1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * cec-adap.c - HDMI Consumer Electronics Control framework - CEC adapter 4 * 5 * Copyright 2016 Cisco Systems, Inc. and/or its affiliates. All rights reserved. 6 */ 7 8 #include <linux/errno.h> 9 #include <linux/init.h> 10 #include <linux/module.h> 11 #include <linux/kernel.h> 12 #include <linux/kmod.h> 13 #include <linux/ktime.h> 14 #include <linux/slab.h> 15 #include <linux/mm.h> 16 #include <linux/string.h> 17 #include <linux/types.h> 18 19 #include <drm/drm_connector.h> 20 #include <drm/drm_device.h> 21 #include <drm/drm_edid.h> 22 #include <drm/drm_file.h> 23 24 #include "cec-priv.h" 25 26 static void cec_fill_msg_report_features(struct cec_adapter *adap, 27 struct cec_msg *msg, 28 unsigned int la_idx); 29 30 /* 31 * 400 ms is the time it takes for one 16 byte message to be 32 * transferred and 5 is the maximum number of retries. Add 33 * another 100 ms as a margin. So if the transmit doesn't 34 * finish before that time something is really wrong and we 35 * have to time out. 36 * 37 * This is a sign that something it really wrong and a warning 38 * will be issued. 39 */ 40 #define CEC_XFER_TIMEOUT_MS (5 * 400 + 100) 41 42 #define call_op(adap, op, arg...) \ 43 (adap->ops->op ? adap->ops->op(adap, ## arg) : 0) 44 45 #define call_void_op(adap, op, arg...) \ 46 do { \ 47 if (adap->ops->op) \ 48 adap->ops->op(adap, ## arg); \ 49 } while (0) 50 51 static int cec_log_addr2idx(const struct cec_adapter *adap, u8 log_addr) 52 { 53 int i; 54 55 for (i = 0; i < adap->log_addrs.num_log_addrs; i++) 56 if (adap->log_addrs.log_addr[i] == log_addr) 57 return i; 58 return -1; 59 } 60 61 static unsigned int cec_log_addr2dev(const struct cec_adapter *adap, u8 log_addr) 62 { 63 int i = cec_log_addr2idx(adap, log_addr); 64 65 return adap->log_addrs.primary_device_type[i < 0 ? 0 : i]; 66 } 67 68 u16 cec_get_edid_phys_addr(const u8 *edid, unsigned int size, 69 unsigned int *offset) 70 { 71 unsigned int loc = cec_get_edid_spa_location(edid, size); 72 73 if (offset) 74 *offset = loc; 75 if (loc == 0) 76 return CEC_PHYS_ADDR_INVALID; 77 return (edid[loc] << 8) | edid[loc + 1]; 78 } 79 EXPORT_SYMBOL_GPL(cec_get_edid_phys_addr); 80 81 void cec_fill_conn_info_from_drm(struct cec_connector_info *conn_info, 82 const struct drm_connector *connector) 83 { 84 memset(conn_info, 0, sizeof(*conn_info)); 85 conn_info->type = CEC_CONNECTOR_TYPE_DRM; 86 conn_info->drm.card_no = connector->dev->primary->index; 87 conn_info->drm.connector_id = connector->base.id; 88 } 89 EXPORT_SYMBOL_GPL(cec_fill_conn_info_from_drm); 90 91 /* 92 * Queue a new event for this filehandle. If ts == 0, then set it 93 * to the current time. 94 * 95 * We keep a queue of at most max_event events where max_event differs 96 * per event. If the queue becomes full, then drop the oldest event and 97 * keep track of how many events we've dropped. 98 */ 99 void cec_queue_event_fh(struct cec_fh *fh, 100 const struct cec_event *new_ev, u64 ts) 101 { 102 static const u16 max_events[CEC_NUM_EVENTS] = { 103 1, 1, 800, 800, 8, 8, 8, 8 104 }; 105 struct cec_event_entry *entry; 106 unsigned int ev_idx = new_ev->event - 1; 107 108 if (WARN_ON(ev_idx >= ARRAY_SIZE(fh->events))) 109 return; 110 111 if (ts == 0) 112 ts = ktime_get_ns(); 113 114 mutex_lock(&fh->lock); 115 if (ev_idx < CEC_NUM_CORE_EVENTS) 116 entry = &fh->core_events[ev_idx]; 117 else 118 entry = kmalloc(sizeof(*entry), GFP_KERNEL); 119 if (entry) { 120 if (new_ev->event == CEC_EVENT_LOST_MSGS && 121 fh->queued_events[ev_idx]) { 122 entry->ev.lost_msgs.lost_msgs += 123 new_ev->lost_msgs.lost_msgs; 124 goto unlock; 125 } 126 entry->ev = *new_ev; 127 entry->ev.ts = ts; 128 129 if (fh->queued_events[ev_idx] < max_events[ev_idx]) { 130 /* Add new msg at the end of the queue */ 131 list_add_tail(&entry->list, &fh->events[ev_idx]); 132 fh->queued_events[ev_idx]++; 133 fh->total_queued_events++; 134 goto unlock; 135 } 136 137 if (ev_idx >= CEC_NUM_CORE_EVENTS) { 138 list_add_tail(&entry->list, &fh->events[ev_idx]); 139 /* drop the oldest event */ 140 entry = list_first_entry(&fh->events[ev_idx], 141 struct cec_event_entry, list); 142 list_del(&entry->list); 143 kfree(entry); 144 } 145 } 146 /* Mark that events were lost */ 147 entry = list_first_entry_or_null(&fh->events[ev_idx], 148 struct cec_event_entry, list); 149 if (entry) 150 entry->ev.flags |= CEC_EVENT_FL_DROPPED_EVENTS; 151 152 unlock: 153 mutex_unlock(&fh->lock); 154 wake_up_interruptible(&fh->wait); 155 } 156 157 /* Queue a new event for all open filehandles. */ 158 static void cec_queue_event(struct cec_adapter *adap, 159 const struct cec_event *ev) 160 { 161 u64 ts = ktime_get_ns(); 162 struct cec_fh *fh; 163 164 mutex_lock(&adap->devnode.lock); 165 list_for_each_entry(fh, &adap->devnode.fhs, list) 166 cec_queue_event_fh(fh, ev, ts); 167 mutex_unlock(&adap->devnode.lock); 168 } 169 170 /* Notify userspace that the CEC pin changed state at the given time. */ 171 void cec_queue_pin_cec_event(struct cec_adapter *adap, bool is_high, 172 bool dropped_events, ktime_t ts) 173 { 174 struct cec_event ev = { 175 .event = is_high ? CEC_EVENT_PIN_CEC_HIGH : 176 CEC_EVENT_PIN_CEC_LOW, 177 .flags = dropped_events ? CEC_EVENT_FL_DROPPED_EVENTS : 0, 178 }; 179 struct cec_fh *fh; 180 181 mutex_lock(&adap->devnode.lock); 182 list_for_each_entry(fh, &adap->devnode.fhs, list) 183 if (fh->mode_follower == CEC_MODE_MONITOR_PIN) 184 cec_queue_event_fh(fh, &ev, ktime_to_ns(ts)); 185 mutex_unlock(&adap->devnode.lock); 186 } 187 EXPORT_SYMBOL_GPL(cec_queue_pin_cec_event); 188 189 /* Notify userspace that the HPD pin changed state at the given time. */ 190 void cec_queue_pin_hpd_event(struct cec_adapter *adap, bool is_high, ktime_t ts) 191 { 192 struct cec_event ev = { 193 .event = is_high ? CEC_EVENT_PIN_HPD_HIGH : 194 CEC_EVENT_PIN_HPD_LOW, 195 }; 196 struct cec_fh *fh; 197 198 mutex_lock(&adap->devnode.lock); 199 list_for_each_entry(fh, &adap->devnode.fhs, list) 200 cec_queue_event_fh(fh, &ev, ktime_to_ns(ts)); 201 mutex_unlock(&adap->devnode.lock); 202 } 203 EXPORT_SYMBOL_GPL(cec_queue_pin_hpd_event); 204 205 /* Notify userspace that the 5V pin changed state at the given time. */ 206 void cec_queue_pin_5v_event(struct cec_adapter *adap, bool is_high, ktime_t ts) 207 { 208 struct cec_event ev = { 209 .event = is_high ? CEC_EVENT_PIN_5V_HIGH : 210 CEC_EVENT_PIN_5V_LOW, 211 }; 212 struct cec_fh *fh; 213 214 mutex_lock(&adap->devnode.lock); 215 list_for_each_entry(fh, &adap->devnode.fhs, list) 216 cec_queue_event_fh(fh, &ev, ktime_to_ns(ts)); 217 mutex_unlock(&adap->devnode.lock); 218 } 219 EXPORT_SYMBOL_GPL(cec_queue_pin_5v_event); 220 221 /* 222 * Queue a new message for this filehandle. 223 * 224 * We keep a queue of at most CEC_MAX_MSG_RX_QUEUE_SZ messages. If the 225 * queue becomes full, then drop the oldest message and keep track 226 * of how many messages we've dropped. 227 */ 228 static void cec_queue_msg_fh(struct cec_fh *fh, const struct cec_msg *msg) 229 { 230 static const struct cec_event ev_lost_msgs = { 231 .event = CEC_EVENT_LOST_MSGS, 232 .flags = 0, 233 { 234 .lost_msgs = { 1 }, 235 }, 236 }; 237 struct cec_msg_entry *entry; 238 239 mutex_lock(&fh->lock); 240 entry = kmalloc(sizeof(*entry), GFP_KERNEL); 241 if (entry) { 242 entry->msg = *msg; 243 /* Add new msg at the end of the queue */ 244 list_add_tail(&entry->list, &fh->msgs); 245 246 if (fh->queued_msgs < CEC_MAX_MSG_RX_QUEUE_SZ) { 247 /* All is fine if there is enough room */ 248 fh->queued_msgs++; 249 mutex_unlock(&fh->lock); 250 wake_up_interruptible(&fh->wait); 251 return; 252 } 253 254 /* 255 * if the message queue is full, then drop the oldest one and 256 * send a lost message event. 257 */ 258 entry = list_first_entry(&fh->msgs, struct cec_msg_entry, list); 259 list_del(&entry->list); 260 kfree(entry); 261 } 262 mutex_unlock(&fh->lock); 263 264 /* 265 * We lost a message, either because kmalloc failed or the queue 266 * was full. 267 */ 268 cec_queue_event_fh(fh, &ev_lost_msgs, ktime_get_ns()); 269 } 270 271 /* 272 * Queue the message for those filehandles that are in monitor mode. 273 * If valid_la is true (this message is for us or was sent by us), 274 * then pass it on to any monitoring filehandle. If this message 275 * isn't for us or from us, then only give it to filehandles that 276 * are in MONITOR_ALL mode. 277 * 278 * This can only happen if the CEC_CAP_MONITOR_ALL capability is 279 * set and the CEC adapter was placed in 'monitor all' mode. 280 */ 281 static void cec_queue_msg_monitor(struct cec_adapter *adap, 282 const struct cec_msg *msg, 283 bool valid_la) 284 { 285 struct cec_fh *fh; 286 u32 monitor_mode = valid_la ? CEC_MODE_MONITOR : 287 CEC_MODE_MONITOR_ALL; 288 289 mutex_lock(&adap->devnode.lock); 290 list_for_each_entry(fh, &adap->devnode.fhs, list) { 291 if (fh->mode_follower >= monitor_mode) 292 cec_queue_msg_fh(fh, msg); 293 } 294 mutex_unlock(&adap->devnode.lock); 295 } 296 297 /* 298 * Queue the message for follower filehandles. 299 */ 300 static void cec_queue_msg_followers(struct cec_adapter *adap, 301 const struct cec_msg *msg) 302 { 303 struct cec_fh *fh; 304 305 mutex_lock(&adap->devnode.lock); 306 list_for_each_entry(fh, &adap->devnode.fhs, list) { 307 if (fh->mode_follower == CEC_MODE_FOLLOWER) 308 cec_queue_msg_fh(fh, msg); 309 } 310 mutex_unlock(&adap->devnode.lock); 311 } 312 313 /* Notify userspace of an adapter state change. */ 314 static void cec_post_state_event(struct cec_adapter *adap) 315 { 316 struct cec_event ev = { 317 .event = CEC_EVENT_STATE_CHANGE, 318 }; 319 320 ev.state_change.phys_addr = adap->phys_addr; 321 ev.state_change.log_addr_mask = adap->log_addrs.log_addr_mask; 322 ev.state_change.have_conn_info = 323 adap->conn_info.type != CEC_CONNECTOR_TYPE_NO_CONNECTOR; 324 cec_queue_event(adap, &ev); 325 } 326 327 /* 328 * A CEC transmit (and a possible wait for reply) completed. 329 * If this was in blocking mode, then complete it, otherwise 330 * queue the message for userspace to dequeue later. 331 * 332 * This function is called with adap->lock held. 333 */ 334 static void cec_data_completed(struct cec_data *data) 335 { 336 /* 337 * Delete this transmit from the filehandle's xfer_list since 338 * we're done with it. 339 * 340 * Note that if the filehandle is closed before this transmit 341 * finished, then the release() function will set data->fh to NULL. 342 * Without that we would be referring to a closed filehandle. 343 */ 344 if (data->fh) 345 list_del(&data->xfer_list); 346 347 if (data->blocking) { 348 /* 349 * Someone is blocking so mark the message as completed 350 * and call complete. 351 */ 352 data->completed = true; 353 complete(&data->c); 354 } else { 355 /* 356 * No blocking, so just queue the message if needed and 357 * free the memory. 358 */ 359 if (data->fh) 360 cec_queue_msg_fh(data->fh, &data->msg); 361 kfree(data); 362 } 363 } 364 365 /* 366 * A pending CEC transmit needs to be cancelled, either because the CEC 367 * adapter is disabled or the transmit takes an impossibly long time to 368 * finish. 369 * 370 * This function is called with adap->lock held. 371 */ 372 static void cec_data_cancel(struct cec_data *data, u8 tx_status) 373 { 374 /* 375 * It's either the current transmit, or it is a pending 376 * transmit. Take the appropriate action to clear it. 377 */ 378 if (data->adap->transmitting == data) { 379 data->adap->transmitting = NULL; 380 } else { 381 list_del_init(&data->list); 382 if (!(data->msg.tx_status & CEC_TX_STATUS_OK)) 383 if (!WARN_ON(!data->adap->transmit_queue_sz)) 384 data->adap->transmit_queue_sz--; 385 } 386 387 if (data->msg.tx_status & CEC_TX_STATUS_OK) { 388 data->msg.rx_ts = ktime_get_ns(); 389 data->msg.rx_status = CEC_RX_STATUS_ABORTED; 390 } else { 391 data->msg.tx_ts = ktime_get_ns(); 392 data->msg.tx_status |= tx_status | 393 CEC_TX_STATUS_MAX_RETRIES; 394 data->msg.tx_error_cnt++; 395 data->attempts = 0; 396 } 397 398 /* Queue transmitted message for monitoring purposes */ 399 cec_queue_msg_monitor(data->adap, &data->msg, 1); 400 401 cec_data_completed(data); 402 } 403 404 /* 405 * Flush all pending transmits and cancel any pending timeout work. 406 * 407 * This function is called with adap->lock held. 408 */ 409 static void cec_flush(struct cec_adapter *adap) 410 { 411 struct cec_data *data, *n; 412 413 /* 414 * If the adapter is disabled, or we're asked to stop, 415 * then cancel any pending transmits. 416 */ 417 while (!list_empty(&adap->transmit_queue)) { 418 data = list_first_entry(&adap->transmit_queue, 419 struct cec_data, list); 420 cec_data_cancel(data, CEC_TX_STATUS_ABORTED); 421 } 422 if (adap->transmitting) 423 cec_data_cancel(adap->transmitting, CEC_TX_STATUS_ABORTED); 424 425 /* Cancel the pending timeout work. */ 426 list_for_each_entry_safe(data, n, &adap->wait_queue, list) { 427 if (cancel_delayed_work(&data->work)) 428 cec_data_cancel(data, CEC_TX_STATUS_OK); 429 /* 430 * If cancel_delayed_work returned false, then 431 * the cec_wait_timeout function is running, 432 * which will call cec_data_completed. So no 433 * need to do anything special in that case. 434 */ 435 } 436 /* 437 * If something went wrong and this counter isn't what it should 438 * be, then this will reset it back to 0. Warn if it is not 0, 439 * since it indicates a bug, either in this framework or in a 440 * CEC driver. 441 */ 442 if (WARN_ON(adap->transmit_queue_sz)) 443 adap->transmit_queue_sz = 0; 444 } 445 446 /* 447 * Main CEC state machine 448 * 449 * Wait until the thread should be stopped, or we are not transmitting and 450 * a new transmit message is queued up, in which case we start transmitting 451 * that message. When the adapter finished transmitting the message it will 452 * call cec_transmit_done(). 453 * 454 * If the adapter is disabled, then remove all queued messages instead. 455 * 456 * If the current transmit times out, then cancel that transmit. 457 */ 458 int cec_thread_func(void *_adap) 459 { 460 struct cec_adapter *adap = _adap; 461 462 for (;;) { 463 unsigned int signal_free_time; 464 struct cec_data *data; 465 bool timeout = false; 466 u8 attempts; 467 468 if (adap->transmit_in_progress) { 469 int err; 470 471 /* 472 * We are transmitting a message, so add a timeout 473 * to prevent the state machine to get stuck waiting 474 * for this message to finalize and add a check to 475 * see if the adapter is disabled in which case the 476 * transmit should be canceled. 477 */ 478 err = wait_event_interruptible_timeout(adap->kthread_waitq, 479 (adap->needs_hpd && 480 (!adap->is_configured && !adap->is_configuring)) || 481 kthread_should_stop() || 482 (!adap->transmit_in_progress && 483 !list_empty(&adap->transmit_queue)), 484 msecs_to_jiffies(CEC_XFER_TIMEOUT_MS)); 485 timeout = err == 0; 486 } else { 487 /* Otherwise we just wait for something to happen. */ 488 wait_event_interruptible(adap->kthread_waitq, 489 kthread_should_stop() || 490 (!adap->transmit_in_progress && 491 !list_empty(&adap->transmit_queue))); 492 } 493 494 mutex_lock(&adap->lock); 495 496 if ((adap->needs_hpd && 497 (!adap->is_configured && !adap->is_configuring)) || 498 kthread_should_stop()) { 499 cec_flush(adap); 500 goto unlock; 501 } 502 503 if (adap->transmit_in_progress && timeout) { 504 /* 505 * If we timeout, then log that. Normally this does 506 * not happen and it is an indication of a faulty CEC 507 * adapter driver, or the CEC bus is in some weird 508 * state. On rare occasions it can happen if there is 509 * so much traffic on the bus that the adapter was 510 * unable to transmit for CEC_XFER_TIMEOUT_MS (2.1s). 511 */ 512 if (adap->transmitting) { 513 pr_warn("cec-%s: message %*ph timed out\n", adap->name, 514 adap->transmitting->msg.len, 515 adap->transmitting->msg.msg); 516 /* Just give up on this. */ 517 cec_data_cancel(adap->transmitting, 518 CEC_TX_STATUS_TIMEOUT); 519 } else { 520 pr_warn("cec-%s: transmit timed out\n", adap->name); 521 } 522 adap->transmit_in_progress = false; 523 adap->tx_timeouts++; 524 goto unlock; 525 } 526 527 /* 528 * If we are still transmitting, or there is nothing new to 529 * transmit, then just continue waiting. 530 */ 531 if (adap->transmit_in_progress || list_empty(&adap->transmit_queue)) 532 goto unlock; 533 534 /* Get a new message to transmit */ 535 data = list_first_entry(&adap->transmit_queue, 536 struct cec_data, list); 537 list_del_init(&data->list); 538 if (!WARN_ON(!data->adap->transmit_queue_sz)) 539 adap->transmit_queue_sz--; 540 541 /* Make this the current transmitting message */ 542 adap->transmitting = data; 543 544 /* 545 * Suggested number of attempts as per the CEC 2.0 spec: 546 * 4 attempts is the default, except for 'secondary poll 547 * messages', i.e. poll messages not sent during the adapter 548 * configuration phase when it allocates logical addresses. 549 */ 550 if (data->msg.len == 1 && adap->is_configured) 551 attempts = 2; 552 else 553 attempts = 4; 554 555 /* Set the suggested signal free time */ 556 if (data->attempts) { 557 /* should be >= 3 data bit periods for a retry */ 558 signal_free_time = CEC_SIGNAL_FREE_TIME_RETRY; 559 } else if (adap->last_initiator != 560 cec_msg_initiator(&data->msg)) { 561 /* should be >= 5 data bit periods for new initiator */ 562 signal_free_time = CEC_SIGNAL_FREE_TIME_NEW_INITIATOR; 563 adap->last_initiator = cec_msg_initiator(&data->msg); 564 } else { 565 /* 566 * should be >= 7 data bit periods for sending another 567 * frame immediately after another. 568 */ 569 signal_free_time = CEC_SIGNAL_FREE_TIME_NEXT_XFER; 570 } 571 if (data->attempts == 0) 572 data->attempts = attempts; 573 574 /* Tell the adapter to transmit, cancel on error */ 575 if (adap->ops->adap_transmit(adap, data->attempts, 576 signal_free_time, &data->msg)) 577 cec_data_cancel(data, CEC_TX_STATUS_ABORTED); 578 else 579 adap->transmit_in_progress = true; 580 581 unlock: 582 mutex_unlock(&adap->lock); 583 584 if (kthread_should_stop()) 585 break; 586 } 587 return 0; 588 } 589 590 /* 591 * Called by the CEC adapter if a transmit finished. 592 */ 593 void cec_transmit_done_ts(struct cec_adapter *adap, u8 status, 594 u8 arb_lost_cnt, u8 nack_cnt, u8 low_drive_cnt, 595 u8 error_cnt, ktime_t ts) 596 { 597 struct cec_data *data; 598 struct cec_msg *msg; 599 unsigned int attempts_made = arb_lost_cnt + nack_cnt + 600 low_drive_cnt + error_cnt; 601 602 dprintk(2, "%s: status 0x%02x\n", __func__, status); 603 if (attempts_made < 1) 604 attempts_made = 1; 605 606 mutex_lock(&adap->lock); 607 data = adap->transmitting; 608 if (!data) { 609 /* 610 * This might happen if a transmit was issued and the cable is 611 * unplugged while the transmit is ongoing. Ignore this 612 * transmit in that case. 613 */ 614 if (!adap->transmit_in_progress) 615 dprintk(1, "%s was called without an ongoing transmit!\n", 616 __func__); 617 adap->transmit_in_progress = false; 618 goto wake_thread; 619 } 620 adap->transmit_in_progress = false; 621 622 msg = &data->msg; 623 624 /* Drivers must fill in the status! */ 625 WARN_ON(status == 0); 626 msg->tx_ts = ktime_to_ns(ts); 627 msg->tx_status |= status; 628 msg->tx_arb_lost_cnt += arb_lost_cnt; 629 msg->tx_nack_cnt += nack_cnt; 630 msg->tx_low_drive_cnt += low_drive_cnt; 631 msg->tx_error_cnt += error_cnt; 632 633 /* Mark that we're done with this transmit */ 634 adap->transmitting = NULL; 635 636 /* 637 * If there are still retry attempts left and there was an error and 638 * the hardware didn't signal that it retried itself (by setting 639 * CEC_TX_STATUS_MAX_RETRIES), then we will retry ourselves. 640 */ 641 if (data->attempts > attempts_made && 642 !(status & (CEC_TX_STATUS_MAX_RETRIES | CEC_TX_STATUS_OK))) { 643 /* Retry this message */ 644 data->attempts -= attempts_made; 645 if (msg->timeout) 646 dprintk(2, "retransmit: %*ph (attempts: %d, wait for 0x%02x)\n", 647 msg->len, msg->msg, data->attempts, msg->reply); 648 else 649 dprintk(2, "retransmit: %*ph (attempts: %d)\n", 650 msg->len, msg->msg, data->attempts); 651 /* Add the message in front of the transmit queue */ 652 list_add(&data->list, &adap->transmit_queue); 653 adap->transmit_queue_sz++; 654 goto wake_thread; 655 } 656 657 data->attempts = 0; 658 659 /* Always set CEC_TX_STATUS_MAX_RETRIES on error */ 660 if (!(status & CEC_TX_STATUS_OK)) 661 msg->tx_status |= CEC_TX_STATUS_MAX_RETRIES; 662 663 /* Queue transmitted message for monitoring purposes */ 664 cec_queue_msg_monitor(adap, msg, 1); 665 666 if ((status & CEC_TX_STATUS_OK) && adap->is_configured && 667 msg->timeout) { 668 /* 669 * Queue the message into the wait queue if we want to wait 670 * for a reply. 671 */ 672 list_add_tail(&data->list, &adap->wait_queue); 673 schedule_delayed_work(&data->work, 674 msecs_to_jiffies(msg->timeout)); 675 } else { 676 /* Otherwise we're done */ 677 cec_data_completed(data); 678 } 679 680 wake_thread: 681 /* 682 * Wake up the main thread to see if another message is ready 683 * for transmitting or to retry the current message. 684 */ 685 wake_up_interruptible(&adap->kthread_waitq); 686 mutex_unlock(&adap->lock); 687 } 688 EXPORT_SYMBOL_GPL(cec_transmit_done_ts); 689 690 void cec_transmit_attempt_done_ts(struct cec_adapter *adap, 691 u8 status, ktime_t ts) 692 { 693 switch (status & ~CEC_TX_STATUS_MAX_RETRIES) { 694 case CEC_TX_STATUS_OK: 695 cec_transmit_done_ts(adap, status, 0, 0, 0, 0, ts); 696 return; 697 case CEC_TX_STATUS_ARB_LOST: 698 cec_transmit_done_ts(adap, status, 1, 0, 0, 0, ts); 699 return; 700 case CEC_TX_STATUS_NACK: 701 cec_transmit_done_ts(adap, status, 0, 1, 0, 0, ts); 702 return; 703 case CEC_TX_STATUS_LOW_DRIVE: 704 cec_transmit_done_ts(adap, status, 0, 0, 1, 0, ts); 705 return; 706 case CEC_TX_STATUS_ERROR: 707 cec_transmit_done_ts(adap, status, 0, 0, 0, 1, ts); 708 return; 709 default: 710 /* Should never happen */ 711 WARN(1, "cec-%s: invalid status 0x%02x\n", adap->name, status); 712 return; 713 } 714 } 715 EXPORT_SYMBOL_GPL(cec_transmit_attempt_done_ts); 716 717 /* 718 * Called when waiting for a reply times out. 719 */ 720 static void cec_wait_timeout(struct work_struct *work) 721 { 722 struct cec_data *data = container_of(work, struct cec_data, work.work); 723 struct cec_adapter *adap = data->adap; 724 725 mutex_lock(&adap->lock); 726 /* 727 * Sanity check in case the timeout and the arrival of the message 728 * happened at the same time. 729 */ 730 if (list_empty(&data->list)) 731 goto unlock; 732 733 /* Mark the message as timed out */ 734 list_del_init(&data->list); 735 data->msg.rx_ts = ktime_get_ns(); 736 data->msg.rx_status = CEC_RX_STATUS_TIMEOUT; 737 cec_data_completed(data); 738 unlock: 739 mutex_unlock(&adap->lock); 740 } 741 742 /* 743 * Transmit a message. The fh argument may be NULL if the transmit is not 744 * associated with a specific filehandle. 745 * 746 * This function is called with adap->lock held. 747 */ 748 int cec_transmit_msg_fh(struct cec_adapter *adap, struct cec_msg *msg, 749 struct cec_fh *fh, bool block) 750 { 751 struct cec_data *data; 752 bool is_raw = msg_is_raw(msg); 753 754 if (adap->devnode.unregistered) 755 return -ENODEV; 756 757 msg->rx_ts = 0; 758 msg->tx_ts = 0; 759 msg->rx_status = 0; 760 msg->tx_status = 0; 761 msg->tx_arb_lost_cnt = 0; 762 msg->tx_nack_cnt = 0; 763 msg->tx_low_drive_cnt = 0; 764 msg->tx_error_cnt = 0; 765 msg->sequence = 0; 766 767 if (msg->reply && msg->timeout == 0) { 768 /* Make sure the timeout isn't 0. */ 769 msg->timeout = 1000; 770 } 771 msg->flags &= CEC_MSG_FL_REPLY_TO_FOLLOWERS | CEC_MSG_FL_RAW; 772 773 if (!msg->timeout) 774 msg->flags &= ~CEC_MSG_FL_REPLY_TO_FOLLOWERS; 775 776 /* Sanity checks */ 777 if (msg->len == 0 || msg->len > CEC_MAX_MSG_SIZE) { 778 dprintk(1, "%s: invalid length %d\n", __func__, msg->len); 779 return -EINVAL; 780 } 781 782 memset(msg->msg + msg->len, 0, sizeof(msg->msg) - msg->len); 783 784 if (msg->timeout) 785 dprintk(2, "%s: %*ph (wait for 0x%02x%s)\n", 786 __func__, msg->len, msg->msg, msg->reply, 787 !block ? ", nb" : ""); 788 else 789 dprintk(2, "%s: %*ph%s\n", 790 __func__, msg->len, msg->msg, !block ? " (nb)" : ""); 791 792 if (msg->timeout && msg->len == 1) { 793 dprintk(1, "%s: can't reply to poll msg\n", __func__); 794 return -EINVAL; 795 } 796 797 if (is_raw) { 798 if (!capable(CAP_SYS_RAWIO)) 799 return -EPERM; 800 } else { 801 /* A CDC-Only device can only send CDC messages */ 802 if ((adap->log_addrs.flags & CEC_LOG_ADDRS_FL_CDC_ONLY) && 803 (msg->len == 1 || msg->msg[1] != CEC_MSG_CDC_MESSAGE)) { 804 dprintk(1, "%s: not a CDC message\n", __func__); 805 return -EINVAL; 806 } 807 808 if (msg->len >= 4 && msg->msg[1] == CEC_MSG_CDC_MESSAGE) { 809 msg->msg[2] = adap->phys_addr >> 8; 810 msg->msg[3] = adap->phys_addr & 0xff; 811 } 812 813 if (msg->len == 1) { 814 if (cec_msg_destination(msg) == 0xf) { 815 dprintk(1, "%s: invalid poll message\n", 816 __func__); 817 return -EINVAL; 818 } 819 if (cec_has_log_addr(adap, cec_msg_destination(msg))) { 820 /* 821 * If the destination is a logical address our 822 * adapter has already claimed, then just NACK 823 * this. It depends on the hardware what it will 824 * do with a POLL to itself (some OK this), so 825 * it is just as easy to handle it here so the 826 * behavior will be consistent. 827 */ 828 msg->tx_ts = ktime_get_ns(); 829 msg->tx_status = CEC_TX_STATUS_NACK | 830 CEC_TX_STATUS_MAX_RETRIES; 831 msg->tx_nack_cnt = 1; 832 msg->sequence = ++adap->sequence; 833 if (!msg->sequence) 834 msg->sequence = ++adap->sequence; 835 return 0; 836 } 837 } 838 if (msg->len > 1 && !cec_msg_is_broadcast(msg) && 839 cec_has_log_addr(adap, cec_msg_destination(msg))) { 840 dprintk(1, "%s: destination is the adapter itself\n", 841 __func__); 842 return -EINVAL; 843 } 844 if (msg->len > 1 && adap->is_configured && 845 !cec_has_log_addr(adap, cec_msg_initiator(msg))) { 846 dprintk(1, "%s: initiator has unknown logical address %d\n", 847 __func__, cec_msg_initiator(msg)); 848 return -EINVAL; 849 } 850 /* 851 * Special case: allow Ping and IMAGE/TEXT_VIEW_ON to be 852 * transmitted to a TV, even if the adapter is unconfigured. 853 * This makes it possible to detect or wake up displays that 854 * pull down the HPD when in standby. 855 */ 856 if (!adap->is_configured && !adap->is_configuring && 857 (msg->len > 2 || 858 cec_msg_destination(msg) != CEC_LOG_ADDR_TV || 859 (msg->len == 2 && msg->msg[1] != CEC_MSG_IMAGE_VIEW_ON && 860 msg->msg[1] != CEC_MSG_TEXT_VIEW_ON))) { 861 dprintk(1, "%s: adapter is unconfigured\n", __func__); 862 return -ENONET; 863 } 864 } 865 866 if (!adap->is_configured && !adap->is_configuring) { 867 if (adap->needs_hpd) { 868 dprintk(1, "%s: adapter is unconfigured and needs HPD\n", 869 __func__); 870 return -ENONET; 871 } 872 if (msg->reply) { 873 dprintk(1, "%s: invalid msg->reply\n", __func__); 874 return -EINVAL; 875 } 876 } 877 878 if (adap->transmit_queue_sz >= CEC_MAX_MSG_TX_QUEUE_SZ) { 879 dprintk(2, "%s: transmit queue full\n", __func__); 880 return -EBUSY; 881 } 882 883 data = kzalloc(sizeof(*data), GFP_KERNEL); 884 if (!data) 885 return -ENOMEM; 886 887 msg->sequence = ++adap->sequence; 888 if (!msg->sequence) 889 msg->sequence = ++adap->sequence; 890 891 data->msg = *msg; 892 data->fh = fh; 893 data->adap = adap; 894 data->blocking = block; 895 896 init_completion(&data->c); 897 INIT_DELAYED_WORK(&data->work, cec_wait_timeout); 898 899 if (fh) 900 list_add_tail(&data->xfer_list, &fh->xfer_list); 901 902 list_add_tail(&data->list, &adap->transmit_queue); 903 adap->transmit_queue_sz++; 904 if (!adap->transmitting) 905 wake_up_interruptible(&adap->kthread_waitq); 906 907 /* All done if we don't need to block waiting for completion */ 908 if (!block) 909 return 0; 910 911 /* 912 * Release the lock and wait, retake the lock afterwards. 913 */ 914 mutex_unlock(&adap->lock); 915 wait_for_completion_killable(&data->c); 916 if (!data->completed) 917 cancel_delayed_work_sync(&data->work); 918 mutex_lock(&adap->lock); 919 920 /* Cancel the transmit if it was interrupted */ 921 if (!data->completed) 922 cec_data_cancel(data, CEC_TX_STATUS_ABORTED); 923 924 /* The transmit completed (possibly with an error) */ 925 *msg = data->msg; 926 kfree(data); 927 return 0; 928 } 929 930 /* Helper function to be used by drivers and this framework. */ 931 int cec_transmit_msg(struct cec_adapter *adap, struct cec_msg *msg, 932 bool block) 933 { 934 int ret; 935 936 mutex_lock(&adap->lock); 937 ret = cec_transmit_msg_fh(adap, msg, NULL, block); 938 mutex_unlock(&adap->lock); 939 return ret; 940 } 941 EXPORT_SYMBOL_GPL(cec_transmit_msg); 942 943 /* 944 * I don't like forward references but without this the low-level 945 * cec_received_msg() function would come after a bunch of high-level 946 * CEC protocol handling functions. That was very confusing. 947 */ 948 static int cec_receive_notify(struct cec_adapter *adap, struct cec_msg *msg, 949 bool is_reply); 950 951 #define DIRECTED 0x80 952 #define BCAST1_4 0x40 953 #define BCAST2_0 0x20 /* broadcast only allowed for >= 2.0 */ 954 #define BCAST (BCAST1_4 | BCAST2_0) 955 #define BOTH (BCAST | DIRECTED) 956 957 /* 958 * Specify minimum length and whether the message is directed, broadcast 959 * or both. Messages that do not match the criteria are ignored as per 960 * the CEC specification. 961 */ 962 static const u8 cec_msg_size[256] = { 963 [CEC_MSG_ACTIVE_SOURCE] = 4 | BCAST, 964 [CEC_MSG_IMAGE_VIEW_ON] = 2 | DIRECTED, 965 [CEC_MSG_TEXT_VIEW_ON] = 2 | DIRECTED, 966 [CEC_MSG_INACTIVE_SOURCE] = 4 | DIRECTED, 967 [CEC_MSG_REQUEST_ACTIVE_SOURCE] = 2 | BCAST, 968 [CEC_MSG_ROUTING_CHANGE] = 6 | BCAST, 969 [CEC_MSG_ROUTING_INFORMATION] = 4 | BCAST, 970 [CEC_MSG_SET_STREAM_PATH] = 4 | BCAST, 971 [CEC_MSG_STANDBY] = 2 | BOTH, 972 [CEC_MSG_RECORD_OFF] = 2 | DIRECTED, 973 [CEC_MSG_RECORD_ON] = 3 | DIRECTED, 974 [CEC_MSG_RECORD_STATUS] = 3 | DIRECTED, 975 [CEC_MSG_RECORD_TV_SCREEN] = 2 | DIRECTED, 976 [CEC_MSG_CLEAR_ANALOGUE_TIMER] = 13 | DIRECTED, 977 [CEC_MSG_CLEAR_DIGITAL_TIMER] = 16 | DIRECTED, 978 [CEC_MSG_CLEAR_EXT_TIMER] = 13 | DIRECTED, 979 [CEC_MSG_SET_ANALOGUE_TIMER] = 13 | DIRECTED, 980 [CEC_MSG_SET_DIGITAL_TIMER] = 16 | DIRECTED, 981 [CEC_MSG_SET_EXT_TIMER] = 13 | DIRECTED, 982 [CEC_MSG_SET_TIMER_PROGRAM_TITLE] = 2 | DIRECTED, 983 [CEC_MSG_TIMER_CLEARED_STATUS] = 3 | DIRECTED, 984 [CEC_MSG_TIMER_STATUS] = 3 | DIRECTED, 985 [CEC_MSG_CEC_VERSION] = 3 | DIRECTED, 986 [CEC_MSG_GET_CEC_VERSION] = 2 | DIRECTED, 987 [CEC_MSG_GIVE_PHYSICAL_ADDR] = 2 | DIRECTED, 988 [CEC_MSG_GET_MENU_LANGUAGE] = 2 | DIRECTED, 989 [CEC_MSG_REPORT_PHYSICAL_ADDR] = 5 | BCAST, 990 [CEC_MSG_SET_MENU_LANGUAGE] = 5 | BCAST, 991 [CEC_MSG_REPORT_FEATURES] = 6 | BCAST, 992 [CEC_MSG_GIVE_FEATURES] = 2 | DIRECTED, 993 [CEC_MSG_DECK_CONTROL] = 3 | DIRECTED, 994 [CEC_MSG_DECK_STATUS] = 3 | DIRECTED, 995 [CEC_MSG_GIVE_DECK_STATUS] = 3 | DIRECTED, 996 [CEC_MSG_PLAY] = 3 | DIRECTED, 997 [CEC_MSG_GIVE_TUNER_DEVICE_STATUS] = 3 | DIRECTED, 998 [CEC_MSG_SELECT_ANALOGUE_SERVICE] = 6 | DIRECTED, 999 [CEC_MSG_SELECT_DIGITAL_SERVICE] = 9 | DIRECTED, 1000 [CEC_MSG_TUNER_DEVICE_STATUS] = 7 | DIRECTED, 1001 [CEC_MSG_TUNER_STEP_DECREMENT] = 2 | DIRECTED, 1002 [CEC_MSG_TUNER_STEP_INCREMENT] = 2 | DIRECTED, 1003 [CEC_MSG_DEVICE_VENDOR_ID] = 5 | BCAST, 1004 [CEC_MSG_GIVE_DEVICE_VENDOR_ID] = 2 | DIRECTED, 1005 [CEC_MSG_VENDOR_COMMAND] = 2 | DIRECTED, 1006 [CEC_MSG_VENDOR_COMMAND_WITH_ID] = 5 | BOTH, 1007 [CEC_MSG_VENDOR_REMOTE_BUTTON_DOWN] = 2 | BOTH, 1008 [CEC_MSG_VENDOR_REMOTE_BUTTON_UP] = 2 | BOTH, 1009 [CEC_MSG_SET_OSD_STRING] = 3 | DIRECTED, 1010 [CEC_MSG_GIVE_OSD_NAME] = 2 | DIRECTED, 1011 [CEC_MSG_SET_OSD_NAME] = 2 | DIRECTED, 1012 [CEC_MSG_MENU_REQUEST] = 3 | DIRECTED, 1013 [CEC_MSG_MENU_STATUS] = 3 | DIRECTED, 1014 [CEC_MSG_USER_CONTROL_PRESSED] = 3 | DIRECTED, 1015 [CEC_MSG_USER_CONTROL_RELEASED] = 2 | DIRECTED, 1016 [CEC_MSG_GIVE_DEVICE_POWER_STATUS] = 2 | DIRECTED, 1017 [CEC_MSG_REPORT_POWER_STATUS] = 3 | DIRECTED | BCAST2_0, 1018 [CEC_MSG_FEATURE_ABORT] = 4 | DIRECTED, 1019 [CEC_MSG_ABORT] = 2 | DIRECTED, 1020 [CEC_MSG_GIVE_AUDIO_STATUS] = 2 | DIRECTED, 1021 [CEC_MSG_GIVE_SYSTEM_AUDIO_MODE_STATUS] = 2 | DIRECTED, 1022 [CEC_MSG_REPORT_AUDIO_STATUS] = 3 | DIRECTED, 1023 [CEC_MSG_REPORT_SHORT_AUDIO_DESCRIPTOR] = 2 | DIRECTED, 1024 [CEC_MSG_REQUEST_SHORT_AUDIO_DESCRIPTOR] = 2 | DIRECTED, 1025 [CEC_MSG_SET_SYSTEM_AUDIO_MODE] = 3 | BOTH, 1026 [CEC_MSG_SYSTEM_AUDIO_MODE_REQUEST] = 2 | DIRECTED, 1027 [CEC_MSG_SYSTEM_AUDIO_MODE_STATUS] = 3 | DIRECTED, 1028 [CEC_MSG_SET_AUDIO_RATE] = 3 | DIRECTED, 1029 [CEC_MSG_INITIATE_ARC] = 2 | DIRECTED, 1030 [CEC_MSG_REPORT_ARC_INITIATED] = 2 | DIRECTED, 1031 [CEC_MSG_REPORT_ARC_TERMINATED] = 2 | DIRECTED, 1032 [CEC_MSG_REQUEST_ARC_INITIATION] = 2 | DIRECTED, 1033 [CEC_MSG_REQUEST_ARC_TERMINATION] = 2 | DIRECTED, 1034 [CEC_MSG_TERMINATE_ARC] = 2 | DIRECTED, 1035 [CEC_MSG_REQUEST_CURRENT_LATENCY] = 4 | BCAST, 1036 [CEC_MSG_REPORT_CURRENT_LATENCY] = 6 | BCAST, 1037 [CEC_MSG_CDC_MESSAGE] = 2 | BCAST, 1038 }; 1039 1040 /* Called by the CEC adapter if a message is received */ 1041 void cec_received_msg_ts(struct cec_adapter *adap, 1042 struct cec_msg *msg, ktime_t ts) 1043 { 1044 struct cec_data *data; 1045 u8 msg_init = cec_msg_initiator(msg); 1046 u8 msg_dest = cec_msg_destination(msg); 1047 u8 cmd = msg->msg[1]; 1048 bool is_reply = false; 1049 bool valid_la = true; 1050 u8 min_len = 0; 1051 1052 if (WARN_ON(!msg->len || msg->len > CEC_MAX_MSG_SIZE)) 1053 return; 1054 1055 if (adap->devnode.unregistered) 1056 return; 1057 1058 /* 1059 * Some CEC adapters will receive the messages that they transmitted. 1060 * This test filters out those messages by checking if we are the 1061 * initiator, and just returning in that case. 1062 * 1063 * Note that this won't work if this is an Unregistered device. 1064 * 1065 * It is bad practice if the hardware receives the message that it 1066 * transmitted and luckily most CEC adapters behave correctly in this 1067 * respect. 1068 */ 1069 if (msg_init != CEC_LOG_ADDR_UNREGISTERED && 1070 cec_has_log_addr(adap, msg_init)) 1071 return; 1072 1073 msg->rx_ts = ktime_to_ns(ts); 1074 msg->rx_status = CEC_RX_STATUS_OK; 1075 msg->sequence = msg->reply = msg->timeout = 0; 1076 msg->tx_status = 0; 1077 msg->tx_ts = 0; 1078 msg->tx_arb_lost_cnt = 0; 1079 msg->tx_nack_cnt = 0; 1080 msg->tx_low_drive_cnt = 0; 1081 msg->tx_error_cnt = 0; 1082 msg->flags = 0; 1083 memset(msg->msg + msg->len, 0, sizeof(msg->msg) - msg->len); 1084 1085 mutex_lock(&adap->lock); 1086 dprintk(2, "%s: %*ph\n", __func__, msg->len, msg->msg); 1087 1088 adap->last_initiator = 0xff; 1089 1090 /* Check if this message was for us (directed or broadcast). */ 1091 if (!cec_msg_is_broadcast(msg)) 1092 valid_la = cec_has_log_addr(adap, msg_dest); 1093 1094 /* 1095 * Check if the length is not too short or if the message is a 1096 * broadcast message where a directed message was expected or 1097 * vice versa. If so, then the message has to be ignored (according 1098 * to section CEC 7.3 and CEC 12.2). 1099 */ 1100 if (valid_la && msg->len > 1 && cec_msg_size[cmd]) { 1101 u8 dir_fl = cec_msg_size[cmd] & BOTH; 1102 1103 min_len = cec_msg_size[cmd] & 0x1f; 1104 if (msg->len < min_len) 1105 valid_la = false; 1106 else if (!cec_msg_is_broadcast(msg) && !(dir_fl & DIRECTED)) 1107 valid_la = false; 1108 else if (cec_msg_is_broadcast(msg) && !(dir_fl & BCAST)) 1109 valid_la = false; 1110 else if (cec_msg_is_broadcast(msg) && 1111 adap->log_addrs.cec_version < CEC_OP_CEC_VERSION_2_0 && 1112 !(dir_fl & BCAST1_4)) 1113 valid_la = false; 1114 } 1115 if (valid_la && min_len) { 1116 /* These messages have special length requirements */ 1117 switch (cmd) { 1118 case CEC_MSG_TIMER_STATUS: 1119 if (msg->msg[2] & 0x10) { 1120 switch (msg->msg[2] & 0xf) { 1121 case CEC_OP_PROG_INFO_NOT_ENOUGH_SPACE: 1122 case CEC_OP_PROG_INFO_MIGHT_NOT_BE_ENOUGH_SPACE: 1123 if (msg->len < 5) 1124 valid_la = false; 1125 break; 1126 } 1127 } else if ((msg->msg[2] & 0xf) == CEC_OP_PROG_ERROR_DUPLICATE) { 1128 if (msg->len < 5) 1129 valid_la = false; 1130 } 1131 break; 1132 case CEC_MSG_RECORD_ON: 1133 switch (msg->msg[2]) { 1134 case CEC_OP_RECORD_SRC_OWN: 1135 break; 1136 case CEC_OP_RECORD_SRC_DIGITAL: 1137 if (msg->len < 10) 1138 valid_la = false; 1139 break; 1140 case CEC_OP_RECORD_SRC_ANALOG: 1141 if (msg->len < 7) 1142 valid_la = false; 1143 break; 1144 case CEC_OP_RECORD_SRC_EXT_PLUG: 1145 if (msg->len < 4) 1146 valid_la = false; 1147 break; 1148 case CEC_OP_RECORD_SRC_EXT_PHYS_ADDR: 1149 if (msg->len < 5) 1150 valid_la = false; 1151 break; 1152 } 1153 break; 1154 } 1155 } 1156 1157 /* It's a valid message and not a poll or CDC message */ 1158 if (valid_la && msg->len > 1 && cmd != CEC_MSG_CDC_MESSAGE) { 1159 bool abort = cmd == CEC_MSG_FEATURE_ABORT; 1160 1161 /* The aborted command is in msg[2] */ 1162 if (abort) 1163 cmd = msg->msg[2]; 1164 1165 /* 1166 * Walk over all transmitted messages that are waiting for a 1167 * reply. 1168 */ 1169 list_for_each_entry(data, &adap->wait_queue, list) { 1170 struct cec_msg *dst = &data->msg; 1171 1172 /* 1173 * The *only* CEC message that has two possible replies 1174 * is CEC_MSG_INITIATE_ARC. 1175 * In this case allow either of the two replies. 1176 */ 1177 if (!abort && dst->msg[1] == CEC_MSG_INITIATE_ARC && 1178 (cmd == CEC_MSG_REPORT_ARC_INITIATED || 1179 cmd == CEC_MSG_REPORT_ARC_TERMINATED) && 1180 (dst->reply == CEC_MSG_REPORT_ARC_INITIATED || 1181 dst->reply == CEC_MSG_REPORT_ARC_TERMINATED)) 1182 dst->reply = cmd; 1183 1184 /* Does the command match? */ 1185 if ((abort && cmd != dst->msg[1]) || 1186 (!abort && cmd != dst->reply)) 1187 continue; 1188 1189 /* Does the addressing match? */ 1190 if (msg_init != cec_msg_destination(dst) && 1191 !cec_msg_is_broadcast(dst)) 1192 continue; 1193 1194 /* We got a reply */ 1195 memcpy(dst->msg, msg->msg, msg->len); 1196 dst->len = msg->len; 1197 dst->rx_ts = msg->rx_ts; 1198 dst->rx_status = msg->rx_status; 1199 if (abort) 1200 dst->rx_status |= CEC_RX_STATUS_FEATURE_ABORT; 1201 msg->flags = dst->flags; 1202 msg->sequence = dst->sequence; 1203 /* Remove it from the wait_queue */ 1204 list_del_init(&data->list); 1205 1206 /* Cancel the pending timeout work */ 1207 if (!cancel_delayed_work(&data->work)) { 1208 mutex_unlock(&adap->lock); 1209 cancel_delayed_work_sync(&data->work); 1210 mutex_lock(&adap->lock); 1211 } 1212 /* 1213 * Mark this as a reply, provided someone is still 1214 * waiting for the answer. 1215 */ 1216 if (data->fh) 1217 is_reply = true; 1218 cec_data_completed(data); 1219 break; 1220 } 1221 } 1222 mutex_unlock(&adap->lock); 1223 1224 /* Pass the message on to any monitoring filehandles */ 1225 cec_queue_msg_monitor(adap, msg, valid_la); 1226 1227 /* We're done if it is not for us or a poll message */ 1228 if (!valid_la || msg->len <= 1) 1229 return; 1230 1231 if (adap->log_addrs.log_addr_mask == 0) 1232 return; 1233 1234 /* 1235 * Process the message on the protocol level. If is_reply is true, 1236 * then cec_receive_notify() won't pass on the reply to the listener(s) 1237 * since that was already done by cec_data_completed() above. 1238 */ 1239 cec_receive_notify(adap, msg, is_reply); 1240 } 1241 EXPORT_SYMBOL_GPL(cec_received_msg_ts); 1242 1243 /* Logical Address Handling */ 1244 1245 /* 1246 * Attempt to claim a specific logical address. 1247 * 1248 * This function is called with adap->lock held. 1249 */ 1250 static int cec_config_log_addr(struct cec_adapter *adap, 1251 unsigned int idx, 1252 unsigned int log_addr) 1253 { 1254 struct cec_log_addrs *las = &adap->log_addrs; 1255 struct cec_msg msg = { }; 1256 const unsigned int max_retries = 2; 1257 unsigned int i; 1258 int err; 1259 1260 if (cec_has_log_addr(adap, log_addr)) 1261 return 0; 1262 1263 /* Send poll message */ 1264 msg.len = 1; 1265 msg.msg[0] = (log_addr << 4) | log_addr; 1266 1267 for (i = 0; i < max_retries; i++) { 1268 err = cec_transmit_msg_fh(adap, &msg, NULL, true); 1269 1270 /* 1271 * While trying to poll the physical address was reset 1272 * and the adapter was unconfigured, so bail out. 1273 */ 1274 if (!adap->is_configuring) 1275 return -EINTR; 1276 1277 if (err) 1278 return err; 1279 1280 /* 1281 * The message was aborted due to a disconnect or 1282 * unconfigure, just bail out. 1283 */ 1284 if (msg.tx_status & CEC_TX_STATUS_ABORTED) 1285 return -EINTR; 1286 if (msg.tx_status & CEC_TX_STATUS_OK) 1287 return 0; 1288 if (msg.tx_status & CEC_TX_STATUS_NACK) 1289 break; 1290 /* 1291 * Retry up to max_retries times if the message was neither 1292 * OKed or NACKed. This can happen due to e.g. a Lost 1293 * Arbitration condition. 1294 */ 1295 } 1296 1297 /* 1298 * If we are unable to get an OK or a NACK after max_retries attempts 1299 * (and note that each attempt already consists of four polls), then 1300 * we assume that something is really weird and that it is not a 1301 * good idea to try and claim this logical address. 1302 */ 1303 if (i == max_retries) 1304 return 0; 1305 1306 /* 1307 * Message not acknowledged, so this logical 1308 * address is free to use. 1309 */ 1310 err = adap->ops->adap_log_addr(adap, log_addr); 1311 if (err) 1312 return err; 1313 1314 las->log_addr[idx] = log_addr; 1315 las->log_addr_mask |= 1 << log_addr; 1316 return 1; 1317 } 1318 1319 /* 1320 * Unconfigure the adapter: clear all logical addresses and send 1321 * the state changed event. 1322 * 1323 * This function is called with adap->lock held. 1324 */ 1325 static void cec_adap_unconfigure(struct cec_adapter *adap) 1326 { 1327 if (!adap->needs_hpd || 1328 adap->phys_addr != CEC_PHYS_ADDR_INVALID) 1329 WARN_ON(adap->ops->adap_log_addr(adap, CEC_LOG_ADDR_INVALID)); 1330 adap->log_addrs.log_addr_mask = 0; 1331 adap->is_configuring = false; 1332 adap->is_configured = false; 1333 cec_flush(adap); 1334 wake_up_interruptible(&adap->kthread_waitq); 1335 cec_post_state_event(adap); 1336 } 1337 1338 /* 1339 * Attempt to claim the required logical addresses. 1340 */ 1341 static int cec_config_thread_func(void *arg) 1342 { 1343 /* The various LAs for each type of device */ 1344 static const u8 tv_log_addrs[] = { 1345 CEC_LOG_ADDR_TV, CEC_LOG_ADDR_SPECIFIC, 1346 CEC_LOG_ADDR_INVALID 1347 }; 1348 static const u8 record_log_addrs[] = { 1349 CEC_LOG_ADDR_RECORD_1, CEC_LOG_ADDR_RECORD_2, 1350 CEC_LOG_ADDR_RECORD_3, 1351 CEC_LOG_ADDR_BACKUP_1, CEC_LOG_ADDR_BACKUP_2, 1352 CEC_LOG_ADDR_INVALID 1353 }; 1354 static const u8 tuner_log_addrs[] = { 1355 CEC_LOG_ADDR_TUNER_1, CEC_LOG_ADDR_TUNER_2, 1356 CEC_LOG_ADDR_TUNER_3, CEC_LOG_ADDR_TUNER_4, 1357 CEC_LOG_ADDR_BACKUP_1, CEC_LOG_ADDR_BACKUP_2, 1358 CEC_LOG_ADDR_INVALID 1359 }; 1360 static const u8 playback_log_addrs[] = { 1361 CEC_LOG_ADDR_PLAYBACK_1, CEC_LOG_ADDR_PLAYBACK_2, 1362 CEC_LOG_ADDR_PLAYBACK_3, 1363 CEC_LOG_ADDR_BACKUP_1, CEC_LOG_ADDR_BACKUP_2, 1364 CEC_LOG_ADDR_INVALID 1365 }; 1366 static const u8 audiosystem_log_addrs[] = { 1367 CEC_LOG_ADDR_AUDIOSYSTEM, 1368 CEC_LOG_ADDR_INVALID 1369 }; 1370 static const u8 specific_use_log_addrs[] = { 1371 CEC_LOG_ADDR_SPECIFIC, 1372 CEC_LOG_ADDR_BACKUP_1, CEC_LOG_ADDR_BACKUP_2, 1373 CEC_LOG_ADDR_INVALID 1374 }; 1375 static const u8 *type2addrs[6] = { 1376 [CEC_LOG_ADDR_TYPE_TV] = tv_log_addrs, 1377 [CEC_LOG_ADDR_TYPE_RECORD] = record_log_addrs, 1378 [CEC_LOG_ADDR_TYPE_TUNER] = tuner_log_addrs, 1379 [CEC_LOG_ADDR_TYPE_PLAYBACK] = playback_log_addrs, 1380 [CEC_LOG_ADDR_TYPE_AUDIOSYSTEM] = audiosystem_log_addrs, 1381 [CEC_LOG_ADDR_TYPE_SPECIFIC] = specific_use_log_addrs, 1382 }; 1383 static const u16 type2mask[] = { 1384 [CEC_LOG_ADDR_TYPE_TV] = CEC_LOG_ADDR_MASK_TV, 1385 [CEC_LOG_ADDR_TYPE_RECORD] = CEC_LOG_ADDR_MASK_RECORD, 1386 [CEC_LOG_ADDR_TYPE_TUNER] = CEC_LOG_ADDR_MASK_TUNER, 1387 [CEC_LOG_ADDR_TYPE_PLAYBACK] = CEC_LOG_ADDR_MASK_PLAYBACK, 1388 [CEC_LOG_ADDR_TYPE_AUDIOSYSTEM] = CEC_LOG_ADDR_MASK_AUDIOSYSTEM, 1389 [CEC_LOG_ADDR_TYPE_SPECIFIC] = CEC_LOG_ADDR_MASK_SPECIFIC, 1390 }; 1391 struct cec_adapter *adap = arg; 1392 struct cec_log_addrs *las = &adap->log_addrs; 1393 int err; 1394 int i, j; 1395 1396 mutex_lock(&adap->lock); 1397 dprintk(1, "physical address: %x.%x.%x.%x, claim %d logical addresses\n", 1398 cec_phys_addr_exp(adap->phys_addr), las->num_log_addrs); 1399 las->log_addr_mask = 0; 1400 1401 if (las->log_addr_type[0] == CEC_LOG_ADDR_TYPE_UNREGISTERED) 1402 goto configured; 1403 1404 for (i = 0; i < las->num_log_addrs; i++) { 1405 unsigned int type = las->log_addr_type[i]; 1406 const u8 *la_list; 1407 u8 last_la; 1408 1409 /* 1410 * The TV functionality can only map to physical address 0. 1411 * For any other address, try the Specific functionality 1412 * instead as per the spec. 1413 */ 1414 if (adap->phys_addr && type == CEC_LOG_ADDR_TYPE_TV) 1415 type = CEC_LOG_ADDR_TYPE_SPECIFIC; 1416 1417 la_list = type2addrs[type]; 1418 last_la = las->log_addr[i]; 1419 las->log_addr[i] = CEC_LOG_ADDR_INVALID; 1420 if (last_la == CEC_LOG_ADDR_INVALID || 1421 last_la == CEC_LOG_ADDR_UNREGISTERED || 1422 !((1 << last_la) & type2mask[type])) 1423 last_la = la_list[0]; 1424 1425 err = cec_config_log_addr(adap, i, last_la); 1426 if (err > 0) /* Reused last LA */ 1427 continue; 1428 1429 if (err < 0) 1430 goto unconfigure; 1431 1432 for (j = 0; la_list[j] != CEC_LOG_ADDR_INVALID; j++) { 1433 /* Tried this one already, skip it */ 1434 if (la_list[j] == last_la) 1435 continue; 1436 /* The backup addresses are CEC 2.0 specific */ 1437 if ((la_list[j] == CEC_LOG_ADDR_BACKUP_1 || 1438 la_list[j] == CEC_LOG_ADDR_BACKUP_2) && 1439 las->cec_version < CEC_OP_CEC_VERSION_2_0) 1440 continue; 1441 1442 err = cec_config_log_addr(adap, i, la_list[j]); 1443 if (err == 0) /* LA is in use */ 1444 continue; 1445 if (err < 0) 1446 goto unconfigure; 1447 /* Done, claimed an LA */ 1448 break; 1449 } 1450 1451 if (la_list[j] == CEC_LOG_ADDR_INVALID) 1452 dprintk(1, "could not claim LA %d\n", i); 1453 } 1454 1455 if (adap->log_addrs.log_addr_mask == 0 && 1456 !(las->flags & CEC_LOG_ADDRS_FL_ALLOW_UNREG_FALLBACK)) 1457 goto unconfigure; 1458 1459 configured: 1460 if (adap->log_addrs.log_addr_mask == 0) { 1461 /* Fall back to unregistered */ 1462 las->log_addr[0] = CEC_LOG_ADDR_UNREGISTERED; 1463 las->log_addr_mask = 1 << las->log_addr[0]; 1464 for (i = 1; i < las->num_log_addrs; i++) 1465 las->log_addr[i] = CEC_LOG_ADDR_INVALID; 1466 } 1467 for (i = las->num_log_addrs; i < CEC_MAX_LOG_ADDRS; i++) 1468 las->log_addr[i] = CEC_LOG_ADDR_INVALID; 1469 adap->is_configured = true; 1470 adap->is_configuring = false; 1471 cec_post_state_event(adap); 1472 1473 /* 1474 * Now post the Report Features and Report Physical Address broadcast 1475 * messages. Note that these are non-blocking transmits, meaning that 1476 * they are just queued up and once adap->lock is unlocked the main 1477 * thread will kick in and start transmitting these. 1478 * 1479 * If after this function is done (but before one or more of these 1480 * messages are actually transmitted) the CEC adapter is unconfigured, 1481 * then any remaining messages will be dropped by the main thread. 1482 */ 1483 for (i = 0; i < las->num_log_addrs; i++) { 1484 struct cec_msg msg = {}; 1485 1486 if (las->log_addr[i] == CEC_LOG_ADDR_INVALID || 1487 (las->flags & CEC_LOG_ADDRS_FL_CDC_ONLY)) 1488 continue; 1489 1490 msg.msg[0] = (las->log_addr[i] << 4) | 0x0f; 1491 1492 /* Report Features must come first according to CEC 2.0 */ 1493 if (las->log_addr[i] != CEC_LOG_ADDR_UNREGISTERED && 1494 adap->log_addrs.cec_version >= CEC_OP_CEC_VERSION_2_0) { 1495 cec_fill_msg_report_features(adap, &msg, i); 1496 cec_transmit_msg_fh(adap, &msg, NULL, false); 1497 } 1498 1499 /* Report Physical Address */ 1500 cec_msg_report_physical_addr(&msg, adap->phys_addr, 1501 las->primary_device_type[i]); 1502 dprintk(1, "config: la %d pa %x.%x.%x.%x\n", 1503 las->log_addr[i], 1504 cec_phys_addr_exp(adap->phys_addr)); 1505 cec_transmit_msg_fh(adap, &msg, NULL, false); 1506 1507 /* Report Vendor ID */ 1508 if (adap->log_addrs.vendor_id != CEC_VENDOR_ID_NONE) { 1509 cec_msg_device_vendor_id(&msg, 1510 adap->log_addrs.vendor_id); 1511 cec_transmit_msg_fh(adap, &msg, NULL, false); 1512 } 1513 } 1514 adap->kthread_config = NULL; 1515 complete(&adap->config_completion); 1516 mutex_unlock(&adap->lock); 1517 return 0; 1518 1519 unconfigure: 1520 for (i = 0; i < las->num_log_addrs; i++) 1521 las->log_addr[i] = CEC_LOG_ADDR_INVALID; 1522 cec_adap_unconfigure(adap); 1523 adap->kthread_config = NULL; 1524 mutex_unlock(&adap->lock); 1525 complete(&adap->config_completion); 1526 return 0; 1527 } 1528 1529 /* 1530 * Called from either __cec_s_phys_addr or __cec_s_log_addrs to claim the 1531 * logical addresses. 1532 * 1533 * This function is called with adap->lock held. 1534 */ 1535 static void cec_claim_log_addrs(struct cec_adapter *adap, bool block) 1536 { 1537 if (WARN_ON(adap->is_configuring || adap->is_configured)) 1538 return; 1539 1540 init_completion(&adap->config_completion); 1541 1542 /* Ready to kick off the thread */ 1543 adap->is_configuring = true; 1544 adap->kthread_config = kthread_run(cec_config_thread_func, adap, 1545 "ceccfg-%s", adap->name); 1546 if (IS_ERR(adap->kthread_config)) { 1547 adap->kthread_config = NULL; 1548 } else if (block) { 1549 mutex_unlock(&adap->lock); 1550 wait_for_completion(&adap->config_completion); 1551 mutex_lock(&adap->lock); 1552 } 1553 } 1554 1555 /* Set a new physical address and send an event notifying userspace of this. 1556 * 1557 * This function is called with adap->lock held. 1558 */ 1559 void __cec_s_phys_addr(struct cec_adapter *adap, u16 phys_addr, bool block) 1560 { 1561 if (phys_addr == adap->phys_addr) 1562 return; 1563 if (phys_addr != CEC_PHYS_ADDR_INVALID && adap->devnode.unregistered) 1564 return; 1565 1566 dprintk(1, "new physical address %x.%x.%x.%x\n", 1567 cec_phys_addr_exp(phys_addr)); 1568 if (phys_addr == CEC_PHYS_ADDR_INVALID || 1569 adap->phys_addr != CEC_PHYS_ADDR_INVALID) { 1570 adap->phys_addr = CEC_PHYS_ADDR_INVALID; 1571 cec_post_state_event(adap); 1572 cec_adap_unconfigure(adap); 1573 /* Disabling monitor all mode should always succeed */ 1574 if (adap->monitor_all_cnt) 1575 WARN_ON(call_op(adap, adap_monitor_all_enable, false)); 1576 mutex_lock(&adap->devnode.lock); 1577 if (adap->needs_hpd || list_empty(&adap->devnode.fhs)) { 1578 WARN_ON(adap->ops->adap_enable(adap, false)); 1579 adap->transmit_in_progress = false; 1580 wake_up_interruptible(&adap->kthread_waitq); 1581 } 1582 mutex_unlock(&adap->devnode.lock); 1583 if (phys_addr == CEC_PHYS_ADDR_INVALID) 1584 return; 1585 } 1586 1587 mutex_lock(&adap->devnode.lock); 1588 adap->last_initiator = 0xff; 1589 adap->transmit_in_progress = false; 1590 1591 if ((adap->needs_hpd || list_empty(&adap->devnode.fhs)) && 1592 adap->ops->adap_enable(adap, true)) { 1593 mutex_unlock(&adap->devnode.lock); 1594 return; 1595 } 1596 1597 if (adap->monitor_all_cnt && 1598 call_op(adap, adap_monitor_all_enable, true)) { 1599 if (adap->needs_hpd || list_empty(&adap->devnode.fhs)) 1600 WARN_ON(adap->ops->adap_enable(adap, false)); 1601 mutex_unlock(&adap->devnode.lock); 1602 return; 1603 } 1604 mutex_unlock(&adap->devnode.lock); 1605 1606 adap->phys_addr = phys_addr; 1607 cec_post_state_event(adap); 1608 if (adap->log_addrs.num_log_addrs) 1609 cec_claim_log_addrs(adap, block); 1610 } 1611 1612 void cec_s_phys_addr(struct cec_adapter *adap, u16 phys_addr, bool block) 1613 { 1614 if (IS_ERR_OR_NULL(adap)) 1615 return; 1616 1617 mutex_lock(&adap->lock); 1618 __cec_s_phys_addr(adap, phys_addr, block); 1619 mutex_unlock(&adap->lock); 1620 } 1621 EXPORT_SYMBOL_GPL(cec_s_phys_addr); 1622 1623 void cec_s_phys_addr_from_edid(struct cec_adapter *adap, 1624 const struct edid *edid) 1625 { 1626 u16 pa = CEC_PHYS_ADDR_INVALID; 1627 1628 if (edid && edid->extensions) 1629 pa = cec_get_edid_phys_addr((const u8 *)edid, 1630 EDID_LENGTH * (edid->extensions + 1), NULL); 1631 cec_s_phys_addr(adap, pa, false); 1632 } 1633 EXPORT_SYMBOL_GPL(cec_s_phys_addr_from_edid); 1634 1635 void cec_s_conn_info(struct cec_adapter *adap, 1636 const struct cec_connector_info *conn_info) 1637 { 1638 if (IS_ERR_OR_NULL(adap)) 1639 return; 1640 1641 if (!(adap->capabilities & CEC_CAP_CONNECTOR_INFO)) 1642 return; 1643 1644 mutex_lock(&adap->lock); 1645 if (conn_info) 1646 adap->conn_info = *conn_info; 1647 else 1648 memset(&adap->conn_info, 0, sizeof(adap->conn_info)); 1649 cec_post_state_event(adap); 1650 mutex_unlock(&adap->lock); 1651 } 1652 EXPORT_SYMBOL_GPL(cec_s_conn_info); 1653 1654 /* 1655 * Called from either the ioctl or a driver to set the logical addresses. 1656 * 1657 * This function is called with adap->lock held. 1658 */ 1659 int __cec_s_log_addrs(struct cec_adapter *adap, 1660 struct cec_log_addrs *log_addrs, bool block) 1661 { 1662 u16 type_mask = 0; 1663 int i; 1664 1665 if (adap->devnode.unregistered) 1666 return -ENODEV; 1667 1668 if (!log_addrs || log_addrs->num_log_addrs == 0) { 1669 cec_adap_unconfigure(adap); 1670 adap->log_addrs.num_log_addrs = 0; 1671 for (i = 0; i < CEC_MAX_LOG_ADDRS; i++) 1672 adap->log_addrs.log_addr[i] = CEC_LOG_ADDR_INVALID; 1673 adap->log_addrs.osd_name[0] = '\0'; 1674 adap->log_addrs.vendor_id = CEC_VENDOR_ID_NONE; 1675 adap->log_addrs.cec_version = CEC_OP_CEC_VERSION_2_0; 1676 return 0; 1677 } 1678 1679 if (log_addrs->flags & CEC_LOG_ADDRS_FL_CDC_ONLY) { 1680 /* 1681 * Sanitize log_addrs fields if a CDC-Only device is 1682 * requested. 1683 */ 1684 log_addrs->num_log_addrs = 1; 1685 log_addrs->osd_name[0] = '\0'; 1686 log_addrs->vendor_id = CEC_VENDOR_ID_NONE; 1687 log_addrs->log_addr_type[0] = CEC_LOG_ADDR_TYPE_UNREGISTERED; 1688 /* 1689 * This is just an internal convention since a CDC-Only device 1690 * doesn't have to be a switch. But switches already use 1691 * unregistered, so it makes some kind of sense to pick this 1692 * as the primary device. Since a CDC-Only device never sends 1693 * any 'normal' CEC messages this primary device type is never 1694 * sent over the CEC bus. 1695 */ 1696 log_addrs->primary_device_type[0] = CEC_OP_PRIM_DEVTYPE_SWITCH; 1697 log_addrs->all_device_types[0] = 0; 1698 log_addrs->features[0][0] = 0; 1699 log_addrs->features[0][1] = 0; 1700 } 1701 1702 /* Ensure the osd name is 0-terminated */ 1703 log_addrs->osd_name[sizeof(log_addrs->osd_name) - 1] = '\0'; 1704 1705 /* Sanity checks */ 1706 if (log_addrs->num_log_addrs > adap->available_log_addrs) { 1707 dprintk(1, "num_log_addrs > %d\n", adap->available_log_addrs); 1708 return -EINVAL; 1709 } 1710 1711 /* 1712 * Vendor ID is a 24 bit number, so check if the value is 1713 * within the correct range. 1714 */ 1715 if (log_addrs->vendor_id != CEC_VENDOR_ID_NONE && 1716 (log_addrs->vendor_id & 0xff000000) != 0) { 1717 dprintk(1, "invalid vendor ID\n"); 1718 return -EINVAL; 1719 } 1720 1721 if (log_addrs->cec_version != CEC_OP_CEC_VERSION_1_4 && 1722 log_addrs->cec_version != CEC_OP_CEC_VERSION_2_0) { 1723 dprintk(1, "invalid CEC version\n"); 1724 return -EINVAL; 1725 } 1726 1727 if (log_addrs->num_log_addrs > 1) 1728 for (i = 0; i < log_addrs->num_log_addrs; i++) 1729 if (log_addrs->log_addr_type[i] == 1730 CEC_LOG_ADDR_TYPE_UNREGISTERED) { 1731 dprintk(1, "num_log_addrs > 1 can't be combined with unregistered LA\n"); 1732 return -EINVAL; 1733 } 1734 1735 for (i = 0; i < log_addrs->num_log_addrs; i++) { 1736 const u8 feature_sz = ARRAY_SIZE(log_addrs->features[0]); 1737 u8 *features = log_addrs->features[i]; 1738 bool op_is_dev_features = false; 1739 unsigned int j; 1740 1741 log_addrs->log_addr[i] = CEC_LOG_ADDR_INVALID; 1742 if (log_addrs->log_addr_type[i] > CEC_LOG_ADDR_TYPE_UNREGISTERED) { 1743 dprintk(1, "unknown logical address type\n"); 1744 return -EINVAL; 1745 } 1746 if (type_mask & (1 << log_addrs->log_addr_type[i])) { 1747 dprintk(1, "duplicate logical address type\n"); 1748 return -EINVAL; 1749 } 1750 type_mask |= 1 << log_addrs->log_addr_type[i]; 1751 if ((type_mask & (1 << CEC_LOG_ADDR_TYPE_RECORD)) && 1752 (type_mask & (1 << CEC_LOG_ADDR_TYPE_PLAYBACK))) { 1753 /* Record already contains the playback functionality */ 1754 dprintk(1, "invalid record + playback combination\n"); 1755 return -EINVAL; 1756 } 1757 if (log_addrs->primary_device_type[i] > 1758 CEC_OP_PRIM_DEVTYPE_PROCESSOR) { 1759 dprintk(1, "unknown primary device type\n"); 1760 return -EINVAL; 1761 } 1762 if (log_addrs->primary_device_type[i] == 2) { 1763 dprintk(1, "invalid primary device type\n"); 1764 return -EINVAL; 1765 } 1766 for (j = 0; j < feature_sz; j++) { 1767 if ((features[j] & 0x80) == 0) { 1768 if (op_is_dev_features) 1769 break; 1770 op_is_dev_features = true; 1771 } 1772 } 1773 if (!op_is_dev_features || j == feature_sz) { 1774 dprintk(1, "malformed features\n"); 1775 return -EINVAL; 1776 } 1777 /* Zero unused part of the feature array */ 1778 memset(features + j + 1, 0, feature_sz - j - 1); 1779 } 1780 1781 if (log_addrs->cec_version >= CEC_OP_CEC_VERSION_2_0) { 1782 if (log_addrs->num_log_addrs > 2) { 1783 dprintk(1, "CEC 2.0 allows no more than 2 logical addresses\n"); 1784 return -EINVAL; 1785 } 1786 if (log_addrs->num_log_addrs == 2) { 1787 if (!(type_mask & ((1 << CEC_LOG_ADDR_TYPE_AUDIOSYSTEM) | 1788 (1 << CEC_LOG_ADDR_TYPE_TV)))) { 1789 dprintk(1, "two LAs is only allowed for audiosystem and TV\n"); 1790 return -EINVAL; 1791 } 1792 if (!(type_mask & ((1 << CEC_LOG_ADDR_TYPE_PLAYBACK) | 1793 (1 << CEC_LOG_ADDR_TYPE_RECORD)))) { 1794 dprintk(1, "an audiosystem/TV can only be combined with record or playback\n"); 1795 return -EINVAL; 1796 } 1797 } 1798 } 1799 1800 /* Zero unused LAs */ 1801 for (i = log_addrs->num_log_addrs; i < CEC_MAX_LOG_ADDRS; i++) { 1802 log_addrs->primary_device_type[i] = 0; 1803 log_addrs->log_addr_type[i] = 0; 1804 log_addrs->all_device_types[i] = 0; 1805 memset(log_addrs->features[i], 0, 1806 sizeof(log_addrs->features[i])); 1807 } 1808 1809 log_addrs->log_addr_mask = adap->log_addrs.log_addr_mask; 1810 adap->log_addrs = *log_addrs; 1811 if (adap->phys_addr != CEC_PHYS_ADDR_INVALID) 1812 cec_claim_log_addrs(adap, block); 1813 return 0; 1814 } 1815 1816 int cec_s_log_addrs(struct cec_adapter *adap, 1817 struct cec_log_addrs *log_addrs, bool block) 1818 { 1819 int err; 1820 1821 mutex_lock(&adap->lock); 1822 err = __cec_s_log_addrs(adap, log_addrs, block); 1823 mutex_unlock(&adap->lock); 1824 return err; 1825 } 1826 EXPORT_SYMBOL_GPL(cec_s_log_addrs); 1827 1828 /* High-level core CEC message handling */ 1829 1830 /* Fill in the Report Features message */ 1831 static void cec_fill_msg_report_features(struct cec_adapter *adap, 1832 struct cec_msg *msg, 1833 unsigned int la_idx) 1834 { 1835 const struct cec_log_addrs *las = &adap->log_addrs; 1836 const u8 *features = las->features[la_idx]; 1837 bool op_is_dev_features = false; 1838 unsigned int idx; 1839 1840 /* Report Features */ 1841 msg->msg[0] = (las->log_addr[la_idx] << 4) | 0x0f; 1842 msg->len = 4; 1843 msg->msg[1] = CEC_MSG_REPORT_FEATURES; 1844 msg->msg[2] = adap->log_addrs.cec_version; 1845 msg->msg[3] = las->all_device_types[la_idx]; 1846 1847 /* Write RC Profiles first, then Device Features */ 1848 for (idx = 0; idx < ARRAY_SIZE(las->features[0]); idx++) { 1849 msg->msg[msg->len++] = features[idx]; 1850 if ((features[idx] & CEC_OP_FEAT_EXT) == 0) { 1851 if (op_is_dev_features) 1852 break; 1853 op_is_dev_features = true; 1854 } 1855 } 1856 } 1857 1858 /* Transmit the Feature Abort message */ 1859 static int cec_feature_abort_reason(struct cec_adapter *adap, 1860 struct cec_msg *msg, u8 reason) 1861 { 1862 struct cec_msg tx_msg = { }; 1863 1864 /* 1865 * Don't reply with CEC_MSG_FEATURE_ABORT to a CEC_MSG_FEATURE_ABORT 1866 * message! 1867 */ 1868 if (msg->msg[1] == CEC_MSG_FEATURE_ABORT) 1869 return 0; 1870 /* Don't Feature Abort messages from 'Unregistered' */ 1871 if (cec_msg_initiator(msg) == CEC_LOG_ADDR_UNREGISTERED) 1872 return 0; 1873 cec_msg_set_reply_to(&tx_msg, msg); 1874 cec_msg_feature_abort(&tx_msg, msg->msg[1], reason); 1875 return cec_transmit_msg(adap, &tx_msg, false); 1876 } 1877 1878 static int cec_feature_abort(struct cec_adapter *adap, struct cec_msg *msg) 1879 { 1880 return cec_feature_abort_reason(adap, msg, 1881 CEC_OP_ABORT_UNRECOGNIZED_OP); 1882 } 1883 1884 static int cec_feature_refused(struct cec_adapter *adap, struct cec_msg *msg) 1885 { 1886 return cec_feature_abort_reason(adap, msg, 1887 CEC_OP_ABORT_REFUSED); 1888 } 1889 1890 /* 1891 * Called when a CEC message is received. This function will do any 1892 * necessary core processing. The is_reply bool is true if this message 1893 * is a reply to an earlier transmit. 1894 * 1895 * The message is either a broadcast message or a valid directed message. 1896 */ 1897 static int cec_receive_notify(struct cec_adapter *adap, struct cec_msg *msg, 1898 bool is_reply) 1899 { 1900 bool is_broadcast = cec_msg_is_broadcast(msg); 1901 u8 dest_laddr = cec_msg_destination(msg); 1902 u8 init_laddr = cec_msg_initiator(msg); 1903 u8 devtype = cec_log_addr2dev(adap, dest_laddr); 1904 int la_idx = cec_log_addr2idx(adap, dest_laddr); 1905 bool from_unregistered = init_laddr == 0xf; 1906 struct cec_msg tx_cec_msg = { }; 1907 1908 dprintk(2, "%s: %*ph\n", __func__, msg->len, msg->msg); 1909 1910 /* If this is a CDC-Only device, then ignore any non-CDC messages */ 1911 if (cec_is_cdc_only(&adap->log_addrs) && 1912 msg->msg[1] != CEC_MSG_CDC_MESSAGE) 1913 return 0; 1914 1915 if (adap->ops->received) { 1916 /* Allow drivers to process the message first */ 1917 if (adap->ops->received(adap, msg) != -ENOMSG) 1918 return 0; 1919 } 1920 1921 /* 1922 * REPORT_PHYSICAL_ADDR, CEC_MSG_USER_CONTROL_PRESSED and 1923 * CEC_MSG_USER_CONTROL_RELEASED messages always have to be 1924 * handled by the CEC core, even if the passthrough mode is on. 1925 * The others are just ignored if passthrough mode is on. 1926 */ 1927 switch (msg->msg[1]) { 1928 case CEC_MSG_GET_CEC_VERSION: 1929 case CEC_MSG_ABORT: 1930 case CEC_MSG_GIVE_DEVICE_POWER_STATUS: 1931 case CEC_MSG_GIVE_OSD_NAME: 1932 /* 1933 * These messages reply with a directed message, so ignore if 1934 * the initiator is Unregistered. 1935 */ 1936 if (!adap->passthrough && from_unregistered) 1937 return 0; 1938 fallthrough; 1939 case CEC_MSG_GIVE_DEVICE_VENDOR_ID: 1940 case CEC_MSG_GIVE_FEATURES: 1941 case CEC_MSG_GIVE_PHYSICAL_ADDR: 1942 /* 1943 * Skip processing these messages if the passthrough mode 1944 * is on. 1945 */ 1946 if (adap->passthrough) 1947 goto skip_processing; 1948 /* Ignore if addressing is wrong */ 1949 if (is_broadcast) 1950 return 0; 1951 break; 1952 1953 case CEC_MSG_USER_CONTROL_PRESSED: 1954 case CEC_MSG_USER_CONTROL_RELEASED: 1955 /* Wrong addressing mode: don't process */ 1956 if (is_broadcast || from_unregistered) 1957 goto skip_processing; 1958 break; 1959 1960 case CEC_MSG_REPORT_PHYSICAL_ADDR: 1961 /* 1962 * This message is always processed, regardless of the 1963 * passthrough setting. 1964 * 1965 * Exception: don't process if wrong addressing mode. 1966 */ 1967 if (!is_broadcast) 1968 goto skip_processing; 1969 break; 1970 1971 default: 1972 break; 1973 } 1974 1975 cec_msg_set_reply_to(&tx_cec_msg, msg); 1976 1977 switch (msg->msg[1]) { 1978 /* The following messages are processed but still passed through */ 1979 case CEC_MSG_REPORT_PHYSICAL_ADDR: { 1980 u16 pa = (msg->msg[2] << 8) | msg->msg[3]; 1981 1982 dprintk(1, "reported physical address %x.%x.%x.%x for logical address %d\n", 1983 cec_phys_addr_exp(pa), init_laddr); 1984 break; 1985 } 1986 1987 case CEC_MSG_USER_CONTROL_PRESSED: 1988 if (!(adap->capabilities & CEC_CAP_RC) || 1989 !(adap->log_addrs.flags & CEC_LOG_ADDRS_FL_ALLOW_RC_PASSTHRU)) 1990 break; 1991 1992 #ifdef CONFIG_MEDIA_CEC_RC 1993 switch (msg->msg[2]) { 1994 /* 1995 * Play function, this message can have variable length 1996 * depending on the specific play function that is used. 1997 */ 1998 case CEC_OP_UI_CMD_PLAY_FUNCTION: 1999 if (msg->len == 2) 2000 rc_keydown(adap->rc, RC_PROTO_CEC, 2001 msg->msg[2], 0); 2002 else 2003 rc_keydown(adap->rc, RC_PROTO_CEC, 2004 msg->msg[2] << 8 | msg->msg[3], 0); 2005 break; 2006 /* 2007 * Other function messages that are not handled. 2008 * Currently the RC framework does not allow to supply an 2009 * additional parameter to a keypress. These "keys" contain 2010 * other information such as channel number, an input number 2011 * etc. 2012 * For the time being these messages are not processed by the 2013 * framework and are simply forwarded to the user space. 2014 */ 2015 case CEC_OP_UI_CMD_SELECT_BROADCAST_TYPE: 2016 case CEC_OP_UI_CMD_SELECT_SOUND_PRESENTATION: 2017 case CEC_OP_UI_CMD_TUNE_FUNCTION: 2018 case CEC_OP_UI_CMD_SELECT_MEDIA_FUNCTION: 2019 case CEC_OP_UI_CMD_SELECT_AV_INPUT_FUNCTION: 2020 case CEC_OP_UI_CMD_SELECT_AUDIO_INPUT_FUNCTION: 2021 break; 2022 default: 2023 rc_keydown(adap->rc, RC_PROTO_CEC, msg->msg[2], 0); 2024 break; 2025 } 2026 #endif 2027 break; 2028 2029 case CEC_MSG_USER_CONTROL_RELEASED: 2030 if (!(adap->capabilities & CEC_CAP_RC) || 2031 !(adap->log_addrs.flags & CEC_LOG_ADDRS_FL_ALLOW_RC_PASSTHRU)) 2032 break; 2033 #ifdef CONFIG_MEDIA_CEC_RC 2034 rc_keyup(adap->rc); 2035 #endif 2036 break; 2037 2038 /* 2039 * The remaining messages are only processed if the passthrough mode 2040 * is off. 2041 */ 2042 case CEC_MSG_GET_CEC_VERSION: 2043 cec_msg_cec_version(&tx_cec_msg, adap->log_addrs.cec_version); 2044 return cec_transmit_msg(adap, &tx_cec_msg, false); 2045 2046 case CEC_MSG_GIVE_PHYSICAL_ADDR: 2047 /* Do nothing for CEC switches using addr 15 */ 2048 if (devtype == CEC_OP_PRIM_DEVTYPE_SWITCH && dest_laddr == 15) 2049 return 0; 2050 cec_msg_report_physical_addr(&tx_cec_msg, adap->phys_addr, devtype); 2051 return cec_transmit_msg(adap, &tx_cec_msg, false); 2052 2053 case CEC_MSG_GIVE_DEVICE_VENDOR_ID: 2054 if (adap->log_addrs.vendor_id == CEC_VENDOR_ID_NONE) 2055 return cec_feature_abort(adap, msg); 2056 cec_msg_device_vendor_id(&tx_cec_msg, adap->log_addrs.vendor_id); 2057 return cec_transmit_msg(adap, &tx_cec_msg, false); 2058 2059 case CEC_MSG_ABORT: 2060 /* Do nothing for CEC switches */ 2061 if (devtype == CEC_OP_PRIM_DEVTYPE_SWITCH) 2062 return 0; 2063 return cec_feature_refused(adap, msg); 2064 2065 case CEC_MSG_GIVE_OSD_NAME: { 2066 if (adap->log_addrs.osd_name[0] == 0) 2067 return cec_feature_abort(adap, msg); 2068 cec_msg_set_osd_name(&tx_cec_msg, adap->log_addrs.osd_name); 2069 return cec_transmit_msg(adap, &tx_cec_msg, false); 2070 } 2071 2072 case CEC_MSG_GIVE_FEATURES: 2073 if (adap->log_addrs.cec_version < CEC_OP_CEC_VERSION_2_0) 2074 return cec_feature_abort(adap, msg); 2075 cec_fill_msg_report_features(adap, &tx_cec_msg, la_idx); 2076 return cec_transmit_msg(adap, &tx_cec_msg, false); 2077 2078 default: 2079 /* 2080 * Unprocessed messages are aborted if userspace isn't doing 2081 * any processing either. 2082 */ 2083 if (!is_broadcast && !is_reply && !adap->follower_cnt && 2084 !adap->cec_follower && msg->msg[1] != CEC_MSG_FEATURE_ABORT) 2085 return cec_feature_abort(adap, msg); 2086 break; 2087 } 2088 2089 skip_processing: 2090 /* If this was a reply, then we're done, unless otherwise specified */ 2091 if (is_reply && !(msg->flags & CEC_MSG_FL_REPLY_TO_FOLLOWERS)) 2092 return 0; 2093 2094 /* 2095 * Send to the exclusive follower if there is one, otherwise send 2096 * to all followers. 2097 */ 2098 if (adap->cec_follower) 2099 cec_queue_msg_fh(adap->cec_follower, msg); 2100 else 2101 cec_queue_msg_followers(adap, msg); 2102 return 0; 2103 } 2104 2105 /* 2106 * Helper functions to keep track of the 'monitor all' use count. 2107 * 2108 * These functions are called with adap->lock held. 2109 */ 2110 int cec_monitor_all_cnt_inc(struct cec_adapter *adap) 2111 { 2112 int ret = 0; 2113 2114 if (adap->monitor_all_cnt == 0) 2115 ret = call_op(adap, adap_monitor_all_enable, 1); 2116 if (ret == 0) 2117 adap->monitor_all_cnt++; 2118 return ret; 2119 } 2120 2121 void cec_monitor_all_cnt_dec(struct cec_adapter *adap) 2122 { 2123 adap->monitor_all_cnt--; 2124 if (adap->monitor_all_cnt == 0) 2125 WARN_ON(call_op(adap, adap_monitor_all_enable, 0)); 2126 } 2127 2128 /* 2129 * Helper functions to keep track of the 'monitor pin' use count. 2130 * 2131 * These functions are called with adap->lock held. 2132 */ 2133 int cec_monitor_pin_cnt_inc(struct cec_adapter *adap) 2134 { 2135 int ret = 0; 2136 2137 if (adap->monitor_pin_cnt == 0) 2138 ret = call_op(adap, adap_monitor_pin_enable, 1); 2139 if (ret == 0) 2140 adap->monitor_pin_cnt++; 2141 return ret; 2142 } 2143 2144 void cec_monitor_pin_cnt_dec(struct cec_adapter *adap) 2145 { 2146 adap->monitor_pin_cnt--; 2147 if (adap->monitor_pin_cnt == 0) 2148 WARN_ON(call_op(adap, adap_monitor_pin_enable, 0)); 2149 } 2150 2151 #ifdef CONFIG_DEBUG_FS 2152 /* 2153 * Log the current state of the CEC adapter. 2154 * Very useful for debugging. 2155 */ 2156 int cec_adap_status(struct seq_file *file, void *priv) 2157 { 2158 struct cec_adapter *adap = dev_get_drvdata(file->private); 2159 struct cec_data *data; 2160 2161 mutex_lock(&adap->lock); 2162 seq_printf(file, "configured: %d\n", adap->is_configured); 2163 seq_printf(file, "configuring: %d\n", adap->is_configuring); 2164 seq_printf(file, "phys_addr: %x.%x.%x.%x\n", 2165 cec_phys_addr_exp(adap->phys_addr)); 2166 seq_printf(file, "number of LAs: %d\n", adap->log_addrs.num_log_addrs); 2167 seq_printf(file, "LA mask: 0x%04x\n", adap->log_addrs.log_addr_mask); 2168 if (adap->cec_follower) 2169 seq_printf(file, "has CEC follower%s\n", 2170 adap->passthrough ? " (in passthrough mode)" : ""); 2171 if (adap->cec_initiator) 2172 seq_puts(file, "has CEC initiator\n"); 2173 if (adap->monitor_all_cnt) 2174 seq_printf(file, "file handles in Monitor All mode: %u\n", 2175 adap->monitor_all_cnt); 2176 if (adap->tx_timeouts) { 2177 seq_printf(file, "transmit timeouts: %u\n", 2178 adap->tx_timeouts); 2179 adap->tx_timeouts = 0; 2180 } 2181 data = adap->transmitting; 2182 if (data) 2183 seq_printf(file, "transmitting message: %*ph (reply: %02x, timeout: %ums)\n", 2184 data->msg.len, data->msg.msg, data->msg.reply, 2185 data->msg.timeout); 2186 seq_printf(file, "pending transmits: %u\n", adap->transmit_queue_sz); 2187 list_for_each_entry(data, &adap->transmit_queue, list) { 2188 seq_printf(file, "queued tx message: %*ph (reply: %02x, timeout: %ums)\n", 2189 data->msg.len, data->msg.msg, data->msg.reply, 2190 data->msg.timeout); 2191 } 2192 list_for_each_entry(data, &adap->wait_queue, list) { 2193 seq_printf(file, "message waiting for reply: %*ph (reply: %02x, timeout: %ums)\n", 2194 data->msg.len, data->msg.msg, data->msg.reply, 2195 data->msg.timeout); 2196 } 2197 2198 call_void_op(adap, adap_status, file); 2199 mutex_unlock(&adap->lock); 2200 return 0; 2201 } 2202 #endif 2203