1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Framework for userspace DMA-BUF allocations
4 *
5 * Copyright (C) 2011 Google, Inc.
6 * Copyright (C) 2019 Linaro Ltd.
7 */
8
9 #include <linux/cdev.h>
10 #include <linux/debugfs.h>
11 #include <linux/device.h>
12 #include <linux/dma-buf.h>
13 #include <linux/err.h>
14 #include <linux/xarray.h>
15 #include <linux/list.h>
16 #include <linux/slab.h>
17 #include <linux/nospec.h>
18 #include <linux/uaccess.h>
19 #include <linux/syscalls.h>
20 #include <linux/dma-heap.h>
21 #include <uapi/linux/dma-heap.h>
22
23 #define DEVNAME "dma_heap"
24
25 #define NUM_HEAP_MINORS 128
26
27 /**
28 * struct dma_heap - represents a dmabuf heap in the system
29 * @name: used for debugging/device-node name
30 * @ops: ops struct for this heap
31 * @heap_devt heap device node
32 * @list list head connecting to list of heaps
33 * @heap_cdev heap char device
34 *
35 * Represents a heap of memory from which buffers can be made.
36 */
37 struct dma_heap {
38 const char *name;
39 const struct dma_heap_ops *ops;
40 void *priv;
41 dev_t heap_devt;
42 struct list_head list;
43 struct cdev heap_cdev;
44 };
45
46 static LIST_HEAD(heap_list);
47 static DEFINE_MUTEX(heap_list_lock);
48 static dev_t dma_heap_devt;
49 static struct class *dma_heap_class;
50 static DEFINE_XARRAY_ALLOC(dma_heap_minors);
51
dma_heap_buffer_alloc(struct dma_heap * heap,size_t len,unsigned int fd_flags,unsigned int heap_flags)52 static int dma_heap_buffer_alloc(struct dma_heap *heap, size_t len,
53 unsigned int fd_flags,
54 unsigned int heap_flags)
55 {
56 /*
57 * Allocations from all heaps have to begin
58 * and end on page boundaries.
59 */
60 len = PAGE_ALIGN(len);
61 if (!len)
62 return -EINVAL;
63
64 return heap->ops->allocate(heap, len, fd_flags, heap_flags);
65 }
66
dma_heap_open(struct inode * inode,struct file * file)67 static int dma_heap_open(struct inode *inode, struct file *file)
68 {
69 struct dma_heap *heap;
70
71 heap = xa_load(&dma_heap_minors, iminor(inode));
72 if (!heap) {
73 pr_err("dma_heap: minor %d unknown.\n", iminor(inode));
74 return -ENODEV;
75 }
76
77 /* instance data as context */
78 file->private_data = heap;
79 nonseekable_open(inode, file);
80
81 return 0;
82 }
83
dma_heap_ioctl_allocate(struct file * file,void * data)84 static long dma_heap_ioctl_allocate(struct file *file, void *data)
85 {
86 struct dma_heap_allocation_data *heap_allocation = data;
87 struct dma_heap *heap = file->private_data;
88 int fd;
89
90 if (heap_allocation->fd)
91 return -EINVAL;
92
93 if (heap_allocation->fd_flags & ~DMA_HEAP_VALID_FD_FLAGS)
94 return -EINVAL;
95
96 fd = dma_heap_buffer_alloc(heap, heap_allocation->len,
97 heap_allocation->fd_flags,
98 heap_allocation->heap_flags);
99 if (fd < 0)
100 return fd;
101
102 heap_allocation->fd = fd;
103
104 return 0;
105 }
106
107 static unsigned int dma_heap_ioctl_cmds[] = {
108 DMA_HEAP_IOCTL_ALLOC,
109 };
110
dma_heap_ioctl(struct file * file,unsigned int ucmd,unsigned long arg)111 static long dma_heap_ioctl(struct file *file, unsigned int ucmd,
112 unsigned long arg)
113 {
114 char stack_kdata[128];
115 char *kdata = stack_kdata;
116 unsigned int kcmd;
117 unsigned int in_size, out_size, drv_size, ksize;
118 int nr = _IOC_NR(ucmd);
119 int ret = 0;
120
121 if (nr >= ARRAY_SIZE(dma_heap_ioctl_cmds))
122 return -EINVAL;
123
124 nr = array_index_nospec(nr, ARRAY_SIZE(dma_heap_ioctl_cmds));
125 /* Get the kernel ioctl cmd that matches */
126 kcmd = dma_heap_ioctl_cmds[nr];
127
128 /* Figure out the delta between user cmd size and kernel cmd size */
129 drv_size = _IOC_SIZE(kcmd);
130 out_size = _IOC_SIZE(ucmd);
131 in_size = out_size;
132 if ((ucmd & kcmd & IOC_IN) == 0)
133 in_size = 0;
134 if ((ucmd & kcmd & IOC_OUT) == 0)
135 out_size = 0;
136 ksize = max(max(in_size, out_size), drv_size);
137
138 /* If necessary, allocate buffer for ioctl argument */
139 if (ksize > sizeof(stack_kdata)) {
140 kdata = kmalloc(ksize, GFP_KERNEL);
141 if (!kdata)
142 return -ENOMEM;
143 }
144
145 if (copy_from_user(kdata, (void __user *)arg, in_size) != 0) {
146 ret = -EFAULT;
147 goto err;
148 }
149
150 /* zero out any difference between the kernel/user structure size */
151 if (ksize > in_size)
152 memset(kdata + in_size, 0, ksize - in_size);
153
154 switch (kcmd) {
155 case DMA_HEAP_IOCTL_ALLOC:
156 ret = dma_heap_ioctl_allocate(file, kdata);
157 break;
158 default:
159 ret = -ENOTTY;
160 goto err;
161 }
162
163 if (copy_to_user((void __user *)arg, kdata, out_size) != 0)
164 ret = -EFAULT;
165 err:
166 if (kdata != stack_kdata)
167 kfree(kdata);
168 return ret;
169 }
170
171 static const struct file_operations dma_heap_fops = {
172 .owner = THIS_MODULE,
173 .open = dma_heap_open,
174 .unlocked_ioctl = dma_heap_ioctl,
175 #ifdef CONFIG_COMPAT
176 .compat_ioctl = dma_heap_ioctl,
177 #endif
178 };
179
180 /**
181 * dma_heap_get_drvdata() - get per-subdriver data for the heap
182 * @heap: DMA-Heap to retrieve private data for
183 *
184 * Returns:
185 * The per-subdriver data for the heap.
186 */
dma_heap_get_drvdata(struct dma_heap * heap)187 void *dma_heap_get_drvdata(struct dma_heap *heap)
188 {
189 return heap->priv;
190 }
191
192 /**
193 * dma_heap_get_name() - get heap name
194 * @heap: DMA-Heap to retrieve private data for
195 *
196 * Returns:
197 * The char* for the heap name.
198 */
dma_heap_get_name(struct dma_heap * heap)199 const char *dma_heap_get_name(struct dma_heap *heap)
200 {
201 return heap->name;
202 }
203
dma_heap_add(const struct dma_heap_export_info * exp_info)204 struct dma_heap *dma_heap_add(const struct dma_heap_export_info *exp_info)
205 {
206 struct dma_heap *heap, *h, *err_ret;
207 struct device *dev_ret;
208 unsigned int minor;
209 int ret;
210
211 if (!exp_info->name || !strcmp(exp_info->name, "")) {
212 pr_err("dma_heap: Cannot add heap without a name\n");
213 return ERR_PTR(-EINVAL);
214 }
215
216 if (!exp_info->ops || !exp_info->ops->allocate) {
217 pr_err("dma_heap: Cannot add heap with invalid ops struct\n");
218 return ERR_PTR(-EINVAL);
219 }
220
221 heap = kzalloc(sizeof(*heap), GFP_KERNEL);
222 if (!heap)
223 return ERR_PTR(-ENOMEM);
224
225 heap->name = exp_info->name;
226 heap->ops = exp_info->ops;
227 heap->priv = exp_info->priv;
228
229 /* Find unused minor number */
230 ret = xa_alloc(&dma_heap_minors, &minor, heap,
231 XA_LIMIT(0, NUM_HEAP_MINORS - 1), GFP_KERNEL);
232 if (ret < 0) {
233 pr_err("dma_heap: Unable to get minor number for heap\n");
234 err_ret = ERR_PTR(ret);
235 goto err0;
236 }
237
238 /* Create device */
239 heap->heap_devt = MKDEV(MAJOR(dma_heap_devt), minor);
240
241 cdev_init(&heap->heap_cdev, &dma_heap_fops);
242 ret = cdev_add(&heap->heap_cdev, heap->heap_devt, 1);
243 if (ret < 0) {
244 pr_err("dma_heap: Unable to add char device\n");
245 err_ret = ERR_PTR(ret);
246 goto err1;
247 }
248
249 dev_ret = device_create(dma_heap_class,
250 NULL,
251 heap->heap_devt,
252 NULL,
253 heap->name);
254 if (IS_ERR(dev_ret)) {
255 pr_err("dma_heap: Unable to create device\n");
256 err_ret = ERR_CAST(dev_ret);
257 goto err2;
258 }
259
260 mutex_lock(&heap_list_lock);
261 /* check the name is unique */
262 list_for_each_entry(h, &heap_list, list) {
263 if (!strcmp(h->name, exp_info->name)) {
264 mutex_unlock(&heap_list_lock);
265 pr_err("dma_heap: Already registered heap named %s\n",
266 exp_info->name);
267 err_ret = ERR_PTR(-EINVAL);
268 goto err3;
269 }
270 }
271
272 /* Add heap to the list */
273 list_add(&heap->list, &heap_list);
274 mutex_unlock(&heap_list_lock);
275
276 return heap;
277
278 err3:
279 device_destroy(dma_heap_class, heap->heap_devt);
280 err2:
281 cdev_del(&heap->heap_cdev);
282 err1:
283 xa_erase(&dma_heap_minors, minor);
284 err0:
285 kfree(heap);
286 return err_ret;
287 }
288
dma_heap_devnode(struct device * dev,umode_t * mode)289 static char *dma_heap_devnode(struct device *dev, umode_t *mode)
290 {
291 return kasprintf(GFP_KERNEL, "dma_heap/%s", dev_name(dev));
292 }
293
dma_heap_init(void)294 static int dma_heap_init(void)
295 {
296 int ret;
297
298 ret = alloc_chrdev_region(&dma_heap_devt, 0, NUM_HEAP_MINORS, DEVNAME);
299 if (ret)
300 return ret;
301
302 dma_heap_class = class_create(THIS_MODULE, DEVNAME);
303 if (IS_ERR(dma_heap_class)) {
304 unregister_chrdev_region(dma_heap_devt, NUM_HEAP_MINORS);
305 return PTR_ERR(dma_heap_class);
306 }
307 dma_heap_class->devnode = dma_heap_devnode;
308
309 return 0;
310 }
311 subsys_initcall(dma_heap_init);
312