Search code examples
linuxmemorylinux-kernelallocchardev

mmap more than one buffer in kernel is crashing please help (using dma_mmap_coherent)


I'm developing a Linux kernel module that allocates more than one buffer per char device and then the user-space application maps those buffers to the user-space. My character device class has around ten or more buffers and on open time I allocate those buffers with 0x8000 size each. The problem I'm having is when mmap these buffer to a user-space pointer. i can map only one buffer but when i try to allocate the second it just crashes. I'm not too familiar with the dma_mmap_coherent can someone please help me figure out this issue.

below is some code information:

// my memory type struct

typedef struct
{
    unsigned int *  uaddr;
    unsigned int *  kaddr;
    unsigned long   paddr;
    unsigned int    size;
    unsigned int    index;
    dma_addr_t      handle;
}memory_handle_t

// Buffer allocations in kernel (IOCTL call)

static int allocate__memory_ioctl(struct file *pfile, void __user *uaddr)
{
    struct myClass *my_class = (struct my_class *)pfile->private_data;
    memory_handle_t  minfo;
    int idx = -1;

    if ((idx = find_handle(my_class , NULL)) == -1) {
        printk(KERN_INFO "cannot find a free slot.\n");
        return -EACCES;
    }

    if (copy_from_user(&minfo, uaddr, sizeof(memory_handle_t))) {
        printk(KERN_INFO "CANNOT COPY FROM USER POINTER. \n");
        return -EACCES;
    }

    my_class->_memory[idx].size   = minfo.size;
    my_class->_memory[idx].kaddr  = minfo.kaddr = dma_alloc_coherent(my_class->dma_device_p,
                                                                    my_class->_memory[idx].size,
                                                                    &my_class->_memory[idx].handle,
                                                                    GFP_KERNEL);

    if (my_class->_memory[idx].kaddr == NULL) {
        printk(KERN_INFO "Dma memory allocation failed!\n");
        my_class->_memory[idx].size = 0;
        my_class->_memory[idx].kaddr = NULL;
        return -1;
    } else {
        my_class->_memory[idx].paddr = minfo.paddr = virt_to_phys(my_class->_memory[idx].kaddr);
    }

    minfo.index = idx; /* Pass the index to user so he can use it to map */

    if (copy_to_user(uaddr, &minfo, sizeof(memory_handle_t))) {
        printk(KERN_INFO "CANNOT COPY TO THE USER POINTER. \n");
        return -EFAULT;
    }

    return 0;
}

// MMAP

    #define DMA_MAPPING (1 << 7)
    static int c_mmap(struct file *pfile, struct vm_area_struct *vma)
        {
            struct myClass *my_class= (struct myClass *)pfile->private_data;
        
            unsigned int idx = (vma->vm_pgoff & ~DMA_MAPPING) & 0xff; /* We are using the offset for index! */
        
            if ((vma->vm_end - vma->vm_start) > my_class->_memory[idx].size) {
                printk(KERN_ALERT "MMAP FAILED, SIZE MISMATCH. \n");
                return -EINVAL;
            }
        
            vma->vm_flags    |= VM_IO;
            vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot);
        
            return dma_mmap_coherent(my_class->dma_device_p, vma, my_class->_memory[idx].kaddr,
 my_class->_memory[idx].handle, my_class->_memory[idx].size);
        
        }

// USER-SPACE Application

    _fd = open(dev_name.c_str(), O_RDWR);
    if (_fd < 1) {
            printf("Unable to open device file");
            exit(EXIT_FAILURE);
        }

// start allocation and mmap

    size_t     _page_sz = sysconf(_SC_PAGESIZE);
        unsigned int size = TEST_SIZE;
    
        for(int idx=0;idx<11;idx++){
            dma_memory_handle_t dh;
            _mems[idx].size = dh.size = size;
    
            int ret = ioctl(_fd, IOCTL_ALLOC_DMA_MEMORY, &dh);
    
            if  (ret < 0)
            {
                std::cerr << "memory allocation failed!";
                perror("memory allocation failed! ");
                throw(std::exception());
            }
    
            int index =  dh.index;
    // fails after the first iteration
            **unsigned int *addr = (unsigned int *) mmap(0, size, PROT_READ | PROT_WRITE, MAP_SHARED, _fd, index*_page_sz);**
    
            if (addr == MAP_FAILED)
            {
                std::cerr << "memory map failed!";
                perror("memory map failed! ");
                throw(std::exception());
            }
    
            _mems[idx].uaddr   = addr;
            _mems[idx].index   = dh.index;
            _mems[idx].paddr   = dh.paddr;
            _mems[idx].kaddr   = dh.kaddr;
        }

Solution

  • Thanks, I was able to fix the problem by clearing the vma->vm_pgoff after indicating the index for my buffer.