public-mirrors/linux
1
0
Fork 0
mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-08-05 16:54:27 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
linux/drivers/misc/mei/vsc-tp.c

578 lines
14 KiB
C
Raw Permalink Normal View History

mei: Add transport driver for IVSC device The Intel visual sensing controller (IVSC) device is designed to control the camera sharing between host IPU for media usage and IVSC for context sensing (face detection). IVSC is exposed to HOST as an SPI device and the message protocol over the SPI BUS for communicating with the IVSC device is implemented. This is the backend of mei framework for IVSC device, which usually handles the hardware data transfer. The mei_csi and mei_ace are the clients of IVSC mei framework. The firmware downloading for the IVSC device is implemented as well. Signed-off-by: Wentong Wu <wentong.wu@intel.com> Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com> Tested-by: Hao Yao <hao.yao@intel.com> Acked-by: Tomas Winkler <tomas.winkler@intel.com> Link: https://lore.kernel.org/r/1701651344-20723-2-git-send-email-wentong.wu@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-12-04 08:55:43 +08:00
// SPDX-License-Identifier: GPL-2.0-only
/*
* Copyright (c) 2023, Intel Corporation.
* Intel Visual Sensing Controller Transport Layer Linux driver
*/
#include <linux/acpi.h>
#include <linux/cleanup.h>
#include <linux/crc32.h>
#include <linux/delay.h>
#include <linux/device.h>
#include <linux/interrupt.h>
#include <linux/iopoll.h>
#include <linux/irq.h>
#include <linux/irqreturn.h>
#include <linux/module.h>
#include <linux/mutex.h>
#include <linux/platform_device.h>
#include <linux/spi/spi.h>
#include <linux/types.h>
mei: vsc: Run event callback from a workqueue The event_notify callback in some cases calls vsc_tp_xfer(), which checks tp->assert_cnt and waits for it through the tp->xfer_wait wait-queue. And tp->assert_cnt is increased and the tp->xfer_wait queue is woken o from the interrupt handler. So the interrupt handler which is running the event callback is waiting for itself to signal that it can continue. This happens to work because the event callback runs from the threaded ISR handler and while that is running the hard ISR handler will still get called a second / third time for further interrupts and it is the hard ISR handler which does the atomic_inc() and wake_up() calls. But having the threaded ISR handler wait for its own interrupt to trigger again is not how a threaded ISR handler is supposed to be used. Move the running of the event callback from a threaded interrupt handler to a workqueue since a threaded ISR should not wait for events from its own interrupt. This is a preparation patch for moving the atomic_inc() and wake_up() calls to the threaded ISR handler, which is necessary to fix a locking issue. Fixes: 566f5ca97680 ("mei: Add transport driver for IVSC device") Signed-off-by: Hans de Goede <hansg@kernel.org> Link: https://lore.kernel.org/r/20250623085052.12347-9-hansg@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-06-23 10:50:50 +02:00
#include <linux/workqueue.h>
mei: Add transport driver for IVSC device The Intel visual sensing controller (IVSC) device is designed to control the camera sharing between host IPU for media usage and IVSC for context sensing (face detection). IVSC is exposed to HOST as an SPI device and the message protocol over the SPI BUS for communicating with the IVSC device is implemented. This is the backend of mei framework for IVSC device, which usually handles the hardware data transfer. The mei_csi and mei_ace are the clients of IVSC mei framework. The firmware downloading for the IVSC device is implemented as well. Signed-off-by: Wentong Wu <wentong.wu@intel.com> Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com> Tested-by: Hao Yao <hao.yao@intel.com> Acked-by: Tomas Winkler <tomas.winkler@intel.com> Link: https://lore.kernel.org/r/1701651344-20723-2-git-send-email-wentong.wu@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-12-04 08:55:43 +08:00
#include "vsc-tp.h"
#define VSC_TP_RESET_PIN_TOGGLE_INTERVAL_MS 20
#define VSC_TP_ROM_BOOTUP_DELAY_MS 10
#define VSC_TP_ROM_XFER_POLL_TIMEOUT_US (500 * USEC_PER_MSEC)
#define VSC_TP_ROM_XFER_POLL_DELAY_US (20 * USEC_PER_MSEC)
mei: vsc: Don't use sleeping condition in wait_event_timeout() vsc_tp_wakeup_request() called wait_event_timeout() with gpiod_get_value_cansleep() which may sleep, and does so as the implementation is that of gpio-ljca. Move the GPIO state check outside the call. Fixes: 566f5ca97680 ("mei: Add transport driver for IVSC device") Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com> Tested-and-Reviewed-by: Wentong Wu <wentong.wu@intel.com> Link: https://lore.kernel.org/r/20240219195807.517742-3-sakari.ailus@linux.intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-02-19 21:58:06 +02:00
#define VSC_TP_WAIT_FW_POLL_TIMEOUT (2 * HZ)
#define VSC_TP_WAIT_FW_POLL_DELAY_US (20 * USEC_PER_MSEC)
mei: Add transport driver for IVSC device The Intel visual sensing controller (IVSC) device is designed to control the camera sharing between host IPU for media usage and IVSC for context sensing (face detection). IVSC is exposed to HOST as an SPI device and the message protocol over the SPI BUS for communicating with the IVSC device is implemented. This is the backend of mei framework for IVSC device, which usually handles the hardware data transfer. The mei_csi and mei_ace are the clients of IVSC mei framework. The firmware downloading for the IVSC device is implemented as well. Signed-off-by: Wentong Wu <wentong.wu@intel.com> Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com> Tested-by: Hao Yao <hao.yao@intel.com> Acked-by: Tomas Winkler <tomas.winkler@intel.com> Link: https://lore.kernel.org/r/1701651344-20723-2-git-send-email-wentong.wu@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-12-04 08:55:43 +08:00
#define VSC_TP_MAX_XFER_COUNT 5
#define VSC_TP_PACKET_SYNC 0x31
#define VSC_TP_CRC_SIZE sizeof(u32)
#define VSC_TP_MAX_MSG_SIZE 2048
/* SPI xfer timeout size */
#define VSC_TP_XFER_TIMEOUT_BYTES 700
#define VSC_TP_PACKET_PADDING_SIZE 1
#define VSC_TP_PACKET_SIZE(pkt) \
mei: vsc: Fix fortify-panic caused by invalid counted_by() use gcc 15 honors the __counted_by(len) attribute on vsc_tp_packet.buf[] and the vsc-tp.c code is using this in a wrong way. len does not contain the available size in the buffer, it contains the actual packet length *without* the crc. So as soon as vsc_tp_xfer() tries to add the crc to buf[] the fortify-panic handler gets triggered: [ 80.842193] memcpy: detected buffer overflow: 4 byte write of buffer size 0 [ 80.842243] WARNING: CPU: 4 PID: 272 at lib/string_helpers.c:1032 __fortify_report+0x45/0x50 ... [ 80.843175] __fortify_panic+0x9/0xb [ 80.843186] vsc_tp_xfer.cold+0x67/0x67 [mei_vsc_hw] [ 80.843210] ? seqcount_lockdep_reader_access.constprop.0+0x82/0x90 [ 80.843229] ? lockdep_hardirqs_on+0x7c/0x110 [ 80.843250] mei_vsc_hw_start+0x98/0x120 [mei_vsc] [ 80.843270] mei_reset+0x11d/0x420 [mei] The easiest fix would be to just drop the counted-by but with the exception of the ack buffer in vsc_tp_xfer_helper() which only contains enough room for the packet-header, all other uses of vsc_tp_packet always use a buffer of VSC_TP_MAX_XFER_SIZE bytes for the packet. Instead of just dropping the counted-by, split the vsc_tp_packet struct definition into a header and a full-packet definition and use a fixed size buf[] in the packet definition, this way fortify-source buffer overrun checking still works when enabled. Fixes: 566f5ca97680 ("mei: Add transport driver for IVSC device") Cc: stable@kernel.org Signed-off-by: Hans de Goede <hdegoede@redhat.com> Reviewed-by: Alexander Usyskin <alexander.usyskin@intel.com> Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com> Link: https://lore.kernel.org/r/20250318141203.94342-2-hdegoede@redhat.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-03-18 15:12:02 +01:00
(sizeof(struct vsc_tp_packet_hdr) + le16_to_cpu((pkt)->hdr.len) + VSC_TP_CRC_SIZE)
mei: Add transport driver for IVSC device The Intel visual sensing controller (IVSC) device is designed to control the camera sharing between host IPU for media usage and IVSC for context sensing (face detection). IVSC is exposed to HOST as an SPI device and the message protocol over the SPI BUS for communicating with the IVSC device is implemented. This is the backend of mei framework for IVSC device, which usually handles the hardware data transfer. The mei_csi and mei_ace are the clients of IVSC mei framework. The firmware downloading for the IVSC device is implemented as well. Signed-off-by: Wentong Wu <wentong.wu@intel.com> Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com> Tested-by: Hao Yao <hao.yao@intel.com> Acked-by: Tomas Winkler <tomas.winkler@intel.com> Link: https://lore.kernel.org/r/1701651344-20723-2-git-send-email-wentong.wu@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-12-04 08:55:43 +08:00
#define VSC_TP_MAX_PACKET_SIZE \
mei: vsc: Fix fortify-panic caused by invalid counted_by() use gcc 15 honors the __counted_by(len) attribute on vsc_tp_packet.buf[] and the vsc-tp.c code is using this in a wrong way. len does not contain the available size in the buffer, it contains the actual packet length *without* the crc. So as soon as vsc_tp_xfer() tries to add the crc to buf[] the fortify-panic handler gets triggered: [ 80.842193] memcpy: detected buffer overflow: 4 byte write of buffer size 0 [ 80.842243] WARNING: CPU: 4 PID: 272 at lib/string_helpers.c:1032 __fortify_report+0x45/0x50 ... [ 80.843175] __fortify_panic+0x9/0xb [ 80.843186] vsc_tp_xfer.cold+0x67/0x67 [mei_vsc_hw] [ 80.843210] ? seqcount_lockdep_reader_access.constprop.0+0x82/0x90 [ 80.843229] ? lockdep_hardirqs_on+0x7c/0x110 [ 80.843250] mei_vsc_hw_start+0x98/0x120 [mei_vsc] [ 80.843270] mei_reset+0x11d/0x420 [mei] The easiest fix would be to just drop the counted-by but with the exception of the ack buffer in vsc_tp_xfer_helper() which only contains enough room for the packet-header, all other uses of vsc_tp_packet always use a buffer of VSC_TP_MAX_XFER_SIZE bytes for the packet. Instead of just dropping the counted-by, split the vsc_tp_packet struct definition into a header and a full-packet definition and use a fixed size buf[] in the packet definition, this way fortify-source buffer overrun checking still works when enabled. Fixes: 566f5ca97680 ("mei: Add transport driver for IVSC device") Cc: stable@kernel.org Signed-off-by: Hans de Goede <hdegoede@redhat.com> Reviewed-by: Alexander Usyskin <alexander.usyskin@intel.com> Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com> Link: https://lore.kernel.org/r/20250318141203.94342-2-hdegoede@redhat.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-03-18 15:12:02 +01:00
(sizeof(struct vsc_tp_packet_hdr) + VSC_TP_MAX_MSG_SIZE + VSC_TP_CRC_SIZE)
mei: Add transport driver for IVSC device The Intel visual sensing controller (IVSC) device is designed to control the camera sharing between host IPU for media usage and IVSC for context sensing (face detection). IVSC is exposed to HOST as an SPI device and the message protocol over the SPI BUS for communicating with the IVSC device is implemented. This is the backend of mei framework for IVSC device, which usually handles the hardware data transfer. The mei_csi and mei_ace are the clients of IVSC mei framework. The firmware downloading for the IVSC device is implemented as well. Signed-off-by: Wentong Wu <wentong.wu@intel.com> Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com> Tested-by: Hao Yao <hao.yao@intel.com> Acked-by: Tomas Winkler <tomas.winkler@intel.com> Link: https://lore.kernel.org/r/1701651344-20723-2-git-send-email-wentong.wu@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-12-04 08:55:43 +08:00
#define VSC_TP_MAX_XFER_SIZE \
(VSC_TP_MAX_PACKET_SIZE + VSC_TP_XFER_TIMEOUT_BYTES)
#define VSC_TP_NEXT_XFER_LEN(len, offset) \
mei: vsc: Fix fortify-panic caused by invalid counted_by() use gcc 15 honors the __counted_by(len) attribute on vsc_tp_packet.buf[] and the vsc-tp.c code is using this in a wrong way. len does not contain the available size in the buffer, it contains the actual packet length *without* the crc. So as soon as vsc_tp_xfer() tries to add the crc to buf[] the fortify-panic handler gets triggered: [ 80.842193] memcpy: detected buffer overflow: 4 byte write of buffer size 0 [ 80.842243] WARNING: CPU: 4 PID: 272 at lib/string_helpers.c:1032 __fortify_report+0x45/0x50 ... [ 80.843175] __fortify_panic+0x9/0xb [ 80.843186] vsc_tp_xfer.cold+0x67/0x67 [mei_vsc_hw] [ 80.843210] ? seqcount_lockdep_reader_access.constprop.0+0x82/0x90 [ 80.843229] ? lockdep_hardirqs_on+0x7c/0x110 [ 80.843250] mei_vsc_hw_start+0x98/0x120 [mei_vsc] [ 80.843270] mei_reset+0x11d/0x420 [mei] The easiest fix would be to just drop the counted-by but with the exception of the ack buffer in vsc_tp_xfer_helper() which only contains enough room for the packet-header, all other uses of vsc_tp_packet always use a buffer of VSC_TP_MAX_XFER_SIZE bytes for the packet. Instead of just dropping the counted-by, split the vsc_tp_packet struct definition into a header and a full-packet definition and use a fixed size buf[] in the packet definition, this way fortify-source buffer overrun checking still works when enabled. Fixes: 566f5ca97680 ("mei: Add transport driver for IVSC device") Cc: stable@kernel.org Signed-off-by: Hans de Goede <hdegoede@redhat.com> Reviewed-by: Alexander Usyskin <alexander.usyskin@intel.com> Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com> Link: https://lore.kernel.org/r/20250318141203.94342-2-hdegoede@redhat.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-03-18 15:12:02 +01:00
(len + sizeof(struct vsc_tp_packet_hdr) + VSC_TP_CRC_SIZE - offset + VSC_TP_PACKET_PADDING_SIZE)
mei: Add transport driver for IVSC device The Intel visual sensing controller (IVSC) device is designed to control the camera sharing between host IPU for media usage and IVSC for context sensing (face detection). IVSC is exposed to HOST as an SPI device and the message protocol over the SPI BUS for communicating with the IVSC device is implemented. This is the backend of mei framework for IVSC device, which usually handles the hardware data transfer. The mei_csi and mei_ace are the clients of IVSC mei framework. The firmware downloading for the IVSC device is implemented as well. Signed-off-by: Wentong Wu <wentong.wu@intel.com> Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com> Tested-by: Hao Yao <hao.yao@intel.com> Acked-by: Tomas Winkler <tomas.winkler@intel.com> Link: https://lore.kernel.org/r/1701651344-20723-2-git-send-email-wentong.wu@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-12-04 08:55:43 +08:00
mei: vsc: Fix fortify-panic caused by invalid counted_by() use gcc 15 honors the __counted_by(len) attribute on vsc_tp_packet.buf[] and the vsc-tp.c code is using this in a wrong way. len does not contain the available size in the buffer, it contains the actual packet length *without* the crc. So as soon as vsc_tp_xfer() tries to add the crc to buf[] the fortify-panic handler gets triggered: [ 80.842193] memcpy: detected buffer overflow: 4 byte write of buffer size 0 [ 80.842243] WARNING: CPU: 4 PID: 272 at lib/string_helpers.c:1032 __fortify_report+0x45/0x50 ... [ 80.843175] __fortify_panic+0x9/0xb [ 80.843186] vsc_tp_xfer.cold+0x67/0x67 [mei_vsc_hw] [ 80.843210] ? seqcount_lockdep_reader_access.constprop.0+0x82/0x90 [ 80.843229] ? lockdep_hardirqs_on+0x7c/0x110 [ 80.843250] mei_vsc_hw_start+0x98/0x120 [mei_vsc] [ 80.843270] mei_reset+0x11d/0x420 [mei] The easiest fix would be to just drop the counted-by but with the exception of the ack buffer in vsc_tp_xfer_helper() which only contains enough room for the packet-header, all other uses of vsc_tp_packet always use a buffer of VSC_TP_MAX_XFER_SIZE bytes for the packet. Instead of just dropping the counted-by, split the vsc_tp_packet struct definition into a header and a full-packet definition and use a fixed size buf[] in the packet definition, this way fortify-source buffer overrun checking still works when enabled. Fixes: 566f5ca97680 ("mei: Add transport driver for IVSC device") Cc: stable@kernel.org Signed-off-by: Hans de Goede <hdegoede@redhat.com> Reviewed-by: Alexander Usyskin <alexander.usyskin@intel.com> Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com> Link: https://lore.kernel.org/r/20250318141203.94342-2-hdegoede@redhat.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-03-18 15:12:02 +01:00
struct vsc_tp_packet_hdr {
mei: Add transport driver for IVSC device The Intel visual sensing controller (IVSC) device is designed to control the camera sharing between host IPU for media usage and IVSC for context sensing (face detection). IVSC is exposed to HOST as an SPI device and the message protocol over the SPI BUS for communicating with the IVSC device is implemented. This is the backend of mei framework for IVSC device, which usually handles the hardware data transfer. The mei_csi and mei_ace are the clients of IVSC mei framework. The firmware downloading for the IVSC device is implemented as well. Signed-off-by: Wentong Wu <wentong.wu@intel.com> Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com> Tested-by: Hao Yao <hao.yao@intel.com> Acked-by: Tomas Winkler <tomas.winkler@intel.com> Link: https://lore.kernel.org/r/1701651344-20723-2-git-send-email-wentong.wu@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-12-04 08:55:43 +08:00
__u8 sync;
__u8 cmd;
__le16 len;
__le32 seq;
mei: vsc: Fix fortify-panic caused by invalid counted_by() use gcc 15 honors the __counted_by(len) attribute on vsc_tp_packet.buf[] and the vsc-tp.c code is using this in a wrong way. len does not contain the available size in the buffer, it contains the actual packet length *without* the crc. So as soon as vsc_tp_xfer() tries to add the crc to buf[] the fortify-panic handler gets triggered: [ 80.842193] memcpy: detected buffer overflow: 4 byte write of buffer size 0 [ 80.842243] WARNING: CPU: 4 PID: 272 at lib/string_helpers.c:1032 __fortify_report+0x45/0x50 ... [ 80.843175] __fortify_panic+0x9/0xb [ 80.843186] vsc_tp_xfer.cold+0x67/0x67 [mei_vsc_hw] [ 80.843210] ? seqcount_lockdep_reader_access.constprop.0+0x82/0x90 [ 80.843229] ? lockdep_hardirqs_on+0x7c/0x110 [ 80.843250] mei_vsc_hw_start+0x98/0x120 [mei_vsc] [ 80.843270] mei_reset+0x11d/0x420 [mei] The easiest fix would be to just drop the counted-by but with the exception of the ack buffer in vsc_tp_xfer_helper() which only contains enough room for the packet-header, all other uses of vsc_tp_packet always use a buffer of VSC_TP_MAX_XFER_SIZE bytes for the packet. Instead of just dropping the counted-by, split the vsc_tp_packet struct definition into a header and a full-packet definition and use a fixed size buf[] in the packet definition, this way fortify-source buffer overrun checking still works when enabled. Fixes: 566f5ca97680 ("mei: Add transport driver for IVSC device") Cc: stable@kernel.org Signed-off-by: Hans de Goede <hdegoede@redhat.com> Reviewed-by: Alexander Usyskin <alexander.usyskin@intel.com> Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com> Link: https://lore.kernel.org/r/20250318141203.94342-2-hdegoede@redhat.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-03-18 15:12:02 +01:00
};
struct vsc_tp_packet {
struct vsc_tp_packet_hdr hdr;
__u8 buf[VSC_TP_MAX_XFER_SIZE - sizeof(struct vsc_tp_packet_hdr)];
mei: Add transport driver for IVSC device The Intel visual sensing controller (IVSC) device is designed to control the camera sharing between host IPU for media usage and IVSC for context sensing (face detection). IVSC is exposed to HOST as an SPI device and the message protocol over the SPI BUS for communicating with the IVSC device is implemented. This is the backend of mei framework for IVSC device, which usually handles the hardware data transfer. The mei_csi and mei_ace are the clients of IVSC mei framework. The firmware downloading for the IVSC device is implemented as well. Signed-off-by: Wentong Wu <wentong.wu@intel.com> Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com> Tested-by: Hao Yao <hao.yao@intel.com> Acked-by: Tomas Winkler <tomas.winkler@intel.com> Link: https://lore.kernel.org/r/1701651344-20723-2-git-send-email-wentong.wu@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-12-04 08:55:43 +08:00
};
struct vsc_tp {
/* do the actual data transfer */
struct spi_device *spi;
/* bind with mei framework */
struct platform_device *pdev;
struct gpio_desc *wakeuphost;
struct gpio_desc *resetfw;
struct gpio_desc *wakeupfw;
/* command sequence number */
u32 seq;
/* command buffer */
mei: vsc: Use struct vsc_tp_packet as vsc-tp tx_buf and rx_buf type vsc_tp.tx_buf and vsc_tp.rx_buf point to a struct vsc_tp_packet, use the correct type instead of "void *" and use sizeof(*ptr) when allocating memory for these buffers. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Reviewed-by: Alexander Usyskin <alexander.usyskin@intel.com> Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com> Link: https://lore.kernel.org/r/20250318141203.94342-3-hdegoede@redhat.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-03-18 15:12:03 +01:00
struct vsc_tp_packet *tx_buf;
struct vsc_tp_packet *rx_buf;
mei: Add transport driver for IVSC device The Intel visual sensing controller (IVSC) device is designed to control the camera sharing between host IPU for media usage and IVSC for context sensing (face detection). IVSC is exposed to HOST as an SPI device and the message protocol over the SPI BUS for communicating with the IVSC device is implemented. This is the backend of mei framework for IVSC device, which usually handles the hardware data transfer. The mei_csi and mei_ace are the clients of IVSC mei framework. The firmware downloading for the IVSC device is implemented as well. Signed-off-by: Wentong Wu <wentong.wu@intel.com> Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com> Tested-by: Hao Yao <hao.yao@intel.com> Acked-by: Tomas Winkler <tomas.winkler@intel.com> Link: https://lore.kernel.org/r/1701651344-20723-2-git-send-email-wentong.wu@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-12-04 08:55:43 +08:00
atomic_t assert_cnt;
wait_queue_head_t xfer_wait;
mei: vsc: Run event callback from a workqueue The event_notify callback in some cases calls vsc_tp_xfer(), which checks tp->assert_cnt and waits for it through the tp->xfer_wait wait-queue. And tp->assert_cnt is increased and the tp->xfer_wait queue is woken o from the interrupt handler. So the interrupt handler which is running the event callback is waiting for itself to signal that it can continue. This happens to work because the event callback runs from the threaded ISR handler and while that is running the hard ISR handler will still get called a second / third time for further interrupts and it is the hard ISR handler which does the atomic_inc() and wake_up() calls. But having the threaded ISR handler wait for its own interrupt to trigger again is not how a threaded ISR handler is supposed to be used. Move the running of the event callback from a threaded interrupt handler to a workqueue since a threaded ISR should not wait for events from its own interrupt. This is a preparation patch for moving the atomic_inc() and wake_up() calls to the threaded ISR handler, which is necessary to fix a locking issue. Fixes: 566f5ca97680 ("mei: Add transport driver for IVSC device") Signed-off-by: Hans de Goede <hansg@kernel.org> Link: https://lore.kernel.org/r/20250623085052.12347-9-hansg@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-06-23 10:50:50 +02:00
struct work_struct event_work;
mei: Add transport driver for IVSC device The Intel visual sensing controller (IVSC) device is designed to control the camera sharing between host IPU for media usage and IVSC for context sensing (face detection). IVSC is exposed to HOST as an SPI device and the message protocol over the SPI BUS for communicating with the IVSC device is implemented. This is the backend of mei framework for IVSC device, which usually handles the hardware data transfer. The mei_csi and mei_ace are the clients of IVSC mei framework. The firmware downloading for the IVSC device is implemented as well. Signed-off-by: Wentong Wu <wentong.wu@intel.com> Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com> Tested-by: Hao Yao <hao.yao@intel.com> Acked-by: Tomas Winkler <tomas.winkler@intel.com> Link: https://lore.kernel.org/r/1701651344-20723-2-git-send-email-wentong.wu@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-12-04 08:55:43 +08:00
vsc_tp_event_cb_t event_notify;
void *event_notify_context;
mei: vsc: Event notifier fixes vsc_tp_register_event_cb() can race with vsc_tp_thread_isr(), add a mutex to protect against this. Fixes: 566f5ca97680 ("mei: Add transport driver for IVSC device") Signed-off-by: Hans de Goede <hansg@kernel.org> Link: https://lore.kernel.org/r/20250623085052.12347-7-hansg@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-06-23 10:50:48 +02:00
struct mutex event_notify_mutex; /* protects event_notify + context */
struct mutex mutex; /* protects command download */
mei: Add transport driver for IVSC device The Intel visual sensing controller (IVSC) device is designed to control the camera sharing between host IPU for media usage and IVSC for context sensing (face detection). IVSC is exposed to HOST as an SPI device and the message protocol over the SPI BUS for communicating with the IVSC device is implemented. This is the backend of mei framework for IVSC device, which usually handles the hardware data transfer. The mei_csi and mei_ace are the clients of IVSC mei framework. The firmware downloading for the IVSC device is implemented as well. Signed-off-by: Wentong Wu <wentong.wu@intel.com> Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com> Tested-by: Hao Yao <hao.yao@intel.com> Acked-by: Tomas Winkler <tomas.winkler@intel.com> Link: https://lore.kernel.org/r/1701651344-20723-2-git-send-email-wentong.wu@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-12-04 08:55:43 +08:00
};
/* GPIO resources */
static const struct acpi_gpio_params wakeuphost_gpio = { 0, 0, false };
static const struct acpi_gpio_params wakeuphostint_gpio = { 1, 0, false };
static const struct acpi_gpio_params resetfw_gpio = { 2, 0, false };
static const struct acpi_gpio_params wakeupfw = { 3, 0, false };
static const struct acpi_gpio_mapping vsc_tp_acpi_gpios[] = {
{ "wakeuphost-gpios", &wakeuphost_gpio, 1 },
{ "wakeuphostint-gpios", &wakeuphostint_gpio, 1 },
{ "resetfw-gpios", &resetfw_gpio, 1 },
{ "wakeupfw-gpios", &wakeupfw, 1 },
{}
};
mei: vsc: Unregister interrupt handler for system suspend Unregister the MEI VSC interrupt handler before system suspend and re-register it at system resume time. This mirrors implementation of other MEI devices. This patch fixes the bug that causes continuous stream of MEI VSC errors after system resume. Fixes: 386a766c4169 ("mei: Add MEI hardware support for IVSC device") Cc: stable@vger.kernel.org # for 6.8 Reported-by: Dominik Brodowski <linux@dominikbrodowski.net> Signed-off-by: Wentong Wu <wentong.wu@intel.com> Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com> Acked-by: Tomas Winkler <tomas.winkler@intel.com> Link: https://lore.kernel.org/r/20240403051341.3534650-2-wentong.wu@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-04-03 13:13:41 +08:00
static irqreturn_t vsc_tp_isr(int irq, void *data)
{
struct vsc_tp *tp = data;
atomic_inc(&tp->assert_cnt);
wake_up(&tp->xfer_wait);
mei: vsc: Run event callback from a workqueue The event_notify callback in some cases calls vsc_tp_xfer(), which checks tp->assert_cnt and waits for it through the tp->xfer_wait wait-queue. And tp->assert_cnt is increased and the tp->xfer_wait queue is woken o from the interrupt handler. So the interrupt handler which is running the event callback is waiting for itself to signal that it can continue. This happens to work because the event callback runs from the threaded ISR handler and while that is running the hard ISR handler will still get called a second / third time for further interrupts and it is the hard ISR handler which does the atomic_inc() and wake_up() calls. But having the threaded ISR handler wait for its own interrupt to trigger again is not how a threaded ISR handler is supposed to be used. Move the running of the event callback from a threaded interrupt handler to a workqueue since a threaded ISR should not wait for events from its own interrupt. This is a preparation patch for moving the atomic_inc() and wake_up() calls to the threaded ISR handler, which is necessary to fix a locking issue. Fixes: 566f5ca97680 ("mei: Add transport driver for IVSC device") Signed-off-by: Hans de Goede <hansg@kernel.org> Link: https://lore.kernel.org/r/20250623085052.12347-9-hansg@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-06-23 10:50:50 +02:00
schedule_work(&tp->event_work);
return IRQ_HANDLED;
mei: vsc: Unregister interrupt handler for system suspend Unregister the MEI VSC interrupt handler before system suspend and re-register it at system resume time. This mirrors implementation of other MEI devices. This patch fixes the bug that causes continuous stream of MEI VSC errors after system resume. Fixes: 386a766c4169 ("mei: Add MEI hardware support for IVSC device") Cc: stable@vger.kernel.org # for 6.8 Reported-by: Dominik Brodowski <linux@dominikbrodowski.net> Signed-off-by: Wentong Wu <wentong.wu@intel.com> Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com> Acked-by: Tomas Winkler <tomas.winkler@intel.com> Link: https://lore.kernel.org/r/20240403051341.3534650-2-wentong.wu@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-04-03 13:13:41 +08:00
}
mei: vsc: Run event callback from a workqueue The event_notify callback in some cases calls vsc_tp_xfer(), which checks tp->assert_cnt and waits for it through the tp->xfer_wait wait-queue. And tp->assert_cnt is increased and the tp->xfer_wait queue is woken o from the interrupt handler. So the interrupt handler which is running the event callback is waiting for itself to signal that it can continue. This happens to work because the event callback runs from the threaded ISR handler and while that is running the hard ISR handler will still get called a second / third time for further interrupts and it is the hard ISR handler which does the atomic_inc() and wake_up() calls. But having the threaded ISR handler wait for its own interrupt to trigger again is not how a threaded ISR handler is supposed to be used. Move the running of the event callback from a threaded interrupt handler to a workqueue since a threaded ISR should not wait for events from its own interrupt. This is a preparation patch for moving the atomic_inc() and wake_up() calls to the threaded ISR handler, which is necessary to fix a locking issue. Fixes: 566f5ca97680 ("mei: Add transport driver for IVSC device") Signed-off-by: Hans de Goede <hansg@kernel.org> Link: https://lore.kernel.org/r/20250623085052.12347-9-hansg@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-06-23 10:50:50 +02:00
static void vsc_tp_event_work(struct work_struct *work)
mei: vsc: Unregister interrupt handler for system suspend Unregister the MEI VSC interrupt handler before system suspend and re-register it at system resume time. This mirrors implementation of other MEI devices. This patch fixes the bug that causes continuous stream of MEI VSC errors after system resume. Fixes: 386a766c4169 ("mei: Add MEI hardware support for IVSC device") Cc: stable@vger.kernel.org # for 6.8 Reported-by: Dominik Brodowski <linux@dominikbrodowski.net> Signed-off-by: Wentong Wu <wentong.wu@intel.com> Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com> Acked-by: Tomas Winkler <tomas.winkler@intel.com> Link: https://lore.kernel.org/r/20240403051341.3534650-2-wentong.wu@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-04-03 13:13:41 +08:00
{
mei: vsc: Run event callback from a workqueue The event_notify callback in some cases calls vsc_tp_xfer(), which checks tp->assert_cnt and waits for it through the tp->xfer_wait wait-queue. And tp->assert_cnt is increased and the tp->xfer_wait queue is woken o from the interrupt handler. So the interrupt handler which is running the event callback is waiting for itself to signal that it can continue. This happens to work because the event callback runs from the threaded ISR handler and while that is running the hard ISR handler will still get called a second / third time for further interrupts and it is the hard ISR handler which does the atomic_inc() and wake_up() calls. But having the threaded ISR handler wait for its own interrupt to trigger again is not how a threaded ISR handler is supposed to be used. Move the running of the event callback from a threaded interrupt handler to a workqueue since a threaded ISR should not wait for events from its own interrupt. This is a preparation patch for moving the atomic_inc() and wake_up() calls to the threaded ISR handler, which is necessary to fix a locking issue. Fixes: 566f5ca97680 ("mei: Add transport driver for IVSC device") Signed-off-by: Hans de Goede <hansg@kernel.org> Link: https://lore.kernel.org/r/20250623085052.12347-9-hansg@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-06-23 10:50:50 +02:00
struct vsc_tp *tp = container_of(work, struct vsc_tp, event_work);
mei: vsc: Unregister interrupt handler for system suspend Unregister the MEI VSC interrupt handler before system suspend and re-register it at system resume time. This mirrors implementation of other MEI devices. This patch fixes the bug that causes continuous stream of MEI VSC errors after system resume. Fixes: 386a766c4169 ("mei: Add MEI hardware support for IVSC device") Cc: stable@vger.kernel.org # for 6.8 Reported-by: Dominik Brodowski <linux@dominikbrodowski.net> Signed-off-by: Wentong Wu <wentong.wu@intel.com> Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com> Acked-by: Tomas Winkler <tomas.winkler@intel.com> Link: https://lore.kernel.org/r/20240403051341.3534650-2-wentong.wu@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-04-03 13:13:41 +08:00
mei: vsc: Event notifier fixes vsc_tp_register_event_cb() can race with vsc_tp_thread_isr(), add a mutex to protect against this. Fixes: 566f5ca97680 ("mei: Add transport driver for IVSC device") Signed-off-by: Hans de Goede <hansg@kernel.org> Link: https://lore.kernel.org/r/20250623085052.12347-7-hansg@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-06-23 10:50:48 +02:00
guard(mutex)(&tp->event_notify_mutex);
mei: vsc: Unregister interrupt handler for system suspend Unregister the MEI VSC interrupt handler before system suspend and re-register it at system resume time. This mirrors implementation of other MEI devices. This patch fixes the bug that causes continuous stream of MEI VSC errors after system resume. Fixes: 386a766c4169 ("mei: Add MEI hardware support for IVSC device") Cc: stable@vger.kernel.org # for 6.8 Reported-by: Dominik Brodowski <linux@dominikbrodowski.net> Signed-off-by: Wentong Wu <wentong.wu@intel.com> Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com> Acked-by: Tomas Winkler <tomas.winkler@intel.com> Link: https://lore.kernel.org/r/20240403051341.3534650-2-wentong.wu@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-04-03 13:13:41 +08:00
if (tp->event_notify)
tp->event_notify(tp->event_notify_context);
}
mei: Add transport driver for IVSC device The Intel visual sensing controller (IVSC) device is designed to control the camera sharing between host IPU for media usage and IVSC for context sensing (face detection). IVSC is exposed to HOST as an SPI device and the message protocol over the SPI BUS for communicating with the IVSC device is implemented. This is the backend of mei framework for IVSC device, which usually handles the hardware data transfer. The mei_csi and mei_ace are the clients of IVSC mei framework. The firmware downloading for the IVSC device is implemented as well. Signed-off-by: Wentong Wu <wentong.wu@intel.com> Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com> Tested-by: Hao Yao <hao.yao@intel.com> Acked-by: Tomas Winkler <tomas.winkler@intel.com> Link: https://lore.kernel.org/r/1701651344-20723-2-git-send-email-wentong.wu@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-12-04 08:55:43 +08:00
/* wakeup firmware and wait for response */
static int vsc_tp_wakeup_request(struct vsc_tp *tp)
{
int ret;
gpiod_set_value_cansleep(tp->wakeupfw, 0);
ret = wait_event_timeout(tp->xfer_wait,
mei: vsc: Don't use sleeping condition in wait_event_timeout() vsc_tp_wakeup_request() called wait_event_timeout() with gpiod_get_value_cansleep() which may sleep, and does so as the implementation is that of gpio-ljca. Move the GPIO state check outside the call. Fixes: 566f5ca97680 ("mei: Add transport driver for IVSC device") Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com> Tested-and-Reviewed-by: Wentong Wu <wentong.wu@intel.com> Link: https://lore.kernel.org/r/20240219195807.517742-3-sakari.ailus@linux.intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-02-19 21:58:06 +02:00
atomic_read(&tp->assert_cnt),
VSC_TP_WAIT_FW_POLL_TIMEOUT);
mei: Add transport driver for IVSC device The Intel visual sensing controller (IVSC) device is designed to control the camera sharing between host IPU for media usage and IVSC for context sensing (face detection). IVSC is exposed to HOST as an SPI device and the message protocol over the SPI BUS for communicating with the IVSC device is implemented. This is the backend of mei framework for IVSC device, which usually handles the hardware data transfer. The mei_csi and mei_ace are the clients of IVSC mei framework. The firmware downloading for the IVSC device is implemented as well. Signed-off-by: Wentong Wu <wentong.wu@intel.com> Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com> Tested-by: Hao Yao <hao.yao@intel.com> Acked-by: Tomas Winkler <tomas.winkler@intel.com> Link: https://lore.kernel.org/r/1701651344-20723-2-git-send-email-wentong.wu@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-12-04 08:55:43 +08:00
if (!ret)
return -ETIMEDOUT;
mei: vsc: Don't use sleeping condition in wait_event_timeout() vsc_tp_wakeup_request() called wait_event_timeout() with gpiod_get_value_cansleep() which may sleep, and does so as the implementation is that of gpio-ljca. Move the GPIO state check outside the call. Fixes: 566f5ca97680 ("mei: Add transport driver for IVSC device") Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com> Tested-and-Reviewed-by: Wentong Wu <wentong.wu@intel.com> Link: https://lore.kernel.org/r/20240219195807.517742-3-sakari.ailus@linux.intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-02-19 21:58:06 +02:00
return read_poll_timeout(gpiod_get_value_cansleep, ret, ret,
VSC_TP_WAIT_FW_POLL_DELAY_US,
VSC_TP_WAIT_FW_POLL_TIMEOUT, false,
tp->wakeuphost);
mei: Add transport driver for IVSC device The Intel visual sensing controller (IVSC) device is designed to control the camera sharing between host IPU for media usage and IVSC for context sensing (face detection). IVSC is exposed to HOST as an SPI device and the message protocol over the SPI BUS for communicating with the IVSC device is implemented. This is the backend of mei framework for IVSC device, which usually handles the hardware data transfer. The mei_csi and mei_ace are the clients of IVSC mei framework. The firmware downloading for the IVSC device is implemented as well. Signed-off-by: Wentong Wu <wentong.wu@intel.com> Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com> Tested-by: Hao Yao <hao.yao@intel.com> Acked-by: Tomas Winkler <tomas.winkler@intel.com> Link: https://lore.kernel.org/r/1701651344-20723-2-git-send-email-wentong.wu@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-12-04 08:55:43 +08:00
}
static void vsc_tp_wakeup_release(struct vsc_tp *tp)
{
atomic_dec_if_positive(&tp->assert_cnt);
gpiod_set_value_cansleep(tp->wakeupfw, 1);
}
static int vsc_tp_dev_xfer(struct vsc_tp *tp, void *obuf, void *ibuf, size_t len)
{
struct spi_message msg = { 0 };
struct spi_transfer xfer = {
.tx_buf = obuf,
.rx_buf = ibuf,
.len = len,
};
spi_message_init_with_transfers(&msg, &xfer, 1);
return spi_sync_locked(tp->spi, &msg);
}
static int vsc_tp_xfer_helper(struct vsc_tp *tp, struct vsc_tp_packet *pkt,
void *ibuf, u16 ilen)
{
mei: vsc: Fix fortify-panic caused by invalid counted_by() use gcc 15 honors the __counted_by(len) attribute on vsc_tp_packet.buf[] and the vsc-tp.c code is using this in a wrong way. len does not contain the available size in the buffer, it contains the actual packet length *without* the crc. So as soon as vsc_tp_xfer() tries to add the crc to buf[] the fortify-panic handler gets triggered: [ 80.842193] memcpy: detected buffer overflow: 4 byte write of buffer size 0 [ 80.842243] WARNING: CPU: 4 PID: 272 at lib/string_helpers.c:1032 __fortify_report+0x45/0x50 ... [ 80.843175] __fortify_panic+0x9/0xb [ 80.843186] vsc_tp_xfer.cold+0x67/0x67 [mei_vsc_hw] [ 80.843210] ? seqcount_lockdep_reader_access.constprop.0+0x82/0x90 [ 80.843229] ? lockdep_hardirqs_on+0x7c/0x110 [ 80.843250] mei_vsc_hw_start+0x98/0x120 [mei_vsc] [ 80.843270] mei_reset+0x11d/0x420 [mei] The easiest fix would be to just drop the counted-by but with the exception of the ack buffer in vsc_tp_xfer_helper() which only contains enough room for the packet-header, all other uses of vsc_tp_packet always use a buffer of VSC_TP_MAX_XFER_SIZE bytes for the packet. Instead of just dropping the counted-by, split the vsc_tp_packet struct definition into a header and a full-packet definition and use a fixed size buf[] in the packet definition, this way fortify-source buffer overrun checking still works when enabled. Fixes: 566f5ca97680 ("mei: Add transport driver for IVSC device") Cc: stable@kernel.org Signed-off-by: Hans de Goede <hdegoede@redhat.com> Reviewed-by: Alexander Usyskin <alexander.usyskin@intel.com> Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com> Link: https://lore.kernel.org/r/20250318141203.94342-2-hdegoede@redhat.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-03-18 15:12:02 +01:00
int ret, offset = 0, cpy_len, src_len, dst_len = sizeof(struct vsc_tp_packet_hdr);
mei: Add transport driver for IVSC device The Intel visual sensing controller (IVSC) device is designed to control the camera sharing between host IPU for media usage and IVSC for context sensing (face detection). IVSC is exposed to HOST as an SPI device and the message protocol over the SPI BUS for communicating with the IVSC device is implemented. This is the backend of mei framework for IVSC device, which usually handles the hardware data transfer. The mei_csi and mei_ace are the clients of IVSC mei framework. The firmware downloading for the IVSC device is implemented as well. Signed-off-by: Wentong Wu <wentong.wu@intel.com> Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com> Tested-by: Hao Yao <hao.yao@intel.com> Acked-by: Tomas Winkler <tomas.winkler@intel.com> Link: https://lore.kernel.org/r/1701651344-20723-2-git-send-email-wentong.wu@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-12-04 08:55:43 +08:00
int next_xfer_len = VSC_TP_PACKET_SIZE(pkt) + VSC_TP_XFER_TIMEOUT_BYTES;
mei: vsc: Use struct vsc_tp_packet as vsc-tp tx_buf and rx_buf type vsc_tp.tx_buf and vsc_tp.rx_buf point to a struct vsc_tp_packet, use the correct type instead of "void *" and use sizeof(*ptr) when allocating memory for these buffers. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Reviewed-by: Alexander Usyskin <alexander.usyskin@intel.com> Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com> Link: https://lore.kernel.org/r/20250318141203.94342-3-hdegoede@redhat.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-03-18 15:12:03 +01:00
u8 *src, *crc_src, *rx_buf = (u8 *)tp->rx_buf;
mei: Add transport driver for IVSC device The Intel visual sensing controller (IVSC) device is designed to control the camera sharing between host IPU for media usage and IVSC for context sensing (face detection). IVSC is exposed to HOST as an SPI device and the message protocol over the SPI BUS for communicating with the IVSC device is implemented. This is the backend of mei framework for IVSC device, which usually handles the hardware data transfer. The mei_csi and mei_ace are the clients of IVSC mei framework. The firmware downloading for the IVSC device is implemented as well. Signed-off-by: Wentong Wu <wentong.wu@intel.com> Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com> Tested-by: Hao Yao <hao.yao@intel.com> Acked-by: Tomas Winkler <tomas.winkler@intel.com> Link: https://lore.kernel.org/r/1701651344-20723-2-git-send-email-wentong.wu@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-12-04 08:55:43 +08:00
int count_down = VSC_TP_MAX_XFER_COUNT;
u32 recv_crc = 0, crc = ~0;
mei: vsc: Fix fortify-panic caused by invalid counted_by() use gcc 15 honors the __counted_by(len) attribute on vsc_tp_packet.buf[] and the vsc-tp.c code is using this in a wrong way. len does not contain the available size in the buffer, it contains the actual packet length *without* the crc. So as soon as vsc_tp_xfer() tries to add the crc to buf[] the fortify-panic handler gets triggered: [ 80.842193] memcpy: detected buffer overflow: 4 byte write of buffer size 0 [ 80.842243] WARNING: CPU: 4 PID: 272 at lib/string_helpers.c:1032 __fortify_report+0x45/0x50 ... [ 80.843175] __fortify_panic+0x9/0xb [ 80.843186] vsc_tp_xfer.cold+0x67/0x67 [mei_vsc_hw] [ 80.843210] ? seqcount_lockdep_reader_access.constprop.0+0x82/0x90 [ 80.843229] ? lockdep_hardirqs_on+0x7c/0x110 [ 80.843250] mei_vsc_hw_start+0x98/0x120 [mei_vsc] [ 80.843270] mei_reset+0x11d/0x420 [mei] The easiest fix would be to just drop the counted-by but with the exception of the ack buffer in vsc_tp_xfer_helper() which only contains enough room for the packet-header, all other uses of vsc_tp_packet always use a buffer of VSC_TP_MAX_XFER_SIZE bytes for the packet. Instead of just dropping the counted-by, split the vsc_tp_packet struct definition into a header and a full-packet definition and use a fixed size buf[] in the packet definition, this way fortify-source buffer overrun checking still works when enabled. Fixes: 566f5ca97680 ("mei: Add transport driver for IVSC device") Cc: stable@kernel.org Signed-off-by: Hans de Goede <hdegoede@redhat.com> Reviewed-by: Alexander Usyskin <alexander.usyskin@intel.com> Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com> Link: https://lore.kernel.org/r/20250318141203.94342-2-hdegoede@redhat.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-03-18 15:12:02 +01:00
struct vsc_tp_packet_hdr ack;
mei: Add transport driver for IVSC device The Intel visual sensing controller (IVSC) device is designed to control the camera sharing between host IPU for media usage and IVSC for context sensing (face detection). IVSC is exposed to HOST as an SPI device and the message protocol over the SPI BUS for communicating with the IVSC device is implemented. This is the backend of mei framework for IVSC device, which usually handles the hardware data transfer. The mei_csi and mei_ace are the clients of IVSC mei framework. The firmware downloading for the IVSC device is implemented as well. Signed-off-by: Wentong Wu <wentong.wu@intel.com> Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com> Tested-by: Hao Yao <hao.yao@intel.com> Acked-by: Tomas Winkler <tomas.winkler@intel.com> Link: https://lore.kernel.org/r/1701651344-20723-2-git-send-email-wentong.wu@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-12-04 08:55:43 +08:00
u8 *dst = (u8 *)&ack;
bool synced = false;
do {
ret = vsc_tp_dev_xfer(tp, pkt, rx_buf, next_xfer_len);
if (ret)
return ret;
memset(pkt, 0, VSC_TP_MAX_XFER_SIZE);
if (synced) {
src = rx_buf;
src_len = next_xfer_len;
} else {
src = memchr(rx_buf, VSC_TP_PACKET_SYNC, next_xfer_len);
if (!src)
continue;
synced = true;
src_len = next_xfer_len - (src - rx_buf);
}
/* traverse received data */
while (src_len > 0) {
cpy_len = min(src_len, dst_len);
memcpy(dst, src, cpy_len);
crc_src = src;
src += cpy_len;
src_len -= cpy_len;
dst += cpy_len;
dst_len -= cpy_len;
if (offset < sizeof(ack)) {
offset += cpy_len;
crc = crc32(crc, crc_src, cpy_len);
if (!src_len)
continue;
if (le16_to_cpu(ack.len)) {
dst = ibuf;
dst_len = min(ilen, le16_to_cpu(ack.len));
} else {
dst = (u8 *)&recv_crc;
dst_len = sizeof(recv_crc);
}
} else if (offset < sizeof(ack) + le16_to_cpu(ack.len)) {
offset += cpy_len;
crc = crc32(crc, crc_src, cpy_len);
if (src_len) {
int remain = sizeof(ack) + le16_to_cpu(ack.len) - offset;
cpy_len = min(src_len, remain);
offset += cpy_len;
crc = crc32(crc, src, cpy_len);
src += cpy_len;
src_len -= cpy_len;
if (src_len) {
dst = (u8 *)&recv_crc;
dst_len = sizeof(recv_crc);
continue;
}
}
next_xfer_len = VSC_TP_NEXT_XFER_LEN(le16_to_cpu(ack.len), offset);
} else if (offset < sizeof(ack) + le16_to_cpu(ack.len) + VSC_TP_CRC_SIZE) {
offset += cpy_len;
if (src_len) {
/* terminate the traverse */
next_xfer_len = 0;
break;
}
next_xfer_len = VSC_TP_NEXT_XFER_LEN(le16_to_cpu(ack.len), offset);
}
}
} while (next_xfer_len > 0 && --count_down);
if (next_xfer_len > 0)
return -EAGAIN;
if (~recv_crc != crc || le32_to_cpu(ack.seq) != tp->seq) {
dev_err(&tp->spi->dev, "recv crc or seq error\n");
return -EINVAL;
}
if (ack.cmd == VSC_TP_CMD_ACK || ack.cmd == VSC_TP_CMD_NACK ||
ack.cmd == VSC_TP_CMD_BUSY) {
dev_err(&tp->spi->dev, "recv cmd ack error\n");
return -EAGAIN;
}
return min(le16_to_cpu(ack.len), ilen);
}
/**
* vsc_tp_xfer - transfer data to firmware
* @tp: vsc_tp device handle
* @cmd: the command to be sent to the device
* @obuf: the tx buffer to be sent to the device
* @olen: the length of tx buffer
* @ibuf: the rx buffer to receive from the device
* @ilen: the length of rx buffer
* Return: the length of received data in case of success,
* otherwise negative value
*/
int vsc_tp_xfer(struct vsc_tp *tp, u8 cmd, const void *obuf, size_t olen,
void *ibuf, size_t ilen)
{
struct vsc_tp_packet *pkt = tp->tx_buf;
u32 crc;
int ret;
if (!obuf || !ibuf || olen > VSC_TP_MAX_MSG_SIZE)
return -EINVAL;
guard(mutex)(&tp->mutex);
mei: vsc: Fix fortify-panic caused by invalid counted_by() use gcc 15 honors the __counted_by(len) attribute on vsc_tp_packet.buf[] and the vsc-tp.c code is using this in a wrong way. len does not contain the available size in the buffer, it contains the actual packet length *without* the crc. So as soon as vsc_tp_xfer() tries to add the crc to buf[] the fortify-panic handler gets triggered: [ 80.842193] memcpy: detected buffer overflow: 4 byte write of buffer size 0 [ 80.842243] WARNING: CPU: 4 PID: 272 at lib/string_helpers.c:1032 __fortify_report+0x45/0x50 ... [ 80.843175] __fortify_panic+0x9/0xb [ 80.843186] vsc_tp_xfer.cold+0x67/0x67 [mei_vsc_hw] [ 80.843210] ? seqcount_lockdep_reader_access.constprop.0+0x82/0x90 [ 80.843229] ? lockdep_hardirqs_on+0x7c/0x110 [ 80.843250] mei_vsc_hw_start+0x98/0x120 [mei_vsc] [ 80.843270] mei_reset+0x11d/0x420 [mei] The easiest fix would be to just drop the counted-by but with the exception of the ack buffer in vsc_tp_xfer_helper() which only contains enough room for the packet-header, all other uses of vsc_tp_packet always use a buffer of VSC_TP_MAX_XFER_SIZE bytes for the packet. Instead of just dropping the counted-by, split the vsc_tp_packet struct definition into a header and a full-packet definition and use a fixed size buf[] in the packet definition, this way fortify-source buffer overrun checking still works when enabled. Fixes: 566f5ca97680 ("mei: Add transport driver for IVSC device") Cc: stable@kernel.org Signed-off-by: Hans de Goede <hdegoede@redhat.com> Reviewed-by: Alexander Usyskin <alexander.usyskin@intel.com> Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com> Link: https://lore.kernel.org/r/20250318141203.94342-2-hdegoede@redhat.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-03-18 15:12:02 +01:00
pkt->hdr.sync = VSC_TP_PACKET_SYNC;
pkt->hdr.cmd = cmd;
pkt->hdr.len = cpu_to_le16(olen);
pkt->hdr.seq = cpu_to_le32(++tp->seq);
mei: Add transport driver for IVSC device The Intel visual sensing controller (IVSC) device is designed to control the camera sharing between host IPU for media usage and IVSC for context sensing (face detection). IVSC is exposed to HOST as an SPI device and the message protocol over the SPI BUS for communicating with the IVSC device is implemented. This is the backend of mei framework for IVSC device, which usually handles the hardware data transfer. The mei_csi and mei_ace are the clients of IVSC mei framework. The firmware downloading for the IVSC device is implemented as well. Signed-off-by: Wentong Wu <wentong.wu@intel.com> Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com> Tested-by: Hao Yao <hao.yao@intel.com> Acked-by: Tomas Winkler <tomas.winkler@intel.com> Link: https://lore.kernel.org/r/1701651344-20723-2-git-send-email-wentong.wu@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-12-04 08:55:43 +08:00
memcpy(pkt->buf, obuf, olen);
crc = ~crc32(~0, (u8 *)pkt, sizeof(pkt) + olen);
memcpy(pkt->buf + olen, &crc, sizeof(crc));
ret = vsc_tp_wakeup_request(tp);
if (unlikely(ret))
dev_err(&tp->spi->dev, "wakeup firmware failed ret: %d\n", ret);
else
ret = vsc_tp_xfer_helper(tp, pkt, ibuf, ilen);
vsc_tp_wakeup_release(tp);
return ret;
}
module: Convert symbol namespace to string literal Clean up the existing export namespace code along the same lines of commit 33def8498fdd ("treewide: Convert macro and uses of __section(foo) to __section("foo")") and for the same reason, it is not desired for the namespace argument to be a macro expansion itself. Scripted using git grep -l -e MODULE_IMPORT_NS -e EXPORT_SYMBOL_NS | while read file; do awk -i inplace ' /^#define EXPORT_SYMBOL_NS/ { gsub(/__stringify\(ns\)/, "ns"); print; next; } /^#define MODULE_IMPORT_NS/ { gsub(/__stringify\(ns\)/, "ns"); print; next; } /MODULE_IMPORT_NS/ { $0 = gensub(/MODULE_IMPORT_NS\(([^)]*)\)/, "MODULE_IMPORT_NS(\"\\1\")", "g"); } /EXPORT_SYMBOL_NS/ { if ($0 ~ /(EXPORT_SYMBOL_NS[^(]*)\(([^,]+),/) { if ($0 !~ /(EXPORT_SYMBOL_NS[^(]*)\(([^,]+), ([^)]+)\)/ && $0 !~ /(EXPORT_SYMBOL_NS[^(]*)\(\)/ && $0 !~ /^my/) { getline line; gsub(/[[:space:]]*\\$/, ""); gsub(/[[:space:]]/, "", line); $0 = $0 " " line; } $0 = gensub(/(EXPORT_SYMBOL_NS[^(]*)\(([^,]+), ([^)]+)\)/, "\\1(\\2, \"\\3\")", "g"); } } { print }' $file; done Requested-by: Masahiro Yamada <masahiroy@kernel.org> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Link: https://mail.google.com/mail/u/2/#inbox/FMfcgzQXKWgMmjdFwwdsfgxzKpVHWPlc Acked-by: Greg KH <gregkh@linuxfoundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2024-12-02 15:59:47 +01:00
EXPORT_SYMBOL_NS_GPL(vsc_tp_xfer, "VSC_TP");
mei: Add transport driver for IVSC device The Intel visual sensing controller (IVSC) device is designed to control the camera sharing between host IPU for media usage and IVSC for context sensing (face detection). IVSC is exposed to HOST as an SPI device and the message protocol over the SPI BUS for communicating with the IVSC device is implemented. This is the backend of mei framework for IVSC device, which usually handles the hardware data transfer. The mei_csi and mei_ace are the clients of IVSC mei framework. The firmware downloading for the IVSC device is implemented as well. Signed-off-by: Wentong Wu <wentong.wu@intel.com> Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com> Tested-by: Hao Yao <hao.yao@intel.com> Acked-by: Tomas Winkler <tomas.winkler@intel.com> Link: https://lore.kernel.org/r/1701651344-20723-2-git-send-email-wentong.wu@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-12-04 08:55:43 +08:00
/**
* vsc_tp_rom_xfer - transfer data to rom code
* @tp: vsc_tp device handle
* @obuf: the data buffer to be sent to the device
* @ibuf: the buffer to receive data from the device
* @len: the length of tx buffer and rx buffer
* Return: 0 in case of success, negative value in case of error
*/
int vsc_tp_rom_xfer(struct vsc_tp *tp, const void *obuf, void *ibuf, size_t len)
{
size_t words = len / sizeof(__be32);
int ret;
if (len % sizeof(__be32) || len > VSC_TP_MAX_MSG_SIZE)
return -EINVAL;
guard(mutex)(&tp->mutex);
/* rom xfer is big endian */
mei: vsc: Cast tx_buf to (__be32 *) when passed to cpu_to_be32_array() Commit f88c0c72ffb0 ("mei: vsc: Use struct vsc_tp_packet as vsc-tp tx_buf and rx_buf type") changed the type of tx_buf from "void *" to "struct vsc_tp_packet *" and added a cast to (u32 *) when passing it to cpu_to_be32_array() and the same change was made for rx_buf. This triggers the type-check warning in sparse: vsc-tp.c:327:28: sparse: expected restricted __be32 [usertype] *dst vsc-tp.c:327:28: sparse: got unsigned int [usertype] * vsc-tp.c:343:42: sparse: expected restricted __be32 const [usertype] *src vsc-tp.c:343:42: sparse: got unsigned int [usertype] * Fix this by casting to (__be32 *) instead. Note actually changing the type of the buffers to "be32 *" is not an option this buffer does actually contain a "struct vsc_tp_packet" and is used as such most of the time. vsc_tp_rom_xfer() re-uses the buffers as just dumb arrays of 32 bit words to talk to the device before the firmware has booted, to avoid needing to allocate a separate buffer. Fixes: f88c0c72ffb0 ("mei: vsc: Use struct vsc_tp_packet as vsc-tp tx_buf and rx_buf type") Reported-by: kernel test robot <lkp@intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202505071634.kZ0I7Va6-lkp@intel.com/ Signed-off-by: Hans de Goede <hdegoede@redhat.com> Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com> Link: https://lore.kernel.org/r/20250507090728.115910-1-hdegoede@redhat.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-05-07 11:07:28 +02:00
cpu_to_be32_array((__be32 *)tp->tx_buf, obuf, words);
mei: Add transport driver for IVSC device The Intel visual sensing controller (IVSC) device is designed to control the camera sharing between host IPU for media usage and IVSC for context sensing (face detection). IVSC is exposed to HOST as an SPI device and the message protocol over the SPI BUS for communicating with the IVSC device is implemented. This is the backend of mei framework for IVSC device, which usually handles the hardware data transfer. The mei_csi and mei_ace are the clients of IVSC mei framework. The firmware downloading for the IVSC device is implemented as well. Signed-off-by: Wentong Wu <wentong.wu@intel.com> Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com> Tested-by: Hao Yao <hao.yao@intel.com> Acked-by: Tomas Winkler <tomas.winkler@intel.com> Link: https://lore.kernel.org/r/1701651344-20723-2-git-send-email-wentong.wu@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-12-04 08:55:43 +08:00
ret = read_poll_timeout(gpiod_get_value_cansleep, ret,
!ret, VSC_TP_ROM_XFER_POLL_DELAY_US,
VSC_TP_ROM_XFER_POLL_TIMEOUT_US, false,
tp->wakeuphost);
if (ret) {
dev_err(&tp->spi->dev, "wait rom failed ret: %d\n", ret);
return ret;
}
mei: vsc: Enhance SPI transfer of IVSC ROM Before downloading firmware, a command response is required to identify the silicon. However, when downloading IVSC firmware, reading data from the SPI transfers with the IVSC ROM is not necessary. Therefore, the rx buffer of SPI transfer command is determined based on the specific request of the caller. Fixes: 566f5ca97680 ("mei: Add transport driver for IVSC device") Signed-off-by: Wentong Wu <wentong.wu@intel.com> Tested-by: Jason Chen <jason.z.chen@intel.com> Acked-by: Tomas Winker <tomas.winker@intel.com> Acked-by: Sakari Ailus <sakari.ailus@linux.intel.com> Link: https://lore.kernel.org/r/20240625081047.4178494-5-wentong.wu@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-06-25 16:10:46 +08:00
ret = vsc_tp_dev_xfer(tp, tp->tx_buf, ibuf ? tp->rx_buf : NULL, len);
mei: Add transport driver for IVSC device The Intel visual sensing controller (IVSC) device is designed to control the camera sharing between host IPU for media usage and IVSC for context sensing (face detection). IVSC is exposed to HOST as an SPI device and the message protocol over the SPI BUS for communicating with the IVSC device is implemented. This is the backend of mei framework for IVSC device, which usually handles the hardware data transfer. The mei_csi and mei_ace are the clients of IVSC mei framework. The firmware downloading for the IVSC device is implemented as well. Signed-off-by: Wentong Wu <wentong.wu@intel.com> Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com> Tested-by: Hao Yao <hao.yao@intel.com> Acked-by: Tomas Winkler <tomas.winkler@intel.com> Link: https://lore.kernel.org/r/1701651344-20723-2-git-send-email-wentong.wu@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-12-04 08:55:43 +08:00
if (ret)
return ret;
if (ibuf)
mei: vsc: Cast tx_buf to (__be32 *) when passed to cpu_to_be32_array() Commit f88c0c72ffb0 ("mei: vsc: Use struct vsc_tp_packet as vsc-tp tx_buf and rx_buf type") changed the type of tx_buf from "void *" to "struct vsc_tp_packet *" and added a cast to (u32 *) when passing it to cpu_to_be32_array() and the same change was made for rx_buf. This triggers the type-check warning in sparse: vsc-tp.c:327:28: sparse: expected restricted __be32 [usertype] *dst vsc-tp.c:327:28: sparse: got unsigned int [usertype] * vsc-tp.c:343:42: sparse: expected restricted __be32 const [usertype] *src vsc-tp.c:343:42: sparse: got unsigned int [usertype] * Fix this by casting to (__be32 *) instead. Note actually changing the type of the buffers to "be32 *" is not an option this buffer does actually contain a "struct vsc_tp_packet" and is used as such most of the time. vsc_tp_rom_xfer() re-uses the buffers as just dumb arrays of 32 bit words to talk to the device before the firmware has booted, to avoid needing to allocate a separate buffer. Fixes: f88c0c72ffb0 ("mei: vsc: Use struct vsc_tp_packet as vsc-tp tx_buf and rx_buf type") Reported-by: kernel test robot <lkp@intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202505071634.kZ0I7Va6-lkp@intel.com/ Signed-off-by: Hans de Goede <hdegoede@redhat.com> Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com> Link: https://lore.kernel.org/r/20250507090728.115910-1-hdegoede@redhat.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-05-07 11:07:28 +02:00
be32_to_cpu_array(ibuf, (__be32 *)tp->rx_buf, words);
mei: Add transport driver for IVSC device The Intel visual sensing controller (IVSC) device is designed to control the camera sharing between host IPU for media usage and IVSC for context sensing (face detection). IVSC is exposed to HOST as an SPI device and the message protocol over the SPI BUS for communicating with the IVSC device is implemented. This is the backend of mei framework for IVSC device, which usually handles the hardware data transfer. The mei_csi and mei_ace are the clients of IVSC mei framework. The firmware downloading for the IVSC device is implemented as well. Signed-off-by: Wentong Wu <wentong.wu@intel.com> Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com> Tested-by: Hao Yao <hao.yao@intel.com> Acked-by: Tomas Winkler <tomas.winkler@intel.com> Link: https://lore.kernel.org/r/1701651344-20723-2-git-send-email-wentong.wu@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-12-04 08:55:43 +08:00
return ret;
}
/**
* vsc_tp_reset - reset vsc transport layer
* @tp: vsc_tp device handle
*/
void vsc_tp_reset(struct vsc_tp *tp)
{
disable_irq(tp->spi->irq);
/* toggle reset pin */
gpiod_set_value_cansleep(tp->resetfw, 0);
msleep(VSC_TP_RESET_PIN_TOGGLE_INTERVAL_MS);
gpiod_set_value_cansleep(tp->resetfw, 1);
/* wait for ROM */
msleep(VSC_TP_ROM_BOOTUP_DELAY_MS);
/*
* Set default host wakeup pin to non-active
* to avoid unexpected host irq interrupt.
*/
gpiod_set_value_cansleep(tp->wakeupfw, 1);
atomic_set(&tp->assert_cnt, 0);
}
module: Convert symbol namespace to string literal Clean up the existing export namespace code along the same lines of commit 33def8498fdd ("treewide: Convert macro and uses of __section(foo) to __section("foo")") and for the same reason, it is not desired for the namespace argument to be a macro expansion itself. Scripted using git grep -l -e MODULE_IMPORT_NS -e EXPORT_SYMBOL_NS | while read file; do awk -i inplace ' /^#define EXPORT_SYMBOL_NS/ { gsub(/__stringify\(ns\)/, "ns"); print; next; } /^#define MODULE_IMPORT_NS/ { gsub(/__stringify\(ns\)/, "ns"); print; next; } /MODULE_IMPORT_NS/ { $0 = gensub(/MODULE_IMPORT_NS\(([^)]*)\)/, "MODULE_IMPORT_NS(\"\\1\")", "g"); } /EXPORT_SYMBOL_NS/ { if ($0 ~ /(EXPORT_SYMBOL_NS[^(]*)\(([^,]+),/) { if ($0 !~ /(EXPORT_SYMBOL_NS[^(]*)\(([^,]+), ([^)]+)\)/ && $0 !~ /(EXPORT_SYMBOL_NS[^(]*)\(\)/ && $0 !~ /^my/) { getline line; gsub(/[[:space:]]*\\$/, ""); gsub(/[[:space:]]/, "", line); $0 = $0 " " line; } $0 = gensub(/(EXPORT_SYMBOL_NS[^(]*)\(([^,]+), ([^)]+)\)/, "\\1(\\2, \"\\3\")", "g"); } } { print }' $file; done Requested-by: Masahiro Yamada <masahiroy@kernel.org> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Link: https://mail.google.com/mail/u/2/#inbox/FMfcgzQXKWgMmjdFwwdsfgxzKpVHWPlc Acked-by: Greg KH <gregkh@linuxfoundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2024-12-02 15:59:47 +01:00
EXPORT_SYMBOL_NS_GPL(vsc_tp_reset, "VSC_TP");
mei: Add transport driver for IVSC device The Intel visual sensing controller (IVSC) device is designed to control the camera sharing between host IPU for media usage and IVSC for context sensing (face detection). IVSC is exposed to HOST as an SPI device and the message protocol over the SPI BUS for communicating with the IVSC device is implemented. This is the backend of mei framework for IVSC device, which usually handles the hardware data transfer. The mei_csi and mei_ace are the clients of IVSC mei framework. The firmware downloading for the IVSC device is implemented as well. Signed-off-by: Wentong Wu <wentong.wu@intel.com> Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com> Tested-by: Hao Yao <hao.yao@intel.com> Acked-by: Tomas Winkler <tomas.winkler@intel.com> Link: https://lore.kernel.org/r/1701651344-20723-2-git-send-email-wentong.wu@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-12-04 08:55:43 +08:00
/**
* vsc_tp_need_read - check if device has data to sent
* @tp: vsc_tp device handle
* Return: true if device has data to sent, otherwise false
*/
bool vsc_tp_need_read(struct vsc_tp *tp)
{
if (!atomic_read(&tp->assert_cnt))
return false;
if (!gpiod_get_value_cansleep(tp->wakeuphost))
return false;
if (!gpiod_get_value_cansleep(tp->wakeupfw))
return false;
return true;
}
module: Convert symbol namespace to string literal Clean up the existing export namespace code along the same lines of commit 33def8498fdd ("treewide: Convert macro and uses of __section(foo) to __section("foo")") and for the same reason, it is not desired for the namespace argument to be a macro expansion itself. Scripted using git grep -l -e MODULE_IMPORT_NS -e EXPORT_SYMBOL_NS | while read file; do awk -i inplace ' /^#define EXPORT_SYMBOL_NS/ { gsub(/__stringify\(ns\)/, "ns"); print; next; } /^#define MODULE_IMPORT_NS/ { gsub(/__stringify\(ns\)/, "ns"); print; next; } /MODULE_IMPORT_NS/ { $0 = gensub(/MODULE_IMPORT_NS\(([^)]*)\)/, "MODULE_IMPORT_NS(\"\\1\")", "g"); } /EXPORT_SYMBOL_NS/ { if ($0 ~ /(EXPORT_SYMBOL_NS[^(]*)\(([^,]+),/) { if ($0 !~ /(EXPORT_SYMBOL_NS[^(]*)\(([^,]+), ([^)]+)\)/ && $0 !~ /(EXPORT_SYMBOL_NS[^(]*)\(\)/ && $0 !~ /^my/) { getline line; gsub(/[[:space:]]*\\$/, ""); gsub(/[[:space:]]/, "", line); $0 = $0 " " line; } $0 = gensub(/(EXPORT_SYMBOL_NS[^(]*)\(([^,]+), ([^)]+)\)/, "\\1(\\2, \"\\3\")", "g"); } } { print }' $file; done Requested-by: Masahiro Yamada <masahiroy@kernel.org> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Link: https://mail.google.com/mail/u/2/#inbox/FMfcgzQXKWgMmjdFwwdsfgxzKpVHWPlc Acked-by: Greg KH <gregkh@linuxfoundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2024-12-02 15:59:47 +01:00
EXPORT_SYMBOL_NS_GPL(vsc_tp_need_read, "VSC_TP");
mei: Add transport driver for IVSC device The Intel visual sensing controller (IVSC) device is designed to control the camera sharing between host IPU for media usage and IVSC for context sensing (face detection). IVSC is exposed to HOST as an SPI device and the message protocol over the SPI BUS for communicating with the IVSC device is implemented. This is the backend of mei framework for IVSC device, which usually handles the hardware data transfer. The mei_csi and mei_ace are the clients of IVSC mei framework. The firmware downloading for the IVSC device is implemented as well. Signed-off-by: Wentong Wu <wentong.wu@intel.com> Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com> Tested-by: Hao Yao <hao.yao@intel.com> Acked-by: Tomas Winkler <tomas.winkler@intel.com> Link: https://lore.kernel.org/r/1701651344-20723-2-git-send-email-wentong.wu@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-12-04 08:55:43 +08:00
/**
* vsc_tp_register_event_cb - register a callback function to receive event
* @tp: vsc_tp device handle
* @event_cb: callback function
* @context: execution context of event callback
* Return: 0 in case of success, negative value in case of error
*/
int vsc_tp_register_event_cb(struct vsc_tp *tp, vsc_tp_event_cb_t event_cb,
void *context)
{
mei: vsc: Event notifier fixes vsc_tp_register_event_cb() can race with vsc_tp_thread_isr(), add a mutex to protect against this. Fixes: 566f5ca97680 ("mei: Add transport driver for IVSC device") Signed-off-by: Hans de Goede <hansg@kernel.org> Link: https://lore.kernel.org/r/20250623085052.12347-7-hansg@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-06-23 10:50:48 +02:00
guard(mutex)(&tp->event_notify_mutex);
mei: Add transport driver for IVSC device The Intel visual sensing controller (IVSC) device is designed to control the camera sharing between host IPU for media usage and IVSC for context sensing (face detection). IVSC is exposed to HOST as an SPI device and the message protocol over the SPI BUS for communicating with the IVSC device is implemented. This is the backend of mei framework for IVSC device, which usually handles the hardware data transfer. The mei_csi and mei_ace are the clients of IVSC mei framework. The firmware downloading for the IVSC device is implemented as well. Signed-off-by: Wentong Wu <wentong.wu@intel.com> Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com> Tested-by: Hao Yao <hao.yao@intel.com> Acked-by: Tomas Winkler <tomas.winkler@intel.com> Link: https://lore.kernel.org/r/1701651344-20723-2-git-send-email-wentong.wu@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-12-04 08:55:43 +08:00
tp->event_notify = event_cb;
tp->event_notify_context = context;
return 0;
}
module: Convert symbol namespace to string literal Clean up the existing export namespace code along the same lines of commit 33def8498fdd ("treewide: Convert macro and uses of __section(foo) to __section("foo")") and for the same reason, it is not desired for the namespace argument to be a macro expansion itself. Scripted using git grep -l -e MODULE_IMPORT_NS -e EXPORT_SYMBOL_NS | while read file; do awk -i inplace ' /^#define EXPORT_SYMBOL_NS/ { gsub(/__stringify\(ns\)/, "ns"); print; next; } /^#define MODULE_IMPORT_NS/ { gsub(/__stringify\(ns\)/, "ns"); print; next; } /MODULE_IMPORT_NS/ { $0 = gensub(/MODULE_IMPORT_NS\(([^)]*)\)/, "MODULE_IMPORT_NS(\"\\1\")", "g"); } /EXPORT_SYMBOL_NS/ { if ($0 ~ /(EXPORT_SYMBOL_NS[^(]*)\(([^,]+),/) { if ($0 !~ /(EXPORT_SYMBOL_NS[^(]*)\(([^,]+), ([^)]+)\)/ && $0 !~ /(EXPORT_SYMBOL_NS[^(]*)\(\)/ && $0 !~ /^my/) { getline line; gsub(/[[:space:]]*\\$/, ""); gsub(/[[:space:]]/, "", line); $0 = $0 " " line; } $0 = gensub(/(EXPORT_SYMBOL_NS[^(]*)\(([^,]+), ([^)]+)\)/, "\\1(\\2, \"\\3\")", "g"); } } { print }' $file; done Requested-by: Masahiro Yamada <masahiroy@kernel.org> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Link: https://mail.google.com/mail/u/2/#inbox/FMfcgzQXKWgMmjdFwwdsfgxzKpVHWPlc Acked-by: Greg KH <gregkh@linuxfoundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2024-12-02 15:59:47 +01:00
EXPORT_SYMBOL_NS_GPL(vsc_tp_register_event_cb, "VSC_TP");
mei: Add transport driver for IVSC device The Intel visual sensing controller (IVSC) device is designed to control the camera sharing between host IPU for media usage and IVSC for context sensing (face detection). IVSC is exposed to HOST as an SPI device and the message protocol over the SPI BUS for communicating with the IVSC device is implemented. This is the backend of mei framework for IVSC device, which usually handles the hardware data transfer. The mei_csi and mei_ace are the clients of IVSC mei framework. The firmware downloading for the IVSC device is implemented as well. Signed-off-by: Wentong Wu <wentong.wu@intel.com> Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com> Tested-by: Hao Yao <hao.yao@intel.com> Acked-by: Tomas Winkler <tomas.winkler@intel.com> Link: https://lore.kernel.org/r/1701651344-20723-2-git-send-email-wentong.wu@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-12-04 08:55:43 +08:00
/**
* vsc_tp_intr_synchronize - synchronize vsc_tp interrupt
* @tp: vsc_tp device handle
*/
void vsc_tp_intr_synchronize(struct vsc_tp *tp)
{
synchronize_irq(tp->spi->irq);
}
module: Convert symbol namespace to string literal Clean up the existing export namespace code along the same lines of commit 33def8498fdd ("treewide: Convert macro and uses of __section(foo) to __section("foo")") and for the same reason, it is not desired for the namespace argument to be a macro expansion itself. Scripted using git grep -l -e MODULE_IMPORT_NS -e EXPORT_SYMBOL_NS | while read file; do awk -i inplace ' /^#define EXPORT_SYMBOL_NS/ { gsub(/__stringify\(ns\)/, "ns"); print; next; } /^#define MODULE_IMPORT_NS/ { gsub(/__stringify\(ns\)/, "ns"); print; next; } /MODULE_IMPORT_NS/ { $0 = gensub(/MODULE_IMPORT_NS\(([^)]*)\)/, "MODULE_IMPORT_NS(\"\\1\")", "g"); } /EXPORT_SYMBOL_NS/ { if ($0 ~ /(EXPORT_SYMBOL_NS[^(]*)\(([^,]+),/) { if ($0 !~ /(EXPORT_SYMBOL_NS[^(]*)\(([^,]+), ([^)]+)\)/ && $0 !~ /(EXPORT_SYMBOL_NS[^(]*)\(\)/ && $0 !~ /^my/) { getline line; gsub(/[[:space:]]*\\$/, ""); gsub(/[[:space:]]/, "", line); $0 = $0 " " line; } $0 = gensub(/(EXPORT_SYMBOL_NS[^(]*)\(([^,]+), ([^)]+)\)/, "\\1(\\2, \"\\3\")", "g"); } } { print }' $file; done Requested-by: Masahiro Yamada <masahiroy@kernel.org> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Link: https://mail.google.com/mail/u/2/#inbox/FMfcgzQXKWgMmjdFwwdsfgxzKpVHWPlc Acked-by: Greg KH <gregkh@linuxfoundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2024-12-02 15:59:47 +01:00
EXPORT_SYMBOL_NS_GPL(vsc_tp_intr_synchronize, "VSC_TP");
mei: Add transport driver for IVSC device The Intel visual sensing controller (IVSC) device is designed to control the camera sharing between host IPU for media usage and IVSC for context sensing (face detection). IVSC is exposed to HOST as an SPI device and the message protocol over the SPI BUS for communicating with the IVSC device is implemented. This is the backend of mei framework for IVSC device, which usually handles the hardware data transfer. The mei_csi and mei_ace are the clients of IVSC mei framework. The firmware downloading for the IVSC device is implemented as well. Signed-off-by: Wentong Wu <wentong.wu@intel.com> Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com> Tested-by: Hao Yao <hao.yao@intel.com> Acked-by: Tomas Winkler <tomas.winkler@intel.com> Link: https://lore.kernel.org/r/1701651344-20723-2-git-send-email-wentong.wu@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-12-04 08:55:43 +08:00
/**
* vsc_tp_intr_enable - enable vsc_tp interrupt
* @tp: vsc_tp device handle
*/
void vsc_tp_intr_enable(struct vsc_tp *tp)
{
enable_irq(tp->spi->irq);
}
module: Convert symbol namespace to string literal Clean up the existing export namespace code along the same lines of commit 33def8498fdd ("treewide: Convert macro and uses of __section(foo) to __section("foo")") and for the same reason, it is not desired for the namespace argument to be a macro expansion itself. Scripted using git grep -l -e MODULE_IMPORT_NS -e EXPORT_SYMBOL_NS | while read file; do awk -i inplace ' /^#define EXPORT_SYMBOL_NS/ { gsub(/__stringify\(ns\)/, "ns"); print; next; } /^#define MODULE_IMPORT_NS/ { gsub(/__stringify\(ns\)/, "ns"); print; next; } /MODULE_IMPORT_NS/ { $0 = gensub(/MODULE_IMPORT_NS\(([^)]*)\)/, "MODULE_IMPORT_NS(\"\\1\")", "g"); } /EXPORT_SYMBOL_NS/ { if ($0 ~ /(EXPORT_SYMBOL_NS[^(]*)\(([^,]+),/) { if ($0 !~ /(EXPORT_SYMBOL_NS[^(]*)\(([^,]+), ([^)]+)\)/ && $0 !~ /(EXPORT_SYMBOL_NS[^(]*)\(\)/ && $0 !~ /^my/) { getline line; gsub(/[[:space:]]*\\$/, ""); gsub(/[[:space:]]/, "", line); $0 = $0 " " line; } $0 = gensub(/(EXPORT_SYMBOL_NS[^(]*)\(([^,]+), ([^)]+)\)/, "\\1(\\2, \"\\3\")", "g"); } } { print }' $file; done Requested-by: Masahiro Yamada <masahiroy@kernel.org> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Link: https://mail.google.com/mail/u/2/#inbox/FMfcgzQXKWgMmjdFwwdsfgxzKpVHWPlc Acked-by: Greg KH <gregkh@linuxfoundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2024-12-02 15:59:47 +01:00
EXPORT_SYMBOL_NS_GPL(vsc_tp_intr_enable, "VSC_TP");
mei: Add transport driver for IVSC device The Intel visual sensing controller (IVSC) device is designed to control the camera sharing between host IPU for media usage and IVSC for context sensing (face detection). IVSC is exposed to HOST as an SPI device and the message protocol over the SPI BUS for communicating with the IVSC device is implemented. This is the backend of mei framework for IVSC device, which usually handles the hardware data transfer. The mei_csi and mei_ace are the clients of IVSC mei framework. The firmware downloading for the IVSC device is implemented as well. Signed-off-by: Wentong Wu <wentong.wu@intel.com> Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com> Tested-by: Hao Yao <hao.yao@intel.com> Acked-by: Tomas Winkler <tomas.winkler@intel.com> Link: https://lore.kernel.org/r/1701651344-20723-2-git-send-email-wentong.wu@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-12-04 08:55:43 +08:00
/**
* vsc_tp_intr_disable - disable vsc_tp interrupt
* @tp: vsc_tp device handle
*/
void vsc_tp_intr_disable(struct vsc_tp *tp)
{
disable_irq(tp->spi->irq);
}
module: Convert symbol namespace to string literal Clean up the existing export namespace code along the same lines of commit 33def8498fdd ("treewide: Convert macro and uses of __section(foo) to __section("foo")") and for the same reason, it is not desired for the namespace argument to be a macro expansion itself. Scripted using git grep -l -e MODULE_IMPORT_NS -e EXPORT_SYMBOL_NS | while read file; do awk -i inplace ' /^#define EXPORT_SYMBOL_NS/ { gsub(/__stringify\(ns\)/, "ns"); print; next; } /^#define MODULE_IMPORT_NS/ { gsub(/__stringify\(ns\)/, "ns"); print; next; } /MODULE_IMPORT_NS/ { $0 = gensub(/MODULE_IMPORT_NS\(([^)]*)\)/, "MODULE_IMPORT_NS(\"\\1\")", "g"); } /EXPORT_SYMBOL_NS/ { if ($0 ~ /(EXPORT_SYMBOL_NS[^(]*)\(([^,]+),/) { if ($0 !~ /(EXPORT_SYMBOL_NS[^(]*)\(([^,]+), ([^)]+)\)/ && $0 !~ /(EXPORT_SYMBOL_NS[^(]*)\(\)/ && $0 !~ /^my/) { getline line; gsub(/[[:space:]]*\\$/, ""); gsub(/[[:space:]]/, "", line); $0 = $0 " " line; } $0 = gensub(/(EXPORT_SYMBOL_NS[^(]*)\(([^,]+), ([^)]+)\)/, "\\1(\\2, \"\\3\")", "g"); } } { print }' $file; done Requested-by: Masahiro Yamada <masahiroy@kernel.org> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Link: https://mail.google.com/mail/u/2/#inbox/FMfcgzQXKWgMmjdFwwdsfgxzKpVHWPlc Acked-by: Greg KH <gregkh@linuxfoundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2024-12-02 15:59:47 +01:00
EXPORT_SYMBOL_NS_GPL(vsc_tp_intr_disable, "VSC_TP");
mei: Add transport driver for IVSC device The Intel visual sensing controller (IVSC) device is designed to control the camera sharing between host IPU for media usage and IVSC for context sensing (face detection). IVSC is exposed to HOST as an SPI device and the message protocol over the SPI BUS for communicating with the IVSC device is implemented. This is the backend of mei framework for IVSC device, which usually handles the hardware data transfer. The mei_csi and mei_ace are the clients of IVSC mei framework. The firmware downloading for the IVSC device is implemented as well. Signed-off-by: Wentong Wu <wentong.wu@intel.com> Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com> Tested-by: Hao Yao <hao.yao@intel.com> Acked-by: Tomas Winkler <tomas.winkler@intel.com> Link: https://lore.kernel.org/r/1701651344-20723-2-git-send-email-wentong.wu@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-12-04 08:55:43 +08:00
static int vsc_tp_match_any(struct acpi_device *adev, void *data)
{
struct acpi_device **__adev = data;
*__adev = adev;
return 1;
}
static int vsc_tp_probe(struct spi_device *spi)
{
mei: vsc: Assign pinfo fields in variable declaration Assign all possible fields of pinfo in variable declaration, instead of just zeroing it there. Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com> Tested-and-Reviewed-by: Wentong Wu <wentong.wu@intel.com> Link: https://lore.kernel.org/r/20240219195807.517742-4-sakari.ailus@linux.intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-02-19 21:58:07 +02:00
struct vsc_tp *tp;
struct platform_device_info pinfo = {
.name = "intel_vsc",
.data = &tp,
.size_data = sizeof(tp),
.id = PLATFORM_DEVID_NONE,
};
mei: Add transport driver for IVSC device The Intel visual sensing controller (IVSC) device is designed to control the camera sharing between host IPU for media usage and IVSC for context sensing (face detection). IVSC is exposed to HOST as an SPI device and the message protocol over the SPI BUS for communicating with the IVSC device is implemented. This is the backend of mei framework for IVSC device, which usually handles the hardware data transfer. The mei_csi and mei_ace are the clients of IVSC mei framework. The firmware downloading for the IVSC device is implemented as well. Signed-off-by: Wentong Wu <wentong.wu@intel.com> Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com> Tested-by: Hao Yao <hao.yao@intel.com> Acked-by: Tomas Winkler <tomas.winkler@intel.com> Link: https://lore.kernel.org/r/1701651344-20723-2-git-send-email-wentong.wu@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-12-04 08:55:43 +08:00
struct device *dev = &spi->dev;
struct platform_device *pdev;
struct acpi_device *adev;
int ret;
tp = devm_kzalloc(dev, sizeof(*tp), GFP_KERNEL);
if (!tp)
return -ENOMEM;
mei: vsc: Use struct vsc_tp_packet as vsc-tp tx_buf and rx_buf type vsc_tp.tx_buf and vsc_tp.rx_buf point to a struct vsc_tp_packet, use the correct type instead of "void *" and use sizeof(*ptr) when allocating memory for these buffers. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Reviewed-by: Alexander Usyskin <alexander.usyskin@intel.com> Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com> Link: https://lore.kernel.org/r/20250318141203.94342-3-hdegoede@redhat.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-03-18 15:12:03 +01:00
tp->tx_buf = devm_kzalloc(dev, sizeof(*tp->tx_buf), GFP_KERNEL);
mei: Add transport driver for IVSC device The Intel visual sensing controller (IVSC) device is designed to control the camera sharing between host IPU for media usage and IVSC for context sensing (face detection). IVSC is exposed to HOST as an SPI device and the message protocol over the SPI BUS for communicating with the IVSC device is implemented. This is the backend of mei framework for IVSC device, which usually handles the hardware data transfer. The mei_csi and mei_ace are the clients of IVSC mei framework. The firmware downloading for the IVSC device is implemented as well. Signed-off-by: Wentong Wu <wentong.wu@intel.com> Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com> Tested-by: Hao Yao <hao.yao@intel.com> Acked-by: Tomas Winkler <tomas.winkler@intel.com> Link: https://lore.kernel.org/r/1701651344-20723-2-git-send-email-wentong.wu@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-12-04 08:55:43 +08:00
if (!tp->tx_buf)
return -ENOMEM;
mei: vsc: Use struct vsc_tp_packet as vsc-tp tx_buf and rx_buf type vsc_tp.tx_buf and vsc_tp.rx_buf point to a struct vsc_tp_packet, use the correct type instead of "void *" and use sizeof(*ptr) when allocating memory for these buffers. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Reviewed-by: Alexander Usyskin <alexander.usyskin@intel.com> Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com> Link: https://lore.kernel.org/r/20250318141203.94342-3-hdegoede@redhat.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-03-18 15:12:03 +01:00
tp->rx_buf = devm_kzalloc(dev, sizeof(*tp->rx_buf), GFP_KERNEL);
mei: Add transport driver for IVSC device The Intel visual sensing controller (IVSC) device is designed to control the camera sharing between host IPU for media usage and IVSC for context sensing (face detection). IVSC is exposed to HOST as an SPI device and the message protocol over the SPI BUS for communicating with the IVSC device is implemented. This is the backend of mei framework for IVSC device, which usually handles the hardware data transfer. The mei_csi and mei_ace are the clients of IVSC mei framework. The firmware downloading for the IVSC device is implemented as well. Signed-off-by: Wentong Wu <wentong.wu@intel.com> Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com> Tested-by: Hao Yao <hao.yao@intel.com> Acked-by: Tomas Winkler <tomas.winkler@intel.com> Link: https://lore.kernel.org/r/1701651344-20723-2-git-send-email-wentong.wu@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-12-04 08:55:43 +08:00
if (!tp->rx_buf)
return -ENOMEM;
ret = devm_acpi_dev_add_driver_gpios(dev, vsc_tp_acpi_gpios);
if (ret)
return ret;
mei: vsc: Use "wakeuphostint" when getting the host wakeup GPIO The _CRS ACPI resources table has 2 entries for the host wakeup GPIO, the first one being a regular GpioIo () resource while the second one is a GpioInt () resource for the same pin. The acpi_gpio_mapping table used by vsc-tp.c maps the first Gpio () resource to "wakeuphost-gpios" where as the second GpioInt () entry is mapped to "wakeuphostint-gpios". Using "wakeuphost" to request the GPIO as was done until now, means that the gpiolib-acpi code does not know that the GPIO is active-low as that info is only available in the GpioInt () entry. Things were still working before due to the following happening: 1. Since the 2 entries point to the same pin they share a struct gpio_desc 2. The SPI core creates the SPI device vsc-tp.c binds to and calls acpi_dev_gpio_irq_get(). This does use the second entry and sets FLAG_ACTIVE_LOW in gpio_desc.flags . 3. vsc_tp_probe() requests the "wakeuphost" GPIO and inherits the active-low flag set by acpi_dev_gpio_irq_get() But there is a possible scenario where things do not work: 1. - 3. happen as above 4. After requesting the "wakeuphost" GPIO, the "resetfw" GPIO is requested next, but its USB GPIO controller is not available yet, so this call returns -EPROBE_DEFER. 5. The gpio_desc for "wakeuphost" is put() and during this the active-low flag is cleared from gpio_desc.flags . 6. Later on vsc_tp_probe() requests the "wakeuphost" GPIO again, but now it is not marked active-low. The difference can also be seen in /sys/kernel/debug/gpio, which contains the following line for this GPIO: gpio-535 ( |wakeuphost ) in hi IRQ ACTIVE LOW If the second scenario is hit the "ACTIVE LOW" at the end disappears and things do not work. Fix this by requesting the GPIO through the "wakeuphostint" mapping instead which provides active-low info without relying on acpi_dev_gpio_irq_get() pre-populating this info in the gpio_desc. Link: https://bugzilla.redhat.com/show_bug.cgi?id=2316918 Signed-off-by: Hans de Goede <hdegoede@redhat.com> Reviewed-by: Stanislaw Gruszka <stanislaw.gruszka@linux.intel.com> Tested-by: Sakari Ailus <sakari.ailus@linux.intel.com> Fixes: 566f5ca97680 ("mei: Add transport driver for IVSC device") Cc: stable <stable@kernel.org> Link: https://lore.kernel.org/r/20250214212425.84021-1-hdegoede@redhat.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-02-14 22:24:25 +01:00
tp->wakeuphost = devm_gpiod_get(dev, "wakeuphostint", GPIOD_IN);
mei: Add transport driver for IVSC device The Intel visual sensing controller (IVSC) device is designed to control the camera sharing between host IPU for media usage and IVSC for context sensing (face detection). IVSC is exposed to HOST as an SPI device and the message protocol over the SPI BUS for communicating with the IVSC device is implemented. This is the backend of mei framework for IVSC device, which usually handles the hardware data transfer. The mei_csi and mei_ace are the clients of IVSC mei framework. The firmware downloading for the IVSC device is implemented as well. Signed-off-by: Wentong Wu <wentong.wu@intel.com> Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com> Tested-by: Hao Yao <hao.yao@intel.com> Acked-by: Tomas Winkler <tomas.winkler@intel.com> Link: https://lore.kernel.org/r/1701651344-20723-2-git-send-email-wentong.wu@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-12-04 08:55:43 +08:00
if (IS_ERR(tp->wakeuphost))
return PTR_ERR(tp->wakeuphost);
tp->resetfw = devm_gpiod_get(dev, "resetfw", GPIOD_OUT_HIGH);
if (IS_ERR(tp->resetfw))
return PTR_ERR(tp->resetfw);
tp->wakeupfw = devm_gpiod_get(dev, "wakeupfw", GPIOD_OUT_HIGH);
if (IS_ERR(tp->wakeupfw))
return PTR_ERR(tp->wakeupfw);
atomic_set(&tp->assert_cnt, 0);
init_waitqueue_head(&tp->xfer_wait);
tp->spi = spi;
irq_set_status_flags(spi->irq, IRQ_DISABLE_UNLAZY);
mei: vsc: Fix "BUG: Invalid wait context" lockdep error Kernels build with CONFIG_PROVE_RAW_LOCK_NESTING report the following tp-vsc lockdep error: ============================= [ BUG: Invalid wait context ] ... swapper/10/0 is trying to lock: ffff88819c271888 (&tp->xfer_wait){....}-{3:3}, at: __wake_up (kernel/sched/wait.c:106 kernel/sched/wait.c:127) ... Call Trace: <IRQ> ... __raw_spin_lock_irqsave (./include/linux/spinlock_api_smp.h:111) __wake_up (kernel/sched/wait.c:106 kernel/sched/wait.c:127) vsc_tp_isr (drivers/misc/mei/vsc-tp.c:110) mei_vsc_hw __handle_irq_event_percpu (kernel/irq/handle.c:158) handle_irq_event (kernel/irq/handle.c:195 kernel/irq/handle.c:210) handle_edge_irq (kernel/irq/chip.c:833) ... </IRQ> The root-cause of this is the IRQF_NO_THREAD flag used by the intel-pinctrl code. Setting IRQF_NO_THREAD requires all interrupt handlers for GPIO ISRs to use raw-spinlocks only since normal spinlocks can sleep in PREEMPT-RT kernels and with IRQF_NO_THREAD the interrupt handlers will always run in an atomic context [1]. vsc_tp_isr() calls wake_up(&tp->xfer_wait), which uses a regular spinlock, breaking the raw-spinlocks only rule for Intel GPIO ISRs. Make vsc_tp_isr() run as threaded ISR instead of as hard ISR to fix this. Fixes: 566f5ca97680 ("mei: Add transport driver for IVSC device") Link: https://lore.kernel.org/linux-gpio/18ab52bd-9171-4667-a600-0f52ab7017ac@kernel.org/ [1] Signed-off-by: Hans de Goede <hansg@kernel.org> Link: https://lore.kernel.org/r/20250623085052.12347-10-hansg@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-06-23 10:50:51 +02:00
ret = request_threaded_irq(spi->irq, NULL, vsc_tp_isr,
mei: vsc: Unregister interrupt handler for system suspend Unregister the MEI VSC interrupt handler before system suspend and re-register it at system resume time. This mirrors implementation of other MEI devices. This patch fixes the bug that causes continuous stream of MEI VSC errors after system resume. Fixes: 386a766c4169 ("mei: Add MEI hardware support for IVSC device") Cc: stable@vger.kernel.org # for 6.8 Reported-by: Dominik Brodowski <linux@dominikbrodowski.net> Signed-off-by: Wentong Wu <wentong.wu@intel.com> Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com> Acked-by: Tomas Winkler <tomas.winkler@intel.com> Link: https://lore.kernel.org/r/20240403051341.3534650-2-wentong.wu@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-04-03 13:13:41 +08:00
IRQF_TRIGGER_FALLING | IRQF_ONESHOT,
dev_name(dev), tp);
mei: Add transport driver for IVSC device The Intel visual sensing controller (IVSC) device is designed to control the camera sharing between host IPU for media usage and IVSC for context sensing (face detection). IVSC is exposed to HOST as an SPI device and the message protocol over the SPI BUS for communicating with the IVSC device is implemented. This is the backend of mei framework for IVSC device, which usually handles the hardware data transfer. The mei_csi and mei_ace are the clients of IVSC mei framework. The firmware downloading for the IVSC device is implemented as well. Signed-off-by: Wentong Wu <wentong.wu@intel.com> Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com> Tested-by: Hao Yao <hao.yao@intel.com> Acked-by: Tomas Winkler <tomas.winkler@intel.com> Link: https://lore.kernel.org/r/1701651344-20723-2-git-send-email-wentong.wu@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-12-04 08:55:43 +08:00
if (ret)
return ret;
mutex_init(&tp->mutex);
mei: vsc: Event notifier fixes vsc_tp_register_event_cb() can race with vsc_tp_thread_isr(), add a mutex to protect against this. Fixes: 566f5ca97680 ("mei: Add transport driver for IVSC device") Signed-off-by: Hans de Goede <hansg@kernel.org> Link: https://lore.kernel.org/r/20250623085052.12347-7-hansg@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-06-23 10:50:48 +02:00
mutex_init(&tp->event_notify_mutex);
mei: vsc: Run event callback from a workqueue The event_notify callback in some cases calls vsc_tp_xfer(), which checks tp->assert_cnt and waits for it through the tp->xfer_wait wait-queue. And tp->assert_cnt is increased and the tp->xfer_wait queue is woken o from the interrupt handler. So the interrupt handler which is running the event callback is waiting for itself to signal that it can continue. This happens to work because the event callback runs from the threaded ISR handler and while that is running the hard ISR handler will still get called a second / third time for further interrupts and it is the hard ISR handler which does the atomic_inc() and wake_up() calls. But having the threaded ISR handler wait for its own interrupt to trigger again is not how a threaded ISR handler is supposed to be used. Move the running of the event callback from a threaded interrupt handler to a workqueue since a threaded ISR should not wait for events from its own interrupt. This is a preparation patch for moving the atomic_inc() and wake_up() calls to the threaded ISR handler, which is necessary to fix a locking issue. Fixes: 566f5ca97680 ("mei: Add transport driver for IVSC device") Signed-off-by: Hans de Goede <hansg@kernel.org> Link: https://lore.kernel.org/r/20250623085052.12347-9-hansg@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-06-23 10:50:50 +02:00
INIT_WORK(&tp->event_work, vsc_tp_event_work);
mei: Add transport driver for IVSC device The Intel visual sensing controller (IVSC) device is designed to control the camera sharing between host IPU for media usage and IVSC for context sensing (face detection). IVSC is exposed to HOST as an SPI device and the message protocol over the SPI BUS for communicating with the IVSC device is implemented. This is the backend of mei framework for IVSC device, which usually handles the hardware data transfer. The mei_csi and mei_ace are the clients of IVSC mei framework. The firmware downloading for the IVSC device is implemented as well. Signed-off-by: Wentong Wu <wentong.wu@intel.com> Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com> Tested-by: Hao Yao <hao.yao@intel.com> Acked-by: Tomas Winkler <tomas.winkler@intel.com> Link: https://lore.kernel.org/r/1701651344-20723-2-git-send-email-wentong.wu@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-12-04 08:55:43 +08:00
/* only one child acpi device */
ret = acpi_dev_for_each_child(ACPI_COMPANION(dev),
vsc_tp_match_any, &adev);
if (!ret) {
ret = -ENODEV;
goto err_destroy_lock;
}
mei: vsc: Assign pinfo fields in variable declaration Assign all possible fields of pinfo in variable declaration, instead of just zeroing it there. Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com> Tested-and-Reviewed-by: Wentong Wu <wentong.wu@intel.com> Link: https://lore.kernel.org/r/20240219195807.517742-4-sakari.ailus@linux.intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-02-19 21:58:07 +02:00
pinfo.fwnode = acpi_fwnode_handle(adev);
mei: Add transport driver for IVSC device The Intel visual sensing controller (IVSC) device is designed to control the camera sharing between host IPU for media usage and IVSC for context sensing (face detection). IVSC is exposed to HOST as an SPI device and the message protocol over the SPI BUS for communicating with the IVSC device is implemented. This is the backend of mei framework for IVSC device, which usually handles the hardware data transfer. The mei_csi and mei_ace are the clients of IVSC mei framework. The firmware downloading for the IVSC device is implemented as well. Signed-off-by: Wentong Wu <wentong.wu@intel.com> Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com> Tested-by: Hao Yao <hao.yao@intel.com> Acked-by: Tomas Winkler <tomas.winkler@intel.com> Link: https://lore.kernel.org/r/1701651344-20723-2-git-send-email-wentong.wu@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-12-04 08:55:43 +08:00
pdev = platform_device_register_full(&pinfo);
if (IS_ERR(pdev)) {
ret = PTR_ERR(pdev);
goto err_destroy_lock;
}
tp->pdev = pdev;
spi_set_drvdata(spi, tp);
return 0;
err_destroy_lock:
mei: vsc: Unregister interrupt handler for system suspend Unregister the MEI VSC interrupt handler before system suspend and re-register it at system resume time. This mirrors implementation of other MEI devices. This patch fixes the bug that causes continuous stream of MEI VSC errors after system resume. Fixes: 386a766c4169 ("mei: Add MEI hardware support for IVSC device") Cc: stable@vger.kernel.org # for 6.8 Reported-by: Dominik Brodowski <linux@dominikbrodowski.net> Signed-off-by: Wentong Wu <wentong.wu@intel.com> Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com> Acked-by: Tomas Winkler <tomas.winkler@intel.com> Link: https://lore.kernel.org/r/20240403051341.3534650-2-wentong.wu@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-04-03 13:13:41 +08:00
free_irq(spi->irq, tp);
mei: vsc: Run event callback from a workqueue The event_notify callback in some cases calls vsc_tp_xfer(), which checks tp->assert_cnt and waits for it through the tp->xfer_wait wait-queue. And tp->assert_cnt is increased and the tp->xfer_wait queue is woken o from the interrupt handler. So the interrupt handler which is running the event callback is waiting for itself to signal that it can continue. This happens to work because the event callback runs from the threaded ISR handler and while that is running the hard ISR handler will still get called a second / third time for further interrupts and it is the hard ISR handler which does the atomic_inc() and wake_up() calls. But having the threaded ISR handler wait for its own interrupt to trigger again is not how a threaded ISR handler is supposed to be used. Move the running of the event callback from a threaded interrupt handler to a workqueue since a threaded ISR should not wait for events from its own interrupt. This is a preparation patch for moving the atomic_inc() and wake_up() calls to the threaded ISR handler, which is necessary to fix a locking issue. Fixes: 566f5ca97680 ("mei: Add transport driver for IVSC device") Signed-off-by: Hans de Goede <hansg@kernel.org> Link: https://lore.kernel.org/r/20250623085052.12347-9-hansg@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-06-23 10:50:50 +02:00
cancel_work_sync(&tp->event_work);
mei: vsc: Event notifier fixes vsc_tp_register_event_cb() can race with vsc_tp_thread_isr(), add a mutex to protect against this. Fixes: 566f5ca97680 ("mei: Add transport driver for IVSC device") Signed-off-by: Hans de Goede <hansg@kernel.org> Link: https://lore.kernel.org/r/20250623085052.12347-7-hansg@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-06-23 10:50:48 +02:00
mutex_destroy(&tp->event_notify_mutex);
mei: vsc: Destroy mutex after freeing the IRQ The event_notify callback which runs from vsc_tp_thread_isr may call vsc_tp_xfer() which locks the mutex. So the ISR depends on the mutex. Move the mutex_destroy() call to after free_irq() to ensure that the ISR is not running while the mutex is destroyed. Fixes: 566f5ca97680 ("mei: Add transport driver for IVSC device") Signed-off-by: Hans de Goede <hansg@kernel.org> Link: https://lore.kernel.org/r/20250623085052.12347-6-hansg@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-06-23 10:50:47 +02:00
mutex_destroy(&tp->mutex);
mei: Add transport driver for IVSC device The Intel visual sensing controller (IVSC) device is designed to control the camera sharing between host IPU for media usage and IVSC for context sensing (face detection). IVSC is exposed to HOST as an SPI device and the message protocol over the SPI BUS for communicating with the IVSC device is implemented. This is the backend of mei framework for IVSC device, which usually handles the hardware data transfer. The mei_csi and mei_ace are the clients of IVSC mei framework. The firmware downloading for the IVSC device is implemented as well. Signed-off-by: Wentong Wu <wentong.wu@intel.com> Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com> Tested-by: Hao Yao <hao.yao@intel.com> Acked-by: Tomas Winkler <tomas.winkler@intel.com> Link: https://lore.kernel.org/r/1701651344-20723-2-git-send-email-wentong.wu@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-12-04 08:55:43 +08:00
return ret;
}
mei: vsc: Use vsc_tp_remove() as shutdown handler After removing the vsc_tp_reset() call from vsc_tp_shutdown() it is now identical to vsc_tp_remove(). Use vsc_tp_remove() as shutdown handler and remove vsc_tp_shutdown(). Signed-off-by: Hans de Goede <hansg@kernel.org> Link: https://lore.kernel.org/r/20250623085052.12347-5-hansg@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-06-23 10:50:46 +02:00
/* Note this is also used for shutdown */
mei: Add transport driver for IVSC device The Intel visual sensing controller (IVSC) device is designed to control the camera sharing between host IPU for media usage and IVSC for context sensing (face detection). IVSC is exposed to HOST as an SPI device and the message protocol over the SPI BUS for communicating with the IVSC device is implemented. This is the backend of mei framework for IVSC device, which usually handles the hardware data transfer. The mei_csi and mei_ace are the clients of IVSC mei framework. The firmware downloading for the IVSC device is implemented as well. Signed-off-by: Wentong Wu <wentong.wu@intel.com> Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com> Tested-by: Hao Yao <hao.yao@intel.com> Acked-by: Tomas Winkler <tomas.winkler@intel.com> Link: https://lore.kernel.org/r/1701651344-20723-2-git-send-email-wentong.wu@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-12-04 08:55:43 +08:00
static void vsc_tp_remove(struct spi_device *spi)
{
struct vsc_tp *tp = spi_get_drvdata(spi);
platform_device_unregister(tp->pdev);
mei: vsc: Unregister interrupt handler for system suspend Unregister the MEI VSC interrupt handler before system suspend and re-register it at system resume time. This mirrors implementation of other MEI devices. This patch fixes the bug that causes continuous stream of MEI VSC errors after system resume. Fixes: 386a766c4169 ("mei: Add MEI hardware support for IVSC device") Cc: stable@vger.kernel.org # for 6.8 Reported-by: Dominik Brodowski <linux@dominikbrodowski.net> Signed-off-by: Wentong Wu <wentong.wu@intel.com> Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com> Acked-by: Tomas Winkler <tomas.winkler@intel.com> Link: https://lore.kernel.org/r/20240403051341.3534650-2-wentong.wu@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-04-03 13:13:41 +08:00
free_irq(spi->irq, tp);
mei: vsc: Destroy mutex after freeing the IRQ The event_notify callback which runs from vsc_tp_thread_isr may call vsc_tp_xfer() which locks the mutex. So the ISR depends on the mutex. Move the mutex_destroy() call to after free_irq() to ensure that the ISR is not running while the mutex is destroyed. Fixes: 566f5ca97680 ("mei: Add transport driver for IVSC device") Signed-off-by: Hans de Goede <hansg@kernel.org> Link: https://lore.kernel.org/r/20250623085052.12347-6-hansg@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-06-23 10:50:47 +02:00
mei: vsc: Run event callback from a workqueue The event_notify callback in some cases calls vsc_tp_xfer(), which checks tp->assert_cnt and waits for it through the tp->xfer_wait wait-queue. And tp->assert_cnt is increased and the tp->xfer_wait queue is woken o from the interrupt handler. So the interrupt handler which is running the event callback is waiting for itself to signal that it can continue. This happens to work because the event callback runs from the threaded ISR handler and while that is running the hard ISR handler will still get called a second / third time for further interrupts and it is the hard ISR handler which does the atomic_inc() and wake_up() calls. But having the threaded ISR handler wait for its own interrupt to trigger again is not how a threaded ISR handler is supposed to be used. Move the running of the event callback from a threaded interrupt handler to a workqueue since a threaded ISR should not wait for events from its own interrupt. This is a preparation patch for moving the atomic_inc() and wake_up() calls to the threaded ISR handler, which is necessary to fix a locking issue. Fixes: 566f5ca97680 ("mei: Add transport driver for IVSC device") Signed-off-by: Hans de Goede <hansg@kernel.org> Link: https://lore.kernel.org/r/20250623085052.12347-9-hansg@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-06-23 10:50:50 +02:00
cancel_work_sync(&tp->event_work);
mei: vsc: Event notifier fixes vsc_tp_register_event_cb() can race with vsc_tp_thread_isr(), add a mutex to protect against this. Fixes: 566f5ca97680 ("mei: Add transport driver for IVSC device") Signed-off-by: Hans de Goede <hansg@kernel.org> Link: https://lore.kernel.org/r/20250623085052.12347-7-hansg@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-06-23 10:50:48 +02:00
mutex_destroy(&tp->event_notify_mutex);
mei: vsc: Destroy mutex after freeing the IRQ The event_notify callback which runs from vsc_tp_thread_isr may call vsc_tp_xfer() which locks the mutex. So the ISR depends on the mutex. Move the mutex_destroy() call to after free_irq() to ensure that the ISR is not running while the mutex is destroyed. Fixes: 566f5ca97680 ("mei: Add transport driver for IVSC device") Signed-off-by: Hans de Goede <hansg@kernel.org> Link: https://lore.kernel.org/r/20250623085052.12347-6-hansg@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-06-23 10:50:47 +02:00
mutex_destroy(&tp->mutex);
mei: Add transport driver for IVSC device The Intel visual sensing controller (IVSC) device is designed to control the camera sharing between host IPU for media usage and IVSC for context sensing (face detection). IVSC is exposed to HOST as an SPI device and the message protocol over the SPI BUS for communicating with the IVSC device is implemented. This is the backend of mei framework for IVSC device, which usually handles the hardware data transfer. The mei_csi and mei_ace are the clients of IVSC mei framework. The firmware downloading for the IVSC device is implemented as well. Signed-off-by: Wentong Wu <wentong.wu@intel.com> Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com> Tested-by: Hao Yao <hao.yao@intel.com> Acked-by: Tomas Winkler <tomas.winkler@intel.com> Link: https://lore.kernel.org/r/1701651344-20723-2-git-send-email-wentong.wu@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-12-04 08:55:43 +08:00
}
static const struct acpi_device_id vsc_tp_acpi_ids[] = {
{ "INTC1009" }, /* Raptor Lake */
{ "INTC1058" }, /* Tiger Lake */
{ "INTC1094" }, /* Alder Lake */
mei: Add Meteor Lake support for IVSC device Add IVSC device support on Meteor Lake platform. Signed-off-by: Wentong Wu <wentong.wu@intel.com> Cc: stable <stable@kernel.org> Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com> Acked-by: Tomas Winkler <tomas.winkler@intel.com> Link: https://lore.kernel.org/r/20240207004304.31862-1-wentong.wu@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-02-07 08:43:04 +08:00
{ "INTC10D0" }, /* Meteor Lake */
mei: Add transport driver for IVSC device The Intel visual sensing controller (IVSC) device is designed to control the camera sharing between host IPU for media usage and IVSC for context sensing (face detection). IVSC is exposed to HOST as an SPI device and the message protocol over the SPI BUS for communicating with the IVSC device is implemented. This is the backend of mei framework for IVSC device, which usually handles the hardware data transfer. The mei_csi and mei_ace are the clients of IVSC mei framework. The firmware downloading for the IVSC device is implemented as well. Signed-off-by: Wentong Wu <wentong.wu@intel.com> Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com> Tested-by: Hao Yao <hao.yao@intel.com> Acked-by: Tomas Winkler <tomas.winkler@intel.com> Link: https://lore.kernel.org/r/1701651344-20723-2-git-send-email-wentong.wu@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-12-04 08:55:43 +08:00
{}
};
MODULE_DEVICE_TABLE(acpi, vsc_tp_acpi_ids);
static struct spi_driver vsc_tp_driver = {
.probe = vsc_tp_probe,
.remove = vsc_tp_remove,
mei: vsc: Use vsc_tp_remove() as shutdown handler After removing the vsc_tp_reset() call from vsc_tp_shutdown() it is now identical to vsc_tp_remove(). Use vsc_tp_remove() as shutdown handler and remove vsc_tp_shutdown(). Signed-off-by: Hans de Goede <hansg@kernel.org> Link: https://lore.kernel.org/r/20250623085052.12347-5-hansg@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-06-23 10:50:46 +02:00
.shutdown = vsc_tp_remove,
mei: Add transport driver for IVSC device The Intel visual sensing controller (IVSC) device is designed to control the camera sharing between host IPU for media usage and IVSC for context sensing (face detection). IVSC is exposed to HOST as an SPI device and the message protocol over the SPI BUS for communicating with the IVSC device is implemented. This is the backend of mei framework for IVSC device, which usually handles the hardware data transfer. The mei_csi and mei_ace are the clients of IVSC mei framework. The firmware downloading for the IVSC device is implemented as well. Signed-off-by: Wentong Wu <wentong.wu@intel.com> Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com> Tested-by: Hao Yao <hao.yao@intel.com> Acked-by: Tomas Winkler <tomas.winkler@intel.com> Link: https://lore.kernel.org/r/1701651344-20723-2-git-send-email-wentong.wu@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-12-04 08:55:43 +08:00
.driver = {
.name = "vsc-tp",
.acpi_match_table = vsc_tp_acpi_ids,
},
};
module_spi_driver(vsc_tp_driver);
MODULE_AUTHOR("Wentong Wu <wentong.wu@intel.com>");
MODULE_AUTHOR("Zhifeng Wang <zhifeng.wang@intel.com>");
MODULE_DESCRIPTION("Intel Visual Sensing Controller Transport Layer");
MODULE_LICENSE("GPL");
Reference in a new issue Copy permalink