bpf: Prevent memory disambiguation attack
[linux/fpc-iii.git] / drivers / rpmsg / virtio_rpmsg_bus.c
blob82b83002fcba0af16549dd64f6e12f75c4245731
1 /*
2 * Virtio-based remote processor messaging bus
4 * Copyright (C) 2011 Texas Instruments, Inc.
5 * Copyright (C) 2011 Google, Inc.
7 * Ohad Ben-Cohen <ohad@wizery.com>
8 * Brian Swetland <swetland@google.com>
10 * This software is licensed under the terms of the GNU General Public
11 * License version 2, as published by the Free Software Foundation, and
12 * may be copied, distributed, and modified under those terms.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
20 #define pr_fmt(fmt) "%s: " fmt, __func__
22 #include <linux/kernel.h>
23 #include <linux/module.h>
24 #include <linux/virtio.h>
25 #include <linux/virtio_ids.h>
26 #include <linux/virtio_config.h>
27 #include <linux/scatterlist.h>
28 #include <linux/dma-mapping.h>
29 #include <linux/slab.h>
30 #include <linux/idr.h>
31 #include <linux/jiffies.h>
32 #include <linux/sched.h>
33 #include <linux/wait.h>
34 #include <linux/rpmsg.h>
35 #include <linux/mutex.h>
36 #include <linux/of_device.h>
38 #include "rpmsg_internal.h"
40 /**
41 * struct virtproc_info - virtual remote processor state
42 * @vdev: the virtio device
43 * @rvq: rx virtqueue
44 * @svq: tx virtqueue
45 * @rbufs: kernel address of rx buffers
46 * @sbufs: kernel address of tx buffers
47 * @num_bufs: total number of buffers for rx and tx
48 * @buf_size: size of one rx or tx buffer
49 * @last_sbuf: index of last tx buffer used
50 * @bufs_dma: dma base addr of the buffers
51 * @tx_lock: protects svq, sbufs and sleepers, to allow concurrent senders.
52 * sending a message might require waking up a dozing remote
53 * processor, which involves sleeping, hence the mutex.
54 * @endpoints: idr of local endpoints, allows fast retrieval
55 * @endpoints_lock: lock of the endpoints set
56 * @sendq: wait queue of sending contexts waiting for a tx buffers
57 * @sleepers: number of senders that are waiting for a tx buffer
58 * @ns_ept: the bus's name service endpoint
60 * This structure stores the rpmsg state of a given virtio remote processor
61 * device (there might be several virtio proc devices for each physical
62 * remote processor).
64 struct virtproc_info {
65 struct virtio_device *vdev;
66 struct virtqueue *rvq, *svq;
67 void *rbufs, *sbufs;
68 unsigned int num_bufs;
69 unsigned int buf_size;
70 int last_sbuf;
71 dma_addr_t bufs_dma;
72 struct mutex tx_lock;
73 struct idr endpoints;
74 struct mutex endpoints_lock;
75 wait_queue_head_t sendq;
76 atomic_t sleepers;
77 struct rpmsg_endpoint *ns_ept;
80 /* The feature bitmap for virtio rpmsg */
81 #define VIRTIO_RPMSG_F_NS 0 /* RP supports name service notifications */
83 /**
84 * struct rpmsg_hdr - common header for all rpmsg messages
85 * @src: source address
86 * @dst: destination address
87 * @reserved: reserved for future use
88 * @len: length of payload (in bytes)
89 * @flags: message flags
90 * @data: @len bytes of message payload data
92 * Every message sent(/received) on the rpmsg bus begins with this header.
94 struct rpmsg_hdr {
95 u32 src;
96 u32 dst;
97 u32 reserved;
98 u16 len;
99 u16 flags;
100 u8 data[0];
101 } __packed;
104 * struct rpmsg_ns_msg - dynamic name service announcement message
105 * @name: name of remote service that is published
106 * @addr: address of remote service that is published
107 * @flags: indicates whether service is created or destroyed
109 * This message is sent across to publish a new service, or announce
110 * about its removal. When we receive these messages, an appropriate
111 * rpmsg channel (i.e device) is created/destroyed. In turn, the ->probe()
112 * or ->remove() handler of the appropriate rpmsg driver will be invoked
113 * (if/as-soon-as one is registered).
115 struct rpmsg_ns_msg {
116 char name[RPMSG_NAME_SIZE];
117 u32 addr;
118 u32 flags;
119 } __packed;
122 * enum rpmsg_ns_flags - dynamic name service announcement flags
124 * @RPMSG_NS_CREATE: a new remote service was just created
125 * @RPMSG_NS_DESTROY: a known remote service was just destroyed
127 enum rpmsg_ns_flags {
128 RPMSG_NS_CREATE = 0,
129 RPMSG_NS_DESTROY = 1,
133 * @vrp: the remote processor this channel belongs to
135 struct virtio_rpmsg_channel {
136 struct rpmsg_device rpdev;
138 struct virtproc_info *vrp;
141 #define to_virtio_rpmsg_channel(_rpdev) \
142 container_of(_rpdev, struct virtio_rpmsg_channel, rpdev)
145 * We're allocating buffers of 512 bytes each for communications. The
146 * number of buffers will be computed from the number of buffers supported
147 * by the vring, upto a maximum of 512 buffers (256 in each direction).
149 * Each buffer will have 16 bytes for the msg header and 496 bytes for
150 * the payload.
152 * This will utilize a maximum total space of 256KB for the buffers.
154 * We might also want to add support for user-provided buffers in time.
155 * This will allow bigger buffer size flexibility, and can also be used
156 * to achieve zero-copy messaging.
158 * Note that these numbers are purely a decision of this driver - we
159 * can change this without changing anything in the firmware of the remote
160 * processor.
162 #define MAX_RPMSG_NUM_BUFS (512)
163 #define MAX_RPMSG_BUF_SIZE (512)
166 * Local addresses are dynamically allocated on-demand.
167 * We do not dynamically assign addresses from the low 1024 range,
168 * in order to reserve that address range for predefined services.
170 #define RPMSG_RESERVED_ADDRESSES (1024)
172 /* Address 53 is reserved for advertising remote services */
173 #define RPMSG_NS_ADDR (53)
175 static void virtio_rpmsg_destroy_ept(struct rpmsg_endpoint *ept);
176 static int virtio_rpmsg_send(struct rpmsg_endpoint *ept, void *data, int len);
177 static int virtio_rpmsg_sendto(struct rpmsg_endpoint *ept, void *data, int len,
178 u32 dst);
179 static int virtio_rpmsg_send_offchannel(struct rpmsg_endpoint *ept, u32 src,
180 u32 dst, void *data, int len);
181 static int virtio_rpmsg_trysend(struct rpmsg_endpoint *ept, void *data, int len);
182 static int virtio_rpmsg_trysendto(struct rpmsg_endpoint *ept, void *data,
183 int len, u32 dst);
184 static int virtio_rpmsg_trysend_offchannel(struct rpmsg_endpoint *ept, u32 src,
185 u32 dst, void *data, int len);
187 static const struct rpmsg_endpoint_ops virtio_endpoint_ops = {
188 .destroy_ept = virtio_rpmsg_destroy_ept,
189 .send = virtio_rpmsg_send,
190 .sendto = virtio_rpmsg_sendto,
191 .send_offchannel = virtio_rpmsg_send_offchannel,
192 .trysend = virtio_rpmsg_trysend,
193 .trysendto = virtio_rpmsg_trysendto,
194 .trysend_offchannel = virtio_rpmsg_trysend_offchannel,
198 * rpmsg_sg_init - initialize scatterlist according to cpu address location
199 * @sg: scatterlist to fill
200 * @cpu_addr: virtual address of the buffer
201 * @len: buffer length
203 * An internal function filling scatterlist according to virtual address
204 * location (in vmalloc or in kernel).
206 static void
207 rpmsg_sg_init(struct scatterlist *sg, void *cpu_addr, unsigned int len)
209 if (is_vmalloc_addr(cpu_addr)) {
210 sg_init_table(sg, 1);
211 sg_set_page(sg, vmalloc_to_page(cpu_addr), len,
212 offset_in_page(cpu_addr));
213 } else {
214 WARN_ON(!virt_addr_valid(cpu_addr));
215 sg_init_one(sg, cpu_addr, len);
220 * __ept_release() - deallocate an rpmsg endpoint
221 * @kref: the ept's reference count
223 * This function deallocates an ept, and is invoked when its @kref refcount
224 * drops to zero.
226 * Never invoke this function directly!
228 static void __ept_release(struct kref *kref)
230 struct rpmsg_endpoint *ept = container_of(kref, struct rpmsg_endpoint,
231 refcount);
233 * At this point no one holds a reference to ept anymore,
234 * so we can directly free it
236 kfree(ept);
239 /* for more info, see below documentation of rpmsg_create_ept() */
240 static struct rpmsg_endpoint *__rpmsg_create_ept(struct virtproc_info *vrp,
241 struct rpmsg_device *rpdev,
242 rpmsg_rx_cb_t cb,
243 void *priv, u32 addr)
245 int id_min, id_max, id;
246 struct rpmsg_endpoint *ept;
247 struct device *dev = rpdev ? &rpdev->dev : &vrp->vdev->dev;
249 ept = kzalloc(sizeof(*ept), GFP_KERNEL);
250 if (!ept)
251 return NULL;
253 kref_init(&ept->refcount);
254 mutex_init(&ept->cb_lock);
256 ept->rpdev = rpdev;
257 ept->cb = cb;
258 ept->priv = priv;
259 ept->ops = &virtio_endpoint_ops;
261 /* do we need to allocate a local address ? */
262 if (addr == RPMSG_ADDR_ANY) {
263 id_min = RPMSG_RESERVED_ADDRESSES;
264 id_max = 0;
265 } else {
266 id_min = addr;
267 id_max = addr + 1;
270 mutex_lock(&vrp->endpoints_lock);
272 /* bind the endpoint to an rpmsg address (and allocate one if needed) */
273 id = idr_alloc(&vrp->endpoints, ept, id_min, id_max, GFP_KERNEL);
274 if (id < 0) {
275 dev_err(dev, "idr_alloc failed: %d\n", id);
276 goto free_ept;
278 ept->addr = id;
280 mutex_unlock(&vrp->endpoints_lock);
282 return ept;
284 free_ept:
285 mutex_unlock(&vrp->endpoints_lock);
286 kref_put(&ept->refcount, __ept_release);
287 return NULL;
290 static struct rpmsg_endpoint *virtio_rpmsg_create_ept(struct rpmsg_device *rpdev,
291 rpmsg_rx_cb_t cb,
292 void *priv,
293 struct rpmsg_channel_info chinfo)
295 struct virtio_rpmsg_channel *vch = to_virtio_rpmsg_channel(rpdev);
297 return __rpmsg_create_ept(vch->vrp, rpdev, cb, priv, chinfo.src);
301 * __rpmsg_destroy_ept() - destroy an existing rpmsg endpoint
302 * @vrp: virtproc which owns this ept
303 * @ept: endpoing to destroy
305 * An internal function which destroy an ept without assuming it is
306 * bound to an rpmsg channel. This is needed for handling the internal
307 * name service endpoint, which isn't bound to an rpmsg channel.
308 * See also __rpmsg_create_ept().
310 static void
311 __rpmsg_destroy_ept(struct virtproc_info *vrp, struct rpmsg_endpoint *ept)
313 /* make sure new inbound messages can't find this ept anymore */
314 mutex_lock(&vrp->endpoints_lock);
315 idr_remove(&vrp->endpoints, ept->addr);
316 mutex_unlock(&vrp->endpoints_lock);
318 /* make sure in-flight inbound messages won't invoke cb anymore */
319 mutex_lock(&ept->cb_lock);
320 ept->cb = NULL;
321 mutex_unlock(&ept->cb_lock);
323 kref_put(&ept->refcount, __ept_release);
326 static void virtio_rpmsg_destroy_ept(struct rpmsg_endpoint *ept)
328 struct virtio_rpmsg_channel *vch = to_virtio_rpmsg_channel(ept->rpdev);
330 __rpmsg_destroy_ept(vch->vrp, ept);
333 static int virtio_rpmsg_announce_create(struct rpmsg_device *rpdev)
335 struct virtio_rpmsg_channel *vch = to_virtio_rpmsg_channel(rpdev);
336 struct virtproc_info *vrp = vch->vrp;
337 struct device *dev = &rpdev->dev;
338 int err = 0;
340 /* need to tell remote processor's name service about this channel ? */
341 if (rpdev->announce && rpdev->ept &&
342 virtio_has_feature(vrp->vdev, VIRTIO_RPMSG_F_NS)) {
343 struct rpmsg_ns_msg nsm;
345 strncpy(nsm.name, rpdev->id.name, RPMSG_NAME_SIZE);
346 nsm.addr = rpdev->ept->addr;
347 nsm.flags = RPMSG_NS_CREATE;
349 err = rpmsg_sendto(rpdev->ept, &nsm, sizeof(nsm), RPMSG_NS_ADDR);
350 if (err)
351 dev_err(dev, "failed to announce service %d\n", err);
354 return err;
357 static int virtio_rpmsg_announce_destroy(struct rpmsg_device *rpdev)
359 struct virtio_rpmsg_channel *vch = to_virtio_rpmsg_channel(rpdev);
360 struct virtproc_info *vrp = vch->vrp;
361 struct device *dev = &rpdev->dev;
362 int err = 0;
364 /* tell remote processor's name service we're removing this channel */
365 if (rpdev->announce && rpdev->ept &&
366 virtio_has_feature(vrp->vdev, VIRTIO_RPMSG_F_NS)) {
367 struct rpmsg_ns_msg nsm;
369 strncpy(nsm.name, rpdev->id.name, RPMSG_NAME_SIZE);
370 nsm.addr = rpdev->ept->addr;
371 nsm.flags = RPMSG_NS_DESTROY;
373 err = rpmsg_sendto(rpdev->ept, &nsm, sizeof(nsm), RPMSG_NS_ADDR);
374 if (err)
375 dev_err(dev, "failed to announce service %d\n", err);
378 return err;
381 static const struct rpmsg_device_ops virtio_rpmsg_ops = {
382 .create_ept = virtio_rpmsg_create_ept,
383 .announce_create = virtio_rpmsg_announce_create,
384 .announce_destroy = virtio_rpmsg_announce_destroy,
387 static void virtio_rpmsg_release_device(struct device *dev)
389 struct rpmsg_device *rpdev = to_rpmsg_device(dev);
390 struct virtio_rpmsg_channel *vch = to_virtio_rpmsg_channel(rpdev);
392 kfree(vch);
396 * create an rpmsg channel using its name and address info.
397 * this function will be used to create both static and dynamic
398 * channels.
400 static struct rpmsg_device *rpmsg_create_channel(struct virtproc_info *vrp,
401 struct rpmsg_channel_info *chinfo)
403 struct virtio_rpmsg_channel *vch;
404 struct rpmsg_device *rpdev;
405 struct device *tmp, *dev = &vrp->vdev->dev;
406 int ret;
408 /* make sure a similar channel doesn't already exist */
409 tmp = rpmsg_find_device(dev, chinfo);
410 if (tmp) {
411 /* decrement the matched device's refcount back */
412 put_device(tmp);
413 dev_err(dev, "channel %s:%x:%x already exist\n",
414 chinfo->name, chinfo->src, chinfo->dst);
415 return NULL;
418 vch = kzalloc(sizeof(*vch), GFP_KERNEL);
419 if (!vch)
420 return NULL;
422 /* Link the channel to our vrp */
423 vch->vrp = vrp;
425 /* Assign public information to the rpmsg_device */
426 rpdev = &vch->rpdev;
427 rpdev->src = chinfo->src;
428 rpdev->dst = chinfo->dst;
429 rpdev->ops = &virtio_rpmsg_ops;
432 * rpmsg server channels has predefined local address (for now),
433 * and their existence needs to be announced remotely
435 rpdev->announce = rpdev->src != RPMSG_ADDR_ANY;
437 strncpy(rpdev->id.name, chinfo->name, RPMSG_NAME_SIZE);
439 rpdev->dev.parent = &vrp->vdev->dev;
440 rpdev->dev.release = virtio_rpmsg_release_device;
441 ret = rpmsg_register_device(rpdev);
442 if (ret)
443 return NULL;
445 return rpdev;
448 /* super simple buffer "allocator" that is just enough for now */
449 static void *get_a_tx_buf(struct virtproc_info *vrp)
451 unsigned int len;
452 void *ret;
454 /* support multiple concurrent senders */
455 mutex_lock(&vrp->tx_lock);
458 * either pick the next unused tx buffer
459 * (half of our buffers are used for sending messages)
461 if (vrp->last_sbuf < vrp->num_bufs / 2)
462 ret = vrp->sbufs + vrp->buf_size * vrp->last_sbuf++;
463 /* or recycle a used one */
464 else
465 ret = virtqueue_get_buf(vrp->svq, &len);
467 mutex_unlock(&vrp->tx_lock);
469 return ret;
473 * rpmsg_upref_sleepers() - enable "tx-complete" interrupts, if needed
474 * @vrp: virtual remote processor state
476 * This function is called before a sender is blocked, waiting for
477 * a tx buffer to become available.
479 * If we already have blocking senders, this function merely increases
480 * the "sleepers" reference count, and exits.
482 * Otherwise, if this is the first sender to block, we also enable
483 * virtio's tx callbacks, so we'd be immediately notified when a tx
484 * buffer is consumed (we rely on virtio's tx callback in order
485 * to wake up sleeping senders as soon as a tx buffer is used by the
486 * remote processor).
488 static void rpmsg_upref_sleepers(struct virtproc_info *vrp)
490 /* support multiple concurrent senders */
491 mutex_lock(&vrp->tx_lock);
493 /* are we the first sleeping context waiting for tx buffers ? */
494 if (atomic_inc_return(&vrp->sleepers) == 1)
495 /* enable "tx-complete" interrupts before dozing off */
496 virtqueue_enable_cb(vrp->svq);
498 mutex_unlock(&vrp->tx_lock);
502 * rpmsg_downref_sleepers() - disable "tx-complete" interrupts, if needed
503 * @vrp: virtual remote processor state
505 * This function is called after a sender, that waited for a tx buffer
506 * to become available, is unblocked.
508 * If we still have blocking senders, this function merely decreases
509 * the "sleepers" reference count, and exits.
511 * Otherwise, if there are no more blocking senders, we also disable
512 * virtio's tx callbacks, to avoid the overhead incurred with handling
513 * those (now redundant) interrupts.
515 static void rpmsg_downref_sleepers(struct virtproc_info *vrp)
517 /* support multiple concurrent senders */
518 mutex_lock(&vrp->tx_lock);
520 /* are we the last sleeping context waiting for tx buffers ? */
521 if (atomic_dec_and_test(&vrp->sleepers))
522 /* disable "tx-complete" interrupts */
523 virtqueue_disable_cb(vrp->svq);
525 mutex_unlock(&vrp->tx_lock);
529 * rpmsg_send_offchannel_raw() - send a message across to the remote processor
530 * @rpdev: the rpmsg channel
531 * @src: source address
532 * @dst: destination address
533 * @data: payload of message
534 * @len: length of payload
535 * @wait: indicates whether caller should block in case no TX buffers available
537 * This function is the base implementation for all of the rpmsg sending API.
539 * It will send @data of length @len to @dst, and say it's from @src. The
540 * message will be sent to the remote processor which the @rpdev channel
541 * belongs to.
543 * The message is sent using one of the TX buffers that are available for
544 * communication with this remote processor.
546 * If @wait is true, the caller will be blocked until either a TX buffer is
547 * available, or 15 seconds elapses (we don't want callers to
548 * sleep indefinitely due to misbehaving remote processors), and in that
549 * case -ERESTARTSYS is returned. The number '15' itself was picked
550 * arbitrarily; there's little point in asking drivers to provide a timeout
551 * value themselves.
553 * Otherwise, if @wait is false, and there are no TX buffers available,
554 * the function will immediately fail, and -ENOMEM will be returned.
556 * Normally drivers shouldn't use this function directly; instead, drivers
557 * should use the appropriate rpmsg_{try}send{to, _offchannel} API
558 * (see include/linux/rpmsg.h).
560 * Returns 0 on success and an appropriate error value on failure.
562 static int rpmsg_send_offchannel_raw(struct rpmsg_device *rpdev,
563 u32 src, u32 dst,
564 void *data, int len, bool wait)
566 struct virtio_rpmsg_channel *vch = to_virtio_rpmsg_channel(rpdev);
567 struct virtproc_info *vrp = vch->vrp;
568 struct device *dev = &rpdev->dev;
569 struct scatterlist sg;
570 struct rpmsg_hdr *msg;
571 int err;
573 /* bcasting isn't allowed */
574 if (src == RPMSG_ADDR_ANY || dst == RPMSG_ADDR_ANY) {
575 dev_err(dev, "invalid addr (src 0x%x, dst 0x%x)\n", src, dst);
576 return -EINVAL;
580 * We currently use fixed-sized buffers, and therefore the payload
581 * length is limited.
583 * One of the possible improvements here is either to support
584 * user-provided buffers (and then we can also support zero-copy
585 * messaging), or to improve the buffer allocator, to support
586 * variable-length buffer sizes.
588 if (len > vrp->buf_size - sizeof(struct rpmsg_hdr)) {
589 dev_err(dev, "message is too big (%d)\n", len);
590 return -EMSGSIZE;
593 /* grab a buffer */
594 msg = get_a_tx_buf(vrp);
595 if (!msg && !wait)
596 return -ENOMEM;
598 /* no free buffer ? wait for one (but bail after 15 seconds) */
599 while (!msg) {
600 /* enable "tx-complete" interrupts, if not already enabled */
601 rpmsg_upref_sleepers(vrp);
604 * sleep until a free buffer is available or 15 secs elapse.
605 * the timeout period is not configurable because there's
606 * little point in asking drivers to specify that.
607 * if later this happens to be required, it'd be easy to add.
609 err = wait_event_interruptible_timeout(vrp->sendq,
610 (msg = get_a_tx_buf(vrp)),
611 msecs_to_jiffies(15000));
613 /* disable "tx-complete" interrupts if we're the last sleeper */
614 rpmsg_downref_sleepers(vrp);
616 /* timeout ? */
617 if (!err) {
618 dev_err(dev, "timeout waiting for a tx buffer\n");
619 return -ERESTARTSYS;
623 msg->len = len;
624 msg->flags = 0;
625 msg->src = src;
626 msg->dst = dst;
627 msg->reserved = 0;
628 memcpy(msg->data, data, len);
630 dev_dbg(dev, "TX From 0x%x, To 0x%x, Len %d, Flags %d, Reserved %d\n",
631 msg->src, msg->dst, msg->len, msg->flags, msg->reserved);
632 #if defined(CONFIG_DYNAMIC_DEBUG)
633 dynamic_hex_dump("rpmsg_virtio TX: ", DUMP_PREFIX_NONE, 16, 1,
634 msg, sizeof(*msg) + msg->len, true);
635 #endif
637 rpmsg_sg_init(&sg, msg, sizeof(*msg) + len);
639 mutex_lock(&vrp->tx_lock);
641 /* add message to the remote processor's virtqueue */
642 err = virtqueue_add_outbuf(vrp->svq, &sg, 1, msg, GFP_KERNEL);
643 if (err) {
645 * need to reclaim the buffer here, otherwise it's lost
646 * (memory won't leak, but rpmsg won't use it again for TX).
647 * this will wait for a buffer management overhaul.
649 dev_err(dev, "virtqueue_add_outbuf failed: %d\n", err);
650 goto out;
653 /* tell the remote processor it has a pending message to read */
654 virtqueue_kick(vrp->svq);
655 out:
656 mutex_unlock(&vrp->tx_lock);
657 return err;
660 static int virtio_rpmsg_send(struct rpmsg_endpoint *ept, void *data, int len)
662 struct rpmsg_device *rpdev = ept->rpdev;
663 u32 src = ept->addr, dst = rpdev->dst;
665 return rpmsg_send_offchannel_raw(rpdev, src, dst, data, len, true);
668 static int virtio_rpmsg_sendto(struct rpmsg_endpoint *ept, void *data, int len,
669 u32 dst)
671 struct rpmsg_device *rpdev = ept->rpdev;
672 u32 src = ept->addr;
674 return rpmsg_send_offchannel_raw(rpdev, src, dst, data, len, true);
677 static int virtio_rpmsg_send_offchannel(struct rpmsg_endpoint *ept, u32 src,
678 u32 dst, void *data, int len)
680 struct rpmsg_device *rpdev = ept->rpdev;
682 return rpmsg_send_offchannel_raw(rpdev, src, dst, data, len, true);
685 static int virtio_rpmsg_trysend(struct rpmsg_endpoint *ept, void *data, int len)
687 struct rpmsg_device *rpdev = ept->rpdev;
688 u32 src = ept->addr, dst = rpdev->dst;
690 return rpmsg_send_offchannel_raw(rpdev, src, dst, data, len, false);
693 static int virtio_rpmsg_trysendto(struct rpmsg_endpoint *ept, void *data,
694 int len, u32 dst)
696 struct rpmsg_device *rpdev = ept->rpdev;
697 u32 src = ept->addr;
699 return rpmsg_send_offchannel_raw(rpdev, src, dst, data, len, false);
702 static int virtio_rpmsg_trysend_offchannel(struct rpmsg_endpoint *ept, u32 src,
703 u32 dst, void *data, int len)
705 struct rpmsg_device *rpdev = ept->rpdev;
707 return rpmsg_send_offchannel_raw(rpdev, src, dst, data, len, false);
710 static int rpmsg_recv_single(struct virtproc_info *vrp, struct device *dev,
711 struct rpmsg_hdr *msg, unsigned int len)
713 struct rpmsg_endpoint *ept;
714 struct scatterlist sg;
715 int err;
717 dev_dbg(dev, "From: 0x%x, To: 0x%x, Len: %d, Flags: %d, Reserved: %d\n",
718 msg->src, msg->dst, msg->len, msg->flags, msg->reserved);
719 #if defined(CONFIG_DYNAMIC_DEBUG)
720 dynamic_hex_dump("rpmsg_virtio RX: ", DUMP_PREFIX_NONE, 16, 1,
721 msg, sizeof(*msg) + msg->len, true);
722 #endif
725 * We currently use fixed-sized buffers, so trivially sanitize
726 * the reported payload length.
728 if (len > vrp->buf_size ||
729 msg->len > (len - sizeof(struct rpmsg_hdr))) {
730 dev_warn(dev, "inbound msg too big: (%d, %d)\n", len, msg->len);
731 return -EINVAL;
734 /* use the dst addr to fetch the callback of the appropriate user */
735 mutex_lock(&vrp->endpoints_lock);
737 ept = idr_find(&vrp->endpoints, msg->dst);
739 /* let's make sure no one deallocates ept while we use it */
740 if (ept)
741 kref_get(&ept->refcount);
743 mutex_unlock(&vrp->endpoints_lock);
745 if (ept) {
746 /* make sure ept->cb doesn't go away while we use it */
747 mutex_lock(&ept->cb_lock);
749 if (ept->cb)
750 ept->cb(ept->rpdev, msg->data, msg->len, ept->priv,
751 msg->src);
753 mutex_unlock(&ept->cb_lock);
755 /* farewell, ept, we don't need you anymore */
756 kref_put(&ept->refcount, __ept_release);
757 } else
758 dev_warn(dev, "msg received with no recipient\n");
760 /* publish the real size of the buffer */
761 rpmsg_sg_init(&sg, msg, vrp->buf_size);
763 /* add the buffer back to the remote processor's virtqueue */
764 err = virtqueue_add_inbuf(vrp->rvq, &sg, 1, msg, GFP_KERNEL);
765 if (err < 0) {
766 dev_err(dev, "failed to add a virtqueue buffer: %d\n", err);
767 return err;
770 return 0;
773 /* called when an rx buffer is used, and it's time to digest a message */
774 static void rpmsg_recv_done(struct virtqueue *rvq)
776 struct virtproc_info *vrp = rvq->vdev->priv;
777 struct device *dev = &rvq->vdev->dev;
778 struct rpmsg_hdr *msg;
779 unsigned int len, msgs_received = 0;
780 int err;
782 msg = virtqueue_get_buf(rvq, &len);
783 if (!msg) {
784 dev_err(dev, "uhm, incoming signal, but no used buffer ?\n");
785 return;
788 while (msg) {
789 err = rpmsg_recv_single(vrp, dev, msg, len);
790 if (err)
791 break;
793 msgs_received++;
795 msg = virtqueue_get_buf(rvq, &len);
798 dev_dbg(dev, "Received %u messages\n", msgs_received);
800 /* tell the remote processor we added another available rx buffer */
801 if (msgs_received)
802 virtqueue_kick(vrp->rvq);
806 * This is invoked whenever the remote processor completed processing
807 * a TX msg we just sent it, and the buffer is put back to the used ring.
809 * Normally, though, we suppress this "tx complete" interrupt in order to
810 * avoid the incurred overhead.
812 static void rpmsg_xmit_done(struct virtqueue *svq)
814 struct virtproc_info *vrp = svq->vdev->priv;
816 dev_dbg(&svq->vdev->dev, "%s\n", __func__);
818 /* wake up potential senders that are waiting for a tx buffer */
819 wake_up_interruptible(&vrp->sendq);
822 /* invoked when a name service announcement arrives */
823 static int rpmsg_ns_cb(struct rpmsg_device *rpdev, void *data, int len,
824 void *priv, u32 src)
826 struct rpmsg_ns_msg *msg = data;
827 struct rpmsg_device *newch;
828 struct rpmsg_channel_info chinfo;
829 struct virtproc_info *vrp = priv;
830 struct device *dev = &vrp->vdev->dev;
831 int ret;
833 #if defined(CONFIG_DYNAMIC_DEBUG)
834 dynamic_hex_dump("NS announcement: ", DUMP_PREFIX_NONE, 16, 1,
835 data, len, true);
836 #endif
838 if (len != sizeof(*msg)) {
839 dev_err(dev, "malformed ns msg (%d)\n", len);
840 return -EINVAL;
844 * the name service ept does _not_ belong to a real rpmsg channel,
845 * and is handled by the rpmsg bus itself.
846 * for sanity reasons, make sure a valid rpdev has _not_ sneaked
847 * in somehow.
849 if (rpdev) {
850 dev_err(dev, "anomaly: ns ept has an rpdev handle\n");
851 return -EINVAL;
854 /* don't trust the remote processor for null terminating the name */
855 msg->name[RPMSG_NAME_SIZE - 1] = '\0';
857 dev_info(dev, "%sing channel %s addr 0x%x\n",
858 msg->flags & RPMSG_NS_DESTROY ? "destroy" : "creat",
859 msg->name, msg->addr);
861 strncpy(chinfo.name, msg->name, sizeof(chinfo.name));
862 chinfo.src = RPMSG_ADDR_ANY;
863 chinfo.dst = msg->addr;
865 if (msg->flags & RPMSG_NS_DESTROY) {
866 ret = rpmsg_unregister_device(&vrp->vdev->dev, &chinfo);
867 if (ret)
868 dev_err(dev, "rpmsg_destroy_channel failed: %d\n", ret);
869 } else {
870 newch = rpmsg_create_channel(vrp, &chinfo);
871 if (!newch)
872 dev_err(dev, "rpmsg_create_channel failed\n");
875 return 0;
878 static int rpmsg_probe(struct virtio_device *vdev)
880 vq_callback_t *vq_cbs[] = { rpmsg_recv_done, rpmsg_xmit_done };
881 static const char * const names[] = { "input", "output" };
882 struct virtqueue *vqs[2];
883 struct virtproc_info *vrp;
884 void *bufs_va;
885 int err = 0, i;
886 size_t total_buf_space;
887 bool notify;
889 vrp = kzalloc(sizeof(*vrp), GFP_KERNEL);
890 if (!vrp)
891 return -ENOMEM;
893 vrp->vdev = vdev;
895 idr_init(&vrp->endpoints);
896 mutex_init(&vrp->endpoints_lock);
897 mutex_init(&vrp->tx_lock);
898 init_waitqueue_head(&vrp->sendq);
900 /* We expect two virtqueues, rx and tx (and in this order) */
901 err = virtio_find_vqs(vdev, 2, vqs, vq_cbs, names, NULL);
902 if (err)
903 goto free_vrp;
905 vrp->rvq = vqs[0];
906 vrp->svq = vqs[1];
908 /* we expect symmetric tx/rx vrings */
909 WARN_ON(virtqueue_get_vring_size(vrp->rvq) !=
910 virtqueue_get_vring_size(vrp->svq));
912 /* we need less buffers if vrings are small */
913 if (virtqueue_get_vring_size(vrp->rvq) < MAX_RPMSG_NUM_BUFS / 2)
914 vrp->num_bufs = virtqueue_get_vring_size(vrp->rvq) * 2;
915 else
916 vrp->num_bufs = MAX_RPMSG_NUM_BUFS;
918 vrp->buf_size = MAX_RPMSG_BUF_SIZE;
920 total_buf_space = vrp->num_bufs * vrp->buf_size;
922 /* allocate coherent memory for the buffers */
923 bufs_va = dma_alloc_coherent(vdev->dev.parent->parent,
924 total_buf_space, &vrp->bufs_dma,
925 GFP_KERNEL);
926 if (!bufs_va) {
927 err = -ENOMEM;
928 goto vqs_del;
931 dev_dbg(&vdev->dev, "buffers: va %p, dma %pad\n",
932 bufs_va, &vrp->bufs_dma);
934 /* half of the buffers is dedicated for RX */
935 vrp->rbufs = bufs_va;
937 /* and half is dedicated for TX */
938 vrp->sbufs = bufs_va + total_buf_space / 2;
940 /* set up the receive buffers */
941 for (i = 0; i < vrp->num_bufs / 2; i++) {
942 struct scatterlist sg;
943 void *cpu_addr = vrp->rbufs + i * vrp->buf_size;
945 rpmsg_sg_init(&sg, cpu_addr, vrp->buf_size);
947 err = virtqueue_add_inbuf(vrp->rvq, &sg, 1, cpu_addr,
948 GFP_KERNEL);
949 WARN_ON(err); /* sanity check; this can't really happen */
952 /* suppress "tx-complete" interrupts */
953 virtqueue_disable_cb(vrp->svq);
955 vdev->priv = vrp;
957 /* if supported by the remote processor, enable the name service */
958 if (virtio_has_feature(vdev, VIRTIO_RPMSG_F_NS)) {
959 /* a dedicated endpoint handles the name service msgs */
960 vrp->ns_ept = __rpmsg_create_ept(vrp, NULL, rpmsg_ns_cb,
961 vrp, RPMSG_NS_ADDR);
962 if (!vrp->ns_ept) {
963 dev_err(&vdev->dev, "failed to create the ns ept\n");
964 err = -ENOMEM;
965 goto free_coherent;
970 * Prepare to kick but don't notify yet - we can't do this before
971 * device is ready.
973 notify = virtqueue_kick_prepare(vrp->rvq);
975 /* From this point on, we can notify and get callbacks. */
976 virtio_device_ready(vdev);
978 /* tell the remote processor it can start sending messages */
980 * this might be concurrent with callbacks, but we are only
981 * doing notify, not a full kick here, so that's ok.
983 if (notify)
984 virtqueue_notify(vrp->rvq);
986 dev_info(&vdev->dev, "rpmsg host is online\n");
988 return 0;
990 free_coherent:
991 dma_free_coherent(vdev->dev.parent->parent, total_buf_space,
992 bufs_va, vrp->bufs_dma);
993 vqs_del:
994 vdev->config->del_vqs(vrp->vdev);
995 free_vrp:
996 kfree(vrp);
997 return err;
1000 static int rpmsg_remove_device(struct device *dev, void *data)
1002 device_unregister(dev);
1004 return 0;
1007 static void rpmsg_remove(struct virtio_device *vdev)
1009 struct virtproc_info *vrp = vdev->priv;
1010 size_t total_buf_space = vrp->num_bufs * vrp->buf_size;
1011 int ret;
1013 vdev->config->reset(vdev);
1015 ret = device_for_each_child(&vdev->dev, NULL, rpmsg_remove_device);
1016 if (ret)
1017 dev_warn(&vdev->dev, "can't remove rpmsg device: %d\n", ret);
1019 if (vrp->ns_ept)
1020 __rpmsg_destroy_ept(vrp, vrp->ns_ept);
1022 idr_destroy(&vrp->endpoints);
1024 vdev->config->del_vqs(vrp->vdev);
1026 dma_free_coherent(vdev->dev.parent->parent, total_buf_space,
1027 vrp->rbufs, vrp->bufs_dma);
1029 kfree(vrp);
1032 static struct virtio_device_id id_table[] = {
1033 { VIRTIO_ID_RPMSG, VIRTIO_DEV_ANY_ID },
1034 { 0 },
1037 static unsigned int features[] = {
1038 VIRTIO_RPMSG_F_NS,
1041 static struct virtio_driver virtio_ipc_driver = {
1042 .feature_table = features,
1043 .feature_table_size = ARRAY_SIZE(features),
1044 .driver.name = KBUILD_MODNAME,
1045 .driver.owner = THIS_MODULE,
1046 .id_table = id_table,
1047 .probe = rpmsg_probe,
1048 .remove = rpmsg_remove,
1051 static int __init rpmsg_init(void)
1053 int ret;
1055 ret = register_virtio_driver(&virtio_ipc_driver);
1056 if (ret)
1057 pr_err("failed to register virtio driver: %d\n", ret);
1059 return ret;
1061 subsys_initcall(rpmsg_init);
1063 static void __exit rpmsg_fini(void)
1065 unregister_virtio_driver(&virtio_ipc_driver);
1067 module_exit(rpmsg_fini);
1069 MODULE_DEVICE_TABLE(virtio, id_table);
1070 MODULE_DESCRIPTION("Virtio-based remote processor messaging bus");
1071 MODULE_LICENSE("GPL v2");