static void via_cmdbuf_rewind(drm_via_private_t * dev_priv);
static int via_wait_idle(drm_via_private_t * dev_priv);
+
+/*
+ * This function needs to be extended whenever a new command set
+ * is implemented. Currently it works only for the 2D engine
+ * command, which on the Unichrome allows writing to
+ * at least the 2D engine and the mpeg engine, but not the
+ * video engine.
+ *
+ * If you update this function with new commands, please also
+ * consider implementing these commands in
+ * via_parse_pci_cmdbuffer below.
+ *
+ * Carefully review this function for security holes
+ * after an update!!!!!!!!!
+ */
+
+static int via_check_command_stream(const uint32_t *buf,
+ unsigned int size)
+{
+
+ uint32_t offset;
+ unsigned int i;
+
+ if (size & 7) {
+ DRM_ERROR("Illegal command buffer size.\n");
+ return DRM_ERR( EINVAL );
+ }
+ size >>=3;
+ for (i=0; i<size; ++i) {
+ offset = *buf;
+ buf += 2;
+ if ((offset > ((0x3FF >> 2) | VIA_2D_CMD)) &&
+ (offset < ((0xC00 >> 2) | VIA_2D_CMD)) ) {
+ DRM_ERROR("Attempt to access Burst Command / 3D Area.\n");
+ return DRM_ERR( EINVAL );
+ } else if (offset > ((0xDFF >> 2) | VIA_2D_CMD)) {
+ DRM_ERROR("Attempt to access DMA or VGA registers.\n");
+ return DRM_ERR( EINVAL );
+ }
+
+ /*
+ * ...
+ * A volunteer should complete this to allow non-root
+ * usage of accelerated 3D OpenGL.
+ */
+
+ }
+ return 0;
+}
+
+
static inline int
via_cmdbuf_wait(drm_via_private_t * dev_priv, unsigned int size)
{
{
drm_via_private_t *dev_priv = dev->dev_private;
uint32_t *vb;
+ int ret;
+
vb = via_check_dma(dev_priv, cmd->size);
if (vb == NULL) {
return DRM_ERR(EAGAIN);
if (DRM_COPY_FROM_USER(vb, cmd->buf, cmd->size)) {
return DRM_ERR(EFAULT);
}
+
+ if ((ret = via_check_command_stream( vb, cmd->size)))
+ return ret;
+
dev_priv->dma_low += cmd->size;
via_cmdbuf_pause(dev_priv);
uint32_t offset, value;
const uint32_t *regbuf = (uint32_t *) buf;
unsigned int i;
+ int ret;
- size >>= 3;
- for (i = 0; i < size; ++i) {
- offset = *regbuf;
- regbuf += 2;
- if ((offset > ((0x7FF >> 2) | VIA_2D_CMD)) &&
- (offset < ((0xC00 >> 2) | VIA_2D_CMD))) {
- DRM_DEBUG("Attempt to access Burst Command Area.\n");
- return DRM_ERR(EINVAL);
- } else if (offset > ((0xDFF >> 2) | VIA_2D_CMD)) {
- DRM_DEBUG("Attempt to access DMA or VGA registers.\n");
- return DRM_ERR(EINVAL);
- }
- }
+ if ((ret = via_check_command_stream( regbuf, size)))
+ return ret;
- regbuf = (uint32_t *) buf;
+ size >>= 3;
for (i = 0; i < size; ++i) {
offset = (*regbuf++ & ~VIA_2D_CMD) << 2;
value = *regbuf++;
#define VIDEO 0
#define AGP 1
typedef struct {
- unsigned int offset;
- unsigned int size;
+ uint32_t offset;
+ uint32_t size;
} drm_via_agp_t;
typedef struct {
- unsigned int offset;
- unsigned int size;
+ uint32_t offset;
+ uint32_t size;
} drm_via_fb_t;
typedef struct {
- unsigned int context;
- unsigned int type;
- unsigned int size;
+ uint32_t context;
+ uint32_t type;
+ uint32_t size;
unsigned long index;
unsigned long offset;
} drm_via_mem_t;
enum {
VIA_FUTEX_WAIT = 0x00,
VIA_FUTEX_WAKE = 0X01
- } fut;
- unsigned int op;
- unsigned int ms;
- unsigned int lock;
- unsigned int val;
+ } func;
+ uint32_t ms;
+ uint32_t lock;
+ uint32_t val;
} drm_via_futex_t;
typedef struct _drm_via_dma_init {
#define DRIVER_NAME "via"
#define DRIVER_DESC "VIA Unichrome"
-#define DRIVER_DATE "20040907"
+#define DRIVER_DATE "20041010"
-#define DRIVER_MAJOR 1
-#define DRIVER_MINOR 5
+#define DRIVER_MAJOR 2
+#define DRIVER_MINOR 0
#define DRIVER_PATCHLEVEL 0
#include "drm_pciids.h"
lock = XVMCLOCKPTR(sAPriv, fx.lock);
- switch (fx.op) {
+ switch (fx.func) {
case VIA_FUTEX_WAIT:
DRM_WAIT_ON(ret, dev_priv->decoder_queue[fx.lock],
(fx.ms / 10) * (DRM_HZ / 100), *lock != fx.val);
AgpHeap = via_mmInit(agp.offset, agp.size);
- DRM_DEBUG("offset = %u, size = %u", agp.offset, agp.size);
+ DRM_DEBUG("offset = %lu, size = %lu", agp.offset, agp.size);
return 0;
}
FBHeap = via_mmInit(fb.offset, fb.size);
- DRM_DEBUG("offset = %u, size = %u", fb.offset, fb.size);
+ DRM_DEBUG("offset = %lu, size = %lu", fb.offset, fb.size);
return 0;
}
static void via_cmdbuf_rewind(drm_via_private_t * dev_priv);
static int via_wait_idle(drm_via_private_t * dev_priv);
+
+/*
+ * This function needs to be extended whenever a new command set
+ * is implemented. Currently it works only for the 2D engine
+ * command, which on the Unichrome allows writing to
+ * at least the 2D engine and the mpeg engine, but not the
+ * video engine.
+ *
+ * If you update this function with new commands, please also
+ * consider implementing these commands in
+ * via_parse_pci_cmdbuffer below.
+ *
+ * Carefully review this function for security holes
+ * after an update!!!!!!!!!
+ */
+
+static int via_check_command_stream(const uint32_t *buf,
+ unsigned int size)
+{
+
+ uint32_t offset;
+ unsigned int i;
+
+ if (size & 7) {
+ DRM_ERROR("Illegal command buffer size.\n");
+ return DRM_ERR( EINVAL );
+ }
+ size >>=3;
+ for (i=0; i<size; ++i) {
+ offset = *buf;
+ buf += 2;
+ if ((offset > ((0x3FF >> 2) | VIA_2D_CMD)) &&
+ (offset < ((0xC00 >> 2) | VIA_2D_CMD)) ) {
+ DRM_ERROR("Attempt to access Burst Command / 3D Area.\n");
+ return DRM_ERR( EINVAL );
+ } else if (offset > ((0xDFF >> 2) | VIA_2D_CMD)) {
+ DRM_ERROR("Attempt to access DMA or VGA registers.\n");
+ return DRM_ERR( EINVAL );
+ }
+
+ /*
+ * ...
+ * A volunteer should complete this to allow non-root
+ * usage of accelerated 3D OpenGL.
+ */
+
+ }
+ return 0;
+}
+
+
static inline int
via_cmdbuf_wait(drm_via_private_t * dev_priv, unsigned int size)
{
{
drm_via_private_t *dev_priv = dev->dev_private;
uint32_t * vb;
+ int ret;
+
vb = via_check_dma(dev_priv, cmd->size);
if (vb == NULL) {
return DRM_ERR(EAGAIN);
if (DRM_COPY_FROM_USER(vb, cmd->buf, cmd->size)) {
return DRM_ERR(EFAULT);
}
+
+ if ((ret = via_check_command_stream( vb, cmd->size)))
+ return ret;
+
dev_priv->dma_low += cmd->size;
via_cmdbuf_pause(dev_priv);
return 0;
}
+
static int via_parse_pci_cmdbuffer( drm_device_t *dev, const char *buf,
unsigned int size )
{
uint32_t offset, value;
const uint32_t *regbuf = (uint32_t *)buf;
unsigned int i;
+ int ret;
+ if ((ret = via_check_command_stream( regbuf, size)))
+ return ret;
+
size >>=3 ;
- for (i=0; i<size; ++i) {
- offset = *regbuf;
- regbuf += 2;
- if ((offset > ((0x7FF >> 2) | VIA_2D_CMD)) &&
- (offset < ((0xC00 >> 2) | VIA_2D_CMD)) ) {
- DRM_DEBUG("Attempt to access Burst Command Area.\n");
- return DRM_ERR( EINVAL );
- } else if (offset > ((0xDFF >> 2) | VIA_2D_CMD)) {
- DRM_DEBUG("Attempt to access DMA or VGA registers.\n");
- return DRM_ERR( EINVAL );
- }
- }
-
- regbuf = (uint32_t *)buf;
for ( i=0; i<size; ++i ) {
offset = (*regbuf++ & ~VIA_2D_CMD) << 2;
value = *regbuf++;
#define VIDEO 0
#define AGP 1
typedef struct {
- unsigned int offset;
- unsigned int size;
+ unsigned long offset;
+ unsigned long size;
} drm_via_agp_t;
typedef struct {
- unsigned int offset;
- unsigned int size;
+ unsigned long offset;
+ unsigned long size;
} drm_via_fb_t;
typedef struct {
- unsigned int context;
- unsigned int type;
- unsigned int size;
+ uint32_t context;
+ uint32_t type;
+ unsigned long size;
unsigned long index;
unsigned long offset;
} drm_via_mem_t;
enum {
VIA_FUTEX_WAIT = 0x00,
VIA_FUTEX_WAKE = 0X01
- }fut;
- unsigned int op;
- unsigned int ms;
- unsigned int lock;
- unsigned int val;
+ } func;
+ uint32_t ms;
+ uint32_t lock;
+ uint32_t val;
} drm_via_futex_t;
typedef struct _drm_via_dma_init {
#define DRIVER_NAME "via"
#define DRIVER_DESC "VIA Unichrome"
-#define DRIVER_DATE "20040907"
+#define DRIVER_DATE "20041010"
-#define DRIVER_MAJOR 1
-#define DRIVER_MINOR 5
+#define DRIVER_MAJOR 2
+#define DRIVER_MINOR 0
#define DRIVER_PATCHLEVEL 0
lock = XVMCLOCKPTR(sAPriv,fx.lock);
- switch(fx.op) {
+ switch(fx.func) {
case VIA_FUTEX_WAIT:
DRM_WAIT_ON(ret, dev_priv->decoder_queue[fx.lock],
(fx.ms / 10)*(DRM_HZ/100),
AgpHeap = via_mmInit(agp.offset, agp.size);
- DRM_DEBUG("offset = %u, size = %u", agp.offset, agp.size);
+ DRM_DEBUG("offset = %lu, size = %lu", agp.offset, agp.size);
return 0;
}
FBHeap = via_mmInit(fb.offset, fb.size);
- DRM_DEBUG("offset = %u, size = %u", fb.offset, fb.size);
+ DRM_DEBUG("offset = %lu, size = %lu", fb.offset, fb.size);
return 0;
}
OSDN Git Service
