1 /* 2 * Remote Processor Framework 3 * 4 * Copyright (C) 2011 Texas Instruments, Inc. 5 * Copyright (C) 2011 Google, Inc. 6 * 7 * Ohad Ben-Cohen <ohad@wizery.com> 8 * Brian Swetland <swetland@google.com> 9 * Mark Grosen <mgrosen@ti.com> 10 * Fernando Guzman Lugo <fernando.lugo@ti.com> 11 * Suman Anna <s-anna@ti.com> 12 * Robert Tivy <rtivy@ti.com> 13 * Armando Uribe De Leon <x0095078@ti.com> 14 * 15 * This program is free software; you can redistribute it and/or 16 * modify it under the terms of the GNU General Public License 17 * version 2 as published by the Free Software Foundation. 18 * 19 * This program is distributed in the hope that it will be useful, 20 * but WITHOUT ANY WARRANTY; without even the implied warranty of 21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 22 * GNU General Public License for more details. 23 */ 24 25 #define pr_fmt(fmt) "%s: " fmt, __func__ 26 27 #include <linux/kernel.h> 28 #include <linux/module.h> 29 #include <linux/device.h> 30 #include <linux/slab.h> 31 #include <linux/mutex.h> 32 #include <linux/dma-mapping.h> 33 #include <linux/firmware.h> 34 #include <linux/string.h> 35 #include <linux/debugfs.h> 36 #include <linux/remoteproc.h> 37 #include <linux/iommu.h> 38 #include <linux/idr.h> 39 #include <linux/elf.h> 40 #include <linux/virtio_ids.h> 41 #include <linux/virtio_ring.h> 42 #include <asm/byteorder.h> 43 44 #include "remoteproc_internal.h" 45 46 typedef int (*rproc_handle_resources_t)(struct rproc *rproc, 47 struct resource_table *table, int len); 48 typedef int (*rproc_handle_resource_t)(struct rproc *rproc, void *, int avail); 49 50 /* Unique indices for remoteproc devices */ 51 static DEFINE_IDA(rproc_dev_index); 52 53 static const char * const rproc_crash_names[] = { 54 [RPROC_MMUFAULT] = "mmufault", 55 }; 56 57 /* translate rproc_crash_type to string */ 58 static const char *rproc_crash_to_string(enum rproc_crash_type type) 59 { 60 if (type < ARRAY_SIZE(rproc_crash_names)) 61 return rproc_crash_names[type]; 62 return "unkown"; 63 } 64 65 /* 66 * This is the IOMMU fault handler we register with the IOMMU API 67 * (when relevant; not all remote processors access memory through 68 * an IOMMU). 69 * 70 * IOMMU core will invoke this handler whenever the remote processor 71 * will try to access an unmapped device address. 72 */ 73 static int rproc_iommu_fault(struct iommu_domain *domain, struct device *dev, 74 unsigned long iova, int flags, void *token) 75 { 76 struct rproc *rproc = token; 77 78 dev_err(dev, "iommu fault: da 0x%lx flags 0x%x\n", iova, flags); 79 80 rproc_report_crash(rproc, RPROC_MMUFAULT); 81 82 /* 83 * Let the iommu core know we're not really handling this fault; 84 * we just used it as a recovery trigger. 85 */ 86 return -ENOSYS; 87 } 88 89 static int rproc_enable_iommu(struct rproc *rproc) 90 { 91 struct iommu_domain *domain; 92 struct device *dev = rproc->dev.parent; 93 int ret; 94 95 /* 96 * We currently use iommu_present() to decide if an IOMMU 97 * setup is needed. 98 * 99 * This works for simple cases, but will easily fail with 100 * platforms that do have an IOMMU, but not for this specific 101 * rproc. 102 * 103 * This will be easily solved by introducing hw capabilities 104 * that will be set by the remoteproc driver. 105 */ 106 if (!iommu_present(dev->bus)) { 107 dev_dbg(dev, "iommu not found\n"); 108 return 0; 109 } 110 111 domain = iommu_domain_alloc(dev->bus); 112 if (!domain) { 113 dev_err(dev, "can't alloc iommu domain\n"); 114 return -ENOMEM; 115 } 116 117 iommu_set_fault_handler(domain, rproc_iommu_fault, rproc); 118 119 ret = iommu_attach_device(domain, dev); 120 if (ret) { 121 dev_err(dev, "can't attach iommu device: %d\n", ret); 122 goto free_domain; 123 } 124 125 rproc->domain = domain; 126 127 return 0; 128 129 free_domain: 130 iommu_domain_free(domain); 131 return ret; 132 } 133 134 static void rproc_disable_iommu(struct rproc *rproc) 135 { 136 struct iommu_domain *domain = rproc->domain; 137 struct device *dev = rproc->dev.parent; 138 139 if (!domain) 140 return; 141 142 iommu_detach_device(domain, dev); 143 iommu_domain_free(domain); 144 145 return; 146 } 147 148 /* 149 * Some remote processors will ask us to allocate them physically contiguous 150 * memory regions (which we call "carveouts"), and map them to specific 151 * device addresses (which are hardcoded in the firmware). 152 * 153 * They may then ask us to copy objects into specific device addresses (e.g. 154 * code/data sections) or expose us certain symbols in other device address 155 * (e.g. their trace buffer). 156 * 157 * This function is an internal helper with which we can go over the allocated 158 * carveouts and translate specific device address to kernel virtual addresses 159 * so we can access the referenced memory. 160 * 161 * Note: phys_to_virt(iommu_iova_to_phys(rproc->domain, da)) will work too, 162 * but only on kernel direct mapped RAM memory. Instead, we're just using 163 * here the output of the DMA API, which should be more correct. 164 */ 165 void *rproc_da_to_va(struct rproc *rproc, u64 da, int len) 166 { 167 struct rproc_mem_entry *carveout; 168 void *ptr = NULL; 169 170 list_for_each_entry(carveout, &rproc->carveouts, node) { 171 int offset = da - carveout->da; 172 173 /* try next carveout if da is too small */ 174 if (offset < 0) 175 continue; 176 177 /* try next carveout if da is too large */ 178 if (offset + len > carveout->len) 179 continue; 180 181 ptr = carveout->va + offset; 182 183 break; 184 } 185 186 return ptr; 187 } 188 EXPORT_SYMBOL(rproc_da_to_va); 189 190 int rproc_alloc_vring(struct rproc_vdev *rvdev, int i) 191 { 192 struct rproc *rproc = rvdev->rproc; 193 struct device *dev = &rproc->dev; 194 struct rproc_vring *rvring = &rvdev->vring[i]; 195 dma_addr_t dma; 196 void *va; 197 int ret, size, notifyid; 198 199 /* actual size of vring (in bytes) */ 200 size = PAGE_ALIGN(vring_size(rvring->len, rvring->align)); 201 202 /* 203 * Allocate non-cacheable memory for the vring. In the future 204 * this call will also configure the IOMMU for us 205 * TODO: let the rproc know the da of this vring 206 */ 207 va = dma_alloc_coherent(dev->parent, size, &dma, GFP_KERNEL); 208 if (!va) { 209 dev_err(dev->parent, "dma_alloc_coherent failed\n"); 210 return -EINVAL; 211 } 212 213 /* 214 * Assign an rproc-wide unique index for this vring 215 * TODO: assign a notifyid for rvdev updates as well 216 * TODO: let the rproc know the notifyid of this vring 217 * TODO: support predefined notifyids (via resource table) 218 */ 219 ret = idr_alloc(&rproc->notifyids, rvring, 0, 0, GFP_KERNEL); 220 if (ret) { 221 dev_err(dev, "idr_alloc failed: %d\n", ret); 222 dma_free_coherent(dev->parent, size, va, dma); 223 return ret; 224 } 225 notifyid = ret; 226 227 /* Store largest notifyid */ 228 rproc->max_notifyid = max(rproc->max_notifyid, notifyid); 229 230 dev_dbg(dev, "vring%d: va %p dma %llx size %x idr %d\n", i, va, 231 (unsigned long long)dma, size, notifyid); 232 233 rvring->va = va; 234 rvring->dma = dma; 235 rvring->notifyid = notifyid; 236 237 return 0; 238 } 239 240 static int 241 rproc_parse_vring(struct rproc_vdev *rvdev, struct fw_rsc_vdev *rsc, int i) 242 { 243 struct rproc *rproc = rvdev->rproc; 244 struct device *dev = &rproc->dev; 245 struct fw_rsc_vdev_vring *vring = &rsc->vring[i]; 246 struct rproc_vring *rvring = &rvdev->vring[i]; 247 248 dev_dbg(dev, "vdev rsc: vring%d: da %x, qsz %d, align %d\n", 249 i, vring->da, vring->num, vring->align); 250 251 /* make sure reserved bytes are zeroes */ 252 if (vring->reserved) { 253 dev_err(dev, "vring rsc has non zero reserved bytes\n"); 254 return -EINVAL; 255 } 256 257 /* verify queue size and vring alignment are sane */ 258 if (!vring->num || !vring->align) { 259 dev_err(dev, "invalid qsz (%d) or alignment (%d)\n", 260 vring->num, vring->align); 261 return -EINVAL; 262 } 263 264 rvring->len = vring->num; 265 rvring->align = vring->align; 266 rvring->rvdev = rvdev; 267 268 return 0; 269 } 270 271 static int rproc_max_notifyid(int id, void *p, void *data) 272 { 273 int *maxid = data; 274 *maxid = max(*maxid, id); 275 return 0; 276 } 277 278 void rproc_free_vring(struct rproc_vring *rvring) 279 { 280 int size = PAGE_ALIGN(vring_size(rvring->len, rvring->align)); 281 struct rproc *rproc = rvring->rvdev->rproc; 282 int maxid = 0; 283 284 dma_free_coherent(rproc->dev.parent, size, rvring->va, rvring->dma); 285 idr_remove(&rproc->notifyids, rvring->notifyid); 286 287 /* Find the largest remaining notifyid */ 288 idr_for_each(&rproc->notifyids, rproc_max_notifyid, &maxid); 289 rproc->max_notifyid = maxid; 290 } 291 292 /** 293 * rproc_handle_vdev() - handle a vdev fw resource 294 * @rproc: the remote processor 295 * @rsc: the vring resource descriptor 296 * @avail: size of available data (for sanity checking the image) 297 * 298 * This resource entry requests the host to statically register a virtio 299 * device (vdev), and setup everything needed to support it. It contains 300 * everything needed to make it possible: the virtio device id, virtio 301 * device features, vrings information, virtio config space, etc... 302 * 303 * Before registering the vdev, the vrings are allocated from non-cacheable 304 * physically contiguous memory. Currently we only support two vrings per 305 * remote processor (temporary limitation). We might also want to consider 306 * doing the vring allocation only later when ->find_vqs() is invoked, and 307 * then release them upon ->del_vqs(). 308 * 309 * Note: @da is currently not really handled correctly: we dynamically 310 * allocate it using the DMA API, ignoring requested hard coded addresses, 311 * and we don't take care of any required IOMMU programming. This is all 312 * going to be taken care of when the generic iommu-based DMA API will be 313 * merged. Meanwhile, statically-addressed iommu-based firmware images should 314 * use RSC_DEVMEM resource entries to map their required @da to the physical 315 * address of their base CMA region (ouch, hacky!). 316 * 317 * Returns 0 on success, or an appropriate error code otherwise 318 */ 319 static int rproc_handle_vdev(struct rproc *rproc, struct fw_rsc_vdev *rsc, 320 int avail) 321 { 322 struct device *dev = &rproc->dev; 323 struct rproc_vdev *rvdev; 324 int i, ret; 325 326 /* make sure resource isn't truncated */ 327 if (sizeof(*rsc) + rsc->num_of_vrings * sizeof(struct fw_rsc_vdev_vring) 328 + rsc->config_len > avail) { 329 dev_err(dev, "vdev rsc is truncated\n"); 330 return -EINVAL; 331 } 332 333 /* make sure reserved bytes are zeroes */ 334 if (rsc->reserved[0] || rsc->reserved[1]) { 335 dev_err(dev, "vdev rsc has non zero reserved bytes\n"); 336 return -EINVAL; 337 } 338 339 dev_dbg(dev, "vdev rsc: id %d, dfeatures %x, cfg len %d, %d vrings\n", 340 rsc->id, rsc->dfeatures, rsc->config_len, rsc->num_of_vrings); 341 342 /* we currently support only two vrings per rvdev */ 343 if (rsc->num_of_vrings > ARRAY_SIZE(rvdev->vring)) { 344 dev_err(dev, "too many vrings: %d\n", rsc->num_of_vrings); 345 return -EINVAL; 346 } 347 348 rvdev = kzalloc(sizeof(struct rproc_vdev), GFP_KERNEL); 349 if (!rvdev) 350 return -ENOMEM; 351 352 rvdev->rproc = rproc; 353 354 /* parse the vrings */ 355 for (i = 0; i < rsc->num_of_vrings; i++) { 356 ret = rproc_parse_vring(rvdev, rsc, i); 357 if (ret) 358 goto free_rvdev; 359 } 360 361 /* remember the device features */ 362 rvdev->dfeatures = rsc->dfeatures; 363 364 list_add_tail(&rvdev->node, &rproc->rvdevs); 365 366 /* it is now safe to add the virtio device */ 367 ret = rproc_add_virtio_dev(rvdev, rsc->id); 368 if (ret) 369 goto free_rvdev; 370 371 return 0; 372 373 free_rvdev: 374 kfree(rvdev); 375 return ret; 376 } 377 378 /** 379 * rproc_handle_trace() - handle a shared trace buffer resource 380 * @rproc: the remote processor 381 * @rsc: the trace resource descriptor 382 * @avail: size of available data (for sanity checking the image) 383 * 384 * In case the remote processor dumps trace logs into memory, 385 * export it via debugfs. 386 * 387 * Currently, the 'da' member of @rsc should contain the device address 388 * where the remote processor is dumping the traces. Later we could also 389 * support dynamically allocating this address using the generic 390 * DMA API (but currently there isn't a use case for that). 391 * 392 * Returns 0 on success, or an appropriate error code otherwise 393 */ 394 static int rproc_handle_trace(struct rproc *rproc, struct fw_rsc_trace *rsc, 395 int avail) 396 { 397 struct rproc_mem_entry *trace; 398 struct device *dev = &rproc->dev; 399 void *ptr; 400 char name[15]; 401 402 if (sizeof(*rsc) > avail) { 403 dev_err(dev, "trace rsc is truncated\n"); 404 return -EINVAL; 405 } 406 407 /* make sure reserved bytes are zeroes */ 408 if (rsc->reserved) { 409 dev_err(dev, "trace rsc has non zero reserved bytes\n"); 410 return -EINVAL; 411 } 412 413 /* what's the kernel address of this resource ? */ 414 ptr = rproc_da_to_va(rproc, rsc->da, rsc->len); 415 if (!ptr) { 416 dev_err(dev, "erroneous trace resource entry\n"); 417 return -EINVAL; 418 } 419 420 trace = kzalloc(sizeof(*trace), GFP_KERNEL); 421 if (!trace) { 422 dev_err(dev, "kzalloc trace failed\n"); 423 return -ENOMEM; 424 } 425 426 /* set the trace buffer dma properties */ 427 trace->len = rsc->len; 428 trace->va = ptr; 429 430 /* make sure snprintf always null terminates, even if truncating */ 431 snprintf(name, sizeof(name), "trace%d", rproc->num_traces); 432 433 /* create the debugfs entry */ 434 trace->priv = rproc_create_trace_file(name, rproc, trace); 435 if (!trace->priv) { 436 trace->va = NULL; 437 kfree(trace); 438 return -EINVAL; 439 } 440 441 list_add_tail(&trace->node, &rproc->traces); 442 443 rproc->num_traces++; 444 445 dev_dbg(dev, "%s added: va %p, da 0x%x, len 0x%x\n", name, ptr, 446 rsc->da, rsc->len); 447 448 return 0; 449 } 450 451 /** 452 * rproc_handle_devmem() - handle devmem resource entry 453 * @rproc: remote processor handle 454 * @rsc: the devmem resource entry 455 * @avail: size of available data (for sanity checking the image) 456 * 457 * Remote processors commonly need to access certain on-chip peripherals. 458 * 459 * Some of these remote processors access memory via an iommu device, 460 * and might require us to configure their iommu before they can access 461 * the on-chip peripherals they need. 462 * 463 * This resource entry is a request to map such a peripheral device. 464 * 465 * These devmem entries will contain the physical address of the device in 466 * the 'pa' member. If a specific device address is expected, then 'da' will 467 * contain it (currently this is the only use case supported). 'len' will 468 * contain the size of the physical region we need to map. 469 * 470 * Currently we just "trust" those devmem entries to contain valid physical 471 * addresses, but this is going to change: we want the implementations to 472 * tell us ranges of physical addresses the firmware is allowed to request, 473 * and not allow firmwares to request access to physical addresses that 474 * are outside those ranges. 475 */ 476 static int rproc_handle_devmem(struct rproc *rproc, struct fw_rsc_devmem *rsc, 477 int avail) 478 { 479 struct rproc_mem_entry *mapping; 480 struct device *dev = &rproc->dev; 481 int ret; 482 483 /* no point in handling this resource without a valid iommu domain */ 484 if (!rproc->domain) 485 return -EINVAL; 486 487 if (sizeof(*rsc) > avail) { 488 dev_err(dev, "devmem rsc is truncated\n"); 489 return -EINVAL; 490 } 491 492 /* make sure reserved bytes are zeroes */ 493 if (rsc->reserved) { 494 dev_err(dev, "devmem rsc has non zero reserved bytes\n"); 495 return -EINVAL; 496 } 497 498 mapping = kzalloc(sizeof(*mapping), GFP_KERNEL); 499 if (!mapping) { 500 dev_err(dev, "kzalloc mapping failed\n"); 501 return -ENOMEM; 502 } 503 504 ret = iommu_map(rproc->domain, rsc->da, rsc->pa, rsc->len, rsc->flags); 505 if (ret) { 506 dev_err(dev, "failed to map devmem: %d\n", ret); 507 goto out; 508 } 509 510 /* 511 * We'll need this info later when we'll want to unmap everything 512 * (e.g. on shutdown). 513 * 514 * We can't trust the remote processor not to change the resource 515 * table, so we must maintain this info independently. 516 */ 517 mapping->da = rsc->da; 518 mapping->len = rsc->len; 519 list_add_tail(&mapping->node, &rproc->mappings); 520 521 dev_dbg(dev, "mapped devmem pa 0x%x, da 0x%x, len 0x%x\n", 522 rsc->pa, rsc->da, rsc->len); 523 524 return 0; 525 526 out: 527 kfree(mapping); 528 return ret; 529 } 530 531 /** 532 * rproc_handle_carveout() - handle phys contig memory allocation requests 533 * @rproc: rproc handle 534 * @rsc: the resource entry 535 * @avail: size of available data (for image validation) 536 * 537 * This function will handle firmware requests for allocation of physically 538 * contiguous memory regions. 539 * 540 * These request entries should come first in the firmware's resource table, 541 * as other firmware entries might request placing other data objects inside 542 * these memory regions (e.g. data/code segments, trace resource entries, ...). 543 * 544 * Allocating memory this way helps utilizing the reserved physical memory 545 * (e.g. CMA) more efficiently, and also minimizes the number of TLB entries 546 * needed to map it (in case @rproc is using an IOMMU). Reducing the TLB 547 * pressure is important; it may have a substantial impact on performance. 548 */ 549 static int rproc_handle_carveout(struct rproc *rproc, 550 struct fw_rsc_carveout *rsc, int avail) 551 { 552 struct rproc_mem_entry *carveout, *mapping; 553 struct device *dev = &rproc->dev; 554 dma_addr_t dma; 555 void *va; 556 int ret; 557 558 if (sizeof(*rsc) > avail) { 559 dev_err(dev, "carveout rsc is truncated\n"); 560 return -EINVAL; 561 } 562 563 /* make sure reserved bytes are zeroes */ 564 if (rsc->reserved) { 565 dev_err(dev, "carveout rsc has non zero reserved bytes\n"); 566 return -EINVAL; 567 } 568 569 dev_dbg(dev, "carveout rsc: da %x, pa %x, len %x, flags %x\n", 570 rsc->da, rsc->pa, rsc->len, rsc->flags); 571 572 carveout = kzalloc(sizeof(*carveout), GFP_KERNEL); 573 if (!carveout) { 574 dev_err(dev, "kzalloc carveout failed\n"); 575 return -ENOMEM; 576 } 577 578 va = dma_alloc_coherent(dev->parent, rsc->len, &dma, GFP_KERNEL); 579 if (!va) { 580 dev_err(dev->parent, "dma_alloc_coherent err: %d\n", rsc->len); 581 ret = -ENOMEM; 582 goto free_carv; 583 } 584 585 dev_dbg(dev, "carveout va %p, dma %llx, len 0x%x\n", va, 586 (unsigned long long)dma, rsc->len); 587 588 /* 589 * Ok, this is non-standard. 590 * 591 * Sometimes we can't rely on the generic iommu-based DMA API 592 * to dynamically allocate the device address and then set the IOMMU 593 * tables accordingly, because some remote processors might 594 * _require_ us to use hard coded device addresses that their 595 * firmware was compiled with. 596 * 597 * In this case, we must use the IOMMU API directly and map 598 * the memory to the device address as expected by the remote 599 * processor. 600 * 601 * Obviously such remote processor devices should not be configured 602 * to use the iommu-based DMA API: we expect 'dma' to contain the 603 * physical address in this case. 604 */ 605 if (rproc->domain) { 606 mapping = kzalloc(sizeof(*mapping), GFP_KERNEL); 607 if (!mapping) { 608 dev_err(dev, "kzalloc mapping failed\n"); 609 ret = -ENOMEM; 610 goto dma_free; 611 } 612 613 ret = iommu_map(rproc->domain, rsc->da, dma, rsc->len, 614 rsc->flags); 615 if (ret) { 616 dev_err(dev, "iommu_map failed: %d\n", ret); 617 goto free_mapping; 618 } 619 620 /* 621 * We'll need this info later when we'll want to unmap 622 * everything (e.g. on shutdown). 623 * 624 * We can't trust the remote processor not to change the 625 * resource table, so we must maintain this info independently. 626 */ 627 mapping->da = rsc->da; 628 mapping->len = rsc->len; 629 list_add_tail(&mapping->node, &rproc->mappings); 630 631 dev_dbg(dev, "carveout mapped 0x%x to 0x%llx\n", 632 rsc->da, (unsigned long long)dma); 633 } 634 635 /* 636 * Some remote processors might need to know the pa 637 * even though they are behind an IOMMU. E.g., OMAP4's 638 * remote M3 processor needs this so it can control 639 * on-chip hardware accelerators that are not behind 640 * the IOMMU, and therefor must know the pa. 641 * 642 * Generally we don't want to expose physical addresses 643 * if we don't have to (remote processors are generally 644 * _not_ trusted), so we might want to do this only for 645 * remote processor that _must_ have this (e.g. OMAP4's 646 * dual M3 subsystem). 647 * 648 * Non-IOMMU processors might also want to have this info. 649 * In this case, the device address and the physical address 650 * are the same. 651 */ 652 rsc->pa = dma; 653 654 carveout->va = va; 655 carveout->len = rsc->len; 656 carveout->dma = dma; 657 carveout->da = rsc->da; 658 659 list_add_tail(&carveout->node, &rproc->carveouts); 660 661 return 0; 662 663 free_mapping: 664 kfree(mapping); 665 dma_free: 666 dma_free_coherent(dev->parent, rsc->len, va, dma); 667 free_carv: 668 kfree(carveout); 669 return ret; 670 } 671 672 /* 673 * A lookup table for resource handlers. The indices are defined in 674 * enum fw_resource_type. 675 */ 676 static rproc_handle_resource_t rproc_handle_rsc[] = { 677 [RSC_CARVEOUT] = (rproc_handle_resource_t)rproc_handle_carveout, 678 [RSC_DEVMEM] = (rproc_handle_resource_t)rproc_handle_devmem, 679 [RSC_TRACE] = (rproc_handle_resource_t)rproc_handle_trace, 680 [RSC_VDEV] = NULL, /* VDEVs were handled upon registrarion */ 681 }; 682 683 /* handle firmware resource entries before booting the remote processor */ 684 static int 685 rproc_handle_boot_rsc(struct rproc *rproc, struct resource_table *table, int len) 686 { 687 struct device *dev = &rproc->dev; 688 rproc_handle_resource_t handler; 689 int ret = 0, i; 690 691 for (i = 0; i < table->num; i++) { 692 int offset = table->offset[i]; 693 struct fw_rsc_hdr *hdr = (void *)table + offset; 694 int avail = len - offset - sizeof(*hdr); 695 void *rsc = (void *)hdr + sizeof(*hdr); 696 697 /* make sure table isn't truncated */ 698 if (avail < 0) { 699 dev_err(dev, "rsc table is truncated\n"); 700 return -EINVAL; 701 } 702 703 dev_dbg(dev, "rsc: type %d\n", hdr->type); 704 705 if (hdr->type >= RSC_LAST) { 706 dev_warn(dev, "unsupported resource %d\n", hdr->type); 707 continue; 708 } 709 710 handler = rproc_handle_rsc[hdr->type]; 711 if (!handler) 712 continue; 713 714 ret = handler(rproc, rsc, avail); 715 if (ret) 716 break; 717 } 718 719 return ret; 720 } 721 722 /* handle firmware resource entries while registering the remote processor */ 723 static int 724 rproc_handle_virtio_rsc(struct rproc *rproc, struct resource_table *table, int len) 725 { 726 struct device *dev = &rproc->dev; 727 int ret = 0, i; 728 729 for (i = 0; i < table->num; i++) { 730 int offset = table->offset[i]; 731 struct fw_rsc_hdr *hdr = (void *)table + offset; 732 int avail = len - offset - sizeof(*hdr); 733 struct fw_rsc_vdev *vrsc; 734 735 /* make sure table isn't truncated */ 736 if (avail < 0) { 737 dev_err(dev, "rsc table is truncated\n"); 738 return -EINVAL; 739 } 740 741 dev_dbg(dev, "%s: rsc type %d\n", __func__, hdr->type); 742 743 if (hdr->type != RSC_VDEV) 744 continue; 745 746 vrsc = (struct fw_rsc_vdev *)hdr->data; 747 748 ret = rproc_handle_vdev(rproc, vrsc, avail); 749 if (ret) 750 break; 751 } 752 753 return ret; 754 } 755 756 /** 757 * rproc_resource_cleanup() - clean up and free all acquired resources 758 * @rproc: rproc handle 759 * 760 * This function will free all resources acquired for @rproc, and it 761 * is called whenever @rproc either shuts down or fails to boot. 762 */ 763 static void rproc_resource_cleanup(struct rproc *rproc) 764 { 765 struct rproc_mem_entry *entry, *tmp; 766 struct device *dev = &rproc->dev; 767 768 /* clean up debugfs trace entries */ 769 list_for_each_entry_safe(entry, tmp, &rproc->traces, node) { 770 rproc_remove_trace_file(entry->priv); 771 rproc->num_traces--; 772 list_del(&entry->node); 773 kfree(entry); 774 } 775 776 /* clean up carveout allocations */ 777 list_for_each_entry_safe(entry, tmp, &rproc->carveouts, node) { 778 dma_free_coherent(dev->parent, entry->len, entry->va, entry->dma); 779 list_del(&entry->node); 780 kfree(entry); 781 } 782 783 /* clean up iommu mapping entries */ 784 list_for_each_entry_safe(entry, tmp, &rproc->mappings, node) { 785 size_t unmapped; 786 787 unmapped = iommu_unmap(rproc->domain, entry->da, entry->len); 788 if (unmapped != entry->len) { 789 /* nothing much to do besides complaining */ 790 dev_err(dev, "failed to unmap %u/%zu\n", entry->len, 791 unmapped); 792 } 793 794 list_del(&entry->node); 795 kfree(entry); 796 } 797 } 798 799 /* 800 * take a firmware and boot a remote processor with it. 801 */ 802 static int rproc_fw_boot(struct rproc *rproc, const struct firmware *fw) 803 { 804 struct device *dev = &rproc->dev; 805 const char *name = rproc->firmware; 806 struct resource_table *table; 807 int ret, tablesz; 808 809 ret = rproc_fw_sanity_check(rproc, fw); 810 if (ret) 811 return ret; 812 813 dev_info(dev, "Booting fw image %s, size %zd\n", name, fw->size); 814 815 /* 816 * if enabling an IOMMU isn't relevant for this rproc, this is 817 * just a nop 818 */ 819 ret = rproc_enable_iommu(rproc); 820 if (ret) { 821 dev_err(dev, "can't enable iommu: %d\n", ret); 822 return ret; 823 } 824 825 rproc->bootaddr = rproc_get_boot_addr(rproc, fw); 826 827 /* look for the resource table */ 828 table = rproc_find_rsc_table(rproc, fw, &tablesz); 829 if (!table) { 830 ret = -EINVAL; 831 goto clean_up; 832 } 833 834 /* handle fw resources which are required to boot rproc */ 835 ret = rproc_handle_boot_rsc(rproc, table, tablesz); 836 if (ret) { 837 dev_err(dev, "Failed to process resources: %d\n", ret); 838 goto clean_up; 839 } 840 841 /* load the ELF segments to memory */ 842 ret = rproc_load_segments(rproc, fw); 843 if (ret) { 844 dev_err(dev, "Failed to load program segments: %d\n", ret); 845 goto clean_up; 846 } 847 848 /* power up the remote processor */ 849 ret = rproc->ops->start(rproc); 850 if (ret) { 851 dev_err(dev, "can't start rproc %s: %d\n", rproc->name, ret); 852 goto clean_up; 853 } 854 855 rproc->state = RPROC_RUNNING; 856 857 dev_info(dev, "remote processor %s is now up\n", rproc->name); 858 859 return 0; 860 861 clean_up: 862 rproc_resource_cleanup(rproc); 863 rproc_disable_iommu(rproc); 864 return ret; 865 } 866 867 /* 868 * take a firmware and look for virtio devices to register. 869 * 870 * Note: this function is called asynchronously upon registration of the 871 * remote processor (so we must wait until it completes before we try 872 * to unregister the device. one other option is just to use kref here, 873 * that might be cleaner). 874 */ 875 static void rproc_fw_config_virtio(const struct firmware *fw, void *context) 876 { 877 struct rproc *rproc = context; 878 struct resource_table *table; 879 int ret, tablesz; 880 881 if (rproc_fw_sanity_check(rproc, fw) < 0) 882 goto out; 883 884 /* look for the resource table */ 885 table = rproc_find_rsc_table(rproc, fw, &tablesz); 886 if (!table) 887 goto out; 888 889 /* look for virtio devices and register them */ 890 ret = rproc_handle_virtio_rsc(rproc, table, tablesz); 891 if (ret) 892 goto out; 893 894 out: 895 release_firmware(fw); 896 /* allow rproc_del() contexts, if any, to proceed */ 897 complete_all(&rproc->firmware_loading_complete); 898 } 899 900 static int rproc_add_virtio_devices(struct rproc *rproc) 901 { 902 int ret; 903 904 /* rproc_del() calls must wait until async loader completes */ 905 init_completion(&rproc->firmware_loading_complete); 906 907 /* 908 * We must retrieve early virtio configuration info from 909 * the firmware (e.g. whether to register a virtio device, 910 * what virtio features does it support, ...). 911 * 912 * We're initiating an asynchronous firmware loading, so we can 913 * be built-in kernel code, without hanging the boot process. 914 */ 915 ret = request_firmware_nowait(THIS_MODULE, FW_ACTION_HOTPLUG, 916 rproc->firmware, &rproc->dev, GFP_KERNEL, 917 rproc, rproc_fw_config_virtio); 918 if (ret < 0) { 919 dev_err(&rproc->dev, "request_firmware_nowait err: %d\n", ret); 920 complete_all(&rproc->firmware_loading_complete); 921 } 922 923 return ret; 924 } 925 926 /** 927 * rproc_trigger_recovery() - recover a remoteproc 928 * @rproc: the remote processor 929 * 930 * The recovery is done by reseting all the virtio devices, that way all the 931 * rpmsg drivers will be reseted along with the remote processor making the 932 * remoteproc functional again. 933 * 934 * This function can sleep, so it cannot be called from atomic context. 935 */ 936 int rproc_trigger_recovery(struct rproc *rproc) 937 { 938 struct rproc_vdev *rvdev, *rvtmp; 939 940 dev_err(&rproc->dev, "recovering %s\n", rproc->name); 941 942 init_completion(&rproc->crash_comp); 943 944 /* clean up remote vdev entries */ 945 list_for_each_entry_safe(rvdev, rvtmp, &rproc->rvdevs, node) 946 rproc_remove_virtio_dev(rvdev); 947 948 /* wait until there is no more rproc users */ 949 wait_for_completion(&rproc->crash_comp); 950 951 return rproc_add_virtio_devices(rproc); 952 } 953 954 /** 955 * rproc_crash_handler_work() - handle a crash 956 * 957 * This function needs to handle everything related to a crash, like cpu 958 * registers and stack dump, information to help to debug the fatal error, etc. 959 */ 960 static void rproc_crash_handler_work(struct work_struct *work) 961 { 962 struct rproc *rproc = container_of(work, struct rproc, crash_handler); 963 struct device *dev = &rproc->dev; 964 965 dev_dbg(dev, "enter %s\n", __func__); 966 967 mutex_lock(&rproc->lock); 968 969 if (rproc->state == RPROC_CRASHED || rproc->state == RPROC_OFFLINE) { 970 /* handle only the first crash detected */ 971 mutex_unlock(&rproc->lock); 972 return; 973 } 974 975 rproc->state = RPROC_CRASHED; 976 dev_err(dev, "handling crash #%u in %s\n", ++rproc->crash_cnt, 977 rproc->name); 978 979 mutex_unlock(&rproc->lock); 980 981 if (!rproc->recovery_disabled) 982 rproc_trigger_recovery(rproc); 983 } 984 985 /** 986 * rproc_boot() - boot a remote processor 987 * @rproc: handle of a remote processor 988 * 989 * Boot a remote processor (i.e. load its firmware, power it on, ...). 990 * 991 * If the remote processor is already powered on, this function immediately 992 * returns (successfully). 993 * 994 * Returns 0 on success, and an appropriate error value otherwise. 995 */ 996 int rproc_boot(struct rproc *rproc) 997 { 998 const struct firmware *firmware_p; 999 struct device *dev; 1000 int ret; 1001 1002 if (!rproc) { 1003 pr_err("invalid rproc handle\n"); 1004 return -EINVAL; 1005 } 1006 1007 dev = &rproc->dev; 1008 1009 ret = mutex_lock_interruptible(&rproc->lock); 1010 if (ret) { 1011 dev_err(dev, "can't lock rproc %s: %d\n", rproc->name, ret); 1012 return ret; 1013 } 1014 1015 /* loading a firmware is required */ 1016 if (!rproc->firmware) { 1017 dev_err(dev, "%s: no firmware to load\n", __func__); 1018 ret = -EINVAL; 1019 goto unlock_mutex; 1020 } 1021 1022 /* prevent underlying implementation from being removed */ 1023 if (!try_module_get(dev->parent->driver->owner)) { 1024 dev_err(dev, "%s: can't get owner\n", __func__); 1025 ret = -EINVAL; 1026 goto unlock_mutex; 1027 } 1028 1029 /* skip the boot process if rproc is already powered up */ 1030 if (atomic_inc_return(&rproc->power) > 1) { 1031 ret = 0; 1032 goto unlock_mutex; 1033 } 1034 1035 dev_info(dev, "powering up %s\n", rproc->name); 1036 1037 /* load firmware */ 1038 ret = request_firmware(&firmware_p, rproc->firmware, dev); 1039 if (ret < 0) { 1040 dev_err(dev, "request_firmware failed: %d\n", ret); 1041 goto downref_rproc; 1042 } 1043 1044 ret = rproc_fw_boot(rproc, firmware_p); 1045 1046 release_firmware(firmware_p); 1047 1048 downref_rproc: 1049 if (ret) { 1050 module_put(dev->parent->driver->owner); 1051 atomic_dec(&rproc->power); 1052 } 1053 unlock_mutex: 1054 mutex_unlock(&rproc->lock); 1055 return ret; 1056 } 1057 EXPORT_SYMBOL(rproc_boot); 1058 1059 /** 1060 * rproc_shutdown() - power off the remote processor 1061 * @rproc: the remote processor 1062 * 1063 * Power off a remote processor (previously booted with rproc_boot()). 1064 * 1065 * In case @rproc is still being used by an additional user(s), then 1066 * this function will just decrement the power refcount and exit, 1067 * without really powering off the device. 1068 * 1069 * Every call to rproc_boot() must (eventually) be accompanied by a call 1070 * to rproc_shutdown(). Calling rproc_shutdown() redundantly is a bug. 1071 * 1072 * Notes: 1073 * - we're not decrementing the rproc's refcount, only the power refcount. 1074 * which means that the @rproc handle stays valid even after rproc_shutdown() 1075 * returns, and users can still use it with a subsequent rproc_boot(), if 1076 * needed. 1077 */ 1078 void rproc_shutdown(struct rproc *rproc) 1079 { 1080 struct device *dev = &rproc->dev; 1081 int ret; 1082 1083 ret = mutex_lock_interruptible(&rproc->lock); 1084 if (ret) { 1085 dev_err(dev, "can't lock rproc %s: %d\n", rproc->name, ret); 1086 return; 1087 } 1088 1089 /* if the remote proc is still needed, bail out */ 1090 if (!atomic_dec_and_test(&rproc->power)) 1091 goto out; 1092 1093 /* power off the remote processor */ 1094 ret = rproc->ops->stop(rproc); 1095 if (ret) { 1096 atomic_inc(&rproc->power); 1097 dev_err(dev, "can't stop rproc: %d\n", ret); 1098 goto out; 1099 } 1100 1101 /* clean up all acquired resources */ 1102 rproc_resource_cleanup(rproc); 1103 1104 rproc_disable_iommu(rproc); 1105 1106 /* if in crash state, unlock crash handler */ 1107 if (rproc->state == RPROC_CRASHED) 1108 complete_all(&rproc->crash_comp); 1109 1110 rproc->state = RPROC_OFFLINE; 1111 1112 dev_info(dev, "stopped remote processor %s\n", rproc->name); 1113 1114 out: 1115 mutex_unlock(&rproc->lock); 1116 if (!ret) 1117 module_put(dev->parent->driver->owner); 1118 } 1119 EXPORT_SYMBOL(rproc_shutdown); 1120 1121 /** 1122 * rproc_add() - register a remote processor 1123 * @rproc: the remote processor handle to register 1124 * 1125 * Registers @rproc with the remoteproc framework, after it has been 1126 * allocated with rproc_alloc(). 1127 * 1128 * This is called by the platform-specific rproc implementation, whenever 1129 * a new remote processor device is probed. 1130 * 1131 * Returns 0 on success and an appropriate error code otherwise. 1132 * 1133 * Note: this function initiates an asynchronous firmware loading 1134 * context, which will look for virtio devices supported by the rproc's 1135 * firmware. 1136 * 1137 * If found, those virtio devices will be created and added, so as a result 1138 * of registering this remote processor, additional virtio drivers might be 1139 * probed. 1140 */ 1141 int rproc_add(struct rproc *rproc) 1142 { 1143 struct device *dev = &rproc->dev; 1144 int ret; 1145 1146 ret = device_add(dev); 1147 if (ret < 0) 1148 return ret; 1149 1150 dev_info(dev, "%s is available\n", rproc->name); 1151 1152 dev_info(dev, "Note: remoteproc is still under development and considered experimental.\n"); 1153 dev_info(dev, "THE BINARY FORMAT IS NOT YET FINALIZED, and backward compatibility isn't yet guaranteed.\n"); 1154 1155 /* create debugfs entries */ 1156 rproc_create_debug_dir(rproc); 1157 1158 return rproc_add_virtio_devices(rproc); 1159 } 1160 EXPORT_SYMBOL(rproc_add); 1161 1162 /** 1163 * rproc_type_release() - release a remote processor instance 1164 * @dev: the rproc's device 1165 * 1166 * This function should _never_ be called directly. 1167 * 1168 * It will be called by the driver core when no one holds a valid pointer 1169 * to @dev anymore. 1170 */ 1171 static void rproc_type_release(struct device *dev) 1172 { 1173 struct rproc *rproc = container_of(dev, struct rproc, dev); 1174 1175 dev_info(&rproc->dev, "releasing %s\n", rproc->name); 1176 1177 rproc_delete_debug_dir(rproc); 1178 1179 idr_destroy(&rproc->notifyids); 1180 1181 if (rproc->index >= 0) 1182 ida_simple_remove(&rproc_dev_index, rproc->index); 1183 1184 kfree(rproc); 1185 } 1186 1187 static struct device_type rproc_type = { 1188 .name = "remoteproc", 1189 .release = rproc_type_release, 1190 }; 1191 1192 /** 1193 * rproc_alloc() - allocate a remote processor handle 1194 * @dev: the underlying device 1195 * @name: name of this remote processor 1196 * @ops: platform-specific handlers (mainly start/stop) 1197 * @firmware: name of firmware file to load 1198 * @len: length of private data needed by the rproc driver (in bytes) 1199 * 1200 * Allocates a new remote processor handle, but does not register 1201 * it yet. 1202 * 1203 * This function should be used by rproc implementations during initialization 1204 * of the remote processor. 1205 * 1206 * After creating an rproc handle using this function, and when ready, 1207 * implementations should then call rproc_add() to complete 1208 * the registration of the remote processor. 1209 * 1210 * On success the new rproc is returned, and on failure, NULL. 1211 * 1212 * Note: _never_ directly deallocate @rproc, even if it was not registered 1213 * yet. Instead, when you need to unroll rproc_alloc(), use rproc_put(). 1214 */ 1215 struct rproc *rproc_alloc(struct device *dev, const char *name, 1216 const struct rproc_ops *ops, 1217 const char *firmware, int len) 1218 { 1219 struct rproc *rproc; 1220 1221 if (!dev || !name || !ops) 1222 return NULL; 1223 1224 rproc = kzalloc(sizeof(struct rproc) + len, GFP_KERNEL); 1225 if (!rproc) { 1226 dev_err(dev, "%s: kzalloc failed\n", __func__); 1227 return NULL; 1228 } 1229 1230 rproc->name = name; 1231 rproc->ops = ops; 1232 rproc->firmware = firmware; 1233 rproc->priv = &rproc[1]; 1234 1235 device_initialize(&rproc->dev); 1236 rproc->dev.parent = dev; 1237 rproc->dev.type = &rproc_type; 1238 1239 /* Assign a unique device index and name */ 1240 rproc->index = ida_simple_get(&rproc_dev_index, 0, 0, GFP_KERNEL); 1241 if (rproc->index < 0) { 1242 dev_err(dev, "ida_simple_get failed: %d\n", rproc->index); 1243 put_device(&rproc->dev); 1244 return NULL; 1245 } 1246 1247 dev_set_name(&rproc->dev, "remoteproc%d", rproc->index); 1248 1249 atomic_set(&rproc->power, 0); 1250 1251 /* Set ELF as the default fw_ops handler */ 1252 rproc->fw_ops = &rproc_elf_fw_ops; 1253 1254 mutex_init(&rproc->lock); 1255 1256 idr_init(&rproc->notifyids); 1257 1258 INIT_LIST_HEAD(&rproc->carveouts); 1259 INIT_LIST_HEAD(&rproc->mappings); 1260 INIT_LIST_HEAD(&rproc->traces); 1261 INIT_LIST_HEAD(&rproc->rvdevs); 1262 1263 INIT_WORK(&rproc->crash_handler, rproc_crash_handler_work); 1264 init_completion(&rproc->crash_comp); 1265 1266 rproc->state = RPROC_OFFLINE; 1267 1268 return rproc; 1269 } 1270 EXPORT_SYMBOL(rproc_alloc); 1271 1272 /** 1273 * rproc_put() - unroll rproc_alloc() 1274 * @rproc: the remote processor handle 1275 * 1276 * This function decrements the rproc dev refcount. 1277 * 1278 * If no one holds any reference to rproc anymore, then its refcount would 1279 * now drop to zero, and it would be freed. 1280 */ 1281 void rproc_put(struct rproc *rproc) 1282 { 1283 put_device(&rproc->dev); 1284 } 1285 EXPORT_SYMBOL(rproc_put); 1286 1287 /** 1288 * rproc_del() - unregister a remote processor 1289 * @rproc: rproc handle to unregister 1290 * 1291 * This function should be called when the platform specific rproc 1292 * implementation decides to remove the rproc device. it should 1293 * _only_ be called if a previous invocation of rproc_add() 1294 * has completed successfully. 1295 * 1296 * After rproc_del() returns, @rproc isn't freed yet, because 1297 * of the outstanding reference created by rproc_alloc. To decrement that 1298 * one last refcount, one still needs to call rproc_put(). 1299 * 1300 * Returns 0 on success and -EINVAL if @rproc isn't valid. 1301 */ 1302 int rproc_del(struct rproc *rproc) 1303 { 1304 struct rproc_vdev *rvdev, *tmp; 1305 1306 if (!rproc) 1307 return -EINVAL; 1308 1309 /* if rproc is just being registered, wait */ 1310 wait_for_completion(&rproc->firmware_loading_complete); 1311 1312 /* clean up remote vdev entries */ 1313 list_for_each_entry_safe(rvdev, tmp, &rproc->rvdevs, node) 1314 rproc_remove_virtio_dev(rvdev); 1315 1316 device_del(&rproc->dev); 1317 1318 return 0; 1319 } 1320 EXPORT_SYMBOL(rproc_del); 1321 1322 /** 1323 * rproc_report_crash() - rproc crash reporter function 1324 * @rproc: remote processor 1325 * @type: crash type 1326 * 1327 * This function must be called every time a crash is detected by the low-level 1328 * drivers implementing a specific remoteproc. This should not be called from a 1329 * non-remoteproc driver. 1330 * 1331 * This function can be called from atomic/interrupt context. 1332 */ 1333 void rproc_report_crash(struct rproc *rproc, enum rproc_crash_type type) 1334 { 1335 if (!rproc) { 1336 pr_err("NULL rproc pointer\n"); 1337 return; 1338 } 1339 1340 dev_err(&rproc->dev, "crash detected in %s: type %s\n", 1341 rproc->name, rproc_crash_to_string(type)); 1342 1343 /* create a new task to handle the error */ 1344 schedule_work(&rproc->crash_handler); 1345 } 1346 EXPORT_SYMBOL(rproc_report_crash); 1347 1348 static int __init remoteproc_init(void) 1349 { 1350 rproc_init_debugfs(); 1351 1352 return 0; 1353 } 1354 module_init(remoteproc_init); 1355 1356 static void __exit remoteproc_exit(void) 1357 { 1358 rproc_exit_debugfs(); 1359 } 1360 module_exit(remoteproc_exit); 1361 1362 MODULE_LICENSE("GPL v2"); 1363 MODULE_DESCRIPTION("Generic Remote Processor Framework"); 1364