ret;
|
|
|
|
spin_lock(&tfile->lock);
|
|
ret = ttm_tfile_find_ref(tfile, key, &hash);
|
|
|
|
if (likely(ret == 0)) {
|
|
base = hlist_entry(hash, struct ttm_ref_object, hash)->obj;
|
|
if (!kref_get_unless_zero(&base->refcount))
|
|
base = NULL;
|
|
}
|
|
spin_unlock(&tfile->lock);
|
|
|
|
|
|
return base;
|
|
}
|
|
|
|
struct ttm_base_object *
|
|
ttm_base_object_lookup_for_ref(struct ttm_object_device *tdev, uint64_t key)
|
|
{
|
|
struct ttm_base_object *base;
|
|
|
|
rcu_read_lock();
|
|
base = idr_find(&tdev->idr, key);
|
|
|
|
if (base && !kref_get_unless_zero(&base->refcount))
|
|
base = NULL;
|
|
rcu_read_unlock();
|
|
|
|
return base;
|
|
}
|
|
|
|
int ttm_ref_object_add(struct ttm_object_file *tfile,
|
|
struct ttm_base_object *base,
|
|
bool *existed,
|
|
bool require_existed)
|
|
{
|
|
struct ttm_ref_object *ref;
|
|
struct vmwgfx_hash_item *hash;
|
|
int ret = -EINVAL;
|
|
|
|
if (base->tfile != tfile && !base->shareable)
|
|
return -EPERM;
|
|
|
|
if (existed != NULL)
|
|
*existed = true;
|
|
|
|
while (ret == -EINVAL) {
|
|
rcu_read_lock();
|
|
ret = ttm_tfile_find_ref_rcu(tfile, base->handle, &hash);
|
|
|
|
if (ret == 0) {
|
|
ref = hlist_entry(hash, struct ttm_ref_object, hash);
|
|
if (kref_get_unless_zero(&ref->kref)) {
|
|
rcu_read_unlock();
|
|
break;
|
|
}
|
|
}
|
|
|
|
rcu_read_unlock();
|
|
if (require_existed)
|
|
return -EPERM;
|
|
|
|
ref = kmalloc(sizeof(*ref), GFP_KERNEL);
|
|
if (unlikely(ref == NULL)) {
|
|
return -ENOMEM;
|
|
}
|
|
|
|
ref->hash.key = base->handle;
|
|
ref->obj = base;
|
|
ref->tfile = tfile;
|
|
kref_init(&ref->kref);
|
|
|
|
spin_lock(&tfile->lock);
|
|
hash_add_rcu(tfile->ref_hash, &ref->hash.head, ref->hash.key);
|
|
ret = 0;
|
|
|
|
list_add_tail(&ref->head, &tfile->ref_list);
|
|
kref_get(&base->refcount);
|
|
spin_unlock(&tfile->lock);
|
|
if (existed != NULL)
|
|
*existed = false;
|
|
}
|
|
|
|
return ret;
|
|
}
|
|
|
|
static void __releases(tfile->lock) __acquires(tfile->lock)
|
|
ttm_ref_object_release(struct kref *kref)
|
|
{
|
|
struct ttm_ref_object *ref =
|
|
container_of(kref, struct ttm_ref_object, kref);
|
|
struct ttm_object_file *tfile = ref->tfile;
|
|
|
|
hash_del_rcu(&ref->hash.head);
|
|
list_del(&ref->head);
|
|
spin_unlock(&tfile->lock);
|
|
|
|
ttm_base_object_unref(&ref->obj);
|
|
kfree_rcu(ref, rcu_head);
|
|
spin_lock(&tfile->lock);
|
|
}
|
|
|
|
int ttm_ref_object_base_unref(struct ttm_object_file *tfile,
|
|
unsigned long key)
|
|
{
|
|
struct ttm_ref_object *ref;
|
|
struct vmwgfx_hash_item *hash;
|
|
int ret;
|
|
|
|
spin_lock(&tfile->lock);
|
|
ret = ttm_tfile_find_ref(tfile, key, &hash);
|
|
if (unlikely(ret != 0)) {
|
|
spin_unlock(&tfile->lock);
|
|
return -EINVAL;
|
|
}
|
|
ref = hlist_entry(hash, struct ttm_ref_object, hash);
|
|
kref_put(&ref->kref, ttm_ref_object_release);
|
|
spin_unlock(&tfile->lock);
|
|
return 0;
|
|
}
|
|
|
|
void ttm_object_file_release(struct ttm_object_file **p_tfile)
|
|
{
|
|
struct ttm_ref_object *ref;
|
|
struct list_head *list;
|
|
struct ttm_object_file *tfile = *p_tfile;
|
|
|
|
*p_tfile = NULL;
|
|
spin_lock(&tfile->lock);
|
|
|
|
/*
|
|
* Since we release the lock within the loop, we have to
|
|
* restart it from the beginning each time.
|
|
*/
|
|
|
|
while (!list_empty(&tfile->ref_list)) {
|
|
list = tfile->ref_list.next;
|
|
ref = list_entry(list, struct ttm_ref_object, head);
|
|
ttm_ref_object_release(&ref->kref);
|
|
}
|
|
|
|
spin_unlock(&tfile->lock);
|
|
|
|
ttm_object_file_unref(&tfile);
|
|
}
|
|
|
|
struct ttm_object_file *ttm_object_file_init(struct ttm_object_device *tdev)
|
|
{
|
|
struct ttm_object_file *tfile = kmalloc(sizeof(*tfile), GFP_KERNEL);
|
|
|
|
if (unlikely(tfile == NULL))
|
|
return NULL;
|
|
|
|
spin_lock_init(&tfile->lock);
|
|
tfile->tdev = tdev;
|
|
kref_init(&tfile->refcount);
|
|
INIT_LIST_HEAD(&tfile->ref_list);
|
|
|
|
hash_init(tfile->ref_hash);
|
|
|
|
return tfile;
|
|
}
|
|
|
|
struct ttm_object_device *
|
|
ttm_object_device_init(const struct dma_buf_ops *ops)
|
|
{
|
|
struct ttm_object_device *tdev = kmalloc(sizeof(*tdev), GFP_KERNEL);
|
|
|
|
if (unlikely(tdev == NULL))
|
|
return NULL;
|
|
|
|
spin_lock_init(&tdev->object_lock);
|
|
atomic_set(&tdev->object_count, 0);
|
|
|
|
/*
|
|
* Our base is at VMWGFX_NUM_MOB + 1 because we want to create
|
|
* a seperate namespace for GEM handles (which are
|
|
* 1..VMWGFX_NUM_MOB) and the surface handles. Some ioctl's
|
|
* can take either handle as an argument so we want to
|
|
* easily be able to tell whether the handle refers to a
|
|
* GEM buffer or a surface.
|
|
*/
|
|
idr_init_base(&tdev->idr, VMWGFX_NUM_MOB + 1);
|
|
tdev->ops = *ops;
|
|
tdev->dmabuf_release = tdev->ops.release;
|
|
tdev->ops.release = ttm_prime_dmabuf_release;
|
|
return tdev;
|
|
}
|
|
|
|
void ttm_object_device_release(struct ttm_object_device **p_tdev)
|
|
{
|
|
struct ttm_object_device *tdev = *p_tdev;
|
|
|
|
*p_tdev = NULL;
|
|
|
|
WARN_ON_ONCE(!idr_is_empty(&tdev->idr));
|
|
idr_destroy(&tdev->idr);
|
|
|
|
kfree(tdev);
|
|
}
|
|
|
|
/**
|
|
* get_dma_buf_unless_doomed - get a dma_buf reference if possible.
|
|
*
|
|
* @dmabuf: Non-refcounted pointer to a struct dma-buf.
|
|
*
|
|
* Obtain a file reference from a lookup structure that doesn't refcount
|
|
* the file, but synchronizes with its release method to make sure it has
|
|
* not been freed yet. See for example kref_get_unless_zero documentation.
|
|
* Returns true if refcounting succeeds, false otherwise.
|
|
*
|
|
* Nobody really wants this as a public API yet, so let it mature here
|
|
* for some time...
|
|
*/
|
|
static bool __must_check get_dma_buf_unless_doomed(struct dma_buf *dmabuf)
|
|
{
|
|
return atomic_long_inc_not_zero(&dmabuf->file->f_count) != 0L;
|
|
}
|
|
|
|
/**
|
|
* ttm_prime_refcount_release - refcount release method for a prime object.
|
|
*
|
|
* @p_base: Pointer to ttm_base_object pointer.
|
|
*
|
|
* This is a wrapper that calls the refcount_release founction of the
|
|
* underlying object. At the same time it cleans up the prime object.
|
|
* This function is called when all references to the base object we
|
|
* derive from are gone.
|
|
*/
|
|
static void ttm_prime_refcount_release(struct ttm_base_object **p_base)
|
|
{
|
|
struct ttm_base_object *base = *p_base;
|
|
struct ttm_prime_object *prime;
|
|
|
|
*p_base = NULL;
|
|
prime = container_of(base, struct ttm_prime_object, base);
|
|
BUG_ON(prime->dma_buf != NULL);
|
|
mutex_destroy(&prime->mutex);
|
|
if (prime->refcount_release)
|
|
prime->refcount_release(&base);
|
|
}
|
|
|
|
/**
|
|
* ttm_prime_dmabuf_release - Release method for the dma-bufs we export
|
|
*
|
|
* @dma_buf:
|
|
*
|
|
* This function first calls the dma_buf release method the driver
|
|
* provides. Then it cleans up our dma_buf pointer used for lookup,
|
|
* and finally releases the reference the dma_buf has on our base
|
|
* object.
|
|
*/
|
|
static void ttm_prime_dmabuf_release(struct dma_buf *dma_buf)
|
|
{
|
|
struct ttm_prime_object *prime =
|
|
(struct ttm_prime_object *) dma_buf->priv;
|
|
struct ttm_base_object *base = &prime->base;
|
|
struct ttm_object_device *tdev = base->tfile->tdev;
|
|
|
|
if (tdev->dmabuf_release)
|
|
tdev->dmabuf_release(dma_buf);
|
|
mutex_lock(&prime->mutex);
|
|
if (prime->dma_buf == dma_buf)
|
|
prime->dma_buf = NULL;
|
|
mutex_unlock(&prime->mutex);
|
|
ttm_base_object_unref(&base);
|
|
}
|
|
|
|
/**
|
|
* ttm_prime_fd_to_handle - Get a base object handle from a prime fd
|
|
*
|
|
* @tfile: A struct ttm_object_file identifying the caller.
|
|
* @fd: The prime / dmabuf fd.
|
|
* @handle: The returned handle.
|
|
*
|
|
* This function returns a handle to an object that previously exported
|
|
* a dma-buf. Note that we don't handle imports yet, because we simply
|
|
* have no consumers of that implementation.
|
|
*/
|
|
int ttm_prime_fd_to_handle(struct ttm_object_file *tfile,
|
|
int fd, u32 *handle)
|
|
{
|
|
struct ttm_object_device *tdev = tfile->tdev;
|
|
struct dma_buf *dma_buf;
|
|
struct ttm_prime_object *prime;
|
|
struct ttm_base_object *base;
|
|
int ret;
|
|
|
|
dma_buf = dma_buf_get(fd);
|
|
if (IS_ERR(dma_buf))
|
|
return PTR_ERR(dma_buf);
|
|
|
|
if (dma_buf->ops != &tdev->ops)
|
|
return -ENOSYS;
|
|
|
|
prime = (struct ttm_prime_object *) dma_buf->priv;
|
|
base = &prime->base;
|
|
*handle = base->handle;
|
|
ret = ttm_ref_object_add(tfile, base, NULL, false);
|
|
|
|
dma_buf_put(dma_buf);
|
|
|
|
return ret;
|
|
}
|
|
|
|
/**
|
|
* ttm_prime_handle_to_fd - Return a dma_buf fd from a ttm prime object
|
|
*
|
|
* @tfile: Struct ttm_object_file identifying the caller.
|
|
* @handle: Handle to the object we're exporting from.
|
|
* @flags: flags for dma-buf creation. We just pass them on.
|
|
* @prime_fd: The returned file descriptor.
|
|
*
|
|
*/
|
|
int ttm_prime_handle_to_fd(struct ttm_object_file *tfile,
|
|
uint32_t handle, uint32_t flags,
|
|
int *prime_fd)
|
|
{
|
|
struct ttm_object_device *tdev = tfile->tdev;
|
|
struct ttm_base_object *base;
|
|
struct dma_buf *dma_buf;
|
|
struct ttm_prime_object *prime;
|
|
int ret;
|
|
|
|
base = ttm_base_object_lookup(tfile, handle);
|
|
if (unlikely(base == NULL ||
|
|
base->object_type != ttm_prime_type)) {
|
|
ret = -ENOENT;
|
|
goto out_unref;
|
|
}
|
|
|
|
prime = container_of(base, struct ttm_prime_object, base);
|
|
if (unlikely(!base->shareable)) {
|
|
ret = -EPERM;
|
|
goto out_unref;
|
|
}
|
|
|
|
ret = mutex_lock_interruptible(&prime->mutex);
|
|
if (unlikely(ret != 0)) {
|
|
ret = -ERESTARTSYS;
|
|
goto out_unref;
|
|
}
|
|
|
|
dma_buf = prime->dma_buf;
|
|
if (!dma_buf || !get_dma_buf_unless_doomed(dma_buf)) {
|
|
DEFINE_DMA_BUF_EXPORT_INFO(exp_info);
|
|
exp_info.ops = &tdev->ops;
|
|
exp_info.size = prime->size;
|
|
exp_info.flags = flags;
|
|
exp_info.priv = prime;
|
|
|
|
/*
|
|
* Need to create a new dma_buf
|
|
*/
|
|
|
|
dma_buf = dma_buf_export(&exp_info);
|
|
if (IS_ERR(dma_buf)) {
|
|
ret = PTR_ERR(dma_buf);
|
|
mutex_unlock(&prime->mutex);
|
|
goto out_unref;
|
|
}
|
|
|
|
/*
|
|
* dma_buf has taken the base object reference
|
|
*/
|
|
base = NULL;
|
|
prime->dma_buf = dma_buf;
|
|
}
|
|
mutex_unlock(&prime->mutex);
|
|
|
|
ret = dma_buf_fd(dma_buf, flags);
|
|
if (ret >= 0) {
|
|
*prime_fd = ret;
|
|
ret = 0;
|
|
} else
|
|
dma_buf_put(dma_buf);
|
|
|
|
out_unref:
|
|
if (base)
|
|
ttm_base_object_unref(&base);
|
|
return ret;
|
|
}
|
|
|
|
/**
|
|
* ttm_prime_object_init - Initialize a ttm_prime_object
|
|
*
|
|
* @tfile: struct ttm_object_file identifying the caller
|
|
* @size: The size of the dma_bufs we export.
|
|
* @prime: The object to be initialized.
|
|
* @shareable: See ttm_base_object_init
|
|
* @type: See ttm_base_object_init
|
|
* @refcount_release: See ttm_base_object_init
|
|
*
|
|
* Initializes an object which is compatible with the drm_prime model
|
|
* for data sharing between processes and devices.
|
|
*/
|
|
int ttm_prime_object_init(struct ttm_object_file *tfile, size_t size,
|
|
struct ttm_prime_object *prime, bool shareable,
|
|
enum ttm_object_type type,
|
|
void (*refcount_release) (struct ttm_base_object **))
|
|
{
|
|
mutex_init(&prime->mutex);
|
|
prime->size = PAGE_ALIGN(size);
|
|
prime->real_type = type;
|
|
prime->dma_buf = NULL;
|
|
prime->refcount_release = refcount_release;
|
|
return ttm_base_object_init(tfile, &prime->base, shareable,
|
|
ttm_prime_type,
|
|
ttm_prime_refcount_release);
|
|
}
|