mbochs.c 35 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451
  1. // SPDX-License-Identifier: GPL-2.0
  2. /*
  3. * Mediated virtual PCI display host device driver
  4. *
  5. * Emulate enough of qemu stdvga to make bochs-drm.ko happy. That is
  6. * basically the vram memory bar and the bochs dispi interface vbe
  7. * registers in the mmio register bar. Specifically it does *not*
  8. * include any legacy vga stuff. Device looks a lot like "qemu -device
  9. * secondary-vga".
  10. *
  11. * (c) Gerd Hoffmann <kraxel@redhat.com>
  12. *
  13. * based on mtty driver which is:
  14. * Copyright (c) 2016, NVIDIA CORPORATION. All rights reserved.
  15. * Author: Neo Jia <cjia@nvidia.com>
  16. * Kirti Wankhede <kwankhede@nvidia.com>
  17. *
  18. * This program is free software; you can redistribute it and/or modify
  19. * it under the terms of the GNU General Public License version 2 as
  20. * published by the Free Software Foundation.
  21. */
  22. #include <linux/init.h>
  23. #include <linux/module.h>
  24. #include <linux/kernel.h>
  25. #include <linux/slab.h>
  26. #include <linux/vmalloc.h>
  27. #include <linux/cdev.h>
  28. #include <linux/vfio.h>
  29. #include <linux/iommu.h>
  30. #include <linux/sysfs.h>
  31. #include <linux/mdev.h>
  32. #include <linux/pci.h>
  33. #include <linux/dma-buf.h>
  34. #include <linux/highmem.h>
  35. #include <drm/drm_fourcc.h>
  36. #include <drm/drm_rect.h>
  37. #include <drm/drm_modeset_lock.h>
  38. #include <drm/drm_property.h>
  39. #include <drm/drm_plane.h>
  40. #define VBE_DISPI_INDEX_ID 0x0
  41. #define VBE_DISPI_INDEX_XRES 0x1
  42. #define VBE_DISPI_INDEX_YRES 0x2
  43. #define VBE_DISPI_INDEX_BPP 0x3
  44. #define VBE_DISPI_INDEX_ENABLE 0x4
  45. #define VBE_DISPI_INDEX_BANK 0x5
  46. #define VBE_DISPI_INDEX_VIRT_WIDTH 0x6
  47. #define VBE_DISPI_INDEX_VIRT_HEIGHT 0x7
  48. #define VBE_DISPI_INDEX_X_OFFSET 0x8
  49. #define VBE_DISPI_INDEX_Y_OFFSET 0x9
  50. #define VBE_DISPI_INDEX_VIDEO_MEMORY_64K 0xa
  51. #define VBE_DISPI_INDEX_COUNT 0xb
  52. #define VBE_DISPI_ID0 0xB0C0
  53. #define VBE_DISPI_ID1 0xB0C1
  54. #define VBE_DISPI_ID2 0xB0C2
  55. #define VBE_DISPI_ID3 0xB0C3
  56. #define VBE_DISPI_ID4 0xB0C4
  57. #define VBE_DISPI_ID5 0xB0C5
  58. #define VBE_DISPI_DISABLED 0x00
  59. #define VBE_DISPI_ENABLED 0x01
  60. #define VBE_DISPI_GETCAPS 0x02
  61. #define VBE_DISPI_8BIT_DAC 0x20
  62. #define VBE_DISPI_LFB_ENABLED 0x40
  63. #define VBE_DISPI_NOCLEARMEM 0x80
  64. #define MBOCHS_NAME "mbochs"
  65. #define MBOCHS_CLASS_NAME "mbochs"
  66. #define MBOCHS_EDID_REGION_INDEX VFIO_PCI_NUM_REGIONS
  67. #define MBOCHS_NUM_REGIONS (MBOCHS_EDID_REGION_INDEX+1)
  68. #define MBOCHS_CONFIG_SPACE_SIZE 0xff
  69. #define MBOCHS_MMIO_BAR_OFFSET PAGE_SIZE
  70. #define MBOCHS_MMIO_BAR_SIZE PAGE_SIZE
  71. #define MBOCHS_EDID_OFFSET (MBOCHS_MMIO_BAR_OFFSET + \
  72. MBOCHS_MMIO_BAR_SIZE)
  73. #define MBOCHS_EDID_SIZE PAGE_SIZE
  74. #define MBOCHS_MEMORY_BAR_OFFSET (MBOCHS_EDID_OFFSET + \
  75. MBOCHS_EDID_SIZE)
  76. #define MBOCHS_EDID_BLOB_OFFSET (MBOCHS_EDID_SIZE/2)
  77. #define STORE_LE16(addr, val) (*(u16 *)addr = val)
  78. #define STORE_LE32(addr, val) (*(u32 *)addr = val)
  79. MODULE_DESCRIPTION("Mediated virtual PCI display host device driver");
  80. MODULE_LICENSE("GPL v2");
  81. static int max_mbytes = 256;
  82. module_param_named(count, max_mbytes, int, 0444);
  83. MODULE_PARM_DESC(mem, "megabytes available to " MBOCHS_NAME " devices");
  84. #define MBOCHS_TYPE_1 "small"
  85. #define MBOCHS_TYPE_2 "medium"
  86. #define MBOCHS_TYPE_3 "large"
  87. static struct mbochs_type {
  88. struct mdev_type type;
  89. u32 mbytes;
  90. u32 max_x;
  91. u32 max_y;
  92. } mbochs_types[] = {
  93. {
  94. .type.sysfs_name = MBOCHS_TYPE_1,
  95. .type.pretty_name = MBOCHS_CLASS_NAME "-" MBOCHS_TYPE_1,
  96. .mbytes = 4,
  97. .max_x = 800,
  98. .max_y = 600,
  99. }, {
  100. .type.sysfs_name = MBOCHS_TYPE_2,
  101. .type.pretty_name = MBOCHS_CLASS_NAME "-" MBOCHS_TYPE_2,
  102. .mbytes = 16,
  103. .max_x = 1920,
  104. .max_y = 1440,
  105. }, {
  106. .type.sysfs_name = MBOCHS_TYPE_3,
  107. .type.pretty_name = MBOCHS_CLASS_NAME "-" MBOCHS_TYPE_3,
  108. .mbytes = 64,
  109. .max_x = 0,
  110. .max_y = 0,
  111. },
  112. };
  113. static struct mdev_type *mbochs_mdev_types[] = {
  114. &mbochs_types[0].type,
  115. &mbochs_types[1].type,
  116. &mbochs_types[2].type,
  117. };
  118. static dev_t mbochs_devt;
  119. static const struct class mbochs_class = {
  120. .name = MBOCHS_CLASS_NAME,
  121. };
  122. static struct cdev mbochs_cdev;
  123. static struct device mbochs_dev;
  124. static struct mdev_parent mbochs_parent;
  125. static atomic_t mbochs_avail_mbytes;
  126. static const struct vfio_device_ops mbochs_dev_ops;
  127. struct mbochs_mode {
  128. u32 drm_format;
  129. u32 bytepp;
  130. u32 width;
  131. u32 height;
  132. u32 stride;
  133. u32 __pad;
  134. u64 offset;
  135. u64 size;
  136. };
  137. struct mbochs_dmabuf {
  138. struct mbochs_mode mode;
  139. u32 id;
  140. struct page **pages;
  141. pgoff_t pagecount;
  142. struct dma_buf *buf;
  143. struct mdev_state *mdev_state;
  144. struct list_head next;
  145. bool unlinked;
  146. };
  147. /* State of each mdev device */
  148. struct mdev_state {
  149. struct vfio_device vdev;
  150. u8 *vconfig;
  151. u64 bar_mask[3];
  152. u32 memory_bar_mask;
  153. struct mutex ops_lock;
  154. struct mdev_device *mdev;
  155. const struct mbochs_type *type;
  156. u16 vbe[VBE_DISPI_INDEX_COUNT];
  157. u64 memsize;
  158. struct page **pages;
  159. pgoff_t pagecount;
  160. struct vfio_region_gfx_edid edid_regs;
  161. u8 edid_blob[0x400];
  162. struct list_head dmabufs;
  163. u32 active_id;
  164. u32 next_id;
  165. };
  166. static const char *vbe_name_list[VBE_DISPI_INDEX_COUNT] = {
  167. [VBE_DISPI_INDEX_ID] = "id",
  168. [VBE_DISPI_INDEX_XRES] = "xres",
  169. [VBE_DISPI_INDEX_YRES] = "yres",
  170. [VBE_DISPI_INDEX_BPP] = "bpp",
  171. [VBE_DISPI_INDEX_ENABLE] = "enable",
  172. [VBE_DISPI_INDEX_BANK] = "bank",
  173. [VBE_DISPI_INDEX_VIRT_WIDTH] = "virt-width",
  174. [VBE_DISPI_INDEX_VIRT_HEIGHT] = "virt-height",
  175. [VBE_DISPI_INDEX_X_OFFSET] = "x-offset",
  176. [VBE_DISPI_INDEX_Y_OFFSET] = "y-offset",
  177. [VBE_DISPI_INDEX_VIDEO_MEMORY_64K] = "video-mem",
  178. };
  179. static const char *vbe_name(u32 index)
  180. {
  181. if (index < ARRAY_SIZE(vbe_name_list))
  182. return vbe_name_list[index];
  183. return "(invalid)";
  184. }
  185. static struct page *__mbochs_get_page(struct mdev_state *mdev_state,
  186. pgoff_t pgoff);
  187. static struct page *mbochs_get_page(struct mdev_state *mdev_state,
  188. pgoff_t pgoff);
  189. static void mbochs_create_config_space(struct mdev_state *mdev_state)
  190. {
  191. STORE_LE16((u16 *) &mdev_state->vconfig[PCI_VENDOR_ID],
  192. 0x1234);
  193. STORE_LE16((u16 *) &mdev_state->vconfig[PCI_DEVICE_ID],
  194. 0x1111);
  195. STORE_LE16((u16 *) &mdev_state->vconfig[PCI_SUBSYSTEM_VENDOR_ID],
  196. PCI_SUBVENDOR_ID_REDHAT_QUMRANET);
  197. STORE_LE16((u16 *) &mdev_state->vconfig[PCI_SUBSYSTEM_ID],
  198. PCI_SUBDEVICE_ID_QEMU);
  199. STORE_LE16((u16 *) &mdev_state->vconfig[PCI_COMMAND],
  200. PCI_COMMAND_IO | PCI_COMMAND_MEMORY);
  201. STORE_LE16((u16 *) &mdev_state->vconfig[PCI_CLASS_DEVICE],
  202. PCI_CLASS_DISPLAY_OTHER);
  203. mdev_state->vconfig[PCI_CLASS_REVISION] = 0x01;
  204. STORE_LE32((u32 *) &mdev_state->vconfig[PCI_BASE_ADDRESS_0],
  205. PCI_BASE_ADDRESS_SPACE_MEMORY |
  206. PCI_BASE_ADDRESS_MEM_TYPE_32 |
  207. PCI_BASE_ADDRESS_MEM_PREFETCH);
  208. mdev_state->bar_mask[0] = ~(mdev_state->memsize) + 1;
  209. STORE_LE32((u32 *) &mdev_state->vconfig[PCI_BASE_ADDRESS_2],
  210. PCI_BASE_ADDRESS_SPACE_MEMORY |
  211. PCI_BASE_ADDRESS_MEM_TYPE_32);
  212. mdev_state->bar_mask[2] = ~(MBOCHS_MMIO_BAR_SIZE) + 1;
  213. }
  214. static int mbochs_check_framebuffer(struct mdev_state *mdev_state,
  215. struct mbochs_mode *mode)
  216. {
  217. struct device *dev = mdev_dev(mdev_state->mdev);
  218. u16 *vbe = mdev_state->vbe;
  219. u32 virt_width;
  220. WARN_ON(!mutex_is_locked(&mdev_state->ops_lock));
  221. if (!(vbe[VBE_DISPI_INDEX_ENABLE] & VBE_DISPI_ENABLED))
  222. goto nofb;
  223. memset(mode, 0, sizeof(*mode));
  224. switch (vbe[VBE_DISPI_INDEX_BPP]) {
  225. case 32:
  226. mode->drm_format = DRM_FORMAT_XRGB8888;
  227. mode->bytepp = 4;
  228. break;
  229. default:
  230. dev_info_ratelimited(dev, "%s: bpp %d not supported\n",
  231. __func__, vbe[VBE_DISPI_INDEX_BPP]);
  232. goto nofb;
  233. }
  234. mode->width = vbe[VBE_DISPI_INDEX_XRES];
  235. mode->height = vbe[VBE_DISPI_INDEX_YRES];
  236. virt_width = vbe[VBE_DISPI_INDEX_VIRT_WIDTH];
  237. if (virt_width < mode->width)
  238. virt_width = mode->width;
  239. mode->stride = virt_width * mode->bytepp;
  240. mode->size = (u64)mode->stride * mode->height;
  241. mode->offset = ((u64)vbe[VBE_DISPI_INDEX_X_OFFSET] * mode->bytepp +
  242. (u64)vbe[VBE_DISPI_INDEX_Y_OFFSET] * mode->stride);
  243. if (mode->width < 64 || mode->height < 64) {
  244. dev_info_ratelimited(dev, "%s: invalid resolution %dx%d\n",
  245. __func__, mode->width, mode->height);
  246. goto nofb;
  247. }
  248. if (mode->offset + mode->size > mdev_state->memsize) {
  249. dev_info_ratelimited(dev, "%s: framebuffer memory overflow\n",
  250. __func__);
  251. goto nofb;
  252. }
  253. return 0;
  254. nofb:
  255. memset(mode, 0, sizeof(*mode));
  256. return -EINVAL;
  257. }
  258. static bool mbochs_modes_equal(struct mbochs_mode *mode1,
  259. struct mbochs_mode *mode2)
  260. {
  261. return memcmp(mode1, mode2, sizeof(struct mbochs_mode)) == 0;
  262. }
  263. static void handle_pci_cfg_write(struct mdev_state *mdev_state, u16 offset,
  264. char *buf, u32 count)
  265. {
  266. struct device *dev = mdev_dev(mdev_state->mdev);
  267. int index = (offset - PCI_BASE_ADDRESS_0) / 0x04;
  268. u32 cfg_addr;
  269. switch (offset) {
  270. case PCI_BASE_ADDRESS_0:
  271. case PCI_BASE_ADDRESS_2:
  272. cfg_addr = *(u32 *)buf;
  273. if (cfg_addr == 0xffffffff) {
  274. cfg_addr = (cfg_addr & mdev_state->bar_mask[index]);
  275. } else {
  276. cfg_addr &= PCI_BASE_ADDRESS_MEM_MASK;
  277. if (cfg_addr)
  278. dev_info(dev, "BAR #%d @ 0x%x\n",
  279. index, cfg_addr);
  280. }
  281. cfg_addr |= (mdev_state->vconfig[offset] &
  282. ~PCI_BASE_ADDRESS_MEM_MASK);
  283. STORE_LE32(&mdev_state->vconfig[offset], cfg_addr);
  284. break;
  285. }
  286. }
  287. static void handle_mmio_write(struct mdev_state *mdev_state, u16 offset,
  288. char *buf, u32 count)
  289. {
  290. struct device *dev = mdev_dev(mdev_state->mdev);
  291. int index;
  292. u16 reg16;
  293. switch (offset) {
  294. case 0x400 ... 0x41f: /* vga ioports remapped */
  295. goto unhandled;
  296. case 0x500 ... 0x515: /* bochs dispi interface */
  297. if (count != 2)
  298. goto unhandled;
  299. index = (offset - 0x500) / 2;
  300. reg16 = *(u16 *)buf;
  301. if (index < ARRAY_SIZE(mdev_state->vbe))
  302. mdev_state->vbe[index] = reg16;
  303. dev_dbg(dev, "%s: vbe write %d = %d (%s)\n",
  304. __func__, index, reg16, vbe_name(index));
  305. break;
  306. case 0x600 ... 0x607: /* qemu extended regs */
  307. goto unhandled;
  308. default:
  309. unhandled:
  310. dev_dbg(dev, "%s: @0x%03x, count %d (unhandled)\n",
  311. __func__, offset, count);
  312. break;
  313. }
  314. }
  315. static void handle_mmio_read(struct mdev_state *mdev_state, u16 offset,
  316. char *buf, u32 count)
  317. {
  318. struct device *dev = mdev_dev(mdev_state->mdev);
  319. struct vfio_region_gfx_edid *edid;
  320. u16 reg16 = 0;
  321. int index;
  322. switch (offset) {
  323. case 0x000 ... 0x3ff: /* edid block */
  324. edid = &mdev_state->edid_regs;
  325. if (edid->link_state != VFIO_DEVICE_GFX_LINK_STATE_UP ||
  326. offset >= edid->edid_size) {
  327. memset(buf, 0, count);
  328. break;
  329. }
  330. memcpy(buf, mdev_state->edid_blob + offset, count);
  331. break;
  332. case 0x500 ... 0x515: /* bochs dispi interface */
  333. if (count != 2)
  334. goto unhandled;
  335. index = (offset - 0x500) / 2;
  336. if (index < ARRAY_SIZE(mdev_state->vbe))
  337. reg16 = mdev_state->vbe[index];
  338. dev_dbg(dev, "%s: vbe read %d = %d (%s)\n",
  339. __func__, index, reg16, vbe_name(index));
  340. *(u16 *)buf = reg16;
  341. break;
  342. default:
  343. unhandled:
  344. dev_dbg(dev, "%s: @0x%03x, count %d (unhandled)\n",
  345. __func__, offset, count);
  346. memset(buf, 0, count);
  347. break;
  348. }
  349. }
  350. static void handle_edid_regs(struct mdev_state *mdev_state, u16 offset,
  351. char *buf, u32 count, bool is_write)
  352. {
  353. char *regs = (void *)&mdev_state->edid_regs;
  354. if (offset + count > sizeof(mdev_state->edid_regs))
  355. return;
  356. if (count != 4)
  357. return;
  358. if (offset % 4)
  359. return;
  360. if (is_write) {
  361. switch (offset) {
  362. case offsetof(struct vfio_region_gfx_edid, link_state):
  363. case offsetof(struct vfio_region_gfx_edid, edid_size):
  364. memcpy(regs + offset, buf, count);
  365. break;
  366. default:
  367. /* read-only regs */
  368. break;
  369. }
  370. } else {
  371. memcpy(buf, regs + offset, count);
  372. }
  373. }
  374. static void handle_edid_blob(struct mdev_state *mdev_state, u16 offset,
  375. char *buf, u32 count, bool is_write)
  376. {
  377. if (offset + count > mdev_state->edid_regs.edid_max_size)
  378. return;
  379. if (is_write)
  380. memcpy(mdev_state->edid_blob + offset, buf, count);
  381. else
  382. memcpy(buf, mdev_state->edid_blob + offset, count);
  383. }
  384. static ssize_t mdev_access(struct mdev_state *mdev_state, char *buf,
  385. size_t count, loff_t pos, bool is_write)
  386. {
  387. struct page *pg;
  388. loff_t poff;
  389. char *map;
  390. int ret = 0;
  391. mutex_lock(&mdev_state->ops_lock);
  392. if (pos < MBOCHS_CONFIG_SPACE_SIZE) {
  393. if (is_write)
  394. handle_pci_cfg_write(mdev_state, pos, buf, count);
  395. else
  396. memcpy(buf, (mdev_state->vconfig + pos), count);
  397. } else if (pos >= MBOCHS_MMIO_BAR_OFFSET &&
  398. pos + count <= (MBOCHS_MMIO_BAR_OFFSET +
  399. MBOCHS_MMIO_BAR_SIZE)) {
  400. pos -= MBOCHS_MMIO_BAR_OFFSET;
  401. if (is_write)
  402. handle_mmio_write(mdev_state, pos, buf, count);
  403. else
  404. handle_mmio_read(mdev_state, pos, buf, count);
  405. } else if (pos >= MBOCHS_EDID_OFFSET &&
  406. pos + count <= (MBOCHS_EDID_OFFSET +
  407. MBOCHS_EDID_SIZE)) {
  408. pos -= MBOCHS_EDID_OFFSET;
  409. if (pos < MBOCHS_EDID_BLOB_OFFSET) {
  410. handle_edid_regs(mdev_state, pos, buf, count, is_write);
  411. } else {
  412. pos -= MBOCHS_EDID_BLOB_OFFSET;
  413. handle_edid_blob(mdev_state, pos, buf, count, is_write);
  414. }
  415. } else if (pos >= MBOCHS_MEMORY_BAR_OFFSET &&
  416. pos + count <=
  417. MBOCHS_MEMORY_BAR_OFFSET + mdev_state->memsize) {
  418. pos -= MBOCHS_MMIO_BAR_OFFSET;
  419. poff = pos & ~PAGE_MASK;
  420. pg = __mbochs_get_page(mdev_state, pos >> PAGE_SHIFT);
  421. map = kmap(pg);
  422. if (is_write)
  423. memcpy(map + poff, buf, count);
  424. else
  425. memcpy(buf, map + poff, count);
  426. kunmap(pg);
  427. put_page(pg);
  428. } else {
  429. dev_dbg(mdev_state->vdev.dev, "%s: %s @0x%llx (unhandled)\n",
  430. __func__, is_write ? "WR" : "RD", pos);
  431. ret = -1;
  432. goto accessfailed;
  433. }
  434. ret = count;
  435. accessfailed:
  436. mutex_unlock(&mdev_state->ops_lock);
  437. return ret;
  438. }
  439. static int mbochs_reset(struct mdev_state *mdev_state)
  440. {
  441. u32 size64k = mdev_state->memsize / (64 * 1024);
  442. int i;
  443. for (i = 0; i < ARRAY_SIZE(mdev_state->vbe); i++)
  444. mdev_state->vbe[i] = 0;
  445. mdev_state->vbe[VBE_DISPI_INDEX_ID] = VBE_DISPI_ID5;
  446. mdev_state->vbe[VBE_DISPI_INDEX_VIDEO_MEMORY_64K] = size64k;
  447. return 0;
  448. }
  449. static int mbochs_init_dev(struct vfio_device *vdev)
  450. {
  451. struct mdev_state *mdev_state =
  452. container_of(vdev, struct mdev_state, vdev);
  453. struct mdev_device *mdev = to_mdev_device(vdev->dev);
  454. struct mbochs_type *type =
  455. container_of(mdev->type, struct mbochs_type, type);
  456. int avail_mbytes = atomic_read(&mbochs_avail_mbytes);
  457. int ret = -ENOMEM;
  458. do {
  459. if (avail_mbytes < type->mbytes)
  460. return -ENOSPC;
  461. } while (!atomic_try_cmpxchg(&mbochs_avail_mbytes, &avail_mbytes,
  462. avail_mbytes - type->mbytes));
  463. mdev_state->vconfig = kzalloc(MBOCHS_CONFIG_SPACE_SIZE, GFP_KERNEL);
  464. if (!mdev_state->vconfig)
  465. goto err_avail;
  466. mdev_state->memsize = type->mbytes * 1024 * 1024;
  467. mdev_state->pagecount = mdev_state->memsize >> PAGE_SHIFT;
  468. mdev_state->pages = kcalloc(mdev_state->pagecount,
  469. sizeof(struct page *),
  470. GFP_KERNEL);
  471. if (!mdev_state->pages)
  472. goto err_vconfig;
  473. mutex_init(&mdev_state->ops_lock);
  474. mdev_state->mdev = mdev;
  475. INIT_LIST_HEAD(&mdev_state->dmabufs);
  476. mdev_state->next_id = 1;
  477. mdev_state->type = type;
  478. mdev_state->edid_regs.max_xres = type->max_x;
  479. mdev_state->edid_regs.max_yres = type->max_y;
  480. mdev_state->edid_regs.edid_offset = MBOCHS_EDID_BLOB_OFFSET;
  481. mdev_state->edid_regs.edid_max_size = sizeof(mdev_state->edid_blob);
  482. mbochs_create_config_space(mdev_state);
  483. mbochs_reset(mdev_state);
  484. dev_info(vdev->dev, "%s: %s, %d MB, %ld pages\n", __func__,
  485. type->type.pretty_name, type->mbytes, mdev_state->pagecount);
  486. return 0;
  487. err_vconfig:
  488. kfree(mdev_state->vconfig);
  489. err_avail:
  490. atomic_add(type->mbytes, &mbochs_avail_mbytes);
  491. return ret;
  492. }
  493. static int mbochs_probe(struct mdev_device *mdev)
  494. {
  495. struct mdev_state *mdev_state;
  496. int ret = -ENOMEM;
  497. mdev_state = vfio_alloc_device(mdev_state, vdev, &mdev->dev,
  498. &mbochs_dev_ops);
  499. if (IS_ERR(mdev_state))
  500. return PTR_ERR(mdev_state);
  501. ret = vfio_register_emulated_iommu_dev(&mdev_state->vdev);
  502. if (ret)
  503. goto err_put_vdev;
  504. dev_set_drvdata(&mdev->dev, mdev_state);
  505. return 0;
  506. err_put_vdev:
  507. vfio_put_device(&mdev_state->vdev);
  508. return ret;
  509. }
  510. static void mbochs_release_dev(struct vfio_device *vdev)
  511. {
  512. struct mdev_state *mdev_state =
  513. container_of(vdev, struct mdev_state, vdev);
  514. atomic_add(mdev_state->type->mbytes, &mbochs_avail_mbytes);
  515. kfree(mdev_state->pages);
  516. kfree(mdev_state->vconfig);
  517. }
  518. static void mbochs_remove(struct mdev_device *mdev)
  519. {
  520. struct mdev_state *mdev_state = dev_get_drvdata(&mdev->dev);
  521. vfio_unregister_group_dev(&mdev_state->vdev);
  522. vfio_put_device(&mdev_state->vdev);
  523. }
  524. static ssize_t mbochs_read(struct vfio_device *vdev, char __user *buf,
  525. size_t count, loff_t *ppos)
  526. {
  527. struct mdev_state *mdev_state =
  528. container_of(vdev, struct mdev_state, vdev);
  529. unsigned int done = 0;
  530. int ret;
  531. while (count) {
  532. size_t filled;
  533. if (count >= 4 && !(*ppos % 4)) {
  534. u32 val;
  535. ret = mdev_access(mdev_state, (char *)&val, sizeof(val),
  536. *ppos, false);
  537. if (ret <= 0)
  538. goto read_err;
  539. if (copy_to_user(buf, &val, sizeof(val)))
  540. goto read_err;
  541. filled = 4;
  542. } else if (count >= 2 && !(*ppos % 2)) {
  543. u16 val;
  544. ret = mdev_access(mdev_state, (char *)&val, sizeof(val),
  545. *ppos, false);
  546. if (ret <= 0)
  547. goto read_err;
  548. if (copy_to_user(buf, &val, sizeof(val)))
  549. goto read_err;
  550. filled = 2;
  551. } else {
  552. u8 val;
  553. ret = mdev_access(mdev_state, (char *)&val, sizeof(val),
  554. *ppos, false);
  555. if (ret <= 0)
  556. goto read_err;
  557. if (copy_to_user(buf, &val, sizeof(val)))
  558. goto read_err;
  559. filled = 1;
  560. }
  561. count -= filled;
  562. done += filled;
  563. *ppos += filled;
  564. buf += filled;
  565. }
  566. return done;
  567. read_err:
  568. return -EFAULT;
  569. }
  570. static ssize_t mbochs_write(struct vfio_device *vdev, const char __user *buf,
  571. size_t count, loff_t *ppos)
  572. {
  573. struct mdev_state *mdev_state =
  574. container_of(vdev, struct mdev_state, vdev);
  575. unsigned int done = 0;
  576. int ret;
  577. while (count) {
  578. size_t filled;
  579. if (count >= 4 && !(*ppos % 4)) {
  580. u32 val;
  581. if (copy_from_user(&val, buf, sizeof(val)))
  582. goto write_err;
  583. ret = mdev_access(mdev_state, (char *)&val, sizeof(val),
  584. *ppos, true);
  585. if (ret <= 0)
  586. goto write_err;
  587. filled = 4;
  588. } else if (count >= 2 && !(*ppos % 2)) {
  589. u16 val;
  590. if (copy_from_user(&val, buf, sizeof(val)))
  591. goto write_err;
  592. ret = mdev_access(mdev_state, (char *)&val, sizeof(val),
  593. *ppos, true);
  594. if (ret <= 0)
  595. goto write_err;
  596. filled = 2;
  597. } else {
  598. u8 val;
  599. if (copy_from_user(&val, buf, sizeof(val)))
  600. goto write_err;
  601. ret = mdev_access(mdev_state, (char *)&val, sizeof(val),
  602. *ppos, true);
  603. if (ret <= 0)
  604. goto write_err;
  605. filled = 1;
  606. }
  607. count -= filled;
  608. done += filled;
  609. *ppos += filled;
  610. buf += filled;
  611. }
  612. return done;
  613. write_err:
  614. return -EFAULT;
  615. }
  616. static struct page *__mbochs_get_page(struct mdev_state *mdev_state,
  617. pgoff_t pgoff)
  618. {
  619. WARN_ON(!mutex_is_locked(&mdev_state->ops_lock));
  620. if (!mdev_state->pages[pgoff]) {
  621. mdev_state->pages[pgoff] =
  622. alloc_pages(GFP_HIGHUSER | __GFP_ZERO, 0);
  623. if (!mdev_state->pages[pgoff])
  624. return NULL;
  625. }
  626. get_page(mdev_state->pages[pgoff]);
  627. return mdev_state->pages[pgoff];
  628. }
  629. static struct page *mbochs_get_page(struct mdev_state *mdev_state,
  630. pgoff_t pgoff)
  631. {
  632. struct page *page;
  633. if (WARN_ON(pgoff >= mdev_state->pagecount))
  634. return NULL;
  635. mutex_lock(&mdev_state->ops_lock);
  636. page = __mbochs_get_page(mdev_state, pgoff);
  637. mutex_unlock(&mdev_state->ops_lock);
  638. return page;
  639. }
  640. static void mbochs_put_pages(struct mdev_state *mdev_state)
  641. {
  642. struct device *dev = mdev_dev(mdev_state->mdev);
  643. int i, count = 0;
  644. WARN_ON(!mutex_is_locked(&mdev_state->ops_lock));
  645. for (i = 0; i < mdev_state->pagecount; i++) {
  646. if (!mdev_state->pages[i])
  647. continue;
  648. put_page(mdev_state->pages[i]);
  649. mdev_state->pages[i] = NULL;
  650. count++;
  651. }
  652. dev_dbg(dev, "%s: %d pages released\n", __func__, count);
  653. }
  654. static vm_fault_t mbochs_region_vm_fault(struct vm_fault *vmf)
  655. {
  656. struct vm_area_struct *vma = vmf->vma;
  657. struct mdev_state *mdev_state = vma->vm_private_data;
  658. pgoff_t page_offset = (vmf->address - vma->vm_start) >> PAGE_SHIFT;
  659. if (page_offset >= mdev_state->pagecount)
  660. return VM_FAULT_SIGBUS;
  661. vmf->page = mbochs_get_page(mdev_state, page_offset);
  662. if (!vmf->page)
  663. return VM_FAULT_SIGBUS;
  664. return 0;
  665. }
  666. static const struct vm_operations_struct mbochs_region_vm_ops = {
  667. .fault = mbochs_region_vm_fault,
  668. };
  669. static int mbochs_mmap(struct vfio_device *vdev, struct vm_area_struct *vma)
  670. {
  671. struct mdev_state *mdev_state =
  672. container_of(vdev, struct mdev_state, vdev);
  673. if (vma->vm_pgoff != MBOCHS_MEMORY_BAR_OFFSET >> PAGE_SHIFT)
  674. return -EINVAL;
  675. if (vma->vm_end < vma->vm_start)
  676. return -EINVAL;
  677. if (vma->vm_end - vma->vm_start > mdev_state->memsize)
  678. return -EINVAL;
  679. if ((vma->vm_flags & VM_SHARED) == 0)
  680. return -EINVAL;
  681. vma->vm_ops = &mbochs_region_vm_ops;
  682. vma->vm_private_data = mdev_state;
  683. return 0;
  684. }
  685. static vm_fault_t mbochs_dmabuf_vm_fault(struct vm_fault *vmf)
  686. {
  687. struct vm_area_struct *vma = vmf->vma;
  688. struct mbochs_dmabuf *dmabuf = vma->vm_private_data;
  689. if (WARN_ON(vmf->pgoff >= dmabuf->pagecount))
  690. return VM_FAULT_SIGBUS;
  691. vmf->page = dmabuf->pages[vmf->pgoff];
  692. get_page(vmf->page);
  693. return 0;
  694. }
  695. static const struct vm_operations_struct mbochs_dmabuf_vm_ops = {
  696. .fault = mbochs_dmabuf_vm_fault,
  697. };
  698. static int mbochs_mmap_dmabuf(struct dma_buf *buf, struct vm_area_struct *vma)
  699. {
  700. struct mbochs_dmabuf *dmabuf = buf->priv;
  701. struct device *dev = mdev_dev(dmabuf->mdev_state->mdev);
  702. dev_dbg(dev, "%s: %d\n", __func__, dmabuf->id);
  703. if ((vma->vm_flags & VM_SHARED) == 0)
  704. return -EINVAL;
  705. vma->vm_ops = &mbochs_dmabuf_vm_ops;
  706. vma->vm_private_data = dmabuf;
  707. return 0;
  708. }
  709. static void mbochs_print_dmabuf(struct mbochs_dmabuf *dmabuf,
  710. const char *prefix)
  711. {
  712. struct device *dev = mdev_dev(dmabuf->mdev_state->mdev);
  713. u32 fourcc = dmabuf->mode.drm_format;
  714. dev_dbg(dev, "%s/%d: %c%c%c%c, %dx%d, stride %d, off 0x%llx, size 0x%llx, pages %ld\n",
  715. prefix, dmabuf->id,
  716. fourcc ? ((fourcc >> 0) & 0xff) : '-',
  717. fourcc ? ((fourcc >> 8) & 0xff) : '-',
  718. fourcc ? ((fourcc >> 16) & 0xff) : '-',
  719. fourcc ? ((fourcc >> 24) & 0xff) : '-',
  720. dmabuf->mode.width, dmabuf->mode.height, dmabuf->mode.stride,
  721. dmabuf->mode.offset, dmabuf->mode.size, dmabuf->pagecount);
  722. }
  723. static struct sg_table *mbochs_map_dmabuf(struct dma_buf_attachment *at,
  724. enum dma_data_direction direction)
  725. {
  726. struct mbochs_dmabuf *dmabuf = at->dmabuf->priv;
  727. struct device *dev = mdev_dev(dmabuf->mdev_state->mdev);
  728. struct sg_table *sg;
  729. dev_dbg(dev, "%s: %d\n", __func__, dmabuf->id);
  730. sg = kzalloc(sizeof(*sg), GFP_KERNEL);
  731. if (!sg)
  732. goto err1;
  733. if (sg_alloc_table_from_pages(sg, dmabuf->pages, dmabuf->pagecount,
  734. 0, dmabuf->mode.size, GFP_KERNEL) < 0)
  735. goto err2;
  736. if (dma_map_sgtable(at->dev, sg, direction, 0))
  737. goto err3;
  738. return sg;
  739. err3:
  740. sg_free_table(sg);
  741. err2:
  742. kfree(sg);
  743. err1:
  744. return ERR_PTR(-ENOMEM);
  745. }
  746. static void mbochs_unmap_dmabuf(struct dma_buf_attachment *at,
  747. struct sg_table *sg,
  748. enum dma_data_direction direction)
  749. {
  750. struct mbochs_dmabuf *dmabuf = at->dmabuf->priv;
  751. struct device *dev = mdev_dev(dmabuf->mdev_state->mdev);
  752. dev_dbg(dev, "%s: %d\n", __func__, dmabuf->id);
  753. dma_unmap_sgtable(at->dev, sg, direction, 0);
  754. sg_free_table(sg);
  755. kfree(sg);
  756. }
  757. static void mbochs_release_dmabuf(struct dma_buf *buf)
  758. {
  759. struct mbochs_dmabuf *dmabuf = buf->priv;
  760. struct mdev_state *mdev_state = dmabuf->mdev_state;
  761. struct device *dev = mdev_dev(mdev_state->mdev);
  762. pgoff_t pg;
  763. dev_dbg(dev, "%s: %d\n", __func__, dmabuf->id);
  764. for (pg = 0; pg < dmabuf->pagecount; pg++)
  765. put_page(dmabuf->pages[pg]);
  766. mutex_lock(&mdev_state->ops_lock);
  767. dmabuf->buf = NULL;
  768. if (dmabuf->unlinked)
  769. kfree(dmabuf);
  770. mutex_unlock(&mdev_state->ops_lock);
  771. }
  772. static struct dma_buf_ops mbochs_dmabuf_ops = {
  773. .map_dma_buf = mbochs_map_dmabuf,
  774. .unmap_dma_buf = mbochs_unmap_dmabuf,
  775. .release = mbochs_release_dmabuf,
  776. .mmap = mbochs_mmap_dmabuf,
  777. };
  778. static struct mbochs_dmabuf *mbochs_dmabuf_alloc(struct mdev_state *mdev_state,
  779. struct mbochs_mode *mode)
  780. {
  781. struct mbochs_dmabuf *dmabuf;
  782. pgoff_t page_offset, pg;
  783. WARN_ON(!mutex_is_locked(&mdev_state->ops_lock));
  784. dmabuf = kzalloc(sizeof(struct mbochs_dmabuf), GFP_KERNEL);
  785. if (!dmabuf)
  786. return NULL;
  787. dmabuf->mode = *mode;
  788. dmabuf->id = mdev_state->next_id++;
  789. dmabuf->pagecount = DIV_ROUND_UP(mode->size, PAGE_SIZE);
  790. dmabuf->pages = kcalloc(dmabuf->pagecount, sizeof(struct page *),
  791. GFP_KERNEL);
  792. if (!dmabuf->pages)
  793. goto err_free_dmabuf;
  794. page_offset = dmabuf->mode.offset >> PAGE_SHIFT;
  795. for (pg = 0; pg < dmabuf->pagecount; pg++) {
  796. dmabuf->pages[pg] = __mbochs_get_page(mdev_state,
  797. page_offset + pg);
  798. if (!dmabuf->pages[pg])
  799. goto err_free_pages;
  800. }
  801. dmabuf->mdev_state = mdev_state;
  802. list_add(&dmabuf->next, &mdev_state->dmabufs);
  803. mbochs_print_dmabuf(dmabuf, __func__);
  804. return dmabuf;
  805. err_free_pages:
  806. while (pg > 0)
  807. put_page(dmabuf->pages[--pg]);
  808. kfree(dmabuf->pages);
  809. err_free_dmabuf:
  810. kfree(dmabuf);
  811. return NULL;
  812. }
  813. static struct mbochs_dmabuf *
  814. mbochs_dmabuf_find_by_mode(struct mdev_state *mdev_state,
  815. struct mbochs_mode *mode)
  816. {
  817. struct mbochs_dmabuf *dmabuf;
  818. WARN_ON(!mutex_is_locked(&mdev_state->ops_lock));
  819. list_for_each_entry(dmabuf, &mdev_state->dmabufs, next)
  820. if (mbochs_modes_equal(&dmabuf->mode, mode))
  821. return dmabuf;
  822. return NULL;
  823. }
  824. static struct mbochs_dmabuf *
  825. mbochs_dmabuf_find_by_id(struct mdev_state *mdev_state, u32 id)
  826. {
  827. struct mbochs_dmabuf *dmabuf;
  828. WARN_ON(!mutex_is_locked(&mdev_state->ops_lock));
  829. list_for_each_entry(dmabuf, &mdev_state->dmabufs, next)
  830. if (dmabuf->id == id)
  831. return dmabuf;
  832. return NULL;
  833. }
  834. static int mbochs_dmabuf_export(struct mbochs_dmabuf *dmabuf)
  835. {
  836. struct mdev_state *mdev_state = dmabuf->mdev_state;
  837. struct device *dev = mdev_state->vdev.dev;
  838. DEFINE_DMA_BUF_EXPORT_INFO(exp_info);
  839. struct dma_buf *buf;
  840. WARN_ON(!mutex_is_locked(&mdev_state->ops_lock));
  841. if (!IS_ALIGNED(dmabuf->mode.offset, PAGE_SIZE)) {
  842. dev_info_ratelimited(dev, "%s: framebuffer not page-aligned\n",
  843. __func__);
  844. return -EINVAL;
  845. }
  846. exp_info.ops = &mbochs_dmabuf_ops;
  847. exp_info.size = dmabuf->mode.size;
  848. exp_info.priv = dmabuf;
  849. buf = dma_buf_export(&exp_info);
  850. if (IS_ERR(buf)) {
  851. dev_info_ratelimited(dev, "%s: dma_buf_export failed: %ld\n",
  852. __func__, PTR_ERR(buf));
  853. return PTR_ERR(buf);
  854. }
  855. dmabuf->buf = buf;
  856. dev_dbg(dev, "%s: %d\n", __func__, dmabuf->id);
  857. return 0;
  858. }
  859. static int mbochs_ioctl_get_region_info(struct vfio_device *vdev,
  860. struct vfio_region_info *region_info,
  861. struct vfio_info_cap *caps)
  862. {
  863. struct mdev_state *mdev_state =
  864. container_of(vdev, struct mdev_state, vdev);
  865. if (region_info->index >= MBOCHS_NUM_REGIONS)
  866. return -EINVAL;
  867. switch (region_info->index) {
  868. case VFIO_PCI_CONFIG_REGION_INDEX:
  869. region_info->offset = 0;
  870. region_info->size = MBOCHS_CONFIG_SPACE_SIZE;
  871. region_info->flags = (VFIO_REGION_INFO_FLAG_READ |
  872. VFIO_REGION_INFO_FLAG_WRITE);
  873. break;
  874. case VFIO_PCI_BAR0_REGION_INDEX:
  875. region_info->offset = MBOCHS_MEMORY_BAR_OFFSET;
  876. region_info->size = mdev_state->memsize;
  877. region_info->flags = (VFIO_REGION_INFO_FLAG_READ |
  878. VFIO_REGION_INFO_FLAG_WRITE |
  879. VFIO_REGION_INFO_FLAG_MMAP);
  880. break;
  881. case VFIO_PCI_BAR2_REGION_INDEX:
  882. region_info->offset = MBOCHS_MMIO_BAR_OFFSET;
  883. region_info->size = MBOCHS_MMIO_BAR_SIZE;
  884. region_info->flags = (VFIO_REGION_INFO_FLAG_READ |
  885. VFIO_REGION_INFO_FLAG_WRITE);
  886. break;
  887. case MBOCHS_EDID_REGION_INDEX: {
  888. struct vfio_region_info_cap_type cap_type = {
  889. .header.id = VFIO_REGION_INFO_CAP_TYPE,
  890. .header.version = 1,
  891. .type = VFIO_REGION_TYPE_GFX,
  892. .subtype = VFIO_REGION_SUBTYPE_GFX_EDID,
  893. };
  894. region_info->offset = MBOCHS_EDID_OFFSET;
  895. region_info->size = MBOCHS_EDID_SIZE;
  896. region_info->flags = (VFIO_REGION_INFO_FLAG_READ |
  897. VFIO_REGION_INFO_FLAG_WRITE |
  898. VFIO_REGION_INFO_FLAG_CAPS);
  899. return vfio_info_add_capability(caps, &cap_type.header,
  900. sizeof(cap_type));
  901. }
  902. default:
  903. region_info->size = 0;
  904. region_info->offset = 0;
  905. region_info->flags = 0;
  906. }
  907. return 0;
  908. }
  909. static int mbochs_get_irq_info(struct vfio_irq_info *irq_info)
  910. {
  911. irq_info->count = 0;
  912. return 0;
  913. }
  914. static int mbochs_get_device_info(struct vfio_device_info *dev_info)
  915. {
  916. dev_info->flags = VFIO_DEVICE_FLAGS_PCI;
  917. dev_info->num_regions = MBOCHS_NUM_REGIONS;
  918. dev_info->num_irqs = VFIO_PCI_NUM_IRQS;
  919. return 0;
  920. }
  921. static int mbochs_query_gfx_plane(struct mdev_state *mdev_state,
  922. struct vfio_device_gfx_plane_info *plane)
  923. {
  924. struct mbochs_dmabuf *dmabuf;
  925. struct mbochs_mode mode;
  926. int ret;
  927. if (plane->flags & VFIO_GFX_PLANE_TYPE_PROBE) {
  928. if (plane->flags == (VFIO_GFX_PLANE_TYPE_PROBE |
  929. VFIO_GFX_PLANE_TYPE_DMABUF))
  930. return 0;
  931. return -EINVAL;
  932. }
  933. if (plane->flags != VFIO_GFX_PLANE_TYPE_DMABUF)
  934. return -EINVAL;
  935. plane->drm_format_mod = 0;
  936. plane->x_pos = 0;
  937. plane->y_pos = 0;
  938. plane->x_hot = 0;
  939. plane->y_hot = 0;
  940. mutex_lock(&mdev_state->ops_lock);
  941. ret = -EINVAL;
  942. if (plane->drm_plane_type == DRM_PLANE_TYPE_PRIMARY)
  943. ret = mbochs_check_framebuffer(mdev_state, &mode);
  944. if (ret < 0) {
  945. plane->drm_format = 0;
  946. plane->width = 0;
  947. plane->height = 0;
  948. plane->stride = 0;
  949. plane->size = 0;
  950. plane->dmabuf_id = 0;
  951. goto done;
  952. }
  953. dmabuf = mbochs_dmabuf_find_by_mode(mdev_state, &mode);
  954. if (!dmabuf)
  955. mbochs_dmabuf_alloc(mdev_state, &mode);
  956. if (!dmabuf) {
  957. mutex_unlock(&mdev_state->ops_lock);
  958. return -ENOMEM;
  959. }
  960. plane->drm_format = dmabuf->mode.drm_format;
  961. plane->width = dmabuf->mode.width;
  962. plane->height = dmabuf->mode.height;
  963. plane->stride = dmabuf->mode.stride;
  964. plane->size = dmabuf->mode.size;
  965. plane->dmabuf_id = dmabuf->id;
  966. done:
  967. if (plane->drm_plane_type == DRM_PLANE_TYPE_PRIMARY &&
  968. mdev_state->active_id != plane->dmabuf_id) {
  969. dev_dbg(mdev_state->vdev.dev, "%s: primary: %d => %d\n",
  970. __func__, mdev_state->active_id, plane->dmabuf_id);
  971. mdev_state->active_id = plane->dmabuf_id;
  972. }
  973. mutex_unlock(&mdev_state->ops_lock);
  974. return 0;
  975. }
  976. static int mbochs_get_gfx_dmabuf(struct mdev_state *mdev_state, u32 id)
  977. {
  978. struct mbochs_dmabuf *dmabuf;
  979. mutex_lock(&mdev_state->ops_lock);
  980. dmabuf = mbochs_dmabuf_find_by_id(mdev_state, id);
  981. if (!dmabuf) {
  982. mutex_unlock(&mdev_state->ops_lock);
  983. return -ENOENT;
  984. }
  985. if (!dmabuf->buf)
  986. mbochs_dmabuf_export(dmabuf);
  987. mutex_unlock(&mdev_state->ops_lock);
  988. if (!dmabuf->buf)
  989. return -EINVAL;
  990. return dma_buf_fd(dmabuf->buf, 0);
  991. }
  992. static long mbochs_ioctl(struct vfio_device *vdev, unsigned int cmd,
  993. unsigned long arg)
  994. {
  995. struct mdev_state *mdev_state =
  996. container_of(vdev, struct mdev_state, vdev);
  997. int ret = 0;
  998. unsigned long minsz;
  999. switch (cmd) {
  1000. case VFIO_DEVICE_GET_INFO:
  1001. {
  1002. struct vfio_device_info info;
  1003. minsz = offsetofend(struct vfio_device_info, num_irqs);
  1004. if (copy_from_user(&info, (void __user *)arg, minsz))
  1005. return -EFAULT;
  1006. if (info.argsz < minsz)
  1007. return -EINVAL;
  1008. ret = mbochs_get_device_info(&info);
  1009. if (ret)
  1010. return ret;
  1011. if (copy_to_user((void __user *)arg, &info, minsz))
  1012. return -EFAULT;
  1013. return 0;
  1014. }
  1015. case VFIO_DEVICE_GET_IRQ_INFO:
  1016. {
  1017. struct vfio_irq_info info;
  1018. minsz = offsetofend(struct vfio_irq_info, count);
  1019. if (copy_from_user(&info, (void __user *)arg, minsz))
  1020. return -EFAULT;
  1021. if ((info.argsz < minsz) ||
  1022. (info.index >= VFIO_PCI_NUM_IRQS))
  1023. return -EINVAL;
  1024. ret = mbochs_get_irq_info(&info);
  1025. if (ret)
  1026. return ret;
  1027. if (copy_to_user((void __user *)arg, &info, minsz))
  1028. return -EFAULT;
  1029. return 0;
  1030. }
  1031. case VFIO_DEVICE_QUERY_GFX_PLANE:
  1032. {
  1033. struct vfio_device_gfx_plane_info plane = {};
  1034. minsz = offsetofend(struct vfio_device_gfx_plane_info,
  1035. region_index);
  1036. if (copy_from_user(&plane, (void __user *)arg, minsz))
  1037. return -EFAULT;
  1038. if (plane.argsz < minsz)
  1039. return -EINVAL;
  1040. ret = mbochs_query_gfx_plane(mdev_state, &plane);
  1041. if (ret)
  1042. return ret;
  1043. if (copy_to_user((void __user *)arg, &plane, minsz))
  1044. return -EFAULT;
  1045. return 0;
  1046. }
  1047. case VFIO_DEVICE_GET_GFX_DMABUF:
  1048. {
  1049. u32 dmabuf_id;
  1050. if (get_user(dmabuf_id, (__u32 __user *)arg))
  1051. return -EFAULT;
  1052. return mbochs_get_gfx_dmabuf(mdev_state, dmabuf_id);
  1053. }
  1054. case VFIO_DEVICE_SET_IRQS:
  1055. return -EINVAL;
  1056. case VFIO_DEVICE_RESET:
  1057. return mbochs_reset(mdev_state);
  1058. }
  1059. return -ENOTTY;
  1060. }
  1061. static void mbochs_close_device(struct vfio_device *vdev)
  1062. {
  1063. struct mdev_state *mdev_state =
  1064. container_of(vdev, struct mdev_state, vdev);
  1065. struct mbochs_dmabuf *dmabuf, *tmp;
  1066. mutex_lock(&mdev_state->ops_lock);
  1067. list_for_each_entry_safe(dmabuf, tmp, &mdev_state->dmabufs, next) {
  1068. list_del(&dmabuf->next);
  1069. if (dmabuf->buf) {
  1070. /* free in mbochs_release_dmabuf() */
  1071. dmabuf->unlinked = true;
  1072. } else {
  1073. kfree(dmabuf);
  1074. }
  1075. }
  1076. mbochs_put_pages(mdev_state);
  1077. mutex_unlock(&mdev_state->ops_lock);
  1078. }
  1079. static ssize_t
  1080. memory_show(struct device *dev, struct device_attribute *attr,
  1081. char *buf)
  1082. {
  1083. struct mdev_state *mdev_state = dev_get_drvdata(dev);
  1084. return sprintf(buf, "%d MB\n", mdev_state->type->mbytes);
  1085. }
  1086. static DEVICE_ATTR_RO(memory);
  1087. static struct attribute *mdev_dev_attrs[] = {
  1088. &dev_attr_memory.attr,
  1089. NULL,
  1090. };
  1091. static const struct attribute_group mdev_dev_group = {
  1092. .name = "vendor",
  1093. .attrs = mdev_dev_attrs,
  1094. };
  1095. static const struct attribute_group *mdev_dev_groups[] = {
  1096. &mdev_dev_group,
  1097. NULL,
  1098. };
  1099. static ssize_t mbochs_show_description(struct mdev_type *mtype, char *buf)
  1100. {
  1101. struct mbochs_type *type =
  1102. container_of(mtype, struct mbochs_type, type);
  1103. return sprintf(buf, "virtual display, %d MB video memory\n",
  1104. type ? type->mbytes : 0);
  1105. }
  1106. static unsigned int mbochs_get_available(struct mdev_type *mtype)
  1107. {
  1108. struct mbochs_type *type =
  1109. container_of(mtype, struct mbochs_type, type);
  1110. return atomic_read(&mbochs_avail_mbytes) / type->mbytes;
  1111. }
  1112. static const struct vfio_device_ops mbochs_dev_ops = {
  1113. .close_device = mbochs_close_device,
  1114. .init = mbochs_init_dev,
  1115. .release = mbochs_release_dev,
  1116. .read = mbochs_read,
  1117. .write = mbochs_write,
  1118. .ioctl = mbochs_ioctl,
  1119. .get_region_info_caps = mbochs_ioctl_get_region_info,
  1120. .mmap = mbochs_mmap,
  1121. .bind_iommufd = vfio_iommufd_emulated_bind,
  1122. .unbind_iommufd = vfio_iommufd_emulated_unbind,
  1123. .attach_ioas = vfio_iommufd_emulated_attach_ioas,
  1124. .detach_ioas = vfio_iommufd_emulated_detach_ioas,
  1125. };
  1126. static struct mdev_driver mbochs_driver = {
  1127. .device_api = VFIO_DEVICE_API_PCI_STRING,
  1128. .driver = {
  1129. .name = "mbochs",
  1130. .owner = THIS_MODULE,
  1131. .mod_name = KBUILD_MODNAME,
  1132. .dev_groups = mdev_dev_groups,
  1133. },
  1134. .probe = mbochs_probe,
  1135. .remove = mbochs_remove,
  1136. .get_available = mbochs_get_available,
  1137. .show_description = mbochs_show_description,
  1138. };
  1139. static const struct file_operations vd_fops = {
  1140. .owner = THIS_MODULE,
  1141. };
  1142. static void mbochs_device_release(struct device *dev)
  1143. {
  1144. /* nothing */
  1145. }
  1146. static int __init mbochs_dev_init(void)
  1147. {
  1148. int ret = 0;
  1149. atomic_set(&mbochs_avail_mbytes, max_mbytes);
  1150. ret = alloc_chrdev_region(&mbochs_devt, 0, MINORMASK + 1, MBOCHS_NAME);
  1151. if (ret < 0) {
  1152. pr_err("Error: failed to register mbochs_dev, err: %d\n", ret);
  1153. return ret;
  1154. }
  1155. cdev_init(&mbochs_cdev, &vd_fops);
  1156. cdev_add(&mbochs_cdev, mbochs_devt, MINORMASK + 1);
  1157. pr_info("%s: major %d\n", __func__, MAJOR(mbochs_devt));
  1158. ret = mdev_register_driver(&mbochs_driver);
  1159. if (ret)
  1160. goto err_cdev;
  1161. ret = class_register(&mbochs_class);
  1162. if (ret)
  1163. goto err_driver;
  1164. mbochs_dev.class = &mbochs_class;
  1165. mbochs_dev.release = mbochs_device_release;
  1166. dev_set_name(&mbochs_dev, "%s", MBOCHS_NAME);
  1167. ret = device_register(&mbochs_dev);
  1168. if (ret)
  1169. goto err_put;
  1170. ret = mdev_register_parent(&mbochs_parent, &mbochs_dev, &mbochs_driver,
  1171. mbochs_mdev_types,
  1172. ARRAY_SIZE(mbochs_mdev_types));
  1173. if (ret)
  1174. goto err_device;
  1175. return 0;
  1176. err_device:
  1177. device_del(&mbochs_dev);
  1178. err_put:
  1179. put_device(&mbochs_dev);
  1180. class_unregister(&mbochs_class);
  1181. err_driver:
  1182. mdev_unregister_driver(&mbochs_driver);
  1183. err_cdev:
  1184. cdev_del(&mbochs_cdev);
  1185. unregister_chrdev_region(mbochs_devt, MINORMASK + 1);
  1186. return ret;
  1187. }
  1188. static void __exit mbochs_dev_exit(void)
  1189. {
  1190. mbochs_dev.bus = NULL;
  1191. mdev_unregister_parent(&mbochs_parent);
  1192. device_unregister(&mbochs_dev);
  1193. mdev_unregister_driver(&mbochs_driver);
  1194. cdev_del(&mbochs_cdev);
  1195. unregister_chrdev_region(mbochs_devt, MINORMASK + 1);
  1196. class_unregister(&mbochs_class);
  1197. }
  1198. MODULE_IMPORT_NS("DMA_BUF");
  1199. module_init(mbochs_dev_init)
  1200. module_exit(mbochs_dev_exit)