1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36#include <linux/export.h>
37#include <linux/pci.h>
38#include <linux/seq_file.h>
39#include <linux/vmalloc.h>
40
41#if defined(__ia64__)
42#include <linux/efi.h>
43#include <linux/slab.h>
44#endif
45#include <linux/mem_encrypt.h>
46
47#include <asm/pgtable.h>
48
49#include <drm/drm_agpsupport.h>
50#include <drm/drm_device.h>
51#include <drm/drm_drv.h>
52#include <drm/drm_file.h>
53#include <drm/drm_framebuffer.h>
54#include <drm/drm_gem.h>
55#include <drm/drm_print.h>
56
57#include "drm_internal.h"
58#include "drm_legacy.h"
59
60struct drm_vma_entry {
61 struct list_head head;
62 struct vm_area_struct *vma;
63 pid_t pid;
64};
65
66static void drm_vm_open(struct vm_area_struct *vma);
67static void drm_vm_close(struct vm_area_struct *vma);
68
69static pgprot_t drm_io_prot(struct drm_local_map *map,
70 struct vm_area_struct *vma)
71{
72 pgprot_t tmp = vm_get_page_prot(vma->vm_flags);
73
74
75 tmp = pgprot_decrypted(tmp);
76
77#if defined(__i386__) || defined(__x86_64__) || defined(__powerpc__) || \
78 defined(__mips__)
79 if (map->type == _DRM_REGISTERS && !(map->flags & _DRM_WRITE_COMBINING))
80 tmp = pgprot_noncached(tmp);
81 else
82 tmp = pgprot_writecombine(tmp);
83#elif defined(__ia64__)
84 if (efi_range_is_wc(vma->vm_start, vma->vm_end -
85 vma->vm_start))
86 tmp = pgprot_writecombine(tmp);
87 else
88 tmp = pgprot_noncached(tmp);
89#elif defined(__sparc__) || defined(__arm__)
90 tmp = pgprot_noncached(tmp);
91#endif
92 return tmp;
93}
94
95static pgprot_t drm_dma_prot(uint32_t map_type, struct vm_area_struct *vma)
96{
97 pgprot_t tmp = vm_get_page_prot(vma->vm_flags);
98
99#if defined(__powerpc__) && defined(CONFIG_NOT_COHERENT_CACHE)
100 tmp = pgprot_noncached_wc(tmp);
101#endif
102 return tmp;
103}
104
105
106
107
108
109
110
111
112
113
114
115#if IS_ENABLED(CONFIG_AGP)
116static vm_fault_t drm_vm_fault(struct vm_fault *vmf)
117{
118 struct vm_area_struct *vma = vmf->vma;
119 struct drm_file *priv = vma->vm_file->private_data;
120 struct drm_device *dev = priv->minor->dev;
121 struct drm_local_map *map = NULL;
122 struct drm_map_list *r_list;
123 struct drm_hash_item *hash;
124
125
126
127
128 if (!dev->agp)
129 goto vm_fault_error;
130
131 if (!dev->agp || !dev->agp->cant_use_aperture)
132 goto vm_fault_error;
133
134 if (drm_ht_find_item(&dev->map_hash, vma->vm_pgoff, &hash))
135 goto vm_fault_error;
136
137 r_list = drm_hash_entry(hash, struct drm_map_list, hash);
138 map = r_list->map;
139
140 if (map && map->type == _DRM_AGP) {
141
142
143
144
145 resource_size_t offset = vmf->address - vma->vm_start;
146 resource_size_t baddr = map->offset + offset;
147 struct drm_agp_mem *agpmem;
148 struct page *page;
149
150#ifdef __alpha__
151
152
153
154 baddr -= dev->hose->mem_space->start;
155#endif
156
157
158
159
160 list_for_each_entry(agpmem, &dev->agp->memory, head) {
161 if (agpmem->bound <= baddr &&
162 agpmem->bound + agpmem->pages * PAGE_SIZE > baddr)
163 break;
164 }
165
166 if (&agpmem->head == &dev->agp->memory)
167 goto vm_fault_error;
168
169
170
171
172 offset = (baddr - agpmem->bound) >> PAGE_SHIFT;
173 page = agpmem->memory->pages[offset];
174 get_page(page);
175 vmf->page = page;
176
177 DRM_DEBUG
178 ("baddr = 0x%llx page = 0x%p, offset = 0x%llx, count=%d\n",
179 (unsigned long long)baddr,
180 agpmem->memory->pages[offset],
181 (unsigned long long)offset,
182 page_count(page));
183 return 0;
184 }
185vm_fault_error:
186 return VM_FAULT_SIGBUS;
187}
188#else
189static vm_fault_t drm_vm_fault(struct vm_fault *vmf)
190{
191 return VM_FAULT_SIGBUS;
192}
193#endif
194
195
196
197
198
199
200
201
202
203
204
205static vm_fault_t drm_vm_shm_fault(struct vm_fault *vmf)
206{
207 struct vm_area_struct *vma = vmf->vma;
208 struct drm_local_map *map = vma->vm_private_data;
209 unsigned long offset;
210 unsigned long i;
211 struct page *page;
212
213 if (!map)
214 return VM_FAULT_SIGBUS;
215
216 offset = vmf->address - vma->vm_start;
217 i = (unsigned long)map->handle + offset;
218 page = vmalloc_to_page((void *)i);
219 if (!page)
220 return VM_FAULT_SIGBUS;
221 get_page(page);
222 vmf->page = page;
223
224 DRM_DEBUG("shm_fault 0x%lx\n", offset);
225 return 0;
226}
227
228
229
230
231
232
233
234
235
236static void drm_vm_shm_close(struct vm_area_struct *vma)
237{
238 struct drm_file *priv = vma->vm_file->private_data;
239 struct drm_device *dev = priv->minor->dev;
240 struct drm_vma_entry *pt, *temp;
241 struct drm_local_map *map;
242 struct drm_map_list *r_list;
243 int found_maps = 0;
244
245 DRM_DEBUG("0x%08lx,0x%08lx\n",
246 vma->vm_start, vma->vm_end - vma->vm_start);
247
248 map = vma->vm_private_data;
249
250 mutex_lock(&dev->struct_mutex);
251 list_for_each_entry_safe(pt, temp, &dev->vmalist, head) {
252 if (pt->vma->vm_private_data == map)
253 found_maps++;
254 if (pt->vma == vma) {
255 list_del(&pt->head);
256 kfree(pt);
257 }
258 }
259
260
261 if (found_maps == 1 && map->flags & _DRM_REMOVABLE) {
262
263
264
265 found_maps = 0;
266 list_for_each_entry(r_list, &dev->maplist, head) {
267 if (r_list->map == map)
268 found_maps++;
269 }
270
271 if (!found_maps) {
272 drm_dma_handle_t dmah;
273
274 switch (map->type) {
275 case _DRM_REGISTERS:
276 case _DRM_FRAME_BUFFER:
277 arch_phys_wc_del(map->mtrr);
278 iounmap(map->handle);
279 break;
280 case _DRM_SHM:
281 vfree(map->handle);
282 break;
283 case _DRM_AGP:
284 case _DRM_SCATTER_GATHER:
285 break;
286 case _DRM_CONSISTENT:
287 dmah.vaddr = map->handle;
288 dmah.busaddr = map->offset;
289 dmah.size = map->size;
290 __drm_legacy_pci_free(dev, &dmah);
291 break;
292 }
293 kfree(map);
294 }
295 }
296 mutex_unlock(&dev->struct_mutex);
297}
298
299
300
301
302
303
304
305
306
307static vm_fault_t drm_vm_dma_fault(struct vm_fault *vmf)
308{
309 struct vm_area_struct *vma = vmf->vma;
310 struct drm_file *priv = vma->vm_file->private_data;
311 struct drm_device *dev = priv->minor->dev;
312 struct drm_device_dma *dma = dev->dma;
313 unsigned long offset;
314 unsigned long page_nr;
315 struct page *page;
316
317 if (!dma)
318 return VM_FAULT_SIGBUS;
319 if (!dma->pagelist)
320 return VM_FAULT_SIGBUS;
321
322 offset = vmf->address - vma->vm_start;
323
324 page_nr = offset >> PAGE_SHIFT;
325 page = virt_to_page((void *)dma->pagelist[page_nr]);
326
327 get_page(page);
328 vmf->page = page;
329
330 DRM_DEBUG("dma_fault 0x%lx (page %lu)\n", offset, page_nr);
331 return 0;
332}
333
334
335
336
337
338
339
340
341
342static vm_fault_t drm_vm_sg_fault(struct vm_fault *vmf)
343{
344 struct vm_area_struct *vma = vmf->vma;
345 struct drm_local_map *map = vma->vm_private_data;
346 struct drm_file *priv = vma->vm_file->private_data;
347 struct drm_device *dev = priv->minor->dev;
348 struct drm_sg_mem *entry = dev->sg;
349 unsigned long offset;
350 unsigned long map_offset;
351 unsigned long page_offset;
352 struct page *page;
353
354 if (!entry)
355 return VM_FAULT_SIGBUS;
356 if (!entry->pagelist)
357 return VM_FAULT_SIGBUS;
358
359 offset = vmf->address - vma->vm_start;
360 map_offset = map->offset - (unsigned long)dev->sg->virtual;
361 page_offset = (offset >> PAGE_SHIFT) + (map_offset >> PAGE_SHIFT);
362 page = entry->pagelist[page_offset];
363 get_page(page);
364 vmf->page = page;
365
366 return 0;
367}
368
369
370static const struct vm_operations_struct drm_vm_ops = {
371 .fault = drm_vm_fault,
372 .open = drm_vm_open,
373 .close = drm_vm_close,
374};
375
376
377static const struct vm_operations_struct drm_vm_shm_ops = {
378 .fault = drm_vm_shm_fault,
379 .open = drm_vm_open,
380 .close = drm_vm_shm_close,
381};
382
383
384static const struct vm_operations_struct drm_vm_dma_ops = {
385 .fault = drm_vm_dma_fault,
386 .open = drm_vm_open,
387 .close = drm_vm_close,
388};
389
390
391static const struct vm_operations_struct drm_vm_sg_ops = {
392 .fault = drm_vm_sg_fault,
393 .open = drm_vm_open,
394 .close = drm_vm_close,
395};
396
397static void drm_vm_open_locked(struct drm_device *dev,
398 struct vm_area_struct *vma)
399{
400 struct drm_vma_entry *vma_entry;
401
402 DRM_DEBUG("0x%08lx,0x%08lx\n",
403 vma->vm_start, vma->vm_end - vma->vm_start);
404
405 vma_entry = kmalloc(sizeof(*vma_entry), GFP_KERNEL);
406 if (vma_entry) {
407 vma_entry->vma = vma;
408 vma_entry->pid = current->pid;
409 list_add(&vma_entry->head, &dev->vmalist);
410 }
411}
412
413static void drm_vm_open(struct vm_area_struct *vma)
414{
415 struct drm_file *priv = vma->vm_file->private_data;
416 struct drm_device *dev = priv->minor->dev;
417
418 mutex_lock(&dev->struct_mutex);
419 drm_vm_open_locked(dev, vma);
420 mutex_unlock(&dev->struct_mutex);
421}
422
423static void drm_vm_close_locked(struct drm_device *dev,
424 struct vm_area_struct *vma)
425{
426 struct drm_vma_entry *pt, *temp;
427
428 DRM_DEBUG("0x%08lx,0x%08lx\n",
429 vma->vm_start, vma->vm_end - vma->vm_start);
430
431 list_for_each_entry_safe(pt, temp, &dev->vmalist, head) {
432 if (pt->vma == vma) {
433 list_del(&pt->head);
434 kfree(pt);
435 break;
436 }
437 }
438}
439
440
441
442
443
444
445
446
447
448static void drm_vm_close(struct vm_area_struct *vma)
449{
450 struct drm_file *priv = vma->vm_file->private_data;
451 struct drm_device *dev = priv->minor->dev;
452
453 mutex_lock(&dev->struct_mutex);
454 drm_vm_close_locked(dev, vma);
455 mutex_unlock(&dev->struct_mutex);
456}
457
458
459
460
461
462
463
464
465
466
467
468static int drm_mmap_dma(struct file *filp, struct vm_area_struct *vma)
469{
470 struct drm_file *priv = filp->private_data;
471 struct drm_device *dev;
472 struct drm_device_dma *dma;
473 unsigned long length = vma->vm_end - vma->vm_start;
474
475 dev = priv->minor->dev;
476 dma = dev->dma;
477 DRM_DEBUG("start = 0x%lx, end = 0x%lx, page offset = 0x%lx\n",
478 vma->vm_start, vma->vm_end, vma->vm_pgoff);
479
480
481 if (!dma || (length >> PAGE_SHIFT) != dma->page_count) {
482 return -EINVAL;
483 }
484
485 if (!capable(CAP_SYS_ADMIN) &&
486 (dma->flags & _DRM_DMA_USE_PCI_RO)) {
487 vma->vm_flags &= ~(VM_WRITE | VM_MAYWRITE);
488#if defined(__i386__) || defined(__x86_64__)
489 pgprot_val(vma->vm_page_prot) &= ~_PAGE_RW;
490#else
491
492
493
494 vma->vm_page_prot =
495 __pgprot(pte_val
496 (pte_wrprotect
497 (__pte(pgprot_val(vma->vm_page_prot)))));
498#endif
499 }
500
501 vma->vm_ops = &drm_vm_dma_ops;
502
503 vma->vm_flags |= VM_DONTEXPAND | VM_DONTDUMP;
504
505 drm_vm_open_locked(dev, vma);
506 return 0;
507}
508
509static resource_size_t drm_core_get_reg_ofs(struct drm_device *dev)
510{
511#ifdef __alpha__
512 return dev->hose->dense_mem_base;
513#else
514 return 0;
515#endif
516}
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531static int drm_mmap_locked(struct file *filp, struct vm_area_struct *vma)
532{
533 struct drm_file *priv = filp->private_data;
534 struct drm_device *dev = priv->minor->dev;
535 struct drm_local_map *map = NULL;
536 resource_size_t offset = 0;
537 struct drm_hash_item *hash;
538
539 DRM_DEBUG("start = 0x%lx, end = 0x%lx, page offset = 0x%lx\n",
540 vma->vm_start, vma->vm_end, vma->vm_pgoff);
541
542 if (!priv->authenticated)
543 return -EACCES;
544
545
546
547
548
549 if (!vma->vm_pgoff
550#if IS_ENABLED(CONFIG_AGP)
551 && (!dev->agp
552 || dev->agp->agp_info.device->vendor != PCI_VENDOR_ID_APPLE)
553#endif
554 )
555 return drm_mmap_dma(filp, vma);
556
557 if (drm_ht_find_item(&dev->map_hash, vma->vm_pgoff, &hash)) {
558 DRM_ERROR("Could not find map\n");
559 return -EINVAL;
560 }
561
562 map = drm_hash_entry(hash, struct drm_map_list, hash)->map;
563 if (!map || ((map->flags & _DRM_RESTRICTED) && !capable(CAP_SYS_ADMIN)))
564 return -EPERM;
565
566
567 if (map->size < vma->vm_end - vma->vm_start)
568 return -EINVAL;
569
570 if (!capable(CAP_SYS_ADMIN) && (map->flags & _DRM_READ_ONLY)) {
571 vma->vm_flags &= ~(VM_WRITE | VM_MAYWRITE);
572#if defined(__i386__) || defined(__x86_64__)
573 pgprot_val(vma->vm_page_prot) &= ~_PAGE_RW;
574#else
575
576
577
578 vma->vm_page_prot =
579 __pgprot(pte_val
580 (pte_wrprotect
581 (__pte(pgprot_val(vma->vm_page_prot)))));
582#endif
583 }
584
585 switch (map->type) {
586#if !defined(__arm__)
587 case _DRM_AGP:
588 if (dev->agp && dev->agp->cant_use_aperture) {
589
590
591
592
593
594#if defined(__powerpc__)
595 vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot);
596#endif
597 vma->vm_ops = &drm_vm_ops;
598 break;
599 }
600#endif
601
602 case _DRM_FRAME_BUFFER:
603 case _DRM_REGISTERS:
604 offset = drm_core_get_reg_ofs(dev);
605 vma->vm_page_prot = drm_io_prot(map, vma);
606 if (io_remap_pfn_range(vma, vma->vm_start,
607 (map->offset + offset) >> PAGE_SHIFT,
608 vma->vm_end - vma->vm_start,
609 vma->vm_page_prot))
610 return -EAGAIN;
611 DRM_DEBUG(" Type = %d; start = 0x%lx, end = 0x%lx,"
612 " offset = 0x%llx\n",
613 map->type,
614 vma->vm_start, vma->vm_end, (unsigned long long)(map->offset + offset));
615
616 vma->vm_ops = &drm_vm_ops;
617 break;
618 case _DRM_CONSISTENT:
619
620
621 if (remap_pfn_range(vma, vma->vm_start,
622 page_to_pfn(virt_to_page(map->handle)),
623 vma->vm_end - vma->vm_start, vma->vm_page_prot))
624 return -EAGAIN;
625 vma->vm_page_prot = drm_dma_prot(map->type, vma);
626
627 case _DRM_SHM:
628 vma->vm_ops = &drm_vm_shm_ops;
629 vma->vm_private_data = (void *)map;
630 break;
631 case _DRM_SCATTER_GATHER:
632 vma->vm_ops = &drm_vm_sg_ops;
633 vma->vm_private_data = (void *)map;
634 vma->vm_page_prot = drm_dma_prot(map->type, vma);
635 break;
636 default:
637 return -EINVAL;
638 }
639 vma->vm_flags |= VM_DONTEXPAND | VM_DONTDUMP;
640
641 drm_vm_open_locked(dev, vma);
642 return 0;
643}
644
645int drm_legacy_mmap(struct file *filp, struct vm_area_struct *vma)
646{
647 struct drm_file *priv = filp->private_data;
648 struct drm_device *dev = priv->minor->dev;
649 int ret;
650
651 if (drm_dev_is_unplugged(dev))
652 return -ENODEV;
653
654 mutex_lock(&dev->struct_mutex);
655 ret = drm_mmap_locked(filp, vma);
656 mutex_unlock(&dev->struct_mutex);
657
658 return ret;
659}
660EXPORT_SYMBOL(drm_legacy_mmap);
661
662#if IS_ENABLED(CONFIG_DRM_LEGACY)
663void drm_legacy_vma_flush(struct drm_device *dev)
664{
665 struct drm_vma_entry *vma, *vma_temp;
666
667
668 list_for_each_entry_safe(vma, vma_temp, &dev->vmalist, head) {
669 list_del(&vma->head);
670 kfree(vma);
671 }
672}
673#endif
674