1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * drivers/uio/uio.c
4 *
5 * Copyright(C) 2005, Benedikt Spranger <b.spranger@linutronix.de>
6 * Copyright(C) 2005, Thomas Gleixner <tglx@linutronix.de>
7 * Copyright(C) 2006, Hans J. Koch <hjk@hansjkoch.de>
8 * Copyright(C) 2006, Greg Kroah-Hartman <greg@kroah.com>
9 *
10 * Userspace IO
11 *
12 * Base Functions
13 */
14
15 #include <linux/module.h>
16 #include <linux/init.h>
17 #include <linux/poll.h>
18 #include <linux/device.h>
19 #include <linux/slab.h>
20 #include <linux/mm.h>
21 #include <linux/idr.h>
22 #include <linux/sched/signal.h>
23 #include <linux/string.h>
24 #include <linux/kobject.h>
25 #include <linux/cdev.h>
26 #include <linux/uio_driver.h>
27 #include <linux/dma-mapping.h>
28
29 #define UIO_MAX_DEVICES (1U << MINORBITS)
30
31 static int uio_major;
32 static struct cdev *uio_cdev;
33 static DEFINE_IDR(uio_idr);
34 static const struct file_operations uio_fops;
35
36 /* Protect idr accesses */
37 static DEFINE_MUTEX(minor_lock);
38
39 /*
40 * attributes
41 */
42
43 struct uio_map {
44 struct kobject kobj;
45 struct uio_mem *mem;
46 };
47 #define to_map(map) container_of(map, struct uio_map, kobj)
48
map_name_show(struct uio_mem * mem,char * buf)49 static ssize_t map_name_show(struct uio_mem *mem, char *buf)
50 {
51 if (unlikely(!mem->name))
52 mem->name = "";
53
54 return sprintf(buf, "%s\n", mem->name);
55 }
56
map_addr_show(struct uio_mem * mem,char * buf)57 static ssize_t map_addr_show(struct uio_mem *mem, char *buf)
58 {
59 return sprintf(buf, "%pa\n", &mem->addr);
60 }
61
map_size_show(struct uio_mem * mem,char * buf)62 static ssize_t map_size_show(struct uio_mem *mem, char *buf)
63 {
64 return sprintf(buf, "%pa\n", &mem->size);
65 }
66
map_offset_show(struct uio_mem * mem,char * buf)67 static ssize_t map_offset_show(struct uio_mem *mem, char *buf)
68 {
69 return sprintf(buf, "0x%llx\n", (unsigned long long)mem->offs);
70 }
71
72 struct map_sysfs_entry {
73 struct attribute attr;
74 ssize_t (*show)(struct uio_mem *, char *);
75 ssize_t (*store)(struct uio_mem *, const char *, size_t);
76 };
77
78 static struct map_sysfs_entry name_attribute =
79 __ATTR(name, S_IRUGO, map_name_show, NULL);
80 static struct map_sysfs_entry addr_attribute =
81 __ATTR(addr, S_IRUGO, map_addr_show, NULL);
82 static struct map_sysfs_entry size_attribute =
83 __ATTR(size, S_IRUGO, map_size_show, NULL);
84 static struct map_sysfs_entry offset_attribute =
85 __ATTR(offset, S_IRUGO, map_offset_show, NULL);
86
87 static struct attribute *map_attrs[] = {
88 &name_attribute.attr,
89 &addr_attribute.attr,
90 &size_attribute.attr,
91 &offset_attribute.attr,
92 NULL, /* need to NULL terminate the list of attributes */
93 };
94 ATTRIBUTE_GROUPS(map);
95
map_release(struct kobject * kobj)96 static void map_release(struct kobject *kobj)
97 {
98 struct uio_map *map = to_map(kobj);
99 kfree(map);
100 }
101
map_type_show(struct kobject * kobj,struct attribute * attr,char * buf)102 static ssize_t map_type_show(struct kobject *kobj, struct attribute *attr,
103 char *buf)
104 {
105 struct uio_map *map = to_map(kobj);
106 struct uio_mem *mem = map->mem;
107 struct map_sysfs_entry *entry;
108
109 entry = container_of(attr, struct map_sysfs_entry, attr);
110
111 if (!entry->show)
112 return -EIO;
113
114 return entry->show(mem, buf);
115 }
116
117 static const struct sysfs_ops map_sysfs_ops = {
118 .show = map_type_show,
119 };
120
121 static const struct kobj_type map_attr_type = {
122 .release = map_release,
123 .sysfs_ops = &map_sysfs_ops,
124 .default_groups = map_groups,
125 };
126
127 struct uio_portio {
128 struct kobject kobj;
129 struct uio_port *port;
130 };
131 #define to_portio(portio) container_of(portio, struct uio_portio, kobj)
132
portio_name_show(struct uio_port * port,char * buf)133 static ssize_t portio_name_show(struct uio_port *port, char *buf)
134 {
135 if (unlikely(!port->name))
136 port->name = "";
137
138 return sprintf(buf, "%s\n", port->name);
139 }
140
portio_start_show(struct uio_port * port,char * buf)141 static ssize_t portio_start_show(struct uio_port *port, char *buf)
142 {
143 return sprintf(buf, "0x%lx\n", port->start);
144 }
145
portio_size_show(struct uio_port * port,char * buf)146 static ssize_t portio_size_show(struct uio_port *port, char *buf)
147 {
148 return sprintf(buf, "0x%lx\n", port->size);
149 }
150
portio_porttype_show(struct uio_port * port,char * buf)151 static ssize_t portio_porttype_show(struct uio_port *port, char *buf)
152 {
153 const char *porttypes[] = {"none", "x86", "gpio", "other"};
154
155 if ((port->porttype < 0) || (port->porttype > UIO_PORT_OTHER))
156 return -EINVAL;
157
158 return sprintf(buf, "port_%s\n", porttypes[port->porttype]);
159 }
160
161 struct portio_sysfs_entry {
162 struct attribute attr;
163 ssize_t (*show)(struct uio_port *, char *);
164 ssize_t (*store)(struct uio_port *, const char *, size_t);
165 };
166
167 static struct portio_sysfs_entry portio_name_attribute =
168 __ATTR(name, S_IRUGO, portio_name_show, NULL);
169 static struct portio_sysfs_entry portio_start_attribute =
170 __ATTR(start, S_IRUGO, portio_start_show, NULL);
171 static struct portio_sysfs_entry portio_size_attribute =
172 __ATTR(size, S_IRUGO, portio_size_show, NULL);
173 static struct portio_sysfs_entry portio_porttype_attribute =
174 __ATTR(porttype, S_IRUGO, portio_porttype_show, NULL);
175
176 static struct attribute *portio_attrs[] = {
177 &portio_name_attribute.attr,
178 &portio_start_attribute.attr,
179 &portio_size_attribute.attr,
180 &portio_porttype_attribute.attr,
181 NULL,
182 };
183 ATTRIBUTE_GROUPS(portio);
184
portio_release(struct kobject * kobj)185 static void portio_release(struct kobject *kobj)
186 {
187 struct uio_portio *portio = to_portio(kobj);
188 kfree(portio);
189 }
190
portio_type_show(struct kobject * kobj,struct attribute * attr,char * buf)191 static ssize_t portio_type_show(struct kobject *kobj, struct attribute *attr,
192 char *buf)
193 {
194 struct uio_portio *portio = to_portio(kobj);
195 struct uio_port *port = portio->port;
196 struct portio_sysfs_entry *entry;
197
198 entry = container_of(attr, struct portio_sysfs_entry, attr);
199
200 if (!entry->show)
201 return -EIO;
202
203 return entry->show(port, buf);
204 }
205
206 static const struct sysfs_ops portio_sysfs_ops = {
207 .show = portio_type_show,
208 };
209
210 static const struct kobj_type portio_attr_type = {
211 .release = portio_release,
212 .sysfs_ops = &portio_sysfs_ops,
213 .default_groups = portio_groups,
214 };
215
name_show(struct device * dev,struct device_attribute * attr,char * buf)216 static ssize_t name_show(struct device *dev,
217 struct device_attribute *attr, char *buf)
218 {
219 struct uio_device *idev = dev_get_drvdata(dev);
220 int ret;
221
222 mutex_lock(&idev->info_lock);
223 if (!idev->info) {
224 ret = -EINVAL;
225 dev_err(dev, "the device has been unregistered\n");
226 goto out;
227 }
228
229 ret = sprintf(buf, "%s\n", idev->info->name);
230
231 out:
232 mutex_unlock(&idev->info_lock);
233 return ret;
234 }
235 static DEVICE_ATTR_RO(name);
236
version_show(struct device * dev,struct device_attribute * attr,char * buf)237 static ssize_t version_show(struct device *dev,
238 struct device_attribute *attr, char *buf)
239 {
240 struct uio_device *idev = dev_get_drvdata(dev);
241 int ret;
242
243 mutex_lock(&idev->info_lock);
244 if (!idev->info) {
245 ret = -EINVAL;
246 dev_err(dev, "the device has been unregistered\n");
247 goto out;
248 }
249
250 ret = sprintf(buf, "%s\n", idev->info->version);
251
252 out:
253 mutex_unlock(&idev->info_lock);
254 return ret;
255 }
256 static DEVICE_ATTR_RO(version);
257
event_show(struct device * dev,struct device_attribute * attr,char * buf)258 static ssize_t event_show(struct device *dev,
259 struct device_attribute *attr, char *buf)
260 {
261 struct uio_device *idev = dev_get_drvdata(dev);
262 return sprintf(buf, "%u\n", (unsigned int)atomic_read(&idev->event));
263 }
264 static DEVICE_ATTR_RO(event);
265
266 static struct attribute *uio_attrs[] = {
267 &dev_attr_name.attr,
268 &dev_attr_version.attr,
269 &dev_attr_event.attr,
270 NULL,
271 };
272 ATTRIBUTE_GROUPS(uio);
273
274 /* UIO class infrastructure */
275 static struct class uio_class = {
276 .name = "uio",
277 .dev_groups = uio_groups,
278 };
279
280 static bool uio_class_registered;
281
282 /*
283 * device functions
284 */
uio_dev_add_attributes(struct uio_device * idev)285 static int uio_dev_add_attributes(struct uio_device *idev)
286 {
287 int ret;
288 int mi, pi;
289 int map_found = 0;
290 int portio_found = 0;
291 struct uio_mem *mem;
292 struct uio_map *map;
293 struct uio_port *port;
294 struct uio_portio *portio;
295
296 for (mi = 0; mi < MAX_UIO_MAPS; mi++) {
297 mem = &idev->info->mem[mi];
298 if (mem->size == 0)
299 break;
300 if (!map_found) {
301 map_found = 1;
302 idev->map_dir = kobject_create_and_add("maps",
303 &idev->dev.kobj);
304 if (!idev->map_dir) {
305 ret = -ENOMEM;
306 goto err_map;
307 }
308 }
309 map = kzalloc(sizeof(*map), GFP_KERNEL);
310 if (!map) {
311 ret = -ENOMEM;
312 goto err_map;
313 }
314 kobject_init(&map->kobj, &map_attr_type);
315 map->mem = mem;
316 mem->map = map;
317 ret = kobject_add(&map->kobj, idev->map_dir, "map%d", mi);
318 if (ret)
319 goto err_map_kobj;
320 ret = kobject_uevent(&map->kobj, KOBJ_ADD);
321 if (ret)
322 goto err_map_kobj;
323 }
324
325 for (pi = 0; pi < MAX_UIO_PORT_REGIONS; pi++) {
326 port = &idev->info->port[pi];
327 if (port->size == 0)
328 break;
329 if (!portio_found) {
330 portio_found = 1;
331 idev->portio_dir = kobject_create_and_add("portio",
332 &idev->dev.kobj);
333 if (!idev->portio_dir) {
334 ret = -ENOMEM;
335 goto err_portio;
336 }
337 }
338 portio = kzalloc(sizeof(*portio), GFP_KERNEL);
339 if (!portio) {
340 ret = -ENOMEM;
341 goto err_portio;
342 }
343 kobject_init(&portio->kobj, &portio_attr_type);
344 portio->port = port;
345 port->portio = portio;
346 ret = kobject_add(&portio->kobj, idev->portio_dir,
347 "port%d", pi);
348 if (ret)
349 goto err_portio_kobj;
350 ret = kobject_uevent(&portio->kobj, KOBJ_ADD);
351 if (ret)
352 goto err_portio_kobj;
353 }
354
355 return 0;
356
357 err_portio:
358 pi--;
359 err_portio_kobj:
360 for (; pi >= 0; pi--) {
361 port = &idev->info->port[pi];
362 portio = port->portio;
363 kobject_put(&portio->kobj);
364 }
365 kobject_put(idev->portio_dir);
366 err_map:
367 mi--;
368 err_map_kobj:
369 for (; mi >= 0; mi--) {
370 mem = &idev->info->mem[mi];
371 map = mem->map;
372 kobject_put(&map->kobj);
373 }
374 kobject_put(idev->map_dir);
375 dev_err(&idev->dev, "error creating sysfs files (%d)\n", ret);
376 return ret;
377 }
378
uio_dev_del_attributes(struct uio_device * idev)379 static void uio_dev_del_attributes(struct uio_device *idev)
380 {
381 int i;
382 struct uio_mem *mem;
383 struct uio_port *port;
384
385 for (i = 0; i < MAX_UIO_MAPS; i++) {
386 mem = &idev->info->mem[i];
387 if (mem->size == 0)
388 break;
389 kobject_put(&mem->map->kobj);
390 }
391 kobject_put(idev->map_dir);
392
393 for (i = 0; i < MAX_UIO_PORT_REGIONS; i++) {
394 port = &idev->info->port[i];
395 if (port->size == 0)
396 break;
397 kobject_put(&port->portio->kobj);
398 }
399 kobject_put(idev->portio_dir);
400 }
401
uio_get_minor(struct uio_device * idev)402 static int uio_get_minor(struct uio_device *idev)
403 {
404 int retval;
405
406 mutex_lock(&minor_lock);
407 retval = idr_alloc(&uio_idr, idev, 0, UIO_MAX_DEVICES, GFP_KERNEL);
408 if (retval >= 0) {
409 idev->minor = retval;
410 retval = 0;
411 } else if (retval == -ENOSPC) {
412 dev_err(&idev->dev, "too many uio devices\n");
413 retval = -EINVAL;
414 }
415 mutex_unlock(&minor_lock);
416 return retval;
417 }
418
uio_free_minor(unsigned long minor)419 static void uio_free_minor(unsigned long minor)
420 {
421 mutex_lock(&minor_lock);
422 idr_remove(&uio_idr, minor);
423 mutex_unlock(&minor_lock);
424 }
425
426 /**
427 * uio_event_notify - trigger an interrupt event
428 * @info: UIO device capabilities
429 */
uio_event_notify(struct uio_info * info)430 void uio_event_notify(struct uio_info *info)
431 {
432 struct uio_device *idev = info->uio_dev;
433
434 atomic_inc(&idev->event);
435 wake_up_interruptible(&idev->wait);
436 kill_fasync(&idev->async_queue, SIGIO, POLL_IN);
437 }
438 EXPORT_SYMBOL_GPL(uio_event_notify);
439
440 /**
441 * uio_interrupt_handler - hardware interrupt handler
442 * @irq: IRQ number, can be UIO_IRQ_CYCLIC for cyclic timer
443 * @dev_id: Pointer to the devices uio_device structure
444 */
uio_interrupt_handler(int irq,void * dev_id)445 static irqreturn_t uio_interrupt_handler(int irq, void *dev_id)
446 {
447 struct uio_device *idev = (struct uio_device *)dev_id;
448 irqreturn_t ret;
449
450 ret = idev->info->handler(irq, idev->info);
451 if (ret == IRQ_HANDLED)
452 ret = IRQ_WAKE_THREAD;
453
454 return ret;
455 }
456
457 /**
458 * uio_interrupt_thread - irq thread handler
459 * @irq: IRQ number
460 * @dev_id: Pointer to the devices uio_device structure
461 */
uio_interrupt_thread(int irq,void * dev_id)462 static irqreturn_t uio_interrupt_thread(int irq, void *dev_id)
463 {
464 struct uio_device *idev = (struct uio_device *)dev_id;
465
466 uio_event_notify(idev->info);
467
468 return IRQ_HANDLED;
469 }
470
471 struct uio_listener {
472 struct uio_device *dev;
473 s32 event_count;
474 };
475
uio_open(struct inode * inode,struct file * filep)476 static int uio_open(struct inode *inode, struct file *filep)
477 {
478 struct uio_device *idev;
479 struct uio_listener *listener;
480 int ret = 0;
481
482 mutex_lock(&minor_lock);
483 idev = idr_find(&uio_idr, iminor(inode));
484 if (!idev) {
485 ret = -ENODEV;
486 mutex_unlock(&minor_lock);
487 goto out;
488 }
489 get_device(&idev->dev);
490 mutex_unlock(&minor_lock);
491
492 if (!try_module_get(idev->owner)) {
493 ret = -ENODEV;
494 goto err_module_get;
495 }
496
497 listener = kmalloc(sizeof(*listener), GFP_KERNEL);
498 if (!listener) {
499 ret = -ENOMEM;
500 goto err_alloc_listener;
501 }
502
503 listener->dev = idev;
504 listener->event_count = atomic_read(&idev->event);
505 filep->private_data = listener;
506
507 mutex_lock(&idev->info_lock);
508 if (!idev->info) {
509 mutex_unlock(&idev->info_lock);
510 ret = -EINVAL;
511 goto err_infoopen;
512 }
513
514 if (idev->info->open)
515 ret = idev->info->open(idev->info, inode);
516 mutex_unlock(&idev->info_lock);
517 if (ret)
518 goto err_infoopen;
519
520 return 0;
521
522 err_infoopen:
523 kfree(listener);
524
525 err_alloc_listener:
526 module_put(idev->owner);
527
528 err_module_get:
529 put_device(&idev->dev);
530
531 out:
532 return ret;
533 }
534
uio_fasync(int fd,struct file * filep,int on)535 static int uio_fasync(int fd, struct file *filep, int on)
536 {
537 struct uio_listener *listener = filep->private_data;
538 struct uio_device *idev = listener->dev;
539
540 return fasync_helper(fd, filep, on, &idev->async_queue);
541 }
542
uio_release(struct inode * inode,struct file * filep)543 static int uio_release(struct inode *inode, struct file *filep)
544 {
545 int ret = 0;
546 struct uio_listener *listener = filep->private_data;
547 struct uio_device *idev = listener->dev;
548
549 mutex_lock(&idev->info_lock);
550 if (idev->info && idev->info->release)
551 ret = idev->info->release(idev->info, inode);
552 mutex_unlock(&idev->info_lock);
553
554 module_put(idev->owner);
555 kfree(listener);
556 put_device(&idev->dev);
557 return ret;
558 }
559
uio_poll(struct file * filep,poll_table * wait)560 static __poll_t uio_poll(struct file *filep, poll_table *wait)
561 {
562 struct uio_listener *listener = filep->private_data;
563 struct uio_device *idev = listener->dev;
564 __poll_t ret = 0;
565
566 mutex_lock(&idev->info_lock);
567 if (!idev->info || !idev->info->irq)
568 ret = -EIO;
569 mutex_unlock(&idev->info_lock);
570
571 if (ret)
572 return ret;
573
574 poll_wait(filep, &idev->wait, wait);
575 if (listener->event_count != atomic_read(&idev->event))
576 return EPOLLIN | EPOLLRDNORM;
577 return 0;
578 }
579
uio_read(struct file * filep,char __user * buf,size_t count,loff_t * ppos)580 static ssize_t uio_read(struct file *filep, char __user *buf,
581 size_t count, loff_t *ppos)
582 {
583 struct uio_listener *listener = filep->private_data;
584 struct uio_device *idev = listener->dev;
585 DECLARE_WAITQUEUE(wait, current);
586 ssize_t retval = 0;
587 s32 event_count;
588
589 if (count != sizeof(s32))
590 return -EINVAL;
591
592 add_wait_queue(&idev->wait, &wait);
593
594 do {
595 mutex_lock(&idev->info_lock);
596 if (!idev->info || !idev->info->irq) {
597 retval = -EIO;
598 mutex_unlock(&idev->info_lock);
599 break;
600 }
601 mutex_unlock(&idev->info_lock);
602
603 set_current_state(TASK_INTERRUPTIBLE);
604
605 event_count = atomic_read(&idev->event);
606 if (event_count != listener->event_count) {
607 __set_current_state(TASK_RUNNING);
608 if (copy_to_user(buf, &event_count, count))
609 retval = -EFAULT;
610 else {
611 listener->event_count = event_count;
612 retval = count;
613 }
614 break;
615 }
616
617 if (filep->f_flags & O_NONBLOCK) {
618 retval = -EAGAIN;
619 break;
620 }
621
622 if (signal_pending(current)) {
623 retval = -ERESTARTSYS;
624 break;
625 }
626 schedule();
627 } while (1);
628
629 __set_current_state(TASK_RUNNING);
630 remove_wait_queue(&idev->wait, &wait);
631
632 return retval;
633 }
634
uio_write(struct file * filep,const char __user * buf,size_t count,loff_t * ppos)635 static ssize_t uio_write(struct file *filep, const char __user *buf,
636 size_t count, loff_t *ppos)
637 {
638 struct uio_listener *listener = filep->private_data;
639 struct uio_device *idev = listener->dev;
640 ssize_t retval;
641 s32 irq_on;
642
643 if (count != sizeof(s32))
644 return -EINVAL;
645
646 if (copy_from_user(&irq_on, buf, count))
647 return -EFAULT;
648
649 mutex_lock(&idev->info_lock);
650 if (!idev->info) {
651 retval = -EINVAL;
652 goto out;
653 }
654
655 if (!idev->info->irq) {
656 retval = -EIO;
657 goto out;
658 }
659
660 if (!idev->info->irqcontrol) {
661 retval = -ENOSYS;
662 goto out;
663 }
664
665 retval = idev->info->irqcontrol(idev->info, irq_on);
666
667 out:
668 mutex_unlock(&idev->info_lock);
669 return retval ? retval : sizeof(s32);
670 }
671
uio_find_mem_index(struct vm_area_struct * vma)672 static int uio_find_mem_index(struct vm_area_struct *vma)
673 {
674 struct uio_device *idev = vma->vm_private_data;
675
676 if (vma->vm_pgoff < MAX_UIO_MAPS) {
677 if (idev->info->mem[vma->vm_pgoff].size == 0)
678 return -1;
679 return (int)vma->vm_pgoff;
680 }
681 return -1;
682 }
683
uio_vma_fault(struct vm_fault * vmf)684 static vm_fault_t uio_vma_fault(struct vm_fault *vmf)
685 {
686 struct uio_device *idev = vmf->vma->vm_private_data;
687 struct page *page;
688 unsigned long offset;
689 void *addr;
690 vm_fault_t ret = 0;
691 int mi;
692
693 mutex_lock(&idev->info_lock);
694 if (!idev->info) {
695 ret = VM_FAULT_SIGBUS;
696 goto out;
697 }
698
699 mi = uio_find_mem_index(vmf->vma);
700 if (mi < 0) {
701 ret = VM_FAULT_SIGBUS;
702 goto out;
703 }
704
705 /*
706 * We need to subtract mi because userspace uses offset = N*PAGE_SIZE
707 * to use mem[N].
708 */
709 offset = (vmf->pgoff - mi) << PAGE_SHIFT;
710
711 addr = (void *)(unsigned long)idev->info->mem[mi].addr + offset;
712 if (idev->info->mem[mi].memtype == UIO_MEM_LOGICAL)
713 page = virt_to_page(addr);
714 else
715 page = vmalloc_to_page(addr);
716 get_page(page);
717 vmf->page = page;
718
719 out:
720 mutex_unlock(&idev->info_lock);
721
722 return ret;
723 }
724
725 static const struct vm_operations_struct uio_logical_vm_ops = {
726 .fault = uio_vma_fault,
727 };
728
uio_mmap_logical(struct vm_area_struct * vma)729 static int uio_mmap_logical(struct vm_area_struct *vma)
730 {
731 vm_flags_set(vma, VM_DONTEXPAND | VM_DONTDUMP);
732 vma->vm_ops = &uio_logical_vm_ops;
733 return 0;
734 }
735
736 static const struct vm_operations_struct uio_physical_vm_ops = {
737 #ifdef CONFIG_HAVE_IOREMAP_PROT
738 .access = generic_access_phys,
739 #endif
740 };
741
uio_mmap_physical(struct vm_area_struct * vma)742 static int uio_mmap_physical(struct vm_area_struct *vma)
743 {
744 struct uio_device *idev = vma->vm_private_data;
745 int mi = uio_find_mem_index(vma);
746 struct uio_mem *mem;
747
748 if (mi < 0)
749 return -EINVAL;
750 mem = idev->info->mem + mi;
751
752 if (mem->addr & ~PAGE_MASK)
753 return -ENODEV;
754 if (vma->vm_end - vma->vm_start > mem->size)
755 return -EINVAL;
756
757 vma->vm_ops = &uio_physical_vm_ops;
758 if (idev->info->mem[mi].memtype == UIO_MEM_PHYS)
759 vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot);
760
761 /*
762 * We cannot use the vm_iomap_memory() helper here,
763 * because vma->vm_pgoff is the map index we looked
764 * up above in uio_find_mem_index(), rather than an
765 * actual page offset into the mmap.
766 *
767 * So we just do the physical mmap without a page
768 * offset.
769 */
770 return remap_pfn_range(vma,
771 vma->vm_start,
772 mem->addr >> PAGE_SHIFT,
773 vma->vm_end - vma->vm_start,
774 vma->vm_page_prot);
775 }
776
uio_mmap_dma_coherent(struct vm_area_struct * vma)777 static int uio_mmap_dma_coherent(struct vm_area_struct *vma)
778 {
779 struct uio_device *idev = vma->vm_private_data;
780 struct uio_mem *mem;
781 void *addr;
782 int ret = 0;
783 int mi;
784
785 mi = uio_find_mem_index(vma);
786 if (mi < 0)
787 return -EINVAL;
788
789 mem = idev->info->mem + mi;
790
791 if (mem->addr & ~PAGE_MASK)
792 return -ENODEV;
793 if (mem->dma_addr & ~PAGE_MASK)
794 return -ENODEV;
795 if (!mem->dma_device)
796 return -ENODEV;
797 if (vma->vm_end - vma->vm_start > mem->size)
798 return -EINVAL;
799
800 dev_warn(mem->dma_device,
801 "use of UIO_MEM_DMA_COHERENT is highly discouraged");
802
803 /*
804 * UIO uses offset to index into the maps for a device.
805 * We need to clear vm_pgoff for dma_mmap_coherent.
806 */
807 vma->vm_pgoff = 0;
808
809 addr = (void *)(uintptr_t)mem->addr;
810 ret = dma_mmap_coherent(mem->dma_device,
811 vma,
812 addr,
813 mem->dma_addr,
814 vma->vm_end - vma->vm_start);
815 vma->vm_pgoff = mi;
816
817 return ret;
818 }
819
uio_mmap(struct file * filep,struct vm_area_struct * vma)820 static int uio_mmap(struct file *filep, struct vm_area_struct *vma)
821 {
822 struct uio_listener *listener = filep->private_data;
823 struct uio_device *idev = listener->dev;
824 int mi;
825 unsigned long requested_pages, actual_pages;
826 int ret = 0;
827
828 if (vma->vm_end < vma->vm_start)
829 return -EINVAL;
830
831 vma->vm_private_data = idev;
832
833 mutex_lock(&idev->info_lock);
834 if (!idev->info) {
835 ret = -EINVAL;
836 goto out;
837 }
838
839 mi = uio_find_mem_index(vma);
840 if (mi < 0) {
841 ret = -EINVAL;
842 goto out;
843 }
844
845 requested_pages = vma_pages(vma);
846 actual_pages = ((idev->info->mem[mi].addr & ~PAGE_MASK)
847 + idev->info->mem[mi].size + PAGE_SIZE -1) >> PAGE_SHIFT;
848 if (requested_pages > actual_pages) {
849 ret = -EINVAL;
850 goto out;
851 }
852
853 if (idev->info->mmap) {
854 ret = idev->info->mmap(idev->info, vma);
855 goto out;
856 }
857
858 switch (idev->info->mem[mi].memtype) {
859 case UIO_MEM_IOVA:
860 case UIO_MEM_PHYS:
861 ret = uio_mmap_physical(vma);
862 break;
863 case UIO_MEM_LOGICAL:
864 case UIO_MEM_VIRTUAL:
865 ret = uio_mmap_logical(vma);
866 break;
867 case UIO_MEM_DMA_COHERENT:
868 ret = uio_mmap_dma_coherent(vma);
869 break;
870 default:
871 ret = -EINVAL;
872 }
873
874 out:
875 mutex_unlock(&idev->info_lock);
876 return ret;
877 }
878
879 static const struct file_operations uio_fops = {
880 .owner = THIS_MODULE,
881 .open = uio_open,
882 .release = uio_release,
883 .read = uio_read,
884 .write = uio_write,
885 .mmap = uio_mmap,
886 .poll = uio_poll,
887 .fasync = uio_fasync,
888 .llseek = noop_llseek,
889 };
890
uio_major_init(void)891 static int uio_major_init(void)
892 {
893 static const char name[] = "uio";
894 struct cdev *cdev = NULL;
895 dev_t uio_dev = 0;
896 int result;
897
898 result = alloc_chrdev_region(&uio_dev, 0, UIO_MAX_DEVICES, name);
899 if (result)
900 goto out;
901
902 result = -ENOMEM;
903 cdev = cdev_alloc();
904 if (!cdev)
905 goto out_unregister;
906
907 cdev->owner = THIS_MODULE;
908 cdev->ops = &uio_fops;
909 kobject_set_name(&cdev->kobj, "%s", name);
910
911 result = cdev_add(cdev, uio_dev, UIO_MAX_DEVICES);
912 if (result)
913 goto out_put;
914
915 uio_major = MAJOR(uio_dev);
916 uio_cdev = cdev;
917 return 0;
918 out_put:
919 kobject_put(&cdev->kobj);
920 out_unregister:
921 unregister_chrdev_region(uio_dev, UIO_MAX_DEVICES);
922 out:
923 return result;
924 }
925
uio_major_cleanup(void)926 static void uio_major_cleanup(void)
927 {
928 unregister_chrdev_region(MKDEV(uio_major, 0), UIO_MAX_DEVICES);
929 cdev_del(uio_cdev);
930 }
931
init_uio_class(void)932 static int init_uio_class(void)
933 {
934 int ret;
935
936 /* This is the first time in here, set everything up properly */
937 ret = uio_major_init();
938 if (ret)
939 goto exit;
940
941 ret = class_register(&uio_class);
942 if (ret) {
943 printk(KERN_ERR "class_register failed for uio\n");
944 goto err_class_register;
945 }
946
947 uio_class_registered = true;
948
949 return 0;
950
951 err_class_register:
952 uio_major_cleanup();
953 exit:
954 return ret;
955 }
956
release_uio_class(void)957 static void release_uio_class(void)
958 {
959 uio_class_registered = false;
960 class_unregister(&uio_class);
961 uio_major_cleanup();
962 }
963
uio_device_release(struct device * dev)964 static void uio_device_release(struct device *dev)
965 {
966 struct uio_device *idev = dev_get_drvdata(dev);
967
968 kfree(idev);
969 }
970
971 /**
972 * __uio_register_device - register a new userspace IO device
973 * @owner: module that creates the new device
974 * @parent: parent device
975 * @info: UIO device capabilities
976 *
977 * returns zero on success or a negative error code.
978 */
__uio_register_device(struct module * owner,struct device * parent,struct uio_info * info)979 int __uio_register_device(struct module *owner,
980 struct device *parent,
981 struct uio_info *info)
982 {
983 struct uio_device *idev;
984 int ret = 0;
985
986 if (!uio_class_registered)
987 return -EPROBE_DEFER;
988
989 if (!parent || !info || !info->name || !info->version)
990 return -EINVAL;
991
992 info->uio_dev = NULL;
993
994 idev = kzalloc(sizeof(*idev), GFP_KERNEL);
995 if (!idev) {
996 return -ENOMEM;
997 }
998
999 idev->owner = owner;
1000 idev->info = info;
1001 mutex_init(&idev->info_lock);
1002 init_waitqueue_head(&idev->wait);
1003 atomic_set(&idev->event, 0);
1004
1005 ret = uio_get_minor(idev);
1006 if (ret) {
1007 kfree(idev);
1008 return ret;
1009 }
1010
1011 device_initialize(&idev->dev);
1012 idev->dev.devt = MKDEV(uio_major, idev->minor);
1013 idev->dev.class = &uio_class;
1014 idev->dev.parent = parent;
1015 idev->dev.release = uio_device_release;
1016 dev_set_drvdata(&idev->dev, idev);
1017
1018 ret = dev_set_name(&idev->dev, "uio%d", idev->minor);
1019 if (ret)
1020 goto err_device_create;
1021
1022 ret = device_add(&idev->dev);
1023 if (ret)
1024 goto err_device_create;
1025
1026 ret = uio_dev_add_attributes(idev);
1027 if (ret)
1028 goto err_uio_dev_add_attributes;
1029
1030 info->uio_dev = idev;
1031
1032 if (info->irq && (info->irq != UIO_IRQ_CUSTOM)) {
1033 /*
1034 * Note that we deliberately don't use devm_request_irq
1035 * here. The parent module can unregister the UIO device
1036 * and call pci_disable_msi, which requires that this
1037 * irq has been freed. However, the device may have open
1038 * FDs at the time of unregister and therefore may not be
1039 * freed until they are released.
1040 */
1041 ret = request_threaded_irq(info->irq, uio_interrupt_handler, uio_interrupt_thread,
1042 info->irq_flags, info->name, idev);
1043 if (ret) {
1044 info->uio_dev = NULL;
1045 goto err_request_irq;
1046 }
1047 }
1048
1049 return 0;
1050
1051 err_request_irq:
1052 uio_dev_del_attributes(idev);
1053 err_uio_dev_add_attributes:
1054 device_del(&idev->dev);
1055 err_device_create:
1056 uio_free_minor(idev->minor);
1057 put_device(&idev->dev);
1058 return ret;
1059 }
1060 EXPORT_SYMBOL_GPL(__uio_register_device);
1061
devm_uio_unregister_device(struct device * dev,void * res)1062 static void devm_uio_unregister_device(struct device *dev, void *res)
1063 {
1064 uio_unregister_device(*(struct uio_info **)res);
1065 }
1066
1067 /**
1068 * __devm_uio_register_device - Resource managed uio_register_device()
1069 * @owner: module that creates the new device
1070 * @parent: parent device
1071 * @info: UIO device capabilities
1072 *
1073 * returns zero on success or a negative error code.
1074 */
__devm_uio_register_device(struct module * owner,struct device * parent,struct uio_info * info)1075 int __devm_uio_register_device(struct module *owner,
1076 struct device *parent,
1077 struct uio_info *info)
1078 {
1079 struct uio_info **ptr;
1080 int ret;
1081
1082 ptr = devres_alloc(devm_uio_unregister_device, sizeof(*ptr),
1083 GFP_KERNEL);
1084 if (!ptr)
1085 return -ENOMEM;
1086
1087 *ptr = info;
1088 ret = __uio_register_device(owner, parent, info);
1089 if (ret) {
1090 devres_free(ptr);
1091 return ret;
1092 }
1093
1094 devres_add(parent, ptr);
1095
1096 return 0;
1097 }
1098 EXPORT_SYMBOL_GPL(__devm_uio_register_device);
1099
1100 /**
1101 * uio_unregister_device - unregister a industrial IO device
1102 * @info: UIO device capabilities
1103 *
1104 */
uio_unregister_device(struct uio_info * info)1105 void uio_unregister_device(struct uio_info *info)
1106 {
1107 struct uio_device *idev;
1108 unsigned long minor;
1109
1110 if (!info || !info->uio_dev)
1111 return;
1112
1113 idev = info->uio_dev;
1114 minor = idev->minor;
1115
1116 mutex_lock(&idev->info_lock);
1117 uio_dev_del_attributes(idev);
1118
1119 if (info->irq && info->irq != UIO_IRQ_CUSTOM)
1120 free_irq(info->irq, idev);
1121
1122 idev->info = NULL;
1123 mutex_unlock(&idev->info_lock);
1124
1125 wake_up_interruptible(&idev->wait);
1126 kill_fasync(&idev->async_queue, SIGIO, POLL_HUP);
1127
1128 uio_free_minor(minor);
1129 device_unregister(&idev->dev);
1130
1131 return;
1132 }
1133 EXPORT_SYMBOL_GPL(uio_unregister_device);
1134
uio_init(void)1135 static int __init uio_init(void)
1136 {
1137 return init_uio_class();
1138 }
1139
uio_exit(void)1140 static void __exit uio_exit(void)
1141 {
1142 release_uio_class();
1143 idr_destroy(&uio_idr);
1144 }
1145
1146 module_init(uio_init)
1147 module_exit(uio_exit)
1148 MODULE_DESCRIPTION("Userspace IO core module");
1149 MODULE_LICENSE("GPL v2");
1150