1 /*
2  * Copyright (c) 2019 Peter Bigot Consulting, LLC
3  * Copyright (c) 2020 Nordic Semiconductor ASA
4  *
5  * SPDX-License-Identifier: Apache-2.0
6  */
7 
8 #ifndef ZEPHYR_INCLUDE_SYS_ONOFF_H_
9 #define ZEPHYR_INCLUDE_SYS_ONOFF_H_
10 
11 #include <zephyr/kernel.h>
12 #include <zephyr/types.h>
13 #include <zephyr/sys/notify.h>
14 
15 #ifdef __cplusplus
16 extern "C" {
17 #endif
18 
19 /**
20  * @defgroup resource_mgmt_onoff_apis On-Off Service APIs
21  * @ingroup kernel_apis
22  * @{
23  */
24 
25 /**
26  * @brief Flag indicating an error state.
27  *
28  * Error states are cleared using onoff_reset().
29  */
30 #define ONOFF_FLAG_ERROR BIT(0)
31 
32 /** @cond INTERNAL_HIDDEN */
33 #define ONOFF_FLAG_ONOFF BIT(1)
34 #define ONOFF_FLAG_TRANSITION BIT(2)
35 /** @endcond */
36 
37 /**
38  * @brief Mask used to isolate bits defining the service state.
39  *
40  * Mask a value with this then test for ONOFF_FLAG_ERROR to determine
41  * whether the machine has an unfixed error, or compare against
42  * ONOFF_STATE_ON, ONOFF_STATE_OFF, ONOFF_STATE_TO_ON,
43  * ONOFF_STATE_TO_OFF, or ONOFF_STATE_RESETTING.
44  */
45 #define ONOFF_STATE_MASK (ONOFF_FLAG_ERROR   \
46 			  | ONOFF_FLAG_ONOFF \
47 			  | ONOFF_FLAG_TRANSITION)
48 
49 /**
50  * @brief Value exposed by ONOFF_STATE_MASK when service is off.
51  */
52 #define ONOFF_STATE_OFF 0U
53 
54 /**
55  * @brief Value exposed by ONOFF_STATE_MASK when service is on.
56  */
57 #define ONOFF_STATE_ON ONOFF_FLAG_ONOFF
58 
59 /**
60  * @brief Value exposed by ONOFF_STATE_MASK when the service is in an
61  * error state (and not in the process of resetting its state).
62  */
63 #define ONOFF_STATE_ERROR ONOFF_FLAG_ERROR
64 
65 /**
66  * @brief Value exposed by ONOFF_STATE_MASK when service is
67  * transitioning to on.
68  */
69 #define ONOFF_STATE_TO_ON (ONOFF_FLAG_TRANSITION | ONOFF_STATE_ON)
70 
71 /**
72  * @brief Value exposed by ONOFF_STATE_MASK when service is
73  * transitioning to off.
74  */
75 #define ONOFF_STATE_TO_OFF (ONOFF_FLAG_TRANSITION | ONOFF_STATE_OFF)
76 
77 /**
78  * @brief Value exposed by ONOFF_STATE_MASK when service is in the
79  * process of resetting.
80  */
81 #define ONOFF_STATE_RESETTING (ONOFF_FLAG_TRANSITION | ONOFF_STATE_ERROR)
82 
83 /* Forward declarations */
84 struct onoff_manager;
85 struct onoff_monitor;
86 
87 /**
88  * @brief Signature used to notify an on-off manager that a transition
89  * has completed.
90  *
91  * Functions of this type are passed to service-specific transition
92  * functions to be used to report the completion of the operation.
93  * The functions may be invoked from any context.
94  *
95  * @param mgr the manager for which transition was requested.
96  *
97  * @param res the result of the transition.  This shall be
98  * non-negative on success, or a negative error code.  If an error is
99  * indicated the service shall enter an error state.
100  */
101 typedef void (*onoff_notify_fn)(struct onoff_manager *mgr,
102 				int res);
103 
104 /**
105  * @brief Signature used by service implementations to effect a
106  * transition.
107  *
108  * Service definitions use two required function pointers of this type
109  * to be notified that a transition is required, and a third optional
110  * one to reset the service when it is in an error state.
111  *
112  * The start function will be called only from the off state.
113  *
114  * The stop function will be called only from the on state.
115  *
116  * The reset function (where supported) will be called only when
117  * onoff_has_error() returns true.
118  *
119  * @note All transitions functions must be isr-ok.
120  *
121  * @param mgr the manager for which transition was requested.
122  *
123  * @param notify the function to be invoked when the transition has
124  * completed.  If the transition is synchronous, notify shall be
125  * invoked by the implementation before the transition function
126  * returns.  Otherwise the implementation shall capture this parameter
127  * and invoke it when the transition completes.
128  */
129 typedef void (*onoff_transition_fn)(struct onoff_manager *mgr,
130 				    onoff_notify_fn notify);
131 
132 /** @brief On-off service transition functions. */
133 struct onoff_transitions {
134 	/** Function to invoke to transition the service to on. */
135 	onoff_transition_fn start;
136 
137 	/** Function to invoke to transition the service to off. */
138 	onoff_transition_fn stop;
139 
140 	/** Function to force the service state to reset, where
141 	 * supported.
142 	 */
143 	onoff_transition_fn reset;
144 };
145 
146 /**
147  * @brief State associated with an on-off manager.
148  *
149  * No fields in this structure are intended for use by service
150  * providers or clients.  The state is to be initialized once, using
151  * onoff_manager_init(), when the service provider is initialized.  In
152  * case of error it may be reset through the onoff_reset() API.
153  */
154 struct onoff_manager {
155 	/** List of clients waiting for request or reset completion
156 	 * notifications.
157 	 */
158 	sys_slist_t clients;
159 
160 	/** List of monitors to be notified of state changes including
161 	 * errors and transition completion.
162 	 */
163 	sys_slist_t monitors;
164 
165 	/** Transition functions. */
166 	const struct onoff_transitions *transitions;
167 
168 	/** Mutex protection for other fields. */
169 	struct k_spinlock lock;
170 
171 	/** The result of the last transition. */
172 	int last_res;
173 
174 	/** Flags identifying the service state. */
175 	uint16_t flags;
176 
177 	/** Number of active clients for the service. */
178 	uint16_t refs;
179 };
180 
181 /** @brief Initializer for a onoff_transitions object.
182  *
183  * @param _start a function used to transition from off to on state.
184  *
185  * @param _stop a function used to transition from on to off state.
186  *
187  * @param _reset a function used to clear errors and force the service
188  * to an off state. Can be null.
189  */
190 #define ONOFF_TRANSITIONS_INITIALIZER(_start, _stop, _reset) { \
191 		.start = (_start),			       \
192 		.stop = (_stop),			       \
193 		.reset = (_reset),			       \
194 }
195 
196 /** @cond INTERNAL_HIDDEN */
197 #define ONOFF_MANAGER_INITIALIZER(_transitions) { \
198 		.transitions = (_transitions),	  \
199 }
200 /** @endcond */
201 
202 /**
203  * @brief Initialize an on-off service to off state.
204  *
205  * This function must be invoked exactly once per service instance, by
206  * the infrastructure that provides the service, and before any other
207  * on-off service API is invoked on the service.
208  *
209  * This function should never be invoked by clients of an on-off
210  * service.
211  *
212  * @param mgr the manager definition object to be initialized.
213  *
214  * @param transitions pointer to a structure providing transition
215  * functions.  The referenced object must persist as long as the
216  * manager can be referenced.
217  *
218  * @retval 0 on success
219  * @retval -EINVAL if start, stop, or flags are invalid
220  */
221 int onoff_manager_init(struct onoff_manager *mgr,
222 		       const struct onoff_transitions *transitions);
223 
224 /* Forward declaration */
225 struct onoff_client;
226 
227 /**
228  * @brief Signature used to notify an on-off service client of the
229  * completion of an operation.
230  *
231  * These functions may be invoked from any context including
232  * pre-kernel, ISR, or cooperative or pre-emptible threads.
233  * Compatible functions must be isr-ok and not sleep.
234  *
235  * @param mgr the manager for which the operation was initiated.  This may be
236  * null if the on-off service uses synchronous transitions.
237  *
238  * @param cli the client structure passed to the function that
239  * initiated the operation.
240  *
241  * @param state the state of the machine at the time of completion,
242  * restricted by ONOFF_STATE_MASK.  ONOFF_FLAG_ERROR must be checked
243  * independently of whether res is negative as a machine error may
244  * indicate that all future operations except onoff_reset() will fail.
245  *
246  * @param res the result of the operation.  Expected values are
247  * service-specific, but the value shall be non-negative if the
248  * operation succeeded, and negative if the operation failed.  If res
249  * is negative ONOFF_FLAG_ERROR will be set in state, but if res is
250  * non-negative ONOFF_FLAG_ERROR may still be set in state.
251  */
252 typedef void (*onoff_client_callback)(struct onoff_manager *mgr,
253 				      struct onoff_client *cli,
254 				      uint32_t state,
255 				      int res);
256 
257 /**
258  * @brief State associated with a client of an on-off service.
259  *
260  * Objects of this type are allocated by a client, which is
261  * responsible for zero-initializing the node field and invoking the
262  * appropriate sys_notify init function to configure notification.
263  *
264  * Control of the object content transfers to the service provider
265  * when a pointer to the object is passed to any on-off manager
266  * function.  While the service provider controls the object the
267  * client must not change any object fields.  Control reverts to the
268  * client concurrent with release of the owned sys_notify structure,
269  * or when indicated by an onoff_cancel() return value.
270  *
271  * After control has reverted to the client the notify field must be
272  * reinitialized for the next operation.
273  */
274 struct onoff_client {
275 	/** @cond INTERNAL_HIDDEN
276 	 *
277 	 * Links the client into the set of waiting service users.
278 	 * Applications must ensure this field is zero-initialized
279 	 * before use.
280 	 */
281 	sys_snode_t node;
282 	/** @endcond */
283 
284 	/** @brief Notification configuration. */
285 	struct sys_notify notify;
286 };
287 
288 /**
289  * @brief Identify region of sys_notify flags available for
290  * containing services.
291  *
292  * Bits of the flags field of the sys_notify structure contained
293  * within the queued_operation structure at and above this position
294  * may be used by extensions to the onoff_client structure.
295  *
296  * These bits are intended for use by containing service
297  * implementations to record client-specific information and are
298  * subject to other conditions of use specified on the sys_notify API.
299  */
300 #define ONOFF_CLIENT_EXTENSION_POS SYS_NOTIFY_EXTENSION_POS
301 
302 /**
303  * @brief Test whether an on-off service has recorded an error.
304  *
305  * This function can be used to determine whether the service has
306  * recorded an error.  Errors may be cleared by invoking
307  * onoff_reset().
308  *
309  * This is an unlocked convenience function suitable for use only when
310  * it is known that no other process might invoke an operation that
311  * transitions the service between an error and non-error state.
312  *
313  * @return true if and only if the service has an uncleared error.
314  */
onoff_has_error(const struct onoff_manager * mgr)315 static inline bool onoff_has_error(const struct onoff_manager *mgr)
316 {
317 	return (mgr->flags & ONOFF_FLAG_ERROR) != 0;
318 }
319 
320 /**
321  * @brief Request a reservation to use an on-off service.
322  *
323  * The return value indicates the success or failure of an attempt to
324  * initiate an operation to request the resource be made available.
325  * If initiation of the operation succeeds the result of the request
326  * operation is provided through the configured client notification
327  * method, possibly before this call returns.
328  *
329  * Note that the call to this function may succeed in a case where the
330  * actual request fails.  Always check the operation completion
331  * result.
332  *
333  * @param mgr the manager that will be used.
334  *
335  * @param cli a non-null pointer to client state providing
336  * instructions on synchronous expectations and how to notify the
337  * client when the request completes.  Behavior is undefined if client
338  * passes a pointer object associated with an incomplete service
339  * operation.
340  *
341  * @retval non-negative the observed state of the machine at the time
342  * the request was processed, if successful.
343  * @retval -EIO if service has recorded an error.
344  * @retval -EINVAL if the parameters are invalid.
345  * @retval -EAGAIN if the reference count would overflow.
346  */
347 int onoff_request(struct onoff_manager *mgr,
348 		  struct onoff_client *cli);
349 
350 /**
351  * @brief Release a reserved use of an on-off service.
352  *
353  * This synchronously releases the caller's previous request.  If the
354  * last request is released the manager will initiate a transition to
355  * off, which can be observed by registering an onoff_monitor.
356  *
357  * @note Behavior is undefined if this is not paired with a preceding
358  * onoff_request() call that completed successfully.
359  *
360  * @param mgr the manager for which a request was successful.
361  *
362  * @retval non-negative the observed state (ONOFF_STATE_ON) of the
363  * machine at the time of the release, if the release succeeds.
364  * @retval -EIO if service has recorded an error.
365  * @retval -ENOTSUP if the machine is not in a state that permits
366  * release.
367  */
368 int onoff_release(struct onoff_manager *mgr);
369 
370 /**
371  * @brief Attempt to cancel an in-progress client operation.
372  *
373  * It may be that a client has initiated an operation but needs to
374  * shut down before the operation has completed.  For example, when a
375  * request was made and the need is no longer present.
376  *
377  * Cancelling is supported only for onoff_request() and onoff_reset()
378  * operations, and is a synchronous operation.  Be aware that any
379  * transition that was initiated on behalf of the client will continue
380  * to progress to completion: it is only notification of transition
381  * completion that may be eliminated.  If there are no active requests
382  * when a transition to on completes the manager will initiate a
383  * transition to off.
384  *
385  * Client notification does not occur for cancelled operations.
386  *
387  * @param mgr the manager for which an operation is to be cancelled.
388  *
389  * @param cli a pointer to the same client state that was provided
390  * when the operation to be cancelled was issued.
391  *
392  * @retval non-negative the observed state of the machine at the time
393  * of the cancellation, if the cancellation succeeds.  On successful
394  * cancellation ownership of @c *cli reverts to the client.
395  * @retval -EINVAL if the parameters are invalid.
396  * @retval -EALREADY if cli was not a record of an uncompleted
397  * notification at the time the cancellation was processed.  This
398  * likely indicates that the operation and client notification had
399  * already completed.
400  */
401 int onoff_cancel(struct onoff_manager *mgr,
402 		 struct onoff_client *cli);
403 
404 /**
405  * @brief Helper function to safely cancel a request.
406  *
407  * Some applications may want to issue requests on an asynchronous
408  * event (such as connection to a USB bus) and to release on a paired
409  * event (such as loss of connection to a USB bus).  Applications
410  * cannot precisely determine that an in-progress request is still
411  * pending without using onoff_monitor and carefully avoiding race
412  * conditions.
413  *
414  * This function is a helper that attempts to cancel the operation and
415  * issues a release if cancellation fails because the request was
416  * completed.  This synchronously ensures that ownership of the client
417  * data reverts to the client so is available for a future request.
418  *
419  * @param mgr the manager for which an operation is to be cancelled.
420  *
421  * @param cli a pointer to the same client state that was provided
422  * when onoff_request() was invoked.  Behavior is undefined if this is
423  * a pointer to client data associated with an onoff_reset() request.
424  *
425  * @retval ONOFF_STATE_TO_ON if the cancellation occurred before the
426  * transition completed.
427  *
428  * @retval ONOFF_STATE_ON if the cancellation occurred after the
429  * transition completed.
430  *
431  * @retval -EINVAL if the parameters are invalid.
432  *
433  * @retval negative other errors produced by onoff_release().
434  */
onoff_cancel_or_release(struct onoff_manager * mgr,struct onoff_client * cli)435 static inline int onoff_cancel_or_release(struct onoff_manager *mgr,
436 					  struct onoff_client *cli)
437 {
438 	int rv = onoff_cancel(mgr, cli);
439 
440 	if (rv == -EALREADY) {
441 		rv = onoff_release(mgr);
442 	}
443 	return rv;
444 }
445 
446 /**
447  * @brief Clear errors on an on-off service and reset it to its off
448  * state.
449  *
450  * A service can only be reset when it is in an error state as
451  * indicated by onoff_has_error().
452  *
453  * The return value indicates the success or failure of an attempt to
454  * initiate an operation to reset the resource.  If initiation of the
455  * operation succeeds the result of the reset operation itself is
456  * provided through the configured client notification method,
457  * possibly before this call returns.  Multiple clients may request a
458  * reset; all are notified when it is complete.
459  *
460  * Note that the call to this function may succeed in a case where the
461  * actual reset fails.  Always check the operation completion result.
462  *
463  * @note Due to the conditions on state transition all incomplete
464  * asynchronous operations will have been informed of the error when
465  * it occurred.  There need be no concern about dangling requests left
466  * after a reset completes.
467  *
468  * @param mgr the manager to be reset.
469  *
470  * @param cli pointer to client state, including instructions on how
471  * to notify the client when reset completes.  Behavior is undefined
472  * if cli references an object associated with an incomplete service
473  * operation.
474  *
475  * @retval non-negative the observed state of the machine at the time
476  * of the reset, if the reset succeeds.
477  * @retval -ENOTSUP if reset is not supported by the service.
478  * @retval -EINVAL if the parameters are invalid.
479  * @retval -EALREADY if the service does not have a recorded error.
480  */
481 int onoff_reset(struct onoff_manager *mgr,
482 		struct onoff_client *cli);
483 
484 /**
485  * @brief Signature used to notify a monitor of an onoff service of
486  * errors or completion of a state transition.
487  *
488  * This is similar to onoff_client_callback but provides information
489  * about all transitions, not just ones associated with a specific
490  * client.  Monitor callbacks are invoked before any completion
491  * notifications associated with the state change are made.
492  *
493  * These functions may be invoked from any context including
494  * pre-kernel, ISR, or cooperative or pre-emptible threads.
495  * Compatible functions must be isr-ok and not sleep.
496  *
497  * The callback is permitted to unregister itself from the manager,
498  * but must not register or unregister any other monitors.
499  *
500  * @param mgr the manager for which a transition has completed.
501  *
502  * @param mon the monitor instance through which this notification
503  * arrived.
504  *
505  * @param state the state of the machine at the time of completion,
506  * restricted by ONOFF_STATE_MASK.  All valid states may be observed.
507  *
508  * @param res the result of the operation.  Expected values are
509  * service- and state-specific, but the value shall be non-negative if
510  * the operation succeeded, and negative if the operation failed.
511  */
512 typedef void (*onoff_monitor_callback)(struct onoff_manager *mgr,
513 				       struct onoff_monitor *mon,
514 				       uint32_t state,
515 				       int res);
516 
517 /**
518  * @brief Registration state for notifications of onoff service
519  * transitions.
520  *
521  * Any given onoff_monitor structure can be associated with at most
522  * one onoff_manager instance.
523  */
524 struct onoff_monitor {
525 	/** Links the client into the set of waiting service users.
526 	 *
527 	 * This must be zero-initialized.
528 	 */
529 	sys_snode_t node;
530 
531 	/** Callback to be invoked on state change.
532 	 *
533 	 * This must not be null.
534 	 */
535 	onoff_monitor_callback callback;
536 };
537 
538 /**
539  * @brief Add a monitor of state changes for a manager.
540  *
541  * @param mgr the manager for which a state changes are to be monitored.
542  *
543  * @param mon a linkable node providing a non-null callback to be
544  * invoked on state changes.
545  *
546  * @return non-negative on successful addition, or a negative error
547  * code.
548  */
549 int onoff_monitor_register(struct onoff_manager *mgr,
550 			   struct onoff_monitor *mon);
551 
552 /**
553  * @brief Remove a monitor of state changes from a manager.
554  *
555  * @param mgr the manager for which a state changes are to be monitored.
556  *
557  * @param mon a linkable node providing the callback to be invoked on
558  * state changes.
559  *
560  * @return non-negative on successful removal, or a negative error
561  * code.
562  */
563 int onoff_monitor_unregister(struct onoff_manager *mgr,
564 			     struct onoff_monitor *mon);
565 
566 /**
567  * @brief State used when a driver uses the on-off service API for synchronous
568  * operations.
569  *
570  * This is useful when a subsystem API uses the on-off API to support
571  * asynchronous operations but the transitions required by a
572  * particular driver are isr-ok and not sleep.  It serves as a
573  * substitute for #onoff_manager, with locking and persisted state
574  * updates supported by onoff_sync_lock() and onoff_sync_finalize().
575  */
576 struct onoff_sync_service {
577 	/** Mutex protection for other fields. */
578 	struct k_spinlock lock;
579 
580 	/** Negative is error, non-negative is reference count. */
581 	int32_t count;
582 };
583 
584 /**
585  * @brief Lock a synchronous onoff service and provide its state.
586  *
587  * @note If an error state is returned it is the caller's responsibility to
588  * decide whether to preserve it (finalize with the same error state) or clear
589  * the error (finalize with a non-error result).
590  *
591  * @param srv pointer to the synchronous service state.
592  *
593  * @param keyp pointer to where the lock key should be stored
594  *
595  * @return negative if the service is in an error state, otherwise the
596  * number of active requests at the time the lock was taken.  The lock
597  * is held on return regardless of whether a negative state is
598  * returned.
599  */
600 int onoff_sync_lock(struct onoff_sync_service *srv,
601 		    k_spinlock_key_t *keyp);
602 
603 /**
604  * @brief Process the completion of a transition in a synchronous
605  * service and release lock.
606  *
607  * This function updates the service state on the @p res and @p on parameters
608  * then releases the lock.  If @p cli is not null it finalizes the client
609  * notification using @p res.
610  *
611  * If the service was in an error state when locked, and @p res is non-negative
612  * when finalized, the count is reset to zero before completing finalization.
613  *
614  * @param srv pointer to the synchronous service state
615  *
616  * @param key the key returned by the preceding invocation of onoff_sync_lock().
617  *
618  * @param cli pointer to the onoff client through which completion
619  * information is returned.  If a null pointer is passed only the
620  * state of the service is updated.  For compatibility with the
621  * behavior of callbacks used with the manager API @p cli must be null
622  * when @p on is false (the manager does not support callbacks when
623  * turning off devices).
624  *
625  * @param res the result of the transition.  A negative value places the service
626  * into an error state.  A non-negative value increments or decrements the
627  * reference count as specified by @p on.
628  *
629  * @param on Only when @p res is non-negative, the service reference count will
630  * be incremented if@p on is @c true, and decremented if @p on is @c false.
631  *
632  * @return negative if the service is left or put into an error state, otherwise
633  * the number of active requests at the time the lock was released.
634  */
635 int onoff_sync_finalize(struct onoff_sync_service *srv,
636 			 k_spinlock_key_t key,
637 			 struct onoff_client *cli,
638 			 int res,
639 			 bool on);
640 
641 /** @} */
642 
643 #ifdef __cplusplus
644 }
645 #endif
646 
647 #endif /* ZEPHYR_INCLUDE_SYS_ONOFF_H_ */
648