Loading...
1/*
2 * Copyright (C) 2015 Red Hat, Inc.
3 * All Rights Reserved.
4 *
5 * Authors:
6 * Dave Airlie
7 * Alon Levy
8 *
9 * Permission is hereby granted, free of charge, to any person obtaining a
10 * copy of this software and associated documentation files (the "Software"),
11 * to deal in the Software without restriction, including without limitation
12 * the rights to use, copy, modify, merge, publish, distribute, sublicense,
13 * and/or sell copies of the Software, and to permit persons to whom the
14 * Software is furnished to do so, subject to the following conditions:
15 *
16 * The above copyright notice and this permission notice shall be included in
17 * all copies or substantial portions of the Software.
18 *
19 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
20 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
21 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
22 * THE COPYRIGHT HOLDER(S) OR AUTHOR(S) BE LIABLE FOR ANY CLAIM, DAMAGES OR
23 * OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
24 * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
25 * OTHER DEALINGS IN THE SOFTWARE.
26 */
27
28#include <linux/file.h>
29#include <linux/sync_file.h>
30#include <linux/uaccess.h>
31
32#include <drm/drm_file.h>
33#include <drm/virtgpu_drm.h>
34
35#include "virtgpu_drv.h"
36
37#define VIRTGPU_BLOB_FLAG_USE_MASK (VIRTGPU_BLOB_FLAG_USE_MAPPABLE | \
38 VIRTGPU_BLOB_FLAG_USE_SHAREABLE | \
39 VIRTGPU_BLOB_FLAG_USE_CROSS_DEVICE)
40
41/* Must be called with &virtio_gpu_fpriv.struct_mutex held. */
42static void virtio_gpu_create_context_locked(struct virtio_gpu_device *vgdev,
43 struct virtio_gpu_fpriv *vfpriv)
44{
45 if (vfpriv->explicit_debug_name) {
46 virtio_gpu_cmd_context_create(vgdev, vfpriv->ctx_id,
47 vfpriv->context_init,
48 strlen(vfpriv->debug_name),
49 vfpriv->debug_name);
50 } else {
51 char dbgname[TASK_COMM_LEN];
52
53 get_task_comm(dbgname, current);
54 virtio_gpu_cmd_context_create(vgdev, vfpriv->ctx_id,
55 vfpriv->context_init, strlen(dbgname),
56 dbgname);
57 }
58
59 vfpriv->context_created = true;
60}
61
62void virtio_gpu_create_context(struct drm_device *dev, struct drm_file *file)
63{
64 struct virtio_gpu_device *vgdev = dev->dev_private;
65 struct virtio_gpu_fpriv *vfpriv = file->driver_priv;
66
67 mutex_lock(&vfpriv->context_lock);
68 if (vfpriv->context_created)
69 goto out_unlock;
70
71 virtio_gpu_create_context_locked(vgdev, vfpriv);
72
73out_unlock:
74 mutex_unlock(&vfpriv->context_lock);
75}
76
77static int virtio_gpu_map_ioctl(struct drm_device *dev, void *data,
78 struct drm_file *file)
79{
80 struct virtio_gpu_device *vgdev = dev->dev_private;
81 struct drm_virtgpu_map *virtio_gpu_map = data;
82
83 return virtio_gpu_mode_dumb_mmap(file, vgdev->ddev,
84 virtio_gpu_map->handle,
85 &virtio_gpu_map->offset);
86}
87
88static int virtio_gpu_getparam_ioctl(struct drm_device *dev, void *data,
89 struct drm_file *file)
90{
91 struct virtio_gpu_device *vgdev = dev->dev_private;
92 struct drm_virtgpu_getparam *param = data;
93 int value;
94
95 switch (param->param) {
96 case VIRTGPU_PARAM_3D_FEATURES:
97 value = vgdev->has_virgl_3d ? 1 : 0;
98 break;
99 case VIRTGPU_PARAM_CAPSET_QUERY_FIX:
100 value = 1;
101 break;
102 case VIRTGPU_PARAM_RESOURCE_BLOB:
103 value = vgdev->has_resource_blob ? 1 : 0;
104 break;
105 case VIRTGPU_PARAM_HOST_VISIBLE:
106 value = vgdev->has_host_visible ? 1 : 0;
107 break;
108 case VIRTGPU_PARAM_CROSS_DEVICE:
109 value = vgdev->has_resource_assign_uuid ? 1 : 0;
110 break;
111 case VIRTGPU_PARAM_CONTEXT_INIT:
112 value = vgdev->has_context_init ? 1 : 0;
113 break;
114 case VIRTGPU_PARAM_SUPPORTED_CAPSET_IDs:
115 value = vgdev->capset_id_mask;
116 break;
117 case VIRTGPU_PARAM_EXPLICIT_DEBUG_NAME:
118 value = vgdev->has_context_init ? 1 : 0;
119 break;
120 default:
121 return -EINVAL;
122 }
123 if (copy_to_user(u64_to_user_ptr(param->value), &value, sizeof(int)))
124 return -EFAULT;
125
126 return 0;
127}
128
129static int virtio_gpu_resource_create_ioctl(struct drm_device *dev, void *data,
130 struct drm_file *file)
131{
132 struct virtio_gpu_device *vgdev = dev->dev_private;
133 struct drm_virtgpu_resource_create *rc = data;
134 struct virtio_gpu_fence *fence;
135 int ret;
136 struct virtio_gpu_object *qobj;
137 struct drm_gem_object *obj;
138 uint32_t handle = 0;
139 struct virtio_gpu_object_params params = { 0 };
140
141 if (vgdev->has_virgl_3d) {
142 virtio_gpu_create_context(dev, file);
143 params.virgl = true;
144 params.target = rc->target;
145 params.bind = rc->bind;
146 params.depth = rc->depth;
147 params.array_size = rc->array_size;
148 params.last_level = rc->last_level;
149 params.nr_samples = rc->nr_samples;
150 params.flags = rc->flags;
151 } else {
152 if (rc->depth > 1)
153 return -EINVAL;
154 if (rc->nr_samples > 1)
155 return -EINVAL;
156 if (rc->last_level > 1)
157 return -EINVAL;
158 if (rc->target != 2)
159 return -EINVAL;
160 if (rc->array_size > 1)
161 return -EINVAL;
162 }
163
164 params.format = rc->format;
165 params.width = rc->width;
166 params.height = rc->height;
167 params.size = rc->size;
168 /* allocate a single page size object */
169 if (params.size == 0)
170 params.size = PAGE_SIZE;
171
172 fence = virtio_gpu_fence_alloc(vgdev, vgdev->fence_drv.context, 0);
173 if (!fence)
174 return -ENOMEM;
175 ret = virtio_gpu_object_create(vgdev, ¶ms, &qobj, fence);
176 dma_fence_put(&fence->f);
177 if (ret < 0)
178 return ret;
179 obj = &qobj->base.base;
180
181 ret = drm_gem_handle_create(file, obj, &handle);
182 if (ret) {
183 drm_gem_object_release(obj);
184 return ret;
185 }
186
187 rc->res_handle = qobj->hw_res_handle; /* similiar to a VM address */
188 rc->bo_handle = handle;
189
190 /*
191 * The handle owns the reference now. But we must drop our
192 * remaining reference *after* we no longer need to dereference
193 * the obj. Otherwise userspace could guess the handle and
194 * race closing it from another thread.
195 */
196 drm_gem_object_put(obj);
197
198 return 0;
199}
200
201static int virtio_gpu_resource_info_ioctl(struct drm_device *dev, void *data,
202 struct drm_file *file)
203{
204 struct drm_virtgpu_resource_info *ri = data;
205 struct drm_gem_object *gobj = NULL;
206 struct virtio_gpu_object *qobj = NULL;
207
208 gobj = drm_gem_object_lookup(file, ri->bo_handle);
209 if (gobj == NULL)
210 return -ENOENT;
211
212 qobj = gem_to_virtio_gpu_obj(gobj);
213
214 ri->size = qobj->base.base.size;
215 ri->res_handle = qobj->hw_res_handle;
216 if (qobj->host3d_blob || qobj->guest_blob)
217 ri->blob_mem = qobj->blob_mem;
218
219 drm_gem_object_put(gobj);
220 return 0;
221}
222
223static int virtio_gpu_transfer_from_host_ioctl(struct drm_device *dev,
224 void *data,
225 struct drm_file *file)
226{
227 struct virtio_gpu_device *vgdev = dev->dev_private;
228 struct virtio_gpu_fpriv *vfpriv = file->driver_priv;
229 struct drm_virtgpu_3d_transfer_from_host *args = data;
230 struct virtio_gpu_object *bo;
231 struct virtio_gpu_object_array *objs;
232 struct virtio_gpu_fence *fence;
233 int ret;
234 u32 offset = args->offset;
235
236 if (vgdev->has_virgl_3d == false)
237 return -ENOSYS;
238
239 virtio_gpu_create_context(dev, file);
240 objs = virtio_gpu_array_from_handles(file, &args->bo_handle, 1);
241 if (objs == NULL)
242 return -ENOENT;
243
244 bo = gem_to_virtio_gpu_obj(objs->objs[0]);
245 if (bo->guest_blob && !bo->host3d_blob) {
246 ret = -EINVAL;
247 goto err_put_free;
248 }
249
250 if (!bo->host3d_blob && (args->stride || args->layer_stride)) {
251 ret = -EINVAL;
252 goto err_put_free;
253 }
254
255 ret = virtio_gpu_array_lock_resv(objs);
256 if (ret != 0)
257 goto err_put_free;
258
259 fence = virtio_gpu_fence_alloc(vgdev, vgdev->fence_drv.context, 0);
260 if (!fence) {
261 ret = -ENOMEM;
262 goto err_unlock;
263 }
264
265 virtio_gpu_cmd_transfer_from_host_3d
266 (vgdev, vfpriv->ctx_id, offset, args->level, args->stride,
267 args->layer_stride, &args->box, objs, fence);
268 dma_fence_put(&fence->f);
269 virtio_gpu_notify(vgdev);
270 return 0;
271
272err_unlock:
273 virtio_gpu_array_unlock_resv(objs);
274err_put_free:
275 virtio_gpu_array_put_free(objs);
276 return ret;
277}
278
279static int virtio_gpu_transfer_to_host_ioctl(struct drm_device *dev, void *data,
280 struct drm_file *file)
281{
282 struct virtio_gpu_device *vgdev = dev->dev_private;
283 struct virtio_gpu_fpriv *vfpriv = file->driver_priv;
284 struct drm_virtgpu_3d_transfer_to_host *args = data;
285 struct virtio_gpu_object *bo;
286 struct virtio_gpu_object_array *objs;
287 struct virtio_gpu_fence *fence;
288 int ret;
289 u32 offset = args->offset;
290
291 objs = virtio_gpu_array_from_handles(file, &args->bo_handle, 1);
292 if (objs == NULL)
293 return -ENOENT;
294
295 bo = gem_to_virtio_gpu_obj(objs->objs[0]);
296 if (bo->guest_blob && !bo->host3d_blob) {
297 ret = -EINVAL;
298 goto err_put_free;
299 }
300
301 if (!vgdev->has_virgl_3d) {
302 virtio_gpu_cmd_transfer_to_host_2d
303 (vgdev, offset,
304 args->box.w, args->box.h, args->box.x, args->box.y,
305 objs, NULL);
306 } else {
307 virtio_gpu_create_context(dev, file);
308
309 if (!bo->host3d_blob && (args->stride || args->layer_stride)) {
310 ret = -EINVAL;
311 goto err_put_free;
312 }
313
314 ret = virtio_gpu_array_lock_resv(objs);
315 if (ret != 0)
316 goto err_put_free;
317
318 ret = -ENOMEM;
319 fence = virtio_gpu_fence_alloc(vgdev, vgdev->fence_drv.context,
320 0);
321 if (!fence)
322 goto err_unlock;
323
324 virtio_gpu_cmd_transfer_to_host_3d
325 (vgdev,
326 vfpriv ? vfpriv->ctx_id : 0, offset, args->level,
327 args->stride, args->layer_stride, &args->box, objs,
328 fence);
329 dma_fence_put(&fence->f);
330 }
331 virtio_gpu_notify(vgdev);
332 return 0;
333
334err_unlock:
335 virtio_gpu_array_unlock_resv(objs);
336err_put_free:
337 virtio_gpu_array_put_free(objs);
338 return ret;
339}
340
341static int virtio_gpu_wait_ioctl(struct drm_device *dev, void *data,
342 struct drm_file *file)
343{
344 struct drm_virtgpu_3d_wait *args = data;
345 struct drm_gem_object *obj;
346 long timeout = 15 * HZ;
347 int ret;
348
349 obj = drm_gem_object_lookup(file, args->handle);
350 if (obj == NULL)
351 return -ENOENT;
352
353 if (args->flags & VIRTGPU_WAIT_NOWAIT) {
354 ret = dma_resv_test_signaled(obj->resv, DMA_RESV_USAGE_READ);
355 } else {
356 ret = dma_resv_wait_timeout(obj->resv, DMA_RESV_USAGE_READ,
357 true, timeout);
358 }
359 if (ret == 0)
360 ret = -EBUSY;
361 else if (ret > 0)
362 ret = 0;
363
364 drm_gem_object_put(obj);
365 return ret;
366}
367
368static int virtio_gpu_get_caps_ioctl(struct drm_device *dev,
369 void *data, struct drm_file *file)
370{
371 struct virtio_gpu_device *vgdev = dev->dev_private;
372 struct drm_virtgpu_get_caps *args = data;
373 unsigned size, host_caps_size;
374 int i;
375 int found_valid = -1;
376 int ret;
377 struct virtio_gpu_drv_cap_cache *cache_ent;
378 void *ptr;
379
380 if (vgdev->num_capsets == 0)
381 return -ENOSYS;
382
383 /* don't allow userspace to pass 0 */
384 if (args->size == 0)
385 return -EINVAL;
386
387 spin_lock(&vgdev->display_info_lock);
388 for (i = 0; i < vgdev->num_capsets; i++) {
389 if (vgdev->capsets[i].id == args->cap_set_id) {
390 if (vgdev->capsets[i].max_version >= args->cap_set_ver) {
391 found_valid = i;
392 break;
393 }
394 }
395 }
396
397 if (found_valid == -1) {
398 spin_unlock(&vgdev->display_info_lock);
399 return -EINVAL;
400 }
401
402 host_caps_size = vgdev->capsets[found_valid].max_size;
403 /* only copy to user the minimum of the host caps size or the guest caps size */
404 size = min(args->size, host_caps_size);
405
406 list_for_each_entry(cache_ent, &vgdev->cap_cache, head) {
407 if (cache_ent->id == args->cap_set_id &&
408 cache_ent->version == args->cap_set_ver) {
409 spin_unlock(&vgdev->display_info_lock);
410 goto copy_exit;
411 }
412 }
413 spin_unlock(&vgdev->display_info_lock);
414
415 /* not in cache - need to talk to hw */
416 ret = virtio_gpu_cmd_get_capset(vgdev, found_valid, args->cap_set_ver,
417 &cache_ent);
418 if (ret)
419 return ret;
420 virtio_gpu_notify(vgdev);
421
422copy_exit:
423 ret = wait_event_timeout(vgdev->resp_wq,
424 atomic_read(&cache_ent->is_valid), 5 * HZ);
425 if (!ret)
426 return -EBUSY;
427
428 /* is_valid check must proceed before copy of the cache entry. */
429 smp_rmb();
430
431 ptr = cache_ent->caps_cache;
432
433 if (copy_to_user(u64_to_user_ptr(args->addr), ptr, size))
434 return -EFAULT;
435
436 return 0;
437}
438
439static int verify_blob(struct virtio_gpu_device *vgdev,
440 struct virtio_gpu_fpriv *vfpriv,
441 struct virtio_gpu_object_params *params,
442 struct drm_virtgpu_resource_create_blob *rc_blob,
443 bool *guest_blob, bool *host3d_blob)
444{
445 if (!vgdev->has_resource_blob)
446 return -EINVAL;
447
448 if (rc_blob->blob_flags & ~VIRTGPU_BLOB_FLAG_USE_MASK)
449 return -EINVAL;
450
451 if (rc_blob->blob_flags & VIRTGPU_BLOB_FLAG_USE_CROSS_DEVICE) {
452 if (!vgdev->has_resource_assign_uuid)
453 return -EINVAL;
454 }
455
456 switch (rc_blob->blob_mem) {
457 case VIRTGPU_BLOB_MEM_GUEST:
458 *guest_blob = true;
459 break;
460 case VIRTGPU_BLOB_MEM_HOST3D_GUEST:
461 *guest_blob = true;
462 fallthrough;
463 case VIRTGPU_BLOB_MEM_HOST3D:
464 *host3d_blob = true;
465 break;
466 default:
467 return -EINVAL;
468 }
469
470 if (*host3d_blob) {
471 if (!vgdev->has_virgl_3d)
472 return -EINVAL;
473
474 /* Must be dword aligned. */
475 if (rc_blob->cmd_size % 4 != 0)
476 return -EINVAL;
477
478 params->ctx_id = vfpriv->ctx_id;
479 params->blob_id = rc_blob->blob_id;
480 } else {
481 if (rc_blob->blob_id != 0)
482 return -EINVAL;
483
484 if (rc_blob->cmd_size != 0)
485 return -EINVAL;
486 }
487
488 params->blob_mem = rc_blob->blob_mem;
489 params->size = rc_blob->size;
490 params->blob = true;
491 params->blob_flags = rc_blob->blob_flags;
492 return 0;
493}
494
495static int virtio_gpu_resource_create_blob_ioctl(struct drm_device *dev,
496 void *data,
497 struct drm_file *file)
498{
499 int ret = 0;
500 uint32_t handle = 0;
501 bool guest_blob = false;
502 bool host3d_blob = false;
503 struct drm_gem_object *obj;
504 struct virtio_gpu_object *bo;
505 struct virtio_gpu_object_params params = { 0 };
506 struct virtio_gpu_device *vgdev = dev->dev_private;
507 struct virtio_gpu_fpriv *vfpriv = file->driver_priv;
508 struct drm_virtgpu_resource_create_blob *rc_blob = data;
509
510 if (verify_blob(vgdev, vfpriv, ¶ms, rc_blob,
511 &guest_blob, &host3d_blob))
512 return -EINVAL;
513
514 if (vgdev->has_virgl_3d)
515 virtio_gpu_create_context(dev, file);
516
517 if (rc_blob->cmd_size) {
518 void *buf;
519
520 buf = memdup_user(u64_to_user_ptr(rc_blob->cmd),
521 rc_blob->cmd_size);
522
523 if (IS_ERR(buf))
524 return PTR_ERR(buf);
525
526 virtio_gpu_cmd_submit(vgdev, buf, rc_blob->cmd_size,
527 vfpriv->ctx_id, NULL, NULL);
528 }
529
530 if (guest_blob)
531 ret = virtio_gpu_object_create(vgdev, ¶ms, &bo, NULL);
532 else if (!guest_blob && host3d_blob)
533 ret = virtio_gpu_vram_create(vgdev, ¶ms, &bo);
534 else
535 return -EINVAL;
536
537 if (ret < 0)
538 return ret;
539
540 bo->guest_blob = guest_blob;
541 bo->host3d_blob = host3d_blob;
542 bo->blob_mem = rc_blob->blob_mem;
543 bo->blob_flags = rc_blob->blob_flags;
544
545 obj = &bo->base.base;
546 if (params.blob_flags & VIRTGPU_BLOB_FLAG_USE_CROSS_DEVICE) {
547 ret = virtio_gpu_resource_assign_uuid(vgdev, bo);
548 if (ret) {
549 drm_gem_object_release(obj);
550 return ret;
551 }
552 }
553
554 ret = drm_gem_handle_create(file, obj, &handle);
555 if (ret) {
556 drm_gem_object_release(obj);
557 return ret;
558 }
559
560 rc_blob->res_handle = bo->hw_res_handle;
561 rc_blob->bo_handle = handle;
562
563 /*
564 * The handle owns the reference now. But we must drop our
565 * remaining reference *after* we no longer need to dereference
566 * the obj. Otherwise userspace could guess the handle and
567 * race closing it from another thread.
568 */
569 drm_gem_object_put(obj);
570
571 return 0;
572}
573
574static int virtio_gpu_context_init_ioctl(struct drm_device *dev,
575 void *data, struct drm_file *file)
576{
577 int ret = 0;
578 uint32_t num_params, i;
579 uint64_t valid_ring_mask, param, value;
580 size_t len;
581 struct drm_virtgpu_context_set_param *ctx_set_params = NULL;
582 struct virtio_gpu_device *vgdev = dev->dev_private;
583 struct virtio_gpu_fpriv *vfpriv = file->driver_priv;
584 struct drm_virtgpu_context_init *args = data;
585
586 num_params = args->num_params;
587 len = num_params * sizeof(struct drm_virtgpu_context_set_param);
588
589 if (!vgdev->has_context_init || !vgdev->has_virgl_3d)
590 return -EINVAL;
591
592 /* Number of unique parameters supported at this time. */
593 if (num_params > 4)
594 return -EINVAL;
595
596 ctx_set_params = memdup_user(u64_to_user_ptr(args->ctx_set_params),
597 len);
598
599 if (IS_ERR(ctx_set_params))
600 return PTR_ERR(ctx_set_params);
601
602 mutex_lock(&vfpriv->context_lock);
603 if (vfpriv->context_created) {
604 ret = -EEXIST;
605 goto out_unlock;
606 }
607
608 for (i = 0; i < num_params; i++) {
609 param = ctx_set_params[i].param;
610 value = ctx_set_params[i].value;
611
612 switch (param) {
613 case VIRTGPU_CONTEXT_PARAM_CAPSET_ID:
614 if (value > MAX_CAPSET_ID) {
615 ret = -EINVAL;
616 goto out_unlock;
617 }
618
619 if ((vgdev->capset_id_mask & (1ULL << value)) == 0) {
620 ret = -EINVAL;
621 goto out_unlock;
622 }
623
624 /* Context capset ID already set */
625 if (vfpriv->context_init &
626 VIRTIO_GPU_CONTEXT_INIT_CAPSET_ID_MASK) {
627 ret = -EINVAL;
628 goto out_unlock;
629 }
630
631 vfpriv->context_init |= value;
632 break;
633 case VIRTGPU_CONTEXT_PARAM_NUM_RINGS:
634 if (vfpriv->base_fence_ctx) {
635 ret = -EINVAL;
636 goto out_unlock;
637 }
638
639 if (value > MAX_RINGS) {
640 ret = -EINVAL;
641 goto out_unlock;
642 }
643
644 vfpriv->base_fence_ctx = dma_fence_context_alloc(value);
645 vfpriv->num_rings = value;
646 break;
647 case VIRTGPU_CONTEXT_PARAM_POLL_RINGS_MASK:
648 if (vfpriv->ring_idx_mask) {
649 ret = -EINVAL;
650 goto out_unlock;
651 }
652
653 vfpriv->ring_idx_mask = value;
654 break;
655 case VIRTGPU_CONTEXT_PARAM_DEBUG_NAME:
656 if (vfpriv->explicit_debug_name) {
657 ret = -EINVAL;
658 goto out_unlock;
659 }
660
661 ret = strncpy_from_user(vfpriv->debug_name,
662 u64_to_user_ptr(value),
663 DEBUG_NAME_MAX_LEN - 1);
664 if (ret < 0)
665 goto out_unlock;
666
667 vfpriv->explicit_debug_name = true;
668 ret = 0;
669 break;
670 default:
671 ret = -EINVAL;
672 goto out_unlock;
673 }
674 }
675
676 if (vfpriv->ring_idx_mask) {
677 valid_ring_mask = 0;
678 for (i = 0; i < vfpriv->num_rings; i++)
679 valid_ring_mask |= 1ULL << i;
680
681 if (~valid_ring_mask & vfpriv->ring_idx_mask) {
682 ret = -EINVAL;
683 goto out_unlock;
684 }
685 }
686
687 virtio_gpu_create_context_locked(vgdev, vfpriv);
688 virtio_gpu_notify(vgdev);
689
690out_unlock:
691 mutex_unlock(&vfpriv->context_lock);
692 kfree(ctx_set_params);
693 return ret;
694}
695
696struct drm_ioctl_desc virtio_gpu_ioctls[DRM_VIRTIO_NUM_IOCTLS] = {
697 DRM_IOCTL_DEF_DRV(VIRTGPU_MAP, virtio_gpu_map_ioctl,
698 DRM_RENDER_ALLOW),
699
700 DRM_IOCTL_DEF_DRV(VIRTGPU_EXECBUFFER, virtio_gpu_execbuffer_ioctl,
701 DRM_RENDER_ALLOW),
702
703 DRM_IOCTL_DEF_DRV(VIRTGPU_GETPARAM, virtio_gpu_getparam_ioctl,
704 DRM_RENDER_ALLOW),
705
706 DRM_IOCTL_DEF_DRV(VIRTGPU_RESOURCE_CREATE,
707 virtio_gpu_resource_create_ioctl,
708 DRM_RENDER_ALLOW),
709
710 DRM_IOCTL_DEF_DRV(VIRTGPU_RESOURCE_INFO, virtio_gpu_resource_info_ioctl,
711 DRM_RENDER_ALLOW),
712
713 /* make transfer async to the main ring? - no sure, can we
714 * thread these in the underlying GL
715 */
716 DRM_IOCTL_DEF_DRV(VIRTGPU_TRANSFER_FROM_HOST,
717 virtio_gpu_transfer_from_host_ioctl,
718 DRM_RENDER_ALLOW),
719 DRM_IOCTL_DEF_DRV(VIRTGPU_TRANSFER_TO_HOST,
720 virtio_gpu_transfer_to_host_ioctl,
721 DRM_RENDER_ALLOW),
722
723 DRM_IOCTL_DEF_DRV(VIRTGPU_WAIT, virtio_gpu_wait_ioctl,
724 DRM_RENDER_ALLOW),
725
726 DRM_IOCTL_DEF_DRV(VIRTGPU_GET_CAPS, virtio_gpu_get_caps_ioctl,
727 DRM_RENDER_ALLOW),
728
729 DRM_IOCTL_DEF_DRV(VIRTGPU_RESOURCE_CREATE_BLOB,
730 virtio_gpu_resource_create_blob_ioctl,
731 DRM_RENDER_ALLOW),
732
733 DRM_IOCTL_DEF_DRV(VIRTGPU_CONTEXT_INIT, virtio_gpu_context_init_ioctl,
734 DRM_RENDER_ALLOW),
735};
1/*
2 * Copyright (C) 2015 Red Hat, Inc.
3 * All Rights Reserved.
4 *
5 * Authors:
6 * Dave Airlie
7 * Alon Levy
8 *
9 * Permission is hereby granted, free of charge, to any person obtaining a
10 * copy of this software and associated documentation files (the "Software"),
11 * to deal in the Software without restriction, including without limitation
12 * the rights to use, copy, modify, merge, publish, distribute, sublicense,
13 * and/or sell copies of the Software, and to permit persons to whom the
14 * Software is furnished to do so, subject to the following conditions:
15 *
16 * The above copyright notice and this permission notice shall be included in
17 * all copies or substantial portions of the Software.
18 *
19 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
20 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
21 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
22 * THE COPYRIGHT HOLDER(S) OR AUTHOR(S) BE LIABLE FOR ANY CLAIM, DAMAGES OR
23 * OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
24 * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
25 * OTHER DEALINGS IN THE SOFTWARE.
26 */
27
28#include <linux/file.h>
29#include <linux/sync_file.h>
30#include <linux/uaccess.h>
31
32#include <drm/drm_file.h>
33#include <drm/virtgpu_drm.h>
34
35#include "virtgpu_drv.h"
36
37#define VIRTGPU_BLOB_FLAG_USE_MASK (VIRTGPU_BLOB_FLAG_USE_MAPPABLE | \
38 VIRTGPU_BLOB_FLAG_USE_SHAREABLE | \
39 VIRTGPU_BLOB_FLAG_USE_CROSS_DEVICE)
40
41static int virtio_gpu_fence_event_create(struct drm_device *dev,
42 struct drm_file *file,
43 struct virtio_gpu_fence *fence,
44 uint32_t ring_idx)
45{
46 struct virtio_gpu_fpriv *vfpriv = file->driver_priv;
47 struct virtio_gpu_fence_event *e = NULL;
48 int ret;
49
50 if (!(vfpriv->ring_idx_mask & BIT_ULL(ring_idx)))
51 return 0;
52
53 e = kzalloc(sizeof(*e), GFP_KERNEL);
54 if (!e)
55 return -ENOMEM;
56
57 e->event.type = VIRTGPU_EVENT_FENCE_SIGNALED;
58 e->event.length = sizeof(e->event);
59
60 ret = drm_event_reserve_init(dev, file, &e->base, &e->event);
61 if (ret)
62 goto free;
63
64 fence->e = e;
65 return 0;
66free:
67 kfree(e);
68 return ret;
69}
70
71/* Must be called with &virtio_gpu_fpriv.struct_mutex held. */
72static void virtio_gpu_create_context_locked(struct virtio_gpu_device *vgdev,
73 struct virtio_gpu_fpriv *vfpriv)
74{
75 char dbgname[TASK_COMM_LEN];
76
77 get_task_comm(dbgname, current);
78 virtio_gpu_cmd_context_create(vgdev, vfpriv->ctx_id,
79 vfpriv->context_init, strlen(dbgname),
80 dbgname);
81
82 vfpriv->context_created = true;
83}
84
85void virtio_gpu_create_context(struct drm_device *dev, struct drm_file *file)
86{
87 struct virtio_gpu_device *vgdev = dev->dev_private;
88 struct virtio_gpu_fpriv *vfpriv = file->driver_priv;
89
90 mutex_lock(&vfpriv->context_lock);
91 if (vfpriv->context_created)
92 goto out_unlock;
93
94 virtio_gpu_create_context_locked(vgdev, vfpriv);
95
96out_unlock:
97 mutex_unlock(&vfpriv->context_lock);
98}
99
100static int virtio_gpu_map_ioctl(struct drm_device *dev, void *data,
101 struct drm_file *file)
102{
103 struct virtio_gpu_device *vgdev = dev->dev_private;
104 struct drm_virtgpu_map *virtio_gpu_map = data;
105
106 return virtio_gpu_mode_dumb_mmap(file, vgdev->ddev,
107 virtio_gpu_map->handle,
108 &virtio_gpu_map->offset);
109}
110
111/*
112 * Usage of execbuffer:
113 * Relocations need to take into account the full VIRTIO_GPUDrawable size.
114 * However, the command as passed from user space must *not* contain the initial
115 * VIRTIO_GPUReleaseInfo struct (first XXX bytes)
116 */
117static int virtio_gpu_execbuffer_ioctl(struct drm_device *dev, void *data,
118 struct drm_file *file)
119{
120 struct drm_virtgpu_execbuffer *exbuf = data;
121 struct virtio_gpu_device *vgdev = dev->dev_private;
122 struct virtio_gpu_fpriv *vfpriv = file->driver_priv;
123 struct virtio_gpu_fence *out_fence;
124 int ret;
125 uint32_t *bo_handles = NULL;
126 void __user *user_bo_handles = NULL;
127 struct virtio_gpu_object_array *buflist = NULL;
128 struct sync_file *sync_file;
129 int out_fence_fd = -1;
130 void *buf;
131 uint64_t fence_ctx;
132 uint32_t ring_idx;
133
134 fence_ctx = vgdev->fence_drv.context;
135 ring_idx = 0;
136
137 if (vgdev->has_virgl_3d == false)
138 return -ENOSYS;
139
140 if ((exbuf->flags & ~VIRTGPU_EXECBUF_FLAGS))
141 return -EINVAL;
142
143 if ((exbuf->flags & VIRTGPU_EXECBUF_RING_IDX)) {
144 if (exbuf->ring_idx >= vfpriv->num_rings)
145 return -EINVAL;
146
147 if (!vfpriv->base_fence_ctx)
148 return -EINVAL;
149
150 fence_ctx = vfpriv->base_fence_ctx;
151 ring_idx = exbuf->ring_idx;
152 }
153
154 virtio_gpu_create_context(dev, file);
155 if (exbuf->flags & VIRTGPU_EXECBUF_FENCE_FD_IN) {
156 struct dma_fence *in_fence;
157
158 in_fence = sync_file_get_fence(exbuf->fence_fd);
159
160 if (!in_fence)
161 return -EINVAL;
162
163 /*
164 * Wait if the fence is from a foreign context, or if the fence
165 * array contains any fence from a foreign context.
166 */
167 ret = 0;
168 if (!dma_fence_match_context(in_fence, fence_ctx + ring_idx))
169 ret = dma_fence_wait(in_fence, true);
170
171 dma_fence_put(in_fence);
172 if (ret)
173 return ret;
174 }
175
176 if (exbuf->flags & VIRTGPU_EXECBUF_FENCE_FD_OUT) {
177 out_fence_fd = get_unused_fd_flags(O_CLOEXEC);
178 if (out_fence_fd < 0)
179 return out_fence_fd;
180 }
181
182 if (exbuf->num_bo_handles) {
183 bo_handles = kvmalloc_array(exbuf->num_bo_handles,
184 sizeof(uint32_t), GFP_KERNEL);
185 if (!bo_handles) {
186 ret = -ENOMEM;
187 goto out_unused_fd;
188 }
189
190 user_bo_handles = u64_to_user_ptr(exbuf->bo_handles);
191 if (copy_from_user(bo_handles, user_bo_handles,
192 exbuf->num_bo_handles * sizeof(uint32_t))) {
193 ret = -EFAULT;
194 goto out_unused_fd;
195 }
196
197 buflist = virtio_gpu_array_from_handles(file, bo_handles,
198 exbuf->num_bo_handles);
199 if (!buflist) {
200 ret = -ENOENT;
201 goto out_unused_fd;
202 }
203 kvfree(bo_handles);
204 bo_handles = NULL;
205 }
206
207 buf = vmemdup_user(u64_to_user_ptr(exbuf->command), exbuf->size);
208 if (IS_ERR(buf)) {
209 ret = PTR_ERR(buf);
210 goto out_unused_fd;
211 }
212
213 if (buflist) {
214 ret = virtio_gpu_array_lock_resv(buflist);
215 if (ret)
216 goto out_memdup;
217 }
218
219 out_fence = virtio_gpu_fence_alloc(vgdev, fence_ctx, ring_idx);
220 if(!out_fence) {
221 ret = -ENOMEM;
222 goto out_unresv;
223 }
224
225 ret = virtio_gpu_fence_event_create(dev, file, out_fence, ring_idx);
226 if (ret)
227 goto out_unresv;
228
229 if (out_fence_fd >= 0) {
230 sync_file = sync_file_create(&out_fence->f);
231 if (!sync_file) {
232 dma_fence_put(&out_fence->f);
233 ret = -ENOMEM;
234 goto out_unresv;
235 }
236
237 exbuf->fence_fd = out_fence_fd;
238 fd_install(out_fence_fd, sync_file->file);
239 }
240
241 virtio_gpu_cmd_submit(vgdev, buf, exbuf->size,
242 vfpriv->ctx_id, buflist, out_fence);
243 dma_fence_put(&out_fence->f);
244 virtio_gpu_notify(vgdev);
245 return 0;
246
247out_unresv:
248 if (buflist)
249 virtio_gpu_array_unlock_resv(buflist);
250out_memdup:
251 kvfree(buf);
252out_unused_fd:
253 kvfree(bo_handles);
254 if (buflist)
255 virtio_gpu_array_put_free(buflist);
256
257 if (out_fence_fd >= 0)
258 put_unused_fd(out_fence_fd);
259
260 return ret;
261}
262
263static int virtio_gpu_getparam_ioctl(struct drm_device *dev, void *data,
264 struct drm_file *file)
265{
266 struct virtio_gpu_device *vgdev = dev->dev_private;
267 struct drm_virtgpu_getparam *param = data;
268 int value;
269
270 switch (param->param) {
271 case VIRTGPU_PARAM_3D_FEATURES:
272 value = vgdev->has_virgl_3d ? 1 : 0;
273 break;
274 case VIRTGPU_PARAM_CAPSET_QUERY_FIX:
275 value = 1;
276 break;
277 case VIRTGPU_PARAM_RESOURCE_BLOB:
278 value = vgdev->has_resource_blob ? 1 : 0;
279 break;
280 case VIRTGPU_PARAM_HOST_VISIBLE:
281 value = vgdev->has_host_visible ? 1 : 0;
282 break;
283 case VIRTGPU_PARAM_CROSS_DEVICE:
284 value = vgdev->has_resource_assign_uuid ? 1 : 0;
285 break;
286 case VIRTGPU_PARAM_CONTEXT_INIT:
287 value = vgdev->has_context_init ? 1 : 0;
288 break;
289 case VIRTGPU_PARAM_SUPPORTED_CAPSET_IDs:
290 value = vgdev->capset_id_mask;
291 break;
292 default:
293 return -EINVAL;
294 }
295 if (copy_to_user(u64_to_user_ptr(param->value), &value, sizeof(int)))
296 return -EFAULT;
297
298 return 0;
299}
300
301static int virtio_gpu_resource_create_ioctl(struct drm_device *dev, void *data,
302 struct drm_file *file)
303{
304 struct virtio_gpu_device *vgdev = dev->dev_private;
305 struct drm_virtgpu_resource_create *rc = data;
306 struct virtio_gpu_fence *fence;
307 int ret;
308 struct virtio_gpu_object *qobj;
309 struct drm_gem_object *obj;
310 uint32_t handle = 0;
311 struct virtio_gpu_object_params params = { 0 };
312
313 if (vgdev->has_virgl_3d) {
314 virtio_gpu_create_context(dev, file);
315 params.virgl = true;
316 params.target = rc->target;
317 params.bind = rc->bind;
318 params.depth = rc->depth;
319 params.array_size = rc->array_size;
320 params.last_level = rc->last_level;
321 params.nr_samples = rc->nr_samples;
322 params.flags = rc->flags;
323 } else {
324 if (rc->depth > 1)
325 return -EINVAL;
326 if (rc->nr_samples > 1)
327 return -EINVAL;
328 if (rc->last_level > 1)
329 return -EINVAL;
330 if (rc->target != 2)
331 return -EINVAL;
332 if (rc->array_size > 1)
333 return -EINVAL;
334 }
335
336 params.format = rc->format;
337 params.width = rc->width;
338 params.height = rc->height;
339 params.size = rc->size;
340 /* allocate a single page size object */
341 if (params.size == 0)
342 params.size = PAGE_SIZE;
343
344 fence = virtio_gpu_fence_alloc(vgdev, vgdev->fence_drv.context, 0);
345 if (!fence)
346 return -ENOMEM;
347 ret = virtio_gpu_object_create(vgdev, ¶ms, &qobj, fence);
348 dma_fence_put(&fence->f);
349 if (ret < 0)
350 return ret;
351 obj = &qobj->base.base;
352
353 ret = drm_gem_handle_create(file, obj, &handle);
354 if (ret) {
355 drm_gem_object_release(obj);
356 return ret;
357 }
358
359 rc->res_handle = qobj->hw_res_handle; /* similiar to a VM address */
360 rc->bo_handle = handle;
361
362 /*
363 * The handle owns the reference now. But we must drop our
364 * remaining reference *after* we no longer need to dereference
365 * the obj. Otherwise userspace could guess the handle and
366 * race closing it from another thread.
367 */
368 drm_gem_object_put(obj);
369
370 return 0;
371}
372
373static int virtio_gpu_resource_info_ioctl(struct drm_device *dev, void *data,
374 struct drm_file *file)
375{
376 struct drm_virtgpu_resource_info *ri = data;
377 struct drm_gem_object *gobj = NULL;
378 struct virtio_gpu_object *qobj = NULL;
379
380 gobj = drm_gem_object_lookup(file, ri->bo_handle);
381 if (gobj == NULL)
382 return -ENOENT;
383
384 qobj = gem_to_virtio_gpu_obj(gobj);
385
386 ri->size = qobj->base.base.size;
387 ri->res_handle = qobj->hw_res_handle;
388 if (qobj->host3d_blob || qobj->guest_blob)
389 ri->blob_mem = qobj->blob_mem;
390
391 drm_gem_object_put(gobj);
392 return 0;
393}
394
395static int virtio_gpu_transfer_from_host_ioctl(struct drm_device *dev,
396 void *data,
397 struct drm_file *file)
398{
399 struct virtio_gpu_device *vgdev = dev->dev_private;
400 struct virtio_gpu_fpriv *vfpriv = file->driver_priv;
401 struct drm_virtgpu_3d_transfer_from_host *args = data;
402 struct virtio_gpu_object *bo;
403 struct virtio_gpu_object_array *objs;
404 struct virtio_gpu_fence *fence;
405 int ret;
406 u32 offset = args->offset;
407
408 if (vgdev->has_virgl_3d == false)
409 return -ENOSYS;
410
411 virtio_gpu_create_context(dev, file);
412 objs = virtio_gpu_array_from_handles(file, &args->bo_handle, 1);
413 if (objs == NULL)
414 return -ENOENT;
415
416 bo = gem_to_virtio_gpu_obj(objs->objs[0]);
417 if (bo->guest_blob && !bo->host3d_blob) {
418 ret = -EINVAL;
419 goto err_put_free;
420 }
421
422 if (!bo->host3d_blob && (args->stride || args->layer_stride)) {
423 ret = -EINVAL;
424 goto err_put_free;
425 }
426
427 ret = virtio_gpu_array_lock_resv(objs);
428 if (ret != 0)
429 goto err_put_free;
430
431 fence = virtio_gpu_fence_alloc(vgdev, vgdev->fence_drv.context, 0);
432 if (!fence) {
433 ret = -ENOMEM;
434 goto err_unlock;
435 }
436
437 virtio_gpu_cmd_transfer_from_host_3d
438 (vgdev, vfpriv->ctx_id, offset, args->level, args->stride,
439 args->layer_stride, &args->box, objs, fence);
440 dma_fence_put(&fence->f);
441 virtio_gpu_notify(vgdev);
442 return 0;
443
444err_unlock:
445 virtio_gpu_array_unlock_resv(objs);
446err_put_free:
447 virtio_gpu_array_put_free(objs);
448 return ret;
449}
450
451static int virtio_gpu_transfer_to_host_ioctl(struct drm_device *dev, void *data,
452 struct drm_file *file)
453{
454 struct virtio_gpu_device *vgdev = dev->dev_private;
455 struct virtio_gpu_fpriv *vfpriv = file->driver_priv;
456 struct drm_virtgpu_3d_transfer_to_host *args = data;
457 struct virtio_gpu_object *bo;
458 struct virtio_gpu_object_array *objs;
459 struct virtio_gpu_fence *fence;
460 int ret;
461 u32 offset = args->offset;
462
463 objs = virtio_gpu_array_from_handles(file, &args->bo_handle, 1);
464 if (objs == NULL)
465 return -ENOENT;
466
467 bo = gem_to_virtio_gpu_obj(objs->objs[0]);
468 if (bo->guest_blob && !bo->host3d_blob) {
469 ret = -EINVAL;
470 goto err_put_free;
471 }
472
473 if (!vgdev->has_virgl_3d) {
474 virtio_gpu_cmd_transfer_to_host_2d
475 (vgdev, offset,
476 args->box.w, args->box.h, args->box.x, args->box.y,
477 objs, NULL);
478 } else {
479 virtio_gpu_create_context(dev, file);
480
481 if (!bo->host3d_blob && (args->stride || args->layer_stride)) {
482 ret = -EINVAL;
483 goto err_put_free;
484 }
485
486 ret = virtio_gpu_array_lock_resv(objs);
487 if (ret != 0)
488 goto err_put_free;
489
490 ret = -ENOMEM;
491 fence = virtio_gpu_fence_alloc(vgdev, vgdev->fence_drv.context,
492 0);
493 if (!fence)
494 goto err_unlock;
495
496 virtio_gpu_cmd_transfer_to_host_3d
497 (vgdev,
498 vfpriv ? vfpriv->ctx_id : 0, offset, args->level,
499 args->stride, args->layer_stride, &args->box, objs,
500 fence);
501 dma_fence_put(&fence->f);
502 }
503 virtio_gpu_notify(vgdev);
504 return 0;
505
506err_unlock:
507 virtio_gpu_array_unlock_resv(objs);
508err_put_free:
509 virtio_gpu_array_put_free(objs);
510 return ret;
511}
512
513static int virtio_gpu_wait_ioctl(struct drm_device *dev, void *data,
514 struct drm_file *file)
515{
516 struct drm_virtgpu_3d_wait *args = data;
517 struct drm_gem_object *obj;
518 long timeout = 15 * HZ;
519 int ret;
520
521 obj = drm_gem_object_lookup(file, args->handle);
522 if (obj == NULL)
523 return -ENOENT;
524
525 if (args->flags & VIRTGPU_WAIT_NOWAIT) {
526 ret = dma_resv_test_signaled(obj->resv, DMA_RESV_USAGE_READ);
527 } else {
528 ret = dma_resv_wait_timeout(obj->resv, DMA_RESV_USAGE_READ,
529 true, timeout);
530 }
531 if (ret == 0)
532 ret = -EBUSY;
533 else if (ret > 0)
534 ret = 0;
535
536 drm_gem_object_put(obj);
537 return ret;
538}
539
540static int virtio_gpu_get_caps_ioctl(struct drm_device *dev,
541 void *data, struct drm_file *file)
542{
543 struct virtio_gpu_device *vgdev = dev->dev_private;
544 struct drm_virtgpu_get_caps *args = data;
545 unsigned size, host_caps_size;
546 int i;
547 int found_valid = -1;
548 int ret;
549 struct virtio_gpu_drv_cap_cache *cache_ent;
550 void *ptr;
551
552 if (vgdev->num_capsets == 0)
553 return -ENOSYS;
554
555 /* don't allow userspace to pass 0 */
556 if (args->size == 0)
557 return -EINVAL;
558
559 spin_lock(&vgdev->display_info_lock);
560 for (i = 0; i < vgdev->num_capsets; i++) {
561 if (vgdev->capsets[i].id == args->cap_set_id) {
562 if (vgdev->capsets[i].max_version >= args->cap_set_ver) {
563 found_valid = i;
564 break;
565 }
566 }
567 }
568
569 if (found_valid == -1) {
570 spin_unlock(&vgdev->display_info_lock);
571 return -EINVAL;
572 }
573
574 host_caps_size = vgdev->capsets[found_valid].max_size;
575 /* only copy to user the minimum of the host caps size or the guest caps size */
576 size = min(args->size, host_caps_size);
577
578 list_for_each_entry(cache_ent, &vgdev->cap_cache, head) {
579 if (cache_ent->id == args->cap_set_id &&
580 cache_ent->version == args->cap_set_ver) {
581 spin_unlock(&vgdev->display_info_lock);
582 goto copy_exit;
583 }
584 }
585 spin_unlock(&vgdev->display_info_lock);
586
587 /* not in cache - need to talk to hw */
588 ret = virtio_gpu_cmd_get_capset(vgdev, found_valid, args->cap_set_ver,
589 &cache_ent);
590 if (ret)
591 return ret;
592 virtio_gpu_notify(vgdev);
593
594copy_exit:
595 ret = wait_event_timeout(vgdev->resp_wq,
596 atomic_read(&cache_ent->is_valid), 5 * HZ);
597 if (!ret)
598 return -EBUSY;
599
600 /* is_valid check must proceed before copy of the cache entry. */
601 smp_rmb();
602
603 ptr = cache_ent->caps_cache;
604
605 if (copy_to_user(u64_to_user_ptr(args->addr), ptr, size))
606 return -EFAULT;
607
608 return 0;
609}
610
611static int verify_blob(struct virtio_gpu_device *vgdev,
612 struct virtio_gpu_fpriv *vfpriv,
613 struct virtio_gpu_object_params *params,
614 struct drm_virtgpu_resource_create_blob *rc_blob,
615 bool *guest_blob, bool *host3d_blob)
616{
617 if (!vgdev->has_resource_blob)
618 return -EINVAL;
619
620 if (rc_blob->blob_flags & ~VIRTGPU_BLOB_FLAG_USE_MASK)
621 return -EINVAL;
622
623 if (rc_blob->blob_flags & VIRTGPU_BLOB_FLAG_USE_CROSS_DEVICE) {
624 if (!vgdev->has_resource_assign_uuid)
625 return -EINVAL;
626 }
627
628 switch (rc_blob->blob_mem) {
629 case VIRTGPU_BLOB_MEM_GUEST:
630 *guest_blob = true;
631 break;
632 case VIRTGPU_BLOB_MEM_HOST3D_GUEST:
633 *guest_blob = true;
634 fallthrough;
635 case VIRTGPU_BLOB_MEM_HOST3D:
636 *host3d_blob = true;
637 break;
638 default:
639 return -EINVAL;
640 }
641
642 if (*host3d_blob) {
643 if (!vgdev->has_virgl_3d)
644 return -EINVAL;
645
646 /* Must be dword aligned. */
647 if (rc_blob->cmd_size % 4 != 0)
648 return -EINVAL;
649
650 params->ctx_id = vfpriv->ctx_id;
651 params->blob_id = rc_blob->blob_id;
652 } else {
653 if (rc_blob->blob_id != 0)
654 return -EINVAL;
655
656 if (rc_blob->cmd_size != 0)
657 return -EINVAL;
658 }
659
660 params->blob_mem = rc_blob->blob_mem;
661 params->size = rc_blob->size;
662 params->blob = true;
663 params->blob_flags = rc_blob->blob_flags;
664 return 0;
665}
666
667static int virtio_gpu_resource_create_blob_ioctl(struct drm_device *dev,
668 void *data,
669 struct drm_file *file)
670{
671 int ret = 0;
672 uint32_t handle = 0;
673 bool guest_blob = false;
674 bool host3d_blob = false;
675 struct drm_gem_object *obj;
676 struct virtio_gpu_object *bo;
677 struct virtio_gpu_object_params params = { 0 };
678 struct virtio_gpu_device *vgdev = dev->dev_private;
679 struct virtio_gpu_fpriv *vfpriv = file->driver_priv;
680 struct drm_virtgpu_resource_create_blob *rc_blob = data;
681
682 if (verify_blob(vgdev, vfpriv, ¶ms, rc_blob,
683 &guest_blob, &host3d_blob))
684 return -EINVAL;
685
686 if (vgdev->has_virgl_3d)
687 virtio_gpu_create_context(dev, file);
688
689 if (rc_blob->cmd_size) {
690 void *buf;
691
692 buf = memdup_user(u64_to_user_ptr(rc_blob->cmd),
693 rc_blob->cmd_size);
694
695 if (IS_ERR(buf))
696 return PTR_ERR(buf);
697
698 virtio_gpu_cmd_submit(vgdev, buf, rc_blob->cmd_size,
699 vfpriv->ctx_id, NULL, NULL);
700 }
701
702 if (guest_blob)
703 ret = virtio_gpu_object_create(vgdev, ¶ms, &bo, NULL);
704 else if (!guest_blob && host3d_blob)
705 ret = virtio_gpu_vram_create(vgdev, ¶ms, &bo);
706 else
707 return -EINVAL;
708
709 if (ret < 0)
710 return ret;
711
712 bo->guest_blob = guest_blob;
713 bo->host3d_blob = host3d_blob;
714 bo->blob_mem = rc_blob->blob_mem;
715 bo->blob_flags = rc_blob->blob_flags;
716
717 obj = &bo->base.base;
718 if (params.blob_flags & VIRTGPU_BLOB_FLAG_USE_CROSS_DEVICE) {
719 ret = virtio_gpu_resource_assign_uuid(vgdev, bo);
720 if (ret) {
721 drm_gem_object_release(obj);
722 return ret;
723 }
724 }
725
726 ret = drm_gem_handle_create(file, obj, &handle);
727 if (ret) {
728 drm_gem_object_release(obj);
729 return ret;
730 }
731
732 rc_blob->res_handle = bo->hw_res_handle;
733 rc_blob->bo_handle = handle;
734
735 /*
736 * The handle owns the reference now. But we must drop our
737 * remaining reference *after* we no longer need to dereference
738 * the obj. Otherwise userspace could guess the handle and
739 * race closing it from another thread.
740 */
741 drm_gem_object_put(obj);
742
743 return 0;
744}
745
746static int virtio_gpu_context_init_ioctl(struct drm_device *dev,
747 void *data, struct drm_file *file)
748{
749 int ret = 0;
750 uint32_t num_params, i, param, value;
751 uint64_t valid_ring_mask;
752 size_t len;
753 struct drm_virtgpu_context_set_param *ctx_set_params = NULL;
754 struct virtio_gpu_device *vgdev = dev->dev_private;
755 struct virtio_gpu_fpriv *vfpriv = file->driver_priv;
756 struct drm_virtgpu_context_init *args = data;
757
758 num_params = args->num_params;
759 len = num_params * sizeof(struct drm_virtgpu_context_set_param);
760
761 if (!vgdev->has_context_init || !vgdev->has_virgl_3d)
762 return -EINVAL;
763
764 /* Number of unique parameters supported at this time. */
765 if (num_params > 3)
766 return -EINVAL;
767
768 ctx_set_params = memdup_user(u64_to_user_ptr(args->ctx_set_params),
769 len);
770
771 if (IS_ERR(ctx_set_params))
772 return PTR_ERR(ctx_set_params);
773
774 mutex_lock(&vfpriv->context_lock);
775 if (vfpriv->context_created) {
776 ret = -EEXIST;
777 goto out_unlock;
778 }
779
780 for (i = 0; i < num_params; i++) {
781 param = ctx_set_params[i].param;
782 value = ctx_set_params[i].value;
783
784 switch (param) {
785 case VIRTGPU_CONTEXT_PARAM_CAPSET_ID:
786 if (value > MAX_CAPSET_ID) {
787 ret = -EINVAL;
788 goto out_unlock;
789 }
790
791 if ((vgdev->capset_id_mask & (1ULL << value)) == 0) {
792 ret = -EINVAL;
793 goto out_unlock;
794 }
795
796 /* Context capset ID already set */
797 if (vfpriv->context_init &
798 VIRTIO_GPU_CONTEXT_INIT_CAPSET_ID_MASK) {
799 ret = -EINVAL;
800 goto out_unlock;
801 }
802
803 vfpriv->context_init |= value;
804 break;
805 case VIRTGPU_CONTEXT_PARAM_NUM_RINGS:
806 if (vfpriv->base_fence_ctx) {
807 ret = -EINVAL;
808 goto out_unlock;
809 }
810
811 if (value > MAX_RINGS) {
812 ret = -EINVAL;
813 goto out_unlock;
814 }
815
816 vfpriv->base_fence_ctx = dma_fence_context_alloc(value);
817 vfpriv->num_rings = value;
818 break;
819 case VIRTGPU_CONTEXT_PARAM_POLL_RINGS_MASK:
820 if (vfpriv->ring_idx_mask) {
821 ret = -EINVAL;
822 goto out_unlock;
823 }
824
825 vfpriv->ring_idx_mask = value;
826 break;
827 default:
828 ret = -EINVAL;
829 goto out_unlock;
830 }
831 }
832
833 if (vfpriv->ring_idx_mask) {
834 valid_ring_mask = 0;
835 for (i = 0; i < vfpriv->num_rings; i++)
836 valid_ring_mask |= 1ULL << i;
837
838 if (~valid_ring_mask & vfpriv->ring_idx_mask) {
839 ret = -EINVAL;
840 goto out_unlock;
841 }
842 }
843
844 virtio_gpu_create_context_locked(vgdev, vfpriv);
845 virtio_gpu_notify(vgdev);
846
847out_unlock:
848 mutex_unlock(&vfpriv->context_lock);
849 kfree(ctx_set_params);
850 return ret;
851}
852
853struct drm_ioctl_desc virtio_gpu_ioctls[DRM_VIRTIO_NUM_IOCTLS] = {
854 DRM_IOCTL_DEF_DRV(VIRTGPU_MAP, virtio_gpu_map_ioctl,
855 DRM_RENDER_ALLOW),
856
857 DRM_IOCTL_DEF_DRV(VIRTGPU_EXECBUFFER, virtio_gpu_execbuffer_ioctl,
858 DRM_RENDER_ALLOW),
859
860 DRM_IOCTL_DEF_DRV(VIRTGPU_GETPARAM, virtio_gpu_getparam_ioctl,
861 DRM_RENDER_ALLOW),
862
863 DRM_IOCTL_DEF_DRV(VIRTGPU_RESOURCE_CREATE,
864 virtio_gpu_resource_create_ioctl,
865 DRM_RENDER_ALLOW),
866
867 DRM_IOCTL_DEF_DRV(VIRTGPU_RESOURCE_INFO, virtio_gpu_resource_info_ioctl,
868 DRM_RENDER_ALLOW),
869
870 /* make transfer async to the main ring? - no sure, can we
871 * thread these in the underlying GL
872 */
873 DRM_IOCTL_DEF_DRV(VIRTGPU_TRANSFER_FROM_HOST,
874 virtio_gpu_transfer_from_host_ioctl,
875 DRM_RENDER_ALLOW),
876 DRM_IOCTL_DEF_DRV(VIRTGPU_TRANSFER_TO_HOST,
877 virtio_gpu_transfer_to_host_ioctl,
878 DRM_RENDER_ALLOW),
879
880 DRM_IOCTL_DEF_DRV(VIRTGPU_WAIT, virtio_gpu_wait_ioctl,
881 DRM_RENDER_ALLOW),
882
883 DRM_IOCTL_DEF_DRV(VIRTGPU_GET_CAPS, virtio_gpu_get_caps_ioctl,
884 DRM_RENDER_ALLOW),
885
886 DRM_IOCTL_DEF_DRV(VIRTGPU_RESOURCE_CREATE_BLOB,
887 virtio_gpu_resource_create_blob_ioctl,
888 DRM_RENDER_ALLOW),
889
890 DRM_IOCTL_DEF_DRV(VIRTGPU_CONTEXT_INIT, virtio_gpu_context_init_ioctl,
891 DRM_RENDER_ALLOW),
892};