1 /* $NetBSD: drm_bufs.c,v 1.16 2021/12/19 12:30:04 riastradh Exp $ */ 2 3 /* 4 * Legacy: Generic DRM Buffer Management 5 * 6 * Copyright 1999, 2000 Precision Insight, Inc., Cedar Park, Texas. 7 * Copyright 2000 VA Linux Systems, Inc., Sunnyvale, California. 8 * All Rights Reserved. 9 * 10 * Author: Rickard E. (Rik) Faith <faith (at) valinux.com> 11 * Author: Gareth Hughes <gareth (at) valinux.com> 12 * 13 * Permission is hereby granted, free of charge, to any person obtaining a 14 * copy of this software and associated documentation files (the "Software"), 15 * to deal in the Software without restriction, including without limitation 16 * the rights to use, copy, modify, merge, publish, distribute, sublicense, 17 * and/or sell copies of the Software, and to permit persons to whom the 18 * Software is furnished to do so, subject to the following conditions: 19 * 20 * The above copyright notice and this permission notice (including the next 21 * paragraph) shall be included in all copies or substantial portions of the 22 * Software. 23 * 24 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 25 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 26 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 27 * VA LINUX SYSTEMS AND/OR ITS SUPPLIERS BE LIABLE FOR ANY CLAIM, DAMAGES OR 28 * OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, 29 * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR 30 * OTHER DEALINGS IN THE SOFTWARE. 31 */ 32 33 #include <sys/cdefs.h> 34 __KERNEL_RCSID(0, "$NetBSD: drm_bufs.c,v 1.16 2021/12/19 12:30:04 riastradh Exp $"); 35 36 #include <linux/export.h> 37 #include <linux/log2.h> 38 #include <linux/mm.h> 39 #include <linux/mman.h> 40 #include <linux/nospec.h> 41 #include <linux/slab.h> 42 #include <linux/uaccess.h> 43 #include <linux/vmalloc.h> 44 45 #include <asm/shmparam.h> 46 47 #include <drm/drm_agpsupport.h> 48 #include <drm/drm_device.h> 49 #include <drm/drm_drv.h> 50 #include <drm/drm_file.h> 51 #include <drm/drm_pci.h> 52 #include <drm/drm_print.h> 53 54 #include "drm_legacy.h" 55 56 57 static struct drm_map_list *drm_find_matching_map(struct drm_device *dev, 58 struct drm_local_map *map) 59 { 60 struct drm_map_list *entry; 61 list_for_each_entry(entry, &dev->maplist, head) { 62 /* 63 * Because the kernel-userspace ABI is fixed at a 32-bit offset 64 * while PCI resources may live above that, we only compare the 65 * lower 32 bits of the map offset for maps of type 66 * _DRM_FRAMEBUFFER or _DRM_REGISTERS. 67 * It is assumed that if a driver have more than one resource 68 * of each type, the lower 32 bits are different. 69 */ 70 if (!entry->map || 71 map->type != entry->map->type || 72 entry->master != dev->master) 73 continue; 74 switch (map->type) { 75 case _DRM_SHM: 76 if (map->flags != _DRM_CONTAINS_LOCK) 77 break; 78 return entry; 79 case _DRM_REGISTERS: 80 case _DRM_FRAME_BUFFER: 81 if ((entry->map->offset & 0xffffffff) == 82 (map->offset & 0xffffffff)) 83 return entry; 84 default: /* Make gcc happy */ 85 ; 86 } 87 if (entry->map->offset == map->offset) 88 return entry; 89 } 90 91 return NULL; 92 } 93 94 static int drm_map_handle(struct drm_device *dev, struct drm_hash_item *hash, 95 unsigned long user_token, int hashed_handle, int shm) 96 { 97 int use_hashed_handle, shift; 98 unsigned long add; 99 100 use_hashed_handle = (user_token &~ 0xffffffffUL) || hashed_handle; 101 if (!use_hashed_handle) { 102 int ret; 103 hash->key = user_token >> PAGE_SHIFT; 104 ret = drm_ht_insert_item(&dev->map_hash, hash); 105 if (ret != -EINVAL) 106 return ret; 107 } 108 109 shift = 0; 110 add = DRM_MAP_HASH_OFFSET >> PAGE_SHIFT; 111 if (shm && (SHMLBA > PAGE_SIZE)) { 112 int bits = ilog2(SHMLBA >> PAGE_SHIFT) + 1; 113 114 /* For shared memory, we have to preserve the SHMLBA 115 * bits of the eventual vma->vm_pgoff value during 116 * mmap(). Otherwise we run into cache aliasing problems 117 * on some platforms. On these platforms, the pgoff of 118 * a mmap() request is used to pick a suitable virtual 119 * address for the mmap() region such that it will not 120 * cause cache aliasing problems. 121 * 122 * Therefore, make sure the SHMLBA relevant bits of the 123 * hash value we use are equal to those in the original 124 * kernel virtual address. 125 */ 126 shift = bits; 127 add |= ((user_token >> PAGE_SHIFT) & ((1UL << bits) - 1UL)); 128 } 129 130 return drm_ht_just_insert_please(&dev->map_hash, hash, 131 user_token, 32 - PAGE_SHIFT - 3, 132 shift, add); 133 } 134 135 /** 136 * Core function to create a range of memory available for mapping by a 137 * non-root process. 138 * 139 * Adjusts the memory offset to its absolute value according to the mapping 140 * type. Adds the map to the map list drm_device::maplist. Adds MTRR's where 141 * applicable and if supported by the kernel. 142 */ 143 static int drm_addmap_core(struct drm_device *dev, resource_size_t offset, 144 unsigned int size, enum drm_map_type type, 145 enum drm_map_flags flags, 146 struct drm_map_list **maplist) 147 { 148 struct drm_local_map *map; 149 struct drm_map_list *list; 150 drm_dma_handle_t *dmah; 151 unsigned long user_token; 152 int ret; 153 154 map = kmalloc(sizeof(*map), GFP_KERNEL); 155 if (!map) 156 return -ENOMEM; 157 158 map->offset = offset; 159 map->size = size; 160 map->flags = flags; 161 map->type = type; 162 163 /* Only allow shared memory to be removable since we only keep enough 164 * book keeping information about shared memory to allow for removal 165 * when processes fork. 166 */ 167 if ((map->flags & _DRM_REMOVABLE) && map->type != _DRM_SHM) { 168 kfree(map); 169 return -EINVAL; 170 } 171 DRM_DEBUG("offset = 0x%08llx, size = 0x%08lx, type = %d\n", 172 (unsigned long long)map->offset, map->size, map->type); 173 174 /* page-align _DRM_SHM maps. They are allocated here so there is no security 175 * hole created by that and it works around various broken drivers that use 176 * a non-aligned quantity to map the SAREA. --BenH 177 */ 178 if (map->type == _DRM_SHM) 179 map->size = PAGE_ALIGN(map->size); 180 181 if ((map->offset & (~(resource_size_t)PAGE_MASK)) || (map->size & (~PAGE_MASK))) { 182 kfree(map); 183 return -EINVAL; 184 } 185 map->mtrr = -1; 186 map->handle = NULL; 187 188 switch (map->type) { 189 case _DRM_REGISTERS: 190 case _DRM_FRAME_BUFFER: 191 #ifndef __NetBSD__ /* XXX No idea what this is for... */ 192 #if !defined(__sparc__) && !defined(__alpha__) && !defined(__ia64__) && !defined(__powerpc64__) && !defined(__x86_64__) && !defined(__arm__) 193 if (map->offset + (map->size-1) < map->offset || 194 map->offset < virt_to_phys(high_memory)) { 195 kfree(map); 196 return -EINVAL; 197 } 198 #endif 199 #endif 200 /* Some drivers preinitialize some maps, without the X Server 201 * needing to be aware of it. Therefore, we just return success 202 * when the server tries to create a duplicate map. 203 */ 204 list = drm_find_matching_map(dev, map); 205 if (list != NULL) { 206 if (list->map->size != map->size) { 207 DRM_DEBUG("Matching maps of type %d with " 208 "mismatched sizes, (%ld vs %ld)\n", 209 map->type, map->size, 210 list->map->size); 211 list->map->size = map->size; 212 } 213 214 kfree(map); 215 *maplist = list; 216 return 0; 217 } 218 219 if (map->type == _DRM_FRAME_BUFFER || 220 (map->flags & _DRM_WRITE_COMBINING)) { 221 map->mtrr = 222 arch_phys_wc_add(map->offset, map->size); 223 } 224 if (map->type == _DRM_REGISTERS) { 225 #ifdef __NetBSD__ 226 drm_legacy_ioremap(map, dev); 227 #else 228 if (map->flags & _DRM_WRITE_COMBINING) 229 map->handle = ioremap_wc(map->offset, 230 map->size); 231 else 232 map->handle = ioremap(map->offset, map->size); 233 #endif 234 if (!map->handle) { 235 kfree(map); 236 return -ENOMEM; 237 } 238 } 239 240 break; 241 case _DRM_SHM: 242 list = drm_find_matching_map(dev, map); 243 if (list != NULL) { 244 if (list->map->size != map->size) { 245 DRM_DEBUG("Matching maps of type %d with " 246 "mismatched sizes, (%ld vs %ld)\n", 247 map->type, map->size, list->map->size); 248 list->map->size = map->size; 249 } 250 251 kfree(map); 252 *maplist = list; 253 return 0; 254 } 255 map->handle = vmalloc_user(map->size); 256 DRM_DEBUG("%lu %d %p\n", 257 map->size, order_base_2(map->size), map->handle); 258 if (!map->handle) { 259 kfree(map); 260 return -ENOMEM; 261 } 262 map->offset = (unsigned long)map->handle; 263 if (map->flags & _DRM_CONTAINS_LOCK) { 264 /* Prevent a 2nd X Server from creating a 2nd lock */ 265 spin_lock(&dev->master->lock.spinlock); 266 if (dev->master->lock.hw_lock != NULL) { 267 spin_unlock(&dev->master->lock.spinlock); 268 vfree(map->handle); 269 kfree(map); 270 return -EBUSY; 271 } 272 spin_unlock(&dev->master->lock.spinlock); 273 dev->sigdata.lock = dev->master->lock.hw_lock = map->handle; /* Pointer to lock */ 274 } 275 break; 276 case _DRM_AGP: { 277 struct drm_agp_mem *entry; 278 int valid = 0; 279 280 if (!dev->agp) { 281 kfree(map); 282 return -EINVAL; 283 } 284 #ifdef __alpha__ 285 map->offset += dev->hose->mem_space->start; 286 #endif 287 /* In some cases (i810 driver), user space may have already 288 * added the AGP base itself, because dev->agp->base previously 289 * only got set during AGP enable. So, only add the base 290 * address if the map's offset isn't already within the 291 * aperture. 292 */ 293 #ifdef __NetBSD__ 294 if (map->offset < dev->agp->base || 295 map->offset > dev->agp->base + 296 dev->agp->agp_info.aki_info.ai_aperture_size - 1) { 297 map->offset += dev->agp->base; 298 } 299 #else 300 if (map->offset < dev->agp->base || 301 map->offset > dev->agp->base + 302 dev->agp->agp_info.aper_size * 1024 * 1024 - 1) { 303 map->offset += dev->agp->base; 304 } 305 #endif 306 map->mtrr = dev->agp->agp_mtrr; /* for getmap */ 307 308 /* This assumes the DRM is in total control of AGP space. 309 * It's not always the case as AGP can be in the control 310 * of user space (i.e. i810 driver). So this loop will get 311 * skipped and we double check that dev->agp->memory is 312 * actually set as well as being invalid before EPERM'ing 313 */ 314 list_for_each_entry(entry, &dev->agp->memory, head) { 315 if ((map->offset >= entry->bound) && 316 (map->offset + map->size <= entry->bound + entry->pages * PAGE_SIZE)) { 317 valid = 1; 318 break; 319 } 320 } 321 if (!list_empty(&dev->agp->memory) && !valid) { 322 kfree(map); 323 return -EPERM; 324 } 325 DRM_DEBUG("AGP offset = 0x%08llx, size = 0x%08lx\n", 326 (unsigned long long)map->offset, map->size); 327 328 break; 329 } 330 case _DRM_SCATTER_GATHER: 331 if (!dev->sg) { 332 kfree(map); 333 return -EINVAL; 334 } 335 map->offset += (unsigned long)dev->sg->virtual; 336 break; 337 case _DRM_CONSISTENT: 338 /* dma_addr_t is 64bit on i386 with CONFIG_HIGHMEM64G, 339 * As we're limiting the address to 2^32-1 (or less), 340 * casting it down to 32 bits is no problem, but we 341 * need to point to a 64bit variable first. */ 342 dmah = drm_pci_alloc(dev, map->size, map->size); 343 if (!dmah) { 344 kfree(map); 345 return -ENOMEM; 346 } 347 map->handle = dmah->vaddr; 348 map->offset = (unsigned long)dmah->busaddr; 349 #ifdef __NetBSD__ 350 map->lm_data.dmah = dmah; 351 #else 352 kfree(dmah); 353 #endif 354 break; 355 default: 356 kfree(map); 357 return -EINVAL; 358 } 359 360 list = kzalloc(sizeof(*list), GFP_KERNEL); 361 if (!list) { 362 if (map->type == _DRM_REGISTERS) 363 #ifdef __NetBSD__ 364 drm_legacy_ioremapfree(map, dev); 365 #else 366 iounmap(map->handle); 367 #endif 368 kfree(map); 369 return -EINVAL; 370 } 371 list->map = map; 372 373 mutex_lock(&dev->struct_mutex); 374 list_add(&list->head, &dev->maplist); 375 376 /* Assign a 32-bit handle */ 377 /* We do it here so that dev->struct_mutex protects the increment */ 378 user_token = (map->type == _DRM_SHM) ? (unsigned long)map->handle : 379 map->offset; 380 ret = drm_map_handle(dev, &list->hash, user_token, 0, 381 (map->type == _DRM_SHM)); 382 if (ret) { 383 if (map->type == _DRM_REGISTERS) 384 #ifdef __NetBSD__ /* XXX What about other map types...? */ 385 drm_legacy_ioremapfree(map, dev); 386 #else 387 iounmap(map->handle); 388 #endif 389 kfree(map); 390 kfree(list); 391 mutex_unlock(&dev->struct_mutex); 392 return ret; 393 } 394 395 list->user_token = list->hash.key << PAGE_SHIFT; 396 mutex_unlock(&dev->struct_mutex); 397 398 if (!(map->flags & _DRM_DRIVER)) 399 list->master = dev->master; 400 *maplist = list; 401 return 0; 402 } 403 404 int drm_legacy_addmap(struct drm_device *dev, resource_size_t offset, 405 unsigned int size, enum drm_map_type type, 406 enum drm_map_flags flags, struct drm_local_map **map_ptr) 407 { 408 struct drm_map_list *list; 409 int rc; 410 411 rc = drm_addmap_core(dev, offset, size, type, flags, &list); 412 if (!rc) 413 *map_ptr = list->map; 414 return rc; 415 } 416 EXPORT_SYMBOL(drm_legacy_addmap); 417 418 struct drm_local_map *drm_legacy_findmap(struct drm_device *dev, 419 unsigned int token) 420 { 421 struct drm_map_list *_entry; 422 list_for_each_entry(_entry, &dev->maplist, head) 423 if (_entry->user_token == token) 424 return _entry->map; 425 return NULL; 426 } 427 EXPORT_SYMBOL(drm_legacy_findmap); 428 429 /** 430 * Ioctl to specify a range of memory that is available for mapping by a 431 * non-root process. 432 * 433 * \param inode device inode. 434 * \param file_priv DRM file private. 435 * \param cmd command. 436 * \param arg pointer to a drm_map structure. 437 * \return zero on success or a negative value on error. 438 * 439 */ 440 int drm_legacy_addmap_ioctl(struct drm_device *dev, void *data, 441 struct drm_file *file_priv) 442 { 443 struct drm_map *map = data; 444 struct drm_map_list *maplist; 445 int err; 446 447 if (!(capable(CAP_SYS_ADMIN) || map->type == _DRM_AGP || map->type == _DRM_SHM)) 448 return -EPERM; 449 450 if (!drm_core_check_feature(dev, DRIVER_KMS_LEGACY_CONTEXT) && 451 !drm_core_check_feature(dev, DRIVER_LEGACY)) 452 return -EOPNOTSUPP; 453 454 err = drm_addmap_core(dev, map->offset, map->size, map->type, 455 map->flags, &maplist); 456 457 if (err) 458 return err; 459 460 /* avoid a warning on 64-bit, this casting isn't very nice, but the API is set so too late */ 461 map->handle = (void *)(unsigned long)maplist->user_token; 462 463 /* 464 * It appears that there are no users of this value whatsoever -- 465 * drmAddMap just discards it. Let's not encourage its use. 466 * (Keeping drm_addmap_core's returned mtrr value would be wrong -- 467 * it's not a real mtrr index anymore.) 468 */ 469 map->mtrr = -1; 470 471 return 0; 472 } 473 474 /* 475 * Get a mapping information. 476 * 477 * \param inode device inode. 478 * \param file_priv DRM file private. 479 * \param cmd command. 480 * \param arg user argument, pointing to a drm_map structure. 481 * 482 * \return zero on success or a negative number on failure. 483 * 484 * Searches for the mapping with the specified offset and copies its information 485 * into userspace 486 */ 487 int drm_legacy_getmap_ioctl(struct drm_device *dev, void *data, 488 struct drm_file *file_priv) 489 { 490 struct drm_map *map = data; 491 struct drm_map_list *r_list = NULL; 492 struct list_head *list; 493 int idx; 494 int i; 495 496 if (!drm_core_check_feature(dev, DRIVER_KMS_LEGACY_CONTEXT) && 497 !drm_core_check_feature(dev, DRIVER_LEGACY)) 498 return -EOPNOTSUPP; 499 500 idx = map->offset; 501 if (idx < 0) 502 return -EINVAL; 503 504 i = 0; 505 mutex_lock(&dev->struct_mutex); 506 list_for_each(list, &dev->maplist) { 507 if (i == idx) { 508 r_list = list_entry(list, struct drm_map_list, head); 509 break; 510 } 511 i++; 512 } 513 if (!r_list || !r_list->map) { 514 mutex_unlock(&dev->struct_mutex); 515 return -EINVAL; 516 } 517 518 map->offset = r_list->map->offset; 519 map->size = r_list->map->size; 520 map->type = r_list->map->type; 521 map->flags = r_list->map->flags; 522 map->handle = (void *)(unsigned long) r_list->user_token; 523 map->mtrr = arch_phys_wc_index(r_list->map->mtrr); 524 525 mutex_unlock(&dev->struct_mutex); 526 527 return 0; 528 } 529 530 /** 531 * Remove a map private from list and deallocate resources if the mapping 532 * isn't in use. 533 * 534 * Searches the map on drm_device::maplist, removes it from the list, see if 535 * it's being used, and free any associated resource (such as MTRR's) if it's not 536 * being on use. 537 * 538 * \sa drm_legacy_addmap 539 */ 540 int drm_legacy_rmmap_locked(struct drm_device *dev, struct drm_local_map *map) 541 { 542 struct drm_map_list *r_list = NULL, *list_t; 543 #ifndef __NetBSD__ 544 drm_dma_handle_t dmah; 545 #endif 546 int found = 0; 547 struct drm_master *master; 548 549 /* Find the list entry for the map and remove it */ 550 list_for_each_entry_safe(r_list, list_t, &dev->maplist, head) { 551 if (r_list->map == map) { 552 master = r_list->master; 553 list_del(&r_list->head); 554 drm_ht_remove_key(&dev->map_hash, 555 r_list->user_token >> PAGE_SHIFT); 556 kfree(r_list); 557 found = 1; 558 break; 559 } 560 } 561 562 if (!found) 563 return -EINVAL; 564 565 switch (map->type) { 566 case _DRM_REGISTERS: 567 #ifdef __NetBSD__ 568 drm_legacy_ioremapfree(map, dev); 569 #else 570 iounmap(map->handle); 571 #endif 572 /* FALLTHROUGH */ 573 case _DRM_FRAME_BUFFER: 574 arch_phys_wc_del(map->mtrr); 575 break; 576 case _DRM_SHM: 577 if (master && (map->flags & _DRM_CONTAINS_LOCK)) { 578 spin_lock(&master->lock.spinlock); 579 /* 580 * If we successfully removed this mapping, 581 * then the mapping must have been there in the 582 * first place, and we must have had a 583 * heavyweight lock, so we assert here instead 584 * of just checking and failing. 585 * 586 * XXX What about the _DRM_CONTAINS_LOCK flag? 587 * Where is that supposed to be set? Is it 588 * equivalent to having a master set? 589 * 590 * XXX There is copypasta of this in 591 * drm_lock.c, drm_legacy_lock_master_cleanup. 592 */ 593 BUG_ON(master->lock.hw_lock == NULL); 594 if (dev->sigdata.lock == master->lock.hw_lock) 595 dev->sigdata.lock = NULL; 596 master->lock.hw_lock = NULL; /* SHM removed */ 597 master->lock.file_priv = NULL; 598 #ifdef __NetBSD__ 599 DRM_SPIN_WAKEUP_ALL(&master->lock.lock_queue, 600 &master->lock.spinlock); 601 #else 602 wake_up_interruptible_all(&master->lock.lock_queue); 603 #endif 604 spin_unlock(&master->lock.spinlock); 605 } 606 vfree(map->handle); 607 break; 608 case _DRM_AGP: 609 case _DRM_SCATTER_GATHER: 610 break; 611 case _DRM_CONSISTENT: 612 #ifdef __NetBSD__ 613 drm_pci_free(dev, map->lm_data.dmah); 614 #else 615 dmah.vaddr = map->handle; 616 dmah.busaddr = map->offset; 617 dmah.size = map->size; 618 __drm_legacy_pci_free(dev, &dmah); 619 #endif 620 break; 621 } 622 kfree(map); 623 624 return 0; 625 } 626 EXPORT_SYMBOL(drm_legacy_rmmap_locked); 627 628 void drm_legacy_rmmap(struct drm_device *dev, struct drm_local_map *map) 629 { 630 if (!drm_core_check_feature(dev, DRIVER_KMS_LEGACY_CONTEXT) && 631 !drm_core_check_feature(dev, DRIVER_LEGACY)) 632 return; 633 634 mutex_lock(&dev->struct_mutex); 635 drm_legacy_rmmap_locked(dev, map); 636 mutex_unlock(&dev->struct_mutex); 637 } 638 EXPORT_SYMBOL(drm_legacy_rmmap); 639 640 void drm_legacy_master_rmmaps(struct drm_device *dev, struct drm_master *master) 641 { 642 struct drm_map_list *r_list, *list_temp; 643 644 if (!drm_core_check_feature(dev, DRIVER_LEGACY)) 645 return; 646 647 mutex_lock(&dev->struct_mutex); 648 list_for_each_entry_safe(r_list, list_temp, &dev->maplist, head) { 649 if (r_list->master == master) { 650 drm_legacy_rmmap_locked(dev, r_list->map); 651 r_list = NULL; 652 } 653 } 654 mutex_unlock(&dev->struct_mutex); 655 } 656 657 void drm_legacy_rmmaps(struct drm_device *dev) 658 { 659 struct drm_map_list *r_list, *list_temp; 660 661 list_for_each_entry_safe(r_list, list_temp, &dev->maplist, head) 662 drm_legacy_rmmap(dev, r_list->map); 663 } 664 665 /* The rmmap ioctl appears to be unnecessary. All mappings are torn down on 666 * the last close of the device, and this is necessary for cleanup when things 667 * exit uncleanly. Therefore, having userland manually remove mappings seems 668 * like a pointless exercise since they're going away anyway. 669 * 670 * One use case might be after addmap is allowed for normal users for SHM and 671 * gets used by drivers that the server doesn't need to care about. This seems 672 * unlikely. 673 * 674 * \param inode device inode. 675 * \param file_priv DRM file private. 676 * \param cmd command. 677 * \param arg pointer to a struct drm_map structure. 678 * \return zero on success or a negative value on error. 679 */ 680 int drm_legacy_rmmap_ioctl(struct drm_device *dev, void *data, 681 struct drm_file *file_priv) 682 { 683 struct drm_map *request = data; 684 struct drm_local_map *map = NULL; 685 struct drm_map_list *r_list; 686 int ret; 687 688 if (!drm_core_check_feature(dev, DRIVER_KMS_LEGACY_CONTEXT) && 689 !drm_core_check_feature(dev, DRIVER_LEGACY)) 690 return -EOPNOTSUPP; 691 692 mutex_lock(&dev->struct_mutex); 693 list_for_each_entry(r_list, &dev->maplist, head) { 694 if (r_list->map && 695 r_list->user_token == (unsigned long)request->handle && 696 r_list->map->flags & _DRM_REMOVABLE) { 697 map = r_list->map; 698 break; 699 } 700 } 701 702 /* List has wrapped around to the head pointer, or it's empty we didn't 703 * find anything. 704 */ 705 if (list_empty(&dev->maplist) || !map) { 706 mutex_unlock(&dev->struct_mutex); 707 return -EINVAL; 708 } 709 710 /* Register and framebuffer maps are permanent */ 711 if ((map->type == _DRM_REGISTERS) || (map->type == _DRM_FRAME_BUFFER)) { 712 mutex_unlock(&dev->struct_mutex); 713 return 0; 714 } 715 716 ret = drm_legacy_rmmap_locked(dev, map); 717 718 mutex_unlock(&dev->struct_mutex); 719 720 return ret; 721 } 722 723 /** 724 * Cleanup after an error on one of the addbufs() functions. 725 * 726 * \param dev DRM device. 727 * \param entry buffer entry where the error occurred. 728 * 729 * Frees any pages and buffers associated with the given entry. 730 */ 731 static void drm_cleanup_buf_error(struct drm_device *dev, 732 struct drm_buf_entry *entry) 733 { 734 int i; 735 736 if (entry->seg_count) { 737 for (i = 0; i < entry->seg_count; i++) { 738 if (entry->seglist[i]) { 739 drm_pci_free(dev, entry->seglist[i]); 740 } 741 } 742 kfree(entry->seglist); 743 744 entry->seg_count = 0; 745 } 746 747 if (entry->buf_count) { 748 for (i = 0; i < entry->buf_count; i++) { 749 kfree(entry->buflist[i].dev_private); 750 } 751 kfree(entry->buflist); 752 753 entry->buf_count = 0; 754 } 755 } 756 757 #if IS_ENABLED(CONFIG_AGP) 758 /** 759 * Add AGP buffers for DMA transfers. 760 * 761 * \param dev struct drm_device to which the buffers are to be added. 762 * \param request pointer to a struct drm_buf_desc describing the request. 763 * \return zero on success or a negative number on failure. 764 * 765 * After some sanity checks creates a drm_buf structure for each buffer and 766 * reallocates the buffer list of the same size order to accommodate the new 767 * buffers. 768 */ 769 int drm_legacy_addbufs_agp(struct drm_device *dev, 770 struct drm_buf_desc *request) 771 { 772 struct drm_device_dma *dma = dev->dma; 773 struct drm_buf_entry *entry; 774 struct drm_agp_mem *agp_entry; 775 struct drm_buf *buf; 776 unsigned long offset; 777 unsigned long agp_offset; 778 int count; 779 int order; 780 int size; 781 int alignment; 782 int page_order; 783 int total; 784 int byte_count; 785 int i, valid; 786 struct drm_buf **temp_buflist; 787 788 if (!dma) 789 return -EINVAL; 790 791 count = request->count; 792 order = order_base_2(request->size); 793 size = 1 << order; 794 795 alignment = (request->flags & _DRM_PAGE_ALIGN) 796 ? PAGE_ALIGN(size) : size; 797 page_order = order - PAGE_SHIFT > 0 ? order - PAGE_SHIFT : 0; 798 total = PAGE_SIZE << page_order; 799 800 byte_count = 0; 801 agp_offset = dev->agp->base + request->agp_start; 802 803 DRM_DEBUG("count: %d\n", count); 804 DRM_DEBUG("order: %d\n", order); 805 DRM_DEBUG("size: %d\n", size); 806 DRM_DEBUG("agp_offset: %lx\n", agp_offset); 807 DRM_DEBUG("alignment: %d\n", alignment); 808 DRM_DEBUG("page_order: %d\n", page_order); 809 DRM_DEBUG("total: %d\n", total); 810 811 if (order < DRM_MIN_ORDER || order > DRM_MAX_ORDER) 812 return -EINVAL; 813 814 /* Make sure buffers are located in AGP memory that we own */ 815 valid = 0; 816 list_for_each_entry(agp_entry, &dev->agp->memory, head) { 817 if ((agp_offset >= agp_entry->bound) && 818 (agp_offset + total * count <= agp_entry->bound + agp_entry->pages * PAGE_SIZE)) { 819 valid = 1; 820 break; 821 } 822 } 823 if (!list_empty(&dev->agp->memory) && !valid) { 824 DRM_DEBUG("zone invalid\n"); 825 return -EINVAL; 826 } 827 spin_lock(&dev->buf_lock); 828 if (dev->buf_use) { 829 spin_unlock(&dev->buf_lock); 830 return -EBUSY; 831 } 832 atomic_inc(&dev->buf_alloc); 833 spin_unlock(&dev->buf_lock); 834 835 mutex_lock(&dev->struct_mutex); 836 entry = &dma->bufs[order]; 837 if (entry->buf_count) { 838 mutex_unlock(&dev->struct_mutex); 839 atomic_dec(&dev->buf_alloc); 840 return -ENOMEM; /* May only call once for each order */ 841 } 842 843 if (count < 0 || count > 4096) { 844 mutex_unlock(&dev->struct_mutex); 845 atomic_dec(&dev->buf_alloc); 846 return -EINVAL; 847 } 848 849 entry->buflist = kcalloc(count, sizeof(*entry->buflist), GFP_KERNEL); 850 if (!entry->buflist) { 851 mutex_unlock(&dev->struct_mutex); 852 atomic_dec(&dev->buf_alloc); 853 return -ENOMEM; 854 } 855 856 entry->buf_size = size; 857 entry->page_order = page_order; 858 859 offset = 0; 860 861 while (entry->buf_count < count) { 862 buf = &entry->buflist[entry->buf_count]; 863 buf->idx = dma->buf_count + entry->buf_count; 864 buf->total = alignment; 865 buf->order = order; 866 buf->used = 0; 867 868 buf->offset = (dma->byte_count + offset); 869 buf->bus_address = agp_offset + offset; 870 buf->address = (void *)(agp_offset + offset); 871 buf->next = NULL; 872 buf->waiting = 0; 873 buf->pending = 0; 874 buf->file_priv = NULL; 875 876 buf->dev_priv_size = dev->driver->dev_priv_size; 877 buf->dev_private = kzalloc(buf->dev_priv_size, GFP_KERNEL); 878 if (!buf->dev_private) { 879 /* Set count correctly so we free the proper amount. */ 880 entry->buf_count = count; 881 drm_cleanup_buf_error(dev, entry); 882 mutex_unlock(&dev->struct_mutex); 883 atomic_dec(&dev->buf_alloc); 884 return -ENOMEM; 885 } 886 887 DRM_DEBUG("buffer %d @ %p\n", entry->buf_count, buf->address); 888 889 offset += alignment; 890 entry->buf_count++; 891 byte_count += PAGE_SIZE << page_order; 892 } 893 894 DRM_DEBUG("byte_count: %d\n", byte_count); 895 896 temp_buflist = krealloc(dma->buflist, 897 (dma->buf_count + entry->buf_count) * 898 sizeof(*dma->buflist), GFP_KERNEL); 899 if (!temp_buflist) { 900 /* Free the entry because it isn't valid */ 901 drm_cleanup_buf_error(dev, entry); 902 mutex_unlock(&dev->struct_mutex); 903 atomic_dec(&dev->buf_alloc); 904 return -ENOMEM; 905 } 906 dma->buflist = temp_buflist; 907 908 for (i = 0; i < entry->buf_count; i++) { 909 dma->buflist[i + dma->buf_count] = &entry->buflist[i]; 910 } 911 912 dma->buf_count += entry->buf_count; 913 dma->seg_count += entry->seg_count; 914 dma->page_count += byte_count >> PAGE_SHIFT; 915 dma->byte_count += byte_count; 916 917 DRM_DEBUG("dma->buf_count : %d\n", dma->buf_count); 918 DRM_DEBUG("entry->buf_count : %d\n", entry->buf_count); 919 920 mutex_unlock(&dev->struct_mutex); 921 922 request->count = entry->buf_count; 923 request->size = size; 924 925 dma->flags = _DRM_DMA_USE_AGP; 926 927 atomic_dec(&dev->buf_alloc); 928 return 0; 929 } 930 EXPORT_SYMBOL(drm_legacy_addbufs_agp); 931 #endif /* CONFIG_AGP */ 932 933 int drm_legacy_addbufs_pci(struct drm_device *dev, 934 struct drm_buf_desc *request) 935 { 936 struct drm_device_dma *dma = dev->dma; 937 int count; 938 int order; 939 int size; 940 int total; 941 int page_order; 942 struct drm_buf_entry *entry; 943 drm_dma_handle_t *dmah; 944 struct drm_buf *buf; 945 int alignment; 946 unsigned long offset; 947 int i; 948 int byte_count; 949 int page_count; 950 unsigned long *temp_pagelist; 951 struct drm_buf **temp_buflist; 952 953 if (!drm_core_check_feature(dev, DRIVER_PCI_DMA)) 954 return -EOPNOTSUPP; 955 956 if (!dma) 957 return -EINVAL; 958 959 if (!capable(CAP_SYS_ADMIN)) 960 return -EPERM; 961 962 count = request->count; 963 order = order_base_2(request->size); 964 size = 1 << order; 965 966 DRM_DEBUG("count=%d, size=%d (%d), order=%d\n", 967 request->count, request->size, size, order); 968 969 if (order < DRM_MIN_ORDER || order > DRM_MAX_ORDER) 970 return -EINVAL; 971 972 alignment = (request->flags & _DRM_PAGE_ALIGN) 973 ? PAGE_ALIGN(size) : size; 974 page_order = order - PAGE_SHIFT > 0 ? order - PAGE_SHIFT : 0; 975 total = PAGE_SIZE << page_order; 976 977 spin_lock(&dev->buf_lock); 978 if (dev->buf_use) { 979 spin_unlock(&dev->buf_lock); 980 return -EBUSY; 981 } 982 atomic_inc(&dev->buf_alloc); 983 spin_unlock(&dev->buf_lock); 984 985 mutex_lock(&dev->struct_mutex); 986 entry = &dma->bufs[order]; 987 if (entry->buf_count) { 988 mutex_unlock(&dev->struct_mutex); 989 atomic_dec(&dev->buf_alloc); 990 return -ENOMEM; /* May only call once for each order */ 991 } 992 993 if (count < 0 || count > 4096) { 994 mutex_unlock(&dev->struct_mutex); 995 atomic_dec(&dev->buf_alloc); 996 return -EINVAL; 997 } 998 999 entry->buflist = kcalloc(count, sizeof(*entry->buflist), GFP_KERNEL); 1000 if (!entry->buflist) { 1001 mutex_unlock(&dev->struct_mutex); 1002 atomic_dec(&dev->buf_alloc); 1003 return -ENOMEM; 1004 } 1005 1006 entry->seglist = kcalloc(count, sizeof(*entry->seglist), GFP_KERNEL); 1007 if (!entry->seglist) { 1008 kfree(entry->buflist); 1009 mutex_unlock(&dev->struct_mutex); 1010 atomic_dec(&dev->buf_alloc); 1011 return -ENOMEM; 1012 } 1013 1014 /* Keep the original pagelist until we know all the allocations 1015 * have succeeded 1016 */ 1017 temp_pagelist = kmalloc_array(dma->page_count + (count << page_order), 1018 sizeof(*dma->pagelist), 1019 GFP_KERNEL); 1020 if (!temp_pagelist) { 1021 kfree(entry->buflist); 1022 kfree(entry->seglist); 1023 mutex_unlock(&dev->struct_mutex); 1024 atomic_dec(&dev->buf_alloc); 1025 return -ENOMEM; 1026 } 1027 memcpy(temp_pagelist, 1028 dma->pagelist, dma->page_count * sizeof(*dma->pagelist)); 1029 DRM_DEBUG("pagelist: %d entries\n", 1030 dma->page_count + (count << page_order)); 1031 1032 entry->buf_size = size; 1033 entry->page_order = page_order; 1034 byte_count = 0; 1035 page_count = 0; 1036 1037 while (entry->buf_count < count) { 1038 1039 dmah = drm_pci_alloc(dev, PAGE_SIZE << page_order, 0x1000); 1040 1041 if (!dmah) { 1042 /* Set count correctly so we free the proper amount. */ 1043 entry->buf_count = count; 1044 entry->seg_count = count; 1045 drm_cleanup_buf_error(dev, entry); 1046 kfree(temp_pagelist); 1047 mutex_unlock(&dev->struct_mutex); 1048 atomic_dec(&dev->buf_alloc); 1049 return -ENOMEM; 1050 } 1051 entry->seglist[entry->seg_count++] = dmah; 1052 for (i = 0; i < (1 << page_order); i++) { 1053 DRM_DEBUG("page %d @ 0x%08lx\n", 1054 dma->page_count + page_count, 1055 (unsigned long)dmah->vaddr + PAGE_SIZE * i); 1056 temp_pagelist[dma->page_count + page_count++] 1057 = (unsigned long)dmah->vaddr + PAGE_SIZE * i; 1058 } 1059 for (offset = 0; 1060 offset + size <= total && entry->buf_count < count; 1061 offset += alignment, ++entry->buf_count) { 1062 buf = &entry->buflist[entry->buf_count]; 1063 buf->idx = dma->buf_count + entry->buf_count; 1064 buf->total = alignment; 1065 buf->order = order; 1066 buf->used = 0; 1067 buf->offset = (dma->byte_count + byte_count + offset); 1068 buf->address = (void *)(dmah->vaddr + offset); 1069 buf->bus_address = dmah->busaddr + offset; 1070 buf->next = NULL; 1071 buf->waiting = 0; 1072 buf->pending = 0; 1073 buf->file_priv = NULL; 1074 1075 buf->dev_priv_size = dev->driver->dev_priv_size; 1076 buf->dev_private = kzalloc(buf->dev_priv_size, 1077 GFP_KERNEL); 1078 if (!buf->dev_private) { 1079 /* Set count correctly so we free the proper amount. */ 1080 entry->buf_count = count; 1081 entry->seg_count = count; 1082 drm_cleanup_buf_error(dev, entry); 1083 kfree(temp_pagelist); 1084 mutex_unlock(&dev->struct_mutex); 1085 atomic_dec(&dev->buf_alloc); 1086 return -ENOMEM; 1087 } 1088 1089 DRM_DEBUG("buffer %d @ %p\n", 1090 entry->buf_count, buf->address); 1091 } 1092 byte_count += PAGE_SIZE << page_order; 1093 } 1094 1095 temp_buflist = krealloc(dma->buflist, 1096 (dma->buf_count + entry->buf_count) * 1097 sizeof(*dma->buflist), GFP_KERNEL); 1098 if (!temp_buflist) { 1099 /* Free the entry because it isn't valid */ 1100 drm_cleanup_buf_error(dev, entry); 1101 kfree(temp_pagelist); 1102 mutex_unlock(&dev->struct_mutex); 1103 atomic_dec(&dev->buf_alloc); 1104 return -ENOMEM; 1105 } 1106 dma->buflist = temp_buflist; 1107 1108 for (i = 0; i < entry->buf_count; i++) { 1109 dma->buflist[i + dma->buf_count] = &entry->buflist[i]; 1110 } 1111 1112 /* No allocations failed, so now we can replace the original pagelist 1113 * with the new one. 1114 */ 1115 if (dma->page_count) { 1116 kfree(dma->pagelist); 1117 } 1118 dma->pagelist = temp_pagelist; 1119 1120 dma->buf_count += entry->buf_count; 1121 dma->seg_count += entry->seg_count; 1122 dma->page_count += entry->seg_count << page_order; 1123 dma->byte_count += PAGE_SIZE * (entry->seg_count << page_order); 1124 1125 mutex_unlock(&dev->struct_mutex); 1126 1127 request->count = entry->buf_count; 1128 request->size = size; 1129 1130 if (request->flags & _DRM_PCI_BUFFER_RO) 1131 dma->flags = _DRM_DMA_USE_PCI_RO; 1132 1133 atomic_dec(&dev->buf_alloc); 1134 return 0; 1135 1136 } 1137 EXPORT_SYMBOL(drm_legacy_addbufs_pci); 1138 1139 static int drm_legacy_addbufs_sg(struct drm_device *dev, 1140 struct drm_buf_desc *request) 1141 { 1142 struct drm_device_dma *dma = dev->dma; 1143 struct drm_buf_entry *entry; 1144 struct drm_buf *buf; 1145 unsigned long offset; 1146 unsigned long agp_offset; 1147 int count; 1148 int order; 1149 int size; 1150 int alignment; 1151 int page_order; 1152 int total; 1153 int byte_count; 1154 int i; 1155 struct drm_buf **temp_buflist; 1156 1157 if (!drm_core_check_feature(dev, DRIVER_SG)) 1158 return -EOPNOTSUPP; 1159 1160 if (!dma) 1161 return -EINVAL; 1162 1163 if (!capable(CAP_SYS_ADMIN)) 1164 return -EPERM; 1165 1166 count = request->count; 1167 order = order_base_2(request->size); 1168 size = 1 << order; 1169 1170 alignment = (request->flags & _DRM_PAGE_ALIGN) 1171 ? PAGE_ALIGN(size) : size; 1172 page_order = order - PAGE_SHIFT > 0 ? order - PAGE_SHIFT : 0; 1173 total = PAGE_SIZE << page_order; 1174 1175 byte_count = 0; 1176 agp_offset = request->agp_start; 1177 1178 DRM_DEBUG("count: %d\n", count); 1179 DRM_DEBUG("order: %d\n", order); 1180 DRM_DEBUG("size: %d\n", size); 1181 DRM_DEBUG("agp_offset: %lu\n", agp_offset); 1182 DRM_DEBUG("alignment: %d\n", alignment); 1183 DRM_DEBUG("page_order: %d\n", page_order); 1184 DRM_DEBUG("total: %d\n", total); 1185 1186 if (order < DRM_MIN_ORDER || order > DRM_MAX_ORDER) 1187 return -EINVAL; 1188 1189 spin_lock(&dev->buf_lock); 1190 if (dev->buf_use) { 1191 spin_unlock(&dev->buf_lock); 1192 return -EBUSY; 1193 } 1194 atomic_inc(&dev->buf_alloc); 1195 spin_unlock(&dev->buf_lock); 1196 1197 mutex_lock(&dev->struct_mutex); 1198 entry = &dma->bufs[order]; 1199 if (entry->buf_count) { 1200 mutex_unlock(&dev->struct_mutex); 1201 atomic_dec(&dev->buf_alloc); 1202 return -ENOMEM; /* May only call once for each order */ 1203 } 1204 1205 if (count < 0 || count > 4096) { 1206 mutex_unlock(&dev->struct_mutex); 1207 atomic_dec(&dev->buf_alloc); 1208 return -EINVAL; 1209 } 1210 1211 entry->buflist = kcalloc(count, sizeof(*entry->buflist), GFP_KERNEL); 1212 if (!entry->buflist) { 1213 mutex_unlock(&dev->struct_mutex); 1214 atomic_dec(&dev->buf_alloc); 1215 return -ENOMEM; 1216 } 1217 1218 entry->buf_size = size; 1219 entry->page_order = page_order; 1220 1221 offset = 0; 1222 1223 while (entry->buf_count < count) { 1224 buf = &entry->buflist[entry->buf_count]; 1225 buf->idx = dma->buf_count + entry->buf_count; 1226 buf->total = alignment; 1227 buf->order = order; 1228 buf->used = 0; 1229 1230 buf->offset = (dma->byte_count + offset); 1231 buf->bus_address = agp_offset + offset; 1232 buf->address = (void *)(agp_offset + offset 1233 + (unsigned long)dev->sg->virtual); 1234 buf->next = NULL; 1235 buf->waiting = 0; 1236 buf->pending = 0; 1237 buf->file_priv = NULL; 1238 1239 buf->dev_priv_size = dev->driver->dev_priv_size; 1240 buf->dev_private = kzalloc(buf->dev_priv_size, GFP_KERNEL); 1241 if (!buf->dev_private) { 1242 /* Set count correctly so we free the proper amount. */ 1243 entry->buf_count = count; 1244 drm_cleanup_buf_error(dev, entry); 1245 mutex_unlock(&dev->struct_mutex); 1246 atomic_dec(&dev->buf_alloc); 1247 return -ENOMEM; 1248 } 1249 1250 DRM_DEBUG("buffer %d @ %p\n", entry->buf_count, buf->address); 1251 1252 offset += alignment; 1253 entry->buf_count++; 1254 byte_count += PAGE_SIZE << page_order; 1255 } 1256 1257 DRM_DEBUG("byte_count: %d\n", byte_count); 1258 1259 temp_buflist = krealloc(dma->buflist, 1260 (dma->buf_count + entry->buf_count) * 1261 sizeof(*dma->buflist), GFP_KERNEL); 1262 if (!temp_buflist) { 1263 /* Free the entry because it isn't valid */ 1264 drm_cleanup_buf_error(dev, entry); 1265 mutex_unlock(&dev->struct_mutex); 1266 atomic_dec(&dev->buf_alloc); 1267 return -ENOMEM; 1268 } 1269 dma->buflist = temp_buflist; 1270 1271 for (i = 0; i < entry->buf_count; i++) { 1272 dma->buflist[i + dma->buf_count] = &entry->buflist[i]; 1273 } 1274 1275 dma->buf_count += entry->buf_count; 1276 dma->seg_count += entry->seg_count; 1277 dma->page_count += byte_count >> PAGE_SHIFT; 1278 dma->byte_count += byte_count; 1279 1280 DRM_DEBUG("dma->buf_count : %d\n", dma->buf_count); 1281 DRM_DEBUG("entry->buf_count : %d\n", entry->buf_count); 1282 1283 mutex_unlock(&dev->struct_mutex); 1284 1285 request->count = entry->buf_count; 1286 request->size = size; 1287 1288 dma->flags = _DRM_DMA_USE_SG; 1289 1290 atomic_dec(&dev->buf_alloc); 1291 return 0; 1292 } 1293 1294 /** 1295 * Add buffers for DMA transfers (ioctl). 1296 * 1297 * \param inode device inode. 1298 * \param file_priv DRM file private. 1299 * \param cmd command. 1300 * \param arg pointer to a struct drm_buf_desc request. 1301 * \return zero on success or a negative number on failure. 1302 * 1303 * According with the memory type specified in drm_buf_desc::flags and the 1304 * build options, it dispatches the call either to addbufs_agp(), 1305 * addbufs_sg() or addbufs_pci() for AGP, scatter-gather or consistent 1306 * PCI memory respectively. 1307 */ 1308 int drm_legacy_addbufs(struct drm_device *dev, void *data, 1309 struct drm_file *file_priv) 1310 { 1311 struct drm_buf_desc *request = data; 1312 int ret; 1313 1314 if (!drm_core_check_feature(dev, DRIVER_LEGACY)) 1315 return -EOPNOTSUPP; 1316 1317 if (!drm_core_check_feature(dev, DRIVER_HAVE_DMA)) 1318 return -EOPNOTSUPP; 1319 1320 #if IS_ENABLED(CONFIG_AGP) 1321 if (request->flags & _DRM_AGP_BUFFER) 1322 ret = drm_legacy_addbufs_agp(dev, request); 1323 else 1324 #endif 1325 if (request->flags & _DRM_SG_BUFFER) 1326 ret = drm_legacy_addbufs_sg(dev, request); 1327 else if (request->flags & _DRM_FB_BUFFER) 1328 ret = -EINVAL; 1329 else 1330 ret = drm_legacy_addbufs_pci(dev, request); 1331 1332 return ret; 1333 } 1334 1335 /** 1336 * Get information about the buffer mappings. 1337 * 1338 * This was originally mean for debugging purposes, or by a sophisticated 1339 * client library to determine how best to use the available buffers (e.g., 1340 * large buffers can be used for image transfer). 1341 * 1342 * \param inode device inode. 1343 * \param file_priv DRM file private. 1344 * \param cmd command. 1345 * \param arg pointer to a drm_buf_info structure. 1346 * \return zero on success or a negative number on failure. 1347 * 1348 * Increments drm_device::buf_use while holding the drm_device::buf_lock 1349 * lock, preventing of allocating more buffers after this call. Information 1350 * about each requested buffer is then copied into user space. 1351 */ 1352 int __drm_legacy_infobufs(struct drm_device *dev, 1353 void *data, int *p, 1354 int (*f)(void *, int, struct drm_buf_entry *)) 1355 { 1356 struct drm_device_dma *dma = dev->dma; 1357 int i; 1358 int count; 1359 1360 if (!drm_core_check_feature(dev, DRIVER_LEGACY)) 1361 return -EOPNOTSUPP; 1362 1363 if (!drm_core_check_feature(dev, DRIVER_HAVE_DMA)) 1364 return -EOPNOTSUPP; 1365 1366 if (!dma) 1367 return -EINVAL; 1368 1369 spin_lock(&dev->buf_lock); 1370 if (atomic_read(&dev->buf_alloc)) { 1371 spin_unlock(&dev->buf_lock); 1372 return -EBUSY; 1373 } 1374 ++dev->buf_use; /* Can't allocate more after this call */ 1375 spin_unlock(&dev->buf_lock); 1376 1377 for (i = 0, count = 0; i < DRM_MAX_ORDER + 1; i++) { 1378 if (dma->bufs[i].buf_count) 1379 ++count; 1380 } 1381 1382 DRM_DEBUG("count = %d\n", count); 1383 1384 if (*p >= count) { 1385 for (i = 0, count = 0; i < DRM_MAX_ORDER + 1; i++) { 1386 struct drm_buf_entry *from = &dma->bufs[i]; 1387 if (from->buf_count) { 1388 if (f(data, count, from) < 0) 1389 return -EFAULT; 1390 DRM_DEBUG("%d %d %d %d %d\n", 1391 i, 1392 dma->bufs[i].buf_count, 1393 dma->bufs[i].buf_size, 1394 dma->bufs[i].low_mark, 1395 dma->bufs[i].high_mark); 1396 ++count; 1397 } 1398 } 1399 } 1400 *p = count; 1401 1402 return 0; 1403 } 1404 1405 static int copy_one_buf(void *data, int count, struct drm_buf_entry *from) 1406 { 1407 struct drm_buf_info *request = data; 1408 struct drm_buf_desc __user *to = &request->list[count]; 1409 struct drm_buf_desc v = {.count = from->buf_count, 1410 .size = from->buf_size, 1411 .low_mark = from->low_mark, 1412 .high_mark = from->high_mark}; 1413 1414 if (copy_to_user(to, &v, offsetof(struct drm_buf_desc, flags))) 1415 return -EFAULT; 1416 return 0; 1417 } 1418 1419 int drm_legacy_infobufs(struct drm_device *dev, void *data, 1420 struct drm_file *file_priv) 1421 { 1422 struct drm_buf_info *request = data; 1423 return __drm_legacy_infobufs(dev, data, &request->count, copy_one_buf); 1424 } 1425 1426 /** 1427 * Specifies a low and high water mark for buffer allocation 1428 * 1429 * \param inode device inode. 1430 * \param file_priv DRM file private. 1431 * \param cmd command. 1432 * \param arg a pointer to a drm_buf_desc structure. 1433 * \return zero on success or a negative number on failure. 1434 * 1435 * Verifies that the size order is bounded between the admissible orders and 1436 * updates the respective drm_device_dma::bufs entry low and high water mark. 1437 * 1438 * \note This ioctl is deprecated and mostly never used. 1439 */ 1440 int drm_legacy_markbufs(struct drm_device *dev, void *data, 1441 struct drm_file *file_priv) 1442 { 1443 struct drm_device_dma *dma = dev->dma; 1444 struct drm_buf_desc *request = data; 1445 int order; 1446 struct drm_buf_entry *entry; 1447 1448 if (!drm_core_check_feature(dev, DRIVER_LEGACY)) 1449 return -EOPNOTSUPP; 1450 1451 if (!drm_core_check_feature(dev, DRIVER_HAVE_DMA)) 1452 return -EOPNOTSUPP; 1453 1454 if (!dma) 1455 return -EINVAL; 1456 1457 DRM_DEBUG("%d, %d, %d\n", 1458 request->size, request->low_mark, request->high_mark); 1459 order = order_base_2(request->size); 1460 if (order < DRM_MIN_ORDER || order > DRM_MAX_ORDER) 1461 return -EINVAL; 1462 entry = &dma->bufs[order]; 1463 1464 if (request->low_mark < 0 || request->low_mark > entry->buf_count) 1465 return -EINVAL; 1466 if (request->high_mark < 0 || request->high_mark > entry->buf_count) 1467 return -EINVAL; 1468 1469 entry->low_mark = request->low_mark; 1470 entry->high_mark = request->high_mark; 1471 1472 return 0; 1473 } 1474 1475 /** 1476 * Unreserve the buffers in list, previously reserved using drmDMA. 1477 * 1478 * \param inode device inode. 1479 * \param file_priv DRM file private. 1480 * \param cmd command. 1481 * \param arg pointer to a drm_buf_free structure. 1482 * \return zero on success or a negative number on failure. 1483 * 1484 * Calls free_buffer() for each used buffer. 1485 * This function is primarily used for debugging. 1486 */ 1487 int drm_legacy_freebufs(struct drm_device *dev, void *data, 1488 struct drm_file *file_priv) 1489 { 1490 struct drm_device_dma *dma = dev->dma; 1491 struct drm_buf_free *request = data; 1492 int i; 1493 int idx; 1494 struct drm_buf *buf; 1495 1496 if (!drm_core_check_feature(dev, DRIVER_LEGACY)) 1497 return -EOPNOTSUPP; 1498 1499 if (!drm_core_check_feature(dev, DRIVER_HAVE_DMA)) 1500 return -EOPNOTSUPP; 1501 1502 if (!dma) 1503 return -EINVAL; 1504 1505 DRM_DEBUG("%d\n", request->count); 1506 for (i = 0; i < request->count; i++) { 1507 if (copy_from_user(&idx, &request->list[i], sizeof(idx))) 1508 return -EFAULT; 1509 if (idx < 0 || idx >= dma->buf_count) { 1510 DRM_ERROR("Index %d (of %d max)\n", 1511 idx, dma->buf_count - 1); 1512 return -EINVAL; 1513 } 1514 idx = array_index_nospec(idx, dma->buf_count); 1515 buf = dma->buflist[idx]; 1516 if (buf->file_priv != file_priv) { 1517 #ifdef __NetBSD__ 1518 DRM_ERROR("Process %d freeing buffer not owned\n", 1519 (int)curproc->p_pid); 1520 #else 1521 DRM_ERROR("Process %d freeing buffer not owned\n", 1522 task_pid_nr(current)); 1523 #endif 1524 return -EINVAL; 1525 } 1526 drm_legacy_free_buffer(dev, buf); 1527 } 1528 1529 return 0; 1530 } 1531 1532 /** 1533 * Maps all of the DMA buffers into client-virtual space (ioctl). 1534 * 1535 * \param inode device inode. 1536 * \param file_priv DRM file private. 1537 * \param cmd command. 1538 * \param arg pointer to a drm_buf_map structure. 1539 * \return zero on success or a negative number on failure. 1540 * 1541 * Maps the AGP, SG or PCI buffer region with vm_mmap(), and copies information 1542 * about each buffer into user space. For PCI buffers, it calls vm_mmap() with 1543 * offset equal to 0, which drm_mmap() interpretes as PCI buffers and calls 1544 * drm_mmap_dma(). 1545 */ 1546 int __drm_legacy_mapbufs(struct drm_device *dev, void *data, int *p, 1547 void __user **v, 1548 int (*f)(void *, int, unsigned long, 1549 struct drm_buf *), 1550 struct drm_file *file_priv) 1551 { 1552 struct drm_device_dma *dma = dev->dma; 1553 int retcode = 0; 1554 unsigned long virtual; 1555 int i; 1556 1557 if (!drm_core_check_feature(dev, DRIVER_LEGACY)) 1558 return -EOPNOTSUPP; 1559 1560 if (!drm_core_check_feature(dev, DRIVER_HAVE_DMA)) 1561 return -EOPNOTSUPP; 1562 1563 if (!dma) 1564 return -EINVAL; 1565 1566 spin_lock(&dev->buf_lock); 1567 if (atomic_read(&dev->buf_alloc)) { 1568 spin_unlock(&dev->buf_lock); 1569 return -EBUSY; 1570 } 1571 dev->buf_use++; /* Can't allocate more after this call */ 1572 spin_unlock(&dev->buf_lock); 1573 1574 if (*p >= dma->buf_count) { 1575 if ((dev->agp && (dma->flags & _DRM_DMA_USE_AGP)) 1576 || (drm_core_check_feature(dev, DRIVER_SG) 1577 && (dma->flags & _DRM_DMA_USE_SG))) { 1578 struct drm_local_map *map = dev->agp_buffer_map; 1579 unsigned long token = dev->agp_buffer_token; 1580 1581 if (!map) { 1582 retcode = -EINVAL; 1583 goto done; 1584 } 1585 virtual = vm_mmap(file_priv->filp, 0, map->size, 1586 PROT_READ | PROT_WRITE, 1587 MAP_SHARED, 1588 token); 1589 } else { 1590 virtual = vm_mmap(file_priv->filp, 0, dma->byte_count, 1591 PROT_READ | PROT_WRITE, 1592 MAP_SHARED, 0); 1593 } 1594 if (virtual > -1024UL) { 1595 /* Real error */ 1596 retcode = (signed long)virtual; 1597 goto done; 1598 } 1599 *v = (void __user *)virtual; 1600 1601 for (i = 0; i < dma->buf_count; i++) { 1602 if (f(data, i, virtual, dma->buflist[i]) < 0) { 1603 retcode = -EFAULT; 1604 goto done; 1605 } 1606 } 1607 } 1608 done: 1609 *p = dma->buf_count; 1610 DRM_DEBUG("%d buffers, retcode = %d\n", *p, retcode); 1611 1612 return retcode; 1613 } 1614 1615 static int map_one_buf(void *data, int idx, unsigned long virtual, 1616 struct drm_buf *buf) 1617 { 1618 struct drm_buf_map *request = data; 1619 unsigned long address = virtual + buf->offset; /* *** */ 1620 1621 if (copy_to_user(&request->list[idx].idx, &buf->idx, 1622 sizeof(request->list[0].idx))) 1623 return -EFAULT; 1624 if (copy_to_user(&request->list[idx].total, &buf->total, 1625 sizeof(request->list[0].total))) 1626 return -EFAULT; 1627 if (clear_user(&request->list[idx].used, sizeof(int))) 1628 return -EFAULT; 1629 if (copy_to_user(&request->list[idx].address, &address, 1630 sizeof(address))) 1631 return -EFAULT; 1632 return 0; 1633 } 1634 1635 int drm_legacy_mapbufs(struct drm_device *dev, void *data, 1636 struct drm_file *file_priv) 1637 { 1638 struct drm_buf_map *request = data; 1639 return __drm_legacy_mapbufs(dev, data, &request->count, 1640 &request->virtual, map_one_buf, 1641 file_priv); 1642 } 1643 1644 int drm_legacy_dma_ioctl(struct drm_device *dev, void *data, 1645 struct drm_file *file_priv) 1646 { 1647 if (!drm_core_check_feature(dev, DRIVER_LEGACY)) 1648 return -EOPNOTSUPP; 1649 1650 if (dev->driver->dma_ioctl) 1651 return dev->driver->dma_ioctl(dev, data, file_priv); 1652 else 1653 return -EINVAL; 1654 } 1655 1656 struct drm_local_map *drm_legacy_getsarea(struct drm_device *dev) 1657 { 1658 struct drm_map_list *entry; 1659 1660 list_for_each_entry(entry, &dev->maplist, head) { 1661 if (entry->map && entry->map->type == _DRM_SHM && 1662 (entry->map->flags & _DRM_CONTAINS_LOCK)) { 1663 return entry->map; 1664 } 1665 } 1666 return NULL; 1667 } 1668 EXPORT_SYMBOL(drm_legacy_getsarea); 1669
Indexes created Sat Sep 20 22:09:52 GMT 2025