1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Mediated virtual PCI display host device driver 4 * 5 * Emulate enough of qemu stdvga to make bochs-drm.ko happy. That is 6 * basically the vram memory bar and the bochs dispi interface vbe 7 * registers in the mmio register bar. Specifically it does *not* 8 * include any legacy vga stuff. Device looks a lot like "qemu -device 9 * secondary-vga". 10 * 11 * (c) Gerd Hoffmann <kraxel@redhat.com> 12 * 13 * based on mtty driver which is: 14 * Copyright (c) 2016, NVIDIA CORPORATION. All rights reserved. 15 * Author: Neo Jia <cjia@nvidia.com> 16 * Kirti Wankhede <kwankhede@nvidia.com> 17 * 18 * This program is free software; you can redistribute it and/or modify 19 * it under the terms of the GNU General Public License version 2 as 20 * published by the Free Software Foundation. 21 */ 22 #include <linux/init.h> 23 #include <linux/module.h> 24 #include <linux/device.h> 25 #include <linux/kernel.h> 26 #include <linux/slab.h> 27 #include <linux/vmalloc.h> 28 #include <linux/cdev.h> 29 #include <linux/vfio.h> 30 #include <linux/iommu.h> 31 #include <linux/sysfs.h> 32 #include <linux/mdev.h> 33 #include <linux/pci.h> 34 #include <linux/dma-buf.h> 35 #include <linux/highmem.h> 36 #include <drm/drm_fourcc.h> 37 #include <drm/drm_rect.h> 38 #include <drm/drm_modeset_lock.h> 39 #include <drm/drm_property.h> 40 #include <drm/drm_plane.h> 41 42 43 #define VBE_DISPI_INDEX_ID 0x0 44 #define VBE_DISPI_INDEX_XRES 0x1 45 #define VBE_DISPI_INDEX_YRES 0x2 46 #define VBE_DISPI_INDEX_BPP 0x3 47 #define VBE_DISPI_INDEX_ENABLE 0x4 48 #define VBE_DISPI_INDEX_BANK 0x5 49 #define VBE_DISPI_INDEX_VIRT_WIDTH 0x6 50 #define VBE_DISPI_INDEX_VIRT_HEIGHT 0x7 51 #define VBE_DISPI_INDEX_X_OFFSET 0x8 52 #define VBE_DISPI_INDEX_Y_OFFSET 0x9 53 #define VBE_DISPI_INDEX_VIDEO_MEMORY_64K 0xa 54 #define VBE_DISPI_INDEX_COUNT 0xb 55 56 #define VBE_DISPI_ID0 0xB0C0 57 #define VBE_DISPI_ID1 0xB0C1 58 #define VBE_DISPI_ID2 0xB0C2 59 #define VBE_DISPI_ID3 0xB0C3 60 #define VBE_DISPI_ID4 0xB0C4 61 #define VBE_DISPI_ID5 0xB0C5 62 63 #define VBE_DISPI_DISABLED 0x00 64 #define VBE_DISPI_ENABLED 0x01 65 #define VBE_DISPI_GETCAPS 0x02 66 #define VBE_DISPI_8BIT_DAC 0x20 67 #define VBE_DISPI_LFB_ENABLED 0x40 68 #define VBE_DISPI_NOCLEARMEM 0x80 69 70 71 #define MBOCHS_NAME "mbochs" 72 #define MBOCHS_CLASS_NAME "mbochs" 73 74 #define MBOCHS_EDID_REGION_INDEX VFIO_PCI_NUM_REGIONS 75 #define MBOCHS_NUM_REGIONS (MBOCHS_EDID_REGION_INDEX+1) 76 77 #define MBOCHS_CONFIG_SPACE_SIZE 0xff 78 #define MBOCHS_MMIO_BAR_OFFSET PAGE_SIZE 79 #define MBOCHS_MMIO_BAR_SIZE PAGE_SIZE 80 #define MBOCHS_EDID_OFFSET (MBOCHS_MMIO_BAR_OFFSET + \ 81 MBOCHS_MMIO_BAR_SIZE) 82 #define MBOCHS_EDID_SIZE PAGE_SIZE 83 #define MBOCHS_MEMORY_BAR_OFFSET (MBOCHS_EDID_OFFSET + \ 84 MBOCHS_EDID_SIZE) 85 86 #define MBOCHS_EDID_BLOB_OFFSET (MBOCHS_EDID_SIZE/2) 87 88 #define STORE_LE16(addr, val) (*(u16 *)addr = val) 89 #define STORE_LE32(addr, val) (*(u32 *)addr = val) 90 91 92 MODULE_LICENSE("GPL v2"); 93 94 static int max_mbytes = 256; 95 module_param_named(count, max_mbytes, int, 0444); 96 MODULE_PARM_DESC(mem, "megabytes available to " MBOCHS_NAME " devices"); 97 98 99 #define MBOCHS_TYPE_1 "small" 100 #define MBOCHS_TYPE_2 "medium" 101 #define MBOCHS_TYPE_3 "large" 102 103 static const struct mbochs_type { 104 const char *name; 105 u32 mbytes; 106 u32 max_x; 107 u32 max_y; 108 } mbochs_types[] = { 109 { 110 .name = MBOCHS_CLASS_NAME "-" MBOCHS_TYPE_1, 111 .mbytes = 4, 112 .max_x = 800, 113 .max_y = 600, 114 }, { 115 .name = MBOCHS_CLASS_NAME "-" MBOCHS_TYPE_2, 116 .mbytes = 16, 117 .max_x = 1920, 118 .max_y = 1440, 119 }, { 120 .name = MBOCHS_CLASS_NAME "-" MBOCHS_TYPE_3, 121 .mbytes = 64, 122 .max_x = 0, 123 .max_y = 0, 124 }, 125 }; 126 127 128 static dev_t mbochs_devt; 129 static struct class *mbochs_class; 130 static struct cdev mbochs_cdev; 131 static struct device mbochs_dev; 132 static int mbochs_used_mbytes; 133 134 struct vfio_region_info_ext { 135 struct vfio_region_info base; 136 struct vfio_region_info_cap_type type; 137 }; 138 139 struct mbochs_mode { 140 u32 drm_format; 141 u32 bytepp; 142 u32 width; 143 u32 height; 144 u32 stride; 145 u32 __pad; 146 u64 offset; 147 u64 size; 148 }; 149 150 struct mbochs_dmabuf { 151 struct mbochs_mode mode; 152 u32 id; 153 struct page **pages; 154 pgoff_t pagecount; 155 struct dma_buf *buf; 156 struct mdev_state *mdev_state; 157 struct list_head next; 158 bool unlinked; 159 }; 160 161 /* State of each mdev device */ 162 struct mdev_state { 163 u8 *vconfig; 164 u64 bar_mask[3]; 165 u32 memory_bar_mask; 166 struct mutex ops_lock; 167 struct mdev_device *mdev; 168 169 const struct mbochs_type *type; 170 u16 vbe[VBE_DISPI_INDEX_COUNT]; 171 u64 memsize; 172 struct page **pages; 173 pgoff_t pagecount; 174 struct vfio_region_gfx_edid edid_regs; 175 u8 edid_blob[0x400]; 176 177 struct list_head dmabufs; 178 u32 active_id; 179 u32 next_id; 180 }; 181 182 static const char *vbe_name_list[VBE_DISPI_INDEX_COUNT] = { 183 [VBE_DISPI_INDEX_ID] = "id", 184 [VBE_DISPI_INDEX_XRES] = "xres", 185 [VBE_DISPI_INDEX_YRES] = "yres", 186 [VBE_DISPI_INDEX_BPP] = "bpp", 187 [VBE_DISPI_INDEX_ENABLE] = "enable", 188 [VBE_DISPI_INDEX_BANK] = "bank", 189 [VBE_DISPI_INDEX_VIRT_WIDTH] = "virt-width", 190 [VBE_DISPI_INDEX_VIRT_HEIGHT] = "virt-height", 191 [VBE_DISPI_INDEX_X_OFFSET] = "x-offset", 192 [VBE_DISPI_INDEX_Y_OFFSET] = "y-offset", 193 [VBE_DISPI_INDEX_VIDEO_MEMORY_64K] = "video-mem", 194 }; 195 196 static const char *vbe_name(u32 index) 197 { 198 if (index < ARRAY_SIZE(vbe_name_list)) 199 return vbe_name_list[index]; 200 return "(invalid)"; 201 } 202 203 static struct page *__mbochs_get_page(struct mdev_state *mdev_state, 204 pgoff_t pgoff); 205 static struct page *mbochs_get_page(struct mdev_state *mdev_state, 206 pgoff_t pgoff); 207 208 static void mbochs_create_config_space(struct mdev_state *mdev_state) 209 { 210 STORE_LE16((u16 *) &mdev_state->vconfig[PCI_VENDOR_ID], 211 0x1234); 212 STORE_LE16((u16 *) &mdev_state->vconfig[PCI_DEVICE_ID], 213 0x1111); 214 STORE_LE16((u16 *) &mdev_state->vconfig[PCI_SUBSYSTEM_VENDOR_ID], 215 PCI_SUBVENDOR_ID_REDHAT_QUMRANET); 216 STORE_LE16((u16 *) &mdev_state->vconfig[PCI_SUBSYSTEM_ID], 217 PCI_SUBDEVICE_ID_QEMU); 218 219 STORE_LE16((u16 *) &mdev_state->vconfig[PCI_COMMAND], 220 PCI_COMMAND_IO | PCI_COMMAND_MEMORY); 221 STORE_LE16((u16 *) &mdev_state->vconfig[PCI_CLASS_DEVICE], 222 PCI_CLASS_DISPLAY_OTHER); 223 mdev_state->vconfig[PCI_CLASS_REVISION] = 0x01; 224 225 STORE_LE32((u32 *) &mdev_state->vconfig[PCI_BASE_ADDRESS_0], 226 PCI_BASE_ADDRESS_SPACE_MEMORY | 227 PCI_BASE_ADDRESS_MEM_TYPE_32 | 228 PCI_BASE_ADDRESS_MEM_PREFETCH); 229 mdev_state->bar_mask[0] = ~(mdev_state->memsize) + 1; 230 231 STORE_LE32((u32 *) &mdev_state->vconfig[PCI_BASE_ADDRESS_2], 232 PCI_BASE_ADDRESS_SPACE_MEMORY | 233 PCI_BASE_ADDRESS_MEM_TYPE_32); 234 mdev_state->bar_mask[2] = ~(MBOCHS_MMIO_BAR_SIZE) + 1; 235 } 236 237 static int mbochs_check_framebuffer(struct mdev_state *mdev_state, 238 struct mbochs_mode *mode) 239 { 240 struct device *dev = mdev_dev(mdev_state->mdev); 241 u16 *vbe = mdev_state->vbe; 242 u32 virt_width; 243 244 WARN_ON(!mutex_is_locked(&mdev_state->ops_lock)); 245 246 if (!(vbe[VBE_DISPI_INDEX_ENABLE] & VBE_DISPI_ENABLED)) 247 goto nofb; 248 249 memset(mode, 0, sizeof(*mode)); 250 switch (vbe[VBE_DISPI_INDEX_BPP]) { 251 case 32: 252 mode->drm_format = DRM_FORMAT_XRGB8888; 253 mode->bytepp = 4; 254 break; 255 default: 256 dev_info_ratelimited(dev, "%s: bpp %d not supported\n", 257 __func__, vbe[VBE_DISPI_INDEX_BPP]); 258 goto nofb; 259 } 260 261 mode->width = vbe[VBE_DISPI_INDEX_XRES]; 262 mode->height = vbe[VBE_DISPI_INDEX_YRES]; 263 virt_width = vbe[VBE_DISPI_INDEX_VIRT_WIDTH]; 264 if (virt_width < mode->width) 265 virt_width = mode->width; 266 mode->stride = virt_width * mode->bytepp; 267 mode->size = (u64)mode->stride * mode->height; 268 mode->offset = ((u64)vbe[VBE_DISPI_INDEX_X_OFFSET] * mode->bytepp + 269 (u64)vbe[VBE_DISPI_INDEX_Y_OFFSET] * mode->stride); 270 271 if (mode->width < 64 || mode->height < 64) { 272 dev_info_ratelimited(dev, "%s: invalid resolution %dx%d\n", 273 __func__, mode->width, mode->height); 274 goto nofb; 275 } 276 if (mode->offset + mode->size > mdev_state->memsize) { 277 dev_info_ratelimited(dev, "%s: framebuffer memory overflow\n", 278 __func__); 279 goto nofb; 280 } 281 282 return 0; 283 284 nofb: 285 memset(mode, 0, sizeof(*mode)); 286 return -EINVAL; 287 } 288 289 static bool mbochs_modes_equal(struct mbochs_mode *mode1, 290 struct mbochs_mode *mode2) 291 { 292 return memcmp(mode1, mode2, sizeof(struct mbochs_mode)) == 0; 293 } 294 295 static void handle_pci_cfg_write(struct mdev_state *mdev_state, u16 offset, 296 char *buf, u32 count) 297 { 298 struct device *dev = mdev_dev(mdev_state->mdev); 299 int index = (offset - PCI_BASE_ADDRESS_0) / 0x04; 300 u32 cfg_addr; 301 302 switch (offset) { 303 case PCI_BASE_ADDRESS_0: 304 case PCI_BASE_ADDRESS_2: 305 cfg_addr = *(u32 *)buf; 306 307 if (cfg_addr == 0xffffffff) { 308 cfg_addr = (cfg_addr & mdev_state->bar_mask[index]); 309 } else { 310 cfg_addr &= PCI_BASE_ADDRESS_MEM_MASK; 311 if (cfg_addr) 312 dev_info(dev, "BAR #%d @ 0x%x\n", 313 index, cfg_addr); 314 } 315 316 cfg_addr |= (mdev_state->vconfig[offset] & 317 ~PCI_BASE_ADDRESS_MEM_MASK); 318 STORE_LE32(&mdev_state->vconfig[offset], cfg_addr); 319 break; 320 } 321 } 322 323 static void handle_mmio_write(struct mdev_state *mdev_state, u16 offset, 324 char *buf, u32 count) 325 { 326 struct device *dev = mdev_dev(mdev_state->mdev); 327 int index; 328 u16 reg16; 329 330 switch (offset) { 331 case 0x400 ... 0x41f: /* vga ioports remapped */ 332 goto unhandled; 333 case 0x500 ... 0x515: /* bochs dispi interface */ 334 if (count != 2) 335 goto unhandled; 336 index = (offset - 0x500) / 2; 337 reg16 = *(u16 *)buf; 338 if (index < ARRAY_SIZE(mdev_state->vbe)) 339 mdev_state->vbe[index] = reg16; 340 dev_dbg(dev, "%s: vbe write %d = %d (%s)\n", 341 __func__, index, reg16, vbe_name(index)); 342 break; 343 case 0x600 ... 0x607: /* qemu extended regs */ 344 goto unhandled; 345 default: 346 unhandled: 347 dev_dbg(dev, "%s: @0x%03x, count %d (unhandled)\n", 348 __func__, offset, count); 349 break; 350 } 351 } 352 353 static void handle_mmio_read(struct mdev_state *mdev_state, u16 offset, 354 char *buf, u32 count) 355 { 356 struct device *dev = mdev_dev(mdev_state->mdev); 357 struct vfio_region_gfx_edid *edid; 358 u16 reg16 = 0; 359 int index; 360 361 switch (offset) { 362 case 0x000 ... 0x3ff: /* edid block */ 363 edid = &mdev_state->edid_regs; 364 if (edid->link_state != VFIO_DEVICE_GFX_LINK_STATE_UP || 365 offset >= edid->edid_size) { 366 memset(buf, 0, count); 367 break; 368 } 369 memcpy(buf, mdev_state->edid_blob + offset, count); 370 break; 371 case 0x500 ... 0x515: /* bochs dispi interface */ 372 if (count != 2) 373 goto unhandled; 374 index = (offset - 0x500) / 2; 375 if (index < ARRAY_SIZE(mdev_state->vbe)) 376 reg16 = mdev_state->vbe[index]; 377 dev_dbg(dev, "%s: vbe read %d = %d (%s)\n", 378 __func__, index, reg16, vbe_name(index)); 379 *(u16 *)buf = reg16; 380 break; 381 default: 382 unhandled: 383 dev_dbg(dev, "%s: @0x%03x, count %d (unhandled)\n", 384 __func__, offset, count); 385 memset(buf, 0, count); 386 break; 387 } 388 } 389 390 static void handle_edid_regs(struct mdev_state *mdev_state, u16 offset, 391 char *buf, u32 count, bool is_write) 392 { 393 char *regs = (void *)&mdev_state->edid_regs; 394 395 if (offset + count > sizeof(mdev_state->edid_regs)) 396 return; 397 if (count != 4) 398 return; 399 if (offset % 4) 400 return; 401 402 if (is_write) { 403 switch (offset) { 404 case offsetof(struct vfio_region_gfx_edid, link_state): 405 case offsetof(struct vfio_region_gfx_edid, edid_size): 406 memcpy(regs + offset, buf, count); 407 break; 408 default: 409 /* read-only regs */ 410 break; 411 } 412 } else { 413 memcpy(buf, regs + offset, count); 414 } 415 } 416 417 static void handle_edid_blob(struct mdev_state *mdev_state, u16 offset, 418 char *buf, u32 count, bool is_write) 419 { 420 if (offset + count > mdev_state->edid_regs.edid_max_size) 421 return; 422 if (is_write) 423 memcpy(mdev_state->edid_blob + offset, buf, count); 424 else 425 memcpy(buf, mdev_state->edid_blob + offset, count); 426 } 427 428 static ssize_t mdev_access(struct mdev_device *mdev, char *buf, size_t count, 429 loff_t pos, bool is_write) 430 { 431 struct mdev_state *mdev_state = mdev_get_drvdata(mdev); 432 struct device *dev = mdev_dev(mdev); 433 struct page *pg; 434 loff_t poff; 435 char *map; 436 int ret = 0; 437 438 mutex_lock(&mdev_state->ops_lock); 439 440 if (pos < MBOCHS_CONFIG_SPACE_SIZE) { 441 if (is_write) 442 handle_pci_cfg_write(mdev_state, pos, buf, count); 443 else 444 memcpy(buf, (mdev_state->vconfig + pos), count); 445 446 } else if (pos >= MBOCHS_MMIO_BAR_OFFSET && 447 pos + count <= (MBOCHS_MMIO_BAR_OFFSET + 448 MBOCHS_MMIO_BAR_SIZE)) { 449 pos -= MBOCHS_MMIO_BAR_OFFSET; 450 if (is_write) 451 handle_mmio_write(mdev_state, pos, buf, count); 452 else 453 handle_mmio_read(mdev_state, pos, buf, count); 454 455 } else if (pos >= MBOCHS_EDID_OFFSET && 456 pos + count <= (MBOCHS_EDID_OFFSET + 457 MBOCHS_EDID_SIZE)) { 458 pos -= MBOCHS_EDID_OFFSET; 459 if (pos < MBOCHS_EDID_BLOB_OFFSET) { 460 handle_edid_regs(mdev_state, pos, buf, count, is_write); 461 } else { 462 pos -= MBOCHS_EDID_BLOB_OFFSET; 463 handle_edid_blob(mdev_state, pos, buf, count, is_write); 464 } 465 466 } else if (pos >= MBOCHS_MEMORY_BAR_OFFSET && 467 pos + count <= 468 MBOCHS_MEMORY_BAR_OFFSET + mdev_state->memsize) { 469 pos -= MBOCHS_MMIO_BAR_OFFSET; 470 poff = pos & ~PAGE_MASK; 471 pg = __mbochs_get_page(mdev_state, pos >> PAGE_SHIFT); 472 map = kmap(pg); 473 if (is_write) 474 memcpy(map + poff, buf, count); 475 else 476 memcpy(buf, map + poff, count); 477 kunmap(pg); 478 put_page(pg); 479 480 } else { 481 dev_dbg(dev, "%s: %s @0x%llx (unhandled)\n", 482 __func__, is_write ? "WR" : "RD", pos); 483 ret = -1; 484 goto accessfailed; 485 } 486 487 ret = count; 488 489 490 accessfailed: 491 mutex_unlock(&mdev_state->ops_lock); 492 493 return ret; 494 } 495 496 static int mbochs_reset(struct mdev_device *mdev) 497 { 498 struct mdev_state *mdev_state = mdev_get_drvdata(mdev); 499 u32 size64k = mdev_state->memsize / (64 * 1024); 500 int i; 501 502 for (i = 0; i < ARRAY_SIZE(mdev_state->vbe); i++) 503 mdev_state->vbe[i] = 0; 504 mdev_state->vbe[VBE_DISPI_INDEX_ID] = VBE_DISPI_ID5; 505 mdev_state->vbe[VBE_DISPI_INDEX_VIDEO_MEMORY_64K] = size64k; 506 return 0; 507 } 508 509 static int mbochs_create(struct mdev_device *mdev) 510 { 511 const struct mbochs_type *type = 512 &mbochs_types[mdev_get_type_group_id(mdev)]; 513 struct device *dev = mdev_dev(mdev); 514 struct mdev_state *mdev_state; 515 516 if (!type) 517 type = &mbochs_types[0]; 518 if (type->mbytes + mbochs_used_mbytes > max_mbytes) 519 return -ENOMEM; 520 521 mdev_state = kzalloc(sizeof(struct mdev_state), GFP_KERNEL); 522 if (mdev_state == NULL) 523 return -ENOMEM; 524 525 mdev_state->vconfig = kzalloc(MBOCHS_CONFIG_SPACE_SIZE, GFP_KERNEL); 526 if (mdev_state->vconfig == NULL) 527 goto err_mem; 528 529 mdev_state->memsize = type->mbytes * 1024 * 1024; 530 mdev_state->pagecount = mdev_state->memsize >> PAGE_SHIFT; 531 mdev_state->pages = kcalloc(mdev_state->pagecount, 532 sizeof(struct page *), 533 GFP_KERNEL); 534 if (!mdev_state->pages) 535 goto err_mem; 536 537 dev_info(dev, "%s: %s, %d MB, %ld pages\n", __func__, 538 type->name, type->mbytes, mdev_state->pagecount); 539 540 mutex_init(&mdev_state->ops_lock); 541 mdev_state->mdev = mdev; 542 mdev_set_drvdata(mdev, mdev_state); 543 INIT_LIST_HEAD(&mdev_state->dmabufs); 544 mdev_state->next_id = 1; 545 546 mdev_state->type = type; 547 mdev_state->edid_regs.max_xres = type->max_x; 548 mdev_state->edid_regs.max_yres = type->max_y; 549 mdev_state->edid_regs.edid_offset = MBOCHS_EDID_BLOB_OFFSET; 550 mdev_state->edid_regs.edid_max_size = sizeof(mdev_state->edid_blob); 551 mbochs_create_config_space(mdev_state); 552 mbochs_reset(mdev); 553 554 mbochs_used_mbytes += type->mbytes; 555 return 0; 556 557 err_mem: 558 kfree(mdev_state->vconfig); 559 kfree(mdev_state); 560 return -ENOMEM; 561 } 562 563 static int mbochs_remove(struct mdev_device *mdev) 564 { 565 struct mdev_state *mdev_state = mdev_get_drvdata(mdev); 566 567 mbochs_used_mbytes -= mdev_state->type->mbytes; 568 mdev_set_drvdata(mdev, NULL); 569 kfree(mdev_state->pages); 570 kfree(mdev_state->vconfig); 571 kfree(mdev_state); 572 return 0; 573 } 574 575 static ssize_t mbochs_read(struct mdev_device *mdev, char __user *buf, 576 size_t count, loff_t *ppos) 577 { 578 unsigned int done = 0; 579 int ret; 580 581 while (count) { 582 size_t filled; 583 584 if (count >= 4 && !(*ppos % 4)) { 585 u32 val; 586 587 ret = mdev_access(mdev, (char *)&val, sizeof(val), 588 *ppos, false); 589 if (ret <= 0) 590 goto read_err; 591 592 if (copy_to_user(buf, &val, sizeof(val))) 593 goto read_err; 594 595 filled = 4; 596 } else if (count >= 2 && !(*ppos % 2)) { 597 u16 val; 598 599 ret = mdev_access(mdev, (char *)&val, sizeof(val), 600 *ppos, false); 601 if (ret <= 0) 602 goto read_err; 603 604 if (copy_to_user(buf, &val, sizeof(val))) 605 goto read_err; 606 607 filled = 2; 608 } else { 609 u8 val; 610 611 ret = mdev_access(mdev, (char *)&val, sizeof(val), 612 *ppos, false); 613 if (ret <= 0) 614 goto read_err; 615 616 if (copy_to_user(buf, &val, sizeof(val))) 617 goto read_err; 618 619 filled = 1; 620 } 621 622 count -= filled; 623 done += filled; 624 *ppos += filled; 625 buf += filled; 626 } 627 628 return done; 629 630 read_err: 631 return -EFAULT; 632 } 633 634 static ssize_t mbochs_write(struct mdev_device *mdev, const char __user *buf, 635 size_t count, loff_t *ppos) 636 { 637 unsigned int done = 0; 638 int ret; 639 640 while (count) { 641 size_t filled; 642 643 if (count >= 4 && !(*ppos % 4)) { 644 u32 val; 645 646 if (copy_from_user(&val, buf, sizeof(val))) 647 goto write_err; 648 649 ret = mdev_access(mdev, (char *)&val, sizeof(val), 650 *ppos, true); 651 if (ret <= 0) 652 goto write_err; 653 654 filled = 4; 655 } else if (count >= 2 && !(*ppos % 2)) { 656 u16 val; 657 658 if (copy_from_user(&val, buf, sizeof(val))) 659 goto write_err; 660 661 ret = mdev_access(mdev, (char *)&val, sizeof(val), 662 *ppos, true); 663 if (ret <= 0) 664 goto write_err; 665 666 filled = 2; 667 } else { 668 u8 val; 669 670 if (copy_from_user(&val, buf, sizeof(val))) 671 goto write_err; 672 673 ret = mdev_access(mdev, (char *)&val, sizeof(val), 674 *ppos, true); 675 if (ret <= 0) 676 goto write_err; 677 678 filled = 1; 679 } 680 count -= filled; 681 done += filled; 682 *ppos += filled; 683 buf += filled; 684 } 685 686 return done; 687 write_err: 688 return -EFAULT; 689 } 690 691 static struct page *__mbochs_get_page(struct mdev_state *mdev_state, 692 pgoff_t pgoff) 693 { 694 WARN_ON(!mutex_is_locked(&mdev_state->ops_lock)); 695 696 if (!mdev_state->pages[pgoff]) { 697 mdev_state->pages[pgoff] = 698 alloc_pages(GFP_HIGHUSER | __GFP_ZERO, 0); 699 if (!mdev_state->pages[pgoff]) 700 return NULL; 701 } 702 703 get_page(mdev_state->pages[pgoff]); 704 return mdev_state->pages[pgoff]; 705 } 706 707 static struct page *mbochs_get_page(struct mdev_state *mdev_state, 708 pgoff_t pgoff) 709 { 710 struct page *page; 711 712 if (WARN_ON(pgoff >= mdev_state->pagecount)) 713 return NULL; 714 715 mutex_lock(&mdev_state->ops_lock); 716 page = __mbochs_get_page(mdev_state, pgoff); 717 mutex_unlock(&mdev_state->ops_lock); 718 719 return page; 720 } 721 722 static void mbochs_put_pages(struct mdev_state *mdev_state) 723 { 724 struct device *dev = mdev_dev(mdev_state->mdev); 725 int i, count = 0; 726 727 WARN_ON(!mutex_is_locked(&mdev_state->ops_lock)); 728 729 for (i = 0; i < mdev_state->pagecount; i++) { 730 if (!mdev_state->pages[i]) 731 continue; 732 put_page(mdev_state->pages[i]); 733 mdev_state->pages[i] = NULL; 734 count++; 735 } 736 dev_dbg(dev, "%s: %d pages released\n", __func__, count); 737 } 738 739 static vm_fault_t mbochs_region_vm_fault(struct vm_fault *vmf) 740 { 741 struct vm_area_struct *vma = vmf->vma; 742 struct mdev_state *mdev_state = vma->vm_private_data; 743 pgoff_t page_offset = (vmf->address - vma->vm_start) >> PAGE_SHIFT; 744 745 if (page_offset >= mdev_state->pagecount) 746 return VM_FAULT_SIGBUS; 747 748 vmf->page = mbochs_get_page(mdev_state, page_offset); 749 if (!vmf->page) 750 return VM_FAULT_SIGBUS; 751 752 return 0; 753 } 754 755 static const struct vm_operations_struct mbochs_region_vm_ops = { 756 .fault = mbochs_region_vm_fault, 757 }; 758 759 static int mbochs_mmap(struct mdev_device *mdev, struct vm_area_struct *vma) 760 { 761 struct mdev_state *mdev_state = mdev_get_drvdata(mdev); 762 763 if (vma->vm_pgoff != MBOCHS_MEMORY_BAR_OFFSET >> PAGE_SHIFT) 764 return -EINVAL; 765 if (vma->vm_end < vma->vm_start) 766 return -EINVAL; 767 if (vma->vm_end - vma->vm_start > mdev_state->memsize) 768 return -EINVAL; 769 if ((vma->vm_flags & VM_SHARED) == 0) 770 return -EINVAL; 771 772 vma->vm_ops = &mbochs_region_vm_ops; 773 vma->vm_private_data = mdev_state; 774 return 0; 775 } 776 777 static vm_fault_t mbochs_dmabuf_vm_fault(struct vm_fault *vmf) 778 { 779 struct vm_area_struct *vma = vmf->vma; 780 struct mbochs_dmabuf *dmabuf = vma->vm_private_data; 781 782 if (WARN_ON(vmf->pgoff >= dmabuf->pagecount)) 783 return VM_FAULT_SIGBUS; 784 785 vmf->page = dmabuf->pages[vmf->pgoff]; 786 get_page(vmf->page); 787 return 0; 788 } 789 790 static const struct vm_operations_struct mbochs_dmabuf_vm_ops = { 791 .fault = mbochs_dmabuf_vm_fault, 792 }; 793 794 static int mbochs_mmap_dmabuf(struct dma_buf *buf, struct vm_area_struct *vma) 795 { 796 struct mbochs_dmabuf *dmabuf = buf->priv; 797 struct device *dev = mdev_dev(dmabuf->mdev_state->mdev); 798 799 dev_dbg(dev, "%s: %d\n", __func__, dmabuf->id); 800 801 if ((vma->vm_flags & VM_SHARED) == 0) 802 return -EINVAL; 803 804 vma->vm_ops = &mbochs_dmabuf_vm_ops; 805 vma->vm_private_data = dmabuf; 806 return 0; 807 } 808 809 static void mbochs_print_dmabuf(struct mbochs_dmabuf *dmabuf, 810 const char *prefix) 811 { 812 struct device *dev = mdev_dev(dmabuf->mdev_state->mdev); 813 u32 fourcc = dmabuf->mode.drm_format; 814 815 dev_dbg(dev, "%s/%d: %c%c%c%c, %dx%d, stride %d, off 0x%llx, size 0x%llx, pages %ld\n", 816 prefix, dmabuf->id, 817 fourcc ? ((fourcc >> 0) & 0xff) : '-', 818 fourcc ? ((fourcc >> 8) & 0xff) : '-', 819 fourcc ? ((fourcc >> 16) & 0xff) : '-', 820 fourcc ? ((fourcc >> 24) & 0xff) : '-', 821 dmabuf->mode.width, dmabuf->mode.height, dmabuf->mode.stride, 822 dmabuf->mode.offset, dmabuf->mode.size, dmabuf->pagecount); 823 } 824 825 static struct sg_table *mbochs_map_dmabuf(struct dma_buf_attachment *at, 826 enum dma_data_direction direction) 827 { 828 struct mbochs_dmabuf *dmabuf = at->dmabuf->priv; 829 struct device *dev = mdev_dev(dmabuf->mdev_state->mdev); 830 struct sg_table *sg; 831 832 dev_dbg(dev, "%s: %d\n", __func__, dmabuf->id); 833 834 sg = kzalloc(sizeof(*sg), GFP_KERNEL); 835 if (!sg) 836 goto err1; 837 if (sg_alloc_table_from_pages(sg, dmabuf->pages, dmabuf->pagecount, 838 0, dmabuf->mode.size, GFP_KERNEL) < 0) 839 goto err2; 840 if (dma_map_sgtable(at->dev, sg, direction, 0)) 841 goto err3; 842 843 return sg; 844 845 err3: 846 sg_free_table(sg); 847 err2: 848 kfree(sg); 849 err1: 850 return ERR_PTR(-ENOMEM); 851 } 852 853 static void mbochs_unmap_dmabuf(struct dma_buf_attachment *at, 854 struct sg_table *sg, 855 enum dma_data_direction direction) 856 { 857 struct mbochs_dmabuf *dmabuf = at->dmabuf->priv; 858 struct device *dev = mdev_dev(dmabuf->mdev_state->mdev); 859 860 dev_dbg(dev, "%s: %d\n", __func__, dmabuf->id); 861 862 dma_unmap_sgtable(at->dev, sg, direction, 0); 863 sg_free_table(sg); 864 kfree(sg); 865 } 866 867 static void mbochs_release_dmabuf(struct dma_buf *buf) 868 { 869 struct mbochs_dmabuf *dmabuf = buf->priv; 870 struct mdev_state *mdev_state = dmabuf->mdev_state; 871 struct device *dev = mdev_dev(mdev_state->mdev); 872 pgoff_t pg; 873 874 dev_dbg(dev, "%s: %d\n", __func__, dmabuf->id); 875 876 for (pg = 0; pg < dmabuf->pagecount; pg++) 877 put_page(dmabuf->pages[pg]); 878 879 mutex_lock(&mdev_state->ops_lock); 880 dmabuf->buf = NULL; 881 if (dmabuf->unlinked) 882 kfree(dmabuf); 883 mutex_unlock(&mdev_state->ops_lock); 884 } 885 886 static struct dma_buf_ops mbochs_dmabuf_ops = { 887 .map_dma_buf = mbochs_map_dmabuf, 888 .unmap_dma_buf = mbochs_unmap_dmabuf, 889 .release = mbochs_release_dmabuf, 890 .mmap = mbochs_mmap_dmabuf, 891 }; 892 893 static struct mbochs_dmabuf *mbochs_dmabuf_alloc(struct mdev_state *mdev_state, 894 struct mbochs_mode *mode) 895 { 896 struct mbochs_dmabuf *dmabuf; 897 pgoff_t page_offset, pg; 898 899 WARN_ON(!mutex_is_locked(&mdev_state->ops_lock)); 900 901 dmabuf = kzalloc(sizeof(struct mbochs_dmabuf), GFP_KERNEL); 902 if (!dmabuf) 903 return NULL; 904 905 dmabuf->mode = *mode; 906 dmabuf->id = mdev_state->next_id++; 907 dmabuf->pagecount = DIV_ROUND_UP(mode->size, PAGE_SIZE); 908 dmabuf->pages = kcalloc(dmabuf->pagecount, sizeof(struct page *), 909 GFP_KERNEL); 910 if (!dmabuf->pages) 911 goto err_free_dmabuf; 912 913 page_offset = dmabuf->mode.offset >> PAGE_SHIFT; 914 for (pg = 0; pg < dmabuf->pagecount; pg++) { 915 dmabuf->pages[pg] = __mbochs_get_page(mdev_state, 916 page_offset + pg); 917 if (!dmabuf->pages[pg]) 918 goto err_free_pages; 919 } 920 921 dmabuf->mdev_state = mdev_state; 922 list_add(&dmabuf->next, &mdev_state->dmabufs); 923 924 mbochs_print_dmabuf(dmabuf, __func__); 925 return dmabuf; 926 927 err_free_pages: 928 while (pg > 0) 929 put_page(dmabuf->pages[--pg]); 930 kfree(dmabuf->pages); 931 err_free_dmabuf: 932 kfree(dmabuf); 933 return NULL; 934 } 935 936 static struct mbochs_dmabuf * 937 mbochs_dmabuf_find_by_mode(struct mdev_state *mdev_state, 938 struct mbochs_mode *mode) 939 { 940 struct mbochs_dmabuf *dmabuf; 941 942 WARN_ON(!mutex_is_locked(&mdev_state->ops_lock)); 943 944 list_for_each_entry(dmabuf, &mdev_state->dmabufs, next) 945 if (mbochs_modes_equal(&dmabuf->mode, mode)) 946 return dmabuf; 947 948 return NULL; 949 } 950 951 static struct mbochs_dmabuf * 952 mbochs_dmabuf_find_by_id(struct mdev_state *mdev_state, u32 id) 953 { 954 struct mbochs_dmabuf *dmabuf; 955 956 WARN_ON(!mutex_is_locked(&mdev_state->ops_lock)); 957 958 list_for_each_entry(dmabuf, &mdev_state->dmabufs, next) 959 if (dmabuf->id == id) 960 return dmabuf; 961 962 return NULL; 963 } 964 965 static int mbochs_dmabuf_export(struct mbochs_dmabuf *dmabuf) 966 { 967 struct mdev_state *mdev_state = dmabuf->mdev_state; 968 struct device *dev = mdev_dev(mdev_state->mdev); 969 DEFINE_DMA_BUF_EXPORT_INFO(exp_info); 970 struct dma_buf *buf; 971 972 WARN_ON(!mutex_is_locked(&mdev_state->ops_lock)); 973 974 if (!IS_ALIGNED(dmabuf->mode.offset, PAGE_SIZE)) { 975 dev_info_ratelimited(dev, "%s: framebuffer not page-aligned\n", 976 __func__); 977 return -EINVAL; 978 } 979 980 exp_info.ops = &mbochs_dmabuf_ops; 981 exp_info.size = dmabuf->mode.size; 982 exp_info.priv = dmabuf; 983 984 buf = dma_buf_export(&exp_info); 985 if (IS_ERR(buf)) { 986 dev_info_ratelimited(dev, "%s: dma_buf_export failed: %ld\n", 987 __func__, PTR_ERR(buf)); 988 return PTR_ERR(buf); 989 } 990 991 dmabuf->buf = buf; 992 dev_dbg(dev, "%s: %d\n", __func__, dmabuf->id); 993 return 0; 994 } 995 996 static int mbochs_get_region_info(struct mdev_device *mdev, 997 struct vfio_region_info_ext *ext) 998 { 999 struct vfio_region_info *region_info = &ext->base; 1000 struct mdev_state *mdev_state; 1001 1002 mdev_state = mdev_get_drvdata(mdev); 1003 if (!mdev_state) 1004 return -EINVAL; 1005 1006 if (region_info->index >= MBOCHS_NUM_REGIONS) 1007 return -EINVAL; 1008 1009 switch (region_info->index) { 1010 case VFIO_PCI_CONFIG_REGION_INDEX: 1011 region_info->offset = 0; 1012 region_info->size = MBOCHS_CONFIG_SPACE_SIZE; 1013 region_info->flags = (VFIO_REGION_INFO_FLAG_READ | 1014 VFIO_REGION_INFO_FLAG_WRITE); 1015 break; 1016 case VFIO_PCI_BAR0_REGION_INDEX: 1017 region_info->offset = MBOCHS_MEMORY_BAR_OFFSET; 1018 region_info->size = mdev_state->memsize; 1019 region_info->flags = (VFIO_REGION_INFO_FLAG_READ | 1020 VFIO_REGION_INFO_FLAG_WRITE | 1021 VFIO_REGION_INFO_FLAG_MMAP); 1022 break; 1023 case VFIO_PCI_BAR2_REGION_INDEX: 1024 region_info->offset = MBOCHS_MMIO_BAR_OFFSET; 1025 region_info->size = MBOCHS_MMIO_BAR_SIZE; 1026 region_info->flags = (VFIO_REGION_INFO_FLAG_READ | 1027 VFIO_REGION_INFO_FLAG_WRITE); 1028 break; 1029 case MBOCHS_EDID_REGION_INDEX: 1030 ext->base.argsz = sizeof(*ext); 1031 ext->base.offset = MBOCHS_EDID_OFFSET; 1032 ext->base.size = MBOCHS_EDID_SIZE; 1033 ext->base.flags = (VFIO_REGION_INFO_FLAG_READ | 1034 VFIO_REGION_INFO_FLAG_WRITE | 1035 VFIO_REGION_INFO_FLAG_CAPS); 1036 ext->base.cap_offset = offsetof(typeof(*ext), type); 1037 ext->type.header.id = VFIO_REGION_INFO_CAP_TYPE; 1038 ext->type.header.version = 1; 1039 ext->type.header.next = 0; 1040 ext->type.type = VFIO_REGION_TYPE_GFX; 1041 ext->type.subtype = VFIO_REGION_SUBTYPE_GFX_EDID; 1042 break; 1043 default: 1044 region_info->size = 0; 1045 region_info->offset = 0; 1046 region_info->flags = 0; 1047 } 1048 1049 return 0; 1050 } 1051 1052 static int mbochs_get_irq_info(struct mdev_device *mdev, 1053 struct vfio_irq_info *irq_info) 1054 { 1055 irq_info->count = 0; 1056 return 0; 1057 } 1058 1059 static int mbochs_get_device_info(struct mdev_device *mdev, 1060 struct vfio_device_info *dev_info) 1061 { 1062 dev_info->flags = VFIO_DEVICE_FLAGS_PCI; 1063 dev_info->num_regions = MBOCHS_NUM_REGIONS; 1064 dev_info->num_irqs = VFIO_PCI_NUM_IRQS; 1065 return 0; 1066 } 1067 1068 static int mbochs_query_gfx_plane(struct mdev_device *mdev, 1069 struct vfio_device_gfx_plane_info *plane) 1070 { 1071 struct mdev_state *mdev_state = mdev_get_drvdata(mdev); 1072 struct device *dev = mdev_dev(mdev); 1073 struct mbochs_dmabuf *dmabuf; 1074 struct mbochs_mode mode; 1075 int ret; 1076 1077 if (plane->flags & VFIO_GFX_PLANE_TYPE_PROBE) { 1078 if (plane->flags == (VFIO_GFX_PLANE_TYPE_PROBE | 1079 VFIO_GFX_PLANE_TYPE_DMABUF)) 1080 return 0; 1081 return -EINVAL; 1082 } 1083 1084 if (plane->flags != VFIO_GFX_PLANE_TYPE_DMABUF) 1085 return -EINVAL; 1086 1087 plane->drm_format_mod = 0; 1088 plane->x_pos = 0; 1089 plane->y_pos = 0; 1090 plane->x_hot = 0; 1091 plane->y_hot = 0; 1092 1093 mutex_lock(&mdev_state->ops_lock); 1094 1095 ret = -EINVAL; 1096 if (plane->drm_plane_type == DRM_PLANE_TYPE_PRIMARY) 1097 ret = mbochs_check_framebuffer(mdev_state, &mode); 1098 if (ret < 0) { 1099 plane->drm_format = 0; 1100 plane->width = 0; 1101 plane->height = 0; 1102 plane->stride = 0; 1103 plane->size = 0; 1104 plane->dmabuf_id = 0; 1105 goto done; 1106 } 1107 1108 dmabuf = mbochs_dmabuf_find_by_mode(mdev_state, &mode); 1109 if (!dmabuf) 1110 mbochs_dmabuf_alloc(mdev_state, &mode); 1111 if (!dmabuf) { 1112 mutex_unlock(&mdev_state->ops_lock); 1113 return -ENOMEM; 1114 } 1115 1116 plane->drm_format = dmabuf->mode.drm_format; 1117 plane->width = dmabuf->mode.width; 1118 plane->height = dmabuf->mode.height; 1119 plane->stride = dmabuf->mode.stride; 1120 plane->size = dmabuf->mode.size; 1121 plane->dmabuf_id = dmabuf->id; 1122 1123 done: 1124 if (plane->drm_plane_type == DRM_PLANE_TYPE_PRIMARY && 1125 mdev_state->active_id != plane->dmabuf_id) { 1126 dev_dbg(dev, "%s: primary: %d => %d\n", __func__, 1127 mdev_state->active_id, plane->dmabuf_id); 1128 mdev_state->active_id = plane->dmabuf_id; 1129 } 1130 mutex_unlock(&mdev_state->ops_lock); 1131 return 0; 1132 } 1133 1134 static int mbochs_get_gfx_dmabuf(struct mdev_device *mdev, 1135 u32 id) 1136 { 1137 struct mdev_state *mdev_state = mdev_get_drvdata(mdev); 1138 struct mbochs_dmabuf *dmabuf; 1139 1140 mutex_lock(&mdev_state->ops_lock); 1141 1142 dmabuf = mbochs_dmabuf_find_by_id(mdev_state, id); 1143 if (!dmabuf) { 1144 mutex_unlock(&mdev_state->ops_lock); 1145 return -ENOENT; 1146 } 1147 1148 if (!dmabuf->buf) 1149 mbochs_dmabuf_export(dmabuf); 1150 1151 mutex_unlock(&mdev_state->ops_lock); 1152 1153 if (!dmabuf->buf) 1154 return -EINVAL; 1155 1156 return dma_buf_fd(dmabuf->buf, 0); 1157 } 1158 1159 static long mbochs_ioctl(struct mdev_device *mdev, unsigned int cmd, 1160 unsigned long arg) 1161 { 1162 int ret = 0; 1163 unsigned long minsz, outsz; 1164 1165 switch (cmd) { 1166 case VFIO_DEVICE_GET_INFO: 1167 { 1168 struct vfio_device_info info; 1169 1170 minsz = offsetofend(struct vfio_device_info, num_irqs); 1171 1172 if (copy_from_user(&info, (void __user *)arg, minsz)) 1173 return -EFAULT; 1174 1175 if (info.argsz < minsz) 1176 return -EINVAL; 1177 1178 ret = mbochs_get_device_info(mdev, &info); 1179 if (ret) 1180 return ret; 1181 1182 if (copy_to_user((void __user *)arg, &info, minsz)) 1183 return -EFAULT; 1184 1185 return 0; 1186 } 1187 case VFIO_DEVICE_GET_REGION_INFO: 1188 { 1189 struct vfio_region_info_ext info; 1190 1191 minsz = offsetofend(typeof(info), base.offset); 1192 1193 if (copy_from_user(&info, (void __user *)arg, minsz)) 1194 return -EFAULT; 1195 1196 outsz = info.base.argsz; 1197 if (outsz < minsz) 1198 return -EINVAL; 1199 if (outsz > sizeof(info)) 1200 return -EINVAL; 1201 1202 ret = mbochs_get_region_info(mdev, &info); 1203 if (ret) 1204 return ret; 1205 1206 if (copy_to_user((void __user *)arg, &info, outsz)) 1207 return -EFAULT; 1208 1209 return 0; 1210 } 1211 1212 case VFIO_DEVICE_GET_IRQ_INFO: 1213 { 1214 struct vfio_irq_info info; 1215 1216 minsz = offsetofend(struct vfio_irq_info, count); 1217 1218 if (copy_from_user(&info, (void __user *)arg, minsz)) 1219 return -EFAULT; 1220 1221 if ((info.argsz < minsz) || 1222 (info.index >= VFIO_PCI_NUM_IRQS)) 1223 return -EINVAL; 1224 1225 ret = mbochs_get_irq_info(mdev, &info); 1226 if (ret) 1227 return ret; 1228 1229 if (copy_to_user((void __user *)arg, &info, minsz)) 1230 return -EFAULT; 1231 1232 return 0; 1233 } 1234 1235 case VFIO_DEVICE_QUERY_GFX_PLANE: 1236 { 1237 struct vfio_device_gfx_plane_info plane; 1238 1239 minsz = offsetofend(struct vfio_device_gfx_plane_info, 1240 region_index); 1241 1242 if (copy_from_user(&plane, (void __user *)arg, minsz)) 1243 return -EFAULT; 1244 1245 if (plane.argsz < minsz) 1246 return -EINVAL; 1247 1248 ret = mbochs_query_gfx_plane(mdev, &plane); 1249 if (ret) 1250 return ret; 1251 1252 if (copy_to_user((void __user *)arg, &plane, minsz)) 1253 return -EFAULT; 1254 1255 return 0; 1256 } 1257 1258 case VFIO_DEVICE_GET_GFX_DMABUF: 1259 { 1260 u32 dmabuf_id; 1261 1262 if (get_user(dmabuf_id, (__u32 __user *)arg)) 1263 return -EFAULT; 1264 1265 return mbochs_get_gfx_dmabuf(mdev, dmabuf_id); 1266 } 1267 1268 case VFIO_DEVICE_SET_IRQS: 1269 return -EINVAL; 1270 1271 case VFIO_DEVICE_RESET: 1272 return mbochs_reset(mdev); 1273 } 1274 return -ENOTTY; 1275 } 1276 1277 static int mbochs_open(struct mdev_device *mdev) 1278 { 1279 if (!try_module_get(THIS_MODULE)) 1280 return -ENODEV; 1281 1282 return 0; 1283 } 1284 1285 static void mbochs_close(struct mdev_device *mdev) 1286 { 1287 struct mdev_state *mdev_state = mdev_get_drvdata(mdev); 1288 struct mbochs_dmabuf *dmabuf, *tmp; 1289 1290 mutex_lock(&mdev_state->ops_lock); 1291 1292 list_for_each_entry_safe(dmabuf, tmp, &mdev_state->dmabufs, next) { 1293 list_del(&dmabuf->next); 1294 if (dmabuf->buf) { 1295 /* free in mbochs_release_dmabuf() */ 1296 dmabuf->unlinked = true; 1297 } else { 1298 kfree(dmabuf); 1299 } 1300 } 1301 mbochs_put_pages(mdev_state); 1302 1303 mutex_unlock(&mdev_state->ops_lock); 1304 module_put(THIS_MODULE); 1305 } 1306 1307 static ssize_t 1308 memory_show(struct device *dev, struct device_attribute *attr, 1309 char *buf) 1310 { 1311 struct mdev_device *mdev = mdev_from_dev(dev); 1312 struct mdev_state *mdev_state = mdev_get_drvdata(mdev); 1313 1314 return sprintf(buf, "%d MB\n", mdev_state->type->mbytes); 1315 } 1316 static DEVICE_ATTR_RO(memory); 1317 1318 static struct attribute *mdev_dev_attrs[] = { 1319 &dev_attr_memory.attr, 1320 NULL, 1321 }; 1322 1323 static const struct attribute_group mdev_dev_group = { 1324 .name = "vendor", 1325 .attrs = mdev_dev_attrs, 1326 }; 1327 1328 static const struct attribute_group *mdev_dev_groups[] = { 1329 &mdev_dev_group, 1330 NULL, 1331 }; 1332 1333 static ssize_t name_show(struct mdev_type *mtype, 1334 struct mdev_type_attribute *attr, char *buf) 1335 { 1336 const struct mbochs_type *type = 1337 &mbochs_types[mtype_get_type_group_id(mtype)]; 1338 1339 return sprintf(buf, "%s\n", type->name); 1340 } 1341 static MDEV_TYPE_ATTR_RO(name); 1342 1343 static ssize_t description_show(struct mdev_type *mtype, 1344 struct mdev_type_attribute *attr, char *buf) 1345 { 1346 const struct mbochs_type *type = 1347 &mbochs_types[mtype_get_type_group_id(mtype)]; 1348 1349 return sprintf(buf, "virtual display, %d MB video memory\n", 1350 type ? type->mbytes : 0); 1351 } 1352 static MDEV_TYPE_ATTR_RO(description); 1353 1354 static ssize_t available_instances_show(struct mdev_type *mtype, 1355 struct mdev_type_attribute *attr, 1356 char *buf) 1357 { 1358 const struct mbochs_type *type = 1359 &mbochs_types[mtype_get_type_group_id(mtype)]; 1360 int count = (max_mbytes - mbochs_used_mbytes) / type->mbytes; 1361 1362 return sprintf(buf, "%d\n", count); 1363 } 1364 static MDEV_TYPE_ATTR_RO(available_instances); 1365 1366 static ssize_t device_api_show(struct mdev_type *mtype, 1367 struct mdev_type_attribute *attr, char *buf) 1368 { 1369 return sprintf(buf, "%s\n", VFIO_DEVICE_API_PCI_STRING); 1370 } 1371 static MDEV_TYPE_ATTR_RO(device_api); 1372 1373 static struct attribute *mdev_types_attrs[] = { 1374 &mdev_type_attr_name.attr, 1375 &mdev_type_attr_description.attr, 1376 &mdev_type_attr_device_api.attr, 1377 &mdev_type_attr_available_instances.attr, 1378 NULL, 1379 }; 1380 1381 static struct attribute_group mdev_type_group1 = { 1382 .name = MBOCHS_TYPE_1, 1383 .attrs = mdev_types_attrs, 1384 }; 1385 1386 static struct attribute_group mdev_type_group2 = { 1387 .name = MBOCHS_TYPE_2, 1388 .attrs = mdev_types_attrs, 1389 }; 1390 1391 static struct attribute_group mdev_type_group3 = { 1392 .name = MBOCHS_TYPE_3, 1393 .attrs = mdev_types_attrs, 1394 }; 1395 1396 static struct attribute_group *mdev_type_groups[] = { 1397 &mdev_type_group1, 1398 &mdev_type_group2, 1399 &mdev_type_group3, 1400 NULL, 1401 }; 1402 1403 static const struct mdev_parent_ops mdev_fops = { 1404 .owner = THIS_MODULE, 1405 .mdev_attr_groups = mdev_dev_groups, 1406 .supported_type_groups = mdev_type_groups, 1407 .create = mbochs_create, 1408 .remove = mbochs_remove, 1409 .open = mbochs_open, 1410 .release = mbochs_close, 1411 .read = mbochs_read, 1412 .write = mbochs_write, 1413 .ioctl = mbochs_ioctl, 1414 .mmap = mbochs_mmap, 1415 }; 1416 1417 static const struct file_operations vd_fops = { 1418 .owner = THIS_MODULE, 1419 }; 1420 1421 static void mbochs_device_release(struct device *dev) 1422 { 1423 /* nothing */ 1424 } 1425 1426 static int __init mbochs_dev_init(void) 1427 { 1428 int ret = 0; 1429 1430 ret = alloc_chrdev_region(&mbochs_devt, 0, MINORMASK + 1, MBOCHS_NAME); 1431 if (ret < 0) { 1432 pr_err("Error: failed to register mbochs_dev, err: %d\n", ret); 1433 return ret; 1434 } 1435 cdev_init(&mbochs_cdev, &vd_fops); 1436 cdev_add(&mbochs_cdev, mbochs_devt, MINORMASK + 1); 1437 pr_info("%s: major %d\n", __func__, MAJOR(mbochs_devt)); 1438 1439 mbochs_class = class_create(THIS_MODULE, MBOCHS_CLASS_NAME); 1440 if (IS_ERR(mbochs_class)) { 1441 pr_err("Error: failed to register mbochs_dev class\n"); 1442 ret = PTR_ERR(mbochs_class); 1443 goto failed1; 1444 } 1445 mbochs_dev.class = mbochs_class; 1446 mbochs_dev.release = mbochs_device_release; 1447 dev_set_name(&mbochs_dev, "%s", MBOCHS_NAME); 1448 1449 ret = device_register(&mbochs_dev); 1450 if (ret) 1451 goto failed2; 1452 1453 ret = mdev_register_device(&mbochs_dev, &mdev_fops); 1454 if (ret) 1455 goto failed3; 1456 1457 return 0; 1458 1459 failed3: 1460 device_unregister(&mbochs_dev); 1461 failed2: 1462 class_destroy(mbochs_class); 1463 failed1: 1464 cdev_del(&mbochs_cdev); 1465 unregister_chrdev_region(mbochs_devt, MINORMASK + 1); 1466 return ret; 1467 } 1468 1469 static void __exit mbochs_dev_exit(void) 1470 { 1471 mbochs_dev.bus = NULL; 1472 mdev_unregister_device(&mbochs_dev); 1473 1474 device_unregister(&mbochs_dev); 1475 cdev_del(&mbochs_cdev); 1476 unregister_chrdev_region(mbochs_devt, MINORMASK + 1); 1477 class_destroy(mbochs_class); 1478 mbochs_class = NULL; 1479 } 1480 1481 module_init(mbochs_dev_init) 1482 module_exit(mbochs_dev_exit) 1483