xref: /freebsd/sys/contrib/vchiq/interface/vchiq_arm/vchiq_arm.c (revision bd18fd57db1df29da1a3adf94d47924a977a29c2)
1 /**
2  * Copyright (c) 2014 Raspberry Pi (Trading) Ltd. All rights reserved.
3  * Copyright (c) 2010-2012 Broadcom. All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions, and the following disclaimer,
10  *    without modification.
11  * 2. Redistributions in binary form must reproduce the above copyright
12  *    notice, this list of conditions and the following disclaimer in the
13  *    documentation and/or other materials provided with the distribution.
14  * 3. The names of the above-listed copyright holders may not be used
15  *    to endorse or promote products derived from this software without
16  *    specific prior written permission.
17  *
18  * ALTERNATIVELY, this software may be distributed under the terms of the
19  * GNU General Public License ("GPL") version 2, as published by the Free
20  * Software Foundation.
21  *
22  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
23  * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
24  * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
25  * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
26  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
27  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
28  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
29  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
30  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
31  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
32  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33  */
34 
35 
36 #include "vchiq_core.h"
37 #include "vchiq_ioctl.h"
38 #include "vchiq_arm.h"
39 
40 #define DEVICE_NAME "vchiq"
41 
42 /* Override the default prefix, which would be vchiq_arm (from the filename) */
43 #undef MODULE_PARAM_PREFIX
44 #define MODULE_PARAM_PREFIX DEVICE_NAME "."
45 
46 #define VCHIQ_MINOR 0
47 
48 /* Some per-instance constants */
49 #define MAX_COMPLETIONS 16
50 #define MAX_SERVICES 64
51 #define MAX_ELEMENTS 8
52 #define MSG_QUEUE_SIZE 64
53 
54 #define KEEPALIVE_VER 1
55 #define KEEPALIVE_VER_MIN KEEPALIVE_VER
56 
57 /* Run time control of log level, based on KERN_XXX level. */
58 int vchiq_arm_log_level = VCHIQ_LOG_DEFAULT;
59 int vchiq_susp_log_level = VCHIQ_LOG_ERROR;
60 
61 #define SUSPEND_TIMER_TIMEOUT_MS 100
62 #define SUSPEND_RETRY_TIMER_TIMEOUT_MS 1000
63 
64 #define VC_SUSPEND_NUM_OFFSET 3 /* number of values before idle which are -ve */
65 static const char *const suspend_state_names[] = {
66 	"VC_SUSPEND_FORCE_CANCELED",
67 	"VC_SUSPEND_REJECTED",
68 	"VC_SUSPEND_FAILED",
69 	"VC_SUSPEND_IDLE",
70 	"VC_SUSPEND_REQUESTED",
71 	"VC_SUSPEND_IN_PROGRESS",
72 	"VC_SUSPEND_SUSPENDED"
73 };
74 #define VC_RESUME_NUM_OFFSET 1 /* number of values before idle which are -ve */
75 static const char *const resume_state_names[] = {
76 	"VC_RESUME_FAILED",
77 	"VC_RESUME_IDLE",
78 	"VC_RESUME_REQUESTED",
79 	"VC_RESUME_IN_PROGRESS",
80 	"VC_RESUME_RESUMED"
81 };
82 /* The number of times we allow force suspend to timeout before actually
83 ** _forcing_ suspend.  This is to cater for SW which fails to release vchiq
84 ** correctly - we don't want to prevent ARM suspend indefinitely in this case.
85 */
86 #define FORCE_SUSPEND_FAIL_MAX 8
87 
88 /* The time in ms allowed for videocore to go idle when force suspend has been
89  * requested */
90 #define FORCE_SUSPEND_TIMEOUT_MS 200
91 
92 
93 static void suspend_timer_callback(unsigned long context);
94 #ifdef notyet
95 static int vchiq_proc_add_instance(VCHIQ_INSTANCE_T instance);
96 static void vchiq_proc_remove_instance(VCHIQ_INSTANCE_T instance);
97 #endif
98 
99 
100 typedef struct user_service_struct {
101 	VCHIQ_SERVICE_T *service;
102 	void *userdata;
103 	VCHIQ_INSTANCE_T instance;
104 	char is_vchi;
105 	char dequeue_pending;
106 	char close_pending;
107 	int message_available_pos;
108 	int msg_insert;
109 	int msg_remove;
110 	struct semaphore insert_event;
111 	struct semaphore remove_event;
112 	struct semaphore close_event;
113 	VCHIQ_HEADER_T * msg_queue[MSG_QUEUE_SIZE];
114 } USER_SERVICE_T;
115 
116 struct bulk_waiter_node {
117 	struct bulk_waiter bulk_waiter;
118 	int pid;
119 	struct list_head list;
120 };
121 
122 struct vchiq_instance_struct {
123 	VCHIQ_STATE_T *state;
124 	VCHIQ_COMPLETION_DATA_T completions[MAX_COMPLETIONS];
125 	int completion_insert;
126 	int completion_remove;
127 	struct semaphore insert_event;
128 	struct semaphore remove_event;
129 	struct mutex completion_mutex;
130 
131 	int connected;
132 	int closing;
133 	int pid;
134 	int mark;
135 	int use_close_delivered;
136 	int trace;
137 
138 	struct list_head bulk_waiter_list;
139 	struct mutex bulk_waiter_list_mutex;
140 
141 #ifdef notyet
142 	VCHIQ_DEBUGFS_NODE_T proc_entry;
143 #endif
144 };
145 
146 typedef struct dump_context_struct {
147 	char __user *buf;
148 	size_t actual;
149 	size_t space;
150 	loff_t offset;
151 } DUMP_CONTEXT_T;
152 
153 static struct cdev *  vchiq_cdev;
154 VCHIQ_STATE_T g_state;
155 static DEFINE_SPINLOCK(msg_queue_spinlock);
156 
157 static const char *const ioctl_names[] = {
158 	"CONNECT",
159 	"SHUTDOWN",
160 	"CREATE_SERVICE",
161 	"REMOVE_SERVICE",
162 	"QUEUE_MESSAGE",
163 	"QUEUE_BULK_TRANSMIT",
164 	"QUEUE_BULK_RECEIVE",
165 	"AWAIT_COMPLETION",
166 	"DEQUEUE_MESSAGE",
167 	"GET_CLIENT_ID",
168 	"GET_CONFIG",
169 	"CLOSE_SERVICE",
170 	"USE_SERVICE",
171 	"RELEASE_SERVICE",
172 	"SET_SERVICE_OPTION",
173 	"DUMP_PHYS_MEM",
174 	"LIB_VERSION",
175 	"CLOSE_DELIVERED"
176 };
177 
178 vchiq_static_assert((sizeof(ioctl_names)/sizeof(ioctl_names[0])) ==
179 	(VCHIQ_IOC_MAX + 1));
180 
181 static eventhandler_tag vchiq_ehtag = NULL;
182 static d_open_t		vchiq_open;
183 static d_close_t	vchiq_close;
184 static d_ioctl_t	vchiq_ioctl;
185 
186 static struct cdevsw vchiq_cdevsw = {
187 	.d_version	= D_VERSION,
188 	.d_ioctl	= vchiq_ioctl,
189 	.d_open		= vchiq_open,
190 	.d_close	= vchiq_close,
191 	.d_name		= DEVICE_NAME,
192 };
193 
194 #if 0
195 static void
196 dump_phys_mem(void *virt_addr, uint32_t num_bytes);
197 #endif
198 
199 /****************************************************************************
200 *
201 *   add_completion
202 *
203 ***************************************************************************/
204 
205 static VCHIQ_STATUS_T
206 add_completion(VCHIQ_INSTANCE_T instance, VCHIQ_REASON_T reason,
207 	VCHIQ_HEADER_T *header, USER_SERVICE_T *user_service,
208 	void *bulk_userdata)
209 {
210 	VCHIQ_COMPLETION_DATA_T *completion;
211 	DEBUG_INITIALISE(g_state.local)
212 
213 	while (instance->completion_insert ==
214 		(instance->completion_remove + MAX_COMPLETIONS)) {
215 		/* Out of space - wait for the client */
216 		DEBUG_TRACE(SERVICE_CALLBACK_LINE);
217 		vchiq_log_trace(vchiq_arm_log_level,
218 			"add_completion - completion queue full");
219 		DEBUG_COUNT(COMPLETION_QUEUE_FULL_COUNT);
220 		if (down_interruptible(&instance->remove_event) != 0) {
221 			vchiq_log_info(vchiq_arm_log_level,
222 				"service_callback interrupted");
223 			return VCHIQ_RETRY;
224 		} else if (instance->closing) {
225 			vchiq_log_info(vchiq_arm_log_level,
226 				"service_callback closing");
227 			return VCHIQ_ERROR;
228 		}
229 		DEBUG_TRACE(SERVICE_CALLBACK_LINE);
230 	}
231 
232 	completion =
233 		 &instance->completions[instance->completion_insert &
234 		 (MAX_COMPLETIONS - 1)];
235 
236 	completion->header = header;
237 	completion->reason = reason;
238 	/* N.B. service_userdata is updated while processing AWAIT_COMPLETION */
239 	completion->service_userdata = user_service->service;
240 	completion->bulk_userdata = bulk_userdata;
241 
242 	if (reason == VCHIQ_SERVICE_CLOSED) {
243 		/* Take an extra reference, to be held until
244 		   this CLOSED notification is delivered. */
245 		lock_service(user_service->service);
246 		if (instance->use_close_delivered)
247 			user_service->close_pending = 1;
248 	}
249 
250 	/* A write barrier is needed here to ensure that the entire completion
251 		record is written out before the insert point. */
252 	wmb();
253 
254 	if (reason == VCHIQ_MESSAGE_AVAILABLE)
255 		user_service->message_available_pos =
256 			instance->completion_insert;
257 	instance->completion_insert++;
258 
259 	up(&instance->insert_event);
260 
261 	return VCHIQ_SUCCESS;
262 }
263 
264 /****************************************************************************
265 *
266 *   service_callback
267 *
268 ***************************************************************************/
269 
270 static VCHIQ_STATUS_T
271 service_callback(VCHIQ_REASON_T reason, VCHIQ_HEADER_T *header,
272 	VCHIQ_SERVICE_HANDLE_T handle, void *bulk_userdata)
273 {
274 	/* How do we ensure the callback goes to the right client?
275 	** The service_user data points to a USER_SERVICE_T record containing
276 	** the original callback and the user state structure, which contains a
277 	** circular buffer for completion records.
278 	*/
279 	USER_SERVICE_T *user_service;
280 	VCHIQ_SERVICE_T *service;
281 	VCHIQ_INSTANCE_T instance;
282 	DEBUG_INITIALISE(g_state.local)
283 
284 	DEBUG_TRACE(SERVICE_CALLBACK_LINE);
285 
286 	service = handle_to_service(handle);
287 	BUG_ON(!service);
288 	user_service = (USER_SERVICE_T *)service->base.userdata;
289 	instance = user_service->instance;
290 
291 	if (!instance || instance->closing)
292 		return VCHIQ_SUCCESS;
293 
294 	vchiq_log_trace(vchiq_arm_log_level,
295 		"service_callback - service %lx(%d,%p), reason %d, header %lx, "
296 		"instance %lx, bulk_userdata %lx",
297 		(unsigned long)user_service,
298 		service->localport, user_service->userdata,
299 		reason, (unsigned long)header,
300 		(unsigned long)instance, (unsigned long)bulk_userdata);
301 
302 	if (header && user_service->is_vchi) {
303 		spin_lock(&msg_queue_spinlock);
304 		while (user_service->msg_insert ==
305 			(user_service->msg_remove + MSG_QUEUE_SIZE)) {
306 			spin_unlock(&msg_queue_spinlock);
307 			DEBUG_TRACE(SERVICE_CALLBACK_LINE);
308 			DEBUG_COUNT(MSG_QUEUE_FULL_COUNT);
309 			vchiq_log_trace(vchiq_arm_log_level,
310 				"service_callback - msg queue full");
311 			/* If there is no MESSAGE_AVAILABLE in the completion
312 			** queue, add one
313 			*/
314 			if ((user_service->message_available_pos -
315 				instance->completion_remove) < 0) {
316 				VCHIQ_STATUS_T status;
317 				vchiq_log_info(vchiq_arm_log_level,
318 					"Inserting extra MESSAGE_AVAILABLE");
319 				DEBUG_TRACE(SERVICE_CALLBACK_LINE);
320 				status = add_completion(instance, reason,
321 					NULL, user_service, bulk_userdata);
322 				if (status != VCHIQ_SUCCESS) {
323 					DEBUG_TRACE(SERVICE_CALLBACK_LINE);
324 					return status;
325 				}
326 			}
327 
328 			DEBUG_TRACE(SERVICE_CALLBACK_LINE);
329 			if (down_interruptible(&user_service->remove_event)
330 				!= 0) {
331 				vchiq_log_info(vchiq_arm_log_level,
332 					"service_callback interrupted");
333 				DEBUG_TRACE(SERVICE_CALLBACK_LINE);
334 				return VCHIQ_RETRY;
335 			} else if (instance->closing) {
336 				vchiq_log_info(vchiq_arm_log_level,
337 					"service_callback closing");
338 				DEBUG_TRACE(SERVICE_CALLBACK_LINE);
339 				return VCHIQ_ERROR;
340 			}
341 			DEBUG_TRACE(SERVICE_CALLBACK_LINE);
342 			spin_lock(&msg_queue_spinlock);
343 		}
344 
345 		user_service->msg_queue[user_service->msg_insert &
346 			(MSG_QUEUE_SIZE - 1)] = header;
347 		user_service->msg_insert++;
348 		spin_unlock(&msg_queue_spinlock);
349 
350 		up(&user_service->insert_event);
351 
352 		/* If there is a thread waiting in DEQUEUE_MESSAGE, or if
353 		** there is a MESSAGE_AVAILABLE in the completion queue then
354 		** bypass the completion queue.
355 		*/
356 		if (((user_service->message_available_pos -
357 			instance->completion_remove) >= 0) ||
358 			user_service->dequeue_pending) {
359 			DEBUG_TRACE(SERVICE_CALLBACK_LINE);
360 			user_service->dequeue_pending = 0;
361 			return VCHIQ_SUCCESS;
362 		}
363 
364 		header = NULL;
365 	}
366 	DEBUG_TRACE(SERVICE_CALLBACK_LINE);
367 
368 	return add_completion(instance, reason, header, user_service,
369 		bulk_userdata);
370 }
371 
372 /****************************************************************************
373 *
374 *   user_service_free
375 *
376 ***************************************************************************/
377 static void
378 user_service_free(void *userdata)
379 {
380 	USER_SERVICE_T *user_service = userdata;
381 
382 	_sema_destroy(&user_service->insert_event);
383 	_sema_destroy(&user_service->remove_event);
384 
385 	kfree(user_service);
386 }
387 
388 /****************************************************************************
389 *
390 *   close_delivered
391 *
392 ***************************************************************************/
393 static void close_delivered(USER_SERVICE_T *user_service)
394 {
395 	vchiq_log_info(vchiq_arm_log_level,
396 		"close_delivered(handle=%x)",
397 		user_service->service->handle);
398 
399 	if (user_service->close_pending) {
400 		/* Allow the underlying service to be culled */
401 		unlock_service(user_service->service);
402 
403 		/* Wake the user-thread blocked in close_ or remove_service */
404 		up(&user_service->close_event);
405 
406 		user_service->close_pending = 0;
407 	}
408 }
409 
410 /****************************************************************************
411 *
412 *   vchiq_ioctl
413 *
414 ***************************************************************************/
415 
416 static int
417 vchiq_ioctl(struct cdev *cdev, u_long cmd, caddr_t arg, int fflag,
418    struct thread *td)
419 {
420 	VCHIQ_INSTANCE_T instance;
421 	VCHIQ_STATUS_T status = VCHIQ_SUCCESS;
422 	VCHIQ_SERVICE_T *service = NULL;
423 	int ret = 0;
424 	int i, rc;
425 	DEBUG_INITIALISE(g_state.local)
426 
427 	if ((ret = devfs_get_cdevpriv((void**)&instance))) {
428 		printf("vchiq_ioctl: devfs_get_cdevpriv failed: error %d\n", ret);
429 		return (ret);
430 	}
431 
432 /* XXXBSD: HACK! */
433 #define _IOC_NR(x) ((x) & 0xff)
434 #define	_IOC_TYPE(x)	IOCGROUP(x)
435 
436 	vchiq_log_trace(vchiq_arm_log_level,
437 		 "vchiq_ioctl - instance %x, cmd %s, arg %p",
438 		(unsigned int)instance,
439 		((_IOC_TYPE(cmd) == VCHIQ_IOC_MAGIC) &&
440 		(_IOC_NR(cmd) <= VCHIQ_IOC_MAX)) ?
441 		ioctl_names[_IOC_NR(cmd)] : "<invalid>", arg);
442 
443 	switch (cmd) {
444 	case VCHIQ_IOC_SHUTDOWN:
445 		if (!instance->connected)
446 			break;
447 
448 		/* Remove all services */
449 		i = 0;
450 		while ((service = next_service_by_instance(instance->state,
451 			instance, &i)) != NULL) {
452 			status = vchiq_remove_service(service->handle);
453 			unlock_service(service);
454 			if (status != VCHIQ_SUCCESS)
455 				break;
456 		}
457 		service = NULL;
458 
459 		if (status == VCHIQ_SUCCESS) {
460 			/* Wake the completion thread and ask it to exit */
461 			instance->closing = 1;
462 			up(&instance->insert_event);
463 		}
464 
465 		break;
466 
467 	case VCHIQ_IOC_CONNECT:
468 		if (instance->connected) {
469 			ret = -EINVAL;
470 			break;
471 		}
472 		rc = lmutex_lock_interruptible(&instance->state->mutex);
473 		if (rc != 0) {
474 			vchiq_log_error(vchiq_arm_log_level,
475 				"vchiq: connect: could not lock mutex for "
476 				"state %d: %d",
477 				instance->state->id, rc);
478 			ret = -EINTR;
479 			break;
480 		}
481 		status = vchiq_connect_internal(instance->state, instance);
482 		lmutex_unlock(&instance->state->mutex);
483 
484 		if (status == VCHIQ_SUCCESS)
485 			instance->connected = 1;
486 		else
487 			vchiq_log_error(vchiq_arm_log_level,
488 				"vchiq: could not connect: %d", status);
489 		break;
490 
491 	case VCHIQ_IOC_CREATE_SERVICE: {
492 		VCHIQ_CREATE_SERVICE_T args;
493 		USER_SERVICE_T *user_service = NULL;
494 		void *userdata;
495 		int srvstate;
496 
497 		memcpy(&args, (const void*)arg, sizeof(args));
498 
499 		user_service = kmalloc(sizeof(USER_SERVICE_T), GFP_KERNEL);
500 		if (!user_service) {
501 			ret = -ENOMEM;
502 			break;
503 		}
504 
505 		if (args.is_open) {
506 			if (!instance->connected) {
507 				ret = -ENOTCONN;
508 				kfree(user_service);
509 				break;
510 			}
511 			srvstate = VCHIQ_SRVSTATE_OPENING;
512 		} else {
513 			srvstate =
514 				 instance->connected ?
515 				 VCHIQ_SRVSTATE_LISTENING :
516 				 VCHIQ_SRVSTATE_HIDDEN;
517 		}
518 
519 		userdata = args.params.userdata;
520 		args.params.callback = service_callback;
521 		args.params.userdata = user_service;
522 		service = vchiq_add_service_internal(
523 				instance->state,
524 				&args.params, srvstate,
525 				instance, user_service_free);
526 
527 		if (service != NULL) {
528 			user_service->service = service;
529 			user_service->userdata = userdata;
530 			user_service->instance = instance;
531 			user_service->is_vchi = (args.is_vchi != 0);
532 			user_service->dequeue_pending = 0;
533 			user_service->close_pending = 0;
534 			user_service->message_available_pos =
535 				instance->completion_remove - 1;
536 			user_service->msg_insert = 0;
537 			user_service->msg_remove = 0;
538 			_sema_init(&user_service->insert_event, 0);
539 			_sema_init(&user_service->remove_event, 0);
540 			_sema_init(&user_service->close_event, 0);
541 
542 			if (args.is_open) {
543 				status = vchiq_open_service_internal
544 					(service, instance->pid);
545 				if (status != VCHIQ_SUCCESS) {
546 					vchiq_remove_service(service->handle);
547 					service = NULL;
548 					ret = (status == VCHIQ_RETRY) ?
549 						-EINTR : -EIO;
550 					break;
551 				}
552 			}
553 
554 #ifdef VCHIQ_IOCTL_DEBUG
555 			printf("%s: [CREATE SERVICE] handle = %08x\n", __func__, service->handle);
556 #endif
557 			memcpy((void *)
558 				&(((VCHIQ_CREATE_SERVICE_T*)
559 					arg)->handle),
560 				(const void *)&service->handle,
561 				sizeof(service->handle));
562 
563 			service = NULL;
564 		} else {
565 			ret = -EEXIST;
566 			kfree(user_service);
567 		}
568 	} break;
569 
570 	case VCHIQ_IOC_CLOSE_SERVICE: {
571 		VCHIQ_SERVICE_HANDLE_T handle;
572 
573 		memcpy(&handle, (const void*)arg, sizeof(handle));
574 
575 #ifdef VCHIQ_IOCTL_DEBUG
576 		printf("%s: [CLOSE SERVICE] handle = %08x\n", __func__, handle);
577 #endif
578 
579 		service = find_service_for_instance(instance, handle);
580 		if (service != NULL) {
581 			USER_SERVICE_T *user_service =
582 				(USER_SERVICE_T *)service->base.userdata;
583 			/* close_pending is false on first entry, and when the
584                            wait in vchiq_close_service has been interrupted. */
585 			if (!user_service->close_pending) {
586 				status = vchiq_close_service(service->handle);
587 				if (status != VCHIQ_SUCCESS)
588 					break;
589 			}
590 
591 			/* close_pending is true once the underlying service
592 			   has been closed until the client library calls the
593 			   CLOSE_DELIVERED ioctl, signalling close_event. */
594 			if (user_service->close_pending &&
595 				down_interruptible(&user_service->close_event))
596 				status = VCHIQ_RETRY;
597 		}
598 		else
599 			ret = -EINVAL;
600 	} break;
601 
602 	case VCHIQ_IOC_REMOVE_SERVICE: {
603 		VCHIQ_SERVICE_HANDLE_T handle;
604 
605 		memcpy(&handle, (const void*)arg, sizeof(handle));
606 
607 #ifdef VCHIQ_IOCTL_DEBUG
608 		printf("%s: [REMOVE SERVICE] handle = %08x\n", __func__, handle);
609 #endif
610 
611 		service = find_service_for_instance(instance, handle);
612 		if (service != NULL) {
613 			USER_SERVICE_T *user_service =
614 				(USER_SERVICE_T *)service->base.userdata;
615 			/* close_pending is false on first entry, and when the
616                            wait in vchiq_close_service has been interrupted. */
617 			if (!user_service->close_pending) {
618 				status = vchiq_remove_service(service->handle);
619 				if (status != VCHIQ_SUCCESS)
620 					break;
621 			}
622 
623 			/* close_pending is true once the underlying service
624 			   has been closed until the client library calls the
625 			   CLOSE_DELIVERED ioctl, signalling close_event. */
626 			if (user_service->close_pending &&
627 				down_interruptible(&user_service->close_event))
628 				status = VCHIQ_RETRY;
629 		}
630 		else
631 			ret = -EINVAL;
632 	} break;
633 
634 	case VCHIQ_IOC_USE_SERVICE:
635 	case VCHIQ_IOC_RELEASE_SERVICE:	{
636 		VCHIQ_SERVICE_HANDLE_T handle;
637 
638 		memcpy(&handle, (const void*)arg, sizeof(handle));
639 
640 #ifdef VCHIQ_IOCTL_DEBUG
641 		printf("%s: [%s SERVICE] handle = %08x\n", __func__,
642 		    cmd == VCHIQ_IOC_USE_SERVICE ? "USE" : "RELEASE", handle);
643 #endif
644 
645 		service = find_service_for_instance(instance, handle);
646 		if (service != NULL) {
647 			status = (cmd == VCHIQ_IOC_USE_SERVICE)	?
648 				vchiq_use_service_internal(service) :
649 				vchiq_release_service_internal(service);
650 			if (status != VCHIQ_SUCCESS) {
651 				vchiq_log_error(vchiq_susp_log_level,
652 					"%s: cmd %s returned error %d for "
653 					"service %c%c%c%c:%8x",
654 					__func__,
655 					(cmd == VCHIQ_IOC_USE_SERVICE) ?
656 						"VCHIQ_IOC_USE_SERVICE" :
657 						"VCHIQ_IOC_RELEASE_SERVICE",
658 					status,
659 					VCHIQ_FOURCC_AS_4CHARS(
660 						service->base.fourcc),
661 					service->client_id);
662 				ret = -EINVAL;
663 			}
664 		} else
665 			ret = -EINVAL;
666 	} break;
667 
668 	case VCHIQ_IOC_QUEUE_MESSAGE: {
669 		VCHIQ_QUEUE_MESSAGE_T args;
670 		memcpy(&args, (const void*)arg, sizeof(args));
671 
672 #ifdef VCHIQ_IOCTL_DEBUG
673 		printf("%s: [QUEUE MESSAGE] handle = %08x\n", __func__, args.handle);
674 #endif
675 
676 		service = find_service_for_instance(instance, args.handle);
677 
678 		if ((service != NULL) && (args.count <= MAX_ELEMENTS)) {
679 			/* Copy elements into kernel space */
680 			VCHIQ_ELEMENT_T elements[MAX_ELEMENTS];
681 			if (copy_from_user(elements, args.elements,
682 				args.count * sizeof(VCHIQ_ELEMENT_T)) == 0)
683 				status = vchiq_queue_message
684 					(args.handle,
685 					elements, args.count);
686 			else
687 				ret = -EFAULT;
688 		} else {
689 			ret = -EINVAL;
690 		}
691 	} break;
692 
693 	case VCHIQ_IOC_QUEUE_BULK_TRANSMIT:
694 	case VCHIQ_IOC_QUEUE_BULK_RECEIVE: {
695 		VCHIQ_QUEUE_BULK_TRANSFER_T args;
696 		struct bulk_waiter_node *waiter = NULL;
697 		VCHIQ_BULK_DIR_T dir =
698 			(cmd == VCHIQ_IOC_QUEUE_BULK_TRANSMIT) ?
699 			VCHIQ_BULK_TRANSMIT : VCHIQ_BULK_RECEIVE;
700 
701 		memcpy(&args, (const void*)arg, sizeof(args));
702 
703 		service = find_service_for_instance(instance, args.handle);
704 		if (!service) {
705 			ret = -EINVAL;
706 			break;
707 		}
708 
709 		if (args.mode == VCHIQ_BULK_MODE_BLOCKING) {
710 			waiter = kzalloc(sizeof(struct bulk_waiter_node),
711 				GFP_KERNEL);
712 			if (!waiter) {
713 				ret = -ENOMEM;
714 				break;
715 			}
716 			args.userdata = &waiter->bulk_waiter;
717 		} else if (args.mode == VCHIQ_BULK_MODE_WAITING) {
718 			struct list_head *pos;
719 			lmutex_lock(&instance->bulk_waiter_list_mutex);
720 			list_for_each(pos, &instance->bulk_waiter_list) {
721 				if (list_entry(pos, struct bulk_waiter_node,
722 					list)->pid == current->p_pid) {
723 					waiter = list_entry(pos,
724 						struct bulk_waiter_node,
725 						list);
726 					list_del(pos);
727 					break;
728 				}
729 
730 			}
731 			lmutex_unlock(&instance->bulk_waiter_list_mutex);
732 			if (!waiter) {
733 				vchiq_log_error(vchiq_arm_log_level,
734 					"no bulk_waiter found for pid %d",
735 					current->p_pid);
736 				ret = -ESRCH;
737 				break;
738 			}
739 			vchiq_log_info(vchiq_arm_log_level,
740 				"found bulk_waiter %x for pid %d",
741 				(unsigned int)waiter, current->p_pid);
742 			args.userdata = &waiter->bulk_waiter;
743 		}
744 		status = vchiq_bulk_transfer
745 			(args.handle,
746 			 VCHI_MEM_HANDLE_INVALID,
747 			 args.data, args.size,
748 			 args.userdata, args.mode,
749 			 dir);
750 		if (!waiter)
751 			break;
752 		if ((status != VCHIQ_RETRY) || fatal_signal_pending(current) ||
753 			!waiter->bulk_waiter.bulk) {
754 			if (waiter->bulk_waiter.bulk) {
755 				/* Cancel the signal when the transfer
756 				** completes. */
757 				spin_lock(&bulk_waiter_spinlock);
758 				waiter->bulk_waiter.bulk->userdata = NULL;
759 				spin_unlock(&bulk_waiter_spinlock);
760 			}
761 			_sema_destroy(&waiter->bulk_waiter.event);
762 			kfree(waiter);
763 		} else {
764 			const VCHIQ_BULK_MODE_T mode_waiting =
765 				VCHIQ_BULK_MODE_WAITING;
766 			waiter->pid = current->p_pid;
767 			lmutex_lock(&instance->bulk_waiter_list_mutex);
768 			list_add(&waiter->list, &instance->bulk_waiter_list);
769 			lmutex_unlock(&instance->bulk_waiter_list_mutex);
770 			vchiq_log_info(vchiq_arm_log_level,
771 				"saved bulk_waiter %x for pid %d",
772 				(unsigned int)waiter, current->p_pid);
773 
774 			memcpy((void *)
775 				&(((VCHIQ_QUEUE_BULK_TRANSFER_T *)
776 					arg)->mode),
777 				(const void *)&mode_waiting,
778 				sizeof(mode_waiting));
779 		}
780 	} break;
781 
782 	case VCHIQ_IOC_AWAIT_COMPLETION: {
783 		VCHIQ_AWAIT_COMPLETION_T args;
784 		int count = 0;
785 
786 		DEBUG_TRACE(AWAIT_COMPLETION_LINE);
787 		if (!instance->connected) {
788 			ret = -ENOTCONN;
789 			break;
790 		}
791 
792 		memcpy(&args, (const void*)arg, sizeof(args));
793 
794 		lmutex_lock(&instance->completion_mutex);
795 
796 		DEBUG_TRACE(AWAIT_COMPLETION_LINE);
797 		while ((instance->completion_remove ==
798 			instance->completion_insert)
799 			&& !instance->closing) {
800 			DEBUG_TRACE(AWAIT_COMPLETION_LINE);
801 			lmutex_unlock(&instance->completion_mutex);
802 			rc = down_interruptible(&instance->insert_event);
803 			lmutex_lock(&instance->completion_mutex);
804 			if (rc != 0) {
805 				DEBUG_TRACE(AWAIT_COMPLETION_LINE);
806 				vchiq_log_info(vchiq_arm_log_level,
807 					"AWAIT_COMPLETION interrupted");
808 				ret = -EINTR;
809 				break;
810 			}
811 		}
812 		DEBUG_TRACE(AWAIT_COMPLETION_LINE);
813 
814 		/* A read memory barrier is needed to stop prefetch of a stale
815 		** completion record
816 		*/
817 		rmb();
818 
819 		if (ret == 0) {
820 			int msgbufcount = args.msgbufcount;
821 			for (count = 0; count < args.count; count++) {
822 				VCHIQ_COMPLETION_DATA_T *completion;
823 				VCHIQ_SERVICE_T *service1;
824 				USER_SERVICE_T *user_service;
825 				VCHIQ_HEADER_T *header;
826 				if (instance->completion_remove ==
827 					instance->completion_insert)
828 					break;
829 				completion = &instance->completions[
830 					instance->completion_remove &
831 					(MAX_COMPLETIONS - 1)];
832 
833 				service1 = completion->service_userdata;
834 				user_service = service1->base.userdata;
835 				completion->service_userdata =
836 					user_service->userdata;
837 
838 				header = completion->header;
839 				if (header) {
840 					void __user *msgbuf;
841 					int msglen;
842 
843 					msglen = header->size +
844 						sizeof(VCHIQ_HEADER_T);
845 					/* This must be a VCHIQ-style service */
846 					if (args.msgbufsize < msglen) {
847 						vchiq_log_error(
848 							vchiq_arm_log_level,
849 							"header %x: msgbufsize"
850 							" %x < msglen %x",
851 							(unsigned int)header,
852 							args.msgbufsize,
853 							msglen);
854 						WARN(1, "invalid message "
855 							"size\n");
856 						if (count == 0)
857 							ret = -EMSGSIZE;
858 						break;
859 					}
860 					if (msgbufcount <= 0)
861 						/* Stall here for lack of a
862 						** buffer for the message. */
863 						break;
864 					/* Get the pointer from user space */
865 					msgbufcount--;
866 					if (copy_from_user(&msgbuf,
867 						(const void __user *)
868 						&args.msgbufs[msgbufcount],
869 						sizeof(msgbuf)) != 0) {
870 						if (count == 0)
871 							ret = -EFAULT;
872 						break;
873 					}
874 
875 					/* Copy the message to user space */
876 					if (copy_to_user(msgbuf, header,
877 						msglen) != 0) {
878 						if (count == 0)
879 							ret = -EFAULT;
880 						break;
881 					}
882 
883 					/* Now it has been copied, the message
884 					** can be released. */
885 					vchiq_release_message(service1->handle,
886 						header);
887 
888 					/* The completion must point to the
889 					** msgbuf. */
890 					completion->header = msgbuf;
891 				}
892 
893 				if ((completion->reason ==
894 					VCHIQ_SERVICE_CLOSED) &&
895 					!instance->use_close_delivered)
896 					unlock_service(service1);
897 
898 				if (copy_to_user((void __user *)(
899 					(size_t)args.buf +
900 					count * sizeof(VCHIQ_COMPLETION_DATA_T)),
901 					completion,
902 					sizeof(VCHIQ_COMPLETION_DATA_T)) != 0) {
903 						if (ret == 0)
904 							ret = -EFAULT;
905 					break;
906 				}
907 
908 				instance->completion_remove++;
909 			}
910 
911 			if (msgbufcount != args.msgbufcount) {
912 				memcpy((void __user *)
913 					&((VCHIQ_AWAIT_COMPLETION_T *)arg)->
914 						msgbufcount,
915 					&msgbufcount,
916 					sizeof(msgbufcount));
917 			}
918 
919 			 if (count != args.count)
920 			 {
921 				memcpy((void __user *)
922 					&((VCHIQ_AWAIT_COMPLETION_T *)arg)->count,
923 					&count, sizeof(count));
924 			}
925 		}
926 
927 		if (count != 0)
928 			up(&instance->remove_event);
929 
930 		if ((ret == 0) && instance->closing)
931 			ret = -ENOTCONN;
932 		/*
933 		 * XXXBSD: ioctl return codes are not negative as in linux, so
934 		 * we can not indicate success with positive number of passed
935 		 * messages
936 		 */
937 		if (ret > 0)
938 			ret = 0;
939 
940 		lmutex_unlock(&instance->completion_mutex);
941 		DEBUG_TRACE(AWAIT_COMPLETION_LINE);
942 	} break;
943 
944 	case VCHIQ_IOC_DEQUEUE_MESSAGE: {
945 		VCHIQ_DEQUEUE_MESSAGE_T args;
946 		USER_SERVICE_T *user_service;
947 		VCHIQ_HEADER_T *header;
948 
949 		DEBUG_TRACE(DEQUEUE_MESSAGE_LINE);
950 		memcpy(&args, (const void*)arg, sizeof(args));
951 		service = find_service_for_instance(instance, args.handle);
952 		if (!service) {
953 			ret = -EINVAL;
954 			break;
955 		}
956 		user_service = (USER_SERVICE_T *)service->base.userdata;
957 		if (user_service->is_vchi == 0) {
958 			ret = -EINVAL;
959 			break;
960 		}
961 
962 		spin_lock(&msg_queue_spinlock);
963 		if (user_service->msg_remove == user_service->msg_insert) {
964 			if (!args.blocking) {
965 				spin_unlock(&msg_queue_spinlock);
966 				DEBUG_TRACE(DEQUEUE_MESSAGE_LINE);
967 				ret = -EWOULDBLOCK;
968 				break;
969 			}
970 			user_service->dequeue_pending = 1;
971 			do {
972 				spin_unlock(&msg_queue_spinlock);
973 				DEBUG_TRACE(DEQUEUE_MESSAGE_LINE);
974 				if (down_interruptible(
975 					&user_service->insert_event) != 0) {
976 					vchiq_log_info(vchiq_arm_log_level,
977 						"DEQUEUE_MESSAGE interrupted");
978 					ret = -EINTR;
979 					break;
980 				}
981 				spin_lock(&msg_queue_spinlock);
982 			} while (user_service->msg_remove ==
983 				user_service->msg_insert);
984 
985 			if (ret)
986 				break;
987 		}
988 
989 		BUG_ON((int)(user_service->msg_insert -
990 			user_service->msg_remove) < 0);
991 
992 		header = user_service->msg_queue[user_service->msg_remove &
993 			(MSG_QUEUE_SIZE - 1)];
994 		user_service->msg_remove++;
995 		spin_unlock(&msg_queue_spinlock);
996 
997 		up(&user_service->remove_event);
998 		if (header == NULL)
999 			ret = -ENOTCONN;
1000 		else if (header->size <= args.bufsize) {
1001 			/* Copy to user space if msgbuf is not NULL */
1002 			if ((args.buf == NULL) ||
1003 				(copy_to_user((void __user *)args.buf,
1004 				header->data,
1005 				header->size) == 0)) {
1006 				args.bufsize = header->size;
1007 				memcpy((void *)arg, &args,
1008 				    sizeof(args));
1009 				vchiq_release_message(
1010 					service->handle,
1011 					header);
1012 			} else
1013 				ret = -EFAULT;
1014 		} else {
1015 			vchiq_log_error(vchiq_arm_log_level,
1016 				"header %x: bufsize %x < size %x",
1017 				(unsigned int)header, args.bufsize,
1018 				header->size);
1019 			WARN(1, "invalid size\n");
1020 			ret = -EMSGSIZE;
1021 		}
1022 		DEBUG_TRACE(DEQUEUE_MESSAGE_LINE);
1023 	} break;
1024 
1025 	case VCHIQ_IOC_GET_CLIENT_ID: {
1026 		VCHIQ_SERVICE_HANDLE_T handle;
1027 
1028 		memcpy(&handle, (const void*)arg, sizeof(handle));
1029 
1030 		ret = vchiq_get_client_id(handle);
1031 	} break;
1032 
1033 	case VCHIQ_IOC_GET_CONFIG: {
1034 		VCHIQ_GET_CONFIG_T args;
1035 		VCHIQ_CONFIG_T config;
1036 
1037 		memcpy(&args, (const void*)arg, sizeof(args));
1038 		if (args.config_size > sizeof(config)) {
1039 			ret = -EINVAL;
1040 			break;
1041 		}
1042 		status = vchiq_get_config(instance, args.config_size, &config);
1043 		if (status == VCHIQ_SUCCESS) {
1044 			if (copy_to_user((void __user *)args.pconfig,
1045 				    &config, args.config_size) != 0) {
1046 				ret = -EFAULT;
1047 				break;
1048 			}
1049 		}
1050 	} break;
1051 
1052 	case VCHIQ_IOC_SET_SERVICE_OPTION: {
1053 		VCHIQ_SET_SERVICE_OPTION_T args;
1054 
1055 		memcpy(&args, (const void*)arg, sizeof(args));
1056 
1057 		service = find_service_for_instance(instance, args.handle);
1058 		if (!service) {
1059 			ret = -EINVAL;
1060 			break;
1061 		}
1062 
1063 		status = vchiq_set_service_option(
1064 				args.handle, args.option, args.value);
1065 	} break;
1066 
1067 	case VCHIQ_IOC_DUMP_PHYS_MEM: {
1068 		VCHIQ_DUMP_MEM_T  args;
1069 
1070 		memcpy(&args, (const void*)arg, sizeof(args));
1071 		printf("IMPLEMENT ME: %s:%d\n", __FILE__, __LINE__);
1072 #if 0
1073 		dump_phys_mem(args.virt_addr, args.num_bytes);
1074 #endif
1075 	} break;
1076 
1077 	case VCHIQ_IOC_LIB_VERSION: {
1078 		unsigned int lib_version = (unsigned int)arg;
1079 
1080 		if (lib_version < VCHIQ_VERSION_MIN)
1081 			ret = -EINVAL;
1082 		else if (lib_version >= VCHIQ_VERSION_CLOSE_DELIVERED)
1083 			instance->use_close_delivered = 1;
1084 	} break;
1085 
1086 	case VCHIQ_IOC_CLOSE_DELIVERED: {
1087 		VCHIQ_SERVICE_HANDLE_T handle;
1088 		memcpy(&handle, (const void*)arg, sizeof(handle));
1089 
1090 		service = find_closed_service_for_instance(instance, handle);
1091 		if (service != NULL) {
1092 			USER_SERVICE_T *user_service =
1093 				(USER_SERVICE_T *)service->base.userdata;
1094 			close_delivered(user_service);
1095 		}
1096 		else
1097 			ret = -EINVAL;
1098 	} break;
1099 
1100 	default:
1101 		ret = -ENOTTY;
1102 		break;
1103 	}
1104 
1105 	if (service)
1106 		unlock_service(service);
1107 
1108 	if (ret == 0) {
1109 		if (status == VCHIQ_ERROR)
1110 			ret = -EIO;
1111 		else if (status == VCHIQ_RETRY)
1112 			ret = -EINTR;
1113 	}
1114 
1115 	if ((status == VCHIQ_SUCCESS) && (ret < 0) && (ret != -EINTR) &&
1116 		(ret != -EWOULDBLOCK))
1117 		vchiq_log_info(vchiq_arm_log_level,
1118 			"  ioctl instance %lx, cmd %s -> status %d, %d",
1119 			(unsigned long)instance,
1120 			(_IOC_NR(cmd) <= VCHIQ_IOC_MAX) ?
1121 				ioctl_names[_IOC_NR(cmd)] :
1122 				"<invalid>",
1123 			status, ret);
1124 	else
1125 		vchiq_log_trace(vchiq_arm_log_level,
1126 			"  ioctl instance %lx, cmd %s -> status %d, %d",
1127 			(unsigned long)instance,
1128 			(_IOC_NR(cmd) <= VCHIQ_IOC_MAX) ?
1129 				ioctl_names[_IOC_NR(cmd)] :
1130 				"<invalid>",
1131 			status, ret);
1132 
1133 	/* XXXBSD: report BSD-style error to userland */
1134 	if (ret < 0)
1135 		ret = -ret;
1136 
1137 	return ret;
1138 }
1139 
1140 static void
1141 instance_dtr(void *data)
1142 {
1143 
1144 	kfree(data);
1145 }
1146 
1147 /****************************************************************************
1148 *
1149 *   vchiq_open
1150 *
1151 ***************************************************************************/
1152 
1153 static int
1154 vchiq_open(struct cdev *dev, int flags, int fmt __unused, struct thread *td)
1155 {
1156 	vchiq_log_info(vchiq_arm_log_level, "vchiq_open");
1157 	/* XXXBSD: do we really need this check? */
1158 	if (1) {
1159 		VCHIQ_STATE_T *state = vchiq_get_state();
1160 		VCHIQ_INSTANCE_T instance;
1161 
1162 		if (!state) {
1163 			vchiq_log_error(vchiq_arm_log_level,
1164 				"vchiq has no connection to VideoCore");
1165 			return -ENOTCONN;
1166 		}
1167 
1168 		instance = kmalloc(sizeof(*instance), GFP_KERNEL);
1169 		if (!instance)
1170 			return -ENOMEM;
1171 
1172 		instance->state = state;
1173 		/* XXXBSD: PID or thread ID? */
1174 		instance->pid = td->td_proc->p_pid;
1175 
1176 #ifdef notyet
1177 		ret = vchiq_proc_add_instance(instance);
1178 		if (ret != 0) {
1179 			kfree(instance);
1180 			return ret;
1181 		}
1182 #endif
1183 
1184 		_sema_init(&instance->insert_event, 0);
1185 		_sema_init(&instance->remove_event, 0);
1186 		lmutex_init(&instance->completion_mutex);
1187 		lmutex_init(&instance->bulk_waiter_list_mutex);
1188 		INIT_LIST_HEAD(&instance->bulk_waiter_list);
1189 
1190 		devfs_set_cdevpriv(instance, instance_dtr);
1191 	}
1192 	else {
1193 		vchiq_log_error(vchiq_arm_log_level,
1194 			"Unknown minor device");
1195 		return -ENXIO;
1196 	}
1197 
1198 	return 0;
1199 }
1200 
1201 /****************************************************************************
1202 *
1203 *   vchiq_release
1204 *
1205 ***************************************************************************/
1206 
1207 static int
1208 vchiq_close(struct cdev *dev, int flags __unused, int fmt __unused,
1209                 struct thread *td)
1210 {
1211 	int ret = 0;
1212 	if (1) {
1213 		VCHIQ_INSTANCE_T instance;
1214 		VCHIQ_STATE_T *state = vchiq_get_state();
1215 		VCHIQ_SERVICE_T *service;
1216 		int i;
1217 
1218 		if ((ret = devfs_get_cdevpriv((void**)&instance))) {
1219 			printf("devfs_get_cdevpriv failed: error %d\n", ret);
1220 			return (ret);
1221 		}
1222 
1223 		vchiq_log_info(vchiq_arm_log_level,
1224 			"vchiq_release: instance=%lx",
1225 			(unsigned long)instance);
1226 
1227 		if (!state) {
1228 			ret = -EPERM;
1229 			goto out;
1230 		}
1231 
1232 		/* Ensure videocore is awake to allow termination. */
1233 		vchiq_use_internal(instance->state, NULL,
1234 				USE_TYPE_VCHIQ);
1235 
1236 		lmutex_lock(&instance->completion_mutex);
1237 
1238 		/* Wake the completion thread and ask it to exit */
1239 		instance->closing = 1;
1240 		up(&instance->insert_event);
1241 
1242 		lmutex_unlock(&instance->completion_mutex);
1243 
1244 		/* Wake the slot handler if the completion queue is full. */
1245 		up(&instance->remove_event);
1246 
1247 		/* Mark all services for termination... */
1248 		i = 0;
1249 		while ((service = next_service_by_instance(state, instance,
1250 			&i)) !=	NULL) {
1251 			USER_SERVICE_T *user_service = service->base.userdata;
1252 
1253 			/* Wake the slot handler if the msg queue is full. */
1254 			up(&user_service->remove_event);
1255 
1256 			vchiq_terminate_service_internal(service);
1257 			unlock_service(service);
1258 		}
1259 
1260 		/* ...and wait for them to die */
1261 		i = 0;
1262 		while ((service = next_service_by_instance(state, instance, &i))
1263 			!= NULL) {
1264 			USER_SERVICE_T *user_service = service->base.userdata;
1265 
1266 			down(&service->remove_event);
1267 
1268 			BUG_ON(service->srvstate != VCHIQ_SRVSTATE_FREE);
1269 
1270 			spin_lock(&msg_queue_spinlock);
1271 
1272 			while (user_service->msg_remove !=
1273 				user_service->msg_insert) {
1274 				VCHIQ_HEADER_T *header = user_service->
1275 					msg_queue[user_service->msg_remove &
1276 						(MSG_QUEUE_SIZE - 1)];
1277 				user_service->msg_remove++;
1278 				spin_unlock(&msg_queue_spinlock);
1279 
1280 				if (header)
1281 					vchiq_release_message(
1282 						service->handle,
1283 						header);
1284 				spin_lock(&msg_queue_spinlock);
1285 			}
1286 
1287 			spin_unlock(&msg_queue_spinlock);
1288 
1289 			unlock_service(service);
1290 		}
1291 
1292 		/* Release any closed services */
1293 		while (instance->completion_remove !=
1294 			instance->completion_insert) {
1295 			VCHIQ_COMPLETION_DATA_T *completion;
1296 			VCHIQ_SERVICE_T *service1;
1297 			completion = &instance->completions[
1298 				instance->completion_remove &
1299 				(MAX_COMPLETIONS - 1)];
1300 			service1 = completion->service_userdata;
1301 			if (completion->reason == VCHIQ_SERVICE_CLOSED)
1302 			{
1303 				USER_SERVICE_T *user_service =
1304 					service->base.userdata;
1305 
1306 				/* Wake any blocked user-thread */
1307 				if (instance->use_close_delivered)
1308 					up(&user_service->close_event);
1309 				unlock_service(service1);
1310 			}
1311 			instance->completion_remove++;
1312 		}
1313 
1314 		/* Release the PEER service count. */
1315 		vchiq_release_internal(instance->state, NULL);
1316 
1317 		{
1318 			struct list_head *pos, *next;
1319 			list_for_each_safe(pos, next,
1320 				&instance->bulk_waiter_list) {
1321 				struct bulk_waiter_node *waiter;
1322 				waiter = list_entry(pos,
1323 					struct bulk_waiter_node,
1324 					list);
1325 				list_del(pos);
1326 				vchiq_log_info(vchiq_arm_log_level,
1327 					"bulk_waiter - cleaned up %x "
1328 					"for pid %d",
1329 					(unsigned int)waiter, waiter->pid);
1330 		                _sema_destroy(&waiter->bulk_waiter.event);
1331 				kfree(waiter);
1332 			}
1333 		}
1334 
1335 	}
1336 	else {
1337 		vchiq_log_error(vchiq_arm_log_level,
1338 			"Unknown minor device");
1339 		ret = -ENXIO;
1340 	}
1341 
1342 out:
1343 	return ret;
1344 }
1345 
1346 /****************************************************************************
1347 *
1348 *   vchiq_dump
1349 *
1350 ***************************************************************************/
1351 
1352 void
1353 vchiq_dump(void *dump_context, const char *str, int len)
1354 {
1355 	DUMP_CONTEXT_T *context = (DUMP_CONTEXT_T *)dump_context;
1356 
1357 	if (context->actual < context->space) {
1358 		int copy_bytes;
1359 		if (context->offset > 0) {
1360 			int skip_bytes = min(len, (int)context->offset);
1361 			str += skip_bytes;
1362 			len -= skip_bytes;
1363 			context->offset -= skip_bytes;
1364 			if (context->offset > 0)
1365 				return;
1366 		}
1367 		copy_bytes = min(len, (int)(context->space - context->actual));
1368 		if (copy_bytes == 0)
1369 			return;
1370 		memcpy(context->buf + context->actual, str, copy_bytes);
1371 		context->actual += copy_bytes;
1372 		len -= copy_bytes;
1373 
1374 		/* If tne terminating NUL is included in the length, then it
1375 		** marks the end of a line and should be replaced with a
1376 		** carriage return. */
1377 		if ((len == 0) && (str[copy_bytes - 1] == '\0')) {
1378 			char cr = '\n';
1379 			memcpy(context->buf + context->actual - 1, &cr, 1);
1380 		}
1381 	}
1382 }
1383 
1384 /****************************************************************************
1385 *
1386 *   vchiq_dump_platform_instance_state
1387 *
1388 ***************************************************************************/
1389 
1390 void
1391 vchiq_dump_platform_instances(void *dump_context)
1392 {
1393 	VCHIQ_STATE_T *state = vchiq_get_state();
1394 	char buf[80];
1395 	int len;
1396 	int i;
1397 
1398 	/* There is no list of instances, so instead scan all services,
1399 		marking those that have been dumped. */
1400 
1401 	for (i = 0; i < state->unused_service; i++) {
1402 		VCHIQ_SERVICE_T *service = state->services[i];
1403 		VCHIQ_INSTANCE_T instance;
1404 
1405 		if (service && (service->base.callback == service_callback)) {
1406 			instance = service->instance;
1407 			if (instance)
1408 				instance->mark = 0;
1409 		}
1410 	}
1411 
1412 	for (i = 0; i < state->unused_service; i++) {
1413 		VCHIQ_SERVICE_T *service = state->services[i];
1414 		VCHIQ_INSTANCE_T instance;
1415 
1416 		if (service && (service->base.callback == service_callback)) {
1417 			instance = service->instance;
1418 			if (instance && !instance->mark) {
1419 				len = snprintf(buf, sizeof(buf),
1420 					"Instance %x: pid %d,%s completions "
1421 						"%d/%d",
1422 					(unsigned int)instance, instance->pid,
1423 					instance->connected ? " connected, " :
1424 						"",
1425 					instance->completion_insert -
1426 						instance->completion_remove,
1427 					MAX_COMPLETIONS);
1428 
1429 				vchiq_dump(dump_context, buf, len + 1);
1430 
1431 				instance->mark = 1;
1432 			}
1433 		}
1434 	}
1435 }
1436 
1437 /****************************************************************************
1438 *
1439 *   vchiq_dump_platform_service_state
1440 *
1441 ***************************************************************************/
1442 
1443 void
1444 vchiq_dump_platform_service_state(void *dump_context, VCHIQ_SERVICE_T *service)
1445 {
1446 	USER_SERVICE_T *user_service = (USER_SERVICE_T *)service->base.userdata;
1447 	char buf[80];
1448 	int len;
1449 
1450 	len = snprintf(buf, sizeof(buf), "  instance %x",
1451 		(unsigned int)service->instance);
1452 
1453 	if ((service->base.callback == service_callback) &&
1454 		user_service->is_vchi) {
1455 		len += snprintf(buf + len, sizeof(buf) - len,
1456 			", %d/%d messages",
1457 			user_service->msg_insert - user_service->msg_remove,
1458 			MSG_QUEUE_SIZE);
1459 
1460 		if (user_service->dequeue_pending)
1461 			len += snprintf(buf + len, sizeof(buf) - len,
1462 				" (dequeue pending)");
1463 	}
1464 
1465 	vchiq_dump(dump_context, buf, len + 1);
1466 }
1467 
1468 #ifdef notyet
1469 /****************************************************************************
1470 *
1471 *   dump_user_mem
1472 *
1473 ***************************************************************************/
1474 
1475 static void
1476 dump_phys_mem(void *virt_addr, uint32_t num_bytes)
1477 {
1478 	int            rc;
1479 	uint8_t       *end_virt_addr = virt_addr + num_bytes;
1480 	int            num_pages;
1481 	int            offset;
1482 	int            end_offset;
1483 	int            page_idx;
1484 	int            prev_idx;
1485 	struct page   *page;
1486 	struct page  **pages;
1487 	uint8_t       *kmapped_virt_ptr;
1488 
1489 	/* Align virtAddr and endVirtAddr to 16 byte boundaries. */
1490 
1491 	virt_addr = (void *)((unsigned long)virt_addr & ~0x0fuL);
1492 	end_virt_addr = (void *)(((unsigned long)end_virt_addr + 15uL) &
1493 		~0x0fuL);
1494 
1495 	offset = (int)(long)virt_addr & (PAGE_SIZE - 1);
1496 	end_offset = (int)(long)end_virt_addr & (PAGE_SIZE - 1);
1497 
1498 	num_pages = (offset + num_bytes + PAGE_SIZE - 1) / PAGE_SIZE;
1499 
1500 	pages = kmalloc(sizeof(struct page *) * num_pages, GFP_KERNEL);
1501 	if (pages == NULL) {
1502 		vchiq_log_error(vchiq_arm_log_level,
1503 			"Unable to allocation memory for %d pages\n",
1504 			num_pages);
1505 		return;
1506 	}
1507 
1508 	down_read(&current->mm->mmap_sem);
1509 	rc = get_user_pages(current,      /* task */
1510 		current->mm,              /* mm */
1511 		(unsigned long)virt_addr, /* start */
1512 		num_pages,                /* len */
1513 		0,                        /* write */
1514 		0,                        /* force */
1515 		pages,                    /* pages (array of page pointers) */
1516 		NULL);                    /* vmas */
1517 	up_read(&current->mm->mmap_sem);
1518 
1519 	prev_idx = -1;
1520 	page = NULL;
1521 
1522 	while (offset < end_offset) {
1523 
1524 		int page_offset = offset % PAGE_SIZE;
1525 		page_idx = offset / PAGE_SIZE;
1526 
1527 		if (page_idx != prev_idx) {
1528 
1529 			if (page != NULL)
1530 				kunmap(page);
1531 			page = pages[page_idx];
1532 			kmapped_virt_ptr = kmap(page);
1533 
1534 			prev_idx = page_idx;
1535 		}
1536 
1537 		if (vchiq_arm_log_level >= VCHIQ_LOG_TRACE)
1538 			vchiq_log_dump_mem("ph",
1539 				(uint32_t)(unsigned long)&kmapped_virt_ptr[
1540 					page_offset],
1541 				&kmapped_virt_ptr[page_offset], 16);
1542 
1543 		offset += 16;
1544 	}
1545 	if (page != NULL)
1546 		kunmap(page);
1547 
1548 	for (page_idx = 0; page_idx < num_pages; page_idx++)
1549 		page_cache_release(pages[page_idx]);
1550 
1551 	kfree(pages);
1552 }
1553 
1554 /****************************************************************************
1555 *
1556 *   vchiq_read
1557 *
1558 ***************************************************************************/
1559 
1560 static ssize_t
1561 vchiq_read(struct file *file, char __user *buf,
1562 	size_t count, loff_t *ppos)
1563 {
1564 	DUMP_CONTEXT_T context;
1565 	context.buf = buf;
1566 	context.actual = 0;
1567 	context.space = count;
1568 	context.offset = *ppos;
1569 
1570 	vchiq_dump_state(&context, &g_state);
1571 
1572 	*ppos += context.actual;
1573 
1574 	return context.actual;
1575 }
1576 #endif
1577 
1578 VCHIQ_STATE_T *
1579 vchiq_get_state(void)
1580 {
1581 
1582 	if (g_state.remote == NULL)
1583 		printk(KERN_ERR "%s: g_state.remote == NULL\n", __func__);
1584 	else if (g_state.remote->initialised != 1)
1585 		printk(KERN_NOTICE "%s: g_state.remote->initialised != 1 (%d)\n",
1586 			__func__, g_state.remote->initialised);
1587 
1588 	return ((g_state.remote != NULL) &&
1589 		(g_state.remote->initialised == 1)) ? &g_state : NULL;
1590 }
1591 
1592 /*
1593  * Autosuspend related functionality
1594  */
1595 
1596 int
1597 vchiq_videocore_wanted(VCHIQ_STATE_T *state)
1598 {
1599 	VCHIQ_ARM_STATE_T *arm_state = vchiq_platform_get_arm_state(state);
1600 	if (!arm_state)
1601 		/* autosuspend not supported - always return wanted */
1602 		return 1;
1603 	else if (arm_state->blocked_count)
1604 		return 1;
1605 	else if (!arm_state->videocore_use_count)
1606 		/* usage count zero - check for override unless we're forcing */
1607 		if (arm_state->resume_blocked)
1608 			return 0;
1609 		else
1610 			return vchiq_platform_videocore_wanted(state);
1611 	else
1612 		/* non-zero usage count - videocore still required */
1613 		return 1;
1614 }
1615 
1616 static VCHIQ_STATUS_T
1617 vchiq_keepalive_vchiq_callback(VCHIQ_REASON_T reason,
1618 	VCHIQ_HEADER_T *header,
1619 	VCHIQ_SERVICE_HANDLE_T service_user,
1620 	void *bulk_user)
1621 {
1622 	vchiq_log_error(vchiq_susp_log_level,
1623 		"%s callback reason %d", __func__, reason);
1624 	return 0;
1625 }
1626 
1627 static int
1628 vchiq_keepalive_thread_func(void *v)
1629 {
1630 	VCHIQ_STATE_T *state = (VCHIQ_STATE_T *) v;
1631 	VCHIQ_ARM_STATE_T *arm_state = vchiq_platform_get_arm_state(state);
1632 
1633 	VCHIQ_STATUS_T status;
1634 	VCHIQ_INSTANCE_T instance;
1635 	VCHIQ_SERVICE_HANDLE_T ka_handle;
1636 
1637 	VCHIQ_SERVICE_PARAMS_T params = {
1638 		.fourcc      = VCHIQ_MAKE_FOURCC('K', 'E', 'E', 'P'),
1639 		.callback    = vchiq_keepalive_vchiq_callback,
1640 		.version     = KEEPALIVE_VER,
1641 		.version_min = KEEPALIVE_VER_MIN
1642 	};
1643 
1644 	status = vchiq_initialise(&instance);
1645 	if (status != VCHIQ_SUCCESS) {
1646 		vchiq_log_error(vchiq_susp_log_level,
1647 			"%s vchiq_initialise failed %d", __func__, status);
1648 		goto exit;
1649 	}
1650 
1651 	status = vchiq_connect(instance);
1652 	if (status != VCHIQ_SUCCESS) {
1653 		vchiq_log_error(vchiq_susp_log_level,
1654 			"%s vchiq_connect failed %d", __func__, status);
1655 		goto shutdown;
1656 	}
1657 
1658 	status = vchiq_add_service(instance, &params, &ka_handle);
1659 	if (status != VCHIQ_SUCCESS) {
1660 		vchiq_log_error(vchiq_susp_log_level,
1661 			"%s vchiq_open_service failed %d", __func__, status);
1662 		goto shutdown;
1663 	}
1664 
1665 	while (1) {
1666 		long rc = 0, uc = 0;
1667 		if (wait_for_completion_interruptible(&arm_state->ka_evt)
1668 				!= 0) {
1669 			vchiq_log_error(vchiq_susp_log_level,
1670 				"%s interrupted", __func__);
1671 			flush_signals(current);
1672 			continue;
1673 		}
1674 
1675 		/* read and clear counters.  Do release_count then use_count to
1676 		 * prevent getting more releases than uses */
1677 		rc = atomic_xchg(&arm_state->ka_release_count, 0);
1678 		uc = atomic_xchg(&arm_state->ka_use_count, 0);
1679 
1680 		/* Call use/release service the requisite number of times.
1681 		 * Process use before release so use counts don't go negative */
1682 		while (uc--) {
1683 			atomic_inc(&arm_state->ka_use_ack_count);
1684 			status = vchiq_use_service(ka_handle);
1685 			if (status != VCHIQ_SUCCESS) {
1686 				vchiq_log_error(vchiq_susp_log_level,
1687 					"%s vchiq_use_service error %d",
1688 					__func__, status);
1689 			}
1690 		}
1691 		while (rc--) {
1692 			status = vchiq_release_service(ka_handle);
1693 			if (status != VCHIQ_SUCCESS) {
1694 				vchiq_log_error(vchiq_susp_log_level,
1695 					"%s vchiq_release_service error %d",
1696 					__func__, status);
1697 			}
1698 		}
1699 	}
1700 
1701 shutdown:
1702 	vchiq_shutdown(instance);
1703 exit:
1704 	return 0;
1705 }
1706 
1707 VCHIQ_STATUS_T
1708 vchiq_arm_init_state(VCHIQ_STATE_T *state, VCHIQ_ARM_STATE_T *arm_state)
1709 {
1710 	VCHIQ_STATUS_T status = VCHIQ_SUCCESS;
1711 
1712 	if (arm_state) {
1713 		rwlock_init(&arm_state->susp_res_lock);
1714 
1715 		init_completion(&arm_state->ka_evt);
1716 		atomic_set(&arm_state->ka_use_count, 0);
1717 		atomic_set(&arm_state->ka_use_ack_count, 0);
1718 		atomic_set(&arm_state->ka_release_count, 0);
1719 
1720 		init_completion(&arm_state->vc_suspend_complete);
1721 
1722 		init_completion(&arm_state->vc_resume_complete);
1723 		/* Initialise to 'done' state.  We only want to block on resume
1724 		 * completion while videocore is suspended. */
1725 		set_resume_state(arm_state, VC_RESUME_RESUMED);
1726 
1727 		init_completion(&arm_state->resume_blocker);
1728 		/* Initialise to 'done' state.  We only want to block on this
1729 		 * completion while resume is blocked */
1730 		complete_all(&arm_state->resume_blocker);
1731 
1732 		init_completion(&arm_state->blocked_blocker);
1733 		/* Initialise to 'done' state.  We only want to block on this
1734 		 * completion while things are waiting on the resume blocker */
1735 		complete_all(&arm_state->blocked_blocker);
1736 
1737 		arm_state->suspend_timer_timeout = SUSPEND_TIMER_TIMEOUT_MS;
1738 		arm_state->suspend_timer_running = 0;
1739 		init_timer(&arm_state->suspend_timer);
1740 		arm_state->suspend_timer.data = (unsigned long)(state);
1741 		arm_state->suspend_timer.function = suspend_timer_callback;
1742 
1743 		arm_state->first_connect = 0;
1744 
1745 	}
1746 	return status;
1747 }
1748 
1749 /*
1750 ** Functions to modify the state variables;
1751 **	set_suspend_state
1752 **	set_resume_state
1753 **
1754 ** There are more state variables than we might like, so ensure they remain in
1755 ** step.  Suspend and resume state are maintained separately, since most of
1756 ** these state machines can operate independently.  However, there are a few
1757 ** states where state transitions in one state machine cause a reset to the
1758 ** other state machine.  In addition, there are some completion events which
1759 ** need to occur on state machine reset and end-state(s), so these are also
1760 ** dealt with in these functions.
1761 **
1762 ** In all states we set the state variable according to the input, but in some
1763 ** cases we perform additional steps outlined below;
1764 **
1765 ** VC_SUSPEND_IDLE - Initialise the suspend completion at the same time.
1766 **			The suspend completion is completed after any suspend
1767 **			attempt.  When we reset the state machine we also reset
1768 **			the completion.  This reset occurs when videocore is
1769 **			resumed, and also if we initiate suspend after a suspend
1770 **			failure.
1771 **
1772 ** VC_SUSPEND_IN_PROGRESS - This state is considered the point of no return for
1773 **			suspend - ie from this point on we must try to suspend
1774 **			before resuming can occur.  We therefore also reset the
1775 **			resume state machine to VC_RESUME_IDLE in this state.
1776 **
1777 ** VC_SUSPEND_SUSPENDED - Suspend has completed successfully. Also call
1778 **			complete_all on the suspend completion to notify
1779 **			anything waiting for suspend to happen.
1780 **
1781 ** VC_SUSPEND_REJECTED - Videocore rejected suspend. Videocore will also
1782 **			initiate resume, so no need to alter resume state.
1783 **			We call complete_all on the suspend completion to notify
1784 **			of suspend rejection.
1785 **
1786 ** VC_SUSPEND_FAILED - We failed to initiate videocore suspend.  We notify the
1787 **			suspend completion and reset the resume state machine.
1788 **
1789 ** VC_RESUME_IDLE - Initialise the resume completion at the same time.  The
1790 **			resume completion is in it's 'done' state whenever
1791 **			videcore is running.  Therfore, the VC_RESUME_IDLE state
1792 **			implies that videocore is suspended.
1793 **			Hence, any thread which needs to wait until videocore is
1794 **			running can wait on this completion - it will only block
1795 **			if videocore is suspended.
1796 **
1797 ** VC_RESUME_RESUMED - Resume has completed successfully.  Videocore is running.
1798 **			Call complete_all on the resume completion to unblock
1799 **			any threads waiting for resume.	 Also reset the suspend
1800 **			state machine to it's idle state.
1801 **
1802 ** VC_RESUME_FAILED - Currently unused - no mechanism to fail resume exists.
1803 */
1804 
1805 void
1806 set_suspend_state(VCHIQ_ARM_STATE_T *arm_state,
1807 	enum vc_suspend_status new_state)
1808 {
1809 	/* set the state in all cases */
1810 	arm_state->vc_suspend_state = new_state;
1811 
1812 	/* state specific additional actions */
1813 	switch (new_state) {
1814 	case VC_SUSPEND_FORCE_CANCELED:
1815 		complete_all(&arm_state->vc_suspend_complete);
1816 		break;
1817 	case VC_SUSPEND_REJECTED:
1818 		complete_all(&arm_state->vc_suspend_complete);
1819 		break;
1820 	case VC_SUSPEND_FAILED:
1821 		complete_all(&arm_state->vc_suspend_complete);
1822 		arm_state->vc_resume_state = VC_RESUME_RESUMED;
1823 		complete_all(&arm_state->vc_resume_complete);
1824 		break;
1825 	case VC_SUSPEND_IDLE:
1826 		/* TODO: reinit_completion */
1827 		INIT_COMPLETION(arm_state->vc_suspend_complete);
1828 		break;
1829 	case VC_SUSPEND_REQUESTED:
1830 		break;
1831 	case VC_SUSPEND_IN_PROGRESS:
1832 		set_resume_state(arm_state, VC_RESUME_IDLE);
1833 		break;
1834 	case VC_SUSPEND_SUSPENDED:
1835 		complete_all(&arm_state->vc_suspend_complete);
1836 		break;
1837 	default:
1838 		BUG();
1839 		break;
1840 	}
1841 }
1842 
1843 void
1844 set_resume_state(VCHIQ_ARM_STATE_T *arm_state,
1845 	enum vc_resume_status new_state)
1846 {
1847 	/* set the state in all cases */
1848 	arm_state->vc_resume_state = new_state;
1849 
1850 	/* state specific additional actions */
1851 	switch (new_state) {
1852 	case VC_RESUME_FAILED:
1853 		break;
1854 	case VC_RESUME_IDLE:
1855 		/* TODO: reinit_completion */
1856 		INIT_COMPLETION(arm_state->vc_resume_complete);
1857 		break;
1858 	case VC_RESUME_REQUESTED:
1859 		break;
1860 	case VC_RESUME_IN_PROGRESS:
1861 		break;
1862 	case VC_RESUME_RESUMED:
1863 		complete_all(&arm_state->vc_resume_complete);
1864 		set_suspend_state(arm_state, VC_SUSPEND_IDLE);
1865 		break;
1866 	default:
1867 		BUG();
1868 		break;
1869 	}
1870 }
1871 
1872 
1873 /* should be called with the write lock held */
1874 inline void
1875 start_suspend_timer(VCHIQ_ARM_STATE_T *arm_state)
1876 {
1877 	del_timer(&arm_state->suspend_timer);
1878 	arm_state->suspend_timer.expires = jiffies +
1879 		msecs_to_jiffies(arm_state->
1880 			suspend_timer_timeout);
1881 	add_timer(&arm_state->suspend_timer);
1882 	arm_state->suspend_timer_running = 1;
1883 }
1884 
1885 /* should be called with the write lock held */
1886 static inline void
1887 stop_suspend_timer(VCHIQ_ARM_STATE_T *arm_state)
1888 {
1889 	if (arm_state->suspend_timer_running) {
1890 		del_timer(&arm_state->suspend_timer);
1891 		arm_state->suspend_timer_running = 0;
1892 	}
1893 }
1894 
1895 static inline int
1896 need_resume(VCHIQ_STATE_T *state)
1897 {
1898 	VCHIQ_ARM_STATE_T *arm_state = vchiq_platform_get_arm_state(state);
1899 	return (arm_state->vc_suspend_state > VC_SUSPEND_IDLE) &&
1900 			(arm_state->vc_resume_state < VC_RESUME_REQUESTED) &&
1901 			vchiq_videocore_wanted(state);
1902 }
1903 
1904 static int
1905 block_resume(VCHIQ_ARM_STATE_T *arm_state)
1906 {
1907 	int status = VCHIQ_SUCCESS;
1908 	const unsigned long timeout_val =
1909 				msecs_to_jiffies(FORCE_SUSPEND_TIMEOUT_MS);
1910 	int resume_count = 0;
1911 
1912 	/* Allow any threads which were blocked by the last force suspend to
1913 	 * complete if they haven't already.  Only give this one shot; if
1914 	 * blocked_count is incremented after blocked_blocker is completed
1915 	 * (which only happens when blocked_count hits 0) then those threads
1916 	 * will have to wait until next time around */
1917 	if (arm_state->blocked_count) {
1918 		/* TODO: reinit_completion */
1919 		INIT_COMPLETION(arm_state->blocked_blocker);
1920 		write_unlock_bh(&arm_state->susp_res_lock);
1921 		vchiq_log_info(vchiq_susp_log_level, "%s wait for previously "
1922 			"blocked clients", __func__);
1923 		if (wait_for_completion_interruptible_timeout(
1924 				&arm_state->blocked_blocker, timeout_val)
1925 					<= 0) {
1926 			vchiq_log_error(vchiq_susp_log_level, "%s wait for "
1927 				"previously blocked clients failed" , __func__);
1928 			status = VCHIQ_ERROR;
1929 			write_lock_bh(&arm_state->susp_res_lock);
1930 			goto out;
1931 		}
1932 		vchiq_log_info(vchiq_susp_log_level, "%s previously blocked "
1933 			"clients resumed", __func__);
1934 		write_lock_bh(&arm_state->susp_res_lock);
1935 	}
1936 
1937 	/* We need to wait for resume to complete if it's in process */
1938 	while (arm_state->vc_resume_state != VC_RESUME_RESUMED &&
1939 			arm_state->vc_resume_state > VC_RESUME_IDLE) {
1940 		if (resume_count > 1) {
1941 			status = VCHIQ_ERROR;
1942 			vchiq_log_error(vchiq_susp_log_level, "%s waited too "
1943 				"many times for resume" , __func__);
1944 			goto out;
1945 		}
1946 		write_unlock_bh(&arm_state->susp_res_lock);
1947 		vchiq_log_info(vchiq_susp_log_level, "%s wait for resume",
1948 			__func__);
1949 		if (wait_for_completion_interruptible_timeout(
1950 				&arm_state->vc_resume_complete, timeout_val)
1951 					<= 0) {
1952 			vchiq_log_error(vchiq_susp_log_level, "%s wait for "
1953 				"resume failed (%s)", __func__,
1954 				resume_state_names[arm_state->vc_resume_state +
1955 							VC_RESUME_NUM_OFFSET]);
1956 			status = VCHIQ_ERROR;
1957 			write_lock_bh(&arm_state->susp_res_lock);
1958 			goto out;
1959 		}
1960 		vchiq_log_info(vchiq_susp_log_level, "%s resumed", __func__);
1961 		write_lock_bh(&arm_state->susp_res_lock);
1962 		resume_count++;
1963 	}
1964 	/* TODO: reinit_completion */
1965 	INIT_COMPLETION(arm_state->resume_blocker);
1966 	arm_state->resume_blocked = 1;
1967 
1968 out:
1969 	return status;
1970 }
1971 
1972 static inline void
1973 unblock_resume(VCHIQ_ARM_STATE_T *arm_state)
1974 {
1975 	complete_all(&arm_state->resume_blocker);
1976 	arm_state->resume_blocked = 0;
1977 }
1978 
1979 /* Initiate suspend via slot handler. Should be called with the write lock
1980  * held */
1981 VCHIQ_STATUS_T
1982 vchiq_arm_vcsuspend(VCHIQ_STATE_T *state)
1983 {
1984 	VCHIQ_STATUS_T status = VCHIQ_ERROR;
1985 	VCHIQ_ARM_STATE_T *arm_state = vchiq_platform_get_arm_state(state);
1986 
1987 	if (!arm_state)
1988 		goto out;
1989 
1990 	vchiq_log_trace(vchiq_susp_log_level, "%s", __func__);
1991 	status = VCHIQ_SUCCESS;
1992 
1993 
1994 	switch (arm_state->vc_suspend_state) {
1995 	case VC_SUSPEND_REQUESTED:
1996 		vchiq_log_info(vchiq_susp_log_level, "%s: suspend already "
1997 			"requested", __func__);
1998 		break;
1999 	case VC_SUSPEND_IN_PROGRESS:
2000 		vchiq_log_info(vchiq_susp_log_level, "%s: suspend already in "
2001 			"progress", __func__);
2002 		break;
2003 
2004 	default:
2005 		/* We don't expect to be in other states, so log but continue
2006 		 * anyway */
2007 		vchiq_log_error(vchiq_susp_log_level,
2008 			"%s unexpected suspend state %s", __func__,
2009 			suspend_state_names[arm_state->vc_suspend_state +
2010 						VC_SUSPEND_NUM_OFFSET]);
2011 		/* fall through */
2012 	case VC_SUSPEND_REJECTED:
2013 	case VC_SUSPEND_FAILED:
2014 		/* Ensure any idle state actions have been run */
2015 		set_suspend_state(arm_state, VC_SUSPEND_IDLE);
2016 		/* fall through */
2017 	case VC_SUSPEND_IDLE:
2018 		vchiq_log_info(vchiq_susp_log_level,
2019 			"%s: suspending", __func__);
2020 		set_suspend_state(arm_state, VC_SUSPEND_REQUESTED);
2021 		/* kick the slot handler thread to initiate suspend */
2022 		request_poll(state, NULL, 0);
2023 		break;
2024 	}
2025 
2026 out:
2027 	vchiq_log_trace(vchiq_susp_log_level, "%s exit %d", __func__, status);
2028 	return status;
2029 }
2030 
2031 void
2032 vchiq_platform_check_suspend(VCHIQ_STATE_T *state)
2033 {
2034 	VCHIQ_ARM_STATE_T *arm_state = vchiq_platform_get_arm_state(state);
2035 	int susp = 0;
2036 
2037 	if (!arm_state)
2038 		goto out;
2039 
2040 	vchiq_log_trace(vchiq_susp_log_level, "%s", __func__);
2041 
2042 	write_lock_bh(&arm_state->susp_res_lock);
2043 	if (arm_state->vc_suspend_state == VC_SUSPEND_REQUESTED &&
2044 			arm_state->vc_resume_state == VC_RESUME_RESUMED) {
2045 		set_suspend_state(arm_state, VC_SUSPEND_IN_PROGRESS);
2046 		susp = 1;
2047 	}
2048 	write_unlock_bh(&arm_state->susp_res_lock);
2049 
2050 	if (susp)
2051 		vchiq_platform_suspend(state);
2052 
2053 out:
2054 	vchiq_log_trace(vchiq_susp_log_level, "%s exit", __func__);
2055 	return;
2056 }
2057 
2058 
2059 static void
2060 output_timeout_error(VCHIQ_STATE_T *state)
2061 {
2062 	VCHIQ_ARM_STATE_T *arm_state = vchiq_platform_get_arm_state(state);
2063 	char service_err[50] = "";
2064 	int vc_use_count = arm_state->videocore_use_count;
2065 	int active_services = state->unused_service;
2066 	int i;
2067 
2068 	if (!arm_state->videocore_use_count) {
2069 		snprintf(service_err, 50, " Videocore usecount is 0");
2070 		goto output_msg;
2071 	}
2072 	for (i = 0; i < active_services; i++) {
2073 		VCHIQ_SERVICE_T *service_ptr = state->services[i];
2074 		if (service_ptr && service_ptr->service_use_count &&
2075 			(service_ptr->srvstate != VCHIQ_SRVSTATE_FREE)) {
2076 			snprintf(service_err, 50, " %c%c%c%c(%8x) service has "
2077 				"use count %d%s", VCHIQ_FOURCC_AS_4CHARS(
2078 					service_ptr->base.fourcc),
2079 				 service_ptr->client_id,
2080 				 service_ptr->service_use_count,
2081 				 service_ptr->service_use_count ==
2082 					 vc_use_count ? "" : " (+ more)");
2083 			break;
2084 		}
2085 	}
2086 
2087 output_msg:
2088 	vchiq_log_error(vchiq_susp_log_level,
2089 		"timed out waiting for vc suspend (%d).%s",
2090 		 arm_state->autosuspend_override, service_err);
2091 
2092 }
2093 
2094 /* Try to get videocore into suspended state, regardless of autosuspend state.
2095 ** We don't actually force suspend, since videocore may get into a bad state
2096 ** if we force suspend at a bad time.  Instead, we wait for autosuspend to
2097 ** determine a good point to suspend.  If this doesn't happen within 100ms we
2098 ** report failure.
2099 **
2100 ** Returns VCHIQ_SUCCESS if videocore suspended successfully, VCHIQ_RETRY if
2101 ** videocore failed to suspend in time or VCHIQ_ERROR if interrupted.
2102 */
2103 VCHIQ_STATUS_T
2104 vchiq_arm_force_suspend(VCHIQ_STATE_T *state)
2105 {
2106 	VCHIQ_ARM_STATE_T *arm_state = vchiq_platform_get_arm_state(state);
2107 	VCHIQ_STATUS_T status = VCHIQ_ERROR;
2108 	long rc = 0;
2109 	int repeat = -1;
2110 
2111 	if (!arm_state)
2112 		goto out;
2113 
2114 	vchiq_log_trace(vchiq_susp_log_level, "%s", __func__);
2115 
2116 	write_lock_bh(&arm_state->susp_res_lock);
2117 
2118 	status = block_resume(arm_state);
2119 	if (status != VCHIQ_SUCCESS)
2120 		goto unlock;
2121 	if (arm_state->vc_suspend_state == VC_SUSPEND_SUSPENDED) {
2122 		/* Already suspended - just block resume and exit */
2123 		vchiq_log_info(vchiq_susp_log_level, "%s already suspended",
2124 			__func__);
2125 		status = VCHIQ_SUCCESS;
2126 		goto unlock;
2127 	} else if (arm_state->vc_suspend_state <= VC_SUSPEND_IDLE) {
2128 		/* initiate suspend immediately in the case that we're waiting
2129 		 * for the timeout */
2130 		stop_suspend_timer(arm_state);
2131 		if (!vchiq_videocore_wanted(state)) {
2132 			vchiq_log_info(vchiq_susp_log_level, "%s videocore "
2133 				"idle, initiating suspend", __func__);
2134 			status = vchiq_arm_vcsuspend(state);
2135 		} else if (arm_state->autosuspend_override <
2136 						FORCE_SUSPEND_FAIL_MAX) {
2137 			vchiq_log_info(vchiq_susp_log_level, "%s letting "
2138 				"videocore go idle", __func__);
2139 			status = VCHIQ_SUCCESS;
2140 		} else {
2141 			vchiq_log_warning(vchiq_susp_log_level, "%s failed too "
2142 				"many times - attempting suspend", __func__);
2143 			status = vchiq_arm_vcsuspend(state);
2144 		}
2145 	} else {
2146 		vchiq_log_info(vchiq_susp_log_level, "%s videocore suspend "
2147 			"in progress - wait for completion", __func__);
2148 		status = VCHIQ_SUCCESS;
2149 	}
2150 
2151 	/* Wait for suspend to happen due to system idle (not forced..) */
2152 	if (status != VCHIQ_SUCCESS)
2153 		goto unblock_resume;
2154 
2155 	do {
2156 		write_unlock_bh(&arm_state->susp_res_lock);
2157 
2158 		rc = wait_for_completion_interruptible_timeout(
2159 				&arm_state->vc_suspend_complete,
2160 				msecs_to_jiffies(FORCE_SUSPEND_TIMEOUT_MS));
2161 
2162 		write_lock_bh(&arm_state->susp_res_lock);
2163 		if (rc < 0) {
2164 			vchiq_log_warning(vchiq_susp_log_level, "%s "
2165 				"interrupted waiting for suspend", __func__);
2166 			status = VCHIQ_ERROR;
2167 			goto unblock_resume;
2168 		} else if (rc == 0) {
2169 			if (arm_state->vc_suspend_state > VC_SUSPEND_IDLE) {
2170 				/* Repeat timeout once if in progress */
2171 				if (repeat < 0) {
2172 					repeat = 1;
2173 					continue;
2174 				}
2175 			}
2176 			arm_state->autosuspend_override++;
2177 			output_timeout_error(state);
2178 
2179 			status = VCHIQ_RETRY;
2180 			goto unblock_resume;
2181 		}
2182 	} while (0 < (repeat--));
2183 
2184 	/* Check and report state in case we need to abort ARM suspend */
2185 	if (arm_state->vc_suspend_state != VC_SUSPEND_SUSPENDED) {
2186 		status = VCHIQ_RETRY;
2187 		vchiq_log_error(vchiq_susp_log_level,
2188 			"%s videocore suspend failed (state %s)", __func__,
2189 			suspend_state_names[arm_state->vc_suspend_state +
2190 						VC_SUSPEND_NUM_OFFSET]);
2191 		/* Reset the state only if it's still in an error state.
2192 		 * Something could have already initiated another suspend. */
2193 		if (arm_state->vc_suspend_state < VC_SUSPEND_IDLE)
2194 			set_suspend_state(arm_state, VC_SUSPEND_IDLE);
2195 
2196 		goto unblock_resume;
2197 	}
2198 
2199 	/* successfully suspended - unlock and exit */
2200 	goto unlock;
2201 
2202 unblock_resume:
2203 	/* all error states need to unblock resume before exit */
2204 	unblock_resume(arm_state);
2205 
2206 unlock:
2207 	write_unlock_bh(&arm_state->susp_res_lock);
2208 
2209 out:
2210 	vchiq_log_trace(vchiq_susp_log_level, "%s exit %d", __func__, status);
2211 	return status;
2212 }
2213 
2214 void
2215 vchiq_check_suspend(VCHIQ_STATE_T *state)
2216 {
2217 	VCHIQ_ARM_STATE_T *arm_state = vchiq_platform_get_arm_state(state);
2218 
2219 	if (!arm_state)
2220 		goto out;
2221 
2222 	vchiq_log_trace(vchiq_susp_log_level, "%s", __func__);
2223 
2224 	write_lock_bh(&arm_state->susp_res_lock);
2225 	if (arm_state->vc_suspend_state != VC_SUSPEND_SUSPENDED &&
2226 			arm_state->first_connect &&
2227 			!vchiq_videocore_wanted(state)) {
2228 		vchiq_arm_vcsuspend(state);
2229 	}
2230 	write_unlock_bh(&arm_state->susp_res_lock);
2231 
2232 out:
2233 	vchiq_log_trace(vchiq_susp_log_level, "%s exit", __func__);
2234 	return;
2235 }
2236 
2237 
2238 int
2239 vchiq_arm_allow_resume(VCHIQ_STATE_T *state)
2240 {
2241 	VCHIQ_ARM_STATE_T *arm_state = vchiq_platform_get_arm_state(state);
2242 	int resume = 0;
2243 	int ret = -1;
2244 
2245 	if (!arm_state)
2246 		goto out;
2247 
2248 	vchiq_log_trace(vchiq_susp_log_level, "%s", __func__);
2249 
2250 	write_lock_bh(&arm_state->susp_res_lock);
2251 	unblock_resume(arm_state);
2252 	resume = vchiq_check_resume(state);
2253 	write_unlock_bh(&arm_state->susp_res_lock);
2254 
2255 	if (resume) {
2256 		if (wait_for_completion_interruptible(
2257 			&arm_state->vc_resume_complete) < 0) {
2258 			vchiq_log_error(vchiq_susp_log_level,
2259 				"%s interrupted", __func__);
2260 			/* failed, cannot accurately derive suspend
2261 			 * state, so exit early. */
2262 			goto out;
2263 		}
2264 	}
2265 
2266 	read_lock_bh(&arm_state->susp_res_lock);
2267 	if (arm_state->vc_suspend_state == VC_SUSPEND_SUSPENDED) {
2268 		vchiq_log_info(vchiq_susp_log_level,
2269 				"%s: Videocore remains suspended", __func__);
2270 	} else {
2271 		vchiq_log_info(vchiq_susp_log_level,
2272 				"%s: Videocore resumed", __func__);
2273 		ret = 0;
2274 	}
2275 	read_unlock_bh(&arm_state->susp_res_lock);
2276 out:
2277 	vchiq_log_trace(vchiq_susp_log_level, "%s exit %d", __func__, ret);
2278 	return ret;
2279 }
2280 
2281 /* This function should be called with the write lock held */
2282 int
2283 vchiq_check_resume(VCHIQ_STATE_T *state)
2284 {
2285 	VCHIQ_ARM_STATE_T *arm_state = vchiq_platform_get_arm_state(state);
2286 	int resume = 0;
2287 
2288 	if (!arm_state)
2289 		goto out;
2290 
2291 	vchiq_log_trace(vchiq_susp_log_level, "%s", __func__);
2292 
2293 	if (need_resume(state)) {
2294 		set_resume_state(arm_state, VC_RESUME_REQUESTED);
2295 		request_poll(state, NULL, 0);
2296 		resume = 1;
2297 	}
2298 
2299 out:
2300 	vchiq_log_trace(vchiq_susp_log_level, "%s exit", __func__);
2301 	return resume;
2302 }
2303 
2304 #ifdef notyet
2305 void
2306 vchiq_platform_check_resume(VCHIQ_STATE_T *state)
2307 {
2308 	VCHIQ_ARM_STATE_T *arm_state = vchiq_platform_get_arm_state(state);
2309 	int res = 0;
2310 
2311 	if (!arm_state)
2312 		goto out;
2313 
2314 	vchiq_log_trace(vchiq_susp_log_level, "%s", __func__);
2315 
2316 	write_lock_bh(&arm_state->susp_res_lock);
2317 	if (arm_state->wake_address == 0) {
2318 		vchiq_log_info(vchiq_susp_log_level,
2319 					"%s: already awake", __func__);
2320 		goto unlock;
2321 	}
2322 	if (arm_state->vc_resume_state == VC_RESUME_IN_PROGRESS) {
2323 		vchiq_log_info(vchiq_susp_log_level,
2324 					"%s: already resuming", __func__);
2325 		goto unlock;
2326 	}
2327 
2328 	if (arm_state->vc_resume_state == VC_RESUME_REQUESTED) {
2329 		set_resume_state(arm_state, VC_RESUME_IN_PROGRESS);
2330 		res = 1;
2331 	} else
2332 		vchiq_log_trace(vchiq_susp_log_level,
2333 				"%s: not resuming (resume state %s)", __func__,
2334 				resume_state_names[arm_state->vc_resume_state +
2335 							VC_RESUME_NUM_OFFSET]);
2336 
2337 unlock:
2338 	write_unlock_bh(&arm_state->susp_res_lock);
2339 
2340 	if (res)
2341 		vchiq_platform_resume(state);
2342 
2343 out:
2344 	vchiq_log_trace(vchiq_susp_log_level, "%s exit", __func__);
2345 	return;
2346 
2347 }
2348 #endif
2349 
2350 
2351 
2352 VCHIQ_STATUS_T
2353 vchiq_use_internal(VCHIQ_STATE_T *state, VCHIQ_SERVICE_T *service,
2354 		enum USE_TYPE_E use_type)
2355 {
2356 	VCHIQ_ARM_STATE_T *arm_state = vchiq_platform_get_arm_state(state);
2357 	VCHIQ_STATUS_T ret = VCHIQ_SUCCESS;
2358 	char entity[16];
2359 	int *entity_uc;
2360 	int local_uc, local_entity_uc;
2361 
2362 	if (!arm_state)
2363 		goto out;
2364 
2365 	vchiq_log_trace(vchiq_susp_log_level, "%s", __func__);
2366 
2367 	if (use_type == USE_TYPE_VCHIQ) {
2368 		snprintf(entity, sizeof(entity), "VCHIQ:   ");
2369 		entity_uc = &arm_state->peer_use_count;
2370 	} else if (service) {
2371 		snprintf(entity, sizeof(entity), "%c%c%c%c:%8x",
2372 			VCHIQ_FOURCC_AS_4CHARS(service->base.fourcc),
2373 			service->client_id);
2374 		entity_uc = &service->service_use_count;
2375 	} else {
2376 		vchiq_log_error(vchiq_susp_log_level, "%s null service "
2377 				"ptr", __func__);
2378 		ret = VCHIQ_ERROR;
2379 		goto out;
2380 	}
2381 
2382 	write_lock_bh(&arm_state->susp_res_lock);
2383 	while (arm_state->resume_blocked) {
2384 		/* If we call 'use' while force suspend is waiting for suspend,
2385 		 * then we're about to block the thread which the force is
2386 		 * waiting to complete, so we're bound to just time out. In this
2387 		 * case, set the suspend state such that the wait will be
2388 		 * canceled, so we can complete as quickly as possible. */
2389 		if (arm_state->resume_blocked && arm_state->vc_suspend_state ==
2390 				VC_SUSPEND_IDLE) {
2391 			set_suspend_state(arm_state, VC_SUSPEND_FORCE_CANCELED);
2392 			break;
2393 		}
2394 		/* If suspend is already in progress then we need to block */
2395 		if (!try_wait_for_completion(&arm_state->resume_blocker)) {
2396 			/* Indicate that there are threads waiting on the resume
2397 			 * blocker.  These need to be allowed to complete before
2398 			 * a _second_ call to force suspend can complete,
2399 			 * otherwise low priority threads might never actually
2400 			 * continue */
2401 			arm_state->blocked_count++;
2402 			write_unlock_bh(&arm_state->susp_res_lock);
2403 			vchiq_log_info(vchiq_susp_log_level, "%s %s resume "
2404 				"blocked - waiting...", __func__, entity);
2405 			if (wait_for_completion_killable(
2406 					&arm_state->resume_blocker) != 0) {
2407 				vchiq_log_error(vchiq_susp_log_level, "%s %s "
2408 					"wait for resume blocker interrupted",
2409 					__func__, entity);
2410 				ret = VCHIQ_ERROR;
2411 				write_lock_bh(&arm_state->susp_res_lock);
2412 				arm_state->blocked_count--;
2413 				write_unlock_bh(&arm_state->susp_res_lock);
2414 				goto out;
2415 			}
2416 			vchiq_log_info(vchiq_susp_log_level, "%s %s resume "
2417 				"unblocked", __func__, entity);
2418 			write_lock_bh(&arm_state->susp_res_lock);
2419 			if (--arm_state->blocked_count == 0)
2420 				complete_all(&arm_state->blocked_blocker);
2421 		}
2422 	}
2423 
2424 	stop_suspend_timer(arm_state);
2425 
2426 	local_uc = ++arm_state->videocore_use_count;
2427 	local_entity_uc = ++(*entity_uc);
2428 
2429 	/* If there's a pending request which hasn't yet been serviced then
2430 	 * just clear it.  If we're past VC_SUSPEND_REQUESTED state then
2431 	 * vc_resume_complete will block until we either resume or fail to
2432 	 * suspend */
2433 	if (arm_state->vc_suspend_state <= VC_SUSPEND_REQUESTED)
2434 		set_suspend_state(arm_state, VC_SUSPEND_IDLE);
2435 
2436 	if ((use_type != USE_TYPE_SERVICE_NO_RESUME) && need_resume(state)) {
2437 		set_resume_state(arm_state, VC_RESUME_REQUESTED);
2438 		vchiq_log_info(vchiq_susp_log_level,
2439 			"%s %s count %d, state count %d",
2440 			__func__, entity, local_entity_uc, local_uc);
2441 		request_poll(state, NULL, 0);
2442 	} else
2443 		vchiq_log_trace(vchiq_susp_log_level,
2444 			"%s %s count %d, state count %d",
2445 			__func__, entity, *entity_uc, local_uc);
2446 
2447 
2448 	write_unlock_bh(&arm_state->susp_res_lock);
2449 
2450 	/* Completion is in a done state when we're not suspended, so this won't
2451 	 * block for the non-suspended case. */
2452 	if (!try_wait_for_completion(&arm_state->vc_resume_complete)) {
2453 		vchiq_log_info(vchiq_susp_log_level, "%s %s wait for resume",
2454 			__func__, entity);
2455 		if (wait_for_completion_killable(
2456 				&arm_state->vc_resume_complete) != 0) {
2457 			vchiq_log_error(vchiq_susp_log_level, "%s %s wait for "
2458 				"resume interrupted", __func__, entity);
2459 			ret = VCHIQ_ERROR;
2460 			goto out;
2461 		}
2462 		vchiq_log_info(vchiq_susp_log_level, "%s %s resumed", __func__,
2463 			entity);
2464 	}
2465 
2466 	if (ret == VCHIQ_SUCCESS) {
2467 		VCHIQ_STATUS_T status = VCHIQ_SUCCESS;
2468 		long ack_cnt = atomic_xchg(&arm_state->ka_use_ack_count, 0);
2469 		while (ack_cnt && (status == VCHIQ_SUCCESS)) {
2470 			/* Send the use notify to videocore */
2471 			status = vchiq_send_remote_use_active(state);
2472 			if (status == VCHIQ_SUCCESS)
2473 				ack_cnt--;
2474 			else
2475 				atomic_add(ack_cnt,
2476 					&arm_state->ka_use_ack_count);
2477 		}
2478 	}
2479 
2480 out:
2481 	vchiq_log_trace(vchiq_susp_log_level, "%s exit %d", __func__, ret);
2482 	return ret;
2483 }
2484 
2485 VCHIQ_STATUS_T
2486 vchiq_release_internal(VCHIQ_STATE_T *state, VCHIQ_SERVICE_T *service)
2487 {
2488 	VCHIQ_ARM_STATE_T *arm_state = vchiq_platform_get_arm_state(state);
2489 	VCHIQ_STATUS_T ret = VCHIQ_SUCCESS;
2490 	char entity[16];
2491 	int *entity_uc;
2492 
2493 	if (!arm_state)
2494 		goto out;
2495 
2496 	vchiq_log_trace(vchiq_susp_log_level, "%s", __func__);
2497 
2498 	if (service) {
2499 		snprintf(entity, sizeof(entity), "%c%c%c%c:%8x",
2500 			VCHIQ_FOURCC_AS_4CHARS(service->base.fourcc),
2501 			service->client_id);
2502 		entity_uc = &service->service_use_count;
2503 	} else {
2504 		snprintf(entity, sizeof(entity), "PEER:   ");
2505 		entity_uc = &arm_state->peer_use_count;
2506 	}
2507 
2508 	write_lock_bh(&arm_state->susp_res_lock);
2509 	if (!arm_state->videocore_use_count || !(*entity_uc)) {
2510 		/* Don't use BUG_ON - don't allow user thread to crash kernel */
2511 		WARN_ON(!arm_state->videocore_use_count);
2512 		WARN_ON(!(*entity_uc));
2513 		ret = VCHIQ_ERROR;
2514 		goto unlock;
2515 	}
2516 	--arm_state->videocore_use_count;
2517 	--(*entity_uc);
2518 
2519 	if (!vchiq_videocore_wanted(state)) {
2520 		if (vchiq_platform_use_suspend_timer() &&
2521 				!arm_state->resume_blocked) {
2522 			/* Only use the timer if we're not trying to force
2523 			 * suspend (=> resume_blocked) */
2524 			start_suspend_timer(arm_state);
2525 		} else {
2526 			vchiq_log_info(vchiq_susp_log_level,
2527 				"%s %s count %d, state count %d - suspending",
2528 				__func__, entity, *entity_uc,
2529 				arm_state->videocore_use_count);
2530 			vchiq_arm_vcsuspend(state);
2531 		}
2532 	} else
2533 		vchiq_log_trace(vchiq_susp_log_level,
2534 			"%s %s count %d, state count %d",
2535 			__func__, entity, *entity_uc,
2536 			arm_state->videocore_use_count);
2537 
2538 unlock:
2539 	write_unlock_bh(&arm_state->susp_res_lock);
2540 
2541 out:
2542 	vchiq_log_trace(vchiq_susp_log_level, "%s exit %d", __func__, ret);
2543 	return ret;
2544 }
2545 
2546 void
2547 vchiq_on_remote_use(VCHIQ_STATE_T *state)
2548 {
2549 	VCHIQ_ARM_STATE_T *arm_state = vchiq_platform_get_arm_state(state);
2550 	vchiq_log_trace(vchiq_susp_log_level, "%s", __func__);
2551 	atomic_inc(&arm_state->ka_use_count);
2552 	complete(&arm_state->ka_evt);
2553 }
2554 
2555 void
2556 vchiq_on_remote_release(VCHIQ_STATE_T *state)
2557 {
2558 	VCHIQ_ARM_STATE_T *arm_state = vchiq_platform_get_arm_state(state);
2559 	vchiq_log_trace(vchiq_susp_log_level, "%s", __func__);
2560 	atomic_inc(&arm_state->ka_release_count);
2561 	complete(&arm_state->ka_evt);
2562 }
2563 
2564 VCHIQ_STATUS_T
2565 vchiq_use_service_internal(VCHIQ_SERVICE_T *service)
2566 {
2567 	return vchiq_use_internal(service->state, service, USE_TYPE_SERVICE);
2568 }
2569 
2570 VCHIQ_STATUS_T
2571 vchiq_release_service_internal(VCHIQ_SERVICE_T *service)
2572 {
2573 	return vchiq_release_internal(service->state, service);
2574 }
2575 
2576 static void suspend_timer_callback(unsigned long context)
2577 {
2578 	VCHIQ_STATE_T *state = (VCHIQ_STATE_T *)context;
2579 	VCHIQ_ARM_STATE_T *arm_state = vchiq_platform_get_arm_state(state);
2580 	if (!arm_state)
2581 		goto out;
2582 	vchiq_log_info(vchiq_susp_log_level,
2583 		"%s - suspend timer expired - check suspend", __func__);
2584 	vchiq_check_suspend(state);
2585 out:
2586 	return;
2587 }
2588 
2589 VCHIQ_STATUS_T
2590 vchiq_use_service_no_resume(VCHIQ_SERVICE_HANDLE_T handle)
2591 {
2592 	VCHIQ_STATUS_T ret = VCHIQ_ERROR;
2593 	VCHIQ_SERVICE_T *service = find_service_by_handle(handle);
2594 	if (service) {
2595 		ret = vchiq_use_internal(service->state, service,
2596 				USE_TYPE_SERVICE_NO_RESUME);
2597 		unlock_service(service);
2598 	}
2599 	return ret;
2600 }
2601 
2602 VCHIQ_STATUS_T
2603 vchiq_use_service(VCHIQ_SERVICE_HANDLE_T handle)
2604 {
2605 	VCHIQ_STATUS_T ret = VCHIQ_ERROR;
2606 	VCHIQ_SERVICE_T *service = find_service_by_handle(handle);
2607 	if (service) {
2608 		ret = vchiq_use_internal(service->state, service,
2609 				USE_TYPE_SERVICE);
2610 		unlock_service(service);
2611 	}
2612 	return ret;
2613 }
2614 
2615 VCHIQ_STATUS_T
2616 vchiq_release_service(VCHIQ_SERVICE_HANDLE_T handle)
2617 {
2618 	VCHIQ_STATUS_T ret = VCHIQ_ERROR;
2619 	VCHIQ_SERVICE_T *service = find_service_by_handle(handle);
2620 	if (service) {
2621 		ret = vchiq_release_internal(service->state, service);
2622 		unlock_service(service);
2623 	}
2624 	return ret;
2625 }
2626 
2627 void
2628 vchiq_dump_service_use_state(VCHIQ_STATE_T *state)
2629 {
2630 	VCHIQ_ARM_STATE_T *arm_state = vchiq_platform_get_arm_state(state);
2631 	int i, j = 0;
2632 	/* Only dump 64 services */
2633 	static const int local_max_services = 64;
2634 	/* If there's more than 64 services, only dump ones with
2635 	 * non-zero counts */
2636 	int only_nonzero = 0;
2637 	static const char *nz = "<-- preventing suspend";
2638 
2639 	enum vc_suspend_status vc_suspend_state;
2640 	enum vc_resume_status  vc_resume_state;
2641 	int peer_count;
2642 	int vc_use_count;
2643 	int active_services;
2644 	struct service_data_struct {
2645 		int fourcc;
2646 		int clientid;
2647 		int use_count;
2648 	} service_data[local_max_services];
2649 
2650 	if (!arm_state)
2651 		return;
2652 
2653 	read_lock_bh(&arm_state->susp_res_lock);
2654 	vc_suspend_state = arm_state->vc_suspend_state;
2655 	vc_resume_state  = arm_state->vc_resume_state;
2656 	peer_count = arm_state->peer_use_count;
2657 	vc_use_count = arm_state->videocore_use_count;
2658 	active_services = state->unused_service;
2659 	if (active_services > local_max_services)
2660 		only_nonzero = 1;
2661 
2662 	for (i = 0; (i < active_services) && (j < local_max_services); i++) {
2663 		VCHIQ_SERVICE_T *service_ptr = state->services[i];
2664 		if (!service_ptr)
2665 			continue;
2666 
2667 		if (only_nonzero && !service_ptr->service_use_count)
2668 			continue;
2669 
2670 		if (service_ptr->srvstate != VCHIQ_SRVSTATE_FREE) {
2671 			service_data[j].fourcc = service_ptr->base.fourcc;
2672 			service_data[j].clientid = service_ptr->client_id;
2673 			service_data[j++].use_count = service_ptr->
2674 							service_use_count;
2675 		}
2676 	}
2677 
2678 	read_unlock_bh(&arm_state->susp_res_lock);
2679 
2680 	vchiq_log_warning(vchiq_susp_log_level,
2681 		"-- Videcore suspend state: %s --",
2682 		suspend_state_names[vc_suspend_state + VC_SUSPEND_NUM_OFFSET]);
2683 	vchiq_log_warning(vchiq_susp_log_level,
2684 		"-- Videcore resume state: %s --",
2685 		resume_state_names[vc_resume_state + VC_RESUME_NUM_OFFSET]);
2686 
2687 	if (only_nonzero)
2688 		vchiq_log_warning(vchiq_susp_log_level, "Too many active "
2689 			"services (%d).  Only dumping up to first %d services "
2690 			"with non-zero use-count", active_services,
2691 			local_max_services);
2692 
2693 	for (i = 0; i < j; i++) {
2694 		vchiq_log_warning(vchiq_susp_log_level,
2695 			"----- %c%c%c%c:%d service count %d %s",
2696 			VCHIQ_FOURCC_AS_4CHARS(service_data[i].fourcc),
2697 			service_data[i].clientid,
2698 			service_data[i].use_count,
2699 			service_data[i].use_count ? nz : "");
2700 	}
2701 	vchiq_log_warning(vchiq_susp_log_level,
2702 		"----- VCHIQ use count count %d", peer_count);
2703 	vchiq_log_warning(vchiq_susp_log_level,
2704 		"--- Overall vchiq instance use count %d", vc_use_count);
2705 
2706 	vchiq_dump_platform_use_state(state);
2707 }
2708 
2709 VCHIQ_STATUS_T
2710 vchiq_check_service(VCHIQ_SERVICE_T *service)
2711 {
2712 	VCHIQ_ARM_STATE_T *arm_state;
2713 	VCHIQ_STATUS_T ret = VCHIQ_ERROR;
2714 
2715 	if (!service || !service->state)
2716 		goto out;
2717 
2718 	vchiq_log_trace(vchiq_susp_log_level, "%s", __func__);
2719 
2720 	arm_state = vchiq_platform_get_arm_state(service->state);
2721 
2722 	read_lock_bh(&arm_state->susp_res_lock);
2723 	if (service->service_use_count)
2724 		ret = VCHIQ_SUCCESS;
2725 	read_unlock_bh(&arm_state->susp_res_lock);
2726 
2727 	if (ret == VCHIQ_ERROR) {
2728 		vchiq_log_error(vchiq_susp_log_level,
2729 			"%s ERROR - %c%c%c%c:%8x service count %d, "
2730 			"state count %d, videocore suspend state %s", __func__,
2731 			VCHIQ_FOURCC_AS_4CHARS(service->base.fourcc),
2732 			service->client_id, service->service_use_count,
2733 			arm_state->videocore_use_count,
2734 			suspend_state_names[arm_state->vc_suspend_state +
2735 						VC_SUSPEND_NUM_OFFSET]);
2736 		vchiq_dump_service_use_state(service->state);
2737 	}
2738 out:
2739 	return ret;
2740 }
2741 
2742 /* stub functions */
2743 void vchiq_on_remote_use_active(VCHIQ_STATE_T *state)
2744 {
2745 	(void)state;
2746 }
2747 
2748 void vchiq_platform_conn_state_changed(VCHIQ_STATE_T *state,
2749 	VCHIQ_CONNSTATE_T oldstate, VCHIQ_CONNSTATE_T newstate)
2750 {
2751 	VCHIQ_ARM_STATE_T *arm_state = vchiq_platform_get_arm_state(state);
2752 	vchiq_log_info(vchiq_susp_log_level, "%d: %s->%s", state->id,
2753 		get_conn_state_name(oldstate), get_conn_state_name(newstate));
2754 	if (state->conn_state == VCHIQ_CONNSTATE_CONNECTED) {
2755 		write_lock_bh(&arm_state->susp_res_lock);
2756 		if (!arm_state->first_connect) {
2757 			char threadname[10];
2758 			arm_state->first_connect = 1;
2759 			write_unlock_bh(&arm_state->susp_res_lock);
2760 			snprintf(threadname, sizeof(threadname), "VCHIQka-%d",
2761 				state->id);
2762 			arm_state->ka_thread = vchiq_thread_create(
2763 				&vchiq_keepalive_thread_func,
2764 				(void *)state,
2765 				threadname);
2766 			if (arm_state->ka_thread == NULL) {
2767 				vchiq_log_error(vchiq_susp_log_level,
2768 					"vchiq: FATAL: couldn't create thread %s",
2769 					threadname);
2770 			} else {
2771 				wake_up_process(arm_state->ka_thread);
2772 			}
2773 		} else
2774 			write_unlock_bh(&arm_state->susp_res_lock);
2775 	}
2776 }
2777 
2778 /****************************************************************************
2779 *
2780 *   vchiq_init - called when the module is loaded.
2781 *
2782 ***************************************************************************/
2783 
2784 int __init vchiq_init(void);
2785 int __init
2786 vchiq_init(void)
2787 {
2788 	int err;
2789 
2790 #ifdef notyet
2791 	/* create proc entries */
2792 	err = vchiq_proc_init();
2793 	if (err != 0)
2794 		goto failed_proc_init;
2795 #endif
2796 
2797 	vchiq_cdev = make_dev(&vchiq_cdevsw, 0,
2798 	    UID_ROOT, GID_WHEEL, 0600, "vchiq");
2799 	if (!vchiq_cdev) {
2800 		printf("Failed to create /dev/vchiq");
2801 		return (-ENXIO);
2802 	}
2803 
2804 	spin_lock_init(&msg_queue_spinlock);
2805 
2806 	err = vchiq_platform_init(&g_state);
2807 	if (err != 0)
2808 		goto failed_platform_init;
2809 
2810 	vchiq_log_info(vchiq_arm_log_level,
2811 		"vchiq: initialised - version %d (min %d)",
2812 		VCHIQ_VERSION, VCHIQ_VERSION_MIN);
2813 
2814 	return 0;
2815 
2816 failed_platform_init:
2817 	if (vchiq_cdev) {
2818 		destroy_dev(vchiq_cdev);
2819 		vchiq_cdev = NULL;
2820 	}
2821 	vchiq_log_warning(vchiq_arm_log_level, "could not load vchiq");
2822 	return err;
2823 }
2824 
2825 #ifdef notyet
2826 static int vchiq_instance_get_use_count(VCHIQ_INSTANCE_T instance)
2827 {
2828 	VCHIQ_SERVICE_T *service;
2829 	int use_count = 0, i;
2830 	i = 0;
2831 	while ((service = next_service_by_instance(instance->state,
2832 		instance, &i)) != NULL) {
2833 		use_count += service->service_use_count;
2834 		unlock_service(service);
2835 	}
2836 	return use_count;
2837 }
2838 
2839 /* read the per-process use-count */
2840 static int proc_read_use_count(char *page, char **start,
2841 			       off_t off, int count,
2842 			       int *eof, void *data)
2843 {
2844 	VCHIQ_INSTANCE_T instance = data;
2845 	int len, use_count;
2846 
2847 	use_count = vchiq_instance_get_use_count(instance);
2848 	len = snprintf(page+off, count, "%d\n", use_count);
2849 
2850 	return len;
2851 }
2852 
2853 /* add an instance (process) to the proc entries */
2854 static int vchiq_proc_add_instance(VCHIQ_INSTANCE_T instance)
2855 {
2856 	char pidstr[32];
2857 	struct proc_dir_entry *top, *use_count;
2858 	struct proc_dir_entry *clients = vchiq_clients_top();
2859 	int pid = instance->pid;
2860 
2861 	snprintf(pidstr, sizeof(pidstr), "%d", pid);
2862 	top = proc_mkdir(pidstr, clients);
2863 	if (!top)
2864 		goto fail_top;
2865 
2866 	use_count = create_proc_read_entry("use_count",
2867 					   0444, top,
2868 					   proc_read_use_count,
2869 					   instance);
2870 	if (!use_count)
2871 		goto fail_use_count;
2872 
2873 	instance->proc_entry = top;
2874 
2875 	return 0;
2876 
2877 fail_use_count:
2878 	remove_proc_entry(top->name, clients);
2879 fail_top:
2880 	return -ENOMEM;
2881 }
2882 
2883 static void vchiq_proc_remove_instance(VCHIQ_INSTANCE_T instance)
2884 {
2885 	struct proc_dir_entry *clients = vchiq_clients_top();
2886 	remove_proc_entry("use_count", instance->proc_entry);
2887 	remove_proc_entry(instance->proc_entry->name, clients);
2888 }
2889 
2890 #endif
2891 
2892 /****************************************************************************
2893 *
2894 *   vchiq_exit - called when the module is unloaded.
2895 *
2896 ***************************************************************************/
2897 
2898 void vchiq_exit(void);
2899 void
2900 vchiq_exit(void)
2901 {
2902 	if (vchiq_ehtag == NULL)
2903 		EVENTHANDLER_DEREGISTER(dev_clone, vchiq_ehtag);
2904 	vchiq_ehtag = NULL;
2905 
2906 	vchiq_platform_exit(&g_state);
2907 	if (vchiq_cdev) {
2908 		destroy_dev(vchiq_cdev);
2909 		vchiq_cdev = NULL;
2910 	}
2911 }
2912