1 /* 2 * Remote Processor Framework 3 * 4 * Copyright (C) 2011 Texas Instruments, Inc. 5 * Copyright (C) 2011 Google, Inc. 6 * 7 * Ohad Ben-Cohen <ohad@wizery.com> 8 * Brian Swetland <swetland@google.com> 9 * Mark Grosen <mgrosen@ti.com> 10 * Fernando Guzman Lugo <fernando.lugo@ti.com> 11 * Suman Anna <s-anna@ti.com> 12 * Robert Tivy <rtivy@ti.com> 13 * Armando Uribe De Leon <x0095078@ti.com> 14 * 15 * This program is free software; you can redistribute it and/or 16 * modify it under the terms of the GNU General Public License 17 * version 2 as published by the Free Software Foundation. 18 * 19 * This program is distributed in the hope that it will be useful, 20 * but WITHOUT ANY WARRANTY; without even the implied warranty of 21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 22 * GNU General Public License for more details. 23 */ 24 25 #define pr_fmt(fmt) "%s: " fmt, __func__ 26 27 #include <linux/kernel.h> 28 #include <linux/module.h> 29 #include <linux/device.h> 30 #include <linux/slab.h> 31 #include <linux/mutex.h> 32 #include <linux/dma-mapping.h> 33 #include <linux/firmware.h> 34 #include <linux/string.h> 35 #include <linux/debugfs.h> 36 #include <linux/remoteproc.h> 37 #include <linux/iommu.h> 38 #include <linux/idr.h> 39 #include <linux/elf.h> 40 #include <linux/crc32.h> 41 #include <linux/virtio_ids.h> 42 #include <linux/virtio_ring.h> 43 #include <asm/byteorder.h> 44 45 #include "remoteproc_internal.h" 46 47 static DEFINE_MUTEX(rproc_list_mutex); 48 static LIST_HEAD(rproc_list); 49 50 typedef int (*rproc_handle_resources_t)(struct rproc *rproc, 51 struct resource_table *table, int len); 52 typedef int (*rproc_handle_resource_t)(struct rproc *rproc, 53 void *, int offset, int avail); 54 55 /* Unique indices for remoteproc devices */ 56 static DEFINE_IDA(rproc_dev_index); 57 58 static const char * const rproc_crash_names[] = { 59 [RPROC_MMUFAULT] = "mmufault", 60 [RPROC_WATCHDOG] = "watchdog", 61 [RPROC_FATAL_ERROR] = "fatal error", 62 }; 63 64 /* translate rproc_crash_type to string */ 65 static const char *rproc_crash_to_string(enum rproc_crash_type type) 66 { 67 if (type < ARRAY_SIZE(rproc_crash_names)) 68 return rproc_crash_names[type]; 69 return "unknown"; 70 } 71 72 /* 73 * This is the IOMMU fault handler we register with the IOMMU API 74 * (when relevant; not all remote processors access memory through 75 * an IOMMU). 76 * 77 * IOMMU core will invoke this handler whenever the remote processor 78 * will try to access an unmapped device address. 79 */ 80 static int rproc_iommu_fault(struct iommu_domain *domain, struct device *dev, 81 unsigned long iova, int flags, void *token) 82 { 83 struct rproc *rproc = token; 84 85 dev_err(dev, "iommu fault: da 0x%lx flags 0x%x\n", iova, flags); 86 87 rproc_report_crash(rproc, RPROC_MMUFAULT); 88 89 /* 90 * Let the iommu core know we're not really handling this fault; 91 * we just used it as a recovery trigger. 92 */ 93 return -ENOSYS; 94 } 95 96 static int rproc_enable_iommu(struct rproc *rproc) 97 { 98 struct iommu_domain *domain; 99 struct device *dev = rproc->dev.parent; 100 int ret; 101 102 if (!rproc->has_iommu) { 103 dev_dbg(dev, "iommu not present\n"); 104 return 0; 105 } 106 107 domain = iommu_domain_alloc(dev->bus); 108 if (!domain) { 109 dev_err(dev, "can't alloc iommu domain\n"); 110 return -ENOMEM; 111 } 112 113 iommu_set_fault_handler(domain, rproc_iommu_fault, rproc); 114 115 ret = iommu_attach_device(domain, dev); 116 if (ret) { 117 dev_err(dev, "can't attach iommu device: %d\n", ret); 118 goto free_domain; 119 } 120 121 rproc->domain = domain; 122 123 return 0; 124 125 free_domain: 126 iommu_domain_free(domain); 127 return ret; 128 } 129 130 static void rproc_disable_iommu(struct rproc *rproc) 131 { 132 struct iommu_domain *domain = rproc->domain; 133 struct device *dev = rproc->dev.parent; 134 135 if (!domain) 136 return; 137 138 iommu_detach_device(domain, dev); 139 iommu_domain_free(domain); 140 } 141 142 /** 143 * rproc_da_to_va() - lookup the kernel virtual address for a remoteproc address 144 * @rproc: handle of a remote processor 145 * @da: remoteproc device address to translate 146 * @len: length of the memory region @da is pointing to 147 * 148 * Some remote processors will ask us to allocate them physically contiguous 149 * memory regions (which we call "carveouts"), and map them to specific 150 * device addresses (which are hardcoded in the firmware). They may also have 151 * dedicated memory regions internal to the processors, and use them either 152 * exclusively or alongside carveouts. 153 * 154 * They may then ask us to copy objects into specific device addresses (e.g. 155 * code/data sections) or expose us certain symbols in other device address 156 * (e.g. their trace buffer). 157 * 158 * This function is a helper function with which we can go over the allocated 159 * carveouts and translate specific device addresses to kernel virtual addresses 160 * so we can access the referenced memory. This function also allows to perform 161 * translations on the internal remoteproc memory regions through a platform 162 * implementation specific da_to_va ops, if present. 163 * 164 * The function returns a valid kernel address on success or NULL on failure. 165 * 166 * Note: phys_to_virt(iommu_iova_to_phys(rproc->domain, da)) will work too, 167 * but only on kernel direct mapped RAM memory. Instead, we're just using 168 * here the output of the DMA API for the carveouts, which should be more 169 * correct. 170 */ 171 void *rproc_da_to_va(struct rproc *rproc, u64 da, int len) 172 { 173 struct rproc_mem_entry *carveout; 174 void *ptr = NULL; 175 176 if (rproc->ops->da_to_va) { 177 ptr = rproc->ops->da_to_va(rproc, da, len); 178 if (ptr) 179 goto out; 180 } 181 182 list_for_each_entry(carveout, &rproc->carveouts, node) { 183 int offset = da - carveout->da; 184 185 /* try next carveout if da is too small */ 186 if (offset < 0) 187 continue; 188 189 /* try next carveout if da is too large */ 190 if (offset + len > carveout->len) 191 continue; 192 193 ptr = carveout->va + offset; 194 195 break; 196 } 197 198 out: 199 return ptr; 200 } 201 EXPORT_SYMBOL(rproc_da_to_va); 202 203 int rproc_alloc_vring(struct rproc_vdev *rvdev, int i) 204 { 205 struct rproc *rproc = rvdev->rproc; 206 struct device *dev = &rproc->dev; 207 struct rproc_vring *rvring = &rvdev->vring[i]; 208 struct fw_rsc_vdev *rsc; 209 dma_addr_t dma; 210 void *va; 211 int ret, size, notifyid; 212 213 /* actual size of vring (in bytes) */ 214 size = PAGE_ALIGN(vring_size(rvring->len, rvring->align)); 215 216 /* 217 * Allocate non-cacheable memory for the vring. In the future 218 * this call will also configure the IOMMU for us 219 */ 220 va = dma_alloc_coherent(dev->parent, size, &dma, GFP_KERNEL); 221 if (!va) { 222 dev_err(dev->parent, "dma_alloc_coherent failed\n"); 223 return -EINVAL; 224 } 225 226 /* 227 * Assign an rproc-wide unique index for this vring 228 * TODO: assign a notifyid for rvdev updates as well 229 * TODO: support predefined notifyids (via resource table) 230 */ 231 ret = idr_alloc(&rproc->notifyids, rvring, 0, 0, GFP_KERNEL); 232 if (ret < 0) { 233 dev_err(dev, "idr_alloc failed: %d\n", ret); 234 dma_free_coherent(dev->parent, size, va, dma); 235 return ret; 236 } 237 notifyid = ret; 238 239 /* Potentially bump max_notifyid */ 240 if (notifyid > rproc->max_notifyid) 241 rproc->max_notifyid = notifyid; 242 243 dev_dbg(dev, "vring%d: va %p dma %pad size 0x%x idr %d\n", 244 i, va, &dma, size, notifyid); 245 246 rvring->va = va; 247 rvring->dma = dma; 248 rvring->notifyid = notifyid; 249 250 /* 251 * Let the rproc know the notifyid and da of this vring. 252 * Not all platforms use dma_alloc_coherent to automatically 253 * set up the iommu. In this case the device address (da) will 254 * hold the physical address and not the device address. 255 */ 256 rsc = (void *)rproc->table_ptr + rvdev->rsc_offset; 257 rsc->vring[i].da = dma; 258 rsc->vring[i].notifyid = notifyid; 259 return 0; 260 } 261 262 static int 263 rproc_parse_vring(struct rproc_vdev *rvdev, struct fw_rsc_vdev *rsc, int i) 264 { 265 struct rproc *rproc = rvdev->rproc; 266 struct device *dev = &rproc->dev; 267 struct fw_rsc_vdev_vring *vring = &rsc->vring[i]; 268 struct rproc_vring *rvring = &rvdev->vring[i]; 269 270 dev_dbg(dev, "vdev rsc: vring%d: da 0x%x, qsz %d, align %d\n", 271 i, vring->da, vring->num, vring->align); 272 273 /* verify queue size and vring alignment are sane */ 274 if (!vring->num || !vring->align) { 275 dev_err(dev, "invalid qsz (%d) or alignment (%d)\n", 276 vring->num, vring->align); 277 return -EINVAL; 278 } 279 280 rvring->len = vring->num; 281 rvring->align = vring->align; 282 rvring->rvdev = rvdev; 283 284 return 0; 285 } 286 287 void rproc_free_vring(struct rproc_vring *rvring) 288 { 289 int size = PAGE_ALIGN(vring_size(rvring->len, rvring->align)); 290 struct rproc *rproc = rvring->rvdev->rproc; 291 int idx = rvring->rvdev->vring - rvring; 292 struct fw_rsc_vdev *rsc; 293 294 dma_free_coherent(rproc->dev.parent, size, rvring->va, rvring->dma); 295 idr_remove(&rproc->notifyids, rvring->notifyid); 296 297 /* reset resource entry info */ 298 rsc = (void *)rproc->table_ptr + rvring->rvdev->rsc_offset; 299 rsc->vring[idx].da = 0; 300 rsc->vring[idx].notifyid = -1; 301 } 302 303 static int rproc_vdev_do_probe(struct rproc_subdev *subdev) 304 { 305 struct rproc_vdev *rvdev = container_of(subdev, struct rproc_vdev, subdev); 306 307 return rproc_add_virtio_dev(rvdev, rvdev->id); 308 } 309 310 static void rproc_vdev_do_remove(struct rproc_subdev *subdev) 311 { 312 struct rproc_vdev *rvdev = container_of(subdev, struct rproc_vdev, subdev); 313 314 rproc_remove_virtio_dev(rvdev); 315 } 316 317 /** 318 * rproc_handle_vdev() - handle a vdev fw resource 319 * @rproc: the remote processor 320 * @rsc: the vring resource descriptor 321 * @avail: size of available data (for sanity checking the image) 322 * 323 * This resource entry requests the host to statically register a virtio 324 * device (vdev), and setup everything needed to support it. It contains 325 * everything needed to make it possible: the virtio device id, virtio 326 * device features, vrings information, virtio config space, etc... 327 * 328 * Before registering the vdev, the vrings are allocated from non-cacheable 329 * physically contiguous memory. Currently we only support two vrings per 330 * remote processor (temporary limitation). We might also want to consider 331 * doing the vring allocation only later when ->find_vqs() is invoked, and 332 * then release them upon ->del_vqs(). 333 * 334 * Note: @da is currently not really handled correctly: we dynamically 335 * allocate it using the DMA API, ignoring requested hard coded addresses, 336 * and we don't take care of any required IOMMU programming. This is all 337 * going to be taken care of when the generic iommu-based DMA API will be 338 * merged. Meanwhile, statically-addressed iommu-based firmware images should 339 * use RSC_DEVMEM resource entries to map their required @da to the physical 340 * address of their base CMA region (ouch, hacky!). 341 * 342 * Returns 0 on success, or an appropriate error code otherwise 343 */ 344 static int rproc_handle_vdev(struct rproc *rproc, struct fw_rsc_vdev *rsc, 345 int offset, int avail) 346 { 347 struct device *dev = &rproc->dev; 348 struct rproc_vdev *rvdev; 349 int i, ret; 350 351 /* make sure resource isn't truncated */ 352 if (sizeof(*rsc) + rsc->num_of_vrings * sizeof(struct fw_rsc_vdev_vring) 353 + rsc->config_len > avail) { 354 dev_err(dev, "vdev rsc is truncated\n"); 355 return -EINVAL; 356 } 357 358 /* make sure reserved bytes are zeroes */ 359 if (rsc->reserved[0] || rsc->reserved[1]) { 360 dev_err(dev, "vdev rsc has non zero reserved bytes\n"); 361 return -EINVAL; 362 } 363 364 dev_dbg(dev, "vdev rsc: id %d, dfeatures 0x%x, cfg len %d, %d vrings\n", 365 rsc->id, rsc->dfeatures, rsc->config_len, rsc->num_of_vrings); 366 367 /* we currently support only two vrings per rvdev */ 368 if (rsc->num_of_vrings > ARRAY_SIZE(rvdev->vring)) { 369 dev_err(dev, "too many vrings: %d\n", rsc->num_of_vrings); 370 return -EINVAL; 371 } 372 373 rvdev = kzalloc(sizeof(*rvdev), GFP_KERNEL); 374 if (!rvdev) 375 return -ENOMEM; 376 377 kref_init(&rvdev->refcount); 378 379 rvdev->id = rsc->id; 380 rvdev->rproc = rproc; 381 382 /* parse the vrings */ 383 for (i = 0; i < rsc->num_of_vrings; i++) { 384 ret = rproc_parse_vring(rvdev, rsc, i); 385 if (ret) 386 goto free_rvdev; 387 } 388 389 /* remember the resource offset*/ 390 rvdev->rsc_offset = offset; 391 392 /* allocate the vring resources */ 393 for (i = 0; i < rsc->num_of_vrings; i++) { 394 ret = rproc_alloc_vring(rvdev, i); 395 if (ret) 396 goto unwind_vring_allocations; 397 } 398 399 list_add_tail(&rvdev->node, &rproc->rvdevs); 400 401 rproc_add_subdev(rproc, &rvdev->subdev, 402 rproc_vdev_do_probe, rproc_vdev_do_remove); 403 404 return 0; 405 406 unwind_vring_allocations: 407 for (i--; i >= 0; i--) 408 rproc_free_vring(&rvdev->vring[i]); 409 free_rvdev: 410 kfree(rvdev); 411 return ret; 412 } 413 414 void rproc_vdev_release(struct kref *ref) 415 { 416 struct rproc_vdev *rvdev = container_of(ref, struct rproc_vdev, refcount); 417 struct rproc_vring *rvring; 418 struct rproc *rproc = rvdev->rproc; 419 int id; 420 421 for (id = 0; id < ARRAY_SIZE(rvdev->vring); id++) { 422 rvring = &rvdev->vring[id]; 423 if (!rvring->va) 424 continue; 425 426 rproc_free_vring(rvring); 427 } 428 429 rproc_remove_subdev(rproc, &rvdev->subdev); 430 list_del(&rvdev->node); 431 kfree(rvdev); 432 } 433 434 /** 435 * rproc_handle_trace() - handle a shared trace buffer resource 436 * @rproc: the remote processor 437 * @rsc: the trace resource descriptor 438 * @avail: size of available data (for sanity checking the image) 439 * 440 * In case the remote processor dumps trace logs into memory, 441 * export it via debugfs. 442 * 443 * Currently, the 'da' member of @rsc should contain the device address 444 * where the remote processor is dumping the traces. Later we could also 445 * support dynamically allocating this address using the generic 446 * DMA API (but currently there isn't a use case for that). 447 * 448 * Returns 0 on success, or an appropriate error code otherwise 449 */ 450 static int rproc_handle_trace(struct rproc *rproc, struct fw_rsc_trace *rsc, 451 int offset, int avail) 452 { 453 struct rproc_mem_entry *trace; 454 struct device *dev = &rproc->dev; 455 void *ptr; 456 char name[15]; 457 458 if (sizeof(*rsc) > avail) { 459 dev_err(dev, "trace rsc is truncated\n"); 460 return -EINVAL; 461 } 462 463 /* make sure reserved bytes are zeroes */ 464 if (rsc->reserved) { 465 dev_err(dev, "trace rsc has non zero reserved bytes\n"); 466 return -EINVAL; 467 } 468 469 /* what's the kernel address of this resource ? */ 470 ptr = rproc_da_to_va(rproc, rsc->da, rsc->len); 471 if (!ptr) { 472 dev_err(dev, "erroneous trace resource entry\n"); 473 return -EINVAL; 474 } 475 476 trace = kzalloc(sizeof(*trace), GFP_KERNEL); 477 if (!trace) 478 return -ENOMEM; 479 480 /* set the trace buffer dma properties */ 481 trace->len = rsc->len; 482 trace->va = ptr; 483 484 /* make sure snprintf always null terminates, even if truncating */ 485 snprintf(name, sizeof(name), "trace%d", rproc->num_traces); 486 487 /* create the debugfs entry */ 488 trace->priv = rproc_create_trace_file(name, rproc, trace); 489 if (!trace->priv) { 490 trace->va = NULL; 491 kfree(trace); 492 return -EINVAL; 493 } 494 495 list_add_tail(&trace->node, &rproc->traces); 496 497 rproc->num_traces++; 498 499 dev_dbg(dev, "%s added: va %p, da 0x%x, len 0x%x\n", 500 name, ptr, rsc->da, rsc->len); 501 502 return 0; 503 } 504 505 /** 506 * rproc_handle_devmem() - handle devmem resource entry 507 * @rproc: remote processor handle 508 * @rsc: the devmem resource entry 509 * @avail: size of available data (for sanity checking the image) 510 * 511 * Remote processors commonly need to access certain on-chip peripherals. 512 * 513 * Some of these remote processors access memory via an iommu device, 514 * and might require us to configure their iommu before they can access 515 * the on-chip peripherals they need. 516 * 517 * This resource entry is a request to map such a peripheral device. 518 * 519 * These devmem entries will contain the physical address of the device in 520 * the 'pa' member. If a specific device address is expected, then 'da' will 521 * contain it (currently this is the only use case supported). 'len' will 522 * contain the size of the physical region we need to map. 523 * 524 * Currently we just "trust" those devmem entries to contain valid physical 525 * addresses, but this is going to change: we want the implementations to 526 * tell us ranges of physical addresses the firmware is allowed to request, 527 * and not allow firmwares to request access to physical addresses that 528 * are outside those ranges. 529 */ 530 static int rproc_handle_devmem(struct rproc *rproc, struct fw_rsc_devmem *rsc, 531 int offset, int avail) 532 { 533 struct rproc_mem_entry *mapping; 534 struct device *dev = &rproc->dev; 535 int ret; 536 537 /* no point in handling this resource without a valid iommu domain */ 538 if (!rproc->domain) 539 return -EINVAL; 540 541 if (sizeof(*rsc) > avail) { 542 dev_err(dev, "devmem rsc is truncated\n"); 543 return -EINVAL; 544 } 545 546 /* make sure reserved bytes are zeroes */ 547 if (rsc->reserved) { 548 dev_err(dev, "devmem rsc has non zero reserved bytes\n"); 549 return -EINVAL; 550 } 551 552 mapping = kzalloc(sizeof(*mapping), GFP_KERNEL); 553 if (!mapping) 554 return -ENOMEM; 555 556 ret = iommu_map(rproc->domain, rsc->da, rsc->pa, rsc->len, rsc->flags); 557 if (ret) { 558 dev_err(dev, "failed to map devmem: %d\n", ret); 559 goto out; 560 } 561 562 /* 563 * We'll need this info later when we'll want to unmap everything 564 * (e.g. on shutdown). 565 * 566 * We can't trust the remote processor not to change the resource 567 * table, so we must maintain this info independently. 568 */ 569 mapping->da = rsc->da; 570 mapping->len = rsc->len; 571 list_add_tail(&mapping->node, &rproc->mappings); 572 573 dev_dbg(dev, "mapped devmem pa 0x%x, da 0x%x, len 0x%x\n", 574 rsc->pa, rsc->da, rsc->len); 575 576 return 0; 577 578 out: 579 kfree(mapping); 580 return ret; 581 } 582 583 /** 584 * rproc_handle_carveout() - handle phys contig memory allocation requests 585 * @rproc: rproc handle 586 * @rsc: the resource entry 587 * @avail: size of available data (for image validation) 588 * 589 * This function will handle firmware requests for allocation of physically 590 * contiguous memory regions. 591 * 592 * These request entries should come first in the firmware's resource table, 593 * as other firmware entries might request placing other data objects inside 594 * these memory regions (e.g. data/code segments, trace resource entries, ...). 595 * 596 * Allocating memory this way helps utilizing the reserved physical memory 597 * (e.g. CMA) more efficiently, and also minimizes the number of TLB entries 598 * needed to map it (in case @rproc is using an IOMMU). Reducing the TLB 599 * pressure is important; it may have a substantial impact on performance. 600 */ 601 static int rproc_handle_carveout(struct rproc *rproc, 602 struct fw_rsc_carveout *rsc, 603 int offset, int avail) 604 { 605 struct rproc_mem_entry *carveout, *mapping; 606 struct device *dev = &rproc->dev; 607 dma_addr_t dma; 608 void *va; 609 int ret; 610 611 if (sizeof(*rsc) > avail) { 612 dev_err(dev, "carveout rsc is truncated\n"); 613 return -EINVAL; 614 } 615 616 /* make sure reserved bytes are zeroes */ 617 if (rsc->reserved) { 618 dev_err(dev, "carveout rsc has non zero reserved bytes\n"); 619 return -EINVAL; 620 } 621 622 dev_dbg(dev, "carveout rsc: name: %s, da 0x%x, pa 0x%x, len 0x%x, flags 0x%x\n", 623 rsc->name, rsc->da, rsc->pa, rsc->len, rsc->flags); 624 625 carveout = kzalloc(sizeof(*carveout), GFP_KERNEL); 626 if (!carveout) 627 return -ENOMEM; 628 629 va = dma_alloc_coherent(dev->parent, rsc->len, &dma, GFP_KERNEL); 630 if (!va) { 631 dev_err(dev->parent, 632 "failed to allocate dma memory: len 0x%x\n", rsc->len); 633 ret = -ENOMEM; 634 goto free_carv; 635 } 636 637 dev_dbg(dev, "carveout va %p, dma %pad, len 0x%x\n", 638 va, &dma, rsc->len); 639 640 /* 641 * Ok, this is non-standard. 642 * 643 * Sometimes we can't rely on the generic iommu-based DMA API 644 * to dynamically allocate the device address and then set the IOMMU 645 * tables accordingly, because some remote processors might 646 * _require_ us to use hard coded device addresses that their 647 * firmware was compiled with. 648 * 649 * In this case, we must use the IOMMU API directly and map 650 * the memory to the device address as expected by the remote 651 * processor. 652 * 653 * Obviously such remote processor devices should not be configured 654 * to use the iommu-based DMA API: we expect 'dma' to contain the 655 * physical address in this case. 656 */ 657 if (rproc->domain) { 658 mapping = kzalloc(sizeof(*mapping), GFP_KERNEL); 659 if (!mapping) { 660 ret = -ENOMEM; 661 goto dma_free; 662 } 663 664 ret = iommu_map(rproc->domain, rsc->da, dma, rsc->len, 665 rsc->flags); 666 if (ret) { 667 dev_err(dev, "iommu_map failed: %d\n", ret); 668 goto free_mapping; 669 } 670 671 /* 672 * We'll need this info later when we'll want to unmap 673 * everything (e.g. on shutdown). 674 * 675 * We can't trust the remote processor not to change the 676 * resource table, so we must maintain this info independently. 677 */ 678 mapping->da = rsc->da; 679 mapping->len = rsc->len; 680 list_add_tail(&mapping->node, &rproc->mappings); 681 682 dev_dbg(dev, "carveout mapped 0x%x to %pad\n", 683 rsc->da, &dma); 684 } 685 686 /* 687 * Some remote processors might need to know the pa 688 * even though they are behind an IOMMU. E.g., OMAP4's 689 * remote M3 processor needs this so it can control 690 * on-chip hardware accelerators that are not behind 691 * the IOMMU, and therefor must know the pa. 692 * 693 * Generally we don't want to expose physical addresses 694 * if we don't have to (remote processors are generally 695 * _not_ trusted), so we might want to do this only for 696 * remote processor that _must_ have this (e.g. OMAP4's 697 * dual M3 subsystem). 698 * 699 * Non-IOMMU processors might also want to have this info. 700 * In this case, the device address and the physical address 701 * are the same. 702 */ 703 rsc->pa = dma; 704 705 carveout->va = va; 706 carveout->len = rsc->len; 707 carveout->dma = dma; 708 carveout->da = rsc->da; 709 710 list_add_tail(&carveout->node, &rproc->carveouts); 711 712 return 0; 713 714 free_mapping: 715 kfree(mapping); 716 dma_free: 717 dma_free_coherent(dev->parent, rsc->len, va, dma); 718 free_carv: 719 kfree(carveout); 720 return ret; 721 } 722 723 /* 724 * A lookup table for resource handlers. The indices are defined in 725 * enum fw_resource_type. 726 */ 727 static rproc_handle_resource_t rproc_loading_handlers[RSC_LAST] = { 728 [RSC_CARVEOUT] = (rproc_handle_resource_t)rproc_handle_carveout, 729 [RSC_DEVMEM] = (rproc_handle_resource_t)rproc_handle_devmem, 730 [RSC_TRACE] = (rproc_handle_resource_t)rproc_handle_trace, 731 [RSC_VDEV] = (rproc_handle_resource_t)rproc_handle_vdev, 732 }; 733 734 /* handle firmware resource entries before booting the remote processor */ 735 static int rproc_handle_resources(struct rproc *rproc, int len, 736 rproc_handle_resource_t handlers[RSC_LAST]) 737 { 738 struct device *dev = &rproc->dev; 739 rproc_handle_resource_t handler; 740 int ret = 0, i; 741 742 for (i = 0; i < rproc->table_ptr->num; i++) { 743 int offset = rproc->table_ptr->offset[i]; 744 struct fw_rsc_hdr *hdr = (void *)rproc->table_ptr + offset; 745 int avail = len - offset - sizeof(*hdr); 746 void *rsc = (void *)hdr + sizeof(*hdr); 747 748 /* make sure table isn't truncated */ 749 if (avail < 0) { 750 dev_err(dev, "rsc table is truncated\n"); 751 return -EINVAL; 752 } 753 754 dev_dbg(dev, "rsc: type %d\n", hdr->type); 755 756 if (hdr->type >= RSC_LAST) { 757 dev_warn(dev, "unsupported resource %d\n", hdr->type); 758 continue; 759 } 760 761 handler = handlers[hdr->type]; 762 if (!handler) 763 continue; 764 765 ret = handler(rproc, rsc, offset + sizeof(*hdr), avail); 766 if (ret) 767 break; 768 } 769 770 return ret; 771 } 772 773 static int rproc_probe_subdevices(struct rproc *rproc) 774 { 775 struct rproc_subdev *subdev; 776 int ret; 777 778 list_for_each_entry(subdev, &rproc->subdevs, node) { 779 ret = subdev->probe(subdev); 780 if (ret) 781 goto unroll_registration; 782 } 783 784 return 0; 785 786 unroll_registration: 787 list_for_each_entry_continue_reverse(subdev, &rproc->subdevs, node) 788 subdev->remove(subdev); 789 790 return ret; 791 } 792 793 static void rproc_remove_subdevices(struct rproc *rproc) 794 { 795 struct rproc_subdev *subdev; 796 797 list_for_each_entry_reverse(subdev, &rproc->subdevs, node) 798 subdev->remove(subdev); 799 } 800 801 /** 802 * rproc_resource_cleanup() - clean up and free all acquired resources 803 * @rproc: rproc handle 804 * 805 * This function will free all resources acquired for @rproc, and it 806 * is called whenever @rproc either shuts down or fails to boot. 807 */ 808 static void rproc_resource_cleanup(struct rproc *rproc) 809 { 810 struct rproc_mem_entry *entry, *tmp; 811 struct rproc_vdev *rvdev, *rvtmp; 812 struct device *dev = &rproc->dev; 813 814 /* clean up debugfs trace entries */ 815 list_for_each_entry_safe(entry, tmp, &rproc->traces, node) { 816 rproc_remove_trace_file(entry->priv); 817 rproc->num_traces--; 818 list_del(&entry->node); 819 kfree(entry); 820 } 821 822 /* clean up iommu mapping entries */ 823 list_for_each_entry_safe(entry, tmp, &rproc->mappings, node) { 824 size_t unmapped; 825 826 unmapped = iommu_unmap(rproc->domain, entry->da, entry->len); 827 if (unmapped != entry->len) { 828 /* nothing much to do besides complaining */ 829 dev_err(dev, "failed to unmap %u/%zu\n", entry->len, 830 unmapped); 831 } 832 833 list_del(&entry->node); 834 kfree(entry); 835 } 836 837 /* clean up carveout allocations */ 838 list_for_each_entry_safe(entry, tmp, &rproc->carveouts, node) { 839 dma_free_coherent(dev->parent, entry->len, entry->va, 840 entry->dma); 841 list_del(&entry->node); 842 kfree(entry); 843 } 844 845 /* clean up remote vdev entries */ 846 list_for_each_entry_safe(rvdev, rvtmp, &rproc->rvdevs, node) 847 kref_put(&rvdev->refcount, rproc_vdev_release); 848 } 849 850 static int rproc_start(struct rproc *rproc, const struct firmware *fw) 851 { 852 struct resource_table *table, *loaded_table; 853 struct device *dev = &rproc->dev; 854 int ret, tablesz; 855 856 /* look for the resource table */ 857 table = rproc_find_rsc_table(rproc, fw, &tablesz); 858 if (!table) { 859 dev_err(dev, "Resource table look up failed\n"); 860 return -EINVAL; 861 } 862 863 /* load the ELF segments to memory */ 864 ret = rproc_load_segments(rproc, fw); 865 if (ret) { 866 dev_err(dev, "Failed to load program segments: %d\n", ret); 867 return ret; 868 } 869 870 /* 871 * The starting device has been given the rproc->cached_table as the 872 * resource table. The address of the vring along with the other 873 * allocated resources (carveouts etc) is stored in cached_table. 874 * In order to pass this information to the remote device we must copy 875 * this information to device memory. We also update the table_ptr so 876 * that any subsequent changes will be applied to the loaded version. 877 */ 878 loaded_table = rproc_find_loaded_rsc_table(rproc, fw); 879 if (loaded_table) { 880 memcpy(loaded_table, rproc->cached_table, tablesz); 881 rproc->table_ptr = loaded_table; 882 } 883 884 /* power up the remote processor */ 885 ret = rproc->ops->start(rproc); 886 if (ret) { 887 dev_err(dev, "can't start rproc %s: %d\n", rproc->name, ret); 888 return ret; 889 } 890 891 /* probe any subdevices for the remote processor */ 892 ret = rproc_probe_subdevices(rproc); 893 if (ret) { 894 dev_err(dev, "failed to probe subdevices for %s: %d\n", 895 rproc->name, ret); 896 rproc->ops->stop(rproc); 897 return ret; 898 } 899 900 rproc->state = RPROC_RUNNING; 901 902 dev_info(dev, "remote processor %s is now up\n", rproc->name); 903 904 return 0; 905 } 906 907 /* 908 * take a firmware and boot a remote processor with it. 909 */ 910 static int rproc_fw_boot(struct rproc *rproc, const struct firmware *fw) 911 { 912 struct device *dev = &rproc->dev; 913 const char *name = rproc->firmware; 914 struct resource_table *table; 915 int ret, tablesz; 916 917 ret = rproc_fw_sanity_check(rproc, fw); 918 if (ret) 919 return ret; 920 921 dev_info(dev, "Booting fw image %s, size %zd\n", name, fw->size); 922 923 /* 924 * if enabling an IOMMU isn't relevant for this rproc, this is 925 * just a nop 926 */ 927 ret = rproc_enable_iommu(rproc); 928 if (ret) { 929 dev_err(dev, "can't enable iommu: %d\n", ret); 930 return ret; 931 } 932 933 rproc->bootaddr = rproc_get_boot_addr(rproc, fw); 934 ret = -EINVAL; 935 936 /* look for the resource table */ 937 table = rproc_find_rsc_table(rproc, fw, &tablesz); 938 if (!table) { 939 dev_err(dev, "Failed to find resource table\n"); 940 goto clean_up; 941 } 942 943 /* 944 * Create a copy of the resource table. When a virtio device starts 945 * and calls vring_new_virtqueue() the address of the allocated vring 946 * will be stored in the cached_table. Before the device is started, 947 * cached_table will be copied into device memory. 948 */ 949 rproc->cached_table = kmemdup(table, tablesz, GFP_KERNEL); 950 if (!rproc->cached_table) 951 goto clean_up; 952 953 rproc->table_ptr = rproc->cached_table; 954 955 /* reset max_notifyid */ 956 rproc->max_notifyid = -1; 957 958 /* handle fw resources which are required to boot rproc */ 959 ret = rproc_handle_resources(rproc, tablesz, rproc_loading_handlers); 960 if (ret) { 961 dev_err(dev, "Failed to process resources: %d\n", ret); 962 goto clean_up_resources; 963 } 964 965 ret = rproc_start(rproc, fw); 966 if (ret) 967 goto clean_up_resources; 968 969 return 0; 970 971 clean_up_resources: 972 rproc_resource_cleanup(rproc); 973 clean_up: 974 kfree(rproc->cached_table); 975 rproc->cached_table = NULL; 976 rproc->table_ptr = NULL; 977 978 rproc_disable_iommu(rproc); 979 return ret; 980 } 981 982 /* 983 * take a firmware and boot it up. 984 * 985 * Note: this function is called asynchronously upon registration of the 986 * remote processor (so we must wait until it completes before we try 987 * to unregister the device. one other option is just to use kref here, 988 * that might be cleaner). 989 */ 990 static void rproc_auto_boot_callback(const struct firmware *fw, void *context) 991 { 992 struct rproc *rproc = context; 993 994 rproc_boot(rproc); 995 996 release_firmware(fw); 997 } 998 999 static int rproc_trigger_auto_boot(struct rproc *rproc) 1000 { 1001 int ret; 1002 1003 /* 1004 * We're initiating an asynchronous firmware loading, so we can 1005 * be built-in kernel code, without hanging the boot process. 1006 */ 1007 ret = request_firmware_nowait(THIS_MODULE, FW_ACTION_HOTPLUG, 1008 rproc->firmware, &rproc->dev, GFP_KERNEL, 1009 rproc, rproc_auto_boot_callback); 1010 if (ret < 0) 1011 dev_err(&rproc->dev, "request_firmware_nowait err: %d\n", ret); 1012 1013 return ret; 1014 } 1015 1016 static int rproc_stop(struct rproc *rproc) 1017 { 1018 struct device *dev = &rproc->dev; 1019 int ret; 1020 1021 /* remove any subdevices for the remote processor */ 1022 rproc_remove_subdevices(rproc); 1023 1024 /* power off the remote processor */ 1025 ret = rproc->ops->stop(rproc); 1026 if (ret) { 1027 dev_err(dev, "can't stop rproc: %d\n", ret); 1028 return ret; 1029 } 1030 1031 /* if in crash state, unlock crash handler */ 1032 if (rproc->state == RPROC_CRASHED) 1033 complete_all(&rproc->crash_comp); 1034 1035 rproc->state = RPROC_OFFLINE; 1036 1037 dev_info(dev, "stopped remote processor %s\n", rproc->name); 1038 1039 return 0; 1040 } 1041 1042 /** 1043 * rproc_trigger_recovery() - recover a remoteproc 1044 * @rproc: the remote processor 1045 * 1046 * The recovery is done by resetting all the virtio devices, that way all the 1047 * rpmsg drivers will be reseted along with the remote processor making the 1048 * remoteproc functional again. 1049 * 1050 * This function can sleep, so it cannot be called from atomic context. 1051 */ 1052 int rproc_trigger_recovery(struct rproc *rproc) 1053 { 1054 const struct firmware *firmware_p; 1055 struct device *dev = &rproc->dev; 1056 int ret; 1057 1058 dev_err(dev, "recovering %s\n", rproc->name); 1059 1060 init_completion(&rproc->crash_comp); 1061 1062 ret = mutex_lock_interruptible(&rproc->lock); 1063 if (ret) 1064 return ret; 1065 1066 ret = rproc_stop(rproc); 1067 if (ret) 1068 goto unlock_mutex; 1069 1070 /* wait until there is no more rproc users */ 1071 wait_for_completion(&rproc->crash_comp); 1072 1073 /* load firmware */ 1074 ret = request_firmware(&firmware_p, rproc->firmware, dev); 1075 if (ret < 0) { 1076 dev_err(dev, "request_firmware failed: %d\n", ret); 1077 goto unlock_mutex; 1078 } 1079 1080 /* boot the remote processor up again */ 1081 ret = rproc_start(rproc, firmware_p); 1082 1083 release_firmware(firmware_p); 1084 1085 unlock_mutex: 1086 mutex_unlock(&rproc->lock); 1087 return ret; 1088 } 1089 1090 /** 1091 * rproc_crash_handler_work() - handle a crash 1092 * 1093 * This function needs to handle everything related to a crash, like cpu 1094 * registers and stack dump, information to help to debug the fatal error, etc. 1095 */ 1096 static void rproc_crash_handler_work(struct work_struct *work) 1097 { 1098 struct rproc *rproc = container_of(work, struct rproc, crash_handler); 1099 struct device *dev = &rproc->dev; 1100 1101 dev_dbg(dev, "enter %s\n", __func__); 1102 1103 mutex_lock(&rproc->lock); 1104 1105 if (rproc->state == RPROC_CRASHED || rproc->state == RPROC_OFFLINE) { 1106 /* handle only the first crash detected */ 1107 mutex_unlock(&rproc->lock); 1108 return; 1109 } 1110 1111 rproc->state = RPROC_CRASHED; 1112 dev_err(dev, "handling crash #%u in %s\n", ++rproc->crash_cnt, 1113 rproc->name); 1114 1115 mutex_unlock(&rproc->lock); 1116 1117 if (!rproc->recovery_disabled) 1118 rproc_trigger_recovery(rproc); 1119 } 1120 1121 /** 1122 * rproc_boot() - boot a remote processor 1123 * @rproc: handle of a remote processor 1124 * 1125 * Boot a remote processor (i.e. load its firmware, power it on, ...). 1126 * 1127 * If the remote processor is already powered on, this function immediately 1128 * returns (successfully). 1129 * 1130 * Returns 0 on success, and an appropriate error value otherwise. 1131 */ 1132 int rproc_boot(struct rproc *rproc) 1133 { 1134 const struct firmware *firmware_p; 1135 struct device *dev; 1136 int ret; 1137 1138 if (!rproc) { 1139 pr_err("invalid rproc handle\n"); 1140 return -EINVAL; 1141 } 1142 1143 dev = &rproc->dev; 1144 1145 ret = mutex_lock_interruptible(&rproc->lock); 1146 if (ret) { 1147 dev_err(dev, "can't lock rproc %s: %d\n", rproc->name, ret); 1148 return ret; 1149 } 1150 1151 if (rproc->state == RPROC_DELETED) { 1152 ret = -ENODEV; 1153 dev_err(dev, "can't boot deleted rproc %s\n", rproc->name); 1154 goto unlock_mutex; 1155 } 1156 1157 /* skip the boot process if rproc is already powered up */ 1158 if (atomic_inc_return(&rproc->power) > 1) { 1159 ret = 0; 1160 goto unlock_mutex; 1161 } 1162 1163 dev_info(dev, "powering up %s\n", rproc->name); 1164 1165 /* load firmware */ 1166 ret = request_firmware(&firmware_p, rproc->firmware, dev); 1167 if (ret < 0) { 1168 dev_err(dev, "request_firmware failed: %d\n", ret); 1169 goto downref_rproc; 1170 } 1171 1172 ret = rproc_fw_boot(rproc, firmware_p); 1173 1174 release_firmware(firmware_p); 1175 1176 downref_rproc: 1177 if (ret) 1178 atomic_dec(&rproc->power); 1179 unlock_mutex: 1180 mutex_unlock(&rproc->lock); 1181 return ret; 1182 } 1183 EXPORT_SYMBOL(rproc_boot); 1184 1185 /** 1186 * rproc_shutdown() - power off the remote processor 1187 * @rproc: the remote processor 1188 * 1189 * Power off a remote processor (previously booted with rproc_boot()). 1190 * 1191 * In case @rproc is still being used by an additional user(s), then 1192 * this function will just decrement the power refcount and exit, 1193 * without really powering off the device. 1194 * 1195 * Every call to rproc_boot() must (eventually) be accompanied by a call 1196 * to rproc_shutdown(). Calling rproc_shutdown() redundantly is a bug. 1197 * 1198 * Notes: 1199 * - we're not decrementing the rproc's refcount, only the power refcount. 1200 * which means that the @rproc handle stays valid even after rproc_shutdown() 1201 * returns, and users can still use it with a subsequent rproc_boot(), if 1202 * needed. 1203 */ 1204 void rproc_shutdown(struct rproc *rproc) 1205 { 1206 struct device *dev = &rproc->dev; 1207 int ret; 1208 1209 ret = mutex_lock_interruptible(&rproc->lock); 1210 if (ret) { 1211 dev_err(dev, "can't lock rproc %s: %d\n", rproc->name, ret); 1212 return; 1213 } 1214 1215 /* if the remote proc is still needed, bail out */ 1216 if (!atomic_dec_and_test(&rproc->power)) 1217 goto out; 1218 1219 ret = rproc_stop(rproc); 1220 if (ret) { 1221 atomic_inc(&rproc->power); 1222 goto out; 1223 } 1224 1225 /* clean up all acquired resources */ 1226 rproc_resource_cleanup(rproc); 1227 1228 rproc_disable_iommu(rproc); 1229 1230 /* Free the copy of the resource table */ 1231 kfree(rproc->cached_table); 1232 rproc->cached_table = NULL; 1233 rproc->table_ptr = NULL; 1234 out: 1235 mutex_unlock(&rproc->lock); 1236 } 1237 EXPORT_SYMBOL(rproc_shutdown); 1238 1239 /** 1240 * rproc_get_by_phandle() - find a remote processor by phandle 1241 * @phandle: phandle to the rproc 1242 * 1243 * Finds an rproc handle using the remote processor's phandle, and then 1244 * return a handle to the rproc. 1245 * 1246 * This function increments the remote processor's refcount, so always 1247 * use rproc_put() to decrement it back once rproc isn't needed anymore. 1248 * 1249 * Returns the rproc handle on success, and NULL on failure. 1250 */ 1251 #ifdef CONFIG_OF 1252 struct rproc *rproc_get_by_phandle(phandle phandle) 1253 { 1254 struct rproc *rproc = NULL, *r; 1255 struct device_node *np; 1256 1257 np = of_find_node_by_phandle(phandle); 1258 if (!np) 1259 return NULL; 1260 1261 mutex_lock(&rproc_list_mutex); 1262 list_for_each_entry(r, &rproc_list, node) { 1263 if (r->dev.parent && r->dev.parent->of_node == np) { 1264 /* prevent underlying implementation from being removed */ 1265 if (!try_module_get(r->dev.parent->driver->owner)) { 1266 dev_err(&r->dev, "can't get owner\n"); 1267 break; 1268 } 1269 1270 rproc = r; 1271 get_device(&rproc->dev); 1272 break; 1273 } 1274 } 1275 mutex_unlock(&rproc_list_mutex); 1276 1277 of_node_put(np); 1278 1279 return rproc; 1280 } 1281 #else 1282 struct rproc *rproc_get_by_phandle(phandle phandle) 1283 { 1284 return NULL; 1285 } 1286 #endif 1287 EXPORT_SYMBOL(rproc_get_by_phandle); 1288 1289 /** 1290 * rproc_add() - register a remote processor 1291 * @rproc: the remote processor handle to register 1292 * 1293 * Registers @rproc with the remoteproc framework, after it has been 1294 * allocated with rproc_alloc(). 1295 * 1296 * This is called by the platform-specific rproc implementation, whenever 1297 * a new remote processor device is probed. 1298 * 1299 * Returns 0 on success and an appropriate error code otherwise. 1300 * 1301 * Note: this function initiates an asynchronous firmware loading 1302 * context, which will look for virtio devices supported by the rproc's 1303 * firmware. 1304 * 1305 * If found, those virtio devices will be created and added, so as a result 1306 * of registering this remote processor, additional virtio drivers might be 1307 * probed. 1308 */ 1309 int rproc_add(struct rproc *rproc) 1310 { 1311 struct device *dev = &rproc->dev; 1312 int ret; 1313 1314 ret = device_add(dev); 1315 if (ret < 0) 1316 return ret; 1317 1318 dev_info(dev, "%s is available\n", rproc->name); 1319 1320 /* create debugfs entries */ 1321 rproc_create_debug_dir(rproc); 1322 1323 /* if rproc is marked always-on, request it to boot */ 1324 if (rproc->auto_boot) { 1325 ret = rproc_trigger_auto_boot(rproc); 1326 if (ret < 0) 1327 return ret; 1328 } 1329 1330 /* expose to rproc_get_by_phandle users */ 1331 mutex_lock(&rproc_list_mutex); 1332 list_add(&rproc->node, &rproc_list); 1333 mutex_unlock(&rproc_list_mutex); 1334 1335 return 0; 1336 } 1337 EXPORT_SYMBOL(rproc_add); 1338 1339 /** 1340 * rproc_type_release() - release a remote processor instance 1341 * @dev: the rproc's device 1342 * 1343 * This function should _never_ be called directly. 1344 * 1345 * It will be called by the driver core when no one holds a valid pointer 1346 * to @dev anymore. 1347 */ 1348 static void rproc_type_release(struct device *dev) 1349 { 1350 struct rproc *rproc = container_of(dev, struct rproc, dev); 1351 1352 dev_info(&rproc->dev, "releasing %s\n", rproc->name); 1353 1354 idr_destroy(&rproc->notifyids); 1355 1356 if (rproc->index >= 0) 1357 ida_simple_remove(&rproc_dev_index, rproc->index); 1358 1359 kfree(rproc->firmware); 1360 kfree(rproc); 1361 } 1362 1363 static const struct device_type rproc_type = { 1364 .name = "remoteproc", 1365 .release = rproc_type_release, 1366 }; 1367 1368 /** 1369 * rproc_alloc() - allocate a remote processor handle 1370 * @dev: the underlying device 1371 * @name: name of this remote processor 1372 * @ops: platform-specific handlers (mainly start/stop) 1373 * @firmware: name of firmware file to load, can be NULL 1374 * @len: length of private data needed by the rproc driver (in bytes) 1375 * 1376 * Allocates a new remote processor handle, but does not register 1377 * it yet. if @firmware is NULL, a default name is used. 1378 * 1379 * This function should be used by rproc implementations during initialization 1380 * of the remote processor. 1381 * 1382 * After creating an rproc handle using this function, and when ready, 1383 * implementations should then call rproc_add() to complete 1384 * the registration of the remote processor. 1385 * 1386 * On success the new rproc is returned, and on failure, NULL. 1387 * 1388 * Note: _never_ directly deallocate @rproc, even if it was not registered 1389 * yet. Instead, when you need to unroll rproc_alloc(), use rproc_free(). 1390 */ 1391 struct rproc *rproc_alloc(struct device *dev, const char *name, 1392 const struct rproc_ops *ops, 1393 const char *firmware, int len) 1394 { 1395 struct rproc *rproc; 1396 char *p, *template = "rproc-%s-fw"; 1397 int name_len; 1398 1399 if (!dev || !name || !ops) 1400 return NULL; 1401 1402 if (!firmware) { 1403 /* 1404 * If the caller didn't pass in a firmware name then 1405 * construct a default name. 1406 */ 1407 name_len = strlen(name) + strlen(template) - 2 + 1; 1408 p = kmalloc(name_len, GFP_KERNEL); 1409 if (!p) 1410 return NULL; 1411 snprintf(p, name_len, template, name); 1412 } else { 1413 p = kstrdup(firmware, GFP_KERNEL); 1414 if (!p) 1415 return NULL; 1416 } 1417 1418 rproc = kzalloc(sizeof(struct rproc) + len, GFP_KERNEL); 1419 if (!rproc) { 1420 kfree(p); 1421 return NULL; 1422 } 1423 1424 rproc->firmware = p; 1425 rproc->name = name; 1426 rproc->ops = ops; 1427 rproc->priv = &rproc[1]; 1428 rproc->auto_boot = true; 1429 1430 device_initialize(&rproc->dev); 1431 rproc->dev.parent = dev; 1432 rproc->dev.type = &rproc_type; 1433 rproc->dev.class = &rproc_class; 1434 rproc->dev.driver_data = rproc; 1435 1436 /* Assign a unique device index and name */ 1437 rproc->index = ida_simple_get(&rproc_dev_index, 0, 0, GFP_KERNEL); 1438 if (rproc->index < 0) { 1439 dev_err(dev, "ida_simple_get failed: %d\n", rproc->index); 1440 put_device(&rproc->dev); 1441 return NULL; 1442 } 1443 1444 dev_set_name(&rproc->dev, "remoteproc%d", rproc->index); 1445 1446 atomic_set(&rproc->power, 0); 1447 1448 /* Set ELF as the default fw_ops handler */ 1449 rproc->fw_ops = &rproc_elf_fw_ops; 1450 1451 mutex_init(&rproc->lock); 1452 1453 idr_init(&rproc->notifyids); 1454 1455 INIT_LIST_HEAD(&rproc->carveouts); 1456 INIT_LIST_HEAD(&rproc->mappings); 1457 INIT_LIST_HEAD(&rproc->traces); 1458 INIT_LIST_HEAD(&rproc->rvdevs); 1459 INIT_LIST_HEAD(&rproc->subdevs); 1460 1461 INIT_WORK(&rproc->crash_handler, rproc_crash_handler_work); 1462 init_completion(&rproc->crash_comp); 1463 1464 rproc->state = RPROC_OFFLINE; 1465 1466 return rproc; 1467 } 1468 EXPORT_SYMBOL(rproc_alloc); 1469 1470 /** 1471 * rproc_free() - unroll rproc_alloc() 1472 * @rproc: the remote processor handle 1473 * 1474 * This function decrements the rproc dev refcount. 1475 * 1476 * If no one holds any reference to rproc anymore, then its refcount would 1477 * now drop to zero, and it would be freed. 1478 */ 1479 void rproc_free(struct rproc *rproc) 1480 { 1481 put_device(&rproc->dev); 1482 } 1483 EXPORT_SYMBOL(rproc_free); 1484 1485 /** 1486 * rproc_put() - release rproc reference 1487 * @rproc: the remote processor handle 1488 * 1489 * This function decrements the rproc dev refcount. 1490 * 1491 * If no one holds any reference to rproc anymore, then its refcount would 1492 * now drop to zero, and it would be freed. 1493 */ 1494 void rproc_put(struct rproc *rproc) 1495 { 1496 module_put(rproc->dev.parent->driver->owner); 1497 put_device(&rproc->dev); 1498 } 1499 EXPORT_SYMBOL(rproc_put); 1500 1501 /** 1502 * rproc_del() - unregister a remote processor 1503 * @rproc: rproc handle to unregister 1504 * 1505 * This function should be called when the platform specific rproc 1506 * implementation decides to remove the rproc device. it should 1507 * _only_ be called if a previous invocation of rproc_add() 1508 * has completed successfully. 1509 * 1510 * After rproc_del() returns, @rproc isn't freed yet, because 1511 * of the outstanding reference created by rproc_alloc. To decrement that 1512 * one last refcount, one still needs to call rproc_free(). 1513 * 1514 * Returns 0 on success and -EINVAL if @rproc isn't valid. 1515 */ 1516 int rproc_del(struct rproc *rproc) 1517 { 1518 if (!rproc) 1519 return -EINVAL; 1520 1521 /* if rproc is marked always-on, rproc_add() booted it */ 1522 /* TODO: make sure this works with rproc->power > 1 */ 1523 if (rproc->auto_boot) 1524 rproc_shutdown(rproc); 1525 1526 mutex_lock(&rproc->lock); 1527 rproc->state = RPROC_DELETED; 1528 mutex_unlock(&rproc->lock); 1529 1530 rproc_delete_debug_dir(rproc); 1531 1532 /* the rproc is downref'ed as soon as it's removed from the klist */ 1533 mutex_lock(&rproc_list_mutex); 1534 list_del(&rproc->node); 1535 mutex_unlock(&rproc_list_mutex); 1536 1537 device_del(&rproc->dev); 1538 1539 return 0; 1540 } 1541 EXPORT_SYMBOL(rproc_del); 1542 1543 /** 1544 * rproc_add_subdev() - add a subdevice to a remoteproc 1545 * @rproc: rproc handle to add the subdevice to 1546 * @subdev: subdev handle to register 1547 * @probe: function to call when the rproc boots 1548 * @remove: function to call when the rproc shuts down 1549 */ 1550 void rproc_add_subdev(struct rproc *rproc, 1551 struct rproc_subdev *subdev, 1552 int (*probe)(struct rproc_subdev *subdev), 1553 void (*remove)(struct rproc_subdev *subdev)) 1554 { 1555 subdev->probe = probe; 1556 subdev->remove = remove; 1557 1558 list_add_tail(&subdev->node, &rproc->subdevs); 1559 } 1560 EXPORT_SYMBOL(rproc_add_subdev); 1561 1562 /** 1563 * rproc_remove_subdev() - remove a subdevice from a remoteproc 1564 * @rproc: rproc handle to remove the subdevice from 1565 * @subdev: subdev handle, previously registered with rproc_add_subdev() 1566 */ 1567 void rproc_remove_subdev(struct rproc *rproc, struct rproc_subdev *subdev) 1568 { 1569 list_del(&subdev->node); 1570 } 1571 EXPORT_SYMBOL(rproc_remove_subdev); 1572 1573 /** 1574 * rproc_get_by_child() - acquire rproc handle of @dev's ancestor 1575 * @dev: child device to find ancestor of 1576 * 1577 * Returns the ancestor rproc instance, or NULL if not found. 1578 */ 1579 struct rproc *rproc_get_by_child(struct device *dev) 1580 { 1581 for (dev = dev->parent; dev; dev = dev->parent) { 1582 if (dev->type == &rproc_type) 1583 return dev->driver_data; 1584 } 1585 1586 return NULL; 1587 } 1588 EXPORT_SYMBOL(rproc_get_by_child); 1589 1590 /** 1591 * rproc_report_crash() - rproc crash reporter function 1592 * @rproc: remote processor 1593 * @type: crash type 1594 * 1595 * This function must be called every time a crash is detected by the low-level 1596 * drivers implementing a specific remoteproc. This should not be called from a 1597 * non-remoteproc driver. 1598 * 1599 * This function can be called from atomic/interrupt context. 1600 */ 1601 void rproc_report_crash(struct rproc *rproc, enum rproc_crash_type type) 1602 { 1603 if (!rproc) { 1604 pr_err("NULL rproc pointer\n"); 1605 return; 1606 } 1607 1608 dev_err(&rproc->dev, "crash detected in %s: type %s\n", 1609 rproc->name, rproc_crash_to_string(type)); 1610 1611 /* create a new task to handle the error */ 1612 schedule_work(&rproc->crash_handler); 1613 } 1614 EXPORT_SYMBOL(rproc_report_crash); 1615 1616 static int __init remoteproc_init(void) 1617 { 1618 rproc_init_sysfs(); 1619 rproc_init_debugfs(); 1620 1621 return 0; 1622 } 1623 module_init(remoteproc_init); 1624 1625 static void __exit remoteproc_exit(void) 1626 { 1627 ida_destroy(&rproc_dev_index); 1628 1629 rproc_exit_debugfs(); 1630 rproc_exit_sysfs(); 1631 } 1632 module_exit(remoteproc_exit); 1633 1634 MODULE_LICENSE("GPL v2"); 1635 MODULE_DESCRIPTION("Generic Remote Processor Framework"); 1636