1 /* 2 * Copyright (c) 2016 Intel Corporation 3 * 4 * Permission to use, copy, modify, distribute, and sell this software and its 5 * documentation for any purpose is hereby granted without fee, provided that 6 * the above copyright notice appear in all copies and that both that copyright 7 * notice and this permission notice appear in supporting documentation, and 8 * that the name of the copyright holders not be used in advertising or 9 * publicity pertaining to distribution of the software without specific, 10 * written prior permission. The copyright holders make no representations 11 * about the suitability of this software for any purpose. It is provided "as 12 * is" without express or implied warranty. 13 * 14 * THE COPYRIGHT HOLDERS DISCLAIM ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, 15 * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO 16 * EVENT SHALL THE COPYRIGHT HOLDERS BE LIABLE FOR ANY SPECIAL, INDIRECT OR 17 * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, 18 * DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER 19 * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE 20 * OF THIS SOFTWARE. 21 */ 22 23 #include <linux/export.h> 24 #include <drm/drmP.h> 25 #include <drm/drm_auth.h> 26 #include <drm/drm_framebuffer.h> 27 #include <drm/drm_atomic.h> 28 #include <drm/drm_atomic_uapi.h> 29 #include <drm/drm_print.h> 30 #include <drm/drm_util.h> 31 32 #include "drm_internal.h" 33 #include "drm_crtc_internal.h" 34 35 /** 36 * DOC: overview 37 * 38 * Frame buffers are abstract memory objects that provide a source of pixels to 39 * scanout to a CRTC. Applications explicitly request the creation of frame 40 * buffers through the DRM_IOCTL_MODE_ADDFB(2) ioctls and receive an opaque 41 * handle that can be passed to the KMS CRTC control, plane configuration and 42 * page flip functions. 43 * 44 * Frame buffers rely on the underlying memory manager for allocating backing 45 * storage. When creating a frame buffer applications pass a memory handle 46 * (or a list of memory handles for multi-planar formats) through the 47 * &struct drm_mode_fb_cmd2 argument. For drivers using GEM as their userspace 48 * buffer management interface this would be a GEM handle. Drivers are however 49 * free to use their own backing storage object handles, e.g. vmwgfx directly 50 * exposes special TTM handles to userspace and so expects TTM handles in the 51 * create ioctl and not GEM handles. 52 * 53 * Framebuffers are tracked with &struct drm_framebuffer. They are published 54 * using drm_framebuffer_init() - after calling that function userspace can use 55 * and access the framebuffer object. The helper function 56 * drm_helper_mode_fill_fb_struct() can be used to pre-fill the required 57 * metadata fields. 58 * 59 * The lifetime of a drm framebuffer is controlled with a reference count, 60 * drivers can grab additional references with drm_framebuffer_get() and drop 61 * them again with drm_framebuffer_put(). For driver-private framebuffers for 62 * which the last reference is never dropped (e.g. for the fbdev framebuffer 63 * when the struct &struct drm_framebuffer is embedded into the fbdev helper 64 * struct) drivers can manually clean up a framebuffer at module unload time 65 * with drm_framebuffer_unregister_private(). But doing this is not 66 * recommended, and it's better to have a normal free-standing &struct 67 * drm_framebuffer. 68 */ 69 70 int drm_framebuffer_check_src_coords(uint32_t src_x, uint32_t src_y, 71 uint32_t src_w, uint32_t src_h, 72 const struct drm_framebuffer *fb) 73 { 74 unsigned int fb_width, fb_height; 75 76 fb_width = fb->width << 16; 77 fb_height = fb->height << 16; 78 79 /* Make sure source coordinates are inside the fb. */ 80 if (src_w > fb_width || 81 src_x > fb_width - src_w || 82 src_h > fb_height || 83 src_y > fb_height - src_h) { 84 DRM_DEBUG_KMS("Invalid source coordinates " 85 "%u.%06ux%u.%06u+%u.%06u+%u.%06u (fb %ux%u)\n", 86 src_w >> 16, ((src_w & 0xffff) * 15625) >> 10, 87 src_h >> 16, ((src_h & 0xffff) * 15625) >> 10, 88 src_x >> 16, ((src_x & 0xffff) * 15625) >> 10, 89 src_y >> 16, ((src_y & 0xffff) * 15625) >> 10, 90 fb->width, fb->height); 91 return -ENOSPC; 92 } 93 94 return 0; 95 } 96 97 /** 98 * drm_mode_addfb - add an FB to the graphics configuration 99 * @dev: drm device for the ioctl 100 * @or: pointer to request structure 101 * @file_priv: drm file 102 * 103 * Add a new FB to the specified CRTC, given a user request. This is the 104 * original addfb ioctl which only supported RGB formats. 105 * 106 * Called by the user via ioctl, or by an in-kernel client. 107 * 108 * Returns: 109 * Zero on success, negative errno on failure. 110 */ 111 int drm_mode_addfb(struct drm_device *dev, struct drm_mode_fb_cmd *or, 112 struct drm_file *file_priv) 113 { 114 struct drm_mode_fb_cmd2 r = {}; 115 int ret; 116 117 if (!drm_core_check_feature(dev, DRIVER_MODESET)) 118 return -EOPNOTSUPP; 119 120 r.pixel_format = drm_driver_legacy_fb_format(dev, or->bpp, or->depth); 121 if (r.pixel_format == DRM_FORMAT_INVALID) { 122 DRM_DEBUG("bad {bpp:%d, depth:%d}\n", or->bpp, or->depth); 123 return -EINVAL; 124 } 125 126 /* convert to new format and call new ioctl */ 127 r.fb_id = or->fb_id; 128 r.width = or->width; 129 r.height = or->height; 130 r.pitches[0] = or->pitch; 131 r.handles[0] = or->handle; 132 133 ret = drm_mode_addfb2(dev, &r, file_priv); 134 if (ret) 135 return ret; 136 137 or->fb_id = r.fb_id; 138 139 return 0; 140 } 141 142 int drm_mode_addfb_ioctl(struct drm_device *dev, 143 void *data, struct drm_file *file_priv) 144 { 145 return drm_mode_addfb(dev, data, file_priv); 146 } 147 148 static int fb_plane_width(int width, 149 const struct drm_format_info *format, int plane) 150 { 151 if (plane == 0) 152 return width; 153 154 return DIV_ROUND_UP(width, format->hsub); 155 } 156 157 static int fb_plane_height(int height, 158 const struct drm_format_info *format, int plane) 159 { 160 if (plane == 0) 161 return height; 162 163 return DIV_ROUND_UP(height, format->vsub); 164 } 165 166 static int framebuffer_check(struct drm_device *dev, 167 const struct drm_mode_fb_cmd2 *r) 168 { 169 const struct drm_format_info *info; 170 int i; 171 172 /* check if the format is supported at all */ 173 info = __drm_format_info(r->pixel_format); 174 if (!info) { 175 struct drm_format_name_buf format_name; 176 177 DRM_DEBUG_KMS("bad framebuffer format %s\n", 178 drm_get_format_name(r->pixel_format, 179 &format_name)); 180 return -EINVAL; 181 } 182 183 /* now let the driver pick its own format info */ 184 info = drm_get_format_info(dev, r); 185 186 if (r->width == 0) { 187 DRM_DEBUG_KMS("bad framebuffer width %u\n", r->width); 188 return -EINVAL; 189 } 190 191 if (r->height == 0) { 192 DRM_DEBUG_KMS("bad framebuffer height %u\n", r->height); 193 return -EINVAL; 194 } 195 196 for (i = 0; i < info->num_planes; i++) { 197 unsigned int width = fb_plane_width(r->width, info, i); 198 unsigned int height = fb_plane_height(r->height, info, i); 199 unsigned int block_size = info->char_per_block[i]; 200 u64 min_pitch = drm_format_info_min_pitch(info, i, width); 201 202 if (!block_size && (r->modifier[i] == DRM_FORMAT_MOD_LINEAR)) { 203 DRM_DEBUG_KMS("Format requires non-linear modifier for plane %d\n", i); 204 return -EINVAL; 205 } 206 207 if (!r->handles[i]) { 208 DRM_DEBUG_KMS("no buffer object handle for plane %d\n", i); 209 return -EINVAL; 210 } 211 212 if (min_pitch > UINT_MAX) 213 return -ERANGE; 214 215 if ((uint64_t) height * r->pitches[i] + r->offsets[i] > UINT_MAX) 216 return -ERANGE; 217 218 if (block_size && r->pitches[i] < min_pitch) { 219 DRM_DEBUG_KMS("bad pitch %u for plane %d\n", r->pitches[i], i); 220 return -EINVAL; 221 } 222 223 if (r->modifier[i] && !(r->flags & DRM_MODE_FB_MODIFIERS)) { 224 DRM_DEBUG_KMS("bad fb modifier %llu for plane %d\n", 225 r->modifier[i], i); 226 return -EINVAL; 227 } 228 229 if (r->flags & DRM_MODE_FB_MODIFIERS && 230 r->modifier[i] != r->modifier[0]) { 231 DRM_DEBUG_KMS("bad fb modifier %llu for plane %d\n", 232 r->modifier[i], i); 233 return -EINVAL; 234 } 235 236 /* modifier specific checks: */ 237 switch (r->modifier[i]) { 238 case DRM_FORMAT_MOD_SAMSUNG_64_32_TILE: 239 /* NOTE: the pitch restriction may be lifted later if it turns 240 * out that no hw has this restriction: 241 */ 242 if (r->pixel_format != DRM_FORMAT_NV12 || 243 width % 128 || height % 32 || 244 r->pitches[i] % 128) { 245 DRM_DEBUG_KMS("bad modifier data for plane %d\n", i); 246 return -EINVAL; 247 } 248 break; 249 250 default: 251 break; 252 } 253 } 254 255 for (i = info->num_planes; i < 4; i++) { 256 if (r->modifier[i]) { 257 DRM_DEBUG_KMS("non-zero modifier for unused plane %d\n", i); 258 return -EINVAL; 259 } 260 261 /* Pre-FB_MODIFIERS userspace didn't clear the structs properly. */ 262 if (!(r->flags & DRM_MODE_FB_MODIFIERS)) 263 continue; 264 265 if (r->handles[i]) { 266 DRM_DEBUG_KMS("buffer object handle for unused plane %d\n", i); 267 return -EINVAL; 268 } 269 270 if (r->pitches[i]) { 271 DRM_DEBUG_KMS("non-zero pitch for unused plane %d\n", i); 272 return -EINVAL; 273 } 274 275 if (r->offsets[i]) { 276 DRM_DEBUG_KMS("non-zero offset for unused plane %d\n", i); 277 return -EINVAL; 278 } 279 } 280 281 return 0; 282 } 283 284 struct drm_framebuffer * 285 drm_internal_framebuffer_create(struct drm_device *dev, 286 const struct drm_mode_fb_cmd2 *r, 287 struct drm_file *file_priv) 288 { 289 struct drm_mode_config *config = &dev->mode_config; 290 struct drm_framebuffer *fb; 291 int ret; 292 293 if (r->flags & ~(DRM_MODE_FB_INTERLACED | DRM_MODE_FB_MODIFIERS)) { 294 DRM_DEBUG_KMS("bad framebuffer flags 0x%08x\n", r->flags); 295 return ERR_PTR(-EINVAL); 296 } 297 298 if ((config->min_width > r->width) || (r->width > config->max_width)) { 299 DRM_DEBUG_KMS("bad framebuffer width %d, should be >= %d && <= %d\n", 300 r->width, config->min_width, config->max_width); 301 return ERR_PTR(-EINVAL); 302 } 303 if ((config->min_height > r->height) || (r->height > config->max_height)) { 304 DRM_DEBUG_KMS("bad framebuffer height %d, should be >= %d && <= %d\n", 305 r->height, config->min_height, config->max_height); 306 return ERR_PTR(-EINVAL); 307 } 308 309 if (r->flags & DRM_MODE_FB_MODIFIERS && 310 !dev->mode_config.allow_fb_modifiers) { 311 DRM_DEBUG_KMS("driver does not support fb modifiers\n"); 312 return ERR_PTR(-EINVAL); 313 } 314 315 ret = framebuffer_check(dev, r); 316 if (ret) 317 return ERR_PTR(ret); 318 319 fb = dev->mode_config.funcs->fb_create(dev, file_priv, r); 320 if (IS_ERR(fb)) { 321 DRM_DEBUG_KMS("could not create framebuffer\n"); 322 return fb; 323 } 324 325 return fb; 326 } 327 EXPORT_SYMBOL_FOR_TESTS_ONLY(drm_internal_framebuffer_create); 328 329 /** 330 * drm_mode_addfb2 - add an FB to the graphics configuration 331 * @dev: drm device for the ioctl 332 * @data: data pointer for the ioctl 333 * @file_priv: drm file for the ioctl call 334 * 335 * Add a new FB to the specified CRTC, given a user request with format. This is 336 * the 2nd version of the addfb ioctl, which supports multi-planar framebuffers 337 * and uses fourcc codes as pixel format specifiers. 338 * 339 * Called by the user via ioctl. 340 * 341 * Returns: 342 * Zero on success, negative errno on failure. 343 */ 344 int drm_mode_addfb2(struct drm_device *dev, 345 void *data, struct drm_file *file_priv) 346 { 347 struct drm_mode_fb_cmd2 *r = data; 348 struct drm_framebuffer *fb; 349 350 if (!drm_core_check_feature(dev, DRIVER_MODESET)) 351 return -EOPNOTSUPP; 352 353 fb = drm_internal_framebuffer_create(dev, r, file_priv); 354 if (IS_ERR(fb)) 355 return PTR_ERR(fb); 356 357 DRM_DEBUG_KMS("[FB:%d]\n", fb->base.id); 358 r->fb_id = fb->base.id; 359 360 /* Transfer ownership to the filp for reaping on close */ 361 mutex_lock(&file_priv->fbs_lock); 362 list_add(&fb->filp_head, &file_priv->fbs); 363 mutex_unlock(&file_priv->fbs_lock); 364 365 return 0; 366 } 367 368 int drm_mode_addfb2_ioctl(struct drm_device *dev, 369 void *data, struct drm_file *file_priv) 370 { 371 #ifdef __BIG_ENDIAN 372 if (!dev->mode_config.quirk_addfb_prefer_host_byte_order) { 373 /* 374 * Drivers must set the 375 * quirk_addfb_prefer_host_byte_order quirk to make 376 * the drm_mode_addfb() compat code work correctly on 377 * bigendian machines. 378 * 379 * If they don't they interpret pixel_format values 380 * incorrectly for bug compatibility, which in turn 381 * implies the ADDFB2 ioctl does not work correctly 382 * then. So block it to make userspace fallback to 383 * ADDFB. 384 */ 385 DRM_DEBUG_KMS("addfb2 broken on bigendian"); 386 return -EOPNOTSUPP; 387 } 388 #endif 389 return drm_mode_addfb2(dev, data, file_priv); 390 } 391 392 struct drm_mode_rmfb_work { 393 struct work_struct work; 394 struct list_head fbs; 395 }; 396 397 static void drm_mode_rmfb_work_fn(struct work_struct *w) 398 { 399 struct drm_mode_rmfb_work *arg = container_of(w, typeof(*arg), work); 400 401 while (!list_empty(&arg->fbs)) { 402 struct drm_framebuffer *fb = 403 list_first_entry(&arg->fbs, typeof(*fb), filp_head); 404 405 list_del_init(&fb->filp_head); 406 drm_framebuffer_remove(fb); 407 } 408 } 409 410 /** 411 * drm_mode_rmfb - remove an FB from the configuration 412 * @dev: drm device 413 * @fb_id: id of framebuffer to remove 414 * @file_priv: drm file 415 * 416 * Remove the specified FB. 417 * 418 * Called by the user via ioctl, or by an in-kernel client. 419 * 420 * Returns: 421 * Zero on success, negative errno on failure. 422 */ 423 int drm_mode_rmfb(struct drm_device *dev, u32 fb_id, 424 struct drm_file *file_priv) 425 { 426 struct drm_framebuffer *fb = NULL; 427 struct drm_framebuffer *fbl = NULL; 428 int found = 0; 429 430 if (!drm_core_check_feature(dev, DRIVER_MODESET)) 431 return -EOPNOTSUPP; 432 433 fb = drm_framebuffer_lookup(dev, file_priv, fb_id); 434 if (!fb) 435 return -ENOENT; 436 437 mutex_lock(&file_priv->fbs_lock); 438 list_for_each_entry(fbl, &file_priv->fbs, filp_head) 439 if (fb == fbl) 440 found = 1; 441 if (!found) { 442 mutex_unlock(&file_priv->fbs_lock); 443 goto fail_unref; 444 } 445 446 list_del_init(&fb->filp_head); 447 mutex_unlock(&file_priv->fbs_lock); 448 449 /* drop the reference we picked up in framebuffer lookup */ 450 drm_framebuffer_put(fb); 451 452 /* 453 * we now own the reference that was stored in the fbs list 454 * 455 * drm_framebuffer_remove may fail with -EINTR on pending signals, 456 * so run this in a separate stack as there's no way to correctly 457 * handle this after the fb is already removed from the lookup table. 458 */ 459 if (drm_framebuffer_read_refcount(fb) > 1) { 460 struct drm_mode_rmfb_work arg; 461 462 INIT_WORK_ONSTACK(&arg.work, drm_mode_rmfb_work_fn); 463 INIT_LIST_HEAD(&arg.fbs); 464 list_add_tail(&fb->filp_head, &arg.fbs); 465 466 schedule_work(&arg.work); 467 flush_work(&arg.work); 468 destroy_work_on_stack(&arg.work); 469 } else 470 drm_framebuffer_put(fb); 471 472 return 0; 473 474 fail_unref: 475 drm_framebuffer_put(fb); 476 return -ENOENT; 477 } 478 479 int drm_mode_rmfb_ioctl(struct drm_device *dev, 480 void *data, struct drm_file *file_priv) 481 { 482 uint32_t *fb_id = data; 483 484 return drm_mode_rmfb(dev, *fb_id, file_priv); 485 } 486 487 /** 488 * drm_mode_getfb - get FB info 489 * @dev: drm device for the ioctl 490 * @data: data pointer for the ioctl 491 * @file_priv: drm file for the ioctl call 492 * 493 * Lookup the FB given its ID and return info about it. 494 * 495 * Called by the user via ioctl. 496 * 497 * Returns: 498 * Zero on success, negative errno on failure. 499 */ 500 int drm_mode_getfb(struct drm_device *dev, 501 void *data, struct drm_file *file_priv) 502 { 503 struct drm_mode_fb_cmd *r = data; 504 struct drm_framebuffer *fb; 505 int ret; 506 507 if (!drm_core_check_feature(dev, DRIVER_MODESET)) 508 return -EOPNOTSUPP; 509 510 fb = drm_framebuffer_lookup(dev, file_priv, r->fb_id); 511 if (!fb) 512 return -ENOENT; 513 514 /* Multi-planar framebuffers need getfb2. */ 515 if (fb->format->num_planes > 1) { 516 ret = -EINVAL; 517 goto out; 518 } 519 520 if (!fb->funcs->create_handle) { 521 ret = -ENODEV; 522 goto out; 523 } 524 525 r->height = fb->height; 526 r->width = fb->width; 527 r->depth = fb->format->depth; 528 r->bpp = fb->format->cpp[0] * 8; 529 r->pitch = fb->pitches[0]; 530 531 /* GET_FB() is an unprivileged ioctl so we must not return a 532 * buffer-handle to non-master processes! For 533 * backwards-compatibility reasons, we cannot make GET_FB() privileged, 534 * so just return an invalid handle for non-masters. 535 */ 536 if (!drm_is_current_master(file_priv) && !capable(CAP_SYS_ADMIN)) { 537 r->handle = 0; 538 ret = 0; 539 goto out; 540 } 541 542 ret = fb->funcs->create_handle(fb, file_priv, &r->handle); 543 544 out: 545 drm_framebuffer_put(fb); 546 547 return ret; 548 } 549 550 /** 551 * drm_mode_dirtyfb_ioctl - flush frontbuffer rendering on an FB 552 * @dev: drm device for the ioctl 553 * @data: data pointer for the ioctl 554 * @file_priv: drm file for the ioctl call 555 * 556 * Lookup the FB and flush out the damaged area supplied by userspace as a clip 557 * rectangle list. Generic userspace which does frontbuffer rendering must call 558 * this ioctl to flush out the changes on manual-update display outputs, e.g. 559 * usb display-link, mipi manual update panels or edp panel self refresh modes. 560 * 561 * Modesetting drivers which always update the frontbuffer do not need to 562 * implement the corresponding &drm_framebuffer_funcs.dirty callback. 563 * 564 * Called by the user via ioctl. 565 * 566 * Returns: 567 * Zero on success, negative errno on failure. 568 */ 569 int drm_mode_dirtyfb_ioctl(struct drm_device *dev, 570 void *data, struct drm_file *file_priv) 571 { 572 struct drm_clip_rect __user *clips_ptr; 573 struct drm_clip_rect *clips = NULL; 574 struct drm_mode_fb_dirty_cmd *r = data; 575 struct drm_framebuffer *fb; 576 unsigned flags; 577 int num_clips; 578 int ret; 579 580 if (!drm_core_check_feature(dev, DRIVER_MODESET)) 581 return -EOPNOTSUPP; 582 583 fb = drm_framebuffer_lookup(dev, file_priv, r->fb_id); 584 if (!fb) 585 return -ENOENT; 586 587 num_clips = r->num_clips; 588 clips_ptr = (struct drm_clip_rect __user *)(unsigned long)r->clips_ptr; 589 590 if (!num_clips != !clips_ptr) { 591 ret = -EINVAL; 592 goto out_err1; 593 } 594 595 flags = DRM_MODE_FB_DIRTY_FLAGS & r->flags; 596 597 /* If userspace annotates copy, clips must come in pairs */ 598 if (flags & DRM_MODE_FB_DIRTY_ANNOTATE_COPY && (num_clips % 2)) { 599 ret = -EINVAL; 600 goto out_err1; 601 } 602 603 if (num_clips && clips_ptr) { 604 if (num_clips < 0 || num_clips > DRM_MODE_FB_DIRTY_MAX_CLIPS) { 605 ret = -EINVAL; 606 goto out_err1; 607 } 608 clips = kcalloc(num_clips, sizeof(*clips), GFP_KERNEL); 609 if (!clips) { 610 ret = -ENOMEM; 611 goto out_err1; 612 } 613 614 ret = copy_from_user(clips, clips_ptr, 615 num_clips * sizeof(*clips)); 616 if (ret) { 617 ret = -EFAULT; 618 goto out_err2; 619 } 620 } 621 622 if (fb->funcs->dirty) { 623 ret = fb->funcs->dirty(fb, file_priv, flags, r->color, 624 clips, num_clips); 625 } else { 626 ret = -ENOSYS; 627 } 628 629 out_err2: 630 kfree(clips); 631 out_err1: 632 drm_framebuffer_put(fb); 633 634 return ret; 635 } 636 637 /** 638 * drm_fb_release - remove and free the FBs on this file 639 * @priv: drm file for the ioctl 640 * 641 * Destroy all the FBs associated with @filp. 642 * 643 * Called by the user via ioctl. 644 * 645 * Returns: 646 * Zero on success, negative errno on failure. 647 */ 648 void drm_fb_release(struct drm_file *priv) 649 { 650 struct drm_framebuffer *fb, *tfb; 651 struct drm_mode_rmfb_work arg; 652 653 INIT_LIST_HEAD(&arg.fbs); 654 655 /* 656 * When the file gets released that means no one else can access the fb 657 * list any more, so no need to grab fpriv->fbs_lock. And we need to 658 * avoid upsetting lockdep since the universal cursor code adds a 659 * framebuffer while holding mutex locks. 660 * 661 * Note that a real deadlock between fpriv->fbs_lock and the modeset 662 * locks is impossible here since no one else but this function can get 663 * at it any more. 664 */ 665 list_for_each_entry_safe(fb, tfb, &priv->fbs, filp_head) { 666 if (drm_framebuffer_read_refcount(fb) > 1) { 667 list_move_tail(&fb->filp_head, &arg.fbs); 668 } else { 669 list_del_init(&fb->filp_head); 670 671 /* This drops the fpriv->fbs reference. */ 672 drm_framebuffer_put(fb); 673 } 674 } 675 676 if (!list_empty(&arg.fbs)) { 677 INIT_WORK_ONSTACK(&arg.work, drm_mode_rmfb_work_fn); 678 679 schedule_work(&arg.work); 680 flush_work(&arg.work); 681 destroy_work_on_stack(&arg.work); 682 } 683 } 684 685 void drm_framebuffer_free(struct kref *kref) 686 { 687 struct drm_framebuffer *fb = 688 container_of(kref, struct drm_framebuffer, base.refcount); 689 struct drm_device *dev = fb->dev; 690 691 /* 692 * The lookup idr holds a weak reference, which has not necessarily been 693 * removed at this point. Check for that. 694 */ 695 drm_mode_object_unregister(dev, &fb->base); 696 697 fb->funcs->destroy(fb); 698 } 699 700 /** 701 * drm_framebuffer_init - initialize a framebuffer 702 * @dev: DRM device 703 * @fb: framebuffer to be initialized 704 * @funcs: ... with these functions 705 * 706 * Allocates an ID for the framebuffer's parent mode object, sets its mode 707 * functions & device file and adds it to the master fd list. 708 * 709 * IMPORTANT: 710 * This functions publishes the fb and makes it available for concurrent access 711 * by other users. Which means by this point the fb _must_ be fully set up - 712 * since all the fb attributes are invariant over its lifetime, no further 713 * locking but only correct reference counting is required. 714 * 715 * Returns: 716 * Zero on success, error code on failure. 717 */ 718 int drm_framebuffer_init(struct drm_device *dev, struct drm_framebuffer *fb, 719 const struct drm_framebuffer_funcs *funcs) 720 { 721 int ret; 722 723 if (WARN_ON_ONCE(fb->dev != dev || !fb->format)) 724 return -EINVAL; 725 726 INIT_LIST_HEAD(&fb->filp_head); 727 728 fb->funcs = funcs; 729 strcpy(fb->comm, current->comm); 730 731 ret = __drm_mode_object_add(dev, &fb->base, DRM_MODE_OBJECT_FB, 732 false, drm_framebuffer_free); 733 if (ret) 734 goto out; 735 736 mutex_lock(&dev->mode_config.fb_lock); 737 dev->mode_config.num_fb++; 738 list_add(&fb->head, &dev->mode_config.fb_list); 739 mutex_unlock(&dev->mode_config.fb_lock); 740 741 drm_mode_object_register(dev, &fb->base); 742 out: 743 return ret; 744 } 745 EXPORT_SYMBOL(drm_framebuffer_init); 746 747 /** 748 * drm_framebuffer_lookup - look up a drm framebuffer and grab a reference 749 * @dev: drm device 750 * @file_priv: drm file to check for lease against. 751 * @id: id of the fb object 752 * 753 * If successful, this grabs an additional reference to the framebuffer - 754 * callers need to make sure to eventually unreference the returned framebuffer 755 * again, using drm_framebuffer_put(). 756 */ 757 struct drm_framebuffer *drm_framebuffer_lookup(struct drm_device *dev, 758 struct drm_file *file_priv, 759 uint32_t id) 760 { 761 struct drm_mode_object *obj; 762 struct drm_framebuffer *fb = NULL; 763 764 obj = __drm_mode_object_find(dev, file_priv, id, DRM_MODE_OBJECT_FB); 765 if (obj) 766 fb = obj_to_fb(obj); 767 return fb; 768 } 769 EXPORT_SYMBOL(drm_framebuffer_lookup); 770 771 /** 772 * drm_framebuffer_unregister_private - unregister a private fb from the lookup idr 773 * @fb: fb to unregister 774 * 775 * Drivers need to call this when cleaning up driver-private framebuffers, e.g. 776 * those used for fbdev. Note that the caller must hold a reference of its own, 777 * i.e. the object may not be destroyed through this call (since it'll lead to a 778 * locking inversion). 779 * 780 * NOTE: This function is deprecated. For driver-private framebuffers it is not 781 * recommended to embed a framebuffer struct info fbdev struct, instead, a 782 * framebuffer pointer is preferred and drm_framebuffer_put() should be called 783 * when the framebuffer is to be cleaned up. 784 */ 785 void drm_framebuffer_unregister_private(struct drm_framebuffer *fb) 786 { 787 struct drm_device *dev; 788 789 if (!fb) 790 return; 791 792 dev = fb->dev; 793 794 /* Mark fb as reaped and drop idr ref. */ 795 drm_mode_object_unregister(dev, &fb->base); 796 } 797 EXPORT_SYMBOL(drm_framebuffer_unregister_private); 798 799 /** 800 * drm_framebuffer_cleanup - remove a framebuffer object 801 * @fb: framebuffer to remove 802 * 803 * Cleanup framebuffer. This function is intended to be used from the drivers 804 * &drm_framebuffer_funcs.destroy callback. It can also be used to clean up 805 * driver private framebuffers embedded into a larger structure. 806 * 807 * Note that this function does not remove the fb from active usage - if it is 808 * still used anywhere, hilarity can ensue since userspace could call getfb on 809 * the id and get back -EINVAL. Obviously no concern at driver unload time. 810 * 811 * Also, the framebuffer will not be removed from the lookup idr - for 812 * user-created framebuffers this will happen in in the rmfb ioctl. For 813 * driver-private objects (e.g. for fbdev) drivers need to explicitly call 814 * drm_framebuffer_unregister_private. 815 */ 816 void drm_framebuffer_cleanup(struct drm_framebuffer *fb) 817 { 818 struct drm_device *dev = fb->dev; 819 820 mutex_lock(&dev->mode_config.fb_lock); 821 list_del(&fb->head); 822 dev->mode_config.num_fb--; 823 mutex_unlock(&dev->mode_config.fb_lock); 824 } 825 EXPORT_SYMBOL(drm_framebuffer_cleanup); 826 827 static int atomic_remove_fb(struct drm_framebuffer *fb) 828 { 829 struct drm_modeset_acquire_ctx ctx; 830 struct drm_device *dev = fb->dev; 831 struct drm_atomic_state *state; 832 struct drm_plane *plane; 833 struct drm_connector *conn; 834 struct drm_connector_state *conn_state; 835 int i, ret; 836 unsigned plane_mask; 837 bool disable_crtcs = false; 838 839 retry_disable: 840 drm_modeset_acquire_init(&ctx, 0); 841 842 state = drm_atomic_state_alloc(dev); 843 if (!state) { 844 ret = -ENOMEM; 845 goto out; 846 } 847 state->acquire_ctx = &ctx; 848 849 retry: 850 plane_mask = 0; 851 ret = drm_modeset_lock_all_ctx(dev, &ctx); 852 if (ret) 853 goto unlock; 854 855 drm_for_each_plane(plane, dev) { 856 struct drm_plane_state *plane_state; 857 858 if (plane->state->fb != fb) 859 continue; 860 861 plane_state = drm_atomic_get_plane_state(state, plane); 862 if (IS_ERR(plane_state)) { 863 ret = PTR_ERR(plane_state); 864 goto unlock; 865 } 866 867 if (disable_crtcs && plane_state->crtc->primary == plane) { 868 struct drm_crtc_state *crtc_state; 869 870 crtc_state = drm_atomic_get_existing_crtc_state(state, plane_state->crtc); 871 872 ret = drm_atomic_add_affected_connectors(state, plane_state->crtc); 873 if (ret) 874 goto unlock; 875 876 crtc_state->active = false; 877 ret = drm_atomic_set_mode_for_crtc(crtc_state, NULL); 878 if (ret) 879 goto unlock; 880 } 881 882 drm_atomic_set_fb_for_plane(plane_state, NULL); 883 ret = drm_atomic_set_crtc_for_plane(plane_state, NULL); 884 if (ret) 885 goto unlock; 886 887 plane_mask |= drm_plane_mask(plane); 888 } 889 890 /* This list is only filled when disable_crtcs is set. */ 891 for_each_new_connector_in_state(state, conn, conn_state, i) { 892 ret = drm_atomic_set_crtc_for_connector(conn_state, NULL); 893 894 if (ret) 895 goto unlock; 896 } 897 898 if (plane_mask) 899 ret = drm_atomic_commit(state); 900 901 unlock: 902 if (ret == -EDEADLK) { 903 drm_atomic_state_clear(state); 904 drm_modeset_backoff(&ctx); 905 goto retry; 906 } 907 908 drm_atomic_state_put(state); 909 910 out: 911 drm_modeset_drop_locks(&ctx); 912 drm_modeset_acquire_fini(&ctx); 913 914 if (ret == -EINVAL && !disable_crtcs) { 915 disable_crtcs = true; 916 goto retry_disable; 917 } 918 919 return ret; 920 } 921 922 static void legacy_remove_fb(struct drm_framebuffer *fb) 923 { 924 struct drm_device *dev = fb->dev; 925 struct drm_crtc *crtc; 926 struct drm_plane *plane; 927 928 drm_modeset_lock_all(dev); 929 /* remove from any CRTC */ 930 drm_for_each_crtc(crtc, dev) { 931 if (crtc->primary->fb == fb) { 932 /* should turn off the crtc */ 933 if (drm_crtc_force_disable(crtc)) 934 DRM_ERROR("failed to reset crtc %p when fb was deleted\n", crtc); 935 } 936 } 937 938 drm_for_each_plane(plane, dev) { 939 if (plane->fb == fb) 940 drm_plane_force_disable(plane); 941 } 942 drm_modeset_unlock_all(dev); 943 } 944 945 /** 946 * drm_framebuffer_remove - remove and unreference a framebuffer object 947 * @fb: framebuffer to remove 948 * 949 * Scans all the CRTCs and planes in @dev's mode_config. If they're 950 * using @fb, removes it, setting it to NULL. Then drops the reference to the 951 * passed-in framebuffer. Might take the modeset locks. 952 * 953 * Note that this function optimizes the cleanup away if the caller holds the 954 * last reference to the framebuffer. It is also guaranteed to not take the 955 * modeset locks in this case. 956 */ 957 void drm_framebuffer_remove(struct drm_framebuffer *fb) 958 { 959 struct drm_device *dev; 960 961 if (!fb) 962 return; 963 964 dev = fb->dev; 965 966 WARN_ON(!list_empty(&fb->filp_head)); 967 968 /* 969 * drm ABI mandates that we remove any deleted framebuffers from active 970 * useage. But since most sane clients only remove framebuffers they no 971 * longer need, try to optimize this away. 972 * 973 * Since we're holding a reference ourselves, observing a refcount of 1 974 * means that we're the last holder and can skip it. Also, the refcount 975 * can never increase from 1 again, so we don't need any barriers or 976 * locks. 977 * 978 * Note that userspace could try to race with use and instate a new 979 * usage _after_ we've cleared all current ones. End result will be an 980 * in-use fb with fb-id == 0. Userspace is allowed to shoot its own foot 981 * in this manner. 982 */ 983 if (drm_framebuffer_read_refcount(fb) > 1) { 984 if (drm_drv_uses_atomic_modeset(dev)) { 985 int ret = atomic_remove_fb(fb); 986 WARN(ret, "atomic remove_fb failed with %i\n", ret); 987 } else 988 legacy_remove_fb(fb); 989 } 990 991 drm_framebuffer_put(fb); 992 } 993 EXPORT_SYMBOL(drm_framebuffer_remove); 994 995 /** 996 * drm_framebuffer_plane_width - width of the plane given the first plane 997 * @width: width of the first plane 998 * @fb: the framebuffer 999 * @plane: plane index 1000 * 1001 * Returns: 1002 * The width of @plane, given that the width of the first plane is @width. 1003 */ 1004 int drm_framebuffer_plane_width(int width, 1005 const struct drm_framebuffer *fb, int plane) 1006 { 1007 if (plane >= fb->format->num_planes) 1008 return 0; 1009 1010 return fb_plane_width(width, fb->format, plane); 1011 } 1012 EXPORT_SYMBOL(drm_framebuffer_plane_width); 1013 1014 /** 1015 * drm_framebuffer_plane_height - height of the plane given the first plane 1016 * @height: height of the first plane 1017 * @fb: the framebuffer 1018 * @plane: plane index 1019 * 1020 * Returns: 1021 * The height of @plane, given that the height of the first plane is @height. 1022 */ 1023 int drm_framebuffer_plane_height(int height, 1024 const struct drm_framebuffer *fb, int plane) 1025 { 1026 if (plane >= fb->format->num_planes) 1027 return 0; 1028 1029 return fb_plane_height(height, fb->format, plane); 1030 } 1031 EXPORT_SYMBOL(drm_framebuffer_plane_height); 1032 1033 void drm_framebuffer_print_info(struct drm_printer *p, unsigned int indent, 1034 const struct drm_framebuffer *fb) 1035 { 1036 struct drm_format_name_buf format_name; 1037 unsigned int i; 1038 1039 drm_printf_indent(p, indent, "allocated by = %s\n", fb->comm); 1040 drm_printf_indent(p, indent, "refcount=%u\n", 1041 drm_framebuffer_read_refcount(fb)); 1042 drm_printf_indent(p, indent, "format=%s\n", 1043 drm_get_format_name(fb->format->format, &format_name)); 1044 drm_printf_indent(p, indent, "modifier=0x%llx\n", fb->modifier); 1045 drm_printf_indent(p, indent, "size=%ux%u\n", fb->width, fb->height); 1046 drm_printf_indent(p, indent, "layers:\n"); 1047 1048 for (i = 0; i < fb->format->num_planes; i++) { 1049 drm_printf_indent(p, indent + 1, "size[%u]=%dx%d\n", i, 1050 drm_framebuffer_plane_width(fb->width, fb, i), 1051 drm_framebuffer_plane_height(fb->height, fb, i)); 1052 drm_printf_indent(p, indent + 1, "pitch[%u]=%u\n", i, fb->pitches[i]); 1053 drm_printf_indent(p, indent + 1, "offset[%u]=%u\n", i, fb->offsets[i]); 1054 drm_printf_indent(p, indent + 1, "obj[%u]:%s\n", i, 1055 fb->obj[i] ? "" : "(null)"); 1056 if (fb->obj[i]) 1057 drm_gem_print_info(p, indent + 2, fb->obj[i]); 1058 } 1059 } 1060 1061 #ifdef CONFIG_DEBUG_FS 1062 static int drm_framebuffer_info(struct seq_file *m, void *data) 1063 { 1064 struct drm_info_node *node = m->private; 1065 struct drm_device *dev = node->minor->dev; 1066 struct drm_printer p = drm_seq_file_printer(m); 1067 struct drm_framebuffer *fb; 1068 1069 mutex_lock(&dev->mode_config.fb_lock); 1070 drm_for_each_fb(fb, dev) { 1071 drm_printf(&p, "framebuffer[%u]:\n", fb->base.id); 1072 drm_framebuffer_print_info(&p, 1, fb); 1073 } 1074 mutex_unlock(&dev->mode_config.fb_lock); 1075 1076 return 0; 1077 } 1078 1079 static const struct drm_info_list drm_framebuffer_debugfs_list[] = { 1080 { "framebuffer", drm_framebuffer_info, 0 }, 1081 }; 1082 1083 int drm_framebuffer_debugfs_init(struct drm_minor *minor) 1084 { 1085 return drm_debugfs_create_files(drm_framebuffer_debugfs_list, 1086 ARRAY_SIZE(drm_framebuffer_debugfs_list), 1087 minor->debugfs_root, minor); 1088 } 1089 #endif 1090