1 /** 2 * \file drm_bufs.c 3 * Generic buffer template 4 * 5 * \author Rickard E. (Rik) Faith <faith@valinux.com> 6 * \author Gareth Hughes <gareth@valinux.com> 7 */ 8 9 /* 10 * Created: Thu Nov 23 03:10:50 2000 by gareth@valinux.com 11 * 12 * Copyright 1999, 2000 Precision Insight, Inc., Cedar Park, Texas. 13 * Copyright 2000 VA Linux Systems, Inc., Sunnyvale, California. 14 * All Rights Reserved. 15 * 16 * Permission is hereby granted, free of charge, to any person obtaining a 17 * copy of this software and associated documentation files (the "Software"), 18 * to deal in the Software without restriction, including without limitation 19 * the rights to use, copy, modify, merge, publish, distribute, sublicense, 20 * and/or sell copies of the Software, and to permit persons to whom the 21 * Software is furnished to do so, subject to the following conditions: 22 * 23 * The above copyright notice and this permission notice (including the next 24 * paragraph) shall be included in all copies or substantial portions of the 25 * Software. 26 * 27 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 28 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 29 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 30 * VA LINUX SYSTEMS AND/OR ITS SUPPLIERS BE LIABLE FOR ANY CLAIM, DAMAGES OR 31 * OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, 32 * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR 33 * OTHER DEALINGS IN THE SOFTWARE. 34 */ 35 36 #include <linux/vmalloc.h> 37 #include <linux/log2.h> 38 #include <asm/shmparam.h> 39 #include "drmP.h" 40 41 resource_size_t drm_get_resource_start(struct drm_device *dev, unsigned int resource) 42 { 43 return pci_resource_start(dev->pdev, resource); 44 } 45 EXPORT_SYMBOL(drm_get_resource_start); 46 47 resource_size_t drm_get_resource_len(struct drm_device *dev, unsigned int resource) 48 { 49 return pci_resource_len(dev->pdev, resource); 50 } 51 52 EXPORT_SYMBOL(drm_get_resource_len); 53 54 static struct drm_map_list *drm_find_matching_map(struct drm_device *dev, 55 struct drm_local_map *map) 56 { 57 struct drm_map_list *entry; 58 list_for_each_entry(entry, &dev->maplist, head) { 59 /* 60 * Because the kernel-userspace ABI is fixed at a 32-bit offset 61 * while PCI resources may live above that, we ignore the map 62 * offset for maps of type _DRM_FRAMEBUFFER or _DRM_REGISTERS. 63 * It is assumed that each driver will have only one resource of 64 * each type. 65 */ 66 if (!entry->map || 67 map->type != entry->map->type || 68 entry->master != dev->primary->master) 69 continue; 70 switch (map->type) { 71 case _DRM_SHM: 72 if (map->flags != _DRM_CONTAINS_LOCK) 73 break; 74 case _DRM_REGISTERS: 75 case _DRM_FRAME_BUFFER: 76 return entry; 77 default: /* Make gcc happy */ 78 ; 79 } 80 if (entry->map->offset == map->offset) 81 return entry; 82 } 83 84 return NULL; 85 } 86 87 static int drm_map_handle(struct drm_device *dev, struct drm_hash_item *hash, 88 unsigned long user_token, int hashed_handle, int shm) 89 { 90 int use_hashed_handle, shift; 91 unsigned long add; 92 93 #if (BITS_PER_LONG == 64) 94 use_hashed_handle = ((user_token & 0xFFFFFFFF00000000UL) || hashed_handle); 95 #elif (BITS_PER_LONG == 32) 96 use_hashed_handle = hashed_handle; 97 #else 98 #error Unsupported long size. Neither 64 nor 32 bits. 99 #endif 100 101 if (!use_hashed_handle) { 102 int ret; 103 hash->key = user_token >> PAGE_SHIFT; 104 ret = drm_ht_insert_item(&dev->map_hash, hash); 105 if (ret != -EINVAL) 106 return ret; 107 } 108 109 shift = 0; 110 add = DRM_MAP_HASH_OFFSET >> PAGE_SHIFT; 111 if (shm && (SHMLBA > PAGE_SIZE)) { 112 int bits = ilog2(SHMLBA >> PAGE_SHIFT) + 1; 113 114 /* For shared memory, we have to preserve the SHMLBA 115 * bits of the eventual vma->vm_pgoff value during 116 * mmap(). Otherwise we run into cache aliasing problems 117 * on some platforms. On these platforms, the pgoff of 118 * a mmap() request is used to pick a suitable virtual 119 * address for the mmap() region such that it will not 120 * cause cache aliasing problems. 121 * 122 * Therefore, make sure the SHMLBA relevant bits of the 123 * hash value we use are equal to those in the original 124 * kernel virtual address. 125 */ 126 shift = bits; 127 add |= ((user_token >> PAGE_SHIFT) & ((1UL << bits) - 1UL)); 128 } 129 130 return drm_ht_just_insert_please(&dev->map_hash, hash, 131 user_token, 32 - PAGE_SHIFT - 3, 132 shift, add); 133 } 134 135 /** 136 * Core function to create a range of memory available for mapping by a 137 * non-root process. 138 * 139 * Adjusts the memory offset to its absolute value according to the mapping 140 * type. Adds the map to the map list drm_device::maplist. Adds MTRR's where 141 * applicable and if supported by the kernel. 142 */ 143 static int drm_addmap_core(struct drm_device * dev, resource_size_t offset, 144 unsigned int size, enum drm_map_type type, 145 enum drm_map_flags flags, 146 struct drm_map_list ** maplist) 147 { 148 struct drm_local_map *map; 149 struct drm_map_list *list; 150 drm_dma_handle_t *dmah; 151 unsigned long user_token; 152 int ret; 153 154 map = kmalloc(sizeof(*map), GFP_KERNEL); 155 if (!map) 156 return -ENOMEM; 157 158 map->offset = offset; 159 map->size = size; 160 map->flags = flags; 161 map->type = type; 162 163 /* Only allow shared memory to be removable since we only keep enough 164 * book keeping information about shared memory to allow for removal 165 * when processes fork. 166 */ 167 if ((map->flags & _DRM_REMOVABLE) && map->type != _DRM_SHM) { 168 kfree(map); 169 return -EINVAL; 170 } 171 DRM_DEBUG("offset = 0x%08llx, size = 0x%08lx, type = %d\n", 172 (unsigned long long)map->offset, map->size, map->type); 173 174 /* page-align _DRM_SHM maps. They are allocated here so there is no security 175 * hole created by that and it works around various broken drivers that use 176 * a non-aligned quantity to map the SAREA. --BenH 177 */ 178 if (map->type == _DRM_SHM) 179 map->size = PAGE_ALIGN(map->size); 180 181 if ((map->offset & (~(resource_size_t)PAGE_MASK)) || (map->size & (~PAGE_MASK))) { 182 kfree(map); 183 return -EINVAL; 184 } 185 map->mtrr = -1; 186 map->handle = NULL; 187 188 switch (map->type) { 189 case _DRM_REGISTERS: 190 case _DRM_FRAME_BUFFER: 191 #if !defined(__sparc__) && !defined(__alpha__) && !defined(__ia64__) && !defined(__powerpc64__) && !defined(__x86_64__) 192 if (map->offset + (map->size-1) < map->offset || 193 map->offset < virt_to_phys(high_memory)) { 194 kfree(map); 195 return -EINVAL; 196 } 197 #endif 198 #ifdef __alpha__ 199 map->offset += dev->hose->mem_space->start; 200 #endif 201 /* Some drivers preinitialize some maps, without the X Server 202 * needing to be aware of it. Therefore, we just return success 203 * when the server tries to create a duplicate map. 204 */ 205 list = drm_find_matching_map(dev, map); 206 if (list != NULL) { 207 if (list->map->size != map->size) { 208 DRM_DEBUG("Matching maps of type %d with " 209 "mismatched sizes, (%ld vs %ld)\n", 210 map->type, map->size, 211 list->map->size); 212 list->map->size = map->size; 213 } 214 215 kfree(map); 216 *maplist = list; 217 return 0; 218 } 219 220 if (drm_core_has_MTRR(dev)) { 221 if (map->type == _DRM_FRAME_BUFFER || 222 (map->flags & _DRM_WRITE_COMBINING)) { 223 map->mtrr = mtrr_add(map->offset, map->size, 224 MTRR_TYPE_WRCOMB, 1); 225 } 226 } 227 if (map->type == _DRM_REGISTERS) { 228 map->handle = ioremap(map->offset, map->size); 229 if (!map->handle) { 230 kfree(map); 231 return -ENOMEM; 232 } 233 } 234 235 break; 236 case _DRM_SHM: 237 list = drm_find_matching_map(dev, map); 238 if (list != NULL) { 239 if(list->map->size != map->size) { 240 DRM_DEBUG("Matching maps of type %d with " 241 "mismatched sizes, (%ld vs %ld)\n", 242 map->type, map->size, list->map->size); 243 list->map->size = map->size; 244 } 245 246 kfree(map); 247 *maplist = list; 248 return 0; 249 } 250 map->handle = vmalloc_user(map->size); 251 DRM_DEBUG("%lu %d %p\n", 252 map->size, drm_order(map->size), map->handle); 253 if (!map->handle) { 254 kfree(map); 255 return -ENOMEM; 256 } 257 map->offset = (unsigned long)map->handle; 258 if (map->flags & _DRM_CONTAINS_LOCK) { 259 /* Prevent a 2nd X Server from creating a 2nd lock */ 260 if (dev->primary->master->lock.hw_lock != NULL) { 261 vfree(map->handle); 262 kfree(map); 263 return -EBUSY; 264 } 265 dev->sigdata.lock = dev->primary->master->lock.hw_lock = map->handle; /* Pointer to lock */ 266 } 267 break; 268 case _DRM_AGP: { 269 struct drm_agp_mem *entry; 270 int valid = 0; 271 272 if (!drm_core_has_AGP(dev)) { 273 kfree(map); 274 return -EINVAL; 275 } 276 #ifdef __alpha__ 277 map->offset += dev->hose->mem_space->start; 278 #endif 279 /* In some cases (i810 driver), user space may have already 280 * added the AGP base itself, because dev->agp->base previously 281 * only got set during AGP enable. So, only add the base 282 * address if the map's offset isn't already within the 283 * aperture. 284 */ 285 if (map->offset < dev->agp->base || 286 map->offset > dev->agp->base + 287 dev->agp->agp_info.aper_size * 1024 * 1024 - 1) { 288 map->offset += dev->agp->base; 289 } 290 map->mtrr = dev->agp->agp_mtrr; /* for getmap */ 291 292 /* This assumes the DRM is in total control of AGP space. 293 * It's not always the case as AGP can be in the control 294 * of user space (i.e. i810 driver). So this loop will get 295 * skipped and we double check that dev->agp->memory is 296 * actually set as well as being invalid before EPERM'ing 297 */ 298 list_for_each_entry(entry, &dev->agp->memory, head) { 299 if ((map->offset >= entry->bound) && 300 (map->offset + map->size <= entry->bound + entry->pages * PAGE_SIZE)) { 301 valid = 1; 302 break; 303 } 304 } 305 if (!list_empty(&dev->agp->memory) && !valid) { 306 kfree(map); 307 return -EPERM; 308 } 309 DRM_DEBUG("AGP offset = 0x%08llx, size = 0x%08lx\n", 310 (unsigned long long)map->offset, map->size); 311 312 break; 313 } 314 case _DRM_GEM: 315 DRM_ERROR("tried to addmap GEM object\n"); 316 break; 317 case _DRM_SCATTER_GATHER: 318 if (!dev->sg) { 319 kfree(map); 320 return -EINVAL; 321 } 322 map->offset += (unsigned long)dev->sg->virtual; 323 break; 324 case _DRM_CONSISTENT: 325 /* dma_addr_t is 64bit on i386 with CONFIG_HIGHMEM64G, 326 * As we're limiting the address to 2^32-1 (or less), 327 * casting it down to 32 bits is no problem, but we 328 * need to point to a 64bit variable first. */ 329 dmah = drm_pci_alloc(dev, map->size, map->size); 330 if (!dmah) { 331 kfree(map); 332 return -ENOMEM; 333 } 334 map->handle = dmah->vaddr; 335 map->offset = (unsigned long)dmah->busaddr; 336 kfree(dmah); 337 break; 338 default: 339 kfree(map); 340 return -EINVAL; 341 } 342 343 list = kmalloc(sizeof(*list), GFP_KERNEL); 344 if (!list) { 345 if (map->type == _DRM_REGISTERS) 346 iounmap(map->handle); 347 kfree(map); 348 return -EINVAL; 349 } 350 memset(list, 0, sizeof(*list)); 351 list->map = map; 352 353 mutex_lock(&dev->struct_mutex); 354 list_add(&list->head, &dev->maplist); 355 356 /* Assign a 32-bit handle */ 357 /* We do it here so that dev->struct_mutex protects the increment */ 358 user_token = (map->type == _DRM_SHM) ? (unsigned long)map->handle : 359 map->offset; 360 ret = drm_map_handle(dev, &list->hash, user_token, 0, 361 (map->type == _DRM_SHM)); 362 if (ret) { 363 if (map->type == _DRM_REGISTERS) 364 iounmap(map->handle); 365 kfree(map); 366 kfree(list); 367 mutex_unlock(&dev->struct_mutex); 368 return ret; 369 } 370 371 list->user_token = list->hash.key << PAGE_SHIFT; 372 mutex_unlock(&dev->struct_mutex); 373 374 if (!(map->flags & _DRM_DRIVER)) 375 list->master = dev->primary->master; 376 *maplist = list; 377 return 0; 378 } 379 380 int drm_addmap(struct drm_device * dev, resource_size_t offset, 381 unsigned int size, enum drm_map_type type, 382 enum drm_map_flags flags, struct drm_local_map ** map_ptr) 383 { 384 struct drm_map_list *list; 385 int rc; 386 387 rc = drm_addmap_core(dev, offset, size, type, flags, &list); 388 if (!rc) 389 *map_ptr = list->map; 390 return rc; 391 } 392 393 EXPORT_SYMBOL(drm_addmap); 394 395 /** 396 * Ioctl to specify a range of memory that is available for mapping by a 397 * non-root process. 398 * 399 * \param inode device inode. 400 * \param file_priv DRM file private. 401 * \param cmd command. 402 * \param arg pointer to a drm_map structure. 403 * \return zero on success or a negative value on error. 404 * 405 */ 406 int drm_addmap_ioctl(struct drm_device *dev, void *data, 407 struct drm_file *file_priv) 408 { 409 struct drm_map *map = data; 410 struct drm_map_list *maplist; 411 int err; 412 413 if (!(capable(CAP_SYS_ADMIN) || map->type == _DRM_AGP || map->type == _DRM_SHM)) 414 return -EPERM; 415 416 err = drm_addmap_core(dev, map->offset, map->size, map->type, 417 map->flags, &maplist); 418 419 if (err) 420 return err; 421 422 /* avoid a warning on 64-bit, this casting isn't very nice, but the API is set so too late */ 423 map->handle = (void *)(unsigned long)maplist->user_token; 424 return 0; 425 } 426 427 /** 428 * Remove a map private from list and deallocate resources if the mapping 429 * isn't in use. 430 * 431 * Searches the map on drm_device::maplist, removes it from the list, see if 432 * its being used, and free any associate resource (such as MTRR's) if it's not 433 * being on use. 434 * 435 * \sa drm_addmap 436 */ 437 int drm_rmmap_locked(struct drm_device *dev, struct drm_local_map *map) 438 { 439 struct drm_map_list *r_list = NULL, *list_t; 440 drm_dma_handle_t dmah; 441 int found = 0; 442 struct drm_master *master; 443 444 /* Find the list entry for the map and remove it */ 445 list_for_each_entry_safe(r_list, list_t, &dev->maplist, head) { 446 if (r_list->map == map) { 447 master = r_list->master; 448 list_del(&r_list->head); 449 drm_ht_remove_key(&dev->map_hash, 450 r_list->user_token >> PAGE_SHIFT); 451 kfree(r_list); 452 found = 1; 453 break; 454 } 455 } 456 457 if (!found) 458 return -EINVAL; 459 460 switch (map->type) { 461 case _DRM_REGISTERS: 462 iounmap(map->handle); 463 /* FALLTHROUGH */ 464 case _DRM_FRAME_BUFFER: 465 if (drm_core_has_MTRR(dev) && map->mtrr >= 0) { 466 int retcode; 467 retcode = mtrr_del(map->mtrr, map->offset, map->size); 468 DRM_DEBUG("mtrr_del=%d\n", retcode); 469 } 470 break; 471 case _DRM_SHM: 472 vfree(map->handle); 473 if (master) { 474 if (dev->sigdata.lock == master->lock.hw_lock) 475 dev->sigdata.lock = NULL; 476 master->lock.hw_lock = NULL; /* SHM removed */ 477 master->lock.file_priv = NULL; 478 wake_up_interruptible_all(&master->lock.lock_queue); 479 } 480 break; 481 case _DRM_AGP: 482 case _DRM_SCATTER_GATHER: 483 break; 484 case _DRM_CONSISTENT: 485 dmah.vaddr = map->handle; 486 dmah.busaddr = map->offset; 487 dmah.size = map->size; 488 __drm_pci_free(dev, &dmah); 489 break; 490 case _DRM_GEM: 491 DRM_ERROR("tried to rmmap GEM object\n"); 492 break; 493 } 494 kfree(map); 495 496 return 0; 497 } 498 EXPORT_SYMBOL(drm_rmmap_locked); 499 500 int drm_rmmap(struct drm_device *dev, struct drm_local_map *map) 501 { 502 int ret; 503 504 mutex_lock(&dev->struct_mutex); 505 ret = drm_rmmap_locked(dev, map); 506 mutex_unlock(&dev->struct_mutex); 507 508 return ret; 509 } 510 EXPORT_SYMBOL(drm_rmmap); 511 512 /* The rmmap ioctl appears to be unnecessary. All mappings are torn down on 513 * the last close of the device, and this is necessary for cleanup when things 514 * exit uncleanly. Therefore, having userland manually remove mappings seems 515 * like a pointless exercise since they're going away anyway. 516 * 517 * One use case might be after addmap is allowed for normal users for SHM and 518 * gets used by drivers that the server doesn't need to care about. This seems 519 * unlikely. 520 * 521 * \param inode device inode. 522 * \param file_priv DRM file private. 523 * \param cmd command. 524 * \param arg pointer to a struct drm_map structure. 525 * \return zero on success or a negative value on error. 526 */ 527 int drm_rmmap_ioctl(struct drm_device *dev, void *data, 528 struct drm_file *file_priv) 529 { 530 struct drm_map *request = data; 531 struct drm_local_map *map = NULL; 532 struct drm_map_list *r_list; 533 int ret; 534 535 mutex_lock(&dev->struct_mutex); 536 list_for_each_entry(r_list, &dev->maplist, head) { 537 if (r_list->map && 538 r_list->user_token == (unsigned long)request->handle && 539 r_list->map->flags & _DRM_REMOVABLE) { 540 map = r_list->map; 541 break; 542 } 543 } 544 545 /* List has wrapped around to the head pointer, or its empty we didn't 546 * find anything. 547 */ 548 if (list_empty(&dev->maplist) || !map) { 549 mutex_unlock(&dev->struct_mutex); 550 return -EINVAL; 551 } 552 553 /* Register and framebuffer maps are permanent */ 554 if ((map->type == _DRM_REGISTERS) || (map->type == _DRM_FRAME_BUFFER)) { 555 mutex_unlock(&dev->struct_mutex); 556 return 0; 557 } 558 559 ret = drm_rmmap_locked(dev, map); 560 561 mutex_unlock(&dev->struct_mutex); 562 563 return ret; 564 } 565 566 /** 567 * Cleanup after an error on one of the addbufs() functions. 568 * 569 * \param dev DRM device. 570 * \param entry buffer entry where the error occurred. 571 * 572 * Frees any pages and buffers associated with the given entry. 573 */ 574 static void drm_cleanup_buf_error(struct drm_device * dev, 575 struct drm_buf_entry * entry) 576 { 577 int i; 578 579 if (entry->seg_count) { 580 for (i = 0; i < entry->seg_count; i++) { 581 if (entry->seglist[i]) { 582 drm_pci_free(dev, entry->seglist[i]); 583 } 584 } 585 kfree(entry->seglist); 586 587 entry->seg_count = 0; 588 } 589 590 if (entry->buf_count) { 591 for (i = 0; i < entry->buf_count; i++) { 592 kfree(entry->buflist[i].dev_private); 593 } 594 kfree(entry->buflist); 595 596 entry->buf_count = 0; 597 } 598 } 599 600 #if __OS_HAS_AGP 601 /** 602 * Add AGP buffers for DMA transfers. 603 * 604 * \param dev struct drm_device to which the buffers are to be added. 605 * \param request pointer to a struct drm_buf_desc describing the request. 606 * \return zero on success or a negative number on failure. 607 * 608 * After some sanity checks creates a drm_buf structure for each buffer and 609 * reallocates the buffer list of the same size order to accommodate the new 610 * buffers. 611 */ 612 int drm_addbufs_agp(struct drm_device * dev, struct drm_buf_desc * request) 613 { 614 struct drm_device_dma *dma = dev->dma; 615 struct drm_buf_entry *entry; 616 struct drm_agp_mem *agp_entry; 617 struct drm_buf *buf; 618 unsigned long offset; 619 unsigned long agp_offset; 620 int count; 621 int order; 622 int size; 623 int alignment; 624 int page_order; 625 int total; 626 int byte_count; 627 int i, valid; 628 struct drm_buf **temp_buflist; 629 630 if (!dma) 631 return -EINVAL; 632 633 count = request->count; 634 order = drm_order(request->size); 635 size = 1 << order; 636 637 alignment = (request->flags & _DRM_PAGE_ALIGN) 638 ? PAGE_ALIGN(size) : size; 639 page_order = order - PAGE_SHIFT > 0 ? order - PAGE_SHIFT : 0; 640 total = PAGE_SIZE << page_order; 641 642 byte_count = 0; 643 agp_offset = dev->agp->base + request->agp_start; 644 645 DRM_DEBUG("count: %d\n", count); 646 DRM_DEBUG("order: %d\n", order); 647 DRM_DEBUG("size: %d\n", size); 648 DRM_DEBUG("agp_offset: %lx\n", agp_offset); 649 DRM_DEBUG("alignment: %d\n", alignment); 650 DRM_DEBUG("page_order: %d\n", page_order); 651 DRM_DEBUG("total: %d\n", total); 652 653 if (order < DRM_MIN_ORDER || order > DRM_MAX_ORDER) 654 return -EINVAL; 655 if (dev->queue_count) 656 return -EBUSY; /* Not while in use */ 657 658 /* Make sure buffers are located in AGP memory that we own */ 659 valid = 0; 660 list_for_each_entry(agp_entry, &dev->agp->memory, head) { 661 if ((agp_offset >= agp_entry->bound) && 662 (agp_offset + total * count <= agp_entry->bound + agp_entry->pages * PAGE_SIZE)) { 663 valid = 1; 664 break; 665 } 666 } 667 if (!list_empty(&dev->agp->memory) && !valid) { 668 DRM_DEBUG("zone invalid\n"); 669 return -EINVAL; 670 } 671 spin_lock(&dev->count_lock); 672 if (dev->buf_use) { 673 spin_unlock(&dev->count_lock); 674 return -EBUSY; 675 } 676 atomic_inc(&dev->buf_alloc); 677 spin_unlock(&dev->count_lock); 678 679 mutex_lock(&dev->struct_mutex); 680 entry = &dma->bufs[order]; 681 if (entry->buf_count) { 682 mutex_unlock(&dev->struct_mutex); 683 atomic_dec(&dev->buf_alloc); 684 return -ENOMEM; /* May only call once for each order */ 685 } 686 687 if (count < 0 || count > 4096) { 688 mutex_unlock(&dev->struct_mutex); 689 atomic_dec(&dev->buf_alloc); 690 return -EINVAL; 691 } 692 693 entry->buflist = kmalloc(count * sizeof(*entry->buflist), GFP_KERNEL); 694 if (!entry->buflist) { 695 mutex_unlock(&dev->struct_mutex); 696 atomic_dec(&dev->buf_alloc); 697 return -ENOMEM; 698 } 699 memset(entry->buflist, 0, count * sizeof(*entry->buflist)); 700 701 entry->buf_size = size; 702 entry->page_order = page_order; 703 704 offset = 0; 705 706 while (entry->buf_count < count) { 707 buf = &entry->buflist[entry->buf_count]; 708 buf->idx = dma->buf_count + entry->buf_count; 709 buf->total = alignment; 710 buf->order = order; 711 buf->used = 0; 712 713 buf->offset = (dma->byte_count + offset); 714 buf->bus_address = agp_offset + offset; 715 buf->address = (void *)(agp_offset + offset); 716 buf->next = NULL; 717 buf->waiting = 0; 718 buf->pending = 0; 719 init_waitqueue_head(&buf->dma_wait); 720 buf->file_priv = NULL; 721 722 buf->dev_priv_size = dev->driver->dev_priv_size; 723 buf->dev_private = kmalloc(buf->dev_priv_size, GFP_KERNEL); 724 if (!buf->dev_private) { 725 /* Set count correctly so we free the proper amount. */ 726 entry->buf_count = count; 727 drm_cleanup_buf_error(dev, entry); 728 mutex_unlock(&dev->struct_mutex); 729 atomic_dec(&dev->buf_alloc); 730 return -ENOMEM; 731 } 732 memset(buf->dev_private, 0, buf->dev_priv_size); 733 734 DRM_DEBUG("buffer %d @ %p\n", entry->buf_count, buf->address); 735 736 offset += alignment; 737 entry->buf_count++; 738 byte_count += PAGE_SIZE << page_order; 739 } 740 741 DRM_DEBUG("byte_count: %d\n", byte_count); 742 743 temp_buflist = krealloc(dma->buflist, 744 (dma->buf_count + entry->buf_count) * 745 sizeof(*dma->buflist), GFP_KERNEL); 746 if (!temp_buflist) { 747 /* Free the entry because it isn't valid */ 748 drm_cleanup_buf_error(dev, entry); 749 mutex_unlock(&dev->struct_mutex); 750 atomic_dec(&dev->buf_alloc); 751 return -ENOMEM; 752 } 753 dma->buflist = temp_buflist; 754 755 for (i = 0; i < entry->buf_count; i++) { 756 dma->buflist[i + dma->buf_count] = &entry->buflist[i]; 757 } 758 759 dma->buf_count += entry->buf_count; 760 dma->seg_count += entry->seg_count; 761 dma->page_count += byte_count >> PAGE_SHIFT; 762 dma->byte_count += byte_count; 763 764 DRM_DEBUG("dma->buf_count : %d\n", dma->buf_count); 765 DRM_DEBUG("entry->buf_count : %d\n", entry->buf_count); 766 767 mutex_unlock(&dev->struct_mutex); 768 769 request->count = entry->buf_count; 770 request->size = size; 771 772 dma->flags = _DRM_DMA_USE_AGP; 773 774 atomic_dec(&dev->buf_alloc); 775 return 0; 776 } 777 EXPORT_SYMBOL(drm_addbufs_agp); 778 #endif /* __OS_HAS_AGP */ 779 780 int drm_addbufs_pci(struct drm_device * dev, struct drm_buf_desc * request) 781 { 782 struct drm_device_dma *dma = dev->dma; 783 int count; 784 int order; 785 int size; 786 int total; 787 int page_order; 788 struct drm_buf_entry *entry; 789 drm_dma_handle_t *dmah; 790 struct drm_buf *buf; 791 int alignment; 792 unsigned long offset; 793 int i; 794 int byte_count; 795 int page_count; 796 unsigned long *temp_pagelist; 797 struct drm_buf **temp_buflist; 798 799 if (!drm_core_check_feature(dev, DRIVER_PCI_DMA)) 800 return -EINVAL; 801 802 if (!dma) 803 return -EINVAL; 804 805 if (!capable(CAP_SYS_ADMIN)) 806 return -EPERM; 807 808 count = request->count; 809 order = drm_order(request->size); 810 size = 1 << order; 811 812 DRM_DEBUG("count=%d, size=%d (%d), order=%d, queue_count=%d\n", 813 request->count, request->size, size, order, dev->queue_count); 814 815 if (order < DRM_MIN_ORDER || order > DRM_MAX_ORDER) 816 return -EINVAL; 817 if (dev->queue_count) 818 return -EBUSY; /* Not while in use */ 819 820 alignment = (request->flags & _DRM_PAGE_ALIGN) 821 ? PAGE_ALIGN(size) : size; 822 page_order = order - PAGE_SHIFT > 0 ? order - PAGE_SHIFT : 0; 823 total = PAGE_SIZE << page_order; 824 825 spin_lock(&dev->count_lock); 826 if (dev->buf_use) { 827 spin_unlock(&dev->count_lock); 828 return -EBUSY; 829 } 830 atomic_inc(&dev->buf_alloc); 831 spin_unlock(&dev->count_lock); 832 833 mutex_lock(&dev->struct_mutex); 834 entry = &dma->bufs[order]; 835 if (entry->buf_count) { 836 mutex_unlock(&dev->struct_mutex); 837 atomic_dec(&dev->buf_alloc); 838 return -ENOMEM; /* May only call once for each order */ 839 } 840 841 if (count < 0 || count > 4096) { 842 mutex_unlock(&dev->struct_mutex); 843 atomic_dec(&dev->buf_alloc); 844 return -EINVAL; 845 } 846 847 entry->buflist = kmalloc(count * sizeof(*entry->buflist), GFP_KERNEL); 848 if (!entry->buflist) { 849 mutex_unlock(&dev->struct_mutex); 850 atomic_dec(&dev->buf_alloc); 851 return -ENOMEM; 852 } 853 memset(entry->buflist, 0, count * sizeof(*entry->buflist)); 854 855 entry->seglist = kmalloc(count * sizeof(*entry->seglist), GFP_KERNEL); 856 if (!entry->seglist) { 857 kfree(entry->buflist); 858 mutex_unlock(&dev->struct_mutex); 859 atomic_dec(&dev->buf_alloc); 860 return -ENOMEM; 861 } 862 memset(entry->seglist, 0, count * sizeof(*entry->seglist)); 863 864 /* Keep the original pagelist until we know all the allocations 865 * have succeeded 866 */ 867 temp_pagelist = kmalloc((dma->page_count + (count << page_order)) * 868 sizeof(*dma->pagelist), GFP_KERNEL); 869 if (!temp_pagelist) { 870 kfree(entry->buflist); 871 kfree(entry->seglist); 872 mutex_unlock(&dev->struct_mutex); 873 atomic_dec(&dev->buf_alloc); 874 return -ENOMEM; 875 } 876 memcpy(temp_pagelist, 877 dma->pagelist, dma->page_count * sizeof(*dma->pagelist)); 878 DRM_DEBUG("pagelist: %d entries\n", 879 dma->page_count + (count << page_order)); 880 881 entry->buf_size = size; 882 entry->page_order = page_order; 883 byte_count = 0; 884 page_count = 0; 885 886 while (entry->buf_count < count) { 887 888 dmah = drm_pci_alloc(dev, PAGE_SIZE << page_order, 0x1000); 889 890 if (!dmah) { 891 /* Set count correctly so we free the proper amount. */ 892 entry->buf_count = count; 893 entry->seg_count = count; 894 drm_cleanup_buf_error(dev, entry); 895 kfree(temp_pagelist); 896 mutex_unlock(&dev->struct_mutex); 897 atomic_dec(&dev->buf_alloc); 898 return -ENOMEM; 899 } 900 entry->seglist[entry->seg_count++] = dmah; 901 for (i = 0; i < (1 << page_order); i++) { 902 DRM_DEBUG("page %d @ 0x%08lx\n", 903 dma->page_count + page_count, 904 (unsigned long)dmah->vaddr + PAGE_SIZE * i); 905 temp_pagelist[dma->page_count + page_count++] 906 = (unsigned long)dmah->vaddr + PAGE_SIZE * i; 907 } 908 for (offset = 0; 909 offset + size <= total && entry->buf_count < count; 910 offset += alignment, ++entry->buf_count) { 911 buf = &entry->buflist[entry->buf_count]; 912 buf->idx = dma->buf_count + entry->buf_count; 913 buf->total = alignment; 914 buf->order = order; 915 buf->used = 0; 916 buf->offset = (dma->byte_count + byte_count + offset); 917 buf->address = (void *)(dmah->vaddr + offset); 918 buf->bus_address = dmah->busaddr + offset; 919 buf->next = NULL; 920 buf->waiting = 0; 921 buf->pending = 0; 922 init_waitqueue_head(&buf->dma_wait); 923 buf->file_priv = NULL; 924 925 buf->dev_priv_size = dev->driver->dev_priv_size; 926 buf->dev_private = kmalloc(buf->dev_priv_size, 927 GFP_KERNEL); 928 if (!buf->dev_private) { 929 /* Set count correctly so we free the proper amount. */ 930 entry->buf_count = count; 931 entry->seg_count = count; 932 drm_cleanup_buf_error(dev, entry); 933 kfree(temp_pagelist); 934 mutex_unlock(&dev->struct_mutex); 935 atomic_dec(&dev->buf_alloc); 936 return -ENOMEM; 937 } 938 memset(buf->dev_private, 0, buf->dev_priv_size); 939 940 DRM_DEBUG("buffer %d @ %p\n", 941 entry->buf_count, buf->address); 942 } 943 byte_count += PAGE_SIZE << page_order; 944 } 945 946 temp_buflist = krealloc(dma->buflist, 947 (dma->buf_count + entry->buf_count) * 948 sizeof(*dma->buflist), GFP_KERNEL); 949 if (!temp_buflist) { 950 /* Free the entry because it isn't valid */ 951 drm_cleanup_buf_error(dev, entry); 952 kfree(temp_pagelist); 953 mutex_unlock(&dev->struct_mutex); 954 atomic_dec(&dev->buf_alloc); 955 return -ENOMEM; 956 } 957 dma->buflist = temp_buflist; 958 959 for (i = 0; i < entry->buf_count; i++) { 960 dma->buflist[i + dma->buf_count] = &entry->buflist[i]; 961 } 962 963 /* No allocations failed, so now we can replace the orginal pagelist 964 * with the new one. 965 */ 966 if (dma->page_count) { 967 kfree(dma->pagelist); 968 } 969 dma->pagelist = temp_pagelist; 970 971 dma->buf_count += entry->buf_count; 972 dma->seg_count += entry->seg_count; 973 dma->page_count += entry->seg_count << page_order; 974 dma->byte_count += PAGE_SIZE * (entry->seg_count << page_order); 975 976 mutex_unlock(&dev->struct_mutex); 977 978 request->count = entry->buf_count; 979 request->size = size; 980 981 if (request->flags & _DRM_PCI_BUFFER_RO) 982 dma->flags = _DRM_DMA_USE_PCI_RO; 983 984 atomic_dec(&dev->buf_alloc); 985 return 0; 986 987 } 988 EXPORT_SYMBOL(drm_addbufs_pci); 989 990 static int drm_addbufs_sg(struct drm_device * dev, struct drm_buf_desc * request) 991 { 992 struct drm_device_dma *dma = dev->dma; 993 struct drm_buf_entry *entry; 994 struct drm_buf *buf; 995 unsigned long offset; 996 unsigned long agp_offset; 997 int count; 998 int order; 999 int size; 1000 int alignment; 1001 int page_order; 1002 int total; 1003 int byte_count; 1004 int i; 1005 struct drm_buf **temp_buflist; 1006 1007 if (!drm_core_check_feature(dev, DRIVER_SG)) 1008 return -EINVAL; 1009 1010 if (!dma) 1011 return -EINVAL; 1012 1013 if (!capable(CAP_SYS_ADMIN)) 1014 return -EPERM; 1015 1016 count = request->count; 1017 order = drm_order(request->size); 1018 size = 1 << order; 1019 1020 alignment = (request->flags & _DRM_PAGE_ALIGN) 1021 ? PAGE_ALIGN(size) : size; 1022 page_order = order - PAGE_SHIFT > 0 ? order - PAGE_SHIFT : 0; 1023 total = PAGE_SIZE << page_order; 1024 1025 byte_count = 0; 1026 agp_offset = request->agp_start; 1027 1028 DRM_DEBUG("count: %d\n", count); 1029 DRM_DEBUG("order: %d\n", order); 1030 DRM_DEBUG("size: %d\n", size); 1031 DRM_DEBUG("agp_offset: %lu\n", agp_offset); 1032 DRM_DEBUG("alignment: %d\n", alignment); 1033 DRM_DEBUG("page_order: %d\n", page_order); 1034 DRM_DEBUG("total: %d\n", total); 1035 1036 if (order < DRM_MIN_ORDER || order > DRM_MAX_ORDER) 1037 return -EINVAL; 1038 if (dev->queue_count) 1039 return -EBUSY; /* Not while in use */ 1040 1041 spin_lock(&dev->count_lock); 1042 if (dev->buf_use) { 1043 spin_unlock(&dev->count_lock); 1044 return -EBUSY; 1045 } 1046 atomic_inc(&dev->buf_alloc); 1047 spin_unlock(&dev->count_lock); 1048 1049 mutex_lock(&dev->struct_mutex); 1050 entry = &dma->bufs[order]; 1051 if (entry->buf_count) { 1052 mutex_unlock(&dev->struct_mutex); 1053 atomic_dec(&dev->buf_alloc); 1054 return -ENOMEM; /* May only call once for each order */ 1055 } 1056 1057 if (count < 0 || count > 4096) { 1058 mutex_unlock(&dev->struct_mutex); 1059 atomic_dec(&dev->buf_alloc); 1060 return -EINVAL; 1061 } 1062 1063 entry->buflist = kmalloc(count * sizeof(*entry->buflist), 1064 GFP_KERNEL); 1065 if (!entry->buflist) { 1066 mutex_unlock(&dev->struct_mutex); 1067 atomic_dec(&dev->buf_alloc); 1068 return -ENOMEM; 1069 } 1070 memset(entry->buflist, 0, count * sizeof(*entry->buflist)); 1071 1072 entry->buf_size = size; 1073 entry->page_order = page_order; 1074 1075 offset = 0; 1076 1077 while (entry->buf_count < count) { 1078 buf = &entry->buflist[entry->buf_count]; 1079 buf->idx = dma->buf_count + entry->buf_count; 1080 buf->total = alignment; 1081 buf->order = order; 1082 buf->used = 0; 1083 1084 buf->offset = (dma->byte_count + offset); 1085 buf->bus_address = agp_offset + offset; 1086 buf->address = (void *)(agp_offset + offset 1087 + (unsigned long)dev->sg->virtual); 1088 buf->next = NULL; 1089 buf->waiting = 0; 1090 buf->pending = 0; 1091 init_waitqueue_head(&buf->dma_wait); 1092 buf->file_priv = NULL; 1093 1094 buf->dev_priv_size = dev->driver->dev_priv_size; 1095 buf->dev_private = kmalloc(buf->dev_priv_size, GFP_KERNEL); 1096 if (!buf->dev_private) { 1097 /* Set count correctly so we free the proper amount. */ 1098 entry->buf_count = count; 1099 drm_cleanup_buf_error(dev, entry); 1100 mutex_unlock(&dev->struct_mutex); 1101 atomic_dec(&dev->buf_alloc); 1102 return -ENOMEM; 1103 } 1104 1105 memset(buf->dev_private, 0, buf->dev_priv_size); 1106 1107 DRM_DEBUG("buffer %d @ %p\n", entry->buf_count, buf->address); 1108 1109 offset += alignment; 1110 entry->buf_count++; 1111 byte_count += PAGE_SIZE << page_order; 1112 } 1113 1114 DRM_DEBUG("byte_count: %d\n", byte_count); 1115 1116 temp_buflist = krealloc(dma->buflist, 1117 (dma->buf_count + entry->buf_count) * 1118 sizeof(*dma->buflist), GFP_KERNEL); 1119 if (!temp_buflist) { 1120 /* Free the entry because it isn't valid */ 1121 drm_cleanup_buf_error(dev, entry); 1122 mutex_unlock(&dev->struct_mutex); 1123 atomic_dec(&dev->buf_alloc); 1124 return -ENOMEM; 1125 } 1126 dma->buflist = temp_buflist; 1127 1128 for (i = 0; i < entry->buf_count; i++) { 1129 dma->buflist[i + dma->buf_count] = &entry->buflist[i]; 1130 } 1131 1132 dma->buf_count += entry->buf_count; 1133 dma->seg_count += entry->seg_count; 1134 dma->page_count += byte_count >> PAGE_SHIFT; 1135 dma->byte_count += byte_count; 1136 1137 DRM_DEBUG("dma->buf_count : %d\n", dma->buf_count); 1138 DRM_DEBUG("entry->buf_count : %d\n", entry->buf_count); 1139 1140 mutex_unlock(&dev->struct_mutex); 1141 1142 request->count = entry->buf_count; 1143 request->size = size; 1144 1145 dma->flags = _DRM_DMA_USE_SG; 1146 1147 atomic_dec(&dev->buf_alloc); 1148 return 0; 1149 } 1150 1151 static int drm_addbufs_fb(struct drm_device * dev, struct drm_buf_desc * request) 1152 { 1153 struct drm_device_dma *dma = dev->dma; 1154 struct drm_buf_entry *entry; 1155 struct drm_buf *buf; 1156 unsigned long offset; 1157 unsigned long agp_offset; 1158 int count; 1159 int order; 1160 int size; 1161 int alignment; 1162 int page_order; 1163 int total; 1164 int byte_count; 1165 int i; 1166 struct drm_buf **temp_buflist; 1167 1168 if (!drm_core_check_feature(dev, DRIVER_FB_DMA)) 1169 return -EINVAL; 1170 1171 if (!dma) 1172 return -EINVAL; 1173 1174 if (!capable(CAP_SYS_ADMIN)) 1175 return -EPERM; 1176 1177 count = request->count; 1178 order = drm_order(request->size); 1179 size = 1 << order; 1180 1181 alignment = (request->flags & _DRM_PAGE_ALIGN) 1182 ? PAGE_ALIGN(size) : size; 1183 page_order = order - PAGE_SHIFT > 0 ? order - PAGE_SHIFT : 0; 1184 total = PAGE_SIZE << page_order; 1185 1186 byte_count = 0; 1187 agp_offset = request->agp_start; 1188 1189 DRM_DEBUG("count: %d\n", count); 1190 DRM_DEBUG("order: %d\n", order); 1191 DRM_DEBUG("size: %d\n", size); 1192 DRM_DEBUG("agp_offset: %lu\n", agp_offset); 1193 DRM_DEBUG("alignment: %d\n", alignment); 1194 DRM_DEBUG("page_order: %d\n", page_order); 1195 DRM_DEBUG("total: %d\n", total); 1196 1197 if (order < DRM_MIN_ORDER || order > DRM_MAX_ORDER) 1198 return -EINVAL; 1199 if (dev->queue_count) 1200 return -EBUSY; /* Not while in use */ 1201 1202 spin_lock(&dev->count_lock); 1203 if (dev->buf_use) { 1204 spin_unlock(&dev->count_lock); 1205 return -EBUSY; 1206 } 1207 atomic_inc(&dev->buf_alloc); 1208 spin_unlock(&dev->count_lock); 1209 1210 mutex_lock(&dev->struct_mutex); 1211 entry = &dma->bufs[order]; 1212 if (entry->buf_count) { 1213 mutex_unlock(&dev->struct_mutex); 1214 atomic_dec(&dev->buf_alloc); 1215 return -ENOMEM; /* May only call once for each order */ 1216 } 1217 1218 if (count < 0 || count > 4096) { 1219 mutex_unlock(&dev->struct_mutex); 1220 atomic_dec(&dev->buf_alloc); 1221 return -EINVAL; 1222 } 1223 1224 entry->buflist = kmalloc(count * sizeof(*entry->buflist), 1225 GFP_KERNEL); 1226 if (!entry->buflist) { 1227 mutex_unlock(&dev->struct_mutex); 1228 atomic_dec(&dev->buf_alloc); 1229 return -ENOMEM; 1230 } 1231 memset(entry->buflist, 0, count * sizeof(*entry->buflist)); 1232 1233 entry->buf_size = size; 1234 entry->page_order = page_order; 1235 1236 offset = 0; 1237 1238 while (entry->buf_count < count) { 1239 buf = &entry->buflist[entry->buf_count]; 1240 buf->idx = dma->buf_count + entry->buf_count; 1241 buf->total = alignment; 1242 buf->order = order; 1243 buf->used = 0; 1244 1245 buf->offset = (dma->byte_count + offset); 1246 buf->bus_address = agp_offset + offset; 1247 buf->address = (void *)(agp_offset + offset); 1248 buf->next = NULL; 1249 buf->waiting = 0; 1250 buf->pending = 0; 1251 init_waitqueue_head(&buf->dma_wait); 1252 buf->file_priv = NULL; 1253 1254 buf->dev_priv_size = dev->driver->dev_priv_size; 1255 buf->dev_private = kmalloc(buf->dev_priv_size, GFP_KERNEL); 1256 if (!buf->dev_private) { 1257 /* Set count correctly so we free the proper amount. */ 1258 entry->buf_count = count; 1259 drm_cleanup_buf_error(dev, entry); 1260 mutex_unlock(&dev->struct_mutex); 1261 atomic_dec(&dev->buf_alloc); 1262 return -ENOMEM; 1263 } 1264 memset(buf->dev_private, 0, buf->dev_priv_size); 1265 1266 DRM_DEBUG("buffer %d @ %p\n", entry->buf_count, buf->address); 1267 1268 offset += alignment; 1269 entry->buf_count++; 1270 byte_count += PAGE_SIZE << page_order; 1271 } 1272 1273 DRM_DEBUG("byte_count: %d\n", byte_count); 1274 1275 temp_buflist = krealloc(dma->buflist, 1276 (dma->buf_count + entry->buf_count) * 1277 sizeof(*dma->buflist), GFP_KERNEL); 1278 if (!temp_buflist) { 1279 /* Free the entry because it isn't valid */ 1280 drm_cleanup_buf_error(dev, entry); 1281 mutex_unlock(&dev->struct_mutex); 1282 atomic_dec(&dev->buf_alloc); 1283 return -ENOMEM; 1284 } 1285 dma->buflist = temp_buflist; 1286 1287 for (i = 0; i < entry->buf_count; i++) { 1288 dma->buflist[i + dma->buf_count] = &entry->buflist[i]; 1289 } 1290 1291 dma->buf_count += entry->buf_count; 1292 dma->seg_count += entry->seg_count; 1293 dma->page_count += byte_count >> PAGE_SHIFT; 1294 dma->byte_count += byte_count; 1295 1296 DRM_DEBUG("dma->buf_count : %d\n", dma->buf_count); 1297 DRM_DEBUG("entry->buf_count : %d\n", entry->buf_count); 1298 1299 mutex_unlock(&dev->struct_mutex); 1300 1301 request->count = entry->buf_count; 1302 request->size = size; 1303 1304 dma->flags = _DRM_DMA_USE_FB; 1305 1306 atomic_dec(&dev->buf_alloc); 1307 return 0; 1308 } 1309 1310 1311 /** 1312 * Add buffers for DMA transfers (ioctl). 1313 * 1314 * \param inode device inode. 1315 * \param file_priv DRM file private. 1316 * \param cmd command. 1317 * \param arg pointer to a struct drm_buf_desc request. 1318 * \return zero on success or a negative number on failure. 1319 * 1320 * According with the memory type specified in drm_buf_desc::flags and the 1321 * build options, it dispatches the call either to addbufs_agp(), 1322 * addbufs_sg() or addbufs_pci() for AGP, scatter-gather or consistent 1323 * PCI memory respectively. 1324 */ 1325 int drm_addbufs(struct drm_device *dev, void *data, 1326 struct drm_file *file_priv) 1327 { 1328 struct drm_buf_desc *request = data; 1329 int ret; 1330 1331 if (!drm_core_check_feature(dev, DRIVER_HAVE_DMA)) 1332 return -EINVAL; 1333 1334 #if __OS_HAS_AGP 1335 if (request->flags & _DRM_AGP_BUFFER) 1336 ret = drm_addbufs_agp(dev, request); 1337 else 1338 #endif 1339 if (request->flags & _DRM_SG_BUFFER) 1340 ret = drm_addbufs_sg(dev, request); 1341 else if (request->flags & _DRM_FB_BUFFER) 1342 ret = drm_addbufs_fb(dev, request); 1343 else 1344 ret = drm_addbufs_pci(dev, request); 1345 1346 return ret; 1347 } 1348 1349 /** 1350 * Get information about the buffer mappings. 1351 * 1352 * This was originally mean for debugging purposes, or by a sophisticated 1353 * client library to determine how best to use the available buffers (e.g., 1354 * large buffers can be used for image transfer). 1355 * 1356 * \param inode device inode. 1357 * \param file_priv DRM file private. 1358 * \param cmd command. 1359 * \param arg pointer to a drm_buf_info structure. 1360 * \return zero on success or a negative number on failure. 1361 * 1362 * Increments drm_device::buf_use while holding the drm_device::count_lock 1363 * lock, preventing of allocating more buffers after this call. Information 1364 * about each requested buffer is then copied into user space. 1365 */ 1366 int drm_infobufs(struct drm_device *dev, void *data, 1367 struct drm_file *file_priv) 1368 { 1369 struct drm_device_dma *dma = dev->dma; 1370 struct drm_buf_info *request = data; 1371 int i; 1372 int count; 1373 1374 if (!drm_core_check_feature(dev, DRIVER_HAVE_DMA)) 1375 return -EINVAL; 1376 1377 if (!dma) 1378 return -EINVAL; 1379 1380 spin_lock(&dev->count_lock); 1381 if (atomic_read(&dev->buf_alloc)) { 1382 spin_unlock(&dev->count_lock); 1383 return -EBUSY; 1384 } 1385 ++dev->buf_use; /* Can't allocate more after this call */ 1386 spin_unlock(&dev->count_lock); 1387 1388 for (i = 0, count = 0; i < DRM_MAX_ORDER + 1; i++) { 1389 if (dma->bufs[i].buf_count) 1390 ++count; 1391 } 1392 1393 DRM_DEBUG("count = %d\n", count); 1394 1395 if (request->count >= count) { 1396 for (i = 0, count = 0; i < DRM_MAX_ORDER + 1; i++) { 1397 if (dma->bufs[i].buf_count) { 1398 struct drm_buf_desc __user *to = 1399 &request->list[count]; 1400 struct drm_buf_entry *from = &dma->bufs[i]; 1401 struct drm_freelist *list = &dma->bufs[i].freelist; 1402 if (copy_to_user(&to->count, 1403 &from->buf_count, 1404 sizeof(from->buf_count)) || 1405 copy_to_user(&to->size, 1406 &from->buf_size, 1407 sizeof(from->buf_size)) || 1408 copy_to_user(&to->low_mark, 1409 &list->low_mark, 1410 sizeof(list->low_mark)) || 1411 copy_to_user(&to->high_mark, 1412 &list->high_mark, 1413 sizeof(list->high_mark))) 1414 return -EFAULT; 1415 1416 DRM_DEBUG("%d %d %d %d %d\n", 1417 i, 1418 dma->bufs[i].buf_count, 1419 dma->bufs[i].buf_size, 1420 dma->bufs[i].freelist.low_mark, 1421 dma->bufs[i].freelist.high_mark); 1422 ++count; 1423 } 1424 } 1425 } 1426 request->count = count; 1427 1428 return 0; 1429 } 1430 1431 /** 1432 * Specifies a low and high water mark for buffer allocation 1433 * 1434 * \param inode device inode. 1435 * \param file_priv DRM file private. 1436 * \param cmd command. 1437 * \param arg a pointer to a drm_buf_desc structure. 1438 * \return zero on success or a negative number on failure. 1439 * 1440 * Verifies that the size order is bounded between the admissible orders and 1441 * updates the respective drm_device_dma::bufs entry low and high water mark. 1442 * 1443 * \note This ioctl is deprecated and mostly never used. 1444 */ 1445 int drm_markbufs(struct drm_device *dev, void *data, 1446 struct drm_file *file_priv) 1447 { 1448 struct drm_device_dma *dma = dev->dma; 1449 struct drm_buf_desc *request = data; 1450 int order; 1451 struct drm_buf_entry *entry; 1452 1453 if (!drm_core_check_feature(dev, DRIVER_HAVE_DMA)) 1454 return -EINVAL; 1455 1456 if (!dma) 1457 return -EINVAL; 1458 1459 DRM_DEBUG("%d, %d, %d\n", 1460 request->size, request->low_mark, request->high_mark); 1461 order = drm_order(request->size); 1462 if (order < DRM_MIN_ORDER || order > DRM_MAX_ORDER) 1463 return -EINVAL; 1464 entry = &dma->bufs[order]; 1465 1466 if (request->low_mark < 0 || request->low_mark > entry->buf_count) 1467 return -EINVAL; 1468 if (request->high_mark < 0 || request->high_mark > entry->buf_count) 1469 return -EINVAL; 1470 1471 entry->freelist.low_mark = request->low_mark; 1472 entry->freelist.high_mark = request->high_mark; 1473 1474 return 0; 1475 } 1476 1477 /** 1478 * Unreserve the buffers in list, previously reserved using drmDMA. 1479 * 1480 * \param inode device inode. 1481 * \param file_priv DRM file private. 1482 * \param cmd command. 1483 * \param arg pointer to a drm_buf_free structure. 1484 * \return zero on success or a negative number on failure. 1485 * 1486 * Calls free_buffer() for each used buffer. 1487 * This function is primarily used for debugging. 1488 */ 1489 int drm_freebufs(struct drm_device *dev, void *data, 1490 struct drm_file *file_priv) 1491 { 1492 struct drm_device_dma *dma = dev->dma; 1493 struct drm_buf_free *request = data; 1494 int i; 1495 int idx; 1496 struct drm_buf *buf; 1497 1498 if (!drm_core_check_feature(dev, DRIVER_HAVE_DMA)) 1499 return -EINVAL; 1500 1501 if (!dma) 1502 return -EINVAL; 1503 1504 DRM_DEBUG("%d\n", request->count); 1505 for (i = 0; i < request->count; i++) { 1506 if (copy_from_user(&idx, &request->list[i], sizeof(idx))) 1507 return -EFAULT; 1508 if (idx < 0 || idx >= dma->buf_count) { 1509 DRM_ERROR("Index %d (of %d max)\n", 1510 idx, dma->buf_count - 1); 1511 return -EINVAL; 1512 } 1513 buf = dma->buflist[idx]; 1514 if (buf->file_priv != file_priv) { 1515 DRM_ERROR("Process %d freeing buffer not owned\n", 1516 task_pid_nr(current)); 1517 return -EINVAL; 1518 } 1519 drm_free_buffer(dev, buf); 1520 } 1521 1522 return 0; 1523 } 1524 1525 /** 1526 * Maps all of the DMA buffers into client-virtual space (ioctl). 1527 * 1528 * \param inode device inode. 1529 * \param file_priv DRM file private. 1530 * \param cmd command. 1531 * \param arg pointer to a drm_buf_map structure. 1532 * \return zero on success or a negative number on failure. 1533 * 1534 * Maps the AGP, SG or PCI buffer region with do_mmap(), and copies information 1535 * about each buffer into user space. For PCI buffers, it calls do_mmap() with 1536 * offset equal to 0, which drm_mmap() interpretes as PCI buffers and calls 1537 * drm_mmap_dma(). 1538 */ 1539 int drm_mapbufs(struct drm_device *dev, void *data, 1540 struct drm_file *file_priv) 1541 { 1542 struct drm_device_dma *dma = dev->dma; 1543 int retcode = 0; 1544 const int zero = 0; 1545 unsigned long virtual; 1546 unsigned long address; 1547 struct drm_buf_map *request = data; 1548 int i; 1549 1550 if (!drm_core_check_feature(dev, DRIVER_HAVE_DMA)) 1551 return -EINVAL; 1552 1553 if (!dma) 1554 return -EINVAL; 1555 1556 spin_lock(&dev->count_lock); 1557 if (atomic_read(&dev->buf_alloc)) { 1558 spin_unlock(&dev->count_lock); 1559 return -EBUSY; 1560 } 1561 dev->buf_use++; /* Can't allocate more after this call */ 1562 spin_unlock(&dev->count_lock); 1563 1564 if (request->count >= dma->buf_count) { 1565 if ((drm_core_has_AGP(dev) && (dma->flags & _DRM_DMA_USE_AGP)) 1566 || (drm_core_check_feature(dev, DRIVER_SG) 1567 && (dma->flags & _DRM_DMA_USE_SG)) 1568 || (drm_core_check_feature(dev, DRIVER_FB_DMA) 1569 && (dma->flags & _DRM_DMA_USE_FB))) { 1570 struct drm_local_map *map = dev->agp_buffer_map; 1571 unsigned long token = dev->agp_buffer_token; 1572 1573 if (!map) { 1574 retcode = -EINVAL; 1575 goto done; 1576 } 1577 down_write(¤t->mm->mmap_sem); 1578 virtual = do_mmap(file_priv->filp, 0, map->size, 1579 PROT_READ | PROT_WRITE, 1580 MAP_SHARED, 1581 token); 1582 up_write(¤t->mm->mmap_sem); 1583 } else { 1584 down_write(¤t->mm->mmap_sem); 1585 virtual = do_mmap(file_priv->filp, 0, dma->byte_count, 1586 PROT_READ | PROT_WRITE, 1587 MAP_SHARED, 0); 1588 up_write(¤t->mm->mmap_sem); 1589 } 1590 if (virtual > -1024UL) { 1591 /* Real error */ 1592 retcode = (signed long)virtual; 1593 goto done; 1594 } 1595 request->virtual = (void __user *)virtual; 1596 1597 for (i = 0; i < dma->buf_count; i++) { 1598 if (copy_to_user(&request->list[i].idx, 1599 &dma->buflist[i]->idx, 1600 sizeof(request->list[0].idx))) { 1601 retcode = -EFAULT; 1602 goto done; 1603 } 1604 if (copy_to_user(&request->list[i].total, 1605 &dma->buflist[i]->total, 1606 sizeof(request->list[0].total))) { 1607 retcode = -EFAULT; 1608 goto done; 1609 } 1610 if (copy_to_user(&request->list[i].used, 1611 &zero, sizeof(zero))) { 1612 retcode = -EFAULT; 1613 goto done; 1614 } 1615 address = virtual + dma->buflist[i]->offset; /* *** */ 1616 if (copy_to_user(&request->list[i].address, 1617 &address, sizeof(address))) { 1618 retcode = -EFAULT; 1619 goto done; 1620 } 1621 } 1622 } 1623 done: 1624 request->count = dma->buf_count; 1625 DRM_DEBUG("%d buffers, retcode = %d\n", request->count, retcode); 1626 1627 return retcode; 1628 } 1629 1630 /** 1631 * Compute size order. Returns the exponent of the smaller power of two which 1632 * is greater or equal to given number. 1633 * 1634 * \param size size. 1635 * \return order. 1636 * 1637 * \todo Can be made faster. 1638 */ 1639 int drm_order(unsigned long size) 1640 { 1641 int order; 1642 unsigned long tmp; 1643 1644 for (order = 0, tmp = size >> 1; tmp; tmp >>= 1, order++) ; 1645 1646 if (size & (size - 1)) 1647 ++order; 1648 1649 return order; 1650 } 1651 EXPORT_SYMBOL(drm_order); 1652