1 /* 2 * Created: Fri Jan 8 09:01:26 1999 by faith@valinux.com 3 * 4 * Copyright 1999 Precision Insight, Inc., Cedar Park, Texas. 5 * Copyright 2000 VA Linux Systems, Inc., Sunnyvale, California. 6 * All Rights Reserved. 7 * 8 * Author Rickard E. (Rik) Faith <faith@valinux.com> 9 * Author Gareth Hughes <gareth@valinux.com> 10 * 11 * Permission is hereby granted, free of charge, to any person obtaining a 12 * copy of this software and associated documentation files (the "Software"), 13 * to deal in the Software without restriction, including without limitation 14 * the rights to use, copy, modify, merge, publish, distribute, sublicense, 15 * and/or sell copies of the Software, and to permit persons to whom the 16 * Software is furnished to do so, subject to the following conditions: 17 * 18 * The above copyright notice and this permission notice (including the next 19 * paragraph) shall be included in all copies or substantial portions of the 20 * Software. 21 * 22 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 23 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 24 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 25 * VA LINUX SYSTEMS AND/OR ITS SUPPLIERS BE LIABLE FOR ANY CLAIM, DAMAGES OR 26 * OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, 27 * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR 28 * OTHER DEALINGS IN THE SOFTWARE. 29 */ 30 31 #include <sys/filio.h> 32 #include <sys/ttycom.h> /* for TIOCSGRP */ 33 34 #include <drm/drm_ioctl.h> 35 #include <drm/drmP.h> 36 #ifdef __linux__ 37 #include <drm/drm_auth.h> 38 #include "drm_legacy.h" 39 #endif 40 #include "drm_internal.h" 41 #include "drm_crtc_internal.h" 42 43 #include <linux/pci.h> 44 #include <linux/export.h> 45 #include <linux/nospec.h> 46 47 int drm_setunique(struct drm_device *, void *, struct drm_file *); 48 49 /** 50 * DOC: getunique and setversion story 51 * 52 * BEWARE THE DRAGONS! MIND THE TRAPDOORS! 53 * 54 * In an attempt to warn anyone else who's trying to figure out what's going 55 * on here, I'll try to summarize the story. First things first, let's clear up 56 * the names, because the kernel internals, libdrm and the ioctls are all named 57 * differently: 58 * 59 * - GET_UNIQUE ioctl, implemented by drm_getunique is wrapped up in libdrm 60 * through the drmGetBusid function. 61 * - The libdrm drmSetBusid function is backed by the SET_UNIQUE ioctl. All 62 * that code is nerved in the kernel with drm_invalid_op(). 63 * - The internal set_busid kernel functions and driver callbacks are 64 * exclusively use by the SET_VERSION ioctl, because only drm 1.0 (which is 65 * nerved) allowed userspace to set the busid through the above ioctl. 66 * - Other ioctls and functions involved are named consistently. 67 * 68 * For anyone wondering what's the difference between drm 1.1 and 1.4: Correctly 69 * handling pci domains in the busid on ppc. Doing this correctly was only 70 * implemented in libdrm in 2010, hence can't be nerved yet. No one knows what's 71 * special with drm 1.2 and 1.3. 72 * 73 * Now the actual horror story of how device lookup in drm works. At large, 74 * there's 2 different ways, either by busid, or by device driver name. 75 * 76 * Opening by busid is fairly simple: 77 * 78 * 1. First call SET_VERSION to make sure pci domains are handled properly. As a 79 * side-effect this fills out the unique name in the master structure. 80 * 2. Call GET_UNIQUE to read out the unique name from the master structure, 81 * which matches the busid thanks to step 1. If it doesn't, proceed to try 82 * the next device node. 83 * 84 * Opening by name is slightly different: 85 * 86 * 1. Directly call VERSION to get the version and to match against the driver 87 * name returned by that ioctl. Note that SET_VERSION is not called, which 88 * means the the unique name for the master node just opening is _not_ filled 89 * out. This despite that with current drm device nodes are always bound to 90 * one device, and can't be runtime assigned like with drm 1.0. 91 * 2. Match driver name. If it mismatches, proceed to the next device node. 92 * 3. Call GET_UNIQUE, and check whether the unique name has length zero (by 93 * checking that the first byte in the string is 0). If that's not the case 94 * libdrm skips and proceeds to the next device node. Probably this is just 95 * copypasta from drm 1.0 times where a set unique name meant that the driver 96 * was in use already, but that's just conjecture. 97 * 98 * Long story short: To keep the open by name logic working, GET_UNIQUE must 99 * _not_ return a unique string when SET_VERSION hasn't been called yet, 100 * otherwise libdrm breaks. Even when that unique string can't ever change, and 101 * is totally irrelevant for actually opening the device because runtime 102 * assignable device instances were only support in drm 1.0, which is long dead. 103 * But the libdrm code in drmOpenByName somehow survived, hence this can't be 104 * broken. 105 */ 106 107 /* 108 * Get the bus id. 109 * 110 * \param inode device inode. 111 * \param file_priv DRM file private. 112 * \param cmd command. 113 * \param arg user argument, pointing to a drm_unique structure. 114 * \return zero on success or a negative number on failure. 115 * 116 * Copies the bus id from drm_device::unique into user space. 117 */ 118 int drm_getunique(struct drm_device *dev, void *data, 119 struct drm_file *file_priv) 120 { 121 struct drm_unique *u = data; 122 123 if (u->unique_len >= dev->unique_len) { 124 if (DRM_COPY_TO_USER(u->unique, dev->unique, dev->unique_len)) 125 return -EFAULT; 126 } 127 u->unique_len = dev->unique_len; 128 129 return 0; 130 } 131 132 /* 133 * Get client information. 134 * 135 * \param inode device inode. 136 * \param file_priv DRM file private. 137 * \param cmd command. 138 * \param arg user argument, pointing to a drm_client structure. 139 * 140 * \return zero on success or a negative number on failure. 141 * 142 * Searches for the client with the specified index and copies its information 143 * into userspace 144 */ 145 int drm_getclient(struct drm_device *dev, void *data, 146 struct drm_file *file_priv) 147 { 148 struct drm_client *client = data; 149 150 /* 151 * Hollowed-out getclient ioctl to keep some dead old drm tests/tools 152 * not breaking completely. Userspace tools stop enumerating one they 153 * get -EINVAL, hence this is the return value we need to hand back for 154 * no clients tracked. 155 * 156 * Unfortunately some clients (*cough* libva *cough*) use this in a fun 157 * attempt to figure out whether they're authenticated or not. Since 158 * that's the only thing they care about, give it to the directly 159 * instead of walking one giant list. 160 */ 161 if (client->idx == 0) { 162 client->auth = file_priv->authenticated; 163 #ifdef __linux__ 164 client->pid = task_pid_vnr(current); 165 client->uid = overflowuid; 166 #else 167 client->pid = curproc->p_p->ps_pid; 168 client->uid = 0xfffe; 169 #endif 170 client->magic = 0; 171 client->iocs = 0; 172 173 return 0; 174 } else { 175 return -EINVAL; 176 } 177 } 178 179 /* 180 * Get statistics information. 181 * 182 * \param inode device inode. 183 * \param file_priv DRM file private. 184 * \param cmd command. 185 * \param arg user argument, pointing to a drm_stats structure. 186 * 187 * \return zero on success or a negative number on failure. 188 */ 189 static int drm_getstats(struct drm_device *dev, void *data, 190 struct drm_file *file_priv) 191 { 192 struct drm_stats *stats = data; 193 194 /* Clear stats to prevent userspace from eating its stack garbage. */ 195 memset(stats, 0, sizeof(*stats)); 196 197 return 0; 198 } 199 200 /* 201 * Get device/driver capabilities 202 */ 203 static int drm_getcap(struct drm_device *dev, void *data, struct drm_file *file_priv) 204 { 205 struct drm_get_cap *req = data; 206 struct drm_crtc *crtc; 207 208 req->value = 0; 209 210 /* Only some caps make sense with UMS/render-only drivers. */ 211 switch (req->capability) { 212 case DRM_CAP_TIMESTAMP_MONOTONIC: 213 req->value = 1; 214 return 0; 215 case DRM_CAP_PRIME: 216 req->value |= dev->driver->prime_fd_to_handle ? DRM_PRIME_CAP_IMPORT : 0; 217 req->value |= dev->driver->prime_handle_to_fd ? DRM_PRIME_CAP_EXPORT : 0; 218 return 0; 219 case DRM_CAP_SYNCOBJ: 220 req->value = drm_core_check_feature(dev, DRIVER_SYNCOBJ); 221 return 0; 222 } 223 224 /* Other caps only work with KMS drivers */ 225 if (!drm_core_check_feature(dev, DRIVER_MODESET)) 226 return -ENOTSUPP; 227 228 switch (req->capability) { 229 case DRM_CAP_DUMB_BUFFER: 230 if (dev->driver->dumb_create) 231 req->value = 1; 232 break; 233 case DRM_CAP_VBLANK_HIGH_CRTC: 234 req->value = 1; 235 break; 236 case DRM_CAP_DUMB_PREFERRED_DEPTH: 237 req->value = dev->mode_config.preferred_depth; 238 break; 239 case DRM_CAP_DUMB_PREFER_SHADOW: 240 req->value = dev->mode_config.prefer_shadow; 241 break; 242 case DRM_CAP_ASYNC_PAGE_FLIP: 243 req->value = dev->mode_config.async_page_flip; 244 break; 245 case DRM_CAP_PAGE_FLIP_TARGET: 246 req->value = 1; 247 drm_for_each_crtc(crtc, dev) { 248 if (!crtc->funcs->page_flip_target) 249 req->value = 0; 250 } 251 break; 252 case DRM_CAP_CURSOR_WIDTH: 253 if (dev->mode_config.cursor_width) 254 req->value = dev->mode_config.cursor_width; 255 else 256 req->value = 64; 257 break; 258 case DRM_CAP_CURSOR_HEIGHT: 259 if (dev->mode_config.cursor_height) 260 req->value = dev->mode_config.cursor_height; 261 else 262 req->value = 64; 263 break; 264 case DRM_CAP_ADDFB2_MODIFIERS: 265 req->value = dev->mode_config.allow_fb_modifiers; 266 break; 267 case DRM_CAP_CRTC_IN_VBLANK_EVENT: 268 req->value = 1; 269 break; 270 default: 271 return -EINVAL; 272 } 273 return 0; 274 } 275 276 /* 277 * Set device/driver capabilities 278 */ 279 static int 280 drm_setclientcap(struct drm_device *dev, void *data, struct drm_file *file_priv) 281 { 282 struct drm_set_client_cap *req = data; 283 284 switch (req->capability) { 285 case DRM_CLIENT_CAP_STEREO_3D: 286 if (req->value > 1) 287 return -EINVAL; 288 file_priv->stereo_allowed = req->value; 289 break; 290 case DRM_CLIENT_CAP_UNIVERSAL_PLANES: 291 if (req->value > 1) 292 return -EINVAL; 293 file_priv->universal_planes = req->value; 294 break; 295 case DRM_CLIENT_CAP_ATOMIC: 296 if (!drm_core_check_feature(dev, DRIVER_ATOMIC)) 297 return -EINVAL; 298 if (req->value > 1) 299 return -EINVAL; 300 file_priv->atomic = req->value; 301 file_priv->universal_planes = req->value; 302 /* 303 * No atomic user-space blows up on aspect ratio mode bits. 304 */ 305 file_priv->aspect_ratio_allowed = req->value; 306 break; 307 case DRM_CLIENT_CAP_ASPECT_RATIO: 308 if (req->value > 1) 309 return -EINVAL; 310 file_priv->aspect_ratio_allowed = req->value; 311 break; 312 #ifdef notyet 313 case DRM_CLIENT_CAP_WRITEBACK_CONNECTORS: 314 if (!file_priv->atomic) 315 return -EINVAL; 316 if (req->value > 1) 317 return -EINVAL; 318 file_priv->writeback_connectors = req->value; 319 break; 320 #endif 321 default: 322 return -EINVAL; 323 } 324 325 return 0; 326 } 327 328 /* 329 * Setversion ioctl. 330 * 331 * \param inode device inode. 332 * \param file_priv DRM file private. 333 * \param cmd command. 334 * \param arg user argument, pointing to a drm_lock structure. 335 * \return zero on success or negative number on failure. 336 * 337 * Sets the requested interface version 338 */ 339 static int drm_setversion(struct drm_device *dev, void *data, struct drm_file *file_priv) 340 { 341 struct drm_set_version ver, *sv = data; 342 int if_version; 343 344 /* Save the incoming data, and set the response before continuing 345 * any further. 346 */ 347 ver = *sv; 348 sv->drm_di_major = DRM_IF_MAJOR; 349 sv->drm_di_minor = DRM_IF_MINOR; 350 sv->drm_dd_major = dev->driver->major; 351 sv->drm_dd_minor = dev->driver->minor; 352 353 /* 354 * We no longer support interface versions less than 1.1, so error 355 * out if the xserver is too old. 1.1 always ties the drm to a 356 * certain busid, this was done on attach 357 */ 358 if (ver.drm_di_major != -1) { 359 if (ver.drm_di_major != DRM_IF_MAJOR || ver.drm_di_minor < 1 || 360 ver.drm_di_minor > DRM_IF_MINOR) { 361 return -EINVAL; 362 } 363 if_version = DRM_IF_VERSION(ver.drm_di_major, ver.drm_dd_minor); 364 dev->if_version = imax(if_version, dev->if_version); 365 } 366 367 if (ver.drm_dd_major != -1) { 368 if (ver.drm_dd_major != dev->driver->major || 369 ver.drm_dd_minor < 0 || 370 ver.drm_dd_minor > dev->driver->minor) 371 return -EINVAL; 372 } 373 374 return 0; 375 } 376 377 /** 378 * drm_noop - DRM no-op ioctl implemntation 379 * @dev: DRM device for the ioctl 380 * @data: data pointer for the ioctl 381 * @file_priv: DRM file for the ioctl call 382 * 383 * This no-op implementation for drm ioctls is useful for deprecated 384 * functionality where we can't return a failure code because existing userspace 385 * checks the result of the ioctl, but doesn't care about the action. 386 * 387 * Always returns successfully with 0. 388 */ 389 int drm_noop(struct drm_device *dev, void *data, 390 struct drm_file *file_priv) 391 { 392 return 0; 393 } 394 EXPORT_SYMBOL(drm_noop); 395 396 /** 397 * drm_invalid_op - DRM invalid ioctl implemntation 398 * @dev: DRM device for the ioctl 399 * @data: data pointer for the ioctl 400 * @file_priv: DRM file for the ioctl call 401 * 402 * This no-op implementation for drm ioctls is useful for deprecated 403 * functionality where we really don't want to allow userspace to call the ioctl 404 * any more. This is the case for old ums interfaces for drivers that 405 * transitioned to kms gradually and so kept the old legacy tables around. This 406 * only applies to radeon and i915 kms drivers, other drivers shouldn't need to 407 * use this function. 408 * 409 * Always fails with a return value of -EINVAL. 410 */ 411 int drm_invalid_op(struct drm_device *dev, void *data, 412 struct drm_file *file_priv) 413 { 414 return -EINVAL; 415 } 416 EXPORT_SYMBOL(drm_invalid_op); 417 418 /* 419 * Get version information 420 * 421 * \param inode device inode. 422 * \param filp file pointer. 423 * \param cmd command. 424 * \param arg user argument, pointing to a drm_version structure. 425 * \return zero on success or negative number on failure. 426 * 427 * Fills in the version information in \p arg. 428 */ 429 int drm_version(struct drm_device *dev, void *data, 430 struct drm_file *file_priv) 431 { 432 struct drm_version *version = data; 433 int len; 434 435 #define DRM_COPY(name, value) \ 436 len = strlen( value ); \ 437 if ( len > name##_len ) len = name##_len; \ 438 name##_len = strlen( value ); \ 439 if ( len && name ) { \ 440 if ( DRM_COPY_TO_USER( name, value, len ) ) \ 441 return -EFAULT; \ 442 } 443 444 version->version_major = dev->driver->major; 445 version->version_minor = dev->driver->minor; 446 version->version_patchlevel = dev->driver->patchlevel; 447 448 DRM_COPY(version->name, dev->driver->name); 449 DRM_COPY(version->date, dev->driver->date); 450 DRM_COPY(version->desc, dev->driver->desc); 451 452 return 0; 453 } 454 455 #define DRM_IOCTL_DEF(ioctl, _func, _flags) \ 456 [DRM_IOCTL_NR(ioctl)] = {.cmd = ioctl, .func = _func, .flags = _flags, .cmd_drv = 0} 457 458 /* Ioctl table */ 459 static const struct drm_ioctl_desc drm_ioctls[] = { 460 DRM_IOCTL_DEF(DRM_IOCTL_VERSION, drm_version, 461 DRM_UNLOCKED|DRM_RENDER_ALLOW), 462 DRM_IOCTL_DEF(DRM_IOCTL_GET_UNIQUE, drm_getunique, DRM_UNLOCKED), 463 DRM_IOCTL_DEF(DRM_IOCTL_GET_MAGIC, drm_getmagic, DRM_UNLOCKED), 464 #ifdef __linux__ 465 DRM_IOCTL_DEF(DRM_IOCTL_IRQ_BUSID, drm_irq_by_busid, DRM_MASTER|DRM_ROOT_ONLY), 466 DRM_IOCTL_DEF(DRM_IOCTL_GET_MAP, drm_legacy_getmap_ioctl, DRM_UNLOCKED), 467 #endif 468 DRM_IOCTL_DEF(DRM_IOCTL_GET_CLIENT, drm_getclient, DRM_UNLOCKED), 469 DRM_IOCTL_DEF(DRM_IOCTL_GET_STATS, drm_getstats, DRM_UNLOCKED), 470 DRM_IOCTL_DEF(DRM_IOCTL_GET_CAP, drm_getcap, DRM_UNLOCKED|DRM_RENDER_ALLOW), 471 DRM_IOCTL_DEF(DRM_IOCTL_SET_CLIENT_CAP, drm_setclientcap, DRM_UNLOCKED), 472 DRM_IOCTL_DEF(DRM_IOCTL_SET_VERSION, drm_setversion, DRM_UNLOCKED | DRM_MASTER), 473 474 DRM_IOCTL_DEF(DRM_IOCTL_SET_UNIQUE, drm_invalid_op, DRM_AUTH|DRM_MASTER|DRM_ROOT_ONLY), 475 DRM_IOCTL_DEF(DRM_IOCTL_BLOCK, drm_noop, DRM_AUTH|DRM_MASTER|DRM_ROOT_ONLY), 476 DRM_IOCTL_DEF(DRM_IOCTL_UNBLOCK, drm_noop, DRM_AUTH|DRM_MASTER|DRM_ROOT_ONLY), 477 DRM_IOCTL_DEF(DRM_IOCTL_AUTH_MAGIC, drm_authmagic, DRM_AUTH|DRM_UNLOCKED|DRM_MASTER), 478 479 #ifdef __linux__ 480 DRM_IOCTL_DEF(DRM_IOCTL_ADD_MAP, drm_legacy_addmap_ioctl, DRM_AUTH|DRM_MASTER|DRM_ROOT_ONLY), 481 DRM_IOCTL_DEF(DRM_IOCTL_RM_MAP, drm_legacy_rmmap_ioctl, DRM_AUTH), 482 483 DRM_IOCTL_DEF(DRM_IOCTL_SET_SAREA_CTX, drm_legacy_setsareactx, DRM_AUTH|DRM_MASTER|DRM_ROOT_ONLY), 484 DRM_IOCTL_DEF(DRM_IOCTL_GET_SAREA_CTX, drm_legacy_getsareactx, DRM_AUTH), 485 #else 486 DRM_IOCTL_DEF(DRM_IOCTL_GET_PCIINFO, drm_getpciinfo, DRM_UNLOCKED|DRM_RENDER_ALLOW), 487 488 DRM_IOCTL_DEF(DRM_IOCTL_SET_SAREA_CTX, drm_noop, DRM_AUTH|DRM_MASTER|DRM_ROOT_ONLY), 489 DRM_IOCTL_DEF(DRM_IOCTL_GET_SAREA_CTX, drm_noop, DRM_AUTH), 490 #endif 491 492 #ifdef __linux__ 493 DRM_IOCTL_DEF(DRM_IOCTL_SET_MASTER, drm_setmaster_ioctl, DRM_UNLOCKED|DRM_ROOT_ONLY), 494 DRM_IOCTL_DEF(DRM_IOCTL_DROP_MASTER, drm_dropmaster_ioctl, DRM_UNLOCKED|DRM_ROOT_ONLY), 495 #else 496 /* On OpenBSD xorg privdrop has already occurred before this point */ 497 DRM_IOCTL_DEF(DRM_IOCTL_SET_MASTER, drm_noop, DRM_UNLOCKED|DRM_RENDER_ALLOW), 498 DRM_IOCTL_DEF(DRM_IOCTL_DROP_MASTER, drm_noop, DRM_UNLOCKED|DRM_RENDER_ALLOW), 499 #endif 500 501 #ifdef __linux__ 502 DRM_IOCTL_DEF(DRM_IOCTL_ADD_CTX, drm_legacy_addctx, DRM_AUTH|DRM_ROOT_ONLY), 503 DRM_IOCTL_DEF(DRM_IOCTL_RM_CTX, drm_legacy_rmctx, DRM_AUTH|DRM_MASTER|DRM_ROOT_ONLY), 504 #endif 505 DRM_IOCTL_DEF(DRM_IOCTL_MOD_CTX, drm_noop, DRM_AUTH|DRM_MASTER|DRM_ROOT_ONLY), 506 #ifdef __linux__ 507 DRM_IOCTL_DEF(DRM_IOCTL_GET_CTX, drm_legacy_getctx, DRM_AUTH), 508 DRM_IOCTL_DEF(DRM_IOCTL_SWITCH_CTX, drm_legacy_switchctx, DRM_AUTH|DRM_MASTER|DRM_ROOT_ONLY), 509 DRM_IOCTL_DEF(DRM_IOCTL_NEW_CTX, drm_legacy_newctx, DRM_AUTH|DRM_MASTER|DRM_ROOT_ONLY), 510 #else 511 DRM_IOCTL_DEF(DRM_IOCTL_SWITCH_CTX, drm_noop, DRM_AUTH|DRM_MASTER|DRM_ROOT_ONLY), 512 DRM_IOCTL_DEF(DRM_IOCTL_NEW_CTX, drm_noop, DRM_AUTH|DRM_MASTER|DRM_ROOT_ONLY), 513 #endif 514 #ifdef __linux__ 515 DRM_IOCTL_DEF(DRM_IOCTL_RES_CTX, drm_legacy_resctx, DRM_AUTH), 516 #endif 517 518 DRM_IOCTL_DEF(DRM_IOCTL_ADD_DRAW, drm_noop, DRM_AUTH|DRM_MASTER|DRM_ROOT_ONLY), 519 DRM_IOCTL_DEF(DRM_IOCTL_RM_DRAW, drm_noop, DRM_AUTH|DRM_MASTER|DRM_ROOT_ONLY), 520 521 #ifdef __linux__ 522 DRM_IOCTL_DEF(DRM_IOCTL_LOCK, drm_legacy_lock, DRM_AUTH), 523 DRM_IOCTL_DEF(DRM_IOCTL_UNLOCK, drm_legacy_unlock, DRM_AUTH), 524 #endif 525 526 DRM_IOCTL_DEF(DRM_IOCTL_FINISH, drm_noop, DRM_AUTH), 527 528 #ifdef __linux__ 529 DRM_IOCTL_DEF(DRM_IOCTL_ADD_BUFS, drm_legacy_addbufs, DRM_AUTH|DRM_MASTER|DRM_ROOT_ONLY), 530 DRM_IOCTL_DEF(DRM_IOCTL_MARK_BUFS, drm_legacy_markbufs, DRM_AUTH|DRM_MASTER|DRM_ROOT_ONLY), 531 DRM_IOCTL_DEF(DRM_IOCTL_INFO_BUFS, drm_legacy_infobufs, DRM_AUTH), 532 #else 533 DRM_IOCTL_DEF(DRM_IOCTL_MARK_BUFS, drm_noop, DRM_AUTH|DRM_MASTER|DRM_ROOT_ONLY), 534 DRM_IOCTL_DEF(DRM_IOCTL_INFO_BUFS, drm_noop, DRM_AUTH), 535 #endif 536 #ifdef __linux__ 537 DRM_IOCTL_DEF(DRM_IOCTL_MAP_BUFS, drm_legacy_mapbufs, DRM_AUTH), 538 DRM_IOCTL_DEF(DRM_IOCTL_FREE_BUFS, drm_legacy_freebufs, DRM_AUTH), 539 DRM_IOCTL_DEF(DRM_IOCTL_DMA, drm_legacy_dma_ioctl, DRM_AUTH), 540 541 DRM_IOCTL_DEF(DRM_IOCTL_CONTROL, drm_legacy_irq_control, DRM_AUTH|DRM_MASTER|DRM_ROOT_ONLY), 542 543 #if IS_ENABLED(CONFIG_AGP) 544 DRM_IOCTL_DEF(DRM_IOCTL_AGP_ACQUIRE, drm_agp_acquire_ioctl, DRM_AUTH|DRM_MASTER|DRM_ROOT_ONLY), 545 DRM_IOCTL_DEF(DRM_IOCTL_AGP_RELEASE, drm_agp_release_ioctl, DRM_AUTH|DRM_MASTER|DRM_ROOT_ONLY), 546 DRM_IOCTL_DEF(DRM_IOCTL_AGP_ENABLE, drm_agp_enable_ioctl, DRM_AUTH|DRM_MASTER|DRM_ROOT_ONLY), 547 DRM_IOCTL_DEF(DRM_IOCTL_AGP_INFO, drm_agp_info_ioctl, DRM_AUTH), 548 DRM_IOCTL_DEF(DRM_IOCTL_AGP_ALLOC, drm_agp_alloc_ioctl, DRM_AUTH|DRM_MASTER|DRM_ROOT_ONLY), 549 DRM_IOCTL_DEF(DRM_IOCTL_AGP_FREE, drm_agp_free_ioctl, DRM_AUTH|DRM_MASTER|DRM_ROOT_ONLY), 550 DRM_IOCTL_DEF(DRM_IOCTL_AGP_BIND, drm_agp_bind_ioctl, DRM_AUTH|DRM_MASTER|DRM_ROOT_ONLY), 551 DRM_IOCTL_DEF(DRM_IOCTL_AGP_UNBIND, drm_agp_unbind_ioctl, DRM_AUTH|DRM_MASTER|DRM_ROOT_ONLY), 552 #endif 553 554 DRM_IOCTL_DEF(DRM_IOCTL_SG_ALLOC, drm_legacy_sg_alloc, DRM_AUTH|DRM_MASTER|DRM_ROOT_ONLY), 555 DRM_IOCTL_DEF(DRM_IOCTL_SG_FREE, drm_legacy_sg_free, DRM_AUTH|DRM_MASTER|DRM_ROOT_ONLY), 556 #endif 557 558 DRM_IOCTL_DEF(DRM_IOCTL_WAIT_VBLANK, drm_wait_vblank_ioctl, DRM_UNLOCKED), 559 560 DRM_IOCTL_DEF(DRM_IOCTL_MODESET_CTL, drm_legacy_modeset_ctl_ioctl, 0), 561 562 DRM_IOCTL_DEF(DRM_IOCTL_UPDATE_DRAW, drm_noop, DRM_AUTH|DRM_MASTER|DRM_ROOT_ONLY), 563 564 DRM_IOCTL_DEF(DRM_IOCTL_GEM_CLOSE, drm_gem_close_ioctl, DRM_UNLOCKED|DRM_RENDER_ALLOW), 565 DRM_IOCTL_DEF(DRM_IOCTL_GEM_FLINK, drm_gem_flink_ioctl, DRM_AUTH|DRM_UNLOCKED), 566 DRM_IOCTL_DEF(DRM_IOCTL_GEM_OPEN, drm_gem_open_ioctl, DRM_AUTH|DRM_UNLOCKED), 567 568 DRM_IOCTL_DEF(DRM_IOCTL_MODE_GETRESOURCES, drm_mode_getresources, DRM_UNLOCKED), 569 570 DRM_IOCTL_DEF(DRM_IOCTL_PRIME_HANDLE_TO_FD, drm_prime_handle_to_fd_ioctl, DRM_AUTH|DRM_UNLOCKED|DRM_RENDER_ALLOW), 571 DRM_IOCTL_DEF(DRM_IOCTL_PRIME_FD_TO_HANDLE, drm_prime_fd_to_handle_ioctl, DRM_AUTH|DRM_UNLOCKED|DRM_RENDER_ALLOW), 572 573 DRM_IOCTL_DEF(DRM_IOCTL_MODE_GETPLANERESOURCES, drm_mode_getplane_res, DRM_UNLOCKED), 574 DRM_IOCTL_DEF(DRM_IOCTL_MODE_GETCRTC, drm_mode_getcrtc, DRM_UNLOCKED), 575 DRM_IOCTL_DEF(DRM_IOCTL_MODE_SETCRTC, drm_mode_setcrtc, DRM_MASTER|DRM_UNLOCKED), 576 DRM_IOCTL_DEF(DRM_IOCTL_MODE_GETPLANE, drm_mode_getplane, DRM_UNLOCKED), 577 DRM_IOCTL_DEF(DRM_IOCTL_MODE_SETPLANE, drm_mode_setplane, DRM_MASTER|DRM_UNLOCKED), 578 DRM_IOCTL_DEF(DRM_IOCTL_MODE_CURSOR, drm_mode_cursor_ioctl, DRM_MASTER|DRM_UNLOCKED), 579 DRM_IOCTL_DEF(DRM_IOCTL_MODE_GETGAMMA, drm_mode_gamma_get_ioctl, DRM_UNLOCKED), 580 DRM_IOCTL_DEF(DRM_IOCTL_MODE_SETGAMMA, drm_mode_gamma_set_ioctl, DRM_MASTER|DRM_UNLOCKED), 581 DRM_IOCTL_DEF(DRM_IOCTL_MODE_GETENCODER, drm_mode_getencoder, DRM_UNLOCKED), 582 DRM_IOCTL_DEF(DRM_IOCTL_MODE_GETCONNECTOR, drm_mode_getconnector, DRM_UNLOCKED), 583 DRM_IOCTL_DEF(DRM_IOCTL_MODE_ATTACHMODE, drm_noop, DRM_MASTER|DRM_UNLOCKED), 584 DRM_IOCTL_DEF(DRM_IOCTL_MODE_DETACHMODE, drm_noop, DRM_MASTER|DRM_UNLOCKED), 585 DRM_IOCTL_DEF(DRM_IOCTL_MODE_GETPROPERTY, drm_mode_getproperty_ioctl, DRM_UNLOCKED), 586 DRM_IOCTL_DEF(DRM_IOCTL_MODE_SETPROPERTY, drm_connector_property_set_ioctl, DRM_MASTER|DRM_UNLOCKED), 587 DRM_IOCTL_DEF(DRM_IOCTL_MODE_GETPROPBLOB, drm_mode_getblob_ioctl, DRM_UNLOCKED), 588 DRM_IOCTL_DEF(DRM_IOCTL_MODE_GETFB, drm_mode_getfb, DRM_UNLOCKED), 589 DRM_IOCTL_DEF(DRM_IOCTL_MODE_ADDFB, drm_mode_addfb_ioctl, DRM_UNLOCKED), 590 DRM_IOCTL_DEF(DRM_IOCTL_MODE_ADDFB2, drm_mode_addfb2, DRM_UNLOCKED), 591 DRM_IOCTL_DEF(DRM_IOCTL_MODE_RMFB, drm_mode_rmfb_ioctl, DRM_UNLOCKED), 592 DRM_IOCTL_DEF(DRM_IOCTL_MODE_PAGE_FLIP, drm_mode_page_flip_ioctl, DRM_MASTER|DRM_UNLOCKED), 593 DRM_IOCTL_DEF(DRM_IOCTL_MODE_DIRTYFB, drm_mode_dirtyfb_ioctl, DRM_MASTER|DRM_UNLOCKED), 594 DRM_IOCTL_DEF(DRM_IOCTL_MODE_CREATE_DUMB, drm_mode_create_dumb_ioctl, DRM_UNLOCKED), 595 DRM_IOCTL_DEF(DRM_IOCTL_MODE_MAP_DUMB, drm_mode_mmap_dumb_ioctl, DRM_UNLOCKED), 596 DRM_IOCTL_DEF(DRM_IOCTL_MODE_DESTROY_DUMB, drm_mode_destroy_dumb_ioctl, DRM_UNLOCKED), 597 DRM_IOCTL_DEF(DRM_IOCTL_MODE_OBJ_GETPROPERTIES, drm_mode_obj_get_properties_ioctl, DRM_UNLOCKED), 598 DRM_IOCTL_DEF(DRM_IOCTL_MODE_OBJ_SETPROPERTY, drm_mode_obj_set_property_ioctl, DRM_MASTER|DRM_UNLOCKED), 599 DRM_IOCTL_DEF(DRM_IOCTL_MODE_CURSOR2, drm_mode_cursor2_ioctl, DRM_MASTER|DRM_UNLOCKED), 600 DRM_IOCTL_DEF(DRM_IOCTL_MODE_ATOMIC, drm_mode_atomic_ioctl, DRM_MASTER|DRM_UNLOCKED), 601 DRM_IOCTL_DEF(DRM_IOCTL_MODE_CREATEPROPBLOB, drm_mode_createblob_ioctl, DRM_UNLOCKED), 602 DRM_IOCTL_DEF(DRM_IOCTL_MODE_DESTROYPROPBLOB, drm_mode_destroyblob_ioctl, DRM_UNLOCKED), 603 604 DRM_IOCTL_DEF(DRM_IOCTL_SYNCOBJ_CREATE, drm_syncobj_create_ioctl, 605 DRM_UNLOCKED|DRM_RENDER_ALLOW), 606 DRM_IOCTL_DEF(DRM_IOCTL_SYNCOBJ_DESTROY, drm_syncobj_destroy_ioctl, 607 DRM_UNLOCKED|DRM_RENDER_ALLOW), 608 DRM_IOCTL_DEF(DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD, drm_syncobj_handle_to_fd_ioctl, 609 DRM_UNLOCKED|DRM_RENDER_ALLOW), 610 DRM_IOCTL_DEF(DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE, drm_syncobj_fd_to_handle_ioctl, 611 DRM_UNLOCKED|DRM_RENDER_ALLOW), 612 DRM_IOCTL_DEF(DRM_IOCTL_SYNCOBJ_WAIT, drm_syncobj_wait_ioctl, 613 DRM_UNLOCKED|DRM_RENDER_ALLOW), 614 DRM_IOCTL_DEF(DRM_IOCTL_SYNCOBJ_RESET, drm_syncobj_reset_ioctl, 615 DRM_UNLOCKED|DRM_RENDER_ALLOW), 616 DRM_IOCTL_DEF(DRM_IOCTL_SYNCOBJ_SIGNAL, drm_syncobj_signal_ioctl, 617 DRM_UNLOCKED|DRM_RENDER_ALLOW), 618 DRM_IOCTL_DEF(DRM_IOCTL_CRTC_GET_SEQUENCE, drm_crtc_get_sequence_ioctl, DRM_UNLOCKED), 619 DRM_IOCTL_DEF(DRM_IOCTL_CRTC_QUEUE_SEQUENCE, drm_crtc_queue_sequence_ioctl, DRM_UNLOCKED), 620 #ifdef __linux__ 621 DRM_IOCTL_DEF(DRM_IOCTL_MODE_CREATE_LEASE, drm_mode_create_lease_ioctl, DRM_MASTER|DRM_UNLOCKED), 622 DRM_IOCTL_DEF(DRM_IOCTL_MODE_LIST_LESSEES, drm_mode_list_lessees_ioctl, DRM_MASTER|DRM_UNLOCKED), 623 DRM_IOCTL_DEF(DRM_IOCTL_MODE_GET_LEASE, drm_mode_get_lease_ioctl, DRM_MASTER|DRM_UNLOCKED), 624 DRM_IOCTL_DEF(DRM_IOCTL_MODE_REVOKE_LEASE, drm_mode_revoke_lease_ioctl, DRM_MASTER|DRM_UNLOCKED), 625 #endif 626 }; 627 628 #define DRM_CORE_IOCTL_COUNT ARRAY_SIZE( drm_ioctls ) 629 630 int 631 pledge_ioctl_drm(struct proc *p, long com, dev_t device) 632 { 633 struct drm_device *dev = drm_get_device_from_kdev(device); 634 unsigned int nr = DRM_IOCTL_NR(com); 635 const struct drm_ioctl_desc *ioctl; 636 637 if (dev == NULL) 638 return EPERM; 639 640 if (nr < DRM_CORE_IOCTL_COUNT && 641 ((nr < DRM_COMMAND_BASE || nr >= DRM_COMMAND_END))) 642 ioctl = &drm_ioctls[nr]; 643 else if (nr >= DRM_COMMAND_BASE && nr < DRM_COMMAND_END && 644 nr < DRM_COMMAND_BASE + dev->driver->num_ioctls) 645 ioctl = &dev->driver->ioctls[nr - DRM_COMMAND_BASE]; 646 else 647 return EPERM; 648 649 if (ioctl->flags & DRM_RENDER_ALLOW) 650 return 0; 651 652 /* 653 * These are dangerous, but we have to allow them until we 654 * have prime/dma-buf support. 655 */ 656 switch (com) { 657 case DRM_IOCTL_GET_MAGIC: 658 case DRM_IOCTL_GEM_OPEN: 659 return 0; 660 } 661 662 return EPERM; 663 } 664 665 int 666 drm_setunique(struct drm_device *dev, void *data, 667 struct drm_file *file_priv) 668 { 669 /* 670 * Deprecated in DRM version 1.1, and will return EBUSY 671 * when setversion has 672 * requested version 1.1 or greater. 673 */ 674 return (-EBUSY); 675 } 676 677 int 678 drm_do_ioctl(struct drm_device *dev, int minor, u_long cmd, caddr_t data) 679 { 680 struct drm_file *file_priv; 681 const struct drm_ioctl_desc *ioctl; 682 drm_ioctl_t *func; 683 unsigned int nr = DRM_IOCTL_NR(cmd); 684 int retcode = -EINVAL; 685 unsigned int usize, asize; 686 687 mutex_lock(&dev->struct_mutex); 688 file_priv = drm_find_file_by_minor(dev, minor); 689 mutex_unlock(&dev->struct_mutex); 690 if (file_priv == NULL) { 691 DRM_ERROR("can't find authenticator\n"); 692 return -EINVAL; 693 } 694 695 DRM_DEBUG("pid=%d, cmd=0x%02lx, nr=0x%02x, dev 0x%lx, auth=%d\n", 696 DRM_CURRENTPID, cmd, (u_int)DRM_IOCTL_NR(cmd), (long)&dev->dev, 697 file_priv->authenticated); 698 699 switch (cmd) { 700 case FIONBIO: 701 case FIOASYNC: 702 return 0; 703 704 case TIOCSPGRP: 705 dev->buf_pgid = *(int *)data; 706 return 0; 707 708 case TIOCGPGRP: 709 *(int *)data = dev->buf_pgid; 710 return 0; 711 } 712 713 if ((nr >= DRM_CORE_IOCTL_COUNT) && 714 ((nr < DRM_COMMAND_BASE) || (nr >= DRM_COMMAND_END))) 715 return (-EINVAL); 716 if ((nr >= DRM_COMMAND_BASE) && (nr < DRM_COMMAND_END) && 717 (nr < DRM_COMMAND_BASE + dev->driver->num_ioctls)) { 718 uint32_t drv_size; 719 ioctl = &dev->driver->ioctls[nr - DRM_COMMAND_BASE]; 720 drv_size = IOCPARM_LEN(ioctl->cmd_drv); 721 usize = asize = IOCPARM_LEN(cmd); 722 if (drv_size > asize) 723 asize = drv_size; 724 } else if ((nr >= DRM_COMMAND_END) || (nr < DRM_COMMAND_BASE)) { 725 uint32_t drv_size; 726 ioctl = &drm_ioctls[nr]; 727 728 drv_size = IOCPARM_LEN(ioctl->cmd_drv); 729 usize = asize = IOCPARM_LEN(cmd); 730 if (drv_size > asize) 731 asize = drv_size; 732 cmd = ioctl->cmd; 733 } else 734 return (-EINVAL); 735 736 func = ioctl->func; 737 if (!func) { 738 DRM_DEBUG("no function\n"); 739 return (-EINVAL); 740 } 741 742 /* ROOT_ONLY is only for CAP_SYS_ADMIN */ 743 if ((ioctl->flags & DRM_ROOT_ONLY) && !capable(CAP_SYS_ADMIN)) 744 return -EACCES; 745 746 /* AUTH is only for authenticated or render client */ 747 if ((ioctl->flags & DRM_AUTH) && !drm_is_render_client(file_priv) && 748 !file_priv->authenticated) 749 return -EACCES; 750 751 /* MASTER is only for master or control clients */ 752 if ((ioctl->flags & DRM_MASTER) && !file_priv->is_master) 753 return -EACCES; 754 755 /* Render clients must be explicitly allowed */ 756 if (!(ioctl->flags & DRM_RENDER_ALLOW) && 757 drm_is_render_client(file_priv)) 758 return -EACCES; 759 760 if (ioctl->flags & DRM_UNLOCKED) 761 retcode = func(dev, data, file_priv); 762 else { 763 /* XXX lock */ 764 retcode = func(dev, data, file_priv); 765 /* XXX unlock */ 766 } 767 768 return (retcode); 769 } 770 771 /* drmioctl is called whenever a process performs an ioctl on /dev/drm. 772 */ 773 int 774 drmioctl(dev_t kdev, u_long cmd, caddr_t data, int flags, struct proc *p) 775 { 776 struct drm_device *dev = drm_get_device_from_kdev(kdev); 777 int error; 778 779 if (dev == NULL) 780 return ENODEV; 781 782 mtx_enter(&dev->quiesce_mtx); 783 while (dev->quiesce) 784 msleep(&dev->quiesce, &dev->quiesce_mtx, PZERO, "drmioc", 0); 785 dev->quiesce_count++; 786 mtx_leave(&dev->quiesce_mtx); 787 788 error = -drm_do_ioctl(dev, minor(kdev), cmd, data); 789 if (error < 0 && error != ERESTART && error != EJUSTRETURN) 790 printf("%s: cmd 0x%lx errno %d\n", __func__, cmd, error); 791 792 mtx_enter(&dev->quiesce_mtx); 793 dev->quiesce_count--; 794 if (dev->quiesce) 795 wakeup(&dev->quiesce_count); 796 mtx_leave(&dev->quiesce_mtx); 797 798 return (error); 799 } 800