1/* 2 * Virtio-based remote processor messaging bus 3 * 4 * Copyright (C) 2011 Texas Instruments, Inc. 5 * Copyright (C) 2011 Google, Inc. 6 * 7 * Ohad Ben-Cohen <ohad@wizery.com> 8 * Brian Swetland <swetland@google.com> 9 * 10 * This software is licensed under the terms of the GNU General Public 11 * License version 2, as published by the Free Software Foundation, and 12 * may be copied, distributed, and modified under those terms. 13 * 14 * This program is distributed in the hope that it will be useful, 15 * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 * GNU General Public License for more details. 18 */ 19 20#define pr_fmt(fmt) "%s: " fmt, __func__ 21 22#include <linux/kernel.h> 23#include <linux/module.h> 24#include <linux/virtio.h> 25#include <linux/virtio_ids.h> 26#include <linux/virtio_config.h> 27#include <linux/scatterlist.h> 28#include <linux/dma-mapping.h> 29#include <linux/slab.h> 30#include <linux/idr.h> 31#include <linux/jiffies.h> 32#include <linux/sched.h> 33#include <linux/wait.h> 34#include <linux/rpmsg.h> 35#include <linux/mutex.h> 36 37/** 38 * struct virtproc_info - virtual remote processor state 39 * @vdev: the virtio device 40 * @rvq: rx virtqueue 41 * @svq: tx virtqueue 42 * @rbufs: kernel address of rx buffers 43 * @sbufs: kernel address of tx buffers 44 * @last_sbuf: index of last tx buffer used 45 * @bufs_dma: dma base addr of the buffers 46 * @tx_lock: protects svq, sbufs and sleepers, to allow concurrent senders. 47 * sending a message might require waking up a dozing remote 48 * processor, which involves sleeping, hence the mutex. 49 * @endpoints: idr of local endpoints, allows fast retrieval 50 * @endpoints_lock: lock of the endpoints set 51 * @sendq: wait queue of sending contexts waiting for a tx buffers 52 * @sleepers: number of senders that are waiting for a tx buffer 53 * @ns_ept: the bus's name service endpoint 54 * 55 * This structure stores the rpmsg state of a given virtio remote processor 56 * device (there might be several virtio proc devices for each physical 57 * remote processor). 58 */ 59struct virtproc_info { 60 struct virtio_device *vdev; 61 struct virtqueue *rvq, *svq; 62 void *rbufs, *sbufs; 63 int last_sbuf; 64 dma_addr_t bufs_dma; 65 struct mutex tx_lock; 66 struct idr endpoints; 67 struct mutex endpoints_lock; 68 wait_queue_head_t sendq; 69 atomic_t sleepers; 70 struct rpmsg_endpoint *ns_ept; 71}; 72 73/** 74 * struct rpmsg_channel_info - internal channel info representation 75 * @name: name of service 76 * @src: local address 77 * @dst: destination address 78 */ 79struct rpmsg_channel_info { 80 char name[RPMSG_NAME_SIZE]; 81 u32 src; 82 u32 dst; 83}; 84 85#define to_rpmsg_channel(d) container_of(d, struct rpmsg_channel, dev) 86#define to_rpmsg_driver(d) container_of(d, struct rpmsg_driver, drv) 87 88/* 89 * We're allocating 512 buffers of 512 bytes for communications, and then 90 * using the first 256 buffers for RX, and the last 256 buffers for TX. 91 * 92 * Each buffer will have 16 bytes for the msg header and 496 bytes for 93 * the payload. 94 * 95 * This will require a total space of 256KB for the buffers. 96 * 97 * We might also want to add support for user-provided buffers in time. 98 * This will allow bigger buffer size flexibility, and can also be used 99 * to achieve zero-copy messaging. 100 * 101 * Note that these numbers are purely a decision of this driver - we 102 * can change this without changing anything in the firmware of the remote 103 * processor. 104 */ 105#define RPMSG_NUM_BUFS (512) 106#define RPMSG_BUF_SIZE (512) 107#define RPMSG_TOTAL_BUF_SPACE (RPMSG_NUM_BUFS * RPMSG_BUF_SIZE) 108 109/* 110 * Local addresses are dynamically allocated on-demand. 111 * We do not dynamically assign addresses from the low 1024 range, 112 * in order to reserve that address range for predefined services. 113 */ 114#define RPMSG_RESERVED_ADDRESSES (1024) 115 116/* Address 53 is reserved for advertising remote services */ 117#define RPMSG_NS_ADDR (53) 118 119/* sysfs show configuration fields */ 120#define rpmsg_show_attr(field, path, format_string) \ 121static ssize_t \ 122field##_show(struct device *dev, \ 123 struct device_attribute *attr, char *buf) \ 124{ \ 125 struct rpmsg_channel *rpdev = to_rpmsg_channel(dev); \ 126 \ 127 return sprintf(buf, format_string, rpdev->path); \ 128} 129 130/* for more info, see Documentation/ABI/testing/sysfs-bus-rpmsg */ 131rpmsg_show_attr(name, id.name, "%s\n"); 132rpmsg_show_attr(src, src, "0x%x\n"); 133rpmsg_show_attr(dst, dst, "0x%x\n"); 134rpmsg_show_attr(announce, announce ? "true" : "false", "%s\n"); 135 136/* 137 * Unique (and free running) index for rpmsg devices. 138 * 139 * Yeah, we're not recycling those numbers (yet?). will be easy 140 * to change if/when we want to. 141 */ 142static unsigned int rpmsg_dev_index; 143 144static ssize_t modalias_show(struct device *dev, 145 struct device_attribute *attr, char *buf) 146{ 147 struct rpmsg_channel *rpdev = to_rpmsg_channel(dev); 148 149 return sprintf(buf, RPMSG_DEVICE_MODALIAS_FMT "\n", rpdev->id.name); 150} 151 152static struct device_attribute rpmsg_dev_attrs[] = { 153 __ATTR_RO(name), 154 __ATTR_RO(modalias), 155 __ATTR_RO(dst), 156 __ATTR_RO(src), 157 __ATTR_RO(announce), 158 __ATTR_NULL 159}; 160 161/* rpmsg devices and drivers are matched using the service name */ 162static inline int rpmsg_id_match(const struct rpmsg_channel *rpdev, 163 const struct rpmsg_device_id *id) 164{ 165 return strncmp(id->name, rpdev->id.name, RPMSG_NAME_SIZE) == 0; 166} 167 168/* match rpmsg channel and rpmsg driver */ 169static int rpmsg_dev_match(struct device *dev, struct device_driver *drv) 170{ 171 struct rpmsg_channel *rpdev = to_rpmsg_channel(dev); 172 struct rpmsg_driver *rpdrv = to_rpmsg_driver(drv); 173 const struct rpmsg_device_id *ids = rpdrv->id_table; 174 unsigned int i; 175 176 for (i = 0; ids[i].name[0]; i++) 177 if (rpmsg_id_match(rpdev, &ids[i])) 178 return 1; 179 180 return 0; 181} 182 183static int rpmsg_uevent(struct device *dev, struct kobj_uevent_env *env) 184{ 185 struct rpmsg_channel *rpdev = to_rpmsg_channel(dev); 186 187 return add_uevent_var(env, "MODALIAS=" RPMSG_DEVICE_MODALIAS_FMT, 188 rpdev->id.name); 189} 190 191/** 192 * __ept_release() - deallocate an rpmsg endpoint 193 * @kref: the ept's reference count 194 * 195 * This function deallocates an ept, and is invoked when its @kref refcount 196 * drops to zero. 197 * 198 * Never invoke this function directly! 199 */ 200static void __ept_release(struct kref *kref) 201{ 202 struct rpmsg_endpoint *ept = container_of(kref, struct rpmsg_endpoint, 203 refcount); 204 /* 205 * At this point no one holds a reference to ept anymore, 206 * so we can directly free it 207 */ 208 kfree(ept); 209} 210 211/* for more info, see below documentation of rpmsg_create_ept() */ 212static struct rpmsg_endpoint *__rpmsg_create_ept(struct virtproc_info *vrp, 213 struct rpmsg_channel *rpdev, rpmsg_rx_cb_t cb, 214 void *priv, u32 addr) 215{ 216 int err, tmpaddr, request; 217 struct rpmsg_endpoint *ept; 218 struct device *dev = rpdev ? &rpdev->dev : &vrp->vdev->dev; 219 220 if (!idr_pre_get(&vrp->endpoints, GFP_KERNEL)) 221 return NULL; 222 223 ept = kzalloc(sizeof(*ept), GFP_KERNEL); 224 if (!ept) { 225 dev_err(dev, "failed to kzalloc a new ept\n"); 226 return NULL; 227 } 228 229 kref_init(&ept->refcount); 230 mutex_init(&ept->cb_lock); 231 232 ept->rpdev = rpdev; 233 ept->cb = cb; 234 ept->priv = priv; 235 236 /* do we need to allocate a local address ? */ 237 request = addr == RPMSG_ADDR_ANY ? RPMSG_RESERVED_ADDRESSES : addr; 238 239 mutex_lock(&vrp->endpoints_lock); 240 241 /* bind the endpoint to an rpmsg address (and allocate one if needed) */ 242 err = idr_get_new_above(&vrp->endpoints, ept, request, &tmpaddr); 243 if (err) { 244 dev_err(dev, "idr_get_new_above failed: %d\n", err); 245 goto free_ept; 246 } 247 248 /* make sure the user's address request is fulfilled, if relevant */ 249 if (addr != RPMSG_ADDR_ANY && tmpaddr != addr) { 250 dev_err(dev, "address 0x%x already in use\n", addr); 251 goto rem_idr; 252 } 253 254 ept->addr = tmpaddr; 255 256 mutex_unlock(&vrp->endpoints_lock); 257 258 return ept; 259 260rem_idr: 261 idr_remove(&vrp->endpoints, request); 262free_ept: 263 mutex_unlock(&vrp->endpoints_lock); 264 kref_put(&ept->refcount, __ept_release); 265 return NULL; 266} 267 268/** 269 * rpmsg_create_ept() - create a new rpmsg_endpoint 270 * @rpdev: rpmsg channel device 271 * @cb: rx callback handler 272 * @priv: private data for the driver's use 273 * @addr: local rpmsg address to bind with @cb 274 * 275 * Every rpmsg address in the system is bound to an rx callback (so when 276 * inbound messages arrive, they are dispatched by the rpmsg bus using the 277 * appropriate callback handler) by means of an rpmsg_endpoint struct. 278 * 279 * This function allows drivers to create such an endpoint, and by that, 280 * bind a callback, and possibly some private data too, to an rpmsg address 281 * (either one that is known in advance, or one that will be dynamically 282 * assigned for them). 283 * 284 * Simple rpmsg drivers need not call rpmsg_create_ept, because an endpoint 285 * is already created for them when they are probed by the rpmsg bus 286 * (using the rx callback provided when they registered to the rpmsg bus). 287 * 288 * So things should just work for simple drivers: they already have an 289 * endpoint, their rx callback is bound to their rpmsg address, and when 290 * relevant inbound messages arrive (i.e. messages which their dst address 291 * equals to the src address of their rpmsg channel), the driver's handler 292 * is invoked to process it. 293 * 294 * That said, more complicated drivers might do need to allocate 295 * additional rpmsg addresses, and bind them to different rx callbacks. 296 * To accomplish that, those drivers need to call this function. 297 * 298 * Drivers should provide their @rpdev channel (so the new endpoint would belong 299 * to the same remote processor their channel belongs to), an rx callback 300 * function, an optional private data (which is provided back when the 301 * rx callback is invoked), and an address they want to bind with the 302 * callback. If @addr is RPMSG_ADDR_ANY, then rpmsg_create_ept will 303 * dynamically assign them an available rpmsg address (drivers should have 304 * a very good reason why not to always use RPMSG_ADDR_ANY here). 305 * 306 * Returns a pointer to the endpoint on success, or NULL on error. 307 */ 308struct rpmsg_endpoint *rpmsg_create_ept(struct rpmsg_channel *rpdev, 309 rpmsg_rx_cb_t cb, void *priv, u32 addr) 310{ 311 return __rpmsg_create_ept(rpdev->vrp, rpdev, cb, priv, addr); 312} 313EXPORT_SYMBOL(rpmsg_create_ept); 314 315/** 316 * __rpmsg_destroy_ept() - destroy an existing rpmsg endpoint 317 * @vrp: virtproc which owns this ept 318 * @ept: endpoing to destroy 319 * 320 * An internal function which destroy an ept without assuming it is 321 * bound to an rpmsg channel. This is needed for handling the internal 322 * name service endpoint, which isn't bound to an rpmsg channel. 323 * See also __rpmsg_create_ept(). 324 */ 325static void 326__rpmsg_destroy_ept(struct virtproc_info *vrp, struct rpmsg_endpoint *ept) 327{ 328 /* make sure new inbound messages can't find this ept anymore */ 329 mutex_lock(&vrp->endpoints_lock); 330 idr_remove(&vrp->endpoints, ept->addr); 331 mutex_unlock(&vrp->endpoints_lock); 332 333 /* make sure in-flight inbound messages won't invoke cb anymore */ 334 mutex_lock(&ept->cb_lock); 335 ept->cb = NULL; 336 mutex_unlock(&ept->cb_lock); 337 338 kref_put(&ept->refcount, __ept_release); 339} 340 341/** 342 * rpmsg_destroy_ept() - destroy an existing rpmsg endpoint 343 * @ept: endpoing to destroy 344 * 345 * Should be used by drivers to destroy an rpmsg endpoint previously 346 * created with rpmsg_create_ept(). 347 */ 348void rpmsg_destroy_ept(struct rpmsg_endpoint *ept) 349{ 350 __rpmsg_destroy_ept(ept->rpdev->vrp, ept); 351} 352EXPORT_SYMBOL(rpmsg_destroy_ept); 353 354/* 355 * when an rpmsg driver is probed with a channel, we seamlessly create 356 * it an endpoint, binding its rx callback to a unique local rpmsg 357 * address. 358 * 359 * if we need to, we also announce about this channel to the remote 360 * processor (needed in case the driver is exposing an rpmsg service). 361 */ 362static int rpmsg_dev_probe(struct device *dev) 363{ 364 struct rpmsg_channel *rpdev = to_rpmsg_channel(dev); 365 struct rpmsg_driver *rpdrv = to_rpmsg_driver(rpdev->dev.driver); 366 struct virtproc_info *vrp = rpdev->vrp; 367 struct rpmsg_endpoint *ept; 368 int err; 369 370 ept = rpmsg_create_ept(rpdev, rpdrv->callback, NULL, rpdev->src); 371 if (!ept) { 372 dev_err(dev, "failed to create endpoint\n"); 373 err = -ENOMEM; 374 goto out; 375 } 376 377 rpdev->ept = ept; 378 rpdev->src = ept->addr; 379 380 err = rpdrv->probe(rpdev); 381 if (err) { 382 dev_err(dev, "%s: failed: %d\n", __func__, err); 383 rpmsg_destroy_ept(ept); 384 goto out; 385 } 386 387 /* need to tell remote processor's name service about this channel ? */ 388 if (rpdev->announce && 389 virtio_has_feature(vrp->vdev, VIRTIO_RPMSG_F_NS)) { 390 struct rpmsg_ns_msg nsm; 391 392 strncpy(nsm.name, rpdev->id.name, RPMSG_NAME_SIZE); 393 nsm.addr = rpdev->src; 394 nsm.flags = RPMSG_NS_CREATE; 395 396 err = rpmsg_sendto(rpdev, &nsm, sizeof(nsm), RPMSG_NS_ADDR); 397 if (err) 398 dev_err(dev, "failed to announce service %d\n", err); 399 } 400 401out: 402 return err; 403} 404 405static int rpmsg_dev_remove(struct device *dev) 406{ 407 struct rpmsg_channel *rpdev = to_rpmsg_channel(dev); 408 struct rpmsg_driver *rpdrv = to_rpmsg_driver(rpdev->dev.driver); 409 struct virtproc_info *vrp = rpdev->vrp; 410 int err = 0; 411 412 /* tell remote processor's name service we're removing this channel */ 413 if (rpdev->announce && 414 virtio_has_feature(vrp->vdev, VIRTIO_RPMSG_F_NS)) { 415 struct rpmsg_ns_msg nsm; 416 417 strncpy(nsm.name, rpdev->id.name, RPMSG_NAME_SIZE); 418 nsm.addr = rpdev->src; 419 nsm.flags = RPMSG_NS_DESTROY; 420 421 err = rpmsg_sendto(rpdev, &nsm, sizeof(nsm), RPMSG_NS_ADDR); 422 if (err) 423 dev_err(dev, "failed to announce service %d\n", err); 424 } 425 426 rpdrv->remove(rpdev); 427 428 rpmsg_destroy_ept(rpdev->ept); 429 430 return err; 431} 432 433static struct bus_type rpmsg_bus = { 434 .name = "rpmsg", 435 .match = rpmsg_dev_match, 436 .dev_attrs = rpmsg_dev_attrs, 437 .uevent = rpmsg_uevent, 438 .probe = rpmsg_dev_probe, 439 .remove = rpmsg_dev_remove, 440}; 441 442/** 443 * register_rpmsg_driver() - register an rpmsg driver with the rpmsg bus 444 * @rpdrv: pointer to a struct rpmsg_driver 445 * 446 * Returns 0 on success, and an appropriate error value on failure. 447 */ 448int register_rpmsg_driver(struct rpmsg_driver *rpdrv) 449{ 450 rpdrv->drv.bus = &rpmsg_bus; 451 return driver_register(&rpdrv->drv); 452} 453EXPORT_SYMBOL(register_rpmsg_driver); 454 455/** 456 * unregister_rpmsg_driver() - unregister an rpmsg driver from the rpmsg bus 457 * @rpdrv: pointer to a struct rpmsg_driver 458 * 459 * Returns 0 on success, and an appropriate error value on failure. 460 */ 461void unregister_rpmsg_driver(struct rpmsg_driver *rpdrv) 462{ 463 driver_unregister(&rpdrv->drv); 464} 465EXPORT_SYMBOL(unregister_rpmsg_driver); 466 467static void rpmsg_release_device(struct device *dev) 468{ 469 struct rpmsg_channel *rpdev = to_rpmsg_channel(dev); 470 471 kfree(rpdev); 472} 473 474/* 475 * match an rpmsg channel with a channel info struct. 476 * this is used to make sure we're not creating rpmsg devices for channels 477 * that already exist. 478 */ 479static int rpmsg_channel_match(struct device *dev, void *data) 480{ 481 struct rpmsg_channel_info *chinfo = data; 482 struct rpmsg_channel *rpdev = to_rpmsg_channel(dev); 483 484 if (chinfo->src != RPMSG_ADDR_ANY && chinfo->src != rpdev->src) 485 return 0; 486 487 if (chinfo->dst != RPMSG_ADDR_ANY && chinfo->dst != rpdev->dst) 488 return 0; 489 490 if (strncmp(chinfo->name, rpdev->id.name, RPMSG_NAME_SIZE)) 491 return 0; 492 493 /* found a match ! */ 494 return 1; 495} 496 497/* 498 * create an rpmsg channel using its name and address info. 499 * this function will be used to create both static and dynamic 500 * channels. 501 */ 502static struct rpmsg_channel *rpmsg_create_channel(struct virtproc_info *vrp, 503 struct rpmsg_channel_info *chinfo) 504{ 505 struct rpmsg_channel *rpdev; 506 struct device *tmp, *dev = &vrp->vdev->dev; 507 int ret; 508 509 /* make sure a similar channel doesn't already exist */ 510 tmp = device_find_child(dev, chinfo, rpmsg_channel_match); 511 if (tmp) { 512 /* decrement the matched device's refcount back */ 513 put_device(tmp); 514 dev_err(dev, "channel %s:%x:%x already exist\n", 515 chinfo->name, chinfo->src, chinfo->dst); 516 return NULL; 517 } 518 519 rpdev = kzalloc(sizeof(struct rpmsg_channel), GFP_KERNEL); 520 if (!rpdev) { 521 pr_err("kzalloc failed\n"); 522 return NULL; 523 } 524 525 rpdev->vrp = vrp; 526 rpdev->src = chinfo->src; 527 rpdev->dst = chinfo->dst; 528 529 /* 530 * rpmsg server channels has predefined local address (for now), 531 * and their existence needs to be announced remotely 532 */ 533 rpdev->announce = rpdev->src != RPMSG_ADDR_ANY ? true : false; 534 535 strncpy(rpdev->id.name, chinfo->name, RPMSG_NAME_SIZE); 536 537 /* very simple device indexing plumbing which is enough for now */ 538 dev_set_name(&rpdev->dev, "rpmsg%d", rpmsg_dev_index++); 539 540 rpdev->dev.parent = &vrp->vdev->dev; 541 rpdev->dev.bus = &rpmsg_bus; 542 rpdev->dev.release = rpmsg_release_device; 543 544 ret = device_register(&rpdev->dev); 545 if (ret) { 546 dev_err(dev, "device_register failed: %d\n", ret); 547 put_device(&rpdev->dev); 548 return NULL; 549 } 550 551 return rpdev; 552} 553 554/* 555 * find an existing channel using its name + address properties, 556 * and destroy it 557 */ 558static int rpmsg_destroy_channel(struct virtproc_info *vrp, 559 struct rpmsg_channel_info *chinfo) 560{ 561 struct virtio_device *vdev = vrp->vdev; 562 struct device *dev; 563 564 dev = device_find_child(&vdev->dev, chinfo, rpmsg_channel_match); 565 if (!dev) 566 return -EINVAL; 567 568 device_unregister(dev); 569 570 put_device(dev); 571 572 return 0; 573} 574 575/* super simple buffer "allocator" that is just enough for now */ 576static void *get_a_tx_buf(struct virtproc_info *vrp) 577{ 578 unsigned int len; 579 void *ret; 580 581 /* support multiple concurrent senders */ 582 mutex_lock(&vrp->tx_lock); 583 584 /* 585 * either pick the next unused tx buffer 586 * (half of our buffers are used for sending messages) 587 */ 588 if (vrp->last_sbuf < RPMSG_NUM_BUFS / 2) 589 ret = vrp->sbufs + RPMSG_BUF_SIZE * vrp->last_sbuf++; 590 /* or recycle a used one */ 591 else 592 ret = virtqueue_get_buf(vrp->svq, &len); 593 594 mutex_unlock(&vrp->tx_lock); 595 596 return ret; 597} 598 599/** 600 * rpmsg_upref_sleepers() - enable "tx-complete" interrupts, if needed 601 * @vrp: virtual remote processor state 602 * 603 * This function is called before a sender is blocked, waiting for 604 * a tx buffer to become available. 605 * 606 * If we already have blocking senders, this function merely increases 607 * the "sleepers" reference count, and exits. 608 * 609 * Otherwise, if this is the first sender to block, we also enable 610 * virtio's tx callbacks, so we'd be immediately notified when a tx 611 * buffer is consumed (we rely on virtio's tx callback in order 612 * to wake up sleeping senders as soon as a tx buffer is used by the 613 * remote processor). 614 */ 615static void rpmsg_upref_sleepers(struct virtproc_info *vrp) 616{ 617 /* support multiple concurrent senders */ 618 mutex_lock(&vrp->tx_lock); 619 620 /* are we the first sleeping context waiting for tx buffers ? */ 621 if (atomic_inc_return(&vrp->sleepers) == 1) 622 /* enable "tx-complete" interrupts before dozing off */ 623 virtqueue_enable_cb(vrp->svq); 624 625 mutex_unlock(&vrp->tx_lock); 626} 627 628/** 629 * rpmsg_downref_sleepers() - disable "tx-complete" interrupts, if needed 630 * @vrp: virtual remote processor state 631 * 632 * This function is called after a sender, that waited for a tx buffer 633 * to become available, is unblocked. 634 * 635 * If we still have blocking senders, this function merely decreases 636 * the "sleepers" reference count, and exits. 637 * 638 * Otherwise, if there are no more blocking senders, we also disable 639 * virtio's tx callbacks, to avoid the overhead incurred with handling 640 * those (now redundant) interrupts. 641 */ 642static void rpmsg_downref_sleepers(struct virtproc_info *vrp) 643{ 644 /* support multiple concurrent senders */ 645 mutex_lock(&vrp->tx_lock); 646 647 /* are we the last sleeping context waiting for tx buffers ? */ 648 if (atomic_dec_and_test(&vrp->sleepers)) 649 /* disable "tx-complete" interrupts */ 650 virtqueue_disable_cb(vrp->svq); 651 652 mutex_unlock(&vrp->tx_lock); 653} 654 655/** 656 * rpmsg_send_offchannel_raw() - send a message across to the remote processor 657 * @rpdev: the rpmsg channel 658 * @src: source address 659 * @dst: destination address 660 * @data: payload of message 661 * @len: length of payload 662 * @wait: indicates whether caller should block in case no TX buffers available 663 * 664 * This function is the base implementation for all of the rpmsg sending API. 665 * 666 * It will send @data of length @len to @dst, and say it's from @src. The 667 * message will be sent to the remote processor which the @rpdev channel 668 * belongs to. 669 * 670 * The message is sent using one of the TX buffers that are available for 671 * communication with this remote processor. 672 * 673 * If @wait is true, the caller will be blocked until either a TX buffer is 674 * available, or 15 seconds elapses (we don't want callers to 675 * sleep indefinitely due to misbehaving remote processors), and in that 676 * case -ERESTARTSYS is returned. The number '15' itself was picked 677 * arbitrarily; there's little point in asking drivers to provide a timeout 678 * value themselves. 679 * 680 * Otherwise, if @wait is false, and there are no TX buffers available, 681 * the function will immediately fail, and -ENOMEM will be returned. 682 * 683 * Normally drivers shouldn't use this function directly; instead, drivers 684 * should use the appropriate rpmsg_{try}send{to, _offchannel} API 685 * (see include/linux/rpmsg.h). 686 * 687 * Returns 0 on success and an appropriate error value on failure. 688 */ 689int rpmsg_send_offchannel_raw(struct rpmsg_channel *rpdev, u32 src, u32 dst, 690 void *data, int len, bool wait) 691{ 692 struct virtproc_info *vrp = rpdev->vrp; 693 struct device *dev = &rpdev->dev; 694 struct scatterlist sg; 695 struct rpmsg_hdr *msg; 696 int err; 697 698 /* bcasting isn't allowed */ 699 if (src == RPMSG_ADDR_ANY || dst == RPMSG_ADDR_ANY) { 700 dev_err(dev, "invalid addr (src 0x%x, dst 0x%x)\n", src, dst); 701 return -EINVAL; 702 } 703 704 /* 705 * We currently use fixed-sized buffers, and therefore the payload 706 * length is limited. 707 * 708 * One of the possible improvements here is either to support 709 * user-provided buffers (and then we can also support zero-copy 710 * messaging), or to improve the buffer allocator, to support 711 * variable-length buffer sizes. 712 */ 713 if (len > RPMSG_BUF_SIZE - sizeof(struct rpmsg_hdr)) { 714 dev_err(dev, "message is too big (%d)\n", len); 715 return -EMSGSIZE; 716 } 717 718 /* grab a buffer */ 719 msg = get_a_tx_buf(vrp); 720 if (!msg && !wait) 721 return -ENOMEM; 722 723 /* no free buffer ? wait for one (but bail after 15 seconds) */ 724 while (!msg) { 725 /* enable "tx-complete" interrupts, if not already enabled */ 726 rpmsg_upref_sleepers(vrp); 727 728 /* 729 * sleep until a free buffer is available or 15 secs elapse. 730 * the timeout period is not configurable because there's 731 * little point in asking drivers to specify that. 732 * if later this happens to be required, it'd be easy to add. 733 */ 734 err = wait_event_interruptible_timeout(vrp->sendq, 735 (msg = get_a_tx_buf(vrp)), 736 msecs_to_jiffies(15000)); 737 738 /* disable "tx-complete" interrupts if we're the last sleeper */ 739 rpmsg_downref_sleepers(vrp); 740 741 /* timeout ? */ 742 if (!err) { 743 dev_err(dev, "timeout waiting for a tx buffer\n"); 744 return -ERESTARTSYS; 745 } 746 } 747 748 msg->len = len; 749 msg->flags = 0; 750 msg->src = src; 751 msg->dst = dst; 752 msg->reserved = 0; 753 memcpy(msg->data, data, len); 754 755 dev_dbg(dev, "TX From 0x%x, To 0x%x, Len %d, Flags %d, Reserved %d\n", 756 msg->src, msg->dst, msg->len, 757 msg->flags, msg->reserved); 758 print_hex_dump(KERN_DEBUG, "rpmsg_virtio TX: ", DUMP_PREFIX_NONE, 16, 1, 759 msg, sizeof(*msg) + msg->len, true); 760 761 sg_init_one(&sg, msg, sizeof(*msg) + len); 762 763 mutex_lock(&vrp->tx_lock); 764 765 /* add message to the remote processor's virtqueue */ 766 err = virtqueue_add_buf(vrp->svq, &sg, 1, 0, msg, GFP_KERNEL); 767 if (err < 0) { 768 /* 769 * need to reclaim the buffer here, otherwise it's lost 770 * (memory won't leak, but rpmsg won't use it again for TX). 771 * this will wait for a buffer management overhaul. 772 */ 773 dev_err(dev, "virtqueue_add_buf failed: %d\n", err); 774 goto out; 775 } 776 777 /* tell the remote processor it has a pending message to read */ 778 virtqueue_kick(vrp->svq); 779 780 err = 0; 781out: 782 mutex_unlock(&vrp->tx_lock); 783 return err; 784} 785EXPORT_SYMBOL(rpmsg_send_offchannel_raw); 786 787/* called when an rx buffer is used, and it's time to digest a message */ 788static void rpmsg_recv_done(struct virtqueue *rvq) 789{ 790 struct rpmsg_hdr *msg; 791 unsigned int len; 792 struct rpmsg_endpoint *ept; 793 struct scatterlist sg; 794 struct virtproc_info *vrp = rvq->vdev->priv; 795 struct device *dev = &rvq->vdev->dev; 796 int err; 797 798 msg = virtqueue_get_buf(rvq, &len); 799 if (!msg) { 800 dev_err(dev, "uhm, incoming signal, but no used buffer ?\n"); 801 return; 802 } 803 804 dev_dbg(dev, "From: 0x%x, To: 0x%x, Len: %d, Flags: %d, Reserved: %d\n", 805 msg->src, msg->dst, msg->len, 806 msg->flags, msg->reserved); 807 print_hex_dump(KERN_DEBUG, "rpmsg_virtio RX: ", DUMP_PREFIX_NONE, 16, 1, 808 msg, sizeof(*msg) + msg->len, true); 809 810 /* 811 * We currently use fixed-sized buffers, so trivially sanitize 812 * the reported payload length. 813 */ 814 if (len > RPMSG_BUF_SIZE || 815 msg->len > (len - sizeof(struct rpmsg_hdr))) { 816 dev_warn(dev, "inbound msg too big: (%d, %d)\n", len, msg->len); 817 return; 818 } 819 820 /* use the dst addr to fetch the callback of the appropriate user */ 821 mutex_lock(&vrp->endpoints_lock); 822 823 ept = idr_find(&vrp->endpoints, msg->dst); 824 825 /* let's make sure no one deallocates ept while we use it */ 826 if (ept) 827 kref_get(&ept->refcount); 828 829 mutex_unlock(&vrp->endpoints_lock); 830 831 if (ept) { 832 /* make sure ept->cb doesn't go away while we use it */ 833 mutex_lock(&ept->cb_lock); 834 835 if (ept->cb) 836 ept->cb(ept->rpdev, msg->data, msg->len, ept->priv, 837 msg->src); 838 839 mutex_unlock(&ept->cb_lock); 840 841 /* farewell, ept, we don't need you anymore */ 842 kref_put(&ept->refcount, __ept_release); 843 } else 844 dev_warn(dev, "msg received with no recepient\n"); 845 846 /* publish the real size of the buffer */ 847 sg_init_one(&sg, msg, RPMSG_BUF_SIZE); 848 849 /* add the buffer back to the remote processor's virtqueue */ 850 err = virtqueue_add_buf(vrp->rvq, &sg, 0, 1, msg, GFP_KERNEL); 851 if (err < 0) { 852 dev_err(dev, "failed to add a virtqueue buffer: %d\n", err); 853 return; 854 } 855 856 /* tell the remote processor we added another available rx buffer */ 857 virtqueue_kick(vrp->rvq); 858} 859 860/* 861 * This is invoked whenever the remote processor completed processing 862 * a TX msg we just sent it, and the buffer is put back to the used ring. 863 * 864 * Normally, though, we suppress this "tx complete" interrupt in order to 865 * avoid the incurred overhead. 866 */ 867static void rpmsg_xmit_done(struct virtqueue *svq) 868{ 869 struct virtproc_info *vrp = svq->vdev->priv; 870 871 dev_dbg(&svq->vdev->dev, "%s\n", __func__); 872 873 /* wake up potential senders that are waiting for a tx buffer */ 874 wake_up_interruptible(&vrp->sendq); 875} 876 877/* invoked when a name service announcement arrives */ 878static void rpmsg_ns_cb(struct rpmsg_channel *rpdev, void *data, int len, 879 void *priv, u32 src) 880{ 881 struct rpmsg_ns_msg *msg = data; 882 struct rpmsg_channel *newch; 883 struct rpmsg_channel_info chinfo; 884 struct virtproc_info *vrp = priv; 885 struct device *dev = &vrp->vdev->dev; 886 int ret; 887 888 print_hex_dump(KERN_DEBUG, "NS announcement: ", 889 DUMP_PREFIX_NONE, 16, 1, 890 data, len, true); 891 892 if (len != sizeof(*msg)) { 893 dev_err(dev, "malformed ns msg (%d)\n", len); 894 return; 895 } 896 897 /* 898 * the name service ept does _not_ belong to a real rpmsg channel, 899 * and is handled by the rpmsg bus itself. 900 * for sanity reasons, make sure a valid rpdev has _not_ sneaked 901 * in somehow. 902 */ 903 if (rpdev) { 904 dev_err(dev, "anomaly: ns ept has an rpdev handle\n"); 905 return; 906 } 907 908 /* don't trust the remote processor for null terminating the name */ 909 msg->name[RPMSG_NAME_SIZE - 1] = '\0'; 910 911 dev_info(dev, "%sing channel %s addr 0x%x\n", 912 msg->flags & RPMSG_NS_DESTROY ? "destroy" : "creat", 913 msg->name, msg->addr); 914 915 strncpy(chinfo.name, msg->name, sizeof(chinfo.name)); 916 chinfo.src = RPMSG_ADDR_ANY; 917 chinfo.dst = msg->addr; 918 919 if (msg->flags & RPMSG_NS_DESTROY) { 920 ret = rpmsg_destroy_channel(vrp, &chinfo); 921 if (ret) 922 dev_err(dev, "rpmsg_destroy_channel failed: %d\n", ret); 923 } else { 924 newch = rpmsg_create_channel(vrp, &chinfo); 925 if (!newch) 926 dev_err(dev, "rpmsg_create_channel failed\n"); 927 } 928} 929 930static int rpmsg_probe(struct virtio_device *vdev) 931{ 932 vq_callback_t *vq_cbs[] = { rpmsg_recv_done, rpmsg_xmit_done }; 933 const char *names[] = { "input", "output" }; 934 struct virtqueue *vqs[2]; 935 struct virtproc_info *vrp; 936 void *bufs_va; 937 int err = 0, i; 938 939 vrp = kzalloc(sizeof(*vrp), GFP_KERNEL); 940 if (!vrp) 941 return -ENOMEM; 942 943 vrp->vdev = vdev; 944 945 idr_init(&vrp->endpoints); 946 mutex_init(&vrp->endpoints_lock); 947 mutex_init(&vrp->tx_lock); 948 init_waitqueue_head(&vrp->sendq); 949 950 /* We expect two virtqueues, rx and tx (and in this order) */ 951 err = vdev->config->find_vqs(vdev, 2, vqs, vq_cbs, names); 952 if (err) 953 goto free_vrp; 954 955 vrp->rvq = vqs[0]; 956 vrp->svq = vqs[1]; 957 958 /* allocate coherent memory for the buffers */ 959 bufs_va = dma_alloc_coherent(vdev->dev.parent, RPMSG_TOTAL_BUF_SPACE, 960 &vrp->bufs_dma, GFP_KERNEL); 961 if (!bufs_va) 962 goto vqs_del; 963 964 dev_dbg(&vdev->dev, "buffers: va %p, dma 0x%llx\n", bufs_va, 965 (unsigned long long)vrp->bufs_dma); 966 967 /* half of the buffers is dedicated for RX */ 968 vrp->rbufs = bufs_va; 969 970 /* and half is dedicated for TX */ 971 vrp->sbufs = bufs_va + RPMSG_TOTAL_BUF_SPACE / 2; 972 973 /* set up the receive buffers */ 974 for (i = 0; i < RPMSG_NUM_BUFS / 2; i++) { 975 struct scatterlist sg; 976 void *cpu_addr = vrp->rbufs + i * RPMSG_BUF_SIZE; 977 978 sg_init_one(&sg, cpu_addr, RPMSG_BUF_SIZE); 979 980 err = virtqueue_add_buf(vrp->rvq, &sg, 0, 1, cpu_addr, 981 GFP_KERNEL); 982 WARN_ON(err < 0); /* sanity check; this can't really happen */ 983 } 984 985 /* suppress "tx-complete" interrupts */ 986 virtqueue_disable_cb(vrp->svq); 987 988 vdev->priv = vrp; 989 990 /* if supported by the remote processor, enable the name service */ 991 if (virtio_has_feature(vdev, VIRTIO_RPMSG_F_NS)) { 992 /* a dedicated endpoint handles the name service msgs */ 993 vrp->ns_ept = __rpmsg_create_ept(vrp, NULL, rpmsg_ns_cb, 994 vrp, RPMSG_NS_ADDR); 995 if (!vrp->ns_ept) { 996 dev_err(&vdev->dev, "failed to create the ns ept\n"); 997 err = -ENOMEM; 998 goto free_coherent; 999 } 1000 } 1001 1002 /* tell the remote processor it can start sending messages */ 1003 virtqueue_kick(vrp->rvq); 1004 1005 dev_info(&vdev->dev, "rpmsg host is online\n"); 1006 1007 return 0; 1008 1009free_coherent: 1010 dma_free_coherent(vdev->dev.parent, RPMSG_TOTAL_BUF_SPACE, bufs_va, 1011 vrp->bufs_dma); 1012vqs_del: 1013 vdev->config->del_vqs(vrp->vdev); 1014free_vrp: 1015 kfree(vrp); 1016 return err; 1017} 1018 1019static int rpmsg_remove_device(struct device *dev, void *data) 1020{ 1021 device_unregister(dev); 1022 1023 return 0; 1024} 1025 1026static void __devexit rpmsg_remove(struct virtio_device *vdev) 1027{ 1028 struct virtproc_info *vrp = vdev->priv; 1029 int ret; 1030 1031 vdev->config->reset(vdev); 1032 1033 ret = device_for_each_child(&vdev->dev, NULL, rpmsg_remove_device); 1034 if (ret) 1035 dev_warn(&vdev->dev, "can't remove rpmsg device: %d\n", ret); 1036 1037 if (vrp->ns_ept) 1038 __rpmsg_destroy_ept(vrp, vrp->ns_ept); 1039 1040 idr_remove_all(&vrp->endpoints); 1041 idr_destroy(&vrp->endpoints); 1042 1043 vdev->config->del_vqs(vrp->vdev); 1044 1045 dma_free_coherent(vdev->dev.parent, RPMSG_TOTAL_BUF_SPACE, 1046 vrp->rbufs, vrp->bufs_dma); 1047 1048 kfree(vrp); 1049} 1050 1051static struct virtio_device_id id_table[] = { 1052 { VIRTIO_ID_RPMSG, VIRTIO_DEV_ANY_ID }, 1053 { 0 }, 1054}; 1055 1056static unsigned int features[] = { 1057 VIRTIO_RPMSG_F_NS, 1058}; 1059 1060static struct virtio_driver virtio_ipc_driver = { 1061 .feature_table = features, 1062 .feature_table_size = ARRAY_SIZE(features), 1063 .driver.name = KBUILD_MODNAME, 1064 .driver.owner = THIS_MODULE, 1065 .id_table = id_table, 1066 .probe = rpmsg_probe, 1067 .remove = __devexit_p(rpmsg_remove), 1068}; 1069 1070static int __init rpmsg_init(void) 1071{ 1072 int ret; 1073 1074 ret = bus_register(&rpmsg_bus); 1075 if (ret) { 1076 pr_err("failed to register rpmsg bus: %d\n", ret); 1077 return ret; 1078 } 1079 1080 ret = register_virtio_driver(&virtio_ipc_driver); 1081 if (ret) { 1082 pr_err("failed to register virtio driver: %d\n", ret); 1083 bus_unregister(&rpmsg_bus); 1084 } 1085 1086 return ret; 1087} 1088module_init(rpmsg_init); 1089 1090static void __exit rpmsg_fini(void) 1091{ 1092 unregister_virtio_driver(&virtio_ipc_driver); 1093 bus_unregister(&rpmsg_bus); 1094} 1095module_exit(rpmsg_fini); 1096 1097MODULE_DEVICE_TABLE(virtio, id_table); 1098MODULE_DESCRIPTION("Virtio-based remote processor messaging bus"); 1099MODULE_LICENSE("GPL v2"); 1100