2 * Remote Processor Framework
4 * Copyright (C) 2011 Texas Instruments, Inc.
5 * Copyright (C) 2011 Google, Inc.
7 * Ohad Ben-Cohen <ohad@wizery.com>
8 * Brian Swetland <swetland@google.com>
9 * Mark Grosen <mgrosen@ti.com>
10 * Fernando Guzman Lugo <fernando.lugo@ti.com>
11 * Suman Anna <s-anna@ti.com>
12 * Robert Tivy <rtivy@ti.com>
13 * Armando Uribe De Leon <x0095078@ti.com>
15 * This program is free software; you can redistribute it and/or
16 * modify it under the terms of the GNU General Public License
17 * version 2 as published by the Free Software Foundation.
19 * This program is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU General Public License for more details.
25 #define pr_fmt(fmt) "%s: " fmt, __func__
27 #include <linux/kernel.h>
28 #include <linux/module.h>
29 #include <linux/device.h>
30 #include <linux/slab.h>
31 #include <linux/mutex.h>
32 #include <linux/dma-mapping.h>
33 #include <linux/firmware.h>
34 #include <linux/string.h>
35 #include <linux/debugfs.h>
36 #include <linux/remoteproc.h>
37 #include <linux/iommu.h>
38 #include <linux/klist.h>
39 #include <linux/elf.h>
40 #include <linux/virtio_ids.h>
41 #include <linux/virtio_ring.h>
43 #include "remoteproc_internal.h"
45 static void klist_rproc_get(struct klist_node *n);
46 static void klist_rproc_put(struct klist_node *n);
49 * klist of the available remote processors.
51 * We need this in order to support name-based lookups (needed by the
52 * rproc_get_by_name()).
54 * That said, we don't use rproc_get_by_name() anymore within the rpmsg
55 * framework. The use cases that do require its existence should be
56 * scrutinized, and hopefully migrated to rproc_boot() using device-based
59 * If/when this materializes, we could drop the klist (and the by_name
62 static DEFINE_KLIST(rprocs, klist_rproc_get, klist_rproc_put);
64 typedef int (*rproc_handle_resources_t)(struct rproc *rproc,
65 struct fw_resource *rsc, int len);
68 * This is the IOMMU fault handler we register with the IOMMU API
69 * (when relevant; not all remote processors access memory through
72 * IOMMU core will invoke this handler whenever the remote processor
73 * will try to access an unmapped device address.
75 * Currently this is mostly a stub, but it will be later used to trigger
76 * the recovery of the remote processor.
78 static int rproc_iommu_fault(struct iommu_domain *domain, struct device *dev,
79 unsigned long iova, int flags)
81 dev_err(dev, "iommu fault: da 0x%lx flags 0x%x\n", iova, flags);
84 * Let the iommu core know we're not really handling this fault;
85 * we just plan to use this as a recovery trigger.
90 static int rproc_enable_iommu(struct rproc *rproc)
92 struct iommu_domain *domain;
93 struct device *dev = rproc->dev;
97 * We currently use iommu_present() to decide if an IOMMU
100 * This works for simple cases, but will easily fail with
101 * platforms that do have an IOMMU, but not for this specific
104 * This will be easily solved by introducing hw capabilities
105 * that will be set by the remoteproc driver.
107 if (!iommu_present(dev->bus)) {
108 dev_err(dev, "iommu not found\n");
112 domain = iommu_domain_alloc(dev->bus);
114 dev_err(dev, "can't alloc iommu domain\n");
118 iommu_set_fault_handler(domain, rproc_iommu_fault);
120 ret = iommu_attach_device(domain, dev);
122 dev_err(dev, "can't attach iommu device: %d\n", ret);
126 rproc->domain = domain;
131 iommu_domain_free(domain);
135 static void rproc_disable_iommu(struct rproc *rproc)
137 struct iommu_domain *domain = rproc->domain;
138 struct device *dev = rproc->dev;
143 iommu_detach_device(domain, dev);
144 iommu_domain_free(domain);
150 * Some remote processors will ask us to allocate them physically contiguous
151 * memory regions (which we call "carveouts"), and map them to specific
152 * device addresses (which are hardcoded in the firmware).
154 * They may then ask us to copy objects into specific device addresses (e.g.
155 * code/data sections) or expose us certain symbols in other device address
156 * (e.g. their trace buffer).
158 * This function is an internal helper with which we can go over the allocated
159 * carveouts and translate specific device address to kernel virtual addresses
160 * so we can access the referenced memory.
162 * Note: phys_to_virt(iommu_iova_to_phys(rproc->domain, da)) will work too,
163 * but only on kernel direct mapped RAM memory. Instead, we're just using
164 * here the output of the DMA API, which should be more correct.
166 static void *rproc_da_to_va(struct rproc *rproc, u64 da, int len)
168 struct rproc_mem_entry *carveout;
171 list_for_each_entry(carveout, &rproc->carveouts, node) {
172 int offset = da - carveout->da;
174 /* try next carveout if da is too small */
178 /* try next carveout if da is too large */
179 if (offset + len > carveout->len)
182 ptr = carveout->va + offset;
191 * rproc_load_segments() - load firmware segments to memory
192 * @rproc: remote processor which will be booted using these fw segments
193 * @elf_data: the content of the ELF firmware image
195 * This function loads the firmware segments to memory, where the remote
196 * processor expects them.
198 * Some remote processors will expect their code and data to be placed
199 * in specific device addresses, and can't have them dynamically assigned.
201 * We currently support only those kind of remote processors, and expect
202 * the program header's paddr member to contain those addresses. We then go
203 * through the physically contiguous "carveout" memory regions which we
204 * allocated (and mapped) earlier on behalf of the remote processor,
205 * and "translate" device address to kernel addresses, so we can copy the
206 * segments where they are expected.
208 * Currently we only support remote processors that required carveout
209 * allocations and got them mapped onto their iommus. Some processors
210 * might be different: they might not have iommus, and would prefer to
211 * directly allocate memory for every segment/resource. This is not yet
214 static int rproc_load_segments(struct rproc *rproc, const u8 *elf_data)
216 struct device *dev = rproc->dev;
217 struct elf32_hdr *ehdr;
218 struct elf32_phdr *phdr;
221 ehdr = (struct elf32_hdr *)elf_data;
222 phdr = (struct elf32_phdr *)(elf_data + ehdr->e_phoff);
224 /* go through the available ELF segments */
225 for (i = 0; i < ehdr->e_phnum; i++, phdr++) {
226 u32 da = phdr->p_paddr;
227 u32 memsz = phdr->p_memsz;
228 u32 filesz = phdr->p_filesz;
231 if (phdr->p_type != PT_LOAD)
234 dev_dbg(dev, "phdr: type %d da 0x%x memsz 0x%x filesz 0x%x\n",
235 phdr->p_type, da, memsz, filesz);
237 if (filesz > memsz) {
238 dev_err(dev, "bad phdr filesz 0x%x memsz 0x%x\n",
244 /* grab the kernel address for this device address */
245 ptr = rproc_da_to_va(rproc, da, memsz);
247 dev_err(dev, "bad phdr da 0x%x mem 0x%x\n", da, memsz);
252 /* put the segment where the remote processor expects it */
254 memcpy(ptr, elf_data + phdr->p_offset, filesz);
257 * Zero out remaining memory for this segment.
259 * This isn't strictly required since dma_alloc_coherent already
260 * did this for us. albeit harmless, we may consider removing
264 memset(ptr + filesz, 0, memsz - filesz);
271 * rproc_handle_virtio_hdr() - handle a virtio header resource
272 * @rproc: the remote processor
273 * @rsc: the resource descriptor
275 * The existence of this virtio hdr resource entry means that the firmware
276 * of this @rproc supports this virtio device.
278 * Currently we support only a single virtio device of type VIRTIO_ID_RPMSG,
279 * but the plan is to remove this limitation and support any number
280 * of virtio devices (and of any type). We'll also add support for dynamically
281 * adding (and removing) virtio devices over the rpmsg bus, but small
282 * firmwares that doesn't want to get involved with rpmsg will be able
283 * to simple use the resource table for this.
285 * At this point this virtio header entry is rather simple: it just
286 * announces the virtio device id and the supported virtio device features.
287 * The plan though is to extend this to include the vring information and
288 * the virtio config space, too (but first, some resource table overhaul
289 * is needed: move from fixed-sized to variable-length TLV entries).
291 * For now, the 'flags' member of the resource entry contains the virtio
292 * device id, the 'da' member contains the device features, and 'pa' is
293 * where we need to store the guest features once negotiation completes.
294 * As usual, the 'id' member of this resource contains the index of this
295 * resource type (i.e. is this the first virtio hdr entry, the 2nd, ...).
297 * Returns 0 on success, or an appropriate error code otherwise
299 static int rproc_handle_virtio_hdr(struct rproc *rproc, struct fw_resource *rsc)
301 struct rproc_vdev *rvdev;
303 /* we only support VIRTIO_ID_RPMSG devices for now */
304 if (rsc->flags != VIRTIO_ID_RPMSG) {
305 dev_warn(rproc->dev, "unsupported vdev: %d\n", rsc->flags);
309 /* we only support a single vdev per rproc for now */
310 if (rsc->id || rproc->rvdev) {
311 dev_warn(rproc->dev, "redundant vdev entry: %s\n", rsc->name);
315 rvdev = kzalloc(sizeof(struct rproc_vdev), GFP_KERNEL);
319 /* remember the device features */
320 rvdev->dfeatures = rsc->da;
322 rproc->rvdev = rvdev;
323 rvdev->rproc = rproc;
329 * rproc_handle_vring() - handle a vring fw resource
330 * @rproc: the remote processor
331 * @rsc: the vring resource descriptor
333 * This resource entry requires allocation of non-cacheable memory
334 * for a virtio vring. Currently we only support two vrings per remote
335 * processor, required for the virtio rpmsg device.
337 * The 'len' member of @rsc should contain the number of buffers this vring
338 * support and 'da' should either contain the device address where
339 * the remote processor is expecting the vring, or indicate that
340 * dynamically allocation of the vring's device address is supported.
342 * Note: 'da' is currently not handled. This will be revised when the generic
343 * iommu-based DMA API will arrive, or a dynanic & non-iommu use case show
344 * up. Meanwhile, statically-addressed iommu-based images should use
345 * RSC_DEVMEM resource entries to map their require 'da' to the physical
346 * address of their base CMA region.
348 * Returns 0 on success, or an appropriate error code otherwise
350 static int rproc_handle_vring(struct rproc *rproc, struct fw_resource *rsc)
352 struct device *dev = rproc->dev;
353 struct rproc_vdev *rvdev = rproc->rvdev;
355 int size, id = rsc->id;
358 /* no vdev is in place ? */
360 dev_err(dev, "vring requested without a virtio dev entry\n");
364 /* the firmware must provide the expected queue size */
366 dev_err(dev, "missing expected queue size\n");
370 /* we currently support two vrings per rproc (for rx and tx) */
371 if (id >= ARRAY_SIZE(rvdev->vring)) {
372 dev_err(dev, "%s: invalid vring id %d\n", rsc->name, id);
376 /* have we already allocated this vring id ? */
377 if (rvdev->vring[id].len) {
378 dev_err(dev, "%s: duplicated id %d\n", rsc->name, id);
382 /* actual size of vring (in bytes) */
383 size = PAGE_ALIGN(vring_size(rsc->len, AMP_VRING_ALIGN));
386 * Allocate non-cacheable memory for the vring. In the future
387 * this call will also configure the IOMMU for us
389 va = dma_alloc_coherent(dev, size, &dma, GFP_KERNEL);
391 dev_err(dev, "dma_alloc_coherent failed\n");
395 dev_dbg(dev, "vring%d: va %p dma %x qsz %d ring size %x\n", id, va,
396 dma, rsc->len, size);
398 rvdev->vring[id].len = rsc->len;
399 rvdev->vring[id].va = va;
400 rvdev->vring[id].dma = dma;
406 * rproc_handle_trace() - handle a shared trace buffer resource
407 * @rproc: the remote processor
408 * @rsc: the trace resource descriptor
410 * In case the remote processor dumps trace logs into memory,
411 * export it via debugfs.
413 * Currently, the 'da' member of @rsc should contain the device address
414 * where the remote processor is dumping the traces. Later we could also
415 * support dynamically allocating this address using the generic
416 * DMA API (but currently there isn't a use case for that).
418 * Returns 0 on success, or an appropriate error code otherwise
420 static int rproc_handle_trace(struct rproc *rproc, struct fw_resource *rsc)
422 struct rproc_mem_entry *trace;
423 struct device *dev = rproc->dev;
427 /* what's the kernel address of this resource ? */
428 ptr = rproc_da_to_va(rproc, rsc->da, rsc->len);
430 dev_err(dev, "erroneous trace resource entry\n");
434 trace = kzalloc(sizeof(*trace), GFP_KERNEL);
436 dev_err(dev, "kzalloc trace failed\n");
440 /* set the trace buffer dma properties */
441 trace->len = rsc->len;
444 /* make sure snprintf always null terminates, even if truncating */
445 snprintf(name, sizeof(name), "trace%d", rproc->num_traces);
447 /* create the debugfs entry */
448 trace->priv = rproc_create_trace_file(name, rproc, trace);
455 list_add_tail(&trace->node, &rproc->traces);
459 dev_dbg(dev, "%s added: va %p, da 0x%llx, len 0x%x\n", name, ptr,
466 * rproc_handle_devmem() - handle devmem resource entry
467 * @rproc: remote processor handle
468 * @rsc: the devmem resource entry
470 * Remote processors commonly need to access certain on-chip peripherals.
472 * Some of these remote processors access memory via an iommu device,
473 * and might require us to configure their iommu before they can access
474 * the on-chip peripherals they need.
476 * This resource entry is a request to map such a peripheral device.
478 * These devmem entries will contain the physical address of the device in
479 * the 'pa' member. If a specific device address is expected, then 'da' will
480 * contain it (currently this is the only use case supported). 'len' will
481 * contain the size of the physical region we need to map.
483 * Currently we just "trust" those devmem entries to contain valid physical
484 * addresses, but this is going to change: we want the implementations to
485 * tell us ranges of physical addresses the firmware is allowed to request,
486 * and not allow firmwares to request access to physical addresses that
487 * are outside those ranges.
489 static int rproc_handle_devmem(struct rproc *rproc, struct fw_resource *rsc)
491 struct rproc_mem_entry *mapping;
494 /* no point in handling this resource without a valid iommu domain */
498 mapping = kzalloc(sizeof(*mapping), GFP_KERNEL);
500 dev_err(rproc->dev, "kzalloc mapping failed\n");
504 ret = iommu_map(rproc->domain, rsc->da, rsc->pa, rsc->len, rsc->flags);
506 dev_err(rproc->dev, "failed to map devmem: %d\n", ret);
511 * We'll need this info later when we'll want to unmap everything
512 * (e.g. on shutdown).
514 * We can't trust the remote processor not to change the resource
515 * table, so we must maintain this info independently.
517 mapping->da = rsc->da;
518 mapping->len = rsc->len;
519 list_add_tail(&mapping->node, &rproc->mappings);
521 dev_dbg(rproc->dev, "mapped devmem pa 0x%llx, da 0x%llx, len 0x%x\n",
522 rsc->pa, rsc->da, rsc->len);
532 * rproc_handle_carveout() - handle phys contig memory allocation requests
533 * @rproc: rproc handle
534 * @rsc: the resource entry
536 * This function will handle firmware requests for allocation of physically
537 * contiguous memory regions.
539 * These request entries should come first in the firmware's resource table,
540 * as other firmware entries might request placing other data objects inside
541 * these memory regions (e.g. data/code segments, trace resource entries, ...).
543 * Allocating memory this way helps utilizing the reserved physical memory
544 * (e.g. CMA) more efficiently, and also minimizes the number of TLB entries
545 * needed to map it (in case @rproc is using an IOMMU). Reducing the TLB
546 * pressure is important; it may have a substantial impact on performance.
548 static int rproc_handle_carveout(struct rproc *rproc, struct fw_resource *rsc)
550 struct rproc_mem_entry *carveout, *mapping;
551 struct device *dev = rproc->dev;
556 mapping = kzalloc(sizeof(*mapping), GFP_KERNEL);
558 dev_err(dev, "kzalloc mapping failed\n");
562 carveout = kzalloc(sizeof(*carveout), GFP_KERNEL);
564 dev_err(dev, "kzalloc carveout failed\n");
569 va = dma_alloc_coherent(dev, rsc->len, &dma, GFP_KERNEL);
571 dev_err(dev, "failed to dma alloc carveout: %d\n", rsc->len);
576 dev_dbg(dev, "carveout va %p, dma %x, len 0x%x\n", va, dma, rsc->len);
579 * Ok, this is non-standard.
581 * Sometimes we can't rely on the generic iommu-based DMA API
582 * to dynamically allocate the device address and then set the IOMMU
583 * tables accordingly, because some remote processors might
584 * _require_ us to use hard coded device addresses that their
585 * firmware was compiled with.
587 * In this case, we must use the IOMMU API directly and map
588 * the memory to the device address as expected by the remote
591 * Obviously such remote processor devices should not be configured
592 * to use the iommu-based DMA API: we expect 'dma' to contain the
593 * physical address in this case.
596 ret = iommu_map(rproc->domain, rsc->da, dma, rsc->len,
599 dev_err(dev, "iommu_map failed: %d\n", ret);
604 * We'll need this info later when we'll want to unmap
605 * everything (e.g. on shutdown).
607 * We can't trust the remote processor not to change the
608 * resource table, so we must maintain this info independently.
610 mapping->da = rsc->da;
611 mapping->len = rsc->len;
612 list_add_tail(&mapping->node, &rproc->mappings);
614 dev_dbg(dev, "carveout mapped 0x%llx to 0x%x\n", rsc->da, dma);
617 * Some remote processors might need to know the pa
618 * even though they are behind an IOMMU. E.g., OMAP4's
619 * remote M3 processor needs this so it can control
620 * on-chip hardware accelerators that are not behind
621 * the IOMMU, and therefor must know the pa.
623 * Generally we don't want to expose physical addresses
624 * if we don't have to (remote processors are generally
625 * _not_ trusted), so we might want to do this only for
626 * remote processor that _must_ have this (e.g. OMAP4's
627 * dual M3 subsystem).
633 carveout->len = rsc->len;
635 carveout->da = rsc->da;
637 list_add_tail(&carveout->node, &rproc->carveouts);
642 dma_free_coherent(dev, rsc->len, va, dma);
650 /* handle firmware resource entries before booting the remote processor */
652 rproc_handle_boot_rsc(struct rproc *rproc, struct fw_resource *rsc, int len)
654 struct device *dev = rproc->dev;
657 while (len >= sizeof(*rsc)) {
658 dev_dbg(dev, "rsc: type %d, da 0x%llx, pa 0x%llx, len 0x%x, "
659 "id %d, name %s, flags %x\n", rsc->type, rsc->da,
660 rsc->pa, rsc->len, rsc->id, rsc->name, rsc->flags);
664 ret = rproc_handle_carveout(rproc, rsc);
667 ret = rproc_handle_devmem(rproc, rsc);
670 ret = rproc_handle_trace(rproc, rsc);
673 ret = rproc_handle_vring(rproc, rsc);
676 /* this one is handled early upon registration */
679 dev_warn(dev, "unsupported resource %d\n", rsc->type);
693 /* handle firmware resource entries while registering the remote processor */
695 rproc_handle_virtio_rsc(struct rproc *rproc, struct fw_resource *rsc, int len)
697 struct device *dev = rproc->dev;
700 for (; len >= sizeof(*rsc); rsc++, len -= sizeof(*rsc))
701 if (rsc->type == RSC_VIRTIO_DEV) {
702 dev_dbg(dev, "found vdev %d/%s features %llx\n",
703 rsc->flags, rsc->name, rsc->da);
704 ret = rproc_handle_virtio_hdr(rproc, rsc);
712 * rproc_handle_resources() - find and handle the resource table
713 * @rproc: the rproc handle
714 * @elf_data: the content of the ELF firmware image
715 * @handler: function that should be used to handle the resource table
717 * This function finds the resource table inside the remote processor's
718 * firmware, and invoke a user-supplied handler with it (we have two
719 * possible handlers: one is invoked upon registration of @rproc,
720 * in order to register the supported virito devices, and the other is
721 * invoked when @rproc is actually booted).
723 * Currently this function fails if a resource table doesn't exist.
724 * This restriction will be removed when we'll start supporting remote
725 * processors that don't need a resource table.
727 static int rproc_handle_resources(struct rproc *rproc, const u8 *elf_data,
728 rproc_handle_resources_t handler)
731 struct elf32_hdr *ehdr;
732 struct elf32_shdr *shdr;
733 const char *name_table;
734 int i, ret = -EINVAL;
736 ehdr = (struct elf32_hdr *)elf_data;
737 shdr = (struct elf32_shdr *)(elf_data + ehdr->e_shoff);
738 name_table = elf_data + shdr[ehdr->e_shstrndx].sh_offset;
740 /* look for the resource table and handle it */
741 for (i = 0; i < ehdr->e_shnum; i++, shdr++) {
742 if (!strcmp(name_table + shdr->sh_name, ".resource_table")) {
743 struct fw_resource *table = (struct fw_resource *)
744 (elf_data + shdr->sh_offset);
746 ret = handler(rproc, table, shdr->sh_size);
756 * rproc_resource_cleanup() - clean up and free all acquired resources
757 * @rproc: rproc handle
759 * This function will free all resources acquired for @rproc, and it
760 * is called when @rproc shuts down, or just failed booting.
762 static void rproc_resource_cleanup(struct rproc *rproc)
764 struct rproc_mem_entry *entry, *tmp;
765 struct device *dev = rproc->dev;
766 struct rproc_vdev *rvdev = rproc->rvdev;
769 /* clean up debugfs trace entries */
770 list_for_each_entry_safe(entry, tmp, &rproc->traces, node) {
771 rproc_remove_trace_file(entry->priv);
773 list_del(&entry->node);
777 /* free the coherent memory allocated for the vrings */
778 for (i = 0; rvdev && i < ARRAY_SIZE(rvdev->vring); i++) {
779 int qsz = rvdev->vring[i].len;
780 void *va = rvdev->vring[i].va;
781 int dma = rvdev->vring[i].dma;
783 /* virtqueue size is expressed in number of buffers supported */
785 /* how many bytes does this vring really occupy ? */
786 int size = PAGE_ALIGN(vring_size(qsz, AMP_VRING_ALIGN));
788 dma_free_coherent(rproc->dev, size, va, dma);
790 rvdev->vring[i].len = 0;
794 /* clean up carveout allocations */
795 list_for_each_entry_safe(entry, tmp, &rproc->carveouts, node) {
796 dma_free_coherent(dev, entry->len, entry->va, entry->dma);
797 list_del(&entry->node);
801 /* clean up iommu mapping entries */
802 list_for_each_entry_safe(entry, tmp, &rproc->mappings, node) {
805 unmapped = iommu_unmap(rproc->domain, entry->da, entry->len);
806 if (unmapped != entry->len) {
807 /* nothing much to do besides complaining */
808 dev_err(dev, "failed to unmap %u/%u\n", entry->len,
812 list_del(&entry->node);
817 /* make sure this fw image is sane */
818 static int rproc_fw_sanity_check(struct rproc *rproc, const struct firmware *fw)
820 const char *name = rproc->firmware;
821 struct device *dev = rproc->dev;
822 struct elf32_hdr *ehdr;
825 dev_err(dev, "failed to load %s\n", name);
829 if (fw->size < sizeof(struct elf32_hdr)) {
830 dev_err(dev, "Image is too small\n");
834 ehdr = (struct elf32_hdr *)fw->data;
836 if (memcmp(ehdr->e_ident, ELFMAG, SELFMAG)) {
837 dev_err(dev, "Image is corrupted (bad magic)\n");
841 if (ehdr->e_phnum == 0) {
842 dev_err(dev, "No loadable segments\n");
846 if (ehdr->e_phoff > fw->size) {
847 dev_err(dev, "Firmware size is too small\n");
855 * take a firmware and boot a remote processor with it.
857 static int rproc_fw_boot(struct rproc *rproc, const struct firmware *fw)
859 struct device *dev = rproc->dev;
860 const char *name = rproc->firmware;
861 struct elf32_hdr *ehdr;
864 ret = rproc_fw_sanity_check(rproc, fw);
868 ehdr = (struct elf32_hdr *)fw->data;
870 dev_info(dev, "Booting fw image %s, size %d\n", name, fw->size);
873 * if enabling an IOMMU isn't relevant for this rproc, this is
876 ret = rproc_enable_iommu(rproc);
878 dev_err(dev, "can't enable iommu: %d\n", ret);
883 * The ELF entry point is the rproc's boot addr (though this is not
884 * a configurable property of all remote processors: some will always
885 * boot at a specific hardcoded address).
887 rproc->bootaddr = ehdr->e_entry;
889 /* handle fw resources which are required to boot rproc */
890 ret = rproc_handle_resources(rproc, fw->data, rproc_handle_boot_rsc);
892 dev_err(dev, "Failed to process resources: %d\n", ret);
896 /* load the ELF segments to memory */
897 ret = rproc_load_segments(rproc, fw->data);
899 dev_err(dev, "Failed to load program segments: %d\n", ret);
903 /* power up the remote processor */
904 ret = rproc->ops->start(rproc);
906 dev_err(dev, "can't start rproc %s: %d\n", rproc->name, ret);
910 rproc->state = RPROC_RUNNING;
912 dev_info(dev, "remote processor %s is now up\n", rproc->name);
917 rproc_resource_cleanup(rproc);
918 rproc_disable_iommu(rproc);
923 * take a firmware and look for virtio devices to register.
925 * Note: this function is called asynchronously upon registration of the
926 * remote processor (so we must wait until it completes before we try
927 * to unregister the device. one other option is just to use kref here,
928 * that might be cleaner).
930 static void rproc_fw_config_virtio(const struct firmware *fw, void *context)
932 struct rproc *rproc = context;
933 struct device *dev = rproc->dev;
936 if (rproc_fw_sanity_check(rproc, fw) < 0)
939 /* does the fw supports any virtio devices ? */
940 ret = rproc_handle_resources(rproc, fw->data, rproc_handle_virtio_rsc);
942 dev_info(dev, "No fw virtio device was found\n");
946 /* add the virtio device (currently only rpmsg vdevs are supported) */
947 ret = rproc_add_rpmsg_vdev(rproc);
953 release_firmware(fw);
954 /* allow rproc_unregister() contexts, if any, to proceed */
955 complete_all(&rproc->firmware_loading_complete);
959 * rproc_boot() - boot a remote processor
960 * @rproc: handle of a remote processor
962 * Boot a remote processor (i.e. load its firmware, power it on, ...).
964 * If the remote processor is already powered on, this function immediately
965 * returns (successfully).
967 * Returns 0 on success, and an appropriate error value otherwise.
969 int rproc_boot(struct rproc *rproc)
971 const struct firmware *firmware_p;
976 pr_err("invalid rproc handle\n");
982 ret = mutex_lock_interruptible(&rproc->lock);
984 dev_err(dev, "can't lock rproc %s: %d\n", rproc->name, ret);
988 /* loading a firmware is required */
989 if (!rproc->firmware) {
990 dev_err(dev, "%s: no firmware to load\n", __func__);
995 /* prevent underlying implementation from being removed */
996 if (!try_module_get(dev->driver->owner)) {
997 dev_err(dev, "%s: can't get owner\n", __func__);
1002 /* skip the boot process if rproc is already powered up */
1003 if (atomic_inc_return(&rproc->power) > 1) {
1008 dev_info(dev, "powering up %s\n", rproc->name);
1011 ret = request_firmware(&firmware_p, rproc->firmware, dev);
1013 dev_err(dev, "request_firmware failed: %d\n", ret);
1017 ret = rproc_fw_boot(rproc, firmware_p);
1019 release_firmware(firmware_p);
1023 module_put(dev->driver->owner);
1024 atomic_dec(&rproc->power);
1027 mutex_unlock(&rproc->lock);
1030 EXPORT_SYMBOL(rproc_boot);
1033 * rproc_shutdown() - power off the remote processor
1034 * @rproc: the remote processor
1036 * Power off a remote processor (previously booted with rproc_boot()).
1038 * In case @rproc is still being used by an additional user(s), then
1039 * this function will just decrement the power refcount and exit,
1040 * without really powering off the device.
1042 * Every call to rproc_boot() must (eventually) be accompanied by a call
1043 * to rproc_shutdown(). Calling rproc_shutdown() redundantly is a bug.
1046 * - we're not decrementing the rproc's refcount, only the power refcount.
1047 * which means that the @rproc handle stays valid even after rproc_shutdown()
1048 * returns, and users can still use it with a subsequent rproc_boot(), if
1050 * - don't call rproc_shutdown() to unroll rproc_get_by_name(), exactly
1051 * because rproc_shutdown() _does not_ decrement the refcount of @rproc.
1052 * To decrement the refcount of @rproc, use rproc_put() (but _only_ if
1053 * you acquired @rproc using rproc_get_by_name()).
1055 void rproc_shutdown(struct rproc *rproc)
1057 struct device *dev = rproc->dev;
1060 ret = mutex_lock_interruptible(&rproc->lock);
1062 dev_err(dev, "can't lock rproc %s: %d\n", rproc->name, ret);
1066 /* if the remote proc is still needed, bail out */
1067 if (!atomic_dec_and_test(&rproc->power))
1070 /* power off the remote processor */
1071 ret = rproc->ops->stop(rproc);
1073 atomic_inc(&rproc->power);
1074 dev_err(dev, "can't stop rproc: %d\n", ret);
1078 /* clean up all acquired resources */
1079 rproc_resource_cleanup(rproc);
1081 rproc_disable_iommu(rproc);
1083 rproc->state = RPROC_OFFLINE;
1085 dev_info(dev, "stopped remote processor %s\n", rproc->name);
1088 mutex_unlock(&rproc->lock);
1090 module_put(dev->driver->owner);
1092 EXPORT_SYMBOL(rproc_shutdown);
1095 * rproc_release() - completely deletes the existence of a remote processor
1096 * @kref: the rproc's kref
1098 * This function should _never_ be called directly.
1100 * The only reasonable location to use it is as an argument when kref_put'ing
1101 * @rproc's refcount.
1103 * This way it will be called when no one holds a valid pointer to this @rproc
1104 * anymore (and obviously after it is removed from the rprocs klist).
1106 * Note: this function is not static because rproc_vdev_release() needs it when
1107 * it decrements @rproc's refcount.
1109 void rproc_release(struct kref *kref)
1111 struct rproc *rproc = container_of(kref, struct rproc, refcount);
1113 dev_info(rproc->dev, "removing %s\n", rproc->name);
1115 rproc_delete_debug_dir(rproc);
1117 /* at this point no one holds a reference to rproc anymore */
1121 /* will be called when an rproc is added to the rprocs klist */
1122 static void klist_rproc_get(struct klist_node *n)
1124 struct rproc *rproc = container_of(n, struct rproc, node);
1126 kref_get(&rproc->refcount);
1129 /* will be called when an rproc is removed from the rprocs klist */
1130 static void klist_rproc_put(struct klist_node *n)
1132 struct rproc *rproc = container_of(n, struct rproc, node);
1134 kref_put(&rproc->refcount, rproc_release);
1137 static struct rproc *next_rproc(struct klist_iter *i)
1139 struct klist_node *n;
1145 return container_of(n, struct rproc, node);
1149 * rproc_get_by_name() - find a remote processor by name and boot it
1150 * @name: name of the remote processor
1152 * Finds an rproc handle using the remote processor's name, and then
1153 * boot it. If it's already powered on, then just immediately return
1156 * Returns the rproc handle on success, and NULL on failure.
1158 * This function increments the remote processor's refcount, so always
1159 * use rproc_put() to decrement it back once rproc isn't needed anymore.
1161 * Note: currently this function (and its counterpart rproc_put()) are not
1162 * used anymore by the rpmsg subsystem. We need to scrutinize the use cases
1163 * that still need them, and see if we can migrate them to use the non
1164 * name-based boot/shutdown interface.
1166 struct rproc *rproc_get_by_name(const char *name)
1168 struct rproc *rproc;
1169 struct klist_iter i;
1172 /* find the remote processor, and upref its refcount */
1173 klist_iter_init(&rprocs, &i);
1174 while ((rproc = next_rproc(&i)) != NULL)
1175 if (!strcmp(rproc->name, name)) {
1176 kref_get(&rproc->refcount);
1179 klist_iter_exit(&i);
1181 /* can't find this rproc ? */
1183 pr_err("can't find remote processor %s\n", name);
1187 ret = rproc_boot(rproc);
1189 kref_put(&rproc->refcount, rproc_release);
1195 EXPORT_SYMBOL(rproc_get_by_name);
1198 * rproc_put() - decrement the refcount of a remote processor, and shut it down
1199 * @rproc: the remote processor
1201 * This function tries to shutdown @rproc, and it then decrements its
1204 * After this function returns, @rproc may _not_ be used anymore, and its
1205 * handle should be considered invalid.
1207 * This function should be called _iff_ the @rproc handle was grabbed by
1208 * calling rproc_get_by_name().
1210 void rproc_put(struct rproc *rproc)
1212 /* try to power off the remote processor */
1213 rproc_shutdown(rproc);
1215 /* downref rproc's refcount */
1216 kref_put(&rproc->refcount, rproc_release);
1218 EXPORT_SYMBOL(rproc_put);
1221 * rproc_register() - register a remote processor
1222 * @rproc: the remote processor handle to register
1224 * Registers @rproc with the remoteproc framework, after it has been
1225 * allocated with rproc_alloc().
1227 * This is called by the platform-specific rproc implementation, whenever
1228 * a new remote processor device is probed.
1230 * Returns 0 on success and an appropriate error code otherwise.
1232 * Note: this function initiates an asynchronous firmware loading
1233 * context, which will look for virtio devices supported by the rproc's
1236 * If found, those virtio devices will be created and added, so as a result
1237 * of registering this remote processor, additional virtio drivers will be
1240 * Currently, though, we only support a single RPMSG virtio vdev per remote
1243 int rproc_register(struct rproc *rproc)
1245 struct device *dev = rproc->dev;
1248 /* expose to rproc_get_by_name users */
1249 klist_add_tail(&rproc->node, &rprocs);
1251 dev_info(rproc->dev, "%s is available\n", rproc->name);
1253 /* create debugfs entries */
1254 rproc_create_debug_dir(rproc);
1256 /* rproc_unregister() calls must wait until async loader completes */
1257 init_completion(&rproc->firmware_loading_complete);
1260 * We must retrieve early virtio configuration info from
1261 * the firmware (e.g. whether to register a virtio rpmsg device,
1262 * what virtio features does it support, ...).
1264 * We're initiating an asynchronous firmware loading, so we can
1265 * be built-in kernel code, without hanging the boot process.
1267 ret = request_firmware_nowait(THIS_MODULE, FW_ACTION_HOTPLUG,
1268 rproc->firmware, dev, GFP_KERNEL,
1269 rproc, rproc_fw_config_virtio);
1271 dev_err(dev, "request_firmware_nowait failed: %d\n", ret);
1272 complete_all(&rproc->firmware_loading_complete);
1273 klist_remove(&rproc->node);
1278 EXPORT_SYMBOL(rproc_register);
1281 * rproc_alloc() - allocate a remote processor handle
1282 * @dev: the underlying device
1283 * @name: name of this remote processor
1284 * @ops: platform-specific handlers (mainly start/stop)
1285 * @firmware: name of firmware file to load
1286 * @len: length of private data needed by the rproc driver (in bytes)
1288 * Allocates a new remote processor handle, but does not register
1291 * This function should be used by rproc implementations during initialization
1292 * of the remote processor.
1294 * After creating an rproc handle using this function, and when ready,
1295 * implementations should then call rproc_register() to complete
1296 * the registration of the remote processor.
1298 * On success the new rproc is returned, and on failure, NULL.
1300 * Note: _never_ directly deallocate @rproc, even if it was not registered
1301 * yet. Instead, if you just need to unroll rproc_alloc(), use rproc_free().
1303 struct rproc *rproc_alloc(struct device *dev, const char *name,
1304 const struct rproc_ops *ops,
1305 const char *firmware, int len)
1307 struct rproc *rproc;
1309 if (!dev || !name || !ops)
1312 rproc = kzalloc(sizeof(struct rproc) + len, GFP_KERNEL);
1314 dev_err(dev, "%s: kzalloc failed\n", __func__);
1321 rproc->firmware = firmware;
1322 rproc->priv = &rproc[1];
1324 atomic_set(&rproc->power, 0);
1326 kref_init(&rproc->refcount);
1328 mutex_init(&rproc->lock);
1330 INIT_LIST_HEAD(&rproc->carveouts);
1331 INIT_LIST_HEAD(&rproc->mappings);
1332 INIT_LIST_HEAD(&rproc->traces);
1334 rproc->state = RPROC_OFFLINE;
1338 EXPORT_SYMBOL(rproc_alloc);
1341 * rproc_free() - free an rproc handle that was allocated by rproc_alloc
1342 * @rproc: the remote processor handle
1344 * This function should _only_ be used if @rproc was only allocated,
1345 * but not registered yet.
1347 * If @rproc was already successfully registered (by calling rproc_register()),
1348 * then use rproc_unregister() instead.
1350 void rproc_free(struct rproc *rproc)
1354 EXPORT_SYMBOL(rproc_free);
1357 * rproc_unregister() - unregister a remote processor
1358 * @rproc: rproc handle to unregister
1360 * Unregisters a remote processor, and decrements its refcount.
1361 * If its refcount drops to zero, then @rproc will be freed. If not,
1362 * it will be freed later once the last reference is dropped.
1364 * This function should be called when the platform specific rproc
1365 * implementation decides to remove the rproc device. it should
1366 * _only_ be called if a previous invocation of rproc_register()
1367 * has completed successfully.
1369 * After rproc_unregister() returns, @rproc is _not_ valid anymore and
1370 * it shouldn't be used. More specifically, don't call rproc_free()
1371 * or try to directly free @rproc after rproc_unregister() returns;
1372 * none of these are needed, and calling them is a bug.
1374 * Returns 0 on success and -EINVAL if @rproc isn't valid.
1376 int rproc_unregister(struct rproc *rproc)
1381 /* if rproc is just being registered, wait */
1382 wait_for_completion(&rproc->firmware_loading_complete);
1384 /* was an rpmsg vdev created ? */
1386 rproc_remove_rpmsg_vdev(rproc);
1388 klist_remove(&rproc->node);
1390 kref_put(&rproc->refcount, rproc_release);
1394 EXPORT_SYMBOL(rproc_unregister);
1396 static int __init remoteproc_init(void)
1398 rproc_init_debugfs();
1401 module_init(remoteproc_init);
1403 static void __exit remoteproc_exit(void)
1405 rproc_exit_debugfs();
1407 module_exit(remoteproc_exit);
1409 MODULE_LICENSE("GPL v2");
1410 MODULE_DESCRIPTION("Generic Remote Processor Framework");