1 // SPDX-License-Identifier: GPL-2.0-only 2 3 /* Copyright (c) 2020-2021, The Linux Foundation. All rights reserved. */ 4 /* Copyright (c) 2021-2024 Qualcomm Innovation Center, Inc. All rights reserved. */ 5 6 #include <asm/byteorder.h> 7 #include <drm/drm_file.h> 8 #include <drm/drm_managed.h> 9 #include <linux/devcoredump.h> 10 #include <linux/device.h> 11 #include <linux/kernel.h> 12 #include <linux/mhi.h> 13 #include <linux/workqueue.h> 14 15 #include "qaic.h" 16 #include "qaic_ssr.h" 17 18 #define SSR_RESP_MSG_SZ 32 19 #define SSR_MHI_BUF_SIZE SZ_64K 20 #define SSR_MEM_READ_DATA_SIZE ((u64)SSR_MHI_BUF_SIZE - sizeof(struct ssr_crashdump)) 21 #define SSR_MEM_READ_CHUNK_SIZE ((u64)SSR_MEM_READ_DATA_SIZE - sizeof(struct ssr_memory_read_rsp)) 22 23 #define DEBUG_TRANSFER_INFO BIT(0) 24 #define DEBUG_TRANSFER_INFO_RSP BIT(1) 25 #define MEMORY_READ BIT(2) 26 #define MEMORY_READ_RSP BIT(3) 27 #define DEBUG_TRANSFER_DONE BIT(4) 28 #define DEBUG_TRANSFER_DONE_RSP BIT(5) 29 #define SSR_EVENT BIT(8) 30 #define SSR_EVENT_RSP BIT(9) 31 32 #define SSR_EVENT_NACK BIT(0) 33 #define BEFORE_SHUTDOWN BIT(1) 34 #define AFTER_SHUTDOWN BIT(2) 35 #define BEFORE_POWER_UP BIT(3) 36 #define AFTER_POWER_UP BIT(4) 37 38 struct debug_info_table { 39 /* Save preferences. Default is mandatory */ 40 u64 save_perf; 41 /* Base address of the debug region */ 42 u64 mem_base; 43 /* Size of debug region in bytes */ 44 u64 len; 45 /* Description */ 46 char desc[20]; 47 /* Filename of debug region */ 48 char filename[20]; 49 }; 50 51 struct _ssr_hdr { 52 __le32 cmd; 53 __le32 len; 54 __le32 dbc_id; 55 }; 56 57 struct ssr_hdr { 58 u32 cmd; 59 u32 len; 60 u32 dbc_id; 61 }; 62 63 struct ssr_debug_transfer_info { 64 struct ssr_hdr hdr; 65 u32 resv; 66 u64 tbl_addr; 67 u64 tbl_len; 68 } __packed; 69 70 struct ssr_debug_transfer_info_rsp { 71 struct _ssr_hdr hdr; 72 __le32 ret; 73 } __packed; 74 75 struct ssr_memory_read { 76 struct _ssr_hdr hdr; 77 __le32 resv; 78 __le64 addr; 79 __le64 len; 80 } __packed; 81 82 struct ssr_memory_read_rsp { 83 struct _ssr_hdr hdr; 84 __le32 resv; 85 u8 data[]; 86 } __packed; 87 88 struct ssr_debug_transfer_done { 89 struct _ssr_hdr hdr; 90 __le32 resv; 91 } __packed; 92 93 struct ssr_debug_transfer_done_rsp { 94 struct _ssr_hdr hdr; 95 __le32 ret; 96 } __packed; 97 98 struct ssr_event { 99 struct ssr_hdr hdr; 100 u32 event; 101 } __packed; 102 103 struct ssr_event_rsp { 104 struct _ssr_hdr hdr; 105 __le32 event; 106 } __packed; 107 108 struct ssr_resp { 109 /* Work struct to schedule work coming on QAIC_SSR channel */ 110 struct work_struct work; 111 /* Root struct of device, used to access device resources */ 112 struct qaic_device *qdev; 113 /* Buffer used by MHI for transfer requests */ 114 u8 data[] __aligned(8); 115 }; 116 117 /* SSR crashdump book keeping structure */ 118 struct ssr_dump_info { 119 /* DBC associated with this SSR crashdump */ 120 struct dma_bridge_chan *dbc; 121 /* 122 * It will be used when we complete the crashdump download and switch 123 * to waiting on SSR events 124 */ 125 struct ssr_resp *resp; 126 /* MEMORY READ request MHI buffer.*/ 127 struct ssr_memory_read *read_buf_req; 128 /* TRUE: ->read_buf_req is queued for MHI transaction. FALSE: Otherwise */ 129 bool read_buf_req_queued; 130 /* Address of table in host */ 131 void *tbl_addr; 132 /* Total size of table */ 133 u64 tbl_len; 134 /* Offset of table(->tbl_addr) where the new chunk will be dumped */ 135 u64 tbl_off; 136 /* Address of table in device/target */ 137 u64 tbl_addr_dev; 138 /* Ptr to the entire dump */ 139 void *dump_addr; 140 /* Entire crashdump size */ 141 u64 dump_sz; 142 /* Offset of crashdump(->dump_addr) where the new chunk will be dumped */ 143 u64 dump_off; 144 /* Points to the table entry we are currently downloading */ 145 struct debug_info_table *tbl_ent; 146 /* Offset in the current table entry(->tbl_ent) for next chuck */ 147 u64 tbl_ent_off; 148 }; 149 150 struct ssr_crashdump { 151 /* 152 * Points to a book keeping struct maintained by MHI SSR device while 153 * downloading a SSR crashdump. It is NULL when crashdump downloading 154 * not in progress. 155 */ 156 struct ssr_dump_info *dump_info; 157 /* Work struct to schedule work coming on QAIC_SSR channel */ 158 struct work_struct work; 159 /* Root struct of device, used to access device resources */ 160 struct qaic_device *qdev; 161 /* Buffer used by MHI for transfer requests */ 162 u8 data[]; 163 }; 164 165 #define QAIC_SSR_DUMP_V1_MAGIC 0x1234567890abcdef 166 #define QAIC_SSR_DUMP_V1_VER 1 167 struct dump_file_meta { 168 u64 magic; 169 u64 version; 170 u64 size; /* Total size of the entire dump */ 171 u64 tbl_len; /* Length of the table in byte */ 172 }; 173 174 /* 175 * Layout of crashdump 176 * +------------------------------------------+ 177 * | Crashdump Meta structure | 178 * | type: struct dump_file_meta | 179 * +------------------------------------------+ 180 * | Crashdump Table | 181 * | type: array of struct debug_info_table | 182 * | | 183 * | | 184 * | | 185 * +------------------------------------------+ 186 * | Crashdump | 187 * | | 188 * | | 189 * | | 190 * | | 191 * | | 192 * +------------------------------------------+ 193 */ 194 195 static void free_ssr_dump_info(struct ssr_crashdump *ssr_crash) 196 { 197 struct ssr_dump_info *dump_info = ssr_crash->dump_info; 198 199 ssr_crash->dump_info = NULL; 200 if (!dump_info) 201 return; 202 if (!dump_info->read_buf_req_queued) 203 kfree(dump_info->read_buf_req); 204 vfree(dump_info->tbl_addr); 205 vfree(dump_info->dump_addr); 206 kfree(dump_info); 207 } 208 209 void qaic_clean_up_ssr(struct qaic_device *qdev) 210 { 211 struct ssr_crashdump *ssr_crash = qdev->ssr_mhi_buf; 212 213 if (!ssr_crash) 214 return; 215 216 qaic_dbc_exit_ssr(qdev); 217 free_ssr_dump_info(ssr_crash); 218 } 219 220 static int alloc_dump(struct ssr_dump_info *dump_info) 221 { 222 struct debug_info_table *tbl_ent = dump_info->tbl_addr; 223 struct dump_file_meta *dump_meta; 224 u64 tbl_sz_lp = 0; 225 u64 dump_size = 0; 226 227 while (tbl_sz_lp < dump_info->tbl_len) { 228 le64_to_cpus(&tbl_ent->save_perf); 229 le64_to_cpus(&tbl_ent->mem_base); 230 le64_to_cpus(&tbl_ent->len); 231 232 if (tbl_ent->len == 0) 233 return -EINVAL; 234 235 dump_size += tbl_ent->len; 236 tbl_ent++; 237 tbl_sz_lp += sizeof(*tbl_ent); 238 } 239 240 dump_info->dump_sz = dump_size + dump_info->tbl_len + sizeof(*dump_meta); 241 dump_info->dump_addr = vzalloc(dump_info->dump_sz); 242 if (!dump_info->dump_addr) 243 return -ENOMEM; 244 245 /* Copy crashdump meta and table */ 246 dump_meta = dump_info->dump_addr; 247 dump_meta->magic = QAIC_SSR_DUMP_V1_MAGIC; 248 dump_meta->version = QAIC_SSR_DUMP_V1_VER; 249 dump_meta->size = dump_info->dump_sz; 250 dump_meta->tbl_len = dump_info->tbl_len; 251 memcpy(dump_info->dump_addr + sizeof(*dump_meta), dump_info->tbl_addr, dump_info->tbl_len); 252 /* Offset by crashdump meta and table (copied above) */ 253 dump_info->dump_off = dump_info->tbl_len + sizeof(*dump_meta); 254 255 return 0; 256 } 257 258 static int send_xfer_done(struct qaic_device *qdev, void *resp, u32 dbc_id) 259 { 260 struct ssr_debug_transfer_done *xfer_done; 261 int ret; 262 263 xfer_done = kmalloc(sizeof(*xfer_done), GFP_KERNEL); 264 if (!xfer_done) { 265 ret = -ENOMEM; 266 goto out; 267 } 268 269 ret = mhi_queue_buf(qdev->ssr_ch, DMA_FROM_DEVICE, resp, SSR_RESP_MSG_SZ, MHI_EOT); 270 if (ret) 271 goto free_xfer_done; 272 273 xfer_done->hdr.cmd = cpu_to_le32(DEBUG_TRANSFER_DONE); 274 xfer_done->hdr.len = cpu_to_le32(sizeof(*xfer_done)); 275 xfer_done->hdr.dbc_id = cpu_to_le32(dbc_id); 276 277 ret = mhi_queue_buf(qdev->ssr_ch, DMA_TO_DEVICE, xfer_done, sizeof(*xfer_done), MHI_EOT); 278 if (ret) 279 goto free_xfer_done; 280 281 return 0; 282 283 free_xfer_done: 284 kfree(xfer_done); 285 out: 286 return ret; 287 } 288 289 static int mem_read_req(struct qaic_device *qdev, u64 dest_addr, u64 dest_len) 290 { 291 struct ssr_crashdump *ssr_crash = qdev->ssr_mhi_buf; 292 struct ssr_memory_read *read_buf_req; 293 struct ssr_dump_info *dump_info; 294 int ret; 295 296 dump_info = ssr_crash->dump_info; 297 ret = mhi_queue_buf(qdev->ssr_ch, DMA_FROM_DEVICE, ssr_crash->data, SSR_MEM_READ_DATA_SIZE, 298 MHI_EOT); 299 if (ret) 300 goto out; 301 302 read_buf_req = dump_info->read_buf_req; 303 read_buf_req->hdr.cmd = cpu_to_le32(MEMORY_READ); 304 read_buf_req->hdr.len = cpu_to_le32(sizeof(*read_buf_req)); 305 read_buf_req->hdr.dbc_id = cpu_to_le32(qdev->ssr_dbc); 306 read_buf_req->addr = cpu_to_le64(dest_addr); 307 read_buf_req->len = cpu_to_le64(dest_len); 308 309 ret = mhi_queue_buf(qdev->ssr_ch, DMA_TO_DEVICE, read_buf_req, sizeof(*read_buf_req), 310 MHI_EOT); 311 if (!ret) 312 dump_info->read_buf_req_queued = true; 313 314 out: 315 return ret; 316 } 317 318 static int ssr_copy_table(struct ssr_dump_info *dump_info, void *data, u64 len) 319 { 320 if (len > dump_info->tbl_len - dump_info->tbl_off) 321 return -EINVAL; 322 323 memcpy(dump_info->tbl_addr + dump_info->tbl_off, data, len); 324 dump_info->tbl_off += len; 325 326 /* Entire table has been downloaded, alloc dump memory */ 327 if (dump_info->tbl_off == dump_info->tbl_len) { 328 dump_info->tbl_ent = dump_info->tbl_addr; 329 return alloc_dump(dump_info); 330 } 331 332 return 0; 333 } 334 335 static int ssr_copy_dump(struct ssr_dump_info *dump_info, void *data, u64 len) 336 { 337 struct debug_info_table *tbl_ent; 338 339 tbl_ent = dump_info->tbl_ent; 340 341 if (len > tbl_ent->len - dump_info->tbl_ent_off) 342 return -EINVAL; 343 344 memcpy(dump_info->dump_addr + dump_info->dump_off, data, len); 345 dump_info->dump_off += len; 346 dump_info->tbl_ent_off += len; 347 348 /* 349 * Current segment (a entry in table) of the crashdump is complete, 350 * move to next one 351 */ 352 if (tbl_ent->len == dump_info->tbl_ent_off) { 353 dump_info->tbl_ent++; 354 dump_info->tbl_ent_off = 0; 355 } 356 357 return 0; 358 } 359 360 static void ssr_dump_worker(struct work_struct *work) 361 { 362 struct ssr_crashdump *ssr_crash = container_of(work, struct ssr_crashdump, work); 363 struct qaic_device *qdev = ssr_crash->qdev; 364 struct ssr_memory_read_rsp *mem_rd_resp; 365 struct debug_info_table *tbl_ent; 366 struct ssr_dump_info *dump_info; 367 u64 dest_addr, dest_len; 368 struct _ssr_hdr *_hdr; 369 struct ssr_hdr hdr; 370 u64 data_len; 371 int ret; 372 373 mem_rd_resp = (struct ssr_memory_read_rsp *)ssr_crash->data; 374 _hdr = &mem_rd_resp->hdr; 375 hdr.cmd = le32_to_cpu(_hdr->cmd); 376 hdr.len = le32_to_cpu(_hdr->len); 377 hdr.dbc_id = le32_to_cpu(_hdr->dbc_id); 378 379 if (hdr.dbc_id != qdev->ssr_dbc) 380 goto reset_device; 381 382 dump_info = ssr_crash->dump_info; 383 if (!dump_info) 384 goto reset_device; 385 386 if (hdr.cmd != MEMORY_READ_RSP) 387 goto free_dump_info; 388 389 if (hdr.len > SSR_MEM_READ_DATA_SIZE) 390 goto free_dump_info; 391 392 data_len = hdr.len - sizeof(*mem_rd_resp); 393 394 if (dump_info->tbl_off < dump_info->tbl_len) /* Chunk belongs to table */ 395 ret = ssr_copy_table(dump_info, mem_rd_resp->data, data_len); 396 else /* Chunk belongs to crashdump */ 397 ret = ssr_copy_dump(dump_info, mem_rd_resp->data, data_len); 398 399 if (ret) 400 goto free_dump_info; 401 402 if (dump_info->tbl_off < dump_info->tbl_len) { 403 /* Continue downloading table */ 404 dest_addr = dump_info->tbl_addr_dev + dump_info->tbl_off; 405 dest_len = min(SSR_MEM_READ_CHUNK_SIZE, dump_info->tbl_len - dump_info->tbl_off); 406 ret = mem_read_req(qdev, dest_addr, dest_len); 407 } else if (dump_info->dump_off < dump_info->dump_sz) { 408 /* Continue downloading crashdump */ 409 tbl_ent = dump_info->tbl_ent; 410 dest_addr = tbl_ent->mem_base + dump_info->tbl_ent_off; 411 dest_len = min(SSR_MEM_READ_CHUNK_SIZE, tbl_ent->len - dump_info->tbl_ent_off); 412 ret = mem_read_req(qdev, dest_addr, dest_len); 413 } else { 414 /* Crashdump download complete */ 415 ret = send_xfer_done(qdev, dump_info->resp->data, hdr.dbc_id); 416 } 417 418 /* Most likely a MHI xfer has failed */ 419 if (ret) 420 goto free_dump_info; 421 422 return; 423 424 free_dump_info: 425 /* Free the allocated memory */ 426 free_ssr_dump_info(ssr_crash); 427 reset_device: 428 /* 429 * After subsystem crashes in device crashdump collection begins but 430 * something went wrong while collecting crashdump, now instead of 431 * handling this error we just reset the device as the best effort has 432 * been made 433 */ 434 mhi_soc_reset(qdev->mhi_cntrl); 435 } 436 437 static struct ssr_dump_info *alloc_dump_info(struct qaic_device *qdev, 438 struct ssr_debug_transfer_info *debug_info) 439 { 440 struct ssr_dump_info *dump_info; 441 int ret; 442 443 le64_to_cpus(&debug_info->tbl_len); 444 le64_to_cpus(&debug_info->tbl_addr); 445 446 if (debug_info->tbl_len == 0 || 447 debug_info->tbl_len % sizeof(struct debug_info_table) != 0) { 448 ret = -EINVAL; 449 goto out; 450 } 451 452 /* Allocate SSR crashdump book keeping structure */ 453 dump_info = kzalloc(sizeof(*dump_info), GFP_KERNEL); 454 if (!dump_info) { 455 ret = -ENOMEM; 456 goto out; 457 } 458 459 /* Buffer used to send MEMORY READ request to device via MHI */ 460 dump_info->read_buf_req = kzalloc(sizeof(*dump_info->read_buf_req), GFP_KERNEL); 461 if (!dump_info->read_buf_req) { 462 ret = -ENOMEM; 463 goto free_dump_info; 464 } 465 466 /* Crashdump meta table buffer */ 467 dump_info->tbl_addr = vzalloc(debug_info->tbl_len); 468 if (!dump_info->tbl_addr) { 469 ret = -ENOMEM; 470 goto free_read_buf_req; 471 } 472 473 dump_info->tbl_addr_dev = debug_info->tbl_addr; 474 dump_info->tbl_len = debug_info->tbl_len; 475 476 return dump_info; 477 478 free_read_buf_req: 479 kfree(dump_info->read_buf_req); 480 free_dump_info: 481 kfree(dump_info); 482 out: 483 return ERR_PTR(ret); 484 } 485 486 static int dbg_xfer_info_rsp(struct qaic_device *qdev, struct dma_bridge_chan *dbc, 487 struct ssr_debug_transfer_info *debug_info) 488 { 489 struct ssr_debug_transfer_info_rsp *debug_rsp; 490 struct ssr_crashdump *ssr_crash = NULL; 491 int ret = 0, ret2; 492 493 debug_rsp = kmalloc(sizeof(*debug_rsp), GFP_KERNEL); 494 if (!debug_rsp) 495 return -ENOMEM; 496 497 if (!qdev->ssr_mhi_buf) { 498 ret = -ENOMEM; 499 goto send_rsp; 500 } 501 502 if (dbc->state != DBC_STATE_BEFORE_POWER_UP) { 503 ret = -EINVAL; 504 goto send_rsp; 505 } 506 507 ssr_crash = qdev->ssr_mhi_buf; 508 ssr_crash->dump_info = alloc_dump_info(qdev, debug_info); 509 if (IS_ERR(ssr_crash->dump_info)) { 510 ret = PTR_ERR(ssr_crash->dump_info); 511 ssr_crash->dump_info = NULL; 512 } 513 514 send_rsp: 515 debug_rsp->hdr.cmd = cpu_to_le32(DEBUG_TRANSFER_INFO_RSP); 516 debug_rsp->hdr.len = cpu_to_le32(sizeof(*debug_rsp)); 517 debug_rsp->hdr.dbc_id = cpu_to_le32(dbc->id); 518 /* 519 * 0 = Return an ACK confirming the host is ready to download crashdump 520 * 1 = Return an NACK confirming the host is not ready to download crashdump 521 */ 522 debug_rsp->ret = cpu_to_le32(ret ? 1 : 0); 523 524 ret2 = mhi_queue_buf(qdev->ssr_ch, DMA_TO_DEVICE, debug_rsp, sizeof(*debug_rsp), MHI_EOT); 525 if (ret2) { 526 free_ssr_dump_info(ssr_crash); 527 kfree(debug_rsp); 528 return ret2; 529 } 530 531 return ret; 532 } 533 534 static void dbg_xfer_done_rsp(struct qaic_device *qdev, struct dma_bridge_chan *dbc, 535 struct ssr_debug_transfer_done_rsp *xfer_rsp) 536 { 537 struct ssr_crashdump *ssr_crash = qdev->ssr_mhi_buf; 538 u32 status = le32_to_cpu(xfer_rsp->ret); 539 struct device *dev = &qdev->pdev->dev; 540 struct ssr_dump_info *dump_info; 541 542 dump_info = ssr_crash->dump_info; 543 if (!dump_info) 544 return; 545 546 if (status) { 547 free_ssr_dump_info(ssr_crash); 548 return; 549 } 550 551 dev_coredumpv(dev, dump_info->dump_addr, dump_info->dump_sz, GFP_KERNEL); 552 /* dev_coredumpv will free dump_info->dump_addr */ 553 dump_info->dump_addr = NULL; 554 free_ssr_dump_info(ssr_crash); 555 } 556 557 static void ssr_worker(struct work_struct *work) 558 { 559 struct ssr_resp *resp = container_of(work, struct ssr_resp, work); 560 struct ssr_hdr *hdr = (struct ssr_hdr *)resp->data; 561 struct ssr_dump_info *dump_info = NULL; 562 struct qaic_device *qdev = resp->qdev; 563 struct ssr_crashdump *ssr_crash; 564 struct ssr_event_rsp *event_rsp; 565 struct dma_bridge_chan *dbc; 566 struct ssr_event *event; 567 u32 ssr_event_ack; 568 int ret; 569 570 le32_to_cpus(&hdr->cmd); 571 le32_to_cpus(&hdr->len); 572 le32_to_cpus(&hdr->dbc_id); 573 574 if (hdr->len > SSR_RESP_MSG_SZ) 575 goto out; 576 577 if (hdr->dbc_id >= qdev->num_dbc) 578 goto out; 579 580 dbc = &qdev->dbc[hdr->dbc_id]; 581 582 switch (hdr->cmd) { 583 case DEBUG_TRANSFER_INFO: 584 ret = dbg_xfer_info_rsp(qdev, dbc, (struct ssr_debug_transfer_info *)resp->data); 585 if (ret) 586 break; 587 588 ssr_crash = qdev->ssr_mhi_buf; 589 dump_info = ssr_crash->dump_info; 590 dump_info->dbc = dbc; 591 dump_info->resp = resp; 592 593 /* Start by downloading debug table */ 594 ret = mem_read_req(qdev, dump_info->tbl_addr_dev, 595 min(dump_info->tbl_len, SSR_MEM_READ_CHUNK_SIZE)); 596 if (ret) { 597 free_ssr_dump_info(ssr_crash); 598 break; 599 } 600 601 /* 602 * Till now everything went fine, which means that we will be 603 * collecting crashdump chunk by chunk. Do not queue a response 604 * buffer for SSR cmds till the crashdump is complete. 605 */ 606 return; 607 case SSR_EVENT: 608 event = (struct ssr_event *)hdr; 609 le32_to_cpus(&event->event); 610 ssr_event_ack = event->event; 611 ssr_crash = qdev->ssr_mhi_buf; 612 613 switch (event->event) { 614 case BEFORE_SHUTDOWN: 615 set_dbc_state(qdev, hdr->dbc_id, DBC_STATE_BEFORE_SHUTDOWN); 616 qaic_dbc_enter_ssr(qdev, hdr->dbc_id); 617 break; 618 case AFTER_SHUTDOWN: 619 set_dbc_state(qdev, hdr->dbc_id, DBC_STATE_AFTER_SHUTDOWN); 620 break; 621 case BEFORE_POWER_UP: 622 set_dbc_state(qdev, hdr->dbc_id, DBC_STATE_BEFORE_POWER_UP); 623 break; 624 case AFTER_POWER_UP: 625 /* 626 * If dump info is a non NULL value it means that we 627 * have received this SSR event while downloading a 628 * crashdump for this DBC is still in progress. NACK 629 * the SSR event 630 */ 631 if (ssr_crash && ssr_crash->dump_info) { 632 free_ssr_dump_info(ssr_crash); 633 ssr_event_ack = SSR_EVENT_NACK; 634 break; 635 } 636 637 set_dbc_state(qdev, hdr->dbc_id, DBC_STATE_AFTER_POWER_UP); 638 break; 639 default: 640 break; 641 } 642 643 event_rsp = kmalloc(sizeof(*event_rsp), GFP_KERNEL); 644 if (!event_rsp) 645 break; 646 647 event_rsp->hdr.cmd = cpu_to_le32(SSR_EVENT_RSP); 648 event_rsp->hdr.len = cpu_to_le32(sizeof(*event_rsp)); 649 event_rsp->hdr.dbc_id = cpu_to_le32(hdr->dbc_id); 650 event_rsp->event = cpu_to_le32(ssr_event_ack); 651 652 ret = mhi_queue_buf(qdev->ssr_ch, DMA_TO_DEVICE, event_rsp, sizeof(*event_rsp), 653 MHI_EOT); 654 if (ret) 655 kfree(event_rsp); 656 657 if (event->event == AFTER_POWER_UP && ssr_event_ack != SSR_EVENT_NACK) { 658 qaic_dbc_exit_ssr(qdev); 659 set_dbc_state(qdev, hdr->dbc_id, DBC_STATE_IDLE); 660 } 661 662 break; 663 case DEBUG_TRANSFER_DONE_RSP: 664 dbg_xfer_done_rsp(qdev, dbc, (struct ssr_debug_transfer_done_rsp *)hdr); 665 break; 666 default: 667 break; 668 } 669 670 out: 671 ret = mhi_queue_buf(qdev->ssr_ch, DMA_FROM_DEVICE, resp->data, SSR_RESP_MSG_SZ, MHI_EOT); 672 if (ret) 673 kfree(resp); 674 } 675 676 static int qaic_ssr_mhi_probe(struct mhi_device *mhi_dev, const struct mhi_device_id *id) 677 { 678 struct qaic_device *qdev = pci_get_drvdata(to_pci_dev(mhi_dev->mhi_cntrl->cntrl_dev)); 679 struct ssr_resp *resp; 680 int ret; 681 682 ret = mhi_prepare_for_transfer(mhi_dev); 683 if (ret) 684 return ret; 685 686 resp = kzalloc(sizeof(*resp) + SSR_RESP_MSG_SZ, GFP_KERNEL); 687 if (!resp) { 688 mhi_unprepare_from_transfer(mhi_dev); 689 return -ENOMEM; 690 } 691 692 resp->qdev = qdev; 693 INIT_WORK(&resp->work, ssr_worker); 694 695 ret = mhi_queue_buf(mhi_dev, DMA_FROM_DEVICE, resp->data, SSR_RESP_MSG_SZ, MHI_EOT); 696 if (ret) { 697 kfree(resp); 698 mhi_unprepare_from_transfer(mhi_dev); 699 return ret; 700 } 701 702 dev_set_drvdata(&mhi_dev->dev, qdev); 703 qdev->ssr_ch = mhi_dev; 704 705 return 0; 706 } 707 708 static void qaic_ssr_mhi_remove(struct mhi_device *mhi_dev) 709 { 710 struct qaic_device *qdev; 711 712 qdev = dev_get_drvdata(&mhi_dev->dev); 713 mhi_unprepare_from_transfer(qdev->ssr_ch); 714 qdev->ssr_ch = NULL; 715 } 716 717 static void qaic_ssr_mhi_ul_xfer_cb(struct mhi_device *mhi_dev, struct mhi_result *mhi_result) 718 { 719 struct qaic_device *qdev = dev_get_drvdata(&mhi_dev->dev); 720 struct ssr_crashdump *ssr_crash = qdev->ssr_mhi_buf; 721 struct _ssr_hdr *hdr = mhi_result->buf_addr; 722 struct ssr_dump_info *dump_info; 723 724 if (mhi_result->transaction_status) { 725 kfree(mhi_result->buf_addr); 726 return; 727 } 728 729 /* 730 * MEMORY READ is used to download crashdump. And crashdump is 731 * downloaded chunk by chunk in a series of MEMORY READ SSR commands. 732 * Hence to avoid too many kmalloc() and kfree() of the same MEMORY READ 733 * request buffer, we allocate only one such buffer and free it only 734 * once. 735 */ 736 if (le32_to_cpu(hdr->cmd) == MEMORY_READ) { 737 dump_info = ssr_crash->dump_info; 738 if (dump_info) { 739 dump_info->read_buf_req_queued = false; 740 return; 741 } 742 } 743 744 kfree(mhi_result->buf_addr); 745 } 746 747 static void qaic_ssr_mhi_dl_xfer_cb(struct mhi_device *mhi_dev, struct mhi_result *mhi_result) 748 { 749 struct ssr_resp *resp = container_of(mhi_result->buf_addr, struct ssr_resp, data); 750 struct qaic_device *qdev = dev_get_drvdata(&mhi_dev->dev); 751 struct ssr_crashdump *ssr_crash = qdev->ssr_mhi_buf; 752 bool memory_read_rsp = false; 753 754 if (ssr_crash && ssr_crash->data == mhi_result->buf_addr) 755 memory_read_rsp = true; 756 757 if (mhi_result->transaction_status) { 758 /* Do not free SSR crashdump buffer as it allocated via managed APIs */ 759 if (!memory_read_rsp) 760 kfree(resp); 761 return; 762 } 763 764 if (memory_read_rsp) 765 queue_work(qdev->ssr_wq, &ssr_crash->work); 766 else 767 queue_work(qdev->ssr_wq, &resp->work); 768 } 769 770 static const struct mhi_device_id qaic_ssr_mhi_match_table[] = { 771 { .chan = "QAIC_SSR", }, 772 {}, 773 }; 774 775 static struct mhi_driver qaic_ssr_mhi_driver = { 776 .id_table = qaic_ssr_mhi_match_table, 777 .remove = qaic_ssr_mhi_remove, 778 .probe = qaic_ssr_mhi_probe, 779 .ul_xfer_cb = qaic_ssr_mhi_ul_xfer_cb, 780 .dl_xfer_cb = qaic_ssr_mhi_dl_xfer_cb, 781 .driver = { 782 .name = "qaic_ssr", 783 }, 784 }; 785 786 int qaic_ssr_init(struct qaic_device *qdev, struct drm_device *drm) 787 { 788 struct ssr_crashdump *ssr_crash; 789 790 qdev->ssr_dbc = QAIC_SSR_DBC_SENTINEL; 791 792 /* 793 * Device requests only one SSR at a time. So allocating only one 794 * buffer to download crashdump is good enough. 795 */ 796 ssr_crash = drmm_kzalloc(drm, SSR_MHI_BUF_SIZE, GFP_KERNEL); 797 if (!ssr_crash) 798 return -ENOMEM; 799 800 ssr_crash->qdev = qdev; 801 INIT_WORK(&ssr_crash->work, ssr_dump_worker); 802 qdev->ssr_mhi_buf = ssr_crash; 803 804 return 0; 805 } 806 807 int qaic_ssr_register(void) 808 { 809 return mhi_driver_register(&qaic_ssr_mhi_driver); 810 } 811 812 void qaic_ssr_unregister(void) 813 { 814 mhi_driver_unregister(&qaic_ssr_mhi_driver); 815 } 816