1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Framework for userspace DMA-BUF allocations
4 *
5 * Copyright (C) 2011 Google, Inc.
6 * Copyright (C) 2019 Linaro Ltd.
7 */
8
9 #include <linux/cdev.h>
10 #include <linux/debugfs.h>
11 #include <linux/device.h>
12 #include <linux/dma-buf.h>
13 #include <linux/err.h>
14 #include <linux/xarray.h>
15 #include <linux/list.h>
16 #include <linux/slab.h>
17 #include <linux/nospec.h>
18 #include <linux/uaccess.h>
19 #include <linux/syscalls.h>
20 #include <linux/dma-heap.h>
21 #include <uapi/linux/dma-heap.h>
22
23 #define DEVNAME "dma_heap"
24
25 #define NUM_HEAP_MINORS 128
26
27 /**
28 * struct dma_heap - represents a dmabuf heap in the system
29 * @name: used for debugging/device-node name
30 * @ops: ops struct for this heap
31 * @heap_devt heap device node
32 * @list list head connecting to list of heaps
33 * @heap_cdev heap char device
34 * @heap_dev heap device struct
35 *
36 * Represents a heap of memory from which buffers can be made.
37 */
38 struct dma_heap {
39 const char *name;
40 const struct dma_heap_ops *ops;
41 void *priv;
42 dev_t heap_devt;
43 struct list_head list;
44 struct cdev heap_cdev;
45 struct kref refcount;
46 struct device *heap_dev;
47 };
48
49 static LIST_HEAD(heap_list);
50 static DEFINE_MUTEX(heap_list_lock);
51 static dev_t dma_heap_devt;
52 static struct class *dma_heap_class;
53 static DEFINE_XARRAY_ALLOC(dma_heap_minors);
54
dma_heap_find(const char * name)55 struct dma_heap *dma_heap_find(const char *name)
56 {
57 struct dma_heap *h;
58
59 mutex_lock(&heap_list_lock);
60 list_for_each_entry(h, &heap_list, list) {
61 if (!strcmp(h->name, name)) {
62 kref_get(&h->refcount);
63 mutex_unlock(&heap_list_lock);
64 return h;
65 }
66 }
67 mutex_unlock(&heap_list_lock);
68 return NULL;
69 }
70 EXPORT_SYMBOL_GPL(dma_heap_find);
71
72
dma_heap_buffer_free(struct dma_buf * dmabuf)73 void dma_heap_buffer_free(struct dma_buf *dmabuf)
74 {
75 dma_buf_put(dmabuf);
76 }
77 EXPORT_SYMBOL_GPL(dma_heap_buffer_free);
78
dma_heap_buffer_alloc(struct dma_heap * heap,size_t len,unsigned int fd_flags,unsigned int heap_flags)79 struct dma_buf *dma_heap_buffer_alloc(struct dma_heap *heap, size_t len,
80 unsigned int fd_flags,
81 unsigned int heap_flags)
82 {
83 if (fd_flags & ~DMA_HEAP_VALID_FD_FLAGS)
84 return ERR_PTR(-EINVAL);
85
86 if (heap_flags & ~DMA_HEAP_VALID_HEAP_FLAGS)
87 return ERR_PTR(-EINVAL);
88 /*
89 * Allocations from all heaps have to begin
90 * and end on page boundaries.
91 */
92 len = PAGE_ALIGN(len);
93 if (!len)
94 return ERR_PTR(-EINVAL);
95
96 return heap->ops->allocate(heap, len, fd_flags, heap_flags);
97 }
98 EXPORT_SYMBOL_GPL(dma_heap_buffer_alloc);
99
dma_heap_bufferfd_alloc(struct dma_heap * heap,size_t len,unsigned int fd_flags,unsigned int heap_flags)100 int dma_heap_bufferfd_alloc(struct dma_heap *heap, size_t len,
101 unsigned int fd_flags,
102 unsigned int heap_flags)
103 {
104 struct dma_buf *dmabuf;
105 int fd;
106
107 dmabuf = dma_heap_buffer_alloc(heap, len, fd_flags, heap_flags);
108
109 if (IS_ERR(dmabuf))
110 return PTR_ERR(dmabuf);
111
112 fd = dma_buf_fd(dmabuf, fd_flags);
113 if (fd < 0) {
114 dma_buf_put(dmabuf);
115 /* just return, as put will call release and that will free */
116 }
117 return fd;
118
119 }
120 EXPORT_SYMBOL_GPL(dma_heap_bufferfd_alloc);
121
dma_heap_open(struct inode * inode,struct file * file)122 static int dma_heap_open(struct inode *inode, struct file *file)
123 {
124 struct dma_heap *heap;
125
126 heap = xa_load(&dma_heap_minors, iminor(inode));
127 if (!heap) {
128 pr_err("dma_heap: minor %d unknown.\n", iminor(inode));
129 return -ENODEV;
130 }
131
132 /* instance data as context */
133 file->private_data = heap;
134 nonseekable_open(inode, file);
135
136 return 0;
137 }
138
dma_heap_ioctl_allocate(struct file * file,void * data)139 static long dma_heap_ioctl_allocate(struct file *file, void *data)
140 {
141 struct dma_heap_allocation_data *heap_allocation = data;
142 struct dma_heap *heap = file->private_data;
143 int fd;
144
145 if (heap_allocation->fd)
146 return -EINVAL;
147
148 fd = dma_heap_bufferfd_alloc(heap, heap_allocation->len,
149 heap_allocation->fd_flags,
150 heap_allocation->heap_flags);
151 if (fd < 0)
152 return fd;
153
154 heap_allocation->fd = fd;
155
156 return 0;
157 }
158
dma_heap_ioctl_get_phys(struct file * file,void * data)159 static int dma_heap_ioctl_get_phys(struct file *file, void *data)
160 {
161 #if IS_ENABLED(CONFIG_NO_GKI)
162 struct dma_heap *heap = file->private_data;
163 struct dma_heap_phys_data *phys = data;
164
165 if (heap->ops->get_phys)
166 return heap->ops->get_phys(heap, phys);
167 #endif
168
169 return -EINVAL;
170 }
171
172 static unsigned int dma_heap_ioctl_cmds[] = {
173 DMA_HEAP_IOCTL_ALLOC,
174 DMA_HEAP_IOCTL_GET_PHYS,
175 };
176
dma_heap_ioctl(struct file * file,unsigned int ucmd,unsigned long arg)177 static long dma_heap_ioctl(struct file *file, unsigned int ucmd,
178 unsigned long arg)
179 {
180 char stack_kdata[128];
181 char *kdata = stack_kdata;
182 unsigned int kcmd;
183 unsigned int in_size, out_size, drv_size, ksize;
184 int nr = _IOC_NR(ucmd);
185 int ret = 0;
186
187 if (nr >= ARRAY_SIZE(dma_heap_ioctl_cmds))
188 return -EINVAL;
189
190 nr = array_index_nospec(nr, ARRAY_SIZE(dma_heap_ioctl_cmds));
191 /* Get the kernel ioctl cmd that matches */
192 kcmd = dma_heap_ioctl_cmds[nr];
193
194 /* Figure out the delta between user cmd size and kernel cmd size */
195 drv_size = _IOC_SIZE(kcmd);
196 out_size = _IOC_SIZE(ucmd);
197 in_size = out_size;
198 if ((ucmd & kcmd & IOC_IN) == 0)
199 in_size = 0;
200 if ((ucmd & kcmd & IOC_OUT) == 0)
201 out_size = 0;
202 ksize = max(max(in_size, out_size), drv_size);
203
204 /* If necessary, allocate buffer for ioctl argument */
205 if (ksize > sizeof(stack_kdata)) {
206 kdata = kmalloc(ksize, GFP_KERNEL);
207 if (!kdata)
208 return -ENOMEM;
209 }
210
211 if (copy_from_user(kdata, (void __user *)arg, in_size) != 0) {
212 ret = -EFAULT;
213 goto err;
214 }
215
216 /* zero out any difference between the kernel/user structure size */
217 if (ksize > in_size)
218 memset(kdata + in_size, 0, ksize - in_size);
219
220 switch (kcmd) {
221 case DMA_HEAP_IOCTL_ALLOC:
222 ret = dma_heap_ioctl_allocate(file, kdata);
223 break;
224 case DMA_HEAP_IOCTL_GET_PHYS:
225 ret = dma_heap_ioctl_get_phys(file, kdata);
226 break;
227 default:
228 ret = -ENOTTY;
229 goto err;
230 }
231
232 if (copy_to_user((void __user *)arg, kdata, out_size) != 0)
233 ret = -EFAULT;
234 err:
235 if (kdata != stack_kdata)
236 kfree(kdata);
237 return ret;
238 }
239
240 static const struct file_operations dma_heap_fops = {
241 .owner = THIS_MODULE,
242 .open = dma_heap_open,
243 .unlocked_ioctl = dma_heap_ioctl,
244 #ifdef CONFIG_COMPAT
245 .compat_ioctl = dma_heap_ioctl,
246 #endif
247 };
248
249 /**
250 * dma_heap_get_drvdata() - get per-subdriver data for the heap
251 * @heap: DMA-Heap to retrieve private data for
252 *
253 * Returns:
254 * The per-subdriver data for the heap.
255 */
dma_heap_get_drvdata(struct dma_heap * heap)256 void *dma_heap_get_drvdata(struct dma_heap *heap)
257 {
258 return heap->priv;
259 }
260 EXPORT_SYMBOL_GPL(dma_heap_get_drvdata);
261
dma_heap_release(struct kref * ref)262 static void dma_heap_release(struct kref *ref)
263 {
264 struct dma_heap *heap = container_of(ref, struct dma_heap, refcount);
265 int minor = MINOR(heap->heap_devt);
266
267 /* Note, we already holding the heap_list_lock here */
268 list_del(&heap->list);
269
270 device_destroy(dma_heap_class, heap->heap_devt);
271 cdev_del(&heap->heap_cdev);
272 xa_erase(&dma_heap_minors, minor);
273
274 kfree(heap);
275 }
276
dma_heap_put(struct dma_heap * h)277 void dma_heap_put(struct dma_heap *h)
278 {
279 /*
280 * Take the heap_list_lock now to avoid racing with code
281 * scanning the list and then taking a kref.
282 */
283 mutex_lock(&heap_list_lock);
284 kref_put(&h->refcount, dma_heap_release);
285 mutex_unlock(&heap_list_lock);
286 }
287 EXPORT_SYMBOL_GPL(dma_heap_put);
288
289 /**
290 * dma_heap_get_dev() - get device struct for the heap
291 * @heap: DMA-Heap to retrieve device struct from
292 *
293 * Returns:
294 * The device struct for the heap.
295 */
dma_heap_get_dev(struct dma_heap * heap)296 struct device *dma_heap_get_dev(struct dma_heap *heap)
297 {
298 return heap->heap_dev;
299 }
300 EXPORT_SYMBOL_GPL(dma_heap_get_dev);
301
302 /**
303 * dma_heap_get_name() - get heap name
304 * @heap: DMA-Heap to retrieve private data for
305 *
306 * Returns:
307 * The char* for the heap name.
308 */
dma_heap_get_name(struct dma_heap * heap)309 const char *dma_heap_get_name(struct dma_heap *heap)
310 {
311 return heap->name;
312 }
313 EXPORT_SYMBOL_GPL(dma_heap_get_name);
314
dma_heap_add(const struct dma_heap_export_info * exp_info)315 struct dma_heap *dma_heap_add(const struct dma_heap_export_info *exp_info)
316 {
317 struct dma_heap *heap, *h, *err_ret;
318 unsigned int minor;
319 int ret;
320
321 if (!exp_info->name || !strcmp(exp_info->name, "")) {
322 pr_err("dma_heap: Cannot add heap without a name\n");
323 return ERR_PTR(-EINVAL);
324 }
325
326 if (!exp_info->ops || !exp_info->ops->allocate) {
327 pr_err("dma_heap: Cannot add heap with invalid ops struct\n");
328 return ERR_PTR(-EINVAL);
329 }
330
331 heap = kzalloc(sizeof(*heap), GFP_KERNEL);
332 if (!heap)
333 return ERR_PTR(-ENOMEM);
334
335 kref_init(&heap->refcount);
336 heap->name = exp_info->name;
337 heap->ops = exp_info->ops;
338 heap->priv = exp_info->priv;
339
340 /* Find unused minor number */
341 ret = xa_alloc(&dma_heap_minors, &minor, heap,
342 XA_LIMIT(0, NUM_HEAP_MINORS - 1), GFP_KERNEL);
343 if (ret < 0) {
344 pr_err("dma_heap: Unable to get minor number for heap\n");
345 err_ret = ERR_PTR(ret);
346 goto err0;
347 }
348
349 /* Create device */
350 heap->heap_devt = MKDEV(MAJOR(dma_heap_devt), minor);
351
352 cdev_init(&heap->heap_cdev, &dma_heap_fops);
353 ret = cdev_add(&heap->heap_cdev, heap->heap_devt, 1);
354 if (ret < 0) {
355 pr_err("dma_heap: Unable to add char device\n");
356 err_ret = ERR_PTR(ret);
357 goto err1;
358 }
359
360 heap->heap_dev = device_create(dma_heap_class,
361 NULL,
362 heap->heap_devt,
363 NULL,
364 heap->name);
365 if (IS_ERR(heap->heap_dev)) {
366 pr_err("dma_heap: Unable to create device\n");
367 err_ret = ERR_CAST(heap->heap_dev);
368 goto err2;
369 }
370
371 /* Make sure it doesn't disappear on us */
372 heap->heap_dev = get_device(heap->heap_dev);
373
374 mutex_lock(&heap_list_lock);
375 /* check the name is unique */
376 list_for_each_entry(h, &heap_list, list) {
377 if (!strcmp(h->name, exp_info->name)) {
378 mutex_unlock(&heap_list_lock);
379 pr_err("dma_heap: Already registered heap named %s\n",
380 exp_info->name);
381 err_ret = ERR_PTR(-EINVAL);
382 put_device(heap->heap_dev);
383 goto err3;
384 }
385 }
386
387 /* Add heap to the list */
388 list_add(&heap->list, &heap_list);
389 mutex_unlock(&heap_list_lock);
390
391 return heap;
392
393 err3:
394 device_destroy(dma_heap_class, heap->heap_devt);
395 err2:
396 cdev_del(&heap->heap_cdev);
397 err1:
398 xa_erase(&dma_heap_minors, minor);
399 err0:
400 kfree(heap);
401 return err_ret;
402 }
403 EXPORT_SYMBOL_GPL(dma_heap_add);
404
dma_heap_devnode(struct device * dev,umode_t * mode)405 static char *dma_heap_devnode(struct device *dev, umode_t *mode)
406 {
407 return kasprintf(GFP_KERNEL, "dma_heap/%s", dev_name(dev));
408 }
409
total_pools_kb_show(struct kobject * kobj,struct kobj_attribute * attr,char * buf)410 static ssize_t total_pools_kb_show(struct kobject *kobj,
411 struct kobj_attribute *attr, char *buf)
412 {
413 struct dma_heap *heap;
414 u64 total_pool_size = 0;
415
416 mutex_lock(&heap_list_lock);
417 list_for_each_entry(heap, &heap_list, list) {
418 if (heap->ops->get_pool_size)
419 total_pool_size += heap->ops->get_pool_size(heap);
420 }
421 mutex_unlock(&heap_list_lock);
422
423 return sysfs_emit(buf, "%llu\n", total_pool_size / 1024);
424 }
425
426 static struct kobj_attribute total_pools_kb_attr =
427 __ATTR_RO(total_pools_kb);
428
429 static struct attribute *dma_heap_sysfs_attrs[] = {
430 &total_pools_kb_attr.attr,
431 NULL,
432 };
433
434 ATTRIBUTE_GROUPS(dma_heap_sysfs);
435
436 static struct kobject *dma_heap_kobject;
437
dma_heap_sysfs_setup(void)438 static int dma_heap_sysfs_setup(void)
439 {
440 int ret;
441
442 dma_heap_kobject = kobject_create_and_add("dma_heap", kernel_kobj);
443 if (!dma_heap_kobject)
444 return -ENOMEM;
445
446 ret = sysfs_create_groups(dma_heap_kobject, dma_heap_sysfs_groups);
447 if (ret) {
448 kobject_put(dma_heap_kobject);
449 return ret;
450 }
451
452 return 0;
453 }
454
dma_heap_sysfs_teardown(void)455 static void dma_heap_sysfs_teardown(void)
456 {
457 kobject_put(dma_heap_kobject);
458 }
459
dma_heap_init(void)460 static int dma_heap_init(void)
461 {
462 int ret;
463
464 ret = dma_heap_sysfs_setup();
465 if (ret)
466 return ret;
467
468 ret = alloc_chrdev_region(&dma_heap_devt, 0, NUM_HEAP_MINORS, DEVNAME);
469 if (ret)
470 goto err_chrdev;
471
472 dma_heap_class = class_create(THIS_MODULE, DEVNAME);
473 if (IS_ERR(dma_heap_class)) {
474 ret = PTR_ERR(dma_heap_class);
475 goto err_class;
476 }
477 dma_heap_class->devnode = dma_heap_devnode;
478
479 return 0;
480
481 err_class:
482 unregister_chrdev_region(dma_heap_devt, NUM_HEAP_MINORS);
483 err_chrdev:
484 dma_heap_sysfs_teardown();
485 return ret;
486 }
487 subsys_initcall(dma_heap_init);
488