| blob | 6081b0146d5f21be5b1876fcb224a92742e659a7 |
1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3 * SSH packet transport layer.
4 *
5 * Copyright (C) 2019-2022 Maximilian Luz <luzmaximilian@gmail.com>
6 */
8 #include <linux/unaligned.h>
9 #include <linux/atomic.h>
10 #include <linux/error-injection.h>
11 #include <linux/jiffies.h>
12 #include <linux/kfifo.h>
13 #include <linux/kref.h>
14 #include <linux/kthread.h>
15 #include <linux/ktime.h>
16 #include <linux/limits.h>
17 #include <linux/list.h>
18 #include <linux/lockdep.h>
19 #include <linux/serdev.h>
20 #include <linux/slab.h>
21 #include <linux/spinlock.h>
22 #include <linux/workqueue.h>
24 #include <linux/surface_aggregator/serial_hub.h>
32 /*
33 * To simplify reasoning about the code below, we define a few concepts. The
34 * system below is similar to a state-machine for packets, however, there are
35 * too many states to explicitly write them down. To (somewhat) manage the
36 * states and packets we rely on flags, reference counting, and some simple
37 * concepts. State transitions are triggered by actions.
38 *
39 * >> Actions <<
40 *
41 * - submit
42 * - transmission start (process next item in queue)
43 * - transmission finished (guaranteed to never be parallel to transmission
44 * start)
45 * - ACK received
46 * - NAK received (this is equivalent to issuing re-submit for all pending
47 * packets)
48 * - timeout (this is equivalent to re-issuing a submit or canceling)
49 * - cancel (non-pending and pending)
50 *
51 * >> Data Structures, Packet Ownership, General Overview <<
52 *
53 * The code below employs two main data structures: The packet queue,
54 * containing all packets scheduled for transmission, and the set of pending
55 * packets, containing all packets awaiting an ACK.
56 *
57 * Shared ownership of a packet is controlled via reference counting. Inside
58 * the transport system are a total of five packet owners:
59 *
60 * - the packet queue,
61 * - the pending set,
62 * - the transmitter thread,
63 * - the receiver thread (via ACKing), and
64 * - the timeout work item.
65 *
66 * Normal operation is as follows: The initial reference of the packet is
67 * obtained by submitting the packet and queuing it. The receiver thread takes
68 * packets from the queue. By doing this, it does not increment the refcount
69 * but takes over the reference (removing it from the queue). If the packet is
70 * sequenced (i.e. needs to be ACKed by the client), the transmitter thread
71 * sets-up the timeout and adds the packet to the pending set before starting
72 * to transmit it. As the timeout is handled by a reaper task, no additional
73 * reference for it is needed. After the transmit is done, the reference held
74 * by the transmitter thread is dropped. If the packet is unsequenced (i.e.
75 * does not need an ACK), the packet is completed by the transmitter thread
76 * before dropping that reference.
77 *
78 * On receival of an ACK, the receiver thread removes and obtains the
79 * reference to the packet from the pending set. The receiver thread will then
80 * complete the packet and drop its reference.
81 *
82 * On receival of a NAK, the receiver thread re-submits all currently pending
83 * packets.
84 *
85 * Packet timeouts are detected by the timeout reaper. This is a task,
86 * scheduled depending on the earliest packet timeout expiration date,
87 * checking all currently pending packets if their timeout has expired. If the
88 * timeout of a packet has expired, it is re-submitted and the number of tries
89 * of this packet is incremented. If this number reaches its limit, the packet
90 * will be completed with a failure.
91 *
92 * On transmission failure (such as repeated packet timeouts), the completion
93 * callback is immediately run by on thread on which the error was detected.
94 *
95 * To ensure that a packet eventually leaves the system it is marked as
96 * "locked" directly before it is going to be completed or when it is
97 * canceled. Marking a packet as "locked" has the effect that passing and
98 * creating new references of the packet is disallowed. This means that the
99 * packet cannot be added to the queue, the pending set, and the timeout, or
100 * be picked up by the transmitter thread or receiver thread. To remove a
101 * packet from the system it has to be marked as locked and subsequently all
102 * references from the data structures (queue, pending) have to be removed.
103 * References held by threads will eventually be dropped automatically as
104 * their execution progresses.
105 *
106 * Note that the packet completion callback is, in case of success and for a
107 * sequenced packet, guaranteed to run on the receiver thread, thus providing
108 * a way to reliably identify responses to the packet. The packet completion
109 * callback is only run once and it does not indicate that the packet has
110 * fully left the system (for this, one should rely on the release method,
111 * triggered when the reference count of the packet reaches zero). In case of
112 * re-submission (and with somewhat unlikely timing), it may be possible that
113 * the packet is being re-transmitted while the completion callback runs.
114 * Completion will occur both on success and internal error, as well as when
115 * the packet is canceled.
116 *
117 * >> Flags <<
118 *
119 * Flags are used to indicate the state and progression of a packet. Some flags
120 * have stricter guarantees than other:
121 *
122 * - locked
123 * Indicates if the packet is locked. If the packet is locked, passing and/or
124 * creating additional references to the packet is forbidden. The packet thus
125 * may not be queued, dequeued, or removed or added to the pending set. Note
126 * that the packet state flags may still change (e.g. it may be marked as
127 * ACKed, transmitted, ...).
128 *
129 * - completed
130 * Indicates if the packet completion callback has been executed or is about
131 * to be executed. This flag is used to ensure that the packet completion
132 * callback is only run once.
133 *
134 * - queued
135 * Indicates if a packet is present in the submission queue or not. This flag
136 * must only be modified with the queue lock held, and must be coherent to the
137 * presence of the packet in the queue.
138 *
139 * - pending
140 * Indicates if a packet is present in the set of pending packets or not.
141 * This flag must only be modified with the pending lock held, and must be
142 * coherent to the presence of the packet in the pending set.
143 *
144 * - transmitting
145 * Indicates if the packet is currently transmitting. In case of
146 * re-transmissions, it is only safe to wait on the "transmitted" completion
147 * after this flag has been set. The completion will be set both in success
148 * and error case.
149 *
150 * - transmitted
151 * Indicates if the packet has been transmitted. This flag is not cleared by
152 * the system, thus it indicates the first transmission only.
153 *
154 * - acked
155 * Indicates if the packet has been acknowledged by the client. There are no
156 * other guarantees given. For example, the packet may still be canceled
157 * and/or the completion may be triggered an error even though this bit is
158 * set. Rely on the status provided to the completion callback instead.
159 *
160 * - canceled
161 * Indicates if the packet has been canceled from the outside. There are no
162 * other guarantees given. Specifically, the packet may be completed by
163 * another part of the system before the cancellation attempts to complete it.
164 *
165 * >> General Notes <<
166 *
167 * - To avoid deadlocks, if both queue and pending locks are required, the
168 * pending lock must be acquired before the queue lock.
169 *
170 * - The packet priority must be accessed only while holding the queue lock.
171 *
172 * - The packet timestamp must be accessed only while holding the pending
173 * lock.
174 */
176 /*
177 * SSH_PTL_MAX_PACKET_TRIES - Maximum transmission attempts for packet.
178 *
179 * Maximum number of transmission attempts per sequenced packet in case of
180 * time-outs. Must be smaller than 16. If the packet times out after this
181 * amount of tries, the packet will be completed with %-ETIMEDOUT as status
182 * code.
183 */
184 #define SSH_PTL_MAX_PACKET_TRIES 3
186 /*
187 * SSH_PTL_TX_TIMEOUT - Packet transmission timeout.
188 *
189 * Timeout in jiffies for packet transmission via the underlying serial
190 * device. If transmitting the packet takes longer than this timeout, the
191 * packet will be completed with -ETIMEDOUT. It will not be re-submitted.
192 */
193 #define SSH_PTL_TX_TIMEOUT HZ
195 /*
196 * SSH_PTL_PACKET_TIMEOUT - Packet response timeout.
197 *
198 * Timeout as ktime_t delta for ACKs. If we have not received an ACK in this
199 * time-frame after starting transmission, the packet will be re-submitted.
200 */
201 #define SSH_PTL_PACKET_TIMEOUT ms_to_ktime(1000)
203 /*
204 * SSH_PTL_PACKET_TIMEOUT_RESOLUTION - Packet timeout granularity.
205 *
206 * Time-resolution for timeouts. Should be larger than one jiffy to avoid
207 * direct re-scheduling of reaper work_struct.
208 */
209 #define SSH_PTL_PACKET_TIMEOUT_RESOLUTION ms_to_ktime(max(2000 / HZ, 50))
211 /*
212 * SSH_PTL_MAX_PENDING - Maximum number of pending packets.
213 *
214 * Maximum number of sequenced packets concurrently waiting for an ACK.
215 * Packets marked as blocking will not be transmitted while this limit is
216 * reached.
217 */
218 #define SSH_PTL_MAX_PENDING 1
220 /*
221 * SSH_PTL_RX_BUF_LEN - Evaluation-buffer size in bytes.
222 */
223 #define SSH_PTL_RX_BUF_LEN 4096
225 /*
226 * SSH_PTL_RX_FIFO_LEN - Fifo input-buffer size in bytes.
227 */
228 #define SSH_PTL_RX_FIFO_LEN 4096
230 #ifdef CONFIG_SURFACE_AGGREGATOR_ERROR_INJECTION
232 /**
233 * ssh_ptl_should_drop_ack_packet() - Error injection hook to drop ACK packets.
234 *
235 * Useful to test detection and handling of automated re-transmits by the EC.
236 * Specifically of packets that the EC considers not-ACKed but the driver
237 * already considers ACKed (due to dropped ACK). In this case, the EC
238 * re-transmits the packet-to-be-ACKed and the driver should detect it as
239 * duplicate/already handled. Note that the driver should still send an ACK
240 * for the re-transmitted packet.
241 */
243 {
245 }
248 /**
249 * ssh_ptl_should_drop_nak_packet() - Error injection hook to drop NAK packets.
250 *
251 * Useful to test/force automated (timeout-based) re-transmit by the EC.
252 * Specifically, packets that have not reached the driver completely/with valid
253 * checksums. Only useful in combination with receival of (injected) bad data.
254 */
256 {
258 }
261 /**
262 * ssh_ptl_should_drop_dsq_packet() - Error injection hook to drop sequenced
263 * data packet.
264 *
265 * Useful to test re-transmit timeout of the driver. If the data packet has not
266 * been ACKed after a certain time, the driver should re-transmit the packet up
267 * to limited number of times defined in SSH_PTL_MAX_PACKET_TRIES.
268 */
270 {
272 }
275 /**
276 * ssh_ptl_should_fail_write() - Error injection hook to make
277 * serdev_device_write() fail.
278 *
279 * Hook to simulate errors in serdev_device_write when transmitting packets.
280 */
282 {
284 }
287 /**
288 * ssh_ptl_should_corrupt_tx_data() - Error injection hook to simulate invalid
289 * data being sent to the EC.
290 *
291 * Hook to simulate corrupt/invalid data being sent from host (driver) to EC.
292 * Causes the packet data to be actively corrupted by overwriting it with
293 * pre-defined values, such that it becomes invalid, causing the EC to respond
294 * with a NAK packet. Useful to test handling of NAK packets received by the
295 * driver.
296 */
298 {
300 }
303 /**
304 * ssh_ptl_should_corrupt_rx_syn() - Error injection hook to simulate invalid
305 * data being sent by the EC.
306 *
307 * Hook to simulate invalid SYN bytes, i.e. an invalid start of messages and
308 * test handling thereof in the driver.
309 */
311 {
313 }
316 /**
317 * ssh_ptl_should_corrupt_rx_data() - Error injection hook to simulate invalid
318 * data being sent by the EC.
319 *
320 * Hook to simulate invalid data/checksum of the message frame and test handling
321 * thereof in the driver.
322 */
324 {
326 }
330 {
336 packet);
339 }
342 {
348 packet);
351 }
354 {
361 packet);
364 }
367 {
368 /* Ignore packets that don't carry any data (i.e. flush). */
384 }
385 }
389 {
400 }
403 }
406 {
407 /* Ignore packets that don't carry any data (i.e. flush). */
411 /* Only allow sequenced data packets to be modified. */
421 packet);
423 /*
424 * NB: The value 0xb3 has been chosen more or less randomly so that it
425 * doesn't have any (major) overlap with the SYN bytes (aa 55) and is
426 * non-trivial (i.e. non-zero, non-0xff).
427 */
429 }
433 {
436 /* Check if there actually is something to corrupt. */
446 }
450 {
454 /* Ignore incomplete messages, will get handled once it's complete. */
458 /* Ignore incomplete messages, part 2. */
470 /*
471 * Flip bits in first byte of payload checksum. This is basically
472 * equivalent to a payload/frame data error without us having to worry
473 * about (the, arguably pretty small, probability of) accidental
474 * checksum collisions.
475 */
477 }
482 {
484 }
490 {
492 }
495 {
496 }
500 {
501 }
505 {
506 }
511 {
518 }
520 /**
521 * ssh_packet_get() - Increment reference count of packet.
522 * @packet: The packet to increment the reference count of.
523 *
524 * Increments the reference count of the given packet. See ssh_packet_put()
525 * for the counter-part of this function.
526 *
527 * Return: Returns the packet provided as input.
528 */
530 {
534 }
537 /**
538 * ssh_packet_put() - Decrement reference count of packet.
539 * @packet: The packet to decrement the reference count of.
540 *
541 * If the reference count reaches zero, the ``release`` callback specified in
542 * the packet's &struct ssh_packet_ops, i.e. ``packet->ops->release``, will be
543 * called.
544 *
545 * See ssh_packet_get() for the counter-part of this function.
546 */
548 {
551 }
555 {
557 }
559 /**
560 * ssh_packet_init() - Initialize SSH packet.
561 * @packet: The packet to initialize.
562 * @type: Type-flags of the packet.
563 * @priority: Priority of the packet. See SSH_PACKET_PRIORITY() for details.
564 * @ops: Packet operations.
565 *
566 * Initializes the given SSH packet. Sets the transmission buffer pointer to
567 * %NULL and the transmission buffer length to zero. For data-type packets,
568 * this buffer has to be set separately via ssh_packet_set_data() before
569 * submission, and must contain a valid SSH message, i.e. frame with optional
570 * payload of any type.
571 */
574 {
589 }
593 /**
594 * ssh_ctrl_packet_cache_init() - Initialize the control packet cache.
595 */
597 {
608 }
610 /**
611 * ssh_ctrl_packet_cache_destroy() - Deinitialize the control packet cache.
612 */
614 {
617 }
619 /**
620 * ssh_ctrl_packet_alloc() - Allocate packet from control packet cache.
621 * @packet: Where the pointer to the newly allocated packet should be stored.
622 * @buffer: The buffer corresponding to this packet.
623 * @flags: Flags used for allocation.
624 *
625 * Allocates a packet and corresponding transport buffer from the control
626 * packet cache. Sets the packet's buffer reference to the allocated buffer.
627 * The packet must be freed via ssh_ctrl_packet_free(), which will also free
628 * the corresponding buffer. The corresponding buffer must not be freed
629 * separately. Intended to be used with %ssh_ptl_ctrl_packet_ops as packet
630 * operations.
631 *
632 * Return: Returns zero on success, %-ENOMEM if the allocation failed.
633 */
636 {
646 }
648 /**
649 * ssh_ctrl_packet_free() - Free packet allocated from control packet cache.
650 * @p: The packet to free.
651 */
653 {
656 }
661 };
664 ktime_t expires)
665 {
671 /* Re-adjust / schedule reaper only if it is above resolution delta. */
675 }
678 }
680 /* Must be called with queue lock held. */
682 {
688 /*
689 * Ensure that we write the priority in one go via WRITE_ONCE() so we
690 * can access it via READ_ONCE() for tracing. Note that other access
691 * is guarded by the queue lock, so no need to use READ_ONCE() there.
692 */
694 }
696 /* Must be called with queue lock held. */
698 {
704 /*
705 * We generally assume that there are less control (ACK/NAK) packets
706 * and re-submitted data packets as there are normal data packets (at
707 * least in situations in which many packets are queued; if there
708 * aren't many packets queued the decision on how to iterate should be
709 * basically irrelevant; the number of control/data packets is more or
710 * less limited via the maximum number of pending packets). Thus, when
711 * inserting a control or re-submitted data packet, (determined by
712 * their priority), we search from front to back. Normal data packets
713 * are, usually queued directly at the tail of the queue, so for those
714 * search from back to front.
715 */
723 }
731 }
732 }
733 }
736 }
738 /* Must be called with queue lock held. */
740 {
749 /* Avoid further transitions when canceling/completing. */
753 /* If this packet has already been queued, do not add it. */
761 }
764 {
772 }
775 {
783 }
789 }
792 {
797 /*
798 * Note: We can get the time for the timestamp before acquiring the
799 * lock as this is the only place we're setting it and this function
800 * is called only from the transmitter thread. Thus it is not possible
801 * to overwrite the timestamp with an outdated value below.
802 */
806 /* If we are canceling/completing this packet, do not add it. */
810 }
812 /*
813 * On re-submission, the packet has already been added the pending
814 * set. We still need to update the timestamp as the packet timeout is
815 * reset for each (re-)submission.
816 */
819 /* In case it is already pending (e.g. re-submission), do not add it. */
823 }
827 /* Arm/update timeout reaper. */
829 }
832 {
840 }
848 }
850 /* Warning: Does not check/set "completed" bit. */
852 {
860 }
863 {
864 /*
865 * A call to this function should in general be preceded by
866 * set_bit(SSH_PACKET_SF_LOCKED_BIT, &p->flags) to avoid re-adding the
867 * packet to the structures it's going to be removed from.
868 *
869 * The set_bit call does not need explicit memory barriers as the
870 * implicit barrier of the test_and_set_bit() call below ensure that the
871 * flag is visible before we actually attempt to remove the packet.
872 */
881 }
884 {
890 /* We can always process non-blocking packets. */
894 /* If we are already waiting for this packet, send it again. */
898 /* Otherwise: Check if we have the capacity to send. */
900 }
903 {
909 /*
910 * If we are canceling or completing this packet, ignore it.
911 * It's going to be removed from this queue shortly.
912 */
916 /*
917 * Packets should be ordered non-blocking/to-be-resent first.
918 * If we cannot process this packet, assume that we can't
919 * process any following packet either and abort.
920 */
924 }
926 /*
927 * We are allowed to change the state now. Remove it from the
928 * queue and mark it as being transmitted.
929 */
934 /* Ensure that state never gets zero. */
938 /*
939 * Update number of tries. This directly influences the
940 * priority in case the packet is re-submitted (e.g. via
941 * timeout/NAK). Note that all reads and writes to the
942 * priority after the first submission are guarded by the
943 * queue lock.
944 */
949 }
953 }
956 {
968 }
971 }
974 {
979 /* Transition state to "transmitted". */
981 /* Ensure that state never gets zero. */
985 /* If the packet is unsequenced, we're done: Lock and complete. */
989 }
991 /*
992 * Notify that a packet transmission has finished. In general we're only
993 * waiting for one packet (if any), so wake_up_all should be fine.
994 */
996 }
999 {
1000 /* Transmission failure: Lock the packet and try to complete it. */
1002 /* Ensure that state never gets zero. */
1011 /*
1012 * Notify that a packet transmission has finished. In general we're only
1013 * waiting for one packet (if any), so wake_up_all should be fine.
1014 */
1016 }
1019 {
1025 /*
1026 * Ensure completion is cleared before continuing to avoid lost update
1027 * problems.
1028 */
1032 }
1035 {
1039 timeout);
1042 /*
1043 * Ensure completion is cleared before continuing to avoid lost update
1044 * problems.
1045 */
1049 }
1052 {
1056 /* Note: Flush-packets don't have any data. */
1060 /* Error injection: drop packet to simulate transmission problem. */
1064 /* Error injection: simulate invalid packet data. */
1097 }
1100 {
1107 /* Try to get the next packet. */
1110 /* If no packet can be processed, we are done. */
1114 }
1116 /* Transfer and complete packet. */
1120 else
1124 }
1127 }
1129 /**
1130 * ssh_ptl_tx_wakeup_packet() - Wake up packet transmitter thread for new
1131 * packet.
1132 * @ptl: The packet transport layer.
1133 *
1134 * Wakes up the packet transmitter thread, notifying it that a new packet has
1135 * arrived and is ready for transfer. If the packet transport layer has been
1136 * shut down, calls to this function will be ignored.
1137 */
1139 {
1144 }
1146 /**
1147 * ssh_ptl_tx_start() - Start packet transmitter thread.
1148 * @ptl: The packet transport layer.
1149 *
1150 * Return: Returns zero on success, a negative error code on failure.
1151 */
1153 {
1161 }
1163 /**
1164 * ssh_ptl_tx_stop() - Stop packet transmitter thread.
1165 * @ptl: The packet transport layer.
1166 *
1167 * Return: Returns zero on success, a negative error code on failure.
1168 */
1170 {
1174 /* Tell thread to stop. */
1177 /*
1178 * Wake up thread in case it is paused. Do not use wakeup
1179 * helpers as this may be called when the shutdown bit has
1180 * already been set.
1181 */
1185 /* Finally, wait for thread to stop. */
1188 }
1191 }
1194 {
1200 /*
1201 * We generally expect packets to be in order, so first packet
1202 * to be added to pending is first to be sent, is first to be
1203 * ACKed.
1204 */
1208 /*
1209 * In case we receive an ACK while handling a transmission
1210 * error completion. The packet will be removed shortly.
1211 */
1215 }
1217 /*
1218 * Mark the packet as ACKed and remove it from pending by
1219 * removing its node and decrementing the pending counter.
1220 */
1222 /* Ensure that state never gets zero. */
1231 }
1235 }
1238 {
1242 }
1245 {
1251 /*
1252 * The packet has not been found in the set of pending
1253 * packets.
1254 */
1257 /*
1258 * The packet is pending, but we are not allowed to take
1259 * it because it has been locked.
1260 */
1262 }
1264 }
1268 /*
1269 * It is possible that the packet has been transmitted, but the state
1270 * has not been updated from "transmitting" to "transmitted" yet.
1271 * In that case, we need to wait for this transition to occur in order
1272 * to determine between success or failure.
1273 *
1274 * On transmission failure, the packet will be locked after this call.
1275 * On success, the transmitted bit will be set.
1276 */
1279 /*
1280 * The packet will already be locked in case of a transmission error or
1281 * cancellation. Let the transmitter or cancellation issuer complete the
1282 * packet.
1283 */
1290 }
1297 }
1299 /**
1300 * ssh_ptl_submit() - Submit a packet to the transport layer.
1301 * @ptl: The packet transport layer to submit the packet to.
1302 * @p: The packet to submit.
1303 *
1304 * Submits a new packet to the transport layer, queuing it to be sent. This
1305 * function should not be used for re-submission.
1306 *
1307 * Return: Returns zero on success, %-EINVAL if a packet field is invalid or
1308 * the packet has been canceled prior to submission, %-EALREADY if the packet
1309 * has already been submitted, or %-ESHUTDOWN if the packet transport layer
1310 * has been shut down.
1311 */
1313 {
1319 /* Validate packet fields. */
1325 }
1327 /*
1328 * The ptl reference only gets set on or before the first submission.
1329 * After the first submission, it has to be read-only.
1330 *
1331 * Note that ptl may already be set from upper-layer request
1332 * submission, thus we cannot expect it to be NULL.
1333 */
1349 }
1351 /*
1352 * __ssh_ptl_resubmit() - Re-submit a packet to the transport layer.
1353 * @packet: The packet to re-submit.
1354 *
1355 * Re-submits the given packet: Checks if it can be re-submitted and queues it
1356 * if it can, resetting the packet timestamp in the process. Must be called
1357 * with the pending lock held.
1358 *
1359 * Return: Returns %-ECANCELED if the packet has exceeded its number of tries,
1360 * %-EINVAL if the packet has been locked, %-EALREADY if the packet is already
1361 * on the queue, and %-ESHUTDOWN if the transmission layer has been shut down.
1362 */
1364 {
1374 /* Check if the packet is out of tries. */
1379 }
1383 /*
1384 * An error here indicates that the packet has either already
1385 * been queued, been locked, or the transport layer is being
1386 * shut down. In all cases: Ignore the error.
1387 */
1390 }
1396 }
1399 {
1403 /*
1404 * Note: We deliberately do not remove/attempt to cancel and complete
1405 * packets that are out of tires in this function. The packet will be
1406 * eventually canceled and completed by the timeout. Removing the packet
1407 * here could lead to overly eager cancellation if the packet has not
1408 * been re-transmitted yet but the tries-counter already updated (i.e
1409 * ssh_ptl_tx_next() removed the packet from the queue and updated the
1410 * counter, but re-transmission for the last try has not actually
1411 * started yet).
1412 */
1416 /* Re-queue all pending packets. */
1418 /*
1419 * Re-submission fails if the packet is out of tries, has been
1420 * locked, is already queued, or the layer is being shut down.
1421 * No need to re-schedule tx-thread in those cases.
1422 */
1425 }
1431 }
1433 /**
1434 * ssh_ptl_cancel() - Cancel a packet.
1435 * @p: The packet to cancel.
1436 *
1437 * Cancels a packet. There are no guarantees on when completion and release
1438 * callbacks will be called. This may occur during execution of this function
1439 * or may occur at any point later.
1440 *
1441 * Note that it is not guaranteed that the packet will actually be canceled if
1442 * the packet is concurrently completed by another process. The only guarantee
1443 * of this function is that the packet will be completed (with success,
1444 * failure, or cancellation) and released from the transport layer in a
1445 * reasonable time-frame.
1446 *
1447 * May be called before the packet has been submitted, in which case any later
1448 * packet submission fails.
1449 */
1451 {
1457 /*
1458 * Lock packet and commit with memory barrier. If this packet has
1459 * already been locked, it's going to be removed and completed by
1460 * another party, which should have precedence.
1461 */
1465 /*
1466 * By marking the packet as locked and employing the implicit memory
1467 * barrier of test_and_set_bit, we have guaranteed that, at this point,
1468 * the packet cannot be added to the queue any more.
1469 *
1470 * In case the packet has never been submitted, packet->ptl is NULL. If
1471 * the packet is currently being submitted, packet->ptl may be NULL or
1472 * non-NULL. Due marking the packet as locked above and committing with
1473 * the memory barrier, we have guaranteed that, if packet->ptl is NULL,
1474 * the packet will never be added to the queue. If packet->ptl is
1475 * non-NULL, we don't have any guarantees.
1476 */
1486 }
1487 }
1489 /* Must be called with pending lock held */
1491 {
1496 else
1498 }
1501 {
1513 /*
1514 * Mark reaper as "not pending". This is done before checking any
1515 * packets to avoid lost-update type problems.
1516 */
1526 /*
1527 * Check if the timeout hasn't expired yet. Find out next
1528 * expiration date to be handled after this run.
1529 */
1533 }
1539 /*
1540 * Re-submission fails if the packet is out of tries, has been
1541 * locked, is already queued, or the layer is being shut down.
1542 * No need to re-schedule tx-thread in those cases.
1543 */
1547 /* Go to next packet if this packet is not out of tries. */
1551 /* No more tries left: Cancel the packet. */
1553 /*
1554 * If someone else has locked the packet already, don't use it
1555 * and let the other party complete it.
1556 */
1560 /*
1561 * We have now marked the packet as locked. Thus it cannot be
1562 * added to the pending list again after we've removed it here.
1563 * We can therefore re-use the pending_node of this packet
1564 * temporarily.
1565 */
1571 }
1575 /* Cancel and complete the packet. */
1580 }
1582 /*
1583 * Drop the reference we've obtained by removing it from
1584 * the pending set.
1585 */
1588 }
1590 /* Ensure that reaper doesn't run again immediately. */
1597 }
1600 {
1603 /*
1604 * Ignore unsequenced packets. On some devices (notably Surface Pro 9),
1605 * unsequenced events will always be sent with SEQ=0x00. Attempting to
1606 * detect retransmission would thus just block all events.
1607 *
1608 * While sequence numbers would also allow detection of retransmitted
1609 * packets in unsequenced communication, they have only ever been used
1610 * to cover edge-cases in sequenced transmission. In particular, the
1611 * only instance of packets being retransmitted (that we are aware of)
1612 * is due to an ACK timeout. As this does not happen in unsequenced
1613 * communication, skip the retransmission check for those packets
1614 * entirely.
1615 */
1619 /*
1620 * Check if SEQ has been seen recently (i.e. packet was
1621 * re-transmitted and we should ignore it).
1622 */
1629 }
1631 /* Update list of blocked sequence IDs. */
1637 }
1642 {
1647 }
1650 {
1660 }
1671 }
1674 {
1684 }
1695 }
1698 {
1705 /* Error injection: Modify data to simulate corrupt SYN bytes. */
1708 /* Find SYN. */
1712 /*
1713 * We expect aligned.ptr == source->ptr. If this is not the
1714 * case, then aligned.ptr > source->ptr and we've encountered
1715 * some unexpected data where we'd expect the start of a new
1716 * message (i.e. the SYN sequence).
1717 *
1718 * This can happen when a CRC check for the previous message
1719 * failed and we start actively searching for the next one
1720 * (via the call to sshp_find_syn() above), or the first bytes
1721 * of a message got dropped or corrupted.
1722 *
1723 * In any case, we issue a warning, send a NAK to the EC to
1724 * request re-transmission of any data we haven't acknowledged
1725 * yet, and finally, skip everything up to the next SYN
1726 * sequence.
1727 */
1731 /*
1732 * Notes:
1733 * - This might send multiple NAKs in case the communication
1734 * starts with an invalid SYN and is broken down into multiple
1735 * pieces. This should generally be handled fine, we just
1736 * might receive duplicate data in this case, which is
1737 * detected when handling data frames.
1738 * - This path will also be executed on invalid CRCs: When an
1739 * invalid CRC is encountered, the code below will skip data
1740 * until directly after the SYN. This causes the search for
1741 * the next SYN, which is generally not placed directly after
1742 * the last one.
1743 *
1744 * Open question: Should we send this in case of invalid
1745 * payload CRCs if the frame-type is non-sequential (current
1746 * implementation) or should we drop that frame without
1747 * telling the EC?
1748 */
1750 }
1755 /* Error injection: Modify data to simulate corruption. */
1758 /* Parse and validate frame. */
1760 SSH_PTL_RX_BUF_LEN);
1779 fallthrough;
1789 }
1792 }
1795 {
1809 /* Copy from fifo to evaluation buffer. */
1817 /* Parse until we need more bytes or buffer is empty. */
1825 }
1827 /* Throw away the evaluated parts. */
1829 }
1832 }
1835 {
1837 }
1839 /**
1840 * ssh_ptl_rx_start() - Start packet transport layer receiver thread.
1841 * @ptl: The packet transport layer.
1842 *
1843 * Return: Returns zero on success, a negative error code on failure.
1844 */
1846 {
1856 }
1858 /**
1859 * ssh_ptl_rx_stop() - Stop packet transport layer receiver thread.
1860 * @ptl: The packet transport layer.
1861 *
1862 * Return: Returns zero on success, a negative error code on failure.
1863 */
1865 {
1871 }
1874 }
1876 /**
1877 * ssh_ptl_rx_rcvbuf() - Push data from lower-layer transport to the packet
1878 * layer.
1879 * @ptl: The packet transport layer.
1880 * @buf: Pointer to the data to push to the layer.
1881 * @n: Size of the data to push to the layer, in bytes.
1882 *
1883 * Pushes data from a lower-layer transport to the receiver fifo buffer of the
1884 * packet layer and notifies the receiver thread. Calls to this function are
1885 * ignored once the packet layer has been shut down.
1886 *
1887 * Return: Returns the number of bytes transferred (positive or zero) on
1888 * success. Returns %-ESHUTDOWN if the packet layer has been shut down.
1889 */
1891 {
1902 }
1904 /**
1905 * ssh_ptl_shutdown() - Shut down the packet transport layer.
1906 * @ptl: The packet transport layer.
1907 *
1908 * Shuts down the packet transport layer, removing and canceling all queued
1909 * and pending packets. Packets canceled by this operation will be completed
1910 * with %-ESHUTDOWN as status. Receiver and transmitter threads will be
1911 * stopped.
1912 *
1913 * As a result of this function, the transport layer will be marked as shut
1914 * down. Submission of packets after the transport layer has been shut down
1915 * will fail with %-ESHUTDOWN.
1916 */
1918 {
1924 /* Ensure that no new packets (including ACK/NAK) can be submitted. */
1926 /*
1927 * Ensure that the layer gets marked as shut-down before actually
1928 * stopping it. In combination with the check in ssh_ptl_queue_push(),
1929 * this guarantees that no new packets can be added and all already
1930 * queued packets are properly canceled. In combination with the check
1931 * in ssh_ptl_rx_rcvbuf(), this guarantees that received data is
1932 * properly cut off.
1933 */
1946 /*
1947 * At this point, all threads have been stopped. This means that the
1948 * only references to packets from inside the system are in the queue
1949 * and pending set.
1950 *
1951 * Note: We still need locks here because someone could still be
1952 * canceling packets.
1953 *
1954 * Note 2: We can re-use queue_node (or pending_node) if we mark the
1955 * packet as locked an then remove it from the queue (or pending set
1956 * respectively). Marking the packet as locked avoids re-queuing
1957 * (which should already be prevented by having stopped the treads...)
1958 * and not setting QUEUED_BIT (or PENDING_BIT) prevents removal from a
1959 * new list via other threads (e.g. cancellation).
1960 *
1961 * Note 3: There may be overlap between complete_p and complete_q.
1962 * This is handled via test_and_set_bit() on the "completed" flag
1963 * (also handles cancellation).
1964 */
1966 /* Mark queued packets as locked and move them to complete_q. */
1970 /* Ensure that state does not get zero. */
1975 }
1978 /* Mark pending packets as locked and move them to complete_p. */
1982 /* Ensure that state does not get zero. */
1987 }
1991 /* Complete and drop packets on complete_q. */
1997 }
1999 /* Complete and drop packets on complete_p. */
2005 }
2007 /*
2008 * At this point we have guaranteed that the system doesn't reference
2009 * any packets any more.
2010 */
2011 }
2013 /**
2014 * ssh_ptl_init() - Initialize packet transport layer.
2015 * @ptl: The packet transport layer to initialize.
2016 * @serdev: The underlying serial device, i.e. the lower-level transport.
2017 * @ops: Packet layer operations.
2018 *
2019 * Initializes the given packet transport layer. Transmitter and receiver
2020 * threads must be started separately via ssh_ptl_tx_start() and
2021 * ssh_ptl_rx_start(), after the packet-layer has been initialized and the
2022 * lower-level transport layer has been set up.
2023 *
2024 * Return: Returns zero on success and a nonzero error code on failure.
2025 */
2028 {
2057 /* Initialize list of recent/blocked SEQs with invalid sequence IDs. */
2071 }
2073 /**
2074 * ssh_ptl_destroy() - Deinitialize packet transport layer.
2075 * @ptl: The packet transport layer to deinitialize.
2076 *
2077 * Deinitializes the given packet transport layer and frees resources
2078 * associated with it. If receiver and/or transmitter threads have been
2079 * started, the layer must first be shut down via ssh_ptl_shutdown() before
2080 * this function can be called.
2081 */
2083 {
2086 }