1 /*
2  * Copyright (c) 2016-2017, Linaro Ltd
3  *
4  * This program is free software; you can redistribute it and/or modify
5  * it under the terms of the GNU General Public License version 2 and
6  * only version 2 as published by the Free Software Foundation.
7  *
8  * This program is distributed in the hope that it will be useful,
9  * but WITHOUT ANY WARRANTY; without even the implied warranty of
10  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
11  * GNU General Public License for more details.
12  */
13 
14 #include <linux/idr.h>
15 #include <linux/interrupt.h>
16 #include <linux/io.h>
17 #include <linux/list.h>
18 #include <linux/mfd/syscon.h>
19 #include <linux/module.h>
20 #include <linux/of.h>
21 #include <linux/of_address.h>
22 #include <linux/of_irq.h>
23 #include <linux/platform_device.h>
24 #include <linux/regmap.h>
25 #include <linux/rpmsg.h>
26 #include <linux/sizes.h>
27 #include <linux/slab.h>
28 #include <linux/workqueue.h>
29 #include <linux/mailbox_client.h>
30 
31 #include "rpmsg_internal.h"
32 #include "qcom_glink_native.h"
33 
34 #define GLINK_NAME_SIZE		32
35 #define GLINK_VERSION_1		1
36 
37 #define RPM_GLINK_CID_MIN	1
38 #define RPM_GLINK_CID_MAX	65536
39 
40 struct glink_msg {
41 	__le16 cmd;
42 	__le16 param1;
43 	__le32 param2;
44 	u8 data[];
45 } __packed;
46 
47 /**
48  * struct glink_defer_cmd - deferred incoming control message
49  * @node:	list node
50  * @msg:	message header
51  * data:	payload of the message
52  *
53  * Copy of a received control message, to be added to @rx_queue and processed
54  * by @rx_work of @qcom_glink.
55  */
56 struct glink_defer_cmd {
57 	struct list_head node;
58 
59 	struct glink_msg msg;
60 	u8 data[];
61 };
62 
63 /**
64  * struct glink_core_rx_intent - RX intent
65  * RX intent
66  *
67  * data: pointer to the data (may be NULL for zero-copy)
68  * id: remote or local intent ID
69  * size: size of the original intent (do not modify)
70  * reuse: To mark if the intent can be reused after first use
71  * in_use: To mark if intent is already in use for the channel
72  * offset: next write offset (initially 0)
73  */
74 struct glink_core_rx_intent {
75 	void *data;
76 	u32 id;
77 	size_t size;
78 	bool reuse;
79 	bool in_use;
80 	u32 offset;
81 
82 	struct list_head node;
83 };
84 
85 /**
86  * struct qcom_glink - driver context, relates to one remote subsystem
87  * @dev:	reference to the associated struct device
88  * @mbox_client: mailbox client
89  * @mbox_chan:  mailbox channel
90  * @rx_pipe:	pipe object for receive FIFO
91  * @tx_pipe:	pipe object for transmit FIFO
92  * @irq:	IRQ for signaling incoming events
93  * @rx_work:	worker for handling received control messages
94  * @rx_lock:	protects the @rx_queue
95  * @rx_queue:	queue of received control messages to be processed in @rx_work
96  * @tx_lock:	synchronizes operations on the tx fifo
97  * @idr_lock:	synchronizes @lcids and @rcids modifications
98  * @lcids:	idr of all channels with a known local channel id
99  * @rcids:	idr of all channels with a known remote channel id
100  */
101 struct qcom_glink {
102 	struct device *dev;
103 
104 	struct mbox_client mbox_client;
105 	struct mbox_chan *mbox_chan;
106 
107 	struct qcom_glink_pipe *rx_pipe;
108 	struct qcom_glink_pipe *tx_pipe;
109 
110 	int irq;
111 
112 	struct work_struct rx_work;
113 	spinlock_t rx_lock;
114 	struct list_head rx_queue;
115 
116 	struct mutex tx_lock;
117 
118 	spinlock_t idr_lock;
119 	struct idr lcids;
120 	struct idr rcids;
121 	unsigned long features;
122 
123 	bool intentless;
124 };
125 
126 enum {
127 	GLINK_STATE_CLOSED,
128 	GLINK_STATE_OPENING,
129 	GLINK_STATE_OPEN,
130 	GLINK_STATE_CLOSING,
131 };
132 
133 /**
134  * struct glink_channel - internal representation of a channel
135  * @rpdev:	rpdev reference, only used for primary endpoints
136  * @ept:	rpmsg endpoint this channel is associated with
137  * @glink:	qcom_glink context handle
138  * @refcount:	refcount for the channel object
139  * @recv_lock:	guard for @ept.cb
140  * @name:	unique channel name/identifier
141  * @lcid:	channel id, in local space
142  * @rcid:	channel id, in remote space
143  * @intent_lock: lock for protection of @liids, @riids
144  * @liids:	idr of all local intents
145  * @riids:	idr of all remote intents
146  * @intent_work: worker responsible for transmitting rx_done packets
147  * @done_intents: list of intents that needs to be announced rx_done
148  * @buf:	receive buffer, for gathering fragments
149  * @buf_offset:	write offset in @buf
150  * @buf_size:	size of current @buf
151  * @open_ack:	completed once remote has acked the open-request
152  * @open_req:	completed once open-request has been received
153  * @intent_req_lock: Synchronises multiple intent requests
154  * @intent_req_result: Result of intent request
155  * @intent_req_comp: Completion for intent_req signalling
156  */
157 struct glink_channel {
158 	struct rpmsg_endpoint ept;
159 
160 	struct rpmsg_device *rpdev;
161 	struct qcom_glink *glink;
162 
163 	struct kref refcount;
164 
165 	spinlock_t recv_lock;
166 
167 	char *name;
168 	unsigned int lcid;
169 	unsigned int rcid;
170 
171 	spinlock_t intent_lock;
172 	struct idr liids;
173 	struct idr riids;
174 	struct work_struct intent_work;
175 	struct list_head done_intents;
176 
177 	struct glink_core_rx_intent *buf;
178 	int buf_offset;
179 	int buf_size;
180 
181 	struct completion open_ack;
182 	struct completion open_req;
183 
184 	struct mutex intent_req_lock;
185 	bool intent_req_result;
186 	struct completion intent_req_comp;
187 };
188 
189 #define to_glink_channel(_ept) container_of(_ept, struct glink_channel, ept)
190 
191 static const struct rpmsg_endpoint_ops glink_endpoint_ops;
192 
193 #define RPM_CMD_VERSION			0
194 #define RPM_CMD_VERSION_ACK		1
195 #define RPM_CMD_OPEN			2
196 #define RPM_CMD_CLOSE			3
197 #define RPM_CMD_OPEN_ACK		4
198 #define RPM_CMD_INTENT			5
199 #define RPM_CMD_RX_DONE			6
200 #define RPM_CMD_RX_INTENT_REQ		7
201 #define RPM_CMD_RX_INTENT_REQ_ACK	8
202 #define RPM_CMD_TX_DATA			9
203 #define RPM_CMD_CLOSE_ACK		11
204 #define RPM_CMD_TX_DATA_CONT		12
205 #define RPM_CMD_READ_NOTIF		13
206 #define RPM_CMD_RX_DONE_W_REUSE		14
207 
208 #define GLINK_FEATURE_INTENTLESS	BIT(1)
209 
210 static void qcom_glink_rx_done_work(struct work_struct *work);
211 
212 static struct glink_channel *qcom_glink_alloc_channel(struct qcom_glink *glink,
213 						      const char *name)
214 {
215 	struct glink_channel *channel;
216 
217 	channel = kzalloc(sizeof(*channel), GFP_KERNEL);
218 	if (!channel)
219 		return ERR_PTR(-ENOMEM);
220 
221 	/* Setup glink internal glink_channel data */
222 	spin_lock_init(&channel->recv_lock);
223 	spin_lock_init(&channel->intent_lock);
224 
225 	channel->glink = glink;
226 	channel->name = kstrdup(name, GFP_KERNEL);
227 
228 	init_completion(&channel->open_req);
229 	init_completion(&channel->open_ack);
230 
231 	INIT_LIST_HEAD(&channel->done_intents);
232 	INIT_WORK(&channel->intent_work, qcom_glink_rx_done_work);
233 
234 	idr_init(&channel->liids);
235 	idr_init(&channel->riids);
236 	kref_init(&channel->refcount);
237 
238 	return channel;
239 }
240 
241 static void qcom_glink_channel_release(struct kref *ref)
242 {
243 	struct glink_channel *channel = container_of(ref, struct glink_channel,
244 						     refcount);
245 	unsigned long flags;
246 
247 	spin_lock_irqsave(&channel->intent_lock, flags);
248 	idr_destroy(&channel->liids);
249 	idr_destroy(&channel->riids);
250 	spin_unlock_irqrestore(&channel->intent_lock, flags);
251 
252 	kfree(channel->name);
253 	kfree(channel);
254 }
255 
256 static size_t qcom_glink_rx_avail(struct qcom_glink *glink)
257 {
258 	return glink->rx_pipe->avail(glink->rx_pipe);
259 }
260 
261 static void qcom_glink_rx_peak(struct qcom_glink *glink,
262 			       void *data, unsigned int offset, size_t count)
263 {
264 	glink->rx_pipe->peak(glink->rx_pipe, data, offset, count);
265 }
266 
267 static void qcom_glink_rx_advance(struct qcom_glink *glink, size_t count)
268 {
269 	glink->rx_pipe->advance(glink->rx_pipe, count);
270 }
271 
272 static size_t qcom_glink_tx_avail(struct qcom_glink *glink)
273 {
274 	return glink->tx_pipe->avail(glink->tx_pipe);
275 }
276 
277 static void qcom_glink_tx_write(struct qcom_glink *glink,
278 				const void *hdr, size_t hlen,
279 				const void *data, size_t dlen)
280 {
281 	glink->tx_pipe->write(glink->tx_pipe, hdr, hlen, data, dlen);
282 }
283 
284 static int qcom_glink_tx(struct qcom_glink *glink,
285 			 const void *hdr, size_t hlen,
286 			 const void *data, size_t dlen, bool wait)
287 {
288 	unsigned int tlen = hlen + dlen;
289 	int ret;
290 
291 	/* Reject packets that are too big */
292 	if (tlen >= glink->tx_pipe->length)
293 		return -EINVAL;
294 
295 	ret = mutex_lock_interruptible(&glink->tx_lock);
296 	if (ret)
297 		return ret;
298 
299 	while (qcom_glink_tx_avail(glink) < tlen) {
300 		if (!wait) {
301 			ret = -EAGAIN;
302 			goto out;
303 		}
304 
305 		usleep_range(10000, 15000);
306 	}
307 
308 	qcom_glink_tx_write(glink, hdr, hlen, data, dlen);
309 
310 	mbox_send_message(glink->mbox_chan, NULL);
311 	mbox_client_txdone(glink->mbox_chan, 0);
312 
313 out:
314 	mutex_unlock(&glink->tx_lock);
315 
316 	return ret;
317 }
318 
319 static int qcom_glink_send_version(struct qcom_glink *glink)
320 {
321 	struct glink_msg msg;
322 
323 	msg.cmd = cpu_to_le16(RPM_CMD_VERSION);
324 	msg.param1 = cpu_to_le16(GLINK_VERSION_1);
325 	msg.param2 = cpu_to_le32(glink->features);
326 
327 	return qcom_glink_tx(glink, &msg, sizeof(msg), NULL, 0, true);
328 }
329 
330 static void qcom_glink_send_version_ack(struct qcom_glink *glink)
331 {
332 	struct glink_msg msg;
333 
334 	msg.cmd = cpu_to_le16(RPM_CMD_VERSION_ACK);
335 	msg.param1 = cpu_to_le16(GLINK_VERSION_1);
336 	msg.param2 = cpu_to_le32(glink->features);
337 
338 	qcom_glink_tx(glink, &msg, sizeof(msg), NULL, 0, true);
339 }
340 
341 static void qcom_glink_send_open_ack(struct qcom_glink *glink,
342 				     struct glink_channel *channel)
343 {
344 	struct glink_msg msg;
345 
346 	msg.cmd = cpu_to_le16(RPM_CMD_OPEN_ACK);
347 	msg.param1 = cpu_to_le16(channel->rcid);
348 	msg.param2 = cpu_to_le32(0);
349 
350 	qcom_glink_tx(glink, &msg, sizeof(msg), NULL, 0, true);
351 }
352 
353 static void qcom_glink_handle_intent_req_ack(struct qcom_glink *glink,
354 					     unsigned int cid, bool granted)
355 {
356 	struct glink_channel *channel;
357 	unsigned long flags;
358 
359 	spin_lock_irqsave(&glink->idr_lock, flags);
360 	channel = idr_find(&glink->rcids, cid);
361 	spin_unlock_irqrestore(&glink->idr_lock, flags);
362 	if (!channel) {
363 		dev_err(glink->dev, "unable to find channel\n");
364 		return;
365 	}
366 
367 	channel->intent_req_result = granted;
368 	complete(&channel->intent_req_comp);
369 }
370 
371 /**
372  * qcom_glink_send_open_req() - send a RPM_CMD_OPEN request to the remote
373  * @glink: Ptr to the glink edge
374  * @channel: Ptr to the channel that the open req is sent
375  *
376  * Allocates a local channel id and sends a RPM_CMD_OPEN message to the remote.
377  * Will return with refcount held, regardless of outcome.
378  *
379  * Returns 0 on success, negative errno otherwise.
380  */
381 static int qcom_glink_send_open_req(struct qcom_glink *glink,
382 				    struct glink_channel *channel)
383 {
384 	struct {
385 		struct glink_msg msg;
386 		u8 name[GLINK_NAME_SIZE];
387 	} __packed req;
388 	int name_len = strlen(channel->name) + 1;
389 	int req_len = ALIGN(sizeof(req.msg) + name_len, 8);
390 	int ret;
391 	unsigned long flags;
392 
393 	kref_get(&channel->refcount);
394 
395 	spin_lock_irqsave(&glink->idr_lock, flags);
396 	ret = idr_alloc_cyclic(&glink->lcids, channel,
397 			       RPM_GLINK_CID_MIN, RPM_GLINK_CID_MAX,
398 			       GFP_ATOMIC);
399 	spin_unlock_irqrestore(&glink->idr_lock, flags);
400 	if (ret < 0)
401 		return ret;
402 
403 	channel->lcid = ret;
404 
405 	req.msg.cmd = cpu_to_le16(RPM_CMD_OPEN);
406 	req.msg.param1 = cpu_to_le16(channel->lcid);
407 	req.msg.param2 = cpu_to_le32(name_len);
408 	strcpy(req.name, channel->name);
409 
410 	ret = qcom_glink_tx(glink, &req, req_len, NULL, 0, true);
411 	if (ret)
412 		goto remove_idr;
413 
414 	return 0;
415 
416 remove_idr:
417 	spin_lock_irqsave(&glink->idr_lock, flags);
418 	idr_remove(&glink->lcids, channel->lcid);
419 	channel->lcid = 0;
420 	spin_unlock_irqrestore(&glink->idr_lock, flags);
421 
422 	return ret;
423 }
424 
425 static void qcom_glink_send_close_req(struct qcom_glink *glink,
426 				      struct glink_channel *channel)
427 {
428 	struct glink_msg req;
429 
430 	req.cmd = cpu_to_le16(RPM_CMD_CLOSE);
431 	req.param1 = cpu_to_le16(channel->lcid);
432 	req.param2 = 0;
433 
434 	qcom_glink_tx(glink, &req, sizeof(req), NULL, 0, true);
435 }
436 
437 static void qcom_glink_send_close_ack(struct qcom_glink *glink,
438 				      unsigned int rcid)
439 {
440 	struct glink_msg req;
441 
442 	req.cmd = cpu_to_le16(RPM_CMD_CLOSE_ACK);
443 	req.param1 = cpu_to_le16(rcid);
444 	req.param2 = 0;
445 
446 	qcom_glink_tx(glink, &req, sizeof(req), NULL, 0, true);
447 }
448 
449 static void qcom_glink_rx_done_work(struct work_struct *work)
450 {
451 	struct glink_channel *channel = container_of(work, struct glink_channel,
452 						     intent_work);
453 	struct qcom_glink *glink = channel->glink;
454 	struct glink_core_rx_intent *intent, *tmp;
455 	struct {
456 		u16 id;
457 		u16 lcid;
458 		u32 liid;
459 	} __packed cmd;
460 
461 	unsigned int cid = channel->lcid;
462 	unsigned int iid;
463 	bool reuse;
464 	unsigned long flags;
465 
466 	spin_lock_irqsave(&channel->intent_lock, flags);
467 	list_for_each_entry_safe(intent, tmp, &channel->done_intents, node) {
468 		list_del(&intent->node);
469 		spin_unlock_irqrestore(&channel->intent_lock, flags);
470 		iid = intent->id;
471 		reuse = intent->reuse;
472 
473 		cmd.id = reuse ? RPM_CMD_RX_DONE_W_REUSE : RPM_CMD_RX_DONE;
474 		cmd.lcid = cid;
475 		cmd.liid = iid;
476 
477 		qcom_glink_tx(glink, &cmd, sizeof(cmd), NULL, 0, true);
478 		if (!reuse) {
479 			kfree(intent->data);
480 			kfree(intent);
481 		}
482 		spin_lock_irqsave(&channel->intent_lock, flags);
483 	}
484 	spin_unlock_irqrestore(&channel->intent_lock, flags);
485 }
486 
487 static void qcom_glink_rx_done(struct qcom_glink *glink,
488 			       struct glink_channel *channel,
489 			       struct glink_core_rx_intent *intent)
490 {
491 	/* We don't send RX_DONE to intentless systems */
492 	if (glink->intentless) {
493 		kfree(intent->data);
494 		kfree(intent);
495 		return;
496 	}
497 
498 	/* Take it off the tree of receive intents */
499 	if (!intent->reuse) {
500 		spin_lock(&channel->intent_lock);
501 		idr_remove(&channel->liids, intent->id);
502 		spin_unlock(&channel->intent_lock);
503 	}
504 
505 	/* Schedule the sending of a rx_done indication */
506 	spin_lock(&channel->intent_lock);
507 	list_add_tail(&intent->node, &channel->done_intents);
508 	spin_unlock(&channel->intent_lock);
509 
510 	schedule_work(&channel->intent_work);
511 }
512 
513 /**
514  * qcom_glink_receive_version() - receive version/features from remote system
515  *
516  * @glink:	pointer to transport interface
517  * @r_version:	remote version
518  * @r_features:	remote features
519  *
520  * This function is called in response to a remote-initiated version/feature
521  * negotiation sequence.
522  */
523 static void qcom_glink_receive_version(struct qcom_glink *glink,
524 				       u32 version,
525 				       u32 features)
526 {
527 	switch (version) {
528 	case 0:
529 		break;
530 	case GLINK_VERSION_1:
531 		glink->features &= features;
532 		/* FALLTHROUGH */
533 	default:
534 		qcom_glink_send_version_ack(glink);
535 		break;
536 	}
537 }
538 
539 /**
540  * qcom_glink_receive_version_ack() - receive negotiation ack from remote system
541  *
542  * @glink:	pointer to transport interface
543  * @r_version:	remote version response
544  * @r_features:	remote features response
545  *
546  * This function is called in response to a local-initiated version/feature
547  * negotiation sequence and is the counter-offer from the remote side based
548  * upon the initial version and feature set requested.
549  */
550 static void qcom_glink_receive_version_ack(struct qcom_glink *glink,
551 					   u32 version,
552 					   u32 features)
553 {
554 	switch (version) {
555 	case 0:
556 		/* Version negotiation failed */
557 		break;
558 	case GLINK_VERSION_1:
559 		if (features == glink->features)
560 			break;
561 
562 		glink->features &= features;
563 		/* FALLTHROUGH */
564 	default:
565 		qcom_glink_send_version(glink);
566 		break;
567 	}
568 }
569 
570 /**
571  * qcom_glink_send_intent_req_ack() - convert an rx intent request ack cmd to
572 				      wire format and transmit
573  * @glink:	The transport to transmit on.
574  * @channel:	The glink channel
575  * @granted:	The request response to encode.
576  *
577  * Return: 0 on success or standard Linux error code.
578  */
579 static int qcom_glink_send_intent_req_ack(struct qcom_glink *glink,
580 					  struct glink_channel *channel,
581 					  bool granted)
582 {
583 	struct glink_msg msg;
584 
585 	msg.cmd = cpu_to_le16(RPM_CMD_RX_INTENT_REQ_ACK);
586 	msg.param1 = cpu_to_le16(channel->lcid);
587 	msg.param2 = cpu_to_le32(granted);
588 
589 	qcom_glink_tx(glink, &msg, sizeof(msg), NULL, 0, true);
590 
591 	return 0;
592 }
593 
594 /**
595  * qcom_glink_advertise_intent - convert an rx intent cmd to wire format and
596  *			   transmit
597  * @glink:	The transport to transmit on.
598  * @channel:	The local channel
599  * @size:	The intent to pass on to remote.
600  *
601  * Return: 0 on success or standard Linux error code.
602  */
603 static int qcom_glink_advertise_intent(struct qcom_glink *glink,
604 				       struct glink_channel *channel,
605 				       struct glink_core_rx_intent *intent)
606 {
607 	struct command {
608 		u16 id;
609 		u16 lcid;
610 		u32 count;
611 		u32 size;
612 		u32 liid;
613 	} __packed;
614 	struct command cmd;
615 
616 	cmd.id = cpu_to_le16(RPM_CMD_INTENT);
617 	cmd.lcid = cpu_to_le16(channel->lcid);
618 	cmd.count = cpu_to_le32(1);
619 	cmd.size = cpu_to_le32(intent->size);
620 	cmd.liid = cpu_to_le32(intent->id);
621 
622 	qcom_glink_tx(glink, &cmd, sizeof(cmd), NULL, 0, true);
623 
624 	return 0;
625 }
626 
627 static struct glink_core_rx_intent *
628 qcom_glink_alloc_intent(struct qcom_glink *glink,
629 			struct glink_channel *channel,
630 			size_t size,
631 			bool reuseable)
632 {
633 	struct glink_core_rx_intent *intent;
634 	int ret;
635 	unsigned long flags;
636 
637 	intent = kzalloc(sizeof(*intent), GFP_KERNEL);
638 	if (!intent)
639 		return NULL;
640 
641 	intent->data = kzalloc(size, GFP_KERNEL);
642 	if (!intent->data)
643 		goto free_intent;
644 
645 	spin_lock_irqsave(&channel->intent_lock, flags);
646 	ret = idr_alloc_cyclic(&channel->liids, intent, 1, -1, GFP_ATOMIC);
647 	if (ret < 0) {
648 		spin_unlock_irqrestore(&channel->intent_lock, flags);
649 		goto free_data;
650 	}
651 	spin_unlock_irqrestore(&channel->intent_lock, flags);
652 
653 	intent->id = ret;
654 	intent->size = size;
655 	intent->reuse = reuseable;
656 
657 	return intent;
658 
659 free_data:
660 	kfree(intent->data);
661 free_intent:
662 	kfree(intent);
663 	return NULL;
664 }
665 
666 static void qcom_glink_handle_rx_done(struct qcom_glink *glink,
667 				      u32 cid, uint32_t iid,
668 				      bool reuse)
669 {
670 	struct glink_core_rx_intent *intent;
671 	struct glink_channel *channel;
672 	unsigned long flags;
673 
674 	spin_lock_irqsave(&glink->idr_lock, flags);
675 	channel = idr_find(&glink->rcids, cid);
676 	spin_unlock_irqrestore(&glink->idr_lock, flags);
677 	if (!channel) {
678 		dev_err(glink->dev, "invalid channel id received\n");
679 		return;
680 	}
681 
682 	spin_lock_irqsave(&channel->intent_lock, flags);
683 	intent = idr_find(&channel->riids, iid);
684 
685 	if (!intent) {
686 		spin_unlock_irqrestore(&channel->intent_lock, flags);
687 		dev_err(glink->dev, "invalid intent id received\n");
688 		return;
689 	}
690 
691 	intent->in_use = false;
692 
693 	if (!reuse) {
694 		idr_remove(&channel->riids, intent->id);
695 		kfree(intent);
696 	}
697 	spin_unlock_irqrestore(&channel->intent_lock, flags);
698 }
699 
700 /**
701  * qcom_glink_handle_intent_req() - Receive a request for rx_intent
702  *					    from remote side
703  * if_ptr:      Pointer to the transport interface
704  * rcid:	Remote channel ID
705  * size:	size of the intent
706  *
707  * The function searches for the local channel to which the request for
708  * rx_intent has arrived and allocates and notifies the remote back
709  */
710 static void qcom_glink_handle_intent_req(struct qcom_glink *glink,
711 					 u32 cid, size_t size)
712 {
713 	struct glink_core_rx_intent *intent;
714 	struct glink_channel *channel;
715 	unsigned long flags;
716 
717 	spin_lock_irqsave(&glink->idr_lock, flags);
718 	channel = idr_find(&glink->rcids, cid);
719 	spin_unlock_irqrestore(&glink->idr_lock, flags);
720 
721 	if (!channel) {
722 		pr_err("%s channel not found for cid %d\n", __func__, cid);
723 		return;
724 	}
725 
726 	intent = qcom_glink_alloc_intent(glink, channel, size, false);
727 	if (intent)
728 		qcom_glink_advertise_intent(glink, channel, intent);
729 
730 	qcom_glink_send_intent_req_ack(glink, channel, !!intent);
731 }
732 
733 static int qcom_glink_rx_defer(struct qcom_glink *glink, size_t extra)
734 {
735 	struct glink_defer_cmd *dcmd;
736 
737 	extra = ALIGN(extra, 8);
738 
739 	if (qcom_glink_rx_avail(glink) < sizeof(struct glink_msg) + extra) {
740 		dev_dbg(glink->dev, "Insufficient data in rx fifo");
741 		return -ENXIO;
742 	}
743 
744 	dcmd = kzalloc(sizeof(*dcmd) + extra, GFP_ATOMIC);
745 	if (!dcmd)
746 		return -ENOMEM;
747 
748 	INIT_LIST_HEAD(&dcmd->node);
749 
750 	qcom_glink_rx_peak(glink, &dcmd->msg, 0, sizeof(dcmd->msg) + extra);
751 
752 	spin_lock(&glink->rx_lock);
753 	list_add_tail(&dcmd->node, &glink->rx_queue);
754 	spin_unlock(&glink->rx_lock);
755 
756 	schedule_work(&glink->rx_work);
757 	qcom_glink_rx_advance(glink, sizeof(dcmd->msg) + extra);
758 
759 	return 0;
760 }
761 
762 static int qcom_glink_rx_data(struct qcom_glink *glink, size_t avail)
763 {
764 	struct glink_core_rx_intent *intent;
765 	struct glink_channel *channel;
766 	struct {
767 		struct glink_msg msg;
768 		__le32 chunk_size;
769 		__le32 left_size;
770 	} __packed hdr;
771 	unsigned int chunk_size;
772 	unsigned int left_size;
773 	unsigned int rcid;
774 	unsigned int liid;
775 	int ret = 0;
776 	unsigned long flags;
777 
778 	if (avail < sizeof(hdr)) {
779 		dev_dbg(glink->dev, "Not enough data in fifo\n");
780 		return -EAGAIN;
781 	}
782 
783 	qcom_glink_rx_peak(glink, &hdr, 0, sizeof(hdr));
784 	chunk_size = le32_to_cpu(hdr.chunk_size);
785 	left_size = le32_to_cpu(hdr.left_size);
786 
787 	if (avail < sizeof(hdr) + chunk_size) {
788 		dev_dbg(glink->dev, "Payload not yet in fifo\n");
789 		return -EAGAIN;
790 	}
791 
792 	if (WARN(chunk_size % 4, "Incoming data must be word aligned\n"))
793 		return -EINVAL;
794 
795 	rcid = le16_to_cpu(hdr.msg.param1);
796 	spin_lock_irqsave(&glink->idr_lock, flags);
797 	channel = idr_find(&glink->rcids, rcid);
798 	spin_unlock_irqrestore(&glink->idr_lock, flags);
799 	if (!channel) {
800 		dev_dbg(glink->dev, "Data on non-existing channel\n");
801 
802 		/* Drop the message */
803 		goto advance_rx;
804 	}
805 
806 	if (glink->intentless) {
807 		/* Might have an ongoing, fragmented, message to append */
808 		if (!channel->buf) {
809 			intent = kzalloc(sizeof(*intent), GFP_ATOMIC);
810 			if (!intent)
811 				return -ENOMEM;
812 
813 			intent->data = kmalloc(chunk_size + left_size,
814 					       GFP_ATOMIC);
815 			if (!intent->data) {
816 				kfree(intent);
817 				return -ENOMEM;
818 			}
819 
820 			intent->id = 0xbabababa;
821 			intent->size = chunk_size + left_size;
822 			intent->offset = 0;
823 
824 			channel->buf = intent;
825 		} else {
826 			intent = channel->buf;
827 		}
828 	} else {
829 		liid = le32_to_cpu(hdr.msg.param2);
830 
831 		spin_lock_irqsave(&channel->intent_lock, flags);
832 		intent = idr_find(&channel->liids, liid);
833 		spin_unlock_irqrestore(&channel->intent_lock, flags);
834 
835 		if (!intent) {
836 			dev_err(glink->dev,
837 				"no intent found for channel %s intent %d",
838 				channel->name, liid);
839 			goto advance_rx;
840 		}
841 	}
842 
843 	if (intent->size - intent->offset < chunk_size) {
844 		dev_err(glink->dev, "Insufficient space in intent\n");
845 
846 		/* The packet header lied, drop payload */
847 		goto advance_rx;
848 	}
849 
850 	qcom_glink_rx_peak(glink, intent->data + intent->offset,
851 			   sizeof(hdr), chunk_size);
852 	intent->offset += chunk_size;
853 
854 	/* Handle message when no fragments remain to be received */
855 	if (!left_size) {
856 		spin_lock(&channel->recv_lock);
857 		if (channel->ept.cb) {
858 			channel->ept.cb(channel->ept.rpdev,
859 					intent->data,
860 					intent->offset,
861 					channel->ept.priv,
862 					RPMSG_ADDR_ANY);
863 		}
864 		spin_unlock(&channel->recv_lock);
865 
866 		intent->offset = 0;
867 		channel->buf = NULL;
868 
869 		qcom_glink_rx_done(glink, channel, intent);
870 	}
871 
872 advance_rx:
873 	qcom_glink_rx_advance(glink, ALIGN(sizeof(hdr) + chunk_size, 8));
874 
875 	return ret;
876 }
877 
878 static void qcom_glink_handle_intent(struct qcom_glink *glink,
879 				     unsigned int cid,
880 				     unsigned int count,
881 				     size_t avail)
882 {
883 	struct glink_core_rx_intent *intent;
884 	struct glink_channel *channel;
885 	struct intent_pair {
886 		__le32 size;
887 		__le32 iid;
888 	};
889 
890 	struct {
891 		struct glink_msg msg;
892 		struct intent_pair intents[];
893 	} __packed * msg;
894 
895 	const size_t msglen = sizeof(*msg) + sizeof(struct intent_pair) * count;
896 	int ret;
897 	int i;
898 	unsigned long flags;
899 
900 	if (avail < msglen) {
901 		dev_dbg(glink->dev, "Not enough data in fifo\n");
902 		return;
903 	}
904 
905 	spin_lock_irqsave(&glink->idr_lock, flags);
906 	channel = idr_find(&glink->rcids, cid);
907 	spin_unlock_irqrestore(&glink->idr_lock, flags);
908 	if (!channel) {
909 		dev_err(glink->dev, "intents for non-existing channel\n");
910 		return;
911 	}
912 
913 	msg = kmalloc(msglen, GFP_ATOMIC);
914 	if (!msg)
915 		return;
916 
917 	qcom_glink_rx_peak(glink, msg, 0, msglen);
918 
919 	for (i = 0; i < count; ++i) {
920 		intent = kzalloc(sizeof(*intent), GFP_ATOMIC);
921 		if (!intent)
922 			break;
923 
924 		intent->id = le32_to_cpu(msg->intents[i].iid);
925 		intent->size = le32_to_cpu(msg->intents[i].size);
926 
927 		spin_lock_irqsave(&channel->intent_lock, flags);
928 		ret = idr_alloc(&channel->riids, intent,
929 				intent->id, intent->id + 1, GFP_ATOMIC);
930 		spin_unlock_irqrestore(&channel->intent_lock, flags);
931 
932 		if (ret < 0)
933 			dev_err(glink->dev, "failed to store remote intent\n");
934 	}
935 
936 	kfree(msg);
937 	qcom_glink_rx_advance(glink, ALIGN(msglen, 8));
938 }
939 
940 static int qcom_glink_rx_open_ack(struct qcom_glink *glink, unsigned int lcid)
941 {
942 	struct glink_channel *channel;
943 
944 	spin_lock(&glink->idr_lock);
945 	channel = idr_find(&glink->lcids, lcid);
946 	spin_unlock(&glink->idr_lock);
947 	if (!channel) {
948 		dev_err(glink->dev, "Invalid open ack packet\n");
949 		return -EINVAL;
950 	}
951 
952 	complete(&channel->open_ack);
953 
954 	return 0;
955 }
956 
957 static irqreturn_t qcom_glink_native_intr(int irq, void *data)
958 {
959 	struct qcom_glink *glink = data;
960 	struct glink_msg msg;
961 	unsigned int param1;
962 	unsigned int param2;
963 	unsigned int avail;
964 	unsigned int cmd;
965 	int ret = 0;
966 
967 	for (;;) {
968 		avail = qcom_glink_rx_avail(glink);
969 		if (avail < sizeof(msg))
970 			break;
971 
972 		qcom_glink_rx_peak(glink, &msg, 0, sizeof(msg));
973 
974 		cmd = le16_to_cpu(msg.cmd);
975 		param1 = le16_to_cpu(msg.param1);
976 		param2 = le32_to_cpu(msg.param2);
977 
978 		switch (cmd) {
979 		case RPM_CMD_VERSION:
980 		case RPM_CMD_VERSION_ACK:
981 		case RPM_CMD_CLOSE:
982 		case RPM_CMD_CLOSE_ACK:
983 		case RPM_CMD_RX_INTENT_REQ:
984 			ret = qcom_glink_rx_defer(glink, 0);
985 			break;
986 		case RPM_CMD_OPEN_ACK:
987 			ret = qcom_glink_rx_open_ack(glink, param1);
988 			qcom_glink_rx_advance(glink, ALIGN(sizeof(msg), 8));
989 			break;
990 		case RPM_CMD_OPEN:
991 			ret = qcom_glink_rx_defer(glink, param2);
992 			break;
993 		case RPM_CMD_TX_DATA:
994 		case RPM_CMD_TX_DATA_CONT:
995 			ret = qcom_glink_rx_data(glink, avail);
996 			break;
997 		case RPM_CMD_READ_NOTIF:
998 			qcom_glink_rx_advance(glink, ALIGN(sizeof(msg), 8));
999 
1000 			mbox_send_message(glink->mbox_chan, NULL);
1001 			mbox_client_txdone(glink->mbox_chan, 0);
1002 			break;
1003 		case RPM_CMD_INTENT:
1004 			qcom_glink_handle_intent(glink, param1, param2, avail);
1005 			break;
1006 		case RPM_CMD_RX_DONE:
1007 			qcom_glink_handle_rx_done(glink, param1, param2, false);
1008 			qcom_glink_rx_advance(glink, ALIGN(sizeof(msg), 8));
1009 			break;
1010 		case RPM_CMD_RX_DONE_W_REUSE:
1011 			qcom_glink_handle_rx_done(glink, param1, param2, true);
1012 			qcom_glink_rx_advance(glink, ALIGN(sizeof(msg), 8));
1013 			break;
1014 		case RPM_CMD_RX_INTENT_REQ_ACK:
1015 			qcom_glink_handle_intent_req_ack(glink, param1, param2);
1016 			qcom_glink_rx_advance(glink, ALIGN(sizeof(msg), 8));
1017 			break;
1018 		default:
1019 			dev_err(glink->dev, "unhandled rx cmd: %d\n", cmd);
1020 			ret = -EINVAL;
1021 			break;
1022 		}
1023 
1024 		if (ret)
1025 			break;
1026 	}
1027 
1028 	return IRQ_HANDLED;
1029 }
1030 
1031 /* Locally initiated rpmsg_create_ept */
1032 static struct glink_channel *qcom_glink_create_local(struct qcom_glink *glink,
1033 						     const char *name)
1034 {
1035 	struct glink_channel *channel;
1036 	int ret;
1037 	unsigned long flags;
1038 
1039 	channel = qcom_glink_alloc_channel(glink, name);
1040 	if (IS_ERR(channel))
1041 		return ERR_CAST(channel);
1042 
1043 	ret = qcom_glink_send_open_req(glink, channel);
1044 	if (ret)
1045 		goto release_channel;
1046 
1047 	ret = wait_for_completion_timeout(&channel->open_ack, 5 * HZ);
1048 	if (!ret)
1049 		goto err_timeout;
1050 
1051 	ret = wait_for_completion_timeout(&channel->open_req, 5 * HZ);
1052 	if (!ret)
1053 		goto err_timeout;
1054 
1055 	qcom_glink_send_open_ack(glink, channel);
1056 
1057 	return channel;
1058 
1059 err_timeout:
1060 	/* qcom_glink_send_open_req() did register the channel in lcids*/
1061 	spin_lock_irqsave(&glink->idr_lock, flags);
1062 	idr_remove(&glink->lcids, channel->lcid);
1063 	spin_unlock_irqrestore(&glink->idr_lock, flags);
1064 
1065 release_channel:
1066 	/* Release qcom_glink_send_open_req() reference */
1067 	kref_put(&channel->refcount, qcom_glink_channel_release);
1068 	/* Release qcom_glink_alloc_channel() reference */
1069 	kref_put(&channel->refcount, qcom_glink_channel_release);
1070 
1071 	return ERR_PTR(-ETIMEDOUT);
1072 }
1073 
1074 /* Remote initiated rpmsg_create_ept */
1075 static int qcom_glink_create_remote(struct qcom_glink *glink,
1076 				    struct glink_channel *channel)
1077 {
1078 	int ret;
1079 
1080 	qcom_glink_send_open_ack(glink, channel);
1081 
1082 	ret = qcom_glink_send_open_req(glink, channel);
1083 	if (ret)
1084 		goto close_link;
1085 
1086 	ret = wait_for_completion_timeout(&channel->open_ack, 5 * HZ);
1087 	if (!ret) {
1088 		ret = -ETIMEDOUT;
1089 		goto close_link;
1090 	}
1091 
1092 	return 0;
1093 
1094 close_link:
1095 	/*
1096 	 * Send a close request to "undo" our open-ack. The close-ack will
1097 	 * release the last reference.
1098 	 */
1099 	qcom_glink_send_close_req(glink, channel);
1100 
1101 	/* Release qcom_glink_send_open_req() reference */
1102 	kref_put(&channel->refcount, qcom_glink_channel_release);
1103 
1104 	return ret;
1105 }
1106 
1107 static struct rpmsg_endpoint *qcom_glink_create_ept(struct rpmsg_device *rpdev,
1108 						    rpmsg_rx_cb_t cb,
1109 						    void *priv,
1110 						    struct rpmsg_channel_info
1111 									chinfo)
1112 {
1113 	struct glink_channel *parent = to_glink_channel(rpdev->ept);
1114 	struct glink_channel *channel;
1115 	struct qcom_glink *glink = parent->glink;
1116 	struct rpmsg_endpoint *ept;
1117 	const char *name = chinfo.name;
1118 	int cid;
1119 	int ret;
1120 	unsigned long flags;
1121 
1122 	spin_lock_irqsave(&glink->idr_lock, flags);
1123 	idr_for_each_entry(&glink->rcids, channel, cid) {
1124 		if (!strcmp(channel->name, name))
1125 			break;
1126 	}
1127 	spin_unlock_irqrestore(&glink->idr_lock, flags);
1128 
1129 	if (!channel) {
1130 		channel = qcom_glink_create_local(glink, name);
1131 		if (IS_ERR(channel))
1132 			return NULL;
1133 	} else {
1134 		ret = qcom_glink_create_remote(glink, channel);
1135 		if (ret)
1136 			return NULL;
1137 	}
1138 
1139 	ept = &channel->ept;
1140 	ept->rpdev = rpdev;
1141 	ept->cb = cb;
1142 	ept->priv = priv;
1143 	ept->ops = &glink_endpoint_ops;
1144 
1145 	return ept;
1146 }
1147 
1148 static int qcom_glink_announce_create(struct rpmsg_device *rpdev)
1149 {
1150 	struct glink_channel *channel = to_glink_channel(rpdev->ept);
1151 	struct glink_core_rx_intent *intent;
1152 	struct qcom_glink *glink = channel->glink;
1153 	int num_intents = glink->intentless ? 0 : 5;
1154 
1155 	/* Channel is now open, advertise base set of intents */
1156 	while (num_intents--) {
1157 		intent = qcom_glink_alloc_intent(glink, channel, SZ_1K, true);
1158 		if (!intent)
1159 			break;
1160 
1161 		qcom_glink_advertise_intent(glink, channel, intent);
1162 	}
1163 
1164 	return 0;
1165 }
1166 
1167 static void qcom_glink_destroy_ept(struct rpmsg_endpoint *ept)
1168 {
1169 	struct glink_channel *channel = to_glink_channel(ept);
1170 	struct qcom_glink *glink = channel->glink;
1171 	unsigned long flags;
1172 
1173 	spin_lock_irqsave(&channel->recv_lock, flags);
1174 	channel->ept.cb = NULL;
1175 	spin_unlock_irqrestore(&channel->recv_lock, flags);
1176 
1177 	/* Decouple the potential rpdev from the channel */
1178 	channel->rpdev = NULL;
1179 
1180 	qcom_glink_send_close_req(glink, channel);
1181 }
1182 
1183 static int qcom_glink_request_intent(struct qcom_glink *glink,
1184 				     struct glink_channel *channel,
1185 				     size_t size)
1186 {
1187 	struct {
1188 		u16 id;
1189 		u16 cid;
1190 		u32 size;
1191 	} __packed cmd;
1192 
1193 	int ret;
1194 
1195 	mutex_lock(&channel->intent_req_lock);
1196 
1197 	reinit_completion(&channel->intent_req_comp);
1198 
1199 	cmd.id = RPM_CMD_RX_INTENT_REQ;
1200 	cmd.cid = channel->lcid;
1201 	cmd.size = size;
1202 
1203 	ret = qcom_glink_tx(glink, &cmd, sizeof(cmd), NULL, 0, true);
1204 	if (ret)
1205 		goto unlock;
1206 
1207 	ret = wait_for_completion_timeout(&channel->intent_req_comp, 10 * HZ);
1208 	if (!ret) {
1209 		dev_err(glink->dev, "intent request timed out\n");
1210 		ret = -ETIMEDOUT;
1211 	} else {
1212 		ret = channel->intent_req_result ? 0 : -ECANCELED;
1213 	}
1214 
1215 unlock:
1216 	mutex_unlock(&channel->intent_req_lock);
1217 	return ret;
1218 }
1219 
1220 static int __qcom_glink_send(struct glink_channel *channel,
1221 			     void *data, int len, bool wait)
1222 {
1223 	struct qcom_glink *glink = channel->glink;
1224 	struct glink_core_rx_intent *intent = NULL;
1225 	struct glink_core_rx_intent *tmp;
1226 	int iid = 0;
1227 	struct {
1228 		struct glink_msg msg;
1229 		__le32 chunk_size;
1230 		__le32 left_size;
1231 	} __packed req;
1232 	int ret;
1233 	unsigned long flags;
1234 
1235 	if (!glink->intentless) {
1236 		while (!intent) {
1237 			spin_lock_irqsave(&channel->intent_lock, flags);
1238 			idr_for_each_entry(&channel->riids, tmp, iid) {
1239 				if (tmp->size >= len && !tmp->in_use) {
1240 					tmp->in_use = true;
1241 					intent = tmp;
1242 					break;
1243 				}
1244 			}
1245 			spin_unlock_irqrestore(&channel->intent_lock, flags);
1246 
1247 			/* We found an available intent */
1248 			if (intent)
1249 				break;
1250 
1251 			if (!wait)
1252 				return -EBUSY;
1253 
1254 			ret = qcom_glink_request_intent(glink, channel, len);
1255 			if (ret < 0)
1256 				return ret;
1257 		}
1258 
1259 		iid = intent->id;
1260 	}
1261 
1262 	req.msg.cmd = cpu_to_le16(RPM_CMD_TX_DATA);
1263 	req.msg.param1 = cpu_to_le16(channel->lcid);
1264 	req.msg.param2 = cpu_to_le32(iid);
1265 	req.chunk_size = cpu_to_le32(len);
1266 	req.left_size = cpu_to_le32(0);
1267 
1268 	ret = qcom_glink_tx(glink, &req, sizeof(req), data, len, wait);
1269 
1270 	/* Mark intent available if we failed */
1271 	if (ret && intent)
1272 		intent->in_use = false;
1273 
1274 	return ret;
1275 }
1276 
1277 static int qcom_glink_send(struct rpmsg_endpoint *ept, void *data, int len)
1278 {
1279 	struct glink_channel *channel = to_glink_channel(ept);
1280 
1281 	return __qcom_glink_send(channel, data, len, true);
1282 }
1283 
1284 static int qcom_glink_trysend(struct rpmsg_endpoint *ept, void *data, int len)
1285 {
1286 	struct glink_channel *channel = to_glink_channel(ept);
1287 
1288 	return __qcom_glink_send(channel, data, len, false);
1289 }
1290 
1291 /*
1292  * Finds the device_node for the glink child interested in this channel.
1293  */
1294 static struct device_node *qcom_glink_match_channel(struct device_node *node,
1295 						    const char *channel)
1296 {
1297 	struct device_node *child;
1298 	const char *name;
1299 	const char *key;
1300 	int ret;
1301 
1302 	for_each_available_child_of_node(node, child) {
1303 		key = "qcom,glink-channels";
1304 		ret = of_property_read_string(child, key, &name);
1305 		if (ret)
1306 			continue;
1307 
1308 		if (strcmp(name, channel) == 0)
1309 			return child;
1310 	}
1311 
1312 	return NULL;
1313 }
1314 
1315 static const struct rpmsg_device_ops glink_device_ops = {
1316 	.create_ept = qcom_glink_create_ept,
1317 	.announce_create = qcom_glink_announce_create,
1318 };
1319 
1320 static const struct rpmsg_endpoint_ops glink_endpoint_ops = {
1321 	.destroy_ept = qcom_glink_destroy_ept,
1322 	.send = qcom_glink_send,
1323 	.trysend = qcom_glink_trysend,
1324 };
1325 
1326 static void qcom_glink_rpdev_release(struct device *dev)
1327 {
1328 	struct rpmsg_device *rpdev = to_rpmsg_device(dev);
1329 	struct glink_channel *channel = to_glink_channel(rpdev->ept);
1330 
1331 	channel->rpdev = NULL;
1332 	kfree(rpdev);
1333 }
1334 
1335 static int qcom_glink_rx_open(struct qcom_glink *glink, unsigned int rcid,
1336 			      char *name)
1337 {
1338 	struct glink_channel *channel;
1339 	struct rpmsg_device *rpdev;
1340 	bool create_device = false;
1341 	struct device_node *node;
1342 	int lcid;
1343 	int ret;
1344 	unsigned long flags;
1345 
1346 	spin_lock_irqsave(&glink->idr_lock, flags);
1347 	idr_for_each_entry(&glink->lcids, channel, lcid) {
1348 		if (!strcmp(channel->name, name))
1349 			break;
1350 	}
1351 	spin_unlock_irqrestore(&glink->idr_lock, flags);
1352 
1353 	if (!channel) {
1354 		channel = qcom_glink_alloc_channel(glink, name);
1355 		if (IS_ERR(channel))
1356 			return PTR_ERR(channel);
1357 
1358 		/* The opening dance was initiated by the remote */
1359 		create_device = true;
1360 	}
1361 
1362 	spin_lock_irqsave(&glink->idr_lock, flags);
1363 	ret = idr_alloc(&glink->rcids, channel, rcid, rcid + 1, GFP_ATOMIC);
1364 	if (ret < 0) {
1365 		dev_err(glink->dev, "Unable to insert channel into rcid list\n");
1366 		spin_unlock_irqrestore(&glink->idr_lock, flags);
1367 		goto free_channel;
1368 	}
1369 	channel->rcid = ret;
1370 	spin_unlock_irqrestore(&glink->idr_lock, flags);
1371 
1372 	complete(&channel->open_req);
1373 
1374 	if (create_device) {
1375 		rpdev = kzalloc(sizeof(*rpdev), GFP_KERNEL);
1376 		if (!rpdev) {
1377 			ret = -ENOMEM;
1378 			goto rcid_remove;
1379 		}
1380 
1381 		rpdev->ept = &channel->ept;
1382 		strncpy(rpdev->id.name, name, RPMSG_NAME_SIZE);
1383 		rpdev->src = RPMSG_ADDR_ANY;
1384 		rpdev->dst = RPMSG_ADDR_ANY;
1385 		rpdev->ops = &glink_device_ops;
1386 
1387 		node = qcom_glink_match_channel(glink->dev->of_node, name);
1388 		rpdev->dev.of_node = node;
1389 		rpdev->dev.parent = glink->dev;
1390 		rpdev->dev.release = qcom_glink_rpdev_release;
1391 
1392 		ret = rpmsg_register_device(rpdev);
1393 		if (ret)
1394 			goto free_rpdev;
1395 
1396 		channel->rpdev = rpdev;
1397 	}
1398 
1399 	return 0;
1400 
1401 free_rpdev:
1402 	kfree(rpdev);
1403 rcid_remove:
1404 	spin_lock_irqsave(&glink->idr_lock, flags);
1405 	idr_remove(&glink->rcids, channel->rcid);
1406 	channel->rcid = 0;
1407 	spin_unlock_irqrestore(&glink->idr_lock, flags);
1408 free_channel:
1409 	/* Release the reference, iff we took it */
1410 	if (create_device)
1411 		kref_put(&channel->refcount, qcom_glink_channel_release);
1412 
1413 	return ret;
1414 }
1415 
1416 static void qcom_glink_rx_close(struct qcom_glink *glink, unsigned int rcid)
1417 {
1418 	struct rpmsg_channel_info chinfo;
1419 	struct glink_channel *channel;
1420 	unsigned long flags;
1421 
1422 	spin_lock_irqsave(&glink->idr_lock, flags);
1423 	channel = idr_find(&glink->rcids, rcid);
1424 	spin_unlock_irqrestore(&glink->idr_lock, flags);
1425 	if (WARN(!channel, "close request on unknown channel\n"))
1426 		return;
1427 
1428 	/* cancel pending rx_done work */
1429 	cancel_work_sync(&channel->intent_work);
1430 
1431 	if (channel->rpdev) {
1432 		strncpy(chinfo.name, channel->name, sizeof(chinfo.name));
1433 		chinfo.src = RPMSG_ADDR_ANY;
1434 		chinfo.dst = RPMSG_ADDR_ANY;
1435 
1436 		rpmsg_unregister_device(glink->dev, &chinfo);
1437 	}
1438 
1439 	qcom_glink_send_close_ack(glink, channel->rcid);
1440 
1441 	spin_lock_irqsave(&glink->idr_lock, flags);
1442 	idr_remove(&glink->rcids, channel->rcid);
1443 	channel->rcid = 0;
1444 	spin_unlock_irqrestore(&glink->idr_lock, flags);
1445 
1446 	kref_put(&channel->refcount, qcom_glink_channel_release);
1447 }
1448 
1449 static void qcom_glink_rx_close_ack(struct qcom_glink *glink, unsigned int lcid)
1450 {
1451 	struct glink_channel *channel;
1452 	unsigned long flags;
1453 
1454 	spin_lock_irqsave(&glink->idr_lock, flags);
1455 	channel = idr_find(&glink->lcids, lcid);
1456 	if (WARN(!channel, "close ack on unknown channel\n")) {
1457 		spin_unlock_irqrestore(&glink->idr_lock, flags);
1458 		return;
1459 	}
1460 
1461 	idr_remove(&glink->lcids, channel->lcid);
1462 	channel->lcid = 0;
1463 	spin_unlock_irqrestore(&glink->idr_lock, flags);
1464 
1465 	kref_put(&channel->refcount, qcom_glink_channel_release);
1466 }
1467 
1468 static void qcom_glink_work(struct work_struct *work)
1469 {
1470 	struct qcom_glink *glink = container_of(work, struct qcom_glink,
1471 						rx_work);
1472 	struct glink_defer_cmd *dcmd;
1473 	struct glink_msg *msg;
1474 	unsigned long flags;
1475 	unsigned int param1;
1476 	unsigned int param2;
1477 	unsigned int cmd;
1478 
1479 	for (;;) {
1480 		spin_lock_irqsave(&glink->rx_lock, flags);
1481 		if (list_empty(&glink->rx_queue)) {
1482 			spin_unlock_irqrestore(&glink->rx_lock, flags);
1483 			break;
1484 		}
1485 		dcmd = list_first_entry(&glink->rx_queue,
1486 					struct glink_defer_cmd, node);
1487 		list_del(&dcmd->node);
1488 		spin_unlock_irqrestore(&glink->rx_lock, flags);
1489 
1490 		msg = &dcmd->msg;
1491 		cmd = le16_to_cpu(msg->cmd);
1492 		param1 = le16_to_cpu(msg->param1);
1493 		param2 = le32_to_cpu(msg->param2);
1494 
1495 		switch (cmd) {
1496 		case RPM_CMD_VERSION:
1497 			qcom_glink_receive_version(glink, param1, param2);
1498 			break;
1499 		case RPM_CMD_VERSION_ACK:
1500 			qcom_glink_receive_version_ack(glink, param1, param2);
1501 			break;
1502 		case RPM_CMD_OPEN:
1503 			qcom_glink_rx_open(glink, param1, msg->data);
1504 			break;
1505 		case RPM_CMD_CLOSE:
1506 			qcom_glink_rx_close(glink, param1);
1507 			break;
1508 		case RPM_CMD_CLOSE_ACK:
1509 			qcom_glink_rx_close_ack(glink, param1);
1510 			break;
1511 		case RPM_CMD_RX_INTENT_REQ:
1512 			qcom_glink_handle_intent_req(glink, param1, param2);
1513 			break;
1514 		default:
1515 			WARN(1, "Unknown defer object %d\n", cmd);
1516 			break;
1517 		}
1518 
1519 		kfree(dcmd);
1520 	}
1521 }
1522 
1523 struct qcom_glink *qcom_glink_native_probe(struct device *dev,
1524 					   unsigned long features,
1525 					   struct qcom_glink_pipe *rx,
1526 					   struct qcom_glink_pipe *tx,
1527 					   bool intentless)
1528 {
1529 	int irq;
1530 	int ret;
1531 	struct qcom_glink *glink;
1532 
1533 	glink = devm_kzalloc(dev, sizeof(*glink), GFP_KERNEL);
1534 	if (!glink)
1535 		return ERR_PTR(-ENOMEM);
1536 
1537 	glink->dev = dev;
1538 	glink->tx_pipe = tx;
1539 	glink->rx_pipe = rx;
1540 
1541 	glink->features = features;
1542 	glink->intentless = intentless;
1543 
1544 	mutex_init(&glink->tx_lock);
1545 	spin_lock_init(&glink->rx_lock);
1546 	INIT_LIST_HEAD(&glink->rx_queue);
1547 	INIT_WORK(&glink->rx_work, qcom_glink_work);
1548 
1549 	spin_lock_init(&glink->idr_lock);
1550 	idr_init(&glink->lcids);
1551 	idr_init(&glink->rcids);
1552 
1553 	glink->mbox_client.dev = dev;
1554 	glink->mbox_chan = mbox_request_channel(&glink->mbox_client, 0);
1555 	if (IS_ERR(glink->mbox_chan)) {
1556 		if (PTR_ERR(glink->mbox_chan) != -EPROBE_DEFER)
1557 			dev_err(dev, "failed to acquire IPC channel\n");
1558 		return ERR_CAST(glink->mbox_chan);
1559 	}
1560 
1561 	irq = of_irq_get(dev->of_node, 0);
1562 	ret = devm_request_irq(dev, irq,
1563 			       qcom_glink_native_intr,
1564 			       IRQF_NO_SUSPEND | IRQF_SHARED,
1565 			       "glink-native", glink);
1566 	if (ret) {
1567 		dev_err(dev, "failed to request IRQ\n");
1568 		return ERR_PTR(ret);
1569 	}
1570 
1571 	glink->irq = irq;
1572 
1573 	ret = qcom_glink_send_version(glink);
1574 	if (ret)
1575 		return ERR_PTR(ret);
1576 
1577 	return glink;
1578 }
1579 EXPORT_SYMBOL_GPL(qcom_glink_native_probe);
1580 
1581 static int qcom_glink_remove_device(struct device *dev, void *data)
1582 {
1583 	device_unregister(dev);
1584 
1585 	return 0;
1586 }
1587 
1588 void qcom_glink_native_remove(struct qcom_glink *glink)
1589 {
1590 	struct glink_channel *channel;
1591 	int cid;
1592 	int ret;
1593 	unsigned long flags;
1594 
1595 	disable_irq(glink->irq);
1596 	cancel_work_sync(&glink->rx_work);
1597 
1598 	ret = device_for_each_child(glink->dev, NULL, qcom_glink_remove_device);
1599 	if (ret)
1600 		dev_warn(glink->dev, "Can't remove GLINK devices: %d\n", ret);
1601 
1602 	spin_lock_irqsave(&glink->idr_lock, flags);
1603 	/* Release any defunct local channels, waiting for close-ack */
1604 	idr_for_each_entry(&glink->lcids, channel, cid)
1605 		kref_put(&channel->refcount, qcom_glink_channel_release);
1606 
1607 	idr_destroy(&glink->lcids);
1608 	idr_destroy(&glink->rcids);
1609 	spin_unlock_irqrestore(&glink->idr_lock, flags);
1610 	mbox_free_channel(glink->mbox_chan);
1611 }
1612 EXPORT_SYMBOL_GPL(qcom_glink_native_remove);
1613 
1614 void qcom_glink_native_unregister(struct qcom_glink *glink)
1615 {
1616 	device_unregister(glink->dev);
1617 }
1618 EXPORT_SYMBOL_GPL(qcom_glink_native_unregister);
1619