[PATCH v2] drm/gem: Fix mmap fake offset handling for drm_gem_object_funcs.mmap

Thomas Zimmermann tzimmermann at suse.de
Tue Nov 12 09:49:21 UTC 2019 

Hi

Am 12.11.19 um 10:32 schrieb Daniel Vetter:
> On Tue, Nov 12, 2019 at 10:26:44AM +0100, Thomas Zimmermann wrote:
>> Hi
>>
>> Am 08.11.19 um 17:27 schrieb Daniel Vetter:
>>> On Fri, Oct 25, 2019 at 09:30:42AM +0200, Daniel Vetter wrote:
>>>> On Thu, Oct 24, 2019 at 02:18:59PM -0500, Rob Herring wrote:
>>>>> Commit c40069cb7bd6 ("drm: add mmap() to drm_gem_object_funcs")
>>>>> introduced a GEM object mmap() hook which is expected to subtract the
>>>>> fake offset from vm_pgoff. However, for mmap() on dmabufs, there is not
>>>>> a fake offset.
>>>>>
>>>>> To fix this, let's always call mmap() object callback with an offset of 0,
>>>>> and leave it up to drm_gem_mmap_obj() to remove the fake offset.
>>>>>
>>>>> TTM still needs the fake offset, so we have to add it back until that's
>>>>> fixed.
>>>>>
>>>>> Fixes: c40069cb7bd6 ("drm: add mmap() to drm_gem_object_funcs")
>>>>> Cc: Gerd Hoffmann <kraxel at redhat.com>
>>>>> Cc: Daniel Vetter <daniel.vetter at ffwll.ch>
>>>>> Signed-off-by: Rob Herring <robh at kernel.org>
>>>>> ---
>>>>> v2:
>>>>> - Move subtracting the fake offset out of mmap() obj callbacks.
>>>>>
>>>>> I've tested shmem, but not ttm. Hopefully, I understood what's needed 
>>>>> for TTM.
>>>
>>> So unfortunately I'm already having regrets on this. We might even have
>>> broken some of the ttm drivers here.
>>>
>>> Trouble is, if you need to shoot down userspace ptes of a bo (because it's
>>> getting moved or whatever), then we do that with unmap_mapping_range.
>>> Which means each bo needs to be mapping with a unique (offset,
>>> adress_space), or it won't work. By remapping all the bo to 0 we've broken
>>> this. We've also had this broken this for a while for the simplistic
>>> dma-buf mmap, since without any further action we'll reuse the address
>>> space of the dma-buf inode, not of the drm_device.
>>>
>>> Strangely both etnaviv and msm have a comment to that effect - grep for
>>> unmap_mapping_range. But neither actually uses it.
>>>
>>> Not exactly sure what's the best course of action here now.
>>>
>>> Also adding Thomas Zimmermann, who's worked on all the vram helpers.
>>
>> VRAM helpers use drm_gem_ttm_mmap(), which wraps ttm_bo_mmap_obj().
>> These changes should be transparent.
> 
> There's still the issue that for dma-buf mmap vs drm mmap you use
> different f_mapping, which means ttm's pte shootdown won't work correctly
> for dma-buf mmaps. But yeah normal operation for ttm/vram helpers should
> be fine.

VRAM helpers don't support dmabufs.

Best regards
Thomas

> -Daniel
> 
>>
>> Best regards
>> Thomas
>>
>>> -Daniel
>>>
>>>>>
>>>>> Rob
>>>>>
>>>>>  drivers/gpu/drm/drm_gem.c              | 3 +++
>>>>>  drivers/gpu/drm/drm_gem_shmem_helper.c | 3 ---
>>>>>  drivers/gpu/drm/ttm/ttm_bo_vm.c        | 7 +++++++
>>>>>  include/drm/drm_gem.h                  | 4 +++-
>>>>>  4 files changed, 13 insertions(+), 4 deletions(-)
>>>>>
>>>>> diff --git a/drivers/gpu/drm/drm_gem.c b/drivers/gpu/drm/drm_gem.c
>>>>> index 56f42e0f2584..2f2b889096b0 100644
>>>>> --- a/drivers/gpu/drm/drm_gem.c
>>>>> +++ b/drivers/gpu/drm/drm_gem.c
>>>>> @@ -1106,6 +1106,9 @@ int drm_gem_mmap_obj(struct drm_gem_object *obj, unsigned long obj_size,
>>>>>  		return -EINVAL;
>>>>>  
>>>>>  	if (obj->funcs && obj->funcs->mmap) {
>>>>> +		/* Remove the fake offset */
>>>>> +		vma->vm_pgoff -= drm_vma_node_start(&obj->vma_node);
>>>>> +
>>>>>  		ret = obj->funcs->mmap(obj, vma);
>>>>>  		if (ret)
>>>>>  			return ret;
>>>>> diff --git a/drivers/gpu/drm/drm_gem_shmem_helper.c b/drivers/gpu/drm/drm_gem_shmem_helper.c
>>>>> index a878c787b867..e8061c64c480 100644
>>>>> --- a/drivers/gpu/drm/drm_gem_shmem_helper.c
>>>>> +++ b/drivers/gpu/drm/drm_gem_shmem_helper.c
>>>>> @@ -542,9 +542,6 @@ int drm_gem_shmem_mmap(struct drm_gem_object *obj, struct vm_area_struct *vma)
>>>>>  	vma->vm_page_prot = pgprot_decrypted(vma->vm_page_prot);
>>>>>  	vma->vm_ops = &drm_gem_shmem_vm_ops;
>>>>>  
>>>>> -	/* Remove the fake offset */
>>>>> -	vma->vm_pgoff -= drm_vma_node_start(&shmem->base.vma_node);
>>>>> -
>>>>>  	return 0;
>>>>>  }
>>>>>  EXPORT_SYMBOL_GPL(drm_gem_shmem_mmap);
>>>>> diff --git a/drivers/gpu/drm/ttm/ttm_bo_vm.c b/drivers/gpu/drm/ttm/ttm_bo_vm.c
>>>>> index 1a9db691f954..08902c7290a5 100644
>>>>> --- a/drivers/gpu/drm/ttm/ttm_bo_vm.c
>>>>> +++ b/drivers/gpu/drm/ttm/ttm_bo_vm.c
>>>>> @@ -482,6 +482,13 @@ EXPORT_SYMBOL(ttm_bo_mmap);
>>>>>  int ttm_bo_mmap_obj(struct vm_area_struct *vma, struct ttm_buffer_object *bo)
>>>>>  {
>>>>>  	ttm_bo_get(bo);
>>>>> +
>>>>> +	/*
>>>>> +	 * FIXME: &drm_gem_object_funcs.mmap is called with the fake offset
>>>>> +	 * removed. Add it back here until the rest of TTM works without it.
>>>>> +	 */
>>>>> +	vma->vm_pgoff += drm_vma_node_start(&bo->base.vma_node);
>>>>> +
>>>>>  	ttm_bo_mmap_vma_setup(bo, vma);
>>>>>  	return 0;
>>>>>  }
>>>>> diff --git a/include/drm/drm_gem.h b/include/drm/drm_gem.h
>>>>> index e71f75a2ab57..c56cbb3509e0 100644
>>>>> --- a/include/drm/drm_gem.h
>>>>> +++ b/include/drm/drm_gem.h
>>>>> @@ -159,7 +159,9 @@ struct drm_gem_object_funcs {
>>>>>  	 *
>>>>>  	 * The callback is used by by both drm_gem_mmap_obj() and
>>>>>  	 * drm_gem_prime_mmap().  When @mmap is present @vm_ops is not
>>>>> -	 * used, the @mmap callback must set vma->vm_ops instead.
>>>>> +	 * used, the @mmap callback must set vma->vm_ops instead. The @mmap
>>>>> +	 * callback is always called with a 0 offset. The caller will remove
>>>>> +	 * the fake offset as necessary.
>>>>>  	 *
>>>>
>>>> Maybe remove this empty comment line here while at it. With that
>>>>
>>>> Reviewed-by: Daniel Vetter <daniel.vetter at ffwll.ch>
>>>>
>>>> I think I'll follow up with a patch to annotate drm_gem_mmap_obj as
>>>> deprecated and that instead this here should be used.
>>>> -Daniel
>>>>
>>>>>  	 */
>>>>>  	int (*mmap)(struct drm_gem_object *obj, struct vm_area_struct *vma);
>>>>> -- 
>>>>> 2.20.1
>>>>>
>>>>
>>>> -- 
>>>> Daniel Vetter
>>>> Software Engineer, Intel Corporation
>>>> http://blog.ffwll.ch
>>>
>>
>> -- 
>> Thomas Zimmermann
>> Graphics Driver Developer
>> SUSE Software Solutions Germany GmbH
>> Maxfeldstr. 5, 90409 Nürnberg, Germany
>> (HRB 36809, AG Nürnberg)
>> Geschäftsführer: Felix Imendörffer
>>
> 
> 
> 
> 

-- 
Thomas Zimmermann
Graphics Driver Developer
SUSE Software Solutions Germany GmbH
Maxfeldstr. 5, 90409 Nürnberg, Germany
(HRB 36809, AG Nürnberg)
Geschäftsführer: Felix Imendörffer

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.freedesktop.org/archives/dri-devel/attachments/20191112/ddcafcd6/attachment.sig>

More information about the dri-devel mailing list