1 // SPDX-License-Identifier: GPL-2.0-only
3 /* Copyright (c) 2019-2021, The Linux Foundation. All rights reserved. */
4 /* Copyright (c) 2021-2023 Qualcomm Innovation Center, Inc. All rights reserved. */
6 #include <asm/byteorder.h>
7 #include <linux/completion.h>
8 #include <linux/crc32.h>
9 #include <linux/delay.h>
10 #include <linux/dma-mapping.h>
11 #include <linux/kref.h>
12 #include <linux/list.h>
13 #include <linux/mhi.h>
15 #include <linux/moduleparam.h>
16 #include <linux/mutex.h>
17 #include <linux/overflow.h>
18 #include <linux/pci.h>
19 #include <linux/scatterlist.h>
20 #include <linux/types.h>
21 #include <linux/uaccess.h>
22 #include <linux/workqueue.h>
23 #include <linux/wait.h>
24 #include <drm/drm_device.h>
25 #include <drm/drm_file.h>
26 #include <uapi/drm/qaic_accel.h>
30 #define MANAGE_MAGIC_NUMBER ((__force __le32)0x43494151) /* "QAIC" in little endian */
31 #define QAIC_DBC_Q_GAP SZ_256
32 #define QAIC_DBC_Q_BUF_ALIGN SZ_4K
33 #define QAIC_MANAGE_EXT_MSG_LENGTH SZ_64K /* Max DMA message length */
34 #define QAIC_WRAPPER_MAX_SIZE SZ_4K
35 #define QAIC_MHI_RETRY_WAIT_MS 100
36 #define QAIC_MHI_RETRY_MAX 20
38 static unsigned int control_resp_timeout_s = 60; /* 60 sec default */
39 module_param(control_resp_timeout_s, uint, 0600);
40 MODULE_PARM_DESC(control_resp_timeout_s, "Timeout for NNC responses from QSM");
49 * wire encoding structures for the manage protocol.
50 * All fields are little endian on the wire
53 __le32 crc32; /* crc of everything following this field in the message */
55 __le32 sequence_number;
56 __le32 len; /* length of this message */
57 __le32 count; /* number of transactions in this message */
58 __le32 handle; /* unique id to track the resources consumed */
59 __le32 partition_id; /* partition id for the request (signed) */
60 __le32 padding; /* must be 0 */
64 struct wire_msg_hdr hdr;
68 struct wire_trans_hdr {
73 /* Each message sent from driver to device are organized in a list of wrapper_msg */
75 struct list_head list;
76 struct kref ref_count;
77 u32 len; /* length of data to transfer */
78 struct wrapper_list *head;
81 struct wire_trans_hdr trans;
86 struct list_head list;
87 spinlock_t lock; /* Protects the list state during additions and removals */
90 struct wire_trans_passthrough {
91 struct wire_trans_hdr hdr;
95 struct wire_addr_size_pair {
100 struct wire_trans_dma_xfer {
101 struct wire_trans_hdr hdr;
106 struct wire_addr_size_pair data[];
109 /* Initiated by device to continue the DMA xfer of a large piece of data */
110 struct wire_trans_dma_xfer_cont {
111 struct wire_trans_hdr hdr;
117 struct wire_trans_activate_to_dev {
118 struct wire_trans_hdr hdr;
124 __le32 options; /* unused, but BIT(16) has meaning to the device */
127 struct wire_trans_activate_from_dev {
128 struct wire_trans_hdr hdr;
131 __le64 options; /* unused */
134 struct wire_trans_deactivate_from_dev {
135 struct wire_trans_hdr hdr;
140 struct wire_trans_terminate_to_dev {
141 struct wire_trans_hdr hdr;
146 struct wire_trans_terminate_from_dev {
147 struct wire_trans_hdr hdr;
152 struct wire_trans_status_to_dev {
153 struct wire_trans_hdr hdr;
156 struct wire_trans_status_from_dev {
157 struct wire_trans_hdr hdr;
164 struct wire_trans_validate_part_to_dev {
165 struct wire_trans_hdr hdr;
170 struct wire_trans_validate_part_from_dev {
171 struct wire_trans_hdr hdr;
176 struct xfer_queue_elem {
178 * Node in list of ongoing transfer request on control channel.
179 * Maintained by root device struct.
181 struct list_head list;
182 /* Sequence number of this transfer request */
184 /* This is used to wait on until completion of transfer request */
185 struct completion xfer_done;
186 /* Received data from device */
191 /* Node in list of DMA transfers which is used for cleanup */
192 struct list_head list;
193 /* SG table of memory used for DMA */
194 struct sg_table *sgt;
195 /* Array pages used for DMA */
196 struct page **page_list;
197 /* Number of pages used for DMA */
198 unsigned long nr_pages;
201 struct ioctl_resources {
202 /* List of all DMA transfers which is used later for cleanup */
203 struct list_head dma_xfers;
204 /* Base address of request queue which belongs to a DBC */
207 * Base bus address of request queue which belongs to a DBC. Response
208 * queue base bus address can be calculated by adding size of request
209 * queue to base bus address of request queue.
212 /* Total size of request queue and response queue in byte */
214 /* Total number of elements that can be queued in each of request and response queue */
216 /* Base address of response queue which belongs to a DBC */
218 /* Status of the NNC message received */
220 /* DBC id of the DBC received from device */
223 * DMA transfer request messages can be big in size and it may not be
224 * possible to send them in one shot. In such cases the messages are
225 * broken into chunks, this field stores ID of such chunks.
228 /* Total number of bytes transferred for a DMA xfer request */
229 u64 xferred_dma_size;
230 /* Header of transaction message received from user. Used during DMA xfer request. */
235 struct work_struct work;
236 struct qaic_device *qdev;
241 * Since we're working with little endian messages, its useful to be able to
242 * increment without filling a whole line with conversions back and forth just
243 * to add one(1) to a message count.
245 static __le32 incr_le32(__le32 val)
247 return cpu_to_le32(le32_to_cpu(val) + 1);
250 static u32 gen_crc(void *msg)
252 struct wrapper_list *wrappers = msg;
253 struct wrapper_msg *w;
256 list_for_each_entry(w, &wrappers->list, list)
257 crc = crc32(crc, &w->msg, w->len);
262 static u32 gen_crc_stub(void *msg)
267 static bool valid_crc(void *msg)
269 struct wire_msg_hdr *hdr = msg;
274 * The output of this algorithm is always converted to the native
277 crc = le32_to_cpu(hdr->crc32);
279 ret = (crc32(~0, msg, le32_to_cpu(hdr->len)) ^ ~0) == crc;
280 hdr->crc32 = cpu_to_le32(crc);
284 static bool valid_crc_stub(void *msg)
289 static void free_wrapper(struct kref *ref)
291 struct wrapper_msg *wrapper = container_of(ref, struct wrapper_msg, ref_count);
293 list_del(&wrapper->list);
297 static void save_dbc_buf(struct qaic_device *qdev, struct ioctl_resources *resources,
298 struct qaic_user *usr)
300 u32 dbc_id = resources->dbc_id;
302 if (resources->buf) {
303 wait_event_interruptible(qdev->dbc[dbc_id].dbc_release, !qdev->dbc[dbc_id].in_use);
304 qdev->dbc[dbc_id].req_q_base = resources->buf;
305 qdev->dbc[dbc_id].rsp_q_base = resources->rsp_q_base;
306 qdev->dbc[dbc_id].dma_addr = resources->dma_addr;
307 qdev->dbc[dbc_id].total_size = resources->total_size;
308 qdev->dbc[dbc_id].nelem = resources->nelem;
309 enable_dbc(qdev, dbc_id, usr);
310 qdev->dbc[dbc_id].in_use = true;
311 resources->buf = NULL;
315 static void free_dbc_buf(struct qaic_device *qdev, struct ioctl_resources *resources)
318 dma_free_coherent(&qdev->pdev->dev, resources->total_size, resources->buf,
319 resources->dma_addr);
320 resources->buf = NULL;
323 static void free_dma_xfers(struct qaic_device *qdev, struct ioctl_resources *resources)
325 struct dma_xfer *xfer;
329 list_for_each_entry_safe(xfer, x, &resources->dma_xfers, list) {
330 dma_unmap_sgtable(&qdev->pdev->dev, xfer->sgt, DMA_TO_DEVICE, 0);
331 sg_free_table(xfer->sgt);
333 for (i = 0; i < xfer->nr_pages; ++i)
334 put_page(xfer->page_list[i]);
335 kfree(xfer->page_list);
336 list_del(&xfer->list);
341 static struct wrapper_msg *add_wrapper(struct wrapper_list *wrappers, u32 size)
343 struct wrapper_msg *w = kzalloc(size, GFP_KERNEL);
347 list_add_tail(&w->list, &wrappers->list);
348 kref_init(&w->ref_count);
353 static int encode_passthrough(struct qaic_device *qdev, void *trans, struct wrapper_list *wrappers,
356 struct qaic_manage_trans_passthrough *in_trans = trans;
357 struct wire_trans_passthrough *out_trans;
358 struct wrapper_msg *trans_wrapper;
359 struct wrapper_msg *wrapper;
360 struct wire_msg *msg;
363 wrapper = list_first_entry(&wrappers->list, struct wrapper_msg, list);
365 msg_hdr_len = le32_to_cpu(msg->hdr.len);
367 if (in_trans->hdr.len % 8 != 0)
370 if (size_add(msg_hdr_len, in_trans->hdr.len) > QAIC_MANAGE_EXT_MSG_LENGTH)
373 trans_wrapper = add_wrapper(wrappers,
374 offsetof(struct wrapper_msg, trans) + in_trans->hdr.len);
377 trans_wrapper->len = in_trans->hdr.len;
378 out_trans = (struct wire_trans_passthrough *)&trans_wrapper->trans;
380 memcpy(out_trans->data, in_trans->data, in_trans->hdr.len - sizeof(in_trans->hdr));
381 msg->hdr.len = cpu_to_le32(msg_hdr_len + in_trans->hdr.len);
382 msg->hdr.count = incr_le32(msg->hdr.count);
383 *user_len += in_trans->hdr.len;
384 out_trans->hdr.type = cpu_to_le32(QAIC_TRANS_PASSTHROUGH_TO_DEV);
385 out_trans->hdr.len = cpu_to_le32(in_trans->hdr.len);
390 /* returns error code for failure, 0 if enough pages alloc'd, 1 if dma_cont is needed */
391 static int find_and_map_user_pages(struct qaic_device *qdev,
392 struct qaic_manage_trans_dma_xfer *in_trans,
393 struct ioctl_resources *resources, struct dma_xfer *xfer)
395 unsigned long need_pages;
396 struct page **page_list;
397 unsigned long nr_pages;
398 struct sg_table *sgt;
403 xfer_start_addr = in_trans->addr + resources->xferred_dma_size;
405 need_pages = DIV_ROUND_UP(in_trans->size + offset_in_page(xfer_start_addr) -
406 resources->xferred_dma_size, PAGE_SIZE);
408 nr_pages = need_pages;
411 page_list = kmalloc_array(nr_pages, sizeof(*page_list), GFP_KERNEL | __GFP_NOWARN);
413 nr_pages = nr_pages / 2;
421 ret = get_user_pages_fast(xfer_start_addr, nr_pages, 0, page_list);
424 if (ret != nr_pages) {
430 sgt = kmalloc(sizeof(*sgt), GFP_KERNEL);
436 ret = sg_alloc_table_from_pages(sgt, page_list, nr_pages,
437 offset_in_page(xfer_start_addr),
438 in_trans->size - resources->xferred_dma_size, GFP_KERNEL);
444 ret = dma_map_sgtable(&qdev->pdev->dev, sgt, DMA_TO_DEVICE, 0);
449 xfer->page_list = page_list;
450 xfer->nr_pages = nr_pages;
452 return need_pages > nr_pages ? 1 : 0;
459 for (i = 0; i < nr_pages; ++i)
460 put_page(page_list[i]);
466 /* returns error code for failure, 0 if everything was encoded, 1 if dma_cont is needed */
467 static int encode_addr_size_pairs(struct dma_xfer *xfer, struct wrapper_list *wrappers,
468 struct ioctl_resources *resources, u32 msg_hdr_len, u32 *size,
469 struct wire_trans_dma_xfer **out_trans)
471 struct wrapper_msg *trans_wrapper;
472 struct sg_table *sgt = xfer->sgt;
473 struct wire_addr_size_pair *asp;
474 struct scatterlist *sg;
475 struct wrapper_msg *w;
476 unsigned int dma_len;
485 *size = QAIC_MANAGE_EXT_MSG_LENGTH - msg_hdr_len - sizeof(**out_trans);
486 for_each_sgtable_sg(sgt, sg, i) {
487 *size -= sizeof(*asp);
488 /* Save 1K for possible follow-up transactions. */
495 trans_wrapper = add_wrapper(wrappers, QAIC_WRAPPER_MAX_SIZE);
498 *out_trans = (struct wire_trans_dma_xfer *)&trans_wrapper->trans;
500 asp = (*out_trans)->data;
501 boundary = (void *)trans_wrapper + QAIC_WRAPPER_MAX_SIZE;
507 for_each_sg(sgt->sgl, sg, nents_dma, i) {
508 asp->size = cpu_to_le64(dma_len);
509 dma_chunk_len += dma_len;
512 if ((void *)asp + sizeof(*asp) > boundary) {
513 w->len = (void *)asp - (void *)&w->msg;
515 w = add_wrapper(wrappers, QAIC_WRAPPER_MAX_SIZE);
518 boundary = (void *)w + QAIC_WRAPPER_MAX_SIZE;
519 asp = (struct wire_addr_size_pair *)&w->msg;
522 asp->addr = cpu_to_le64(sg_dma_address(sg));
523 dma_len = sg_dma_len(sg);
525 /* finalize the last segment */
526 asp->size = cpu_to_le64(dma_len);
527 w->len = (void *)asp + sizeof(*asp) - (void *)&w->msg;
529 dma_chunk_len += dma_len;
530 resources->xferred_dma_size += dma_chunk_len;
532 return nents_dma < nents ? 1 : 0;
535 static void cleanup_xfer(struct qaic_device *qdev, struct dma_xfer *xfer)
539 dma_unmap_sgtable(&qdev->pdev->dev, xfer->sgt, DMA_TO_DEVICE, 0);
540 sg_free_table(xfer->sgt);
542 for (i = 0; i < xfer->nr_pages; ++i)
543 put_page(xfer->page_list[i]);
544 kfree(xfer->page_list);
547 static int encode_dma(struct qaic_device *qdev, void *trans, struct wrapper_list *wrappers,
548 u32 *user_len, struct ioctl_resources *resources, struct qaic_user *usr)
550 struct qaic_manage_trans_dma_xfer *in_trans = trans;
551 struct wire_trans_dma_xfer *out_trans;
552 struct wrapper_msg *wrapper;
553 struct dma_xfer *xfer;
554 struct wire_msg *msg;
560 wrapper = list_first_entry(&wrappers->list, struct wrapper_msg, list);
562 msg_hdr_len = le32_to_cpu(msg->hdr.len);
564 /* There should be enough space to hold at least one ASP entry. */
565 if (size_add(msg_hdr_len, sizeof(*out_trans) + sizeof(struct wire_addr_size_pair)) >
566 QAIC_MANAGE_EXT_MSG_LENGTH)
569 if (in_trans->addr + in_trans->size < in_trans->addr || !in_trans->size)
572 xfer = kmalloc(sizeof(*xfer), GFP_KERNEL);
576 ret = find_and_map_user_pages(qdev, in_trans, resources, xfer);
580 need_cont_dma = (bool)ret;
582 ret = encode_addr_size_pairs(xfer, wrappers, resources, msg_hdr_len, &size, &out_trans);
586 need_cont_dma = need_cont_dma || (bool)ret;
588 msg->hdr.len = cpu_to_le32(msg_hdr_len + size);
589 msg->hdr.count = incr_le32(msg->hdr.count);
591 out_trans->hdr.type = cpu_to_le32(QAIC_TRANS_DMA_XFER_TO_DEV);
592 out_trans->hdr.len = cpu_to_le32(size);
593 out_trans->tag = cpu_to_le32(in_trans->tag);
594 out_trans->count = cpu_to_le32((size - sizeof(*out_trans)) /
595 sizeof(struct wire_addr_size_pair));
597 *user_len += in_trans->hdr.len;
599 if (resources->dma_chunk_id) {
600 out_trans->dma_chunk_id = cpu_to_le32(resources->dma_chunk_id);
601 } else if (need_cont_dma) {
602 while (resources->dma_chunk_id == 0)
603 resources->dma_chunk_id = atomic_inc_return(&usr->chunk_id);
605 out_trans->dma_chunk_id = cpu_to_le32(resources->dma_chunk_id);
607 resources->trans_hdr = trans;
609 list_add(&xfer->list, &resources->dma_xfers);
613 cleanup_xfer(qdev, xfer);
619 static int encode_activate(struct qaic_device *qdev, void *trans, struct wrapper_list *wrappers,
620 u32 *user_len, struct ioctl_resources *resources)
622 struct qaic_manage_trans_activate_to_dev *in_trans = trans;
623 struct wire_trans_activate_to_dev *out_trans;
624 struct wrapper_msg *trans_wrapper;
625 struct wrapper_msg *wrapper;
626 struct wire_msg *msg;
634 wrapper = list_first_entry(&wrappers->list, struct wrapper_msg, list);
636 msg_hdr_len = le32_to_cpu(msg->hdr.len);
638 if (size_add(msg_hdr_len, sizeof(*out_trans)) > QAIC_MANAGE_MAX_MSG_LENGTH)
641 if (!in_trans->queue_size)
647 nelem = in_trans->queue_size;
648 size = (get_dbc_req_elem_size() + get_dbc_rsp_elem_size()) * nelem;
649 if (size / nelem != get_dbc_req_elem_size() + get_dbc_rsp_elem_size())
652 if (size + QAIC_DBC_Q_GAP + QAIC_DBC_Q_BUF_ALIGN < size)
655 size = ALIGN((size + QAIC_DBC_Q_GAP), QAIC_DBC_Q_BUF_ALIGN);
657 buf = dma_alloc_coherent(&qdev->pdev->dev, size, &dma_addr, GFP_KERNEL);
661 trans_wrapper = add_wrapper(wrappers,
662 offsetof(struct wrapper_msg, trans) + sizeof(*out_trans));
663 if (!trans_wrapper) {
667 trans_wrapper->len = sizeof(*out_trans);
668 out_trans = (struct wire_trans_activate_to_dev *)&trans_wrapper->trans;
670 out_trans->hdr.type = cpu_to_le32(QAIC_TRANS_ACTIVATE_TO_DEV);
671 out_trans->hdr.len = cpu_to_le32(sizeof(*out_trans));
672 out_trans->buf_len = cpu_to_le32(size);
673 out_trans->req_q_addr = cpu_to_le64(dma_addr);
674 out_trans->req_q_size = cpu_to_le32(nelem);
675 out_trans->rsp_q_addr = cpu_to_le64(dma_addr + size - nelem * get_dbc_rsp_elem_size());
676 out_trans->rsp_q_size = cpu_to_le32(nelem);
677 out_trans->options = cpu_to_le32(in_trans->options);
679 *user_len += in_trans->hdr.len;
680 msg->hdr.len = cpu_to_le32(msg_hdr_len + sizeof(*out_trans));
681 msg->hdr.count = incr_le32(msg->hdr.count);
683 resources->buf = buf;
684 resources->dma_addr = dma_addr;
685 resources->total_size = size;
686 resources->nelem = nelem;
687 resources->rsp_q_base = buf + size - nelem * get_dbc_rsp_elem_size();
691 dma_free_coherent(&qdev->pdev->dev, size, buf, dma_addr);
695 static int encode_deactivate(struct qaic_device *qdev, void *trans,
696 u32 *user_len, struct qaic_user *usr)
698 struct qaic_manage_trans_deactivate *in_trans = trans;
700 if (in_trans->dbc_id >= qdev->num_dbc || in_trans->pad)
703 *user_len += in_trans->hdr.len;
705 return disable_dbc(qdev, in_trans->dbc_id, usr);
708 static int encode_status(struct qaic_device *qdev, void *trans, struct wrapper_list *wrappers,
711 struct qaic_manage_trans_status_to_dev *in_trans = trans;
712 struct wire_trans_status_to_dev *out_trans;
713 struct wrapper_msg *trans_wrapper;
714 struct wrapper_msg *wrapper;
715 struct wire_msg *msg;
718 wrapper = list_first_entry(&wrappers->list, struct wrapper_msg, list);
720 msg_hdr_len = le32_to_cpu(msg->hdr.len);
722 if (size_add(msg_hdr_len, in_trans->hdr.len) > QAIC_MANAGE_MAX_MSG_LENGTH)
725 trans_wrapper = add_wrapper(wrappers, sizeof(*trans_wrapper));
729 trans_wrapper->len = sizeof(*out_trans);
730 out_trans = (struct wire_trans_status_to_dev *)&trans_wrapper->trans;
732 out_trans->hdr.type = cpu_to_le32(QAIC_TRANS_STATUS_TO_DEV);
733 out_trans->hdr.len = cpu_to_le32(in_trans->hdr.len);
734 msg->hdr.len = cpu_to_le32(msg_hdr_len + in_trans->hdr.len);
735 msg->hdr.count = incr_le32(msg->hdr.count);
736 *user_len += in_trans->hdr.len;
741 static int encode_message(struct qaic_device *qdev, struct manage_msg *user_msg,
742 struct wrapper_list *wrappers, struct ioctl_resources *resources,
743 struct qaic_user *usr)
745 struct qaic_manage_trans_hdr *trans_hdr;
746 struct wrapper_msg *wrapper;
747 struct wire_msg *msg;
752 if (!user_msg->count ||
753 user_msg->len < sizeof(*trans_hdr)) {
758 wrapper = list_first_entry(&wrappers->list, struct wrapper_msg, list);
761 msg->hdr.len = cpu_to_le32(sizeof(msg->hdr));
763 if (resources->dma_chunk_id) {
764 ret = encode_dma(qdev, resources->trans_hdr, wrappers, &user_len, resources, usr);
765 msg->hdr.count = cpu_to_le32(1);
769 for (i = 0; i < user_msg->count; ++i) {
770 if (user_len > user_msg->len - sizeof(*trans_hdr)) {
774 trans_hdr = (struct qaic_manage_trans_hdr *)(user_msg->data + user_len);
775 if (trans_hdr->len < sizeof(trans_hdr) ||
776 size_add(user_len, trans_hdr->len) > user_msg->len) {
781 switch (trans_hdr->type) {
782 case QAIC_TRANS_PASSTHROUGH_FROM_USR:
783 ret = encode_passthrough(qdev, trans_hdr, wrappers, &user_len);
785 case QAIC_TRANS_DMA_XFER_FROM_USR:
786 ret = encode_dma(qdev, trans_hdr, wrappers, &user_len, resources, usr);
788 case QAIC_TRANS_ACTIVATE_FROM_USR:
789 ret = encode_activate(qdev, trans_hdr, wrappers, &user_len, resources);
791 case QAIC_TRANS_DEACTIVATE_FROM_USR:
792 ret = encode_deactivate(qdev, trans_hdr, &user_len, usr);
794 case QAIC_TRANS_STATUS_FROM_USR:
795 ret = encode_status(qdev, trans_hdr, wrappers, &user_len);
806 if (user_len != user_msg->len)
810 free_dma_xfers(qdev, resources);
811 free_dbc_buf(qdev, resources);
818 static int decode_passthrough(struct qaic_device *qdev, void *trans, struct manage_msg *user_msg,
821 struct qaic_manage_trans_passthrough *out_trans;
822 struct wire_trans_passthrough *in_trans = trans;
825 out_trans = (void *)user_msg->data + user_msg->len;
827 len = le32_to_cpu(in_trans->hdr.len);
831 if (user_msg->len + len > QAIC_MANAGE_MAX_MSG_LENGTH)
834 memcpy(out_trans->data, in_trans->data, len - sizeof(in_trans->hdr));
835 user_msg->len += len;
837 out_trans->hdr.type = le32_to_cpu(in_trans->hdr.type);
838 out_trans->hdr.len = len;
843 static int decode_activate(struct qaic_device *qdev, void *trans, struct manage_msg *user_msg,
844 u32 *msg_len, struct ioctl_resources *resources, struct qaic_user *usr)
846 struct qaic_manage_trans_activate_from_dev *out_trans;
847 struct wire_trans_activate_from_dev *in_trans = trans;
850 out_trans = (void *)user_msg->data + user_msg->len;
852 len = le32_to_cpu(in_trans->hdr.len);
853 if (user_msg->len + len > QAIC_MANAGE_MAX_MSG_LENGTH)
856 user_msg->len += len;
858 out_trans->hdr.type = le32_to_cpu(in_trans->hdr.type);
859 out_trans->hdr.len = len;
860 out_trans->status = le32_to_cpu(in_trans->status);
861 out_trans->dbc_id = le32_to_cpu(in_trans->dbc_id);
862 out_trans->options = le64_to_cpu(in_trans->options);
865 /* how did we get an activate response without a request? */
868 if (out_trans->dbc_id >= qdev->num_dbc)
870 * The device assigned an invalid resource, which should never
871 * happen. Return an error so the user can try to recover.
875 if (out_trans->status)
877 * Allocating resources failed on device side. This is not an
878 * expected behaviour, user is expected to handle this situation.
882 resources->status = out_trans->status;
883 resources->dbc_id = out_trans->dbc_id;
884 save_dbc_buf(qdev, resources, usr);
889 static int decode_deactivate(struct qaic_device *qdev, void *trans, u32 *msg_len,
890 struct qaic_user *usr)
892 struct wire_trans_deactivate_from_dev *in_trans = trans;
893 u32 dbc_id = le32_to_cpu(in_trans->dbc_id);
894 u32 status = le32_to_cpu(in_trans->status);
896 if (dbc_id >= qdev->num_dbc)
898 * The device assigned an invalid resource, which should never
899 * happen. Inject an error so the user can try to recover.
905 * Releasing resources failed on the device side, which puts
906 * us in a bind since they may still be in use, so enable the
907 * dbc. User is expected to retry deactivation.
909 enable_dbc(qdev, dbc_id, usr);
913 release_dbc(qdev, dbc_id);
914 *msg_len += sizeof(*in_trans);
919 static int decode_status(struct qaic_device *qdev, void *trans, struct manage_msg *user_msg,
920 u32 *user_len, struct wire_msg *msg)
922 struct qaic_manage_trans_status_from_dev *out_trans;
923 struct wire_trans_status_from_dev *in_trans = trans;
926 out_trans = (void *)user_msg->data + user_msg->len;
928 len = le32_to_cpu(in_trans->hdr.len);
929 if (user_msg->len + len > QAIC_MANAGE_MAX_MSG_LENGTH)
932 out_trans->hdr.type = QAIC_TRANS_STATUS_FROM_DEV;
933 out_trans->hdr.len = len;
934 out_trans->major = le16_to_cpu(in_trans->major);
935 out_trans->minor = le16_to_cpu(in_trans->minor);
936 out_trans->status_flags = le64_to_cpu(in_trans->status_flags);
937 out_trans->status = le32_to_cpu(in_trans->status);
938 *user_len += le32_to_cpu(in_trans->hdr.len);
939 user_msg->len += len;
941 if (out_trans->status)
943 if (out_trans->status_flags & BIT(0) && !valid_crc(msg))
949 static int decode_message(struct qaic_device *qdev, struct manage_msg *user_msg,
950 struct wire_msg *msg, struct ioctl_resources *resources,
951 struct qaic_user *usr)
953 u32 msg_hdr_len = le32_to_cpu(msg->hdr.len);
954 struct wire_trans_hdr *trans_hdr;
959 if (msg_hdr_len < sizeof(*trans_hdr) ||
960 msg_hdr_len > QAIC_MANAGE_MAX_MSG_LENGTH)
964 user_msg->count = le32_to_cpu(msg->hdr.count);
966 for (i = 0; i < user_msg->count; ++i) {
969 if (msg_len > msg_hdr_len - sizeof(*trans_hdr))
972 trans_hdr = (struct wire_trans_hdr *)(msg->data + msg_len);
973 hdr_len = le32_to_cpu(trans_hdr->len);
974 if (hdr_len < sizeof(*trans_hdr) ||
975 size_add(msg_len, hdr_len) > msg_hdr_len)
978 switch (le32_to_cpu(trans_hdr->type)) {
979 case QAIC_TRANS_PASSTHROUGH_FROM_DEV:
980 ret = decode_passthrough(qdev, trans_hdr, user_msg, &msg_len);
982 case QAIC_TRANS_ACTIVATE_FROM_DEV:
983 ret = decode_activate(qdev, trans_hdr, user_msg, &msg_len, resources, usr);
985 case QAIC_TRANS_DEACTIVATE_FROM_DEV:
986 ret = decode_deactivate(qdev, trans_hdr, &msg_len, usr);
988 case QAIC_TRANS_STATUS_FROM_DEV:
989 ret = decode_status(qdev, trans_hdr, user_msg, &msg_len, msg);
999 if (msg_len != (msg_hdr_len - sizeof(msg->hdr)))
1005 static void *msg_xfer(struct qaic_device *qdev, struct wrapper_list *wrappers, u32 seq_num,
1008 struct xfer_queue_elem elem;
1009 struct wire_msg *out_buf;
1010 struct wrapper_msg *w;
1015 if (qdev->in_reset) {
1016 mutex_unlock(&qdev->cntl_mutex);
1017 return ERR_PTR(-ENODEV);
1020 /* Attempt to avoid a partial commit of a message */
1021 list_for_each_entry(w, &wrappers->list, list)
1024 for (retry_count = 0; retry_count < QAIC_MHI_RETRY_MAX; retry_count++) {
1025 if (xfer_count <= mhi_get_free_desc_count(qdev->cntl_ch, DMA_TO_DEVICE)) {
1029 msleep_interruptible(QAIC_MHI_RETRY_WAIT_MS);
1030 if (signal_pending(current))
1035 mutex_unlock(&qdev->cntl_mutex);
1036 return ERR_PTR(ret);
1039 elem.seq_num = seq_num;
1041 init_completion(&elem.xfer_done);
1042 if (likely(!qdev->cntl_lost_buf)) {
1044 * The max size of request to device is QAIC_MANAGE_EXT_MSG_LENGTH.
1045 * The max size of response from device is QAIC_MANAGE_MAX_MSG_LENGTH.
1047 out_buf = kmalloc(QAIC_MANAGE_MAX_MSG_LENGTH, GFP_KERNEL);
1049 mutex_unlock(&qdev->cntl_mutex);
1050 return ERR_PTR(-ENOMEM);
1053 ret = mhi_queue_buf(qdev->cntl_ch, DMA_FROM_DEVICE, out_buf,
1054 QAIC_MANAGE_MAX_MSG_LENGTH, MHI_EOT);
1056 mutex_unlock(&qdev->cntl_mutex);
1057 return ERR_PTR(ret);
1061 * we lost a buffer because we queued a recv buf, but then
1062 * queuing the corresponding tx buf failed. To try to avoid
1063 * a memory leak, lets reclaim it and use it for this
1066 qdev->cntl_lost_buf = false;
1069 list_for_each_entry(w, &wrappers->list, list) {
1070 kref_get(&w->ref_count);
1072 ret = mhi_queue_buf(qdev->cntl_ch, DMA_TO_DEVICE, &w->msg, w->len,
1073 list_is_last(&w->list, &wrappers->list) ? MHI_EOT : MHI_CHAIN);
1075 qdev->cntl_lost_buf = true;
1076 kref_put(&w->ref_count, free_wrapper);
1077 mutex_unlock(&qdev->cntl_mutex);
1078 return ERR_PTR(ret);
1082 list_add_tail(&elem.list, &qdev->cntl_xfer_list);
1083 mutex_unlock(&qdev->cntl_mutex);
1086 ret = wait_for_completion_timeout(&elem.xfer_done, control_resp_timeout_s * HZ);
1088 ret = wait_for_completion_interruptible_timeout(&elem.xfer_done,
1089 control_resp_timeout_s * HZ);
1091 * not using _interruptable because we have to cleanup or we'll
1092 * likely cause memory corruption
1094 mutex_lock(&qdev->cntl_mutex);
1095 if (!list_empty(&elem.list))
1096 list_del(&elem.list);
1097 if (!ret && !elem.buf)
1099 else if (ret > 0 && !elem.buf)
1101 mutex_unlock(&qdev->cntl_mutex);
1105 return ERR_PTR(ret);
1106 } else if (!qdev->valid_crc(elem.buf)) {
1108 return ERR_PTR(-EPIPE);
1114 /* Add a transaction to abort the outstanding DMA continuation */
1115 static int abort_dma_cont(struct qaic_device *qdev, struct wrapper_list *wrappers, u32 dma_chunk_id)
1117 struct wire_trans_dma_xfer *out_trans;
1118 u32 size = sizeof(*out_trans);
1119 struct wrapper_msg *wrapper;
1120 struct wrapper_msg *w;
1121 struct wire_msg *msg;
1123 wrapper = list_first_entry(&wrappers->list, struct wrapper_msg, list);
1124 msg = &wrapper->msg;
1126 /* Remove all but the first wrapper which has the msg header */
1127 list_for_each_entry_safe(wrapper, w, &wrappers->list, list)
1128 if (!list_is_first(&wrapper->list, &wrappers->list))
1129 kref_put(&wrapper->ref_count, free_wrapper);
1131 wrapper = add_wrapper(wrappers, offsetof(struct wrapper_msg, trans) + sizeof(*out_trans));
1136 out_trans = (struct wire_trans_dma_xfer *)&wrapper->trans;
1137 out_trans->hdr.type = cpu_to_le32(QAIC_TRANS_DMA_XFER_TO_DEV);
1138 out_trans->hdr.len = cpu_to_le32(size);
1139 out_trans->tag = cpu_to_le32(0);
1140 out_trans->count = cpu_to_le32(0);
1141 out_trans->dma_chunk_id = cpu_to_le32(dma_chunk_id);
1143 msg->hdr.len = cpu_to_le32(size + sizeof(*msg));
1144 msg->hdr.count = cpu_to_le32(1);
1145 wrapper->len = size;
1150 static struct wrapper_list *alloc_wrapper_list(void)
1152 struct wrapper_list *wrappers;
1154 wrappers = kmalloc(sizeof(*wrappers), GFP_KERNEL);
1157 INIT_LIST_HEAD(&wrappers->list);
1158 spin_lock_init(&wrappers->lock);
1163 static int qaic_manage_msg_xfer(struct qaic_device *qdev, struct qaic_user *usr,
1164 struct manage_msg *user_msg, struct ioctl_resources *resources,
1165 struct wire_msg **rsp)
1167 struct wrapper_list *wrappers;
1168 struct wrapper_msg *wrapper;
1169 struct wrapper_msg *w;
1170 bool all_done = false;
1171 struct wire_msg *msg;
1174 wrappers = alloc_wrapper_list();
1178 wrapper = add_wrapper(wrappers, sizeof(*wrapper));
1184 msg = &wrapper->msg;
1185 wrapper->len = sizeof(*msg);
1187 ret = encode_message(qdev, user_msg, wrappers, resources, usr);
1188 if (ret && resources->dma_chunk_id)
1189 ret = abort_dma_cont(qdev, wrappers, resources->dma_chunk_id);
1193 ret = mutex_lock_interruptible(&qdev->cntl_mutex);
1197 msg->hdr.magic_number = MANAGE_MAGIC_NUMBER;
1198 msg->hdr.sequence_number = cpu_to_le32(qdev->next_seq_num++);
1201 msg->hdr.handle = cpu_to_le32(usr->handle);
1202 msg->hdr.partition_id = cpu_to_le32(usr->qddev->partition_id);
1204 msg->hdr.handle = 0;
1205 msg->hdr.partition_id = cpu_to_le32(QAIC_NO_PARTITION);
1208 msg->hdr.padding = cpu_to_le32(0);
1209 msg->hdr.crc32 = cpu_to_le32(qdev->gen_crc(wrappers));
1211 /* msg_xfer releases the mutex */
1212 *rsp = msg_xfer(qdev, wrappers, qdev->next_seq_num - 1, false);
1214 ret = PTR_ERR(*rsp);
1217 free_dma_xfers(qdev, resources);
1219 spin_lock(&wrappers->lock);
1220 list_for_each_entry_safe(wrapper, w, &wrappers->list, list)
1221 kref_put(&wrapper->ref_count, free_wrapper);
1222 all_done = list_empty(&wrappers->list);
1223 spin_unlock(&wrappers->lock);
1230 static int qaic_manage(struct qaic_device *qdev, struct qaic_user *usr, struct manage_msg *user_msg)
1232 struct wire_trans_dma_xfer_cont *dma_cont = NULL;
1233 struct ioctl_resources resources;
1234 struct wire_msg *rsp = NULL;
1237 memset(&resources, 0, sizeof(struct ioctl_resources));
1239 INIT_LIST_HEAD(&resources.dma_xfers);
1241 if (user_msg->len > QAIC_MANAGE_MAX_MSG_LENGTH ||
1242 user_msg->count > QAIC_MANAGE_MAX_MSG_LENGTH / sizeof(struct qaic_manage_trans_hdr))
1246 ret = qaic_manage_msg_xfer(qdev, usr, user_msg, &resources, &rsp);
1249 /* dma_cont should be the only transaction if present */
1250 if (le32_to_cpu(rsp->hdr.count) == 1) {
1251 dma_cont = (struct wire_trans_dma_xfer_cont *)rsp->data;
1252 if (le32_to_cpu(dma_cont->hdr.type) != QAIC_TRANS_DMA_XFER_CONT)
1256 if (le32_to_cpu(dma_cont->dma_chunk_id) == resources.dma_chunk_id &&
1257 le64_to_cpu(dma_cont->xferred_size) == resources.xferred_dma_size) {
1259 goto dma_xfer_continue;
1263 goto dma_cont_failed;
1266 ret = decode_message(qdev, user_msg, rsp, &resources, usr);
1269 free_dbc_buf(qdev, &resources);
1274 int qaic_manage_ioctl(struct drm_device *dev, void *data, struct drm_file *file_priv)
1276 struct qaic_manage_msg *user_msg = data;
1277 struct qaic_device *qdev;
1278 struct manage_msg *msg;
1279 struct qaic_user *usr;
1280 u8 __user *user_data;
1285 if (user_msg->len > QAIC_MANAGE_MAX_MSG_LENGTH)
1288 usr = file_priv->driver_priv;
1290 usr_rcu_id = srcu_read_lock(&usr->qddev_lock);
1292 srcu_read_unlock(&usr->qddev_lock, usr_rcu_id);
1296 qdev = usr->qddev->qdev;
1298 qdev_rcu_id = srcu_read_lock(&qdev->dev_lock);
1299 if (qdev->in_reset) {
1300 srcu_read_unlock(&qdev->dev_lock, qdev_rcu_id);
1301 srcu_read_unlock(&usr->qddev_lock, usr_rcu_id);
1305 msg = kzalloc(QAIC_MANAGE_MAX_MSG_LENGTH + sizeof(*msg), GFP_KERNEL);
1311 msg->len = user_msg->len;
1312 msg->count = user_msg->count;
1314 user_data = u64_to_user_ptr(user_msg->data);
1316 if (copy_from_user(msg->data, user_data, user_msg->len)) {
1321 ret = qaic_manage(qdev, usr, msg);
1324 * If the qaic_manage() is successful then we copy the message onto
1325 * userspace memory but we have an exception for -ECANCELED.
1326 * For -ECANCELED, it means that device has NACKed the message with a
1327 * status error code which userspace would like to know.
1329 if (ret == -ECANCELED || !ret) {
1330 if (copy_to_user(user_data, msg->data, msg->len)) {
1333 user_msg->len = msg->len;
1334 user_msg->count = msg->count;
1341 srcu_read_unlock(&qdev->dev_lock, qdev_rcu_id);
1342 srcu_read_unlock(&usr->qddev_lock, usr_rcu_id);
1346 int get_cntl_version(struct qaic_device *qdev, struct qaic_user *usr, u16 *major, u16 *minor)
1348 struct qaic_manage_trans_status_from_dev *status_result;
1349 struct qaic_manage_trans_status_to_dev *status_query;
1350 struct manage_msg *user_msg;
1353 user_msg = kmalloc(sizeof(*user_msg) + sizeof(*status_result), GFP_KERNEL);
1358 user_msg->len = sizeof(*status_query);
1359 user_msg->count = 1;
1361 status_query = (struct qaic_manage_trans_status_to_dev *)user_msg->data;
1362 status_query->hdr.type = QAIC_TRANS_STATUS_FROM_USR;
1363 status_query->hdr.len = sizeof(status_query->hdr);
1365 ret = qaic_manage(qdev, usr, user_msg);
1367 goto kfree_user_msg;
1368 status_result = (struct qaic_manage_trans_status_from_dev *)user_msg->data;
1369 *major = status_result->major;
1370 *minor = status_result->minor;
1372 if (status_result->status_flags & BIT(0)) { /* device is using CRC */
1373 /* By default qdev->gen_crc is programmed to generate CRC */
1374 qdev->valid_crc = valid_crc;
1376 /* By default qdev->valid_crc is programmed to bypass CRC */
1377 qdev->gen_crc = gen_crc_stub;
1386 static void resp_worker(struct work_struct *work)
1388 struct resp_work *resp = container_of(work, struct resp_work, work);
1389 struct qaic_device *qdev = resp->qdev;
1390 struct wire_msg *msg = resp->buf;
1391 struct xfer_queue_elem *elem;
1392 struct xfer_queue_elem *i;
1395 mutex_lock(&qdev->cntl_mutex);
1396 list_for_each_entry_safe(elem, i, &qdev->cntl_xfer_list, list) {
1397 if (elem->seq_num == le32_to_cpu(msg->hdr.sequence_number)) {
1399 list_del_init(&elem->list);
1401 complete_all(&elem->xfer_done);
1405 mutex_unlock(&qdev->cntl_mutex);
1408 /* request must have timed out, drop packet */
1414 static void free_wrapper_from_list(struct wrapper_list *wrappers, struct wrapper_msg *wrapper)
1416 bool all_done = false;
1418 spin_lock(&wrappers->lock);
1419 kref_put(&wrapper->ref_count, free_wrapper);
1420 all_done = list_empty(&wrappers->list);
1421 spin_unlock(&wrappers->lock);
1427 void qaic_mhi_ul_xfer_cb(struct mhi_device *mhi_dev, struct mhi_result *mhi_result)
1429 struct wire_msg *msg = mhi_result->buf_addr;
1430 struct wrapper_msg *wrapper = container_of(msg, struct wrapper_msg, msg);
1432 free_wrapper_from_list(wrapper->head, wrapper);
1435 void qaic_mhi_dl_xfer_cb(struct mhi_device *mhi_dev, struct mhi_result *mhi_result)
1437 struct qaic_device *qdev = dev_get_drvdata(&mhi_dev->dev);
1438 struct wire_msg *msg = mhi_result->buf_addr;
1439 struct resp_work *resp;
1441 if (mhi_result->transaction_status || msg->hdr.magic_number != MANAGE_MAGIC_NUMBER) {
1446 resp = kmalloc(sizeof(*resp), GFP_ATOMIC);
1452 INIT_WORK(&resp->work, resp_worker);
1455 queue_work(qdev->cntl_wq, &resp->work);
1458 int qaic_control_open(struct qaic_device *qdev)
1463 qdev->cntl_lost_buf = false;
1465 * By default qaic should assume that device has CRC enabled.
1466 * Qaic comes to know if device has CRC enabled or disabled during the
1467 * device status transaction, which is the first transaction performed
1468 * on control channel.
1470 * So CRC validation of first device status transaction response is
1471 * ignored (by calling valid_crc_stub) and is done later during decoding
1472 * if device has CRC enabled.
1473 * Now that qaic knows whether device has CRC enabled or not it acts
1476 qdev->gen_crc = gen_crc;
1477 qdev->valid_crc = valid_crc_stub;
1479 return mhi_prepare_for_transfer(qdev->cntl_ch);
1482 void qaic_control_close(struct qaic_device *qdev)
1484 mhi_unprepare_from_transfer(qdev->cntl_ch);
1487 void qaic_release_usr(struct qaic_device *qdev, struct qaic_user *usr)
1489 struct wire_trans_terminate_to_dev *trans;
1490 struct wrapper_list *wrappers;
1491 struct wrapper_msg *wrapper;
1492 struct wire_msg *msg;
1493 struct wire_msg *rsp;
1495 wrappers = alloc_wrapper_list();
1499 wrapper = add_wrapper(wrappers, sizeof(*wrapper) + sizeof(*msg) + sizeof(*trans));
1503 msg = &wrapper->msg;
1505 trans = (struct wire_trans_terminate_to_dev *)msg->data;
1507 trans->hdr.type = cpu_to_le32(QAIC_TRANS_TERMINATE_TO_DEV);
1508 trans->hdr.len = cpu_to_le32(sizeof(*trans));
1509 trans->handle = cpu_to_le32(usr->handle);
1511 mutex_lock(&qdev->cntl_mutex);
1512 wrapper->len = sizeof(msg->hdr) + sizeof(*trans);
1513 msg->hdr.magic_number = MANAGE_MAGIC_NUMBER;
1514 msg->hdr.sequence_number = cpu_to_le32(qdev->next_seq_num++);
1515 msg->hdr.len = cpu_to_le32(wrapper->len);
1516 msg->hdr.count = cpu_to_le32(1);
1517 msg->hdr.handle = cpu_to_le32(usr->handle);
1518 msg->hdr.padding = cpu_to_le32(0);
1519 msg->hdr.crc32 = cpu_to_le32(qdev->gen_crc(wrappers));
1522 * msg_xfer releases the mutex
1523 * We don't care about the return of msg_xfer since we will not do
1524 * anything different based on what happens.
1525 * We ignore pending signals since one will be set if the user is
1526 * killed, and we need give the device a chance to cleanup, otherwise
1527 * DMA may still be in progress when we return.
1529 rsp = msg_xfer(qdev, wrappers, qdev->next_seq_num - 1, true);
1532 free_wrapper_from_list(wrappers, wrapper);
1535 void wake_all_cntl(struct qaic_device *qdev)
1537 struct xfer_queue_elem *elem;
1538 struct xfer_queue_elem *i;
1540 mutex_lock(&qdev->cntl_mutex);
1541 list_for_each_entry_safe(elem, i, &qdev->cntl_xfer_list, list) {
1542 list_del_init(&elem->list);
1543 complete_all(&elem->xfer_done);
1545 mutex_unlock(&qdev->cntl_mutex);
projects / linux-2.6-block.git / blob