1 // SPDX-License-Identifier: GPL-2.0 2 3 //! Abstractions for the auxiliary bus. 4 //! 5 //! C header: [`include/linux/auxiliary_bus.h`](srctree/include/linux/auxiliary_bus.h) 6 7 use crate::{ 8 bindings, 9 container_of, 10 device, 11 device_id::{ 12 RawDeviceId, 13 RawDeviceIdIndex, // 14 }, 15 16 driver, 17 error::{ 18 from_result, 19 to_result, // 20 }, 21 prelude::*, 22 types::{ 23 ForLt, 24 ForeignOwnable, 25 Opaque, // 26 }, 27 ThisModule, // 28 }; 29 use core::{ 30 any::TypeId, 31 marker::PhantomData, 32 mem::offset_of, 33 pin::Pin, 34 ptr::{ 35 addr_of_mut, 36 NonNull, // 37 }, 38 }; 39 40 /// An adapter for the registration of auxiliary drivers. 41 pub struct Adapter<T: Driver>(T); 42 43 // SAFETY: 44 // - `bindings::auxiliary_driver` is a C type declared as `repr(C)`. 45 // - `T::Data` is the type of the driver's device private data. 46 // - `struct auxiliary_driver` embeds a `struct device_driver`. 47 // - `DEVICE_DRIVER_OFFSET` is the correct byte offset to the embedded `struct device_driver`. 48 unsafe impl<T: Driver> driver::DriverLayout for Adapter<T> { 49 type DriverType = bindings::auxiliary_driver; 50 type DriverData<'bound> = T::Data<'bound>; 51 const DEVICE_DRIVER_OFFSET: usize = core::mem::offset_of!(Self::DriverType, driver); 52 } 53 54 // SAFETY: A call to `unregister` for a given instance of `DriverType` is guaranteed to be valid if 55 // a preceding call to `register` has been successful. 56 unsafe impl<T: Driver> driver::RegistrationOps for Adapter<T> { 57 unsafe fn register( 58 adrv: &Opaque<Self::DriverType>, 59 name: &'static CStr, 60 module: &'static ThisModule, 61 ) -> Result { 62 // SAFETY: It's safe to set the fields of `struct auxiliary_driver` on initialization. 63 unsafe { 64 (*adrv.get()).name = name.as_char_ptr(); 65 (*adrv.get()).probe = Some(Self::probe_callback); 66 (*adrv.get()).remove = Some(Self::remove_callback); 67 (*adrv.get()).id_table = T::ID_TABLE.as_ptr(); 68 } 69 70 // SAFETY: `adrv` is guaranteed to be a valid `DriverType`. 71 to_result(unsafe { 72 bindings::__auxiliary_driver_register(adrv.get(), module.0, name.as_char_ptr()) 73 }) 74 } 75 76 unsafe fn unregister(adrv: &Opaque<Self::DriverType>) { 77 // SAFETY: `adrv` is guaranteed to be a valid `DriverType`. 78 unsafe { bindings::auxiliary_driver_unregister(adrv.get()) } 79 } 80 } 81 82 impl<T: Driver> Adapter<T> { 83 extern "C" fn probe_callback( 84 adev: *mut bindings::auxiliary_device, 85 id: *const bindings::auxiliary_device_id, 86 ) -> c_int { 87 // SAFETY: The auxiliary bus only ever calls the probe callback with a valid pointer to a 88 // `struct auxiliary_device`. 89 // 90 // INVARIANT: `adev` is valid for the duration of `probe_callback()`. 91 let adev = unsafe { &*adev.cast::<Device<device::CoreInternal<'_>>>() }; 92 93 // SAFETY: `DeviceId` is a `#[repr(transparent)`] wrapper of `struct auxiliary_device_id` 94 // and does not add additional invariants, so it's safe to transmute. 95 let id = unsafe { &*id.cast::<DeviceId>() }; 96 let info = T::ID_TABLE.info(id.index()); 97 98 from_result(|| { 99 let data = T::probe(adev, info); 100 101 adev.as_ref().set_drvdata(data)?; 102 Ok(0) 103 }) 104 } 105 106 extern "C" fn remove_callback(adev: *mut bindings::auxiliary_device) { 107 // SAFETY: The auxiliary bus only ever calls the probe callback with a valid pointer to a 108 // `struct auxiliary_device`. 109 // 110 // INVARIANT: `adev` is valid for the duration of `remove_callback()`. 111 let adev = unsafe { &*adev.cast::<Device<device::CoreInternal<'_>>>() }; 112 113 // SAFETY: `remove_callback` is only ever called after a successful call to 114 // `probe_callback`, hence it's guaranteed that `Device::set_drvdata()` has been called 115 // and stored a `Pin<KBox<T::Data<'_>>>`. 116 let data = unsafe { adev.as_ref().drvdata_borrow::<T::Data<'_>>() }; 117 118 T::unbind(adev, data); 119 } 120 } 121 122 /// Declares a kernel module that exposes a single auxiliary driver. 123 #[macro_export] 124 macro_rules! module_auxiliary_driver { 125 ($($f:tt)*) => { 126 $crate::module_driver!(<T>, $crate::auxiliary::Adapter<T>, { $($f)* }); 127 }; 128 } 129 130 /// Abstraction for `bindings::auxiliary_device_id`. 131 #[repr(transparent)] 132 #[derive(Clone, Copy)] 133 pub struct DeviceId(bindings::auxiliary_device_id); 134 135 impl DeviceId { 136 /// Create a new [`DeviceId`] from name. 137 pub const fn new(modname: &'static CStr, name: &'static CStr) -> Self { 138 let name = name.to_bytes_with_nul(); 139 let modname = modname.to_bytes_with_nul(); 140 141 let mut id: bindings::auxiliary_device_id = pin_init::zeroed(); 142 let mut i = 0; 143 while i < modname.len() { 144 id.name[i] = modname[i]; 145 i += 1; 146 } 147 148 // Reuse the space of the NULL terminator. 149 id.name[i - 1] = b'.'; 150 151 let mut j = 0; 152 while j < name.len() { 153 id.name[i] = name[j]; 154 i += 1; 155 j += 1; 156 } 157 158 Self(id) 159 } 160 } 161 162 // SAFETY: `DeviceId` is a `#[repr(transparent)]` wrapper of `auxiliary_device_id` and does not add 163 // additional invariants, so it's safe to transmute to `RawType`. 164 unsafe impl RawDeviceId for DeviceId { 165 type RawType = bindings::auxiliary_device_id; 166 } 167 168 // SAFETY: `DRIVER_DATA_OFFSET` is the offset to the `driver_data` field. 169 unsafe impl RawDeviceIdIndex for DeviceId { 170 const DRIVER_DATA_OFFSET: usize = 171 core::mem::offset_of!(bindings::auxiliary_device_id, driver_data); 172 173 fn index(&self) -> usize { 174 self.0.driver_data 175 } 176 } 177 178 /// IdTable type for auxiliary drivers. 179 pub type IdTable<T> = &'static dyn kernel::device_id::IdTable<DeviceId, T>; 180 181 /// Create a auxiliary `IdTable` with its alias for modpost. 182 #[macro_export] 183 macro_rules! auxiliary_device_table { 184 ($table_name:ident, $module_table_name:ident, $id_info_type: ty, $table_data: expr) => { 185 const $table_name: $crate::device_id::IdArray< 186 $crate::auxiliary::DeviceId, 187 $id_info_type, 188 { $table_data.len() }, 189 > = $crate::device_id::IdArray::new($table_data); 190 191 $crate::module_device_table!("auxiliary", $module_table_name, $table_name); 192 }; 193 } 194 195 /// The auxiliary driver trait. 196 /// 197 /// Drivers must implement this trait in order to get an auxiliary driver registered. 198 pub trait Driver { 199 /// The type holding information about each device id supported by the driver. 200 /// 201 /// TODO: Use associated_type_defaults once stabilized: 202 /// 203 /// type IdInfo: 'static = (); 204 type IdInfo: 'static; 205 206 /// The type of the driver's bus device private data. 207 type Data<'bound>: Send + 'bound; 208 209 /// The table of device ids supported by the driver. 210 const ID_TABLE: IdTable<Self::IdInfo>; 211 212 /// Auxiliary driver probe. 213 /// 214 /// Called when an auxiliary device is matches a corresponding driver. 215 fn probe<'bound>( 216 dev: &'bound Device<device::Core<'_>>, 217 id_info: &'bound Self::IdInfo, 218 ) -> impl PinInit<Self::Data<'bound>, Error> + 'bound; 219 220 /// Auxiliary driver unbind. 221 /// 222 /// Called when a [`Device`] is unbound from its bound [`Driver`]. Implementing this callback 223 /// is optional. 224 /// 225 /// This callback serves as a place for drivers to perform teardown operations that require a 226 /// `&Device<Core>` or `&Device<Bound>` reference. For instance, drivers may try to perform I/O 227 /// operations to gracefully tear down the device. 228 /// 229 /// Otherwise, release operations for driver resources should be performed in `Drop`. 230 fn unbind<'bound>(dev: &'bound Device<device::Core<'_>>, this: Pin<&Self::Data<'bound>>) { 231 let _ = (dev, this); 232 } 233 } 234 235 /// The auxiliary device representation. 236 /// 237 /// This structure represents the Rust abstraction for a C `struct auxiliary_device`. The 238 /// implementation abstracts the usage of an already existing C `struct auxiliary_device` within 239 /// Rust code that we get passed from the C side. 240 /// 241 /// # Invariants 242 /// 243 /// A [`Device`] instance represents a valid `struct auxiliary_device` created by the C portion of 244 /// the kernel. 245 #[repr(transparent)] 246 pub struct Device<Ctx: device::DeviceContext = device::Normal>( 247 Opaque<bindings::auxiliary_device>, 248 PhantomData<Ctx>, 249 ); 250 251 impl<Ctx: device::DeviceContext> Device<Ctx> { 252 fn as_raw(&self) -> *mut bindings::auxiliary_device { 253 self.0.get() 254 } 255 256 /// Returns the auxiliary device' id. 257 pub fn id(&self) -> u32 { 258 // SAFETY: By the type invariant `self.as_raw()` is a valid pointer to a 259 // `struct auxiliary_device`. 260 unsafe { (*self.as_raw()).id } 261 } 262 } 263 264 impl Device<device::Bound> { 265 /// Returns a bound reference to the parent [`device::Device`]. 266 pub fn parent(&self) -> &device::Device<device::Bound> { 267 let parent = (**self).parent(); 268 269 // SAFETY: A bound auxiliary device always has a bound parent device. 270 unsafe { parent.as_bound() } 271 } 272 273 /// Returns a pinned reference to the registration data set by the registering (parent) driver. 274 /// 275 /// `F` is the [`ForLt`](trait@ForLt) encoding of the data type. The returned 276 /// reference has its lifetime shortened from `'static` to `&self`'s borrow lifetime via 277 /// [`ForLt::cast_ref`]. 278 /// 279 /// Returns [`EINVAL`] if `F` does not match the type used by the parent driver when calling 280 /// [`Registration::new()`]. 281 /// 282 /// Returns [`ENOENT`] if no registration data has been set, e.g. when the device was 283 /// registered by a C driver. 284 pub fn registration_data<F: ForLt + 'static>(&self) -> Result<Pin<&F::Of<'_>>> { 285 // SAFETY: By the type invariant, `self.as_raw()` is a valid `struct auxiliary_device`. 286 let ptr = unsafe { (*self.as_raw()).registration_data_rust }; 287 if ptr.is_null() { 288 dev_warn!( 289 self.as_ref(), 290 "No registration data set; parent is not a Rust driver.\n" 291 ); 292 return Err(ENOENT); 293 } 294 295 // SAFETY: `ptr` is non-null and was set via `into_foreign()` in `Registration::new()`; 296 // `RegistrationData` is `#[repr(C)]` with `type_id` at offset 0, so reading a `TypeId` 297 // at the start of the allocation is valid regardless of `F`. 298 let type_id = unsafe { ptr.cast::<TypeId>().read() }; 299 if type_id != TypeId::of::<F>() { 300 return Err(EINVAL); 301 } 302 303 // SAFETY: The `TypeId` check above confirms that the stored type matches 304 // `F::Of<'static>`; `ptr` remains valid until `Registration::drop()` calls 305 // `from_foreign()`. 306 let wrapper = unsafe { Pin::<KBox<RegistrationData<F::Of<'static>>>>::borrow(ptr) }; 307 308 // SAFETY: `data` is a structurally pinned field of `RegistrationData`. 309 let pinned: Pin<&F::Of<'_>> = unsafe { wrapper.map_unchecked(|w| &w.data) }; 310 311 // SAFETY: The data was pinned when stored; `cast_ref` only shortens 312 // the lifetime, so the pinning guarantee is preserved. 313 Ok(unsafe { Pin::new_unchecked(F::cast_ref(pinned.get_ref())) }) 314 } 315 } 316 317 impl Device { 318 /// Returns a reference to the parent [`device::Device`]. 319 pub fn parent(&self) -> &device::Device { 320 // SAFETY: A `struct auxiliary_device` always has a parent. 321 unsafe { self.as_ref().parent().unwrap_unchecked() } 322 } 323 324 extern "C" fn release(dev: *mut bindings::device) { 325 // SAFETY: By the type invariant `self.0.as_raw` is a pointer to the `struct device` 326 // embedded in `struct auxiliary_device`. 327 let adev = unsafe { container_of!(dev, bindings::auxiliary_device, dev) }; 328 329 // SAFETY: `adev` points to the memory that has been allocated in `Registration::new`, via 330 // `KBox::new(Opaque::<bindings::auxiliary_device>::zeroed(), GFP_KERNEL)`. 331 let _ = unsafe { KBox::<Opaque<bindings::auxiliary_device>>::from_raw(adev.cast()) }; 332 } 333 } 334 335 // SAFETY: `auxiliary::Device` is a transparent wrapper of `struct auxiliary_device`. 336 // The offset is guaranteed to point to a valid device field inside `auxiliary::Device`. 337 unsafe impl<Ctx: device::DeviceContext> device::AsBusDevice<Ctx> for Device<Ctx> { 338 const OFFSET: usize = offset_of!(bindings::auxiliary_device, dev); 339 } 340 341 // SAFETY: `Device` is a transparent wrapper of a type that doesn't depend on `Device`'s generic 342 // argument. 343 kernel::impl_device_context_deref!(unsafe { Device }); 344 kernel::impl_device_context_into_aref!(Device); 345 346 // SAFETY: Instances of `Device` are always reference-counted. 347 unsafe impl crate::sync::aref::AlwaysRefCounted for Device { 348 fn inc_ref(&self) { 349 // SAFETY: The existence of a shared reference guarantees that the refcount is non-zero. 350 unsafe { bindings::get_device(self.as_ref().as_raw()) }; 351 } 352 353 unsafe fn dec_ref(obj: NonNull<Self>) { 354 // CAST: `Self` a transparent wrapper of `bindings::auxiliary_device`. 355 let adev: *mut bindings::auxiliary_device = obj.cast().as_ptr(); 356 357 // SAFETY: By the type invariant of `Self`, `adev` is a pointer to a valid 358 // `struct auxiliary_device`. 359 let dev = unsafe { addr_of_mut!((*adev).dev) }; 360 361 // SAFETY: The safety requirements guarantee that the refcount is non-zero. 362 unsafe { bindings::put_device(dev) } 363 } 364 } 365 366 impl<Ctx: device::DeviceContext> AsRef<device::Device<Ctx>> for Device<Ctx> { 367 fn as_ref(&self) -> &device::Device<Ctx> { 368 // SAFETY: By the type invariant of `Self`, `self.as_raw()` is a pointer to a valid 369 // `struct auxiliary_device`. 370 let dev = unsafe { addr_of_mut!((*self.as_raw()).dev) }; 371 372 // SAFETY: `dev` points to a valid `struct device`. 373 unsafe { device::Device::from_raw(dev) } 374 } 375 } 376 377 // SAFETY: A `Device` is always reference-counted and can be released from any thread. 378 unsafe impl Send for Device {} 379 380 // SAFETY: `Device` can be shared among threads because all methods of `Device` 381 // (i.e. `Device<Normal>) are thread safe. 382 unsafe impl Sync for Device {} 383 384 // SAFETY: Same as `Device<Normal>` -- the underlying `struct auxiliary_device` is the same; 385 // `Bound` is a zero-sized type-state marker that does not affect thread safety. 386 unsafe impl Sync for Device<device::Bound> {} 387 388 /// Wrapper that stores a [`TypeId`] alongside the registration data for runtime type checking. 389 #[repr(C)] 390 #[pin_data] 391 struct RegistrationData<T> { 392 type_id: TypeId, 393 #[pin] 394 data: T, 395 } 396 397 /// The registration of an auxiliary device. 398 /// 399 /// This type represents the registration of a [`struct auxiliary_device`]. When its parent device 400 /// is unbound, the corresponding auxiliary device will be unregistered from the system. 401 /// 402 /// The type parameter `F` is a [`ForLt`](trait@ForLt) encoding of the registration 403 /// data type. For non-lifetime-parameterized types, use [`ForLt!(T)`](macro@ForLt). 404 /// The data can be accessed by the auxiliary driver through [`Device::registration_data()`]. 405 /// 406 /// # Invariants 407 /// 408 /// `self.adev` always holds a valid pointer to an initialized and registered 409 /// [`struct auxiliary_device`] whose `registration_data_rust` field points to a 410 /// valid `Pin<KBox<RegistrationData<F::Of<'static>>>>`. 411 pub struct Registration<'a, F: ForLt + 'static> { 412 adev: NonNull<bindings::auxiliary_device>, 413 _phantom: PhantomData<F::Of<'a>>, 414 } 415 416 impl<'a, F: ForLt> Registration<'a, F> 417 where 418 for<'b> F::Of<'b>: Send + Sync, 419 { 420 /// Create and register a new auxiliary device with the given registration data. 421 /// 422 /// The `data` is owned by the registration and can be accessed through the auxiliary device 423 /// via [`Device::registration_data()`]. 424 /// 425 /// # Safety 426 /// 427 /// The caller must not `mem::forget()` the returned [`Registration`] or otherwise prevent its 428 /// [`Drop`] implementation from running, since the registration data may contain borrowed 429 /// references that become invalid after `'a` ends. 430 /// 431 /// If the registration data is `'static`, use the safe [`Registration::new()`] instead. 432 pub unsafe fn new_with_lt<E>( 433 parent: &'a device::Device<device::Bound>, 434 name: &CStr, 435 id: u32, 436 modname: &CStr, 437 data: impl PinInit<F::Of<'a>, E>, 438 ) -> Result<Self> 439 where 440 Error: From<E>, 441 { 442 let data = KBox::pin_init::<Error>( 443 try_pin_init!(RegistrationData { 444 type_id: TypeId::of::<F>(), 445 data <- data, 446 }), 447 GFP_KERNEL, 448 )?; 449 450 // SAFETY: `'a` is invariant (via `Registration`'s `PhantomData`). Lifetimes do not 451 // affect layout, so RegistrationData<F::Of<'a>> and RegistrationData<F::Of<'static>> 452 // have identical representation. 453 let data: Pin<KBox<RegistrationData<F::Of<'static>>>> = 454 unsafe { core::mem::transmute(data) }; 455 456 let boxed: KBox<Opaque<bindings::auxiliary_device>> = KBox::zeroed(GFP_KERNEL)?; 457 let adev = boxed.get(); 458 459 // SAFETY: It's safe to set the fields of `struct auxiliary_device` on initialization. 460 unsafe { 461 (*adev).dev.parent = parent.as_raw(); 462 (*adev).dev.release = Some(Device::release); 463 (*adev).name = name.as_char_ptr(); 464 (*adev).id = id; 465 (*adev).registration_data_rust = data.into_foreign(); 466 } 467 468 // SAFETY: `adev` is guaranteed to be a valid pointer to a `struct auxiliary_device`, 469 // which has not been initialized yet. 470 unsafe { bindings::auxiliary_device_init(adev) }; 471 472 // Now that `adev` is initialized, leak the `Box`; the corresponding memory will be 473 // freed by `Device::release` when the last reference to the `struct auxiliary_device` 474 // is dropped. 475 let _ = KBox::into_raw(boxed); 476 477 // SAFETY: 478 // - `adev` is guaranteed to be a valid pointer to a `struct auxiliary_device`, which 479 // has been initialized, 480 // - `modname.as_char_ptr()` is a NULL terminated string. 481 let ret = unsafe { bindings::__auxiliary_device_add(adev, modname.as_char_ptr()) }; 482 if ret != 0 { 483 // SAFETY: `registration_data` was set above via `into_foreign()`. 484 drop(unsafe { 485 Pin::<KBox<RegistrationData<F::Of<'static>>>>::from_foreign( 486 (*adev).registration_data_rust, 487 ) 488 }); 489 490 // SAFETY: `adev` is guaranteed to be a valid pointer to a 491 // `struct auxiliary_device`, which has been initialized. 492 unsafe { bindings::auxiliary_device_uninit(adev) }; 493 494 return Err(Error::from_errno(ret)); 495 } 496 497 // INVARIANT: The device will remain registered until `auxiliary_device_delete()` is 498 // called, which happens in `Self::drop()`. 499 Ok(Self { 500 // SAFETY: `adev` is guaranteed to be non-null, since the `KBox` was allocated 501 // successfully. 502 adev: unsafe { NonNull::new_unchecked(adev) }, 503 _phantom: PhantomData, 504 }) 505 } 506 507 /// Create and register a new auxiliary device with `'static` registration data. 508 /// 509 /// Safe variant of [`Registration::new_with_lt()`] for registration data that does not contain 510 /// borrowed references. 511 pub fn new<E>( 512 parent: &'a device::Device<device::Bound>, 513 name: &CStr, 514 id: u32, 515 modname: &CStr, 516 data: impl PinInit<F::Of<'a>, E>, 517 ) -> Result<Self> 518 where 519 F::Of<'a>: 'static, 520 Error: From<E>, 521 { 522 // SAFETY: `F::Of<'a>: 'static` guarantees the data contains no borrowed references, 523 // so forgetting the `Registration` cannot cause use-after-free. 524 unsafe { Self::new_with_lt(parent, name, id, modname, data) } 525 } 526 } 527 528 impl<F: ForLt> Drop for Registration<'_, F> { 529 fn drop(&mut self) { 530 // SAFETY: By the type invariant of `Self`, `self.adev.as_ptr()` is a valid registered 531 // `struct auxiliary_device`. 532 unsafe { bindings::auxiliary_device_delete(self.adev.as_ptr()) }; 533 534 // SAFETY: `registration_data` was set in `new()` via `into_foreign()`. 535 drop(unsafe { 536 Pin::<KBox<RegistrationData<F::Of<'static>>>>::from_foreign( 537 (*self.adev.as_ptr()).registration_data_rust, 538 ) 539 }); 540 541 // This drops the reference we acquired through `auxiliary_device_init()`. 542 // 543 // SAFETY: By the type invariant of `Self`, `self.adev.as_ptr()` is a valid registered 544 // `struct auxiliary_device`. 545 unsafe { bindings::auxiliary_device_uninit(self.adev.as_ptr()) }; 546 } 547 } 548 549 // SAFETY: A `Registration` of a `struct auxiliary_device` can be released from any thread. 550 unsafe impl<F: ForLt> Send for Registration<'_, F> where for<'a> F::Of<'a>: Send {} 551 552 // SAFETY: `Registration` does not expose any methods or fields that need synchronization. 553 unsafe impl<F: ForLt> Sync for Registration<'_, F> where for<'a> F::Of<'a>: Send {} 554