1 /* 2 * Remote Processor Framework 3 * 4 * Copyright (C) 2011 Texas Instruments, Inc. 5 * Copyright (C) 2011 Google, Inc. 6 * 7 * Ohad Ben-Cohen <ohad@wizery.com> 8 * Brian Swetland <swetland@google.com> 9 * Mark Grosen <mgrosen@ti.com> 10 * Fernando Guzman Lugo <fernando.lugo@ti.com> 11 * Suman Anna <s-anna@ti.com> 12 * Robert Tivy <rtivy@ti.com> 13 * Armando Uribe De Leon <x0095078@ti.com> 14 * 15 * This program is free software; you can redistribute it and/or 16 * modify it under the terms of the GNU General Public License 17 * version 2 as published by the Free Software Foundation. 18 * 19 * This program is distributed in the hope that it will be useful, 20 * but WITHOUT ANY WARRANTY; without even the implied warranty of 21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 22 * GNU General Public License for more details. 23 */ 24 25 #define pr_fmt(fmt) "%s: " fmt, __func__ 26 27 #include <linux/kernel.h> 28 #include <linux/module.h> 29 #include <linux/device.h> 30 #include <linux/slab.h> 31 #include <linux/mutex.h> 32 #include <linux/dma-mapping.h> 33 #include <linux/firmware.h> 34 #include <linux/string.h> 35 #include <linux/debugfs.h> 36 #include <linux/devcoredump.h> 37 #include <linux/remoteproc.h> 38 #include <linux/iommu.h> 39 #include <linux/idr.h> 40 #include <linux/elf.h> 41 #include <linux/crc32.h> 42 #include <linux/virtio_ids.h> 43 #include <linux/virtio_ring.h> 44 #include <asm/byteorder.h> 45 46 #include "remoteproc_internal.h" 47 48 static DEFINE_MUTEX(rproc_list_mutex); 49 static LIST_HEAD(rproc_list); 50 51 typedef int (*rproc_handle_resources_t)(struct rproc *rproc, 52 struct resource_table *table, int len); 53 typedef int (*rproc_handle_resource_t)(struct rproc *rproc, 54 void *, int offset, int avail); 55 56 /* Unique indices for remoteproc devices */ 57 static DEFINE_IDA(rproc_dev_index); 58 59 static const char * const rproc_crash_names[] = { 60 [RPROC_MMUFAULT] = "mmufault", 61 [RPROC_WATCHDOG] = "watchdog", 62 [RPROC_FATAL_ERROR] = "fatal error", 63 }; 64 65 /* translate rproc_crash_type to string */ 66 static const char *rproc_crash_to_string(enum rproc_crash_type type) 67 { 68 if (type < ARRAY_SIZE(rproc_crash_names)) 69 return rproc_crash_names[type]; 70 return "unknown"; 71 } 72 73 /* 74 * This is the IOMMU fault handler we register with the IOMMU API 75 * (when relevant; not all remote processors access memory through 76 * an IOMMU). 77 * 78 * IOMMU core will invoke this handler whenever the remote processor 79 * will try to access an unmapped device address. 80 */ 81 static int rproc_iommu_fault(struct iommu_domain *domain, struct device *dev, 82 unsigned long iova, int flags, void *token) 83 { 84 struct rproc *rproc = token; 85 86 dev_err(dev, "iommu fault: da 0x%lx flags 0x%x\n", iova, flags); 87 88 rproc_report_crash(rproc, RPROC_MMUFAULT); 89 90 /* 91 * Let the iommu core know we're not really handling this fault; 92 * we just used it as a recovery trigger. 93 */ 94 return -ENOSYS; 95 } 96 97 static int rproc_enable_iommu(struct rproc *rproc) 98 { 99 struct iommu_domain *domain; 100 struct device *dev = rproc->dev.parent; 101 int ret; 102 103 if (!rproc->has_iommu) { 104 dev_dbg(dev, "iommu not present\n"); 105 return 0; 106 } 107 108 domain = iommu_domain_alloc(dev->bus); 109 if (!domain) { 110 dev_err(dev, "can't alloc iommu domain\n"); 111 return -ENOMEM; 112 } 113 114 iommu_set_fault_handler(domain, rproc_iommu_fault, rproc); 115 116 ret = iommu_attach_device(domain, dev); 117 if (ret) { 118 dev_err(dev, "can't attach iommu device: %d\n", ret); 119 goto free_domain; 120 } 121 122 rproc->domain = domain; 123 124 return 0; 125 126 free_domain: 127 iommu_domain_free(domain); 128 return ret; 129 } 130 131 static void rproc_disable_iommu(struct rproc *rproc) 132 { 133 struct iommu_domain *domain = rproc->domain; 134 struct device *dev = rproc->dev.parent; 135 136 if (!domain) 137 return; 138 139 iommu_detach_device(domain, dev); 140 iommu_domain_free(domain); 141 } 142 143 /** 144 * rproc_da_to_va() - lookup the kernel virtual address for a remoteproc address 145 * @rproc: handle of a remote processor 146 * @da: remoteproc device address to translate 147 * @len: length of the memory region @da is pointing to 148 * 149 * Some remote processors will ask us to allocate them physically contiguous 150 * memory regions (which we call "carveouts"), and map them to specific 151 * device addresses (which are hardcoded in the firmware). They may also have 152 * dedicated memory regions internal to the processors, and use them either 153 * exclusively or alongside carveouts. 154 * 155 * They may then ask us to copy objects into specific device addresses (e.g. 156 * code/data sections) or expose us certain symbols in other device address 157 * (e.g. their trace buffer). 158 * 159 * This function is a helper function with which we can go over the allocated 160 * carveouts and translate specific device addresses to kernel virtual addresses 161 * so we can access the referenced memory. This function also allows to perform 162 * translations on the internal remoteproc memory regions through a platform 163 * implementation specific da_to_va ops, if present. 164 * 165 * The function returns a valid kernel address on success or NULL on failure. 166 * 167 * Note: phys_to_virt(iommu_iova_to_phys(rproc->domain, da)) will work too, 168 * but only on kernel direct mapped RAM memory. Instead, we're just using 169 * here the output of the DMA API for the carveouts, which should be more 170 * correct. 171 */ 172 void *rproc_da_to_va(struct rproc *rproc, u64 da, int len) 173 { 174 struct rproc_mem_entry *carveout; 175 void *ptr = NULL; 176 177 if (rproc->ops->da_to_va) { 178 ptr = rproc->ops->da_to_va(rproc, da, len); 179 if (ptr) 180 goto out; 181 } 182 183 list_for_each_entry(carveout, &rproc->carveouts, node) { 184 int offset = da - carveout->da; 185 186 /* try next carveout if da is too small */ 187 if (offset < 0) 188 continue; 189 190 /* try next carveout if da is too large */ 191 if (offset + len > carveout->len) 192 continue; 193 194 ptr = carveout->va + offset; 195 196 break; 197 } 198 199 out: 200 return ptr; 201 } 202 EXPORT_SYMBOL(rproc_da_to_va); 203 204 int rproc_alloc_vring(struct rproc_vdev *rvdev, int i) 205 { 206 struct rproc *rproc = rvdev->rproc; 207 struct device *dev = &rproc->dev; 208 struct rproc_vring *rvring = &rvdev->vring[i]; 209 struct fw_rsc_vdev *rsc; 210 dma_addr_t dma; 211 void *va; 212 int ret, size, notifyid; 213 214 /* actual size of vring (in bytes) */ 215 size = PAGE_ALIGN(vring_size(rvring->len, rvring->align)); 216 217 /* 218 * Allocate non-cacheable memory for the vring. In the future 219 * this call will also configure the IOMMU for us 220 */ 221 va = dma_alloc_coherent(dev->parent, size, &dma, GFP_KERNEL); 222 if (!va) { 223 dev_err(dev->parent, "dma_alloc_coherent failed\n"); 224 return -EINVAL; 225 } 226 227 /* 228 * Assign an rproc-wide unique index for this vring 229 * TODO: assign a notifyid for rvdev updates as well 230 * TODO: support predefined notifyids (via resource table) 231 */ 232 ret = idr_alloc(&rproc->notifyids, rvring, 0, 0, GFP_KERNEL); 233 if (ret < 0) { 234 dev_err(dev, "idr_alloc failed: %d\n", ret); 235 dma_free_coherent(dev->parent, size, va, dma); 236 return ret; 237 } 238 notifyid = ret; 239 240 /* Potentially bump max_notifyid */ 241 if (notifyid > rproc->max_notifyid) 242 rproc->max_notifyid = notifyid; 243 244 dev_dbg(dev, "vring%d: va %pK dma %pad size 0x%x idr %d\n", 245 i, va, &dma, size, notifyid); 246 247 rvring->va = va; 248 rvring->dma = dma; 249 rvring->notifyid = notifyid; 250 251 /* 252 * Let the rproc know the notifyid and da of this vring. 253 * Not all platforms use dma_alloc_coherent to automatically 254 * set up the iommu. In this case the device address (da) will 255 * hold the physical address and not the device address. 256 */ 257 rsc = (void *)rproc->table_ptr + rvdev->rsc_offset; 258 rsc->vring[i].da = dma; 259 rsc->vring[i].notifyid = notifyid; 260 return 0; 261 } 262 263 static int 264 rproc_parse_vring(struct rproc_vdev *rvdev, struct fw_rsc_vdev *rsc, int i) 265 { 266 struct rproc *rproc = rvdev->rproc; 267 struct device *dev = &rproc->dev; 268 struct fw_rsc_vdev_vring *vring = &rsc->vring[i]; 269 struct rproc_vring *rvring = &rvdev->vring[i]; 270 271 dev_dbg(dev, "vdev rsc: vring%d: da 0x%x, qsz %d, align %d\n", 272 i, vring->da, vring->num, vring->align); 273 274 /* verify queue size and vring alignment are sane */ 275 if (!vring->num || !vring->align) { 276 dev_err(dev, "invalid qsz (%d) or alignment (%d)\n", 277 vring->num, vring->align); 278 return -EINVAL; 279 } 280 281 rvring->len = vring->num; 282 rvring->align = vring->align; 283 rvring->rvdev = rvdev; 284 285 return 0; 286 } 287 288 void rproc_free_vring(struct rproc_vring *rvring) 289 { 290 int size = PAGE_ALIGN(vring_size(rvring->len, rvring->align)); 291 struct rproc *rproc = rvring->rvdev->rproc; 292 int idx = rvring->rvdev->vring - rvring; 293 struct fw_rsc_vdev *rsc; 294 295 dma_free_coherent(rproc->dev.parent, size, rvring->va, rvring->dma); 296 idr_remove(&rproc->notifyids, rvring->notifyid); 297 298 /* reset resource entry info */ 299 rsc = (void *)rproc->table_ptr + rvring->rvdev->rsc_offset; 300 rsc->vring[idx].da = 0; 301 rsc->vring[idx].notifyid = -1; 302 } 303 304 static int rproc_vdev_do_start(struct rproc_subdev *subdev) 305 { 306 struct rproc_vdev *rvdev = container_of(subdev, struct rproc_vdev, subdev); 307 308 return rproc_add_virtio_dev(rvdev, rvdev->id); 309 } 310 311 static void rproc_vdev_do_stop(struct rproc_subdev *subdev, bool crashed) 312 { 313 struct rproc_vdev *rvdev = container_of(subdev, struct rproc_vdev, subdev); 314 315 rproc_remove_virtio_dev(rvdev); 316 } 317 318 /** 319 * rproc_handle_vdev() - handle a vdev fw resource 320 * @rproc: the remote processor 321 * @rsc: the vring resource descriptor 322 * @avail: size of available data (for sanity checking the image) 323 * 324 * This resource entry requests the host to statically register a virtio 325 * device (vdev), and setup everything needed to support it. It contains 326 * everything needed to make it possible: the virtio device id, virtio 327 * device features, vrings information, virtio config space, etc... 328 * 329 * Before registering the vdev, the vrings are allocated from non-cacheable 330 * physically contiguous memory. Currently we only support two vrings per 331 * remote processor (temporary limitation). We might also want to consider 332 * doing the vring allocation only later when ->find_vqs() is invoked, and 333 * then release them upon ->del_vqs(). 334 * 335 * Note: @da is currently not really handled correctly: we dynamically 336 * allocate it using the DMA API, ignoring requested hard coded addresses, 337 * and we don't take care of any required IOMMU programming. This is all 338 * going to be taken care of when the generic iommu-based DMA API will be 339 * merged. Meanwhile, statically-addressed iommu-based firmware images should 340 * use RSC_DEVMEM resource entries to map their required @da to the physical 341 * address of their base CMA region (ouch, hacky!). 342 * 343 * Returns 0 on success, or an appropriate error code otherwise 344 */ 345 static int rproc_handle_vdev(struct rproc *rproc, struct fw_rsc_vdev *rsc, 346 int offset, int avail) 347 { 348 struct device *dev = &rproc->dev; 349 struct rproc_vdev *rvdev; 350 int i, ret; 351 352 /* make sure resource isn't truncated */ 353 if (sizeof(*rsc) + rsc->num_of_vrings * sizeof(struct fw_rsc_vdev_vring) 354 + rsc->config_len > avail) { 355 dev_err(dev, "vdev rsc is truncated\n"); 356 return -EINVAL; 357 } 358 359 /* make sure reserved bytes are zeroes */ 360 if (rsc->reserved[0] || rsc->reserved[1]) { 361 dev_err(dev, "vdev rsc has non zero reserved bytes\n"); 362 return -EINVAL; 363 } 364 365 dev_dbg(dev, "vdev rsc: id %d, dfeatures 0x%x, cfg len %d, %d vrings\n", 366 rsc->id, rsc->dfeatures, rsc->config_len, rsc->num_of_vrings); 367 368 /* we currently support only two vrings per rvdev */ 369 if (rsc->num_of_vrings > ARRAY_SIZE(rvdev->vring)) { 370 dev_err(dev, "too many vrings: %d\n", rsc->num_of_vrings); 371 return -EINVAL; 372 } 373 374 rvdev = kzalloc(sizeof(*rvdev), GFP_KERNEL); 375 if (!rvdev) 376 return -ENOMEM; 377 378 kref_init(&rvdev->refcount); 379 380 rvdev->id = rsc->id; 381 rvdev->rproc = rproc; 382 383 /* parse the vrings */ 384 for (i = 0; i < rsc->num_of_vrings; i++) { 385 ret = rproc_parse_vring(rvdev, rsc, i); 386 if (ret) 387 goto free_rvdev; 388 } 389 390 /* remember the resource offset*/ 391 rvdev->rsc_offset = offset; 392 393 /* allocate the vring resources */ 394 for (i = 0; i < rsc->num_of_vrings; i++) { 395 ret = rproc_alloc_vring(rvdev, i); 396 if (ret) 397 goto unwind_vring_allocations; 398 } 399 400 list_add_tail(&rvdev->node, &rproc->rvdevs); 401 402 rvdev->subdev.start = rproc_vdev_do_start; 403 rvdev->subdev.stop = rproc_vdev_do_stop; 404 405 rproc_add_subdev(rproc, &rvdev->subdev); 406 407 return 0; 408 409 unwind_vring_allocations: 410 for (i--; i >= 0; i--) 411 rproc_free_vring(&rvdev->vring[i]); 412 free_rvdev: 413 kfree(rvdev); 414 return ret; 415 } 416 417 void rproc_vdev_release(struct kref *ref) 418 { 419 struct rproc_vdev *rvdev = container_of(ref, struct rproc_vdev, refcount); 420 struct rproc_vring *rvring; 421 struct rproc *rproc = rvdev->rproc; 422 int id; 423 424 for (id = 0; id < ARRAY_SIZE(rvdev->vring); id++) { 425 rvring = &rvdev->vring[id]; 426 if (!rvring->va) 427 continue; 428 429 rproc_free_vring(rvring); 430 } 431 432 rproc_remove_subdev(rproc, &rvdev->subdev); 433 list_del(&rvdev->node); 434 kfree(rvdev); 435 } 436 437 /** 438 * rproc_handle_trace() - handle a shared trace buffer resource 439 * @rproc: the remote processor 440 * @rsc: the trace resource descriptor 441 * @avail: size of available data (for sanity checking the image) 442 * 443 * In case the remote processor dumps trace logs into memory, 444 * export it via debugfs. 445 * 446 * Currently, the 'da' member of @rsc should contain the device address 447 * where the remote processor is dumping the traces. Later we could also 448 * support dynamically allocating this address using the generic 449 * DMA API (but currently there isn't a use case for that). 450 * 451 * Returns 0 on success, or an appropriate error code otherwise 452 */ 453 static int rproc_handle_trace(struct rproc *rproc, struct fw_rsc_trace *rsc, 454 int offset, int avail) 455 { 456 struct rproc_mem_entry *trace; 457 struct device *dev = &rproc->dev; 458 void *ptr; 459 char name[15]; 460 461 if (sizeof(*rsc) > avail) { 462 dev_err(dev, "trace rsc is truncated\n"); 463 return -EINVAL; 464 } 465 466 /* make sure reserved bytes are zeroes */ 467 if (rsc->reserved) { 468 dev_err(dev, "trace rsc has non zero reserved bytes\n"); 469 return -EINVAL; 470 } 471 472 /* what's the kernel address of this resource ? */ 473 ptr = rproc_da_to_va(rproc, rsc->da, rsc->len); 474 if (!ptr) { 475 dev_err(dev, "erroneous trace resource entry\n"); 476 return -EINVAL; 477 } 478 479 trace = kzalloc(sizeof(*trace), GFP_KERNEL); 480 if (!trace) 481 return -ENOMEM; 482 483 /* set the trace buffer dma properties */ 484 trace->len = rsc->len; 485 trace->va = ptr; 486 487 /* make sure snprintf always null terminates, even if truncating */ 488 snprintf(name, sizeof(name), "trace%d", rproc->num_traces); 489 490 /* create the debugfs entry */ 491 trace->priv = rproc_create_trace_file(name, rproc, trace); 492 if (!trace->priv) { 493 trace->va = NULL; 494 kfree(trace); 495 return -EINVAL; 496 } 497 498 list_add_tail(&trace->node, &rproc->traces); 499 500 rproc->num_traces++; 501 502 dev_dbg(dev, "%s added: va %pK, da 0x%x, len 0x%x\n", 503 name, ptr, rsc->da, rsc->len); 504 505 return 0; 506 } 507 508 /** 509 * rproc_handle_devmem() - handle devmem resource entry 510 * @rproc: remote processor handle 511 * @rsc: the devmem resource entry 512 * @avail: size of available data (for sanity checking the image) 513 * 514 * Remote processors commonly need to access certain on-chip peripherals. 515 * 516 * Some of these remote processors access memory via an iommu device, 517 * and might require us to configure their iommu before they can access 518 * the on-chip peripherals they need. 519 * 520 * This resource entry is a request to map such a peripheral device. 521 * 522 * These devmem entries will contain the physical address of the device in 523 * the 'pa' member. If a specific device address is expected, then 'da' will 524 * contain it (currently this is the only use case supported). 'len' will 525 * contain the size of the physical region we need to map. 526 * 527 * Currently we just "trust" those devmem entries to contain valid physical 528 * addresses, but this is going to change: we want the implementations to 529 * tell us ranges of physical addresses the firmware is allowed to request, 530 * and not allow firmwares to request access to physical addresses that 531 * are outside those ranges. 532 */ 533 static int rproc_handle_devmem(struct rproc *rproc, struct fw_rsc_devmem *rsc, 534 int offset, int avail) 535 { 536 struct rproc_mem_entry *mapping; 537 struct device *dev = &rproc->dev; 538 int ret; 539 540 /* no point in handling this resource without a valid iommu domain */ 541 if (!rproc->domain) 542 return -EINVAL; 543 544 if (sizeof(*rsc) > avail) { 545 dev_err(dev, "devmem rsc is truncated\n"); 546 return -EINVAL; 547 } 548 549 /* make sure reserved bytes are zeroes */ 550 if (rsc->reserved) { 551 dev_err(dev, "devmem rsc has non zero reserved bytes\n"); 552 return -EINVAL; 553 } 554 555 mapping = kzalloc(sizeof(*mapping), GFP_KERNEL); 556 if (!mapping) 557 return -ENOMEM; 558 559 ret = iommu_map(rproc->domain, rsc->da, rsc->pa, rsc->len, rsc->flags); 560 if (ret) { 561 dev_err(dev, "failed to map devmem: %d\n", ret); 562 goto out; 563 } 564 565 /* 566 * We'll need this info later when we'll want to unmap everything 567 * (e.g. on shutdown). 568 * 569 * We can't trust the remote processor not to change the resource 570 * table, so we must maintain this info independently. 571 */ 572 mapping->da = rsc->da; 573 mapping->len = rsc->len; 574 list_add_tail(&mapping->node, &rproc->mappings); 575 576 dev_dbg(dev, "mapped devmem pa 0x%x, da 0x%x, len 0x%x\n", 577 rsc->pa, rsc->da, rsc->len); 578 579 return 0; 580 581 out: 582 kfree(mapping); 583 return ret; 584 } 585 586 /** 587 * rproc_handle_carveout() - handle phys contig memory allocation requests 588 * @rproc: rproc handle 589 * @rsc: the resource entry 590 * @avail: size of available data (for image validation) 591 * 592 * This function will handle firmware requests for allocation of physically 593 * contiguous memory regions. 594 * 595 * These request entries should come first in the firmware's resource table, 596 * as other firmware entries might request placing other data objects inside 597 * these memory regions (e.g. data/code segments, trace resource entries, ...). 598 * 599 * Allocating memory this way helps utilizing the reserved physical memory 600 * (e.g. CMA) more efficiently, and also minimizes the number of TLB entries 601 * needed to map it (in case @rproc is using an IOMMU). Reducing the TLB 602 * pressure is important; it may have a substantial impact on performance. 603 */ 604 static int rproc_handle_carveout(struct rproc *rproc, 605 struct fw_rsc_carveout *rsc, 606 int offset, int avail) 607 { 608 struct rproc_mem_entry *carveout, *mapping; 609 struct device *dev = &rproc->dev; 610 dma_addr_t dma; 611 void *va; 612 int ret; 613 614 if (sizeof(*rsc) > avail) { 615 dev_err(dev, "carveout rsc is truncated\n"); 616 return -EINVAL; 617 } 618 619 /* make sure reserved bytes are zeroes */ 620 if (rsc->reserved) { 621 dev_err(dev, "carveout rsc has non zero reserved bytes\n"); 622 return -EINVAL; 623 } 624 625 dev_dbg(dev, "carveout rsc: name: %s, da 0x%x, pa 0x%x, len 0x%x, flags 0x%x\n", 626 rsc->name, rsc->da, rsc->pa, rsc->len, rsc->flags); 627 628 carveout = kzalloc(sizeof(*carveout), GFP_KERNEL); 629 if (!carveout) 630 return -ENOMEM; 631 632 va = dma_alloc_coherent(dev->parent, rsc->len, &dma, GFP_KERNEL); 633 if (!va) { 634 dev_err(dev->parent, 635 "failed to allocate dma memory: len 0x%x\n", rsc->len); 636 ret = -ENOMEM; 637 goto free_carv; 638 } 639 640 dev_dbg(dev, "carveout va %pK, dma %pad, len 0x%x\n", 641 va, &dma, rsc->len); 642 643 /* 644 * Ok, this is non-standard. 645 * 646 * Sometimes we can't rely on the generic iommu-based DMA API 647 * to dynamically allocate the device address and then set the IOMMU 648 * tables accordingly, because some remote processors might 649 * _require_ us to use hard coded device addresses that their 650 * firmware was compiled with. 651 * 652 * In this case, we must use the IOMMU API directly and map 653 * the memory to the device address as expected by the remote 654 * processor. 655 * 656 * Obviously such remote processor devices should not be configured 657 * to use the iommu-based DMA API: we expect 'dma' to contain the 658 * physical address in this case. 659 */ 660 if (rproc->domain) { 661 mapping = kzalloc(sizeof(*mapping), GFP_KERNEL); 662 if (!mapping) { 663 ret = -ENOMEM; 664 goto dma_free; 665 } 666 667 ret = iommu_map(rproc->domain, rsc->da, dma, rsc->len, 668 rsc->flags); 669 if (ret) { 670 dev_err(dev, "iommu_map failed: %d\n", ret); 671 goto free_mapping; 672 } 673 674 /* 675 * We'll need this info later when we'll want to unmap 676 * everything (e.g. on shutdown). 677 * 678 * We can't trust the remote processor not to change the 679 * resource table, so we must maintain this info independently. 680 */ 681 mapping->da = rsc->da; 682 mapping->len = rsc->len; 683 list_add_tail(&mapping->node, &rproc->mappings); 684 685 dev_dbg(dev, "carveout mapped 0x%x to %pad\n", 686 rsc->da, &dma); 687 } 688 689 /* 690 * Some remote processors might need to know the pa 691 * even though they are behind an IOMMU. E.g., OMAP4's 692 * remote M3 processor needs this so it can control 693 * on-chip hardware accelerators that are not behind 694 * the IOMMU, and therefor must know the pa. 695 * 696 * Generally we don't want to expose physical addresses 697 * if we don't have to (remote processors are generally 698 * _not_ trusted), so we might want to do this only for 699 * remote processor that _must_ have this (e.g. OMAP4's 700 * dual M3 subsystem). 701 * 702 * Non-IOMMU processors might also want to have this info. 703 * In this case, the device address and the physical address 704 * are the same. 705 */ 706 rsc->pa = dma; 707 708 carveout->va = va; 709 carveout->len = rsc->len; 710 carveout->dma = dma; 711 carveout->da = rsc->da; 712 713 list_add_tail(&carveout->node, &rproc->carveouts); 714 715 return 0; 716 717 free_mapping: 718 kfree(mapping); 719 dma_free: 720 dma_free_coherent(dev->parent, rsc->len, va, dma); 721 free_carv: 722 kfree(carveout); 723 return ret; 724 } 725 726 /* 727 * A lookup table for resource handlers. The indices are defined in 728 * enum fw_resource_type. 729 */ 730 static rproc_handle_resource_t rproc_loading_handlers[RSC_LAST] = { 731 [RSC_CARVEOUT] = (rproc_handle_resource_t)rproc_handle_carveout, 732 [RSC_DEVMEM] = (rproc_handle_resource_t)rproc_handle_devmem, 733 [RSC_TRACE] = (rproc_handle_resource_t)rproc_handle_trace, 734 [RSC_VDEV] = (rproc_handle_resource_t)rproc_handle_vdev, 735 }; 736 737 /* handle firmware resource entries before booting the remote processor */ 738 static int rproc_handle_resources(struct rproc *rproc, 739 rproc_handle_resource_t handlers[RSC_LAST]) 740 { 741 struct device *dev = &rproc->dev; 742 rproc_handle_resource_t handler; 743 int ret = 0, i; 744 745 if (!rproc->table_ptr) 746 return 0; 747 748 for (i = 0; i < rproc->table_ptr->num; i++) { 749 int offset = rproc->table_ptr->offset[i]; 750 struct fw_rsc_hdr *hdr = (void *)rproc->table_ptr + offset; 751 int avail = rproc->table_sz - offset - sizeof(*hdr); 752 void *rsc = (void *)hdr + sizeof(*hdr); 753 754 /* make sure table isn't truncated */ 755 if (avail < 0) { 756 dev_err(dev, "rsc table is truncated\n"); 757 return -EINVAL; 758 } 759 760 dev_dbg(dev, "rsc: type %d\n", hdr->type); 761 762 if (hdr->type >= RSC_LAST) { 763 dev_warn(dev, "unsupported resource %d\n", hdr->type); 764 continue; 765 } 766 767 handler = handlers[hdr->type]; 768 if (!handler) 769 continue; 770 771 ret = handler(rproc, rsc, offset + sizeof(*hdr), avail); 772 if (ret) 773 break; 774 } 775 776 return ret; 777 } 778 779 static int rproc_prepare_subdevices(struct rproc *rproc) 780 { 781 struct rproc_subdev *subdev; 782 int ret; 783 784 list_for_each_entry(subdev, &rproc->subdevs, node) { 785 if (subdev->prepare) { 786 ret = subdev->prepare(subdev); 787 if (ret) 788 goto unroll_preparation; 789 } 790 } 791 792 return 0; 793 794 unroll_preparation: 795 list_for_each_entry_continue_reverse(subdev, &rproc->subdevs, node) { 796 if (subdev->unprepare) 797 subdev->unprepare(subdev); 798 } 799 800 return ret; 801 } 802 803 static int rproc_start_subdevices(struct rproc *rproc) 804 { 805 struct rproc_subdev *subdev; 806 int ret; 807 808 list_for_each_entry(subdev, &rproc->subdevs, node) { 809 if (subdev->start) { 810 ret = subdev->start(subdev); 811 if (ret) 812 goto unroll_registration; 813 } 814 } 815 816 return 0; 817 818 unroll_registration: 819 list_for_each_entry_continue_reverse(subdev, &rproc->subdevs, node) { 820 if (subdev->stop) 821 subdev->stop(subdev, true); 822 } 823 824 return ret; 825 } 826 827 static void rproc_stop_subdevices(struct rproc *rproc, bool crashed) 828 { 829 struct rproc_subdev *subdev; 830 831 list_for_each_entry_reverse(subdev, &rproc->subdevs, node) { 832 if (subdev->stop) 833 subdev->stop(subdev, crashed); 834 } 835 } 836 837 static void rproc_unprepare_subdevices(struct rproc *rproc) 838 { 839 struct rproc_subdev *subdev; 840 841 list_for_each_entry_reverse(subdev, &rproc->subdevs, node) { 842 if (subdev->unprepare) 843 subdev->unprepare(subdev); 844 } 845 } 846 847 /** 848 * rproc_coredump_cleanup() - clean up dump_segments list 849 * @rproc: the remote processor handle 850 */ 851 static void rproc_coredump_cleanup(struct rproc *rproc) 852 { 853 struct rproc_dump_segment *entry, *tmp; 854 855 list_for_each_entry_safe(entry, tmp, &rproc->dump_segments, node) { 856 list_del(&entry->node); 857 kfree(entry); 858 } 859 } 860 861 /** 862 * rproc_resource_cleanup() - clean up and free all acquired resources 863 * @rproc: rproc handle 864 * 865 * This function will free all resources acquired for @rproc, and it 866 * is called whenever @rproc either shuts down or fails to boot. 867 */ 868 static void rproc_resource_cleanup(struct rproc *rproc) 869 { 870 struct rproc_mem_entry *entry, *tmp; 871 struct rproc_vdev *rvdev, *rvtmp; 872 struct device *dev = &rproc->dev; 873 874 /* clean up debugfs trace entries */ 875 list_for_each_entry_safe(entry, tmp, &rproc->traces, node) { 876 rproc_remove_trace_file(entry->priv); 877 rproc->num_traces--; 878 list_del(&entry->node); 879 kfree(entry); 880 } 881 882 /* clean up iommu mapping entries */ 883 list_for_each_entry_safe(entry, tmp, &rproc->mappings, node) { 884 size_t unmapped; 885 886 unmapped = iommu_unmap(rproc->domain, entry->da, entry->len); 887 if (unmapped != entry->len) { 888 /* nothing much to do besides complaining */ 889 dev_err(dev, "failed to unmap %u/%zu\n", entry->len, 890 unmapped); 891 } 892 893 list_del(&entry->node); 894 kfree(entry); 895 } 896 897 /* clean up carveout allocations */ 898 list_for_each_entry_safe(entry, tmp, &rproc->carveouts, node) { 899 dma_free_coherent(dev->parent, entry->len, entry->va, 900 entry->dma); 901 list_del(&entry->node); 902 kfree(entry); 903 } 904 905 /* clean up remote vdev entries */ 906 list_for_each_entry_safe(rvdev, rvtmp, &rproc->rvdevs, node) 907 kref_put(&rvdev->refcount, rproc_vdev_release); 908 909 rproc_coredump_cleanup(rproc); 910 } 911 912 static int rproc_start(struct rproc *rproc, const struct firmware *fw) 913 { 914 struct resource_table *loaded_table; 915 struct device *dev = &rproc->dev; 916 int ret; 917 918 /* load the ELF segments to memory */ 919 ret = rproc_load_segments(rproc, fw); 920 if (ret) { 921 dev_err(dev, "Failed to load program segments: %d\n", ret); 922 return ret; 923 } 924 925 /* 926 * The starting device has been given the rproc->cached_table as the 927 * resource table. The address of the vring along with the other 928 * allocated resources (carveouts etc) is stored in cached_table. 929 * In order to pass this information to the remote device we must copy 930 * this information to device memory. We also update the table_ptr so 931 * that any subsequent changes will be applied to the loaded version. 932 */ 933 loaded_table = rproc_find_loaded_rsc_table(rproc, fw); 934 if (loaded_table) { 935 memcpy(loaded_table, rproc->cached_table, rproc->table_sz); 936 rproc->table_ptr = loaded_table; 937 } 938 939 ret = rproc_prepare_subdevices(rproc); 940 if (ret) { 941 dev_err(dev, "failed to prepare subdevices for %s: %d\n", 942 rproc->name, ret); 943 goto reset_table_ptr; 944 } 945 946 /* power up the remote processor */ 947 ret = rproc->ops->start(rproc); 948 if (ret) { 949 dev_err(dev, "can't start rproc %s: %d\n", rproc->name, ret); 950 goto unprepare_subdevices; 951 } 952 953 /* Start any subdevices for the remote processor */ 954 ret = rproc_start_subdevices(rproc); 955 if (ret) { 956 dev_err(dev, "failed to probe subdevices for %s: %d\n", 957 rproc->name, ret); 958 goto stop_rproc; 959 } 960 961 rproc->state = RPROC_RUNNING; 962 963 dev_info(dev, "remote processor %s is now up\n", rproc->name); 964 965 return 0; 966 967 stop_rproc: 968 rproc->ops->stop(rproc); 969 unprepare_subdevices: 970 rproc_unprepare_subdevices(rproc); 971 reset_table_ptr: 972 rproc->table_ptr = rproc->cached_table; 973 974 return ret; 975 } 976 977 /* 978 * take a firmware and boot a remote processor with it. 979 */ 980 static int rproc_fw_boot(struct rproc *rproc, const struct firmware *fw) 981 { 982 struct device *dev = &rproc->dev; 983 const char *name = rproc->firmware; 984 int ret; 985 986 ret = rproc_fw_sanity_check(rproc, fw); 987 if (ret) 988 return ret; 989 990 dev_info(dev, "Booting fw image %s, size %zd\n", name, fw->size); 991 992 /* 993 * if enabling an IOMMU isn't relevant for this rproc, this is 994 * just a nop 995 */ 996 ret = rproc_enable_iommu(rproc); 997 if (ret) { 998 dev_err(dev, "can't enable iommu: %d\n", ret); 999 return ret; 1000 } 1001 1002 rproc->bootaddr = rproc_get_boot_addr(rproc, fw); 1003 1004 /* Load resource table, core dump segment list etc from the firmware */ 1005 ret = rproc_parse_fw(rproc, fw); 1006 if (ret) 1007 goto disable_iommu; 1008 1009 /* reset max_notifyid */ 1010 rproc->max_notifyid = -1; 1011 1012 /* handle fw resources which are required to boot rproc */ 1013 ret = rproc_handle_resources(rproc, rproc_loading_handlers); 1014 if (ret) { 1015 dev_err(dev, "Failed to process resources: %d\n", ret); 1016 goto clean_up_resources; 1017 } 1018 1019 ret = rproc_start(rproc, fw); 1020 if (ret) 1021 goto clean_up_resources; 1022 1023 return 0; 1024 1025 clean_up_resources: 1026 rproc_resource_cleanup(rproc); 1027 kfree(rproc->cached_table); 1028 rproc->cached_table = NULL; 1029 rproc->table_ptr = NULL; 1030 disable_iommu: 1031 rproc_disable_iommu(rproc); 1032 return ret; 1033 } 1034 1035 /* 1036 * take a firmware and boot it up. 1037 * 1038 * Note: this function is called asynchronously upon registration of the 1039 * remote processor (so we must wait until it completes before we try 1040 * to unregister the device. one other option is just to use kref here, 1041 * that might be cleaner). 1042 */ 1043 static void rproc_auto_boot_callback(const struct firmware *fw, void *context) 1044 { 1045 struct rproc *rproc = context; 1046 1047 rproc_boot(rproc); 1048 1049 release_firmware(fw); 1050 } 1051 1052 static int rproc_trigger_auto_boot(struct rproc *rproc) 1053 { 1054 int ret; 1055 1056 /* 1057 * We're initiating an asynchronous firmware loading, so we can 1058 * be built-in kernel code, without hanging the boot process. 1059 */ 1060 ret = request_firmware_nowait(THIS_MODULE, FW_ACTION_HOTPLUG, 1061 rproc->firmware, &rproc->dev, GFP_KERNEL, 1062 rproc, rproc_auto_boot_callback); 1063 if (ret < 0) 1064 dev_err(&rproc->dev, "request_firmware_nowait err: %d\n", ret); 1065 1066 return ret; 1067 } 1068 1069 static int rproc_stop(struct rproc *rproc, bool crashed) 1070 { 1071 struct device *dev = &rproc->dev; 1072 int ret; 1073 1074 /* Stop any subdevices for the remote processor */ 1075 rproc_stop_subdevices(rproc, crashed); 1076 1077 /* the installed resource table is no longer accessible */ 1078 rproc->table_ptr = rproc->cached_table; 1079 1080 /* power off the remote processor */ 1081 ret = rproc->ops->stop(rproc); 1082 if (ret) { 1083 dev_err(dev, "can't stop rproc: %d\n", ret); 1084 return ret; 1085 } 1086 1087 rproc_unprepare_subdevices(rproc); 1088 1089 rproc->state = RPROC_OFFLINE; 1090 1091 dev_info(dev, "stopped remote processor %s\n", rproc->name); 1092 1093 return 0; 1094 } 1095 1096 /** 1097 * rproc_coredump_add_segment() - add segment of device memory to coredump 1098 * @rproc: handle of a remote processor 1099 * @da: device address 1100 * @size: size of segment 1101 * 1102 * Add device memory to the list of segments to be included in a coredump for 1103 * the remoteproc. 1104 * 1105 * Return: 0 on success, negative errno on error. 1106 */ 1107 int rproc_coredump_add_segment(struct rproc *rproc, dma_addr_t da, size_t size) 1108 { 1109 struct rproc_dump_segment *segment; 1110 1111 segment = kzalloc(sizeof(*segment), GFP_KERNEL); 1112 if (!segment) 1113 return -ENOMEM; 1114 1115 segment->da = da; 1116 segment->size = size; 1117 1118 list_add_tail(&segment->node, &rproc->dump_segments); 1119 1120 return 0; 1121 } 1122 EXPORT_SYMBOL(rproc_coredump_add_segment); 1123 1124 /** 1125 * rproc_coredump() - perform coredump 1126 * @rproc: rproc handle 1127 * 1128 * This function will generate an ELF header for the registered segments 1129 * and create a devcoredump device associated with rproc. 1130 */ 1131 static void rproc_coredump(struct rproc *rproc) 1132 { 1133 struct rproc_dump_segment *segment; 1134 struct elf32_phdr *phdr; 1135 struct elf32_hdr *ehdr; 1136 size_t data_size; 1137 size_t offset; 1138 void *data; 1139 void *ptr; 1140 int phnum = 0; 1141 1142 if (list_empty(&rproc->dump_segments)) 1143 return; 1144 1145 data_size = sizeof(*ehdr); 1146 list_for_each_entry(segment, &rproc->dump_segments, node) { 1147 data_size += sizeof(*phdr) + segment->size; 1148 1149 phnum++; 1150 } 1151 1152 data = vmalloc(data_size); 1153 if (!data) 1154 return; 1155 1156 ehdr = data; 1157 1158 memset(ehdr, 0, sizeof(*ehdr)); 1159 memcpy(ehdr->e_ident, ELFMAG, SELFMAG); 1160 ehdr->e_ident[EI_CLASS] = ELFCLASS32; 1161 ehdr->e_ident[EI_DATA] = ELFDATA2LSB; 1162 ehdr->e_ident[EI_VERSION] = EV_CURRENT; 1163 ehdr->e_ident[EI_OSABI] = ELFOSABI_NONE; 1164 ehdr->e_type = ET_CORE; 1165 ehdr->e_machine = EM_NONE; 1166 ehdr->e_version = EV_CURRENT; 1167 ehdr->e_entry = rproc->bootaddr; 1168 ehdr->e_phoff = sizeof(*ehdr); 1169 ehdr->e_ehsize = sizeof(*ehdr); 1170 ehdr->e_phentsize = sizeof(*phdr); 1171 ehdr->e_phnum = phnum; 1172 1173 phdr = data + ehdr->e_phoff; 1174 offset = ehdr->e_phoff + sizeof(*phdr) * ehdr->e_phnum; 1175 list_for_each_entry(segment, &rproc->dump_segments, node) { 1176 memset(phdr, 0, sizeof(*phdr)); 1177 phdr->p_type = PT_LOAD; 1178 phdr->p_offset = offset; 1179 phdr->p_vaddr = segment->da; 1180 phdr->p_paddr = segment->da; 1181 phdr->p_filesz = segment->size; 1182 phdr->p_memsz = segment->size; 1183 phdr->p_flags = PF_R | PF_W | PF_X; 1184 phdr->p_align = 0; 1185 1186 ptr = rproc_da_to_va(rproc, segment->da, segment->size); 1187 if (!ptr) { 1188 dev_err(&rproc->dev, 1189 "invalid coredump segment (%pad, %zu)\n", 1190 &segment->da, segment->size); 1191 memset(data + offset, 0xff, segment->size); 1192 } else { 1193 memcpy(data + offset, ptr, segment->size); 1194 } 1195 1196 offset += phdr->p_filesz; 1197 phdr++; 1198 } 1199 1200 dev_coredumpv(&rproc->dev, data, data_size, GFP_KERNEL); 1201 } 1202 1203 /** 1204 * rproc_trigger_recovery() - recover a remoteproc 1205 * @rproc: the remote processor 1206 * 1207 * The recovery is done by resetting all the virtio devices, that way all the 1208 * rpmsg drivers will be reseted along with the remote processor making the 1209 * remoteproc functional again. 1210 * 1211 * This function can sleep, so it cannot be called from atomic context. 1212 */ 1213 int rproc_trigger_recovery(struct rproc *rproc) 1214 { 1215 const struct firmware *firmware_p; 1216 struct device *dev = &rproc->dev; 1217 int ret; 1218 1219 dev_err(dev, "recovering %s\n", rproc->name); 1220 1221 ret = mutex_lock_interruptible(&rproc->lock); 1222 if (ret) 1223 return ret; 1224 1225 ret = rproc_stop(rproc, true); 1226 if (ret) 1227 goto unlock_mutex; 1228 1229 /* generate coredump */ 1230 rproc_coredump(rproc); 1231 1232 /* load firmware */ 1233 ret = request_firmware(&firmware_p, rproc->firmware, dev); 1234 if (ret < 0) { 1235 dev_err(dev, "request_firmware failed: %d\n", ret); 1236 goto unlock_mutex; 1237 } 1238 1239 /* boot the remote processor up again */ 1240 ret = rproc_start(rproc, firmware_p); 1241 1242 release_firmware(firmware_p); 1243 1244 unlock_mutex: 1245 mutex_unlock(&rproc->lock); 1246 return ret; 1247 } 1248 1249 /** 1250 * rproc_crash_handler_work() - handle a crash 1251 * 1252 * This function needs to handle everything related to a crash, like cpu 1253 * registers and stack dump, information to help to debug the fatal error, etc. 1254 */ 1255 static void rproc_crash_handler_work(struct work_struct *work) 1256 { 1257 struct rproc *rproc = container_of(work, struct rproc, crash_handler); 1258 struct device *dev = &rproc->dev; 1259 1260 dev_dbg(dev, "enter %s\n", __func__); 1261 1262 mutex_lock(&rproc->lock); 1263 1264 if (rproc->state == RPROC_CRASHED || rproc->state == RPROC_OFFLINE) { 1265 /* handle only the first crash detected */ 1266 mutex_unlock(&rproc->lock); 1267 return; 1268 } 1269 1270 rproc->state = RPROC_CRASHED; 1271 dev_err(dev, "handling crash #%u in %s\n", ++rproc->crash_cnt, 1272 rproc->name); 1273 1274 mutex_unlock(&rproc->lock); 1275 1276 if (!rproc->recovery_disabled) 1277 rproc_trigger_recovery(rproc); 1278 } 1279 1280 /** 1281 * rproc_boot() - boot a remote processor 1282 * @rproc: handle of a remote processor 1283 * 1284 * Boot a remote processor (i.e. load its firmware, power it on, ...). 1285 * 1286 * If the remote processor is already powered on, this function immediately 1287 * returns (successfully). 1288 * 1289 * Returns 0 on success, and an appropriate error value otherwise. 1290 */ 1291 int rproc_boot(struct rproc *rproc) 1292 { 1293 const struct firmware *firmware_p; 1294 struct device *dev; 1295 int ret; 1296 1297 if (!rproc) { 1298 pr_err("invalid rproc handle\n"); 1299 return -EINVAL; 1300 } 1301 1302 dev = &rproc->dev; 1303 1304 ret = mutex_lock_interruptible(&rproc->lock); 1305 if (ret) { 1306 dev_err(dev, "can't lock rproc %s: %d\n", rproc->name, ret); 1307 return ret; 1308 } 1309 1310 if (rproc->state == RPROC_DELETED) { 1311 ret = -ENODEV; 1312 dev_err(dev, "can't boot deleted rproc %s\n", rproc->name); 1313 goto unlock_mutex; 1314 } 1315 1316 /* skip the boot process if rproc is already powered up */ 1317 if (atomic_inc_return(&rproc->power) > 1) { 1318 ret = 0; 1319 goto unlock_mutex; 1320 } 1321 1322 dev_info(dev, "powering up %s\n", rproc->name); 1323 1324 /* load firmware */ 1325 ret = request_firmware(&firmware_p, rproc->firmware, dev); 1326 if (ret < 0) { 1327 dev_err(dev, "request_firmware failed: %d\n", ret); 1328 goto downref_rproc; 1329 } 1330 1331 ret = rproc_fw_boot(rproc, firmware_p); 1332 1333 release_firmware(firmware_p); 1334 1335 downref_rproc: 1336 if (ret) 1337 atomic_dec(&rproc->power); 1338 unlock_mutex: 1339 mutex_unlock(&rproc->lock); 1340 return ret; 1341 } 1342 EXPORT_SYMBOL(rproc_boot); 1343 1344 /** 1345 * rproc_shutdown() - power off the remote processor 1346 * @rproc: the remote processor 1347 * 1348 * Power off a remote processor (previously booted with rproc_boot()). 1349 * 1350 * In case @rproc is still being used by an additional user(s), then 1351 * this function will just decrement the power refcount and exit, 1352 * without really powering off the device. 1353 * 1354 * Every call to rproc_boot() must (eventually) be accompanied by a call 1355 * to rproc_shutdown(). Calling rproc_shutdown() redundantly is a bug. 1356 * 1357 * Notes: 1358 * - we're not decrementing the rproc's refcount, only the power refcount. 1359 * which means that the @rproc handle stays valid even after rproc_shutdown() 1360 * returns, and users can still use it with a subsequent rproc_boot(), if 1361 * needed. 1362 */ 1363 void rproc_shutdown(struct rproc *rproc) 1364 { 1365 struct device *dev = &rproc->dev; 1366 int ret; 1367 1368 ret = mutex_lock_interruptible(&rproc->lock); 1369 if (ret) { 1370 dev_err(dev, "can't lock rproc %s: %d\n", rproc->name, ret); 1371 return; 1372 } 1373 1374 /* if the remote proc is still needed, bail out */ 1375 if (!atomic_dec_and_test(&rproc->power)) 1376 goto out; 1377 1378 ret = rproc_stop(rproc, false); 1379 if (ret) { 1380 atomic_inc(&rproc->power); 1381 goto out; 1382 } 1383 1384 /* clean up all acquired resources */ 1385 rproc_resource_cleanup(rproc); 1386 1387 rproc_disable_iommu(rproc); 1388 1389 /* Free the copy of the resource table */ 1390 kfree(rproc->cached_table); 1391 rproc->cached_table = NULL; 1392 rproc->table_ptr = NULL; 1393 out: 1394 mutex_unlock(&rproc->lock); 1395 } 1396 EXPORT_SYMBOL(rproc_shutdown); 1397 1398 /** 1399 * rproc_get_by_phandle() - find a remote processor by phandle 1400 * @phandle: phandle to the rproc 1401 * 1402 * Finds an rproc handle using the remote processor's phandle, and then 1403 * return a handle to the rproc. 1404 * 1405 * This function increments the remote processor's refcount, so always 1406 * use rproc_put() to decrement it back once rproc isn't needed anymore. 1407 * 1408 * Returns the rproc handle on success, and NULL on failure. 1409 */ 1410 #ifdef CONFIG_OF 1411 struct rproc *rproc_get_by_phandle(phandle phandle) 1412 { 1413 struct rproc *rproc = NULL, *r; 1414 struct device_node *np; 1415 1416 np = of_find_node_by_phandle(phandle); 1417 if (!np) 1418 return NULL; 1419 1420 mutex_lock(&rproc_list_mutex); 1421 list_for_each_entry(r, &rproc_list, node) { 1422 if (r->dev.parent && r->dev.parent->of_node == np) { 1423 /* prevent underlying implementation from being removed */ 1424 if (!try_module_get(r->dev.parent->driver->owner)) { 1425 dev_err(&r->dev, "can't get owner\n"); 1426 break; 1427 } 1428 1429 rproc = r; 1430 get_device(&rproc->dev); 1431 break; 1432 } 1433 } 1434 mutex_unlock(&rproc_list_mutex); 1435 1436 of_node_put(np); 1437 1438 return rproc; 1439 } 1440 #else 1441 struct rproc *rproc_get_by_phandle(phandle phandle) 1442 { 1443 return NULL; 1444 } 1445 #endif 1446 EXPORT_SYMBOL(rproc_get_by_phandle); 1447 1448 /** 1449 * rproc_add() - register a remote processor 1450 * @rproc: the remote processor handle to register 1451 * 1452 * Registers @rproc with the remoteproc framework, after it has been 1453 * allocated with rproc_alloc(). 1454 * 1455 * This is called by the platform-specific rproc implementation, whenever 1456 * a new remote processor device is probed. 1457 * 1458 * Returns 0 on success and an appropriate error code otherwise. 1459 * 1460 * Note: this function initiates an asynchronous firmware loading 1461 * context, which will look for virtio devices supported by the rproc's 1462 * firmware. 1463 * 1464 * If found, those virtio devices will be created and added, so as a result 1465 * of registering this remote processor, additional virtio drivers might be 1466 * probed. 1467 */ 1468 int rproc_add(struct rproc *rproc) 1469 { 1470 struct device *dev = &rproc->dev; 1471 int ret; 1472 1473 ret = device_add(dev); 1474 if (ret < 0) 1475 return ret; 1476 1477 dev_info(dev, "%s is available\n", rproc->name); 1478 1479 /* create debugfs entries */ 1480 rproc_create_debug_dir(rproc); 1481 1482 /* if rproc is marked always-on, request it to boot */ 1483 if (rproc->auto_boot) { 1484 ret = rproc_trigger_auto_boot(rproc); 1485 if (ret < 0) 1486 return ret; 1487 } 1488 1489 /* expose to rproc_get_by_phandle users */ 1490 mutex_lock(&rproc_list_mutex); 1491 list_add(&rproc->node, &rproc_list); 1492 mutex_unlock(&rproc_list_mutex); 1493 1494 return 0; 1495 } 1496 EXPORT_SYMBOL(rproc_add); 1497 1498 /** 1499 * rproc_type_release() - release a remote processor instance 1500 * @dev: the rproc's device 1501 * 1502 * This function should _never_ be called directly. 1503 * 1504 * It will be called by the driver core when no one holds a valid pointer 1505 * to @dev anymore. 1506 */ 1507 static void rproc_type_release(struct device *dev) 1508 { 1509 struct rproc *rproc = container_of(dev, struct rproc, dev); 1510 1511 dev_info(&rproc->dev, "releasing %s\n", rproc->name); 1512 1513 idr_destroy(&rproc->notifyids); 1514 1515 if (rproc->index >= 0) 1516 ida_simple_remove(&rproc_dev_index, rproc->index); 1517 1518 kfree(rproc->firmware); 1519 kfree(rproc->ops); 1520 kfree(rproc); 1521 } 1522 1523 static const struct device_type rproc_type = { 1524 .name = "remoteproc", 1525 .release = rproc_type_release, 1526 }; 1527 1528 /** 1529 * rproc_alloc() - allocate a remote processor handle 1530 * @dev: the underlying device 1531 * @name: name of this remote processor 1532 * @ops: platform-specific handlers (mainly start/stop) 1533 * @firmware: name of firmware file to load, can be NULL 1534 * @len: length of private data needed by the rproc driver (in bytes) 1535 * 1536 * Allocates a new remote processor handle, but does not register 1537 * it yet. if @firmware is NULL, a default name is used. 1538 * 1539 * This function should be used by rproc implementations during initialization 1540 * of the remote processor. 1541 * 1542 * After creating an rproc handle using this function, and when ready, 1543 * implementations should then call rproc_add() to complete 1544 * the registration of the remote processor. 1545 * 1546 * On success the new rproc is returned, and on failure, NULL. 1547 * 1548 * Note: _never_ directly deallocate @rproc, even if it was not registered 1549 * yet. Instead, when you need to unroll rproc_alloc(), use rproc_free(). 1550 */ 1551 struct rproc *rproc_alloc(struct device *dev, const char *name, 1552 const struct rproc_ops *ops, 1553 const char *firmware, int len) 1554 { 1555 struct rproc *rproc; 1556 char *p, *template = "rproc-%s-fw"; 1557 int name_len; 1558 1559 if (!dev || !name || !ops) 1560 return NULL; 1561 1562 if (!firmware) { 1563 /* 1564 * If the caller didn't pass in a firmware name then 1565 * construct a default name. 1566 */ 1567 name_len = strlen(name) + strlen(template) - 2 + 1; 1568 p = kmalloc(name_len, GFP_KERNEL); 1569 if (!p) 1570 return NULL; 1571 snprintf(p, name_len, template, name); 1572 } else { 1573 p = kstrdup(firmware, GFP_KERNEL); 1574 if (!p) 1575 return NULL; 1576 } 1577 1578 rproc = kzalloc(sizeof(struct rproc) + len, GFP_KERNEL); 1579 if (!rproc) { 1580 kfree(p); 1581 return NULL; 1582 } 1583 1584 rproc->ops = kmemdup(ops, sizeof(*ops), GFP_KERNEL); 1585 if (!rproc->ops) { 1586 kfree(p); 1587 kfree(rproc); 1588 return NULL; 1589 } 1590 1591 rproc->firmware = p; 1592 rproc->name = name; 1593 rproc->priv = &rproc[1]; 1594 rproc->auto_boot = true; 1595 1596 device_initialize(&rproc->dev); 1597 rproc->dev.parent = dev; 1598 rproc->dev.type = &rproc_type; 1599 rproc->dev.class = &rproc_class; 1600 rproc->dev.driver_data = rproc; 1601 1602 /* Assign a unique device index and name */ 1603 rproc->index = ida_simple_get(&rproc_dev_index, 0, 0, GFP_KERNEL); 1604 if (rproc->index < 0) { 1605 dev_err(dev, "ida_simple_get failed: %d\n", rproc->index); 1606 put_device(&rproc->dev); 1607 return NULL; 1608 } 1609 1610 dev_set_name(&rproc->dev, "remoteproc%d", rproc->index); 1611 1612 atomic_set(&rproc->power, 0); 1613 1614 /* Default to ELF loader if no load function is specified */ 1615 if (!rproc->ops->load) { 1616 rproc->ops->load = rproc_elf_load_segments; 1617 rproc->ops->parse_fw = rproc_elf_load_rsc_table; 1618 rproc->ops->find_loaded_rsc_table = rproc_elf_find_loaded_rsc_table; 1619 rproc->ops->sanity_check = rproc_elf_sanity_check; 1620 rproc->ops->get_boot_addr = rproc_elf_get_boot_addr; 1621 } 1622 1623 mutex_init(&rproc->lock); 1624 1625 idr_init(&rproc->notifyids); 1626 1627 INIT_LIST_HEAD(&rproc->carveouts); 1628 INIT_LIST_HEAD(&rproc->mappings); 1629 INIT_LIST_HEAD(&rproc->traces); 1630 INIT_LIST_HEAD(&rproc->rvdevs); 1631 INIT_LIST_HEAD(&rproc->subdevs); 1632 INIT_LIST_HEAD(&rproc->dump_segments); 1633 1634 INIT_WORK(&rproc->crash_handler, rproc_crash_handler_work); 1635 1636 rproc->state = RPROC_OFFLINE; 1637 1638 return rproc; 1639 } 1640 EXPORT_SYMBOL(rproc_alloc); 1641 1642 /** 1643 * rproc_free() - unroll rproc_alloc() 1644 * @rproc: the remote processor handle 1645 * 1646 * This function decrements the rproc dev refcount. 1647 * 1648 * If no one holds any reference to rproc anymore, then its refcount would 1649 * now drop to zero, and it would be freed. 1650 */ 1651 void rproc_free(struct rproc *rproc) 1652 { 1653 put_device(&rproc->dev); 1654 } 1655 EXPORT_SYMBOL(rproc_free); 1656 1657 /** 1658 * rproc_put() - release rproc reference 1659 * @rproc: the remote processor handle 1660 * 1661 * This function decrements the rproc dev refcount. 1662 * 1663 * If no one holds any reference to rproc anymore, then its refcount would 1664 * now drop to zero, and it would be freed. 1665 */ 1666 void rproc_put(struct rproc *rproc) 1667 { 1668 module_put(rproc->dev.parent->driver->owner); 1669 put_device(&rproc->dev); 1670 } 1671 EXPORT_SYMBOL(rproc_put); 1672 1673 /** 1674 * rproc_del() - unregister a remote processor 1675 * @rproc: rproc handle to unregister 1676 * 1677 * This function should be called when the platform specific rproc 1678 * implementation decides to remove the rproc device. it should 1679 * _only_ be called if a previous invocation of rproc_add() 1680 * has completed successfully. 1681 * 1682 * After rproc_del() returns, @rproc isn't freed yet, because 1683 * of the outstanding reference created by rproc_alloc. To decrement that 1684 * one last refcount, one still needs to call rproc_free(). 1685 * 1686 * Returns 0 on success and -EINVAL if @rproc isn't valid. 1687 */ 1688 int rproc_del(struct rproc *rproc) 1689 { 1690 if (!rproc) 1691 return -EINVAL; 1692 1693 /* if rproc is marked always-on, rproc_add() booted it */ 1694 /* TODO: make sure this works with rproc->power > 1 */ 1695 if (rproc->auto_boot) 1696 rproc_shutdown(rproc); 1697 1698 mutex_lock(&rproc->lock); 1699 rproc->state = RPROC_DELETED; 1700 mutex_unlock(&rproc->lock); 1701 1702 rproc_delete_debug_dir(rproc); 1703 1704 /* the rproc is downref'ed as soon as it's removed from the klist */ 1705 mutex_lock(&rproc_list_mutex); 1706 list_del(&rproc->node); 1707 mutex_unlock(&rproc_list_mutex); 1708 1709 device_del(&rproc->dev); 1710 1711 return 0; 1712 } 1713 EXPORT_SYMBOL(rproc_del); 1714 1715 /** 1716 * rproc_add_subdev() - add a subdevice to a remoteproc 1717 * @rproc: rproc handle to add the subdevice to 1718 * @subdev: subdev handle to register 1719 * 1720 * Caller is responsible for populating optional subdevice function pointers. 1721 */ 1722 void rproc_add_subdev(struct rproc *rproc, struct rproc_subdev *subdev) 1723 { 1724 list_add_tail(&subdev->node, &rproc->subdevs); 1725 } 1726 EXPORT_SYMBOL(rproc_add_subdev); 1727 1728 /** 1729 * rproc_remove_subdev() - remove a subdevice from a remoteproc 1730 * @rproc: rproc handle to remove the subdevice from 1731 * @subdev: subdev handle, previously registered with rproc_add_subdev() 1732 */ 1733 void rproc_remove_subdev(struct rproc *rproc, struct rproc_subdev *subdev) 1734 { 1735 list_del(&subdev->node); 1736 } 1737 EXPORT_SYMBOL(rproc_remove_subdev); 1738 1739 /** 1740 * rproc_get_by_child() - acquire rproc handle of @dev's ancestor 1741 * @dev: child device to find ancestor of 1742 * 1743 * Returns the ancestor rproc instance, or NULL if not found. 1744 */ 1745 struct rproc *rproc_get_by_child(struct device *dev) 1746 { 1747 for (dev = dev->parent; dev; dev = dev->parent) { 1748 if (dev->type == &rproc_type) 1749 return dev->driver_data; 1750 } 1751 1752 return NULL; 1753 } 1754 EXPORT_SYMBOL(rproc_get_by_child); 1755 1756 /** 1757 * rproc_report_crash() - rproc crash reporter function 1758 * @rproc: remote processor 1759 * @type: crash type 1760 * 1761 * This function must be called every time a crash is detected by the low-level 1762 * drivers implementing a specific remoteproc. This should not be called from a 1763 * non-remoteproc driver. 1764 * 1765 * This function can be called from atomic/interrupt context. 1766 */ 1767 void rproc_report_crash(struct rproc *rproc, enum rproc_crash_type type) 1768 { 1769 if (!rproc) { 1770 pr_err("NULL rproc pointer\n"); 1771 return; 1772 } 1773 1774 dev_err(&rproc->dev, "crash detected in %s: type %s\n", 1775 rproc->name, rproc_crash_to_string(type)); 1776 1777 /* create a new task to handle the error */ 1778 schedule_work(&rproc->crash_handler); 1779 } 1780 EXPORT_SYMBOL(rproc_report_crash); 1781 1782 static int __init remoteproc_init(void) 1783 { 1784 rproc_init_sysfs(); 1785 rproc_init_debugfs(); 1786 1787 return 0; 1788 } 1789 module_init(remoteproc_init); 1790 1791 static void __exit remoteproc_exit(void) 1792 { 1793 ida_destroy(&rproc_dev_index); 1794 1795 rproc_exit_debugfs(); 1796 rproc_exit_sysfs(); 1797 } 1798 module_exit(remoteproc_exit); 1799 1800 MODULE_LICENSE("GPL v2"); 1801 MODULE_DESCRIPTION("Generic Remote Processor Framework"); 1802