1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Framework for userspace DMA-BUF allocations
4 *
5 * Copyright (C) 2011 Google, Inc.
6 * Copyright (C) 2019 Linaro Ltd.
7 */
8
9 #include <linux/cdev.h>
10 #include <linux/debugfs.h>
11 #include <linux/device.h>
12 #include <linux/dma-buf.h>
13 #include <linux/err.h>
14 #include <linux/xarray.h>
15 #include <linux/list.h>
16 #include <linux/slab.h>
17 #include <linux/nospec.h>
18 #include <linux/uaccess.h>
19 #include <linux/syscalls.h>
20 #include <linux/dma-heap.h>
21 #include <uapi/linux/dma-heap.h>
22
23 #define DEVNAME "dma_heap"
24
25 #define NUM_HEAP_MINORS 128
26
27 /**
28 * struct dma_heap - represents a dmabuf heap in the system
29 * @name: used for debugging/device-node name
30 * @ops: ops struct for this heap
31 * @heap_devt heap device node
32 * @list list head connecting to list of heaps
33 * @heap_cdev heap char device
34 *
35 * Represents a heap of memory from which buffers can be made.
36 */
37 struct dma_heap {
38 const char *name;
39 const struct dma_heap_ops *ops;
40 void *priv;
41 dev_t heap_devt;
42 struct list_head list;
43 struct cdev heap_cdev;
44 };
45
46 static LIST_HEAD(heap_list);
47 static DEFINE_MUTEX(heap_list_lock);
48 static dev_t dma_heap_devt;
49 static struct class *dma_heap_class;
50 static DEFINE_XARRAY_ALLOC(dma_heap_minors);
51
dma_heap_buffer_alloc(struct dma_heap * heap,size_t len,unsigned int fd_flags,unsigned int heap_flags)52 static int dma_heap_buffer_alloc(struct dma_heap *heap, size_t len,
53 unsigned int fd_flags,
54 unsigned int heap_flags)
55 {
56 struct dma_buf *dmabuf;
57 int fd;
58
59 /*
60 * Allocations from all heaps have to begin
61 * and end on page boundaries.
62 */
63 len = PAGE_ALIGN(len);
64 if (!len)
65 return -EINVAL;
66
67 dmabuf = heap->ops->allocate(heap, len, fd_flags, heap_flags);
68 if (IS_ERR(dmabuf))
69 return PTR_ERR(dmabuf);
70
71 fd = dma_buf_fd(dmabuf, fd_flags);
72 if (fd < 0) {
73 dma_buf_put(dmabuf);
74 /* just return, as put will call release and that will free */
75 }
76 return fd;
77 }
78
dma_heap_open(struct inode * inode,struct file * file)79 static int dma_heap_open(struct inode *inode, struct file *file)
80 {
81 struct dma_heap *heap;
82
83 heap = xa_load(&dma_heap_minors, iminor(inode));
84 if (!heap) {
85 pr_err("dma_heap: minor %d unknown.\n", iminor(inode));
86 return -ENODEV;
87 }
88
89 /* instance data as context */
90 file->private_data = heap;
91 nonseekable_open(inode, file);
92
93 return 0;
94 }
95
dma_heap_ioctl_allocate(struct file * file,void * data)96 static long dma_heap_ioctl_allocate(struct file *file, void *data)
97 {
98 struct dma_heap_allocation_data *heap_allocation = data;
99 struct dma_heap *heap = file->private_data;
100 int fd;
101
102 if (heap_allocation->fd)
103 return -EINVAL;
104
105 if (heap_allocation->fd_flags & ~DMA_HEAP_VALID_FD_FLAGS)
106 return -EINVAL;
107
108 if (heap_allocation->heap_flags & ~DMA_HEAP_VALID_HEAP_FLAGS)
109 return -EINVAL;
110
111 fd = dma_heap_buffer_alloc(heap, heap_allocation->len,
112 heap_allocation->fd_flags,
113 heap_allocation->heap_flags);
114 if (fd < 0)
115 return fd;
116
117 heap_allocation->fd = fd;
118
119 return 0;
120 }
121
122 static unsigned int dma_heap_ioctl_cmds[] = {
123 DMA_HEAP_IOCTL_ALLOC,
124 };
125
dma_heap_ioctl(struct file * file,unsigned int ucmd,unsigned long arg)126 static long dma_heap_ioctl(struct file *file, unsigned int ucmd,
127 unsigned long arg)
128 {
129 char stack_kdata[128];
130 char *kdata = stack_kdata;
131 unsigned int kcmd;
132 unsigned int in_size, out_size, drv_size, ksize;
133 int nr = _IOC_NR(ucmd);
134 int ret = 0;
135
136 if (nr >= ARRAY_SIZE(dma_heap_ioctl_cmds))
137 return -EINVAL;
138
139 nr = array_index_nospec(nr, ARRAY_SIZE(dma_heap_ioctl_cmds));
140 /* Get the kernel ioctl cmd that matches */
141 kcmd = dma_heap_ioctl_cmds[nr];
142
143 /* Figure out the delta between user cmd size and kernel cmd size */
144 drv_size = _IOC_SIZE(kcmd);
145 out_size = _IOC_SIZE(ucmd);
146 in_size = out_size;
147 if ((ucmd & kcmd & IOC_IN) == 0)
148 in_size = 0;
149 if ((ucmd & kcmd & IOC_OUT) == 0)
150 out_size = 0;
151 ksize = max(max(in_size, out_size), drv_size);
152
153 /* If necessary, allocate buffer for ioctl argument */
154 if (ksize > sizeof(stack_kdata)) {
155 kdata = kmalloc(ksize, GFP_KERNEL);
156 if (!kdata)
157 return -ENOMEM;
158 }
159
160 if (copy_from_user(kdata, (void __user *)arg, in_size) != 0) {
161 ret = -EFAULT;
162 goto err;
163 }
164
165 /* zero out any difference between the kernel/user structure size */
166 if (ksize > in_size)
167 memset(kdata + in_size, 0, ksize - in_size);
168
169 switch (kcmd) {
170 case DMA_HEAP_IOCTL_ALLOC:
171 ret = dma_heap_ioctl_allocate(file, kdata);
172 break;
173 default:
174 ret = -ENOTTY;
175 goto err;
176 }
177
178 if (copy_to_user((void __user *)arg, kdata, out_size) != 0)
179 ret = -EFAULT;
180 err:
181 if (kdata != stack_kdata)
182 kfree(kdata);
183 return ret;
184 }
185
186 static const struct file_operations dma_heap_fops = {
187 .owner = THIS_MODULE,
188 .open = dma_heap_open,
189 .unlocked_ioctl = dma_heap_ioctl,
190 #ifdef CONFIG_COMPAT
191 .compat_ioctl = dma_heap_ioctl,
192 #endif
193 };
194
195 /**
196 * dma_heap_get_drvdata() - get per-subdriver data for the heap
197 * @heap: DMA-Heap to retrieve private data for
198 *
199 * Returns:
200 * The per-subdriver data for the heap.
201 */
dma_heap_get_drvdata(struct dma_heap * heap)202 void *dma_heap_get_drvdata(struct dma_heap *heap)
203 {
204 return heap->priv;
205 }
206
207 /**
208 * dma_heap_get_name() - get heap name
209 * @heap: DMA-Heap to retrieve private data for
210 *
211 * Returns:
212 * The char* for the heap name.
213 */
dma_heap_get_name(struct dma_heap * heap)214 const char *dma_heap_get_name(struct dma_heap *heap)
215 {
216 return heap->name;
217 }
218
dma_heap_add(const struct dma_heap_export_info * exp_info)219 struct dma_heap *dma_heap_add(const struct dma_heap_export_info *exp_info)
220 {
221 struct dma_heap *heap, *h, *err_ret;
222 struct device *dev_ret;
223 unsigned int minor;
224 int ret;
225
226 if (!exp_info->name || !strcmp(exp_info->name, "")) {
227 pr_err("dma_heap: Cannot add heap without a name\n");
228 return ERR_PTR(-EINVAL);
229 }
230
231 if (!exp_info->ops || !exp_info->ops->allocate) {
232 pr_err("dma_heap: Cannot add heap with invalid ops struct\n");
233 return ERR_PTR(-EINVAL);
234 }
235
236 heap = kzalloc(sizeof(*heap), GFP_KERNEL);
237 if (!heap)
238 return ERR_PTR(-ENOMEM);
239
240 heap->name = exp_info->name;
241 heap->ops = exp_info->ops;
242 heap->priv = exp_info->priv;
243
244 /* Find unused minor number */
245 ret = xa_alloc(&dma_heap_minors, &minor, heap,
246 XA_LIMIT(0, NUM_HEAP_MINORS - 1), GFP_KERNEL);
247 if (ret < 0) {
248 pr_err("dma_heap: Unable to get minor number for heap\n");
249 err_ret = ERR_PTR(ret);
250 goto err0;
251 }
252
253 /* Create device */
254 heap->heap_devt = MKDEV(MAJOR(dma_heap_devt), minor);
255
256 cdev_init(&heap->heap_cdev, &dma_heap_fops);
257 ret = cdev_add(&heap->heap_cdev, heap->heap_devt, 1);
258 if (ret < 0) {
259 pr_err("dma_heap: Unable to add char device\n");
260 err_ret = ERR_PTR(ret);
261 goto err1;
262 }
263
264 dev_ret = device_create(dma_heap_class,
265 NULL,
266 heap->heap_devt,
267 NULL,
268 heap->name);
269 if (IS_ERR(dev_ret)) {
270 pr_err("dma_heap: Unable to create device\n");
271 err_ret = ERR_CAST(dev_ret);
272 goto err2;
273 }
274
275 mutex_lock(&heap_list_lock);
276 /* check the name is unique */
277 list_for_each_entry(h, &heap_list, list) {
278 if (!strcmp(h->name, exp_info->name)) {
279 mutex_unlock(&heap_list_lock);
280 pr_err("dma_heap: Already registered heap named %s\n",
281 exp_info->name);
282 err_ret = ERR_PTR(-EINVAL);
283 goto err3;
284 }
285 }
286
287 /* Add heap to the list */
288 list_add(&heap->list, &heap_list);
289 mutex_unlock(&heap_list_lock);
290
291 return heap;
292
293 err3:
294 device_destroy(dma_heap_class, heap->heap_devt);
295 err2:
296 cdev_del(&heap->heap_cdev);
297 err1:
298 xa_erase(&dma_heap_minors, minor);
299 err0:
300 kfree(heap);
301 return err_ret;
302 }
303
dma_heap_devnode(const struct device * dev,umode_t * mode)304 static char *dma_heap_devnode(const struct device *dev, umode_t *mode)
305 {
306 return kasprintf(GFP_KERNEL, "dma_heap/%s", dev_name(dev));
307 }
308
dma_heap_init(void)309 static int dma_heap_init(void)
310 {
311 int ret;
312
313 ret = alloc_chrdev_region(&dma_heap_devt, 0, NUM_HEAP_MINORS, DEVNAME);
314 if (ret)
315 return ret;
316
317 dma_heap_class = class_create(DEVNAME);
318 if (IS_ERR(dma_heap_class)) {
319 unregister_chrdev_region(dma_heap_devt, NUM_HEAP_MINORS);
320 return PTR_ERR(dma_heap_class);
321 }
322 dma_heap_class->devnode = dma_heap_devnode;
323
324 return 0;
325 }
326 subsys_initcall(dma_heap_init);
327