During removal of the glink edge interrupts are disabled and no more
incoming messages are being serviced. In addition to the remote endpoint
being defunct that means that any outstanding requests for intents will
not be serviced, and qcom_glink_request_intent() will blindly wait for
up to 10 seconds.
Mark the intent request as not granted and complete the intent request
completion to fail the waiting client immediately.
Once the current intent request is failed, any potential clients waiting
for the intent request mutex will not enter the same wait, as the
qcom_glink_tx() call will fail fast.
Reviewed-by: Chris Lew <quic_clew@quicinc.com>
Signed-off-by: Bjorn Andersson <quic_bjorande@quicinc.com>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20230213155215.1237059-7-quic_bjorande@quicinc.com
Upon removing the glink edge, communication is at best one-way. This
means that the very common scenario of glink requesting intents will not
be possible to serve.
Typically a successful transmission results in the client waiting for a
response, with some timeout and a mechanism for aborting that timeout.
Because of this, once the glink edge is defunct once removal is
commenced it's better to fail transmissions fast.
Reviewed-by: Chris Lew <quic_clew@quicinc.com>
Signed-off-by: Bjorn Andersson <quic_bjorande@quicinc.com>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20230213155215.1237059-6-quic_bjorande@quicinc.com
Not all GLINK transports uses an interrupt and a mailbox instance. The
interrupt for RPM needs to be IRQF_NOSUSPEND, while it seems reasonable
for the SMEM interrupt to use irq_set_wake. The glink struct device is
constructed in the SMEM and RPM drivers but torn down in the core
driver.
Move the interrupt and kick handling into the SMEM and RPM driver, to
improve this and facilitate further improvements.
Signed-off-by: Bjorn Andersson <quic_bjorande@quicinc.com>
Reviewed-by: Chris Lew <quic_clew@quicinc.com>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20230213155215.1237059-5-quic_bjorande@quicinc.com
Replace zero-length array with flexible-array member and make use
of the struct_size() helper in kzalloc(). For example:
struct glink_defer_cmd {
struct list_head node;
struct glink_msg msg;
u8 data[];
};
Make use of the struct_size() helper instead of an open-coded version
in order to avoid any potential type mistakes.
Reported-by: Zeal Robot <zealci@zte.com.cn>
Signed-off-by: Minghao Chi (CGEL ZTE) <chi.minghao@zte.com.cn>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Link: https://lore.kernel.org/r/20220216030720.1839503-1-chi.minghao@zte.com.cn
When the endpoint device is created by the application, a destination
address is specified in the rpmsg_channel_info structure. Since the
rpmsg_endpoint structure does not store the destination address,
this destination address must be specified when sending a message.
Replaces rpmsg_send with rpmsg_sendto to allow to specify the
destination address. This implementation is requested for compatibly with
some rpmsg backends like the virtio backend.
For this, the GLINK an SMD drivers have been updated to support the
rpmsg_sendto, even if the destination address is ignored for these
backends. For these drivers, the rpmsg_send and rpmsg_trysend ops are
preserved to avoid breaking the legacy.
Signed-off-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Reviewed-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Link: https://lore.kernel.org/r/20210311140413.31725-5-arnaud.pouliquen@foss.st.com
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Pull rpmsg updates from Bjorn Andersson:
"This introduces rpmsg_char support for GLINK and fixes a few issues"
* tag 'rpmsg-v5.10' of git://git.kernel.org/pub/scm/linux/kernel/git/andersson/remoteproc:
rpmsg: glink: Expose rpmsg name attr for glink
rpmsg: glink: Add support for rpmsg glink chrdev
rpmsg: Guard against null endpoint ops in destroy
rpmsg: glink: Use complete_all for open states
rpmsg: virtio: fix compilation warning for virtio_rpmsg_channel description
rpmsg: Avoid double-free in mtk_rpmsg_register_device
rpmsg: smd: Fix a kobj leak in in qcom_smd_parse_edge()
Attempting to transmit rx_done messages after the GLINK instance is
being torn down will cause use after free and memory leaks. So cancel
the intent_work and free up the pending intents.
With this there are no concurrent accessors of the channel left during
qcom_glink_native_remove() and there is therefor no need to hold the
spinlock during this operation - which would prohibit the use of
cancel_work_sync() in the release function. So remove this.
Fixes: 1d2ea36eea ("rpmsg: glink: Add rx done command")
Cc: stable@vger.kernel.org
Acked-by: Chris Lew <clew@codeaurora.org>
Tested-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
The device release function is set before registering with rpmsg. If
rpmsg registration fails, the framework will call device_put(), which
invokes the release function. The channel create logic does not need to
free rpdev if rpmsg_register_device() fails and release is called.
Fixes: b4f8e52b89 ("rpmsg: Introduce Qualcomm RPM glink driver")
Cc: stable@vger.kernel.org
Tested-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Signed-off-by: Chris Lew <clew@codeaurora.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
In a remote processor crash scenario, there is no guarantee the remote
processor sent close requests before it went into a bad state. Remove
the reference that is normally handled by the close command in the
so channel resources can be released.
Fixes: b4f8e52b89 ("rpmsg: Introduce Qualcomm RPM glink driver")
Cc: stable@vger.kernel.org
Tested-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Signed-off-by: Chris Lew <clew@codeaurora.org>
Reported-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Extra channel reference put when remote sending OPEN_ACK after timeout
causes use-after-free while handling next remote CLOSE command.
Remove extra reference put in timeout case to avoid use-after-free.
Fixes: b4f8e52b89 ("rpmsg: Introduce Qualcomm RPM glink driver")
Cc: stable@vger.kernel.org
Tested-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Signed-off-by: Arun Kumar Neelakantam <aneela@codeaurora.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
One of the more common cases of allocation size calculations is finding
the size of a structure that has a zero-sized array at the end, along
with memory for some number of elements for that array. For example:
struct {
...
struct intent_pair intents[];
} __packed * msg;
Make use of the struct_size() helper instead of an open-coded version
in order to avoid any potential type mistakes.
So, replace the following form:
sizeof(*msg) + sizeof(struct intent_pair) * count
with:
struct_size(msg, intents, count)
This code was detected with the help of Coccinelle.
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
It is possible for the chunk sizes coming from the non RPM remote procs
to not be word aligned. Remove the alignment warning and continue to
read from the FIFO so execution is not stalled.
Signed-off-by: Chris Lew <clew@codeaurora.org>
Signed-off-by: Arun Kumar Neelakantam <aneela@codeaurora.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Channels may need to identify the edge their channel was probed for.
Store the edge name by reading the label property from device tree or
default to the node name.
Signed-off-by: Chris Lew <clew@codeaurora.org>
Signed-off-by: Arun Kumar Neelakantam <aneela@codeaurora.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Fix below kerneldoc warnings while building with W=1
qcom_glink_native.c:53: warning: Function parameter or member 'data' not described in 'glink_defer_cmd'
qcom_glink_native.c:75: warning: Function parameter or member 'data' not described in 'glink_core_rx_intent'
qcom_glink_native.c:75: warning: Function parameter or member 'id' not described in 'glink_core_rx_intent'
qcom_glink_native.c:75: warning: Function parameter or member 'size' not described in 'glink_core_rx_intent'
qcom_glink_native.c:75: warning: Function parameter or member 'reuse' not described in 'glink_core_rx_intent'
qcom_glink_native.c:75: warning: Function parameter or member 'in_use' not described in 'glink_core_rx_intent'
qcom_glink_native.c:75: warning: Function parameter or member 'offset' not described in 'glink_core_rx_intent'
qcom_glink_native.c:75: warning: Function parameter or member 'node' not described in 'glink_core_rx_intent'
qcom_glink_native.c:116: warning: Function parameter or member 'features' not described in 'qcom_glink'
qcom_glink_native.c:116: warning: Function parameter or member 'intentless' not described in 'qcom_glink'
qcom_glink_native.c:524: warning: Function parameter or member 'version' not described in 'qcom_glink_receive_version'
qcom_glink_native.c:524: warning: Function parameter or member 'features' not described in 'qcom_glink_receive_version'
qcom_glink_native.c:524: warning: Excess function parameter 'r_version' description in 'qcom_glink_receive_version'
qcom_glink_native.c:524: warning: Excess function parameter 'r_features' description in 'qcom_glink_receive_version'
qcom_glink_native.c:551: warning: Function parameter or member 'version' not described in 'qcom_glink_receive_version_ack'
qcom_glink_native.c:551: warning: Function parameter or member 'features' not described in 'qcom_glink_receive_version_ack'
qcom_glink_native.c:551: warning: Excess function parameter 'r_version' description in 'qcom_glink_receive_version_ack'
qcom_glink_native.c:551: warning: Excess function parameter 'r_features' description in 'qcom_glink_receive_version_ack'
qcom_glink_native.c:570: warning: bad line: wire format and transmit
qcom_glink_native.c:604: warning: Function parameter or member 'intent' not described in 'qcom_glink_advertise_intent'
qcom_glink_native.c:604: warning: Excess function parameter 'size' description in 'qcom_glink_advertise_intent'
qcom_glink_native.c:710: warning: Function parameter or member 'glink' not described in 'qcom_glink_handle_intent_req'
qcom_glink_native.c:710: warning: Function parameter or member 'cid' not described in 'qcom_glink_handle_intent_req'
qcom_glink_native.c:710: warning: Function parameter or member 'size' not described in 'qcom_glink_handle_intent_req'
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
As intent structure members are not correctly annotated, leading to below warnings
qcom_glink_native.c:614:16: warning: incorrect type in assignment (different base types)
qcom_glink_native.c:614:16: expected unsigned short [unsigned] [usertype] id
qcom_glink_native.c:614:16: got restricted __le16 [usertype] <noident>
qcom_glink_native.c:615:18: warning: incorrect type in assignment (different base types)
qcom_glink_native.c:615:18: expected unsigned short [unsigned] [usertype] lcid
qcom_glink_native.c:615:18: got restricted __le16 [usertype] <noident>
qcom_glink_native.c:616:19: warning: incorrect type in assignment (different base types)
qcom_glink_native.c:616:19: expected unsigned int [unsigned] [usertype] count
qcom_glink_native.c:616:19: got restricted __le32 [usertype] <noident>
qcom_glink_native.c:617:18: warning: incorrect type in assignment (different base types)
qcom_glink_native.c:617:18: expected unsigned int [unsigned] [usertype] size
qcom_glink_native.c:617:18: got restricted __le32 [usertype] <noident>
qcom_glink_native.c:618:18: warning: incorrect type in assignment (different base types)
qcom_glink_native.c:618:18: expected unsigned int [unsigned] [usertype] liid
qcom_glink_native.c:618:18: got restricted __le32 [usertype] <noident>
Fix this by correctly annotating them.
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Use the appropriate SPDX license identifier in various rpmsg
glink driver source files and drop the previous boilerplate
license text.
Signed-off-by: Suman Anna <s-anna@ti.com>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Switch the tx_lock to a spinlock we allow clients to use rpmsg_trysend()
from atomic context.
In order to allow clients to sleep while waiting for space in the FIFO
we release the lock temporarily around the delay; which should be
replaced by sending a READ_NOTIF and waiting for the remote to signal
us that space has been made available.
Tested-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
qcom_glink_alloc_channel() allocates the mutex but not initialize it.
Use mutex_init() on it to initialize it correctly.
This is detected by Coccinelle semantic patch.
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
As the GLINK driver is ticking the txdone of the mailbox channel (to
implement the doorbell) it needs to set knows_txdone.
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Intents can vary in size, try to find the best fitting remote intent
instead of first fit when sending a message to the remote proc.
Signed-off-by: Chris Lew <clew@codeaurora.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
The base intents prequeued during channel creation may not satisfy a
channel's throughput requirement. Add support for intents dt-binding to
allow channels to specify the size and amount of intents to prequeue
during endpoint announcement.
Signed-off-by: Chris Lew <clew@codeaurora.org>
[bjorn: Altered how defaults are expressed]
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
The "intent_req_comp" variable is used without initialization which
results in NULL pointer dereference in qcom_glink_request_intent().
we need to initialize the completion variable before using it.
Fixes: 27b9c5b66b ("rpmsg: glink: Request for intents when unavailable")
Signed-off-by: Arun Kumar Neelakantam <aneela@codeaurora.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
The new switch cases for RPM_CMD_RX_DONE, RPM_CMD_RX_DONE_W_REUSE,
RPM_CMD_RX_INTENT_REQ_ACK, RPM_CMD_INTENT and RPM_CMD_RX_INTENT_REQ from
4 recent commits are not setting ret and so a later non-zero check on ret
is testing on a garbage value in ret. Fix this by initializing ret to zero.
Detected by CoverityScan CID#1455249 ("Uninitialized scalar variable")
Fixes: 933b45da5d ("rpmsg: glink: Add support for TX intents)
Fixes: dacbb35e93 ("glink: Receive and store the remote intent buffers")
Fixes: 27b9c5b66b ("rpmsg: glink: Request for intents when unavailable")
Fixes: 88c6060f5a ("rpmsg: glink: Handle remote rx done command")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
In the case where glink->intentless is true and the call
to qcom_glink_tx fails then we have a condition where ret is
non-zero and intent is null, causing a null pointer deference
when setting intent->in_use to false. Add an extra check to
only dereference intent if intent is non-null.
Detected by: CoverityScan CID#1455247 ("Explicit null dereferenced")
Fixes: 88c6060f5a ("rpmsg: glink: Handle remote rx done command")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
The common code needs to export the probe and remove symbols in order
for the SMEM and RPM drivers to access them when compiled as a module.
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
