Linaro-mm-sig

linaro-mm-sig@lists.linaro.org

9 participants
3222 discussions

[PATCH AUTOSEL 6.14 03/34] udmabuf: fix a buf size overflow issue during udmabuf creation

by Sasha Levin

From: Xiaogang Chen <xiaogang.chen(a)amd.com> [ Upstream commit 021ba7f1babd029e714d13a6bf2571b08af96d0f ] by casting size_limit_mb to u64 when calculate pglimit. Signed-off-by: Xiaogang Chen<Xiaogang.Chen(a)amd.com> Link: https://patchwork.freedesktop.org/patch/msgid/20250321164126.329638-1-xiaog… Signed-off-by: Christian König <christian.koenig(a)amd.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/dma-buf/udmabuf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/dma-buf/udmabuf.c b/drivers/dma-buf/udmabuf.c index cc7398cc17d67..e74e36a8ecda2 100644 --- a/drivers/dma-buf/udmabuf.c +++ b/drivers/dma-buf/udmabuf.c @@ -393,7 +393,7 @@ static long udmabuf_create(struct miscdevice *device, if (!ubuf) return -ENOMEM; - pglimit = (size_limit_mb * 1024 * 1024) >> PAGE_SHIFT; + pglimit = ((u64)size_limit_mb * 1024 * 1024) >> PAGE_SHIFT; for (i = 0; i < head->count; i++) { pgoff_t subpgcnt; -- 2.39.5

7 months, 4 weeks

Re: [PATCH 0/3] uio/dma-buf: Give UIO users access to DMA addresses.

by Christoph Hellwig

On Mon, Apr 14, 2025 at 10:24:55AM +0200, Thomas Petazzoni wrote: > What this patch series is about is to add new user-space interface to > extend the existing UIO subsystem. Which as I explained to you is fundamentally broken and unsafe. If you need to do DMA from userspae you need to use vfio/iommufd. > I am not sure how this can work in our use-case. We have a very simple > set of IP blocks implemented in a FPGA, some of those IP blocks are > able to perform DMA operations. The register of those IP blocks are > mapped into a user-space application using the existing, accepted > upstream, UIO subsystem. Some of those registers allow to program DMA > transfers. So far, we can do all what we need, except program those DMA > transfers. Lots of people are having the same issue, and zillions of > ugly out-of-tree solutions flourish all over, and we're trying to see > if we can constructively find a solution that would be acceptable > upstream to resolve this use-case. Our platform is an old PowerPC with > no IOMMU. Then your driver design can't work and you need to replace it with a proper in-kernel driver.

7 months, 4 weeks

Re: [PATCH v7 3/4] drm/panthor: Label all kernel BO's

by Steven Price

On 11/04/2025 16:03, Adrián Larumbe wrote: > Kernel BO's aren't exposed to UM, so labelling them is the responsibility > of the driver itself. This kind of tagging will prove useful in further > commits when want to expose these objects through DebugFS. > > Expand panthor_kernel_bo_create() interface to take a NULL-terminated NIT: s/NULL/NUL/ > string. No bounds checking is done because all label strings are given > as statically-allocated literals, but if a more complex kernel BO naming > scheme with explicit memory allocation and formatting was desired in the > future, this would have to change. I'm not sure I follow why bounds-checking would be an issue for strings from the kernel. But as you state these are all literals so definitely not a problem. > > Signed-off-by: Adrián Larumbe <adrian.larumbe(a)collabora.com> > Reviewed-by: Boris Brezillon <boris.brezillon(a)collabora.com> > Reviewed-by: Liviu Dudau <liviu.dudau(a)arm.com> Reviewed-by: Steven Price <steven.price(a)arm.com> > --- > drivers/gpu/drm/panthor/panthor_fw.c | 8 +++++--- > drivers/gpu/drm/panthor/panthor_gem.c | 4 +++- > drivers/gpu/drm/panthor/panthor_gem.h | 2 +- > drivers/gpu/drm/panthor/panthor_heap.c | 6 ++++-- > drivers/gpu/drm/panthor/panthor_sched.c | 9 ++++++--- > 5 files changed, 19 insertions(+), 10 deletions(-) > > diff --git a/drivers/gpu/drm/panthor/panthor_fw.c b/drivers/gpu/drm/panthor/panthor_fw.c > index 0f52766a3120..a7fdc4d8020d 100644 > --- a/drivers/gpu/drm/panthor/panthor_fw.c > +++ b/drivers/gpu/drm/panthor/panthor_fw.c > @@ -449,7 +449,8 @@ panthor_fw_alloc_queue_iface_mem(struct panthor_device *ptdev, > DRM_PANTHOR_BO_NO_MMAP, > DRM_PANTHOR_VM_BIND_OP_MAP_NOEXEC | > DRM_PANTHOR_VM_BIND_OP_MAP_UNCACHED, > - PANTHOR_VM_KERNEL_AUTO_VA); > + PANTHOR_VM_KERNEL_AUTO_VA, > + "Queue FW interface"); > if (IS_ERR(mem)) > return mem; > > @@ -481,7 +482,8 @@ panthor_fw_alloc_suspend_buf_mem(struct panthor_device *ptdev, size_t size) > return panthor_kernel_bo_create(ptdev, panthor_fw_vm(ptdev), size, > DRM_PANTHOR_BO_NO_MMAP, > DRM_PANTHOR_VM_BIND_OP_MAP_NOEXEC, > - PANTHOR_VM_KERNEL_AUTO_VA); > + PANTHOR_VM_KERNEL_AUTO_VA, > + "FW suspend buffer"); > } > > static int panthor_fw_load_section_entry(struct panthor_device *ptdev, > @@ -601,7 +603,7 @@ static int panthor_fw_load_section_entry(struct panthor_device *ptdev, > section->mem = panthor_kernel_bo_create(ptdev, panthor_fw_vm(ptdev), > section_size, > DRM_PANTHOR_BO_NO_MMAP, > - vm_map_flags, va); > + vm_map_flags, va, "FW section"); > if (IS_ERR(section->mem)) > return PTR_ERR(section->mem); > > diff --git a/drivers/gpu/drm/panthor/panthor_gem.c b/drivers/gpu/drm/panthor/panthor_gem.c > index af0ac17f357f..3c5fc854356e 100644 > --- a/drivers/gpu/drm/panthor/panthor_gem.c > +++ b/drivers/gpu/drm/panthor/panthor_gem.c > @@ -82,7 +82,7 @@ void panthor_kernel_bo_destroy(struct panthor_kernel_bo *bo) > struct panthor_kernel_bo * > panthor_kernel_bo_create(struct panthor_device *ptdev, struct panthor_vm *vm, > size_t size, u32 bo_flags, u32 vm_map_flags, > - u64 gpu_va) > + u64 gpu_va, const char *name) > { > struct drm_gem_shmem_object *obj; > struct panthor_kernel_bo *kbo; > @@ -106,6 +106,8 @@ panthor_kernel_bo_create(struct panthor_device *ptdev, struct panthor_vm *vm, > kbo->obj = &obj->base; > bo->flags = bo_flags; > > + panthor_gem_kernel_bo_set_label(kbo, name); > + > /* The system and GPU MMU page size might differ, which becomes a > * problem for FW sections that need to be mapped at explicit address > * since our PAGE_SIZE alignment might cover a VA range that's > diff --git a/drivers/gpu/drm/panthor/panthor_gem.h b/drivers/gpu/drm/panthor/panthor_gem.h > index beba066b4974..62aea06dbc6d 100644 > --- a/drivers/gpu/drm/panthor/panthor_gem.h > +++ b/drivers/gpu/drm/panthor/panthor_gem.h > @@ -153,7 +153,7 @@ panthor_kernel_bo_vunmap(struct panthor_kernel_bo *bo) > struct panthor_kernel_bo * > panthor_kernel_bo_create(struct panthor_device *ptdev, struct panthor_vm *vm, > size_t size, u32 bo_flags, u32 vm_map_flags, > - u64 gpu_va); > + u64 gpu_va, const char *name); > > void panthor_kernel_bo_destroy(struct panthor_kernel_bo *bo); > > diff --git a/drivers/gpu/drm/panthor/panthor_heap.c b/drivers/gpu/drm/panthor/panthor_heap.c > index 3bdf61c14264..d236e9ceade4 100644 > --- a/drivers/gpu/drm/panthor/panthor_heap.c > +++ b/drivers/gpu/drm/panthor/panthor_heap.c > @@ -151,7 +151,8 @@ static int panthor_alloc_heap_chunk(struct panthor_heap_pool *pool, > chunk->bo = panthor_kernel_bo_create(pool->ptdev, pool->vm, heap->chunk_size, > DRM_PANTHOR_BO_NO_MMAP, > DRM_PANTHOR_VM_BIND_OP_MAP_NOEXEC, > - PANTHOR_VM_KERNEL_AUTO_VA); > + PANTHOR_VM_KERNEL_AUTO_VA, > + "Tiler heap chunk"); > if (IS_ERR(chunk->bo)) { > ret = PTR_ERR(chunk->bo); > goto err_free_chunk; > @@ -555,7 +556,8 @@ panthor_heap_pool_create(struct panthor_device *ptdev, struct panthor_vm *vm) > pool->gpu_contexts = panthor_kernel_bo_create(ptdev, vm, bosize, > DRM_PANTHOR_BO_NO_MMAP, > DRM_PANTHOR_VM_BIND_OP_MAP_NOEXEC, > - PANTHOR_VM_KERNEL_AUTO_VA); > + PANTHOR_VM_KERNEL_AUTO_VA, > + "Heap pool"); > if (IS_ERR(pool->gpu_contexts)) { > ret = PTR_ERR(pool->gpu_contexts); > goto err_destroy_pool; > diff --git a/drivers/gpu/drm/panthor/panthor_sched.c b/drivers/gpu/drm/panthor/panthor_sched.c > index 446ec780eb4a..43ee57728de5 100644 > --- a/drivers/gpu/drm/panthor/panthor_sched.c > +++ b/drivers/gpu/drm/panthor/panthor_sched.c > @@ -3332,7 +3332,8 @@ group_create_queue(struct panthor_group *group, > DRM_PANTHOR_BO_NO_MMAP, > DRM_PANTHOR_VM_BIND_OP_MAP_NOEXEC | > DRM_PANTHOR_VM_BIND_OP_MAP_UNCACHED, > - PANTHOR_VM_KERNEL_AUTO_VA); > + PANTHOR_VM_KERNEL_AUTO_VA, > + "CS ring buffer"); > if (IS_ERR(queue->ringbuf)) { > ret = PTR_ERR(queue->ringbuf); > goto err_free_queue; > @@ -3362,7 +3363,8 @@ group_create_queue(struct panthor_group *group, > DRM_PANTHOR_BO_NO_MMAP, > DRM_PANTHOR_VM_BIND_OP_MAP_NOEXEC | > DRM_PANTHOR_VM_BIND_OP_MAP_UNCACHED, > - PANTHOR_VM_KERNEL_AUTO_VA); > + PANTHOR_VM_KERNEL_AUTO_VA, > + "Group job stats"); > > if (IS_ERR(queue->profiling.slots)) { > ret = PTR_ERR(queue->profiling.slots); > @@ -3493,7 +3495,8 @@ int panthor_group_create(struct panthor_file *pfile, > DRM_PANTHOR_BO_NO_MMAP, > DRM_PANTHOR_VM_BIND_OP_MAP_NOEXEC | > DRM_PANTHOR_VM_BIND_OP_MAP_UNCACHED, > - PANTHOR_VM_KERNEL_AUTO_VA); > + PANTHOR_VM_KERNEL_AUTO_VA, > + "Group sync objects"); > if (IS_ERR(group->syncobjs)) { > ret = PTR_ERR(group->syncobjs); > goto err_put_group;

7 months, 4 weeks

Re: [PATCH v7 2/4] drm/panthor: Add driver IOCTL for setting BO labels

by Steven Price

On 11/04/2025 16:03, Adrián Larumbe wrote: > Allow UM to label a BO for which it possesses a DRM handle. > > Signed-off-by: Adrián Larumbe <adrian.larumbe(a)collabora.com> > Reviewed-by: Liviu Dudau <liviu.dudau(a)arm.com> > Reviewed-by: Boris Brezillon <boris.brezillon(a)collabora.com> Reviewed-by: Steven Price <steven.price(a)arm.com> Although very minor NITs below which you can consider. > --- > drivers/gpu/drm/panthor/panthor_drv.c | 42 ++++++++++++++++++++++++++- > drivers/gpu/drm/panthor/panthor_gem.h | 2 ++ > include/uapi/drm/panthor_drm.h | 23 +++++++++++++++ > 3 files changed, 66 insertions(+), 1 deletion(-) > > diff --git a/drivers/gpu/drm/panthor/panthor_drv.c b/drivers/gpu/drm/panthor/panthor_drv.c > index 06fe46e32073..983b24f1236c 100644 > --- a/drivers/gpu/drm/panthor/panthor_drv.c > +++ b/drivers/gpu/drm/panthor/panthor_drv.c > @@ -1331,6 +1331,44 @@ static int panthor_ioctl_vm_get_state(struct drm_device *ddev, void *data, > return 0; > } > > +static int panthor_ioctl_bo_set_label(struct drm_device *ddev, void *data, > + struct drm_file *file) > +{ > + struct drm_panthor_bo_set_label *args = data; > + struct drm_gem_object *obj; > + const char *label; > + int ret = 0; > + > + obj = drm_gem_object_lookup(file, args->handle); > + if (!obj) > + return -ENOENT; > + > + if (args->size && args->label) { > + if (args->size > PANTHOR_BO_LABEL_MAXLEN) { > + ret = -E2BIG; > + goto err_label; > + } > + > + label = strndup_user(u64_to_user_ptr(args->label), args->size); > + if (IS_ERR(label)) { > + ret = PTR_ERR(label); > + goto err_label; > + } > + } else if (args->size && !args->label) { > + ret = -EINVAL; > + goto err_label; > + } else { > + label = NULL; > + } > + > + panthor_gem_bo_set_label(obj, label); > + > +err_label: > + drm_gem_object_put(obj); > + > + return ret; > +} > + > static int > panthor_open(struct drm_device *ddev, struct drm_file *file) > { > @@ -1400,6 +1438,7 @@ static const struct drm_ioctl_desc panthor_drm_driver_ioctls[] = { > PANTHOR_IOCTL(TILER_HEAP_CREATE, tiler_heap_create, DRM_RENDER_ALLOW), > PANTHOR_IOCTL(TILER_HEAP_DESTROY, tiler_heap_destroy, DRM_RENDER_ALLOW), > PANTHOR_IOCTL(GROUP_SUBMIT, group_submit, DRM_RENDER_ALLOW), > + PANTHOR_IOCTL(BO_SET_LABEL, bo_set_label, DRM_RENDER_ALLOW), > }; > > static int panthor_mmap(struct file *filp, struct vm_area_struct *vma) > @@ -1509,6 +1548,7 @@ static void panthor_debugfs_init(struct drm_minor *minor) > * - 1.2 - adds DEV_QUERY_GROUP_PRIORITIES_INFO query > * - adds PANTHOR_GROUP_PRIORITY_REALTIME priority > * - 1.3 - adds DRM_PANTHOR_GROUP_STATE_INNOCENT flag > + * - 1.4 - adds DRM_IOCTL_PANTHOR_BO_SET_LABEL ioctl > */ > static const struct drm_driver panthor_drm_driver = { > .driver_features = DRIVER_RENDER | DRIVER_GEM | DRIVER_SYNCOBJ | > @@ -1522,7 +1562,7 @@ static const struct drm_driver panthor_drm_driver = { > .name = "panthor", > .desc = "Panthor DRM driver", > .major = 1, > - .minor = 3, > + .minor = 4, > > .gem_create_object = panthor_gem_create_object, > .gem_prime_import_sg_table = drm_gem_shmem_prime_import_sg_table, > diff --git a/drivers/gpu/drm/panthor/panthor_gem.h b/drivers/gpu/drm/panthor/panthor_gem.h > index af0d77338860..beba066b4974 100644 > --- a/drivers/gpu/drm/panthor/panthor_gem.h > +++ b/drivers/gpu/drm/panthor/panthor_gem.h > @@ -13,6 +13,8 @@ > > struct panthor_vm; > > +#define PANTHOR_BO_LABEL_MAXLEN PAGE_SIZE > + > /** > * struct panthor_gem_object - Driver specific GEM object. > */ > diff --git a/include/uapi/drm/panthor_drm.h b/include/uapi/drm/panthor_drm.h > index 97e2c4510e69..12b1994499a9 100644 > --- a/include/uapi/drm/panthor_drm.h > +++ b/include/uapi/drm/panthor_drm.h > @@ -127,6 +127,9 @@ enum drm_panthor_ioctl_id { > > /** @DRM_PANTHOR_TILER_HEAP_DESTROY: Destroy a tiler heap. */ > DRM_PANTHOR_TILER_HEAP_DESTROY, > + > + /** @DRM_PANTHOR_BO_SET_LABEL: Label a BO. */ > + DRM_PANTHOR_BO_SET_LABEL, > }; > > /** > @@ -977,6 +980,24 @@ struct drm_panthor_tiler_heap_destroy { > __u32 pad; > }; > > +/** > + * struct drm_panthor_bo_set_label - Arguments passed to DRM_IOCTL_PANTHOR_BO_SET_LABEL > + */ > +struct drm_panthor_bo_set_label { > + /** @handle: Handle of the buffer object to label. */ > + __u32 handle; > + > + /** > + * @size: Length of the label, including the NULL terminator. > + * > + * Cannot be greater than the OS page size. > + */ > + __u32 size; > + > + /** @label: User pointer to a NULL-terminated string */ > + __u64 label; > +}; First very minor NIT: * NULL is a pointer, i.e. (void*)0 * NUL is the ASCII code point '\0'. So it's a NUL-terminated string. Second NIT: We don't actually need 'size' - since the string is NUL-terminated we can just strndup_user(__user_pointer__, PAGE_SIZE). As things stand we validate that strlen(label) < size <= PAGE_SIZE - which is a little odd (user space might as well just pass PAGE_SIZE rather than calculate the actual length). Thanks, Steve > + > /** > * DRM_IOCTL_PANTHOR() - Build a Panthor IOCTL number > * @__access: Access type. Must be R, W or RW. > @@ -1019,6 +1040,8 @@ enum { > DRM_IOCTL_PANTHOR(WR, TILER_HEAP_CREATE, tiler_heap_create), > DRM_IOCTL_PANTHOR_TILER_HEAP_DESTROY = > DRM_IOCTL_PANTHOR(WR, TILER_HEAP_DESTROY, tiler_heap_destroy), > + DRM_IOCTL_PANTHOR_BO_SET_LABEL = > + DRM_IOCTL_PANTHOR(WR, BO_SET_LABEL, bo_set_label), > }; > > #if defined(__cplusplus)

7 months, 4 weeks

Re: [PATCH v7 1/4] drm/panthor: Introduce BO labeling

by Steven Price

Hi Adrián, On 11/04/2025 16:03, Adrián Larumbe wrote: > Add a new character string Panthor BO field, and a function that allows > setting it from within the driver. > > Driver takes care of freeing the string when it's replaced or no longer > needed at object destruction time, but allocating it is the responsibility > of callers. > > Signed-off-by: Adrián Larumbe <adrian.larumbe(a)collabora.com> > Reviewed-by: Boris Brezillon <boris.brezillon(a)collabora.com> > --- > drivers/gpu/drm/panthor/panthor_gem.c | 39 +++++++++++++++++++++++++++ > drivers/gpu/drm/panthor/panthor_gem.h | 17 ++++++++++++ > 2 files changed, 56 insertions(+) > > diff --git a/drivers/gpu/drm/panthor/panthor_gem.c b/drivers/gpu/drm/panthor/panthor_gem.c > index 8244a4e6c2a2..af0ac17f357f 100644 > --- a/drivers/gpu/drm/panthor/panthor_gem.c > +++ b/drivers/gpu/drm/panthor/panthor_gem.c > @@ -2,6 +2,7 @@ > /* Copyright 2019 Linaro, Ltd, Rob Herring <robh(a)kernel.org> */ > /* Copyright 2023 Collabora ltd. */ > > +#include <linux/cleanup.h> > #include <linux/dma-buf.h> > #include <linux/dma-mapping.h> > #include <linux/err.h> > @@ -18,6 +19,14 @@ static void panthor_gem_free_object(struct drm_gem_object *obj) > struct panthor_gem_object *bo = to_panthor_bo(obj); > struct drm_gem_object *vm_root_gem = bo->exclusive_vm_root_gem; > > + /* > + * Label might have been allocated with kstrdup_const(), > + * we need to take that into account when freeing the memory > + */ > + kfree_const(bo->label.str); > + > + mutex_destroy(&bo->label.lock); > + > drm_gem_free_mmap_offset(&bo->base.base); > mutex_destroy(&bo->gpuva_list_lock); > drm_gem_shmem_free(&bo->base); > @@ -196,6 +205,7 @@ struct drm_gem_object *panthor_gem_create_object(struct drm_device *ddev, size_t > obj->base.map_wc = !ptdev->coherent; > mutex_init(&obj->gpuva_list_lock); > drm_gem_gpuva_set_lock(&obj->base.base, &obj->gpuva_list_lock); > + mutex_init(&obj->label.lock); > > return &obj->base.base; > } > @@ -247,3 +257,32 @@ panthor_gem_create_with_handle(struct drm_file *file, > > return ret; > } > + > +void > +panthor_gem_bo_set_label(struct drm_gem_object *obj, const char *label) > +{ > + struct panthor_gem_object *bo = to_panthor_bo(obj); > + const char *old_label; > + > + scoped_guard(mutex, &bo->label.lock) { > + old_label = bo->label.str; > + bo->label.str = label; > + } > + > + kfree(old_label); Shouldn't this be kfree_const()? I suspect as things stand we can't trigger this bug but it's inconsistent. > +} > + > +void > +panthor_gem_kernel_bo_set_label(struct panthor_kernel_bo *bo, const char *label) > +{ > + const char *str; > + > + str = kstrdup_const(label, GFP_KERNEL); > + if (!str) { In the next patch you permit user space to clear the label (args->size==0) which means label==NULL and AFAICT kstrdup_const() will return NULL in this case triggering this warning. Thanks, Steve > + /* Failing to allocate memory for a label isn't a fatal condition */ > + drm_warn(bo->obj->dev, "Not enough memory to allocate BO label"); > + return; > + } > + > + panthor_gem_bo_set_label(bo->obj, str); > +} > diff --git a/drivers/gpu/drm/panthor/panthor_gem.h b/drivers/gpu/drm/panthor/panthor_gem.h > index 1a363bb814f4..af0d77338860 100644 > --- a/drivers/gpu/drm/panthor/panthor_gem.h > +++ b/drivers/gpu/drm/panthor/panthor_gem.h > @@ -46,6 +46,20 @@ struct panthor_gem_object { > > /** @flags: Combination of drm_panthor_bo_flags flags. */ > u32 flags; > + > + /** > + * @label: BO tagging fields. The label can be assigned within the > + * driver itself or through a specific IOCTL. > + */ > + struct { > + /** > + * @label.str: Pointer to NULL-terminated string, > + */ > + const char *str; > + > + /** @lock.str: Protects access to the @label.str field. */ > + struct mutex lock; > + } label; > }; > > /** > @@ -91,6 +105,9 @@ panthor_gem_create_with_handle(struct drm_file *file, > struct panthor_vm *exclusive_vm, > u64 *size, u32 flags, uint32_t *handle); > > +void panthor_gem_bo_set_label(struct drm_gem_object *obj, const char *label); > +void panthor_gem_kernel_bo_set_label(struct panthor_kernel_bo *bo, const char *label); > + > static inline u64 > panthor_kernel_bo_gpuva(struct panthor_kernel_bo *bo) > {

7 months, 4 weeks

Re: [PATCH 0/3] uio/dma-buf: Give UIO users access to DMA addresses.

by Christian König

Am 14.04.25 um 10:24 schrieb Thomas Petazzoni: > Hello Christoph, > > On Sun, 13 Apr 2025 22:55:02 -0700 > Christoph Hellwig <hch(a)infradead.org> wrote: > >> On Thu, Apr 10, 2025 at 04:53:17PM +0200, Bastien Curutchet wrote: >>> Hi all, >>> >>> Many UIO users performing DMA from their UIO device need to access the >>> DMA addresses of the allocated buffers. There are out-of-tree drivers >>> that allow to do it but nothing in the mainline. >> In which case it does not matter at all for mainline. > It is impressive how "out-of-tree" triggers kernel maintainers, and > then end up not even reading what the patch series is all about (but I > forgive you, because it triggers me in the same way). > > This patch series is NOT about adding new kernel APIs meant to be used > by out-of-tree drivers, which of course would be bad, and we would have > never proposed. > > What this patch series is about is to add new user-space interface to > extend the existing UIO subsystem. What my colleague Bastien was > mentioning about out-of-tree drivers is that there are a LOT of > out-of-tree drivers extending UIO to allow user-space applications to > do DMA, and our proposal is that considering how many people need that > and implement ugly out-of-tree drivers to solve this issue, we suggest > the mainline kernel should have a built in solution. > > Please re-read again, and realize that we are NOT adding new kernel > APIs for out-of-tree drivers. > >> FYI the proper and safe way to do DMA from userspace is to use >> vfio/iommufd. > I am not sure how this can work in our use-case. We have a very simple > set of IP blocks implemented in a FPGA, some of those IP blocks are > able to perform DMA operations. The register of those IP blocks are > mapped into a user-space application using the existing, accepted > upstream, UIO subsystem. Some of those registers allow to program DMA > transfers. So far, we can do all what we need, except program those DMA > transfers. Lots of people are having the same issue, and zillions of > ugly out-of-tree solutions flourish all over, and we're trying to see > if we can constructively find a solution that would be acceptable > upstream to resolve this use-case. Our platform is an old PowerPC with > no IOMMU. Maybe I should try to better explain the concern here. The question is "Where is the source code of your FPGA driver?". I mean that you are trying to replace the out-of-tree solution is rather welcomed, but the out-of-tree solutions are out-of-tree because they don't fit with requirements to be added to the core Linux tree. And one of those requirements is that you need to provide the source code of the userspace user of this interface, in this case here that is your FPGA driver. An MIT/X11 license is usually sufficient, GPL is of course seen as better and it must not be a toy application, but rather the real thing. And that is what people usually don't want and that's why no in-tree solution exists for this. Regards, Christian. > > Note that the safety argument doesn't hold: UIO already allows to map > registers into user-space applications, which can already program DMA > transfers to arbitrary locations in memory. The safety comes from the > fact that such UIO devices are associated with permissions that the > system administrator controls, to decide which applications are safe > enough to be granted access to those UIO devices. Therefore, providing > access through UIO of the physical address of well-defined DMA buffers > properly allocated through a sane API is not reducing the safety of > anything compared to what UIO already allows today. > > Best regards, > > Thomas

7 months, 4 weeks

Re: [PATCH 0/3] uio/dma-buf: Give UIO users access to DMA addresses.

by Christian König

Am 14.04.25 um 10:17 schrieb Thomas Petazzoni: > Hello Christian, > > On Fri, 11 Apr 2025 14:41:56 +0200 > Christian König <christian.koenig(a)amd.com> wrote: > >> But anyway please note that when you want to create new UAPI you need >> to provide an open source user of it. E.g. link to a repository or >> something similar in the covert letter should do it. > Could you clarify what is the "reference" user-space user of UIO that > exists today? I honestly don't know. I have never looked into UIO before this patch set arrived. What I mean is that the general rule to justify adding UAPI to the Linux kernel is that you need to have an open source user of that UAPI. In other words for UIO this means that you *can't* do things like exposing some kernel functionality like DMA-buf through UIO and then write a binary only driver on top of it. Regards, Christian. > > Thomas

7 months, 4 weeks

Re: [PATCH 0/3] uio/dma-buf: Give UIO users access to DMA addresses.

by Christoph Hellwig

On Thu, Apr 10, 2025 at 04:53:17PM +0200, Bastien Curutchet wrote: > Hi all, > > Many UIO users performing DMA from their UIO device need to access the > DMA addresses of the allocated buffers. There are out-of-tree drivers > that allow to do it but nothing in the mainline. In which case it does not matter at all for mainline. FYI the proper and safe way to do DMA from userspace is to use vfio/iommufd.

7 months, 4 weeks

Re: [PATCH 3/3] uio: Add UIO_DMABUF_HEAP

by Nicolas Dufresne

Hi Bastien, Le jeudi 10 avril 2025 à 16:53 +0200, Bastien Curutchet a écrit : > Some UIO users need to access DMA addresses from userspace to be able to > configure DMA done by the UIO device. Currently there is no way of doing > this. > > Add a UIO_DMABUF_HEAP Kconfig option. When selected, a dma-heap > allocator is created for every new UIO device. This allocator only > implements 4 basic operations: allocate, release, mmap and get_dma_addr. > The buffer allocation is done through dma_alloc_coherent(). This is quite redundant with the CMA heap. I believe a better design is to make UIO devices dmabuf importers. This will make your UIO dmabuf implementation a lot more useful. As for the physical addresses, everywhere you currently pass a physical address, you should be able to add ioctl to pass a DMABuf FD, or a handle to an UIO specific object (similar to buffer objects in DRM) and hide these. regards, Nicolas > > Signed-off-by: Bastien Curutchet <bastien.curutchet(a)bootlin.com> > --- > drivers/uio/Kconfig | 9 ++++ > drivers/uio/Makefile | 1 + > drivers/uio/uio.c | 4 ++ > drivers/uio/uio_heap.c | 120 +++++++++++++++++++++++++++++++++++++++++++++ > include/linux/uio_driver.h | 2 + > 5 files changed, 136 insertions(+) > > diff --git a/drivers/uio/Kconfig b/drivers/uio/Kconfig > index b060dcd7c6350191726c0830a1ae7b9a388ca4bb..2f3b1e57fceb01354b65cc4d39f342f645a238db 100644 > --- a/drivers/uio/Kconfig > +++ b/drivers/uio/Kconfig > @@ -164,4 +164,13 @@ config UIO_DFL > opae-sdk/tools/libopaeuio/ > > If you compile this as a module, it will be called uio_dfl. > + > +config UIO_DMABUF_HEAP > + bool "DMA-BUF UIO Heap" > + select DMABUF_HEAPS > + help > + Choose this option to enable DMA-BUF UIO heap. It will create a new > + heap allocator under /dev/dma_heap/ for every UIO device. This > + allocator allows userspace applications to allocate DMA buffers and > + access their DMA addresses thanks to the DMA_BUF_IOCTL_GET_DMA_HANDLE > endif > diff --git a/drivers/uio/Makefile b/drivers/uio/Makefile > index 1c5f3b5a95cf5b681a843b745a046d7ce123255d..f6696daa36567a4e5d18b1b89ba688057e758400 100644 > --- a/drivers/uio/Makefile > +++ b/drivers/uio/Makefile > @@ -11,3 +11,4 @@ obj-$(CONFIG_UIO_MF624) += uio_mf624.o > obj-$(CONFIG_UIO_FSL_ELBC_GPCM) += uio_fsl_elbc_gpcm.o > obj-$(CONFIG_UIO_HV_GENERIC) += uio_hv_generic.o > obj-$(CONFIG_UIO_DFL) += uio_dfl.o > +obj-$(CONFIG_UIO_DMABUF_HEAP) += uio_heap.o > diff --git a/drivers/uio/uio.c b/drivers/uio/uio.c > index d93ed4e86a174b5bad193a61aa522cd833fe7bb5..f31936a897805a284165cccfee3d66e96acd4b39 100644 > --- a/drivers/uio/uio.c > +++ b/drivers/uio/uio.c > @@ -1046,7 +1046,11 @@ int __uio_register_device(struct module *owner, > } > } > > +#if defined(CONFIG_UIO_DMABUF_HEAP) > + return add_uio_heap(idev); > +#else > return 0; > +#endif > > err_request_irq: > uio_dev_del_attributes(idev); > diff --git a/drivers/uio/uio_heap.c b/drivers/uio/uio_heap.c > new file mode 100644 > index 0000000000000000000000000000000000000000..2e836b503458e280babba0e0adc4f6d8344efc82 > --- /dev/null > +++ b/drivers/uio/uio_heap.c > @@ -0,0 +1,120 @@ > +// SPDX-License-Identifier: GPL-2.0 > +#include <linux/dma-buf.h> > +#include <linux/dma-heap.h> > +#include <linux/uio_driver.h> > + > +struct uio_heap { > + struct dma_heap *heap; > + struct device *dev; > +}; > + > +struct uio_heap_buffer { > + struct uio_heap *heap; > + dma_addr_t dma_addr; > + unsigned long len; > + void *vaddr; > +}; > + > +static int uio_heap_mmap(struct dma_buf *dmabuf, struct vm_area_struct *vma) > +{ > + struct uio_heap_buffer *buffer = dmabuf->priv; > + > + return dma_mmap_coherent(buffer->heap->dev, vma, buffer->vaddr, > + buffer->dma_addr, buffer->len); > +} > + > +static void uio_heap_dma_buf_release(struct dma_buf *dmabuf) > +{ > + struct uio_heap_buffer *buffer = dmabuf->priv; > + > + dma_free_coherent(buffer->heap->dev, buffer->len, buffer->vaddr, > + buffer->dma_addr); > + kfree(buffer); > +} > + > +static int uio_heap_get_dma_addr(struct dma_buf *dmabuf, u64 *addr) > +{ > + struct uio_heap_buffer *buffer = dmabuf->priv; > + > + *addr = buffer->dma_addr; > + return 0; > +} > + > +static const struct dma_buf_ops uio_heap_buf_ops = { > + .mmap = uio_heap_mmap, > + .release = uio_heap_dma_buf_release, > + .get_dma_addr = uio_heap_get_dma_addr, > +}; > + > +static struct dma_buf *uio_heap_allocate(struct dma_heap *heap, > + unsigned long len, > + u32 fd_flags, > + u64 heap_flags) > +{ > + struct uio_heap *uio_heap = dma_heap_get_drvdata(heap); > + DEFINE_DMA_BUF_EXPORT_INFO(exp_info); > + struct uio_heap_buffer *buffer; > + struct dma_buf *dmabuf; > + > + buffer = kzalloc(sizeof(*buffer), GFP_KERNEL); > + if (!buffer) > + return ERR_PTR(-ENOMEM); > + > + dma_set_coherent_mask(uio_heap->dev, DMA_BIT_MASK(32)); > + > + buffer->heap = uio_heap; > + buffer->len = len; > + buffer->vaddr = dma_alloc_coherent(uio_heap->dev, buffer->len, > + &buffer->dma_addr, GFP_KERNEL); > + if (IS_ERR(buffer->vaddr)) > + goto free_buf; > + > + exp_info.exp_name = dma_heap_get_name(heap); > + exp_info.ops = &uio_heap_buf_ops; > + exp_info.size = buffer->len; > + exp_info.flags = fd_flags; > + exp_info.priv = buffer; > + dmabuf = dma_buf_export(&exp_info); > + if (IS_ERR(dmabuf)) > + goto free_dma; > + > + return dmabuf; > + > +free_dma: > + dma_free_coherent(uio_heap->dev, buffer->len, buffer->vaddr, buffer->dma_addr); > +free_buf: > + kfree(buffer); > + > + return ERR_PTR(-ENOMEM); > +} > + > +static const struct dma_heap_ops uio_heap_ops = { > + .allocate = uio_heap_allocate, > +}; > + > +int add_uio_heap(struct uio_device *uio) > +{ > + struct dma_heap_export_info exp_info; > + struct uio_heap *uio_heap; > + > + uio_heap = kzalloc(sizeof(*uio_heap), GFP_KERNEL); > + if (!uio_heap) > + return -ENOMEM; > + > + uio_heap->dev = &uio->dev; > + > + /* Use device name as heap name */ > + exp_info.name = uio_heap->dev->kobj.name; > + exp_info.ops = &uio_heap_ops; > + exp_info.priv = uio_heap; > + > + uio_heap->heap = dma_heap_add(&exp_info); > + if (IS_ERR(uio_heap->heap)) { > + int ret = PTR_ERR(uio_heap->heap); > + > + kfree(uio_heap); > + return ret; > + } > + > + return 0; > +} > diff --git a/include/linux/uio_driver.h b/include/linux/uio_driver.h > index 18238dc8bfd356a20996ba6cd84f1ff508bbb81c..f8b774d2fa1c7de4b6af881f1e53dfa9f25b3dbf 100644 > --- a/include/linux/uio_driver.h > +++ b/include/linux/uio_driver.h > @@ -143,6 +143,8 @@ extern int __must_check > struct device *parent, > struct uio_info *info); > > +extern int add_uio_heap(struct uio_device *uio); > + > /* use a define to avoid include chaining to get THIS_MODULE */ > > /**

8 months

Re: [PATCH 2/3] dma-buf: Add DMA_BUF_IOCTL_GET_DMA_ADDR

by Nicolas Dufresne

Hi Bastien, Le jeudi 10 avril 2025 à 16:53 +0200, Bastien Curutchet a écrit : > There is no way to transmit the DMA address of a buffer to userspace. > Some UIO users need this to handle DMA from userspace. To me this API is against all safe practice we've been pushing forward and has no place in DMA_BUF API. If this is fine for the UIO subsystem to pass around physicial addresses, then make this part of the UIO device ioctl. regards, Nicolas > > Add a new dma_buf_ops operation that returns the DMA address. > Add a new ioctl to transmit this DMA address to userspace. > > Signed-off-by: Bastien Curutchet <bastien.curutchet(a)bootlin.com> > --- > drivers/dma-buf/dma-buf.c | 21 +++++++++++++++++++++ > include/linux/dma-buf.h | 1 + > include/uapi/linux/dma-buf.h | 1 + > 3 files changed, 23 insertions(+) > > diff --git a/drivers/dma-buf/dma-buf.c b/drivers/dma-buf/dma-buf.c > index > 398418bd9731ad7a3a1f12eaea6a155fa77a22fe..cbbb518981e54e50f479c3d1fcf > 6da6971f639c1 100644 > --- a/drivers/dma-buf/dma-buf.c > +++ b/drivers/dma-buf/dma-buf.c > @@ -454,6 +454,24 @@ static long dma_buf_import_sync_file(struct > dma_buf *dmabuf, > } > #endif > > +static int dma_buf_get_dma_addr(struct dma_buf *dmabuf, u64 __user > *arg) > +{ > + u64 addr; > + int ret; > + > + if (!dmabuf->ops->get_dma_addr) > + return -EINVAL; > + > + ret = dmabuf->ops->get_dma_addr(dmabuf, &addr); > + if (ret) > + return ret; > + > + if (copy_to_user(arg, &addr, sizeof(u64))) > + return -EFAULT; > + > + return 0; > +} > + > static long dma_buf_ioctl(struct file *file, > unsigned int cmd, unsigned long arg) > { > @@ -504,6 +522,9 @@ static long dma_buf_ioctl(struct file *file, > return dma_buf_import_sync_file(dmabuf, (const void > __user *)arg); > #endif > > + case DMA_BUF_IOCTL_GET_DMA_ADDR: > + return dma_buf_get_dma_addr(dmabuf, (u64 __user > *)arg); > + > default: > return -ENOTTY; > } > diff --git a/include/linux/dma-buf.h b/include/linux/dma-buf.h > index > 36216d28d8bdc01a9c9c47e27c392413f7f6c5fb..ed4bf15d3ce82e7a86323fff459 > 699a9bc8baa3b 100644 > --- a/include/linux/dma-buf.h > +++ b/include/linux/dma-buf.h > @@ -285,6 +285,7 @@ struct dma_buf_ops { > > int (*vmap)(struct dma_buf *dmabuf, struct iosys_map *map); > void (*vunmap)(struct dma_buf *dmabuf, struct iosys_map > *map); > + int (*get_dma_addr)(struct dma_buf *dmabuf, u64 *addr); > }; > > /** > diff --git a/include/uapi/linux/dma-buf.h b/include/uapi/linux/dma- > buf.h > index > 5a6fda66d9adf01438619e7e67fa69f0fec2d88d..f3aba46942042de6a2e3a4cca3e > b3f87175e29c9 100644 > --- a/include/uapi/linux/dma-buf.h > +++ b/include/uapi/linux/dma-buf.h > @@ -178,5 +178,6 @@ struct dma_buf_import_sync_file { > #define DMA_BUF_SET_NAME_B _IOW(DMA_BUF_BASE, 1, __u64) > #define DMA_BUF_IOCTL_EXPORT_SYNC_FILE _IOWR(DMA_BUF_BASE, 2, > struct dma_buf_export_sync_file) > #define DMA_BUF_IOCTL_IMPORT_SYNC_FILE _IOW(DMA_BUF_BASE, 3, struct > dma_buf_import_sync_file) > +#define DMA_BUF_IOCTL_GET_DMA_ADDR _IOR(DMA_BUF_BASE, 4, __u64 > *) > > #endif

8 months

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

Linaro-mm-sig