1// SPDX-License-Identifier: GPL-2.0 2/* 3 * Framework for userspace DMA-BUF allocations 4 * 5 * Copyright (C) 2011 Google, Inc. 6 * Copyright (C) 2019 Linaro Ltd. 7 */ 8 9#include <linux/cdev.h> 10#include <linux/debugfs.h> 11#include <linux/device.h> 12#include <linux/dma-buf.h> 13#include <linux/err.h> 14#include <linux/xarray.h> 15#include <linux/list.h> 16#include <linux/slab.h> 17#include <linux/nospec.h> 18#include <linux/uaccess.h> 19#include <linux/syscalls.h> 20#include <linux/dma-heap.h> 21#include <uapi/linux/dma-heap.h> 22 23#define DEVNAME "dma_heap" 24 25#define NUM_HEAP_MINORS 128 26 27/** 28 * struct dma_heap - represents a dmabuf heap in the system 29 * @name: used for debugging/device-node name 30 * @ops: ops struct for this heap 31 * @heap_devt heap device node 32 * @list list head connecting to list of heaps 33 * @heap_cdev heap char device 34 * 35 * Represents a heap of memory from which buffers can be made. 36 */ 37struct dma_heap { 38 const char *name; 39 const struct dma_heap_ops *ops; 40 void *priv; 41 dev_t heap_devt; 42 struct list_head list; 43 struct cdev heap_cdev; 44}; 45 46static LIST_HEAD(heap_list); 47static DEFINE_MUTEX(heap_list_lock); 48static dev_t dma_heap_devt; 49static struct class *dma_heap_class; 50static DEFINE_XARRAY_ALLOC(dma_heap_minors); 51 52static int dma_heap_buffer_alloc(struct dma_heap *heap, size_t len, 53 unsigned int fd_flags, 54 unsigned int heap_flags) 55{ 56 struct dma_buf *dmabuf; 57 int fd; 58 59 /* 60 * Allocations from all heaps have to begin 61 * and end on page boundaries. 62 */ 63 len = PAGE_ALIGN(len); 64 if (!len) 65 return -EINVAL; 66 67 dmabuf = heap->ops->allocate(heap, len, fd_flags, heap_flags); 68 if (IS_ERR(dmabuf)) 69 return PTR_ERR(dmabuf); 70 71 fd = dma_buf_fd(dmabuf, fd_flags); 72 if (fd < 0) { 73 dma_buf_put(dmabuf); 74 /* just return, as put will call release and that will free */ 75 } 76 return fd; 77} 78 79static int dma_heap_open(struct inode *inode, struct file *file) 80{ 81 struct dma_heap *heap; 82 83 heap = xa_load(&dma_heap_minors, iminor(inode)); 84 if (!heap) { 85 pr_err("dma_heap: minor %d unknown.\n", iminor(inode)); 86 return -ENODEV; 87 } 88 89 /* instance data as context */ 90 file->private_data = heap; 91 nonseekable_open(inode, file); 92 93 return 0; 94} 95 96static long dma_heap_ioctl_allocate(struct file *file, void *data) 97{ 98 struct dma_heap_allocation_data *heap_allocation = data; 99 struct dma_heap *heap = file->private_data; 100 int fd; 101 102 if (heap_allocation->fd) 103 return -EINVAL; 104 105 if (heap_allocation->fd_flags & ~DMA_HEAP_VALID_FD_FLAGS) 106 return -EINVAL; 107 108 if (heap_allocation->heap_flags & ~DMA_HEAP_VALID_HEAP_FLAGS) 109 return -EINVAL; 110 111 fd = dma_heap_buffer_alloc(heap, heap_allocation->len, 112 heap_allocation->fd_flags, 113 heap_allocation->heap_flags); 114 if (fd < 0) 115 return fd; 116 117 heap_allocation->fd = fd; 118 119 return 0; 120} 121 122static unsigned int dma_heap_ioctl_cmds[] = { 123 DMA_HEAP_IOCTL_ALLOC, 124}; 125 126static long dma_heap_ioctl(struct file *file, unsigned int ucmd, 127 unsigned long arg) 128{ 129 char stack_kdata[128]; 130 char *kdata = stack_kdata; 131 unsigned int kcmd; 132 unsigned int in_size, out_size, drv_size, ksize; 133 int nr = _IOC_NR(ucmd); 134 int ret = 0; 135 136 if (nr >= ARRAY_SIZE(dma_heap_ioctl_cmds)) 137 return -EINVAL; 138 139 nr = array_index_nospec(nr, ARRAY_SIZE(dma_heap_ioctl_cmds)); 140 /* Get the kernel ioctl cmd that matches */ 141 kcmd = dma_heap_ioctl_cmds[nr]; 142 143 /* Figure out the delta between user cmd size and kernel cmd size */ 144 drv_size = _IOC_SIZE(kcmd); 145 out_size = _IOC_SIZE(ucmd); 146 in_size = out_size; 147 if ((ucmd & kcmd & IOC_IN) == 0) 148 in_size = 0; 149 if ((ucmd & kcmd & IOC_OUT) == 0) 150 out_size = 0; 151 ksize = max(max(in_size, out_size), drv_size); 152 153 /* If necessary, allocate buffer for ioctl argument */ 154 if (ksize > sizeof(stack_kdata)) { 155 kdata = kmalloc(ksize, GFP_KERNEL); 156 if (!kdata) 157 return -ENOMEM; 158 } 159 160 if (copy_from_user(kdata, (void __user *)arg, in_size) != 0) { 161 ret = -EFAULT; 162 goto err; 163 } 164 165 /* zero out any difference between the kernel/user structure size */ 166 if (ksize > in_size) 167 memset(kdata + in_size, 0, ksize - in_size); 168 169 switch (kcmd) { 170 case DMA_HEAP_IOCTL_ALLOC: 171 ret = dma_heap_ioctl_allocate(file, kdata); 172 break; 173 default: 174 ret = -ENOTTY; 175 goto err; 176 } 177 178 if (copy_to_user((void __user *)arg, kdata, out_size) != 0) 179 ret = -EFAULT; 180err: 181 if (kdata != stack_kdata) 182 kfree(kdata); 183 return ret; 184} 185 186static const struct file_operations dma_heap_fops = { 187 .owner = THIS_MODULE, 188 .open = dma_heap_open, 189 .unlocked_ioctl = dma_heap_ioctl, 190#ifdef CONFIG_COMPAT 191 .compat_ioctl = dma_heap_ioctl, 192#endif 193}; 194 195/** 196 * dma_heap_get_drvdata() - get per-subdriver data for the heap 197 * @heap: DMA-Heap to retrieve private data for 198 * 199 * Returns: 200 * The per-subdriver data for the heap. 201 */ 202void *dma_heap_get_drvdata(struct dma_heap *heap) 203{ 204 return heap->priv; 205} 206 207/** 208 * dma_heap_get_name() - get heap name 209 * @heap: DMA-Heap to retrieve private data for 210 * 211 * Returns: 212 * The char* for the heap name. 213 */ 214const char *dma_heap_get_name(struct dma_heap *heap) 215{ 216 return heap->name; 217} 218 219struct dma_heap *dma_heap_add(const struct dma_heap_export_info *exp_info) 220{ 221 struct dma_heap *heap, *h, *err_ret; 222 struct device *dev_ret; 223 unsigned int minor; 224 int ret; 225 226 if (!exp_info->name || !strcmp(exp_info->name, "")) { 227 pr_err("dma_heap: Cannot add heap without a name\n"); 228 return ERR_PTR(-EINVAL); 229 } 230 231 if (!exp_info->ops || !exp_info->ops->allocate) { 232 pr_err("dma_heap: Cannot add heap with invalid ops struct\n"); 233 return ERR_PTR(-EINVAL); 234 } 235 236 heap = kzalloc(sizeof(*heap), GFP_KERNEL); 237 if (!heap) 238 return ERR_PTR(-ENOMEM); 239 240 heap->name = exp_info->name; 241 heap->ops = exp_info->ops; 242 heap->priv = exp_info->priv; 243 244 /* Find unused minor number */ 245 ret = xa_alloc(&dma_heap_minors, &minor, heap, 246 XA_LIMIT(0, NUM_HEAP_MINORS - 1), GFP_KERNEL); 247 if (ret < 0) { 248 pr_err("dma_heap: Unable to get minor number for heap\n"); 249 err_ret = ERR_PTR(ret); 250 goto err0; 251 } 252 253 /* Create device */ 254 heap->heap_devt = MKDEV(MAJOR(dma_heap_devt), minor); 255 256 cdev_init(&heap->heap_cdev, &dma_heap_fops); 257 ret = cdev_add(&heap->heap_cdev, heap->heap_devt, 1); 258 if (ret < 0) { 259 pr_err("dma_heap: Unable to add char device\n"); 260 err_ret = ERR_PTR(ret); 261 goto err1; 262 } 263 264 dev_ret = device_create(dma_heap_class, 265 NULL, 266 heap->heap_devt, 267 NULL, 268 heap->name); 269 if (IS_ERR(dev_ret)) { 270 pr_err("dma_heap: Unable to create device\n"); 271 err_ret = ERR_CAST(dev_ret); 272 goto err2; 273 } 274 275 mutex_lock(&heap_list_lock); 276 /* check the name is unique */ 277 list_for_each_entry(h, &heap_list, list) { 278 if (!strcmp(h->name, exp_info->name)) { 279 mutex_unlock(&heap_list_lock); 280 pr_err("dma_heap: Already registered heap named %s\n", 281 exp_info->name); 282 err_ret = ERR_PTR(-EINVAL); 283 goto err3; 284 } 285 } 286 287 /* Add heap to the list */ 288 list_add(&heap->list, &heap_list); 289 mutex_unlock(&heap_list_lock); 290 291 return heap; 292 293err3: 294 device_destroy(dma_heap_class, heap->heap_devt); 295err2: 296 cdev_del(&heap->heap_cdev); 297err1: 298 xa_erase(&dma_heap_minors, minor); 299err0: 300 kfree(heap); 301 return err_ret; 302} 303 304static char *dma_heap_devnode(const struct device *dev, umode_t *mode) 305{ 306 return kasprintf(GFP_KERNEL, "dma_heap/%s", dev_name(dev)); 307} 308 309static int dma_heap_init(void) 310{ 311 int ret; 312 313 ret = alloc_chrdev_region(&dma_heap_devt, 0, NUM_HEAP_MINORS, DEVNAME); 314 if (ret) 315 return ret; 316 317 dma_heap_class = class_create(DEVNAME); 318 if (IS_ERR(dma_heap_class)) { 319 unregister_chrdev_region(dma_heap_devt, NUM_HEAP_MINORS); 320 return PTR_ERR(dma_heap_class); 321 } 322 dma_heap_class->devnode = dma_heap_devnode; 323 324 return 0; 325} 326subsys_initcall(dma_heap_init); 327