1. 09 10月, 2013 1 次提交
    • D
      drm: move drm_lastclose() to drm_fops.c · 1c8887dd
      David Herrmann 提交于
      Try to keep all functions that handle DRM file_operations in drm_fops.c
      so internal helpers can be marked static later.
      
      This makes the split between the 3 core files more obvious:
       - drm_stub.c: DRM device allocation/destruction and management
       - drm_fops.c: DRM file_operations (except for ioctl)
       - drm_drv.c: Global DRM init + ioctl handling
      Well, ioctl handling is still spread throughout hundreds of source files,
      but at least the others are clearly defined this way.
      Signed-off-by: NDavid Herrmann <dh.herrmann@gmail.com>
      Signed-off-by: NDave Airlie <airlied@redhat.com>
      1c8887dd
  2. 20 9月, 2013 1 次提交
  3. 30 8月, 2013 1 次提交
    • D
      drm: implement experimental render nodes · 1793126f
      David Herrmann 提交于
      Render nodes provide an API for userspace to use non-privileged GPU
      commands without any running DRM-Master. It is useful for offscreen
      rendering, GPGPU clients, and normal render clients which do not perform
      modesetting.
      
      Compared to legacy clients, render clients no longer need any
      authentication to perform client ioctls. Instead, user-space controls
      render/client access to GPUs via filesystem access-modes on the
      render-node. Once a render-node was opened, a client has full access to
      the client/render operations on the GPU. However, no modesetting or ioctls
      that affect global state are allowed on render nodes.
      
      To prevent privilege-escalation, drivers must explicitly state that they
      support render nodes. They must mark their render-only ioctls as
      DRM_RENDER_ALLOW so render clients can use them. Furthermore, they must
      support clients without any attached master.
      
      If filesystem access-modes are not enough for fine-grained access control
      to render nodes (very unlikely, considering the versaitlity of FS-ACLs),
      you may still fall-back to fd-passing from server to client (which allows
      arbitrary access-control). However, note that revoking access is
      currently impossible and unlikely to get implemented.
      
      Note: Render clients no longer have any associated DRM-Master as they are
      supposed to be independent of any server state. DRM core highly depends on
      file_priv->master to be non-NULL for modesetting/ctx/etc. commands.
      Therefore, drivers must be very careful to not require DRM-Master if they
      support DRIVER_RENDER.
      
      So far render-nodes are protected by "drm_rnodes". As long as this
      module-parameter is not set to 1, a driver will not create render nodes.
      This allows us to experiment with the API a bit before we stabilize it.
      
      v2: drop insecure GEM_FLINK to force use of dmabuf
      Signed-off-by: NDavid Herrmann <dh.herrmann@gmail.com>
      Signed-off-by: NDave Airlie <airlied@redhat.com>
      1793126f
  4. 29 8月, 2013 1 次提交
  5. 21 8月, 2013 1 次提交
    • D
      drm/prime: proper locking+refcounting for obj->dma_buf link · 319c933c
      Daniel Vetter 提交于
      The export dma-buf cache is semantically similar to an flink name. So
      semantically it makes sense to treat it the same and remove the name
      (i.e. the dma_buf pointer) and its references when the last gem handle
      disappears.
      
      Again we need to be careful, but double so: Not just could someone
      race and export with a gem close ioctl (so we need to recheck
      obj->handle_count again when assigning the new name), but multiple
      exports can also race against each another. This is prevented by
      holding the dev->object_name_lock across the entire section which
      touches obj->dma_buf.
      
      With the new scheme we also need to reinstate the obj->dma_buf link at
      import time (in case the only reference userspace has held in-between
      was through the dma-buf fd and not through any native gem handle). For
      simplicity we don't check whether it's a native object but
      unconditionally set up that link - with the new scheme of removing the
      obj->dma_buf reference when the last handle disappears we can do that.
      
      To make it clear that this is not just for exported buffers anymore
      als rename it from export_dma_buf to dma_buf.
      
      To make sure that now one can race a fd_to_handle or handle_to_fd with
      gem_close we use the same tricks as in flink of extending the
      dev->object_name_locking critical section. With this change we finally
      have a guaranteed 1:1 relationship (at least for native objects)
      between gem objects and dma-bufs, even accounting for races (which can
      happen since the dma-buf itself holds a reference while in-flight).
      
      This prevent igt/prime_self_import/export-vs-gem_close-race from
      Oopsing the kernel. There is still a leak though since the per-file
      priv dma-buf/handle cache handling is racy. That will be fixed in a
      later patch.
      
      v2: Remove the bogus dma_buf_put from the export_and_register_object
      failure path if we've raced with the handle count dropping to 0.
      Signed-off-by: NDaniel Vetter <daniel.vetter@ffwll.ch>
      Signed-off-by: NDave Airlie <airlied@redhat.com>
      319c933c
  6. 19 8月, 2013 5 次提交
    • D
      drm: move dev data clearing from drm_setup to lastclose · f336ab76
      Daniel Vetter 提交于
      We kzalloc this structure, and for real kms devices we should never
      loose track of things really.
      
      But ums/legacy drivers rely on the drm core to clean up a bit of cruft
      between lastclose and firstopen (i.e. when X is being restarted), so
      keep this around. But give it a clear drm_legacy_ prefix and
      conditionalize the code on !DRIVER_MODESET.
      
      Cc: David Herrmann <dh.herrmann@gmail.com>
      Signed-off-by: NDaniel Vetter <daniel.vetter@ffwll.ch>
      Reviewed-by: NDavid Herrmann <dh.herrmann@gmail.com>
      Signed-off-by: NDave Airlie <airlied@redhat.com>
      f336ab76
    • D
      drm: don't call ->firstopen for KMS drivers · 7d14bb6b
      Daniel Vetter 提交于
      It has way too much potential for driver writers to do stupid things
      like delayed hw setup because the load sequence is somehow racy (e.g.
      the imx driver in staging). So don't call it for modesetting drivers,
      which reduces the complexity of the drm core -> driver interface a
      notch.
      
      v2: Don't forget to update DocBook.
      
      v3: Go with Laurent's slightly more elaborate proposal for the DocBook
      update. Add a few words on top of his diff to elaborate a bit on what
      KMS drivers should and shouldn't do in lastclose. There was already a
      paragraph present talking about restoring properties, I've simply
      extended that one.
      
      Cc: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
      Acked-by: NLaurent Pinchart <laurent.pinchart@ideasonboard.com>
      Signed-off-by: NDaniel Vetter <daniel.vetter@ffwll.ch>
      Signed-off-by: NDave Airlie <airlied@redhat.com>
      7d14bb6b
    • D
      drm: remove FASYNC support · b0e898ac
      Daniel Vetter 提交于
      So I've stumbled over drm_fasync and wondered what it does. Digging
      that up is quite a story.
      
      First I've had to read up on what this does and ended up being rather
      bewildered why peopled loved signals so much back in the days that
      they've created SIGIO just for that ...
      
      Then I wondered how this ever works, and what that strange "No-op."
      comment right above it should mean. After all calling the core fasync
      helper is pretty obviously not a noop. After reading through the
      kernels FASYNC implementation I've noticed that signals are only sent
      out to the processes attached with FASYNC by calling kill_fasync.
      
      No merged drm driver has ever done that.
      
      After more digging I've found out that the only driver that ever used
      this is the so called GAMMA driver. I've frankly never heard of such a
      gpu brand ever before. Now FASYNC seems to not have been the only bad
      thing with that driver, since Dave Airlie removed it from the drm
      driver with prejudice:
      
      commit 1430163b4bbf7b00367ea1066c1c5fe85dbeefed
      Author: Dave Airlie <airlied@linux.ie>
      Date:   Sun Aug 29 12:04:35 2004 +0000
      
          Drop GAMMA DRM from a great height ...
      
      Long story short, the drm fasync support seems to be doing absolutely
      nothing. And the only user of it was never merged into the upstream
      kernel. And we don't need any fops->fasync callback since the fcntl
      implementation in the kernel already implements the noop case
      correctly.
      
      So stop this particular cargo-cult and rip it all out.
      
      v2: Kill drm_fasync assignments in rcar (newly added) and imx drivers
      (somehow I've missed that one in staging). Also drop the reference in
      the drm DocBook. ARM compile-fail reported by Rob Clark.
      
      v3: Move the removal of dev->buf_asnyc assignment in drm_setup to this
      patch here.
      
      v4: Actually git add ... tsk.
      
      Cc: Dave Airlie <airlied@linux.ie>
      Cc: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
      Cc: Rob Clark <robdclark@gmail.com>
      Acked-by: NLaurent Pinchart <laurent.pinchart@ideasonboard.com>
      Signed-off-by: NDaniel Vetter <daniel.vetter@ffwll.ch>
      Reviewed-by: NDavid Herrmann <dh.herrmann@gmail.com>
      Signed-off-by: NDave Airlie <airlied@redhat.com>
      b0e898ac
    • D
      drm: mark context support as a legacy subsystem · 7c510133
      Daniel Vetter 提交于
      So after a lot of digging around in git histories it looks like this
      has only ever be used by dri1 render clients. Hence we can fully
      disable the entire thing for modesetting drivers and so greatly reduce
      the attack surface for potential exploits (or at least tools like
      trinity ...).
      
      Also add the drm_legacy prefix for functions which are called from
      common code. To further reduce the impact on common code also extract
      all the ctx release handling into a function (instead of only
      releasing individual handles) and make ctxbitmap_cleanup return void -
      it can never fail.
      Reviewed-by: NEric Anholt <eric@anholt.net>
      Signed-off-by: NDaniel Vetter <daniel.vetter@ffwll.ch>
      Signed-off-by: NDave Airlie <airlied@redhat.com>
      7c510133
    • D
      drm: mark dma setup/teardown as legacy systems · e2e99a82
      Daniel Vetter 提交于
      And hide the checks a bit better. This was already disallowed for
      modesetting drivers, so no functinal change here.
      Reviewed-by: NEric Anholt <eric@anholt.net>
      Signed-off-by: NDaniel Vetter <daniel.vetter@ffwll.ch>
      Signed-off-by: NDave Airlie <airlied@redhat.com>
      e2e99a82
  7. 23 7月, 2013 6 次提交
  8. 04 7月, 2013 1 次提交
  9. 03 4月, 2013 1 次提交
  10. 21 1月, 2013 1 次提交
    • D
      drm: revamp locking around fb creation/destruction · 4b096ac1
      Daniel Vetter 提交于
      Well, at least step 1. The goal here is that framebuffer objects can
      survive outside of the mode_config lock, with just a reference held
      as protection. The first step to get there is to introduce a special
      fb_lock which protects fb lookup, creation and destruction, to make
      them appear atomic.
      
      This new fb_lock can nest within the mode_config lock. But the idea is
      (once the reference counting part is completed) that we only quickly
      take that fb_lock to lookup a framebuffer and grab a reference,
      without any other locks involved.
      
      vmwgfx is the only driver which does framebuffer lookups itself, also
      wrap those calls to drm_mode_object_find with the new lock.
      
      Also protect the fb_list walking in i915 and omapdrm with the new lock.
      
      As a slight complication there's also the list of user-created fbs
      attached to the file private. The problem now is that at fclose() time
      we need to walk that list, eventually do a modeset call to remove the
      fb from active usage (and are required to be able to take the
      mode_config lock), but in the end we need to grab the new fb_lock to
      remove the fb from the list. The easiest solution is to add another
      mutex to protect this per-file list.
      
      Currently that new fbs_lock nests within the modeset locks and so
      appears redudant. But later patches will switch around this sequence
      so that taking the modeset locks in the fb destruction path is
      optional in the fastpath. Ultimately the goal is that addfb and rmfb
      do not require the mode_config lock, since otherwise they have the
      potential to introduce stalls in the pageflip sequence of a compositor
      (if the compositor e.g. switches to a fullscreen client or if it
      enables a plane). But that requires a few more steps and hoops to jump
      through.
      
      Note that framebuffer creation/destruction is now double-protected -
      once by the fb_lock and in parts by the idr_lock. The later would be
      unnecessariy if framebuffers would have their own idr allocator. But
      that's material for another patch (series).
      
      v2: Properly initialize the fb->filp_head list in _init, otherwise the
      newly added WARN to check whether the fb isn't on a fpriv list any
      more will fail for driver-private objects.
      
      v3: Fixup two error-case unlock bugs spotted by Richard Wilbur.
      Reviewed-by: NRob Clark <rob@ti.com>
      Signed-off-by: NDaniel Vetter <daniel.vetter@ffwll.ch>
      4b096ac1
  11. 07 11月, 2012 2 次提交
  12. 03 10月, 2012 1 次提交
  13. 14 9月, 2012 1 次提交
  14. 25 7月, 2012 1 次提交
    • I
      drm: track dev_mapping in more robust and flexible way · 949c4a34
      Ilija Hadzic 提交于
      Setting dev_mapping (pointer to the address_space structure
      used for memory mappings) to the address_space of the first
      opener's inode and then failing if other openers come in
      through a different inode has a few restrictions that are
      eliminated by this patch.
      
      If we already have valid dev_mapping and we spot an opener
      with different i_node, we force its i_mapping pointer to the
      already established address_space structure (first opener's
      inode). This will make all mappings from drm device hang off
      the same address_space object.
      
      Some benefits (things that now work and didn't work
      before) of this patch are:
      
       * user space can mknod and use any number of device
         nodes and they will all work fine as long as the major
         device number is that of the drm module.
       * user space can even remove the first opener's device
         nodes and mknod the new one and the applications and
         windowing system will still work.
       * GPU drivers can safely assume that dev->dev_mapping is
         correct address_space and just blindly copy it
         into their (private) bdev.dev_mapping
      
      For reference, some discussion that lead to this patch can
      be found here:
      
      http://lists.freedesktop.org/archives/dri-devel/2012-April/022283.htmlSigned-off-by: NIlija Hadzic <ihadzic@research.bell-labs.com>
      Signed-off-by: NDave Airlie <airlied@redhat.com>
      949c4a34
  15. 20 7月, 2012 5 次提交
  16. 19 4月, 2012 1 次提交
  17. 30 3月, 2012 1 次提交
  18. 15 3月, 2012 1 次提交
    • D
      drm: add core support for unplugging a device (v2) · 2c07a21d
      Dave Airlie 提交于
      Two parts to this, one is simple unplug from sysfs for the device node.
      
      The second adds an unplugged state, if we have device opens, we
      just set the unplugged state and return, if we have no device
      opens we drop the drm device.
      
      If after a lastclose we discover we are unplugged we then
      drop the drm device.
      
      v2: use an atomic for unplugged and wrap it for users,
      add checks on open + mmap + ioctl entry points.
      Signed-off-by: NDave Airlie <airlied@redhat.com>
      2c07a21d
  19. 25 1月, 2012 1 次提交
  20. 11 11月, 2011 1 次提交
    • A
      drm: Make the per-driver file_operations struct const · e08e96de
      Arjan van de Ven 提交于
      From fdf1fdebaa00f81de18c227f32f8074c8b352d50 Mon Sep 17 00:00:00 2001
      From: Arjan van de Ven <arjan@linux.intel.com>
      Date: Sun, 30 Oct 2011 19:06:07 -0700
      Subject: [PATCH] drm: Make the per-driver file_operations struct const
      
      The DRM layer keeps a copy of struct file_operations inside its
      big driver struct... which prevents it from being consistent and static.
      For consistency (and the general security objective of having such things
      static), it's desirable to get this fixed.
      
      This patch splits out the file_operations field to its own struct,
      which is then "static const", and just stick a pointer to this into
      the driver struct, making it more consistent with how the rest of the
      kernel does this.
      Signed-off-by: NArjan van de Ven <arjan@linux.intel.com>
      Signed-off-by: NDave Airlie <airlied@redhat.com>
      e08e96de
  21. 01 11月, 2011 1 次提交
  22. 05 1月, 2011 1 次提交
  23. 18 11月, 2010 1 次提交
  24. 27 8月, 2010 1 次提交
  25. 12 8月, 2010 1 次提交
    • C
      drm: Remove count_lock for calling lastclose() after 58474713 (v2) · 1a72d65d
      Chris Wilson 提交于
      When removing of the BKL the locking around lastclose() was rearranged
      and resulted in the holding of the open_count spinlock over the call
      into drm_lastclose(). The drivers were not ready for this path to be
      atomic - it may indeed involve long waits to release old objects and
      cleanup the GPU - and so we ended up scheduling whilst atomic.
      
      [   54.625598] BUG: scheduling while atomic: X/3546/0x00000002
      [   54.625600] Modules linked in: sco bridge stp llc input_polldev rfcomm bnep l2cap crc16 sch_sfq ipv6 md_mod acpi_cpufreq mperf cryptd aes_x86_64 aes_generic xts gf128mul dm_crypt dm_mod btusb bluetooth usbhid hid zaurus cdc_ether usbnet mii cdc_wdm cdc_acm uvcvideo videodev v4l1_compat v4l2_compat_ioctl32 snd_hda_codec_conexant arc4 pcmcia ecb snd_hda_intel joydev sdhci_pci sdhci snd_hda_codec tpm_tis firewire_ohci mmc_core e1000e uhci_hcd thinkpad_acpi nvram yenta_socket pcmcia_rsrc pcmcia_core tpm wmi sr_mod firewire_core iwlagn ehci_hcd snd_hwdep snd_pcm usbcore tpm_bios thermal led_class snd_timer iwlcore snd soundcore ac snd_page_alloc pcspkr psmouse serio_raw battery sg mac80211 evdev cfg80211 i2c_i801 iTCO_wdt iTCO_vendor_support cdrom processor crc_itu_t rfkill xfs exportfs sd_mod crc_t10dif ahci libahci libata scsi_mod [last unloaded: scsi_wait_scan]
      [   54.625663] Pid: 3546, comm: X Not tainted 2.6.35-04771-g17879857 #301
      [   54.625665] Call Trace:
      [   54.625671]  [<ffffffff8102d599>] __schedule_bug+0x57/0x5c
      [   54.625675]  [<ffffffff81384141>] schedule+0xe5/0x832
      [   54.625679]  [<ffffffff81163e77>] ? put_dec+0x20/0x3c
      [   54.625682]  [<ffffffff81384dd4>] schedule_timeout+0x275/0x29f
      [   54.625686]  [<ffffffff810455e1>] ? process_timeout+0x0/0xb
      [   54.625688]  [<ffffffff81384e17>] schedule_timeout_uninterruptible+0x19/0x1b
      [   54.625691]  [<ffffffff81045893>] msleep+0x16/0x1d
      [   54.625695]  [<ffffffff812a2e53>] i9xx_crtc_dpms+0x273/0x2ae
      [   54.625698]  [<ffffffff812a18be>] intel_crtc_dpms+0x28/0xe7
      [   54.625702]  [<ffffffff811ec0fa>] drm_helper_disable_unused_functions+0xf0/0x118
      [   54.625705]  [<ffffffff811ecde3>] drm_crtc_helper_set_config+0x644/0x7c8
      [   54.625708]  [<ffffffff811f12dd>] ? drm_copy_field+0x40/0x50
      [   54.625711]  [<ffffffff811ebca2>] drm_fb_helper_force_kernel_mode+0x3e/0x85
      [   54.625713]  [<ffffffff811ebcf2>] drm_fb_helper_restore+0x9/0x24
      [   54.625717]  [<ffffffff81290a41>] i915_driver_lastclose+0x2b/0x5c
      [   54.625720]  [<ffffffff811f14a7>] drm_lastclose+0x44/0x2ad
      [   54.625722]  [<ffffffff811f1ed2>] drm_release+0x5c6/0x609
      [   54.625726]  [<ffffffff810d1275>] fput+0x109/0x1c7
      [   54.625728]  [<ffffffff810ce5e4>] filp_close+0x61/0x6b
      [   54.625731]  [<ffffffff810ce680>] sys_close+0x92/0xd4
      [   54.625734]  [<ffffffff81002a2b>] system_call_fastpath+0x16/0x1b
      
      v2: The spinlock is actually superfluous as access to open_count is
      entirely serialised by drm_global_mutex and so can be dropped. The
      count_lock spinlock instead appears to be used to protect access to
      dev->buf_alloc and dev->buf_use.
      Signed-off-by: NChris Wilson <chris@chris-wilson.co.uk>
      Signed-off-by: NDave Airlie <airlied@redhat.com>
      1a72d65d
  26. 05 8月, 2010 1 次提交
    • A
      drm: kill BKL from common code · 58374713
      Arnd Bergmann 提交于
      This restricts the use of the big kernel lock to the i830 and i810
      device drivers. The three remaining users in common code (open, ioctl
      and release) get converted to a new mutex, the drm_global_mutex,
      making the locking stricter than the big kernel lock.
      
      This may have a performance impact, but only in those cases that
      currently don't use DRM_UNLOCKED flag in the ioctl list and would
      benefit from that anyway.
      
      The reason why i810 and i830 cannot use drm_global_mutex in their
      mmap functions is a lock-order inversion problem between the current
      use of the BKL and mmap_sem in these drivers. Since the BKL has
      release-on-sleep semantics, it's harmless but it would cause trouble
      if we replace the BKL with a mutex.
      
      Instead, these drivers get their own ioctl wrappers that take the
      BKL around every ioctl call and then set their own handlers as
      DRM_UNLOCKED.
      Signed-off-by: NArnd Bergmann <arnd@arndb.de>
      Cc: David Airlie <airlied@linux.ie>
      Cc: dri-devel@lists.freedesktop.org
      Signed-off-by: NDave Airlie <airlied@redhat.com>
      58374713