main.c 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421
  1. // SPDX-License-Identifier: GPL-2.0-only
  2. /*
  3. * Copyright (c) 2024-2025, NVIDIA CORPORATION & AFFILIATES
  4. */
  5. #define pr_fmt(fmt) "fwctl: " fmt
  6. #include <linux/fwctl.h>
  7. #include <linux/container_of.h>
  8. #include <linux/fs.h>
  9. #include <linux/module.h>
  10. #include <linux/sizes.h>
  11. #include <linux/slab.h>
  12. #include <uapi/fwctl/fwctl.h>
  13. enum {
  14. FWCTL_MAX_DEVICES = 4096,
  15. MAX_RPC_LEN = SZ_2M,
  16. };
  17. static_assert(FWCTL_MAX_DEVICES < (1U << MINORBITS));
  18. static dev_t fwctl_dev;
  19. static DEFINE_IDA(fwctl_ida);
  20. static unsigned long fwctl_tainted;
  21. struct fwctl_ucmd {
  22. struct fwctl_uctx *uctx;
  23. void __user *ubuffer;
  24. void *cmd;
  25. u32 user_size;
  26. };
  27. static int ucmd_respond(struct fwctl_ucmd *ucmd, size_t cmd_len)
  28. {
  29. if (copy_to_user(ucmd->ubuffer, ucmd->cmd,
  30. min_t(size_t, ucmd->user_size, cmd_len)))
  31. return -EFAULT;
  32. return 0;
  33. }
  34. static int copy_to_user_zero_pad(void __user *to, const void *from,
  35. size_t from_len, size_t user_len)
  36. {
  37. size_t copy_len;
  38. copy_len = min(from_len, user_len);
  39. if (copy_to_user(to, from, copy_len))
  40. return -EFAULT;
  41. if (copy_len < user_len) {
  42. if (clear_user(to + copy_len, user_len - copy_len))
  43. return -EFAULT;
  44. }
  45. return 0;
  46. }
  47. static int fwctl_cmd_info(struct fwctl_ucmd *ucmd)
  48. {
  49. struct fwctl_device *fwctl = ucmd->uctx->fwctl;
  50. struct fwctl_info *cmd = ucmd->cmd;
  51. size_t driver_info_len = 0;
  52. if (cmd->flags)
  53. return -EOPNOTSUPP;
  54. if (!fwctl->ops->info && cmd->device_data_len) {
  55. if (clear_user(u64_to_user_ptr(cmd->out_device_data),
  56. cmd->device_data_len))
  57. return -EFAULT;
  58. } else if (cmd->device_data_len) {
  59. void *driver_info __free(kfree) =
  60. fwctl->ops->info(ucmd->uctx, &driver_info_len);
  61. if (IS_ERR(driver_info))
  62. return PTR_ERR(driver_info);
  63. if (copy_to_user_zero_pad(u64_to_user_ptr(cmd->out_device_data),
  64. driver_info, driver_info_len,
  65. cmd->device_data_len))
  66. return -EFAULT;
  67. }
  68. cmd->out_device_type = fwctl->ops->device_type;
  69. cmd->device_data_len = driver_info_len;
  70. return ucmd_respond(ucmd, sizeof(*cmd));
  71. }
  72. static int fwctl_cmd_rpc(struct fwctl_ucmd *ucmd)
  73. {
  74. struct fwctl_device *fwctl = ucmd->uctx->fwctl;
  75. struct fwctl_rpc *cmd = ucmd->cmd;
  76. size_t out_len;
  77. if (cmd->in_len > MAX_RPC_LEN || cmd->out_len > MAX_RPC_LEN)
  78. return -EMSGSIZE;
  79. switch (cmd->scope) {
  80. case FWCTL_RPC_CONFIGURATION:
  81. case FWCTL_RPC_DEBUG_READ_ONLY:
  82. break;
  83. case FWCTL_RPC_DEBUG_WRITE_FULL:
  84. if (!capable(CAP_SYS_RAWIO))
  85. return -EPERM;
  86. fallthrough;
  87. case FWCTL_RPC_DEBUG_WRITE:
  88. if (!test_and_set_bit(0, &fwctl_tainted)) {
  89. dev_warn(
  90. &fwctl->dev,
  91. "%s(%d): has requested full access to the physical device",
  92. current->comm, task_pid_nr(current));
  93. add_taint(TAINT_FWCTL, LOCKDEP_STILL_OK);
  94. }
  95. break;
  96. default:
  97. return -EOPNOTSUPP;
  98. }
  99. void *inbuf __free(kvfree) = kvzalloc(cmd->in_len, GFP_KERNEL_ACCOUNT);
  100. if (!inbuf)
  101. return -ENOMEM;
  102. if (copy_from_user(inbuf, u64_to_user_ptr(cmd->in), cmd->in_len))
  103. return -EFAULT;
  104. out_len = cmd->out_len;
  105. void *outbuf __free(kvfree) = fwctl->ops->fw_rpc(
  106. ucmd->uctx, cmd->scope, inbuf, cmd->in_len, &out_len);
  107. if (IS_ERR(outbuf))
  108. return PTR_ERR(outbuf);
  109. if (outbuf == inbuf) {
  110. /* The driver can re-use inbuf as outbuf */
  111. inbuf = NULL;
  112. }
  113. if (copy_to_user(u64_to_user_ptr(cmd->out), outbuf,
  114. min(cmd->out_len, out_len)))
  115. return -EFAULT;
  116. cmd->out_len = out_len;
  117. return ucmd_respond(ucmd, sizeof(*cmd));
  118. }
  119. /* On stack memory for the ioctl structs */
  120. union fwctl_ucmd_buffer {
  121. struct fwctl_info info;
  122. struct fwctl_rpc rpc;
  123. };
  124. struct fwctl_ioctl_op {
  125. unsigned int size;
  126. unsigned int min_size;
  127. unsigned int ioctl_num;
  128. int (*execute)(struct fwctl_ucmd *ucmd);
  129. };
  130. #define IOCTL_OP(_ioctl, _fn, _struct, _last) \
  131. [_IOC_NR(_ioctl) - FWCTL_CMD_BASE] = { \
  132. .size = sizeof(_struct) + \
  133. BUILD_BUG_ON_ZERO(sizeof(union fwctl_ucmd_buffer) < \
  134. sizeof(_struct)), \
  135. .min_size = offsetofend(_struct, _last), \
  136. .ioctl_num = _ioctl, \
  137. .execute = _fn, \
  138. }
  139. static const struct fwctl_ioctl_op fwctl_ioctl_ops[] = {
  140. IOCTL_OP(FWCTL_INFO, fwctl_cmd_info, struct fwctl_info, out_device_data),
  141. IOCTL_OP(FWCTL_RPC, fwctl_cmd_rpc, struct fwctl_rpc, out),
  142. };
  143. static long fwctl_fops_ioctl(struct file *filp, unsigned int cmd,
  144. unsigned long arg)
  145. {
  146. struct fwctl_uctx *uctx = filp->private_data;
  147. const struct fwctl_ioctl_op *op;
  148. struct fwctl_ucmd ucmd = {};
  149. union fwctl_ucmd_buffer buf;
  150. unsigned int nr;
  151. int ret;
  152. nr = _IOC_NR(cmd);
  153. if ((nr - FWCTL_CMD_BASE) >= ARRAY_SIZE(fwctl_ioctl_ops))
  154. return -ENOIOCTLCMD;
  155. op = &fwctl_ioctl_ops[nr - FWCTL_CMD_BASE];
  156. if (op->ioctl_num != cmd)
  157. return -ENOIOCTLCMD;
  158. ucmd.uctx = uctx;
  159. ucmd.cmd = &buf;
  160. ucmd.ubuffer = (void __user *)arg;
  161. ret = get_user(ucmd.user_size, (u32 __user *)ucmd.ubuffer);
  162. if (ret)
  163. return ret;
  164. if (ucmd.user_size < op->min_size)
  165. return -EINVAL;
  166. ret = copy_struct_from_user(ucmd.cmd, op->size, ucmd.ubuffer,
  167. ucmd.user_size);
  168. if (ret)
  169. return ret;
  170. guard(rwsem_read)(&uctx->fwctl->registration_lock);
  171. if (!uctx->fwctl->ops)
  172. return -ENODEV;
  173. return op->execute(&ucmd);
  174. }
  175. static int fwctl_fops_open(struct inode *inode, struct file *filp)
  176. {
  177. struct fwctl_device *fwctl =
  178. container_of(inode->i_cdev, struct fwctl_device, cdev);
  179. int ret;
  180. guard(rwsem_read)(&fwctl->registration_lock);
  181. if (!fwctl->ops)
  182. return -ENODEV;
  183. struct fwctl_uctx *uctx __free(kfree) =
  184. kzalloc(fwctl->ops->uctx_size, GFP_KERNEL_ACCOUNT);
  185. if (!uctx)
  186. return -ENOMEM;
  187. uctx->fwctl = fwctl;
  188. ret = fwctl->ops->open_uctx(uctx);
  189. if (ret)
  190. return ret;
  191. scoped_guard(mutex, &fwctl->uctx_list_lock) {
  192. list_add_tail(&uctx->uctx_list_entry, &fwctl->uctx_list);
  193. }
  194. get_device(&fwctl->dev);
  195. filp->private_data = no_free_ptr(uctx);
  196. return 0;
  197. }
  198. static void fwctl_destroy_uctx(struct fwctl_uctx *uctx)
  199. {
  200. lockdep_assert_held(&uctx->fwctl->uctx_list_lock);
  201. list_del(&uctx->uctx_list_entry);
  202. uctx->fwctl->ops->close_uctx(uctx);
  203. }
  204. static int fwctl_fops_release(struct inode *inode, struct file *filp)
  205. {
  206. struct fwctl_uctx *uctx = filp->private_data;
  207. struct fwctl_device *fwctl = uctx->fwctl;
  208. scoped_guard(rwsem_read, &fwctl->registration_lock) {
  209. /*
  210. * NULL ops means fwctl_unregister() has already removed the
  211. * driver and destroyed the uctx.
  212. */
  213. if (fwctl->ops) {
  214. guard(mutex)(&fwctl->uctx_list_lock);
  215. fwctl_destroy_uctx(uctx);
  216. }
  217. }
  218. kfree(uctx);
  219. fwctl_put(fwctl);
  220. return 0;
  221. }
  222. static const struct file_operations fwctl_fops = {
  223. .owner = THIS_MODULE,
  224. .open = fwctl_fops_open,
  225. .release = fwctl_fops_release,
  226. .unlocked_ioctl = fwctl_fops_ioctl,
  227. };
  228. static void fwctl_device_release(struct device *device)
  229. {
  230. struct fwctl_device *fwctl =
  231. container_of(device, struct fwctl_device, dev);
  232. ida_free(&fwctl_ida, fwctl->dev.devt - fwctl_dev);
  233. mutex_destroy(&fwctl->uctx_list_lock);
  234. kfree(fwctl);
  235. }
  236. static char *fwctl_devnode(const struct device *dev, umode_t *mode)
  237. {
  238. return kasprintf(GFP_KERNEL, "fwctl/%s", dev_name(dev));
  239. }
  240. static struct class fwctl_class = {
  241. .name = "fwctl",
  242. .dev_release = fwctl_device_release,
  243. .devnode = fwctl_devnode,
  244. };
  245. static struct fwctl_device *
  246. _alloc_device(struct device *parent, const struct fwctl_ops *ops, size_t size)
  247. {
  248. struct fwctl_device *fwctl __free(kfree) = kzalloc(size, GFP_KERNEL);
  249. int devnum;
  250. if (!fwctl)
  251. return NULL;
  252. devnum = ida_alloc_max(&fwctl_ida, FWCTL_MAX_DEVICES - 1, GFP_KERNEL);
  253. if (devnum < 0)
  254. return NULL;
  255. fwctl->dev.devt = fwctl_dev + devnum;
  256. fwctl->dev.class = &fwctl_class;
  257. fwctl->dev.parent = parent;
  258. init_rwsem(&fwctl->registration_lock);
  259. mutex_init(&fwctl->uctx_list_lock);
  260. INIT_LIST_HEAD(&fwctl->uctx_list);
  261. device_initialize(&fwctl->dev);
  262. return_ptr(fwctl);
  263. }
  264. /* Drivers use the fwctl_alloc_device() wrapper */
  265. struct fwctl_device *_fwctl_alloc_device(struct device *parent,
  266. const struct fwctl_ops *ops,
  267. size_t size)
  268. {
  269. struct fwctl_device *fwctl __free(fwctl) =
  270. _alloc_device(parent, ops, size);
  271. if (!fwctl)
  272. return NULL;
  273. cdev_init(&fwctl->cdev, &fwctl_fops);
  274. /*
  275. * The driver module is protected by fwctl_register/unregister(),
  276. * unregister won't complete until we are done with the driver's module.
  277. */
  278. fwctl->cdev.owner = THIS_MODULE;
  279. if (dev_set_name(&fwctl->dev, "fwctl%d", fwctl->dev.devt - fwctl_dev))
  280. return NULL;
  281. fwctl->ops = ops;
  282. return_ptr(fwctl);
  283. }
  284. EXPORT_SYMBOL_NS_GPL(_fwctl_alloc_device, "FWCTL");
  285. /**
  286. * fwctl_register - Register a new device to the subsystem
  287. * @fwctl: Previously allocated fwctl_device
  288. *
  289. * On return the device is visible through sysfs and /dev, driver ops may be
  290. * called.
  291. */
  292. int fwctl_register(struct fwctl_device *fwctl)
  293. {
  294. return cdev_device_add(&fwctl->cdev, &fwctl->dev);
  295. }
  296. EXPORT_SYMBOL_NS_GPL(fwctl_register, "FWCTL");
  297. /**
  298. * fwctl_unregister - Unregister a device from the subsystem
  299. * @fwctl: Previously allocated and registered fwctl_device
  300. *
  301. * Undoes fwctl_register(). On return no driver ops will be called. The
  302. * caller must still call fwctl_put() to free the fwctl.
  303. *
  304. * Unregister will return even if userspace still has file descriptors open.
  305. * This will call ops->close_uctx() on any open FDs and after return no driver
  306. * op will be called. The FDs remain open but all fops will return -ENODEV.
  307. *
  308. * The design of fwctl allows this sort of disassociation of the driver from the
  309. * subsystem primarily by keeping memory allocations owned by the core subsytem.
  310. * The fwctl_device and fwctl_uctx can both be freed without requiring a driver
  311. * callback. This allows the module to remain unlocked while FDs are open.
  312. */
  313. void fwctl_unregister(struct fwctl_device *fwctl)
  314. {
  315. struct fwctl_uctx *uctx;
  316. cdev_device_del(&fwctl->cdev, &fwctl->dev);
  317. /* Disable and free the driver's resources for any still open FDs. */
  318. guard(rwsem_write)(&fwctl->registration_lock);
  319. guard(mutex)(&fwctl->uctx_list_lock);
  320. while ((uctx = list_first_entry_or_null(&fwctl->uctx_list,
  321. struct fwctl_uctx,
  322. uctx_list_entry)))
  323. fwctl_destroy_uctx(uctx);
  324. /*
  325. * The driver module may unload after this returns, the op pointer will
  326. * not be valid.
  327. */
  328. fwctl->ops = NULL;
  329. }
  330. EXPORT_SYMBOL_NS_GPL(fwctl_unregister, "FWCTL");
  331. static int __init fwctl_init(void)
  332. {
  333. int ret;
  334. ret = alloc_chrdev_region(&fwctl_dev, 0, FWCTL_MAX_DEVICES, "fwctl");
  335. if (ret)
  336. return ret;
  337. ret = class_register(&fwctl_class);
  338. if (ret)
  339. goto err_chrdev;
  340. return 0;
  341. err_chrdev:
  342. unregister_chrdev_region(fwctl_dev, FWCTL_MAX_DEVICES);
  343. return ret;
  344. }
  345. static void __exit fwctl_exit(void)
  346. {
  347. class_unregister(&fwctl_class);
  348. unregister_chrdev_region(fwctl_dev, FWCTL_MAX_DEVICES);
  349. }
  350. module_init(fwctl_init);
  351. module_exit(fwctl_exit);
  352. MODULE_DESCRIPTION("fwctl device firmware access framework");
  353. MODULE_LICENSE("GPL");