1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * cec-adap.c - HDMI Consumer Electronics Control framework - CEC adapter 4 * 5 * Copyright 2016 Cisco Systems, Inc. and/or its affiliates. All rights reserved. 6 */ 7 8 #include <linux/errno.h> 9 #include <linux/init.h> 10 #include <linux/module.h> 11 #include <linux/kernel.h> 12 #include <linux/kmod.h> 13 #include <linux/ktime.h> 14 #include <linux/slab.h> 15 #include <linux/mm.h> 16 #include <linux/string.h> 17 #include <linux/types.h> 18 19 #include <drm/drm_connector.h> 20 #include <drm/drm_device.h> 21 #include <drm/drm_edid.h> 22 #include <drm/drm_file.h> 23 24 #include "cec-priv.h" 25 26 static void cec_fill_msg_report_features(struct cec_adapter *adap, 27 struct cec_msg *msg, 28 unsigned int la_idx); 29 30 /* 31 * 400 ms is the time it takes for one 16 byte message to be 32 * transferred and 5 is the maximum number of retries. Add 33 * another 100 ms as a margin. So if the transmit doesn't 34 * finish before that time something is really wrong and we 35 * have to time out. 36 * 37 * This is a sign that something it really wrong and a warning 38 * will be issued. 39 */ 40 #define CEC_XFER_TIMEOUT_MS (5 * 400 + 100) 41 42 #define call_op(adap, op, arg...) \ 43 (adap->ops->op ? adap->ops->op(adap, ## arg) : 0) 44 45 #define call_void_op(adap, op, arg...) \ 46 do { \ 47 if (adap->ops->op) \ 48 adap->ops->op(adap, ## arg); \ 49 } while (0) 50 51 static int cec_log_addr2idx(const struct cec_adapter *adap, u8 log_addr) 52 { 53 int i; 54 55 for (i = 0; i < adap->log_addrs.num_log_addrs; i++) 56 if (adap->log_addrs.log_addr[i] == log_addr) 57 return i; 58 return -1; 59 } 60 61 static unsigned int cec_log_addr2dev(const struct cec_adapter *adap, u8 log_addr) 62 { 63 int i = cec_log_addr2idx(adap, log_addr); 64 65 return adap->log_addrs.primary_device_type[i < 0 ? 0 : i]; 66 } 67 68 u16 cec_get_edid_phys_addr(const u8 *edid, unsigned int size, 69 unsigned int *offset) 70 { 71 unsigned int loc = cec_get_edid_spa_location(edid, size); 72 73 if (offset) 74 *offset = loc; 75 if (loc == 0) 76 return CEC_PHYS_ADDR_INVALID; 77 return (edid[loc] << 8) | edid[loc + 1]; 78 } 79 EXPORT_SYMBOL_GPL(cec_get_edid_phys_addr); 80 81 void cec_fill_conn_info_from_drm(struct cec_connector_info *conn_info, 82 const struct drm_connector *connector) 83 { 84 memset(conn_info, 0, sizeof(*conn_info)); 85 conn_info->type = CEC_CONNECTOR_TYPE_DRM; 86 conn_info->drm.card_no = connector->dev->primary->index; 87 conn_info->drm.connector_id = connector->base.id; 88 } 89 EXPORT_SYMBOL_GPL(cec_fill_conn_info_from_drm); 90 91 /* 92 * Queue a new event for this filehandle. If ts == 0, then set it 93 * to the current time. 94 * 95 * We keep a queue of at most max_event events where max_event differs 96 * per event. If the queue becomes full, then drop the oldest event and 97 * keep track of how many events we've dropped. 98 */ 99 void cec_queue_event_fh(struct cec_fh *fh, 100 const struct cec_event *new_ev, u64 ts) 101 { 102 static const u16 max_events[CEC_NUM_EVENTS] = { 103 1, 1, 800, 800, 8, 8, 8, 8 104 }; 105 struct cec_event_entry *entry; 106 unsigned int ev_idx = new_ev->event - 1; 107 108 if (WARN_ON(ev_idx >= ARRAY_SIZE(fh->events))) 109 return; 110 111 if (ts == 0) 112 ts = ktime_get_ns(); 113 114 mutex_lock(&fh->lock); 115 if (ev_idx < CEC_NUM_CORE_EVENTS) 116 entry = &fh->core_events[ev_idx]; 117 else 118 entry = kmalloc(sizeof(*entry), GFP_KERNEL); 119 if (entry) { 120 if (new_ev->event == CEC_EVENT_LOST_MSGS && 121 fh->queued_events[ev_idx]) { 122 entry->ev.lost_msgs.lost_msgs += 123 new_ev->lost_msgs.lost_msgs; 124 goto unlock; 125 } 126 entry->ev = *new_ev; 127 entry->ev.ts = ts; 128 129 if (fh->queued_events[ev_idx] < max_events[ev_idx]) { 130 /* Add new msg at the end of the queue */ 131 list_add_tail(&entry->list, &fh->events[ev_idx]); 132 fh->queued_events[ev_idx]++; 133 fh->total_queued_events++; 134 goto unlock; 135 } 136 137 if (ev_idx >= CEC_NUM_CORE_EVENTS) { 138 list_add_tail(&entry->list, &fh->events[ev_idx]); 139 /* drop the oldest event */ 140 entry = list_first_entry(&fh->events[ev_idx], 141 struct cec_event_entry, list); 142 list_del(&entry->list); 143 kfree(entry); 144 } 145 } 146 /* Mark that events were lost */ 147 entry = list_first_entry_or_null(&fh->events[ev_idx], 148 struct cec_event_entry, list); 149 if (entry) 150 entry->ev.flags |= CEC_EVENT_FL_DROPPED_EVENTS; 151 152 unlock: 153 mutex_unlock(&fh->lock); 154 wake_up_interruptible(&fh->wait); 155 } 156 157 /* Queue a new event for all open filehandles. */ 158 static void cec_queue_event(struct cec_adapter *adap, 159 const struct cec_event *ev) 160 { 161 u64 ts = ktime_get_ns(); 162 struct cec_fh *fh; 163 164 mutex_lock(&adap->devnode.lock); 165 list_for_each_entry(fh, &adap->devnode.fhs, list) 166 cec_queue_event_fh(fh, ev, ts); 167 mutex_unlock(&adap->devnode.lock); 168 } 169 170 /* Notify userspace that the CEC pin changed state at the given time. */ 171 void cec_queue_pin_cec_event(struct cec_adapter *adap, bool is_high, 172 bool dropped_events, ktime_t ts) 173 { 174 struct cec_event ev = { 175 .event = is_high ? CEC_EVENT_PIN_CEC_HIGH : 176 CEC_EVENT_PIN_CEC_LOW, 177 .flags = dropped_events ? CEC_EVENT_FL_DROPPED_EVENTS : 0, 178 }; 179 struct cec_fh *fh; 180 181 mutex_lock(&adap->devnode.lock); 182 list_for_each_entry(fh, &adap->devnode.fhs, list) 183 if (fh->mode_follower == CEC_MODE_MONITOR_PIN) 184 cec_queue_event_fh(fh, &ev, ktime_to_ns(ts)); 185 mutex_unlock(&adap->devnode.lock); 186 } 187 EXPORT_SYMBOL_GPL(cec_queue_pin_cec_event); 188 189 /* Notify userspace that the HPD pin changed state at the given time. */ 190 void cec_queue_pin_hpd_event(struct cec_adapter *adap, bool is_high, ktime_t ts) 191 { 192 struct cec_event ev = { 193 .event = is_high ? CEC_EVENT_PIN_HPD_HIGH : 194 CEC_EVENT_PIN_HPD_LOW, 195 }; 196 struct cec_fh *fh; 197 198 mutex_lock(&adap->devnode.lock); 199 list_for_each_entry(fh, &adap->devnode.fhs, list) 200 cec_queue_event_fh(fh, &ev, ktime_to_ns(ts)); 201 mutex_unlock(&adap->devnode.lock); 202 } 203 EXPORT_SYMBOL_GPL(cec_queue_pin_hpd_event); 204 205 /* Notify userspace that the 5V pin changed state at the given time. */ 206 void cec_queue_pin_5v_event(struct cec_adapter *adap, bool is_high, ktime_t ts) 207 { 208 struct cec_event ev = { 209 .event = is_high ? CEC_EVENT_PIN_5V_HIGH : 210 CEC_EVENT_PIN_5V_LOW, 211 }; 212 struct cec_fh *fh; 213 214 mutex_lock(&adap->devnode.lock); 215 list_for_each_entry(fh, &adap->devnode.fhs, list) 216 cec_queue_event_fh(fh, &ev, ktime_to_ns(ts)); 217 mutex_unlock(&adap->devnode.lock); 218 } 219 EXPORT_SYMBOL_GPL(cec_queue_pin_5v_event); 220 221 /* 222 * Queue a new message for this filehandle. 223 * 224 * We keep a queue of at most CEC_MAX_MSG_RX_QUEUE_SZ messages. If the 225 * queue becomes full, then drop the oldest message and keep track 226 * of how many messages we've dropped. 227 */ 228 static void cec_queue_msg_fh(struct cec_fh *fh, const struct cec_msg *msg) 229 { 230 static const struct cec_event ev_lost_msgs = { 231 .event = CEC_EVENT_LOST_MSGS, 232 .flags = 0, 233 { 234 .lost_msgs = { 1 }, 235 }, 236 }; 237 struct cec_msg_entry *entry; 238 239 mutex_lock(&fh->lock); 240 entry = kmalloc(sizeof(*entry), GFP_KERNEL); 241 if (entry) { 242 entry->msg = *msg; 243 /* Add new msg at the end of the queue */ 244 list_add_tail(&entry->list, &fh->msgs); 245 246 if (fh->queued_msgs < CEC_MAX_MSG_RX_QUEUE_SZ) { 247 /* All is fine if there is enough room */ 248 fh->queued_msgs++; 249 mutex_unlock(&fh->lock); 250 wake_up_interruptible(&fh->wait); 251 return; 252 } 253 254 /* 255 * if the message queue is full, then drop the oldest one and 256 * send a lost message event. 257 */ 258 entry = list_first_entry(&fh->msgs, struct cec_msg_entry, list); 259 list_del(&entry->list); 260 kfree(entry); 261 } 262 mutex_unlock(&fh->lock); 263 264 /* 265 * We lost a message, either because kmalloc failed or the queue 266 * was full. 267 */ 268 cec_queue_event_fh(fh, &ev_lost_msgs, ktime_get_ns()); 269 } 270 271 /* 272 * Queue the message for those filehandles that are in monitor mode. 273 * If valid_la is true (this message is for us or was sent by us), 274 * then pass it on to any monitoring filehandle. If this message 275 * isn't for us or from us, then only give it to filehandles that 276 * are in MONITOR_ALL mode. 277 * 278 * This can only happen if the CEC_CAP_MONITOR_ALL capability is 279 * set and the CEC adapter was placed in 'monitor all' mode. 280 */ 281 static void cec_queue_msg_monitor(struct cec_adapter *adap, 282 const struct cec_msg *msg, 283 bool valid_la) 284 { 285 struct cec_fh *fh; 286 u32 monitor_mode = valid_la ? CEC_MODE_MONITOR : 287 CEC_MODE_MONITOR_ALL; 288 289 mutex_lock(&adap->devnode.lock); 290 list_for_each_entry(fh, &adap->devnode.fhs, list) { 291 if (fh->mode_follower >= monitor_mode) 292 cec_queue_msg_fh(fh, msg); 293 } 294 mutex_unlock(&adap->devnode.lock); 295 } 296 297 /* 298 * Queue the message for follower filehandles. 299 */ 300 static void cec_queue_msg_followers(struct cec_adapter *adap, 301 const struct cec_msg *msg) 302 { 303 struct cec_fh *fh; 304 305 mutex_lock(&adap->devnode.lock); 306 list_for_each_entry(fh, &adap->devnode.fhs, list) { 307 if (fh->mode_follower == CEC_MODE_FOLLOWER) 308 cec_queue_msg_fh(fh, msg); 309 } 310 mutex_unlock(&adap->devnode.lock); 311 } 312 313 /* Notify userspace of an adapter state change. */ 314 static void cec_post_state_event(struct cec_adapter *adap) 315 { 316 struct cec_event ev = { 317 .event = CEC_EVENT_STATE_CHANGE, 318 }; 319 320 ev.state_change.phys_addr = adap->phys_addr; 321 ev.state_change.log_addr_mask = adap->log_addrs.log_addr_mask; 322 ev.state_change.have_conn_info = 323 adap->conn_info.type != CEC_CONNECTOR_TYPE_NO_CONNECTOR; 324 cec_queue_event(adap, &ev); 325 } 326 327 /* 328 * A CEC transmit (and a possible wait for reply) completed. 329 * If this was in blocking mode, then complete it, otherwise 330 * queue the message for userspace to dequeue later. 331 * 332 * This function is called with adap->lock held. 333 */ 334 static void cec_data_completed(struct cec_data *data) 335 { 336 /* 337 * Delete this transmit from the filehandle's xfer_list since 338 * we're done with it. 339 * 340 * Note that if the filehandle is closed before this transmit 341 * finished, then the release() function will set data->fh to NULL. 342 * Without that we would be referring to a closed filehandle. 343 */ 344 if (data->fh) 345 list_del(&data->xfer_list); 346 347 if (data->blocking) { 348 /* 349 * Someone is blocking so mark the message as completed 350 * and call complete. 351 */ 352 data->completed = true; 353 complete(&data->c); 354 } else { 355 /* 356 * No blocking, so just queue the message if needed and 357 * free the memory. 358 */ 359 if (data->fh) 360 cec_queue_msg_fh(data->fh, &data->msg); 361 kfree(data); 362 } 363 } 364 365 /* 366 * A pending CEC transmit needs to be cancelled, either because the CEC 367 * adapter is disabled or the transmit takes an impossibly long time to 368 * finish. 369 * 370 * This function is called with adap->lock held. 371 */ 372 static void cec_data_cancel(struct cec_data *data, u8 tx_status) 373 { 374 /* 375 * It's either the current transmit, or it is a pending 376 * transmit. Take the appropriate action to clear it. 377 */ 378 if (data->adap->transmitting == data) { 379 data->adap->transmitting = NULL; 380 } else { 381 list_del_init(&data->list); 382 if (!(data->msg.tx_status & CEC_TX_STATUS_OK)) 383 if (!WARN_ON(!data->adap->transmit_queue_sz)) 384 data->adap->transmit_queue_sz--; 385 } 386 387 if (data->msg.tx_status & CEC_TX_STATUS_OK) { 388 data->msg.rx_ts = ktime_get_ns(); 389 data->msg.rx_status = CEC_RX_STATUS_ABORTED; 390 } else { 391 data->msg.tx_ts = ktime_get_ns(); 392 data->msg.tx_status |= tx_status | 393 CEC_TX_STATUS_MAX_RETRIES; 394 data->msg.tx_error_cnt++; 395 data->attempts = 0; 396 } 397 398 /* Queue transmitted message for monitoring purposes */ 399 cec_queue_msg_monitor(data->adap, &data->msg, 1); 400 401 cec_data_completed(data); 402 } 403 404 /* 405 * Flush all pending transmits and cancel any pending timeout work. 406 * 407 * This function is called with adap->lock held. 408 */ 409 static void cec_flush(struct cec_adapter *adap) 410 { 411 struct cec_data *data, *n; 412 413 /* 414 * If the adapter is disabled, or we're asked to stop, 415 * then cancel any pending transmits. 416 */ 417 while (!list_empty(&adap->transmit_queue)) { 418 data = list_first_entry(&adap->transmit_queue, 419 struct cec_data, list); 420 cec_data_cancel(data, CEC_TX_STATUS_ABORTED); 421 } 422 if (adap->transmitting) 423 cec_data_cancel(adap->transmitting, CEC_TX_STATUS_ABORTED); 424 425 /* Cancel the pending timeout work. */ 426 list_for_each_entry_safe(data, n, &adap->wait_queue, list) { 427 if (cancel_delayed_work(&data->work)) 428 cec_data_cancel(data, CEC_TX_STATUS_OK); 429 /* 430 * If cancel_delayed_work returned false, then 431 * the cec_wait_timeout function is running, 432 * which will call cec_data_completed. So no 433 * need to do anything special in that case. 434 */ 435 } 436 /* 437 * If something went wrong and this counter isn't what it should 438 * be, then this will reset it back to 0. Warn if it is not 0, 439 * since it indicates a bug, either in this framework or in a 440 * CEC driver. 441 */ 442 if (WARN_ON(adap->transmit_queue_sz)) 443 adap->transmit_queue_sz = 0; 444 } 445 446 /* 447 * Main CEC state machine 448 * 449 * Wait until the thread should be stopped, or we are not transmitting and 450 * a new transmit message is queued up, in which case we start transmitting 451 * that message. When the adapter finished transmitting the message it will 452 * call cec_transmit_done(). 453 * 454 * If the adapter is disabled, then remove all queued messages instead. 455 * 456 * If the current transmit times out, then cancel that transmit. 457 */ 458 int cec_thread_func(void *_adap) 459 { 460 struct cec_adapter *adap = _adap; 461 462 for (;;) { 463 unsigned int signal_free_time; 464 struct cec_data *data; 465 bool timeout = false; 466 u8 attempts; 467 468 if (adap->transmit_in_progress) { 469 int err; 470 471 /* 472 * We are transmitting a message, so add a timeout 473 * to prevent the state machine to get stuck waiting 474 * for this message to finalize and add a check to 475 * see if the adapter is disabled in which case the 476 * transmit should be canceled. 477 */ 478 err = wait_event_interruptible_timeout(adap->kthread_waitq, 479 (adap->needs_hpd && 480 (!adap->is_configured && !adap->is_configuring)) || 481 kthread_should_stop() || 482 (!adap->transmit_in_progress && 483 !list_empty(&adap->transmit_queue)), 484 msecs_to_jiffies(CEC_XFER_TIMEOUT_MS)); 485 timeout = err == 0; 486 } else { 487 /* Otherwise we just wait for something to happen. */ 488 wait_event_interruptible(adap->kthread_waitq, 489 kthread_should_stop() || 490 (!adap->transmit_in_progress && 491 !list_empty(&adap->transmit_queue))); 492 } 493 494 mutex_lock(&adap->lock); 495 496 if ((adap->needs_hpd && 497 (!adap->is_configured && !adap->is_configuring)) || 498 kthread_should_stop()) { 499 cec_flush(adap); 500 goto unlock; 501 } 502 503 if (adap->transmit_in_progress && timeout) { 504 /* 505 * If we timeout, then log that. Normally this does 506 * not happen and it is an indication of a faulty CEC 507 * adapter driver, or the CEC bus is in some weird 508 * state. On rare occasions it can happen if there is 509 * so much traffic on the bus that the adapter was 510 * unable to transmit for CEC_XFER_TIMEOUT_MS (2.1s). 511 */ 512 if (adap->transmitting) { 513 pr_warn("cec-%s: message %*ph timed out\n", adap->name, 514 adap->transmitting->msg.len, 515 adap->transmitting->msg.msg); 516 /* Just give up on this. */ 517 cec_data_cancel(adap->transmitting, 518 CEC_TX_STATUS_TIMEOUT); 519 } else { 520 pr_warn("cec-%s: transmit timed out\n", adap->name); 521 } 522 adap->transmit_in_progress = false; 523 adap->tx_timeouts++; 524 goto unlock; 525 } 526 527 /* 528 * If we are still transmitting, or there is nothing new to 529 * transmit, then just continue waiting. 530 */ 531 if (adap->transmit_in_progress || list_empty(&adap->transmit_queue)) 532 goto unlock; 533 534 /* Get a new message to transmit */ 535 data = list_first_entry(&adap->transmit_queue, 536 struct cec_data, list); 537 list_del_init(&data->list); 538 if (!WARN_ON(!data->adap->transmit_queue_sz)) 539 adap->transmit_queue_sz--; 540 541 /* Make this the current transmitting message */ 542 adap->transmitting = data; 543 544 /* 545 * Suggested number of attempts as per the CEC 2.0 spec: 546 * 4 attempts is the default, except for 'secondary poll 547 * messages', i.e. poll messages not sent during the adapter 548 * configuration phase when it allocates logical addresses. 549 */ 550 if (data->msg.len == 1 && adap->is_configured) 551 attempts = 2; 552 else 553 attempts = 4; 554 555 /* Set the suggested signal free time */ 556 if (data->attempts) { 557 /* should be >= 3 data bit periods for a retry */ 558 signal_free_time = CEC_SIGNAL_FREE_TIME_RETRY; 559 } else if (adap->last_initiator != 560 cec_msg_initiator(&data->msg)) { 561 /* should be >= 5 data bit periods for new initiator */ 562 signal_free_time = CEC_SIGNAL_FREE_TIME_NEW_INITIATOR; 563 adap->last_initiator = cec_msg_initiator(&data->msg); 564 } else { 565 /* 566 * should be >= 7 data bit periods for sending another 567 * frame immediately after another. 568 */ 569 signal_free_time = CEC_SIGNAL_FREE_TIME_NEXT_XFER; 570 } 571 if (data->attempts == 0) 572 data->attempts = attempts; 573 574 /* Tell the adapter to transmit, cancel on error */ 575 if (adap->ops->adap_transmit(adap, data->attempts, 576 signal_free_time, &data->msg)) 577 cec_data_cancel(data, CEC_TX_STATUS_ABORTED); 578 else 579 adap->transmit_in_progress = true; 580 581 unlock: 582 mutex_unlock(&adap->lock); 583 584 if (kthread_should_stop()) 585 break; 586 } 587 return 0; 588 } 589 590 /* 591 * Called by the CEC adapter if a transmit finished. 592 */ 593 void cec_transmit_done_ts(struct cec_adapter *adap, u8 status, 594 u8 arb_lost_cnt, u8 nack_cnt, u8 low_drive_cnt, 595 u8 error_cnt, ktime_t ts) 596 { 597 struct cec_data *data; 598 struct cec_msg *msg; 599 unsigned int attempts_made = arb_lost_cnt + nack_cnt + 600 low_drive_cnt + error_cnt; 601 602 dprintk(2, "%s: status 0x%02x\n", __func__, status); 603 if (attempts_made < 1) 604 attempts_made = 1; 605 606 mutex_lock(&adap->lock); 607 data = adap->transmitting; 608 if (!data) { 609 /* 610 * This might happen if a transmit was issued and the cable is 611 * unplugged while the transmit is ongoing. Ignore this 612 * transmit in that case. 613 */ 614 if (!adap->transmit_in_progress) 615 dprintk(1, "%s was called without an ongoing transmit!\n", 616 __func__); 617 adap->transmit_in_progress = false; 618 goto wake_thread; 619 } 620 adap->transmit_in_progress = false; 621 622 msg = &data->msg; 623 624 /* Drivers must fill in the status! */ 625 WARN_ON(status == 0); 626 msg->tx_ts = ktime_to_ns(ts); 627 msg->tx_status |= status; 628 msg->tx_arb_lost_cnt += arb_lost_cnt; 629 msg->tx_nack_cnt += nack_cnt; 630 msg->tx_low_drive_cnt += low_drive_cnt; 631 msg->tx_error_cnt += error_cnt; 632 633 /* Mark that we're done with this transmit */ 634 adap->transmitting = NULL; 635 636 /* 637 * If there are still retry attempts left and there was an error and 638 * the hardware didn't signal that it retried itself (by setting 639 * CEC_TX_STATUS_MAX_RETRIES), then we will retry ourselves. 640 */ 641 if (data->attempts > attempts_made && 642 !(status & (CEC_TX_STATUS_MAX_RETRIES | CEC_TX_STATUS_OK))) { 643 /* Retry this message */ 644 data->attempts -= attempts_made; 645 if (msg->timeout) 646 dprintk(2, "retransmit: %*ph (attempts: %d, wait for 0x%02x)\n", 647 msg->len, msg->msg, data->attempts, msg->reply); 648 else 649 dprintk(2, "retransmit: %*ph (attempts: %d)\n", 650 msg->len, msg->msg, data->attempts); 651 /* Add the message in front of the transmit queue */ 652 list_add(&data->list, &adap->transmit_queue); 653 adap->transmit_queue_sz++; 654 goto wake_thread; 655 } 656 657 data->attempts = 0; 658 659 /* Always set CEC_TX_STATUS_MAX_RETRIES on error */ 660 if (!(status & CEC_TX_STATUS_OK)) 661 msg->tx_status |= CEC_TX_STATUS_MAX_RETRIES; 662 663 /* Queue transmitted message for monitoring purposes */ 664 cec_queue_msg_monitor(adap, msg, 1); 665 666 if ((status & CEC_TX_STATUS_OK) && adap->is_configured && 667 msg->timeout) { 668 /* 669 * Queue the message into the wait queue if we want to wait 670 * for a reply. 671 */ 672 list_add_tail(&data->list, &adap->wait_queue); 673 schedule_delayed_work(&data->work, 674 msecs_to_jiffies(msg->timeout)); 675 } else { 676 /* Otherwise we're done */ 677 cec_data_completed(data); 678 } 679 680 wake_thread: 681 /* 682 * Wake up the main thread to see if another message is ready 683 * for transmitting or to retry the current message. 684 */ 685 wake_up_interruptible(&adap->kthread_waitq); 686 mutex_unlock(&adap->lock); 687 } 688 EXPORT_SYMBOL_GPL(cec_transmit_done_ts); 689 690 void cec_transmit_attempt_done_ts(struct cec_adapter *adap, 691 u8 status, ktime_t ts) 692 { 693 switch (status & ~CEC_TX_STATUS_MAX_RETRIES) { 694 case CEC_TX_STATUS_OK: 695 cec_transmit_done_ts(adap, status, 0, 0, 0, 0, ts); 696 return; 697 case CEC_TX_STATUS_ARB_LOST: 698 cec_transmit_done_ts(adap, status, 1, 0, 0, 0, ts); 699 return; 700 case CEC_TX_STATUS_NACK: 701 cec_transmit_done_ts(adap, status, 0, 1, 0, 0, ts); 702 return; 703 case CEC_TX_STATUS_LOW_DRIVE: 704 cec_transmit_done_ts(adap, status, 0, 0, 1, 0, ts); 705 return; 706 case CEC_TX_STATUS_ERROR: 707 cec_transmit_done_ts(adap, status, 0, 0, 0, 1, ts); 708 return; 709 default: 710 /* Should never happen */ 711 WARN(1, "cec-%s: invalid status 0x%02x\n", adap->name, status); 712 return; 713 } 714 } 715 EXPORT_SYMBOL_GPL(cec_transmit_attempt_done_ts); 716 717 /* 718 * Called when waiting for a reply times out. 719 */ 720 static void cec_wait_timeout(struct work_struct *work) 721 { 722 struct cec_data *data = container_of(work, struct cec_data, work.work); 723 struct cec_adapter *adap = data->adap; 724 725 mutex_lock(&adap->lock); 726 /* 727 * Sanity check in case the timeout and the arrival of the message 728 * happened at the same time. 729 */ 730 if (list_empty(&data->list)) 731 goto unlock; 732 733 /* Mark the message as timed out */ 734 list_del_init(&data->list); 735 data->msg.rx_ts = ktime_get_ns(); 736 data->msg.rx_status = CEC_RX_STATUS_TIMEOUT; 737 cec_data_completed(data); 738 unlock: 739 mutex_unlock(&adap->lock); 740 } 741 742 /* 743 * Transmit a message. The fh argument may be NULL if the transmit is not 744 * associated with a specific filehandle. 745 * 746 * This function is called with adap->lock held. 747 */ 748 int cec_transmit_msg_fh(struct cec_adapter *adap, struct cec_msg *msg, 749 struct cec_fh *fh, bool block) 750 { 751 struct cec_data *data; 752 bool is_raw = msg_is_raw(msg); 753 754 if (adap->devnode.unregistered) 755 return -ENODEV; 756 757 msg->rx_ts = 0; 758 msg->tx_ts = 0; 759 msg->rx_status = 0; 760 msg->tx_status = 0; 761 msg->tx_arb_lost_cnt = 0; 762 msg->tx_nack_cnt = 0; 763 msg->tx_low_drive_cnt = 0; 764 msg->tx_error_cnt = 0; 765 msg->sequence = 0; 766 767 if (msg->reply && msg->timeout == 0) { 768 /* Make sure the timeout isn't 0. */ 769 msg->timeout = 1000; 770 } 771 msg->flags &= CEC_MSG_FL_REPLY_TO_FOLLOWERS | CEC_MSG_FL_RAW; 772 773 if (!msg->timeout) 774 msg->flags &= ~CEC_MSG_FL_REPLY_TO_FOLLOWERS; 775 776 /* Sanity checks */ 777 if (msg->len == 0 || msg->len > CEC_MAX_MSG_SIZE) { 778 dprintk(1, "%s: invalid length %d\n", __func__, msg->len); 779 return -EINVAL; 780 } 781 782 memset(msg->msg + msg->len, 0, sizeof(msg->msg) - msg->len); 783 784 if (msg->timeout) 785 dprintk(2, "%s: %*ph (wait for 0x%02x%s)\n", 786 __func__, msg->len, msg->msg, msg->reply, 787 !block ? ", nb" : ""); 788 else 789 dprintk(2, "%s: %*ph%s\n", 790 __func__, msg->len, msg->msg, !block ? " (nb)" : ""); 791 792 if (msg->timeout && msg->len == 1) { 793 dprintk(1, "%s: can't reply to poll msg\n", __func__); 794 return -EINVAL; 795 } 796 797 if (is_raw) { 798 if (!capable(CAP_SYS_RAWIO)) 799 return -EPERM; 800 } else { 801 /* A CDC-Only device can only send CDC messages */ 802 if ((adap->log_addrs.flags & CEC_LOG_ADDRS_FL_CDC_ONLY) && 803 (msg->len == 1 || msg->msg[1] != CEC_MSG_CDC_MESSAGE)) { 804 dprintk(1, "%s: not a CDC message\n", __func__); 805 return -EINVAL; 806 } 807 808 if (msg->len >= 4 && msg->msg[1] == CEC_MSG_CDC_MESSAGE) { 809 msg->msg[2] = adap->phys_addr >> 8; 810 msg->msg[3] = adap->phys_addr & 0xff; 811 } 812 813 if (msg->len == 1) { 814 if (cec_msg_destination(msg) == 0xf) { 815 dprintk(1, "%s: invalid poll message\n", 816 __func__); 817 return -EINVAL; 818 } 819 if (cec_has_log_addr(adap, cec_msg_destination(msg))) { 820 /* 821 * If the destination is a logical address our 822 * adapter has already claimed, then just NACK 823 * this. It depends on the hardware what it will 824 * do with a POLL to itself (some OK this), so 825 * it is just as easy to handle it here so the 826 * behavior will be consistent. 827 */ 828 msg->tx_ts = ktime_get_ns(); 829 msg->tx_status = CEC_TX_STATUS_NACK | 830 CEC_TX_STATUS_MAX_RETRIES; 831 msg->tx_nack_cnt = 1; 832 msg->sequence = ++adap->sequence; 833 if (!msg->sequence) 834 msg->sequence = ++adap->sequence; 835 return 0; 836 } 837 } 838 if (msg->len > 1 && !cec_msg_is_broadcast(msg) && 839 cec_has_log_addr(adap, cec_msg_destination(msg))) { 840 dprintk(1, "%s: destination is the adapter itself\n", 841 __func__); 842 return -EINVAL; 843 } 844 if (msg->len > 1 && adap->is_configured && 845 !cec_has_log_addr(adap, cec_msg_initiator(msg))) { 846 dprintk(1, "%s: initiator has unknown logical address %d\n", 847 __func__, cec_msg_initiator(msg)); 848 return -EINVAL; 849 } 850 /* 851 * Special case: allow Ping and IMAGE/TEXT_VIEW_ON to be 852 * transmitted to a TV, even if the adapter is unconfigured. 853 * This makes it possible to detect or wake up displays that 854 * pull down the HPD when in standby. 855 */ 856 if (!adap->is_configured && !adap->is_configuring && 857 (msg->len > 2 || 858 cec_msg_destination(msg) != CEC_LOG_ADDR_TV || 859 (msg->len == 2 && msg->msg[1] != CEC_MSG_IMAGE_VIEW_ON && 860 msg->msg[1] != CEC_MSG_TEXT_VIEW_ON))) { 861 dprintk(1, "%s: adapter is unconfigured\n", __func__); 862 return -ENONET; 863 } 864 } 865 866 if (!adap->is_configured && !adap->is_configuring) { 867 if (adap->needs_hpd) { 868 dprintk(1, "%s: adapter is unconfigured and needs HPD\n", 869 __func__); 870 return -ENONET; 871 } 872 if (msg->reply) { 873 dprintk(1, "%s: invalid msg->reply\n", __func__); 874 return -EINVAL; 875 } 876 } 877 878 if (adap->transmit_queue_sz >= CEC_MAX_MSG_TX_QUEUE_SZ) { 879 dprintk(2, "%s: transmit queue full\n", __func__); 880 return -EBUSY; 881 } 882 883 data = kzalloc(sizeof(*data), GFP_KERNEL); 884 if (!data) 885 return -ENOMEM; 886 887 msg->sequence = ++adap->sequence; 888 if (!msg->sequence) 889 msg->sequence = ++adap->sequence; 890 891 data->msg = *msg; 892 data->fh = fh; 893 data->adap = adap; 894 data->blocking = block; 895 896 init_completion(&data->c); 897 INIT_DELAYED_WORK(&data->work, cec_wait_timeout); 898 899 if (fh) 900 list_add_tail(&data->xfer_list, &fh->xfer_list); 901 902 list_add_tail(&data->list, &adap->transmit_queue); 903 adap->transmit_queue_sz++; 904 if (!adap->transmitting) 905 wake_up_interruptible(&adap->kthread_waitq); 906 907 /* All done if we don't need to block waiting for completion */ 908 if (!block) 909 return 0; 910 911 /* 912 * Release the lock and wait, retake the lock afterwards. 913 */ 914 mutex_unlock(&adap->lock); 915 wait_for_completion_killable(&data->c); 916 if (!data->completed) 917 cancel_delayed_work_sync(&data->work); 918 mutex_lock(&adap->lock); 919 920 /* Cancel the transmit if it was interrupted */ 921 if (!data->completed) 922 cec_data_cancel(data, CEC_TX_STATUS_ABORTED); 923 924 /* The transmit completed (possibly with an error) */ 925 *msg = data->msg; 926 kfree(data); 927 return 0; 928 } 929 930 /* Helper function to be used by drivers and this framework. */ 931 int cec_transmit_msg(struct cec_adapter *adap, struct cec_msg *msg, 932 bool block) 933 { 934 int ret; 935 936 mutex_lock(&adap->lock); 937 ret = cec_transmit_msg_fh(adap, msg, NULL, block); 938 mutex_unlock(&adap->lock); 939 return ret; 940 } 941 EXPORT_SYMBOL_GPL(cec_transmit_msg); 942 943 /* 944 * I don't like forward references but without this the low-level 945 * cec_received_msg() function would come after a bunch of high-level 946 * CEC protocol handling functions. That was very confusing. 947 */ 948 static int cec_receive_notify(struct cec_adapter *adap, struct cec_msg *msg, 949 bool is_reply); 950 951 #define DIRECTED 0x80 952 #define BCAST1_4 0x40 953 #define BCAST2_0 0x20 /* broadcast only allowed for >= 2.0 */ 954 #define BCAST (BCAST1_4 | BCAST2_0) 955 #define BOTH (BCAST | DIRECTED) 956 957 /* 958 * Specify minimum length and whether the message is directed, broadcast 959 * or both. Messages that do not match the criteria are ignored as per 960 * the CEC specification. 961 */ 962 static const u8 cec_msg_size[256] = { 963 [CEC_MSG_ACTIVE_SOURCE] = 4 | BCAST, 964 [CEC_MSG_IMAGE_VIEW_ON] = 2 | DIRECTED, 965 [CEC_MSG_TEXT_VIEW_ON] = 2 | DIRECTED, 966 [CEC_MSG_INACTIVE_SOURCE] = 4 | DIRECTED, 967 [CEC_MSG_REQUEST_ACTIVE_SOURCE] = 2 | BCAST, 968 [CEC_MSG_ROUTING_CHANGE] = 6 | BCAST, 969 [CEC_MSG_ROUTING_INFORMATION] = 4 | BCAST, 970 [CEC_MSG_SET_STREAM_PATH] = 4 | BCAST, 971 [CEC_MSG_STANDBY] = 2 | BOTH, 972 [CEC_MSG_RECORD_OFF] = 2 | DIRECTED, 973 [CEC_MSG_RECORD_ON] = 3 | DIRECTED, 974 [CEC_MSG_RECORD_STATUS] = 3 | DIRECTED, 975 [CEC_MSG_RECORD_TV_SCREEN] = 2 | DIRECTED, 976 [CEC_MSG_CLEAR_ANALOGUE_TIMER] = 13 | DIRECTED, 977 [CEC_MSG_CLEAR_DIGITAL_TIMER] = 16 | DIRECTED, 978 [CEC_MSG_CLEAR_EXT_TIMER] = 13 | DIRECTED, 979 [CEC_MSG_SET_ANALOGUE_TIMER] = 13 | DIRECTED, 980 [CEC_MSG_SET_DIGITAL_TIMER] = 16 | DIRECTED, 981 [CEC_MSG_SET_EXT_TIMER] = 13 | DIRECTED, 982 [CEC_MSG_SET_TIMER_PROGRAM_TITLE] = 2 | DIRECTED, 983 [CEC_MSG_TIMER_CLEARED_STATUS] = 3 | DIRECTED, 984 [CEC_MSG_TIMER_STATUS] = 3 | DIRECTED, 985 [CEC_MSG_CEC_VERSION] = 3 | DIRECTED, 986 [CEC_MSG_GET_CEC_VERSION] = 2 | DIRECTED, 987 [CEC_MSG_GIVE_PHYSICAL_ADDR] = 2 | DIRECTED, 988 [CEC_MSG_GET_MENU_LANGUAGE] = 2 | DIRECTED, 989 [CEC_MSG_REPORT_PHYSICAL_ADDR] = 5 | BCAST, 990 [CEC_MSG_SET_MENU_LANGUAGE] = 5 | BCAST, 991 [CEC_MSG_REPORT_FEATURES] = 6 | BCAST, 992 [CEC_MSG_GIVE_FEATURES] = 2 | DIRECTED, 993 [CEC_MSG_DECK_CONTROL] = 3 | DIRECTED, 994 [CEC_MSG_DECK_STATUS] = 3 | DIRECTED, 995 [CEC_MSG_GIVE_DECK_STATUS] = 3 | DIRECTED, 996 [CEC_MSG_PLAY] = 3 | DIRECTED, 997 [CEC_MSG_GIVE_TUNER_DEVICE_STATUS] = 3 | DIRECTED, 998 [CEC_MSG_SELECT_ANALOGUE_SERVICE] = 6 | DIRECTED, 999 [CEC_MSG_SELECT_DIGITAL_SERVICE] = 9 | DIRECTED, 1000 [CEC_MSG_TUNER_DEVICE_STATUS] = 7 | DIRECTED, 1001 [CEC_MSG_TUNER_STEP_DECREMENT] = 2 | DIRECTED, 1002 [CEC_MSG_TUNER_STEP_INCREMENT] = 2 | DIRECTED, 1003 [CEC_MSG_DEVICE_VENDOR_ID] = 5 | BCAST, 1004 [CEC_MSG_GIVE_DEVICE_VENDOR_ID] = 2 | DIRECTED, 1005 [CEC_MSG_VENDOR_COMMAND] = 2 | DIRECTED, 1006 [CEC_MSG_VENDOR_COMMAND_WITH_ID] = 5 | BOTH, 1007 [CEC_MSG_VENDOR_REMOTE_BUTTON_DOWN] = 2 | BOTH, 1008 [CEC_MSG_VENDOR_REMOTE_BUTTON_UP] = 2 | BOTH, 1009 [CEC_MSG_SET_OSD_STRING] = 3 | DIRECTED, 1010 [CEC_MSG_GIVE_OSD_NAME] = 2 | DIRECTED, 1011 [CEC_MSG_SET_OSD_NAME] = 2 | DIRECTED, 1012 [CEC_MSG_MENU_REQUEST] = 3 | DIRECTED, 1013 [CEC_MSG_MENU_STATUS] = 3 | DIRECTED, 1014 [CEC_MSG_USER_CONTROL_PRESSED] = 3 | DIRECTED, 1015 [CEC_MSG_USER_CONTROL_RELEASED] = 2 | DIRECTED, 1016 [CEC_MSG_GIVE_DEVICE_POWER_STATUS] = 2 | DIRECTED, 1017 [CEC_MSG_REPORT_POWER_STATUS] = 3 | DIRECTED | BCAST2_0, 1018 [CEC_MSG_FEATURE_ABORT] = 4 | DIRECTED, 1019 [CEC_MSG_ABORT] = 2 | DIRECTED, 1020 [CEC_MSG_GIVE_AUDIO_STATUS] = 2 | DIRECTED, 1021 [CEC_MSG_GIVE_SYSTEM_AUDIO_MODE_STATUS] = 2 | DIRECTED, 1022 [CEC_MSG_REPORT_AUDIO_STATUS] = 3 | DIRECTED, 1023 [CEC_MSG_REPORT_SHORT_AUDIO_DESCRIPTOR] = 2 | DIRECTED, 1024 [CEC_MSG_REQUEST_SHORT_AUDIO_DESCRIPTOR] = 2 | DIRECTED, 1025 [CEC_MSG_SET_SYSTEM_AUDIO_MODE] = 3 | BOTH, 1026 [CEC_MSG_SYSTEM_AUDIO_MODE_REQUEST] = 2 | DIRECTED, 1027 [CEC_MSG_SYSTEM_AUDIO_MODE_STATUS] = 3 | DIRECTED, 1028 [CEC_MSG_SET_AUDIO_RATE] = 3 | DIRECTED, 1029 [CEC_MSG_INITIATE_ARC] = 2 | DIRECTED, 1030 [CEC_MSG_REPORT_ARC_INITIATED] = 2 | DIRECTED, 1031 [CEC_MSG_REPORT_ARC_TERMINATED] = 2 | DIRECTED, 1032 [CEC_MSG_REQUEST_ARC_INITIATION] = 2 | DIRECTED, 1033 [CEC_MSG_REQUEST_ARC_TERMINATION] = 2 | DIRECTED, 1034 [CEC_MSG_TERMINATE_ARC] = 2 | DIRECTED, 1035 [CEC_MSG_REQUEST_CURRENT_LATENCY] = 4 | BCAST, 1036 [CEC_MSG_REPORT_CURRENT_LATENCY] = 6 | BCAST, 1037 [CEC_MSG_CDC_MESSAGE] = 2 | BCAST, 1038 }; 1039 1040 /* Called by the CEC adapter if a message is received */ 1041 void cec_received_msg_ts(struct cec_adapter *adap, 1042 struct cec_msg *msg, ktime_t ts) 1043 { 1044 struct cec_data *data; 1045 u8 msg_init = cec_msg_initiator(msg); 1046 u8 msg_dest = cec_msg_destination(msg); 1047 u8 cmd = msg->msg[1]; 1048 bool is_reply = false; 1049 bool valid_la = true; 1050 u8 min_len = 0; 1051 1052 if (WARN_ON(!msg->len || msg->len > CEC_MAX_MSG_SIZE)) 1053 return; 1054 1055 if (adap->devnode.unregistered) 1056 return; 1057 1058 /* 1059 * Some CEC adapters will receive the messages that they transmitted. 1060 * This test filters out those messages by checking if we are the 1061 * initiator, and just returning in that case. 1062 * 1063 * Note that this won't work if this is an Unregistered device. 1064 * 1065 * It is bad practice if the hardware receives the message that it 1066 * transmitted and luckily most CEC adapters behave correctly in this 1067 * respect. 1068 */ 1069 if (msg_init != CEC_LOG_ADDR_UNREGISTERED && 1070 cec_has_log_addr(adap, msg_init)) 1071 return; 1072 1073 msg->rx_ts = ktime_to_ns(ts); 1074 msg->rx_status = CEC_RX_STATUS_OK; 1075 msg->sequence = msg->reply = msg->timeout = 0; 1076 msg->tx_status = 0; 1077 msg->tx_ts = 0; 1078 msg->tx_arb_lost_cnt = 0; 1079 msg->tx_nack_cnt = 0; 1080 msg->tx_low_drive_cnt = 0; 1081 msg->tx_error_cnt = 0; 1082 msg->flags = 0; 1083 memset(msg->msg + msg->len, 0, sizeof(msg->msg) - msg->len); 1084 1085 mutex_lock(&adap->lock); 1086 dprintk(2, "%s: %*ph\n", __func__, msg->len, msg->msg); 1087 1088 adap->last_initiator = 0xff; 1089 1090 /* Check if this message was for us (directed or broadcast). */ 1091 if (!cec_msg_is_broadcast(msg)) 1092 valid_la = cec_has_log_addr(adap, msg_dest); 1093 1094 /* 1095 * Check if the length is not too short or if the message is a 1096 * broadcast message where a directed message was expected or 1097 * vice versa. If so, then the message has to be ignored (according 1098 * to section CEC 7.3 and CEC 12.2). 1099 */ 1100 if (valid_la && msg->len > 1 && cec_msg_size[cmd]) { 1101 u8 dir_fl = cec_msg_size[cmd] & BOTH; 1102 1103 min_len = cec_msg_size[cmd] & 0x1f; 1104 if (msg->len < min_len) 1105 valid_la = false; 1106 else if (!cec_msg_is_broadcast(msg) && !(dir_fl & DIRECTED)) 1107 valid_la = false; 1108 else if (cec_msg_is_broadcast(msg) && !(dir_fl & BCAST)) 1109 valid_la = false; 1110 else if (cec_msg_is_broadcast(msg) && 1111 adap->log_addrs.cec_version < CEC_OP_CEC_VERSION_2_0 && 1112 !(dir_fl & BCAST1_4)) 1113 valid_la = false; 1114 } 1115 if (valid_la && min_len) { 1116 /* These messages have special length requirements */ 1117 switch (cmd) { 1118 case CEC_MSG_TIMER_STATUS: 1119 if (msg->msg[2] & 0x10) { 1120 switch (msg->msg[2] & 0xf) { 1121 case CEC_OP_PROG_INFO_NOT_ENOUGH_SPACE: 1122 case CEC_OP_PROG_INFO_MIGHT_NOT_BE_ENOUGH_SPACE: 1123 if (msg->len < 5) 1124 valid_la = false; 1125 break; 1126 } 1127 } else if ((msg->msg[2] & 0xf) == CEC_OP_PROG_ERROR_DUPLICATE) { 1128 if (msg->len < 5) 1129 valid_la = false; 1130 } 1131 break; 1132 case CEC_MSG_RECORD_ON: 1133 switch (msg->msg[2]) { 1134 case CEC_OP_RECORD_SRC_OWN: 1135 break; 1136 case CEC_OP_RECORD_SRC_DIGITAL: 1137 if (msg->len < 10) 1138 valid_la = false; 1139 break; 1140 case CEC_OP_RECORD_SRC_ANALOG: 1141 if (msg->len < 7) 1142 valid_la = false; 1143 break; 1144 case CEC_OP_RECORD_SRC_EXT_PLUG: 1145 if (msg->len < 4) 1146 valid_la = false; 1147 break; 1148 case CEC_OP_RECORD_SRC_EXT_PHYS_ADDR: 1149 if (msg->len < 5) 1150 valid_la = false; 1151 break; 1152 } 1153 break; 1154 } 1155 } 1156 1157 /* It's a valid message and not a poll or CDC message */ 1158 if (valid_la && msg->len > 1 && cmd != CEC_MSG_CDC_MESSAGE) { 1159 bool abort = cmd == CEC_MSG_FEATURE_ABORT; 1160 1161 /* The aborted command is in msg[2] */ 1162 if (abort) 1163 cmd = msg->msg[2]; 1164 1165 /* 1166 * Walk over all transmitted messages that are waiting for a 1167 * reply. 1168 */ 1169 list_for_each_entry(data, &adap->wait_queue, list) { 1170 struct cec_msg *dst = &data->msg; 1171 1172 /* 1173 * The *only* CEC message that has two possible replies 1174 * is CEC_MSG_INITIATE_ARC. 1175 * In this case allow either of the two replies. 1176 */ 1177 if (!abort && dst->msg[1] == CEC_MSG_INITIATE_ARC && 1178 (cmd == CEC_MSG_REPORT_ARC_INITIATED || 1179 cmd == CEC_MSG_REPORT_ARC_TERMINATED) && 1180 (dst->reply == CEC_MSG_REPORT_ARC_INITIATED || 1181 dst->reply == CEC_MSG_REPORT_ARC_TERMINATED)) 1182 dst->reply = cmd; 1183 1184 /* Does the command match? */ 1185 if ((abort && cmd != dst->msg[1]) || 1186 (!abort && cmd != dst->reply)) 1187 continue; 1188 1189 /* Does the addressing match? */ 1190 if (msg_init != cec_msg_destination(dst) && 1191 !cec_msg_is_broadcast(dst)) 1192 continue; 1193 1194 /* We got a reply */ 1195 memcpy(dst->msg, msg->msg, msg->len); 1196 dst->len = msg->len; 1197 dst->rx_ts = msg->rx_ts; 1198 dst->rx_status = msg->rx_status; 1199 if (abort) 1200 dst->rx_status |= CEC_RX_STATUS_FEATURE_ABORT; 1201 msg->flags = dst->flags; 1202 /* Remove it from the wait_queue */ 1203 list_del_init(&data->list); 1204 1205 /* Cancel the pending timeout work */ 1206 if (!cancel_delayed_work(&data->work)) { 1207 mutex_unlock(&adap->lock); 1208 cancel_delayed_work_sync(&data->work); 1209 mutex_lock(&adap->lock); 1210 } 1211 /* 1212 * Mark this as a reply, provided someone is still 1213 * waiting for the answer. 1214 */ 1215 if (data->fh) 1216 is_reply = true; 1217 cec_data_completed(data); 1218 break; 1219 } 1220 } 1221 mutex_unlock(&adap->lock); 1222 1223 /* Pass the message on to any monitoring filehandles */ 1224 cec_queue_msg_monitor(adap, msg, valid_la); 1225 1226 /* We're done if it is not for us or a poll message */ 1227 if (!valid_la || msg->len <= 1) 1228 return; 1229 1230 if (adap->log_addrs.log_addr_mask == 0) 1231 return; 1232 1233 /* 1234 * Process the message on the protocol level. If is_reply is true, 1235 * then cec_receive_notify() won't pass on the reply to the listener(s) 1236 * since that was already done by cec_data_completed() above. 1237 */ 1238 cec_receive_notify(adap, msg, is_reply); 1239 } 1240 EXPORT_SYMBOL_GPL(cec_received_msg_ts); 1241 1242 /* Logical Address Handling */ 1243 1244 /* 1245 * Attempt to claim a specific logical address. 1246 * 1247 * This function is called with adap->lock held. 1248 */ 1249 static int cec_config_log_addr(struct cec_adapter *adap, 1250 unsigned int idx, 1251 unsigned int log_addr) 1252 { 1253 struct cec_log_addrs *las = &adap->log_addrs; 1254 struct cec_msg msg = { }; 1255 const unsigned int max_retries = 2; 1256 unsigned int i; 1257 int err; 1258 1259 if (cec_has_log_addr(adap, log_addr)) 1260 return 0; 1261 1262 /* Send poll message */ 1263 msg.len = 1; 1264 msg.msg[0] = (log_addr << 4) | log_addr; 1265 1266 for (i = 0; i < max_retries; i++) { 1267 err = cec_transmit_msg_fh(adap, &msg, NULL, true); 1268 1269 /* 1270 * While trying to poll the physical address was reset 1271 * and the adapter was unconfigured, so bail out. 1272 */ 1273 if (!adap->is_configuring) 1274 return -EINTR; 1275 1276 if (err) 1277 return err; 1278 1279 /* 1280 * The message was aborted due to a disconnect or 1281 * unconfigure, just bail out. 1282 */ 1283 if (msg.tx_status & CEC_TX_STATUS_ABORTED) 1284 return -EINTR; 1285 if (msg.tx_status & CEC_TX_STATUS_OK) 1286 return 0; 1287 if (msg.tx_status & CEC_TX_STATUS_NACK) 1288 break; 1289 /* 1290 * Retry up to max_retries times if the message was neither 1291 * OKed or NACKed. This can happen due to e.g. a Lost 1292 * Arbitration condition. 1293 */ 1294 } 1295 1296 /* 1297 * If we are unable to get an OK or a NACK after max_retries attempts 1298 * (and note that each attempt already consists of four polls), then 1299 * we assume that something is really weird and that it is not a 1300 * good idea to try and claim this logical address. 1301 */ 1302 if (i == max_retries) 1303 return 0; 1304 1305 /* 1306 * Message not acknowledged, so this logical 1307 * address is free to use. 1308 */ 1309 err = adap->ops->adap_log_addr(adap, log_addr); 1310 if (err) 1311 return err; 1312 1313 las->log_addr[idx] = log_addr; 1314 las->log_addr_mask |= 1 << log_addr; 1315 return 1; 1316 } 1317 1318 /* 1319 * Unconfigure the adapter: clear all logical addresses and send 1320 * the state changed event. 1321 * 1322 * This function is called with adap->lock held. 1323 */ 1324 static void cec_adap_unconfigure(struct cec_adapter *adap) 1325 { 1326 if (!adap->needs_hpd || 1327 adap->phys_addr != CEC_PHYS_ADDR_INVALID) 1328 WARN_ON(adap->ops->adap_log_addr(adap, CEC_LOG_ADDR_INVALID)); 1329 adap->log_addrs.log_addr_mask = 0; 1330 adap->is_configuring = false; 1331 adap->is_configured = false; 1332 cec_flush(adap); 1333 wake_up_interruptible(&adap->kthread_waitq); 1334 cec_post_state_event(adap); 1335 } 1336 1337 /* 1338 * Attempt to claim the required logical addresses. 1339 */ 1340 static int cec_config_thread_func(void *arg) 1341 { 1342 /* The various LAs for each type of device */ 1343 static const u8 tv_log_addrs[] = { 1344 CEC_LOG_ADDR_TV, CEC_LOG_ADDR_SPECIFIC, 1345 CEC_LOG_ADDR_INVALID 1346 }; 1347 static const u8 record_log_addrs[] = { 1348 CEC_LOG_ADDR_RECORD_1, CEC_LOG_ADDR_RECORD_2, 1349 CEC_LOG_ADDR_RECORD_3, 1350 CEC_LOG_ADDR_BACKUP_1, CEC_LOG_ADDR_BACKUP_2, 1351 CEC_LOG_ADDR_INVALID 1352 }; 1353 static const u8 tuner_log_addrs[] = { 1354 CEC_LOG_ADDR_TUNER_1, CEC_LOG_ADDR_TUNER_2, 1355 CEC_LOG_ADDR_TUNER_3, CEC_LOG_ADDR_TUNER_4, 1356 CEC_LOG_ADDR_BACKUP_1, CEC_LOG_ADDR_BACKUP_2, 1357 CEC_LOG_ADDR_INVALID 1358 }; 1359 static const u8 playback_log_addrs[] = { 1360 CEC_LOG_ADDR_PLAYBACK_1, CEC_LOG_ADDR_PLAYBACK_2, 1361 CEC_LOG_ADDR_PLAYBACK_3, 1362 CEC_LOG_ADDR_BACKUP_1, CEC_LOG_ADDR_BACKUP_2, 1363 CEC_LOG_ADDR_INVALID 1364 }; 1365 static const u8 audiosystem_log_addrs[] = { 1366 CEC_LOG_ADDR_AUDIOSYSTEM, 1367 CEC_LOG_ADDR_INVALID 1368 }; 1369 static const u8 specific_use_log_addrs[] = { 1370 CEC_LOG_ADDR_SPECIFIC, 1371 CEC_LOG_ADDR_BACKUP_1, CEC_LOG_ADDR_BACKUP_2, 1372 CEC_LOG_ADDR_INVALID 1373 }; 1374 static const u8 *type2addrs[6] = { 1375 [CEC_LOG_ADDR_TYPE_TV] = tv_log_addrs, 1376 [CEC_LOG_ADDR_TYPE_RECORD] = record_log_addrs, 1377 [CEC_LOG_ADDR_TYPE_TUNER] = tuner_log_addrs, 1378 [CEC_LOG_ADDR_TYPE_PLAYBACK] = playback_log_addrs, 1379 [CEC_LOG_ADDR_TYPE_AUDIOSYSTEM] = audiosystem_log_addrs, 1380 [CEC_LOG_ADDR_TYPE_SPECIFIC] = specific_use_log_addrs, 1381 }; 1382 static const u16 type2mask[] = { 1383 [CEC_LOG_ADDR_TYPE_TV] = CEC_LOG_ADDR_MASK_TV, 1384 [CEC_LOG_ADDR_TYPE_RECORD] = CEC_LOG_ADDR_MASK_RECORD, 1385 [CEC_LOG_ADDR_TYPE_TUNER] = CEC_LOG_ADDR_MASK_TUNER, 1386 [CEC_LOG_ADDR_TYPE_PLAYBACK] = CEC_LOG_ADDR_MASK_PLAYBACK, 1387 [CEC_LOG_ADDR_TYPE_AUDIOSYSTEM] = CEC_LOG_ADDR_MASK_AUDIOSYSTEM, 1388 [CEC_LOG_ADDR_TYPE_SPECIFIC] = CEC_LOG_ADDR_MASK_SPECIFIC, 1389 }; 1390 struct cec_adapter *adap = arg; 1391 struct cec_log_addrs *las = &adap->log_addrs; 1392 int err; 1393 int i, j; 1394 1395 mutex_lock(&adap->lock); 1396 dprintk(1, "physical address: %x.%x.%x.%x, claim %d logical addresses\n", 1397 cec_phys_addr_exp(adap->phys_addr), las->num_log_addrs); 1398 las->log_addr_mask = 0; 1399 1400 if (las->log_addr_type[0] == CEC_LOG_ADDR_TYPE_UNREGISTERED) 1401 goto configured; 1402 1403 for (i = 0; i < las->num_log_addrs; i++) { 1404 unsigned int type = las->log_addr_type[i]; 1405 const u8 *la_list; 1406 u8 last_la; 1407 1408 /* 1409 * The TV functionality can only map to physical address 0. 1410 * For any other address, try the Specific functionality 1411 * instead as per the spec. 1412 */ 1413 if (adap->phys_addr && type == CEC_LOG_ADDR_TYPE_TV) 1414 type = CEC_LOG_ADDR_TYPE_SPECIFIC; 1415 1416 la_list = type2addrs[type]; 1417 last_la = las->log_addr[i]; 1418 las->log_addr[i] = CEC_LOG_ADDR_INVALID; 1419 if (last_la == CEC_LOG_ADDR_INVALID || 1420 last_la == CEC_LOG_ADDR_UNREGISTERED || 1421 !((1 << last_la) & type2mask[type])) 1422 last_la = la_list[0]; 1423 1424 err = cec_config_log_addr(adap, i, last_la); 1425 if (err > 0) /* Reused last LA */ 1426 continue; 1427 1428 if (err < 0) 1429 goto unconfigure; 1430 1431 for (j = 0; la_list[j] != CEC_LOG_ADDR_INVALID; j++) { 1432 /* Tried this one already, skip it */ 1433 if (la_list[j] == last_la) 1434 continue; 1435 /* The backup addresses are CEC 2.0 specific */ 1436 if ((la_list[j] == CEC_LOG_ADDR_BACKUP_1 || 1437 la_list[j] == CEC_LOG_ADDR_BACKUP_2) && 1438 las->cec_version < CEC_OP_CEC_VERSION_2_0) 1439 continue; 1440 1441 err = cec_config_log_addr(adap, i, la_list[j]); 1442 if (err == 0) /* LA is in use */ 1443 continue; 1444 if (err < 0) 1445 goto unconfigure; 1446 /* Done, claimed an LA */ 1447 break; 1448 } 1449 1450 if (la_list[j] == CEC_LOG_ADDR_INVALID) 1451 dprintk(1, "could not claim LA %d\n", i); 1452 } 1453 1454 if (adap->log_addrs.log_addr_mask == 0 && 1455 !(las->flags & CEC_LOG_ADDRS_FL_ALLOW_UNREG_FALLBACK)) 1456 goto unconfigure; 1457 1458 configured: 1459 if (adap->log_addrs.log_addr_mask == 0) { 1460 /* Fall back to unregistered */ 1461 las->log_addr[0] = CEC_LOG_ADDR_UNREGISTERED; 1462 las->log_addr_mask = 1 << las->log_addr[0]; 1463 for (i = 1; i < las->num_log_addrs; i++) 1464 las->log_addr[i] = CEC_LOG_ADDR_INVALID; 1465 } 1466 for (i = las->num_log_addrs; i < CEC_MAX_LOG_ADDRS; i++) 1467 las->log_addr[i] = CEC_LOG_ADDR_INVALID; 1468 adap->is_configured = true; 1469 adap->is_configuring = false; 1470 cec_post_state_event(adap); 1471 1472 /* 1473 * Now post the Report Features and Report Physical Address broadcast 1474 * messages. Note that these are non-blocking transmits, meaning that 1475 * they are just queued up and once adap->lock is unlocked the main 1476 * thread will kick in and start transmitting these. 1477 * 1478 * If after this function is done (but before one or more of these 1479 * messages are actually transmitted) the CEC adapter is unconfigured, 1480 * then any remaining messages will be dropped by the main thread. 1481 */ 1482 for (i = 0; i < las->num_log_addrs; i++) { 1483 struct cec_msg msg = {}; 1484 1485 if (las->log_addr[i] == CEC_LOG_ADDR_INVALID || 1486 (las->flags & CEC_LOG_ADDRS_FL_CDC_ONLY)) 1487 continue; 1488 1489 msg.msg[0] = (las->log_addr[i] << 4) | 0x0f; 1490 1491 /* Report Features must come first according to CEC 2.0 */ 1492 if (las->log_addr[i] != CEC_LOG_ADDR_UNREGISTERED && 1493 adap->log_addrs.cec_version >= CEC_OP_CEC_VERSION_2_0) { 1494 cec_fill_msg_report_features(adap, &msg, i); 1495 cec_transmit_msg_fh(adap, &msg, NULL, false); 1496 } 1497 1498 /* Report Physical Address */ 1499 cec_msg_report_physical_addr(&msg, adap->phys_addr, 1500 las->primary_device_type[i]); 1501 dprintk(1, "config: la %d pa %x.%x.%x.%x\n", 1502 las->log_addr[i], 1503 cec_phys_addr_exp(adap->phys_addr)); 1504 cec_transmit_msg_fh(adap, &msg, NULL, false); 1505 1506 /* Report Vendor ID */ 1507 if (adap->log_addrs.vendor_id != CEC_VENDOR_ID_NONE) { 1508 cec_msg_device_vendor_id(&msg, 1509 adap->log_addrs.vendor_id); 1510 cec_transmit_msg_fh(adap, &msg, NULL, false); 1511 } 1512 } 1513 adap->kthread_config = NULL; 1514 complete(&adap->config_completion); 1515 mutex_unlock(&adap->lock); 1516 return 0; 1517 1518 unconfigure: 1519 for (i = 0; i < las->num_log_addrs; i++) 1520 las->log_addr[i] = CEC_LOG_ADDR_INVALID; 1521 cec_adap_unconfigure(adap); 1522 adap->kthread_config = NULL; 1523 mutex_unlock(&adap->lock); 1524 complete(&adap->config_completion); 1525 return 0; 1526 } 1527 1528 /* 1529 * Called from either __cec_s_phys_addr or __cec_s_log_addrs to claim the 1530 * logical addresses. 1531 * 1532 * This function is called with adap->lock held. 1533 */ 1534 static void cec_claim_log_addrs(struct cec_adapter *adap, bool block) 1535 { 1536 if (WARN_ON(adap->is_configuring || adap->is_configured)) 1537 return; 1538 1539 init_completion(&adap->config_completion); 1540 1541 /* Ready to kick off the thread */ 1542 adap->is_configuring = true; 1543 adap->kthread_config = kthread_run(cec_config_thread_func, adap, 1544 "ceccfg-%s", adap->name); 1545 if (IS_ERR(adap->kthread_config)) { 1546 adap->kthread_config = NULL; 1547 } else if (block) { 1548 mutex_unlock(&adap->lock); 1549 wait_for_completion(&adap->config_completion); 1550 mutex_lock(&adap->lock); 1551 } 1552 } 1553 1554 /* Set a new physical address and send an event notifying userspace of this. 1555 * 1556 * This function is called with adap->lock held. 1557 */ 1558 void __cec_s_phys_addr(struct cec_adapter *adap, u16 phys_addr, bool block) 1559 { 1560 if (phys_addr == adap->phys_addr) 1561 return; 1562 if (phys_addr != CEC_PHYS_ADDR_INVALID && adap->devnode.unregistered) 1563 return; 1564 1565 dprintk(1, "new physical address %x.%x.%x.%x\n", 1566 cec_phys_addr_exp(phys_addr)); 1567 if (phys_addr == CEC_PHYS_ADDR_INVALID || 1568 adap->phys_addr != CEC_PHYS_ADDR_INVALID) { 1569 adap->phys_addr = CEC_PHYS_ADDR_INVALID; 1570 cec_post_state_event(adap); 1571 cec_adap_unconfigure(adap); 1572 /* Disabling monitor all mode should always succeed */ 1573 if (adap->monitor_all_cnt) 1574 WARN_ON(call_op(adap, adap_monitor_all_enable, false)); 1575 mutex_lock(&adap->devnode.lock); 1576 if (adap->needs_hpd || list_empty(&adap->devnode.fhs)) { 1577 WARN_ON(adap->ops->adap_enable(adap, false)); 1578 adap->transmit_in_progress = false; 1579 wake_up_interruptible(&adap->kthread_waitq); 1580 } 1581 mutex_unlock(&adap->devnode.lock); 1582 if (phys_addr == CEC_PHYS_ADDR_INVALID) 1583 return; 1584 } 1585 1586 mutex_lock(&adap->devnode.lock); 1587 adap->last_initiator = 0xff; 1588 adap->transmit_in_progress = false; 1589 1590 if ((adap->needs_hpd || list_empty(&adap->devnode.fhs)) && 1591 adap->ops->adap_enable(adap, true)) { 1592 mutex_unlock(&adap->devnode.lock); 1593 return; 1594 } 1595 1596 if (adap->monitor_all_cnt && 1597 call_op(adap, adap_monitor_all_enable, true)) { 1598 if (adap->needs_hpd || list_empty(&adap->devnode.fhs)) 1599 WARN_ON(adap->ops->adap_enable(adap, false)); 1600 mutex_unlock(&adap->devnode.lock); 1601 return; 1602 } 1603 mutex_unlock(&adap->devnode.lock); 1604 1605 adap->phys_addr = phys_addr; 1606 cec_post_state_event(adap); 1607 if (adap->log_addrs.num_log_addrs) 1608 cec_claim_log_addrs(adap, block); 1609 } 1610 1611 void cec_s_phys_addr(struct cec_adapter *adap, u16 phys_addr, bool block) 1612 { 1613 if (IS_ERR_OR_NULL(adap)) 1614 return; 1615 1616 mutex_lock(&adap->lock); 1617 __cec_s_phys_addr(adap, phys_addr, block); 1618 mutex_unlock(&adap->lock); 1619 } 1620 EXPORT_SYMBOL_GPL(cec_s_phys_addr); 1621 1622 void cec_s_phys_addr_from_edid(struct cec_adapter *adap, 1623 const struct edid *edid) 1624 { 1625 u16 pa = CEC_PHYS_ADDR_INVALID; 1626 1627 if (edid && edid->extensions) 1628 pa = cec_get_edid_phys_addr((const u8 *)edid, 1629 EDID_LENGTH * (edid->extensions + 1), NULL); 1630 cec_s_phys_addr(adap, pa, false); 1631 } 1632 EXPORT_SYMBOL_GPL(cec_s_phys_addr_from_edid); 1633 1634 void cec_s_conn_info(struct cec_adapter *adap, 1635 const struct cec_connector_info *conn_info) 1636 { 1637 if (IS_ERR_OR_NULL(adap)) 1638 return; 1639 1640 if (!(adap->capabilities & CEC_CAP_CONNECTOR_INFO)) 1641 return; 1642 1643 mutex_lock(&adap->lock); 1644 if (conn_info) 1645 adap->conn_info = *conn_info; 1646 else 1647 memset(&adap->conn_info, 0, sizeof(adap->conn_info)); 1648 cec_post_state_event(adap); 1649 mutex_unlock(&adap->lock); 1650 } 1651 EXPORT_SYMBOL_GPL(cec_s_conn_info); 1652 1653 /* 1654 * Called from either the ioctl or a driver to set the logical addresses. 1655 * 1656 * This function is called with adap->lock held. 1657 */ 1658 int __cec_s_log_addrs(struct cec_adapter *adap, 1659 struct cec_log_addrs *log_addrs, bool block) 1660 { 1661 u16 type_mask = 0; 1662 int i; 1663 1664 if (adap->devnode.unregistered) 1665 return -ENODEV; 1666 1667 if (!log_addrs || log_addrs->num_log_addrs == 0) { 1668 cec_adap_unconfigure(adap); 1669 adap->log_addrs.num_log_addrs = 0; 1670 for (i = 0; i < CEC_MAX_LOG_ADDRS; i++) 1671 adap->log_addrs.log_addr[i] = CEC_LOG_ADDR_INVALID; 1672 adap->log_addrs.osd_name[0] = '\0'; 1673 adap->log_addrs.vendor_id = CEC_VENDOR_ID_NONE; 1674 adap->log_addrs.cec_version = CEC_OP_CEC_VERSION_2_0; 1675 return 0; 1676 } 1677 1678 if (log_addrs->flags & CEC_LOG_ADDRS_FL_CDC_ONLY) { 1679 /* 1680 * Sanitize log_addrs fields if a CDC-Only device is 1681 * requested. 1682 */ 1683 log_addrs->num_log_addrs = 1; 1684 log_addrs->osd_name[0] = '\0'; 1685 log_addrs->vendor_id = CEC_VENDOR_ID_NONE; 1686 log_addrs->log_addr_type[0] = CEC_LOG_ADDR_TYPE_UNREGISTERED; 1687 /* 1688 * This is just an internal convention since a CDC-Only device 1689 * doesn't have to be a switch. But switches already use 1690 * unregistered, so it makes some kind of sense to pick this 1691 * as the primary device. Since a CDC-Only device never sends 1692 * any 'normal' CEC messages this primary device type is never 1693 * sent over the CEC bus. 1694 */ 1695 log_addrs->primary_device_type[0] = CEC_OP_PRIM_DEVTYPE_SWITCH; 1696 log_addrs->all_device_types[0] = 0; 1697 log_addrs->features[0][0] = 0; 1698 log_addrs->features[0][1] = 0; 1699 } 1700 1701 /* Ensure the osd name is 0-terminated */ 1702 log_addrs->osd_name[sizeof(log_addrs->osd_name) - 1] = '\0'; 1703 1704 /* Sanity checks */ 1705 if (log_addrs->num_log_addrs > adap->available_log_addrs) { 1706 dprintk(1, "num_log_addrs > %d\n", adap->available_log_addrs); 1707 return -EINVAL; 1708 } 1709 1710 /* 1711 * Vendor ID is a 24 bit number, so check if the value is 1712 * within the correct range. 1713 */ 1714 if (log_addrs->vendor_id != CEC_VENDOR_ID_NONE && 1715 (log_addrs->vendor_id & 0xff000000) != 0) { 1716 dprintk(1, "invalid vendor ID\n"); 1717 return -EINVAL; 1718 } 1719 1720 if (log_addrs->cec_version != CEC_OP_CEC_VERSION_1_4 && 1721 log_addrs->cec_version != CEC_OP_CEC_VERSION_2_0) { 1722 dprintk(1, "invalid CEC version\n"); 1723 return -EINVAL; 1724 } 1725 1726 if (log_addrs->num_log_addrs > 1) 1727 for (i = 0; i < log_addrs->num_log_addrs; i++) 1728 if (log_addrs->log_addr_type[i] == 1729 CEC_LOG_ADDR_TYPE_UNREGISTERED) { 1730 dprintk(1, "num_log_addrs > 1 can't be combined with unregistered LA\n"); 1731 return -EINVAL; 1732 } 1733 1734 for (i = 0; i < log_addrs->num_log_addrs; i++) { 1735 const u8 feature_sz = ARRAY_SIZE(log_addrs->features[0]); 1736 u8 *features = log_addrs->features[i]; 1737 bool op_is_dev_features = false; 1738 unsigned int j; 1739 1740 log_addrs->log_addr[i] = CEC_LOG_ADDR_INVALID; 1741 if (log_addrs->log_addr_type[i] > CEC_LOG_ADDR_TYPE_UNREGISTERED) { 1742 dprintk(1, "unknown logical address type\n"); 1743 return -EINVAL; 1744 } 1745 if (type_mask & (1 << log_addrs->log_addr_type[i])) { 1746 dprintk(1, "duplicate logical address type\n"); 1747 return -EINVAL; 1748 } 1749 type_mask |= 1 << log_addrs->log_addr_type[i]; 1750 if ((type_mask & (1 << CEC_LOG_ADDR_TYPE_RECORD)) && 1751 (type_mask & (1 << CEC_LOG_ADDR_TYPE_PLAYBACK))) { 1752 /* Record already contains the playback functionality */ 1753 dprintk(1, "invalid record + playback combination\n"); 1754 return -EINVAL; 1755 } 1756 if (log_addrs->primary_device_type[i] > 1757 CEC_OP_PRIM_DEVTYPE_PROCESSOR) { 1758 dprintk(1, "unknown primary device type\n"); 1759 return -EINVAL; 1760 } 1761 if (log_addrs->primary_device_type[i] == 2) { 1762 dprintk(1, "invalid primary device type\n"); 1763 return -EINVAL; 1764 } 1765 for (j = 0; j < feature_sz; j++) { 1766 if ((features[j] & 0x80) == 0) { 1767 if (op_is_dev_features) 1768 break; 1769 op_is_dev_features = true; 1770 } 1771 } 1772 if (!op_is_dev_features || j == feature_sz) { 1773 dprintk(1, "malformed features\n"); 1774 return -EINVAL; 1775 } 1776 /* Zero unused part of the feature array */ 1777 memset(features + j + 1, 0, feature_sz - j - 1); 1778 } 1779 1780 if (log_addrs->cec_version >= CEC_OP_CEC_VERSION_2_0) { 1781 if (log_addrs->num_log_addrs > 2) { 1782 dprintk(1, "CEC 2.0 allows no more than 2 logical addresses\n"); 1783 return -EINVAL; 1784 } 1785 if (log_addrs->num_log_addrs == 2) { 1786 if (!(type_mask & ((1 << CEC_LOG_ADDR_TYPE_AUDIOSYSTEM) | 1787 (1 << CEC_LOG_ADDR_TYPE_TV)))) { 1788 dprintk(1, "two LAs is only allowed for audiosystem and TV\n"); 1789 return -EINVAL; 1790 } 1791 if (!(type_mask & ((1 << CEC_LOG_ADDR_TYPE_PLAYBACK) | 1792 (1 << CEC_LOG_ADDR_TYPE_RECORD)))) { 1793 dprintk(1, "an audiosystem/TV can only be combined with record or playback\n"); 1794 return -EINVAL; 1795 } 1796 } 1797 } 1798 1799 /* Zero unused LAs */ 1800 for (i = log_addrs->num_log_addrs; i < CEC_MAX_LOG_ADDRS; i++) { 1801 log_addrs->primary_device_type[i] = 0; 1802 log_addrs->log_addr_type[i] = 0; 1803 log_addrs->all_device_types[i] = 0; 1804 memset(log_addrs->features[i], 0, 1805 sizeof(log_addrs->features[i])); 1806 } 1807 1808 log_addrs->log_addr_mask = adap->log_addrs.log_addr_mask; 1809 adap->log_addrs = *log_addrs; 1810 if (adap->phys_addr != CEC_PHYS_ADDR_INVALID) 1811 cec_claim_log_addrs(adap, block); 1812 return 0; 1813 } 1814 1815 int cec_s_log_addrs(struct cec_adapter *adap, 1816 struct cec_log_addrs *log_addrs, bool block) 1817 { 1818 int err; 1819 1820 mutex_lock(&adap->lock); 1821 err = __cec_s_log_addrs(adap, log_addrs, block); 1822 mutex_unlock(&adap->lock); 1823 return err; 1824 } 1825 EXPORT_SYMBOL_GPL(cec_s_log_addrs); 1826 1827 /* High-level core CEC message handling */ 1828 1829 /* Fill in the Report Features message */ 1830 static void cec_fill_msg_report_features(struct cec_adapter *adap, 1831 struct cec_msg *msg, 1832 unsigned int la_idx) 1833 { 1834 const struct cec_log_addrs *las = &adap->log_addrs; 1835 const u8 *features = las->features[la_idx]; 1836 bool op_is_dev_features = false; 1837 unsigned int idx; 1838 1839 /* Report Features */ 1840 msg->msg[0] = (las->log_addr[la_idx] << 4) | 0x0f; 1841 msg->len = 4; 1842 msg->msg[1] = CEC_MSG_REPORT_FEATURES; 1843 msg->msg[2] = adap->log_addrs.cec_version; 1844 msg->msg[3] = las->all_device_types[la_idx]; 1845 1846 /* Write RC Profiles first, then Device Features */ 1847 for (idx = 0; idx < ARRAY_SIZE(las->features[0]); idx++) { 1848 msg->msg[msg->len++] = features[idx]; 1849 if ((features[idx] & CEC_OP_FEAT_EXT) == 0) { 1850 if (op_is_dev_features) 1851 break; 1852 op_is_dev_features = true; 1853 } 1854 } 1855 } 1856 1857 /* Transmit the Feature Abort message */ 1858 static int cec_feature_abort_reason(struct cec_adapter *adap, 1859 struct cec_msg *msg, u8 reason) 1860 { 1861 struct cec_msg tx_msg = { }; 1862 1863 /* 1864 * Don't reply with CEC_MSG_FEATURE_ABORT to a CEC_MSG_FEATURE_ABORT 1865 * message! 1866 */ 1867 if (msg->msg[1] == CEC_MSG_FEATURE_ABORT) 1868 return 0; 1869 /* Don't Feature Abort messages from 'Unregistered' */ 1870 if (cec_msg_initiator(msg) == CEC_LOG_ADDR_UNREGISTERED) 1871 return 0; 1872 cec_msg_set_reply_to(&tx_msg, msg); 1873 cec_msg_feature_abort(&tx_msg, msg->msg[1], reason); 1874 return cec_transmit_msg(adap, &tx_msg, false); 1875 } 1876 1877 static int cec_feature_abort(struct cec_adapter *adap, struct cec_msg *msg) 1878 { 1879 return cec_feature_abort_reason(adap, msg, 1880 CEC_OP_ABORT_UNRECOGNIZED_OP); 1881 } 1882 1883 static int cec_feature_refused(struct cec_adapter *adap, struct cec_msg *msg) 1884 { 1885 return cec_feature_abort_reason(adap, msg, 1886 CEC_OP_ABORT_REFUSED); 1887 } 1888 1889 /* 1890 * Called when a CEC message is received. This function will do any 1891 * necessary core processing. The is_reply bool is true if this message 1892 * is a reply to an earlier transmit. 1893 * 1894 * The message is either a broadcast message or a valid directed message. 1895 */ 1896 static int cec_receive_notify(struct cec_adapter *adap, struct cec_msg *msg, 1897 bool is_reply) 1898 { 1899 bool is_broadcast = cec_msg_is_broadcast(msg); 1900 u8 dest_laddr = cec_msg_destination(msg); 1901 u8 init_laddr = cec_msg_initiator(msg); 1902 u8 devtype = cec_log_addr2dev(adap, dest_laddr); 1903 int la_idx = cec_log_addr2idx(adap, dest_laddr); 1904 bool from_unregistered = init_laddr == 0xf; 1905 struct cec_msg tx_cec_msg = { }; 1906 1907 dprintk(2, "%s: %*ph\n", __func__, msg->len, msg->msg); 1908 1909 /* If this is a CDC-Only device, then ignore any non-CDC messages */ 1910 if (cec_is_cdc_only(&adap->log_addrs) && 1911 msg->msg[1] != CEC_MSG_CDC_MESSAGE) 1912 return 0; 1913 1914 if (adap->ops->received) { 1915 /* Allow drivers to process the message first */ 1916 if (adap->ops->received(adap, msg) != -ENOMSG) 1917 return 0; 1918 } 1919 1920 /* 1921 * REPORT_PHYSICAL_ADDR, CEC_MSG_USER_CONTROL_PRESSED and 1922 * CEC_MSG_USER_CONTROL_RELEASED messages always have to be 1923 * handled by the CEC core, even if the passthrough mode is on. 1924 * The others are just ignored if passthrough mode is on. 1925 */ 1926 switch (msg->msg[1]) { 1927 case CEC_MSG_GET_CEC_VERSION: 1928 case CEC_MSG_ABORT: 1929 case CEC_MSG_GIVE_DEVICE_POWER_STATUS: 1930 case CEC_MSG_GIVE_OSD_NAME: 1931 /* 1932 * These messages reply with a directed message, so ignore if 1933 * the initiator is Unregistered. 1934 */ 1935 if (!adap->passthrough && from_unregistered) 1936 return 0; 1937 fallthrough; 1938 case CEC_MSG_GIVE_DEVICE_VENDOR_ID: 1939 case CEC_MSG_GIVE_FEATURES: 1940 case CEC_MSG_GIVE_PHYSICAL_ADDR: 1941 /* 1942 * Skip processing these messages if the passthrough mode 1943 * is on. 1944 */ 1945 if (adap->passthrough) 1946 goto skip_processing; 1947 /* Ignore if addressing is wrong */ 1948 if (is_broadcast) 1949 return 0; 1950 break; 1951 1952 case CEC_MSG_USER_CONTROL_PRESSED: 1953 case CEC_MSG_USER_CONTROL_RELEASED: 1954 /* Wrong addressing mode: don't process */ 1955 if (is_broadcast || from_unregistered) 1956 goto skip_processing; 1957 break; 1958 1959 case CEC_MSG_REPORT_PHYSICAL_ADDR: 1960 /* 1961 * This message is always processed, regardless of the 1962 * passthrough setting. 1963 * 1964 * Exception: don't process if wrong addressing mode. 1965 */ 1966 if (!is_broadcast) 1967 goto skip_processing; 1968 break; 1969 1970 default: 1971 break; 1972 } 1973 1974 cec_msg_set_reply_to(&tx_cec_msg, msg); 1975 1976 switch (msg->msg[1]) { 1977 /* The following messages are processed but still passed through */ 1978 case CEC_MSG_REPORT_PHYSICAL_ADDR: { 1979 u16 pa = (msg->msg[2] << 8) | msg->msg[3]; 1980 1981 dprintk(1, "reported physical address %x.%x.%x.%x for logical address %d\n", 1982 cec_phys_addr_exp(pa), init_laddr); 1983 break; 1984 } 1985 1986 case CEC_MSG_USER_CONTROL_PRESSED: 1987 if (!(adap->capabilities & CEC_CAP_RC) || 1988 !(adap->log_addrs.flags & CEC_LOG_ADDRS_FL_ALLOW_RC_PASSTHRU)) 1989 break; 1990 1991 #ifdef CONFIG_MEDIA_CEC_RC 1992 switch (msg->msg[2]) { 1993 /* 1994 * Play function, this message can have variable length 1995 * depending on the specific play function that is used. 1996 */ 1997 case CEC_OP_UI_CMD_PLAY_FUNCTION: 1998 if (msg->len == 2) 1999 rc_keydown(adap->rc, RC_PROTO_CEC, 2000 msg->msg[2], 0); 2001 else 2002 rc_keydown(adap->rc, RC_PROTO_CEC, 2003 msg->msg[2] << 8 | msg->msg[3], 0); 2004 break; 2005 /* 2006 * Other function messages that are not handled. 2007 * Currently the RC framework does not allow to supply an 2008 * additional parameter to a keypress. These "keys" contain 2009 * other information such as channel number, an input number 2010 * etc. 2011 * For the time being these messages are not processed by the 2012 * framework and are simply forwarded to the user space. 2013 */ 2014 case CEC_OP_UI_CMD_SELECT_BROADCAST_TYPE: 2015 case CEC_OP_UI_CMD_SELECT_SOUND_PRESENTATION: 2016 case CEC_OP_UI_CMD_TUNE_FUNCTION: 2017 case CEC_OP_UI_CMD_SELECT_MEDIA_FUNCTION: 2018 case CEC_OP_UI_CMD_SELECT_AV_INPUT_FUNCTION: 2019 case CEC_OP_UI_CMD_SELECT_AUDIO_INPUT_FUNCTION: 2020 break; 2021 default: 2022 rc_keydown(adap->rc, RC_PROTO_CEC, msg->msg[2], 0); 2023 break; 2024 } 2025 #endif 2026 break; 2027 2028 case CEC_MSG_USER_CONTROL_RELEASED: 2029 if (!(adap->capabilities & CEC_CAP_RC) || 2030 !(adap->log_addrs.flags & CEC_LOG_ADDRS_FL_ALLOW_RC_PASSTHRU)) 2031 break; 2032 #ifdef CONFIG_MEDIA_CEC_RC 2033 rc_keyup(adap->rc); 2034 #endif 2035 break; 2036 2037 /* 2038 * The remaining messages are only processed if the passthrough mode 2039 * is off. 2040 */ 2041 case CEC_MSG_GET_CEC_VERSION: 2042 cec_msg_cec_version(&tx_cec_msg, adap->log_addrs.cec_version); 2043 return cec_transmit_msg(adap, &tx_cec_msg, false); 2044 2045 case CEC_MSG_GIVE_PHYSICAL_ADDR: 2046 /* Do nothing for CEC switches using addr 15 */ 2047 if (devtype == CEC_OP_PRIM_DEVTYPE_SWITCH && dest_laddr == 15) 2048 return 0; 2049 cec_msg_report_physical_addr(&tx_cec_msg, adap->phys_addr, devtype); 2050 return cec_transmit_msg(adap, &tx_cec_msg, false); 2051 2052 case CEC_MSG_GIVE_DEVICE_VENDOR_ID: 2053 if (adap->log_addrs.vendor_id == CEC_VENDOR_ID_NONE) 2054 return cec_feature_abort(adap, msg); 2055 cec_msg_device_vendor_id(&tx_cec_msg, adap->log_addrs.vendor_id); 2056 return cec_transmit_msg(adap, &tx_cec_msg, false); 2057 2058 case CEC_MSG_ABORT: 2059 /* Do nothing for CEC switches */ 2060 if (devtype == CEC_OP_PRIM_DEVTYPE_SWITCH) 2061 return 0; 2062 return cec_feature_refused(adap, msg); 2063 2064 case CEC_MSG_GIVE_OSD_NAME: { 2065 if (adap->log_addrs.osd_name[0] == 0) 2066 return cec_feature_abort(adap, msg); 2067 cec_msg_set_osd_name(&tx_cec_msg, adap->log_addrs.osd_name); 2068 return cec_transmit_msg(adap, &tx_cec_msg, false); 2069 } 2070 2071 case CEC_MSG_GIVE_FEATURES: 2072 if (adap->log_addrs.cec_version < CEC_OP_CEC_VERSION_2_0) 2073 return cec_feature_abort(adap, msg); 2074 cec_fill_msg_report_features(adap, &tx_cec_msg, la_idx); 2075 return cec_transmit_msg(adap, &tx_cec_msg, false); 2076 2077 default: 2078 /* 2079 * Unprocessed messages are aborted if userspace isn't doing 2080 * any processing either. 2081 */ 2082 if (!is_broadcast && !is_reply && !adap->follower_cnt && 2083 !adap->cec_follower && msg->msg[1] != CEC_MSG_FEATURE_ABORT) 2084 return cec_feature_abort(adap, msg); 2085 break; 2086 } 2087 2088 skip_processing: 2089 /* If this was a reply, then we're done, unless otherwise specified */ 2090 if (is_reply && !(msg->flags & CEC_MSG_FL_REPLY_TO_FOLLOWERS)) 2091 return 0; 2092 2093 /* 2094 * Send to the exclusive follower if there is one, otherwise send 2095 * to all followers. 2096 */ 2097 if (adap->cec_follower) 2098 cec_queue_msg_fh(adap->cec_follower, msg); 2099 else 2100 cec_queue_msg_followers(adap, msg); 2101 return 0; 2102 } 2103 2104 /* 2105 * Helper functions to keep track of the 'monitor all' use count. 2106 * 2107 * These functions are called with adap->lock held. 2108 */ 2109 int cec_monitor_all_cnt_inc(struct cec_adapter *adap) 2110 { 2111 int ret = 0; 2112 2113 if (adap->monitor_all_cnt == 0) 2114 ret = call_op(adap, adap_monitor_all_enable, 1); 2115 if (ret == 0) 2116 adap->monitor_all_cnt++; 2117 return ret; 2118 } 2119 2120 void cec_monitor_all_cnt_dec(struct cec_adapter *adap) 2121 { 2122 adap->monitor_all_cnt--; 2123 if (adap->monitor_all_cnt == 0) 2124 WARN_ON(call_op(adap, adap_monitor_all_enable, 0)); 2125 } 2126 2127 /* 2128 * Helper functions to keep track of the 'monitor pin' use count. 2129 * 2130 * These functions are called with adap->lock held. 2131 */ 2132 int cec_monitor_pin_cnt_inc(struct cec_adapter *adap) 2133 { 2134 int ret = 0; 2135 2136 if (adap->monitor_pin_cnt == 0) 2137 ret = call_op(adap, adap_monitor_pin_enable, 1); 2138 if (ret == 0) 2139 adap->monitor_pin_cnt++; 2140 return ret; 2141 } 2142 2143 void cec_monitor_pin_cnt_dec(struct cec_adapter *adap) 2144 { 2145 adap->monitor_pin_cnt--; 2146 if (adap->monitor_pin_cnt == 0) 2147 WARN_ON(call_op(adap, adap_monitor_pin_enable, 0)); 2148 } 2149 2150 #ifdef CONFIG_DEBUG_FS 2151 /* 2152 * Log the current state of the CEC adapter. 2153 * Very useful for debugging. 2154 */ 2155 int cec_adap_status(struct seq_file *file, void *priv) 2156 { 2157 struct cec_adapter *adap = dev_get_drvdata(file->private); 2158 struct cec_data *data; 2159 2160 mutex_lock(&adap->lock); 2161 seq_printf(file, "configured: %d\n", adap->is_configured); 2162 seq_printf(file, "configuring: %d\n", adap->is_configuring); 2163 seq_printf(file, "phys_addr: %x.%x.%x.%x\n", 2164 cec_phys_addr_exp(adap->phys_addr)); 2165 seq_printf(file, "number of LAs: %d\n", adap->log_addrs.num_log_addrs); 2166 seq_printf(file, "LA mask: 0x%04x\n", adap->log_addrs.log_addr_mask); 2167 if (adap->cec_follower) 2168 seq_printf(file, "has CEC follower%s\n", 2169 adap->passthrough ? " (in passthrough mode)" : ""); 2170 if (adap->cec_initiator) 2171 seq_puts(file, "has CEC initiator\n"); 2172 if (adap->monitor_all_cnt) 2173 seq_printf(file, "file handles in Monitor All mode: %u\n", 2174 adap->monitor_all_cnt); 2175 if (adap->tx_timeouts) { 2176 seq_printf(file, "transmit timeouts: %u\n", 2177 adap->tx_timeouts); 2178 adap->tx_timeouts = 0; 2179 } 2180 data = adap->transmitting; 2181 if (data) 2182 seq_printf(file, "transmitting message: %*ph (reply: %02x, timeout: %ums)\n", 2183 data->msg.len, data->msg.msg, data->msg.reply, 2184 data->msg.timeout); 2185 seq_printf(file, "pending transmits: %u\n", adap->transmit_queue_sz); 2186 list_for_each_entry(data, &adap->transmit_queue, list) { 2187 seq_printf(file, "queued tx message: %*ph (reply: %02x, timeout: %ums)\n", 2188 data->msg.len, data->msg.msg, data->msg.reply, 2189 data->msg.timeout); 2190 } 2191 list_for_each_entry(data, &adap->wait_queue, list) { 2192 seq_printf(file, "message waiting for reply: %*ph (reply: %02x, timeout: %ums)\n", 2193 data->msg.len, data->msg.msg, data->msg.reply, 2194 data->msg.timeout); 2195 } 2196 2197 call_void_op(adap, adap_status, file); 2198 mutex_unlock(&adap->lock); 2199 return 0; 2200 } 2201 #endif 2202