1 /* 2 * Remote Processor Framework 3 * 4 * Copyright (C) 2011 Texas Instruments, Inc. 5 * Copyright (C) 2011 Google, Inc. 6 * 7 * Ohad Ben-Cohen <ohad@wizery.com> 8 * Brian Swetland <swetland@google.com> 9 * Mark Grosen <mgrosen@ti.com> 10 * Fernando Guzman Lugo <fernando.lugo@ti.com> 11 * Suman Anna <s-anna@ti.com> 12 * Robert Tivy <rtivy@ti.com> 13 * Armando Uribe De Leon <x0095078@ti.com> 14 * 15 * This program is free software; you can redistribute it and/or 16 * modify it under the terms of the GNU General Public License 17 * version 2 as published by the Free Software Foundation. 18 * 19 * This program is distributed in the hope that it will be useful, 20 * but WITHOUT ANY WARRANTY; without even the implied warranty of 21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 22 * GNU General Public License for more details. 23 */ 24 25 #define pr_fmt(fmt) "%s: " fmt, __func__ 26 27 #include <linux/kernel.h> 28 #include <linux/module.h> 29 #include <linux/device.h> 30 #include <linux/slab.h> 31 #include <linux/mutex.h> 32 #include <linux/dma-mapping.h> 33 #include <linux/firmware.h> 34 #include <linux/string.h> 35 #include <linux/debugfs.h> 36 #include <linux/remoteproc.h> 37 #include <linux/iommu.h> 38 #include <linux/idr.h> 39 #include <linux/elf.h> 40 #include <linux/virtio_ids.h> 41 #include <linux/virtio_ring.h> 42 #include <asm/byteorder.h> 43 44 #include "remoteproc_internal.h" 45 46 typedef int (*rproc_handle_resources_t)(struct rproc *rproc, 47 struct resource_table *table, int len); 48 typedef int (*rproc_handle_resource_t)(struct rproc *rproc, void *, int avail); 49 50 /* Unique indices for remoteproc devices */ 51 static DEFINE_IDA(rproc_dev_index); 52 53 static const char * const rproc_crash_names[] = { 54 [RPROC_MMUFAULT] = "mmufault", 55 }; 56 57 /* translate rproc_crash_type to string */ 58 static const char *rproc_crash_to_string(enum rproc_crash_type type) 59 { 60 if (type < ARRAY_SIZE(rproc_crash_names)) 61 return rproc_crash_names[type]; 62 return "unkown"; 63 } 64 65 /* 66 * This is the IOMMU fault handler we register with the IOMMU API 67 * (when relevant; not all remote processors access memory through 68 * an IOMMU). 69 * 70 * IOMMU core will invoke this handler whenever the remote processor 71 * will try to access an unmapped device address. 72 */ 73 static int rproc_iommu_fault(struct iommu_domain *domain, struct device *dev, 74 unsigned long iova, int flags, void *token) 75 { 76 struct rproc *rproc = token; 77 78 dev_err(dev, "iommu fault: da 0x%lx flags 0x%x\n", iova, flags); 79 80 rproc_report_crash(rproc, RPROC_MMUFAULT); 81 82 /* 83 * Let the iommu core know we're not really handling this fault; 84 * we just used it as a recovery trigger. 85 */ 86 return -ENOSYS; 87 } 88 89 static int rproc_enable_iommu(struct rproc *rproc) 90 { 91 struct iommu_domain *domain; 92 struct device *dev = rproc->dev.parent; 93 int ret; 94 95 /* 96 * We currently use iommu_present() to decide if an IOMMU 97 * setup is needed. 98 * 99 * This works for simple cases, but will easily fail with 100 * platforms that do have an IOMMU, but not for this specific 101 * rproc. 102 * 103 * This will be easily solved by introducing hw capabilities 104 * that will be set by the remoteproc driver. 105 */ 106 if (!iommu_present(dev->bus)) { 107 dev_dbg(dev, "iommu not found\n"); 108 return 0; 109 } 110 111 domain = iommu_domain_alloc(dev->bus); 112 if (!domain) { 113 dev_err(dev, "can't alloc iommu domain\n"); 114 return -ENOMEM; 115 } 116 117 iommu_set_fault_handler(domain, rproc_iommu_fault, rproc); 118 119 ret = iommu_attach_device(domain, dev); 120 if (ret) { 121 dev_err(dev, "can't attach iommu device: %d\n", ret); 122 goto free_domain; 123 } 124 125 rproc->domain = domain; 126 127 return 0; 128 129 free_domain: 130 iommu_domain_free(domain); 131 return ret; 132 } 133 134 static void rproc_disable_iommu(struct rproc *rproc) 135 { 136 struct iommu_domain *domain = rproc->domain; 137 struct device *dev = rproc->dev.parent; 138 139 if (!domain) 140 return; 141 142 iommu_detach_device(domain, dev); 143 iommu_domain_free(domain); 144 145 return; 146 } 147 148 /* 149 * Some remote processors will ask us to allocate them physically contiguous 150 * memory regions (which we call "carveouts"), and map them to specific 151 * device addresses (which are hardcoded in the firmware). 152 * 153 * They may then ask us to copy objects into specific device addresses (e.g. 154 * code/data sections) or expose us certain symbols in other device address 155 * (e.g. their trace buffer). 156 * 157 * This function is an internal helper with which we can go over the allocated 158 * carveouts and translate specific device address to kernel virtual addresses 159 * so we can access the referenced memory. 160 * 161 * Note: phys_to_virt(iommu_iova_to_phys(rproc->domain, da)) will work too, 162 * but only on kernel direct mapped RAM memory. Instead, we're just using 163 * here the output of the DMA API, which should be more correct. 164 */ 165 void *rproc_da_to_va(struct rproc *rproc, u64 da, int len) 166 { 167 struct rproc_mem_entry *carveout; 168 void *ptr = NULL; 169 170 list_for_each_entry(carveout, &rproc->carveouts, node) { 171 int offset = da - carveout->da; 172 173 /* try next carveout if da is too small */ 174 if (offset < 0) 175 continue; 176 177 /* try next carveout if da is too large */ 178 if (offset + len > carveout->len) 179 continue; 180 181 ptr = carveout->va + offset; 182 183 break; 184 } 185 186 return ptr; 187 } 188 EXPORT_SYMBOL(rproc_da_to_va); 189 190 int rproc_alloc_vring(struct rproc_vdev *rvdev, int i) 191 { 192 struct rproc *rproc = rvdev->rproc; 193 struct device *dev = &rproc->dev; 194 struct rproc_vring *rvring = &rvdev->vring[i]; 195 dma_addr_t dma; 196 void *va; 197 int ret, size, notifyid; 198 199 /* actual size of vring (in bytes) */ 200 size = PAGE_ALIGN(vring_size(rvring->len, rvring->align)); 201 202 if (!idr_pre_get(&rproc->notifyids, GFP_KERNEL)) { 203 dev_err(dev, "idr_pre_get failed\n"); 204 return -ENOMEM; 205 } 206 207 /* 208 * Allocate non-cacheable memory for the vring. In the future 209 * this call will also configure the IOMMU for us 210 * TODO: let the rproc know the da of this vring 211 */ 212 va = dma_alloc_coherent(dev->parent, size, &dma, GFP_KERNEL); 213 if (!va) { 214 dev_err(dev->parent, "dma_alloc_coherent failed\n"); 215 return -EINVAL; 216 } 217 218 /* 219 * Assign an rproc-wide unique index for this vring 220 * TODO: assign a notifyid for rvdev updates as well 221 * TODO: let the rproc know the notifyid of this vring 222 * TODO: support predefined notifyids (via resource table) 223 */ 224 ret = idr_get_new(&rproc->notifyids, rvring, ¬ifyid); 225 if (ret) { 226 dev_err(dev, "idr_get_new failed: %d\n", ret); 227 dma_free_coherent(dev->parent, size, va, dma); 228 return ret; 229 } 230 231 /* Store largest notifyid */ 232 rproc->max_notifyid = max(rproc->max_notifyid, notifyid); 233 234 dev_dbg(dev, "vring%d: va %p dma %llx size %x idr %d\n", i, va, 235 (unsigned long long)dma, size, notifyid); 236 237 rvring->va = va; 238 rvring->dma = dma; 239 rvring->notifyid = notifyid; 240 241 return 0; 242 } 243 244 static int 245 rproc_parse_vring(struct rproc_vdev *rvdev, struct fw_rsc_vdev *rsc, int i) 246 { 247 struct rproc *rproc = rvdev->rproc; 248 struct device *dev = &rproc->dev; 249 struct fw_rsc_vdev_vring *vring = &rsc->vring[i]; 250 struct rproc_vring *rvring = &rvdev->vring[i]; 251 252 dev_dbg(dev, "vdev rsc: vring%d: da %x, qsz %d, align %d\n", 253 i, vring->da, vring->num, vring->align); 254 255 /* make sure reserved bytes are zeroes */ 256 if (vring->reserved) { 257 dev_err(dev, "vring rsc has non zero reserved bytes\n"); 258 return -EINVAL; 259 } 260 261 /* verify queue size and vring alignment are sane */ 262 if (!vring->num || !vring->align) { 263 dev_err(dev, "invalid qsz (%d) or alignment (%d)\n", 264 vring->num, vring->align); 265 return -EINVAL; 266 } 267 268 rvring->len = vring->num; 269 rvring->align = vring->align; 270 rvring->rvdev = rvdev; 271 272 return 0; 273 } 274 275 static int rproc_max_notifyid(int id, void *p, void *data) 276 { 277 int *maxid = data; 278 *maxid = max(*maxid, id); 279 return 0; 280 } 281 282 void rproc_free_vring(struct rproc_vring *rvring) 283 { 284 int size = PAGE_ALIGN(vring_size(rvring->len, rvring->align)); 285 struct rproc *rproc = rvring->rvdev->rproc; 286 int maxid = 0; 287 288 dma_free_coherent(rproc->dev.parent, size, rvring->va, rvring->dma); 289 idr_remove(&rproc->notifyids, rvring->notifyid); 290 291 /* Find the largest remaining notifyid */ 292 idr_for_each(&rproc->notifyids, rproc_max_notifyid, &maxid); 293 rproc->max_notifyid = maxid; 294 } 295 296 /** 297 * rproc_handle_vdev() - handle a vdev fw resource 298 * @rproc: the remote processor 299 * @rsc: the vring resource descriptor 300 * @avail: size of available data (for sanity checking the image) 301 * 302 * This resource entry requests the host to statically register a virtio 303 * device (vdev), and setup everything needed to support it. It contains 304 * everything needed to make it possible: the virtio device id, virtio 305 * device features, vrings information, virtio config space, etc... 306 * 307 * Before registering the vdev, the vrings are allocated from non-cacheable 308 * physically contiguous memory. Currently we only support two vrings per 309 * remote processor (temporary limitation). We might also want to consider 310 * doing the vring allocation only later when ->find_vqs() is invoked, and 311 * then release them upon ->del_vqs(). 312 * 313 * Note: @da is currently not really handled correctly: we dynamically 314 * allocate it using the DMA API, ignoring requested hard coded addresses, 315 * and we don't take care of any required IOMMU programming. This is all 316 * going to be taken care of when the generic iommu-based DMA API will be 317 * merged. Meanwhile, statically-addressed iommu-based firmware images should 318 * use RSC_DEVMEM resource entries to map their required @da to the physical 319 * address of their base CMA region (ouch, hacky!). 320 * 321 * Returns 0 on success, or an appropriate error code otherwise 322 */ 323 static int rproc_handle_vdev(struct rproc *rproc, struct fw_rsc_vdev *rsc, 324 int avail) 325 { 326 struct device *dev = &rproc->dev; 327 struct rproc_vdev *rvdev; 328 int i, ret; 329 330 /* make sure resource isn't truncated */ 331 if (sizeof(*rsc) + rsc->num_of_vrings * sizeof(struct fw_rsc_vdev_vring) 332 + rsc->config_len > avail) { 333 dev_err(dev, "vdev rsc is truncated\n"); 334 return -EINVAL; 335 } 336 337 /* make sure reserved bytes are zeroes */ 338 if (rsc->reserved[0] || rsc->reserved[1]) { 339 dev_err(dev, "vdev rsc has non zero reserved bytes\n"); 340 return -EINVAL; 341 } 342 343 dev_dbg(dev, "vdev rsc: id %d, dfeatures %x, cfg len %d, %d vrings\n", 344 rsc->id, rsc->dfeatures, rsc->config_len, rsc->num_of_vrings); 345 346 /* we currently support only two vrings per rvdev */ 347 if (rsc->num_of_vrings > ARRAY_SIZE(rvdev->vring)) { 348 dev_err(dev, "too many vrings: %d\n", rsc->num_of_vrings); 349 return -EINVAL; 350 } 351 352 rvdev = kzalloc(sizeof(struct rproc_vdev), GFP_KERNEL); 353 if (!rvdev) 354 return -ENOMEM; 355 356 rvdev->rproc = rproc; 357 358 /* parse the vrings */ 359 for (i = 0; i < rsc->num_of_vrings; i++) { 360 ret = rproc_parse_vring(rvdev, rsc, i); 361 if (ret) 362 goto free_rvdev; 363 } 364 365 /* remember the device features */ 366 rvdev->dfeatures = rsc->dfeatures; 367 368 list_add_tail(&rvdev->node, &rproc->rvdevs); 369 370 /* it is now safe to add the virtio device */ 371 ret = rproc_add_virtio_dev(rvdev, rsc->id); 372 if (ret) 373 goto free_rvdev; 374 375 return 0; 376 377 free_rvdev: 378 kfree(rvdev); 379 return ret; 380 } 381 382 /** 383 * rproc_handle_trace() - handle a shared trace buffer resource 384 * @rproc: the remote processor 385 * @rsc: the trace resource descriptor 386 * @avail: size of available data (for sanity checking the image) 387 * 388 * In case the remote processor dumps trace logs into memory, 389 * export it via debugfs. 390 * 391 * Currently, the 'da' member of @rsc should contain the device address 392 * where the remote processor is dumping the traces. Later we could also 393 * support dynamically allocating this address using the generic 394 * DMA API (but currently there isn't a use case for that). 395 * 396 * Returns 0 on success, or an appropriate error code otherwise 397 */ 398 static int rproc_handle_trace(struct rproc *rproc, struct fw_rsc_trace *rsc, 399 int avail) 400 { 401 struct rproc_mem_entry *trace; 402 struct device *dev = &rproc->dev; 403 void *ptr; 404 char name[15]; 405 406 if (sizeof(*rsc) > avail) { 407 dev_err(dev, "trace rsc is truncated\n"); 408 return -EINVAL; 409 } 410 411 /* make sure reserved bytes are zeroes */ 412 if (rsc->reserved) { 413 dev_err(dev, "trace rsc has non zero reserved bytes\n"); 414 return -EINVAL; 415 } 416 417 /* what's the kernel address of this resource ? */ 418 ptr = rproc_da_to_va(rproc, rsc->da, rsc->len); 419 if (!ptr) { 420 dev_err(dev, "erroneous trace resource entry\n"); 421 return -EINVAL; 422 } 423 424 trace = kzalloc(sizeof(*trace), GFP_KERNEL); 425 if (!trace) { 426 dev_err(dev, "kzalloc trace failed\n"); 427 return -ENOMEM; 428 } 429 430 /* set the trace buffer dma properties */ 431 trace->len = rsc->len; 432 trace->va = ptr; 433 434 /* make sure snprintf always null terminates, even if truncating */ 435 snprintf(name, sizeof(name), "trace%d", rproc->num_traces); 436 437 /* create the debugfs entry */ 438 trace->priv = rproc_create_trace_file(name, rproc, trace); 439 if (!trace->priv) { 440 trace->va = NULL; 441 kfree(trace); 442 return -EINVAL; 443 } 444 445 list_add_tail(&trace->node, &rproc->traces); 446 447 rproc->num_traces++; 448 449 dev_dbg(dev, "%s added: va %p, da 0x%x, len 0x%x\n", name, ptr, 450 rsc->da, rsc->len); 451 452 return 0; 453 } 454 455 /** 456 * rproc_handle_devmem() - handle devmem resource entry 457 * @rproc: remote processor handle 458 * @rsc: the devmem resource entry 459 * @avail: size of available data (for sanity checking the image) 460 * 461 * Remote processors commonly need to access certain on-chip peripherals. 462 * 463 * Some of these remote processors access memory via an iommu device, 464 * and might require us to configure their iommu before they can access 465 * the on-chip peripherals they need. 466 * 467 * This resource entry is a request to map such a peripheral device. 468 * 469 * These devmem entries will contain the physical address of the device in 470 * the 'pa' member. If a specific device address is expected, then 'da' will 471 * contain it (currently this is the only use case supported). 'len' will 472 * contain the size of the physical region we need to map. 473 * 474 * Currently we just "trust" those devmem entries to contain valid physical 475 * addresses, but this is going to change: we want the implementations to 476 * tell us ranges of physical addresses the firmware is allowed to request, 477 * and not allow firmwares to request access to physical addresses that 478 * are outside those ranges. 479 */ 480 static int rproc_handle_devmem(struct rproc *rproc, struct fw_rsc_devmem *rsc, 481 int avail) 482 { 483 struct rproc_mem_entry *mapping; 484 struct device *dev = &rproc->dev; 485 int ret; 486 487 /* no point in handling this resource without a valid iommu domain */ 488 if (!rproc->domain) 489 return -EINVAL; 490 491 if (sizeof(*rsc) > avail) { 492 dev_err(dev, "devmem rsc is truncated\n"); 493 return -EINVAL; 494 } 495 496 /* make sure reserved bytes are zeroes */ 497 if (rsc->reserved) { 498 dev_err(dev, "devmem rsc has non zero reserved bytes\n"); 499 return -EINVAL; 500 } 501 502 mapping = kzalloc(sizeof(*mapping), GFP_KERNEL); 503 if (!mapping) { 504 dev_err(dev, "kzalloc mapping failed\n"); 505 return -ENOMEM; 506 } 507 508 ret = iommu_map(rproc->domain, rsc->da, rsc->pa, rsc->len, rsc->flags); 509 if (ret) { 510 dev_err(dev, "failed to map devmem: %d\n", ret); 511 goto out; 512 } 513 514 /* 515 * We'll need this info later when we'll want to unmap everything 516 * (e.g. on shutdown). 517 * 518 * We can't trust the remote processor not to change the resource 519 * table, so we must maintain this info independently. 520 */ 521 mapping->da = rsc->da; 522 mapping->len = rsc->len; 523 list_add_tail(&mapping->node, &rproc->mappings); 524 525 dev_dbg(dev, "mapped devmem pa 0x%x, da 0x%x, len 0x%x\n", 526 rsc->pa, rsc->da, rsc->len); 527 528 return 0; 529 530 out: 531 kfree(mapping); 532 return ret; 533 } 534 535 /** 536 * rproc_handle_carveout() - handle phys contig memory allocation requests 537 * @rproc: rproc handle 538 * @rsc: the resource entry 539 * @avail: size of available data (for image validation) 540 * 541 * This function will handle firmware requests for allocation of physically 542 * contiguous memory regions. 543 * 544 * These request entries should come first in the firmware's resource table, 545 * as other firmware entries might request placing other data objects inside 546 * these memory regions (e.g. data/code segments, trace resource entries, ...). 547 * 548 * Allocating memory this way helps utilizing the reserved physical memory 549 * (e.g. CMA) more efficiently, and also minimizes the number of TLB entries 550 * needed to map it (in case @rproc is using an IOMMU). Reducing the TLB 551 * pressure is important; it may have a substantial impact on performance. 552 */ 553 static int rproc_handle_carveout(struct rproc *rproc, 554 struct fw_rsc_carveout *rsc, int avail) 555 { 556 struct rproc_mem_entry *carveout, *mapping; 557 struct device *dev = &rproc->dev; 558 dma_addr_t dma; 559 void *va; 560 int ret; 561 562 if (sizeof(*rsc) > avail) { 563 dev_err(dev, "carveout rsc is truncated\n"); 564 return -EINVAL; 565 } 566 567 /* make sure reserved bytes are zeroes */ 568 if (rsc->reserved) { 569 dev_err(dev, "carveout rsc has non zero reserved bytes\n"); 570 return -EINVAL; 571 } 572 573 dev_dbg(dev, "carveout rsc: da %x, pa %x, len %x, flags %x\n", 574 rsc->da, rsc->pa, rsc->len, rsc->flags); 575 576 carveout = kzalloc(sizeof(*carveout), GFP_KERNEL); 577 if (!carveout) { 578 dev_err(dev, "kzalloc carveout failed\n"); 579 return -ENOMEM; 580 } 581 582 va = dma_alloc_coherent(dev->parent, rsc->len, &dma, GFP_KERNEL); 583 if (!va) { 584 dev_err(dev->parent, "dma_alloc_coherent err: %d\n", rsc->len); 585 ret = -ENOMEM; 586 goto free_carv; 587 } 588 589 dev_dbg(dev, "carveout va %p, dma %llx, len 0x%x\n", va, 590 (unsigned long long)dma, rsc->len); 591 592 /* 593 * Ok, this is non-standard. 594 * 595 * Sometimes we can't rely on the generic iommu-based DMA API 596 * to dynamically allocate the device address and then set the IOMMU 597 * tables accordingly, because some remote processors might 598 * _require_ us to use hard coded device addresses that their 599 * firmware was compiled with. 600 * 601 * In this case, we must use the IOMMU API directly and map 602 * the memory to the device address as expected by the remote 603 * processor. 604 * 605 * Obviously such remote processor devices should not be configured 606 * to use the iommu-based DMA API: we expect 'dma' to contain the 607 * physical address in this case. 608 */ 609 if (rproc->domain) { 610 mapping = kzalloc(sizeof(*mapping), GFP_KERNEL); 611 if (!mapping) { 612 dev_err(dev, "kzalloc mapping failed\n"); 613 ret = -ENOMEM; 614 goto dma_free; 615 } 616 617 ret = iommu_map(rproc->domain, rsc->da, dma, rsc->len, 618 rsc->flags); 619 if (ret) { 620 dev_err(dev, "iommu_map failed: %d\n", ret); 621 goto free_mapping; 622 } 623 624 /* 625 * We'll need this info later when we'll want to unmap 626 * everything (e.g. on shutdown). 627 * 628 * We can't trust the remote processor not to change the 629 * resource table, so we must maintain this info independently. 630 */ 631 mapping->da = rsc->da; 632 mapping->len = rsc->len; 633 list_add_tail(&mapping->node, &rproc->mappings); 634 635 dev_dbg(dev, "carveout mapped 0x%x to 0x%llx\n", 636 rsc->da, (unsigned long long)dma); 637 } 638 639 /* 640 * Some remote processors might need to know the pa 641 * even though they are behind an IOMMU. E.g., OMAP4's 642 * remote M3 processor needs this so it can control 643 * on-chip hardware accelerators that are not behind 644 * the IOMMU, and therefor must know the pa. 645 * 646 * Generally we don't want to expose physical addresses 647 * if we don't have to (remote processors are generally 648 * _not_ trusted), so we might want to do this only for 649 * remote processor that _must_ have this (e.g. OMAP4's 650 * dual M3 subsystem). 651 * 652 * Non-IOMMU processors might also want to have this info. 653 * In this case, the device address and the physical address 654 * are the same. 655 */ 656 rsc->pa = dma; 657 658 carveout->va = va; 659 carveout->len = rsc->len; 660 carveout->dma = dma; 661 carveout->da = rsc->da; 662 663 list_add_tail(&carveout->node, &rproc->carveouts); 664 665 return 0; 666 667 free_mapping: 668 kfree(mapping); 669 dma_free: 670 dma_free_coherent(dev->parent, rsc->len, va, dma); 671 free_carv: 672 kfree(carveout); 673 return ret; 674 } 675 676 /* 677 * A lookup table for resource handlers. The indices are defined in 678 * enum fw_resource_type. 679 */ 680 static rproc_handle_resource_t rproc_handle_rsc[] = { 681 [RSC_CARVEOUT] = (rproc_handle_resource_t)rproc_handle_carveout, 682 [RSC_DEVMEM] = (rproc_handle_resource_t)rproc_handle_devmem, 683 [RSC_TRACE] = (rproc_handle_resource_t)rproc_handle_trace, 684 [RSC_VDEV] = NULL, /* VDEVs were handled upon registrarion */ 685 }; 686 687 /* handle firmware resource entries before booting the remote processor */ 688 static int 689 rproc_handle_boot_rsc(struct rproc *rproc, struct resource_table *table, int len) 690 { 691 struct device *dev = &rproc->dev; 692 rproc_handle_resource_t handler; 693 int ret = 0, i; 694 695 for (i = 0; i < table->num; i++) { 696 int offset = table->offset[i]; 697 struct fw_rsc_hdr *hdr = (void *)table + offset; 698 int avail = len - offset - sizeof(*hdr); 699 void *rsc = (void *)hdr + sizeof(*hdr); 700 701 /* make sure table isn't truncated */ 702 if (avail < 0) { 703 dev_err(dev, "rsc table is truncated\n"); 704 return -EINVAL; 705 } 706 707 dev_dbg(dev, "rsc: type %d\n", hdr->type); 708 709 if (hdr->type >= RSC_LAST) { 710 dev_warn(dev, "unsupported resource %d\n", hdr->type); 711 continue; 712 } 713 714 handler = rproc_handle_rsc[hdr->type]; 715 if (!handler) 716 continue; 717 718 ret = handler(rproc, rsc, avail); 719 if (ret) 720 break; 721 } 722 723 return ret; 724 } 725 726 /* handle firmware resource entries while registering the remote processor */ 727 static int 728 rproc_handle_virtio_rsc(struct rproc *rproc, struct resource_table *table, int len) 729 { 730 struct device *dev = &rproc->dev; 731 int ret = 0, i; 732 733 for (i = 0; i < table->num; i++) { 734 int offset = table->offset[i]; 735 struct fw_rsc_hdr *hdr = (void *)table + offset; 736 int avail = len - offset - sizeof(*hdr); 737 struct fw_rsc_vdev *vrsc; 738 739 /* make sure table isn't truncated */ 740 if (avail < 0) { 741 dev_err(dev, "rsc table is truncated\n"); 742 return -EINVAL; 743 } 744 745 dev_dbg(dev, "%s: rsc type %d\n", __func__, hdr->type); 746 747 if (hdr->type != RSC_VDEV) 748 continue; 749 750 vrsc = (struct fw_rsc_vdev *)hdr->data; 751 752 ret = rproc_handle_vdev(rproc, vrsc, avail); 753 if (ret) 754 break; 755 } 756 757 return ret; 758 } 759 760 /** 761 * rproc_resource_cleanup() - clean up and free all acquired resources 762 * @rproc: rproc handle 763 * 764 * This function will free all resources acquired for @rproc, and it 765 * is called whenever @rproc either shuts down or fails to boot. 766 */ 767 static void rproc_resource_cleanup(struct rproc *rproc) 768 { 769 struct rproc_mem_entry *entry, *tmp; 770 struct device *dev = &rproc->dev; 771 772 /* clean up debugfs trace entries */ 773 list_for_each_entry_safe(entry, tmp, &rproc->traces, node) { 774 rproc_remove_trace_file(entry->priv); 775 rproc->num_traces--; 776 list_del(&entry->node); 777 kfree(entry); 778 } 779 780 /* clean up carveout allocations */ 781 list_for_each_entry_safe(entry, tmp, &rproc->carveouts, node) { 782 dma_free_coherent(dev->parent, entry->len, entry->va, entry->dma); 783 list_del(&entry->node); 784 kfree(entry); 785 } 786 787 /* clean up iommu mapping entries */ 788 list_for_each_entry_safe(entry, tmp, &rproc->mappings, node) { 789 size_t unmapped; 790 791 unmapped = iommu_unmap(rproc->domain, entry->da, entry->len); 792 if (unmapped != entry->len) { 793 /* nothing much to do besides complaining */ 794 dev_err(dev, "failed to unmap %u/%zu\n", entry->len, 795 unmapped); 796 } 797 798 list_del(&entry->node); 799 kfree(entry); 800 } 801 } 802 803 /* 804 * take a firmware and boot a remote processor with it. 805 */ 806 static int rproc_fw_boot(struct rproc *rproc, const struct firmware *fw) 807 { 808 struct device *dev = &rproc->dev; 809 const char *name = rproc->firmware; 810 struct resource_table *table; 811 int ret, tablesz; 812 813 ret = rproc_fw_sanity_check(rproc, fw); 814 if (ret) 815 return ret; 816 817 dev_info(dev, "Booting fw image %s, size %zd\n", name, fw->size); 818 819 /* 820 * if enabling an IOMMU isn't relevant for this rproc, this is 821 * just a nop 822 */ 823 ret = rproc_enable_iommu(rproc); 824 if (ret) { 825 dev_err(dev, "can't enable iommu: %d\n", ret); 826 return ret; 827 } 828 829 rproc->bootaddr = rproc_get_boot_addr(rproc, fw); 830 831 /* look for the resource table */ 832 table = rproc_find_rsc_table(rproc, fw, &tablesz); 833 if (!table) { 834 ret = -EINVAL; 835 goto clean_up; 836 } 837 838 /* handle fw resources which are required to boot rproc */ 839 ret = rproc_handle_boot_rsc(rproc, table, tablesz); 840 if (ret) { 841 dev_err(dev, "Failed to process resources: %d\n", ret); 842 goto clean_up; 843 } 844 845 /* load the ELF segments to memory */ 846 ret = rproc_load_segments(rproc, fw); 847 if (ret) { 848 dev_err(dev, "Failed to load program segments: %d\n", ret); 849 goto clean_up; 850 } 851 852 /* power up the remote processor */ 853 ret = rproc->ops->start(rproc); 854 if (ret) { 855 dev_err(dev, "can't start rproc %s: %d\n", rproc->name, ret); 856 goto clean_up; 857 } 858 859 rproc->state = RPROC_RUNNING; 860 861 dev_info(dev, "remote processor %s is now up\n", rproc->name); 862 863 return 0; 864 865 clean_up: 866 rproc_resource_cleanup(rproc); 867 rproc_disable_iommu(rproc); 868 return ret; 869 } 870 871 /* 872 * take a firmware and look for virtio devices to register. 873 * 874 * Note: this function is called asynchronously upon registration of the 875 * remote processor (so we must wait until it completes before we try 876 * to unregister the device. one other option is just to use kref here, 877 * that might be cleaner). 878 */ 879 static void rproc_fw_config_virtio(const struct firmware *fw, void *context) 880 { 881 struct rproc *rproc = context; 882 struct resource_table *table; 883 int ret, tablesz; 884 885 if (rproc_fw_sanity_check(rproc, fw) < 0) 886 goto out; 887 888 /* look for the resource table */ 889 table = rproc_find_rsc_table(rproc, fw, &tablesz); 890 if (!table) 891 goto out; 892 893 /* look for virtio devices and register them */ 894 ret = rproc_handle_virtio_rsc(rproc, table, tablesz); 895 if (ret) 896 goto out; 897 898 out: 899 release_firmware(fw); 900 /* allow rproc_del() contexts, if any, to proceed */ 901 complete_all(&rproc->firmware_loading_complete); 902 } 903 904 static int rproc_add_virtio_devices(struct rproc *rproc) 905 { 906 int ret; 907 908 /* rproc_del() calls must wait until async loader completes */ 909 init_completion(&rproc->firmware_loading_complete); 910 911 /* 912 * We must retrieve early virtio configuration info from 913 * the firmware (e.g. whether to register a virtio device, 914 * what virtio features does it support, ...). 915 * 916 * We're initiating an asynchronous firmware loading, so we can 917 * be built-in kernel code, without hanging the boot process. 918 */ 919 ret = request_firmware_nowait(THIS_MODULE, FW_ACTION_HOTPLUG, 920 rproc->firmware, &rproc->dev, GFP_KERNEL, 921 rproc, rproc_fw_config_virtio); 922 if (ret < 0) { 923 dev_err(&rproc->dev, "request_firmware_nowait err: %d\n", ret); 924 complete_all(&rproc->firmware_loading_complete); 925 } 926 927 return ret; 928 } 929 930 /** 931 * rproc_trigger_recovery() - recover a remoteproc 932 * @rproc: the remote processor 933 * 934 * The recovery is done by reseting all the virtio devices, that way all the 935 * rpmsg drivers will be reseted along with the remote processor making the 936 * remoteproc functional again. 937 * 938 * This function can sleep, so it cannot be called from atomic context. 939 */ 940 int rproc_trigger_recovery(struct rproc *rproc) 941 { 942 struct rproc_vdev *rvdev, *rvtmp; 943 944 dev_err(&rproc->dev, "recovering %s\n", rproc->name); 945 946 init_completion(&rproc->crash_comp); 947 948 /* clean up remote vdev entries */ 949 list_for_each_entry_safe(rvdev, rvtmp, &rproc->rvdevs, node) 950 rproc_remove_virtio_dev(rvdev); 951 952 /* wait until there is no more rproc users */ 953 wait_for_completion(&rproc->crash_comp); 954 955 return rproc_add_virtio_devices(rproc); 956 } 957 958 /** 959 * rproc_crash_handler_work() - handle a crash 960 * 961 * This function needs to handle everything related to a crash, like cpu 962 * registers and stack dump, information to help to debug the fatal error, etc. 963 */ 964 static void rproc_crash_handler_work(struct work_struct *work) 965 { 966 struct rproc *rproc = container_of(work, struct rproc, crash_handler); 967 struct device *dev = &rproc->dev; 968 969 dev_dbg(dev, "enter %s\n", __func__); 970 971 mutex_lock(&rproc->lock); 972 973 if (rproc->state == RPROC_CRASHED || rproc->state == RPROC_OFFLINE) { 974 /* handle only the first crash detected */ 975 mutex_unlock(&rproc->lock); 976 return; 977 } 978 979 rproc->state = RPROC_CRASHED; 980 dev_err(dev, "handling crash #%u in %s\n", ++rproc->crash_cnt, 981 rproc->name); 982 983 mutex_unlock(&rproc->lock); 984 985 if (!rproc->recovery_disabled) 986 rproc_trigger_recovery(rproc); 987 } 988 989 /** 990 * rproc_boot() - boot a remote processor 991 * @rproc: handle of a remote processor 992 * 993 * Boot a remote processor (i.e. load its firmware, power it on, ...). 994 * 995 * If the remote processor is already powered on, this function immediately 996 * returns (successfully). 997 * 998 * Returns 0 on success, and an appropriate error value otherwise. 999 */ 1000 int rproc_boot(struct rproc *rproc) 1001 { 1002 const struct firmware *firmware_p; 1003 struct device *dev; 1004 int ret; 1005 1006 if (!rproc) { 1007 pr_err("invalid rproc handle\n"); 1008 return -EINVAL; 1009 } 1010 1011 dev = &rproc->dev; 1012 1013 ret = mutex_lock_interruptible(&rproc->lock); 1014 if (ret) { 1015 dev_err(dev, "can't lock rproc %s: %d\n", rproc->name, ret); 1016 return ret; 1017 } 1018 1019 /* loading a firmware is required */ 1020 if (!rproc->firmware) { 1021 dev_err(dev, "%s: no firmware to load\n", __func__); 1022 ret = -EINVAL; 1023 goto unlock_mutex; 1024 } 1025 1026 /* prevent underlying implementation from being removed */ 1027 if (!try_module_get(dev->parent->driver->owner)) { 1028 dev_err(dev, "%s: can't get owner\n", __func__); 1029 ret = -EINVAL; 1030 goto unlock_mutex; 1031 } 1032 1033 /* skip the boot process if rproc is already powered up */ 1034 if (atomic_inc_return(&rproc->power) > 1) { 1035 ret = 0; 1036 goto unlock_mutex; 1037 } 1038 1039 dev_info(dev, "powering up %s\n", rproc->name); 1040 1041 /* load firmware */ 1042 ret = request_firmware(&firmware_p, rproc->firmware, dev); 1043 if (ret < 0) { 1044 dev_err(dev, "request_firmware failed: %d\n", ret); 1045 goto downref_rproc; 1046 } 1047 1048 ret = rproc_fw_boot(rproc, firmware_p); 1049 1050 release_firmware(firmware_p); 1051 1052 downref_rproc: 1053 if (ret) { 1054 module_put(dev->parent->driver->owner); 1055 atomic_dec(&rproc->power); 1056 } 1057 unlock_mutex: 1058 mutex_unlock(&rproc->lock); 1059 return ret; 1060 } 1061 EXPORT_SYMBOL(rproc_boot); 1062 1063 /** 1064 * rproc_shutdown() - power off the remote processor 1065 * @rproc: the remote processor 1066 * 1067 * Power off a remote processor (previously booted with rproc_boot()). 1068 * 1069 * In case @rproc is still being used by an additional user(s), then 1070 * this function will just decrement the power refcount and exit, 1071 * without really powering off the device. 1072 * 1073 * Every call to rproc_boot() must (eventually) be accompanied by a call 1074 * to rproc_shutdown(). Calling rproc_shutdown() redundantly is a bug. 1075 * 1076 * Notes: 1077 * - we're not decrementing the rproc's refcount, only the power refcount. 1078 * which means that the @rproc handle stays valid even after rproc_shutdown() 1079 * returns, and users can still use it with a subsequent rproc_boot(), if 1080 * needed. 1081 */ 1082 void rproc_shutdown(struct rproc *rproc) 1083 { 1084 struct device *dev = &rproc->dev; 1085 int ret; 1086 1087 ret = mutex_lock_interruptible(&rproc->lock); 1088 if (ret) { 1089 dev_err(dev, "can't lock rproc %s: %d\n", rproc->name, ret); 1090 return; 1091 } 1092 1093 /* if the remote proc is still needed, bail out */ 1094 if (!atomic_dec_and_test(&rproc->power)) 1095 goto out; 1096 1097 /* power off the remote processor */ 1098 ret = rproc->ops->stop(rproc); 1099 if (ret) { 1100 atomic_inc(&rproc->power); 1101 dev_err(dev, "can't stop rproc: %d\n", ret); 1102 goto out; 1103 } 1104 1105 /* clean up all acquired resources */ 1106 rproc_resource_cleanup(rproc); 1107 1108 rproc_disable_iommu(rproc); 1109 1110 /* if in crash state, unlock crash handler */ 1111 if (rproc->state == RPROC_CRASHED) 1112 complete_all(&rproc->crash_comp); 1113 1114 rproc->state = RPROC_OFFLINE; 1115 1116 dev_info(dev, "stopped remote processor %s\n", rproc->name); 1117 1118 out: 1119 mutex_unlock(&rproc->lock); 1120 if (!ret) 1121 module_put(dev->parent->driver->owner); 1122 } 1123 EXPORT_SYMBOL(rproc_shutdown); 1124 1125 /** 1126 * rproc_add() - register a remote processor 1127 * @rproc: the remote processor handle to register 1128 * 1129 * Registers @rproc with the remoteproc framework, after it has been 1130 * allocated with rproc_alloc(). 1131 * 1132 * This is called by the platform-specific rproc implementation, whenever 1133 * a new remote processor device is probed. 1134 * 1135 * Returns 0 on success and an appropriate error code otherwise. 1136 * 1137 * Note: this function initiates an asynchronous firmware loading 1138 * context, which will look for virtio devices supported by the rproc's 1139 * firmware. 1140 * 1141 * If found, those virtio devices will be created and added, so as a result 1142 * of registering this remote processor, additional virtio drivers might be 1143 * probed. 1144 */ 1145 int rproc_add(struct rproc *rproc) 1146 { 1147 struct device *dev = &rproc->dev; 1148 int ret; 1149 1150 ret = device_add(dev); 1151 if (ret < 0) 1152 return ret; 1153 1154 dev_info(dev, "%s is available\n", rproc->name); 1155 1156 dev_info(dev, "Note: remoteproc is still under development and considered experimental.\n"); 1157 dev_info(dev, "THE BINARY FORMAT IS NOT YET FINALIZED, and backward compatibility isn't yet guaranteed.\n"); 1158 1159 /* create debugfs entries */ 1160 rproc_create_debug_dir(rproc); 1161 1162 return rproc_add_virtio_devices(rproc); 1163 } 1164 EXPORT_SYMBOL(rproc_add); 1165 1166 /** 1167 * rproc_type_release() - release a remote processor instance 1168 * @dev: the rproc's device 1169 * 1170 * This function should _never_ be called directly. 1171 * 1172 * It will be called by the driver core when no one holds a valid pointer 1173 * to @dev anymore. 1174 */ 1175 static void rproc_type_release(struct device *dev) 1176 { 1177 struct rproc *rproc = container_of(dev, struct rproc, dev); 1178 1179 dev_info(&rproc->dev, "releasing %s\n", rproc->name); 1180 1181 rproc_delete_debug_dir(rproc); 1182 1183 idr_remove_all(&rproc->notifyids); 1184 idr_destroy(&rproc->notifyids); 1185 1186 if (rproc->index >= 0) 1187 ida_simple_remove(&rproc_dev_index, rproc->index); 1188 1189 kfree(rproc); 1190 } 1191 1192 static struct device_type rproc_type = { 1193 .name = "remoteproc", 1194 .release = rproc_type_release, 1195 }; 1196 1197 /** 1198 * rproc_alloc() - allocate a remote processor handle 1199 * @dev: the underlying device 1200 * @name: name of this remote processor 1201 * @ops: platform-specific handlers (mainly start/stop) 1202 * @firmware: name of firmware file to load 1203 * @len: length of private data needed by the rproc driver (in bytes) 1204 * 1205 * Allocates a new remote processor handle, but does not register 1206 * it yet. 1207 * 1208 * This function should be used by rproc implementations during initialization 1209 * of the remote processor. 1210 * 1211 * After creating an rproc handle using this function, and when ready, 1212 * implementations should then call rproc_add() to complete 1213 * the registration of the remote processor. 1214 * 1215 * On success the new rproc is returned, and on failure, NULL. 1216 * 1217 * Note: _never_ directly deallocate @rproc, even if it was not registered 1218 * yet. Instead, when you need to unroll rproc_alloc(), use rproc_put(). 1219 */ 1220 struct rproc *rproc_alloc(struct device *dev, const char *name, 1221 const struct rproc_ops *ops, 1222 const char *firmware, int len) 1223 { 1224 struct rproc *rproc; 1225 1226 if (!dev || !name || !ops) 1227 return NULL; 1228 1229 rproc = kzalloc(sizeof(struct rproc) + len, GFP_KERNEL); 1230 if (!rproc) { 1231 dev_err(dev, "%s: kzalloc failed\n", __func__); 1232 return NULL; 1233 } 1234 1235 rproc->name = name; 1236 rproc->ops = ops; 1237 rproc->firmware = firmware; 1238 rproc->priv = &rproc[1]; 1239 1240 device_initialize(&rproc->dev); 1241 rproc->dev.parent = dev; 1242 rproc->dev.type = &rproc_type; 1243 1244 /* Assign a unique device index and name */ 1245 rproc->index = ida_simple_get(&rproc_dev_index, 0, 0, GFP_KERNEL); 1246 if (rproc->index < 0) { 1247 dev_err(dev, "ida_simple_get failed: %d\n", rproc->index); 1248 put_device(&rproc->dev); 1249 return NULL; 1250 } 1251 1252 dev_set_name(&rproc->dev, "remoteproc%d", rproc->index); 1253 1254 atomic_set(&rproc->power, 0); 1255 1256 /* Set ELF as the default fw_ops handler */ 1257 rproc->fw_ops = &rproc_elf_fw_ops; 1258 1259 mutex_init(&rproc->lock); 1260 1261 idr_init(&rproc->notifyids); 1262 1263 INIT_LIST_HEAD(&rproc->carveouts); 1264 INIT_LIST_HEAD(&rproc->mappings); 1265 INIT_LIST_HEAD(&rproc->traces); 1266 INIT_LIST_HEAD(&rproc->rvdevs); 1267 1268 INIT_WORK(&rproc->crash_handler, rproc_crash_handler_work); 1269 init_completion(&rproc->crash_comp); 1270 1271 rproc->state = RPROC_OFFLINE; 1272 1273 return rproc; 1274 } 1275 EXPORT_SYMBOL(rproc_alloc); 1276 1277 /** 1278 * rproc_put() - unroll rproc_alloc() 1279 * @rproc: the remote processor handle 1280 * 1281 * This function decrements the rproc dev refcount. 1282 * 1283 * If no one holds any reference to rproc anymore, then its refcount would 1284 * now drop to zero, and it would be freed. 1285 */ 1286 void rproc_put(struct rproc *rproc) 1287 { 1288 put_device(&rproc->dev); 1289 } 1290 EXPORT_SYMBOL(rproc_put); 1291 1292 /** 1293 * rproc_del() - unregister a remote processor 1294 * @rproc: rproc handle to unregister 1295 * 1296 * This function should be called when the platform specific rproc 1297 * implementation decides to remove the rproc device. it should 1298 * _only_ be called if a previous invocation of rproc_add() 1299 * has completed successfully. 1300 * 1301 * After rproc_del() returns, @rproc isn't freed yet, because 1302 * of the outstanding reference created by rproc_alloc. To decrement that 1303 * one last refcount, one still needs to call rproc_put(). 1304 * 1305 * Returns 0 on success and -EINVAL if @rproc isn't valid. 1306 */ 1307 int rproc_del(struct rproc *rproc) 1308 { 1309 struct rproc_vdev *rvdev, *tmp; 1310 1311 if (!rproc) 1312 return -EINVAL; 1313 1314 /* if rproc is just being registered, wait */ 1315 wait_for_completion(&rproc->firmware_loading_complete); 1316 1317 /* clean up remote vdev entries */ 1318 list_for_each_entry_safe(rvdev, tmp, &rproc->rvdevs, node) 1319 rproc_remove_virtio_dev(rvdev); 1320 1321 device_del(&rproc->dev); 1322 1323 return 0; 1324 } 1325 EXPORT_SYMBOL(rproc_del); 1326 1327 /** 1328 * rproc_report_crash() - rproc crash reporter function 1329 * @rproc: remote processor 1330 * @type: crash type 1331 * 1332 * This function must be called every time a crash is detected by the low-level 1333 * drivers implementing a specific remoteproc. This should not be called from a 1334 * non-remoteproc driver. 1335 * 1336 * This function can be called from atomic/interrupt context. 1337 */ 1338 void rproc_report_crash(struct rproc *rproc, enum rproc_crash_type type) 1339 { 1340 if (!rproc) { 1341 pr_err("NULL rproc pointer\n"); 1342 return; 1343 } 1344 1345 dev_err(&rproc->dev, "crash detected in %s: type %s\n", 1346 rproc->name, rproc_crash_to_string(type)); 1347 1348 /* create a new task to handle the error */ 1349 schedule_work(&rproc->crash_handler); 1350 } 1351 EXPORT_SYMBOL(rproc_report_crash); 1352 1353 static int __init remoteproc_init(void) 1354 { 1355 rproc_init_debugfs(); 1356 1357 return 0; 1358 } 1359 module_init(remoteproc_init); 1360 1361 static void __exit remoteproc_exit(void) 1362 { 1363 rproc_exit_debugfs(); 1364 } 1365 module_exit(remoteproc_exit); 1366 1367 MODULE_LICENSE("GPL v2"); 1368 MODULE_DESCRIPTION("Generic Remote Processor Framework"); 1369