qaic_control.c 43 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604
  1. // SPDX-License-Identifier: GPL-2.0-only
  2. /* Copyright (c) 2019-2021, The Linux Foundation. All rights reserved. */
  3. /* Copyright (c) 2021-2023 Qualcomm Innovation Center, Inc. All rights reserved. */
  4. #include <asm/byteorder.h>
  5. #include <linux/completion.h>
  6. #include <linux/crc32.h>
  7. #include <linux/delay.h>
  8. #include <linux/dma-mapping.h>
  9. #include <linux/kref.h>
  10. #include <linux/list.h>
  11. #include <linux/mhi.h>
  12. #include <linux/mm.h>
  13. #include <linux/moduleparam.h>
  14. #include <linux/mutex.h>
  15. #include <linux/overflow.h>
  16. #include <linux/pci.h>
  17. #include <linux/scatterlist.h>
  18. #include <linux/sched/signal.h>
  19. #include <linux/types.h>
  20. #include <linux/uaccess.h>
  21. #include <linux/workqueue.h>
  22. #include <linux/wait.h>
  23. #include <drm/drm_device.h>
  24. #include <drm/drm_file.h>
  25. #include <uapi/drm/qaic_accel.h>
  26. #include "qaic.h"
  27. #define MANAGE_MAGIC_NUMBER ((__force __le32)0x43494151) /* "QAIC" in little endian */
  28. #define QAIC_DBC_Q_GAP SZ_256
  29. #define QAIC_DBC_Q_BUF_ALIGN SZ_4K
  30. #define QAIC_MANAGE_WIRE_MSG_LENGTH SZ_64K /* Max DMA message length */
  31. #define QAIC_WRAPPER_MAX_SIZE SZ_4K
  32. #define QAIC_MHI_RETRY_WAIT_MS 100
  33. #define QAIC_MHI_RETRY_MAX 20
  34. static unsigned int control_resp_timeout_s = 60; /* 60 sec default */
  35. module_param(control_resp_timeout_s, uint, 0600);
  36. MODULE_PARM_DESC(control_resp_timeout_s, "Timeout for NNC responses from QSM");
  37. struct manage_msg {
  38. u32 len;
  39. u32 count;
  40. u8 data[];
  41. };
  42. /*
  43. * wire encoding structures for the manage protocol.
  44. * All fields are little endian on the wire
  45. */
  46. struct wire_msg_hdr {
  47. __le32 crc32; /* crc of everything following this field in the message */
  48. __le32 magic_number;
  49. __le32 sequence_number;
  50. __le32 len; /* length of this message */
  51. __le32 count; /* number of transactions in this message */
  52. __le32 handle; /* unique id to track the resources consumed */
  53. __le32 partition_id; /* partition id for the request (signed) */
  54. __le32 padding; /* must be 0 */
  55. } __packed;
  56. struct wire_msg {
  57. struct wire_msg_hdr hdr;
  58. u8 data[];
  59. } __packed;
  60. struct wire_trans_hdr {
  61. __le32 type;
  62. __le32 len;
  63. } __packed;
  64. /* Each message sent from driver to device are organized in a list of wrapper_msg */
  65. struct wrapper_msg {
  66. struct list_head list;
  67. struct kref ref_count;
  68. u32 len; /* length of data to transfer */
  69. struct wrapper_list *head;
  70. union {
  71. struct wire_msg msg;
  72. struct wire_trans_hdr trans;
  73. };
  74. };
  75. struct wrapper_list {
  76. struct list_head list;
  77. spinlock_t lock; /* Protects the list state during additions and removals */
  78. };
  79. struct wire_trans_passthrough {
  80. struct wire_trans_hdr hdr;
  81. u8 data[];
  82. } __packed;
  83. struct wire_addr_size_pair {
  84. __le64 addr;
  85. __le64 size;
  86. } __packed;
  87. struct wire_trans_dma_xfer {
  88. struct wire_trans_hdr hdr;
  89. __le32 tag;
  90. __le32 count;
  91. __le32 dma_chunk_id;
  92. __le32 padding;
  93. struct wire_addr_size_pair data[];
  94. } __packed;
  95. /* Initiated by device to continue the DMA xfer of a large piece of data */
  96. struct wire_trans_dma_xfer_cont {
  97. struct wire_trans_hdr hdr;
  98. __le32 dma_chunk_id;
  99. __le32 padding;
  100. __le64 xferred_size;
  101. } __packed;
  102. struct wire_trans_activate_to_dev {
  103. struct wire_trans_hdr hdr;
  104. __le64 req_q_addr;
  105. __le64 rsp_q_addr;
  106. __le32 req_q_size;
  107. __le32 rsp_q_size;
  108. __le32 buf_len;
  109. __le32 options; /* unused, but BIT(16) has meaning to the device */
  110. } __packed;
  111. struct wire_trans_activate_from_dev {
  112. struct wire_trans_hdr hdr;
  113. __le32 status;
  114. __le32 dbc_id;
  115. __le64 options; /* unused */
  116. } __packed;
  117. struct wire_trans_deactivate_from_dev {
  118. struct wire_trans_hdr hdr;
  119. __le32 status;
  120. __le32 dbc_id;
  121. } __packed;
  122. struct wire_trans_terminate_to_dev {
  123. struct wire_trans_hdr hdr;
  124. __le32 handle;
  125. __le32 padding;
  126. } __packed;
  127. struct wire_trans_terminate_from_dev {
  128. struct wire_trans_hdr hdr;
  129. __le32 status;
  130. __le32 padding;
  131. } __packed;
  132. struct wire_trans_status_to_dev {
  133. struct wire_trans_hdr hdr;
  134. } __packed;
  135. struct wire_trans_status_from_dev {
  136. struct wire_trans_hdr hdr;
  137. __le16 major;
  138. __le16 minor;
  139. __le32 status;
  140. __le64 status_flags;
  141. } __packed;
  142. struct wire_trans_validate_part_to_dev {
  143. struct wire_trans_hdr hdr;
  144. __le32 part_id;
  145. __le32 padding;
  146. } __packed;
  147. struct wire_trans_validate_part_from_dev {
  148. struct wire_trans_hdr hdr;
  149. __le32 status;
  150. __le32 padding;
  151. } __packed;
  152. struct xfer_queue_elem {
  153. /*
  154. * Node in list of ongoing transfer request on control channel.
  155. * Maintained by root device struct.
  156. */
  157. struct list_head list;
  158. /* Sequence number of this transfer request */
  159. u32 seq_num;
  160. /* This is used to wait on until completion of transfer request */
  161. struct completion xfer_done;
  162. /* Received data from device */
  163. void *buf;
  164. };
  165. struct dma_xfer {
  166. /* Node in list of DMA transfers which is used for cleanup */
  167. struct list_head list;
  168. /* SG table of memory used for DMA */
  169. struct sg_table *sgt;
  170. /* Array pages used for DMA */
  171. struct page **page_list;
  172. /* Number of pages used for DMA */
  173. unsigned long nr_pages;
  174. };
  175. struct ioctl_resources {
  176. /* List of all DMA transfers which is used later for cleanup */
  177. struct list_head dma_xfers;
  178. /* Base address of request queue which belongs to a DBC */
  179. void *buf;
  180. /*
  181. * Base bus address of request queue which belongs to a DBC. Response
  182. * queue base bus address can be calculated by adding size of request
  183. * queue to base bus address of request queue.
  184. */
  185. dma_addr_t dma_addr;
  186. /* Total size of request queue and response queue in byte */
  187. u32 total_size;
  188. /* Total number of elements that can be queued in each of request and response queue */
  189. u32 nelem;
  190. /* Base address of response queue which belongs to a DBC */
  191. void *rsp_q_base;
  192. /* Status of the NNC message received */
  193. u32 status;
  194. /* DBC id of the DBC received from device */
  195. u32 dbc_id;
  196. /*
  197. * DMA transfer request messages can be big in size and it may not be
  198. * possible to send them in one shot. In such cases the messages are
  199. * broken into chunks, this field stores ID of such chunks.
  200. */
  201. u32 dma_chunk_id;
  202. /* Total number of bytes transferred for a DMA xfer request */
  203. u64 xferred_dma_size;
  204. /* Header of transaction message received from user. Used during DMA xfer request. */
  205. void *trans_hdr;
  206. };
  207. struct resp_work {
  208. struct work_struct work;
  209. struct qaic_device *qdev;
  210. void *buf;
  211. };
  212. /*
  213. * Since we're working with little endian messages, its useful to be able to
  214. * increment without filling a whole line with conversions back and forth just
  215. * to add one(1) to a message count.
  216. */
  217. static __le32 incr_le32(__le32 val)
  218. {
  219. return cpu_to_le32(le32_to_cpu(val) + 1);
  220. }
  221. static u32 gen_crc(void *msg)
  222. {
  223. struct wrapper_list *wrappers = msg;
  224. struct wrapper_msg *w;
  225. u32 crc = ~0;
  226. list_for_each_entry(w, &wrappers->list, list)
  227. crc = crc32(crc, &w->msg, w->len);
  228. return crc ^ ~0;
  229. }
  230. static u32 gen_crc_stub(void *msg)
  231. {
  232. return 0;
  233. }
  234. static bool valid_crc(void *msg)
  235. {
  236. struct wire_msg_hdr *hdr = msg;
  237. bool ret;
  238. u32 crc;
  239. /*
  240. * The output of this algorithm is always converted to the native
  241. * endianness.
  242. */
  243. crc = le32_to_cpu(hdr->crc32);
  244. hdr->crc32 = 0;
  245. ret = (crc32(~0, msg, le32_to_cpu(hdr->len)) ^ ~0) == crc;
  246. hdr->crc32 = cpu_to_le32(crc);
  247. return ret;
  248. }
  249. static bool valid_crc_stub(void *msg)
  250. {
  251. return true;
  252. }
  253. static void free_wrapper(struct kref *ref)
  254. {
  255. struct wrapper_msg *wrapper = container_of(ref, struct wrapper_msg, ref_count);
  256. list_del(&wrapper->list);
  257. kfree(wrapper);
  258. }
  259. static void save_dbc_buf(struct qaic_device *qdev, struct ioctl_resources *resources,
  260. struct qaic_user *usr)
  261. {
  262. u32 dbc_id = resources->dbc_id;
  263. if (resources->buf) {
  264. wait_event_interruptible(qdev->dbc[dbc_id].dbc_release, !qdev->dbc[dbc_id].in_use);
  265. qdev->dbc[dbc_id].req_q_base = resources->buf;
  266. qdev->dbc[dbc_id].rsp_q_base = resources->rsp_q_base;
  267. qdev->dbc[dbc_id].dma_addr = resources->dma_addr;
  268. qdev->dbc[dbc_id].total_size = resources->total_size;
  269. qdev->dbc[dbc_id].nelem = resources->nelem;
  270. enable_dbc(qdev, dbc_id, usr);
  271. qdev->dbc[dbc_id].in_use = true;
  272. resources->buf = NULL;
  273. set_dbc_state(qdev, dbc_id, DBC_STATE_ASSIGNED);
  274. }
  275. }
  276. static void free_dbc_buf(struct qaic_device *qdev, struct ioctl_resources *resources)
  277. {
  278. if (resources->buf)
  279. dma_free_coherent(&qdev->pdev->dev, resources->total_size, resources->buf,
  280. resources->dma_addr);
  281. resources->buf = NULL;
  282. }
  283. static void free_dma_xfers(struct qaic_device *qdev, struct ioctl_resources *resources)
  284. {
  285. struct dma_xfer *xfer;
  286. struct dma_xfer *x;
  287. int i;
  288. list_for_each_entry_safe(xfer, x, &resources->dma_xfers, list) {
  289. dma_unmap_sgtable(&qdev->pdev->dev, xfer->sgt, DMA_TO_DEVICE, 0);
  290. sg_free_table(xfer->sgt);
  291. kfree(xfer->sgt);
  292. for (i = 0; i < xfer->nr_pages; ++i)
  293. put_page(xfer->page_list[i]);
  294. kfree(xfer->page_list);
  295. list_del(&xfer->list);
  296. kfree(xfer);
  297. }
  298. }
  299. static struct wrapper_msg *add_wrapper(struct wrapper_list *wrappers, u32 size)
  300. {
  301. struct wrapper_msg *w = kzalloc(size, GFP_KERNEL);
  302. if (!w)
  303. return NULL;
  304. list_add_tail(&w->list, &wrappers->list);
  305. kref_init(&w->ref_count);
  306. w->head = wrappers;
  307. return w;
  308. }
  309. static int encode_passthrough(struct qaic_device *qdev, void *trans, struct wrapper_list *wrappers,
  310. u32 *user_len)
  311. {
  312. struct qaic_manage_trans_passthrough *in_trans = trans;
  313. struct wire_trans_passthrough *out_trans;
  314. struct wrapper_msg *trans_wrapper;
  315. struct wrapper_msg *wrapper;
  316. struct wire_msg *msg;
  317. u32 msg_hdr_len;
  318. wrapper = list_first_entry(&wrappers->list, struct wrapper_msg, list);
  319. msg = &wrapper->msg;
  320. msg_hdr_len = le32_to_cpu(msg->hdr.len);
  321. if (in_trans->hdr.len % 8 != 0)
  322. return -EINVAL;
  323. if (size_add(msg_hdr_len, in_trans->hdr.len) > QAIC_MANAGE_WIRE_MSG_LENGTH)
  324. return -ENOSPC;
  325. trans_wrapper = add_wrapper(wrappers,
  326. offsetof(struct wrapper_msg, trans) + in_trans->hdr.len);
  327. if (!trans_wrapper)
  328. return -ENOMEM;
  329. trans_wrapper->len = in_trans->hdr.len;
  330. out_trans = (struct wire_trans_passthrough *)&trans_wrapper->trans;
  331. memcpy(out_trans->data, in_trans->data, in_trans->hdr.len - sizeof(in_trans->hdr));
  332. msg->hdr.len = cpu_to_le32(msg_hdr_len + in_trans->hdr.len);
  333. msg->hdr.count = incr_le32(msg->hdr.count);
  334. *user_len += in_trans->hdr.len;
  335. out_trans->hdr.type = cpu_to_le32(QAIC_TRANS_PASSTHROUGH_TO_DEV);
  336. out_trans->hdr.len = cpu_to_le32(in_trans->hdr.len);
  337. return 0;
  338. }
  339. /* returns error code for failure, 0 if enough pages alloc'd, 1 if dma_cont is needed */
  340. static int find_and_map_user_pages(struct qaic_device *qdev,
  341. struct qaic_manage_trans_dma_xfer *in_trans,
  342. struct ioctl_resources *resources, struct dma_xfer *xfer)
  343. {
  344. u64 xfer_start_addr, remaining, end, total;
  345. unsigned long need_pages;
  346. struct page **page_list;
  347. unsigned long nr_pages;
  348. struct sg_table *sgt;
  349. int ret;
  350. int i;
  351. if (check_add_overflow(in_trans->addr, resources->xferred_dma_size, &xfer_start_addr))
  352. return -EINVAL;
  353. if (in_trans->size < resources->xferred_dma_size)
  354. return -EINVAL;
  355. remaining = in_trans->size - resources->xferred_dma_size;
  356. if (remaining == 0)
  357. return -EINVAL;
  358. if (check_add_overflow(xfer_start_addr, remaining, &end))
  359. return -EINVAL;
  360. total = remaining + offset_in_page(xfer_start_addr);
  361. if (total >= SIZE_MAX)
  362. return -EINVAL;
  363. need_pages = DIV_ROUND_UP(total, PAGE_SIZE);
  364. nr_pages = need_pages;
  365. while (1) {
  366. page_list = kmalloc_objs(*page_list, nr_pages,
  367. GFP_KERNEL | __GFP_NOWARN);
  368. if (!page_list) {
  369. nr_pages = nr_pages / 2;
  370. if (!nr_pages)
  371. return -ENOMEM;
  372. } else {
  373. break;
  374. }
  375. }
  376. ret = get_user_pages_fast(xfer_start_addr, nr_pages, 0, page_list);
  377. if (ret < 0)
  378. goto free_page_list;
  379. if (ret != nr_pages) {
  380. nr_pages = ret;
  381. ret = -EFAULT;
  382. goto put_pages;
  383. }
  384. sgt = kmalloc_obj(*sgt);
  385. if (!sgt) {
  386. ret = -ENOMEM;
  387. goto put_pages;
  388. }
  389. ret = sg_alloc_table_from_pages(sgt, page_list, nr_pages,
  390. offset_in_page(xfer_start_addr),
  391. remaining, GFP_KERNEL);
  392. if (ret) {
  393. ret = -ENOMEM;
  394. goto free_sgt;
  395. }
  396. ret = dma_map_sgtable(&qdev->pdev->dev, sgt, DMA_TO_DEVICE, 0);
  397. if (ret)
  398. goto free_table;
  399. xfer->sgt = sgt;
  400. xfer->page_list = page_list;
  401. xfer->nr_pages = nr_pages;
  402. return need_pages > nr_pages ? 1 : 0;
  403. free_table:
  404. sg_free_table(sgt);
  405. free_sgt:
  406. kfree(sgt);
  407. put_pages:
  408. for (i = 0; i < nr_pages; ++i)
  409. put_page(page_list[i]);
  410. free_page_list:
  411. kfree(page_list);
  412. return ret;
  413. }
  414. /* returns error code for failure, 0 if everything was encoded, 1 if dma_cont is needed */
  415. static int encode_addr_size_pairs(struct dma_xfer *xfer, struct wrapper_list *wrappers,
  416. struct ioctl_resources *resources, u32 msg_hdr_len, u32 *size,
  417. struct wire_trans_dma_xfer **out_trans)
  418. {
  419. struct wrapper_msg *trans_wrapper;
  420. struct sg_table *sgt = xfer->sgt;
  421. struct wire_addr_size_pair *asp;
  422. struct scatterlist *sg;
  423. struct wrapper_msg *w;
  424. unsigned int dma_len;
  425. u64 dma_chunk_len;
  426. void *boundary;
  427. int nents_dma;
  428. int nents;
  429. int i;
  430. nents = sgt->nents;
  431. nents_dma = nents;
  432. *size = QAIC_MANAGE_WIRE_MSG_LENGTH - msg_hdr_len - sizeof(**out_trans);
  433. for_each_sgtable_dma_sg(sgt, sg, i) {
  434. *size -= sizeof(*asp);
  435. /* Save 1K for possible follow-up transactions. */
  436. if (*size < SZ_1K) {
  437. nents_dma = i;
  438. break;
  439. }
  440. }
  441. trans_wrapper = add_wrapper(wrappers, QAIC_WRAPPER_MAX_SIZE);
  442. if (!trans_wrapper)
  443. return -ENOMEM;
  444. *out_trans = (struct wire_trans_dma_xfer *)&trans_wrapper->trans;
  445. asp = (*out_trans)->data;
  446. boundary = (void *)trans_wrapper + QAIC_WRAPPER_MAX_SIZE;
  447. *size = 0;
  448. dma_len = 0;
  449. w = trans_wrapper;
  450. dma_chunk_len = 0;
  451. for_each_sg(sgt->sgl, sg, nents_dma, i) {
  452. asp->size = cpu_to_le64(dma_len);
  453. dma_chunk_len += dma_len;
  454. if (dma_len) {
  455. asp++;
  456. if ((void *)asp + sizeof(*asp) > boundary) {
  457. w->len = (void *)asp - (void *)&w->msg;
  458. *size += w->len;
  459. w = add_wrapper(wrappers, QAIC_WRAPPER_MAX_SIZE);
  460. if (!w)
  461. return -ENOMEM;
  462. boundary = (void *)w + QAIC_WRAPPER_MAX_SIZE;
  463. asp = (struct wire_addr_size_pair *)&w->msg;
  464. }
  465. }
  466. asp->addr = cpu_to_le64(sg_dma_address(sg));
  467. dma_len = sg_dma_len(sg);
  468. }
  469. /* finalize the last segment */
  470. asp->size = cpu_to_le64(dma_len);
  471. w->len = (void *)asp + sizeof(*asp) - (void *)&w->msg;
  472. *size += w->len;
  473. dma_chunk_len += dma_len;
  474. resources->xferred_dma_size += dma_chunk_len;
  475. return nents_dma < nents ? 1 : 0;
  476. }
  477. static void cleanup_xfer(struct qaic_device *qdev, struct dma_xfer *xfer)
  478. {
  479. int i;
  480. dma_unmap_sgtable(&qdev->pdev->dev, xfer->sgt, DMA_TO_DEVICE, 0);
  481. sg_free_table(xfer->sgt);
  482. kfree(xfer->sgt);
  483. for (i = 0; i < xfer->nr_pages; ++i)
  484. put_page(xfer->page_list[i]);
  485. kfree(xfer->page_list);
  486. }
  487. static int encode_dma(struct qaic_device *qdev, void *trans, struct wrapper_list *wrappers,
  488. u32 *user_len, struct ioctl_resources *resources, struct qaic_user *usr)
  489. {
  490. struct qaic_manage_trans_dma_xfer *in_trans = trans;
  491. struct wire_trans_dma_xfer *out_trans;
  492. struct wrapper_msg *wrapper;
  493. struct dma_xfer *xfer;
  494. struct wire_msg *msg;
  495. bool need_cont_dma;
  496. u32 msg_hdr_len;
  497. u32 size;
  498. int ret;
  499. wrapper = list_first_entry(&wrappers->list, struct wrapper_msg, list);
  500. msg = &wrapper->msg;
  501. msg_hdr_len = le32_to_cpu(msg->hdr.len);
  502. /* There should be enough space to hold at least one ASP entry. */
  503. if (size_add(msg_hdr_len, sizeof(*out_trans) + sizeof(struct wire_addr_size_pair)) >
  504. QAIC_MANAGE_WIRE_MSG_LENGTH)
  505. return -ENOMEM;
  506. xfer = kmalloc_obj(*xfer);
  507. if (!xfer)
  508. return -ENOMEM;
  509. ret = find_and_map_user_pages(qdev, in_trans, resources, xfer);
  510. if (ret < 0)
  511. goto free_xfer;
  512. need_cont_dma = (bool)ret;
  513. ret = encode_addr_size_pairs(xfer, wrappers, resources, msg_hdr_len, &size, &out_trans);
  514. if (ret < 0)
  515. goto cleanup_xfer;
  516. need_cont_dma = need_cont_dma || (bool)ret;
  517. msg->hdr.len = cpu_to_le32(msg_hdr_len + size);
  518. msg->hdr.count = incr_le32(msg->hdr.count);
  519. out_trans->hdr.type = cpu_to_le32(QAIC_TRANS_DMA_XFER_TO_DEV);
  520. out_trans->hdr.len = cpu_to_le32(size);
  521. out_trans->tag = cpu_to_le32(in_trans->tag);
  522. out_trans->count = cpu_to_le32((size - sizeof(*out_trans)) /
  523. sizeof(struct wire_addr_size_pair));
  524. *user_len += in_trans->hdr.len;
  525. if (resources->dma_chunk_id) {
  526. out_trans->dma_chunk_id = cpu_to_le32(resources->dma_chunk_id);
  527. } else if (need_cont_dma) {
  528. while (resources->dma_chunk_id == 0)
  529. resources->dma_chunk_id = atomic_inc_return(&usr->chunk_id);
  530. out_trans->dma_chunk_id = cpu_to_le32(resources->dma_chunk_id);
  531. }
  532. resources->trans_hdr = trans;
  533. list_add(&xfer->list, &resources->dma_xfers);
  534. return 0;
  535. cleanup_xfer:
  536. cleanup_xfer(qdev, xfer);
  537. free_xfer:
  538. kfree(xfer);
  539. return ret;
  540. }
  541. static int encode_activate(struct qaic_device *qdev, void *trans, struct wrapper_list *wrappers,
  542. u32 *user_len, struct ioctl_resources *resources)
  543. {
  544. struct qaic_manage_trans_activate_to_dev *in_trans = trans;
  545. struct wire_trans_activate_to_dev *out_trans;
  546. struct wrapper_msg *trans_wrapper;
  547. struct wrapper_msg *wrapper;
  548. struct wire_msg *msg;
  549. dma_addr_t dma_addr;
  550. u32 msg_hdr_len;
  551. void *buf;
  552. u32 nelem;
  553. u32 size;
  554. int ret;
  555. wrapper = list_first_entry(&wrappers->list, struct wrapper_msg, list);
  556. msg = &wrapper->msg;
  557. msg_hdr_len = le32_to_cpu(msg->hdr.len);
  558. if (size_add(msg_hdr_len, sizeof(*out_trans)) > QAIC_MANAGE_WIRE_MSG_LENGTH)
  559. return -ENOSPC;
  560. if (!in_trans->queue_size)
  561. return -EINVAL;
  562. if (in_trans->pad)
  563. return -EINVAL;
  564. nelem = in_trans->queue_size;
  565. if (check_mul_overflow((u32)(get_dbc_req_elem_size() + get_dbc_rsp_elem_size()),
  566. nelem,
  567. &size))
  568. return -EINVAL;
  569. if (size + QAIC_DBC_Q_GAP + QAIC_DBC_Q_BUF_ALIGN < size)
  570. return -EINVAL;
  571. size = ALIGN((size + QAIC_DBC_Q_GAP), QAIC_DBC_Q_BUF_ALIGN);
  572. buf = dma_alloc_coherent(&qdev->pdev->dev, size, &dma_addr, GFP_KERNEL);
  573. if (!buf)
  574. return -ENOMEM;
  575. trans_wrapper = add_wrapper(wrappers,
  576. offsetof(struct wrapper_msg, trans) + sizeof(*out_trans));
  577. if (!trans_wrapper) {
  578. ret = -ENOMEM;
  579. goto free_dma;
  580. }
  581. trans_wrapper->len = sizeof(*out_trans);
  582. out_trans = (struct wire_trans_activate_to_dev *)&trans_wrapper->trans;
  583. out_trans->hdr.type = cpu_to_le32(QAIC_TRANS_ACTIVATE_TO_DEV);
  584. out_trans->hdr.len = cpu_to_le32(sizeof(*out_trans));
  585. out_trans->buf_len = cpu_to_le32(size);
  586. out_trans->req_q_addr = cpu_to_le64(dma_addr);
  587. out_trans->req_q_size = cpu_to_le32(nelem);
  588. out_trans->rsp_q_addr = cpu_to_le64(dma_addr + size - nelem * get_dbc_rsp_elem_size());
  589. out_trans->rsp_q_size = cpu_to_le32(nelem);
  590. out_trans->options = cpu_to_le32(in_trans->options);
  591. *user_len += in_trans->hdr.len;
  592. msg->hdr.len = cpu_to_le32(msg_hdr_len + sizeof(*out_trans));
  593. msg->hdr.count = incr_le32(msg->hdr.count);
  594. resources->buf = buf;
  595. resources->dma_addr = dma_addr;
  596. resources->total_size = size;
  597. resources->nelem = nelem;
  598. resources->rsp_q_base = buf + size - nelem * get_dbc_rsp_elem_size();
  599. return 0;
  600. free_dma:
  601. dma_free_coherent(&qdev->pdev->dev, size, buf, dma_addr);
  602. return ret;
  603. }
  604. static int encode_deactivate(struct qaic_device *qdev, void *trans,
  605. u32 *user_len, struct qaic_user *usr)
  606. {
  607. struct qaic_manage_trans_deactivate *in_trans = trans;
  608. if (in_trans->dbc_id >= qdev->num_dbc || in_trans->pad)
  609. return -EINVAL;
  610. *user_len += in_trans->hdr.len;
  611. return disable_dbc(qdev, in_trans->dbc_id, usr);
  612. }
  613. static int encode_status(struct qaic_device *qdev, void *trans, struct wrapper_list *wrappers,
  614. u32 *user_len)
  615. {
  616. struct qaic_manage_trans_status_to_dev *in_trans = trans;
  617. struct wire_trans_status_to_dev *out_trans;
  618. struct wrapper_msg *trans_wrapper;
  619. struct wrapper_msg *wrapper;
  620. struct wire_msg *msg;
  621. u32 msg_hdr_len;
  622. wrapper = list_first_entry(&wrappers->list, struct wrapper_msg, list);
  623. msg = &wrapper->msg;
  624. msg_hdr_len = le32_to_cpu(msg->hdr.len);
  625. if (size_add(msg_hdr_len, in_trans->hdr.len) > QAIC_MANAGE_WIRE_MSG_LENGTH)
  626. return -ENOSPC;
  627. trans_wrapper = add_wrapper(wrappers, sizeof(*trans_wrapper));
  628. if (!trans_wrapper)
  629. return -ENOMEM;
  630. trans_wrapper->len = sizeof(*out_trans);
  631. out_trans = (struct wire_trans_status_to_dev *)&trans_wrapper->trans;
  632. out_trans->hdr.type = cpu_to_le32(QAIC_TRANS_STATUS_TO_DEV);
  633. out_trans->hdr.len = cpu_to_le32(in_trans->hdr.len);
  634. msg->hdr.len = cpu_to_le32(msg_hdr_len + in_trans->hdr.len);
  635. msg->hdr.count = incr_le32(msg->hdr.count);
  636. *user_len += in_trans->hdr.len;
  637. return 0;
  638. }
  639. static int encode_message(struct qaic_device *qdev, struct manage_msg *user_msg,
  640. struct wrapper_list *wrappers, struct ioctl_resources *resources,
  641. struct qaic_user *usr)
  642. {
  643. struct qaic_manage_trans_hdr *trans_hdr;
  644. struct wrapper_msg *wrapper;
  645. struct wire_msg *msg;
  646. u32 user_len = 0;
  647. int ret;
  648. int i;
  649. if (!user_msg->count ||
  650. user_msg->len < sizeof(*trans_hdr)) {
  651. ret = -EINVAL;
  652. goto out;
  653. }
  654. wrapper = list_first_entry(&wrappers->list, struct wrapper_msg, list);
  655. msg = &wrapper->msg;
  656. msg->hdr.len = cpu_to_le32(sizeof(msg->hdr));
  657. if (resources->dma_chunk_id) {
  658. ret = encode_dma(qdev, resources->trans_hdr, wrappers, &user_len, resources, usr);
  659. msg->hdr.count = cpu_to_le32(1);
  660. goto out;
  661. }
  662. for (i = 0; i < user_msg->count; ++i) {
  663. if (user_len > user_msg->len - sizeof(*trans_hdr)) {
  664. ret = -EINVAL;
  665. break;
  666. }
  667. trans_hdr = (struct qaic_manage_trans_hdr *)(user_msg->data + user_len);
  668. if (trans_hdr->len < sizeof(trans_hdr) ||
  669. size_add(user_len, trans_hdr->len) > user_msg->len) {
  670. ret = -EINVAL;
  671. break;
  672. }
  673. switch (trans_hdr->type) {
  674. case QAIC_TRANS_PASSTHROUGH_FROM_USR:
  675. ret = encode_passthrough(qdev, trans_hdr, wrappers, &user_len);
  676. break;
  677. case QAIC_TRANS_DMA_XFER_FROM_USR:
  678. ret = encode_dma(qdev, trans_hdr, wrappers, &user_len, resources, usr);
  679. break;
  680. case QAIC_TRANS_ACTIVATE_FROM_USR:
  681. ret = encode_activate(qdev, trans_hdr, wrappers, &user_len, resources);
  682. break;
  683. case QAIC_TRANS_DEACTIVATE_FROM_USR:
  684. ret = encode_deactivate(qdev, trans_hdr, &user_len, usr);
  685. break;
  686. case QAIC_TRANS_STATUS_FROM_USR:
  687. ret = encode_status(qdev, trans_hdr, wrappers, &user_len);
  688. break;
  689. default:
  690. ret = -EINVAL;
  691. break;
  692. }
  693. if (ret)
  694. goto out;
  695. }
  696. if (user_len != user_msg->len)
  697. ret = -EINVAL;
  698. out:
  699. if (ret) {
  700. free_dma_xfers(qdev, resources);
  701. free_dbc_buf(qdev, resources);
  702. return ret;
  703. }
  704. return 0;
  705. }
  706. static int decode_passthrough(struct qaic_device *qdev, void *trans, struct manage_msg *user_msg,
  707. u32 *msg_len)
  708. {
  709. struct qaic_manage_trans_passthrough *out_trans;
  710. struct wire_trans_passthrough *in_trans = trans;
  711. u32 len;
  712. out_trans = (void *)user_msg->data + user_msg->len;
  713. len = le32_to_cpu(in_trans->hdr.len);
  714. if (len % 8 != 0)
  715. return -EINVAL;
  716. if (user_msg->len + len > QAIC_MANAGE_MAX_MSG_LENGTH)
  717. return -ENOSPC;
  718. memcpy(out_trans->data, in_trans->data, len - sizeof(in_trans->hdr));
  719. user_msg->len += len;
  720. *msg_len += len;
  721. out_trans->hdr.type = le32_to_cpu(in_trans->hdr.type);
  722. out_trans->hdr.len = len;
  723. return 0;
  724. }
  725. static int decode_activate(struct qaic_device *qdev, void *trans, struct manage_msg *user_msg,
  726. u32 *msg_len, struct ioctl_resources *resources, struct qaic_user *usr)
  727. {
  728. struct qaic_manage_trans_activate_from_dev *out_trans;
  729. struct wire_trans_activate_from_dev *in_trans = trans;
  730. u32 len;
  731. out_trans = (void *)user_msg->data + user_msg->len;
  732. len = le32_to_cpu(in_trans->hdr.len);
  733. if (user_msg->len + len > QAIC_MANAGE_MAX_MSG_LENGTH)
  734. return -ENOSPC;
  735. user_msg->len += len;
  736. *msg_len += len;
  737. out_trans->hdr.type = le32_to_cpu(in_trans->hdr.type);
  738. out_trans->hdr.len = len;
  739. out_trans->status = le32_to_cpu(in_trans->status);
  740. out_trans->dbc_id = le32_to_cpu(in_trans->dbc_id);
  741. out_trans->options = le64_to_cpu(in_trans->options);
  742. if (!resources->buf)
  743. /* how did we get an activate response without a request? */
  744. return -EINVAL;
  745. if (out_trans->dbc_id >= qdev->num_dbc)
  746. /*
  747. * The device assigned an invalid resource, which should never
  748. * happen. Return an error so the user can try to recover.
  749. */
  750. return -ENODEV;
  751. if (out_trans->status)
  752. /*
  753. * Allocating resources failed on device side. This is not an
  754. * expected behaviour, user is expected to handle this situation.
  755. */
  756. return -ECANCELED;
  757. resources->status = out_trans->status;
  758. resources->dbc_id = out_trans->dbc_id;
  759. save_dbc_buf(qdev, resources, usr);
  760. return 0;
  761. }
  762. static int decode_deactivate(struct qaic_device *qdev, void *trans, u32 *msg_len,
  763. struct qaic_user *usr)
  764. {
  765. struct wire_trans_deactivate_from_dev *in_trans = trans;
  766. u32 dbc_id = le32_to_cpu(in_trans->dbc_id);
  767. u32 status = le32_to_cpu(in_trans->status);
  768. if (dbc_id >= qdev->num_dbc)
  769. /*
  770. * The device assigned an invalid resource, which should never
  771. * happen. Inject an error so the user can try to recover.
  772. */
  773. return -ENODEV;
  774. if (usr && status) {
  775. /*
  776. * Releasing resources failed on the device side, which puts
  777. * us in a bind since they may still be in use, so enable the
  778. * dbc. User is expected to retry deactivation.
  779. */
  780. enable_dbc(qdev, dbc_id, usr);
  781. return -ECANCELED;
  782. }
  783. release_dbc(qdev, dbc_id);
  784. set_dbc_state(qdev, dbc_id, DBC_STATE_IDLE);
  785. *msg_len += sizeof(*in_trans);
  786. return 0;
  787. }
  788. static int decode_status(struct qaic_device *qdev, void *trans, struct manage_msg *user_msg,
  789. u32 *user_len, struct wire_msg *msg)
  790. {
  791. struct qaic_manage_trans_status_from_dev *out_trans;
  792. struct wire_trans_status_from_dev *in_trans = trans;
  793. u32 len;
  794. out_trans = (void *)user_msg->data + user_msg->len;
  795. len = le32_to_cpu(in_trans->hdr.len);
  796. if (user_msg->len + len > QAIC_MANAGE_MAX_MSG_LENGTH)
  797. return -ENOSPC;
  798. out_trans->hdr.type = QAIC_TRANS_STATUS_FROM_DEV;
  799. out_trans->hdr.len = len;
  800. out_trans->major = le16_to_cpu(in_trans->major);
  801. out_trans->minor = le16_to_cpu(in_trans->minor);
  802. out_trans->status_flags = le64_to_cpu(in_trans->status_flags);
  803. out_trans->status = le32_to_cpu(in_trans->status);
  804. *user_len += le32_to_cpu(in_trans->hdr.len);
  805. user_msg->len += len;
  806. if (out_trans->status)
  807. return -ECANCELED;
  808. if (out_trans->status_flags & BIT(0) && !valid_crc(msg))
  809. return -EPIPE;
  810. return 0;
  811. }
  812. static int decode_message(struct qaic_device *qdev, struct manage_msg *user_msg,
  813. struct wire_msg *msg, struct ioctl_resources *resources,
  814. struct qaic_user *usr)
  815. {
  816. u32 msg_hdr_len = le32_to_cpu(msg->hdr.len);
  817. struct wire_trans_hdr *trans_hdr;
  818. u32 msg_len = 0;
  819. int ret;
  820. int i;
  821. if (msg_hdr_len < sizeof(*trans_hdr) ||
  822. msg_hdr_len > QAIC_MANAGE_MAX_MSG_LENGTH)
  823. return -EINVAL;
  824. user_msg->len = 0;
  825. user_msg->count = le32_to_cpu(msg->hdr.count);
  826. for (i = 0; i < user_msg->count; ++i) {
  827. u32 hdr_len;
  828. if (msg_len > msg_hdr_len - sizeof(*trans_hdr))
  829. return -EINVAL;
  830. trans_hdr = (struct wire_trans_hdr *)(msg->data + msg_len);
  831. hdr_len = le32_to_cpu(trans_hdr->len);
  832. if (hdr_len < sizeof(*trans_hdr) ||
  833. size_add(msg_len, hdr_len) > msg_hdr_len)
  834. return -EINVAL;
  835. switch (le32_to_cpu(trans_hdr->type)) {
  836. case QAIC_TRANS_PASSTHROUGH_FROM_DEV:
  837. ret = decode_passthrough(qdev, trans_hdr, user_msg, &msg_len);
  838. break;
  839. case QAIC_TRANS_ACTIVATE_FROM_DEV:
  840. ret = decode_activate(qdev, trans_hdr, user_msg, &msg_len, resources, usr);
  841. break;
  842. case QAIC_TRANS_DEACTIVATE_FROM_DEV:
  843. ret = decode_deactivate(qdev, trans_hdr, &msg_len, usr);
  844. break;
  845. case QAIC_TRANS_STATUS_FROM_DEV:
  846. ret = decode_status(qdev, trans_hdr, user_msg, &msg_len, msg);
  847. break;
  848. default:
  849. return -EINVAL;
  850. }
  851. if (ret)
  852. return ret;
  853. }
  854. if (msg_len != (msg_hdr_len - sizeof(msg->hdr)))
  855. return -EINVAL;
  856. return 0;
  857. }
  858. static void *msg_xfer(struct qaic_device *qdev, struct wrapper_list *wrappers, u32 seq_num,
  859. bool ignore_signal)
  860. {
  861. struct xfer_queue_elem elem;
  862. struct wire_msg *out_buf;
  863. struct wrapper_msg *w;
  864. long ret = -EAGAIN;
  865. int xfer_count = 0;
  866. int retry_count;
  867. /* Allow QAIC_BOOT state since we need to check control protocol version */
  868. if (qdev->dev_state == QAIC_OFFLINE) {
  869. mutex_unlock(&qdev->cntl_mutex);
  870. return ERR_PTR(-ENODEV);
  871. }
  872. /* Attempt to avoid a partial commit of a message */
  873. list_for_each_entry(w, &wrappers->list, list)
  874. xfer_count++;
  875. for (retry_count = 0; retry_count < QAIC_MHI_RETRY_MAX; retry_count++) {
  876. if (xfer_count <= mhi_get_free_desc_count(qdev->cntl_ch, DMA_TO_DEVICE)) {
  877. ret = 0;
  878. break;
  879. }
  880. msleep_interruptible(QAIC_MHI_RETRY_WAIT_MS);
  881. if (signal_pending(current))
  882. break;
  883. }
  884. if (ret) {
  885. mutex_unlock(&qdev->cntl_mutex);
  886. return ERR_PTR(ret);
  887. }
  888. elem.seq_num = seq_num;
  889. elem.buf = NULL;
  890. init_completion(&elem.xfer_done);
  891. if (likely(!qdev->cntl_lost_buf)) {
  892. /*
  893. * The max size of request to device is QAIC_MANAGE_WIRE_MSG_LENGTH.
  894. * The max size of response from device is QAIC_MANAGE_MAX_MSG_LENGTH.
  895. */
  896. out_buf = kmalloc(QAIC_MANAGE_MAX_MSG_LENGTH, GFP_KERNEL);
  897. if (!out_buf) {
  898. mutex_unlock(&qdev->cntl_mutex);
  899. return ERR_PTR(-ENOMEM);
  900. }
  901. ret = mhi_queue_buf(qdev->cntl_ch, DMA_FROM_DEVICE, out_buf,
  902. QAIC_MANAGE_MAX_MSG_LENGTH, MHI_EOT);
  903. if (ret) {
  904. mutex_unlock(&qdev->cntl_mutex);
  905. return ERR_PTR(ret);
  906. }
  907. } else {
  908. /*
  909. * we lost a buffer because we queued a recv buf, but then
  910. * queuing the corresponding tx buf failed. To try to avoid
  911. * a memory leak, lets reclaim it and use it for this
  912. * transaction.
  913. */
  914. qdev->cntl_lost_buf = false;
  915. }
  916. list_for_each_entry(w, &wrappers->list, list) {
  917. kref_get(&w->ref_count);
  918. ret = mhi_queue_buf(qdev->cntl_ch, DMA_TO_DEVICE, &w->msg, w->len,
  919. list_is_last(&w->list, &wrappers->list) ? MHI_EOT : MHI_CHAIN);
  920. if (ret) {
  921. qdev->cntl_lost_buf = true;
  922. kref_put(&w->ref_count, free_wrapper);
  923. mutex_unlock(&qdev->cntl_mutex);
  924. return ERR_PTR(ret);
  925. }
  926. }
  927. list_add_tail(&elem.list, &qdev->cntl_xfer_list);
  928. mutex_unlock(&qdev->cntl_mutex);
  929. if (ignore_signal)
  930. ret = wait_for_completion_timeout(&elem.xfer_done, control_resp_timeout_s * HZ);
  931. else
  932. ret = wait_for_completion_interruptible_timeout(&elem.xfer_done,
  933. control_resp_timeout_s * HZ);
  934. /*
  935. * not using _interruptable because we have to cleanup or we'll
  936. * likely cause memory corruption
  937. */
  938. mutex_lock(&qdev->cntl_mutex);
  939. if (!list_empty(&elem.list))
  940. list_del(&elem.list);
  941. /* resp_worker() processed the response but the wait was interrupted */
  942. else if (ret == -ERESTARTSYS)
  943. ret = 0;
  944. if (!ret && !elem.buf)
  945. ret = -ETIMEDOUT;
  946. else if (ret > 0 && !elem.buf)
  947. ret = -EIO;
  948. mutex_unlock(&qdev->cntl_mutex);
  949. if (ret < 0) {
  950. kfree(elem.buf);
  951. return ERR_PTR(ret);
  952. } else if (!qdev->valid_crc(elem.buf)) {
  953. kfree(elem.buf);
  954. return ERR_PTR(-EPIPE);
  955. }
  956. return elem.buf;
  957. }
  958. /* Add a transaction to abort the outstanding DMA continuation */
  959. static int abort_dma_cont(struct qaic_device *qdev, struct wrapper_list *wrappers, u32 dma_chunk_id)
  960. {
  961. struct wire_trans_dma_xfer *out_trans;
  962. u32 size = sizeof(*out_trans);
  963. struct wrapper_msg *wrapper;
  964. struct wrapper_msg *w;
  965. struct wire_msg *msg;
  966. wrapper = list_first_entry(&wrappers->list, struct wrapper_msg, list);
  967. msg = &wrapper->msg;
  968. /* Remove all but the first wrapper which has the msg header */
  969. list_for_each_entry_safe(wrapper, w, &wrappers->list, list)
  970. if (!list_is_first(&wrapper->list, &wrappers->list))
  971. kref_put(&wrapper->ref_count, free_wrapper);
  972. wrapper = add_wrapper(wrappers, sizeof(*wrapper));
  973. if (!wrapper)
  974. return -ENOMEM;
  975. out_trans = (struct wire_trans_dma_xfer *)&wrapper->trans;
  976. out_trans->hdr.type = cpu_to_le32(QAIC_TRANS_DMA_XFER_TO_DEV);
  977. out_trans->hdr.len = cpu_to_le32(size);
  978. out_trans->tag = cpu_to_le32(0);
  979. out_trans->count = cpu_to_le32(0);
  980. out_trans->dma_chunk_id = cpu_to_le32(dma_chunk_id);
  981. msg->hdr.len = cpu_to_le32(size + sizeof(*msg));
  982. msg->hdr.count = cpu_to_le32(1);
  983. wrapper->len = size;
  984. return 0;
  985. }
  986. static struct wrapper_list *alloc_wrapper_list(void)
  987. {
  988. struct wrapper_list *wrappers;
  989. wrappers = kmalloc_obj(*wrappers);
  990. if (!wrappers)
  991. return NULL;
  992. INIT_LIST_HEAD(&wrappers->list);
  993. spin_lock_init(&wrappers->lock);
  994. return wrappers;
  995. }
  996. static int qaic_manage_msg_xfer(struct qaic_device *qdev, struct qaic_user *usr,
  997. struct manage_msg *user_msg, struct ioctl_resources *resources,
  998. struct wire_msg **rsp)
  999. {
  1000. struct wrapper_list *wrappers;
  1001. struct wrapper_msg *wrapper;
  1002. struct wrapper_msg *w;
  1003. bool all_done = false;
  1004. struct wire_msg *msg;
  1005. int ret;
  1006. wrappers = alloc_wrapper_list();
  1007. if (!wrappers)
  1008. return -ENOMEM;
  1009. wrapper = add_wrapper(wrappers, sizeof(*wrapper));
  1010. if (!wrapper) {
  1011. kfree(wrappers);
  1012. return -ENOMEM;
  1013. }
  1014. msg = &wrapper->msg;
  1015. wrapper->len = sizeof(*msg);
  1016. ret = encode_message(qdev, user_msg, wrappers, resources, usr);
  1017. if (ret && resources->dma_chunk_id)
  1018. ret = abort_dma_cont(qdev, wrappers, resources->dma_chunk_id);
  1019. if (ret)
  1020. goto encode_failed;
  1021. ret = mutex_lock_interruptible(&qdev->cntl_mutex);
  1022. if (ret)
  1023. goto lock_failed;
  1024. msg->hdr.magic_number = MANAGE_MAGIC_NUMBER;
  1025. msg->hdr.sequence_number = cpu_to_le32(qdev->next_seq_num++);
  1026. if (usr) {
  1027. msg->hdr.handle = cpu_to_le32(usr->handle);
  1028. msg->hdr.partition_id = cpu_to_le32(usr->qddev->partition_id);
  1029. } else {
  1030. msg->hdr.handle = 0;
  1031. msg->hdr.partition_id = cpu_to_le32(QAIC_NO_PARTITION);
  1032. }
  1033. msg->hdr.padding = cpu_to_le32(0);
  1034. msg->hdr.crc32 = cpu_to_le32(qdev->gen_crc(wrappers));
  1035. /* msg_xfer releases the mutex */
  1036. *rsp = msg_xfer(qdev, wrappers, qdev->next_seq_num - 1, false);
  1037. if (IS_ERR(*rsp))
  1038. ret = PTR_ERR(*rsp);
  1039. lock_failed:
  1040. free_dma_xfers(qdev, resources);
  1041. encode_failed:
  1042. spin_lock(&wrappers->lock);
  1043. list_for_each_entry_safe(wrapper, w, &wrappers->list, list)
  1044. kref_put(&wrapper->ref_count, free_wrapper);
  1045. all_done = list_empty(&wrappers->list);
  1046. spin_unlock(&wrappers->lock);
  1047. if (all_done)
  1048. kfree(wrappers);
  1049. return ret;
  1050. }
  1051. static int qaic_manage(struct qaic_device *qdev, struct qaic_user *usr, struct manage_msg *user_msg)
  1052. {
  1053. struct wire_trans_dma_xfer_cont *dma_cont = NULL;
  1054. struct ioctl_resources resources;
  1055. struct wire_msg *rsp = NULL;
  1056. int ret;
  1057. memset(&resources, 0, sizeof(struct ioctl_resources));
  1058. INIT_LIST_HEAD(&resources.dma_xfers);
  1059. if (user_msg->len > QAIC_MANAGE_MAX_MSG_LENGTH ||
  1060. user_msg->count > QAIC_MANAGE_MAX_MSG_LENGTH / sizeof(struct qaic_manage_trans_hdr))
  1061. return -EINVAL;
  1062. dma_xfer_continue:
  1063. ret = qaic_manage_msg_xfer(qdev, usr, user_msg, &resources, &rsp);
  1064. if (ret)
  1065. return ret;
  1066. /* dma_cont should be the only transaction if present */
  1067. if (le32_to_cpu(rsp->hdr.count) == 1) {
  1068. dma_cont = (struct wire_trans_dma_xfer_cont *)rsp->data;
  1069. if (le32_to_cpu(dma_cont->hdr.type) != QAIC_TRANS_DMA_XFER_CONT)
  1070. dma_cont = NULL;
  1071. }
  1072. if (dma_cont) {
  1073. if (le32_to_cpu(dma_cont->dma_chunk_id) == resources.dma_chunk_id &&
  1074. le64_to_cpu(dma_cont->xferred_size) == resources.xferred_dma_size) {
  1075. kfree(rsp);
  1076. goto dma_xfer_continue;
  1077. }
  1078. ret = -EINVAL;
  1079. goto dma_cont_failed;
  1080. }
  1081. ret = decode_message(qdev, user_msg, rsp, &resources, usr);
  1082. dma_cont_failed:
  1083. free_dbc_buf(qdev, &resources);
  1084. kfree(rsp);
  1085. return ret;
  1086. }
  1087. int qaic_manage_ioctl(struct drm_device *dev, void *data, struct drm_file *file_priv)
  1088. {
  1089. struct qaic_manage_msg *user_msg = data;
  1090. struct qaic_device *qdev;
  1091. struct manage_msg *msg;
  1092. struct qaic_user *usr;
  1093. u8 __user *user_data;
  1094. int qdev_rcu_id;
  1095. int usr_rcu_id;
  1096. int ret;
  1097. if (user_msg->len > QAIC_MANAGE_MAX_MSG_LENGTH)
  1098. return -EINVAL;
  1099. usr = file_priv->driver_priv;
  1100. usr_rcu_id = srcu_read_lock(&usr->qddev_lock);
  1101. if (!usr->qddev) {
  1102. srcu_read_unlock(&usr->qddev_lock, usr_rcu_id);
  1103. return -ENODEV;
  1104. }
  1105. qdev = usr->qddev->qdev;
  1106. qdev_rcu_id = srcu_read_lock(&qdev->dev_lock);
  1107. if (qdev->dev_state != QAIC_ONLINE) {
  1108. srcu_read_unlock(&qdev->dev_lock, qdev_rcu_id);
  1109. srcu_read_unlock(&usr->qddev_lock, usr_rcu_id);
  1110. return -ENODEV;
  1111. }
  1112. msg = kzalloc(QAIC_MANAGE_MAX_MSG_LENGTH + sizeof(*msg), GFP_KERNEL);
  1113. if (!msg) {
  1114. ret = -ENOMEM;
  1115. goto out;
  1116. }
  1117. msg->len = user_msg->len;
  1118. msg->count = user_msg->count;
  1119. user_data = u64_to_user_ptr(user_msg->data);
  1120. if (copy_from_user(msg->data, user_data, user_msg->len)) {
  1121. ret = -EFAULT;
  1122. goto free_msg;
  1123. }
  1124. ret = qaic_manage(qdev, usr, msg);
  1125. /*
  1126. * If the qaic_manage() is successful then we copy the message onto
  1127. * userspace memory but we have an exception for -ECANCELED.
  1128. * For -ECANCELED, it means that device has NACKed the message with a
  1129. * status error code which userspace would like to know.
  1130. */
  1131. if (ret == -ECANCELED || !ret) {
  1132. if (copy_to_user(user_data, msg->data, msg->len)) {
  1133. ret = -EFAULT;
  1134. } else {
  1135. user_msg->len = msg->len;
  1136. user_msg->count = msg->count;
  1137. }
  1138. }
  1139. free_msg:
  1140. kfree(msg);
  1141. out:
  1142. srcu_read_unlock(&qdev->dev_lock, qdev_rcu_id);
  1143. srcu_read_unlock(&usr->qddev_lock, usr_rcu_id);
  1144. return ret;
  1145. }
  1146. int get_cntl_version(struct qaic_device *qdev, struct qaic_user *usr, u16 *major, u16 *minor)
  1147. {
  1148. struct qaic_manage_trans_status_from_dev *status_result;
  1149. struct qaic_manage_trans_status_to_dev *status_query;
  1150. struct manage_msg *user_msg;
  1151. int ret;
  1152. user_msg = kmalloc(sizeof(*user_msg) + sizeof(*status_result), GFP_KERNEL);
  1153. if (!user_msg) {
  1154. ret = -ENOMEM;
  1155. goto out;
  1156. }
  1157. user_msg->len = sizeof(*status_query);
  1158. user_msg->count = 1;
  1159. status_query = (struct qaic_manage_trans_status_to_dev *)user_msg->data;
  1160. status_query->hdr.type = QAIC_TRANS_STATUS_FROM_USR;
  1161. status_query->hdr.len = sizeof(status_query->hdr);
  1162. ret = qaic_manage(qdev, usr, user_msg);
  1163. if (ret)
  1164. goto kfree_user_msg;
  1165. status_result = (struct qaic_manage_trans_status_from_dev *)user_msg->data;
  1166. *major = status_result->major;
  1167. *minor = status_result->minor;
  1168. if (status_result->status_flags & BIT(0)) { /* device is using CRC */
  1169. /* By default qdev->gen_crc is programmed to generate CRC */
  1170. qdev->valid_crc = valid_crc;
  1171. } else {
  1172. /* By default qdev->valid_crc is programmed to bypass CRC */
  1173. qdev->gen_crc = gen_crc_stub;
  1174. }
  1175. kfree_user_msg:
  1176. kfree(user_msg);
  1177. out:
  1178. return ret;
  1179. }
  1180. static void resp_worker(struct work_struct *work)
  1181. {
  1182. struct resp_work *resp = container_of(work, struct resp_work, work);
  1183. struct qaic_device *qdev = resp->qdev;
  1184. struct wire_msg *msg = resp->buf;
  1185. struct xfer_queue_elem *elem;
  1186. struct xfer_queue_elem *i;
  1187. bool found = false;
  1188. mutex_lock(&qdev->cntl_mutex);
  1189. list_for_each_entry_safe(elem, i, &qdev->cntl_xfer_list, list) {
  1190. if (elem->seq_num == le32_to_cpu(msg->hdr.sequence_number)) {
  1191. found = true;
  1192. list_del_init(&elem->list);
  1193. elem->buf = msg;
  1194. complete_all(&elem->xfer_done);
  1195. break;
  1196. }
  1197. }
  1198. mutex_unlock(&qdev->cntl_mutex);
  1199. if (!found) {
  1200. /*
  1201. * The user might have gone away at this point without waiting
  1202. * for QAIC_TRANS_DEACTIVATE_FROM_DEV transaction coming from
  1203. * the device. If this is not handled correctly, the host will
  1204. * not know that the DBC[n] has been freed on the device.
  1205. * Due to this failure in synchronization between the device and
  1206. * the host, if another user requests to activate a network, and
  1207. * the device assigns DBC[n] again, save_dbc_buf() will hang,
  1208. * waiting for dbc[n]->in_use to be set to false, which will not
  1209. * happen unless the qaic_dev_reset_clean_local_state() gets
  1210. * called by resetting the device (or re-inserting the module).
  1211. *
  1212. * As a solution, we look for QAIC_TRANS_DEACTIVATE_FROM_DEV
  1213. * transactions in the message before disposing of it, then
  1214. * handle releasing the DBC resources.
  1215. *
  1216. * Since the user has gone away, if the device could not
  1217. * deactivate the network (status != 0), there is no way to
  1218. * enable and reassign the DBC to the user. We can put trust in
  1219. * the device that it will release all the active DBCs in
  1220. * response to the QAIC_TRANS_TERMINATE_TO_DEV transaction,
  1221. * otherwise, the user can issue an soc_reset to the device.
  1222. */
  1223. u32 msg_count = le32_to_cpu(msg->hdr.count);
  1224. u32 msg_len = le32_to_cpu(msg->hdr.len);
  1225. u32 len = 0;
  1226. int j;
  1227. for (j = 0; j < msg_count && len < msg_len; ++j) {
  1228. struct wire_trans_hdr *trans_hdr;
  1229. trans_hdr = (struct wire_trans_hdr *)(msg->data + len);
  1230. if (le32_to_cpu(trans_hdr->type) == QAIC_TRANS_DEACTIVATE_FROM_DEV) {
  1231. if (decode_deactivate(qdev, trans_hdr, &len, NULL))
  1232. len += le32_to_cpu(trans_hdr->len);
  1233. } else {
  1234. len += le32_to_cpu(trans_hdr->len);
  1235. }
  1236. }
  1237. /* request must have timed out, drop packet */
  1238. kfree(msg);
  1239. }
  1240. kfree(resp);
  1241. }
  1242. static void free_wrapper_from_list(struct wrapper_list *wrappers, struct wrapper_msg *wrapper)
  1243. {
  1244. bool all_done = false;
  1245. spin_lock(&wrappers->lock);
  1246. kref_put(&wrapper->ref_count, free_wrapper);
  1247. all_done = list_empty(&wrappers->list);
  1248. spin_unlock(&wrappers->lock);
  1249. if (all_done)
  1250. kfree(wrappers);
  1251. }
  1252. void qaic_mhi_ul_xfer_cb(struct mhi_device *mhi_dev, struct mhi_result *mhi_result)
  1253. {
  1254. struct wire_msg *msg = mhi_result->buf_addr;
  1255. struct wrapper_msg *wrapper = container_of(msg, struct wrapper_msg, msg);
  1256. free_wrapper_from_list(wrapper->head, wrapper);
  1257. }
  1258. void qaic_mhi_dl_xfer_cb(struct mhi_device *mhi_dev, struct mhi_result *mhi_result)
  1259. {
  1260. struct qaic_device *qdev = dev_get_drvdata(&mhi_dev->dev);
  1261. struct wire_msg *msg = mhi_result->buf_addr;
  1262. struct resp_work *resp;
  1263. if (mhi_result->transaction_status || msg->hdr.magic_number != MANAGE_MAGIC_NUMBER) {
  1264. kfree(msg);
  1265. return;
  1266. }
  1267. resp = kmalloc_obj(*resp, GFP_ATOMIC);
  1268. if (!resp) {
  1269. kfree(msg);
  1270. return;
  1271. }
  1272. INIT_WORK(&resp->work, resp_worker);
  1273. resp->qdev = qdev;
  1274. resp->buf = msg;
  1275. queue_work(qdev->cntl_wq, &resp->work);
  1276. }
  1277. int qaic_control_open(struct qaic_device *qdev)
  1278. {
  1279. if (!qdev->cntl_ch)
  1280. return -ENODEV;
  1281. qdev->cntl_lost_buf = false;
  1282. /*
  1283. * By default qaic should assume that device has CRC enabled.
  1284. * Qaic comes to know if device has CRC enabled or disabled during the
  1285. * device status transaction, which is the first transaction performed
  1286. * on control channel.
  1287. *
  1288. * So CRC validation of first device status transaction response is
  1289. * ignored (by calling valid_crc_stub) and is done later during decoding
  1290. * if device has CRC enabled.
  1291. * Now that qaic knows whether device has CRC enabled or not it acts
  1292. * accordingly.
  1293. */
  1294. qdev->gen_crc = gen_crc;
  1295. qdev->valid_crc = valid_crc_stub;
  1296. return mhi_prepare_for_transfer(qdev->cntl_ch);
  1297. }
  1298. void qaic_control_close(struct qaic_device *qdev)
  1299. {
  1300. mhi_unprepare_from_transfer(qdev->cntl_ch);
  1301. }
  1302. void qaic_release_usr(struct qaic_device *qdev, struct qaic_user *usr)
  1303. {
  1304. struct wire_trans_terminate_to_dev *trans;
  1305. struct wrapper_list *wrappers;
  1306. struct wrapper_msg *wrapper;
  1307. struct wire_msg *msg;
  1308. struct wire_msg *rsp;
  1309. wrappers = alloc_wrapper_list();
  1310. if (!wrappers)
  1311. return;
  1312. wrapper = add_wrapper(wrappers, sizeof(*wrapper) + sizeof(*msg) + sizeof(*trans));
  1313. if (!wrapper)
  1314. return;
  1315. msg = &wrapper->msg;
  1316. trans = (struct wire_trans_terminate_to_dev *)msg->data;
  1317. trans->hdr.type = cpu_to_le32(QAIC_TRANS_TERMINATE_TO_DEV);
  1318. trans->hdr.len = cpu_to_le32(sizeof(*trans));
  1319. trans->handle = cpu_to_le32(usr->handle);
  1320. mutex_lock(&qdev->cntl_mutex);
  1321. wrapper->len = sizeof(msg->hdr) + sizeof(*trans);
  1322. msg->hdr.magic_number = MANAGE_MAGIC_NUMBER;
  1323. msg->hdr.sequence_number = cpu_to_le32(qdev->next_seq_num++);
  1324. msg->hdr.len = cpu_to_le32(wrapper->len);
  1325. msg->hdr.count = cpu_to_le32(1);
  1326. msg->hdr.handle = cpu_to_le32(usr->handle);
  1327. msg->hdr.padding = cpu_to_le32(0);
  1328. msg->hdr.crc32 = cpu_to_le32(qdev->gen_crc(wrappers));
  1329. /*
  1330. * msg_xfer releases the mutex
  1331. * We don't care about the return of msg_xfer since we will not do
  1332. * anything different based on what happens.
  1333. * We ignore pending signals since one will be set if the user is
  1334. * killed, and we need give the device a chance to cleanup, otherwise
  1335. * DMA may still be in progress when we return.
  1336. */
  1337. rsp = msg_xfer(qdev, wrappers, qdev->next_seq_num - 1, true);
  1338. if (!IS_ERR(rsp))
  1339. kfree(rsp);
  1340. free_wrapper_from_list(wrappers, wrapper);
  1341. }
  1342. void wake_all_cntl(struct qaic_device *qdev)
  1343. {
  1344. struct xfer_queue_elem *elem;
  1345. struct xfer_queue_elem *i;
  1346. mutex_lock(&qdev->cntl_mutex);
  1347. list_for_each_entry_safe(elem, i, &qdev->cntl_xfer_list, list) {
  1348. list_del_init(&elem->list);
  1349. complete_all(&elem->xfer_done);
  1350. }
  1351. mutex_unlock(&qdev->cntl_mutex);
  1352. }