drm_bufs.c revision 1.7.18.1
1 /* $NetBSD: drm_bufs.c,v 1.7.18.1 2019/06/10 22:07:57 christos Exp $ */ 2 3 /* 4 * Legacy: Generic DRM Buffer Management 5 * 6 * Copyright 1999, 2000 Precision Insight, Inc., Cedar Park, Texas. 7 * Copyright 2000 VA Linux Systems, Inc., Sunnyvale, California. 8 * All Rights Reserved. 9 * 10 * Author: Rickard E. (Rik) Faith <faith (at) valinux.com> 11 * Author: Gareth Hughes <gareth (at) valinux.com> 12 * 13 * Permission is hereby granted, free of charge, to any person obtaining a 14 * copy of this software and associated documentation files (the "Software"), 15 * to deal in the Software without restriction, including without limitation 16 * the rights to use, copy, modify, merge, publish, distribute, sublicense, 17 * and/or sell copies of the Software, and to permit persons to whom the 18 * Software is furnished to do so, subject to the following conditions: 19 * 20 * The above copyright notice and this permission notice (including the next 21 * paragraph) shall be included in all copies or substantial portions of the 22 * Software. 23 * 24 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 25 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 26 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 27 * VA LINUX SYSTEMS AND/OR ITS SUPPLIERS BE LIABLE FOR ANY CLAIM, DAMAGES OR 28 * OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, 29 * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR 30 * OTHER DEALINGS IN THE SOFTWARE. 31 */ 32 33 #include <sys/cdefs.h> 34 __KERNEL_RCSID(0, "$NetBSD: drm_bufs.c,v 1.7.18.1 2019/06/10 22:07:57 christos Exp $"); 35 36 #include <linux/vmalloc.h> 37 #include <linux/slab.h> 38 #include <linux/sched.h> 39 #include <linux/log2.h> 40 #include <linux/export.h> 41 #include <linux/mm.h> 42 #include <asm/bug.h> 43 #include <asm/io.h> 44 #include <asm/shmparam.h> 45 #include <drm/drmP.h> 46 #include "drm_legacy.h" 47 48 static struct drm_map_list *drm_find_matching_map(struct drm_device *dev, 49 struct drm_local_map *map) 50 { 51 struct drm_map_list *entry; 52 list_for_each_entry(entry, &dev->maplist, head) { 53 /* 54 * Because the kernel-userspace ABI is fixed at a 32-bit offset 55 * while PCI resources may live above that, we only compare the 56 * lower 32 bits of the map offset for maps of type 57 * _DRM_FRAMEBUFFER or _DRM_REGISTERS. 58 * It is assumed that if a driver have more than one resource 59 * of each type, the lower 32 bits are different. 60 */ 61 if (!entry->map || 62 map->type != entry->map->type || 63 entry->master != dev->primary->master) 64 continue; 65 switch (map->type) { 66 case _DRM_SHM: 67 if (map->flags != _DRM_CONTAINS_LOCK) 68 break; 69 return entry; 70 case _DRM_REGISTERS: 71 case _DRM_FRAME_BUFFER: 72 if ((entry->map->offset & 0xffffffff) == 73 (map->offset & 0xffffffff)) 74 return entry; 75 default: /* Make gcc happy */ 76 ; 77 } 78 if (entry->map->offset == map->offset) 79 return entry; 80 } 81 82 return NULL; 83 } 84 85 static int drm_map_handle(struct drm_device *dev, struct drm_hash_item *hash, 86 unsigned long user_token, int hashed_handle, int shm) 87 { 88 int use_hashed_handle, shift; 89 unsigned long add; 90 91 use_hashed_handle = (user_token &~ 0xffffffffUL) || hashed_handle; 92 if (!use_hashed_handle) { 93 int ret; 94 hash->key = user_token >> PAGE_SHIFT; 95 ret = drm_ht_insert_item(&dev->map_hash, hash); 96 if (ret != -EINVAL) 97 return ret; 98 } 99 100 shift = 0; 101 add = DRM_MAP_HASH_OFFSET >> PAGE_SHIFT; 102 if (shm && (SHMLBA > PAGE_SIZE)) { 103 int bits = ilog2(SHMLBA >> PAGE_SHIFT) + 1; 104 105 /* For shared memory, we have to preserve the SHMLBA 106 * bits of the eventual vma->vm_pgoff value during 107 * mmap(). Otherwise we run into cache aliasing problems 108 * on some platforms. On these platforms, the pgoff of 109 * a mmap() request is used to pick a suitable virtual 110 * address for the mmap() region such that it will not 111 * cause cache aliasing problems. 112 * 113 * Therefore, make sure the SHMLBA relevant bits of the 114 * hash value we use are equal to those in the original 115 * kernel virtual address. 116 */ 117 shift = bits; 118 add |= ((user_token >> PAGE_SHIFT) & ((1UL << bits) - 1UL)); 119 } 120 121 return drm_ht_just_insert_please(&dev->map_hash, hash, 122 user_token, 32 - PAGE_SHIFT - 3, 123 shift, add); 124 } 125 126 /** 127 * Core function to create a range of memory available for mapping by a 128 * non-root process. 129 * 130 * Adjusts the memory offset to its absolute value according to the mapping 131 * type. Adds the map to the map list drm_device::maplist. Adds MTRR's where 132 * applicable and if supported by the kernel. 133 */ 134 static int drm_addmap_core(struct drm_device * dev, resource_size_t offset, 135 unsigned int size, enum drm_map_type type, 136 enum drm_map_flags flags, 137 struct drm_map_list ** maplist) 138 { 139 struct drm_local_map *map; 140 struct drm_map_list *list; 141 drm_dma_handle_t *dmah; 142 unsigned long user_token; 143 int ret; 144 145 map = kmalloc(sizeof(*map), GFP_KERNEL); 146 if (!map) 147 return -ENOMEM; 148 149 map->offset = offset; 150 map->size = size; 151 map->flags = flags; 152 map->type = type; 153 154 /* Only allow shared memory to be removable since we only keep enough 155 * book keeping information about shared memory to allow for removal 156 * when processes fork. 157 */ 158 if ((map->flags & _DRM_REMOVABLE) && map->type != _DRM_SHM) { 159 kfree(map); 160 return -EINVAL; 161 } 162 DRM_DEBUG("offset = 0x%08llx, size = 0x%08lx, type = %d\n", 163 (unsigned long long)map->offset, map->size, map->type); 164 165 /* page-align _DRM_SHM maps. They are allocated here so there is no security 166 * hole created by that and it works around various broken drivers that use 167 * a non-aligned quantity to map the SAREA. --BenH 168 */ 169 if (map->type == _DRM_SHM) 170 map->size = PAGE_ALIGN(map->size); 171 172 if ((map->offset & (~(resource_size_t)PAGE_MASK)) || (map->size & (~PAGE_MASK))) { 173 kfree(map); 174 return -EINVAL; 175 } 176 map->mtrr = -1; 177 map->handle = NULL; 178 179 switch (map->type) { 180 case _DRM_REGISTERS: 181 case _DRM_FRAME_BUFFER: 182 #ifndef __NetBSD__ /* XXX No idea what this is for... */ 183 #if !defined(__sparc__) && !defined(__alpha__) && !defined(__ia64__) && !defined(__powerpc64__) && !defined(__x86_64__) && !defined(__arm__) 184 if (map->offset + (map->size-1) < map->offset || 185 map->offset < virt_to_phys(high_memory)) { 186 kfree(map); 187 return -EINVAL; 188 } 189 #endif 190 #endif 191 /* Some drivers preinitialize some maps, without the X Server 192 * needing to be aware of it. Therefore, we just return success 193 * when the server tries to create a duplicate map. 194 */ 195 list = drm_find_matching_map(dev, map); 196 if (list != NULL) { 197 if (list->map->size != map->size) { 198 DRM_DEBUG("Matching maps of type %d with " 199 "mismatched sizes, (%ld vs %ld)\n", 200 map->type, map->size, 201 list->map->size); 202 list->map->size = map->size; 203 } 204 205 kfree(map); 206 *maplist = list; 207 return 0; 208 } 209 210 if (map->type == _DRM_FRAME_BUFFER || 211 (map->flags & _DRM_WRITE_COMBINING)) { 212 map->mtrr = 213 arch_phys_wc_add(map->offset, map->size); 214 } 215 if (map->type == _DRM_REGISTERS) { 216 #ifdef __NetBSD__ 217 drm_legacy_ioremap(map, dev); 218 #else 219 if (map->flags & _DRM_WRITE_COMBINING) 220 map->handle = ioremap_wc(map->offset, 221 map->size); 222 else 223 map->handle = ioremap(map->offset, map->size); 224 #endif 225 if (!map->handle) { 226 kfree(map); 227 return -ENOMEM; 228 } 229 } 230 231 break; 232 case _DRM_SHM: 233 list = drm_find_matching_map(dev, map); 234 if (list != NULL) { 235 if(list->map->size != map->size) { 236 DRM_DEBUG("Matching maps of type %d with " 237 "mismatched sizes, (%ld vs %ld)\n", 238 map->type, map->size, list->map->size); 239 list->map->size = map->size; 240 } 241 242 kfree(map); 243 *maplist = list; 244 return 0; 245 } 246 map->handle = vmalloc_user(map->size); 247 DRM_DEBUG("%lu %d %p\n", 248 map->size, order_base_2(map->size), map->handle); 249 if (!map->handle) { 250 kfree(map); 251 return -ENOMEM; 252 } 253 map->offset = (unsigned long)map->handle; 254 if (map->flags & _DRM_CONTAINS_LOCK) { 255 /* Prevent a 2nd X Server from creating a 2nd lock */ 256 spin_lock(&dev->primary->master->lock.spinlock); 257 if (dev->primary->master->lock.hw_lock != NULL) { 258 vfree(map->handle); 259 kfree(map); 260 spin_unlock(&dev->primary->master->lock.spinlock); 261 return -EBUSY; 262 } 263 dev->sigdata.lock = dev->primary->master->lock.hw_lock = map->handle; /* Pointer to lock */ 264 spin_unlock(&dev->primary->master->lock.spinlock); 265 } 266 break; 267 case _DRM_AGP: { 268 struct drm_agp_mem *entry; 269 int valid = 0; 270 271 if (!dev->agp) { 272 kfree(map); 273 return -EINVAL; 274 } 275 #ifdef __alpha__ 276 map->offset += dev->hose->mem_space->start; 277 #endif 278 /* In some cases (i810 driver), user space may have already 279 * added the AGP base itself, because dev->agp->base previously 280 * only got set during AGP enable. So, only add the base 281 * address if the map's offset isn't already within the 282 * aperture. 283 */ 284 #ifdef __NetBSD__ 285 if (map->offset < dev->agp->base || 286 map->offset > dev->agp->base + 287 dev->agp->agp_info.aki_info.ai_aperture_size - 1) { 288 map->offset += dev->agp->base; 289 } 290 #else 291 if (map->offset < dev->agp->base || 292 map->offset > dev->agp->base + 293 dev->agp->agp_info.aper_size * 1024 * 1024 - 1) { 294 map->offset += dev->agp->base; 295 } 296 #endif 297 map->mtrr = dev->agp->agp_mtrr; /* for getmap */ 298 299 /* This assumes the DRM is in total control of AGP space. 300 * It's not always the case as AGP can be in the control 301 * of user space (i.e. i810 driver). So this loop will get 302 * skipped and we double check that dev->agp->memory is 303 * actually set as well as being invalid before EPERM'ing 304 */ 305 list_for_each_entry(entry, &dev->agp->memory, head) { 306 if ((map->offset >= entry->bound) && 307 (map->offset + map->size <= entry->bound + entry->pages * PAGE_SIZE)) { 308 valid = 1; 309 break; 310 } 311 } 312 if (!list_empty(&dev->agp->memory) && !valid) { 313 kfree(map); 314 return -EPERM; 315 } 316 DRM_DEBUG("AGP offset = 0x%08llx, size = 0x%08lx\n", 317 (unsigned long long)map->offset, map->size); 318 319 break; 320 } 321 case _DRM_SCATTER_GATHER: 322 if (!dev->sg) { 323 kfree(map); 324 return -EINVAL; 325 } 326 map->offset += (unsigned long)dev->sg->virtual; 327 break; 328 case _DRM_CONSISTENT: 329 /* dma_addr_t is 64bit on i386 with CONFIG_HIGHMEM64G, 330 * As we're limiting the address to 2^32-1 (or less), 331 * casting it down to 32 bits is no problem, but we 332 * need to point to a 64bit variable first. */ 333 dmah = drm_pci_alloc(dev, map->size, map->size); 334 if (!dmah) { 335 kfree(map); 336 return -ENOMEM; 337 } 338 map->handle = dmah->vaddr; 339 map->offset = (unsigned long)dmah->busaddr; 340 #ifdef __NetBSD__ 341 map->lm_data.dmah = dmah; 342 #else 343 kfree(dmah); 344 #endif 345 break; 346 default: 347 kfree(map); 348 return -EINVAL; 349 } 350 351 list = kzalloc(sizeof(*list), GFP_KERNEL); 352 if (!list) { 353 if (map->type == _DRM_REGISTERS) 354 #ifdef __NetBSD__ 355 drm_legacy_ioremapfree(map, dev); 356 #else 357 iounmap(map->handle); 358 #endif 359 kfree(map); 360 return -EINVAL; 361 } 362 list->map = map; 363 364 mutex_lock(&dev->struct_mutex); 365 list_add(&list->head, &dev->maplist); 366 367 /* Assign a 32-bit handle */ 368 /* We do it here so that dev->struct_mutex protects the increment */ 369 user_token = (map->type == _DRM_SHM) ? (unsigned long)map->handle : 370 map->offset; 371 ret = drm_map_handle(dev, &list->hash, user_token, 0, 372 (map->type == _DRM_SHM)); 373 if (ret) { 374 if (map->type == _DRM_REGISTERS) 375 #ifdef __NetBSD__ /* XXX What about other map types...? */ 376 drm_legacy_ioremapfree(map, dev); 377 #else 378 iounmap(map->handle); 379 #endif 380 kfree(map); 381 kfree(list); 382 mutex_unlock(&dev->struct_mutex); 383 return ret; 384 } 385 386 list->user_token = list->hash.key << PAGE_SHIFT; 387 mutex_unlock(&dev->struct_mutex); 388 389 if (!(map->flags & _DRM_DRIVER)) 390 list->master = dev->primary->master; 391 *maplist = list; 392 return 0; 393 } 394 395 int drm_legacy_addmap(struct drm_device * dev, resource_size_t offset, 396 unsigned int size, enum drm_map_type type, 397 enum drm_map_flags flags, struct drm_local_map **map_ptr) 398 { 399 struct drm_map_list *list; 400 int rc; 401 402 rc = drm_addmap_core(dev, offset, size, type, flags, &list); 403 if (!rc) 404 *map_ptr = list->map; 405 return rc; 406 } 407 EXPORT_SYMBOL(drm_legacy_addmap); 408 409 /** 410 * Ioctl to specify a range of memory that is available for mapping by a 411 * non-root process. 412 * 413 * \param inode device inode. 414 * \param file_priv DRM file private. 415 * \param cmd command. 416 * \param arg pointer to a drm_map structure. 417 * \return zero on success or a negative value on error. 418 * 419 */ 420 int drm_legacy_addmap_ioctl(struct drm_device *dev, void *data, 421 struct drm_file *file_priv) 422 { 423 struct drm_map *map = data; 424 struct drm_map_list *maplist; 425 int err; 426 427 #ifdef __NetBSD__ 428 # if 0 /* XXX Old drm did this. */ 429 if (!(dev->flags & (FREAD | FWRITE))) 430 return -EACCES; 431 # endif 432 if (!(DRM_SUSER() || map->type == _DRM_AGP || map->type == _DRM_SHM)) 433 return -EACCES; /* XXX */ 434 #else 435 if (!(capable(CAP_SYS_ADMIN) || map->type == _DRM_AGP || map->type == _DRM_SHM)) 436 return -EPERM; 437 #endif 438 439 err = drm_addmap_core(dev, map->offset, map->size, map->type, 440 map->flags, &maplist); 441 442 if (err) 443 return err; 444 445 /* avoid a warning on 64-bit, this casting isn't very nice, but the API is set so too late */ 446 map->handle = (void *)(unsigned long)maplist->user_token; 447 448 /* 449 * It appears that there are no users of this value whatsoever -- 450 * drmAddMap just discards it. Let's not encourage its use. 451 * (Keeping drm_addmap_core's returned mtrr value would be wrong -- 452 * it's not a real mtrr index anymore.) 453 */ 454 map->mtrr = -1; 455 456 return 0; 457 } 458 459 /** 460 * Remove a map private from list and deallocate resources if the mapping 461 * isn't in use. 462 * 463 * Searches the map on drm_device::maplist, removes it from the list, see if 464 * its being used, and free any associate resource (such as MTRR's) if it's not 465 * being on use. 466 * 467 * \sa drm_legacy_addmap 468 */ 469 int drm_legacy_rmmap_locked(struct drm_device *dev, struct drm_local_map *map) 470 { 471 struct drm_map_list *r_list = NULL, *list_t; 472 #ifndef __NetBSD__ 473 drm_dma_handle_t dmah; 474 #endif 475 int found = 0; 476 struct drm_master *master; 477 478 /* Find the list entry for the map and remove it */ 479 list_for_each_entry_safe(r_list, list_t, &dev->maplist, head) { 480 if (r_list->map == map) { 481 master = r_list->master; 482 list_del(&r_list->head); 483 drm_ht_remove_key(&dev->map_hash, 484 r_list->user_token >> PAGE_SHIFT); 485 kfree(r_list); 486 found = 1; 487 break; 488 } 489 } 490 491 if (!found) 492 return -EINVAL; 493 494 switch (map->type) { 495 case _DRM_REGISTERS: 496 #ifdef __NetBSD__ 497 drm_legacy_ioremapfree(map, dev); 498 #else 499 iounmap(map->handle); 500 #endif 501 /* FALLTHROUGH */ 502 case _DRM_FRAME_BUFFER: 503 arch_phys_wc_del(map->mtrr); 504 break; 505 case _DRM_SHM: 506 if (master && (map->flags & _DRM_CONTAINS_LOCK)) { 507 spin_lock(&master->lock.spinlock); 508 /* 509 * If we successfully removed this mapping, 510 * then the mapping must have been there in the 511 * first place, and we must have had a 512 * heavyweight lock, so we assert here instead 513 * of just checking and failing. 514 * 515 * XXX What about the _DRM_CONTAINS_LOCK flag? 516 * Where is that supposed to be set? Is it 517 * equivalent to having a master set? 518 * 519 * XXX There is copypasta of this in 520 * drm_fops.c. 521 */ 522 BUG_ON(master->lock.hw_lock == NULL); 523 if (dev->sigdata.lock == master->lock.hw_lock) 524 dev->sigdata.lock = NULL; 525 master->lock.hw_lock = NULL; /* SHM removed */ 526 master->lock.file_priv = NULL; 527 #ifdef __NetBSD__ 528 DRM_SPIN_WAKEUP_ALL(&master->lock.lock_queue, 529 &master->lock.spinlock); 530 #else 531 wake_up_interruptible_all(&master->lock.lock_queue); 532 #endif 533 spin_unlock(&master->lock.spinlock); 534 } 535 vfree(map->handle); 536 break; 537 case _DRM_AGP: 538 case _DRM_SCATTER_GATHER: 539 break; 540 case _DRM_CONSISTENT: 541 #ifdef __NetBSD__ 542 drm_pci_free(dev, map->lm_data.dmah); 543 #else 544 dmah.vaddr = map->handle; 545 dmah.busaddr = map->offset; 546 dmah.size = map->size; 547 __drm_legacy_pci_free(dev, &dmah); 548 #endif 549 break; 550 } 551 kfree(map); 552 553 return 0; 554 } 555 EXPORT_SYMBOL(drm_legacy_rmmap_locked); 556 557 int drm_legacy_rmmap(struct drm_device *dev, struct drm_local_map *map) 558 { 559 int ret; 560 561 mutex_lock(&dev->struct_mutex); 562 ret = drm_legacy_rmmap_locked(dev, map); 563 mutex_unlock(&dev->struct_mutex); 564 565 return ret; 566 } 567 EXPORT_SYMBOL(drm_legacy_rmmap); 568 569 /* The rmmap ioctl appears to be unnecessary. All mappings are torn down on 570 * the last close of the device, and this is necessary for cleanup when things 571 * exit uncleanly. Therefore, having userland manually remove mappings seems 572 * like a pointless exercise since they're going away anyway. 573 * 574 * One use case might be after addmap is allowed for normal users for SHM and 575 * gets used by drivers that the server doesn't need to care about. This seems 576 * unlikely. 577 * 578 * \param inode device inode. 579 * \param file_priv DRM file private. 580 * \param cmd command. 581 * \param arg pointer to a struct drm_map structure. 582 * \return zero on success or a negative value on error. 583 */ 584 int drm_legacy_rmmap_ioctl(struct drm_device *dev, void *data, 585 struct drm_file *file_priv) 586 { 587 struct drm_map *request = data; 588 struct drm_local_map *map = NULL; 589 struct drm_map_list *r_list; 590 int ret; 591 592 mutex_lock(&dev->struct_mutex); 593 list_for_each_entry(r_list, &dev->maplist, head) { 594 if (r_list->map && 595 r_list->user_token == (unsigned long)request->handle && 596 r_list->map->flags & _DRM_REMOVABLE) { 597 map = r_list->map; 598 break; 599 } 600 } 601 602 /* List has wrapped around to the head pointer, or its empty we didn't 603 * find anything. 604 */ 605 if (list_empty(&dev->maplist) || !map) { 606 mutex_unlock(&dev->struct_mutex); 607 return -EINVAL; 608 } 609 610 /* Register and framebuffer maps are permanent */ 611 if ((map->type == _DRM_REGISTERS) || (map->type == _DRM_FRAME_BUFFER)) { 612 mutex_unlock(&dev->struct_mutex); 613 return 0; 614 } 615 616 ret = drm_legacy_rmmap_locked(dev, map); 617 618 mutex_unlock(&dev->struct_mutex); 619 620 return ret; 621 } 622 623 /** 624 * Cleanup after an error on one of the addbufs() functions. 625 * 626 * \param dev DRM device. 627 * \param entry buffer entry where the error occurred. 628 * 629 * Frees any pages and buffers associated with the given entry. 630 */ 631 static void drm_cleanup_buf_error(struct drm_device * dev, 632 struct drm_buf_entry * entry) 633 { 634 int i; 635 636 if (entry->seg_count) { 637 for (i = 0; i < entry->seg_count; i++) { 638 if (entry->seglist[i]) { 639 drm_pci_free(dev, entry->seglist[i]); 640 } 641 } 642 kfree(entry->seglist); 643 644 entry->seg_count = 0; 645 } 646 647 if (entry->buf_count) { 648 for (i = 0; i < entry->buf_count; i++) { 649 kfree(entry->buflist[i].dev_private); 650 } 651 kfree(entry->buflist); 652 653 entry->buf_count = 0; 654 } 655 } 656 657 #if IS_ENABLED(CONFIG_AGP) 658 /** 659 * Add AGP buffers for DMA transfers. 660 * 661 * \param dev struct drm_device to which the buffers are to be added. 662 * \param request pointer to a struct drm_buf_desc describing the request. 663 * \return zero on success or a negative number on failure. 664 * 665 * After some sanity checks creates a drm_buf structure for each buffer and 666 * reallocates the buffer list of the same size order to accommodate the new 667 * buffers. 668 */ 669 int drm_legacy_addbufs_agp(struct drm_device *dev, 670 struct drm_buf_desc *request) 671 { 672 struct drm_device_dma *dma = dev->dma; 673 struct drm_buf_entry *entry; 674 struct drm_agp_mem *agp_entry; 675 struct drm_buf *buf; 676 unsigned long offset; 677 unsigned long agp_offset; 678 int count; 679 int order; 680 int size; 681 int alignment; 682 int page_order; 683 int total; 684 int byte_count; 685 int i, valid; 686 struct drm_buf **temp_buflist; 687 688 if (!dma) 689 return -EINVAL; 690 691 count = request->count; 692 order = order_base_2(request->size); 693 size = 1 << order; 694 695 alignment = (request->flags & _DRM_PAGE_ALIGN) 696 ? PAGE_ALIGN(size) : size; 697 page_order = order - PAGE_SHIFT > 0 ? order - PAGE_SHIFT : 0; 698 total = PAGE_SIZE << page_order; 699 700 byte_count = 0; 701 agp_offset = dev->agp->base + request->agp_start; 702 703 DRM_DEBUG("count: %d\n", count); 704 DRM_DEBUG("order: %d\n", order); 705 DRM_DEBUG("size: %d\n", size); 706 DRM_DEBUG("agp_offset: %lx\n", agp_offset); 707 DRM_DEBUG("alignment: %d\n", alignment); 708 DRM_DEBUG("page_order: %d\n", page_order); 709 DRM_DEBUG("total: %d\n", total); 710 711 if (order < DRM_MIN_ORDER || order > DRM_MAX_ORDER) 712 return -EINVAL; 713 714 /* Make sure buffers are located in AGP memory that we own */ 715 valid = 0; 716 list_for_each_entry(agp_entry, &dev->agp->memory, head) { 717 if ((agp_offset >= agp_entry->bound) && 718 (agp_offset + total * count <= agp_entry->bound + agp_entry->pages * PAGE_SIZE)) { 719 valid = 1; 720 break; 721 } 722 } 723 if (!list_empty(&dev->agp->memory) && !valid) { 724 DRM_DEBUG("zone invalid\n"); 725 return -EINVAL; 726 } 727 spin_lock(&dev->buf_lock); 728 if (dev->buf_use) { 729 spin_unlock(&dev->buf_lock); 730 return -EBUSY; 731 } 732 atomic_inc(&dev->buf_alloc); 733 spin_unlock(&dev->buf_lock); 734 735 mutex_lock(&dev->struct_mutex); 736 entry = &dma->bufs[order]; 737 if (entry->buf_count) { 738 mutex_unlock(&dev->struct_mutex); 739 atomic_dec(&dev->buf_alloc); 740 return -ENOMEM; /* May only call once for each order */ 741 } 742 743 if (count < 0 || count > 4096) { 744 mutex_unlock(&dev->struct_mutex); 745 atomic_dec(&dev->buf_alloc); 746 return -EINVAL; 747 } 748 749 entry->buflist = kzalloc(count * sizeof(*entry->buflist), GFP_KERNEL); 750 if (!entry->buflist) { 751 mutex_unlock(&dev->struct_mutex); 752 atomic_dec(&dev->buf_alloc); 753 return -ENOMEM; 754 } 755 756 entry->buf_size = size; 757 entry->page_order = page_order; 758 759 offset = 0; 760 761 while (entry->buf_count < count) { 762 buf = &entry->buflist[entry->buf_count]; 763 buf->idx = dma->buf_count + entry->buf_count; 764 buf->total = alignment; 765 buf->order = order; 766 buf->used = 0; 767 768 buf->offset = (dma->byte_count + offset); 769 buf->bus_address = agp_offset + offset; 770 buf->address = (void *)(agp_offset + offset); 771 buf->next = NULL; 772 buf->waiting = 0; 773 buf->pending = 0; 774 buf->file_priv = NULL; 775 776 buf->dev_priv_size = dev->driver->dev_priv_size; 777 buf->dev_private = kzalloc(buf->dev_priv_size, GFP_KERNEL); 778 if (!buf->dev_private) { 779 /* Set count correctly so we free the proper amount. */ 780 entry->buf_count = count; 781 drm_cleanup_buf_error(dev, entry); 782 mutex_unlock(&dev->struct_mutex); 783 atomic_dec(&dev->buf_alloc); 784 return -ENOMEM; 785 } 786 787 DRM_DEBUG("buffer %d @ %p\n", entry->buf_count, buf->address); 788 789 offset += alignment; 790 entry->buf_count++; 791 byte_count += PAGE_SIZE << page_order; 792 } 793 794 DRM_DEBUG("byte_count: %d\n", byte_count); 795 796 temp_buflist = krealloc(dma->buflist, 797 (dma->buf_count + entry->buf_count) * 798 sizeof(*dma->buflist), GFP_KERNEL); 799 if (!temp_buflist) { 800 /* Free the entry because it isn't valid */ 801 drm_cleanup_buf_error(dev, entry); 802 mutex_unlock(&dev->struct_mutex); 803 atomic_dec(&dev->buf_alloc); 804 return -ENOMEM; 805 } 806 dma->buflist = temp_buflist; 807 808 for (i = 0; i < entry->buf_count; i++) { 809 dma->buflist[i + dma->buf_count] = &entry->buflist[i]; 810 } 811 812 dma->buf_count += entry->buf_count; 813 dma->seg_count += entry->seg_count; 814 dma->page_count += byte_count >> PAGE_SHIFT; 815 dma->byte_count += byte_count; 816 817 DRM_DEBUG("dma->buf_count : %d\n", dma->buf_count); 818 DRM_DEBUG("entry->buf_count : %d\n", entry->buf_count); 819 820 mutex_unlock(&dev->struct_mutex); 821 822 request->count = entry->buf_count; 823 request->size = size; 824 825 dma->flags = _DRM_DMA_USE_AGP; 826 827 atomic_dec(&dev->buf_alloc); 828 return 0; 829 } 830 EXPORT_SYMBOL(drm_legacy_addbufs_agp); 831 #endif /* CONFIG_AGP */ 832 833 int drm_legacy_addbufs_pci(struct drm_device *dev, 834 struct drm_buf_desc *request) 835 { 836 struct drm_device_dma *dma = dev->dma; 837 int count; 838 int order; 839 int size; 840 int total; 841 int page_order; 842 struct drm_buf_entry *entry; 843 drm_dma_handle_t *dmah; 844 struct drm_buf *buf; 845 int alignment; 846 unsigned long offset; 847 int i; 848 int byte_count; 849 int page_count; 850 unsigned long *temp_pagelist; 851 struct drm_buf **temp_buflist; 852 853 if (!drm_core_check_feature(dev, DRIVER_PCI_DMA)) 854 return -EINVAL; 855 856 if (!dma) 857 return -EINVAL; 858 859 #ifdef __NetBSD__ 860 if (!DRM_SUSER()) 861 return -EACCES; /* XXX */ 862 #else 863 if (!capable(CAP_SYS_ADMIN)) 864 return -EPERM; 865 #endif 866 867 count = request->count; 868 order = order_base_2(request->size); 869 size = 1 << order; 870 871 DRM_DEBUG("count=%d, size=%d (%d), order=%d\n", 872 request->count, request->size, size, order); 873 874 if (order < DRM_MIN_ORDER || order > DRM_MAX_ORDER) 875 return -EINVAL; 876 877 alignment = (request->flags & _DRM_PAGE_ALIGN) 878 ? PAGE_ALIGN(size) : size; 879 page_order = order - PAGE_SHIFT > 0 ? order - PAGE_SHIFT : 0; 880 total = PAGE_SIZE << page_order; 881 882 spin_lock(&dev->buf_lock); 883 if (dev->buf_use) { 884 spin_unlock(&dev->buf_lock); 885 return -EBUSY; 886 } 887 atomic_inc(&dev->buf_alloc); 888 spin_unlock(&dev->buf_lock); 889 890 mutex_lock(&dev->struct_mutex); 891 entry = &dma->bufs[order]; 892 if (entry->buf_count) { 893 mutex_unlock(&dev->struct_mutex); 894 atomic_dec(&dev->buf_alloc); 895 return -ENOMEM; /* May only call once for each order */ 896 } 897 898 if (count < 0 || count > 4096) { 899 mutex_unlock(&dev->struct_mutex); 900 atomic_dec(&dev->buf_alloc); 901 return -EINVAL; 902 } 903 904 entry->buflist = kzalloc(count * sizeof(*entry->buflist), GFP_KERNEL); 905 if (!entry->buflist) { 906 mutex_unlock(&dev->struct_mutex); 907 atomic_dec(&dev->buf_alloc); 908 return -ENOMEM; 909 } 910 911 entry->seglist = kzalloc(count * sizeof(*entry->seglist), GFP_KERNEL); 912 if (!entry->seglist) { 913 kfree(entry->buflist); 914 mutex_unlock(&dev->struct_mutex); 915 atomic_dec(&dev->buf_alloc); 916 return -ENOMEM; 917 } 918 919 /* Keep the original pagelist until we know all the allocations 920 * have succeeded 921 */ 922 temp_pagelist = kmalloc((dma->page_count + (count << page_order)) * 923 sizeof(*dma->pagelist), GFP_KERNEL); 924 if (!temp_pagelist) { 925 kfree(entry->buflist); 926 kfree(entry->seglist); 927 mutex_unlock(&dev->struct_mutex); 928 atomic_dec(&dev->buf_alloc); 929 return -ENOMEM; 930 } 931 memcpy(temp_pagelist, 932 dma->pagelist, dma->page_count * sizeof(*dma->pagelist)); 933 DRM_DEBUG("pagelist: %d entries\n", 934 dma->page_count + (count << page_order)); 935 936 entry->buf_size = size; 937 entry->page_order = page_order; 938 byte_count = 0; 939 page_count = 0; 940 941 while (entry->buf_count < count) { 942 943 dmah = drm_pci_alloc(dev, PAGE_SIZE << page_order, 0x1000); 944 945 if (!dmah) { 946 /* Set count correctly so we free the proper amount. */ 947 entry->buf_count = count; 948 entry->seg_count = count; 949 drm_cleanup_buf_error(dev, entry); 950 kfree(temp_pagelist); 951 mutex_unlock(&dev->struct_mutex); 952 atomic_dec(&dev->buf_alloc); 953 return -ENOMEM; 954 } 955 entry->seglist[entry->seg_count++] = dmah; 956 for (i = 0; i < (1 << page_order); i++) { 957 DRM_DEBUG("page %d @ 0x%08lx\n", 958 dma->page_count + page_count, 959 (unsigned long)dmah->vaddr + PAGE_SIZE * i); 960 temp_pagelist[dma->page_count + page_count++] 961 = (unsigned long)dmah->vaddr + PAGE_SIZE * i; 962 } 963 for (offset = 0; 964 offset + size <= total && entry->buf_count < count; 965 offset += alignment, ++entry->buf_count) { 966 buf = &entry->buflist[entry->buf_count]; 967 buf->idx = dma->buf_count + entry->buf_count; 968 buf->total = alignment; 969 buf->order = order; 970 buf->used = 0; 971 buf->offset = (dma->byte_count + byte_count + offset); 972 buf->address = (void *)((char *)dmah->vaddr + offset); 973 buf->bus_address = dmah->busaddr + offset; 974 buf->next = NULL; 975 buf->waiting = 0; 976 buf->pending = 0; 977 buf->file_priv = NULL; 978 979 buf->dev_priv_size = dev->driver->dev_priv_size; 980 buf->dev_private = kzalloc(buf->dev_priv_size, 981 GFP_KERNEL); 982 if (!buf->dev_private) { 983 /* Set count correctly so we free the proper amount. */ 984 entry->buf_count = count; 985 entry->seg_count = count; 986 drm_cleanup_buf_error(dev, entry); 987 kfree(temp_pagelist); 988 mutex_unlock(&dev->struct_mutex); 989 atomic_dec(&dev->buf_alloc); 990 return -ENOMEM; 991 } 992 993 DRM_DEBUG("buffer %d @ %p\n", 994 entry->buf_count, buf->address); 995 } 996 byte_count += PAGE_SIZE << page_order; 997 } 998 999 temp_buflist = krealloc(dma->buflist, 1000 (dma->buf_count + entry->buf_count) * 1001 sizeof(*dma->buflist), GFP_KERNEL); 1002 if (!temp_buflist) { 1003 /* Free the entry because it isn't valid */ 1004 drm_cleanup_buf_error(dev, entry); 1005 kfree(temp_pagelist); 1006 mutex_unlock(&dev->struct_mutex); 1007 atomic_dec(&dev->buf_alloc); 1008 return -ENOMEM; 1009 } 1010 dma->buflist = temp_buflist; 1011 1012 for (i = 0; i < entry->buf_count; i++) { 1013 dma->buflist[i + dma->buf_count] = &entry->buflist[i]; 1014 } 1015 1016 /* No allocations failed, so now we can replace the original pagelist 1017 * with the new one. 1018 */ 1019 if (dma->page_count) { 1020 kfree(dma->pagelist); 1021 } 1022 dma->pagelist = temp_pagelist; 1023 1024 dma->buf_count += entry->buf_count; 1025 dma->seg_count += entry->seg_count; 1026 dma->page_count += entry->seg_count << page_order; 1027 dma->byte_count += PAGE_SIZE * (entry->seg_count << page_order); 1028 1029 mutex_unlock(&dev->struct_mutex); 1030 1031 request->count = entry->buf_count; 1032 request->size = size; 1033 1034 if (request->flags & _DRM_PCI_BUFFER_RO) 1035 dma->flags = _DRM_DMA_USE_PCI_RO; 1036 1037 atomic_dec(&dev->buf_alloc); 1038 return 0; 1039 1040 } 1041 EXPORT_SYMBOL(drm_legacy_addbufs_pci); 1042 1043 static int drm_legacy_addbufs_sg(struct drm_device *dev, 1044 struct drm_buf_desc *request) 1045 { 1046 struct drm_device_dma *dma = dev->dma; 1047 struct drm_buf_entry *entry; 1048 struct drm_buf *buf; 1049 unsigned long offset; 1050 unsigned long agp_offset; 1051 int count; 1052 int order; 1053 int size; 1054 int alignment; 1055 int page_order; 1056 int total; 1057 int byte_count; 1058 int i; 1059 struct drm_buf **temp_buflist; 1060 1061 if (!drm_core_check_feature(dev, DRIVER_SG)) 1062 return -EINVAL; 1063 1064 if (!dma) 1065 return -EINVAL; 1066 1067 #ifdef __NetBSD__ 1068 if (!DRM_SUSER()) 1069 return -EACCES; /* XXX */ 1070 #else 1071 if (!capable(CAP_SYS_ADMIN)) 1072 return -EPERM; 1073 #endif 1074 1075 count = request->count; 1076 order = order_base_2(request->size); 1077 size = 1 << order; 1078 1079 alignment = (request->flags & _DRM_PAGE_ALIGN) 1080 ? PAGE_ALIGN(size) : size; 1081 page_order = order - PAGE_SHIFT > 0 ? order - PAGE_SHIFT : 0; 1082 total = PAGE_SIZE << page_order; 1083 1084 byte_count = 0; 1085 agp_offset = request->agp_start; 1086 1087 DRM_DEBUG("count: %d\n", count); 1088 DRM_DEBUG("order: %d\n", order); 1089 DRM_DEBUG("size: %d\n", size); 1090 DRM_DEBUG("agp_offset: %lu\n", agp_offset); 1091 DRM_DEBUG("alignment: %d\n", alignment); 1092 DRM_DEBUG("page_order: %d\n", page_order); 1093 DRM_DEBUG("total: %d\n", total); 1094 1095 if (order < DRM_MIN_ORDER || order > DRM_MAX_ORDER) 1096 return -EINVAL; 1097 1098 spin_lock(&dev->buf_lock); 1099 if (dev->buf_use) { 1100 spin_unlock(&dev->buf_lock); 1101 return -EBUSY; 1102 } 1103 atomic_inc(&dev->buf_alloc); 1104 spin_unlock(&dev->buf_lock); 1105 1106 mutex_lock(&dev->struct_mutex); 1107 entry = &dma->bufs[order]; 1108 if (entry->buf_count) { 1109 mutex_unlock(&dev->struct_mutex); 1110 atomic_dec(&dev->buf_alloc); 1111 return -ENOMEM; /* May only call once for each order */ 1112 } 1113 1114 if (count < 0 || count > 4096) { 1115 mutex_unlock(&dev->struct_mutex); 1116 atomic_dec(&dev->buf_alloc); 1117 return -EINVAL; 1118 } 1119 1120 entry->buflist = kzalloc(count * sizeof(*entry->buflist), 1121 GFP_KERNEL); 1122 if (!entry->buflist) { 1123 mutex_unlock(&dev->struct_mutex); 1124 atomic_dec(&dev->buf_alloc); 1125 return -ENOMEM; 1126 } 1127 1128 entry->buf_size = size; 1129 entry->page_order = page_order; 1130 1131 offset = 0; 1132 1133 while (entry->buf_count < count) { 1134 buf = &entry->buflist[entry->buf_count]; 1135 buf->idx = dma->buf_count + entry->buf_count; 1136 buf->total = alignment; 1137 buf->order = order; 1138 buf->used = 0; 1139 1140 buf->offset = (dma->byte_count + offset); 1141 buf->bus_address = agp_offset + offset; 1142 buf->address = (void *)(agp_offset + offset 1143 + (unsigned long)dev->sg->virtual); 1144 buf->next = NULL; 1145 buf->waiting = 0; 1146 buf->pending = 0; 1147 buf->file_priv = NULL; 1148 1149 buf->dev_priv_size = dev->driver->dev_priv_size; 1150 buf->dev_private = kzalloc(buf->dev_priv_size, GFP_KERNEL); 1151 if (!buf->dev_private) { 1152 /* Set count correctly so we free the proper amount. */ 1153 entry->buf_count = count; 1154 drm_cleanup_buf_error(dev, entry); 1155 mutex_unlock(&dev->struct_mutex); 1156 atomic_dec(&dev->buf_alloc); 1157 return -ENOMEM; 1158 } 1159 1160 DRM_DEBUG("buffer %d @ %p\n", entry->buf_count, buf->address); 1161 1162 offset += alignment; 1163 entry->buf_count++; 1164 byte_count += PAGE_SIZE << page_order; 1165 } 1166 1167 DRM_DEBUG("byte_count: %d\n", byte_count); 1168 1169 temp_buflist = krealloc(dma->buflist, 1170 (dma->buf_count + entry->buf_count) * 1171 sizeof(*dma->buflist), GFP_KERNEL); 1172 if (!temp_buflist) { 1173 /* Free the entry because it isn't valid */ 1174 drm_cleanup_buf_error(dev, entry); 1175 mutex_unlock(&dev->struct_mutex); 1176 atomic_dec(&dev->buf_alloc); 1177 return -ENOMEM; 1178 } 1179 dma->buflist = temp_buflist; 1180 1181 for (i = 0; i < entry->buf_count; i++) { 1182 dma->buflist[i + dma->buf_count] = &entry->buflist[i]; 1183 } 1184 1185 dma->buf_count += entry->buf_count; 1186 dma->seg_count += entry->seg_count; 1187 dma->page_count += byte_count >> PAGE_SHIFT; 1188 dma->byte_count += byte_count; 1189 1190 DRM_DEBUG("dma->buf_count : %d\n", dma->buf_count); 1191 DRM_DEBUG("entry->buf_count : %d\n", entry->buf_count); 1192 1193 mutex_unlock(&dev->struct_mutex); 1194 1195 request->count = entry->buf_count; 1196 request->size = size; 1197 1198 dma->flags = _DRM_DMA_USE_SG; 1199 1200 atomic_dec(&dev->buf_alloc); 1201 return 0; 1202 } 1203 1204 /** 1205 * Add buffers for DMA transfers (ioctl). 1206 * 1207 * \param inode device inode. 1208 * \param file_priv DRM file private. 1209 * \param cmd command. 1210 * \param arg pointer to a struct drm_buf_desc request. 1211 * \return zero on success or a negative number on failure. 1212 * 1213 * According with the memory type specified in drm_buf_desc::flags and the 1214 * build options, it dispatches the call either to addbufs_agp(), 1215 * addbufs_sg() or addbufs_pci() for AGP, scatter-gather or consistent 1216 * PCI memory respectively. 1217 */ 1218 int drm_legacy_addbufs(struct drm_device *dev, void *data, 1219 struct drm_file *file_priv) 1220 { 1221 struct drm_buf_desc *request = data; 1222 int ret; 1223 1224 if (drm_core_check_feature(dev, DRIVER_MODESET)) 1225 return -EINVAL; 1226 1227 if (!drm_core_check_feature(dev, DRIVER_HAVE_DMA)) 1228 return -EINVAL; 1229 1230 #if IS_ENABLED(CONFIG_AGP) 1231 if (request->flags & _DRM_AGP_BUFFER) 1232 ret = drm_legacy_addbufs_agp(dev, request); 1233 else 1234 #endif 1235 if (request->flags & _DRM_SG_BUFFER) 1236 ret = drm_legacy_addbufs_sg(dev, request); 1237 else if (request->flags & _DRM_FB_BUFFER) 1238 ret = -EINVAL; 1239 else 1240 ret = drm_legacy_addbufs_pci(dev, request); 1241 1242 return ret; 1243 } 1244 1245 /** 1246 * Get information about the buffer mappings. 1247 * 1248 * This was originally mean for debugging purposes, or by a sophisticated 1249 * client library to determine how best to use the available buffers (e.g., 1250 * large buffers can be used for image transfer). 1251 * 1252 * \param inode device inode. 1253 * \param file_priv DRM file private. 1254 * \param cmd command. 1255 * \param arg pointer to a drm_buf_info structure. 1256 * \return zero on success or a negative number on failure. 1257 * 1258 * Increments drm_device::buf_use while holding the drm_device::buf_lock 1259 * lock, preventing of allocating more buffers after this call. Information 1260 * about each requested buffer is then copied into user space. 1261 */ 1262 int drm_legacy_infobufs(struct drm_device *dev, void *data, 1263 struct drm_file *file_priv) 1264 { 1265 struct drm_device_dma *dma = dev->dma; 1266 struct drm_buf_info *request = data; 1267 int i; 1268 int count; 1269 1270 if (drm_core_check_feature(dev, DRIVER_MODESET)) 1271 return -EINVAL; 1272 1273 if (!drm_core_check_feature(dev, DRIVER_HAVE_DMA)) 1274 return -EINVAL; 1275 1276 if (!dma) 1277 return -EINVAL; 1278 1279 spin_lock(&dev->buf_lock); 1280 if (atomic_read(&dev->buf_alloc)) { 1281 spin_unlock(&dev->buf_lock); 1282 return -EBUSY; 1283 } 1284 ++dev->buf_use; /* Can't allocate more after this call */ 1285 spin_unlock(&dev->buf_lock); 1286 1287 for (i = 0, count = 0; i < DRM_MAX_ORDER + 1; i++) { 1288 if (dma->bufs[i].buf_count) 1289 ++count; 1290 } 1291 1292 DRM_DEBUG("count = %d\n", count); 1293 1294 if (request->count >= count) { 1295 for (i = 0, count = 0; i < DRM_MAX_ORDER + 1; i++) { 1296 if (dma->bufs[i].buf_count) { 1297 struct drm_buf_desc __user *to = 1298 &request->list[count]; 1299 struct drm_buf_entry *from = &dma->bufs[i]; 1300 if (copy_to_user(&to->count, 1301 &from->buf_count, 1302 sizeof(from->buf_count)) || 1303 copy_to_user(&to->size, 1304 &from->buf_size, 1305 sizeof(from->buf_size)) || 1306 copy_to_user(&to->low_mark, 1307 &from->low_mark, 1308 sizeof(from->low_mark)) || 1309 copy_to_user(&to->high_mark, 1310 &from->high_mark, 1311 sizeof(from->high_mark))) 1312 return -EFAULT; 1313 1314 DRM_DEBUG("%d %d %d %d %d\n", 1315 i, 1316 dma->bufs[i].buf_count, 1317 dma->bufs[i].buf_size, 1318 dma->bufs[i].low_mark, 1319 dma->bufs[i].high_mark); 1320 ++count; 1321 } 1322 } 1323 } 1324 request->count = count; 1325 1326 return 0; 1327 } 1328 1329 /** 1330 * Specifies a low and high water mark for buffer allocation 1331 * 1332 * \param inode device inode. 1333 * \param file_priv DRM file private. 1334 * \param cmd command. 1335 * \param arg a pointer to a drm_buf_desc structure. 1336 * \return zero on success or a negative number on failure. 1337 * 1338 * Verifies that the size order is bounded between the admissible orders and 1339 * updates the respective drm_device_dma::bufs entry low and high water mark. 1340 * 1341 * \note This ioctl is deprecated and mostly never used. 1342 */ 1343 int drm_legacy_markbufs(struct drm_device *dev, void *data, 1344 struct drm_file *file_priv) 1345 { 1346 struct drm_device_dma *dma = dev->dma; 1347 struct drm_buf_desc *request = data; 1348 int order; 1349 struct drm_buf_entry *entry; 1350 1351 if (drm_core_check_feature(dev, DRIVER_MODESET)) 1352 return -EINVAL; 1353 1354 if (!drm_core_check_feature(dev, DRIVER_HAVE_DMA)) 1355 return -EINVAL; 1356 1357 if (!dma) 1358 return -EINVAL; 1359 1360 DRM_DEBUG("%d, %d, %d\n", 1361 request->size, request->low_mark, request->high_mark); 1362 order = order_base_2(request->size); 1363 if (order < DRM_MIN_ORDER || order > DRM_MAX_ORDER) 1364 return -EINVAL; 1365 entry = &dma->bufs[order]; 1366 1367 if (request->low_mark < 0 || request->low_mark > entry->buf_count) 1368 return -EINVAL; 1369 if (request->high_mark < 0 || request->high_mark > entry->buf_count) 1370 return -EINVAL; 1371 1372 entry->low_mark = request->low_mark; 1373 entry->high_mark = request->high_mark; 1374 1375 return 0; 1376 } 1377 1378 /** 1379 * Unreserve the buffers in list, previously reserved using drmDMA. 1380 * 1381 * \param inode device inode. 1382 * \param file_priv DRM file private. 1383 * \param cmd command. 1384 * \param arg pointer to a drm_buf_free structure. 1385 * \return zero on success or a negative number on failure. 1386 * 1387 * Calls free_buffer() for each used buffer. 1388 * This function is primarily used for debugging. 1389 */ 1390 int drm_legacy_freebufs(struct drm_device *dev, void *data, 1391 struct drm_file *file_priv) 1392 { 1393 struct drm_device_dma *dma = dev->dma; 1394 struct drm_buf_free *request = data; 1395 int i; 1396 int idx; 1397 struct drm_buf *buf; 1398 1399 if (drm_core_check_feature(dev, DRIVER_MODESET)) 1400 return -EINVAL; 1401 1402 if (!drm_core_check_feature(dev, DRIVER_HAVE_DMA)) 1403 return -EINVAL; 1404 1405 if (!dma) 1406 return -EINVAL; 1407 1408 DRM_DEBUG("%d\n", request->count); 1409 for (i = 0; i < request->count; i++) { 1410 if (copy_from_user(&idx, &request->list[i], sizeof(idx))) 1411 return -EFAULT; 1412 if (idx < 0 || idx >= dma->buf_count) { 1413 DRM_ERROR("Index %d (of %d max)\n", 1414 idx, dma->buf_count - 1); 1415 return -EINVAL; 1416 } 1417 buf = dma->buflist[idx]; 1418 if (buf->file_priv != file_priv) { 1419 DRM_ERROR("Process %d freeing buffer not owned\n", 1420 task_pid_nr(current)); 1421 return -EINVAL; 1422 } 1423 drm_legacy_free_buffer(dev, buf); 1424 } 1425 1426 return 0; 1427 } 1428 1429 /** 1430 * Maps all of the DMA buffers into client-virtual space (ioctl). 1431 * 1432 * \param inode device inode. 1433 * \param file_priv DRM file private. 1434 * \param cmd command. 1435 * \param arg pointer to a drm_buf_map structure. 1436 * \return zero on success or a negative number on failure. 1437 * 1438 * Maps the AGP, SG or PCI buffer region with vm_mmap(), and copies information 1439 * about each buffer into user space. For PCI buffers, it calls vm_mmap() with 1440 * offset equal to 0, which drm_mmap() interpretes as PCI buffers and calls 1441 * drm_mmap_dma(). 1442 */ 1443 int drm_legacy_mapbufs(struct drm_device *dev, void *data, 1444 struct drm_file *file_priv) 1445 { 1446 struct drm_device_dma *dma = dev->dma; 1447 int retcode = 0; 1448 const int zero = 0; 1449 unsigned long virtual; 1450 unsigned long address; 1451 struct drm_buf_map *request = data; 1452 int i; 1453 1454 if (drm_core_check_feature(dev, DRIVER_MODESET)) 1455 return -EINVAL; 1456 1457 if (!drm_core_check_feature(dev, DRIVER_HAVE_DMA)) 1458 return -EINVAL; 1459 1460 if (!dma) 1461 return -EINVAL; 1462 1463 spin_lock(&dev->buf_lock); 1464 if (atomic_read(&dev->buf_alloc)) { 1465 spin_unlock(&dev->buf_lock); 1466 return -EBUSY; 1467 } 1468 dev->buf_use++; /* Can't allocate more after this call */ 1469 spin_unlock(&dev->buf_lock); 1470 1471 if (request->count >= dma->buf_count) { 1472 if ((dev->agp && (dma->flags & _DRM_DMA_USE_AGP)) 1473 || (drm_core_check_feature(dev, DRIVER_SG) 1474 && (dma->flags & _DRM_DMA_USE_SG))) { 1475 struct drm_local_map *map = dev->agp_buffer_map; 1476 unsigned long token = dev->agp_buffer_token; 1477 1478 if (!map) { 1479 retcode = -EINVAL; 1480 goto done; 1481 } 1482 virtual = vm_mmap(file_priv->filp, 0, map->size, 1483 PROT_READ | PROT_WRITE, 1484 MAP_SHARED, 1485 token); 1486 } else { 1487 virtual = vm_mmap(file_priv->filp, 0, dma->byte_count, 1488 PROT_READ | PROT_WRITE, 1489 MAP_SHARED, 0); 1490 } 1491 if (virtual > -1024UL) { 1492 /* Real error */ 1493 retcode = (signed long)virtual; 1494 goto done; 1495 } 1496 request->virtual = (void __user *)virtual; 1497 1498 for (i = 0; i < dma->buf_count; i++) { 1499 if (copy_to_user(&request->list[i].idx, 1500 &dma->buflist[i]->idx, 1501 sizeof(request->list[0].idx))) { 1502 retcode = -EFAULT; 1503 goto done; 1504 } 1505 if (copy_to_user(&request->list[i].total, 1506 &dma->buflist[i]->total, 1507 sizeof(request->list[0].total))) { 1508 retcode = -EFAULT; 1509 goto done; 1510 } 1511 if (copy_to_user(&request->list[i].used, 1512 &zero, sizeof(zero))) { 1513 retcode = -EFAULT; 1514 goto done; 1515 } 1516 address = virtual + dma->buflist[i]->offset; /* *** */ 1517 if (copy_to_user(&request->list[i].address, 1518 &address, sizeof(address))) { 1519 retcode = -EFAULT; 1520 goto done; 1521 } 1522 } 1523 } 1524 done: 1525 request->count = dma->buf_count; 1526 DRM_DEBUG("%d buffers, retcode = %d\n", request->count, retcode); 1527 1528 return retcode; 1529 } 1530 1531 int drm_legacy_dma_ioctl(struct drm_device *dev, void *data, 1532 struct drm_file *file_priv) 1533 { 1534 if (drm_core_check_feature(dev, DRIVER_MODESET)) 1535 return -EINVAL; 1536 1537 if (dev->driver->dma_ioctl) 1538 return dev->driver->dma_ioctl(dev, data, file_priv); 1539 else 1540 return -EINVAL; 1541 } 1542 1543 struct drm_local_map *drm_legacy_getsarea(struct drm_device *dev) 1544 { 1545 struct drm_map_list *entry; 1546 1547 list_for_each_entry(entry, &dev->maplist, head) { 1548 if (entry->map && entry->map->type == _DRM_SHM && 1549 (entry->map->flags & _DRM_CONTAINS_LOCK)) { 1550 return entry->map; 1551 } 1552 } 1553 return NULL; 1554 } 1555 EXPORT_SYMBOL(drm_legacy_getsarea); 1556
Indexes created Sun Oct 19 02:09:48 GMT 2025