HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage()
[linux/fpc-iii.git] / drivers / char / virtio_console.c
blob226ccb7891d4d6b25aa5b9335b1a4e8c7a3fee85
1 /*
2 * Copyright (C) 2006, 2007, 2009 Rusty Russell, IBM Corporation
3 * Copyright (C) 2009, 2010, 2011 Red Hat, Inc.
4 * Copyright (C) 2009, 2010, 2011 Amit Shah <amit.shah@redhat.com>
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 #include <linux/cdev.h>
21 #include <linux/debugfs.h>
22 #include <linux/completion.h>
23 #include <linux/device.h>
24 #include <linux/err.h>
25 #include <linux/freezer.h>
26 #include <linux/fs.h>
27 #include <linux/splice.h>
28 #include <linux/pagemap.h>
29 #include <linux/init.h>
30 #include <linux/list.h>
31 #include <linux/poll.h>
32 #include <linux/sched.h>
33 #include <linux/slab.h>
34 #include <linux/spinlock.h>
35 #include <linux/virtio.h>
36 #include <linux/virtio_console.h>
37 #include <linux/wait.h>
38 #include <linux/workqueue.h>
39 #include <linux/module.h>
40 #include <linux/dma-mapping.h>
41 #include <linux/kconfig.h>
42 #include "../tty/hvc/hvc_console.h"
44 #define is_rproc_enabled IS_ENABLED(CONFIG_REMOTEPROC)
47 * This is a global struct for storing common data for all the devices
48 * this driver handles.
50 * Mainly, it has a linked list for all the consoles in one place so
51 * that callbacks from hvc for get_chars(), put_chars() work properly
52 * across multiple devices and multiple ports per device.
54 struct ports_driver_data {
55 /* Used for registering chardevs */
56 struct class *class;
58 /* Used for exporting per-port information to debugfs */
59 struct dentry *debugfs_dir;
61 /* List of all the devices we're handling */
62 struct list_head portdevs;
65 * This is used to keep track of the number of hvc consoles
66 * spawned by this driver. This number is given as the first
67 * argument to hvc_alloc(). To correctly map an initial
68 * console spawned via hvc_instantiate to the console being
69 * hooked up via hvc_alloc, we need to pass the same vtermno.
71 * We also just assume the first console being initialised was
72 * the first one that got used as the initial console.
74 unsigned int next_vtermno;
76 /* All the console devices handled by this driver */
77 struct list_head consoles;
79 static struct ports_driver_data pdrvdata = { .next_vtermno = 1};
81 static DEFINE_SPINLOCK(pdrvdata_lock);
82 static DECLARE_COMPLETION(early_console_added);
84 /* This struct holds information that's relevant only for console ports */
85 struct console {
86 /* We'll place all consoles in a list in the pdrvdata struct */
87 struct list_head list;
89 /* The hvc device associated with this console port */
90 struct hvc_struct *hvc;
92 /* The size of the console */
93 struct winsize ws;
96 * This number identifies the number that we used to register
97 * with hvc in hvc_instantiate() and hvc_alloc(); this is the
98 * number passed on by the hvc callbacks to us to
99 * differentiate between the other console ports handled by
100 * this driver
102 u32 vtermno;
105 struct port_buffer {
106 char *buf;
108 /* size of the buffer in *buf above */
109 size_t size;
111 /* used length of the buffer */
112 size_t len;
113 /* offset in the buf from which to consume data */
114 size_t offset;
116 /* DMA address of buffer */
117 dma_addr_t dma;
119 /* Device we got DMA memory from */
120 struct device *dev;
122 /* List of pending dma buffers to free */
123 struct list_head list;
125 /* If sgpages == 0 then buf is used */
126 unsigned int sgpages;
128 /* sg is used if spages > 0. sg must be the last in is struct */
129 struct scatterlist sg[0];
133 * This is a per-device struct that stores data common to all the
134 * ports for that device (vdev->priv).
136 struct ports_device {
137 /* Next portdev in the list, head is in the pdrvdata struct */
138 struct list_head list;
141 * Workqueue handlers where we process deferred work after
142 * notification
144 struct work_struct control_work;
145 struct work_struct config_work;
147 struct list_head ports;
149 /* To protect the list of ports */
150 spinlock_t ports_lock;
152 /* To protect the vq operations for the control channel */
153 spinlock_t c_ivq_lock;
154 spinlock_t c_ovq_lock;
156 /* The current config space is stored here */
157 struct virtio_console_config config;
159 /* The virtio device we're associated with */
160 struct virtio_device *vdev;
163 * A couple of virtqueues for the control channel: one for
164 * guest->host transfers, one for host->guest transfers
166 struct virtqueue *c_ivq, *c_ovq;
168 /* Array of per-port IO virtqueues */
169 struct virtqueue **in_vqs, **out_vqs;
171 /* Major number for this device. Ports will be created as minors. */
172 int chr_major;
175 struct port_stats {
176 unsigned long bytes_sent, bytes_received, bytes_discarded;
179 /* This struct holds the per-port data */
180 struct port {
181 /* Next port in the list, head is in the ports_device */
182 struct list_head list;
184 /* Pointer to the parent virtio_console device */
185 struct ports_device *portdev;
187 /* The current buffer from which data has to be fed to readers */
188 struct port_buffer *inbuf;
191 * To protect the operations on the in_vq associated with this
192 * port. Has to be a spinlock because it can be called from
193 * interrupt context (get_char()).
195 spinlock_t inbuf_lock;
197 /* Protect the operations on the out_vq. */
198 spinlock_t outvq_lock;
200 /* The IO vqs for this port */
201 struct virtqueue *in_vq, *out_vq;
203 /* File in the debugfs directory that exposes this port's information */
204 struct dentry *debugfs_file;
207 * Keep count of the bytes sent, received and discarded for
208 * this port for accounting and debugging purposes. These
209 * counts are not reset across port open / close events.
211 struct port_stats stats;
214 * The entries in this struct will be valid if this port is
215 * hooked up to an hvc console
217 struct console cons;
219 /* Each port associates with a separate char device */
220 struct cdev *cdev;
221 struct device *dev;
223 /* Reference-counting to handle port hot-unplugs and file operations */
224 struct kref kref;
226 /* A waitqueue for poll() or blocking read operations */
227 wait_queue_head_t waitqueue;
229 /* The 'name' of the port that we expose via sysfs properties */
230 char *name;
232 /* We can notify apps of host connect / disconnect events via SIGIO */
233 struct fasync_struct *async_queue;
235 /* The 'id' to identify the port with the Host */
236 u32 id;
238 bool outvq_full;
240 /* Is the host device open */
241 bool host_connected;
243 /* We should allow only one process to open a port */
244 bool guest_connected;
247 /* This is the very early arch-specified put chars function. */
248 static int (*early_put_chars)(u32, const char *, int);
250 static struct port *find_port_by_vtermno(u32 vtermno)
252 struct port *port;
253 struct console *cons;
254 unsigned long flags;
256 spin_lock_irqsave(&pdrvdata_lock, flags);
257 list_for_each_entry(cons, &pdrvdata.consoles, list) {
258 if (cons->vtermno == vtermno) {
259 port = container_of(cons, struct port, cons);
260 goto out;
263 port = NULL;
264 out:
265 spin_unlock_irqrestore(&pdrvdata_lock, flags);
266 return port;
269 static struct port *find_port_by_devt_in_portdev(struct ports_device *portdev,
270 dev_t dev)
272 struct port *port;
273 unsigned long flags;
275 spin_lock_irqsave(&portdev->ports_lock, flags);
276 list_for_each_entry(port, &portdev->ports, list) {
277 if (port->cdev->dev == dev) {
278 kref_get(&port->kref);
279 goto out;
282 port = NULL;
283 out:
284 spin_unlock_irqrestore(&portdev->ports_lock, flags);
286 return port;
289 static struct port *find_port_by_devt(dev_t dev)
291 struct ports_device *portdev;
292 struct port *port;
293 unsigned long flags;
295 spin_lock_irqsave(&pdrvdata_lock, flags);
296 list_for_each_entry(portdev, &pdrvdata.portdevs, list) {
297 port = find_port_by_devt_in_portdev(portdev, dev);
298 if (port)
299 goto out;
301 port = NULL;
302 out:
303 spin_unlock_irqrestore(&pdrvdata_lock, flags);
304 return port;
307 static struct port *find_port_by_id(struct ports_device *portdev, u32 id)
309 struct port *port;
310 unsigned long flags;
312 spin_lock_irqsave(&portdev->ports_lock, flags);
313 list_for_each_entry(port, &portdev->ports, list)
314 if (port->id == id)
315 goto out;
316 port = NULL;
317 out:
318 spin_unlock_irqrestore(&portdev->ports_lock, flags);
320 return port;
323 static struct port *find_port_by_vq(struct ports_device *portdev,
324 struct virtqueue *vq)
326 struct port *port;
327 unsigned long flags;
329 spin_lock_irqsave(&portdev->ports_lock, flags);
330 list_for_each_entry(port, &portdev->ports, list)
331 if (port->in_vq == vq || port->out_vq == vq)
332 goto out;
333 port = NULL;
334 out:
335 spin_unlock_irqrestore(&portdev->ports_lock, flags);
336 return port;
339 static bool is_console_port(struct port *port)
341 if (port->cons.hvc)
342 return true;
343 return false;
346 static bool is_rproc_serial(const struct virtio_device *vdev)
348 return is_rproc_enabled && vdev->id.device == VIRTIO_ID_RPROC_SERIAL;
351 static inline bool use_multiport(struct ports_device *portdev)
354 * This condition can be true when put_chars is called from
355 * early_init
357 if (!portdev->vdev)
358 return false;
359 return __virtio_test_bit(portdev->vdev, VIRTIO_CONSOLE_F_MULTIPORT);
362 static DEFINE_SPINLOCK(dma_bufs_lock);
363 static LIST_HEAD(pending_free_dma_bufs);
365 static void free_buf(struct port_buffer *buf, bool can_sleep)
367 unsigned int i;
369 for (i = 0; i < buf->sgpages; i++) {
370 struct page *page = sg_page(&buf->sg[i]);
371 if (!page)
372 break;
373 put_page(page);
376 if (!buf->dev) {
377 kfree(buf->buf);
378 } else if (is_rproc_enabled) {
379 unsigned long flags;
381 /* dma_free_coherent requires interrupts to be enabled. */
382 if (!can_sleep) {
383 /* queue up dma-buffers to be freed later */
384 spin_lock_irqsave(&dma_bufs_lock, flags);
385 list_add_tail(&buf->list, &pending_free_dma_bufs);
386 spin_unlock_irqrestore(&dma_bufs_lock, flags);
387 return;
389 dma_free_coherent(buf->dev, buf->size, buf->buf, buf->dma);
391 /* Release device refcnt and allow it to be freed */
392 put_device(buf->dev);
395 kfree(buf);
398 static void reclaim_dma_bufs(void)
400 unsigned long flags;
401 struct port_buffer *buf, *tmp;
402 LIST_HEAD(tmp_list);
404 if (list_empty(&pending_free_dma_bufs))
405 return;
407 /* Create a copy of the pending_free_dma_bufs while holding the lock */
408 spin_lock_irqsave(&dma_bufs_lock, flags);
409 list_cut_position(&tmp_list, &pending_free_dma_bufs,
410 pending_free_dma_bufs.prev);
411 spin_unlock_irqrestore(&dma_bufs_lock, flags);
413 /* Release the dma buffers, without irqs enabled */
414 list_for_each_entry_safe(buf, tmp, &tmp_list, list) {
415 list_del(&buf->list);
416 free_buf(buf, true);
420 static struct port_buffer *alloc_buf(struct virtio_device *vdev, size_t buf_size,
421 int pages)
423 struct port_buffer *buf;
425 reclaim_dma_bufs();
428 * Allocate buffer and the sg list. The sg list array is allocated
429 * directly after the port_buffer struct.
431 buf = kmalloc(sizeof(*buf) + sizeof(struct scatterlist) * pages,
432 GFP_KERNEL);
433 if (!buf)
434 goto fail;
436 buf->sgpages = pages;
437 if (pages > 0) {
438 buf->dev = NULL;
439 buf->buf = NULL;
440 return buf;
443 if (is_rproc_serial(vdev)) {
445 * Allocate DMA memory from ancestor. When a virtio
446 * device is created by remoteproc, the DMA memory is
447 * associated with the grandparent device:
448 * vdev => rproc => platform-dev.
449 * The code here would have been less quirky if
450 * DMA_MEMORY_INCLUDES_CHILDREN had been supported
451 * in dma-coherent.c
453 if (!vdev->dev.parent || !vdev->dev.parent->parent)
454 goto free_buf;
455 buf->dev = vdev->dev.parent->parent;
457 /* Increase device refcnt to avoid freeing it */
458 get_device(buf->dev);
459 buf->buf = dma_alloc_coherent(buf->dev, buf_size, &buf->dma,
460 GFP_KERNEL);
461 } else {
462 buf->dev = NULL;
463 buf->buf = kmalloc(buf_size, GFP_KERNEL);
466 if (!buf->buf)
467 goto free_buf;
468 buf->len = 0;
469 buf->offset = 0;
470 buf->size = buf_size;
471 return buf;
473 free_buf:
474 kfree(buf);
475 fail:
476 return NULL;
479 /* Callers should take appropriate locks */
480 static struct port_buffer *get_inbuf(struct port *port)
482 struct port_buffer *buf;
483 unsigned int len;
485 if (port->inbuf)
486 return port->inbuf;
488 buf = virtqueue_get_buf(port->in_vq, &len);
489 if (buf) {
490 buf->len = len;
491 buf->offset = 0;
492 port->stats.bytes_received += len;
494 return buf;
498 * Create a scatter-gather list representing our input buffer and put
499 * it in the queue.
501 * Callers should take appropriate locks.
503 static int add_inbuf(struct virtqueue *vq, struct port_buffer *buf)
505 struct scatterlist sg[1];
506 int ret;
508 sg_init_one(sg, buf->buf, buf->size);
510 ret = virtqueue_add_inbuf(vq, sg, 1, buf, GFP_ATOMIC);
511 virtqueue_kick(vq);
512 if (!ret)
513 ret = vq->num_free;
514 return ret;
517 /* Discard any unread data this port has. Callers lockers. */
518 static void discard_port_data(struct port *port)
520 struct port_buffer *buf;
521 unsigned int err;
523 if (!port->portdev) {
524 /* Device has been unplugged. vqs are already gone. */
525 return;
527 buf = get_inbuf(port);
529 err = 0;
530 while (buf) {
531 port->stats.bytes_discarded += buf->len - buf->offset;
532 if (add_inbuf(port->in_vq, buf) < 0) {
533 err++;
534 free_buf(buf, false);
536 port->inbuf = NULL;
537 buf = get_inbuf(port);
539 if (err)
540 dev_warn(port->dev, "Errors adding %d buffers back to vq\n",
541 err);
544 static bool port_has_data(struct port *port)
546 unsigned long flags;
547 bool ret;
549 ret = false;
550 spin_lock_irqsave(&port->inbuf_lock, flags);
551 port->inbuf = get_inbuf(port);
552 if (port->inbuf)
553 ret = true;
555 spin_unlock_irqrestore(&port->inbuf_lock, flags);
556 return ret;
559 static ssize_t __send_control_msg(struct ports_device *portdev, u32 port_id,
560 unsigned int event, unsigned int value)
562 struct scatterlist sg[1];
563 struct virtio_console_control cpkt;
564 struct virtqueue *vq;
565 unsigned int len;
567 if (!use_multiport(portdev))
568 return 0;
570 cpkt.id = cpu_to_virtio32(portdev->vdev, port_id);
571 cpkt.event = cpu_to_virtio16(portdev->vdev, event);
572 cpkt.value = cpu_to_virtio16(portdev->vdev, value);
574 vq = portdev->c_ovq;
576 sg_init_one(sg, &cpkt, sizeof(cpkt));
578 spin_lock(&portdev->c_ovq_lock);
579 if (virtqueue_add_outbuf(vq, sg, 1, &cpkt, GFP_ATOMIC) == 0) {
580 virtqueue_kick(vq);
581 while (!virtqueue_get_buf(vq, &len)
582 && !virtqueue_is_broken(vq))
583 cpu_relax();
585 spin_unlock(&portdev->c_ovq_lock);
586 return 0;
589 static ssize_t send_control_msg(struct port *port, unsigned int event,
590 unsigned int value)
592 /* Did the port get unplugged before userspace closed it? */
593 if (port->portdev)
594 return __send_control_msg(port->portdev, port->id, event, value);
595 return 0;
599 /* Callers must take the port->outvq_lock */
600 static void reclaim_consumed_buffers(struct port *port)
602 struct port_buffer *buf;
603 unsigned int len;
605 if (!port->portdev) {
606 /* Device has been unplugged. vqs are already gone. */
607 return;
609 while ((buf = virtqueue_get_buf(port->out_vq, &len))) {
610 free_buf(buf, false);
611 port->outvq_full = false;
615 static ssize_t __send_to_port(struct port *port, struct scatterlist *sg,
616 int nents, size_t in_count,
617 void *data, bool nonblock)
619 struct virtqueue *out_vq;
620 int err;
621 unsigned long flags;
622 unsigned int len;
624 out_vq = port->out_vq;
626 spin_lock_irqsave(&port->outvq_lock, flags);
628 reclaim_consumed_buffers(port);
630 err = virtqueue_add_outbuf(out_vq, sg, nents, data, GFP_ATOMIC);
632 /* Tell Host to go! */
633 virtqueue_kick(out_vq);
635 if (err) {
636 in_count = 0;
637 goto done;
640 if (out_vq->num_free == 0)
641 port->outvq_full = true;
643 if (nonblock)
644 goto done;
647 * Wait till the host acknowledges it pushed out the data we
648 * sent. This is done for data from the hvc_console; the tty
649 * operations are performed with spinlocks held so we can't
650 * sleep here. An alternative would be to copy the data to a
651 * buffer and relax the spinning requirement. The downside is
652 * we need to kmalloc a GFP_ATOMIC buffer each time the
653 * console driver writes something out.
655 while (!virtqueue_get_buf(out_vq, &len)
656 && !virtqueue_is_broken(out_vq))
657 cpu_relax();
658 done:
659 spin_unlock_irqrestore(&port->outvq_lock, flags);
661 port->stats.bytes_sent += in_count;
663 * We're expected to return the amount of data we wrote -- all
664 * of it
666 return in_count;
670 * Give out the data that's requested from the buffer that we have
671 * queued up.
673 static ssize_t fill_readbuf(struct port *port, char __user *out_buf,
674 size_t out_count, bool to_user)
676 struct port_buffer *buf;
677 unsigned long flags;
679 if (!out_count || !port_has_data(port))
680 return 0;
682 buf = port->inbuf;
683 out_count = min(out_count, buf->len - buf->offset);
685 if (to_user) {
686 ssize_t ret;
688 ret = copy_to_user(out_buf, buf->buf + buf->offset, out_count);
689 if (ret)
690 return -EFAULT;
691 } else {
692 memcpy((__force char *)out_buf, buf->buf + buf->offset,
693 out_count);
696 buf->offset += out_count;
698 if (buf->offset == buf->len) {
700 * We're done using all the data in this buffer.
701 * Re-queue so that the Host can send us more data.
703 spin_lock_irqsave(&port->inbuf_lock, flags);
704 port->inbuf = NULL;
706 if (add_inbuf(port->in_vq, buf) < 0)
707 dev_warn(port->dev, "failed add_buf\n");
709 spin_unlock_irqrestore(&port->inbuf_lock, flags);
711 /* Return the number of bytes actually copied */
712 return out_count;
715 /* The condition that must be true for polling to end */
716 static bool will_read_block(struct port *port)
718 if (!port->guest_connected) {
719 /* Port got hot-unplugged. Let's exit. */
720 return false;
722 return !port_has_data(port) && port->host_connected;
725 static bool will_write_block(struct port *port)
727 bool ret;
729 if (!port->guest_connected) {
730 /* Port got hot-unplugged. Let's exit. */
731 return false;
733 if (!port->host_connected)
734 return true;
736 spin_lock_irq(&port->outvq_lock);
738 * Check if the Host has consumed any buffers since we last
739 * sent data (this is only applicable for nonblocking ports).
741 reclaim_consumed_buffers(port);
742 ret = port->outvq_full;
743 spin_unlock_irq(&port->outvq_lock);
745 return ret;
748 static ssize_t port_fops_read(struct file *filp, char __user *ubuf,
749 size_t count, loff_t *offp)
751 struct port *port;
752 ssize_t ret;
754 port = filp->private_data;
756 /* Port is hot-unplugged. */
757 if (!port->guest_connected)
758 return -ENODEV;
760 if (!port_has_data(port)) {
762 * If nothing's connected on the host just return 0 in
763 * case of list_empty; this tells the userspace app
764 * that there's no connection
766 if (!port->host_connected)
767 return 0;
768 if (filp->f_flags & O_NONBLOCK)
769 return -EAGAIN;
771 ret = wait_event_freezable(port->waitqueue,
772 !will_read_block(port));
773 if (ret < 0)
774 return ret;
776 /* Port got hot-unplugged while we were waiting above. */
777 if (!port->guest_connected)
778 return -ENODEV;
780 * We could've received a disconnection message while we were
781 * waiting for more data.
783 * This check is not clubbed in the if() statement above as we
784 * might receive some data as well as the host could get
785 * disconnected after we got woken up from our wait. So we
786 * really want to give off whatever data we have and only then
787 * check for host_connected.
789 if (!port_has_data(port) && !port->host_connected)
790 return 0;
792 return fill_readbuf(port, ubuf, count, true);
795 static int wait_port_writable(struct port *port, bool nonblock)
797 int ret;
799 if (will_write_block(port)) {
800 if (nonblock)
801 return -EAGAIN;
803 ret = wait_event_freezable(port->waitqueue,
804 !will_write_block(port));
805 if (ret < 0)
806 return ret;
808 /* Port got hot-unplugged. */
809 if (!port->guest_connected)
810 return -ENODEV;
812 return 0;
815 static ssize_t port_fops_write(struct file *filp, const char __user *ubuf,
816 size_t count, loff_t *offp)
818 struct port *port;
819 struct port_buffer *buf;
820 ssize_t ret;
821 bool nonblock;
822 struct scatterlist sg[1];
824 /* Userspace could be out to fool us */
825 if (!count)
826 return 0;
828 port = filp->private_data;
830 nonblock = filp->f_flags & O_NONBLOCK;
832 ret = wait_port_writable(port, nonblock);
833 if (ret < 0)
834 return ret;
836 count = min((size_t)(32 * 1024), count);
838 buf = alloc_buf(port->portdev->vdev, count, 0);
839 if (!buf)
840 return -ENOMEM;
842 ret = copy_from_user(buf->buf, ubuf, count);
843 if (ret) {
844 ret = -EFAULT;
845 goto free_buf;
849 * We now ask send_buf() to not spin for generic ports -- we
850 * can re-use the same code path that non-blocking file
851 * descriptors take for blocking file descriptors since the
852 * wait is already done and we're certain the write will go
853 * through to the host.
855 nonblock = true;
856 sg_init_one(sg, buf->buf, count);
857 ret = __send_to_port(port, sg, 1, count, buf, nonblock);
859 if (nonblock && ret > 0)
860 goto out;
862 free_buf:
863 free_buf(buf, true);
864 out:
865 return ret;
868 struct sg_list {
869 unsigned int n;
870 unsigned int size;
871 size_t len;
872 struct scatterlist *sg;
875 static int pipe_to_sg(struct pipe_inode_info *pipe, struct pipe_buffer *buf,
876 struct splice_desc *sd)
878 struct sg_list *sgl = sd->u.data;
879 unsigned int offset, len;
881 if (sgl->n == sgl->size)
882 return 0;
884 /* Try lock this page */
885 if (buf->ops->steal(pipe, buf) == 0) {
886 /* Get reference and unlock page for moving */
887 get_page(buf->page);
888 unlock_page(buf->page);
890 len = min(buf->len, sd->len);
891 sg_set_page(&(sgl->sg[sgl->n]), buf->page, len, buf->offset);
892 } else {
893 /* Failback to copying a page */
894 struct page *page = alloc_page(GFP_KERNEL);
895 char *src;
897 if (!page)
898 return -ENOMEM;
900 offset = sd->pos & ~PAGE_MASK;
902 len = sd->len;
903 if (len + offset > PAGE_SIZE)
904 len = PAGE_SIZE - offset;
906 src = kmap_atomic(buf->page);
907 memcpy(page_address(page) + offset, src + buf->offset, len);
908 kunmap_atomic(src);
910 sg_set_page(&(sgl->sg[sgl->n]), page, len, offset);
912 sgl->n++;
913 sgl->len += len;
915 return len;
918 /* Faster zero-copy write by splicing */
919 static ssize_t port_fops_splice_write(struct pipe_inode_info *pipe,
920 struct file *filp, loff_t *ppos,
921 size_t len, unsigned int flags)
923 struct port *port = filp->private_data;
924 struct sg_list sgl;
925 ssize_t ret;
926 struct port_buffer *buf;
927 struct splice_desc sd = {
928 .total_len = len,
929 .flags = flags,
930 .pos = *ppos,
931 .u.data = &sgl,
935 * Rproc_serial does not yet support splice. To support splice
936 * pipe_to_sg() must allocate dma-buffers and copy content from
937 * regular pages to dma pages. And alloc_buf and free_buf must
938 * support allocating and freeing such a list of dma-buffers.
940 if (is_rproc_serial(port->out_vq->vdev))
941 return -EINVAL;
944 * pipe->nrbufs == 0 means there are no data to transfer,
945 * so this returns just 0 for no data.
947 pipe_lock(pipe);
948 if (!pipe->nrbufs) {
949 ret = 0;
950 goto error_out;
953 ret = wait_port_writable(port, filp->f_flags & O_NONBLOCK);
954 if (ret < 0)
955 goto error_out;
957 buf = alloc_buf(port->portdev->vdev, 0, pipe->nrbufs);
958 if (!buf) {
959 ret = -ENOMEM;
960 goto error_out;
963 sgl.n = 0;
964 sgl.len = 0;
965 sgl.size = pipe->nrbufs;
966 sgl.sg = buf->sg;
967 sg_init_table(sgl.sg, sgl.size);
968 ret = __splice_from_pipe(pipe, &sd, pipe_to_sg);
969 pipe_unlock(pipe);
970 if (likely(ret > 0))
971 ret = __send_to_port(port, buf->sg, sgl.n, sgl.len, buf, true);
973 if (unlikely(ret <= 0))
974 free_buf(buf, true);
975 return ret;
977 error_out:
978 pipe_unlock(pipe);
979 return ret;
982 static unsigned int port_fops_poll(struct file *filp, poll_table *wait)
984 struct port *port;
985 unsigned int ret;
987 port = filp->private_data;
988 poll_wait(filp, &port->waitqueue, wait);
990 if (!port->guest_connected) {
991 /* Port got unplugged */
992 return POLLHUP;
994 ret = 0;
995 if (!will_read_block(port))
996 ret |= POLLIN | POLLRDNORM;
997 if (!will_write_block(port))
998 ret |= POLLOUT;
999 if (!port->host_connected)
1000 ret |= POLLHUP;
1002 return ret;
1005 static void remove_port(struct kref *kref);
1007 static int port_fops_release(struct inode *inode, struct file *filp)
1009 struct port *port;
1011 port = filp->private_data;
1013 /* Notify host of port being closed */
1014 send_control_msg(port, VIRTIO_CONSOLE_PORT_OPEN, 0);
1016 spin_lock_irq(&port->inbuf_lock);
1017 port->guest_connected = false;
1019 discard_port_data(port);
1021 spin_unlock_irq(&port->inbuf_lock);
1023 spin_lock_irq(&port->outvq_lock);
1024 reclaim_consumed_buffers(port);
1025 spin_unlock_irq(&port->outvq_lock);
1027 reclaim_dma_bufs();
1029 * Locks aren't necessary here as a port can't be opened after
1030 * unplug, and if a port isn't unplugged, a kref would already
1031 * exist for the port. Plus, taking ports_lock here would
1032 * create a dependency on other locks taken by functions
1033 * inside remove_port if we're the last holder of the port,
1034 * creating many problems.
1036 kref_put(&port->kref, remove_port);
1038 return 0;
1041 static int port_fops_open(struct inode *inode, struct file *filp)
1043 struct cdev *cdev = inode->i_cdev;
1044 struct port *port;
1045 int ret;
1047 /* We get the port with a kref here */
1048 port = find_port_by_devt(cdev->dev);
1049 if (!port) {
1050 /* Port was unplugged before we could proceed */
1051 return -ENXIO;
1053 filp->private_data = port;
1056 * Don't allow opening of console port devices -- that's done
1057 * via /dev/hvc
1059 if (is_console_port(port)) {
1060 ret = -ENXIO;
1061 goto out;
1064 /* Allow only one process to open a particular port at a time */
1065 spin_lock_irq(&port->inbuf_lock);
1066 if (port->guest_connected) {
1067 spin_unlock_irq(&port->inbuf_lock);
1068 ret = -EBUSY;
1069 goto out;
1072 port->guest_connected = true;
1073 spin_unlock_irq(&port->inbuf_lock);
1075 spin_lock_irq(&port->outvq_lock);
1077 * There might be a chance that we missed reclaiming a few
1078 * buffers in the window of the port getting previously closed
1079 * and opening now.
1081 reclaim_consumed_buffers(port);
1082 spin_unlock_irq(&port->outvq_lock);
1084 nonseekable_open(inode, filp);
1086 /* Notify host of port being opened */
1087 send_control_msg(filp->private_data, VIRTIO_CONSOLE_PORT_OPEN, 1);
1089 return 0;
1090 out:
1091 kref_put(&port->kref, remove_port);
1092 return ret;
1095 static int port_fops_fasync(int fd, struct file *filp, int mode)
1097 struct port *port;
1099 port = filp->private_data;
1100 return fasync_helper(fd, filp, mode, &port->async_queue);
1104 * The file operations that we support: programs in the guest can open
1105 * a console device, read from it, write to it, poll for data and
1106 * close it. The devices are at
1107 * /dev/vport<device number>p<port number>
1109 static const struct file_operations port_fops = {
1110 .owner = THIS_MODULE,
1111 .open = port_fops_open,
1112 .read = port_fops_read,
1113 .write = port_fops_write,
1114 .splice_write = port_fops_splice_write,
1115 .poll = port_fops_poll,
1116 .release = port_fops_release,
1117 .fasync = port_fops_fasync,
1118 .llseek = no_llseek,
1122 * The put_chars() callback is pretty straightforward.
1124 * We turn the characters into a scatter-gather list, add it to the
1125 * output queue and then kick the Host. Then we sit here waiting for
1126 * it to finish: inefficient in theory, but in practice
1127 * implementations will do it immediately (lguest's Launcher does).
1129 static int put_chars(u32 vtermno, const char *buf, int count)
1131 struct port *port;
1132 struct scatterlist sg[1];
1133 void *data;
1134 int ret;
1136 if (unlikely(early_put_chars))
1137 return early_put_chars(vtermno, buf, count);
1139 port = find_port_by_vtermno(vtermno);
1140 if (!port)
1141 return -EPIPE;
1143 data = kmemdup(buf, count, GFP_ATOMIC);
1144 if (!data)
1145 return -ENOMEM;
1147 sg_init_one(sg, data, count);
1148 ret = __send_to_port(port, sg, 1, count, data, false);
1149 kfree(data);
1150 return ret;
1154 * get_chars() is the callback from the hvc_console infrastructure
1155 * when an interrupt is received.
1157 * We call out to fill_readbuf that gets us the required data from the
1158 * buffers that are queued up.
1160 static int get_chars(u32 vtermno, char *buf, int count)
1162 struct port *port;
1164 /* If we've not set up the port yet, we have no input to give. */
1165 if (unlikely(early_put_chars))
1166 return 0;
1168 port = find_port_by_vtermno(vtermno);
1169 if (!port)
1170 return -EPIPE;
1172 /* If we don't have an input queue yet, we can't get input. */
1173 BUG_ON(!port->in_vq);
1175 return fill_readbuf(port, (__force char __user *)buf, count, false);
1178 static void resize_console(struct port *port)
1180 struct virtio_device *vdev;
1182 /* The port could have been hot-unplugged */
1183 if (!port || !is_console_port(port))
1184 return;
1186 vdev = port->portdev->vdev;
1188 /* Don't test F_SIZE at all if we're rproc: not a valid feature! */
1189 if (!is_rproc_serial(vdev) &&
1190 virtio_has_feature(vdev, VIRTIO_CONSOLE_F_SIZE))
1191 hvc_resize(port->cons.hvc, port->cons.ws);
1194 /* We set the configuration at this point, since we now have a tty */
1195 static int notifier_add_vio(struct hvc_struct *hp, int data)
1197 struct port *port;
1199 port = find_port_by_vtermno(hp->vtermno);
1200 if (!port)
1201 return -EINVAL;
1203 hp->irq_requested = 1;
1204 resize_console(port);
1206 return 0;
1209 static void notifier_del_vio(struct hvc_struct *hp, int data)
1211 hp->irq_requested = 0;
1214 /* The operations for console ports. */
1215 static const struct hv_ops hv_ops = {
1216 .get_chars = get_chars,
1217 .put_chars = put_chars,
1218 .notifier_add = notifier_add_vio,
1219 .notifier_del = notifier_del_vio,
1220 .notifier_hangup = notifier_del_vio,
1224 * Console drivers are initialized very early so boot messages can go
1225 * out, so we do things slightly differently from the generic virtio
1226 * initialization of the net and block drivers.
1228 * At this stage, the console is output-only. It's too early to set
1229 * up a virtqueue, so we let the drivers do some boutique early-output
1230 * thing.
1232 int __init virtio_cons_early_init(int (*put_chars)(u32, const char *, int))
1234 early_put_chars = put_chars;
1235 return hvc_instantiate(0, 0, &hv_ops);
1238 static int init_port_console(struct port *port)
1240 int ret;
1243 * The Host's telling us this port is a console port. Hook it
1244 * up with an hvc console.
1246 * To set up and manage our virtual console, we call
1247 * hvc_alloc().
1249 * The first argument of hvc_alloc() is the virtual console
1250 * number. The second argument is the parameter for the
1251 * notification mechanism (like irq number). We currently
1252 * leave this as zero, virtqueues have implicit notifications.
1254 * The third argument is a "struct hv_ops" containing the
1255 * put_chars() get_chars(), notifier_add() and notifier_del()
1256 * pointers. The final argument is the output buffer size: we
1257 * can do any size, so we put PAGE_SIZE here.
1259 port->cons.vtermno = pdrvdata.next_vtermno;
1261 port->cons.hvc = hvc_alloc(port->cons.vtermno, 0, &hv_ops, PAGE_SIZE);
1262 if (IS_ERR(port->cons.hvc)) {
1263 ret = PTR_ERR(port->cons.hvc);
1264 dev_err(port->dev,
1265 "error %d allocating hvc for port\n", ret);
1266 port->cons.hvc = NULL;
1267 return ret;
1269 spin_lock_irq(&pdrvdata_lock);
1270 pdrvdata.next_vtermno++;
1271 list_add_tail(&port->cons.list, &pdrvdata.consoles);
1272 spin_unlock_irq(&pdrvdata_lock);
1273 port->guest_connected = true;
1276 * Start using the new console output if this is the first
1277 * console to come up.
1279 if (early_put_chars)
1280 early_put_chars = NULL;
1282 /* Notify host of port being opened */
1283 send_control_msg(port, VIRTIO_CONSOLE_PORT_OPEN, 1);
1285 return 0;
1288 static ssize_t show_port_name(struct device *dev,
1289 struct device_attribute *attr, char *buffer)
1291 struct port *port;
1293 port = dev_get_drvdata(dev);
1295 return sprintf(buffer, "%s\n", port->name);
1298 static DEVICE_ATTR(name, S_IRUGO, show_port_name, NULL);
1300 static struct attribute *port_sysfs_entries[] = {
1301 &dev_attr_name.attr,
1302 NULL
1305 static struct attribute_group port_attribute_group = {
1306 .name = NULL, /* put in device directory */
1307 .attrs = port_sysfs_entries,
1310 static ssize_t debugfs_read(struct file *filp, char __user *ubuf,
1311 size_t count, loff_t *offp)
1313 struct port *port;
1314 char *buf;
1315 ssize_t ret, out_offset, out_count;
1317 out_count = 1024;
1318 buf = kmalloc(out_count, GFP_KERNEL);
1319 if (!buf)
1320 return -ENOMEM;
1322 port = filp->private_data;
1323 out_offset = 0;
1324 out_offset += snprintf(buf + out_offset, out_count,
1325 "name: %s\n", port->name ? port->name : "");
1326 out_offset += snprintf(buf + out_offset, out_count - out_offset,
1327 "guest_connected: %d\n", port->guest_connected);
1328 out_offset += snprintf(buf + out_offset, out_count - out_offset,
1329 "host_connected: %d\n", port->host_connected);
1330 out_offset += snprintf(buf + out_offset, out_count - out_offset,
1331 "outvq_full: %d\n", port->outvq_full);
1332 out_offset += snprintf(buf + out_offset, out_count - out_offset,
1333 "bytes_sent: %lu\n", port->stats.bytes_sent);
1334 out_offset += snprintf(buf + out_offset, out_count - out_offset,
1335 "bytes_received: %lu\n",
1336 port->stats.bytes_received);
1337 out_offset += snprintf(buf + out_offset, out_count - out_offset,
1338 "bytes_discarded: %lu\n",
1339 port->stats.bytes_discarded);
1340 out_offset += snprintf(buf + out_offset, out_count - out_offset,
1341 "is_console: %s\n",
1342 is_console_port(port) ? "yes" : "no");
1343 out_offset += snprintf(buf + out_offset, out_count - out_offset,
1344 "console_vtermno: %u\n", port->cons.vtermno);
1346 ret = simple_read_from_buffer(ubuf, count, offp, buf, out_offset);
1347 kfree(buf);
1348 return ret;
1351 static const struct file_operations port_debugfs_ops = {
1352 .owner = THIS_MODULE,
1353 .open = simple_open,
1354 .read = debugfs_read,
1357 static void set_console_size(struct port *port, u16 rows, u16 cols)
1359 if (!port || !is_console_port(port))
1360 return;
1362 port->cons.ws.ws_row = rows;
1363 port->cons.ws.ws_col = cols;
1366 static int fill_queue(struct virtqueue *vq, spinlock_t *lock)
1368 struct port_buffer *buf;
1369 int nr_added_bufs;
1370 int ret;
1372 nr_added_bufs = 0;
1373 do {
1374 buf = alloc_buf(vq->vdev, PAGE_SIZE, 0);
1375 if (!buf)
1376 return -ENOMEM;
1378 spin_lock_irq(lock);
1379 ret = add_inbuf(vq, buf);
1380 if (ret < 0) {
1381 spin_unlock_irq(lock);
1382 free_buf(buf, true);
1383 return ret;
1385 nr_added_bufs++;
1386 spin_unlock_irq(lock);
1387 } while (ret > 0);
1389 return nr_added_bufs;
1392 static void send_sigio_to_port(struct port *port)
1394 if (port->async_queue && port->guest_connected)
1395 kill_fasync(&port->async_queue, SIGIO, POLL_OUT);
1398 static int add_port(struct ports_device *portdev, u32 id)
1400 char debugfs_name[16];
1401 struct port *port;
1402 dev_t devt;
1403 int err;
1405 port = kmalloc(sizeof(*port), GFP_KERNEL);
1406 if (!port) {
1407 err = -ENOMEM;
1408 goto fail;
1410 kref_init(&port->kref);
1412 port->portdev = portdev;
1413 port->id = id;
1415 port->name = NULL;
1416 port->inbuf = NULL;
1417 port->cons.hvc = NULL;
1418 port->async_queue = NULL;
1420 port->cons.ws.ws_row = port->cons.ws.ws_col = 0;
1421 port->cons.vtermno = 0;
1423 port->host_connected = port->guest_connected = false;
1424 port->stats = (struct port_stats) { 0 };
1426 port->outvq_full = false;
1428 port->in_vq = portdev->in_vqs[port->id];
1429 port->out_vq = portdev->out_vqs[port->id];
1431 port->cdev = cdev_alloc();
1432 if (!port->cdev) {
1433 dev_err(&port->portdev->vdev->dev, "Error allocating cdev\n");
1434 err = -ENOMEM;
1435 goto free_port;
1437 port->cdev->ops = &port_fops;
1439 devt = MKDEV(portdev->chr_major, id);
1440 err = cdev_add(port->cdev, devt, 1);
1441 if (err < 0) {
1442 dev_err(&port->portdev->vdev->dev,
1443 "Error %d adding cdev for port %u\n", err, id);
1444 goto free_cdev;
1446 port->dev = device_create(pdrvdata.class, &port->portdev->vdev->dev,
1447 devt, port, "vport%up%u",
1448 port->portdev->vdev->index, id);
1449 if (IS_ERR(port->dev)) {
1450 err = PTR_ERR(port->dev);
1451 dev_err(&port->portdev->vdev->dev,
1452 "Error %d creating device for port %u\n",
1453 err, id);
1454 goto free_cdev;
1457 spin_lock_init(&port->inbuf_lock);
1458 spin_lock_init(&port->outvq_lock);
1459 init_waitqueue_head(&port->waitqueue);
1461 /* We can safely ignore ENOSPC because it means
1462 * the queue already has buffers. Buffers are removed
1463 * only by virtcons_remove(), not by unplug_port()
1465 err = fill_queue(port->in_vq, &port->inbuf_lock);
1466 if (err < 0 && err != -ENOSPC) {
1467 dev_err(port->dev, "Error allocating inbufs\n");
1468 goto free_device;
1471 if (is_rproc_serial(port->portdev->vdev))
1473 * For rproc_serial assume remote processor is connected.
1474 * rproc_serial does not want the console port, only
1475 * the generic port implementation.
1477 port->host_connected = true;
1478 else if (!use_multiport(port->portdev)) {
1480 * If we're not using multiport support,
1481 * this has to be a console port.
1483 err = init_port_console(port);
1484 if (err)
1485 goto free_inbufs;
1488 spin_lock_irq(&portdev->ports_lock);
1489 list_add_tail(&port->list, &port->portdev->ports);
1490 spin_unlock_irq(&portdev->ports_lock);
1493 * Tell the Host we're set so that it can send us various
1494 * configuration parameters for this port (eg, port name,
1495 * caching, whether this is a console port, etc.)
1497 send_control_msg(port, VIRTIO_CONSOLE_PORT_READY, 1);
1499 if (pdrvdata.debugfs_dir) {
1501 * Finally, create the debugfs file that we can use to
1502 * inspect a port's state at any time
1504 snprintf(debugfs_name, sizeof(debugfs_name), "vport%up%u",
1505 port->portdev->vdev->index, id);
1506 port->debugfs_file = debugfs_create_file(debugfs_name, 0444,
1507 pdrvdata.debugfs_dir,
1508 port,
1509 &port_debugfs_ops);
1511 return 0;
1513 free_inbufs:
1514 free_device:
1515 device_destroy(pdrvdata.class, port->dev->devt);
1516 free_cdev:
1517 cdev_del(port->cdev);
1518 free_port:
1519 kfree(port);
1520 fail:
1521 /* The host might want to notify management sw about port add failure */
1522 __send_control_msg(portdev, id, VIRTIO_CONSOLE_PORT_READY, 0);
1523 return err;
1526 /* No users remain, remove all port-specific data. */
1527 static void remove_port(struct kref *kref)
1529 struct port *port;
1531 port = container_of(kref, struct port, kref);
1533 kfree(port);
1536 static void remove_port_data(struct port *port)
1538 spin_lock_irq(&port->inbuf_lock);
1539 /* Remove unused data this port might have received. */
1540 discard_port_data(port);
1541 spin_unlock_irq(&port->inbuf_lock);
1543 spin_lock_irq(&port->outvq_lock);
1544 reclaim_consumed_buffers(port);
1545 spin_unlock_irq(&port->outvq_lock);
1549 * Port got unplugged. Remove port from portdev's list and drop the
1550 * kref reference. If no userspace has this port opened, it will
1551 * result in immediate removal the port.
1553 static void unplug_port(struct port *port)
1555 spin_lock_irq(&port->portdev->ports_lock);
1556 list_del(&port->list);
1557 spin_unlock_irq(&port->portdev->ports_lock);
1559 spin_lock_irq(&port->inbuf_lock);
1560 if (port->guest_connected) {
1561 /* Let the app know the port is going down. */
1562 send_sigio_to_port(port);
1564 /* Do this after sigio is actually sent */
1565 port->guest_connected = false;
1566 port->host_connected = false;
1568 wake_up_interruptible(&port->waitqueue);
1570 spin_unlock_irq(&port->inbuf_lock);
1572 if (is_console_port(port)) {
1573 spin_lock_irq(&pdrvdata_lock);
1574 list_del(&port->cons.list);
1575 spin_unlock_irq(&pdrvdata_lock);
1576 hvc_remove(port->cons.hvc);
1579 remove_port_data(port);
1582 * We should just assume the device itself has gone off --
1583 * else a close on an open port later will try to send out a
1584 * control message.
1586 port->portdev = NULL;
1588 sysfs_remove_group(&port->dev->kobj, &port_attribute_group);
1589 device_destroy(pdrvdata.class, port->dev->devt);
1590 cdev_del(port->cdev);
1592 debugfs_remove(port->debugfs_file);
1593 kfree(port->name);
1596 * Locks around here are not necessary - a port can't be
1597 * opened after we removed the port struct from ports_list
1598 * above.
1600 kref_put(&port->kref, remove_port);
1603 /* Any private messages that the Host and Guest want to share */
1604 static void handle_control_message(struct virtio_device *vdev,
1605 struct ports_device *portdev,
1606 struct port_buffer *buf)
1608 struct virtio_console_control *cpkt;
1609 struct port *port;
1610 size_t name_size;
1611 int err;
1613 cpkt = (struct virtio_console_control *)(buf->buf + buf->offset);
1615 port = find_port_by_id(portdev, virtio32_to_cpu(vdev, cpkt->id));
1616 if (!port &&
1617 cpkt->event != cpu_to_virtio16(vdev, VIRTIO_CONSOLE_PORT_ADD)) {
1618 /* No valid header at start of buffer. Drop it. */
1619 dev_dbg(&portdev->vdev->dev,
1620 "Invalid index %u in control packet\n", cpkt->id);
1621 return;
1624 switch (virtio16_to_cpu(vdev, cpkt->event)) {
1625 case VIRTIO_CONSOLE_PORT_ADD:
1626 if (port) {
1627 dev_dbg(&portdev->vdev->dev,
1628 "Port %u already added\n", port->id);
1629 send_control_msg(port, VIRTIO_CONSOLE_PORT_READY, 1);
1630 break;
1632 if (virtio32_to_cpu(vdev, cpkt->id) >=
1633 portdev->config.max_nr_ports) {
1634 dev_warn(&portdev->vdev->dev,
1635 "Request for adding port with "
1636 "out-of-bound id %u, max. supported id: %u\n",
1637 cpkt->id, portdev->config.max_nr_ports - 1);
1638 break;
1640 add_port(portdev, virtio32_to_cpu(vdev, cpkt->id));
1641 break;
1642 case VIRTIO_CONSOLE_PORT_REMOVE:
1643 unplug_port(port);
1644 break;
1645 case VIRTIO_CONSOLE_CONSOLE_PORT:
1646 if (!cpkt->value)
1647 break;
1648 if (is_console_port(port))
1649 break;
1651 init_port_console(port);
1652 complete(&early_console_added);
1654 * Could remove the port here in case init fails - but
1655 * have to notify the host first.
1657 break;
1658 case VIRTIO_CONSOLE_RESIZE: {
1659 struct {
1660 __u16 rows;
1661 __u16 cols;
1662 } size;
1664 if (!is_console_port(port))
1665 break;
1667 memcpy(&size, buf->buf + buf->offset + sizeof(*cpkt),
1668 sizeof(size));
1669 set_console_size(port, size.rows, size.cols);
1671 port->cons.hvc->irq_requested = 1;
1672 resize_console(port);
1673 break;
1675 case VIRTIO_CONSOLE_PORT_OPEN:
1676 port->host_connected = virtio16_to_cpu(vdev, cpkt->value);
1677 wake_up_interruptible(&port->waitqueue);
1679 * If the host port got closed and the host had any
1680 * unconsumed buffers, we'll be able to reclaim them
1681 * now.
1683 spin_lock_irq(&port->outvq_lock);
1684 reclaim_consumed_buffers(port);
1685 spin_unlock_irq(&port->outvq_lock);
1688 * If the guest is connected, it'll be interested in
1689 * knowing the host connection state changed.
1691 spin_lock_irq(&port->inbuf_lock);
1692 send_sigio_to_port(port);
1693 spin_unlock_irq(&port->inbuf_lock);
1694 break;
1695 case VIRTIO_CONSOLE_PORT_NAME:
1697 * If we woke up after hibernation, we can get this
1698 * again. Skip it in that case.
1700 if (port->name)
1701 break;
1704 * Skip the size of the header and the cpkt to get the size
1705 * of the name that was sent
1707 name_size = buf->len - buf->offset - sizeof(*cpkt) + 1;
1709 port->name = kmalloc(name_size, GFP_KERNEL);
1710 if (!port->name) {
1711 dev_err(port->dev,
1712 "Not enough space to store port name\n");
1713 break;
1715 strncpy(port->name, buf->buf + buf->offset + sizeof(*cpkt),
1716 name_size - 1);
1717 port->name[name_size - 1] = 0;
1720 * Since we only have one sysfs attribute, 'name',
1721 * create it only if we have a name for the port.
1723 err = sysfs_create_group(&port->dev->kobj,
1724 &port_attribute_group);
1725 if (err) {
1726 dev_err(port->dev,
1727 "Error %d creating sysfs device attributes\n",
1728 err);
1729 } else {
1731 * Generate a udev event so that appropriate
1732 * symlinks can be created based on udev
1733 * rules.
1735 kobject_uevent(&port->dev->kobj, KOBJ_CHANGE);
1737 break;
1741 static void control_work_handler(struct work_struct *work)
1743 struct ports_device *portdev;
1744 struct virtqueue *vq;
1745 struct port_buffer *buf;
1746 unsigned int len;
1748 portdev = container_of(work, struct ports_device, control_work);
1749 vq = portdev->c_ivq;
1751 spin_lock(&portdev->c_ivq_lock);
1752 while ((buf = virtqueue_get_buf(vq, &len))) {
1753 spin_unlock(&portdev->c_ivq_lock);
1755 buf->len = len;
1756 buf->offset = 0;
1758 handle_control_message(vq->vdev, portdev, buf);
1760 spin_lock(&portdev->c_ivq_lock);
1761 if (add_inbuf(portdev->c_ivq, buf) < 0) {
1762 dev_warn(&portdev->vdev->dev,
1763 "Error adding buffer to queue\n");
1764 free_buf(buf, false);
1767 spin_unlock(&portdev->c_ivq_lock);
1770 static void flush_bufs(struct virtqueue *vq, bool can_sleep)
1772 struct port_buffer *buf;
1773 unsigned int len;
1775 while ((buf = virtqueue_get_buf(vq, &len)))
1776 free_buf(buf, can_sleep);
1779 static void out_intr(struct virtqueue *vq)
1781 struct port *port;
1783 port = find_port_by_vq(vq->vdev->priv, vq);
1784 if (!port) {
1785 flush_bufs(vq, false);
1786 return;
1789 wake_up_interruptible(&port->waitqueue);
1792 static void in_intr(struct virtqueue *vq)
1794 struct port *port;
1795 unsigned long flags;
1797 port = find_port_by_vq(vq->vdev->priv, vq);
1798 if (!port) {
1799 flush_bufs(vq, false);
1800 return;
1803 spin_lock_irqsave(&port->inbuf_lock, flags);
1804 port->inbuf = get_inbuf(port);
1807 * Normally the port should not accept data when the port is
1808 * closed. For generic serial ports, the host won't (shouldn't)
1809 * send data till the guest is connected. But this condition
1810 * can be reached when a console port is not yet connected (no
1811 * tty is spawned) and the other side sends out data over the
1812 * vring, or when a remote devices start sending data before
1813 * the ports are opened.
1815 * A generic serial port will discard data if not connected,
1816 * while console ports and rproc-serial ports accepts data at
1817 * any time. rproc-serial is initiated with guest_connected to
1818 * false because port_fops_open expects this. Console ports are
1819 * hooked up with an HVC console and is initialized with
1820 * guest_connected to true.
1823 if (!port->guest_connected && !is_rproc_serial(port->portdev->vdev))
1824 discard_port_data(port);
1826 /* Send a SIGIO indicating new data in case the process asked for it */
1827 send_sigio_to_port(port);
1829 spin_unlock_irqrestore(&port->inbuf_lock, flags);
1831 wake_up_interruptible(&port->waitqueue);
1833 if (is_console_port(port) && hvc_poll(port->cons.hvc))
1834 hvc_kick();
1837 static void control_intr(struct virtqueue *vq)
1839 struct ports_device *portdev;
1841 portdev = vq->vdev->priv;
1842 schedule_work(&portdev->control_work);
1845 static void config_intr(struct virtio_device *vdev)
1847 struct ports_device *portdev;
1849 portdev = vdev->priv;
1851 if (!use_multiport(portdev))
1852 schedule_work(&portdev->config_work);
1855 static void config_work_handler(struct work_struct *work)
1857 struct ports_device *portdev;
1859 portdev = container_of(work, struct ports_device, config_work);
1860 if (!use_multiport(portdev)) {
1861 struct virtio_device *vdev;
1862 struct port *port;
1863 u16 rows, cols;
1865 vdev = portdev->vdev;
1866 virtio_cread(vdev, struct virtio_console_config, cols, &cols);
1867 virtio_cread(vdev, struct virtio_console_config, rows, &rows);
1869 port = find_port_by_id(portdev, 0);
1870 set_console_size(port, rows, cols);
1873 * We'll use this way of resizing only for legacy
1874 * support. For newer userspace
1875 * (VIRTIO_CONSOLE_F_MULTPORT+), use control messages
1876 * to indicate console size changes so that it can be
1877 * done per-port.
1879 resize_console(port);
1883 static int init_vqs(struct ports_device *portdev)
1885 vq_callback_t **io_callbacks;
1886 char **io_names;
1887 struct virtqueue **vqs;
1888 u32 i, j, nr_ports, nr_queues;
1889 int err;
1891 nr_ports = portdev->config.max_nr_ports;
1892 nr_queues = use_multiport(portdev) ? (nr_ports + 1) * 2 : 2;
1894 vqs = kmalloc(nr_queues * sizeof(struct virtqueue *), GFP_KERNEL);
1895 io_callbacks = kmalloc(nr_queues * sizeof(vq_callback_t *), GFP_KERNEL);
1896 io_names = kmalloc(nr_queues * sizeof(char *), GFP_KERNEL);
1897 portdev->in_vqs = kmalloc(nr_ports * sizeof(struct virtqueue *),
1898 GFP_KERNEL);
1899 portdev->out_vqs = kmalloc(nr_ports * sizeof(struct virtqueue *),
1900 GFP_KERNEL);
1901 if (!vqs || !io_callbacks || !io_names || !portdev->in_vqs ||
1902 !portdev->out_vqs) {
1903 err = -ENOMEM;
1904 goto free;
1908 * For backward compat (newer host but older guest), the host
1909 * spawns a console port first and also inits the vqs for port
1910 * 0 before others.
1912 j = 0;
1913 io_callbacks[j] = in_intr;
1914 io_callbacks[j + 1] = out_intr;
1915 io_names[j] = "input";
1916 io_names[j + 1] = "output";
1917 j += 2;
1919 if (use_multiport(portdev)) {
1920 io_callbacks[j] = control_intr;
1921 io_callbacks[j + 1] = NULL;
1922 io_names[j] = "control-i";
1923 io_names[j + 1] = "control-o";
1925 for (i = 1; i < nr_ports; i++) {
1926 j += 2;
1927 io_callbacks[j] = in_intr;
1928 io_callbacks[j + 1] = out_intr;
1929 io_names[j] = "input";
1930 io_names[j + 1] = "output";
1933 /* Find the queues. */
1934 err = portdev->vdev->config->find_vqs(portdev->vdev, nr_queues, vqs,
1935 io_callbacks,
1936 (const char **)io_names);
1937 if (err)
1938 goto free;
1940 j = 0;
1941 portdev->in_vqs[0] = vqs[0];
1942 portdev->out_vqs[0] = vqs[1];
1943 j += 2;
1944 if (use_multiport(portdev)) {
1945 portdev->c_ivq = vqs[j];
1946 portdev->c_ovq = vqs[j + 1];
1948 for (i = 1; i < nr_ports; i++) {
1949 j += 2;
1950 portdev->in_vqs[i] = vqs[j];
1951 portdev->out_vqs[i] = vqs[j + 1];
1954 kfree(io_names);
1955 kfree(io_callbacks);
1956 kfree(vqs);
1958 return 0;
1960 free:
1961 kfree(portdev->out_vqs);
1962 kfree(portdev->in_vqs);
1963 kfree(io_names);
1964 kfree(io_callbacks);
1965 kfree(vqs);
1967 return err;
1970 static const struct file_operations portdev_fops = {
1971 .owner = THIS_MODULE,
1974 static void remove_vqs(struct ports_device *portdev)
1976 struct virtqueue *vq;
1978 virtio_device_for_each_vq(portdev->vdev, vq) {
1979 struct port_buffer *buf;
1981 flush_bufs(vq, true);
1982 while ((buf = virtqueue_detach_unused_buf(vq)))
1983 free_buf(buf, true);
1985 portdev->vdev->config->del_vqs(portdev->vdev);
1986 kfree(portdev->in_vqs);
1987 kfree(portdev->out_vqs);
1990 static void virtcons_remove(struct virtio_device *vdev)
1992 struct ports_device *portdev;
1993 struct port *port, *port2;
1995 portdev = vdev->priv;
1997 spin_lock_irq(&pdrvdata_lock);
1998 list_del(&portdev->list);
1999 spin_unlock_irq(&pdrvdata_lock);
2001 /* Disable interrupts for vqs */
2002 vdev->config->reset(vdev);
2003 /* Finish up work that's lined up */
2004 if (use_multiport(portdev))
2005 cancel_work_sync(&portdev->control_work);
2006 else
2007 cancel_work_sync(&portdev->config_work);
2009 list_for_each_entry_safe(port, port2, &portdev->ports, list)
2010 unplug_port(port);
2012 unregister_chrdev(portdev->chr_major, "virtio-portsdev");
2015 * When yanking out a device, we immediately lose the
2016 * (device-side) queues. So there's no point in keeping the
2017 * guest side around till we drop our final reference. This
2018 * also means that any ports which are in an open state will
2019 * have to just stop using the port, as the vqs are going
2020 * away.
2022 remove_vqs(portdev);
2023 kfree(portdev);
2027 * Once we're further in boot, we get probed like any other virtio
2028 * device.
2030 * If the host also supports multiple console ports, we check the
2031 * config space to see how many ports the host has spawned. We
2032 * initialize each port found.
2034 static int virtcons_probe(struct virtio_device *vdev)
2036 struct ports_device *portdev;
2037 int err;
2038 bool multiport;
2039 bool early = early_put_chars != NULL;
2041 /* We only need a config space if features are offered */
2042 if (!vdev->config->get &&
2043 (virtio_has_feature(vdev, VIRTIO_CONSOLE_F_SIZE)
2044 || virtio_has_feature(vdev, VIRTIO_CONSOLE_F_MULTIPORT))) {
2045 dev_err(&vdev->dev, "%s failure: config access disabled\n",
2046 __func__);
2047 return -EINVAL;
2050 /* Ensure to read early_put_chars now */
2051 barrier();
2053 portdev = kmalloc(sizeof(*portdev), GFP_KERNEL);
2054 if (!portdev) {
2055 err = -ENOMEM;
2056 goto fail;
2059 /* Attach this portdev to this virtio_device, and vice-versa. */
2060 portdev->vdev = vdev;
2061 vdev->priv = portdev;
2063 portdev->chr_major = register_chrdev(0, "virtio-portsdev",
2064 &portdev_fops);
2065 if (portdev->chr_major < 0) {
2066 dev_err(&vdev->dev,
2067 "Error %d registering chrdev for device %u\n",
2068 portdev->chr_major, vdev->index);
2069 err = portdev->chr_major;
2070 goto free;
2073 multiport = false;
2074 portdev->config.max_nr_ports = 1;
2076 /* Don't test MULTIPORT at all if we're rproc: not a valid feature! */
2077 if (!is_rproc_serial(vdev) &&
2078 virtio_cread_feature(vdev, VIRTIO_CONSOLE_F_MULTIPORT,
2079 struct virtio_console_config, max_nr_ports,
2080 &portdev->config.max_nr_ports) == 0) {
2081 multiport = true;
2084 err = init_vqs(portdev);
2085 if (err < 0) {
2086 dev_err(&vdev->dev, "Error %d initializing vqs\n", err);
2087 goto free_chrdev;
2090 spin_lock_init(&portdev->ports_lock);
2091 INIT_LIST_HEAD(&portdev->ports);
2092 INIT_LIST_HEAD(&portdev->list);
2094 virtio_device_ready(portdev->vdev);
2096 INIT_WORK(&portdev->config_work, &config_work_handler);
2097 INIT_WORK(&portdev->control_work, &control_work_handler);
2099 if (multiport) {
2100 spin_lock_init(&portdev->c_ivq_lock);
2101 spin_lock_init(&portdev->c_ovq_lock);
2103 err = fill_queue(portdev->c_ivq, &portdev->c_ivq_lock);
2104 if (err < 0) {
2105 dev_err(&vdev->dev,
2106 "Error allocating buffers for control queue\n");
2108 * The host might want to notify mgmt sw about device
2109 * add failure.
2111 __send_control_msg(portdev, VIRTIO_CONSOLE_BAD_ID,
2112 VIRTIO_CONSOLE_DEVICE_READY, 0);
2113 /* Device was functional: we need full cleanup. */
2114 virtcons_remove(vdev);
2115 return err;
2117 } else {
2119 * For backward compatibility: Create a console port
2120 * if we're running on older host.
2122 add_port(portdev, 0);
2125 spin_lock_irq(&pdrvdata_lock);
2126 list_add_tail(&portdev->list, &pdrvdata.portdevs);
2127 spin_unlock_irq(&pdrvdata_lock);
2129 __send_control_msg(portdev, VIRTIO_CONSOLE_BAD_ID,
2130 VIRTIO_CONSOLE_DEVICE_READY, 1);
2133 * If there was an early virtio console, assume that there are no
2134 * other consoles. We need to wait until the hvc_alloc matches the
2135 * hvc_instantiate, otherwise tty_open will complain, resulting in
2136 * a "Warning: unable to open an initial console" boot failure.
2137 * Without multiport this is done in add_port above. With multiport
2138 * this might take some host<->guest communication - thus we have to
2139 * wait.
2141 if (multiport && early)
2142 wait_for_completion(&early_console_added);
2144 return 0;
2146 free_chrdev:
2147 unregister_chrdev(portdev->chr_major, "virtio-portsdev");
2148 free:
2149 kfree(portdev);
2150 fail:
2151 return err;
2154 static struct virtio_device_id id_table[] = {
2155 { VIRTIO_ID_CONSOLE, VIRTIO_DEV_ANY_ID },
2156 { 0 },
2158 MODULE_DEVICE_TABLE(virtio, id_table);
2160 static unsigned int features[] = {
2161 VIRTIO_CONSOLE_F_SIZE,
2162 VIRTIO_CONSOLE_F_MULTIPORT,
2165 static struct virtio_device_id rproc_serial_id_table[] = {
2166 #if IS_ENABLED(CONFIG_REMOTEPROC)
2167 { VIRTIO_ID_RPROC_SERIAL, VIRTIO_DEV_ANY_ID },
2168 #endif
2169 { 0 },
2171 MODULE_DEVICE_TABLE(virtio, rproc_serial_id_table);
2173 static unsigned int rproc_serial_features[] = {
2176 #ifdef CONFIG_PM_SLEEP
2177 static int virtcons_freeze(struct virtio_device *vdev)
2179 struct ports_device *portdev;
2180 struct port *port;
2182 portdev = vdev->priv;
2184 vdev->config->reset(vdev);
2186 if (use_multiport(portdev))
2187 virtqueue_disable_cb(portdev->c_ivq);
2188 cancel_work_sync(&portdev->control_work);
2189 cancel_work_sync(&portdev->config_work);
2191 * Once more: if control_work_handler() was running, it would
2192 * enable the cb as the last step.
2194 if (use_multiport(portdev))
2195 virtqueue_disable_cb(portdev->c_ivq);
2197 list_for_each_entry(port, &portdev->ports, list) {
2198 virtqueue_disable_cb(port->in_vq);
2199 virtqueue_disable_cb(port->out_vq);
2201 * We'll ask the host later if the new invocation has
2202 * the port opened or closed.
2204 port->host_connected = false;
2205 remove_port_data(port);
2207 remove_vqs(portdev);
2209 return 0;
2212 static int virtcons_restore(struct virtio_device *vdev)
2214 struct ports_device *portdev;
2215 struct port *port;
2216 int ret;
2218 portdev = vdev->priv;
2220 ret = init_vqs(portdev);
2221 if (ret)
2222 return ret;
2224 virtio_device_ready(portdev->vdev);
2226 if (use_multiport(portdev))
2227 fill_queue(portdev->c_ivq, &portdev->c_ivq_lock);
2229 list_for_each_entry(port, &portdev->ports, list) {
2230 port->in_vq = portdev->in_vqs[port->id];
2231 port->out_vq = portdev->out_vqs[port->id];
2233 fill_queue(port->in_vq, &port->inbuf_lock);
2235 /* Get port open/close status on the host */
2236 send_control_msg(port, VIRTIO_CONSOLE_PORT_READY, 1);
2239 * If a port was open at the time of suspending, we
2240 * have to let the host know that it's still open.
2242 if (port->guest_connected)
2243 send_control_msg(port, VIRTIO_CONSOLE_PORT_OPEN, 1);
2245 return 0;
2247 #endif
2249 static struct virtio_driver virtio_console = {
2250 .feature_table = features,
2251 .feature_table_size = ARRAY_SIZE(features),
2252 .driver.name = KBUILD_MODNAME,
2253 .driver.owner = THIS_MODULE,
2254 .id_table = id_table,
2255 .probe = virtcons_probe,
2256 .remove = virtcons_remove,
2257 .config_changed = config_intr,
2258 #ifdef CONFIG_PM_SLEEP
2259 .freeze = virtcons_freeze,
2260 .restore = virtcons_restore,
2261 #endif
2264 static struct virtio_driver virtio_rproc_serial = {
2265 .feature_table = rproc_serial_features,
2266 .feature_table_size = ARRAY_SIZE(rproc_serial_features),
2267 .driver.name = "virtio_rproc_serial",
2268 .driver.owner = THIS_MODULE,
2269 .id_table = rproc_serial_id_table,
2270 .probe = virtcons_probe,
2271 .remove = virtcons_remove,
2274 static int __init init(void)
2276 int err;
2278 pdrvdata.class = class_create(THIS_MODULE, "virtio-ports");
2279 if (IS_ERR(pdrvdata.class)) {
2280 err = PTR_ERR(pdrvdata.class);
2281 pr_err("Error %d creating virtio-ports class\n", err);
2282 return err;
2285 pdrvdata.debugfs_dir = debugfs_create_dir("virtio-ports", NULL);
2286 if (!pdrvdata.debugfs_dir)
2287 pr_warning("Error creating debugfs dir for virtio-ports\n");
2288 INIT_LIST_HEAD(&pdrvdata.consoles);
2289 INIT_LIST_HEAD(&pdrvdata.portdevs);
2291 err = register_virtio_driver(&virtio_console);
2292 if (err < 0) {
2293 pr_err("Error %d registering virtio driver\n", err);
2294 goto free;
2296 err = register_virtio_driver(&virtio_rproc_serial);
2297 if (err < 0) {
2298 pr_err("Error %d registering virtio rproc serial driver\n",
2299 err);
2300 goto unregister;
2302 return 0;
2303 unregister:
2304 unregister_virtio_driver(&virtio_console);
2305 free:
2306 debugfs_remove_recursive(pdrvdata.debugfs_dir);
2307 class_destroy(pdrvdata.class);
2308 return err;
2311 static void __exit fini(void)
2313 reclaim_dma_bufs();
2315 unregister_virtio_driver(&virtio_console);
2316 unregister_virtio_driver(&virtio_rproc_serial);
2318 class_destroy(pdrvdata.class);
2319 debugfs_remove_recursive(pdrvdata.debugfs_dir);
2321 module_init(init);
2322 module_exit(fini);
2324 MODULE_DESCRIPTION("Virtio console driver");
2325 MODULE_LICENSE("GPL");