Make sure to allocate the message transfer-buffer separately from the
containing message structure to avoid data corruption on systems without
DMA-coherent caches.
The message structure contains state that is updated while the buffer
may be used for DMA, something which could lead to data corruption due
to cache-line sharing on some architectures.
Use the (renamed) message cache for the message structure itself and
allocate the buffer separately.
If the additional allocation is a concern, the message structures
could eventually be allocated as part of the operation structure.
Signed-off-by: Johan Hovold <johan@hovoldconsulting.com> Reviewed-by: Alex Elder <elder@linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Remove unused and unnecessary buffer-alignment define that host driver
were supposed to use.
We can handle unaligned incoming buffers just fine by accessing the
operation-message header via a copy in the receive path, rather than
requiring host drivers to make sure the alignment is correct.
Signed-off-by: Johan Hovold <johan@hovoldconsulting.com> Reviewed-by: Alex Elder <elder@linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Johan Hovold [Tue, 7 Apr 2015 09:27:13 +0000 (11:27 +0200)]
greybus: operation: fix unaligned memory accesses in receive path
The buffer received from our current host driver is 1-byte aligned and
will therefore cause unaligned memory accesses if simply cast to an
operation-message header.
Fix this by making a properly aligned copy of the header in
gb_connection_recv_response before accessing its fields.
Note that this does not affect protocol drivers as the whole buffer is
copied when creating the corresponding request or response before being
forwarded.
Signed-off-by: Johan Hovold <johan@hovoldconsulting.com> Reviewed-by: Alex Elder <elder@linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
greybus: manifest: Use interface descriptor instead of module descriptor to get information
A module can have more than one interfaces and we get hotplug events or
manifests for interfaces, not modules. Details like version, vendor,
product id, etc. can be different for different interfaces within the
same module and so shall be fetched from interface descriptor instead of
module descriptor.
So what we have been doing for module descriptors until now must be done
for interface descriptors. There can only be one interface descriptor in
the manifest. Module descriptor isn't used anymore and probably most of
its fields can be removed now.
greybus: bundle: Create bundles using bundle descriptors
Currently we are creating bundles based on interface descriptors. An interface
can have one or more bundles associated with it and so a bundle must be created
based on a bundle descriptor.
greybus: interface: Fetch interface id instead of module id during setup
There can be more than one interface on a module and we need to know the
interface for which the event has occurred.
But at the same time we may not need the module id at all. During initial phase
when AP is probed, the AP will receive the unique Endo id which shall be enough
to draw relationships between interface and module ids.
Code for that isn't available today and so lets create another routine to get
module id (which needs to be fixed separately), which will simply return
interface id passed to it.
Now that we have interface id, update rest of the code to use it.
Devices registered with the device-core needs to be freed by calling
device_unregister(). For module we are calling just put_device() and for
bundle, connection and interface we are calling device_del().
All of these are incomplete and so none of them get freed, i.e. the
.release() routine is never called for their devices.
Module being a special case that it needs to maintain a refcount or a
list of interfaces to trace its usage count. I have chosen refcount.
And so once the refcount is zero, we can Unregister the device and
module will get free as well.
Because of this bug in freeing devices, their sysfs directories were not
getting removed properly and after a manifest is parsed with the help of
gbsim, removing modules was creating problems. The sysfs directory
'greybus' wasn't getting removed. And inserting the modules again
resulted in warnings and insmod failure.
WARNING: CPU: 3 PID: 4277 at
/build/buildd/linux-3.13.0/fs/sysfs/dir.c:486
sysfs_warn_dup+0x86/0xa0()
Mark Greer [Tue, 31 Mar 2015 23:49:56 +0000 (16:49 -0700)]
greybus: Initial I2S definitions
These are definitions from Mark that I've consolidated into
one header file. I'd like to get these merged at some point
soon, so the audio driver and gbsim work can avoid having
out-of-tree dependencies.
Signed-off-by: Mark A. Greer <mgreer@animalcreek.com> Reviewed-by: Alex Elder <elder@linaro.org> Signed-off-by: John Stultz <john.stultz@linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
greybus: Documentation/sysfs: add a proposed sysfs tree for greybus
This adds a proposed sysfs layout for greybus to Documentation to make
it easier for people to discuss / test things. It includes a module, an
interface, a bundle, and a gpbridge binding to that bundle.
This was discussed on the projectara software mailing list.
greybus: kernel_ver.h: add sysfs_create_groups() and sysfs_remove_groups()
These functions showed up in 3.12 or so, and we are stuck on 3.10 for
various reasons, so provide backports in kernel_ver.h so that we can
rely on these functions.
greybus: loopback: use the attribute groups, not group
We should use the attribute groups, not group, for the device, so
add and remove it. No one should ever be updating a sysfs group for a
device, as that can be pretty dangerous if you don't duplicate _all_
existing attribute for that device, and I don't think we were doing that
here.
Alexandre Bailon [Tue, 31 Mar 2015 07:51:59 +0000 (09:51 +0200)]
greybus: Add loopback protocol
Add a simple Greybus protocol in order to stress USB and Greybus.
This protocol currently support 2 requests: ping and transfer.
ping request is useful to measure latency.
Kernel send a ping request and firmware should respond with a ping.
The transfer request request is useful to stress Greybus and USB.
Kernel can send data from 0 to 4k and the firmware must send back the data to kernel.
This behaviour of gb-loopback module is controlled via sysfs.
Curently, connection sysfs folder is updated with new entries:
- type: Type of loopback message to send
* 0 => Don't send message
* 1 => Send ping message continuously (message without payload)
* 2 => Send transer message continuously (message with payload)
- size: Size of transfer message payload: 0-4096 bytes
- ms_wait: Time to wait between two messages: 0-1024 ms
Module also export some statistics about connection:
- latency: Time to send and receive one message
- frequency: Number of packet sent per second on this cport
- throughput: Quantity of data sent and received on this cport
- error
All this statistics are cleared everytime type, size or ms_wait entries are updated.
Alex Elder [Fri, 27 Mar 2015 20:20:49 +0000 (15:20 -0500)]
greybus: es2: test apb1_log_task safely
When usb_log_enable() is called, the global apb1_log_task is used to
hold the result of kthread_run(). It is possible for kthread_run()
to return an error pointer, so tests of apb_log_task against NULL
are insufficient to determine its validity.
Note that kthread_run() never returns NULL so we don't have to check
for that. But apb1_log_task is initially NULL, so that global must
be both non-null and not an error in order to be considered valid.
Signed-off-by: Alex Elder <elder@linaro.org> Signed-off-by: Greg Kroah-Hartman <greg@kroah.com>
Alex Elder [Fri, 27 Mar 2015 20:20:49 +0000 (15:20 -0500)]
greybus: es1: test apb1_log_task safely
When usb_log_enable() is called, the global apb1_log_task is used to
hold the result of kthread_run(). It is possible for kthread_run()
to return an error pointer, so tests of apb_log_task against NULL
are insufficient to determine its validity.
Note that kthread_run() never returns NULL so we don't have to check
for that. But apb1_log_task is initially NULL, so that global must
be both non-null and not an error in order to be considered valid.
Signed-off-by: Alex Elder <elder@linaro.org> Signed-off-by: Greg Kroah-Hartman <greg@kroah.com>
Johan Hovold [Fri, 27 Mar 2015 11:45:49 +0000 (12:45 +0100)]
greybus: operation: refactor response handling
Send response to incoming requests from the operation request handler
rather than in every protocol request_recv callback.
This simplifies request_recv error handling and allows for further code
reuse.
Note that if we ever get protocols that need to hold off sending
responses we could implement this by letting them return a special
value (after acquiring the necessary operation references) to suppress
the response from being sent by greybus core.
Signed-off-by: Johan Hovold <johan@hovoldconsulting.com> Reviewed-by: Alex Elder <elder@linaro.org> Signed-off-by: Greg Kroah-Hartman <greg@kroah.com>
Johan Hovold [Fri, 27 Mar 2015 11:45:47 +0000 (12:45 +0100)]
greybus: hid: fix missing input verification of report events
Add minimal verification of incoming report size, before using it to
determine what buffer and size to pass on to HID core.
Add comment about protocol needing to be revisited. If we are going to
be parsing the report data received, then those fields have to be
defined in the Greybus specification at least.
Signed-off-by: Johan Hovold <johan@hovoldconsulting.com> Reviewed-by: Alex Elder <elder@linaro.org> Signed-off-by: Greg Kroah-Hartman <greg@kroah.com>
Fix the payload size of incoming requests, which should not include the
operation message-header size.
When creating requests we pass the sizes of request and response
payloads and greybus core allocates buffers and adds the required
headers. Specifically, the payload sizes do not include the
message-header size.
This is currently not the case for incoming requests however, something
which prevents protocol drivers from implementing appropriate input
verification and could lead to random data being treated as a valid
message in case of a short request.
Signed-off-by: Johan Hovold <johan@hovoldconsulting.com> Reviewed-by: Alex Elder <elder@linaro.org> Signed-off-by: Greg Kroah-Hartman <greg@kroah.com>
Johan Hovold [Fri, 27 Mar 2015 11:41:17 +0000 (12:41 +0100)]
greybus: operation: fix null-deref on operation destroy
Incoming operations are created without a response message. If a
protocol driver fails to send a response, or if the operation were to be
cancelled before it has been fully processed, we get a null-pointer
dereference when the operation is released.
Signed-off-by: Johan Hovold <johan@hovoldconsulting.com> Reviewed-by: Alex Elder <elder@linaro.org> Signed-off-by: Greg Kroah-Hartman <greg@kroah.com>
Johan Hovold [Fri, 27 Mar 2015 11:41:16 +0000 (12:41 +0100)]
greybus: operation: fix null-deref on operation cancel
Incoming operations are created without a response message. If an
operation were to be cancelled before it has been fully processed (e.g.
on connection destroy), we would get a null-pointer dereference in
gb_operation_cancel.
Signed-off-by: Johan Hovold <johan@hovoldconsulting.com> Reviewed-by: Alex Elder <elder@linaro.org> Signed-off-by: Greg Kroah-Hartman <greg@kroah.com>
Johan Hovold [Fri, 27 Mar 2015 11:41:13 +0000 (12:41 +0100)]
greybus: operation: fix use-after-free when sending responses
Fix use-after-free when sending responses due to reference imbalance.
Make sure to take a reference to the operation when sending responses.
This reference is dropped in greybus_data_sent when the message has been
sent, while the initial reference is dropped in gb_operation_work after
processing the corresponding request.
Signed-off-by: Johan Hovold <johan@hovoldconsulting.com> Reviewed-by: Alex Elder <elder@linaro.org> Signed-off-by: Greg Kroah-Hartman <greg@kroah.com>
Johan Hovold [Fri, 27 Mar 2015 11:41:12 +0000 (12:41 +0100)]
greybus: operation: fix callback handling and documentation
Fix up obsolete comments referring to null callback pointers for
synchronous operations, and make sure a callback is always provided when
sending a request.
Also document that the callback is responsible for dropping the initial
(and not necessarily final) reference to the operation.
Signed-off-by: Johan Hovold <johan@hovoldconsulting.com> Reviewed-by: Alex Elder <elder@linaro.org> Signed-off-by: Greg Kroah-Hartman <greg@kroah.com>
Johan Hovold [Fri, 27 Mar 2015 11:41:10 +0000 (12:41 +0100)]
greybus: operation: fix missing symbol exports
Add missing EXPORT_SYMBOL_GPL for gb_operation_response_alloc,
gb_operation_result, gb_operation_get, gb_operation_request_send and
gb_operation_cancel, which are all supposed to be accessible from
protocol handlers.
Signed-off-by: Johan Hovold <johan@hovoldconsulting.com> Reviewed-by: Alex Elder <elder@linaro.org> Signed-off-by: Greg Kroah-Hartman <greg@kroah.com>
Viresh Kumar [Fri, 27 Mar 2015 11:02:56 +0000 (16:32 +0530)]
greybus: kernel_ver.h: include <linux/kernel.h> to fix warning
And this is the warning I was getting on kernel version > 3.14
CC [M] greybus/connection.o
In file included from
include/asm-generic/gpio.h:4:0,
from arch/arm/include/asm/gpio.h:9,
from include/linux/gpio.h:48,
from greybus/kernel_ver.h:59,
from greybus/connection.c:12:
include/linux/kernel.h:35:0: warning: "U16_MAX" redefined
kernel_ver.h is taking care of defining U16_MAX only if is not defined earlier,
but it is often included as the first .h file. <linux/kernel.h> might be
included later, which always defines it, unconditionally. And so this warning.
Alex Elder [Fri, 27 Mar 2015 02:25:01 +0000 (21:25 -0500)]
greybus: clean up some small messes
This is an old patch that I neglected to send out. It's cleaning
up a couple things that got committed before I had a chance to
comment on them.
In operation.c there is a "FIXME" comment that is easily proven
wrong by inspection.
In gb_protocol_put(), there is another wrong "FIXME" comment as
well. We can also use our cached copies of the protocol major
and minor version number in another spot. And balance that
out by using a cached copy of the protocol id.
Signed-off-by: Alex Elder <elder@linaro.org> Reviewed-by: Johan Hovold <johan@hovoldconsulting.com> Signed-off-by: Greg Kroah-Hartman <greg@kroah.com>
Viresh Kumar [Tue, 24 Mar 2015 14:44:29 +0000 (20:14 +0530)]
greybus: interface: put module->dev on failures
In order to decrement the reference count of module on failures, we must call
put_device(module->dev). This was missing for one of the error cases, fix it.
Viresh Kumar [Tue, 24 Mar 2015 11:38:13 +0000 (17:08 +0530)]
greybus: manifest: descriptor size should be >= header size
We are calculating descriptors expected size differently based on the type of
descriptor, that's fine but at few places we aren't taking size of the header
into account. And that looks wrong.
Lets make sure it is atleast as big as descriptor's header.
greybus: es1: move debugfs function to use kstrotoint_from_user()
No need to duplicate built-in functions that the kernel has, so have the
core kernel parse the userspace string. Saves us an allocation and
makes the logic simpler.
Alexandre Bailon [Mon, 23 Mar 2015 16:52:37 +0000 (17:52 +0100)]
greybus: Dump log from APB1
On AP module (form factor), we don't have access to APBridge JTAG or UART.
But sometime, we still need to get log from APBridge. Add a new request in control endpoint
to get APBridge logs.
Logs can be accessed using debugfs (greybus/apb1_log).
Johan Hovold [Thu, 19 Mar 2015 15:55:23 +0000 (16:55 +0100)]
greybus: gpio: add error messages to callbacks not propagating errors
Add error messages on failures to deactivate, set and get operation
handlers as any errors would not be detected by the upper layers (either
because the callbacks are declared void or expected to return a boolean
value).
Signed-off-by: Johan Hovold <johan@hovoldconsulting.com> Signed-off-by: Greg Kroah-Hartman <greg@kroah.com>
Remove overly defensive argument verification in gpio-chip callbacks. We
should trust gpiolib to get this right (or we would not even get any
callback) just like the other gpio drivers do.
Signed-off-by: Johan Hovold <johan@hovoldconsulting.com> Signed-off-by: Greg Kroah-Hartman <greg@kroah.com>
Johan Hovold [Thu, 19 Mar 2015 15:46:18 +0000 (16:46 +0100)]
greybus: operation: use dev_err in gb_operation_sync
Use the more informative dev_err in gb_operation_sync, which includes
the connection device name in the error message (which in turn encodes
the module, interface, bundle and cport ids).
Add missing braces to conditional-construct branches while at it.
Signed-off-by: Johan Hovold <johan@hovoldconsulting.com> Signed-off-by: Greg Kroah-Hartman <greg@kroah.com>
Johan Hovold [Thu, 19 Mar 2015 15:46:17 +0000 (16:46 +0100)]
greybus: connection: replace custom error function with dev_err
Remove custom connection error function and replace it with dev_err.
The standard error function provides more information in the message
prefix (e.g. includes the interface id), has a well-known semantics
(e.g. does does not add newlines to messages), and is even somewhat
shorter to type.
Note that some uses of the custom function were already adding double
newlines due to the non-standard semantics.
Signed-off-by: Johan Hovold <johan@hovoldconsulting.com> Signed-off-by: Greg Kroah-Hartman <greg@kroah.com>
Johan Hovold [Thu, 19 Mar 2015 15:46:14 +0000 (16:46 +0100)]
greybus: ap: fix svc handshake protocol check
Fix incorrect SVC handshake protocol check, which would only bail out if
both major and minor protocol versions supported by the SVC differed.
Since we currently only support one version of the protocol, upgrade the
debug message to warning and bail unless the protocol versions match
perfectly for now.
Signed-off-by: Johan Hovold <johan@hovoldconsulting.com> Signed-off-by: Greg Kroah-Hartman <greg@kroah.com>
Johan Hovold [Tue, 17 Mar 2015 09:55:52 +0000 (10:55 +0100)]
greybus: connection: fix oops after failed init
Make sure not to call connection_exit for connections that have never
been initialised (e.g. due to failure to init).
This fixes oopses due to null-dereferences and use-after-free in
connection_exit callbacks (e.g. trying to remove a gpio-chip that has
never been added) when the bundle and interface are ultimately
destroyed.