1// SPDX-License-Identifier: GPL-2.0
2/*
3 * Mediated virtual PCI display host device driver
4 *
5 * Emulate enough of qemu stdvga to make bochs-drm.ko happy. That is
6 * basically the vram memory bar and the bochs dispi interface vbe
7 * registers in the mmio register bar. Specifically it does *not*
8 * include any legacy vga stuff. Device looks a lot like "qemu -device
9 * secondary-vga".
10 *
11 * (c) Gerd Hoffmann <kraxel@redhat.com>
12 *
13 * based on mtty driver which is:
14 * Copyright (c) 2016, NVIDIA CORPORATION. All rights reserved.
15 * Author: Neo Jia <cjia@nvidia.com>
16 * Kirti Wankhede <kwankhede@nvidia.com>
17 *
18 * This program is free software; you can redistribute it and/or modify
19 * it under the terms of the GNU General Public License version 2 as
20 * published by the Free Software Foundation.
21 */
22#include <linux/init.h>
23#include <linux/module.h>
24#include <linux/kernel.h>
25#include <linux/slab.h>
26#include <linux/vmalloc.h>
27#include <linux/cdev.h>
28#include <linux/vfio.h>
29#include <linux/iommu.h>
30#include <linux/sysfs.h>
31#include <linux/mdev.h>
32#include <linux/pci.h>
33#include <linux/dma-buf.h>
34#include <linux/highmem.h>
35#include <drm/drm_fourcc.h>
36#include <drm/drm_rect.h>
37#include <drm/drm_modeset_lock.h>
38#include <drm/drm_property.h>
39#include <drm/drm_plane.h>
40
41
42#define VBE_DISPI_INDEX_ID 0x0
43#define VBE_DISPI_INDEX_XRES 0x1
44#define VBE_DISPI_INDEX_YRES 0x2
45#define VBE_DISPI_INDEX_BPP 0x3
46#define VBE_DISPI_INDEX_ENABLE 0x4
47#define VBE_DISPI_INDEX_BANK 0x5
48#define VBE_DISPI_INDEX_VIRT_WIDTH 0x6
49#define VBE_DISPI_INDEX_VIRT_HEIGHT 0x7
50#define VBE_DISPI_INDEX_X_OFFSET 0x8
51#define VBE_DISPI_INDEX_Y_OFFSET 0x9
52#define VBE_DISPI_INDEX_VIDEO_MEMORY_64K 0xa
53#define VBE_DISPI_INDEX_COUNT 0xb
54
55#define VBE_DISPI_ID0 0xB0C0
56#define VBE_DISPI_ID1 0xB0C1
57#define VBE_DISPI_ID2 0xB0C2
58#define VBE_DISPI_ID3 0xB0C3
59#define VBE_DISPI_ID4 0xB0C4
60#define VBE_DISPI_ID5 0xB0C5
61
62#define VBE_DISPI_DISABLED 0x00
63#define VBE_DISPI_ENABLED 0x01
64#define VBE_DISPI_GETCAPS 0x02
65#define VBE_DISPI_8BIT_DAC 0x20
66#define VBE_DISPI_LFB_ENABLED 0x40
67#define VBE_DISPI_NOCLEARMEM 0x80
68
69
70#define MBOCHS_NAME "mbochs"
71#define MBOCHS_CLASS_NAME "mbochs"
72
73#define MBOCHS_EDID_REGION_INDEX VFIO_PCI_NUM_REGIONS
74#define MBOCHS_NUM_REGIONS (MBOCHS_EDID_REGION_INDEX+1)
75
76#define MBOCHS_CONFIG_SPACE_SIZE 0xff
77#define MBOCHS_MMIO_BAR_OFFSET PAGE_SIZE
78#define MBOCHS_MMIO_BAR_SIZE PAGE_SIZE
79#define MBOCHS_EDID_OFFSET (MBOCHS_MMIO_BAR_OFFSET + \
80 MBOCHS_MMIO_BAR_SIZE)
81#define MBOCHS_EDID_SIZE PAGE_SIZE
82#define MBOCHS_MEMORY_BAR_OFFSET (MBOCHS_EDID_OFFSET + \
83 MBOCHS_EDID_SIZE)
84
85#define MBOCHS_EDID_BLOB_OFFSET (MBOCHS_EDID_SIZE/2)
86
87#define STORE_LE16(addr, val) (*(u16 *)addr = val)
88#define STORE_LE32(addr, val) (*(u32 *)addr = val)
89
90
91MODULE_LICENSE("GPL v2");
92
93static int max_mbytes = 256;
94module_param_named(count, max_mbytes, int, 0444);
95MODULE_PARM_DESC(mem, "megabytes available to " MBOCHS_NAME " devices");
96
97
98#define MBOCHS_TYPE_1 "small"
99#define MBOCHS_TYPE_2 "medium"
100#define MBOCHS_TYPE_3 "large"
101
102static struct mbochs_type {
103 struct mdev_type type;
104 u32 mbytes;
105 u32 max_x;
106 u32 max_y;
107} mbochs_types[] = {
108 {
109 .type.sysfs_name = MBOCHS_TYPE_1,
110 .type.pretty_name = MBOCHS_CLASS_NAME "-" MBOCHS_TYPE_1,
111 .mbytes = 4,
112 .max_x = 800,
113 .max_y = 600,
114 }, {
115 .type.sysfs_name = MBOCHS_TYPE_2,
116 .type.pretty_name = MBOCHS_CLASS_NAME "-" MBOCHS_TYPE_2,
117 .mbytes = 16,
118 .max_x = 1920,
119 .max_y = 1440,
120 }, {
121 .type.sysfs_name = MBOCHS_TYPE_3,
122 .type.pretty_name = MBOCHS_CLASS_NAME "-" MBOCHS_TYPE_3,
123 .mbytes = 64,
124 .max_x = 0,
125 .max_y = 0,
126 },
127};
128
129static struct mdev_type *mbochs_mdev_types[] = {
130 &mbochs_types[0].type,
131 &mbochs_types[1].type,
132 &mbochs_types[2].type,
133};
134
135static dev_t mbochs_devt;
136static const struct class mbochs_class = {
137 .name = MBOCHS_CLASS_NAME,
138};
139static struct cdev mbochs_cdev;
140static struct device mbochs_dev;
141static struct mdev_parent mbochs_parent;
142static atomic_t mbochs_avail_mbytes;
143static const struct vfio_device_ops mbochs_dev_ops;
144
145struct vfio_region_info_ext {
146 struct vfio_region_info base;
147 struct vfio_region_info_cap_type type;
148};
149
150struct mbochs_mode {
151 u32 drm_format;
152 u32 bytepp;
153 u32 width;
154 u32 height;
155 u32 stride;
156 u32 __pad;
157 u64 offset;
158 u64 size;
159};
160
161struct mbochs_dmabuf {
162 struct mbochs_mode mode;
163 u32 id;
164 struct page **pages;
165 pgoff_t pagecount;
166 struct dma_buf *buf;
167 struct mdev_state *mdev_state;
168 struct list_head next;
169 bool unlinked;
170};
171
172/* State of each mdev device */
173struct mdev_state {
174 struct vfio_device vdev;
175 u8 *vconfig;
176 u64 bar_mask[3];
177 u32 memory_bar_mask;
178 struct mutex ops_lock;
179 struct mdev_device *mdev;
180
181 const struct mbochs_type *type;
182 u16 vbe[VBE_DISPI_INDEX_COUNT];
183 u64 memsize;
184 struct page **pages;
185 pgoff_t pagecount;
186 struct vfio_region_gfx_edid edid_regs;
187 u8 edid_blob[0x400];
188
189 struct list_head dmabufs;
190 u32 active_id;
191 u32 next_id;
192};
193
194static const char *vbe_name_list[VBE_DISPI_INDEX_COUNT] = {
195 [VBE_DISPI_INDEX_ID] = "id",
196 [VBE_DISPI_INDEX_XRES] = "xres",
197 [VBE_DISPI_INDEX_YRES] = "yres",
198 [VBE_DISPI_INDEX_BPP] = "bpp",
199 [VBE_DISPI_INDEX_ENABLE] = "enable",
200 [VBE_DISPI_INDEX_BANK] = "bank",
201 [VBE_DISPI_INDEX_VIRT_WIDTH] = "virt-width",
202 [VBE_DISPI_INDEX_VIRT_HEIGHT] = "virt-height",
203 [VBE_DISPI_INDEX_X_OFFSET] = "x-offset",
204 [VBE_DISPI_INDEX_Y_OFFSET] = "y-offset",
205 [VBE_DISPI_INDEX_VIDEO_MEMORY_64K] = "video-mem",
206};
207
208static const char *vbe_name(u32 index)
209{
210 if (index < ARRAY_SIZE(vbe_name_list))
211 return vbe_name_list[index];
212 return "(invalid)";
213}
214
215static struct page *__mbochs_get_page(struct mdev_state *mdev_state,
216 pgoff_t pgoff);
217static struct page *mbochs_get_page(struct mdev_state *mdev_state,
218 pgoff_t pgoff);
219
220static void mbochs_create_config_space(struct mdev_state *mdev_state)
221{
222 STORE_LE16((u16 *) &mdev_state->vconfig[PCI_VENDOR_ID],
223 0x1234);
224 STORE_LE16((u16 *) &mdev_state->vconfig[PCI_DEVICE_ID],
225 0x1111);
226 STORE_LE16((u16 *) &mdev_state->vconfig[PCI_SUBSYSTEM_VENDOR_ID],
227 PCI_SUBVENDOR_ID_REDHAT_QUMRANET);
228 STORE_LE16((u16 *) &mdev_state->vconfig[PCI_SUBSYSTEM_ID],
229 PCI_SUBDEVICE_ID_QEMU);
230
231 STORE_LE16((u16 *) &mdev_state->vconfig[PCI_COMMAND],
232 PCI_COMMAND_IO | PCI_COMMAND_MEMORY);
233 STORE_LE16((u16 *) &mdev_state->vconfig[PCI_CLASS_DEVICE],
234 PCI_CLASS_DISPLAY_OTHER);
235 mdev_state->vconfig[PCI_CLASS_REVISION] = 0x01;
236
237 STORE_LE32((u32 *) &mdev_state->vconfig[PCI_BASE_ADDRESS_0],
238 PCI_BASE_ADDRESS_SPACE_MEMORY |
239 PCI_BASE_ADDRESS_MEM_TYPE_32 |
240 PCI_BASE_ADDRESS_MEM_PREFETCH);
241 mdev_state->bar_mask[0] = ~(mdev_state->memsize) + 1;
242
243 STORE_LE32((u32 *) &mdev_state->vconfig[PCI_BASE_ADDRESS_2],
244 PCI_BASE_ADDRESS_SPACE_MEMORY |
245 PCI_BASE_ADDRESS_MEM_TYPE_32);
246 mdev_state->bar_mask[2] = ~(MBOCHS_MMIO_BAR_SIZE) + 1;
247}
248
249static int mbochs_check_framebuffer(struct mdev_state *mdev_state,
250 struct mbochs_mode *mode)
251{
252 struct device *dev = mdev_dev(mdev: mdev_state->mdev);
253 u16 *vbe = mdev_state->vbe;
254 u32 virt_width;
255
256 WARN_ON(!mutex_is_locked(&mdev_state->ops_lock));
257
258 if (!(vbe[VBE_DISPI_INDEX_ENABLE] & VBE_DISPI_ENABLED))
259 goto nofb;
260
261 memset(mode, 0, sizeof(*mode));
262 switch (vbe[VBE_DISPI_INDEX_BPP]) {
263 case 32:
264 mode->drm_format = DRM_FORMAT_XRGB8888;
265 mode->bytepp = 4;
266 break;
267 default:
268 dev_info_ratelimited(dev, "%s: bpp %d not supported\n",
269 __func__, vbe[VBE_DISPI_INDEX_BPP]);
270 goto nofb;
271 }
272
273 mode->width = vbe[VBE_DISPI_INDEX_XRES];
274 mode->height = vbe[VBE_DISPI_INDEX_YRES];
275 virt_width = vbe[VBE_DISPI_INDEX_VIRT_WIDTH];
276 if (virt_width < mode->width)
277 virt_width = mode->width;
278 mode->stride = virt_width * mode->bytepp;
279 mode->size = (u64)mode->stride * mode->height;
280 mode->offset = ((u64)vbe[VBE_DISPI_INDEX_X_OFFSET] * mode->bytepp +
281 (u64)vbe[VBE_DISPI_INDEX_Y_OFFSET] * mode->stride);
282
283 if (mode->width < 64 || mode->height < 64) {
284 dev_info_ratelimited(dev, "%s: invalid resolution %dx%d\n",
285 __func__, mode->width, mode->height);
286 goto nofb;
287 }
288 if (mode->offset + mode->size > mdev_state->memsize) {
289 dev_info_ratelimited(dev, "%s: framebuffer memory overflow\n",
290 __func__);
291 goto nofb;
292 }
293
294 return 0;
295
296nofb:
297 memset(mode, 0, sizeof(*mode));
298 return -EINVAL;
299}
300
301static bool mbochs_modes_equal(struct mbochs_mode *mode1,
302 struct mbochs_mode *mode2)
303{
304 return memcmp(p: mode1, q: mode2, size: sizeof(struct mbochs_mode)) == 0;
305}
306
307static void handle_pci_cfg_write(struct mdev_state *mdev_state, u16 offset,
308 char *buf, u32 count)
309{
310 struct device *dev = mdev_dev(mdev: mdev_state->mdev);
311 int index = (offset - PCI_BASE_ADDRESS_0) / 0x04;
312 u32 cfg_addr;
313
314 switch (offset) {
315 case PCI_BASE_ADDRESS_0:
316 case PCI_BASE_ADDRESS_2:
317 cfg_addr = *(u32 *)buf;
318
319 if (cfg_addr == 0xffffffff) {
320 cfg_addr = (cfg_addr & mdev_state->bar_mask[index]);
321 } else {
322 cfg_addr &= PCI_BASE_ADDRESS_MEM_MASK;
323 if (cfg_addr)
324 dev_info(dev, "BAR #%d @ 0x%x\n",
325 index, cfg_addr);
326 }
327
328 cfg_addr |= (mdev_state->vconfig[offset] &
329 ~PCI_BASE_ADDRESS_MEM_MASK);
330 STORE_LE32(&mdev_state->vconfig[offset], cfg_addr);
331 break;
332 }
333}
334
335static void handle_mmio_write(struct mdev_state *mdev_state, u16 offset,
336 char *buf, u32 count)
337{
338 struct device *dev = mdev_dev(mdev: mdev_state->mdev);
339 int index;
340 u16 reg16;
341
342 switch (offset) {
343 case 0x400 ... 0x41f: /* vga ioports remapped */
344 goto unhandled;
345 case 0x500 ... 0x515: /* bochs dispi interface */
346 if (count != 2)
347 goto unhandled;
348 index = (offset - 0x500) / 2;
349 reg16 = *(u16 *)buf;
350 if (index < ARRAY_SIZE(mdev_state->vbe))
351 mdev_state->vbe[index] = reg16;
352 dev_dbg(dev, "%s: vbe write %d = %d (%s)\n",
353 __func__, index, reg16, vbe_name(index));
354 break;
355 case 0x600 ... 0x607: /* qemu extended regs */
356 goto unhandled;
357 default:
358unhandled:
359 dev_dbg(dev, "%s: @0x%03x, count %d (unhandled)\n",
360 __func__, offset, count);
361 break;
362 }
363}
364
365static void handle_mmio_read(struct mdev_state *mdev_state, u16 offset,
366 char *buf, u32 count)
367{
368 struct device *dev = mdev_dev(mdev: mdev_state->mdev);
369 struct vfio_region_gfx_edid *edid;
370 u16 reg16 = 0;
371 int index;
372
373 switch (offset) {
374 case 0x000 ... 0x3ff: /* edid block */
375 edid = &mdev_state->edid_regs;
376 if (edid->link_state != VFIO_DEVICE_GFX_LINK_STATE_UP ||
377 offset >= edid->edid_size) {
378 memset(buf, 0, count);
379 break;
380 }
381 memcpy(buf, mdev_state->edid_blob + offset, count);
382 break;
383 case 0x500 ... 0x515: /* bochs dispi interface */
384 if (count != 2)
385 goto unhandled;
386 index = (offset - 0x500) / 2;
387 if (index < ARRAY_SIZE(mdev_state->vbe))
388 reg16 = mdev_state->vbe[index];
389 dev_dbg(dev, "%s: vbe read %d = %d (%s)\n",
390 __func__, index, reg16, vbe_name(index));
391 *(u16 *)buf = reg16;
392 break;
393 default:
394unhandled:
395 dev_dbg(dev, "%s: @0x%03x, count %d (unhandled)\n",
396 __func__, offset, count);
397 memset(buf, 0, count);
398 break;
399 }
400}
401
402static void handle_edid_regs(struct mdev_state *mdev_state, u16 offset,
403 char *buf, u32 count, bool is_write)
404{
405 char *regs = (void *)&mdev_state->edid_regs;
406
407 if (offset + count > sizeof(mdev_state->edid_regs))
408 return;
409 if (count != 4)
410 return;
411 if (offset % 4)
412 return;
413
414 if (is_write) {
415 switch (offset) {
416 case offsetof(struct vfio_region_gfx_edid, link_state):
417 case offsetof(struct vfio_region_gfx_edid, edid_size):
418 memcpy(regs + offset, buf, count);
419 break;
420 default:
421 /* read-only regs */
422 break;
423 }
424 } else {
425 memcpy(buf, regs + offset, count);
426 }
427}
428
429static void handle_edid_blob(struct mdev_state *mdev_state, u16 offset,
430 char *buf, u32 count, bool is_write)
431{
432 if (offset + count > mdev_state->edid_regs.edid_max_size)
433 return;
434 if (is_write)
435 memcpy(mdev_state->edid_blob + offset, buf, count);
436 else
437 memcpy(buf, mdev_state->edid_blob + offset, count);
438}
439
440static ssize_t mdev_access(struct mdev_state *mdev_state, char *buf,
441 size_t count, loff_t pos, bool is_write)
442{
443 struct page *pg;
444 loff_t poff;
445 char *map;
446 int ret = 0;
447
448 mutex_lock(&mdev_state->ops_lock);
449
450 if (pos < MBOCHS_CONFIG_SPACE_SIZE) {
451 if (is_write)
452 handle_pci_cfg_write(mdev_state, offset: pos, buf, count);
453 else
454 memcpy(buf, (mdev_state->vconfig + pos), count);
455
456 } else if (pos >= MBOCHS_MMIO_BAR_OFFSET &&
457 pos + count <= (MBOCHS_MMIO_BAR_OFFSET +
458 MBOCHS_MMIO_BAR_SIZE)) {
459 pos -= MBOCHS_MMIO_BAR_OFFSET;
460 if (is_write)
461 handle_mmio_write(mdev_state, offset: pos, buf, count);
462 else
463 handle_mmio_read(mdev_state, offset: pos, buf, count);
464
465 } else if (pos >= MBOCHS_EDID_OFFSET &&
466 pos + count <= (MBOCHS_EDID_OFFSET +
467 MBOCHS_EDID_SIZE)) {
468 pos -= MBOCHS_EDID_OFFSET;
469 if (pos < MBOCHS_EDID_BLOB_OFFSET) {
470 handle_edid_regs(mdev_state, offset: pos, buf, count, is_write);
471 } else {
472 pos -= MBOCHS_EDID_BLOB_OFFSET;
473 handle_edid_blob(mdev_state, offset: pos, buf, count, is_write);
474 }
475
476 } else if (pos >= MBOCHS_MEMORY_BAR_OFFSET &&
477 pos + count <=
478 MBOCHS_MEMORY_BAR_OFFSET + mdev_state->memsize) {
479 pos -= MBOCHS_MMIO_BAR_OFFSET;
480 poff = pos & ~PAGE_MASK;
481 pg = __mbochs_get_page(mdev_state, pgoff: pos >> PAGE_SHIFT);
482 map = kmap(page: pg);
483 if (is_write)
484 memcpy(map + poff, buf, count);
485 else
486 memcpy(buf, map + poff, count);
487 kunmap(page: pg);
488 put_page(page: pg);
489
490 } else {
491 dev_dbg(mdev_state->vdev.dev, "%s: %s @0x%llx (unhandled)\n",
492 __func__, is_write ? "WR" : "RD", pos);
493 ret = -1;
494 goto accessfailed;
495 }
496
497 ret = count;
498
499
500accessfailed:
501 mutex_unlock(lock: &mdev_state->ops_lock);
502
503 return ret;
504}
505
506static int mbochs_reset(struct mdev_state *mdev_state)
507{
508 u32 size64k = mdev_state->memsize / (64 * 1024);
509 int i;
510
511 for (i = 0; i < ARRAY_SIZE(mdev_state->vbe); i++)
512 mdev_state->vbe[i] = 0;
513 mdev_state->vbe[VBE_DISPI_INDEX_ID] = VBE_DISPI_ID5;
514 mdev_state->vbe[VBE_DISPI_INDEX_VIDEO_MEMORY_64K] = size64k;
515 return 0;
516}
517
518static int mbochs_init_dev(struct vfio_device *vdev)
519{
520 struct mdev_state *mdev_state =
521 container_of(vdev, struct mdev_state, vdev);
522 struct mdev_device *mdev = to_mdev_device(dev: vdev->dev);
523 struct mbochs_type *type =
524 container_of(mdev->type, struct mbochs_type, type);
525 int avail_mbytes = atomic_read(v: &mbochs_avail_mbytes);
526 int ret = -ENOMEM;
527
528 do {
529 if (avail_mbytes < type->mbytes)
530 return -ENOSPC;
531 } while (!atomic_try_cmpxchg(v: &mbochs_avail_mbytes, old: &avail_mbytes,
532 new: avail_mbytes - type->mbytes));
533
534 mdev_state->vconfig = kzalloc(MBOCHS_CONFIG_SPACE_SIZE, GFP_KERNEL);
535 if (!mdev_state->vconfig)
536 goto err_avail;
537
538 mdev_state->memsize = type->mbytes * 1024 * 1024;
539 mdev_state->pagecount = mdev_state->memsize >> PAGE_SHIFT;
540 mdev_state->pages = kcalloc(n: mdev_state->pagecount,
541 size: sizeof(struct page *),
542 GFP_KERNEL);
543 if (!mdev_state->pages)
544 goto err_vconfig;
545
546 mutex_init(&mdev_state->ops_lock);
547 mdev_state->mdev = mdev;
548 INIT_LIST_HEAD(list: &mdev_state->dmabufs);
549 mdev_state->next_id = 1;
550
551 mdev_state->type = type;
552 mdev_state->edid_regs.max_xres = type->max_x;
553 mdev_state->edid_regs.max_yres = type->max_y;
554 mdev_state->edid_regs.edid_offset = MBOCHS_EDID_BLOB_OFFSET;
555 mdev_state->edid_regs.edid_max_size = sizeof(mdev_state->edid_blob);
556 mbochs_create_config_space(mdev_state);
557 mbochs_reset(mdev_state);
558
559 dev_info(vdev->dev, "%s: %s, %d MB, %ld pages\n", __func__,
560 type->type.pretty_name, type->mbytes, mdev_state->pagecount);
561 return 0;
562
563err_vconfig:
564 kfree(objp: mdev_state->vconfig);
565err_avail:
566 atomic_add(i: type->mbytes, v: &mbochs_avail_mbytes);
567 return ret;
568}
569
570static int mbochs_probe(struct mdev_device *mdev)
571{
572 struct mdev_state *mdev_state;
573 int ret = -ENOMEM;
574
575 mdev_state = vfio_alloc_device(mdev_state, vdev, &mdev->dev,
576 &mbochs_dev_ops);
577 if (IS_ERR(ptr: mdev_state))
578 return PTR_ERR(ptr: mdev_state);
579
580 ret = vfio_register_emulated_iommu_dev(device: &mdev_state->vdev);
581 if (ret)
582 goto err_put_vdev;
583 dev_set_drvdata(dev: &mdev->dev, data: mdev_state);
584 return 0;
585
586err_put_vdev:
587 vfio_put_device(device: &mdev_state->vdev);
588 return ret;
589}
590
591static void mbochs_release_dev(struct vfio_device *vdev)
592{
593 struct mdev_state *mdev_state =
594 container_of(vdev, struct mdev_state, vdev);
595
596 atomic_add(i: mdev_state->type->mbytes, v: &mbochs_avail_mbytes);
597 kfree(objp: mdev_state->pages);
598 kfree(objp: mdev_state->vconfig);
599}
600
601static void mbochs_remove(struct mdev_device *mdev)
602{
603 struct mdev_state *mdev_state = dev_get_drvdata(dev: &mdev->dev);
604
605 vfio_unregister_group_dev(device: &mdev_state->vdev);
606 vfio_put_device(device: &mdev_state->vdev);
607}
608
609static ssize_t mbochs_read(struct vfio_device *vdev, char __user *buf,
610 size_t count, loff_t *ppos)
611{
612 struct mdev_state *mdev_state =
613 container_of(vdev, struct mdev_state, vdev);
614 unsigned int done = 0;
615 int ret;
616
617 while (count) {
618 size_t filled;
619
620 if (count >= 4 && !(*ppos % 4)) {
621 u32 val;
622
623 ret = mdev_access(mdev_state, buf: (char *)&val, count: sizeof(val),
624 pos: *ppos, is_write: false);
625 if (ret <= 0)
626 goto read_err;
627
628 if (copy_to_user(to: buf, from: &val, n: sizeof(val)))
629 goto read_err;
630
631 filled = 4;
632 } else if (count >= 2 && !(*ppos % 2)) {
633 u16 val;
634
635 ret = mdev_access(mdev_state, buf: (char *)&val, count: sizeof(val),
636 pos: *ppos, is_write: false);
637 if (ret <= 0)
638 goto read_err;
639
640 if (copy_to_user(to: buf, from: &val, n: sizeof(val)))
641 goto read_err;
642
643 filled = 2;
644 } else {
645 u8 val;
646
647 ret = mdev_access(mdev_state, buf: (char *)&val, count: sizeof(val),
648 pos: *ppos, is_write: false);
649 if (ret <= 0)
650 goto read_err;
651
652 if (copy_to_user(to: buf, from: &val, n: sizeof(val)))
653 goto read_err;
654
655 filled = 1;
656 }
657
658 count -= filled;
659 done += filled;
660 *ppos += filled;
661 buf += filled;
662 }
663
664 return done;
665
666read_err:
667 return -EFAULT;
668}
669
670static ssize_t mbochs_write(struct vfio_device *vdev, const char __user *buf,
671 size_t count, loff_t *ppos)
672{
673 struct mdev_state *mdev_state =
674 container_of(vdev, struct mdev_state, vdev);
675 unsigned int done = 0;
676 int ret;
677
678 while (count) {
679 size_t filled;
680
681 if (count >= 4 && !(*ppos % 4)) {
682 u32 val;
683
684 if (copy_from_user(to: &val, from: buf, n: sizeof(val)))
685 goto write_err;
686
687 ret = mdev_access(mdev_state, buf: (char *)&val, count: sizeof(val),
688 pos: *ppos, is_write: true);
689 if (ret <= 0)
690 goto write_err;
691
692 filled = 4;
693 } else if (count >= 2 && !(*ppos % 2)) {
694 u16 val;
695
696 if (copy_from_user(to: &val, from: buf, n: sizeof(val)))
697 goto write_err;
698
699 ret = mdev_access(mdev_state, buf: (char *)&val, count: sizeof(val),
700 pos: *ppos, is_write: true);
701 if (ret <= 0)
702 goto write_err;
703
704 filled = 2;
705 } else {
706 u8 val;
707
708 if (copy_from_user(to: &val, from: buf, n: sizeof(val)))
709 goto write_err;
710
711 ret = mdev_access(mdev_state, buf: (char *)&val, count: sizeof(val),
712 pos: *ppos, is_write: true);
713 if (ret <= 0)
714 goto write_err;
715
716 filled = 1;
717 }
718 count -= filled;
719 done += filled;
720 *ppos += filled;
721 buf += filled;
722 }
723
724 return done;
725write_err:
726 return -EFAULT;
727}
728
729static struct page *__mbochs_get_page(struct mdev_state *mdev_state,
730 pgoff_t pgoff)
731{
732 WARN_ON(!mutex_is_locked(&mdev_state->ops_lock));
733
734 if (!mdev_state->pages[pgoff]) {
735 mdev_state->pages[pgoff] =
736 alloc_pages(GFP_HIGHUSER | __GFP_ZERO, order: 0);
737 if (!mdev_state->pages[pgoff])
738 return NULL;
739 }
740
741 get_page(page: mdev_state->pages[pgoff]);
742 return mdev_state->pages[pgoff];
743}
744
745static struct page *mbochs_get_page(struct mdev_state *mdev_state,
746 pgoff_t pgoff)
747{
748 struct page *page;
749
750 if (WARN_ON(pgoff >= mdev_state->pagecount))
751 return NULL;
752
753 mutex_lock(&mdev_state->ops_lock);
754 page = __mbochs_get_page(mdev_state, pgoff);
755 mutex_unlock(lock: &mdev_state->ops_lock);
756
757 return page;
758}
759
760static void mbochs_put_pages(struct mdev_state *mdev_state)
761{
762 struct device *dev = mdev_dev(mdev: mdev_state->mdev);
763 int i, count = 0;
764
765 WARN_ON(!mutex_is_locked(&mdev_state->ops_lock));
766
767 for (i = 0; i < mdev_state->pagecount; i++) {
768 if (!mdev_state->pages[i])
769 continue;
770 put_page(page: mdev_state->pages[i]);
771 mdev_state->pages[i] = NULL;
772 count++;
773 }
774 dev_dbg(dev, "%s: %d pages released\n", __func__, count);
775}
776
777static vm_fault_t mbochs_region_vm_fault(struct vm_fault *vmf)
778{
779 struct vm_area_struct *vma = vmf->vma;
780 struct mdev_state *mdev_state = vma->vm_private_data;
781 pgoff_t page_offset = (vmf->address - vma->vm_start) >> PAGE_SHIFT;
782
783 if (page_offset >= mdev_state->pagecount)
784 return VM_FAULT_SIGBUS;
785
786 vmf->page = mbochs_get_page(mdev_state, pgoff: page_offset);
787 if (!vmf->page)
788 return VM_FAULT_SIGBUS;
789
790 return 0;
791}
792
793static const struct vm_operations_struct mbochs_region_vm_ops = {
794 .fault = mbochs_region_vm_fault,
795};
796
797static int mbochs_mmap(struct vfio_device *vdev, struct vm_area_struct *vma)
798{
799 struct mdev_state *mdev_state =
800 container_of(vdev, struct mdev_state, vdev);
801
802 if (vma->vm_pgoff != MBOCHS_MEMORY_BAR_OFFSET >> PAGE_SHIFT)
803 return -EINVAL;
804 if (vma->vm_end < vma->vm_start)
805 return -EINVAL;
806 if (vma->vm_end - vma->vm_start > mdev_state->memsize)
807 return -EINVAL;
808 if ((vma->vm_flags & VM_SHARED) == 0)
809 return -EINVAL;
810
811 vma->vm_ops = &mbochs_region_vm_ops;
812 vma->vm_private_data = mdev_state;
813 return 0;
814}
815
816static vm_fault_t mbochs_dmabuf_vm_fault(struct vm_fault *vmf)
817{
818 struct vm_area_struct *vma = vmf->vma;
819 struct mbochs_dmabuf *dmabuf = vma->vm_private_data;
820
821 if (WARN_ON(vmf->pgoff >= dmabuf->pagecount))
822 return VM_FAULT_SIGBUS;
823
824 vmf->page = dmabuf->pages[vmf->pgoff];
825 get_page(page: vmf->page);
826 return 0;
827}
828
829static const struct vm_operations_struct mbochs_dmabuf_vm_ops = {
830 .fault = mbochs_dmabuf_vm_fault,
831};
832
833static int mbochs_mmap_dmabuf(struct dma_buf *buf, struct vm_area_struct *vma)
834{
835 struct mbochs_dmabuf *dmabuf = buf->priv;
836 struct device *dev = mdev_dev(mdev: dmabuf->mdev_state->mdev);
837
838 dev_dbg(dev, "%s: %d\n", __func__, dmabuf->id);
839
840 if ((vma->vm_flags & VM_SHARED) == 0)
841 return -EINVAL;
842
843 vma->vm_ops = &mbochs_dmabuf_vm_ops;
844 vma->vm_private_data = dmabuf;
845 return 0;
846}
847
848static void mbochs_print_dmabuf(struct mbochs_dmabuf *dmabuf,
849 const char *prefix)
850{
851 struct device *dev = mdev_dev(mdev: dmabuf->mdev_state->mdev);
852 u32 fourcc = dmabuf->mode.drm_format;
853
854 dev_dbg(dev, "%s/%d: %c%c%c%c, %dx%d, stride %d, off 0x%llx, size 0x%llx, pages %ld\n",
855 prefix, dmabuf->id,
856 fourcc ? ((fourcc >> 0) & 0xff) : '-',
857 fourcc ? ((fourcc >> 8) & 0xff) : '-',
858 fourcc ? ((fourcc >> 16) & 0xff) : '-',
859 fourcc ? ((fourcc >> 24) & 0xff) : '-',
860 dmabuf->mode.width, dmabuf->mode.height, dmabuf->mode.stride,
861 dmabuf->mode.offset, dmabuf->mode.size, dmabuf->pagecount);
862}
863
864static struct sg_table *mbochs_map_dmabuf(struct dma_buf_attachment *at,
865 enum dma_data_direction direction)
866{
867 struct mbochs_dmabuf *dmabuf = at->dmabuf->priv;
868 struct device *dev = mdev_dev(mdev: dmabuf->mdev_state->mdev);
869 struct sg_table *sg;
870
871 dev_dbg(dev, "%s: %d\n", __func__, dmabuf->id);
872
873 sg = kzalloc(size: sizeof(*sg), GFP_KERNEL);
874 if (!sg)
875 goto err1;
876 if (sg_alloc_table_from_pages(sgt: sg, pages: dmabuf->pages, n_pages: dmabuf->pagecount,
877 offset: 0, size: dmabuf->mode.size, GFP_KERNEL) < 0)
878 goto err2;
879 if (dma_map_sgtable(dev: at->dev, sgt: sg, dir: direction, attrs: 0))
880 goto err3;
881
882 return sg;
883
884err3:
885 sg_free_table(sg);
886err2:
887 kfree(objp: sg);
888err1:
889 return ERR_PTR(error: -ENOMEM);
890}
891
892static void mbochs_unmap_dmabuf(struct dma_buf_attachment *at,
893 struct sg_table *sg,
894 enum dma_data_direction direction)
895{
896 struct mbochs_dmabuf *dmabuf = at->dmabuf->priv;
897 struct device *dev = mdev_dev(mdev: dmabuf->mdev_state->mdev);
898
899 dev_dbg(dev, "%s: %d\n", __func__, dmabuf->id);
900
901 dma_unmap_sgtable(dev: at->dev, sgt: sg, dir: direction, attrs: 0);
902 sg_free_table(sg);
903 kfree(objp: sg);
904}
905
906static void mbochs_release_dmabuf(struct dma_buf *buf)
907{
908 struct mbochs_dmabuf *dmabuf = buf->priv;
909 struct mdev_state *mdev_state = dmabuf->mdev_state;
910 struct device *dev = mdev_dev(mdev: mdev_state->mdev);
911 pgoff_t pg;
912
913 dev_dbg(dev, "%s: %d\n", __func__, dmabuf->id);
914
915 for (pg = 0; pg < dmabuf->pagecount; pg++)
916 put_page(page: dmabuf->pages[pg]);
917
918 mutex_lock(&mdev_state->ops_lock);
919 dmabuf->buf = NULL;
920 if (dmabuf->unlinked)
921 kfree(objp: dmabuf);
922 mutex_unlock(lock: &mdev_state->ops_lock);
923}
924
925static struct dma_buf_ops mbochs_dmabuf_ops = {
926 .map_dma_buf = mbochs_map_dmabuf,
927 .unmap_dma_buf = mbochs_unmap_dmabuf,
928 .release = mbochs_release_dmabuf,
929 .mmap = mbochs_mmap_dmabuf,
930};
931
932static struct mbochs_dmabuf *mbochs_dmabuf_alloc(struct mdev_state *mdev_state,
933 struct mbochs_mode *mode)
934{
935 struct mbochs_dmabuf *dmabuf;
936 pgoff_t page_offset, pg;
937
938 WARN_ON(!mutex_is_locked(&mdev_state->ops_lock));
939
940 dmabuf = kzalloc(size: sizeof(struct mbochs_dmabuf), GFP_KERNEL);
941 if (!dmabuf)
942 return NULL;
943
944 dmabuf->mode = *mode;
945 dmabuf->id = mdev_state->next_id++;
946 dmabuf->pagecount = DIV_ROUND_UP(mode->size, PAGE_SIZE);
947 dmabuf->pages = kcalloc(n: dmabuf->pagecount, size: sizeof(struct page *),
948 GFP_KERNEL);
949 if (!dmabuf->pages)
950 goto err_free_dmabuf;
951
952 page_offset = dmabuf->mode.offset >> PAGE_SHIFT;
953 for (pg = 0; pg < dmabuf->pagecount; pg++) {
954 dmabuf->pages[pg] = __mbochs_get_page(mdev_state,
955 pgoff: page_offset + pg);
956 if (!dmabuf->pages[pg])
957 goto err_free_pages;
958 }
959
960 dmabuf->mdev_state = mdev_state;
961 list_add(new: &dmabuf->next, head: &mdev_state->dmabufs);
962
963 mbochs_print_dmabuf(dmabuf, prefix: __func__);
964 return dmabuf;
965
966err_free_pages:
967 while (pg > 0)
968 put_page(page: dmabuf->pages[--pg]);
969 kfree(objp: dmabuf->pages);
970err_free_dmabuf:
971 kfree(objp: dmabuf);
972 return NULL;
973}
974
975static struct mbochs_dmabuf *
976mbochs_dmabuf_find_by_mode(struct mdev_state *mdev_state,
977 struct mbochs_mode *mode)
978{
979 struct mbochs_dmabuf *dmabuf;
980
981 WARN_ON(!mutex_is_locked(&mdev_state->ops_lock));
982
983 list_for_each_entry(dmabuf, &mdev_state->dmabufs, next)
984 if (mbochs_modes_equal(mode1: &dmabuf->mode, mode2: mode))
985 return dmabuf;
986
987 return NULL;
988}
989
990static struct mbochs_dmabuf *
991mbochs_dmabuf_find_by_id(struct mdev_state *mdev_state, u32 id)
992{
993 struct mbochs_dmabuf *dmabuf;
994
995 WARN_ON(!mutex_is_locked(&mdev_state->ops_lock));
996
997 list_for_each_entry(dmabuf, &mdev_state->dmabufs, next)
998 if (dmabuf->id == id)
999 return dmabuf;
1000
1001 return NULL;
1002}
1003
1004static int mbochs_dmabuf_export(struct mbochs_dmabuf *dmabuf)
1005{
1006 struct mdev_state *mdev_state = dmabuf->mdev_state;
1007 struct device *dev = mdev_state->vdev.dev;
1008 DEFINE_DMA_BUF_EXPORT_INFO(exp_info);
1009 struct dma_buf *buf;
1010
1011 WARN_ON(!mutex_is_locked(&mdev_state->ops_lock));
1012
1013 if (!IS_ALIGNED(dmabuf->mode.offset, PAGE_SIZE)) {
1014 dev_info_ratelimited(dev, "%s: framebuffer not page-aligned\n",
1015 __func__);
1016 return -EINVAL;
1017 }
1018
1019 exp_info.ops = &mbochs_dmabuf_ops;
1020 exp_info.size = dmabuf->mode.size;
1021 exp_info.priv = dmabuf;
1022
1023 buf = dma_buf_export(exp_info: &exp_info);
1024 if (IS_ERR(ptr: buf)) {
1025 dev_info_ratelimited(dev, "%s: dma_buf_export failed: %ld\n",
1026 __func__, PTR_ERR(buf));
1027 return PTR_ERR(ptr: buf);
1028 }
1029
1030 dmabuf->buf = buf;
1031 dev_dbg(dev, "%s: %d\n", __func__, dmabuf->id);
1032 return 0;
1033}
1034
1035static int mbochs_get_region_info(struct mdev_state *mdev_state,
1036 struct vfio_region_info_ext *ext)
1037{
1038 struct vfio_region_info *region_info = &ext->base;
1039
1040 if (region_info->index >= MBOCHS_NUM_REGIONS)
1041 return -EINVAL;
1042
1043 switch (region_info->index) {
1044 case VFIO_PCI_CONFIG_REGION_INDEX:
1045 region_info->offset = 0;
1046 region_info->size = MBOCHS_CONFIG_SPACE_SIZE;
1047 region_info->flags = (VFIO_REGION_INFO_FLAG_READ |
1048 VFIO_REGION_INFO_FLAG_WRITE);
1049 break;
1050 case VFIO_PCI_BAR0_REGION_INDEX:
1051 region_info->offset = MBOCHS_MEMORY_BAR_OFFSET;
1052 region_info->size = mdev_state->memsize;
1053 region_info->flags = (VFIO_REGION_INFO_FLAG_READ |
1054 VFIO_REGION_INFO_FLAG_WRITE |
1055 VFIO_REGION_INFO_FLAG_MMAP);
1056 break;
1057 case VFIO_PCI_BAR2_REGION_INDEX:
1058 region_info->offset = MBOCHS_MMIO_BAR_OFFSET;
1059 region_info->size = MBOCHS_MMIO_BAR_SIZE;
1060 region_info->flags = (VFIO_REGION_INFO_FLAG_READ |
1061 VFIO_REGION_INFO_FLAG_WRITE);
1062 break;
1063 case MBOCHS_EDID_REGION_INDEX:
1064 ext->base.argsz = sizeof(*ext);
1065 ext->base.offset = MBOCHS_EDID_OFFSET;
1066 ext->base.size = MBOCHS_EDID_SIZE;
1067 ext->base.flags = (VFIO_REGION_INFO_FLAG_READ |
1068 VFIO_REGION_INFO_FLAG_WRITE |
1069 VFIO_REGION_INFO_FLAG_CAPS);
1070 ext->base.cap_offset = offsetof(typeof(*ext), type);
1071 ext->type.header.id = VFIO_REGION_INFO_CAP_TYPE;
1072 ext->type.header.version = 1;
1073 ext->type.header.next = 0;
1074 ext->type.type = VFIO_REGION_TYPE_GFX;
1075 ext->type.subtype = VFIO_REGION_SUBTYPE_GFX_EDID;
1076 break;
1077 default:
1078 region_info->size = 0;
1079 region_info->offset = 0;
1080 region_info->flags = 0;
1081 }
1082
1083 return 0;
1084}
1085
1086static int mbochs_get_irq_info(struct vfio_irq_info *irq_info)
1087{
1088 irq_info->count = 0;
1089 return 0;
1090}
1091
1092static int mbochs_get_device_info(struct vfio_device_info *dev_info)
1093{
1094 dev_info->flags = VFIO_DEVICE_FLAGS_PCI;
1095 dev_info->num_regions = MBOCHS_NUM_REGIONS;
1096 dev_info->num_irqs = VFIO_PCI_NUM_IRQS;
1097 return 0;
1098}
1099
1100static int mbochs_query_gfx_plane(struct mdev_state *mdev_state,
1101 struct vfio_device_gfx_plane_info *plane)
1102{
1103 struct mbochs_dmabuf *dmabuf;
1104 struct mbochs_mode mode;
1105 int ret;
1106
1107 if (plane->flags & VFIO_GFX_PLANE_TYPE_PROBE) {
1108 if (plane->flags == (VFIO_GFX_PLANE_TYPE_PROBE |
1109 VFIO_GFX_PLANE_TYPE_DMABUF))
1110 return 0;
1111 return -EINVAL;
1112 }
1113
1114 if (plane->flags != VFIO_GFX_PLANE_TYPE_DMABUF)
1115 return -EINVAL;
1116
1117 plane->drm_format_mod = 0;
1118 plane->x_pos = 0;
1119 plane->y_pos = 0;
1120 plane->x_hot = 0;
1121 plane->y_hot = 0;
1122
1123 mutex_lock(&mdev_state->ops_lock);
1124
1125 ret = -EINVAL;
1126 if (plane->drm_plane_type == DRM_PLANE_TYPE_PRIMARY)
1127 ret = mbochs_check_framebuffer(mdev_state, mode: &mode);
1128 if (ret < 0) {
1129 plane->drm_format = 0;
1130 plane->width = 0;
1131 plane->height = 0;
1132 plane->stride = 0;
1133 plane->size = 0;
1134 plane->dmabuf_id = 0;
1135 goto done;
1136 }
1137
1138 dmabuf = mbochs_dmabuf_find_by_mode(mdev_state, mode: &mode);
1139 if (!dmabuf)
1140 mbochs_dmabuf_alloc(mdev_state, mode: &mode);
1141 if (!dmabuf) {
1142 mutex_unlock(lock: &mdev_state->ops_lock);
1143 return -ENOMEM;
1144 }
1145
1146 plane->drm_format = dmabuf->mode.drm_format;
1147 plane->width = dmabuf->mode.width;
1148 plane->height = dmabuf->mode.height;
1149 plane->stride = dmabuf->mode.stride;
1150 plane->size = dmabuf->mode.size;
1151 plane->dmabuf_id = dmabuf->id;
1152
1153done:
1154 if (plane->drm_plane_type == DRM_PLANE_TYPE_PRIMARY &&
1155 mdev_state->active_id != plane->dmabuf_id) {
1156 dev_dbg(mdev_state->vdev.dev, "%s: primary: %d => %d\n",
1157 __func__, mdev_state->active_id, plane->dmabuf_id);
1158 mdev_state->active_id = plane->dmabuf_id;
1159 }
1160 mutex_unlock(lock: &mdev_state->ops_lock);
1161 return 0;
1162}
1163
1164static int mbochs_get_gfx_dmabuf(struct mdev_state *mdev_state, u32 id)
1165{
1166 struct mbochs_dmabuf *dmabuf;
1167
1168 mutex_lock(&mdev_state->ops_lock);
1169
1170 dmabuf = mbochs_dmabuf_find_by_id(mdev_state, id);
1171 if (!dmabuf) {
1172 mutex_unlock(lock: &mdev_state->ops_lock);
1173 return -ENOENT;
1174 }
1175
1176 if (!dmabuf->buf)
1177 mbochs_dmabuf_export(dmabuf);
1178
1179 mutex_unlock(lock: &mdev_state->ops_lock);
1180
1181 if (!dmabuf->buf)
1182 return -EINVAL;
1183
1184 return dma_buf_fd(dmabuf: dmabuf->buf, flags: 0);
1185}
1186
1187static long mbochs_ioctl(struct vfio_device *vdev, unsigned int cmd,
1188 unsigned long arg)
1189{
1190 struct mdev_state *mdev_state =
1191 container_of(vdev, struct mdev_state, vdev);
1192 int ret = 0;
1193 unsigned long minsz, outsz;
1194
1195 switch (cmd) {
1196 case VFIO_DEVICE_GET_INFO:
1197 {
1198 struct vfio_device_info info;
1199
1200 minsz = offsetofend(struct vfio_device_info, num_irqs);
1201
1202 if (copy_from_user(to: &info, from: (void __user *)arg, n: minsz))
1203 return -EFAULT;
1204
1205 if (info.argsz < minsz)
1206 return -EINVAL;
1207
1208 ret = mbochs_get_device_info(dev_info: &info);
1209 if (ret)
1210 return ret;
1211
1212 if (copy_to_user(to: (void __user *)arg, from: &info, n: minsz))
1213 return -EFAULT;
1214
1215 return 0;
1216 }
1217 case VFIO_DEVICE_GET_REGION_INFO:
1218 {
1219 struct vfio_region_info_ext info;
1220
1221 minsz = offsetofend(typeof(info), base.offset);
1222
1223 if (copy_from_user(to: &info, from: (void __user *)arg, n: minsz))
1224 return -EFAULT;
1225
1226 outsz = info.base.argsz;
1227 if (outsz < minsz)
1228 return -EINVAL;
1229 if (outsz > sizeof(info))
1230 return -EINVAL;
1231
1232 ret = mbochs_get_region_info(mdev_state, ext: &info);
1233 if (ret)
1234 return ret;
1235
1236 if (copy_to_user(to: (void __user *)arg, from: &info, n: outsz))
1237 return -EFAULT;
1238
1239 return 0;
1240 }
1241
1242 case VFIO_DEVICE_GET_IRQ_INFO:
1243 {
1244 struct vfio_irq_info info;
1245
1246 minsz = offsetofend(struct vfio_irq_info, count);
1247
1248 if (copy_from_user(to: &info, from: (void __user *)arg, n: minsz))
1249 return -EFAULT;
1250
1251 if ((info.argsz < minsz) ||
1252 (info.index >= VFIO_PCI_NUM_IRQS))
1253 return -EINVAL;
1254
1255 ret = mbochs_get_irq_info(irq_info: &info);
1256 if (ret)
1257 return ret;
1258
1259 if (copy_to_user(to: (void __user *)arg, from: &info, n: minsz))
1260 return -EFAULT;
1261
1262 return 0;
1263 }
1264
1265 case VFIO_DEVICE_QUERY_GFX_PLANE:
1266 {
1267 struct vfio_device_gfx_plane_info plane = {};
1268
1269 minsz = offsetofend(struct vfio_device_gfx_plane_info,
1270 region_index);
1271
1272 if (copy_from_user(to: &plane, from: (void __user *)arg, n: minsz))
1273 return -EFAULT;
1274
1275 if (plane.argsz < minsz)
1276 return -EINVAL;
1277
1278 ret = mbochs_query_gfx_plane(mdev_state, plane: &plane);
1279 if (ret)
1280 return ret;
1281
1282 if (copy_to_user(to: (void __user *)arg, from: &plane, n: minsz))
1283 return -EFAULT;
1284
1285 return 0;
1286 }
1287
1288 case VFIO_DEVICE_GET_GFX_DMABUF:
1289 {
1290 u32 dmabuf_id;
1291
1292 if (get_user(dmabuf_id, (__u32 __user *)arg))
1293 return -EFAULT;
1294
1295 return mbochs_get_gfx_dmabuf(mdev_state, id: dmabuf_id);
1296 }
1297
1298 case VFIO_DEVICE_SET_IRQS:
1299 return -EINVAL;
1300
1301 case VFIO_DEVICE_RESET:
1302 return mbochs_reset(mdev_state);
1303 }
1304 return -ENOTTY;
1305}
1306
1307static void mbochs_close_device(struct vfio_device *vdev)
1308{
1309 struct mdev_state *mdev_state =
1310 container_of(vdev, struct mdev_state, vdev);
1311 struct mbochs_dmabuf *dmabuf, *tmp;
1312
1313 mutex_lock(&mdev_state->ops_lock);
1314
1315 list_for_each_entry_safe(dmabuf, tmp, &mdev_state->dmabufs, next) {
1316 list_del(entry: &dmabuf->next);
1317 if (dmabuf->buf) {
1318 /* free in mbochs_release_dmabuf() */
1319 dmabuf->unlinked = true;
1320 } else {
1321 kfree(objp: dmabuf);
1322 }
1323 }
1324 mbochs_put_pages(mdev_state);
1325
1326 mutex_unlock(lock: &mdev_state->ops_lock);
1327}
1328
1329static ssize_t
1330memory_show(struct device *dev, struct device_attribute *attr,
1331 char *buf)
1332{
1333 struct mdev_state *mdev_state = dev_get_drvdata(dev);
1334
1335 return sprintf(buf, fmt: "%d MB\n", mdev_state->type->mbytes);
1336}
1337static DEVICE_ATTR_RO(memory);
1338
1339static struct attribute *mdev_dev_attrs[] = {
1340 &dev_attr_memory.attr,
1341 NULL,
1342};
1343
1344static const struct attribute_group mdev_dev_group = {
1345 .name = "vendor",
1346 .attrs = mdev_dev_attrs,
1347};
1348
1349static const struct attribute_group *mdev_dev_groups[] = {
1350 &mdev_dev_group,
1351 NULL,
1352};
1353
1354static ssize_t mbochs_show_description(struct mdev_type *mtype, char *buf)
1355{
1356 struct mbochs_type *type =
1357 container_of(mtype, struct mbochs_type, type);
1358
1359 return sprintf(buf, fmt: "virtual display, %d MB video memory\n",
1360 type ? type->mbytes : 0);
1361}
1362
1363static unsigned int mbochs_get_available(struct mdev_type *mtype)
1364{
1365 struct mbochs_type *type =
1366 container_of(mtype, struct mbochs_type, type);
1367
1368 return atomic_read(v: &mbochs_avail_mbytes) / type->mbytes;
1369}
1370
1371static const struct vfio_device_ops mbochs_dev_ops = {
1372 .close_device = mbochs_close_device,
1373 .init = mbochs_init_dev,
1374 .release = mbochs_release_dev,
1375 .read = mbochs_read,
1376 .write = mbochs_write,
1377 .ioctl = mbochs_ioctl,
1378 .mmap = mbochs_mmap,
1379 .bind_iommufd = vfio_iommufd_emulated_bind,
1380 .unbind_iommufd = vfio_iommufd_emulated_unbind,
1381 .attach_ioas = vfio_iommufd_emulated_attach_ioas,
1382 .detach_ioas = vfio_iommufd_emulated_detach_ioas,
1383};
1384
1385static struct mdev_driver mbochs_driver = {
1386 .device_api = VFIO_DEVICE_API_PCI_STRING,
1387 .driver = {
1388 .name = "mbochs",
1389 .owner = THIS_MODULE,
1390 .mod_name = KBUILD_MODNAME,
1391 .dev_groups = mdev_dev_groups,
1392 },
1393 .probe = mbochs_probe,
1394 .remove = mbochs_remove,
1395 .get_available = mbochs_get_available,
1396 .show_description = mbochs_show_description,
1397};
1398
1399static const struct file_operations vd_fops = {
1400 .owner = THIS_MODULE,
1401};
1402
1403static void mbochs_device_release(struct device *dev)
1404{
1405 /* nothing */
1406}
1407
1408static int __init mbochs_dev_init(void)
1409{
1410 int ret = 0;
1411
1412 atomic_set(v: &mbochs_avail_mbytes, i: max_mbytes);
1413
1414 ret = alloc_chrdev_region(&mbochs_devt, 0, MINORMASK + 1, MBOCHS_NAME);
1415 if (ret < 0) {
1416 pr_err("Error: failed to register mbochs_dev, err: %d\n", ret);
1417 return ret;
1418 }
1419 cdev_init(&mbochs_cdev, &vd_fops);
1420 cdev_add(&mbochs_cdev, mbochs_devt, MINORMASK + 1);
1421 pr_info("%s: major %d\n", __func__, MAJOR(mbochs_devt));
1422
1423 ret = mdev_register_driver(drv: &mbochs_driver);
1424 if (ret)
1425 goto err_cdev;
1426
1427 ret = class_register(class: &mbochs_class);
1428 if (ret)
1429 goto err_driver;
1430 mbochs_dev.class = &mbochs_class;
1431 mbochs_dev.release = mbochs_device_release;
1432 dev_set_name(dev: &mbochs_dev, name: "%s", MBOCHS_NAME);
1433
1434 ret = device_register(dev: &mbochs_dev);
1435 if (ret)
1436 goto err_put;
1437
1438 ret = mdev_register_parent(parent: &mbochs_parent, dev: &mbochs_dev, mdev_driver: &mbochs_driver,
1439 types: mbochs_mdev_types,
1440 ARRAY_SIZE(mbochs_mdev_types));
1441 if (ret)
1442 goto err_device;
1443
1444 return 0;
1445
1446err_device:
1447 device_del(dev: &mbochs_dev);
1448err_put:
1449 put_device(dev: &mbochs_dev);
1450 class_unregister(class: &mbochs_class);
1451err_driver:
1452 mdev_unregister_driver(drv: &mbochs_driver);
1453err_cdev:
1454 cdev_del(&mbochs_cdev);
1455 unregister_chrdev_region(mbochs_devt, MINORMASK + 1);
1456 return ret;
1457}
1458
1459static void __exit mbochs_dev_exit(void)
1460{
1461 mbochs_dev.bus = NULL;
1462 mdev_unregister_parent(parent: &mbochs_parent);
1463
1464 device_unregister(dev: &mbochs_dev);
1465 mdev_unregister_driver(drv: &mbochs_driver);
1466 cdev_del(&mbochs_cdev);
1467 unregister_chrdev_region(mbochs_devt, MINORMASK + 1);
1468 class_unregister(class: &mbochs_class);
1469}
1470
1471MODULE_IMPORT_NS(DMA_BUF);
1472module_init(mbochs_dev_init)
1473module_exit(mbochs_dev_exit)
1474

source code of linux/samples/vfio-mdev/mbochs.c