Attempting to transmit rx_done messages after the GLINK instance is
being torn down will cause use after free and memory leaks. So cancel
the intent_work and free up the pending intents.
With this there are no concurrent accessors of the channel left during
qcom_glink_native_remove() and there is therefor no need to hold the
spinlock during this operation - which would prohibit the use of
cancel_work_sync() in the release function. So remove this.
Fixes: 1d2ea36eea ("rpmsg: glink: Add rx done command")
Cc: stable@vger.kernel.org
Acked-by: Chris Lew <clew@codeaurora.org>
Tested-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
The device release function is set before registering with rpmsg. If
rpmsg registration fails, the framework will call device_put(), which
invokes the release function. The channel create logic does not need to
free rpdev if rpmsg_register_device() fails and release is called.
Fixes: b4f8e52b89 ("rpmsg: Introduce Qualcomm RPM glink driver")
Cc: stable@vger.kernel.org
Tested-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Signed-off-by: Chris Lew <clew@codeaurora.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
In a remote processor crash scenario, there is no guarantee the remote
processor sent close requests before it went into a bad state. Remove
the reference that is normally handled by the close command in the
so channel resources can be released.
Fixes: b4f8e52b89 ("rpmsg: Introduce Qualcomm RPM glink driver")
Cc: stable@vger.kernel.org
Tested-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Signed-off-by: Chris Lew <clew@codeaurora.org>
Reported-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Extra channel reference put when remote sending OPEN_ACK after timeout
causes use-after-free while handling next remote CLOSE command.
Remove extra reference put in timeout case to avoid use-after-free.
Fixes: b4f8e52b89 ("rpmsg: Introduce Qualcomm RPM glink driver")
Cc: stable@vger.kernel.org
Tested-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Signed-off-by: Arun Kumar Neelakantam <aneela@codeaurora.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Memory allocated for re-usable intents are not freed during channel
cleanup which causes memory leak in system.
Check and free all re-usable memory to avoid memory leak.
Fixes: 933b45da5d ("rpmsg: glink: Add support for TX intents")
Cc: stable@vger.kernel.org
Acked-By: Chris Lew <clew@codeaurora.org>
Tested-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Signed-off-by: Arun Kumar Neelakantam <aneela@codeaurora.org>
Reported-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
One of the more common cases of allocation size calculations is finding
the size of a structure that has a zero-sized array at the end, along
with memory for some number of elements for that array. For example:
struct {
...
struct intent_pair intents[];
} __packed * msg;
Make use of the struct_size() helper instead of an open-coded version
in order to avoid any potential type mistakes.
So, replace the following form:
sizeof(*msg) + sizeof(struct intent_pair) * count
with:
struct_size(msg, intents, count)
This code was detected with the help of Coccinelle.
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
It is possible for the chunk sizes coming from the non RPM remote procs
to not be word aligned. Remove the alignment warning and continue to
read from the FIFO so execution is not stalled.
Signed-off-by: Chris Lew <clew@codeaurora.org>
Signed-off-by: Arun Kumar Neelakantam <aneela@codeaurora.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Channels may need to identify the edge their channel was probed for.
Store the edge name by reading the label property from device tree or
default to the node name.
Signed-off-by: Chris Lew <clew@codeaurora.org>
Signed-off-by: Arun Kumar Neelakantam <aneela@codeaurora.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Fix below kerneldoc warnings while building with W=1
qcom_glink_native.c:53: warning: Function parameter or member 'data' not described in 'glink_defer_cmd'
qcom_glink_native.c:75: warning: Function parameter or member 'data' not described in 'glink_core_rx_intent'
qcom_glink_native.c:75: warning: Function parameter or member 'id' not described in 'glink_core_rx_intent'
qcom_glink_native.c:75: warning: Function parameter or member 'size' not described in 'glink_core_rx_intent'
qcom_glink_native.c:75: warning: Function parameter or member 'reuse' not described in 'glink_core_rx_intent'
qcom_glink_native.c:75: warning: Function parameter or member 'in_use' not described in 'glink_core_rx_intent'
qcom_glink_native.c:75: warning: Function parameter or member 'offset' not described in 'glink_core_rx_intent'
qcom_glink_native.c:75: warning: Function parameter or member 'node' not described in 'glink_core_rx_intent'
qcom_glink_native.c:116: warning: Function parameter or member 'features' not described in 'qcom_glink'
qcom_glink_native.c:116: warning: Function parameter or member 'intentless' not described in 'qcom_glink'
qcom_glink_native.c:524: warning: Function parameter or member 'version' not described in 'qcom_glink_receive_version'
qcom_glink_native.c:524: warning: Function parameter or member 'features' not described in 'qcom_glink_receive_version'
qcom_glink_native.c:524: warning: Excess function parameter 'r_version' description in 'qcom_glink_receive_version'
qcom_glink_native.c:524: warning: Excess function parameter 'r_features' description in 'qcom_glink_receive_version'
qcom_glink_native.c:551: warning: Function parameter or member 'version' not described in 'qcom_glink_receive_version_ack'
qcom_glink_native.c:551: warning: Function parameter or member 'features' not described in 'qcom_glink_receive_version_ack'
qcom_glink_native.c:551: warning: Excess function parameter 'r_version' description in 'qcom_glink_receive_version_ack'
qcom_glink_native.c:551: warning: Excess function parameter 'r_features' description in 'qcom_glink_receive_version_ack'
qcom_glink_native.c:570: warning: bad line: wire format and transmit
qcom_glink_native.c:604: warning: Function parameter or member 'intent' not described in 'qcom_glink_advertise_intent'
qcom_glink_native.c:604: warning: Excess function parameter 'size' description in 'qcom_glink_advertise_intent'
qcom_glink_native.c:710: warning: Function parameter or member 'glink' not described in 'qcom_glink_handle_intent_req'
qcom_glink_native.c:710: warning: Function parameter or member 'cid' not described in 'qcom_glink_handle_intent_req'
qcom_glink_native.c:710: warning: Function parameter or member 'size' not described in 'qcom_glink_handle_intent_req'
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
As intent structure members are not correctly annotated, leading to below warnings
qcom_glink_native.c:614:16: warning: incorrect type in assignment (different base types)
qcom_glink_native.c:614:16: expected unsigned short [unsigned] [usertype] id
qcom_glink_native.c:614:16: got restricted __le16 [usertype] <noident>
qcom_glink_native.c:615:18: warning: incorrect type in assignment (different base types)
qcom_glink_native.c:615:18: expected unsigned short [unsigned] [usertype] lcid
qcom_glink_native.c:615:18: got restricted __le16 [usertype] <noident>
qcom_glink_native.c:616:19: warning: incorrect type in assignment (different base types)
qcom_glink_native.c:616:19: expected unsigned int [unsigned] [usertype] count
qcom_glink_native.c:616:19: got restricted __le32 [usertype] <noident>
qcom_glink_native.c:617:18: warning: incorrect type in assignment (different base types)
qcom_glink_native.c:617:18: expected unsigned int [unsigned] [usertype] size
qcom_glink_native.c:617:18: got restricted __le32 [usertype] <noident>
qcom_glink_native.c:618:18: warning: incorrect type in assignment (different base types)
qcom_glink_native.c:618:18: expected unsigned int [unsigned] [usertype] liid
qcom_glink_native.c:618:18: got restricted __le32 [usertype] <noident>
Fix this by correctly annotating them.
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Use the appropriate SPDX license identifier in various rpmsg
glink driver source files and drop the previous boilerplate
license text.
Signed-off-by: Suman Anna <s-anna@ti.com>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Switch the tx_lock to a spinlock we allow clients to use rpmsg_trysend()
from atomic context.
In order to allow clients to sleep while waiting for space in the FIFO
we release the lock temporarily around the delay; which should be
replaced by sending a READ_NOTIF and waiting for the remote to signal
us that space has been made available.
Tested-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
qcom_glink_alloc_channel() allocates the mutex but not initialize it.
Use mutex_init() on it to initialize it correctly.
This is detected by Coccinelle semantic patch.
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
As the GLINK driver is ticking the txdone of the mailbox channel (to
implement the doorbell) it needs to set knows_txdone.
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
The qcom_glink_native driver is missing a MODULE_LICENSE(), correct
this.
Fixes: 835764ddd9 ("rpmsg: glink: Move the common glink protocol implementation to glink_native.c")
Cc: stable@vger.kernel.org
Reported-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Intents can vary in size, try to find the best fitting remote intent
instead of first fit when sending a message to the remote proc.
Signed-off-by: Chris Lew <clew@codeaurora.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
The base intents prequeued during channel creation may not satisfy a
channel's throughput requirement. Add support for intents dt-binding to
allow channels to specify the size and amount of intents to prequeue
during endpoint announcement.
Signed-off-by: Chris Lew <clew@codeaurora.org>
[bjorn: Altered how defaults are expressed]
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
The "intent_req_comp" variable is used without initialization which
results in NULL pointer dereference in qcom_glink_request_intent().
we need to initialize the completion variable before using it.
Fixes: 27b9c5b66b ("rpmsg: glink: Request for intents when unavailable")
Signed-off-by: Arun Kumar Neelakantam <aneela@codeaurora.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
We need to free "intent" and "intent->data" on a couple error paths.
Fixes: 933b45da5d ("rpmsg: glink: Add support for TX intents")
Acked-by: Sricharan R <sricharan@codeaurora.org>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
If qcom_glink_tx() fails, then we need to unlock before returning the
error code.
Fixes: 27b9c5b66b ("rpmsg: glink: Request for intents when unavailable")
Acked-by: Sricharan R <sricharan@codeaurora.org>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
The new switch cases for RPM_CMD_RX_DONE, RPM_CMD_RX_DONE_W_REUSE,
RPM_CMD_RX_INTENT_REQ_ACK, RPM_CMD_INTENT and RPM_CMD_RX_INTENT_REQ from
4 recent commits are not setting ret and so a later non-zero check on ret
is testing on a garbage value in ret. Fix this by initializing ret to zero.
Detected by CoverityScan CID#1455249 ("Uninitialized scalar variable")
Fixes: 933b45da5d ("rpmsg: glink: Add support for TX intents)
Fixes: dacbb35e93 ("glink: Receive and store the remote intent buffers")
Fixes: 27b9c5b66b ("rpmsg: glink: Request for intents when unavailable")
Fixes: 88c6060f5a ("rpmsg: glink: Handle remote rx done command")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
In the case where glink->intentless is true and the call
to qcom_glink_tx fails then we have a condition where ret is
non-zero and intent is null, causing a null pointer deference
when setting intent->in_use to false. Add an extra check to
only dereference intent if intent is non-null.
Detected by: CoverityScan CID#1455247 ("Explicit null dereferenced")
Fixes: 88c6060f5a ("rpmsg: glink: Handle remote rx done command")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
The common code needs to export the probe and remove symbols in order
for the SMEM and RPM drivers to access them when compiled as a module.
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
The idr_lock should be released in the case that we don't find the given
channel.
Fixes: 44f6df922a ("rpmsg: glink: Fix idr_lock from mutex to spinlock")
Reported-by: Julia Lawall <julia.lawall@lip6.fr>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Once the remote side sends a rx done ack, check for the intent reuse
information from it and suitably discard or reuse the remote passed
intent buffers.
Acked-by: Arun Kumar Neelakantam <aneela@codeaurora.org>
Signed-off-by: Sricharan R <sricharan@codeaurora.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
While sending data, we search for suitable sized intent to map and
simply fail if a intent is not found. Instead request for a intent of
required size and wait till one is alloted.
Acked-by: Arun Kumar Neelakantam <aneela@codeaurora.org>
Signed-off-by: Sricharan R <sricharan@codeaurora.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
While sending data, use the remote intent id buffer of suitable size
that was passed by remote previously.
Acked-by: Arun Kumar Neelakantam <aneela@codeaurora.org>
Signed-off-by: Sricharan R <sricharan@codeaurora.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Just like we allocating and sending intent ids to remote, remote side
allocates and sends us the intents as well. So save the intent ids and
use it later while sending data targeting the appropriate intents based
on the size.
Acked-by: Arun Kumar Neelakantam <aneela@codeaurora.org>
Signed-off-by: Sricharan R <sricharan@codeaurora.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Preallocate local intent buffers and pass the intent ids to the remote.
This way there are some default intents available for the remote to
start sending data without having to wait by sending intent requests. Do
this by adding the rpmsg announce_create ops, which gets called right
after the rpmsg device gets probed.
Acked-by: Arun Kumar Neelakantam <aneela@codeaurora.org>
Signed-off-by: Sricharan R <sricharan@codeaurora.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Send RX data receive ack to remote and also inform that local intent
buffer is used and freed. This informs the remote to request for next
set of intent buffers before doing a send operation.
Acked-by: Arun Kumar Neelakantam <aneela@codeaurora.org>
Signed-off-by: Sricharan R <sricharan@codeaurora.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
To fully read the received rx data from FIFO both the command and data
has to be read. Currently we read command, data separately and process
them. By adding an offset parameter to RX FIFO peak accessor, command
and data can be read together, simplifying things. So introduce this.
Acked-by: Arun Kumar Neelakantam <aneela@codeaurora.org>
Signed-off-by: Sricharan R <sricharan@codeaurora.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
So previously on request from remote side, we allocated local intent
buffers and passed the ids to the remote. Now when we receive data
buffers from remote directed to that intent id, copy the data to the
corresponding preallocated intent buffer.
Acked-by: Arun Kumar Neelakantam <aneela@codeaurora.org>
Signed-off-by: Sricharan R <sricharan@codeaurora.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Intents are nothing but pre-allocated buffers of appropriate size that
are allocated on the local side and communicated to the remote side and
the remote stores the list of intent ids that it is informed.
Later when remote side is intenting to send data, it picks up a right
intent (based on the size) and sends the data buffer and the intent id.
Local side receives the data and copies it to the local intent buffer.
The whole idea is to avoid stalls on the transport for allocating
memory, used for copy based transports.
When the remote request to allocate buffers using CMD_RX_INTENT_REQ, we
allocate buffers of requested size, store the buffer id locally and also
communicate the intent id to the remote.
Acked-by: Arun Kumar Neelakantam <aneela@codeaurora.org>
Signed-off-by: Sricharan R <sricharan@codeaurora.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
The channel members lcids, rcids synchronised using the idr_lock is
accessed in both atomic/non-atomic contexts. The readers are not
currently synchronised. That no correct, so add the readers as well
under the lock and use a spinlock.
Acked-by: Arun Kumar Neelakantam <aneela@codeaurora.org>
Signed-off-by: Sricharan R <sricharan@codeaurora.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
G-link supports a version number and feature flags for each transport.
A combination of the version number and feature flags enable/disable:
(*) G-Link software updates for each edge
(*) Individual features for each edge
Endpoints negotiate both the version and the supported flags when
the transport is opened and they cannot be changed after negotiation has
been completed.
Each full implementation of G-Link must support a minimum of the current
version, the previous version, and the base negotiation version called v0.
Acked-by: Arun Kumar Neelakantam <aneela@codeaurora.org>
Signed-off-by: Sricharan R <sricharan@codeaurora.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
The glink protocol supports different types of transports (shared
memory). With the core protocol remaining the same, the way the
transport's memory is probed and accessed is different. So add support
for glink's smem based transports.
Adding a new smem transport register function and the fifo accessors for
the same.
Acked-by: Arun Kumar Neelakantam <aneela@codeaurora.org>
Signed-off-by: Sricharan R <sricharan@codeaurora.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
mbox_request_channel is done in probe, so free the channel in remove.
Acked-by: Arun Kumar Neelakantam <aneela@codeaurora.org>
Signed-off-by: Sricharan R <sricharan@codeaurora.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
The TX FIFO can be full, if the remote client has not read enough data
(or) reading it slowly. So its nessecary to return -EAGAIN to the local
client to enable retry.
Acked-by: Arun Kumar Neelakantam <aneela@codeaurora.org>
Signed-off-by: Sricharan R <sricharan@codeaurora.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Glink protocol requires that each message is aligned on a 8 byte offset.
This is purely a restriction from glink, so in order to support clients
which do not adher to this, allow data packets of any size, but align
the head index accordingly, effectively removing the alignment
restriction.
Acked-by: Arun Kumar Neelakantam <aneela@codeaurora.org>
Signed-off-by: Sricharan R <sricharan@codeaurora.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Move the common part of glink core protocol implementation to
glink_native.c that can be shared with the smem based glink
transport in the later patches.
Acked-by: Arun Kumar Neelakantam <aneela@codeaurora.org>
Signed-off-by: Sricharan R <sricharan@codeaurora.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>