/*
 * Copyright (c) 2013-2015 TRUSTONIC LIMITED
 * All Rights Reserved.
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * version 2 as published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU General Public License for more details.
 */

#include <linux/err.h>
#include <linux/slab.h>
#include <linux/mutex.h>
#include <linux/device.h>
#include <linux/sched.h>
#include <linux/completion.h>
#include <linux/circ_buf.h>
#include <linux/delay.h>
#include <linux/interrupt.h>
#include <linux/debugfs.h>
#include <linux/of_irq.h>

#include "public/mc_linux.h"
#include "public/mc_admin.h"

#include "mci/mcimcp.h"
#include "mci/mcifc.h"
#include "mci/mcinq.h"		/* SID_MCP */

#include "platform.h"		/* IRQ number */
#include "fastcall.h"
#include "debug.h"
#include "logging.h"
#include "mcp.h"

/* respond timeout for MCP notification, in secs */
#define MCP_TIMEOUT		10
#define MCP_RETRIES		5
#define MCP_NF_QUEUE_SZ		8
#define NQ_NUM_ELEMS		16

static void mc_irq_worker(struct work_struct *data);
DECLARE_WORK(irq_work, mc_irq_worker);

static const struct {
	unsigned int index;
	const char *msg;
} status_map[] = {
	/**< MobiCore control flags */
	{ MC_EXT_INFO_ID_FLAGS, "flags"},
	/**< MobiCore halt condition code */
	{ MC_EXT_INFO_ID_HALT_CODE, "haltCode"},
	/**< MobiCore halt condition instruction pointer */
	{ MC_EXT_INFO_ID_HALT_IP, "haltIp"},
	/**< MobiCore fault counter */
	{ MC_EXT_INFO_ID_FAULT_CNT, "faultRec.cnt"},
	/**< MobiCore last fault cause */
	{ MC_EXT_INFO_ID_FAULT_CAUSE, "faultRec.cause"},
	/**< MobiCore last fault meta */
	{ MC_EXT_INFO_ID_FAULT_META, "faultRec.meta"},
	/**< MobiCore last fault threadid */
	{ MC_EXT_INFO_ID_FAULT_THREAD, "faultRec.thread"},
	/**< MobiCore last fault instruction pointer */
	{ MC_EXT_INFO_ID_FAULT_IP, "faultRec.ip"},
	/**< MobiCore last fault stack pointer */
	{ MC_EXT_INFO_ID_FAULT_SP, "faultRec.sp"},
	/**< MobiCore last fault ARM arch information */
	{ MC_EXT_INFO_ID_FAULT_ARCH_DFSR, "faultRec.arch.dfsr"},
	/**< MobiCore last fault ARM arch information */
	{ MC_EXT_INFO_ID_FAULT_ARCH_ADFSR, "faultRec.arch.adfsr"},
	/**< MobiCore last fault ARM arch information */
	{ MC_EXT_INFO_ID_FAULT_ARCH_DFAR, "faultRec.arch.dfar"},
	/**< MobiCore last fault ARM arch information */
	{ MC_EXT_INFO_ID_FAULT_ARCH_IFSR, "faultRec.arch.ifsr"},
	/**< MobiCore last fault ARM arch information */
	{ MC_EXT_INFO_ID_FAULT_ARCH_AIFSR, "faultRec.arch.aifsr"},
	/**< MobiCore last fault ARM arch information */
	{ MC_EXT_INFO_ID_FAULT_ARCH_IFAR, "faultRec.arch.ifar"},
	/**< MobiCore configured by Daemon via fc_init flag */
	{ MC_EXT_INFO_ID_MC_CONFIGURED, "mcData.flags"},
	/**< MobiCore exception handler last partner */
	{ MC_EXT_INFO_ID_MC_EXC_PARTNER, "mcExcep.partner"},
	/**< MobiCore exception handler last peer */
	{ MC_EXT_INFO_ID_MC_EXC_IPCPEER, "mcExcep.peer"},
	/**< MobiCore exception handler last IPC message */
	{ MC_EXT_INFO_ID_MC_EXC_IPCMSG, "mcExcep.cause"},
	/**< MobiCore exception handler last IPC data */
	{MC_EXT_INFO_ID_MC_EXC_IPCDATA, "mcExcep.meta"},
};

static struct mcp_context {
	struct mutex buffer_lock;	/* Lock on SWd communication buffer */
	struct mutex queue_lock;	/* Lock for MCP messages */
	struct mcp_buffer *mcp_buffer;
	struct tbase_session *session;
	struct completion complete;
	bool mcp_dead;
	int irq;
	int (*scheduler_cb)(enum mcp_scheduler_commands);
	void (*crashhandler_cb)(void);
	/* MobiCore MCI information */
	unsigned int order;
	union {
		void		*base;
		struct {
			struct notification_queue *tx;
			struct notification_queue *rx;
		} nq;
	};
	/*
	 * This notifications list is to be used to queue notifications when the
	 * notification queue overflows, so no session gets its notification
	 * lost, especially MCP.
	 */
	struct mutex		notifications_mutex;
	struct list_head	notifications;
	struct mcp_session	mcp_session;	/* Pseudo session for MCP */
	/* Unexpected notification (during MCP open) */
	struct mutex		unexp_notif_mutex;
	struct notification	unexp_notif;
	/* Sessions */
	struct mutex		sessions_lock;
	struct list_head	sessions;
	/* Dump buffer */
	struct kasnprintf_buf	dump;
} mcp_ctx;

static inline void mark_mcp_dead(void)
{
	mcp_ctx.mcp_dead = true;
	complete(&mcp_ctx.complete);
}

static inline int mcp_set_sleep_mode_rq(uint16_t sleep_req)
{
	mutex_lock(&mcp_ctx.buffer_lock);
	mcp_ctx.mcp_buffer->mc_flags.sleep_mode.sleep_req = sleep_req;
	mutex_unlock(&mcp_ctx.buffer_lock);
	return 0;
}

static ssize_t debug_crashdump_read(struct file *file, char __user *user_buf,
				    size_t count, loff_t *ppos)
{
	if (mcp_ctx.dump.off)
		return simple_read_from_buffer(user_buf, count, ppos,
					       mcp_ctx.dump.buf,
					       mcp_ctx.dump.off);

	return 0;
}

static const struct file_operations mc_debug_crashdump_ops = {
	.read = debug_crashdump_read,
	.llseek = default_llseek,
};

static void mcp_dump_mobicore_status(void)
{
	char uuid_str[33];
	int ret = 0;
	int i;

	if (mcp_ctx.dump.off)
		ret = -EBUSY;

	/* read additional info about exception-point and print */
	dev_err(g_ctx.mcd, "<t-base halted. Status dump:");

	for (i = 0; i < ARRAY_SIZE(status_map); i++) {
		uint32_t info;

		if (!mc_fc_info(status_map[i].index, NULL, &info)) {
			dev_err(g_ctx.mcd, "  %-20s= 0x%08x\n",
				status_map[i].msg, info);
			if (ret >= 0)
				ret = kasnprintf(&mcp_ctx.dump,
						 "%-20s= 0x%08x\n",
						 status_map[i].msg, info);
		}
	}

	/* construct UUID string */
	for (i = 0; i < 4; i++) {
		uint32_t info;
		int j;

		if (mc_fc_info(MC_EXT_INFO_ID_MC_EXC_UUID + i, NULL, &info))
			return;

		for (j = 0; j < sizeof(info); j++) {
			snprintf(&uuid_str[(i * sizeof(info) + j) * 2], 3,
				 "%02x", (info >> (j * 8)) & 0xff);
		}
	}

	dev_err(g_ctx.mcd, "  %-20s= 0x%s\n", "mcExcep.uuid", uuid_str);
	if (ret >= 0)
		ret = kasnprintf(&mcp_ctx.dump, "%-20s= 0x%s\n", "mcExcep.uuid",
				 uuid_str);

	if (ret < 0) {
		kfree(mcp_ctx.dump.buf);
		mcp_ctx.dump.off = 0;
		return;
	}

	debugfs_create_file("crashdump", 0400, g_ctx.debug_dir, NULL,
			    &mc_debug_crashdump_ops);
	if (mcp_ctx.crashhandler_cb)
		mcp_ctx.crashhandler_cb();
}

void mcp_session_init(struct mcp_session *session, bool is_gp,
		      const struct identity *identity)
{
	/* close_work is initialized by the caller */
	INIT_LIST_HEAD(&session->list);
	INIT_LIST_HEAD(&session->notifications_list);
	mutex_init(&session->notif_wait_lock);
	init_completion(&session->completion);
	mutex_init(&session->exit_code_lock);
	session->state = MCP_SESSION_RUNNING;
	session->is_gp = is_gp;
	if (is_gp)
		session->identity = *identity;
}

static inline bool mcp_session_isrunning(struct mcp_session *session)
{
	bool ret;

	mutex_lock(&mcp_ctx.sessions_lock);
	ret = session->state == MCP_SESSION_RUNNING;
	mutex_unlock(&mcp_ctx.sessions_lock);
	return ret;
}

/*
 * session remains valid thanks to the upper layers reference counters, but the
 * SWd session may have died, in which case we are informed.
 */
int mcp_session_waitnotif(struct mcp_session *session, int32_t timeout)
{
	int ret = 0;

	mutex_lock(&session->notif_wait_lock);
	if (!mcp_session_isrunning(session)) {
		ret = -ENXIO;
		goto end;
	}

	if (mcp_session_exitcode(session)) {
		ret = -ECOMM;
		goto end;
	}

	if (timeout < 0) {
		ret = wait_for_completion_interruptible(&session->completion);
		if (ret)
			goto end;
	} else {
		ret = wait_for_completion_interruptible_timeout(
			&session->completion, timeout * HZ / 1000);
		if (ret < 0)
			/* Interrupted */
			goto end;

		if (!ret) {
			/* Timed out */
			ret = -ETIME;
			goto end;
		}

		ret = 0;
	}

	if (mcp_session_exitcode(session)) {
		ret = -ECOMM;
		goto end;
	}

	if (!mcp_session_isrunning(session)) {
		ret = -ENXIO;
		goto end;
	}

end:
	mutex_unlock(&session->notif_wait_lock);
	if (ret)
		dev_info(g_ctx.mcd, "%s session %x ec %d ret %d\n", __func__,
			 session->id, session->exit_code, ret);

	return ret;
}

int32_t mcp_session_exitcode(struct mcp_session *session)
{
	int32_t exit_code;

	mutex_lock(&session->exit_code_lock);
	exit_code = session->exit_code;
	mutex_unlock(&session->exit_code_lock);
	if (exit_code)
		dev_info(g_ctx.mcd, "%s session %x ec %d\n", __func__,
			 session->id, exit_code);

	return exit_code;
}

int mcp_suspend(void)
{
	return mcp_set_sleep_mode_rq(MC_FLAG_REQ_TO_SLEEP);
}

int mcp_resume(void)
{
	return mcp_set_sleep_mode_rq(MC_FLAG_NO_SLEEP_REQ);
}

bool mcp_suspended(void)
{
	struct mcp_flags *flags = &mcp_ctx.mcp_buffer->mc_flags;
	bool ret;

	mutex_lock(&mcp_ctx.buffer_lock);
	ret = flags->sleep_mode.ready_to_sleep & MC_STATE_READY_TO_SLEEP;
	if (!ret) {
		MCDRV_DBG("IDLE=%d!", flags->schedule);
		MCDRV_DBG("Request Sleep=%d!", flags->sleep_mode.sleep_req);
		MCDRV_DBG("Sleep Ready=%d!", flags->sleep_mode.ready_to_sleep);
	}

	mutex_unlock(&mcp_ctx.buffer_lock);
	return ret;
}

bool mcp_get_idle_timeout(int32_t *timeout)
{
	uint32_t schedule;
	bool ret;

	mutex_lock(&mcp_ctx.buffer_lock);
	schedule = mcp_ctx.mcp_buffer->mc_flags.schedule;
	if (schedule == MC_FLAG_SCHEDULE_IDLE) {
		if (g_ctx.f_timeout)
			*timeout = mcp_ctx.mcp_buffer->mc_flags.timeout_ms;
		else
			*timeout = -1;

		ret = true;
	} else {
		ret = false;
	}

	mutex_unlock(&mcp_ctx.buffer_lock);
	return ret;
}

void mcp_reset_idle_timeout(void)
{
	mutex_lock(&mcp_ctx.buffer_lock);
	mcp_ctx.mcp_buffer->mc_flags.timeout_ms = -1;
	mutex_unlock(&mcp_ctx.buffer_lock);
}

static inline int wait_mcp_notification(void)
{
	unsigned long timeout = msecs_to_jiffies(MCP_TIMEOUT * 1000);
	int try;

	/*
	 * Total timeout is MCP_TIMEOUT * MCP_RETRIES, but we check for a crash
	 * to try and terminate before then if things go wrong.
	 */
	for (try = 1; try <= MCP_RETRIES; try++) {
		uint32_t status;
		int ret;

		/*
		* Wait non-interruptible to keep MCP synchronised even if caller
		* is interrupted by signal.
		*/
		ret = wait_for_completion_timeout(&mcp_ctx.complete, timeout);
		if (ret > 0)
			return 0;

		MCDRV_ERROR("No answer after %ds", MCP_TIMEOUT * try);

		/* If SWd halted, exit now */
		if (!mc_fc_info(MC_EXT_INFO_ID_MCI_VERSION, &status, NULL) &&
		    (status == MC_STATUS_HALT))
					break;
	}

	/* <t-base halted or dead: dump status */
	mark_mcp_dead();
	mcp_dump_mobicore_status();

	return -ETIME;
}

static int mcp_cmd(union mcp_message *cmd)
{
	int err = 0;
	union mcp_message *msg = &mcp_ctx.mcp_buffer->mcp_message;
	enum cmd_id cmd_id = cmd->cmd_header.cmd_id;

	mutex_lock(&mcp_ctx.queue_lock);
	if (mcp_ctx.mcp_dead)
		goto out;

	/* Copy message to MCP buffer */
	memcpy(msg, cmd, sizeof(*msg));

	/* Poke tbase */
	err = mcp_notify(&mcp_ctx.mcp_session);
	if (!err)
		err = wait_mcp_notification();

	if (err)
		goto out;

	/* Check response ID */
	if (msg->rsp_header.rsp_id != (cmd_id | FLAG_RESPONSE)) {
		MCDRV_ERROR("MCP command got invalid response (0x%X)",
			    msg->rsp_header.rsp_id);
		err = -EBADE;
		goto out;
	}

	/* Convert result */
	switch (msg->rsp_header.result) {
	case MC_MCP_RET_OK:
		err = 0;
		break;
	case MC_MCP_RET_ERR_CLOSE_TASK_FAILED:
	case MC_MCP_RET_ERR_NO_MORE_SESSIONS:
		err = -EBUSY;
		break;
	case MC_MCP_RET_ERR_OUT_OF_RESOURCES:
		err = -ENOSPC;
		break;
	case MC_MCP_RET_ERR_UNKNOWN_UUID:
		err = -ENOENT;
		break;
	case MC_MCP_RET_ERR_WRONG_PUBLIC_KEY:
		err = -EKEYREJECTED;
		break;
	case MC_MCP_RET_ERR_SERVICE_BLOCKED:
		err = -ECONNREFUSED;
		break;
	case MC_MCP_RET_ERR_SERVICE_LOCKED:
		err = -ECONNABORTED;
		break;
	case MC_MCP_RET_ERR_SERVICE_KILLED:
		err = -ECONNRESET;
		break;
	default:
		MCDRV_ERROR("cmd %d returned %d.", cmd_id,
			    msg->rsp_header.result);
		err = -EPERM;
		goto out;
	}

	/* Copy response back to caller struct */
	memcpy(cmd, msg, sizeof(*cmd));

out:
	mutex_unlock(&mcp_ctx.queue_lock);
	return err;
}

int mcp_get_version(struct mc_version_info *version_info)
{
	union mcp_message cmd;
	int ret;

	memset(&cmd, 0, sizeof(cmd));
	cmd.cmd_header.cmd_id = MC_MCP_CMD_GET_MOBICORE_VERSION;
	ret = mcp_cmd(&cmd);
	if (!ret)
		memcpy(version_info, &cmd.rsp_get_version.version_info,
		       sizeof(*version_info));

	return ret;
}

int mcp_load_token(uintptr_t data, const struct mcp_buffer_map *map)
{
	union mcp_message cmd;

	memset(&cmd, 0, sizeof(cmd));
	cmd.cmd_header.cmd_id = MC_MCP_CMD_LOAD_TOKEN;
	cmd.cmd_load_token.wsm_data_type = map->type;
	cmd.cmd_load_token.adr_load_data = map->phys_addr;
	cmd.cmd_load_token.ofs_load_data = map->offset;
	cmd.cmd_load_token.len_load_data = map->length;
	return mcp_cmd(&cmd);
}

int mcp_load_check(const struct tbase_object *obj,
		   const struct mcp_buffer_map *map)
{
	const union mclf_header *header;
	union mcp_message cmd;

	memset(&cmd, 0, sizeof(cmd));
	cmd.cmd_header.cmd_id = MC_MCP_CMD_CHECK_LOAD_TA;
	/* Data */
	cmd.cmd_check_load.wsm_data_type = map->type;
	cmd.cmd_check_load.adr_load_data = map->phys_addr;
	cmd.cmd_check_load.ofs_load_data = map->offset;
	cmd.cmd_check_load.len_load_data = map->length;
	/* Header */
	header = (union mclf_header *)(obj->data + obj->header_length);
	cmd.cmd_check_load.uuid = header->mclf_header_v2.uuid;
	return mcp_cmd(&cmd);
}

int mcp_open_session(struct mcp_session *session,
		     const struct tbase_object *obj,
		     const struct mcp_buffer_map *map,
		     const struct mcp_buffer_map *tci_map)
{
	static DEFINE_MUTEX(local_mutex);
	const union mclf_header *header;
	union mcp_message cmd;
	int ret;

	memset(&cmd, 0, sizeof(cmd));
	cmd.cmd_header.cmd_id = MC_MCP_CMD_OPEN_SESSION;
	/* Data */
	cmd.cmd_open.wsm_data_type = map->type;
	cmd.cmd_open.adr_load_data = map->phys_addr;
	cmd.cmd_open.ofs_load_data = map->offset;
	cmd.cmd_open.len_load_data = map->length;
	/* Buffer */
	if (tci_map) {
		cmd.cmd_open.wsmtype_tci = tci_map->type;
		cmd.cmd_open.adr_tci_buffer = tci_map->phys_addr;
		cmd.cmd_open.ofs_tci_buffer = tci_map->offset;
		cmd.cmd_open.len_tci_buffer = tci_map->length;
	} else {
		cmd.cmd_open.wsmtype_tci = WSM_INVALID;
	}
	/* Header */
	header = (union mclf_header *)(obj->data + obj->header_length);
	cmd.cmd_open.uuid = header->mclf_header_v2.uuid;
	cmd.cmd_open.is_gpta = session->is_gp;
	/* Reset unexpected notification */
	mutex_lock(&local_mutex);
	mcp_ctx.unexp_notif.session_id = SID_MCP;	/* Cannot be */
	if (!g_ctx.f_client_login) {
		memcpy(&cmd.cmd_open.tl_header, header,
		       sizeof(cmd.cmd_open.tl_header));
	} else {
		cmd.cmd_open.cmd_open_data.mclf_magic = MC_GP_CLIENT_AUTH_MAGIC;
		if (session->is_gp)
			cmd.cmd_open.cmd_open_data.identity = session->identity;
	}

	/* Send MCP open command */
	ret = mcp_cmd(&cmd);
	if (!ret) {
		session->id = cmd.rsp_open.session_id;
		/* Add to list of sessions */
		mutex_lock(&mcp_ctx.sessions_lock);
		list_add(&session->list, &mcp_ctx.sessions);
		mutex_unlock(&mcp_ctx.sessions_lock);
		/* Check for spurious notification */
		mutex_lock(&mcp_ctx.unexp_notif_mutex);
		if (mcp_ctx.unexp_notif.session_id == session->id) {
			mutex_lock(&session->exit_code_lock);
			session->exit_code = mcp_ctx.unexp_notif.payload;
			mutex_unlock(&session->exit_code_lock);
			complete(&session->completion);
		}

		mutex_unlock(&mcp_ctx.unexp_notif_mutex);
	}

	mutex_unlock(&local_mutex);
	return ret;
}

/*
 * Legacy and GP TAs close differently:
 * - GP TAs always send a notification with payload, whether on close or crash
 * - Legacy TAs only send a notification with payload on crash
 * - GP TAs may take time to close, and we get -EBUSY back from mcp_cmd
 * - Legacy TAs always close when asked, unless they are driver in which case
 *   they just don't close at all
 */
int mcp_close_session(struct mcp_session *session)
{
	union mcp_message cmd;
	int ret;

	/* state is either MCP_SESSION_RUNNING or MCP_SESSION_CLOSING_GP */
	mutex_lock(&mcp_ctx.sessions_lock);
	if (session->state == MCP_SESSION_RUNNING)
		session->state = MCP_SESSION_CLOSE_PREPARE;

	mutex_unlock(&mcp_ctx.sessions_lock);
	/* Signal an eventual waiter that SWd session is going away */
	complete(&session->completion);
	/* Send MCP command */
	memset(&cmd, 0, sizeof(cmd));
	cmd.cmd_header.cmd_id = MC_MCP_CMD_CLOSE_SESSION;
	cmd.cmd_close.session_id = session->id;
	ret = mcp_cmd(&cmd);
	mutex_lock(&mcp_ctx.sessions_lock);
	/*
	 * The GP TA may already have sent its exit code, in which case the
	 * state has also been changed to MCP_SESSION_CLOSE_NOTIFIED.
	 */
	if (!ret) {
		session->state = MCP_SESSION_CLOSED;
		list_del(&session->list);
		mutex_lock(&mcp_ctx.notifications_mutex);
		list_del(&session->notifications_list);
		mutex_unlock(&mcp_ctx.notifications_mutex);
	} else if (ret == -EBUSY) {
		if (session->state == MCP_SESSION_CLOSE_NOTIFIED)
			/* GP TA already closed */
			schedule_work(&session->close_work);

		session->state = MCP_SESSION_CLOSING_GP;
	} else {
		/* Something is not right, assume session is still running */
		session->state = MCP_SESSION_RUNNING;
	}

	mutex_unlock(&mcp_ctx.sessions_lock);
	return ret;
}

int mcp_map(uint32_t session_id, struct mcp_buffer_map *map)
{
	union mcp_message cmd;
	int ret;

	memset(&cmd, 0, sizeof(cmd));
	cmd.cmd_header.cmd_id = MC_MCP_CMD_MAP;
	cmd.cmd_map.session_id = session_id;
	cmd.cmd_map.wsm_type = map->type;
	cmd.cmd_map.adr_buffer = map->phys_addr;
	cmd.cmd_map.ofs_buffer = map->offset;
	cmd.cmd_map.len_buffer = map->length;
	ret = mcp_cmd(&cmd);
	if (!ret)
		map->secure_va = cmd.rsp_map.secure_va;

	return ret;
}

int mcp_unmap(uint32_t session_id, const struct mcp_buffer_map *map)
{
	union mcp_message cmd;

	memset(&cmd, 0, sizeof(cmd));
	cmd.cmd_header.cmd_id = MC_MCP_CMD_UNMAP;
	cmd.cmd_unmap.session_id = session_id;
	cmd.cmd_unmap.wsm_type = map->type;
	cmd.cmd_unmap.virtual_buffer_len = map->length;
	cmd.cmd_unmap.secure_va = map->secure_va;
	return mcp_cmd(&cmd);
}

int mcp_multimap(uint32_t session_id, struct mcp_buffer_map *maps)
{
	struct mcp_buffer_map *map = maps;
	union mcp_message cmd;
	struct buffer_map *buf = cmd.cmd_multimap.bufs;
	int ret = 0;
	uint32_t i;

	/* Prepare command */
	memset(&cmd, 0, sizeof(cmd));
	cmd.cmd_header.cmd_id = MC_MCP_CMD_MULTIMAP;
	cmd.cmd_multimap.session_id = session_id;
	for (i = 0; i < MC_MAP_MAX; i++, map++, buf++) {
		buf->wsm_type = map->type;
		buf->adr_buffer = map->phys_addr;
		buf->ofs_buffer = map->offset;
		buf->len_buffer = map->length;
	}

	ret = mcp_cmd(&cmd);
	if (ret)
		return ret;

	/* Return secure virtual addresses */
	map = maps;
	for (i = 0; i < MC_MAP_MAX; i++, map++)
		map->secure_va = cmd.rsp_multimap.secure_va[i];

	return 0;
}

int mcp_multiunmap(uint32_t session_id, const struct mcp_buffer_map *maps)
{
	const struct mcp_buffer_map *map = maps;
	union mcp_message cmd;
	struct buffer_unmap *buf = cmd.cmd_multiunmap.bufs;
	uint32_t i;

	memset(&cmd, 0, sizeof(cmd));
	cmd.cmd_header.cmd_id = MC_MCP_CMD_MULTIUNMAP;
	cmd.cmd_multiunmap.session_id = session_id;
	for (i = 0; i < MC_MAP_MAX; i++, map++, buf++) {
		buf->secure_va = map->secure_va;
		buf->len_buffer = map->length;
	}

	return mcp_cmd(&cmd);
}

static int mcp_close(void)
{
	union mcp_message cmd;

	memset(&cmd, 0, sizeof(cmd));
	cmd.cmd_header.cmd_id = MC_MCP_CMD_CLOSE_MCP;
	return mcp_cmd(&cmd);
}

static inline bool notif_queue_full(void)
{
	struct notification_queue *tx = mcp_ctx.nq.tx;

	return (tx->hdr.write_cnt - tx->hdr.read_cnt) == tx->hdr.queue_size;
}

static inline void notif_queue_push(uint32_t session_id)
{
	struct notification_queue_header *hdr = &mcp_ctx.nq.tx->hdr;
	uint32_t i = hdr->write_cnt % hdr->queue_size;

	mcp_ctx.nq.tx->notification[i].session_id = session_id;
	mcp_ctx.nq.tx->notification[i].payload = 0;
	hdr->write_cnt++;
}

static inline bool mcp_notifications_flush_nolock(void)
{
	bool flushed = false;

	while (!list_empty(&mcp_ctx.notifications) && !notif_queue_full()) {
		struct mcp_session *session;

		session = list_first_entry(&mcp_ctx.notifications,
					   struct mcp_session,
					   notifications_list);
		dev_dbg(g_ctx.mcd, "pop %x\n", session->id);
		notif_queue_push(session->id);
		list_del_init(&session->notifications_list);
		flushed = true;
	}

	return flushed;
}

bool mcp_notifications_flush(void)
{
	bool flushed = false;

	mutex_lock(&mcp_ctx.notifications_mutex);
	flushed = mcp_notifications_flush_nolock();
	mutex_unlock(&mcp_ctx.notifications_mutex);
	return flushed;
}

int mcp_notify(struct mcp_session *session)
{
	int ret = 0;

	if (!mcp_ctx.scheduler_cb)
		return -EAGAIN;

	mutex_lock(&mcp_ctx.notifications_mutex);
	if (session->id == SID_MCP)
		dev_dbg(g_ctx.mcd, "notify MCP");
	else
		dev_dbg(g_ctx.mcd, "notify %x", session->id);

	/* Notify TEE */
	if (!list_empty(&mcp_ctx.notifications) || notif_queue_full()) {
		if (!list_empty(&session->notifications_list)) {
			ret = -EAGAIN;
			dev_dbg(g_ctx.mcd, "skip %x\n", session->id);
		} else {
			list_add(&session->notifications_list,
				 &mcp_ctx.notifications);
			dev_dbg(g_ctx.mcd, "push %x\n", session->id);
		}

		mcp_notifications_flush_nolock();

		if (mcp_ctx.scheduler_cb(MCP_YIELD)) {
			MCDRV_ERROR("MC_SMC_N_YIELD failed");
			ret = -EPROTO;
		}
	} else {
		notif_queue_push(session->id);
		if (mcp_ctx.scheduler_cb(MCP_NSIQ)) {
			MCDRV_ERROR("MC_SMC_N_SIQ failed");
			ret = -EPROTO;
		}
	}

	mutex_unlock(&mcp_ctx.notifications_mutex);
	return ret;
}

static inline void handle_mcp_notif(uint32_t exit_code)
{
	dev_dbg(g_ctx.mcd, "notification from MCP ec %d\n", exit_code);
	complete(&mcp_ctx.complete);
}

static inline void handle_session_notif(uint32_t session_id, uint32_t exit_code)
{
	struct mcp_session *session = NULL, *s;

	dev_dbg(g_ctx.mcd, "notification from %x ec %d\n", session_id,
		exit_code);
	mutex_lock(&mcp_ctx.sessions_lock);
	list_for_each_entry(s, &mcp_ctx.sessions, list) {
		if (s->id == session_id) {
			session = s;
			break;
		}
	}

	if (session) {
		/* TA has terminated */
		if (exit_code) {
			/* Update exit code, or not */
			mutex_lock(&session->exit_code_lock);
			/*
			 * In GP, the only way to recover the sessions exit code
			 * is to call TEEC_InvokeCommand which will notify. But
			 * notifying a dead session would change the exit code
			 * to ERR_SID_NOT_ACTIVE, hence the check below.
			 */
			if (!session->is_gp || !session->exit_code ||
			    (exit_code != ERR_SID_NOT_ACTIVE))
				session->exit_code = exit_code;

			mutex_unlock(&session->exit_code_lock);

			/* Update state or schedule close worker */
			if (session->state == MCP_SESSION_CLOSE_PREPARE)
				session->state = MCP_SESSION_CLOSE_NOTIFIED;
			else if (session->state == MCP_SESSION_CLOSING_GP)
				schedule_work(&session->close_work);
		}

		/* Unblock waiter */
		complete(&session->completion);
	}
	mutex_unlock(&mcp_ctx.sessions_lock);

	/* Unknown session, probably being started */
	if (!session) {
		mutex_lock(&mcp_ctx.unexp_notif_mutex);
		mcp_ctx.unexp_notif.session_id = session_id;
		mcp_ctx.unexp_notif.payload = exit_code;
		mutex_unlock(&mcp_ctx.unexp_notif_mutex);
	}
}

static void mc_irq_worker(struct work_struct *data)
{
	struct notification_queue *rx = mcp_ctx.nq.rx;

	/* Deal with all pending notifications in one go */
	while ((rx->hdr.write_cnt - rx->hdr.read_cnt) > 0) {
		struct notification nf;

		nf = rx->notification[rx->hdr.read_cnt++ % rx->hdr.queue_size];
		if (nf.session_id == SID_MCP)
			handle_mcp_notif(nf.payload);
		else
			handle_session_notif(nf.session_id, nf.payload);
	}

	/*
	 * Finished processing notifications. It does not matter whether
	 * there actually were any notification or not.  S-SIQs can also
	 * be triggered by an SWd driver which was waiting for a FIQ.
	 * In this case the S-SIQ tells NWd that SWd is no longer idle
	 * an will need scheduling again.
	 */
	if (mcp_ctx.scheduler_cb)
		mcp_ctx.scheduler_cb(MCP_NSIQ);
}

/*
 * This function represents the interrupt function of the mcDrvModule.
 * It signals by incrementing of an event counter and the start of the read
 * waiting queue, the read function a interrupt has occurred.
 */
static irqreturn_t irq_handler(int intr, void *arg)
{
	/* wake up thread to continue handling this interrupt */
	schedule_work(&irq_work);
	return IRQ_HANDLED;
}

void mcp_register_scheduler(int (*scheduler_cb)(enum mcp_scheduler_commands))
{
	mcp_ctx.scheduler_cb = scheduler_cb;
}

void mcp_register_crashhandler(void (*crashhandler_cb)(void))
{
	mcp_ctx.crashhandler_cb = crashhandler_cb;
}

int mcp_start(void)
{
	size_t q_len = ALIGN(2 * (sizeof(struct notification_queue_header) +
		NQ_NUM_ELEMS * sizeof(struct notification)), 4);
	int ret;

	/* Make sure we have an interrupt number before going on */
#if defined(CONFIG_OF)
	mcp_ctx.irq = irq_of_parse_and_map(g_ctx.mcd->of_node, 0);
#endif
#if defined(MC_INTR_SSIQ)
	if (mcp_ctx.irq <= 0)
		mcp_ctx.irq = MC_INTR_SSIQ;
#endif

	if (mcp_ctx.irq <= 0) {
		MCDRV_ERROR("No IRQ number, aborting");
		return -EINVAL;
	}

	/* Call the INIT fastcall to setup shared buffers */
	ret = mc_fc_init(virt_to_phys(mcp_ctx.base),
			 (uintptr_t)mcp_ctx.mcp_buffer -
				(uintptr_t)mcp_ctx.base,
			 q_len, sizeof(*mcp_ctx.mcp_buffer));
	if (ret)
		return ret;

	/* First empty N-SIQ to setup of the MCI structure */
	ret = mc_fc_nsiq();
	if (ret)
		return ret;

	/*
	 * Wait until <t-base state switches to MC_STATUS_INITIALIZED
	 * It is assumed that <t-base always switches state at a certain
	 * point in time.
	 */
	do {
		uint32_t status = 0;
		uint32_t timeslot;

		ret = mc_fc_info(MC_EXT_INFO_ID_MCI_VERSION, &status, NULL);
		if (ret)
			return ret;

		switch (status) {
		case MC_STATUS_NOT_INITIALIZED:
			/* Switch to <t-base to give it more CPU time. */
			ret = EAGAIN;
			for (timeslot = 0; timeslot < 10; timeslot++) {
				int tmp_ret = mc_fc_yield();

				if (tmp_ret)
					return tmp_ret;
			}

			/* No need to loop like mad */
			if (ret == EAGAIN)
				usleep_range(100, 500);

			break;
		case MC_STATUS_HALT:
			mcp_dump_mobicore_status();
			MCDRV_ERROR("halt during init, state 0x%x", status);
			return -ENODEV;
		case MC_STATUS_INITIALIZED:
			MCDRV_DBG("ready");
			break;
		default:
			/* MC_STATUS_BAD_INIT or anything else */
			MCDRV_ERROR("MCI init failed, state 0x%x", status);
			return -EIO;
		}
	} while (ret == EAGAIN);

	/* Set up S-SIQ interrupt handler */
	return request_irq(mcp_ctx.irq, irq_handler, IRQF_TRIGGER_RISING,
			   MC_ADMIN_DEVNODE, NULL);
}

void mcp_stop(void)
{
	mcp_close();
	mcp_ctx.scheduler_cb = NULL;
	free_irq(mcp_ctx.irq, NULL);
	flush_work(&irq_work);
}

int mcp_init(void)
{
	size_t q_len;
	unsigned long mci;

	mutex_init(&mcp_ctx.buffer_lock);
	mutex_init(&mcp_ctx.queue_lock);
	init_completion(&mcp_ctx.complete);
	/* Setup notification queue mutex */
	mutex_init(&mcp_ctx.notifications_mutex);
	INIT_LIST_HEAD(&mcp_ctx.notifications);
	mcp_session_init(&mcp_ctx.mcp_session, false, NULL);
	mcp_ctx.mcp_session.id = SID_MCP;
	mutex_init(&mcp_ctx.unexp_notif_mutex);
	INIT_LIST_HEAD(&mcp_ctx.sessions);
	mutex_init(&mcp_ctx.sessions_lock);

	/* NQ_NUM_ELEMS must be power of 2 */
	q_len = ALIGN(2 * (sizeof(struct notification_queue_header) +
			   NQ_NUM_ELEMS * sizeof(struct notification)), 4);
	if (q_len + sizeof(*mcp_ctx.mcp_buffer) > (uint16_t)-1) {
		MCDRV_DBG_WARN("queues too large (more than 64k), sorry...");
		return -EINVAL;
	}

	mcp_ctx.order = get_order(q_len + sizeof(*mcp_ctx.mcp_buffer));
	mci = __get_free_pages(GFP_USER | __GFP_ZERO, mcp_ctx.order);
	if (!mci)
		return -ENOMEM;

	mcp_ctx.nq.tx = (struct notification_queue *)mci;
	mcp_ctx.nq.tx->hdr.queue_size = NQ_NUM_ELEMS;
	mci += sizeof(struct notification_queue_header) +
	    mcp_ctx.nq.tx->hdr.queue_size * sizeof(struct notification);

	mcp_ctx.nq.rx = (struct notification_queue *)mci;
	mcp_ctx.nq.rx->hdr.queue_size = NQ_NUM_ELEMS;
	mci += sizeof(struct notification_queue_header) +
	    mcp_ctx.nq.rx->hdr.queue_size * sizeof(struct notification);

	mcp_ctx.mcp_buffer = (void *)ALIGN(mci, 4);
	return 0;
}

void mcp_exit(void)
{
	mark_mcp_dead();
	if (mcp_ctx.dump.off)
		kfree(mcp_ctx.dump.buf);

	free_pages((unsigned long)mcp_ctx.base, mcp_ctx.order);
}