1 /*
2  * Copyright (c) 2016 Intel Corporation
3  *
4  * Permission to use, copy, modify, distribute, and sell this software and its
5  * documentation for any purpose is hereby granted without fee, provided that
6  * the above copyright notice appear in all copies and that both that copyright
7  * notice and this permission notice appear in supporting documentation, and
8  * that the name of the copyright holders not be used in advertising or
9  * publicity pertaining to distribution of the software without specific,
10  * written prior permission.  The copyright holders make no representations
11  * about the suitability of this software for any purpose.  It is provided "as
12  * is" without express or implied warranty.
13  *
14  * THE COPYRIGHT HOLDERS DISCLAIM ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
15  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
16  * EVENT SHALL THE COPYRIGHT HOLDERS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
17  * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE,
18  * DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
19  * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE
20  * OF THIS SOFTWARE.
21  */
22 
23 #include <linux/export.h>
24 #include <linux/uaccess.h>
25 
26 #include <drm/drm_crtc.h>
27 #include <drm/drm_drv.h>
28 #include <drm/drm_file.h>
29 #include <drm/drm_framebuffer.h>
30 #include <drm/drm_print.h>
31 #include <drm/drm_property.h>
32 
33 #include "drm_crtc_internal.h"
34 
35 /**
36  * DOC: overview
37  *
38  * Properties as represented by &drm_property are used to extend the modeset
39  * interface exposed to userspace. For the atomic modeset IOCTL properties are
40  * even the only way to transport metadata about the desired new modeset
41  * configuration from userspace to the kernel. Properties have a well-defined
42  * value range, which is enforced by the drm core. See the documentation of the
43  * flags member of &struct drm_property for an overview of the different
44  * property types and ranges.
45  *
46  * Properties don't store the current value directly, but need to be
47  * instantiated by attaching them to a &drm_mode_object with
48  * drm_object_attach_property().
49  *
50  * Property values are only 64bit. To support bigger piles of data (like gamma
51  * tables, color correction matrices or large structures) a property can instead
52  * point at a &drm_property_blob with that additional data.
53  *
54  * Properties are defined by their symbolic name, userspace must keep a
55  * per-object mapping from those names to the property ID used in the atomic
56  * IOCTL and in the get/set property IOCTL.
57  */
58 
drm_property_flags_valid(u32 flags)59 static bool drm_property_flags_valid(u32 flags)
60 {
61 	u32 legacy_type = flags & DRM_MODE_PROP_LEGACY_TYPE;
62 	u32 ext_type = flags & DRM_MODE_PROP_EXTENDED_TYPE;
63 
64 	/* Reject undefined/deprecated flags */
65 	if (flags & ~(DRM_MODE_PROP_LEGACY_TYPE |
66 		      DRM_MODE_PROP_EXTENDED_TYPE |
67 		      DRM_MODE_PROP_IMMUTABLE |
68 		      DRM_MODE_PROP_ATOMIC))
69 		return false;
70 
71 	/* We want either a legacy type or an extended type, but not both */
72 	if (!legacy_type == !ext_type)
73 		return false;
74 
75 	/* Only one legacy type at a time please */
76 	if (legacy_type && !is_power_of_2(legacy_type))
77 		return false;
78 
79 	return true;
80 }
81 
82 /**
83  * drm_property_create - create a new property type
84  * @dev: drm device
85  * @flags: flags specifying the property type
86  * @name: name of the property
87  * @num_values: number of pre-defined values
88  *
89  * This creates a new generic drm property which can then be attached to a drm
90  * object with drm_object_attach_property(). The returned property object must
91  * be freed with drm_property_destroy(), which is done automatically when
92  * calling drm_mode_config_cleanup().
93  *
94  * Returns:
95  * A pointer to the newly created property on success, NULL on failure.
96  */
drm_property_create(struct drm_device * dev,u32 flags,const char * name,int num_values)97 struct drm_property *drm_property_create(struct drm_device *dev,
98 					 u32 flags, const char *name,
99 					 int num_values)
100 {
101 	struct drm_property *property = NULL;
102 	int ret;
103 
104 	if (WARN_ON(!drm_property_flags_valid(flags)))
105 		return NULL;
106 
107 	if (WARN_ON(strlen(name) >= DRM_PROP_NAME_LEN))
108 		return NULL;
109 
110 	property = kzalloc(sizeof(struct drm_property), GFP_KERNEL);
111 	if (!property)
112 		return NULL;
113 
114 	property->dev = dev;
115 
116 	if (num_values) {
117 		property->values = kcalloc(num_values, sizeof(uint64_t),
118 					   GFP_KERNEL);
119 		if (!property->values)
120 			goto fail;
121 	}
122 
123 	ret = drm_mode_object_add(dev, &property->base, DRM_MODE_OBJECT_PROPERTY);
124 	if (ret)
125 		goto fail;
126 
127 	property->flags = flags;
128 	property->num_values = num_values;
129 	INIT_LIST_HEAD(&property->enum_list);
130 
131 	strscpy_pad(property->name, name, DRM_PROP_NAME_LEN);
132 
133 	list_add_tail(&property->head, &dev->mode_config.property_list);
134 
135 	return property;
136 fail:
137 	kfree(property->values);
138 	kfree(property);
139 	return NULL;
140 }
141 EXPORT_SYMBOL(drm_property_create);
142 
143 /**
144  * drm_property_create_enum - create a new enumeration property type
145  * @dev: drm device
146  * @flags: flags specifying the property type
147  * @name: name of the property
148  * @props: enumeration lists with property values
149  * @num_values: number of pre-defined values
150  *
151  * This creates a new generic drm property which can then be attached to a drm
152  * object with drm_object_attach_property(). The returned property object must
153  * be freed with drm_property_destroy(), which is done automatically when
154  * calling drm_mode_config_cleanup().
155  *
156  * Userspace is only allowed to set one of the predefined values for enumeration
157  * properties.
158  *
159  * Returns:
160  * A pointer to the newly created property on success, NULL on failure.
161  */
drm_property_create_enum(struct drm_device * dev,u32 flags,const char * name,const struct drm_prop_enum_list * props,int num_values)162 struct drm_property *drm_property_create_enum(struct drm_device *dev,
163 					      u32 flags, const char *name,
164 					      const struct drm_prop_enum_list *props,
165 					      int num_values)
166 {
167 	struct drm_property *property;
168 	int i, ret;
169 
170 	flags |= DRM_MODE_PROP_ENUM;
171 
172 	property = drm_property_create(dev, flags, name, num_values);
173 	if (!property)
174 		return NULL;
175 
176 	for (i = 0; i < num_values; i++) {
177 		ret = drm_property_add_enum(property,
178 					    props[i].type,
179 					    props[i].name);
180 		if (ret) {
181 			drm_property_destroy(dev, property);
182 			return NULL;
183 		}
184 	}
185 
186 	return property;
187 }
188 EXPORT_SYMBOL(drm_property_create_enum);
189 
190 /**
191  * drm_property_create_bitmask - create a new bitmask property type
192  * @dev: drm device
193  * @flags: flags specifying the property type
194  * @name: name of the property
195  * @props: enumeration lists with property bitflags
196  * @num_props: size of the @props array
197  * @supported_bits: bitmask of all supported enumeration values
198  *
199  * This creates a new bitmask drm property which can then be attached to a drm
200  * object with drm_object_attach_property(). The returned property object must
201  * be freed with drm_property_destroy(), which is done automatically when
202  * calling drm_mode_config_cleanup().
203  *
204  * Compared to plain enumeration properties userspace is allowed to set any
205  * or'ed together combination of the predefined property bitflag values
206  *
207  * Returns:
208  * A pointer to the newly created property on success, NULL on failure.
209  */
drm_property_create_bitmask(struct drm_device * dev,u32 flags,const char * name,const struct drm_prop_enum_list * props,int num_props,uint64_t supported_bits)210 struct drm_property *drm_property_create_bitmask(struct drm_device *dev,
211 						 u32 flags, const char *name,
212 						 const struct drm_prop_enum_list *props,
213 						 int num_props,
214 						 uint64_t supported_bits)
215 {
216 	struct drm_property *property;
217 	int i, ret;
218 	int num_values = hweight64(supported_bits);
219 
220 	flags |= DRM_MODE_PROP_BITMASK;
221 
222 	property = drm_property_create(dev, flags, name, num_values);
223 	if (!property)
224 		return NULL;
225 	for (i = 0; i < num_props; i++) {
226 		if (!(supported_bits & (1ULL << props[i].type)))
227 			continue;
228 
229 		ret = drm_property_add_enum(property,
230 					    props[i].type,
231 					    props[i].name);
232 		if (ret) {
233 			drm_property_destroy(dev, property);
234 			return NULL;
235 		}
236 	}
237 
238 	return property;
239 }
240 EXPORT_SYMBOL(drm_property_create_bitmask);
241 
property_create_range(struct drm_device * dev,u32 flags,const char * name,uint64_t min,uint64_t max)242 static struct drm_property *property_create_range(struct drm_device *dev,
243 						  u32 flags, const char *name,
244 						  uint64_t min, uint64_t max)
245 {
246 	struct drm_property *property;
247 
248 	property = drm_property_create(dev, flags, name, 2);
249 	if (!property)
250 		return NULL;
251 
252 	property->values[0] = min;
253 	property->values[1] = max;
254 
255 	return property;
256 }
257 
258 /**
259  * drm_property_create_range - create a new unsigned ranged property type
260  * @dev: drm device
261  * @flags: flags specifying the property type
262  * @name: name of the property
263  * @min: minimum value of the property
264  * @max: maximum value of the property
265  *
266  * This creates a new generic drm property which can then be attached to a drm
267  * object with drm_object_attach_property(). The returned property object must
268  * be freed with drm_property_destroy(), which is done automatically when
269  * calling drm_mode_config_cleanup().
270  *
271  * Userspace is allowed to set any unsigned integer value in the (min, max)
272  * range inclusive.
273  *
274  * Returns:
275  * A pointer to the newly created property on success, NULL on failure.
276  */
drm_property_create_range(struct drm_device * dev,u32 flags,const char * name,uint64_t min,uint64_t max)277 struct drm_property *drm_property_create_range(struct drm_device *dev,
278 					       u32 flags, const char *name,
279 					       uint64_t min, uint64_t max)
280 {
281 	return property_create_range(dev, DRM_MODE_PROP_RANGE | flags,
282 			name, min, max);
283 }
284 EXPORT_SYMBOL(drm_property_create_range);
285 
286 /**
287  * drm_property_create_signed_range - create a new signed ranged property type
288  * @dev: drm device
289  * @flags: flags specifying the property type
290  * @name: name of the property
291  * @min: minimum value of the property
292  * @max: maximum value of the property
293  *
294  * This creates a new generic drm property which can then be attached to a drm
295  * object with drm_object_attach_property(). The returned property object must
296  * be freed with drm_property_destroy(), which is done automatically when
297  * calling drm_mode_config_cleanup().
298  *
299  * Userspace is allowed to set any signed integer value in the (min, max)
300  * range inclusive.
301  *
302  * Returns:
303  * A pointer to the newly created property on success, NULL on failure.
304  */
drm_property_create_signed_range(struct drm_device * dev,u32 flags,const char * name,int64_t min,int64_t max)305 struct drm_property *drm_property_create_signed_range(struct drm_device *dev,
306 						      u32 flags, const char *name,
307 						      int64_t min, int64_t max)
308 {
309 	return property_create_range(dev, DRM_MODE_PROP_SIGNED_RANGE | flags,
310 			name, I642U64(min), I642U64(max));
311 }
312 EXPORT_SYMBOL(drm_property_create_signed_range);
313 
314 /**
315  * drm_property_create_object - create a new object property type
316  * @dev: drm device
317  * @flags: flags specifying the property type
318  * @name: name of the property
319  * @type: object type from DRM_MODE_OBJECT_* defines
320  *
321  * This creates a new generic drm property which can then be attached to a drm
322  * object with drm_object_attach_property(). The returned property object must
323  * be freed with drm_property_destroy(), which is done automatically when
324  * calling drm_mode_config_cleanup().
325  *
326  * Userspace is only allowed to set this to any property value of the given
327  * @type. Only useful for atomic properties, which is enforced.
328  *
329  * Returns:
330  * A pointer to the newly created property on success, NULL on failure.
331  */
drm_property_create_object(struct drm_device * dev,u32 flags,const char * name,uint32_t type)332 struct drm_property *drm_property_create_object(struct drm_device *dev,
333 						u32 flags, const char *name,
334 						uint32_t type)
335 {
336 	struct drm_property *property;
337 
338 	flags |= DRM_MODE_PROP_OBJECT;
339 
340 	if (WARN_ON(!(flags & DRM_MODE_PROP_ATOMIC)))
341 		return NULL;
342 
343 	property = drm_property_create(dev, flags, name, 1);
344 	if (!property)
345 		return NULL;
346 
347 	property->values[0] = type;
348 
349 	return property;
350 }
351 EXPORT_SYMBOL(drm_property_create_object);
352 
353 /**
354  * drm_property_create_bool - create a new boolean property type
355  * @dev: drm device
356  * @flags: flags specifying the property type
357  * @name: name of the property
358  *
359  * This creates a new generic drm property which can then be attached to a drm
360  * object with drm_object_attach_property(). The returned property object must
361  * be freed with drm_property_destroy(), which is done automatically when
362  * calling drm_mode_config_cleanup().
363  *
364  * This is implemented as a ranged property with only {0, 1} as valid values.
365  *
366  * Returns:
367  * A pointer to the newly created property on success, NULL on failure.
368  */
drm_property_create_bool(struct drm_device * dev,u32 flags,const char * name)369 struct drm_property *drm_property_create_bool(struct drm_device *dev,
370 					      u32 flags, const char *name)
371 {
372 	return drm_property_create_range(dev, flags, name, 0, 1);
373 }
374 EXPORT_SYMBOL(drm_property_create_bool);
375 
376 /**
377  * drm_property_add_enum - add a possible value to an enumeration property
378  * @property: enumeration property to change
379  * @value: value of the new enumeration
380  * @name: symbolic name of the new enumeration
381  *
382  * This functions adds enumerations to a property.
383  *
384  * It's use is deprecated, drivers should use one of the more specific helpers
385  * to directly create the property with all enumerations already attached.
386  *
387  * Returns:
388  * Zero on success, error code on failure.
389  */
drm_property_add_enum(struct drm_property * property,uint64_t value,const char * name)390 int drm_property_add_enum(struct drm_property *property,
391 			  uint64_t value, const char *name)
392 {
393 	struct drm_property_enum *prop_enum;
394 	int index = 0;
395 
396 	if (WARN_ON(strlen(name) >= DRM_PROP_NAME_LEN))
397 		return -EINVAL;
398 
399 	if (WARN_ON(!drm_property_type_is(property, DRM_MODE_PROP_ENUM) &&
400 		    !drm_property_type_is(property, DRM_MODE_PROP_BITMASK)))
401 		return -EINVAL;
402 
403 	/*
404 	 * Bitmask enum properties have the additional constraint of values
405 	 * from 0 to 63
406 	 */
407 	if (WARN_ON(drm_property_type_is(property, DRM_MODE_PROP_BITMASK) &&
408 		    value > 63))
409 		return -EINVAL;
410 
411 	list_for_each_entry(prop_enum, &property->enum_list, head) {
412 		if (WARN_ON(prop_enum->value == value))
413 			return -EINVAL;
414 		index++;
415 	}
416 
417 	if (WARN_ON(index >= property->num_values))
418 		return -EINVAL;
419 
420 	prop_enum = kzalloc(sizeof(struct drm_property_enum), GFP_KERNEL);
421 	if (!prop_enum)
422 		return -ENOMEM;
423 
424 	strscpy_pad(prop_enum->name, name, DRM_PROP_NAME_LEN);
425 	prop_enum->value = value;
426 
427 	property->values[index] = value;
428 	list_add_tail(&prop_enum->head, &property->enum_list);
429 	return 0;
430 }
431 EXPORT_SYMBOL(drm_property_add_enum);
432 
433 /**
434  * drm_property_destroy - destroy a drm property
435  * @dev: drm device
436  * @property: property to destroy
437  *
438  * This function frees a property including any attached resources like
439  * enumeration values.
440  */
drm_property_destroy(struct drm_device * dev,struct drm_property * property)441 void drm_property_destroy(struct drm_device *dev, struct drm_property *property)
442 {
443 	struct drm_property_enum *prop_enum, *pt;
444 
445 	list_for_each_entry_safe(prop_enum, pt, &property->enum_list, head) {
446 		list_del(&prop_enum->head);
447 		kfree(prop_enum);
448 	}
449 
450 	if (property->num_values)
451 		kfree(property->values);
452 	drm_mode_object_unregister(dev, &property->base);
453 	list_del(&property->head);
454 	kfree(property);
455 }
456 EXPORT_SYMBOL(drm_property_destroy);
457 
drm_mode_getproperty_ioctl(struct drm_device * dev,void * data,struct drm_file * file_priv)458 int drm_mode_getproperty_ioctl(struct drm_device *dev,
459 			       void *data, struct drm_file *file_priv)
460 {
461 	struct drm_mode_get_property *out_resp = data;
462 	struct drm_property *property;
463 	int enum_count = 0;
464 	int value_count = 0;
465 	int i, copied;
466 	struct drm_property_enum *prop_enum;
467 	struct drm_mode_property_enum __user *enum_ptr;
468 	uint64_t __user *values_ptr;
469 
470 	if (!drm_core_check_feature(dev, DRIVER_MODESET))
471 		return -EOPNOTSUPP;
472 
473 	property = drm_property_find(dev, file_priv, out_resp->prop_id);
474 	if (!property)
475 		return -ENOENT;
476 
477 	strscpy_pad(out_resp->name, property->name, DRM_PROP_NAME_LEN);
478 	out_resp->flags = property->flags;
479 
480 	value_count = property->num_values;
481 	values_ptr = u64_to_user_ptr(out_resp->values_ptr);
482 
483 	for (i = 0; i < value_count; i++) {
484 		if (i < out_resp->count_values &&
485 		    put_user(property->values[i], values_ptr + i)) {
486 			return -EFAULT;
487 		}
488 	}
489 	out_resp->count_values = value_count;
490 
491 	copied = 0;
492 	enum_ptr = u64_to_user_ptr(out_resp->enum_blob_ptr);
493 
494 	if (drm_property_type_is(property, DRM_MODE_PROP_ENUM) ||
495 	    drm_property_type_is(property, DRM_MODE_PROP_BITMASK)) {
496 		list_for_each_entry(prop_enum, &property->enum_list, head) {
497 			enum_count++;
498 			if (out_resp->count_enum_blobs < enum_count)
499 				continue;
500 
501 			if (copy_to_user(&enum_ptr[copied].value,
502 					 &prop_enum->value, sizeof(uint64_t)))
503 				return -EFAULT;
504 
505 			if (copy_to_user(&enum_ptr[copied].name,
506 					 &prop_enum->name, DRM_PROP_NAME_LEN))
507 				return -EFAULT;
508 			copied++;
509 		}
510 		out_resp->count_enum_blobs = enum_count;
511 	}
512 
513 	/*
514 	 * NOTE: The idea seems to have been to use this to read all the blob
515 	 * property values. But nothing ever added them to the corresponding
516 	 * list, userspace always used the special-purpose get_blob ioctl to
517 	 * read the value for a blob property. It also doesn't make a lot of
518 	 * sense to return values here when everything else is just metadata for
519 	 * the property itself.
520 	 */
521 	if (drm_property_type_is(property, DRM_MODE_PROP_BLOB))
522 		out_resp->count_enum_blobs = 0;
523 
524 	return 0;
525 }
526 
drm_property_free_blob(struct kref * kref)527 static void drm_property_free_blob(struct kref *kref)
528 {
529 	struct drm_property_blob *blob =
530 		container_of(kref, struct drm_property_blob, base.refcount);
531 
532 	mutex_lock(&blob->dev->mode_config.blob_lock);
533 	list_del(&blob->head_global);
534 	mutex_unlock(&blob->dev->mode_config.blob_lock);
535 
536 	drm_mode_object_unregister(blob->dev, &blob->base);
537 
538 	kvfree(blob);
539 }
540 
541 /**
542  * drm_property_create_blob - Create new blob property
543  * @dev: DRM device to create property for
544  * @length: Length to allocate for blob data
545  * @data: If specified, copies data into blob
546  *
547  * Creates a new blob property for a specified DRM device, optionally
548  * copying data. Note that blob properties are meant to be invariant, hence the
549  * data must be filled out before the blob is used as the value of any property.
550  *
551  * Returns:
552  * New blob property with a single reference on success, or an ERR_PTR
553  * value on failure.
554  */
555 struct drm_property_blob *
drm_property_create_blob(struct drm_device * dev,size_t length,const void * data)556 drm_property_create_blob(struct drm_device *dev, size_t length,
557 			 const void *data)
558 {
559 	struct drm_property_blob *blob;
560 	int ret;
561 
562 	if (!length || length > INT_MAX - sizeof(struct drm_property_blob))
563 		return ERR_PTR(-EINVAL);
564 
565 	blob = kvzalloc(sizeof(struct drm_property_blob)+length, GFP_KERNEL);
566 	if (!blob)
567 		return ERR_PTR(-ENOMEM);
568 
569 	/* This must be explicitly initialised, so we can safely call list_del
570 	 * on it in the removal handler, even if it isn't in a file list. */
571 	INIT_LIST_HEAD(&blob->head_file);
572 	blob->data = (void *)blob + sizeof(*blob);
573 	blob->length = length;
574 	blob->dev = dev;
575 
576 	if (data)
577 		memcpy(blob->data, data, length);
578 
579 	ret = __drm_mode_object_add(dev, &blob->base, DRM_MODE_OBJECT_BLOB,
580 				    true, drm_property_free_blob);
581 	if (ret) {
582 		kvfree(blob);
583 		return ERR_PTR(-EINVAL);
584 	}
585 
586 	mutex_lock(&dev->mode_config.blob_lock);
587 	list_add_tail(&blob->head_global,
588 	              &dev->mode_config.property_blob_list);
589 	mutex_unlock(&dev->mode_config.blob_lock);
590 
591 	return blob;
592 }
593 EXPORT_SYMBOL(drm_property_create_blob);
594 
595 /**
596  * drm_property_blob_put - release a blob property reference
597  * @blob: DRM blob property
598  *
599  * Releases a reference to a blob property. May free the object.
600  */
drm_property_blob_put(struct drm_property_blob * blob)601 void drm_property_blob_put(struct drm_property_blob *blob)
602 {
603 	if (!blob)
604 		return;
605 
606 	drm_mode_object_put(&blob->base);
607 }
608 EXPORT_SYMBOL(drm_property_blob_put);
609 
drm_property_destroy_user_blobs(struct drm_device * dev,struct drm_file * file_priv)610 void drm_property_destroy_user_blobs(struct drm_device *dev,
611 				     struct drm_file *file_priv)
612 {
613 	struct drm_property_blob *blob, *bt;
614 
615 	/*
616 	 * When the file gets released that means no one else can access the
617 	 * blob list any more, so no need to grab dev->blob_lock.
618 	 */
619 	list_for_each_entry_safe(blob, bt, &file_priv->blobs, head_file) {
620 		list_del_init(&blob->head_file);
621 		drm_property_blob_put(blob);
622 	}
623 }
624 
625 /**
626  * drm_property_blob_get - acquire blob property reference
627  * @blob: DRM blob property
628  *
629  * Acquires a reference to an existing blob property. Returns @blob, which
630  * allows this to be used as a shorthand in assignments.
631  */
drm_property_blob_get(struct drm_property_blob * blob)632 struct drm_property_blob *drm_property_blob_get(struct drm_property_blob *blob)
633 {
634 	drm_mode_object_get(&blob->base);
635 	return blob;
636 }
637 EXPORT_SYMBOL(drm_property_blob_get);
638 
639 /**
640  * drm_property_lookup_blob - look up a blob property and take a reference
641  * @dev: drm device
642  * @id: id of the blob property
643  *
644  * If successful, this takes an additional reference to the blob property.
645  * callers need to make sure to eventually unreferenced the returned property
646  * again, using drm_property_blob_put().
647  *
648  * Return:
649  * NULL on failure, pointer to the blob on success.
650  */
drm_property_lookup_blob(struct drm_device * dev,uint32_t id)651 struct drm_property_blob *drm_property_lookup_blob(struct drm_device *dev,
652 					           uint32_t id)
653 {
654 	struct drm_mode_object *obj;
655 	struct drm_property_blob *blob = NULL;
656 
657 	obj = __drm_mode_object_find(dev, NULL, id, DRM_MODE_OBJECT_BLOB);
658 	if (obj)
659 		blob = obj_to_blob(obj);
660 	return blob;
661 }
662 EXPORT_SYMBOL(drm_property_lookup_blob);
663 
664 /**
665  * drm_property_replace_global_blob - replace existing blob property
666  * @dev: drm device
667  * @replace: location of blob property pointer to be replaced
668  * @length: length of data for new blob, or 0 for no data
669  * @data: content for new blob, or NULL for no data
670  * @obj_holds_id: optional object for property holding blob ID
671  * @prop_holds_id: optional property holding blob ID
672  * @return 0 on success or error on failure
673  *
674  * This function will replace a global property in the blob list, optionally
675  * updating a property which holds the ID of that property.
676  *
677  * If length is 0 or data is NULL, no new blob will be created, and the holding
678  * property, if specified, will be set to 0.
679  *
680  * Access to the replace pointer is assumed to be protected by the caller, e.g.
681  * by holding the relevant modesetting object lock for its parent.
682  *
683  * For example, a drm_connector has a 'PATH' property, which contains the ID
684  * of a blob property with the value of the MST path information. Calling this
685  * function with replace pointing to the connector's path_blob_ptr, length and
686  * data set for the new path information, obj_holds_id set to the connector's
687  * base object, and prop_holds_id set to the path property name, will perform
688  * a completely atomic update. The access to path_blob_ptr is protected by the
689  * caller holding a lock on the connector.
690  */
drm_property_replace_global_blob(struct drm_device * dev,struct drm_property_blob ** replace,size_t length,const void * data,struct drm_mode_object * obj_holds_id,struct drm_property * prop_holds_id)691 int drm_property_replace_global_blob(struct drm_device *dev,
692 				     struct drm_property_blob **replace,
693 				     size_t length,
694 				     const void *data,
695 				     struct drm_mode_object *obj_holds_id,
696 				     struct drm_property *prop_holds_id)
697 {
698 	struct drm_property_blob *new_blob = NULL;
699 	struct drm_property_blob *old_blob = NULL;
700 	int ret;
701 
702 	WARN_ON(replace == NULL);
703 
704 	old_blob = *replace;
705 
706 	if (length && data) {
707 		new_blob = drm_property_create_blob(dev, length, data);
708 		if (IS_ERR(new_blob))
709 			return PTR_ERR(new_blob);
710 	}
711 
712 	if (obj_holds_id) {
713 		ret = drm_object_property_set_value(obj_holds_id,
714 						    prop_holds_id,
715 						    new_blob ?
716 						        new_blob->base.id : 0);
717 		if (ret != 0)
718 			goto err_created;
719 	}
720 
721 	drm_property_blob_put(old_blob);
722 	*replace = new_blob;
723 
724 	return 0;
725 
726 err_created:
727 	drm_property_blob_put(new_blob);
728 	return ret;
729 }
730 EXPORT_SYMBOL(drm_property_replace_global_blob);
731 
732 /**
733  * drm_property_replace_blob - replace a blob property
734  * @blob: a pointer to the member blob to be replaced
735  * @new_blob: the new blob to replace with
736  *
737  * Return: true if the blob was in fact replaced.
738  */
drm_property_replace_blob(struct drm_property_blob ** blob,struct drm_property_blob * new_blob)739 bool drm_property_replace_blob(struct drm_property_blob **blob,
740 			       struct drm_property_blob *new_blob)
741 {
742 	struct drm_property_blob *old_blob = *blob;
743 
744 	if (old_blob == new_blob)
745 		return false;
746 
747 	drm_property_blob_put(old_blob);
748 	if (new_blob)
749 		drm_property_blob_get(new_blob);
750 	*blob = new_blob;
751 	return true;
752 }
753 EXPORT_SYMBOL(drm_property_replace_blob);
754 
755 /**
756  * drm_property_replace_blob_from_id - replace a blob property taking a reference
757  * @dev: DRM device
758  * @blob: a pointer to the member blob to be replaced
759  * @blob_id: the id of the new blob to replace with
760  * @expected_size: expected size of the blob property
761  * @expected_elem_size: expected size of an element in the blob property
762  * @replaced: if the blob was in fact replaced
763  *
764  * Look up the new blob from id, take its reference, check expected sizes of
765  * the blob and its element and replace the old blob by the new one. Advertise
766  * if the replacement operation was successful.
767  *
768  * Return: true if the blob was in fact replaced. -EINVAL if the new blob was
769  * not found or sizes don't match.
770  */
drm_property_replace_blob_from_id(struct drm_device * dev,struct drm_property_blob ** blob,uint64_t blob_id,ssize_t expected_size,ssize_t expected_elem_size,bool * replaced)771 int drm_property_replace_blob_from_id(struct drm_device *dev,
772 					 struct drm_property_blob **blob,
773 					 uint64_t blob_id,
774 					 ssize_t expected_size,
775 					 ssize_t expected_elem_size,
776 					 bool *replaced)
777 {
778 	struct drm_property_blob *new_blob = NULL;
779 
780 	if (blob_id != 0) {
781 		new_blob = drm_property_lookup_blob(dev, blob_id);
782 		if (new_blob == NULL) {
783 			drm_dbg_atomic(dev,
784 				       "cannot find blob ID %llu\n", blob_id);
785 			return -EINVAL;
786 		}
787 
788 		if (expected_size > 0 &&
789 		    new_blob->length != expected_size) {
790 			drm_dbg_atomic(dev,
791 				       "[BLOB:%d] length %zu different from expected %zu\n",
792 				       new_blob->base.id, new_blob->length, expected_size);
793 			drm_property_blob_put(new_blob);
794 			return -EINVAL;
795 		}
796 		if (expected_elem_size > 0 &&
797 		    new_blob->length % expected_elem_size != 0) {
798 			drm_dbg_atomic(dev,
799 				       "[BLOB:%d] length %zu not divisible by element size %zu\n",
800 				       new_blob->base.id, new_blob->length, expected_elem_size);
801 			drm_property_blob_put(new_blob);
802 			return -EINVAL;
803 		}
804 	}
805 
806 	*replaced |= drm_property_replace_blob(blob, new_blob);
807 	drm_property_blob_put(new_blob);
808 
809 	return 0;
810 }
811 EXPORT_SYMBOL(drm_property_replace_blob_from_id);
812 
drm_mode_getblob_ioctl(struct drm_device * dev,void * data,struct drm_file * file_priv)813 int drm_mode_getblob_ioctl(struct drm_device *dev,
814 			   void *data, struct drm_file *file_priv)
815 {
816 	struct drm_mode_get_blob *out_resp = data;
817 	struct drm_property_blob *blob;
818 	int ret = 0;
819 
820 	if (!drm_core_check_feature(dev, DRIVER_MODESET))
821 		return -EOPNOTSUPP;
822 
823 	blob = drm_property_lookup_blob(dev, out_resp->blob_id);
824 	if (!blob)
825 		return -ENOENT;
826 
827 	if (out_resp->length == blob->length) {
828 		if (copy_to_user(u64_to_user_ptr(out_resp->data),
829 				 blob->data,
830 				 blob->length)) {
831 			ret = -EFAULT;
832 			goto unref;
833 		}
834 	}
835 	out_resp->length = blob->length;
836 unref:
837 	drm_property_blob_put(blob);
838 
839 	return ret;
840 }
841 
drm_mode_createblob_ioctl(struct drm_device * dev,void * data,struct drm_file * file_priv)842 int drm_mode_createblob_ioctl(struct drm_device *dev,
843 			      void *data, struct drm_file *file_priv)
844 {
845 	struct drm_mode_create_blob *out_resp = data;
846 	struct drm_property_blob *blob;
847 	int ret = 0;
848 
849 	if (!drm_core_check_feature(dev, DRIVER_MODESET))
850 		return -EOPNOTSUPP;
851 
852 	blob = drm_property_create_blob(dev, out_resp->length, NULL);
853 	if (IS_ERR(blob))
854 		return PTR_ERR(blob);
855 
856 	if (copy_from_user(blob->data,
857 			   u64_to_user_ptr(out_resp->data),
858 			   out_resp->length)) {
859 		ret = -EFAULT;
860 		goto out_blob;
861 	}
862 
863 	/* Dropping the lock between create_blob and our access here is safe
864 	 * as only the same file_priv can remove the blob; at this point, it is
865 	 * not associated with any file_priv. */
866 	mutex_lock(&dev->mode_config.blob_lock);
867 	out_resp->blob_id = blob->base.id;
868 	list_add_tail(&blob->head_file, &file_priv->blobs);
869 	mutex_unlock(&dev->mode_config.blob_lock);
870 
871 	return 0;
872 
873 out_blob:
874 	drm_property_blob_put(blob);
875 	return ret;
876 }
877 
drm_mode_destroyblob_ioctl(struct drm_device * dev,void * data,struct drm_file * file_priv)878 int drm_mode_destroyblob_ioctl(struct drm_device *dev,
879 			       void *data, struct drm_file *file_priv)
880 {
881 	struct drm_mode_destroy_blob *out_resp = data;
882 	struct drm_property_blob *blob = NULL, *bt;
883 	bool found = false;
884 	int ret = 0;
885 
886 	if (!drm_core_check_feature(dev, DRIVER_MODESET))
887 		return -EOPNOTSUPP;
888 
889 	blob = drm_property_lookup_blob(dev, out_resp->blob_id);
890 	if (!blob)
891 		return -ENOENT;
892 
893 	mutex_lock(&dev->mode_config.blob_lock);
894 	/* Ensure the property was actually created by this user. */
895 	list_for_each_entry(bt, &file_priv->blobs, head_file) {
896 		if (bt == blob) {
897 			found = true;
898 			break;
899 		}
900 	}
901 
902 	if (!found) {
903 		ret = -EPERM;
904 		goto err;
905 	}
906 
907 	/* We must drop head_file here, because we may not be the last
908 	 * reference on the blob. */
909 	list_del_init(&blob->head_file);
910 	mutex_unlock(&dev->mode_config.blob_lock);
911 
912 	/* One reference from lookup, and one from the filp. */
913 	drm_property_blob_put(blob);
914 	drm_property_blob_put(blob);
915 
916 	return 0;
917 
918 err:
919 	mutex_unlock(&dev->mode_config.blob_lock);
920 	drm_property_blob_put(blob);
921 
922 	return ret;
923 }
924 
925 /* Some properties could refer to dynamic refcnt'd objects, or things that
926  * need special locking to handle lifetime issues (ie. to ensure the prop
927  * value doesn't become invalid part way through the property update due to
928  * race).  The value returned by reference via 'obj' should be passed back
929  * to drm_property_change_valid_put() after the property is set (and the
930  * object to which the property is attached has a chance to take its own
931  * reference).
932  */
drm_property_change_valid_get(struct drm_property * property,uint64_t value,struct drm_mode_object ** ref)933 bool drm_property_change_valid_get(struct drm_property *property,
934 				   uint64_t value, struct drm_mode_object **ref)
935 {
936 	int i;
937 
938 	if (property->flags & DRM_MODE_PROP_IMMUTABLE)
939 		return false;
940 
941 	*ref = NULL;
942 
943 	if (drm_property_type_is(property, DRM_MODE_PROP_RANGE)) {
944 		if (value < property->values[0] || value > property->values[1])
945 			return false;
946 		return true;
947 	} else if (drm_property_type_is(property, DRM_MODE_PROP_SIGNED_RANGE)) {
948 		int64_t svalue = U642I64(value);
949 
950 		if (svalue < U642I64(property->values[0]) ||
951 				svalue > U642I64(property->values[1]))
952 			return false;
953 		return true;
954 	} else if (drm_property_type_is(property, DRM_MODE_PROP_BITMASK)) {
955 		uint64_t valid_mask = 0;
956 
957 		for (i = 0; i < property->num_values; i++)
958 			valid_mask |= (1ULL << property->values[i]);
959 		return !(value & ~valid_mask);
960 	} else if (drm_property_type_is(property, DRM_MODE_PROP_BLOB)) {
961 		struct drm_property_blob *blob;
962 
963 		if (value == 0)
964 			return true;
965 
966 		blob = drm_property_lookup_blob(property->dev, value);
967 		if (blob) {
968 			*ref = &blob->base;
969 			return true;
970 		} else {
971 			return false;
972 		}
973 	} else if (drm_property_type_is(property, DRM_MODE_PROP_OBJECT)) {
974 		/* a zero value for an object property translates to null: */
975 		if (value == 0)
976 			return true;
977 
978 		*ref = __drm_mode_object_find(property->dev, NULL, value,
979 					      property->values[0]);
980 		return *ref != NULL;
981 	}
982 
983 	for (i = 0; i < property->num_values; i++)
984 		if (property->values[i] == value)
985 			return true;
986 	return false;
987 }
988 
drm_property_change_valid_put(struct drm_property * property,struct drm_mode_object * ref)989 void drm_property_change_valid_put(struct drm_property *property,
990 		struct drm_mode_object *ref)
991 {
992 	if (!ref)
993 		return;
994 
995 	if (drm_property_type_is(property, DRM_MODE_PROP_OBJECT)) {
996 		drm_mode_object_put(ref);
997 	} else if (drm_property_type_is(property, DRM_MODE_PROP_BLOB))
998 		drm_property_blob_put(obj_to_blob(ref));
999 }
1000