• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * Support for Medifield PNW Camera Imaging ISP subsystem.
4  *
5  * Copyright (c) 2010 Intel Corporation. All Rights Reserved.
6  *
7  * Copyright (c) 2010 Silicon Hive www.siliconhive.com.
8  *
9  * This program is free software; you can redistribute it and/or
10  * modify it under the terms of the GNU General Public License version
11  * 2 as published by the Free Software Foundation.
12  *
13  * This program is distributed in the hope that it will be useful,
14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16  * GNU General Public License for more details.
17  *
18  *
19  */
20 /*
21  * This file contains functions for buffer object structure management
22  */
23 #include <linux/kernel.h>
24 #include <linux/types.h>
25 #include <linux/gfp.h>		/* for GFP_ATOMIC */
26 #include <linux/mm.h>
27 #include <linux/mm_types.h>
28 #include <linux/hugetlb.h>
29 #include <linux/highmem.h>
30 #include <linux/slab.h>		/* for kmalloc */
31 #include <linux/module.h>
32 #include <linux/moduleparam.h>
33 #include <linux/string.h>
34 #include <linux/list.h>
35 #include <linux/errno.h>
36 #include <linux/io.h>
37 #include <asm/current.h>
38 #include <linux/sched/signal.h>
39 #include <linux/file.h>
40 
41 #include <asm/set_memory.h>
42 
43 #include "atomisp_internal.h"
44 #include "hmm/hmm_common.h"
45 #include "hmm/hmm_pool.h"
46 #include "hmm/hmm_bo.h"
47 
order_to_nr(unsigned int order)48 static unsigned int order_to_nr(unsigned int order)
49 {
50 	return 1U << order;
51 }
52 
nr_to_order_bottom(unsigned int nr)53 static unsigned int nr_to_order_bottom(unsigned int nr)
54 {
55 	return fls(nr) - 1;
56 }
57 
__bo_init(struct hmm_bo_device * bdev,struct hmm_buffer_object * bo,unsigned int pgnr)58 static int __bo_init(struct hmm_bo_device *bdev, struct hmm_buffer_object *bo,
59 		     unsigned int pgnr)
60 {
61 	check_bodev_null_return(bdev, -EINVAL);
62 	var_equal_return(hmm_bo_device_inited(bdev), 0, -EINVAL,
63 			 "hmm_bo_device not inited yet.\n");
64 	/* prevent zero size buffer object */
65 	if (pgnr == 0) {
66 		dev_err(atomisp_dev, "0 size buffer is not allowed.\n");
67 		return -EINVAL;
68 	}
69 
70 	memset(bo, 0, sizeof(*bo));
71 	mutex_init(&bo->mutex);
72 
73 	/* init the bo->list HEAD as an element of entire_bo_list */
74 	INIT_LIST_HEAD(&bo->list);
75 
76 	bo->bdev = bdev;
77 	bo->vmap_addr = NULL;
78 	bo->status = HMM_BO_FREE;
79 	bo->start = bdev->start;
80 	bo->pgnr = pgnr;
81 	bo->end = bo->start + pgnr_to_size(pgnr);
82 	bo->prev = NULL;
83 	bo->next = NULL;
84 
85 	return 0;
86 }
87 
__bo_search_and_remove_from_free_rbtree(struct rb_node * node,unsigned int pgnr)88 static struct hmm_buffer_object *__bo_search_and_remove_from_free_rbtree(
89     struct rb_node *node, unsigned int pgnr)
90 {
91 	struct hmm_buffer_object *this, *ret_bo, *temp_bo;
92 
93 	this = rb_entry(node, struct hmm_buffer_object, node);
94 	if (this->pgnr == pgnr ||
95 	    (this->pgnr > pgnr && !this->node.rb_left)) {
96 		goto remove_bo_and_return;
97 	} else {
98 		if (this->pgnr < pgnr) {
99 			if (!this->node.rb_right)
100 				return NULL;
101 			ret_bo = __bo_search_and_remove_from_free_rbtree(
102 				     this->node.rb_right, pgnr);
103 		} else {
104 			ret_bo = __bo_search_and_remove_from_free_rbtree(
105 				     this->node.rb_left, pgnr);
106 		}
107 		if (!ret_bo) {
108 			if (this->pgnr > pgnr)
109 				goto remove_bo_and_return;
110 			else
111 				return NULL;
112 		}
113 		return ret_bo;
114 	}
115 
116 remove_bo_and_return:
117 	/* NOTE: All nodes on free rbtree have a 'prev' that points to NULL.
118 	 * 1. check if 'this->next' is NULL:
119 	 *	yes: erase 'this' node and rebalance rbtree, return 'this'.
120 	 */
121 	if (!this->next) {
122 		rb_erase(&this->node, &this->bdev->free_rbtree);
123 		return this;
124 	}
125 	/* NOTE: if 'this->next' is not NULL, always return 'this->next' bo.
126 	 * 2. check if 'this->next->next' is NULL:
127 	 *	yes: change the related 'next/prev' pointer,
128 	 *		return 'this->next' but the rbtree stays unchanged.
129 	 */
130 	temp_bo = this->next;
131 	this->next = temp_bo->next;
132 	if (temp_bo->next)
133 		temp_bo->next->prev = this;
134 	temp_bo->next = NULL;
135 	temp_bo->prev = NULL;
136 	return temp_bo;
137 }
138 
__bo_search_by_addr(struct rb_root * root,ia_css_ptr start)139 static struct hmm_buffer_object *__bo_search_by_addr(struct rb_root *root,
140 	ia_css_ptr start)
141 {
142 	struct rb_node *n = root->rb_node;
143 	struct hmm_buffer_object *bo;
144 
145 	do {
146 		bo = rb_entry(n, struct hmm_buffer_object, node);
147 
148 		if (bo->start > start) {
149 			if (!n->rb_left)
150 				return NULL;
151 			n = n->rb_left;
152 		} else if (bo->start < start) {
153 			if (!n->rb_right)
154 				return NULL;
155 			n = n->rb_right;
156 		} else {
157 			return bo;
158 		}
159 	} while (n);
160 
161 	return NULL;
162 }
163 
__bo_search_by_addr_in_range(struct rb_root * root,unsigned int start)164 static struct hmm_buffer_object *__bo_search_by_addr_in_range(
165     struct rb_root *root, unsigned int start)
166 {
167 	struct rb_node *n = root->rb_node;
168 	struct hmm_buffer_object *bo;
169 
170 	do {
171 		bo = rb_entry(n, struct hmm_buffer_object, node);
172 
173 		if (bo->start > start) {
174 			if (!n->rb_left)
175 				return NULL;
176 			n = n->rb_left;
177 		} else {
178 			if (bo->end > start)
179 				return bo;
180 			if (!n->rb_right)
181 				return NULL;
182 			n = n->rb_right;
183 		}
184 	} while (n);
185 
186 	return NULL;
187 }
188 
__bo_insert_to_free_rbtree(struct rb_root * root,struct hmm_buffer_object * bo)189 static void __bo_insert_to_free_rbtree(struct rb_root *root,
190 				       struct hmm_buffer_object *bo)
191 {
192 	struct rb_node **new = &root->rb_node;
193 	struct rb_node *parent = NULL;
194 	struct hmm_buffer_object *this;
195 	unsigned int pgnr = bo->pgnr;
196 
197 	while (*new) {
198 		parent = *new;
199 		this = container_of(*new, struct hmm_buffer_object, node);
200 
201 		if (pgnr < this->pgnr) {
202 			new = &((*new)->rb_left);
203 		} else if (pgnr > this->pgnr) {
204 			new = &((*new)->rb_right);
205 		} else {
206 			bo->prev = this;
207 			bo->next = this->next;
208 			if (this->next)
209 				this->next->prev = bo;
210 			this->next = bo;
211 			bo->status = (bo->status & ~HMM_BO_MASK) | HMM_BO_FREE;
212 			return;
213 		}
214 	}
215 
216 	bo->status = (bo->status & ~HMM_BO_MASK) | HMM_BO_FREE;
217 
218 	rb_link_node(&bo->node, parent, new);
219 	rb_insert_color(&bo->node, root);
220 }
221 
__bo_insert_to_alloc_rbtree(struct rb_root * root,struct hmm_buffer_object * bo)222 static void __bo_insert_to_alloc_rbtree(struct rb_root *root,
223 					struct hmm_buffer_object *bo)
224 {
225 	struct rb_node **new = &root->rb_node;
226 	struct rb_node *parent = NULL;
227 	struct hmm_buffer_object *this;
228 	unsigned int start = bo->start;
229 
230 	while (*new) {
231 		parent = *new;
232 		this = container_of(*new, struct hmm_buffer_object, node);
233 
234 		if (start < this->start)
235 			new = &((*new)->rb_left);
236 		else
237 			new = &((*new)->rb_right);
238 	}
239 
240 	kref_init(&bo->kref);
241 	bo->status = (bo->status & ~HMM_BO_MASK) | HMM_BO_ALLOCED;
242 
243 	rb_link_node(&bo->node, parent, new);
244 	rb_insert_color(&bo->node, root);
245 }
246 
__bo_break_up(struct hmm_bo_device * bdev,struct hmm_buffer_object * bo,unsigned int pgnr)247 static struct hmm_buffer_object *__bo_break_up(struct hmm_bo_device *bdev,
248 	struct hmm_buffer_object *bo,
249 	unsigned int pgnr)
250 {
251 	struct hmm_buffer_object *new_bo;
252 	unsigned long flags;
253 	int ret;
254 
255 	new_bo = kmem_cache_alloc(bdev->bo_cache, GFP_KERNEL);
256 	if (!new_bo) {
257 		dev_err(atomisp_dev, "%s: __bo_alloc failed!\n", __func__);
258 		return NULL;
259 	}
260 	ret = __bo_init(bdev, new_bo, pgnr);
261 	if (ret) {
262 		dev_err(atomisp_dev, "%s: __bo_init failed!\n", __func__);
263 		kmem_cache_free(bdev->bo_cache, new_bo);
264 		return NULL;
265 	}
266 
267 	new_bo->start = bo->start;
268 	new_bo->end = new_bo->start + pgnr_to_size(pgnr);
269 	bo->start = new_bo->end;
270 	bo->pgnr = bo->pgnr - pgnr;
271 
272 	spin_lock_irqsave(&bdev->list_lock, flags);
273 	list_add_tail(&new_bo->list, &bo->list);
274 	spin_unlock_irqrestore(&bdev->list_lock, flags);
275 
276 	return new_bo;
277 }
278 
__bo_take_off_handling(struct hmm_buffer_object * bo)279 static void __bo_take_off_handling(struct hmm_buffer_object *bo)
280 {
281 	struct hmm_bo_device *bdev = bo->bdev;
282 	/* There are 4 situations when we take off a known bo from free rbtree:
283 	 * 1. if bo->next && bo->prev == NULL, bo is a rbtree node
284 	 *	and does not have a linked list after bo, to take off this bo,
285 	 *	we just need erase bo directly and rebalance the free rbtree
286 	 */
287 	if (!bo->prev && !bo->next) {
288 		rb_erase(&bo->node, &bdev->free_rbtree);
289 		/* 2. when bo->next != NULL && bo->prev == NULL, bo is a rbtree node,
290 		 *	and has a linked list,to take off this bo we need erase bo
291 		 *	first, then, insert bo->next into free rbtree and rebalance
292 		 *	the free rbtree
293 		 */
294 	} else if (!bo->prev && bo->next) {
295 		bo->next->prev = NULL;
296 		rb_erase(&bo->node, &bdev->free_rbtree);
297 		__bo_insert_to_free_rbtree(&bdev->free_rbtree, bo->next);
298 		bo->next = NULL;
299 		/* 3. when bo->prev != NULL && bo->next == NULL, bo is not a rbtree
300 		 *	node, bo is the last element of the linked list after rbtree
301 		 *	node, to take off this bo, we just need set the "prev/next"
302 		 *	pointers to NULL, the free rbtree stays unchaged
303 		 */
304 	} else if (bo->prev && !bo->next) {
305 		bo->prev->next = NULL;
306 		bo->prev = NULL;
307 		/* 4. when bo->prev != NULL && bo->next != NULL ,bo is not a rbtree
308 		 *	node, bo is in the middle of the linked list after rbtree node,
309 		 *	to take off this bo, we just set take the "prev/next" pointers
310 		 *	to NULL, the free rbtree stays unchaged
311 		 */
312 	} else if (bo->prev && bo->next) {
313 		bo->next->prev = bo->prev;
314 		bo->prev->next = bo->next;
315 		bo->next = NULL;
316 		bo->prev = NULL;
317 	}
318 }
319 
__bo_merge(struct hmm_buffer_object * bo,struct hmm_buffer_object * next_bo)320 static struct hmm_buffer_object *__bo_merge(struct hmm_buffer_object *bo,
321 	struct hmm_buffer_object *next_bo)
322 {
323 	struct hmm_bo_device *bdev;
324 	unsigned long flags;
325 
326 	bdev = bo->bdev;
327 	next_bo->start = bo->start;
328 	next_bo->pgnr = next_bo->pgnr + bo->pgnr;
329 
330 	spin_lock_irqsave(&bdev->list_lock, flags);
331 	list_del(&bo->list);
332 	spin_unlock_irqrestore(&bdev->list_lock, flags);
333 
334 	kmem_cache_free(bo->bdev->bo_cache, bo);
335 
336 	return next_bo;
337 }
338 
339 /*
340  * hmm_bo_device functions.
341  */
hmm_bo_device_init(struct hmm_bo_device * bdev,struct isp_mmu_client * mmu_driver,unsigned int vaddr_start,unsigned int size)342 int hmm_bo_device_init(struct hmm_bo_device *bdev,
343 		       struct isp_mmu_client *mmu_driver,
344 		       unsigned int vaddr_start,
345 		       unsigned int size)
346 {
347 	struct hmm_buffer_object *bo;
348 	unsigned long flags;
349 	int ret;
350 
351 	check_bodev_null_return(bdev, -EINVAL);
352 
353 	ret = isp_mmu_init(&bdev->mmu, mmu_driver);
354 	if (ret) {
355 		dev_err(atomisp_dev, "isp_mmu_init failed.\n");
356 		return ret;
357 	}
358 
359 	bdev->start = vaddr_start;
360 	bdev->pgnr = size_to_pgnr_ceil(size);
361 	bdev->size = pgnr_to_size(bdev->pgnr);
362 
363 	spin_lock_init(&bdev->list_lock);
364 	mutex_init(&bdev->rbtree_mutex);
365 
366 	bdev->flag = HMM_BO_DEVICE_INITED;
367 
368 	INIT_LIST_HEAD(&bdev->entire_bo_list);
369 	bdev->allocated_rbtree = RB_ROOT;
370 	bdev->free_rbtree = RB_ROOT;
371 
372 	bdev->bo_cache = kmem_cache_create("bo_cache",
373 					   sizeof(struct hmm_buffer_object), 0, 0, NULL);
374 	if (!bdev->bo_cache) {
375 		dev_err(atomisp_dev, "%s: create cache failed!\n", __func__);
376 		isp_mmu_exit(&bdev->mmu);
377 		return -ENOMEM;
378 	}
379 
380 	bo = kmem_cache_alloc(bdev->bo_cache, GFP_KERNEL);
381 	if (!bo) {
382 		dev_err(atomisp_dev, "%s: __bo_alloc failed!\n", __func__);
383 		isp_mmu_exit(&bdev->mmu);
384 		return -ENOMEM;
385 	}
386 
387 	ret = __bo_init(bdev, bo, bdev->pgnr);
388 	if (ret) {
389 		dev_err(atomisp_dev, "%s: __bo_init failed!\n", __func__);
390 		kmem_cache_free(bdev->bo_cache, bo);
391 		isp_mmu_exit(&bdev->mmu);
392 		return -EINVAL;
393 	}
394 
395 	spin_lock_irqsave(&bdev->list_lock, flags);
396 	list_add_tail(&bo->list, &bdev->entire_bo_list);
397 	spin_unlock_irqrestore(&bdev->list_lock, flags);
398 
399 	__bo_insert_to_free_rbtree(&bdev->free_rbtree, bo);
400 
401 	return 0;
402 }
403 
hmm_bo_alloc(struct hmm_bo_device * bdev,unsigned int pgnr)404 struct hmm_buffer_object *hmm_bo_alloc(struct hmm_bo_device *bdev,
405 				       unsigned int pgnr)
406 {
407 	struct hmm_buffer_object *bo, *new_bo;
408 	struct rb_root *root = &bdev->free_rbtree;
409 
410 	check_bodev_null_return(bdev, NULL);
411 	var_equal_return(hmm_bo_device_inited(bdev), 0, NULL,
412 			 "hmm_bo_device not inited yet.\n");
413 
414 	if (pgnr == 0) {
415 		dev_err(atomisp_dev, "0 size buffer is not allowed.\n");
416 		return NULL;
417 	}
418 
419 	mutex_lock(&bdev->rbtree_mutex);
420 	bo = __bo_search_and_remove_from_free_rbtree(root->rb_node, pgnr);
421 	if (!bo) {
422 		mutex_unlock(&bdev->rbtree_mutex);
423 		dev_err(atomisp_dev, "%s: Out of Memory! hmm_bo_alloc failed",
424 			__func__);
425 		return NULL;
426 	}
427 
428 	if (bo->pgnr > pgnr) {
429 		new_bo = __bo_break_up(bdev, bo, pgnr);
430 		if (!new_bo) {
431 			mutex_unlock(&bdev->rbtree_mutex);
432 			dev_err(atomisp_dev, "%s: __bo_break_up failed!\n",
433 				__func__);
434 			return NULL;
435 		}
436 
437 		__bo_insert_to_alloc_rbtree(&bdev->allocated_rbtree, new_bo);
438 		__bo_insert_to_free_rbtree(&bdev->free_rbtree, bo);
439 
440 		mutex_unlock(&bdev->rbtree_mutex);
441 		return new_bo;
442 	}
443 
444 	__bo_insert_to_alloc_rbtree(&bdev->allocated_rbtree, bo);
445 
446 	mutex_unlock(&bdev->rbtree_mutex);
447 	return bo;
448 }
449 
hmm_bo_release(struct hmm_buffer_object * bo)450 void hmm_bo_release(struct hmm_buffer_object *bo)
451 {
452 	struct hmm_bo_device *bdev = bo->bdev;
453 	struct hmm_buffer_object *next_bo, *prev_bo;
454 
455 	mutex_lock(&bdev->rbtree_mutex);
456 
457 	/*
458 	 * FIX ME:
459 	 *
460 	 * how to destroy the bo when it is stilled MMAPED?
461 	 *
462 	 * ideally, this will not happened as hmm_bo_release
463 	 * will only be called when kref reaches 0, and in mmap
464 	 * operation the hmm_bo_ref will eventually be called.
465 	 * so, if this happened, something goes wrong.
466 	 */
467 	if (bo->status & HMM_BO_MMAPED) {
468 		mutex_unlock(&bdev->rbtree_mutex);
469 		dev_dbg(atomisp_dev, "destroy bo which is MMAPED, do nothing\n");
470 		return;
471 	}
472 
473 	if (bo->status & HMM_BO_BINDED) {
474 		dev_warn(atomisp_dev, "the bo is still binded, unbind it first...\n");
475 		hmm_bo_unbind(bo);
476 	}
477 
478 	if (bo->status & HMM_BO_PAGE_ALLOCED) {
479 		dev_warn(atomisp_dev, "the pages is not freed, free pages first\n");
480 		hmm_bo_free_pages(bo);
481 	}
482 	if (bo->status & HMM_BO_VMAPED || bo->status & HMM_BO_VMAPED_CACHED) {
483 		dev_warn(atomisp_dev, "the vunmap is not done, do it...\n");
484 		hmm_bo_vunmap(bo);
485 	}
486 
487 	rb_erase(&bo->node, &bdev->allocated_rbtree);
488 
489 	prev_bo = list_entry(bo->list.prev, struct hmm_buffer_object, list);
490 	next_bo = list_entry(bo->list.next, struct hmm_buffer_object, list);
491 
492 	if (bo->list.prev != &bdev->entire_bo_list &&
493 	    prev_bo->end == bo->start &&
494 	    (prev_bo->status & HMM_BO_MASK) == HMM_BO_FREE) {
495 		__bo_take_off_handling(prev_bo);
496 		bo = __bo_merge(prev_bo, bo);
497 	}
498 
499 	if (bo->list.next != &bdev->entire_bo_list &&
500 	    next_bo->start == bo->end &&
501 	    (next_bo->status & HMM_BO_MASK) == HMM_BO_FREE) {
502 		__bo_take_off_handling(next_bo);
503 		bo = __bo_merge(bo, next_bo);
504 	}
505 
506 	__bo_insert_to_free_rbtree(&bdev->free_rbtree, bo);
507 
508 	mutex_unlock(&bdev->rbtree_mutex);
509 	return;
510 }
511 
hmm_bo_device_exit(struct hmm_bo_device * bdev)512 void hmm_bo_device_exit(struct hmm_bo_device *bdev)
513 {
514 	struct hmm_buffer_object *bo;
515 	unsigned long flags;
516 
517 	dev_dbg(atomisp_dev, "%s: entering!\n", __func__);
518 
519 	check_bodev_null_return_void(bdev);
520 
521 	/*
522 	 * release all allocated bos even they a in use
523 	 * and all bos will be merged into a big bo
524 	 */
525 	while (!RB_EMPTY_ROOT(&bdev->allocated_rbtree))
526 		hmm_bo_release(
527 		    rbtree_node_to_hmm_bo(bdev->allocated_rbtree.rb_node));
528 
529 	dev_dbg(atomisp_dev, "%s: finished releasing all allocated bos!\n",
530 		__func__);
531 
532 	/* free all bos to release all ISP virtual memory */
533 	while (!list_empty(&bdev->entire_bo_list)) {
534 		bo = list_to_hmm_bo(bdev->entire_bo_list.next);
535 
536 		spin_lock_irqsave(&bdev->list_lock, flags);
537 		list_del(&bo->list);
538 		spin_unlock_irqrestore(&bdev->list_lock, flags);
539 
540 		kmem_cache_free(bdev->bo_cache, bo);
541 	}
542 
543 	dev_dbg(atomisp_dev, "%s: finished to free all bos!\n", __func__);
544 
545 	kmem_cache_destroy(bdev->bo_cache);
546 
547 	isp_mmu_exit(&bdev->mmu);
548 }
549 
hmm_bo_device_inited(struct hmm_bo_device * bdev)550 int hmm_bo_device_inited(struct hmm_bo_device *bdev)
551 {
552 	check_bodev_null_return(bdev, -EINVAL);
553 
554 	return bdev->flag == HMM_BO_DEVICE_INITED;
555 }
556 
hmm_bo_allocated(struct hmm_buffer_object * bo)557 int hmm_bo_allocated(struct hmm_buffer_object *bo)
558 {
559 	check_bo_null_return(bo, 0);
560 
561 	return bo->status & HMM_BO_ALLOCED;
562 }
563 
hmm_bo_device_search_start(struct hmm_bo_device * bdev,ia_css_ptr vaddr)564 struct hmm_buffer_object *hmm_bo_device_search_start(
565     struct hmm_bo_device *bdev, ia_css_ptr vaddr)
566 {
567 	struct hmm_buffer_object *bo;
568 
569 	check_bodev_null_return(bdev, NULL);
570 
571 	mutex_lock(&bdev->rbtree_mutex);
572 	bo = __bo_search_by_addr(&bdev->allocated_rbtree, vaddr);
573 	if (!bo) {
574 		mutex_unlock(&bdev->rbtree_mutex);
575 		dev_err(atomisp_dev, "%s can not find bo with addr: 0x%x\n",
576 			__func__, vaddr);
577 		return NULL;
578 	}
579 	mutex_unlock(&bdev->rbtree_mutex);
580 
581 	return bo;
582 }
583 
hmm_bo_device_search_in_range(struct hmm_bo_device * bdev,unsigned int vaddr)584 struct hmm_buffer_object *hmm_bo_device_search_in_range(
585     struct hmm_bo_device *bdev, unsigned int vaddr)
586 {
587 	struct hmm_buffer_object *bo;
588 
589 	check_bodev_null_return(bdev, NULL);
590 
591 	mutex_lock(&bdev->rbtree_mutex);
592 	bo = __bo_search_by_addr_in_range(&bdev->allocated_rbtree, vaddr);
593 	if (!bo) {
594 		mutex_unlock(&bdev->rbtree_mutex);
595 		dev_err(atomisp_dev, "%s can not find bo contain addr: 0x%x\n",
596 			__func__, vaddr);
597 		return NULL;
598 	}
599 	mutex_unlock(&bdev->rbtree_mutex);
600 
601 	return bo;
602 }
603 
hmm_bo_device_search_vmap_start(struct hmm_bo_device * bdev,const void * vaddr)604 struct hmm_buffer_object *hmm_bo_device_search_vmap_start(
605     struct hmm_bo_device *bdev, const void *vaddr)
606 {
607 	struct list_head *pos;
608 	struct hmm_buffer_object *bo;
609 	unsigned long flags;
610 
611 	check_bodev_null_return(bdev, NULL);
612 
613 	spin_lock_irqsave(&bdev->list_lock, flags);
614 	list_for_each(pos, &bdev->entire_bo_list) {
615 		bo = list_to_hmm_bo(pos);
616 		/* pass bo which has no vm_node allocated */
617 		if ((bo->status & HMM_BO_MASK) == HMM_BO_FREE)
618 			continue;
619 		if (bo->vmap_addr == vaddr)
620 			goto found;
621 	}
622 	spin_unlock_irqrestore(&bdev->list_lock, flags);
623 	return NULL;
624 found:
625 	spin_unlock_irqrestore(&bdev->list_lock, flags);
626 	return bo;
627 }
628 
free_private_bo_pages(struct hmm_buffer_object * bo,struct hmm_pool * dypool,struct hmm_pool * repool,int free_pgnr)629 static void free_private_bo_pages(struct hmm_buffer_object *bo,
630 				  struct hmm_pool *dypool,
631 				  struct hmm_pool *repool,
632 				  int free_pgnr)
633 {
634 	int i, ret;
635 
636 	for (i = 0; i < free_pgnr; i++) {
637 		switch (bo->page_obj[i].type) {
638 		case HMM_PAGE_TYPE_RESERVED:
639 			if (repool->pops
640 			    && repool->pops->pool_free_pages) {
641 				repool->pops->pool_free_pages(repool->pool_info,
642 							      &bo->page_obj[i]);
643 				hmm_mem_stat.res_cnt--;
644 			}
645 			break;
646 		/*
647 		 * HMM_PAGE_TYPE_GENERAL indicates that pages are from system
648 		 * memory, so when free them, they should be put into dynamic
649 		 * pool.
650 		 */
651 		case HMM_PAGE_TYPE_DYNAMIC:
652 		case HMM_PAGE_TYPE_GENERAL:
653 			if (dypool->pops
654 			    && dypool->pops->pool_inited
655 			    && dypool->pops->pool_inited(dypool->pool_info)) {
656 				if (dypool->pops->pool_free_pages)
657 					dypool->pops->pool_free_pages(
658 					    dypool->pool_info,
659 					    &bo->page_obj[i]);
660 				break;
661 			}
662 
663 			fallthrough;
664 
665 		/*
666 		 * if dynamic memory pool doesn't exist, need to free
667 		 * pages to system directly.
668 		 */
669 		default:
670 			ret = set_pages_wb(bo->page_obj[i].page, 1);
671 			if (ret)
672 				dev_err(atomisp_dev,
673 					"set page to WB err ...ret = %d\n",
674 					ret);
675 			/*
676 			W/A: set_pages_wb seldom return value = -EFAULT
677 			indicate that address of page is not in valid
678 			range(0xffff880000000000~0xffffc7ffffffffff)
679 			then, _free_pages would panic; Do not know why page
680 			address be valid,it maybe memory corruption by lowmemory
681 			*/
682 			if (!ret) {
683 				__free_pages(bo->page_obj[i].page, 0);
684 				hmm_mem_stat.sys_size--;
685 			}
686 			break;
687 		}
688 	}
689 
690 	return;
691 }
692 
693 /*Allocate pages which will be used only by ISP*/
alloc_private_pages(struct hmm_buffer_object * bo,int from_highmem,bool cached,struct hmm_pool * dypool,struct hmm_pool * repool)694 static int alloc_private_pages(struct hmm_buffer_object *bo,
695 			       int from_highmem,
696 			       bool cached,
697 			       struct hmm_pool *dypool,
698 			       struct hmm_pool *repool)
699 {
700 	int ret;
701 	unsigned int pgnr, order, blk_pgnr, alloc_pgnr;
702 	struct page *pages;
703 	gfp_t gfp = GFP_NOWAIT | __GFP_NOWARN; /* REVISIT: need __GFP_FS too? */
704 	int i, j;
705 	int failure_number = 0;
706 	bool reduce_order = false;
707 	bool lack_mem = true;
708 
709 	if (from_highmem)
710 		gfp |= __GFP_HIGHMEM;
711 
712 	pgnr = bo->pgnr;
713 
714 	bo->page_obj = kmalloc_array(pgnr, sizeof(struct hmm_page_object),
715 				     GFP_KERNEL);
716 	if (unlikely(!bo->page_obj))
717 		return -ENOMEM;
718 
719 	i = 0;
720 	alloc_pgnr = 0;
721 
722 	/*
723 	 * get physical pages from dynamic pages pool.
724 	 */
725 	if (dypool->pops && dypool->pops->pool_alloc_pages) {
726 		alloc_pgnr = dypool->pops->pool_alloc_pages(dypool->pool_info,
727 			     bo->page_obj, pgnr,
728 			     cached);
729 		hmm_mem_stat.dyc_size -= alloc_pgnr;
730 
731 		if (alloc_pgnr == pgnr)
732 			return 0;
733 	}
734 
735 	pgnr -= alloc_pgnr;
736 	i += alloc_pgnr;
737 
738 	/*
739 	 * get physical pages from reserved pages pool for atomisp.
740 	 */
741 	if (repool->pops && repool->pops->pool_alloc_pages) {
742 		alloc_pgnr = repool->pops->pool_alloc_pages(repool->pool_info,
743 			     &bo->page_obj[i], pgnr,
744 			     cached);
745 		hmm_mem_stat.res_cnt += alloc_pgnr;
746 		if (alloc_pgnr == pgnr)
747 			return 0;
748 	}
749 
750 	pgnr -= alloc_pgnr;
751 	i += alloc_pgnr;
752 
753 	while (pgnr) {
754 		order = nr_to_order_bottom(pgnr);
755 		/*
756 		 * if be short of memory, we will set order to 0
757 		 * everytime.
758 		 */
759 		if (lack_mem)
760 			order = HMM_MIN_ORDER;
761 		else if (order > HMM_MAX_ORDER)
762 			order = HMM_MAX_ORDER;
763 retry:
764 		/*
765 		 * When order > HMM_MIN_ORDER, for performance reasons we don't
766 		 * want alloc_pages() to sleep. In case it fails and fallbacks
767 		 * to HMM_MIN_ORDER or in case the requested order is originally
768 		 * the minimum value, we can allow alloc_pages() to sleep for
769 		 * robustness purpose.
770 		 *
771 		 * REVISIT: why __GFP_FS is necessary?
772 		 */
773 		if (order == HMM_MIN_ORDER) {
774 			gfp &= ~GFP_NOWAIT;
775 			gfp |= __GFP_RECLAIM | __GFP_FS;
776 		}
777 
778 		pages = alloc_pages(gfp, order);
779 		if (unlikely(!pages)) {
780 			/*
781 			 * in low memory case, if allocation page fails,
782 			 * we turn to try if order=0 allocation could
783 			 * succeed. if order=0 fails too, that means there is
784 			 * no memory left.
785 			 */
786 			if (order == HMM_MIN_ORDER) {
787 				dev_err(atomisp_dev,
788 					"%s: cannot allocate pages\n",
789 					__func__);
790 				goto cleanup;
791 			}
792 			order = HMM_MIN_ORDER;
793 			failure_number++;
794 			reduce_order = true;
795 			/*
796 			 * if fail two times continuously, we think be short
797 			 * of memory now.
798 			 */
799 			if (failure_number == 2) {
800 				lack_mem = true;
801 				failure_number = 0;
802 			}
803 			goto retry;
804 		} else {
805 			blk_pgnr = order_to_nr(order);
806 
807 			if (!cached) {
808 				/*
809 				 * set memory to uncacheable -- UC_MINUS
810 				 */
811 				ret = set_pages_uc(pages, blk_pgnr);
812 				if (ret) {
813 					dev_err(atomisp_dev,
814 						"set page uncacheablefailed.\n");
815 
816 					__free_pages(pages, order);
817 
818 					goto cleanup;
819 				}
820 			}
821 
822 			for (j = 0; j < blk_pgnr; j++) {
823 				bo->page_obj[i].page = pages + j;
824 				bo->page_obj[i++].type = HMM_PAGE_TYPE_GENERAL;
825 			}
826 
827 			pgnr -= blk_pgnr;
828 			hmm_mem_stat.sys_size += blk_pgnr;
829 
830 			/*
831 			 * if order is not reduced this time, clear
832 			 * failure_number.
833 			 */
834 			if (reduce_order)
835 				reduce_order = false;
836 			else
837 				failure_number = 0;
838 		}
839 	}
840 
841 	return 0;
842 cleanup:
843 	alloc_pgnr = i;
844 	free_private_bo_pages(bo, dypool, repool, alloc_pgnr);
845 
846 	kfree(bo->page_obj);
847 
848 	return -ENOMEM;
849 }
850 
free_private_pages(struct hmm_buffer_object * bo,struct hmm_pool * dypool,struct hmm_pool * repool)851 static void free_private_pages(struct hmm_buffer_object *bo,
852 			       struct hmm_pool *dypool,
853 			       struct hmm_pool *repool)
854 {
855 	free_private_bo_pages(bo, dypool, repool, bo->pgnr);
856 
857 	kfree(bo->page_obj);
858 }
859 
free_user_pages(struct hmm_buffer_object * bo,unsigned int page_nr)860 static void free_user_pages(struct hmm_buffer_object *bo,
861 			    unsigned int page_nr)
862 {
863 	int i;
864 
865 	hmm_mem_stat.usr_size -= bo->pgnr;
866 
867 	if (bo->mem_type == HMM_BO_MEM_TYPE_PFN) {
868 		unpin_user_pages(bo->pages, page_nr);
869 	} else {
870 		for (i = 0; i < page_nr; i++)
871 			put_page(bo->pages[i]);
872 	}
873 	kfree(bo->pages);
874 	kfree(bo->page_obj);
875 }
876 
877 /*
878  * Convert user space virtual address into pages list
879  */
alloc_user_pages(struct hmm_buffer_object * bo,const void __user * userptr,bool cached)880 static int alloc_user_pages(struct hmm_buffer_object *bo,
881 			    const void __user *userptr, bool cached)
882 {
883 	int page_nr;
884 	int i;
885 	struct vm_area_struct *vma;
886 	struct page **pages;
887 
888 	pages = kmalloc_array(bo->pgnr, sizeof(struct page *), GFP_KERNEL);
889 	if (unlikely(!pages))
890 		return -ENOMEM;
891 
892 	bo->page_obj = kmalloc_array(bo->pgnr, sizeof(struct hmm_page_object),
893 				     GFP_KERNEL);
894 	if (unlikely(!bo->page_obj)) {
895 		kfree(pages);
896 		return -ENOMEM;
897 	}
898 
899 	mutex_unlock(&bo->mutex);
900 	mmap_read_lock(current->mm);
901 	vma = find_vma(current->mm, (unsigned long)userptr);
902 	mmap_read_unlock(current->mm);
903 	if (!vma) {
904 		dev_err(atomisp_dev, "find_vma failed\n");
905 		kfree(bo->page_obj);
906 		kfree(pages);
907 		mutex_lock(&bo->mutex);
908 		return -EFAULT;
909 	}
910 	mutex_lock(&bo->mutex);
911 	/*
912 	 * Handle frame buffer allocated in other kerenl space driver
913 	 * and map to user space
914 	 */
915 
916 	userptr = untagged_addr(userptr);
917 
918 	bo->pages = pages;
919 
920 	if (vma->vm_flags & (VM_IO | VM_PFNMAP)) {
921 		page_nr = pin_user_pages((unsigned long)userptr, bo->pgnr,
922 					 FOLL_LONGTERM | FOLL_WRITE,
923 					 pages, NULL);
924 		bo->mem_type = HMM_BO_MEM_TYPE_PFN;
925 	} else {
926 		/*Handle frame buffer allocated in user space*/
927 		mutex_unlock(&bo->mutex);
928 		page_nr = get_user_pages_fast((unsigned long)userptr,
929 					      (int)(bo->pgnr), 1, pages);
930 		mutex_lock(&bo->mutex);
931 		bo->mem_type = HMM_BO_MEM_TYPE_USER;
932 	}
933 
934 	dev_dbg(atomisp_dev, "%s: %d %s pages were allocated as 0x%08x\n",
935 		__func__,
936 		bo->pgnr,
937 		bo->mem_type == HMM_BO_MEM_TYPE_USER ? "user" : "pfn", page_nr);
938 
939 	hmm_mem_stat.usr_size += bo->pgnr;
940 
941 	/* can be written by caller, not forced */
942 	if (page_nr != bo->pgnr) {
943 		dev_err(atomisp_dev,
944 			"get_user_pages err: bo->pgnr = %d, pgnr actually pinned = %d.\n",
945 			bo->pgnr, page_nr);
946 		if (page_nr < 0)
947 			page_nr = 0;
948 		goto out_of_mem;
949 	}
950 
951 	for (i = 0; i < bo->pgnr; i++) {
952 		bo->page_obj[i].page = pages[i];
953 		bo->page_obj[i].type = HMM_PAGE_TYPE_GENERAL;
954 	}
955 
956 	return 0;
957 
958 out_of_mem:
959 
960 	free_user_pages(bo, page_nr);
961 
962 	return -ENOMEM;
963 }
964 
965 /*
966  * allocate/free physical pages for the bo.
967  *
968  * type indicate where are the pages from. currently we have 3 types
969  * of memory: HMM_BO_PRIVATE, HMM_BO_USER, HMM_BO_SHARE.
970  *
971  * from_highmem is only valid when type is HMM_BO_PRIVATE, it will
972  * try to alloc memory from highmem if from_highmem is set.
973  *
974  * userptr is only valid when type is HMM_BO_USER, it indicates
975  * the start address from user space task.
976  *
977  * from_highmem and userptr will both be ignored when type is
978  * HMM_BO_SHARE.
979  */
hmm_bo_alloc_pages(struct hmm_buffer_object * bo,enum hmm_bo_type type,int from_highmem,const void __user * userptr,bool cached)980 int hmm_bo_alloc_pages(struct hmm_buffer_object *bo,
981 		       enum hmm_bo_type type, int from_highmem,
982 		       const void __user *userptr, bool cached)
983 {
984 	int ret = -EINVAL;
985 
986 	check_bo_null_return(bo, -EINVAL);
987 
988 	mutex_lock(&bo->mutex);
989 	check_bo_status_no_goto(bo, HMM_BO_PAGE_ALLOCED, status_err);
990 
991 	/*
992 	 * TO DO:
993 	 * add HMM_BO_USER type
994 	 */
995 	if (type == HMM_BO_PRIVATE) {
996 		ret = alloc_private_pages(bo, from_highmem,
997 					  cached, &dynamic_pool, &reserved_pool);
998 	} else if (type == HMM_BO_USER) {
999 		ret = alloc_user_pages(bo, userptr, cached);
1000 	} else {
1001 		dev_err(atomisp_dev, "invalid buffer type.\n");
1002 		ret = -EINVAL;
1003 	}
1004 	if (ret)
1005 		goto alloc_err;
1006 
1007 	bo->type = type;
1008 
1009 	bo->status |= HMM_BO_PAGE_ALLOCED;
1010 
1011 	mutex_unlock(&bo->mutex);
1012 
1013 	return 0;
1014 
1015 alloc_err:
1016 	mutex_unlock(&bo->mutex);
1017 	dev_err(atomisp_dev, "alloc pages err...\n");
1018 	return ret;
1019 status_err:
1020 	mutex_unlock(&bo->mutex);
1021 	dev_err(atomisp_dev,
1022 		"buffer object has already page allocated.\n");
1023 	return -EINVAL;
1024 }
1025 
1026 /*
1027  * free physical pages of the bo.
1028  */
hmm_bo_free_pages(struct hmm_buffer_object * bo)1029 void hmm_bo_free_pages(struct hmm_buffer_object *bo)
1030 {
1031 	check_bo_null_return_void(bo);
1032 
1033 	mutex_lock(&bo->mutex);
1034 
1035 	check_bo_status_yes_goto(bo, HMM_BO_PAGE_ALLOCED, status_err2);
1036 
1037 	/* clear the flag anyway. */
1038 	bo->status &= (~HMM_BO_PAGE_ALLOCED);
1039 
1040 	if (bo->type == HMM_BO_PRIVATE)
1041 		free_private_pages(bo, &dynamic_pool, &reserved_pool);
1042 	else if (bo->type == HMM_BO_USER)
1043 		free_user_pages(bo, bo->pgnr);
1044 	else
1045 		dev_err(atomisp_dev, "invalid buffer type.\n");
1046 	mutex_unlock(&bo->mutex);
1047 
1048 	return;
1049 
1050 status_err2:
1051 	mutex_unlock(&bo->mutex);
1052 	dev_err(atomisp_dev,
1053 		"buffer object not page allocated yet.\n");
1054 }
1055 
hmm_bo_page_allocated(struct hmm_buffer_object * bo)1056 int hmm_bo_page_allocated(struct hmm_buffer_object *bo)
1057 {
1058 	check_bo_null_return(bo, 0);
1059 
1060 	return bo->status & HMM_BO_PAGE_ALLOCED;
1061 }
1062 
1063 /*
1064  * get physical page info of the bo.
1065  */
hmm_bo_get_page_info(struct hmm_buffer_object * bo,struct hmm_page_object ** page_obj,int * pgnr)1066 int hmm_bo_get_page_info(struct hmm_buffer_object *bo,
1067 			 struct hmm_page_object **page_obj, int *pgnr)
1068 {
1069 	check_bo_null_return(bo, -EINVAL);
1070 
1071 	mutex_lock(&bo->mutex);
1072 
1073 	check_bo_status_yes_goto(bo, HMM_BO_PAGE_ALLOCED, status_err);
1074 
1075 	*page_obj = bo->page_obj;
1076 	*pgnr = bo->pgnr;
1077 
1078 	mutex_unlock(&bo->mutex);
1079 
1080 	return 0;
1081 
1082 status_err:
1083 	dev_err(atomisp_dev,
1084 		"buffer object not page allocated yet.\n");
1085 	mutex_unlock(&bo->mutex);
1086 	return -EINVAL;
1087 }
1088 
1089 /*
1090  * bind the physical pages to a virtual address space.
1091  */
hmm_bo_bind(struct hmm_buffer_object * bo)1092 int hmm_bo_bind(struct hmm_buffer_object *bo)
1093 {
1094 	int ret;
1095 	unsigned int virt;
1096 	struct hmm_bo_device *bdev;
1097 	unsigned int i;
1098 
1099 	check_bo_null_return(bo, -EINVAL);
1100 
1101 	mutex_lock(&bo->mutex);
1102 
1103 	check_bo_status_yes_goto(bo,
1104 				 HMM_BO_PAGE_ALLOCED | HMM_BO_ALLOCED,
1105 				 status_err1);
1106 
1107 	check_bo_status_no_goto(bo, HMM_BO_BINDED, status_err2);
1108 
1109 	bdev = bo->bdev;
1110 
1111 	virt = bo->start;
1112 
1113 	for (i = 0; i < bo->pgnr; i++) {
1114 		ret =
1115 		    isp_mmu_map(&bdev->mmu, virt,
1116 				page_to_phys(bo->page_obj[i].page), 1);
1117 		if (ret)
1118 			goto map_err;
1119 		virt += (1 << PAGE_SHIFT);
1120 	}
1121 
1122 	/*
1123 	 * flush TBL here.
1124 	 *
1125 	 * theoretically, we donot need to flush TLB as we didnot change
1126 	 * any existed address mappings, but for Silicon Hive's MMU, its
1127 	 * really a bug here. I guess when fetching PTEs (page table entity)
1128 	 * to TLB, its MMU will fetch additional INVALID PTEs automatically
1129 	 * for performance issue. EX, we only set up 1 page address mapping,
1130 	 * meaning updating 1 PTE, but the MMU fetches 4 PTE at one time,
1131 	 * so the additional 3 PTEs are invalid.
1132 	 */
1133 	if (bo->start != 0x0)
1134 		isp_mmu_flush_tlb_range(&bdev->mmu, bo->start,
1135 					(bo->pgnr << PAGE_SHIFT));
1136 
1137 	bo->status |= HMM_BO_BINDED;
1138 
1139 	mutex_unlock(&bo->mutex);
1140 
1141 	return 0;
1142 
1143 map_err:
1144 	/* unbind the physical pages with related virtual address space */
1145 	virt = bo->start;
1146 	for ( ; i > 0; i--) {
1147 		isp_mmu_unmap(&bdev->mmu, virt, 1);
1148 		virt += pgnr_to_size(1);
1149 	}
1150 
1151 	mutex_unlock(&bo->mutex);
1152 	dev_err(atomisp_dev,
1153 		"setup MMU address mapping failed.\n");
1154 	return ret;
1155 
1156 status_err2:
1157 	mutex_unlock(&bo->mutex);
1158 	dev_err(atomisp_dev, "buffer object already binded.\n");
1159 	return -EINVAL;
1160 status_err1:
1161 	mutex_unlock(&bo->mutex);
1162 	dev_err(atomisp_dev,
1163 		"buffer object vm_node or page not allocated.\n");
1164 	return -EINVAL;
1165 }
1166 
1167 /*
1168  * unbind the physical pages with related virtual address space.
1169  */
hmm_bo_unbind(struct hmm_buffer_object * bo)1170 void hmm_bo_unbind(struct hmm_buffer_object *bo)
1171 {
1172 	unsigned int virt;
1173 	struct hmm_bo_device *bdev;
1174 	unsigned int i;
1175 
1176 	check_bo_null_return_void(bo);
1177 
1178 	mutex_lock(&bo->mutex);
1179 
1180 	check_bo_status_yes_goto(bo,
1181 				 HMM_BO_PAGE_ALLOCED |
1182 				 HMM_BO_ALLOCED |
1183 				 HMM_BO_BINDED, status_err);
1184 
1185 	bdev = bo->bdev;
1186 
1187 	virt = bo->start;
1188 
1189 	for (i = 0; i < bo->pgnr; i++) {
1190 		isp_mmu_unmap(&bdev->mmu, virt, 1);
1191 		virt += pgnr_to_size(1);
1192 	}
1193 
1194 	/*
1195 	 * flush TLB as the address mapping has been removed and
1196 	 * related TLBs should be invalidated.
1197 	 */
1198 	isp_mmu_flush_tlb_range(&bdev->mmu, bo->start,
1199 				(bo->pgnr << PAGE_SHIFT));
1200 
1201 	bo->status &= (~HMM_BO_BINDED);
1202 
1203 	mutex_unlock(&bo->mutex);
1204 
1205 	return;
1206 
1207 status_err:
1208 	mutex_unlock(&bo->mutex);
1209 	dev_err(atomisp_dev,
1210 		"buffer vm or page not allocated or not binded yet.\n");
1211 }
1212 
hmm_bo_binded(struct hmm_buffer_object * bo)1213 int hmm_bo_binded(struct hmm_buffer_object *bo)
1214 {
1215 	int ret;
1216 
1217 	check_bo_null_return(bo, 0);
1218 
1219 	mutex_lock(&bo->mutex);
1220 
1221 	ret = bo->status & HMM_BO_BINDED;
1222 
1223 	mutex_unlock(&bo->mutex);
1224 
1225 	return ret;
1226 }
1227 
hmm_bo_vmap(struct hmm_buffer_object * bo,bool cached)1228 void *hmm_bo_vmap(struct hmm_buffer_object *bo, bool cached)
1229 {
1230 	struct page **pages;
1231 	int i;
1232 
1233 	check_bo_null_return(bo, NULL);
1234 
1235 	mutex_lock(&bo->mutex);
1236 	if (((bo->status & HMM_BO_VMAPED) && !cached) ||
1237 	    ((bo->status & HMM_BO_VMAPED_CACHED) && cached)) {
1238 		mutex_unlock(&bo->mutex);
1239 		return bo->vmap_addr;
1240 	}
1241 
1242 	/* cached status need to be changed, so vunmap first */
1243 	if (bo->status & HMM_BO_VMAPED || bo->status & HMM_BO_VMAPED_CACHED) {
1244 		vunmap(bo->vmap_addr);
1245 		bo->vmap_addr = NULL;
1246 		bo->status &= ~(HMM_BO_VMAPED | HMM_BO_VMAPED_CACHED);
1247 	}
1248 
1249 	pages = kmalloc_array(bo->pgnr, sizeof(*pages), GFP_KERNEL);
1250 	if (unlikely(!pages)) {
1251 		mutex_unlock(&bo->mutex);
1252 		return NULL;
1253 	}
1254 
1255 	for (i = 0; i < bo->pgnr; i++)
1256 		pages[i] = bo->page_obj[i].page;
1257 
1258 	bo->vmap_addr = vmap(pages, bo->pgnr, VM_MAP,
1259 			     cached ? PAGE_KERNEL : PAGE_KERNEL_NOCACHE);
1260 	if (unlikely(!bo->vmap_addr)) {
1261 		kfree(pages);
1262 		mutex_unlock(&bo->mutex);
1263 		dev_err(atomisp_dev, "vmap failed...\n");
1264 		return NULL;
1265 	}
1266 	bo->status |= (cached ? HMM_BO_VMAPED_CACHED : HMM_BO_VMAPED);
1267 
1268 	kfree(pages);
1269 
1270 	mutex_unlock(&bo->mutex);
1271 	return bo->vmap_addr;
1272 }
1273 
hmm_bo_flush_vmap(struct hmm_buffer_object * bo)1274 void hmm_bo_flush_vmap(struct hmm_buffer_object *bo)
1275 {
1276 	check_bo_null_return_void(bo);
1277 
1278 	mutex_lock(&bo->mutex);
1279 	if (!(bo->status & HMM_BO_VMAPED_CACHED) || !bo->vmap_addr) {
1280 		mutex_unlock(&bo->mutex);
1281 		return;
1282 	}
1283 
1284 	clflush_cache_range(bo->vmap_addr, bo->pgnr * PAGE_SIZE);
1285 	mutex_unlock(&bo->mutex);
1286 }
1287 
hmm_bo_vunmap(struct hmm_buffer_object * bo)1288 void hmm_bo_vunmap(struct hmm_buffer_object *bo)
1289 {
1290 	check_bo_null_return_void(bo);
1291 
1292 	mutex_lock(&bo->mutex);
1293 	if (bo->status & HMM_BO_VMAPED || bo->status & HMM_BO_VMAPED_CACHED) {
1294 		vunmap(bo->vmap_addr);
1295 		bo->vmap_addr = NULL;
1296 		bo->status &= ~(HMM_BO_VMAPED | HMM_BO_VMAPED_CACHED);
1297 	}
1298 
1299 	mutex_unlock(&bo->mutex);
1300 	return;
1301 }
1302 
hmm_bo_ref(struct hmm_buffer_object * bo)1303 void hmm_bo_ref(struct hmm_buffer_object *bo)
1304 {
1305 	check_bo_null_return_void(bo);
1306 
1307 	kref_get(&bo->kref);
1308 }
1309 
kref_hmm_bo_release(struct kref * kref)1310 static void kref_hmm_bo_release(struct kref *kref)
1311 {
1312 	if (!kref)
1313 		return;
1314 
1315 	hmm_bo_release(kref_to_hmm_bo(kref));
1316 }
1317 
hmm_bo_unref(struct hmm_buffer_object * bo)1318 void hmm_bo_unref(struct hmm_buffer_object *bo)
1319 {
1320 	check_bo_null_return_void(bo);
1321 
1322 	kref_put(&bo->kref, kref_hmm_bo_release);
1323 }
1324 
hmm_bo_vm_open(struct vm_area_struct * vma)1325 static void hmm_bo_vm_open(struct vm_area_struct *vma)
1326 {
1327 	struct hmm_buffer_object *bo =
1328 	    (struct hmm_buffer_object *)vma->vm_private_data;
1329 
1330 	check_bo_null_return_void(bo);
1331 
1332 	hmm_bo_ref(bo);
1333 
1334 	mutex_lock(&bo->mutex);
1335 
1336 	bo->status |= HMM_BO_MMAPED;
1337 
1338 	bo->mmap_count++;
1339 
1340 	mutex_unlock(&bo->mutex);
1341 }
1342 
hmm_bo_vm_close(struct vm_area_struct * vma)1343 static void hmm_bo_vm_close(struct vm_area_struct *vma)
1344 {
1345 	struct hmm_buffer_object *bo =
1346 	    (struct hmm_buffer_object *)vma->vm_private_data;
1347 
1348 	check_bo_null_return_void(bo);
1349 
1350 	hmm_bo_unref(bo);
1351 
1352 	mutex_lock(&bo->mutex);
1353 
1354 	bo->mmap_count--;
1355 
1356 	if (!bo->mmap_count) {
1357 		bo->status &= (~HMM_BO_MMAPED);
1358 		vma->vm_private_data = NULL;
1359 	}
1360 
1361 	mutex_unlock(&bo->mutex);
1362 }
1363 
1364 static const struct vm_operations_struct hmm_bo_vm_ops = {
1365 	.open = hmm_bo_vm_open,
1366 	.close = hmm_bo_vm_close,
1367 };
1368 
1369 /*
1370  * mmap the bo to user space.
1371  */
hmm_bo_mmap(struct vm_area_struct * vma,struct hmm_buffer_object * bo)1372 int hmm_bo_mmap(struct vm_area_struct *vma, struct hmm_buffer_object *bo)
1373 {
1374 	unsigned int start, end;
1375 	unsigned int virt;
1376 	unsigned int pgnr, i;
1377 	unsigned int pfn;
1378 
1379 	check_bo_null_return(bo, -EINVAL);
1380 
1381 	check_bo_status_yes_goto(bo, HMM_BO_PAGE_ALLOCED, status_err);
1382 
1383 	pgnr = bo->pgnr;
1384 	start = vma->vm_start;
1385 	end = vma->vm_end;
1386 
1387 	/*
1388 	 * check vma's virtual address space size and buffer object's size.
1389 	 * must be the same.
1390 	 */
1391 	if ((start + pgnr_to_size(pgnr)) != end) {
1392 		dev_warn(atomisp_dev,
1393 			 "vma's address space size not equal to buffer object's size");
1394 		return -EINVAL;
1395 	}
1396 
1397 	virt = vma->vm_start;
1398 	for (i = 0; i < pgnr; i++) {
1399 		pfn = page_to_pfn(bo->page_obj[i].page);
1400 		if (remap_pfn_range(vma, virt, pfn, PAGE_SIZE, PAGE_SHARED)) {
1401 			dev_warn(atomisp_dev,
1402 				 "remap_pfn_range failed: virt = 0x%x, pfn = 0x%x, mapped_pgnr = %d\n",
1403 				 virt, pfn, 1);
1404 			return -EINVAL;
1405 		}
1406 		virt += PAGE_SIZE;
1407 	}
1408 
1409 	vma->vm_private_data = bo;
1410 
1411 	vma->vm_ops = &hmm_bo_vm_ops;
1412 	vma->vm_flags |= VM_IO | VM_DONTEXPAND | VM_DONTDUMP;
1413 
1414 	/*
1415 	 * call hmm_bo_vm_open explicitly.
1416 	 */
1417 	hmm_bo_vm_open(vma);
1418 
1419 	return 0;
1420 
1421 status_err:
1422 	dev_err(atomisp_dev, "buffer page not allocated yet.\n");
1423 	return -EINVAL;
1424 }
1425