1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Virtio-based remote processor messaging bus 4 * 5 * Copyright (C) 2011 Texas Instruments, Inc. 6 * Copyright (C) 2011 Google, Inc. 7 * 8 * Ohad Ben-Cohen <ohad@wizery.com> 9 * Brian Swetland <swetland@google.com> 10 */ 11 12 #define pr_fmt(fmt) "%s: " fmt, __func__ 13 14 #include <linux/kernel.h> 15 #include <linux/module.h> 16 #include <linux/virtio.h> 17 #include <linux/virtio_ids.h> 18 #include <linux/virtio_config.h> 19 #include <linux/scatterlist.h> 20 #include <linux/dma-mapping.h> 21 #include <linux/slab.h> 22 #include <linux/idr.h> 23 #include <linux/jiffies.h> 24 #include <linux/sched.h> 25 #include <linux/wait.h> 26 #include <linux/rpmsg.h> 27 #include <linux/mutex.h> 28 #include <linux/of_device.h> 29 30 #include "rpmsg_internal.h" 31 32 /** 33 * struct virtproc_info - virtual remote processor state 34 * @vdev: the virtio device 35 * @rvq: rx virtqueue 36 * @svq: tx virtqueue 37 * @rbufs: kernel address of rx buffers 38 * @sbufs: kernel address of tx buffers 39 * @num_bufs: total number of buffers for rx and tx 40 * @buf_size: size of one rx or tx buffer 41 * @last_sbuf: index of last tx buffer used 42 * @bufs_dma: dma base addr of the buffers 43 * @tx_lock: protects svq, sbufs and sleepers, to allow concurrent senders. 44 * sending a message might require waking up a dozing remote 45 * processor, which involves sleeping, hence the mutex. 46 * @endpoints: idr of local endpoints, allows fast retrieval 47 * @endpoints_lock: lock of the endpoints set 48 * @sendq: wait queue of sending contexts waiting for a tx buffers 49 * @sleepers: number of senders that are waiting for a tx buffer 50 * @ns_ept: the bus's name service endpoint 51 * 52 * This structure stores the rpmsg state of a given virtio remote processor 53 * device (there might be several virtio proc devices for each physical 54 * remote processor). 55 */ 56 struct virtproc_info { 57 struct virtio_device *vdev; 58 struct virtqueue *rvq, *svq; 59 void *rbufs, *sbufs; 60 unsigned int num_bufs; 61 unsigned int buf_size; 62 int last_sbuf; 63 dma_addr_t bufs_dma; 64 struct mutex tx_lock; 65 struct idr endpoints; 66 struct mutex endpoints_lock; 67 wait_queue_head_t sendq; 68 atomic_t sleepers; 69 struct rpmsg_endpoint *ns_ept; 70 }; 71 72 /* The feature bitmap for virtio rpmsg */ 73 #define VIRTIO_RPMSG_F_NS 0 /* RP supports name service notifications */ 74 75 /** 76 * struct rpmsg_hdr - common header for all rpmsg messages 77 * @src: source address 78 * @dst: destination address 79 * @reserved: reserved for future use 80 * @len: length of payload (in bytes) 81 * @flags: message flags 82 * @data: @len bytes of message payload data 83 * 84 * Every message sent(/received) on the rpmsg bus begins with this header. 85 */ 86 struct rpmsg_hdr { 87 u32 src; 88 u32 dst; 89 u32 reserved; 90 u16 len; 91 u16 flags; 92 u8 data[0]; 93 } __packed; 94 95 /** 96 * struct rpmsg_ns_msg - dynamic name service announcement message 97 * @name: name of remote service that is published 98 * @addr: address of remote service that is published 99 * @flags: indicates whether service is created or destroyed 100 * 101 * This message is sent across to publish a new service, or announce 102 * about its removal. When we receive these messages, an appropriate 103 * rpmsg channel (i.e device) is created/destroyed. In turn, the ->probe() 104 * or ->remove() handler of the appropriate rpmsg driver will be invoked 105 * (if/as-soon-as one is registered). 106 */ 107 struct rpmsg_ns_msg { 108 char name[RPMSG_NAME_SIZE]; 109 u32 addr; 110 u32 flags; 111 } __packed; 112 113 /** 114 * enum rpmsg_ns_flags - dynamic name service announcement flags 115 * 116 * @RPMSG_NS_CREATE: a new remote service was just created 117 * @RPMSG_NS_DESTROY: a known remote service was just destroyed 118 */ 119 enum rpmsg_ns_flags { 120 RPMSG_NS_CREATE = 0, 121 RPMSG_NS_DESTROY = 1, 122 }; 123 124 /** 125 * @vrp: the remote processor this channel belongs to 126 */ 127 struct virtio_rpmsg_channel { 128 struct rpmsg_device rpdev; 129 130 struct virtproc_info *vrp; 131 }; 132 133 #define to_virtio_rpmsg_channel(_rpdev) \ 134 container_of(_rpdev, struct virtio_rpmsg_channel, rpdev) 135 136 /* 137 * We're allocating buffers of 512 bytes each for communications. The 138 * number of buffers will be computed from the number of buffers supported 139 * by the vring, upto a maximum of 512 buffers (256 in each direction). 140 * 141 * Each buffer will have 16 bytes for the msg header and 496 bytes for 142 * the payload. 143 * 144 * This will utilize a maximum total space of 256KB for the buffers. 145 * 146 * We might also want to add support for user-provided buffers in time. 147 * This will allow bigger buffer size flexibility, and can also be used 148 * to achieve zero-copy messaging. 149 * 150 * Note that these numbers are purely a decision of this driver - we 151 * can change this without changing anything in the firmware of the remote 152 * processor. 153 */ 154 #define MAX_RPMSG_NUM_BUFS (512) 155 #define MAX_RPMSG_BUF_SIZE (512) 156 157 /* 158 * Local addresses are dynamically allocated on-demand. 159 * We do not dynamically assign addresses from the low 1024 range, 160 * in order to reserve that address range for predefined services. 161 */ 162 #define RPMSG_RESERVED_ADDRESSES (1024) 163 164 /* Address 53 is reserved for advertising remote services */ 165 #define RPMSG_NS_ADDR (53) 166 167 static void virtio_rpmsg_destroy_ept(struct rpmsg_endpoint *ept); 168 static int virtio_rpmsg_send(struct rpmsg_endpoint *ept, void *data, int len); 169 static int virtio_rpmsg_sendto(struct rpmsg_endpoint *ept, void *data, int len, 170 u32 dst); 171 static int virtio_rpmsg_send_offchannel(struct rpmsg_endpoint *ept, u32 src, 172 u32 dst, void *data, int len); 173 static int virtio_rpmsg_trysend(struct rpmsg_endpoint *ept, void *data, int len); 174 static int virtio_rpmsg_trysendto(struct rpmsg_endpoint *ept, void *data, 175 int len, u32 dst); 176 static int virtio_rpmsg_trysend_offchannel(struct rpmsg_endpoint *ept, u32 src, 177 u32 dst, void *data, int len); 178 179 static const struct rpmsg_endpoint_ops virtio_endpoint_ops = { 180 .destroy_ept = virtio_rpmsg_destroy_ept, 181 .send = virtio_rpmsg_send, 182 .sendto = virtio_rpmsg_sendto, 183 .send_offchannel = virtio_rpmsg_send_offchannel, 184 .trysend = virtio_rpmsg_trysend, 185 .trysendto = virtio_rpmsg_trysendto, 186 .trysend_offchannel = virtio_rpmsg_trysend_offchannel, 187 }; 188 189 /** 190 * rpmsg_sg_init - initialize scatterlist according to cpu address location 191 * @sg: scatterlist to fill 192 * @cpu_addr: virtual address of the buffer 193 * @len: buffer length 194 * 195 * An internal function filling scatterlist according to virtual address 196 * location (in vmalloc or in kernel). 197 */ 198 static void 199 rpmsg_sg_init(struct scatterlist *sg, void *cpu_addr, unsigned int len) 200 { 201 if (is_vmalloc_addr(cpu_addr)) { 202 sg_init_table(sg, 1); 203 sg_set_page(sg, vmalloc_to_page(cpu_addr), len, 204 offset_in_page(cpu_addr)); 205 } else { 206 WARN_ON(!virt_addr_valid(cpu_addr)); 207 sg_init_one(sg, cpu_addr, len); 208 } 209 } 210 211 /** 212 * __ept_release() - deallocate an rpmsg endpoint 213 * @kref: the ept's reference count 214 * 215 * This function deallocates an ept, and is invoked when its @kref refcount 216 * drops to zero. 217 * 218 * Never invoke this function directly! 219 */ 220 static void __ept_release(struct kref *kref) 221 { 222 struct rpmsg_endpoint *ept = container_of(kref, struct rpmsg_endpoint, 223 refcount); 224 /* 225 * At this point no one holds a reference to ept anymore, 226 * so we can directly free it 227 */ 228 kfree(ept); 229 } 230 231 /* for more info, see below documentation of rpmsg_create_ept() */ 232 static struct rpmsg_endpoint *__rpmsg_create_ept(struct virtproc_info *vrp, 233 struct rpmsg_device *rpdev, 234 rpmsg_rx_cb_t cb, 235 void *priv, u32 addr) 236 { 237 int id_min, id_max, id; 238 struct rpmsg_endpoint *ept; 239 struct device *dev = rpdev ? &rpdev->dev : &vrp->vdev->dev; 240 241 ept = kzalloc(sizeof(*ept), GFP_KERNEL); 242 if (!ept) 243 return NULL; 244 245 kref_init(&ept->refcount); 246 mutex_init(&ept->cb_lock); 247 248 ept->rpdev = rpdev; 249 ept->cb = cb; 250 ept->priv = priv; 251 ept->ops = &virtio_endpoint_ops; 252 253 /* do we need to allocate a local address ? */ 254 if (addr == RPMSG_ADDR_ANY) { 255 id_min = RPMSG_RESERVED_ADDRESSES; 256 id_max = 0; 257 } else { 258 id_min = addr; 259 id_max = addr + 1; 260 } 261 262 mutex_lock(&vrp->endpoints_lock); 263 264 /* bind the endpoint to an rpmsg address (and allocate one if needed) */ 265 id = idr_alloc(&vrp->endpoints, ept, id_min, id_max, GFP_KERNEL); 266 if (id < 0) { 267 dev_err(dev, "idr_alloc failed: %d\n", id); 268 goto free_ept; 269 } 270 ept->addr = id; 271 272 mutex_unlock(&vrp->endpoints_lock); 273 274 return ept; 275 276 free_ept: 277 mutex_unlock(&vrp->endpoints_lock); 278 kref_put(&ept->refcount, __ept_release); 279 return NULL; 280 } 281 282 static struct rpmsg_endpoint *virtio_rpmsg_create_ept(struct rpmsg_device *rpdev, 283 rpmsg_rx_cb_t cb, 284 void *priv, 285 struct rpmsg_channel_info chinfo) 286 { 287 struct virtio_rpmsg_channel *vch = to_virtio_rpmsg_channel(rpdev); 288 289 return __rpmsg_create_ept(vch->vrp, rpdev, cb, priv, chinfo.src); 290 } 291 292 /** 293 * __rpmsg_destroy_ept() - destroy an existing rpmsg endpoint 294 * @vrp: virtproc which owns this ept 295 * @ept: endpoing to destroy 296 * 297 * An internal function which destroy an ept without assuming it is 298 * bound to an rpmsg channel. This is needed for handling the internal 299 * name service endpoint, which isn't bound to an rpmsg channel. 300 * See also __rpmsg_create_ept(). 301 */ 302 static void 303 __rpmsg_destroy_ept(struct virtproc_info *vrp, struct rpmsg_endpoint *ept) 304 { 305 /* make sure new inbound messages can't find this ept anymore */ 306 mutex_lock(&vrp->endpoints_lock); 307 idr_remove(&vrp->endpoints, ept->addr); 308 mutex_unlock(&vrp->endpoints_lock); 309 310 /* make sure in-flight inbound messages won't invoke cb anymore */ 311 mutex_lock(&ept->cb_lock); 312 ept->cb = NULL; 313 mutex_unlock(&ept->cb_lock); 314 315 kref_put(&ept->refcount, __ept_release); 316 } 317 318 static void virtio_rpmsg_destroy_ept(struct rpmsg_endpoint *ept) 319 { 320 struct virtio_rpmsg_channel *vch = to_virtio_rpmsg_channel(ept->rpdev); 321 322 __rpmsg_destroy_ept(vch->vrp, ept); 323 } 324 325 static int virtio_rpmsg_announce_create(struct rpmsg_device *rpdev) 326 { 327 struct virtio_rpmsg_channel *vch = to_virtio_rpmsg_channel(rpdev); 328 struct virtproc_info *vrp = vch->vrp; 329 struct device *dev = &rpdev->dev; 330 int err = 0; 331 332 /* need to tell remote processor's name service about this channel ? */ 333 if (rpdev->announce && rpdev->ept && 334 virtio_has_feature(vrp->vdev, VIRTIO_RPMSG_F_NS)) { 335 struct rpmsg_ns_msg nsm; 336 337 strncpy(nsm.name, rpdev->id.name, RPMSG_NAME_SIZE); 338 nsm.addr = rpdev->ept->addr; 339 nsm.flags = RPMSG_NS_CREATE; 340 341 err = rpmsg_sendto(rpdev->ept, &nsm, sizeof(nsm), RPMSG_NS_ADDR); 342 if (err) 343 dev_err(dev, "failed to announce service %d\n", err); 344 } 345 346 return err; 347 } 348 349 static int virtio_rpmsg_announce_destroy(struct rpmsg_device *rpdev) 350 { 351 struct virtio_rpmsg_channel *vch = to_virtio_rpmsg_channel(rpdev); 352 struct virtproc_info *vrp = vch->vrp; 353 struct device *dev = &rpdev->dev; 354 int err = 0; 355 356 /* tell remote processor's name service we're removing this channel */ 357 if (rpdev->announce && rpdev->ept && 358 virtio_has_feature(vrp->vdev, VIRTIO_RPMSG_F_NS)) { 359 struct rpmsg_ns_msg nsm; 360 361 strncpy(nsm.name, rpdev->id.name, RPMSG_NAME_SIZE); 362 nsm.addr = rpdev->ept->addr; 363 nsm.flags = RPMSG_NS_DESTROY; 364 365 err = rpmsg_sendto(rpdev->ept, &nsm, sizeof(nsm), RPMSG_NS_ADDR); 366 if (err) 367 dev_err(dev, "failed to announce service %d\n", err); 368 } 369 370 return err; 371 } 372 373 static const struct rpmsg_device_ops virtio_rpmsg_ops = { 374 .create_ept = virtio_rpmsg_create_ept, 375 .announce_create = virtio_rpmsg_announce_create, 376 .announce_destroy = virtio_rpmsg_announce_destroy, 377 }; 378 379 static void virtio_rpmsg_release_device(struct device *dev) 380 { 381 struct rpmsg_device *rpdev = to_rpmsg_device(dev); 382 struct virtio_rpmsg_channel *vch = to_virtio_rpmsg_channel(rpdev); 383 384 kfree(vch); 385 } 386 387 /* 388 * create an rpmsg channel using its name and address info. 389 * this function will be used to create both static and dynamic 390 * channels. 391 */ 392 static struct rpmsg_device *rpmsg_create_channel(struct virtproc_info *vrp, 393 struct rpmsg_channel_info *chinfo) 394 { 395 struct virtio_rpmsg_channel *vch; 396 struct rpmsg_device *rpdev; 397 struct device *tmp, *dev = &vrp->vdev->dev; 398 int ret; 399 400 /* make sure a similar channel doesn't already exist */ 401 tmp = rpmsg_find_device(dev, chinfo); 402 if (tmp) { 403 /* decrement the matched device's refcount back */ 404 put_device(tmp); 405 dev_err(dev, "channel %s:%x:%x already exist\n", 406 chinfo->name, chinfo->src, chinfo->dst); 407 return NULL; 408 } 409 410 vch = kzalloc(sizeof(*vch), GFP_KERNEL); 411 if (!vch) 412 return NULL; 413 414 /* Link the channel to our vrp */ 415 vch->vrp = vrp; 416 417 /* Assign public information to the rpmsg_device */ 418 rpdev = &vch->rpdev; 419 rpdev->src = chinfo->src; 420 rpdev->dst = chinfo->dst; 421 rpdev->ops = &virtio_rpmsg_ops; 422 423 /* 424 * rpmsg server channels has predefined local address (for now), 425 * and their existence needs to be announced remotely 426 */ 427 rpdev->announce = rpdev->src != RPMSG_ADDR_ANY; 428 429 strncpy(rpdev->id.name, chinfo->name, RPMSG_NAME_SIZE); 430 431 rpdev->dev.parent = &vrp->vdev->dev; 432 rpdev->dev.release = virtio_rpmsg_release_device; 433 ret = rpmsg_register_device(rpdev); 434 if (ret) 435 return NULL; 436 437 return rpdev; 438 } 439 440 /* super simple buffer "allocator" that is just enough for now */ 441 static void *get_a_tx_buf(struct virtproc_info *vrp) 442 { 443 unsigned int len; 444 void *ret; 445 446 /* support multiple concurrent senders */ 447 mutex_lock(&vrp->tx_lock); 448 449 /* 450 * either pick the next unused tx buffer 451 * (half of our buffers are used for sending messages) 452 */ 453 if (vrp->last_sbuf < vrp->num_bufs / 2) 454 ret = vrp->sbufs + vrp->buf_size * vrp->last_sbuf++; 455 /* or recycle a used one */ 456 else 457 ret = virtqueue_get_buf(vrp->svq, &len); 458 459 mutex_unlock(&vrp->tx_lock); 460 461 return ret; 462 } 463 464 /** 465 * rpmsg_upref_sleepers() - enable "tx-complete" interrupts, if needed 466 * @vrp: virtual remote processor state 467 * 468 * This function is called before a sender is blocked, waiting for 469 * a tx buffer to become available. 470 * 471 * If we already have blocking senders, this function merely increases 472 * the "sleepers" reference count, and exits. 473 * 474 * Otherwise, if this is the first sender to block, we also enable 475 * virtio's tx callbacks, so we'd be immediately notified when a tx 476 * buffer is consumed (we rely on virtio's tx callback in order 477 * to wake up sleeping senders as soon as a tx buffer is used by the 478 * remote processor). 479 */ 480 static void rpmsg_upref_sleepers(struct virtproc_info *vrp) 481 { 482 /* support multiple concurrent senders */ 483 mutex_lock(&vrp->tx_lock); 484 485 /* are we the first sleeping context waiting for tx buffers ? */ 486 if (atomic_inc_return(&vrp->sleepers) == 1) 487 /* enable "tx-complete" interrupts before dozing off */ 488 virtqueue_enable_cb(vrp->svq); 489 490 mutex_unlock(&vrp->tx_lock); 491 } 492 493 /** 494 * rpmsg_downref_sleepers() - disable "tx-complete" interrupts, if needed 495 * @vrp: virtual remote processor state 496 * 497 * This function is called after a sender, that waited for a tx buffer 498 * to become available, is unblocked. 499 * 500 * If we still have blocking senders, this function merely decreases 501 * the "sleepers" reference count, and exits. 502 * 503 * Otherwise, if there are no more blocking senders, we also disable 504 * virtio's tx callbacks, to avoid the overhead incurred with handling 505 * those (now redundant) interrupts. 506 */ 507 static void rpmsg_downref_sleepers(struct virtproc_info *vrp) 508 { 509 /* support multiple concurrent senders */ 510 mutex_lock(&vrp->tx_lock); 511 512 /* are we the last sleeping context waiting for tx buffers ? */ 513 if (atomic_dec_and_test(&vrp->sleepers)) 514 /* disable "tx-complete" interrupts */ 515 virtqueue_disable_cb(vrp->svq); 516 517 mutex_unlock(&vrp->tx_lock); 518 } 519 520 /** 521 * rpmsg_send_offchannel_raw() - send a message across to the remote processor 522 * @rpdev: the rpmsg channel 523 * @src: source address 524 * @dst: destination address 525 * @data: payload of message 526 * @len: length of payload 527 * @wait: indicates whether caller should block in case no TX buffers available 528 * 529 * This function is the base implementation for all of the rpmsg sending API. 530 * 531 * It will send @data of length @len to @dst, and say it's from @src. The 532 * message will be sent to the remote processor which the @rpdev channel 533 * belongs to. 534 * 535 * The message is sent using one of the TX buffers that are available for 536 * communication with this remote processor. 537 * 538 * If @wait is true, the caller will be blocked until either a TX buffer is 539 * available, or 15 seconds elapses (we don't want callers to 540 * sleep indefinitely due to misbehaving remote processors), and in that 541 * case -ERESTARTSYS is returned. The number '15' itself was picked 542 * arbitrarily; there's little point in asking drivers to provide a timeout 543 * value themselves. 544 * 545 * Otherwise, if @wait is false, and there are no TX buffers available, 546 * the function will immediately fail, and -ENOMEM will be returned. 547 * 548 * Normally drivers shouldn't use this function directly; instead, drivers 549 * should use the appropriate rpmsg_{try}send{to, _offchannel} API 550 * (see include/linux/rpmsg.h). 551 * 552 * Returns 0 on success and an appropriate error value on failure. 553 */ 554 static int rpmsg_send_offchannel_raw(struct rpmsg_device *rpdev, 555 u32 src, u32 dst, 556 void *data, int len, bool wait) 557 { 558 struct virtio_rpmsg_channel *vch = to_virtio_rpmsg_channel(rpdev); 559 struct virtproc_info *vrp = vch->vrp; 560 struct device *dev = &rpdev->dev; 561 struct scatterlist sg; 562 struct rpmsg_hdr *msg; 563 int err; 564 565 /* bcasting isn't allowed */ 566 if (src == RPMSG_ADDR_ANY || dst == RPMSG_ADDR_ANY) { 567 dev_err(dev, "invalid addr (src 0x%x, dst 0x%x)\n", src, dst); 568 return -EINVAL; 569 } 570 571 /* 572 * We currently use fixed-sized buffers, and therefore the payload 573 * length is limited. 574 * 575 * One of the possible improvements here is either to support 576 * user-provided buffers (and then we can also support zero-copy 577 * messaging), or to improve the buffer allocator, to support 578 * variable-length buffer sizes. 579 */ 580 if (len > vrp->buf_size - sizeof(struct rpmsg_hdr)) { 581 dev_err(dev, "message is too big (%d)\n", len); 582 return -EMSGSIZE; 583 } 584 585 /* grab a buffer */ 586 msg = get_a_tx_buf(vrp); 587 if (!msg && !wait) 588 return -ENOMEM; 589 590 /* no free buffer ? wait for one (but bail after 15 seconds) */ 591 while (!msg) { 592 /* enable "tx-complete" interrupts, if not already enabled */ 593 rpmsg_upref_sleepers(vrp); 594 595 /* 596 * sleep until a free buffer is available or 15 secs elapse. 597 * the timeout period is not configurable because there's 598 * little point in asking drivers to specify that. 599 * if later this happens to be required, it'd be easy to add. 600 */ 601 err = wait_event_interruptible_timeout(vrp->sendq, 602 (msg = get_a_tx_buf(vrp)), 603 msecs_to_jiffies(15000)); 604 605 /* disable "tx-complete" interrupts if we're the last sleeper */ 606 rpmsg_downref_sleepers(vrp); 607 608 /* timeout ? */ 609 if (!err) { 610 dev_err(dev, "timeout waiting for a tx buffer\n"); 611 return -ERESTARTSYS; 612 } 613 } 614 615 msg->len = len; 616 msg->flags = 0; 617 msg->src = src; 618 msg->dst = dst; 619 msg->reserved = 0; 620 memcpy(msg->data, data, len); 621 622 dev_dbg(dev, "TX From 0x%x, To 0x%x, Len %d, Flags %d, Reserved %d\n", 623 msg->src, msg->dst, msg->len, msg->flags, msg->reserved); 624 #if defined(CONFIG_DYNAMIC_DEBUG) 625 dynamic_hex_dump("rpmsg_virtio TX: ", DUMP_PREFIX_NONE, 16, 1, 626 msg, sizeof(*msg) + msg->len, true); 627 #endif 628 629 rpmsg_sg_init(&sg, msg, sizeof(*msg) + len); 630 631 mutex_lock(&vrp->tx_lock); 632 633 /* add message to the remote processor's virtqueue */ 634 err = virtqueue_add_outbuf(vrp->svq, &sg, 1, msg, GFP_KERNEL); 635 if (err) { 636 /* 637 * need to reclaim the buffer here, otherwise it's lost 638 * (memory won't leak, but rpmsg won't use it again for TX). 639 * this will wait for a buffer management overhaul. 640 */ 641 dev_err(dev, "virtqueue_add_outbuf failed: %d\n", err); 642 goto out; 643 } 644 645 /* tell the remote processor it has a pending message to read */ 646 virtqueue_kick(vrp->svq); 647 out: 648 mutex_unlock(&vrp->tx_lock); 649 return err; 650 } 651 652 static int virtio_rpmsg_send(struct rpmsg_endpoint *ept, void *data, int len) 653 { 654 struct rpmsg_device *rpdev = ept->rpdev; 655 u32 src = ept->addr, dst = rpdev->dst; 656 657 return rpmsg_send_offchannel_raw(rpdev, src, dst, data, len, true); 658 } 659 660 static int virtio_rpmsg_sendto(struct rpmsg_endpoint *ept, void *data, int len, 661 u32 dst) 662 { 663 struct rpmsg_device *rpdev = ept->rpdev; 664 u32 src = ept->addr; 665 666 return rpmsg_send_offchannel_raw(rpdev, src, dst, data, len, true); 667 } 668 669 static int virtio_rpmsg_send_offchannel(struct rpmsg_endpoint *ept, u32 src, 670 u32 dst, void *data, int len) 671 { 672 struct rpmsg_device *rpdev = ept->rpdev; 673 674 return rpmsg_send_offchannel_raw(rpdev, src, dst, data, len, true); 675 } 676 677 static int virtio_rpmsg_trysend(struct rpmsg_endpoint *ept, void *data, int len) 678 { 679 struct rpmsg_device *rpdev = ept->rpdev; 680 u32 src = ept->addr, dst = rpdev->dst; 681 682 return rpmsg_send_offchannel_raw(rpdev, src, dst, data, len, false); 683 } 684 685 static int virtio_rpmsg_trysendto(struct rpmsg_endpoint *ept, void *data, 686 int len, u32 dst) 687 { 688 struct rpmsg_device *rpdev = ept->rpdev; 689 u32 src = ept->addr; 690 691 return rpmsg_send_offchannel_raw(rpdev, src, dst, data, len, false); 692 } 693 694 static int virtio_rpmsg_trysend_offchannel(struct rpmsg_endpoint *ept, u32 src, 695 u32 dst, void *data, int len) 696 { 697 struct rpmsg_device *rpdev = ept->rpdev; 698 699 return rpmsg_send_offchannel_raw(rpdev, src, dst, data, len, false); 700 } 701 702 static int rpmsg_recv_single(struct virtproc_info *vrp, struct device *dev, 703 struct rpmsg_hdr *msg, unsigned int len) 704 { 705 struct rpmsg_endpoint *ept; 706 struct scatterlist sg; 707 int err; 708 709 dev_dbg(dev, "From: 0x%x, To: 0x%x, Len: %d, Flags: %d, Reserved: %d\n", 710 msg->src, msg->dst, msg->len, msg->flags, msg->reserved); 711 #if defined(CONFIG_DYNAMIC_DEBUG) 712 dynamic_hex_dump("rpmsg_virtio RX: ", DUMP_PREFIX_NONE, 16, 1, 713 msg, sizeof(*msg) + msg->len, true); 714 #endif 715 716 /* 717 * We currently use fixed-sized buffers, so trivially sanitize 718 * the reported payload length. 719 */ 720 if (len > vrp->buf_size || 721 msg->len > (len - sizeof(struct rpmsg_hdr))) { 722 dev_warn(dev, "inbound msg too big: (%d, %d)\n", len, msg->len); 723 return -EINVAL; 724 } 725 726 /* use the dst addr to fetch the callback of the appropriate user */ 727 mutex_lock(&vrp->endpoints_lock); 728 729 ept = idr_find(&vrp->endpoints, msg->dst); 730 731 /* let's make sure no one deallocates ept while we use it */ 732 if (ept) 733 kref_get(&ept->refcount); 734 735 mutex_unlock(&vrp->endpoints_lock); 736 737 if (ept) { 738 /* make sure ept->cb doesn't go away while we use it */ 739 mutex_lock(&ept->cb_lock); 740 741 if (ept->cb) 742 ept->cb(ept->rpdev, msg->data, msg->len, ept->priv, 743 msg->src); 744 745 mutex_unlock(&ept->cb_lock); 746 747 /* farewell, ept, we don't need you anymore */ 748 kref_put(&ept->refcount, __ept_release); 749 } else 750 dev_warn(dev, "msg received with no recipient\n"); 751 752 /* publish the real size of the buffer */ 753 rpmsg_sg_init(&sg, msg, vrp->buf_size); 754 755 /* add the buffer back to the remote processor's virtqueue */ 756 err = virtqueue_add_inbuf(vrp->rvq, &sg, 1, msg, GFP_KERNEL); 757 if (err < 0) { 758 dev_err(dev, "failed to add a virtqueue buffer: %d\n", err); 759 return err; 760 } 761 762 return 0; 763 } 764 765 /* called when an rx buffer is used, and it's time to digest a message */ 766 static void rpmsg_recv_done(struct virtqueue *rvq) 767 { 768 struct virtproc_info *vrp = rvq->vdev->priv; 769 struct device *dev = &rvq->vdev->dev; 770 struct rpmsg_hdr *msg; 771 unsigned int len, msgs_received = 0; 772 int err; 773 774 msg = virtqueue_get_buf(rvq, &len); 775 if (!msg) { 776 dev_err(dev, "uhm, incoming signal, but no used buffer ?\n"); 777 return; 778 } 779 780 while (msg) { 781 err = rpmsg_recv_single(vrp, dev, msg, len); 782 if (err) 783 break; 784 785 msgs_received++; 786 787 msg = virtqueue_get_buf(rvq, &len); 788 } 789 790 dev_dbg(dev, "Received %u messages\n", msgs_received); 791 792 /* tell the remote processor we added another available rx buffer */ 793 if (msgs_received) 794 virtqueue_kick(vrp->rvq); 795 } 796 797 /* 798 * This is invoked whenever the remote processor completed processing 799 * a TX msg we just sent it, and the buffer is put back to the used ring. 800 * 801 * Normally, though, we suppress this "tx complete" interrupt in order to 802 * avoid the incurred overhead. 803 */ 804 static void rpmsg_xmit_done(struct virtqueue *svq) 805 { 806 struct virtproc_info *vrp = svq->vdev->priv; 807 808 dev_dbg(&svq->vdev->dev, "%s\n", __func__); 809 810 /* wake up potential senders that are waiting for a tx buffer */ 811 wake_up_interruptible(&vrp->sendq); 812 } 813 814 /* invoked when a name service announcement arrives */ 815 static int rpmsg_ns_cb(struct rpmsg_device *rpdev, void *data, int len, 816 void *priv, u32 src) 817 { 818 struct rpmsg_ns_msg *msg = data; 819 struct rpmsg_device *newch; 820 struct rpmsg_channel_info chinfo; 821 struct virtproc_info *vrp = priv; 822 struct device *dev = &vrp->vdev->dev; 823 int ret; 824 825 #if defined(CONFIG_DYNAMIC_DEBUG) 826 dynamic_hex_dump("NS announcement: ", DUMP_PREFIX_NONE, 16, 1, 827 data, len, true); 828 #endif 829 830 if (len != sizeof(*msg)) { 831 dev_err(dev, "malformed ns msg (%d)\n", len); 832 return -EINVAL; 833 } 834 835 /* 836 * the name service ept does _not_ belong to a real rpmsg channel, 837 * and is handled by the rpmsg bus itself. 838 * for sanity reasons, make sure a valid rpdev has _not_ sneaked 839 * in somehow. 840 */ 841 if (rpdev) { 842 dev_err(dev, "anomaly: ns ept has an rpdev handle\n"); 843 return -EINVAL; 844 } 845 846 /* don't trust the remote processor for null terminating the name */ 847 msg->name[RPMSG_NAME_SIZE - 1] = '\0'; 848 849 dev_info(dev, "%sing channel %s addr 0x%x\n", 850 msg->flags & RPMSG_NS_DESTROY ? "destroy" : "creat", 851 msg->name, msg->addr); 852 853 strncpy(chinfo.name, msg->name, sizeof(chinfo.name)); 854 chinfo.src = RPMSG_ADDR_ANY; 855 chinfo.dst = msg->addr; 856 857 if (msg->flags & RPMSG_NS_DESTROY) { 858 ret = rpmsg_unregister_device(&vrp->vdev->dev, &chinfo); 859 if (ret) 860 dev_err(dev, "rpmsg_destroy_channel failed: %d\n", ret); 861 } else { 862 newch = rpmsg_create_channel(vrp, &chinfo); 863 if (!newch) 864 dev_err(dev, "rpmsg_create_channel failed\n"); 865 } 866 867 return 0; 868 } 869 870 static int rpmsg_probe(struct virtio_device *vdev) 871 { 872 vq_callback_t *vq_cbs[] = { rpmsg_recv_done, rpmsg_xmit_done }; 873 static const char * const names[] = { "input", "output" }; 874 struct virtqueue *vqs[2]; 875 struct virtproc_info *vrp; 876 void *bufs_va; 877 int err = 0, i; 878 size_t total_buf_space; 879 bool notify; 880 881 vrp = kzalloc(sizeof(*vrp), GFP_KERNEL); 882 if (!vrp) 883 return -ENOMEM; 884 885 vrp->vdev = vdev; 886 887 idr_init(&vrp->endpoints); 888 mutex_init(&vrp->endpoints_lock); 889 mutex_init(&vrp->tx_lock); 890 init_waitqueue_head(&vrp->sendq); 891 892 /* We expect two virtqueues, rx and tx (and in this order) */ 893 err = virtio_find_vqs(vdev, 2, vqs, vq_cbs, names, NULL); 894 if (err) 895 goto free_vrp; 896 897 vrp->rvq = vqs[0]; 898 vrp->svq = vqs[1]; 899 900 /* we expect symmetric tx/rx vrings */ 901 WARN_ON(virtqueue_get_vring_size(vrp->rvq) != 902 virtqueue_get_vring_size(vrp->svq)); 903 904 /* we need less buffers if vrings are small */ 905 if (virtqueue_get_vring_size(vrp->rvq) < MAX_RPMSG_NUM_BUFS / 2) 906 vrp->num_bufs = virtqueue_get_vring_size(vrp->rvq) * 2; 907 else 908 vrp->num_bufs = MAX_RPMSG_NUM_BUFS; 909 910 vrp->buf_size = MAX_RPMSG_BUF_SIZE; 911 912 total_buf_space = vrp->num_bufs * vrp->buf_size; 913 914 /* allocate coherent memory for the buffers */ 915 bufs_va = dma_alloc_coherent(vdev->dev.parent->parent, 916 total_buf_space, &vrp->bufs_dma, 917 GFP_KERNEL); 918 if (!bufs_va) { 919 err = -ENOMEM; 920 goto vqs_del; 921 } 922 923 dev_dbg(&vdev->dev, "buffers: va %p, dma %pad\n", 924 bufs_va, &vrp->bufs_dma); 925 926 /* half of the buffers is dedicated for RX */ 927 vrp->rbufs = bufs_va; 928 929 /* and half is dedicated for TX */ 930 vrp->sbufs = bufs_va + total_buf_space / 2; 931 932 /* set up the receive buffers */ 933 for (i = 0; i < vrp->num_bufs / 2; i++) { 934 struct scatterlist sg; 935 void *cpu_addr = vrp->rbufs + i * vrp->buf_size; 936 937 rpmsg_sg_init(&sg, cpu_addr, vrp->buf_size); 938 939 err = virtqueue_add_inbuf(vrp->rvq, &sg, 1, cpu_addr, 940 GFP_KERNEL); 941 WARN_ON(err); /* sanity check; this can't really happen */ 942 } 943 944 /* suppress "tx-complete" interrupts */ 945 virtqueue_disable_cb(vrp->svq); 946 947 vdev->priv = vrp; 948 949 /* if supported by the remote processor, enable the name service */ 950 if (virtio_has_feature(vdev, VIRTIO_RPMSG_F_NS)) { 951 /* a dedicated endpoint handles the name service msgs */ 952 vrp->ns_ept = __rpmsg_create_ept(vrp, NULL, rpmsg_ns_cb, 953 vrp, RPMSG_NS_ADDR); 954 if (!vrp->ns_ept) { 955 dev_err(&vdev->dev, "failed to create the ns ept\n"); 956 err = -ENOMEM; 957 goto free_coherent; 958 } 959 } 960 961 /* 962 * Prepare to kick but don't notify yet - we can't do this before 963 * device is ready. 964 */ 965 notify = virtqueue_kick_prepare(vrp->rvq); 966 967 /* From this point on, we can notify and get callbacks. */ 968 virtio_device_ready(vdev); 969 970 /* tell the remote processor it can start sending messages */ 971 /* 972 * this might be concurrent with callbacks, but we are only 973 * doing notify, not a full kick here, so that's ok. 974 */ 975 if (notify) 976 virtqueue_notify(vrp->rvq); 977 978 dev_info(&vdev->dev, "rpmsg host is online\n"); 979 980 return 0; 981 982 free_coherent: 983 dma_free_coherent(vdev->dev.parent->parent, total_buf_space, 984 bufs_va, vrp->bufs_dma); 985 vqs_del: 986 vdev->config->del_vqs(vrp->vdev); 987 free_vrp: 988 kfree(vrp); 989 return err; 990 } 991 992 static int rpmsg_remove_device(struct device *dev, void *data) 993 { 994 device_unregister(dev); 995 996 return 0; 997 } 998 999 static void rpmsg_remove(struct virtio_device *vdev) 1000 { 1001 struct virtproc_info *vrp = vdev->priv; 1002 size_t total_buf_space = vrp->num_bufs * vrp->buf_size; 1003 int ret; 1004 1005 vdev->config->reset(vdev); 1006 1007 ret = device_for_each_child(&vdev->dev, NULL, rpmsg_remove_device); 1008 if (ret) 1009 dev_warn(&vdev->dev, "can't remove rpmsg device: %d\n", ret); 1010 1011 if (vrp->ns_ept) 1012 __rpmsg_destroy_ept(vrp, vrp->ns_ept); 1013 1014 idr_destroy(&vrp->endpoints); 1015 1016 vdev->config->del_vqs(vrp->vdev); 1017 1018 dma_free_coherent(vdev->dev.parent->parent, total_buf_space, 1019 vrp->rbufs, vrp->bufs_dma); 1020 1021 kfree(vrp); 1022 } 1023 1024 static struct virtio_device_id id_table[] = { 1025 { VIRTIO_ID_RPMSG, VIRTIO_DEV_ANY_ID }, 1026 { 0 }, 1027 }; 1028 1029 static unsigned int features[] = { 1030 VIRTIO_RPMSG_F_NS, 1031 }; 1032 1033 static struct virtio_driver virtio_ipc_driver = { 1034 .feature_table = features, 1035 .feature_table_size = ARRAY_SIZE(features), 1036 .driver.name = KBUILD_MODNAME, 1037 .driver.owner = THIS_MODULE, 1038 .id_table = id_table, 1039 .probe = rpmsg_probe, 1040 .remove = rpmsg_remove, 1041 }; 1042 1043 static int __init rpmsg_init(void) 1044 { 1045 int ret; 1046 1047 ret = register_virtio_driver(&virtio_ipc_driver); 1048 if (ret) 1049 pr_err("failed to register virtio driver: %d\n", ret); 1050 1051 return ret; 1052 } 1053 subsys_initcall(rpmsg_init); 1054 1055 static void __exit rpmsg_fini(void) 1056 { 1057 unregister_virtio_driver(&virtio_ipc_driver); 1058 } 1059 module_exit(rpmsg_fini); 1060 1061 MODULE_DEVICE_TABLE(virtio, id_table); 1062 MODULE_DESCRIPTION("Virtio-based remote processor messaging bus"); 1063 MODULE_LICENSE("GPL v2"); 1064