1 /** 2 * \file drm_bufs.c 3 * Generic buffer template 4 * 5 * \author Rickard E. (Rik) Faith <faith@valinux.com> 6 * \author Gareth Hughes <gareth@valinux.com> 7 */ 8 9 /* 10 * Created: Thu Nov 23 03:10:50 2000 by gareth@valinux.com 11 * 12 * Copyright 1999, 2000 Precision Insight, Inc., Cedar Park, Texas. 13 * Copyright 2000 VA Linux Systems, Inc., Sunnyvale, California. 14 * All Rights Reserved. 15 * 16 * Permission is hereby granted, free of charge, to any person obtaining a 17 * copy of this software and associated documentation files (the "Software"), 18 * to deal in the Software without restriction, including without limitation 19 * the rights to use, copy, modify, merge, publish, distribute, sublicense, 20 * and/or sell copies of the Software, and to permit persons to whom the 21 * Software is furnished to do so, subject to the following conditions: 22 * 23 * The above copyright notice and this permission notice (including the next 24 * paragraph) shall be included in all copies or substantial portions of the 25 * Software. 26 * 27 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 28 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 29 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 30 * VA LINUX SYSTEMS AND/OR ITS SUPPLIERS BE LIABLE FOR ANY CLAIM, DAMAGES OR 31 * OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, 32 * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR 33 * OTHER DEALINGS IN THE SOFTWARE. 34 */ 35 36 #include <linux/vmalloc.h> 37 #include <linux/slab.h> 38 #include <linux/log2.h> 39 #include <linux/export.h> 40 #include <asm/shmparam.h> 41 #include <drm/drmP.h> 42 43 static struct drm_map_list *drm_find_matching_map(struct drm_device *dev, 44 struct drm_local_map *map) 45 { 46 struct drm_map_list *entry; 47 list_for_each_entry(entry, &dev->maplist, head) { 48 /* 49 * Because the kernel-userspace ABI is fixed at a 32-bit offset 50 * while PCI resources may live above that, we only compare the 51 * lower 32 bits of the map offset for maps of type 52 * _DRM_FRAMEBUFFER or _DRM_REGISTERS. 53 * It is assumed that if a driver have more than one resource 54 * of each type, the lower 32 bits are different. 55 */ 56 if (!entry->map || 57 map->type != entry->map->type || 58 entry->master != dev->primary->master) 59 continue; 60 switch (map->type) { 61 case _DRM_SHM: 62 if (map->flags != _DRM_CONTAINS_LOCK) 63 break; 64 return entry; 65 case _DRM_REGISTERS: 66 case _DRM_FRAME_BUFFER: 67 if ((entry->map->offset & 0xffffffff) == 68 (map->offset & 0xffffffff)) 69 return entry; 70 default: /* Make gcc happy */ 71 ; 72 } 73 if (entry->map->offset == map->offset) 74 return entry; 75 } 76 77 return NULL; 78 } 79 80 static int drm_map_handle(struct drm_device *dev, struct drm_hash_item *hash, 81 unsigned long user_token, int hashed_handle, int shm) 82 { 83 int use_hashed_handle, shift; 84 unsigned long add; 85 86 #if (BITS_PER_LONG == 64) 87 use_hashed_handle = ((user_token & 0xFFFFFFFF00000000UL) || hashed_handle); 88 #elif (BITS_PER_LONG == 32) 89 use_hashed_handle = hashed_handle; 90 #else 91 #error Unsupported long size. Neither 64 nor 32 bits. 92 #endif 93 94 if (!use_hashed_handle) { 95 int ret; 96 hash->key = user_token >> PAGE_SHIFT; 97 ret = drm_ht_insert_item(&dev->map_hash, hash); 98 if (ret != -EINVAL) 99 return ret; 100 } 101 102 shift = 0; 103 add = DRM_MAP_HASH_OFFSET >> PAGE_SHIFT; 104 if (shm && (SHMLBA > PAGE_SIZE)) { 105 int bits = ilog2(SHMLBA >> PAGE_SHIFT) + 1; 106 107 /* For shared memory, we have to preserve the SHMLBA 108 * bits of the eventual vma->vm_pgoff value during 109 * mmap(). Otherwise we run into cache aliasing problems 110 * on some platforms. On these platforms, the pgoff of 111 * a mmap() request is used to pick a suitable virtual 112 * address for the mmap() region such that it will not 113 * cause cache aliasing problems. 114 * 115 * Therefore, make sure the SHMLBA relevant bits of the 116 * hash value we use are equal to those in the original 117 * kernel virtual address. 118 */ 119 shift = bits; 120 add |= ((user_token >> PAGE_SHIFT) & ((1UL << bits) - 1UL)); 121 } 122 123 return drm_ht_just_insert_please(&dev->map_hash, hash, 124 user_token, 32 - PAGE_SHIFT - 3, 125 shift, add); 126 } 127 128 /** 129 * Core function to create a range of memory available for mapping by a 130 * non-root process. 131 * 132 * Adjusts the memory offset to its absolute value according to the mapping 133 * type. Adds the map to the map list drm_device::maplist. Adds MTRR's where 134 * applicable and if supported by the kernel. 135 */ 136 static int drm_addmap_core(struct drm_device * dev, resource_size_t offset, 137 unsigned int size, enum drm_map_type type, 138 enum drm_map_flags flags, 139 struct drm_map_list ** maplist) 140 { 141 struct drm_local_map *map; 142 struct drm_map_list *list; 143 drm_dma_handle_t *dmah; 144 unsigned long user_token; 145 int ret; 146 147 map = kmalloc(sizeof(*map), GFP_KERNEL); 148 if (!map) 149 return -ENOMEM; 150 151 map->offset = offset; 152 map->size = size; 153 map->flags = flags; 154 map->type = type; 155 156 /* Only allow shared memory to be removable since we only keep enough 157 * book keeping information about shared memory to allow for removal 158 * when processes fork. 159 */ 160 if ((map->flags & _DRM_REMOVABLE) && map->type != _DRM_SHM) { 161 kfree(map); 162 return -EINVAL; 163 } 164 DRM_DEBUG("offset = 0x%08llx, size = 0x%08lx, type = %d\n", 165 (unsigned long long)map->offset, map->size, map->type); 166 167 /* page-align _DRM_SHM maps. They are allocated here so there is no security 168 * hole created by that and it works around various broken drivers that use 169 * a non-aligned quantity to map the SAREA. --BenH 170 */ 171 if (map->type == _DRM_SHM) 172 map->size = PAGE_ALIGN(map->size); 173 174 if ((map->offset & (~(resource_size_t)PAGE_MASK)) || (map->size & (~PAGE_MASK))) { 175 kfree(map); 176 return -EINVAL; 177 } 178 map->mtrr = -1; 179 map->handle = NULL; 180 181 switch (map->type) { 182 case _DRM_REGISTERS: 183 case _DRM_FRAME_BUFFER: 184 #if !defined(__sparc__) && !defined(__alpha__) && !defined(__ia64__) && !defined(__powerpc64__) && !defined(__x86_64__) && !defined(__arm__) 185 if (map->offset + (map->size-1) < map->offset || 186 map->offset < virt_to_phys(high_memory)) { 187 kfree(map); 188 return -EINVAL; 189 } 190 #endif 191 /* Some drivers preinitialize some maps, without the X Server 192 * needing to be aware of it. Therefore, we just return success 193 * when the server tries to create a duplicate map. 194 */ 195 list = drm_find_matching_map(dev, map); 196 if (list != NULL) { 197 if (list->map->size != map->size) { 198 DRM_DEBUG("Matching maps of type %d with " 199 "mismatched sizes, (%ld vs %ld)\n", 200 map->type, map->size, 201 list->map->size); 202 list->map->size = map->size; 203 } 204 205 kfree(map); 206 *maplist = list; 207 return 0; 208 } 209 210 if (map->type == _DRM_FRAME_BUFFER || 211 (map->flags & _DRM_WRITE_COMBINING)) { 212 map->mtrr = 213 arch_phys_wc_add(map->offset, map->size); 214 } 215 if (map->type == _DRM_REGISTERS) { 216 if (map->flags & _DRM_WRITE_COMBINING) 217 map->handle = ioremap_wc(map->offset, 218 map->size); 219 else 220 map->handle = ioremap(map->offset, map->size); 221 if (!map->handle) { 222 kfree(map); 223 return -ENOMEM; 224 } 225 } 226 227 break; 228 case _DRM_SHM: 229 list = drm_find_matching_map(dev, map); 230 if (list != NULL) { 231 if(list->map->size != map->size) { 232 DRM_DEBUG("Matching maps of type %d with " 233 "mismatched sizes, (%ld vs %ld)\n", 234 map->type, map->size, list->map->size); 235 list->map->size = map->size; 236 } 237 238 kfree(map); 239 *maplist = list; 240 return 0; 241 } 242 map->handle = vmalloc_user(map->size); 243 DRM_DEBUG("%lu %d %p\n", 244 map->size, order_base_2(map->size), map->handle); 245 if (!map->handle) { 246 kfree(map); 247 return -ENOMEM; 248 } 249 map->offset = (unsigned long)map->handle; 250 if (map->flags & _DRM_CONTAINS_LOCK) { 251 /* Prevent a 2nd X Server from creating a 2nd lock */ 252 if (dev->primary->master->lock.hw_lock != NULL) { 253 vfree(map->handle); 254 kfree(map); 255 return -EBUSY; 256 } 257 dev->sigdata.lock = dev->primary->master->lock.hw_lock = map->handle; /* Pointer to lock */ 258 } 259 break; 260 case _DRM_AGP: { 261 struct drm_agp_mem *entry; 262 int valid = 0; 263 264 if (!drm_core_has_AGP(dev)) { 265 kfree(map); 266 return -EINVAL; 267 } 268 #ifdef __alpha__ 269 map->offset += dev->hose->mem_space->start; 270 #endif 271 /* In some cases (i810 driver), user space may have already 272 * added the AGP base itself, because dev->agp->base previously 273 * only got set during AGP enable. So, only add the base 274 * address if the map's offset isn't already within the 275 * aperture. 276 */ 277 if (map->offset < dev->agp->base || 278 map->offset > dev->agp->base + 279 dev->agp->agp_info.aper_size * 1024 * 1024 - 1) { 280 map->offset += dev->agp->base; 281 } 282 map->mtrr = dev->agp->agp_mtrr; /* for getmap */ 283 284 /* This assumes the DRM is in total control of AGP space. 285 * It's not always the case as AGP can be in the control 286 * of user space (i.e. i810 driver). So this loop will get 287 * skipped and we double check that dev->agp->memory is 288 * actually set as well as being invalid before EPERM'ing 289 */ 290 list_for_each_entry(entry, &dev->agp->memory, head) { 291 if ((map->offset >= entry->bound) && 292 (map->offset + map->size <= entry->bound + entry->pages * PAGE_SIZE)) { 293 valid = 1; 294 break; 295 } 296 } 297 if (!list_empty(&dev->agp->memory) && !valid) { 298 kfree(map); 299 return -EPERM; 300 } 301 DRM_DEBUG("AGP offset = 0x%08llx, size = 0x%08lx\n", 302 (unsigned long long)map->offset, map->size); 303 304 break; 305 } 306 case _DRM_GEM: 307 DRM_ERROR("tried to addmap GEM object\n"); 308 break; 309 case _DRM_SCATTER_GATHER: 310 if (!dev->sg) { 311 kfree(map); 312 return -EINVAL; 313 } 314 map->offset += (unsigned long)dev->sg->virtual; 315 break; 316 case _DRM_CONSISTENT: 317 /* dma_addr_t is 64bit on i386 with CONFIG_HIGHMEM64G, 318 * As we're limiting the address to 2^32-1 (or less), 319 * casting it down to 32 bits is no problem, but we 320 * need to point to a 64bit variable first. */ 321 dmah = drm_pci_alloc(dev, map->size, map->size); 322 if (!dmah) { 323 kfree(map); 324 return -ENOMEM; 325 } 326 map->handle = dmah->vaddr; 327 map->offset = (unsigned long)dmah->busaddr; 328 kfree(dmah); 329 break; 330 default: 331 kfree(map); 332 return -EINVAL; 333 } 334 335 list = kzalloc(sizeof(*list), GFP_KERNEL); 336 if (!list) { 337 if (map->type == _DRM_REGISTERS) 338 iounmap(map->handle); 339 kfree(map); 340 return -EINVAL; 341 } 342 list->map = map; 343 344 mutex_lock(&dev->struct_mutex); 345 list_add(&list->head, &dev->maplist); 346 347 /* Assign a 32-bit handle */ 348 /* We do it here so that dev->struct_mutex protects the increment */ 349 user_token = (map->type == _DRM_SHM) ? (unsigned long)map->handle : 350 map->offset; 351 ret = drm_map_handle(dev, &list->hash, user_token, 0, 352 (map->type == _DRM_SHM)); 353 if (ret) { 354 if (map->type == _DRM_REGISTERS) 355 iounmap(map->handle); 356 kfree(map); 357 kfree(list); 358 mutex_unlock(&dev->struct_mutex); 359 return ret; 360 } 361 362 list->user_token = list->hash.key << PAGE_SHIFT; 363 mutex_unlock(&dev->struct_mutex); 364 365 if (!(map->flags & _DRM_DRIVER)) 366 list->master = dev->primary->master; 367 *maplist = list; 368 return 0; 369 } 370 371 int drm_addmap(struct drm_device * dev, resource_size_t offset, 372 unsigned int size, enum drm_map_type type, 373 enum drm_map_flags flags, struct drm_local_map ** map_ptr) 374 { 375 struct drm_map_list *list; 376 int rc; 377 378 rc = drm_addmap_core(dev, offset, size, type, flags, &list); 379 if (!rc) 380 *map_ptr = list->map; 381 return rc; 382 } 383 384 EXPORT_SYMBOL(drm_addmap); 385 386 /** 387 * Ioctl to specify a range of memory that is available for mapping by a 388 * non-root process. 389 * 390 * \param inode device inode. 391 * \param file_priv DRM file private. 392 * \param cmd command. 393 * \param arg pointer to a drm_map structure. 394 * \return zero on success or a negative value on error. 395 * 396 */ 397 int drm_addmap_ioctl(struct drm_device *dev, void *data, 398 struct drm_file *file_priv) 399 { 400 struct drm_map *map = data; 401 struct drm_map_list *maplist; 402 int err; 403 404 if (!(capable(CAP_SYS_ADMIN) || map->type == _DRM_AGP || map->type == _DRM_SHM)) 405 return -EPERM; 406 407 err = drm_addmap_core(dev, map->offset, map->size, map->type, 408 map->flags, &maplist); 409 410 if (err) 411 return err; 412 413 /* avoid a warning on 64-bit, this casting isn't very nice, but the API is set so too late */ 414 map->handle = (void *)(unsigned long)maplist->user_token; 415 416 /* 417 * It appears that there are no users of this value whatsoever -- 418 * drmAddMap just discards it. Let's not encourage its use. 419 * (Keeping drm_addmap_core's returned mtrr value would be wrong -- 420 * it's not a real mtrr index anymore.) 421 */ 422 map->mtrr = -1; 423 424 return 0; 425 } 426 427 /** 428 * Remove a map private from list and deallocate resources if the mapping 429 * isn't in use. 430 * 431 * Searches the map on drm_device::maplist, removes it from the list, see if 432 * its being used, and free any associate resource (such as MTRR's) if it's not 433 * being on use. 434 * 435 * \sa drm_addmap 436 */ 437 int drm_rmmap_locked(struct drm_device *dev, struct drm_local_map *map) 438 { 439 struct drm_map_list *r_list = NULL, *list_t; 440 drm_dma_handle_t dmah; 441 int found = 0; 442 struct drm_master *master; 443 444 /* Find the list entry for the map and remove it */ 445 list_for_each_entry_safe(r_list, list_t, &dev->maplist, head) { 446 if (r_list->map == map) { 447 master = r_list->master; 448 list_del(&r_list->head); 449 drm_ht_remove_key(&dev->map_hash, 450 r_list->user_token >> PAGE_SHIFT); 451 kfree(r_list); 452 found = 1; 453 break; 454 } 455 } 456 457 if (!found) 458 return -EINVAL; 459 460 switch (map->type) { 461 case _DRM_REGISTERS: 462 iounmap(map->handle); 463 /* FALLTHROUGH */ 464 case _DRM_FRAME_BUFFER: 465 arch_phys_wc_del(map->mtrr); 466 break; 467 case _DRM_SHM: 468 vfree(map->handle); 469 if (master) { 470 if (dev->sigdata.lock == master->lock.hw_lock) 471 dev->sigdata.lock = NULL; 472 master->lock.hw_lock = NULL; /* SHM removed */ 473 master->lock.file_priv = NULL; 474 wake_up_interruptible_all(&master->lock.lock_queue); 475 } 476 break; 477 case _DRM_AGP: 478 case _DRM_SCATTER_GATHER: 479 break; 480 case _DRM_CONSISTENT: 481 dmah.vaddr = map->handle; 482 dmah.busaddr = map->offset; 483 dmah.size = map->size; 484 __drm_pci_free(dev, &dmah); 485 break; 486 case _DRM_GEM: 487 DRM_ERROR("tried to rmmap GEM object\n"); 488 break; 489 } 490 kfree(map); 491 492 return 0; 493 } 494 EXPORT_SYMBOL(drm_rmmap_locked); 495 496 int drm_rmmap(struct drm_device *dev, struct drm_local_map *map) 497 { 498 int ret; 499 500 mutex_lock(&dev->struct_mutex); 501 ret = drm_rmmap_locked(dev, map); 502 mutex_unlock(&dev->struct_mutex); 503 504 return ret; 505 } 506 EXPORT_SYMBOL(drm_rmmap); 507 508 /* The rmmap ioctl appears to be unnecessary. All mappings are torn down on 509 * the last close of the device, and this is necessary for cleanup when things 510 * exit uncleanly. Therefore, having userland manually remove mappings seems 511 * like a pointless exercise since they're going away anyway. 512 * 513 * One use case might be after addmap is allowed for normal users for SHM and 514 * gets used by drivers that the server doesn't need to care about. This seems 515 * unlikely. 516 * 517 * \param inode device inode. 518 * \param file_priv DRM file private. 519 * \param cmd command. 520 * \param arg pointer to a struct drm_map structure. 521 * \return zero on success or a negative value on error. 522 */ 523 int drm_rmmap_ioctl(struct drm_device *dev, void *data, 524 struct drm_file *file_priv) 525 { 526 struct drm_map *request = data; 527 struct drm_local_map *map = NULL; 528 struct drm_map_list *r_list; 529 int ret; 530 531 mutex_lock(&dev->struct_mutex); 532 list_for_each_entry(r_list, &dev->maplist, head) { 533 if (r_list->map && 534 r_list->user_token == (unsigned long)request->handle && 535 r_list->map->flags & _DRM_REMOVABLE) { 536 map = r_list->map; 537 break; 538 } 539 } 540 541 /* List has wrapped around to the head pointer, or its empty we didn't 542 * find anything. 543 */ 544 if (list_empty(&dev->maplist) || !map) { 545 mutex_unlock(&dev->struct_mutex); 546 return -EINVAL; 547 } 548 549 /* Register and framebuffer maps are permanent */ 550 if ((map->type == _DRM_REGISTERS) || (map->type == _DRM_FRAME_BUFFER)) { 551 mutex_unlock(&dev->struct_mutex); 552 return 0; 553 } 554 555 ret = drm_rmmap_locked(dev, map); 556 557 mutex_unlock(&dev->struct_mutex); 558 559 return ret; 560 } 561 562 /** 563 * Cleanup after an error on one of the addbufs() functions. 564 * 565 * \param dev DRM device. 566 * \param entry buffer entry where the error occurred. 567 * 568 * Frees any pages and buffers associated with the given entry. 569 */ 570 static void drm_cleanup_buf_error(struct drm_device * dev, 571 struct drm_buf_entry * entry) 572 { 573 int i; 574 575 if (entry->seg_count) { 576 for (i = 0; i < entry->seg_count; i++) { 577 if (entry->seglist[i]) { 578 drm_pci_free(dev, entry->seglist[i]); 579 } 580 } 581 kfree(entry->seglist); 582 583 entry->seg_count = 0; 584 } 585 586 if (entry->buf_count) { 587 for (i = 0; i < entry->buf_count; i++) { 588 kfree(entry->buflist[i].dev_private); 589 } 590 kfree(entry->buflist); 591 592 entry->buf_count = 0; 593 } 594 } 595 596 #if __OS_HAS_AGP 597 /** 598 * Add AGP buffers for DMA transfers. 599 * 600 * \param dev struct drm_device to which the buffers are to be added. 601 * \param request pointer to a struct drm_buf_desc describing the request. 602 * \return zero on success or a negative number on failure. 603 * 604 * After some sanity checks creates a drm_buf structure for each buffer and 605 * reallocates the buffer list of the same size order to accommodate the new 606 * buffers. 607 */ 608 int drm_addbufs_agp(struct drm_device * dev, struct drm_buf_desc * request) 609 { 610 struct drm_device_dma *dma = dev->dma; 611 struct drm_buf_entry *entry; 612 struct drm_agp_mem *agp_entry; 613 struct drm_buf *buf; 614 unsigned long offset; 615 unsigned long agp_offset; 616 int count; 617 int order; 618 int size; 619 int alignment; 620 int page_order; 621 int total; 622 int byte_count; 623 int i, valid; 624 struct drm_buf **temp_buflist; 625 626 if (!dma) 627 return -EINVAL; 628 629 count = request->count; 630 order = order_base_2(request->size); 631 size = 1 << order; 632 633 alignment = (request->flags & _DRM_PAGE_ALIGN) 634 ? PAGE_ALIGN(size) : size; 635 page_order = order - PAGE_SHIFT > 0 ? order - PAGE_SHIFT : 0; 636 total = PAGE_SIZE << page_order; 637 638 byte_count = 0; 639 agp_offset = dev->agp->base + request->agp_start; 640 641 DRM_DEBUG("count: %d\n", count); 642 DRM_DEBUG("order: %d\n", order); 643 DRM_DEBUG("size: %d\n", size); 644 DRM_DEBUG("agp_offset: %lx\n", agp_offset); 645 DRM_DEBUG("alignment: %d\n", alignment); 646 DRM_DEBUG("page_order: %d\n", page_order); 647 DRM_DEBUG("total: %d\n", total); 648 649 if (order < DRM_MIN_ORDER || order > DRM_MAX_ORDER) 650 return -EINVAL; 651 652 /* Make sure buffers are located in AGP memory that we own */ 653 valid = 0; 654 list_for_each_entry(agp_entry, &dev->agp->memory, head) { 655 if ((agp_offset >= agp_entry->bound) && 656 (agp_offset + total * count <= agp_entry->bound + agp_entry->pages * PAGE_SIZE)) { 657 valid = 1; 658 break; 659 } 660 } 661 if (!list_empty(&dev->agp->memory) && !valid) { 662 DRM_DEBUG("zone invalid\n"); 663 return -EINVAL; 664 } 665 spin_lock(&dev->count_lock); 666 if (dev->buf_use) { 667 spin_unlock(&dev->count_lock); 668 return -EBUSY; 669 } 670 atomic_inc(&dev->buf_alloc); 671 spin_unlock(&dev->count_lock); 672 673 mutex_lock(&dev->struct_mutex); 674 entry = &dma->bufs[order]; 675 if (entry->buf_count) { 676 mutex_unlock(&dev->struct_mutex); 677 atomic_dec(&dev->buf_alloc); 678 return -ENOMEM; /* May only call once for each order */ 679 } 680 681 if (count < 0 || count > 4096) { 682 mutex_unlock(&dev->struct_mutex); 683 atomic_dec(&dev->buf_alloc); 684 return -EINVAL; 685 } 686 687 entry->buflist = kzalloc(count * sizeof(*entry->buflist), GFP_KERNEL); 688 if (!entry->buflist) { 689 mutex_unlock(&dev->struct_mutex); 690 atomic_dec(&dev->buf_alloc); 691 return -ENOMEM; 692 } 693 694 entry->buf_size = size; 695 entry->page_order = page_order; 696 697 offset = 0; 698 699 while (entry->buf_count < count) { 700 buf = &entry->buflist[entry->buf_count]; 701 buf->idx = dma->buf_count + entry->buf_count; 702 buf->total = alignment; 703 buf->order = order; 704 buf->used = 0; 705 706 buf->offset = (dma->byte_count + offset); 707 buf->bus_address = agp_offset + offset; 708 buf->address = (void *)(agp_offset + offset); 709 buf->next = NULL; 710 buf->waiting = 0; 711 buf->pending = 0; 712 buf->file_priv = NULL; 713 714 buf->dev_priv_size = dev->driver->dev_priv_size; 715 buf->dev_private = kzalloc(buf->dev_priv_size, GFP_KERNEL); 716 if (!buf->dev_private) { 717 /* Set count correctly so we free the proper amount. */ 718 entry->buf_count = count; 719 drm_cleanup_buf_error(dev, entry); 720 mutex_unlock(&dev->struct_mutex); 721 atomic_dec(&dev->buf_alloc); 722 return -ENOMEM; 723 } 724 725 DRM_DEBUG("buffer %d @ %p\n", entry->buf_count, buf->address); 726 727 offset += alignment; 728 entry->buf_count++; 729 byte_count += PAGE_SIZE << page_order; 730 } 731 732 DRM_DEBUG("byte_count: %d\n", byte_count); 733 734 temp_buflist = krealloc(dma->buflist, 735 (dma->buf_count + entry->buf_count) * 736 sizeof(*dma->buflist), GFP_KERNEL); 737 if (!temp_buflist) { 738 /* Free the entry because it isn't valid */ 739 drm_cleanup_buf_error(dev, entry); 740 mutex_unlock(&dev->struct_mutex); 741 atomic_dec(&dev->buf_alloc); 742 return -ENOMEM; 743 } 744 dma->buflist = temp_buflist; 745 746 for (i = 0; i < entry->buf_count; i++) { 747 dma->buflist[i + dma->buf_count] = &entry->buflist[i]; 748 } 749 750 dma->buf_count += entry->buf_count; 751 dma->seg_count += entry->seg_count; 752 dma->page_count += byte_count >> PAGE_SHIFT; 753 dma->byte_count += byte_count; 754 755 DRM_DEBUG("dma->buf_count : %d\n", dma->buf_count); 756 DRM_DEBUG("entry->buf_count : %d\n", entry->buf_count); 757 758 mutex_unlock(&dev->struct_mutex); 759 760 request->count = entry->buf_count; 761 request->size = size; 762 763 dma->flags = _DRM_DMA_USE_AGP; 764 765 atomic_dec(&dev->buf_alloc); 766 return 0; 767 } 768 EXPORT_SYMBOL(drm_addbufs_agp); 769 #endif /* __OS_HAS_AGP */ 770 771 int drm_addbufs_pci(struct drm_device * dev, struct drm_buf_desc * request) 772 { 773 struct drm_device_dma *dma = dev->dma; 774 int count; 775 int order; 776 int size; 777 int total; 778 int page_order; 779 struct drm_buf_entry *entry; 780 drm_dma_handle_t *dmah; 781 struct drm_buf *buf; 782 int alignment; 783 unsigned long offset; 784 int i; 785 int byte_count; 786 int page_count; 787 unsigned long *temp_pagelist; 788 struct drm_buf **temp_buflist; 789 790 if (!drm_core_check_feature(dev, DRIVER_PCI_DMA)) 791 return -EINVAL; 792 793 if (!dma) 794 return -EINVAL; 795 796 if (!capable(CAP_SYS_ADMIN)) 797 return -EPERM; 798 799 count = request->count; 800 order = order_base_2(request->size); 801 size = 1 << order; 802 803 DRM_DEBUG("count=%d, size=%d (%d), order=%d\n", 804 request->count, request->size, size, order); 805 806 if (order < DRM_MIN_ORDER || order > DRM_MAX_ORDER) 807 return -EINVAL; 808 809 alignment = (request->flags & _DRM_PAGE_ALIGN) 810 ? PAGE_ALIGN(size) : size; 811 page_order = order - PAGE_SHIFT > 0 ? order - PAGE_SHIFT : 0; 812 total = PAGE_SIZE << page_order; 813 814 spin_lock(&dev->count_lock); 815 if (dev->buf_use) { 816 spin_unlock(&dev->count_lock); 817 return -EBUSY; 818 } 819 atomic_inc(&dev->buf_alloc); 820 spin_unlock(&dev->count_lock); 821 822 mutex_lock(&dev->struct_mutex); 823 entry = &dma->bufs[order]; 824 if (entry->buf_count) { 825 mutex_unlock(&dev->struct_mutex); 826 atomic_dec(&dev->buf_alloc); 827 return -ENOMEM; /* May only call once for each order */ 828 } 829 830 if (count < 0 || count > 4096) { 831 mutex_unlock(&dev->struct_mutex); 832 atomic_dec(&dev->buf_alloc); 833 return -EINVAL; 834 } 835 836 entry->buflist = kzalloc(count * sizeof(*entry->buflist), GFP_KERNEL); 837 if (!entry->buflist) { 838 mutex_unlock(&dev->struct_mutex); 839 atomic_dec(&dev->buf_alloc); 840 return -ENOMEM; 841 } 842 843 entry->seglist = kzalloc(count * sizeof(*entry->seglist), GFP_KERNEL); 844 if (!entry->seglist) { 845 kfree(entry->buflist); 846 mutex_unlock(&dev->struct_mutex); 847 atomic_dec(&dev->buf_alloc); 848 return -ENOMEM; 849 } 850 851 /* Keep the original pagelist until we know all the allocations 852 * have succeeded 853 */ 854 temp_pagelist = kmalloc((dma->page_count + (count << page_order)) * 855 sizeof(*dma->pagelist), GFP_KERNEL); 856 if (!temp_pagelist) { 857 kfree(entry->buflist); 858 kfree(entry->seglist); 859 mutex_unlock(&dev->struct_mutex); 860 atomic_dec(&dev->buf_alloc); 861 return -ENOMEM; 862 } 863 memcpy(temp_pagelist, 864 dma->pagelist, dma->page_count * sizeof(*dma->pagelist)); 865 DRM_DEBUG("pagelist: %d entries\n", 866 dma->page_count + (count << page_order)); 867 868 entry->buf_size = size; 869 entry->page_order = page_order; 870 byte_count = 0; 871 page_count = 0; 872 873 while (entry->buf_count < count) { 874 875 dmah = drm_pci_alloc(dev, PAGE_SIZE << page_order, 0x1000); 876 877 if (!dmah) { 878 /* Set count correctly so we free the proper amount. */ 879 entry->buf_count = count; 880 entry->seg_count = count; 881 drm_cleanup_buf_error(dev, entry); 882 kfree(temp_pagelist); 883 mutex_unlock(&dev->struct_mutex); 884 atomic_dec(&dev->buf_alloc); 885 return -ENOMEM; 886 } 887 entry->seglist[entry->seg_count++] = dmah; 888 for (i = 0; i < (1 << page_order); i++) { 889 DRM_DEBUG("page %d @ 0x%08lx\n", 890 dma->page_count + page_count, 891 (unsigned long)dmah->vaddr + PAGE_SIZE * i); 892 temp_pagelist[dma->page_count + page_count++] 893 = (unsigned long)dmah->vaddr + PAGE_SIZE * i; 894 } 895 for (offset = 0; 896 offset + size <= total && entry->buf_count < count; 897 offset += alignment, ++entry->buf_count) { 898 buf = &entry->buflist[entry->buf_count]; 899 buf->idx = dma->buf_count + entry->buf_count; 900 buf->total = alignment; 901 buf->order = order; 902 buf->used = 0; 903 buf->offset = (dma->byte_count + byte_count + offset); 904 buf->address = (void *)(dmah->vaddr + offset); 905 buf->bus_address = dmah->busaddr + offset; 906 buf->next = NULL; 907 buf->waiting = 0; 908 buf->pending = 0; 909 buf->file_priv = NULL; 910 911 buf->dev_priv_size = dev->driver->dev_priv_size; 912 buf->dev_private = kzalloc(buf->dev_priv_size, 913 GFP_KERNEL); 914 if (!buf->dev_private) { 915 /* Set count correctly so we free the proper amount. */ 916 entry->buf_count = count; 917 entry->seg_count = count; 918 drm_cleanup_buf_error(dev, entry); 919 kfree(temp_pagelist); 920 mutex_unlock(&dev->struct_mutex); 921 atomic_dec(&dev->buf_alloc); 922 return -ENOMEM; 923 } 924 925 DRM_DEBUG("buffer %d @ %p\n", 926 entry->buf_count, buf->address); 927 } 928 byte_count += PAGE_SIZE << page_order; 929 } 930 931 temp_buflist = krealloc(dma->buflist, 932 (dma->buf_count + entry->buf_count) * 933 sizeof(*dma->buflist), GFP_KERNEL); 934 if (!temp_buflist) { 935 /* Free the entry because it isn't valid */ 936 drm_cleanup_buf_error(dev, entry); 937 kfree(temp_pagelist); 938 mutex_unlock(&dev->struct_mutex); 939 atomic_dec(&dev->buf_alloc); 940 return -ENOMEM; 941 } 942 dma->buflist = temp_buflist; 943 944 for (i = 0; i < entry->buf_count; i++) { 945 dma->buflist[i + dma->buf_count] = &entry->buflist[i]; 946 } 947 948 /* No allocations failed, so now we can replace the original pagelist 949 * with the new one. 950 */ 951 if (dma->page_count) { 952 kfree(dma->pagelist); 953 } 954 dma->pagelist = temp_pagelist; 955 956 dma->buf_count += entry->buf_count; 957 dma->seg_count += entry->seg_count; 958 dma->page_count += entry->seg_count << page_order; 959 dma->byte_count += PAGE_SIZE * (entry->seg_count << page_order); 960 961 mutex_unlock(&dev->struct_mutex); 962 963 request->count = entry->buf_count; 964 request->size = size; 965 966 if (request->flags & _DRM_PCI_BUFFER_RO) 967 dma->flags = _DRM_DMA_USE_PCI_RO; 968 969 atomic_dec(&dev->buf_alloc); 970 return 0; 971 972 } 973 EXPORT_SYMBOL(drm_addbufs_pci); 974 975 static int drm_addbufs_sg(struct drm_device * dev, struct drm_buf_desc * request) 976 { 977 struct drm_device_dma *dma = dev->dma; 978 struct drm_buf_entry *entry; 979 struct drm_buf *buf; 980 unsigned long offset; 981 unsigned long agp_offset; 982 int count; 983 int order; 984 int size; 985 int alignment; 986 int page_order; 987 int total; 988 int byte_count; 989 int i; 990 struct drm_buf **temp_buflist; 991 992 if (!drm_core_check_feature(dev, DRIVER_SG)) 993 return -EINVAL; 994 995 if (!dma) 996 return -EINVAL; 997 998 if (!capable(CAP_SYS_ADMIN)) 999 return -EPERM; 1000 1001 count = request->count; 1002 order = order_base_2(request->size); 1003 size = 1 << order; 1004 1005 alignment = (request->flags & _DRM_PAGE_ALIGN) 1006 ? PAGE_ALIGN(size) : size; 1007 page_order = order - PAGE_SHIFT > 0 ? order - PAGE_SHIFT : 0; 1008 total = PAGE_SIZE << page_order; 1009 1010 byte_count = 0; 1011 agp_offset = request->agp_start; 1012 1013 DRM_DEBUG("count: %d\n", count); 1014 DRM_DEBUG("order: %d\n", order); 1015 DRM_DEBUG("size: %d\n", size); 1016 DRM_DEBUG("agp_offset: %lu\n", agp_offset); 1017 DRM_DEBUG("alignment: %d\n", alignment); 1018 DRM_DEBUG("page_order: %d\n", page_order); 1019 DRM_DEBUG("total: %d\n", total); 1020 1021 if (order < DRM_MIN_ORDER || order > DRM_MAX_ORDER) 1022 return -EINVAL; 1023 1024 spin_lock(&dev->count_lock); 1025 if (dev->buf_use) { 1026 spin_unlock(&dev->count_lock); 1027 return -EBUSY; 1028 } 1029 atomic_inc(&dev->buf_alloc); 1030 spin_unlock(&dev->count_lock); 1031 1032 mutex_lock(&dev->struct_mutex); 1033 entry = &dma->bufs[order]; 1034 if (entry->buf_count) { 1035 mutex_unlock(&dev->struct_mutex); 1036 atomic_dec(&dev->buf_alloc); 1037 return -ENOMEM; /* May only call once for each order */ 1038 } 1039 1040 if (count < 0 || count > 4096) { 1041 mutex_unlock(&dev->struct_mutex); 1042 atomic_dec(&dev->buf_alloc); 1043 return -EINVAL; 1044 } 1045 1046 entry->buflist = kzalloc(count * sizeof(*entry->buflist), 1047 GFP_KERNEL); 1048 if (!entry->buflist) { 1049 mutex_unlock(&dev->struct_mutex); 1050 atomic_dec(&dev->buf_alloc); 1051 return -ENOMEM; 1052 } 1053 1054 entry->buf_size = size; 1055 entry->page_order = page_order; 1056 1057 offset = 0; 1058 1059 while (entry->buf_count < count) { 1060 buf = &entry->buflist[entry->buf_count]; 1061 buf->idx = dma->buf_count + entry->buf_count; 1062 buf->total = alignment; 1063 buf->order = order; 1064 buf->used = 0; 1065 1066 buf->offset = (dma->byte_count + offset); 1067 buf->bus_address = agp_offset + offset; 1068 buf->address = (void *)(agp_offset + offset 1069 + (unsigned long)dev->sg->virtual); 1070 buf->next = NULL; 1071 buf->waiting = 0; 1072 buf->pending = 0; 1073 buf->file_priv = NULL; 1074 1075 buf->dev_priv_size = dev->driver->dev_priv_size; 1076 buf->dev_private = kzalloc(buf->dev_priv_size, GFP_KERNEL); 1077 if (!buf->dev_private) { 1078 /* Set count correctly so we free the proper amount. */ 1079 entry->buf_count = count; 1080 drm_cleanup_buf_error(dev, entry); 1081 mutex_unlock(&dev->struct_mutex); 1082 atomic_dec(&dev->buf_alloc); 1083 return -ENOMEM; 1084 } 1085 1086 DRM_DEBUG("buffer %d @ %p\n", entry->buf_count, buf->address); 1087 1088 offset += alignment; 1089 entry->buf_count++; 1090 byte_count += PAGE_SIZE << page_order; 1091 } 1092 1093 DRM_DEBUG("byte_count: %d\n", byte_count); 1094 1095 temp_buflist = krealloc(dma->buflist, 1096 (dma->buf_count + entry->buf_count) * 1097 sizeof(*dma->buflist), GFP_KERNEL); 1098 if (!temp_buflist) { 1099 /* Free the entry because it isn't valid */ 1100 drm_cleanup_buf_error(dev, entry); 1101 mutex_unlock(&dev->struct_mutex); 1102 atomic_dec(&dev->buf_alloc); 1103 return -ENOMEM; 1104 } 1105 dma->buflist = temp_buflist; 1106 1107 for (i = 0; i < entry->buf_count; i++) { 1108 dma->buflist[i + dma->buf_count] = &entry->buflist[i]; 1109 } 1110 1111 dma->buf_count += entry->buf_count; 1112 dma->seg_count += entry->seg_count; 1113 dma->page_count += byte_count >> PAGE_SHIFT; 1114 dma->byte_count += byte_count; 1115 1116 DRM_DEBUG("dma->buf_count : %d\n", dma->buf_count); 1117 DRM_DEBUG("entry->buf_count : %d\n", entry->buf_count); 1118 1119 mutex_unlock(&dev->struct_mutex); 1120 1121 request->count = entry->buf_count; 1122 request->size = size; 1123 1124 dma->flags = _DRM_DMA_USE_SG; 1125 1126 atomic_dec(&dev->buf_alloc); 1127 return 0; 1128 } 1129 1130 /** 1131 * Add buffers for DMA transfers (ioctl). 1132 * 1133 * \param inode device inode. 1134 * \param file_priv DRM file private. 1135 * \param cmd command. 1136 * \param arg pointer to a struct drm_buf_desc request. 1137 * \return zero on success or a negative number on failure. 1138 * 1139 * According with the memory type specified in drm_buf_desc::flags and the 1140 * build options, it dispatches the call either to addbufs_agp(), 1141 * addbufs_sg() or addbufs_pci() for AGP, scatter-gather or consistent 1142 * PCI memory respectively. 1143 */ 1144 int drm_addbufs(struct drm_device *dev, void *data, 1145 struct drm_file *file_priv) 1146 { 1147 struct drm_buf_desc *request = data; 1148 int ret; 1149 1150 if (drm_core_check_feature(dev, DRIVER_MODESET)) 1151 return -EINVAL; 1152 1153 if (!drm_core_check_feature(dev, DRIVER_HAVE_DMA)) 1154 return -EINVAL; 1155 1156 #if __OS_HAS_AGP 1157 if (request->flags & _DRM_AGP_BUFFER) 1158 ret = drm_addbufs_agp(dev, request); 1159 else 1160 #endif 1161 if (request->flags & _DRM_SG_BUFFER) 1162 ret = drm_addbufs_sg(dev, request); 1163 else if (request->flags & _DRM_FB_BUFFER) 1164 ret = -EINVAL; 1165 else 1166 ret = drm_addbufs_pci(dev, request); 1167 1168 return ret; 1169 } 1170 1171 /** 1172 * Get information about the buffer mappings. 1173 * 1174 * This was originally mean for debugging purposes, or by a sophisticated 1175 * client library to determine how best to use the available buffers (e.g., 1176 * large buffers can be used for image transfer). 1177 * 1178 * \param inode device inode. 1179 * \param file_priv DRM file private. 1180 * \param cmd command. 1181 * \param arg pointer to a drm_buf_info structure. 1182 * \return zero on success or a negative number on failure. 1183 * 1184 * Increments drm_device::buf_use while holding the drm_device::count_lock 1185 * lock, preventing of allocating more buffers after this call. Information 1186 * about each requested buffer is then copied into user space. 1187 */ 1188 int drm_infobufs(struct drm_device *dev, void *data, 1189 struct drm_file *file_priv) 1190 { 1191 struct drm_device_dma *dma = dev->dma; 1192 struct drm_buf_info *request = data; 1193 int i; 1194 int count; 1195 1196 if (drm_core_check_feature(dev, DRIVER_MODESET)) 1197 return -EINVAL; 1198 1199 if (!drm_core_check_feature(dev, DRIVER_HAVE_DMA)) 1200 return -EINVAL; 1201 1202 if (!dma) 1203 return -EINVAL; 1204 1205 spin_lock(&dev->count_lock); 1206 if (atomic_read(&dev->buf_alloc)) { 1207 spin_unlock(&dev->count_lock); 1208 return -EBUSY; 1209 } 1210 ++dev->buf_use; /* Can't allocate more after this call */ 1211 spin_unlock(&dev->count_lock); 1212 1213 for (i = 0, count = 0; i < DRM_MAX_ORDER + 1; i++) { 1214 if (dma->bufs[i].buf_count) 1215 ++count; 1216 } 1217 1218 DRM_DEBUG("count = %d\n", count); 1219 1220 if (request->count >= count) { 1221 for (i = 0, count = 0; i < DRM_MAX_ORDER + 1; i++) { 1222 if (dma->bufs[i].buf_count) { 1223 struct drm_buf_desc __user *to = 1224 &request->list[count]; 1225 struct drm_buf_entry *from = &dma->bufs[i]; 1226 struct drm_freelist *list = &dma->bufs[i].freelist; 1227 if (copy_to_user(&to->count, 1228 &from->buf_count, 1229 sizeof(from->buf_count)) || 1230 copy_to_user(&to->size, 1231 &from->buf_size, 1232 sizeof(from->buf_size)) || 1233 copy_to_user(&to->low_mark, 1234 &list->low_mark, 1235 sizeof(list->low_mark)) || 1236 copy_to_user(&to->high_mark, 1237 &list->high_mark, 1238 sizeof(list->high_mark))) 1239 return -EFAULT; 1240 1241 DRM_DEBUG("%d %d %d %d %d\n", 1242 i, 1243 dma->bufs[i].buf_count, 1244 dma->bufs[i].buf_size, 1245 dma->bufs[i].freelist.low_mark, 1246 dma->bufs[i].freelist.high_mark); 1247 ++count; 1248 } 1249 } 1250 } 1251 request->count = count; 1252 1253 return 0; 1254 } 1255 1256 /** 1257 * Specifies a low and high water mark for buffer allocation 1258 * 1259 * \param inode device inode. 1260 * \param file_priv DRM file private. 1261 * \param cmd command. 1262 * \param arg a pointer to a drm_buf_desc structure. 1263 * \return zero on success or a negative number on failure. 1264 * 1265 * Verifies that the size order is bounded between the admissible orders and 1266 * updates the respective drm_device_dma::bufs entry low and high water mark. 1267 * 1268 * \note This ioctl is deprecated and mostly never used. 1269 */ 1270 int drm_markbufs(struct drm_device *dev, void *data, 1271 struct drm_file *file_priv) 1272 { 1273 struct drm_device_dma *dma = dev->dma; 1274 struct drm_buf_desc *request = data; 1275 int order; 1276 struct drm_buf_entry *entry; 1277 1278 if (drm_core_check_feature(dev, DRIVER_MODESET)) 1279 return -EINVAL; 1280 1281 if (!drm_core_check_feature(dev, DRIVER_HAVE_DMA)) 1282 return -EINVAL; 1283 1284 if (!dma) 1285 return -EINVAL; 1286 1287 DRM_DEBUG("%d, %d, %d\n", 1288 request->size, request->low_mark, request->high_mark); 1289 order = order_base_2(request->size); 1290 if (order < DRM_MIN_ORDER || order > DRM_MAX_ORDER) 1291 return -EINVAL; 1292 entry = &dma->bufs[order]; 1293 1294 if (request->low_mark < 0 || request->low_mark > entry->buf_count) 1295 return -EINVAL; 1296 if (request->high_mark < 0 || request->high_mark > entry->buf_count) 1297 return -EINVAL; 1298 1299 entry->freelist.low_mark = request->low_mark; 1300 entry->freelist.high_mark = request->high_mark; 1301 1302 return 0; 1303 } 1304 1305 /** 1306 * Unreserve the buffers in list, previously reserved using drmDMA. 1307 * 1308 * \param inode device inode. 1309 * \param file_priv DRM file private. 1310 * \param cmd command. 1311 * \param arg pointer to a drm_buf_free structure. 1312 * \return zero on success or a negative number on failure. 1313 * 1314 * Calls free_buffer() for each used buffer. 1315 * This function is primarily used for debugging. 1316 */ 1317 int drm_freebufs(struct drm_device *dev, void *data, 1318 struct drm_file *file_priv) 1319 { 1320 struct drm_device_dma *dma = dev->dma; 1321 struct drm_buf_free *request = data; 1322 int i; 1323 int idx; 1324 struct drm_buf *buf; 1325 1326 if (drm_core_check_feature(dev, DRIVER_MODESET)) 1327 return -EINVAL; 1328 1329 if (!drm_core_check_feature(dev, DRIVER_HAVE_DMA)) 1330 return -EINVAL; 1331 1332 if (!dma) 1333 return -EINVAL; 1334 1335 DRM_DEBUG("%d\n", request->count); 1336 for (i = 0; i < request->count; i++) { 1337 if (copy_from_user(&idx, &request->list[i], sizeof(idx))) 1338 return -EFAULT; 1339 if (idx < 0 || idx >= dma->buf_count) { 1340 DRM_ERROR("Index %d (of %d max)\n", 1341 idx, dma->buf_count - 1); 1342 return -EINVAL; 1343 } 1344 buf = dma->buflist[idx]; 1345 if (buf->file_priv != file_priv) { 1346 DRM_ERROR("Process %d freeing buffer not owned\n", 1347 task_pid_nr(current)); 1348 return -EINVAL; 1349 } 1350 drm_free_buffer(dev, buf); 1351 } 1352 1353 return 0; 1354 } 1355 1356 /** 1357 * Maps all of the DMA buffers into client-virtual space (ioctl). 1358 * 1359 * \param inode device inode. 1360 * \param file_priv DRM file private. 1361 * \param cmd command. 1362 * \param arg pointer to a drm_buf_map structure. 1363 * \return zero on success or a negative number on failure. 1364 * 1365 * Maps the AGP, SG or PCI buffer region with vm_mmap(), and copies information 1366 * about each buffer into user space. For PCI buffers, it calls vm_mmap() with 1367 * offset equal to 0, which drm_mmap() interpretes as PCI buffers and calls 1368 * drm_mmap_dma(). 1369 */ 1370 int drm_mapbufs(struct drm_device *dev, void *data, 1371 struct drm_file *file_priv) 1372 { 1373 struct drm_device_dma *dma = dev->dma; 1374 int retcode = 0; 1375 const int zero = 0; 1376 unsigned long virtual; 1377 unsigned long address; 1378 struct drm_buf_map *request = data; 1379 int i; 1380 1381 if (drm_core_check_feature(dev, DRIVER_MODESET)) 1382 return -EINVAL; 1383 1384 if (!drm_core_check_feature(dev, DRIVER_HAVE_DMA)) 1385 return -EINVAL; 1386 1387 if (!dma) 1388 return -EINVAL; 1389 1390 spin_lock(&dev->count_lock); 1391 if (atomic_read(&dev->buf_alloc)) { 1392 spin_unlock(&dev->count_lock); 1393 return -EBUSY; 1394 } 1395 dev->buf_use++; /* Can't allocate more after this call */ 1396 spin_unlock(&dev->count_lock); 1397 1398 if (request->count >= dma->buf_count) { 1399 if ((drm_core_has_AGP(dev) && (dma->flags & _DRM_DMA_USE_AGP)) 1400 || (drm_core_check_feature(dev, DRIVER_SG) 1401 && (dma->flags & _DRM_DMA_USE_SG))) { 1402 struct drm_local_map *map = dev->agp_buffer_map; 1403 unsigned long token = dev->agp_buffer_token; 1404 1405 if (!map) { 1406 retcode = -EINVAL; 1407 goto done; 1408 } 1409 virtual = vm_mmap(file_priv->filp, 0, map->size, 1410 PROT_READ | PROT_WRITE, 1411 MAP_SHARED, 1412 token); 1413 } else { 1414 virtual = vm_mmap(file_priv->filp, 0, dma->byte_count, 1415 PROT_READ | PROT_WRITE, 1416 MAP_SHARED, 0); 1417 } 1418 if (virtual > -1024UL) { 1419 /* Real error */ 1420 retcode = (signed long)virtual; 1421 goto done; 1422 } 1423 request->virtual = (void __user *)virtual; 1424 1425 for (i = 0; i < dma->buf_count; i++) { 1426 if (copy_to_user(&request->list[i].idx, 1427 &dma->buflist[i]->idx, 1428 sizeof(request->list[0].idx))) { 1429 retcode = -EFAULT; 1430 goto done; 1431 } 1432 if (copy_to_user(&request->list[i].total, 1433 &dma->buflist[i]->total, 1434 sizeof(request->list[0].total))) { 1435 retcode = -EFAULT; 1436 goto done; 1437 } 1438 if (copy_to_user(&request->list[i].used, 1439 &zero, sizeof(zero))) { 1440 retcode = -EFAULT; 1441 goto done; 1442 } 1443 address = virtual + dma->buflist[i]->offset; /* *** */ 1444 if (copy_to_user(&request->list[i].address, 1445 &address, sizeof(address))) { 1446 retcode = -EFAULT; 1447 goto done; 1448 } 1449 } 1450 } 1451 done: 1452 request->count = dma->buf_count; 1453 DRM_DEBUG("%d buffers, retcode = %d\n", request->count, retcode); 1454 1455 return retcode; 1456 } 1457 1458 int drm_dma_ioctl(struct drm_device *dev, void *data, 1459 struct drm_file *file_priv) 1460 { 1461 if (drm_core_check_feature(dev, DRIVER_MODESET)) 1462 return -EINVAL; 1463 1464 if (dev->driver->dma_ioctl) 1465 return dev->driver->dma_ioctl(dev, data, file_priv); 1466 else 1467 return -EINVAL; 1468 } 1469 1470 struct drm_local_map *drm_getsarea(struct drm_device *dev) 1471 { 1472 struct drm_map_list *entry; 1473 1474 list_for_each_entry(entry, &dev->maplist, head) { 1475 if (entry->map && entry->map->type == _DRM_SHM && 1476 (entry->map->flags & _DRM_CONTAINS_LOCK)) { 1477 return entry->map; 1478 } 1479 } 1480 return NULL; 1481 } 1482 EXPORT_SYMBOL(drm_getsarea); 1483