1// SPDX-License-Identifier: GPL-2.0
2/*
3 * Mediated virtual PCI display host device driver
4 *
5 * Emulate enough of qemu stdvga to make bochs-drm.ko happy. That is
6 * basically the vram memory bar and the bochs dispi interface vbe
7 * registers in the mmio register bar. Specifically it does *not*
8 * include any legacy vga stuff. Device looks a lot like "qemu -device
9 * secondary-vga".
10 *
11 * (c) Gerd Hoffmann <kraxel@redhat.com>
12 *
13 * based on mtty driver which is:
14 * Copyright (c) 2016, NVIDIA CORPORATION. All rights reserved.
15 * Author: Neo Jia <cjia@nvidia.com>
16 * Kirti Wankhede <kwankhede@nvidia.com>
17 *
18 * This program is free software; you can redistribute it and/or modify
19 * it under the terms of the GNU General Public License version 2 as
20 * published by the Free Software Foundation.
21 */
22#include <linux/init.h>
23#include <linux/module.h>
24#include <linux/kernel.h>
25#include <linux/slab.h>
26#include <linux/vmalloc.h>
27#include <linux/cdev.h>
28#include <linux/vfio.h>
29#include <linux/iommu.h>
30#include <linux/sysfs.h>
31#include <linux/mdev.h>
32#include <linux/pci.h>
33#include <linux/dma-buf.h>
34#include <linux/highmem.h>
35#include <drm/drm_fourcc.h>
36#include <drm/drm_rect.h>
37#include <drm/drm_modeset_lock.h>
38#include <drm/drm_property.h>
39#include <drm/drm_plane.h>
40
41
42#define VBE_DISPI_INDEX_ID 0x0
43#define VBE_DISPI_INDEX_XRES 0x1
44#define VBE_DISPI_INDEX_YRES 0x2
45#define VBE_DISPI_INDEX_BPP 0x3
46#define VBE_DISPI_INDEX_ENABLE 0x4
47#define VBE_DISPI_INDEX_BANK 0x5
48#define VBE_DISPI_INDEX_VIRT_WIDTH 0x6
49#define VBE_DISPI_INDEX_VIRT_HEIGHT 0x7
50#define VBE_DISPI_INDEX_X_OFFSET 0x8
51#define VBE_DISPI_INDEX_Y_OFFSET 0x9
52#define VBE_DISPI_INDEX_VIDEO_MEMORY_64K 0xa
53#define VBE_DISPI_INDEX_COUNT 0xb
54
55#define VBE_DISPI_ID0 0xB0C0
56#define VBE_DISPI_ID1 0xB0C1
57#define VBE_DISPI_ID2 0xB0C2
58#define VBE_DISPI_ID3 0xB0C3
59#define VBE_DISPI_ID4 0xB0C4
60#define VBE_DISPI_ID5 0xB0C5
61
62#define VBE_DISPI_DISABLED 0x00
63#define VBE_DISPI_ENABLED 0x01
64#define VBE_DISPI_GETCAPS 0x02
65#define VBE_DISPI_8BIT_DAC 0x20
66#define VBE_DISPI_LFB_ENABLED 0x40
67#define VBE_DISPI_NOCLEARMEM 0x80
68
69
70#define MBOCHS_NAME "mbochs"
71#define MBOCHS_CLASS_NAME "mbochs"
72
73#define MBOCHS_EDID_REGION_INDEX VFIO_PCI_NUM_REGIONS
74#define MBOCHS_NUM_REGIONS (MBOCHS_EDID_REGION_INDEX+1)
75
76#define MBOCHS_CONFIG_SPACE_SIZE 0xff
77#define MBOCHS_MMIO_BAR_OFFSET PAGE_SIZE
78#define MBOCHS_MMIO_BAR_SIZE PAGE_SIZE
79#define MBOCHS_EDID_OFFSET (MBOCHS_MMIO_BAR_OFFSET + \
80 MBOCHS_MMIO_BAR_SIZE)
81#define MBOCHS_EDID_SIZE PAGE_SIZE
82#define MBOCHS_MEMORY_BAR_OFFSET (MBOCHS_EDID_OFFSET + \
83 MBOCHS_EDID_SIZE)
84
85#define MBOCHS_EDID_BLOB_OFFSET (MBOCHS_EDID_SIZE/2)
86
87#define STORE_LE16(addr, val) (*(u16 *)addr = val)
88#define STORE_LE32(addr, val) (*(u32 *)addr = val)
89
90
91MODULE_LICENSE("GPL v2");
92
93static int max_mbytes = 256;
94module_param_named(count, max_mbytes, int, 0444);
95MODULE_PARM_DESC(mem, "megabytes available to " MBOCHS_NAME " devices");
96
97
98#define MBOCHS_TYPE_1 "small"
99#define MBOCHS_TYPE_2 "medium"
100#define MBOCHS_TYPE_3 "large"
101
102static struct mbochs_type {
103 struct mdev_type type;
104 u32 mbytes;
105 u32 max_x;
106 u32 max_y;
107} mbochs_types[] = {
108 {
109 .type.sysfs_name = MBOCHS_TYPE_1,
110 .type.pretty_name = MBOCHS_CLASS_NAME "-" MBOCHS_TYPE_1,
111 .mbytes = 4,
112 .max_x = 800,
113 .max_y = 600,
114 }, {
115 .type.sysfs_name = MBOCHS_TYPE_2,
116 .type.pretty_name = MBOCHS_CLASS_NAME "-" MBOCHS_TYPE_2,
117 .mbytes = 16,
118 .max_x = 1920,
119 .max_y = 1440,
120 }, {
121 .type.sysfs_name = MBOCHS_TYPE_3,
122 .type.pretty_name = MBOCHS_CLASS_NAME "-" MBOCHS_TYPE_3,
123 .mbytes = 64,
124 .max_x = 0,
125 .max_y = 0,
126 },
127};
128
129static struct mdev_type *mbochs_mdev_types[] = {
130 &mbochs_types[0].type,
131 &mbochs_types[1].type,
132 &mbochs_types[2].type,
133};
134
135static dev_t mbochs_devt;
136static struct class *mbochs_class;
137static struct cdev mbochs_cdev;
138static struct device mbochs_dev;
139static struct mdev_parent mbochs_parent;
140static atomic_t mbochs_avail_mbytes;
141static const struct vfio_device_ops mbochs_dev_ops;
142
143struct vfio_region_info_ext {
144 struct vfio_region_info base;
145 struct vfio_region_info_cap_type type;
146};
147
148struct mbochs_mode {
149 u32 drm_format;
150 u32 bytepp;
151 u32 width;
152 u32 height;
153 u32 stride;
154 u32 __pad;
155 u64 offset;
156 u64 size;
157};
158
159struct mbochs_dmabuf {
160 struct mbochs_mode mode;
161 u32 id;
162 struct page **pages;
163 pgoff_t pagecount;
164 struct dma_buf *buf;
165 struct mdev_state *mdev_state;
166 struct list_head next;
167 bool unlinked;
168};
169
170/* State of each mdev device */
171struct mdev_state {
172 struct vfio_device vdev;
173 u8 *vconfig;
174 u64 bar_mask[3];
175 u32 memory_bar_mask;
176 struct mutex ops_lock;
177 struct mdev_device *mdev;
178
179 const struct mbochs_type *type;
180 u16 vbe[VBE_DISPI_INDEX_COUNT];
181 u64 memsize;
182 struct page **pages;
183 pgoff_t pagecount;
184 struct vfio_region_gfx_edid edid_regs;
185 u8 edid_blob[0x400];
186
187 struct list_head dmabufs;
188 u32 active_id;
189 u32 next_id;
190};
191
192static const char *vbe_name_list[VBE_DISPI_INDEX_COUNT] = {
193 [VBE_DISPI_INDEX_ID] = "id",
194 [VBE_DISPI_INDEX_XRES] = "xres",
195 [VBE_DISPI_INDEX_YRES] = "yres",
196 [VBE_DISPI_INDEX_BPP] = "bpp",
197 [VBE_DISPI_INDEX_ENABLE] = "enable",
198 [VBE_DISPI_INDEX_BANK] = "bank",
199 [VBE_DISPI_INDEX_VIRT_WIDTH] = "virt-width",
200 [VBE_DISPI_INDEX_VIRT_HEIGHT] = "virt-height",
201 [VBE_DISPI_INDEX_X_OFFSET] = "x-offset",
202 [VBE_DISPI_INDEX_Y_OFFSET] = "y-offset",
203 [VBE_DISPI_INDEX_VIDEO_MEMORY_64K] = "video-mem",
204};
205
206static const char *vbe_name(u32 index)
207{
208 if (index < ARRAY_SIZE(vbe_name_list))
209 return vbe_name_list[index];
210 return "(invalid)";
211}
212
213static struct page *__mbochs_get_page(struct mdev_state *mdev_state,
214 pgoff_t pgoff);
215static struct page *mbochs_get_page(struct mdev_state *mdev_state,
216 pgoff_t pgoff);
217
218static void mbochs_create_config_space(struct mdev_state *mdev_state)
219{
220 STORE_LE16((u16 *) &mdev_state->vconfig[PCI_VENDOR_ID],
221 0x1234);
222 STORE_LE16((u16 *) &mdev_state->vconfig[PCI_DEVICE_ID],
223 0x1111);
224 STORE_LE16((u16 *) &mdev_state->vconfig[PCI_SUBSYSTEM_VENDOR_ID],
225 PCI_SUBVENDOR_ID_REDHAT_QUMRANET);
226 STORE_LE16((u16 *) &mdev_state->vconfig[PCI_SUBSYSTEM_ID],
227 PCI_SUBDEVICE_ID_QEMU);
228
229 STORE_LE16((u16 *) &mdev_state->vconfig[PCI_COMMAND],
230 PCI_COMMAND_IO | PCI_COMMAND_MEMORY);
231 STORE_LE16((u16 *) &mdev_state->vconfig[PCI_CLASS_DEVICE],
232 PCI_CLASS_DISPLAY_OTHER);
233 mdev_state->vconfig[PCI_CLASS_REVISION] = 0x01;
234
235 STORE_LE32((u32 *) &mdev_state->vconfig[PCI_BASE_ADDRESS_0],
236 PCI_BASE_ADDRESS_SPACE_MEMORY |
237 PCI_BASE_ADDRESS_MEM_TYPE_32 |
238 PCI_BASE_ADDRESS_MEM_PREFETCH);
239 mdev_state->bar_mask[0] = ~(mdev_state->memsize) + 1;
240
241 STORE_LE32((u32 *) &mdev_state->vconfig[PCI_BASE_ADDRESS_2],
242 PCI_BASE_ADDRESS_SPACE_MEMORY |
243 PCI_BASE_ADDRESS_MEM_TYPE_32);
244 mdev_state->bar_mask[2] = ~(MBOCHS_MMIO_BAR_SIZE) + 1;
245}
246
247static int mbochs_check_framebuffer(struct mdev_state *mdev_state,
248 struct mbochs_mode *mode)
249{
250 struct device *dev = mdev_dev(mdev: mdev_state->mdev);
251 u16 *vbe = mdev_state->vbe;
252 u32 virt_width;
253
254 WARN_ON(!mutex_is_locked(&mdev_state->ops_lock));
255
256 if (!(vbe[VBE_DISPI_INDEX_ENABLE] & VBE_DISPI_ENABLED))
257 goto nofb;
258
259 memset(mode, 0, sizeof(*mode));
260 switch (vbe[VBE_DISPI_INDEX_BPP]) {
261 case 32:
262 mode->drm_format = DRM_FORMAT_XRGB8888;
263 mode->bytepp = 4;
264 break;
265 default:
266 dev_info_ratelimited(dev, "%s: bpp %d not supported\n",
267 __func__, vbe[VBE_DISPI_INDEX_BPP]);
268 goto nofb;
269 }
270
271 mode->width = vbe[VBE_DISPI_INDEX_XRES];
272 mode->height = vbe[VBE_DISPI_INDEX_YRES];
273 virt_width = vbe[VBE_DISPI_INDEX_VIRT_WIDTH];
274 if (virt_width < mode->width)
275 virt_width = mode->width;
276 mode->stride = virt_width * mode->bytepp;
277 mode->size = (u64)mode->stride * mode->height;
278 mode->offset = ((u64)vbe[VBE_DISPI_INDEX_X_OFFSET] * mode->bytepp +
279 (u64)vbe[VBE_DISPI_INDEX_Y_OFFSET] * mode->stride);
280
281 if (mode->width < 64 || mode->height < 64) {
282 dev_info_ratelimited(dev, "%s: invalid resolution %dx%d\n",
283 __func__, mode->width, mode->height);
284 goto nofb;
285 }
286 if (mode->offset + mode->size > mdev_state->memsize) {
287 dev_info_ratelimited(dev, "%s: framebuffer memory overflow\n",
288 __func__);
289 goto nofb;
290 }
291
292 return 0;
293
294nofb:
295 memset(mode, 0, sizeof(*mode));
296 return -EINVAL;
297}
298
299static bool mbochs_modes_equal(struct mbochs_mode *mode1,
300 struct mbochs_mode *mode2)
301{
302 return memcmp(p: mode1, q: mode2, size: sizeof(struct mbochs_mode)) == 0;
303}
304
305static void handle_pci_cfg_write(struct mdev_state *mdev_state, u16 offset,
306 char *buf, u32 count)
307{
308 struct device *dev = mdev_dev(mdev: mdev_state->mdev);
309 int index = (offset - PCI_BASE_ADDRESS_0) / 0x04;
310 u32 cfg_addr;
311
312 switch (offset) {
313 case PCI_BASE_ADDRESS_0:
314 case PCI_BASE_ADDRESS_2:
315 cfg_addr = *(u32 *)buf;
316
317 if (cfg_addr == 0xffffffff) {
318 cfg_addr = (cfg_addr & mdev_state->bar_mask[index]);
319 } else {
320 cfg_addr &= PCI_BASE_ADDRESS_MEM_MASK;
321 if (cfg_addr)
322 dev_info(dev, "BAR #%d @ 0x%x\n",
323 index, cfg_addr);
324 }
325
326 cfg_addr |= (mdev_state->vconfig[offset] &
327 ~PCI_BASE_ADDRESS_MEM_MASK);
328 STORE_LE32(&mdev_state->vconfig[offset], cfg_addr);
329 break;
330 }
331}
332
333static void handle_mmio_write(struct mdev_state *mdev_state, u16 offset,
334 char *buf, u32 count)
335{
336 struct device *dev = mdev_dev(mdev: mdev_state->mdev);
337 int index;
338 u16 reg16;
339
340 switch (offset) {
341 case 0x400 ... 0x41f: /* vga ioports remapped */
342 goto unhandled;
343 case 0x500 ... 0x515: /* bochs dispi interface */
344 if (count != 2)
345 goto unhandled;
346 index = (offset - 0x500) / 2;
347 reg16 = *(u16 *)buf;
348 if (index < ARRAY_SIZE(mdev_state->vbe))
349 mdev_state->vbe[index] = reg16;
350 dev_dbg(dev, "%s: vbe write %d = %d (%s)\n",
351 __func__, index, reg16, vbe_name(index));
352 break;
353 case 0x600 ... 0x607: /* qemu extended regs */
354 goto unhandled;
355 default:
356unhandled:
357 dev_dbg(dev, "%s: @0x%03x, count %d (unhandled)\n",
358 __func__, offset, count);
359 break;
360 }
361}
362
363static void handle_mmio_read(struct mdev_state *mdev_state, u16 offset,
364 char *buf, u32 count)
365{
366 struct device *dev = mdev_dev(mdev: mdev_state->mdev);
367 struct vfio_region_gfx_edid *edid;
368 u16 reg16 = 0;
369 int index;
370
371 switch (offset) {
372 case 0x000 ... 0x3ff: /* edid block */
373 edid = &mdev_state->edid_regs;
374 if (edid->link_state != VFIO_DEVICE_GFX_LINK_STATE_UP ||
375 offset >= edid->edid_size) {
376 memset(buf, 0, count);
377 break;
378 }
379 memcpy(buf, mdev_state->edid_blob + offset, count);
380 break;
381 case 0x500 ... 0x515: /* bochs dispi interface */
382 if (count != 2)
383 goto unhandled;
384 index = (offset - 0x500) / 2;
385 if (index < ARRAY_SIZE(mdev_state->vbe))
386 reg16 = mdev_state->vbe[index];
387 dev_dbg(dev, "%s: vbe read %d = %d (%s)\n",
388 __func__, index, reg16, vbe_name(index));
389 *(u16 *)buf = reg16;
390 break;
391 default:
392unhandled:
393 dev_dbg(dev, "%s: @0x%03x, count %d (unhandled)\n",
394 __func__, offset, count);
395 memset(buf, 0, count);
396 break;
397 }
398}
399
400static void handle_edid_regs(struct mdev_state *mdev_state, u16 offset,
401 char *buf, u32 count, bool is_write)
402{
403 char *regs = (void *)&mdev_state->edid_regs;
404
405 if (offset + count > sizeof(mdev_state->edid_regs))
406 return;
407 if (count != 4)
408 return;
409 if (offset % 4)
410 return;
411
412 if (is_write) {
413 switch (offset) {
414 case offsetof(struct vfio_region_gfx_edid, link_state):
415 case offsetof(struct vfio_region_gfx_edid, edid_size):
416 memcpy(regs + offset, buf, count);
417 break;
418 default:
419 /* read-only regs */
420 break;
421 }
422 } else {
423 memcpy(buf, regs + offset, count);
424 }
425}
426
427static void handle_edid_blob(struct mdev_state *mdev_state, u16 offset,
428 char *buf, u32 count, bool is_write)
429{
430 if (offset + count > mdev_state->edid_regs.edid_max_size)
431 return;
432 if (is_write)
433 memcpy(mdev_state->edid_blob + offset, buf, count);
434 else
435 memcpy(buf, mdev_state->edid_blob + offset, count);
436}
437
438static ssize_t mdev_access(struct mdev_state *mdev_state, char *buf,
439 size_t count, loff_t pos, bool is_write)
440{
441 struct page *pg;
442 loff_t poff;
443 char *map;
444 int ret = 0;
445
446 mutex_lock(&mdev_state->ops_lock);
447
448 if (pos < MBOCHS_CONFIG_SPACE_SIZE) {
449 if (is_write)
450 handle_pci_cfg_write(mdev_state, offset: pos, buf, count);
451 else
452 memcpy(buf, (mdev_state->vconfig + pos), count);
453
454 } else if (pos >= MBOCHS_MMIO_BAR_OFFSET &&
455 pos + count <= (MBOCHS_MMIO_BAR_OFFSET +
456 MBOCHS_MMIO_BAR_SIZE)) {
457 pos -= MBOCHS_MMIO_BAR_OFFSET;
458 if (is_write)
459 handle_mmio_write(mdev_state, offset: pos, buf, count);
460 else
461 handle_mmio_read(mdev_state, offset: pos, buf, count);
462
463 } else if (pos >= MBOCHS_EDID_OFFSET &&
464 pos + count <= (MBOCHS_EDID_OFFSET +
465 MBOCHS_EDID_SIZE)) {
466 pos -= MBOCHS_EDID_OFFSET;
467 if (pos < MBOCHS_EDID_BLOB_OFFSET) {
468 handle_edid_regs(mdev_state, offset: pos, buf, count, is_write);
469 } else {
470 pos -= MBOCHS_EDID_BLOB_OFFSET;
471 handle_edid_blob(mdev_state, offset: pos, buf, count, is_write);
472 }
473
474 } else if (pos >= MBOCHS_MEMORY_BAR_OFFSET &&
475 pos + count <=
476 MBOCHS_MEMORY_BAR_OFFSET + mdev_state->memsize) {
477 pos -= MBOCHS_MMIO_BAR_OFFSET;
478 poff = pos & ~PAGE_MASK;
479 pg = __mbochs_get_page(mdev_state, pgoff: pos >> PAGE_SHIFT);
480 map = kmap(page: pg);
481 if (is_write)
482 memcpy(map + poff, buf, count);
483 else
484 memcpy(buf, map + poff, count);
485 kunmap(page: pg);
486 put_page(page: pg);
487
488 } else {
489 dev_dbg(mdev_state->vdev.dev, "%s: %s @0x%llx (unhandled)\n",
490 __func__, is_write ? "WR" : "RD", pos);
491 ret = -1;
492 goto accessfailed;
493 }
494
495 ret = count;
496
497
498accessfailed:
499 mutex_unlock(lock: &mdev_state->ops_lock);
500
501 return ret;
502}
503
504static int mbochs_reset(struct mdev_state *mdev_state)
505{
506 u32 size64k = mdev_state->memsize / (64 * 1024);
507 int i;
508
509 for (i = 0; i < ARRAY_SIZE(mdev_state->vbe); i++)
510 mdev_state->vbe[i] = 0;
511 mdev_state->vbe[VBE_DISPI_INDEX_ID] = VBE_DISPI_ID5;
512 mdev_state->vbe[VBE_DISPI_INDEX_VIDEO_MEMORY_64K] = size64k;
513 return 0;
514}
515
516static int mbochs_init_dev(struct vfio_device *vdev)
517{
518 struct mdev_state *mdev_state =
519 container_of(vdev, struct mdev_state, vdev);
520 struct mdev_device *mdev = to_mdev_device(dev: vdev->dev);
521 struct mbochs_type *type =
522 container_of(mdev->type, struct mbochs_type, type);
523 int avail_mbytes = atomic_read(v: &mbochs_avail_mbytes);
524 int ret = -ENOMEM;
525
526 do {
527 if (avail_mbytes < type->mbytes)
528 return -ENOSPC;
529 } while (!atomic_try_cmpxchg(v: &mbochs_avail_mbytes, old: &avail_mbytes,
530 new: avail_mbytes - type->mbytes));
531
532 mdev_state->vconfig = kzalloc(MBOCHS_CONFIG_SPACE_SIZE, GFP_KERNEL);
533 if (!mdev_state->vconfig)
534 goto err_avail;
535
536 mdev_state->memsize = type->mbytes * 1024 * 1024;
537 mdev_state->pagecount = mdev_state->memsize >> PAGE_SHIFT;
538 mdev_state->pages = kcalloc(n: mdev_state->pagecount,
539 size: sizeof(struct page *),
540 GFP_KERNEL);
541 if (!mdev_state->pages)
542 goto err_vconfig;
543
544 mutex_init(&mdev_state->ops_lock);
545 mdev_state->mdev = mdev;
546 INIT_LIST_HEAD(list: &mdev_state->dmabufs);
547 mdev_state->next_id = 1;
548
549 mdev_state->type = type;
550 mdev_state->edid_regs.max_xres = type->max_x;
551 mdev_state->edid_regs.max_yres = type->max_y;
552 mdev_state->edid_regs.edid_offset = MBOCHS_EDID_BLOB_OFFSET;
553 mdev_state->edid_regs.edid_max_size = sizeof(mdev_state->edid_blob);
554 mbochs_create_config_space(mdev_state);
555 mbochs_reset(mdev_state);
556
557 dev_info(vdev->dev, "%s: %s, %d MB, %ld pages\n", __func__,
558 type->type.pretty_name, type->mbytes, mdev_state->pagecount);
559 return 0;
560
561err_vconfig:
562 kfree(objp: mdev_state->vconfig);
563err_avail:
564 atomic_add(i: type->mbytes, v: &mbochs_avail_mbytes);
565 return ret;
566}
567
568static int mbochs_probe(struct mdev_device *mdev)
569{
570 struct mdev_state *mdev_state;
571 int ret = -ENOMEM;
572
573 mdev_state = vfio_alloc_device(mdev_state, vdev, &mdev->dev,
574 &mbochs_dev_ops);
575 if (IS_ERR(ptr: mdev_state))
576 return PTR_ERR(ptr: mdev_state);
577
578 ret = vfio_register_emulated_iommu_dev(device: &mdev_state->vdev);
579 if (ret)
580 goto err_put_vdev;
581 dev_set_drvdata(dev: &mdev->dev, data: mdev_state);
582 return 0;
583
584err_put_vdev:
585 vfio_put_device(device: &mdev_state->vdev);
586 return ret;
587}
588
589static void mbochs_release_dev(struct vfio_device *vdev)
590{
591 struct mdev_state *mdev_state =
592 container_of(vdev, struct mdev_state, vdev);
593
594 atomic_add(i: mdev_state->type->mbytes, v: &mbochs_avail_mbytes);
595 kfree(objp: mdev_state->pages);
596 kfree(objp: mdev_state->vconfig);
597}
598
599static void mbochs_remove(struct mdev_device *mdev)
600{
601 struct mdev_state *mdev_state = dev_get_drvdata(dev: &mdev->dev);
602
603 vfio_unregister_group_dev(device: &mdev_state->vdev);
604 vfio_put_device(device: &mdev_state->vdev);
605}
606
607static ssize_t mbochs_read(struct vfio_device *vdev, char __user *buf,
608 size_t count, loff_t *ppos)
609{
610 struct mdev_state *mdev_state =
611 container_of(vdev, struct mdev_state, vdev);
612 unsigned int done = 0;
613 int ret;
614
615 while (count) {
616 size_t filled;
617
618 if (count >= 4 && !(*ppos % 4)) {
619 u32 val;
620
621 ret = mdev_access(mdev_state, buf: (char *)&val, count: sizeof(val),
622 pos: *ppos, is_write: false);
623 if (ret <= 0)
624 goto read_err;
625
626 if (copy_to_user(to: buf, from: &val, n: sizeof(val)))
627 goto read_err;
628
629 filled = 4;
630 } else if (count >= 2 && !(*ppos % 2)) {
631 u16 val;
632
633 ret = mdev_access(mdev_state, buf: (char *)&val, count: sizeof(val),
634 pos: *ppos, is_write: false);
635 if (ret <= 0)
636 goto read_err;
637
638 if (copy_to_user(to: buf, from: &val, n: sizeof(val)))
639 goto read_err;
640
641 filled = 2;
642 } else {
643 u8 val;
644
645 ret = mdev_access(mdev_state, buf: (char *)&val, count: sizeof(val),
646 pos: *ppos, is_write: false);
647 if (ret <= 0)
648 goto read_err;
649
650 if (copy_to_user(to: buf, from: &val, n: sizeof(val)))
651 goto read_err;
652
653 filled = 1;
654 }
655
656 count -= filled;
657 done += filled;
658 *ppos += filled;
659 buf += filled;
660 }
661
662 return done;
663
664read_err:
665 return -EFAULT;
666}
667
668static ssize_t mbochs_write(struct vfio_device *vdev, const char __user *buf,
669 size_t count, loff_t *ppos)
670{
671 struct mdev_state *mdev_state =
672 container_of(vdev, struct mdev_state, vdev);
673 unsigned int done = 0;
674 int ret;
675
676 while (count) {
677 size_t filled;
678
679 if (count >= 4 && !(*ppos % 4)) {
680 u32 val;
681
682 if (copy_from_user(to: &val, from: buf, n: sizeof(val)))
683 goto write_err;
684
685 ret = mdev_access(mdev_state, buf: (char *)&val, count: sizeof(val),
686 pos: *ppos, is_write: true);
687 if (ret <= 0)
688 goto write_err;
689
690 filled = 4;
691 } else if (count >= 2 && !(*ppos % 2)) {
692 u16 val;
693
694 if (copy_from_user(to: &val, from: buf, n: sizeof(val)))
695 goto write_err;
696
697 ret = mdev_access(mdev_state, buf: (char *)&val, count: sizeof(val),
698 pos: *ppos, is_write: true);
699 if (ret <= 0)
700 goto write_err;
701
702 filled = 2;
703 } else {
704 u8 val;
705
706 if (copy_from_user(to: &val, from: buf, n: sizeof(val)))
707 goto write_err;
708
709 ret = mdev_access(mdev_state, buf: (char *)&val, count: sizeof(val),
710 pos: *ppos, is_write: true);
711 if (ret <= 0)
712 goto write_err;
713
714 filled = 1;
715 }
716 count -= filled;
717 done += filled;
718 *ppos += filled;
719 buf += filled;
720 }
721
722 return done;
723write_err:
724 return -EFAULT;
725}
726
727static struct page *__mbochs_get_page(struct mdev_state *mdev_state,
728 pgoff_t pgoff)
729{
730 WARN_ON(!mutex_is_locked(&mdev_state->ops_lock));
731
732 if (!mdev_state->pages[pgoff]) {
733 mdev_state->pages[pgoff] =
734 alloc_pages(GFP_HIGHUSER | __GFP_ZERO, order: 0);
735 if (!mdev_state->pages[pgoff])
736 return NULL;
737 }
738
739 get_page(page: mdev_state->pages[pgoff]);
740 return mdev_state->pages[pgoff];
741}
742
743static struct page *mbochs_get_page(struct mdev_state *mdev_state,
744 pgoff_t pgoff)
745{
746 struct page *page;
747
748 if (WARN_ON(pgoff >= mdev_state->pagecount))
749 return NULL;
750
751 mutex_lock(&mdev_state->ops_lock);
752 page = __mbochs_get_page(mdev_state, pgoff);
753 mutex_unlock(lock: &mdev_state->ops_lock);
754
755 return page;
756}
757
758static void mbochs_put_pages(struct mdev_state *mdev_state)
759{
760 struct device *dev = mdev_dev(mdev: mdev_state->mdev);
761 int i, count = 0;
762
763 WARN_ON(!mutex_is_locked(&mdev_state->ops_lock));
764
765 for (i = 0; i < mdev_state->pagecount; i++) {
766 if (!mdev_state->pages[i])
767 continue;
768 put_page(page: mdev_state->pages[i]);
769 mdev_state->pages[i] = NULL;
770 count++;
771 }
772 dev_dbg(dev, "%s: %d pages released\n", __func__, count);
773}
774
775static vm_fault_t mbochs_region_vm_fault(struct vm_fault *vmf)
776{
777 struct vm_area_struct *vma = vmf->vma;
778 struct mdev_state *mdev_state = vma->vm_private_data;
779 pgoff_t page_offset = (vmf->address - vma->vm_start) >> PAGE_SHIFT;
780
781 if (page_offset >= mdev_state->pagecount)
782 return VM_FAULT_SIGBUS;
783
784 vmf->page = mbochs_get_page(mdev_state, pgoff: page_offset);
785 if (!vmf->page)
786 return VM_FAULT_SIGBUS;
787
788 return 0;
789}
790
791static const struct vm_operations_struct mbochs_region_vm_ops = {
792 .fault = mbochs_region_vm_fault,
793};
794
795static int mbochs_mmap(struct vfio_device *vdev, struct vm_area_struct *vma)
796{
797 struct mdev_state *mdev_state =
798 container_of(vdev, struct mdev_state, vdev);
799
800 if (vma->vm_pgoff != MBOCHS_MEMORY_BAR_OFFSET >> PAGE_SHIFT)
801 return -EINVAL;
802 if (vma->vm_end < vma->vm_start)
803 return -EINVAL;
804 if (vma->vm_end - vma->vm_start > mdev_state->memsize)
805 return -EINVAL;
806 if ((vma->vm_flags & VM_SHARED) == 0)
807 return -EINVAL;
808
809 vma->vm_ops = &mbochs_region_vm_ops;
810 vma->vm_private_data = mdev_state;
811 return 0;
812}
813
814static vm_fault_t mbochs_dmabuf_vm_fault(struct vm_fault *vmf)
815{
816 struct vm_area_struct *vma = vmf->vma;
817 struct mbochs_dmabuf *dmabuf = vma->vm_private_data;
818
819 if (WARN_ON(vmf->pgoff >= dmabuf->pagecount))
820 return VM_FAULT_SIGBUS;
821
822 vmf->page = dmabuf->pages[vmf->pgoff];
823 get_page(page: vmf->page);
824 return 0;
825}
826
827static const struct vm_operations_struct mbochs_dmabuf_vm_ops = {
828 .fault = mbochs_dmabuf_vm_fault,
829};
830
831static int mbochs_mmap_dmabuf(struct dma_buf *buf, struct vm_area_struct *vma)
832{
833 struct mbochs_dmabuf *dmabuf = buf->priv;
834 struct device *dev = mdev_dev(mdev: dmabuf->mdev_state->mdev);
835
836 dev_dbg(dev, "%s: %d\n", __func__, dmabuf->id);
837
838 if ((vma->vm_flags & VM_SHARED) == 0)
839 return -EINVAL;
840
841 vma->vm_ops = &mbochs_dmabuf_vm_ops;
842 vma->vm_private_data = dmabuf;
843 return 0;
844}
845
846static void mbochs_print_dmabuf(struct mbochs_dmabuf *dmabuf,
847 const char *prefix)
848{
849 struct device *dev = mdev_dev(mdev: dmabuf->mdev_state->mdev);
850 u32 fourcc = dmabuf->mode.drm_format;
851
852 dev_dbg(dev, "%s/%d: %c%c%c%c, %dx%d, stride %d, off 0x%llx, size 0x%llx, pages %ld\n",
853 prefix, dmabuf->id,
854 fourcc ? ((fourcc >> 0) & 0xff) : '-',
855 fourcc ? ((fourcc >> 8) & 0xff) : '-',
856 fourcc ? ((fourcc >> 16) & 0xff) : '-',
857 fourcc ? ((fourcc >> 24) & 0xff) : '-',
858 dmabuf->mode.width, dmabuf->mode.height, dmabuf->mode.stride,
859 dmabuf->mode.offset, dmabuf->mode.size, dmabuf->pagecount);
860}
861
862static struct sg_table *mbochs_map_dmabuf(struct dma_buf_attachment *at,
863 enum dma_data_direction direction)
864{
865 struct mbochs_dmabuf *dmabuf = at->dmabuf->priv;
866 struct device *dev = mdev_dev(mdev: dmabuf->mdev_state->mdev);
867 struct sg_table *sg;
868
869 dev_dbg(dev, "%s: %d\n", __func__, dmabuf->id);
870
871 sg = kzalloc(size: sizeof(*sg), GFP_KERNEL);
872 if (!sg)
873 goto err1;
874 if (sg_alloc_table_from_pages(sgt: sg, pages: dmabuf->pages, n_pages: dmabuf->pagecount,
875 offset: 0, size: dmabuf->mode.size, GFP_KERNEL) < 0)
876 goto err2;
877 if (dma_map_sgtable(dev: at->dev, sgt: sg, dir: direction, attrs: 0))
878 goto err3;
879
880 return sg;
881
882err3:
883 sg_free_table(sg);
884err2:
885 kfree(objp: sg);
886err1:
887 return ERR_PTR(error: -ENOMEM);
888}
889
890static void mbochs_unmap_dmabuf(struct dma_buf_attachment *at,
891 struct sg_table *sg,
892 enum dma_data_direction direction)
893{
894 struct mbochs_dmabuf *dmabuf = at->dmabuf->priv;
895 struct device *dev = mdev_dev(mdev: dmabuf->mdev_state->mdev);
896
897 dev_dbg(dev, "%s: %d\n", __func__, dmabuf->id);
898
899 dma_unmap_sgtable(dev: at->dev, sgt: sg, dir: direction, attrs: 0);
900 sg_free_table(sg);
901 kfree(objp: sg);
902}
903
904static void mbochs_release_dmabuf(struct dma_buf *buf)
905{
906 struct mbochs_dmabuf *dmabuf = buf->priv;
907 struct mdev_state *mdev_state = dmabuf->mdev_state;
908 struct device *dev = mdev_dev(mdev: mdev_state->mdev);
909 pgoff_t pg;
910
911 dev_dbg(dev, "%s: %d\n", __func__, dmabuf->id);
912
913 for (pg = 0; pg < dmabuf->pagecount; pg++)
914 put_page(page: dmabuf->pages[pg]);
915
916 mutex_lock(&mdev_state->ops_lock);
917 dmabuf->buf = NULL;
918 if (dmabuf->unlinked)
919 kfree(objp: dmabuf);
920 mutex_unlock(lock: &mdev_state->ops_lock);
921}
922
923static struct dma_buf_ops mbochs_dmabuf_ops = {
924 .map_dma_buf = mbochs_map_dmabuf,
925 .unmap_dma_buf = mbochs_unmap_dmabuf,
926 .release = mbochs_release_dmabuf,
927 .mmap = mbochs_mmap_dmabuf,
928};
929
930static struct mbochs_dmabuf *mbochs_dmabuf_alloc(struct mdev_state *mdev_state,
931 struct mbochs_mode *mode)
932{
933 struct mbochs_dmabuf *dmabuf;
934 pgoff_t page_offset, pg;
935
936 WARN_ON(!mutex_is_locked(&mdev_state->ops_lock));
937
938 dmabuf = kzalloc(size: sizeof(struct mbochs_dmabuf), GFP_KERNEL);
939 if (!dmabuf)
940 return NULL;
941
942 dmabuf->mode = *mode;
943 dmabuf->id = mdev_state->next_id++;
944 dmabuf->pagecount = DIV_ROUND_UP(mode->size, PAGE_SIZE);
945 dmabuf->pages = kcalloc(n: dmabuf->pagecount, size: sizeof(struct page *),
946 GFP_KERNEL);
947 if (!dmabuf->pages)
948 goto err_free_dmabuf;
949
950 page_offset = dmabuf->mode.offset >> PAGE_SHIFT;
951 for (pg = 0; pg < dmabuf->pagecount; pg++) {
952 dmabuf->pages[pg] = __mbochs_get_page(mdev_state,
953 pgoff: page_offset + pg);
954 if (!dmabuf->pages[pg])
955 goto err_free_pages;
956 }
957
958 dmabuf->mdev_state = mdev_state;
959 list_add(new: &dmabuf->next, head: &mdev_state->dmabufs);
960
961 mbochs_print_dmabuf(dmabuf, prefix: __func__);
962 return dmabuf;
963
964err_free_pages:
965 while (pg > 0)
966 put_page(page: dmabuf->pages[--pg]);
967 kfree(objp: dmabuf->pages);
968err_free_dmabuf:
969 kfree(objp: dmabuf);
970 return NULL;
971}
972
973static struct mbochs_dmabuf *
974mbochs_dmabuf_find_by_mode(struct mdev_state *mdev_state,
975 struct mbochs_mode *mode)
976{
977 struct mbochs_dmabuf *dmabuf;
978
979 WARN_ON(!mutex_is_locked(&mdev_state->ops_lock));
980
981 list_for_each_entry(dmabuf, &mdev_state->dmabufs, next)
982 if (mbochs_modes_equal(mode1: &dmabuf->mode, mode2: mode))
983 return dmabuf;
984
985 return NULL;
986}
987
988static struct mbochs_dmabuf *
989mbochs_dmabuf_find_by_id(struct mdev_state *mdev_state, u32 id)
990{
991 struct mbochs_dmabuf *dmabuf;
992
993 WARN_ON(!mutex_is_locked(&mdev_state->ops_lock));
994
995 list_for_each_entry(dmabuf, &mdev_state->dmabufs, next)
996 if (dmabuf->id == id)
997 return dmabuf;
998
999 return NULL;
1000}
1001
1002static int mbochs_dmabuf_export(struct mbochs_dmabuf *dmabuf)
1003{
1004 struct mdev_state *mdev_state = dmabuf->mdev_state;
1005 struct device *dev = mdev_state->vdev.dev;
1006 DEFINE_DMA_BUF_EXPORT_INFO(exp_info);
1007 struct dma_buf *buf;
1008
1009 WARN_ON(!mutex_is_locked(&mdev_state->ops_lock));
1010
1011 if (!IS_ALIGNED(dmabuf->mode.offset, PAGE_SIZE)) {
1012 dev_info_ratelimited(dev, "%s: framebuffer not page-aligned\n",
1013 __func__);
1014 return -EINVAL;
1015 }
1016
1017 exp_info.ops = &mbochs_dmabuf_ops;
1018 exp_info.size = dmabuf->mode.size;
1019 exp_info.priv = dmabuf;
1020
1021 buf = dma_buf_export(exp_info: &exp_info);
1022 if (IS_ERR(ptr: buf)) {
1023 dev_info_ratelimited(dev, "%s: dma_buf_export failed: %ld\n",
1024 __func__, PTR_ERR(buf));
1025 return PTR_ERR(ptr: buf);
1026 }
1027
1028 dmabuf->buf = buf;
1029 dev_dbg(dev, "%s: %d\n", __func__, dmabuf->id);
1030 return 0;
1031}
1032
1033static int mbochs_get_region_info(struct mdev_state *mdev_state,
1034 struct vfio_region_info_ext *ext)
1035{
1036 struct vfio_region_info *region_info = &ext->base;
1037
1038 if (region_info->index >= MBOCHS_NUM_REGIONS)
1039 return -EINVAL;
1040
1041 switch (region_info->index) {
1042 case VFIO_PCI_CONFIG_REGION_INDEX:
1043 region_info->offset = 0;
1044 region_info->size = MBOCHS_CONFIG_SPACE_SIZE;
1045 region_info->flags = (VFIO_REGION_INFO_FLAG_READ |
1046 VFIO_REGION_INFO_FLAG_WRITE);
1047 break;
1048 case VFIO_PCI_BAR0_REGION_INDEX:
1049 region_info->offset = MBOCHS_MEMORY_BAR_OFFSET;
1050 region_info->size = mdev_state->memsize;
1051 region_info->flags = (VFIO_REGION_INFO_FLAG_READ |
1052 VFIO_REGION_INFO_FLAG_WRITE |
1053 VFIO_REGION_INFO_FLAG_MMAP);
1054 break;
1055 case VFIO_PCI_BAR2_REGION_INDEX:
1056 region_info->offset = MBOCHS_MMIO_BAR_OFFSET;
1057 region_info->size = MBOCHS_MMIO_BAR_SIZE;
1058 region_info->flags = (VFIO_REGION_INFO_FLAG_READ |
1059 VFIO_REGION_INFO_FLAG_WRITE);
1060 break;
1061 case MBOCHS_EDID_REGION_INDEX:
1062 ext->base.argsz = sizeof(*ext);
1063 ext->base.offset = MBOCHS_EDID_OFFSET;
1064 ext->base.size = MBOCHS_EDID_SIZE;
1065 ext->base.flags = (VFIO_REGION_INFO_FLAG_READ |
1066 VFIO_REGION_INFO_FLAG_WRITE |
1067 VFIO_REGION_INFO_FLAG_CAPS);
1068 ext->base.cap_offset = offsetof(typeof(*ext), type);
1069 ext->type.header.id = VFIO_REGION_INFO_CAP_TYPE;
1070 ext->type.header.version = 1;
1071 ext->type.header.next = 0;
1072 ext->type.type = VFIO_REGION_TYPE_GFX;
1073 ext->type.subtype = VFIO_REGION_SUBTYPE_GFX_EDID;
1074 break;
1075 default:
1076 region_info->size = 0;
1077 region_info->offset = 0;
1078 region_info->flags = 0;
1079 }
1080
1081 return 0;
1082}
1083
1084static int mbochs_get_irq_info(struct vfio_irq_info *irq_info)
1085{
1086 irq_info->count = 0;
1087 return 0;
1088}
1089
1090static int mbochs_get_device_info(struct vfio_device_info *dev_info)
1091{
1092 dev_info->flags = VFIO_DEVICE_FLAGS_PCI;
1093 dev_info->num_regions = MBOCHS_NUM_REGIONS;
1094 dev_info->num_irqs = VFIO_PCI_NUM_IRQS;
1095 return 0;
1096}
1097
1098static int mbochs_query_gfx_plane(struct mdev_state *mdev_state,
1099 struct vfio_device_gfx_plane_info *plane)
1100{
1101 struct mbochs_dmabuf *dmabuf;
1102 struct mbochs_mode mode;
1103 int ret;
1104
1105 if (plane->flags & VFIO_GFX_PLANE_TYPE_PROBE) {
1106 if (plane->flags == (VFIO_GFX_PLANE_TYPE_PROBE |
1107 VFIO_GFX_PLANE_TYPE_DMABUF))
1108 return 0;
1109 return -EINVAL;
1110 }
1111
1112 if (plane->flags != VFIO_GFX_PLANE_TYPE_DMABUF)
1113 return -EINVAL;
1114
1115 plane->drm_format_mod = 0;
1116 plane->x_pos = 0;
1117 plane->y_pos = 0;
1118 plane->x_hot = 0;
1119 plane->y_hot = 0;
1120
1121 mutex_lock(&mdev_state->ops_lock);
1122
1123 ret = -EINVAL;
1124 if (plane->drm_plane_type == DRM_PLANE_TYPE_PRIMARY)
1125 ret = mbochs_check_framebuffer(mdev_state, mode: &mode);
1126 if (ret < 0) {
1127 plane->drm_format = 0;
1128 plane->width = 0;
1129 plane->height = 0;
1130 plane->stride = 0;
1131 plane->size = 0;
1132 plane->dmabuf_id = 0;
1133 goto done;
1134 }
1135
1136 dmabuf = mbochs_dmabuf_find_by_mode(mdev_state, mode: &mode);
1137 if (!dmabuf)
1138 mbochs_dmabuf_alloc(mdev_state, mode: &mode);
1139 if (!dmabuf) {
1140 mutex_unlock(lock: &mdev_state->ops_lock);
1141 return -ENOMEM;
1142 }
1143
1144 plane->drm_format = dmabuf->mode.drm_format;
1145 plane->width = dmabuf->mode.width;
1146 plane->height = dmabuf->mode.height;
1147 plane->stride = dmabuf->mode.stride;
1148 plane->size = dmabuf->mode.size;
1149 plane->dmabuf_id = dmabuf->id;
1150
1151done:
1152 if (plane->drm_plane_type == DRM_PLANE_TYPE_PRIMARY &&
1153 mdev_state->active_id != plane->dmabuf_id) {
1154 dev_dbg(mdev_state->vdev.dev, "%s: primary: %d => %d\n",
1155 __func__, mdev_state->active_id, plane->dmabuf_id);
1156 mdev_state->active_id = plane->dmabuf_id;
1157 }
1158 mutex_unlock(lock: &mdev_state->ops_lock);
1159 return 0;
1160}
1161
1162static int mbochs_get_gfx_dmabuf(struct mdev_state *mdev_state, u32 id)
1163{
1164 struct mbochs_dmabuf *dmabuf;
1165
1166 mutex_lock(&mdev_state->ops_lock);
1167
1168 dmabuf = mbochs_dmabuf_find_by_id(mdev_state, id);
1169 if (!dmabuf) {
1170 mutex_unlock(lock: &mdev_state->ops_lock);
1171 return -ENOENT;
1172 }
1173
1174 if (!dmabuf->buf)
1175 mbochs_dmabuf_export(dmabuf);
1176
1177 mutex_unlock(lock: &mdev_state->ops_lock);
1178
1179 if (!dmabuf->buf)
1180 return -EINVAL;
1181
1182 return dma_buf_fd(dmabuf: dmabuf->buf, flags: 0);
1183}
1184
1185static long mbochs_ioctl(struct vfio_device *vdev, unsigned int cmd,
1186 unsigned long arg)
1187{
1188 struct mdev_state *mdev_state =
1189 container_of(vdev, struct mdev_state, vdev);
1190 int ret = 0;
1191 unsigned long minsz, outsz;
1192
1193 switch (cmd) {
1194 case VFIO_DEVICE_GET_INFO:
1195 {
1196 struct vfio_device_info info;
1197
1198 minsz = offsetofend(struct vfio_device_info, num_irqs);
1199
1200 if (copy_from_user(to: &info, from: (void __user *)arg, n: minsz))
1201 return -EFAULT;
1202
1203 if (info.argsz < minsz)
1204 return -EINVAL;
1205
1206 ret = mbochs_get_device_info(dev_info: &info);
1207 if (ret)
1208 return ret;
1209
1210 if (copy_to_user(to: (void __user *)arg, from: &info, n: minsz))
1211 return -EFAULT;
1212
1213 return 0;
1214 }
1215 case VFIO_DEVICE_GET_REGION_INFO:
1216 {
1217 struct vfio_region_info_ext info;
1218
1219 minsz = offsetofend(typeof(info), base.offset);
1220
1221 if (copy_from_user(to: &info, from: (void __user *)arg, n: minsz))
1222 return -EFAULT;
1223
1224 outsz = info.base.argsz;
1225 if (outsz < minsz)
1226 return -EINVAL;
1227 if (outsz > sizeof(info))
1228 return -EINVAL;
1229
1230 ret = mbochs_get_region_info(mdev_state, ext: &info);
1231 if (ret)
1232 return ret;
1233
1234 if (copy_to_user(to: (void __user *)arg, from: &info, n: outsz))
1235 return -EFAULT;
1236
1237 return 0;
1238 }
1239
1240 case VFIO_DEVICE_GET_IRQ_INFO:
1241 {
1242 struct vfio_irq_info info;
1243
1244 minsz = offsetofend(struct vfio_irq_info, count);
1245
1246 if (copy_from_user(to: &info, from: (void __user *)arg, n: minsz))
1247 return -EFAULT;
1248
1249 if ((info.argsz < minsz) ||
1250 (info.index >= VFIO_PCI_NUM_IRQS))
1251 return -EINVAL;
1252
1253 ret = mbochs_get_irq_info(irq_info: &info);
1254 if (ret)
1255 return ret;
1256
1257 if (copy_to_user(to: (void __user *)arg, from: &info, n: minsz))
1258 return -EFAULT;
1259
1260 return 0;
1261 }
1262
1263 case VFIO_DEVICE_QUERY_GFX_PLANE:
1264 {
1265 struct vfio_device_gfx_plane_info plane = {};
1266
1267 minsz = offsetofend(struct vfio_device_gfx_plane_info,
1268 region_index);
1269
1270 if (copy_from_user(to: &plane, from: (void __user *)arg, n: minsz))
1271 return -EFAULT;
1272
1273 if (plane.argsz < minsz)
1274 return -EINVAL;
1275
1276 ret = mbochs_query_gfx_plane(mdev_state, plane: &plane);
1277 if (ret)
1278 return ret;
1279
1280 if (copy_to_user(to: (void __user *)arg, from: &plane, n: minsz))
1281 return -EFAULT;
1282
1283 return 0;
1284 }
1285
1286 case VFIO_DEVICE_GET_GFX_DMABUF:
1287 {
1288 u32 dmabuf_id;
1289
1290 if (get_user(dmabuf_id, (__u32 __user *)arg))
1291 return -EFAULT;
1292
1293 return mbochs_get_gfx_dmabuf(mdev_state, id: dmabuf_id);
1294 }
1295
1296 case VFIO_DEVICE_SET_IRQS:
1297 return -EINVAL;
1298
1299 case VFIO_DEVICE_RESET:
1300 return mbochs_reset(mdev_state);
1301 }
1302 return -ENOTTY;
1303}
1304
1305static void mbochs_close_device(struct vfio_device *vdev)
1306{
1307 struct mdev_state *mdev_state =
1308 container_of(vdev, struct mdev_state, vdev);
1309 struct mbochs_dmabuf *dmabuf, *tmp;
1310
1311 mutex_lock(&mdev_state->ops_lock);
1312
1313 list_for_each_entry_safe(dmabuf, tmp, &mdev_state->dmabufs, next) {
1314 list_del(entry: &dmabuf->next);
1315 if (dmabuf->buf) {
1316 /* free in mbochs_release_dmabuf() */
1317 dmabuf->unlinked = true;
1318 } else {
1319 kfree(objp: dmabuf);
1320 }
1321 }
1322 mbochs_put_pages(mdev_state);
1323
1324 mutex_unlock(lock: &mdev_state->ops_lock);
1325}
1326
1327static ssize_t
1328memory_show(struct device *dev, struct device_attribute *attr,
1329 char *buf)
1330{
1331 struct mdev_state *mdev_state = dev_get_drvdata(dev);
1332
1333 return sprintf(buf, fmt: "%d MB\n", mdev_state->type->mbytes);
1334}
1335static DEVICE_ATTR_RO(memory);
1336
1337static struct attribute *mdev_dev_attrs[] = {
1338 &dev_attr_memory.attr,
1339 NULL,
1340};
1341
1342static const struct attribute_group mdev_dev_group = {
1343 .name = "vendor",
1344 .attrs = mdev_dev_attrs,
1345};
1346
1347static const struct attribute_group *mdev_dev_groups[] = {
1348 &mdev_dev_group,
1349 NULL,
1350};
1351
1352static ssize_t mbochs_show_description(struct mdev_type *mtype, char *buf)
1353{
1354 struct mbochs_type *type =
1355 container_of(mtype, struct mbochs_type, type);
1356
1357 return sprintf(buf, fmt: "virtual display, %d MB video memory\n",
1358 type ? type->mbytes : 0);
1359}
1360
1361static unsigned int mbochs_get_available(struct mdev_type *mtype)
1362{
1363 struct mbochs_type *type =
1364 container_of(mtype, struct mbochs_type, type);
1365
1366 return atomic_read(v: &mbochs_avail_mbytes) / type->mbytes;
1367}
1368
1369static const struct vfio_device_ops mbochs_dev_ops = {
1370 .close_device = mbochs_close_device,
1371 .init = mbochs_init_dev,
1372 .release = mbochs_release_dev,
1373 .read = mbochs_read,
1374 .write = mbochs_write,
1375 .ioctl = mbochs_ioctl,
1376 .mmap = mbochs_mmap,
1377 .bind_iommufd = vfio_iommufd_emulated_bind,
1378 .unbind_iommufd = vfio_iommufd_emulated_unbind,
1379 .attach_ioas = vfio_iommufd_emulated_attach_ioas,
1380 .detach_ioas = vfio_iommufd_emulated_detach_ioas,
1381};
1382
1383static struct mdev_driver mbochs_driver = {
1384 .device_api = VFIO_DEVICE_API_PCI_STRING,
1385 .driver = {
1386 .name = "mbochs",
1387 .owner = THIS_MODULE,
1388 .mod_name = KBUILD_MODNAME,
1389 .dev_groups = mdev_dev_groups,
1390 },
1391 .probe = mbochs_probe,
1392 .remove = mbochs_remove,
1393 .get_available = mbochs_get_available,
1394 .show_description = mbochs_show_description,
1395};
1396
1397static const struct file_operations vd_fops = {
1398 .owner = THIS_MODULE,
1399};
1400
1401static void mbochs_device_release(struct device *dev)
1402{
1403 /* nothing */
1404}
1405
1406static int __init mbochs_dev_init(void)
1407{
1408 int ret = 0;
1409
1410 atomic_set(v: &mbochs_avail_mbytes, i: max_mbytes);
1411
1412 ret = alloc_chrdev_region(&mbochs_devt, 0, MINORMASK + 1, MBOCHS_NAME);
1413 if (ret < 0) {
1414 pr_err("Error: failed to register mbochs_dev, err: %d\n", ret);
1415 return ret;
1416 }
1417 cdev_init(&mbochs_cdev, &vd_fops);
1418 cdev_add(&mbochs_cdev, mbochs_devt, MINORMASK + 1);
1419 pr_info("%s: major %d\n", __func__, MAJOR(mbochs_devt));
1420
1421 ret = mdev_register_driver(drv: &mbochs_driver);
1422 if (ret)
1423 goto err_cdev;
1424
1425 mbochs_class = class_create(MBOCHS_CLASS_NAME);
1426 if (IS_ERR(ptr: mbochs_class)) {
1427 pr_err("Error: failed to register mbochs_dev class\n");
1428 ret = PTR_ERR(ptr: mbochs_class);
1429 goto err_driver;
1430 }
1431 mbochs_dev.class = mbochs_class;
1432 mbochs_dev.release = mbochs_device_release;
1433 dev_set_name(dev: &mbochs_dev, name: "%s", MBOCHS_NAME);
1434
1435 ret = device_register(dev: &mbochs_dev);
1436 if (ret)
1437 goto err_put;
1438
1439 ret = mdev_register_parent(parent: &mbochs_parent, dev: &mbochs_dev, mdev_driver: &mbochs_driver,
1440 types: mbochs_mdev_types,
1441 ARRAY_SIZE(mbochs_mdev_types));
1442 if (ret)
1443 goto err_device;
1444
1445 return 0;
1446
1447err_device:
1448 device_del(dev: &mbochs_dev);
1449err_put:
1450 put_device(dev: &mbochs_dev);
1451 class_destroy(cls: mbochs_class);
1452err_driver:
1453 mdev_unregister_driver(drv: &mbochs_driver);
1454err_cdev:
1455 cdev_del(&mbochs_cdev);
1456 unregister_chrdev_region(mbochs_devt, MINORMASK + 1);
1457 return ret;
1458}
1459
1460static void __exit mbochs_dev_exit(void)
1461{
1462 mbochs_dev.bus = NULL;
1463 mdev_unregister_parent(parent: &mbochs_parent);
1464
1465 device_unregister(dev: &mbochs_dev);
1466 mdev_unregister_driver(drv: &mbochs_driver);
1467 cdev_del(&mbochs_cdev);
1468 unregister_chrdev_region(mbochs_devt, MINORMASK + 1);
1469 class_destroy(cls: mbochs_class);
1470 mbochs_class = NULL;
1471}
1472
1473MODULE_IMPORT_NS(DMA_BUF);
1474module_init(mbochs_dev_init)
1475module_exit(mbochs_dev_exit)
1476

source code of linux/samples/vfio-mdev/mbochs.c