xref: /linux/drivers/soc/qcom/smem.c (revision b9b77222d4ff6b5bb8f5d87fca20de0910618bb9)
1 /*
2  * Copyright (c) 2015, Sony Mobile Communications AB.
3  * Copyright (c) 2012-2013, The Linux Foundation. All rights reserved.
4  *
5  * This program is free software; you can redistribute it and/or modify
6  * it under the terms of the GNU General Public License version 2 and
7  * only version 2 as published by the Free Software Foundation.
8  *
9  * This program is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12  * GNU General Public License for more details.
13  */
14 
15 #include <linux/hwspinlock.h>
16 #include <linux/io.h>
17 #include <linux/module.h>
18 #include <linux/of.h>
19 #include <linux/of_address.h>
20 #include <linux/platform_device.h>
21 #include <linux/slab.h>
22 #include <linux/soc/qcom/smem.h>
23 
24 /*
25  * The Qualcomm shared memory system is a allocate only heap structure that
26  * consists of one of more memory areas that can be accessed by the processors
27  * in the SoC.
28  *
29  * All systems contains a global heap, accessible by all processors in the SoC,
30  * with a table of contents data structure (@smem_header) at the beginning of
31  * the main shared memory block.
32  *
33  * The global header contains meta data for allocations as well as a fixed list
34  * of 512 entries (@smem_global_entry) that can be initialized to reference
35  * parts of the shared memory space.
36  *
37  *
38  * In addition to this global heap a set of "private" heaps can be set up at
39  * boot time with access restrictions so that only certain processor pairs can
40  * access the data.
41  *
42  * These partitions are referenced from an optional partition table
43  * (@smem_ptable), that is found 4kB from the end of the main smem region. The
44  * partition table entries (@smem_ptable_entry) lists the involved processors
45  * (or hosts) and their location in the main shared memory region.
46  *
47  * Each partition starts with a header (@smem_partition_header) that identifies
48  * the partition and holds properties for the two internal memory regions. The
49  * two regions are cached and non-cached memory respectively. Each region
50  * contain a link list of allocation headers (@smem_private_entry) followed by
51  * their data.
52  *
53  * Items in the non-cached region are allocated from the start of the partition
54  * while items in the cached region are allocated from the end. The free area
55  * is hence the region between the cached and non-cached offsets. The header of
56  * cached items comes after the data.
57  *
58  * Version 12 (SMEM_GLOBAL_PART_VERSION) changes the item alloc/get procedure
59  * for the global heap. A new global partition is created from the global heap
60  * region with partition type (SMEM_GLOBAL_HOST) and the max smem item count is
61  * set by the bootloader.
62  *
63  * To synchronize allocations in the shared memory heaps a remote spinlock must
64  * be held - currently lock number 3 of the sfpb or tcsr is used for this on all
65  * platforms.
66  *
67  */
68 
69 /*
70  * The version member of the smem header contains an array of versions for the
71  * various software components in the SoC. We verify that the boot loader
72  * version is a valid version as a sanity check.
73  */
74 #define SMEM_MASTER_SBL_VERSION_INDEX	7
75 #define SMEM_GLOBAL_HEAP_VERSION	11
76 #define SMEM_GLOBAL_PART_VERSION	12
77 
78 /*
79  * The first 8 items are only to be allocated by the boot loader while
80  * initializing the heap.
81  */
82 #define SMEM_ITEM_LAST_FIXED	8
83 
84 /* Highest accepted item number, for both global and private heaps */
85 #define SMEM_ITEM_COUNT		512
86 
87 /* Processor/host identifier for the application processor */
88 #define SMEM_HOST_APPS		0
89 
90 /* Processor/host identifier for the global partition */
91 #define SMEM_GLOBAL_HOST	0xfffe
92 
93 /* Max number of processors/hosts in a system */
94 #define SMEM_HOST_COUNT		10
95 
96 /**
97   * struct smem_proc_comm - proc_comm communication struct (legacy)
98   * @command:	current command to be executed
99   * @status:	status of the currently requested command
100   * @params:	parameters to the command
101   */
102 struct smem_proc_comm {
103 	__le32 command;
104 	__le32 status;
105 	__le32 params[2];
106 };
107 
108 /**
109  * struct smem_global_entry - entry to reference smem items on the heap
110  * @allocated:	boolean to indicate if this entry is used
111  * @offset:	offset to the allocated space
112  * @size:	size of the allocated space, 8 byte aligned
113  * @aux_base:	base address for the memory region used by this unit, or 0 for
114  *		the default region. bits 0,1 are reserved
115  */
116 struct smem_global_entry {
117 	__le32 allocated;
118 	__le32 offset;
119 	__le32 size;
120 	__le32 aux_base; /* bits 1:0 reserved */
121 };
122 #define AUX_BASE_MASK		0xfffffffc
123 
124 /**
125  * struct smem_header - header found in beginning of primary smem region
126  * @proc_comm:		proc_comm communication interface (legacy)
127  * @version:		array of versions for the various subsystems
128  * @initialized:	boolean to indicate that smem is initialized
129  * @free_offset:	index of the first unallocated byte in smem
130  * @available:		number of bytes available for allocation
131  * @reserved:		reserved field, must be 0
132  * toc:			array of references to items
133  */
134 struct smem_header {
135 	struct smem_proc_comm proc_comm[4];
136 	__le32 version[32];
137 	__le32 initialized;
138 	__le32 free_offset;
139 	__le32 available;
140 	__le32 reserved;
141 	struct smem_global_entry toc[SMEM_ITEM_COUNT];
142 };
143 
144 /**
145  * struct smem_ptable_entry - one entry in the @smem_ptable list
146  * @offset:	offset, within the main shared memory region, of the partition
147  * @size:	size of the partition
148  * @flags:	flags for the partition (currently unused)
149  * @host0:	first processor/host with access to this partition
150  * @host1:	second processor/host with access to this partition
151  * @cacheline:	alignment for "cached" entries
152  * @reserved:	reserved entries for later use
153  */
154 struct smem_ptable_entry {
155 	__le32 offset;
156 	__le32 size;
157 	__le32 flags;
158 	__le16 host0;
159 	__le16 host1;
160 	__le32 cacheline;
161 	__le32 reserved[7];
162 };
163 
164 /**
165  * struct smem_ptable - partition table for the private partitions
166  * @magic:	magic number, must be SMEM_PTABLE_MAGIC
167  * @version:	version of the partition table
168  * @num_entries: number of partitions in the table
169  * @reserved:	for now reserved entries
170  * @entry:	list of @smem_ptable_entry for the @num_entries partitions
171  */
172 struct smem_ptable {
173 	u8 magic[4];
174 	__le32 version;
175 	__le32 num_entries;
176 	__le32 reserved[5];
177 	struct smem_ptable_entry entry[];
178 };
179 
180 static const u8 SMEM_PTABLE_MAGIC[] = { 0x24, 0x54, 0x4f, 0x43 }; /* "$TOC" */
181 
182 /**
183  * struct smem_partition_header - header of the partitions
184  * @magic:	magic number, must be SMEM_PART_MAGIC
185  * @host0:	first processor/host with access to this partition
186  * @host1:	second processor/host with access to this partition
187  * @size:	size of the partition
188  * @offset_free_uncached: offset to the first free byte of uncached memory in
189  *		this partition
190  * @offset_free_cached: offset to the first free byte of cached memory in this
191  *		partition
192  * @reserved:	for now reserved entries
193  */
194 struct smem_partition_header {
195 	u8 magic[4];
196 	__le16 host0;
197 	__le16 host1;
198 	__le32 size;
199 	__le32 offset_free_uncached;
200 	__le32 offset_free_cached;
201 	__le32 reserved[3];
202 };
203 
204 static const u8 SMEM_PART_MAGIC[] = { 0x24, 0x50, 0x52, 0x54 };
205 
206 /**
207  * struct smem_private_entry - header of each item in the private partition
208  * @canary:	magic number, must be SMEM_PRIVATE_CANARY
209  * @item:	identifying number of the smem item
210  * @size:	size of the data, including padding bytes
211  * @padding_data: number of bytes of padding of data
212  * @padding_hdr: number of bytes of padding between the header and the data
213  * @reserved:	for now reserved entry
214  */
215 struct smem_private_entry {
216 	u16 canary; /* bytes are the same so no swapping needed */
217 	__le16 item;
218 	__le32 size; /* includes padding bytes */
219 	__le16 padding_data;
220 	__le16 padding_hdr;
221 	__le32 reserved;
222 };
223 #define SMEM_PRIVATE_CANARY	0xa5a5
224 
225 /**
226  * struct smem_info - smem region info located after the table of contents
227  * @magic:	magic number, must be SMEM_INFO_MAGIC
228  * @size:	size of the smem region
229  * @base_addr:	base address of the smem region
230  * @reserved:	for now reserved entry
231  * @num_items:	highest accepted item number
232  */
233 struct smem_info {
234 	u8 magic[4];
235 	__le32 size;
236 	__le32 base_addr;
237 	__le32 reserved;
238 	__le16 num_items;
239 };
240 
241 static const u8 SMEM_INFO_MAGIC[] = { 0x53, 0x49, 0x49, 0x49 }; /* SIII */
242 
243 /**
244  * struct smem_region - representation of a chunk of memory used for smem
245  * @aux_base:	identifier of aux_mem base
246  * @virt_base:	virtual base address of memory with this aux_mem identifier
247  * @size:	size of the memory region
248  */
249 struct smem_region {
250 	u32 aux_base;
251 	void __iomem *virt_base;
252 	size_t size;
253 };
254 
255 /**
256  * struct qcom_smem - device data for the smem device
257  * @dev:	device pointer
258  * @hwlock:	reference to a hwspinlock
259  * @global_partition:	pointer to global partition when in use
260  * @global_cacheline:	cacheline size for global partition
261  * @partitions:	list of pointers to partitions affecting the current
262  *		processor/host
263  * @cacheline:	list of cacheline sizes for each host
264  * @item_count: max accepted item number
265  * @num_regions: number of @regions
266  * @regions:	list of the memory regions defining the shared memory
267  */
268 struct qcom_smem {
269 	struct device *dev;
270 
271 	struct hwspinlock *hwlock;
272 
273 	struct smem_partition_header *global_partition;
274 	size_t global_cacheline;
275 	struct smem_partition_header *partitions[SMEM_HOST_COUNT];
276 	size_t cacheline[SMEM_HOST_COUNT];
277 	u32 item_count;
278 
279 	unsigned num_regions;
280 	struct smem_region regions[0];
281 };
282 
283 static void *
284 phdr_to_last_uncached_entry(struct smem_partition_header *phdr)
285 {
286 	void *p = phdr;
287 
288 	return p + le32_to_cpu(phdr->offset_free_uncached);
289 }
290 
291 static struct smem_private_entry *
292 phdr_to_first_cached_entry(struct smem_partition_header *phdr,
293 					size_t cacheline)
294 {
295 	void *p = phdr;
296 	struct smem_private_entry *e;
297 
298 	return p + le32_to_cpu(phdr->size) - ALIGN(sizeof(*e), cacheline);
299 }
300 
301 static void *
302 phdr_to_last_cached_entry(struct smem_partition_header *phdr)
303 {
304 	void *p = phdr;
305 
306 	return p + le32_to_cpu(phdr->offset_free_cached);
307 }
308 
309 static struct smem_private_entry *
310 phdr_to_first_uncached_entry(struct smem_partition_header *phdr)
311 {
312 	void *p = phdr;
313 
314 	return p + sizeof(*phdr);
315 }
316 
317 static struct smem_private_entry *
318 uncached_entry_next(struct smem_private_entry *e)
319 {
320 	void *p = e;
321 
322 	return p + sizeof(*e) + le16_to_cpu(e->padding_hdr) +
323 	       le32_to_cpu(e->size);
324 }
325 
326 static struct smem_private_entry *
327 cached_entry_next(struct smem_private_entry *e, size_t cacheline)
328 {
329 	void *p = e;
330 
331 	return p - le32_to_cpu(e->size) - ALIGN(sizeof(*e), cacheline);
332 }
333 
334 static void *uncached_entry_to_item(struct smem_private_entry *e)
335 {
336 	void *p = e;
337 
338 	return p + sizeof(*e) + le16_to_cpu(e->padding_hdr);
339 }
340 
341 static void *cached_entry_to_item(struct smem_private_entry *e)
342 {
343 	void *p = e;
344 
345 	return p - le32_to_cpu(e->size);
346 }
347 
348 /* Pointer to the one and only smem handle */
349 static struct qcom_smem *__smem;
350 
351 /* Timeout (ms) for the trylock of remote spinlocks */
352 #define HWSPINLOCK_TIMEOUT	1000
353 
354 static int qcom_smem_alloc_private(struct qcom_smem *smem,
355 				   struct smem_partition_header *phdr,
356 				   unsigned item,
357 				   size_t size)
358 {
359 	struct smem_private_entry *hdr, *end;
360 	size_t alloc_size;
361 	void *cached;
362 
363 	hdr = phdr_to_first_uncached_entry(phdr);
364 	end = phdr_to_last_uncached_entry(phdr);
365 	cached = phdr_to_last_cached_entry(phdr);
366 
367 	if (smem->global_partition) {
368 		dev_err(smem->dev, "Already found the global partition\n");
369 		return -EINVAL;
370 	}
371 
372 	while (hdr < end) {
373 		if (hdr->canary != SMEM_PRIVATE_CANARY)
374 			goto bad_canary;
375 		if (le16_to_cpu(hdr->item) == item)
376 			return -EEXIST;
377 
378 		hdr = uncached_entry_next(hdr);
379 	}
380 
381 	/* Check that we don't grow into the cached region */
382 	alloc_size = sizeof(*hdr) + ALIGN(size, 8);
383 	if ((void *)hdr + alloc_size > cached) {
384 		dev_err(smem->dev, "Out of memory\n");
385 		return -ENOSPC;
386 	}
387 
388 	hdr->canary = SMEM_PRIVATE_CANARY;
389 	hdr->item = cpu_to_le16(item);
390 	hdr->size = cpu_to_le32(ALIGN(size, 8));
391 	hdr->padding_data = cpu_to_le16(le32_to_cpu(hdr->size) - size);
392 	hdr->padding_hdr = 0;
393 
394 	/*
395 	 * Ensure the header is written before we advance the free offset, so
396 	 * that remote processors that does not take the remote spinlock still
397 	 * gets a consistent view of the linked list.
398 	 */
399 	wmb();
400 	le32_add_cpu(&phdr->offset_free_uncached, alloc_size);
401 
402 	return 0;
403 bad_canary:
404 	dev_err(smem->dev, "Found invalid canary in hosts %hu:%hu partition\n",
405 		le16_to_cpu(phdr->host0), le16_to_cpu(phdr->host1));
406 
407 	return -EINVAL;
408 }
409 
410 static int qcom_smem_alloc_global(struct qcom_smem *smem,
411 				  unsigned item,
412 				  size_t size)
413 {
414 	struct smem_global_entry *entry;
415 	struct smem_header *header;
416 
417 	header = smem->regions[0].virt_base;
418 	entry = &header->toc[item];
419 	if (entry->allocated)
420 		return -EEXIST;
421 
422 	size = ALIGN(size, 8);
423 	if (WARN_ON(size > le32_to_cpu(header->available)))
424 		return -ENOMEM;
425 
426 	entry->offset = header->free_offset;
427 	entry->size = cpu_to_le32(size);
428 
429 	/*
430 	 * Ensure the header is consistent before we mark the item allocated,
431 	 * so that remote processors will get a consistent view of the item
432 	 * even though they do not take the spinlock on read.
433 	 */
434 	wmb();
435 	entry->allocated = cpu_to_le32(1);
436 
437 	le32_add_cpu(&header->free_offset, size);
438 	le32_add_cpu(&header->available, -size);
439 
440 	return 0;
441 }
442 
443 /**
444  * qcom_smem_alloc() - allocate space for a smem item
445  * @host:	remote processor id, or -1
446  * @item:	smem item handle
447  * @size:	number of bytes to be allocated
448  *
449  * Allocate space for a given smem item of size @size, given that the item is
450  * not yet allocated.
451  */
452 int qcom_smem_alloc(unsigned host, unsigned item, size_t size)
453 {
454 	struct smem_partition_header *phdr;
455 	unsigned long flags;
456 	int ret;
457 
458 	if (!__smem)
459 		return -EPROBE_DEFER;
460 
461 	if (item < SMEM_ITEM_LAST_FIXED) {
462 		dev_err(__smem->dev,
463 			"Rejecting allocation of static entry %d\n", item);
464 		return -EINVAL;
465 	}
466 
467 	if (WARN_ON(item >= __smem->item_count))
468 		return -EINVAL;
469 
470 	ret = hwspin_lock_timeout_irqsave(__smem->hwlock,
471 					  HWSPINLOCK_TIMEOUT,
472 					  &flags);
473 	if (ret)
474 		return ret;
475 
476 	if (host < SMEM_HOST_COUNT && __smem->partitions[host]) {
477 		phdr = __smem->partitions[host];
478 		ret = qcom_smem_alloc_private(__smem, phdr, item, size);
479 	} else if (__smem->global_partition) {
480 		phdr = __smem->global_partition;
481 		ret = qcom_smem_alloc_private(__smem, phdr, item, size);
482 	} else {
483 		ret = qcom_smem_alloc_global(__smem, item, size);
484 	}
485 
486 	hwspin_unlock_irqrestore(__smem->hwlock, &flags);
487 
488 	return ret;
489 }
490 EXPORT_SYMBOL(qcom_smem_alloc);
491 
492 static void *qcom_smem_get_global(struct qcom_smem *smem,
493 				  unsigned item,
494 				  size_t *size)
495 {
496 	struct smem_header *header;
497 	struct smem_region *area;
498 	struct smem_global_entry *entry;
499 	u32 aux_base;
500 	unsigned i;
501 
502 	header = smem->regions[0].virt_base;
503 	entry = &header->toc[item];
504 	if (!entry->allocated)
505 		return ERR_PTR(-ENXIO);
506 
507 	aux_base = le32_to_cpu(entry->aux_base) & AUX_BASE_MASK;
508 
509 	for (i = 0; i < smem->num_regions; i++) {
510 		area = &smem->regions[i];
511 
512 		if (area->aux_base == aux_base || !aux_base) {
513 			if (size != NULL)
514 				*size = le32_to_cpu(entry->size);
515 			return area->virt_base + le32_to_cpu(entry->offset);
516 		}
517 	}
518 
519 	return ERR_PTR(-ENOENT);
520 }
521 
522 static void *qcom_smem_get_private(struct qcom_smem *smem,
523 				   struct smem_partition_header *phdr,
524 				   size_t cacheline,
525 				   unsigned item,
526 				   size_t *size)
527 {
528 	struct smem_private_entry *e, *end;
529 
530 	e = phdr_to_first_uncached_entry(phdr);
531 	end = phdr_to_last_uncached_entry(phdr);
532 
533 	while (e < end) {
534 		if (e->canary != SMEM_PRIVATE_CANARY)
535 			goto invalid_canary;
536 
537 		if (le16_to_cpu(e->item) == item) {
538 			if (size != NULL)
539 				*size = le32_to_cpu(e->size) -
540 					le16_to_cpu(e->padding_data);
541 
542 			return uncached_entry_to_item(e);
543 		}
544 
545 		e = uncached_entry_next(e);
546 	}
547 
548 	/* Item was not found in the uncached list, search the cached list */
549 
550 	e = phdr_to_first_cached_entry(phdr, cacheline);
551 	end = phdr_to_last_cached_entry(phdr);
552 
553 	while (e > end) {
554 		if (e->canary != SMEM_PRIVATE_CANARY)
555 			goto invalid_canary;
556 
557 		if (le16_to_cpu(e->item) == item) {
558 			if (size != NULL)
559 				*size = le32_to_cpu(e->size) -
560 					le16_to_cpu(e->padding_data);
561 
562 			return cached_entry_to_item(e);
563 		}
564 
565 		e = cached_entry_next(e, cacheline);
566 	}
567 
568 	return ERR_PTR(-ENOENT);
569 
570 invalid_canary:
571 	dev_err(smem->dev, "Found invalid canary in hosts %hu:%hu partition\n",
572 			le16_to_cpu(phdr->host0), le16_to_cpu(phdr->host1));
573 
574 	return ERR_PTR(-EINVAL);
575 }
576 
577 /**
578  * qcom_smem_get() - resolve ptr of size of a smem item
579  * @host:	the remote processor, or -1
580  * @item:	smem item handle
581  * @size:	pointer to be filled out with size of the item
582  *
583  * Looks up smem item and returns pointer to it. Size of smem
584  * item is returned in @size.
585  */
586 void *qcom_smem_get(unsigned host, unsigned item, size_t *size)
587 {
588 	struct smem_partition_header *phdr;
589 	unsigned long flags;
590 	size_t cacheln;
591 	int ret;
592 	void *ptr = ERR_PTR(-EPROBE_DEFER);
593 
594 	if (!__smem)
595 		return ptr;
596 
597 	if (WARN_ON(item >= __smem->item_count))
598 		return ERR_PTR(-EINVAL);
599 
600 	ret = hwspin_lock_timeout_irqsave(__smem->hwlock,
601 					  HWSPINLOCK_TIMEOUT,
602 					  &flags);
603 	if (ret)
604 		return ERR_PTR(ret);
605 
606 	if (host < SMEM_HOST_COUNT && __smem->partitions[host]) {
607 		phdr = __smem->partitions[host];
608 		cacheln = __smem->cacheline[host];
609 		ptr = qcom_smem_get_private(__smem, phdr, cacheln, item, size);
610 	} else if (__smem->global_partition) {
611 		phdr = __smem->global_partition;
612 		cacheln = __smem->global_cacheline;
613 		ptr = qcom_smem_get_private(__smem, phdr, cacheln, item, size);
614 	} else {
615 		ptr = qcom_smem_get_global(__smem, item, size);
616 	}
617 
618 	hwspin_unlock_irqrestore(__smem->hwlock, &flags);
619 
620 	return ptr;
621 
622 }
623 EXPORT_SYMBOL(qcom_smem_get);
624 
625 /**
626  * qcom_smem_get_free_space() - retrieve amount of free space in a partition
627  * @host:	the remote processor identifying a partition, or -1
628  *
629  * To be used by smem clients as a quick way to determine if any new
630  * allocations has been made.
631  */
632 int qcom_smem_get_free_space(unsigned host)
633 {
634 	struct smem_partition_header *phdr;
635 	struct smem_header *header;
636 	unsigned ret;
637 
638 	if (!__smem)
639 		return -EPROBE_DEFER;
640 
641 	if (host < SMEM_HOST_COUNT && __smem->partitions[host]) {
642 		phdr = __smem->partitions[host];
643 		ret = le32_to_cpu(phdr->offset_free_cached) -
644 		      le32_to_cpu(phdr->offset_free_uncached);
645 	} else if (__smem->global_partition) {
646 		phdr = __smem->global_partition;
647 		ret = le32_to_cpu(phdr->offset_free_cached) -
648 		      le32_to_cpu(phdr->offset_free_uncached);
649 	} else {
650 		header = __smem->regions[0].virt_base;
651 		ret = le32_to_cpu(header->available);
652 	}
653 
654 	return ret;
655 }
656 EXPORT_SYMBOL(qcom_smem_get_free_space);
657 
658 /**
659  * qcom_smem_virt_to_phys() - return the physical address associated
660  * with an smem item pointer (previously returned by qcom_smem_get()
661  * @p:	the virtual address to convert
662  *
663  * Returns 0 if the pointer provided is not within any smem region.
664  */
665 phys_addr_t qcom_smem_virt_to_phys(void *p)
666 {
667 	unsigned i;
668 
669 	for (i = 0; i < __smem->num_regions; i++) {
670 		struct smem_region *region = &__smem->regions[i];
671 
672 		if (p < region->virt_base)
673 			continue;
674 		if (p < region->virt_base + region->size) {
675 			u64 offset = p - region->virt_base;
676 
677 			return (phys_addr_t)region->aux_base + offset;
678 		}
679 	}
680 
681 	return 0;
682 }
683 EXPORT_SYMBOL(qcom_smem_virt_to_phys);
684 
685 static int qcom_smem_get_sbl_version(struct qcom_smem *smem)
686 {
687 	struct smem_header *header;
688 	__le32 *versions;
689 
690 	header = smem->regions[0].virt_base;
691 	versions = header->version;
692 
693 	return le32_to_cpu(versions[SMEM_MASTER_SBL_VERSION_INDEX]);
694 }
695 
696 static struct smem_ptable *qcom_smem_get_ptable(struct qcom_smem *smem)
697 {
698 	struct smem_ptable *ptable;
699 	u32 version;
700 
701 	ptable = smem->regions[0].virt_base + smem->regions[0].size - SZ_4K;
702 	if (memcmp(ptable->magic, SMEM_PTABLE_MAGIC, sizeof(ptable->magic)))
703 		return ERR_PTR(-ENOENT);
704 
705 	version = le32_to_cpu(ptable->version);
706 	if (version != 1) {
707 		dev_err(smem->dev,
708 			"Unsupported partition header version %d\n", version);
709 		return ERR_PTR(-EINVAL);
710 	}
711 	return ptable;
712 }
713 
714 static u32 qcom_smem_get_item_count(struct qcom_smem *smem)
715 {
716 	struct smem_ptable *ptable;
717 	struct smem_info *info;
718 
719 	ptable = qcom_smem_get_ptable(smem);
720 	if (IS_ERR_OR_NULL(ptable))
721 		return SMEM_ITEM_COUNT;
722 
723 	info = (struct smem_info *)&ptable->entry[ptable->num_entries];
724 	if (memcmp(info->magic, SMEM_INFO_MAGIC, sizeof(info->magic)))
725 		return SMEM_ITEM_COUNT;
726 
727 	return le16_to_cpu(info->num_items);
728 }
729 
730 static int qcom_smem_set_global_partition(struct qcom_smem *smem)
731 {
732 	struct smem_partition_header *header;
733 	struct smem_ptable_entry *entry;
734 	struct smem_ptable *ptable;
735 	u32 host0, host1, size;
736 	bool found = false;
737 	int i;
738 
739 	ptable = qcom_smem_get_ptable(smem);
740 	if (IS_ERR(ptable))
741 		return PTR_ERR(ptable);
742 
743 	for (i = 0; i < le32_to_cpu(ptable->num_entries); i++) {
744 		entry = &ptable->entry[i];
745 		host0 = le16_to_cpu(entry->host0);
746 		host1 = le16_to_cpu(entry->host1);
747 
748 		if (host0 == SMEM_GLOBAL_HOST && host0 == host1) {
749 			found = true;
750 			break;
751 		}
752 	}
753 
754 	if (!found) {
755 		dev_err(smem->dev, "Missing entry for global partition\n");
756 		return -EINVAL;
757 	}
758 
759 	if (!le32_to_cpu(entry->offset) || !le32_to_cpu(entry->size)) {
760 		dev_err(smem->dev, "Invalid entry for global partition\n");
761 		return -EINVAL;
762 	}
763 
764 	header = smem->regions[0].virt_base + le32_to_cpu(entry->offset);
765 	host0 = le16_to_cpu(header->host0);
766 	host1 = le16_to_cpu(header->host1);
767 
768 	if (memcmp(header->magic, SMEM_PART_MAGIC, sizeof(header->magic))) {
769 		dev_err(smem->dev, "Global partition has invalid magic\n");
770 		return -EINVAL;
771 	}
772 
773 	if (host0 != SMEM_GLOBAL_HOST && host1 != SMEM_GLOBAL_HOST) {
774 		dev_err(smem->dev, "Global partition hosts are invalid\n");
775 		return -EINVAL;
776 	}
777 
778 	if (le32_to_cpu(header->size) != le32_to_cpu(entry->size)) {
779 		dev_err(smem->dev, "Global partition has invalid size\n");
780 		return -EINVAL;
781 	}
782 
783 	size = le32_to_cpu(header->offset_free_uncached);
784 	if (size > le32_to_cpu(header->size)) {
785 		dev_err(smem->dev,
786 			"Global partition has invalid free pointer\n");
787 		return -EINVAL;
788 	}
789 
790 	smem->global_partition = header;
791 	smem->global_cacheline = le32_to_cpu(entry->cacheline);
792 
793 	return 0;
794 }
795 
796 static int qcom_smem_enumerate_partitions(struct qcom_smem *smem,
797 					  unsigned int local_host)
798 {
799 	struct smem_partition_header *header;
800 	struct smem_ptable_entry *entry;
801 	struct smem_ptable *ptable;
802 	unsigned int remote_host;
803 	u32 host0, host1;
804 	int i;
805 
806 	ptable = qcom_smem_get_ptable(smem);
807 	if (IS_ERR(ptable))
808 		return PTR_ERR(ptable);
809 
810 	for (i = 0; i < le32_to_cpu(ptable->num_entries); i++) {
811 		entry = &ptable->entry[i];
812 		host0 = le16_to_cpu(entry->host0);
813 		host1 = le16_to_cpu(entry->host1);
814 
815 		if (host0 != local_host && host1 != local_host)
816 			continue;
817 
818 		if (!le32_to_cpu(entry->offset))
819 			continue;
820 
821 		if (!le32_to_cpu(entry->size))
822 			continue;
823 
824 		if (host0 == local_host)
825 			remote_host = host1;
826 		else
827 			remote_host = host0;
828 
829 		if (remote_host >= SMEM_HOST_COUNT) {
830 			dev_err(smem->dev,
831 				"Invalid remote host %d\n",
832 				remote_host);
833 			return -EINVAL;
834 		}
835 
836 		if (smem->partitions[remote_host]) {
837 			dev_err(smem->dev,
838 				"Already found a partition for host %d\n",
839 				remote_host);
840 			return -EINVAL;
841 		}
842 
843 		header = smem->regions[0].virt_base + le32_to_cpu(entry->offset);
844 		host0 = le16_to_cpu(header->host0);
845 		host1 = le16_to_cpu(header->host1);
846 
847 		if (memcmp(header->magic, SMEM_PART_MAGIC,
848 			    sizeof(header->magic))) {
849 			dev_err(smem->dev,
850 				"Partition %d has invalid magic\n", i);
851 			return -EINVAL;
852 		}
853 
854 		if (host0 != local_host && host1 != local_host) {
855 			dev_err(smem->dev,
856 				"Partition %d hosts are invalid\n", i);
857 			return -EINVAL;
858 		}
859 
860 		if (host0 != remote_host && host1 != remote_host) {
861 			dev_err(smem->dev,
862 				"Partition %d hosts are invalid\n", i);
863 			return -EINVAL;
864 		}
865 
866 		if (le32_to_cpu(header->size) != le32_to_cpu(entry->size)) {
867 			dev_err(smem->dev,
868 				"Partition %d has invalid size\n", i);
869 			return -EINVAL;
870 		}
871 
872 		if (le32_to_cpu(header->offset_free_uncached) > le32_to_cpu(header->size)) {
873 			dev_err(smem->dev,
874 				"Partition %d has invalid free pointer\n", i);
875 			return -EINVAL;
876 		}
877 
878 		smem->partitions[remote_host] = header;
879 		smem->cacheline[remote_host] = le32_to_cpu(entry->cacheline);
880 	}
881 
882 	return 0;
883 }
884 
885 static int qcom_smem_map_memory(struct qcom_smem *smem, struct device *dev,
886 				const char *name, int i)
887 {
888 	struct device_node *np;
889 	struct resource r;
890 	int ret;
891 
892 	np = of_parse_phandle(dev->of_node, name, 0);
893 	if (!np) {
894 		dev_err(dev, "No %s specified\n", name);
895 		return -EINVAL;
896 	}
897 
898 	ret = of_address_to_resource(np, 0, &r);
899 	of_node_put(np);
900 	if (ret)
901 		return ret;
902 
903 	smem->regions[i].aux_base = (u32)r.start;
904 	smem->regions[i].size = resource_size(&r);
905 	smem->regions[i].virt_base = devm_ioremap_wc(dev, r.start, resource_size(&r));
906 	if (!smem->regions[i].virt_base)
907 		return -ENOMEM;
908 
909 	return 0;
910 }
911 
912 static int qcom_smem_probe(struct platform_device *pdev)
913 {
914 	struct smem_header *header;
915 	struct qcom_smem *smem;
916 	size_t array_size;
917 	int num_regions;
918 	int hwlock_id;
919 	u32 version;
920 	int ret;
921 
922 	num_regions = 1;
923 	if (of_find_property(pdev->dev.of_node, "qcom,rpm-msg-ram", NULL))
924 		num_regions++;
925 
926 	array_size = num_regions * sizeof(struct smem_region);
927 	smem = devm_kzalloc(&pdev->dev, sizeof(*smem) + array_size, GFP_KERNEL);
928 	if (!smem)
929 		return -ENOMEM;
930 
931 	smem->dev = &pdev->dev;
932 	smem->num_regions = num_regions;
933 
934 	ret = qcom_smem_map_memory(smem, &pdev->dev, "memory-region", 0);
935 	if (ret)
936 		return ret;
937 
938 	if (num_regions > 1 && (ret = qcom_smem_map_memory(smem, &pdev->dev,
939 					"qcom,rpm-msg-ram", 1)))
940 		return ret;
941 
942 	header = smem->regions[0].virt_base;
943 	if (le32_to_cpu(header->initialized) != 1 ||
944 	    le32_to_cpu(header->reserved)) {
945 		dev_err(&pdev->dev, "SMEM is not initialized by SBL\n");
946 		return -EINVAL;
947 	}
948 
949 	version = qcom_smem_get_sbl_version(smem);
950 	switch (version >> 16) {
951 	case SMEM_GLOBAL_PART_VERSION:
952 		ret = qcom_smem_set_global_partition(smem);
953 		if (ret < 0)
954 			return ret;
955 		smem->item_count = qcom_smem_get_item_count(smem);
956 		break;
957 	case SMEM_GLOBAL_HEAP_VERSION:
958 		smem->item_count = SMEM_ITEM_COUNT;
959 		break;
960 	default:
961 		dev_err(&pdev->dev, "Unsupported SMEM version 0x%x\n", version);
962 		return -EINVAL;
963 	}
964 
965 	ret = qcom_smem_enumerate_partitions(smem, SMEM_HOST_APPS);
966 	if (ret < 0 && ret != -ENOENT)
967 		return ret;
968 
969 	hwlock_id = of_hwspin_lock_get_id(pdev->dev.of_node, 0);
970 	if (hwlock_id < 0) {
971 		if (hwlock_id != -EPROBE_DEFER)
972 			dev_err(&pdev->dev, "failed to retrieve hwlock\n");
973 		return hwlock_id;
974 	}
975 
976 	smem->hwlock = hwspin_lock_request_specific(hwlock_id);
977 	if (!smem->hwlock)
978 		return -ENXIO;
979 
980 	__smem = smem;
981 
982 	return 0;
983 }
984 
985 static int qcom_smem_remove(struct platform_device *pdev)
986 {
987 	hwspin_lock_free(__smem->hwlock);
988 	__smem = NULL;
989 
990 	return 0;
991 }
992 
993 static const struct of_device_id qcom_smem_of_match[] = {
994 	{ .compatible = "qcom,smem" },
995 	{}
996 };
997 MODULE_DEVICE_TABLE(of, qcom_smem_of_match);
998 
999 static struct platform_driver qcom_smem_driver = {
1000 	.probe = qcom_smem_probe,
1001 	.remove = qcom_smem_remove,
1002 	.driver  = {
1003 		.name = "qcom-smem",
1004 		.of_match_table = qcom_smem_of_match,
1005 		.suppress_bind_attrs = true,
1006 	},
1007 };
1008 
1009 static int __init qcom_smem_init(void)
1010 {
1011 	return platform_driver_register(&qcom_smem_driver);
1012 }
1013 arch_initcall(qcom_smem_init);
1014 
1015 static void __exit qcom_smem_exit(void)
1016 {
1017 	platform_driver_unregister(&qcom_smem_driver);
1018 }
1019 module_exit(qcom_smem_exit)
1020 
1021 MODULE_AUTHOR("Bjorn Andersson <bjorn.andersson@sonymobile.com>");
1022 MODULE_DESCRIPTION("Qualcomm Shared Memory Manager");
1023 MODULE_LICENSE("GPL v2");
1024