Loading...
1/*
2 * Copyright (C) 2015 Red Hat, Inc.
3 * All Rights Reserved.
4 *
5 * Authors:
6 * Dave Airlie
7 * Alon Levy
8 *
9 * Permission is hereby granted, free of charge, to any person obtaining a
10 * copy of this software and associated documentation files (the "Software"),
11 * to deal in the Software without restriction, including without limitation
12 * the rights to use, copy, modify, merge, publish, distribute, sublicense,
13 * and/or sell copies of the Software, and to permit persons to whom the
14 * Software is furnished to do so, subject to the following conditions:
15 *
16 * The above copyright notice and this permission notice shall be included in
17 * all copies or substantial portions of the Software.
18 *
19 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
20 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
21 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
22 * THE COPYRIGHT HOLDER(S) OR AUTHOR(S) BE LIABLE FOR ANY CLAIM, DAMAGES OR
23 * OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
24 * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
25 * OTHER DEALINGS IN THE SOFTWARE.
26 */
27
28#include <linux/file.h>
29#include <linux/sync_file.h>
30#include <linux/uaccess.h>
31
32#include <drm/drm_file.h>
33#include <drm/virtgpu_drm.h>
34
35#include "virtgpu_drv.h"
36
37#define VIRTGPU_BLOB_FLAG_USE_MASK (VIRTGPU_BLOB_FLAG_USE_MAPPABLE | \
38 VIRTGPU_BLOB_FLAG_USE_SHAREABLE | \
39 VIRTGPU_BLOB_FLAG_USE_CROSS_DEVICE)
40
41static int virtio_gpu_fence_event_create(struct drm_device *dev,
42 struct drm_file *file,
43 struct virtio_gpu_fence *fence,
44 uint32_t ring_idx)
45{
46 struct virtio_gpu_fpriv *vfpriv = file->driver_priv;
47 struct virtio_gpu_fence_event *e = NULL;
48 int ret;
49
50 if (!(vfpriv->ring_idx_mask & BIT_ULL(ring_idx)))
51 return 0;
52
53 e = kzalloc(sizeof(*e), GFP_KERNEL);
54 if (!e)
55 return -ENOMEM;
56
57 e->event.type = VIRTGPU_EVENT_FENCE_SIGNALED;
58 e->event.length = sizeof(e->event);
59
60 ret = drm_event_reserve_init(dev, file, &e->base, &e->event);
61 if (ret)
62 goto free;
63
64 fence->e = e;
65 return 0;
66free:
67 kfree(e);
68 return ret;
69}
70
71/* Must be called with &virtio_gpu_fpriv.struct_mutex held. */
72static void virtio_gpu_create_context_locked(struct virtio_gpu_device *vgdev,
73 struct virtio_gpu_fpriv *vfpriv)
74{
75 char dbgname[TASK_COMM_LEN];
76
77 get_task_comm(dbgname, current);
78 virtio_gpu_cmd_context_create(vgdev, vfpriv->ctx_id,
79 vfpriv->context_init, strlen(dbgname),
80 dbgname);
81
82 vfpriv->context_created = true;
83}
84
85void virtio_gpu_create_context(struct drm_device *dev, struct drm_file *file)
86{
87 struct virtio_gpu_device *vgdev = dev->dev_private;
88 struct virtio_gpu_fpriv *vfpriv = file->driver_priv;
89
90 mutex_lock(&vfpriv->context_lock);
91 if (vfpriv->context_created)
92 goto out_unlock;
93
94 virtio_gpu_create_context_locked(vgdev, vfpriv);
95
96out_unlock:
97 mutex_unlock(&vfpriv->context_lock);
98}
99
100static int virtio_gpu_map_ioctl(struct drm_device *dev, void *data,
101 struct drm_file *file)
102{
103 struct virtio_gpu_device *vgdev = dev->dev_private;
104 struct drm_virtgpu_map *virtio_gpu_map = data;
105
106 return virtio_gpu_mode_dumb_mmap(file, vgdev->ddev,
107 virtio_gpu_map->handle,
108 &virtio_gpu_map->offset);
109}
110
111/*
112 * Usage of execbuffer:
113 * Relocations need to take into account the full VIRTIO_GPUDrawable size.
114 * However, the command as passed from user space must *not* contain the initial
115 * VIRTIO_GPUReleaseInfo struct (first XXX bytes)
116 */
117static int virtio_gpu_execbuffer_ioctl(struct drm_device *dev, void *data,
118 struct drm_file *file)
119{
120 struct drm_virtgpu_execbuffer *exbuf = data;
121 struct virtio_gpu_device *vgdev = dev->dev_private;
122 struct virtio_gpu_fpriv *vfpriv = file->driver_priv;
123 struct virtio_gpu_fence *out_fence;
124 int ret;
125 uint32_t *bo_handles = NULL;
126 void __user *user_bo_handles = NULL;
127 struct virtio_gpu_object_array *buflist = NULL;
128 struct sync_file *sync_file;
129 int out_fence_fd = -1;
130 void *buf;
131 uint64_t fence_ctx;
132 uint32_t ring_idx;
133
134 fence_ctx = vgdev->fence_drv.context;
135 ring_idx = 0;
136
137 if (vgdev->has_virgl_3d == false)
138 return -ENOSYS;
139
140 if ((exbuf->flags & ~VIRTGPU_EXECBUF_FLAGS))
141 return -EINVAL;
142
143 if ((exbuf->flags & VIRTGPU_EXECBUF_RING_IDX)) {
144 if (exbuf->ring_idx >= vfpriv->num_rings)
145 return -EINVAL;
146
147 if (!vfpriv->base_fence_ctx)
148 return -EINVAL;
149
150 fence_ctx = vfpriv->base_fence_ctx;
151 ring_idx = exbuf->ring_idx;
152 }
153
154 virtio_gpu_create_context(dev, file);
155 if (exbuf->flags & VIRTGPU_EXECBUF_FENCE_FD_IN) {
156 struct dma_fence *in_fence;
157
158 in_fence = sync_file_get_fence(exbuf->fence_fd);
159
160 if (!in_fence)
161 return -EINVAL;
162
163 /*
164 * Wait if the fence is from a foreign context, or if the fence
165 * array contains any fence from a foreign context.
166 */
167 ret = 0;
168 if (!dma_fence_match_context(in_fence, fence_ctx + ring_idx))
169 ret = dma_fence_wait(in_fence, true);
170
171 dma_fence_put(in_fence);
172 if (ret)
173 return ret;
174 }
175
176 if (exbuf->flags & VIRTGPU_EXECBUF_FENCE_FD_OUT) {
177 out_fence_fd = get_unused_fd_flags(O_CLOEXEC);
178 if (out_fence_fd < 0)
179 return out_fence_fd;
180 }
181
182 if (exbuf->num_bo_handles) {
183 bo_handles = kvmalloc_array(exbuf->num_bo_handles,
184 sizeof(uint32_t), GFP_KERNEL);
185 if (!bo_handles) {
186 ret = -ENOMEM;
187 goto out_unused_fd;
188 }
189
190 user_bo_handles = u64_to_user_ptr(exbuf->bo_handles);
191 if (copy_from_user(bo_handles, user_bo_handles,
192 exbuf->num_bo_handles * sizeof(uint32_t))) {
193 ret = -EFAULT;
194 goto out_unused_fd;
195 }
196
197 buflist = virtio_gpu_array_from_handles(file, bo_handles,
198 exbuf->num_bo_handles);
199 if (!buflist) {
200 ret = -ENOENT;
201 goto out_unused_fd;
202 }
203 kvfree(bo_handles);
204 bo_handles = NULL;
205 }
206
207 buf = vmemdup_user(u64_to_user_ptr(exbuf->command), exbuf->size);
208 if (IS_ERR(buf)) {
209 ret = PTR_ERR(buf);
210 goto out_unused_fd;
211 }
212
213 if (buflist) {
214 ret = virtio_gpu_array_lock_resv(buflist);
215 if (ret)
216 goto out_memdup;
217 }
218
219 out_fence = virtio_gpu_fence_alloc(vgdev, fence_ctx, ring_idx);
220 if(!out_fence) {
221 ret = -ENOMEM;
222 goto out_unresv;
223 }
224
225 ret = virtio_gpu_fence_event_create(dev, file, out_fence, ring_idx);
226 if (ret)
227 goto out_unresv;
228
229 if (out_fence_fd >= 0) {
230 sync_file = sync_file_create(&out_fence->f);
231 if (!sync_file) {
232 dma_fence_put(&out_fence->f);
233 ret = -ENOMEM;
234 goto out_unresv;
235 }
236
237 exbuf->fence_fd = out_fence_fd;
238 fd_install(out_fence_fd, sync_file->file);
239 }
240
241 virtio_gpu_cmd_submit(vgdev, buf, exbuf->size,
242 vfpriv->ctx_id, buflist, out_fence);
243 dma_fence_put(&out_fence->f);
244 virtio_gpu_notify(vgdev);
245 return 0;
246
247out_unresv:
248 if (buflist)
249 virtio_gpu_array_unlock_resv(buflist);
250out_memdup:
251 kvfree(buf);
252out_unused_fd:
253 kvfree(bo_handles);
254 if (buflist)
255 virtio_gpu_array_put_free(buflist);
256
257 if (out_fence_fd >= 0)
258 put_unused_fd(out_fence_fd);
259
260 return ret;
261}
262
263static int virtio_gpu_getparam_ioctl(struct drm_device *dev, void *data,
264 struct drm_file *file)
265{
266 struct virtio_gpu_device *vgdev = dev->dev_private;
267 struct drm_virtgpu_getparam *param = data;
268 int value;
269
270 switch (param->param) {
271 case VIRTGPU_PARAM_3D_FEATURES:
272 value = vgdev->has_virgl_3d ? 1 : 0;
273 break;
274 case VIRTGPU_PARAM_CAPSET_QUERY_FIX:
275 value = 1;
276 break;
277 case VIRTGPU_PARAM_RESOURCE_BLOB:
278 value = vgdev->has_resource_blob ? 1 : 0;
279 break;
280 case VIRTGPU_PARAM_HOST_VISIBLE:
281 value = vgdev->has_host_visible ? 1 : 0;
282 break;
283 case VIRTGPU_PARAM_CROSS_DEVICE:
284 value = vgdev->has_resource_assign_uuid ? 1 : 0;
285 break;
286 case VIRTGPU_PARAM_CONTEXT_INIT:
287 value = vgdev->has_context_init ? 1 : 0;
288 break;
289 case VIRTGPU_PARAM_SUPPORTED_CAPSET_IDs:
290 value = vgdev->capset_id_mask;
291 break;
292 default:
293 return -EINVAL;
294 }
295 if (copy_to_user(u64_to_user_ptr(param->value), &value, sizeof(int)))
296 return -EFAULT;
297
298 return 0;
299}
300
301static int virtio_gpu_resource_create_ioctl(struct drm_device *dev, void *data,
302 struct drm_file *file)
303{
304 struct virtio_gpu_device *vgdev = dev->dev_private;
305 struct drm_virtgpu_resource_create *rc = data;
306 struct virtio_gpu_fence *fence;
307 int ret;
308 struct virtio_gpu_object *qobj;
309 struct drm_gem_object *obj;
310 uint32_t handle = 0;
311 struct virtio_gpu_object_params params = { 0 };
312
313 if (vgdev->has_virgl_3d) {
314 virtio_gpu_create_context(dev, file);
315 params.virgl = true;
316 params.target = rc->target;
317 params.bind = rc->bind;
318 params.depth = rc->depth;
319 params.array_size = rc->array_size;
320 params.last_level = rc->last_level;
321 params.nr_samples = rc->nr_samples;
322 params.flags = rc->flags;
323 } else {
324 if (rc->depth > 1)
325 return -EINVAL;
326 if (rc->nr_samples > 1)
327 return -EINVAL;
328 if (rc->last_level > 1)
329 return -EINVAL;
330 if (rc->target != 2)
331 return -EINVAL;
332 if (rc->array_size > 1)
333 return -EINVAL;
334 }
335
336 params.format = rc->format;
337 params.width = rc->width;
338 params.height = rc->height;
339 params.size = rc->size;
340 /* allocate a single page size object */
341 if (params.size == 0)
342 params.size = PAGE_SIZE;
343
344 fence = virtio_gpu_fence_alloc(vgdev, vgdev->fence_drv.context, 0);
345 if (!fence)
346 return -ENOMEM;
347 ret = virtio_gpu_object_create(vgdev, ¶ms, &qobj, fence);
348 dma_fence_put(&fence->f);
349 if (ret < 0)
350 return ret;
351 obj = &qobj->base.base;
352
353 ret = drm_gem_handle_create(file, obj, &handle);
354 if (ret) {
355 drm_gem_object_release(obj);
356 return ret;
357 }
358
359 rc->res_handle = qobj->hw_res_handle; /* similiar to a VM address */
360 rc->bo_handle = handle;
361
362 /*
363 * The handle owns the reference now. But we must drop our
364 * remaining reference *after* we no longer need to dereference
365 * the obj. Otherwise userspace could guess the handle and
366 * race closing it from another thread.
367 */
368 drm_gem_object_put(obj);
369
370 return 0;
371}
372
373static int virtio_gpu_resource_info_ioctl(struct drm_device *dev, void *data,
374 struct drm_file *file)
375{
376 struct drm_virtgpu_resource_info *ri = data;
377 struct drm_gem_object *gobj = NULL;
378 struct virtio_gpu_object *qobj = NULL;
379
380 gobj = drm_gem_object_lookup(file, ri->bo_handle);
381 if (gobj == NULL)
382 return -ENOENT;
383
384 qobj = gem_to_virtio_gpu_obj(gobj);
385
386 ri->size = qobj->base.base.size;
387 ri->res_handle = qobj->hw_res_handle;
388 if (qobj->host3d_blob || qobj->guest_blob)
389 ri->blob_mem = qobj->blob_mem;
390
391 drm_gem_object_put(gobj);
392 return 0;
393}
394
395static int virtio_gpu_transfer_from_host_ioctl(struct drm_device *dev,
396 void *data,
397 struct drm_file *file)
398{
399 struct virtio_gpu_device *vgdev = dev->dev_private;
400 struct virtio_gpu_fpriv *vfpriv = file->driver_priv;
401 struct drm_virtgpu_3d_transfer_from_host *args = data;
402 struct virtio_gpu_object *bo;
403 struct virtio_gpu_object_array *objs;
404 struct virtio_gpu_fence *fence;
405 int ret;
406 u32 offset = args->offset;
407
408 if (vgdev->has_virgl_3d == false)
409 return -ENOSYS;
410
411 virtio_gpu_create_context(dev, file);
412 objs = virtio_gpu_array_from_handles(file, &args->bo_handle, 1);
413 if (objs == NULL)
414 return -ENOENT;
415
416 bo = gem_to_virtio_gpu_obj(objs->objs[0]);
417 if (bo->guest_blob && !bo->host3d_blob) {
418 ret = -EINVAL;
419 goto err_put_free;
420 }
421
422 if (!bo->host3d_blob && (args->stride || args->layer_stride)) {
423 ret = -EINVAL;
424 goto err_put_free;
425 }
426
427 ret = virtio_gpu_array_lock_resv(objs);
428 if (ret != 0)
429 goto err_put_free;
430
431 fence = virtio_gpu_fence_alloc(vgdev, vgdev->fence_drv.context, 0);
432 if (!fence) {
433 ret = -ENOMEM;
434 goto err_unlock;
435 }
436
437 virtio_gpu_cmd_transfer_from_host_3d
438 (vgdev, vfpriv->ctx_id, offset, args->level, args->stride,
439 args->layer_stride, &args->box, objs, fence);
440 dma_fence_put(&fence->f);
441 virtio_gpu_notify(vgdev);
442 return 0;
443
444err_unlock:
445 virtio_gpu_array_unlock_resv(objs);
446err_put_free:
447 virtio_gpu_array_put_free(objs);
448 return ret;
449}
450
451static int virtio_gpu_transfer_to_host_ioctl(struct drm_device *dev, void *data,
452 struct drm_file *file)
453{
454 struct virtio_gpu_device *vgdev = dev->dev_private;
455 struct virtio_gpu_fpriv *vfpriv = file->driver_priv;
456 struct drm_virtgpu_3d_transfer_to_host *args = data;
457 struct virtio_gpu_object *bo;
458 struct virtio_gpu_object_array *objs;
459 struct virtio_gpu_fence *fence;
460 int ret;
461 u32 offset = args->offset;
462
463 objs = virtio_gpu_array_from_handles(file, &args->bo_handle, 1);
464 if (objs == NULL)
465 return -ENOENT;
466
467 bo = gem_to_virtio_gpu_obj(objs->objs[0]);
468 if (bo->guest_blob && !bo->host3d_blob) {
469 ret = -EINVAL;
470 goto err_put_free;
471 }
472
473 if (!vgdev->has_virgl_3d) {
474 virtio_gpu_cmd_transfer_to_host_2d
475 (vgdev, offset,
476 args->box.w, args->box.h, args->box.x, args->box.y,
477 objs, NULL);
478 } else {
479 virtio_gpu_create_context(dev, file);
480
481 if (!bo->host3d_blob && (args->stride || args->layer_stride)) {
482 ret = -EINVAL;
483 goto err_put_free;
484 }
485
486 ret = virtio_gpu_array_lock_resv(objs);
487 if (ret != 0)
488 goto err_put_free;
489
490 ret = -ENOMEM;
491 fence = virtio_gpu_fence_alloc(vgdev, vgdev->fence_drv.context,
492 0);
493 if (!fence)
494 goto err_unlock;
495
496 virtio_gpu_cmd_transfer_to_host_3d
497 (vgdev,
498 vfpriv ? vfpriv->ctx_id : 0, offset, args->level,
499 args->stride, args->layer_stride, &args->box, objs,
500 fence);
501 dma_fence_put(&fence->f);
502 }
503 virtio_gpu_notify(vgdev);
504 return 0;
505
506err_unlock:
507 virtio_gpu_array_unlock_resv(objs);
508err_put_free:
509 virtio_gpu_array_put_free(objs);
510 return ret;
511}
512
513static int virtio_gpu_wait_ioctl(struct drm_device *dev, void *data,
514 struct drm_file *file)
515{
516 struct drm_virtgpu_3d_wait *args = data;
517 struct drm_gem_object *obj;
518 long timeout = 15 * HZ;
519 int ret;
520
521 obj = drm_gem_object_lookup(file, args->handle);
522 if (obj == NULL)
523 return -ENOENT;
524
525 if (args->flags & VIRTGPU_WAIT_NOWAIT) {
526 ret = dma_resv_test_signaled(obj->resv, DMA_RESV_USAGE_READ);
527 } else {
528 ret = dma_resv_wait_timeout(obj->resv, DMA_RESV_USAGE_READ,
529 true, timeout);
530 }
531 if (ret == 0)
532 ret = -EBUSY;
533 else if (ret > 0)
534 ret = 0;
535
536 drm_gem_object_put(obj);
537 return ret;
538}
539
540static int virtio_gpu_get_caps_ioctl(struct drm_device *dev,
541 void *data, struct drm_file *file)
542{
543 struct virtio_gpu_device *vgdev = dev->dev_private;
544 struct drm_virtgpu_get_caps *args = data;
545 unsigned size, host_caps_size;
546 int i;
547 int found_valid = -1;
548 int ret;
549 struct virtio_gpu_drv_cap_cache *cache_ent;
550 void *ptr;
551
552 if (vgdev->num_capsets == 0)
553 return -ENOSYS;
554
555 /* don't allow userspace to pass 0 */
556 if (args->size == 0)
557 return -EINVAL;
558
559 spin_lock(&vgdev->display_info_lock);
560 for (i = 0; i < vgdev->num_capsets; i++) {
561 if (vgdev->capsets[i].id == args->cap_set_id) {
562 if (vgdev->capsets[i].max_version >= args->cap_set_ver) {
563 found_valid = i;
564 break;
565 }
566 }
567 }
568
569 if (found_valid == -1) {
570 spin_unlock(&vgdev->display_info_lock);
571 return -EINVAL;
572 }
573
574 host_caps_size = vgdev->capsets[found_valid].max_size;
575 /* only copy to user the minimum of the host caps size or the guest caps size */
576 size = min(args->size, host_caps_size);
577
578 list_for_each_entry(cache_ent, &vgdev->cap_cache, head) {
579 if (cache_ent->id == args->cap_set_id &&
580 cache_ent->version == args->cap_set_ver) {
581 spin_unlock(&vgdev->display_info_lock);
582 goto copy_exit;
583 }
584 }
585 spin_unlock(&vgdev->display_info_lock);
586
587 /* not in cache - need to talk to hw */
588 ret = virtio_gpu_cmd_get_capset(vgdev, found_valid, args->cap_set_ver,
589 &cache_ent);
590 if (ret)
591 return ret;
592 virtio_gpu_notify(vgdev);
593
594copy_exit:
595 ret = wait_event_timeout(vgdev->resp_wq,
596 atomic_read(&cache_ent->is_valid), 5 * HZ);
597 if (!ret)
598 return -EBUSY;
599
600 /* is_valid check must proceed before copy of the cache entry. */
601 smp_rmb();
602
603 ptr = cache_ent->caps_cache;
604
605 if (copy_to_user(u64_to_user_ptr(args->addr), ptr, size))
606 return -EFAULT;
607
608 return 0;
609}
610
611static int verify_blob(struct virtio_gpu_device *vgdev,
612 struct virtio_gpu_fpriv *vfpriv,
613 struct virtio_gpu_object_params *params,
614 struct drm_virtgpu_resource_create_blob *rc_blob,
615 bool *guest_blob, bool *host3d_blob)
616{
617 if (!vgdev->has_resource_blob)
618 return -EINVAL;
619
620 if (rc_blob->blob_flags & ~VIRTGPU_BLOB_FLAG_USE_MASK)
621 return -EINVAL;
622
623 if (rc_blob->blob_flags & VIRTGPU_BLOB_FLAG_USE_CROSS_DEVICE) {
624 if (!vgdev->has_resource_assign_uuid)
625 return -EINVAL;
626 }
627
628 switch (rc_blob->blob_mem) {
629 case VIRTGPU_BLOB_MEM_GUEST:
630 *guest_blob = true;
631 break;
632 case VIRTGPU_BLOB_MEM_HOST3D_GUEST:
633 *guest_blob = true;
634 fallthrough;
635 case VIRTGPU_BLOB_MEM_HOST3D:
636 *host3d_blob = true;
637 break;
638 default:
639 return -EINVAL;
640 }
641
642 if (*host3d_blob) {
643 if (!vgdev->has_virgl_3d)
644 return -EINVAL;
645
646 /* Must be dword aligned. */
647 if (rc_blob->cmd_size % 4 != 0)
648 return -EINVAL;
649
650 params->ctx_id = vfpriv->ctx_id;
651 params->blob_id = rc_blob->blob_id;
652 } else {
653 if (rc_blob->blob_id != 0)
654 return -EINVAL;
655
656 if (rc_blob->cmd_size != 0)
657 return -EINVAL;
658 }
659
660 params->blob_mem = rc_blob->blob_mem;
661 params->size = rc_blob->size;
662 params->blob = true;
663 params->blob_flags = rc_blob->blob_flags;
664 return 0;
665}
666
667static int virtio_gpu_resource_create_blob_ioctl(struct drm_device *dev,
668 void *data,
669 struct drm_file *file)
670{
671 int ret = 0;
672 uint32_t handle = 0;
673 bool guest_blob = false;
674 bool host3d_blob = false;
675 struct drm_gem_object *obj;
676 struct virtio_gpu_object *bo;
677 struct virtio_gpu_object_params params = { 0 };
678 struct virtio_gpu_device *vgdev = dev->dev_private;
679 struct virtio_gpu_fpriv *vfpriv = file->driver_priv;
680 struct drm_virtgpu_resource_create_blob *rc_blob = data;
681
682 if (verify_blob(vgdev, vfpriv, ¶ms, rc_blob,
683 &guest_blob, &host3d_blob))
684 return -EINVAL;
685
686 if (vgdev->has_virgl_3d)
687 virtio_gpu_create_context(dev, file);
688
689 if (rc_blob->cmd_size) {
690 void *buf;
691
692 buf = memdup_user(u64_to_user_ptr(rc_blob->cmd),
693 rc_blob->cmd_size);
694
695 if (IS_ERR(buf))
696 return PTR_ERR(buf);
697
698 virtio_gpu_cmd_submit(vgdev, buf, rc_blob->cmd_size,
699 vfpriv->ctx_id, NULL, NULL);
700 }
701
702 if (guest_blob)
703 ret = virtio_gpu_object_create(vgdev, ¶ms, &bo, NULL);
704 else if (!guest_blob && host3d_blob)
705 ret = virtio_gpu_vram_create(vgdev, ¶ms, &bo);
706 else
707 return -EINVAL;
708
709 if (ret < 0)
710 return ret;
711
712 bo->guest_blob = guest_blob;
713 bo->host3d_blob = host3d_blob;
714 bo->blob_mem = rc_blob->blob_mem;
715 bo->blob_flags = rc_blob->blob_flags;
716
717 obj = &bo->base.base;
718 if (params.blob_flags & VIRTGPU_BLOB_FLAG_USE_CROSS_DEVICE) {
719 ret = virtio_gpu_resource_assign_uuid(vgdev, bo);
720 if (ret) {
721 drm_gem_object_release(obj);
722 return ret;
723 }
724 }
725
726 ret = drm_gem_handle_create(file, obj, &handle);
727 if (ret) {
728 drm_gem_object_release(obj);
729 return ret;
730 }
731
732 rc_blob->res_handle = bo->hw_res_handle;
733 rc_blob->bo_handle = handle;
734
735 /*
736 * The handle owns the reference now. But we must drop our
737 * remaining reference *after* we no longer need to dereference
738 * the obj. Otherwise userspace could guess the handle and
739 * race closing it from another thread.
740 */
741 drm_gem_object_put(obj);
742
743 return 0;
744}
745
746static int virtio_gpu_context_init_ioctl(struct drm_device *dev,
747 void *data, struct drm_file *file)
748{
749 int ret = 0;
750 uint32_t num_params, i, param, value;
751 uint64_t valid_ring_mask;
752 size_t len;
753 struct drm_virtgpu_context_set_param *ctx_set_params = NULL;
754 struct virtio_gpu_device *vgdev = dev->dev_private;
755 struct virtio_gpu_fpriv *vfpriv = file->driver_priv;
756 struct drm_virtgpu_context_init *args = data;
757
758 num_params = args->num_params;
759 len = num_params * sizeof(struct drm_virtgpu_context_set_param);
760
761 if (!vgdev->has_context_init || !vgdev->has_virgl_3d)
762 return -EINVAL;
763
764 /* Number of unique parameters supported at this time. */
765 if (num_params > 3)
766 return -EINVAL;
767
768 ctx_set_params = memdup_user(u64_to_user_ptr(args->ctx_set_params),
769 len);
770
771 if (IS_ERR(ctx_set_params))
772 return PTR_ERR(ctx_set_params);
773
774 mutex_lock(&vfpriv->context_lock);
775 if (vfpriv->context_created) {
776 ret = -EEXIST;
777 goto out_unlock;
778 }
779
780 for (i = 0; i < num_params; i++) {
781 param = ctx_set_params[i].param;
782 value = ctx_set_params[i].value;
783
784 switch (param) {
785 case VIRTGPU_CONTEXT_PARAM_CAPSET_ID:
786 if (value > MAX_CAPSET_ID) {
787 ret = -EINVAL;
788 goto out_unlock;
789 }
790
791 if ((vgdev->capset_id_mask & (1ULL << value)) == 0) {
792 ret = -EINVAL;
793 goto out_unlock;
794 }
795
796 /* Context capset ID already set */
797 if (vfpriv->context_init &
798 VIRTIO_GPU_CONTEXT_INIT_CAPSET_ID_MASK) {
799 ret = -EINVAL;
800 goto out_unlock;
801 }
802
803 vfpriv->context_init |= value;
804 break;
805 case VIRTGPU_CONTEXT_PARAM_NUM_RINGS:
806 if (vfpriv->base_fence_ctx) {
807 ret = -EINVAL;
808 goto out_unlock;
809 }
810
811 if (value > MAX_RINGS) {
812 ret = -EINVAL;
813 goto out_unlock;
814 }
815
816 vfpriv->base_fence_ctx = dma_fence_context_alloc(value);
817 vfpriv->num_rings = value;
818 break;
819 case VIRTGPU_CONTEXT_PARAM_POLL_RINGS_MASK:
820 if (vfpriv->ring_idx_mask) {
821 ret = -EINVAL;
822 goto out_unlock;
823 }
824
825 vfpriv->ring_idx_mask = value;
826 break;
827 default:
828 ret = -EINVAL;
829 goto out_unlock;
830 }
831 }
832
833 if (vfpriv->ring_idx_mask) {
834 valid_ring_mask = 0;
835 for (i = 0; i < vfpriv->num_rings; i++)
836 valid_ring_mask |= 1ULL << i;
837
838 if (~valid_ring_mask & vfpriv->ring_idx_mask) {
839 ret = -EINVAL;
840 goto out_unlock;
841 }
842 }
843
844 virtio_gpu_create_context_locked(vgdev, vfpriv);
845 virtio_gpu_notify(vgdev);
846
847out_unlock:
848 mutex_unlock(&vfpriv->context_lock);
849 kfree(ctx_set_params);
850 return ret;
851}
852
853struct drm_ioctl_desc virtio_gpu_ioctls[DRM_VIRTIO_NUM_IOCTLS] = {
854 DRM_IOCTL_DEF_DRV(VIRTGPU_MAP, virtio_gpu_map_ioctl,
855 DRM_RENDER_ALLOW),
856
857 DRM_IOCTL_DEF_DRV(VIRTGPU_EXECBUFFER, virtio_gpu_execbuffer_ioctl,
858 DRM_RENDER_ALLOW),
859
860 DRM_IOCTL_DEF_DRV(VIRTGPU_GETPARAM, virtio_gpu_getparam_ioctl,
861 DRM_RENDER_ALLOW),
862
863 DRM_IOCTL_DEF_DRV(VIRTGPU_RESOURCE_CREATE,
864 virtio_gpu_resource_create_ioctl,
865 DRM_RENDER_ALLOW),
866
867 DRM_IOCTL_DEF_DRV(VIRTGPU_RESOURCE_INFO, virtio_gpu_resource_info_ioctl,
868 DRM_RENDER_ALLOW),
869
870 /* make transfer async to the main ring? - no sure, can we
871 * thread these in the underlying GL
872 */
873 DRM_IOCTL_DEF_DRV(VIRTGPU_TRANSFER_FROM_HOST,
874 virtio_gpu_transfer_from_host_ioctl,
875 DRM_RENDER_ALLOW),
876 DRM_IOCTL_DEF_DRV(VIRTGPU_TRANSFER_TO_HOST,
877 virtio_gpu_transfer_to_host_ioctl,
878 DRM_RENDER_ALLOW),
879
880 DRM_IOCTL_DEF_DRV(VIRTGPU_WAIT, virtio_gpu_wait_ioctl,
881 DRM_RENDER_ALLOW),
882
883 DRM_IOCTL_DEF_DRV(VIRTGPU_GET_CAPS, virtio_gpu_get_caps_ioctl,
884 DRM_RENDER_ALLOW),
885
886 DRM_IOCTL_DEF_DRV(VIRTGPU_RESOURCE_CREATE_BLOB,
887 virtio_gpu_resource_create_blob_ioctl,
888 DRM_RENDER_ALLOW),
889
890 DRM_IOCTL_DEF_DRV(VIRTGPU_CONTEXT_INIT, virtio_gpu_context_init_ioctl,
891 DRM_RENDER_ALLOW),
892};
1/*
2 * Copyright (C) 2015 Red Hat, Inc.
3 * All Rights Reserved.
4 *
5 * Authors:
6 * Dave Airlie
7 * Alon Levy
8 *
9 * Permission is hereby granted, free of charge, to any person obtaining a
10 * copy of this software and associated documentation files (the "Software"),
11 * to deal in the Software without restriction, including without limitation
12 * the rights to use, copy, modify, merge, publish, distribute, sublicense,
13 * and/or sell copies of the Software, and to permit persons to whom the
14 * Software is furnished to do so, subject to the following conditions:
15 *
16 * The above copyright notice and this permission notice shall be included in
17 * all copies or substantial portions of the Software.
18 *
19 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
20 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
21 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
22 * THE COPYRIGHT HOLDER(S) OR AUTHOR(S) BE LIABLE FOR ANY CLAIM, DAMAGES OR
23 * OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
24 * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
25 * OTHER DEALINGS IN THE SOFTWARE.
26 */
27
28#include <linux/file.h>
29#include <linux/sync_file.h>
30#include <linux/uaccess.h>
31
32#include <drm/drm_file.h>
33#include <drm/virtgpu_drm.h>
34
35#include "virtgpu_drv.h"
36
37#define VIRTGPU_BLOB_FLAG_USE_MASK (VIRTGPU_BLOB_FLAG_USE_MAPPABLE | \
38 VIRTGPU_BLOB_FLAG_USE_SHAREABLE | \
39 VIRTGPU_BLOB_FLAG_USE_CROSS_DEVICE)
40
41void virtio_gpu_create_context(struct drm_device *dev, struct drm_file *file)
42{
43 struct virtio_gpu_device *vgdev = dev->dev_private;
44 struct virtio_gpu_fpriv *vfpriv = file->driver_priv;
45 char dbgname[TASK_COMM_LEN];
46
47 mutex_lock(&vfpriv->context_lock);
48 if (vfpriv->context_created)
49 goto out_unlock;
50
51 get_task_comm(dbgname, current);
52 virtio_gpu_cmd_context_create(vgdev, vfpriv->ctx_id,
53 strlen(dbgname), dbgname);
54 vfpriv->context_created = true;
55
56out_unlock:
57 mutex_unlock(&vfpriv->context_lock);
58}
59
60static int virtio_gpu_map_ioctl(struct drm_device *dev, void *data,
61 struct drm_file *file)
62{
63 struct virtio_gpu_device *vgdev = dev->dev_private;
64 struct drm_virtgpu_map *virtio_gpu_map = data;
65
66 return virtio_gpu_mode_dumb_mmap(file, vgdev->ddev,
67 virtio_gpu_map->handle,
68 &virtio_gpu_map->offset);
69}
70
71/*
72 * Usage of execbuffer:
73 * Relocations need to take into account the full VIRTIO_GPUDrawable size.
74 * However, the command as passed from user space must *not* contain the initial
75 * VIRTIO_GPUReleaseInfo struct (first XXX bytes)
76 */
77static int virtio_gpu_execbuffer_ioctl(struct drm_device *dev, void *data,
78 struct drm_file *file)
79{
80 struct drm_virtgpu_execbuffer *exbuf = data;
81 struct virtio_gpu_device *vgdev = dev->dev_private;
82 struct virtio_gpu_fpriv *vfpriv = file->driver_priv;
83 struct virtio_gpu_fence *out_fence;
84 int ret;
85 uint32_t *bo_handles = NULL;
86 void __user *user_bo_handles = NULL;
87 struct virtio_gpu_object_array *buflist = NULL;
88 struct sync_file *sync_file;
89 int in_fence_fd = exbuf->fence_fd;
90 int out_fence_fd = -1;
91 void *buf;
92
93 if (vgdev->has_virgl_3d == false)
94 return -ENOSYS;
95
96 if ((exbuf->flags & ~VIRTGPU_EXECBUF_FLAGS))
97 return -EINVAL;
98
99 exbuf->fence_fd = -1;
100
101 virtio_gpu_create_context(dev, file);
102 if (exbuf->flags & VIRTGPU_EXECBUF_FENCE_FD_IN) {
103 struct dma_fence *in_fence;
104
105 in_fence = sync_file_get_fence(in_fence_fd);
106
107 if (!in_fence)
108 return -EINVAL;
109
110 /*
111 * Wait if the fence is from a foreign context, or if the fence
112 * array contains any fence from a foreign context.
113 */
114 ret = 0;
115 if (!dma_fence_match_context(in_fence, vgdev->fence_drv.context))
116 ret = dma_fence_wait(in_fence, true);
117
118 dma_fence_put(in_fence);
119 if (ret)
120 return ret;
121 }
122
123 if (exbuf->flags & VIRTGPU_EXECBUF_FENCE_FD_OUT) {
124 out_fence_fd = get_unused_fd_flags(O_CLOEXEC);
125 if (out_fence_fd < 0)
126 return out_fence_fd;
127 }
128
129 if (exbuf->num_bo_handles) {
130 bo_handles = kvmalloc_array(exbuf->num_bo_handles,
131 sizeof(uint32_t), GFP_KERNEL);
132 if (!bo_handles) {
133 ret = -ENOMEM;
134 goto out_unused_fd;
135 }
136
137 user_bo_handles = u64_to_user_ptr(exbuf->bo_handles);
138 if (copy_from_user(bo_handles, user_bo_handles,
139 exbuf->num_bo_handles * sizeof(uint32_t))) {
140 ret = -EFAULT;
141 goto out_unused_fd;
142 }
143
144 buflist = virtio_gpu_array_from_handles(file, bo_handles,
145 exbuf->num_bo_handles);
146 if (!buflist) {
147 ret = -ENOENT;
148 goto out_unused_fd;
149 }
150 kvfree(bo_handles);
151 bo_handles = NULL;
152 }
153
154 buf = vmemdup_user(u64_to_user_ptr(exbuf->command), exbuf->size);
155 if (IS_ERR(buf)) {
156 ret = PTR_ERR(buf);
157 goto out_unused_fd;
158 }
159
160 if (buflist) {
161 ret = virtio_gpu_array_lock_resv(buflist);
162 if (ret)
163 goto out_memdup;
164 }
165
166 out_fence = virtio_gpu_fence_alloc(vgdev);
167 if(!out_fence) {
168 ret = -ENOMEM;
169 goto out_unresv;
170 }
171
172 if (out_fence_fd >= 0) {
173 sync_file = sync_file_create(&out_fence->f);
174 if (!sync_file) {
175 dma_fence_put(&out_fence->f);
176 ret = -ENOMEM;
177 goto out_unresv;
178 }
179
180 exbuf->fence_fd = out_fence_fd;
181 fd_install(out_fence_fd, sync_file->file);
182 }
183
184 virtio_gpu_cmd_submit(vgdev, buf, exbuf->size,
185 vfpriv->ctx_id, buflist, out_fence);
186 dma_fence_put(&out_fence->f);
187 virtio_gpu_notify(vgdev);
188 return 0;
189
190out_unresv:
191 if (buflist)
192 virtio_gpu_array_unlock_resv(buflist);
193out_memdup:
194 kvfree(buf);
195out_unused_fd:
196 kvfree(bo_handles);
197 if (buflist)
198 virtio_gpu_array_put_free(buflist);
199
200 if (out_fence_fd >= 0)
201 put_unused_fd(out_fence_fd);
202
203 return ret;
204}
205
206static int virtio_gpu_getparam_ioctl(struct drm_device *dev, void *data,
207 struct drm_file *file)
208{
209 struct virtio_gpu_device *vgdev = dev->dev_private;
210 struct drm_virtgpu_getparam *param = data;
211 int value;
212
213 switch (param->param) {
214 case VIRTGPU_PARAM_3D_FEATURES:
215 value = vgdev->has_virgl_3d ? 1 : 0;
216 break;
217 case VIRTGPU_PARAM_CAPSET_QUERY_FIX:
218 value = 1;
219 break;
220 case VIRTGPU_PARAM_RESOURCE_BLOB:
221 value = vgdev->has_resource_blob ? 1 : 0;
222 break;
223 case VIRTGPU_PARAM_HOST_VISIBLE:
224 value = vgdev->has_host_visible ? 1 : 0;
225 break;
226 case VIRTGPU_PARAM_CROSS_DEVICE:
227 value = vgdev->has_resource_assign_uuid ? 1 : 0;
228 break;
229 default:
230 return -EINVAL;
231 }
232 if (copy_to_user(u64_to_user_ptr(param->value), &value, sizeof(int)))
233 return -EFAULT;
234
235 return 0;
236}
237
238static int virtio_gpu_resource_create_ioctl(struct drm_device *dev, void *data,
239 struct drm_file *file)
240{
241 struct virtio_gpu_device *vgdev = dev->dev_private;
242 struct drm_virtgpu_resource_create *rc = data;
243 struct virtio_gpu_fence *fence;
244 int ret;
245 struct virtio_gpu_object *qobj;
246 struct drm_gem_object *obj;
247 uint32_t handle = 0;
248 struct virtio_gpu_object_params params = { 0 };
249
250 if (vgdev->has_virgl_3d) {
251 virtio_gpu_create_context(dev, file);
252 params.virgl = true;
253 params.target = rc->target;
254 params.bind = rc->bind;
255 params.depth = rc->depth;
256 params.array_size = rc->array_size;
257 params.last_level = rc->last_level;
258 params.nr_samples = rc->nr_samples;
259 params.flags = rc->flags;
260 } else {
261 if (rc->depth > 1)
262 return -EINVAL;
263 if (rc->nr_samples > 1)
264 return -EINVAL;
265 if (rc->last_level > 1)
266 return -EINVAL;
267 if (rc->target != 2)
268 return -EINVAL;
269 if (rc->array_size > 1)
270 return -EINVAL;
271 }
272
273 params.format = rc->format;
274 params.width = rc->width;
275 params.height = rc->height;
276 params.size = rc->size;
277 /* allocate a single page size object */
278 if (params.size == 0)
279 params.size = PAGE_SIZE;
280
281 fence = virtio_gpu_fence_alloc(vgdev);
282 if (!fence)
283 return -ENOMEM;
284 ret = virtio_gpu_object_create(vgdev, ¶ms, &qobj, fence);
285 dma_fence_put(&fence->f);
286 if (ret < 0)
287 return ret;
288 obj = &qobj->base.base;
289
290 ret = drm_gem_handle_create(file, obj, &handle);
291 if (ret) {
292 drm_gem_object_release(obj);
293 return ret;
294 }
295 drm_gem_object_put(obj);
296
297 rc->res_handle = qobj->hw_res_handle; /* similiar to a VM address */
298 rc->bo_handle = handle;
299 return 0;
300}
301
302static int virtio_gpu_resource_info_ioctl(struct drm_device *dev, void *data,
303 struct drm_file *file)
304{
305 struct drm_virtgpu_resource_info *ri = data;
306 struct drm_gem_object *gobj = NULL;
307 struct virtio_gpu_object *qobj = NULL;
308
309 gobj = drm_gem_object_lookup(file, ri->bo_handle);
310 if (gobj == NULL)
311 return -ENOENT;
312
313 qobj = gem_to_virtio_gpu_obj(gobj);
314
315 ri->size = qobj->base.base.size;
316 ri->res_handle = qobj->hw_res_handle;
317 if (qobj->host3d_blob || qobj->guest_blob)
318 ri->blob_mem = qobj->blob_mem;
319
320 drm_gem_object_put(gobj);
321 return 0;
322}
323
324static int virtio_gpu_transfer_from_host_ioctl(struct drm_device *dev,
325 void *data,
326 struct drm_file *file)
327{
328 struct virtio_gpu_device *vgdev = dev->dev_private;
329 struct virtio_gpu_fpriv *vfpriv = file->driver_priv;
330 struct drm_virtgpu_3d_transfer_from_host *args = data;
331 struct virtio_gpu_object *bo;
332 struct virtio_gpu_object_array *objs;
333 struct virtio_gpu_fence *fence;
334 int ret;
335 u32 offset = args->offset;
336
337 if (vgdev->has_virgl_3d == false)
338 return -ENOSYS;
339
340 virtio_gpu_create_context(dev, file);
341 objs = virtio_gpu_array_from_handles(file, &args->bo_handle, 1);
342 if (objs == NULL)
343 return -ENOENT;
344
345 bo = gem_to_virtio_gpu_obj(objs->objs[0]);
346 if (bo->guest_blob && !bo->host3d_blob) {
347 ret = -EINVAL;
348 goto err_put_free;
349 }
350
351 if (!bo->host3d_blob && (args->stride || args->layer_stride)) {
352 ret = -EINVAL;
353 goto err_put_free;
354 }
355
356 ret = virtio_gpu_array_lock_resv(objs);
357 if (ret != 0)
358 goto err_put_free;
359
360 fence = virtio_gpu_fence_alloc(vgdev);
361 if (!fence) {
362 ret = -ENOMEM;
363 goto err_unlock;
364 }
365
366 virtio_gpu_cmd_transfer_from_host_3d
367 (vgdev, vfpriv->ctx_id, offset, args->level, args->stride,
368 args->layer_stride, &args->box, objs, fence);
369 dma_fence_put(&fence->f);
370 virtio_gpu_notify(vgdev);
371 return 0;
372
373err_unlock:
374 virtio_gpu_array_unlock_resv(objs);
375err_put_free:
376 virtio_gpu_array_put_free(objs);
377 return ret;
378}
379
380static int virtio_gpu_transfer_to_host_ioctl(struct drm_device *dev, void *data,
381 struct drm_file *file)
382{
383 struct virtio_gpu_device *vgdev = dev->dev_private;
384 struct virtio_gpu_fpriv *vfpriv = file->driver_priv;
385 struct drm_virtgpu_3d_transfer_to_host *args = data;
386 struct virtio_gpu_object *bo;
387 struct virtio_gpu_object_array *objs;
388 struct virtio_gpu_fence *fence;
389 int ret;
390 u32 offset = args->offset;
391
392 objs = virtio_gpu_array_from_handles(file, &args->bo_handle, 1);
393 if (objs == NULL)
394 return -ENOENT;
395
396 bo = gem_to_virtio_gpu_obj(objs->objs[0]);
397 if (bo->guest_blob && !bo->host3d_blob) {
398 ret = -EINVAL;
399 goto err_put_free;
400 }
401
402 if (!vgdev->has_virgl_3d) {
403 virtio_gpu_cmd_transfer_to_host_2d
404 (vgdev, offset,
405 args->box.w, args->box.h, args->box.x, args->box.y,
406 objs, NULL);
407 } else {
408 virtio_gpu_create_context(dev, file);
409
410 if (!bo->host3d_blob && (args->stride || args->layer_stride)) {
411 ret = -EINVAL;
412 goto err_put_free;
413 }
414
415 ret = virtio_gpu_array_lock_resv(objs);
416 if (ret != 0)
417 goto err_put_free;
418
419 ret = -ENOMEM;
420 fence = virtio_gpu_fence_alloc(vgdev);
421 if (!fence)
422 goto err_unlock;
423
424 virtio_gpu_cmd_transfer_to_host_3d
425 (vgdev,
426 vfpriv ? vfpriv->ctx_id : 0, offset, args->level,
427 args->stride, args->layer_stride, &args->box, objs,
428 fence);
429 dma_fence_put(&fence->f);
430 }
431 virtio_gpu_notify(vgdev);
432 return 0;
433
434err_unlock:
435 virtio_gpu_array_unlock_resv(objs);
436err_put_free:
437 virtio_gpu_array_put_free(objs);
438 return ret;
439}
440
441static int virtio_gpu_wait_ioctl(struct drm_device *dev, void *data,
442 struct drm_file *file)
443{
444 struct drm_virtgpu_3d_wait *args = data;
445 struct drm_gem_object *obj;
446 long timeout = 15 * HZ;
447 int ret;
448
449 obj = drm_gem_object_lookup(file, args->handle);
450 if (obj == NULL)
451 return -ENOENT;
452
453 if (args->flags & VIRTGPU_WAIT_NOWAIT) {
454 ret = dma_resv_test_signaled(obj->resv, true);
455 } else {
456 ret = dma_resv_wait_timeout(obj->resv, true, true, timeout);
457 }
458 if (ret == 0)
459 ret = -EBUSY;
460 else if (ret > 0)
461 ret = 0;
462
463 drm_gem_object_put(obj);
464 return ret;
465}
466
467static int virtio_gpu_get_caps_ioctl(struct drm_device *dev,
468 void *data, struct drm_file *file)
469{
470 struct virtio_gpu_device *vgdev = dev->dev_private;
471 struct drm_virtgpu_get_caps *args = data;
472 unsigned size, host_caps_size;
473 int i;
474 int found_valid = -1;
475 int ret;
476 struct virtio_gpu_drv_cap_cache *cache_ent;
477 void *ptr;
478
479 if (vgdev->num_capsets == 0)
480 return -ENOSYS;
481
482 /* don't allow userspace to pass 0 */
483 if (args->size == 0)
484 return -EINVAL;
485
486 spin_lock(&vgdev->display_info_lock);
487 for (i = 0; i < vgdev->num_capsets; i++) {
488 if (vgdev->capsets[i].id == args->cap_set_id) {
489 if (vgdev->capsets[i].max_version >= args->cap_set_ver) {
490 found_valid = i;
491 break;
492 }
493 }
494 }
495
496 if (found_valid == -1) {
497 spin_unlock(&vgdev->display_info_lock);
498 return -EINVAL;
499 }
500
501 host_caps_size = vgdev->capsets[found_valid].max_size;
502 /* only copy to user the minimum of the host caps size or the guest caps size */
503 size = min(args->size, host_caps_size);
504
505 list_for_each_entry(cache_ent, &vgdev->cap_cache, head) {
506 if (cache_ent->id == args->cap_set_id &&
507 cache_ent->version == args->cap_set_ver) {
508 spin_unlock(&vgdev->display_info_lock);
509 goto copy_exit;
510 }
511 }
512 spin_unlock(&vgdev->display_info_lock);
513
514 /* not in cache - need to talk to hw */
515 virtio_gpu_cmd_get_capset(vgdev, found_valid, args->cap_set_ver,
516 &cache_ent);
517 virtio_gpu_notify(vgdev);
518
519copy_exit:
520 ret = wait_event_timeout(vgdev->resp_wq,
521 atomic_read(&cache_ent->is_valid), 5 * HZ);
522 if (!ret)
523 return -EBUSY;
524
525 /* is_valid check must proceed before copy of the cache entry. */
526 smp_rmb();
527
528 ptr = cache_ent->caps_cache;
529
530 if (copy_to_user(u64_to_user_ptr(args->addr), ptr, size))
531 return -EFAULT;
532
533 return 0;
534}
535
536static int verify_blob(struct virtio_gpu_device *vgdev,
537 struct virtio_gpu_fpriv *vfpriv,
538 struct virtio_gpu_object_params *params,
539 struct drm_virtgpu_resource_create_blob *rc_blob,
540 bool *guest_blob, bool *host3d_blob)
541{
542 if (!vgdev->has_resource_blob)
543 return -EINVAL;
544
545 if ((rc_blob->blob_flags & ~VIRTGPU_BLOB_FLAG_USE_MASK) ||
546 !rc_blob->blob_flags)
547 return -EINVAL;
548
549 if (rc_blob->blob_flags & VIRTGPU_BLOB_FLAG_USE_CROSS_DEVICE) {
550 if (!vgdev->has_resource_assign_uuid)
551 return -EINVAL;
552 }
553
554 switch (rc_blob->blob_mem) {
555 case VIRTGPU_BLOB_MEM_GUEST:
556 *guest_blob = true;
557 break;
558 case VIRTGPU_BLOB_MEM_HOST3D_GUEST:
559 *guest_blob = true;
560 fallthrough;
561 case VIRTGPU_BLOB_MEM_HOST3D:
562 *host3d_blob = true;
563 break;
564 default:
565 return -EINVAL;
566 }
567
568 if (*host3d_blob) {
569 if (!vgdev->has_virgl_3d)
570 return -EINVAL;
571
572 /* Must be dword aligned. */
573 if (rc_blob->cmd_size % 4 != 0)
574 return -EINVAL;
575
576 params->ctx_id = vfpriv->ctx_id;
577 params->blob_id = rc_blob->blob_id;
578 } else {
579 if (rc_blob->blob_id != 0)
580 return -EINVAL;
581
582 if (rc_blob->cmd_size != 0)
583 return -EINVAL;
584 }
585
586 params->blob_mem = rc_blob->blob_mem;
587 params->size = rc_blob->size;
588 params->blob = true;
589 params->blob_flags = rc_blob->blob_flags;
590 return 0;
591}
592
593static int virtio_gpu_resource_create_blob_ioctl(struct drm_device *dev,
594 void *data,
595 struct drm_file *file)
596{
597 int ret = 0;
598 uint32_t handle = 0;
599 bool guest_blob = false;
600 bool host3d_blob = false;
601 struct drm_gem_object *obj;
602 struct virtio_gpu_object *bo;
603 struct virtio_gpu_object_params params = { 0 };
604 struct virtio_gpu_device *vgdev = dev->dev_private;
605 struct virtio_gpu_fpriv *vfpriv = file->driver_priv;
606 struct drm_virtgpu_resource_create_blob *rc_blob = data;
607
608 if (verify_blob(vgdev, vfpriv, ¶ms, rc_blob,
609 &guest_blob, &host3d_blob))
610 return -EINVAL;
611
612 if (vgdev->has_virgl_3d)
613 virtio_gpu_create_context(dev, file);
614
615 if (rc_blob->cmd_size) {
616 void *buf;
617
618 buf = memdup_user(u64_to_user_ptr(rc_blob->cmd),
619 rc_blob->cmd_size);
620
621 if (IS_ERR(buf))
622 return PTR_ERR(buf);
623
624 virtio_gpu_cmd_submit(vgdev, buf, rc_blob->cmd_size,
625 vfpriv->ctx_id, NULL, NULL);
626 }
627
628 if (guest_blob)
629 ret = virtio_gpu_object_create(vgdev, ¶ms, &bo, NULL);
630 else if (!guest_blob && host3d_blob)
631 ret = virtio_gpu_vram_create(vgdev, ¶ms, &bo);
632 else
633 return -EINVAL;
634
635 if (ret < 0)
636 return ret;
637
638 bo->guest_blob = guest_blob;
639 bo->host3d_blob = host3d_blob;
640 bo->blob_mem = rc_blob->blob_mem;
641 bo->blob_flags = rc_blob->blob_flags;
642
643 obj = &bo->base.base;
644 if (params.blob_flags & VIRTGPU_BLOB_FLAG_USE_CROSS_DEVICE) {
645 ret = virtio_gpu_resource_assign_uuid(vgdev, bo);
646 if (ret) {
647 drm_gem_object_release(obj);
648 return ret;
649 }
650 }
651
652 ret = drm_gem_handle_create(file, obj, &handle);
653 if (ret) {
654 drm_gem_object_release(obj);
655 return ret;
656 }
657 drm_gem_object_put(obj);
658
659 rc_blob->res_handle = bo->hw_res_handle;
660 rc_blob->bo_handle = handle;
661
662 return 0;
663}
664
665struct drm_ioctl_desc virtio_gpu_ioctls[DRM_VIRTIO_NUM_IOCTLS] = {
666 DRM_IOCTL_DEF_DRV(VIRTGPU_MAP, virtio_gpu_map_ioctl,
667 DRM_RENDER_ALLOW),
668
669 DRM_IOCTL_DEF_DRV(VIRTGPU_EXECBUFFER, virtio_gpu_execbuffer_ioctl,
670 DRM_RENDER_ALLOW),
671
672 DRM_IOCTL_DEF_DRV(VIRTGPU_GETPARAM, virtio_gpu_getparam_ioctl,
673 DRM_RENDER_ALLOW),
674
675 DRM_IOCTL_DEF_DRV(VIRTGPU_RESOURCE_CREATE,
676 virtio_gpu_resource_create_ioctl,
677 DRM_RENDER_ALLOW),
678
679 DRM_IOCTL_DEF_DRV(VIRTGPU_RESOURCE_INFO, virtio_gpu_resource_info_ioctl,
680 DRM_RENDER_ALLOW),
681
682 /* make transfer async to the main ring? - no sure, can we
683 * thread these in the underlying GL
684 */
685 DRM_IOCTL_DEF_DRV(VIRTGPU_TRANSFER_FROM_HOST,
686 virtio_gpu_transfer_from_host_ioctl,
687 DRM_RENDER_ALLOW),
688 DRM_IOCTL_DEF_DRV(VIRTGPU_TRANSFER_TO_HOST,
689 virtio_gpu_transfer_to_host_ioctl,
690 DRM_RENDER_ALLOW),
691
692 DRM_IOCTL_DEF_DRV(VIRTGPU_WAIT, virtio_gpu_wait_ioctl,
693 DRM_RENDER_ALLOW),
694
695 DRM_IOCTL_DEF_DRV(VIRTGPU_GET_CAPS, virtio_gpu_get_caps_ioctl,
696 DRM_RENDER_ALLOW),
697
698 DRM_IOCTL_DEF_DRV(VIRTGPU_RESOURCE_CREATE_BLOB,
699 virtio_gpu_resource_create_blob_ioctl,
700 DRM_RENDER_ALLOW),
701};