1// SPDX-License-Identifier: GPL-2.0 2/* 3 * Copyright (c) 2016, Linaro Ltd. 4 * Copyright (c) 2012, Michal Simek <monstr@monstr.eu> 5 * Copyright (c) 2012, PetaLogix 6 * Copyright (c) 2011, Texas Instruments, Inc. 7 * Copyright (c) 2011, Google, Inc. 8 * 9 * Based on rpmsg performance statistics driver by Michal Simek, which in turn 10 * was based on TI & Google OMX rpmsg driver. 11 */ 12#include <linux/cdev.h> 13#include <linux/device.h> 14#include <linux/fs.h> 15#include <linux/idr.h> 16#include <linux/kernel.h> 17#include <linux/module.h> 18#include <linux/poll.h> 19#include <linux/rpmsg.h> 20#include <linux/skbuff.h> 21#include <linux/slab.h> 22#include <linux/uaccess.h> 23#include <uapi/linux/rpmsg.h> 24 25#include "rpmsg_internal.h" 26 27#define RPMSG_DEV_MAX (MINORMASK + 1) 28 29static dev_t rpmsg_major; 30static struct class *rpmsg_class; 31 32static DEFINE_IDA(rpmsg_ctrl_ida); 33static DEFINE_IDA(rpmsg_ept_ida); 34static DEFINE_IDA(rpmsg_minor_ida); 35 36#define dev_to_eptdev(dev) container_of(dev, struct rpmsg_eptdev, dev) 37#define cdev_to_eptdev(i_cdev) container_of(i_cdev, struct rpmsg_eptdev, cdev) 38 39#define dev_to_ctrldev(dev) container_of(dev, struct rpmsg_ctrldev, dev) 40#define cdev_to_ctrldev(i_cdev) container_of(i_cdev, struct rpmsg_ctrldev, cdev) 41 42/** 43 * struct rpmsg_ctrldev - control device for instantiating endpoint devices 44 * @rpdev: underlaying rpmsg device 45 * @cdev: cdev for the ctrl device 46 * @dev: device for the ctrl device 47 */ 48struct rpmsg_ctrldev { 49 struct rpmsg_device *rpdev; 50 struct cdev cdev; 51 struct device dev; 52}; 53 54/** 55 * struct rpmsg_eptdev - endpoint device context 56 * @dev: endpoint device 57 * @cdev: cdev for the endpoint device 58 * @rpdev: underlaying rpmsg device 59 * @chinfo: info used to open the endpoint 60 * @ept_lock: synchronization of @ept modifications 61 * @ept: rpmsg endpoint reference, when open 62 * @queue_lock: synchronization of @queue operations 63 * @queue: incoming message queue 64 * @readq: wait object for incoming queue 65 */ 66struct rpmsg_eptdev { 67 struct device dev; 68 struct cdev cdev; 69 70 struct rpmsg_device *rpdev; 71 struct rpmsg_channel_info chinfo; 72 73 struct mutex ept_lock; 74 struct rpmsg_endpoint *ept; 75 76 spinlock_t queue_lock; 77 struct sk_buff_head queue; 78 wait_queue_head_t readq; 79}; 80 81static int rpmsg_eptdev_destroy(struct device *dev, void *data) 82{ 83 struct rpmsg_eptdev *eptdev = dev_to_eptdev(dev); 84 85 mutex_lock(&eptdev->ept_lock); 86 if (eptdev->ept) { 87 rpmsg_destroy_ept(eptdev->ept); 88 eptdev->ept = NULL; 89 } 90 mutex_unlock(&eptdev->ept_lock); 91 92 /* wake up any blocked readers */ 93 wake_up_interruptible(&eptdev->readq); 94 95 cdev_device_del(&eptdev->cdev, &eptdev->dev); 96 put_device(&eptdev->dev); 97 98 return 0; 99} 100 101static int rpmsg_ept_cb(struct rpmsg_device *rpdev, void *buf, int len, 102 void *priv, u32 addr) 103{ 104 struct rpmsg_eptdev *eptdev = priv; 105 struct sk_buff *skb; 106 107 skb = alloc_skb(len, GFP_ATOMIC); 108 if (!skb) 109 return -ENOMEM; 110 111 skb_put_data(skb, buf, len); 112 113 spin_lock(&eptdev->queue_lock); 114 skb_queue_tail(&eptdev->queue, skb); 115 spin_unlock(&eptdev->queue_lock); 116 117 /* wake up any blocking processes, waiting for new data */ 118 wake_up_interruptible(&eptdev->readq); 119 120 return 0; 121} 122 123static int rpmsg_eptdev_open(struct inode *inode, struct file *filp) 124{ 125 struct rpmsg_eptdev *eptdev = cdev_to_eptdev(inode->i_cdev); 126 struct rpmsg_endpoint *ept; 127 struct rpmsg_device *rpdev = eptdev->rpdev; 128 struct device *dev = &eptdev->dev; 129 130 get_device(dev); 131 132 ept = rpmsg_create_ept(rpdev, rpmsg_ept_cb, eptdev, eptdev->chinfo); 133 if (!ept) { 134 dev_err(dev, "failed to open %s\n", eptdev->chinfo.name); 135 put_device(dev); 136 return -EINVAL; 137 } 138 139 eptdev->ept = ept; 140 filp->private_data = eptdev; 141 142 return 0; 143} 144 145static int rpmsg_eptdev_release(struct inode *inode, struct file *filp) 146{ 147 struct rpmsg_eptdev *eptdev = cdev_to_eptdev(inode->i_cdev); 148 struct device *dev = &eptdev->dev; 149 150 /* Close the endpoint, if it's not already destroyed by the parent */ 151 mutex_lock(&eptdev->ept_lock); 152 if (eptdev->ept) { 153 rpmsg_destroy_ept(eptdev->ept); 154 eptdev->ept = NULL; 155 } 156 mutex_unlock(&eptdev->ept_lock); 157 158 /* Discard all SKBs */ 159 skb_queue_purge(&eptdev->queue); 160 161 put_device(dev); 162 163 return 0; 164} 165 166static ssize_t rpmsg_eptdev_read_iter(struct kiocb *iocb, struct iov_iter *to) 167{ 168 struct file *filp = iocb->ki_filp; 169 struct rpmsg_eptdev *eptdev = filp->private_data; 170 unsigned long flags; 171 struct sk_buff *skb; 172 int use; 173 174 if (!eptdev->ept) 175 return -EPIPE; 176 177 spin_lock_irqsave(&eptdev->queue_lock, flags); 178 179 /* Wait for data in the queue */ 180 if (skb_queue_empty(&eptdev->queue)) { 181 spin_unlock_irqrestore(&eptdev->queue_lock, flags); 182 183 if (filp->f_flags & O_NONBLOCK) 184 return -EAGAIN; 185 186 /* Wait until we get data or the endpoint goes away */ 187 if (wait_event_interruptible(eptdev->readq, 188 !skb_queue_empty(&eptdev->queue) || 189 !eptdev->ept)) 190 return -ERESTARTSYS; 191 192 /* We lost the endpoint while waiting */ 193 if (!eptdev->ept) 194 return -EPIPE; 195 196 spin_lock_irqsave(&eptdev->queue_lock, flags); 197 } 198 199 skb = skb_dequeue(&eptdev->queue); 200 spin_unlock_irqrestore(&eptdev->queue_lock, flags); 201 if (!skb) 202 return -EFAULT; 203 204 use = min_t(size_t, iov_iter_count(to), skb->len); 205 if (copy_to_iter(skb->data, use, to) != use) 206 use = -EFAULT; 207 208 kfree_skb(skb); 209 210 return use; 211} 212 213static ssize_t rpmsg_eptdev_write_iter(struct kiocb *iocb, 214 struct iov_iter *from) 215{ 216 struct file *filp = iocb->ki_filp; 217 struct rpmsg_eptdev *eptdev = filp->private_data; 218 size_t len = iov_iter_count(from); 219 void *kbuf; 220 int ret; 221 222 kbuf = kzalloc(len, GFP_KERNEL); 223 if (!kbuf) 224 return -ENOMEM; 225 226 if (!copy_from_iter_full(kbuf, len, from)) { 227 ret = -EFAULT; 228 goto free_kbuf; 229 } 230 231 if (mutex_lock_interruptible(&eptdev->ept_lock)) { 232 ret = -ERESTARTSYS; 233 goto free_kbuf; 234 } 235 236 if (!eptdev->ept) { 237 ret = -EPIPE; 238 goto unlock_eptdev; 239 } 240 241 if (filp->f_flags & O_NONBLOCK) 242 ret = rpmsg_trysend(eptdev->ept, kbuf, len); 243 else 244 ret = rpmsg_send(eptdev->ept, kbuf, len); 245 246unlock_eptdev: 247 mutex_unlock(&eptdev->ept_lock); 248 249free_kbuf: 250 kfree(kbuf); 251 return ret < 0 ? ret : len; 252} 253 254static __poll_t rpmsg_eptdev_poll(struct file *filp, poll_table *wait) 255{ 256 struct rpmsg_eptdev *eptdev = filp->private_data; 257 __poll_t mask = 0; 258 259 if (!eptdev->ept) 260 return EPOLLERR; 261 262 poll_wait(filp, &eptdev->readq, wait); 263 264 if (!skb_queue_empty(&eptdev->queue)) 265 mask |= EPOLLIN | EPOLLRDNORM; 266 267 mask |= rpmsg_poll(eptdev->ept, filp, wait); 268 269 return mask; 270} 271 272static long rpmsg_eptdev_ioctl(struct file *fp, unsigned int cmd, 273 unsigned long arg) 274{ 275 struct rpmsg_eptdev *eptdev = fp->private_data; 276 277 if (cmd != RPMSG_DESTROY_EPT_IOCTL) 278 return -EINVAL; 279 280 return rpmsg_eptdev_destroy(&eptdev->dev, NULL); 281} 282 283static const struct file_operations rpmsg_eptdev_fops = { 284 .owner = THIS_MODULE, 285 .open = rpmsg_eptdev_open, 286 .release = rpmsg_eptdev_release, 287 .read_iter = rpmsg_eptdev_read_iter, 288 .write_iter = rpmsg_eptdev_write_iter, 289 .poll = rpmsg_eptdev_poll, 290 .unlocked_ioctl = rpmsg_eptdev_ioctl, 291 .compat_ioctl = compat_ptr_ioctl, 292}; 293 294static ssize_t name_show(struct device *dev, struct device_attribute *attr, 295 char *buf) 296{ 297 struct rpmsg_eptdev *eptdev = dev_get_drvdata(dev); 298 299 return sprintf(buf, "%s\n", eptdev->chinfo.name); 300} 301static DEVICE_ATTR_RO(name); 302 303static ssize_t src_show(struct device *dev, struct device_attribute *attr, 304 char *buf) 305{ 306 struct rpmsg_eptdev *eptdev = dev_get_drvdata(dev); 307 308 return sprintf(buf, "%d\n", eptdev->chinfo.src); 309} 310static DEVICE_ATTR_RO(src); 311 312static ssize_t dst_show(struct device *dev, struct device_attribute *attr, 313 char *buf) 314{ 315 struct rpmsg_eptdev *eptdev = dev_get_drvdata(dev); 316 317 return sprintf(buf, "%d\n", eptdev->chinfo.dst); 318} 319static DEVICE_ATTR_RO(dst); 320 321static struct attribute *rpmsg_eptdev_attrs[] = { 322 &dev_attr_name.attr, 323 &dev_attr_src.attr, 324 &dev_attr_dst.attr, 325 NULL 326}; 327ATTRIBUTE_GROUPS(rpmsg_eptdev); 328 329static void rpmsg_eptdev_release_device(struct device *dev) 330{ 331 struct rpmsg_eptdev *eptdev = dev_to_eptdev(dev); 332 333 ida_simple_remove(&rpmsg_ept_ida, dev->id); 334 ida_simple_remove(&rpmsg_minor_ida, MINOR(eptdev->dev.devt)); 335 kfree(eptdev); 336} 337 338static int rpmsg_eptdev_create(struct rpmsg_ctrldev *ctrldev, 339 struct rpmsg_channel_info chinfo) 340{ 341 struct rpmsg_device *rpdev = ctrldev->rpdev; 342 struct rpmsg_eptdev *eptdev; 343 struct device *dev; 344 int ret; 345 346 eptdev = kzalloc(sizeof(*eptdev), GFP_KERNEL); 347 if (!eptdev) 348 return -ENOMEM; 349 350 dev = &eptdev->dev; 351 eptdev->rpdev = rpdev; 352 eptdev->chinfo = chinfo; 353 354 mutex_init(&eptdev->ept_lock); 355 spin_lock_init(&eptdev->queue_lock); 356 skb_queue_head_init(&eptdev->queue); 357 init_waitqueue_head(&eptdev->readq); 358 359 device_initialize(dev); 360 dev->class = rpmsg_class; 361 dev->parent = &ctrldev->dev; 362 dev->groups = rpmsg_eptdev_groups; 363 dev_set_drvdata(dev, eptdev); 364 365 cdev_init(&eptdev->cdev, &rpmsg_eptdev_fops); 366 eptdev->cdev.owner = THIS_MODULE; 367 368 ret = ida_simple_get(&rpmsg_minor_ida, 0, RPMSG_DEV_MAX, GFP_KERNEL); 369 if (ret < 0) 370 goto free_eptdev; 371 dev->devt = MKDEV(MAJOR(rpmsg_major), ret); 372 373 ret = ida_simple_get(&rpmsg_ept_ida, 0, 0, GFP_KERNEL); 374 if (ret < 0) 375 goto free_minor_ida; 376 dev->id = ret; 377 dev_set_name(dev, "rpmsg%d", ret); 378 379 ret = cdev_device_add(&eptdev->cdev, &eptdev->dev); 380 if (ret) 381 goto free_ept_ida; 382 383 /* We can now rely on the release function for cleanup */ 384 dev->release = rpmsg_eptdev_release_device; 385 386 return ret; 387 388free_ept_ida: 389 ida_simple_remove(&rpmsg_ept_ida, dev->id); 390free_minor_ida: 391 ida_simple_remove(&rpmsg_minor_ida, MINOR(dev->devt)); 392free_eptdev: 393 put_device(dev); 394 kfree(eptdev); 395 396 return ret; 397} 398 399static int rpmsg_ctrldev_open(struct inode *inode, struct file *filp) 400{ 401 struct rpmsg_ctrldev *ctrldev = cdev_to_ctrldev(inode->i_cdev); 402 403 get_device(&ctrldev->dev); 404 filp->private_data = ctrldev; 405 406 return 0; 407} 408 409static int rpmsg_ctrldev_release(struct inode *inode, struct file *filp) 410{ 411 struct rpmsg_ctrldev *ctrldev = cdev_to_ctrldev(inode->i_cdev); 412 413 put_device(&ctrldev->dev); 414 415 return 0; 416} 417 418static long rpmsg_ctrldev_ioctl(struct file *fp, unsigned int cmd, 419 unsigned long arg) 420{ 421 struct rpmsg_ctrldev *ctrldev = fp->private_data; 422 void __user *argp = (void __user *)arg; 423 struct rpmsg_endpoint_info eptinfo; 424 struct rpmsg_channel_info chinfo; 425 426 if (cmd != RPMSG_CREATE_EPT_IOCTL) 427 return -EINVAL; 428 429 if (copy_from_user(&eptinfo, argp, sizeof(eptinfo))) 430 return -EFAULT; 431 432 memcpy(chinfo.name, eptinfo.name, RPMSG_NAME_SIZE); 433 chinfo.name[RPMSG_NAME_SIZE-1] = '\0'; 434 chinfo.src = eptinfo.src; 435 chinfo.dst = eptinfo.dst; 436 437 return rpmsg_eptdev_create(ctrldev, chinfo); 438}; 439 440static const struct file_operations rpmsg_ctrldev_fops = { 441 .owner = THIS_MODULE, 442 .open = rpmsg_ctrldev_open, 443 .release = rpmsg_ctrldev_release, 444 .unlocked_ioctl = rpmsg_ctrldev_ioctl, 445 .compat_ioctl = compat_ptr_ioctl, 446}; 447 448static void rpmsg_ctrldev_release_device(struct device *dev) 449{ 450 struct rpmsg_ctrldev *ctrldev = dev_to_ctrldev(dev); 451 452 ida_simple_remove(&rpmsg_ctrl_ida, dev->id); 453 ida_simple_remove(&rpmsg_minor_ida, MINOR(dev->devt)); 454 kfree(ctrldev); 455} 456 457static int rpmsg_chrdev_probe(struct rpmsg_device *rpdev) 458{ 459 struct rpmsg_ctrldev *ctrldev; 460 struct device *dev; 461 int ret; 462 463 ctrldev = kzalloc(sizeof(*ctrldev), GFP_KERNEL); 464 if (!ctrldev) 465 return -ENOMEM; 466 467 ctrldev->rpdev = rpdev; 468 469 dev = &ctrldev->dev; 470 device_initialize(dev); 471 dev->parent = &rpdev->dev; 472 dev->class = rpmsg_class; 473 474 cdev_init(&ctrldev->cdev, &rpmsg_ctrldev_fops); 475 ctrldev->cdev.owner = THIS_MODULE; 476 477 ret = ida_simple_get(&rpmsg_minor_ida, 0, RPMSG_DEV_MAX, GFP_KERNEL); 478 if (ret < 0) 479 goto free_ctrldev; 480 dev->devt = MKDEV(MAJOR(rpmsg_major), ret); 481 482 ret = ida_simple_get(&rpmsg_ctrl_ida, 0, 0, GFP_KERNEL); 483 if (ret < 0) 484 goto free_minor_ida; 485 dev->id = ret; 486 dev_set_name(&ctrldev->dev, "rpmsg_ctrl%d", ret); 487 488 ret = cdev_device_add(&ctrldev->cdev, &ctrldev->dev); 489 if (ret) 490 goto free_ctrl_ida; 491 492 /* We can now rely on the release function for cleanup */ 493 dev->release = rpmsg_ctrldev_release_device; 494 495 dev_set_drvdata(&rpdev->dev, ctrldev); 496 497 return ret; 498 499free_ctrl_ida: 500 ida_simple_remove(&rpmsg_ctrl_ida, dev->id); 501free_minor_ida: 502 ida_simple_remove(&rpmsg_minor_ida, MINOR(dev->devt)); 503free_ctrldev: 504 put_device(dev); 505 kfree(ctrldev); 506 507 return ret; 508} 509 510static void rpmsg_chrdev_remove(struct rpmsg_device *rpdev) 511{ 512 struct rpmsg_ctrldev *ctrldev = dev_get_drvdata(&rpdev->dev); 513 int ret; 514 515 /* Destroy all endpoints */ 516 ret = device_for_each_child(&ctrldev->dev, NULL, rpmsg_eptdev_destroy); 517 if (ret) 518 dev_warn(&rpdev->dev, "failed to nuke endpoints: %d\n", ret); 519 520 cdev_device_del(&ctrldev->cdev, &ctrldev->dev); 521 put_device(&ctrldev->dev); 522} 523 524static struct rpmsg_driver rpmsg_chrdev_driver = { 525 .probe = rpmsg_chrdev_probe, 526 .remove = rpmsg_chrdev_remove, 527 .drv = { 528 .name = "rpmsg_chrdev", 529 }, 530}; 531 532static int rpmsg_char_init(void) 533{ 534 int ret; 535 536 ret = alloc_chrdev_region(&rpmsg_major, 0, RPMSG_DEV_MAX, "rpmsg"); 537 if (ret < 0) { 538 pr_err("rpmsg: failed to allocate char dev region\n"); 539 return ret; 540 } 541 542 rpmsg_class = class_create(THIS_MODULE, "rpmsg"); 543 if (IS_ERR(rpmsg_class)) { 544 pr_err("failed to create rpmsg class\n"); 545 unregister_chrdev_region(rpmsg_major, RPMSG_DEV_MAX); 546 return PTR_ERR(rpmsg_class); 547 } 548 549 ret = register_rpmsg_driver(&rpmsg_chrdev_driver); 550 if (ret < 0) { 551 pr_err("rpmsgchr: failed to register rpmsg driver\n"); 552 class_destroy(rpmsg_class); 553 unregister_chrdev_region(rpmsg_major, RPMSG_DEV_MAX); 554 } 555 556 return ret; 557} 558postcore_initcall(rpmsg_char_init); 559 560static void rpmsg_chrdev_exit(void) 561{ 562 unregister_rpmsg_driver(&rpmsg_chrdev_driver); 563 class_destroy(rpmsg_class); 564 unregister_chrdev_region(rpmsg_major, RPMSG_DEV_MAX); 565} 566module_exit(rpmsg_chrdev_exit); 567 568MODULE_ALIAS("rpmsg:rpmsg_chrdev"); 569MODULE_LICENSE("GPL v2"); 570