Avoid reading past buffer when calling GETACL
[zen-stable.git] / drivers / gpu / drm / gma500 / gem.c
blob9fbb86868e2ee9c9d5e218b57c04c445415f0e56
1 /*
2 * psb GEM interface
4 * Copyright (c) 2011, Intel Corporation.
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms and conditions of the GNU General Public License,
8 * version 2, as published by the Free Software Foundation.
10 * This program is distributed in the hope it will be useful, but WITHOUT
11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
13 * more details.
15 * You should have received a copy of the GNU General Public License along with
16 * this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA.
19 * Authors: Alan Cox
21 * TODO:
22 * - we need to work out if the MMU is relevant (eg for
23 * accelerated operations on a GEM object)
26 #include <drm/drmP.h>
27 #include <drm/drm.h>
28 #include "gma_drm.h"
29 #include "psb_drv.h"
31 int psb_gem_init_object(struct drm_gem_object *obj)
33 return -EINVAL;
36 void psb_gem_free_object(struct drm_gem_object *obj)
38 struct gtt_range *gtt = container_of(obj, struct gtt_range, gem);
39 drm_gem_object_release_wrap(obj);
40 /* This must occur last as it frees up the memory of the GEM object */
41 psb_gtt_free_range(obj->dev, gtt);
44 int psb_gem_get_aperture(struct drm_device *dev, void *data,
45 struct drm_file *file)
47 return -EINVAL;
50 /**
51 * psb_gem_dumb_map_gtt - buffer mapping for dumb interface
52 * @file: our drm client file
53 * @dev: drm device
54 * @handle: GEM handle to the object (from dumb_create)
56 * Do the necessary setup to allow the mapping of the frame buffer
57 * into user memory. We don't have to do much here at the moment.
59 int psb_gem_dumb_map_gtt(struct drm_file *file, struct drm_device *dev,
60 uint32_t handle, uint64_t *offset)
62 int ret = 0;
63 struct drm_gem_object *obj;
65 if (!(dev->driver->driver_features & DRIVER_GEM))
66 return -ENODEV;
68 mutex_lock(&dev->struct_mutex);
70 /* GEM does all our handle to object mapping */
71 obj = drm_gem_object_lookup(dev, file, handle);
72 if (obj == NULL) {
73 ret = -ENOENT;
74 goto unlock;
76 /* What validation is needed here ? */
78 /* Make it mmapable */
79 if (!obj->map_list.map) {
80 ret = gem_create_mmap_offset(obj);
81 if (ret)
82 goto out;
84 /* GEM should really work out the hash offsets for us */
85 *offset = (u64)obj->map_list.hash.key << PAGE_SHIFT;
86 out:
87 drm_gem_object_unreference(obj);
88 unlock:
89 mutex_unlock(&dev->struct_mutex);
90 return ret;
93 /**
94 * psb_gem_create - create a mappable object
95 * @file: the DRM file of the client
96 * @dev: our device
97 * @size: the size requested
98 * @handlep: returned handle (opaque number)
100 * Create a GEM object, fill in the boilerplate and attach a handle to
101 * it so that userspace can speak about it. This does the core work
102 * for the various methods that do/will create GEM objects for things
104 static int psb_gem_create(struct drm_file *file,
105 struct drm_device *dev, uint64_t size, uint32_t *handlep)
107 struct gtt_range *r;
108 int ret;
109 u32 handle;
111 size = roundup(size, PAGE_SIZE);
113 /* Allocate our object - for now a direct gtt range which is not
114 stolen memory backed */
115 r = psb_gtt_alloc_range(dev, size, "gem", 0);
116 if (r == NULL) {
117 dev_err(dev->dev, "no memory for %lld byte GEM object\n", size);
118 return -ENOSPC;
120 /* Initialize the extra goodies GEM needs to do all the hard work */
121 if (drm_gem_object_init(dev, &r->gem, size) != 0) {
122 psb_gtt_free_range(dev, r);
123 /* GEM doesn't give an error code so use -ENOMEM */
124 dev_err(dev->dev, "GEM init failed for %lld\n", size);
125 return -ENOMEM;
127 /* Give the object a handle so we can carry it more easily */
128 ret = drm_gem_handle_create(file, &r->gem, &handle);
129 if (ret) {
130 dev_err(dev->dev, "GEM handle failed for %p, %lld\n",
131 &r->gem, size);
132 drm_gem_object_release(&r->gem);
133 psb_gtt_free_range(dev, r);
134 return ret;
136 /* We have the initial and handle reference but need only one now */
137 drm_gem_object_unreference(&r->gem);
138 *handlep = handle;
139 return 0;
143 * psb_gem_dumb_create - create a dumb buffer
144 * @drm_file: our client file
145 * @dev: our device
146 * @args: the requested arguments copied from userspace
148 * Allocate a buffer suitable for use for a frame buffer of the
149 * form described by user space. Give userspace a handle by which
150 * to reference it.
152 int psb_gem_dumb_create(struct drm_file *file, struct drm_device *dev,
153 struct drm_mode_create_dumb *args)
155 args->pitch = ALIGN(args->width * ((args->bpp + 7) / 8), 64);
156 args->size = args->pitch * args->height;
157 return psb_gem_create(file, dev, args->size, &args->handle);
161 * psb_gem_dumb_destroy - destroy a dumb buffer
162 * @file: client file
163 * @dev: our DRM device
164 * @handle: the object handle
166 * Destroy a handle that was created via psb_gem_dumb_create, at least
167 * we hope it was created that way. i915 seems to assume the caller
168 * does the checking but that might be worth review ! FIXME
170 int psb_gem_dumb_destroy(struct drm_file *file, struct drm_device *dev,
171 uint32_t handle)
173 /* No special work needed, drop the reference and see what falls out */
174 return drm_gem_handle_delete(file, handle);
178 * psb_gem_fault - pagefault handler for GEM objects
179 * @vma: the VMA of the GEM object
180 * @vmf: fault detail
182 * Invoked when a fault occurs on an mmap of a GEM managed area. GEM
183 * does most of the work for us including the actual map/unmap calls
184 * but we need to do the actual page work.
186 * This code eventually needs to handle faulting objects in and out
187 * of the GTT and repacking it when we run out of space. We can put
188 * that off for now and for our simple uses
190 * The VMA was set up by GEM. In doing so it also ensured that the
191 * vma->vm_private_data points to the GEM object that is backing this
192 * mapping.
194 int psb_gem_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
196 struct drm_gem_object *obj;
197 struct gtt_range *r;
198 int ret;
199 unsigned long pfn;
200 pgoff_t page_offset;
201 struct drm_device *dev;
202 struct drm_psb_private *dev_priv;
204 obj = vma->vm_private_data; /* GEM object */
205 dev = obj->dev;
206 dev_priv = dev->dev_private;
208 r = container_of(obj, struct gtt_range, gem); /* Get the gtt range */
210 /* Make sure we don't parallel update on a fault, nor move or remove
211 something from beneath our feet */
212 mutex_lock(&dev->struct_mutex);
214 /* For now the mmap pins the object and it stays pinned. As things
215 stand that will do us no harm */
216 if (r->mmapping == 0) {
217 ret = psb_gtt_pin(r);
218 if (ret < 0) {
219 dev_err(dev->dev, "gma500: pin failed: %d\n", ret);
220 goto fail;
222 r->mmapping = 1;
225 /* Page relative to the VMA start - we must calculate this ourselves
226 because vmf->pgoff is the fake GEM offset */
227 page_offset = ((unsigned long) vmf->virtual_address - vma->vm_start)
228 >> PAGE_SHIFT;
230 /* CPU view of the page, don't go via the GART for CPU writes */
231 if (r->stolen)
232 pfn = (dev_priv->stolen_base + r->offset) >> PAGE_SHIFT;
233 else
234 pfn = page_to_pfn(r->pages[page_offset]);
235 ret = vm_insert_pfn(vma, (unsigned long)vmf->virtual_address, pfn);
237 fail:
238 mutex_unlock(&dev->struct_mutex);
239 switch (ret) {
240 case 0:
241 case -ERESTARTSYS:
242 case -EINTR:
243 return VM_FAULT_NOPAGE;
244 case -ENOMEM:
245 return VM_FAULT_OOM;
246 default:
247 return VM_FAULT_SIGBUS;
251 static int psb_gem_create_stolen(struct drm_file *file, struct drm_device *dev,
252 int size, u32 *handle)
254 struct gtt_range *gtt = psb_gtt_alloc_range(dev, size, "gem", 1);
255 if (gtt == NULL)
256 return -ENOMEM;
257 if (drm_gem_private_object_init(dev, &gtt->gem, size) != 0)
258 goto free_gtt;
259 if (drm_gem_handle_create(file, &gtt->gem, handle) == 0)
260 return 0;
261 free_gtt:
262 psb_gtt_free_range(dev, gtt);
263 return -ENOMEM;
267 * GEM interfaces for our specific client
269 int psb_gem_create_ioctl(struct drm_device *dev, void *data,
270 struct drm_file *file)
272 struct drm_psb_gem_create *args = data;
273 int ret;
274 if (args->flags & GMA_GEM_CREATE_STOLEN) {
275 ret = psb_gem_create_stolen(file, dev, args->size,
276 &args->handle);
277 if (ret == 0)
278 return 0;
279 /* Fall throguh */
280 args->flags &= ~GMA_GEM_CREATE_STOLEN;
282 return psb_gem_create(file, dev, args->size, &args->handle);
285 int psb_gem_mmap_ioctl(struct drm_device *dev, void *data,
286 struct drm_file *file)
288 struct drm_psb_gem_mmap *args = data;
289 return dev->driver->dumb_map_offset(file, dev,
290 args->handle, &args->offset);