Merge tag 'vmwgfx-next-2014-03-28' of git://people.freedesktop.org/~thomash/linux into drm-next

	mutex_unlock(&file_priv->fbs_lock);

	drm_modeset_lock_all(dev);

	mode_group = &file_priv->master->minor->mode_group;

	if (file_priv->master->minor->type == DRM_MINOR_CONTROL) {

	if (!drm_is_primary_client(file_priv)) {

		mode_group = NULL;

		list_for_each(lh, &dev->mode_config.crtc_list)

			crtc_count++;

			encoder_count++;

	} else {

		mode_group = &file_priv->master->minor->mode_group;

		crtc_count = mode_group->num_crtcs;

		connector_count = mode_group->num_connectors;

		encoder_count = mode_group->num_encoders;

	if (card_res->count_crtcs >= crtc_count) {

		copied = 0;

		crtc_id = (uint32_t __user *)(unsigned long)card_res->crtc_id_ptr;

		if (file_priv->master->minor->type == DRM_MINOR_CONTROL) {

		if (!mode_group) {

			list_for_each_entry(crtc, &dev->mode_config.crtc_list,

					    head) {

				DRM_DEBUG_KMS("[CRTC:%d]\n", crtc->base.id);

	if (card_res->count_encoders >= encoder_count) {

		copied = 0;

		encoder_id = (uint32_t __user *)(unsigned long)card_res->encoder_id_ptr;

		if (file_priv->master->minor->type == DRM_MINOR_CONTROL) {

		if (!mode_group) {

			list_for_each_entry(encoder,

					    &dev->mode_config.encoder_list,

					    head) {

	if (card_res->count_connectors >= connector_count) {

		copied = 0;

		connector_id = (uint32_t __user *)(unsigned long)card_res->connector_id_ptr;

		if (file_priv->master->minor->type == DRM_MINOR_CONTROL) {

		if (!mode_group) {

			list_for_each_entry(connector,

					    &dev->mode_config.connector_list,

					    head) {

	r->bpp = fb->bits_per_pixel;

	r->pitch = fb->pitches[0];

	if (fb->funcs->create_handle) {

		if (file_priv->is_master || capable(CAP_SYS_ADMIN)) {

		if (file_priv->is_master || capable(CAP_SYS_ADMIN) ||

		    drm_is_control_client(file_priv)) {

			ret = fb->funcs->create_handle(fb, file_priv,

						       &r->handle);

		} else {

	return err;

}

/**

 * drm_ioctl_permit - Check ioctl permissions against caller

 *

 * @flags: ioctl permission flags.

 * @file_priv: Pointer to struct drm_file identifying the caller.

 *

 * Checks whether the caller is allowed to run an ioctl with the

 * indicated permissions. If so, returns zero. Otherwise returns an

 * error code suitable for ioctl return.

 */

static int drm_ioctl_permit(u32 flags, struct drm_file *file_priv)

{

	/* ROOT_ONLY is only for CAP_SYS_ADMIN */

	if (unlikely((flags & DRM_ROOT_ONLY) && !capable(CAP_SYS_ADMIN)))

		return -EACCES;

	/* AUTH is only for authenticated or render client */

	if (unlikely((flags & DRM_AUTH) && !drm_is_render_client(file_priv) &&

		     !file_priv->authenticated))

		return -EACCES;

	/* MASTER is only for master or control clients */

	if (unlikely((flags & DRM_MASTER) && !file_priv->is_master &&

		     !drm_is_control_client(file_priv)))

		return -EACCES;

	/* Control clients must be explicitly allowed */

	if (unlikely(!(flags & DRM_CONTROL_ALLOW) &&

		     drm_is_control_client(file_priv)))

		return -EACCES;

	/* Render clients must be explicitly allowed */

	if (unlikely(!(flags & DRM_RENDER_ALLOW) &&

		     drm_is_render_client(file_priv)))

		return -EACCES;

	return 0;

}

/**

 * Called whenever a process performs an ioctl on /dev/drm.

 *

	/* Do not trust userspace, use our own definition */

	func = ioctl->func;

	if (!func) {

	if (unlikely(!func)) {

		DRM_DEBUG("no function\n");

		retcode = -EINVAL;

	} else if (((ioctl->flags & DRM_ROOT_ONLY) && !capable(CAP_SYS_ADMIN)) ||

		   ((ioctl->flags & DRM_AUTH) && !drm_is_render_client(file_priv) && !file_priv->authenticated) ||

		   ((ioctl->flags & DRM_MASTER) && !file_priv->is_master) ||

		   (!(ioctl->flags & DRM_CONTROL_ALLOW) && (file_priv->minor->type == DRM_MINOR_CONTROL)) ||

		   (!(ioctl->flags & DRM_RENDER_ALLOW) && drm_is_render_client(file_priv))) {

		retcode = -EACCES;

	} else {

		goto err_i1;

	}

	retcode = drm_ioctl_permit(ioctl->flags, file_priv);

	if (unlikely(retcode))

		goto err_i1;

	if (cmd & (IOC_IN | IOC_OUT)) {

		if (asize <= sizeof(stack_kdata)) {

			kdata = stack_kdata;

				 usize) != 0)

			retcode = -EFAULT;

	}

	}

      err_i1:

	if (!ioctl)

	return retcode;

}

EXPORT_SYMBOL(drm_ioctl);

/**

 * drm_ioctl_flags - Check for core ioctl and return ioctl permission flags

 *

 * @nr: Ioctl number.

 * @flags: Where to return the ioctl permission flags

 */

bool drm_ioctl_flags(unsigned int nr, unsigned int *flags)

{

	if ((nr >= DRM_COMMAND_END && nr < DRM_CORE_IOCTL_COUNT) ||

	    (nr < DRM_COMMAND_BASE)) {

		*flags = drm_ioctls[nr].flags;

		return true;

	}

	return false;

}

EXPORT_SYMBOL(drm_ioctl_flags);

	/* if there is no current master make this fd it, but do not create

	 * any master object for render clients */

	mutex_lock(&dev->struct_mutex);

	if (!priv->minor->master && !drm_is_render_client(priv)) {

	mutex_lock(&dev->master_mutex);

	if (drm_is_primary_client(priv) && !priv->minor->master) {

		/* create a new master */

		priv->minor->master = drm_master_create(priv->minor);

		if (!priv->minor->master) {

			mutex_unlock(&dev->struct_mutex);

			ret = -ENOMEM;

			goto out_close;

		}

		priv->is_master = 1;

		/* take another reference for the copy in the local file priv */

		priv->master = drm_master_get(priv->minor->master);

		priv->authenticated = 1;

		mutex_unlock(&dev->struct_mutex);

		if (dev->driver->master_create) {

			ret = dev->driver->master_create(dev, priv->master);

			if (ret) {

				mutex_lock(&dev->struct_mutex);

				/* drop both references if this fails */

				drm_master_put(&priv->minor->master);

				drm_master_put(&priv->master);

				mutex_unlock(&dev->struct_mutex);

				goto out_close;

			}

		}

		mutex_lock(&dev->struct_mutex);

		if (dev->driver->master_set) {

			ret = dev->driver->master_set(dev, priv, true);

			if (ret) {

				/* drop both references if this fails */

				drm_master_put(&priv->minor->master);

				drm_master_put(&priv->master);

				mutex_unlock(&dev->struct_mutex);

				goto out_close;

			}

		}

	} else if (!drm_is_render_client(priv)) {

	} else if (drm_is_primary_client(priv)) {

		/* get a reference to the master */

		priv->master = drm_master_get(priv->minor->master);

	}

	mutex_unlock(&dev->struct_mutex);

	mutex_unlock(&dev->master_mutex);

	mutex_lock(&dev->struct_mutex);

	list_add(&priv->lhead, &dev->filelist);

	return 0;

out_close:

	mutex_unlock(&dev->master_mutex);

	if (dev->driver->postclose)

		dev->driver->postclose(dev, priv);

out_prime_destroy:

	}

	mutex_unlock(&dev->ctxlist_mutex);

	mutex_lock(&dev->struct_mutex);

	mutex_lock(&dev->master_mutex);

	if (file_priv->is_master) {

		struct drm_master *master = file_priv->master;

		struct drm_file *temp;

		mutex_lock(&dev->struct_mutex);

		list_for_each_entry(temp, &dev->filelist, lhead) {

			if ((temp->master == file_priv->master) &&

			    (temp != file_priv))

			master->lock.file_priv = NULL;

			wake_up_interruptible_all(&master->lock.lock_queue);

		}

		mutex_unlock(&dev->struct_mutex);

		if (file_priv->minor->master == file_priv->master) {

			/* drop the reference held my the minor */

		}

	}

	/* drop the reference held my the file priv */

	/* drop the master reference held by the file priv */

	if (file_priv->master)

		drm_master_put(&file_priv->master);

	file_priv->is_master = 0;

	mutex_unlock(&dev->master_mutex);

	mutex_lock(&dev->struct_mutex);

	list_del(&file_priv->lhead);

	mutex_unlock(&dev->struct_mutex);

	INIT_LIST_HEAD(&master->magicfree);

	master->minor = minor;

	list_add_tail(&master->head, &minor->master_list);

	return master;

}

	struct drm_device *dev = master->minor->dev;

	struct drm_map_list *r_list, *list_temp;

	list_del(&master->head);

	mutex_lock(&dev->struct_mutex);

	if (dev->driver->master_destroy)

		dev->driver->master_destroy(dev, master);

	drm_ht_remove(&master->magiclist);

	mutex_unlock(&dev->struct_mutex);

	kfree(master);

}

{

	int ret = 0;

	mutex_lock(&dev->master_mutex);

	if (file_priv->is_master)

		return 0;

	if (file_priv->minor->master && file_priv->minor->master != file_priv->master)

		return -EINVAL;

		goto out_unlock;

	if (!file_priv->master)

		return -EINVAL;

	if (file_priv->minor->master) {

		ret = -EINVAL;

		goto out_unlock;

	}

	if (file_priv->minor->master)

		return -EINVAL;

	if (!file_priv->master) {

		ret = -EINVAL;

		goto out_unlock;

	}

	mutex_lock(&dev->struct_mutex);

	file_priv->minor->master = drm_master_get(file_priv->master);

	file_priv->is_master = 1;

	if (dev->driver->master_set) {

			drm_master_put(&file_priv->minor->master);

		}

	}

	mutex_unlock(&dev->struct_mutex);

out_unlock:

	mutex_unlock(&dev->master_mutex);

	return ret;

}

int drm_dropmaster_ioctl(struct drm_device *dev, void *data,

			 struct drm_file *file_priv)

{

	int ret = -EINVAL;

	mutex_lock(&dev->master_mutex);

	if (!file_priv->is_master)

		return -EINVAL;

		goto out_unlock;

	if (!file_priv->minor->master)

		return -EINVAL;

		goto out_unlock;

	mutex_lock(&dev->struct_mutex);

	ret = 0;

	if (dev->driver->master_drop)

		dev->driver->master_drop(dev, file_priv, false);

	drm_master_put(&file_priv->minor->master);

	file_priv->is_master = 0;

	mutex_unlock(&dev->struct_mutex);

	return 0;

out_unlock:

	mutex_unlock(&dev->master_mutex);

	return ret;

}

/*

	minor->type = type;

	minor->dev = dev;

	INIT_LIST_HEAD(&minor->master_list);

	*drm_minor_get_slot(dev, type) = minor;

	return 0;

	spin_lock_init(&dev->event_lock);

	mutex_init(&dev->struct_mutex);

	mutex_init(&dev->ctxlist_mutex);

	mutex_init(&dev->master_mutex);

	dev->anon_inode = drm_fs_inode_new();

	if (IS_ERR(dev->anon_inode)) {

	drm_minor_free(dev, DRM_MINOR_CONTROL);

	drm_fs_inode_free(dev->anon_inode);

err_free:

	mutex_destroy(&dev->master_mutex);

	kfree(dev);

	return NULL;

}

	drm_minor_free(dev, DRM_MINOR_CONTROL);

	kfree(dev->devname);

	mutex_destroy(&dev->master_mutex);

	kfree(dev);

}

}

EXPORT_SYMBOL(ttm_base_object_lookup_for_ref);

/**

 * ttm_ref_object_exists - Check whether a caller has a valid ref object

 * (has opened) a base object.

 *

 * @tfile: Pointer to a struct ttm_object_file identifying the caller.

 * @base: Pointer to a struct base object.

 *

 * Checks wether the caller identified by @tfile has put a valid USAGE

 * reference object on the base object identified by @base.

 */

bool ttm_ref_object_exists(struct ttm_object_file *tfile,

			   struct ttm_base_object *base)

{

	struct drm_open_hash *ht = &tfile->ref_hash[TTM_REF_USAGE];

	struct drm_hash_item *hash;

	struct ttm_ref_object *ref;

	rcu_read_lock();

	if (unlikely(drm_ht_find_item_rcu(ht, base->hash.key, &hash) != 0))

		goto out_false;

	/*

	 * Verify that the ref object is really pointing to our base object.

	 * Our base object could actually be dead, and the ref object pointing

	 * to another base object with the same handle.

	 */

	ref = drm_hash_entry(hash, struct ttm_ref_object, hash);

	if (unlikely(base != ref->obj))

		goto out_false;

	/*

	 * Verify that the ref->obj pointer was actually valid!

	 */

	rmb();

	if (unlikely(atomic_read(&ref->kref.refcount) == 0))

		goto out_false;

	rcu_read_unlock();

	return true;

 out_false:

	rcu_read_unlock();

	return false;

}

EXPORT_SYMBOL(ttm_ref_object_exists);

int ttm_ref_object_add(struct ttm_object_file *tfile,

		       struct ttm_base_object *base,

		       enum ttm_ref_type ref_type, bool *existed)