3 * Copyright (C) 2011 Google, Inc.
5 * This software is licensed under the terms of the GNU General Public
6 * License version 2, as published by the Free Software Foundation, and
7 * may be copied, distributed, and modified under those terms.
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
16 #include <linux/kernel.h>
17 #include <linux/file.h>
19 #include <linux/uaccess.h>
23 #include "compat_ion.h"
26 struct ion_fd_data fd;
27 struct ion_allocation_data allocation;
28 struct ion_handle_data handle;
29 struct ion_custom_data custom;
30 struct ion_heap_query query;
33 static int validate_ioctl_arg(unsigned int cmd, union ion_ioctl_arg *arg)
38 case ION_IOC_HEAP_QUERY:
39 ret = arg->query.reserved0 != 0;
40 ret |= arg->query.reserved1 != 0;
41 ret |= arg->query.reserved2 != 0;
47 return ret ? -EINVAL : 0;
50 /* fix up the cases where the ioctl direction bits are incorrect */
51 static unsigned int ion_ioctl_dir(unsigned int cmd)
63 long ion_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
65 struct ion_client *client = filp->private_data;
66 struct ion_device *dev = client->dev;
67 struct ion_handle *cleanup_handle = NULL;
70 union ion_ioctl_arg data;
72 dir = ion_ioctl_dir(cmd);
74 if (_IOC_SIZE(cmd) > sizeof(data))
78 * The copy_from_user is unconditional here for both read and write
79 * to do the validate. If there is no write for the ioctl, the
82 if (copy_from_user(&data, (void __user *)arg, _IOC_SIZE(cmd)))
85 ret = validate_ioctl_arg(cmd, &data);
86 if (WARN_ON_ONCE(ret))
89 if (!(dir & _IOC_WRITE))
90 memset(&data, 0, sizeof(data));
95 struct ion_handle *handle;
97 handle = ion_alloc(client, data.allocation.len,
98 data.allocation.align,
99 data.allocation.heap_id_mask,
100 data.allocation.flags);
102 return PTR_ERR(handle);
104 data.allocation.handle = handle->id;
106 cleanup_handle = handle;
111 struct ion_handle *handle;
113 mutex_lock(&client->lock);
114 handle = ion_handle_get_by_id_nolock(client,
116 if (IS_ERR(handle)) {
117 mutex_unlock(&client->lock);
118 return PTR_ERR(handle);
120 ion_free_nolock(client, handle);
121 ion_handle_put_nolock(handle);
122 mutex_unlock(&client->lock);
128 struct ion_handle *handle;
130 handle = ion_handle_get_by_id(client, data.handle.handle);
132 return PTR_ERR(handle);
133 data.fd.fd = ion_share_dma_buf_fd(client, handle);
134 ion_handle_put(handle);
141 struct ion_handle *handle;
143 handle = ion_import_dma_buf_fd(client, data.fd.fd);
145 ret = PTR_ERR(handle);
147 data.handle.handle = handle->id;
152 ret = ion_sync_for_device(client, data.fd.fd);
157 if (!dev->custom_ioctl)
159 ret = dev->custom_ioctl(client, data.custom.cmd,
163 case ION_IOC_HEAP_QUERY:
164 ret = ion_query_heaps(client, &data.query);
170 if (dir & _IOC_READ) {
171 if (copy_to_user((void __user *)arg, &data, _IOC_SIZE(cmd))) {
173 ion_free(client, cleanup_handle);