1/* 2 * Remote Processor Framework 3 * 4 * Copyright (C) 2011 Texas Instruments, Inc. 5 * Copyright (C) 2011 Google, Inc. 6 * 7 * Ohad Ben-Cohen <ohad@wizery.com> 8 * Brian Swetland <swetland@google.com> 9 * Mark Grosen <mgrosen@ti.com> 10 * Fernando Guzman Lugo <fernando.lugo@ti.com> 11 * Suman Anna <s-anna@ti.com> 12 * Robert Tivy <rtivy@ti.com> 13 * Armando Uribe De Leon <x0095078@ti.com> 14 * 15 * This program is free software; you can redistribute it and/or 16 * modify it under the terms of the GNU General Public License 17 * version 2 as published by the Free Software Foundation. 18 * 19 * This program is distributed in the hope that it will be useful, 20 * but WITHOUT ANY WARRANTY; without even the implied warranty of 21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 22 * GNU General Public License for more details. 23 */ 24 25#define pr_fmt(fmt) "%s: " fmt, __func__ 26 27#include <linux/kernel.h> 28#include <linux/module.h> 29#include <linux/device.h> 30#include <linux/slab.h> 31#include <linux/mutex.h> 32#include <linux/dma-mapping.h> 33#include <linux/firmware.h> 34#include <linux/string.h> 35#include <linux/debugfs.h> 36#include <linux/remoteproc.h> 37#include <linux/iommu.h> 38#include <linux/idr.h> 39#include <linux/elf.h> 40#include <linux/crc32.h> 41#include <linux/virtio_ids.h> 42#include <linux/virtio_ring.h> 43#include <asm/byteorder.h> 44 45#include "remoteproc_internal.h" 46 47typedef int (*rproc_handle_resources_t)(struct rproc *rproc, 48 struct resource_table *table, int len); 49typedef int (*rproc_handle_resource_t)(struct rproc *rproc, 50 void *, int offset, int avail); 51 52/* Unique indices for remoteproc devices */ 53static DEFINE_IDA(rproc_dev_index); 54 55static const char * const rproc_crash_names[] = { 56 [RPROC_MMUFAULT] = "mmufault", 57}; 58 59/* translate rproc_crash_type to string */ 60static const char *rproc_crash_to_string(enum rproc_crash_type type) 61{ 62 if (type < ARRAY_SIZE(rproc_crash_names)) 63 return rproc_crash_names[type]; 64 return "unknown"; 65} 66 67/* 68 * This is the IOMMU fault handler we register with the IOMMU API 69 * (when relevant; not all remote processors access memory through 70 * an IOMMU). 71 * 72 * IOMMU core will invoke this handler whenever the remote processor 73 * will try to access an unmapped device address. 74 */ 75static int rproc_iommu_fault(struct iommu_domain *domain, struct device *dev, 76 unsigned long iova, int flags, void *token) 77{ 78 struct rproc *rproc = token; 79 80 dev_err(dev, "iommu fault: da 0x%lx flags 0x%x\n", iova, flags); 81 82 rproc_report_crash(rproc, RPROC_MMUFAULT); 83 84 /* 85 * Let the iommu core know we're not really handling this fault; 86 * we just used it as a recovery trigger. 87 */ 88 return -ENOSYS; 89} 90 91static int rproc_enable_iommu(struct rproc *rproc) 92{ 93 struct iommu_domain *domain; 94 struct device *dev = rproc->dev.parent; 95 int ret; 96 97 if (!rproc->has_iommu) { 98 dev_dbg(dev, "iommu not present\n"); 99 return 0; 100 } 101 102 domain = iommu_domain_alloc(dev->bus); 103 if (!domain) { 104 dev_err(dev, "can't alloc iommu domain\n"); 105 return -ENOMEM; 106 } 107 108 iommu_set_fault_handler(domain, rproc_iommu_fault, rproc); 109 110 ret = iommu_attach_device(domain, dev); 111 if (ret) { 112 dev_err(dev, "can't attach iommu device: %d\n", ret); 113 goto free_domain; 114 } 115 116 rproc->domain = domain; 117 118 return 0; 119 120free_domain: 121 iommu_domain_free(domain); 122 return ret; 123} 124 125static void rproc_disable_iommu(struct rproc *rproc) 126{ 127 struct iommu_domain *domain = rproc->domain; 128 struct device *dev = rproc->dev.parent; 129 130 if (!domain) 131 return; 132 133 iommu_detach_device(domain, dev); 134 iommu_domain_free(domain); 135 136 return; 137} 138 139/* 140 * Some remote processors will ask us to allocate them physically contiguous 141 * memory regions (which we call "carveouts"), and map them to specific 142 * device addresses (which are hardcoded in the firmware). 143 * 144 * They may then ask us to copy objects into specific device addresses (e.g. 145 * code/data sections) or expose us certain symbols in other device address 146 * (e.g. their trace buffer). 147 * 148 * This function is an internal helper with which we can go over the allocated 149 * carveouts and translate specific device address to kernel virtual addresses 150 * so we can access the referenced memory. 151 * 152 * Note: phys_to_virt(iommu_iova_to_phys(rproc->domain, da)) will work too, 153 * but only on kernel direct mapped RAM memory. Instead, we're just using 154 * here the output of the DMA API, which should be more correct. 155 */ 156void *rproc_da_to_va(struct rproc *rproc, u64 da, int len) 157{ 158 struct rproc_mem_entry *carveout; 159 void *ptr = NULL; 160 161 list_for_each_entry(carveout, &rproc->carveouts, node) { 162 int offset = da - carveout->da; 163 164 /* try next carveout if da is too small */ 165 if (offset < 0) 166 continue; 167 168 /* try next carveout if da is too large */ 169 if (offset + len > carveout->len) 170 continue; 171 172 ptr = carveout->va + offset; 173 174 break; 175 } 176 177 return ptr; 178} 179EXPORT_SYMBOL(rproc_da_to_va); 180 181int rproc_alloc_vring(struct rproc_vdev *rvdev, int i) 182{ 183 struct rproc *rproc = rvdev->rproc; 184 struct device *dev = &rproc->dev; 185 struct rproc_vring *rvring = &rvdev->vring[i]; 186 struct fw_rsc_vdev *rsc; 187 dma_addr_t dma; 188 void *va; 189 int ret, size, notifyid; 190 191 /* actual size of vring (in bytes) */ 192 size = PAGE_ALIGN(vring_size(rvring->len, rvring->align)); 193 194 /* 195 * Allocate non-cacheable memory for the vring. In the future 196 * this call will also configure the IOMMU for us 197 */ 198 va = dma_alloc_coherent(dev->parent, size, &dma, GFP_KERNEL); 199 if (!va) { 200 dev_err(dev->parent, "dma_alloc_coherent failed\n"); 201 return -EINVAL; 202 } 203 204 /* 205 * Assign an rproc-wide unique index for this vring 206 * TODO: assign a notifyid for rvdev updates as well 207 * TODO: support predefined notifyids (via resource table) 208 */ 209 ret = idr_alloc(&rproc->notifyids, rvring, 0, 0, GFP_KERNEL); 210 if (ret < 0) { 211 dev_err(dev, "idr_alloc failed: %d\n", ret); 212 dma_free_coherent(dev->parent, size, va, dma); 213 return ret; 214 } 215 notifyid = ret; 216 217 dev_dbg(dev, "vring%d: va %p dma %llx size %x idr %d\n", i, va, 218 (unsigned long long)dma, size, notifyid); 219 220 rvring->va = va; 221 rvring->dma = dma; 222 rvring->notifyid = notifyid; 223 224 /* 225 * Let the rproc know the notifyid and da of this vring. 226 * Not all platforms use dma_alloc_coherent to automatically 227 * set up the iommu. In this case the device address (da) will 228 * hold the physical address and not the device address. 229 */ 230 rsc = (void *)rproc->table_ptr + rvdev->rsc_offset; 231 rsc->vring[i].da = dma; 232 rsc->vring[i].notifyid = notifyid; 233 return 0; 234} 235 236static int 237rproc_parse_vring(struct rproc_vdev *rvdev, struct fw_rsc_vdev *rsc, int i) 238{ 239 struct rproc *rproc = rvdev->rproc; 240 struct device *dev = &rproc->dev; 241 struct fw_rsc_vdev_vring *vring = &rsc->vring[i]; 242 struct rproc_vring *rvring = &rvdev->vring[i]; 243 244 dev_dbg(dev, "vdev rsc: vring%d: da %x, qsz %d, align %d\n", 245 i, vring->da, vring->num, vring->align); 246 247 /* make sure reserved bytes are zeroes */ 248 if (vring->reserved) { 249 dev_err(dev, "vring rsc has non zero reserved bytes\n"); 250 return -EINVAL; 251 } 252 253 /* verify queue size and vring alignment are sane */ 254 if (!vring->num || !vring->align) { 255 dev_err(dev, "invalid qsz (%d) or alignment (%d)\n", 256 vring->num, vring->align); 257 return -EINVAL; 258 } 259 260 rvring->len = vring->num; 261 rvring->align = vring->align; 262 rvring->rvdev = rvdev; 263 264 return 0; 265} 266 267void rproc_free_vring(struct rproc_vring *rvring) 268{ 269 int size = PAGE_ALIGN(vring_size(rvring->len, rvring->align)); 270 struct rproc *rproc = rvring->rvdev->rproc; 271 int idx = rvring->rvdev->vring - rvring; 272 struct fw_rsc_vdev *rsc; 273 274 dma_free_coherent(rproc->dev.parent, size, rvring->va, rvring->dma); 275 idr_remove(&rproc->notifyids, rvring->notifyid); 276 277 /* reset resource entry info */ 278 rsc = (void *)rproc->table_ptr + rvring->rvdev->rsc_offset; 279 rsc->vring[idx].da = 0; 280 rsc->vring[idx].notifyid = -1; 281} 282 283/** 284 * rproc_handle_vdev() - handle a vdev fw resource 285 * @rproc: the remote processor 286 * @rsc: the vring resource descriptor 287 * @avail: size of available data (for sanity checking the image) 288 * 289 * This resource entry requests the host to statically register a virtio 290 * device (vdev), and setup everything needed to support it. It contains 291 * everything needed to make it possible: the virtio device id, virtio 292 * device features, vrings information, virtio config space, etc... 293 * 294 * Before registering the vdev, the vrings are allocated from non-cacheable 295 * physically contiguous memory. Currently we only support two vrings per 296 * remote processor (temporary limitation). We might also want to consider 297 * doing the vring allocation only later when ->find_vqs() is invoked, and 298 * then release them upon ->del_vqs(). 299 * 300 * Note: @da is currently not really handled correctly: we dynamically 301 * allocate it using the DMA API, ignoring requested hard coded addresses, 302 * and we don't take care of any required IOMMU programming. This is all 303 * going to be taken care of when the generic iommu-based DMA API will be 304 * merged. Meanwhile, statically-addressed iommu-based firmware images should 305 * use RSC_DEVMEM resource entries to map their required @da to the physical 306 * address of their base CMA region (ouch, hacky!). 307 * 308 * Returns 0 on success, or an appropriate error code otherwise 309 */ 310static int rproc_handle_vdev(struct rproc *rproc, struct fw_rsc_vdev *rsc, 311 int offset, int avail) 312{ 313 struct device *dev = &rproc->dev; 314 struct rproc_vdev *rvdev; 315 int i, ret; 316 317 /* make sure resource isn't truncated */ 318 if (sizeof(*rsc) + rsc->num_of_vrings * sizeof(struct fw_rsc_vdev_vring) 319 + rsc->config_len > avail) { 320 dev_err(dev, "vdev rsc is truncated\n"); 321 return -EINVAL; 322 } 323 324 /* make sure reserved bytes are zeroes */ 325 if (rsc->reserved[0] || rsc->reserved[1]) { 326 dev_err(dev, "vdev rsc has non zero reserved bytes\n"); 327 return -EINVAL; 328 } 329 330 dev_dbg(dev, "vdev rsc: id %d, dfeatures %x, cfg len %d, %d vrings\n", 331 rsc->id, rsc->dfeatures, rsc->config_len, rsc->num_of_vrings); 332 333 /* we currently support only two vrings per rvdev */ 334 if (rsc->num_of_vrings > ARRAY_SIZE(rvdev->vring)) { 335 dev_err(dev, "too many vrings: %d\n", rsc->num_of_vrings); 336 return -EINVAL; 337 } 338 339 rvdev = kzalloc(sizeof(struct rproc_vdev), GFP_KERNEL); 340 if (!rvdev) 341 return -ENOMEM; 342 343 rvdev->rproc = rproc; 344 345 /* parse the vrings */ 346 for (i = 0; i < rsc->num_of_vrings; i++) { 347 ret = rproc_parse_vring(rvdev, rsc, i); 348 if (ret) 349 goto free_rvdev; 350 } 351 352 /* remember the resource offset*/ 353 rvdev->rsc_offset = offset; 354 355 list_add_tail(&rvdev->node, &rproc->rvdevs); 356 357 /* it is now safe to add the virtio device */ 358 ret = rproc_add_virtio_dev(rvdev, rsc->id); 359 if (ret) 360 goto remove_rvdev; 361 362 return 0; 363 364remove_rvdev: 365 list_del(&rvdev->node); 366free_rvdev: 367 kfree(rvdev); 368 return ret; 369} 370 371/** 372 * rproc_handle_trace() - handle a shared trace buffer resource 373 * @rproc: the remote processor 374 * @rsc: the trace resource descriptor 375 * @avail: size of available data (for sanity checking the image) 376 * 377 * In case the remote processor dumps trace logs into memory, 378 * export it via debugfs. 379 * 380 * Currently, the 'da' member of @rsc should contain the device address 381 * where the remote processor is dumping the traces. Later we could also 382 * support dynamically allocating this address using the generic 383 * DMA API (but currently there isn't a use case for that). 384 * 385 * Returns 0 on success, or an appropriate error code otherwise 386 */ 387static int rproc_handle_trace(struct rproc *rproc, struct fw_rsc_trace *rsc, 388 int offset, int avail) 389{ 390 struct rproc_mem_entry *trace; 391 struct device *dev = &rproc->dev; 392 void *ptr; 393 char name[15]; 394 395 if (sizeof(*rsc) > avail) { 396 dev_err(dev, "trace rsc is truncated\n"); 397 return -EINVAL; 398 } 399 400 /* make sure reserved bytes are zeroes */ 401 if (rsc->reserved) { 402 dev_err(dev, "trace rsc has non zero reserved bytes\n"); 403 return -EINVAL; 404 } 405 406 /* what's the kernel address of this resource ? */ 407 ptr = rproc_da_to_va(rproc, rsc->da, rsc->len); 408 if (!ptr) { 409 dev_err(dev, "erroneous trace resource entry\n"); 410 return -EINVAL; 411 } 412 413 trace = kzalloc(sizeof(*trace), GFP_KERNEL); 414 if (!trace) { 415 dev_err(dev, "kzalloc trace failed\n"); 416 return -ENOMEM; 417 } 418 419 /* set the trace buffer dma properties */ 420 trace->len = rsc->len; 421 trace->va = ptr; 422 423 /* make sure snprintf always null terminates, even if truncating */ 424 snprintf(name, sizeof(name), "trace%d", rproc->num_traces); 425 426 /* create the debugfs entry */ 427 trace->priv = rproc_create_trace_file(name, rproc, trace); 428 if (!trace->priv) { 429 trace->va = NULL; 430 kfree(trace); 431 return -EINVAL; 432 } 433 434 list_add_tail(&trace->node, &rproc->traces); 435 436 rproc->num_traces++; 437 438 dev_dbg(dev, "%s added: va %p, da 0x%x, len 0x%x\n", name, ptr, 439 rsc->da, rsc->len); 440 441 return 0; 442} 443 444/** 445 * rproc_handle_devmem() - handle devmem resource entry 446 * @rproc: remote processor handle 447 * @rsc: the devmem resource entry 448 * @avail: size of available data (for sanity checking the image) 449 * 450 * Remote processors commonly need to access certain on-chip peripherals. 451 * 452 * Some of these remote processors access memory via an iommu device, 453 * and might require us to configure their iommu before they can access 454 * the on-chip peripherals they need. 455 * 456 * This resource entry is a request to map such a peripheral device. 457 * 458 * These devmem entries will contain the physical address of the device in 459 * the 'pa' member. If a specific device address is expected, then 'da' will 460 * contain it (currently this is the only use case supported). 'len' will 461 * contain the size of the physical region we need to map. 462 * 463 * Currently we just "trust" those devmem entries to contain valid physical 464 * addresses, but this is going to change: we want the implementations to 465 * tell us ranges of physical addresses the firmware is allowed to request, 466 * and not allow firmwares to request access to physical addresses that 467 * are outside those ranges. 468 */ 469static int rproc_handle_devmem(struct rproc *rproc, struct fw_rsc_devmem *rsc, 470 int offset, int avail) 471{ 472 struct rproc_mem_entry *mapping; 473 struct device *dev = &rproc->dev; 474 int ret; 475 476 /* no point in handling this resource without a valid iommu domain */ 477 if (!rproc->domain) 478 return -EINVAL; 479 480 if (sizeof(*rsc) > avail) { 481 dev_err(dev, "devmem rsc is truncated\n"); 482 return -EINVAL; 483 } 484 485 /* make sure reserved bytes are zeroes */ 486 if (rsc->reserved) { 487 dev_err(dev, "devmem rsc has non zero reserved bytes\n"); 488 return -EINVAL; 489 } 490 491 mapping = kzalloc(sizeof(*mapping), GFP_KERNEL); 492 if (!mapping) { 493 dev_err(dev, "kzalloc mapping failed\n"); 494 return -ENOMEM; 495 } 496 497 ret = iommu_map(rproc->domain, rsc->da, rsc->pa, rsc->len, rsc->flags); 498 if (ret) { 499 dev_err(dev, "failed to map devmem: %d\n", ret); 500 goto out; 501 } 502 503 /* 504 * We'll need this info later when we'll want to unmap everything 505 * (e.g. on shutdown). 506 * 507 * We can't trust the remote processor not to change the resource 508 * table, so we must maintain this info independently. 509 */ 510 mapping->da = rsc->da; 511 mapping->len = rsc->len; 512 list_add_tail(&mapping->node, &rproc->mappings); 513 514 dev_dbg(dev, "mapped devmem pa 0x%x, da 0x%x, len 0x%x\n", 515 rsc->pa, rsc->da, rsc->len); 516 517 return 0; 518 519out: 520 kfree(mapping); 521 return ret; 522} 523 524/** 525 * rproc_handle_carveout() - handle phys contig memory allocation requests 526 * @rproc: rproc handle 527 * @rsc: the resource entry 528 * @avail: size of available data (for image validation) 529 * 530 * This function will handle firmware requests for allocation of physically 531 * contiguous memory regions. 532 * 533 * These request entries should come first in the firmware's resource table, 534 * as other firmware entries might request placing other data objects inside 535 * these memory regions (e.g. data/code segments, trace resource entries, ...). 536 * 537 * Allocating memory this way helps utilizing the reserved physical memory 538 * (e.g. CMA) more efficiently, and also minimizes the number of TLB entries 539 * needed to map it (in case @rproc is using an IOMMU). Reducing the TLB 540 * pressure is important; it may have a substantial impact on performance. 541 */ 542static int rproc_handle_carveout(struct rproc *rproc, 543 struct fw_rsc_carveout *rsc, 544 int offset, int avail) 545 546{ 547 struct rproc_mem_entry *carveout, *mapping; 548 struct device *dev = &rproc->dev; 549 dma_addr_t dma; 550 void *va; 551 int ret; 552 553 if (sizeof(*rsc) > avail) { 554 dev_err(dev, "carveout rsc is truncated\n"); 555 return -EINVAL; 556 } 557 558 /* make sure reserved bytes are zeroes */ 559 if (rsc->reserved) { 560 dev_err(dev, "carveout rsc has non zero reserved bytes\n"); 561 return -EINVAL; 562 } 563 564 dev_dbg(dev, "carveout rsc: da %x, pa %x, len %x, flags %x\n", 565 rsc->da, rsc->pa, rsc->len, rsc->flags); 566 567 carveout = kzalloc(sizeof(*carveout), GFP_KERNEL); 568 if (!carveout) { 569 dev_err(dev, "kzalloc carveout failed\n"); 570 return -ENOMEM; 571 } 572 573 va = dma_alloc_coherent(dev->parent, rsc->len, &dma, GFP_KERNEL); 574 if (!va) { 575 dev_err(dev->parent, "dma_alloc_coherent err: %d\n", rsc->len); 576 ret = -ENOMEM; 577 goto free_carv; 578 } 579 580 dev_dbg(dev, "carveout va %p, dma %llx, len 0x%x\n", va, 581 (unsigned long long)dma, rsc->len); 582 583 /* 584 * Ok, this is non-standard. 585 * 586 * Sometimes we can't rely on the generic iommu-based DMA API 587 * to dynamically allocate the device address and then set the IOMMU 588 * tables accordingly, because some remote processors might 589 * _require_ us to use hard coded device addresses that their 590 * firmware was compiled with. 591 * 592 * In this case, we must use the IOMMU API directly and map 593 * the memory to the device address as expected by the remote 594 * processor. 595 * 596 * Obviously such remote processor devices should not be configured 597 * to use the iommu-based DMA API: we expect 'dma' to contain the 598 * physical address in this case. 599 */ 600 if (rproc->domain) { 601 mapping = kzalloc(sizeof(*mapping), GFP_KERNEL); 602 if (!mapping) { 603 dev_err(dev, "kzalloc mapping failed\n"); 604 ret = -ENOMEM; 605 goto dma_free; 606 } 607 608 ret = iommu_map(rproc->domain, rsc->da, dma, rsc->len, 609 rsc->flags); 610 if (ret) { 611 dev_err(dev, "iommu_map failed: %d\n", ret); 612 goto free_mapping; 613 } 614 615 /* 616 * We'll need this info later when we'll want to unmap 617 * everything (e.g. on shutdown). 618 * 619 * We can't trust the remote processor not to change the 620 * resource table, so we must maintain this info independently. 621 */ 622 mapping->da = rsc->da; 623 mapping->len = rsc->len; 624 list_add_tail(&mapping->node, &rproc->mappings); 625 626 dev_dbg(dev, "carveout mapped 0x%x to 0x%llx\n", 627 rsc->da, (unsigned long long)dma); 628 } 629 630 /* 631 * Some remote processors might need to know the pa 632 * even though they are behind an IOMMU. E.g., OMAP4's 633 * remote M3 processor needs this so it can control 634 * on-chip hardware accelerators that are not behind 635 * the IOMMU, and therefor must know the pa. 636 * 637 * Generally we don't want to expose physical addresses 638 * if we don't have to (remote processors are generally 639 * _not_ trusted), so we might want to do this only for 640 * remote processor that _must_ have this (e.g. OMAP4's 641 * dual M3 subsystem). 642 * 643 * Non-IOMMU processors might also want to have this info. 644 * In this case, the device address and the physical address 645 * are the same. 646 */ 647 rsc->pa = dma; 648 649 carveout->va = va; 650 carveout->len = rsc->len; 651 carveout->dma = dma; 652 carveout->da = rsc->da; 653 654 list_add_tail(&carveout->node, &rproc->carveouts); 655 656 return 0; 657 658free_mapping: 659 kfree(mapping); 660dma_free: 661 dma_free_coherent(dev->parent, rsc->len, va, dma); 662free_carv: 663 kfree(carveout); 664 return ret; 665} 666 667static int rproc_count_vrings(struct rproc *rproc, struct fw_rsc_vdev *rsc, 668 int offset, int avail) 669{ 670 /* Summarize the number of notification IDs */ 671 rproc->max_notifyid += rsc->num_of_vrings; 672 673 return 0; 674} 675 676/* 677 * A lookup table for resource handlers. The indices are defined in 678 * enum fw_resource_type. 679 */ 680static rproc_handle_resource_t rproc_loading_handlers[RSC_LAST] = { 681 [RSC_CARVEOUT] = (rproc_handle_resource_t)rproc_handle_carveout, 682 [RSC_DEVMEM] = (rproc_handle_resource_t)rproc_handle_devmem, 683 [RSC_TRACE] = (rproc_handle_resource_t)rproc_handle_trace, 684 [RSC_VDEV] = NULL, /* VDEVs were handled upon registrarion */ 685}; 686 687static rproc_handle_resource_t rproc_vdev_handler[RSC_LAST] = { 688 [RSC_VDEV] = (rproc_handle_resource_t)rproc_handle_vdev, 689}; 690 691static rproc_handle_resource_t rproc_count_vrings_handler[RSC_LAST] = { 692 [RSC_VDEV] = (rproc_handle_resource_t)rproc_count_vrings, 693}; 694 695/* handle firmware resource entries before booting the remote processor */ 696static int rproc_handle_resources(struct rproc *rproc, int len, 697 rproc_handle_resource_t handlers[RSC_LAST]) 698{ 699 struct device *dev = &rproc->dev; 700 rproc_handle_resource_t handler; 701 int ret = 0, i; 702 703 for (i = 0; i < rproc->table_ptr->num; i++) { 704 int offset = rproc->table_ptr->offset[i]; 705 struct fw_rsc_hdr *hdr = (void *)rproc->table_ptr + offset; 706 int avail = len - offset - sizeof(*hdr); 707 void *rsc = (void *)hdr + sizeof(*hdr); 708 709 /* make sure table isn't truncated */ 710 if (avail < 0) { 711 dev_err(dev, "rsc table is truncated\n"); 712 return -EINVAL; 713 } 714 715 dev_dbg(dev, "rsc: type %d\n", hdr->type); 716 717 if (hdr->type >= RSC_LAST) { 718 dev_warn(dev, "unsupported resource %d\n", hdr->type); 719 continue; 720 } 721 722 handler = handlers[hdr->type]; 723 if (!handler) 724 continue; 725 726 ret = handler(rproc, rsc, offset + sizeof(*hdr), avail); 727 if (ret) 728 break; 729 } 730 731 return ret; 732} 733 734/** 735 * rproc_resource_cleanup() - clean up and free all acquired resources 736 * @rproc: rproc handle 737 * 738 * This function will free all resources acquired for @rproc, and it 739 * is called whenever @rproc either shuts down or fails to boot. 740 */ 741static void rproc_resource_cleanup(struct rproc *rproc) 742{ 743 struct rproc_mem_entry *entry, *tmp; 744 struct device *dev = &rproc->dev; 745 746 /* clean up debugfs trace entries */ 747 list_for_each_entry_safe(entry, tmp, &rproc->traces, node) { 748 rproc_remove_trace_file(entry->priv); 749 rproc->num_traces--; 750 list_del(&entry->node); 751 kfree(entry); 752 } 753 754 /* clean up iommu mapping entries */ 755 list_for_each_entry_safe(entry, tmp, &rproc->mappings, node) { 756 size_t unmapped; 757 758 unmapped = iommu_unmap(rproc->domain, entry->da, entry->len); 759 if (unmapped != entry->len) { 760 /* nothing much to do besides complaining */ 761 dev_err(dev, "failed to unmap %u/%zu\n", entry->len, 762 unmapped); 763 } 764 765 list_del(&entry->node); 766 kfree(entry); 767 } 768 769 /* clean up carveout allocations */ 770 list_for_each_entry_safe(entry, tmp, &rproc->carveouts, node) { 771 dma_free_coherent(dev->parent, entry->len, entry->va, entry->dma); 772 list_del(&entry->node); 773 kfree(entry); 774 } 775} 776 777/* 778 * take a firmware and boot a remote processor with it. 779 */ 780static int rproc_fw_boot(struct rproc *rproc, const struct firmware *fw) 781{ 782 struct device *dev = &rproc->dev; 783 const char *name = rproc->firmware; 784 struct resource_table *table, *loaded_table; 785 int ret, tablesz; 786 787 if (!rproc->table_ptr) 788 return -ENOMEM; 789 790 ret = rproc_fw_sanity_check(rproc, fw); 791 if (ret) 792 return ret; 793 794 dev_info(dev, "Booting fw image %s, size %zd\n", name, fw->size); 795 796 /* 797 * if enabling an IOMMU isn't relevant for this rproc, this is 798 * just a nop 799 */ 800 ret = rproc_enable_iommu(rproc); 801 if (ret) { 802 dev_err(dev, "can't enable iommu: %d\n", ret); 803 return ret; 804 } 805 806 rproc->bootaddr = rproc_get_boot_addr(rproc, fw); 807 ret = -EINVAL; 808 809 /* look for the resource table */ 810 table = rproc_find_rsc_table(rproc, fw, &tablesz); 811 if (!table) { 812 goto clean_up; 813 } 814 815 /* Verify that resource table in loaded fw is unchanged */ 816 if (rproc->table_csum != crc32(0, table, tablesz)) { 817 dev_err(dev, "resource checksum failed, fw changed?\n"); 818 goto clean_up; 819 } 820 821 /* handle fw resources which are required to boot rproc */ 822 ret = rproc_handle_resources(rproc, tablesz, rproc_loading_handlers); 823 if (ret) { 824 dev_err(dev, "Failed to process resources: %d\n", ret); 825 goto clean_up; 826 } 827 828 /* load the ELF segments to memory */ 829 ret = rproc_load_segments(rproc, fw); 830 if (ret) { 831 dev_err(dev, "Failed to load program segments: %d\n", ret); 832 goto clean_up; 833 } 834 835 /* 836 * The starting device has been given the rproc->cached_table as the 837 * resource table. The address of the vring along with the other 838 * allocated resources (carveouts etc) is stored in cached_table. 839 * In order to pass this information to the remote device we must 840 * copy this information to device memory. 841 */ 842 loaded_table = rproc_find_loaded_rsc_table(rproc, fw); 843 if (!loaded_table) { 844 ret = -EINVAL; 845 goto clean_up; 846 } 847 848 memcpy(loaded_table, rproc->cached_table, tablesz); 849 850 /* power up the remote processor */ 851 ret = rproc->ops->start(rproc); 852 if (ret) { 853 dev_err(dev, "can't start rproc %s: %d\n", rproc->name, ret); 854 goto clean_up; 855 } 856 857 /* 858 * Update table_ptr so that all subsequent vring allocations and 859 * virtio fields manipulation update the actual loaded resource table 860 * in device memory. 861 */ 862 rproc->table_ptr = loaded_table; 863 864 rproc->state = RPROC_RUNNING; 865 866 dev_info(dev, "remote processor %s is now up\n", rproc->name); 867 868 return 0; 869 870clean_up: 871 rproc_resource_cleanup(rproc); 872 rproc_disable_iommu(rproc); 873 return ret; 874} 875 876/* 877 * take a firmware and look for virtio devices to register. 878 * 879 * Note: this function is called asynchronously upon registration of the 880 * remote processor (so we must wait until it completes before we try 881 * to unregister the device. one other option is just to use kref here, 882 * that might be cleaner). 883 */ 884static void rproc_fw_config_virtio(const struct firmware *fw, void *context) 885{ 886 struct rproc *rproc = context; 887 struct resource_table *table; 888 int ret, tablesz; 889 890 if (rproc_fw_sanity_check(rproc, fw) < 0) 891 goto out; 892 893 /* look for the resource table */ 894 table = rproc_find_rsc_table(rproc, fw, &tablesz); 895 if (!table) 896 goto out; 897 898 rproc->table_csum = crc32(0, table, tablesz); 899 900 /* 901 * Create a copy of the resource table. When a virtio device starts 902 * and calls vring_new_virtqueue() the address of the allocated vring 903 * will be stored in the cached_table. Before the device is started, 904 * cached_table will be copied into devic memory. 905 */ 906 rproc->cached_table = kmemdup(table, tablesz, GFP_KERNEL); 907 if (!rproc->cached_table) 908 goto out; 909 910 rproc->table_ptr = rproc->cached_table; 911 912 /* count the number of notify-ids */ 913 rproc->max_notifyid = -1; 914 ret = rproc_handle_resources(rproc, tablesz, rproc_count_vrings_handler); 915 if (ret) 916 goto out; 917 918 /* look for virtio devices and register them */ 919 ret = rproc_handle_resources(rproc, tablesz, rproc_vdev_handler); 920 921out: 922 release_firmware(fw); 923 /* allow rproc_del() contexts, if any, to proceed */ 924 complete_all(&rproc->firmware_loading_complete); 925} 926 927static int rproc_add_virtio_devices(struct rproc *rproc) 928{ 929 int ret; 930 931 /* rproc_del() calls must wait until async loader completes */ 932 init_completion(&rproc->firmware_loading_complete); 933 934 /* 935 * We must retrieve early virtio configuration info from 936 * the firmware (e.g. whether to register a virtio device, 937 * what virtio features does it support, ...). 938 * 939 * We're initiating an asynchronous firmware loading, so we can 940 * be built-in kernel code, without hanging the boot process. 941 */ 942 ret = request_firmware_nowait(THIS_MODULE, FW_ACTION_HOTPLUG, 943 rproc->firmware, &rproc->dev, GFP_KERNEL, 944 rproc, rproc_fw_config_virtio); 945 if (ret < 0) { 946 dev_err(&rproc->dev, "request_firmware_nowait err: %d\n", ret); 947 complete_all(&rproc->firmware_loading_complete); 948 } 949 950 return ret; 951} 952 953/** 954 * rproc_trigger_recovery() - recover a remoteproc 955 * @rproc: the remote processor 956 * 957 * The recovery is done by reseting all the virtio devices, that way all the 958 * rpmsg drivers will be reseted along with the remote processor making the 959 * remoteproc functional again. 960 * 961 * This function can sleep, so it cannot be called from atomic context. 962 */ 963int rproc_trigger_recovery(struct rproc *rproc) 964{ 965 struct rproc_vdev *rvdev, *rvtmp; 966 967 dev_err(&rproc->dev, "recovering %s\n", rproc->name); 968 969 init_completion(&rproc->crash_comp); 970 971 /* clean up remote vdev entries */ 972 list_for_each_entry_safe(rvdev, rvtmp, &rproc->rvdevs, node) 973 rproc_remove_virtio_dev(rvdev); 974 975 /* wait until there is no more rproc users */ 976 wait_for_completion(&rproc->crash_comp); 977 978 /* Free the copy of the resource table */ 979 kfree(rproc->cached_table); 980 981 return rproc_add_virtio_devices(rproc); 982} 983 984/** 985 * rproc_crash_handler_work() - handle a crash 986 * 987 * This function needs to handle everything related to a crash, like cpu 988 * registers and stack dump, information to help to debug the fatal error, etc. 989 */ 990static void rproc_crash_handler_work(struct work_struct *work) 991{ 992 struct rproc *rproc = container_of(work, struct rproc, crash_handler); 993 struct device *dev = &rproc->dev; 994 995 dev_dbg(dev, "enter %s\n", __func__); 996 997 mutex_lock(&rproc->lock); 998 999 if (rproc->state == RPROC_CRASHED || rproc->state == RPROC_OFFLINE) { 1000 /* handle only the first crash detected */ 1001 mutex_unlock(&rproc->lock); 1002 return; 1003 } 1004 1005 rproc->state = RPROC_CRASHED; 1006 dev_err(dev, "handling crash #%u in %s\n", ++rproc->crash_cnt, 1007 rproc->name); 1008 1009 mutex_unlock(&rproc->lock); 1010 1011 if (!rproc->recovery_disabled) 1012 rproc_trigger_recovery(rproc); 1013} 1014 1015/** 1016 * rproc_boot() - boot a remote processor 1017 * @rproc: handle of a remote processor 1018 * 1019 * Boot a remote processor (i.e. load its firmware, power it on, ...). 1020 * 1021 * If the remote processor is already powered on, this function immediately 1022 * returns (successfully). 1023 * 1024 * Returns 0 on success, and an appropriate error value otherwise. 1025 */ 1026int rproc_boot(struct rproc *rproc) 1027{ 1028 const struct firmware *firmware_p; 1029 struct device *dev; 1030 int ret; 1031 1032 if (!rproc) { 1033 pr_err("invalid rproc handle\n"); 1034 return -EINVAL; 1035 } 1036 1037 dev = &rproc->dev; 1038 1039 ret = mutex_lock_interruptible(&rproc->lock); 1040 if (ret) { 1041 dev_err(dev, "can't lock rproc %s: %d\n", rproc->name, ret); 1042 return ret; 1043 } 1044 1045 /* loading a firmware is required */ 1046 if (!rproc->firmware) { 1047 dev_err(dev, "%s: no firmware to load\n", __func__); 1048 ret = -EINVAL; 1049 goto unlock_mutex; 1050 } 1051 1052 /* prevent underlying implementation from being removed */ 1053 if (!try_module_get(dev->parent->driver->owner)) { 1054 dev_err(dev, "%s: can't get owner\n", __func__); 1055 ret = -EINVAL; 1056 goto unlock_mutex; 1057 } 1058 1059 /* skip the boot process if rproc is already powered up */ 1060 if (atomic_inc_return(&rproc->power) > 1) { 1061 ret = 0; 1062 goto unlock_mutex; 1063 } 1064 1065 dev_info(dev, "powering up %s\n", rproc->name); 1066 1067 /* load firmware */ 1068 ret = request_firmware(&firmware_p, rproc->firmware, dev); 1069 if (ret < 0) { 1070 dev_err(dev, "request_firmware failed: %d\n", ret); 1071 goto downref_rproc; 1072 } 1073 1074 ret = rproc_fw_boot(rproc, firmware_p); 1075 1076 release_firmware(firmware_p); 1077 1078downref_rproc: 1079 if (ret) { 1080 module_put(dev->parent->driver->owner); 1081 atomic_dec(&rproc->power); 1082 } 1083unlock_mutex: 1084 mutex_unlock(&rproc->lock); 1085 return ret; 1086} 1087EXPORT_SYMBOL(rproc_boot); 1088 1089/** 1090 * rproc_shutdown() - power off the remote processor 1091 * @rproc: the remote processor 1092 * 1093 * Power off a remote processor (previously booted with rproc_boot()). 1094 * 1095 * In case @rproc is still being used by an additional user(s), then 1096 * this function will just decrement the power refcount and exit, 1097 * without really powering off the device. 1098 * 1099 * Every call to rproc_boot() must (eventually) be accompanied by a call 1100 * to rproc_shutdown(). Calling rproc_shutdown() redundantly is a bug. 1101 * 1102 * Notes: 1103 * - we're not decrementing the rproc's refcount, only the power refcount. 1104 * which means that the @rproc handle stays valid even after rproc_shutdown() 1105 * returns, and users can still use it with a subsequent rproc_boot(), if 1106 * needed. 1107 */ 1108void rproc_shutdown(struct rproc *rproc) 1109{ 1110 struct device *dev = &rproc->dev; 1111 int ret; 1112 1113 ret = mutex_lock_interruptible(&rproc->lock); 1114 if (ret) { 1115 dev_err(dev, "can't lock rproc %s: %d\n", rproc->name, ret); 1116 return; 1117 } 1118 1119 /* if the remote proc is still needed, bail out */ 1120 if (!atomic_dec_and_test(&rproc->power)) 1121 goto out; 1122 1123 /* power off the remote processor */ 1124 ret = rproc->ops->stop(rproc); 1125 if (ret) { 1126 atomic_inc(&rproc->power); 1127 dev_err(dev, "can't stop rproc: %d\n", ret); 1128 goto out; 1129 } 1130 1131 /* clean up all acquired resources */ 1132 rproc_resource_cleanup(rproc); 1133 1134 rproc_disable_iommu(rproc); 1135 1136 /* Give the next start a clean resource table */ 1137 rproc->table_ptr = rproc->cached_table; 1138 1139 /* if in crash state, unlock crash handler */ 1140 if (rproc->state == RPROC_CRASHED) 1141 complete_all(&rproc->crash_comp); 1142 1143 rproc->state = RPROC_OFFLINE; 1144 1145 dev_info(dev, "stopped remote processor %s\n", rproc->name); 1146 1147out: 1148 mutex_unlock(&rproc->lock); 1149 if (!ret) 1150 module_put(dev->parent->driver->owner); 1151} 1152EXPORT_SYMBOL(rproc_shutdown); 1153 1154/** 1155 * rproc_add() - register a remote processor 1156 * @rproc: the remote processor handle to register 1157 * 1158 * Registers @rproc with the remoteproc framework, after it has been 1159 * allocated with rproc_alloc(). 1160 * 1161 * This is called by the platform-specific rproc implementation, whenever 1162 * a new remote processor device is probed. 1163 * 1164 * Returns 0 on success and an appropriate error code otherwise. 1165 * 1166 * Note: this function initiates an asynchronous firmware loading 1167 * context, which will look for virtio devices supported by the rproc's 1168 * firmware. 1169 * 1170 * If found, those virtio devices will be created and added, so as a result 1171 * of registering this remote processor, additional virtio drivers might be 1172 * probed. 1173 */ 1174int rproc_add(struct rproc *rproc) 1175{ 1176 struct device *dev = &rproc->dev; 1177 int ret; 1178 1179 ret = device_add(dev); 1180 if (ret < 0) 1181 return ret; 1182 1183 dev_info(dev, "%s is available\n", rproc->name); 1184 1185 dev_info(dev, "Note: remoteproc is still under development and considered experimental.\n"); 1186 dev_info(dev, "THE BINARY FORMAT IS NOT YET FINALIZED, and backward compatibility isn't yet guaranteed.\n"); 1187 1188 /* create debugfs entries */ 1189 rproc_create_debug_dir(rproc); 1190 1191 return rproc_add_virtio_devices(rproc); 1192} 1193EXPORT_SYMBOL(rproc_add); 1194 1195/** 1196 * rproc_type_release() - release a remote processor instance 1197 * @dev: the rproc's device 1198 * 1199 * This function should _never_ be called directly. 1200 * 1201 * It will be called by the driver core when no one holds a valid pointer 1202 * to @dev anymore. 1203 */ 1204static void rproc_type_release(struct device *dev) 1205{ 1206 struct rproc *rproc = container_of(dev, struct rproc, dev); 1207 1208 dev_info(&rproc->dev, "releasing %s\n", rproc->name); 1209 1210 rproc_delete_debug_dir(rproc); 1211 1212 idr_destroy(&rproc->notifyids); 1213 1214 if (rproc->index >= 0) 1215 ida_simple_remove(&rproc_dev_index, rproc->index); 1216 1217 kfree(rproc); 1218} 1219 1220static struct device_type rproc_type = { 1221 .name = "remoteproc", 1222 .release = rproc_type_release, 1223}; 1224 1225/** 1226 * rproc_alloc() - allocate a remote processor handle 1227 * @dev: the underlying device 1228 * @name: name of this remote processor 1229 * @ops: platform-specific handlers (mainly start/stop) 1230 * @firmware: name of firmware file to load, can be NULL 1231 * @len: length of private data needed by the rproc driver (in bytes) 1232 * 1233 * Allocates a new remote processor handle, but does not register 1234 * it yet. if @firmware is NULL, a default name is used. 1235 * 1236 * This function should be used by rproc implementations during initialization 1237 * of the remote processor. 1238 * 1239 * After creating an rproc handle using this function, and when ready, 1240 * implementations should then call rproc_add() to complete 1241 * the registration of the remote processor. 1242 * 1243 * On success the new rproc is returned, and on failure, NULL. 1244 * 1245 * Note: _never_ directly deallocate @rproc, even if it was not registered 1246 * yet. Instead, when you need to unroll rproc_alloc(), use rproc_put(). 1247 */ 1248struct rproc *rproc_alloc(struct device *dev, const char *name, 1249 const struct rproc_ops *ops, 1250 const char *firmware, int len) 1251{ 1252 struct rproc *rproc; 1253 char *p, *template = "rproc-%s-fw"; 1254 int name_len = 0; 1255 1256 if (!dev || !name || !ops) 1257 return NULL; 1258 1259 if (!firmware) 1260 /* 1261 * Make room for default firmware name (minus %s plus '\0'). 1262 * If the caller didn't pass in a firmware name then 1263 * construct a default name. We're already glomming 'len' 1264 * bytes onto the end of the struct rproc allocation, so do 1265 * a few more for the default firmware name (but only if 1266 * the caller doesn't pass one). 1267 */ 1268 name_len = strlen(name) + strlen(template) - 2 + 1; 1269 1270 rproc = kzalloc(sizeof(struct rproc) + len + name_len, GFP_KERNEL); 1271 if (!rproc) { 1272 dev_err(dev, "%s: kzalloc failed\n", __func__); 1273 return NULL; 1274 } 1275 1276 if (!firmware) { 1277 p = (char *)rproc + sizeof(struct rproc) + len; 1278 snprintf(p, name_len, template, name); 1279 } else { 1280 p = (char *)firmware; 1281 } 1282 1283 rproc->firmware = p; 1284 rproc->name = name; 1285 rproc->ops = ops; 1286 rproc->priv = &rproc[1]; 1287 1288 device_initialize(&rproc->dev); 1289 rproc->dev.parent = dev; 1290 rproc->dev.type = &rproc_type; 1291 1292 /* Assign a unique device index and name */ 1293 rproc->index = ida_simple_get(&rproc_dev_index, 0, 0, GFP_KERNEL); 1294 if (rproc->index < 0) { 1295 dev_err(dev, "ida_simple_get failed: %d\n", rproc->index); 1296 put_device(&rproc->dev); 1297 return NULL; 1298 } 1299 1300 dev_set_name(&rproc->dev, "remoteproc%d", rproc->index); 1301 1302 atomic_set(&rproc->power, 0); 1303 1304 /* Set ELF as the default fw_ops handler */ 1305 rproc->fw_ops = &rproc_elf_fw_ops; 1306 1307 mutex_init(&rproc->lock); 1308 1309 idr_init(&rproc->notifyids); 1310 1311 INIT_LIST_HEAD(&rproc->carveouts); 1312 INIT_LIST_HEAD(&rproc->mappings); 1313 INIT_LIST_HEAD(&rproc->traces); 1314 INIT_LIST_HEAD(&rproc->rvdevs); 1315 1316 INIT_WORK(&rproc->crash_handler, rproc_crash_handler_work); 1317 init_completion(&rproc->crash_comp); 1318 1319 rproc->state = RPROC_OFFLINE; 1320 1321 return rproc; 1322} 1323EXPORT_SYMBOL(rproc_alloc); 1324 1325/** 1326 * rproc_put() - unroll rproc_alloc() 1327 * @rproc: the remote processor handle 1328 * 1329 * This function decrements the rproc dev refcount. 1330 * 1331 * If no one holds any reference to rproc anymore, then its refcount would 1332 * now drop to zero, and it would be freed. 1333 */ 1334void rproc_put(struct rproc *rproc) 1335{ 1336 put_device(&rproc->dev); 1337} 1338EXPORT_SYMBOL(rproc_put); 1339 1340/** 1341 * rproc_del() - unregister a remote processor 1342 * @rproc: rproc handle to unregister 1343 * 1344 * This function should be called when the platform specific rproc 1345 * implementation decides to remove the rproc device. it should 1346 * _only_ be called if a previous invocation of rproc_add() 1347 * has completed successfully. 1348 * 1349 * After rproc_del() returns, @rproc isn't freed yet, because 1350 * of the outstanding reference created by rproc_alloc. To decrement that 1351 * one last refcount, one still needs to call rproc_put(). 1352 * 1353 * Returns 0 on success and -EINVAL if @rproc isn't valid. 1354 */ 1355int rproc_del(struct rproc *rproc) 1356{ 1357 struct rproc_vdev *rvdev, *tmp; 1358 1359 if (!rproc) 1360 return -EINVAL; 1361 1362 /* if rproc is just being registered, wait */ 1363 wait_for_completion(&rproc->firmware_loading_complete); 1364 1365 /* clean up remote vdev entries */ 1366 list_for_each_entry_safe(rvdev, tmp, &rproc->rvdevs, node) 1367 rproc_remove_virtio_dev(rvdev); 1368 1369 /* Free the copy of the resource table */ 1370 kfree(rproc->cached_table); 1371 1372 device_del(&rproc->dev); 1373 1374 return 0; 1375} 1376EXPORT_SYMBOL(rproc_del); 1377 1378/** 1379 * rproc_report_crash() - rproc crash reporter function 1380 * @rproc: remote processor 1381 * @type: crash type 1382 * 1383 * This function must be called every time a crash is detected by the low-level 1384 * drivers implementing a specific remoteproc. This should not be called from a 1385 * non-remoteproc driver. 1386 * 1387 * This function can be called from atomic/interrupt context. 1388 */ 1389void rproc_report_crash(struct rproc *rproc, enum rproc_crash_type type) 1390{ 1391 if (!rproc) { 1392 pr_err("NULL rproc pointer\n"); 1393 return; 1394 } 1395 1396 dev_err(&rproc->dev, "crash detected in %s: type %s\n", 1397 rproc->name, rproc_crash_to_string(type)); 1398 1399 /* create a new task to handle the error */ 1400 schedule_work(&rproc->crash_handler); 1401} 1402EXPORT_SYMBOL(rproc_report_crash); 1403 1404static int __init remoteproc_init(void) 1405{ 1406 rproc_init_debugfs(); 1407 1408 return 0; 1409} 1410module_init(remoteproc_init); 1411 1412static void __exit remoteproc_exit(void) 1413{ 1414 rproc_exit_debugfs(); 1415} 1416module_exit(remoteproc_exit); 1417 1418MODULE_LICENSE("GPL v2"); 1419MODULE_DESCRIPTION("Generic Remote Processor Framework"); 1420