1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Framework for userspace DMA-BUF allocations 4 * 5 * Copyright (C) 2011 Google, Inc. 6 * Copyright (C) 2019 Linaro Ltd. 7 */ 8 9 #include <linux/cdev.h> 10 #include <linux/device.h> 11 #include <linux/dma-buf.h> 12 #include <linux/dma-heap.h> 13 #include <linux/err.h> 14 #include <linux/list.h> 15 #include <linux/nospec.h> 16 #include <linux/syscalls.h> 17 #include <linux/uaccess.h> 18 #include <linux/xarray.h> 19 #include <uapi/linux/dma-heap.h> 20 21 #define DEVNAME "dma_heap" 22 23 #define NUM_HEAP_MINORS 128 24 25 /** 26 * struct dma_heap - represents a dmabuf heap in the system 27 * @name: used for debugging/device-node name 28 * @ops: ops struct for this heap 29 * @priv: private data for this heap 30 * @heap_devt: heap device node 31 * @list: list head connecting to list of heaps 32 * @heap_cdev: heap char device 33 * 34 * Represents a heap of memory from which buffers can be made. 35 */ 36 struct dma_heap { 37 const char *name; 38 const struct dma_heap_ops *ops; 39 void *priv; 40 dev_t heap_devt; 41 struct list_head list; 42 struct cdev heap_cdev; 43 }; 44 45 static LIST_HEAD(heap_list); 46 static DEFINE_MUTEX(heap_list_lock); 47 static dev_t dma_heap_devt; 48 static struct class *dma_heap_class; 49 static DEFINE_XARRAY_ALLOC(dma_heap_minors); 50 dma_heap_buffer_alloc(struct dma_heap * heap,size_t len,u32 fd_flags,u64 heap_flags)51 static int dma_heap_buffer_alloc(struct dma_heap *heap, size_t len, 52 u32 fd_flags, 53 u64 heap_flags) 54 { 55 struct dma_buf *dmabuf; 56 int fd; 57 58 /* 59 * Allocations from all heaps have to begin 60 * and end on page boundaries. 61 */ 62 len = PAGE_ALIGN(len); 63 if (!len) 64 return -EINVAL; 65 66 dmabuf = heap->ops->allocate(heap, len, fd_flags, heap_flags); 67 if (IS_ERR(dmabuf)) 68 return PTR_ERR(dmabuf); 69 70 fd = dma_buf_fd(dmabuf, fd_flags); 71 if (fd < 0) { 72 dma_buf_put(dmabuf); 73 /* just return, as put will call release and that will free */ 74 } 75 return fd; 76 } 77 dma_heap_open(struct inode * inode,struct file * file)78 static int dma_heap_open(struct inode *inode, struct file *file) 79 { 80 struct dma_heap *heap; 81 82 heap = xa_load(&dma_heap_minors, iminor(inode)); 83 if (!heap) { 84 pr_err("dma_heap: minor %d unknown.\n", iminor(inode)); 85 return -ENODEV; 86 } 87 88 /* instance data as context */ 89 file->private_data = heap; 90 nonseekable_open(inode, file); 91 92 return 0; 93 } 94 dma_heap_ioctl_allocate(struct file * file,void * data)95 static long dma_heap_ioctl_allocate(struct file *file, void *data) 96 { 97 struct dma_heap_allocation_data *heap_allocation = data; 98 struct dma_heap *heap = file->private_data; 99 int fd; 100 101 if (heap_allocation->fd) 102 return -EINVAL; 103 104 if (heap_allocation->fd_flags & ~DMA_HEAP_VALID_FD_FLAGS) 105 return -EINVAL; 106 107 if (heap_allocation->heap_flags & ~DMA_HEAP_VALID_HEAP_FLAGS) 108 return -EINVAL; 109 110 fd = dma_heap_buffer_alloc(heap, heap_allocation->len, 111 heap_allocation->fd_flags, 112 heap_allocation->heap_flags); 113 if (fd < 0) 114 return fd; 115 116 heap_allocation->fd = fd; 117 118 return 0; 119 } 120 121 static unsigned int dma_heap_ioctl_cmds[] = { 122 DMA_HEAP_IOCTL_ALLOC, 123 }; 124 dma_heap_ioctl(struct file * file,unsigned int ucmd,unsigned long arg)125 static long dma_heap_ioctl(struct file *file, unsigned int ucmd, 126 unsigned long arg) 127 { 128 char stack_kdata[128]; 129 char *kdata = stack_kdata; 130 unsigned int kcmd; 131 unsigned int in_size, out_size, drv_size, ksize; 132 int nr = _IOC_NR(ucmd); 133 int ret = 0; 134 135 if (nr >= ARRAY_SIZE(dma_heap_ioctl_cmds)) 136 return -EINVAL; 137 138 nr = array_index_nospec(nr, ARRAY_SIZE(dma_heap_ioctl_cmds)); 139 /* Get the kernel ioctl cmd that matches */ 140 kcmd = dma_heap_ioctl_cmds[nr]; 141 142 /* Figure out the delta between user cmd size and kernel cmd size */ 143 drv_size = _IOC_SIZE(kcmd); 144 out_size = _IOC_SIZE(ucmd); 145 in_size = out_size; 146 if ((ucmd & kcmd & IOC_IN) == 0) 147 in_size = 0; 148 if ((ucmd & kcmd & IOC_OUT) == 0) 149 out_size = 0; 150 ksize = max(max(in_size, out_size), drv_size); 151 152 /* If necessary, allocate buffer for ioctl argument */ 153 if (ksize > sizeof(stack_kdata)) { 154 kdata = kmalloc(ksize, GFP_KERNEL); 155 if (!kdata) 156 return -ENOMEM; 157 } 158 159 if (copy_from_user(kdata, (void __user *)arg, in_size) != 0) { 160 ret = -EFAULT; 161 goto err; 162 } 163 164 /* zero out any difference between the kernel/user structure size */ 165 if (ksize > in_size) 166 memset(kdata + in_size, 0, ksize - in_size); 167 168 switch (kcmd) { 169 case DMA_HEAP_IOCTL_ALLOC: 170 ret = dma_heap_ioctl_allocate(file, kdata); 171 break; 172 default: 173 ret = -ENOTTY; 174 goto err; 175 } 176 177 if (copy_to_user((void __user *)arg, kdata, out_size) != 0) 178 ret = -EFAULT; 179 err: 180 if (kdata != stack_kdata) 181 kfree(kdata); 182 return ret; 183 } 184 185 static const struct file_operations dma_heap_fops = { 186 .owner = THIS_MODULE, 187 .open = dma_heap_open, 188 .unlocked_ioctl = dma_heap_ioctl, 189 #ifdef CONFIG_COMPAT 190 .compat_ioctl = dma_heap_ioctl, 191 #endif 192 }; 193 194 /** 195 * dma_heap_get_drvdata - get per-heap driver data 196 * @heap: DMA-Heap to retrieve private data for 197 * 198 * Returns: 199 * The per-heap data for the heap. 200 */ dma_heap_get_drvdata(struct dma_heap * heap)201 void *dma_heap_get_drvdata(struct dma_heap *heap) 202 { 203 return heap->priv; 204 } 205 206 /** 207 * dma_heap_get_name - get heap name 208 * @heap: DMA-Heap to retrieve the name of 209 * 210 * Returns: 211 * The char* for the heap name. 212 */ dma_heap_get_name(struct dma_heap * heap)213 const char *dma_heap_get_name(struct dma_heap *heap) 214 { 215 return heap->name; 216 } 217 218 /** 219 * dma_heap_add - adds a heap to dmabuf heaps 220 * @exp_info: information needed to register this heap 221 */ dma_heap_add(const struct dma_heap_export_info * exp_info)222 struct dma_heap *dma_heap_add(const struct dma_heap_export_info *exp_info) 223 { 224 struct dma_heap *heap, *h, *err_ret; 225 struct device *dev_ret; 226 unsigned int minor; 227 int ret; 228 229 if (!exp_info->name || !strcmp(exp_info->name, "")) { 230 pr_err("dma_heap: Cannot add heap without a name\n"); 231 return ERR_PTR(-EINVAL); 232 } 233 234 if (!exp_info->ops || !exp_info->ops->allocate) { 235 pr_err("dma_heap: Cannot add heap with invalid ops struct\n"); 236 return ERR_PTR(-EINVAL); 237 } 238 239 heap = kzalloc(sizeof(*heap), GFP_KERNEL); 240 if (!heap) 241 return ERR_PTR(-ENOMEM); 242 243 heap->name = exp_info->name; 244 heap->ops = exp_info->ops; 245 heap->priv = exp_info->priv; 246 247 /* Find unused minor number */ 248 ret = xa_alloc(&dma_heap_minors, &minor, heap, 249 XA_LIMIT(0, NUM_HEAP_MINORS - 1), GFP_KERNEL); 250 if (ret < 0) { 251 pr_err("dma_heap: Unable to get minor number for heap\n"); 252 err_ret = ERR_PTR(ret); 253 goto err0; 254 } 255 256 /* Create device */ 257 heap->heap_devt = MKDEV(MAJOR(dma_heap_devt), minor); 258 259 cdev_init(&heap->heap_cdev, &dma_heap_fops); 260 ret = cdev_add(&heap->heap_cdev, heap->heap_devt, 1); 261 if (ret < 0) { 262 pr_err("dma_heap: Unable to add char device\n"); 263 err_ret = ERR_PTR(ret); 264 goto err1; 265 } 266 267 dev_ret = device_create(dma_heap_class, 268 NULL, 269 heap->heap_devt, 270 NULL, 271 heap->name); 272 if (IS_ERR(dev_ret)) { 273 pr_err("dma_heap: Unable to create device\n"); 274 err_ret = ERR_CAST(dev_ret); 275 goto err2; 276 } 277 278 mutex_lock(&heap_list_lock); 279 /* check the name is unique */ 280 list_for_each_entry(h, &heap_list, list) { 281 if (!strcmp(h->name, exp_info->name)) { 282 mutex_unlock(&heap_list_lock); 283 pr_err("dma_heap: Already registered heap named %s\n", 284 exp_info->name); 285 err_ret = ERR_PTR(-EINVAL); 286 goto err3; 287 } 288 } 289 290 /* Add heap to the list */ 291 list_add(&heap->list, &heap_list); 292 mutex_unlock(&heap_list_lock); 293 294 return heap; 295 296 err3: 297 device_destroy(dma_heap_class, heap->heap_devt); 298 err2: 299 cdev_del(&heap->heap_cdev); 300 err1: 301 xa_erase(&dma_heap_minors, minor); 302 err0: 303 kfree(heap); 304 return err_ret; 305 } 306 dma_heap_devnode(const struct device * dev,umode_t * mode)307 static char *dma_heap_devnode(const struct device *dev, umode_t *mode) 308 { 309 return kasprintf(GFP_KERNEL, "dma_heap/%s", dev_name(dev)); 310 } 311 dma_heap_init(void)312 static int dma_heap_init(void) 313 { 314 int ret; 315 316 ret = alloc_chrdev_region(&dma_heap_devt, 0, NUM_HEAP_MINORS, DEVNAME); 317 if (ret) 318 return ret; 319 320 dma_heap_class = class_create(DEVNAME); 321 if (IS_ERR(dma_heap_class)) { 322 unregister_chrdev_region(dma_heap_devt, NUM_HEAP_MINORS); 323 return PTR_ERR(dma_heap_class); 324 } 325 dma_heap_class->devnode = dma_heap_devnode; 326 327 return 0; 328 } 329 subsys_initcall(dma_heap_init); 330