1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Mediated virtual PCI display host device driver 4 * 5 * Emulate enough of qemu stdvga to make bochs-drm.ko happy. That is 6 * basically the vram memory bar and the bochs dispi interface vbe 7 * registers in the mmio register bar. Specifically it does *not* 8 * include any legacy vga stuff. Device looks a lot like "qemu -device 9 * secondary-vga". 10 * 11 * (c) Gerd Hoffmann <kraxel@redhat.com> 12 * 13 * based on mtty driver which is: 14 * Copyright (c) 2016, NVIDIA CORPORATION. All rights reserved. 15 * Author: Neo Jia <cjia@nvidia.com> 16 * Kirti Wankhede <kwankhede@nvidia.com> 17 * 18 * This program is free software; you can redistribute it and/or modify 19 * it under the terms of the GNU General Public License version 2 as 20 * published by the Free Software Foundation. 21 */ 22 #include <linux/init.h> 23 #include <linux/module.h> 24 #include <linux/device.h> 25 #include <linux/kernel.h> 26 #include <linux/slab.h> 27 #include <linux/vmalloc.h> 28 #include <linux/cdev.h> 29 #include <linux/vfio.h> 30 #include <linux/iommu.h> 31 #include <linux/sysfs.h> 32 #include <linux/mdev.h> 33 #include <linux/pci.h> 34 #include <linux/dma-buf.h> 35 #include <linux/highmem.h> 36 #include <drm/drm_fourcc.h> 37 #include <drm/drm_rect.h> 38 #include <drm/drm_modeset_lock.h> 39 #include <drm/drm_property.h> 40 #include <drm/drm_plane.h> 41 42 43 #define VBE_DISPI_INDEX_ID 0x0 44 #define VBE_DISPI_INDEX_XRES 0x1 45 #define VBE_DISPI_INDEX_YRES 0x2 46 #define VBE_DISPI_INDEX_BPP 0x3 47 #define VBE_DISPI_INDEX_ENABLE 0x4 48 #define VBE_DISPI_INDEX_BANK 0x5 49 #define VBE_DISPI_INDEX_VIRT_WIDTH 0x6 50 #define VBE_DISPI_INDEX_VIRT_HEIGHT 0x7 51 #define VBE_DISPI_INDEX_X_OFFSET 0x8 52 #define VBE_DISPI_INDEX_Y_OFFSET 0x9 53 #define VBE_DISPI_INDEX_VIDEO_MEMORY_64K 0xa 54 #define VBE_DISPI_INDEX_COUNT 0xb 55 56 #define VBE_DISPI_ID0 0xB0C0 57 #define VBE_DISPI_ID1 0xB0C1 58 #define VBE_DISPI_ID2 0xB0C2 59 #define VBE_DISPI_ID3 0xB0C3 60 #define VBE_DISPI_ID4 0xB0C4 61 #define VBE_DISPI_ID5 0xB0C5 62 63 #define VBE_DISPI_DISABLED 0x00 64 #define VBE_DISPI_ENABLED 0x01 65 #define VBE_DISPI_GETCAPS 0x02 66 #define VBE_DISPI_8BIT_DAC 0x20 67 #define VBE_DISPI_LFB_ENABLED 0x40 68 #define VBE_DISPI_NOCLEARMEM 0x80 69 70 71 #define MBOCHS_NAME "mbochs" 72 #define MBOCHS_CLASS_NAME "mbochs" 73 74 #define MBOCHS_EDID_REGION_INDEX VFIO_PCI_NUM_REGIONS 75 #define MBOCHS_NUM_REGIONS (MBOCHS_EDID_REGION_INDEX+1) 76 77 #define MBOCHS_CONFIG_SPACE_SIZE 0xff 78 #define MBOCHS_MMIO_BAR_OFFSET PAGE_SIZE 79 #define MBOCHS_MMIO_BAR_SIZE PAGE_SIZE 80 #define MBOCHS_EDID_OFFSET (MBOCHS_MMIO_BAR_OFFSET + \ 81 MBOCHS_MMIO_BAR_SIZE) 82 #define MBOCHS_EDID_SIZE PAGE_SIZE 83 #define MBOCHS_MEMORY_BAR_OFFSET (MBOCHS_EDID_OFFSET + \ 84 MBOCHS_EDID_SIZE) 85 86 #define MBOCHS_EDID_BLOB_OFFSET (MBOCHS_EDID_SIZE/2) 87 88 #define STORE_LE16(addr, val) (*(u16 *)addr = val) 89 #define STORE_LE32(addr, val) (*(u32 *)addr = val) 90 91 92 MODULE_LICENSE("GPL v2"); 93 94 static int max_mbytes = 256; 95 module_param_named(count, max_mbytes, int, 0444); 96 MODULE_PARM_DESC(mem, "megabytes available to " MBOCHS_NAME " devices"); 97 98 99 #define MBOCHS_TYPE_1 "small" 100 #define MBOCHS_TYPE_2 "medium" 101 #define MBOCHS_TYPE_3 "large" 102 103 static const struct mbochs_type { 104 const char *name; 105 u32 mbytes; 106 u32 max_x; 107 u32 max_y; 108 } mbochs_types[] = { 109 { 110 .name = MBOCHS_CLASS_NAME "-" MBOCHS_TYPE_1, 111 .mbytes = 4, 112 .max_x = 800, 113 .max_y = 600, 114 }, { 115 .name = MBOCHS_CLASS_NAME "-" MBOCHS_TYPE_2, 116 .mbytes = 16, 117 .max_x = 1920, 118 .max_y = 1440, 119 }, { 120 .name = MBOCHS_CLASS_NAME "-" MBOCHS_TYPE_3, 121 .mbytes = 64, 122 .max_x = 0, 123 .max_y = 0, 124 }, 125 }; 126 127 128 static dev_t mbochs_devt; 129 static struct class *mbochs_class; 130 static struct cdev mbochs_cdev; 131 static struct device mbochs_dev; 132 static atomic_t mbochs_avail_mbytes; 133 static const struct vfio_device_ops mbochs_dev_ops; 134 135 struct vfio_region_info_ext { 136 struct vfio_region_info base; 137 struct vfio_region_info_cap_type type; 138 }; 139 140 struct mbochs_mode { 141 u32 drm_format; 142 u32 bytepp; 143 u32 width; 144 u32 height; 145 u32 stride; 146 u32 __pad; 147 u64 offset; 148 u64 size; 149 }; 150 151 struct mbochs_dmabuf { 152 struct mbochs_mode mode; 153 u32 id; 154 struct page **pages; 155 pgoff_t pagecount; 156 struct dma_buf *buf; 157 struct mdev_state *mdev_state; 158 struct list_head next; 159 bool unlinked; 160 }; 161 162 /* State of each mdev device */ 163 struct mdev_state { 164 struct vfio_device vdev; 165 u8 *vconfig; 166 u64 bar_mask[3]; 167 u32 memory_bar_mask; 168 struct mutex ops_lock; 169 struct mdev_device *mdev; 170 171 const struct mbochs_type *type; 172 u16 vbe[VBE_DISPI_INDEX_COUNT]; 173 u64 memsize; 174 struct page **pages; 175 pgoff_t pagecount; 176 struct vfio_region_gfx_edid edid_regs; 177 u8 edid_blob[0x400]; 178 179 struct list_head dmabufs; 180 u32 active_id; 181 u32 next_id; 182 }; 183 184 static const char *vbe_name_list[VBE_DISPI_INDEX_COUNT] = { 185 [VBE_DISPI_INDEX_ID] = "id", 186 [VBE_DISPI_INDEX_XRES] = "xres", 187 [VBE_DISPI_INDEX_YRES] = "yres", 188 [VBE_DISPI_INDEX_BPP] = "bpp", 189 [VBE_DISPI_INDEX_ENABLE] = "enable", 190 [VBE_DISPI_INDEX_BANK] = "bank", 191 [VBE_DISPI_INDEX_VIRT_WIDTH] = "virt-width", 192 [VBE_DISPI_INDEX_VIRT_HEIGHT] = "virt-height", 193 [VBE_DISPI_INDEX_X_OFFSET] = "x-offset", 194 [VBE_DISPI_INDEX_Y_OFFSET] = "y-offset", 195 [VBE_DISPI_INDEX_VIDEO_MEMORY_64K] = "video-mem", 196 }; 197 198 static const char *vbe_name(u32 index) 199 { 200 if (index < ARRAY_SIZE(vbe_name_list)) 201 return vbe_name_list[index]; 202 return "(invalid)"; 203 } 204 205 static struct page *__mbochs_get_page(struct mdev_state *mdev_state, 206 pgoff_t pgoff); 207 static struct page *mbochs_get_page(struct mdev_state *mdev_state, 208 pgoff_t pgoff); 209 210 static void mbochs_create_config_space(struct mdev_state *mdev_state) 211 { 212 STORE_LE16((u16 *) &mdev_state->vconfig[PCI_VENDOR_ID], 213 0x1234); 214 STORE_LE16((u16 *) &mdev_state->vconfig[PCI_DEVICE_ID], 215 0x1111); 216 STORE_LE16((u16 *) &mdev_state->vconfig[PCI_SUBSYSTEM_VENDOR_ID], 217 PCI_SUBVENDOR_ID_REDHAT_QUMRANET); 218 STORE_LE16((u16 *) &mdev_state->vconfig[PCI_SUBSYSTEM_ID], 219 PCI_SUBDEVICE_ID_QEMU); 220 221 STORE_LE16((u16 *) &mdev_state->vconfig[PCI_COMMAND], 222 PCI_COMMAND_IO | PCI_COMMAND_MEMORY); 223 STORE_LE16((u16 *) &mdev_state->vconfig[PCI_CLASS_DEVICE], 224 PCI_CLASS_DISPLAY_OTHER); 225 mdev_state->vconfig[PCI_CLASS_REVISION] = 0x01; 226 227 STORE_LE32((u32 *) &mdev_state->vconfig[PCI_BASE_ADDRESS_0], 228 PCI_BASE_ADDRESS_SPACE_MEMORY | 229 PCI_BASE_ADDRESS_MEM_TYPE_32 | 230 PCI_BASE_ADDRESS_MEM_PREFETCH); 231 mdev_state->bar_mask[0] = ~(mdev_state->memsize) + 1; 232 233 STORE_LE32((u32 *) &mdev_state->vconfig[PCI_BASE_ADDRESS_2], 234 PCI_BASE_ADDRESS_SPACE_MEMORY | 235 PCI_BASE_ADDRESS_MEM_TYPE_32); 236 mdev_state->bar_mask[2] = ~(MBOCHS_MMIO_BAR_SIZE) + 1; 237 } 238 239 static int mbochs_check_framebuffer(struct mdev_state *mdev_state, 240 struct mbochs_mode *mode) 241 { 242 struct device *dev = mdev_dev(mdev_state->mdev); 243 u16 *vbe = mdev_state->vbe; 244 u32 virt_width; 245 246 WARN_ON(!mutex_is_locked(&mdev_state->ops_lock)); 247 248 if (!(vbe[VBE_DISPI_INDEX_ENABLE] & VBE_DISPI_ENABLED)) 249 goto nofb; 250 251 memset(mode, 0, sizeof(*mode)); 252 switch (vbe[VBE_DISPI_INDEX_BPP]) { 253 case 32: 254 mode->drm_format = DRM_FORMAT_XRGB8888; 255 mode->bytepp = 4; 256 break; 257 default: 258 dev_info_ratelimited(dev, "%s: bpp %d not supported\n", 259 __func__, vbe[VBE_DISPI_INDEX_BPP]); 260 goto nofb; 261 } 262 263 mode->width = vbe[VBE_DISPI_INDEX_XRES]; 264 mode->height = vbe[VBE_DISPI_INDEX_YRES]; 265 virt_width = vbe[VBE_DISPI_INDEX_VIRT_WIDTH]; 266 if (virt_width < mode->width) 267 virt_width = mode->width; 268 mode->stride = virt_width * mode->bytepp; 269 mode->size = (u64)mode->stride * mode->height; 270 mode->offset = ((u64)vbe[VBE_DISPI_INDEX_X_OFFSET] * mode->bytepp + 271 (u64)vbe[VBE_DISPI_INDEX_Y_OFFSET] * mode->stride); 272 273 if (mode->width < 64 || mode->height < 64) { 274 dev_info_ratelimited(dev, "%s: invalid resolution %dx%d\n", 275 __func__, mode->width, mode->height); 276 goto nofb; 277 } 278 if (mode->offset + mode->size > mdev_state->memsize) { 279 dev_info_ratelimited(dev, "%s: framebuffer memory overflow\n", 280 __func__); 281 goto nofb; 282 } 283 284 return 0; 285 286 nofb: 287 memset(mode, 0, sizeof(*mode)); 288 return -EINVAL; 289 } 290 291 static bool mbochs_modes_equal(struct mbochs_mode *mode1, 292 struct mbochs_mode *mode2) 293 { 294 return memcmp(mode1, mode2, sizeof(struct mbochs_mode)) == 0; 295 } 296 297 static void handle_pci_cfg_write(struct mdev_state *mdev_state, u16 offset, 298 char *buf, u32 count) 299 { 300 struct device *dev = mdev_dev(mdev_state->mdev); 301 int index = (offset - PCI_BASE_ADDRESS_0) / 0x04; 302 u32 cfg_addr; 303 304 switch (offset) { 305 case PCI_BASE_ADDRESS_0: 306 case PCI_BASE_ADDRESS_2: 307 cfg_addr = *(u32 *)buf; 308 309 if (cfg_addr == 0xffffffff) { 310 cfg_addr = (cfg_addr & mdev_state->bar_mask[index]); 311 } else { 312 cfg_addr &= PCI_BASE_ADDRESS_MEM_MASK; 313 if (cfg_addr) 314 dev_info(dev, "BAR #%d @ 0x%x\n", 315 index, cfg_addr); 316 } 317 318 cfg_addr |= (mdev_state->vconfig[offset] & 319 ~PCI_BASE_ADDRESS_MEM_MASK); 320 STORE_LE32(&mdev_state->vconfig[offset], cfg_addr); 321 break; 322 } 323 } 324 325 static void handle_mmio_write(struct mdev_state *mdev_state, u16 offset, 326 char *buf, u32 count) 327 { 328 struct device *dev = mdev_dev(mdev_state->mdev); 329 int index; 330 u16 reg16; 331 332 switch (offset) { 333 case 0x400 ... 0x41f: /* vga ioports remapped */ 334 goto unhandled; 335 case 0x500 ... 0x515: /* bochs dispi interface */ 336 if (count != 2) 337 goto unhandled; 338 index = (offset - 0x500) / 2; 339 reg16 = *(u16 *)buf; 340 if (index < ARRAY_SIZE(mdev_state->vbe)) 341 mdev_state->vbe[index] = reg16; 342 dev_dbg(dev, "%s: vbe write %d = %d (%s)\n", 343 __func__, index, reg16, vbe_name(index)); 344 break; 345 case 0x600 ... 0x607: /* qemu extended regs */ 346 goto unhandled; 347 default: 348 unhandled: 349 dev_dbg(dev, "%s: @0x%03x, count %d (unhandled)\n", 350 __func__, offset, count); 351 break; 352 } 353 } 354 355 static void handle_mmio_read(struct mdev_state *mdev_state, u16 offset, 356 char *buf, u32 count) 357 { 358 struct device *dev = mdev_dev(mdev_state->mdev); 359 struct vfio_region_gfx_edid *edid; 360 u16 reg16 = 0; 361 int index; 362 363 switch (offset) { 364 case 0x000 ... 0x3ff: /* edid block */ 365 edid = &mdev_state->edid_regs; 366 if (edid->link_state != VFIO_DEVICE_GFX_LINK_STATE_UP || 367 offset >= edid->edid_size) { 368 memset(buf, 0, count); 369 break; 370 } 371 memcpy(buf, mdev_state->edid_blob + offset, count); 372 break; 373 case 0x500 ... 0x515: /* bochs dispi interface */ 374 if (count != 2) 375 goto unhandled; 376 index = (offset - 0x500) / 2; 377 if (index < ARRAY_SIZE(mdev_state->vbe)) 378 reg16 = mdev_state->vbe[index]; 379 dev_dbg(dev, "%s: vbe read %d = %d (%s)\n", 380 __func__, index, reg16, vbe_name(index)); 381 *(u16 *)buf = reg16; 382 break; 383 default: 384 unhandled: 385 dev_dbg(dev, "%s: @0x%03x, count %d (unhandled)\n", 386 __func__, offset, count); 387 memset(buf, 0, count); 388 break; 389 } 390 } 391 392 static void handle_edid_regs(struct mdev_state *mdev_state, u16 offset, 393 char *buf, u32 count, bool is_write) 394 { 395 char *regs = (void *)&mdev_state->edid_regs; 396 397 if (offset + count > sizeof(mdev_state->edid_regs)) 398 return; 399 if (count != 4) 400 return; 401 if (offset % 4) 402 return; 403 404 if (is_write) { 405 switch (offset) { 406 case offsetof(struct vfio_region_gfx_edid, link_state): 407 case offsetof(struct vfio_region_gfx_edid, edid_size): 408 memcpy(regs + offset, buf, count); 409 break; 410 default: 411 /* read-only regs */ 412 break; 413 } 414 } else { 415 memcpy(buf, regs + offset, count); 416 } 417 } 418 419 static void handle_edid_blob(struct mdev_state *mdev_state, u16 offset, 420 char *buf, u32 count, bool is_write) 421 { 422 if (offset + count > mdev_state->edid_regs.edid_max_size) 423 return; 424 if (is_write) 425 memcpy(mdev_state->edid_blob + offset, buf, count); 426 else 427 memcpy(buf, mdev_state->edid_blob + offset, count); 428 } 429 430 static ssize_t mdev_access(struct mdev_state *mdev_state, char *buf, 431 size_t count, loff_t pos, bool is_write) 432 { 433 struct page *pg; 434 loff_t poff; 435 char *map; 436 int ret = 0; 437 438 mutex_lock(&mdev_state->ops_lock); 439 440 if (pos < MBOCHS_CONFIG_SPACE_SIZE) { 441 if (is_write) 442 handle_pci_cfg_write(mdev_state, pos, buf, count); 443 else 444 memcpy(buf, (mdev_state->vconfig + pos), count); 445 446 } else if (pos >= MBOCHS_MMIO_BAR_OFFSET && 447 pos + count <= (MBOCHS_MMIO_BAR_OFFSET + 448 MBOCHS_MMIO_BAR_SIZE)) { 449 pos -= MBOCHS_MMIO_BAR_OFFSET; 450 if (is_write) 451 handle_mmio_write(mdev_state, pos, buf, count); 452 else 453 handle_mmio_read(mdev_state, pos, buf, count); 454 455 } else if (pos >= MBOCHS_EDID_OFFSET && 456 pos + count <= (MBOCHS_EDID_OFFSET + 457 MBOCHS_EDID_SIZE)) { 458 pos -= MBOCHS_EDID_OFFSET; 459 if (pos < MBOCHS_EDID_BLOB_OFFSET) { 460 handle_edid_regs(mdev_state, pos, buf, count, is_write); 461 } else { 462 pos -= MBOCHS_EDID_BLOB_OFFSET; 463 handle_edid_blob(mdev_state, pos, buf, count, is_write); 464 } 465 466 } else if (pos >= MBOCHS_MEMORY_BAR_OFFSET && 467 pos + count <= 468 MBOCHS_MEMORY_BAR_OFFSET + mdev_state->memsize) { 469 pos -= MBOCHS_MMIO_BAR_OFFSET; 470 poff = pos & ~PAGE_MASK; 471 pg = __mbochs_get_page(mdev_state, pos >> PAGE_SHIFT); 472 map = kmap(pg); 473 if (is_write) 474 memcpy(map + poff, buf, count); 475 else 476 memcpy(buf, map + poff, count); 477 kunmap(pg); 478 put_page(pg); 479 480 } else { 481 dev_dbg(mdev_state->vdev.dev, "%s: %s @0x%llx (unhandled)\n", 482 __func__, is_write ? "WR" : "RD", pos); 483 ret = -1; 484 goto accessfailed; 485 } 486 487 ret = count; 488 489 490 accessfailed: 491 mutex_unlock(&mdev_state->ops_lock); 492 493 return ret; 494 } 495 496 static int mbochs_reset(struct mdev_state *mdev_state) 497 { 498 u32 size64k = mdev_state->memsize / (64 * 1024); 499 int i; 500 501 for (i = 0; i < ARRAY_SIZE(mdev_state->vbe); i++) 502 mdev_state->vbe[i] = 0; 503 mdev_state->vbe[VBE_DISPI_INDEX_ID] = VBE_DISPI_ID5; 504 mdev_state->vbe[VBE_DISPI_INDEX_VIDEO_MEMORY_64K] = size64k; 505 return 0; 506 } 507 508 static int mbochs_init_dev(struct vfio_device *vdev) 509 { 510 struct mdev_state *mdev_state = 511 container_of(vdev, struct mdev_state, vdev); 512 struct mdev_device *mdev = to_mdev_device(vdev->dev); 513 const struct mbochs_type *type = 514 &mbochs_types[mdev_get_type_group_id(mdev)]; 515 int avail_mbytes = atomic_read(&mbochs_avail_mbytes); 516 int ret = -ENOMEM; 517 518 do { 519 if (avail_mbytes < type->mbytes) 520 return -ENOSPC; 521 } while (!atomic_try_cmpxchg(&mbochs_avail_mbytes, &avail_mbytes, 522 avail_mbytes - type->mbytes)); 523 524 mdev_state->vconfig = kzalloc(MBOCHS_CONFIG_SPACE_SIZE, GFP_KERNEL); 525 if (!mdev_state->vconfig) 526 goto err_avail; 527 528 mdev_state->memsize = type->mbytes * 1024 * 1024; 529 mdev_state->pagecount = mdev_state->memsize >> PAGE_SHIFT; 530 mdev_state->pages = kcalloc(mdev_state->pagecount, 531 sizeof(struct page *), 532 GFP_KERNEL); 533 if (!mdev_state->pages) 534 goto err_vconfig; 535 536 mutex_init(&mdev_state->ops_lock); 537 mdev_state->mdev = mdev; 538 INIT_LIST_HEAD(&mdev_state->dmabufs); 539 mdev_state->next_id = 1; 540 541 mdev_state->type = type; 542 mdev_state->edid_regs.max_xres = type->max_x; 543 mdev_state->edid_regs.max_yres = type->max_y; 544 mdev_state->edid_regs.edid_offset = MBOCHS_EDID_BLOB_OFFSET; 545 mdev_state->edid_regs.edid_max_size = sizeof(mdev_state->edid_blob); 546 mbochs_create_config_space(mdev_state); 547 mbochs_reset(mdev_state); 548 549 dev_info(vdev->dev, "%s: %s, %d MB, %ld pages\n", __func__, 550 type->name, type->mbytes, mdev_state->pagecount); 551 return 0; 552 553 err_vconfig: 554 kfree(mdev_state->vconfig); 555 err_avail: 556 atomic_add(type->mbytes, &mbochs_avail_mbytes); 557 return ret; 558 } 559 560 static int mbochs_probe(struct mdev_device *mdev) 561 { 562 struct mdev_state *mdev_state; 563 int ret = -ENOMEM; 564 565 mdev_state = vfio_alloc_device(mdev_state, vdev, &mdev->dev, 566 &mbochs_dev_ops); 567 if (IS_ERR(mdev_state)) 568 return PTR_ERR(mdev_state); 569 570 ret = vfio_register_emulated_iommu_dev(&mdev_state->vdev); 571 if (ret) 572 goto err_put_vdev; 573 dev_set_drvdata(&mdev->dev, mdev_state); 574 return 0; 575 576 err_put_vdev: 577 vfio_put_device(&mdev_state->vdev); 578 return ret; 579 } 580 581 static void mbochs_release_dev(struct vfio_device *vdev) 582 { 583 struct mdev_state *mdev_state = 584 container_of(vdev, struct mdev_state, vdev); 585 586 atomic_add(mdev_state->type->mbytes, &mbochs_avail_mbytes); 587 kfree(mdev_state->pages); 588 kfree(mdev_state->vconfig); 589 vfio_free_device(vdev); 590 } 591 592 static void mbochs_remove(struct mdev_device *mdev) 593 { 594 struct mdev_state *mdev_state = dev_get_drvdata(&mdev->dev); 595 596 vfio_unregister_group_dev(&mdev_state->vdev); 597 vfio_put_device(&mdev_state->vdev); 598 } 599 600 static ssize_t mbochs_read(struct vfio_device *vdev, char __user *buf, 601 size_t count, loff_t *ppos) 602 { 603 struct mdev_state *mdev_state = 604 container_of(vdev, struct mdev_state, vdev); 605 unsigned int done = 0; 606 int ret; 607 608 while (count) { 609 size_t filled; 610 611 if (count >= 4 && !(*ppos % 4)) { 612 u32 val; 613 614 ret = mdev_access(mdev_state, (char *)&val, sizeof(val), 615 *ppos, false); 616 if (ret <= 0) 617 goto read_err; 618 619 if (copy_to_user(buf, &val, sizeof(val))) 620 goto read_err; 621 622 filled = 4; 623 } else if (count >= 2 && !(*ppos % 2)) { 624 u16 val; 625 626 ret = mdev_access(mdev_state, (char *)&val, sizeof(val), 627 *ppos, false); 628 if (ret <= 0) 629 goto read_err; 630 631 if (copy_to_user(buf, &val, sizeof(val))) 632 goto read_err; 633 634 filled = 2; 635 } else { 636 u8 val; 637 638 ret = mdev_access(mdev_state, (char *)&val, sizeof(val), 639 *ppos, false); 640 if (ret <= 0) 641 goto read_err; 642 643 if (copy_to_user(buf, &val, sizeof(val))) 644 goto read_err; 645 646 filled = 1; 647 } 648 649 count -= filled; 650 done += filled; 651 *ppos += filled; 652 buf += filled; 653 } 654 655 return done; 656 657 read_err: 658 return -EFAULT; 659 } 660 661 static ssize_t mbochs_write(struct vfio_device *vdev, const char __user *buf, 662 size_t count, loff_t *ppos) 663 { 664 struct mdev_state *mdev_state = 665 container_of(vdev, struct mdev_state, vdev); 666 unsigned int done = 0; 667 int ret; 668 669 while (count) { 670 size_t filled; 671 672 if (count >= 4 && !(*ppos % 4)) { 673 u32 val; 674 675 if (copy_from_user(&val, buf, sizeof(val))) 676 goto write_err; 677 678 ret = mdev_access(mdev_state, (char *)&val, sizeof(val), 679 *ppos, true); 680 if (ret <= 0) 681 goto write_err; 682 683 filled = 4; 684 } else if (count >= 2 && !(*ppos % 2)) { 685 u16 val; 686 687 if (copy_from_user(&val, buf, sizeof(val))) 688 goto write_err; 689 690 ret = mdev_access(mdev_state, (char *)&val, sizeof(val), 691 *ppos, true); 692 if (ret <= 0) 693 goto write_err; 694 695 filled = 2; 696 } else { 697 u8 val; 698 699 if (copy_from_user(&val, buf, sizeof(val))) 700 goto write_err; 701 702 ret = mdev_access(mdev_state, (char *)&val, sizeof(val), 703 *ppos, true); 704 if (ret <= 0) 705 goto write_err; 706 707 filled = 1; 708 } 709 count -= filled; 710 done += filled; 711 *ppos += filled; 712 buf += filled; 713 } 714 715 return done; 716 write_err: 717 return -EFAULT; 718 } 719 720 static struct page *__mbochs_get_page(struct mdev_state *mdev_state, 721 pgoff_t pgoff) 722 { 723 WARN_ON(!mutex_is_locked(&mdev_state->ops_lock)); 724 725 if (!mdev_state->pages[pgoff]) { 726 mdev_state->pages[pgoff] = 727 alloc_pages(GFP_HIGHUSER | __GFP_ZERO, 0); 728 if (!mdev_state->pages[pgoff]) 729 return NULL; 730 } 731 732 get_page(mdev_state->pages[pgoff]); 733 return mdev_state->pages[pgoff]; 734 } 735 736 static struct page *mbochs_get_page(struct mdev_state *mdev_state, 737 pgoff_t pgoff) 738 { 739 struct page *page; 740 741 if (WARN_ON(pgoff >= mdev_state->pagecount)) 742 return NULL; 743 744 mutex_lock(&mdev_state->ops_lock); 745 page = __mbochs_get_page(mdev_state, pgoff); 746 mutex_unlock(&mdev_state->ops_lock); 747 748 return page; 749 } 750 751 static void mbochs_put_pages(struct mdev_state *mdev_state) 752 { 753 struct device *dev = mdev_dev(mdev_state->mdev); 754 int i, count = 0; 755 756 WARN_ON(!mutex_is_locked(&mdev_state->ops_lock)); 757 758 for (i = 0; i < mdev_state->pagecount; i++) { 759 if (!mdev_state->pages[i]) 760 continue; 761 put_page(mdev_state->pages[i]); 762 mdev_state->pages[i] = NULL; 763 count++; 764 } 765 dev_dbg(dev, "%s: %d pages released\n", __func__, count); 766 } 767 768 static vm_fault_t mbochs_region_vm_fault(struct vm_fault *vmf) 769 { 770 struct vm_area_struct *vma = vmf->vma; 771 struct mdev_state *mdev_state = vma->vm_private_data; 772 pgoff_t page_offset = (vmf->address - vma->vm_start) >> PAGE_SHIFT; 773 774 if (page_offset >= mdev_state->pagecount) 775 return VM_FAULT_SIGBUS; 776 777 vmf->page = mbochs_get_page(mdev_state, page_offset); 778 if (!vmf->page) 779 return VM_FAULT_SIGBUS; 780 781 return 0; 782 } 783 784 static const struct vm_operations_struct mbochs_region_vm_ops = { 785 .fault = mbochs_region_vm_fault, 786 }; 787 788 static int mbochs_mmap(struct vfio_device *vdev, struct vm_area_struct *vma) 789 { 790 struct mdev_state *mdev_state = 791 container_of(vdev, struct mdev_state, vdev); 792 793 if (vma->vm_pgoff != MBOCHS_MEMORY_BAR_OFFSET >> PAGE_SHIFT) 794 return -EINVAL; 795 if (vma->vm_end < vma->vm_start) 796 return -EINVAL; 797 if (vma->vm_end - vma->vm_start > mdev_state->memsize) 798 return -EINVAL; 799 if ((vma->vm_flags & VM_SHARED) == 0) 800 return -EINVAL; 801 802 vma->vm_ops = &mbochs_region_vm_ops; 803 vma->vm_private_data = mdev_state; 804 return 0; 805 } 806 807 static vm_fault_t mbochs_dmabuf_vm_fault(struct vm_fault *vmf) 808 { 809 struct vm_area_struct *vma = vmf->vma; 810 struct mbochs_dmabuf *dmabuf = vma->vm_private_data; 811 812 if (WARN_ON(vmf->pgoff >= dmabuf->pagecount)) 813 return VM_FAULT_SIGBUS; 814 815 vmf->page = dmabuf->pages[vmf->pgoff]; 816 get_page(vmf->page); 817 return 0; 818 } 819 820 static const struct vm_operations_struct mbochs_dmabuf_vm_ops = { 821 .fault = mbochs_dmabuf_vm_fault, 822 }; 823 824 static int mbochs_mmap_dmabuf(struct dma_buf *buf, struct vm_area_struct *vma) 825 { 826 struct mbochs_dmabuf *dmabuf = buf->priv; 827 struct device *dev = mdev_dev(dmabuf->mdev_state->mdev); 828 829 dev_dbg(dev, "%s: %d\n", __func__, dmabuf->id); 830 831 if ((vma->vm_flags & VM_SHARED) == 0) 832 return -EINVAL; 833 834 vma->vm_ops = &mbochs_dmabuf_vm_ops; 835 vma->vm_private_data = dmabuf; 836 return 0; 837 } 838 839 static void mbochs_print_dmabuf(struct mbochs_dmabuf *dmabuf, 840 const char *prefix) 841 { 842 struct device *dev = mdev_dev(dmabuf->mdev_state->mdev); 843 u32 fourcc = dmabuf->mode.drm_format; 844 845 dev_dbg(dev, "%s/%d: %c%c%c%c, %dx%d, stride %d, off 0x%llx, size 0x%llx, pages %ld\n", 846 prefix, dmabuf->id, 847 fourcc ? ((fourcc >> 0) & 0xff) : '-', 848 fourcc ? ((fourcc >> 8) & 0xff) : '-', 849 fourcc ? ((fourcc >> 16) & 0xff) : '-', 850 fourcc ? ((fourcc >> 24) & 0xff) : '-', 851 dmabuf->mode.width, dmabuf->mode.height, dmabuf->mode.stride, 852 dmabuf->mode.offset, dmabuf->mode.size, dmabuf->pagecount); 853 } 854 855 static struct sg_table *mbochs_map_dmabuf(struct dma_buf_attachment *at, 856 enum dma_data_direction direction) 857 { 858 struct mbochs_dmabuf *dmabuf = at->dmabuf->priv; 859 struct device *dev = mdev_dev(dmabuf->mdev_state->mdev); 860 struct sg_table *sg; 861 862 dev_dbg(dev, "%s: %d\n", __func__, dmabuf->id); 863 864 sg = kzalloc(sizeof(*sg), GFP_KERNEL); 865 if (!sg) 866 goto err1; 867 if (sg_alloc_table_from_pages(sg, dmabuf->pages, dmabuf->pagecount, 868 0, dmabuf->mode.size, GFP_KERNEL) < 0) 869 goto err2; 870 if (dma_map_sgtable(at->dev, sg, direction, 0)) 871 goto err3; 872 873 return sg; 874 875 err3: 876 sg_free_table(sg); 877 err2: 878 kfree(sg); 879 err1: 880 return ERR_PTR(-ENOMEM); 881 } 882 883 static void mbochs_unmap_dmabuf(struct dma_buf_attachment *at, 884 struct sg_table *sg, 885 enum dma_data_direction direction) 886 { 887 struct mbochs_dmabuf *dmabuf = at->dmabuf->priv; 888 struct device *dev = mdev_dev(dmabuf->mdev_state->mdev); 889 890 dev_dbg(dev, "%s: %d\n", __func__, dmabuf->id); 891 892 dma_unmap_sgtable(at->dev, sg, direction, 0); 893 sg_free_table(sg); 894 kfree(sg); 895 } 896 897 static void mbochs_release_dmabuf(struct dma_buf *buf) 898 { 899 struct mbochs_dmabuf *dmabuf = buf->priv; 900 struct mdev_state *mdev_state = dmabuf->mdev_state; 901 struct device *dev = mdev_dev(mdev_state->mdev); 902 pgoff_t pg; 903 904 dev_dbg(dev, "%s: %d\n", __func__, dmabuf->id); 905 906 for (pg = 0; pg < dmabuf->pagecount; pg++) 907 put_page(dmabuf->pages[pg]); 908 909 mutex_lock(&mdev_state->ops_lock); 910 dmabuf->buf = NULL; 911 if (dmabuf->unlinked) 912 kfree(dmabuf); 913 mutex_unlock(&mdev_state->ops_lock); 914 } 915 916 static struct dma_buf_ops mbochs_dmabuf_ops = { 917 .map_dma_buf = mbochs_map_dmabuf, 918 .unmap_dma_buf = mbochs_unmap_dmabuf, 919 .release = mbochs_release_dmabuf, 920 .mmap = mbochs_mmap_dmabuf, 921 }; 922 923 static struct mbochs_dmabuf *mbochs_dmabuf_alloc(struct mdev_state *mdev_state, 924 struct mbochs_mode *mode) 925 { 926 struct mbochs_dmabuf *dmabuf; 927 pgoff_t page_offset, pg; 928 929 WARN_ON(!mutex_is_locked(&mdev_state->ops_lock)); 930 931 dmabuf = kzalloc(sizeof(struct mbochs_dmabuf), GFP_KERNEL); 932 if (!dmabuf) 933 return NULL; 934 935 dmabuf->mode = *mode; 936 dmabuf->id = mdev_state->next_id++; 937 dmabuf->pagecount = DIV_ROUND_UP(mode->size, PAGE_SIZE); 938 dmabuf->pages = kcalloc(dmabuf->pagecount, sizeof(struct page *), 939 GFP_KERNEL); 940 if (!dmabuf->pages) 941 goto err_free_dmabuf; 942 943 page_offset = dmabuf->mode.offset >> PAGE_SHIFT; 944 for (pg = 0; pg < dmabuf->pagecount; pg++) { 945 dmabuf->pages[pg] = __mbochs_get_page(mdev_state, 946 page_offset + pg); 947 if (!dmabuf->pages[pg]) 948 goto err_free_pages; 949 } 950 951 dmabuf->mdev_state = mdev_state; 952 list_add(&dmabuf->next, &mdev_state->dmabufs); 953 954 mbochs_print_dmabuf(dmabuf, __func__); 955 return dmabuf; 956 957 err_free_pages: 958 while (pg > 0) 959 put_page(dmabuf->pages[--pg]); 960 kfree(dmabuf->pages); 961 err_free_dmabuf: 962 kfree(dmabuf); 963 return NULL; 964 } 965 966 static struct mbochs_dmabuf * 967 mbochs_dmabuf_find_by_mode(struct mdev_state *mdev_state, 968 struct mbochs_mode *mode) 969 { 970 struct mbochs_dmabuf *dmabuf; 971 972 WARN_ON(!mutex_is_locked(&mdev_state->ops_lock)); 973 974 list_for_each_entry(dmabuf, &mdev_state->dmabufs, next) 975 if (mbochs_modes_equal(&dmabuf->mode, mode)) 976 return dmabuf; 977 978 return NULL; 979 } 980 981 static struct mbochs_dmabuf * 982 mbochs_dmabuf_find_by_id(struct mdev_state *mdev_state, u32 id) 983 { 984 struct mbochs_dmabuf *dmabuf; 985 986 WARN_ON(!mutex_is_locked(&mdev_state->ops_lock)); 987 988 list_for_each_entry(dmabuf, &mdev_state->dmabufs, next) 989 if (dmabuf->id == id) 990 return dmabuf; 991 992 return NULL; 993 } 994 995 static int mbochs_dmabuf_export(struct mbochs_dmabuf *dmabuf) 996 { 997 struct mdev_state *mdev_state = dmabuf->mdev_state; 998 struct device *dev = mdev_state->vdev.dev; 999 DEFINE_DMA_BUF_EXPORT_INFO(exp_info); 1000 struct dma_buf *buf; 1001 1002 WARN_ON(!mutex_is_locked(&mdev_state->ops_lock)); 1003 1004 if (!IS_ALIGNED(dmabuf->mode.offset, PAGE_SIZE)) { 1005 dev_info_ratelimited(dev, "%s: framebuffer not page-aligned\n", 1006 __func__); 1007 return -EINVAL; 1008 } 1009 1010 exp_info.ops = &mbochs_dmabuf_ops; 1011 exp_info.size = dmabuf->mode.size; 1012 exp_info.priv = dmabuf; 1013 1014 buf = dma_buf_export(&exp_info); 1015 if (IS_ERR(buf)) { 1016 dev_info_ratelimited(dev, "%s: dma_buf_export failed: %ld\n", 1017 __func__, PTR_ERR(buf)); 1018 return PTR_ERR(buf); 1019 } 1020 1021 dmabuf->buf = buf; 1022 dev_dbg(dev, "%s: %d\n", __func__, dmabuf->id); 1023 return 0; 1024 } 1025 1026 static int mbochs_get_region_info(struct mdev_state *mdev_state, 1027 struct vfio_region_info_ext *ext) 1028 { 1029 struct vfio_region_info *region_info = &ext->base; 1030 1031 if (region_info->index >= MBOCHS_NUM_REGIONS) 1032 return -EINVAL; 1033 1034 switch (region_info->index) { 1035 case VFIO_PCI_CONFIG_REGION_INDEX: 1036 region_info->offset = 0; 1037 region_info->size = MBOCHS_CONFIG_SPACE_SIZE; 1038 region_info->flags = (VFIO_REGION_INFO_FLAG_READ | 1039 VFIO_REGION_INFO_FLAG_WRITE); 1040 break; 1041 case VFIO_PCI_BAR0_REGION_INDEX: 1042 region_info->offset = MBOCHS_MEMORY_BAR_OFFSET; 1043 region_info->size = mdev_state->memsize; 1044 region_info->flags = (VFIO_REGION_INFO_FLAG_READ | 1045 VFIO_REGION_INFO_FLAG_WRITE | 1046 VFIO_REGION_INFO_FLAG_MMAP); 1047 break; 1048 case VFIO_PCI_BAR2_REGION_INDEX: 1049 region_info->offset = MBOCHS_MMIO_BAR_OFFSET; 1050 region_info->size = MBOCHS_MMIO_BAR_SIZE; 1051 region_info->flags = (VFIO_REGION_INFO_FLAG_READ | 1052 VFIO_REGION_INFO_FLAG_WRITE); 1053 break; 1054 case MBOCHS_EDID_REGION_INDEX: 1055 ext->base.argsz = sizeof(*ext); 1056 ext->base.offset = MBOCHS_EDID_OFFSET; 1057 ext->base.size = MBOCHS_EDID_SIZE; 1058 ext->base.flags = (VFIO_REGION_INFO_FLAG_READ | 1059 VFIO_REGION_INFO_FLAG_WRITE | 1060 VFIO_REGION_INFO_FLAG_CAPS); 1061 ext->base.cap_offset = offsetof(typeof(*ext), type); 1062 ext->type.header.id = VFIO_REGION_INFO_CAP_TYPE; 1063 ext->type.header.version = 1; 1064 ext->type.header.next = 0; 1065 ext->type.type = VFIO_REGION_TYPE_GFX; 1066 ext->type.subtype = VFIO_REGION_SUBTYPE_GFX_EDID; 1067 break; 1068 default: 1069 region_info->size = 0; 1070 region_info->offset = 0; 1071 region_info->flags = 0; 1072 } 1073 1074 return 0; 1075 } 1076 1077 static int mbochs_get_irq_info(struct vfio_irq_info *irq_info) 1078 { 1079 irq_info->count = 0; 1080 return 0; 1081 } 1082 1083 static int mbochs_get_device_info(struct vfio_device_info *dev_info) 1084 { 1085 dev_info->flags = VFIO_DEVICE_FLAGS_PCI; 1086 dev_info->num_regions = MBOCHS_NUM_REGIONS; 1087 dev_info->num_irqs = VFIO_PCI_NUM_IRQS; 1088 return 0; 1089 } 1090 1091 static int mbochs_query_gfx_plane(struct mdev_state *mdev_state, 1092 struct vfio_device_gfx_plane_info *plane) 1093 { 1094 struct mbochs_dmabuf *dmabuf; 1095 struct mbochs_mode mode; 1096 int ret; 1097 1098 if (plane->flags & VFIO_GFX_PLANE_TYPE_PROBE) { 1099 if (plane->flags == (VFIO_GFX_PLANE_TYPE_PROBE | 1100 VFIO_GFX_PLANE_TYPE_DMABUF)) 1101 return 0; 1102 return -EINVAL; 1103 } 1104 1105 if (plane->flags != VFIO_GFX_PLANE_TYPE_DMABUF) 1106 return -EINVAL; 1107 1108 plane->drm_format_mod = 0; 1109 plane->x_pos = 0; 1110 plane->y_pos = 0; 1111 plane->x_hot = 0; 1112 plane->y_hot = 0; 1113 1114 mutex_lock(&mdev_state->ops_lock); 1115 1116 ret = -EINVAL; 1117 if (plane->drm_plane_type == DRM_PLANE_TYPE_PRIMARY) 1118 ret = mbochs_check_framebuffer(mdev_state, &mode); 1119 if (ret < 0) { 1120 plane->drm_format = 0; 1121 plane->width = 0; 1122 plane->height = 0; 1123 plane->stride = 0; 1124 plane->size = 0; 1125 plane->dmabuf_id = 0; 1126 goto done; 1127 } 1128 1129 dmabuf = mbochs_dmabuf_find_by_mode(mdev_state, &mode); 1130 if (!dmabuf) 1131 mbochs_dmabuf_alloc(mdev_state, &mode); 1132 if (!dmabuf) { 1133 mutex_unlock(&mdev_state->ops_lock); 1134 return -ENOMEM; 1135 } 1136 1137 plane->drm_format = dmabuf->mode.drm_format; 1138 plane->width = dmabuf->mode.width; 1139 plane->height = dmabuf->mode.height; 1140 plane->stride = dmabuf->mode.stride; 1141 plane->size = dmabuf->mode.size; 1142 plane->dmabuf_id = dmabuf->id; 1143 1144 done: 1145 if (plane->drm_plane_type == DRM_PLANE_TYPE_PRIMARY && 1146 mdev_state->active_id != plane->dmabuf_id) { 1147 dev_dbg(mdev_state->vdev.dev, "%s: primary: %d => %d\n", 1148 __func__, mdev_state->active_id, plane->dmabuf_id); 1149 mdev_state->active_id = plane->dmabuf_id; 1150 } 1151 mutex_unlock(&mdev_state->ops_lock); 1152 return 0; 1153 } 1154 1155 static int mbochs_get_gfx_dmabuf(struct mdev_state *mdev_state, u32 id) 1156 { 1157 struct mbochs_dmabuf *dmabuf; 1158 1159 mutex_lock(&mdev_state->ops_lock); 1160 1161 dmabuf = mbochs_dmabuf_find_by_id(mdev_state, id); 1162 if (!dmabuf) { 1163 mutex_unlock(&mdev_state->ops_lock); 1164 return -ENOENT; 1165 } 1166 1167 if (!dmabuf->buf) 1168 mbochs_dmabuf_export(dmabuf); 1169 1170 mutex_unlock(&mdev_state->ops_lock); 1171 1172 if (!dmabuf->buf) 1173 return -EINVAL; 1174 1175 return dma_buf_fd(dmabuf->buf, 0); 1176 } 1177 1178 static long mbochs_ioctl(struct vfio_device *vdev, unsigned int cmd, 1179 unsigned long arg) 1180 { 1181 struct mdev_state *mdev_state = 1182 container_of(vdev, struct mdev_state, vdev); 1183 int ret = 0; 1184 unsigned long minsz, outsz; 1185 1186 switch (cmd) { 1187 case VFIO_DEVICE_GET_INFO: 1188 { 1189 struct vfio_device_info info; 1190 1191 minsz = offsetofend(struct vfio_device_info, num_irqs); 1192 1193 if (copy_from_user(&info, (void __user *)arg, minsz)) 1194 return -EFAULT; 1195 1196 if (info.argsz < minsz) 1197 return -EINVAL; 1198 1199 ret = mbochs_get_device_info(&info); 1200 if (ret) 1201 return ret; 1202 1203 if (copy_to_user((void __user *)arg, &info, minsz)) 1204 return -EFAULT; 1205 1206 return 0; 1207 } 1208 case VFIO_DEVICE_GET_REGION_INFO: 1209 { 1210 struct vfio_region_info_ext info; 1211 1212 minsz = offsetofend(typeof(info), base.offset); 1213 1214 if (copy_from_user(&info, (void __user *)arg, minsz)) 1215 return -EFAULT; 1216 1217 outsz = info.base.argsz; 1218 if (outsz < minsz) 1219 return -EINVAL; 1220 if (outsz > sizeof(info)) 1221 return -EINVAL; 1222 1223 ret = mbochs_get_region_info(mdev_state, &info); 1224 if (ret) 1225 return ret; 1226 1227 if (copy_to_user((void __user *)arg, &info, outsz)) 1228 return -EFAULT; 1229 1230 return 0; 1231 } 1232 1233 case VFIO_DEVICE_GET_IRQ_INFO: 1234 { 1235 struct vfio_irq_info info; 1236 1237 minsz = offsetofend(struct vfio_irq_info, count); 1238 1239 if (copy_from_user(&info, (void __user *)arg, minsz)) 1240 return -EFAULT; 1241 1242 if ((info.argsz < minsz) || 1243 (info.index >= VFIO_PCI_NUM_IRQS)) 1244 return -EINVAL; 1245 1246 ret = mbochs_get_irq_info(&info); 1247 if (ret) 1248 return ret; 1249 1250 if (copy_to_user((void __user *)arg, &info, minsz)) 1251 return -EFAULT; 1252 1253 return 0; 1254 } 1255 1256 case VFIO_DEVICE_QUERY_GFX_PLANE: 1257 { 1258 struct vfio_device_gfx_plane_info plane; 1259 1260 minsz = offsetofend(struct vfio_device_gfx_plane_info, 1261 region_index); 1262 1263 if (copy_from_user(&plane, (void __user *)arg, minsz)) 1264 return -EFAULT; 1265 1266 if (plane.argsz < minsz) 1267 return -EINVAL; 1268 1269 ret = mbochs_query_gfx_plane(mdev_state, &plane); 1270 if (ret) 1271 return ret; 1272 1273 if (copy_to_user((void __user *)arg, &plane, minsz)) 1274 return -EFAULT; 1275 1276 return 0; 1277 } 1278 1279 case VFIO_DEVICE_GET_GFX_DMABUF: 1280 { 1281 u32 dmabuf_id; 1282 1283 if (get_user(dmabuf_id, (__u32 __user *)arg)) 1284 return -EFAULT; 1285 1286 return mbochs_get_gfx_dmabuf(mdev_state, dmabuf_id); 1287 } 1288 1289 case VFIO_DEVICE_SET_IRQS: 1290 return -EINVAL; 1291 1292 case VFIO_DEVICE_RESET: 1293 return mbochs_reset(mdev_state); 1294 } 1295 return -ENOTTY; 1296 } 1297 1298 static void mbochs_close_device(struct vfio_device *vdev) 1299 { 1300 struct mdev_state *mdev_state = 1301 container_of(vdev, struct mdev_state, vdev); 1302 struct mbochs_dmabuf *dmabuf, *tmp; 1303 1304 mutex_lock(&mdev_state->ops_lock); 1305 1306 list_for_each_entry_safe(dmabuf, tmp, &mdev_state->dmabufs, next) { 1307 list_del(&dmabuf->next); 1308 if (dmabuf->buf) { 1309 /* free in mbochs_release_dmabuf() */ 1310 dmabuf->unlinked = true; 1311 } else { 1312 kfree(dmabuf); 1313 } 1314 } 1315 mbochs_put_pages(mdev_state); 1316 1317 mutex_unlock(&mdev_state->ops_lock); 1318 } 1319 1320 static ssize_t 1321 memory_show(struct device *dev, struct device_attribute *attr, 1322 char *buf) 1323 { 1324 struct mdev_state *mdev_state = dev_get_drvdata(dev); 1325 1326 return sprintf(buf, "%d MB\n", mdev_state->type->mbytes); 1327 } 1328 static DEVICE_ATTR_RO(memory); 1329 1330 static struct attribute *mdev_dev_attrs[] = { 1331 &dev_attr_memory.attr, 1332 NULL, 1333 }; 1334 1335 static const struct attribute_group mdev_dev_group = { 1336 .name = "vendor", 1337 .attrs = mdev_dev_attrs, 1338 }; 1339 1340 static const struct attribute_group *mdev_dev_groups[] = { 1341 &mdev_dev_group, 1342 NULL, 1343 }; 1344 1345 static ssize_t name_show(struct mdev_type *mtype, 1346 struct mdev_type_attribute *attr, char *buf) 1347 { 1348 const struct mbochs_type *type = 1349 &mbochs_types[mtype_get_type_group_id(mtype)]; 1350 1351 return sprintf(buf, "%s\n", type->name); 1352 } 1353 static MDEV_TYPE_ATTR_RO(name); 1354 1355 static ssize_t description_show(struct mdev_type *mtype, 1356 struct mdev_type_attribute *attr, char *buf) 1357 { 1358 const struct mbochs_type *type = 1359 &mbochs_types[mtype_get_type_group_id(mtype)]; 1360 1361 return sprintf(buf, "virtual display, %d MB video memory\n", 1362 type ? type->mbytes : 0); 1363 } 1364 static MDEV_TYPE_ATTR_RO(description); 1365 1366 static ssize_t available_instances_show(struct mdev_type *mtype, 1367 struct mdev_type_attribute *attr, 1368 char *buf) 1369 { 1370 const struct mbochs_type *type = 1371 &mbochs_types[mtype_get_type_group_id(mtype)]; 1372 int count = atomic_read(&mbochs_avail_mbytes) / type->mbytes; 1373 1374 return sprintf(buf, "%d\n", count); 1375 } 1376 static MDEV_TYPE_ATTR_RO(available_instances); 1377 1378 static ssize_t device_api_show(struct mdev_type *mtype, 1379 struct mdev_type_attribute *attr, char *buf) 1380 { 1381 return sprintf(buf, "%s\n", VFIO_DEVICE_API_PCI_STRING); 1382 } 1383 static MDEV_TYPE_ATTR_RO(device_api); 1384 1385 static struct attribute *mdev_types_attrs[] = { 1386 &mdev_type_attr_name.attr, 1387 &mdev_type_attr_description.attr, 1388 &mdev_type_attr_device_api.attr, 1389 &mdev_type_attr_available_instances.attr, 1390 NULL, 1391 }; 1392 1393 static struct attribute_group mdev_type_group1 = { 1394 .name = MBOCHS_TYPE_1, 1395 .attrs = mdev_types_attrs, 1396 }; 1397 1398 static struct attribute_group mdev_type_group2 = { 1399 .name = MBOCHS_TYPE_2, 1400 .attrs = mdev_types_attrs, 1401 }; 1402 1403 static struct attribute_group mdev_type_group3 = { 1404 .name = MBOCHS_TYPE_3, 1405 .attrs = mdev_types_attrs, 1406 }; 1407 1408 static struct attribute_group *mdev_type_groups[] = { 1409 &mdev_type_group1, 1410 &mdev_type_group2, 1411 &mdev_type_group3, 1412 NULL, 1413 }; 1414 1415 static const struct vfio_device_ops mbochs_dev_ops = { 1416 .close_device = mbochs_close_device, 1417 .init = mbochs_init_dev, 1418 .release = mbochs_release_dev, 1419 .read = mbochs_read, 1420 .write = mbochs_write, 1421 .ioctl = mbochs_ioctl, 1422 .mmap = mbochs_mmap, 1423 }; 1424 1425 static struct mdev_driver mbochs_driver = { 1426 .driver = { 1427 .name = "mbochs", 1428 .owner = THIS_MODULE, 1429 .mod_name = KBUILD_MODNAME, 1430 .dev_groups = mdev_dev_groups, 1431 }, 1432 .probe = mbochs_probe, 1433 .remove = mbochs_remove, 1434 .supported_type_groups = mdev_type_groups, 1435 }; 1436 1437 static const struct file_operations vd_fops = { 1438 .owner = THIS_MODULE, 1439 }; 1440 1441 static void mbochs_device_release(struct device *dev) 1442 { 1443 /* nothing */ 1444 } 1445 1446 static int __init mbochs_dev_init(void) 1447 { 1448 int ret = 0; 1449 1450 atomic_set(&mbochs_avail_mbytes, max_mbytes); 1451 1452 ret = alloc_chrdev_region(&mbochs_devt, 0, MINORMASK + 1, MBOCHS_NAME); 1453 if (ret < 0) { 1454 pr_err("Error: failed to register mbochs_dev, err: %d\n", ret); 1455 return ret; 1456 } 1457 cdev_init(&mbochs_cdev, &vd_fops); 1458 cdev_add(&mbochs_cdev, mbochs_devt, MINORMASK + 1); 1459 pr_info("%s: major %d\n", __func__, MAJOR(mbochs_devt)); 1460 1461 ret = mdev_register_driver(&mbochs_driver); 1462 if (ret) 1463 goto err_cdev; 1464 1465 mbochs_class = class_create(THIS_MODULE, MBOCHS_CLASS_NAME); 1466 if (IS_ERR(mbochs_class)) { 1467 pr_err("Error: failed to register mbochs_dev class\n"); 1468 ret = PTR_ERR(mbochs_class); 1469 goto err_driver; 1470 } 1471 mbochs_dev.class = mbochs_class; 1472 mbochs_dev.release = mbochs_device_release; 1473 dev_set_name(&mbochs_dev, "%s", MBOCHS_NAME); 1474 1475 ret = device_register(&mbochs_dev); 1476 if (ret) 1477 goto err_class; 1478 1479 ret = mdev_register_device(&mbochs_dev, &mbochs_driver); 1480 if (ret) 1481 goto err_device; 1482 1483 return 0; 1484 1485 err_device: 1486 device_unregister(&mbochs_dev); 1487 err_class: 1488 class_destroy(mbochs_class); 1489 err_driver: 1490 mdev_unregister_driver(&mbochs_driver); 1491 err_cdev: 1492 cdev_del(&mbochs_cdev); 1493 unregister_chrdev_region(mbochs_devt, MINORMASK + 1); 1494 return ret; 1495 } 1496 1497 static void __exit mbochs_dev_exit(void) 1498 { 1499 mbochs_dev.bus = NULL; 1500 mdev_unregister_device(&mbochs_dev); 1501 1502 device_unregister(&mbochs_dev); 1503 mdev_unregister_driver(&mbochs_driver); 1504 cdev_del(&mbochs_cdev); 1505 unregister_chrdev_region(mbochs_devt, MINORMASK + 1); 1506 class_destroy(mbochs_class); 1507 mbochs_class = NULL; 1508 } 1509 1510 MODULE_IMPORT_NS(DMA_BUF); 1511 module_init(mbochs_dev_init) 1512 module_exit(mbochs_dev_exit) 1513