1 // SPDX-License-Identifier: GPL-2.0 2 3 //! Devres abstraction 4 //! 5 //! [`Devres`] represents an abstraction for the kernel devres (device resource management) 6 //! implementation. 7 8 use crate::{ 9 alloc::Flags, 10 bindings, 11 device::{Bound, Device}, 12 error::{to_result, Error, Result}, 13 ffi::c_void, 14 prelude::*, 15 revocable::{Revocable, RevocableGuard}, 16 sync::{rcu, Arc, Completion}, 17 types::{ARef, ForeignOwnable}, 18 }; 19 20 #[pin_data] 21 struct DevresInner<T: Send> { 22 dev: ARef<Device>, 23 callback: unsafe extern "C" fn(*mut c_void), 24 #[pin] 25 data: Revocable<T>, 26 #[pin] 27 revoke: Completion, 28 } 29 30 /// This abstraction is meant to be used by subsystems to containerize [`Device`] bound resources to 31 /// manage their lifetime. 32 /// 33 /// [`Device`] bound resources should be freed when either the resource goes out of scope or the 34 /// [`Device`] is unbound respectively, depending on what happens first. In any case, it is always 35 /// guaranteed that revoking the device resource is completed before the corresponding [`Device`] 36 /// is unbound. 37 /// 38 /// To achieve that [`Devres`] registers a devres callback on creation, which is called once the 39 /// [`Device`] is unbound, revoking access to the encapsulated resource (see also [`Revocable`]). 40 /// 41 /// After the [`Devres`] has been unbound it is not possible to access the encapsulated resource 42 /// anymore. 43 /// 44 /// [`Devres`] users should make sure to simply free the corresponding backing resource in `T`'s 45 /// [`Drop`] implementation. 46 /// 47 /// # Example 48 /// 49 /// ```no_run 50 /// # use kernel::{bindings, c_str, device::{Bound, Device}, devres::Devres, io::{Io, IoRaw}}; 51 /// # use core::ops::Deref; 52 /// 53 /// // See also [`pci::Bar`] for a real example. 54 /// struct IoMem<const SIZE: usize>(IoRaw<SIZE>); 55 /// 56 /// impl<const SIZE: usize> IoMem<SIZE> { 57 /// /// # Safety 58 /// /// 59 /// /// [`paddr`, `paddr` + `SIZE`) must be a valid MMIO region that is mappable into the CPUs 60 /// /// virtual address space. 61 /// unsafe fn new(paddr: usize) -> Result<Self>{ 62 /// // SAFETY: By the safety requirements of this function [`paddr`, `paddr` + `SIZE`) is 63 /// // valid for `ioremap`. 64 /// let addr = unsafe { bindings::ioremap(paddr as _, SIZE as _) }; 65 /// if addr.is_null() { 66 /// return Err(ENOMEM); 67 /// } 68 /// 69 /// Ok(IoMem(IoRaw::new(addr as _, SIZE)?)) 70 /// } 71 /// } 72 /// 73 /// impl<const SIZE: usize> Drop for IoMem<SIZE> { 74 /// fn drop(&mut self) { 75 /// // SAFETY: `self.0.addr()` is guaranteed to be properly mapped by `Self::new`. 76 /// unsafe { bindings::iounmap(self.0.addr() as _); }; 77 /// } 78 /// } 79 /// 80 /// impl<const SIZE: usize> Deref for IoMem<SIZE> { 81 /// type Target = Io<SIZE>; 82 /// 83 /// fn deref(&self) -> &Self::Target { 84 /// // SAFETY: The memory range stored in `self` has been properly mapped in `Self::new`. 85 /// unsafe { Io::from_raw(&self.0) } 86 /// } 87 /// } 88 /// # fn no_run(dev: &Device<Bound>) -> Result<(), Error> { 89 /// // SAFETY: Invalid usage for example purposes. 90 /// let iomem = unsafe { IoMem::<{ core::mem::size_of::<u32>() }>::new(0xBAAAAAAD)? }; 91 /// let devres = Devres::new(dev, iomem, GFP_KERNEL)?; 92 /// 93 /// let res = devres.try_access().ok_or(ENXIO)?; 94 /// res.write8(0x42, 0x0); 95 /// # Ok(()) 96 /// # } 97 /// ``` 98 pub struct Devres<T: Send>(Arc<DevresInner<T>>); 99 100 impl<T: Send> DevresInner<T> { 101 fn new(dev: &Device<Bound>, data: T, flags: Flags) -> Result<Arc<DevresInner<T>>> { 102 let inner = Arc::pin_init( 103 try_pin_init!( DevresInner { 104 dev: dev.into(), 105 callback: Self::devres_callback, 106 data <- Revocable::new(data), 107 revoke <- Completion::new(), 108 }), 109 flags, 110 )?; 111 112 // Convert `Arc<DevresInner>` into a raw pointer and make devres own this reference until 113 // `Self::devres_callback` is called. 114 let data = inner.clone().into_raw(); 115 116 // SAFETY: `devm_add_action` guarantees to call `Self::devres_callback` once `dev` is 117 // detached. 118 let ret = 119 unsafe { bindings::devm_add_action(dev.as_raw(), Some(inner.callback), data as _) }; 120 121 if ret != 0 { 122 // SAFETY: We just created another reference to `inner` in order to pass it to 123 // `bindings::devm_add_action`. If `bindings::devm_add_action` fails, we have to drop 124 // this reference accordingly. 125 let _ = unsafe { Arc::from_raw(data) }; 126 return Err(Error::from_errno(ret)); 127 } 128 129 Ok(inner) 130 } 131 132 fn as_ptr(&self) -> *const Self { 133 self as _ 134 } 135 136 fn remove_action(this: &Arc<Self>) -> bool { 137 // SAFETY: 138 // - `self.inner.dev` is a valid `Device`, 139 // - the `action` and `data` pointers are the exact same ones as given to devm_add_action() 140 // previously, 141 // - `self` is always valid, even if the action has been released already. 142 let success = unsafe { 143 bindings::devm_remove_action_nowarn( 144 this.dev.as_raw(), 145 Some(this.callback), 146 this.as_ptr() as _, 147 ) 148 } == 0; 149 150 if success { 151 // SAFETY: We leaked an `Arc` reference to devm_add_action() in `DevresInner::new`; if 152 // devm_remove_action_nowarn() was successful we can (and have to) claim back ownership 153 // of this reference. 154 let _ = unsafe { Arc::from_raw(this.as_ptr()) }; 155 } 156 157 success 158 } 159 160 #[allow(clippy::missing_safety_doc)] 161 unsafe extern "C" fn devres_callback(ptr: *mut kernel::ffi::c_void) { 162 let ptr = ptr as *mut DevresInner<T>; 163 // Devres owned this memory; now that we received the callback, drop the `Arc` and hence the 164 // reference. 165 // SAFETY: Safe, since we leaked an `Arc` reference to devm_add_action() in 166 // `DevresInner::new`. 167 let inner = unsafe { Arc::from_raw(ptr) }; 168 169 if !inner.data.revoke() { 170 // If `revoke()` returns false, it means that `Devres::drop` already started revoking 171 // `inner.data` for us. Hence we have to wait until `Devres::drop()` signals that it 172 // completed revoking `inner.data`. 173 inner.revoke.wait_for_completion(); 174 } 175 } 176 } 177 178 impl<T: Send> Devres<T> { 179 /// Creates a new [`Devres`] instance of the given `data`. The `data` encapsulated within the 180 /// returned `Devres` instance' `data` will be revoked once the device is detached. 181 pub fn new(dev: &Device<Bound>, data: T, flags: Flags) -> Result<Self> { 182 let inner = DevresInner::new(dev, data, flags)?; 183 184 Ok(Devres(inner)) 185 } 186 187 /// Obtain `&'a T`, bypassing the [`Revocable`]. 188 /// 189 /// This method allows to directly obtain a `&'a T`, bypassing the [`Revocable`], by presenting 190 /// a `&'a Device<Bound>` of the same [`Device`] this [`Devres`] instance has been created with. 191 /// 192 /// # Errors 193 /// 194 /// An error is returned if `dev` does not match the same [`Device`] this [`Devres`] instance 195 /// has been created with. 196 /// 197 /// # Example 198 /// 199 /// ```no_run 200 /// # #![cfg(CONFIG_PCI)] 201 /// # use kernel::{device::Core, devres::Devres, pci}; 202 /// 203 /// fn from_core(dev: &pci::Device<Core>, devres: Devres<pci::Bar<0x4>>) -> Result { 204 /// let bar = devres.access(dev.as_ref())?; 205 /// 206 /// let _ = bar.read32(0x0); 207 /// 208 /// // might_sleep() 209 /// 210 /// bar.write32(0x42, 0x0); 211 /// 212 /// Ok(()) 213 /// } 214 /// ``` 215 pub fn access<'a>(&'a self, dev: &'a Device<Bound>) -> Result<&'a T> { 216 if self.0.dev.as_raw() != dev.as_raw() { 217 return Err(EINVAL); 218 } 219 220 // SAFETY: `dev` being the same device as the device this `Devres` has been created for 221 // proves that `self.0.data` hasn't been revoked and is guaranteed to not be revoked as 222 // long as `dev` lives; `dev` lives at least as long as `self`. 223 Ok(unsafe { self.0.data.access() }) 224 } 225 226 /// [`Devres`] accessor for [`Revocable::try_access`]. 227 pub fn try_access(&self) -> Option<RevocableGuard<'_, T>> { 228 self.0.data.try_access() 229 } 230 231 /// [`Devres`] accessor for [`Revocable::try_access_with`]. 232 pub fn try_access_with<R, F: FnOnce(&T) -> R>(&self, f: F) -> Option<R> { 233 self.0.data.try_access_with(f) 234 } 235 236 /// [`Devres`] accessor for [`Revocable::try_access_with_guard`]. 237 pub fn try_access_with_guard<'a>(&'a self, guard: &'a rcu::Guard) -> Option<&'a T> { 238 self.0.data.try_access_with_guard(guard) 239 } 240 } 241 242 impl<T: Send> Drop for Devres<T> { 243 fn drop(&mut self) { 244 // SAFETY: When `drop` runs, it is guaranteed that nobody is accessing the revocable data 245 // anymore, hence it is safe not to wait for the grace period to finish. 246 if unsafe { self.0.data.revoke_nosync() } { 247 // We revoked `self.0.data` before the devres action did, hence try to remove it. 248 if !DevresInner::remove_action(&self.0) { 249 // We could not remove the devres action, which means that it now runs concurrently, 250 // hence signal that `self.0.data` has been revoked successfully. 251 self.0.revoke.complete_all(); 252 } 253 } 254 } 255 } 256 257 /// Consume `data` and [`Drop::drop`] `data` once `dev` is unbound. 258 fn register_foreign<P>(dev: &Device<Bound>, data: P) -> Result 259 where 260 P: ForeignOwnable + Send + 'static, 261 { 262 let ptr = data.into_foreign(); 263 264 #[allow(clippy::missing_safety_doc)] 265 unsafe extern "C" fn callback<P: ForeignOwnable>(ptr: *mut kernel::ffi::c_void) { 266 // SAFETY: `ptr` is the pointer to the `ForeignOwnable` leaked above and hence valid. 267 drop(unsafe { P::from_foreign(ptr.cast()) }); 268 } 269 270 // SAFETY: 271 // - `dev.as_raw()` is a pointer to a valid and bound device. 272 // - `ptr` is a valid pointer the `ForeignOwnable` devres takes ownership of. 273 to_result(unsafe { 274 // `devm_add_action_or_reset()` also calls `callback` on failure, such that the 275 // `ForeignOwnable` is released eventually. 276 bindings::devm_add_action_or_reset(dev.as_raw(), Some(callback::<P>), ptr.cast()) 277 }) 278 } 279 280 /// Encapsulate `data` in a [`KBox`] and [`Drop::drop`] `data` once `dev` is unbound. 281 /// 282 /// # Examples 283 /// 284 /// ```no_run 285 /// use kernel::{device::{Bound, Device}, devres}; 286 /// 287 /// /// Registration of e.g. a class device, IRQ, etc. 288 /// struct Registration; 289 /// 290 /// impl Registration { 291 /// fn new() -> Self { 292 /// // register 293 /// 294 /// Self 295 /// } 296 /// } 297 /// 298 /// impl Drop for Registration { 299 /// fn drop(&mut self) { 300 /// // unregister 301 /// } 302 /// } 303 /// 304 /// fn from_bound_context(dev: &Device<Bound>) -> Result { 305 /// devres::register(dev, Registration::new(), GFP_KERNEL) 306 /// } 307 /// ``` 308 pub fn register<T, E>(dev: &Device<Bound>, data: impl PinInit<T, E>, flags: Flags) -> Result 309 where 310 T: Send + 'static, 311 Error: From<E>, 312 { 313 let data = KBox::pin_init(data, flags)?; 314 315 register_foreign(dev, data) 316 } 317