1 // SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note
2 /*
3 *
4 * (C) COPYRIGHT 2010-2023 ARM Limited. All rights reserved.
5 *
6 * This program is free software and is provided to you under the terms of the
7 * GNU General Public License version 2 as published by the Free Software
8 * Foundation, and any use by you of this program is subject to the terms
9 * of such GNU license.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, you can access it online at
18 * http://www.gnu.org/licenses/gpl-2.0.html.
19 *
20 */
21
22 /**
23 * DOC: Base kernel memory APIs, Linux implementation.
24 */
25
26 #include <linux/compat.h>
27 #include <linux/kernel.h>
28 #include <linux/bug.h>
29 #include <linux/mm.h>
30 #include <linux/mman.h>
31 #include <linux/fs.h>
32 #include <linux/version.h>
33 #include <linux/dma-mapping.h>
34 #include <linux/dma-buf.h>
35 #include <linux/shrinker.h>
36 #include <linux/cache.h>
37 #include <linux/memory_group_manager.h>
38 #include <linux/math64.h>
39 #include <linux/migrate.h>
40 #include <linux/version.h>
41 #include <mali_kbase.h>
42 #include <mali_kbase_mem_linux.h>
43 #include <tl/mali_kbase_tracepoints.h>
44 #include <uapi/gpu/arm/bifrost/mali_kbase_ioctl.h>
45 #include <mmu/mali_kbase_mmu.h>
46 #include <mali_kbase_caps.h>
47 #include <mali_kbase_trace_gpu_mem.h>
48 #include <mali_kbase_reset_gpu.h>
49
50 #if ((KERNEL_VERSION(5, 3, 0) <= LINUX_VERSION_CODE) || \
51 (KERNEL_VERSION(5, 0, 0) > LINUX_VERSION_CODE))
52 /* Enable workaround for ion for kernels prior to v5.0.0 and from v5.3.0
53 * onwards.
54 *
55 * For kernels prior to v4.12, workaround is needed as ion lacks the cache
56 * maintenance in begin_cpu_access and end_cpu_access methods.
57 *
58 * For kernels prior to v4.17.2, workaround is needed to avoid the potentially
59 * disruptive warnings which can come if begin_cpu_access and end_cpu_access
60 * methods are not called in pairs.
61 * Note that some long term maintenance kernel versions (e.g. 4.9.x, 4.14.x)
62 * only require this workaround on their earlier releases. However it is still
63 * safe to use it on such releases, and it simplifies the version check.
64 *
65 * For kernels later than v4.17.2, workaround is needed as ion can potentially
66 * end up calling dma_sync_sg_for_* for a dma-buf importer that hasn't mapped
67 * the attachment. This would result in a kernel panic as ion populates the
68 * dma_address when the attachment is mapped and kernel derives the physical
69 * address for cache maintenance from the dma_address.
70 * With some multi-threaded tests it has been seen that the same dma-buf memory
71 * gets imported twice on Mali DDK side and so the problem of sync happening
72 * with an importer having an unmapped attachment comes at the time of 2nd
73 * import. The same problem can if there is another importer of dma-buf
74 * memory.
75 *
76 * Workaround can be safely disabled for kernels between v5.0.0 and v5.2.2,
77 * as all the above stated issues are not there.
78 *
79 * dma_sync_sg_for_* calls will be made directly as a workaround using the
80 * Kbase's attachment to dma-buf that was previously mapped.
81 */
82 #define KBASE_MEM_ION_SYNC_WORKAROUND
83 #endif
84
85 #define IR_THRESHOLD_STEPS (256u)
86
87 #if MALI_USE_CSF
88 static int kbase_csf_cpu_mmap_user_reg_page(struct kbase_context *kctx, struct vm_area_struct *vma);
89 static int kbase_csf_cpu_mmap_user_io_pages(struct kbase_context *kctx, struct vm_area_struct *vma);
90 #endif
91
92 static int kbase_vmap_phy_pages(struct kbase_context *kctx, struct kbase_va_region *reg,
93 u64 offset_bytes, size_t size, struct kbase_vmap_struct *map,
94 kbase_vmap_flag vmap_flags);
95 static void kbase_vunmap_phy_pages(struct kbase_context *kctx,
96 struct kbase_vmap_struct *map);
97
98 static int kbase_tracking_page_setup(struct kbase_context *kctx, struct vm_area_struct *vma);
99
is_process_exiting(struct vm_area_struct * vma)100 static bool is_process_exiting(struct vm_area_struct *vma)
101 {
102 /* PF_EXITING flag can't be reliably used here for the detection
103 * of process exit, as 'mm_users' counter could still be non-zero
104 * when all threads of the process have exited. Later when the
105 * thread (which took a reference on the 'mm' of process that
106 * exited) drops it reference, the vm_ops->close method would be
107 * called for all the vmas (owned by 'mm' of process that exited)
108 * but the PF_EXITING flag may not be neccessarily set for the
109 * thread at that time.
110 */
111 if (atomic_read(&vma->vm_mm->mm_users))
112 return false;
113
114 return true;
115 }
116
117 /* Retrieve the associated region pointer if the GPU address corresponds to
118 * one of the event memory pages. The enclosing region, if found, shouldn't
119 * have been marked as free.
120 */
kbase_find_event_mem_region(struct kbase_context * kctx,u64 gpu_addr)121 static struct kbase_va_region *kbase_find_event_mem_region(
122 struct kbase_context *kctx, u64 gpu_addr)
123 {
124 #if MALI_USE_CSF
125 u64 gpu_pfn = gpu_addr >> PAGE_SHIFT;
126 struct kbase_va_region *reg;
127
128 lockdep_assert_held(&kctx->reg_lock);
129
130 list_for_each_entry(reg, &kctx->csf.event_pages_head, link) {
131 if ((reg->start_pfn <= gpu_pfn) &&
132 (gpu_pfn < (reg->start_pfn + reg->nr_pages))) {
133 if (WARN_ON(reg->flags & KBASE_REG_FREE))
134 return NULL;
135
136 if (WARN_ON(!(reg->flags & KBASE_REG_CSF_EVENT)))
137 return NULL;
138
139 return reg;
140 }
141 }
142 #endif
143
144 return NULL;
145 }
146
147 /**
148 * kbase_phy_alloc_mapping_init - Initialize the kernel side permanent mapping
149 * of the physical allocation belonging to a
150 * region
151 * @kctx: The kernel base context @reg belongs to.
152 * @reg: The region whose physical allocation is to be mapped
153 * @vsize: The size of the requested region, in pages
154 * @size: The size in pages initially committed to the region
155 *
156 * Return: 0 on success, otherwise an error code indicating failure
157 *
158 * Maps the physical allocation backing a non-free @reg, so it may be
159 * accessed directly from the kernel. This is only supported for physical
160 * allocations of type KBASE_MEM_TYPE_NATIVE, and will fail for other types of
161 * physical allocation.
162 *
163 * The mapping is stored directly in the allocation that backs @reg. The
164 * refcount is not incremented at this point. Instead, use of the mapping should
165 * be surrounded by kbase_phy_alloc_mapping_get() and
166 * kbase_phy_alloc_mapping_put() to ensure it does not disappear whilst the
167 * client is accessing it.
168 *
169 * Both cached and uncached regions are allowed, but any sync operations are the
170 * responsibility of the client using the permanent mapping.
171 *
172 * A number of checks are made to ensure that a region that needs a permanent
173 * mapping can actually be supported:
174 * - The region must be created as fully backed
175 * - The region must not be growable
176 *
177 * This function will fail if those checks are not satisfied.
178 *
179 * On success, the region will also be forced into a certain kind:
180 * - It will no longer be growable
181 */
kbase_phy_alloc_mapping_init(struct kbase_context * kctx,struct kbase_va_region * reg,size_t vsize,size_t size)182 static int kbase_phy_alloc_mapping_init(struct kbase_context *kctx,
183 struct kbase_va_region *reg, size_t vsize, size_t size)
184 {
185 size_t size_bytes = (size << PAGE_SHIFT);
186 struct kbase_vmap_struct *kern_mapping;
187 int err = 0;
188
189 /* Can only map in regions that are always fully committed
190 * Don't setup the mapping twice
191 * Only support KBASE_MEM_TYPE_NATIVE allocations
192 */
193 if (vsize != size || reg->cpu_alloc->permanent_map != NULL ||
194 reg->cpu_alloc->type != KBASE_MEM_TYPE_NATIVE)
195 return -EINVAL;
196
197 kern_mapping = kzalloc(sizeof(*kern_mapping), GFP_KERNEL);
198 if (!kern_mapping)
199 return -ENOMEM;
200
201 err = kbase_vmap_phy_pages(kctx, reg, 0u, size_bytes, kern_mapping,
202 KBASE_VMAP_FLAG_PERMANENT_MAP_ACCOUNTING);
203 if (err < 0)
204 goto vmap_fail;
205
206 /* No support for growing or shrinking mapped regions */
207 reg->flags &= ~KBASE_REG_GROWABLE;
208
209 reg->cpu_alloc->permanent_map = kern_mapping;
210
211 return 0;
212 vmap_fail:
213 kfree(kern_mapping);
214 return err;
215 }
216
kbase_phy_alloc_mapping_term(struct kbase_context * kctx,struct kbase_mem_phy_alloc * alloc)217 void kbase_phy_alloc_mapping_term(struct kbase_context *kctx,
218 struct kbase_mem_phy_alloc *alloc)
219 {
220 WARN_ON(!alloc->permanent_map);
221 kbase_vunmap_phy_pages(kctx, alloc->permanent_map);
222 kfree(alloc->permanent_map);
223
224 alloc->permanent_map = NULL;
225 }
226
kbase_phy_alloc_mapping_get(struct kbase_context * kctx,u64 gpu_addr,struct kbase_vmap_struct ** out_kern_mapping)227 void *kbase_phy_alloc_mapping_get(struct kbase_context *kctx,
228 u64 gpu_addr,
229 struct kbase_vmap_struct **out_kern_mapping)
230 {
231 struct kbase_va_region *reg;
232 void *kern_mem_ptr = NULL;
233 struct kbase_vmap_struct *kern_mapping;
234 u64 mapping_offset;
235
236 WARN_ON(!kctx);
237 WARN_ON(!out_kern_mapping);
238
239 kbase_gpu_vm_lock(kctx);
240
241 /* First do a quick lookup in the list of event memory regions */
242 reg = kbase_find_event_mem_region(kctx, gpu_addr);
243
244 if (!reg) {
245 reg = kbase_region_tracker_find_region_enclosing_address(
246 kctx, gpu_addr);
247 }
248
249 if (kbase_is_region_invalid_or_free(reg))
250 goto out_unlock;
251
252 kern_mapping = reg->cpu_alloc->permanent_map;
253 if (kern_mapping == NULL)
254 goto out_unlock;
255
256 mapping_offset = gpu_addr - (reg->start_pfn << PAGE_SHIFT);
257
258 /* Refcount the allocations to prevent them disappearing */
259 WARN_ON(reg->cpu_alloc != kern_mapping->cpu_alloc);
260 WARN_ON(reg->gpu_alloc != kern_mapping->gpu_alloc);
261 (void)kbase_mem_phy_alloc_get(kern_mapping->cpu_alloc);
262 (void)kbase_mem_phy_alloc_get(kern_mapping->gpu_alloc);
263
264 kern_mem_ptr = (void *)(uintptr_t)((uintptr_t)kern_mapping->addr + mapping_offset);
265 *out_kern_mapping = kern_mapping;
266 out_unlock:
267 kbase_gpu_vm_unlock(kctx);
268 return kern_mem_ptr;
269 }
270
kbase_phy_alloc_mapping_put(struct kbase_context * kctx,struct kbase_vmap_struct * kern_mapping)271 void kbase_phy_alloc_mapping_put(struct kbase_context *kctx,
272 struct kbase_vmap_struct *kern_mapping)
273 {
274 WARN_ON(!kctx);
275 WARN_ON(!kern_mapping);
276
277 WARN_ON(kctx != kern_mapping->cpu_alloc->imported.native.kctx);
278 WARN_ON(kern_mapping != kern_mapping->cpu_alloc->permanent_map);
279
280 kbase_mem_phy_alloc_put(kern_mapping->cpu_alloc);
281 kbase_mem_phy_alloc_put(kern_mapping->gpu_alloc);
282
283 /* kern_mapping and the gpu/cpu phy allocs backing it must not be used
284 * from now on
285 */
286 }
287
kbase_mem_alloc(struct kbase_context * kctx,u64 va_pages,u64 commit_pages,u64 extension,u64 * flags,u64 * gpu_va,enum kbase_caller_mmu_sync_info mmu_sync_info)288 struct kbase_va_region *kbase_mem_alloc(struct kbase_context *kctx, u64 va_pages, u64 commit_pages,
289 u64 extension, u64 *flags, u64 *gpu_va,
290 enum kbase_caller_mmu_sync_info mmu_sync_info)
291 {
292 int zone;
293 struct kbase_va_region *reg;
294 struct rb_root *rbtree;
295 struct device *dev;
296
297 KBASE_DEBUG_ASSERT(kctx);
298 KBASE_DEBUG_ASSERT(flags);
299 KBASE_DEBUG_ASSERT(gpu_va);
300
301 dev = kctx->kbdev->dev;
302 dev_dbg(dev,
303 "Allocating %lld va_pages, %lld commit_pages, %lld extension, 0x%llX flags\n",
304 va_pages, commit_pages, extension, *flags);
305
306 #if MALI_USE_CSF
307 if (!(*flags & BASE_MEM_FIXED))
308 *gpu_va = 0; /* return 0 on failure */
309 #else
310 if (!(*flags & BASE_MEM_FLAG_MAP_FIXED))
311 *gpu_va = 0; /* return 0 on failure */
312 #endif
313 else
314 dev_dbg(dev,
315 "Keeping requested GPU VA of 0x%llx\n",
316 (unsigned long long)*gpu_va);
317
318 if (!kbase_check_alloc_flags(*flags)) {
319 dev_warn(dev,
320 "%s called with bad flags (%llx)",
321 __func__,
322 (unsigned long long)*flags);
323 goto bad_flags;
324 }
325
326 #if IS_ENABLED(CONFIG_DEBUG_FS)
327 if (unlikely(kbase_ctx_flag(kctx, KCTX_INFINITE_CACHE))) {
328 /* Mask coherency flags if infinite cache is enabled to prevent
329 * the skipping of syncs from BASE side.
330 */
331 *flags &= ~(BASE_MEM_COHERENT_SYSTEM_REQUIRED |
332 BASE_MEM_COHERENT_SYSTEM);
333 }
334 #endif
335
336 if ((*flags & BASE_MEM_UNCACHED_GPU) != 0 &&
337 (*flags & BASE_MEM_COHERENT_SYSTEM_REQUIRED) != 0) {
338 /* Remove COHERENT_SYSTEM_REQUIRED flag if uncached GPU mapping is requested */
339 *flags &= ~BASE_MEM_COHERENT_SYSTEM_REQUIRED;
340 }
341 if ((*flags & BASE_MEM_COHERENT_SYSTEM_REQUIRED) != 0 &&
342 !kbase_device_is_cpu_coherent(kctx->kbdev)) {
343 dev_warn(dev, "%s call required coherent mem when unavailable",
344 __func__);
345 goto bad_flags;
346 }
347 if ((*flags & BASE_MEM_COHERENT_SYSTEM) != 0 &&
348 !kbase_device_is_cpu_coherent(kctx->kbdev)) {
349 /* Remove COHERENT_SYSTEM flag if coherent mem is unavailable */
350 *flags &= ~BASE_MEM_COHERENT_SYSTEM;
351 }
352
353 if (kbase_check_alloc_sizes(kctx, *flags, va_pages, commit_pages,
354 extension))
355 goto bad_sizes;
356
357 #ifdef CONFIG_MALI_MEMORY_FULLY_BACKED
358 /* Ensure that memory is fully physically-backed. */
359 if (*flags & BASE_MEM_GROW_ON_GPF)
360 commit_pages = va_pages;
361 #endif
362
363 /* find out which VA zone to use */
364 if (*flags & BASE_MEM_SAME_VA) {
365 rbtree = &kctx->reg_rbtree_same;
366 zone = KBASE_REG_ZONE_SAME_VA;
367 }
368 #if MALI_USE_CSF
369 /* fixed va_zone always exists */
370 else if (*flags & (BASE_MEM_FIXED | BASE_MEM_FIXABLE)) {
371 if (*flags & BASE_MEM_PROT_GPU_EX) {
372 rbtree = &kctx->reg_rbtree_exec_fixed;
373 zone = KBASE_REG_ZONE_EXEC_FIXED_VA;
374 } else {
375 rbtree = &kctx->reg_rbtree_fixed;
376 zone = KBASE_REG_ZONE_FIXED_VA;
377 }
378 }
379 #endif
380 else if ((*flags & BASE_MEM_PROT_GPU_EX) && kbase_has_exec_va_zone(kctx)) {
381 rbtree = &kctx->reg_rbtree_exec;
382 zone = KBASE_REG_ZONE_EXEC_VA;
383 } else {
384 rbtree = &kctx->reg_rbtree_custom;
385 zone = KBASE_REG_ZONE_CUSTOM_VA;
386 }
387
388 reg = kbase_alloc_free_region(kctx->kbdev, rbtree, PFN_DOWN(*gpu_va), va_pages, zone);
389
390 if (!reg) {
391 dev_err(dev, "Failed to allocate free region");
392 goto no_region;
393 }
394
395 if (kbase_update_region_flags(kctx, reg, *flags) != 0)
396 goto invalid_flags;
397
398 if (kbase_reg_prepare_native(reg, kctx,
399 kbase_mem_group_id_get(*flags)) != 0) {
400 dev_err(dev, "Failed to prepare region");
401 goto prepare_failed;
402 }
403
404 if (unlikely(reg->cpu_alloc != reg->gpu_alloc))
405 *flags |= BASE_MEM_KERNEL_SYNC;
406
407 /* make sure base knows if the memory is actually cached or not */
408 if (reg->flags & KBASE_REG_CPU_CACHED)
409 *flags |= BASE_MEM_CACHED_CPU;
410 else
411 *flags &= ~BASE_MEM_CACHED_CPU;
412
413 if (*flags & BASE_MEM_GROW_ON_GPF) {
414 unsigned int const ir_threshold = atomic_read(
415 &kctx->kbdev->memdev.ir_threshold);
416
417 reg->threshold_pages = ((va_pages * ir_threshold) +
418 (IR_THRESHOLD_STEPS / 2)) / IR_THRESHOLD_STEPS;
419 } else
420 reg->threshold_pages = 0;
421
422 if (*flags & BASE_MEM_GROW_ON_GPF) {
423 /* kbase_check_alloc_sizes() already checks extension is valid for
424 * assigning to reg->extension
425 */
426 reg->extension = extension;
427 #if !MALI_USE_CSF
428 } else if (*flags & BASE_MEM_TILER_ALIGN_TOP) {
429 reg->extension = extension;
430 #endif /* !MALI_USE_CSF */
431 } else {
432 reg->extension = 0;
433 }
434
435 if (kbase_alloc_phy_pages(reg, va_pages, commit_pages) != 0) {
436 dev_warn(dev, "Failed to allocate %lld pages (va_pages=%lld)",
437 (unsigned long long)commit_pages,
438 (unsigned long long)va_pages);
439 goto no_mem;
440 }
441 reg->initial_commit = commit_pages;
442
443 kbase_gpu_vm_lock(kctx);
444
445 if (reg->flags & KBASE_REG_PERMANENT_KERNEL_MAPPING) {
446 /* Permanent kernel mappings must happen as soon as
447 * reg->cpu_alloc->pages is ready. Currently this happens after
448 * kbase_alloc_phy_pages(). If we move that to setup pages
449 * earlier, also move this call too
450 */
451 int err = kbase_phy_alloc_mapping_init(kctx, reg, va_pages,
452 commit_pages);
453 if (err < 0) {
454 kbase_gpu_vm_unlock(kctx);
455 goto no_kern_mapping;
456 }
457 }
458
459 /* mmap needed to setup VA? */
460 if (*flags & BASE_MEM_SAME_VA) {
461 unsigned long cookie, cookie_nr;
462
463 /* Bind to a cookie */
464 if (bitmap_empty(kctx->cookies, BITS_PER_LONG)) {
465 dev_err(dev, "No cookies available for allocation!");
466 kbase_gpu_vm_unlock(kctx);
467 goto no_cookie;
468 }
469 /* return a cookie */
470 cookie_nr = find_first_bit(kctx->cookies, BITS_PER_LONG);
471 bitmap_clear(kctx->cookies, cookie_nr, 1);
472 BUG_ON(kctx->pending_regions[cookie_nr]);
473 kctx->pending_regions[cookie_nr] = reg;
474
475 /* relocate to correct base */
476 cookie = cookie_nr + PFN_DOWN(BASE_MEM_COOKIE_BASE);
477 cookie <<= PAGE_SHIFT;
478
479 *gpu_va = (u64) cookie;
480 } else /* we control the VA */ {
481 size_t align = 1;
482
483 if (kctx->kbdev->pagesize_2mb) {
484 /* If there's enough (> 33 bits) of GPU VA space, align to 2MB
485 * boundaries. The similar condition is used for mapping from
486 * the SAME_VA zone inside kbase_context_get_unmapped_area().
487 */
488 if (kctx->kbdev->gpu_props.mmu.va_bits > 33) {
489 if (va_pages >= (SZ_2M / SZ_4K))
490 align = (SZ_2M / SZ_4K);
491 }
492 if (*gpu_va)
493 align = 1;
494 #if !MALI_USE_CSF
495 if (reg->flags & KBASE_REG_TILER_ALIGN_TOP)
496 align = 1;
497 #endif /* !MALI_USE_CSF */
498 }
499 if (kbase_gpu_mmap(kctx, reg, *gpu_va, va_pages, align,
500 mmu_sync_info) != 0) {
501 dev_warn(dev, "Failed to map memory on GPU");
502 kbase_gpu_vm_unlock(kctx);
503 goto no_mmap;
504 }
505 /* return real GPU VA */
506 *gpu_va = reg->start_pfn << PAGE_SHIFT;
507 }
508
509 #if MALI_JIT_PRESSURE_LIMIT_BASE
510 if (*flags & BASEP_MEM_PERFORM_JIT_TRIM) {
511 kbase_jit_done_phys_increase(kctx, commit_pages);
512
513 mutex_lock(&kctx->jit_evict_lock);
514 WARN_ON(!list_empty(®->jit_node));
515 list_add(®->jit_node, &kctx->jit_active_head);
516 mutex_unlock(&kctx->jit_evict_lock);
517 }
518 #endif /* MALI_JIT_PRESSURE_LIMIT_BASE */
519
520 kbase_gpu_vm_unlock(kctx);
521
522 #if MALI_USE_CSF
523 if (*flags & BASE_MEM_FIXABLE)
524 atomic64_inc(&kctx->num_fixable_allocs);
525 else if (*flags & BASE_MEM_FIXED)
526 atomic64_inc(&kctx->num_fixed_allocs);
527 #endif
528
529 return reg;
530
531 no_mmap:
532 no_cookie:
533 no_kern_mapping:
534 no_mem:
535 #if MALI_JIT_PRESSURE_LIMIT_BASE
536 if (*flags & BASEP_MEM_PERFORM_JIT_TRIM) {
537 kbase_gpu_vm_lock(kctx);
538 kbase_jit_done_phys_increase(kctx, commit_pages);
539 kbase_gpu_vm_unlock(kctx);
540 }
541 #endif /* MALI_JIT_PRESSURE_LIMIT_BASE */
542 kbase_mem_phy_alloc_put(reg->cpu_alloc);
543 kbase_mem_phy_alloc_put(reg->gpu_alloc);
544 invalid_flags:
545 prepare_failed:
546 kfree(reg);
547 no_region:
548 bad_sizes:
549 bad_flags:
550 return NULL;
551 }
552 KBASE_EXPORT_TEST_API(kbase_mem_alloc);
553
kbase_mem_query(struct kbase_context * kctx,u64 gpu_addr,u64 query,u64 * const out)554 int kbase_mem_query(struct kbase_context *kctx,
555 u64 gpu_addr, u64 query, u64 * const out)
556 {
557 struct kbase_va_region *reg;
558 int ret = -EINVAL;
559
560 KBASE_DEBUG_ASSERT(kctx);
561 KBASE_DEBUG_ASSERT(out);
562
563 if (gpu_addr & ~PAGE_MASK) {
564 dev_warn(kctx->kbdev->dev, "mem_query: gpu_addr: passed parameter is invalid");
565 return -EINVAL;
566 }
567
568 kbase_gpu_vm_lock(kctx);
569
570 /* Validate the region */
571 reg = kbase_region_tracker_find_region_base_address(kctx, gpu_addr);
572 if (kbase_is_region_invalid_or_free(reg))
573 goto out_unlock;
574
575 switch (query) {
576 case KBASE_MEM_QUERY_COMMIT_SIZE:
577 if (reg->cpu_alloc->type != KBASE_MEM_TYPE_ALIAS) {
578 *out = kbase_reg_current_backed_size(reg);
579 } else {
580 size_t i;
581 struct kbase_aliased *aliased;
582 *out = 0;
583 aliased = reg->cpu_alloc->imported.alias.aliased;
584 for (i = 0; i < reg->cpu_alloc->imported.alias.nents; i++)
585 *out += aliased[i].length;
586 }
587 break;
588 case KBASE_MEM_QUERY_VA_SIZE:
589 *out = reg->nr_pages;
590 break;
591 case KBASE_MEM_QUERY_FLAGS:
592 {
593 *out = 0;
594 if (KBASE_REG_CPU_WR & reg->flags)
595 *out |= BASE_MEM_PROT_CPU_WR;
596 if (KBASE_REG_CPU_RD & reg->flags)
597 *out |= BASE_MEM_PROT_CPU_RD;
598 if (KBASE_REG_CPU_CACHED & reg->flags)
599 *out |= BASE_MEM_CACHED_CPU;
600 if (KBASE_REG_GPU_WR & reg->flags)
601 *out |= BASE_MEM_PROT_GPU_WR;
602 if (KBASE_REG_GPU_RD & reg->flags)
603 *out |= BASE_MEM_PROT_GPU_RD;
604 if (!(KBASE_REG_GPU_NX & reg->flags))
605 *out |= BASE_MEM_PROT_GPU_EX;
606 if (KBASE_REG_SHARE_BOTH & reg->flags)
607 *out |= BASE_MEM_COHERENT_SYSTEM;
608 if (KBASE_REG_SHARE_IN & reg->flags)
609 *out |= BASE_MEM_COHERENT_LOCAL;
610 if (mali_kbase_supports_mem_grow_on_gpf(kctx->api_version)) {
611 /* Prior to this version, this was known about by
612 * user-side but we did not return them. Returning
613 * it caused certain clients that were not expecting
614 * it to fail, so we omit it as a special-case for
615 * compatibility reasons
616 */
617 if (KBASE_REG_PF_GROW & reg->flags)
618 *out |= BASE_MEM_GROW_ON_GPF;
619 }
620 if (mali_kbase_supports_mem_protected(kctx->api_version)) {
621 /* Prior to this version, this was known about by
622 * user-side but we did not return them. Returning
623 * it caused certain clients that were not expecting
624 * it to fail, so we omit it as a special-case for
625 * compatibility reasons
626 */
627 if (KBASE_REG_PROTECTED & reg->flags)
628 *out |= BASE_MEM_PROTECTED;
629 }
630 #if !MALI_USE_CSF
631 if (KBASE_REG_TILER_ALIGN_TOP & reg->flags)
632 *out |= BASE_MEM_TILER_ALIGN_TOP;
633 #endif /* !MALI_USE_CSF */
634 if (!(KBASE_REG_GPU_CACHED & reg->flags))
635 *out |= BASE_MEM_UNCACHED_GPU;
636 #if MALI_USE_CSF
637 if (KBASE_REG_CSF_EVENT & reg->flags)
638 *out |= BASE_MEM_CSF_EVENT;
639 if (((KBASE_REG_ZONE_MASK & reg->flags) == KBASE_REG_ZONE_FIXED_VA) ||
640 ((KBASE_REG_ZONE_MASK & reg->flags) == KBASE_REG_ZONE_EXEC_FIXED_VA)) {
641 if (KBASE_REG_FIXED_ADDRESS & reg->flags)
642 *out |= BASE_MEM_FIXED;
643 else
644 *out |= BASE_MEM_FIXABLE;
645 }
646 #endif
647 if (KBASE_REG_GPU_VA_SAME_4GB_PAGE & reg->flags)
648 *out |= BASE_MEM_GPU_VA_SAME_4GB_PAGE;
649
650 *out |= kbase_mem_group_id_set(reg->cpu_alloc->group_id);
651
652 WARN(*out & ~BASE_MEM_FLAGS_QUERYABLE,
653 "BASE_MEM_FLAGS_QUERYABLE needs updating\n");
654 *out &= BASE_MEM_FLAGS_QUERYABLE;
655 break;
656 }
657 default:
658 *out = 0;
659 goto out_unlock;
660 }
661
662 ret = 0;
663
664 out_unlock:
665 kbase_gpu_vm_unlock(kctx);
666 return ret;
667 }
668
669 /**
670 * kbase_mem_evictable_reclaim_count_objects - Count number of pages in the
671 * Ephemeral memory eviction list.
672 * @s: Shrinker
673 * @sc: Shrinker control
674 *
675 * Return: Number of pages which can be freed or SHRINK_EMPTY if no page remains.
676 */
677 static
kbase_mem_evictable_reclaim_count_objects(struct shrinker * s,struct shrink_control * sc)678 unsigned long kbase_mem_evictable_reclaim_count_objects(struct shrinker *s,
679 struct shrink_control *sc)
680 {
681 struct kbase_context *kctx = container_of(s, struct kbase_context, reclaim);
682 int evict_nents = atomic_read(&kctx->evict_nents);
683 unsigned long nr_freeable_items;
684
685 WARN((sc->gfp_mask & __GFP_ATOMIC),
686 "Shrinkers cannot be called for GFP_ATOMIC allocations. Check kernel mm for problems. gfp_mask==%x\n",
687 sc->gfp_mask);
688 WARN(in_atomic(),
689 "Shrinker called in atomic context. The caller must use GFP_ATOMIC or similar, then Shrinkers must not be called. gfp_mask==%x\n",
690 sc->gfp_mask);
691
692 if (unlikely(evict_nents < 0)) {
693 dev_err(kctx->kbdev->dev, "invalid evict_nents(%d)", evict_nents);
694 nr_freeable_items = 0;
695 } else {
696 nr_freeable_items = evict_nents;
697 }
698
699 #if KERNEL_VERSION(4, 19, 0) <= LINUX_VERSION_CODE
700 if (nr_freeable_items == 0)
701 nr_freeable_items = SHRINK_EMPTY;
702 #endif
703
704 return nr_freeable_items;
705 }
706
707 /**
708 * kbase_mem_evictable_reclaim_scan_objects - Scan the Ephemeral memory eviction
709 * list for pages and try to reclaim them.
710 * @s: Shrinker
711 * @sc: Shrinker control
712 *
713 * Return: Number of pages freed (can be less then requested) or
714 * SHRINK_STOP if reclaim isn't possible.
715 *
716 * Note:
717 * This function accesses region structures without taking the region lock,
718 * this is required as the OOM killer can call the shrinker after the region
719 * lock has already been held.
720 * This is safe as we can guarantee that a region on the eviction list will
721 * not be freed (kbase_mem_free_region removes the allocation from the list
722 * before destroying it), or modified by other parts of the driver.
723 * The eviction list itself is guarded by the eviction lock and the MMU updates
724 * are protected by their own lock.
725 */
726 static
kbase_mem_evictable_reclaim_scan_objects(struct shrinker * s,struct shrink_control * sc)727 unsigned long kbase_mem_evictable_reclaim_scan_objects(struct shrinker *s,
728 struct shrink_control *sc)
729 {
730 struct kbase_context *kctx;
731 struct kbase_mem_phy_alloc *alloc;
732 struct kbase_mem_phy_alloc *tmp;
733 unsigned long freed = 0;
734
735 kctx = container_of(s, struct kbase_context, reclaim);
736
737 mutex_lock(&kctx->jit_evict_lock);
738
739 list_for_each_entry_safe(alloc, tmp, &kctx->evict_list, evict_node) {
740 int err;
741
742 if (!alloc->reg)
743 continue;
744
745 err = kbase_mem_shrink_gpu_mapping(kctx, alloc->reg,
746 0, alloc->nents);
747
748 /* Failed to remove GPU mapping, proceed to next one. */
749 if (err != 0)
750 continue;
751
752 /*
753 * Update alloc->evicted before freeing the backing so the
754 * helper can determine that it needs to bypass the accounting
755 * and memory pool.
756 */
757 alloc->evicted = alloc->nents;
758
759 kbase_free_phy_pages_helper(alloc, alloc->evicted);
760 freed += alloc->evicted;
761 WARN_ON(atomic_sub_return(alloc->evicted, &kctx->evict_nents) < 0);
762 list_del_init(&alloc->evict_node);
763
764 /*
765 * Inform the JIT allocator this region has lost backing
766 * as it might need to free the allocation.
767 */
768 kbase_jit_backing_lost(alloc->reg);
769
770 /* Enough pages have been freed so stop now */
771 if (freed > sc->nr_to_scan)
772 break;
773 }
774
775 mutex_unlock(&kctx->jit_evict_lock);
776
777 return freed;
778 }
779
kbase_mem_evictable_init(struct kbase_context * kctx)780 int kbase_mem_evictable_init(struct kbase_context *kctx)
781 {
782 INIT_LIST_HEAD(&kctx->evict_list);
783 mutex_init(&kctx->jit_evict_lock);
784
785 atomic_set(&kctx->evict_nents, 0);
786
787 kctx->reclaim.count_objects = kbase_mem_evictable_reclaim_count_objects;
788 kctx->reclaim.scan_objects = kbase_mem_evictable_reclaim_scan_objects;
789 kctx->reclaim.seeks = DEFAULT_SEEKS;
790 /* Kernel versions prior to 3.1 :
791 * struct shrinker does not define batch
792 */
793 kctx->reclaim.batch = 0;
794 #if KERNEL_VERSION(6, 0, 0) > LINUX_VERSION_CODE
795 register_shrinker(&kctx->reclaim);
796 #else
797 register_shrinker(&kctx->reclaim, "mali-mem");
798 #endif
799 return 0;
800 }
801
kbase_mem_evictable_deinit(struct kbase_context * kctx)802 void kbase_mem_evictable_deinit(struct kbase_context *kctx)
803 {
804 unregister_shrinker(&kctx->reclaim);
805 }
806
807 /**
808 * kbase_mem_evictable_mark_reclaim - Mark the pages as reclaimable.
809 * @alloc: The physical allocation
810 */
kbase_mem_evictable_mark_reclaim(struct kbase_mem_phy_alloc * alloc)811 void kbase_mem_evictable_mark_reclaim(struct kbase_mem_phy_alloc *alloc)
812 {
813 struct kbase_context *kctx = alloc->imported.native.kctx;
814 struct kbase_device *kbdev = kctx->kbdev;
815 int __maybe_unused new_page_count;
816
817 kbase_process_page_usage_dec(kctx, alloc->nents);
818 new_page_count = atomic_sub_return(alloc->nents,
819 &kctx->used_pages);
820 atomic_sub(alloc->nents, &kctx->kbdev->memdev.used_pages);
821
822 KBASE_TLSTREAM_AUX_PAGESALLOC(
823 kbdev,
824 kctx->id,
825 (u64)new_page_count);
826 kbase_trace_gpu_mem_usage_dec(kbdev, kctx, alloc->nents);
827 }
828
829 /**
830 * kbase_mem_evictable_unmark_reclaim - Mark the pages as no longer reclaimable.
831 * @alloc: The physical allocation
832 */
833 static
kbase_mem_evictable_unmark_reclaim(struct kbase_mem_phy_alloc * alloc)834 void kbase_mem_evictable_unmark_reclaim(struct kbase_mem_phy_alloc *alloc)
835 {
836 struct kbase_context *kctx = alloc->imported.native.kctx;
837 struct kbase_device *kbdev = kctx->kbdev;
838 int __maybe_unused new_page_count;
839
840 new_page_count = atomic_add_return(alloc->nents,
841 &kctx->used_pages);
842 atomic_add(alloc->nents, &kctx->kbdev->memdev.used_pages);
843
844 /* Increase mm counters so that the allocation is accounted for
845 * against the process and thus is visible to the OOM killer,
846 */
847 kbase_process_page_usage_inc(kctx, alloc->nents);
848
849 KBASE_TLSTREAM_AUX_PAGESALLOC(
850 kbdev,
851 kctx->id,
852 (u64)new_page_count);
853 kbase_trace_gpu_mem_usage_inc(kbdev, kctx, alloc->nents);
854 }
855
kbase_mem_evictable_make(struct kbase_mem_phy_alloc * gpu_alloc)856 int kbase_mem_evictable_make(struct kbase_mem_phy_alloc *gpu_alloc)
857 {
858 struct kbase_context *kctx = gpu_alloc->imported.native.kctx;
859
860 lockdep_assert_held(&kctx->reg_lock);
861
862 /* Memory is in the process of transitioning to the shrinker, and
863 * should ignore migration attempts
864 */
865 kbase_mem_shrink_cpu_mapping(kctx, gpu_alloc->reg,
866 0, gpu_alloc->nents);
867
868 mutex_lock(&kctx->jit_evict_lock);
869 /* This allocation can't already be on a list. */
870 WARN_ON(!list_empty(&gpu_alloc->evict_node));
871
872 /* Add the allocation to the eviction list, after this point the shrink
873 * can reclaim it.
874 */
875 list_add(&gpu_alloc->evict_node, &kctx->evict_list);
876 atomic_add(gpu_alloc->nents, &kctx->evict_nents);
877
878 /* Indicate to page migration that the memory can be reclaimed by the shrinker.
879 */
880 if (kbase_page_migration_enabled)
881 kbase_set_phy_alloc_page_status(gpu_alloc, NOT_MOVABLE);
882
883 mutex_unlock(&kctx->jit_evict_lock);
884 kbase_mem_evictable_mark_reclaim(gpu_alloc);
885
886 gpu_alloc->reg->flags |= KBASE_REG_DONT_NEED;
887 return 0;
888 }
889
kbase_mem_evictable_unmake(struct kbase_mem_phy_alloc * gpu_alloc)890 bool kbase_mem_evictable_unmake(struct kbase_mem_phy_alloc *gpu_alloc)
891 {
892 struct kbase_context *kctx = gpu_alloc->imported.native.kctx;
893 int err = 0;
894
895 /* Calls to this function are inherently asynchronous, with respect to
896 * MMU operations.
897 */
898 const enum kbase_caller_mmu_sync_info mmu_sync_info = CALLER_MMU_ASYNC;
899
900 lockdep_assert_held(&kctx->reg_lock);
901
902 mutex_lock(&kctx->jit_evict_lock);
903 /*
904 * First remove the allocation from the eviction list as it's no
905 * longer eligible for eviction.
906 */
907 WARN_ON(atomic_sub_return(gpu_alloc->nents, &kctx->evict_nents) < 0);
908 list_del_init(&gpu_alloc->evict_node);
909 mutex_unlock(&kctx->jit_evict_lock);
910
911 if (gpu_alloc->evicted == 0) {
912 /*
913 * The backing is still present, update the VM stats as it's
914 * in use again.
915 */
916 kbase_mem_evictable_unmark_reclaim(gpu_alloc);
917 } else {
918 /* If the region is still alive ... */
919 if (gpu_alloc->reg) {
920 /* ... allocate replacement backing ... */
921 err = kbase_alloc_phy_pages_helper(gpu_alloc,
922 gpu_alloc->evicted);
923
924 /*
925 * ... and grow the mapping back to its
926 * pre-eviction size.
927 */
928 if (!err)
929 err = kbase_mem_grow_gpu_mapping(
930 kctx, gpu_alloc->reg,
931 gpu_alloc->evicted, 0, mmu_sync_info);
932
933 gpu_alloc->evicted = 0;
934
935 /* Since the allocation is no longer evictable, and we ensure that
936 * it grows back to its pre-eviction size, we will consider the
937 * state of it to be ALLOCATED_MAPPED, as that is the only state
938 * in which a physical allocation could transition to NOT_MOVABLE
939 * from.
940 */
941 if (kbase_page_migration_enabled)
942 kbase_set_phy_alloc_page_status(gpu_alloc, ALLOCATED_MAPPED);
943 }
944 }
945
946 /* If the region is still alive remove the DONT_NEED attribute. */
947 if (gpu_alloc->reg)
948 gpu_alloc->reg->flags &= ~KBASE_REG_DONT_NEED;
949
950 return (err == 0);
951 }
952
kbase_mem_flags_change(struct kbase_context * kctx,u64 gpu_addr,unsigned int flags,unsigned int mask)953 int kbase_mem_flags_change(struct kbase_context *kctx, u64 gpu_addr, unsigned int flags, unsigned int mask)
954 {
955 struct kbase_va_region *reg;
956 int ret = -EINVAL;
957 unsigned int real_flags = 0;
958 unsigned int new_flags = 0;
959 bool prev_needed, new_needed;
960
961 KBASE_DEBUG_ASSERT(kctx);
962
963 if (!gpu_addr)
964 return -EINVAL;
965
966 if ((gpu_addr & ~PAGE_MASK) && (gpu_addr >= PAGE_SIZE))
967 return -EINVAL;
968
969 /* nuke other bits */
970 flags &= mask;
971
972 /* check for only supported flags */
973 if (flags & ~(BASE_MEM_FLAGS_MODIFIABLE))
974 goto out;
975
976 /* mask covers bits we don't support? */
977 if (mask & ~(BASE_MEM_FLAGS_MODIFIABLE))
978 goto out;
979
980 /* convert flags */
981 if (BASE_MEM_COHERENT_SYSTEM & flags)
982 real_flags |= KBASE_REG_SHARE_BOTH;
983 else if (BASE_MEM_COHERENT_LOCAL & flags)
984 real_flags |= KBASE_REG_SHARE_IN;
985
986 /* now we can lock down the context, and find the region */
987 down_write(kbase_mem_get_process_mmap_lock());
988 kbase_gpu_vm_lock(kctx);
989
990 /* Validate the region */
991 reg = kbase_region_tracker_find_region_base_address(kctx, gpu_addr);
992 if (kbase_is_region_invalid_or_free(reg))
993 goto out_unlock;
994
995 /* There is no use case to support MEM_FLAGS_CHANGE ioctl for allocations
996 * that have NO_USER_FREE flag set, to mark them as evictable/reclaimable.
997 * This would usually include JIT allocations, Tiler heap related allocations
998 * & GPU queue ringbuffer and none of them needs to be explicitly marked
999 * as evictable by Userspace.
1000 */
1001 if (kbase_va_region_is_no_user_free(reg))
1002 goto out_unlock;
1003
1004 /* Is the region being transitioning between not needed and needed? */
1005 prev_needed = (KBASE_REG_DONT_NEED & reg->flags) == KBASE_REG_DONT_NEED;
1006 new_needed = (BASE_MEM_DONT_NEED & flags) == BASE_MEM_DONT_NEED;
1007 if (prev_needed != new_needed) {
1008 /* Aliased allocations can't be shrunk as the code doesn't
1009 * support looking up:
1010 * - all physical pages assigned to different GPU VAs
1011 * - CPU mappings for the physical pages at different vm_pgoff
1012 * (==GPU VA) locations.
1013 */
1014 if (atomic_read(®->cpu_alloc->gpu_mappings) > 1)
1015 goto out_unlock;
1016
1017 if (atomic_read(®->cpu_alloc->kernel_mappings) > 0)
1018 goto out_unlock;
1019
1020 if (new_needed) {
1021 /* Only native allocations can be marked not needed */
1022 if (reg->cpu_alloc->type != KBASE_MEM_TYPE_NATIVE) {
1023 ret = -EINVAL;
1024 goto out_unlock;
1025 }
1026 ret = kbase_mem_evictable_make(reg->gpu_alloc);
1027 if (ret)
1028 goto out_unlock;
1029 } else {
1030 kbase_mem_evictable_unmake(reg->gpu_alloc);
1031 }
1032 }
1033
1034 /* limit to imported memory */
1035 if (reg->gpu_alloc->type != KBASE_MEM_TYPE_IMPORTED_UMM)
1036 goto out_unlock;
1037
1038 /* shareability flags are ignored for GPU uncached memory */
1039 if (!(reg->flags & KBASE_REG_GPU_CACHED)) {
1040 ret = 0;
1041 goto out_unlock;
1042 }
1043
1044 /* no change? */
1045 if (real_flags == (reg->flags & (KBASE_REG_SHARE_IN | KBASE_REG_SHARE_BOTH))) {
1046 ret = 0;
1047 goto out_unlock;
1048 }
1049
1050 new_flags = reg->flags & ~(KBASE_REG_SHARE_IN | KBASE_REG_SHARE_BOTH);
1051 new_flags |= real_flags;
1052
1053 /* Currently supporting only imported memory */
1054 if (reg->gpu_alloc->type != KBASE_MEM_TYPE_IMPORTED_UMM) {
1055 ret = -EINVAL;
1056 goto out_unlock;
1057 }
1058
1059 if (IS_ENABLED(CONFIG_MALI_DMA_BUF_MAP_ON_DEMAND)) {
1060 /* Future use will use the new flags, existing mapping
1061 * will NOT be updated as memory should not be in use
1062 * by the GPU when updating the flags.
1063 */
1064 WARN_ON(reg->gpu_alloc->imported.umm.current_mapping_usage_count);
1065 ret = 0;
1066 } else if (reg->gpu_alloc->imported.umm.current_mapping_usage_count) {
1067 /*
1068 * When CONFIG_MALI_DMA_BUF_MAP_ON_DEMAND is not enabled the
1069 * dma-buf GPU mapping should always be present, check that
1070 * this is the case and warn and skip the page table update if
1071 * not.
1072 *
1073 * Then update dma-buf GPU mapping with the new flags.
1074 *
1075 * Note: The buffer must not be in use on the GPU when
1076 * changing flags. If the buffer is in active use on
1077 * the GPU, there is a risk that the GPU may trigger a
1078 * shareability fault, as it will see the same
1079 * addresses from buffer with different shareability
1080 * properties.
1081 */
1082 dev_dbg(kctx->kbdev->dev,
1083 "Updating page tables on mem flag change\n");
1084 ret = kbase_mmu_update_pages(kctx, reg->start_pfn,
1085 kbase_get_gpu_phy_pages(reg),
1086 kbase_reg_current_backed_size(reg),
1087 new_flags,
1088 reg->gpu_alloc->group_id);
1089 if (ret)
1090 dev_warn(kctx->kbdev->dev,
1091 "Failed to update GPU page tables on flag change: %d\n",
1092 ret);
1093 } else
1094 WARN_ON(!reg->gpu_alloc->imported.umm.current_mapping_usage_count);
1095
1096 /* If everything is good, then set the new flags on the region. */
1097 if (!ret)
1098 reg->flags = new_flags;
1099
1100 out_unlock:
1101 kbase_gpu_vm_unlock(kctx);
1102 up_write(kbase_mem_get_process_mmap_lock());
1103 out:
1104 return ret;
1105 }
1106
1107 #define KBASE_MEM_IMPORT_HAVE_PAGES (1UL << BASE_MEM_FLAGS_NR_BITS)
1108
kbase_mem_do_sync_imported(struct kbase_context * kctx,struct kbase_va_region * reg,enum kbase_sync_type sync_fn)1109 int kbase_mem_do_sync_imported(struct kbase_context *kctx,
1110 struct kbase_va_region *reg, enum kbase_sync_type sync_fn)
1111 {
1112 int ret = -EINVAL;
1113 struct dma_buf __maybe_unused *dma_buf;
1114 enum dma_data_direction dir = DMA_BIDIRECTIONAL;
1115
1116 lockdep_assert_held(&kctx->reg_lock);
1117
1118 /* We assume that the same physical allocation object is used for both
1119 * GPU and CPU for imported buffers.
1120 */
1121 WARN_ON(reg->cpu_alloc != reg->gpu_alloc);
1122
1123 /* Currently only handle dma-bufs */
1124 if (reg->gpu_alloc->type != KBASE_MEM_TYPE_IMPORTED_UMM)
1125 return ret;
1126 /*
1127 * Attempting to sync with CONFIG_MALI_DMA_BUF_MAP_ON_DEMAND
1128 * enabled can expose us to a Linux Kernel issue between v4.6 and
1129 * v4.19. We will not attempt to support cache syncs on dma-bufs that
1130 * are mapped on demand (i.e. not on import), even on pre-4.6, neither
1131 * on 4.20 or newer kernels, because this makes it difficult for
1132 * userspace to know when they can rely on the cache sync.
1133 * Instead, only support syncing when we always map dma-bufs on import,
1134 * or if the particular buffer is mapped right now.
1135 */
1136 if (IS_ENABLED(CONFIG_MALI_DMA_BUF_MAP_ON_DEMAND) &&
1137 !reg->gpu_alloc->imported.umm.current_mapping_usage_count)
1138 return ret;
1139
1140 dma_buf = reg->gpu_alloc->imported.umm.dma_buf;
1141
1142 switch (sync_fn) {
1143 case KBASE_SYNC_TO_DEVICE:
1144 dev_dbg(kctx->kbdev->dev,
1145 "Syncing imported buffer at GPU VA %llx to GPU\n",
1146 reg->start_pfn);
1147 #ifdef KBASE_MEM_ION_SYNC_WORKAROUND
1148 if (!WARN_ON(!reg->gpu_alloc->imported.umm.dma_attachment)) {
1149 struct dma_buf_attachment *attachment = reg->gpu_alloc->imported.umm.dma_attachment;
1150 struct sg_table *sgt = reg->gpu_alloc->imported.umm.sgt;
1151
1152 dma_sync_sg_for_device(attachment->dev, sgt->sgl,
1153 sgt->nents, dir);
1154 ret = 0;
1155 }
1156 #else
1157 ret = dma_buf_end_cpu_access(dma_buf, dir);
1158 #endif /* KBASE_MEM_ION_SYNC_WORKAROUND */
1159 break;
1160 case KBASE_SYNC_TO_CPU:
1161 dev_dbg(kctx->kbdev->dev,
1162 "Syncing imported buffer at GPU VA %llx to CPU\n",
1163 reg->start_pfn);
1164 #ifdef KBASE_MEM_ION_SYNC_WORKAROUND
1165 if (!WARN_ON(!reg->gpu_alloc->imported.umm.dma_attachment)) {
1166 struct dma_buf_attachment *attachment = reg->gpu_alloc->imported.umm.dma_attachment;
1167 struct sg_table *sgt = reg->gpu_alloc->imported.umm.sgt;
1168
1169 dma_sync_sg_for_cpu(attachment->dev, sgt->sgl,
1170 sgt->nents, dir);
1171 ret = 0;
1172 }
1173 #else
1174 ret = dma_buf_begin_cpu_access(dma_buf, dir);
1175 #endif /* KBASE_MEM_ION_SYNC_WORKAROUND */
1176 break;
1177 }
1178
1179 if (unlikely(ret))
1180 dev_warn(kctx->kbdev->dev,
1181 "Failed to sync mem region %pK at GPU VA %llx: %d\n",
1182 reg, reg->start_pfn, ret);
1183
1184 return ret;
1185 }
1186
1187 /**
1188 * kbase_mem_umm_unmap_attachment - Unmap dma-buf attachment
1189 * @kctx: Pointer to kbase context
1190 * @alloc: Pointer to allocation with imported dma-buf memory to unmap
1191 *
1192 * This will unmap a dma-buf. Must be called after the GPU page tables for the
1193 * region have been torn down.
1194 */
kbase_mem_umm_unmap_attachment(struct kbase_context * kctx,struct kbase_mem_phy_alloc * alloc)1195 static void kbase_mem_umm_unmap_attachment(struct kbase_context *kctx,
1196 struct kbase_mem_phy_alloc *alloc)
1197 {
1198 struct tagged_addr *pa = alloc->pages;
1199
1200 dma_buf_unmap_attachment(alloc->imported.umm.dma_attachment,
1201 alloc->imported.umm.sgt, DMA_BIDIRECTIONAL);
1202 alloc->imported.umm.sgt = NULL;
1203
1204 kbase_remove_dma_buf_usage(kctx, alloc);
1205
1206 memset(pa, 0xff, sizeof(*pa) * alloc->nents);
1207 alloc->nents = 0;
1208 }
1209
1210 /* to replace sg_dma_len. */
1211 #define MALI_SG_DMA_LEN(sg) ((sg)->length)
1212
1213 /**
1214 * kbase_mem_umm_map_attachment - Prepare attached dma-buf for GPU mapping
1215 * @kctx: Pointer to kbase context
1216 * @reg: Pointer to region with imported dma-buf memory to map
1217 *
1218 * Map the dma-buf and prepare the page array with the tagged Mali physical
1219 * addresses for GPU mapping.
1220 *
1221 * Return: 0 on success, or negative error code
1222 */
kbase_mem_umm_map_attachment(struct kbase_context * kctx,struct kbase_va_region * reg)1223 static int kbase_mem_umm_map_attachment(struct kbase_context *kctx,
1224 struct kbase_va_region *reg)
1225 {
1226 struct sg_table *sgt;
1227 struct scatterlist *s;
1228 int i;
1229 struct tagged_addr *pa;
1230 int err;
1231 size_t count = 0;
1232 struct kbase_mem_phy_alloc *alloc = reg->gpu_alloc;
1233
1234 WARN_ON_ONCE(alloc->type != KBASE_MEM_TYPE_IMPORTED_UMM);
1235 WARN_ON_ONCE(alloc->imported.umm.sgt);
1236
1237 sgt = dma_buf_map_attachment(alloc->imported.umm.dma_attachment,
1238 DMA_BIDIRECTIONAL);
1239 if (IS_ERR_OR_NULL(sgt))
1240 return -EINVAL;
1241
1242 /* save for later */
1243 alloc->imported.umm.sgt = sgt;
1244
1245 pa = kbase_get_gpu_phy_pages(reg);
1246
1247 for_each_sg(sgt->sgl, s, sgt->nents, i) {
1248 size_t j, pages = PFN_UP(MALI_SG_DMA_LEN(s));
1249
1250 WARN_ONCE(MALI_SG_DMA_LEN(s) & (PAGE_SIZE-1),
1251 "MALI_SG_DMA_LEN(s)=%u is not a multiple of PAGE_SIZE\n",
1252 MALI_SG_DMA_LEN(s));
1253
1254 WARN_ONCE(sg_dma_address(s) & (PAGE_SIZE-1),
1255 "sg_dma_address(s)=%llx is not aligned to PAGE_SIZE\n",
1256 (unsigned long long) sg_dma_address(s));
1257
1258 for (j = 0; (j < pages) && (count < reg->nr_pages); j++, count++)
1259 *pa++ = as_tagged(sg_dma_address(s) +
1260 (j << PAGE_SHIFT));
1261 WARN_ONCE(j < pages,
1262 "sg list from dma_buf_map_attachment > dma_buf->size=%zu\n",
1263 alloc->imported.umm.dma_buf->size);
1264 }
1265
1266 if (!(reg->flags & KBASE_REG_IMPORT_PAD) &&
1267 WARN_ONCE(count < reg->nr_pages,
1268 "sg list from dma_buf_map_attachment < dma_buf->size=%zu\n",
1269 alloc->imported.umm.dma_buf->size)) {
1270 err = -EINVAL;
1271 goto err_unmap_attachment;
1272 }
1273
1274 /* Update nents as we now have pages to map */
1275 alloc->nents = count;
1276 kbase_add_dma_buf_usage(kctx, alloc);
1277
1278 return 0;
1279
1280 err_unmap_attachment:
1281 kbase_mem_umm_unmap_attachment(kctx, alloc);
1282
1283 return err;
1284 }
1285
kbase_mem_umm_map(struct kbase_context * kctx,struct kbase_va_region * reg)1286 int kbase_mem_umm_map(struct kbase_context *kctx,
1287 struct kbase_va_region *reg)
1288 {
1289 int err;
1290 struct kbase_mem_phy_alloc *alloc;
1291 unsigned long gwt_mask = ~0;
1292
1293 /* Calls to this function are inherently asynchronous, with respect to
1294 * MMU operations.
1295 */
1296 const enum kbase_caller_mmu_sync_info mmu_sync_info = CALLER_MMU_ASYNC;
1297
1298 lockdep_assert_held(&kctx->reg_lock);
1299
1300 alloc = reg->gpu_alloc;
1301
1302 alloc->imported.umm.current_mapping_usage_count++;
1303 if (alloc->imported.umm.current_mapping_usage_count != 1) {
1304 if (IS_ENABLED(CONFIG_MALI_DMA_BUF_LEGACY_COMPAT) ||
1305 alloc->imported.umm.need_sync) {
1306 if (!kbase_is_region_invalid_or_free(reg)) {
1307 err = kbase_mem_do_sync_imported(kctx, reg,
1308 KBASE_SYNC_TO_DEVICE);
1309 WARN_ON_ONCE(err);
1310 }
1311 }
1312 return 0;
1313 }
1314
1315 err = kbase_mem_umm_map_attachment(kctx, reg);
1316 if (err)
1317 goto bad_map_attachment;
1318
1319 #ifdef CONFIG_MALI_CINSTR_GWT
1320 if (kctx->gwt_enabled)
1321 gwt_mask = ~KBASE_REG_GPU_WR;
1322 #endif
1323
1324 err = kbase_mmu_insert_imported_pages(kctx->kbdev, &kctx->mmu, reg->start_pfn,
1325 kbase_get_gpu_phy_pages(reg),
1326 kbase_reg_current_backed_size(reg),
1327 reg->flags & gwt_mask, kctx->as_nr, alloc->group_id,
1328 mmu_sync_info, NULL);
1329 if (err)
1330 goto bad_insert;
1331
1332 if (reg->flags & KBASE_REG_IMPORT_PAD &&
1333 !WARN_ON(reg->nr_pages < alloc->nents)) {
1334 /* For padded imported dma-buf memory, map the dummy aliasing
1335 * page from the end of the dma-buf pages, to the end of the
1336 * region using a read only mapping.
1337 *
1338 * Assume alloc->nents is the number of actual pages in the
1339 * dma-buf memory.
1340 */
1341 err = kbase_mmu_insert_single_imported_page(
1342 kctx, reg->start_pfn + alloc->nents, kctx->aliasing_sink_page,
1343 reg->nr_pages - alloc->nents,
1344 (reg->flags | KBASE_REG_GPU_RD) & ~KBASE_REG_GPU_WR, KBASE_MEM_GROUP_SINK,
1345 mmu_sync_info);
1346 if (err)
1347 goto bad_pad_insert;
1348 }
1349
1350 return 0;
1351
1352 bad_pad_insert:
1353 kbase_mmu_teardown_pages(kctx->kbdev, &kctx->mmu, reg->start_pfn, alloc->pages,
1354 alloc->nents, alloc->nents, kctx->as_nr, true);
1355 bad_insert:
1356 kbase_mem_umm_unmap_attachment(kctx, alloc);
1357 bad_map_attachment:
1358 alloc->imported.umm.current_mapping_usage_count--;
1359
1360 return err;
1361 }
1362
kbase_mem_umm_unmap(struct kbase_context * kctx,struct kbase_va_region * reg,struct kbase_mem_phy_alloc * alloc)1363 void kbase_mem_umm_unmap(struct kbase_context *kctx,
1364 struct kbase_va_region *reg, struct kbase_mem_phy_alloc *alloc)
1365 {
1366 alloc->imported.umm.current_mapping_usage_count--;
1367 if (alloc->imported.umm.current_mapping_usage_count) {
1368 if (IS_ENABLED(CONFIG_MALI_DMA_BUF_LEGACY_COMPAT) ||
1369 alloc->imported.umm.need_sync) {
1370 if (!kbase_is_region_invalid_or_free(reg)) {
1371 int err = kbase_mem_do_sync_imported(kctx, reg,
1372 KBASE_SYNC_TO_CPU);
1373 WARN_ON_ONCE(err);
1374 }
1375 }
1376 return;
1377 }
1378
1379 if (!kbase_is_region_invalid_or_free(reg) && reg->gpu_alloc == alloc) {
1380 int err;
1381
1382 err = kbase_mmu_teardown_pages(kctx->kbdev, &kctx->mmu, reg->start_pfn,
1383 alloc->pages, reg->nr_pages, reg->nr_pages,
1384 kctx->as_nr, true);
1385 WARN_ON(err);
1386 }
1387
1388 kbase_mem_umm_unmap_attachment(kctx, alloc);
1389 }
1390
get_umm_memory_group_id(struct kbase_context * kctx,struct dma_buf * dma_buf)1391 static int get_umm_memory_group_id(struct kbase_context *kctx,
1392 struct dma_buf *dma_buf)
1393 {
1394 int group_id = BASE_MEM_GROUP_DEFAULT;
1395
1396 if (kctx->kbdev->mgm_dev->ops.mgm_get_import_memory_id) {
1397 struct memory_group_manager_import_data mgm_import_data;
1398
1399 mgm_import_data.type =
1400 MEMORY_GROUP_MANAGER_IMPORT_TYPE_DMA_BUF;
1401 mgm_import_data.u.dma_buf = dma_buf;
1402
1403 group_id = kctx->kbdev->mgm_dev->ops.mgm_get_import_memory_id(
1404 kctx->kbdev->mgm_dev, &mgm_import_data);
1405 }
1406
1407 return group_id;
1408 }
1409
1410 /**
1411 * kbase_mem_from_umm - Import dma-buf memory into kctx
1412 * @kctx: Pointer to kbase context to import memory into
1413 * @fd: File descriptor of dma-buf to import
1414 * @va_pages: Pointer where virtual size of the region will be output
1415 * @flags: Pointer to memory flags
1416 * @padding: Number of read only padding pages to be inserted at the end of the
1417 * GPU mapping of the dma-buf
1418 *
1419 * Return: Pointer to new kbase_va_region object of the imported dma-buf, or
1420 * NULL on error.
1421 *
1422 * This function imports a dma-buf into kctx, and created a kbase_va_region
1423 * object that wraps the dma-buf.
1424 */
kbase_mem_from_umm(struct kbase_context * kctx,int fd,u64 * va_pages,u64 * flags,u32 padding)1425 static struct kbase_va_region *kbase_mem_from_umm(struct kbase_context *kctx,
1426 int fd, u64 *va_pages, u64 *flags, u32 padding)
1427 {
1428 struct kbase_va_region *reg;
1429 struct dma_buf *dma_buf;
1430 struct dma_buf_attachment *dma_attachment;
1431 bool shared_zone = false;
1432 bool need_sync = false;
1433 int group_id;
1434
1435 /* 64-bit address range is the max */
1436 if (*va_pages > (U64_MAX / PAGE_SIZE))
1437 return NULL;
1438
1439 dma_buf = dma_buf_get(fd);
1440 if (IS_ERR_OR_NULL(dma_buf))
1441 return NULL;
1442
1443 dma_attachment = dma_buf_attach(dma_buf, kctx->kbdev->dev);
1444 if (IS_ERR_OR_NULL(dma_attachment)) {
1445 dma_buf_put(dma_buf);
1446 return NULL;
1447 }
1448
1449 *va_pages = (PAGE_ALIGN(dma_buf->size) >> PAGE_SHIFT) + padding;
1450 if (!*va_pages) {
1451 dma_buf_detach(dma_buf, dma_attachment);
1452 dma_buf_put(dma_buf);
1453 return NULL;
1454 }
1455
1456 if (!kbase_import_size_is_valid(kctx->kbdev, *va_pages))
1457 return NULL;
1458
1459 /* ignore SAME_VA */
1460 *flags &= ~BASE_MEM_SAME_VA;
1461
1462 /*
1463 * Force CPU cached flag.
1464 *
1465 * We can't query the dma-buf exporter to get details about the CPU
1466 * cache attributes of CPU mappings, so we have to assume that the
1467 * buffer may be cached, and call into the exporter for cache
1468 * maintenance, and rely on the exporter to do the right thing when
1469 * handling our calls.
1470 */
1471 *flags |= BASE_MEM_CACHED_CPU;
1472
1473 if (*flags & BASE_MEM_IMPORT_SHARED)
1474 shared_zone = true;
1475
1476 if (*flags & BASE_MEM_IMPORT_SYNC_ON_MAP_UNMAP)
1477 need_sync = true;
1478
1479 if (!kbase_ctx_compat_mode(kctx)) {
1480 /*
1481 * 64-bit tasks require us to reserve VA on the CPU that we use
1482 * on the GPU.
1483 */
1484 shared_zone = true;
1485 }
1486
1487 if (shared_zone) {
1488 *flags |= BASE_MEM_NEED_MMAP;
1489 reg = kbase_alloc_free_region(kctx->kbdev, &kctx->reg_rbtree_same, 0, *va_pages,
1490 KBASE_REG_ZONE_SAME_VA);
1491 } else {
1492 reg = kbase_alloc_free_region(kctx->kbdev, &kctx->reg_rbtree_custom, 0, *va_pages,
1493 KBASE_REG_ZONE_CUSTOM_VA);
1494 }
1495
1496 if (!reg) {
1497 dma_buf_detach(dma_buf, dma_attachment);
1498 dma_buf_put(dma_buf);
1499 return NULL;
1500 }
1501
1502 group_id = get_umm_memory_group_id(kctx, dma_buf);
1503
1504 reg->gpu_alloc = kbase_alloc_create(kctx, *va_pages,
1505 KBASE_MEM_TYPE_IMPORTED_UMM, group_id);
1506 if (IS_ERR_OR_NULL(reg->gpu_alloc))
1507 goto no_alloc;
1508
1509 reg->cpu_alloc = kbase_mem_phy_alloc_get(reg->gpu_alloc);
1510
1511 if (kbase_update_region_flags(kctx, reg, *flags) != 0)
1512 goto error_out;
1513
1514 /* No pages to map yet */
1515 reg->gpu_alloc->nents = 0;
1516
1517 reg->flags &= ~KBASE_REG_FREE;
1518 reg->flags |= KBASE_REG_GPU_NX; /* UMM is always No eXecute */
1519 reg->flags &= ~KBASE_REG_GROWABLE; /* UMM cannot be grown */
1520
1521 if (*flags & BASE_MEM_PROTECTED)
1522 reg->flags |= KBASE_REG_PROTECTED;
1523
1524 if (padding)
1525 reg->flags |= KBASE_REG_IMPORT_PAD;
1526
1527 reg->gpu_alloc->type = KBASE_MEM_TYPE_IMPORTED_UMM;
1528 reg->gpu_alloc->imported.umm.sgt = NULL;
1529 reg->gpu_alloc->imported.umm.dma_buf = dma_buf;
1530 reg->gpu_alloc->imported.umm.dma_attachment = dma_attachment;
1531 reg->gpu_alloc->imported.umm.current_mapping_usage_count = 0;
1532 reg->gpu_alloc->imported.umm.need_sync = need_sync;
1533 reg->gpu_alloc->imported.umm.kctx = kctx;
1534 reg->extension = 0;
1535
1536 if (!IS_ENABLED(CONFIG_MALI_DMA_BUF_MAP_ON_DEMAND)) {
1537 int err;
1538
1539 reg->gpu_alloc->imported.umm.current_mapping_usage_count = 1;
1540
1541 err = kbase_mem_umm_map_attachment(kctx, reg);
1542 if (err) {
1543 dev_warn(kctx->kbdev->dev,
1544 "Failed to map dma-buf %pK on GPU: %d\n",
1545 dma_buf, err);
1546 goto error_out;
1547 }
1548
1549 *flags |= KBASE_MEM_IMPORT_HAVE_PAGES;
1550 }
1551
1552 return reg;
1553
1554 error_out:
1555 kbase_mem_phy_alloc_put(reg->gpu_alloc);
1556 kbase_mem_phy_alloc_put(reg->cpu_alloc);
1557 no_alloc:
1558 kfree(reg);
1559
1560 return NULL;
1561 }
1562
kbase_get_cache_line_alignment(struct kbase_device * kbdev)1563 u32 kbase_get_cache_line_alignment(struct kbase_device *kbdev)
1564 {
1565 u32 cpu_cache_line_size = cache_line_size();
1566 u32 gpu_cache_line_size =
1567 (1UL << kbdev->gpu_props.props.l2_props.log2_line_size);
1568
1569 return ((cpu_cache_line_size > gpu_cache_line_size) ?
1570 cpu_cache_line_size :
1571 gpu_cache_line_size);
1572 }
1573
kbase_mem_from_user_buffer(struct kbase_context * kctx,unsigned long address,unsigned long size,u64 * va_pages,u64 * flags)1574 static struct kbase_va_region *kbase_mem_from_user_buffer(
1575 struct kbase_context *kctx, unsigned long address,
1576 unsigned long size, u64 *va_pages, u64 *flags)
1577 {
1578 long i, dma_mapped_pages;
1579 struct kbase_va_region *reg;
1580 struct rb_root *rbtree;
1581 long faulted_pages;
1582 int zone = KBASE_REG_ZONE_CUSTOM_VA;
1583 bool shared_zone = false;
1584 u32 cache_line_alignment = kbase_get_cache_line_alignment(kctx->kbdev);
1585 struct kbase_alloc_import_user_buf *user_buf;
1586 struct page **pages = NULL;
1587 struct tagged_addr *pa;
1588 struct device *dev;
1589 int write;
1590
1591 /* Flag supported only for dma-buf imported memory */
1592 if (*flags & BASE_MEM_IMPORT_SYNC_ON_MAP_UNMAP)
1593 return NULL;
1594
1595 if ((address & (cache_line_alignment - 1)) != 0 ||
1596 (size & (cache_line_alignment - 1)) != 0) {
1597 if (*flags & BASE_MEM_UNCACHED_GPU) {
1598 dev_warn(kctx->kbdev->dev,
1599 "User buffer is not cache line aligned and marked as GPU uncached\n");
1600 goto bad_size;
1601 }
1602
1603 /* Coherency must be enabled to handle partial cache lines */
1604 if (*flags & (BASE_MEM_COHERENT_SYSTEM |
1605 BASE_MEM_COHERENT_SYSTEM_REQUIRED)) {
1606 /* Force coherent system required flag, import will
1607 * then fail if coherency isn't available
1608 */
1609 *flags |= BASE_MEM_COHERENT_SYSTEM_REQUIRED;
1610 } else {
1611 dev_warn(kctx->kbdev->dev,
1612 "User buffer is not cache line aligned and no coherency enabled\n");
1613 goto bad_size;
1614 }
1615 }
1616
1617 *va_pages = (PAGE_ALIGN(address + size) >> PAGE_SHIFT) -
1618 PFN_DOWN(address);
1619 if (!*va_pages)
1620 goto bad_size;
1621
1622 if (*va_pages > (UINT64_MAX / PAGE_SIZE))
1623 /* 64-bit address range is the max */
1624 goto bad_size;
1625
1626 if (!kbase_import_size_is_valid(kctx->kbdev, *va_pages))
1627 goto bad_size;
1628
1629 /* SAME_VA generally not supported with imported memory (no known use cases) */
1630 *flags &= ~BASE_MEM_SAME_VA;
1631
1632 if (*flags & BASE_MEM_IMPORT_SHARED)
1633 shared_zone = true;
1634
1635 if (!kbase_ctx_compat_mode(kctx)) {
1636 /*
1637 * 64-bit tasks require us to reserve VA on the CPU that we use
1638 * on the GPU.
1639 */
1640 shared_zone = true;
1641 }
1642
1643 if (shared_zone) {
1644 *flags |= BASE_MEM_NEED_MMAP;
1645 zone = KBASE_REG_ZONE_SAME_VA;
1646 rbtree = &kctx->reg_rbtree_same;
1647 } else
1648 rbtree = &kctx->reg_rbtree_custom;
1649
1650 reg = kbase_alloc_free_region(kctx->kbdev, rbtree, 0, *va_pages, zone);
1651
1652 if (!reg)
1653 goto no_region;
1654
1655 reg->gpu_alloc = kbase_alloc_create(
1656 kctx, *va_pages, KBASE_MEM_TYPE_IMPORTED_USER_BUF,
1657 BASE_MEM_GROUP_DEFAULT);
1658 if (IS_ERR_OR_NULL(reg->gpu_alloc))
1659 goto no_alloc_obj;
1660
1661 reg->cpu_alloc = kbase_mem_phy_alloc_get(reg->gpu_alloc);
1662
1663 if (kbase_update_region_flags(kctx, reg, *flags) != 0)
1664 goto invalid_flags;
1665
1666 reg->flags &= ~KBASE_REG_FREE;
1667 reg->flags |= KBASE_REG_GPU_NX; /* User-buffers are always No eXecute */
1668 reg->flags &= ~KBASE_REG_GROWABLE; /* Cannot be grown */
1669
1670 user_buf = ®->gpu_alloc->imported.user_buf;
1671
1672 user_buf->size = size;
1673 user_buf->address = address;
1674 user_buf->nr_pages = *va_pages;
1675 user_buf->mm = current->mm;
1676 kbase_mem_mmgrab();
1677 if (reg->gpu_alloc->properties & KBASE_MEM_PHY_ALLOC_LARGE)
1678 user_buf->pages = vmalloc(*va_pages * sizeof(struct page *));
1679 else
1680 user_buf->pages = kmalloc_array(*va_pages,
1681 sizeof(struct page *), GFP_KERNEL);
1682
1683 if (!user_buf->pages)
1684 goto no_page_array;
1685
1686 /* If the region is coherent with the CPU then the memory is imported
1687 * and mapped onto the GPU immediately.
1688 * Otherwise get_user_pages is called as a sanity check, but with
1689 * NULL as the pages argument which will fault the pages, but not
1690 * pin them. The memory will then be pinned only around the jobs that
1691 * specify the region as an external resource.
1692 */
1693 if (reg->flags & KBASE_REG_SHARE_BOTH) {
1694 pages = user_buf->pages;
1695 *flags |= KBASE_MEM_IMPORT_HAVE_PAGES;
1696 }
1697
1698 down_read(kbase_mem_get_process_mmap_lock());
1699
1700 write = reg->flags & (KBASE_REG_CPU_WR | KBASE_REG_GPU_WR);
1701
1702 #if KERNEL_VERSION(5, 9, 0) > LINUX_VERSION_CODE
1703 faulted_pages = get_user_pages(address, *va_pages,
1704 write ? FOLL_WRITE : 0, pages, NULL);
1705 #else
1706 /* pin_user_pages function cannot be called with pages param NULL.
1707 * get_user_pages function will be used instead because it is safe to be
1708 * used with NULL pages param as long as it doesn't have FOLL_GET flag.
1709 */
1710 if (pages != NULL) {
1711 faulted_pages =
1712 pin_user_pages(address, *va_pages, write ? FOLL_WRITE : 0, pages, NULL);
1713 } else {
1714 faulted_pages =
1715 get_user_pages(address, *va_pages, write ? FOLL_WRITE : 0, pages, NULL);
1716 }
1717 #endif
1718
1719 up_read(kbase_mem_get_process_mmap_lock());
1720
1721 if (faulted_pages != *va_pages)
1722 goto fault_mismatch;
1723
1724 reg->gpu_alloc->nents = 0;
1725 reg->extension = 0;
1726
1727 pa = kbase_get_gpu_phy_pages(reg);
1728 dev = kctx->kbdev->dev;
1729
1730 if (pages) {
1731 /* Top bit signifies that this was pinned on import */
1732 user_buf->current_mapping_usage_count |= PINNED_ON_IMPORT;
1733
1734 /* Manual CPU cache synchronization.
1735 *
1736 * The driver disables automatic CPU cache synchronization because the
1737 * memory pages that enclose the imported region may also contain
1738 * sub-regions which are not imported and that are allocated and used
1739 * by the user process. This may be the case of memory at the beginning
1740 * of the first page and at the end of the last page. Automatic CPU cache
1741 * synchronization would force some operations on those memory allocations,
1742 * unbeknown to the user process: in particular, a CPU cache invalidate
1743 * upon unmapping would destroy the content of dirty CPU caches and cause
1744 * the user process to lose CPU writes to the non-imported sub-regions.
1745 *
1746 * When the GPU claims ownership of the imported memory buffer, it shall
1747 * commit CPU writes for the whole of all pages that enclose the imported
1748 * region, otherwise the initial content of memory would be wrong.
1749 */
1750 for (i = 0; i < faulted_pages; i++) {
1751 dma_addr_t dma_addr;
1752 #if (KERNEL_VERSION(4, 10, 0) > LINUX_VERSION_CODE)
1753 dma_addr = dma_map_page(dev, pages[i], 0, PAGE_SIZE, DMA_BIDIRECTIONAL);
1754 #else
1755 dma_addr = dma_map_page_attrs(dev, pages[i], 0, PAGE_SIZE,
1756 DMA_BIDIRECTIONAL, DMA_ATTR_SKIP_CPU_SYNC);
1757 #endif
1758 if (dma_mapping_error(dev, dma_addr))
1759 goto unwind_dma_map;
1760
1761 user_buf->dma_addrs[i] = dma_addr;
1762 pa[i] = as_tagged(page_to_phys(pages[i]));
1763
1764 dma_sync_single_for_device(dev, dma_addr, PAGE_SIZE, DMA_BIDIRECTIONAL);
1765 }
1766
1767 reg->gpu_alloc->nents = faulted_pages;
1768 }
1769
1770 return reg;
1771
1772 unwind_dma_map:
1773 dma_mapped_pages = i;
1774 /* Run the unmap loop in the same order as map loop, and perform again
1775 * CPU cache synchronization to re-write the content of dirty CPU caches
1776 * to memory. This precautionary measure is kept here to keep this code
1777 * aligned with kbase_jd_user_buf_map() to allow for a potential refactor
1778 * in the future.
1779 */
1780 for (i = 0; i < dma_mapped_pages; i++) {
1781 dma_addr_t dma_addr = user_buf->dma_addrs[i];
1782
1783 dma_sync_single_for_device(dev, dma_addr, PAGE_SIZE, DMA_BIDIRECTIONAL);
1784 #if (KERNEL_VERSION(4, 10, 0) > LINUX_VERSION_CODE)
1785 dma_unmap_page(dev, dma_addr, PAGE_SIZE, DMA_BIDIRECTIONAL);
1786 #else
1787 dma_unmap_page_attrs(dev, dma_addr, PAGE_SIZE, DMA_BIDIRECTIONAL,
1788 DMA_ATTR_SKIP_CPU_SYNC);
1789 #endif
1790 }
1791 fault_mismatch:
1792 if (pages) {
1793 /* In this case, the region was not yet in the region tracker,
1794 * and so there are no CPU mappings to remove before we unpin
1795 * the page
1796 */
1797 for (i = 0; i < faulted_pages; i++)
1798 kbase_unpin_user_buf_page(pages[i]);
1799 }
1800 no_page_array:
1801 invalid_flags:
1802 kbase_mem_phy_alloc_put(reg->cpu_alloc);
1803 kbase_mem_phy_alloc_put(reg->gpu_alloc);
1804 no_alloc_obj:
1805 kfree(reg);
1806 no_region:
1807 bad_size:
1808 return NULL;
1809 }
1810
1811
kbase_mem_alias(struct kbase_context * kctx,u64 * flags,u64 stride,u64 nents,struct base_mem_aliasing_info * ai,u64 * num_pages)1812 u64 kbase_mem_alias(struct kbase_context *kctx, u64 *flags, u64 stride,
1813 u64 nents, struct base_mem_aliasing_info *ai,
1814 u64 *num_pages)
1815 {
1816 struct kbase_va_region *reg;
1817 u64 gpu_va;
1818 size_t i;
1819 bool coherent;
1820 uint64_t max_stride;
1821
1822 /* Calls to this function are inherently asynchronous, with respect to
1823 * MMU operations.
1824 */
1825 const enum kbase_caller_mmu_sync_info mmu_sync_info = CALLER_MMU_ASYNC;
1826
1827 KBASE_DEBUG_ASSERT(kctx);
1828 KBASE_DEBUG_ASSERT(flags);
1829 KBASE_DEBUG_ASSERT(ai);
1830 KBASE_DEBUG_ASSERT(num_pages);
1831
1832 /* mask to only allowed flags */
1833 *flags &= (BASE_MEM_PROT_GPU_RD | BASE_MEM_PROT_GPU_WR |
1834 BASE_MEM_COHERENT_SYSTEM | BASE_MEM_COHERENT_LOCAL |
1835 BASE_MEM_PROT_CPU_RD | BASE_MEM_COHERENT_SYSTEM_REQUIRED);
1836
1837 if (!(*flags & (BASE_MEM_PROT_GPU_RD | BASE_MEM_PROT_GPU_WR))) {
1838 dev_warn(kctx->kbdev->dev,
1839 "%s called with bad flags (%llx)",
1840 __func__,
1841 (unsigned long long)*flags);
1842 goto bad_flags;
1843 }
1844 coherent = (*flags & BASE_MEM_COHERENT_SYSTEM) != 0 ||
1845 (*flags & BASE_MEM_COHERENT_SYSTEM_REQUIRED) != 0;
1846
1847 if (!stride)
1848 goto bad_stride;
1849
1850 if (!nents)
1851 goto bad_nents;
1852
1853 max_stride = div64_u64(U64_MAX, nents);
1854
1855 if (stride > max_stride)
1856 goto bad_size;
1857
1858 if ((nents * stride) > (U64_MAX / PAGE_SIZE))
1859 /* 64-bit address range is the max */
1860 goto bad_size;
1861
1862 /* calculate the number of pages this alias will cover */
1863 *num_pages = nents * stride;
1864
1865 if (!kbase_alias_size_is_valid(kctx->kbdev, *num_pages))
1866 goto bad_size;
1867
1868 if (!kbase_ctx_compat_mode(kctx)) {
1869 /* 64-bit tasks must MMAP anyway, but not expose this address to
1870 * clients
1871 */
1872 *flags |= BASE_MEM_NEED_MMAP;
1873 reg = kbase_alloc_free_region(kctx->kbdev, &kctx->reg_rbtree_same, 0, *num_pages,
1874 KBASE_REG_ZONE_SAME_VA);
1875 } else {
1876 reg = kbase_alloc_free_region(kctx->kbdev, &kctx->reg_rbtree_custom, 0, *num_pages,
1877 KBASE_REG_ZONE_CUSTOM_VA);
1878 }
1879
1880 if (!reg)
1881 goto no_reg;
1882
1883 /* zero-sized page array, as we don't need one/can support one */
1884 reg->gpu_alloc = kbase_alloc_create(kctx, 0, KBASE_MEM_TYPE_ALIAS,
1885 BASE_MEM_GROUP_DEFAULT);
1886 if (IS_ERR_OR_NULL(reg->gpu_alloc))
1887 goto no_alloc_obj;
1888
1889 reg->cpu_alloc = kbase_mem_phy_alloc_get(reg->gpu_alloc);
1890
1891 if (kbase_update_region_flags(kctx, reg, *flags) != 0)
1892 goto invalid_flags;
1893
1894 reg->gpu_alloc->imported.alias.nents = nents;
1895 reg->gpu_alloc->imported.alias.stride = stride;
1896 reg->gpu_alloc->imported.alias.aliased = vzalloc(sizeof(*reg->gpu_alloc->imported.alias.aliased) * nents);
1897 if (!reg->gpu_alloc->imported.alias.aliased)
1898 goto no_aliased_array;
1899
1900 kbase_gpu_vm_lock(kctx);
1901
1902 /* validate and add src handles */
1903 for (i = 0; i < nents; i++) {
1904 if (ai[i].handle.basep.handle < BASE_MEM_FIRST_FREE_ADDRESS) {
1905 if (ai[i].handle.basep.handle !=
1906 BASEP_MEM_WRITE_ALLOC_PAGES_HANDLE)
1907 goto bad_handle; /* unsupported magic handle */
1908 if (!ai[i].length)
1909 goto bad_handle; /* must be > 0 */
1910 if (ai[i].length > stride)
1911 goto bad_handle; /* can't be larger than the
1912 * stride
1913 */
1914 reg->gpu_alloc->imported.alias.aliased[i].length = ai[i].length;
1915 } else {
1916 struct kbase_va_region *aliasing_reg;
1917 struct kbase_mem_phy_alloc *alloc;
1918
1919 aliasing_reg = kbase_region_tracker_find_region_base_address(
1920 kctx,
1921 (ai[i].handle.basep.handle >> PAGE_SHIFT) << PAGE_SHIFT);
1922
1923 /* validate found region */
1924 if (kbase_is_region_invalid_or_free(aliasing_reg))
1925 goto bad_handle; /* Not found/already free */
1926 if (kbase_is_region_shrinkable(aliasing_reg))
1927 goto bad_handle; /* Ephemeral region */
1928 if (kbase_va_region_is_no_user_free(aliasing_reg))
1929 goto bad_handle; /* JIT regions can't be
1930 * aliased. NO_USER_FREE flag
1931 * covers the entire lifetime
1932 * of JIT regions. The other
1933 * types of regions covered
1934 * by this flag also shall
1935 * not be aliased.
1936 */
1937 if (!(aliasing_reg->flags & KBASE_REG_GPU_CACHED))
1938 goto bad_handle; /* GPU uncached memory */
1939 if (!aliasing_reg->gpu_alloc)
1940 goto bad_handle; /* No alloc */
1941 if (aliasing_reg->gpu_alloc->type != KBASE_MEM_TYPE_NATIVE)
1942 goto bad_handle; /* Not a native alloc */
1943 if (coherent != ((aliasing_reg->flags & KBASE_REG_SHARE_BOTH) != 0))
1944 goto bad_handle; /* Non-coherent memory cannot
1945 * alias coherent memory, and
1946 * vice versa.
1947 */
1948
1949 /* check size against stride */
1950 if (!ai[i].length)
1951 goto bad_handle; /* must be > 0 */
1952 if (ai[i].length > stride)
1953 goto bad_handle; /* can't be larger than the
1954 * stride
1955 */
1956
1957 alloc = aliasing_reg->gpu_alloc;
1958
1959 /* check against the alloc's size */
1960 if (ai[i].offset > alloc->nents)
1961 goto bad_handle; /* beyond end */
1962 if (ai[i].offset + ai[i].length > alloc->nents)
1963 goto bad_handle; /* beyond end */
1964
1965 reg->gpu_alloc->imported.alias.aliased[i].alloc = kbase_mem_phy_alloc_get(alloc);
1966 reg->gpu_alloc->imported.alias.aliased[i].length = ai[i].length;
1967 reg->gpu_alloc->imported.alias.aliased[i].offset = ai[i].offset;
1968
1969 /* Ensure the underlying alloc is marked as being
1970 * mapped at >1 different GPU VA immediately, even
1971 * though mapping might not happen until later.
1972 *
1973 * Otherwise, we would (incorrectly) allow shrinking of
1974 * the source region (aliasing_reg) and so freeing the
1975 * physical pages (without freeing the entire alloc)
1976 * whilst we still hold an implicit reference on those
1977 * physical pages.
1978 */
1979 kbase_mem_phy_alloc_gpu_mapped(alloc);
1980 }
1981 }
1982
1983 if (!kbase_ctx_compat_mode(kctx)) {
1984 /* Bind to a cookie */
1985 if (bitmap_empty(kctx->cookies, BITS_PER_LONG)) {
1986 dev_err(kctx->kbdev->dev, "No cookies available for allocation!");
1987 goto no_cookie;
1988 }
1989 /* return a cookie */
1990 gpu_va = find_first_bit(kctx->cookies, BITS_PER_LONG);
1991 bitmap_clear(kctx->cookies, gpu_va, 1);
1992 BUG_ON(kctx->pending_regions[gpu_va]);
1993 kctx->pending_regions[gpu_va] = reg;
1994
1995 /* relocate to correct base */
1996 gpu_va += PFN_DOWN(BASE_MEM_COOKIE_BASE);
1997 gpu_va <<= PAGE_SHIFT;
1998 } else {
1999 /* we control the VA */
2000 if (kbase_gpu_mmap(kctx, reg, 0, *num_pages, 1,
2001 mmu_sync_info) != 0) {
2002 dev_warn(kctx->kbdev->dev, "Failed to map memory on GPU");
2003 goto no_mmap;
2004 }
2005 /* return real GPU VA */
2006 gpu_va = reg->start_pfn << PAGE_SHIFT;
2007 }
2008
2009 reg->flags &= ~KBASE_REG_FREE;
2010 reg->flags &= ~KBASE_REG_GROWABLE;
2011
2012 kbase_gpu_vm_unlock(kctx);
2013
2014 return gpu_va;
2015
2016 no_cookie:
2017 no_mmap:
2018 bad_handle:
2019 /* Marking the source allocs as not being mapped on the GPU and putting
2020 * them is handled by putting reg's allocs, so no rollback of those
2021 * actions is done here.
2022 */
2023 kbase_gpu_vm_unlock(kctx);
2024 no_aliased_array:
2025 invalid_flags:
2026 kbase_mem_phy_alloc_put(reg->cpu_alloc);
2027 kbase_mem_phy_alloc_put(reg->gpu_alloc);
2028 no_alloc_obj:
2029 kfree(reg);
2030 no_reg:
2031 bad_size:
2032 bad_nents:
2033 bad_stride:
2034 bad_flags:
2035 return 0;
2036 }
2037
kbase_mem_import(struct kbase_context * kctx,enum base_mem_import_type type,void __user * phandle,u32 padding,u64 * gpu_va,u64 * va_pages,u64 * flags)2038 int kbase_mem_import(struct kbase_context *kctx, enum base_mem_import_type type,
2039 void __user *phandle, u32 padding, u64 *gpu_va, u64 *va_pages,
2040 u64 *flags)
2041 {
2042 struct kbase_va_region *reg;
2043
2044 /* Calls to this function are inherently asynchronous, with respect to
2045 * MMU operations.
2046 */
2047 const enum kbase_caller_mmu_sync_info mmu_sync_info = CALLER_MMU_ASYNC;
2048
2049 KBASE_DEBUG_ASSERT(kctx);
2050 KBASE_DEBUG_ASSERT(gpu_va);
2051 KBASE_DEBUG_ASSERT(va_pages);
2052 KBASE_DEBUG_ASSERT(flags);
2053
2054 if ((!kbase_ctx_flag(kctx, KCTX_COMPAT)) &&
2055 kbase_ctx_flag(kctx, KCTX_FORCE_SAME_VA))
2056 *flags |= BASE_MEM_SAME_VA;
2057
2058 if (!kbase_check_import_flags(*flags)) {
2059 dev_warn(kctx->kbdev->dev,
2060 "%s called with bad flags (%llx)",
2061 __func__,
2062 (unsigned long long)*flags);
2063 goto bad_flags;
2064 }
2065
2066 if ((*flags & BASE_MEM_UNCACHED_GPU) != 0 &&
2067 (*flags & BASE_MEM_COHERENT_SYSTEM_REQUIRED) != 0) {
2068 /* Remove COHERENT_SYSTEM_REQUIRED flag if uncached GPU mapping is requested */
2069 *flags &= ~BASE_MEM_COHERENT_SYSTEM_REQUIRED;
2070 }
2071 if ((*flags & BASE_MEM_COHERENT_SYSTEM_REQUIRED) != 0 &&
2072 !kbase_device_is_cpu_coherent(kctx->kbdev)) {
2073 dev_warn(kctx->kbdev->dev,
2074 "%s call required coherent mem when unavailable",
2075 __func__);
2076 goto bad_flags;
2077 }
2078 if ((*flags & BASE_MEM_COHERENT_SYSTEM) != 0 &&
2079 !kbase_device_is_cpu_coherent(kctx->kbdev)) {
2080 /* Remove COHERENT_SYSTEM flag if coherent mem is unavailable */
2081 *flags &= ~BASE_MEM_COHERENT_SYSTEM;
2082 }
2083 if (((*flags & BASE_MEM_CACHED_CPU) == 0) && (type == BASE_MEM_IMPORT_TYPE_USER_BUFFER)) {
2084 dev_warn(kctx->kbdev->dev, "USER_BUFFER must be CPU cached");
2085 goto bad_flags;
2086 }
2087 if ((padding != 0) && (type != BASE_MEM_IMPORT_TYPE_UMM)) {
2088 dev_warn(kctx->kbdev->dev,
2089 "padding is only supported for UMM");
2090 goto bad_flags;
2091 }
2092
2093 switch (type) {
2094 case BASE_MEM_IMPORT_TYPE_UMM: {
2095 int fd;
2096
2097 if (get_user(fd, (int __user *)phandle))
2098 reg = NULL;
2099 else
2100 reg = kbase_mem_from_umm(kctx, fd, va_pages, flags,
2101 padding);
2102 }
2103 break;
2104 case BASE_MEM_IMPORT_TYPE_USER_BUFFER: {
2105 struct base_mem_import_user_buffer user_buffer;
2106 void __user *uptr;
2107
2108 if (copy_from_user(&user_buffer, phandle,
2109 sizeof(user_buffer))) {
2110 reg = NULL;
2111 } else {
2112 #if IS_ENABLED(CONFIG_COMPAT)
2113 if (kbase_ctx_flag(kctx, KCTX_COMPAT))
2114 uptr = compat_ptr(user_buffer.ptr);
2115 else
2116 #endif
2117 uptr = u64_to_user_ptr(user_buffer.ptr);
2118
2119 reg = kbase_mem_from_user_buffer(kctx,
2120 (unsigned long)uptr, user_buffer.length,
2121 va_pages, flags);
2122 }
2123 break;
2124 }
2125 default: {
2126 reg = NULL;
2127 break;
2128 }
2129 }
2130
2131 if (!reg)
2132 goto no_reg;
2133
2134 kbase_gpu_vm_lock(kctx);
2135
2136 /* mmap needed to setup VA? */
2137 if (*flags & (BASE_MEM_SAME_VA | BASE_MEM_NEED_MMAP)) {
2138 /* Bind to a cookie */
2139 if (bitmap_empty(kctx->cookies, BITS_PER_LONG))
2140 goto no_cookie;
2141 /* return a cookie */
2142 *gpu_va = find_first_bit(kctx->cookies, BITS_PER_LONG);
2143 bitmap_clear(kctx->cookies, *gpu_va, 1);
2144 BUG_ON(kctx->pending_regions[*gpu_va]);
2145 kctx->pending_regions[*gpu_va] = reg;
2146
2147 /* relocate to correct base */
2148 *gpu_va += PFN_DOWN(BASE_MEM_COOKIE_BASE);
2149 *gpu_va <<= PAGE_SHIFT;
2150
2151 } else if (*flags & KBASE_MEM_IMPORT_HAVE_PAGES) {
2152 /* we control the VA, mmap now to the GPU */
2153 if (kbase_gpu_mmap(kctx, reg, 0, *va_pages, 1, mmu_sync_info) !=
2154 0)
2155 goto no_gpu_va;
2156 /* return real GPU VA */
2157 *gpu_va = reg->start_pfn << PAGE_SHIFT;
2158 } else {
2159 /* we control the VA, but nothing to mmap yet */
2160 if (kbase_add_va_region(kctx, reg, 0, *va_pages, 1) != 0)
2161 goto no_gpu_va;
2162 /* return real GPU VA */
2163 *gpu_va = reg->start_pfn << PAGE_SHIFT;
2164 }
2165
2166 /* clear out private flags */
2167 *flags &= ((1UL << BASE_MEM_FLAGS_NR_BITS) - 1);
2168
2169 kbase_gpu_vm_unlock(kctx);
2170
2171 return 0;
2172
2173 no_gpu_va:
2174 no_cookie:
2175 kbase_gpu_vm_unlock(kctx);
2176 kbase_mem_phy_alloc_put(reg->cpu_alloc);
2177 kbase_mem_phy_alloc_put(reg->gpu_alloc);
2178 kfree(reg);
2179 no_reg:
2180 bad_flags:
2181 *gpu_va = 0;
2182 *va_pages = 0;
2183 *flags = 0;
2184 return -ENOMEM;
2185 }
2186
kbase_mem_grow_gpu_mapping(struct kbase_context * kctx,struct kbase_va_region * reg,u64 new_pages,u64 old_pages,enum kbase_caller_mmu_sync_info mmu_sync_info)2187 int kbase_mem_grow_gpu_mapping(struct kbase_context *kctx,
2188 struct kbase_va_region *reg, u64 new_pages,
2189 u64 old_pages,
2190 enum kbase_caller_mmu_sync_info mmu_sync_info)
2191 {
2192 struct tagged_addr *phy_pages;
2193 u64 delta = new_pages - old_pages;
2194 int ret = 0;
2195
2196 lockdep_assert_held(&kctx->reg_lock);
2197
2198 /* Map the new pages into the GPU */
2199 phy_pages = kbase_get_gpu_phy_pages(reg);
2200 ret = kbase_mmu_insert_pages(kctx->kbdev, &kctx->mmu, reg->start_pfn + old_pages,
2201 phy_pages + old_pages, delta, reg->flags, kctx->as_nr,
2202 reg->gpu_alloc->group_id, mmu_sync_info, reg, false);
2203
2204 return ret;
2205 }
2206
kbase_mem_shrink_cpu_mapping(struct kbase_context * kctx,struct kbase_va_region * reg,u64 new_pages,u64 old_pages)2207 void kbase_mem_shrink_cpu_mapping(struct kbase_context *kctx,
2208 struct kbase_va_region *reg,
2209 u64 new_pages, u64 old_pages)
2210 {
2211 u64 gpu_va_start = reg->start_pfn;
2212
2213 if (new_pages == old_pages)
2214 /* Nothing to do */
2215 return;
2216
2217 unmap_mapping_range(kctx->filp->f_inode->i_mapping,
2218 (gpu_va_start + new_pages)<<PAGE_SHIFT,
2219 (old_pages - new_pages)<<PAGE_SHIFT, 1);
2220 }
2221
kbase_mem_shrink_gpu_mapping(struct kbase_context * const kctx,struct kbase_va_region * const reg,u64 const new_pages,u64 const old_pages)2222 int kbase_mem_shrink_gpu_mapping(struct kbase_context *const kctx,
2223 struct kbase_va_region *const reg, u64 const new_pages,
2224 u64 const old_pages)
2225 {
2226 u64 delta = old_pages - new_pages;
2227 struct kbase_mem_phy_alloc *alloc = reg->gpu_alloc;
2228 int ret = 0;
2229
2230 ret = kbase_mmu_teardown_pages(kctx->kbdev, &kctx->mmu, reg->start_pfn + new_pages,
2231 alloc->pages + new_pages, delta, delta, kctx->as_nr, false);
2232
2233 return ret;
2234 }
2235
kbase_mem_commit(struct kbase_context * kctx,u64 gpu_addr,u64 new_pages)2236 int kbase_mem_commit(struct kbase_context *kctx, u64 gpu_addr, u64 new_pages)
2237 {
2238 u64 old_pages;
2239 u64 delta = 0;
2240 int res = -EINVAL;
2241 struct kbase_va_region *reg;
2242 bool read_locked = false;
2243
2244 /* Calls to this function are inherently asynchronous, with respect to
2245 * MMU operations.
2246 */
2247 const enum kbase_caller_mmu_sync_info mmu_sync_info = CALLER_MMU_ASYNC;
2248
2249 KBASE_DEBUG_ASSERT(kctx);
2250 KBASE_DEBUG_ASSERT(gpu_addr != 0);
2251
2252 if (gpu_addr & ~PAGE_MASK) {
2253 dev_warn(kctx->kbdev->dev, "kbase:mem_commit: gpu_addr: passed parameter is invalid");
2254 return -EINVAL;
2255 }
2256
2257 down_write(kbase_mem_get_process_mmap_lock());
2258 kbase_gpu_vm_lock(kctx);
2259
2260 /* Validate the region */
2261 reg = kbase_region_tracker_find_region_base_address(kctx, gpu_addr);
2262 if (kbase_is_region_invalid_or_free(reg))
2263 goto out_unlock;
2264
2265 KBASE_DEBUG_ASSERT(reg->cpu_alloc);
2266 KBASE_DEBUG_ASSERT(reg->gpu_alloc);
2267
2268 if (reg->gpu_alloc->type != KBASE_MEM_TYPE_NATIVE)
2269 goto out_unlock;
2270
2271 if (0 == (reg->flags & KBASE_REG_GROWABLE))
2272 goto out_unlock;
2273
2274 if (reg->flags & KBASE_REG_ACTIVE_JIT_ALLOC)
2275 goto out_unlock;
2276
2277 /* Would overflow the VA region */
2278 if (new_pages > reg->nr_pages)
2279 goto out_unlock;
2280
2281 /* Can't shrink when physical pages are mapped to different GPU
2282 * VAs. The code doesn't support looking up:
2283 * - all physical pages assigned to different GPU VAs
2284 * - CPU mappings for the physical pages at different vm_pgoff
2285 * (==GPU VA) locations.
2286 *
2287 * Note that for Native allocs mapped at multiple GPU VAs, growth of
2288 * such allocs is not a supported use-case.
2289 */
2290 if (atomic_read(®->gpu_alloc->gpu_mappings) > 1)
2291 goto out_unlock;
2292
2293 if (atomic_read(®->cpu_alloc->kernel_mappings) > 0)
2294 goto out_unlock;
2295
2296 if (kbase_is_region_shrinkable(reg))
2297 goto out_unlock;
2298
2299 if (kbase_va_region_is_no_user_free(reg))
2300 goto out_unlock;
2301
2302 #ifdef CONFIG_MALI_MEMORY_FULLY_BACKED
2303 /* Reject resizing commit size */
2304 if (reg->flags & KBASE_REG_PF_GROW)
2305 new_pages = reg->nr_pages;
2306 #endif
2307
2308 if (new_pages == reg->gpu_alloc->nents) {
2309 /* no change */
2310 res = 0;
2311 goto out_unlock;
2312 }
2313
2314 old_pages = kbase_reg_current_backed_size(reg);
2315 if (new_pages > old_pages) {
2316 delta = new_pages - old_pages;
2317
2318 /*
2319 * No update to the mm so downgrade the writer lock to a read
2320 * lock so other readers aren't blocked after this point.
2321 */
2322 downgrade_write(kbase_mem_get_process_mmap_lock());
2323 read_locked = true;
2324
2325 /* Allocate some more pages */
2326 if (kbase_alloc_phy_pages_helper(reg->cpu_alloc, delta) != 0) {
2327 res = -ENOMEM;
2328 goto out_unlock;
2329 }
2330 if (reg->cpu_alloc != reg->gpu_alloc) {
2331 if (kbase_alloc_phy_pages_helper(
2332 reg->gpu_alloc, delta) != 0) {
2333 res = -ENOMEM;
2334 kbase_free_phy_pages_helper(reg->cpu_alloc,
2335 delta);
2336 goto out_unlock;
2337 }
2338 }
2339
2340 /* No update required for CPU mappings, that's done on fault. */
2341
2342 /* Update GPU mapping. */
2343 res = kbase_mem_grow_gpu_mapping(kctx, reg, new_pages,
2344 old_pages, mmu_sync_info);
2345
2346 /* On error free the new pages */
2347 if (res) {
2348 kbase_free_phy_pages_helper(reg->cpu_alloc, delta);
2349 if (reg->cpu_alloc != reg->gpu_alloc)
2350 kbase_free_phy_pages_helper(reg->gpu_alloc,
2351 delta);
2352 res = -ENOMEM;
2353 goto out_unlock;
2354 }
2355 } else {
2356 res = kbase_mem_shrink(kctx, reg, new_pages);
2357 if (res)
2358 res = -ENOMEM;
2359 }
2360
2361 out_unlock:
2362 kbase_gpu_vm_unlock(kctx);
2363 if (read_locked)
2364 up_read(kbase_mem_get_process_mmap_lock());
2365 else
2366 up_write(kbase_mem_get_process_mmap_lock());
2367
2368 return res;
2369 }
2370
kbase_mem_shrink(struct kbase_context * const kctx,struct kbase_va_region * const reg,u64 new_pages)2371 int kbase_mem_shrink(struct kbase_context *const kctx,
2372 struct kbase_va_region *const reg, u64 new_pages)
2373 {
2374 u64 delta, old_pages;
2375 int err;
2376
2377 lockdep_assert_held(&kctx->reg_lock);
2378
2379 if (WARN_ON(!kctx))
2380 return -EINVAL;
2381
2382 if (WARN_ON(!reg))
2383 return -EINVAL;
2384
2385 old_pages = kbase_reg_current_backed_size(reg);
2386 if (WARN_ON(old_pages < new_pages))
2387 return -EINVAL;
2388
2389 delta = old_pages - new_pages;
2390
2391 /* Update the GPU mapping */
2392 err = kbase_mem_shrink_gpu_mapping(kctx, reg,
2393 new_pages, old_pages);
2394 if (err >= 0) {
2395 /* Update all CPU mapping(s) */
2396 kbase_mem_shrink_cpu_mapping(kctx, reg,
2397 new_pages, old_pages);
2398
2399 kbase_free_phy_pages_helper(reg->cpu_alloc, delta);
2400 if (reg->cpu_alloc != reg->gpu_alloc)
2401 kbase_free_phy_pages_helper(reg->gpu_alloc, delta);
2402
2403 if (kctx->kbdev->pagesize_2mb) {
2404 if (kbase_reg_current_backed_size(reg) > new_pages) {
2405 old_pages = new_pages;
2406 new_pages = kbase_reg_current_backed_size(reg);
2407
2408 /* Update GPU mapping. */
2409 err = kbase_mem_grow_gpu_mapping(kctx, reg, new_pages, old_pages,
2410 CALLER_MMU_ASYNC);
2411 }
2412 } else {
2413 WARN_ON(kbase_reg_current_backed_size(reg) != new_pages);
2414 }
2415 }
2416
2417 return err;
2418 }
2419
2420
kbase_cpu_vm_open(struct vm_area_struct * vma)2421 static void kbase_cpu_vm_open(struct vm_area_struct *vma)
2422 {
2423 struct kbase_cpu_mapping *map = vma->vm_private_data;
2424
2425 KBASE_DEBUG_ASSERT(map);
2426 KBASE_DEBUG_ASSERT(map->count > 0);
2427 /* non-atomic as we're under Linux' mm lock */
2428 map->count++;
2429 }
2430
kbase_cpu_vm_close(struct vm_area_struct * vma)2431 static void kbase_cpu_vm_close(struct vm_area_struct *vma)
2432 {
2433 struct kbase_cpu_mapping *map = vma->vm_private_data;
2434
2435 KBASE_DEBUG_ASSERT(map);
2436 KBASE_DEBUG_ASSERT(map->count > 0);
2437
2438 /* non-atomic as we're under Linux' mm lock */
2439 if (--map->count)
2440 return;
2441
2442 KBASE_DEBUG_ASSERT(map->kctx);
2443 KBASE_DEBUG_ASSERT(map->alloc);
2444
2445 kbase_gpu_vm_lock(map->kctx);
2446
2447 if (map->free_on_close) {
2448 KBASE_DEBUG_ASSERT((map->region->flags & KBASE_REG_ZONE_MASK) ==
2449 KBASE_REG_ZONE_SAME_VA);
2450 /* Avoid freeing memory on the process death which results in
2451 * GPU Page Fault. Memory will be freed in kbase_destroy_context
2452 */
2453 if (!is_process_exiting(vma))
2454 kbase_mem_free_region(map->kctx, map->region);
2455 }
2456
2457 list_del(&map->mappings_list);
2458
2459 kbase_va_region_alloc_put(map->kctx, map->region);
2460 kbase_gpu_vm_unlock(map->kctx);
2461
2462 kbase_mem_phy_alloc_put(map->alloc);
2463 kfree(map);
2464 }
2465
get_aliased_alloc(struct vm_area_struct * vma,struct kbase_va_region * reg,pgoff_t * start_off,size_t nr_pages)2466 static struct kbase_aliased *get_aliased_alloc(struct vm_area_struct *vma,
2467 struct kbase_va_region *reg,
2468 pgoff_t *start_off,
2469 size_t nr_pages)
2470 {
2471 struct kbase_aliased *aliased =
2472 reg->cpu_alloc->imported.alias.aliased;
2473
2474 if (!reg->cpu_alloc->imported.alias.stride ||
2475 reg->nr_pages < (*start_off + nr_pages)) {
2476 return NULL;
2477 }
2478
2479 while (*start_off >= reg->cpu_alloc->imported.alias.stride) {
2480 aliased++;
2481 *start_off -= reg->cpu_alloc->imported.alias.stride;
2482 }
2483
2484 if (!aliased->alloc) {
2485 /* sink page not available for dumping map */
2486 return NULL;
2487 }
2488
2489 if ((*start_off + nr_pages) > aliased->length) {
2490 /* not fully backed by physical pages */
2491 return NULL;
2492 }
2493
2494 return aliased;
2495 }
2496
2497 #if (KERNEL_VERSION(4, 11, 0) > LINUX_VERSION_CODE)
kbase_cpu_vm_fault(struct vm_area_struct * vma,struct vm_fault * vmf)2498 static vm_fault_t kbase_cpu_vm_fault(struct vm_area_struct *vma,
2499 struct vm_fault *vmf)
2500 {
2501 #else
2502 static vm_fault_t kbase_cpu_vm_fault(struct vm_fault *vmf)
2503 {
2504 struct vm_area_struct *vma = vmf->vma;
2505 #endif
2506 struct kbase_cpu_mapping *map = vma->vm_private_data;
2507 pgoff_t map_start_pgoff;
2508 pgoff_t fault_pgoff;
2509 size_t i;
2510 pgoff_t addr;
2511 size_t nents;
2512 struct tagged_addr *pages;
2513 vm_fault_t ret = VM_FAULT_SIGBUS;
2514 struct memory_group_manager_device *mgm_dev;
2515
2516 KBASE_DEBUG_ASSERT(map);
2517 KBASE_DEBUG_ASSERT(map->count > 0);
2518 KBASE_DEBUG_ASSERT(map->kctx);
2519 KBASE_DEBUG_ASSERT(map->alloc);
2520
2521 map_start_pgoff = vma->vm_pgoff - map->region->start_pfn;
2522
2523 kbase_gpu_vm_lock(map->kctx);
2524 if (unlikely(map->region->cpu_alloc->type == KBASE_MEM_TYPE_ALIAS)) {
2525 struct kbase_aliased *aliased =
2526 get_aliased_alloc(vma, map->region, &map_start_pgoff, 1);
2527
2528 if (!aliased)
2529 goto exit;
2530
2531 nents = aliased->length;
2532 pages = aliased->alloc->pages + aliased->offset;
2533 } else {
2534 nents = map->alloc->nents;
2535 pages = map->alloc->pages;
2536 }
2537
2538 fault_pgoff = map_start_pgoff + (vmf->pgoff - vma->vm_pgoff);
2539
2540 if (fault_pgoff >= nents)
2541 goto exit;
2542
2543 /* Fault on access to DONT_NEED regions */
2544 if (map->alloc->reg && (map->alloc->reg->flags & KBASE_REG_DONT_NEED))
2545 goto exit;
2546
2547 /* We are inserting all valid pages from the start of CPU mapping and
2548 * not from the fault location (the mmap handler was previously doing
2549 * the same).
2550 */
2551 i = map_start_pgoff;
2552 addr = (pgoff_t)(vma->vm_start >> PAGE_SHIFT);
2553 mgm_dev = map->kctx->kbdev->mgm_dev;
2554 while (i < nents && (addr < vma->vm_end >> PAGE_SHIFT)) {
2555
2556 ret = mgm_dev->ops.mgm_vmf_insert_pfn_prot(mgm_dev,
2557 map->alloc->group_id, vma, addr << PAGE_SHIFT,
2558 PFN_DOWN(as_phys_addr_t(pages[i])), vma->vm_page_prot);
2559
2560 if (ret != VM_FAULT_NOPAGE)
2561 goto exit;
2562
2563 i++; addr++;
2564 }
2565
2566 exit:
2567 kbase_gpu_vm_unlock(map->kctx);
2568 return ret;
2569 }
2570
2571 const struct vm_operations_struct kbase_vm_ops = {
2572 .open = kbase_cpu_vm_open,
2573 .close = kbase_cpu_vm_close,
2574 .fault = kbase_cpu_vm_fault
2575 };
2576
2577 static int kbase_cpu_mmap(struct kbase_context *kctx,
2578 struct kbase_va_region *reg,
2579 struct vm_area_struct *vma,
2580 void *kaddr,
2581 size_t nr_pages,
2582 unsigned long aligned_offset,
2583 int free_on_close)
2584 {
2585 struct kbase_cpu_mapping *map;
2586 int err = 0;
2587
2588 map = kzalloc(sizeof(*map), GFP_KERNEL);
2589
2590 if (!map) {
2591 WARN_ON(1);
2592 err = -ENOMEM;
2593 goto out;
2594 }
2595
2596 /*
2597 * VM_DONTCOPY - don't make this mapping available in fork'ed processes
2598 * VM_DONTEXPAND - disable mremap on this region
2599 * VM_IO - disables paging
2600 * VM_DONTDUMP - Don't include in core dumps (3.7 only)
2601 * VM_MIXEDMAP - Support mixing struct page*s and raw pfns.
2602 * This is needed to support using the dedicated and
2603 * the OS based memory backends together.
2604 */
2605 /*
2606 * This will need updating to propagate coherency flags
2607 * See MIDBASE-1057
2608 */
2609
2610 vma->vm_flags |= VM_DONTCOPY | VM_DONTDUMP | VM_DONTEXPAND | VM_IO;
2611 vma->vm_ops = &kbase_vm_ops;
2612 vma->vm_private_data = map;
2613
2614 if (reg->cpu_alloc->type == KBASE_MEM_TYPE_ALIAS && nr_pages) {
2615 pgoff_t rel_pgoff = vma->vm_pgoff - reg->start_pfn +
2616 (aligned_offset >> PAGE_SHIFT);
2617 struct kbase_aliased *aliased =
2618 get_aliased_alloc(vma, reg, &rel_pgoff, nr_pages);
2619
2620 if (!aliased) {
2621 err = -EINVAL;
2622 kfree(map);
2623 goto out;
2624 }
2625 }
2626
2627 if (!(reg->flags & KBASE_REG_CPU_CACHED) &&
2628 (reg->flags & (KBASE_REG_CPU_WR|KBASE_REG_CPU_RD))) {
2629 /* We can't map vmalloc'd memory uncached.
2630 * Other memory will have been returned from
2631 * kbase_mem_pool which would be
2632 * suitable for mapping uncached.
2633 */
2634 BUG_ON(kaddr);
2635 vma->vm_page_prot = pgprot_writecombine(vma->vm_page_prot);
2636 }
2637
2638 if (!kaddr) {
2639 vma->vm_flags |= VM_PFNMAP;
2640 } else {
2641 WARN_ON(aligned_offset);
2642 /* MIXEDMAP so we can vfree the kaddr early and not track it after map time */
2643 vma->vm_flags |= VM_MIXEDMAP;
2644 /* vmalloc remaping is easy... */
2645 err = remap_vmalloc_range(vma, kaddr, 0);
2646 WARN_ON(err);
2647 }
2648
2649 if (err) {
2650 kfree(map);
2651 goto out;
2652 }
2653
2654 map->region = kbase_va_region_alloc_get(kctx, reg);
2655 map->free_on_close = free_on_close;
2656 map->kctx = kctx;
2657 map->alloc = kbase_mem_phy_alloc_get(reg->cpu_alloc);
2658 map->count = 1; /* start with one ref */
2659
2660 if (reg->flags & KBASE_REG_CPU_CACHED)
2661 map->alloc->properties |= KBASE_MEM_PHY_ALLOC_ACCESSED_CACHED;
2662
2663 list_add(&map->mappings_list, &map->alloc->mappings);
2664
2665 out:
2666 return err;
2667 }
2668
2669 #ifdef CONFIG_MALI_VECTOR_DUMP
2670 static void kbase_free_unused_jit_allocations(struct kbase_context *kctx)
2671 {
2672 /* Free all cached/unused JIT allocations as their contents are not
2673 * really needed for the replay. The GPU writes to them would already
2674 * have been captured through the GWT mechanism.
2675 * This considerably reduces the size of mmu-snapshot-file and it also
2676 * helps avoid segmentation fault issue during vector dumping of
2677 * complex contents when the unused JIT allocations are accessed to
2678 * dump their contents (as they appear in the page tables snapshot)
2679 * but they got freed by the shrinker under low memory scenarios
2680 * (which do occur with complex contents).
2681 */
2682 while (kbase_jit_evict(kctx))
2683 ;
2684 }
2685
2686 static int kbase_mmu_dump_mmap(struct kbase_context *kctx,
2687 struct vm_area_struct *vma,
2688 struct kbase_va_region **const reg,
2689 void **const kmap_addr)
2690 {
2691 struct kbase_va_region *new_reg;
2692 void *kaddr;
2693 u32 nr_pages;
2694 size_t size;
2695 int err = 0;
2696
2697 lockdep_assert_held(&kctx->reg_lock);
2698
2699 dev_dbg(kctx->kbdev->dev, "%s\n", __func__);
2700 size = (vma->vm_end - vma->vm_start);
2701 nr_pages = size >> PAGE_SHIFT;
2702
2703 kbase_free_unused_jit_allocations(kctx);
2704
2705 kaddr = kbase_mmu_dump(kctx, nr_pages);
2706
2707 if (!kaddr) {
2708 err = -ENOMEM;
2709 goto out;
2710 }
2711
2712 new_reg = kbase_alloc_free_region(kctx->kbdev, &kctx->reg_rbtree_same, 0, nr_pages,
2713 KBASE_REG_ZONE_SAME_VA);
2714 if (!new_reg) {
2715 err = -ENOMEM;
2716 WARN_ON(1);
2717 goto out;
2718 }
2719
2720 new_reg->cpu_alloc = kbase_alloc_create(kctx, 0, KBASE_MEM_TYPE_RAW,
2721 BASE_MEM_GROUP_DEFAULT);
2722 if (IS_ERR_OR_NULL(new_reg->cpu_alloc)) {
2723 err = -ENOMEM;
2724 new_reg->cpu_alloc = NULL;
2725 WARN_ON(1);
2726 goto out_no_alloc;
2727 }
2728
2729 new_reg->gpu_alloc = kbase_mem_phy_alloc_get(new_reg->cpu_alloc);
2730
2731 new_reg->flags &= ~KBASE_REG_FREE;
2732 new_reg->flags |= KBASE_REG_CPU_CACHED;
2733 if (kbase_add_va_region(kctx, new_reg, vma->vm_start, nr_pages, 1) != 0) {
2734 err = -ENOMEM;
2735 WARN_ON(1);
2736 goto out_va_region;
2737 }
2738
2739 *kmap_addr = kaddr;
2740 *reg = new_reg;
2741
2742 dev_dbg(kctx->kbdev->dev, "%s done\n", __func__);
2743 return 0;
2744
2745 out_no_alloc:
2746 out_va_region:
2747 kbase_free_alloced_region(new_reg);
2748 out:
2749 return err;
2750 }
2751 #endif
2752
2753 void kbase_os_mem_map_lock(struct kbase_context *kctx)
2754 {
2755 (void)kctx;
2756 down_read(kbase_mem_get_process_mmap_lock());
2757 }
2758
2759 void kbase_os_mem_map_unlock(struct kbase_context *kctx)
2760 {
2761 (void)kctx;
2762 up_read(kbase_mem_get_process_mmap_lock());
2763 }
2764
2765 static int kbasep_reg_mmap(struct kbase_context *kctx,
2766 struct vm_area_struct *vma,
2767 struct kbase_va_region **regm,
2768 size_t *nr_pages, size_t *aligned_offset)
2769
2770 {
2771 unsigned int cookie = vma->vm_pgoff - PFN_DOWN(BASE_MEM_COOKIE_BASE);
2772 struct kbase_va_region *reg;
2773 int err = 0;
2774
2775 /* Calls to this function are inherently asynchronous, with respect to
2776 * MMU operations.
2777 */
2778 const enum kbase_caller_mmu_sync_info mmu_sync_info = CALLER_MMU_ASYNC;
2779
2780 *aligned_offset = 0;
2781
2782 dev_dbg(kctx->kbdev->dev, "%s\n", __func__);
2783
2784 /* SAME_VA stuff, fetch the right region */
2785 reg = kctx->pending_regions[cookie];
2786 if (!reg) {
2787 err = -ENOMEM;
2788 goto out;
2789 }
2790
2791 if ((reg->flags & KBASE_REG_GPU_NX) && (reg->nr_pages != *nr_pages)) {
2792 /* incorrect mmap size */
2793 /* leave the cookie for a potential later
2794 * mapping, or to be reclaimed later when the
2795 * context is freed
2796 */
2797 err = -ENOMEM;
2798 goto out;
2799 }
2800
2801 if ((vma->vm_flags & VM_READ && !(reg->flags & KBASE_REG_CPU_RD)) ||
2802 (vma->vm_flags & VM_WRITE && !(reg->flags & KBASE_REG_CPU_WR))) {
2803 /* VM flags inconsistent with region flags */
2804 err = -EPERM;
2805 dev_err(kctx->kbdev->dev, "%s:%d inconsistent VM flags\n",
2806 __FILE__, __LINE__);
2807 goto out;
2808 }
2809
2810 /* adjust down nr_pages to what we have physically */
2811 *nr_pages = kbase_reg_current_backed_size(reg);
2812 if (kbase_gpu_mmap(kctx, reg, vma->vm_start + *aligned_offset,
2813 reg->nr_pages, 1, mmu_sync_info) != 0) {
2814 dev_err(kctx->kbdev->dev, "%s:%d\n", __FILE__, __LINE__);
2815 /* Unable to map in GPU space. */
2816 WARN_ON(1);
2817 err = -ENOMEM;
2818 goto out;
2819 }
2820 /* no need for the cookie anymore */
2821 kctx->pending_regions[cookie] = NULL;
2822 bitmap_set(kctx->cookies, cookie, 1);
2823
2824 #if MALI_USE_CSF
2825 if (reg->flags & KBASE_REG_CSF_EVENT)
2826 kbase_link_event_mem_page(kctx, reg);
2827 #endif
2828
2829 /*
2830 * Overwrite the offset with the region start_pfn, so we effectively
2831 * map from offset 0 in the region. However subtract the aligned
2832 * offset so that when user space trims the mapping the beginning of
2833 * the trimmed VMA has the correct vm_pgoff;
2834 */
2835 vma->vm_pgoff = reg->start_pfn - ((*aligned_offset)>>PAGE_SHIFT);
2836 out:
2837 *regm = reg;
2838 dev_dbg(kctx->kbdev->dev, "%s done\n", __func__);
2839
2840 return err;
2841 }
2842
2843 int kbase_context_mmap(struct kbase_context *const kctx,
2844 struct vm_area_struct *const vma)
2845 {
2846 struct kbase_va_region *reg = NULL;
2847 void *kaddr = NULL;
2848 size_t nr_pages = vma_pages(vma);
2849 int err = 0;
2850 int free_on_close = 0;
2851 struct device *dev = kctx->kbdev->dev;
2852 size_t aligned_offset = 0;
2853
2854 dev_dbg(dev, "kbase_mmap\n");
2855
2856 if (!(vma->vm_flags & VM_READ))
2857 vma->vm_flags &= ~VM_MAYREAD;
2858 if (!(vma->vm_flags & VM_WRITE))
2859 vma->vm_flags &= ~VM_MAYWRITE;
2860
2861 if (nr_pages == 0) {
2862 err = -EINVAL;
2863 goto out;
2864 }
2865
2866 if (!(vma->vm_flags & VM_SHARED)) {
2867 err = -EINVAL;
2868 goto out;
2869 }
2870
2871 kbase_gpu_vm_lock(kctx);
2872
2873 if (vma->vm_pgoff == PFN_DOWN(BASE_MEM_MAP_TRACKING_HANDLE)) {
2874 /* The non-mapped tracking helper page */
2875 err = kbase_tracking_page_setup(kctx, vma);
2876 goto out_unlock;
2877 }
2878
2879 if (!kbase_mem_allow_alloc(kctx)) {
2880 err = -EINVAL;
2881 goto out_unlock;
2882 }
2883
2884 switch (vma->vm_pgoff) {
2885 case PFN_DOWN(BASEP_MEM_INVALID_HANDLE):
2886 case PFN_DOWN(BASEP_MEM_WRITE_ALLOC_PAGES_HANDLE):
2887 /* Illegal handle for direct map */
2888 err = -EINVAL;
2889 goto out_unlock;
2890 case PFN_DOWN(BASE_MEM_MMU_DUMP_HANDLE):
2891 #if defined(CONFIG_MALI_VECTOR_DUMP)
2892 /* MMU dump */
2893 err = kbase_mmu_dump_mmap(kctx, vma, ®, &kaddr);
2894 if (err != 0)
2895 goto out_unlock;
2896 /* free the region on munmap */
2897 free_on_close = 1;
2898 break;
2899 #else
2900 /* Illegal handle for direct map */
2901 err = -EINVAL;
2902 goto out_unlock;
2903 #endif /* defined(CONFIG_MALI_VECTOR_DUMP) */
2904 #if MALI_USE_CSF
2905 case PFN_DOWN(BASEP_MEM_CSF_USER_REG_PAGE_HANDLE):
2906 kbase_gpu_vm_unlock(kctx);
2907 err = kbase_csf_cpu_mmap_user_reg_page(kctx, vma);
2908 goto out;
2909 case PFN_DOWN(BASEP_MEM_CSF_USER_IO_PAGES_HANDLE) ...
2910 PFN_DOWN(BASE_MEM_COOKIE_BASE) - 1: {
2911 kbase_gpu_vm_unlock(kctx);
2912 mutex_lock(&kctx->csf.lock);
2913 err = kbase_csf_cpu_mmap_user_io_pages(kctx, vma);
2914 mutex_unlock(&kctx->csf.lock);
2915 goto out;
2916 }
2917 #endif
2918 case PFN_DOWN(BASE_MEM_COOKIE_BASE) ...
2919 PFN_DOWN(BASE_MEM_FIRST_FREE_ADDRESS) - 1: {
2920 err = kbasep_reg_mmap(kctx, vma, ®, &nr_pages,
2921 &aligned_offset);
2922 if (err != 0)
2923 goto out_unlock;
2924 /* free the region on munmap */
2925 free_on_close = 1;
2926 break;
2927 }
2928 default: {
2929 reg = kbase_region_tracker_find_region_enclosing_address(kctx,
2930 (u64)vma->vm_pgoff << PAGE_SHIFT);
2931
2932 if (!kbase_is_region_invalid_or_free(reg)) {
2933 /* will this mapping overflow the size of the region? */
2934 if (nr_pages > (reg->nr_pages -
2935 (vma->vm_pgoff - reg->start_pfn))) {
2936 err = -ENOMEM;
2937 goto out_unlock;
2938 }
2939
2940 if ((vma->vm_flags & VM_READ &&
2941 !(reg->flags & KBASE_REG_CPU_RD)) ||
2942 (vma->vm_flags & VM_WRITE &&
2943 !(reg->flags & KBASE_REG_CPU_WR))) {
2944 /* VM flags inconsistent with region flags */
2945 err = -EPERM;
2946 dev_err(dev, "%s:%d inconsistent VM flags\n",
2947 __FILE__, __LINE__);
2948 goto out_unlock;
2949 }
2950
2951 if (KBASE_MEM_TYPE_IMPORTED_UMM ==
2952 reg->cpu_alloc->type) {
2953 if (0 != (vma->vm_pgoff - reg->start_pfn)) {
2954 err = -EINVAL;
2955 dev_warn(dev, "%s:%d attempt to do a partial map in a dma_buf: non-zero offset to dma_buf mapping!\n",
2956 __FILE__, __LINE__);
2957 goto out_unlock;
2958 }
2959 err = dma_buf_mmap(
2960 reg->cpu_alloc->imported.umm.dma_buf,
2961 vma, vma->vm_pgoff - reg->start_pfn);
2962 goto out_unlock;
2963 }
2964
2965 if (reg->cpu_alloc->type == KBASE_MEM_TYPE_ALIAS) {
2966 /* initial params check for aliased dumping map */
2967 if (nr_pages > reg->gpu_alloc->imported.alias.stride ||
2968 !reg->gpu_alloc->imported.alias.stride ||
2969 !nr_pages) {
2970 err = -EINVAL;
2971 dev_warn(dev, "mmap aliased: invalid params!\n");
2972 goto out_unlock;
2973 }
2974 } else if (reg->cpu_alloc->nents <
2975 (vma->vm_pgoff - reg->start_pfn + nr_pages)) {
2976 /* limit what we map to the amount currently backed */
2977 if ((vma->vm_pgoff - reg->start_pfn) >= reg->cpu_alloc->nents)
2978 nr_pages = 0;
2979 else
2980 nr_pages = reg->cpu_alloc->nents - (vma->vm_pgoff - reg->start_pfn);
2981 }
2982 } else {
2983 err = -ENOMEM;
2984 goto out_unlock;
2985 }
2986 } /* default */
2987 } /* switch */
2988
2989 err = kbase_cpu_mmap(kctx, reg, vma, kaddr, nr_pages, aligned_offset,
2990 free_on_close);
2991 #if defined(CONFIG_MALI_VECTOR_DUMP)
2992 if (vma->vm_pgoff == PFN_DOWN(BASE_MEM_MMU_DUMP_HANDLE)) {
2993 /* MMU dump - userspace should now have a reference on
2994 * the pages, so we can now free the kernel mapping
2995 */
2996 vfree(kaddr);
2997 /* CPU mapping of GPU allocations have GPU VA as the vm_pgoff
2998 * and that is used to shrink the mapping when the commit size
2999 * is reduced. So vm_pgoff for CPU mapping created to get the
3000 * snapshot of GPU page tables shall not match with any GPU VA.
3001 * That can be ensured by setting vm_pgoff as vma->vm_start
3002 * because,
3003 * - GPU VA of any SAME_VA allocation cannot match with
3004 * vma->vm_start, as CPU VAs are unique.
3005 * - GPU VA of CUSTOM_VA allocations are outside the CPU
3006 * virtual address space.
3007 */
3008 vma->vm_pgoff = PFN_DOWN(vma->vm_start);
3009 }
3010 #endif /* defined(CONFIG_MALI_VECTOR_DUMP) */
3011 out_unlock:
3012 kbase_gpu_vm_unlock(kctx);
3013 out:
3014 if (err)
3015 dev_err(dev, "mmap failed %d\n", err);
3016
3017 return err;
3018 }
3019
3020 KBASE_EXPORT_TEST_API(kbase_context_mmap);
3021
3022 void kbase_sync_mem_regions(struct kbase_context *kctx,
3023 struct kbase_vmap_struct *map, enum kbase_sync_type dest)
3024 {
3025 size_t i;
3026 off_t const offset = map->offset_in_page;
3027 size_t const page_count = PFN_UP(offset + map->size);
3028
3029 /* Sync first page */
3030 size_t sz = MIN(((size_t) PAGE_SIZE - offset), map->size);
3031 struct tagged_addr cpu_pa = map->cpu_pages[0];
3032 struct tagged_addr gpu_pa = map->gpu_pages[0];
3033
3034 kbase_sync_single(kctx, cpu_pa, gpu_pa, offset, sz, dest);
3035
3036 /* Sync middle pages (if any) */
3037 for (i = 1; page_count > 2 && i < page_count - 1; i++) {
3038 cpu_pa = map->cpu_pages[i];
3039 gpu_pa = map->gpu_pages[i];
3040 kbase_sync_single(kctx, cpu_pa, gpu_pa, 0, PAGE_SIZE, dest);
3041 }
3042
3043 /* Sync last page (if any) */
3044 if (page_count > 1) {
3045 cpu_pa = map->cpu_pages[page_count - 1];
3046 gpu_pa = map->gpu_pages[page_count - 1];
3047 sz = ((offset + map->size - 1) & ~PAGE_MASK) + 1;
3048 kbase_sync_single(kctx, cpu_pa, gpu_pa, 0, sz, dest);
3049 }
3050 }
3051
3052 /**
3053 * kbase_vmap_phy_pages_migrate_count_increment - Increment VMAP count for
3054 * array of physical pages
3055 *
3056 * @pages: Array of pages.
3057 * @page_count: Number of pages.
3058 * @flags: Region flags.
3059 *
3060 * This function is supposed to be called only if page migration support
3061 * is enabled in the driver.
3062 *
3063 * The counter of kernel CPU mappings of the physical pages involved in a
3064 * mapping operation is incremented by 1. Errors are handled by making pages
3065 * not movable. Permanent kernel mappings will be marked as not movable, too.
3066 */
3067 static void kbase_vmap_phy_pages_migrate_count_increment(struct tagged_addr *pages,
3068 size_t page_count, unsigned long flags)
3069 {
3070 size_t i;
3071
3072 for (i = 0; i < page_count; i++) {
3073 struct page *p = as_page(pages[i]);
3074 struct kbase_page_metadata *page_md = kbase_page_private(p);
3075
3076 /* Skip the 4KB page that is part of a large page, as the large page is
3077 * excluded from the migration process.
3078 */
3079 if (is_huge(pages[i]) || is_partial(pages[i]))
3080 continue;
3081
3082 spin_lock(&page_md->migrate_lock);
3083 /* Mark permanent kernel mappings as NOT_MOVABLE because they're likely
3084 * to stay mapped for a long time. However, keep on counting the number
3085 * of mappings even for them: they don't represent an exception for the
3086 * vmap_count.
3087 *
3088 * At the same time, errors need to be handled if a client tries to add
3089 * too many mappings, hence a page may end up in the NOT_MOVABLE state
3090 * anyway even if it's not a permanent kernel mapping.
3091 */
3092 if (flags & KBASE_REG_PERMANENT_KERNEL_MAPPING)
3093 page_md->status = PAGE_STATUS_SET(page_md->status, (u8)NOT_MOVABLE);
3094 if (page_md->vmap_count < U8_MAX)
3095 page_md->vmap_count++;
3096 else
3097 page_md->status = PAGE_STATUS_SET(page_md->status, (u8)NOT_MOVABLE);
3098 spin_unlock(&page_md->migrate_lock);
3099 }
3100 }
3101
3102 /**
3103 * kbase_vunmap_phy_pages_migrate_count_decrement - Decrement VMAP count for
3104 * array of physical pages
3105 *
3106 * @pages: Array of pages.
3107 * @page_count: Number of pages.
3108 *
3109 * This function is supposed to be called only if page migration support
3110 * is enabled in the driver.
3111 *
3112 * The counter of kernel CPU mappings of the physical pages involved in a
3113 * mapping operation is decremented by 1. Errors are handled by making pages
3114 * not movable.
3115 */
3116 static void kbase_vunmap_phy_pages_migrate_count_decrement(struct tagged_addr *pages,
3117 size_t page_count)
3118 {
3119 size_t i;
3120
3121 for (i = 0; i < page_count; i++) {
3122 struct page *p = as_page(pages[i]);
3123 struct kbase_page_metadata *page_md = kbase_page_private(p);
3124
3125 /* Skip the 4KB page that is part of a large page, as the large page is
3126 * excluded from the migration process.
3127 */
3128 if (is_huge(pages[i]) || is_partial(pages[i]))
3129 continue;
3130
3131 spin_lock(&page_md->migrate_lock);
3132 /* Decrement the number of mappings for all kinds of pages, including
3133 * pages which are NOT_MOVABLE (e.g. permanent kernel mappings).
3134 * However, errors still need to be handled if a client tries to remove
3135 * more mappings than created.
3136 */
3137 if (page_md->vmap_count == 0)
3138 page_md->status = PAGE_STATUS_SET(page_md->status, (u8)NOT_MOVABLE);
3139 else
3140 page_md->vmap_count--;
3141 spin_unlock(&page_md->migrate_lock);
3142 }
3143 }
3144
3145 static int kbase_vmap_phy_pages(struct kbase_context *kctx, struct kbase_va_region *reg,
3146 u64 offset_bytes, size_t size, struct kbase_vmap_struct *map,
3147 kbase_vmap_flag vmap_flags)
3148 {
3149 unsigned long page_index;
3150 unsigned int offset_in_page = offset_bytes & ~PAGE_MASK;
3151 size_t page_count = PFN_UP(offset_in_page + size);
3152 struct tagged_addr *page_array;
3153 struct page **pages;
3154 void *cpu_addr = NULL;
3155 pgprot_t prot;
3156 size_t i;
3157
3158 if (WARN_ON(vmap_flags & ~KBASE_VMAP_INPUT_FLAGS))
3159 return -EINVAL;
3160
3161 if (WARN_ON(kbase_is_region_invalid_or_free(reg)))
3162 return -EINVAL;
3163
3164 if (!size || !map || !reg->cpu_alloc || !reg->gpu_alloc)
3165 return -EINVAL;
3166
3167 /* check if page_count calculation will wrap */
3168 if (size > ((size_t)-1 / PAGE_SIZE))
3169 return -EINVAL;
3170
3171 page_index = offset_bytes >> PAGE_SHIFT;
3172
3173 /* check if page_index + page_count will wrap */
3174 if (-1UL - page_count < page_index)
3175 return -EINVAL;
3176
3177 if (page_index + page_count > kbase_reg_current_backed_size(reg))
3178 return -ENOMEM;
3179
3180 if ((vmap_flags & KBASE_VMAP_FLAG_PERMANENT_MAP_ACCOUNTING) &&
3181 (page_count > (KBASE_PERMANENTLY_MAPPED_MEM_LIMIT_PAGES -
3182 atomic_read(&kctx->permanent_mapped_pages)))) {
3183 dev_warn(
3184 kctx->kbdev->dev,
3185 "Request for %llu more pages mem needing a permanent mapping would breach limit %lu, currently at %d pages",
3186 (u64)page_count, KBASE_PERMANENTLY_MAPPED_MEM_LIMIT_PAGES,
3187 atomic_read(&kctx->permanent_mapped_pages));
3188 return -ENOMEM;
3189 }
3190
3191 if (reg->flags & KBASE_REG_DONT_NEED)
3192 return -EINVAL;
3193
3194 prot = PAGE_KERNEL;
3195 if (!(reg->flags & KBASE_REG_CPU_CACHED)) {
3196 /* Map uncached */
3197 prot = pgprot_writecombine(prot);
3198 }
3199
3200 page_array = kbase_get_cpu_phy_pages(reg);
3201 if (!page_array)
3202 return -ENOMEM;
3203
3204 pages = kmalloc_array(page_count, sizeof(struct page *), GFP_KERNEL);
3205 if (!pages)
3206 return -ENOMEM;
3207
3208 for (i = 0; i < page_count; i++)
3209 pages[i] = as_page(page_array[page_index + i]);
3210
3211 /* Note: enforcing a RO prot_request onto prot is not done, since:
3212 * - CPU-arch-specific integration required
3213 * - kbase_vmap() requires no access checks to be made/enforced
3214 */
3215 cpu_addr = vmap(pages, page_count, VM_MAP, prot);
3216
3217 /* If page migration is enabled, increment the number of VMA mappings
3218 * of all physical pages. In case of errors, e.g. too many mappings,
3219 * make the page not movable to prevent trouble.
3220 */
3221 if (kbase_page_migration_enabled && !kbase_mem_is_imported(reg->gpu_alloc->type))
3222 kbase_vmap_phy_pages_migrate_count_increment(page_array, page_count, reg->flags);
3223
3224 kfree(pages);
3225
3226 if (!cpu_addr)
3227 return -ENOMEM;
3228
3229 map->offset_in_page = offset_in_page;
3230 map->cpu_alloc = reg->cpu_alloc;
3231 map->cpu_pages = &kbase_get_cpu_phy_pages(reg)[page_index];
3232 map->gpu_alloc = reg->gpu_alloc;
3233 map->gpu_pages = &kbase_get_gpu_phy_pages(reg)[page_index];
3234 map->addr = (void *)((uintptr_t)cpu_addr + offset_in_page);
3235 map->size = size;
3236 map->flags = vmap_flags;
3237 if ((reg->flags & KBASE_REG_CPU_CACHED) && !kbase_mem_is_imported(map->gpu_alloc->type))
3238 map->flags |= KBASE_VMAP_FLAG_SYNC_NEEDED;
3239
3240 if (map->flags & KBASE_VMAP_FLAG_SYNC_NEEDED)
3241 kbase_sync_mem_regions(kctx, map, KBASE_SYNC_TO_CPU);
3242
3243 if (vmap_flags & KBASE_VMAP_FLAG_PERMANENT_MAP_ACCOUNTING)
3244 atomic_add(page_count, &kctx->permanent_mapped_pages);
3245
3246 kbase_mem_phy_alloc_kernel_mapped(reg->cpu_alloc);
3247
3248 return 0;
3249 }
3250
3251 void *kbase_vmap_reg(struct kbase_context *kctx, struct kbase_va_region *reg, u64 gpu_addr,
3252 size_t size, unsigned long prot_request, struct kbase_vmap_struct *map,
3253 kbase_vmap_flag vmap_flags)
3254 {
3255 u64 offset_bytes;
3256 struct kbase_mem_phy_alloc *cpu_alloc;
3257 struct kbase_mem_phy_alloc *gpu_alloc;
3258 int err;
3259
3260 lockdep_assert_held(&kctx->reg_lock);
3261
3262 if (WARN_ON(kbase_is_region_invalid_or_free(reg)))
3263 return NULL;
3264
3265 /* check access permissions can be satisfied
3266 * Intended only for checking KBASE_REG_{CPU,GPU}_{RD,WR}
3267 */
3268 if ((reg->flags & prot_request) != prot_request)
3269 return NULL;
3270
3271 offset_bytes = gpu_addr - (reg->start_pfn << PAGE_SHIFT);
3272 cpu_alloc = kbase_mem_phy_alloc_get(reg->cpu_alloc);
3273 gpu_alloc = kbase_mem_phy_alloc_get(reg->gpu_alloc);
3274
3275 err = kbase_vmap_phy_pages(kctx, reg, offset_bytes, size, map, vmap_flags);
3276 if (err < 0)
3277 goto fail_vmap_phy_pages;
3278
3279 return map->addr;
3280
3281 fail_vmap_phy_pages:
3282 kbase_mem_phy_alloc_put(cpu_alloc);
3283 kbase_mem_phy_alloc_put(gpu_alloc);
3284 return NULL;
3285 }
3286
3287 void *kbase_vmap_prot(struct kbase_context *kctx, u64 gpu_addr, size_t size,
3288 unsigned long prot_request, struct kbase_vmap_struct *map)
3289 {
3290 struct kbase_va_region *reg;
3291 void *addr = NULL;
3292
3293 kbase_gpu_vm_lock(kctx);
3294
3295 reg = kbase_region_tracker_find_region_enclosing_address(kctx, gpu_addr);
3296 if (kbase_is_region_invalid_or_free(reg))
3297 goto out_unlock;
3298
3299 if (reg->gpu_alloc->type != KBASE_MEM_TYPE_NATIVE)
3300 goto out_unlock;
3301
3302 addr = kbase_vmap_reg(kctx, reg, gpu_addr, size, prot_request, map, 0u);
3303
3304 out_unlock:
3305 kbase_gpu_vm_unlock(kctx);
3306 return addr;
3307 }
3308
3309 void *kbase_vmap(struct kbase_context *kctx, u64 gpu_addr, size_t size,
3310 struct kbase_vmap_struct *map)
3311 {
3312 /* 0 is specified for prot_request to indicate no access checks should
3313 * be made.
3314 *
3315 * As mentioned in kbase_vmap_prot() this means that a kernel-side
3316 * CPU-RO mapping is not enforced to allow this to work
3317 */
3318 return kbase_vmap_prot(kctx, gpu_addr, size, 0u, map);
3319 }
3320 KBASE_EXPORT_TEST_API(kbase_vmap);
3321
3322 static void kbase_vunmap_phy_pages(struct kbase_context *kctx,
3323 struct kbase_vmap_struct *map)
3324 {
3325 void *addr = (void *)((uintptr_t)map->addr & PAGE_MASK);
3326
3327 vunmap(addr);
3328
3329 /* If page migration is enabled, decrement the number of VMA mappings
3330 * for all physical pages. Now is a good time to do it because references
3331 * haven't been released yet.
3332 */
3333 if (kbase_page_migration_enabled && !kbase_mem_is_imported(map->gpu_alloc->type)) {
3334 const size_t page_count = PFN_UP(map->offset_in_page + map->size);
3335 struct tagged_addr *pages_array = map->cpu_pages;
3336
3337 kbase_vunmap_phy_pages_migrate_count_decrement(pages_array, page_count);
3338 }
3339
3340 if (map->flags & KBASE_VMAP_FLAG_SYNC_NEEDED)
3341 kbase_sync_mem_regions(kctx, map, KBASE_SYNC_TO_DEVICE);
3342 if (map->flags & KBASE_VMAP_FLAG_PERMANENT_MAP_ACCOUNTING) {
3343 size_t page_count = PFN_UP(map->offset_in_page + map->size);
3344
3345 WARN_ON(page_count > atomic_read(&kctx->permanent_mapped_pages));
3346 atomic_sub(page_count, &kctx->permanent_mapped_pages);
3347 }
3348
3349 kbase_mem_phy_alloc_kernel_unmapped(map->cpu_alloc);
3350
3351 map->offset_in_page = 0;
3352 map->cpu_pages = NULL;
3353 map->gpu_pages = NULL;
3354 map->addr = NULL;
3355 map->size = 0;
3356 map->flags = 0;
3357 }
3358
3359 void kbase_vunmap(struct kbase_context *kctx, struct kbase_vmap_struct *map)
3360 {
3361 kbase_vunmap_phy_pages(kctx, map);
3362 map->cpu_alloc = kbase_mem_phy_alloc_put(map->cpu_alloc);
3363 map->gpu_alloc = kbase_mem_phy_alloc_put(map->gpu_alloc);
3364 }
3365 KBASE_EXPORT_TEST_API(kbase_vunmap);
3366
3367 static void kbasep_add_mm_counter(struct mm_struct *mm, int member, long value)
3368 {
3369 #if (KERNEL_VERSION(4, 19, 0) <= LINUX_VERSION_CODE)
3370 /* To avoid the build breakage due to an unexported kernel symbol
3371 * 'mm_trace_rss_stat' from later kernels, i.e. from V4.19.0 onwards,
3372 * we inline here the equivalent of 'add_mm_counter()' from linux
3373 * kernel V5.4.0~8.
3374 */
3375 atomic_long_add(value, &mm->rss_stat.count[member]);
3376 #else
3377 add_mm_counter(mm, member, value);
3378 #endif
3379 }
3380
3381 void kbasep_os_process_page_usage_update(struct kbase_context *kctx, int pages)
3382 {
3383 struct mm_struct *mm = kctx->process_mm;
3384
3385 if (unlikely(!mm))
3386 return;
3387
3388 atomic_add(pages, &kctx->nonmapped_pages);
3389 #ifdef SPLIT_RSS_COUNTING
3390 kbasep_add_mm_counter(mm, MM_FILEPAGES, pages);
3391 #else
3392 spin_lock(&mm->page_table_lock);
3393 kbasep_add_mm_counter(mm, MM_FILEPAGES, pages);
3394 spin_unlock(&mm->page_table_lock);
3395 #endif
3396 }
3397
3398 static int kbase_tracking_page_setup(struct kbase_context *kctx, struct vm_area_struct *vma)
3399 {
3400 if (vma_pages(vma) != 1)
3401 return -EINVAL;
3402
3403 /* no real access */
3404 vma->vm_flags &= ~(VM_READ | VM_MAYREAD | VM_WRITE | VM_MAYWRITE | VM_EXEC | VM_MAYEXEC);
3405 vma->vm_flags |= VM_DONTCOPY | VM_DONTEXPAND | VM_DONTDUMP | VM_IO;
3406
3407 return 0;
3408 }
3409
3410 #if MALI_USE_CSF
3411 static unsigned long get_queue_doorbell_pfn(struct kbase_device *kbdev,
3412 struct kbase_queue *queue)
3413 {
3414 lockdep_assert_held(&kbdev->csf.reg_lock);
3415
3416 /* Return the real Hw doorbell page if queue has been
3417 * assigned one, otherwise a dummy page. Always return the
3418 * dummy page in no mali builds.
3419 */
3420 #if IS_ENABLED(CONFIG_MALI_BIFROST_NO_MALI)
3421 return PFN_DOWN(as_phys_addr_t(kbdev->csf.dummy_db_page));
3422 #else
3423 if (queue->doorbell_nr == KBASEP_USER_DB_NR_INVALID)
3424 return PFN_DOWN(as_phys_addr_t(kbdev->csf.dummy_db_page));
3425 #endif
3426 return (PFN_DOWN(kbdev->reg_start + CSF_HW_DOORBELL_PAGE_OFFSET +
3427 (u64)queue->doorbell_nr * CSF_HW_DOORBELL_PAGE_SIZE));
3428 }
3429
3430 static int
3431 #if (KERNEL_VERSION(5, 13, 0) <= LINUX_VERSION_CODE || \
3432 KERNEL_VERSION(5, 11, 0) > LINUX_VERSION_CODE)
3433 kbase_csf_user_io_pages_vm_mremap(struct vm_area_struct *vma)
3434 #else
3435 kbase_csf_user_io_pages_vm_mremap(struct vm_area_struct *vma, unsigned long flags)
3436 #endif
3437 {
3438 pr_debug("Unexpected call to mremap method for User IO pages mapping vma\n");
3439 return -EINVAL;
3440 }
3441
3442 static int kbase_csf_user_io_pages_vm_split(struct vm_area_struct *vma, unsigned long addr)
3443 {
3444 pr_debug("Unexpected call to split method for User IO pages mapping vma\n");
3445 return -EINVAL;
3446 }
3447
3448 static void kbase_csf_user_io_pages_vm_open(struct vm_area_struct *vma)
3449 {
3450 pr_debug("Unexpected call to the open method for User IO pages mapping vma\n");
3451 vma->vm_private_data = NULL;
3452 }
3453
3454 static void kbase_csf_user_io_pages_vm_close(struct vm_area_struct *vma)
3455 {
3456 struct kbase_queue *queue = vma->vm_private_data;
3457 struct kbase_context *kctx;
3458 struct kbase_device *kbdev;
3459 int err;
3460 bool reset_prevented = false;
3461
3462 if (!queue) {
3463 pr_debug("Close method called for the new User IO pages mapping vma\n");
3464 return;
3465 }
3466
3467 kctx = queue->kctx;
3468 kbdev = kctx->kbdev;
3469
3470 err = kbase_reset_gpu_prevent_and_wait(kbdev);
3471 if (err)
3472 dev_warn(
3473 kbdev->dev,
3474 "Unsuccessful GPU reset detected when unbinding queue (csi_index=%d), attempting to unbind regardless",
3475 queue->csi_index);
3476 else
3477 reset_prevented = true;
3478
3479 mutex_lock(&kctx->csf.lock);
3480 kbase_csf_queue_unbind(queue, is_process_exiting(vma));
3481 mutex_unlock(&kctx->csf.lock);
3482
3483 if (reset_prevented)
3484 kbase_reset_gpu_allow(kbdev);
3485
3486 /* Now as the vma is closed, drop the reference on mali device file */
3487 fput(kctx->filp);
3488 }
3489
3490 #if (KERNEL_VERSION(4, 11, 0) > LINUX_VERSION_CODE)
3491 static vm_fault_t kbase_csf_user_io_pages_vm_fault(struct vm_area_struct *vma,
3492 struct vm_fault *vmf)
3493 {
3494 #else
3495 static vm_fault_t kbase_csf_user_io_pages_vm_fault(struct vm_fault *vmf)
3496 {
3497 struct vm_area_struct *vma = vmf->vma;
3498 #endif
3499 struct kbase_queue *queue = vma->vm_private_data;
3500 unsigned long doorbell_cpu_addr, input_cpu_addr, output_cpu_addr;
3501 unsigned long doorbell_page_pfn, input_page_pfn, output_page_pfn;
3502 pgprot_t doorbell_pgprot, input_page_pgprot, output_page_pgprot;
3503 size_t nr_pages = PFN_DOWN(vma->vm_end - vma->vm_start);
3504 vm_fault_t ret;
3505 struct kbase_device *kbdev;
3506 struct memory_group_manager_device *mgm_dev;
3507
3508 /* Few sanity checks up front */
3509 if (!queue || (nr_pages != BASEP_QUEUE_NR_MMAP_USER_PAGES) ||
3510 (vma->vm_pgoff != queue->db_file_offset)) {
3511 pr_warn("Unexpected CPU page fault on User IO pages mapping for process %s tgid %d pid %d\n",
3512 current->comm, current->tgid, current->pid);
3513 return VM_FAULT_SIGBUS;
3514 }
3515
3516 kbdev = queue->kctx->kbdev;
3517 mgm_dev = kbdev->mgm_dev;
3518
3519 mutex_lock(&kbdev->csf.reg_lock);
3520
3521 /* Always map the doorbell page as uncached */
3522 doorbell_pgprot = pgprot_device(vma->vm_page_prot);
3523
3524 if (kbdev->system_coherency == COHERENCY_NONE) {
3525 input_page_pgprot = pgprot_writecombine(vma->vm_page_prot);
3526 output_page_pgprot = pgprot_writecombine(vma->vm_page_prot);
3527 } else {
3528 input_page_pgprot = vma->vm_page_prot;
3529 output_page_pgprot = vma->vm_page_prot;
3530 }
3531
3532 doorbell_cpu_addr = vma->vm_start;
3533
3534 #if KERNEL_VERSION(4, 10, 0) > LINUX_VERSION_CODE
3535 if ((unsigned long)vmf->virtual_address == doorbell_cpu_addr) {
3536 #else
3537 if (vmf->address == doorbell_cpu_addr) {
3538 #endif
3539 doorbell_page_pfn = get_queue_doorbell_pfn(kbdev, queue);
3540 ret = mgm_dev->ops.mgm_vmf_insert_pfn_prot(mgm_dev,
3541 KBASE_MEM_GROUP_CSF_IO, vma, doorbell_cpu_addr,
3542 doorbell_page_pfn, doorbell_pgprot);
3543 } else {
3544 /* Map the Input page */
3545 input_cpu_addr = doorbell_cpu_addr + PAGE_SIZE;
3546 input_page_pfn = PFN_DOWN(as_phys_addr_t(queue->phys[0]));
3547 ret = mgm_dev->ops.mgm_vmf_insert_pfn_prot(mgm_dev,
3548 KBASE_MEM_GROUP_CSF_IO, vma, input_cpu_addr,
3549 input_page_pfn, input_page_pgprot);
3550 if (ret != VM_FAULT_NOPAGE)
3551 goto exit;
3552
3553 /* Map the Output page */
3554 output_cpu_addr = input_cpu_addr + PAGE_SIZE;
3555 output_page_pfn = PFN_DOWN(as_phys_addr_t(queue->phys[1]));
3556 ret = mgm_dev->ops.mgm_vmf_insert_pfn_prot(mgm_dev,
3557 KBASE_MEM_GROUP_CSF_IO, vma, output_cpu_addr,
3558 output_page_pfn, output_page_pgprot);
3559 }
3560
3561 exit:
3562 mutex_unlock(&kbdev->csf.reg_lock);
3563 return ret;
3564 }
3565
3566 static const struct vm_operations_struct kbase_csf_user_io_pages_vm_ops = {
3567 .open = kbase_csf_user_io_pages_vm_open,
3568 .close = kbase_csf_user_io_pages_vm_close,
3569 #if KERNEL_VERSION(5, 11, 0) <= LINUX_VERSION_CODE
3570 .may_split = kbase_csf_user_io_pages_vm_split,
3571 #else
3572 .split = kbase_csf_user_io_pages_vm_split,
3573 #endif
3574 .mremap = kbase_csf_user_io_pages_vm_mremap,
3575 .fault = kbase_csf_user_io_pages_vm_fault
3576 };
3577
3578 /* Program the client process's page table entries to map the pair of
3579 * input/output pages & Hw doorbell page. The caller should have validated that
3580 * vma->vm_pgoff maps to the range of csf cookies.
3581 */
3582 static int kbase_csf_cpu_mmap_user_io_pages(struct kbase_context *kctx,
3583 struct vm_area_struct *vma)
3584 {
3585 unsigned long cookie =
3586 vma->vm_pgoff - PFN_DOWN(BASEP_MEM_CSF_USER_IO_PAGES_HANDLE);
3587 size_t nr_pages = vma_pages(vma);
3588 struct kbase_queue *queue;
3589 int err = 0;
3590
3591 lockdep_assert_held(&kctx->csf.lock);
3592
3593 queue = kctx->csf.user_pages_info[cookie];
3594
3595 /* Looks like the bind has been aborted */
3596 if (!queue)
3597 return -EINVAL;
3598
3599 if (WARN_ON(test_bit(cookie, kctx->csf.cookies)))
3600 return -EINVAL;
3601
3602 /* no need for the cookie anymore */
3603 kctx->csf.user_pages_info[cookie] = NULL;
3604 bitmap_set(kctx->csf.cookies, cookie, 1);
3605
3606 /* Reset the handle to avoid (re)freeing the cookie (which can
3607 * now get re-assigned) on unbind.
3608 */
3609 queue->handle = BASEP_MEM_INVALID_HANDLE;
3610
3611 if (nr_pages != BASEP_QUEUE_NR_MMAP_USER_PAGES) {
3612 err = -EINVAL;
3613 goto map_failed;
3614 }
3615
3616 err = kbase_csf_alloc_command_stream_user_pages(kctx, queue);
3617 if (err)
3618 goto map_failed;
3619
3620 vma->vm_flags |= VM_DONTCOPY | VM_DONTDUMP | VM_DONTEXPAND | VM_IO;
3621 /* TODO use VM_MIXEDMAP, since it is more appropriate as both types of
3622 * memory with and without "struct page" backing are being inserted here.
3623 * Hw Doorbell pages comes from the device register area so kernel does
3624 * not use "struct page" for them.
3625 */
3626 vma->vm_flags |= VM_PFNMAP;
3627
3628 vma->vm_ops = &kbase_csf_user_io_pages_vm_ops;
3629 vma->vm_private_data = queue;
3630
3631 /* Make vma point to the special internal file, but don't drop the
3632 * reference on mali device file (that would be done later when the
3633 * vma is closed).
3634 */
3635 vma->vm_file = kctx->kbdev->csf.db_filp;
3636 get_file(vma->vm_file);
3637 /* Also adjust the vm_pgoff */
3638 vma->vm_pgoff = queue->db_file_offset;
3639
3640 return 0;
3641
3642 map_failed:
3643 /* The queue cannot have got to KBASE_CSF_QUEUE_BOUND state if we
3644 * reached here, so safe to use a variant of unbind that only works on
3645 * stopped queues
3646 *
3647 * This is so we don't enter the CSF scheduler from this path.
3648 */
3649 kbase_csf_queue_unbind_stopped(queue);
3650
3651 return err;
3652 }
3653
3654 /**
3655 * kbase_csf_user_reg_vm_open - VMA open function for the USER page
3656 *
3657 * @vma: Pointer to the struct containing information about
3658 * the userspace mapping of USER page.
3659 * Note:
3660 * This function isn't expected to be called. If called (i.e> mremap),
3661 * set private_data as NULL to indicate to close() and fault() functions.
3662 */
3663 static void kbase_csf_user_reg_vm_open(struct vm_area_struct *vma)
3664 {
3665 pr_debug("Unexpected call to the open method for USER register mapping");
3666 vma->vm_private_data = NULL;
3667 }
3668
3669 /**
3670 * kbase_csf_user_reg_vm_close - VMA close function for the USER page
3671 *
3672 * @vma: Pointer to the struct containing information about
3673 * the userspace mapping of USER page.
3674 */
3675 static void kbase_csf_user_reg_vm_close(struct vm_area_struct *vma)
3676 {
3677 struct kbase_context *kctx = vma->vm_private_data;
3678 struct kbase_device *kbdev;
3679
3680 if (unlikely(!kctx)) {
3681 pr_debug("Close function called for the unexpected mapping");
3682 return;
3683 }
3684
3685 kbdev = kctx->kbdev;
3686
3687 if (unlikely(!kctx->csf.user_reg.vma))
3688 dev_warn(kbdev->dev, "user_reg VMA pointer unexpectedly NULL for ctx %d_%d",
3689 kctx->tgid, kctx->id);
3690
3691 mutex_lock(&kbdev->csf.reg_lock);
3692 list_del_init(&kctx->csf.user_reg.link);
3693 mutex_unlock(&kbdev->csf.reg_lock);
3694
3695 kctx->csf.user_reg.vma = NULL;
3696
3697 /* Now as the VMA is closed, drop the reference on mali device file */
3698 fput(kctx->filp);
3699 }
3700
3701 /**
3702 * kbase_csf_user_reg_vm_mremap - VMA mremap function for the USER page
3703 *
3704 * @vma: Pointer to the struct containing information about
3705 * the userspace mapping of USER page.
3706 *
3707 * Return: -EINVAL
3708 *
3709 * Note:
3710 * User space must not attempt mremap on USER page mapping.
3711 * This function will return an error to fail the attempt.
3712 */
3713 static int
3714 #if ((KERNEL_VERSION(5, 13, 0) <= LINUX_VERSION_CODE) || \
3715 (KERNEL_VERSION(5, 11, 0) > LINUX_VERSION_CODE))
3716 kbase_csf_user_reg_vm_mremap(struct vm_area_struct *vma)
3717 #else
3718 kbase_csf_user_reg_vm_mremap(struct vm_area_struct *vma, unsigned long flags)
3719 #endif
3720 {
3721 pr_debug("Unexpected call to mremap method for USER page mapping vma\n");
3722 return -EINVAL;
3723 }
3724
3725 #if (KERNEL_VERSION(4, 11, 0) > LINUX_VERSION_CODE)
3726 static vm_fault_t kbase_csf_user_reg_vm_fault(struct vm_area_struct *vma,
3727 struct vm_fault *vmf)
3728 {
3729 #else
3730 static vm_fault_t kbase_csf_user_reg_vm_fault(struct vm_fault *vmf)
3731 {
3732 struct vm_area_struct *vma = vmf->vma;
3733 #endif
3734 struct kbase_context *kctx = vma->vm_private_data;
3735 struct kbase_device *kbdev;
3736 struct memory_group_manager_device *mgm_dev;
3737 unsigned long pfn;
3738 size_t nr_pages = PFN_DOWN(vma->vm_end - vma->vm_start);
3739 vm_fault_t ret = VM_FAULT_SIGBUS;
3740 unsigned long flags;
3741
3742 /* Few sanity checks up front */
3743
3744 if (!kctx || (nr_pages != 1) || (vma != kctx->csf.user_reg.vma) ||
3745 (vma->vm_pgoff != kctx->csf.user_reg.file_offset)) {
3746 pr_err("Unexpected CPU page fault on USER page mapping for process %s tgid %d pid %d\n",
3747 current->comm, current->tgid, current->pid);
3748 return VM_FAULT_SIGBUS;
3749 }
3750
3751 kbdev = kctx->kbdev;
3752 mgm_dev = kbdev->mgm_dev;
3753 pfn = PFN_DOWN(kbdev->reg_start + USER_BASE);
3754
3755 mutex_lock(&kbdev->csf.reg_lock);
3756
3757 spin_lock_irqsave(&kbdev->hwaccess_lock, flags);
3758 /* Dummy page will be mapped during GPU off.
3759 *
3760 * In no mail builds, always map in the dummy page.
3761 */
3762 if (IS_ENABLED(CONFIG_MALI_BIFROST_NO_MALI) || !kbdev->pm.backend.gpu_powered)
3763 pfn = PFN_DOWN(as_phys_addr_t(kbdev->csf.user_reg.dummy_page));
3764 spin_unlock_irqrestore(&kbdev->hwaccess_lock, flags);
3765
3766 list_move_tail(&kctx->csf.user_reg.link, &kbdev->csf.user_reg.list);
3767 ret = mgm_dev->ops.mgm_vmf_insert_pfn_prot(mgm_dev,
3768 KBASE_MEM_GROUP_CSF_FW, vma,
3769 vma->vm_start, pfn,
3770 vma->vm_page_prot);
3771
3772 mutex_unlock(&kbdev->csf.reg_lock);
3773
3774 return ret;
3775 }
3776
3777 static const struct vm_operations_struct kbase_csf_user_reg_vm_ops = {
3778 .open = kbase_csf_user_reg_vm_open,
3779 .close = kbase_csf_user_reg_vm_close,
3780 .mremap = kbase_csf_user_reg_vm_mremap,
3781 .fault = kbase_csf_user_reg_vm_fault
3782 };
3783
3784 static int kbase_csf_cpu_mmap_user_reg_page(struct kbase_context *kctx,
3785 struct vm_area_struct *vma)
3786 {
3787 size_t nr_pages = PFN_DOWN(vma->vm_end - vma->vm_start);
3788 struct kbase_device *kbdev = kctx->kbdev;
3789
3790 /* Few sanity checks */
3791 if (kctx->csf.user_reg.vma)
3792 return -EBUSY;
3793
3794 if (nr_pages != 1)
3795 return -EINVAL;
3796
3797 if (vma->vm_flags & (VM_WRITE | VM_MAYWRITE))
3798 return -EPERM;
3799
3800 /* Map uncached */
3801 vma->vm_page_prot = pgprot_device(vma->vm_page_prot);
3802
3803 vma->vm_flags |= VM_DONTCOPY | VM_DONTDUMP | VM_DONTEXPAND | VM_IO;
3804
3805 /* User register page comes from the device register area so
3806 * "struct page" isn't available for it.
3807 */
3808 vma->vm_flags |= VM_PFNMAP;
3809
3810 kctx->csf.user_reg.vma = vma;
3811
3812 mutex_lock(&kbdev->csf.reg_lock);
3813 kctx->csf.user_reg.file_offset = kbdev->csf.user_reg.file_offset++;
3814 mutex_unlock(&kbdev->csf.reg_lock);
3815
3816 /* Make VMA point to the special internal file, but don't drop the
3817 * reference on mali device file (that would be done later when the
3818 * VMA is closed).
3819 */
3820 vma->vm_file = kctx->kbdev->csf.user_reg.filp;
3821 get_file(vma->vm_file);
3822
3823 /* Also adjust the vm_pgoff */
3824 vma->vm_pgoff = kctx->csf.user_reg.file_offset;
3825 vma->vm_ops = &kbase_csf_user_reg_vm_ops;
3826 vma->vm_private_data = kctx;
3827
3828 return 0;
3829 }
3830
3831 #endif /* MALI_USE_CSF */
3832