Linux kernel device driver to DMA from a device into user-space memory

I'm actually working on exactly the same thing right now and I'm going the ioctl() route. The general idea is for user space to allocate the buffer which will be used for the DMA transfer and an ioctl() will be used to pass the size and address of this buffer to the device driver. The driver will then use scatter-gather lists along with the streaming DMA API to transfer data directly to and from the device and user-space buffer.

The implementation strategy I'm using is that the ioctl() in the driver enters a loop that DMA's the userspace buffer in chunks of 256k (which is the hardware imposed limit for how many scatter/gather entries it can handle). This is isolated inside a function that blocks until each transfer is complete (see below). When all bytes are transfered or the incremental transfer function returns an error the ioctl() exits and returns to userspace

Pseudo code for the ioctl()

/*serialize all DMA transfers to/from the device*/if (mutex_lock_interruptible( &device_ptr->mtx ) )    return -EINTR;chunk_data = (unsigned long) user_space_addr;while( *transferred < total_bytes && !ret ) {    chunk_bytes = total_bytes - *transferred;    if (chunk_bytes > HW_DMA_MAX)        chunk_bytes = HW_DMA_MAX; /* 256kb limit imposed by my device */    ret = transfer_chunk(device_ptr, chunk_data, chunk_bytes, transferred);    chunk_data += chunk_bytes;    chunk_offset += chunk_bytes;}mutex_unlock(&device_ptr->mtx);

Pseudo code for incremental transfer function:

/*Assuming the userspace pointer is passed as an unsigned long, *//*calculate the first,last, and number of pages being transferred via*/first_page = (udata & PAGE_MASK) >> PAGE_SHIFT;last_page = ((udata+nbytes-1) & PAGE_MASK) >> PAGE_SHIFT;first_page_offset = udata & PAGE_MASK;npages = last_page - first_page + 1;/* Ensure that all userspace pages are locked in memory for the *//* duration of the DMA transfer */down_read(&current->mm->mmap_sem);ret = get_user_pages(current,                     current->mm,                     udata,                     npages,                     is_writing_to_userspace,                     0,                     &pages_array,                     NULL);up_read(&current->mm->mmap_sem);/* Map a scatter-gather list to point at the userspace pages *//*first*/sg_set_page(&sglist[0], pages_array[0], PAGE_SIZE - fp_offset, fp_offset);/*middle*/for(i=1; i < npages-1; i++)    sg_set_page(&sglist[i], pages_array[i], PAGE_SIZE, 0);/*last*/if (npages > 1) {    sg_set_page(&sglist[npages-1], pages_array[npages-1],        nbytes - (PAGE_SIZE - fp_offset) - ((npages-2)*PAGE_SIZE), 0);}/* Do the hardware specific thing to give it the scatter-gather list   and tell it to start the DMA transfer *//* Wait for the DMA transfer to complete */ret = wait_event_interruptible_timeout( &device_ptr->dma_wait,          &device_ptr->flag_dma_done, HZ*2 );if (ret == 0)    /* DMA operation timed out */else if (ret == -ERESTARTSYS )    /* DMA operation interrupted by signal */else {    /* DMA success */    *transferred += nbytes;    return 0;}

The interrupt handler is exceptionally brief:

/* Do hardware specific thing to make the device happy *//* Wake the thread waiting for this DMA operation to complete */device_ptr->flag_dma_done = 1;wake_up_interruptible(device_ptr->dma_wait);

Please note that this is just a general approach, I've been working on this driver for the last few weeks and have yet to actually test it... So please, don't treat this pseudo code as gospel and be sure to double check all logic and parameters ;-).

You basically have the right idea: in 2.1, you can just have userspace allocate any old memory. You do want it page-aligned, so posix_memalign() is a handy API to use.

Then have userspace pass in the userspace virtual address and size of this buffer somehow; ioctl() is a good quick and dirty way to do this. In the kernel, allocate an appropriately sized buffer array of struct page* -- user_buf_size/PAGE_SIZE entries -- and use get_user_pages() to get a list of struct page* for the userspace buffer.

Once you have that, you can allocate an array of struct scatterlist that is the same size as your page array and loop through the list of pages doing sg_set_page(). After the sg list is set up, you do dma_map_sg() on the array of scatterlist and then you can get the sg_dma_address and sg_dma_len for each entry in the scatterlist (note you have to use the return value of dma_map_sg() because you may end up with fewer mapped entries because things might get merged by the DMA mapping code).

That gives you all the bus addresses to pass to your device, and then you can trigger the DMA and wait for it however you want. The read()-based scheme you have is probably fine.

You can refer to drivers/infiniband/core/umem.c, specifically ib_umem_get(), for some code that builds up this mapping, although the generality that that code needs to deal with may make it a bit confusing.

Alternatively, if your device doesn't handle scatter/gather lists too well and you want contiguous memory, you could use get_free_pages() to allocate a physically contiguous buffer and use dma_map_page() on that. To give userspace access to that memory, your driver just needs to implement an mmap method instead of the ioctl as described above.

At some point I wanted to allow user-space application to allocate DMA buffers and get it mapped to user-space and get the physical address to be able to control my device and do DMA transactions (bus mastering) entirely from user-space, totally bypassing the Linux kernel. I have used a little bit different approach though. First I started with a minimal kernel module that was initializing/probing PCIe device and creating a character device. That driver then allowed a user-space application to do two things:

1. Map PCIe device's I/O bar into user-space using remap_pfn_range() function.
2. Allocate and free DMA buffers, map them to user space and pass a physical bus address to user-space application.

Basically, it boils down to a custom implementation of mmap() call (though file_operations). One for I/O bar is easy:

struct vm_operations_struct a2gx_bar_vma_ops = {};static int a2gx_cdev_mmap_bar2(struct file *filp, struct vm_area_struct *vma){    struct a2gx_dev *dev;    size_t size;    size = vma->vm_end - vma->vm_start;    if (size != 134217728)        return -EIO;    dev = filp->private_data;    vma->vm_ops = &a2gx_bar_vma_ops;    vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot);    vma->vm_private_data = dev;    if (remap_pfn_range(vma, vma->vm_start,                        vmalloc_to_pfn(dev->bar2),                        size, vma->vm_page_prot))    {        return -EAGAIN;    }    return 0;}

And another one that allocates DMA buffers using pci_alloc_consistent() is a little bit more complicated:

static void a2gx_dma_vma_close(struct vm_area_struct *vma){    struct a2gx_dma_buf *buf;    struct a2gx_dev *dev;    buf = vma->vm_private_data;    dev = buf->priv_data;    pci_free_consistent(dev->pci_dev, buf->size, buf->cpu_addr, buf->dma_addr);    buf->cpu_addr = NULL; /* Mark this buffer data structure as unused/free */}struct vm_operations_struct a2gx_dma_vma_ops = {    .close = a2gx_dma_vma_close};static int a2gx_cdev_mmap_dma(struct file *filp, struct vm_area_struct *vma){    struct a2gx_dev *dev;    struct a2gx_dma_buf *buf;    size_t size;    unsigned int i;    /* Obtain a pointer to our device structure and calculate the size       of the requested DMA buffer */    dev = filp->private_data;    size = vma->vm_end - vma->vm_start;    if (size < sizeof(unsigned long))        return -EINVAL; /* Something fishy is happening */    /* Find a structure where we can store extra information about this       buffer to be able to release it later. */    for (i = 0; i < A2GX_DMA_BUF_MAX; ++i) {        buf = &dev->dma_buf[i];        if (buf->cpu_addr == NULL)            break;    }    if (buf->cpu_addr != NULL)        return -ENOBUFS; /* Oops, hit the limit of allowed number of                            allocated buffers. Change A2GX_DMA_BUF_MAX and                            recompile? */    /* Allocate consistent memory that can be used for DMA transactions */    buf->cpu_addr = pci_alloc_consistent(dev->pci_dev, size, &buf->dma_addr);    if (buf->cpu_addr == NULL)        return -ENOMEM; /* Out of juice */    /* There is no way to pass extra information to the user. And I am too lazy       to implement this mmap() call using ioctl(). So we simply tell the user       the bus address of this buffer by copying it to the allocated buffer       itself. Hacks, hacks everywhere. */    memcpy(buf->cpu_addr, &buf->dma_addr, sizeof(buf->dma_addr));    buf->size = size;    buf->priv_data = dev;    vma->vm_ops = &a2gx_dma_vma_ops;    vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot);    vma->vm_private_data = buf;    /*     * Map this DMA buffer into user space.     */    if (remap_pfn_range(vma, vma->vm_start,                        vmalloc_to_pfn(buf->cpu_addr),                        size, vma->vm_page_prot))    {        /* Out of luck, rollback... */        pci_free_consistent(dev->pci_dev, buf->size, buf->cpu_addr,                            buf->dma_addr);        buf->cpu_addr = NULL;        return -EAGAIN;    }    return 0; /* All good! */}

Once those are in place, user space application can pretty much do everything — control the device by reading/writing from/to I/O registers, allocate and free DMA buffers of arbitrary size, and have the device perform DMA transactions. The only missing part is interrupt-handling. I was doing polling in user space, burning my CPU, and had interrupts disabled.

Hope it helps. Good Luck!