1 /*******************************************************************************
2     AudioScience HPI driver
3     Common Linux HPI ioctl and module probe/remove functions
4 
5     Copyright (C) 1997-2014  AudioScience Inc. <support@audioscience.com>
6 
7     This program is free software; you can redistribute it and/or modify
8     it under the terms of version 2 of the GNU General Public License as
9     published by the Free Software Foundation;
10 
11     This program is distributed in the hope that it will be useful,
12     but WITHOUT ANY WARRANTY; without even the implied warranty of
13     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14     GNU General Public License for more details.
15 
16 *******************************************************************************/
17 #define SOURCEFILE_NAME "hpioctl.c"
18 
19 #include "hpi_internal.h"
20 #include "hpi_version.h"
21 #include "hpimsginit.h"
22 #include "hpidebug.h"
23 #include "hpimsgx.h"
24 #include "hpioctl.h"
25 #include "hpicmn.h"
26 
27 #include <linux/fs.h>
28 #include <linux/interrupt.h>
29 #include <linux/slab.h>
30 #include <linux/moduleparam.h>
31 #include <linux/uaccess.h>
32 #include <linux/pci.h>
33 #include <linux/stringify.h>
34 #include <linux/module.h>
35 #include <linux/vmalloc.h>
36 #include <linux/nospec.h>
37 
38 #ifdef MODULE_FIRMWARE
39 MODULE_FIRMWARE("asihpi/dsp5000.bin");
40 MODULE_FIRMWARE("asihpi/dsp6200.bin");
41 MODULE_FIRMWARE("asihpi/dsp6205.bin");
42 MODULE_FIRMWARE("asihpi/dsp6400.bin");
43 MODULE_FIRMWARE("asihpi/dsp6600.bin");
44 MODULE_FIRMWARE("asihpi/dsp8700.bin");
45 MODULE_FIRMWARE("asihpi/dsp8900.bin");
46 #endif
47 
48 static int prealloc_stream_buf;
49 module_param(prealloc_stream_buf, int, 0444);
50 MODULE_PARM_DESC(prealloc_stream_buf,
51 	"Preallocate size for per-adapter stream buffer");
52 
53 /* Allow the debug level to be changed after module load.
54  E.g.   echo 2 > /sys/module/asihpi/parameters/hpiDebugLevel
55 */
56 module_param(hpi_debug_level, int, 0644);
57 MODULE_PARM_DESC(hpi_debug_level, "debug verbosity 0..5");
58 
59 /* List of adapters found */
60 static struct hpi_adapter adapters[HPI_MAX_ADAPTERS];
61 
62 /* Wrapper function to HPI_Message to enable dumping of the
63    message and response types.
64 */
hpi_send_recv_f(struct hpi_message * phm,struct hpi_response * phr,struct file * file)65 static void hpi_send_recv_f(struct hpi_message *phm, struct hpi_response *phr,
66 	struct file *file)
67 {
68 	if ((phm->adapter_index >= HPI_MAX_ADAPTERS)
69 		&& (phm->object != HPI_OBJ_SUBSYSTEM))
70 		phr->error = HPI_ERROR_INVALID_OBJ_INDEX;
71 	else
72 		hpi_send_recv_ex(phm, phr, file);
73 }
74 
75 /* This is called from hpifunc.c functions, called by ALSA
76  * (or other kernel process) In this case there is no file descriptor
77  * available for the message cache code
78  */
hpi_send_recv(struct hpi_message * phm,struct hpi_response * phr)79 void hpi_send_recv(struct hpi_message *phm, struct hpi_response *phr)
80 {
81 	hpi_send_recv_f(phm, phr, HOWNER_KERNEL);
82 }
83 
84 EXPORT_SYMBOL(hpi_send_recv);
85 /* for radio-asihpi */
86 
asihpi_hpi_release(struct file * file)87 int asihpi_hpi_release(struct file *file)
88 {
89 	struct hpi_message hm;
90 	struct hpi_response hr;
91 
92 /* HPI_DEBUG_LOG(INFO,"hpi_release file %p, pid %d\n", file, current->pid); */
93 	/* close the subsystem just in case the application forgot to. */
94 	hpi_init_message_response(&hm, &hr, HPI_OBJ_SUBSYSTEM,
95 		HPI_SUBSYS_CLOSE);
96 	hpi_send_recv_ex(&hm, &hr, file);
97 	return 0;
98 }
99 
asihpi_hpi_ioctl(struct file * file,unsigned int cmd,unsigned long arg)100 long asihpi_hpi_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
101 {
102 	struct hpi_ioctl_linux __user *phpi_ioctl_data;
103 	void __user *puhm;
104 	void __user *puhr;
105 	union hpi_message_buffer_v1 *hm;
106 	union hpi_response_buffer_v1 *hr;
107 	u16 msg_size;
108 	u16 res_max_size;
109 	u32 uncopied_bytes;
110 	int err = 0;
111 
112 	if (cmd != HPI_IOCTL_LINUX)
113 		return -EINVAL;
114 
115 	hm = kmalloc(sizeof(*hm), GFP_KERNEL);
116 	hr = kzalloc(sizeof(*hr), GFP_KERNEL);
117 	if (!hm || !hr) {
118 		err = -ENOMEM;
119 		goto out;
120 	}
121 
122 	phpi_ioctl_data = (struct hpi_ioctl_linux __user *)arg;
123 
124 	/* Read the message and response pointers from user space.  */
125 	if (get_user(puhm, &phpi_ioctl_data->phm)
126 		|| get_user(puhr, &phpi_ioctl_data->phr)) {
127 		err = -EFAULT;
128 		goto out;
129 	}
130 
131 	/* Now read the message size and data from user space.  */
132 	if (get_user(msg_size, (u16 __user *)puhm)) {
133 		err = -EFAULT;
134 		goto out;
135 	}
136 	if (msg_size > sizeof(*hm))
137 		msg_size = sizeof(*hm);
138 
139 	/* printk(KERN_INFO "message size %d\n", hm->h.wSize); */
140 
141 	uncopied_bytes = copy_from_user(hm, puhm, msg_size);
142 	if (uncopied_bytes) {
143 		HPI_DEBUG_LOG(ERROR, "uncopied bytes %d\n", uncopied_bytes);
144 		err = -EFAULT;
145 		goto out;
146 	}
147 
148 	/* Override h.size in case it is changed between two userspace fetches */
149 	hm->h.size = msg_size;
150 
151 	if (get_user(res_max_size, (u16 __user *)puhr)) {
152 		err = -EFAULT;
153 		goto out;
154 	}
155 	/* printk(KERN_INFO "user response size %d\n", res_max_size); */
156 	if (res_max_size < sizeof(struct hpi_response_header)) {
157 		HPI_DEBUG_LOG(WARNING, "small res size %d\n", res_max_size);
158 		err = -EFAULT;
159 		goto out;
160 	}
161 
162 	res_max_size = min_t(size_t, res_max_size, sizeof(*hr));
163 
164 	switch (hm->h.function) {
165 	case HPI_SUBSYS_CREATE_ADAPTER:
166 	case HPI_ADAPTER_DELETE:
167 		/* Application must not use these functions! */
168 		hr->h.size = sizeof(hr->h);
169 		hr->h.error = HPI_ERROR_INVALID_OPERATION;
170 		hr->h.function = hm->h.function;
171 		uncopied_bytes = copy_to_user(puhr, hr, hr->h.size);
172 		if (uncopied_bytes)
173 			err = -EFAULT;
174 		else
175 			err = 0;
176 		goto out;
177 	}
178 
179 	hr->h.size = res_max_size;
180 	if (hm->h.object == HPI_OBJ_SUBSYSTEM) {
181 		hpi_send_recv_f(&hm->m0, &hr->r0, file);
182 	} else {
183 		u16 __user *ptr = NULL;
184 		u32 size = 0;
185 		/* -1=no data 0=read from user mem, 1=write to user mem */
186 		int wrflag = -1;
187 		struct hpi_adapter *pa = NULL;
188 
189 		if (hm->h.adapter_index < ARRAY_SIZE(adapters))
190 			pa = &adapters[array_index_nospec(hm->h.adapter_index,
191 							  ARRAY_SIZE(adapters))];
192 
193 		if (!pa || !pa->adapter || !pa->adapter->type) {
194 			hpi_init_response(&hr->r0, hm->h.object,
195 				hm->h.function, HPI_ERROR_BAD_ADAPTER_NUMBER);
196 
197 			uncopied_bytes =
198 				copy_to_user(puhr, hr, sizeof(hr->h));
199 			if (uncopied_bytes)
200 				err = -EFAULT;
201 			else
202 				err = 0;
203 			goto out;
204 		}
205 
206 		if (mutex_lock_interruptible(&pa->mutex)) {
207 			err = -EINTR;
208 			goto out;
209 		}
210 
211 		/* Dig out any pointers embedded in the message.  */
212 		switch (hm->h.function) {
213 		case HPI_OSTREAM_WRITE:
214 		case HPI_ISTREAM_READ:{
215 				/* Yes, sparse, this is correct. */
216 				ptr = (u16 __user *)hm->m0.u.d.u.data.pb_data;
217 				size = hm->m0.u.d.u.data.data_size;
218 
219 				/* Allocate buffer according to application request.
220 				   ?Is it better to alloc/free for the duration
221 				   of the transaction?
222 				 */
223 				if (pa->buffer_size < size) {
224 					HPI_DEBUG_LOG(DEBUG,
225 						"Realloc adapter %d stream "
226 						"buffer from %zd to %d\n",
227 						hm->h.adapter_index,
228 						pa->buffer_size, size);
229 					if (pa->p_buffer) {
230 						pa->buffer_size = 0;
231 						vfree(pa->p_buffer);
232 					}
233 					pa->p_buffer = vmalloc(size);
234 					if (pa->p_buffer)
235 						pa->buffer_size = size;
236 					else {
237 						HPI_DEBUG_LOG(ERROR,
238 							"HPI could not allocate "
239 							"stream buffer size %d\n",
240 							size);
241 
242 						mutex_unlock(&pa->mutex);
243 						err = -EINVAL;
244 						goto out;
245 					}
246 				}
247 
248 				hm->m0.u.d.u.data.pb_data = pa->p_buffer;
249 				if (hm->h.function == HPI_ISTREAM_READ)
250 					/* from card, WRITE to user mem */
251 					wrflag = 1;
252 				else
253 					wrflag = 0;
254 				break;
255 			}
256 
257 		default:
258 			size = 0;
259 			break;
260 		}
261 
262 		if (size && (wrflag == 0)) {
263 			uncopied_bytes =
264 				copy_from_user(pa->p_buffer, ptr, size);
265 			if (uncopied_bytes)
266 				HPI_DEBUG_LOG(WARNING,
267 					"Missed %d of %d "
268 					"bytes from user\n", uncopied_bytes,
269 					size);
270 		}
271 
272 		hpi_send_recv_f(&hm->m0, &hr->r0, file);
273 
274 		if (size && (wrflag == 1)) {
275 			uncopied_bytes =
276 				copy_to_user(ptr, pa->p_buffer, size);
277 			if (uncopied_bytes)
278 				HPI_DEBUG_LOG(WARNING,
279 					"Missed %d of %d " "bytes to user\n",
280 					uncopied_bytes, size);
281 		}
282 
283 		mutex_unlock(&pa->mutex);
284 	}
285 
286 	/* on return response size must be set */
287 	/*printk(KERN_INFO "response size %d\n", hr->h.wSize); */
288 
289 	if (!hr->h.size) {
290 		HPI_DEBUG_LOG(ERROR, "response zero size\n");
291 		err = -EFAULT;
292 		goto out;
293 	}
294 
295 	if (hr->h.size > res_max_size) {
296 		HPI_DEBUG_LOG(ERROR, "response too big %d %d\n", hr->h.size,
297 			res_max_size);
298 		hr->h.error = HPI_ERROR_RESPONSE_BUFFER_TOO_SMALL;
299 		hr->h.specific_error = hr->h.size;
300 		hr->h.size = sizeof(hr->h);
301 	}
302 
303 	uncopied_bytes = copy_to_user(puhr, hr, hr->h.size);
304 	if (uncopied_bytes) {
305 		HPI_DEBUG_LOG(ERROR, "uncopied bytes %d\n", uncopied_bytes);
306 		err = -EFAULT;
307 		goto out;
308 	}
309 
310 out:
311 	kfree(hm);
312 	kfree(hr);
313 	return err;
314 }
315 
316 static int asihpi_irq_count;
317 
asihpi_isr(int irq,void * dev_id)318 static irqreturn_t asihpi_isr(int irq, void *dev_id)
319 {
320 	struct hpi_adapter *a = dev_id;
321 	int handled;
322 
323 	if (!a->adapter->irq_query_and_clear) {
324 		pr_err("asihpi_isr ASI%04X:%d no handler\n", a->adapter->type,
325 			a->adapter->index);
326 		return IRQ_NONE;
327 	}
328 
329 	handled = a->adapter->irq_query_and_clear(a->adapter, 0);
330 
331 	if (!handled)
332 		return IRQ_NONE;
333 
334 	asihpi_irq_count++;
335 	/* printk(KERN_INFO "asihpi_isr %d ASI%04X:%d irq handled\n",
336 	   asihpi_irq_count, a->adapter->type, a->adapter->index); */
337 
338 	if (a->interrupt_callback)
339 		a->interrupt_callback(a);
340 
341 	return IRQ_HANDLED;
342 }
343 
asihpi_adapter_probe(struct pci_dev * pci_dev,const struct pci_device_id * pci_id)344 int asihpi_adapter_probe(struct pci_dev *pci_dev,
345 			 const struct pci_device_id *pci_id)
346 {
347 	int idx, nm, low_latency_mode = 0, irq_supported = 0;
348 	int adapter_index;
349 	unsigned int memlen;
350 	struct hpi_message hm;
351 	struct hpi_response hr;
352 	struct hpi_adapter adapter;
353 	struct hpi_pci pci;
354 
355 	memset(&adapter, 0, sizeof(adapter));
356 
357 	dev_printk(KERN_DEBUG, &pci_dev->dev,
358 		"probe %04x:%04x,%04x:%04x,%04x\n", pci_dev->vendor,
359 		pci_dev->device, pci_dev->subsystem_vendor,
360 		pci_dev->subsystem_device, pci_dev->devfn);
361 
362 	if (pci_enable_device(pci_dev) < 0) {
363 		dev_err(&pci_dev->dev,
364 			"pci_enable_device failed, disabling device\n");
365 		return -EIO;
366 	}
367 
368 	pci_set_master(pci_dev);	/* also sets latency timer if < 16 */
369 
370 	hpi_init_message_response(&hm, &hr, HPI_OBJ_SUBSYSTEM,
371 		HPI_SUBSYS_CREATE_ADAPTER);
372 	hpi_init_response(&hr, HPI_OBJ_SUBSYSTEM, HPI_SUBSYS_CREATE_ADAPTER,
373 		HPI_ERROR_PROCESSING_MESSAGE);
374 
375 	hm.adapter_index = HPI_ADAPTER_INDEX_INVALID;
376 
377 	nm = HPI_MAX_ADAPTER_MEM_SPACES;
378 
379 	for (idx = 0; idx < nm; idx++) {
380 		HPI_DEBUG_LOG(INFO, "resource %d %pR\n", idx,
381 			&pci_dev->resource[idx]);
382 
383 		if (pci_resource_flags(pci_dev, idx) & IORESOURCE_MEM) {
384 			memlen = pci_resource_len(pci_dev, idx);
385 			pci.ap_mem_base[idx] =
386 				ioremap(pci_resource_start(pci_dev, idx),
387 				memlen);
388 			if (!pci.ap_mem_base[idx]) {
389 				HPI_DEBUG_LOG(ERROR,
390 					"ioremap failed, aborting\n");
391 				/* unmap previously mapped pci mem space */
392 				goto err;
393 			}
394 		}
395 	}
396 
397 	pci.pci_dev = pci_dev;
398 	hm.u.s.resource.bus_type = HPI_BUS_PCI;
399 	hm.u.s.resource.r.pci = &pci;
400 
401 	/* call CreateAdapterObject on the relevant hpi module */
402 	hpi_send_recv_ex(&hm, &hr, HOWNER_KERNEL);
403 	if (hr.error)
404 		goto err;
405 
406 	adapter_index = hr.u.s.adapter_index;
407 	adapter.adapter = hpi_find_adapter(adapter_index);
408 
409 	if (prealloc_stream_buf) {
410 		adapter.p_buffer = vmalloc(prealloc_stream_buf);
411 		if (!adapter.p_buffer) {
412 			HPI_DEBUG_LOG(ERROR,
413 				"HPI could not allocate "
414 				"kernel buffer size %d\n",
415 				prealloc_stream_buf);
416 			goto err;
417 		}
418 	}
419 
420 	hpi_init_message_response(&hm, &hr, HPI_OBJ_ADAPTER,
421 		HPI_ADAPTER_OPEN);
422 	hm.adapter_index = adapter.adapter->index;
423 	hpi_send_recv_ex(&hm, &hr, HOWNER_KERNEL);
424 
425 	if (hr.error) {
426 		HPI_DEBUG_LOG(ERROR, "HPI_ADAPTER_OPEN failed, aborting\n");
427 		goto err;
428 	}
429 
430 	/* Check if current mode == Low Latency mode */
431 	hpi_init_message_response(&hm, &hr, HPI_OBJ_ADAPTER,
432 		HPI_ADAPTER_GET_MODE);
433 	hm.adapter_index = adapter.adapter->index;
434 	hpi_send_recv_ex(&hm, &hr, HOWNER_KERNEL);
435 
436 	if (!hr.error
437 		&& hr.u.ax.mode.adapter_mode == HPI_ADAPTER_MODE_LOW_LATENCY)
438 		low_latency_mode = 1;
439 	else
440 		dev_info(&pci_dev->dev,
441 			"Adapter at index %d is not in low latency mode\n",
442 			adapter.adapter->index);
443 
444 	/* Check if IRQs are supported */
445 	hpi_init_message_response(&hm, &hr, HPI_OBJ_ADAPTER,
446 		HPI_ADAPTER_GET_PROPERTY);
447 	hm.adapter_index = adapter.adapter->index;
448 	hm.u.ax.property_set.property = HPI_ADAPTER_PROPERTY_SUPPORTS_IRQ;
449 	hpi_send_recv_ex(&hm, &hr, HOWNER_KERNEL);
450 	if (hr.error || !hr.u.ax.property_get.parameter1) {
451 		dev_info(&pci_dev->dev,
452 			"IRQs not supported by adapter at index %d\n",
453 			adapter.adapter->index);
454 	} else {
455 		irq_supported = 1;
456 	}
457 
458 	/* WARNING can't init mutex in 'adapter'
459 	 * and then copy it to adapters[] ?!?!
460 	 */
461 	adapters[adapter_index] = adapter;
462 	mutex_init(&adapters[adapter_index].mutex);
463 	pci_set_drvdata(pci_dev, &adapters[adapter_index]);
464 
465 	if (low_latency_mode && irq_supported) {
466 		if (!adapter.adapter->irq_query_and_clear) {
467 			dev_err(&pci_dev->dev,
468 				"no IRQ handler for adapter %d, aborting\n",
469 				adapter.adapter->index);
470 			goto err;
471 		}
472 
473 		/* Disable IRQ generation on DSP side by setting the rate to 0 */
474 		hpi_init_message_response(&hm, &hr, HPI_OBJ_ADAPTER,
475 			HPI_ADAPTER_SET_PROPERTY);
476 		hm.adapter_index = adapter.adapter->index;
477 		hm.u.ax.property_set.property = HPI_ADAPTER_PROPERTY_IRQ_RATE;
478 		hm.u.ax.property_set.parameter1 = 0;
479 		hm.u.ax.property_set.parameter2 = 0;
480 		hpi_send_recv_ex(&hm, &hr, HOWNER_KERNEL);
481 		if (hr.error) {
482 			HPI_DEBUG_LOG(ERROR,
483 				"HPI_ADAPTER_GET_MODE failed, aborting\n");
484 			goto err;
485 		}
486 
487 		/* Note: request_irq calls asihpi_isr here */
488 		if (request_irq(pci_dev->irq, asihpi_isr, IRQF_SHARED,
489 				"asihpi", &adapters[adapter_index])) {
490 			dev_err(&pci_dev->dev, "request_irq(%d) failed\n",
491 				pci_dev->irq);
492 			goto err;
493 		}
494 
495 		adapters[adapter_index].interrupt_mode = 1;
496 
497 		dev_info(&pci_dev->dev, "using irq %d\n", pci_dev->irq);
498 		adapters[adapter_index].irq = pci_dev->irq;
499 	} else {
500 		dev_info(&pci_dev->dev, "using polled mode\n");
501 	}
502 
503 	dev_info(&pci_dev->dev, "probe succeeded for ASI%04X HPI index %d\n",
504 		 adapter.adapter->type, adapter_index);
505 
506 	return 0;
507 
508 err:
509 	for (idx = 0; idx < HPI_MAX_ADAPTER_MEM_SPACES; idx++) {
510 		if (pci.ap_mem_base[idx]) {
511 			iounmap(pci.ap_mem_base[idx]);
512 			pci.ap_mem_base[idx] = NULL;
513 		}
514 	}
515 
516 	if (adapter.p_buffer) {
517 		adapter.buffer_size = 0;
518 		vfree(adapter.p_buffer);
519 	}
520 
521 	HPI_DEBUG_LOG(ERROR, "adapter_probe failed\n");
522 	return -ENODEV;
523 }
524 
asihpi_adapter_remove(struct pci_dev * pci_dev)525 void asihpi_adapter_remove(struct pci_dev *pci_dev)
526 {
527 	int idx;
528 	struct hpi_message hm;
529 	struct hpi_response hr;
530 	struct hpi_adapter *pa;
531 	struct hpi_pci pci;
532 
533 	pa = pci_get_drvdata(pci_dev);
534 	pci = pa->adapter->pci;
535 
536 	/* Disable IRQ generation on DSP side */
537 	hpi_init_message_response(&hm, &hr, HPI_OBJ_ADAPTER,
538 		HPI_ADAPTER_SET_PROPERTY);
539 	hm.adapter_index = pa->adapter->index;
540 	hm.u.ax.property_set.property = HPI_ADAPTER_PROPERTY_IRQ_RATE;
541 	hm.u.ax.property_set.parameter1 = 0;
542 	hm.u.ax.property_set.parameter2 = 0;
543 	hpi_send_recv_ex(&hm, &hr, HOWNER_KERNEL);
544 
545 	hpi_init_message_response(&hm, &hr, HPI_OBJ_ADAPTER,
546 		HPI_ADAPTER_DELETE);
547 	hm.adapter_index = pa->adapter->index;
548 	hpi_send_recv_ex(&hm, &hr, HOWNER_KERNEL);
549 
550 	/* unmap PCI memory space, mapped during device init. */
551 	for (idx = 0; idx < HPI_MAX_ADAPTER_MEM_SPACES; ++idx)
552 		iounmap(pci.ap_mem_base[idx]);
553 
554 	if (pa->irq)
555 		free_irq(pa->irq, pa);
556 
557 	vfree(pa->p_buffer);
558 
559 	if (1)
560 		dev_info(&pci_dev->dev,
561 			 "remove %04x:%04x,%04x:%04x,%04x, HPI index %d\n",
562 			 pci_dev->vendor, pci_dev->device,
563 			 pci_dev->subsystem_vendor, pci_dev->subsystem_device,
564 			 pci_dev->devfn, pa->adapter->index);
565 
566 	memset(pa, 0, sizeof(*pa));
567 }
568 
asihpi_init(void)569 void __init asihpi_init(void)
570 {
571 	struct hpi_message hm;
572 	struct hpi_response hr;
573 
574 	memset(adapters, 0, sizeof(adapters));
575 
576 	printk(KERN_INFO "ASIHPI driver " HPI_VER_STRING "\n");
577 
578 	hpi_init_message_response(&hm, &hr, HPI_OBJ_SUBSYSTEM,
579 		HPI_SUBSYS_DRIVER_LOAD);
580 	hpi_send_recv_ex(&hm, &hr, HOWNER_KERNEL);
581 }
582 
asihpi_exit(void)583 void asihpi_exit(void)
584 {
585 	struct hpi_message hm;
586 	struct hpi_response hr;
587 
588 	hpi_init_message_response(&hm, &hr, HPI_OBJ_SUBSYSTEM,
589 		HPI_SUBSYS_DRIVER_UNLOAD);
590 	hpi_send_recv_ex(&hm, &hr, HOWNER_KERNEL);
591 }
592