samsung_sm8750/android_kernel_samsung_sm8750-modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6f7753de11a00dfef0b477c747efea9913ce98d0
android_kernel_samsung_sm87…/qcom/opensource/dsp-kernel/dsp/fastrpc.c
SaschaNes 6f7753de11 replace common qcom sources with samsung ones
2025-08-12 22:13:00 +02:00

6163 lines
167 KiB
C
Raw Blame History

// SPDX-License-Identifier: GPL-2.0
/* Copyright (c) 2011-2018, The Linux Foundation. All rights reserved.
* Copyright (c) 2018, Linaro Limited
* Copyright (c) 2022-2024 Qualcomm Innovation Center, Inc. All rights reserved.
*/
#include <linux/completion.h>
#include <linux/device.h>
#include <linux/dma-buf.h>
#include <linux/dma-mapping.h>
#include <linux/dma-resv.h>
#include <linux/idr.h>
#include <linux/list.h>
#include <linux/miscdevice.h>
#include <linux/module.h>
#include <linux/of_address.h>
#include <linux/of.h>
#include <linux/sort.h>
#include <linux/of_platform.h>
#include <linux/iommu.h>
#include <linux/msm_dma_iommu_mapping.h>
#include <linux/genalloc.h>
#include <linux/scatterlist.h>
#include <linux/slab.h>
#include <linux/delay.h>
#include <linux/pm_qos.h>
#include "../include/uapi/misc/fastrpc.h"
#include "../include/linux/fastrpc.h"
#include <linux/of_reserved_mem.h>
#include <linux/cred.h>
#include <linux/arch_topology.h>
#include <linux/mem-buf.h>
#include <linux/soc/qcom/pdr.h>
#include <soc/qcom/secure_buffer.h>
#include "fastrpc_shared.h"
#include <linux/platform_device.h>
#define CREATE_TRACE_POINTS
#include "fastrpc_trace.h"
/* Struct to hold globally used variables */
struct fastrpc_common {
/* global lock to access channel context */
spinlock_t glock;
/* global copy of channel contexts */
struct fastrpc_channel_ctx *gctx[FASTRPC_DEV_MAX];
#ifdef CONFIG_DEBUG_FS
struct dentry *debugfs_root;
struct dentry *debugfs_global_file;
#endif
};
/* Global fastrpc driver object */
struct fastrpc_common g_frpc;
static inline int64_t getnstimediff(struct timespec64 *start)
{
int64_t ns;
struct timespec64 ts, b;
ktime_get_real_ts64(&ts);
b = timespec64_sub(ts, *start);
ns = timespec64_to_ns(&b);
return ns;
}
static int fastrpc_device_create(struct fastrpc_user *fl);
/*
* fastrpc_update_gctx() - copy channel context to a global structure.
* @arg1: channel context.
* @arg2: flag to enable or disable copy
*
*/
void fastrpc_update_gctx(struct fastrpc_channel_ctx *cctx, int flag)
{
struct fastrpc_channel_ctx **ctx = &g_frpc.gctx[cctx->domain_id];
if (flag == 1)
*ctx = cctx;
else
*ctx = NULL;
}
static void dma_buf_unmap_attachment_wrap(struct fastrpc_map *map)
{
trace_fastrpc_dma_unmap(map->fl->cctx->domain_id, map->phys,
map->size, map->fd);
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(6,2,0))
dma_buf_unmap_attachment_unlocked(map->attach, map->table,
DMA_BIDIRECTIONAL);
#else
dma_buf_unmap_attachment(map->attach, map->table,
DMA_BIDIRECTIONAL);
#endif
}
static int dma_buf_map_attachment_wrap(struct fastrpc_map *map)
{
int err = 0;
struct sg_table *table;
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(6,2,0))
table = dma_buf_map_attachment_unlocked(map->attach,
DMA_BIDIRECTIONAL);
if (IS_ERR(table)) {
err = PTR_ERR(table);
return err;
}
#else
table = dma_buf_map_attachment(map->attach,
DMA_BIDIRECTIONAL);
if (IS_ERR(table)) {
err = PTR_ERR(table);
return err;
}
#endif
map->table = table;
return 0;
}
static inline void __fastrpc_dma_map_free(struct fastrpc_map *map)
{
dma_buf_unmap_attachment_wrap(map);
dma_buf_detach(map->buf, map->attach);
dma_buf_put(map->buf);
}
static void __fastrpc_free_map(struct fastrpc_map *map)
{
struct fastrpc_user *fl = NULL;
struct fastrpc_smmu *smmucb = NULL;
if (!map)
return;
fl = map->fl;
if (fl) {
spin_lock(&map->fl->lock);
list_del(&map->node);
spin_unlock(&map->fl->lock);
}
if (map->table) {
if (fl && (map->attr & FASTRPC_ATTR_SECUREMAP)) {
struct qcom_scm_vmperm perm;
int vmid = fl->cctx->vmperms[0].vmid;
u64 src_perms = BIT(QCOM_SCM_VMID_HLOS) | BIT(vmid);
int err = 0;
perm.vmid = QCOM_SCM_VMID_HLOS;
perm.perm = QCOM_SCM_PERM_RWX;
err = qcom_scm_assign_mem(map->phys, map->size,
&src_perms, &perm, 1);
if (err) {
dev_err(fl->cctx->dev,
"Failed to assign memory phys 0x%llx size 0x%llx err %d",
map->phys, map->size, err);
goto free_map;
}
}
/* FASTRPC_MAP_FD_NOMAP is not mapped on SMMU CB device */
if (map->flags == FASTRPC_MAP_FD_NOMAP) {
__fastrpc_dma_map_free(map);
} else {
smmucb = map->smmucb;
mutex_lock(&smmucb->map_mutex);
if (!smmucb->dev) {
mutex_unlock(&smmucb->map_mutex);
goto free_map;
}
__fastrpc_dma_map_free(map);
smmucb->allocatedbytes -= SMMU_ALIGN(map->size);
mutex_unlock(&smmucb->map_mutex);
}
}
free_map:
kfree(map);
}
static void fastrpc_free_map(struct kref *ref)
{
struct fastrpc_map *map = NULL;
map = container_of(ref, struct fastrpc_map, refcount);
__fastrpc_free_map(map);
}
static void fastrpc_map_put(struct fastrpc_map *map)
{
if (map)
kref_put(&map->refcount, fastrpc_free_map);
}
static int fastrpc_map_get(struct fastrpc_map *map)
{
if (!map)
return -ENOENT;
return kref_get_unless_zero(&map->refcount) ? 0 : -ENOENT;
}
static int fastrpc_map_lookup(struct fastrpc_user *fl, int fd,
u64 va, u64 len, struct dma_buf *buf, int mflags,
struct fastrpc_map **ppmap, bool take_ref)
{
struct fastrpc_pool_ctx *sess = fl->sctx;
struct fastrpc_map *map = NULL;
int ret = -ENOENT;
if (mflags == ADSP_MMAP_DMA_BUFFER) {
if (!buf)
return ret;
} else {
/* Fetch DMA buffer from fd */
buf = dma_buf_get(fd);
if (IS_ERR(buf))
return PTR_ERR(buf);
}
spin_lock(&fl->lock);
list_for_each_entry(map, &fl->maps, node) {
if (map->buf == buf)
goto map_found;
}
goto error;
map_found:
if (take_ref) {
ret = fastrpc_map_get(map);
if (ret) {
dev_dbg(sess->smmucb[DEFAULT_SMMU_IDX].dev,
"%s: Failed to get map fd=%d ret=%d\n",
__func__, fd, ret);
goto error;
}
}
*ppmap = map;
ret = 0;
error:
spin_unlock(&fl->lock);
/* Drop the DMA buf ref except for the DMA bus driver */
if (mflags != ADSP_MMAP_DMA_BUFFER)
dma_buf_put(buf);
return ret;
}
static bool fastrpc_get_persistent_buf(struct fastrpc_user *fl,
size_t size, int buf_type, struct fastrpc_buf **obuf)
{
u32 i = 0;
bool found = false;
struct fastrpc_buf *buf = NULL;
spin_lock(&fl->lock);
/*
* Persistent header buffer can be used only if
* metadata length is less than 1 page size.
*/
if (!fl->num_pers_hdrs || buf_type != METADATA_BUF || size > PAGE_SIZE) {
spin_unlock(&fl->lock);
return found;
}
for (i = 0; i < fl->num_pers_hdrs; i++) {
buf = &fl->hdr_bufs[i];
/* If buffer not in use, then assign it for requested alloc */
if (!buf->in_use) {
buf->in_use = true;
*obuf = buf;
found = true;
break;
}
}
spin_unlock(&fl->lock);
return found;
}
static void __fastrpc_dma_buf_free(struct fastrpc_buf *buf)
{
trace_fastrpc_dma_free(buf->domain_id, buf->phys, buf->size);
dma_free_coherent(buf->dev, buf->size, buf->virt,
FASTRPC_PHYS(buf->phys));
kfree(buf);
}
static void __fastrpc_buf_free(struct fastrpc_buf *buf)
{
struct fastrpc_smmu *smmucb = NULL;
/* REMOTEHEAP_BUF is not mapped on SMMU device */
if (buf->type == REMOTEHEAP_BUF) {
__fastrpc_dma_buf_free(buf);
} else {
smmucb = buf->smmucb;
mutex_lock(&smmucb->map_mutex);
if (smmucb->dev) {
smmucb->allocatedbytes -= SMMU_ALIGN(buf->size);
__fastrpc_dma_buf_free(buf);
}
mutex_unlock(&smmucb->map_mutex);
}
}
static void fastrpc_cached_buf_list_add(struct fastrpc_buf *buf)
{
struct fastrpc_user *fl = buf->fl;
if (buf->size < FASTRPC_MAX_CACHE_BUF_SIZE) {
spin_lock(&fl->lock);
if (fl->num_cached_buf > FASTRPC_MAX_CACHED_BUFS) {
spin_unlock(&fl->lock);
goto skip_buf_cache;
}
list_add_tail(&buf->node, &fl->cached_bufs);
fl->num_cached_buf++;
buf->type = -1;
spin_unlock(&fl->lock);
return;
}
skip_buf_cache:
__fastrpc_buf_free(buf);
return;
}
static void fastrpc_buf_free(struct fastrpc_buf *buf, bool cache)
{
struct fastrpc_user *fl = buf->fl;
if (buf->in_use) {
/* Don't free persistent header buf. Just mark as available */
spin_lock(&fl->lock);
buf->in_use = false;
spin_unlock(&fl->lock);
return;
}
if (cache)
fastrpc_cached_buf_list_add(buf);
else
__fastrpc_buf_free(buf);
}
static inline bool fastrpc_get_cached_buf(struct fastrpc_user *fl,
size_t size, int buf_type, struct fastrpc_buf **obuf)
{
bool found = false;
struct fastrpc_buf *buf, *n, *cbuf = NULL;
if (buf_type == USER_BUF || buf_type == REMOTEHEAP_BUF)
return found;
/* find the smallest buffer that fits in the cache */
spin_lock(&fl->lock);
list_for_each_entry_safe(buf, n, &fl->cached_bufs, node) {
if (buf->size >= size && (!cbuf || cbuf->size > buf->size))
cbuf = buf;
}
if (cbuf) {
list_del_init(&cbuf->node);
fl->num_cached_buf--;
}
spin_unlock(&fl->lock);
if (cbuf) {
cbuf->type = buf_type;
*obuf = cbuf;
found = true;
}
return found;
}
static void fastrpc_buf_list_free(struct fastrpc_user *fl,
struct list_head *buf_list, bool is_cached_buf)
{
struct fastrpc_buf *buf = NULL, *n = NULL, *free = NULL;
do {
free = NULL;
spin_lock(&fl->lock);
list_for_each_entry_safe(buf, n, buf_list, node) {
list_del(&buf->node);
if (is_cached_buf)
fl->num_cached_buf--;
free = buf;
break;
}
spin_unlock(&fl->lock);
if (free)
fastrpc_buf_free(free, false);
} while (free);
}
/*
* Free list of buffers donated for rootheap
* @arg1: channel context.
* @arg2: rootpd session context
*
* Returns void
*/
static void fastrpc_rootheap_buf_list_free(struct fastrpc_channel_ctx *cctx)
{
struct fastrpc_buf *buf = NULL, *n = NULL, *free = NULL;
unsigned long flags = 0;
/* Return if no rootheap buffers were donated */
if (!cctx->rootheap_bufs.num)
return;
do {
free = NULL;
spin_lock_irqsave(&cctx->lock, flags);
list_for_each_entry_safe(buf, n, &cctx->rootheap_bufs.list, node) {
list_del(&buf->node);
cctx->rootheap_bufs.num--;
free = buf;
break;
}
spin_unlock_irqrestore(&cctx->lock, flags);
if (free)
__fastrpc_buf_free(free);
} while (free);
}
static inline void __fastrpc_dma_alloc(struct fastrpc_buf *buf)
{
buf->virt = dma_alloc_coherent(buf->dev, buf->size,
(dma_addr_t *)&buf->phys, GFP_KERNEL);
}
static int __fastrpc_buf_alloc(struct fastrpc_user *fl,
struct fastrpc_smmu *smmucb, u32 domain_id,
u64 size, struct fastrpc_buf **obuf, u32 buf_type)
{
struct fastrpc_buf *buf;
struct timespec64 start_ts, end_ts;
if (!size)
return -EFAULT;
buf = kzalloc(sizeof(*buf), GFP_KERNEL);
if (!buf)
return -ENOMEM;
INIT_LIST_HEAD(&buf->attachments);
INIT_LIST_HEAD(&buf->node);
mutex_init(&buf->lock);
buf->fl = fl;
buf->virt = NULL;
buf->phys = 0;
buf->size = size;
buf->raddr = 0;
buf->type = buf_type;
buf->domain_id = domain_id;
ktime_get_boottime_ts64(&start_ts);
/* REMOTEHEAP_BUF is allocated using cctx device */
if (buf_type == REMOTEHEAP_BUF) {
buf->dev = fl->cctx->dev;
/*
* Do not acquire spinlock with IRQ disabled
* as "dma_alloc_coherent" locks a mutex
*/
if (fl->cctx->dev)
__fastrpc_dma_alloc(buf);
} else {
buf->dev = smmucb->dev;
buf->smmucb = smmucb;
mutex_lock(&smmucb->map_mutex);
if (smmucb->dev)
__fastrpc_dma_alloc(buf);
if (buf->virt) {
smmucb->allocatedbytes += SMMU_ALIGN(buf->size);
buf->phys += ((u64)smmucb->sid << 32);
}
mutex_unlock(&smmucb->map_mutex);
}
if (!buf->virt) {
mutex_destroy(&buf->lock);
kfree(buf);
return -ENOMEM;
}
*obuf = buf;
trace_fastrpc_dma_alloc(domain_id, (uint64_t)buf->phys, buf->size,
(unsigned long)buf->type, 0);
ktime_get_boottime_ts64(&end_ts);
buf->alloc_time = timespec64_sub(end_ts, start_ts);
return 0;
}
static int fastrpc_buf_alloc(struct fastrpc_user *fl,
struct fastrpc_smmu *smmucb, u64 size,
u32 buf_type, struct fastrpc_buf **obuf)
{
int ret;
if (fastrpc_get_persistent_buf(fl, size, buf_type, obuf))
return 0;
if (fastrpc_get_cached_buf(fl, size, buf_type, obuf))
return 0;
ret = __fastrpc_buf_alloc(fl, smmucb, fl->cctx->domain_id,
size, obuf, buf_type);
if (ret == -ENOMEM) {
fastrpc_buf_list_free(fl, &fl->cached_bufs, true);
ret = __fastrpc_buf_alloc(fl, smmucb, fl->cctx->domain_id,
size, obuf, buf_type);
if (ret)
return ret;
}
return 0;
}
/**
* fastrpc_smmu_device_lookup() -
* Function to get IOMMU device index from the session pool
* @arg1: Fastrpc pool session
* @arg2: Allocation/map buffer size
* @arg3: Current IOMMU pool device index
*
* Starting from current IOMMU pool device index, function
* finds a IOMMU CB where there is enough virtual space available
* to allocate/map buffer size.
*
* Return: Returns IOMMU pool device index,
* where virtual space is available
*/
static u32 fastrpc_smmu_device_lookup(struct fastrpc_pool_ctx *sess,
u64 size, u32 smmuidx)
{
struct fastrpc_smmu *smmucb = NULL;
for (; smmuidx < sess->smmucount; smmuidx++) {
smmucb = &sess->smmucb[smmuidx];
/*
* Use the SMMU index device, if the SMMU pool
* alloc ranges are not defined.
*/
if (smmucb->maxallocsize == 0)
break;
if (size >= smmucb->minallocsize &&
size < (smmucb->totalbytes - smmucb->allocatedbytes))
break;
}
return smmuidx;
}
/**
* fastrpc_smmu_buf_alloc() - Allocates memory on IOMMU CB
* @arg1: Fastrpc user file pointer
* @arg2: Allocation buffer size
* @arg3: Allocation buffer type
* @arg4: Output argument pointer to the fastrpc_buf
*
* Return: Returns 0 on success, error code on failure
*/
static int fastrpc_smmu_buf_alloc(struct fastrpc_user *fl, u64 size,
u32 buf_type, struct fastrpc_buf **obuf)
{
int err = 0;
struct fastrpc_pool_ctx *sess = NULL;
struct fastrpc_smmu *smmucb = NULL;
u32 smmuidx = DEFAULT_SMMU_IDX;
sess = fl->sctx;
retry_alloc:
smmuidx = fastrpc_smmu_device_lookup(sess, size, smmuidx);
if (smmuidx >= sess->smmucount) {
dev_err(fl->cctx->dev,
"%s: No valid smmu context bank found for size 0x%llx\n",
__func__, size);
err = -ENOSR;
return err;
} else {
smmucb = &sess->smmucb[smmuidx];
}
err = fastrpc_buf_alloc(fl, smmucb, size, buf_type, obuf);
/*
* Retry allocation on next availale IOMMU CB,
* if there is no enough virtual space available on current IOMMU CB
*/
if (err == -ENOMEM || err == -EINVAL) {
smmuidx++;
goto retry_alloc;
}
return err;
}
static void fastrpc_channel_ctx_free(struct kref *ref)
{
struct fastrpc_channel_ctx *cctx;
int i, j;
cctx = container_of(ref, struct fastrpc_channel_ctx, refcount);
mutex_destroy(&cctx->wake_mutex);
for (i = 0; i < FASTRPC_MAX_SESSIONS; i++)
for (j = 0; j < cctx->session[i].smmucount; j++)
mutex_destroy(&cctx->session[i].smmucb[j].map_mutex);
ida_destroy(&cctx->tgid_frpc_ida);
kfree(cctx);
}
static void fastrpc_channel_ctx_get(struct fastrpc_channel_ctx *cctx)
{
kref_get(&cctx->refcount);
}
void fastrpc_channel_ctx_put(struct fastrpc_channel_ctx *cctx)
{
kref_put(&cctx->refcount, fastrpc_channel_ctx_free);
}
static void fastrpc_context_free(struct kref *ref)
{
struct fastrpc_invoke_ctx *ctx;
struct fastrpc_channel_ctx *cctx;
unsigned long flags;
int i;
ctx = container_of(ref, struct fastrpc_invoke_ctx, refcount);
cctx = ctx->cctx;
mutex_lock(&ctx->fl->map_mutex);
for (i = 0; i < ctx->nbufs; i++)
fastrpc_map_put(ctx->maps[i]);
mutex_unlock(&ctx->fl->map_mutex);
if (ctx->buf)
fastrpc_buf_free(ctx->buf, true);
if (ctx->fl->profile)
kfree(ctx->perf);
spin_lock_irqsave(&cctx->lock, flags);
idr_remove(&cctx->ctx_idr, FASTRPC_GET_IDR_FROM_CTXID(ctx->ctxid));
spin_unlock_irqrestore(&cctx->lock, flags);
trace_fastrpc_context_free((uint64_t)ctx,
ctx->ctxid, ctx->handle, ctx->sc);
kfree(ctx->maps);
kfree(ctx->olaps);
kfree(ctx->args);
kfree(ctx);
fastrpc_channel_ctx_put(cctx);
}
// static void fastrpc_context_get(struct fastrpc_invoke_ctx *ctx)
// {
// kref_get(&ctx->refcount);
// }
static void fastrpc_context_put(struct fastrpc_invoke_ctx *ctx)
{
kref_put(&ctx->refcount, fastrpc_context_free);
}
// static void fastrpc_context_put_wq(struct work_struct *work)
// {
// struct fastrpc_invoke_ctx *ctx =
// container_of(work, struct fastrpc_invoke_ctx, put_work);
// fastrpc_context_put(ctx);
// }
#define CMP(aa, bb) ((aa) == (bb) ? 0 : (aa) < (bb) ? -1 : 1)
static u32 sorted_lists_intersection(u32 *listA,
u32 lenA, u32 *listB, u32 lenB)
{
u32 i = 0, j = 0;
while (i < lenA && j < lenB) {
if (listA[i] < listB[j])
i++;
else if (listA[i] > listB[j])
j++;
else
return listA[i];
}
return 0;
}
static int uint_cmp_func(const void *p1, const void *p2)
{
u32 a1 = *((u32 *)p1);
u32 a2 = *((u32 *)p2);
return CMP(a1, a2);
}
static int olaps_cmp(const void *a, const void *b)
{
struct fastrpc_buf_overlap *pa = (struct fastrpc_buf_overlap *)a;
struct fastrpc_buf_overlap *pb = (struct fastrpc_buf_overlap *)b;
/* sort with lowest starting buffer first */
int st = CMP(pa->start, pb->start);
/* sort with highest ending buffer first */
int ed = CMP(pb->end, pa->end);
return st == 0 ? ed : st;
}
static int fastrpc_get_buff_overlaps(struct fastrpc_invoke_ctx *ctx)
{
u64 max_end = 0;
int i;
struct device *dev = ctx->fl->sctx->smmucb[DEFAULT_SMMU_IDX].dev;
for (i = 0; i < ctx->nbufs; ++i) {
ctx->olaps[i].start = ctx->args[i].ptr;
/* Check the overflow for user buffer */
if (ctx->olaps[i].start > (ULLONG_MAX - ctx->args[i].length)) {
dev_dbg(dev,
"user passed invalid non ion buffer addr 0x%llx, size %llx\n",
ctx->args[i].ptr, ctx->args[i].length);
return -EFAULT;
}
ctx->olaps[i].end = ctx->olaps[i].start + ctx->args[i].length;
ctx->olaps[i].raix = i;
}
sort(ctx->olaps, ctx->nbufs, sizeof(*ctx->olaps), olaps_cmp, NULL);
for (i = 0; i < ctx->nbufs; ++i) {
/* Falling inside previous range */
if (ctx->olaps[i].start < max_end) {
ctx->olaps[i].mstart = max_end;
ctx->olaps[i].mend = ctx->olaps[i].end;
ctx->olaps[i].offset = max_end - ctx->olaps[i].start;
if (ctx->olaps[i].end > max_end) {
max_end = ctx->olaps[i].end;
} else {
ctx->olaps[i].mend = 0;
ctx->olaps[i].mstart = 0;
}
} else {
ctx->olaps[i].mend = ctx->olaps[i].end;
ctx->olaps[i].mstart = ctx->olaps[i].start;
ctx->olaps[i].offset = 0;
max_end = ctx->olaps[i].end;
}
}
return 0;
}
static struct fastrpc_invoke_ctx *fastrpc_context_alloc(
struct fastrpc_user *user, u32 kernel, u32 sc,
struct fastrpc_enhanced_invoke *invoke)
{
struct fastrpc_channel_ctx *cctx = user->cctx;
struct fastrpc_invoke_ctx *ctx = NULL;
unsigned long flags;
int ret;
ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
if (!ctx)
return ERR_PTR(-ENOMEM);
INIT_LIST_HEAD(&ctx->node);
ctx->fl = user;
ctx->nscalars = REMOTE_SCALARS_LENGTH(sc);
ctx->nbufs = REMOTE_SCALARS_INBUFS(sc) +
REMOTE_SCALARS_OUTBUFS(sc);
if (ctx->nscalars) {
ctx->maps = kcalloc(ctx->nscalars,
sizeof(*ctx->maps), GFP_KERNEL);
if (!ctx->maps) {
ret = -ENOMEM;
goto err_alloc;
}
ctx->olaps = kcalloc(ctx->nscalars,
sizeof(*ctx->olaps), GFP_KERNEL);
if (!ctx->olaps) {
ret = -ENOMEM;
goto err_alloc;
}
ctx->args = kcalloc(ctx->nscalars,
sizeof(*ctx->args), GFP_KERNEL);
if (!ctx->args) {
ret = -ENOMEM;
goto err_alloc;
}
if (!kernel) {
if (copy_from_user((void *)ctx->args,
(void __user *)(uintptr_t)invoke->inv.args,
ctx->nscalars * sizeof(*ctx->args))) {
ret = -EFAULT;
goto err_alloc;
}
} else {
memcpy((void *)ctx->args,
(void *)(uintptr_t)invoke->inv.args,
ctx->nscalars * sizeof(*ctx->args));
}
invoke->inv.args = (__u64)ctx->args;
ret = fastrpc_get_buff_overlaps(ctx);
if (ret)
goto err_alloc;
}
/* Released in fastrpc_context_put() */
fastrpc_channel_ctx_get(cctx);
ctx->crc = (u32 *)(uintptr_t)invoke->crc;
ctx->perf_dsp = (u64 *)(uintptr_t)invoke->perf_dsp;
ctx->perf_kernel = (u64 *)(uintptr_t)invoke->perf_kernel;
if (ctx->fl->profile) {
ctx->perf = kzalloc(sizeof(*(ctx->perf)), GFP_KERNEL);
if (!ctx->perf) {
ret = -ENOMEM;
goto err_perf_alloc;
}
ctx->perf->tid = ctx->fl->tgid;
}
ctx->handle = invoke->inv.handle;
ctx->sc = sc;
ctx->retval = -1;
ctx->pid = current->pid;
ctx->tgid = user->tgid;
ctx->cctx = cctx;
ctx->rsp_flags = NORMAL_RESPONSE;
ctx->is_work_done = false;
init_completion(&ctx->work);
// INIT_WORK(&ctx->put_work, fastrpc_context_put_wq);
spin_lock(&user->lock);
list_add_tail(&ctx->node, &user->pending);
spin_unlock(&user->lock);
spin_lock_irqsave(&cctx->lock, flags);
ret = idr_alloc_cyclic(&cctx->ctx_idr, ctx, 1,
FASTRPC_CTX_MAX, GFP_ATOMIC);
if (ret < 0) {
spin_unlock_irqrestore(&cctx->lock, flags);
goto err_idr;
}
cctx->jobid++;
ctx->ctxid = FASTRPC_PACK_JOBID_IN_CTXID(ctx->ctxid, cctx->jobid);
ctx->ctxid = FASTRPC_PACK_IDR_IN_CTXID(ctx->ctxid, ret);
spin_unlock_irqrestore(&cctx->lock, flags);
trace_fastrpc_context_alloc((uint64_t)ctx,
ctx->ctxid, ctx->handle, ctx->sc);
kref_init(&ctx->refcount);
return ctx;
err_idr:
spin_lock(&user->lock);
list_del(&ctx->node);
spin_unlock(&user->lock);
err_perf_alloc:
fastrpc_channel_ctx_put(cctx);
err_alloc:
kfree(ctx->maps);
kfree(ctx->olaps);
kfree(ctx->args);
kfree(ctx);
return ERR_PTR(ret);
}
static struct fastrpc_invoke_ctx *fastrpc_context_restore_interrupted(
struct fastrpc_user *fl, struct fastrpc_invoke *inv)
{
struct fastrpc_invoke_ctx *ctx = NULL, *ictx = NULL, *n;
spin_lock(&fl->lock);
list_for_each_entry_safe(ictx, n, &fl->interrupted, node) {
if (ictx->pid == current->pid) {
if (inv->sc != ictx->sc || ictx->fl != fl) {
dev_err(ictx->fl->sctx->smmucb[DEFAULT_SMMU_IDX].dev,
"interrupted sc (0x%x) or fl (%pK) does not match with invoke sc (0x%x) or fl (%pK)\n",
ictx->sc, ictx->fl, inv->sc, fl);
spin_unlock(&fl->lock);
return ERR_PTR(-EINVAL);
} else {
ctx = ictx;
list_del(&ctx->node);
list_add_tail(&ctx->node, &fl->pending);
}
break;
}
}
spin_unlock(&fl->lock);
return ctx;
}
static void fastrpc_context_save_interrupted(
struct fastrpc_invoke_ctx *ctx)
{
trace_fastrpc_context_interrupt(ctx->cctx->domain_id, (uint64_t)ctx,
ctx->msg.ctx, ctx->msg.handle, ctx->msg.sc);
spin_lock(&ctx->fl->lock);
list_del(&ctx->node);
list_add_tail(&ctx->node, &ctx->fl->interrupted);
spin_unlock(&ctx->fl->lock);
}
static struct sg_table *
fastrpc_map_dma_buf(struct dma_buf_attachment *attachment,
enum dma_data_direction dir)
{
struct fastrpc_dma_buf_attachment *a = attachment->priv;
struct sg_table *table;
int ret;
table = &a->sgt;
ret = dma_map_sgtable(attachment->dev, table, dir, 0);
if (ret)
table = ERR_PTR(ret);
return table;
}
static void fastrpc_unmap_dma_buf(struct dma_buf_attachment *attach,
struct sg_table *table,
enum dma_data_direction dir)
{
dma_unmap_sgtable(attach->dev, table, dir, 0);
}
static void fastrpc_release(struct dma_buf *dmabuf)
{
struct fastrpc_buf *buffer = dmabuf->priv;
fastrpc_buf_free(buffer, false);
}
static int fastrpc_dma_buf_attach(struct dma_buf *dmabuf,
struct dma_buf_attachment *attachment)
{
struct fastrpc_dma_buf_attachment *a;
struct fastrpc_buf *buffer = dmabuf->priv;
int ret;
a = kzalloc(sizeof(*a), GFP_KERNEL);
if (!a)
return -ENOMEM;
ret = dma_get_sgtable(buffer->dev, &a->sgt, buffer->virt,
FASTRPC_PHYS(buffer->phys), buffer->size);
if (ret < 0) {
dev_err(buffer->dev, "failed to get scatterlist from DMA API\n");
kfree(a);
return -EINVAL;
}
a->dev = attachment->dev;
INIT_LIST_HEAD(&a->node);
attachment->priv = a;
mutex_lock(&buffer->lock);
list_add(&a->node, &buffer->attachments);
mutex_unlock(&buffer->lock);
return 0;
}
static void fastrpc_dma_buf_detatch(struct dma_buf *dmabuf,
struct dma_buf_attachment *attachment)
{
struct fastrpc_dma_buf_attachment *a = attachment->priv;
struct fastrpc_buf *buffer = dmabuf->priv;
mutex_lock(&buffer->lock);
list_del(&a->node);
mutex_unlock(&buffer->lock);
sg_free_table(&a->sgt);
kfree(a);
}
static int fastrpc_vmap(struct dma_buf *dmabuf, struct iosys_map *map)
{
struct fastrpc_buf *buf = dmabuf->priv;
iosys_map_set_vaddr(map, buf->virt);
return 0;
}
static int fastrpc_mmap(struct dma_buf *dmabuf,
struct vm_area_struct *vma)
{
struct fastrpc_buf *buf = dmabuf->priv;
size_t size = vma->vm_end - vma->vm_start;
return dma_mmap_coherent(buf->dev, vma, buf->virt,
FASTRPC_PHYS(buf->phys), size);
}
static const struct dma_buf_ops fastrpc_dma_buf_ops = {
.attach = fastrpc_dma_buf_attach,
.detach = fastrpc_dma_buf_detatch,
.map_dma_buf = fastrpc_map_dma_buf,
.unmap_dma_buf = fastrpc_unmap_dma_buf,
.mmap = fastrpc_mmap,
.vmap = fastrpc_vmap,
.release = fastrpc_release,
};
static struct fastrpc_pool_ctx *fastrpc_session_alloc(
struct fastrpc_user *fl, bool secure)
{
struct fastrpc_pool_ctx *session = NULL, *isess = NULL;
struct fastrpc_channel_ctx *cctx = fl->cctx;
unsigned long flags;
bool sharedcb = fl->sharedcb;
int pd_type = fl->pd_type;
int i;
if (!cctx->dev)
return session;
/*
* If PD type is configured for context banks in device tree,
* use CPZ_USERPD, to allocate secure context bank type.
*/
if (secure && cctx->pd_type) {
pd_type = CPZ_USERPD;
sharedcb = true;
} else if (secure)
/* Legacy case, where pd_type is not configured in device tree */
pd_type = DEFAULT_UNUSED;
/*
* If session allocated already and PD type is configured for non secure,
* use same session.
*/
if (fl->sctx && !secure)
return fl->sctx;
spin_lock_irqsave(&cctx->lock, flags);
for (i = 0; i < cctx->sesscount; i++) {
/*
* Session is chosen based on following conditions:
* 1. If session is SID pooled (smmucount > 1), then any number of applications
* can use session, else only one application (usecount == 0) is allowed to
* use session
* AND
* 2. SMMU CB should always be valid, should not have been unregistered.
* AND
* 3. If process is secure usecase (CPZ usecase), then session also
* should have secure parameter set.
* AND
* 4. If process needs to share CB (sensors usecases share one CB), then
* session also should have sharedcb parameter set.
* AND
* 5. If pd_type is configured, then process pd_type needs to match with
* session pd_type, else pd_type check is ignored
*/
isess = &cctx->session[i];
if ((isess->usecount == 0 || isess->smmucount > 1) &&
isess->smmucb[DEFAULT_SMMU_IDX].valid &&
isess->secure == secure &&
isess->sharedcb == sharedcb &&
(pd_type == DEFAULT_UNUSED || isess->pd_type == pd_type || secure)) {
session = isess;
/*
* Increment number of apps using session.
* Will be max 1 for sessions that don't have
* pooled context banks or a shared context bank.
*/
session->usecount++;
break;
}
}
spin_unlock_irqrestore(&cctx->lock, flags);
return session;
}
static void fastrpc_session_free(struct fastrpc_channel_ctx *cctx,
struct fastrpc_pool_ctx *session)
{
unsigned long flags;
spin_lock_irqsave(&cctx->lock, flags);
if (session->usecount > 0)
session->usecount--;
spin_unlock_irqrestore(&cctx->lock, flags);
}
static void fastrpc_pm_awake(struct fastrpc_user *fl,
u32 is_secure_channel)
{
struct fastrpc_channel_ctx *cctx = fl->cctx;
struct wakeup_source *wake_source = NULL;
/*
* Vote with PM to abort any suspend in progress and
* keep system awake for specified timeout
*/
if (is_secure_channel)
wake_source = cctx->wake_source_secure;
else
wake_source = cctx->wake_source;
if (wake_source)
pm_wakeup_ws_event(wake_source, fl->ws_timeout, true);
}
static void fastrpc_pm_relax(struct fastrpc_user *fl,
u32 is_secure_channel)
{
struct fastrpc_channel_ctx *cctx = fl->cctx;
struct wakeup_source *wake_source = NULL;
if (!fl->wake_enable)
return;
mutex_lock(&cctx->wake_mutex);
if (is_secure_channel)
wake_source = cctx->wake_source_secure;
else
wake_source = cctx->wake_source;
if (wake_source)
__pm_relax(wake_source);
mutex_unlock(&cctx->wake_mutex);
}
static int get_buffer_attr(struct dma_buf *buf, bool *exclusive_access)
{
const int *vmids_list = NULL;
const int *perms = NULL;
int err = 0;
int vmids_list_len = 0;
*exclusive_access = false;
err = mem_buf_dma_buf_get_vmperm(buf, &vmids_list, &perms, &vmids_list_len);
if (err)
return err;
/*
* If one VM has access to buffer and is the current VM,
* then VM has exclusive access to buffer
*/
if (vmids_list_len == 1 && vmids_list[0] == mem_buf_current_vmid())
*exclusive_access = true;
return err;
}
static int set_buffer_secure_type(struct fastrpc_map *map)
{
int err = 0;
bool exclusive_access = false;
struct device *dev = map->fl->cctx->dev;
err = get_buffer_attr(map->buf, &exclusive_access);
if (err) {
dev_err(dev, "failed to obtain buffer attributes for fd %d ret %d\n", map->fd, err);
return -EBADFD;
}
/*
* Secure buffers would always be owned by multiple VMs.
* If current VM is the exclusive owner of a buffer, it is considered non-secure.
* In PVM:
* - CPZ buffers are secure
* - All other buffers are non-secure
* In TVM:
* - Since it is a secure environment by default, there are no explicit "secure" buffers
* - All buffers are marked "non-secure"
*/
#if IS_ENABLED(CONFIG_QCOM_FASTRPC_TRUSTED)
map->secure = 0;
#else
map->secure = (exclusive_access) ? 0 : 1;
#endif
return err;
}
static int fastrpc_map_create(struct fastrpc_user *fl, int fd,
u64 va, struct dma_buf *buf, u64 len,
u32 attr, int mflags, struct fastrpc_map **ppmap,
bool take_ref)
{
struct fastrpc_pool_ctx *sess = NULL;
struct fastrpc_map *map = NULL;
struct scatterlist *sgl = NULL;
int err = 0, sgl_index = 0;
struct device *dev = NULL;
struct fastrpc_smmu *smmucb = NULL;
u32 smmuidx = DEFAULT_SMMU_IDX;
if (!fastrpc_map_lookup(fl, fd, va, len, buf, mflags, ppmap, take_ref))
return 0;
map = kzalloc(sizeof(*map), GFP_KERNEL);
if (!map)
return -ENOMEM;
INIT_LIST_HEAD(&map->node);
kref_init(&map->refcount);
map->fl = fl;
map->fd = fd;
map->flags = mflags;
map->len = len;
if(mflags == ADSP_MMAP_DMA_BUFFER) {
if (!buf) {
err = -EFAULT;
goto get_err;
}
map->buf = buf;
get_dma_buf(map->buf);
} else {
map->buf = dma_buf_get(fd);
if (IS_ERR(map->buf)) {
err = PTR_ERR(map->buf);
goto get_err;
}
}
err = set_buffer_secure_type(map);
if (err)
goto attach_err;
if (map->secure && (!(attr & FASTRPC_ATTR_NOMAP || mflags == FASTRPC_MAP_FD_NOMAP))) {
if (!fl->secsctx) {
fl->secsctx = fastrpc_session_alloc(fl, true);
if (!fl->secsctx) {
dev_err(fl->cctx->dev, "No secure session available\n");
err = -EBUSY;
goto attach_err;
}
}
sess = fl->secsctx;
} else {
sess = fl->sctx;
}
map_retry:
smmuidx = fastrpc_smmu_device_lookup(sess, len, smmuidx);
if (smmuidx >= sess->smmucount) {
dev_err(fl->cctx->dev,
"%s: No valid smmu context bank found for len 0x%llx\n",
__func__, len);
err = -ENOSR;
goto attach_err;
} else {
smmucb = &sess->smmucb[smmuidx];
}
if (attr & FASTRPC_ATTR_NOMAP || mflags == FASTRPC_MAP_FD_NOMAP) {
dev = fl->cctx->dev;
} else {
dev = smmucb->dev;
map->smmucb = smmucb;
}
mutex_lock(&smmucb->map_mutex);
if (!smmucb->dev) {
err = -ENODEV;
mutex_unlock(&smmucb->map_mutex);
goto attach_err;
}
map->attach = dma_buf_attach(map->buf, dev);
if (IS_ERR(map->attach)) {
dev_err(dev, "Failed to attach dmabuf\n");
err = PTR_ERR(map->attach);
mutex_unlock(&smmucb->map_mutex);
goto attach_err;
}
err = dma_buf_map_attachment_wrap(map);
/*
* Retry allocation on next availale IOMMU CB,
* if there is no enough virtual space available on current IOMMU CB.
* Detach from current IOMMU CB.
*/
if (err == -ENOMEM || err == -EINVAL) {
mutex_unlock(&smmucb->map_mutex);
dma_buf_detach(map->buf, map->attach);
smmuidx++;
goto map_retry;
} else if (err) {
goto map_err;
}
if (attr & FASTRPC_ATTR_SECUREMAP) {
map->phys = sg_phys(map->table->sgl);
for_each_sg(map->table->sgl, sgl, map->table->nents,
sgl_index)
map->size += sg_dma_len(sgl);
map->va = (void *) (uintptr_t) va;
smmucb->allocatedbytes += SMMU_ALIGN(map->size);
} else if (attr & FASTRPC_ATTR_NOMAP || mflags == FASTRPC_MAP_FD_NOMAP){
map->phys = sg_dma_address(map->table->sgl);
map->size = sg_dma_len(map->table->sgl);
map->va = (void *) (uintptr_t) va;
} else {
map->phys = sg_dma_address(map->table->sgl);
map->phys += ((u64)smmucb->sid << 32);
for_each_sg(map->table->sgl, sgl, map->table->nents,
sgl_index)
map->size += sg_dma_len(sgl);
map->va = (void *) (uintptr_t) va;
smmucb->allocatedbytes += SMMU_ALIGN(map->size);
}
trace_fastrpc_dma_map(map->fl->cctx->domain_id, map->fd, map->phys,
map->size, map->len, map->attach->dma_map_attrs, map->flags);
mutex_unlock(&smmucb->map_mutex);
if (attr & FASTRPC_ATTR_SECUREMAP) {
/*
* If subsystem VMIDs are defined in DTSI, then do
* hyp_assign from HLOS to those VM(s)
*/
u64 src_perms = BIT(QCOM_SCM_VMID_HLOS);
struct qcom_scm_vmperm dst_perms[2] = {0};
dst_perms[0].vmid = QCOM_SCM_VMID_HLOS;
dst_perms[0].perm = QCOM_SCM_PERM_RW;
dst_perms[1].vmid = fl->cctx->vmperms[0].vmid;
dst_perms[1].perm = QCOM_SCM_PERM_RWX;
err = qcom_scm_assign_mem(map->phys, (u64)map->size, &src_perms, dst_perms, 2);
if (err) {
dev_err(smmucb->dev,
"Failed to assign memory with phys 0x%llx size 0x%llx err %d",
map->phys, map->size, err);
goto assign_err;
}
}
map->attr = attr;
spin_lock(&fl->lock);
list_add_tail(&map->node, &fl->maps);
spin_unlock(&fl->lock);
*ppmap = map;
return 0;
assign_err:
dma_buf_unmap_attachment_wrap(map);
map_err:
dma_buf_detach(map->buf, map->attach);
attach_err:
dma_buf_put(map->buf);
get_err:
kfree(map);
return err;
}
/*
* Fastrpc payload buffer with metadata looks like:
*
* >>>>>> START of METADATA <<<<<<<<<
* +---------------------------------+
* | Arguments |
* | type:(union fastrpc_remote_arg)|
* | (0 - N) |
* +---------------------------------+
* | Invoke Buffer list |
* | type:(struct fastrpc_invoke_buf)|
* | (0 - N) |
* +---------------------------------+
* | Page info list |
* | type:(struct fastrpc_phy_page) |
* | (0 - N) |
* +---------------------------------+
* | Optional info |
* |(can be specific to SoC/Firmware)|
* +---------------------------------+
* >>>>>>>> END of METADATA <<<<<<<<<
* +---------------------------------+
* | Inline ARGS |
* | (0-N) |
* +---------------------------------+
*/
static int fastrpc_get_meta_size(struct fastrpc_invoke_ctx *ctx)
{
int size = 0;
size = (sizeof(struct fastrpc_remote_buf) +
sizeof(struct fastrpc_invoke_buf) +
sizeof(struct fastrpc_phy_page)) * ctx->nscalars +
sizeof(u64) * FASTRPC_MAX_FDLIST +
sizeof(u32) * FASTRPC_MAX_CRCLIST +
sizeof(u32) + sizeof(u64) * FASTRPC_DSP_PERF_LIST;
return size;
}
static u64 fastrpc_get_payload_size(struct fastrpc_invoke_ctx *ctx, int metalen)
{
u64 size = 0, len;
int oix;
size = ALIGN(metalen, FASTRPC_ALIGN);
for (oix = 0; oix < ctx->nbufs; oix++) {
int i = ctx->olaps[oix].raix;
if (ctx->args[i].fd == 0 || ctx->args[i].fd == -1) {
if (ctx->olaps[oix].offset == 0)
size = ALIGN(size, FASTRPC_ALIGN);
len = (ctx->olaps[oix].mend - ctx->olaps[oix].mstart);
/* Check the overflow for payload */
if (size > (ULLONG_MAX - len))
return 0;
size += len;
}
}
return size;
}
static int fastrpc_create_maps(struct fastrpc_invoke_ctx *ctx)
{
struct device *dev = ctx->fl->sctx->smmucb[DEFAULT_SMMU_IDX].dev;
struct fastrpc_channel_ctx *cctx = ctx->fl->cctx;
int i, err;
for (i = 0; i < ctx->nscalars; ++i) {
bool take_ref = true;
int mflags = 0;
if (ctx->args[i].fd == 0 || ctx->args[i].fd == -1 ||
(i >= ctx->nbufs && cctx->dsp_attributes[DMA_HANDLE_REVERSE_RPC_CAP]) ||
ctx->args[i].length == 0)
continue;
if (i >= ctx->nbufs) {
take_ref = false;
/* Set the DMA handle mapping flag for DMA handles */
mflags = FASTRPC_MAP_LEGACY_DMA_HANDLE;
}
mutex_lock(&ctx->fl->map_mutex);
err = fastrpc_map_create(ctx->fl, ctx->args[i].fd, (u64)ctx->args[i].ptr, NULL,
ctx->args[i].length, ctx->args[i].attr, mflags, &ctx->maps[i], take_ref);
mutex_unlock(&ctx->fl->map_mutex);
if (err) {
dev_err(dev, "Error Creating map %d\n", err);
return -EINVAL;
}
}
return 0;
}
static struct fastrpc_invoke_buf *fastrpc_invoke_buf_start(union fastrpc_remote_arg *pra, int len)
{
return (struct fastrpc_invoke_buf *)(&pra[len]);
}
static struct fastrpc_phy_page *fastrpc_phy_page_start(struct fastrpc_invoke_buf *buf, int len)
{
return (struct fastrpc_phy_page *)(&buf[len]);
}
static int fastrpc_get_args(u32 kernel, struct fastrpc_invoke_ctx *ctx)
{
struct device *dev = ctx->fl->sctx->smmucb[DEFAULT_SMMU_IDX].dev;
union fastrpc_remote_arg *rpra;
struct fastrpc_invoke_buf *list;
struct fastrpc_phy_page *pages;
int inbufs, i, oix, err = 0;
u64 len, rlen, pkt_size;
u64 pg_start, pg_end;
u64 *perf_counter = NULL;
uintptr_t args;
int metalen;
if (ctx->fl->profile)
perf_counter = (u64 *)ctx->perf + PERF_COUNT;
inbufs = REMOTE_SCALARS_INBUFS(ctx->sc);
metalen = fastrpc_get_meta_size(ctx);
pkt_size = fastrpc_get_payload_size(ctx, metalen);
if (!pkt_size) {
dev_err(dev, "invalid payload size for handle 0x%x, sc 0x%x\n",
ctx->handle, ctx->sc);
return -EFAULT;
}
PERF(ctx->fl->profile, GET_COUNTER(perf_counter, PERF_MAP),
err = fastrpc_create_maps(ctx);
if (err)
return err;
PERF_END);
ctx->msg_sz = metalen;
err = fastrpc_smmu_buf_alloc(ctx->fl, pkt_size, METADATA_BUF, &ctx->buf);
if (err)
return err;
memset(ctx->buf->virt, 0, pkt_size);
rpra = ctx->buf->virt;
list = fastrpc_invoke_buf_start(rpra, ctx->nscalars);
pages = fastrpc_phy_page_start(list, ctx->nscalars);
args = (uintptr_t)ctx->buf->virt + metalen;
rlen = pkt_size - metalen;
ctx->rpra = rpra;
for (oix = 0; oix < ctx->nbufs; ++oix) {
u64 mlen;
u64 offset = 0;
i = ctx->olaps[oix].raix;
len = ctx->args[i].length;
rpra[i].buf.pv = 0;
rpra[i].buf.len = len;
list[i].num = len ? 1 : 0;
list[i].pgidx = i;
if (!len)
continue;
if (ctx->maps[i]) {
struct vm_area_struct *vma = NULL;
u64 addr = (u64)ctx->args[i].ptr & PAGE_MASK, vm_start = 0,
vm_end = 0;
PERF(ctx->fl->profile, GET_COUNTER(perf_counter, PERF_MAP),
rpra[i].buf.pv = (u64) ctx->args[i].ptr;
pages[i].addr = ctx->maps[i]->phys;
if (len > ctx->maps[i]->size) {
err = -EFAULT;
dev_err(dev,
"Invalid buffer addr 0x%llx len 0x%llx IPA 0x%llx size 0x%llx fd %d\n",
ctx->args[i].ptr, len, ctx->maps[i]->phys,
ctx->maps[i]->size, ctx->maps[i]->fd);
goto bail;
}
if (!(ctx->maps[i]->attr & FASTRPC_ATTR_NOVA)) {
mmap_read_lock(current->mm);
vma = find_vma(current->mm, ctx->args[i].ptr);
if (vma) {
vm_start = vma->vm_start;
vm_end = vma->vm_end;
}
mmap_read_unlock(current->mm);
if (addr < vm_start || addr + len > vm_end ||
(addr - vm_start) + len > ctx->maps[i]->size) {
err = -EFAULT;
dev_err(dev,
"Invalid buffer addr 0x%llx len 0x%llx vm start 0x%llx vm end 0x%llx IPA 0x%llx size 0x%llx\n",
ctx->args[i].ptr, len, vm_start, vm_end,
ctx->maps[i]->phys, ctx->maps[i]->size);
goto bail;
}
else
offset = addr - vm_start;
pages[i].addr += offset;
}
pg_start = addr >> PAGE_SHIFT;
pg_end = ((ctx->args[i].ptr + len - 1) & PAGE_MASK) >>
PAGE_SHIFT;
pages[i].size = (pg_end - pg_start + 1) * PAGE_SIZE;
PERF_END);
} else {
PERF(ctx->fl->profile, GET_COUNTER(perf_counter, PERF_COPY),
if (ctx->olaps[oix].offset == 0) {
rlen -= ALIGN(args, FASTRPC_ALIGN) - args;
args = ALIGN(args, FASTRPC_ALIGN);
}
mlen = ctx->olaps[oix].mend - ctx->olaps[oix].mstart;
if (mlen > COPY_BUF_WARN_LIMIT)
dev_dbg(dev, "user passed non ion buffer size 0x%llx, mend 0x%llx mstart 0x%llx, sc 0x%x\n",
mlen, ctx->olaps[oix].mend, ctx->olaps[oix].mstart, ctx->sc);
if (rlen < mlen)
goto bail;
rpra[i].buf.pv = args - ctx->olaps[oix].offset;
pages[i].addr = ctx->buf->phys -
ctx->olaps[oix].offset +
(pkt_size - rlen);
pages[i].addr = pages[i].addr & PAGE_MASK;
pg_start = (rpra[i].buf.pv & PAGE_MASK) >> PAGE_SHIFT;
pg_end = ((rpra[i].buf.pv + len - 1) & PAGE_MASK) >> PAGE_SHIFT;
pages[i].size = (pg_end - pg_start + 1) * PAGE_SIZE;
args = args + mlen;
rlen -= mlen;
PERF_END);
}
if (i < inbufs && !ctx->maps[i]) {
void *dst = (void *)(uintptr_t)rpra[i].buf.pv;
void *src = (void *)(uintptr_t)ctx->args[i].ptr;
PERF(ctx->fl->profile, GET_COUNTER(perf_counter, PERF_COPY),
if (!kernel) {
if (copy_from_user(dst, (void __user *)src, len)) {
dev_err(dev, "invalid buffer length 0x%llx\n", len);
err = -EFAULT;
goto bail;
}
} else {
memcpy(dst, src, len);
}
PERF_END);
}
}
for (i = ctx->nbufs; i < ctx->nscalars; ++i) {
list[i].num = ctx->args[i].length ? 1 : 0;
list[i].pgidx = i;
if (ctx->maps[i]) {
pages[i].addr = ctx->maps[i]->phys;
pages[i].size = ctx->maps[i]->size;
}
rpra[i].dma.fd = ctx->args[i].fd;
rpra[i].dma.len = ctx->args[i].length;
rpra[i].dma.offset = (u64) ctx->args[i].ptr;
}
bail:
if (err)
dev_err(dev, "Error: get invoke args failed:%d\n", err);
return err;
}
static int fastrpc_put_args(struct fastrpc_invoke_ctx *ctx,
u32 kernel)
{
union fastrpc_remote_arg *rpra = ctx->rpra;
struct fastrpc_user *fl = ctx->fl;
struct fastrpc_map *mmap = NULL;
struct fastrpc_invoke_buf *list;
struct fastrpc_phy_page *pages;
u64 *fdlist, *perf_dsp_list;
u32 *crclist, *poll;
int i, inbufs, outbufs, handles, perferr;
inbufs = REMOTE_SCALARS_INBUFS(ctx->sc);
outbufs = REMOTE_SCALARS_OUTBUFS(ctx->sc);
handles = REMOTE_SCALARS_INHANDLES(ctx->sc) + REMOTE_SCALARS_OUTHANDLES(ctx->sc);
list = fastrpc_invoke_buf_start(rpra, ctx->nscalars);
pages = fastrpc_phy_page_start(list, ctx->nscalars);
fdlist = (u64 *)(pages + inbufs + outbufs + handles);
crclist = (u32 *)(fdlist + FASTRPC_MAX_FDLIST);
poll = (u32 *)(crclist + FASTRPC_MAX_CRCLIST);
perf_dsp_list = (u64 *)(poll + 1);
for (i = inbufs; i < ctx->nbufs; ++i) {
if (!ctx->maps[i]) {
void *src = (void *)(uintptr_t)rpra[i].buf.pv;
void *dst = (void *)(uintptr_t)ctx->args[i].ptr;
u64 len = rpra[i].buf.len;
if (!kernel) {
if (copy_to_user((void __user *)dst, src, len))
return -EFAULT;
} else {
memcpy(dst, src, len);
}
}
}
for (i = 0; i < FASTRPC_MAX_FDLIST; i++) {
if (!fdlist[i])
break;
mutex_lock(&fl->map_mutex);
if (!fastrpc_map_lookup(fl, (int)fdlist[i], 0, 0, NULL, 0, &mmap, false))
/* Validate the map flags for DMA handles and skip freeing map if invalid */
if (mmap->flags == FASTRPC_MAP_LEGACY_DMA_HANDLE) {
/* Allow DMA handle maps to free only once */
mmap->flags = 0;
fastrpc_map_put(mmap);
}
mutex_unlock(&fl->map_mutex);
}
if (ctx->crc && crclist && rpra) {
if (copy_to_user((void __user *)ctx->crc, crclist, FASTRPC_MAX_CRCLIST * sizeof(u32)))
return -EFAULT;
}
if (ctx->perf_dsp && perf_dsp_list) {
if (0 != (perferr = copy_to_user((void __user *)ctx->perf_dsp, perf_dsp_list, FASTRPC_DSP_PERF_LIST * sizeof(u64)))) {
pr_err("failed to copy perf data %d\n", perferr);
}
}
return 0;
}
static s64 get_timestamp_in_ns(void)
{
s64 ns = 0;
struct timespec64 ts;
ktime_get_boottime_ts64(&ts);
ns = timespec64_to_ns(&ts);
return ns;
}
static void fastrpc_update_txmsg_buf(struct fastrpc_channel_ctx *chan,
struct fastrpc_msg *msg, int rpmsg_send_err, s64 ns)
{
unsigned long flags = 0;
u32 tx_index = 0;
struct fastrpc_tx_msg *tx_msg = NULL;
spin_lock_irqsave(&(chan->gmsg_log.tx_lock), flags);
tx_index = chan->gmsg_log.tx_index;
tx_msg = &(chan->gmsg_log.tx_msgs[tx_index]);
memcpy(&tx_msg->msg, msg, sizeof(struct fastrpc_msg));
tx_msg->rpmsg_send_err = rpmsg_send_err;
tx_msg->ns = ns;
tx_index++;
chan->gmsg_log.tx_index =
(tx_index > (GLINK_MSG_HISTORY_LEN - 1)) ? 0 : tx_index;
spin_unlock_irqrestore(&(chan->gmsg_log.tx_lock), flags);
}
static void fastrpc_update_rxmsg_buf(struct fastrpc_channel_ctx *chan,
u64 ctx, int retval, u32 rsp_flags,
u32 early_wake_time, u32 ver, s64 ns)
{
unsigned long flags = 0;
u32 rx_index = 0;
struct fastrpc_rx_msg *rx_msg = NULL;
struct fastrpc_invoke_rspv2 *rsp = NULL;
spin_lock_irqsave(&(chan->gmsg_log.rx_lock), flags);
rx_index = chan->gmsg_log.rx_index;
rx_msg = &(chan->gmsg_log.rx_msgs[rx_index]);
rsp = &rx_msg->rsp;
rsp->ctx = ctx;
rsp->retval = retval;
rsp->flags = rsp_flags;
rsp->early_wake_time = early_wake_time;
rsp->version = ver;
rx_msg->ns = ns;
rx_index++;
chan->gmsg_log.rx_index =
(rx_index > (GLINK_MSG_HISTORY_LEN - 1)) ? 0 : rx_index;
spin_unlock_irqrestore(&(chan->gmsg_log.rx_lock), flags);
}
/*
* fastrpc_getpd_msgidx()
* Function returns msg index that is embedded in rpc msg ctx sent to dsp
*/
static inline int fastrpc_getpd_msgidx(u32 pd_type) {
if (pd_type == ROOT_PD)
return 0;
else if (pd_type == SENSORS_STATICPD)
return 2;
else
return 1;
}
static int fastrpc_invoke_send(struct fastrpc_pool_ctx *sctx,
struct fastrpc_invoke_ctx *ctx,
u32 kernel, uint32_t handle)
{
struct fastrpc_channel_ctx *cctx;
struct fastrpc_user *fl = ctx->fl;
struct fastrpc_msg *msg = &ctx->msg;
int ret;
cctx = fl->cctx;
msg->pid = fl->tgid_frpc;
msg->tid = current->pid;
if (kernel == KERNEL_MSG_WITH_ZERO_PID)
msg->pid = 0;
/* Last 2 ctx ID bits, to route glink msg to appropriate PD type on DSP */
msg->ctx = FASTRPC_PACK_PD_IN_CTXID(ctx->ctxid,
fastrpc_getpd_msgidx(fl->pd_type));
msg->handle = handle;
msg->sc = ctx->sc;
msg->addr = ctx->buf ? ctx->buf->phys : 0;
msg->size = roundup(ctx->msg_sz, PAGE_SIZE);
// fastrpc_context_get(ctx);
ret = fastrpc_transport_send(cctx, (void *)msg, sizeof(*msg));
trace_fastrpc_transport_send(cctx->domain_id, (uint64_t)ctx, msg->ctx,
msg->handle, msg->sc, msg->addr, msg->size);
// if (ret)
// fastrpc_context_put(ctx);
fastrpc_update_txmsg_buf(cctx, msg, ret, get_timestamp_in_ns());
return ret;
}
static int poll_for_remote_response(struct fastrpc_invoke_ctx *ctx, u32 timeout)
{
int err = -EIO, ii = 0, jj = 0;
u32 sc = ctx->sc;
struct fastrpc_invoke_buf *list;
struct fastrpc_phy_page *pages;
u64 *fdlist = NULL;
u32 *crclist = NULL, *poll = NULL;
unsigned int inbufs, outbufs, handles;
/* calculate poll memory location */
inbufs = REMOTE_SCALARS_INBUFS(sc);
outbufs = REMOTE_SCALARS_OUTBUFS(sc);
handles = REMOTE_SCALARS_INHANDLES(sc) + REMOTE_SCALARS_OUTHANDLES(sc);
list = fastrpc_invoke_buf_start(ctx->rpra, ctx->nscalars);
pages = fastrpc_phy_page_start(list, ctx->nscalars);
fdlist = (u64 *)(pages + inbufs + outbufs + handles);
crclist = (u32 *)(fdlist + FASTRPC_MAX_FDLIST);
poll = (u32 *)(crclist + FASTRPC_MAX_CRCLIST);
/* poll on memory for DSP response. Return failure on timeout */
for (ii = 0, jj = 0; ii < timeout; ii++, jj++) {
if (*poll == FASTRPC_EARLY_WAKEUP_POLL) {
/* Remote processor sent early response */
err = 0;
break;
} else if (*poll == FASTRPC_POLL_RESPONSE) {
err = 0;
ctx->is_work_done = true;
ctx->retval = 0;
fastrpc_update_rxmsg_buf(ctx->fl->cctx, ctx->msg.ctx, 0,
POLL_MODE, 0, FASTRPC_RSP_VERSION2, get_timestamp_in_ns());
break;
}
if (jj == FASTRPC_POLL_TIME_MEM_UPDATE) {
/* Wait for DSP to finish updating poll memory */
rmb();
jj = 0;
}
udelay(1);
}
return err;
}
static inline int fastrpc_wait_for_response(struct fastrpc_invoke_ctx *ctx,
u32 kernel)
{
int interrupted = 0;
if (kernel)
wait_for_completion(&ctx->work);
else
interrupted = wait_for_completion_interruptible(&ctx->work);
return interrupted;
}
static void fastrpc_wait_for_completion(struct fastrpc_invoke_ctx *ctx,
int *ptr_interrupted, u32 kernel)
{
int err = 0, jj = 0;
bool wait_resp = false;
u32 wTimeout = FASTRPC_USER_EARLY_HINT_TIMEOUT;
u32 wakeTime = ctx->early_wake_time;
do {
switch (ctx->rsp_flags) {
/* try polling on completion with timeout */
case USER_EARLY_SIGNAL:
/* try wait if completion time is less than timeout */
/* disable preempt to avoid context switch latency */
preempt_disable();
jj = 0;
wait_resp = false;
for (; wakeTime < wTimeout && jj < wTimeout; jj++) {
wait_resp = try_wait_for_completion(&ctx->work);
if (wait_resp)
break;
udelay(1);
}
preempt_enable();
if (!wait_resp) {
*ptr_interrupted = fastrpc_wait_for_response(ctx, kernel);
if (*ptr_interrupted || ctx->is_work_done)
return;
}
break;
/* busy poll on memory for actual job done */
case EARLY_RESPONSE:
trace_fastrpc_msg("early_response: poll_begin");
err = poll_for_remote_response(ctx, FASTRPC_POLL_TIME);
/* Mark job done if poll on memory successful */
/* Wait for completion if poll on memory timeout */
if (!err) {
ctx->is_work_done = true;
return;
}
trace_fastrpc_msg("early_response: poll_timeout");
if (!ctx->is_work_done) {
*ptr_interrupted = fastrpc_wait_for_response(ctx, kernel);
if (*ptr_interrupted || ctx->is_work_done)
return;
}
break;
case COMPLETE_SIGNAL:
case NORMAL_RESPONSE:
*ptr_interrupted = fastrpc_wait_for_response(ctx, kernel);
if (*ptr_interrupted || ctx->is_work_done)
return;
break;
case POLL_MODE:
trace_fastrpc_msg("poll_mode: begin");
err = poll_for_remote_response(ctx, ctx->fl->poll_timeout);
/* If polling timed out, move to normal response state */
if (err) {
trace_fastrpc_msg("poll_mode: timeout");
ctx->rsp_flags = NORMAL_RESPONSE;
} else {
*ptr_interrupted = 0;
}
break;
default:
*ptr_interrupted = -EBADR;
pr_err("unsupported response type:0x%x\n", ctx->rsp_flags);
break;
}
} while (!ctx->is_work_done);
}
static void fastrpc_update_invoke_count(u32 handle, u64 *perf_counter,
struct timespec64 *invoket)
{
/* update invoke count for dynamic handles */
u64 *invcount, *count;
invcount = GET_COUNTER(perf_counter, PERF_INVOKE);
if (invcount)
*invcount += getnstimediff(invoket);
count = GET_COUNTER(perf_counter, PERF_COUNT);
if (count)
*count += 1;
}
static int fastrpc_internal_invoke(struct fastrpc_user *fl, u32 kernel,
struct fastrpc_enhanced_invoke *invoke)
{
struct fastrpc_invoke_ctx *ctx = NULL;
struct fastrpc_invoke *inv = &invoke->inv;
u32 handle, sc;
int err = 0, perferr = 0, interrupted = 0;
u64 *perf_counter = NULL;
struct timespec64 invoket = {0};
struct device *dev = NULL;
if (atomic_read(&fl->cctx->teardown))
return -EPIPE;
if (fl->profile)
ktime_get_real_ts64(&invoket);
if (!fl->sctx)
return -EINVAL;
dev = fl->sctx->smmucb[DEFAULT_SMMU_IDX].dev;
if ((!fl->cctx->dev) || (!dev))
return -EPIPE;
handle = inv->handle;
sc = inv->sc;
if (handle == FASTRPC_INIT_HANDLE && !kernel) {
dev_warn_ratelimited(dev,
"user app trying to send a kernel RPC message (%d)\n", handle);
return -EPERM;
}
/*
* After PDR, for Audio & OIS PD, kill call is still needed to clean
* the Audio & OIS PD process in root PD. For Sensors PD, no cleanup
* is needed in root PD of DSP.
*/
if (IS_PDR(fl) && fl->pd_type == SENSORS_STATICPD) {
err = -EPIPE;
return err;
}
if (!kernel) {
ctx = fastrpc_context_restore_interrupted(fl, inv);
if (IS_ERR(ctx))
return PTR_ERR(ctx);
if (ctx) {
trace_fastrpc_context_restore(ctx->cctx->domain_id, (uint64_t)ctx,
ctx->msg.ctx, ctx->msg.handle, ctx->msg.sc);
goto wait;
}
}
trace_fastrpc_msg("context_alloc: begin");
ctx = fastrpc_context_alloc(fl, kernel, sc, invoke);
trace_fastrpc_msg("context_alloc: end");
if (IS_ERR(ctx))
return PTR_ERR(ctx);
if (fl->profile)
perf_counter = (u64 *)ctx->perf + PERF_COUNT;
PERF(fl->profile, GET_COUNTER(perf_counter, PERF_GETARGS),
err = fastrpc_get_args(kernel, ctx);
if (err)
goto bail;
PERF_END);
trace_fastrpc_msg("get_args: end");
/* make sure that all CPU memory writes are seen by DSP */
dma_wmb();
/* Send invoke buffer to remote dsp */
PERF(fl->profile, GET_COUNTER(perf_counter, PERF_LINK),
err = fastrpc_invoke_send(fl->sctx, ctx, kernel, handle);
if (err)
goto bail;
PERF_END);
trace_fastrpc_msg("invoke_send: end");
wait:
if (fl->poll_mode &&
handle > FASTRPC_MAX_STATIC_HANDLE &&
fl->cctx->domain_id == CDSP_DOMAIN_ID &&
(fl->pd_type == USERPD || fl->pd_type == USER_UNSIGNEDPD_POOL))
ctx->rsp_flags = POLL_MODE;
fastrpc_wait_for_completion(ctx, &interrupted, kernel);
if (interrupted != 0) {
trace_fastrpc_msg("wait_for_completion: interrupted");
err = interrupted;
goto bail;
}
trace_fastrpc_msg("wait_for_completion: end");
if (!ctx->is_work_done) {
err = -ETIMEDOUT;
dev_err(dev, "Error: Invalid workdone state for handle 0x%x, sc 0x%x\n",
handle, sc);
goto bail;
}
/* make sure that all memory writes by DSP are seen by CPU */
dma_rmb();
/* populate all the output buffers with results */
PERF(fl->profile, GET_COUNTER(perf_counter, PERF_PUTARGS),
err = fastrpc_put_args(ctx, kernel);
if (err)
goto bail;
PERF_END);
trace_fastrpc_msg("put_args: end");
/* Check the response from remote dsp */
err = ctx->retval;
if (err)
goto bail;
bail:
if (ctx && interrupted == -ERESTARTSYS) {
fastrpc_context_save_interrupted(ctx);
} else if (ctx) {
if (fl->profile && !interrupted)
fastrpc_update_invoke_count(handle, perf_counter, &invoket);
if (fl->profile && ctx->perf && handle > FASTRPC_RMID_INIT_MAX) {
trace_fastrpc_perf_counters(handle, ctx->sc,
ctx->perf->count, ctx->perf->flush, ctx->perf->map,
ctx->perf->copy, ctx->perf->link, ctx->perf->getargs,
ctx->perf->putargs, ctx->perf->invargs,
ctx->perf->invoke, ctx->perf->tid);
if (fl->profile && ctx->perf && ctx->perf_kernel)
if (0 != (perferr = copy_to_user((void __user *)ctx->perf_kernel, ctx->perf, FASTRPC_KERNEL_PERF_LIST * sizeof(u64)))) {
pr_warn("failed to copy perf data err 0x%x\n", perferr);
}
}
spin_lock(&fl->lock);
list_del(&ctx->node);
spin_unlock(&fl->lock);
fastrpc_context_put(ctx);
trace_fastrpc_msg("context_free: end");
}
if (err)
dev_dbg(dev, "Error: Invoke Failed %d\n", err);
return err;
}
static int fastrpc_mem_map_to_dsp(struct fastrpc_user *fl, int fd, int offset,
u32 flags, u64 va, u64 phys,
size_t size, uintptr_t *raddr)
{
struct fastrpc_invoke_args args[4] = { [0 ... 3] = { 0 } };
struct fastrpc_enhanced_invoke ioctl;
struct fastrpc_mem_map_req_msg req_msg = { 0 };
struct fastrpc_mmap_rsp_msg rsp_msg = { 0 };
struct fastrpc_phy_page pages = { 0 };
struct device *dev = fl->sctx->smmucb[DEFAULT_SMMU_IDX].dev;
int err = 0;
if (!fl) {
err = -EBADF;
return err;
}
req_msg.pgid = fl->tgid_frpc;
req_msg.fd = fd;
req_msg.offset = offset;
req_msg.vaddrin = va;
req_msg.flags = flags;
req_msg.num = sizeof(pages);
req_msg.data_len = 0;
args[0].ptr = (u64) (uintptr_t) &req_msg;
args[0].length = sizeof(req_msg);
pages.addr = phys;
pages.size = size;
args[1].ptr = (u64) (uintptr_t) &pages;
args[1].length = sizeof(pages);
args[2].ptr = (u64) (uintptr_t) &pages;
args[2].length = 0;
args[3].ptr = (u64) (uintptr_t) &rsp_msg;
args[3].length = sizeof(rsp_msg);
ioctl.inv.handle = FASTRPC_INIT_HANDLE;
ioctl.inv.sc = FASTRPC_SCALARS(FASTRPC_RMID_INIT_MEM_MAP, 3, 1);
ioctl.inv.args = (__u64)args;
err = fastrpc_internal_invoke(fl, KERNEL_MSG_WITH_ZERO_PID, &ioctl);
if (err) {
dev_err(dev, "mem mmap error, fd %d, vaddr %llx, size %zx, err 0x%x\n",
fd, va, size, err);
return err;
}
*raddr = rsp_msg.vaddr;
return 0;
}
static int fastrpc_create_persistent_headers(struct fastrpc_user *fl)
{
int err = 0;
int i = 0;
u64 virtb = 0;
struct device *dev = fl->sctx->smmucb[DEFAULT_SMMU_IDX].dev;
struct fastrpc_buf *hdr_bufs, *buf, *pers_hdr_buf = NULL;
u32 num_pers_hdrs = 0;
size_t hdr_buf_alloc_len = 0;
/*
* Pre-allocate memory for persistent header buffers based
* on concurrency info passed by user. Upper limit enforced.
*/
num_pers_hdrs = FASTRPC_MAX_PERSISTENT_HEADERS;
hdr_buf_alloc_len = num_pers_hdrs * PAGE_SIZE;
err = fastrpc_smmu_buf_alloc(fl, hdr_buf_alloc_len,
METADATA_BUF, &pers_hdr_buf);
if (err)
return err;
virtb = (u64) (uintptr_t)(pers_hdr_buf->virt);
err = fastrpc_mem_map_to_dsp(fl, -1, 0,
ADSP_MMAP_PERSIST_HDR, 0, (u64) (uintptr_t)(pers_hdr_buf->phys),
pers_hdr_buf->size, &pers_hdr_buf->raddr);
if (err)
goto err_dsp_map;
hdr_bufs = kcalloc(num_pers_hdrs, sizeof(struct fastrpc_buf),
GFP_KERNEL);
if (!hdr_bufs)
return -ENOMEM;
spin_lock(&fl->lock);
fl->pers_hdr_buf = pers_hdr_buf;
fl->num_pers_hdrs = num_pers_hdrs;
fl->hdr_bufs = hdr_bufs;
for (i = 0; i < num_pers_hdrs; i++) {
buf = &fl->hdr_bufs[i];
buf->fl = fl;
buf->virt = (void *)(virtb + (i * PAGE_SIZE));
buf->phys = pers_hdr_buf->phys + (i * PAGE_SIZE);
buf->size = PAGE_SIZE;
buf->type = pers_hdr_buf->type;
buf->in_use = false;
}
spin_unlock(&fl->lock);
return 0;
err_dsp_map:
dev_err(dev, "Warning: failed to map len %zu, flags %d, num headers %u with err %d\n",
hdr_buf_alloc_len, ADSP_MMAP_PERSIST_HDR,
num_pers_hdrs, err);
fastrpc_buf_free(pers_hdr_buf, 0);
return err;
}
static bool is_session_rejected(struct fastrpc_user *fl, bool unsigned_pd_request)
{
/* Check if the device node is non-secure and channel is secure */
if (!fl->is_secure_dev && fl->cctx->secure) {
/*
* Allow untrusted applications to offload only to Unsigned PD when
* channel is configured as secure and block untrusted apps on channel
* that does not support unsigned PD offload
*/
if (!fl->cctx->unsigned_support || !unsigned_pd_request)
goto reject_session;
}
/* Check if untrusted process is trying to offload to signed PD */
if (fl->untrusted_process && !unsigned_pd_request)
goto reject_session;
return false;
reject_session:
dev_err(fl->cctx->dev, "Error: Untrusted application trying to offload to signed PD");
return true;
}
static int fastrpc_get_process_gids(struct gid_list *gidlist)
{
struct group_info *group_info = current_cred()->group_info;
int i, num_gids;
u32 *gids = NULL;
if (!group_info)
return -EFAULT;
num_gids = group_info->ngroups + 1;
gids = kcalloc(num_gids, sizeof(u32), GFP_KERNEL);
if (!gids)
return -ENOMEM;
/* Get the real GID */
gids[0] = __kgid_val(current_gid());
/* Get the supplemental GIDs */
for (i = 1; i < num_gids; i++)
gids[i] = __kgid_val(group_info->gid[i - 1]);
sort(gids, num_gids, sizeof(*gids), uint_cmp_func, NULL);
gidlist->gids = gids;
gidlist->gidcount = num_gids;
return 0;
}
static void fastrpc_check_privileged_process(struct fastrpc_user *fl,
struct fastrpc_init_create *init)
{
u32 gid = sorted_lists_intersection(fl->gidlist.gids,
fl->gidlist.gidcount, fl->cctx->gidlist.gids,
fl->cctx->gidlist.gidcount);
/* disregard any privilege bits from userspace */
init->attrs &= (~FASTRPC_MODE_PRIVILEGED);
if (gid) {
dev_info(fl->cctx->dev, "%s: %s (PID %d, GID %u) is a privileged process\n",
__func__, current->comm, fl->tgid, gid);
init->attrs |= FASTRPC_MODE_PRIVILEGED;
}
}
int fastrpc_mmap_remove_ssr(struct fastrpc_channel_ctx *cctx)
{
struct fastrpc_buf *buf, *b, *match;
unsigned long flags;
int err = 0;
do {
match = NULL;
spin_lock_irqsave(&cctx->lock, flags);
list_for_each_entry_safe(buf, b, &cctx->gmaps, node) {
match = buf;
list_del(&buf->node);
break;
}
spin_unlock_irqrestore(&cctx->lock, flags);
if (!match)
return 0;
if (cctx->vmcount) {
u64 src_perms = 0;
struct qcom_scm_vmperm dst_perms;
u32 i;
for (i = 0; i < cctx->vmcount; i++)
src_perms |= BIT(cctx->vmperms[i].vmid);
dst_perms.vmid = QCOM_SCM_VMID_HLOS;
dst_perms.perm = QCOM_SCM_PERM_RWX;
err = qcom_scm_assign_mem(match->phys, (u64)match->size,
&src_perms, &dst_perms, 1);
if (err) {
dev_err(cctx->dev, "%s: Failed to assign memory with phys 0x%llx size 0x%llx err %d",
__func__, match->phys, match->size, err);
spin_lock_irqsave(&cctx->lock, flags);
list_add_tail(&match->node, &cctx->gmaps);
spin_unlock_irqrestore(&cctx->lock, flags);
return err;
}
}
__fastrpc_buf_free(match);
} while (match);
return 0;
}
/*
* Function to get static PD for process trying to attach,
* by comparing service locator
*/
static int fastrpc_get_static_pd_session(struct fastrpc_user *fl, u32 *session)
{
int i, err = 0;
if (!fl)
return -EBADF;
for (i = 0; i < FASTRPC_MAX_SPD ; i++) {
if (!fl->cctx->spd[i].servloc_name)
continue;
if (!strcmp(fl->servloc_name, fl->cctx->spd[i].servloc_name)) {
*session = i;
break;
}
}
if (i >= FASTRPC_MAX_SPD)
return -EUSERS;
if (atomic_read(&fl->cctx->spd[i].ispdup) == 0)
return -ENOTCONN;
return err;
}
/* Function to check if static PD is up on remote subsystem */
static int fastrpc_check_static_pd_status(struct fastrpc_user *fl, u32 session)
{
if (atomic_read(&fl->cctx->spd[session].ispdup) == 0)
return -ENOTCONN;
return 0;
}
/*
* Function to get static PD to attach to and check its status.
* Only one application can attach to Audio & OIS PD.
*/
static int fastrpc_init_static_pd_status(struct fastrpc_user *fl)
{
int err = 0;
u32 session = 0;
if (!fl)
return -EBADF;
err = fastrpc_get_static_pd_session(fl, &session);
if (err)
return err;
err = fastrpc_check_static_pd_status(fl, session);
if (err)
return err;
// Allow only one application to connect to audio & OIS PD
if (atomic_add_unless(&fl->cctx->spd[session].is_attached, 1, 1)) {
fl->spd = &fl->cctx->spd[session];
} else {
dev_err(fl->cctx->dev,"Application already attached to audio PD\n");
return -ECONNREFUSED;
}
return err;
}
/*
* Function to get static PD to attach to and check its status.
* Multiple applications can attach to sensors PD
*/
static int fastrpc_init_sensor_static_pd_status(struct fastrpc_user *fl)
{
int err = 0;
u32 session = 0;
if (!fl)
return -EBADF;
err = fastrpc_get_static_pd_session(fl, &session);
if (err)
return err;
err = fastrpc_check_static_pd_status(fl, session);
if (err)
return err;
fl->spd = &fl->cctx->spd[session];
// Update PDR count, to check for any PDR.
fl->spd->prevpdrcount = fl->spd->pdrcount;
return err;
}
#ifdef CONFIG_DEBUG_FS
void print_buf_info(struct seq_file *s_file, struct fastrpc_buf *buf)
{
seq_printf(s_file,"\n %s %2s 0x%p", "virt", ":", buf->virt);
seq_printf(s_file,"\n %s %2s 0x%llx", "phys", ":", buf->phys);
seq_printf(s_file,"\n %s %2s 0x%lx", "raddr", ":", buf->raddr);
seq_printf(s_file,"\n %s %2s 0x%x", "type", ":", buf->type);
seq_printf(s_file,"\n %s %2s 0x%llx", "size", ":", buf->size);
seq_printf(s_file,"\n %s %s %d", "in_use", ":", buf->in_use);
}
void print_ictx_info(struct seq_file *s_file, struct fastrpc_invoke_ctx *ictx)
{
seq_printf(s_file,"\n %s %7s %d", "nscalars", ":", ictx->nscalars);
seq_printf(s_file,"\n %s %10s %d", "nbufs", ":", ictx->nbufs);
seq_printf(s_file,"\n %s %10s %d", "retval", ":", ictx->retval);
seq_printf(s_file,"\n %s %12s %px", "crc", ":", ictx->crc);
seq_printf(s_file,"\n %s %1s %d", "early_wake_time", ":", ictx->early_wake_time);
seq_printf(s_file,"\n %s %5s %px", "perf_kernel", ":", ictx->perf_kernel);
seq_printf(s_file,"\n %s %7s %px", "perf_dsp", ":", ictx->perf_dsp);
seq_printf(s_file,"\n %s %12s %d", "pid", ":", ictx->pid);
seq_printf(s_file,"\n %s %11s %d", "tgid", ":", ictx->tgid);
seq_printf(s_file,"\n %s %13s 0x%x", "sc", ":", ictx->sc);
seq_printf(s_file,"\n %s %10s %llu", "ctxid", ":", ictx->ctxid);
seq_printf(s_file,"\n %s %3s %d", "is_work_done", ":", ictx->is_work_done);
seq_printf(s_file,"\n %s %9s %llu", "msg_sz", ":", ictx->msg_sz);
}
void print_sctx_info(struct seq_file *s_file, struct fastrpc_pool_ctx *sctx)
{
int i;
struct fastrpc_smmu *s = NULL;
seq_printf(s_file,"%s %9s %d\n", "pd_type", ":", sctx->pd_type);
seq_printf(s_file,"%s %10s %d\n", "secure", ":", sctx->secure);
seq_printf(s_file,"%s %8s %d\n", "sharedcb", ":", sctx->sharedcb);
seq_printf(s_file,"%s %7s %d\n", "smmucount", ":", sctx->smmucount);
seq_printf(s_file,"%s %8s %d\n", "usecount", ":", sctx->usecount);
for (i = 0; i < sctx->smmucount; i++) {
s = &sctx->smmucb[i];
seq_printf(s_file,"\n========== SMMU context bank %d=============\n", i);
seq_printf(s_file,"%s %13s %d\n", "sid", ":", s->sid);
seq_printf(s_file,"%s %11s %d\n", "valid", ":", s->valid);
seq_printf(s_file,"%s %4s %lu\n", "genpool_iova", ":",
s->genpool_iova);
seq_printf(s_file,"%s %4s %zu\n", "genpool_size", ":",
s->genpool_size);
seq_printf(s_file,"%s %2s %llx\n", "allocatedbytes", ":",
s->allocatedbytes);
seq_printf(s_file,"%s %6s %llx\n", "totalbytes", ":", s->totalbytes);
seq_printf(s_file,"%s %4s %llx\n", "minallocsize", ":",
s->minallocsize);
seq_printf(s_file,"%s %4s %llx\n", "maxallocsize", ":",
s->maxallocsize);
}
}
void print_ctx_info(struct seq_file *s_file, struct fastrpc_channel_ctx *ctx)
{
seq_printf(s_file,"%s %8s %d\n", "domain_id", ":", ctx->domain_id);
seq_printf(s_file,"%s %8s %d\n", "sesscount", ":", ctx->sesscount);
seq_printf(s_file,"%s %10s %d\n", "vmcount", ":", ctx->vmcount);
seq_printf(s_file,"%s %12s %llu\n", "perms", ":", ctx->perms);
seq_printf(s_file,"%s %s %d\n", "valid_attributes", ":", ctx->valid_attributes);
seq_printf(s_file,"%s %3s %d\n", "cpuinfo_status", ":", ctx->cpuinfo_status);
seq_printf(s_file,"%s %2s %d\n", "staticpd_status", ":", ctx->staticpd_status);
seq_printf(s_file,"%s %11s %d\n", "secure", ":", ctx->secure);
seq_printf(s_file,"%s %s %d\n", "unsigned_support", ":", ctx->unsigned_support);
}
void print_map_info(struct seq_file *s_file, struct fastrpc_map *map)
{
seq_printf(s_file,"%s %4s %d\n", "fd", ":", map->fd);
seq_printf(s_file,"%s %s 0x%llx\n", "phys", ":", map->phys);
seq_printf(s_file,"%s %s 0x%llx\n", "size", ":", map->size);
seq_printf(s_file,"%s %4s 0x%p\n", "va", ":", map->va);
seq_printf(s_file,"%s %3s 0x%llx\n", "len", ":", map->len);
seq_printf(s_file,"%s %2s 0x%llx\n", "raddr", ":", map->raddr);
seq_printf(s_file,"%s %2s 0x%x\n", "attr", ":", map->attr);
seq_printf(s_file,"%s %2s 0x%x\n", "flags", ":", map->flags);
}
static int fastrpc_debugfs_show(struct seq_file *s_file, void *data)
{
struct fastrpc_user *fl = s_file->private;
struct fastrpc_map *map;
struct fastrpc_channel_ctx *ctx;
struct fastrpc_pool_ctx *sctx = NULL;
struct fastrpc_invoke_ctx *ictx, *m;
struct fastrpc_buf *buf, *n;
int i;
unsigned long irq_flags = 0;
if (fl != NULL) {
seq_printf(s_file,"%s %12s %d\n", "tgid", ":", fl->tgid);
seq_printf(s_file,"%s %7s %d\n", "tgid_frpc", ":", fl->tgid_frpc);
seq_printf(s_file,"%s %3s %d\n", "is_secure_dev", ":", fl->is_secure_dev);
seq_printf(s_file,"%s %3s %d\n", "num_pers_hdrs", ":", fl->num_pers_hdrs);
seq_printf(s_file,"%s %2s %d\n", "num_cached_buf", ":", fl->num_cached_buf);
seq_printf(s_file,"%s %5s %d\n", "wake_enable", ":", fl->wake_enable);
seq_printf(s_file,"%s %2s %d\n", "is_unsigned_pd", ":", fl->is_unsigned_pd);
seq_printf(s_file,"%s %7s %d\n", "sessionid", ":", fl->sessionid);
seq_printf(s_file,"%s %9s %d\n", "pd_type", ":", fl->pd_type);
seq_printf(s_file,"%s %9s %d\n", "profile", ":", fl->profile);
if(fl->cctx) {
seq_printf(s_file,"\n=============== Channel Context ===============\n");
ctx = fl->cctx;
print_ctx_info(s_file, ctx);
}
if(fl->sctx) {
seq_printf(s_file,"\n=============== Session Context ===============\n");
sctx = fl->sctx;
print_sctx_info(s_file, sctx);
}
if(fl->secsctx) {
seq_printf(s_file,"\n=============== Secure Session Context ===============\n");
sctx = fl->secsctx;
print_sctx_info(s_file, sctx);
}
spin_lock(&fl->lock);
if (fl->init_mem) {
seq_printf(s_file,"\n=============== Init Mem ===============\n");
buf = fl->init_mem;
print_buf_info(s_file, buf);
}
if (fl->pers_hdr_buf) {
seq_printf(s_file,"\n=============== Persistent Header Buf ===============\n");
buf = fl->pers_hdr_buf;
print_buf_info(s_file, buf);
}
if (fl->hdr_bufs) {
seq_printf(s_file,"\n=============== Pre-allocated Header Buf ===============\n");
buf = fl->hdr_bufs;
print_buf_info(s_file, buf);
}
spin_unlock(&fl->lock);
seq_printf(s_file,"\n=============== Global Maps ===============\n");
spin_lock_irqsave(&fl->cctx->lock, irq_flags);
list_for_each_entry_safe(buf, n, &fl->cctx->gmaps, node) {
print_buf_info(s_file, buf);
}
spin_unlock_irqrestore(&fl->cctx->lock, irq_flags);
seq_printf(s_file,"\n=============== DSP Signal Status ===============\n");
spin_lock_irqsave(&fl->dspsignals_lock, irq_flags);
for (i = 0; i < FASTRPC_DSPSIGNAL_NUM_SIGNALS/FASTRPC_DSPSIGNAL_GROUP_SIZE; i++) {
if (fl->signal_groups[i] != NULL)
seq_printf(s_file,"%d : %d ",i, fl->signal_groups[i]->state);
}
spin_unlock_irqrestore(&fl->dspsignals_lock, irq_flags);
seq_printf(s_file,"\n=============== User space maps ===============\n");
spin_lock(&fl->lock);
list_for_each_entry(map, &fl->maps, node) {
if (map)
print_map_info(s_file, map);
}
seq_printf(s_file,"\n=============== Kernel maps ===============\n");
list_for_each_entry(map, &fl->mmaps, node) {
if (map)
print_map_info(s_file, map);
}
seq_printf(s_file,"\n=============== Cached Bufs ===============\n");
list_for_each_entry_safe(buf, n, &fl->cached_bufs, node) {
if(buf)
print_buf_info(s_file, buf);
}
seq_printf(s_file,"\n=============== Pending contexts ===============\n");
list_for_each_entry_safe(ictx, m, &fl->pending, node) {
if (ictx)
print_ictx_info(s_file, ictx);
}
seq_printf(s_file,"\n=============== Interrupted contexts ===============\n");
list_for_each_entry_safe(ictx, m, &fl->interrupted, node) {
if (ictx)
print_ictx_info(s_file, ictx);
}
spin_unlock(&fl->lock);
}
return 0;
}
DEFINE_SHOW_ATTRIBUTE(fastrpc_debugfs);
static int fastrpc_create_session_debugfs(struct fastrpc_user *fl)
{
char cur_comm[TASK_COMM_LEN];
int domain_id = -1, size = 0;
struct dentry *debugfs_root = g_frpc.debugfs_root;
memcpy(cur_comm, current->comm, TASK_COMM_LEN);
cur_comm[TASK_COMM_LEN-1] = '\0';
if (debugfs_root != NULL) {
domain_id = fl->cctx->domain_id;
if (!(fl->debugfs_file_create)) {
size = strlen(cur_comm) + strlen("_")
+ COUNT_OF(current->pid) + strlen("_")
+ COUNT_OF(FASTRPC_DEV_MAX)
+ 1;
fl->debugfs_buf = kzalloc(size, GFP_KERNEL);
if (fl->debugfs_buf == NULL) {
return -ENOMEM;
}
/*
* Use HLOS process name, HLOS PID, unique fastrpc PID
* domain_id in debugfs filename to create unique file name
*/
snprintf(fl->debugfs_buf, size, "%.10s%s%d%s%d%s%d",
cur_comm, "_", current->pid, "_",
fl->tgid_frpc, "_", domain_id);
fl->debugfs_file = debugfs_create_file(fl->debugfs_buf, 0644,
debugfs_root, fl, &fastrpc_debugfs_fops);
if (IS_ERR_OR_NULL(fl->debugfs_file)) {
pr_warn("Error: %s: %s: failed to create debugfs file %s\n",
cur_comm, __func__, fl->debugfs_buf);
fl->debugfs_file = NULL;
}
kfree(fl->debugfs_buf);
fl->debugfs_file_create = true;
}
}
return 0;
}
#endif
static int fastrpc_init_create_static_process(struct fastrpc_user *fl,
char __user *argp)
{
struct fastrpc_init_create_static init;
struct fastrpc_invoke_args args[FASTRPC_CREATE_STATIC_PROCESS_NARGS] = {0};
struct fastrpc_enhanced_invoke ioctl;
struct fastrpc_phy_page pages[1];
struct fastrpc_buf *buf = NULL;
struct fastrpc_smmu *smmucb = NULL;
u64 phys = 0, size = 0;
char *name;
int err = 0;
bool scm_done = false;
bool is_oispd = false, is_audiopd = false;
unsigned long flags;
struct {
int pgid;
u32 namelen;
u32 pageslen;
} inbuf;
if (!fl->is_secure_dev) {
dev_err(fl->cctx->dev, "untrusted app trying to attach to privileged DSP PD\n");
return -EACCES;
}
if (copy_from_user(&init, argp, sizeof(init)))
return -EFAULT;
if ((init.namelen > INIT_FILE_NAMELEN_MAX) || (!init.namelen))
return -EINVAL;
name = memdup_user_nul(u64_to_user_ptr(init.name), init.namelen);
/* ret -ENOMEM for malloc failure, -EFAULT for copy_from_user failure */
if (IS_ERR(name))
return PTR_ERR(name);
fl->sctx = fastrpc_session_alloc(fl, false);
if (!fl->sctx) {
dev_err(fl->cctx->dev, "No session available\n");
err = -EBUSY;
goto err_name;
}
smmucb = &fl->sctx->smmucb[DEFAULT_SMMU_IDX];
is_oispd = !strcmp(name, "oispd");
is_audiopd = !strcmp(name, "audiopd");
/*
* Update the pd_type, to direct the messages to correct PD, when
* fastrpc_getpd_msgidx is queried. Update pd_type only after session
* allocation. Session is allocated based on user configured pd_type
*/
if (is_audiopd) {
fl->pd_type = AUDIO_STATICPD;
fl->servloc_name = AUDIO_PDR_SERVICE_LOCATION_CLIENT_NAME;
} else if (is_oispd) {
fl->pd_type = OIS_STATICPD;
fl->servloc_name = OIS_PDR_ADSP_SERVICE_LOCATION_CLIENT_NAME;
} else {
dev_err(smmucb->dev,
"Create static process is failed for proc_name %s", name);
err = -EINVAL;
goto err_name;
}
err = fastrpc_init_static_pd_status(fl);
if (err)
goto err_name;
if (is_audiopd && IS_PDR(fl)) {
/*
* Remove any previous mappings in case process is trying
* to reconnect after a PD restart on remote subsystem.
*/
err = fastrpc_mmap_remove_ssr(fl->cctx);
if (err) {
pr_warn("%s: %s: failed to unmap remote heap (err %d)\n",
current->comm, __func__, err);
goto err_name;
}
}
// Update PDR count, to check for any PDR.
fl->spd->prevpdrcount = fl->spd->pdrcount;
inbuf.pgid = fl->tgid_frpc;
inbuf.namelen = init.namelen;
inbuf.pageslen = 0;
// Remote heap feature is available only for audio static PD
if (!fl->cctx->staticpd_status && !is_oispd) {
inbuf.pageslen = 1;
err = fastrpc_buf_alloc(fl, NULL, init.memlen, REMOTEHEAP_BUF, &buf);
if (err)
goto err_name;
phys = buf->phys;
size = buf->size;
/* Map if we have any heap VMIDs associated with this ADSP Static Process. */
if (fl->cctx->vmcount) {
u64 src_perms = BIT(QCOM_SCM_VMID_HLOS);
err = qcom_scm_assign_mem(phys, (u64)size,
&src_perms, fl->cctx->vmperms, fl->cctx->vmcount);
if (err) {
dev_err(smmucb->dev,
"%s: Failed to assign memory with phys 0x%llx size 0x%llx err %d",
__func__, phys, size, err);
goto err_map;
}
scm_done = true;
}
fl->cctx->staticpd_status = true;
}
args[0].ptr = (u64)(uintptr_t)&inbuf;
args[0].length = sizeof(inbuf);
args[0].fd = -1;
args[1].ptr = (u64)(uintptr_t)name;
args[1].length = inbuf.namelen;
args[1].fd = -1;
pages[0].addr = phys;
pages[0].size = size;
args[2].ptr = (u64)(uintptr_t) pages;
args[2].length = sizeof(*pages);
args[2].fd = -1;
ioctl.inv.handle = FASTRPC_INIT_HANDLE;
ioctl.inv.sc = FASTRPC_SCALARS(FASTRPC_RMID_INIT_CREATE_STATIC, 3, 0);
ioctl.inv.args = (__u64)args;
err = fastrpc_internal_invoke(fl, KERNEL_MSG_WITH_ZERO_PID, &ioctl);
if (err)
goto err_invoke;
#ifdef CONFIG_DEBUG_FS
if (fl != NULL)
fastrpc_create_session_debugfs(fl);
#endif
kfree(name);
if (buf) {
spin_lock_irqsave(&fl->cctx->lock, flags);
list_add_tail(&buf->node, &fl->cctx->gmaps);
spin_unlock_irqrestore(&fl->cctx->lock, flags);
}
return 0;
err_invoke:
if (fl->cctx->vmcount && scm_done) {
u64 src_perms = 0;
struct qcom_scm_vmperm dst_perms;
u32 i;
for (i = 0; i < fl->cctx->vmcount; i++)
src_perms |= BIT(fl->cctx->vmperms[i].vmid);
dst_perms.vmid = QCOM_SCM_VMID_HLOS;
dst_perms.perm = QCOM_SCM_PERM_RWX;
err = qcom_scm_assign_mem(phys, (u64)size,
&src_perms, &dst_perms, 1);
if (err)
dev_err(smmucb->dev,
"%s: Failed to assign memory phys 0x%llx size 0x%llx err %d",
__func__, phys, size, err);
}
err_map:
if (buf) {
fl->cctx->staticpd_status = false;
fastrpc_buf_free(buf, false);
}
err_name:
kfree(name);
return err;
}
/*
* Find context bank / session with root PD type
* @arg1: channel context.
* @arg2: session context.
*
* The function searches for the session reserved for root pd from
* the list of available sessions in a channel.
*
* Returns 0 if there is a session reserved for root pd.
*/
static int fastrpc_get_root_session(struct fastrpc_channel_ctx *cctx,
struct fastrpc_pool_ctx **sess)
{
int i = 0, err = -ENOSR;
struct fastrpc_pool_ctx *s = NULL;
unsigned long flags = 0;
spin_lock_irqsave(&cctx->lock, flags);
for (i = 0; i < cctx->sesscount; i++) {
s = &cctx->session[i];
if (s->pd_type == ROOT_PD && s->smmucb[DEFAULT_SMMU_IDX].valid) {
*sess = s;
err = 0;
break;
}
}
spin_unlock_irqrestore(&cctx->lock, flags);
return err;
}
/*
* Allocate buffer for growing rootheap on DSP
* @arg1: channel context.
* @arg2: page array to be sent with process spawn msg
* @arg3: number of pages
*
* Returns 0 on success
*/
static int fastrpc_alloc_rootheap_buf(struct fastrpc_channel_ctx *cctx,
struct fastrpc_phy_page *pages, u32 *pageslen)
{
struct fastrpc_buf *buf = NULL;
struct fastrpc_pool_ctx *sess = NULL;
struct fastrpc_smmu *smmucb = NULL;
const unsigned int ROOTHEAP_BUF_SIZE = (1024 * 1024),
NUM_ROOTHEAP_BUFS = 3;
int err = 0;
unsigned long flags = 0;
/* Allocate buffer only if DSP supports growing of rootheap */
if (!cctx->dsp_attributes[ROOTPD_RPC_HEAP_SUPPORT] ||
cctx->rootheap_bufs.num >= NUM_ROOTHEAP_BUFS)
return err;
/* Get context bank / session reserved for rootPD */
err = fastrpc_get_root_session(cctx, &sess);
if (err)
goto bail;
smmucb = &sess->smmucb[DEFAULT_SMMU_IDX];
err = __fastrpc_buf_alloc(NULL, smmucb, cctx->domain_id,
ROOTHEAP_BUF_SIZE, &buf, ROOTHEAP_BUF);
if (err)
goto bail;
/* Update paramaters of process-spawn with buffer info */
*pageslen = NUM_PAGES_WITH_ROOTHEAP_BUF;
pages[NUM_PAGES_WITH_ROOTHEAP_BUF - 1].addr = buf->phys;
pages[NUM_PAGES_WITH_ROOTHEAP_BUF - 1].size = buf->size;
/* Add buf to channel's rootheap buf-list and increment count */
spin_lock_irqsave(&cctx->lock, flags);
list_add_tail(&buf->node, &cctx->rootheap_bufs.list);
cctx->rootheap_bufs.num++;
spin_unlock_irqrestore(&cctx->lock, flags);
bail:
return err;
}
static int get_unique_hlos_process_id(struct fastrpc_channel_ctx *cctx)
{
int tgid_frpc = -1;
int ret = -1;
/* allocate unique id between 1 and MAX_FRPC_TGID both inclusive */
ret = ida_alloc_range(&cctx->tgid_frpc_ida, 1,
MAX_FRPC_TGID, GFP_ATOMIC);
if (ret < 0) {
return -1;
}
tgid_frpc = ((cctx->domain_id) * FASTRPC_UNIQUE_ID_CONST) + ret;
return tgid_frpc;
}
/**
* fastrpc_pack_root_sharedpage()- Packs shared page for rootPD.
* @fl: fastrpc user instance.
* @pages: pages to be packed for DSP.
* @pageslen: Number of pages.
*
* fastrpc_pack_root_sharedpage packs root shared page during
* creation of a dynamic process.
*
* Return: 0 on success.
*/
static int fastrpc_pack_root_sharedpage(struct fastrpc_user *fl,
struct fastrpc_phy_page *pages, u32 *pageslen)
{
int err = 0;
u64 addr = fl->config.root_addr;
u32 size = fl->config.root_size;
struct fastrpc_smmu *smmucb = &fl->sctx->smmucb[DEFAULT_SMMU_IDX];
/* Allocate kernel buffer for rootPD shared page */
if (addr && size) {
err = fastrpc_buf_alloc(fl, smmucb, size, USER_BUF,
&fl->proc_init_sharedbuf);
if (err) {
dev_err(smmucb->dev, "failed to allocate buffer\n");
return err;
}
/* Copy contents from userspace buffer containing data for rootPD */
if (copy_from_user(fl->proc_init_sharedbuf->virt,
(void __user *)(uintptr_t)addr, size)) {
err = -EFAULT;
goto err_sharedbuf_fail;
}
/* Update paramaters of process-spawn with buffer info */
*pageslen = NUM_PAGES_WITH_PROC_INIT_SHAREDBUF;
pages[NUM_PAGES_WITH_PROC_INIT_SHAREDBUF-1].addr =
fl->proc_init_sharedbuf->phys;
pages[NUM_PAGES_WITH_PROC_INIT_SHAREDBUF-1].size =
fl->proc_init_sharedbuf->size;
}
return 0;
err_sharedbuf_fail:
if (fl->proc_init_sharedbuf) {
fastrpc_buf_free(fl->proc_init_sharedbuf, false);
fl->proc_init_sharedbuf = NULL;
}
return err;
}
static int fastrpc_init_create_process(struct fastrpc_user *fl,
char __user *argp)
{
struct fastrpc_init_create init;
struct fastrpc_invoke_args args[FASTRPC_CREATE_PROCESS_NARGS] = {0};
struct fastrpc_enhanced_invoke ioctl;
struct fastrpc_phy_page pages[NUM_PAGES_WITH_PROC_INIT_SHAREDBUF] = {0};
struct fastrpc_map *configmap = NULL;
struct fastrpc_buf *imem = NULL;
int memlen;
int err = 0;
int user_fd = fl->config.user_fd, user_size = fl->config.user_size;
struct {
int pgid;
u32 namelen;
u32 filelen;
u32 pageslen;
u32 attrs;
u32 siglen;
} inbuf;
if (copy_from_user(&init, argp, sizeof(init)))
return -EFAULT;
if (init.filelen > INIT_FILELEN_MAX)
return -EINVAL;
/* Return an error if the create process already started or completed */
if (atomic_cmpxchg(&fl->state, DEFAULT_PROC_STATE,
DSP_CREATE_START) != DEFAULT_PROC_STATE)
return -EALREADY;
/*
* Third-party apps don't have permission to open the fastrpc device, so
* it is opened on their behalf by DSP HAL. This is detected by
* comparing current PID with the one stored during device open.
*/
if (current->tgid != fl->tgid)
fl->untrusted_process = true;
if (init.attrs & FASTRPC_MODE_UNSIGNED_MODULE)
fl->is_unsigned_pd = true;
/* Disregard any system unsigned PD attribute from userspace */
init.attrs &= (~FASTRPC_MODE_SYSTEM_UNSIGNED_PD);
if (is_session_rejected(fl, fl->is_unsigned_pd)) {
err = -EACCES;
goto err_out;
}
/* Trusted apps will be launched as system unsigned PDs */
if (!fl->untrusted_process && fl->is_unsigned_pd)
init.attrs |= FASTRPC_MODE_SYSTEM_UNSIGNED_PD;
/*
* Use SMMU pooled session for unsigned PD,
* if smmucb_pool is set to true
*/
if (fl->is_unsigned_pd && fl->cctx->smmucb_pool)
fl->pd_type = USER_UNSIGNEDPD_POOL;
fl->sctx = fastrpc_session_alloc(fl, false);
if (!fl->sctx) {
dev_err(fl->cctx->dev, "No session available\n");
err = -EBUSY;
goto err_out;
}
fastrpc_get_process_gids(&fl->gidlist);
/* In case of privileged process update attributes */
fastrpc_check_privileged_process(fl, &init);
inbuf.pgid = fl->tgid_frpc;
inbuf.namelen = strlen(current->comm) + 1;
inbuf.filelen = init.filelen;
inbuf.pageslen = 1;
inbuf.attrs = init.attrs;
inbuf.siglen = init.siglen;
/*
* Default value at fastrpc_device_open is set as DEFAULT_UNUSED.
* If pd_type is not configured by the process in fastrpc_set_session_info,
* update the pd_type to USERPD, so that messages are directed to
* dynamic process when fastrpc_getpd_msgidx is queried.
* Do this only after session allocation
*/
if (fl->pd_type == DEFAULT_UNUSED)
fl->pd_type = USERPD;
if (user_fd != -1 && user_size > 0) {
mutex_lock(&fl->map_mutex);
err = fastrpc_map_create(fl, user_fd, 0, NULL,
user_size, 0, 0, &configmap, true);
mutex_unlock(&fl->map_mutex);
if (err)
goto err_out;
inbuf.pageslen = NUM_PAGES_WITH_SHARED_BUF;
pages[NUM_PAGES_WITH_SHARED_BUF - 1].addr = configmap->phys;
pages[NUM_PAGES_WITH_SHARED_BUF - 1].size = configmap->size;
}
/* Process spawn should not fail if unable to alloc rootheap buffer */
fastrpc_alloc_rootheap_buf(fl->cctx, pages, &inbuf.pageslen);
/* Process spawn should not fail if unable to pack root buffer */
fastrpc_pack_root_sharedpage(fl, pages, &inbuf.pageslen);
memlen = ALIGN(max(INIT_FILELEN_MAX, (int)init.filelen * 4),
1024 * 1024);
err = fastrpc_smmu_buf_alloc(fl, memlen, INITMEM_BUF, &imem);
if (err)
goto err_alloc;
fl->init_mem = imem;
args[0].ptr = (u64)(uintptr_t)&inbuf;
args[0].length = sizeof(inbuf);
args[0].fd = -1;
args[1].ptr = (u64)(uintptr_t)current->comm;
args[1].length = inbuf.namelen;
args[1].fd = -1;
args[2].ptr = (u64) init.file;
args[2].length = inbuf.filelen;
args[2].fd = init.filefd;
pages[0].addr = imem->phys;
pages[0].size = imem->size;
args[3].ptr = (u64)(uintptr_t) pages;
args[3].length = inbuf.pageslen * sizeof(*pages);
args[3].fd = -1;
args[4].ptr = (u64)(uintptr_t)&inbuf.attrs;
args[4].length = sizeof(inbuf.attrs);
args[4].fd = -1;
args[5].ptr = (u64)(uintptr_t) &inbuf.siglen;
args[5].length = sizeof(inbuf.siglen);
args[5].fd = -1;
ioctl.inv.handle = FASTRPC_INIT_HANDLE;
ioctl.inv.sc = FASTRPC_SCALARS(FASTRPC_RMID_INIT_CREATE, 4, 0);
if (init.attrs)
ioctl.inv.sc = FASTRPC_SCALARS(FASTRPC_RMID_INIT_CREATE_ATTR, 4, 0);
ioctl.inv.args = (__u64)args;
err = fastrpc_internal_invoke(fl, KERNEL_MSG_WITH_ZERO_PID, &ioctl);
if (err)
goto err_invoke;
if (fl->cctx->domain_id == CDSP_DOMAIN_ID) {
fastrpc_create_persistent_headers(fl);
}
#ifdef CONFIG_DEBUG_FS
if (fl != NULL)
fastrpc_create_session_debugfs(fl);
#endif
/* remove buffer on success as no longer required */
if (fl->proc_init_sharedbuf) {
fastrpc_buf_free(fl->proc_init_sharedbuf, false);
fl->proc_init_sharedbuf = NULL;
}
return 0;
err_invoke:
spin_lock(&fl->lock);
fl->init_mem = NULL;
spin_unlock(&fl->lock);
fastrpc_buf_free(imem, false);
err_alloc:
if (fl->proc_init_sharedbuf) {
fastrpc_buf_free(fl->proc_init_sharedbuf, false);
fl->proc_init_sharedbuf = NULL;
}
if (configmap) {
mutex_lock(&fl->map_mutex);
fastrpc_map_put(configmap);
mutex_unlock(&fl->map_mutex);
}
err_out:
/* Reset the process state to its default in case of an error. */
atomic_set(&fl->state, DEFAULT_PROC_STATE);
return err;
}
static void fastrpc_context_list_free(struct fastrpc_user *fl)
{
struct fastrpc_invoke_ctx *ctx, *n;
list_for_each_entry_safe(ctx, n, &fl->interrupted, node) {
spin_lock(&fl->lock);
list_del(&ctx->node);
spin_unlock(&fl->lock);
fastrpc_context_put(ctx);
}
list_for_each_entry_safe(ctx, n, &fl->pending, node) {
spin_lock(&fl->lock);
list_del(&ctx->node);
spin_unlock(&fl->lock);
fastrpc_context_put(ctx);
}
}
static int fastrpc_release_current_dsp_process(struct fastrpc_user *fl)
{
struct fastrpc_invoke_args args[1];
struct fastrpc_enhanced_invoke ioctl;
int tgid = 0;
tgid = fl->tgid_frpc;
args[0].ptr = (u64)(uintptr_t) &tgid;
args[0].length = sizeof(tgid);
args[0].fd = -1;
ioctl.inv.handle = FASTRPC_INIT_HANDLE;
ioctl.inv.sc = FASTRPC_SCALARS(FASTRPC_RMID_INIT_RELEASE, 1, 0);
ioctl.inv.args = (__u64)args;
return fastrpc_internal_invoke(fl, KERNEL_MSG_WITH_NONZERO_PID, &ioctl);
}
/* Helper function to increment / decrement invoke count of channel */
static inline void fastrpc_channel_update_invoke_cnt(
struct fastrpc_channel_ctx *cctx, bool incr)
{
unsigned long flags = 0;
if (incr) {
atomic_inc(&cctx->invoke_cnt);
} else {
spin_lock_irqsave(&cctx->lock, flags);
atomic_dec(&cctx->invoke_cnt);
/* Wake up any waiting SSR handling thread */
if (atomic_read(&cctx->invoke_cnt) == 0)
wake_up_interruptible(&cctx->ssr_wait_queue);
spin_unlock_irqrestore(&cctx->lock, flags);
}
}
void fastrpc_free_user(struct fastrpc_user *fl)
{
struct fastrpc_map *map = NULL, *m = NULL;
fastrpc_context_list_free(fl);
if (fl->init_mem) {
fastrpc_buf_free(fl->init_mem, false);
fl->init_mem = NULL;
}
mutex_lock(&fl->remote_map_mutex);
mutex_lock(&fl->map_mutex);
// During process tear down free the map, even if refcount is non-zero
list_for_each_entry_safe(map, m, &fl->maps, node)
__fastrpc_free_map(map);
mutex_unlock(&fl->map_mutex);
mutex_unlock(&fl->remote_map_mutex);
fastrpc_buf_list_free(fl, &fl->mmaps, false);
if (fl->pers_hdr_buf) {
fastrpc_buf_free(fl->pers_hdr_buf, false);
fl->pers_hdr_buf = NULL;
}
if (fl->hdr_bufs) {
kfree(fl->hdr_bufs);
fl->hdr_bufs = NULL;
}
fastrpc_buf_list_free(fl, &fl->cached_bufs, true);
return;
}
static int fastrpc_device_release(struct inode *inode, struct file *file)
{
struct fastrpc_user *fl = (struct fastrpc_user *)file->private_data;
struct fastrpc_channel_ctx *cctx = fl->cctx;
struct fastrpc_driver *frpc_drv, *d;
struct fastrpc_buf *buf, *b;
int i;
unsigned long flags, irq_flags;
bool locked = false, is_driver_registered = false;
spinlock_t *glock = &g_frpc.glock;
int err = 0;
struct fastrpc_notif_rsp *inotif, *n1;
spin_lock_irqsave(glock, irq_flags);
spin_lock_irqsave(&cctx->lock, flags);
if (atomic_read(&cctx->teardown)) {
spin_unlock_irqrestore(&cctx->lock, flags);
spin_unlock_irqrestore(glock, irq_flags);
/*
* Wait until SSR cleanup is done to avoid parallel access of
* fastrpc_user object from device release thread and
* SSR handling thread.
*/
wait_for_completion(&cctx->ssr_complete);
spin_lock_irqsave(glock, irq_flags);
spin_lock_irqsave(&cctx->lock, flags);
} else {
/*
* Update invoke count to block the SSR handling thread from cleaning up
* the channel resources, while it is still being used by this thread.
*/
fastrpc_channel_update_invoke_cnt(cctx, true);
}
if (fl->device) {
fl->device->dev_close = true;
fl->device->fl = NULL;
}
atomic_set(&fl->state, DSP_EXIT_START);
list_for_each_entry_safe(frpc_drv, d, &fl->fastrpc_drivers, hn){
/*
* Registered driver can free driver object in callback.
* So, delete object from list first.
*/
list_del(&frpc_drv->hn);
if(frpc_drv->callback) {
spin_unlock_irqrestore(&cctx->lock, flags);
spin_unlock_irqrestore(glock, irq_flags);
frpc_drv->callback(fl->device, FASTRPC_PROC_DOWN);
spin_lock_irqsave(glock, irq_flags);
spin_lock_irqsave(&cctx->lock, flags);
}
is_driver_registered = true;
}
spin_unlock_irqrestore(&cctx->lock, flags);
spin_unlock_irqrestore(glock, irq_flags);
/*
* If no driver is registered on the device, free it here.
* If any active driver is still registered, device will
* be freed when driver is unregistered.
*/
if (!is_driver_registered)
kfree(fl->device);
if (fl->spd)
atomic_set(&fl->spd->is_attached, 0);
err = fastrpc_release_current_dsp_process(fl);
if (err == -ETIMEDOUT) {
pr_err("%s failed with err %d for process %s fl->tgid %d fl->tgid_frpc %d\n",
__func__, err, current->comm, fl->tgid, fl->tgid_frpc);
BUG_ON(1);
}
atomic_set(&fl->state, DSP_EXIT_COMPLETE);
spin_lock_irqsave(&cctx->lock, flags);
locked = true;
if(fl->is_dma_invoke_pend) {
spin_unlock_irqrestore(&cctx->lock, flags);
wait_for_completion(&fl->dma_invoke);
locked = false;
}
if(locked)
spin_unlock_irqrestore(&cctx->lock, flags);
spin_lock_irqsave(&cctx->lock, flags);
list_del(&fl->user);
spin_unlock_irqrestore(&cctx->lock, flags);
kfree(fl->gidlist.gids);
spin_lock_irqsave(&fl->proc_state_notif.nqlock, flags);
atomic_add(1, &fl->proc_state_notif.notif_queue_count);
wake_up_interruptible(&fl->proc_state_notif.notif_wait_queue);
list_for_each_entry_safe(inotif, n1, &fl->notif_queue, notifn) {
list_del_init(&inotif->notifn);
atomic_sub(1, &fl->proc_state_notif.notif_queue_count);
kfree(inotif);
}
spin_unlock_irqrestore(&fl->proc_state_notif.nqlock, flags);
if (fl->tgid_frpc != -1)
ida_free(&cctx->tgid_frpc_ida, fl->tgid_frpc-(cctx->domain_id*FASTRPC_UNIQUE_ID_CONST));
fl->is_dma_invoke_pend = false;
fastrpc_free_user(fl);
/*
* Audio remote-heap buffers won't be freed as part of "fastrpc_user" object
* cleanup. Instead, they will be freed after SSR dump collection.
* Reset "fl" pointer in the buffer objects if it is the object getting
* freed here.
*/
spin_lock_irqsave(&cctx->lock, flags);
list_for_each_entry_safe(buf, b, &cctx->gmaps, node) {
if (buf->fl == fl)
buf->fl = NULL;
}
spin_unlock_irqrestore(&cctx->lock, flags);
if (fl->qos_request && fl->dev_pm_qos_req) {
for (i = 0; i < cctx->lowest_capacity_core_count; i++) {
if (!dev_pm_qos_request_active(&fl->dev_pm_qos_req[i]))
continue;
dev_pm_qos_remove_request(&fl->dev_pm_qos_req[i]);
}
}
kfree(fl->dev_pm_qos_req);
fastrpc_pm_relax(fl,cctx->secure);
if (fl->sctx)
fastrpc_session_free(cctx, fl->sctx);
if (fl->secsctx)
fastrpc_session_free(cctx, fl->secsctx);
spin_lock_irqsave(&fl->dspsignals_lock, irq_flags);
for (i = 0; i < (FASTRPC_DSPSIGNAL_NUM_SIGNALS /FASTRPC_DSPSIGNAL_GROUP_SIZE); i++)
kfree(fl->signal_groups[i]);
spin_unlock_irqrestore(&fl->dspsignals_lock, irq_flags);
#ifdef CONFIG_DEBUG_FS
debugfs_remove(fl->debugfs_file);
#endif
mutex_destroy(&fl->signal_create_mutex);
mutex_destroy(&fl->remote_map_mutex);
mutex_destroy(&fl->map_mutex);
spin_lock_irqsave(glock, irq_flags);
kfree(fl);
fastrpc_channel_update_invoke_cnt(cctx, false);
fastrpc_channel_ctx_put(cctx);
file->private_data = NULL;
spin_unlock_irqrestore(glock, irq_flags);
return 0;
}
static int fastrpc_device_open(struct inode *inode, struct file *filp)
{
struct fastrpc_channel_ctx *cctx;
struct fastrpc_device_node *fdevice;
struct fastrpc_user *fl = NULL;
unsigned long flags;
int err;
fdevice = miscdev_to_fdevice(filp->private_data);
cctx = fdevice->cctx;
if (atomic_read(&cctx->teardown))
return -EPIPE;
fl = kzalloc(sizeof(*fl), GFP_KERNEL);
if (!fl)
return -ENOMEM;
/* Released in fastrpc_device_release() */
fastrpc_channel_ctx_get(cctx);
filp->private_data = fl;
spin_lock_init(&fl->lock);
mutex_init(&fl->remote_map_mutex);
mutex_init(&fl->map_mutex);
spin_lock_init(&fl->dspsignals_lock);
mutex_init(&fl->signal_create_mutex);
INIT_LIST_HEAD(&fl->pending);
INIT_LIST_HEAD(&fl->interrupted);
INIT_LIST_HEAD(&fl->maps);
INIT_LIST_HEAD(&fl->mmaps);
INIT_LIST_HEAD(&fl->user);
INIT_LIST_HEAD(&fl->cached_bufs);
INIT_LIST_HEAD(&fl->notif_queue);
INIT_LIST_HEAD(&fl->fastrpc_drivers);
init_waitqueue_head(&fl->proc_state_notif.notif_wait_queue);
spin_lock_init(&fl->proc_state_notif.nqlock);
init_completion(&fl->dma_invoke);
fl->cctx = cctx;
fl->tgid = current->tgid;
fl->tgid_frpc = get_unique_hlos_process_id(cctx);
if (fl->tgid_frpc == -1) {
dev_err(cctx->dev, "too many fastrpc clients, max %u allowed\n", MAX_FRPC_TGID);
err = -EUSERS;
goto error;
}
dev_dbg(cctx->dev, "HLOS pid %d, domain %d is mapped to unique sessions pid %d",
fl->tgid, fl->cctx->domain_id, fl->tgid_frpc);
fl->is_secure_dev = fdevice->secure;
fl->sessionid = 0;
fl->config.user_fd = -1;
fl->pd_type = DEFAULT_UNUSED;
fl->multi_session_support = false;
fl->set_session_info = false;
if (cctx->lowest_capacity_core_count) {
fl->dev_pm_qos_req = kzalloc((cctx->lowest_capacity_core_count) *
sizeof(struct dev_pm_qos_request), GFP_KERNEL);
if (!fl->dev_pm_qos_req) {
err = -ENOMEM;
goto error;
}
}
spin_lock_irqsave(&cctx->lock, flags);
list_add_tail(&fl->user, &cctx->users);
spin_unlock_irqrestore(&cctx->lock, flags);
return 0;
error:
mutex_destroy(&fl->remote_map_mutex);
mutex_destroy(&fl->map_mutex);
mutex_destroy(&fl->signal_create_mutex);
kfree(fl);
fastrpc_channel_ctx_put(cctx);
return err;
}
static int fastrpc_dmabuf_alloc(struct fastrpc_user *fl, char __user *argp)
{
struct fastrpc_alloc_dma_buf bp;
DEFINE_DMA_BUF_EXPORT_INFO(exp_info);
struct fastrpc_buf *buf = NULL;
int err;
if (copy_from_user(&bp, argp, sizeof(bp)))
return -EFAULT;
if (!bp.size)
return -EFAULT;
if (!fl->sctx)
return -EINVAL;
err = fastrpc_smmu_buf_alloc(fl, bp.size, USER_BUF, &buf);
if (err)
return err;
exp_info.ops = &fastrpc_dma_buf_ops;
exp_info.size = bp.size;
exp_info.flags = O_RDWR;
exp_info.priv = buf;
buf->dmabuf = dma_buf_export(&exp_info);
if (IS_ERR(buf->dmabuf)) {
err = PTR_ERR(buf->dmabuf);
fastrpc_buf_free(buf, false);
return err;
}
bp.fd = dma_buf_fd(buf->dmabuf, O_ACCMODE);
if (bp.fd < 0) {
dma_buf_put(buf->dmabuf);
return -EINVAL;
}
if (copy_to_user(argp, &bp, sizeof(bp))) {
/*
* The usercopy failed, but we can't do much about it, as
* dma_buf_fd() already called fd_install() and made the
* file descriptor accessible for the current process. It
* might already be closed and dmabuf no longer valid when
* we reach this point. Therefore "leak" the fd and rely on
* the process exit path to do any required cleanup.
*/
return -EFAULT;
}
return 0;
}
static int fastrpc_send_cpuinfo_to_dsp(struct fastrpc_user *fl)
{
int err = 0;
u64 cpuinfo = 0;
struct fastrpc_invoke_args args[1];
struct fastrpc_enhanced_invoke ioctl;
if (!fl) {
return -EBADF;
}
cpuinfo = fl->cctx->cpuinfo_todsp;
/* return success if already updated to remote processor */
if (fl->cctx->cpuinfo_status)
return 0;
args[0].ptr = (u64)(uintptr_t)&cpuinfo;
args[0].length = sizeof(cpuinfo);
args[0].fd = -1;
ioctl.inv.handle = FASTRPC_DSP_UTILITIES_HANDLE;
ioctl.inv.sc = FASTRPC_SCALARS(1, 1, 0);
ioctl.inv.args = (__u64)args;
err = fastrpc_internal_invoke(fl, KERNEL_MSG_WITH_ZERO_PID, &ioctl);
if (!err)
fl->cctx->cpuinfo_status = true;
return err;
}
static int fastrpc_init_attach(struct fastrpc_user *fl, int pd)
{
struct fastrpc_invoke_args args[1];
struct fastrpc_enhanced_invoke ioctl;
int err, tgid = fl->tgid_frpc;
if (!fl->is_secure_dev) {
dev_err(fl->cctx->dev, "untrusted app trying to attach to privileged DSP PD\n");
return -EACCES;
}
fl->sctx = fastrpc_session_alloc(fl, false);
if (!fl->sctx) {
dev_err(fl->cctx->dev, "No session available\n");
return -EBUSY;
}
/*
* Default value at fastrpc_device_open is set as DEFAULT_UNUSED.
* If pd_type is not configured by the process in fastrpc_set_session_info,
* update the pd_type, so that messages are directed to right process,
* when fastrpc_getpd_msgidx is queried.
* Do this only after session allocation.
*/
if (fl->pd_type == DEFAULT_UNUSED)
fl->pd_type = pd;
if (pd == SENSORS_STATICPD) {
if (fl->cctx->domain_id == ADSP_DOMAIN_ID)
fl->servloc_name = SENSORS_PDR_ADSP_SERVICE_LOCATION_CLIENT_NAME;
else if (fl->cctx->domain_id == SDSP_DOMAIN_ID)
fl->servloc_name = SENSORS_PDR_SLPI_SERVICE_LOCATION_CLIENT_NAME;
err = fastrpc_init_sensor_static_pd_status(fl);
if (err)
return err;
}
args[0].ptr = (u64)(uintptr_t) &tgid;
args[0].length = sizeof(tgid);
args[0].fd = -1;
ioctl.inv.handle = FASTRPC_INIT_HANDLE;
ioctl.inv.sc = FASTRPC_SCALARS(FASTRPC_RMID_INIT_ATTACH, 1, 0);
ioctl.inv.args = (__u64)args;
err = fastrpc_internal_invoke(fl, KERNEL_MSG_WITH_ZERO_PID, &ioctl);
if (err)
return err;
#ifdef CONFIG_DEBUG_FS
if (fl != NULL)
fastrpc_create_session_debugfs(fl);
#endif
return 0;
}
static int fastrpc_invoke(struct fastrpc_user *fl, char __user *argp)
{
struct fastrpc_enhanced_invoke ioctl;
struct fastrpc_invoke inv;
int err;
if (copy_from_user(&inv, argp, sizeof(inv)))
return -EFAULT;
ioctl.inv = inv;
err = fastrpc_internal_invoke(fl, USER_MSG, &ioctl);
return err;
}
void fastrpc_queue_pd_status(struct fastrpc_user *fl, int domain, int status, int sessionid)
{
struct fastrpc_notif_rsp *notif_rsp = NULL;
unsigned long flags;
notif_rsp = kzalloc(sizeof(*notif_rsp), GFP_ATOMIC);
if (!notif_rsp) {
dev_err(fl->cctx->dev, "Allocation failed for notif\n");
return;
}
notif_rsp->status = status;
notif_rsp->domain = domain;
notif_rsp->session = sessionid;
spin_lock_irqsave(&fl->proc_state_notif.nqlock, flags);
list_add_tail(&notif_rsp->notifn, &fl->notif_queue);
atomic_add(1, &fl->proc_state_notif.notif_queue_count);
wake_up_interruptible(&fl->proc_state_notif.notif_wait_queue);
spin_unlock_irqrestore(&fl->proc_state_notif.nqlock, flags);
}
static void fastrpc_notif_find_process(int domain, struct fastrpc_channel_ctx *cctx, struct dsp_notif_rsp *notif)
{
bool is_process_found = false;
unsigned long irq_flags = 0;
struct fastrpc_user *user;
spin_lock_irqsave(&cctx->lock, irq_flags);
list_for_each_entry(user, &cctx->users, user) {
if (user->tgid_frpc == notif->pid) {
is_process_found = true;
break;
}
}
spin_unlock_irqrestore(&cctx->lock, irq_flags);
if (!is_process_found)
return;
fastrpc_queue_pd_status(user, domain, notif->status, user->sessionid);
}
static int fastrpc_wait_on_notif_queue(
struct fastrpc_internal_notif_rsp *notif_rsp,
struct fastrpc_user *fl)
{
int err = 0;
unsigned long flags;
struct fastrpc_notif_rsp *notif = NULL, *inotif, *n;
read_notif_status:
err = wait_event_interruptible(fl->proc_state_notif.notif_wait_queue,
atomic_read(&fl->proc_state_notif.notif_queue_count));
if (err)
return err;
if (fl->exit_notif)
return -EFAULT;
spin_lock_irqsave(&fl->proc_state_notif.nqlock, flags);
list_for_each_entry_safe(inotif, n, &fl->notif_queue, notifn) {
list_del(&inotif->notifn);
atomic_sub(1, &fl->proc_state_notif.notif_queue_count);
notif = inotif;
break;
}
spin_unlock_irqrestore(&fl->proc_state_notif.nqlock, flags);
if (notif) {
notif_rsp->status = notif->status;
notif_rsp->domain = notif->domain;
notif_rsp->session = notif->session;
} else {// Go back to wait if ctx is invalid
dev_err(fl->cctx->dev, "Invalid status notification response\n");
goto read_notif_status;
}
kfree(notif);
return err;
}
static int fastrpc_get_notif_response(
struct fastrpc_internal_notif_rsp *notif,
void *param, struct fastrpc_user *fl)
{
int err = 0;
err = fastrpc_wait_on_notif_queue(notif, fl);
if (err)
return err;
if (copy_to_user((void __user *)param, notif,
sizeof(struct fastrpc_internal_notif_rsp)))
return -EFAULT;
return 0;
}
static int fastrpc_manage_poll_mode(struct fastrpc_user *fl, u32 enable, u32 timeout)
{
const unsigned int MAX_POLL_TIMEOUT_US = 10000;
if ((fl->cctx->domain_id != CDSP_DOMAIN_ID) || (fl->pd_type != USERPD &&
fl->pd_type != USER_UNSIGNEDPD_POOL)) {
dev_err(fl->cctx->dev,"poll mode only allowed for dynamic CDSP process\n");
return -EPERM;
}
if (timeout > MAX_POLL_TIMEOUT_US) {
dev_err(fl->cctx->dev,"poll timeout %u is greater than max allowed value %u\n",
timeout, MAX_POLL_TIMEOUT_US);
return -EBADMSG;
}
spin_lock(&fl->lock);
if (enable) {
fl->poll_mode = true;
fl->poll_timeout = timeout;
} else {
fl->poll_mode = false;
fl->poll_timeout = 0;
}
spin_unlock(&fl->lock);
dev_info(fl->cctx->dev,"updated poll mode to %d, timeout %u\n", enable, timeout);
return 0;
}
static int fastrpc_internal_control(struct fastrpc_user *fl,
struct fastrpc_internal_control *cp)
{
int err = 0, ret = 0;
struct fastrpc_channel_ctx *cctx = fl->cctx;
u32 latency = 0, cpu = 0;
unsigned long flags = 0;
if (!fl) {
return -EBADF;
}
if (!cp) {
return -EINVAL;
}
switch (cp->req) {
case FASTRPC_CONTROL_LATENCY:
if (cp->lp.enable)
latency = cctx->qos_latency;
else
latency = PM_QOS_RESUME_LATENCY_DEFAULT_VALUE;
if (latency == 0)
return -EINVAL;
if (!(cctx->lowest_capacity_core_count && fl->dev_pm_qos_req)) {
dev_err(fl->cctx->dev, "Skipping PM QoS latency voting, core count: %u\n",
cctx->lowest_capacity_core_count);
return -EINVAL;
}
/*
* Add voting request for all possible cores corresponding to cluster
* id 0. If DT property 'qcom,single-core-latency-vote' is enabled
* then add voting request for only one core of cluster id 0.
*/
for (cpu = 0; cpu < cctx->lowest_capacity_core_count; cpu++) {
if (!fl->qos_request) {
ret = dev_pm_qos_add_request(
get_cpu_device(cpu),
&fl->dev_pm_qos_req[cpu],
DEV_PM_QOS_RESUME_LATENCY,
latency);
} else {
ret = dev_pm_qos_update_request(
&fl->dev_pm_qos_req[cpu],
latency);
}
if (ret < 0) {
dev_err(fl->cctx->dev, "QoS with lat %u failed for CPU %d, err %d, req %d\n",
latency, cpu, err, fl->qos_request);
break;
}
}
if (ret >= 0) {
fl->qos_request = 1;
err = 0;
}
break;
case FASTRPC_CONTROL_SMMU:
fl->sharedcb = cp->smmu.sharedcb;
break;
case FASTRPC_CONTROL_WAKELOCK:
if (!fl->is_secure_dev) {
dev_err(fl->cctx->dev,
"PM voting not allowed for non-secure device node");
err = -EPERM;
return err;
}
fl->wake_enable = cp->wp.enable;
break;
case FASTRPC_CONTROL_PM:
if (!fl->wake_enable)
return -EACCES;
if (cp->pm.timeout > FASTRPC_MAX_PM_TIMEOUT_MS)
fl->ws_timeout = FASTRPC_MAX_PM_TIMEOUT_MS;
else
fl->ws_timeout = cp->pm.timeout;
mutex_lock(&cctx->wake_mutex);
fastrpc_pm_awake(fl, fl->cctx->secure);
mutex_unlock(&cctx->wake_mutex);
break;
case FASTRPC_CONTROL_DSPPROCESS_CLEAN:
err = fastrpc_release_current_dsp_process(fl);
if (!err)
fastrpc_queue_pd_status(fl, fl->cctx->domain_id, FASTRPC_USERPD_FORCE_KILL, fl->sessionid);
break;
case FASTRPC_CONTROL_RPC_POLL:
err = fastrpc_manage_poll_mode(fl, cp->lp.enable, cp->lp.latency);
break;
case FASTRPC_CONTROL_NOTIF_WAKE:
fl->exit_notif = true;
spin_lock_irqsave(&fl->proc_state_notif.nqlock, flags);
atomic_add(1, &fl->proc_state_notif.notif_queue_count);
wake_up_interruptible(&fl->proc_state_notif.notif_wait_queue);
spin_unlock_irqrestore(&fl->proc_state_notif.nqlock, flags);
break;
default:
err = -EBADRQC;
break;
}
return err;
}
static int fastrpc_set_session_info(
struct fastrpc_user *fl, struct fastrpc_internal_sessinfo *sessinfo)
{
spin_lock(&fl->lock);
if (fl->set_session_info) {
spin_unlock(&fl->lock);
dev_err(fl->cctx->dev,"Set session info invoked multiple times\n");
return -EBADR;
}
fl->set_session_info = true;
spin_unlock(&fl->lock);
if(sessinfo->pd <= DEFAULT_UNUSED ||
sessinfo->pd >= MAX_PD_TYPE) {
dev_err(fl->cctx->dev,"Invalid PD type %d, range is %d - %d\n",
sessinfo->pd, DEFAULT_UNUSED + 1, MAX_PD_TYPE - 1);
return -EBADR;
}
/*
* If PD type is not configured for context banks,
* ignore PD type passed by the user, leave pd_type set to DEFAULT_UNUSED(0)
*/
if (fl->cctx->pd_type)
fl->pd_type = sessinfo->pd;
// Processes attaching to Sensor Static PD, share context bank.
if (sessinfo->pd == SENSORS_STATICPD)
fl->sharedcb = 1;
if (sessinfo->session_id >= fl->cctx->max_sess_per_proc) {
dev_err(fl->cctx->dev,
"Session ID %u cannot be beyond %u\n",
sessinfo->session_id, fl->cctx->max_sess_per_proc);
return -EBADR;
}
fl->sessionid = sessinfo->session_id;
// Set multi_session_support, to disable old way of setting session_id
fl->multi_session_support = true;
return 0;
}
static int fastrpc_dspsignal_signal(struct fastrpc_user *fl,
struct fastrpc_internal_dspsignal *fsig)
{
int err = 0;
struct fastrpc_channel_ctx *cctx = NULL;
u64 msg = 0;
u32 signal_id = fsig->signal_id;
dev_dbg(fl->cctx->dev, "Send signal PID %u, unique fastrpc pid %u signal %u\n",
fl->tgid, fl->tgid_frpc, signal_id);
cctx = fl->cctx;
if (!(signal_id < FASTRPC_DSPSIGNAL_NUM_SIGNALS)) {
dev_err(fl->cctx->dev, "Sending bad signal %u for PID %u",
signal_id, fl->tgid);
return -EINVAL;
}
msg = (((uint64_t)fl->tgid_frpc) << 32) | ((uint64_t)fsig->signal_id);
err = fastrpc_transport_send(cctx, (void *)&msg, sizeof(msg));
trace_fastrpc_dspsignal("signal", signal_id, 0, 0);
return err;
}
int fastrpc_dspsignal_wait(struct fastrpc_user *fl,
struct fastrpc_internal_dspsignal *fsig)
{
int err = 0;
unsigned long timeout = usecs_to_jiffies(fsig->timeout_usec);
u32 signal_id = fsig->signal_id;
struct fastrpc_dspsignal *s = NULL;
long ret = 0;
unsigned long irq_flags = 0;
dev_dbg(fl->cctx->dev, "Wait for signal %u\n", signal_id);
if (!(signal_id <FASTRPC_DSPSIGNAL_NUM_SIGNALS)) {
dev_err(fl->cctx->dev, "Waiting on bad signal %u\n", signal_id);
return -EINVAL;
}
spin_lock_irqsave(&fl->dspsignals_lock, irq_flags);
if (fl->signal_groups[signal_id /FASTRPC_DSPSIGNAL_GROUP_SIZE] != NULL) {
struct fastrpc_dspsignal *group =
fl->signal_groups[signal_id /FASTRPC_DSPSIGNAL_GROUP_SIZE];
s = &group[signal_id %FASTRPC_DSPSIGNAL_GROUP_SIZE];
}
if ((s == NULL) || (s->state == DSPSIGNAL_STATE_UNUSED)) {
spin_unlock_irqrestore(&fl->dspsignals_lock, irq_flags);
dev_err(fl->cctx->dev, "Unknown signal id %u\n", signal_id);
return -ENOENT;
}
if (s->state != DSPSIGNAL_STATE_PENDING) {
if ((s->state == DSPSIGNAL_STATE_CANCELED) || (s->state == DSPSIGNAL_STATE_UNUSED))
err = -EINTR;
if (s->state == DSPSIGNAL_STATE_SIGNALED) {
/* Signal already received from DSP. Reset signal state and return */
s->state = DSPSIGNAL_STATE_PENDING;
reinit_completion(&s->comp);
}
spin_unlock_irqrestore(&fl->dspsignals_lock, irq_flags);
dev_dbg(fl->cctx->dev, "Signal %u in state %u, complete wait immediately",
signal_id, s->state);
return err;
}
spin_unlock_irqrestore(&fl->dspsignals_lock, irq_flags);
trace_fastrpc_dspsignal("wait", signal_id, s->state, fsig->timeout_usec);
if (timeout != 0xffffffff)
ret = wait_for_completion_interruptible_timeout(&s->comp, timeout);
else
ret = wait_for_completion_interruptible(&s->comp);
trace_fastrpc_dspsignal("wakeup", signal_id, s->state, fsig->timeout_usec);
if (ret == 0) {
dev_dbg(fl->cctx->dev, "Wait for signal %u timed out\n", signal_id);
return -ETIMEDOUT;
} else if (ret < 0) {
dev_err(fl->cctx->dev, "Wait for signal %u failed %d\n", signal_id, (int)ret);
return ret;
}
spin_lock_irqsave(&fl->dspsignals_lock, irq_flags);
if (s->state == DSPSIGNAL_STATE_SIGNALED) {
s->state = DSPSIGNAL_STATE_PENDING;
dev_dbg(fl->cctx->dev, "Signal %u completed\n", signal_id);
} else if ((s->state == DSPSIGNAL_STATE_CANCELED) || (s->state == DSPSIGNAL_STATE_UNUSED)) {
dev_dbg(fl->cctx->dev, "Signal %u cancelled or destroyed\n", signal_id);
err = -EINTR;
}
spin_unlock_irqrestore(&fl->dspsignals_lock, irq_flags);
return err;
}
static int fastrpc_dspsignal_create(struct fastrpc_user *fl,
struct fastrpc_internal_dspsignal *fsig)
{
int err = 0;
u32 signal_id = fsig->signal_id;
struct fastrpc_dspsignal *group, *sig;
unsigned long irq_flags = 0;
if (!(signal_id <FASTRPC_DSPSIGNAL_NUM_SIGNALS))
return -EINVAL;
mutex_lock(&fl->signal_create_mutex);
spin_lock_irqsave(&fl->dspsignals_lock, irq_flags);
group = fl->signal_groups[signal_id /FASTRPC_DSPSIGNAL_GROUP_SIZE];
if (group == NULL) {
int i;
spin_unlock_irqrestore(&fl->dspsignals_lock, irq_flags);
group = kzalloc(FASTRPC_DSPSIGNAL_GROUP_SIZE * sizeof(*group),
GFP_KERNEL);
if (group == NULL) {
dev_err(fl->cctx->dev, "Unable to allocate signal group\n");
mutex_unlock(&fl->signal_create_mutex);
return -ENOMEM;
}
for (i = 0; i < FASTRPC_DSPSIGNAL_GROUP_SIZE; i++) {
sig = &group[i];
init_completion(&sig->comp);
sig->state = DSPSIGNAL_STATE_UNUSED;
}
spin_lock_irqsave(&fl->dspsignals_lock, irq_flags);
fl->signal_groups[signal_id /FASTRPC_DSPSIGNAL_GROUP_SIZE] = group;
}
sig = &group[signal_id %FASTRPC_DSPSIGNAL_GROUP_SIZE];
if (sig->state != DSPSIGNAL_STATE_UNUSED) {
spin_unlock_irqrestore(&fl->dspsignals_lock, irq_flags);
mutex_unlock(&fl->signal_create_mutex);
dev_err(fl->cctx->dev,"Attempting to create signal %u already in use (state %u)\n",
signal_id, sig->state);
return -EBUSY;
}
sig->state = DSPSIGNAL_STATE_PENDING;
reinit_completion(&sig->comp);
spin_unlock_irqrestore(&fl->dspsignals_lock, irq_flags);
mutex_unlock(&fl->signal_create_mutex);
dev_dbg(fl->cctx->dev, "Signal %u created\n", signal_id);
return err;
}
static int fastrpc_dspsignal_destroy(struct fastrpc_user *fl,
struct fastrpc_internal_dspsignal *fsig)
{
u32 signal_id = fsig->signal_id;
struct fastrpc_dspsignal *s = NULL;
unsigned long irq_flags = 0;
dev_dbg(fl->cctx->dev, "Destroy signal %u\n", signal_id);
if (!(signal_id <FASTRPC_DSPSIGNAL_NUM_SIGNALS))
return -EINVAL;
spin_lock_irqsave(&fl->dspsignals_lock, irq_flags);
if (fl->signal_groups[signal_id /FASTRPC_DSPSIGNAL_GROUP_SIZE] != NULL) {
struct fastrpc_dspsignal *group =
fl->signal_groups[signal_id /FASTRPC_DSPSIGNAL_GROUP_SIZE];
s = &group[signal_id % FASTRPC_DSPSIGNAL_GROUP_SIZE];
}
if ((s == NULL) || (s->state == DSPSIGNAL_STATE_UNUSED)) {
spin_unlock_irqrestore(&fl->dspsignals_lock, irq_flags);
dev_err(fl->cctx->dev,"Attempting to destroy unused signal %u\n", signal_id);
return -ENOENT;
}
s->state = DSPSIGNAL_STATE_UNUSED;
complete_all(&s->comp);
spin_unlock_irqrestore(&fl->dspsignals_lock, irq_flags);
dev_dbg(fl->cctx->dev, "Signal %u destroyed\n", signal_id);
return 0;
}
static int fastrpc_dspsignal_cancel_wait(struct fastrpc_user *fl,
struct fastrpc_internal_dspsignal *fsig)
{
u32 signal_id = fsig->signal_id;
struct fastrpc_dspsignal *s = NULL;
unsigned long irq_flags = 0;
dev_dbg(fl->cctx->dev, "Cancel wait for signal %u\n", signal_id);
if (!(signal_id <FASTRPC_DSPSIGNAL_NUM_SIGNALS))
return -EINVAL;
spin_lock_irqsave(&fl->dspsignals_lock, irq_flags);
if (fl->signal_groups[signal_id /FASTRPC_DSPSIGNAL_GROUP_SIZE] != NULL) {
struct fastrpc_dspsignal *group =
fl->signal_groups[signal_id /FASTRPC_DSPSIGNAL_GROUP_SIZE];
s = &group[signal_id %FASTRPC_DSPSIGNAL_GROUP_SIZE];
}
if ((s == NULL) || (s->state == DSPSIGNAL_STATE_UNUSED)) {
spin_unlock_irqrestore(&fl->dspsignals_lock, irq_flags);
dev_err(fl->cctx->dev,"Attempting to cancel unused signal %u\n", signal_id);
return -ENOENT;
}
if (s->state != DSPSIGNAL_STATE_CANCELED) {
s->state = DSPSIGNAL_STATE_CANCELED;
trace_fastrpc_dspsignal("cancel", signal_id, s->state, 0);
complete_all(&s->comp);
}
spin_unlock_irqrestore(&fl->dspsignals_lock, irq_flags);
dev_dbg(fl->cctx->dev, "Signal %u cancelled\n", signal_id);
return 0;
}
/**
* fastrpc_ssr_dspsignal_cancel_wait() -
* Function to cancel waiting signals during SSR
* @arg1: Fastrpc user file pointer
*
* dspsignals will be waiting for DSP response
* cancel wait for these signals during SSR
*
* Return: void
*/
void fastrpc_ssr_dspsignal_cancel_wait(struct fastrpc_user *fl)
{
unsigned long irq_flags = 0;
unsigned int i, j;
struct fastrpc_dspsignal *group, *sig;
spin_lock_irqsave(&fl->dspsignals_lock, irq_flags);
for (i = 0; i < (FASTRPC_DSPSIGNAL_NUM_SIGNALS /
FASTRPC_DSPSIGNAL_GROUP_SIZE); i++) {
group = fl->signal_groups[i];
if (group) {
for (j = 0; j < FASTRPC_DSPSIGNAL_GROUP_SIZE;
j++) {
sig = &group[j];
if (sig && sig->state ==
DSPSIGNAL_STATE_PENDING) {
complete_all(&sig->comp);
sig->state =
DSPSIGNAL_STATE_CANCELED;
}
}
}
}
spin_unlock_irqrestore(&fl->dspsignals_lock, irq_flags);
}
static int fastrpc_invoke_dspsignal(struct fastrpc_user *fl, struct fastrpc_internal_dspsignal *fsig)
{
int err = 0;
switch(fsig->req) {
case FASTRPC_DSPSIGNAL_SIGNAL:
err = fastrpc_dspsignal_signal(fl,fsig);
break;
case FASTRPC_DSPSIGNAL_WAIT :
err = fastrpc_dspsignal_wait(fl,fsig);
break;
case FASTRPC_DSPSIGNAL_CREATE :
err = fastrpc_dspsignal_create(fl,fsig);
break;
case FASTRPC_DSPSIGNAL_DESTROY :
err = fastrpc_dspsignal_destroy(fl,fsig);
break;
case FASTRPC_DSPSIGNAL_CANCEL_WAIT :
err = fastrpc_dspsignal_cancel_wait(fl,fsig);
break;
}
return err;
}
static int fastrpc_multimode_invoke(struct fastrpc_user *fl, char __user *argp)
{
struct fastrpc_enhanced_invoke inv2 ;
struct fastrpc_ioctl_multimode_invoke invoke;
struct fastrpc_internal_control cp = {0};
struct fastrpc_internal_dspsignal *fsig = NULL;
struct fastrpc_internal_notif_rsp notif;
struct fastrpc_internal_config config;
struct fastrpc_internal_sessinfo sessinfo;
u32 multisession, size = 0;
u64 *perf_kernel;
int err = 0;
if (copy_from_user(&invoke, argp, sizeof(invoke)))
return -EFAULT;
switch (invoke.req) {
case FASTRPC_INVOKE:
size = sizeof(struct fastrpc_ioctl_multimode_invoke);
fallthrough;
case FASTRPC_INVOKE_ENHANCED:
/* nscalars is truncated here to max supported value */
if (!size)
size = sizeof(struct fastrpc_enhanced_invoke);
if (copy_from_user(&inv2, (void __user *)(uintptr_t)invoke.invparam,
size))
return -EFAULT;
perf_kernel = (u64 *)(uintptr_t)inv2.perf_kernel;
if (perf_kernel)
fl->profile = true;
err = fastrpc_internal_invoke(fl, USER_MSG, &inv2);
break;
case FASTRPC_INVOKE_CONTROL:
if (copy_from_user(&cp, (void __user *)(uintptr_t)invoke.invparam, sizeof(cp)))
return -EFAULT;
err = fastrpc_internal_control(fl, &cp);
break;
case FASTRPC_INVOKE_DSPSIGNAL:
if (invoke.size > sizeof(*fsig))
return -EINVAL;
fsig = kzalloc(sizeof(*fsig), GFP_KERNEL);
if (!fsig)
return -ENOMEM;
if (copy_from_user(fsig, (void __user *)(uintptr_t)invoke.invparam,
invoke.size)) {
kfree(fsig);
return -EFAULT;
}
err = fastrpc_invoke_dspsignal(fl, fsig);
kfree(fsig);
break;
case FASTRPC_INVOKE_NOTIF:
err = fastrpc_get_notif_response(&notif,
(void *)invoke.invparam, fl);
break;
case FASTRPC_INVOKE_MULTISESSION:
if (copy_from_user(&multisession, (void __user *)(uintptr_t)invoke.invparam, sizeof(multisession)))
return -EFAULT;
if(!fl->multi_session_support)
fl->sessionid = 1;
break;
case FASTRPC_INVOKE_CONFIG:
size = sizeof(struct fastrpc_internal_config);
/* Copy with which ever is miminum size, ensures backward compatibility */
if (invoke.size < size )
size = invoke.size;
if (copy_from_user(&config, (void __user *)(uintptr_t)invoke.invparam,
size))
return -EFAULT;
fl->config.user_fd = config.user_fd;
fl->config.user_size = config.user_size;
fl->config.root_addr = config.root_addr;
fl->config.root_size = config.root_size;
break;
case FASTRPC_INVOKE_SESSIONINFO:
if(copy_from_user(&sessinfo,(void __user *)(uintptr_t)invoke.invparam,
sizeof(struct fastrpc_internal_sessinfo)))
return -EFAULT;
err = fastrpc_set_session_info(fl, &sessinfo);
break;
default:
err = -ENOTTY;
break;
}
return err;
}
static int fastrpc_get_info_from_dsp(struct fastrpc_user *fl, uint32_t *dsp_attr_buf,
uint32_t dsp_attr_buf_len)
{
struct fastrpc_invoke_args args[2] = { 0 };
struct fastrpc_enhanced_invoke ioctl;
/* Capability filled in userspace */
dsp_attr_buf[0] = 0;
dsp_attr_buf_len -= 1;
args[0].ptr = (u64)(uintptr_t)&dsp_attr_buf_len;
args[0].length = sizeof(dsp_attr_buf_len);
args[0].fd = -1;
args[1].ptr = (u64)(uintptr_t)&dsp_attr_buf[1];
args[1].length = dsp_attr_buf_len * sizeof(uint32_t);
args[1].fd = -1;
ioctl.inv.handle = FASTRPC_DSP_UTILITIES_HANDLE;
ioctl.inv.sc = FASTRPC_SCALARS(0, 1, 1);
ioctl.inv.args = (__u64)args;
return fastrpc_internal_invoke(fl, KERNEL_MSG_WITH_ZERO_PID, &ioctl);
}
static int fastrpc_get_info_from_kernel(struct fastrpc_ioctl_capability *cap,
struct fastrpc_user *fl)
{
struct fastrpc_channel_ctx *cctx = fl->cctx;
uint32_t attribute_id = cap->attribute_id;
uint32_t *dsp_attributes;
unsigned long flags;
uint32_t domain = cap->domain;
int err;
spin_lock_irqsave(&cctx->lock, flags);
/* check if we already have queried dsp for attributes */
if (cctx->valid_attributes) {
spin_unlock_irqrestore(&cctx->lock, flags);
goto done;
}
spin_unlock_irqrestore(&cctx->lock, flags);
dsp_attributes = kzalloc(FASTRPC_MAX_DSP_ATTRIBUTES_LEN, GFP_KERNEL);
if (!dsp_attributes)
return -ENOMEM;
err = fastrpc_get_info_from_dsp(fl, dsp_attributes, FASTRPC_MAX_DSP_ATTRIBUTES);
if (err == DSP_UNSUPPORTED_API) {
dev_info(cctx->dev,
"Warning: DSP capabilities not supported on domain: %d\n", domain);
kfree(dsp_attributes);
return -EOPNOTSUPP;
} else if (err) {
dev_dbg(cctx->dev, "Failed to get dsp information err: %d\n", err);
kfree(dsp_attributes);
return err;
}
spin_lock_irqsave(&cctx->lock, flags);
memcpy(cctx->dsp_attributes, dsp_attributes, FASTRPC_MAX_DSP_ATTRIBUTES_LEN);
cctx->valid_attributes = true;
spin_unlock_irqrestore(&cctx->lock, flags);
kfree(dsp_attributes);
done:
cap->capability = cctx->dsp_attributes[attribute_id];
return 0;
}
static int fastrpc_get_dsp_info(struct fastrpc_user *fl, char __user *argp)
{
struct fastrpc_ioctl_capability cap = {0};
int err = 0;
if (copy_from_user(&cap, argp, sizeof(cap)))
return -EFAULT;
cap.capability = 0;
if (cap.domain >= FASTRPC_DEV_MAX) {
dev_err(fl->cctx->dev, "Error: Invalid domain id:%d, err:%d\n",
cap.domain, err);
return -ECHRNG;
}
/* Fastrpc Capablities does not support modem domain */
if (cap.domain == MDSP_DOMAIN_ID) {
dev_err(fl->cctx->dev, "Error: modem not supported %d\n", err);
return -ECHRNG;
}
if (cap.attribute_id >= FASTRPC_MAX_DSP_ATTRIBUTES) {
dev_err(fl->cctx->dev, "Error: invalid attribute: %d, err: %d\n",
cap.attribute_id, err);
return -EOVERFLOW;
}
err = fastrpc_get_info_from_kernel(&cap, fl);
if (err)
return err;
if (copy_to_user(argp, &cap, sizeof(cap)))
return -EFAULT;
return 0;
}
static int fastrpc_req_munmap_dsp(struct fastrpc_user *fl, uintptr_t raddr, u64 size) {
struct fastrpc_invoke_args args[1] = { [0] = { 0 } };
struct fastrpc_enhanced_invoke ioctl;
struct fastrpc_munmap_req_msg req_msg;
int err = 0;
req_msg.pgid = fl->tgid_frpc;
req_msg.size = size;
req_msg.vaddr = raddr;
args[0].ptr = (u64) (uintptr_t) &req_msg;
args[0].length = sizeof(req_msg);
ioctl.inv.handle = FASTRPC_INIT_HANDLE;
ioctl.inv.sc = FASTRPC_SCALARS(FASTRPC_RMID_INIT_MUNMAP, 1, 0);
ioctl.inv.args = (__u64)args;
err = fastrpc_internal_invoke(fl, KERNEL_MSG_WITH_ZERO_PID, &ioctl);
/* error to be printed by caller function */
return err;
}
static int fastrpc_req_munmap_impl(struct fastrpc_user *fl, struct fastrpc_buf *buf)
{
struct device *dev = fl->sctx->smmucb[DEFAULT_SMMU_IDX].dev;
int err;
err = fastrpc_req_munmap_dsp(fl, buf->raddr, buf->size);
if (!err) {
if (buf->type == REMOTEHEAP_BUF) {
if (fl->cctx->vmcount) {
u64 src_perms = 0;
struct qcom_scm_vmperm dst_perms;
u32 i;
for (i = 0; i < fl->cctx->vmcount; i++)
src_perms |= BIT(fl->cctx->vmperms[i].vmid);
dst_perms.vmid = QCOM_SCM_VMID_HLOS;
dst_perms.perm = QCOM_SCM_PERM_RWX;
err = qcom_scm_assign_mem(buf->phys, (u64)buf->size,
&src_perms, &dst_perms, 1);
if (err) {
dev_err(dev,
"%s: Failed to assign memory phys 0x%llx size 0x%llx err %d",
__func__, buf->phys, buf->size, err);
return err;
}
}
}
dev_dbg(dev, "unmmap\tpt 0x%09lx OK\n", buf->raddr);
} else {
dev_err(dev, "unmmap\tpt 0x%09lx ERROR\n", buf->raddr);
}
return err;
}
static int fastrpc_req_munmap(struct fastrpc_user *fl, char __user *argp)
{
struct fastrpc_buf *buf = NULL, *iter, *b;
struct fastrpc_req_munmap req;
struct fastrpc_map *map = NULL, *iterm, *m;
struct device *dev = NULL;
int err = -EINVAL;
unsigned long flags;
if (atomic_read(&fl->state) != DSP_CREATE_COMPLETE) {
dev_err(fl->cctx->dev,
" %s: %s: trying to unmap buf before creating remote session\n",
__func__, current->comm);
return -EHOSTDOWN;
}
if (copy_from_user(&req, argp, sizeof(req)))
return -EFAULT;
dev = fl->sctx->smmucb[DEFAULT_SMMU_IDX].dev;
spin_lock(&fl->lock);
list_for_each_entry_safe(iter, b, &fl->mmaps, node) {
if ((iter->raddr == req.vaddrout) && (iter->size == req.size)) {
buf = iter;
list_del(&buf->node);
break;
}
}
spin_unlock(&fl->lock);
if (buf) {
err = fastrpc_req_munmap_impl(fl, buf);
if(!err) {
fastrpc_buf_free(buf, false);
} else {
spin_lock(&fl->lock);
list_add_tail(&buf->node, &fl->mmaps);
spin_unlock(&fl->lock);
}
return err;
}
spin_lock_irqsave(&fl->cctx->lock, flags);
list_for_each_entry_safe(iter, b, &fl->cctx->gmaps, node) {
if ((iter->raddr == req.vaddrout) && (iter->size == req.size)) {
buf = iter;
list_del(&buf->node);
break;
}
}
spin_unlock_irqrestore(&fl->cctx->lock, flags);
if (buf) {
err = fastrpc_req_munmap_impl(fl, buf);
if(!err) {
fastrpc_buf_free(buf, false);
} else {
spin_lock_irqsave(&fl->cctx->lock, flags);
list_add_tail(&buf->node, &fl->cctx->gmaps);
spin_unlock_irqrestore(&fl->cctx->lock, flags);
}
return err;
}
spin_lock(&fl->lock);
list_for_each_entry_safe(iterm, m, &fl->maps, node) {
if (iterm->raddr == req.vaddrout) {
/*
* Check if DSP mapping is complete, then move the state to
* unmap in progress only if there is no other ongoing unmap.
*/
if (atomic_cmpxchg(&iterm->state, FD_DSP_MAP_COMPLETE,
FD_DSP_UNMAP_IN_PROGRESS) != FD_DSP_MAP_COMPLETE)
err = -EALREADY;
else
map = iterm;
break;
}
}
spin_unlock(&fl->lock);
if (!map) {
dev_err(dev, "buffer not in buf or map list\n");
return err;
}
err = fastrpc_req_munmap_dsp(fl, map->raddr, map->size);
if (err) {
dev_err(dev, "unmmap\tpt fd = %d, 0x%09llx error\n", map->fd, map->raddr);
/* Revert the map state to map complete */
atomic_set(&map->state, FD_DSP_MAP_COMPLETE);
} else {
/* Set the map state to default on successful unmapping */
atomic_set(&map->state, FD_MAP_DEFAULT);
mutex_lock(&fl->map_mutex);
fastrpc_map_put(map);
mutex_unlock(&fl->map_mutex);
}
return err;
}
static int fastrpc_req_mmap(struct fastrpc_user *fl, char __user *argp)
{
struct fastrpc_invoke_args args[3] = { [0 ... 2] = { 0 } };
struct fastrpc_enhanced_invoke ioctl;
struct fastrpc_buf *buf = NULL;
struct fastrpc_mmap_req_msg req_msg;
struct fastrpc_mmap_rsp_msg rsp_msg;
struct fastrpc_phy_page pages;
struct fastrpc_req_mmap req;
struct fastrpc_map *map = NULL;
struct fastrpc_smmu *smmucb = NULL;
struct device *dev = NULL;
struct timespec64 start_ts, end_ts;
int err;
unsigned long flags;
if (atomic_read(&fl->state) != DSP_CREATE_COMPLETE) {
dev_err(fl->cctx->dev,
"%s: %s: trying to map buf before creating remote session\n",
__func__, current->comm);
return -EHOSTDOWN;
}
if (copy_from_user(&req, argp, sizeof(req)))
return -EFAULT;
if (!req.size)
return -EFAULT;
smmucb = &fl->sctx->smmucb[DEFAULT_SMMU_IDX];
dev = smmucb->dev;
if ((req.flags == ADSP_MMAP_ADD_PAGES ||
req.flags == ADSP_MMAP_REMOTE_HEAP_ADDR) && !fl->is_unsigned_pd) {
if (req.vaddrin) {
dev_err(dev,
"adding user allocated pages is only supported for unsigned PD\n");
return -EINVAL;
}
if (req.flags == ADSP_MMAP_REMOTE_HEAP_ADDR) {
err = fastrpc_buf_alloc(fl, NULL, req.size, REMOTEHEAP_BUF, &buf);
} else {
err = fastrpc_smmu_buf_alloc(fl, req.size, USER_BUF, &buf);
}
if (err) {
dev_err(dev, "failed to allocate buffer\n");
return err;
}
/*
* Update dev with correct SMMU device,
* on which the memory is allocated.
*/
if (req.flags == ADSP_MMAP_ADD_PAGES)
dev = buf->smmucb->dev;
req_msg.pgid = fl->tgid_frpc;
req_msg.flags = req.flags;
req_msg.vaddr = req.vaddrin;
req_msg.num = sizeof(pages);
args[0].ptr = (u64) (uintptr_t) &req_msg;
args[0].length = sizeof(req_msg);
pages.addr = buf->phys;
pages.size = buf->size;
args[1].ptr = (u64) (uintptr_t) &pages;
args[1].length = sizeof(pages);
args[2].ptr = (u64) (uintptr_t) &rsp_msg;
args[2].length = sizeof(rsp_msg);
ioctl.inv.handle = FASTRPC_INIT_HANDLE;
ioctl.inv.sc = FASTRPC_SCALARS(FASTRPC_RMID_INIT_MMAP, 2, 1);
ioctl.inv.args = (__u64)args;
err = fastrpc_internal_invoke(fl, KERNEL_MSG_WITH_ZERO_PID, &ioctl);
if (err) {
dev_err(dev, "mmap error (len 0x%08llx)\n", buf->size);
goto err_invoke;
}
/* update the buffer to be able to deallocate the memory on the DSP */
buf->raddr = (uintptr_t) rsp_msg.vaddr;
/* let the client know the address to use */
req.vaddrout = rsp_msg.vaddr;
/* Add memory to static PD pool, protection thru hypervisor */
if (req.flags == ADSP_MMAP_REMOTE_HEAP_ADDR && fl->cctx->vmcount) {
u64 src_perms = BIT(QCOM_SCM_VMID_HLOS);
ktime_get_boottime_ts64(&start_ts);
err = qcom_scm_assign_mem(buf->phys,(u64)buf->size,
&src_perms, fl->cctx->vmperms, fl->cctx->vmcount);
ktime_get_boottime_ts64(&end_ts);
buf->scm_assign_time = timespec64_sub(end_ts, start_ts);
if (err) {
dev_err(dev, "Failed to assign memory phys 0x%llx size 0x%llx err %d",
buf->phys, buf->size, err);
goto err_assign;
}
}
if (req.flags == ADSP_MMAP_REMOTE_HEAP_ADDR) {
spin_lock_irqsave(&fl->cctx->lock, flags);
list_add_tail(&buf->node, &fl->cctx->gmaps);
spin_unlock_irqrestore(&fl->cctx->lock, flags);
} else {
spin_lock(&fl->lock);
list_add_tail(&buf->node, &fl->mmaps);
spin_unlock(&fl->lock);
}
if (copy_to_user((void __user *)argp, &req, sizeof(req)))
/*
* The usercopy failed, but we can't do much about it, as this
* buf is already mapped in the DSP and accessible for the
* current process. Therefore "leak" the buf and rely on the
* process exit path to do any required cleanup.
*/
return -EFAULT;
} else {
if ((req.flags == ADSP_MMAP_REMOTE_HEAP_ADDR) && fl->is_unsigned_pd) {
dev_err(dev, "remote heap is not supported for unsigned PD\n");
return -EINVAL;
}
mutex_lock(&fl->map_mutex);
err = fastrpc_map_create(fl, req.fd, req.vaddrin, NULL, req.size, 0, 0, &map, true);
mutex_unlock(&fl->map_mutex);
if (err) {
dev_err(dev, "failed to map buffer, fd = %d\n", req.fd);
return err;
}
/*
* Update the map state to in progress only if there is no ongoing or
* completed DSP mapping.
*/
if (atomic_cmpxchg(&map->state, FD_MAP_DEFAULT, FD_DSP_MAP_IN_PROGRESS)
!= FD_MAP_DEFAULT) {
err = -EALREADY;
goto err_invoke;
}
req_msg.pgid = fl->tgid_frpc;
req_msg.flags = req.flags;
req_msg.vaddr = req.vaddrin;
req_msg.num = sizeof(pages);
args[0].ptr = (u64) (uintptr_t) &req_msg;
args[0].length = sizeof(req_msg);
pages.addr = map->phys;
pages.size = map->size;
args[1].ptr = (u64) (uintptr_t) &pages;
args[1].length = sizeof(pages);
args[2].ptr = (u64) (uintptr_t) &rsp_msg;
args[2].length = sizeof(rsp_msg);
ioctl.inv.handle = FASTRPC_INIT_HANDLE;
ioctl.inv.sc = FASTRPC_SCALARS(FASTRPC_RMID_INIT_MMAP, 2, 1);
ioctl.inv.args = (__u64)args;
err = fastrpc_internal_invoke(fl, KERNEL_MSG_WITH_ZERO_PID, &ioctl);
if (err) {
dev_err(dev, "mmap error (len 0x%08llx)\n", map->size);
/* Revert the map state to default */
atomic_set(&map->state, FD_MAP_DEFAULT);
goto err_invoke;
}
/* update the buffer to be able to deallocate the memory on the DSP */
map->raddr = (uintptr_t) rsp_msg.vaddr;
/* let the client know the address to use */
req.vaddrout = rsp_msg.vaddr;
/* Set the map state to complete on successful mapping */
atomic_set(&map->state, FD_DSP_MAP_COMPLETE);
if (copy_to_user((void __user *)argp, &req, sizeof(req)))
/*
* The usercopy failed, but we can't do much about it, as this
* map is already mapped in the DSP and accessible for the
* current process. Therefore "leak" the map and rely on the
* process exit path to do any required cleanup.
*/
return -EFAULT;
}
return 0;
err_assign:
err = fastrpc_req_munmap_impl(fl, buf);
if (err) {
if (req.flags == ADSP_MMAP_REMOTE_HEAP_ADDR) {
spin_lock_irqsave(&fl->cctx->lock, flags);
list_add_tail(&buf->node, &fl->cctx->gmaps);
spin_unlock_irqrestore(&fl->cctx->lock, flags);
} else {
spin_lock(&fl->lock);
list_add_tail(&buf->node, &fl->mmaps);
spin_unlock(&fl->lock);
}
buf = NULL;
}
err_invoke:
if (map) {
mutex_lock(&fl->map_mutex);
fastrpc_map_put(map);
mutex_unlock(&fl->map_mutex);
}
if (buf)
fastrpc_buf_free(buf, false);
return err;
}
static int fastrpc_req_mem_unmap_impl(struct fastrpc_user *fl, struct fastrpc_mem_unmap *req)
{
struct fastrpc_invoke_args args[1] = { [0] = { 0 } };
struct fastrpc_enhanced_invoke ioctl;
struct fastrpc_map *map = NULL, *iter, *m;
struct fastrpc_mem_unmap_req_msg req_msg = { 0 };
int err = -EINVAL;
struct device *dev = fl->sctx->smmucb[DEFAULT_SMMU_IDX].dev;
spin_lock(&fl->lock);
list_for_each_entry_safe(iter, m, &fl->maps, node) {
if ((req->fd < 0 || iter->fd == req->fd) && (iter->raddr == req->vaddr)) {
/*
* Check if DSP mapping is complete, then move the state to
* unmap in progress only if there is no other ongoing unmap.
*/
if (atomic_cmpxchg(&iter->state, FD_DSP_MAP_COMPLETE,
FD_DSP_UNMAP_IN_PROGRESS) != FD_DSP_MAP_COMPLETE)
err = -EALREADY;
else
map = iter;
break;
}
}
spin_unlock(&fl->lock);
if (!map) {
dev_err(dev, "map not in list\n");
return err;
}
req_msg.pgid = fl->tgid_frpc;
req_msg.len = map->len;
req_msg.vaddrin = map->raddr;
req_msg.fd = map->fd;
args[0].ptr = (u64) (uintptr_t) &req_msg;
args[0].length = sizeof(req_msg);
ioctl.inv.handle = FASTRPC_INIT_HANDLE;
ioctl.inv.sc = FASTRPC_SCALARS(FASTRPC_RMID_INIT_MEM_UNMAP, 1, 0);
ioctl.inv.args = (__u64)args;
err = fastrpc_internal_invoke(fl, KERNEL_MSG_WITH_ZERO_PID, &ioctl);
if (err) {
dev_err(dev, "Unmap on DSP failed for fd:%d, addr:0x%09llx\n", map->fd, map->raddr);
/* Revert the map state to map complete */
atomic_set(&map->state, FD_DSP_MAP_COMPLETE);
return err;
}
/* Set the map state to default on successful unmapping */
atomic_set(&map->state, FD_MAP_DEFAULT);
mutex_lock(&fl->map_mutex);
fastrpc_map_put(map);
mutex_unlock(&fl->map_mutex);
return 0;
}
static int fastrpc_req_mem_unmap(struct fastrpc_user *fl, char __user *argp)
{
struct fastrpc_mem_unmap req;
if (atomic_read(&fl->state) != DSP_CREATE_COMPLETE) {
dev_err(fl->cctx->dev,
"%s: %s: trying to unmap buf before creating remote session\n",
__func__, current->comm);
return -EHOSTDOWN;
}
if (copy_from_user(&req, argp, sizeof(req)))
return -EFAULT;
return fastrpc_req_mem_unmap_impl(fl, &req);
}
static int fastrpc_req_mem_map(struct fastrpc_user *fl, char __user *argp)
{
struct fastrpc_mem_map req = {0};
struct device *dev = NULL;
struct fastrpc_map *map = NULL;
int err;
if (atomic_read(&fl->state) != DSP_CREATE_COMPLETE) {
dev_err(fl->cctx->dev,
"%s: %s: trying to map buf before creating remote session\n",
__func__, current->comm);
return -EHOSTDOWN;
}
if (copy_from_user(&req, argp, sizeof(req)))
return -EFAULT;
/*
* Prevent mapping backward compatible DMA handles here, as they are
* already mapped in the remote call.
*/
if (req.flags == FASTRPC_MAP_LEGACY_DMA_HANDLE)
return -EINVAL;
dev = fl->sctx->smmucb[DEFAULT_SMMU_IDX].dev;
/* create SMMU mapping */
mutex_lock(&fl->map_mutex);
err = fastrpc_map_create(fl, req.fd, req.vaddrin, NULL, req.length, req.attrs, req.flags, &map, true);
mutex_unlock(&fl->map_mutex);
if (err) {
dev_err(dev, "failed to map buffer, fd = %d\n", req.fd);
return err;
}
/*
* Update the map state to in progress only if there is no ongoing or
* completed DSP mapping.
*/
if (atomic_cmpxchg(&map->state, FD_MAP_DEFAULT, FD_DSP_MAP_IN_PROGRESS)
!= FD_MAP_DEFAULT) {
err = -EALREADY;
goto err_invoke;
}
map->va = (void *) (uintptr_t) req.vaddrin;
/* map to dsp, get virtual adrress for the user*/
err = fastrpc_mem_map_to_dsp(fl, map->fd, req.offset,
req.flags, req.vaddrin, map->phys,
map->size, (uintptr_t *)&req.vaddrout);
if (err) {
dev_err(dev, "failed to map buffer on dsp, fd = %d\n", map->fd);
/* Revert the map state to default */
atomic_set(&map->state, FD_MAP_DEFAULT);
goto err_invoke;
}
/* update the buffer to be able to deallocate the memory on the DSP */
map->raddr = req.vaddrout;
/* Set the map state to complete on successful mapping */
atomic_set(&map->state, FD_DSP_MAP_COMPLETE);
if (copy_to_user((void __user *)argp, &req, sizeof(req)))
/*
* The usercopy failed, but we can't do much about it, as this
* map is already mapped in the DSP and accessible for the
* current process. Therefore "leak" the map and rely on the
* process exit path to do any required cleanup.
*/
return -EFAULT;
return 0;
err_invoke:
mutex_lock(&fl->map_mutex);
fastrpc_map_put(map);
mutex_unlock(&fl->map_mutex);
return err;
}
static long fastrpc_device_ioctl(struct file *file, unsigned int cmd,
unsigned long arg)
{
struct fastrpc_user *fl = (struct fastrpc_user *)file->private_data;
struct fastrpc_channel_ctx *cctx = fl->cctx;
char __user *argp = (char __user *)arg;
int err;
int process_init = 0;
unsigned long flags = 0;
fastrpc_channel_ctx_get(cctx);
spin_lock_irqsave(&cctx->lock, flags);
if (atomic_read(&cctx->teardown)) {
/* If subsystem already going thru SSR, then fail ioctl immediately */
spin_unlock_irqrestore(&cctx->lock, flags);
fastrpc_channel_ctx_put(cctx);
return -EPIPE;
}
/*
* Update invoke count to block SSR handling thread from cleaning up
* the channel resources, while it is still being used by this thread.
*/
fastrpc_channel_update_invoke_cnt(cctx, true);
spin_unlock_irqrestore(&cctx->lock, flags);
switch (cmd) {
case FASTRPC_IOCTL_INVOKE:
trace_fastrpc_msg("invoke: begin");
err = fastrpc_invoke(fl, argp);
trace_fastrpc_msg("invoke: end");
break;
case FASTRPC_IOCTL_MULTIMODE_INVOKE:
err = fastrpc_multimode_invoke(fl, argp);
break;
case FASTRPC_IOCTL_INIT_ATTACH:
err = fastrpc_init_attach(fl, ROOT_PD);
fastrpc_send_cpuinfo_to_dsp(fl);
process_init = 1;
break;
case FASTRPC_IOCTL_INIT_ATTACH_SNS:
err = fastrpc_init_attach(fl, SENSORS_STATICPD);
process_init = 1;
break;
case FASTRPC_IOCTL_INIT_CREATE_STATIC:
err = fastrpc_init_create_static_process(fl, argp);
process_init = 1;
break;
case FASTRPC_IOCTL_INIT_CREATE:
err = fastrpc_init_create_process(fl, argp);
process_init = 1;
break;
case FASTRPC_IOCTL_ALLOC_DMA_BUFF:
err = fastrpc_dmabuf_alloc(fl, argp);
break;
case FASTRPC_IOCTL_MMAP:
mutex_lock(&fl->remote_map_mutex);
err = fastrpc_req_mmap(fl, argp);
mutex_unlock(&fl->remote_map_mutex);
break;
case FASTRPC_IOCTL_MUNMAP:
mutex_lock(&fl->remote_map_mutex);
err = fastrpc_req_munmap(fl, argp);
mutex_unlock(&fl->remote_map_mutex);
break;
case FASTRPC_IOCTL_MEM_MAP:
err = fastrpc_req_mem_map(fl, argp);
break;
case FASTRPC_IOCTL_MEM_UNMAP:
err = fastrpc_req_mem_unmap(fl, argp);
break;
case FASTRPC_IOCTL_GET_DSP_INFO:
err = fastrpc_get_dsp_info(fl, argp);
break;
default:
err = -ENOTTY;
break;
}
if (process_init && !err) {
err = fastrpc_device_create(fl);
if (err)
atomic_set(&fl->state, DEFAULT_PROC_STATE);
else
atomic_set(&fl->state, DSP_CREATE_COMPLETE);
}
fastrpc_channel_update_invoke_cnt(cctx, false);
fastrpc_channel_ctx_put(fl->cctx);
return err;
}
int fastrpc_init_privileged_gids(struct device *dev, char *prop_name,
struct gid_list *gidlist)
{
int err = 0;
u32 len = 0, i;
u32 *gids = NULL;
if (!of_find_property(dev->of_node, prop_name, &len))
return 0;
if (len == 0)
return 0;
len /= sizeof(u32);
gids = kcalloc(len, sizeof(u32), GFP_KERNEL);
if (!gids)
return -ENOMEM;
for (i = 0; i < len; i++) {
err = of_property_read_u32_index(dev->of_node, prop_name,
i, &gids[i]);
if (err) {
dev_err(dev, "%s: failed to read GID %u\n",
__func__, i);
goto read_error;
}
dev_info(dev, "adsprpc: %s: privileged GID: %u\n", __func__, gids[i]);
}
sort(gids, len, sizeof(*gids), uint_cmp_func, NULL);
gidlist->gids = gids;
gidlist->gidcount = len;
return 0;
read_error:
kfree(gids);
return err;
}
union fastrpc_dev_param {
struct fastrpc_dev_map_dma *map;
struct fastrpc_dev_unmap_dma *unmap;
struct fastrpc_dev_get_hlos_pid *hpid;
};
/*
* fastrpc_dev_map_dma() - Function to map buffers mapped on DSP.
* @arg1: client instance of fastrpc_device struct
* @arg2: invoke param
*
* fastrpc_dev_map_dma is used to map buffers mapped on DSP
*
*
* Return: 0 on success.
*
*/
long fastrpc_dev_map_dma(struct fastrpc_device *dev,
unsigned long invoke_param)
{
int err = 0;
union fastrpc_dev_param p;
struct fastrpc_user *fl = NULL;
struct fastrpc_map *map = NULL;
uintptr_t raddr = 0;
unsigned long irq_flags = 0;
struct fastrpc_channel_ctx * cctx = NULL;
spinlock_t *glock = &g_frpc.glock;
p.map = (struct fastrpc_dev_map_dma *)invoke_param;
spin_lock_irqsave(glock, irq_flags);
if (!dev || dev->dev_close) {
err = -ESRCH;
pr_err("%s : bad dev or device is already closed", __func__);
spin_unlock_irqrestore(glock, irq_flags);
return err;
}
fl = dev->fl;
if (!fl) {
err = -EBADF;
pr_err("%s : bad fl", __func__);
spin_unlock_irqrestore(glock, irq_flags);
return err;
}
cctx = fl->cctx;
fastrpc_channel_ctx_get(cctx);
fl->is_dma_invoke_pend = true;
spin_unlock_irqrestore(glock, irq_flags);
/* Map DMA buffer on SMMU device*/
mutex_lock(&fl->remote_map_mutex);
mutex_lock(&fl->map_mutex);
err = fastrpc_map_create(fl, -1, 0, p.map->buf,
p.map->size, p.map->attrs,
ADSP_MMAP_DMA_BUFFER, &map, true);
mutex_unlock(&fl->map_mutex);
if (err)
goto error;
/*
* Update the map state to in progress only if there is no ongoing or
* completed DSP mapping.
*/
if (atomic_cmpxchg(&map->state, FD_MAP_DEFAULT, FD_DSP_MAP_IN_PROGRESS)
!= FD_MAP_DEFAULT) {
err = -EALREADY;
goto error;
}
/* Map DMA buffer on DSP*/
err = fastrpc_mem_map_to_dsp(fl, -1, 0, map->flags, 0, map->phys, map->size, &raddr);
if (err) {
pr_err("%s : failed to map buffer on DSP ", __func__);
/* Revert the map state to map default */
atomic_set(&map->state, FD_MAP_DEFAULT);
goto error;
}
map->raddr = raddr;
p.map->v_dsp_addr = raddr;
/* Set the map state to complete on successful mapping */
atomic_set(&map->state, FD_DSP_MAP_COMPLETE);
error:
if (err && map) {
mutex_lock(&fl->map_mutex);
fastrpc_map_put(map);
mutex_unlock(&fl->map_mutex);
}
spin_lock_irqsave(&cctx->lock, irq_flags);
if (fl) {
if (atomic_read(&fl->state) >= DSP_EXIT_START && fl->is_dma_invoke_pend) {
/*
* If process exit has already started and is waiting for this invoke
* to complete, then unblock it.
*/
complete(&fl->dma_invoke);
}
fl->is_dma_invoke_pend = false;
}
spin_unlock_irqrestore(&cctx->lock, irq_flags);
fastrpc_channel_ctx_put(cctx);
mutex_unlock(&fl->remote_map_mutex);
return err;
}
/*
* fastrpc_dev_unmap_dma() - Function to unmap buffers mapped on DSP.
* @arg1: client instance of fastrpc_device struct
* @arg2: invoke param
*
* fastrpc_dev_unmap_dma is used to unmap buffers mapped on DSP
*
*
* Return: 0 on success.
*
*/
long fastrpc_dev_unmap_dma(struct fastrpc_device *dev,
unsigned long invoke_param)
{
int err = 0;
union fastrpc_dev_param p;
struct fastrpc_user *fl = NULL;
struct fastrpc_map *map = NULL;
unsigned long irq_flags = 0;
struct fastrpc_channel_ctx * cctx = NULL;
spinlock_t *glock = &g_frpc.glock;
p.unmap = (struct fastrpc_dev_unmap_dma *)invoke_param;
spin_lock_irqsave(glock, irq_flags);
if (!dev || dev->dev_close) {
pr_err("%s : bad dev or device is already closed", __func__);
err = -ESRCH;
spin_unlock_irqrestore(glock, irq_flags);
return err;
}
fl = dev->fl;
if (!fl) {
err = -EBADF;
pr_err("%s : bad fl ", __func__);
spin_unlock_irqrestore(glock, irq_flags);
return err;
}
cctx = fl->cctx;
fastrpc_channel_ctx_get(cctx);
fl->is_dma_invoke_pend = true;
spin_unlock_irqrestore(glock, irq_flags);
mutex_lock(&fl->remote_map_mutex);
mutex_lock(&fl->map_mutex);
err = fastrpc_map_lookup(fl, -1, 0, 0, p.unmap->buf,
ADSP_MMAP_DMA_BUFFER, &map, false);
/*
* Check if DSP mapping is complete, then move the state to
* unmap in progress only if there is no other ongoing unmap.
*/
if (!err && atomic_cmpxchg(&map->state, FD_DSP_MAP_COMPLETE,
FD_DSP_UNMAP_IN_PROGRESS) != FD_DSP_MAP_COMPLETE)
err = -EALREADY;
mutex_unlock(&fl->map_mutex);
if (err)
goto error;
/* Un-map DMA buffer on DSP*/
err = fastrpc_req_munmap_dsp(fl, map->raddr, map->size);
if (err) {
pr_err("Unmap on DSP failed for buf phy:0x%llx, raddr:0x%llx, size:0x%llx\n",
map->phys, map->raddr, map->size);
/* Revert the map state to map complete */
atomic_set(&map->state, FD_DSP_MAP_COMPLETE);
goto error;
}
/* Set the map state to default on successful unmapping */
atomic_set(&map->state, FD_MAP_DEFAULT);
mutex_lock(&fl->map_mutex);
fastrpc_map_put(map);
mutex_unlock(&fl->map_mutex);
error:
spin_lock_irqsave(&cctx->lock, irq_flags);
if (fl) {
if (atomic_read(&fl->state) >= DSP_EXIT_START && fl->is_dma_invoke_pend) {
/*
* If process exit has already started and is waiting for this invoke
* to complete, then unblock it.
*/
complete(&fl->dma_invoke);
}
fl->is_dma_invoke_pend = false;
}
spin_unlock_irqrestore(&cctx->lock, irq_flags);
fastrpc_channel_ctx_put(cctx);
mutex_unlock(&fl->remote_map_mutex);
return err;
}
/*
* fastrpc_dev_get_hlos_pid() - Function to get hlos pid.
* @arg1: client instance of fastrpc_device struct.
* @arg2: invoke param.
*
* fastrpc_dev_get_hlos_pid is used to get hlos id
*
* Return: void.
*
*/
long fastrpc_dev_get_hlos_pid(struct fastrpc_device *dev,
unsigned long invoke_param)
{
int err = 0;
union fastrpc_dev_param p;
struct fastrpc_user *fl = NULL;
unsigned long irq_flags = 0;
struct fastrpc_channel_ctx * cctx = NULL;
spinlock_t *glock = &g_frpc.glock;
spin_lock_irqsave(glock, irq_flags);
if (!dev || dev->dev_close) {
pr_err("%s : bad dev or device is already closed", __func__);
err = -ESRCH;
spin_unlock_irqrestore(glock, irq_flags);
return err;
}
fl = dev->fl;
if (!fl) {
err = -EBADF;
pr_err("%s : bad fl ", __func__);
spin_unlock_irqrestore(glock, irq_flags);
return err;
}
cctx = fl->cctx;
fastrpc_channel_ctx_get(cctx);
p.hpid = (struct fastrpc_dev_get_hlos_pid *)invoke_param;
p.hpid->hlos_pid = fl->tgid;
spin_unlock_irqrestore(glock, irq_flags);
fastrpc_channel_ctx_put(cctx);
return err;
}
/*
* fastrpc_driver_invoke() - Invocation function for client drivers.
* @arg1: client instance of fastrpc_device struct
* @arg2: invoke number
* @arg3: invoke param
*
* fastrpc_driver_invoke is exposed to the client drivers to make invoke
* calls. Clients can map and unmap buffers on dsp using invoke calls.
* function can be called with an instance of the fastrpc_device instance,
* invocation number and corresponding invoke params.
*
*
* Return: 0 on success.
*
*/
long fastrpc_driver_invoke(struct fastrpc_device *dev, unsigned int invoke_num,
unsigned long invoke_param)
{
int err = 0;
switch (invoke_num) {
case FASTRPC_DEV_MAP_DMA:
err = fastrpc_dev_map_dma(dev, invoke_param);
break;
case FASTRPC_DEV_UNMAP_DMA:
err = fastrpc_dev_unmap_dma(dev, invoke_param);
break;
case FASTRPC_DEV_GET_HLOS_PID:
err = fastrpc_dev_get_hlos_pid(dev, invoke_param);
break;
default:
err = -ENOTTY;
break;
}
return err;
}
EXPORT_SYMBOL_GPL(fastrpc_driver_invoke);
/*
* fastrpc_device_create() - Create an instance of fastrpc_device.
* @arg1: fastrpc_user instance corresponding to the process.
*
* fastrpc_device_create will create an instance of struct fastrpc_device
* for each process
*
*
* Return: 0 on success, error code on failure.
*
*/
static int fastrpc_device_create(struct fastrpc_user *fl)
{
int err = 0;
struct fastrpc_device *frpc_dev = NULL;
frpc_dev = kzalloc(sizeof(*frpc_dev), GFP_KERNEL);
if (!frpc_dev) {
err = -ENOMEM;
return err;
}
frpc_dev->fl = fl;
frpc_dev->handle = fl->tgid_frpc;
fl->device = frpc_dev;
return err;
}
/*
* fastrpc_driver_unregister() - Function to unregister client drivers.
* @arg1: client instance of fastrpc_driver struct
*
* fastrpc_driver_unregister is used to unregister the client drivers
* from fastrpc driver.
*
* Context: Acquires channel context spin-lock and glock
*
* Return: void.
*
*/
void fastrpc_driver_unregister(struct fastrpc_driver *frpc_driver){
struct fastrpc_device *frpc_dev = NULL;
unsigned long irq_flags = 0, flags = 0;
struct fastrpc_channel_ctx * cctx = NULL;
struct fastrpc_user *fl = NULL;
spinlock_t *glock = &g_frpc.glock;
spin_lock_irqsave(glock, irq_flags);
frpc_dev = (struct fastrpc_device *)frpc_driver->device;
if (!frpc_dev) {
spin_unlock_irqrestore(glock, irq_flags);
pr_err("passed invalid driver, fastrpc device not present");
return;
}
// If device is already closed, free the device
if (frpc_dev->dev_close) {
spin_unlock_irqrestore(glock, irq_flags);
kfree(frpc_dev);
pr_info("Un-registering fastrpc driver with handle 0x%x\n",
frpc_driver->handle);
return;
}
fl = frpc_dev->fl;
if (!fl) {
spin_unlock_irqrestore(glock, irq_flags);
pr_err("passed invalid driver, invalid process");
return;
}
cctx = frpc_dev->fl->cctx;
fastrpc_channel_ctx_get(cctx);
spin_lock_irqsave(&cctx->lock, flags);
list_del_init(&frpc_driver->hn);
spin_unlock_irqrestore(&cctx->lock, flags);
spin_unlock_irqrestore(glock, irq_flags);
fastrpc_channel_ctx_put(cctx);
pr_info("Un-registering fastrpc driver with handle 0x%x\n",
frpc_driver->handle);
}
EXPORT_SYMBOL_GPL(fastrpc_driver_unregister);
/*
* fastrpc_driver_register() - Function to register client drivers.
* @arg1: client instance of fastrpc_driver struct.
*
* fastrpc_driver_register is used to register client drivers with
* fastrpc driver. Clients will pass instance of fastrpc_driver struct.
* The instance will contain unique id corresponding to a process. Function
* will iterate through channel context to find a match. If match is found,
* probe function provided in the input struct will be called. During probe
* we will share fastrpc_device instance as a handle which can be used by the
* client driver while making invoke calls.
*
* Context: Acquires channel context spin-lock to iterate through
* contexts.
* Return: 0 on success. Corresponding error value on failure.
*
*/
int fastrpc_driver_register(struct fastrpc_driver *frpc_driver)
{
int err = 0, i = 0;
unsigned long irq_flags = 0;
struct fastrpc_user *user = NULL;
struct fastrpc_channel_ctx *cctx = NULL;
if(frpc_driver == NULL) {
pr_err("%s : invalid registraion request", __func__);
return -EINVAL;
}
/* Set to NULL to avoid stale values */
frpc_driver->device = NULL;
/*
* Iterate through all channel contexts to find the process
* requested by the client driver.
*/
for (i = 0; i < FASTRPC_DEV_MAX; i++) {
cctx = g_frpc.gctx[i];
if (!cctx)
continue;
spin_lock_irqsave(&cctx->lock, irq_flags);
list_for_each_entry(user, &cctx->users, user) {
if (user->tgid_frpc == frpc_driver->handle) {
goto process_found;
}
}
spin_unlock_irqrestore(&cctx->lock, irq_flags);
}
pr_err("%s: no client found for handle 0x%x",
__func__, frpc_driver->handle);
return -ESRCH;
process_found:
if(user->device->dev_close) {
spin_unlock_irqrestore(&cctx->lock, irq_flags);
pr_err("%s : process already exited", __func__);
return -ESRCH;
}
frpc_driver->device = (struct device *)user->device;
list_add_tail(&frpc_driver->hn, &user->fastrpc_drivers);
spin_unlock_irqrestore(&cctx->lock, irq_flags);
/* Execute the probe fn. of the client driver if matching process found */
frpc_driver->probe(user->device);
pr_info("fastrpc driver registered with handle 0x%x\n", frpc_driver->handle);
return err;
}
EXPORT_SYMBOL_GPL(fastrpc_driver_register);
void fastrpc_notify_users(struct fastrpc_user *user)
{
struct fastrpc_invoke_ctx *ctx;
struct fastrpc_user *fl;
spin_lock(&user->lock);
list_for_each_entry(ctx, &user->pending, node) {
fl = ctx->fl;
/*
* After audio or ois PDR, skip notifying the pending kill call,
* as the DSP guestOS may still be processing and might result
* improper access issues.
*/
if (atomic_read(&fl->state) >= DSP_EXIT_START && IS_PDR(fl) &&
fl->pd_type != SENSORS_STATICPD &&
ctx->msg.handle == FASTRPC_INIT_HANDLE)
continue;
ctx->retval = -EPIPE;
ctx->is_work_done = true;
trace_fastrpc_context_complete(ctx->fl->cctx->domain_id, (uint64_t)ctx,
ctx->retval, ctx->pid, ctx->pid, ctx->sc);
complete(&ctx->work);
}
list_for_each_entry(ctx, &user->interrupted, node) {
ctx->retval = -EPIPE;
ctx->is_work_done = true;
trace_fastrpc_context_complete(ctx->fl->cctx->domain_id, (uint64_t)ctx,
ctx->retval, ctx->pid, ctx->pid, ctx->sc);
complete(&ctx->work);
}
spin_unlock(&user->lock);
}
static void fastrpc_notify_pdr_drivers(struct fastrpc_channel_ctx *cctx,
char *servloc_name)
{
struct fastrpc_user *fl;
unsigned long flags;
spin_lock_irqsave(&cctx->lock, flags);
list_for_each_entry(fl, &cctx->users, user) {
if (fl->servloc_name && !strcmp(servloc_name, fl->servloc_name))
fastrpc_notify_users(fl);
}
spin_unlock_irqrestore(&cctx->lock, flags);
}
static void fastrpc_pdr_cb(int state, char *service_path, void *priv)
{
struct fastrpc_static_pd *spd = (struct fastrpc_static_pd *)priv;
struct fastrpc_channel_ctx *cctx;
unsigned long flags;
if (!spd)
return;
cctx = spd->cctx;
switch (state) {
case SERVREG_SERVICE_STATE_DOWN:
pr_info("fastrpc: %s: %s (%s) is down for PDR on %s\n",
__func__, spd->spdname,
spd->servloc_name,
domains[cctx->domain_id]);
spin_lock_irqsave(&cctx->lock, flags);
spd->pdrcount++;
atomic_set(&spd->ispdup, 0);
atomic_set(&spd->is_attached, 0);
spin_unlock_irqrestore(&cctx->lock, flags);
if (!strcmp(spd->servloc_name,
AUDIO_PDR_SERVICE_LOCATION_CLIENT_NAME))
cctx->staticpd_status = false;
fastrpc_notify_pdr_drivers(cctx, spd->servloc_name);
break;
case SERVREG_SERVICE_STATE_UP:
pr_info("fastrpc: %s: %s (%s) is up for PDR on %s\n",
__func__, spd->spdname,
spd->servloc_name,
domains[cctx->domain_id]);
atomic_set(&spd->ispdup, 1);
break;
default:
break;
}
return;
}
static const struct file_operations fastrpc_fops = {
.open = fastrpc_device_open,
.release = fastrpc_device_release,
.unlocked_ioctl = fastrpc_device_ioctl,
.compat_ioctl = fastrpc_device_ioctl,
};
static int fastrpc_cb_probe(struct platform_device *pdev)
{
struct fastrpc_channel_ctx *cctx;
struct fastrpc_pool_ctx *sess = NULL;
struct device *dev = &pdev->dev;
int i, sessions = 0;
unsigned long flags;
u32 pd_type = DEFAULT_UNUSED, smmuidx = DEFAULT_SMMU_IDX;
int rc, err = 0;
struct fastrpc_buf *buf = NULL;
struct iommu_domain *domain = NULL;
struct gen_pool *gen_pool = NULL;
int frpc_gen_addr_pool[2] = {0, 0};
u32 smmu_alloc_range[2] = {0, 0};
struct sg_table sgt;
struct fastrpc_smmu *smmucb = NULL;
#ifdef CONFIG_DEBUG_FS
struct dentry *debugfs_root = g_frpc.debugfs_root;
struct dentry *debugfs_global_file = NULL;
#endif
cctx = get_current_channel_ctx(dev);
if (IS_ERR_OR_NULL(cctx))
return -EINVAL;
of_property_read_u32(dev->of_node, "qcom,nsessions", &sessions);
if (of_get_property(dev->of_node, "pd-type", NULL) != NULL) {
err = of_property_read_u32(dev->of_node, "pd-type",
&pd_type);
if (err)
goto bail;
// Set pd_type, if the process type is configured for context banks
cctx->pd_type = true;
}
spin_lock_irqsave(&cctx->lock, flags);
if (cctx->sesscount >= FASTRPC_MAX_SESSIONS) {
dev_err(&pdev->dev, "too many sessions\n");
spin_unlock_irqrestore(&cctx->lock, flags);
return -ENOSPC;
}
/* Find any existing session for pooling CBs with same PD type */
for (i = 0; i < cctx->sesscount; i++) {
/* Only USER_UNSIGNEDPD_POOL type is pooled */
if (pd_type != USER_UNSIGNEDPD_POOL)
break;
if (cctx->session[i].pd_type == pd_type) {
sess = &cctx->session[i];
/* Set smmucb_pool to true, if SMMU CB pooling is enabled */
cctx->smmucb_pool = true;
break;
}
}
/* If no existing session was found, prepare new session */
if (!sess)
sess = &cctx->session[cctx->sesscount++];
/* Update session info during probe of first CB only */
if (sess->smmucount == 0) {
sess->usecount = 0;
sess->pd_type = pd_type;
}
/* Read secure flag for each context bank, even if part of CB pool */
sess->secure = of_property_read_bool(dev->of_node,
"qcom,secure-context-bank");
/* Populate SMMU CB info at next available free SMMU index */
smmuidx = sess->smmucount++;
smmucb = &sess->smmucb[smmuidx];
smmucb->valid = true;
smmucb->dev = dev;
smmucb->sess = sess;
mutex_init(&smmucb->map_mutex);
if (of_property_read_u32(dev->of_node, "reg", &smmucb->sid))
dev_info(dev, "FastRPC Session ID not specified in DT\n");
/* Set SMMU context bank, min and max allocation range */
if (!of_property_read_u32_array(dev->of_node, "alloc-size-range",
smmu_alloc_range, sizeof(smmu_alloc_range))) {
smmucb->minallocsize = smmu_alloc_range[0];
smmucb->maxallocsize = smmu_alloc_range[1];
}
smmucb->totalbytes = SMMU_4GB_ADDRESS_SPACE;
/* Set SMMU device private data with fastrpc SMMU CB pointer */
dev_set_drvdata(dev, smmucb);
/* Context bank can be shared by multiple apps. Create duplicate sessions */
if (sessions > 0) {
struct fastrpc_pool_ctx *dup_sess = NULL;
sess->sharedcb = true;
for (i = 1; i < sessions; i++) {
if (cctx->sesscount >= FASTRPC_MAX_SESSIONS)
break;
dup_sess = &cctx->session[cctx->sesscount++];
memcpy(dup_sess, sess, sizeof(*dup_sess));
mutex_init(&dup_sess->smmucb[DEFAULT_SMMU_IDX].map_mutex);
}
}
spin_unlock_irqrestore(&cctx->lock, flags);
if (of_get_property(dev->of_node, "qrtr-gen-pool", NULL) != NULL) {
err = of_property_read_u32_array(dev->of_node, "frpc-gen-addr-pool",
frpc_gen_addr_pool, 2);
if (err) {
dev_err(&pdev->dev, "Error: parsing frpc-gen-addr-pool arguments failed for %s with err %d\n",
dev_name(dev), err);
goto bail;
}
smmucb->genpool_iova = frpc_gen_addr_pool[0];
smmucb->genpool_size = frpc_gen_addr_pool[1];
buf = kzalloc(sizeof(*buf), GFP_KERNEL);
if (IS_ERR_OR_NULL(buf)) {
err = -ENOMEM;
dev_err(&pdev->dev, "allocation failed for size 0x%zx\n", sizeof(*buf));
goto bail;
}
INIT_LIST_HEAD(&buf->attachments);
INIT_LIST_HEAD(&buf->node);
mutex_init(&buf->lock);
buf->virt = NULL;
buf->phys = 0;
buf->size = frpc_gen_addr_pool[1];
buf->dev = smmucb->dev;
buf->raddr = 0;
/* Allocate memory for adding to genpool */
buf->virt = dma_alloc_coherent(buf->dev, buf->size,
(dma_addr_t *)&buf->phys, GFP_KERNEL);
if (IS_ERR_OR_NULL(buf->virt)) {
dev_err(&pdev->dev, "dma_alloc failed for size 0x%llx, returned %pK\n",
buf->size, buf->virt);
err = -ENOBUFS;
goto dma_alloc_bail;
}
err = dma_get_sgtable(smmucb->dev, &sgt, buf->virt,
buf->phys, buf->size);
if (err) {
dev_err(&pdev->dev, "dma_get_sgtable_attrs failed with err %d", err);
goto iommu_map_bail;
}
domain = iommu_get_domain_for_dev(smmucb->dev);
if (!domain) {
dev_err(&pdev->dev, "iommu_get_domain_for_dev failed ");
goto iommu_map_bail;
}
/* Map the allocated memory with fixed IOVA and is shared to remote subsystem */
#if (KERNEL_VERSION(6, 3, 0) <= LINUX_VERSION_CODE)
err = iommu_map_sg(domain, frpc_gen_addr_pool[0], sgt.sgl,
sgt.nents, IOMMU_READ | IOMMU_WRITE | IOMMU_CACHE, GFP_KERNEL);
#else
err = iommu_map_sg(domain, frpc_gen_addr_pool[0], sgt.sgl,
sgt.nents, IOMMU_READ | IOMMU_WRITE | IOMMU_CACHE);
#endif
if (err < 0) {
dev_err(&pdev->dev, "iommu_map_sg failed with err %d", err);
goto iommu_map_bail;
}
/* Create genpool using SMMU device */
gen_pool = devm_gen_pool_create(smmucb->dev, 0, NUMA_NO_NODE, NULL);
if (IS_ERR(gen_pool)) {
err = PTR_ERR(gen_pool);
dev_err(&pdev->dev, "devm_gen_pool_create failed with err %d", err);
goto genpool_create_bail;
}
/* Add allocated memory to genpool */
err = gen_pool_add_virt(gen_pool, (unsigned long)buf->virt,
buf->phys, buf->size, NUMA_NO_NODE);
if (err) {
dev_err(&pdev->dev, "gen_pool_add_virt failed with err %d", err);
goto genpool_add_bail;
}
smmucb->frpc_genpool = gen_pool;
smmucb->frpc_genpool_buf = buf;
dev_err(&pdev->dev, "fastrpc_cb_probe qrtr-gen-pool end\n");
}
rc = dma_set_mask(dev, DMA_BIT_MASK(32));
if (rc) {
dev_err(dev, "32-bit DMA enable failed\n");
return rc;
}
#ifdef CONFIG_DEBUG_FS
if (debugfs_root && !g_frpc.debugfs_global_file) {
debugfs_global_file = debugfs_create_file("global", 0644,
debugfs_root, NULL, &fastrpc_debugfs_fops);
if (IS_ERR_OR_NULL(debugfs_global_file)) {
pr_warn("Error: %s: %s: failed to create debugfs global file\n",
current->comm, __func__);
debugfs_global_file = NULL;
}
g_frpc.debugfs_global_file = debugfs_global_file;
}
#endif
bail:
if (!err)
dev_info(dev, "Successfully added %s", dev->kobj.name);
return err;
genpool_add_bail:
gen_pool_destroy(gen_pool);
genpool_create_bail:
iommu_unmap(domain, smmucb->genpool_iova, smmucb->genpool_size);
iommu_map_bail:
dma_free_coherent(smmucb->dev, buf->size, buf->virt, FASTRPC_PHYS(buf->phys));
dma_alloc_bail:
kfree(buf);
return err;
}
/* Function to free fastrpc genpool buffer */
static void fastrpc_genpool_free(struct fastrpc_smmu *smmucb)
{
struct fastrpc_buf *buf = NULL;
struct iommu_domain *domain = NULL;
if (!smmucb)
return;
buf = smmucb->frpc_genpool_buf;
if (smmucb->frpc_genpool) {
gen_pool_destroy(smmucb->frpc_genpool);
smmucb->frpc_genpool = NULL;
}
if (buf && smmucb->dev) {
domain = iommu_get_domain_for_dev(smmucb->dev);
iommu_unmap(domain, smmucb->genpool_iova,
smmucb->genpool_size);
if (buf->phys)
dma_free_coherent(buf->dev, buf->size, buf->virt,
FASTRPC_PHYS(buf->phys));
kfree(buf);
smmucb->frpc_genpool_buf = NULL;
}
}
static int fastrpc_cb_remove(struct platform_device *pdev)
{
struct fastrpc_channel_ctx *cctx = dev_get_drvdata(pdev->dev.parent);
struct fastrpc_smmu *smmucb = dev_get_drvdata(&pdev->dev),
*ismmucb = NULL;
struct fastrpc_pool_ctx *sess = smmucb->sess;
unsigned long flags;
int i = 0, j = 0;
if (sess->pd_type == ROOT_PD)
fastrpc_rootheap_buf_list_free(cctx);
spin_lock_irqsave(&cctx->lock, flags);
for (i = 0; i < FASTRPC_MAX_SESSIONS; i++) {
for (j = 0; j < cctx->session[i].smmucount; j++) {
ismmucb = &cctx->session[i].smmucb[j];
if (ismmucb->sid != smmucb->sid)
continue;
spin_unlock_irqrestore(&cctx->lock, flags);
mutex_lock(&ismmucb->map_mutex);
if (ismmucb->frpc_genpool)
fastrpc_genpool_free(ismmucb);
ismmucb->dev = NULL;
mutex_unlock(&ismmucb->map_mutex);
spin_lock_irqsave(&cctx->lock, flags);
ismmucb->valid = false;
cctx->sesscount--;
}
}
spin_unlock_irqrestore(&cctx->lock, flags);
dev_info(&pdev->dev, "Successfully removed %s", pdev->dev.kobj.name);
return 0;
}
static const struct of_device_id fastrpc_match_table[] = {
{ .compatible = "qcom,fastrpc-compute-cb", },
{}
};
static struct platform_driver fastrpc_cb_driver = {
.probe = fastrpc_cb_probe,
.remove = fastrpc_cb_remove,
.driver = {
.name = "qcom,fastrpc-cb",
.of_match_table = fastrpc_match_table,
.suppress_bind_attrs = true,
},
};
int fastrpc_device_register(struct device *dev, struct fastrpc_channel_ctx *cctx,
bool is_secured, const char *domain)
{
struct fastrpc_device_node *fdev;
int err;
fdev = devm_kzalloc(dev, sizeof(*fdev), GFP_KERNEL);
if (!fdev)
return -ENOMEM;
fdev->secure = is_secured;
fdev->cctx = cctx;
cctx->dev = dev;
fdev->miscdev.minor = MISC_DYNAMIC_MINOR;
fdev->miscdev.fops = &fastrpc_fops;
fdev->miscdev.name = devm_kasprintf(dev, GFP_KERNEL, "fastrpc-%s%s",
domain, is_secured ? "-secure" : "");
if (!fdev->miscdev.name)
return -ENOMEM;
err = misc_register(&fdev->miscdev);
if (!err) {
if (is_secured)
cctx->secure_fdevice = fdev;
else
cctx->fdevice = fdev;
}
return err;
}
void fastrpc_lowest_capacity_corecount(struct device *dev, struct fastrpc_channel_ctx *cctx)
{
u32 cpu = 0;
cpu = cpumask_first(cpu_possible_mask);
for_each_cpu(cpu, cpu_possible_mask) {
if (topology_cluster_id(cpu) == 0)
cctx->lowest_capacity_core_count++;
}
dev_info(dev, "Lowest capacity core count: %u\n",
cctx->lowest_capacity_core_count);
}
int fastrpc_setup_service_locator(struct fastrpc_channel_ctx *cctx, char *client_name,
char *service_name, char *service_path, int spd_session)
{
int err = 0;
struct pdr_handle *handle = NULL;
struct pdr_service *service = NULL;
/* Register the service locator's callback function */
handle = pdr_handle_alloc(fastrpc_pdr_cb, &cctx->spd[spd_session]);
if (IS_ERR(handle)) {
err = PTR_ERR(handle);
goto bail;
}
cctx->spd[spd_session].pdrhandle = handle;
cctx->spd[spd_session].servloc_name = client_name;
cctx->spd[spd_session].spdname = service_path;
cctx->spd[spd_session].cctx = cctx;
service = pdr_add_lookup(handle, service_name, service_path);
if (IS_ERR(service)) {
err = PTR_ERR(service);
goto bail;
}
dev_info(cctx->dev, "%s: pdr_add_lookup enabled for %s (%s, %s)\n",
__func__, service_name, client_name, service_path);
bail:
if (err)
dev_err(cctx->dev, "%s: failed for %s (%s, %s)with err %d\n",
__func__, service_name, client_name, service_path, err);
return err;
}
void fastrpc_register_wakeup_source(struct device *dev,
const char *client_name, struct wakeup_source **device_wake_source)
{
struct wakeup_source *wake_source = NULL;
wake_source = wakeup_source_register(dev, client_name);
if (IS_ERR_OR_NULL(wake_source)) {
dev_err(dev, "wakeup_source_register failed for dev %s, client %s with err %ld\n",
dev_name(dev), client_name, PTR_ERR(wake_source));
return;
}
*device_wake_source = wake_source;
}
static void fastrpc_notify_user_ctx(struct fastrpc_invoke_ctx *ctx, int retval,
u32 rsp_flags, u32 early_wake_time)
{
if (ctx->cctx && !atomic_read(&ctx->cctx->teardown))
fastrpc_pm_awake(ctx->fl, ctx->cctx->secure);
ctx->retval = retval;
ctx->rsp_flags = (enum fastrpc_response_flags)rsp_flags;
trace_fastrpc_context_complete(ctx->cctx->domain_id, (uint64_t)ctx,
retval, ctx->ctxid, ctx->pid, ctx->sc);
switch (rsp_flags) {
case NORMAL_RESPONSE:
case COMPLETE_SIGNAL:
/* normal and complete response with return value */
ctx->is_work_done = true;
trace_fastrpc_msg("wakeup_task: begin");
complete(&ctx->work);
trace_fastrpc_msg("wakeup_task: end");
break;
case USER_EARLY_SIGNAL:
/* user hint of approximate time of completion */
ctx->early_wake_time = early_wake_time;
break;
case EARLY_RESPONSE:
/* rpc framework early response with return value */
trace_fastrpc_msg("wakeup_task: begin");
complete(&ctx->work);
trace_fastrpc_msg("wakeup_task: end");
break;
default:
break;
}
}
static void fastrpc_handle_signal_rpmsg(uint64_t msg, struct fastrpc_channel_ctx *cctx)
{
u32 pid = msg >> 32;
u32 signal_id = msg & 0xffffffff;
struct fastrpc_user *fl ;
unsigned long irq_flags = 0;
bool process_found = false;
if (signal_id >=FASTRPC_DSPSIGNAL_NUM_SIGNALS)
return;
spin_lock_irqsave(&cctx->lock, irq_flags);
list_for_each_entry(fl, &cctx->users, user) {
if (fl->tgid_frpc == pid && atomic_read(&fl->state) < DSP_EXIT_START) {
process_found = true;
break;
}
}
spin_unlock_irqrestore(&cctx->lock, irq_flags);
if (!process_found) {
pr_warn("Warning: %s: no active processes found for pid %u, signal id %u",
__func__, pid, signal_id);
return;
}
spin_lock_irqsave(&fl->dspsignals_lock, irq_flags);
if (fl->signal_groups[signal_id /FASTRPC_DSPSIGNAL_GROUP_SIZE]) {
struct fastrpc_dspsignal *group =
fl->signal_groups[signal_id /FASTRPC_DSPSIGNAL_GROUP_SIZE];
struct fastrpc_dspsignal *sig =
&group[signal_id %FASTRPC_DSPSIGNAL_GROUP_SIZE];
if ((sig->state == DSPSIGNAL_STATE_PENDING) ||
(sig->state == DSPSIGNAL_STATE_SIGNALED)) {
trace_fastrpc_dspsignal("complete", signal_id, sig->state, 0);
complete(&sig->comp);
sig->state = DSPSIGNAL_STATE_SIGNALED;
} else if (sig->state == DSPSIGNAL_STATE_UNUSED) {
pr_err("Received unknown signal %u for PID %u\n",
signal_id, pid);
}
} else {
pr_err("Received unknown signal %u for PID %u\n",
signal_id, pid);
}
spin_unlock_irqrestore(&fl->dspsignals_lock, irq_flags);
}
int fastrpc_handle_rpc_response(struct fastrpc_channel_ctx *cctx, void *data, int len)
{
struct fastrpc_invoke_rsp *rsp = data;
struct fastrpc_invoke_rspv2 *rspv2 = NULL;
struct dsp_notif_rsp *notif = (struct dsp_notif_rsp *)data;
struct fastrpc_invoke_ctx *ctx;
unsigned long flags = 0, idr = 0;
u64 ctxid = 0;
u32 rsp_flags = 0, early_wake_time = 0, version = 0;
if (len == sizeof(uint64_t)) {
trace_fastrpc_transport_response(cctx->domain_id, *((uint64_t *)data), 0, 0, 0);
fastrpc_handle_signal_rpmsg(*((uint64_t *)data), cctx);
return 0;
}
if (notif->ctx == FASTRPC_NOTIF_CTX_RESERVED) {
if (notif->type == STATUS_RESPONSE && len >= sizeof(*notif)) {
fastrpc_notif_find_process(cctx->domain_id, cctx, notif);
return 0;
} else {
return -ENOENT;
}
}
if (len < sizeof(*rsp))
return -EINVAL;
if (len >= sizeof(*rspv2)) {
rspv2 = data;
if (rspv2) {
early_wake_time = rspv2->early_wake_time;
rsp_flags = rspv2->flags;
version = rspv2->version;
}
}
fastrpc_update_rxmsg_buf(cctx, rsp->ctx, rsp->retval,
rsp_flags, early_wake_time, version, get_timestamp_in_ns());
trace_fastrpc_transport_response(cctx->domain_id, rsp->ctx,
rsp->retval, rsp_flags, early_wake_time);
idr = FASTRPC_GET_IDR_FROM_CTXID(rsp->ctx);
ctxid = FASTRPC_GET_CTXID_FROM_RSP_CTX(rsp->ctx);
spin_lock_irqsave(&cctx->lock, flags);
ctx = idr_find(&cctx->ctx_idr, idr);
if (!ctx) {
spin_unlock_irqrestore(&cctx->lock, flags);
return 0;
}
if (ctx->ctxid != ctxid) {
spin_unlock_irqrestore(&cctx->lock, flags);
dev_info(cctx->dev,
"Warning: rsp ctxid 0x%llx mismatch with local ctxid 0x%llx (full rsp ctx 0x%llx)",
ctxid, ctx->ctxid, rsp->ctx);
return 0;
}
if (rspv2) {
if (rspv2->version != FASTRPC_RSP_VERSION2) {
dev_err(cctx->dev, "Incorrect response version %d\n", rspv2->version);
spin_unlock_irqrestore(&cctx->lock, flags);
return -EINVAL;
}
}
fastrpc_notify_user_ctx(ctx, rsp->retval, rsp_flags, early_wake_time);
spin_unlock_irqrestore(&cctx->lock, flags);
/*
* The DMA buffer associated with the context cannot be freed in
* interrupt context so schedule it through a worker thread to
* avoid a kernel BUG.
*/
// schedule_work(&ctx->put_work);
return 0;
}
static int fastrpc_init(void)
{
int ret;
#ifdef CONFIG_DEBUG_FS
struct dentry *debugfs_root = NULL;
#endif
spin_lock_init(&g_frpc.glock);
ret = platform_driver_register(&fastrpc_cb_driver);
if (ret < 0) {
pr_err("fastrpc: failed to register cb driver\n");
return ret;
}
ret = fastrpc_transport_init();
if (ret < 0) {
pr_err("fastrpc: failed to register rpmsg driver\n");
platform_driver_unregister(&fastrpc_cb_driver);
return ret;
}
#ifdef CONFIG_DEBUG_FS
debugfs_root = debugfs_create_dir("fastrpc", NULL);
if (IS_ERR_OR_NULL(debugfs_root)) {
pr_warn("Error: %s: %s: failed to create debugfs root dir\n",
current->comm, __func__);
debugfs_remove_recursive(debugfs_root);
debugfs_root = NULL;
}
g_frpc.debugfs_root = debugfs_root;
#endif
return 0;
}
module_init(fastrpc_init);
static void fastrpc_exit(void)
{
platform_driver_unregister(&fastrpc_cb_driver);
fastrpc_transport_deinit();
#ifdef CONFIG_DEBUG_FS
debugfs_remove_recursive(g_frpc.debugfs_root);
#endif
}
module_exit(fastrpc_exit);
MODULE_LICENSE("GPL v2");
MODULE_IMPORT_NS(DMA_BUF);
Reference in New Issue View Git Blame Copy Permalink