search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git...
[linux.git] / samples / vfio-mdev / mbochs.c
blob18623ba666e33f9407a620c8a7a5601a86c0c5fc
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Mediated virtual PCI display host device driver
4 *
5 * Emulate enough of qemu stdvga to make bochs-drm.ko happy. That is
6 * basically the vram memory bar and the bochs dispi interface vbe
7 * registers in the mmio register bar. Specifically it does *not*
8 * include any legacy vga stuff. Device looks a lot like "qemu -device
9 * secondary-vga".
10 *
11 * (c) Gerd Hoffmann <kraxel@redhat.com>
12 *
13 * based on mtty driver which is:
14 * Copyright (c) 2016, NVIDIA CORPORATION. All rights reserved.
15 * Author: Neo Jia <cjia@nvidia.com>
16 * Kirti Wankhede <kwankhede@nvidia.com>
17 *
18 * This program is free software; you can redistribute it and/or modify
19 * it under the terms of the GNU General Public License version 2 as
20 * published by the Free Software Foundation.
21 */
22 #include <linux/init.h>
23 #include <linux/module.h>
24 #include <linux/kernel.h>
25 #include <linux/slab.h>
26 #include <linux/vmalloc.h>
27 #include <linux/cdev.h>
28 #include <linux/vfio.h>
29 #include <linux/iommu.h>
30 #include <linux/sysfs.h>
31 #include <linux/mdev.h>
32 #include <linux/pci.h>
33 #include <linux/dma-buf.h>
34 #include <linux/highmem.h>
35 #include <drm/drm_fourcc.h>
36 #include <drm/drm_rect.h>
37 #include <drm/drm_modeset_lock.h>
38 #include <drm/drm_property.h>
39 #include <drm/drm_plane.h>
40
41
42 #define VBE_DISPI_INDEX_ID 0x0
43 #define VBE_DISPI_INDEX_XRES 0x1
44 #define VBE_DISPI_INDEX_YRES 0x2
45 #define VBE_DISPI_INDEX_BPP 0x3
46 #define VBE_DISPI_INDEX_ENABLE 0x4
47 #define VBE_DISPI_INDEX_BANK 0x5
48 #define VBE_DISPI_INDEX_VIRT_WIDTH 0x6
49 #define VBE_DISPI_INDEX_VIRT_HEIGHT 0x7
50 #define VBE_DISPI_INDEX_X_OFFSET 0x8
51 #define VBE_DISPI_INDEX_Y_OFFSET 0x9
52 #define VBE_DISPI_INDEX_VIDEO_MEMORY_64K 0xa
53 #define VBE_DISPI_INDEX_COUNT 0xb
54
55 #define VBE_DISPI_ID0 0xB0C0
56 #define VBE_DISPI_ID1 0xB0C1
57 #define VBE_DISPI_ID2 0xB0C2
58 #define VBE_DISPI_ID3 0xB0C3
59 #define VBE_DISPI_ID4 0xB0C4
60 #define VBE_DISPI_ID5 0xB0C5
61
62 #define VBE_DISPI_DISABLED 0x00
63 #define VBE_DISPI_ENABLED 0x01
64 #define VBE_DISPI_GETCAPS 0x02
65 #define VBE_DISPI_8BIT_DAC 0x20
66 #define VBE_DISPI_LFB_ENABLED 0x40
67 #define VBE_DISPI_NOCLEARMEM 0x80
68
69
70 #define MBOCHS_NAME "mbochs"
71 #define MBOCHS_CLASS_NAME "mbochs"
72
73 #define MBOCHS_EDID_REGION_INDEX VFIO_PCI_NUM_REGIONS
74 #define MBOCHS_NUM_REGIONS (MBOCHS_EDID_REGION_INDEX+1)
75
76 #define MBOCHS_CONFIG_SPACE_SIZE 0xff
77 #define MBOCHS_MMIO_BAR_OFFSET PAGE_SIZE
78 #define MBOCHS_MMIO_BAR_SIZE PAGE_SIZE
79 #define MBOCHS_EDID_OFFSET (MBOCHS_MMIO_BAR_OFFSET + \
80 MBOCHS_MMIO_BAR_SIZE)
81 #define MBOCHS_EDID_SIZE PAGE_SIZE
82 #define MBOCHS_MEMORY_BAR_OFFSET (MBOCHS_EDID_OFFSET + \
83 MBOCHS_EDID_SIZE)
84
85 #define MBOCHS_EDID_BLOB_OFFSET (MBOCHS_EDID_SIZE/2)
86
87 #define STORE_LE16(addr, val) (*(u16 *)addr = val)
88 #define STORE_LE32(addr, val) (*(u32 *)addr = val)
89
90
91 MODULE_DESCRIPTION("Mediated virtual PCI display host device driver");
92 MODULE_LICENSE("GPL v2");
93
94 static int max_mbytes = 256;
95 module_param_named(count, max_mbytes, int, 0444);
96 MODULE_PARM_DESC(mem, "megabytes available to " MBOCHS_NAME " devices");
97
98
99 #define MBOCHS_TYPE_1 "small"
100 #define MBOCHS_TYPE_2 "medium"
101 #define MBOCHS_TYPE_3 "large"
102
103 static struct mbochs_type {
104 struct mdev_type type;
105 u32 mbytes;
106 u32 max_x;
107 u32 max_y;
108 } mbochs_types[] = {
109 {
110 .type.sysfs_name = MBOCHS_TYPE_1,
111 .type.pretty_name = MBOCHS_CLASS_NAME "-" MBOCHS_TYPE_1,
112 .mbytes = 4,
113 .max_x = 800,
114 .max_y = 600,
115 }, {
116 .type.sysfs_name = MBOCHS_TYPE_2,
117 .type.pretty_name = MBOCHS_CLASS_NAME "-" MBOCHS_TYPE_2,
118 .mbytes = 16,
119 .max_x = 1920,
120 .max_y = 1440,
121 }, {
122 .type.sysfs_name = MBOCHS_TYPE_3,
123 .type.pretty_name = MBOCHS_CLASS_NAME "-" MBOCHS_TYPE_3,
124 .mbytes = 64,
125 .max_x = 0,
126 .max_y = 0,
127 },
128 };
129
130 static struct mdev_type *mbochs_mdev_types[] = {
131 &mbochs_types[0].type,
132 &mbochs_types[1].type,
133 &mbochs_types[2].type,
134 };
135
136 static dev_t mbochs_devt;
137 static const struct class mbochs_class = {
138 .name = MBOCHS_CLASS_NAME,
139 };
140 static struct cdev mbochs_cdev;
141 static struct device mbochs_dev;
142 static struct mdev_parent mbochs_parent;
143 static atomic_t mbochs_avail_mbytes;
144 static const struct vfio_device_ops mbochs_dev_ops;
145
146 struct vfio_region_info_ext {
147 struct vfio_region_info base;
148 struct vfio_region_info_cap_type type;
149 };
150
151 struct mbochs_mode {
152 u32 drm_format;
153 u32 bytepp;
154 u32 width;
155 u32 height;
156 u32 stride;
157 u32 __pad;
158 u64 offset;
159 u64 size;
160 };
161
162 struct mbochs_dmabuf {
163 struct mbochs_mode mode;
164 u32 id;
165 struct page **pages;
166 pgoff_t pagecount;
167 struct dma_buf *buf;
168 struct mdev_state *mdev_state;
169 struct list_head next;
170 bool unlinked;
171 };
172
173 /* State of each mdev device */
174 struct mdev_state {
175 struct vfio_device vdev;
176 u8 *vconfig;
177 u64 bar_mask[3];
178 u32 memory_bar_mask;
179 struct mutex ops_lock;
180 struct mdev_device *mdev;
181
182 const struct mbochs_type *type;
183 u16 vbe[VBE_DISPI_INDEX_COUNT];
184 u64 memsize;
185 struct page **pages;
186 pgoff_t pagecount;
187 struct vfio_region_gfx_edid edid_regs;
188 u8 edid_blob[0x400];
189
190 struct list_head dmabufs;
191 u32 active_id;
192 u32 next_id;
193 };
194
195 static const char *vbe_name_list[VBE_DISPI_INDEX_COUNT] = {
196 [VBE_DISPI_INDEX_ID] = "id",
197 [VBE_DISPI_INDEX_XRES] = "xres",
198 [VBE_DISPI_INDEX_YRES] = "yres",
199 [VBE_DISPI_INDEX_BPP] = "bpp",
200 [VBE_DISPI_INDEX_ENABLE] = "enable",
201 [VBE_DISPI_INDEX_BANK] = "bank",
202 [VBE_DISPI_INDEX_VIRT_WIDTH] = "virt-width",
203 [VBE_DISPI_INDEX_VIRT_HEIGHT] = "virt-height",
204 [VBE_DISPI_INDEX_X_OFFSET] = "x-offset",
205 [VBE_DISPI_INDEX_Y_OFFSET] = "y-offset",
206 [VBE_DISPI_INDEX_VIDEO_MEMORY_64K] = "video-mem",
207 };
208
209 static const char *vbe_name(u32 index)
210 {
211 if (index < ARRAY_SIZE(vbe_name_list))
212 return vbe_name_list[index];
213 return "(invalid)";
214 }
215
216 static struct page *__mbochs_get_page(struct mdev_state *mdev_state,
217 pgoff_t pgoff);
218 static struct page *mbochs_get_page(struct mdev_state *mdev_state,
219 pgoff_t pgoff);
220
221 static void mbochs_create_config_space(struct mdev_state *mdev_state)
222 {
223 STORE_LE16((u16 *) &mdev_state->vconfig[PCI_VENDOR_ID],
224 0x1234);
225 STORE_LE16((u16 *) &mdev_state->vconfig[PCI_DEVICE_ID],
226 0x1111);
227 STORE_LE16((u16 *) &mdev_state->vconfig[PCI_SUBSYSTEM_VENDOR_ID],
228 PCI_SUBVENDOR_ID_REDHAT_QUMRANET);
229 STORE_LE16((u16 *) &mdev_state->vconfig[PCI_SUBSYSTEM_ID],
230 PCI_SUBDEVICE_ID_QEMU);
231
232 STORE_LE16((u16 *) &mdev_state->vconfig[PCI_COMMAND],
233 PCI_COMMAND_IO | PCI_COMMAND_MEMORY);
234 STORE_LE16((u16 *) &mdev_state->vconfig[PCI_CLASS_DEVICE],
235 PCI_CLASS_DISPLAY_OTHER);
236 mdev_state->vconfig[PCI_CLASS_REVISION] = 0x01;
237
238 STORE_LE32((u32 *) &mdev_state->vconfig[PCI_BASE_ADDRESS_0],
239 PCI_BASE_ADDRESS_SPACE_MEMORY |
240 PCI_BASE_ADDRESS_MEM_TYPE_32 |
241 PCI_BASE_ADDRESS_MEM_PREFETCH);
242 mdev_state->bar_mask[0] = ~(mdev_state->memsize) + 1;
243
244 STORE_LE32((u32 *) &mdev_state->vconfig[PCI_BASE_ADDRESS_2],
245 PCI_BASE_ADDRESS_SPACE_MEMORY |
246 PCI_BASE_ADDRESS_MEM_TYPE_32);
247 mdev_state->bar_mask[2] = ~(MBOCHS_MMIO_BAR_SIZE) + 1;
248 }
249
250 static int mbochs_check_framebuffer(struct mdev_state *mdev_state,
251 struct mbochs_mode *mode)
252 {
253 struct device *dev = mdev_dev(mdev_state->mdev);
254 u16 *vbe = mdev_state->vbe;
255 u32 virt_width;
256
257 WARN_ON(!mutex_is_locked(&mdev_state->ops_lock));
258
259 if (!(vbe[VBE_DISPI_INDEX_ENABLE] & VBE_DISPI_ENABLED))
260 goto nofb;
261
262 memset(mode, 0, sizeof(*mode));
263 switch (vbe[VBE_DISPI_INDEX_BPP]) {
264 case 32:
265 mode->drm_format = DRM_FORMAT_XRGB8888;
266 mode->bytepp = 4;
267 break;
268 default:
269 dev_info_ratelimited(dev, "%s: bpp %d not supported\n",
270 __func__, vbe[VBE_DISPI_INDEX_BPP]);
271 goto nofb;
272 }
273
274 mode->width = vbe[VBE_DISPI_INDEX_XRES];
275 mode->height = vbe[VBE_DISPI_INDEX_YRES];
276 virt_width = vbe[VBE_DISPI_INDEX_VIRT_WIDTH];
277 if (virt_width < mode->width)
278 virt_width = mode->width;
279 mode->stride = virt_width * mode->bytepp;
280 mode->size = (u64)mode->stride * mode->height;
281 mode->offset = ((u64)vbe[VBE_DISPI_INDEX_X_OFFSET] * mode->bytepp +
282 (u64)vbe[VBE_DISPI_INDEX_Y_OFFSET] * mode->stride);
283
284 if (mode->width < 64 || mode->height < 64) {
285 dev_info_ratelimited(dev, "%s: invalid resolution %dx%d\n",
286 __func__, mode->width, mode->height);
287 goto nofb;
288 }
289 if (mode->offset + mode->size > mdev_state->memsize) {
290 dev_info_ratelimited(dev, "%s: framebuffer memory overflow\n",
291 __func__);
292 goto nofb;
293 }
294
295 return 0;
296
297 nofb:
298 memset(mode, 0, sizeof(*mode));
299 return -EINVAL;
300 }
301
302 static bool mbochs_modes_equal(struct mbochs_mode *mode1,
303 struct mbochs_mode *mode2)
304 {
305 return memcmp(mode1, mode2, sizeof(struct mbochs_mode)) == 0;
306 }
307
308 static void handle_pci_cfg_write(struct mdev_state *mdev_state, u16 offset,
309 char *buf, u32 count)
310 {
311 struct device *dev = mdev_dev(mdev_state->mdev);
312 int index = (offset - PCI_BASE_ADDRESS_0) / 0x04;
313 u32 cfg_addr;
314
315 switch (offset) {
316 case PCI_BASE_ADDRESS_0:
317 case PCI_BASE_ADDRESS_2:
318 cfg_addr = *(u32 *)buf;
319
320 if (cfg_addr == 0xffffffff) {
321 cfg_addr = (cfg_addr & mdev_state->bar_mask[index]);
322 } else {
323 cfg_addr &= PCI_BASE_ADDRESS_MEM_MASK;
324 if (cfg_addr)
325 dev_info(dev, "BAR #%d @ 0x%x\n",
326 index, cfg_addr);
327 }
328
329 cfg_addr |= (mdev_state->vconfig[offset] &
330 ~PCI_BASE_ADDRESS_MEM_MASK);
331 STORE_LE32(&mdev_state->vconfig[offset], cfg_addr);
332 break;
333 }
334 }
335
336 static void handle_mmio_write(struct mdev_state *mdev_state, u16 offset,
337 char *buf, u32 count)
338 {
339 struct device *dev = mdev_dev(mdev_state->mdev);
340 int index;
341 u16 reg16;
342
343 switch (offset) {
344 case 0x400 ... 0x41f: /* vga ioports remapped */
345 goto unhandled;
346 case 0x500 ... 0x515: /* bochs dispi interface */
347 if (count != 2)
348 goto unhandled;
349 index = (offset - 0x500) / 2;
350 reg16 = *(u16 *)buf;
351 if (index < ARRAY_SIZE(mdev_state->vbe))
352 mdev_state->vbe[index] = reg16;
353 dev_dbg(dev, "%s: vbe write %d = %d (%s)\n",
354 __func__, index, reg16, vbe_name(index));
355 break;
356 case 0x600 ... 0x607: /* qemu extended regs */
357 goto unhandled;
358 default:
359 unhandled:
360 dev_dbg(dev, "%s: @0x%03x, count %d (unhandled)\n",
361 __func__, offset, count);
362 break;
363 }
364 }
365
366 static void handle_mmio_read(struct mdev_state *mdev_state, u16 offset,
367 char *buf, u32 count)
368 {
369 struct device *dev = mdev_dev(mdev_state->mdev);
370 struct vfio_region_gfx_edid *edid;
371 u16 reg16 = 0;
372 int index;
373
374 switch (offset) {
375 case 0x000 ... 0x3ff: /* edid block */
376 edid = &mdev_state->edid_regs;
377 if (edid->link_state != VFIO_DEVICE_GFX_LINK_STATE_UP ||
378 offset >= edid->edid_size) {
379 memset(buf, 0, count);
380 break;
381 }
382 memcpy(buf, mdev_state->edid_blob + offset, count);
383 break;
384 case 0x500 ... 0x515: /* bochs dispi interface */
385 if (count != 2)
386 goto unhandled;
387 index = (offset - 0x500) / 2;
388 if (index < ARRAY_SIZE(mdev_state->vbe))
389 reg16 = mdev_state->vbe[index];
390 dev_dbg(dev, "%s: vbe read %d = %d (%s)\n",
391 __func__, index, reg16, vbe_name(index));
392 *(u16 *)buf = reg16;
393 break;
394 default:
395 unhandled:
396 dev_dbg(dev, "%s: @0x%03x, count %d (unhandled)\n",
397 __func__, offset, count);
398 memset(buf, 0, count);
399 break;
400 }
401 }
402
403 static void handle_edid_regs(struct mdev_state *mdev_state, u16 offset,
404 char *buf, u32 count, bool is_write)
405 {
406 char *regs = (void *)&mdev_state->edid_regs;
407
408 if (offset + count > sizeof(mdev_state->edid_regs))
409 return;
410 if (count != 4)
411 return;
412 if (offset % 4)
413 return;
414
415 if (is_write) {
416 switch (offset) {
417 case offsetof(struct vfio_region_gfx_edid, link_state):
418 case offsetof(struct vfio_region_gfx_edid, edid_size):
419 memcpy(regs + offset, buf, count);
420 break;
421 default:
422 /* read-only regs */
423 break;
424 }
425 } else {
426 memcpy(buf, regs + offset, count);
427 }
428 }
429
430 static void handle_edid_blob(struct mdev_state *mdev_state, u16 offset,
431 char *buf, u32 count, bool is_write)
432 {
433 if (offset + count > mdev_state->edid_regs.edid_max_size)
434 return;
435 if (is_write)
436 memcpy(mdev_state->edid_blob + offset, buf, count);
437 else
438 memcpy(buf, mdev_state->edid_blob + offset, count);
439 }
440
441 static ssize_t mdev_access(struct mdev_state *mdev_state, char *buf,
442 size_t count, loff_t pos, bool is_write)
443 {
444 struct page *pg;
445 loff_t poff;
446 char *map;
447 int ret = 0;
448
449 mutex_lock(&mdev_state->ops_lock);
450
451 if (pos < MBOCHS_CONFIG_SPACE_SIZE) {
452 if (is_write)
453 handle_pci_cfg_write(mdev_state, pos, buf, count);
454 else
455 memcpy(buf, (mdev_state->vconfig + pos), count);
456
457 } else if (pos >= MBOCHS_MMIO_BAR_OFFSET &&
458 pos + count <= (MBOCHS_MMIO_BAR_OFFSET +
459 MBOCHS_MMIO_BAR_SIZE)) {
460 pos -= MBOCHS_MMIO_BAR_OFFSET;
461 if (is_write)
462 handle_mmio_write(mdev_state, pos, buf, count);
463 else
464 handle_mmio_read(mdev_state, pos, buf, count);
465
466 } else if (pos >= MBOCHS_EDID_OFFSET &&
467 pos + count <= (MBOCHS_EDID_OFFSET +
468 MBOCHS_EDID_SIZE)) {
469 pos -= MBOCHS_EDID_OFFSET;
470 if (pos < MBOCHS_EDID_BLOB_OFFSET) {
471 handle_edid_regs(mdev_state, pos, buf, count, is_write);
472 } else {
473 pos -= MBOCHS_EDID_BLOB_OFFSET;
474 handle_edid_blob(mdev_state, pos, buf, count, is_write);
475 }
476
477 } else if (pos >= MBOCHS_MEMORY_BAR_OFFSET &&
478 pos + count <=
479 MBOCHS_MEMORY_BAR_OFFSET + mdev_state->memsize) {
480 pos -= MBOCHS_MMIO_BAR_OFFSET;
481 poff = pos & ~PAGE_MASK;
482 pg = __mbochs_get_page(mdev_state, pos >> PAGE_SHIFT);
483 map = kmap(pg);
484 if (is_write)
485 memcpy(map + poff, buf, count);
486 else
487 memcpy(buf, map + poff, count);
488 kunmap(pg);
489 put_page(pg);
490
491 } else {
492 dev_dbg(mdev_state->vdev.dev, "%s: %s @0x%llx (unhandled)\n",
493 __func__, is_write ? "WR" : "RD", pos);
494 ret = -1;
495 goto accessfailed;
496 }
497
498 ret = count;
499
500
501 accessfailed:
502 mutex_unlock(&mdev_state->ops_lock);
503
504 return ret;
505 }
506
507 static int mbochs_reset(struct mdev_state *mdev_state)
508 {
509 u32 size64k = mdev_state->memsize / (64 * 1024);
510 int i;
511
512 for (i = 0; i < ARRAY_SIZE(mdev_state->vbe); i++)
513 mdev_state->vbe[i] = 0;
514 mdev_state->vbe[VBE_DISPI_INDEX_ID] = VBE_DISPI_ID5;
515 mdev_state->vbe[VBE_DISPI_INDEX_VIDEO_MEMORY_64K] = size64k;
516 return 0;
517 }
518
519 static int mbochs_init_dev(struct vfio_device *vdev)
520 {
521 struct mdev_state *mdev_state =
522 container_of(vdev, struct mdev_state, vdev);
523 struct mdev_device *mdev = to_mdev_device(vdev->dev);
524 struct mbochs_type *type =
525 container_of(mdev->type, struct mbochs_type, type);
526 int avail_mbytes = atomic_read(&mbochs_avail_mbytes);
527 int ret = -ENOMEM;
528
529 do {
530 if (avail_mbytes < type->mbytes)
531 return -ENOSPC;
532 } while (!atomic_try_cmpxchg(&mbochs_avail_mbytes, &avail_mbytes,
533 avail_mbytes - type->mbytes));
534
535 mdev_state->vconfig = kzalloc(MBOCHS_CONFIG_SPACE_SIZE, GFP_KERNEL);
536 if (!mdev_state->vconfig)
537 goto err_avail;
538
539 mdev_state->memsize = type->mbytes * 1024 * 1024;
540 mdev_state->pagecount = mdev_state->memsize >> PAGE_SHIFT;
541 mdev_state->pages = kcalloc(mdev_state->pagecount,
542 sizeof(struct page *),
543 GFP_KERNEL);
544 if (!mdev_state->pages)
545 goto err_vconfig;
546
547 mutex_init(&mdev_state->ops_lock);
548 mdev_state->mdev = mdev;
549 INIT_LIST_HEAD(&mdev_state->dmabufs);
550 mdev_state->next_id = 1;
551
552 mdev_state->type = type;
553 mdev_state->edid_regs.max_xres = type->max_x;
554 mdev_state->edid_regs.max_yres = type->max_y;
555 mdev_state->edid_regs.edid_offset = MBOCHS_EDID_BLOB_OFFSET;
556 mdev_state->edid_regs.edid_max_size = sizeof(mdev_state->edid_blob);
557 mbochs_create_config_space(mdev_state);
558 mbochs_reset(mdev_state);
559
560 dev_info(vdev->dev, "%s: %s, %d MB, %ld pages\n", __func__,
561 type->type.pretty_name, type->mbytes, mdev_state->pagecount);
562 return 0;
563
564 err_vconfig:
565 kfree(mdev_state->vconfig);
566 err_avail:
567 atomic_add(type->mbytes, &mbochs_avail_mbytes);
568 return ret;
569 }
570
571 static int mbochs_probe(struct mdev_device *mdev)
572 {
573 struct mdev_state *mdev_state;
574 int ret = -ENOMEM;
575
576 mdev_state = vfio_alloc_device(mdev_state, vdev, &mdev->dev,
577 &mbochs_dev_ops);
578 if (IS_ERR(mdev_state))
579 return PTR_ERR(mdev_state);
580
581 ret = vfio_register_emulated_iommu_dev(&mdev_state->vdev);
582 if (ret)
583 goto err_put_vdev;
584 dev_set_drvdata(&mdev->dev, mdev_state);
585 return 0;
586
587 err_put_vdev:
588 vfio_put_device(&mdev_state->vdev);
589 return ret;
590 }
591
592 static void mbochs_release_dev(struct vfio_device *vdev)
593 {
594 struct mdev_state *mdev_state =
595 container_of(vdev, struct mdev_state, vdev);
596
597 atomic_add(mdev_state->type->mbytes, &mbochs_avail_mbytes);
598 kfree(mdev_state->pages);
599 kfree(mdev_state->vconfig);
600 }
601
602 static void mbochs_remove(struct mdev_device *mdev)
603 {
604 struct mdev_state *mdev_state = dev_get_drvdata(&mdev->dev);
605
606 vfio_unregister_group_dev(&mdev_state->vdev);
607 vfio_put_device(&mdev_state->vdev);
608 }
609
610 static ssize_t mbochs_read(struct vfio_device *vdev, char __user *buf,
611 size_t count, loff_t *ppos)
612 {
613 struct mdev_state *mdev_state =
614 container_of(vdev, struct mdev_state, vdev);
615 unsigned int done = 0;
616 int ret;
617
618 while (count) {
619 size_t filled;
620
621 if (count >= 4 && !(*ppos % 4)) {
622 u32 val;
623
624 ret = mdev_access(mdev_state, (char *)&val, sizeof(val),
625 *ppos, false);
626 if (ret <= 0)
627 goto read_err;
628
629 if (copy_to_user(buf, &val, sizeof(val)))
630 goto read_err;
631
632 filled = 4;
633 } else if (count >= 2 && !(*ppos % 2)) {
634 u16 val;
635
636 ret = mdev_access(mdev_state, (char *)&val, sizeof(val),
637 *ppos, false);
638 if (ret <= 0)
639 goto read_err;
640
641 if (copy_to_user(buf, &val, sizeof(val)))
642 goto read_err;
643
644 filled = 2;
645 } else {
646 u8 val;
647
648 ret = mdev_access(mdev_state, (char *)&val, sizeof(val),
649 *ppos, false);
650 if (ret <= 0)
651 goto read_err;
652
653 if (copy_to_user(buf, &val, sizeof(val)))
654 goto read_err;
655
656 filled = 1;
657 }
658
659 count -= filled;
660 done += filled;
661 *ppos += filled;
662 buf += filled;
663 }
664
665 return done;
666
667 read_err:
668 return -EFAULT;
669 }
670
671 static ssize_t mbochs_write(struct vfio_device *vdev, const char __user *buf,
672 size_t count, loff_t *ppos)
673 {
674 struct mdev_state *mdev_state =
675 container_of(vdev, struct mdev_state, vdev);
676 unsigned int done = 0;
677 int ret;
678
679 while (count) {
680 size_t filled;
681
682 if (count >= 4 && !(*ppos % 4)) {
683 u32 val;
684
685 if (copy_from_user(&val, buf, sizeof(val)))
686 goto write_err;
687
688 ret = mdev_access(mdev_state, (char *)&val, sizeof(val),
689 *ppos, true);
690 if (ret <= 0)
691 goto write_err;
692
693 filled = 4;
694 } else if (count >= 2 && !(*ppos % 2)) {
695 u16 val;
696
697 if (copy_from_user(&val, buf, sizeof(val)))
698 goto write_err;
699
700 ret = mdev_access(mdev_state, (char *)&val, sizeof(val),
701 *ppos, true);
702 if (ret <= 0)
703 goto write_err;
704
705 filled = 2;
706 } else {
707 u8 val;
708
709 if (copy_from_user(&val, buf, sizeof(val)))
710 goto write_err;
711
712 ret = mdev_access(mdev_state, (char *)&val, sizeof(val),
713 *ppos, true);
714 if (ret <= 0)
715 goto write_err;
716
717 filled = 1;
718 }
719 count -= filled;
720 done += filled;
721 *ppos += filled;
722 buf += filled;
723 }
724
725 return done;
726 write_err:
727 return -EFAULT;
728 }
729
730 static struct page *__mbochs_get_page(struct mdev_state *mdev_state,
731 pgoff_t pgoff)
732 {
733 WARN_ON(!mutex_is_locked(&mdev_state->ops_lock));
734
735 if (!mdev_state->pages[pgoff]) {
736 mdev_state->pages[pgoff] =
737 alloc_pages(GFP_HIGHUSER | __GFP_ZERO, 0);
738 if (!mdev_state->pages[pgoff])
739 return NULL;
740 }
741
742 get_page(mdev_state->pages[pgoff]);
743 return mdev_state->pages[pgoff];
744 }
745
746 static struct page *mbochs_get_page(struct mdev_state *mdev_state,
747 pgoff_t pgoff)
748 {
749 struct page *page;
750
751 if (WARN_ON(pgoff >= mdev_state->pagecount))
752 return NULL;
753
754 mutex_lock(&mdev_state->ops_lock);
755 page = __mbochs_get_page(mdev_state, pgoff);
756 mutex_unlock(&mdev_state->ops_lock);
757
758 return page;
759 }
760
761 static void mbochs_put_pages(struct mdev_state *mdev_state)
762 {
763 struct device *dev = mdev_dev(mdev_state->mdev);
764 int i, count = 0;
765
766 WARN_ON(!mutex_is_locked(&mdev_state->ops_lock));
767
768 for (i = 0; i < mdev_state->pagecount; i++) {
769 if (!mdev_state->pages[i])
770 continue;
771 put_page(mdev_state->pages[i]);
772 mdev_state->pages[i] = NULL;
773 count++;
774 }
775 dev_dbg(dev, "%s: %d pages released\n", __func__, count);
776 }
777
778 static vm_fault_t mbochs_region_vm_fault(struct vm_fault *vmf)
779 {
780 struct vm_area_struct *vma = vmf->vma;
781 struct mdev_state *mdev_state = vma->vm_private_data;
782 pgoff_t page_offset = (vmf->address - vma->vm_start) >> PAGE_SHIFT;
783
784 if (page_offset >= mdev_state->pagecount)
785 return VM_FAULT_SIGBUS;
786
787 vmf->page = mbochs_get_page(mdev_state, page_offset);
788 if (!vmf->page)
789 return VM_FAULT_SIGBUS;
790
791 return 0;
792 }
793
794 static const struct vm_operations_struct mbochs_region_vm_ops = {
795 .fault = mbochs_region_vm_fault,
796 };
797
798 static int mbochs_mmap(struct vfio_device *vdev, struct vm_area_struct *vma)
799 {
800 struct mdev_state *mdev_state =
801 container_of(vdev, struct mdev_state, vdev);
802
803 if (vma->vm_pgoff != MBOCHS_MEMORY_BAR_OFFSET >> PAGE_SHIFT)
804 return -EINVAL;
805 if (vma->vm_end < vma->vm_start)
806 return -EINVAL;
807 if (vma->vm_end - vma->vm_start > mdev_state->memsize)
808 return -EINVAL;
809 if ((vma->vm_flags & VM_SHARED) == 0)
810 return -EINVAL;
811
812 vma->vm_ops = &mbochs_region_vm_ops;
813 vma->vm_private_data = mdev_state;
814 return 0;
815 }
816
817 static vm_fault_t mbochs_dmabuf_vm_fault(struct vm_fault *vmf)
818 {
819 struct vm_area_struct *vma = vmf->vma;
820 struct mbochs_dmabuf *dmabuf = vma->vm_private_data;
821
822 if (WARN_ON(vmf->pgoff >= dmabuf->pagecount))
823 return VM_FAULT_SIGBUS;
824
825 vmf->page = dmabuf->pages[vmf->pgoff];
826 get_page(vmf->page);
827 return 0;
828 }
829
830 static const struct vm_operations_struct mbochs_dmabuf_vm_ops = {
831 .fault = mbochs_dmabuf_vm_fault,
832 };
833
834 static int mbochs_mmap_dmabuf(struct dma_buf *buf, struct vm_area_struct *vma)
835 {
836 struct mbochs_dmabuf *dmabuf = buf->priv;
837 struct device *dev = mdev_dev(dmabuf->mdev_state->mdev);
838
839 dev_dbg(dev, "%s: %d\n", __func__, dmabuf->id);
840
841 if ((vma->vm_flags & VM_SHARED) == 0)
842 return -EINVAL;
843
844 vma->vm_ops = &mbochs_dmabuf_vm_ops;
845 vma->vm_private_data = dmabuf;
846 return 0;
847 }
848
849 static void mbochs_print_dmabuf(struct mbochs_dmabuf *dmabuf,
850 const char *prefix)
851 {
852 struct device *dev = mdev_dev(dmabuf->mdev_state->mdev);
853 u32 fourcc = dmabuf->mode.drm_format;
854
855 dev_dbg(dev, "%s/%d: %c%c%c%c, %dx%d, stride %d, off 0x%llx, size 0x%llx, pages %ld\n",
856 prefix, dmabuf->id,
857 fourcc ? ((fourcc >> 0) & 0xff) : '-',
858 fourcc ? ((fourcc >> 8) & 0xff) : '-',
859 fourcc ? ((fourcc >> 16) & 0xff) : '-',
860 fourcc ? ((fourcc >> 24) & 0xff) : '-',
861 dmabuf->mode.width, dmabuf->mode.height, dmabuf->mode.stride,
862 dmabuf->mode.offset, dmabuf->mode.size, dmabuf->pagecount);
863 }
864
865 static struct sg_table *mbochs_map_dmabuf(struct dma_buf_attachment *at,
866 enum dma_data_direction direction)
867 {
868 struct mbochs_dmabuf *dmabuf = at->dmabuf->priv;
869 struct device *dev = mdev_dev(dmabuf->mdev_state->mdev);
870 struct sg_table *sg;
871
872 dev_dbg(dev, "%s: %d\n", __func__, dmabuf->id);
873
874 sg = kzalloc(sizeof(*sg), GFP_KERNEL);
875 if (!sg)
876 goto err1;
877 if (sg_alloc_table_from_pages(sg, dmabuf->pages, dmabuf->pagecount,
878 0, dmabuf->mode.size, GFP_KERNEL) < 0)
879 goto err2;
880 if (dma_map_sgtable(at->dev, sg, direction, 0))
881 goto err3;
882
883 return sg;
884
885 err3:
886 sg_free_table(sg);
887 err2:
888 kfree(sg);
889 err1:
890 return ERR_PTR(-ENOMEM);
891 }
892
893 static void mbochs_unmap_dmabuf(struct dma_buf_attachment *at,
894 struct sg_table *sg,
895 enum dma_data_direction direction)
896 {
897 struct mbochs_dmabuf *dmabuf = at->dmabuf->priv;
898 struct device *dev = mdev_dev(dmabuf->mdev_state->mdev);
899
900 dev_dbg(dev, "%s: %d\n", __func__, dmabuf->id);
901
902 dma_unmap_sgtable(at->dev, sg, direction, 0);
903 sg_free_table(sg);
904 kfree(sg);
905 }
906
907 static void mbochs_release_dmabuf(struct dma_buf *buf)
908 {
909 struct mbochs_dmabuf *dmabuf = buf->priv;
910 struct mdev_state *mdev_state = dmabuf->mdev_state;
911 struct device *dev = mdev_dev(mdev_state->mdev);
912 pgoff_t pg;
913
914 dev_dbg(dev, "%s: %d\n", __func__, dmabuf->id);
915
916 for (pg = 0; pg < dmabuf->pagecount; pg++)
917 put_page(dmabuf->pages[pg]);
918
919 mutex_lock(&mdev_state->ops_lock);
920 dmabuf->buf = NULL;
921 if (dmabuf->unlinked)
922 kfree(dmabuf);
923 mutex_unlock(&mdev_state->ops_lock);
924 }
925
926 static struct dma_buf_ops mbochs_dmabuf_ops = {
927 .map_dma_buf = mbochs_map_dmabuf,
928 .unmap_dma_buf = mbochs_unmap_dmabuf,
929 .release = mbochs_release_dmabuf,
930 .mmap = mbochs_mmap_dmabuf,
931 };
932
933 static struct mbochs_dmabuf *mbochs_dmabuf_alloc(struct mdev_state *mdev_state,
934 struct mbochs_mode *mode)
935 {
936 struct mbochs_dmabuf *dmabuf;
937 pgoff_t page_offset, pg;
938
939 WARN_ON(!mutex_is_locked(&mdev_state->ops_lock));
940
941 dmabuf = kzalloc(sizeof(struct mbochs_dmabuf), GFP_KERNEL);
942 if (!dmabuf)
943 return NULL;
944
945 dmabuf->mode = *mode;
946 dmabuf->id = mdev_state->next_id++;
947 dmabuf->pagecount = DIV_ROUND_UP(mode->size, PAGE_SIZE);
948 dmabuf->pages = kcalloc(dmabuf->pagecount, sizeof(struct page *),
949 GFP_KERNEL);
950 if (!dmabuf->pages)
951 goto err_free_dmabuf;
952
953 page_offset = dmabuf->mode.offset >> PAGE_SHIFT;
954 for (pg = 0; pg < dmabuf->pagecount; pg++) {
955 dmabuf->pages[pg] = __mbochs_get_page(mdev_state,
956 page_offset + pg);
957 if (!dmabuf->pages[pg])
958 goto err_free_pages;
959 }
960
961 dmabuf->mdev_state = mdev_state;
962 list_add(&dmabuf->next, &mdev_state->dmabufs);
963
964 mbochs_print_dmabuf(dmabuf, __func__);
965 return dmabuf;
966
967 err_free_pages:
968 while (pg > 0)
969 put_page(dmabuf->pages[--pg]);
970 kfree(dmabuf->pages);
971 err_free_dmabuf:
972 kfree(dmabuf);
973 return NULL;
974 }
975
976 static struct mbochs_dmabuf *
977 mbochs_dmabuf_find_by_mode(struct mdev_state *mdev_state,
978 struct mbochs_mode *mode)
979 {
980 struct mbochs_dmabuf *dmabuf;
981
982 WARN_ON(!mutex_is_locked(&mdev_state->ops_lock));
983
984 list_for_each_entry(dmabuf, &mdev_state->dmabufs, next)
985 if (mbochs_modes_equal(&dmabuf->mode, mode))
986 return dmabuf;
987
988 return NULL;
989 }
990
991 static struct mbochs_dmabuf *
992 mbochs_dmabuf_find_by_id(struct mdev_state *mdev_state, u32 id)
993 {
994 struct mbochs_dmabuf *dmabuf;
995
996 WARN_ON(!mutex_is_locked(&mdev_state->ops_lock));
997
998 list_for_each_entry(dmabuf, &mdev_state->dmabufs, next)
999 if (dmabuf->id == id)
1000 return dmabuf;
1001
1002 return NULL;
1003 }
1004
1005 static int mbochs_dmabuf_export(struct mbochs_dmabuf *dmabuf)
1006 {
1007 struct mdev_state *mdev_state = dmabuf->mdev_state;
1008 struct device *dev = mdev_state->vdev.dev;
1009 DEFINE_DMA_BUF_EXPORT_INFO(exp_info);
1010 struct dma_buf *buf;
1011
1012 WARN_ON(!mutex_is_locked(&mdev_state->ops_lock));
1013
1014 if (!IS_ALIGNED(dmabuf->mode.offset, PAGE_SIZE)) {
1015 dev_info_ratelimited(dev, "%s: framebuffer not page-aligned\n",
1016 __func__);
1017 return -EINVAL;
1018 }
1019
1020 exp_info.ops = &mbochs_dmabuf_ops;
1021 exp_info.size = dmabuf->mode.size;
1022 exp_info.priv = dmabuf;
1023
1024 buf = dma_buf_export(&exp_info);
1025 if (IS_ERR(buf)) {
1026 dev_info_ratelimited(dev, "%s: dma_buf_export failed: %ld\n",
1027 __func__, PTR_ERR(buf));
1028 return PTR_ERR(buf);
1029 }
1030
1031 dmabuf->buf = buf;
1032 dev_dbg(dev, "%s: %d\n", __func__, dmabuf->id);
1033 return 0;
1034 }
1035
1036 static int mbochs_get_region_info(struct mdev_state *mdev_state,
1037 struct vfio_region_info_ext *ext)
1038 {
1039 struct vfio_region_info *region_info = &ext->base;
1040
1041 if (region_info->index >= MBOCHS_NUM_REGIONS)
1042 return -EINVAL;
1043
1044 switch (region_info->index) {
1045 case VFIO_PCI_CONFIG_REGION_INDEX:
1046 region_info->offset = 0;
1047 region_info->size = MBOCHS_CONFIG_SPACE_SIZE;
1048 region_info->flags = (VFIO_REGION_INFO_FLAG_READ |
1049 VFIO_REGION_INFO_FLAG_WRITE);
1050 break;
1051 case VFIO_PCI_BAR0_REGION_INDEX:
1052 region_info->offset = MBOCHS_MEMORY_BAR_OFFSET;
1053 region_info->size = mdev_state->memsize;
1054 region_info->flags = (VFIO_REGION_INFO_FLAG_READ |
1055 VFIO_REGION_INFO_FLAG_WRITE |
1056 VFIO_REGION_INFO_FLAG_MMAP);
1057 break;
1058 case VFIO_PCI_BAR2_REGION_INDEX:
1059 region_info->offset = MBOCHS_MMIO_BAR_OFFSET;
1060 region_info->size = MBOCHS_MMIO_BAR_SIZE;
1061 region_info->flags = (VFIO_REGION_INFO_FLAG_READ |
1062 VFIO_REGION_INFO_FLAG_WRITE);
1063 break;
1064 case MBOCHS_EDID_REGION_INDEX:
1065 ext->base.argsz = sizeof(*ext);
1066 ext->base.offset = MBOCHS_EDID_OFFSET;
1067 ext->base.size = MBOCHS_EDID_SIZE;
1068 ext->base.flags = (VFIO_REGION_INFO_FLAG_READ |
1069 VFIO_REGION_INFO_FLAG_WRITE |
1070 VFIO_REGION_INFO_FLAG_CAPS);
1071 ext->base.cap_offset = offsetof(typeof(*ext), type);
1072 ext->type.header.id = VFIO_REGION_INFO_CAP_TYPE;
1073 ext->type.header.version = 1;
1074 ext->type.header.next = 0;
1075 ext->type.type = VFIO_REGION_TYPE_GFX;
1076 ext->type.subtype = VFIO_REGION_SUBTYPE_GFX_EDID;
1077 break;
1078 default:
1079 region_info->size = 0;
1080 region_info->offset = 0;
1081 region_info->flags = 0;
1082 }
1083
1084 return 0;
1085 }
1086
1087 static int mbochs_get_irq_info(struct vfio_irq_info *irq_info)
1088 {
1089 irq_info->count = 0;
1090 return 0;
1091 }
1092
1093 static int mbochs_get_device_info(struct vfio_device_info *dev_info)
1094 {
1095 dev_info->flags = VFIO_DEVICE_FLAGS_PCI;
1096 dev_info->num_regions = MBOCHS_NUM_REGIONS;
1097 dev_info->num_irqs = VFIO_PCI_NUM_IRQS;
1098 return 0;
1099 }
1100
1101 static int mbochs_query_gfx_plane(struct mdev_state *mdev_state,
1102 struct vfio_device_gfx_plane_info *plane)
1103 {
1104 struct mbochs_dmabuf *dmabuf;
1105 struct mbochs_mode mode;
1106 int ret;
1107
1108 if (plane->flags & VFIO_GFX_PLANE_TYPE_PROBE) {
1109 if (plane->flags == (VFIO_GFX_PLANE_TYPE_PROBE |
1110 VFIO_GFX_PLANE_TYPE_DMABUF))
1111 return 0;
1112 return -EINVAL;
1113 }
1114
1115 if (plane->flags != VFIO_GFX_PLANE_TYPE_DMABUF)
1116 return -EINVAL;
1117
1118 plane->drm_format_mod = 0;
1119 plane->x_pos = 0;
1120 plane->y_pos = 0;
1121 plane->x_hot = 0;
1122 plane->y_hot = 0;
1123
1124 mutex_lock(&mdev_state->ops_lock);
1125
1126 ret = -EINVAL;
1127 if (plane->drm_plane_type == DRM_PLANE_TYPE_PRIMARY)
1128 ret = mbochs_check_framebuffer(mdev_state, &mode);
1129 if (ret < 0) {
1130 plane->drm_format = 0;
1131 plane->width = 0;
1132 plane->height = 0;
1133 plane->stride = 0;
1134 plane->size = 0;
1135 plane->dmabuf_id = 0;
1136 goto done;
1137 }
1138
1139 dmabuf = mbochs_dmabuf_find_by_mode(mdev_state, &mode);
1140 if (!dmabuf)
1141 mbochs_dmabuf_alloc(mdev_state, &mode);
1142 if (!dmabuf) {
1143 mutex_unlock(&mdev_state->ops_lock);
1144 return -ENOMEM;
1145 }
1146
1147 plane->drm_format = dmabuf->mode.drm_format;
1148 plane->width = dmabuf->mode.width;
1149 plane->height = dmabuf->mode.height;
1150 plane->stride = dmabuf->mode.stride;
1151 plane->size = dmabuf->mode.size;
1152 plane->dmabuf_id = dmabuf->id;
1153
1154 done:
1155 if (plane->drm_plane_type == DRM_PLANE_TYPE_PRIMARY &&
1156 mdev_state->active_id != plane->dmabuf_id) {
1157 dev_dbg(mdev_state->vdev.dev, "%s: primary: %d => %d\n",
1158 __func__, mdev_state->active_id, plane->dmabuf_id);
1159 mdev_state->active_id = plane->dmabuf_id;
1160 }
1161 mutex_unlock(&mdev_state->ops_lock);
1162 return 0;
1163 }
1164
1165 static int mbochs_get_gfx_dmabuf(struct mdev_state *mdev_state, u32 id)
1166 {
1167 struct mbochs_dmabuf *dmabuf;
1168
1169 mutex_lock(&mdev_state->ops_lock);
1170
1171 dmabuf = mbochs_dmabuf_find_by_id(mdev_state, id);
1172 if (!dmabuf) {
1173 mutex_unlock(&mdev_state->ops_lock);
1174 return -ENOENT;
1175 }
1176
1177 if (!dmabuf->buf)
1178 mbochs_dmabuf_export(dmabuf);
1179
1180 mutex_unlock(&mdev_state->ops_lock);
1181
1182 if (!dmabuf->buf)
1183 return -EINVAL;
1184
1185 return dma_buf_fd(dmabuf->buf, 0);
1186 }
1187
1188 static long mbochs_ioctl(struct vfio_device *vdev, unsigned int cmd,
1189 unsigned long arg)
1190 {
1191 struct mdev_state *mdev_state =
1192 container_of(vdev, struct mdev_state, vdev);
1193 int ret = 0;
1194 unsigned long minsz, outsz;
1195
1196 switch (cmd) {
1197 case VFIO_DEVICE_GET_INFO:
1198 {
1199 struct vfio_device_info info;
1200
1201 minsz = offsetofend(struct vfio_device_info, num_irqs);
1202
1203 if (copy_from_user(&info, (void __user *)arg, minsz))
1204 return -EFAULT;
1205
1206 if (info.argsz < minsz)
1207 return -EINVAL;
1208
1209 ret = mbochs_get_device_info(&info);
1210 if (ret)
1211 return ret;
1212
1213 if (copy_to_user((void __user *)arg, &info, minsz))
1214 return -EFAULT;
1215
1216 return 0;
1217 }
1218 case VFIO_DEVICE_GET_REGION_INFO:
1219 {
1220 struct vfio_region_info_ext info;
1221
1222 minsz = offsetofend(typeof(info), base.offset);
1223
1224 if (copy_from_user(&info, (void __user *)arg, minsz))
1225 return -EFAULT;
1226
1227 outsz = info.base.argsz;
1228 if (outsz < minsz)
1229 return -EINVAL;
1230 if (outsz > sizeof(info))
1231 return -EINVAL;
1232
1233 ret = mbochs_get_region_info(mdev_state, &info);
1234 if (ret)
1235 return ret;
1236
1237 if (copy_to_user((void __user *)arg, &info, outsz))
1238 return -EFAULT;
1239
1240 return 0;
1241 }
1242
1243 case VFIO_DEVICE_GET_IRQ_INFO:
1244 {
1245 struct vfio_irq_info info;
1246
1247 minsz = offsetofend(struct vfio_irq_info, count);
1248
1249 if (copy_from_user(&info, (void __user *)arg, minsz))
1250 return -EFAULT;
1251
1252 if ((info.argsz < minsz) ||
1253 (info.index >= VFIO_PCI_NUM_IRQS))
1254 return -EINVAL;
1255
1256 ret = mbochs_get_irq_info(&info);
1257 if (ret)
1258 return ret;
1259
1260 if (copy_to_user((void __user *)arg, &info, minsz))
1261 return -EFAULT;
1262
1263 return 0;
1264 }
1265
1266 case VFIO_DEVICE_QUERY_GFX_PLANE:
1267 {
1268 struct vfio_device_gfx_plane_info plane = {};
1269
1270 minsz = offsetofend(struct vfio_device_gfx_plane_info,
1271 region_index);
1272
1273 if (copy_from_user(&plane, (void __user *)arg, minsz))
1274 return -EFAULT;
1275
1276 if (plane.argsz < minsz)
1277 return -EINVAL;
1278
1279 ret = mbochs_query_gfx_plane(mdev_state, &plane);
1280 if (ret)
1281 return ret;
1282
1283 if (copy_to_user((void __user *)arg, &plane, minsz))
1284 return -EFAULT;
1285
1286 return 0;
1287 }
1288
1289 case VFIO_DEVICE_GET_GFX_DMABUF:
1290 {
1291 u32 dmabuf_id;
1292
1293 if (get_user(dmabuf_id, (__u32 __user *)arg))
1294 return -EFAULT;
1295
1296 return mbochs_get_gfx_dmabuf(mdev_state, dmabuf_id);
1297 }
1298
1299 case VFIO_DEVICE_SET_IRQS:
1300 return -EINVAL;
1301
1302 case VFIO_DEVICE_RESET:
1303 return mbochs_reset(mdev_state);
1304 }
1305 return -ENOTTY;
1306 }
1307
1308 static void mbochs_close_device(struct vfio_device *vdev)
1309 {
1310 struct mdev_state *mdev_state =
1311 container_of(vdev, struct mdev_state, vdev);
1312 struct mbochs_dmabuf *dmabuf, *tmp;
1313
1314 mutex_lock(&mdev_state->ops_lock);
1315
1316 list_for_each_entry_safe(dmabuf, tmp, &mdev_state->dmabufs, next) {
1317 list_del(&dmabuf->next);
1318 if (dmabuf->buf) {
1319 /* free in mbochs_release_dmabuf() */
1320 dmabuf->unlinked = true;
1321 } else {
1322 kfree(dmabuf);
1323 }
1324 }
1325 mbochs_put_pages(mdev_state);
1326
1327 mutex_unlock(&mdev_state->ops_lock);
1328 }
1329
1330 static ssize_t
1331 memory_show(struct device *dev, struct device_attribute *attr,
1332 char *buf)
1333 {
1334 struct mdev_state *mdev_state = dev_get_drvdata(dev);
1335
1336 return sprintf(buf, "%d MB\n", mdev_state->type->mbytes);
1337 }
1338 static DEVICE_ATTR_RO(memory);
1339
1340 static struct attribute *mdev_dev_attrs[] = {
1341 &dev_attr_memory.attr,
1342 NULL,
1343 };
1344
1345 static const struct attribute_group mdev_dev_group = {
1346 .name = "vendor",
1347 .attrs = mdev_dev_attrs,
1348 };
1349
1350 static const struct attribute_group *mdev_dev_groups[] = {
1351 &mdev_dev_group,
1352 NULL,
1353 };
1354
1355 static ssize_t mbochs_show_description(struct mdev_type *mtype, char *buf)
1356 {
1357 struct mbochs_type *type =
1358 container_of(mtype, struct mbochs_type, type);
1359
1360 return sprintf(buf, "virtual display, %d MB video memory\n",
1361 type ? type->mbytes : 0);
1362 }
1363
1364 static unsigned int mbochs_get_available(struct mdev_type *mtype)
1365 {
1366 struct mbochs_type *type =
1367 container_of(mtype, struct mbochs_type, type);
1368
1369 return atomic_read(&mbochs_avail_mbytes) / type->mbytes;
1370 }
1371
1372 static const struct vfio_device_ops mbochs_dev_ops = {
1373 .close_device = mbochs_close_device,
1374 .init = mbochs_init_dev,
1375 .release = mbochs_release_dev,
1376 .read = mbochs_read,
1377 .write = mbochs_write,
1378 .ioctl = mbochs_ioctl,
1379 .mmap = mbochs_mmap,
1380 .bind_iommufd = vfio_iommufd_emulated_bind,
1381 .unbind_iommufd = vfio_iommufd_emulated_unbind,
1382 .attach_ioas = vfio_iommufd_emulated_attach_ioas,
1383 .detach_ioas = vfio_iommufd_emulated_detach_ioas,
1384 };
1385
1386 static struct mdev_driver mbochs_driver = {
1387 .device_api = VFIO_DEVICE_API_PCI_STRING,
1388 .driver = {
1389 .name = "mbochs",
1390 .owner = THIS_MODULE,
1391 .mod_name = KBUILD_MODNAME,
1392 .dev_groups = mdev_dev_groups,
1393 },
1394 .probe = mbochs_probe,
1395 .remove = mbochs_remove,
1396 .get_available = mbochs_get_available,
1397 .show_description = mbochs_show_description,
1398 };
1399
1400 static const struct file_operations vd_fops = {
1401 .owner = THIS_MODULE,
1402 };
1403
1404 static void mbochs_device_release(struct device *dev)
1405 {
1406 /* nothing */
1407 }
1408
1409 static int __init mbochs_dev_init(void)
1410 {
1411 int ret = 0;
1412
1413 atomic_set(&mbochs_avail_mbytes, max_mbytes);
1414
1415 ret = alloc_chrdev_region(&mbochs_devt, 0, MINORMASK + 1, MBOCHS_NAME);
1416 if (ret < 0) {
1417 pr_err("Error: failed to register mbochs_dev, err: %d\n", ret);
1418 return ret;
1419 }
1420 cdev_init(&mbochs_cdev, &vd_fops);
1421 cdev_add(&mbochs_cdev, mbochs_devt, MINORMASK + 1);
1422 pr_info("%s: major %d\n", __func__, MAJOR(mbochs_devt));
1423
1424 ret = mdev_register_driver(&mbochs_driver);
1425 if (ret)
1426 goto err_cdev;
1427
1428 ret = class_register(&mbochs_class);
1429 if (ret)
1430 goto err_driver;
1431 mbochs_dev.class = &mbochs_class;
1432 mbochs_dev.release = mbochs_device_release;
1433 dev_set_name(&mbochs_dev, "%s", MBOCHS_NAME);
1434
1435 ret = device_register(&mbochs_dev);
1436 if (ret)
1437 goto err_put;
1438
1439 ret = mdev_register_parent(&mbochs_parent, &mbochs_dev, &mbochs_driver,
1440 mbochs_mdev_types,
1441 ARRAY_SIZE(mbochs_mdev_types));
1442 if (ret)
1443 goto err_device;
1444
1445 return 0;
1446
1447 err_device:
1448 device_del(&mbochs_dev);
1449 err_put:
1450 put_device(&mbochs_dev);
1451 class_unregister(&mbochs_class);
1452 err_driver:
1453 mdev_unregister_driver(&mbochs_driver);
1454 err_cdev:
1455 cdev_del(&mbochs_cdev);
1456 unregister_chrdev_region(mbochs_devt, MINORMASK + 1);
1457 return ret;
1458 }
1459
1460 static void __exit mbochs_dev_exit(void)
1461 {
1462 mbochs_dev.bus = NULL;
1463 mdev_unregister_parent(&mbochs_parent);
1464
1465 device_unregister(&mbochs_dev);
1466 mdev_unregister_driver(&mbochs_driver);
1467 cdev_del(&mbochs_cdev);
1468 unregister_chrdev_region(mbochs_devt, MINORMASK + 1);
1469 class_unregister(&mbochs_class);
1470 }
1471
1472 MODULE_IMPORT_NS("DMA_BUF");
1473 module_init(mbochs_dev_init)
1474 module_exit(mbochs_dev_exit)
Linux Kernel