Merge "mhi: core: Add range check for channel id received in event ring"

	struct completion completion;

	rwlock_t lock;

	struct list_head node;

	/* stats */

	u64 mode_change;

};

struct tsync_node {

		mhi_tre->dword[1] = MHI_TRE_DATA_DWORD1(mhi_chan->bei, 1, 0, 0);

	}

	MHI_VERB("chan:%d WP:0x%llx TRE:0x%llx 0x%08x 0x%08x\n", mhi_chan->chan,

		 (u64)mhi_to_physical(tre_ring, mhi_tre), mhi_tre->ptr,

		 mhi_tre->dword[0], mhi_tre->dword[1]);

	MHI_VERB("chan:%d WP:0x%llx TRE:0x%llx 0x%08x 0x%08x rDB %d\n",

		mhi_chan->chan, (u64)mhi_to_physical(tre_ring, mhi_tre),

		mhi_tre->ptr, mhi_tre->dword[0], mhi_tre->dword[1], ring_db);

	/* increment WP */

	mhi_add_ring_element(mhi_cntrl, tre_ring);

	unsigned long flags = 0;

	bool ring_db = true;

	int n_free_tre, n_queued_tre;

	unsigned long rflags;

	ev_code = MHI_TRE_GET_EV_CODE(event);

	buf_ring = &mhi_chan->buf_ring;

		break;

	} /* CC_EOT */

	case MHI_EV_CC_OOB:

	case MHI_EV_CC_DB_MODE:

	{

		unsigned long flags;

		MHI_VERB("DB_MODE/OOB Detected chan %d.\n", mhi_chan->chan);

		mhi_chan->db_cfg.db_mode = 1;

		mhi_chan->db_cfg.db_mode = true;

		mhi_chan->mode_change++;

		/*

		 * on RSC channel IPA HW has a minimum credit requirement before

				ring_db = false;

		}

		read_lock_irqsave(&mhi_cntrl->pm_lock, flags);

		MHI_VERB("OOB_MODE chan %d ring_db %d\n", mhi_chan->chan,

			ring_db);

		read_lock_irqsave(&mhi_cntrl->pm_lock, rflags);

		if (tre_ring->wp != tre_ring->rp &&

		    MHI_DB_ACCESS_VALID(mhi_cntrl) && ring_db) {

		    MHI_DB_ACCESS_VALID(mhi_cntrl) && ring_db)

			mhi_ring_chan_db(mhi_cntrl, mhi_chan);

		}

		read_unlock_irqrestore(&mhi_cntrl->pm_lock, flags);

		read_unlock_irqrestore(&mhi_cntrl->pm_lock, rflags);

		break;

	case MHI_EV_CC_DB_MODE:

		MHI_VERB("DB_MODE chan %d.\n", mhi_chan->chan);

		mhi_chan->db_cfg.db_mode = true;

		mhi_chan->mode_change++;

		read_lock_irqsave(&mhi_cntrl->pm_lock, rflags);

		if (tre_ring->wp != tre_ring->rp &&

		    MHI_DB_ACCESS_VALID(mhi_cntrl))

			mhi_ring_chan_db(mhi_cntrl, mhi_chan);

		read_unlock_irqrestore(&mhi_cntrl->pm_lock, rflags);

		break;

	}

	case MHI_EV_CC_BAD_TRE:

		MHI_ASSERT(1, "Received BAD TRE event for ring");

		break;

	xfer_len = MHI_TRE_GET_EV_LEN(event);

	/* received out of bound cookie */

	MHI_ASSERT(cookie >= buf_ring->len, "Invalid Cookie\n");

	if (cookie >= buf_ring->len) {

		MHI_ERR("cookie 0x%08x bufring_len %zu", cookie, buf_ring->len);

		MHI_ERR("Processing Event:0x%llx 0x%08x 0x%08x\n",

			event->ptr, event->dword[0], event->dword[1]);

		panic("invalid cookie");

	}

	buf_info = buf_ring->base + cookie;

			local_rp->ptr, local_rp->dword[0], local_rp->dword[1]);

		chan = MHI_TRE_GET_EV_CHID(local_rp);

		if (chan >= mhi_cntrl->max_chan) {

			MHI_ERR("invalid channel id %u\n", chan);

			continue;

		}

		mhi_chan = &mhi_cntrl->mhi_chan[chan];

		if (likely(type == MHI_PKT_TYPE_TX_EVENT)) {

	MHI_VERB("Enter\n");

	write_lock_irq(&mhi_cntrl->pm_lock);

	if (MHI_REG_ACCESS_VALID(mhi_cntrl->pm_state)) {

	if (!MHI_REG_ACCESS_VALID(mhi_cntrl->pm_state)) {

		write_unlock_irq(&mhi_cntrl->pm_lock);

		goto exit_intvec;

	}

	state = mhi_get_mhi_state(mhi_cntrl);

	ee = mhi_cntrl->ee;

	mhi_cntrl->ee = mhi_get_exec_env(mhi_cntrl);

		MHI_LOG("device ee:%s dev_state:%s\n",

	MHI_LOG("local ee: %s device ee:%s dev_state:%s\n",

		TO_MHI_EXEC_STR(ee),

		TO_MHI_EXEC_STR(mhi_cntrl->ee),

		TO_MHI_STATE_STR(state));

	}

	if (state == MHI_STATE_SYS_ERR) {

		MHI_ERR("MHI system error detected\n");

				   chan_ctxt->pollcfg, chan_ctxt->chtype,

				   chan_ctxt->erindex);

			seq_printf(m,

				   " base:0x%llx len:0x%llx wp:0x%llx local_rp:0x%llx local_wp:0x%llx db:0x%llx\n",

				   " base:0x%llx len:0x%llx wp:0x%llx local_rp:0x%llx local_wp:0x%llx db:0x%llx mode_change:0x%llx\n",

				   chan_ctxt->rbase, chan_ctxt->rlen,

				   chan_ctxt->wp,

				   mhi_to_physical(ring, ring->rp),

				   mhi_to_physical(ring, ring->wp),

				   mhi_chan->db_cfg.db_val);

				   mhi_chan->db_cfg.db_val,

				   mhi_chan->mode_change);

			mhi_chan->mode_change = 0;

		}

	}

	write_unlock_irq(&mhi_cntrl->pm_lock);

	MHI_LOG("Wait for M3 completion\n");

	/* finish reg writes before D3 cold */

	mhi_force_reg_write(mhi_cntrl);

	ret = wait_event_timeout(mhi_cntrl->state_event,

				 mhi_cntrl->dev_state == MHI_STATE_M3 ||

				 MHI_PM_IN_ERROR_STATE(mhi_cntrl->pm_state),

	mhi_cntrl->M3_FAST++;

	write_unlock_irq(&mhi_cntrl->pm_lock);

	/* finish reg writes before DRV hand-off to avoid noc err */

	mhi_force_reg_write(mhi_cntrl);

	/* now safe to check ctrl event ring */

	tasklet_enable(&mhi_cntrl->mhi_event->task);

	mhi_msi_handlr(0, mhi_cntrl->mhi_event);

/* Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.

/* Copyright (c) 2018-2020, The Linux Foundation. All rights reserved.

 *

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License version 2 and

	/* debug stats */

	u32 abuffers, kbuffers, rbuffers;

	bool napi_scheduled;

};

struct mhi_netdev_priv {

		/* replenish the ring */

		napi_schedule(mhi_netdev->napi);

		mhi_netdev->napi_scheduled = true;

		/* wait for buffers to run low or thread to stop */

		wait_event_interruptible(mhi_netdev->alloc_event,

	if (rx_work < 0) {

		MSG_ERR("Error polling ret:%d\n", rx_work);

		napi_complete(napi);

		mhi_netdev->napi_scheduled = false;

		return 0;

	}

		mhi_netdev_queue(mhi_netdev, rsc_dev->mhi_dev);

	/* complete work if # of packet processed less than allocated budget */

	if (rx_work < budget)

	if (rx_work < budget) {

		napi_complete(napi);

		mhi_netdev->napi_scheduled = false;

	}

	MSG_VERB("polled %d pkts\n", rx_work);

		return;

	napi_schedule(mhi_netdev->napi);

	mhi_netdev->napi_scheduled = true;

}

#ifdef CONFIG_DEBUG_FS

	 * by triggering a napi_poll

	 */

	napi_schedule(mhi_netdev->napi);

	mhi_netdev->napi_scheduled = true;

	return 0;

}