forked from Minki/linux
switch compat_drm_mapbufs() to drm_ioctl_kernel()
Another horror like addbufs; this one is even uglier. With that done, drm_ioc32.c should be sane. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This commit is contained in:
parent
6113252dd0
commit
87d3ce1169
@ -1443,15 +1443,15 @@ int drm_legacy_freebufs(struct drm_device *dev, void *data,
|
||||
* offset equal to 0, which drm_mmap() interpretes as PCI buffers and calls
|
||||
* drm_mmap_dma().
|
||||
*/
|
||||
int drm_legacy_mapbufs(struct drm_device *dev, void *data,
|
||||
struct drm_file *file_priv)
|
||||
int __drm_legacy_mapbufs(struct drm_device *dev, void *data, int *p,
|
||||
void __user **v,
|
||||
int (*f)(void *, int, unsigned long,
|
||||
struct drm_buf *),
|
||||
struct drm_file *file_priv)
|
||||
{
|
||||
struct drm_device_dma *dma = dev->dma;
|
||||
int retcode = 0;
|
||||
const int zero = 0;
|
||||
unsigned long virtual;
|
||||
unsigned long address;
|
||||
struct drm_buf_map *request = data;
|
||||
int i;
|
||||
|
||||
if (!drm_core_check_feature(dev, DRIVER_LEGACY))
|
||||
@ -1471,7 +1471,7 @@ int drm_legacy_mapbufs(struct drm_device *dev, void *data,
|
||||
dev->buf_use++; /* Can't allocate more after this call */
|
||||
spin_unlock(&dev->buf_lock);
|
||||
|
||||
if (request->count >= dma->buf_count) {
|
||||
if (*p >= dma->buf_count) {
|
||||
if ((dev->agp && (dma->flags & _DRM_DMA_USE_AGP))
|
||||
|| (drm_core_check_feature(dev, DRIVER_SG)
|
||||
&& (dma->flags & _DRM_DMA_USE_SG))) {
|
||||
@ -1496,41 +1496,51 @@ int drm_legacy_mapbufs(struct drm_device *dev, void *data,
|
||||
retcode = (signed long)virtual;
|
||||
goto done;
|
||||
}
|
||||
request->virtual = (void __user *)virtual;
|
||||
*v = (void __user *)virtual;
|
||||
|
||||
for (i = 0; i < dma->buf_count; i++) {
|
||||
if (copy_to_user(&request->list[i].idx,
|
||||
&dma->buflist[i]->idx,
|
||||
sizeof(request->list[0].idx))) {
|
||||
retcode = -EFAULT;
|
||||
goto done;
|
||||
}
|
||||
if (copy_to_user(&request->list[i].total,
|
||||
&dma->buflist[i]->total,
|
||||
sizeof(request->list[0].total))) {
|
||||
retcode = -EFAULT;
|
||||
goto done;
|
||||
}
|
||||
if (copy_to_user(&request->list[i].used,
|
||||
&zero, sizeof(zero))) {
|
||||
retcode = -EFAULT;
|
||||
goto done;
|
||||
}
|
||||
address = virtual + dma->buflist[i]->offset; /* *** */
|
||||
if (copy_to_user(&request->list[i].address,
|
||||
&address, sizeof(address))) {
|
||||
if (f(data, i, virtual, dma->buflist[i]) < 0) {
|
||||
retcode = -EFAULT;
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
}
|
||||
done:
|
||||
request->count = dma->buf_count;
|
||||
DRM_DEBUG("%d buffers, retcode = %d\n", request->count, retcode);
|
||||
*p = dma->buf_count;
|
||||
DRM_DEBUG("%d buffers, retcode = %d\n", *p, retcode);
|
||||
|
||||
return retcode;
|
||||
}
|
||||
|
||||
static int map_one_buf(void *data, int idx, unsigned long virtual,
|
||||
struct drm_buf *buf)
|
||||
{
|
||||
struct drm_buf_map *request = data;
|
||||
unsigned long address = virtual + buf->offset; /* *** */
|
||||
|
||||
if (copy_to_user(&request->list[idx].idx, &buf->idx,
|
||||
sizeof(request->list[0].idx)))
|
||||
return -EFAULT;
|
||||
if (copy_to_user(&request->list[idx].total, &buf->total,
|
||||
sizeof(request->list[0].total)))
|
||||
return -EFAULT;
|
||||
if (clear_user(&request->list[idx].used, sizeof(int)))
|
||||
return -EFAULT;
|
||||
if (copy_to_user(&request->list[idx].address, &address,
|
||||
sizeof(address)))
|
||||
return -EFAULT;
|
||||
return 0;
|
||||
}
|
||||
|
||||
int drm_legacy_mapbufs(struct drm_device *dev, void *data,
|
||||
struct drm_file *file_priv)
|
||||
{
|
||||
struct drm_buf_map *request = data;
|
||||
return __drm_legacy_mapbufs(dev, data, &request->count,
|
||||
&request->virtual, map_one_buf,
|
||||
file_priv);
|
||||
}
|
||||
|
||||
int drm_legacy_dma_ioctl(struct drm_device *dev, void *data,
|
||||
struct drm_file *file_priv)
|
||||
{
|
||||
|
@ -415,54 +415,52 @@ typedef struct drm_buf_map32 {
|
||||
u32 list; /**< Buffer information */
|
||||
} drm_buf_map32_t;
|
||||
|
||||
static int map_one_buf32(void *data, int idx, unsigned long virtual,
|
||||
struct drm_buf *buf)
|
||||
{
|
||||
drm_buf_map32_t *request = data;
|
||||
drm_buf_pub32_t __user *to = compat_ptr(request->list) + idx;
|
||||
drm_buf_pub32_t v;
|
||||
|
||||
v.idx = buf->idx;
|
||||
v.total = buf->total;
|
||||
v.used = 0;
|
||||
v.address = virtual + buf->offset;
|
||||
if (copy_to_user(to, &v, sizeof(v)))
|
||||
return -EFAULT;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int drm_legacy_mapbufs32(struct drm_device *dev, void *data,
|
||||
struct drm_file *file_priv)
|
||||
{
|
||||
drm_buf_map32_t *request = data;
|
||||
void __user *v;
|
||||
int err = __drm_legacy_mapbufs(dev, data, &request->count,
|
||||
&v, map_one_buf32,
|
||||
file_priv);
|
||||
request->virtual = ptr_to_compat(v);
|
||||
return err;
|
||||
}
|
||||
|
||||
static int compat_drm_mapbufs(struct file *file, unsigned int cmd,
|
||||
unsigned long arg)
|
||||
{
|
||||
drm_buf_map32_t __user *argp = (void __user *)arg;
|
||||
drm_buf_map32_t req32;
|
||||
drm_buf_pub32_t __user *list32;
|
||||
struct drm_buf_map __user *request;
|
||||
struct drm_buf_pub __user *list;
|
||||
int i, err;
|
||||
int count, actual;
|
||||
size_t nbytes;
|
||||
void __user *addr;
|
||||
int err;
|
||||
|
||||
if (copy_from_user(&req32, argp, sizeof(req32)))
|
||||
return -EFAULT;
|
||||
count = req32.count;
|
||||
list32 = (void __user *)(unsigned long)req32.list;
|
||||
|
||||
if (count < 0)
|
||||
if (req32.count < 0)
|
||||
return -EINVAL;
|
||||
nbytes = sizeof(*request) + count * sizeof(struct drm_buf_pub);
|
||||
request = compat_alloc_user_space(nbytes);
|
||||
if (!request)
|
||||
return -EFAULT;
|
||||
list = (struct drm_buf_pub *) (request + 1);
|
||||
|
||||
if (__put_user(count, &request->count)
|
||||
|| __put_user(list, &request->list))
|
||||
return -EFAULT;
|
||||
|
||||
err = drm_ioctl(file, DRM_IOCTL_MAP_BUFS, (unsigned long)request);
|
||||
err = drm_ioctl_kernel(file, drm_legacy_mapbufs32, &req32, DRM_AUTH);
|
||||
if (err)
|
||||
return err;
|
||||
|
||||
if (__get_user(actual, &request->count))
|
||||
return -EFAULT;
|
||||
if (count >= actual)
|
||||
for (i = 0; i < actual; ++i)
|
||||
if (__copy_in_user(&list32[i], &list[i],
|
||||
offsetof(struct drm_buf_pub, address))
|
||||
|| __get_user(addr, &list[i].address)
|
||||
|| __put_user((unsigned long)addr,
|
||||
&list32[i].address))
|
||||
return -EFAULT;
|
||||
|
||||
if (__put_user(actual, &argp->count)
|
||||
|| __get_user(addr, &request->virtual)
|
||||
|| __put_user((unsigned long)addr, &argp->virtual))
|
||||
if (put_user(req32.count, &argp->count)
|
||||
|| put_user(req32.virtual, &argp->virtual))
|
||||
return -EFAULT;
|
||||
|
||||
return 0;
|
||||
@ -910,7 +908,7 @@ static struct {
|
||||
DRM_IOCTL32_DEF(DRM_IOCTL_ADD_BUFS, compat_drm_addbufs),
|
||||
DRM_IOCTL32_DEF(DRM_IOCTL_MARK_BUFS, compat_drm_markbufs),
|
||||
DRM_IOCTL32_DEF(DRM_IOCTL_INFO_BUFS, compat_drm_infobufs),
|
||||
[DRM_IOCTL_NR(DRM_IOCTL_MAP_BUFS32)].fn = compat_drm_mapbufs,
|
||||
DRM_IOCTL32_DEF(DRM_IOCTL_MAP_BUFS, compat_drm_mapbufs),
|
||||
DRM_IOCTL32_DEF(DRM_IOCTL_FREE_BUFS, compat_drm_freebufs),
|
||||
DRM_IOCTL32_DEF(DRM_IOCTL_RM_MAP, compat_drm_rmmap),
|
||||
DRM_IOCTL32_DEF(DRM_IOCTL_SET_SAREA_CTX, compat_drm_setsareactx),
|
||||
|
@ -76,6 +76,10 @@ int drm_legacy_dma_ioctl(struct drm_device *d, void *v, struct drm_file *f);
|
||||
|
||||
int __drm_legacy_infobufs(struct drm_device *, void *, int *,
|
||||
int (*)(void *, int, struct drm_buf_entry *));
|
||||
int __drm_legacy_mapbufs(struct drm_device *, void *, int *,
|
||||
void __user **,
|
||||
int (*)(void *, int, unsigned long, struct drm_buf *),
|
||||
struct drm_file *);
|
||||
|
||||
#ifdef CONFIG_DRM_VM
|
||||
void drm_legacy_vma_flush(struct drm_device *d);
|
||||
|
Loading…
Reference in New Issue
Block a user