1/* 2 * Copyright (c) 2016 Intel Corporation 3 * 4 * Permission to use, copy, modify, distribute, and sell this software and its 5 * documentation for any purpose is hereby granted without fee, provided that 6 * the above copyright notice appear in all copies and that both that copyright 7 * notice and this permission notice appear in supporting documentation, and 8 * that the name of the copyright holders not be used in advertising or 9 * publicity pertaining to distribution of the software without specific, 10 * written prior permission. The copyright holders make no representations 11 * about the suitability of this software for any purpose. It is provided "as 12 * is" without express or implied warranty. 13 * 14 * THE COPYRIGHT HOLDERS DISCLAIM ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, 15 * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO 16 * EVENT SHALL THE COPYRIGHT HOLDERS BE LIABLE FOR ANY SPECIAL, INDIRECT OR 17 * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, 18 * DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER 19 * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE 20 * OF THIS SOFTWARE. 21 */ 22 23#include <linux/export.h> 24#include <linux/uaccess.h> 25 26#include <drm/drm_crtc.h> 27#include <drm/drm_drv.h> 28#include <drm/drm_file.h> 29#include <drm/drm_framebuffer.h> 30#include <drm/drm_print.h> 31#include <drm/drm_property.h> 32 33#include "drm_crtc_internal.h" 34 35/** 36 * DOC: overview 37 * 38 * Properties as represented by &drm_property are used to extend the modeset 39 * interface exposed to userspace. For the atomic modeset IOCTL properties are 40 * even the only way to transport metadata about the desired new modeset 41 * configuration from userspace to the kernel. Properties have a well-defined 42 * value range, which is enforced by the drm core. See the documentation of the 43 * flags member of &struct drm_property for an overview of the different 44 * property types and ranges. 45 * 46 * Properties don't store the current value directly, but need to be 47 * instantiated by attaching them to a &drm_mode_object with 48 * drm_object_attach_property(). 49 * 50 * Property values are only 64bit. To support bigger piles of data (like gamma 51 * tables, color correction matrices or large structures) a property can instead 52 * point at a &drm_property_blob with that additional data. 53 * 54 * Properties are defined by their symbolic name, userspace must keep a 55 * per-object mapping from those names to the property ID used in the atomic 56 * IOCTL and in the get/set property IOCTL. 57 */ 58 59static bool drm_property_flags_valid(u32 flags) 60{ 61 u32 legacy_type = flags & DRM_MODE_PROP_LEGACY_TYPE; 62 u32 ext_type = flags & DRM_MODE_PROP_EXTENDED_TYPE; 63 64 /* Reject undefined/deprecated flags */ 65 if (flags & ~(DRM_MODE_PROP_LEGACY_TYPE | 66 DRM_MODE_PROP_EXTENDED_TYPE | 67 DRM_MODE_PROP_IMMUTABLE | 68 DRM_MODE_PROP_ATOMIC)) 69 return false; 70 71 /* We want either a legacy type or an extended type, but not both */ 72 if (!legacy_type == !ext_type) 73 return false; 74 75 /* Only one legacy type at a time please */ 76 if (legacy_type && !is_power_of_2(legacy_type)) 77 return false; 78 79 return true; 80} 81 82/** 83 * drm_property_create - create a new property type 84 * @dev: drm device 85 * @flags: flags specifying the property type 86 * @name: name of the property 87 * @num_values: number of pre-defined values 88 * 89 * This creates a new generic drm property which can then be attached to a drm 90 * object with drm_object_attach_property(). The returned property object must 91 * be freed with drm_property_destroy(), which is done automatically when 92 * calling drm_mode_config_cleanup(). 93 * 94 * Returns: 95 * A pointer to the newly created property on success, NULL on failure. 96 */ 97struct drm_property *drm_property_create(struct drm_device *dev, 98 u32 flags, const char *name, 99 int num_values) 100{ 101 struct drm_property *property = NULL; 102 int ret; 103 104 if (WARN_ON(!drm_property_flags_valid(flags))) 105 return NULL; 106 107 if (WARN_ON(strlen(name) >= DRM_PROP_NAME_LEN)) 108 return NULL; 109 110 property = kzalloc(sizeof(struct drm_property), GFP_KERNEL); 111 if (!property) 112 return NULL; 113 114 property->dev = dev; 115 116 if (num_values) { 117 property->values = kcalloc(num_values, sizeof(uint64_t), 118 GFP_KERNEL); 119 if (!property->values) 120 goto fail; 121 } 122 123 ret = drm_mode_object_add(dev, &property->base, DRM_MODE_OBJECT_PROPERTY); 124 if (ret) 125 goto fail; 126 127 property->flags = flags; 128 property->num_values = num_values; 129 INIT_LIST_HEAD(&property->enum_list); 130 131 strscpy_pad(property->name, name, DRM_PROP_NAME_LEN); 132 133 list_add_tail(&property->head, &dev->mode_config.property_list); 134 135 return property; 136fail: 137 kfree(property->values); 138 kfree(property); 139 return NULL; 140} 141EXPORT_SYMBOL(drm_property_create); 142 143/** 144 * drm_property_create_enum - create a new enumeration property type 145 * @dev: drm device 146 * @flags: flags specifying the property type 147 * @name: name of the property 148 * @props: enumeration lists with property values 149 * @num_values: number of pre-defined values 150 * 151 * This creates a new generic drm property which can then be attached to a drm 152 * object with drm_object_attach_property(). The returned property object must 153 * be freed with drm_property_destroy(), which is done automatically when 154 * calling drm_mode_config_cleanup(). 155 * 156 * Userspace is only allowed to set one of the predefined values for enumeration 157 * properties. 158 * 159 * Returns: 160 * A pointer to the newly created property on success, NULL on failure. 161 */ 162struct drm_property *drm_property_create_enum(struct drm_device *dev, 163 u32 flags, const char *name, 164 const struct drm_prop_enum_list *props, 165 int num_values) 166{ 167 struct drm_property *property; 168 int i, ret; 169 170 flags |= DRM_MODE_PROP_ENUM; 171 172 property = drm_property_create(dev, flags, name, num_values); 173 if (!property) 174 return NULL; 175 176 for (i = 0; i < num_values; i++) { 177 ret = drm_property_add_enum(property, 178 props[i].type, 179 props[i].name); 180 if (ret) { 181 drm_property_destroy(dev, property); 182 return NULL; 183 } 184 } 185 186 return property; 187} 188EXPORT_SYMBOL(drm_property_create_enum); 189 190/** 191 * drm_property_create_bitmask - create a new bitmask property type 192 * @dev: drm device 193 * @flags: flags specifying the property type 194 * @name: name of the property 195 * @props: enumeration lists with property bitflags 196 * @num_props: size of the @props array 197 * @supported_bits: bitmask of all supported enumeration values 198 * 199 * This creates a new bitmask drm property which can then be attached to a drm 200 * object with drm_object_attach_property(). The returned property object must 201 * be freed with drm_property_destroy(), which is done automatically when 202 * calling drm_mode_config_cleanup(). 203 * 204 * Compared to plain enumeration properties userspace is allowed to set any 205 * or'ed together combination of the predefined property bitflag values 206 * 207 * Returns: 208 * A pointer to the newly created property on success, NULL on failure. 209 */ 210struct drm_property *drm_property_create_bitmask(struct drm_device *dev, 211 u32 flags, const char *name, 212 const struct drm_prop_enum_list *props, 213 int num_props, 214 uint64_t supported_bits) 215{ 216 struct drm_property *property; 217 int i, ret; 218 int num_values = hweight64(supported_bits); 219 220 flags |= DRM_MODE_PROP_BITMASK; 221 222 property = drm_property_create(dev, flags, name, num_values); 223 if (!property) 224 return NULL; 225 for (i = 0; i < num_props; i++) { 226 if (!(supported_bits & (1ULL << props[i].type))) 227 continue; 228 229 ret = drm_property_add_enum(property, 230 props[i].type, 231 props[i].name); 232 if (ret) { 233 drm_property_destroy(dev, property); 234 return NULL; 235 } 236 } 237 238 return property; 239} 240EXPORT_SYMBOL(drm_property_create_bitmask); 241 242static struct drm_property *property_create_range(struct drm_device *dev, 243 u32 flags, const char *name, 244 uint64_t min, uint64_t max) 245{ 246 struct drm_property *property; 247 248 property = drm_property_create(dev, flags, name, 2); 249 if (!property) 250 return NULL; 251 252 property->values[0] = min; 253 property->values[1] = max; 254 255 return property; 256} 257 258/** 259 * drm_property_create_range - create a new unsigned ranged property type 260 * @dev: drm device 261 * @flags: flags specifying the property type 262 * @name: name of the property 263 * @min: minimum value of the property 264 * @max: maximum value of the property 265 * 266 * This creates a new generic drm property which can then be attached to a drm 267 * object with drm_object_attach_property(). The returned property object must 268 * be freed with drm_property_destroy(), which is done automatically when 269 * calling drm_mode_config_cleanup(). 270 * 271 * Userspace is allowed to set any unsigned integer value in the (min, max) 272 * range inclusive. 273 * 274 * Returns: 275 * A pointer to the newly created property on success, NULL on failure. 276 */ 277struct drm_property *drm_property_create_range(struct drm_device *dev, 278 u32 flags, const char *name, 279 uint64_t min, uint64_t max) 280{ 281 return property_create_range(dev, DRM_MODE_PROP_RANGE | flags, 282 name, min, max); 283} 284EXPORT_SYMBOL(drm_property_create_range); 285 286/** 287 * drm_property_create_signed_range - create a new signed ranged property type 288 * @dev: drm device 289 * @flags: flags specifying the property type 290 * @name: name of the property 291 * @min: minimum value of the property 292 * @max: maximum value of the property 293 * 294 * This creates a new generic drm property which can then be attached to a drm 295 * object with drm_object_attach_property(). The returned property object must 296 * be freed with drm_property_destroy(), which is done automatically when 297 * calling drm_mode_config_cleanup(). 298 * 299 * Userspace is allowed to set any signed integer value in the (min, max) 300 * range inclusive. 301 * 302 * Returns: 303 * A pointer to the newly created property on success, NULL on failure. 304 */ 305struct drm_property *drm_property_create_signed_range(struct drm_device *dev, 306 u32 flags, const char *name, 307 int64_t min, int64_t max) 308{ 309 return property_create_range(dev, DRM_MODE_PROP_SIGNED_RANGE | flags, 310 name, I642U64(min), I642U64(max)); 311} 312EXPORT_SYMBOL(drm_property_create_signed_range); 313 314/** 315 * drm_property_create_object - create a new object property type 316 * @dev: drm device 317 * @flags: flags specifying the property type 318 * @name: name of the property 319 * @type: object type from DRM_MODE_OBJECT_* defines 320 * 321 * This creates a new generic drm property which can then be attached to a drm 322 * object with drm_object_attach_property(). The returned property object must 323 * be freed with drm_property_destroy(), which is done automatically when 324 * calling drm_mode_config_cleanup(). 325 * 326 * Userspace is only allowed to set this to any property value of the given 327 * @type. Only useful for atomic properties, which is enforced. 328 * 329 * Returns: 330 * A pointer to the newly created property on success, NULL on failure. 331 */ 332struct drm_property *drm_property_create_object(struct drm_device *dev, 333 u32 flags, const char *name, 334 uint32_t type) 335{ 336 struct drm_property *property; 337 338 flags |= DRM_MODE_PROP_OBJECT; 339 340 if (WARN_ON(!(flags & DRM_MODE_PROP_ATOMIC))) 341 return NULL; 342 343 property = drm_property_create(dev, flags, name, 1); 344 if (!property) 345 return NULL; 346 347 property->values[0] = type; 348 349 return property; 350} 351EXPORT_SYMBOL(drm_property_create_object); 352 353/** 354 * drm_property_create_bool - create a new boolean property type 355 * @dev: drm device 356 * @flags: flags specifying the property type 357 * @name: name of the property 358 * 359 * This creates a new generic drm property which can then be attached to a drm 360 * object with drm_object_attach_property(). The returned property object must 361 * be freed with drm_property_destroy(), which is done automatically when 362 * calling drm_mode_config_cleanup(). 363 * 364 * This is implemented as a ranged property with only {0, 1} as valid values. 365 * 366 * Returns: 367 * A pointer to the newly created property on success, NULL on failure. 368 */ 369struct drm_property *drm_property_create_bool(struct drm_device *dev, 370 u32 flags, const char *name) 371{ 372 return drm_property_create_range(dev, flags, name, 0, 1); 373} 374EXPORT_SYMBOL(drm_property_create_bool); 375 376/** 377 * drm_property_add_enum - add a possible value to an enumeration property 378 * @property: enumeration property to change 379 * @value: value of the new enumeration 380 * @name: symbolic name of the new enumeration 381 * 382 * This functions adds enumerations to a property. 383 * 384 * It's use is deprecated, drivers should use one of the more specific helpers 385 * to directly create the property with all enumerations already attached. 386 * 387 * Returns: 388 * Zero on success, error code on failure. 389 */ 390int drm_property_add_enum(struct drm_property *property, 391 uint64_t value, const char *name) 392{ 393 struct drm_property_enum *prop_enum; 394 int index = 0; 395 396 if (WARN_ON(strlen(name) >= DRM_PROP_NAME_LEN)) 397 return -EINVAL; 398 399 if (WARN_ON(!drm_property_type_is(property, DRM_MODE_PROP_ENUM) && 400 !drm_property_type_is(property, DRM_MODE_PROP_BITMASK))) 401 return -EINVAL; 402 403 /* 404 * Bitmask enum properties have the additional constraint of values 405 * from 0 to 63 406 */ 407 if (WARN_ON(drm_property_type_is(property, DRM_MODE_PROP_BITMASK) && 408 value > 63)) 409 return -EINVAL; 410 411 list_for_each_entry(prop_enum, &property->enum_list, head) { 412 if (WARN_ON(prop_enum->value == value)) 413 return -EINVAL; 414 index++; 415 } 416 417 if (WARN_ON(index >= property->num_values)) 418 return -EINVAL; 419 420 prop_enum = kzalloc(sizeof(struct drm_property_enum), GFP_KERNEL); 421 if (!prop_enum) 422 return -ENOMEM; 423 424 strscpy_pad(prop_enum->name, name, DRM_PROP_NAME_LEN); 425 prop_enum->value = value; 426 427 property->values[index] = value; 428 list_add_tail(&prop_enum->head, &property->enum_list); 429 return 0; 430} 431EXPORT_SYMBOL(drm_property_add_enum); 432 433/** 434 * drm_property_destroy - destroy a drm property 435 * @dev: drm device 436 * @property: property to destroy 437 * 438 * This function frees a property including any attached resources like 439 * enumeration values. 440 */ 441void drm_property_destroy(struct drm_device *dev, struct drm_property *property) 442{ 443 struct drm_property_enum *prop_enum, *pt; 444 445 list_for_each_entry_safe(prop_enum, pt, &property->enum_list, head) { 446 list_del(&prop_enum->head); 447 kfree(prop_enum); 448 } 449 450 if (property->num_values) 451 kfree(property->values); 452 drm_mode_object_unregister(dev, &property->base); 453 list_del(&property->head); 454 kfree(property); 455} 456EXPORT_SYMBOL(drm_property_destroy); 457 458int drm_mode_getproperty_ioctl(struct drm_device *dev, 459 void *data, struct drm_file *file_priv) 460{ 461 struct drm_mode_get_property *out_resp = data; 462 struct drm_property *property; 463 int enum_count = 0; 464 int value_count = 0; 465 int i, copied; 466 struct drm_property_enum *prop_enum; 467 struct drm_mode_property_enum __user *enum_ptr; 468 uint64_t __user *values_ptr; 469 470 if (!drm_core_check_feature(dev, DRIVER_MODESET)) 471 return -EOPNOTSUPP; 472 473 property = drm_property_find(dev, file_priv, out_resp->prop_id); 474 if (!property) 475 return -ENOENT; 476 477 strscpy_pad(out_resp->name, property->name, DRM_PROP_NAME_LEN); 478 out_resp->flags = property->flags; 479 480 value_count = property->num_values; 481 values_ptr = u64_to_user_ptr(out_resp->values_ptr); 482 483 for (i = 0; i < value_count; i++) { 484 if (i < out_resp->count_values && 485 put_user(property->values[i], values_ptr + i)) { 486 return -EFAULT; 487 } 488 } 489 out_resp->count_values = value_count; 490 491 copied = 0; 492 enum_ptr = u64_to_user_ptr(out_resp->enum_blob_ptr); 493 494 if (drm_property_type_is(property, DRM_MODE_PROP_ENUM) || 495 drm_property_type_is(property, DRM_MODE_PROP_BITMASK)) { 496 list_for_each_entry(prop_enum, &property->enum_list, head) { 497 enum_count++; 498 if (out_resp->count_enum_blobs < enum_count) 499 continue; 500 501 if (copy_to_user(&enum_ptr[copied].value, 502 &prop_enum->value, sizeof(uint64_t))) 503 return -EFAULT; 504 505 if (copy_to_user(&enum_ptr[copied].name, 506 &prop_enum->name, DRM_PROP_NAME_LEN)) 507 return -EFAULT; 508 copied++; 509 } 510 out_resp->count_enum_blobs = enum_count; 511 } 512 513 /* 514 * NOTE: The idea seems to have been to use this to read all the blob 515 * property values. But nothing ever added them to the corresponding 516 * list, userspace always used the special-purpose get_blob ioctl to 517 * read the value for a blob property. It also doesn't make a lot of 518 * sense to return values here when everything else is just metadata for 519 * the property itself. 520 */ 521 if (drm_property_type_is(property, DRM_MODE_PROP_BLOB)) 522 out_resp->count_enum_blobs = 0; 523 524 return 0; 525} 526 527static void drm_property_free_blob(struct kref *kref) 528{ 529 struct drm_property_blob *blob = 530 container_of(kref, struct drm_property_blob, base.refcount); 531 532 mutex_lock(&blob->dev->mode_config.blob_lock); 533 list_del(&blob->head_global); 534 mutex_unlock(&blob->dev->mode_config.blob_lock); 535 536 drm_mode_object_unregister(blob->dev, &blob->base); 537 538 kvfree(blob); 539} 540 541/** 542 * drm_property_create_blob - Create new blob property 543 * @dev: DRM device to create property for 544 * @length: Length to allocate for blob data 545 * @data: If specified, copies data into blob 546 * 547 * Creates a new blob property for a specified DRM device, optionally 548 * copying data. Note that blob properties are meant to be invariant, hence the 549 * data must be filled out before the blob is used as the value of any property. 550 * 551 * Returns: 552 * New blob property with a single reference on success, or an ERR_PTR 553 * value on failure. 554 */ 555struct drm_property_blob * 556drm_property_create_blob(struct drm_device *dev, size_t length, 557 const void *data) 558{ 559 struct drm_property_blob *blob; 560 int ret; 561 562 if (!length || length > INT_MAX - sizeof(struct drm_property_blob)) 563 return ERR_PTR(-EINVAL); 564 565 blob = kvzalloc(sizeof(struct drm_property_blob)+length, GFP_KERNEL); 566 if (!blob) 567 return ERR_PTR(-ENOMEM); 568 569 /* This must be explicitly initialised, so we can safely call list_del 570 * on it in the removal handler, even if it isn't in a file list. */ 571 INIT_LIST_HEAD(&blob->head_file); 572 blob->data = (void *)blob + sizeof(*blob); 573 blob->length = length; 574 blob->dev = dev; 575 576 if (data) 577 memcpy(blob->data, data, length); 578 579 ret = __drm_mode_object_add(dev, &blob->base, DRM_MODE_OBJECT_BLOB, 580 true, drm_property_free_blob); 581 if (ret) { 582 kvfree(blob); 583 return ERR_PTR(-EINVAL); 584 } 585 586 mutex_lock(&dev->mode_config.blob_lock); 587 list_add_tail(&blob->head_global, 588 &dev->mode_config.property_blob_list); 589 mutex_unlock(&dev->mode_config.blob_lock); 590 591 return blob; 592} 593EXPORT_SYMBOL(drm_property_create_blob); 594 595/** 596 * drm_property_blob_put - release a blob property reference 597 * @blob: DRM blob property 598 * 599 * Releases a reference to a blob property. May free the object. 600 */ 601void drm_property_blob_put(struct drm_property_blob *blob) 602{ 603 if (!blob) 604 return; 605 606 drm_mode_object_put(&blob->base); 607} 608EXPORT_SYMBOL(drm_property_blob_put); 609 610void drm_property_destroy_user_blobs(struct drm_device *dev, 611 struct drm_file *file_priv) 612{ 613 struct drm_property_blob *blob, *bt; 614 615 /* 616 * When the file gets released that means no one else can access the 617 * blob list any more, so no need to grab dev->blob_lock. 618 */ 619 list_for_each_entry_safe(blob, bt, &file_priv->blobs, head_file) { 620 list_del_init(&blob->head_file); 621 drm_property_blob_put(blob); 622 } 623} 624 625/** 626 * drm_property_blob_get - acquire blob property reference 627 * @blob: DRM blob property 628 * 629 * Acquires a reference to an existing blob property. Returns @blob, which 630 * allows this to be used as a shorthand in assignments. 631 */ 632struct drm_property_blob *drm_property_blob_get(struct drm_property_blob *blob) 633{ 634 drm_mode_object_get(&blob->base); 635 return blob; 636} 637EXPORT_SYMBOL(drm_property_blob_get); 638 639/** 640 * drm_property_lookup_blob - look up a blob property and take a reference 641 * @dev: drm device 642 * @id: id of the blob property 643 * 644 * If successful, this takes an additional reference to the blob property. 645 * callers need to make sure to eventually unreferenced the returned property 646 * again, using drm_property_blob_put(). 647 * 648 * Return: 649 * NULL on failure, pointer to the blob on success. 650 */ 651struct drm_property_blob *drm_property_lookup_blob(struct drm_device *dev, 652 uint32_t id) 653{ 654 struct drm_mode_object *obj; 655 struct drm_property_blob *blob = NULL; 656 657 obj = __drm_mode_object_find(dev, NULL, id, DRM_MODE_OBJECT_BLOB); 658 if (obj) 659 blob = obj_to_blob(obj); 660 return blob; 661} 662EXPORT_SYMBOL(drm_property_lookup_blob); 663 664/** 665 * drm_property_replace_global_blob - replace existing blob property 666 * @dev: drm device 667 * @replace: location of blob property pointer to be replaced 668 * @length: length of data for new blob, or 0 for no data 669 * @data: content for new blob, or NULL for no data 670 * @obj_holds_id: optional object for property holding blob ID 671 * @prop_holds_id: optional property holding blob ID 672 * @return 0 on success or error on failure 673 * 674 * This function will replace a global property in the blob list, optionally 675 * updating a property which holds the ID of that property. 676 * 677 * If length is 0 or data is NULL, no new blob will be created, and the holding 678 * property, if specified, will be set to 0. 679 * 680 * Access to the replace pointer is assumed to be protected by the caller, e.g. 681 * by holding the relevant modesetting object lock for its parent. 682 * 683 * For example, a drm_connector has a 'PATH' property, which contains the ID 684 * of a blob property with the value of the MST path information. Calling this 685 * function with replace pointing to the connector's path_blob_ptr, length and 686 * data set for the new path information, obj_holds_id set to the connector's 687 * base object, and prop_holds_id set to the path property name, will perform 688 * a completely atomic update. The access to path_blob_ptr is protected by the 689 * caller holding a lock on the connector. 690 */ 691int drm_property_replace_global_blob(struct drm_device *dev, 692 struct drm_property_blob **replace, 693 size_t length, 694 const void *data, 695 struct drm_mode_object *obj_holds_id, 696 struct drm_property *prop_holds_id) 697{ 698 struct drm_property_blob *new_blob = NULL; 699 struct drm_property_blob *old_blob = NULL; 700 int ret; 701 702 WARN_ON(replace == NULL); 703 704 old_blob = *replace; 705 706 if (length && data) { 707 new_blob = drm_property_create_blob(dev, length, data); 708 if (IS_ERR(new_blob)) 709 return PTR_ERR(new_blob); 710 } 711 712 if (obj_holds_id) { 713 ret = drm_object_property_set_value(obj_holds_id, 714 prop_holds_id, 715 new_blob ? 716 new_blob->base.id : 0); 717 if (ret != 0) 718 goto err_created; 719 } 720 721 drm_property_blob_put(old_blob); 722 *replace = new_blob; 723 724 return 0; 725 726err_created: 727 drm_property_blob_put(new_blob); 728 return ret; 729} 730EXPORT_SYMBOL(drm_property_replace_global_blob); 731 732/** 733 * drm_property_replace_blob - replace a blob property 734 * @blob: a pointer to the member blob to be replaced 735 * @new_blob: the new blob to replace with 736 * 737 * Return: true if the blob was in fact replaced. 738 */ 739bool drm_property_replace_blob(struct drm_property_blob **blob, 740 struct drm_property_blob *new_blob) 741{ 742 struct drm_property_blob *old_blob = *blob; 743 744 if (old_blob == new_blob) 745 return false; 746 747 drm_property_blob_put(old_blob); 748 if (new_blob) 749 drm_property_blob_get(new_blob); 750 *blob = new_blob; 751 return true; 752} 753EXPORT_SYMBOL(drm_property_replace_blob); 754 755/** 756 * drm_property_replace_blob_from_id - replace a blob property taking a reference 757 * @dev: DRM device 758 * @blob: a pointer to the member blob to be replaced 759 * @blob_id: the id of the new blob to replace with 760 * @expected_size: expected size of the blob property 761 * @expected_elem_size: expected size of an element in the blob property 762 * @replaced: if the blob was in fact replaced 763 * 764 * Look up the new blob from id, take its reference, check expected sizes of 765 * the blob and its element and replace the old blob by the new one. Advertise 766 * if the replacement operation was successful. 767 * 768 * Return: true if the blob was in fact replaced. -EINVAL if the new blob was 769 * not found or sizes don't match. 770 */ 771int drm_property_replace_blob_from_id(struct drm_device *dev, 772 struct drm_property_blob **blob, 773 uint64_t blob_id, 774 ssize_t expected_size, 775 ssize_t expected_elem_size, 776 bool *replaced) 777{ 778 struct drm_property_blob *new_blob = NULL; 779 780 if (blob_id != 0) { 781 new_blob = drm_property_lookup_blob(dev, blob_id); 782 if (new_blob == NULL) { 783 drm_dbg_atomic(dev, 784 "cannot find blob ID %llu\n", blob_id); 785 return -EINVAL; 786 } 787 788 if (expected_size > 0 && 789 new_blob->length != expected_size) { 790 drm_dbg_atomic(dev, 791 "[BLOB:%d] length %zu different from expected %zu\n", 792 new_blob->base.id, new_blob->length, expected_size); 793 drm_property_blob_put(new_blob); 794 return -EINVAL; 795 } 796 if (expected_elem_size > 0 && 797 new_blob->length % expected_elem_size != 0) { 798 drm_dbg_atomic(dev, 799 "[BLOB:%d] length %zu not divisible by element size %zu\n", 800 new_blob->base.id, new_blob->length, expected_elem_size); 801 drm_property_blob_put(new_blob); 802 return -EINVAL; 803 } 804 } 805 806 *replaced |= drm_property_replace_blob(blob, new_blob); 807 drm_property_blob_put(new_blob); 808 809 return 0; 810} 811EXPORT_SYMBOL(drm_property_replace_blob_from_id); 812 813int drm_mode_getblob_ioctl(struct drm_device *dev, 814 void *data, struct drm_file *file_priv) 815{ 816 struct drm_mode_get_blob *out_resp = data; 817 struct drm_property_blob *blob; 818 int ret = 0; 819 820 if (!drm_core_check_feature(dev, DRIVER_MODESET)) 821 return -EOPNOTSUPP; 822 823 blob = drm_property_lookup_blob(dev, out_resp->blob_id); 824 if (!blob) 825 return -ENOENT; 826 827 if (out_resp->length == blob->length) { 828 if (copy_to_user(u64_to_user_ptr(out_resp->data), 829 blob->data, 830 blob->length)) { 831 ret = -EFAULT; 832 goto unref; 833 } 834 } 835 out_resp->length = blob->length; 836unref: 837 drm_property_blob_put(blob); 838 839 return ret; 840} 841 842int drm_mode_createblob_ioctl(struct drm_device *dev, 843 void *data, struct drm_file *file_priv) 844{ 845 struct drm_mode_create_blob *out_resp = data; 846 struct drm_property_blob *blob; 847 int ret = 0; 848 849 if (!drm_core_check_feature(dev, DRIVER_MODESET)) 850 return -EOPNOTSUPP; 851 852 blob = drm_property_create_blob(dev, out_resp->length, NULL); 853 if (IS_ERR(blob)) 854 return PTR_ERR(blob); 855 856 if (copy_from_user(blob->data, 857 u64_to_user_ptr(out_resp->data), 858 out_resp->length)) { 859 ret = -EFAULT; 860 goto out_blob; 861 } 862 863 /* Dropping the lock between create_blob and our access here is safe 864 * as only the same file_priv can remove the blob; at this point, it is 865 * not associated with any file_priv. */ 866 mutex_lock(&dev->mode_config.blob_lock); 867 out_resp->blob_id = blob->base.id; 868 list_add_tail(&blob->head_file, &file_priv->blobs); 869 mutex_unlock(&dev->mode_config.blob_lock); 870 871 return 0; 872 873out_blob: 874 drm_property_blob_put(blob); 875 return ret; 876} 877 878int drm_mode_destroyblob_ioctl(struct drm_device *dev, 879 void *data, struct drm_file *file_priv) 880{ 881 struct drm_mode_destroy_blob *out_resp = data; 882 struct drm_property_blob *blob = NULL, *bt; 883 bool found = false; 884 int ret = 0; 885 886 if (!drm_core_check_feature(dev, DRIVER_MODESET)) 887 return -EOPNOTSUPP; 888 889 blob = drm_property_lookup_blob(dev, out_resp->blob_id); 890 if (!blob) 891 return -ENOENT; 892 893 mutex_lock(&dev->mode_config.blob_lock); 894 /* Ensure the property was actually created by this user. */ 895 list_for_each_entry(bt, &file_priv->blobs, head_file) { 896 if (bt == blob) { 897 found = true; 898 break; 899 } 900 } 901 902 if (!found) { 903 ret = -EPERM; 904 goto err; 905 } 906 907 /* We must drop head_file here, because we may not be the last 908 * reference on the blob. */ 909 list_del_init(&blob->head_file); 910 mutex_unlock(&dev->mode_config.blob_lock); 911 912 /* One reference from lookup, and one from the filp. */ 913 drm_property_blob_put(blob); 914 drm_property_blob_put(blob); 915 916 return 0; 917 918err: 919 mutex_unlock(&dev->mode_config.blob_lock); 920 drm_property_blob_put(blob); 921 922 return ret; 923} 924 925/* Some properties could refer to dynamic refcnt'd objects, or things that 926 * need special locking to handle lifetime issues (ie. to ensure the prop 927 * value doesn't become invalid part way through the property update due to 928 * race). The value returned by reference via 'obj' should be passed back 929 * to drm_property_change_valid_put() after the property is set (and the 930 * object to which the property is attached has a chance to take its own 931 * reference). 932 */ 933bool drm_property_change_valid_get(struct drm_property *property, 934 uint64_t value, struct drm_mode_object **ref) 935{ 936 int i; 937 938 if (property->flags & DRM_MODE_PROP_IMMUTABLE) 939 return false; 940 941 *ref = NULL; 942 943 if (drm_property_type_is(property, DRM_MODE_PROP_RANGE)) { 944 if (value < property->values[0] || value > property->values[1]) 945 return false; 946 return true; 947 } else if (drm_property_type_is(property, DRM_MODE_PROP_SIGNED_RANGE)) { 948 int64_t svalue = U642I64(value); 949 950 if (svalue < U642I64(property->values[0]) || 951 svalue > U642I64(property->values[1])) 952 return false; 953 return true; 954 } else if (drm_property_type_is(property, DRM_MODE_PROP_BITMASK)) { 955 uint64_t valid_mask = 0; 956 957 for (i = 0; i < property->num_values; i++) 958 valid_mask |= (1ULL << property->values[i]); 959 return !(value & ~valid_mask); 960 } else if (drm_property_type_is(property, DRM_MODE_PROP_BLOB)) { 961 struct drm_property_blob *blob; 962 963 if (value == 0) 964 return true; 965 966 blob = drm_property_lookup_blob(property->dev, value); 967 if (blob) { 968 *ref = &blob->base; 969 return true; 970 } else { 971 return false; 972 } 973 } else if (drm_property_type_is(property, DRM_MODE_PROP_OBJECT)) { 974 /* a zero value for an object property translates to null: */ 975 if (value == 0) 976 return true; 977 978 *ref = __drm_mode_object_find(property->dev, NULL, value, 979 property->values[0]); 980 return *ref != NULL; 981 } 982 983 for (i = 0; i < property->num_values; i++) 984 if (property->values[i] == value) 985 return true; 986 return false; 987} 988 989void drm_property_change_valid_put(struct drm_property *property, 990 struct drm_mode_object *ref) 991{ 992 if (!ref) 993 return; 994 995 if (drm_property_type_is(property, DRM_MODE_PROP_OBJECT)) { 996 drm_mode_object_put(ref); 997 } else if (drm_property_type_is(property, DRM_MODE_PROP_BLOB)) 998 drm_property_blob_put(obj_to_blob(ref)); 999} 1000