switch compat_drm_mapbufs() to drm_ioctl_kernel()

Another horror like addbufs; this one is even uglier.  With that
done, drm_ioc32.c should be sane.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

diff --git a/drivers/gpu/drm/drm_bufs.c b/drivers/gpu/drm/drm_bufs.c
index 93e38d51cdc37c337410f14f098cf4c3771cea98..1ee84dd802d4d7cc88f0cab975bf5e9b4ce0181c 100644 (file)
--- a/drivers/gpu/drm/drm_bufs.c
+++ b/drivers/gpu/drm/drm_bufs.c
@@ -1443,15 +1443,15 @@ int drm_legacy_freebufs(struct drm_device *dev, void *data,
  * offset equal to 0, which drm_mmap() interpretes as PCI buffers and calls
  * drm_mmap_dma().
  */
-int drm_legacy_mapbufs(struct drm_device *dev, void *data,
-                      struct drm_file *file_priv)
+int __drm_legacy_mapbufs(struct drm_device *dev, void *data, int *p,
+                        void __user **v,
+                        int (*f)(void *, int, unsigned long,
+                                 struct drm_buf *),
+                        struct drm_file *file_priv)
 {
        struct drm_device_dma *dma = dev->dma;
        int retcode = 0;
-       const int zero = 0;
        unsigned long virtual;
-       unsigned long address;
-       struct drm_buf_map *request = data;
        int i;
 
        if (!drm_core_check_feature(dev, DRIVER_LEGACY))
@@ -1471,7 +1471,7 @@ int drm_legacy_mapbufs(struct drm_device *dev, void *data,
        dev->buf_use++;         /* Can't allocate more after this call */
        spin_unlock(&dev->buf_lock);
 
-       if (request->count >= dma->buf_count) {
+       if (*p >= dma->buf_count) {
                if ((dev->agp && (dma->flags & _DRM_DMA_USE_AGP))
                    || (drm_core_check_feature(dev, DRIVER_SG)
                        && (dma->flags & _DRM_DMA_USE_SG))) {
@@ -1496,41 +1496,51 @@ int drm_legacy_mapbufs(struct drm_device *dev, void *data,
                        retcode = (signed long)virtual;
                        goto done;
                }
-               request->virtual = (void __user *)virtual;
+               *v = (void __user *)virtual;
 
                for (i = 0; i < dma->buf_count; i++) {
-                       if (copy_to_user(&request->list[i].idx,
-                                        &dma->buflist[i]->idx,
-                                        sizeof(request->list[0].idx))) {
-                               retcode = -EFAULT;
-                               goto done;
-                       }
-                       if (copy_to_user(&request->list[i].total,
-                                        &dma->buflist[i]->total,
-                                        sizeof(request->list[0].total))) {
-                               retcode = -EFAULT;
-                               goto done;
-                       }
-                       if (copy_to_user(&request->list[i].used,
-                                        &zero, sizeof(zero))) {
-                               retcode = -EFAULT;
-                               goto done;
-                       }
-                       address = virtual + dma->buflist[i]->offset;    /* *** */
-                       if (copy_to_user(&request->list[i].address,
-                                        &address, sizeof(address))) {
+                       if (f(data, i, virtual, dma->buflist[i]) < 0) {
                                retcode = -EFAULT;
                                goto done;
                        }
                }
        }
       done:
-       request->count = dma->buf_count;
-       DRM_DEBUG("%d buffers, retcode = %d\n", request->count, retcode);
+       *p = dma->buf_count;
+       DRM_DEBUG("%d buffers, retcode = %d\n", *p, retcode);
 
        return retcode;
 }
 
+static int map_one_buf(void *data, int idx, unsigned long virtual,
+                       struct drm_buf *buf)
+{
+       struct drm_buf_map *request = data;
+       unsigned long address = virtual + buf->offset;  /* *** */
+
+       if (copy_to_user(&request->list[idx].idx, &buf->idx,
+                        sizeof(request->list[0].idx)))
+               return -EFAULT;
+       if (copy_to_user(&request->list[idx].total, &buf->total,
+                        sizeof(request->list[0].total)))
+               return -EFAULT;
+       if (clear_user(&request->list[idx].used, sizeof(int)))
+               return -EFAULT;
+       if (copy_to_user(&request->list[idx].address, &address,
+                        sizeof(address)))
+               return -EFAULT;
+       return 0;
+}
+
+int drm_legacy_mapbufs(struct drm_device *dev, void *data,
+                      struct drm_file *file_priv)
+{
+       struct drm_buf_map *request = data;
+       return __drm_legacy_mapbufs(dev, data, &request->count,
+                                   &request->virtual, map_one_buf,
+                                   file_priv);
+}
+
 int drm_legacy_dma_ioctl(struct drm_device *dev, void *data,
                  struct drm_file *file_priv)
 {

diff --git a/drivers/gpu/drm/drm_ioc32.c b/drivers/gpu/drm/drm_ioc32.c
index 57b0ae39169b7ba33abbde9c727c676e31370b3f..0e6ae9ceceb63ae99da4d20063523868ca2b22d5 100644 (file)
--- a/drivers/gpu/drm/drm_ioc32.c
+++ b/drivers/gpu/drm/drm_ioc32.c
@@ -415,54 +415,52 @@ typedef struct drm_buf_map32 {
        u32 list;               /**< Buffer information */
 } drm_buf_map32_t;
 
+static int map_one_buf32(void *data, int idx, unsigned long virtual,
+                       struct drm_buf *buf)
+{
+       drm_buf_map32_t *request = data;
+       drm_buf_pub32_t __user *to = compat_ptr(request->list) + idx;
+       drm_buf_pub32_t v;
+
+       v.idx = buf->idx;
+       v.total = buf->total;
+       v.used = 0;
+       v.address = virtual + buf->offset;
+       if (copy_to_user(to, &v, sizeof(v)))
+               return -EFAULT;
+       return 0;
+}
+
+static int drm_legacy_mapbufs32(struct drm_device *dev, void *data,
+                      struct drm_file *file_priv)
+{
+       drm_buf_map32_t *request = data;
+       void __user *v;
+       int err = __drm_legacy_mapbufs(dev, data, &request->count,
+                                   &v, map_one_buf32,
+                                   file_priv);
+       request->virtual = ptr_to_compat(v);
+       return err;
+}
+
 static int compat_drm_mapbufs(struct file *file, unsigned int cmd,
                              unsigned long arg)
 {
        drm_buf_map32_t __user *argp = (void __user *)arg;
        drm_buf_map32_t req32;
-       drm_buf_pub32_t __user *list32;
-       struct drm_buf_map __user *request;
-       struct drm_buf_pub __user *list;
-       int i, err;
-       int count, actual;
-       size_t nbytes;
-       void __user *addr;
+       int err;
 
        if (copy_from_user(&req32, argp, sizeof(req32)))
                return -EFAULT;
-       count = req32.count;
-       list32 = (void __user *)(unsigned long)req32.list;
-
-       if (count < 0)
+       if (req32.count < 0)
                return -EINVAL;
-       nbytes = sizeof(*request) + count * sizeof(struct drm_buf_pub);
-       request = compat_alloc_user_space(nbytes);
-       if (!request)
-               return -EFAULT;
-       list = (struct drm_buf_pub *) (request + 1);
 
-       if (__put_user(count, &request->count)
-           || __put_user(list, &request->list))
-               return -EFAULT;
-
-       err = drm_ioctl(file, DRM_IOCTL_MAP_BUFS, (unsigned long)request);
+       err = drm_ioctl_kernel(file, drm_legacy_mapbufs32, &req32, DRM_AUTH);
        if (err)
                return err;
 
-       if (__get_user(actual, &request->count))
-               return -EFAULT;
-       if (count >= actual)
-               for (i = 0; i < actual; ++i)
-                       if (__copy_in_user(&list32[i], &list[i],
-                                          offsetof(struct drm_buf_pub, address))
-                           || __get_user(addr, &list[i].address)
-                           || __put_user((unsigned long)addr,
-                                         &list32[i].address))
-                               return -EFAULT;
-
-       if (__put_user(actual, &argp->count)
-           || __get_user(addr, &request->virtual)
-           || __put_user((unsigned long)addr, &argp->virtual))
+       if (put_user(req32.count, &argp->count)
+           || put_user(req32.virtual, &argp->virtual))
                return -EFAULT;
 
        return 0;
@@ -910,7 +908,7 @@ static struct {
        DRM_IOCTL32_DEF(DRM_IOCTL_ADD_BUFS, compat_drm_addbufs),
        DRM_IOCTL32_DEF(DRM_IOCTL_MARK_BUFS, compat_drm_markbufs),
        DRM_IOCTL32_DEF(DRM_IOCTL_INFO_BUFS, compat_drm_infobufs),
-       [DRM_IOCTL_NR(DRM_IOCTL_MAP_BUFS32)].fn = compat_drm_mapbufs,
+       DRM_IOCTL32_DEF(DRM_IOCTL_MAP_BUFS, compat_drm_mapbufs),
        DRM_IOCTL32_DEF(DRM_IOCTL_FREE_BUFS, compat_drm_freebufs),
        DRM_IOCTL32_DEF(DRM_IOCTL_RM_MAP, compat_drm_rmmap),
        DRM_IOCTL32_DEF(DRM_IOCTL_SET_SAREA_CTX, compat_drm_setsareactx),

diff --git a/drivers/gpu/drm/drm_legacy.h b/drivers/gpu/drm/drm_legacy.h
index 702ae0c9379c7848a3ef2703de6850c394c98d6e..280fbeb846ff3b9563895082b994dfa952f47ad3 100644 (file)
--- a/drivers/gpu/drm/drm_legacy.h
+++ b/drivers/gpu/drm/drm_legacy.h
@@ -76,6 +76,10 @@ int drm_legacy_dma_ioctl(struct drm_device *d, void *v, struct drm_file *f);
 
 int __drm_legacy_infobufs(struct drm_device *, void *, int *,
                          int (*)(void *, int, struct drm_buf_entry *));
+int __drm_legacy_mapbufs(struct drm_device *, void *, int *,
+                         void __user **,
+                         int (*)(void *, int, unsigned long, struct drm_buf *),
+                         struct drm_file *);
 
 #ifdef CONFIG_DRM_VM
 void drm_legacy_vma_flush(struct drm_device *d);