1 // SPDX-License-Identifier: GPL-2.0 2 // Copyright (c) 2011-2018, The Linux Foundation. All rights reserved. 3 // Copyright (c) 2018, Linaro Limited 4 5 #include <linux/completion.h> 6 #include <linux/device.h> 7 #include <linux/dma-buf.h> 8 #include <linux/dma-mapping.h> 9 #include <linux/dma-resv.h> 10 #include <linux/idr.h> 11 #include <linux/list.h> 12 #include <linux/miscdevice.h> 13 #include <linux/module.h> 14 #include <linux/of_address.h> 15 #include <linux/of.h> 16 #include <linux/sort.h> 17 #include <linux/of_platform.h> 18 #include <linux/rpmsg.h> 19 #include <linux/scatterlist.h> 20 #include <linux/slab.h> 21 #include <linux/qcom_scm.h> 22 #include <uapi/misc/fastrpc.h> 23 24 #define ADSP_DOMAIN_ID (0) 25 #define MDSP_DOMAIN_ID (1) 26 #define SDSP_DOMAIN_ID (2) 27 #define CDSP_DOMAIN_ID (3) 28 #define FASTRPC_DEV_MAX 4 /* adsp, mdsp, slpi, cdsp*/ 29 #define FASTRPC_MAX_SESSIONS 14 30 #define FASTRPC_MAX_VMIDS 16 31 #define FASTRPC_ALIGN 128 32 #define FASTRPC_MAX_FDLIST 16 33 #define FASTRPC_MAX_CRCLIST 64 34 #define FASTRPC_PHYS(p) ((p) & 0xffffffff) 35 #define FASTRPC_CTX_MAX (256) 36 #define FASTRPC_INIT_HANDLE 1 37 #define FASTRPC_DSP_UTILITIES_HANDLE 2 38 #define FASTRPC_CTXID_MASK (0xFF0) 39 #define INIT_FILELEN_MAX (2 * 1024 * 1024) 40 #define FASTRPC_DEVICE_NAME "fastrpc" 41 #define ADSP_MMAP_ADD_PAGES 0x1000 42 #define DSP_UNSUPPORTED_API (0x80000414) 43 /* MAX NUMBER of DSP ATTRIBUTES SUPPORTED */ 44 #define FASTRPC_MAX_DSP_ATTRIBUTES (256) 45 #define FASTRPC_MAX_DSP_ATTRIBUTES_LEN (sizeof(u32) * FASTRPC_MAX_DSP_ATTRIBUTES) 46 47 /* Retrives number of input buffers from the scalars parameter */ 48 #define REMOTE_SCALARS_INBUFS(sc) (((sc) >> 16) & 0x0ff) 49 50 /* Retrives number of output buffers from the scalars parameter */ 51 #define REMOTE_SCALARS_OUTBUFS(sc) (((sc) >> 8) & 0x0ff) 52 53 /* Retrives number of input handles from the scalars parameter */ 54 #define REMOTE_SCALARS_INHANDLES(sc) (((sc) >> 4) & 0x0f) 55 56 /* Retrives number of output handles from the scalars parameter */ 57 #define REMOTE_SCALARS_OUTHANDLES(sc) ((sc) & 0x0f) 58 59 #define REMOTE_SCALARS_LENGTH(sc) (REMOTE_SCALARS_INBUFS(sc) + \ 60 REMOTE_SCALARS_OUTBUFS(sc) + \ 61 REMOTE_SCALARS_INHANDLES(sc)+ \ 62 REMOTE_SCALARS_OUTHANDLES(sc)) 63 #define FASTRPC_BUILD_SCALARS(attr, method, in, out, oin, oout) \ 64 (((attr & 0x07) << 29) | \ 65 ((method & 0x1f) << 24) | \ 66 ((in & 0xff) << 16) | \ 67 ((out & 0xff) << 8) | \ 68 ((oin & 0x0f) << 4) | \ 69 (oout & 0x0f)) 70 71 #define FASTRPC_SCALARS(method, in, out) \ 72 FASTRPC_BUILD_SCALARS(0, method, in, out, 0, 0) 73 74 #define FASTRPC_CREATE_PROCESS_NARGS 6 75 /* Remote Method id table */ 76 #define FASTRPC_RMID_INIT_ATTACH 0 77 #define FASTRPC_RMID_INIT_RELEASE 1 78 #define FASTRPC_RMID_INIT_MMAP 4 79 #define FASTRPC_RMID_INIT_MUNMAP 5 80 #define FASTRPC_RMID_INIT_CREATE 6 81 #define FASTRPC_RMID_INIT_CREATE_ATTR 7 82 #define FASTRPC_RMID_INIT_CREATE_STATIC 8 83 #define FASTRPC_RMID_INIT_MEM_MAP 10 84 #define FASTRPC_RMID_INIT_MEM_UNMAP 11 85 86 /* Protection Domain(PD) ids */ 87 #define AUDIO_PD (0) /* also GUEST_OS PD? */ 88 #define USER_PD (1) 89 #define SENSORS_PD (2) 90 91 #define miscdev_to_fdevice(d) container_of(d, struct fastrpc_device, miscdev) 92 93 static const char *domains[FASTRPC_DEV_MAX] = { "adsp", "mdsp", 94 "sdsp", "cdsp"}; 95 struct fastrpc_phy_page { 96 u64 addr; /* physical address */ 97 u64 size; /* size of contiguous region */ 98 }; 99 100 struct fastrpc_invoke_buf { 101 u32 num; /* number of contiguous regions */ 102 u32 pgidx; /* index to start of contiguous region */ 103 }; 104 105 struct fastrpc_remote_dmahandle { 106 s32 fd; /* dma handle fd */ 107 u32 offset; /* dma handle offset */ 108 u32 len; /* dma handle length */ 109 }; 110 111 struct fastrpc_remote_buf { 112 u64 pv; /* buffer pointer */ 113 u64 len; /* length of buffer */ 114 }; 115 116 union fastrpc_remote_arg { 117 struct fastrpc_remote_buf buf; 118 struct fastrpc_remote_dmahandle dma; 119 }; 120 121 struct fastrpc_mmap_rsp_msg { 122 u64 vaddr; 123 }; 124 125 struct fastrpc_mmap_req_msg { 126 s32 pgid; 127 u32 flags; 128 u64 vaddr; 129 s32 num; 130 }; 131 132 struct fastrpc_mem_map_req_msg { 133 s32 pgid; 134 s32 fd; 135 s32 offset; 136 u32 flags; 137 u64 vaddrin; 138 s32 num; 139 s32 data_len; 140 }; 141 142 struct fastrpc_munmap_req_msg { 143 s32 pgid; 144 u64 vaddr; 145 u64 size; 146 }; 147 148 struct fastrpc_mem_unmap_req_msg { 149 s32 pgid; 150 s32 fd; 151 u64 vaddrin; 152 u64 len; 153 }; 154 155 struct fastrpc_msg { 156 int pid; /* process group id */ 157 int tid; /* thread id */ 158 u64 ctx; /* invoke caller context */ 159 u32 handle; /* handle to invoke */ 160 u32 sc; /* scalars structure describing the data */ 161 u64 addr; /* physical address */ 162 u64 size; /* size of contiguous region */ 163 }; 164 165 struct fastrpc_invoke_rsp { 166 u64 ctx; /* invoke caller context */ 167 int retval; /* invoke return value */ 168 }; 169 170 struct fastrpc_buf_overlap { 171 u64 start; 172 u64 end; 173 int raix; 174 u64 mstart; 175 u64 mend; 176 u64 offset; 177 }; 178 179 struct fastrpc_buf { 180 struct fastrpc_user *fl; 181 struct dma_buf *dmabuf; 182 struct device *dev; 183 void *virt; 184 u64 phys; 185 u64 size; 186 /* Lock for dma buf attachments */ 187 struct mutex lock; 188 struct list_head attachments; 189 /* mmap support */ 190 struct list_head node; /* list of user requested mmaps */ 191 uintptr_t raddr; 192 }; 193 194 struct fastrpc_dma_buf_attachment { 195 struct device *dev; 196 struct sg_table sgt; 197 struct list_head node; 198 }; 199 200 struct fastrpc_map { 201 struct list_head node; 202 struct fastrpc_user *fl; 203 int fd; 204 struct dma_buf *buf; 205 struct sg_table *table; 206 struct dma_buf_attachment *attach; 207 u64 phys; 208 u64 size; 209 void *va; 210 u64 len; 211 u64 raddr; 212 u32 attr; 213 struct kref refcount; 214 }; 215 216 struct fastrpc_invoke_ctx { 217 int nscalars; 218 int nbufs; 219 int retval; 220 int pid; 221 int tgid; 222 u32 sc; 223 u32 *crc; 224 u64 ctxid; 225 u64 msg_sz; 226 struct kref refcount; 227 struct list_head node; /* list of ctxs */ 228 struct completion work; 229 struct work_struct put_work; 230 struct fastrpc_msg msg; 231 struct fastrpc_user *fl; 232 union fastrpc_remote_arg *rpra; 233 struct fastrpc_map **maps; 234 struct fastrpc_buf *buf; 235 struct fastrpc_invoke_args *args; 236 struct fastrpc_buf_overlap *olaps; 237 struct fastrpc_channel_ctx *cctx; 238 }; 239 240 struct fastrpc_session_ctx { 241 struct device *dev; 242 int sid; 243 bool used; 244 bool valid; 245 }; 246 247 struct fastrpc_channel_ctx { 248 int domain_id; 249 int sesscount; 250 int vmcount; 251 u32 perms; 252 struct qcom_scm_vmperm vmperms[FASTRPC_MAX_VMIDS]; 253 struct rpmsg_device *rpdev; 254 struct fastrpc_session_ctx session[FASTRPC_MAX_SESSIONS]; 255 spinlock_t lock; 256 struct idr ctx_idr; 257 struct list_head users; 258 struct kref refcount; 259 /* Flag if dsp attributes are cached */ 260 bool valid_attributes; 261 u32 dsp_attributes[FASTRPC_MAX_DSP_ATTRIBUTES]; 262 struct fastrpc_device *secure_fdevice; 263 struct fastrpc_device *fdevice; 264 bool secure; 265 bool unsigned_support; 266 }; 267 268 struct fastrpc_device { 269 struct fastrpc_channel_ctx *cctx; 270 struct miscdevice miscdev; 271 bool secure; 272 }; 273 274 struct fastrpc_user { 275 struct list_head user; 276 struct list_head maps; 277 struct list_head pending; 278 struct list_head mmaps; 279 280 struct fastrpc_channel_ctx *cctx; 281 struct fastrpc_session_ctx *sctx; 282 struct fastrpc_buf *init_mem; 283 284 int tgid; 285 int pd; 286 bool is_secure_dev; 287 /* Lock for lists */ 288 spinlock_t lock; 289 /* lock for allocations */ 290 struct mutex mutex; 291 }; 292 293 static void fastrpc_free_map(struct kref *ref) 294 { 295 struct fastrpc_map *map; 296 297 map = container_of(ref, struct fastrpc_map, refcount); 298 299 if (map->table) { 300 if (map->attr & FASTRPC_ATTR_SECUREMAP) { 301 struct qcom_scm_vmperm perm; 302 int err = 0; 303 304 perm.vmid = QCOM_SCM_VMID_HLOS; 305 perm.perm = QCOM_SCM_PERM_RWX; 306 err = qcom_scm_assign_mem(map->phys, map->size, 307 &(map->fl->cctx->vmperms[0].vmid), &perm, 1); 308 if (err) { 309 dev_err(map->fl->sctx->dev, "Failed to assign memory phys 0x%llx size 0x%llx err %d", 310 map->phys, map->size, err); 311 return; 312 } 313 } 314 dma_buf_unmap_attachment_unlocked(map->attach, map->table, 315 DMA_BIDIRECTIONAL); 316 dma_buf_detach(map->buf, map->attach); 317 dma_buf_put(map->buf); 318 } 319 320 kfree(map); 321 } 322 323 static void fastrpc_map_put(struct fastrpc_map *map) 324 { 325 if (map) 326 kref_put(&map->refcount, fastrpc_free_map); 327 } 328 329 static void fastrpc_map_get(struct fastrpc_map *map) 330 { 331 if (map) 332 kref_get(&map->refcount); 333 } 334 335 336 static int fastrpc_map_lookup(struct fastrpc_user *fl, int fd, 337 struct fastrpc_map **ppmap) 338 { 339 struct fastrpc_map *map = NULL; 340 341 mutex_lock(&fl->mutex); 342 list_for_each_entry(map, &fl->maps, node) { 343 if (map->fd == fd) { 344 *ppmap = map; 345 mutex_unlock(&fl->mutex); 346 return 0; 347 } 348 } 349 mutex_unlock(&fl->mutex); 350 351 return -ENOENT; 352 } 353 354 static int fastrpc_map_find(struct fastrpc_user *fl, int fd, 355 struct fastrpc_map **ppmap) 356 { 357 int ret = fastrpc_map_lookup(fl, fd, ppmap); 358 359 if (!ret) 360 fastrpc_map_get(*ppmap); 361 362 return ret; 363 } 364 365 static void fastrpc_buf_free(struct fastrpc_buf *buf) 366 { 367 dma_free_coherent(buf->dev, buf->size, buf->virt, 368 FASTRPC_PHYS(buf->phys)); 369 kfree(buf); 370 } 371 372 static int fastrpc_buf_alloc(struct fastrpc_user *fl, struct device *dev, 373 u64 size, struct fastrpc_buf **obuf) 374 { 375 struct fastrpc_buf *buf; 376 377 buf = kzalloc(sizeof(*buf), GFP_KERNEL); 378 if (!buf) 379 return -ENOMEM; 380 381 INIT_LIST_HEAD(&buf->attachments); 382 INIT_LIST_HEAD(&buf->node); 383 mutex_init(&buf->lock); 384 385 buf->fl = fl; 386 buf->virt = NULL; 387 buf->phys = 0; 388 buf->size = size; 389 buf->dev = dev; 390 buf->raddr = 0; 391 392 buf->virt = dma_alloc_coherent(dev, buf->size, (dma_addr_t *)&buf->phys, 393 GFP_KERNEL); 394 if (!buf->virt) { 395 mutex_destroy(&buf->lock); 396 kfree(buf); 397 return -ENOMEM; 398 } 399 400 if (fl->sctx && fl->sctx->sid) 401 buf->phys += ((u64)fl->sctx->sid << 32); 402 403 *obuf = buf; 404 405 return 0; 406 } 407 408 static void fastrpc_channel_ctx_free(struct kref *ref) 409 { 410 struct fastrpc_channel_ctx *cctx; 411 412 cctx = container_of(ref, struct fastrpc_channel_ctx, refcount); 413 414 kfree(cctx); 415 } 416 417 static void fastrpc_channel_ctx_get(struct fastrpc_channel_ctx *cctx) 418 { 419 kref_get(&cctx->refcount); 420 } 421 422 static void fastrpc_channel_ctx_put(struct fastrpc_channel_ctx *cctx) 423 { 424 kref_put(&cctx->refcount, fastrpc_channel_ctx_free); 425 } 426 427 static void fastrpc_context_free(struct kref *ref) 428 { 429 struct fastrpc_invoke_ctx *ctx; 430 struct fastrpc_channel_ctx *cctx; 431 unsigned long flags; 432 int i; 433 434 ctx = container_of(ref, struct fastrpc_invoke_ctx, refcount); 435 cctx = ctx->cctx; 436 437 for (i = 0; i < ctx->nbufs; i++) 438 fastrpc_map_put(ctx->maps[i]); 439 440 if (ctx->buf) 441 fastrpc_buf_free(ctx->buf); 442 443 spin_lock_irqsave(&cctx->lock, flags); 444 idr_remove(&cctx->ctx_idr, ctx->ctxid >> 4); 445 spin_unlock_irqrestore(&cctx->lock, flags); 446 447 kfree(ctx->maps); 448 kfree(ctx->olaps); 449 kfree(ctx); 450 451 fastrpc_channel_ctx_put(cctx); 452 } 453 454 static void fastrpc_context_get(struct fastrpc_invoke_ctx *ctx) 455 { 456 kref_get(&ctx->refcount); 457 } 458 459 static void fastrpc_context_put(struct fastrpc_invoke_ctx *ctx) 460 { 461 kref_put(&ctx->refcount, fastrpc_context_free); 462 } 463 464 static void fastrpc_context_put_wq(struct work_struct *work) 465 { 466 struct fastrpc_invoke_ctx *ctx = 467 container_of(work, struct fastrpc_invoke_ctx, put_work); 468 469 fastrpc_context_put(ctx); 470 } 471 472 #define CMP(aa, bb) ((aa) == (bb) ? 0 : (aa) < (bb) ? -1 : 1) 473 static int olaps_cmp(const void *a, const void *b) 474 { 475 struct fastrpc_buf_overlap *pa = (struct fastrpc_buf_overlap *)a; 476 struct fastrpc_buf_overlap *pb = (struct fastrpc_buf_overlap *)b; 477 /* sort with lowest starting buffer first */ 478 int st = CMP(pa->start, pb->start); 479 /* sort with highest ending buffer first */ 480 int ed = CMP(pb->end, pa->end); 481 482 return st == 0 ? ed : st; 483 } 484 485 static void fastrpc_get_buff_overlaps(struct fastrpc_invoke_ctx *ctx) 486 { 487 u64 max_end = 0; 488 int i; 489 490 for (i = 0; i < ctx->nbufs; ++i) { 491 ctx->olaps[i].start = ctx->args[i].ptr; 492 ctx->olaps[i].end = ctx->olaps[i].start + ctx->args[i].length; 493 ctx->olaps[i].raix = i; 494 } 495 496 sort(ctx->olaps, ctx->nbufs, sizeof(*ctx->olaps), olaps_cmp, NULL); 497 498 for (i = 0; i < ctx->nbufs; ++i) { 499 /* Falling inside previous range */ 500 if (ctx->olaps[i].start < max_end) { 501 ctx->olaps[i].mstart = max_end; 502 ctx->olaps[i].mend = ctx->olaps[i].end; 503 ctx->olaps[i].offset = max_end - ctx->olaps[i].start; 504 505 if (ctx->olaps[i].end > max_end) { 506 max_end = ctx->olaps[i].end; 507 } else { 508 ctx->olaps[i].mend = 0; 509 ctx->olaps[i].mstart = 0; 510 } 511 512 } else { 513 ctx->olaps[i].mend = ctx->olaps[i].end; 514 ctx->olaps[i].mstart = ctx->olaps[i].start; 515 ctx->olaps[i].offset = 0; 516 max_end = ctx->olaps[i].end; 517 } 518 } 519 } 520 521 static struct fastrpc_invoke_ctx *fastrpc_context_alloc( 522 struct fastrpc_user *user, u32 kernel, u32 sc, 523 struct fastrpc_invoke_args *args) 524 { 525 struct fastrpc_channel_ctx *cctx = user->cctx; 526 struct fastrpc_invoke_ctx *ctx = NULL; 527 unsigned long flags; 528 int ret; 529 530 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL); 531 if (!ctx) 532 return ERR_PTR(-ENOMEM); 533 534 INIT_LIST_HEAD(&ctx->node); 535 ctx->fl = user; 536 ctx->nscalars = REMOTE_SCALARS_LENGTH(sc); 537 ctx->nbufs = REMOTE_SCALARS_INBUFS(sc) + 538 REMOTE_SCALARS_OUTBUFS(sc); 539 540 if (ctx->nscalars) { 541 ctx->maps = kcalloc(ctx->nscalars, 542 sizeof(*ctx->maps), GFP_KERNEL); 543 if (!ctx->maps) { 544 kfree(ctx); 545 return ERR_PTR(-ENOMEM); 546 } 547 ctx->olaps = kcalloc(ctx->nscalars, 548 sizeof(*ctx->olaps), GFP_KERNEL); 549 if (!ctx->olaps) { 550 kfree(ctx->maps); 551 kfree(ctx); 552 return ERR_PTR(-ENOMEM); 553 } 554 ctx->args = args; 555 fastrpc_get_buff_overlaps(ctx); 556 } 557 558 /* Released in fastrpc_context_put() */ 559 fastrpc_channel_ctx_get(cctx); 560 561 ctx->sc = sc; 562 ctx->retval = -1; 563 ctx->pid = current->pid; 564 ctx->tgid = user->tgid; 565 ctx->cctx = cctx; 566 init_completion(&ctx->work); 567 INIT_WORK(&ctx->put_work, fastrpc_context_put_wq); 568 569 spin_lock(&user->lock); 570 list_add_tail(&ctx->node, &user->pending); 571 spin_unlock(&user->lock); 572 573 spin_lock_irqsave(&cctx->lock, flags); 574 ret = idr_alloc_cyclic(&cctx->ctx_idr, ctx, 1, 575 FASTRPC_CTX_MAX, GFP_ATOMIC); 576 if (ret < 0) { 577 spin_unlock_irqrestore(&cctx->lock, flags); 578 goto err_idr; 579 } 580 ctx->ctxid = ret << 4; 581 spin_unlock_irqrestore(&cctx->lock, flags); 582 583 kref_init(&ctx->refcount); 584 585 return ctx; 586 err_idr: 587 spin_lock(&user->lock); 588 list_del(&ctx->node); 589 spin_unlock(&user->lock); 590 fastrpc_channel_ctx_put(cctx); 591 kfree(ctx->maps); 592 kfree(ctx->olaps); 593 kfree(ctx); 594 595 return ERR_PTR(ret); 596 } 597 598 static struct sg_table * 599 fastrpc_map_dma_buf(struct dma_buf_attachment *attachment, 600 enum dma_data_direction dir) 601 { 602 struct fastrpc_dma_buf_attachment *a = attachment->priv; 603 struct sg_table *table; 604 int ret; 605 606 table = &a->sgt; 607 608 ret = dma_map_sgtable(attachment->dev, table, dir, 0); 609 if (ret) 610 table = ERR_PTR(ret); 611 return table; 612 } 613 614 static void fastrpc_unmap_dma_buf(struct dma_buf_attachment *attach, 615 struct sg_table *table, 616 enum dma_data_direction dir) 617 { 618 dma_unmap_sgtable(attach->dev, table, dir, 0); 619 } 620 621 static void fastrpc_release(struct dma_buf *dmabuf) 622 { 623 struct fastrpc_buf *buffer = dmabuf->priv; 624 625 fastrpc_buf_free(buffer); 626 } 627 628 static int fastrpc_dma_buf_attach(struct dma_buf *dmabuf, 629 struct dma_buf_attachment *attachment) 630 { 631 struct fastrpc_dma_buf_attachment *a; 632 struct fastrpc_buf *buffer = dmabuf->priv; 633 int ret; 634 635 a = kzalloc(sizeof(*a), GFP_KERNEL); 636 if (!a) 637 return -ENOMEM; 638 639 ret = dma_get_sgtable(buffer->dev, &a->sgt, buffer->virt, 640 FASTRPC_PHYS(buffer->phys), buffer->size); 641 if (ret < 0) { 642 dev_err(buffer->dev, "failed to get scatterlist from DMA API\n"); 643 kfree(a); 644 return -EINVAL; 645 } 646 647 a->dev = attachment->dev; 648 INIT_LIST_HEAD(&a->node); 649 attachment->priv = a; 650 651 mutex_lock(&buffer->lock); 652 list_add(&a->node, &buffer->attachments); 653 mutex_unlock(&buffer->lock); 654 655 return 0; 656 } 657 658 static void fastrpc_dma_buf_detatch(struct dma_buf *dmabuf, 659 struct dma_buf_attachment *attachment) 660 { 661 struct fastrpc_dma_buf_attachment *a = attachment->priv; 662 struct fastrpc_buf *buffer = dmabuf->priv; 663 664 mutex_lock(&buffer->lock); 665 list_del(&a->node); 666 mutex_unlock(&buffer->lock); 667 sg_free_table(&a->sgt); 668 kfree(a); 669 } 670 671 static int fastrpc_vmap(struct dma_buf *dmabuf, struct iosys_map *map) 672 { 673 struct fastrpc_buf *buf = dmabuf->priv; 674 675 iosys_map_set_vaddr(map, buf->virt); 676 677 return 0; 678 } 679 680 static int fastrpc_mmap(struct dma_buf *dmabuf, 681 struct vm_area_struct *vma) 682 { 683 struct fastrpc_buf *buf = dmabuf->priv; 684 size_t size = vma->vm_end - vma->vm_start; 685 686 dma_resv_assert_held(dmabuf->resv); 687 688 return dma_mmap_coherent(buf->dev, vma, buf->virt, 689 FASTRPC_PHYS(buf->phys), size); 690 } 691 692 static const struct dma_buf_ops fastrpc_dma_buf_ops = { 693 .attach = fastrpc_dma_buf_attach, 694 .detach = fastrpc_dma_buf_detatch, 695 .map_dma_buf = fastrpc_map_dma_buf, 696 .unmap_dma_buf = fastrpc_unmap_dma_buf, 697 .mmap = fastrpc_mmap, 698 .vmap = fastrpc_vmap, 699 .release = fastrpc_release, 700 }; 701 702 static int fastrpc_map_create(struct fastrpc_user *fl, int fd, 703 u64 len, u32 attr, struct fastrpc_map **ppmap) 704 { 705 struct fastrpc_session_ctx *sess = fl->sctx; 706 struct fastrpc_map *map = NULL; 707 int err = 0; 708 709 if (!fastrpc_map_find(fl, fd, ppmap)) 710 return 0; 711 712 map = kzalloc(sizeof(*map), GFP_KERNEL); 713 if (!map) 714 return -ENOMEM; 715 716 INIT_LIST_HEAD(&map->node); 717 map->fl = fl; 718 map->fd = fd; 719 map->buf = dma_buf_get(fd); 720 if (IS_ERR(map->buf)) { 721 err = PTR_ERR(map->buf); 722 goto get_err; 723 } 724 725 map->attach = dma_buf_attach(map->buf, sess->dev); 726 if (IS_ERR(map->attach)) { 727 dev_err(sess->dev, "Failed to attach dmabuf\n"); 728 err = PTR_ERR(map->attach); 729 goto attach_err; 730 } 731 732 map->table = dma_buf_map_attachment_unlocked(map->attach, DMA_BIDIRECTIONAL); 733 if (IS_ERR(map->table)) { 734 err = PTR_ERR(map->table); 735 goto map_err; 736 } 737 738 map->phys = sg_dma_address(map->table->sgl); 739 map->phys += ((u64)fl->sctx->sid << 32); 740 map->size = len; 741 map->va = sg_virt(map->table->sgl); 742 map->len = len; 743 kref_init(&map->refcount); 744 745 if (attr & FASTRPC_ATTR_SECUREMAP) { 746 /* 747 * If subsystem VMIDs are defined in DTSI, then do 748 * hyp_assign from HLOS to those VM(s) 749 */ 750 unsigned int perms = BIT(QCOM_SCM_VMID_HLOS); 751 752 map->attr = attr; 753 err = qcom_scm_assign_mem(map->phys, (u64)map->size, &perms, 754 fl->cctx->vmperms, fl->cctx->vmcount); 755 if (err) { 756 dev_err(sess->dev, "Failed to assign memory with phys 0x%llx size 0x%llx err %d", 757 map->phys, map->size, err); 758 goto map_err; 759 } 760 } 761 spin_lock(&fl->lock); 762 list_add_tail(&map->node, &fl->maps); 763 spin_unlock(&fl->lock); 764 *ppmap = map; 765 766 return 0; 767 768 map_err: 769 dma_buf_detach(map->buf, map->attach); 770 attach_err: 771 dma_buf_put(map->buf); 772 get_err: 773 kfree(map); 774 775 return err; 776 } 777 778 /* 779 * Fastrpc payload buffer with metadata looks like: 780 * 781 * >>>>>> START of METADATA <<<<<<<<< 782 * +---------------------------------+ 783 * | Arguments | 784 * | type:(union fastrpc_remote_arg)| 785 * | (0 - N) | 786 * +---------------------------------+ 787 * | Invoke Buffer list | 788 * | type:(struct fastrpc_invoke_buf)| 789 * | (0 - N) | 790 * +---------------------------------+ 791 * | Page info list | 792 * | type:(struct fastrpc_phy_page) | 793 * | (0 - N) | 794 * +---------------------------------+ 795 * | Optional info | 796 * |(can be specific to SoC/Firmware)| 797 * +---------------------------------+ 798 * >>>>>>>> END of METADATA <<<<<<<<< 799 * +---------------------------------+ 800 * | Inline ARGS | 801 * | (0-N) | 802 * +---------------------------------+ 803 */ 804 805 static int fastrpc_get_meta_size(struct fastrpc_invoke_ctx *ctx) 806 { 807 int size = 0; 808 809 size = (sizeof(struct fastrpc_remote_buf) + 810 sizeof(struct fastrpc_invoke_buf) + 811 sizeof(struct fastrpc_phy_page)) * ctx->nscalars + 812 sizeof(u64) * FASTRPC_MAX_FDLIST + 813 sizeof(u32) * FASTRPC_MAX_CRCLIST; 814 815 return size; 816 } 817 818 static u64 fastrpc_get_payload_size(struct fastrpc_invoke_ctx *ctx, int metalen) 819 { 820 u64 size = 0; 821 int oix; 822 823 size = ALIGN(metalen, FASTRPC_ALIGN); 824 for (oix = 0; oix < ctx->nbufs; oix++) { 825 int i = ctx->olaps[oix].raix; 826 827 if (ctx->args[i].fd == 0 || ctx->args[i].fd == -1) { 828 829 if (ctx->olaps[oix].offset == 0) 830 size = ALIGN(size, FASTRPC_ALIGN); 831 832 size += (ctx->olaps[oix].mend - ctx->olaps[oix].mstart); 833 } 834 } 835 836 return size; 837 } 838 839 static int fastrpc_create_maps(struct fastrpc_invoke_ctx *ctx) 840 { 841 struct device *dev = ctx->fl->sctx->dev; 842 int i, err; 843 844 for (i = 0; i < ctx->nscalars; ++i) { 845 846 if (ctx->args[i].fd == 0 || ctx->args[i].fd == -1 || 847 ctx->args[i].length == 0) 848 continue; 849 850 err = fastrpc_map_create(ctx->fl, ctx->args[i].fd, 851 ctx->args[i].length, ctx->args[i].attr, &ctx->maps[i]); 852 if (err) { 853 dev_err(dev, "Error Creating map %d\n", err); 854 return -EINVAL; 855 } 856 857 } 858 return 0; 859 } 860 861 static struct fastrpc_invoke_buf *fastrpc_invoke_buf_start(union fastrpc_remote_arg *pra, int len) 862 { 863 return (struct fastrpc_invoke_buf *)(&pra[len]); 864 } 865 866 static struct fastrpc_phy_page *fastrpc_phy_page_start(struct fastrpc_invoke_buf *buf, int len) 867 { 868 return (struct fastrpc_phy_page *)(&buf[len]); 869 } 870 871 static int fastrpc_get_args(u32 kernel, struct fastrpc_invoke_ctx *ctx) 872 { 873 struct device *dev = ctx->fl->sctx->dev; 874 union fastrpc_remote_arg *rpra; 875 struct fastrpc_invoke_buf *list; 876 struct fastrpc_phy_page *pages; 877 int inbufs, i, oix, err = 0; 878 u64 len, rlen, pkt_size; 879 u64 pg_start, pg_end; 880 uintptr_t args; 881 int metalen; 882 883 inbufs = REMOTE_SCALARS_INBUFS(ctx->sc); 884 metalen = fastrpc_get_meta_size(ctx); 885 pkt_size = fastrpc_get_payload_size(ctx, metalen); 886 887 err = fastrpc_create_maps(ctx); 888 if (err) 889 return err; 890 891 ctx->msg_sz = pkt_size; 892 893 err = fastrpc_buf_alloc(ctx->fl, dev, pkt_size, &ctx->buf); 894 if (err) 895 return err; 896 897 rpra = ctx->buf->virt; 898 list = fastrpc_invoke_buf_start(rpra, ctx->nscalars); 899 pages = fastrpc_phy_page_start(list, ctx->nscalars); 900 args = (uintptr_t)ctx->buf->virt + metalen; 901 rlen = pkt_size - metalen; 902 ctx->rpra = rpra; 903 904 for (oix = 0; oix < ctx->nbufs; ++oix) { 905 int mlen; 906 907 i = ctx->olaps[oix].raix; 908 len = ctx->args[i].length; 909 910 rpra[i].buf.pv = 0; 911 rpra[i].buf.len = len; 912 list[i].num = len ? 1 : 0; 913 list[i].pgidx = i; 914 915 if (!len) 916 continue; 917 918 if (ctx->maps[i]) { 919 struct vm_area_struct *vma = NULL; 920 921 rpra[i].buf.pv = (u64) ctx->args[i].ptr; 922 pages[i].addr = ctx->maps[i]->phys; 923 924 mmap_read_lock(current->mm); 925 vma = find_vma(current->mm, ctx->args[i].ptr); 926 if (vma) 927 pages[i].addr += ctx->args[i].ptr - 928 vma->vm_start; 929 mmap_read_unlock(current->mm); 930 931 pg_start = (ctx->args[i].ptr & PAGE_MASK) >> PAGE_SHIFT; 932 pg_end = ((ctx->args[i].ptr + len - 1) & PAGE_MASK) >> 933 PAGE_SHIFT; 934 pages[i].size = (pg_end - pg_start + 1) * PAGE_SIZE; 935 936 } else { 937 938 if (ctx->olaps[oix].offset == 0) { 939 rlen -= ALIGN(args, FASTRPC_ALIGN) - args; 940 args = ALIGN(args, FASTRPC_ALIGN); 941 } 942 943 mlen = ctx->olaps[oix].mend - ctx->olaps[oix].mstart; 944 945 if (rlen < mlen) 946 goto bail; 947 948 rpra[i].buf.pv = args - ctx->olaps[oix].offset; 949 pages[i].addr = ctx->buf->phys - 950 ctx->olaps[oix].offset + 951 (pkt_size - rlen); 952 pages[i].addr = pages[i].addr & PAGE_MASK; 953 954 pg_start = (args & PAGE_MASK) >> PAGE_SHIFT; 955 pg_end = ((args + len - 1) & PAGE_MASK) >> PAGE_SHIFT; 956 pages[i].size = (pg_end - pg_start + 1) * PAGE_SIZE; 957 args = args + mlen; 958 rlen -= mlen; 959 } 960 961 if (i < inbufs && !ctx->maps[i]) { 962 void *dst = (void *)(uintptr_t)rpra[i].buf.pv; 963 void *src = (void *)(uintptr_t)ctx->args[i].ptr; 964 965 if (!kernel) { 966 if (copy_from_user(dst, (void __user *)src, 967 len)) { 968 err = -EFAULT; 969 goto bail; 970 } 971 } else { 972 memcpy(dst, src, len); 973 } 974 } 975 } 976 977 for (i = ctx->nbufs; i < ctx->nscalars; ++i) { 978 list[i].num = ctx->args[i].length ? 1 : 0; 979 list[i].pgidx = i; 980 if (ctx->maps[i]) { 981 pages[i].addr = ctx->maps[i]->phys; 982 pages[i].size = ctx->maps[i]->size; 983 } 984 rpra[i].dma.fd = ctx->args[i].fd; 985 rpra[i].dma.len = ctx->args[i].length; 986 rpra[i].dma.offset = (u64) ctx->args[i].ptr; 987 } 988 989 bail: 990 if (err) 991 dev_err(dev, "Error: get invoke args failed:%d\n", err); 992 993 return err; 994 } 995 996 static int fastrpc_put_args(struct fastrpc_invoke_ctx *ctx, 997 u32 kernel) 998 { 999 union fastrpc_remote_arg *rpra = ctx->rpra; 1000 struct fastrpc_user *fl = ctx->fl; 1001 struct fastrpc_map *mmap = NULL; 1002 struct fastrpc_invoke_buf *list; 1003 struct fastrpc_phy_page *pages; 1004 u64 *fdlist; 1005 int i, inbufs, outbufs, handles; 1006 1007 inbufs = REMOTE_SCALARS_INBUFS(ctx->sc); 1008 outbufs = REMOTE_SCALARS_OUTBUFS(ctx->sc); 1009 handles = REMOTE_SCALARS_INHANDLES(ctx->sc) + REMOTE_SCALARS_OUTHANDLES(ctx->sc); 1010 list = fastrpc_invoke_buf_start(rpra, ctx->nscalars); 1011 pages = fastrpc_phy_page_start(list, ctx->nscalars); 1012 fdlist = (uint64_t *)(pages + inbufs + outbufs + handles); 1013 1014 for (i = inbufs; i < ctx->nbufs; ++i) { 1015 if (!ctx->maps[i]) { 1016 void *src = (void *)(uintptr_t)rpra[i].buf.pv; 1017 void *dst = (void *)(uintptr_t)ctx->args[i].ptr; 1018 u64 len = rpra[i].buf.len; 1019 1020 if (!kernel) { 1021 if (copy_to_user((void __user *)dst, src, len)) 1022 return -EFAULT; 1023 } else { 1024 memcpy(dst, src, len); 1025 } 1026 } 1027 } 1028 1029 for (i = 0; i < FASTRPC_MAX_FDLIST; i++) { 1030 if (!fdlist[i]) 1031 break; 1032 if (!fastrpc_map_lookup(fl, (int)fdlist[i], &mmap)) 1033 fastrpc_map_put(mmap); 1034 } 1035 1036 return 0; 1037 } 1038 1039 static int fastrpc_invoke_send(struct fastrpc_session_ctx *sctx, 1040 struct fastrpc_invoke_ctx *ctx, 1041 u32 kernel, uint32_t handle) 1042 { 1043 struct fastrpc_channel_ctx *cctx; 1044 struct fastrpc_user *fl = ctx->fl; 1045 struct fastrpc_msg *msg = &ctx->msg; 1046 int ret; 1047 1048 cctx = fl->cctx; 1049 msg->pid = fl->tgid; 1050 msg->tid = current->pid; 1051 1052 if (kernel) 1053 msg->pid = 0; 1054 1055 msg->ctx = ctx->ctxid | fl->pd; 1056 msg->handle = handle; 1057 msg->sc = ctx->sc; 1058 msg->addr = ctx->buf ? ctx->buf->phys : 0; 1059 msg->size = roundup(ctx->msg_sz, PAGE_SIZE); 1060 fastrpc_context_get(ctx); 1061 1062 ret = rpmsg_send(cctx->rpdev->ept, (void *)msg, sizeof(*msg)); 1063 1064 if (ret) 1065 fastrpc_context_put(ctx); 1066 1067 return ret; 1068 1069 } 1070 1071 static int fastrpc_internal_invoke(struct fastrpc_user *fl, u32 kernel, 1072 u32 handle, u32 sc, 1073 struct fastrpc_invoke_args *args) 1074 { 1075 struct fastrpc_invoke_ctx *ctx = NULL; 1076 int err = 0; 1077 1078 if (!fl->sctx) 1079 return -EINVAL; 1080 1081 if (!fl->cctx->rpdev) 1082 return -EPIPE; 1083 1084 if (handle == FASTRPC_INIT_HANDLE && !kernel) { 1085 dev_warn_ratelimited(fl->sctx->dev, "user app trying to send a kernel RPC message (%d)\n", handle); 1086 return -EPERM; 1087 } 1088 1089 ctx = fastrpc_context_alloc(fl, kernel, sc, args); 1090 if (IS_ERR(ctx)) 1091 return PTR_ERR(ctx); 1092 1093 if (ctx->nscalars) { 1094 err = fastrpc_get_args(kernel, ctx); 1095 if (err) 1096 goto bail; 1097 } 1098 1099 /* make sure that all CPU memory writes are seen by DSP */ 1100 dma_wmb(); 1101 /* Send invoke buffer to remote dsp */ 1102 err = fastrpc_invoke_send(fl->sctx, ctx, kernel, handle); 1103 if (err) 1104 goto bail; 1105 1106 if (kernel) { 1107 if (!wait_for_completion_timeout(&ctx->work, 10 * HZ)) 1108 err = -ETIMEDOUT; 1109 } else { 1110 err = wait_for_completion_interruptible(&ctx->work); 1111 } 1112 1113 if (err) 1114 goto bail; 1115 1116 /* Check the response from remote dsp */ 1117 err = ctx->retval; 1118 if (err) 1119 goto bail; 1120 1121 if (ctx->nscalars) { 1122 /* make sure that all memory writes by DSP are seen by CPU */ 1123 dma_rmb(); 1124 /* populate all the output buffers with results */ 1125 err = fastrpc_put_args(ctx, kernel); 1126 if (err) 1127 goto bail; 1128 } 1129 1130 bail: 1131 if (err != -ERESTARTSYS && err != -ETIMEDOUT) { 1132 /* We are done with this compute context */ 1133 spin_lock(&fl->lock); 1134 list_del(&ctx->node); 1135 spin_unlock(&fl->lock); 1136 fastrpc_context_put(ctx); 1137 } 1138 if (err) 1139 dev_dbg(fl->sctx->dev, "Error: Invoke Failed %d\n", err); 1140 1141 return err; 1142 } 1143 1144 static bool is_session_rejected(struct fastrpc_user *fl, bool unsigned_pd_request) 1145 { 1146 /* Check if the device node is non-secure and channel is secure*/ 1147 if (!fl->is_secure_dev && fl->cctx->secure) { 1148 /* 1149 * Allow untrusted applications to offload only to Unsigned PD when 1150 * channel is configured as secure and block untrusted apps on channel 1151 * that does not support unsigned PD offload 1152 */ 1153 if (!fl->cctx->unsigned_support || !unsigned_pd_request) { 1154 dev_err(&fl->cctx->rpdev->dev, "Error: Untrusted application trying to offload to signed PD"); 1155 return true; 1156 } 1157 } 1158 1159 return false; 1160 } 1161 1162 static int fastrpc_init_create_process(struct fastrpc_user *fl, 1163 char __user *argp) 1164 { 1165 struct fastrpc_init_create init; 1166 struct fastrpc_invoke_args *args; 1167 struct fastrpc_phy_page pages[1]; 1168 struct fastrpc_map *map = NULL; 1169 struct fastrpc_buf *imem = NULL; 1170 int memlen; 1171 int err; 1172 struct { 1173 int pgid; 1174 u32 namelen; 1175 u32 filelen; 1176 u32 pageslen; 1177 u32 attrs; 1178 u32 siglen; 1179 } inbuf; 1180 u32 sc; 1181 bool unsigned_module = false; 1182 1183 args = kcalloc(FASTRPC_CREATE_PROCESS_NARGS, sizeof(*args), GFP_KERNEL); 1184 if (!args) 1185 return -ENOMEM; 1186 1187 if (copy_from_user(&init, argp, sizeof(init))) { 1188 err = -EFAULT; 1189 goto err; 1190 } 1191 1192 if (init.attrs & FASTRPC_MODE_UNSIGNED_MODULE) 1193 unsigned_module = true; 1194 1195 if (is_session_rejected(fl, unsigned_module)) { 1196 err = -ECONNREFUSED; 1197 goto err; 1198 } 1199 1200 if (init.filelen > INIT_FILELEN_MAX) { 1201 err = -EINVAL; 1202 goto err; 1203 } 1204 1205 inbuf.pgid = fl->tgid; 1206 inbuf.namelen = strlen(current->comm) + 1; 1207 inbuf.filelen = init.filelen; 1208 inbuf.pageslen = 1; 1209 inbuf.attrs = init.attrs; 1210 inbuf.siglen = init.siglen; 1211 fl->pd = USER_PD; 1212 1213 if (init.filelen && init.filefd) { 1214 err = fastrpc_map_create(fl, init.filefd, init.filelen, 0, &map); 1215 if (err) 1216 goto err; 1217 } 1218 1219 memlen = ALIGN(max(INIT_FILELEN_MAX, (int)init.filelen * 4), 1220 1024 * 1024); 1221 err = fastrpc_buf_alloc(fl, fl->sctx->dev, memlen, 1222 &imem); 1223 if (err) 1224 goto err_alloc; 1225 1226 fl->init_mem = imem; 1227 args[0].ptr = (u64)(uintptr_t)&inbuf; 1228 args[0].length = sizeof(inbuf); 1229 args[0].fd = -1; 1230 1231 args[1].ptr = (u64)(uintptr_t)current->comm; 1232 args[1].length = inbuf.namelen; 1233 args[1].fd = -1; 1234 1235 args[2].ptr = (u64) init.file; 1236 args[2].length = inbuf.filelen; 1237 args[2].fd = init.filefd; 1238 1239 pages[0].addr = imem->phys; 1240 pages[0].size = imem->size; 1241 1242 args[3].ptr = (u64)(uintptr_t) pages; 1243 args[3].length = 1 * sizeof(*pages); 1244 args[3].fd = -1; 1245 1246 args[4].ptr = (u64)(uintptr_t)&inbuf.attrs; 1247 args[4].length = sizeof(inbuf.attrs); 1248 args[4].fd = -1; 1249 1250 args[5].ptr = (u64)(uintptr_t) &inbuf.siglen; 1251 args[5].length = sizeof(inbuf.siglen); 1252 args[5].fd = -1; 1253 1254 sc = FASTRPC_SCALARS(FASTRPC_RMID_INIT_CREATE, 4, 0); 1255 if (init.attrs) 1256 sc = FASTRPC_SCALARS(FASTRPC_RMID_INIT_CREATE_ATTR, 6, 0); 1257 1258 err = fastrpc_internal_invoke(fl, true, FASTRPC_INIT_HANDLE, 1259 sc, args); 1260 if (err) 1261 goto err_invoke; 1262 1263 kfree(args); 1264 1265 return 0; 1266 1267 err_invoke: 1268 fl->init_mem = NULL; 1269 fastrpc_buf_free(imem); 1270 err_alloc: 1271 if (map) { 1272 spin_lock(&fl->lock); 1273 list_del(&map->node); 1274 spin_unlock(&fl->lock); 1275 fastrpc_map_put(map); 1276 } 1277 err: 1278 kfree(args); 1279 1280 return err; 1281 } 1282 1283 static struct fastrpc_session_ctx *fastrpc_session_alloc( 1284 struct fastrpc_channel_ctx *cctx) 1285 { 1286 struct fastrpc_session_ctx *session = NULL; 1287 unsigned long flags; 1288 int i; 1289 1290 spin_lock_irqsave(&cctx->lock, flags); 1291 for (i = 0; i < cctx->sesscount; i++) { 1292 if (!cctx->session[i].used && cctx->session[i].valid) { 1293 cctx->session[i].used = true; 1294 session = &cctx->session[i]; 1295 break; 1296 } 1297 } 1298 spin_unlock_irqrestore(&cctx->lock, flags); 1299 1300 return session; 1301 } 1302 1303 static void fastrpc_session_free(struct fastrpc_channel_ctx *cctx, 1304 struct fastrpc_session_ctx *session) 1305 { 1306 unsigned long flags; 1307 1308 spin_lock_irqsave(&cctx->lock, flags); 1309 session->used = false; 1310 spin_unlock_irqrestore(&cctx->lock, flags); 1311 } 1312 1313 static int fastrpc_release_current_dsp_process(struct fastrpc_user *fl) 1314 { 1315 struct fastrpc_invoke_args args[1]; 1316 int tgid = 0; 1317 u32 sc; 1318 1319 tgid = fl->tgid; 1320 args[0].ptr = (u64)(uintptr_t) &tgid; 1321 args[0].length = sizeof(tgid); 1322 args[0].fd = -1; 1323 sc = FASTRPC_SCALARS(FASTRPC_RMID_INIT_RELEASE, 1, 0); 1324 1325 return fastrpc_internal_invoke(fl, true, FASTRPC_INIT_HANDLE, 1326 sc, &args[0]); 1327 } 1328 1329 static int fastrpc_device_release(struct inode *inode, struct file *file) 1330 { 1331 struct fastrpc_user *fl = (struct fastrpc_user *)file->private_data; 1332 struct fastrpc_channel_ctx *cctx = fl->cctx; 1333 struct fastrpc_invoke_ctx *ctx, *n; 1334 struct fastrpc_map *map, *m; 1335 struct fastrpc_buf *buf, *b; 1336 unsigned long flags; 1337 1338 fastrpc_release_current_dsp_process(fl); 1339 1340 spin_lock_irqsave(&cctx->lock, flags); 1341 list_del(&fl->user); 1342 spin_unlock_irqrestore(&cctx->lock, flags); 1343 1344 if (fl->init_mem) 1345 fastrpc_buf_free(fl->init_mem); 1346 1347 list_for_each_entry_safe(ctx, n, &fl->pending, node) { 1348 list_del(&ctx->node); 1349 fastrpc_context_put(ctx); 1350 } 1351 1352 list_for_each_entry_safe(map, m, &fl->maps, node) { 1353 list_del(&map->node); 1354 fastrpc_map_put(map); 1355 } 1356 1357 list_for_each_entry_safe(buf, b, &fl->mmaps, node) { 1358 list_del(&buf->node); 1359 fastrpc_buf_free(buf); 1360 } 1361 1362 fastrpc_session_free(cctx, fl->sctx); 1363 fastrpc_channel_ctx_put(cctx); 1364 1365 mutex_destroy(&fl->mutex); 1366 kfree(fl); 1367 file->private_data = NULL; 1368 1369 return 0; 1370 } 1371 1372 static int fastrpc_device_open(struct inode *inode, struct file *filp) 1373 { 1374 struct fastrpc_channel_ctx *cctx; 1375 struct fastrpc_device *fdevice; 1376 struct fastrpc_user *fl = NULL; 1377 unsigned long flags; 1378 1379 fdevice = miscdev_to_fdevice(filp->private_data); 1380 cctx = fdevice->cctx; 1381 1382 fl = kzalloc(sizeof(*fl), GFP_KERNEL); 1383 if (!fl) 1384 return -ENOMEM; 1385 1386 /* Released in fastrpc_device_release() */ 1387 fastrpc_channel_ctx_get(cctx); 1388 1389 filp->private_data = fl; 1390 spin_lock_init(&fl->lock); 1391 mutex_init(&fl->mutex); 1392 INIT_LIST_HEAD(&fl->pending); 1393 INIT_LIST_HEAD(&fl->maps); 1394 INIT_LIST_HEAD(&fl->mmaps); 1395 INIT_LIST_HEAD(&fl->user); 1396 fl->tgid = current->tgid; 1397 fl->cctx = cctx; 1398 fl->is_secure_dev = fdevice->secure; 1399 1400 fl->sctx = fastrpc_session_alloc(cctx); 1401 if (!fl->sctx) { 1402 dev_err(&cctx->rpdev->dev, "No session available\n"); 1403 mutex_destroy(&fl->mutex); 1404 kfree(fl); 1405 1406 return -EBUSY; 1407 } 1408 1409 spin_lock_irqsave(&cctx->lock, flags); 1410 list_add_tail(&fl->user, &cctx->users); 1411 spin_unlock_irqrestore(&cctx->lock, flags); 1412 1413 return 0; 1414 } 1415 1416 static int fastrpc_dmabuf_alloc(struct fastrpc_user *fl, char __user *argp) 1417 { 1418 struct fastrpc_alloc_dma_buf bp; 1419 DEFINE_DMA_BUF_EXPORT_INFO(exp_info); 1420 struct fastrpc_buf *buf = NULL; 1421 int err; 1422 1423 if (copy_from_user(&bp, argp, sizeof(bp))) 1424 return -EFAULT; 1425 1426 err = fastrpc_buf_alloc(fl, fl->sctx->dev, bp.size, &buf); 1427 if (err) 1428 return err; 1429 exp_info.ops = &fastrpc_dma_buf_ops; 1430 exp_info.size = bp.size; 1431 exp_info.flags = O_RDWR; 1432 exp_info.priv = buf; 1433 buf->dmabuf = dma_buf_export(&exp_info); 1434 if (IS_ERR(buf->dmabuf)) { 1435 err = PTR_ERR(buf->dmabuf); 1436 fastrpc_buf_free(buf); 1437 return err; 1438 } 1439 1440 bp.fd = dma_buf_fd(buf->dmabuf, O_ACCMODE); 1441 if (bp.fd < 0) { 1442 dma_buf_put(buf->dmabuf); 1443 return -EINVAL; 1444 } 1445 1446 if (copy_to_user(argp, &bp, sizeof(bp))) { 1447 /* 1448 * The usercopy failed, but we can't do much about it, as 1449 * dma_buf_fd() already called fd_install() and made the 1450 * file descriptor accessible for the current process. It 1451 * might already be closed and dmabuf no longer valid when 1452 * we reach this point. Therefore "leak" the fd and rely on 1453 * the process exit path to do any required cleanup. 1454 */ 1455 return -EFAULT; 1456 } 1457 1458 return 0; 1459 } 1460 1461 static int fastrpc_init_attach(struct fastrpc_user *fl, int pd) 1462 { 1463 struct fastrpc_invoke_args args[1]; 1464 int tgid = fl->tgid; 1465 u32 sc; 1466 1467 args[0].ptr = (u64)(uintptr_t) &tgid; 1468 args[0].length = sizeof(tgid); 1469 args[0].fd = -1; 1470 sc = FASTRPC_SCALARS(FASTRPC_RMID_INIT_ATTACH, 1, 0); 1471 fl->pd = pd; 1472 1473 return fastrpc_internal_invoke(fl, true, FASTRPC_INIT_HANDLE, 1474 sc, &args[0]); 1475 } 1476 1477 static int fastrpc_invoke(struct fastrpc_user *fl, char __user *argp) 1478 { 1479 struct fastrpc_invoke_args *args = NULL; 1480 struct fastrpc_invoke inv; 1481 u32 nscalars; 1482 int err; 1483 1484 if (copy_from_user(&inv, argp, sizeof(inv))) 1485 return -EFAULT; 1486 1487 /* nscalars is truncated here to max supported value */ 1488 nscalars = REMOTE_SCALARS_LENGTH(inv.sc); 1489 if (nscalars) { 1490 args = kcalloc(nscalars, sizeof(*args), GFP_KERNEL); 1491 if (!args) 1492 return -ENOMEM; 1493 1494 if (copy_from_user(args, (void __user *)(uintptr_t)inv.args, 1495 nscalars * sizeof(*args))) { 1496 kfree(args); 1497 return -EFAULT; 1498 } 1499 } 1500 1501 err = fastrpc_internal_invoke(fl, false, inv.handle, inv.sc, args); 1502 kfree(args); 1503 1504 return err; 1505 } 1506 1507 static int fastrpc_get_info_from_dsp(struct fastrpc_user *fl, uint32_t *dsp_attr_buf, 1508 uint32_t dsp_attr_buf_len) 1509 { 1510 struct fastrpc_invoke_args args[2] = { 0 }; 1511 1512 /* Capability filled in userspace */ 1513 dsp_attr_buf[0] = 0; 1514 1515 args[0].ptr = (u64)(uintptr_t)&dsp_attr_buf_len; 1516 args[0].length = sizeof(dsp_attr_buf_len); 1517 args[0].fd = -1; 1518 args[1].ptr = (u64)(uintptr_t)&dsp_attr_buf[1]; 1519 args[1].length = dsp_attr_buf_len; 1520 args[1].fd = -1; 1521 fl->pd = USER_PD; 1522 1523 return fastrpc_internal_invoke(fl, true, FASTRPC_DSP_UTILITIES_HANDLE, 1524 FASTRPC_SCALARS(0, 1, 1), args); 1525 } 1526 1527 static int fastrpc_get_info_from_kernel(struct fastrpc_ioctl_capability *cap, 1528 struct fastrpc_user *fl) 1529 { 1530 struct fastrpc_channel_ctx *cctx = fl->cctx; 1531 uint32_t attribute_id = cap->attribute_id; 1532 uint32_t *dsp_attributes; 1533 unsigned long flags; 1534 uint32_t domain = cap->domain; 1535 int err; 1536 1537 spin_lock_irqsave(&cctx->lock, flags); 1538 /* check if we already have queried dsp for attributes */ 1539 if (cctx->valid_attributes) { 1540 spin_unlock_irqrestore(&cctx->lock, flags); 1541 goto done; 1542 } 1543 spin_unlock_irqrestore(&cctx->lock, flags); 1544 1545 dsp_attributes = kzalloc(FASTRPC_MAX_DSP_ATTRIBUTES_LEN, GFP_KERNEL); 1546 if (!dsp_attributes) 1547 return -ENOMEM; 1548 1549 err = fastrpc_get_info_from_dsp(fl, dsp_attributes, FASTRPC_MAX_DSP_ATTRIBUTES_LEN); 1550 if (err == DSP_UNSUPPORTED_API) { 1551 dev_info(&cctx->rpdev->dev, 1552 "Warning: DSP capabilities not supported on domain: %d\n", domain); 1553 kfree(dsp_attributes); 1554 return -EOPNOTSUPP; 1555 } else if (err) { 1556 dev_err(&cctx->rpdev->dev, "Error: dsp information is incorrect err: %d\n", err); 1557 kfree(dsp_attributes); 1558 return err; 1559 } 1560 1561 spin_lock_irqsave(&cctx->lock, flags); 1562 memcpy(cctx->dsp_attributes, dsp_attributes, FASTRPC_MAX_DSP_ATTRIBUTES_LEN); 1563 cctx->valid_attributes = true; 1564 spin_unlock_irqrestore(&cctx->lock, flags); 1565 kfree(dsp_attributes); 1566 done: 1567 cap->capability = cctx->dsp_attributes[attribute_id]; 1568 return 0; 1569 } 1570 1571 static int fastrpc_get_dsp_info(struct fastrpc_user *fl, char __user *argp) 1572 { 1573 struct fastrpc_ioctl_capability cap = {0}; 1574 int err = 0; 1575 1576 if (copy_from_user(&cap, argp, sizeof(cap))) 1577 return -EFAULT; 1578 1579 cap.capability = 0; 1580 if (cap.domain >= FASTRPC_DEV_MAX) { 1581 dev_err(&fl->cctx->rpdev->dev, "Error: Invalid domain id:%d, err:%d\n", 1582 cap.domain, err); 1583 return -ECHRNG; 1584 } 1585 1586 /* Fastrpc Capablities does not support modem domain */ 1587 if (cap.domain == MDSP_DOMAIN_ID) { 1588 dev_err(&fl->cctx->rpdev->dev, "Error: modem not supported %d\n", err); 1589 return -ECHRNG; 1590 } 1591 1592 if (cap.attribute_id >= FASTRPC_MAX_DSP_ATTRIBUTES) { 1593 dev_err(&fl->cctx->rpdev->dev, "Error: invalid attribute: %d, err: %d\n", 1594 cap.attribute_id, err); 1595 return -EOVERFLOW; 1596 } 1597 1598 err = fastrpc_get_info_from_kernel(&cap, fl); 1599 if (err) 1600 return err; 1601 1602 if (copy_to_user(argp, &cap.capability, sizeof(cap.capability))) 1603 return -EFAULT; 1604 1605 return 0; 1606 } 1607 1608 static int fastrpc_req_munmap_impl(struct fastrpc_user *fl, 1609 struct fastrpc_req_munmap *req) 1610 { 1611 struct fastrpc_invoke_args args[1] = { [0] = { 0 } }; 1612 struct fastrpc_buf *buf = NULL, *iter, *b; 1613 struct fastrpc_munmap_req_msg req_msg; 1614 struct device *dev = fl->sctx->dev; 1615 int err; 1616 u32 sc; 1617 1618 spin_lock(&fl->lock); 1619 list_for_each_entry_safe(iter, b, &fl->mmaps, node) { 1620 if ((iter->raddr == req->vaddrout) && (iter->size == req->size)) { 1621 buf = iter; 1622 break; 1623 } 1624 } 1625 spin_unlock(&fl->lock); 1626 1627 if (!buf) { 1628 dev_err(dev, "mmap not in list\n"); 1629 return -EINVAL; 1630 } 1631 1632 req_msg.pgid = fl->tgid; 1633 req_msg.size = buf->size; 1634 req_msg.vaddr = buf->raddr; 1635 1636 args[0].ptr = (u64) (uintptr_t) &req_msg; 1637 args[0].length = sizeof(req_msg); 1638 1639 sc = FASTRPC_SCALARS(FASTRPC_RMID_INIT_MUNMAP, 1, 0); 1640 err = fastrpc_internal_invoke(fl, true, FASTRPC_INIT_HANDLE, sc, 1641 &args[0]); 1642 if (!err) { 1643 dev_dbg(dev, "unmmap\tpt 0x%09lx OK\n", buf->raddr); 1644 spin_lock(&fl->lock); 1645 list_del(&buf->node); 1646 spin_unlock(&fl->lock); 1647 fastrpc_buf_free(buf); 1648 } else { 1649 dev_err(dev, "unmmap\tpt 0x%09lx ERROR\n", buf->raddr); 1650 } 1651 1652 return err; 1653 } 1654 1655 static int fastrpc_req_munmap(struct fastrpc_user *fl, char __user *argp) 1656 { 1657 struct fastrpc_req_munmap req; 1658 1659 if (copy_from_user(&req, argp, sizeof(req))) 1660 return -EFAULT; 1661 1662 return fastrpc_req_munmap_impl(fl, &req); 1663 } 1664 1665 static int fastrpc_req_mmap(struct fastrpc_user *fl, char __user *argp) 1666 { 1667 struct fastrpc_invoke_args args[3] = { [0 ... 2] = { 0 } }; 1668 struct fastrpc_buf *buf = NULL; 1669 struct fastrpc_mmap_req_msg req_msg; 1670 struct fastrpc_mmap_rsp_msg rsp_msg; 1671 struct fastrpc_req_munmap req_unmap; 1672 struct fastrpc_phy_page pages; 1673 struct fastrpc_req_mmap req; 1674 struct device *dev = fl->sctx->dev; 1675 int err; 1676 u32 sc; 1677 1678 if (copy_from_user(&req, argp, sizeof(req))) 1679 return -EFAULT; 1680 1681 if (req.flags != ADSP_MMAP_ADD_PAGES) { 1682 dev_err(dev, "flag not supported 0x%x\n", req.flags); 1683 return -EINVAL; 1684 } 1685 1686 if (req.vaddrin) { 1687 dev_err(dev, "adding user allocated pages is not supported\n"); 1688 return -EINVAL; 1689 } 1690 1691 err = fastrpc_buf_alloc(fl, fl->sctx->dev, req.size, &buf); 1692 if (err) { 1693 dev_err(dev, "failed to allocate buffer\n"); 1694 return err; 1695 } 1696 1697 req_msg.pgid = fl->tgid; 1698 req_msg.flags = req.flags; 1699 req_msg.vaddr = req.vaddrin; 1700 req_msg.num = sizeof(pages); 1701 1702 args[0].ptr = (u64) (uintptr_t) &req_msg; 1703 args[0].length = sizeof(req_msg); 1704 1705 pages.addr = buf->phys; 1706 pages.size = buf->size; 1707 1708 args[1].ptr = (u64) (uintptr_t) &pages; 1709 args[1].length = sizeof(pages); 1710 1711 args[2].ptr = (u64) (uintptr_t) &rsp_msg; 1712 args[2].length = sizeof(rsp_msg); 1713 1714 sc = FASTRPC_SCALARS(FASTRPC_RMID_INIT_MMAP, 2, 1); 1715 err = fastrpc_internal_invoke(fl, true, FASTRPC_INIT_HANDLE, sc, 1716 &args[0]); 1717 if (err) { 1718 dev_err(dev, "mmap error (len 0x%08llx)\n", buf->size); 1719 goto err_invoke; 1720 } 1721 1722 /* update the buffer to be able to deallocate the memory on the DSP */ 1723 buf->raddr = (uintptr_t) rsp_msg.vaddr; 1724 1725 /* let the client know the address to use */ 1726 req.vaddrout = rsp_msg.vaddr; 1727 1728 spin_lock(&fl->lock); 1729 list_add_tail(&buf->node, &fl->mmaps); 1730 spin_unlock(&fl->lock); 1731 1732 if (copy_to_user((void __user *)argp, &req, sizeof(req))) { 1733 /* unmap the memory and release the buffer */ 1734 req_unmap.vaddrout = buf->raddr; 1735 req_unmap.size = buf->size; 1736 fastrpc_req_munmap_impl(fl, &req_unmap); 1737 return -EFAULT; 1738 } 1739 1740 dev_dbg(dev, "mmap\t\tpt 0x%09lx OK [len 0x%08llx]\n", 1741 buf->raddr, buf->size); 1742 1743 return 0; 1744 1745 err_invoke: 1746 fastrpc_buf_free(buf); 1747 1748 return err; 1749 } 1750 1751 static int fastrpc_req_mem_unmap_impl(struct fastrpc_user *fl, struct fastrpc_mem_unmap *req) 1752 { 1753 struct fastrpc_invoke_args args[1] = { [0] = { 0 } }; 1754 struct fastrpc_map *map = NULL, *iter, *m; 1755 struct fastrpc_mem_unmap_req_msg req_msg = { 0 }; 1756 int err = 0; 1757 u32 sc; 1758 struct device *dev = fl->sctx->dev; 1759 1760 spin_lock(&fl->lock); 1761 list_for_each_entry_safe(iter, m, &fl->maps, node) { 1762 if ((req->fd < 0 || iter->fd == req->fd) && (iter->raddr == req->vaddr)) { 1763 map = iter; 1764 break; 1765 } 1766 } 1767 1768 spin_unlock(&fl->lock); 1769 1770 if (!map) { 1771 dev_err(dev, "map not in list\n"); 1772 return -EINVAL; 1773 } 1774 1775 req_msg.pgid = fl->tgid; 1776 req_msg.len = map->len; 1777 req_msg.vaddrin = map->raddr; 1778 req_msg.fd = map->fd; 1779 1780 args[0].ptr = (u64) (uintptr_t) &req_msg; 1781 args[0].length = sizeof(req_msg); 1782 1783 sc = FASTRPC_SCALARS(FASTRPC_RMID_INIT_MEM_UNMAP, 1, 0); 1784 err = fastrpc_internal_invoke(fl, true, FASTRPC_INIT_HANDLE, sc, 1785 &args[0]); 1786 fastrpc_map_put(map); 1787 if (err) 1788 dev_err(dev, "unmmap\tpt fd = %d, 0x%09llx error\n", map->fd, map->raddr); 1789 1790 return err; 1791 } 1792 1793 static int fastrpc_req_mem_unmap(struct fastrpc_user *fl, char __user *argp) 1794 { 1795 struct fastrpc_mem_unmap req; 1796 1797 if (copy_from_user(&req, argp, sizeof(req))) 1798 return -EFAULT; 1799 1800 return fastrpc_req_mem_unmap_impl(fl, &req); 1801 } 1802 1803 static int fastrpc_req_mem_map(struct fastrpc_user *fl, char __user *argp) 1804 { 1805 struct fastrpc_invoke_args args[4] = { [0 ... 3] = { 0 } }; 1806 struct fastrpc_mem_map_req_msg req_msg = { 0 }; 1807 struct fastrpc_mmap_rsp_msg rsp_msg = { 0 }; 1808 struct fastrpc_mem_unmap req_unmap = { 0 }; 1809 struct fastrpc_phy_page pages = { 0 }; 1810 struct fastrpc_mem_map req; 1811 struct device *dev = fl->sctx->dev; 1812 struct fastrpc_map *map = NULL; 1813 int err; 1814 u32 sc; 1815 1816 if (copy_from_user(&req, argp, sizeof(req))) 1817 return -EFAULT; 1818 1819 /* create SMMU mapping */ 1820 err = fastrpc_map_create(fl, req.fd, req.length, 0, &map); 1821 if (err) { 1822 dev_err(dev, "failed to map buffer, fd = %d\n", req.fd); 1823 return err; 1824 } 1825 1826 req_msg.pgid = fl->tgid; 1827 req_msg.fd = req.fd; 1828 req_msg.offset = req.offset; 1829 req_msg.vaddrin = req.vaddrin; 1830 map->va = (void *) (uintptr_t) req.vaddrin; 1831 req_msg.flags = req.flags; 1832 req_msg.num = sizeof(pages); 1833 req_msg.data_len = 0; 1834 1835 args[0].ptr = (u64) (uintptr_t) &req_msg; 1836 args[0].length = sizeof(req_msg); 1837 1838 pages.addr = map->phys; 1839 pages.size = map->size; 1840 1841 args[1].ptr = (u64) (uintptr_t) &pages; 1842 args[1].length = sizeof(pages); 1843 1844 args[2].ptr = (u64) (uintptr_t) &pages; 1845 args[2].length = 0; 1846 1847 args[3].ptr = (u64) (uintptr_t) &rsp_msg; 1848 args[3].length = sizeof(rsp_msg); 1849 1850 sc = FASTRPC_SCALARS(FASTRPC_RMID_INIT_MEM_MAP, 3, 1); 1851 err = fastrpc_internal_invoke(fl, true, FASTRPC_INIT_HANDLE, sc, &args[0]); 1852 if (err) { 1853 dev_err(dev, "mem mmap error, fd %d, vaddr %llx, size %lld\n", 1854 req.fd, req.vaddrin, map->size); 1855 goto err_invoke; 1856 } 1857 1858 /* update the buffer to be able to deallocate the memory on the DSP */ 1859 map->raddr = rsp_msg.vaddr; 1860 1861 /* let the client know the address to use */ 1862 req.vaddrout = rsp_msg.vaddr; 1863 1864 if (copy_to_user((void __user *)argp, &req, sizeof(req))) { 1865 /* unmap the memory and release the buffer */ 1866 req_unmap.vaddr = (uintptr_t) rsp_msg.vaddr; 1867 req_unmap.length = map->size; 1868 fastrpc_req_mem_unmap_impl(fl, &req_unmap); 1869 return -EFAULT; 1870 } 1871 1872 return 0; 1873 1874 err_invoke: 1875 fastrpc_map_put(map); 1876 1877 return err; 1878 } 1879 1880 static long fastrpc_device_ioctl(struct file *file, unsigned int cmd, 1881 unsigned long arg) 1882 { 1883 struct fastrpc_user *fl = (struct fastrpc_user *)file->private_data; 1884 char __user *argp = (char __user *)arg; 1885 int err; 1886 1887 switch (cmd) { 1888 case FASTRPC_IOCTL_INVOKE: 1889 err = fastrpc_invoke(fl, argp); 1890 break; 1891 case FASTRPC_IOCTL_INIT_ATTACH: 1892 err = fastrpc_init_attach(fl, AUDIO_PD); 1893 break; 1894 case FASTRPC_IOCTL_INIT_ATTACH_SNS: 1895 err = fastrpc_init_attach(fl, SENSORS_PD); 1896 break; 1897 case FASTRPC_IOCTL_INIT_CREATE: 1898 err = fastrpc_init_create_process(fl, argp); 1899 break; 1900 case FASTRPC_IOCTL_ALLOC_DMA_BUFF: 1901 err = fastrpc_dmabuf_alloc(fl, argp); 1902 break; 1903 case FASTRPC_IOCTL_MMAP: 1904 err = fastrpc_req_mmap(fl, argp); 1905 break; 1906 case FASTRPC_IOCTL_MUNMAP: 1907 err = fastrpc_req_munmap(fl, argp); 1908 break; 1909 case FASTRPC_IOCTL_MEM_MAP: 1910 err = fastrpc_req_mem_map(fl, argp); 1911 break; 1912 case FASTRPC_IOCTL_MEM_UNMAP: 1913 err = fastrpc_req_mem_unmap(fl, argp); 1914 break; 1915 case FASTRPC_IOCTL_GET_DSP_INFO: 1916 err = fastrpc_get_dsp_info(fl, argp); 1917 break; 1918 default: 1919 err = -ENOTTY; 1920 break; 1921 } 1922 1923 return err; 1924 } 1925 1926 static const struct file_operations fastrpc_fops = { 1927 .open = fastrpc_device_open, 1928 .release = fastrpc_device_release, 1929 .unlocked_ioctl = fastrpc_device_ioctl, 1930 .compat_ioctl = fastrpc_device_ioctl, 1931 }; 1932 1933 static int fastrpc_cb_probe(struct platform_device *pdev) 1934 { 1935 struct fastrpc_channel_ctx *cctx; 1936 struct fastrpc_session_ctx *sess; 1937 struct device *dev = &pdev->dev; 1938 int i, sessions = 0; 1939 unsigned long flags; 1940 int rc; 1941 1942 cctx = dev_get_drvdata(dev->parent); 1943 if (!cctx) 1944 return -EINVAL; 1945 1946 of_property_read_u32(dev->of_node, "qcom,nsessions", &sessions); 1947 1948 spin_lock_irqsave(&cctx->lock, flags); 1949 if (cctx->sesscount >= FASTRPC_MAX_SESSIONS) { 1950 dev_err(&pdev->dev, "too many sessions\n"); 1951 spin_unlock_irqrestore(&cctx->lock, flags); 1952 return -ENOSPC; 1953 } 1954 sess = &cctx->session[cctx->sesscount++]; 1955 sess->used = false; 1956 sess->valid = true; 1957 sess->dev = dev; 1958 dev_set_drvdata(dev, sess); 1959 1960 if (of_property_read_u32(dev->of_node, "reg", &sess->sid)) 1961 dev_info(dev, "FastRPC Session ID not specified in DT\n"); 1962 1963 if (sessions > 0) { 1964 struct fastrpc_session_ctx *dup_sess; 1965 1966 for (i = 1; i < sessions; i++) { 1967 if (cctx->sesscount >= FASTRPC_MAX_SESSIONS) 1968 break; 1969 dup_sess = &cctx->session[cctx->sesscount++]; 1970 memcpy(dup_sess, sess, sizeof(*dup_sess)); 1971 } 1972 } 1973 spin_unlock_irqrestore(&cctx->lock, flags); 1974 rc = dma_set_mask(dev, DMA_BIT_MASK(32)); 1975 if (rc) { 1976 dev_err(dev, "32-bit DMA enable failed\n"); 1977 return rc; 1978 } 1979 1980 return 0; 1981 } 1982 1983 static int fastrpc_cb_remove(struct platform_device *pdev) 1984 { 1985 struct fastrpc_channel_ctx *cctx = dev_get_drvdata(pdev->dev.parent); 1986 struct fastrpc_session_ctx *sess = dev_get_drvdata(&pdev->dev); 1987 unsigned long flags; 1988 int i; 1989 1990 spin_lock_irqsave(&cctx->lock, flags); 1991 for (i = 1; i < FASTRPC_MAX_SESSIONS; i++) { 1992 if (cctx->session[i].sid == sess->sid) { 1993 cctx->session[i].valid = false; 1994 cctx->sesscount--; 1995 } 1996 } 1997 spin_unlock_irqrestore(&cctx->lock, flags); 1998 1999 return 0; 2000 } 2001 2002 static const struct of_device_id fastrpc_match_table[] = { 2003 { .compatible = "qcom,fastrpc-compute-cb", }, 2004 {} 2005 }; 2006 2007 static struct platform_driver fastrpc_cb_driver = { 2008 .probe = fastrpc_cb_probe, 2009 .remove = fastrpc_cb_remove, 2010 .driver = { 2011 .name = "qcom,fastrpc-cb", 2012 .of_match_table = fastrpc_match_table, 2013 .suppress_bind_attrs = true, 2014 }, 2015 }; 2016 2017 static int fastrpc_device_register(struct device *dev, struct fastrpc_channel_ctx *cctx, 2018 bool is_secured, const char *domain) 2019 { 2020 struct fastrpc_device *fdev; 2021 int err; 2022 2023 fdev = devm_kzalloc(dev, sizeof(*fdev), GFP_KERNEL); 2024 if (!fdev) 2025 return -ENOMEM; 2026 2027 fdev->secure = is_secured; 2028 fdev->cctx = cctx; 2029 fdev->miscdev.minor = MISC_DYNAMIC_MINOR; 2030 fdev->miscdev.fops = &fastrpc_fops; 2031 fdev->miscdev.name = devm_kasprintf(dev, GFP_KERNEL, "fastrpc-%s%s", 2032 domain, is_secured ? "-secure" : ""); 2033 err = misc_register(&fdev->miscdev); 2034 if (!err) { 2035 if (is_secured) 2036 cctx->secure_fdevice = fdev; 2037 else 2038 cctx->fdevice = fdev; 2039 } 2040 2041 return err; 2042 } 2043 2044 static int fastrpc_rpmsg_probe(struct rpmsg_device *rpdev) 2045 { 2046 struct device *rdev = &rpdev->dev; 2047 struct fastrpc_channel_ctx *data; 2048 int i, err, domain_id = -1, vmcount; 2049 const char *domain; 2050 bool secure_dsp; 2051 unsigned int vmids[FASTRPC_MAX_VMIDS]; 2052 2053 err = of_property_read_string(rdev->of_node, "label", &domain); 2054 if (err) { 2055 dev_info(rdev, "FastRPC Domain not specified in DT\n"); 2056 return err; 2057 } 2058 2059 for (i = 0; i <= CDSP_DOMAIN_ID; i++) { 2060 if (!strcmp(domains[i], domain)) { 2061 domain_id = i; 2062 break; 2063 } 2064 } 2065 2066 if (domain_id < 0) { 2067 dev_info(rdev, "FastRPC Invalid Domain ID %d\n", domain_id); 2068 return -EINVAL; 2069 } 2070 2071 vmcount = of_property_read_variable_u32_array(rdev->of_node, 2072 "qcom,vmids", &vmids[0], 0, FASTRPC_MAX_VMIDS); 2073 if (vmcount < 0) 2074 vmcount = 0; 2075 else if (!qcom_scm_is_available()) 2076 return -EPROBE_DEFER; 2077 2078 data = kzalloc(sizeof(*data), GFP_KERNEL); 2079 if (!data) 2080 return -ENOMEM; 2081 2082 if (vmcount) { 2083 data->vmcount = vmcount; 2084 data->perms = BIT(QCOM_SCM_VMID_HLOS); 2085 for (i = 0; i < data->vmcount; i++) { 2086 data->vmperms[i].vmid = vmids[i]; 2087 data->vmperms[i].perm = QCOM_SCM_PERM_RWX; 2088 } 2089 } 2090 2091 secure_dsp = !(of_property_read_bool(rdev->of_node, "qcom,non-secure-domain")); 2092 data->secure = secure_dsp; 2093 2094 switch (domain_id) { 2095 case ADSP_DOMAIN_ID: 2096 case MDSP_DOMAIN_ID: 2097 case SDSP_DOMAIN_ID: 2098 /* Unsigned PD offloading is only supported on CDSP*/ 2099 data->unsigned_support = false; 2100 err = fastrpc_device_register(rdev, data, secure_dsp, domains[domain_id]); 2101 if (err) 2102 goto fdev_error; 2103 break; 2104 case CDSP_DOMAIN_ID: 2105 data->unsigned_support = true; 2106 /* Create both device nodes so that we can allow both Signed and Unsigned PD */ 2107 err = fastrpc_device_register(rdev, data, true, domains[domain_id]); 2108 if (err) 2109 goto fdev_error; 2110 2111 err = fastrpc_device_register(rdev, data, false, domains[domain_id]); 2112 if (err) 2113 goto fdev_error; 2114 break; 2115 default: 2116 err = -EINVAL; 2117 goto fdev_error; 2118 } 2119 2120 kref_init(&data->refcount); 2121 2122 dev_set_drvdata(&rpdev->dev, data); 2123 dma_set_mask_and_coherent(rdev, DMA_BIT_MASK(32)); 2124 INIT_LIST_HEAD(&data->users); 2125 spin_lock_init(&data->lock); 2126 idr_init(&data->ctx_idr); 2127 data->domain_id = domain_id; 2128 data->rpdev = rpdev; 2129 2130 return of_platform_populate(rdev->of_node, NULL, NULL, rdev); 2131 fdev_error: 2132 kfree(data); 2133 return err; 2134 } 2135 2136 static void fastrpc_notify_users(struct fastrpc_user *user) 2137 { 2138 struct fastrpc_invoke_ctx *ctx; 2139 2140 spin_lock(&user->lock); 2141 list_for_each_entry(ctx, &user->pending, node) 2142 complete(&ctx->work); 2143 spin_unlock(&user->lock); 2144 } 2145 2146 static void fastrpc_rpmsg_remove(struct rpmsg_device *rpdev) 2147 { 2148 struct fastrpc_channel_ctx *cctx = dev_get_drvdata(&rpdev->dev); 2149 struct fastrpc_user *user; 2150 unsigned long flags; 2151 2152 spin_lock_irqsave(&cctx->lock, flags); 2153 list_for_each_entry(user, &cctx->users, user) 2154 fastrpc_notify_users(user); 2155 spin_unlock_irqrestore(&cctx->lock, flags); 2156 2157 if (cctx->fdevice) 2158 misc_deregister(&cctx->fdevice->miscdev); 2159 2160 if (cctx->secure_fdevice) 2161 misc_deregister(&cctx->secure_fdevice->miscdev); 2162 2163 of_platform_depopulate(&rpdev->dev); 2164 2165 cctx->rpdev = NULL; 2166 fastrpc_channel_ctx_put(cctx); 2167 } 2168 2169 static int fastrpc_rpmsg_callback(struct rpmsg_device *rpdev, void *data, 2170 int len, void *priv, u32 addr) 2171 { 2172 struct fastrpc_channel_ctx *cctx = dev_get_drvdata(&rpdev->dev); 2173 struct fastrpc_invoke_rsp *rsp = data; 2174 struct fastrpc_invoke_ctx *ctx; 2175 unsigned long flags; 2176 unsigned long ctxid; 2177 2178 if (len < sizeof(*rsp)) 2179 return -EINVAL; 2180 2181 ctxid = ((rsp->ctx & FASTRPC_CTXID_MASK) >> 4); 2182 2183 spin_lock_irqsave(&cctx->lock, flags); 2184 ctx = idr_find(&cctx->ctx_idr, ctxid); 2185 spin_unlock_irqrestore(&cctx->lock, flags); 2186 2187 if (!ctx) { 2188 dev_err(&rpdev->dev, "No context ID matches response\n"); 2189 return -ENOENT; 2190 } 2191 2192 ctx->retval = rsp->retval; 2193 complete(&ctx->work); 2194 2195 /* 2196 * The DMA buffer associated with the context cannot be freed in 2197 * interrupt context so schedule it through a worker thread to 2198 * avoid a kernel BUG. 2199 */ 2200 schedule_work(&ctx->put_work); 2201 2202 return 0; 2203 } 2204 2205 static const struct of_device_id fastrpc_rpmsg_of_match[] = { 2206 { .compatible = "qcom,fastrpc" }, 2207 { }, 2208 }; 2209 MODULE_DEVICE_TABLE(of, fastrpc_rpmsg_of_match); 2210 2211 static struct rpmsg_driver fastrpc_driver = { 2212 .probe = fastrpc_rpmsg_probe, 2213 .remove = fastrpc_rpmsg_remove, 2214 .callback = fastrpc_rpmsg_callback, 2215 .drv = { 2216 .name = "qcom,fastrpc", 2217 .of_match_table = fastrpc_rpmsg_of_match, 2218 }, 2219 }; 2220 2221 static int fastrpc_init(void) 2222 { 2223 int ret; 2224 2225 ret = platform_driver_register(&fastrpc_cb_driver); 2226 if (ret < 0) { 2227 pr_err("fastrpc: failed to register cb driver\n"); 2228 return ret; 2229 } 2230 2231 ret = register_rpmsg_driver(&fastrpc_driver); 2232 if (ret < 0) { 2233 pr_err("fastrpc: failed to register rpmsg driver\n"); 2234 platform_driver_unregister(&fastrpc_cb_driver); 2235 return ret; 2236 } 2237 2238 return 0; 2239 } 2240 module_init(fastrpc_init); 2241 2242 static void fastrpc_exit(void) 2243 { 2244 platform_driver_unregister(&fastrpc_cb_driver); 2245 unregister_rpmsg_driver(&fastrpc_driver); 2246 } 2247 module_exit(fastrpc_exit); 2248 2249 MODULE_LICENSE("GPL v2"); 2250 MODULE_IMPORT_NS(DMA_BUF); 2251