search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
packet: avoid out of bounds read in round robin fanout
[linux/fpc-iii.git] / drivers / rpmsg / virtio_rpmsg_bus.c
blob73354ee278771ac0be6fc9fcaa40b96f9964bc9b
1 /*
2 * Virtio-based remote processor messaging bus
3 *
4 * Copyright (C) 2011 Texas Instruments, Inc.
5 * Copyright (C) 2011 Google, Inc.
6 *
7 * Ohad Ben-Cohen <ohad@wizery.com>
8 * Brian Swetland <swetland@google.com>
9 *
10 * This software is licensed under the terms of the GNU General Public
11 * License version 2, as published by the Free Software Foundation, and
12 * may be copied, distributed, and modified under those terms.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 */
19
20 #define pr_fmt(fmt) "%s: " fmt, __func__
21
22 #include <linux/kernel.h>
23 #include <linux/module.h>
24 #include <linux/virtio.h>
25 #include <linux/virtio_ids.h>
26 #include <linux/virtio_config.h>
27 #include <linux/scatterlist.h>
28 #include <linux/dma-mapping.h>
29 #include <linux/slab.h>
30 #include <linux/idr.h>
31 #include <linux/jiffies.h>
32 #include <linux/sched.h>
33 #include <linux/wait.h>
34 #include <linux/rpmsg.h>
35 #include <linux/mutex.h>
36
37 /**
38 * struct virtproc_info - virtual remote processor state
39 * @vdev: the virtio device
40 * @rvq: rx virtqueue
41 * @svq: tx virtqueue
42 * @rbufs: kernel address of rx buffers
43 * @sbufs: kernel address of tx buffers
44 * @num_bufs: total number of buffers for rx and tx
45 * @last_sbuf: index of last tx buffer used
46 * @bufs_dma: dma base addr of the buffers
47 * @tx_lock: protects svq, sbufs and sleepers, to allow concurrent senders.
48 * sending a message might require waking up a dozing remote
49 * processor, which involves sleeping, hence the mutex.
50 * @endpoints: idr of local endpoints, allows fast retrieval
51 * @endpoints_lock: lock of the endpoints set
52 * @sendq: wait queue of sending contexts waiting for a tx buffers
53 * @sleepers: number of senders that are waiting for a tx buffer
54 * @ns_ept: the bus's name service endpoint
55 *
56 * This structure stores the rpmsg state of a given virtio remote processor
57 * device (there might be several virtio proc devices for each physical
58 * remote processor).
59 */
60 struct virtproc_info {
61 struct virtio_device *vdev;
62 struct virtqueue *rvq, *svq;
63 void *rbufs, *sbufs;
64 unsigned int num_bufs;
65 int last_sbuf;
66 dma_addr_t bufs_dma;
67 struct mutex tx_lock;
68 struct idr endpoints;
69 struct mutex endpoints_lock;
70 wait_queue_head_t sendq;
71 atomic_t sleepers;
72 struct rpmsg_endpoint *ns_ept;
73 };
74
75 /**
76 * struct rpmsg_channel_info - internal channel info representation
77 * @name: name of service
78 * @src: local address
79 * @dst: destination address
80 */
81 struct rpmsg_channel_info {
82 char name[RPMSG_NAME_SIZE];
83 u32 src;
84 u32 dst;
85 };
86
87 #define to_rpmsg_channel(d) container_of(d, struct rpmsg_channel, dev)
88 #define to_rpmsg_driver(d) container_of(d, struct rpmsg_driver, drv)
89
90 /*
91 * We're allocating buffers of 512 bytes each for communications. The
92 * number of buffers will be computed from the number of buffers supported
93 * by the vring, upto a maximum of 512 buffers (256 in each direction).
94 *
95 * Each buffer will have 16 bytes for the msg header and 496 bytes for
96 * the payload.
97 *
98 * This will utilize a maximum total space of 256KB for the buffers.
99 *
100 * We might also want to add support for user-provided buffers in time.
101 * This will allow bigger buffer size flexibility, and can also be used
102 * to achieve zero-copy messaging.
103 *
104 * Note that these numbers are purely a decision of this driver - we
105 * can change this without changing anything in the firmware of the remote
106 * processor.
107 */
108 #define MAX_RPMSG_NUM_BUFS (512)
109 #define RPMSG_BUF_SIZE (512)
110
111 /*
112 * Local addresses are dynamically allocated on-demand.
113 * We do not dynamically assign addresses from the low 1024 range,
114 * in order to reserve that address range for predefined services.
115 */
116 #define RPMSG_RESERVED_ADDRESSES (1024)
117
118 /* Address 53 is reserved for advertising remote services */
119 #define RPMSG_NS_ADDR (53)
120
121 /* sysfs show configuration fields */
122 #define rpmsg_show_attr(field, path, format_string) \
123 static ssize_t \
124 field##_show(struct device *dev, \
125 struct device_attribute *attr, char *buf) \
126 { \
127 struct rpmsg_channel *rpdev = to_rpmsg_channel(dev); \
128 \
129 return sprintf(buf, format_string, rpdev->path); \
130 }
131
132 /* for more info, see Documentation/ABI/testing/sysfs-bus-rpmsg */
133 rpmsg_show_attr(name, id.name, "%s\n");
134 rpmsg_show_attr(src, src, "0x%x\n");
135 rpmsg_show_attr(dst, dst, "0x%x\n");
136 rpmsg_show_attr(announce, announce ? "true" : "false", "%s\n");
137
138 /*
139 * Unique (and free running) index for rpmsg devices.
140 *
141 * Yeah, we're not recycling those numbers (yet?). will be easy
142 * to change if/when we want to.
143 */
144 static unsigned int rpmsg_dev_index;
145
146 static ssize_t modalias_show(struct device *dev,
147 struct device_attribute *attr, char *buf)
148 {
149 struct rpmsg_channel *rpdev = to_rpmsg_channel(dev);
150
151 return sprintf(buf, RPMSG_DEVICE_MODALIAS_FMT "\n", rpdev->id.name);
152 }
153
154 static struct device_attribute rpmsg_dev_attrs[] = {
155 __ATTR_RO(name),
156 __ATTR_RO(modalias),
157 __ATTR_RO(dst),
158 __ATTR_RO(src),
159 __ATTR_RO(announce),
160 __ATTR_NULL
161 };
162
163 /* rpmsg devices and drivers are matched using the service name */
164 static inline int rpmsg_id_match(const struct rpmsg_channel *rpdev,
165 const struct rpmsg_device_id *id)
166 {
167 return strncmp(id->name, rpdev->id.name, RPMSG_NAME_SIZE) == 0;
168 }
169
170 /* match rpmsg channel and rpmsg driver */
171 static int rpmsg_dev_match(struct device *dev, struct device_driver *drv)
172 {
173 struct rpmsg_channel *rpdev = to_rpmsg_channel(dev);
174 struct rpmsg_driver *rpdrv = to_rpmsg_driver(drv);
175 const struct rpmsg_device_id *ids = rpdrv->id_table;
176 unsigned int i;
177
178 for (i = 0; ids[i].name[0]; i++)
179 if (rpmsg_id_match(rpdev, &ids[i]))
180 return 1;
181
182 return 0;
183 }
184
185 static int rpmsg_uevent(struct device *dev, struct kobj_uevent_env *env)
186 {
187 struct rpmsg_channel *rpdev = to_rpmsg_channel(dev);
188
189 return add_uevent_var(env, "MODALIAS=" RPMSG_DEVICE_MODALIAS_FMT,
190 rpdev->id.name);
191 }
192
193 /**
194 * __ept_release() - deallocate an rpmsg endpoint
195 * @kref: the ept's reference count
196 *
197 * This function deallocates an ept, and is invoked when its @kref refcount
198 * drops to zero.
199 *
200 * Never invoke this function directly!
201 */
202 static void __ept_release(struct kref *kref)
203 {
204 struct rpmsg_endpoint *ept = container_of(kref, struct rpmsg_endpoint,
205 refcount);
206 /*
207 * At this point no one holds a reference to ept anymore,
208 * so we can directly free it
209 */
210 kfree(ept);
211 }
212
213 /* for more info, see below documentation of rpmsg_create_ept() */
214 static struct rpmsg_endpoint *__rpmsg_create_ept(struct virtproc_info *vrp,
215 struct rpmsg_channel *rpdev, rpmsg_rx_cb_t cb,
216 void *priv, u32 addr)
217 {
218 int id_min, id_max, id;
219 struct rpmsg_endpoint *ept;
220 struct device *dev = rpdev ? &rpdev->dev : &vrp->vdev->dev;
221
222 ept = kzalloc(sizeof(*ept), GFP_KERNEL);
223 if (!ept) {
224 dev_err(dev, "failed to kzalloc a new ept\n");
225 return NULL;
226 }
227
228 kref_init(&ept->refcount);
229 mutex_init(&ept->cb_lock);
230
231 ept->rpdev = rpdev;
232 ept->cb = cb;
233 ept->priv = priv;
234
235 /* do we need to allocate a local address ? */
236 if (addr == RPMSG_ADDR_ANY) {
237 id_min = RPMSG_RESERVED_ADDRESSES;
238 id_max = 0;
239 } else {
240 id_min = addr;
241 id_max = addr + 1;
242 }
243
244 mutex_lock(&vrp->endpoints_lock);
245
246 /* bind the endpoint to an rpmsg address (and allocate one if needed) */
247 id = idr_alloc(&vrp->endpoints, ept, id_min, id_max, GFP_KERNEL);
248 if (id < 0) {
249 dev_err(dev, "idr_alloc failed: %d\n", id);
250 goto free_ept;
251 }
252 ept->addr = id;
253
254 mutex_unlock(&vrp->endpoints_lock);
255
256 return ept;
257
258 free_ept:
259 mutex_unlock(&vrp->endpoints_lock);
260 kref_put(&ept->refcount, __ept_release);
261 return NULL;
262 }
263
264 /**
265 * rpmsg_create_ept() - create a new rpmsg_endpoint
266 * @rpdev: rpmsg channel device
267 * @cb: rx callback handler
268 * @priv: private data for the driver's use
269 * @addr: local rpmsg address to bind with @cb
270 *
271 * Every rpmsg address in the system is bound to an rx callback (so when
272 * inbound messages arrive, they are dispatched by the rpmsg bus using the
273 * appropriate callback handler) by means of an rpmsg_endpoint struct.
274 *
275 * This function allows drivers to create such an endpoint, and by that,
276 * bind a callback, and possibly some private data too, to an rpmsg address
277 * (either one that is known in advance, or one that will be dynamically
278 * assigned for them).
279 *
280 * Simple rpmsg drivers need not call rpmsg_create_ept, because an endpoint
281 * is already created for them when they are probed by the rpmsg bus
282 * (using the rx callback provided when they registered to the rpmsg bus).
283 *
284 * So things should just work for simple drivers: they already have an
285 * endpoint, their rx callback is bound to their rpmsg address, and when
286 * relevant inbound messages arrive (i.e. messages which their dst address
287 * equals to the src address of their rpmsg channel), the driver's handler
288 * is invoked to process it.
289 *
290 * That said, more complicated drivers might do need to allocate
291 * additional rpmsg addresses, and bind them to different rx callbacks.
292 * To accomplish that, those drivers need to call this function.
293 *
294 * Drivers should provide their @rpdev channel (so the new endpoint would belong
295 * to the same remote processor their channel belongs to), an rx callback
296 * function, an optional private data (which is provided back when the
297 * rx callback is invoked), and an address they want to bind with the
298 * callback. If @addr is RPMSG_ADDR_ANY, then rpmsg_create_ept will
299 * dynamically assign them an available rpmsg address (drivers should have
300 * a very good reason why not to always use RPMSG_ADDR_ANY here).
301 *
302 * Returns a pointer to the endpoint on success, or NULL on error.
303 */
304 struct rpmsg_endpoint *rpmsg_create_ept(struct rpmsg_channel *rpdev,
305 rpmsg_rx_cb_t cb, void *priv, u32 addr)
306 {
307 return __rpmsg_create_ept(rpdev->vrp, rpdev, cb, priv, addr);
308 }
309 EXPORT_SYMBOL(rpmsg_create_ept);
310
311 /**
312 * __rpmsg_destroy_ept() - destroy an existing rpmsg endpoint
313 * @vrp: virtproc which owns this ept
314 * @ept: endpoing to destroy
315 *
316 * An internal function which destroy an ept without assuming it is
317 * bound to an rpmsg channel. This is needed for handling the internal
318 * name service endpoint, which isn't bound to an rpmsg channel.
319 * See also __rpmsg_create_ept().
320 */
321 static void
322 __rpmsg_destroy_ept(struct virtproc_info *vrp, struct rpmsg_endpoint *ept)
323 {
324 /* make sure new inbound messages can't find this ept anymore */
325 mutex_lock(&vrp->endpoints_lock);
326 idr_remove(&vrp->endpoints, ept->addr);
327 mutex_unlock(&vrp->endpoints_lock);
328
329 /* make sure in-flight inbound messages won't invoke cb anymore */
330 mutex_lock(&ept->cb_lock);
331 ept->cb = NULL;
332 mutex_unlock(&ept->cb_lock);
333
334 kref_put(&ept->refcount, __ept_release);
335 }
336
337 /**
338 * rpmsg_destroy_ept() - destroy an existing rpmsg endpoint
339 * @ept: endpoing to destroy
340 *
341 * Should be used by drivers to destroy an rpmsg endpoint previously
342 * created with rpmsg_create_ept().
343 */
344 void rpmsg_destroy_ept(struct rpmsg_endpoint *ept)
345 {
346 __rpmsg_destroy_ept(ept->rpdev->vrp, ept);
347 }
348 EXPORT_SYMBOL(rpmsg_destroy_ept);
349
350 /*
351 * when an rpmsg driver is probed with a channel, we seamlessly create
352 * it an endpoint, binding its rx callback to a unique local rpmsg
353 * address.
354 *
355 * if we need to, we also announce about this channel to the remote
356 * processor (needed in case the driver is exposing an rpmsg service).
357 */
358 static int rpmsg_dev_probe(struct device *dev)
359 {
360 struct rpmsg_channel *rpdev = to_rpmsg_channel(dev);
361 struct rpmsg_driver *rpdrv = to_rpmsg_driver(rpdev->dev.driver);
362 struct virtproc_info *vrp = rpdev->vrp;
363 struct rpmsg_endpoint *ept;
364 int err;
365
366 ept = rpmsg_create_ept(rpdev, rpdrv->callback, NULL, rpdev->src);
367 if (!ept) {
368 dev_err(dev, "failed to create endpoint\n");
369 err = -ENOMEM;
370 goto out;
371 }
372
373 rpdev->ept = ept;
374 rpdev->src = ept->addr;
375
376 err = rpdrv->probe(rpdev);
377 if (err) {
378 dev_err(dev, "%s: failed: %d\n", __func__, err);
379 rpmsg_destroy_ept(ept);
380 goto out;
381 }
382
383 /* need to tell remote processor's name service about this channel ? */
384 if (rpdev->announce &&
385 virtio_has_feature(vrp->vdev, VIRTIO_RPMSG_F_NS)) {
386 struct rpmsg_ns_msg nsm;
387
388 strncpy(nsm.name, rpdev->id.name, RPMSG_NAME_SIZE);
389 nsm.addr = rpdev->src;
390 nsm.flags = RPMSG_NS_CREATE;
391
392 err = rpmsg_sendto(rpdev, &nsm, sizeof(nsm), RPMSG_NS_ADDR);
393 if (err)
394 dev_err(dev, "failed to announce service %d\n", err);
395 }
396
397 out:
398 return err;
399 }
400
401 static int rpmsg_dev_remove(struct device *dev)
402 {
403 struct rpmsg_channel *rpdev = to_rpmsg_channel(dev);
404 struct rpmsg_driver *rpdrv = to_rpmsg_driver(rpdev->dev.driver);
405 struct virtproc_info *vrp = rpdev->vrp;
406 int err = 0;
407
408 /* tell remote processor's name service we're removing this channel */
409 if (rpdev->announce &&
410 virtio_has_feature(vrp->vdev, VIRTIO_RPMSG_F_NS)) {
411 struct rpmsg_ns_msg nsm;
412
413 strncpy(nsm.name, rpdev->id.name, RPMSG_NAME_SIZE);
414 nsm.addr = rpdev->src;
415 nsm.flags = RPMSG_NS_DESTROY;
416
417 err = rpmsg_sendto(rpdev, &nsm, sizeof(nsm), RPMSG_NS_ADDR);
418 if (err)
419 dev_err(dev, "failed to announce service %d\n", err);
420 }
421
422 rpdrv->remove(rpdev);
423
424 rpmsg_destroy_ept(rpdev->ept);
425
426 return err;
427 }
428
429 static struct bus_type rpmsg_bus = {
430 .name = "rpmsg",
431 .match = rpmsg_dev_match,
432 .dev_attrs = rpmsg_dev_attrs,
433 .uevent = rpmsg_uevent,
434 .probe = rpmsg_dev_probe,
435 .remove = rpmsg_dev_remove,
436 };
437
438 /**
439 * register_rpmsg_driver() - register an rpmsg driver with the rpmsg bus
440 * @rpdrv: pointer to a struct rpmsg_driver
441 *
442 * Returns 0 on success, and an appropriate error value on failure.
443 */
444 int register_rpmsg_driver(struct rpmsg_driver *rpdrv)
445 {
446 rpdrv->drv.bus = &rpmsg_bus;
447 return driver_register(&rpdrv->drv);
448 }
449 EXPORT_SYMBOL(register_rpmsg_driver);
450
451 /**
452 * unregister_rpmsg_driver() - unregister an rpmsg driver from the rpmsg bus
453 * @rpdrv: pointer to a struct rpmsg_driver
454 *
455 * Returns 0 on success, and an appropriate error value on failure.
456 */
457 void unregister_rpmsg_driver(struct rpmsg_driver *rpdrv)
458 {
459 driver_unregister(&rpdrv->drv);
460 }
461 EXPORT_SYMBOL(unregister_rpmsg_driver);
462
463 static void rpmsg_release_device(struct device *dev)
464 {
465 struct rpmsg_channel *rpdev = to_rpmsg_channel(dev);
466
467 kfree(rpdev);
468 }
469
470 /*
471 * match an rpmsg channel with a channel info struct.
472 * this is used to make sure we're not creating rpmsg devices for channels
473 * that already exist.
474 */
475 static int rpmsg_channel_match(struct device *dev, void *data)
476 {
477 struct rpmsg_channel_info *chinfo = data;
478 struct rpmsg_channel *rpdev = to_rpmsg_channel(dev);
479
480 if (chinfo->src != RPMSG_ADDR_ANY && chinfo->src != rpdev->src)
481 return 0;
482
483 if (chinfo->dst != RPMSG_ADDR_ANY && chinfo->dst != rpdev->dst)
484 return 0;
485
486 if (strncmp(chinfo->name, rpdev->id.name, RPMSG_NAME_SIZE))
487 return 0;
488
489 /* found a match ! */
490 return 1;
491 }
492
493 /*
494 * create an rpmsg channel using its name and address info.
495 * this function will be used to create both static and dynamic
496 * channels.
497 */
498 static struct rpmsg_channel *rpmsg_create_channel(struct virtproc_info *vrp,
499 struct rpmsg_channel_info *chinfo)
500 {
501 struct rpmsg_channel *rpdev;
502 struct device *tmp, *dev = &vrp->vdev->dev;
503 int ret;
504
505 /* make sure a similar channel doesn't already exist */
506 tmp = device_find_child(dev, chinfo, rpmsg_channel_match);
507 if (tmp) {
508 /* decrement the matched device's refcount back */
509 put_device(tmp);
510 dev_err(dev, "channel %s:%x:%x already exist\n",
511 chinfo->name, chinfo->src, chinfo->dst);
512 return NULL;
513 }
514
515 rpdev = kzalloc(sizeof(struct rpmsg_channel), GFP_KERNEL);
516 if (!rpdev) {
517 pr_err("kzalloc failed\n");
518 return NULL;
519 }
520
521 rpdev->vrp = vrp;
522 rpdev->src = chinfo->src;
523 rpdev->dst = chinfo->dst;
524
525 /*
526 * rpmsg server channels has predefined local address (for now),
527 * and their existence needs to be announced remotely
528 */
529 rpdev->announce = rpdev->src != RPMSG_ADDR_ANY ? true : false;
530
531 strncpy(rpdev->id.name, chinfo->name, RPMSG_NAME_SIZE);
532
533 /* very simple device indexing plumbing which is enough for now */
534 dev_set_name(&rpdev->dev, "rpmsg%d", rpmsg_dev_index++);
535
536 rpdev->dev.parent = &vrp->vdev->dev;
537 rpdev->dev.bus = &rpmsg_bus;
538 rpdev->dev.release = rpmsg_release_device;
539
540 ret = device_register(&rpdev->dev);
541 if (ret) {
542 dev_err(dev, "device_register failed: %d\n", ret);
543 put_device(&rpdev->dev);
544 return NULL;
545 }
546
547 return rpdev;
548 }
549
550 /*
551 * find an existing channel using its name + address properties,
552 * and destroy it
553 */
554 static int rpmsg_destroy_channel(struct virtproc_info *vrp,
555 struct rpmsg_channel_info *chinfo)
556 {
557 struct virtio_device *vdev = vrp->vdev;
558 struct device *dev;
559
560 dev = device_find_child(&vdev->dev, chinfo, rpmsg_channel_match);
561 if (!dev)
562 return -EINVAL;
563
564 device_unregister(dev);
565
566 put_device(dev);
567
568 return 0;
569 }
570
571 /* super simple buffer "allocator" that is just enough for now */
572 static void *get_a_tx_buf(struct virtproc_info *vrp)
573 {
574 unsigned int len;
575 void *ret;
576
577 /* support multiple concurrent senders */
578 mutex_lock(&vrp->tx_lock);
579
580 /*
581 * either pick the next unused tx buffer
582 * (half of our buffers are used for sending messages)
583 */
584 if (vrp->last_sbuf < vrp->num_bufs / 2)
585 ret = vrp->sbufs + RPMSG_BUF_SIZE * vrp->last_sbuf++;
586 /* or recycle a used one */
587 else
588 ret = virtqueue_get_buf(vrp->svq, &len);
589
590 mutex_unlock(&vrp->tx_lock);
591
592 return ret;
593 }
594
595 /**
596 * rpmsg_upref_sleepers() - enable "tx-complete" interrupts, if needed
597 * @vrp: virtual remote processor state
598 *
599 * This function is called before a sender is blocked, waiting for
600 * a tx buffer to become available.
601 *
602 * If we already have blocking senders, this function merely increases
603 * the "sleepers" reference count, and exits.
604 *
605 * Otherwise, if this is the first sender to block, we also enable
606 * virtio's tx callbacks, so we'd be immediately notified when a tx
607 * buffer is consumed (we rely on virtio's tx callback in order
608 * to wake up sleeping senders as soon as a tx buffer is used by the
609 * remote processor).
610 */
611 static void rpmsg_upref_sleepers(struct virtproc_info *vrp)
612 {
613 /* support multiple concurrent senders */
614 mutex_lock(&vrp->tx_lock);
615
616 /* are we the first sleeping context waiting for tx buffers ? */
617 if (atomic_inc_return(&vrp->sleepers) == 1)
618 /* enable "tx-complete" interrupts before dozing off */
619 virtqueue_enable_cb(vrp->svq);
620
621 mutex_unlock(&vrp->tx_lock);
622 }
623
624 /**
625 * rpmsg_downref_sleepers() - disable "tx-complete" interrupts, if needed
626 * @vrp: virtual remote processor state
627 *
628 * This function is called after a sender, that waited for a tx buffer
629 * to become available, is unblocked.
630 *
631 * If we still have blocking senders, this function merely decreases
632 * the "sleepers" reference count, and exits.
633 *
634 * Otherwise, if there are no more blocking senders, we also disable
635 * virtio's tx callbacks, to avoid the overhead incurred with handling
636 * those (now redundant) interrupts.
637 */
638 static void rpmsg_downref_sleepers(struct virtproc_info *vrp)
639 {
640 /* support multiple concurrent senders */
641 mutex_lock(&vrp->tx_lock);
642
643 /* are we the last sleeping context waiting for tx buffers ? */
644 if (atomic_dec_and_test(&vrp->sleepers))
645 /* disable "tx-complete" interrupts */
646 virtqueue_disable_cb(vrp->svq);
647
648 mutex_unlock(&vrp->tx_lock);
649 }
650
651 /**
652 * rpmsg_send_offchannel_raw() - send a message across to the remote processor
653 * @rpdev: the rpmsg channel
654 * @src: source address
655 * @dst: destination address
656 * @data: payload of message
657 * @len: length of payload
658 * @wait: indicates whether caller should block in case no TX buffers available
659 *
660 * This function is the base implementation for all of the rpmsg sending API.
661 *
662 * It will send @data of length @len to @dst, and say it's from @src. The
663 * message will be sent to the remote processor which the @rpdev channel
664 * belongs to.
665 *
666 * The message is sent using one of the TX buffers that are available for
667 * communication with this remote processor.
668 *
669 * If @wait is true, the caller will be blocked until either a TX buffer is
670 * available, or 15 seconds elapses (we don't want callers to
671 * sleep indefinitely due to misbehaving remote processors), and in that
672 * case -ERESTARTSYS is returned. The number '15' itself was picked
673 * arbitrarily; there's little point in asking drivers to provide a timeout
674 * value themselves.
675 *
676 * Otherwise, if @wait is false, and there are no TX buffers available,
677 * the function will immediately fail, and -ENOMEM will be returned.
678 *
679 * Normally drivers shouldn't use this function directly; instead, drivers
680 * should use the appropriate rpmsg_{try}send{to, _offchannel} API
681 * (see include/linux/rpmsg.h).
682 *
683 * Returns 0 on success and an appropriate error value on failure.
684 */
685 int rpmsg_send_offchannel_raw(struct rpmsg_channel *rpdev, u32 src, u32 dst,
686 void *data, int len, bool wait)
687 {
688 struct virtproc_info *vrp = rpdev->vrp;
689 struct device *dev = &rpdev->dev;
690 struct scatterlist sg;
691 struct rpmsg_hdr *msg;
692 int err;
693
694 /* bcasting isn't allowed */
695 if (src == RPMSG_ADDR_ANY || dst == RPMSG_ADDR_ANY) {
696 dev_err(dev, "invalid addr (src 0x%x, dst 0x%x)\n", src, dst);
697 return -EINVAL;
698 }
699
700 /*
701 * We currently use fixed-sized buffers, and therefore the payload
702 * length is limited.
703 *
704 * One of the possible improvements here is either to support
705 * user-provided buffers (and then we can also support zero-copy
706 * messaging), or to improve the buffer allocator, to support
707 * variable-length buffer sizes.
708 */
709 if (len > RPMSG_BUF_SIZE - sizeof(struct rpmsg_hdr)) {
710 dev_err(dev, "message is too big (%d)\n", len);
711 return -EMSGSIZE;
712 }
713
714 /* grab a buffer */
715 msg = get_a_tx_buf(vrp);
716 if (!msg && !wait)
717 return -ENOMEM;
718
719 /* no free buffer ? wait for one (but bail after 15 seconds) */
720 while (!msg) {
721 /* enable "tx-complete" interrupts, if not already enabled */
722 rpmsg_upref_sleepers(vrp);
723
724 /*
725 * sleep until a free buffer is available or 15 secs elapse.
726 * the timeout period is not configurable because there's
727 * little point in asking drivers to specify that.
728 * if later this happens to be required, it'd be easy to add.
729 */
730 err = wait_event_interruptible_timeout(vrp->sendq,
731 (msg = get_a_tx_buf(vrp)),
732 msecs_to_jiffies(15000));
733
734 /* disable "tx-complete" interrupts if we're the last sleeper */
735 rpmsg_downref_sleepers(vrp);
736
737 /* timeout ? */
738 if (!err) {
739 dev_err(dev, "timeout waiting for a tx buffer\n");
740 return -ERESTARTSYS;
741 }
742 }
743
744 msg->len = len;
745 msg->flags = 0;
746 msg->src = src;
747 msg->dst = dst;
748 msg->reserved = 0;
749 memcpy(msg->data, data, len);
750
751 dev_dbg(dev, "TX From 0x%x, To 0x%x, Len %d, Flags %d, Reserved %d\n",
752 msg->src, msg->dst, msg->len,
753 msg->flags, msg->reserved);
754 print_hex_dump(KERN_DEBUG, "rpmsg_virtio TX: ", DUMP_PREFIX_NONE, 16, 1,
755 msg, sizeof(*msg) + msg->len, true);
756
757 sg_init_one(&sg, msg, sizeof(*msg) + len);
758
759 mutex_lock(&vrp->tx_lock);
760
761 /* add message to the remote processor's virtqueue */
762 err = virtqueue_add_outbuf(vrp->svq, &sg, 1, msg, GFP_KERNEL);
763 if (err) {
764 /*
765 * need to reclaim the buffer here, otherwise it's lost
766 * (memory won't leak, but rpmsg won't use it again for TX).
767 * this will wait for a buffer management overhaul.
768 */
769 dev_err(dev, "virtqueue_add_outbuf failed: %d\n", err);
770 goto out;
771 }
772
773 /* tell the remote processor it has a pending message to read */
774 virtqueue_kick(vrp->svq);
775 out:
776 mutex_unlock(&vrp->tx_lock);
777 return err;
778 }
779 EXPORT_SYMBOL(rpmsg_send_offchannel_raw);
780
781 static int rpmsg_recv_single(struct virtproc_info *vrp, struct device *dev,
782 struct rpmsg_hdr *msg, unsigned int len)
783 {
784 struct rpmsg_endpoint *ept;
785 struct scatterlist sg;
786 int err;
787
788 dev_dbg(dev, "From: 0x%x, To: 0x%x, Len: %d, Flags: %d, Reserved: %d\n",
789 msg->src, msg->dst, msg->len,
790 msg->flags, msg->reserved);
791 print_hex_dump(KERN_DEBUG, "rpmsg_virtio RX: ", DUMP_PREFIX_NONE, 16, 1,
792 msg, sizeof(*msg) + msg->len, true);
793
794 /*
795 * We currently use fixed-sized buffers, so trivially sanitize
796 * the reported payload length.
797 */
798 if (len > RPMSG_BUF_SIZE ||
799 msg->len > (len - sizeof(struct rpmsg_hdr))) {
800 dev_warn(dev, "inbound msg too big: (%d, %d)\n", len, msg->len);
801 return -EINVAL;
802 }
803
804 /* use the dst addr to fetch the callback of the appropriate user */
805 mutex_lock(&vrp->endpoints_lock);
806
807 ept = idr_find(&vrp->endpoints, msg->dst);
808
809 /* let's make sure no one deallocates ept while we use it */
810 if (ept)
811 kref_get(&ept->refcount);
812
813 mutex_unlock(&vrp->endpoints_lock);
814
815 if (ept) {
816 /* make sure ept->cb doesn't go away while we use it */
817 mutex_lock(&ept->cb_lock);
818
819 if (ept->cb)
820 ept->cb(ept->rpdev, msg->data, msg->len, ept->priv,
821 msg->src);
822
823 mutex_unlock(&ept->cb_lock);
824
825 /* farewell, ept, we don't need you anymore */
826 kref_put(&ept->refcount, __ept_release);
827 } else
828 dev_warn(dev, "msg received with no recipient\n");
829
830 /* publish the real size of the buffer */
831 sg_init_one(&sg, msg, RPMSG_BUF_SIZE);
832
833 /* add the buffer back to the remote processor's virtqueue */
834 err = virtqueue_add_inbuf(vrp->rvq, &sg, 1, msg, GFP_KERNEL);
835 if (err < 0) {
836 dev_err(dev, "failed to add a virtqueue buffer: %d\n", err);
837 return err;
838 }
839
840 return 0;
841 }
842
843 /* called when an rx buffer is used, and it's time to digest a message */
844 static void rpmsg_recv_done(struct virtqueue *rvq)
845 {
846 struct virtproc_info *vrp = rvq->vdev->priv;
847 struct device *dev = &rvq->vdev->dev;
848 struct rpmsg_hdr *msg;
849 unsigned int len, msgs_received = 0;
850 int err;
851
852 msg = virtqueue_get_buf(rvq, &len);
853 if (!msg) {
854 dev_err(dev, "uhm, incoming signal, but no used buffer ?\n");
855 return;
856 }
857
858 while (msg) {
859 err = rpmsg_recv_single(vrp, dev, msg, len);
860 if (err)
861 break;
862
863 msgs_received++;
864
865 msg = virtqueue_get_buf(rvq, &len);
866 };
867
868 dev_dbg(dev, "Received %u messages\n", msgs_received);
869
870 /* tell the remote processor we added another available rx buffer */
871 if (msgs_received)
872 virtqueue_kick(vrp->rvq);
873 }
874
875 /*
876 * This is invoked whenever the remote processor completed processing
877 * a TX msg we just sent it, and the buffer is put back to the used ring.
878 *
879 * Normally, though, we suppress this "tx complete" interrupt in order to
880 * avoid the incurred overhead.
881 */
882 static void rpmsg_xmit_done(struct virtqueue *svq)
883 {
884 struct virtproc_info *vrp = svq->vdev->priv;
885
886 dev_dbg(&svq->vdev->dev, "%s\n", __func__);
887
888 /* wake up potential senders that are waiting for a tx buffer */
889 wake_up_interruptible(&vrp->sendq);
890 }
891
892 /* invoked when a name service announcement arrives */
893 static void rpmsg_ns_cb(struct rpmsg_channel *rpdev, void *data, int len,
894 void *priv, u32 src)
895 {
896 struct rpmsg_ns_msg *msg = data;
897 struct rpmsg_channel *newch;
898 struct rpmsg_channel_info chinfo;
899 struct virtproc_info *vrp = priv;
900 struct device *dev = &vrp->vdev->dev;
901 int ret;
902
903 print_hex_dump(KERN_DEBUG, "NS announcement: ",
904 DUMP_PREFIX_NONE, 16, 1,
905 data, len, true);
906
907 if (len != sizeof(*msg)) {
908 dev_err(dev, "malformed ns msg (%d)\n", len);
909 return;
910 }
911
912 /*
913 * the name service ept does _not_ belong to a real rpmsg channel,
914 * and is handled by the rpmsg bus itself.
915 * for sanity reasons, make sure a valid rpdev has _not_ sneaked
916 * in somehow.
917 */
918 if (rpdev) {
919 dev_err(dev, "anomaly: ns ept has an rpdev handle\n");
920 return;
921 }
922
923 /* don't trust the remote processor for null terminating the name */
924 msg->name[RPMSG_NAME_SIZE - 1] = '\0';
925
926 dev_info(dev, "%sing channel %s addr 0x%x\n",
927 msg->flags & RPMSG_NS_DESTROY ? "destroy" : "creat",
928 msg->name, msg->addr);
929
930 strncpy(chinfo.name, msg->name, sizeof(chinfo.name));
931 chinfo.src = RPMSG_ADDR_ANY;
932 chinfo.dst = msg->addr;
933
934 if (msg->flags & RPMSG_NS_DESTROY) {
935 ret = rpmsg_destroy_channel(vrp, &chinfo);
936 if (ret)
937 dev_err(dev, "rpmsg_destroy_channel failed: %d\n", ret);
938 } else {
939 newch = rpmsg_create_channel(vrp, &chinfo);
940 if (!newch)
941 dev_err(dev, "rpmsg_create_channel failed\n");
942 }
943 }
944
945 static int rpmsg_probe(struct virtio_device *vdev)
946 {
947 vq_callback_t *vq_cbs[] = { rpmsg_recv_done, rpmsg_xmit_done };
948 const char *names[] = { "input", "output" };
949 struct virtqueue *vqs[2];
950 struct virtproc_info *vrp;
951 void *bufs_va;
952 int err = 0, i;
953 size_t total_buf_space;
954 bool notify;
955
956 vrp = kzalloc(sizeof(*vrp), GFP_KERNEL);
957 if (!vrp)
958 return -ENOMEM;
959
960 vrp->vdev = vdev;
961
962 idr_init(&vrp->endpoints);
963 mutex_init(&vrp->endpoints_lock);
964 mutex_init(&vrp->tx_lock);
965 init_waitqueue_head(&vrp->sendq);
966
967 /* We expect two virtqueues, rx and tx (and in this order) */
968 err = vdev->config->find_vqs(vdev, 2, vqs, vq_cbs, names);
969 if (err)
970 goto free_vrp;
971
972 vrp->rvq = vqs[0];
973 vrp->svq = vqs[1];
974
975 /* we expect symmetric tx/rx vrings */
976 WARN_ON(virtqueue_get_vring_size(vrp->rvq) !=
977 virtqueue_get_vring_size(vrp->svq));
978
979 /* we need less buffers if vrings are small */
980 if (virtqueue_get_vring_size(vrp->rvq) < MAX_RPMSG_NUM_BUFS / 2)
981 vrp->num_bufs = virtqueue_get_vring_size(vrp->rvq) * 2;
982 else
983 vrp->num_bufs = MAX_RPMSG_NUM_BUFS;
984
985 total_buf_space = vrp->num_bufs * RPMSG_BUF_SIZE;
986
987 /* allocate coherent memory for the buffers */
988 bufs_va = dma_alloc_coherent(vdev->dev.parent->parent,
989 total_buf_space, &vrp->bufs_dma,
990 GFP_KERNEL);
991 if (!bufs_va) {
992 err = -ENOMEM;
993 goto vqs_del;
994 }
995
996 dev_dbg(&vdev->dev, "buffers: va %p, dma 0x%llx\n", bufs_va,
997 (unsigned long long)vrp->bufs_dma);
998
999 /* half of the buffers is dedicated for RX */
1000 vrp->rbufs = bufs_va;
1001
1002 /* and half is dedicated for TX */
1003 vrp->sbufs = bufs_va + total_buf_space / 2;
1004
1005 /* set up the receive buffers */
1006 for (i = 0; i < vrp->num_bufs / 2; i++) {
1007 struct scatterlist sg;
1008 void *cpu_addr = vrp->rbufs + i * RPMSG_BUF_SIZE;
1009
1010 sg_init_one(&sg, cpu_addr, RPMSG_BUF_SIZE);
1011
1012 err = virtqueue_add_inbuf(vrp->rvq, &sg, 1, cpu_addr,
1013 GFP_KERNEL);
1014 WARN_ON(err); /* sanity check; this can't really happen */
1015 }
1016
1017 /* suppress "tx-complete" interrupts */
1018 virtqueue_disable_cb(vrp->svq);
1019
1020 vdev->priv = vrp;
1021
1022 /* if supported by the remote processor, enable the name service */
1023 if (virtio_has_feature(vdev, VIRTIO_RPMSG_F_NS)) {
1024 /* a dedicated endpoint handles the name service msgs */
1025 vrp->ns_ept = __rpmsg_create_ept(vrp, NULL, rpmsg_ns_cb,
1026 vrp, RPMSG_NS_ADDR);
1027 if (!vrp->ns_ept) {
1028 dev_err(&vdev->dev, "failed to create the ns ept\n");
1029 err = -ENOMEM;
1030 goto free_coherent;
1031 }
1032 }
1033
1034 /*
1035 * Prepare to kick but don't notify yet - we can't do this before
1036 * device is ready.
1037 */
1038 notify = virtqueue_kick_prepare(vrp->rvq);
1039
1040 /* From this point on, we can notify and get callbacks. */
1041 virtio_device_ready(vdev);
1042
1043 /* tell the remote processor it can start sending messages */
1044 /*
1045 * this might be concurrent with callbacks, but we are only
1046 * doing notify, not a full kick here, so that's ok.
1047 */
1048 if (notify)
1049 virtqueue_notify(vrp->rvq);
1050
1051 dev_info(&vdev->dev, "rpmsg host is online\n");
1052
1053 return 0;
1054
1055 free_coherent:
1056 dma_free_coherent(vdev->dev.parent->parent, total_buf_space,
1057 bufs_va, vrp->bufs_dma);
1058 vqs_del:
1059 vdev->config->del_vqs(vrp->vdev);
1060 free_vrp:
1061 kfree(vrp);
1062 return err;
1063 }
1064
1065 static int rpmsg_remove_device(struct device *dev, void *data)
1066 {
1067 device_unregister(dev);
1068
1069 return 0;
1070 }
1071
1072 static void rpmsg_remove(struct virtio_device *vdev)
1073 {
1074 struct virtproc_info *vrp = vdev->priv;
1075 size_t total_buf_space = vrp->num_bufs * RPMSG_BUF_SIZE;
1076 int ret;
1077
1078 vdev->config->reset(vdev);
1079
1080 ret = device_for_each_child(&vdev->dev, NULL, rpmsg_remove_device);
1081 if (ret)
1082 dev_warn(&vdev->dev, "can't remove rpmsg device: %d\n", ret);
1083
1084 if (vrp->ns_ept)
1085 __rpmsg_destroy_ept(vrp, vrp->ns_ept);
1086
1087 idr_destroy(&vrp->endpoints);
1088
1089 vdev->config->del_vqs(vrp->vdev);
1090
1091 dma_free_coherent(vdev->dev.parent->parent, total_buf_space,
1092 vrp->rbufs, vrp->bufs_dma);
1093
1094 kfree(vrp);
1095 }
1096
1097 static struct virtio_device_id id_table[] = {
1098 { VIRTIO_ID_RPMSG, VIRTIO_DEV_ANY_ID },
1099 { 0 },
1100 };
1101
1102 static unsigned int features[] = {
1103 VIRTIO_RPMSG_F_NS,
1104 };
1105
1106 static struct virtio_driver virtio_ipc_driver = {
1107 .feature_table = features,
1108 .feature_table_size = ARRAY_SIZE(features),
1109 .driver.name = KBUILD_MODNAME,
1110 .driver.owner = THIS_MODULE,
1111 .id_table = id_table,
1112 .probe = rpmsg_probe,
1113 .remove = rpmsg_remove,
1114 };
1115
1116 static int __init rpmsg_init(void)
1117 {
1118 int ret;
1119
1120 ret = bus_register(&rpmsg_bus);
1121 if (ret) {
1122 pr_err("failed to register rpmsg bus: %d\n", ret);
1123 return ret;
1124 }
1125
1126 ret = register_virtio_driver(&virtio_ipc_driver);
1127 if (ret) {
1128 pr_err("failed to register virtio driver: %d\n", ret);
1129 bus_unregister(&rpmsg_bus);
1130 }
1131
1132 return ret;
1133 }
1134 subsys_initcall(rpmsg_init);
1135
1136 static void __exit rpmsg_fini(void)
1137 {
1138 unregister_virtio_driver(&virtio_ipc_driver);
1139 bus_unregister(&rpmsg_bus);
1140 }
1141 module_exit(rpmsg_fini);
1142
1143 MODULE_DEVICE_TABLE(virtio, id_table);
1144 MODULE_DESCRIPTION("Virtio-based remote processor messaging bus");
1145 MODULE_LICENSE("GPL v2");
Linux with added FPC-III support