search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
bpf: Prevent memory disambiguation attack
[linux/fpc-iii.git] / drivers / rpmsg / qcom_smd.c
blob92d0c6a7a837248252e112e1157d674aa6506f47
1 /*
2 * Copyright (c) 2015, Sony Mobile Communications AB.
3 * Copyright (c) 2012-2013, The Linux Foundation. All rights reserved.
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 and
7 * only version 2 as published by the Free Software Foundation.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 */
14
15 #include <linux/interrupt.h>
16 #include <linux/io.h>
17 #include <linux/mfd/syscon.h>
18 #include <linux/module.h>
19 #include <linux/of_irq.h>
20 #include <linux/of_platform.h>
21 #include <linux/platform_device.h>
22 #include <linux/regmap.h>
23 #include <linux/sched.h>
24 #include <linux/slab.h>
25 #include <linux/soc/qcom/smem.h>
26 #include <linux/wait.h>
27 #include <linux/rpmsg.h>
28 #include <linux/rpmsg/qcom_smd.h>
29
30 #include "rpmsg_internal.h"
31
32 /*
33 * The Qualcomm Shared Memory communication solution provides point-to-point
34 * channels for clients to send and receive streaming or packet based data.
35 *
36 * Each channel consists of a control item (channel info) and a ring buffer
37 * pair. The channel info carry information related to channel state, flow
38 * control and the offsets within the ring buffer.
39 *
40 * All allocated channels are listed in an allocation table, identifying the
41 * pair of items by name, type and remote processor.
42 *
43 * Upon creating a new channel the remote processor allocates channel info and
44 * ring buffer items from the smem heap and populate the allocation table. An
45 * interrupt is sent to the other end of the channel and a scan for new
46 * channels should be done. A channel never goes away, it will only change
47 * state.
48 *
49 * The remote processor signals it intent for bring up the communication
50 * channel by setting the state of its end of the channel to "opening" and
51 * sends out an interrupt. We detect this change and register a smd device to
52 * consume the channel. Upon finding a consumer we finish the handshake and the
53 * channel is up.
54 *
55 * Upon closing a channel, the remote processor will update the state of its
56 * end of the channel and signal us, we will then unregister any attached
57 * device and close our end of the channel.
58 *
59 * Devices attached to a channel can use the qcom_smd_send function to push
60 * data to the channel, this is done by copying the data into the tx ring
61 * buffer, updating the pointers in the channel info and signaling the remote
62 * processor.
63 *
64 * The remote processor does the equivalent when it transfer data and upon
65 * receiving the interrupt we check the channel info for new data and delivers
66 * this to the attached device. If the device is not ready to receive the data
67 * we leave it in the ring buffer for now.
68 */
69
70 struct smd_channel_info;
71 struct smd_channel_info_pair;
72 struct smd_channel_info_word;
73 struct smd_channel_info_word_pair;
74
75 static const struct rpmsg_endpoint_ops qcom_smd_endpoint_ops;
76
77 #define SMD_ALLOC_TBL_COUNT 2
78 #define SMD_ALLOC_TBL_SIZE 64
79
80 /*
81 * This lists the various smem heap items relevant for the allocation table and
82 * smd channel entries.
83 */
84 static const struct {
85 unsigned alloc_tbl_id;
86 unsigned info_base_id;
87 unsigned fifo_base_id;
88 } smem_items[SMD_ALLOC_TBL_COUNT] = {
89 {
90 .alloc_tbl_id = 13,
91 .info_base_id = 14,
92 .fifo_base_id = 338
93 },
94 {
95 .alloc_tbl_id = 266,
96 .info_base_id = 138,
97 .fifo_base_id = 202,
98 },
99 };
100
101 /**
102 * struct qcom_smd_edge - representing a remote processor
103 * @of_node: of_node handle for information related to this edge
104 * @edge_id: identifier of this edge
105 * @remote_pid: identifier of remote processor
106 * @irq: interrupt for signals on this edge
107 * @ipc_regmap: regmap handle holding the outgoing ipc register
108 * @ipc_offset: offset within @ipc_regmap of the register for ipc
109 * @ipc_bit: bit in the register at @ipc_offset of @ipc_regmap
110 * @channels: list of all channels detected on this edge
111 * @channels_lock: guard for modifications of @channels
112 * @allocated: array of bitmaps representing already allocated channels
113 * @smem_available: last available amount of smem triggering a channel scan
114 * @scan_work: work item for discovering new channels
115 * @state_work: work item for edge state changes
116 */
117 struct qcom_smd_edge {
118 struct device dev;
119
120 const char *name;
121
122 struct device_node *of_node;
123 unsigned edge_id;
124 unsigned remote_pid;
125
126 int irq;
127
128 struct regmap *ipc_regmap;
129 int ipc_offset;
130 int ipc_bit;
131
132 struct list_head channels;
133 spinlock_t channels_lock;
134
135 DECLARE_BITMAP(allocated[SMD_ALLOC_TBL_COUNT], SMD_ALLOC_TBL_SIZE);
136
137 unsigned smem_available;
138
139 wait_queue_head_t new_channel_event;
140
141 struct work_struct scan_work;
142 struct work_struct state_work;
143 };
144
145 /*
146 * SMD channel states.
147 */
148 enum smd_channel_state {
149 SMD_CHANNEL_CLOSED,
150 SMD_CHANNEL_OPENING,
151 SMD_CHANNEL_OPENED,
152 SMD_CHANNEL_FLUSHING,
153 SMD_CHANNEL_CLOSING,
154 SMD_CHANNEL_RESET,
155 SMD_CHANNEL_RESET_OPENING
156 };
157
158 struct qcom_smd_device {
159 struct rpmsg_device rpdev;
160
161 struct qcom_smd_edge *edge;
162 };
163
164 struct qcom_smd_endpoint {
165 struct rpmsg_endpoint ept;
166
167 struct qcom_smd_channel *qsch;
168 };
169
170 #define to_smd_device(_rpdev) container_of(_rpdev, struct qcom_smd_device, rpdev)
171 #define to_smd_edge(d) container_of(d, struct qcom_smd_edge, dev)
172 #define to_smd_endpoint(ept) container_of(ept, struct qcom_smd_endpoint, ept)
173
174 /**
175 * struct qcom_smd_channel - smd channel struct
176 * @edge: qcom_smd_edge this channel is living on
177 * @qsdev: reference to a associated smd client device
178 * @name: name of the channel
179 * @state: local state of the channel
180 * @remote_state: remote state of the channel
181 * @info: byte aligned outgoing/incoming channel info
182 * @info_word: word aligned outgoing/incoming channel info
183 * @tx_lock: lock to make writes to the channel mutually exclusive
184 * @fblockread_event: wakeup event tied to tx fBLOCKREADINTR
185 * @tx_fifo: pointer to the outgoing ring buffer
186 * @rx_fifo: pointer to the incoming ring buffer
187 * @fifo_size: size of each ring buffer
188 * @bounce_buffer: bounce buffer for reading wrapped packets
189 * @cb: callback function registered for this channel
190 * @recv_lock: guard for rx info modifications and cb pointer
191 * @pkt_size: size of the currently handled packet
192 * @list: lite entry for @channels in qcom_smd_edge
193 */
194 struct qcom_smd_channel {
195 struct qcom_smd_edge *edge;
196
197 struct qcom_smd_endpoint *qsept;
198 bool registered;
199
200 char *name;
201 enum smd_channel_state state;
202 enum smd_channel_state remote_state;
203 wait_queue_head_t state_change_event;
204
205 struct smd_channel_info_pair *info;
206 struct smd_channel_info_word_pair *info_word;
207
208 struct mutex tx_lock;
209 wait_queue_head_t fblockread_event;
210
211 void *tx_fifo;
212 void *rx_fifo;
213 int fifo_size;
214
215 void *bounce_buffer;
216
217 spinlock_t recv_lock;
218
219 int pkt_size;
220
221 void *drvdata;
222
223 struct list_head list;
224 };
225
226 /*
227 * Format of the smd_info smem items, for byte aligned channels.
228 */
229 struct smd_channel_info {
230 __le32 state;
231 u8 fDSR;
232 u8 fCTS;
233 u8 fCD;
234 u8 fRI;
235 u8 fHEAD;
236 u8 fTAIL;
237 u8 fSTATE;
238 u8 fBLOCKREADINTR;
239 __le32 tail;
240 __le32 head;
241 };
242
243 struct smd_channel_info_pair {
244 struct smd_channel_info tx;
245 struct smd_channel_info rx;
246 };
247
248 /*
249 * Format of the smd_info smem items, for word aligned channels.
250 */
251 struct smd_channel_info_word {
252 __le32 state;
253 __le32 fDSR;
254 __le32 fCTS;
255 __le32 fCD;
256 __le32 fRI;
257 __le32 fHEAD;
258 __le32 fTAIL;
259 __le32 fSTATE;
260 __le32 fBLOCKREADINTR;
261 __le32 tail;
262 __le32 head;
263 };
264
265 struct smd_channel_info_word_pair {
266 struct smd_channel_info_word tx;
267 struct smd_channel_info_word rx;
268 };
269
270 #define GET_RX_CHANNEL_FLAG(channel, param) \
271 ({ \
272 BUILD_BUG_ON(sizeof(channel->info->rx.param) != sizeof(u8)); \
273 channel->info_word ? \
274 le32_to_cpu(channel->info_word->rx.param) : \
275 channel->info->rx.param; \
276 })
277
278 #define GET_RX_CHANNEL_INFO(channel, param) \
279 ({ \
280 BUILD_BUG_ON(sizeof(channel->info->rx.param) != sizeof(u32)); \
281 le32_to_cpu(channel->info_word ? \
282 channel->info_word->rx.param : \
283 channel->info->rx.param); \
284 })
285
286 #define SET_RX_CHANNEL_FLAG(channel, param, value) \
287 ({ \
288 BUILD_BUG_ON(sizeof(channel->info->rx.param) != sizeof(u8)); \
289 if (channel->info_word) \
290 channel->info_word->rx.param = cpu_to_le32(value); \
291 else \
292 channel->info->rx.param = value; \
293 })
294
295 #define SET_RX_CHANNEL_INFO(channel, param, value) \
296 ({ \
297 BUILD_BUG_ON(sizeof(channel->info->rx.param) != sizeof(u32)); \
298 if (channel->info_word) \
299 channel->info_word->rx.param = cpu_to_le32(value); \
300 else \
301 channel->info->rx.param = cpu_to_le32(value); \
302 })
303
304 #define GET_TX_CHANNEL_FLAG(channel, param) \
305 ({ \
306 BUILD_BUG_ON(sizeof(channel->info->tx.param) != sizeof(u8)); \
307 channel->info_word ? \
308 le32_to_cpu(channel->info_word->tx.param) : \
309 channel->info->tx.param; \
310 })
311
312 #define GET_TX_CHANNEL_INFO(channel, param) \
313 ({ \
314 BUILD_BUG_ON(sizeof(channel->info->tx.param) != sizeof(u32)); \
315 le32_to_cpu(channel->info_word ? \
316 channel->info_word->tx.param : \
317 channel->info->tx.param); \
318 })
319
320 #define SET_TX_CHANNEL_FLAG(channel, param, value) \
321 ({ \
322 BUILD_BUG_ON(sizeof(channel->info->tx.param) != sizeof(u8)); \
323 if (channel->info_word) \
324 channel->info_word->tx.param = cpu_to_le32(value); \
325 else \
326 channel->info->tx.param = value; \
327 })
328
329 #define SET_TX_CHANNEL_INFO(channel, param, value) \
330 ({ \
331 BUILD_BUG_ON(sizeof(channel->info->tx.param) != sizeof(u32)); \
332 if (channel->info_word) \
333 channel->info_word->tx.param = cpu_to_le32(value); \
334 else \
335 channel->info->tx.param = cpu_to_le32(value); \
336 })
337
338 /**
339 * struct qcom_smd_alloc_entry - channel allocation entry
340 * @name: channel name
341 * @cid: channel index
342 * @flags: channel flags and edge id
343 * @ref_count: reference count of the channel
344 */
345 struct qcom_smd_alloc_entry {
346 u8 name[20];
347 __le32 cid;
348 __le32 flags;
349 __le32 ref_count;
350 } __packed;
351
352 #define SMD_CHANNEL_FLAGS_EDGE_MASK 0xff
353 #define SMD_CHANNEL_FLAGS_STREAM BIT(8)
354 #define SMD_CHANNEL_FLAGS_PACKET BIT(9)
355
356 /*
357 * Each smd packet contains a 20 byte header, with the first 4 being the length
358 * of the packet.
359 */
360 #define SMD_PACKET_HEADER_LEN 20
361
362 /*
363 * Signal the remote processor associated with 'channel'.
364 */
365 static void qcom_smd_signal_channel(struct qcom_smd_channel *channel)
366 {
367 struct qcom_smd_edge *edge = channel->edge;
368
369 regmap_write(edge->ipc_regmap, edge->ipc_offset, BIT(edge->ipc_bit));
370 }
371
372 /*
373 * Initialize the tx channel info
374 */
375 static void qcom_smd_channel_reset(struct qcom_smd_channel *channel)
376 {
377 SET_TX_CHANNEL_INFO(channel, state, SMD_CHANNEL_CLOSED);
378 SET_TX_CHANNEL_FLAG(channel, fDSR, 0);
379 SET_TX_CHANNEL_FLAG(channel, fCTS, 0);
380 SET_TX_CHANNEL_FLAG(channel, fCD, 0);
381 SET_TX_CHANNEL_FLAG(channel, fRI, 0);
382 SET_TX_CHANNEL_FLAG(channel, fHEAD, 0);
383 SET_TX_CHANNEL_FLAG(channel, fTAIL, 0);
384 SET_TX_CHANNEL_FLAG(channel, fSTATE, 1);
385 SET_TX_CHANNEL_FLAG(channel, fBLOCKREADINTR, 1);
386 SET_TX_CHANNEL_INFO(channel, head, 0);
387 SET_RX_CHANNEL_INFO(channel, tail, 0);
388
389 qcom_smd_signal_channel(channel);
390
391 channel->state = SMD_CHANNEL_CLOSED;
392 channel->pkt_size = 0;
393 }
394
395 /*
396 * Set the callback for a channel, with appropriate locking
397 */
398 static void qcom_smd_channel_set_callback(struct qcom_smd_channel *channel,
399 rpmsg_rx_cb_t cb)
400 {
401 struct rpmsg_endpoint *ept = &channel->qsept->ept;
402 unsigned long flags;
403
404 spin_lock_irqsave(&channel->recv_lock, flags);
405 ept->cb = cb;
406 spin_unlock_irqrestore(&channel->recv_lock, flags);
407 };
408
409 /*
410 * Calculate the amount of data available in the rx fifo
411 */
412 static size_t qcom_smd_channel_get_rx_avail(struct qcom_smd_channel *channel)
413 {
414 unsigned head;
415 unsigned tail;
416
417 head = GET_RX_CHANNEL_INFO(channel, head);
418 tail = GET_RX_CHANNEL_INFO(channel, tail);
419
420 return (head - tail) & (channel->fifo_size - 1);
421 }
422
423 /*
424 * Set tx channel state and inform the remote processor
425 */
426 static void qcom_smd_channel_set_state(struct qcom_smd_channel *channel,
427 int state)
428 {
429 struct qcom_smd_edge *edge = channel->edge;
430 bool is_open = state == SMD_CHANNEL_OPENED;
431
432 if (channel->state == state)
433 return;
434
435 dev_dbg(&edge->dev, "set_state(%s, %d)\n", channel->name, state);
436
437 SET_TX_CHANNEL_FLAG(channel, fDSR, is_open);
438 SET_TX_CHANNEL_FLAG(channel, fCTS, is_open);
439 SET_TX_CHANNEL_FLAG(channel, fCD, is_open);
440
441 SET_TX_CHANNEL_INFO(channel, state, state);
442 SET_TX_CHANNEL_FLAG(channel, fSTATE, 1);
443
444 channel->state = state;
445 qcom_smd_signal_channel(channel);
446 }
447
448 /*
449 * Copy count bytes of data using 32bit accesses, if that's required.
450 */
451 static void smd_copy_to_fifo(void __iomem *dst,
452 const void *src,
453 size_t count,
454 bool word_aligned)
455 {
456 if (word_aligned) {
457 __iowrite32_copy(dst, src, count / sizeof(u32));
458 } else {
459 memcpy_toio(dst, src, count);
460 }
461 }
462
463 /*
464 * Copy count bytes of data using 32bit accesses, if that is required.
465 */
466 static void smd_copy_from_fifo(void *dst,
467 const void __iomem *src,
468 size_t count,
469 bool word_aligned)
470 {
471 if (word_aligned) {
472 __ioread32_copy(dst, src, count / sizeof(u32));
473 } else {
474 memcpy_fromio(dst, src, count);
475 }
476 }
477
478 /*
479 * Read count bytes of data from the rx fifo into buf, but don't advance the
480 * tail.
481 */
482 static size_t qcom_smd_channel_peek(struct qcom_smd_channel *channel,
483 void *buf, size_t count)
484 {
485 bool word_aligned;
486 unsigned tail;
487 size_t len;
488
489 word_aligned = channel->info_word;
490 tail = GET_RX_CHANNEL_INFO(channel, tail);
491
492 len = min_t(size_t, count, channel->fifo_size - tail);
493 if (len) {
494 smd_copy_from_fifo(buf,
495 channel->rx_fifo + tail,
496 len,
497 word_aligned);
498 }
499
500 if (len != count) {
501 smd_copy_from_fifo(buf + len,
502 channel->rx_fifo,
503 count - len,
504 word_aligned);
505 }
506
507 return count;
508 }
509
510 /*
511 * Advance the rx tail by count bytes.
512 */
513 static void qcom_smd_channel_advance(struct qcom_smd_channel *channel,
514 size_t count)
515 {
516 unsigned tail;
517
518 tail = GET_RX_CHANNEL_INFO(channel, tail);
519 tail += count;
520 tail &= (channel->fifo_size - 1);
521 SET_RX_CHANNEL_INFO(channel, tail, tail);
522 }
523
524 /*
525 * Read out a single packet from the rx fifo and deliver it to the device
526 */
527 static int qcom_smd_channel_recv_single(struct qcom_smd_channel *channel)
528 {
529 struct rpmsg_endpoint *ept = &channel->qsept->ept;
530 unsigned tail;
531 size_t len;
532 void *ptr;
533 int ret;
534
535 tail = GET_RX_CHANNEL_INFO(channel, tail);
536
537 /* Use bounce buffer if the data wraps */
538 if (tail + channel->pkt_size >= channel->fifo_size) {
539 ptr = channel->bounce_buffer;
540 len = qcom_smd_channel_peek(channel, ptr, channel->pkt_size);
541 } else {
542 ptr = channel->rx_fifo + tail;
543 len = channel->pkt_size;
544 }
545
546 ret = ept->cb(ept->rpdev, ptr, len, ept->priv, RPMSG_ADDR_ANY);
547 if (ret < 0)
548 return ret;
549
550 /* Only forward the tail if the client consumed the data */
551 qcom_smd_channel_advance(channel, len);
552
553 channel->pkt_size = 0;
554
555 return 0;
556 }
557
558 /*
559 * Per channel interrupt handling
560 */
561 static bool qcom_smd_channel_intr(struct qcom_smd_channel *channel)
562 {
563 bool need_state_scan = false;
564 int remote_state;
565 __le32 pktlen;
566 int avail;
567 int ret;
568
569 /* Handle state changes */
570 remote_state = GET_RX_CHANNEL_INFO(channel, state);
571 if (remote_state != channel->remote_state) {
572 channel->remote_state = remote_state;
573 need_state_scan = true;
574
575 wake_up_interruptible_all(&channel->state_change_event);
576 }
577 /* Indicate that we have seen any state change */
578 SET_RX_CHANNEL_FLAG(channel, fSTATE, 0);
579
580 /* Signal waiting qcom_smd_send() about the interrupt */
581 if (!GET_TX_CHANNEL_FLAG(channel, fBLOCKREADINTR))
582 wake_up_interruptible_all(&channel->fblockread_event);
583
584 /* Don't consume any data until we've opened the channel */
585 if (channel->state != SMD_CHANNEL_OPENED)
586 goto out;
587
588 /* Indicate that we've seen the new data */
589 SET_RX_CHANNEL_FLAG(channel, fHEAD, 0);
590
591 /* Consume data */
592 for (;;) {
593 avail = qcom_smd_channel_get_rx_avail(channel);
594
595 if (!channel->pkt_size && avail >= SMD_PACKET_HEADER_LEN) {
596 qcom_smd_channel_peek(channel, &pktlen, sizeof(pktlen));
597 qcom_smd_channel_advance(channel, SMD_PACKET_HEADER_LEN);
598 channel->pkt_size = le32_to_cpu(pktlen);
599 } else if (channel->pkt_size && avail >= channel->pkt_size) {
600 ret = qcom_smd_channel_recv_single(channel);
601 if (ret)
602 break;
603 } else {
604 break;
605 }
606 }
607
608 /* Indicate that we have seen and updated tail */
609 SET_RX_CHANNEL_FLAG(channel, fTAIL, 1);
610
611 /* Signal the remote that we've consumed the data (if requested) */
612 if (!GET_RX_CHANNEL_FLAG(channel, fBLOCKREADINTR)) {
613 /* Ensure ordering of channel info updates */
614 wmb();
615
616 qcom_smd_signal_channel(channel);
617 }
618
619 out:
620 return need_state_scan;
621 }
622
623 /*
624 * The edge interrupts are triggered by the remote processor on state changes,
625 * channel info updates or when new channels are created.
626 */
627 static irqreturn_t qcom_smd_edge_intr(int irq, void *data)
628 {
629 struct qcom_smd_edge *edge = data;
630 struct qcom_smd_channel *channel;
631 unsigned available;
632 bool kick_scanner = false;
633 bool kick_state = false;
634
635 /*
636 * Handle state changes or data on each of the channels on this edge
637 */
638 spin_lock(&edge->channels_lock);
639 list_for_each_entry(channel, &edge->channels, list) {
640 spin_lock(&channel->recv_lock);
641 kick_state |= qcom_smd_channel_intr(channel);
642 spin_unlock(&channel->recv_lock);
643 }
644 spin_unlock(&edge->channels_lock);
645
646 /*
647 * Creating a new channel requires allocating an smem entry, so we only
648 * have to scan if the amount of available space in smem have changed
649 * since last scan.
650 */
651 available = qcom_smem_get_free_space(edge->remote_pid);
652 if (available != edge->smem_available) {
653 edge->smem_available = available;
654 kick_scanner = true;
655 }
656
657 if (kick_scanner)
658 schedule_work(&edge->scan_work);
659 if (kick_state)
660 schedule_work(&edge->state_work);
661
662 return IRQ_HANDLED;
663 }
664
665 /*
666 * Calculate how much space is available in the tx fifo.
667 */
668 static size_t qcom_smd_get_tx_avail(struct qcom_smd_channel *channel)
669 {
670 unsigned head;
671 unsigned tail;
672 unsigned mask = channel->fifo_size - 1;
673
674 head = GET_TX_CHANNEL_INFO(channel, head);
675 tail = GET_TX_CHANNEL_INFO(channel, tail);
676
677 return mask - ((head - tail) & mask);
678 }
679
680 /*
681 * Write count bytes of data into channel, possibly wrapping in the ring buffer
682 */
683 static int qcom_smd_write_fifo(struct qcom_smd_channel *channel,
684 const void *data,
685 size_t count)
686 {
687 bool word_aligned;
688 unsigned head;
689 size_t len;
690
691 word_aligned = channel->info_word;
692 head = GET_TX_CHANNEL_INFO(channel, head);
693
694 len = min_t(size_t, count, channel->fifo_size - head);
695 if (len) {
696 smd_copy_to_fifo(channel->tx_fifo + head,
697 data,
698 len,
699 word_aligned);
700 }
701
702 if (len != count) {
703 smd_copy_to_fifo(channel->tx_fifo,
704 data + len,
705 count - len,
706 word_aligned);
707 }
708
709 head += count;
710 head &= (channel->fifo_size - 1);
711 SET_TX_CHANNEL_INFO(channel, head, head);
712
713 return count;
714 }
715
716 /**
717 * qcom_smd_send - write data to smd channel
718 * @channel: channel handle
719 * @data: buffer of data to write
720 * @len: number of bytes to write
721 *
722 * This is a blocking write of len bytes into the channel's tx ring buffer and
723 * signal the remote end. It will sleep until there is enough space available
724 * in the tx buffer, utilizing the fBLOCKREADINTR signaling mechanism to avoid
725 * polling.
726 */
727 static int __qcom_smd_send(struct qcom_smd_channel *channel, const void *data,
728 int len, bool wait)
729 {
730 __le32 hdr[5] = { cpu_to_le32(len), };
731 int tlen = sizeof(hdr) + len;
732 int ret;
733
734 /* Word aligned channels only accept word size aligned data */
735 if (channel->info_word && len % 4)
736 return -EINVAL;
737
738 /* Reject packets that are too big */
739 if (tlen >= channel->fifo_size)
740 return -EINVAL;
741
742 ret = mutex_lock_interruptible(&channel->tx_lock);
743 if (ret)
744 return ret;
745
746 while (qcom_smd_get_tx_avail(channel) < tlen &&
747 channel->state == SMD_CHANNEL_OPENED) {
748 if (!wait) {
749 ret = -EAGAIN;
750 goto out_unlock;
751 }
752
753 SET_TX_CHANNEL_FLAG(channel, fBLOCKREADINTR, 0);
754
755 /* Wait without holding the tx_lock */
756 mutex_unlock(&channel->tx_lock);
757
758 ret = wait_event_interruptible(channel->fblockread_event,
759 qcom_smd_get_tx_avail(channel) >= tlen ||
760 channel->state != SMD_CHANNEL_OPENED);
761 if (ret)
762 return ret;
763
764 ret = mutex_lock_interruptible(&channel->tx_lock);
765 if (ret)
766 return ret;
767
768 SET_TX_CHANNEL_FLAG(channel, fBLOCKREADINTR, 1);
769 }
770
771 /* Fail if the channel was closed */
772 if (channel->state != SMD_CHANNEL_OPENED) {
773 ret = -EPIPE;
774 goto out_unlock;
775 }
776
777 SET_TX_CHANNEL_FLAG(channel, fTAIL, 0);
778
779 qcom_smd_write_fifo(channel, hdr, sizeof(hdr));
780 qcom_smd_write_fifo(channel, data, len);
781
782 SET_TX_CHANNEL_FLAG(channel, fHEAD, 1);
783
784 /* Ensure ordering of channel info updates */
785 wmb();
786
787 qcom_smd_signal_channel(channel);
788
789 out_unlock:
790 mutex_unlock(&channel->tx_lock);
791
792 return ret;
793 }
794
795 /*
796 * Helper for opening a channel
797 */
798 static int qcom_smd_channel_open(struct qcom_smd_channel *channel,
799 rpmsg_rx_cb_t cb)
800 {
801 struct qcom_smd_edge *edge = channel->edge;
802 size_t bb_size;
803 int ret;
804
805 /*
806 * Packets are maximum 4k, but reduce if the fifo is smaller
807 */
808 bb_size = min(channel->fifo_size, SZ_4K);
809 channel->bounce_buffer = kmalloc(bb_size, GFP_KERNEL);
810 if (!channel->bounce_buffer)
811 return -ENOMEM;
812
813 qcom_smd_channel_set_callback(channel, cb);
814 qcom_smd_channel_set_state(channel, SMD_CHANNEL_OPENING);
815
816 /* Wait for remote to enter opening or opened */
817 ret = wait_event_interruptible_timeout(channel->state_change_event,
818 channel->remote_state == SMD_CHANNEL_OPENING ||
819 channel->remote_state == SMD_CHANNEL_OPENED,
820 HZ);
821 if (!ret) {
822 dev_err(&edge->dev, "remote side did not enter opening state\n");
823 goto out_close_timeout;
824 }
825
826 qcom_smd_channel_set_state(channel, SMD_CHANNEL_OPENED);
827
828 /* Wait for remote to enter opened */
829 ret = wait_event_interruptible_timeout(channel->state_change_event,
830 channel->remote_state == SMD_CHANNEL_OPENED,
831 HZ);
832 if (!ret) {
833 dev_err(&edge->dev, "remote side did not enter open state\n");
834 goto out_close_timeout;
835 }
836
837 return 0;
838
839 out_close_timeout:
840 qcom_smd_channel_set_state(channel, SMD_CHANNEL_CLOSED);
841 return -ETIMEDOUT;
842 }
843
844 /*
845 * Helper for closing and resetting a channel
846 */
847 static void qcom_smd_channel_close(struct qcom_smd_channel *channel)
848 {
849 qcom_smd_channel_set_callback(channel, NULL);
850
851 kfree(channel->bounce_buffer);
852 channel->bounce_buffer = NULL;
853
854 qcom_smd_channel_set_state(channel, SMD_CHANNEL_CLOSED);
855 qcom_smd_channel_reset(channel);
856 }
857
858 static struct qcom_smd_channel *
859 qcom_smd_find_channel(struct qcom_smd_edge *edge, const char *name)
860 {
861 struct qcom_smd_channel *channel;
862 struct qcom_smd_channel *ret = NULL;
863 unsigned long flags;
864
865 spin_lock_irqsave(&edge->channels_lock, flags);
866 list_for_each_entry(channel, &edge->channels, list) {
867 if (!strcmp(channel->name, name)) {
868 ret = channel;
869 break;
870 }
871 }
872 spin_unlock_irqrestore(&edge->channels_lock, flags);
873
874 return ret;
875 }
876
877 static void __ept_release(struct kref *kref)
878 {
879 struct rpmsg_endpoint *ept = container_of(kref, struct rpmsg_endpoint,
880 refcount);
881 kfree(to_smd_endpoint(ept));
882 }
883
884 static struct rpmsg_endpoint *qcom_smd_create_ept(struct rpmsg_device *rpdev,
885 rpmsg_rx_cb_t cb, void *priv,
886 struct rpmsg_channel_info chinfo)
887 {
888 struct qcom_smd_endpoint *qsept;
889 struct qcom_smd_channel *channel;
890 struct qcom_smd_device *qsdev = to_smd_device(rpdev);
891 struct qcom_smd_edge *edge = qsdev->edge;
892 struct rpmsg_endpoint *ept;
893 const char *name = chinfo.name;
894 int ret;
895
896 /* Wait up to HZ for the channel to appear */
897 ret = wait_event_interruptible_timeout(edge->new_channel_event,
898 (channel = qcom_smd_find_channel(edge, name)) != NULL,
899 HZ);
900 if (!ret)
901 return NULL;
902
903 if (channel->state != SMD_CHANNEL_CLOSED) {
904 dev_err(&rpdev->dev, "channel %s is busy\n", channel->name);
905 return NULL;
906 }
907
908 qsept = kzalloc(sizeof(*qsept), GFP_KERNEL);
909 if (!qsept)
910 return NULL;
911
912 ept = &qsept->ept;
913
914 kref_init(&ept->refcount);
915
916 ept->rpdev = rpdev;
917 ept->cb = cb;
918 ept->priv = priv;
919 ept->ops = &qcom_smd_endpoint_ops;
920
921 channel->qsept = qsept;
922 qsept->qsch = channel;
923
924 ret = qcom_smd_channel_open(channel, cb);
925 if (ret)
926 goto free_ept;
927
928 return ept;
929
930 free_ept:
931 channel->qsept = NULL;
932 kref_put(&ept->refcount, __ept_release);
933 return NULL;
934 }
935
936 static void qcom_smd_destroy_ept(struct rpmsg_endpoint *ept)
937 {
938 struct qcom_smd_endpoint *qsept = to_smd_endpoint(ept);
939 struct qcom_smd_channel *ch = qsept->qsch;
940
941 qcom_smd_channel_close(ch);
942 ch->qsept = NULL;
943 kref_put(&ept->refcount, __ept_release);
944 }
945
946 static int qcom_smd_send(struct rpmsg_endpoint *ept, void *data, int len)
947 {
948 struct qcom_smd_endpoint *qsept = to_smd_endpoint(ept);
949
950 return __qcom_smd_send(qsept->qsch, data, len, true);
951 }
952
953 static int qcom_smd_trysend(struct rpmsg_endpoint *ept, void *data, int len)
954 {
955 struct qcom_smd_endpoint *qsept = to_smd_endpoint(ept);
956
957 return __qcom_smd_send(qsept->qsch, data, len, false);
958 }
959
960 static __poll_t qcom_smd_poll(struct rpmsg_endpoint *ept,
961 struct file *filp, poll_table *wait)
962 {
963 struct qcom_smd_endpoint *qsept = to_smd_endpoint(ept);
964 struct qcom_smd_channel *channel = qsept->qsch;
965 __poll_t mask = 0;
966
967 poll_wait(filp, &channel->fblockread_event, wait);
968
969 if (qcom_smd_get_tx_avail(channel) > 20)
970 mask |= EPOLLOUT | EPOLLWRNORM;
971
972 return mask;
973 }
974
975 /*
976 * Finds the device_node for the smd child interested in this channel.
977 */
978 static struct device_node *qcom_smd_match_channel(struct device_node *edge_node,
979 const char *channel)
980 {
981 struct device_node *child;
982 const char *name;
983 const char *key;
984 int ret;
985
986 for_each_available_child_of_node(edge_node, child) {
987 key = "qcom,smd-channels";
988 ret = of_property_read_string(child, key, &name);
989 if (ret)
990 continue;
991
992 if (strcmp(name, channel) == 0)
993 return child;
994 }
995
996 return NULL;
997 }
998
999 static const struct rpmsg_device_ops qcom_smd_device_ops = {
1000 .create_ept = qcom_smd_create_ept,
1001 };
1002
1003 static const struct rpmsg_endpoint_ops qcom_smd_endpoint_ops = {
1004 .destroy_ept = qcom_smd_destroy_ept,
1005 .send = qcom_smd_send,
1006 .trysend = qcom_smd_trysend,
1007 .poll = qcom_smd_poll,
1008 };
1009
1010 static void qcom_smd_release_device(struct device *dev)
1011 {
1012 struct rpmsg_device *rpdev = to_rpmsg_device(dev);
1013 struct qcom_smd_device *qsdev = to_smd_device(rpdev);
1014
1015 kfree(qsdev);
1016 }
1017
1018 /*
1019 * Create a smd client device for channel that is being opened.
1020 */
1021 static int qcom_smd_create_device(struct qcom_smd_channel *channel)
1022 {
1023 struct qcom_smd_device *qsdev;
1024 struct rpmsg_device *rpdev;
1025 struct qcom_smd_edge *edge = channel->edge;
1026
1027 dev_dbg(&edge->dev, "registering '%s'\n", channel->name);
1028
1029 qsdev = kzalloc(sizeof(*qsdev), GFP_KERNEL);
1030 if (!qsdev)
1031 return -ENOMEM;
1032
1033 /* Link qsdev to our SMD edge */
1034 qsdev->edge = edge;
1035
1036 /* Assign callbacks for rpmsg_device */
1037 qsdev->rpdev.ops = &qcom_smd_device_ops;
1038
1039 /* Assign public information to the rpmsg_device */
1040 rpdev = &qsdev->rpdev;
1041 strncpy(rpdev->id.name, channel->name, RPMSG_NAME_SIZE);
1042 rpdev->src = RPMSG_ADDR_ANY;
1043 rpdev->dst = RPMSG_ADDR_ANY;
1044
1045 rpdev->dev.of_node = qcom_smd_match_channel(edge->of_node, channel->name);
1046 rpdev->dev.parent = &edge->dev;
1047 rpdev->dev.release = qcom_smd_release_device;
1048
1049 return rpmsg_register_device(rpdev);
1050 }
1051
1052 static int qcom_smd_create_chrdev(struct qcom_smd_edge *edge)
1053 {
1054 struct qcom_smd_device *qsdev;
1055
1056 qsdev = kzalloc(sizeof(*qsdev), GFP_KERNEL);
1057 if (!qsdev)
1058 return -ENOMEM;
1059
1060 qsdev->edge = edge;
1061 qsdev->rpdev.ops = &qcom_smd_device_ops;
1062 qsdev->rpdev.dev.parent = &edge->dev;
1063 qsdev->rpdev.dev.release = qcom_smd_release_device;
1064
1065 return rpmsg_chrdev_register_device(&qsdev->rpdev);
1066 }
1067
1068 /*
1069 * Allocate the qcom_smd_channel object for a newly found smd channel,
1070 * retrieving and validating the smem items involved.
1071 */
1072 static struct qcom_smd_channel *qcom_smd_create_channel(struct qcom_smd_edge *edge,
1073 unsigned smem_info_item,
1074 unsigned smem_fifo_item,
1075 char *name)
1076 {
1077 struct qcom_smd_channel *channel;
1078 size_t fifo_size;
1079 size_t info_size;
1080 void *fifo_base;
1081 void *info;
1082 int ret;
1083
1084 channel = devm_kzalloc(&edge->dev, sizeof(*channel), GFP_KERNEL);
1085 if (!channel)
1086 return ERR_PTR(-ENOMEM);
1087
1088 channel->edge = edge;
1089 channel->name = devm_kstrdup(&edge->dev, name, GFP_KERNEL);
1090 if (!channel->name)
1091 return ERR_PTR(-ENOMEM);
1092
1093 mutex_init(&channel->tx_lock);
1094 spin_lock_init(&channel->recv_lock);
1095 init_waitqueue_head(&channel->fblockread_event);
1096 init_waitqueue_head(&channel->state_change_event);
1097
1098 info = qcom_smem_get(edge->remote_pid, smem_info_item, &info_size);
1099 if (IS_ERR(info)) {
1100 ret = PTR_ERR(info);
1101 goto free_name_and_channel;
1102 }
1103
1104 /*
1105 * Use the size of the item to figure out which channel info struct to
1106 * use.
1107 */
1108 if (info_size == 2 * sizeof(struct smd_channel_info_word)) {
1109 channel->info_word = info;
1110 } else if (info_size == 2 * sizeof(struct smd_channel_info)) {
1111 channel->info = info;
1112 } else {
1113 dev_err(&edge->dev,
1114 "channel info of size %zu not supported\n", info_size);
1115 ret = -EINVAL;
1116 goto free_name_and_channel;
1117 }
1118
1119 fifo_base = qcom_smem_get(edge->remote_pid, smem_fifo_item, &fifo_size);
1120 if (IS_ERR(fifo_base)) {
1121 ret = PTR_ERR(fifo_base);
1122 goto free_name_and_channel;
1123 }
1124
1125 /* The channel consist of a rx and tx fifo of equal size */
1126 fifo_size /= 2;
1127
1128 dev_dbg(&edge->dev, "new channel '%s' info-size: %zu fifo-size: %zu\n",
1129 name, info_size, fifo_size);
1130
1131 channel->tx_fifo = fifo_base;
1132 channel->rx_fifo = fifo_base + fifo_size;
1133 channel->fifo_size = fifo_size;
1134
1135 qcom_smd_channel_reset(channel);
1136
1137 return channel;
1138
1139 free_name_and_channel:
1140 devm_kfree(&edge->dev, channel->name);
1141 devm_kfree(&edge->dev, channel);
1142
1143 return ERR_PTR(ret);
1144 }
1145
1146 /*
1147 * Scans the allocation table for any newly allocated channels, calls
1148 * qcom_smd_create_channel() to create representations of these and add
1149 * them to the edge's list of channels.
1150 */
1151 static void qcom_channel_scan_worker(struct work_struct *work)
1152 {
1153 struct qcom_smd_edge *edge = container_of(work, struct qcom_smd_edge, scan_work);
1154 struct qcom_smd_alloc_entry *alloc_tbl;
1155 struct qcom_smd_alloc_entry *entry;
1156 struct qcom_smd_channel *channel;
1157 unsigned long flags;
1158 unsigned fifo_id;
1159 unsigned info_id;
1160 int tbl;
1161 int i;
1162 u32 eflags, cid;
1163
1164 for (tbl = 0; tbl < SMD_ALLOC_TBL_COUNT; tbl++) {
1165 alloc_tbl = qcom_smem_get(edge->remote_pid,
1166 smem_items[tbl].alloc_tbl_id, NULL);
1167 if (IS_ERR(alloc_tbl))
1168 continue;
1169
1170 for (i = 0; i < SMD_ALLOC_TBL_SIZE; i++) {
1171 entry = &alloc_tbl[i];
1172 eflags = le32_to_cpu(entry->flags);
1173 if (test_bit(i, edge->allocated[tbl]))
1174 continue;
1175
1176 if (entry->ref_count == 0)
1177 continue;
1178
1179 if (!entry->name[0])
1180 continue;
1181
1182 if (!(eflags & SMD_CHANNEL_FLAGS_PACKET))
1183 continue;
1184
1185 if ((eflags & SMD_CHANNEL_FLAGS_EDGE_MASK) != edge->edge_id)
1186 continue;
1187
1188 cid = le32_to_cpu(entry->cid);
1189 info_id = smem_items[tbl].info_base_id + cid;
1190 fifo_id = smem_items[tbl].fifo_base_id + cid;
1191
1192 channel = qcom_smd_create_channel(edge, info_id, fifo_id, entry->name);
1193 if (IS_ERR(channel))
1194 continue;
1195
1196 spin_lock_irqsave(&edge->channels_lock, flags);
1197 list_add(&channel->list, &edge->channels);
1198 spin_unlock_irqrestore(&edge->channels_lock, flags);
1199
1200 dev_dbg(&edge->dev, "new channel found: '%s'\n", channel->name);
1201 set_bit(i, edge->allocated[tbl]);
1202
1203 wake_up_interruptible_all(&edge->new_channel_event);
1204 }
1205 }
1206
1207 schedule_work(&edge->state_work);
1208 }
1209
1210 /*
1211 * This per edge worker scans smem for any new channels and register these. It
1212 * then scans all registered channels for state changes that should be handled
1213 * by creating or destroying smd client devices for the registered channels.
1214 *
1215 * LOCKING: edge->channels_lock only needs to cover the list operations, as the
1216 * worker is killed before any channels are deallocated
1217 */
1218 static void qcom_channel_state_worker(struct work_struct *work)
1219 {
1220 struct qcom_smd_channel *channel;
1221 struct qcom_smd_edge *edge = container_of(work,
1222 struct qcom_smd_edge,
1223 state_work);
1224 struct rpmsg_channel_info chinfo;
1225 unsigned remote_state;
1226 unsigned long flags;
1227
1228 /*
1229 * Register a device for any closed channel where the remote processor
1230 * is showing interest in opening the channel.
1231 */
1232 spin_lock_irqsave(&edge->channels_lock, flags);
1233 list_for_each_entry(channel, &edge->channels, list) {
1234 if (channel->state != SMD_CHANNEL_CLOSED)
1235 continue;
1236
1237 if (channel->registered)
1238 continue;
1239
1240 spin_unlock_irqrestore(&edge->channels_lock, flags);
1241 qcom_smd_create_device(channel);
1242 channel->registered = true;
1243 spin_lock_irqsave(&edge->channels_lock, flags);
1244
1245 channel->registered = true;
1246 }
1247
1248 /*
1249 * Unregister the device for any channel that is opened where the
1250 * remote processor is closing the channel.
1251 */
1252 list_for_each_entry(channel, &edge->channels, list) {
1253 if (channel->state != SMD_CHANNEL_OPENING &&
1254 channel->state != SMD_CHANNEL_OPENED)
1255 continue;
1256
1257 remote_state = GET_RX_CHANNEL_INFO(channel, state);
1258 if (remote_state == SMD_CHANNEL_OPENING ||
1259 remote_state == SMD_CHANNEL_OPENED)
1260 continue;
1261
1262 spin_unlock_irqrestore(&edge->channels_lock, flags);
1263
1264 strncpy(chinfo.name, channel->name, sizeof(chinfo.name));
1265 chinfo.src = RPMSG_ADDR_ANY;
1266 chinfo.dst = RPMSG_ADDR_ANY;
1267 rpmsg_unregister_device(&edge->dev, &chinfo);
1268 channel->registered = false;
1269 spin_lock_irqsave(&edge->channels_lock, flags);
1270 }
1271 spin_unlock_irqrestore(&edge->channels_lock, flags);
1272 }
1273
1274 /*
1275 * Parses an of_node describing an edge.
1276 */
1277 static int qcom_smd_parse_edge(struct device *dev,
1278 struct device_node *node,
1279 struct qcom_smd_edge *edge)
1280 {
1281 struct device_node *syscon_np;
1282 const char *key;
1283 int irq;
1284 int ret;
1285
1286 INIT_LIST_HEAD(&edge->channels);
1287 spin_lock_init(&edge->channels_lock);
1288
1289 INIT_WORK(&edge->scan_work, qcom_channel_scan_worker);
1290 INIT_WORK(&edge->state_work, qcom_channel_state_worker);
1291
1292 edge->of_node = of_node_get(node);
1293
1294 key = "qcom,smd-edge";
1295 ret = of_property_read_u32(node, key, &edge->edge_id);
1296 if (ret) {
1297 dev_err(dev, "edge missing %s property\n", key);
1298 return -EINVAL;
1299 }
1300
1301 edge->remote_pid = QCOM_SMEM_HOST_ANY;
1302 key = "qcom,remote-pid";
1303 of_property_read_u32(node, key, &edge->remote_pid);
1304
1305 syscon_np = of_parse_phandle(node, "qcom,ipc", 0);
1306 if (!syscon_np) {
1307 dev_err(dev, "no qcom,ipc node\n");
1308 return -ENODEV;
1309 }
1310
1311 edge->ipc_regmap = syscon_node_to_regmap(syscon_np);
1312 if (IS_ERR(edge->ipc_regmap))
1313 return PTR_ERR(edge->ipc_regmap);
1314
1315 key = "qcom,ipc";
1316 ret = of_property_read_u32_index(node, key, 1, &edge->ipc_offset);
1317 if (ret < 0) {
1318 dev_err(dev, "no offset in %s\n", key);
1319 return -EINVAL;
1320 }
1321
1322 ret = of_property_read_u32_index(node, key, 2, &edge->ipc_bit);
1323 if (ret < 0) {
1324 dev_err(dev, "no bit in %s\n", key);
1325 return -EINVAL;
1326 }
1327
1328 ret = of_property_read_string(node, "label", &edge->name);
1329 if (ret < 0)
1330 edge->name = node->name;
1331
1332 irq = irq_of_parse_and_map(node, 0);
1333 if (irq < 0) {
1334 dev_err(dev, "required smd interrupt missing\n");
1335 return -EINVAL;
1336 }
1337
1338 ret = devm_request_irq(dev, irq,
1339 qcom_smd_edge_intr, IRQF_TRIGGER_RISING,
1340 node->name, edge);
1341 if (ret) {
1342 dev_err(dev, "failed to request smd irq\n");
1343 return ret;
1344 }
1345
1346 edge->irq = irq;
1347
1348 return 0;
1349 }
1350
1351 /*
1352 * Release function for an edge.
1353 * Reset the state of each associated channel and free the edge context.
1354 */
1355 static void qcom_smd_edge_release(struct device *dev)
1356 {
1357 struct qcom_smd_channel *channel;
1358 struct qcom_smd_edge *edge = to_smd_edge(dev);
1359
1360 list_for_each_entry(channel, &edge->channels, list) {
1361 SET_RX_CHANNEL_INFO(channel, state, SMD_CHANNEL_CLOSED);
1362 SET_RX_CHANNEL_INFO(channel, head, 0);
1363 SET_RX_CHANNEL_INFO(channel, tail, 0);
1364 }
1365
1366 kfree(edge);
1367 }
1368
1369 static ssize_t rpmsg_name_show(struct device *dev,
1370 struct device_attribute *attr, char *buf)
1371 {
1372 struct qcom_smd_edge *edge = to_smd_edge(dev);
1373
1374 return sprintf(buf, "%s\n", edge->name);
1375 }
1376 static DEVICE_ATTR_RO(rpmsg_name);
1377
1378 static struct attribute *qcom_smd_edge_attrs[] = {
1379 &dev_attr_rpmsg_name.attr,
1380 NULL
1381 };
1382 ATTRIBUTE_GROUPS(qcom_smd_edge);
1383
1384 /**
1385 * qcom_smd_register_edge() - register an edge based on an device_node
1386 * @parent: parent device for the edge
1387 * @node: device_node describing the edge
1388 *
1389 * Returns an edge reference, or negative ERR_PTR() on failure.
1390 */
1391 struct qcom_smd_edge *qcom_smd_register_edge(struct device *parent,
1392 struct device_node *node)
1393 {
1394 struct qcom_smd_edge *edge;
1395 int ret;
1396
1397 edge = kzalloc(sizeof(*edge), GFP_KERNEL);
1398 if (!edge)
1399 return ERR_PTR(-ENOMEM);
1400
1401 init_waitqueue_head(&edge->new_channel_event);
1402
1403 edge->dev.parent = parent;
1404 edge->dev.release = qcom_smd_edge_release;
1405 edge->dev.of_node = node;
1406 edge->dev.groups = qcom_smd_edge_groups;
1407 dev_set_name(&edge->dev, "%s:%s", dev_name(parent), node->name);
1408 ret = device_register(&edge->dev);
1409 if (ret) {
1410 pr_err("failed to register smd edge\n");
1411 return ERR_PTR(ret);
1412 }
1413
1414 ret = qcom_smd_parse_edge(&edge->dev, node, edge);
1415 if (ret) {
1416 dev_err(&edge->dev, "failed to parse smd edge\n");
1417 goto unregister_dev;
1418 }
1419
1420 ret = qcom_smd_create_chrdev(edge);
1421 if (ret) {
1422 dev_err(&edge->dev, "failed to register chrdev for edge\n");
1423 goto unregister_dev;
1424 }
1425
1426 schedule_work(&edge->scan_work);
1427
1428 return edge;
1429
1430 unregister_dev:
1431 put_device(&edge->dev);
1432 return ERR_PTR(ret);
1433 }
1434 EXPORT_SYMBOL(qcom_smd_register_edge);
1435
1436 static int qcom_smd_remove_device(struct device *dev, void *data)
1437 {
1438 device_unregister(dev);
1439
1440 return 0;
1441 }
1442
1443 /**
1444 * qcom_smd_unregister_edge() - release an edge and its children
1445 * @edge: edge reference acquired from qcom_smd_register_edge
1446 */
1447 int qcom_smd_unregister_edge(struct qcom_smd_edge *edge)
1448 {
1449 int ret;
1450
1451 disable_irq(edge->irq);
1452 cancel_work_sync(&edge->scan_work);
1453 cancel_work_sync(&edge->state_work);
1454
1455 ret = device_for_each_child(&edge->dev, NULL, qcom_smd_remove_device);
1456 if (ret)
1457 dev_warn(&edge->dev, "can't remove smd device: %d\n", ret);
1458
1459 device_unregister(&edge->dev);
1460
1461 return 0;
1462 }
1463 EXPORT_SYMBOL(qcom_smd_unregister_edge);
1464
1465 static int qcom_smd_probe(struct platform_device *pdev)
1466 {
1467 struct device_node *node;
1468 void *p;
1469
1470 /* Wait for smem */
1471 p = qcom_smem_get(QCOM_SMEM_HOST_ANY, smem_items[0].alloc_tbl_id, NULL);
1472 if (PTR_ERR(p) == -EPROBE_DEFER)
1473 return PTR_ERR(p);
1474
1475 for_each_available_child_of_node(pdev->dev.of_node, node)
1476 qcom_smd_register_edge(&pdev->dev, node);
1477
1478 return 0;
1479 }
1480
1481 static int qcom_smd_remove_edge(struct device *dev, void *data)
1482 {
1483 struct qcom_smd_edge *edge = to_smd_edge(dev);
1484
1485 return qcom_smd_unregister_edge(edge);
1486 }
1487
1488 /*
1489 * Shut down all smd clients by making sure that each edge stops processing
1490 * events and scanning for new channels, then call destroy on the devices.
1491 */
1492 static int qcom_smd_remove(struct platform_device *pdev)
1493 {
1494 int ret;
1495
1496 ret = device_for_each_child(&pdev->dev, NULL, qcom_smd_remove_edge);
1497 if (ret)
1498 dev_warn(&pdev->dev, "can't remove smd device: %d\n", ret);
1499
1500 return ret;
1501 }
1502
1503 static const struct of_device_id qcom_smd_of_match[] = {
1504 { .compatible = "qcom,smd" },
1505 {}
1506 };
1507 MODULE_DEVICE_TABLE(of, qcom_smd_of_match);
1508
1509 static struct platform_driver qcom_smd_driver = {
1510 .probe = qcom_smd_probe,
1511 .remove = qcom_smd_remove,
1512 .driver = {
1513 .name = "qcom-smd",
1514 .of_match_table = qcom_smd_of_match,
1515 },
1516 };
1517
1518 static int __init qcom_smd_init(void)
1519 {
1520 return platform_driver_register(&qcom_smd_driver);
1521 }
1522 subsys_initcall(qcom_smd_init);
1523
1524 static void __exit qcom_smd_exit(void)
1525 {
1526 platform_driver_unregister(&qcom_smd_driver);
1527 }
1528 module_exit(qcom_smd_exit);
1529
1530 MODULE_AUTHOR("Bjorn Andersson <bjorn.andersson@sonymobile.com>");
1531 MODULE_DESCRIPTION("Qualcomm Shared Memory Driver");
1532 MODULE_LICENSE("GPL v2");
Linux with added FPC-III support