1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Framework for userspace DMA-BUF allocations
4 *
5 * Copyright (C) 2011 Google, Inc.
6 * Copyright (C) 2019 Linaro Ltd.
7 */
8
9 #include <linux/cdev.h>
10 #include <linux/device.h>
11 #include <linux/dma-buf.h>
12 #include <linux/dma-heap.h>
13 #include <linux/err.h>
14 #include <linux/export.h>
15 #include <linux/list.h>
16 #include <linux/nospec.h>
17 #include <linux/syscalls.h>
18 #include <linux/uaccess.h>
19 #include <linux/xarray.h>
20 #include <uapi/linux/dma-heap.h>
21
22 #define DEVNAME "dma_heap"
23
24 #define NUM_HEAP_MINORS 128
25
26 /**
27 * struct dma_heap - represents a dmabuf heap in the system
28 * @name: used for debugging/device-node name
29 * @ops: ops struct for this heap
30 * @priv: private data for this heap
31 * @heap_devt: heap device node
32 * @list: list head connecting to list of heaps
33 * @heap_cdev: heap char device
34 *
35 * Represents a heap of memory from which buffers can be made.
36 */
37 struct dma_heap {
38 const char *name;
39 const struct dma_heap_ops *ops;
40 void *priv;
41 dev_t heap_devt;
42 struct list_head list;
43 struct cdev heap_cdev;
44 };
45
46 static LIST_HEAD(heap_list);
47 static DEFINE_MUTEX(heap_list_lock);
48 static dev_t dma_heap_devt;
49 static struct class *dma_heap_class;
50 static DEFINE_XARRAY_ALLOC(dma_heap_minors);
51
dma_heap_buffer_alloc(struct dma_heap * heap,size_t len,u32 fd_flags,u64 heap_flags)52 static int dma_heap_buffer_alloc(struct dma_heap *heap, size_t len,
53 u32 fd_flags,
54 u64 heap_flags)
55 {
56 struct dma_buf *dmabuf;
57 int fd;
58
59 /*
60 * Allocations from all heaps have to begin
61 * and end on page boundaries.
62 */
63 len = PAGE_ALIGN(len);
64 if (!len)
65 return -EINVAL;
66
67 dmabuf = heap->ops->allocate(heap, len, fd_flags, heap_flags);
68 if (IS_ERR(dmabuf))
69 return PTR_ERR(dmabuf);
70
71 fd = dma_buf_fd(dmabuf, fd_flags);
72 if (fd < 0) {
73 dma_buf_put(dmabuf);
74 /* just return, as put will call release and that will free */
75 }
76 return fd;
77 }
78
dma_heap_open(struct inode * inode,struct file * file)79 static int dma_heap_open(struct inode *inode, struct file *file)
80 {
81 struct dma_heap *heap;
82
83 heap = xa_load(&dma_heap_minors, iminor(inode));
84 if (!heap) {
85 pr_err("dma_heap: minor %d unknown.\n", iminor(inode));
86 return -ENODEV;
87 }
88
89 /* instance data as context */
90 file->private_data = heap;
91 nonseekable_open(inode, file);
92
93 return 0;
94 }
95
dma_heap_ioctl_allocate(struct file * file,void * data)96 static long dma_heap_ioctl_allocate(struct file *file, void *data)
97 {
98 struct dma_heap_allocation_data *heap_allocation = data;
99 struct dma_heap *heap = file->private_data;
100 int fd;
101
102 if (heap_allocation->fd)
103 return -EINVAL;
104
105 if (heap_allocation->fd_flags & ~DMA_HEAP_VALID_FD_FLAGS)
106 return -EINVAL;
107
108 if (heap_allocation->heap_flags & ~DMA_HEAP_VALID_HEAP_FLAGS)
109 return -EINVAL;
110
111 fd = dma_heap_buffer_alloc(heap, heap_allocation->len,
112 heap_allocation->fd_flags,
113 heap_allocation->heap_flags);
114 if (fd < 0)
115 return fd;
116
117 heap_allocation->fd = fd;
118
119 return 0;
120 }
121
122 static unsigned int dma_heap_ioctl_cmds[] = {
123 DMA_HEAP_IOCTL_ALLOC,
124 };
125
dma_heap_ioctl(struct file * file,unsigned int ucmd,unsigned long arg)126 static long dma_heap_ioctl(struct file *file, unsigned int ucmd,
127 unsigned long arg)
128 {
129 char stack_kdata[128];
130 char *kdata = stack_kdata;
131 unsigned int kcmd;
132 unsigned int in_size, out_size, drv_size, ksize;
133 int nr = _IOC_NR(ucmd);
134 int ret = 0;
135
136 if (nr >= ARRAY_SIZE(dma_heap_ioctl_cmds))
137 return -EINVAL;
138
139 nr = array_index_nospec(nr, ARRAY_SIZE(dma_heap_ioctl_cmds));
140 /* Get the kernel ioctl cmd that matches */
141 kcmd = dma_heap_ioctl_cmds[nr];
142
143 /* Figure out the delta between user cmd size and kernel cmd size */
144 drv_size = _IOC_SIZE(kcmd);
145 out_size = _IOC_SIZE(ucmd);
146 in_size = out_size;
147 if ((ucmd & kcmd & IOC_IN) == 0)
148 in_size = 0;
149 if ((ucmd & kcmd & IOC_OUT) == 0)
150 out_size = 0;
151 ksize = max(max(in_size, out_size), drv_size);
152
153 /* If necessary, allocate buffer for ioctl argument */
154 if (ksize > sizeof(stack_kdata)) {
155 kdata = kmalloc(ksize, GFP_KERNEL);
156 if (!kdata)
157 return -ENOMEM;
158 }
159
160 if (copy_from_user(kdata, (void __user *)arg, in_size) != 0) {
161 ret = -EFAULT;
162 goto err;
163 }
164
165 /* zero out any difference between the kernel/user structure size */
166 if (ksize > in_size)
167 memset(kdata + in_size, 0, ksize - in_size);
168
169 switch (kcmd) {
170 case DMA_HEAP_IOCTL_ALLOC:
171 ret = dma_heap_ioctl_allocate(file, kdata);
172 break;
173 default:
174 ret = -ENOTTY;
175 goto err;
176 }
177
178 if (copy_to_user((void __user *)arg, kdata, out_size) != 0)
179 ret = -EFAULT;
180 err:
181 if (kdata != stack_kdata)
182 kfree(kdata);
183 return ret;
184 }
185
186 static const struct file_operations dma_heap_fops = {
187 .owner = THIS_MODULE,
188 .open = dma_heap_open,
189 .unlocked_ioctl = dma_heap_ioctl,
190 #ifdef CONFIG_COMPAT
191 .compat_ioctl = dma_heap_ioctl,
192 #endif
193 };
194
195 /**
196 * dma_heap_get_drvdata - get per-heap driver data
197 * @heap: DMA-Heap to retrieve private data for
198 *
199 * Returns:
200 * The per-heap data for the heap.
201 */
dma_heap_get_drvdata(struct dma_heap * heap)202 void *dma_heap_get_drvdata(struct dma_heap *heap)
203 {
204 return heap->priv;
205 }
206 EXPORT_SYMBOL_NS_GPL(dma_heap_get_drvdata, "DMA_BUF_HEAP");
207
208 /**
209 * dma_heap_get_name - get heap name
210 * @heap: DMA-Heap to retrieve the name of
211 *
212 * Returns:
213 * The char* for the heap name.
214 */
dma_heap_get_name(struct dma_heap * heap)215 const char *dma_heap_get_name(struct dma_heap *heap)
216 {
217 return heap->name;
218 }
219 EXPORT_SYMBOL_NS_GPL(dma_heap_get_name, "DMA_BUF_HEAP");
220
221 /**
222 * dma_heap_add - adds a heap to dmabuf heaps
223 * @exp_info: information needed to register this heap
224 */
dma_heap_add(const struct dma_heap_export_info * exp_info)225 struct dma_heap *dma_heap_add(const struct dma_heap_export_info *exp_info)
226 {
227 struct dma_heap *heap, *h, *err_ret;
228 struct device *dev_ret;
229 unsigned int minor;
230 int ret;
231
232 if (!exp_info->name || !strcmp(exp_info->name, "")) {
233 pr_err("dma_heap: Cannot add heap without a name\n");
234 return ERR_PTR(-EINVAL);
235 }
236
237 if (!exp_info->ops || !exp_info->ops->allocate) {
238 pr_err("dma_heap: Cannot add heap with invalid ops struct\n");
239 return ERR_PTR(-EINVAL);
240 }
241
242 heap = kzalloc(sizeof(*heap), GFP_KERNEL);
243 if (!heap)
244 return ERR_PTR(-ENOMEM);
245
246 heap->name = exp_info->name;
247 heap->ops = exp_info->ops;
248 heap->priv = exp_info->priv;
249
250 /* Find unused minor number */
251 ret = xa_alloc(&dma_heap_minors, &minor, heap,
252 XA_LIMIT(0, NUM_HEAP_MINORS - 1), GFP_KERNEL);
253 if (ret < 0) {
254 pr_err("dma_heap: Unable to get minor number for heap\n");
255 err_ret = ERR_PTR(ret);
256 goto err0;
257 }
258
259 /* Create device */
260 heap->heap_devt = MKDEV(MAJOR(dma_heap_devt), minor);
261
262 cdev_init(&heap->heap_cdev, &dma_heap_fops);
263 ret = cdev_add(&heap->heap_cdev, heap->heap_devt, 1);
264 if (ret < 0) {
265 pr_err("dma_heap: Unable to add char device\n");
266 err_ret = ERR_PTR(ret);
267 goto err1;
268 }
269
270 dev_ret = device_create(dma_heap_class,
271 NULL,
272 heap->heap_devt,
273 NULL,
274 heap->name);
275 if (IS_ERR(dev_ret)) {
276 pr_err("dma_heap: Unable to create device\n");
277 err_ret = ERR_CAST(dev_ret);
278 goto err2;
279 }
280
281 mutex_lock(&heap_list_lock);
282 /* check the name is unique */
283 list_for_each_entry(h, &heap_list, list) {
284 if (!strcmp(h->name, exp_info->name)) {
285 mutex_unlock(&heap_list_lock);
286 pr_err("dma_heap: Already registered heap named %s\n",
287 exp_info->name);
288 err_ret = ERR_PTR(-EINVAL);
289 goto err3;
290 }
291 }
292
293 /* Add heap to the list */
294 list_add(&heap->list, &heap_list);
295 mutex_unlock(&heap_list_lock);
296
297 return heap;
298
299 err3:
300 device_destroy(dma_heap_class, heap->heap_devt);
301 err2:
302 cdev_del(&heap->heap_cdev);
303 err1:
304 xa_erase(&dma_heap_minors, minor);
305 err0:
306 kfree(heap);
307 return err_ret;
308 }
309 EXPORT_SYMBOL_NS_GPL(dma_heap_add, "DMA_BUF_HEAP");
310
dma_heap_devnode(const struct device * dev,umode_t * mode)311 static char *dma_heap_devnode(const struct device *dev, umode_t *mode)
312 {
313 return kasprintf(GFP_KERNEL, "dma_heap/%s", dev_name(dev));
314 }
315
dma_heap_init(void)316 static int dma_heap_init(void)
317 {
318 int ret;
319
320 ret = alloc_chrdev_region(&dma_heap_devt, 0, NUM_HEAP_MINORS, DEVNAME);
321 if (ret)
322 return ret;
323
324 dma_heap_class = class_create(DEVNAME);
325 if (IS_ERR(dma_heap_class)) {
326 unregister_chrdev_region(dma_heap_devt, NUM_HEAP_MINORS);
327 return PTR_ERR(dma_heap_class);
328 }
329 dma_heap_class->devnode = dma_heap_devnode;
330
331 return 0;
332 }
333 subsys_initcall(dma_heap_init);
334