1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Framework for userspace DMA-BUF allocations
4 *
5 * Copyright (C) 2011 Google, Inc.
6 * Copyright (C) 2019 Linaro Ltd.
7 */
8
9 #include <linux/cdev.h>
10 #include <linux/device.h>
11 #include <linux/dma-buf.h>
12 #include <linux/dma-heap.h>
13 #include <linux/err.h>
14 #include <linux/list.h>
15 #include <linux/nospec.h>
16 #include <linux/syscalls.h>
17 #include <linux/uaccess.h>
18 #include <linux/xarray.h>
19 #include <uapi/linux/dma-heap.h>
20
21 #define DEVNAME "dma_heap"
22
23 #define NUM_HEAP_MINORS 128
24
25 /**
26 * struct dma_heap - represents a dmabuf heap in the system
27 * @name: used for debugging/device-node name
28 * @ops: ops struct for this heap
29 * @priv: private data for this heap
30 * @heap_devt: heap device node
31 * @list: list head connecting to list of heaps
32 * @heap_cdev: heap char device
33 *
34 * Represents a heap of memory from which buffers can be made.
35 */
36 struct dma_heap {
37 const char *name;
38 const struct dma_heap_ops *ops;
39 void *priv;
40 dev_t heap_devt;
41 struct list_head list;
42 struct cdev heap_cdev;
43 };
44
45 static LIST_HEAD(heap_list);
46 static DEFINE_MUTEX(heap_list_lock);
47 static dev_t dma_heap_devt;
48 static struct class *dma_heap_class;
49 static DEFINE_XARRAY_ALLOC(dma_heap_minors);
50
dma_heap_buffer_alloc(struct dma_heap * heap,size_t len,u32 fd_flags,u64 heap_flags)51 static int dma_heap_buffer_alloc(struct dma_heap *heap, size_t len,
52 u32 fd_flags,
53 u64 heap_flags)
54 {
55 struct dma_buf *dmabuf;
56 int fd;
57
58 /*
59 * Allocations from all heaps have to begin
60 * and end on page boundaries.
61 */
62 len = PAGE_ALIGN(len);
63 if (!len)
64 return -EINVAL;
65
66 dmabuf = heap->ops->allocate(heap, len, fd_flags, heap_flags);
67 if (IS_ERR(dmabuf))
68 return PTR_ERR(dmabuf);
69
70 fd = dma_buf_fd(dmabuf, fd_flags);
71 if (fd < 0) {
72 dma_buf_put(dmabuf);
73 /* just return, as put will call release and that will free */
74 }
75 return fd;
76 }
77
dma_heap_open(struct inode * inode,struct file * file)78 static int dma_heap_open(struct inode *inode, struct file *file)
79 {
80 struct dma_heap *heap;
81
82 heap = xa_load(&dma_heap_minors, iminor(inode));
83 if (!heap) {
84 pr_err("dma_heap: minor %d unknown.\n", iminor(inode));
85 return -ENODEV;
86 }
87
88 /* instance data as context */
89 file->private_data = heap;
90 nonseekable_open(inode, file);
91
92 return 0;
93 }
94
dma_heap_ioctl_allocate(struct file * file,void * data)95 static long dma_heap_ioctl_allocate(struct file *file, void *data)
96 {
97 struct dma_heap_allocation_data *heap_allocation = data;
98 struct dma_heap *heap = file->private_data;
99 int fd;
100
101 if (heap_allocation->fd)
102 return -EINVAL;
103
104 if (heap_allocation->fd_flags & ~DMA_HEAP_VALID_FD_FLAGS)
105 return -EINVAL;
106
107 if (heap_allocation->heap_flags & ~DMA_HEAP_VALID_HEAP_FLAGS)
108 return -EINVAL;
109
110 fd = dma_heap_buffer_alloc(heap, heap_allocation->len,
111 heap_allocation->fd_flags,
112 heap_allocation->heap_flags);
113 if (fd < 0)
114 return fd;
115
116 heap_allocation->fd = fd;
117
118 return 0;
119 }
120
121 static unsigned int dma_heap_ioctl_cmds[] = {
122 DMA_HEAP_IOCTL_ALLOC,
123 };
124
dma_heap_ioctl(struct file * file,unsigned int ucmd,unsigned long arg)125 static long dma_heap_ioctl(struct file *file, unsigned int ucmd,
126 unsigned long arg)
127 {
128 char stack_kdata[128];
129 char *kdata = stack_kdata;
130 unsigned int kcmd;
131 unsigned int in_size, out_size, drv_size, ksize;
132 int nr = _IOC_NR(ucmd);
133 int ret = 0;
134
135 if (nr >= ARRAY_SIZE(dma_heap_ioctl_cmds))
136 return -EINVAL;
137
138 nr = array_index_nospec(nr, ARRAY_SIZE(dma_heap_ioctl_cmds));
139 /* Get the kernel ioctl cmd that matches */
140 kcmd = dma_heap_ioctl_cmds[nr];
141
142 /* Figure out the delta between user cmd size and kernel cmd size */
143 drv_size = _IOC_SIZE(kcmd);
144 out_size = _IOC_SIZE(ucmd);
145 in_size = out_size;
146 if ((ucmd & kcmd & IOC_IN) == 0)
147 in_size = 0;
148 if ((ucmd & kcmd & IOC_OUT) == 0)
149 out_size = 0;
150 ksize = max(max(in_size, out_size), drv_size);
151
152 /* If necessary, allocate buffer for ioctl argument */
153 if (ksize > sizeof(stack_kdata)) {
154 kdata = kmalloc(ksize, GFP_KERNEL);
155 if (!kdata)
156 return -ENOMEM;
157 }
158
159 if (copy_from_user(kdata, (void __user *)arg, in_size) != 0) {
160 ret = -EFAULT;
161 goto err;
162 }
163
164 /* zero out any difference between the kernel/user structure size */
165 if (ksize > in_size)
166 memset(kdata + in_size, 0, ksize - in_size);
167
168 switch (kcmd) {
169 case DMA_HEAP_IOCTL_ALLOC:
170 ret = dma_heap_ioctl_allocate(file, kdata);
171 break;
172 default:
173 ret = -ENOTTY;
174 goto err;
175 }
176
177 if (copy_to_user((void __user *)arg, kdata, out_size) != 0)
178 ret = -EFAULT;
179 err:
180 if (kdata != stack_kdata)
181 kfree(kdata);
182 return ret;
183 }
184
185 static const struct file_operations dma_heap_fops = {
186 .owner = THIS_MODULE,
187 .open = dma_heap_open,
188 .unlocked_ioctl = dma_heap_ioctl,
189 #ifdef CONFIG_COMPAT
190 .compat_ioctl = dma_heap_ioctl,
191 #endif
192 };
193
194 /**
195 * dma_heap_get_drvdata - get per-heap driver data
196 * @heap: DMA-Heap to retrieve private data for
197 *
198 * Returns:
199 * The per-heap data for the heap.
200 */
dma_heap_get_drvdata(struct dma_heap * heap)201 void *dma_heap_get_drvdata(struct dma_heap *heap)
202 {
203 return heap->priv;
204 }
205
206 /**
207 * dma_heap_get_name - get heap name
208 * @heap: DMA-Heap to retrieve the name of
209 *
210 * Returns:
211 * The char* for the heap name.
212 */
dma_heap_get_name(struct dma_heap * heap)213 const char *dma_heap_get_name(struct dma_heap *heap)
214 {
215 return heap->name;
216 }
217
218 /**
219 * dma_heap_add - adds a heap to dmabuf heaps
220 * @exp_info: information needed to register this heap
221 */
dma_heap_add(const struct dma_heap_export_info * exp_info)222 struct dma_heap *dma_heap_add(const struct dma_heap_export_info *exp_info)
223 {
224 struct dma_heap *heap, *h, *err_ret;
225 struct device *dev_ret;
226 unsigned int minor;
227 int ret;
228
229 if (!exp_info->name || !strcmp(exp_info->name, "")) {
230 pr_err("dma_heap: Cannot add heap without a name\n");
231 return ERR_PTR(-EINVAL);
232 }
233
234 if (!exp_info->ops || !exp_info->ops->allocate) {
235 pr_err("dma_heap: Cannot add heap with invalid ops struct\n");
236 return ERR_PTR(-EINVAL);
237 }
238
239 heap = kzalloc(sizeof(*heap), GFP_KERNEL);
240 if (!heap)
241 return ERR_PTR(-ENOMEM);
242
243 heap->name = exp_info->name;
244 heap->ops = exp_info->ops;
245 heap->priv = exp_info->priv;
246
247 /* Find unused minor number */
248 ret = xa_alloc(&dma_heap_minors, &minor, heap,
249 XA_LIMIT(0, NUM_HEAP_MINORS - 1), GFP_KERNEL);
250 if (ret < 0) {
251 pr_err("dma_heap: Unable to get minor number for heap\n");
252 err_ret = ERR_PTR(ret);
253 goto err0;
254 }
255
256 /* Create device */
257 heap->heap_devt = MKDEV(MAJOR(dma_heap_devt), minor);
258
259 cdev_init(&heap->heap_cdev, &dma_heap_fops);
260 ret = cdev_add(&heap->heap_cdev, heap->heap_devt, 1);
261 if (ret < 0) {
262 pr_err("dma_heap: Unable to add char device\n");
263 err_ret = ERR_PTR(ret);
264 goto err1;
265 }
266
267 dev_ret = device_create(dma_heap_class,
268 NULL,
269 heap->heap_devt,
270 NULL,
271 heap->name);
272 if (IS_ERR(dev_ret)) {
273 pr_err("dma_heap: Unable to create device\n");
274 err_ret = ERR_CAST(dev_ret);
275 goto err2;
276 }
277
278 mutex_lock(&heap_list_lock);
279 /* check the name is unique */
280 list_for_each_entry(h, &heap_list, list) {
281 if (!strcmp(h->name, exp_info->name)) {
282 mutex_unlock(&heap_list_lock);
283 pr_err("dma_heap: Already registered heap named %s\n",
284 exp_info->name);
285 err_ret = ERR_PTR(-EINVAL);
286 goto err3;
287 }
288 }
289
290 /* Add heap to the list */
291 list_add(&heap->list, &heap_list);
292 mutex_unlock(&heap_list_lock);
293
294 return heap;
295
296 err3:
297 device_destroy(dma_heap_class, heap->heap_devt);
298 err2:
299 cdev_del(&heap->heap_cdev);
300 err1:
301 xa_erase(&dma_heap_minors, minor);
302 err0:
303 kfree(heap);
304 return err_ret;
305 }
306
dma_heap_devnode(const struct device * dev,umode_t * mode)307 static char *dma_heap_devnode(const struct device *dev, umode_t *mode)
308 {
309 return kasprintf(GFP_KERNEL, "dma_heap/%s", dev_name(dev));
310 }
311
dma_heap_init(void)312 static int dma_heap_init(void)
313 {
314 int ret;
315
316 ret = alloc_chrdev_region(&dma_heap_devt, 0, NUM_HEAP_MINORS, DEVNAME);
317 if (ret)
318 return ret;
319
320 dma_heap_class = class_create(DEVNAME);
321 if (IS_ERR(dma_heap_class)) {
322 unregister_chrdev_region(dma_heap_devt, NUM_HEAP_MINORS);
323 return PTR_ERR(dma_heap_class);
324 }
325 dma_heap_class->devnode = dma_heap_devnode;
326
327 return 0;
328 }
329 subsys_initcall(dma_heap_init);
330