1 // SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause 2 /* Copyright (c) 2010-2012 Broadcom. All rights reserved. */ 3 4 #include <linux/types.h> 5 #include <linux/completion.h> 6 #include <linux/mutex.h> 7 #include <linux/bitops.h> 8 #include <linux/kthread.h> 9 #include <linux/wait.h> 10 #include <linux/delay.h> 11 #include <linux/slab.h> 12 #include <linux/kref.h> 13 #include <linux/rcupdate.h> 14 #include <linux/sched/signal.h> 15 16 #include "vchiq_arm.h" 17 #include "vchiq_core.h" 18 19 #define VCHIQ_SLOT_HANDLER_STACK 8192 20 21 #define VCHIQ_MSG_PADDING 0 /* - */ 22 #define VCHIQ_MSG_CONNECT 1 /* - */ 23 #define VCHIQ_MSG_OPEN 2 /* + (srcport, -), fourcc, client_id */ 24 #define VCHIQ_MSG_OPENACK 3 /* + (srcport, dstport) */ 25 #define VCHIQ_MSG_CLOSE 4 /* + (srcport, dstport) */ 26 #define VCHIQ_MSG_DATA 5 /* + (srcport, dstport) */ 27 #define VCHIQ_MSG_BULK_RX 6 /* + (srcport, dstport), data, size */ 28 #define VCHIQ_MSG_BULK_TX 7 /* + (srcport, dstport), data, size */ 29 #define VCHIQ_MSG_BULK_RX_DONE 8 /* + (srcport, dstport), actual */ 30 #define VCHIQ_MSG_BULK_TX_DONE 9 /* + (srcport, dstport), actual */ 31 #define VCHIQ_MSG_PAUSE 10 /* - */ 32 #define VCHIQ_MSG_RESUME 11 /* - */ 33 #define VCHIQ_MSG_REMOTE_USE 12 /* - */ 34 #define VCHIQ_MSG_REMOTE_RELEASE 13 /* - */ 35 #define VCHIQ_MSG_REMOTE_USE_ACTIVE 14 /* - */ 36 37 #define TYPE_SHIFT 24 38 39 #define VCHIQ_PORT_MAX (VCHIQ_MAX_SERVICES - 1) 40 #define VCHIQ_PORT_FREE 0x1000 41 #define VCHIQ_PORT_IS_VALID(port) ((port) < VCHIQ_PORT_FREE) 42 #define VCHIQ_MAKE_MSG(type, srcport, dstport) \ 43 (((type) << TYPE_SHIFT) | ((srcport) << 12) | ((dstport) << 0)) 44 #define VCHIQ_MSG_TYPE(msgid) ((unsigned int)(msgid) >> TYPE_SHIFT) 45 #define VCHIQ_MSG_SRCPORT(msgid) \ 46 (unsigned short)(((unsigned int)(msgid) >> 12) & 0xfff) 47 #define VCHIQ_MSG_DSTPORT(msgid) \ 48 ((unsigned short)(msgid) & 0xfff) 49 50 #define MAKE_CONNECT (VCHIQ_MSG_CONNECT << TYPE_SHIFT) 51 #define MAKE_OPEN(srcport) \ 52 ((VCHIQ_MSG_OPEN << TYPE_SHIFT) | ((srcport) << 12)) 53 #define MAKE_OPENACK(srcport, dstport) \ 54 ((VCHIQ_MSG_OPENACK << TYPE_SHIFT) | ((srcport) << 12) | ((dstport) << 0)) 55 #define MAKE_CLOSE(srcport, dstport) \ 56 ((VCHIQ_MSG_CLOSE << TYPE_SHIFT) | ((srcport) << 12) | ((dstport) << 0)) 57 #define MAKE_DATA(srcport, dstport) \ 58 ((VCHIQ_MSG_DATA << TYPE_SHIFT) | ((srcport) << 12) | ((dstport) << 0)) 59 #define MAKE_PAUSE (VCHIQ_MSG_PAUSE << TYPE_SHIFT) 60 #define MAKE_RESUME (VCHIQ_MSG_RESUME << TYPE_SHIFT) 61 #define MAKE_REMOTE_USE (VCHIQ_MSG_REMOTE_USE << TYPE_SHIFT) 62 #define MAKE_REMOTE_USE_ACTIVE (VCHIQ_MSG_REMOTE_USE_ACTIVE << TYPE_SHIFT) 63 64 /* Ensure the fields are wide enough */ 65 static_assert(VCHIQ_MSG_SRCPORT(VCHIQ_MAKE_MSG(0, 0, VCHIQ_PORT_MAX)) 66 == 0); 67 static_assert(VCHIQ_MSG_TYPE(VCHIQ_MAKE_MSG(0, VCHIQ_PORT_MAX, 0)) == 0); 68 static_assert((unsigned int)VCHIQ_PORT_MAX < 69 (unsigned int)VCHIQ_PORT_FREE); 70 71 #define VCHIQ_MSGID_PADDING VCHIQ_MAKE_MSG(VCHIQ_MSG_PADDING, 0, 0) 72 #define VCHIQ_MSGID_CLAIMED 0x40000000 73 74 #define VCHIQ_FOURCC_INVALID 0x00000000 75 #define VCHIQ_FOURCC_IS_LEGAL(fourcc) ((fourcc) != VCHIQ_FOURCC_INVALID) 76 77 #define VCHIQ_BULK_ACTUAL_ABORTED -1 78 79 #if VCHIQ_ENABLE_STATS 80 #define VCHIQ_STATS_INC(state, stat) (state->stats. stat++) 81 #define VCHIQ_SERVICE_STATS_INC(service, stat) (service->stats. stat++) 82 #define VCHIQ_SERVICE_STATS_ADD(service, stat, addend) \ 83 (service->stats. stat += addend) 84 #else 85 #define VCHIQ_STATS_INC(state, stat) ((void)0) 86 #define VCHIQ_SERVICE_STATS_INC(service, stat) ((void)0) 87 #define VCHIQ_SERVICE_STATS_ADD(service, stat, addend) ((void)0) 88 #endif 89 90 #define HANDLE_STATE_SHIFT 12 91 92 #define SLOT_INFO_FROM_INDEX(state, index) (state->slot_info + (index)) 93 #define SLOT_DATA_FROM_INDEX(state, index) (state->slot_data + (index)) 94 #define SLOT_INDEX_FROM_DATA(state, data) \ 95 (((unsigned int)((char *)data - (char *)state->slot_data)) / \ 96 VCHIQ_SLOT_SIZE) 97 #define SLOT_INDEX_FROM_INFO(state, info) \ 98 ((unsigned int)(info - state->slot_info)) 99 #define SLOT_QUEUE_INDEX_FROM_POS(pos) \ 100 ((int)((unsigned int)(pos) / VCHIQ_SLOT_SIZE)) 101 #define SLOT_QUEUE_INDEX_FROM_POS_MASKED(pos) \ 102 (SLOT_QUEUE_INDEX_FROM_POS(pos) & VCHIQ_SLOT_QUEUE_MASK) 103 104 #define BULK_INDEX(x) ((x) & (VCHIQ_NUM_SERVICE_BULKS - 1)) 105 106 #define SRVTRACE_LEVEL(srv) \ 107 (((srv) && (srv)->trace) ? VCHIQ_LOG_TRACE : vchiq_core_msg_log_level) 108 #define SRVTRACE_ENABLED(srv, lev) \ 109 (((srv) && (srv)->trace) || (vchiq_core_msg_log_level >= (lev))) 110 111 #define NO_CLOSE_RECVD 0 112 #define CLOSE_RECVD 1 113 114 #define NO_RETRY_POLL 0 115 #define RETRY_POLL 1 116 117 struct vchiq_open_payload { 118 int fourcc; 119 int client_id; 120 short version; 121 short version_min; 122 }; 123 124 struct vchiq_openack_payload { 125 short version; 126 }; 127 128 enum { 129 QMFLAGS_IS_BLOCKING = BIT(0), 130 QMFLAGS_NO_MUTEX_LOCK = BIT(1), 131 QMFLAGS_NO_MUTEX_UNLOCK = BIT(2) 132 }; 133 134 enum { 135 VCHIQ_POLL_TERMINATE, 136 VCHIQ_POLL_REMOVE, 137 VCHIQ_POLL_TXNOTIFY, 138 VCHIQ_POLL_RXNOTIFY, 139 VCHIQ_POLL_COUNT 140 }; 141 142 /* we require this for consistency between endpoints */ 143 static_assert(sizeof(struct vchiq_header) == 8); 144 static_assert(VCHIQ_VERSION >= VCHIQ_VERSION_MIN); 145 146 static inline void check_sizes(void) 147 { 148 BUILD_BUG_ON_NOT_POWER_OF_2(VCHIQ_SLOT_SIZE); 149 BUILD_BUG_ON_NOT_POWER_OF_2(VCHIQ_MAX_SLOTS); 150 BUILD_BUG_ON_NOT_POWER_OF_2(VCHIQ_MAX_SLOTS_PER_SIDE); 151 BUILD_BUG_ON_NOT_POWER_OF_2(sizeof(struct vchiq_header)); 152 BUILD_BUG_ON_NOT_POWER_OF_2(VCHIQ_NUM_CURRENT_BULKS); 153 BUILD_BUG_ON_NOT_POWER_OF_2(VCHIQ_NUM_SERVICE_BULKS); 154 BUILD_BUG_ON_NOT_POWER_OF_2(VCHIQ_MAX_SERVICES); 155 } 156 157 /* Run time control of log level, based on KERN_XXX level. */ 158 int vchiq_core_log_level = VCHIQ_LOG_DEFAULT; 159 int vchiq_core_msg_log_level = VCHIQ_LOG_DEFAULT; 160 int vchiq_sync_log_level = VCHIQ_LOG_DEFAULT; 161 162 DEFINE_SPINLOCK(bulk_waiter_spinlock); 163 static DEFINE_SPINLOCK(quota_spinlock); 164 165 static unsigned int handle_seq; 166 167 static const char *const srvstate_names[] = { 168 "FREE", 169 "HIDDEN", 170 "LISTENING", 171 "OPENING", 172 "OPEN", 173 "OPENSYNC", 174 "CLOSESENT", 175 "CLOSERECVD", 176 "CLOSEWAIT", 177 "CLOSED" 178 }; 179 180 static const char *const reason_names[] = { 181 "SERVICE_OPENED", 182 "SERVICE_CLOSED", 183 "MESSAGE_AVAILABLE", 184 "BULK_TRANSMIT_DONE", 185 "BULK_RECEIVE_DONE", 186 "BULK_TRANSMIT_ABORTED", 187 "BULK_RECEIVE_ABORTED" 188 }; 189 190 static const char *const conn_state_names[] = { 191 "DISCONNECTED", 192 "CONNECTING", 193 "CONNECTED", 194 "PAUSING", 195 "PAUSE_SENT", 196 "PAUSED", 197 "RESUMING", 198 "PAUSE_TIMEOUT", 199 "RESUME_TIMEOUT" 200 }; 201 202 static void 203 release_message_sync(struct vchiq_state *state, struct vchiq_header *header); 204 205 static const char *msg_type_str(unsigned int msg_type) 206 { 207 switch (msg_type) { 208 case VCHIQ_MSG_PADDING: return "PADDING"; 209 case VCHIQ_MSG_CONNECT: return "CONNECT"; 210 case VCHIQ_MSG_OPEN: return "OPEN"; 211 case VCHIQ_MSG_OPENACK: return "OPENACK"; 212 case VCHIQ_MSG_CLOSE: return "CLOSE"; 213 case VCHIQ_MSG_DATA: return "DATA"; 214 case VCHIQ_MSG_BULK_RX: return "BULK_RX"; 215 case VCHIQ_MSG_BULK_TX: return "BULK_TX"; 216 case VCHIQ_MSG_BULK_RX_DONE: return "BULK_RX_DONE"; 217 case VCHIQ_MSG_BULK_TX_DONE: return "BULK_TX_DONE"; 218 case VCHIQ_MSG_PAUSE: return "PAUSE"; 219 case VCHIQ_MSG_RESUME: return "RESUME"; 220 case VCHIQ_MSG_REMOTE_USE: return "REMOTE_USE"; 221 case VCHIQ_MSG_REMOTE_RELEASE: return "REMOTE_RELEASE"; 222 case VCHIQ_MSG_REMOTE_USE_ACTIVE: return "REMOTE_USE_ACTIVE"; 223 } 224 return "???"; 225 } 226 227 static inline void 228 set_service_state(struct vchiq_service *service, int newstate) 229 { 230 vchiq_log_info(vchiq_core_log_level, "%d: srv:%d %s->%s", 231 service->state->id, service->localport, 232 srvstate_names[service->srvstate], 233 srvstate_names[newstate]); 234 service->srvstate = newstate; 235 } 236 237 struct vchiq_service *handle_to_service(struct vchiq_instance *instance, unsigned int handle) 238 { 239 int idx = handle & (VCHIQ_MAX_SERVICES - 1); 240 241 return rcu_dereference(instance->state->services[idx]); 242 } 243 struct vchiq_service * 244 find_service_by_handle(struct vchiq_instance *instance, unsigned int handle) 245 { 246 struct vchiq_service *service; 247 248 rcu_read_lock(); 249 service = handle_to_service(instance, handle); 250 if (service && service->srvstate != VCHIQ_SRVSTATE_FREE && 251 service->handle == handle && 252 kref_get_unless_zero(&service->ref_count)) { 253 service = rcu_pointer_handoff(service); 254 rcu_read_unlock(); 255 return service; 256 } 257 rcu_read_unlock(); 258 vchiq_log_info(vchiq_core_log_level, 259 "Invalid service handle 0x%x", handle); 260 return NULL; 261 } 262 263 struct vchiq_service * 264 find_service_by_port(struct vchiq_state *state, unsigned int localport) 265 { 266 if (localport <= VCHIQ_PORT_MAX) { 267 struct vchiq_service *service; 268 269 rcu_read_lock(); 270 service = rcu_dereference(state->services[localport]); 271 if (service && service->srvstate != VCHIQ_SRVSTATE_FREE && 272 kref_get_unless_zero(&service->ref_count)) { 273 service = rcu_pointer_handoff(service); 274 rcu_read_unlock(); 275 return service; 276 } 277 rcu_read_unlock(); 278 } 279 vchiq_log_info(vchiq_core_log_level, 280 "Invalid port %u", localport); 281 return NULL; 282 } 283 284 struct vchiq_service * 285 find_service_for_instance(struct vchiq_instance *instance, unsigned int handle) 286 { 287 struct vchiq_service *service; 288 289 rcu_read_lock(); 290 service = handle_to_service(instance, handle); 291 if (service && service->srvstate != VCHIQ_SRVSTATE_FREE && 292 service->handle == handle && 293 service->instance == instance && 294 kref_get_unless_zero(&service->ref_count)) { 295 service = rcu_pointer_handoff(service); 296 rcu_read_unlock(); 297 return service; 298 } 299 rcu_read_unlock(); 300 vchiq_log_info(vchiq_core_log_level, 301 "Invalid service handle 0x%x", handle); 302 return NULL; 303 } 304 305 struct vchiq_service * 306 find_closed_service_for_instance(struct vchiq_instance *instance, unsigned int handle) 307 { 308 struct vchiq_service *service; 309 310 rcu_read_lock(); 311 service = handle_to_service(instance, handle); 312 if (service && 313 (service->srvstate == VCHIQ_SRVSTATE_FREE || 314 service->srvstate == VCHIQ_SRVSTATE_CLOSED) && 315 service->handle == handle && 316 service->instance == instance && 317 kref_get_unless_zero(&service->ref_count)) { 318 service = rcu_pointer_handoff(service); 319 rcu_read_unlock(); 320 return service; 321 } 322 rcu_read_unlock(); 323 vchiq_log_info(vchiq_core_log_level, 324 "Invalid service handle 0x%x", handle); 325 return service; 326 } 327 328 struct vchiq_service * 329 __next_service_by_instance(struct vchiq_state *state, 330 struct vchiq_instance *instance, 331 int *pidx) 332 { 333 struct vchiq_service *service = NULL; 334 int idx = *pidx; 335 336 while (idx < state->unused_service) { 337 struct vchiq_service *srv; 338 339 srv = rcu_dereference(state->services[idx]); 340 idx++; 341 if (srv && srv->srvstate != VCHIQ_SRVSTATE_FREE && 342 srv->instance == instance) { 343 service = srv; 344 break; 345 } 346 } 347 348 *pidx = idx; 349 return service; 350 } 351 352 struct vchiq_service * 353 next_service_by_instance(struct vchiq_state *state, 354 struct vchiq_instance *instance, 355 int *pidx) 356 { 357 struct vchiq_service *service; 358 359 rcu_read_lock(); 360 while (1) { 361 service = __next_service_by_instance(state, instance, pidx); 362 if (!service) 363 break; 364 if (kref_get_unless_zero(&service->ref_count)) { 365 service = rcu_pointer_handoff(service); 366 break; 367 } 368 } 369 rcu_read_unlock(); 370 return service; 371 } 372 373 void 374 vchiq_service_get(struct vchiq_service *service) 375 { 376 if (!service) { 377 WARN(1, "%s service is NULL\n", __func__); 378 return; 379 } 380 kref_get(&service->ref_count); 381 } 382 383 static void service_release(struct kref *kref) 384 { 385 struct vchiq_service *service = 386 container_of(kref, struct vchiq_service, ref_count); 387 struct vchiq_state *state = service->state; 388 389 WARN_ON(service->srvstate != VCHIQ_SRVSTATE_FREE); 390 rcu_assign_pointer(state->services[service->localport], NULL); 391 if (service->userdata_term) 392 service->userdata_term(service->base.userdata); 393 kfree_rcu(service, rcu); 394 } 395 396 void 397 vchiq_service_put(struct vchiq_service *service) 398 { 399 if (!service) { 400 WARN(1, "%s: service is NULL\n", __func__); 401 return; 402 } 403 kref_put(&service->ref_count, service_release); 404 } 405 406 int 407 vchiq_get_client_id(struct vchiq_instance *instance, unsigned int handle) 408 { 409 struct vchiq_service *service; 410 int id; 411 412 rcu_read_lock(); 413 service = handle_to_service(instance, handle); 414 id = service ? service->client_id : 0; 415 rcu_read_unlock(); 416 return id; 417 } 418 419 void * 420 vchiq_get_service_userdata(struct vchiq_instance *instance, unsigned int handle) 421 { 422 void *userdata; 423 struct vchiq_service *service; 424 425 rcu_read_lock(); 426 service = handle_to_service(instance, handle); 427 userdata = service ? service->base.userdata : NULL; 428 rcu_read_unlock(); 429 return userdata; 430 } 431 EXPORT_SYMBOL(vchiq_get_service_userdata); 432 433 static void 434 mark_service_closing_internal(struct vchiq_service *service, int sh_thread) 435 { 436 struct vchiq_state *state = service->state; 437 struct vchiq_service_quota *quota; 438 439 service->closing = 1; 440 441 /* Synchronise with other threads. */ 442 mutex_lock(&state->recycle_mutex); 443 mutex_unlock(&state->recycle_mutex); 444 if (!sh_thread || (state->conn_state != VCHIQ_CONNSTATE_PAUSE_SENT)) { 445 /* 446 * If we're pausing then the slot_mutex is held until resume 447 * by the slot handler. Therefore don't try to acquire this 448 * mutex if we're the slot handler and in the pause sent state. 449 * We don't need to in this case anyway. 450 */ 451 mutex_lock(&state->slot_mutex); 452 mutex_unlock(&state->slot_mutex); 453 } 454 455 /* Unblock any sending thread. */ 456 quota = &state->service_quotas[service->localport]; 457 complete("a->quota_event); 458 } 459 460 static void 461 mark_service_closing(struct vchiq_service *service) 462 { 463 mark_service_closing_internal(service, 0); 464 } 465 466 static inline enum vchiq_status 467 make_service_callback(struct vchiq_service *service, enum vchiq_reason reason, 468 struct vchiq_header *header, void *bulk_userdata) 469 { 470 enum vchiq_status status; 471 472 vchiq_log_trace(vchiq_core_log_level, "%d: callback:%d (%s, %pK, %pK)", 473 service->state->id, service->localport, reason_names[reason], 474 header, bulk_userdata); 475 status = service->base.callback(service->instance, reason, header, service->handle, 476 bulk_userdata); 477 if (status == VCHIQ_ERROR) { 478 vchiq_log_warning(vchiq_core_log_level, 479 "%d: ignoring ERROR from callback to service %x", 480 service->state->id, service->handle); 481 status = VCHIQ_SUCCESS; 482 } 483 484 if (reason != VCHIQ_MESSAGE_AVAILABLE) 485 vchiq_release_message(service->instance, service->handle, header); 486 487 return status; 488 } 489 490 inline void 491 vchiq_set_conn_state(struct vchiq_state *state, enum vchiq_connstate newstate) 492 { 493 enum vchiq_connstate oldstate = state->conn_state; 494 495 vchiq_log_info(vchiq_core_log_level, "%d: %s->%s", state->id, conn_state_names[oldstate], 496 conn_state_names[newstate]); 497 state->conn_state = newstate; 498 vchiq_platform_conn_state_changed(state, oldstate, newstate); 499 } 500 501 static inline void 502 remote_event_create(wait_queue_head_t *wq, struct remote_event *event) 503 { 504 event->armed = 0; 505 /* 506 * Don't clear the 'fired' flag because it may already have been set 507 * by the other side. 508 */ 509 init_waitqueue_head(wq); 510 } 511 512 /* 513 * All the event waiting routines in VCHIQ used a custom semaphore 514 * implementation that filtered most signals. This achieved a behaviour similar 515 * to the "killable" family of functions. While cleaning up this code all the 516 * routines where switched to the "interruptible" family of functions, as the 517 * former was deemed unjustified and the use "killable" set all VCHIQ's 518 * threads in D state. 519 */ 520 static inline int 521 remote_event_wait(wait_queue_head_t *wq, struct remote_event *event) 522 { 523 if (!event->fired) { 524 event->armed = 1; 525 dsb(sy); 526 if (wait_event_interruptible(*wq, event->fired)) { 527 event->armed = 0; 528 return 0; 529 } 530 event->armed = 0; 531 /* Ensure that the peer sees that we are not waiting (armed == 0). */ 532 wmb(); 533 } 534 535 event->fired = 0; 536 return 1; 537 } 538 539 static inline void 540 remote_event_signal_local(wait_queue_head_t *wq, struct remote_event *event) 541 { 542 event->fired = 1; 543 event->armed = 0; 544 wake_up_all(wq); 545 } 546 547 static inline void 548 remote_event_poll(wait_queue_head_t *wq, struct remote_event *event) 549 { 550 if (event->fired && event->armed) 551 remote_event_signal_local(wq, event); 552 } 553 554 void 555 remote_event_pollall(struct vchiq_state *state) 556 { 557 remote_event_poll(&state->sync_trigger_event, &state->local->sync_trigger); 558 remote_event_poll(&state->sync_release_event, &state->local->sync_release); 559 remote_event_poll(&state->trigger_event, &state->local->trigger); 560 remote_event_poll(&state->recycle_event, &state->local->recycle); 561 } 562 563 /* 564 * Round up message sizes so that any space at the end of a slot is always big 565 * enough for a header. This relies on header size being a power of two, which 566 * has been verified earlier by a static assertion. 567 */ 568 569 static inline size_t 570 calc_stride(size_t size) 571 { 572 /* Allow room for the header */ 573 size += sizeof(struct vchiq_header); 574 575 /* Round up */ 576 return (size + sizeof(struct vchiq_header) - 1) & 577 ~(sizeof(struct vchiq_header) - 1); 578 } 579 580 /* Called by the slot handler thread */ 581 static struct vchiq_service * 582 get_listening_service(struct vchiq_state *state, int fourcc) 583 { 584 int i; 585 586 WARN_ON(fourcc == VCHIQ_FOURCC_INVALID); 587 588 rcu_read_lock(); 589 for (i = 0; i < state->unused_service; i++) { 590 struct vchiq_service *service; 591 592 service = rcu_dereference(state->services[i]); 593 if (service && 594 service->public_fourcc == fourcc && 595 (service->srvstate == VCHIQ_SRVSTATE_LISTENING || 596 (service->srvstate == VCHIQ_SRVSTATE_OPEN && 597 service->remoteport == VCHIQ_PORT_FREE)) && 598 kref_get_unless_zero(&service->ref_count)) { 599 service = rcu_pointer_handoff(service); 600 rcu_read_unlock(); 601 return service; 602 } 603 } 604 rcu_read_unlock(); 605 return NULL; 606 } 607 608 /* Called by the slot handler thread */ 609 static struct vchiq_service * 610 get_connected_service(struct vchiq_state *state, unsigned int port) 611 { 612 int i; 613 614 rcu_read_lock(); 615 for (i = 0; i < state->unused_service; i++) { 616 struct vchiq_service *service = 617 rcu_dereference(state->services[i]); 618 619 if (service && service->srvstate == VCHIQ_SRVSTATE_OPEN && 620 service->remoteport == port && 621 kref_get_unless_zero(&service->ref_count)) { 622 service = rcu_pointer_handoff(service); 623 rcu_read_unlock(); 624 return service; 625 } 626 } 627 rcu_read_unlock(); 628 return NULL; 629 } 630 631 inline void 632 request_poll(struct vchiq_state *state, struct vchiq_service *service, 633 int poll_type) 634 { 635 u32 value; 636 int index; 637 638 if (!service) 639 goto skip_service; 640 641 do { 642 value = atomic_read(&service->poll_flags); 643 } while (atomic_cmpxchg(&service->poll_flags, value, 644 value | BIT(poll_type)) != value); 645 646 index = BITSET_WORD(service->localport); 647 do { 648 value = atomic_read(&state->poll_services[index]); 649 } while (atomic_cmpxchg(&state->poll_services[index], 650 value, value | BIT(service->localport & 0x1f)) != value); 651 652 skip_service: 653 state->poll_needed = 1; 654 /* Ensure the slot handler thread sees the poll_needed flag. */ 655 wmb(); 656 657 /* ... and ensure the slot handler runs. */ 658 remote_event_signal_local(&state->trigger_event, &state->local->trigger); 659 } 660 661 /* 662 * Called from queue_message, by the slot handler and application threads, 663 * with slot_mutex held 664 */ 665 static struct vchiq_header * 666 reserve_space(struct vchiq_state *state, size_t space, int is_blocking) 667 { 668 struct vchiq_shared_state *local = state->local; 669 int tx_pos = state->local_tx_pos; 670 int slot_space = VCHIQ_SLOT_SIZE - (tx_pos & VCHIQ_SLOT_MASK); 671 672 if (space > slot_space) { 673 struct vchiq_header *header; 674 /* Fill the remaining space with padding */ 675 WARN_ON(!state->tx_data); 676 header = (struct vchiq_header *) 677 (state->tx_data + (tx_pos & VCHIQ_SLOT_MASK)); 678 header->msgid = VCHIQ_MSGID_PADDING; 679 header->size = slot_space - sizeof(struct vchiq_header); 680 681 tx_pos += slot_space; 682 } 683 684 /* If necessary, get the next slot. */ 685 if ((tx_pos & VCHIQ_SLOT_MASK) == 0) { 686 int slot_index; 687 688 /* If there is no free slot... */ 689 690 if (!try_wait_for_completion(&state->slot_available_event)) { 691 /* ...wait for one. */ 692 693 VCHIQ_STATS_INC(state, slot_stalls); 694 695 /* But first, flush through the last slot. */ 696 state->local_tx_pos = tx_pos; 697 local->tx_pos = tx_pos; 698 remote_event_signal(&state->remote->trigger); 699 700 if (!is_blocking || 701 (wait_for_completion_interruptible(&state->slot_available_event))) 702 return NULL; /* No space available */ 703 } 704 705 if (tx_pos == (state->slot_queue_available * VCHIQ_SLOT_SIZE)) { 706 complete(&state->slot_available_event); 707 pr_warn("%s: invalid tx_pos: %d\n", __func__, tx_pos); 708 return NULL; 709 } 710 711 slot_index = local->slot_queue[SLOT_QUEUE_INDEX_FROM_POS_MASKED(tx_pos)]; 712 state->tx_data = 713 (char *)SLOT_DATA_FROM_INDEX(state, slot_index); 714 } 715 716 state->local_tx_pos = tx_pos + space; 717 718 return (struct vchiq_header *)(state->tx_data + 719 (tx_pos & VCHIQ_SLOT_MASK)); 720 } 721 722 static void 723 process_free_data_message(struct vchiq_state *state, u32 *service_found, 724 struct vchiq_header *header) 725 { 726 int msgid = header->msgid; 727 int port = VCHIQ_MSG_SRCPORT(msgid); 728 struct vchiq_service_quota *quota = &state->service_quotas[port]; 729 int count; 730 731 spin_lock("a_spinlock); 732 count = quota->message_use_count; 733 if (count > 0) 734 quota->message_use_count = count - 1; 735 spin_unlock("a_spinlock); 736 737 if (count == quota->message_quota) { 738 /* 739 * Signal the service that it 740 * has dropped below its quota 741 */ 742 complete("a->quota_event); 743 } else if (count == 0) { 744 vchiq_log_error(vchiq_core_log_level, 745 "service %d message_use_count=%d (header %pK, msgid %x, header->msgid %x, header->size %x)", 746 port, quota->message_use_count, header, msgid, header->msgid, 747 header->size); 748 WARN(1, "invalid message use count\n"); 749 } 750 if (!BITSET_IS_SET(service_found, port)) { 751 /* Set the found bit for this service */ 752 BITSET_SET(service_found, port); 753 754 spin_lock("a_spinlock); 755 count = quota->slot_use_count; 756 if (count > 0) 757 quota->slot_use_count = count - 1; 758 spin_unlock("a_spinlock); 759 760 if (count > 0) { 761 /* 762 * Signal the service in case 763 * it has dropped below its quota 764 */ 765 complete("a->quota_event); 766 vchiq_log_trace(vchiq_core_log_level, "%d: pfq:%d %x@%pK - slot_use->%d", 767 state->id, port, header->size, header, count - 1); 768 } else { 769 vchiq_log_error(vchiq_core_log_level, 770 "service %d slot_use_count=%d (header %pK, msgid %x, header->msgid %x, header->size %x)", 771 port, count, header, msgid, header->msgid, header->size); 772 WARN(1, "bad slot use count\n"); 773 } 774 } 775 } 776 777 /* Called by the recycle thread. */ 778 static void 779 process_free_queue(struct vchiq_state *state, u32 *service_found, 780 size_t length) 781 { 782 struct vchiq_shared_state *local = state->local; 783 int slot_queue_available; 784 785 /* 786 * Find slots which have been freed by the other side, and return them 787 * to the available queue. 788 */ 789 slot_queue_available = state->slot_queue_available; 790 791 /* 792 * Use a memory barrier to ensure that any state that may have been 793 * modified by another thread is not masked by stale prefetched 794 * values. 795 */ 796 mb(); 797 798 while (slot_queue_available != local->slot_queue_recycle) { 799 unsigned int pos; 800 int slot_index = local->slot_queue[slot_queue_available & 801 VCHIQ_SLOT_QUEUE_MASK]; 802 char *data = (char *)SLOT_DATA_FROM_INDEX(state, slot_index); 803 int data_found = 0; 804 805 slot_queue_available++; 806 /* 807 * Beware of the address dependency - data is calculated 808 * using an index written by the other side. 809 */ 810 rmb(); 811 812 vchiq_log_trace(vchiq_core_log_level, "%d: pfq %d=%pK %x %x", 813 state->id, slot_index, data, local->slot_queue_recycle, 814 slot_queue_available); 815 816 /* Initialise the bitmask for services which have used this slot */ 817 memset(service_found, 0, length); 818 819 pos = 0; 820 821 while (pos < VCHIQ_SLOT_SIZE) { 822 struct vchiq_header *header = 823 (struct vchiq_header *)(data + pos); 824 int msgid = header->msgid; 825 826 if (VCHIQ_MSG_TYPE(msgid) == VCHIQ_MSG_DATA) { 827 process_free_data_message(state, service_found, 828 header); 829 data_found = 1; 830 } 831 832 pos += calc_stride(header->size); 833 if (pos > VCHIQ_SLOT_SIZE) { 834 vchiq_log_error(vchiq_core_log_level, 835 "pfq - pos %x: header %pK, msgid %x, header->msgid %x, header->size %x", 836 pos, header, msgid, header->msgid, header->size); 837 WARN(1, "invalid slot position\n"); 838 } 839 } 840 841 if (data_found) { 842 int count; 843 844 spin_lock("a_spinlock); 845 count = state->data_use_count; 846 if (count > 0) 847 state->data_use_count = count - 1; 848 spin_unlock("a_spinlock); 849 if (count == state->data_quota) 850 complete(&state->data_quota_event); 851 } 852 853 /* 854 * Don't allow the slot to be reused until we are no 855 * longer interested in it. 856 */ 857 mb(); 858 859 state->slot_queue_available = slot_queue_available; 860 complete(&state->slot_available_event); 861 } 862 } 863 864 static ssize_t 865 memcpy_copy_callback(void *context, void *dest, size_t offset, size_t maxsize) 866 { 867 memcpy(dest + offset, context + offset, maxsize); 868 return maxsize; 869 } 870 871 static ssize_t 872 copy_message_data(ssize_t (*copy_callback)(void *context, void *dest, size_t offset, 873 size_t maxsize), 874 void *context, 875 void *dest, 876 size_t size) 877 { 878 size_t pos = 0; 879 880 while (pos < size) { 881 ssize_t callback_result; 882 size_t max_bytes = size - pos; 883 884 callback_result = copy_callback(context, dest + pos, pos, 885 max_bytes); 886 887 if (callback_result < 0) 888 return callback_result; 889 890 if (!callback_result) 891 return -EIO; 892 893 if (callback_result > max_bytes) 894 return -EIO; 895 896 pos += callback_result; 897 } 898 899 return size; 900 } 901 902 /* Called by the slot handler and application threads */ 903 static enum vchiq_status 904 queue_message(struct vchiq_state *state, struct vchiq_service *service, 905 int msgid, 906 ssize_t (*copy_callback)(void *context, void *dest, 907 size_t offset, size_t maxsize), 908 void *context, size_t size, int flags) 909 { 910 struct vchiq_shared_state *local; 911 struct vchiq_service_quota *quota = NULL; 912 struct vchiq_header *header; 913 int type = VCHIQ_MSG_TYPE(msgid); 914 915 size_t stride; 916 917 local = state->local; 918 919 stride = calc_stride(size); 920 921 WARN_ON(stride > VCHIQ_SLOT_SIZE); 922 923 if (!(flags & QMFLAGS_NO_MUTEX_LOCK) && 924 mutex_lock_killable(&state->slot_mutex)) 925 return VCHIQ_RETRY; 926 927 if (type == VCHIQ_MSG_DATA) { 928 int tx_end_index; 929 930 if (!service) { 931 WARN(1, "%s: service is NULL\n", __func__); 932 mutex_unlock(&state->slot_mutex); 933 return VCHIQ_ERROR; 934 } 935 936 WARN_ON(flags & (QMFLAGS_NO_MUTEX_LOCK | 937 QMFLAGS_NO_MUTEX_UNLOCK)); 938 939 if (service->closing) { 940 /* The service has been closed */ 941 mutex_unlock(&state->slot_mutex); 942 return VCHIQ_ERROR; 943 } 944 945 quota = &state->service_quotas[service->localport]; 946 947 spin_lock("a_spinlock); 948 949 /* 950 * Ensure this service doesn't use more than its quota of 951 * messages or slots 952 */ 953 tx_end_index = SLOT_QUEUE_INDEX_FROM_POS(state->local_tx_pos + stride - 1); 954 955 /* 956 * Ensure data messages don't use more than their quota of 957 * slots 958 */ 959 while ((tx_end_index != state->previous_data_index) && 960 (state->data_use_count == state->data_quota)) { 961 VCHIQ_STATS_INC(state, data_stalls); 962 spin_unlock("a_spinlock); 963 mutex_unlock(&state->slot_mutex); 964 965 if (wait_for_completion_interruptible(&state->data_quota_event)) 966 return VCHIQ_RETRY; 967 968 mutex_lock(&state->slot_mutex); 969 spin_lock("a_spinlock); 970 tx_end_index = SLOT_QUEUE_INDEX_FROM_POS(state->local_tx_pos + stride - 1); 971 if ((tx_end_index == state->previous_data_index) || 972 (state->data_use_count < state->data_quota)) { 973 /* Pass the signal on to other waiters */ 974 complete(&state->data_quota_event); 975 break; 976 } 977 } 978 979 while ((quota->message_use_count == quota->message_quota) || 980 ((tx_end_index != quota->previous_tx_index) && 981 (quota->slot_use_count == quota->slot_quota))) { 982 spin_unlock("a_spinlock); 983 vchiq_log_trace(vchiq_core_log_level, 984 "%d: qm:%d %s,%zx - quota stall (msg %d, slot %d)", 985 state->id, service->localport, msg_type_str(type), size, 986 quota->message_use_count, quota->slot_use_count); 987 VCHIQ_SERVICE_STATS_INC(service, quota_stalls); 988 mutex_unlock(&state->slot_mutex); 989 if (wait_for_completion_interruptible("a->quota_event)) 990 return VCHIQ_RETRY; 991 if (service->closing) 992 return VCHIQ_ERROR; 993 if (mutex_lock_killable(&state->slot_mutex)) 994 return VCHIQ_RETRY; 995 if (service->srvstate != VCHIQ_SRVSTATE_OPEN) { 996 /* The service has been closed */ 997 mutex_unlock(&state->slot_mutex); 998 return VCHIQ_ERROR; 999 } 1000 spin_lock("a_spinlock); 1001 tx_end_index = SLOT_QUEUE_INDEX_FROM_POS(state->local_tx_pos + stride - 1); 1002 } 1003 1004 spin_unlock("a_spinlock); 1005 } 1006 1007 header = reserve_space(state, stride, flags & QMFLAGS_IS_BLOCKING); 1008 1009 if (!header) { 1010 if (service) 1011 VCHIQ_SERVICE_STATS_INC(service, slot_stalls); 1012 /* 1013 * In the event of a failure, return the mutex to the 1014 * state it was in 1015 */ 1016 if (!(flags & QMFLAGS_NO_MUTEX_LOCK)) 1017 mutex_unlock(&state->slot_mutex); 1018 return VCHIQ_RETRY; 1019 } 1020 1021 if (type == VCHIQ_MSG_DATA) { 1022 ssize_t callback_result; 1023 int tx_end_index; 1024 int slot_use_count; 1025 1026 vchiq_log_info(vchiq_core_log_level, "%d: qm %s@%pK,%zx (%d->%d)", state->id, 1027 msg_type_str(VCHIQ_MSG_TYPE(msgid)), header, size, 1028 VCHIQ_MSG_SRCPORT(msgid), VCHIQ_MSG_DSTPORT(msgid)); 1029 1030 WARN_ON(flags & (QMFLAGS_NO_MUTEX_LOCK | 1031 QMFLAGS_NO_MUTEX_UNLOCK)); 1032 1033 callback_result = 1034 copy_message_data(copy_callback, context, 1035 header->data, size); 1036 1037 if (callback_result < 0) { 1038 mutex_unlock(&state->slot_mutex); 1039 VCHIQ_SERVICE_STATS_INC(service, error_count); 1040 return VCHIQ_ERROR; 1041 } 1042 1043 if (SRVTRACE_ENABLED(service, 1044 VCHIQ_LOG_INFO)) 1045 vchiq_log_dump_mem("Sent", 0, 1046 header->data, 1047 min_t(size_t, 16, callback_result)); 1048 1049 spin_lock("a_spinlock); 1050 quota->message_use_count++; 1051 1052 tx_end_index = 1053 SLOT_QUEUE_INDEX_FROM_POS(state->local_tx_pos - 1); 1054 1055 /* 1056 * If this transmission can't fit in the last slot used by any 1057 * service, the data_use_count must be increased. 1058 */ 1059 if (tx_end_index != state->previous_data_index) { 1060 state->previous_data_index = tx_end_index; 1061 state->data_use_count++; 1062 } 1063 1064 /* 1065 * If this isn't the same slot last used by this service, 1066 * the service's slot_use_count must be increased. 1067 */ 1068 if (tx_end_index != quota->previous_tx_index) { 1069 quota->previous_tx_index = tx_end_index; 1070 slot_use_count = ++quota->slot_use_count; 1071 } else { 1072 slot_use_count = 0; 1073 } 1074 1075 spin_unlock("a_spinlock); 1076 1077 if (slot_use_count) 1078 vchiq_log_trace(vchiq_core_log_level, 1079 "%d: qm:%d %s,%zx - slot_use->%d (hdr %p)", state->id, 1080 service->localport, msg_type_str(VCHIQ_MSG_TYPE(msgid)), 1081 size, slot_use_count, header); 1082 1083 VCHIQ_SERVICE_STATS_INC(service, ctrl_tx_count); 1084 VCHIQ_SERVICE_STATS_ADD(service, ctrl_tx_bytes, size); 1085 } else { 1086 vchiq_log_info(vchiq_core_log_level, "%d: qm %s@%pK,%zx (%d->%d)", state->id, 1087 msg_type_str(VCHIQ_MSG_TYPE(msgid)), header, size, 1088 VCHIQ_MSG_SRCPORT(msgid), VCHIQ_MSG_DSTPORT(msgid)); 1089 if (size != 0) { 1090 /* 1091 * It is assumed for now that this code path 1092 * only happens from calls inside this file. 1093 * 1094 * External callers are through the vchiq_queue_message 1095 * path which always sets the type to be VCHIQ_MSG_DATA 1096 * 1097 * At first glance this appears to be correct but 1098 * more review is needed. 1099 */ 1100 copy_message_data(copy_callback, context, 1101 header->data, size); 1102 } 1103 VCHIQ_STATS_INC(state, ctrl_tx_count); 1104 } 1105 1106 header->msgid = msgid; 1107 header->size = size; 1108 1109 { 1110 int svc_fourcc; 1111 1112 svc_fourcc = service 1113 ? service->base.fourcc 1114 : VCHIQ_MAKE_FOURCC('?', '?', '?', '?'); 1115 1116 vchiq_log_info(SRVTRACE_LEVEL(service), 1117 "Sent Msg %s(%u) to %c%c%c%c s:%u d:%d len:%zu", 1118 msg_type_str(VCHIQ_MSG_TYPE(msgid)), VCHIQ_MSG_TYPE(msgid), 1119 VCHIQ_FOURCC_AS_4CHARS(svc_fourcc), VCHIQ_MSG_SRCPORT(msgid), 1120 VCHIQ_MSG_DSTPORT(msgid), size); 1121 } 1122 1123 /* Make sure the new header is visible to the peer. */ 1124 wmb(); 1125 1126 /* Make the new tx_pos visible to the peer. */ 1127 local->tx_pos = state->local_tx_pos; 1128 wmb(); 1129 1130 if (service && (type == VCHIQ_MSG_CLOSE)) 1131 set_service_state(service, VCHIQ_SRVSTATE_CLOSESENT); 1132 1133 if (!(flags & QMFLAGS_NO_MUTEX_UNLOCK)) 1134 mutex_unlock(&state->slot_mutex); 1135 1136 remote_event_signal(&state->remote->trigger); 1137 1138 return VCHIQ_SUCCESS; 1139 } 1140 1141 /* Called by the slot handler and application threads */ 1142 static enum vchiq_status 1143 queue_message_sync(struct vchiq_state *state, struct vchiq_service *service, 1144 int msgid, 1145 ssize_t (*copy_callback)(void *context, void *dest, 1146 size_t offset, size_t maxsize), 1147 void *context, int size, int is_blocking) 1148 { 1149 struct vchiq_shared_state *local; 1150 struct vchiq_header *header; 1151 ssize_t callback_result; 1152 1153 local = state->local; 1154 1155 if (VCHIQ_MSG_TYPE(msgid) != VCHIQ_MSG_RESUME && 1156 mutex_lock_killable(&state->sync_mutex)) 1157 return VCHIQ_RETRY; 1158 1159 remote_event_wait(&state->sync_release_event, &local->sync_release); 1160 1161 /* Ensure that reads don't overtake the remote_event_wait. */ 1162 rmb(); 1163 1164 header = (struct vchiq_header *)SLOT_DATA_FROM_INDEX(state, 1165 local->slot_sync); 1166 1167 { 1168 int oldmsgid = header->msgid; 1169 1170 if (oldmsgid != VCHIQ_MSGID_PADDING) 1171 vchiq_log_error(vchiq_core_log_level, "%d: qms - msgid %x, not PADDING", 1172 state->id, oldmsgid); 1173 } 1174 1175 vchiq_log_info(vchiq_sync_log_level, 1176 "%d: qms %s@%pK,%x (%d->%d)", state->id, 1177 msg_type_str(VCHIQ_MSG_TYPE(msgid)), 1178 header, size, VCHIQ_MSG_SRCPORT(msgid), 1179 VCHIQ_MSG_DSTPORT(msgid)); 1180 1181 callback_result = 1182 copy_message_data(copy_callback, context, 1183 header->data, size); 1184 1185 if (callback_result < 0) { 1186 mutex_unlock(&state->slot_mutex); 1187 VCHIQ_SERVICE_STATS_INC(service, error_count); 1188 return VCHIQ_ERROR; 1189 } 1190 1191 if (service) { 1192 if (SRVTRACE_ENABLED(service, 1193 VCHIQ_LOG_INFO)) 1194 vchiq_log_dump_mem("Sent", 0, 1195 header->data, 1196 min_t(size_t, 16, callback_result)); 1197 1198 VCHIQ_SERVICE_STATS_INC(service, ctrl_tx_count); 1199 VCHIQ_SERVICE_STATS_ADD(service, ctrl_tx_bytes, size); 1200 } else { 1201 VCHIQ_STATS_INC(state, ctrl_tx_count); 1202 } 1203 1204 header->size = size; 1205 header->msgid = msgid; 1206 1207 if (vchiq_sync_log_level >= VCHIQ_LOG_TRACE) { 1208 int svc_fourcc; 1209 1210 svc_fourcc = service 1211 ? service->base.fourcc 1212 : VCHIQ_MAKE_FOURCC('?', '?', '?', '?'); 1213 1214 vchiq_log_trace(vchiq_sync_log_level, 1215 "Sent Sync Msg %s(%u) to %c%c%c%c s:%u d:%d len:%d", 1216 msg_type_str(VCHIQ_MSG_TYPE(msgid)), VCHIQ_MSG_TYPE(msgid), 1217 VCHIQ_FOURCC_AS_4CHARS(svc_fourcc), VCHIQ_MSG_SRCPORT(msgid), 1218 VCHIQ_MSG_DSTPORT(msgid), size); 1219 } 1220 1221 remote_event_signal(&state->remote->sync_trigger); 1222 1223 if (VCHIQ_MSG_TYPE(msgid) != VCHIQ_MSG_PAUSE) 1224 mutex_unlock(&state->sync_mutex); 1225 1226 return VCHIQ_SUCCESS; 1227 } 1228 1229 static inline void 1230 claim_slot(struct vchiq_slot_info *slot) 1231 { 1232 slot->use_count++; 1233 } 1234 1235 static void 1236 release_slot(struct vchiq_state *state, struct vchiq_slot_info *slot_info, 1237 struct vchiq_header *header, struct vchiq_service *service) 1238 { 1239 mutex_lock(&state->recycle_mutex); 1240 1241 if (header) { 1242 int msgid = header->msgid; 1243 1244 if (((msgid & VCHIQ_MSGID_CLAIMED) == 0) || (service && service->closing)) { 1245 mutex_unlock(&state->recycle_mutex); 1246 return; 1247 } 1248 1249 /* Rewrite the message header to prevent a double release */ 1250 header->msgid = msgid & ~VCHIQ_MSGID_CLAIMED; 1251 } 1252 1253 slot_info->release_count++; 1254 1255 if (slot_info->release_count == slot_info->use_count) { 1256 int slot_queue_recycle; 1257 /* Add to the freed queue */ 1258 1259 /* 1260 * A read barrier is necessary here to prevent speculative 1261 * fetches of remote->slot_queue_recycle from overtaking the 1262 * mutex. 1263 */ 1264 rmb(); 1265 1266 slot_queue_recycle = state->remote->slot_queue_recycle; 1267 state->remote->slot_queue[slot_queue_recycle & 1268 VCHIQ_SLOT_QUEUE_MASK] = 1269 SLOT_INDEX_FROM_INFO(state, slot_info); 1270 state->remote->slot_queue_recycle = slot_queue_recycle + 1; 1271 vchiq_log_info(vchiq_core_log_level, "%d: %s %d - recycle->%x", state->id, __func__, 1272 SLOT_INDEX_FROM_INFO(state, slot_info), 1273 state->remote->slot_queue_recycle); 1274 1275 /* 1276 * A write barrier is necessary, but remote_event_signal 1277 * contains one. 1278 */ 1279 remote_event_signal(&state->remote->recycle); 1280 } 1281 1282 mutex_unlock(&state->recycle_mutex); 1283 } 1284 1285 static inline enum vchiq_reason 1286 get_bulk_reason(struct vchiq_bulk *bulk) 1287 { 1288 if (bulk->dir == VCHIQ_BULK_TRANSMIT) { 1289 if (bulk->actual == VCHIQ_BULK_ACTUAL_ABORTED) 1290 return VCHIQ_BULK_TRANSMIT_ABORTED; 1291 1292 return VCHIQ_BULK_TRANSMIT_DONE; 1293 } 1294 1295 if (bulk->actual == VCHIQ_BULK_ACTUAL_ABORTED) 1296 return VCHIQ_BULK_RECEIVE_ABORTED; 1297 1298 return VCHIQ_BULK_RECEIVE_DONE; 1299 } 1300 1301 /* Called by the slot handler - don't hold the bulk mutex */ 1302 static enum vchiq_status 1303 notify_bulks(struct vchiq_service *service, struct vchiq_bulk_queue *queue, 1304 int retry_poll) 1305 { 1306 enum vchiq_status status = VCHIQ_SUCCESS; 1307 1308 vchiq_log_trace(vchiq_core_log_level, "%d: nb:%d %cx - p=%x rn=%x r=%x", service->state->id, 1309 service->localport, (queue == &service->bulk_tx) ? 't' : 'r', 1310 queue->process, queue->remote_notify, queue->remove); 1311 1312 queue->remote_notify = queue->process; 1313 1314 while (queue->remove != queue->remote_notify) { 1315 struct vchiq_bulk *bulk = 1316 &queue->bulks[BULK_INDEX(queue->remove)]; 1317 1318 /* 1319 * Only generate callbacks for non-dummy bulk 1320 * requests, and non-terminated services 1321 */ 1322 if (bulk->data && service->instance) { 1323 if (bulk->actual != VCHIQ_BULK_ACTUAL_ABORTED) { 1324 if (bulk->dir == VCHIQ_BULK_TRANSMIT) { 1325 VCHIQ_SERVICE_STATS_INC(service, bulk_tx_count); 1326 VCHIQ_SERVICE_STATS_ADD(service, bulk_tx_bytes, 1327 bulk->actual); 1328 } else { 1329 VCHIQ_SERVICE_STATS_INC(service, bulk_rx_count); 1330 VCHIQ_SERVICE_STATS_ADD(service, bulk_rx_bytes, 1331 bulk->actual); 1332 } 1333 } else { 1334 VCHIQ_SERVICE_STATS_INC(service, bulk_aborted_count); 1335 } 1336 if (bulk->mode == VCHIQ_BULK_MODE_BLOCKING) { 1337 struct bulk_waiter *waiter; 1338 1339 spin_lock(&bulk_waiter_spinlock); 1340 waiter = bulk->userdata; 1341 if (waiter) { 1342 waiter->actual = bulk->actual; 1343 complete(&waiter->event); 1344 } 1345 spin_unlock(&bulk_waiter_spinlock); 1346 } else if (bulk->mode == VCHIQ_BULK_MODE_CALLBACK) { 1347 enum vchiq_reason reason = 1348 get_bulk_reason(bulk); 1349 status = make_service_callback(service, reason, NULL, 1350 bulk->userdata); 1351 if (status == VCHIQ_RETRY) 1352 break; 1353 } 1354 } 1355 1356 queue->remove++; 1357 complete(&service->bulk_remove_event); 1358 } 1359 if (!retry_poll) 1360 status = VCHIQ_SUCCESS; 1361 1362 if (status == VCHIQ_RETRY) 1363 request_poll(service->state, service, (queue == &service->bulk_tx) ? 1364 VCHIQ_POLL_TXNOTIFY : VCHIQ_POLL_RXNOTIFY); 1365 1366 return status; 1367 } 1368 1369 static void 1370 poll_services_of_group(struct vchiq_state *state, int group) 1371 { 1372 u32 flags = atomic_xchg(&state->poll_services[group], 0); 1373 int i; 1374 1375 for (i = 0; flags; i++) { 1376 struct vchiq_service *service; 1377 u32 service_flags; 1378 1379 if ((flags & BIT(i)) == 0) 1380 continue; 1381 1382 service = find_service_by_port(state, (group << 5) + i); 1383 flags &= ~BIT(i); 1384 1385 if (!service) 1386 continue; 1387 1388 service_flags = atomic_xchg(&service->poll_flags, 0); 1389 if (service_flags & BIT(VCHIQ_POLL_REMOVE)) { 1390 vchiq_log_info(vchiq_core_log_level, "%d: ps - remove %d<->%d", 1391 state->id, service->localport, 1392 service->remoteport); 1393 1394 /* 1395 * Make it look like a client, because 1396 * it must be removed and not left in 1397 * the LISTENING state. 1398 */ 1399 service->public_fourcc = VCHIQ_FOURCC_INVALID; 1400 1401 if (vchiq_close_service_internal(service, NO_CLOSE_RECVD) != 1402 VCHIQ_SUCCESS) 1403 request_poll(state, service, VCHIQ_POLL_REMOVE); 1404 } else if (service_flags & BIT(VCHIQ_POLL_TERMINATE)) { 1405 vchiq_log_info(vchiq_core_log_level, "%d: ps - terminate %d<->%d", 1406 state->id, service->localport, service->remoteport); 1407 if (vchiq_close_service_internal(service, NO_CLOSE_RECVD) != VCHIQ_SUCCESS) 1408 request_poll(state, service, VCHIQ_POLL_TERMINATE); 1409 } 1410 if (service_flags & BIT(VCHIQ_POLL_TXNOTIFY)) 1411 notify_bulks(service, &service->bulk_tx, RETRY_POLL); 1412 if (service_flags & BIT(VCHIQ_POLL_RXNOTIFY)) 1413 notify_bulks(service, &service->bulk_rx, RETRY_POLL); 1414 vchiq_service_put(service); 1415 } 1416 } 1417 1418 /* Called by the slot handler thread */ 1419 static void 1420 poll_services(struct vchiq_state *state) 1421 { 1422 int group; 1423 1424 for (group = 0; group < BITSET_SIZE(state->unused_service); group++) 1425 poll_services_of_group(state, group); 1426 } 1427 1428 /* Called with the bulk_mutex held */ 1429 static void 1430 abort_outstanding_bulks(struct vchiq_service *service, 1431 struct vchiq_bulk_queue *queue) 1432 { 1433 int is_tx = (queue == &service->bulk_tx); 1434 1435 vchiq_log_trace(vchiq_core_log_level, "%d: aob:%d %cx - li=%x ri=%x p=%x", 1436 service->state->id, service->localport, is_tx ? 't' : 'r', 1437 queue->local_insert, queue->remote_insert, queue->process); 1438 1439 WARN_ON((int)(queue->local_insert - queue->process) < 0); 1440 WARN_ON((int)(queue->remote_insert - queue->process) < 0); 1441 1442 while ((queue->process != queue->local_insert) || 1443 (queue->process != queue->remote_insert)) { 1444 struct vchiq_bulk *bulk = &queue->bulks[BULK_INDEX(queue->process)]; 1445 1446 if (queue->process == queue->remote_insert) { 1447 /* fabricate a matching dummy bulk */ 1448 bulk->remote_data = NULL; 1449 bulk->remote_size = 0; 1450 queue->remote_insert++; 1451 } 1452 1453 if (queue->process != queue->local_insert) { 1454 vchiq_complete_bulk(service->instance, bulk); 1455 1456 vchiq_log_info(SRVTRACE_LEVEL(service), 1457 "%s %c%c%c%c d:%d ABORTED - tx len:%d, rx len:%d", 1458 is_tx ? "Send Bulk to" : "Recv Bulk from", 1459 VCHIQ_FOURCC_AS_4CHARS(service->base.fourcc), 1460 service->remoteport, bulk->size, bulk->remote_size); 1461 } else { 1462 /* fabricate a matching dummy bulk */ 1463 bulk->data = 0; 1464 bulk->size = 0; 1465 bulk->actual = VCHIQ_BULK_ACTUAL_ABORTED; 1466 bulk->dir = is_tx ? VCHIQ_BULK_TRANSMIT : 1467 VCHIQ_BULK_RECEIVE; 1468 queue->local_insert++; 1469 } 1470 1471 queue->process++; 1472 } 1473 } 1474 1475 static int 1476 parse_open(struct vchiq_state *state, struct vchiq_header *header) 1477 { 1478 const struct vchiq_open_payload *payload; 1479 struct vchiq_service *service = NULL; 1480 int msgid, size; 1481 unsigned int localport, remoteport, fourcc; 1482 short version, version_min; 1483 1484 msgid = header->msgid; 1485 size = header->size; 1486 localport = VCHIQ_MSG_DSTPORT(msgid); 1487 remoteport = VCHIQ_MSG_SRCPORT(msgid); 1488 if (size < sizeof(struct vchiq_open_payload)) 1489 goto fail_open; 1490 1491 payload = (struct vchiq_open_payload *)header->data; 1492 fourcc = payload->fourcc; 1493 vchiq_log_info(vchiq_core_log_level, "%d: prs OPEN@%pK (%d->'%c%c%c%c')", 1494 state->id, header, localport, VCHIQ_FOURCC_AS_4CHARS(fourcc)); 1495 1496 service = get_listening_service(state, fourcc); 1497 if (!service) 1498 goto fail_open; 1499 1500 /* A matching service exists */ 1501 version = payload->version; 1502 version_min = payload->version_min; 1503 1504 if ((service->version < version_min) || (version < service->version_min)) { 1505 /* Version mismatch */ 1506 vchiq_loud_error_header(); 1507 vchiq_loud_error("%d: service %d (%c%c%c%c) version mismatch - local (%d, min %d) vs. remote (%d, min %d)", 1508 state->id, service->localport, VCHIQ_FOURCC_AS_4CHARS(fourcc), 1509 service->version, service->version_min, version, version_min); 1510 vchiq_loud_error_footer(); 1511 vchiq_service_put(service); 1512 service = NULL; 1513 goto fail_open; 1514 } 1515 service->peer_version = version; 1516 1517 if (service->srvstate == VCHIQ_SRVSTATE_LISTENING) { 1518 struct vchiq_openack_payload ack_payload = { 1519 service->version 1520 }; 1521 int openack_id = MAKE_OPENACK(service->localport, remoteport); 1522 1523 if (state->version_common < 1524 VCHIQ_VERSION_SYNCHRONOUS_MODE) 1525 service->sync = 0; 1526 1527 /* Acknowledge the OPEN */ 1528 if (service->sync) { 1529 if (queue_message_sync(state, NULL, openack_id, memcpy_copy_callback, 1530 &ack_payload, sizeof(ack_payload), 0) == VCHIQ_RETRY) 1531 goto bail_not_ready; 1532 1533 /* The service is now open */ 1534 set_service_state(service, VCHIQ_SRVSTATE_OPENSYNC); 1535 } else { 1536 if (queue_message(state, NULL, openack_id, memcpy_copy_callback, 1537 &ack_payload, sizeof(ack_payload), 0) == VCHIQ_RETRY) 1538 goto bail_not_ready; 1539 1540 /* The service is now open */ 1541 set_service_state(service, VCHIQ_SRVSTATE_OPEN); 1542 } 1543 } 1544 1545 /* Success - the message has been dealt with */ 1546 vchiq_service_put(service); 1547 return 1; 1548 1549 fail_open: 1550 /* No available service, or an invalid request - send a CLOSE */ 1551 if (queue_message(state, NULL, MAKE_CLOSE(0, VCHIQ_MSG_SRCPORT(msgid)), 1552 NULL, NULL, 0, 0) == VCHIQ_RETRY) 1553 goto bail_not_ready; 1554 1555 return 1; 1556 1557 bail_not_ready: 1558 if (service) 1559 vchiq_service_put(service); 1560 1561 return 0; 1562 } 1563 1564 /** 1565 * parse_message() - parses a single message from the rx slot 1566 * @state: vchiq state struct 1567 * @header: message header 1568 * 1569 * Context: Process context 1570 * 1571 * Return: 1572 * * >= 0 - size of the parsed message payload (without header) 1573 * * -EINVAL - fatal error occurred, bail out is required 1574 */ 1575 static int 1576 parse_message(struct vchiq_state *state, struct vchiq_header *header) 1577 { 1578 struct vchiq_service *service = NULL; 1579 unsigned int localport, remoteport; 1580 int msgid, size, type, ret = -EINVAL; 1581 1582 DEBUG_INITIALISE(state->local); 1583 1584 DEBUG_VALUE(PARSE_HEADER, (int)(long)header); 1585 msgid = header->msgid; 1586 DEBUG_VALUE(PARSE_MSGID, msgid); 1587 size = header->size; 1588 type = VCHIQ_MSG_TYPE(msgid); 1589 localport = VCHIQ_MSG_DSTPORT(msgid); 1590 remoteport = VCHIQ_MSG_SRCPORT(msgid); 1591 1592 if (type != VCHIQ_MSG_DATA) 1593 VCHIQ_STATS_INC(state, ctrl_rx_count); 1594 1595 switch (type) { 1596 case VCHIQ_MSG_OPENACK: 1597 case VCHIQ_MSG_CLOSE: 1598 case VCHIQ_MSG_DATA: 1599 case VCHIQ_MSG_BULK_RX: 1600 case VCHIQ_MSG_BULK_TX: 1601 case VCHIQ_MSG_BULK_RX_DONE: 1602 case VCHIQ_MSG_BULK_TX_DONE: 1603 service = find_service_by_port(state, localport); 1604 if ((!service || 1605 ((service->remoteport != remoteport) && 1606 (service->remoteport != VCHIQ_PORT_FREE))) && 1607 (localport == 0) && 1608 (type == VCHIQ_MSG_CLOSE)) { 1609 /* 1610 * This could be a CLOSE from a client which 1611 * hadn't yet received the OPENACK - look for 1612 * the connected service 1613 */ 1614 if (service) 1615 vchiq_service_put(service); 1616 service = get_connected_service(state, remoteport); 1617 if (service) 1618 vchiq_log_warning(vchiq_core_log_level, 1619 "%d: prs %s@%pK (%d->%d) - found connected service %d", 1620 state->id, msg_type_str(type), header, 1621 remoteport, localport, service->localport); 1622 } 1623 1624 if (!service) { 1625 vchiq_log_error(vchiq_core_log_level, 1626 "%d: prs %s@%pK (%d->%d) - invalid/closed service %d", 1627 state->id, msg_type_str(type), header, remoteport, 1628 localport, localport); 1629 goto skip_message; 1630 } 1631 break; 1632 default: 1633 break; 1634 } 1635 1636 if (SRVTRACE_ENABLED(service, VCHIQ_LOG_INFO)) { 1637 int svc_fourcc; 1638 1639 svc_fourcc = service 1640 ? service->base.fourcc 1641 : VCHIQ_MAKE_FOURCC('?', '?', '?', '?'); 1642 vchiq_log_info(SRVTRACE_LEVEL(service), 1643 "Rcvd Msg %s(%u) from %c%c%c%c s:%d d:%d len:%d", 1644 msg_type_str(type), type, VCHIQ_FOURCC_AS_4CHARS(svc_fourcc), 1645 remoteport, localport, size); 1646 if (size > 0) 1647 vchiq_log_dump_mem("Rcvd", 0, header->data, min(16, size)); 1648 } 1649 1650 if (((unsigned long)header & VCHIQ_SLOT_MASK) + 1651 calc_stride(size) > VCHIQ_SLOT_SIZE) { 1652 vchiq_log_error(vchiq_core_log_level, 1653 "header %pK (msgid %x) - size %x too big for slot", 1654 header, (unsigned int)msgid, (unsigned int)size); 1655 WARN(1, "oversized for slot\n"); 1656 } 1657 1658 switch (type) { 1659 case VCHIQ_MSG_OPEN: 1660 WARN_ON(VCHIQ_MSG_DSTPORT(msgid)); 1661 if (!parse_open(state, header)) 1662 goto bail_not_ready; 1663 break; 1664 case VCHIQ_MSG_OPENACK: 1665 if (size >= sizeof(struct vchiq_openack_payload)) { 1666 const struct vchiq_openack_payload *payload = 1667 (struct vchiq_openack_payload *) 1668 header->data; 1669 service->peer_version = payload->version; 1670 } 1671 vchiq_log_info(vchiq_core_log_level, "%d: prs OPENACK@%pK,%x (%d->%d) v:%d", 1672 state->id, header, size, remoteport, localport, 1673 service->peer_version); 1674 if (service->srvstate == VCHIQ_SRVSTATE_OPENING) { 1675 service->remoteport = remoteport; 1676 set_service_state(service, VCHIQ_SRVSTATE_OPEN); 1677 complete(&service->remove_event); 1678 } else { 1679 vchiq_log_error(vchiq_core_log_level, "OPENACK received in state %s", 1680 srvstate_names[service->srvstate]); 1681 } 1682 break; 1683 case VCHIQ_MSG_CLOSE: 1684 WARN_ON(size); /* There should be no data */ 1685 1686 vchiq_log_info(vchiq_core_log_level, "%d: prs CLOSE@%pK (%d->%d)", 1687 state->id, header, remoteport, localport); 1688 1689 mark_service_closing_internal(service, 1); 1690 1691 if (vchiq_close_service_internal(service, CLOSE_RECVD) == VCHIQ_RETRY) 1692 goto bail_not_ready; 1693 1694 vchiq_log_info(vchiq_core_log_level, "Close Service %c%c%c%c s:%u d:%d", 1695 VCHIQ_FOURCC_AS_4CHARS(service->base.fourcc), 1696 service->localport, service->remoteport); 1697 break; 1698 case VCHIQ_MSG_DATA: 1699 vchiq_log_info(vchiq_core_log_level, "%d: prs DATA@%pK,%x (%d->%d)", 1700 state->id, header, size, remoteport, localport); 1701 1702 if ((service->remoteport == remoteport) && 1703 (service->srvstate == VCHIQ_SRVSTATE_OPEN)) { 1704 header->msgid = msgid | VCHIQ_MSGID_CLAIMED; 1705 claim_slot(state->rx_info); 1706 DEBUG_TRACE(PARSE_LINE); 1707 if (make_service_callback(service, VCHIQ_MESSAGE_AVAILABLE, header, 1708 NULL) == VCHIQ_RETRY) { 1709 DEBUG_TRACE(PARSE_LINE); 1710 goto bail_not_ready; 1711 } 1712 VCHIQ_SERVICE_STATS_INC(service, ctrl_rx_count); 1713 VCHIQ_SERVICE_STATS_ADD(service, ctrl_rx_bytes, size); 1714 } else { 1715 VCHIQ_STATS_INC(state, error_count); 1716 } 1717 break; 1718 case VCHIQ_MSG_CONNECT: 1719 vchiq_log_info(vchiq_core_log_level, "%d: prs CONNECT@%pK", state->id, header); 1720 state->version_common = ((struct vchiq_slot_zero *) 1721 state->slot_data)->version; 1722 complete(&state->connect); 1723 break; 1724 case VCHIQ_MSG_BULK_RX: 1725 case VCHIQ_MSG_BULK_TX: 1726 /* 1727 * We should never receive a bulk request from the 1728 * other side since we're not setup to perform as the 1729 * master. 1730 */ 1731 WARN_ON(1); 1732 break; 1733 case VCHIQ_MSG_BULK_RX_DONE: 1734 case VCHIQ_MSG_BULK_TX_DONE: 1735 if ((service->remoteport == remoteport) && 1736 (service->srvstate != VCHIQ_SRVSTATE_FREE)) { 1737 struct vchiq_bulk_queue *queue; 1738 struct vchiq_bulk *bulk; 1739 1740 queue = (type == VCHIQ_MSG_BULK_RX_DONE) ? 1741 &service->bulk_rx : &service->bulk_tx; 1742 1743 DEBUG_TRACE(PARSE_LINE); 1744 if (mutex_lock_killable(&service->bulk_mutex)) { 1745 DEBUG_TRACE(PARSE_LINE); 1746 goto bail_not_ready; 1747 } 1748 if ((int)(queue->remote_insert - 1749 queue->local_insert) >= 0) { 1750 vchiq_log_error(vchiq_core_log_level, 1751 "%d: prs %s@%pK (%d->%d) unexpected (ri=%d,li=%d)", 1752 state->id, msg_type_str(type), header, remoteport, 1753 localport, queue->remote_insert, 1754 queue->local_insert); 1755 mutex_unlock(&service->bulk_mutex); 1756 break; 1757 } 1758 if (queue->process != queue->remote_insert) { 1759 pr_err("%s: p %x != ri %x\n", 1760 __func__, 1761 queue->process, 1762 queue->remote_insert); 1763 mutex_unlock(&service->bulk_mutex); 1764 goto bail_not_ready; 1765 } 1766 1767 bulk = &queue->bulks[BULK_INDEX(queue->remote_insert)]; 1768 bulk->actual = *(int *)header->data; 1769 queue->remote_insert++; 1770 1771 vchiq_log_info(vchiq_core_log_level, "%d: prs %s@%pK (%d->%d) %x@%pad", 1772 state->id, msg_type_str(type), header, remoteport, localport, 1773 bulk->actual, &bulk->data); 1774 1775 vchiq_log_trace(vchiq_core_log_level, "%d: prs:%d %cx li=%x ri=%x p=%x", 1776 state->id, localport, 1777 (type == VCHIQ_MSG_BULK_RX_DONE) ? 'r' : 't', 1778 queue->local_insert, queue->remote_insert, queue->process); 1779 1780 DEBUG_TRACE(PARSE_LINE); 1781 WARN_ON(queue->process == queue->local_insert); 1782 vchiq_complete_bulk(service->instance, bulk); 1783 queue->process++; 1784 mutex_unlock(&service->bulk_mutex); 1785 DEBUG_TRACE(PARSE_LINE); 1786 notify_bulks(service, queue, RETRY_POLL); 1787 DEBUG_TRACE(PARSE_LINE); 1788 } 1789 break; 1790 case VCHIQ_MSG_PADDING: 1791 vchiq_log_trace(vchiq_core_log_level, "%d: prs PADDING@%pK,%x", 1792 state->id, header, size); 1793 break; 1794 case VCHIQ_MSG_PAUSE: 1795 /* If initiated, signal the application thread */ 1796 vchiq_log_trace(vchiq_core_log_level, "%d: prs PAUSE@%pK,%x", 1797 state->id, header, size); 1798 if (state->conn_state == VCHIQ_CONNSTATE_PAUSED) { 1799 vchiq_log_error(vchiq_core_log_level, "%d: PAUSE received in state PAUSED", 1800 state->id); 1801 break; 1802 } 1803 if (state->conn_state != VCHIQ_CONNSTATE_PAUSE_SENT) { 1804 /* Send a PAUSE in response */ 1805 if (queue_message(state, NULL, MAKE_PAUSE, NULL, NULL, 0, 1806 QMFLAGS_NO_MUTEX_UNLOCK) == VCHIQ_RETRY) 1807 goto bail_not_ready; 1808 } 1809 /* At this point slot_mutex is held */ 1810 vchiq_set_conn_state(state, VCHIQ_CONNSTATE_PAUSED); 1811 break; 1812 case VCHIQ_MSG_RESUME: 1813 vchiq_log_trace(vchiq_core_log_level, "%d: prs RESUME@%pK,%x", 1814 state->id, header, size); 1815 /* Release the slot mutex */ 1816 mutex_unlock(&state->slot_mutex); 1817 vchiq_set_conn_state(state, VCHIQ_CONNSTATE_CONNECTED); 1818 break; 1819 1820 case VCHIQ_MSG_REMOTE_USE: 1821 vchiq_on_remote_use(state); 1822 break; 1823 case VCHIQ_MSG_REMOTE_RELEASE: 1824 vchiq_on_remote_release(state); 1825 break; 1826 case VCHIQ_MSG_REMOTE_USE_ACTIVE: 1827 break; 1828 1829 default: 1830 vchiq_log_error(vchiq_core_log_level, "%d: prs invalid msgid %x@%pK,%x", 1831 state->id, msgid, header, size); 1832 WARN(1, "invalid message\n"); 1833 break; 1834 } 1835 1836 skip_message: 1837 ret = size; 1838 1839 bail_not_ready: 1840 if (service) 1841 vchiq_service_put(service); 1842 1843 return ret; 1844 } 1845 1846 /* Called by the slot handler thread */ 1847 static void 1848 parse_rx_slots(struct vchiq_state *state) 1849 { 1850 struct vchiq_shared_state *remote = state->remote; 1851 int tx_pos; 1852 1853 DEBUG_INITIALISE(state->local); 1854 1855 tx_pos = remote->tx_pos; 1856 1857 while (state->rx_pos != tx_pos) { 1858 struct vchiq_header *header; 1859 int size; 1860 1861 DEBUG_TRACE(PARSE_LINE); 1862 if (!state->rx_data) { 1863 int rx_index; 1864 1865 WARN_ON(state->rx_pos & VCHIQ_SLOT_MASK); 1866 rx_index = remote->slot_queue[ 1867 SLOT_QUEUE_INDEX_FROM_POS_MASKED(state->rx_pos)]; 1868 state->rx_data = (char *)SLOT_DATA_FROM_INDEX(state, 1869 rx_index); 1870 state->rx_info = SLOT_INFO_FROM_INDEX(state, rx_index); 1871 1872 /* 1873 * Initialise use_count to one, and increment 1874 * release_count at the end of the slot to avoid 1875 * releasing the slot prematurely. 1876 */ 1877 state->rx_info->use_count = 1; 1878 state->rx_info->release_count = 0; 1879 } 1880 1881 header = (struct vchiq_header *)(state->rx_data + 1882 (state->rx_pos & VCHIQ_SLOT_MASK)); 1883 size = parse_message(state, header); 1884 if (size < 0) 1885 return; 1886 1887 state->rx_pos += calc_stride(size); 1888 1889 DEBUG_TRACE(PARSE_LINE); 1890 /* 1891 * Perform some housekeeping when the end of the slot is 1892 * reached. 1893 */ 1894 if ((state->rx_pos & VCHIQ_SLOT_MASK) == 0) { 1895 /* Remove the extra reference count. */ 1896 release_slot(state, state->rx_info, NULL, NULL); 1897 state->rx_data = NULL; 1898 } 1899 } 1900 } 1901 1902 /** 1903 * handle_poll() - handle service polling and other rare conditions 1904 * @state: vchiq state struct 1905 * 1906 * Context: Process context 1907 * 1908 * Return: 1909 * * 0 - poll handled successful 1910 * * -EAGAIN - retry later 1911 */ 1912 static int 1913 handle_poll(struct vchiq_state *state) 1914 { 1915 switch (state->conn_state) { 1916 case VCHIQ_CONNSTATE_CONNECTED: 1917 /* Poll the services as requested */ 1918 poll_services(state); 1919 break; 1920 1921 case VCHIQ_CONNSTATE_PAUSING: 1922 if (queue_message(state, NULL, MAKE_PAUSE, NULL, NULL, 0, 1923 QMFLAGS_NO_MUTEX_UNLOCK) != VCHIQ_RETRY) { 1924 vchiq_set_conn_state(state, VCHIQ_CONNSTATE_PAUSE_SENT); 1925 } else { 1926 /* Retry later */ 1927 return -EAGAIN; 1928 } 1929 break; 1930 1931 case VCHIQ_CONNSTATE_RESUMING: 1932 if (queue_message(state, NULL, MAKE_RESUME, NULL, NULL, 0, 1933 QMFLAGS_NO_MUTEX_LOCK) != VCHIQ_RETRY) { 1934 vchiq_set_conn_state(state, VCHIQ_CONNSTATE_CONNECTED); 1935 } else { 1936 /* 1937 * This should really be impossible, 1938 * since the PAUSE should have flushed 1939 * through outstanding messages. 1940 */ 1941 vchiq_log_error(vchiq_core_log_level, "Failed to send RESUME message"); 1942 } 1943 break; 1944 default: 1945 break; 1946 } 1947 1948 return 0; 1949 } 1950 1951 /* Called by the slot handler thread */ 1952 static int 1953 slot_handler_func(void *v) 1954 { 1955 struct vchiq_state *state = v; 1956 struct vchiq_shared_state *local = state->local; 1957 1958 DEBUG_INITIALISE(local); 1959 1960 while (1) { 1961 DEBUG_COUNT(SLOT_HANDLER_COUNT); 1962 DEBUG_TRACE(SLOT_HANDLER_LINE); 1963 remote_event_wait(&state->trigger_event, &local->trigger); 1964 1965 /* Ensure that reads don't overtake the remote_event_wait. */ 1966 rmb(); 1967 1968 DEBUG_TRACE(SLOT_HANDLER_LINE); 1969 if (state->poll_needed) { 1970 state->poll_needed = 0; 1971 1972 /* 1973 * Handle service polling and other rare conditions here 1974 * out of the mainline code 1975 */ 1976 if (handle_poll(state) == -EAGAIN) 1977 state->poll_needed = 1; 1978 } 1979 1980 DEBUG_TRACE(SLOT_HANDLER_LINE); 1981 parse_rx_slots(state); 1982 } 1983 return 0; 1984 } 1985 1986 /* Called by the recycle thread */ 1987 static int 1988 recycle_func(void *v) 1989 { 1990 struct vchiq_state *state = v; 1991 struct vchiq_shared_state *local = state->local; 1992 u32 *found; 1993 size_t length; 1994 1995 length = sizeof(*found) * BITSET_SIZE(VCHIQ_MAX_SERVICES); 1996 1997 found = kmalloc_array(BITSET_SIZE(VCHIQ_MAX_SERVICES), sizeof(*found), 1998 GFP_KERNEL); 1999 if (!found) 2000 return -ENOMEM; 2001 2002 while (1) { 2003 remote_event_wait(&state->recycle_event, &local->recycle); 2004 2005 process_free_queue(state, found, length); 2006 } 2007 return 0; 2008 } 2009 2010 /* Called by the sync thread */ 2011 static int 2012 sync_func(void *v) 2013 { 2014 struct vchiq_state *state = v; 2015 struct vchiq_shared_state *local = state->local; 2016 struct vchiq_header *header = 2017 (struct vchiq_header *)SLOT_DATA_FROM_INDEX(state, 2018 state->remote->slot_sync); 2019 2020 while (1) { 2021 struct vchiq_service *service; 2022 int msgid, size; 2023 int type; 2024 unsigned int localport, remoteport; 2025 2026 remote_event_wait(&state->sync_trigger_event, &local->sync_trigger); 2027 2028 /* Ensure that reads don't overtake the remote_event_wait. */ 2029 rmb(); 2030 2031 msgid = header->msgid; 2032 size = header->size; 2033 type = VCHIQ_MSG_TYPE(msgid); 2034 localport = VCHIQ_MSG_DSTPORT(msgid); 2035 remoteport = VCHIQ_MSG_SRCPORT(msgid); 2036 2037 service = find_service_by_port(state, localport); 2038 2039 if (!service) { 2040 vchiq_log_error(vchiq_sync_log_level, 2041 "%d: sf %s@%pK (%d->%d) - invalid/closed service %d", 2042 state->id, msg_type_str(type), header, 2043 remoteport, localport, localport); 2044 release_message_sync(state, header); 2045 continue; 2046 } 2047 2048 if (vchiq_sync_log_level >= VCHIQ_LOG_TRACE) { 2049 int svc_fourcc; 2050 2051 svc_fourcc = service 2052 ? service->base.fourcc 2053 : VCHIQ_MAKE_FOURCC('?', '?', '?', '?'); 2054 vchiq_log_trace(vchiq_sync_log_level, 2055 "Rcvd Msg %s from %c%c%c%c s:%d d:%d len:%d", 2056 msg_type_str(type), VCHIQ_FOURCC_AS_4CHARS(svc_fourcc), 2057 remoteport, localport, size); 2058 if (size > 0) 2059 vchiq_log_dump_mem("Rcvd", 0, header->data, min(16, size)); 2060 } 2061 2062 switch (type) { 2063 case VCHIQ_MSG_OPENACK: 2064 if (size >= sizeof(struct vchiq_openack_payload)) { 2065 const struct vchiq_openack_payload *payload = 2066 (struct vchiq_openack_payload *) 2067 header->data; 2068 service->peer_version = payload->version; 2069 } 2070 vchiq_log_info(vchiq_sync_log_level, "%d: sf OPENACK@%pK,%x (%d->%d) v:%d", 2071 state->id, header, size, remoteport, localport, 2072 service->peer_version); 2073 if (service->srvstate == VCHIQ_SRVSTATE_OPENING) { 2074 service->remoteport = remoteport; 2075 set_service_state(service, VCHIQ_SRVSTATE_OPENSYNC); 2076 service->sync = 1; 2077 complete(&service->remove_event); 2078 } 2079 release_message_sync(state, header); 2080 break; 2081 2082 case VCHIQ_MSG_DATA: 2083 vchiq_log_trace(vchiq_sync_log_level, "%d: sf DATA@%pK,%x (%d->%d)", 2084 state->id, header, size, remoteport, localport); 2085 2086 if ((service->remoteport == remoteport) && 2087 (service->srvstate == VCHIQ_SRVSTATE_OPENSYNC)) { 2088 if (make_service_callback(service, VCHIQ_MESSAGE_AVAILABLE, header, 2089 NULL) == VCHIQ_RETRY) 2090 vchiq_log_error(vchiq_sync_log_level, 2091 "synchronous callback to service %d returns VCHIQ_RETRY", 2092 localport); 2093 } 2094 break; 2095 2096 default: 2097 vchiq_log_error(vchiq_sync_log_level, "%d: sf unexpected msgid %x@%pK,%x", 2098 state->id, msgid, header, size); 2099 release_message_sync(state, header); 2100 break; 2101 } 2102 2103 vchiq_service_put(service); 2104 } 2105 2106 return 0; 2107 } 2108 2109 inline const char * 2110 get_conn_state_name(enum vchiq_connstate conn_state) 2111 { 2112 return conn_state_names[conn_state]; 2113 } 2114 2115 struct vchiq_slot_zero * 2116 vchiq_init_slots(void *mem_base, int mem_size) 2117 { 2118 int mem_align = 2119 (int)((VCHIQ_SLOT_SIZE - (long)mem_base) & VCHIQ_SLOT_MASK); 2120 struct vchiq_slot_zero *slot_zero = 2121 (struct vchiq_slot_zero *)(mem_base + mem_align); 2122 int num_slots = (mem_size - mem_align) / VCHIQ_SLOT_SIZE; 2123 int first_data_slot = VCHIQ_SLOT_ZERO_SLOTS; 2124 2125 check_sizes(); 2126 2127 /* Ensure there is enough memory to run an absolutely minimum system */ 2128 num_slots -= first_data_slot; 2129 2130 if (num_slots < 4) { 2131 vchiq_log_error(vchiq_core_log_level, "%s - insufficient memory %x bytes", 2132 __func__, mem_size); 2133 return NULL; 2134 } 2135 2136 memset(slot_zero, 0, sizeof(struct vchiq_slot_zero)); 2137 2138 slot_zero->magic = VCHIQ_MAGIC; 2139 slot_zero->version = VCHIQ_VERSION; 2140 slot_zero->version_min = VCHIQ_VERSION_MIN; 2141 slot_zero->slot_zero_size = sizeof(struct vchiq_slot_zero); 2142 slot_zero->slot_size = VCHIQ_SLOT_SIZE; 2143 slot_zero->max_slots = VCHIQ_MAX_SLOTS; 2144 slot_zero->max_slots_per_side = VCHIQ_MAX_SLOTS_PER_SIDE; 2145 2146 slot_zero->master.slot_sync = first_data_slot; 2147 slot_zero->master.slot_first = first_data_slot + 1; 2148 slot_zero->master.slot_last = first_data_slot + (num_slots / 2) - 1; 2149 slot_zero->slave.slot_sync = first_data_slot + (num_slots / 2); 2150 slot_zero->slave.slot_first = first_data_slot + (num_slots / 2) + 1; 2151 slot_zero->slave.slot_last = first_data_slot + num_slots - 1; 2152 2153 return slot_zero; 2154 } 2155 2156 int 2157 vchiq_init_state(struct vchiq_state *state, struct vchiq_slot_zero *slot_zero, struct device *dev) 2158 { 2159 struct vchiq_shared_state *local; 2160 struct vchiq_shared_state *remote; 2161 char threadname[16]; 2162 int i, ret; 2163 2164 local = &slot_zero->slave; 2165 remote = &slot_zero->master; 2166 2167 if (local->initialised) { 2168 vchiq_loud_error_header(); 2169 if (remote->initialised) 2170 vchiq_loud_error("local state has already been initialised"); 2171 else 2172 vchiq_loud_error("master/slave mismatch two slaves"); 2173 vchiq_loud_error_footer(); 2174 return -EINVAL; 2175 } 2176 2177 memset(state, 0, sizeof(struct vchiq_state)); 2178 2179 state->dev = dev; 2180 2181 /* 2182 * initialize shared state pointers 2183 */ 2184 2185 state->local = local; 2186 state->remote = remote; 2187 state->slot_data = (struct vchiq_slot *)slot_zero; 2188 2189 /* 2190 * initialize events and mutexes 2191 */ 2192 2193 init_completion(&state->connect); 2194 mutex_init(&state->mutex); 2195 mutex_init(&state->slot_mutex); 2196 mutex_init(&state->recycle_mutex); 2197 mutex_init(&state->sync_mutex); 2198 mutex_init(&state->bulk_transfer_mutex); 2199 2200 init_completion(&state->slot_available_event); 2201 init_completion(&state->slot_remove_event); 2202 init_completion(&state->data_quota_event); 2203 2204 state->slot_queue_available = 0; 2205 2206 for (i = 0; i < VCHIQ_MAX_SERVICES; i++) { 2207 struct vchiq_service_quota *quota = &state->service_quotas[i]; 2208 init_completion("a->quota_event); 2209 } 2210 2211 for (i = local->slot_first; i <= local->slot_last; i++) { 2212 local->slot_queue[state->slot_queue_available] = i; 2213 state->slot_queue_available++; 2214 complete(&state->slot_available_event); 2215 } 2216 2217 state->default_slot_quota = state->slot_queue_available / 2; 2218 state->default_message_quota = 2219 min_t(unsigned short, state->default_slot_quota * 256, ~0); 2220 2221 state->previous_data_index = -1; 2222 state->data_use_count = 0; 2223 state->data_quota = state->slot_queue_available - 1; 2224 2225 remote_event_create(&state->trigger_event, &local->trigger); 2226 local->tx_pos = 0; 2227 remote_event_create(&state->recycle_event, &local->recycle); 2228 local->slot_queue_recycle = state->slot_queue_available; 2229 remote_event_create(&state->sync_trigger_event, &local->sync_trigger); 2230 remote_event_create(&state->sync_release_event, &local->sync_release); 2231 2232 /* At start-of-day, the slot is empty and available */ 2233 ((struct vchiq_header *) 2234 SLOT_DATA_FROM_INDEX(state, local->slot_sync))->msgid = 2235 VCHIQ_MSGID_PADDING; 2236 remote_event_signal_local(&state->sync_release_event, &local->sync_release); 2237 2238 local->debug[DEBUG_ENTRIES] = DEBUG_MAX; 2239 2240 ret = vchiq_platform_init_state(state); 2241 if (ret) 2242 return ret; 2243 2244 /* 2245 * bring up slot handler thread 2246 */ 2247 snprintf(threadname, sizeof(threadname), "vchiq-slot/%d", state->id); 2248 state->slot_handler_thread = kthread_create(&slot_handler_func, (void *)state, threadname); 2249 2250 if (IS_ERR(state->slot_handler_thread)) { 2251 vchiq_loud_error_header(); 2252 vchiq_loud_error("couldn't create thread %s", threadname); 2253 vchiq_loud_error_footer(); 2254 return PTR_ERR(state->slot_handler_thread); 2255 } 2256 set_user_nice(state->slot_handler_thread, -19); 2257 2258 snprintf(threadname, sizeof(threadname), "vchiq-recy/%d", state->id); 2259 state->recycle_thread = kthread_create(&recycle_func, (void *)state, threadname); 2260 if (IS_ERR(state->recycle_thread)) { 2261 vchiq_loud_error_header(); 2262 vchiq_loud_error("couldn't create thread %s", threadname); 2263 vchiq_loud_error_footer(); 2264 ret = PTR_ERR(state->recycle_thread); 2265 goto fail_free_handler_thread; 2266 } 2267 set_user_nice(state->recycle_thread, -19); 2268 2269 snprintf(threadname, sizeof(threadname), "vchiq-sync/%d", state->id); 2270 state->sync_thread = kthread_create(&sync_func, (void *)state, threadname); 2271 if (IS_ERR(state->sync_thread)) { 2272 vchiq_loud_error_header(); 2273 vchiq_loud_error("couldn't create thread %s", threadname); 2274 vchiq_loud_error_footer(); 2275 ret = PTR_ERR(state->sync_thread); 2276 goto fail_free_recycle_thread; 2277 } 2278 set_user_nice(state->sync_thread, -20); 2279 2280 wake_up_process(state->slot_handler_thread); 2281 wake_up_process(state->recycle_thread); 2282 wake_up_process(state->sync_thread); 2283 2284 /* Indicate readiness to the other side */ 2285 local->initialised = 1; 2286 2287 return 0; 2288 2289 fail_free_recycle_thread: 2290 kthread_stop(state->recycle_thread); 2291 fail_free_handler_thread: 2292 kthread_stop(state->slot_handler_thread); 2293 2294 return ret; 2295 } 2296 2297 void vchiq_msg_queue_push(struct vchiq_instance *instance, unsigned int handle, 2298 struct vchiq_header *header) 2299 { 2300 struct vchiq_service *service = find_service_by_handle(instance, handle); 2301 int pos; 2302 2303 if (!service) 2304 return; 2305 2306 while (service->msg_queue_write == service->msg_queue_read + 2307 VCHIQ_MAX_SLOTS) { 2308 if (wait_for_completion_interruptible(&service->msg_queue_pop)) 2309 flush_signals(current); 2310 } 2311 2312 pos = service->msg_queue_write & (VCHIQ_MAX_SLOTS - 1); 2313 service->msg_queue_write++; 2314 service->msg_queue[pos] = header; 2315 2316 complete(&service->msg_queue_push); 2317 } 2318 EXPORT_SYMBOL(vchiq_msg_queue_push); 2319 2320 struct vchiq_header *vchiq_msg_hold(struct vchiq_instance *instance, unsigned int handle) 2321 { 2322 struct vchiq_service *service = find_service_by_handle(instance, handle); 2323 struct vchiq_header *header; 2324 int pos; 2325 2326 if (!service) 2327 return NULL; 2328 2329 if (service->msg_queue_write == service->msg_queue_read) 2330 return NULL; 2331 2332 while (service->msg_queue_write == service->msg_queue_read) { 2333 if (wait_for_completion_interruptible(&service->msg_queue_push)) 2334 flush_signals(current); 2335 } 2336 2337 pos = service->msg_queue_read & (VCHIQ_MAX_SLOTS - 1); 2338 service->msg_queue_read++; 2339 header = service->msg_queue[pos]; 2340 2341 complete(&service->msg_queue_pop); 2342 2343 return header; 2344 } 2345 EXPORT_SYMBOL(vchiq_msg_hold); 2346 2347 static int vchiq_validate_params(const struct vchiq_service_params_kernel *params) 2348 { 2349 if (!params->callback || !params->fourcc) { 2350 vchiq_loud_error("Can't add service, invalid params\n"); 2351 return -EINVAL; 2352 } 2353 2354 return 0; 2355 } 2356 2357 /* Called from application thread when a client or server service is created. */ 2358 struct vchiq_service * 2359 vchiq_add_service_internal(struct vchiq_state *state, 2360 const struct vchiq_service_params_kernel *params, 2361 int srvstate, struct vchiq_instance *instance, 2362 void (*userdata_term)(void *userdata)) 2363 { 2364 struct vchiq_service *service; 2365 struct vchiq_service __rcu **pservice = NULL; 2366 struct vchiq_service_quota *quota; 2367 int ret; 2368 int i; 2369 2370 ret = vchiq_validate_params(params); 2371 if (ret) 2372 return NULL; 2373 2374 service = kzalloc(sizeof(*service), GFP_KERNEL); 2375 if (!service) 2376 return service; 2377 2378 service->base.fourcc = params->fourcc; 2379 service->base.callback = params->callback; 2380 service->base.userdata = params->userdata; 2381 service->handle = VCHIQ_SERVICE_HANDLE_INVALID; 2382 kref_init(&service->ref_count); 2383 service->srvstate = VCHIQ_SRVSTATE_FREE; 2384 service->userdata_term = userdata_term; 2385 service->localport = VCHIQ_PORT_FREE; 2386 service->remoteport = VCHIQ_PORT_FREE; 2387 2388 service->public_fourcc = (srvstate == VCHIQ_SRVSTATE_OPENING) ? 2389 VCHIQ_FOURCC_INVALID : params->fourcc; 2390 service->auto_close = 1; 2391 atomic_set(&service->poll_flags, 0); 2392 service->version = params->version; 2393 service->version_min = params->version_min; 2394 service->state = state; 2395 service->instance = instance; 2396 init_completion(&service->remove_event); 2397 init_completion(&service->bulk_remove_event); 2398 init_completion(&service->msg_queue_pop); 2399 init_completion(&service->msg_queue_push); 2400 mutex_init(&service->bulk_mutex); 2401 2402 /* 2403 * Although it is perfectly possible to use a spinlock 2404 * to protect the creation of services, it is overkill as it 2405 * disables interrupts while the array is searched. 2406 * The only danger is of another thread trying to create a 2407 * service - service deletion is safe. 2408 * Therefore it is preferable to use state->mutex which, 2409 * although slower to claim, doesn't block interrupts while 2410 * it is held. 2411 */ 2412 2413 mutex_lock(&state->mutex); 2414 2415 /* Prepare to use a previously unused service */ 2416 if (state->unused_service < VCHIQ_MAX_SERVICES) 2417 pservice = &state->services[state->unused_service]; 2418 2419 if (srvstate == VCHIQ_SRVSTATE_OPENING) { 2420 for (i = 0; i < state->unused_service; i++) { 2421 if (!rcu_access_pointer(state->services[i])) { 2422 pservice = &state->services[i]; 2423 break; 2424 } 2425 } 2426 } else { 2427 rcu_read_lock(); 2428 for (i = (state->unused_service - 1); i >= 0; i--) { 2429 struct vchiq_service *srv; 2430 2431 srv = rcu_dereference(state->services[i]); 2432 if (!srv) { 2433 pservice = &state->services[i]; 2434 } else if ((srv->public_fourcc == params->fourcc) && 2435 ((srv->instance != instance) || 2436 (srv->base.callback != params->callback))) { 2437 /* 2438 * There is another server using this 2439 * fourcc which doesn't match. 2440 */ 2441 pservice = NULL; 2442 break; 2443 } 2444 } 2445 rcu_read_unlock(); 2446 } 2447 2448 if (pservice) { 2449 service->localport = (pservice - state->services); 2450 if (!handle_seq) 2451 handle_seq = VCHIQ_MAX_STATES * 2452 VCHIQ_MAX_SERVICES; 2453 service->handle = handle_seq | 2454 (state->id * VCHIQ_MAX_SERVICES) | 2455 service->localport; 2456 handle_seq += VCHIQ_MAX_STATES * VCHIQ_MAX_SERVICES; 2457 rcu_assign_pointer(*pservice, service); 2458 if (pservice == &state->services[state->unused_service]) 2459 state->unused_service++; 2460 } 2461 2462 mutex_unlock(&state->mutex); 2463 2464 if (!pservice) { 2465 kfree(service); 2466 return NULL; 2467 } 2468 2469 quota = &state->service_quotas[service->localport]; 2470 quota->slot_quota = state->default_slot_quota; 2471 quota->message_quota = state->default_message_quota; 2472 if (quota->slot_use_count == 0) 2473 quota->previous_tx_index = 2474 SLOT_QUEUE_INDEX_FROM_POS(state->local_tx_pos) 2475 - 1; 2476 2477 /* Bring this service online */ 2478 set_service_state(service, srvstate); 2479 2480 vchiq_log_info(vchiq_core_msg_log_level, "%s Service %c%c%c%c SrcPort:%d", 2481 (srvstate == VCHIQ_SRVSTATE_OPENING) ? "Open" : "Add", 2482 VCHIQ_FOURCC_AS_4CHARS(params->fourcc), service->localport); 2483 2484 /* Don't unlock the service - leave it with a ref_count of 1. */ 2485 2486 return service; 2487 } 2488 2489 enum vchiq_status 2490 vchiq_open_service_internal(struct vchiq_service *service, int client_id) 2491 { 2492 struct vchiq_open_payload payload = { 2493 service->base.fourcc, 2494 client_id, 2495 service->version, 2496 service->version_min 2497 }; 2498 enum vchiq_status status = VCHIQ_SUCCESS; 2499 2500 service->client_id = client_id; 2501 vchiq_use_service_internal(service); 2502 status = queue_message(service->state, 2503 NULL, MAKE_OPEN(service->localport), 2504 memcpy_copy_callback, 2505 &payload, 2506 sizeof(payload), 2507 QMFLAGS_IS_BLOCKING); 2508 2509 if (status != VCHIQ_SUCCESS) 2510 return status; 2511 2512 /* Wait for the ACK/NAK */ 2513 if (wait_for_completion_interruptible(&service->remove_event)) { 2514 status = VCHIQ_RETRY; 2515 vchiq_release_service_internal(service); 2516 } else if ((service->srvstate != VCHIQ_SRVSTATE_OPEN) && 2517 (service->srvstate != VCHIQ_SRVSTATE_OPENSYNC)) { 2518 if (service->srvstate != VCHIQ_SRVSTATE_CLOSEWAIT) 2519 vchiq_log_error(vchiq_core_log_level, 2520 "%d: osi - srvstate = %s (ref %u)", 2521 service->state->id, 2522 srvstate_names[service->srvstate], 2523 kref_read(&service->ref_count)); 2524 status = VCHIQ_ERROR; 2525 VCHIQ_SERVICE_STATS_INC(service, error_count); 2526 vchiq_release_service_internal(service); 2527 } 2528 2529 return status; 2530 } 2531 2532 static void 2533 release_service_messages(struct vchiq_service *service) 2534 { 2535 struct vchiq_state *state = service->state; 2536 int slot_last = state->remote->slot_last; 2537 int i; 2538 2539 /* Release any claimed messages aimed at this service */ 2540 2541 if (service->sync) { 2542 struct vchiq_header *header = 2543 (struct vchiq_header *)SLOT_DATA_FROM_INDEX(state, 2544 state->remote->slot_sync); 2545 if (VCHIQ_MSG_DSTPORT(header->msgid) == service->localport) 2546 release_message_sync(state, header); 2547 2548 return; 2549 } 2550 2551 for (i = state->remote->slot_first; i <= slot_last; i++) { 2552 struct vchiq_slot_info *slot_info = 2553 SLOT_INFO_FROM_INDEX(state, i); 2554 unsigned int pos, end; 2555 char *data; 2556 2557 if (slot_info->release_count == slot_info->use_count) 2558 continue; 2559 2560 data = (char *)SLOT_DATA_FROM_INDEX(state, i); 2561 end = VCHIQ_SLOT_SIZE; 2562 if (data == state->rx_data) 2563 /* 2564 * This buffer is still being read from - stop 2565 * at the current read position 2566 */ 2567 end = state->rx_pos & VCHIQ_SLOT_MASK; 2568 2569 pos = 0; 2570 2571 while (pos < end) { 2572 struct vchiq_header *header = 2573 (struct vchiq_header *)(data + pos); 2574 int msgid = header->msgid; 2575 int port = VCHIQ_MSG_DSTPORT(msgid); 2576 2577 if ((port == service->localport) && (msgid & VCHIQ_MSGID_CLAIMED)) { 2578 vchiq_log_info(vchiq_core_log_level, " fsi - hdr %pK", header); 2579 release_slot(state, slot_info, header, NULL); 2580 } 2581 pos += calc_stride(header->size); 2582 if (pos > VCHIQ_SLOT_SIZE) { 2583 vchiq_log_error(vchiq_core_log_level, 2584 "fsi - pos %x: header %pK, msgid %x, header->msgid %x, header->size %x", 2585 pos, header, msgid, header->msgid, header->size); 2586 WARN(1, "invalid slot position\n"); 2587 } 2588 } 2589 } 2590 } 2591 2592 static int 2593 do_abort_bulks(struct vchiq_service *service) 2594 { 2595 enum vchiq_status status; 2596 2597 /* Abort any outstanding bulk transfers */ 2598 if (mutex_lock_killable(&service->bulk_mutex)) 2599 return 0; 2600 abort_outstanding_bulks(service, &service->bulk_tx); 2601 abort_outstanding_bulks(service, &service->bulk_rx); 2602 mutex_unlock(&service->bulk_mutex); 2603 2604 status = notify_bulks(service, &service->bulk_tx, NO_RETRY_POLL); 2605 if (status != VCHIQ_SUCCESS) 2606 return 0; 2607 2608 status = notify_bulks(service, &service->bulk_rx, NO_RETRY_POLL); 2609 return (status == VCHIQ_SUCCESS); 2610 } 2611 2612 static enum vchiq_status 2613 close_service_complete(struct vchiq_service *service, int failstate) 2614 { 2615 enum vchiq_status status; 2616 int is_server = (service->public_fourcc != VCHIQ_FOURCC_INVALID); 2617 int newstate; 2618 2619 switch (service->srvstate) { 2620 case VCHIQ_SRVSTATE_OPEN: 2621 case VCHIQ_SRVSTATE_CLOSESENT: 2622 case VCHIQ_SRVSTATE_CLOSERECVD: 2623 if (is_server) { 2624 if (service->auto_close) { 2625 service->client_id = 0; 2626 service->remoteport = VCHIQ_PORT_FREE; 2627 newstate = VCHIQ_SRVSTATE_LISTENING; 2628 } else { 2629 newstate = VCHIQ_SRVSTATE_CLOSEWAIT; 2630 } 2631 } else { 2632 newstate = VCHIQ_SRVSTATE_CLOSED; 2633 } 2634 set_service_state(service, newstate); 2635 break; 2636 case VCHIQ_SRVSTATE_LISTENING: 2637 break; 2638 default: 2639 vchiq_log_error(vchiq_core_log_level, "%s(%x) called in state %s", __func__, 2640 service->handle, srvstate_names[service->srvstate]); 2641 WARN(1, "%s in unexpected state\n", __func__); 2642 return VCHIQ_ERROR; 2643 } 2644 2645 status = make_service_callback(service, VCHIQ_SERVICE_CLOSED, NULL, NULL); 2646 2647 if (status != VCHIQ_RETRY) { 2648 int uc = service->service_use_count; 2649 int i; 2650 /* Complete the close process */ 2651 for (i = 0; i < uc; i++) 2652 /* 2653 * cater for cases where close is forced and the 2654 * client may not close all it's handles 2655 */ 2656 vchiq_release_service_internal(service); 2657 2658 service->client_id = 0; 2659 service->remoteport = VCHIQ_PORT_FREE; 2660 2661 if (service->srvstate == VCHIQ_SRVSTATE_CLOSED) { 2662 vchiq_free_service_internal(service); 2663 } else if (service->srvstate != VCHIQ_SRVSTATE_CLOSEWAIT) { 2664 if (is_server) 2665 service->closing = 0; 2666 2667 complete(&service->remove_event); 2668 } 2669 } else { 2670 set_service_state(service, failstate); 2671 } 2672 2673 return status; 2674 } 2675 2676 /* Called by the slot handler */ 2677 enum vchiq_status 2678 vchiq_close_service_internal(struct vchiq_service *service, int close_recvd) 2679 { 2680 struct vchiq_state *state = service->state; 2681 enum vchiq_status status = VCHIQ_SUCCESS; 2682 int is_server = (service->public_fourcc != VCHIQ_FOURCC_INVALID); 2683 int close_id = MAKE_CLOSE(service->localport, 2684 VCHIQ_MSG_DSTPORT(service->remoteport)); 2685 2686 vchiq_log_info(vchiq_core_log_level, "%d: csi:%d,%d (%s)", service->state->id, 2687 service->localport, close_recvd, srvstate_names[service->srvstate]); 2688 2689 switch (service->srvstate) { 2690 case VCHIQ_SRVSTATE_CLOSED: 2691 case VCHIQ_SRVSTATE_HIDDEN: 2692 case VCHIQ_SRVSTATE_LISTENING: 2693 case VCHIQ_SRVSTATE_CLOSEWAIT: 2694 if (close_recvd) { 2695 vchiq_log_error(vchiq_core_log_level, "%s(1) called in state %s", 2696 __func__, srvstate_names[service->srvstate]); 2697 } else if (is_server) { 2698 if (service->srvstate == VCHIQ_SRVSTATE_LISTENING) { 2699 status = VCHIQ_ERROR; 2700 } else { 2701 service->client_id = 0; 2702 service->remoteport = VCHIQ_PORT_FREE; 2703 if (service->srvstate == VCHIQ_SRVSTATE_CLOSEWAIT) 2704 set_service_state(service, VCHIQ_SRVSTATE_LISTENING); 2705 } 2706 complete(&service->remove_event); 2707 } else { 2708 vchiq_free_service_internal(service); 2709 } 2710 break; 2711 case VCHIQ_SRVSTATE_OPENING: 2712 if (close_recvd) { 2713 /* The open was rejected - tell the user */ 2714 set_service_state(service, VCHIQ_SRVSTATE_CLOSEWAIT); 2715 complete(&service->remove_event); 2716 } else { 2717 /* Shutdown mid-open - let the other side know */ 2718 status = queue_message(state, service, close_id, NULL, NULL, 0, 0); 2719 } 2720 break; 2721 2722 case VCHIQ_SRVSTATE_OPENSYNC: 2723 mutex_lock(&state->sync_mutex); 2724 fallthrough; 2725 case VCHIQ_SRVSTATE_OPEN: 2726 if (close_recvd) { 2727 if (!do_abort_bulks(service)) 2728 status = VCHIQ_RETRY; 2729 } 2730 2731 release_service_messages(service); 2732 2733 if (status == VCHIQ_SUCCESS) 2734 status = queue_message(state, service, close_id, NULL, 2735 NULL, 0, QMFLAGS_NO_MUTEX_UNLOCK); 2736 2737 if (status != VCHIQ_SUCCESS) { 2738 if (service->srvstate == VCHIQ_SRVSTATE_OPENSYNC) 2739 mutex_unlock(&state->sync_mutex); 2740 break; 2741 } 2742 2743 if (!close_recvd) { 2744 /* Change the state while the mutex is still held */ 2745 set_service_state(service, VCHIQ_SRVSTATE_CLOSESENT); 2746 mutex_unlock(&state->slot_mutex); 2747 if (service->sync) 2748 mutex_unlock(&state->sync_mutex); 2749 break; 2750 } 2751 2752 /* Change the state while the mutex is still held */ 2753 set_service_state(service, VCHIQ_SRVSTATE_CLOSERECVD); 2754 mutex_unlock(&state->slot_mutex); 2755 if (service->sync) 2756 mutex_unlock(&state->sync_mutex); 2757 2758 status = close_service_complete(service, VCHIQ_SRVSTATE_CLOSERECVD); 2759 break; 2760 2761 case VCHIQ_SRVSTATE_CLOSESENT: 2762 if (!close_recvd) 2763 /* This happens when a process is killed mid-close */ 2764 break; 2765 2766 if (!do_abort_bulks(service)) { 2767 status = VCHIQ_RETRY; 2768 break; 2769 } 2770 2771 if (status == VCHIQ_SUCCESS) 2772 status = close_service_complete(service, VCHIQ_SRVSTATE_CLOSERECVD); 2773 break; 2774 2775 case VCHIQ_SRVSTATE_CLOSERECVD: 2776 if (!close_recvd && is_server) 2777 /* Force into LISTENING mode */ 2778 set_service_state(service, VCHIQ_SRVSTATE_LISTENING); 2779 status = close_service_complete(service, VCHIQ_SRVSTATE_CLOSERECVD); 2780 break; 2781 2782 default: 2783 vchiq_log_error(vchiq_core_log_level, "%s(%d) called in state %s", __func__, 2784 close_recvd, srvstate_names[service->srvstate]); 2785 break; 2786 } 2787 2788 return status; 2789 } 2790 2791 /* Called from the application process upon process death */ 2792 void 2793 vchiq_terminate_service_internal(struct vchiq_service *service) 2794 { 2795 struct vchiq_state *state = service->state; 2796 2797 vchiq_log_info(vchiq_core_log_level, "%d: tsi - (%d<->%d)", state->id, 2798 service->localport, service->remoteport); 2799 2800 mark_service_closing(service); 2801 2802 /* Mark the service for removal by the slot handler */ 2803 request_poll(state, service, VCHIQ_POLL_REMOVE); 2804 } 2805 2806 /* Called from the slot handler */ 2807 void 2808 vchiq_free_service_internal(struct vchiq_service *service) 2809 { 2810 struct vchiq_state *state = service->state; 2811 2812 vchiq_log_info(vchiq_core_log_level, "%d: fsi - (%d)", state->id, service->localport); 2813 2814 switch (service->srvstate) { 2815 case VCHIQ_SRVSTATE_OPENING: 2816 case VCHIQ_SRVSTATE_CLOSED: 2817 case VCHIQ_SRVSTATE_HIDDEN: 2818 case VCHIQ_SRVSTATE_LISTENING: 2819 case VCHIQ_SRVSTATE_CLOSEWAIT: 2820 break; 2821 default: 2822 vchiq_log_error(vchiq_core_log_level, "%d: fsi - (%d) in state %s", state->id, 2823 service->localport, srvstate_names[service->srvstate]); 2824 return; 2825 } 2826 2827 set_service_state(service, VCHIQ_SRVSTATE_FREE); 2828 2829 complete(&service->remove_event); 2830 2831 /* Release the initial lock */ 2832 vchiq_service_put(service); 2833 } 2834 2835 enum vchiq_status 2836 vchiq_connect_internal(struct vchiq_state *state, struct vchiq_instance *instance) 2837 { 2838 struct vchiq_service *service; 2839 int i; 2840 2841 /* Find all services registered to this client and enable them. */ 2842 i = 0; 2843 while ((service = next_service_by_instance(state, instance, &i)) != NULL) { 2844 if (service->srvstate == VCHIQ_SRVSTATE_HIDDEN) 2845 set_service_state(service, VCHIQ_SRVSTATE_LISTENING); 2846 vchiq_service_put(service); 2847 } 2848 2849 if (state->conn_state == VCHIQ_CONNSTATE_DISCONNECTED) { 2850 if (queue_message(state, NULL, MAKE_CONNECT, NULL, NULL, 0, 2851 QMFLAGS_IS_BLOCKING) == VCHIQ_RETRY) 2852 return VCHIQ_RETRY; 2853 2854 vchiq_set_conn_state(state, VCHIQ_CONNSTATE_CONNECTING); 2855 } 2856 2857 if (state->conn_state == VCHIQ_CONNSTATE_CONNECTING) { 2858 if (wait_for_completion_interruptible(&state->connect)) 2859 return VCHIQ_RETRY; 2860 2861 vchiq_set_conn_state(state, VCHIQ_CONNSTATE_CONNECTED); 2862 complete(&state->connect); 2863 } 2864 2865 return VCHIQ_SUCCESS; 2866 } 2867 2868 void 2869 vchiq_shutdown_internal(struct vchiq_state *state, struct vchiq_instance *instance) 2870 { 2871 struct vchiq_service *service; 2872 int i; 2873 2874 /* Find all services registered to this client and remove them. */ 2875 i = 0; 2876 while ((service = next_service_by_instance(state, instance, &i)) != NULL) { 2877 (void)vchiq_remove_service(instance, service->handle); 2878 vchiq_service_put(service); 2879 } 2880 } 2881 2882 enum vchiq_status 2883 vchiq_close_service(struct vchiq_instance *instance, unsigned int handle) 2884 { 2885 /* Unregister the service */ 2886 struct vchiq_service *service = find_service_by_handle(instance, handle); 2887 enum vchiq_status status = VCHIQ_SUCCESS; 2888 2889 if (!service) 2890 return VCHIQ_ERROR; 2891 2892 vchiq_log_info(vchiq_core_log_level, "%d: close_service:%d", 2893 service->state->id, service->localport); 2894 2895 if ((service->srvstate == VCHIQ_SRVSTATE_FREE) || 2896 (service->srvstate == VCHIQ_SRVSTATE_LISTENING) || 2897 (service->srvstate == VCHIQ_SRVSTATE_HIDDEN)) { 2898 vchiq_service_put(service); 2899 return VCHIQ_ERROR; 2900 } 2901 2902 mark_service_closing(service); 2903 2904 if (current == service->state->slot_handler_thread) { 2905 status = vchiq_close_service_internal(service, NO_CLOSE_RECVD); 2906 WARN_ON(status == VCHIQ_RETRY); 2907 } else { 2908 /* Mark the service for termination by the slot handler */ 2909 request_poll(service->state, service, VCHIQ_POLL_TERMINATE); 2910 } 2911 2912 while (1) { 2913 if (wait_for_completion_interruptible(&service->remove_event)) { 2914 status = VCHIQ_RETRY; 2915 break; 2916 } 2917 2918 if ((service->srvstate == VCHIQ_SRVSTATE_FREE) || 2919 (service->srvstate == VCHIQ_SRVSTATE_LISTENING) || 2920 (service->srvstate == VCHIQ_SRVSTATE_OPEN)) 2921 break; 2922 2923 vchiq_log_warning(vchiq_core_log_level, 2924 "%d: close_service:%d - waiting in state %s", 2925 service->state->id, service->localport, 2926 srvstate_names[service->srvstate]); 2927 } 2928 2929 if ((status == VCHIQ_SUCCESS) && 2930 (service->srvstate != VCHIQ_SRVSTATE_FREE) && 2931 (service->srvstate != VCHIQ_SRVSTATE_LISTENING)) 2932 status = VCHIQ_ERROR; 2933 2934 vchiq_service_put(service); 2935 2936 return status; 2937 } 2938 EXPORT_SYMBOL(vchiq_close_service); 2939 2940 enum vchiq_status 2941 vchiq_remove_service(struct vchiq_instance *instance, unsigned int handle) 2942 { 2943 /* Unregister the service */ 2944 struct vchiq_service *service = find_service_by_handle(instance, handle); 2945 enum vchiq_status status = VCHIQ_SUCCESS; 2946 2947 if (!service) 2948 return VCHIQ_ERROR; 2949 2950 vchiq_log_info(vchiq_core_log_level, "%d: remove_service:%d", 2951 service->state->id, service->localport); 2952 2953 if (service->srvstate == VCHIQ_SRVSTATE_FREE) { 2954 vchiq_service_put(service); 2955 return VCHIQ_ERROR; 2956 } 2957 2958 mark_service_closing(service); 2959 2960 if ((service->srvstate == VCHIQ_SRVSTATE_HIDDEN) || 2961 (current == service->state->slot_handler_thread)) { 2962 /* 2963 * Make it look like a client, because it must be removed and 2964 * not left in the LISTENING state. 2965 */ 2966 service->public_fourcc = VCHIQ_FOURCC_INVALID; 2967 2968 status = vchiq_close_service_internal(service, NO_CLOSE_RECVD); 2969 WARN_ON(status == VCHIQ_RETRY); 2970 } else { 2971 /* Mark the service for removal by the slot handler */ 2972 request_poll(service->state, service, VCHIQ_POLL_REMOVE); 2973 } 2974 while (1) { 2975 if (wait_for_completion_interruptible(&service->remove_event)) { 2976 status = VCHIQ_RETRY; 2977 break; 2978 } 2979 2980 if ((service->srvstate == VCHIQ_SRVSTATE_FREE) || 2981 (service->srvstate == VCHIQ_SRVSTATE_OPEN)) 2982 break; 2983 2984 vchiq_log_warning(vchiq_core_log_level, 2985 "%d: remove_service:%d - waiting in state %s", 2986 service->state->id, service->localport, 2987 srvstate_names[service->srvstate]); 2988 } 2989 2990 if ((status == VCHIQ_SUCCESS) && 2991 (service->srvstate != VCHIQ_SRVSTATE_FREE)) 2992 status = VCHIQ_ERROR; 2993 2994 vchiq_service_put(service); 2995 2996 return status; 2997 } 2998 2999 /* 3000 * This function may be called by kernel threads or user threads. 3001 * User threads may receive VCHIQ_RETRY to indicate that a signal has been 3002 * received and the call should be retried after being returned to user 3003 * context. 3004 * When called in blocking mode, the userdata field points to a bulk_waiter 3005 * structure. 3006 */ 3007 enum vchiq_status vchiq_bulk_transfer(struct vchiq_instance *instance, unsigned int handle, 3008 void *offset, void __user *uoffset, int size, void *userdata, 3009 enum vchiq_bulk_mode mode, enum vchiq_bulk_dir dir) 3010 { 3011 struct vchiq_service *service = find_service_by_handle(instance, handle); 3012 struct vchiq_bulk_queue *queue; 3013 struct vchiq_bulk *bulk; 3014 struct vchiq_state *state; 3015 struct bulk_waiter *bulk_waiter = NULL; 3016 const char dir_char = (dir == VCHIQ_BULK_TRANSMIT) ? 't' : 'r'; 3017 const int dir_msgtype = (dir == VCHIQ_BULK_TRANSMIT) ? 3018 VCHIQ_MSG_BULK_TX : VCHIQ_MSG_BULK_RX; 3019 enum vchiq_status status = VCHIQ_ERROR; 3020 int payload[2]; 3021 3022 if (!service) 3023 goto error_exit; 3024 3025 if (service->srvstate != VCHIQ_SRVSTATE_OPEN) 3026 goto error_exit; 3027 3028 if (!offset && !uoffset) 3029 goto error_exit; 3030 3031 if (vchiq_check_service(service) != VCHIQ_SUCCESS) 3032 goto error_exit; 3033 3034 switch (mode) { 3035 case VCHIQ_BULK_MODE_NOCALLBACK: 3036 case VCHIQ_BULK_MODE_CALLBACK: 3037 break; 3038 case VCHIQ_BULK_MODE_BLOCKING: 3039 bulk_waiter = userdata; 3040 init_completion(&bulk_waiter->event); 3041 bulk_waiter->actual = 0; 3042 bulk_waiter->bulk = NULL; 3043 break; 3044 case VCHIQ_BULK_MODE_WAITING: 3045 bulk_waiter = userdata; 3046 bulk = bulk_waiter->bulk; 3047 goto waiting; 3048 default: 3049 goto error_exit; 3050 } 3051 3052 state = service->state; 3053 3054 queue = (dir == VCHIQ_BULK_TRANSMIT) ? 3055 &service->bulk_tx : &service->bulk_rx; 3056 3057 if (mutex_lock_killable(&service->bulk_mutex)) { 3058 status = VCHIQ_RETRY; 3059 goto error_exit; 3060 } 3061 3062 if (queue->local_insert == queue->remove + VCHIQ_NUM_SERVICE_BULKS) { 3063 VCHIQ_SERVICE_STATS_INC(service, bulk_stalls); 3064 do { 3065 mutex_unlock(&service->bulk_mutex); 3066 if (wait_for_completion_interruptible(&service->bulk_remove_event)) { 3067 status = VCHIQ_RETRY; 3068 goto error_exit; 3069 } 3070 if (mutex_lock_killable(&service->bulk_mutex)) { 3071 status = VCHIQ_RETRY; 3072 goto error_exit; 3073 } 3074 } while (queue->local_insert == queue->remove + 3075 VCHIQ_NUM_SERVICE_BULKS); 3076 } 3077 3078 bulk = &queue->bulks[BULK_INDEX(queue->local_insert)]; 3079 3080 bulk->mode = mode; 3081 bulk->dir = dir; 3082 bulk->userdata = userdata; 3083 bulk->size = size; 3084 bulk->actual = VCHIQ_BULK_ACTUAL_ABORTED; 3085 3086 if (vchiq_prepare_bulk_data(instance, bulk, offset, uoffset, size, dir)) 3087 goto unlock_error_exit; 3088 3089 /* 3090 * Ensure that the bulk data record is visible to the peer 3091 * before proceeding. 3092 */ 3093 wmb(); 3094 3095 vchiq_log_info(vchiq_core_log_level, "%d: bt (%d->%d) %cx %x@%pad %pK", 3096 state->id, service->localport, service->remoteport, 3097 dir_char, size, &bulk->data, userdata); 3098 3099 /* 3100 * The slot mutex must be held when the service is being closed, so 3101 * claim it here to ensure that isn't happening 3102 */ 3103 if (mutex_lock_killable(&state->slot_mutex)) { 3104 status = VCHIQ_RETRY; 3105 goto cancel_bulk_error_exit; 3106 } 3107 3108 if (service->srvstate != VCHIQ_SRVSTATE_OPEN) 3109 goto unlock_both_error_exit; 3110 3111 payload[0] = lower_32_bits(bulk->data); 3112 payload[1] = bulk->size; 3113 status = queue_message(state, 3114 NULL, 3115 VCHIQ_MAKE_MSG(dir_msgtype, 3116 service->localport, 3117 service->remoteport), 3118 memcpy_copy_callback, 3119 &payload, 3120 sizeof(payload), 3121 QMFLAGS_IS_BLOCKING | 3122 QMFLAGS_NO_MUTEX_LOCK | 3123 QMFLAGS_NO_MUTEX_UNLOCK); 3124 if (status != VCHIQ_SUCCESS) 3125 goto unlock_both_error_exit; 3126 3127 queue->local_insert++; 3128 3129 mutex_unlock(&state->slot_mutex); 3130 mutex_unlock(&service->bulk_mutex); 3131 3132 vchiq_log_trace(vchiq_core_log_level, "%d: bt:%d %cx li=%x ri=%x p=%x", 3133 state->id, service->localport, dir_char, queue->local_insert, 3134 queue->remote_insert, queue->process); 3135 3136 waiting: 3137 vchiq_service_put(service); 3138 3139 status = VCHIQ_SUCCESS; 3140 3141 if (bulk_waiter) { 3142 bulk_waiter->bulk = bulk; 3143 if (wait_for_completion_interruptible(&bulk_waiter->event)) 3144 status = VCHIQ_RETRY; 3145 else if (bulk_waiter->actual == VCHIQ_BULK_ACTUAL_ABORTED) 3146 status = VCHIQ_ERROR; 3147 } 3148 3149 return status; 3150 3151 unlock_both_error_exit: 3152 mutex_unlock(&state->slot_mutex); 3153 cancel_bulk_error_exit: 3154 vchiq_complete_bulk(service->instance, bulk); 3155 unlock_error_exit: 3156 mutex_unlock(&service->bulk_mutex); 3157 3158 error_exit: 3159 if (service) 3160 vchiq_service_put(service); 3161 return status; 3162 } 3163 3164 enum vchiq_status 3165 vchiq_queue_message(struct vchiq_instance *instance, unsigned int handle, 3166 ssize_t (*copy_callback)(void *context, void *dest, 3167 size_t offset, size_t maxsize), 3168 void *context, 3169 size_t size) 3170 { 3171 struct vchiq_service *service = find_service_by_handle(instance, handle); 3172 enum vchiq_status status = VCHIQ_ERROR; 3173 int data_id; 3174 3175 if (!service) 3176 goto error_exit; 3177 3178 if (vchiq_check_service(service) != VCHIQ_SUCCESS) 3179 goto error_exit; 3180 3181 if (!size) { 3182 VCHIQ_SERVICE_STATS_INC(service, error_count); 3183 goto error_exit; 3184 } 3185 3186 if (size > VCHIQ_MAX_MSG_SIZE) { 3187 VCHIQ_SERVICE_STATS_INC(service, error_count); 3188 goto error_exit; 3189 } 3190 3191 data_id = MAKE_DATA(service->localport, service->remoteport); 3192 3193 switch (service->srvstate) { 3194 case VCHIQ_SRVSTATE_OPEN: 3195 status = queue_message(service->state, service, data_id, 3196 copy_callback, context, size, 1); 3197 break; 3198 case VCHIQ_SRVSTATE_OPENSYNC: 3199 status = queue_message_sync(service->state, service, data_id, 3200 copy_callback, context, size, 1); 3201 break; 3202 default: 3203 status = VCHIQ_ERROR; 3204 break; 3205 } 3206 3207 error_exit: 3208 if (service) 3209 vchiq_service_put(service); 3210 3211 return status; 3212 } 3213 3214 int vchiq_queue_kernel_message(struct vchiq_instance *instance, unsigned int handle, void *data, 3215 unsigned int size) 3216 { 3217 enum vchiq_status status; 3218 3219 while (1) { 3220 status = vchiq_queue_message(instance, handle, memcpy_copy_callback, 3221 data, size); 3222 3223 /* 3224 * vchiq_queue_message() may return VCHIQ_RETRY, so we need to 3225 * implement a retry mechanism since this function is supposed 3226 * to block until queued 3227 */ 3228 if (status != VCHIQ_RETRY) 3229 break; 3230 3231 msleep(1); 3232 } 3233 3234 return status; 3235 } 3236 EXPORT_SYMBOL(vchiq_queue_kernel_message); 3237 3238 void 3239 vchiq_release_message(struct vchiq_instance *instance, unsigned int handle, 3240 struct vchiq_header *header) 3241 { 3242 struct vchiq_service *service = find_service_by_handle(instance, handle); 3243 struct vchiq_shared_state *remote; 3244 struct vchiq_state *state; 3245 int slot_index; 3246 3247 if (!service) 3248 return; 3249 3250 state = service->state; 3251 remote = state->remote; 3252 3253 slot_index = SLOT_INDEX_FROM_DATA(state, (void *)header); 3254 3255 if ((slot_index >= remote->slot_first) && 3256 (slot_index <= remote->slot_last)) { 3257 int msgid = header->msgid; 3258 3259 if (msgid & VCHIQ_MSGID_CLAIMED) { 3260 struct vchiq_slot_info *slot_info = 3261 SLOT_INFO_FROM_INDEX(state, slot_index); 3262 3263 release_slot(state, slot_info, header, service); 3264 } 3265 } else if (slot_index == remote->slot_sync) { 3266 release_message_sync(state, header); 3267 } 3268 3269 vchiq_service_put(service); 3270 } 3271 EXPORT_SYMBOL(vchiq_release_message); 3272 3273 static void 3274 release_message_sync(struct vchiq_state *state, struct vchiq_header *header) 3275 { 3276 header->msgid = VCHIQ_MSGID_PADDING; 3277 remote_event_signal(&state->remote->sync_release); 3278 } 3279 3280 enum vchiq_status 3281 vchiq_get_peer_version(struct vchiq_instance *instance, unsigned int handle, short *peer_version) 3282 { 3283 enum vchiq_status status = VCHIQ_ERROR; 3284 struct vchiq_service *service = find_service_by_handle(instance, handle); 3285 3286 if (!service) 3287 goto exit; 3288 3289 if (vchiq_check_service(service) != VCHIQ_SUCCESS) 3290 goto exit; 3291 3292 if (!peer_version) 3293 goto exit; 3294 3295 *peer_version = service->peer_version; 3296 status = VCHIQ_SUCCESS; 3297 3298 exit: 3299 if (service) 3300 vchiq_service_put(service); 3301 return status; 3302 } 3303 EXPORT_SYMBOL(vchiq_get_peer_version); 3304 3305 void vchiq_get_config(struct vchiq_config *config) 3306 { 3307 config->max_msg_size = VCHIQ_MAX_MSG_SIZE; 3308 config->bulk_threshold = VCHIQ_MAX_MSG_SIZE; 3309 config->max_outstanding_bulks = VCHIQ_NUM_SERVICE_BULKS; 3310 config->max_services = VCHIQ_MAX_SERVICES; 3311 config->version = VCHIQ_VERSION; 3312 config->version_min = VCHIQ_VERSION_MIN; 3313 } 3314 3315 int 3316 vchiq_set_service_option(struct vchiq_instance *instance, unsigned int handle, 3317 enum vchiq_service_option option, int value) 3318 { 3319 struct vchiq_service *service = find_service_by_handle(instance, handle); 3320 struct vchiq_service_quota *quota; 3321 int ret = -EINVAL; 3322 3323 if (!service) 3324 return -EINVAL; 3325 3326 switch (option) { 3327 case VCHIQ_SERVICE_OPTION_AUTOCLOSE: 3328 service->auto_close = value; 3329 ret = 0; 3330 break; 3331 3332 case VCHIQ_SERVICE_OPTION_SLOT_QUOTA: 3333 quota = &service->state->service_quotas[service->localport]; 3334 if (value == 0) 3335 value = service->state->default_slot_quota; 3336 if ((value >= quota->slot_use_count) && 3337 (value < (unsigned short)~0)) { 3338 quota->slot_quota = value; 3339 if ((value >= quota->slot_use_count) && 3340 (quota->message_quota >= quota->message_use_count)) 3341 /* 3342 * Signal the service that it may have 3343 * dropped below its quota 3344 */ 3345 complete("a->quota_event); 3346 ret = 0; 3347 } 3348 break; 3349 3350 case VCHIQ_SERVICE_OPTION_MESSAGE_QUOTA: 3351 quota = &service->state->service_quotas[service->localport]; 3352 if (value == 0) 3353 value = service->state->default_message_quota; 3354 if ((value >= quota->message_use_count) && 3355 (value < (unsigned short)~0)) { 3356 quota->message_quota = value; 3357 if ((value >= quota->message_use_count) && 3358 (quota->slot_quota >= quota->slot_use_count)) 3359 /* 3360 * Signal the service that it may have 3361 * dropped below its quota 3362 */ 3363 complete("a->quota_event); 3364 ret = 0; 3365 } 3366 break; 3367 3368 case VCHIQ_SERVICE_OPTION_SYNCHRONOUS: 3369 if ((service->srvstate == VCHIQ_SRVSTATE_HIDDEN) || 3370 (service->srvstate == VCHIQ_SRVSTATE_LISTENING)) { 3371 service->sync = value; 3372 ret = 0; 3373 } 3374 break; 3375 3376 case VCHIQ_SERVICE_OPTION_TRACE: 3377 service->trace = value; 3378 ret = 0; 3379 break; 3380 3381 default: 3382 break; 3383 } 3384 vchiq_service_put(service); 3385 3386 return ret; 3387 } 3388 3389 static int 3390 vchiq_dump_shared_state(void *dump_context, struct vchiq_state *state, 3391 struct vchiq_shared_state *shared, const char *label) 3392 { 3393 static const char *const debug_names[] = { 3394 "<entries>", 3395 "SLOT_HANDLER_COUNT", 3396 "SLOT_HANDLER_LINE", 3397 "PARSE_LINE", 3398 "PARSE_HEADER", 3399 "PARSE_MSGID", 3400 "AWAIT_COMPLETION_LINE", 3401 "DEQUEUE_MESSAGE_LINE", 3402 "SERVICE_CALLBACK_LINE", 3403 "MSG_QUEUE_FULL_COUNT", 3404 "COMPLETION_QUEUE_FULL_COUNT" 3405 }; 3406 int i; 3407 char buf[80]; 3408 int len; 3409 int err; 3410 3411 len = scnprintf(buf, sizeof(buf), " %s: slots %d-%d tx_pos=%x recycle=%x", 3412 label, shared->slot_first, shared->slot_last, 3413 shared->tx_pos, shared->slot_queue_recycle); 3414 err = vchiq_dump(dump_context, buf, len + 1); 3415 if (err) 3416 return err; 3417 3418 len = scnprintf(buf, sizeof(buf), " Slots claimed:"); 3419 err = vchiq_dump(dump_context, buf, len + 1); 3420 if (err) 3421 return err; 3422 3423 for (i = shared->slot_first; i <= shared->slot_last; i++) { 3424 struct vchiq_slot_info slot_info = 3425 *SLOT_INFO_FROM_INDEX(state, i); 3426 if (slot_info.use_count != slot_info.release_count) { 3427 len = scnprintf(buf, sizeof(buf), " %d: %d/%d", i, slot_info.use_count, 3428 slot_info.release_count); 3429 err = vchiq_dump(dump_context, buf, len + 1); 3430 if (err) 3431 return err; 3432 } 3433 } 3434 3435 for (i = 1; i < shared->debug[DEBUG_ENTRIES]; i++) { 3436 len = scnprintf(buf, sizeof(buf), " DEBUG: %s = %d(%x)", 3437 debug_names[i], shared->debug[i], shared->debug[i]); 3438 err = vchiq_dump(dump_context, buf, len + 1); 3439 if (err) 3440 return err; 3441 } 3442 return 0; 3443 } 3444 3445 int vchiq_dump_state(void *dump_context, struct vchiq_state *state) 3446 { 3447 char buf[80]; 3448 int len; 3449 int i; 3450 int err; 3451 3452 len = scnprintf(buf, sizeof(buf), "State %d: %s", state->id, 3453 conn_state_names[state->conn_state]); 3454 err = vchiq_dump(dump_context, buf, len + 1); 3455 if (err) 3456 return err; 3457 3458 len = scnprintf(buf, sizeof(buf), " tx_pos=%x(@%pK), rx_pos=%x(@%pK)", 3459 state->local->tx_pos, 3460 state->tx_data + (state->local_tx_pos & VCHIQ_SLOT_MASK), 3461 state->rx_pos, 3462 state->rx_data + (state->rx_pos & VCHIQ_SLOT_MASK)); 3463 err = vchiq_dump(dump_context, buf, len + 1); 3464 if (err) 3465 return err; 3466 3467 len = scnprintf(buf, sizeof(buf), " Version: %d (min %d)", 3468 VCHIQ_VERSION, VCHIQ_VERSION_MIN); 3469 err = vchiq_dump(dump_context, buf, len + 1); 3470 if (err) 3471 return err; 3472 3473 if (VCHIQ_ENABLE_STATS) { 3474 len = scnprintf(buf, sizeof(buf), 3475 " Stats: ctrl_tx_count=%d, ctrl_rx_count=%d, error_count=%d", 3476 state->stats.ctrl_tx_count, state->stats.ctrl_rx_count, 3477 state->stats.error_count); 3478 err = vchiq_dump(dump_context, buf, len + 1); 3479 if (err) 3480 return err; 3481 } 3482 3483 len = scnprintf(buf, sizeof(buf), 3484 " Slots: %d available (%d data), %d recyclable, %d stalls (%d data)", 3485 ((state->slot_queue_available * VCHIQ_SLOT_SIZE) - 3486 state->local_tx_pos) / VCHIQ_SLOT_SIZE, 3487 state->data_quota - state->data_use_count, 3488 state->local->slot_queue_recycle - state->slot_queue_available, 3489 state->stats.slot_stalls, state->stats.data_stalls); 3490 err = vchiq_dump(dump_context, buf, len + 1); 3491 if (err) 3492 return err; 3493 3494 err = vchiq_dump_platform_state(dump_context); 3495 if (err) 3496 return err; 3497 3498 err = vchiq_dump_shared_state(dump_context, 3499 state, 3500 state->local, 3501 "Local"); 3502 if (err) 3503 return err; 3504 err = vchiq_dump_shared_state(dump_context, 3505 state, 3506 state->remote, 3507 "Remote"); 3508 if (err) 3509 return err; 3510 3511 err = vchiq_dump_platform_instances(dump_context); 3512 if (err) 3513 return err; 3514 3515 for (i = 0; i < state->unused_service; i++) { 3516 struct vchiq_service *service = find_service_by_port(state, i); 3517 3518 if (service) { 3519 err = vchiq_dump_service_state(dump_context, service); 3520 vchiq_service_put(service); 3521 if (err) 3522 return err; 3523 } 3524 } 3525 return 0; 3526 } 3527 3528 int vchiq_dump_service_state(void *dump_context, struct vchiq_service *service) 3529 { 3530 char buf[80]; 3531 int len; 3532 int err; 3533 unsigned int ref_count; 3534 3535 /*Don't include the lock just taken*/ 3536 ref_count = kref_read(&service->ref_count) - 1; 3537 len = scnprintf(buf, sizeof(buf), "Service %u: %s (ref %u)", 3538 service->localport, srvstate_names[service->srvstate], 3539 ref_count); 3540 3541 if (service->srvstate != VCHIQ_SRVSTATE_FREE) { 3542 char remoteport[30]; 3543 struct vchiq_service_quota *quota = 3544 &service->state->service_quotas[service->localport]; 3545 int fourcc = service->base.fourcc; 3546 int tx_pending, rx_pending; 3547 3548 if (service->remoteport != VCHIQ_PORT_FREE) { 3549 int len2 = scnprintf(remoteport, sizeof(remoteport), 3550 "%u", service->remoteport); 3551 3552 if (service->public_fourcc != VCHIQ_FOURCC_INVALID) 3553 scnprintf(remoteport + len2, sizeof(remoteport) - len2, 3554 " (client %x)", service->client_id); 3555 } else { 3556 strscpy(remoteport, "n/a", sizeof(remoteport)); 3557 } 3558 3559 len += scnprintf(buf + len, sizeof(buf) - len, 3560 " '%c%c%c%c' remote %s (msg use %d/%d, slot use %d/%d)", 3561 VCHIQ_FOURCC_AS_4CHARS(fourcc), remoteport, 3562 quota->message_use_count, quota->message_quota, 3563 quota->slot_use_count, quota->slot_quota); 3564 3565 err = vchiq_dump(dump_context, buf, len + 1); 3566 if (err) 3567 return err; 3568 3569 tx_pending = service->bulk_tx.local_insert - 3570 service->bulk_tx.remote_insert; 3571 3572 rx_pending = service->bulk_rx.local_insert - 3573 service->bulk_rx.remote_insert; 3574 3575 len = scnprintf(buf, sizeof(buf), 3576 " Bulk: tx_pending=%d (size %d), rx_pending=%d (size %d)", 3577 tx_pending, 3578 tx_pending ? 3579 service->bulk_tx.bulks[BULK_INDEX(service->bulk_tx.remove)].size : 3580 0, rx_pending, rx_pending ? 3581 service->bulk_rx.bulks[BULK_INDEX(service->bulk_rx.remove)].size : 3582 0); 3583 3584 if (VCHIQ_ENABLE_STATS) { 3585 err = vchiq_dump(dump_context, buf, len + 1); 3586 if (err) 3587 return err; 3588 3589 len = scnprintf(buf, sizeof(buf), 3590 " Ctrl: tx_count=%d, tx_bytes=%llu, rx_count=%d, rx_bytes=%llu", 3591 service->stats.ctrl_tx_count, service->stats.ctrl_tx_bytes, 3592 service->stats.ctrl_rx_count, service->stats.ctrl_rx_bytes); 3593 err = vchiq_dump(dump_context, buf, len + 1); 3594 if (err) 3595 return err; 3596 3597 len = scnprintf(buf, sizeof(buf), 3598 " Bulk: tx_count=%d, tx_bytes=%llu, rx_count=%d, rx_bytes=%llu", 3599 service->stats.bulk_tx_count, service->stats.bulk_tx_bytes, 3600 service->stats.bulk_rx_count, service->stats.bulk_rx_bytes); 3601 err = vchiq_dump(dump_context, buf, len + 1); 3602 if (err) 3603 return err; 3604 3605 len = scnprintf(buf, sizeof(buf), 3606 " %d quota stalls, %d slot stalls, %d bulk stalls, %d aborted, %d errors", 3607 service->stats.quota_stalls, service->stats.slot_stalls, 3608 service->stats.bulk_stalls, 3609 service->stats.bulk_aborted_count, 3610 service->stats.error_count); 3611 } 3612 } 3613 3614 err = vchiq_dump(dump_context, buf, len + 1); 3615 if (err) 3616 return err; 3617 3618 if (service->srvstate != VCHIQ_SRVSTATE_FREE) 3619 err = vchiq_dump_platform_service_state(dump_context, service); 3620 return err; 3621 } 3622 3623 void 3624 vchiq_loud_error_header(void) 3625 { 3626 vchiq_log_error(vchiq_core_log_level, 3627 "============================================================================"); 3628 vchiq_log_error(vchiq_core_log_level, 3629 "============================================================================"); 3630 vchiq_log_error(vchiq_core_log_level, "====="); 3631 } 3632 3633 void 3634 vchiq_loud_error_footer(void) 3635 { 3636 vchiq_log_error(vchiq_core_log_level, "====="); 3637 vchiq_log_error(vchiq_core_log_level, 3638 "============================================================================"); 3639 vchiq_log_error(vchiq_core_log_level, 3640 "============================================================================"); 3641 } 3642 3643 enum vchiq_status vchiq_send_remote_use(struct vchiq_state *state) 3644 { 3645 if (state->conn_state == VCHIQ_CONNSTATE_DISCONNECTED) 3646 return VCHIQ_RETRY; 3647 3648 return queue_message(state, NULL, MAKE_REMOTE_USE, NULL, NULL, 0, 0); 3649 } 3650 3651 enum vchiq_status vchiq_send_remote_use_active(struct vchiq_state *state) 3652 { 3653 if (state->conn_state == VCHIQ_CONNSTATE_DISCONNECTED) 3654 return VCHIQ_RETRY; 3655 3656 return queue_message(state, NULL, MAKE_REMOTE_USE_ACTIVE, 3657 NULL, NULL, 0, 0); 3658 } 3659 3660 void vchiq_log_dump_mem(const char *label, u32 addr, const void *void_mem, size_t num_bytes) 3661 { 3662 const u8 *mem = void_mem; 3663 size_t offset; 3664 char line_buf[100]; 3665 char *s; 3666 3667 while (num_bytes > 0) { 3668 s = line_buf; 3669 3670 for (offset = 0; offset < 16; offset++) { 3671 if (offset < num_bytes) 3672 s += scnprintf(s, 4, "%02x ", mem[offset]); 3673 else 3674 s += scnprintf(s, 4, " "); 3675 } 3676 3677 for (offset = 0; offset < 16; offset++) { 3678 if (offset < num_bytes) { 3679 u8 ch = mem[offset]; 3680 3681 if ((ch < ' ') || (ch > '~')) 3682 ch = '.'; 3683 *s++ = (char)ch; 3684 } 3685 } 3686 *s++ = '\0'; 3687 3688 if (label && (*label != '\0')) 3689 vchiq_log_trace(VCHIQ_LOG_TRACE, "%s: %08x: %s", label, addr, line_buf); 3690 else 3691 vchiq_log_trace(VCHIQ_LOG_TRACE, "%08x: %s", addr, line_buf); 3692 3693 addr += 16; 3694 mem += 16; 3695 if (num_bytes > 16) 3696 num_bytes -= 16; 3697 else 3698 num_bytes = 0; 3699 } 3700 } 3701