1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36#include <drm/drmP.h>
37#include <linux/export.h>
38#include <linux/seq_file.h>
39#if defined(__ia64__)
40#include <linux/efi.h>
41#include <linux/slab.h>
42#endif
43#include <linux/mem_encrypt.h>
44#include <asm/pgtable.h>
45#include "drm_internal.h"
46#include "drm_legacy.h"
47
48struct drm_vma_entry {
49 struct list_head head;
50 struct vm_area_struct *vma;
51 pid_t pid;
52};
53
54static void drm_vm_open(struct vm_area_struct *vma);
55static void drm_vm_close(struct vm_area_struct *vma);
56
57static pgprot_t drm_io_prot(struct drm_local_map *map,
58 struct vm_area_struct *vma)
59{
60 pgprot_t tmp = vm_get_page_prot(vma->vm_flags);
61
62
63 tmp = pgprot_decrypted(tmp);
64
65#if defined(__i386__) || defined(__x86_64__) || defined(__powerpc__)
66 if (map->type == _DRM_REGISTERS && !(map->flags & _DRM_WRITE_COMBINING))
67 tmp = pgprot_noncached(tmp);
68 else
69 tmp = pgprot_writecombine(tmp);
70#elif defined(__ia64__)
71 if (efi_range_is_wc(vma->vm_start, vma->vm_end -
72 vma->vm_start))
73 tmp = pgprot_writecombine(tmp);
74 else
75 tmp = pgprot_noncached(tmp);
76#elif defined(__sparc__) || defined(__arm__) || defined(__mips__)
77 tmp = pgprot_noncached(tmp);
78#endif
79 return tmp;
80}
81
82static pgprot_t drm_dma_prot(uint32_t map_type, struct vm_area_struct *vma)
83{
84 pgprot_t tmp = vm_get_page_prot(vma->vm_flags);
85
86#if defined(__powerpc__) && defined(CONFIG_NOT_COHERENT_CACHE)
87 tmp = pgprot_noncached_wc(tmp);
88#endif
89 return tmp;
90}
91
92
93
94
95
96
97
98
99
100
101
102#if IS_ENABLED(CONFIG_AGP)
103static int drm_vm_fault(struct vm_fault *vmf)
104{
105 struct vm_area_struct *vma = vmf->vma;
106 struct drm_file *priv = vma->vm_file->private_data;
107 struct drm_device *dev = priv->minor->dev;
108 struct drm_local_map *map = NULL;
109 struct drm_map_list *r_list;
110 struct drm_hash_item *hash;
111
112
113
114
115 if (!dev->agp)
116 goto vm_fault_error;
117
118 if (!dev->agp || !dev->agp->cant_use_aperture)
119 goto vm_fault_error;
120
121 if (drm_ht_find_item(&dev->map_hash, vma->vm_pgoff, &hash))
122 goto vm_fault_error;
123
124 r_list = drm_hash_entry(hash, struct drm_map_list, hash);
125 map = r_list->map;
126
127 if (map && map->type == _DRM_AGP) {
128
129
130
131
132 resource_size_t offset = vmf->address - vma->vm_start;
133 resource_size_t baddr = map->offset + offset;
134 struct drm_agp_mem *agpmem;
135 struct page *page;
136
137#ifdef __alpha__
138
139
140
141 baddr -= dev->hose->mem_space->start;
142#endif
143
144
145
146
147 list_for_each_entry(agpmem, &dev->agp->memory, head) {
148 if (agpmem->bound <= baddr &&
149 agpmem->bound + agpmem->pages * PAGE_SIZE > baddr)
150 break;
151 }
152
153 if (&agpmem->head == &dev->agp->memory)
154 goto vm_fault_error;
155
156
157
158
159 offset = (baddr - agpmem->bound) >> PAGE_SHIFT;
160 page = agpmem->memory->pages[offset];
161 get_page(page);
162 vmf->page = page;
163
164 DRM_DEBUG
165 ("baddr = 0x%llx page = 0x%p, offset = 0x%llx, count=%d\n",
166 (unsigned long long)baddr,
167 agpmem->memory->pages[offset],
168 (unsigned long long)offset,
169 page_count(page));
170 return 0;
171 }
172vm_fault_error:
173 return VM_FAULT_SIGBUS;
174}
175#else
176static int drm_vm_fault(struct vm_fault *vmf)
177{
178 return VM_FAULT_SIGBUS;
179}
180#endif
181
182
183
184
185
186
187
188
189
190
191
192static int drm_vm_shm_fault(struct vm_fault *vmf)
193{
194 struct vm_area_struct *vma = vmf->vma;
195 struct drm_local_map *map = vma->vm_private_data;
196 unsigned long offset;
197 unsigned long i;
198 struct page *page;
199
200 if (!map)
201 return VM_FAULT_SIGBUS;
202
203 offset = vmf->address - vma->vm_start;
204 i = (unsigned long)map->handle + offset;
205 page = vmalloc_to_page((void *)i);
206 if (!page)
207 return VM_FAULT_SIGBUS;
208 get_page(page);
209 vmf->page = page;
210
211 DRM_DEBUG("shm_fault 0x%lx\n", offset);
212 return 0;
213}
214
215
216
217
218
219
220
221
222
223static void drm_vm_shm_close(struct vm_area_struct *vma)
224{
225 struct drm_file *priv = vma->vm_file->private_data;
226 struct drm_device *dev = priv->minor->dev;
227 struct drm_vma_entry *pt, *temp;
228 struct drm_local_map *map;
229 struct drm_map_list *r_list;
230 int found_maps = 0;
231
232 DRM_DEBUG("0x%08lx,0x%08lx\n",
233 vma->vm_start, vma->vm_end - vma->vm_start);
234
235 map = vma->vm_private_data;
236
237 mutex_lock(&dev->struct_mutex);
238 list_for_each_entry_safe(pt, temp, &dev->vmalist, head) {
239 if (pt->vma->vm_private_data == map)
240 found_maps++;
241 if (pt->vma == vma) {
242 list_del(&pt->head);
243 kfree(pt);
244 }
245 }
246
247
248 if (found_maps == 1 && map->flags & _DRM_REMOVABLE) {
249
250
251
252 found_maps = 0;
253 list_for_each_entry(r_list, &dev->maplist, head) {
254 if (r_list->map == map)
255 found_maps++;
256 }
257
258 if (!found_maps) {
259 drm_dma_handle_t dmah;
260
261 switch (map->type) {
262 case _DRM_REGISTERS:
263 case _DRM_FRAME_BUFFER:
264 arch_phys_wc_del(map->mtrr);
265 iounmap(map->handle);
266 break;
267 case _DRM_SHM:
268 vfree(map->handle);
269 break;
270 case _DRM_AGP:
271 case _DRM_SCATTER_GATHER:
272 break;
273 case _DRM_CONSISTENT:
274 dmah.vaddr = map->handle;
275 dmah.busaddr = map->offset;
276 dmah.size = map->size;
277 __drm_legacy_pci_free(dev, &dmah);
278 break;
279 }
280 kfree(map);
281 }
282 }
283 mutex_unlock(&dev->struct_mutex);
284}
285
286
287
288
289
290
291
292
293
294static int drm_vm_dma_fault(struct vm_fault *vmf)
295{
296 struct vm_area_struct *vma = vmf->vma;
297 struct drm_file *priv = vma->vm_file->private_data;
298 struct drm_device *dev = priv->minor->dev;
299 struct drm_device_dma *dma = dev->dma;
300 unsigned long offset;
301 unsigned long page_nr;
302 struct page *page;
303
304 if (!dma)
305 return VM_FAULT_SIGBUS;
306 if (!dma->pagelist)
307 return VM_FAULT_SIGBUS;
308
309 offset = vmf->address - vma->vm_start;
310
311 page_nr = offset >> PAGE_SHIFT;
312 page = virt_to_page((void *)dma->pagelist[page_nr]);
313
314 get_page(page);
315 vmf->page = page;
316
317 DRM_DEBUG("dma_fault 0x%lx (page %lu)\n", offset, page_nr);
318 return 0;
319}
320
321
322
323
324
325
326
327
328
329static int drm_vm_sg_fault(struct vm_fault *vmf)
330{
331 struct vm_area_struct *vma = vmf->vma;
332 struct drm_local_map *map = vma->vm_private_data;
333 struct drm_file *priv = vma->vm_file->private_data;
334 struct drm_device *dev = priv->minor->dev;
335 struct drm_sg_mem *entry = dev->sg;
336 unsigned long offset;
337 unsigned long map_offset;
338 unsigned long page_offset;
339 struct page *page;
340
341 if (!entry)
342 return VM_FAULT_SIGBUS;
343 if (!entry->pagelist)
344 return VM_FAULT_SIGBUS;
345
346 offset = vmf->address - vma->vm_start;
347 map_offset = map->offset - (unsigned long)dev->sg->virtual;
348 page_offset = (offset >> PAGE_SHIFT) + (map_offset >> PAGE_SHIFT);
349 page = entry->pagelist[page_offset];
350 get_page(page);
351 vmf->page = page;
352
353 return 0;
354}
355
356
357static const struct vm_operations_struct drm_vm_ops = {
358 .fault = drm_vm_fault,
359 .open = drm_vm_open,
360 .close = drm_vm_close,
361};
362
363
364static const struct vm_operations_struct drm_vm_shm_ops = {
365 .fault = drm_vm_shm_fault,
366 .open = drm_vm_open,
367 .close = drm_vm_shm_close,
368};
369
370
371static const struct vm_operations_struct drm_vm_dma_ops = {
372 .fault = drm_vm_dma_fault,
373 .open = drm_vm_open,
374 .close = drm_vm_close,
375};
376
377
378static const struct vm_operations_struct drm_vm_sg_ops = {
379 .fault = drm_vm_sg_fault,
380 .open = drm_vm_open,
381 .close = drm_vm_close,
382};
383
384static void drm_vm_open_locked(struct drm_device *dev,
385 struct vm_area_struct *vma)
386{
387 struct drm_vma_entry *vma_entry;
388
389 DRM_DEBUG("0x%08lx,0x%08lx\n",
390 vma->vm_start, vma->vm_end - vma->vm_start);
391
392 vma_entry = kmalloc(sizeof(*vma_entry), GFP_KERNEL);
393 if (vma_entry) {
394 vma_entry->vma = vma;
395 vma_entry->pid = current->pid;
396 list_add(&vma_entry->head, &dev->vmalist);
397 }
398}
399
400static void drm_vm_open(struct vm_area_struct *vma)
401{
402 struct drm_file *priv = vma->vm_file->private_data;
403 struct drm_device *dev = priv->minor->dev;
404
405 mutex_lock(&dev->struct_mutex);
406 drm_vm_open_locked(dev, vma);
407 mutex_unlock(&dev->struct_mutex);
408}
409
410static void drm_vm_close_locked(struct drm_device *dev,
411 struct vm_area_struct *vma)
412{
413 struct drm_vma_entry *pt, *temp;
414
415 DRM_DEBUG("0x%08lx,0x%08lx\n",
416 vma->vm_start, vma->vm_end - vma->vm_start);
417
418 list_for_each_entry_safe(pt, temp, &dev->vmalist, head) {
419 if (pt->vma == vma) {
420 list_del(&pt->head);
421 kfree(pt);
422 break;
423 }
424 }
425}
426
427
428
429
430
431
432
433
434
435static void drm_vm_close(struct vm_area_struct *vma)
436{
437 struct drm_file *priv = vma->vm_file->private_data;
438 struct drm_device *dev = priv->minor->dev;
439
440 mutex_lock(&dev->struct_mutex);
441 drm_vm_close_locked(dev, vma);
442 mutex_unlock(&dev->struct_mutex);
443}
444
445
446
447
448
449
450
451
452
453
454
455static int drm_mmap_dma(struct file *filp, struct vm_area_struct *vma)
456{
457 struct drm_file *priv = filp->private_data;
458 struct drm_device *dev;
459 struct drm_device_dma *dma;
460 unsigned long length = vma->vm_end - vma->vm_start;
461
462 dev = priv->minor->dev;
463 dma = dev->dma;
464 DRM_DEBUG("start = 0x%lx, end = 0x%lx, page offset = 0x%lx\n",
465 vma->vm_start, vma->vm_end, vma->vm_pgoff);
466
467
468 if (!dma || (length >> PAGE_SHIFT) != dma->page_count) {
469 return -EINVAL;
470 }
471
472 if (!capable(CAP_SYS_ADMIN) &&
473 (dma->flags & _DRM_DMA_USE_PCI_RO)) {
474 vma->vm_flags &= ~(VM_WRITE | VM_MAYWRITE);
475#if defined(__i386__) || defined(__x86_64__)
476 pgprot_val(vma->vm_page_prot) &= ~_PAGE_RW;
477#else
478
479
480
481 vma->vm_page_prot =
482 __pgprot(pte_val
483 (pte_wrprotect
484 (__pte(pgprot_val(vma->vm_page_prot)))));
485#endif
486 }
487
488 vma->vm_ops = &drm_vm_dma_ops;
489
490 vma->vm_flags |= VM_DONTEXPAND | VM_DONTDUMP;
491
492 drm_vm_open_locked(dev, vma);
493 return 0;
494}
495
496static resource_size_t drm_core_get_reg_ofs(struct drm_device *dev)
497{
498#ifdef __alpha__
499 return dev->hose->dense_mem_base;
500#else
501 return 0;
502#endif
503}
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518static int drm_mmap_locked(struct file *filp, struct vm_area_struct *vma)
519{
520 struct drm_file *priv = filp->private_data;
521 struct drm_device *dev = priv->minor->dev;
522 struct drm_local_map *map = NULL;
523 resource_size_t offset = 0;
524 struct drm_hash_item *hash;
525
526 DRM_DEBUG("start = 0x%lx, end = 0x%lx, page offset = 0x%lx\n",
527 vma->vm_start, vma->vm_end, vma->vm_pgoff);
528
529 if (!priv->authenticated)
530 return -EACCES;
531
532
533
534
535
536 if (!vma->vm_pgoff
537#if IS_ENABLED(CONFIG_AGP)
538 && (!dev->agp
539 || dev->agp->agp_info.device->vendor != PCI_VENDOR_ID_APPLE)
540#endif
541 )
542 return drm_mmap_dma(filp, vma);
543
544 if (drm_ht_find_item(&dev->map_hash, vma->vm_pgoff, &hash)) {
545 DRM_ERROR("Could not find map\n");
546 return -EINVAL;
547 }
548
549 map = drm_hash_entry(hash, struct drm_map_list, hash)->map;
550 if (!map || ((map->flags & _DRM_RESTRICTED) && !capable(CAP_SYS_ADMIN)))
551 return -EPERM;
552
553
554 if (map->size < vma->vm_end - vma->vm_start)
555 return -EINVAL;
556
557 if (!capable(CAP_SYS_ADMIN) && (map->flags & _DRM_READ_ONLY)) {
558 vma->vm_flags &= ~(VM_WRITE | VM_MAYWRITE);
559#if defined(__i386__) || defined(__x86_64__)
560 pgprot_val(vma->vm_page_prot) &= ~_PAGE_RW;
561#else
562
563
564
565 vma->vm_page_prot =
566 __pgprot(pte_val
567 (pte_wrprotect
568 (__pte(pgprot_val(vma->vm_page_prot)))));
569#endif
570 }
571
572 switch (map->type) {
573#if !defined(__arm__)
574 case _DRM_AGP:
575 if (dev->agp && dev->agp->cant_use_aperture) {
576
577
578
579
580
581#if defined(__powerpc__)
582 vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot);
583#endif
584 vma->vm_ops = &drm_vm_ops;
585 break;
586 }
587
588#endif
589 case _DRM_FRAME_BUFFER:
590 case _DRM_REGISTERS:
591 offset = drm_core_get_reg_ofs(dev);
592 vma->vm_page_prot = drm_io_prot(map, vma);
593 if (io_remap_pfn_range(vma, vma->vm_start,
594 (map->offset + offset) >> PAGE_SHIFT,
595 vma->vm_end - vma->vm_start,
596 vma->vm_page_prot))
597 return -EAGAIN;
598 DRM_DEBUG(" Type = %d; start = 0x%lx, end = 0x%lx,"
599 " offset = 0x%llx\n",
600 map->type,
601 vma->vm_start, vma->vm_end, (unsigned long long)(map->offset + offset));
602
603 vma->vm_ops = &drm_vm_ops;
604 break;
605 case _DRM_CONSISTENT:
606
607
608 if (remap_pfn_range(vma, vma->vm_start,
609 page_to_pfn(virt_to_page(map->handle)),
610 vma->vm_end - vma->vm_start, vma->vm_page_prot))
611 return -EAGAIN;
612 vma->vm_page_prot = drm_dma_prot(map->type, vma);
613
614 case _DRM_SHM:
615 vma->vm_ops = &drm_vm_shm_ops;
616 vma->vm_private_data = (void *)map;
617 break;
618 case _DRM_SCATTER_GATHER:
619 vma->vm_ops = &drm_vm_sg_ops;
620 vma->vm_private_data = (void *)map;
621 vma->vm_page_prot = drm_dma_prot(map->type, vma);
622 break;
623 default:
624 return -EINVAL;
625 }
626 vma->vm_flags |= VM_DONTEXPAND | VM_DONTDUMP;
627
628 drm_vm_open_locked(dev, vma);
629 return 0;
630}
631
632int drm_legacy_mmap(struct file *filp, struct vm_area_struct *vma)
633{
634 struct drm_file *priv = filp->private_data;
635 struct drm_device *dev = priv->minor->dev;
636 int ret;
637
638 if (drm_dev_is_unplugged(dev))
639 return -ENODEV;
640
641 mutex_lock(&dev->struct_mutex);
642 ret = drm_mmap_locked(filp, vma);
643 mutex_unlock(&dev->struct_mutex);
644
645 return ret;
646}
647EXPORT_SYMBOL(drm_legacy_mmap);
648
649void drm_legacy_vma_flush(struct drm_device *dev)
650{
651 struct drm_vma_entry *vma, *vma_temp;
652
653
654 list_for_each_entry_safe(vma, vma_temp, &dev->vmalist, head) {
655 list_del(&vma->head);
656 kfree(vma);
657 }
658}
659