main.c 30 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374
  1. // SPDX-License-Identifier: GPL-2.0
  2. /*
  3. * Copyright (c) 2003-2022, Intel Corporation. All rights reserved.
  4. * Intel Management Engine Interface (Intel MEI) Linux driver
  5. */
  6. #include <linux/module.h>
  7. #include <linux/moduleparam.h>
  8. #include <linux/kernel.h>
  9. #include <linux/device.h>
  10. #include <linux/slab.h>
  11. #include <linux/fs.h>
  12. #include <linux/errno.h>
  13. #include <linux/types.h>
  14. #include <linux/fcntl.h>
  15. #include <linux/poll.h>
  16. #include <linux/init.h>
  17. #include <linux/ioctl.h>
  18. #include <linux/cdev.h>
  19. #include <linux/sched/signal.h>
  20. #include <linux/compat.h>
  21. #include <linux/jiffies.h>
  22. #include <linux/interrupt.h>
  23. #include <linux/mei.h>
  24. #include "mei_dev.h"
  25. #include "client.h"
  26. static const struct class mei_class = {
  27. .name = "mei",
  28. };
  29. static dev_t mei_devt;
  30. #define MEI_MAX_DEVS MINORMASK
  31. static DEFINE_MUTEX(mei_minor_lock);
  32. static DEFINE_IDR(mei_idr);
  33. /**
  34. * mei_open - the open function
  35. *
  36. * @inode: pointer to inode structure
  37. * @file: pointer to file structure
  38. *
  39. * Return: 0 on success, <0 on error
  40. */
  41. static int mei_open(struct inode *inode, struct file *file)
  42. {
  43. struct mei_device *dev;
  44. struct mei_cl *cl;
  45. int err;
  46. dev = idr_find(&mei_idr, iminor(inode));
  47. if (!dev)
  48. return -ENODEV;
  49. get_device(&dev->dev);
  50. mutex_lock(&dev->device_lock);
  51. if (dev->dev_state != MEI_DEV_ENABLED) {
  52. dev_dbg(&dev->dev, "dev_state != MEI_ENABLED dev_state = %s\n",
  53. mei_dev_state_str(dev->dev_state));
  54. err = -ENODEV;
  55. goto err_unlock;
  56. }
  57. cl = mei_cl_alloc_linked(dev);
  58. if (IS_ERR(cl)) {
  59. err = PTR_ERR(cl);
  60. goto err_unlock;
  61. }
  62. cl->fp = file;
  63. file->private_data = cl;
  64. mutex_unlock(&dev->device_lock);
  65. return nonseekable_open(inode, file);
  66. err_unlock:
  67. mutex_unlock(&dev->device_lock);
  68. put_device(&dev->dev);
  69. return err;
  70. }
  71. /**
  72. * mei_cl_vtag_remove_by_fp - remove vtag that corresponds to fp from list
  73. *
  74. * @cl: host client
  75. * @fp: pointer to file structure
  76. *
  77. */
  78. static void mei_cl_vtag_remove_by_fp(const struct mei_cl *cl,
  79. const struct file *fp)
  80. {
  81. struct mei_cl_vtag *vtag_l, *next;
  82. list_for_each_entry_safe(vtag_l, next, &cl->vtag_map, list) {
  83. if (vtag_l->fp == fp) {
  84. list_del(&vtag_l->list);
  85. kfree(vtag_l);
  86. return;
  87. }
  88. }
  89. }
  90. /**
  91. * mei_release - the release function
  92. *
  93. * @inode: pointer to inode structure
  94. * @file: pointer to file structure
  95. *
  96. * Return: 0 on success, <0 on error
  97. */
  98. static int mei_release(struct inode *inode, struct file *file)
  99. {
  100. struct mei_cl *cl = file->private_data;
  101. struct mei_device *dev;
  102. int rets;
  103. if (WARN_ON(!cl || !cl->dev))
  104. return -ENODEV;
  105. dev = cl->dev;
  106. mutex_lock(&dev->device_lock);
  107. mei_cl_vtag_remove_by_fp(cl, file);
  108. if (!list_empty(&cl->vtag_map)) {
  109. cl_dbg(dev, cl, "not the last vtag\n");
  110. mei_cl_flush_queues(cl, file);
  111. rets = 0;
  112. goto out;
  113. }
  114. rets = mei_cl_disconnect(cl);
  115. /*
  116. * Check again: This is necessary since disconnect releases the lock
  117. * and another client can connect in the meantime.
  118. */
  119. if (!list_empty(&cl->vtag_map)) {
  120. cl_dbg(dev, cl, "not the last vtag after disconnect\n");
  121. mei_cl_flush_queues(cl, file);
  122. goto out;
  123. }
  124. mei_cl_flush_queues(cl, NULL);
  125. cl_dbg(dev, cl, "removing\n");
  126. mei_cl_unlink(cl);
  127. kfree(cl);
  128. out:
  129. file->private_data = NULL;
  130. mutex_unlock(&dev->device_lock);
  131. put_device(&dev->dev);
  132. return rets;
  133. }
  134. /**
  135. * mei_read - the read function.
  136. *
  137. * @file: pointer to file structure
  138. * @ubuf: pointer to user buffer
  139. * @length: buffer length
  140. * @offset: data offset in buffer
  141. *
  142. * Return: >=0 data length on success , <0 on error
  143. */
  144. static ssize_t mei_read(struct file *file, char __user *ubuf,
  145. size_t length, loff_t *offset)
  146. {
  147. struct mei_cl *cl = file->private_data;
  148. struct mei_device *dev;
  149. struct mei_cl_cb *cb = NULL;
  150. bool nonblock = !!(file->f_flags & O_NONBLOCK);
  151. ssize_t rets;
  152. if (WARN_ON(!cl || !cl->dev))
  153. return -ENODEV;
  154. dev = cl->dev;
  155. mutex_lock(&dev->device_lock);
  156. if (dev->dev_state != MEI_DEV_ENABLED) {
  157. rets = -ENODEV;
  158. goto out;
  159. }
  160. if (length == 0) {
  161. rets = 0;
  162. goto out;
  163. }
  164. if (ubuf == NULL) {
  165. rets = -EMSGSIZE;
  166. goto out;
  167. }
  168. cb = mei_cl_read_cb(cl, file);
  169. if (cb)
  170. goto copy_buffer;
  171. if (*offset > 0)
  172. *offset = 0;
  173. rets = mei_cl_read_start(cl, length, file);
  174. if (rets && rets != -EBUSY) {
  175. cl_dbg(dev, cl, "mei start read failure status = %zd\n", rets);
  176. goto out;
  177. }
  178. if (nonblock) {
  179. rets = -EAGAIN;
  180. goto out;
  181. }
  182. mutex_unlock(&dev->device_lock);
  183. if (wait_event_interruptible(cl->rx_wait,
  184. mei_cl_read_cb(cl, file) ||
  185. !mei_cl_is_connected(cl))) {
  186. if (signal_pending(current))
  187. return -EINTR;
  188. return -ERESTARTSYS;
  189. }
  190. mutex_lock(&dev->device_lock);
  191. if (!mei_cl_is_connected(cl)) {
  192. rets = -ENODEV;
  193. goto out;
  194. }
  195. cb = mei_cl_read_cb(cl, file);
  196. if (!cb) {
  197. rets = 0;
  198. goto out;
  199. }
  200. copy_buffer:
  201. /* now copy the data to user space */
  202. if (cb->status) {
  203. rets = cb->status;
  204. cl_dbg(dev, cl, "read operation failed %zd\n", rets);
  205. goto free;
  206. }
  207. cl_dbg(dev, cl, "buf.size = %zu buf.idx = %zu offset = %lld\n",
  208. cb->buf.size, cb->buf_idx, *offset);
  209. if (*offset >= cb->buf_idx) {
  210. rets = 0;
  211. goto free;
  212. }
  213. /* length is being truncated to PAGE_SIZE,
  214. * however buf_idx may point beyond that */
  215. length = min_t(size_t, length, cb->buf_idx - *offset);
  216. if (copy_to_user(ubuf, cb->buf.data + *offset, length)) {
  217. cl_dbg(dev, cl, "failed to copy data to userland\n");
  218. rets = -EFAULT;
  219. goto free;
  220. }
  221. rets = length;
  222. *offset += length;
  223. /* not all data was read, keep the cb */
  224. if (*offset < cb->buf_idx)
  225. goto out;
  226. free:
  227. mei_cl_del_rd_completed(cl, cb);
  228. *offset = 0;
  229. out:
  230. cl_dbg(dev, cl, "end mei read rets = %zd\n", rets);
  231. mutex_unlock(&dev->device_lock);
  232. return rets;
  233. }
  234. /**
  235. * mei_cl_vtag_by_fp - obtain the vtag by file pointer
  236. *
  237. * @cl: host client
  238. * @fp: pointer to file structure
  239. *
  240. * Return: vtag value on success, otherwise 0
  241. */
  242. static u8 mei_cl_vtag_by_fp(const struct mei_cl *cl, const struct file *fp)
  243. {
  244. struct mei_cl_vtag *cl_vtag;
  245. if (!fp)
  246. return 0;
  247. list_for_each_entry(cl_vtag, &cl->vtag_map, list)
  248. if (cl_vtag->fp == fp)
  249. return cl_vtag->vtag;
  250. return 0;
  251. }
  252. /**
  253. * mei_write - the write function.
  254. *
  255. * @file: pointer to file structure
  256. * @ubuf: pointer to user buffer
  257. * @length: buffer length
  258. * @offset: data offset in buffer
  259. *
  260. * Return: >=0 data length on success , <0 on error
  261. */
  262. static ssize_t mei_write(struct file *file, const char __user *ubuf,
  263. size_t length, loff_t *offset)
  264. {
  265. struct mei_cl *cl = file->private_data;
  266. struct mei_cl_cb *cb;
  267. struct mei_device *dev;
  268. ssize_t rets;
  269. if (WARN_ON(!cl || !cl->dev))
  270. return -ENODEV;
  271. dev = cl->dev;
  272. mutex_lock(&dev->device_lock);
  273. if (dev->dev_state != MEI_DEV_ENABLED) {
  274. rets = -ENODEV;
  275. goto out;
  276. }
  277. if (!mei_cl_is_connected(cl)) {
  278. cl_dbg(dev, cl, "is not connected");
  279. rets = -ENODEV;
  280. goto out;
  281. }
  282. if (!mei_me_cl_is_active(cl->me_cl)) {
  283. rets = -ENOTTY;
  284. goto out;
  285. }
  286. if (length > mei_cl_mtu(cl)) {
  287. rets = -EFBIG;
  288. goto out;
  289. }
  290. if (length == 0) {
  291. rets = 0;
  292. goto out;
  293. }
  294. while (cl->tx_cb_queued >= dev->tx_queue_limit) {
  295. if (file->f_flags & O_NONBLOCK) {
  296. rets = -EAGAIN;
  297. goto out;
  298. }
  299. mutex_unlock(&dev->device_lock);
  300. rets = wait_event_interruptible(cl->tx_wait,
  301. cl->writing_state == MEI_WRITE_COMPLETE ||
  302. (!mei_cl_is_connected(cl)));
  303. mutex_lock(&dev->device_lock);
  304. if (rets) {
  305. if (signal_pending(current))
  306. rets = -EINTR;
  307. goto out;
  308. }
  309. if (!mei_cl_is_connected(cl)) {
  310. rets = -ENODEV;
  311. goto out;
  312. }
  313. }
  314. cb = mei_cl_alloc_cb(cl, length, MEI_FOP_WRITE, file);
  315. if (!cb) {
  316. rets = -ENOMEM;
  317. goto out;
  318. }
  319. cb->vtag = mei_cl_vtag_by_fp(cl, file);
  320. rets = copy_from_user(cb->buf.data, ubuf, length);
  321. if (rets) {
  322. cl_dbg(dev, cl, "failed to copy data from userland\n");
  323. rets = -EFAULT;
  324. mei_io_cb_free(cb);
  325. goto out;
  326. }
  327. rets = mei_cl_write(cl, cb, MAX_SCHEDULE_TIMEOUT);
  328. out:
  329. mutex_unlock(&dev->device_lock);
  330. return rets;
  331. }
  332. /**
  333. * mei_ioctl_connect_client - the connect to fw client IOCTL function
  334. *
  335. * @file: private data of the file object
  336. * @in_client_uuid: requested UUID for connection
  337. * @client: IOCTL connect data, output parameters
  338. *
  339. * Locking: called under "dev->device_lock" lock
  340. *
  341. * Return: 0 on success, <0 on failure.
  342. */
  343. static int mei_ioctl_connect_client(struct file *file,
  344. const uuid_le *in_client_uuid,
  345. struct mei_client *client)
  346. {
  347. struct mei_device *dev;
  348. struct mei_me_client *me_cl;
  349. struct mei_cl *cl;
  350. int rets;
  351. cl = file->private_data;
  352. dev = cl->dev;
  353. if (cl->state != MEI_FILE_INITIALIZING &&
  354. cl->state != MEI_FILE_DISCONNECTED)
  355. return -EBUSY;
  356. retry:
  357. /* find ME client we're trying to connect to */
  358. me_cl = mei_me_cl_by_uuid(dev, in_client_uuid);
  359. if (!me_cl) {
  360. cl_dbg(dev, cl, "Cannot connect to FW Client UUID = %pUl\n",
  361. in_client_uuid);
  362. rets = -ENOTTY;
  363. goto end;
  364. }
  365. if (me_cl->props.fixed_address) {
  366. bool forbidden = dev->override_fixed_address ?
  367. !dev->allow_fixed_address : !dev->hbm_f_fa_supported;
  368. if (forbidden) {
  369. cl_dbg(dev, cl, "Connection forbidden to FW Client UUID = %pUl\n",
  370. in_client_uuid);
  371. rets = -ENOTTY;
  372. goto end;
  373. }
  374. }
  375. cl_dbg(dev, cl, "Connect to FW Client ID = %d\n", me_cl->client_id);
  376. cl_dbg(dev, cl, "FW Client - Protocol Version = %d\n", me_cl->props.protocol_version);
  377. cl_dbg(dev, cl, "FW Client - Max Msg Len = %d\n", me_cl->props.max_msg_length);
  378. /* prepare the output buffer */
  379. client->max_msg_length = me_cl->props.max_msg_length;
  380. client->protocol_version = me_cl->props.protocol_version;
  381. cl_dbg(dev, cl, "Can connect?\n");
  382. rets = mei_cl_connect(cl, me_cl, file);
  383. if (rets && cl->status == -EFAULT &&
  384. (dev->dev_state == MEI_DEV_RESETTING ||
  385. dev->dev_state == MEI_DEV_INIT_CLIENTS)) {
  386. /* in link reset, wait for it completion */
  387. mutex_unlock(&dev->device_lock);
  388. rets = wait_event_interruptible_timeout(dev->wait_dev_state,
  389. dev->dev_state == MEI_DEV_ENABLED,
  390. dev->timeouts.link_reset_wait);
  391. mutex_lock(&dev->device_lock);
  392. if (rets < 0) {
  393. if (signal_pending(current))
  394. rets = -EINTR;
  395. goto end;
  396. }
  397. if (dev->dev_state != MEI_DEV_ENABLED) {
  398. rets = -ETIME;
  399. goto end;
  400. }
  401. mei_me_cl_put(me_cl);
  402. goto retry;
  403. }
  404. end:
  405. mei_me_cl_put(me_cl);
  406. return rets;
  407. }
  408. /**
  409. * mei_vt_support_check - check if client support vtags
  410. *
  411. * @dev: mei_device
  412. * @uuid: client UUID
  413. *
  414. * Locking: called under "dev->device_lock" lock
  415. *
  416. * Return:
  417. * 0 - supported
  418. * -ENOTTY - no such client
  419. * -EOPNOTSUPP - vtags are not supported by client
  420. */
  421. static int mei_vt_support_check(struct mei_device *dev, const uuid_le *uuid)
  422. {
  423. struct mei_me_client *me_cl;
  424. int ret;
  425. if (!dev->hbm_f_vt_supported)
  426. return -EOPNOTSUPP;
  427. me_cl = mei_me_cl_by_uuid(dev, uuid);
  428. if (!me_cl) {
  429. dev_dbg(&dev->dev, "Cannot connect to FW Client UUID = %pUl\n",
  430. uuid);
  431. return -ENOTTY;
  432. }
  433. ret = me_cl->props.vt_supported ? 0 : -EOPNOTSUPP;
  434. mei_me_cl_put(me_cl);
  435. return ret;
  436. }
  437. /**
  438. * mei_ioctl_connect_vtag - connect to fw client with vtag IOCTL function
  439. *
  440. * @file: private data of the file object
  441. * @in_client_uuid: requested UUID for connection
  442. * @client: IOCTL connect data, output parameters
  443. * @vtag: vm tag
  444. *
  445. * Locking: called under "dev->device_lock" lock
  446. *
  447. * Return: 0 on success, <0 on failure.
  448. */
  449. static int mei_ioctl_connect_vtag(struct file *file,
  450. const uuid_le *in_client_uuid,
  451. struct mei_client *client,
  452. u8 vtag)
  453. {
  454. struct mei_device *dev;
  455. struct mei_cl *cl;
  456. struct mei_cl *pos;
  457. struct mei_cl_vtag *cl_vtag;
  458. cl = file->private_data;
  459. dev = cl->dev;
  460. cl_dbg(dev, cl, "FW Client %pUl vtag %d\n", in_client_uuid, vtag);
  461. switch (cl->state) {
  462. case MEI_FILE_DISCONNECTED:
  463. if (mei_cl_vtag_by_fp(cl, file) != vtag) {
  464. cl_err(dev, cl, "reconnect with different vtag\n");
  465. return -EINVAL;
  466. }
  467. break;
  468. case MEI_FILE_INITIALIZING:
  469. /* malicious connect from another thread may push vtag */
  470. if (!IS_ERR(mei_cl_fp_by_vtag(cl, vtag))) {
  471. cl_err(dev, cl, "vtag already filled\n");
  472. return -EINVAL;
  473. }
  474. list_for_each_entry(pos, &dev->file_list, link) {
  475. if (pos == cl)
  476. continue;
  477. if (!pos->me_cl)
  478. continue;
  479. /* only search for same UUID */
  480. if (uuid_le_cmp(*mei_cl_uuid(pos), *in_client_uuid))
  481. continue;
  482. /* if tag already exist try another fp */
  483. if (!IS_ERR(mei_cl_fp_by_vtag(pos, vtag)))
  484. continue;
  485. /* replace cl with acquired one */
  486. cl_dbg(dev, cl, "replacing with existing cl\n");
  487. mei_cl_unlink(cl);
  488. kfree(cl);
  489. file->private_data = pos;
  490. cl = pos;
  491. break;
  492. }
  493. cl_vtag = mei_cl_vtag_alloc(file, vtag);
  494. if (IS_ERR(cl_vtag))
  495. return -ENOMEM;
  496. list_add_tail(&cl_vtag->list, &cl->vtag_map);
  497. break;
  498. default:
  499. return -EBUSY;
  500. }
  501. while (cl->state != MEI_FILE_INITIALIZING &&
  502. cl->state != MEI_FILE_DISCONNECTED &&
  503. cl->state != MEI_FILE_CONNECTED) {
  504. mutex_unlock(&dev->device_lock);
  505. wait_event_timeout(cl->wait,
  506. (cl->state == MEI_FILE_CONNECTED ||
  507. cl->state == MEI_FILE_DISCONNECTED ||
  508. cl->state == MEI_FILE_DISCONNECT_REQUIRED ||
  509. cl->state == MEI_FILE_DISCONNECT_REPLY),
  510. dev->timeouts.cl_connect);
  511. mutex_lock(&dev->device_lock);
  512. }
  513. if (!mei_cl_is_connected(cl))
  514. return mei_ioctl_connect_client(file, in_client_uuid, client);
  515. client->max_msg_length = cl->me_cl->props.max_msg_length;
  516. client->protocol_version = cl->me_cl->props.protocol_version;
  517. return 0;
  518. }
  519. /**
  520. * mei_ioctl_client_notify_request - propagate event notification
  521. * request to client
  522. *
  523. * @file: pointer to file structure
  524. * @request: 0 - disable, 1 - enable
  525. *
  526. * Return: 0 on success , <0 on error
  527. */
  528. static int mei_ioctl_client_notify_request(const struct file *file, u32 request)
  529. {
  530. struct mei_cl *cl = file->private_data;
  531. if (request != MEI_HBM_NOTIFICATION_START &&
  532. request != MEI_HBM_NOTIFICATION_STOP)
  533. return -EINVAL;
  534. return mei_cl_notify_request(cl, file, (u8)request);
  535. }
  536. /**
  537. * mei_ioctl_client_notify_get - wait for notification request
  538. *
  539. * @file: pointer to file structure
  540. * @notify_get: 0 - disable, 1 - enable
  541. *
  542. * Return: 0 on success , <0 on error
  543. */
  544. static int mei_ioctl_client_notify_get(const struct file *file, u32 *notify_get)
  545. {
  546. struct mei_cl *cl = file->private_data;
  547. bool notify_ev;
  548. bool block = (file->f_flags & O_NONBLOCK) == 0;
  549. int rets;
  550. rets = mei_cl_notify_get(cl, block, &notify_ev);
  551. if (rets)
  552. return rets;
  553. *notify_get = notify_ev ? 1 : 0;
  554. return 0;
  555. }
  556. /**
  557. * mei_ioctl - the IOCTL function
  558. *
  559. * @file: pointer to file structure
  560. * @cmd: ioctl command
  561. * @data: pointer to mei message structure
  562. *
  563. * Return: 0 on success , <0 on error
  564. */
  565. static long mei_ioctl(struct file *file, unsigned int cmd, unsigned long data)
  566. {
  567. struct mei_device *dev;
  568. struct mei_cl *cl = file->private_data;
  569. struct mei_connect_client_data conn;
  570. struct mei_connect_client_data_vtag conn_vtag;
  571. uuid_le cl_uuid;
  572. struct mei_client *props;
  573. u8 vtag;
  574. u32 notify_get, notify_req;
  575. int rets;
  576. if (WARN_ON(!cl || !cl->dev))
  577. return -ENODEV;
  578. dev = cl->dev;
  579. cl_dbg(dev, cl, "IOCTL cmd = 0x%x", cmd);
  580. mutex_lock(&dev->device_lock);
  581. if (dev->dev_state != MEI_DEV_ENABLED) {
  582. rets = -ENODEV;
  583. goto out;
  584. }
  585. switch (cmd) {
  586. case IOCTL_MEI_CONNECT_CLIENT:
  587. cl_dbg(dev, cl, "IOCTL_MEI_CONNECT_CLIENT\n");
  588. if (copy_from_user(&conn, (char __user *)data, sizeof(conn))) {
  589. cl_dbg(dev, cl, "failed to copy data from userland\n");
  590. rets = -EFAULT;
  591. goto out;
  592. }
  593. cl_uuid = conn.in_client_uuid;
  594. props = &conn.out_client_properties;
  595. vtag = 0;
  596. rets = mei_vt_support_check(dev, &cl_uuid);
  597. if (rets == -ENOTTY)
  598. goto out;
  599. if (!rets)
  600. rets = mei_ioctl_connect_vtag(file, &cl_uuid, props,
  601. vtag);
  602. else
  603. rets = mei_ioctl_connect_client(file, &cl_uuid, props);
  604. if (rets)
  605. goto out;
  606. /* if all is ok, copying the data back to user. */
  607. if (copy_to_user((char __user *)data, &conn, sizeof(conn))) {
  608. cl_dbg(dev, cl, "failed to copy data to userland\n");
  609. rets = -EFAULT;
  610. goto out;
  611. }
  612. break;
  613. case IOCTL_MEI_CONNECT_CLIENT_VTAG:
  614. cl_dbg(dev, cl, "IOCTL_MEI_CONNECT_CLIENT_VTAG\n");
  615. if (copy_from_user(&conn_vtag, (char __user *)data,
  616. sizeof(conn_vtag))) {
  617. cl_dbg(dev, cl, "failed to copy data from userland\n");
  618. rets = -EFAULT;
  619. goto out;
  620. }
  621. cl_uuid = conn_vtag.connect.in_client_uuid;
  622. props = &conn_vtag.out_client_properties;
  623. vtag = conn_vtag.connect.vtag;
  624. rets = mei_vt_support_check(dev, &cl_uuid);
  625. if (rets == -EOPNOTSUPP)
  626. cl_dbg(dev, cl, "FW Client %pUl does not support vtags\n",
  627. &cl_uuid);
  628. if (rets)
  629. goto out;
  630. if (!vtag) {
  631. cl_dbg(dev, cl, "vtag can't be zero\n");
  632. rets = -EINVAL;
  633. goto out;
  634. }
  635. rets = mei_ioctl_connect_vtag(file, &cl_uuid, props, vtag);
  636. if (rets)
  637. goto out;
  638. /* if all is ok, copying the data back to user. */
  639. if (copy_to_user((char __user *)data, &conn_vtag,
  640. sizeof(conn_vtag))) {
  641. cl_dbg(dev, cl, "failed to copy data to userland\n");
  642. rets = -EFAULT;
  643. goto out;
  644. }
  645. break;
  646. case IOCTL_MEI_NOTIFY_SET:
  647. cl_dbg(dev, cl, "IOCTL_MEI_NOTIFY_SET\n");
  648. if (copy_from_user(&notify_req,
  649. (char __user *)data, sizeof(notify_req))) {
  650. cl_dbg(dev, cl, "failed to copy data from userland\n");
  651. rets = -EFAULT;
  652. goto out;
  653. }
  654. rets = mei_ioctl_client_notify_request(file, notify_req);
  655. break;
  656. case IOCTL_MEI_NOTIFY_GET:
  657. cl_dbg(dev, cl, "IOCTL_MEI_NOTIFY_GET\n");
  658. rets = mei_ioctl_client_notify_get(file, &notify_get);
  659. if (rets)
  660. goto out;
  661. cl_dbg(dev, cl, "copy connect data to user\n");
  662. if (copy_to_user((char __user *)data,
  663. &notify_get, sizeof(notify_get))) {
  664. cl_dbg(dev, cl, "failed to copy data to userland\n");
  665. rets = -EFAULT;
  666. goto out;
  667. }
  668. break;
  669. default:
  670. rets = -ENOIOCTLCMD;
  671. }
  672. out:
  673. mutex_unlock(&dev->device_lock);
  674. return rets;
  675. }
  676. /**
  677. * mei_poll - the poll function
  678. *
  679. * @file: pointer to file structure
  680. * @wait: pointer to poll_table structure
  681. *
  682. * Return: poll mask
  683. */
  684. static __poll_t mei_poll(struct file *file, poll_table *wait)
  685. {
  686. __poll_t req_events = poll_requested_events(wait);
  687. struct mei_cl *cl = file->private_data;
  688. struct mei_device *dev;
  689. __poll_t mask = 0;
  690. bool notify_en;
  691. if (WARN_ON(!cl || !cl->dev))
  692. return EPOLLERR;
  693. dev = cl->dev;
  694. mutex_lock(&dev->device_lock);
  695. notify_en = cl->notify_en && (req_events & EPOLLPRI);
  696. if (dev->dev_state != MEI_DEV_ENABLED ||
  697. !mei_cl_is_connected(cl)) {
  698. mask = EPOLLERR;
  699. goto out;
  700. }
  701. if (notify_en) {
  702. poll_wait(file, &cl->ev_wait, wait);
  703. if (cl->notify_ev)
  704. mask |= EPOLLPRI;
  705. }
  706. if (req_events & (EPOLLIN | EPOLLRDNORM)) {
  707. poll_wait(file, &cl->rx_wait, wait);
  708. if (mei_cl_read_cb(cl, file))
  709. mask |= EPOLLIN | EPOLLRDNORM;
  710. else
  711. mei_cl_read_start(cl, mei_cl_mtu(cl), file);
  712. }
  713. if (req_events & (EPOLLOUT | EPOLLWRNORM)) {
  714. poll_wait(file, &cl->tx_wait, wait);
  715. if (cl->tx_cb_queued < dev->tx_queue_limit)
  716. mask |= EPOLLOUT | EPOLLWRNORM;
  717. }
  718. out:
  719. mutex_unlock(&dev->device_lock);
  720. return mask;
  721. }
  722. /**
  723. * mei_cl_is_write_queued - check if the client has pending writes.
  724. *
  725. * @cl: writing host client
  726. *
  727. * Return: true if client is writing, false otherwise.
  728. */
  729. static bool mei_cl_is_write_queued(struct mei_cl *cl)
  730. {
  731. struct mei_device *dev = cl->dev;
  732. struct mei_cl_cb *cb;
  733. list_for_each_entry(cb, &dev->write_list, list)
  734. if (cb->cl == cl)
  735. return true;
  736. list_for_each_entry(cb, &dev->write_waiting_list, list)
  737. if (cb->cl == cl)
  738. return true;
  739. return false;
  740. }
  741. /**
  742. * mei_fsync - the fsync handler
  743. *
  744. * @fp: pointer to file structure
  745. * @start: unused
  746. * @end: unused
  747. * @datasync: unused
  748. *
  749. * Return: 0 on success, -ENODEV if client is not connected
  750. */
  751. static int mei_fsync(struct file *fp, loff_t start, loff_t end, int datasync)
  752. {
  753. struct mei_cl *cl = fp->private_data;
  754. struct mei_device *dev;
  755. int rets;
  756. if (WARN_ON(!cl || !cl->dev))
  757. return -ENODEV;
  758. dev = cl->dev;
  759. mutex_lock(&dev->device_lock);
  760. if (dev->dev_state != MEI_DEV_ENABLED || !mei_cl_is_connected(cl)) {
  761. rets = -ENODEV;
  762. goto out;
  763. }
  764. while (mei_cl_is_write_queued(cl)) {
  765. mutex_unlock(&dev->device_lock);
  766. rets = wait_event_interruptible(cl->tx_wait,
  767. cl->writing_state == MEI_WRITE_COMPLETE ||
  768. !mei_cl_is_connected(cl));
  769. mutex_lock(&dev->device_lock);
  770. if (rets) {
  771. if (signal_pending(current))
  772. rets = -EINTR;
  773. goto out;
  774. }
  775. if (!mei_cl_is_connected(cl)) {
  776. rets = -ENODEV;
  777. goto out;
  778. }
  779. }
  780. rets = 0;
  781. out:
  782. mutex_unlock(&dev->device_lock);
  783. return rets;
  784. }
  785. /**
  786. * mei_fasync - asynchronous io support
  787. *
  788. * @fd: file descriptor
  789. * @file: pointer to file structure
  790. * @band: band bitmap
  791. *
  792. * Return: negative on error,
  793. * 0 if it did no changes,
  794. * and positive a process was added or deleted
  795. */
  796. static int mei_fasync(int fd, struct file *file, int band)
  797. {
  798. struct mei_cl *cl = file->private_data;
  799. if (!mei_cl_is_connected(cl))
  800. return -ENODEV;
  801. return fasync_helper(fd, file, band, &cl->ev_async);
  802. }
  803. /**
  804. * trc_show - mei device trc attribute show method
  805. *
  806. * @device: device pointer
  807. * @attr: attribute pointer
  808. * @buf: char out buffer
  809. *
  810. * Return: number of the bytes printed into buf or error
  811. */
  812. static ssize_t trc_show(struct device *device,
  813. struct device_attribute *attr, char *buf)
  814. {
  815. struct mei_device *dev = dev_get_drvdata(device);
  816. u32 trc;
  817. int ret;
  818. ret = mei_trc_status(dev, &trc);
  819. if (ret)
  820. return ret;
  821. return sprintf(buf, "%08X\n", trc);
  822. }
  823. static DEVICE_ATTR_RO(trc);
  824. /**
  825. * fw_status_show - mei device fw_status attribute show method
  826. *
  827. * @device: device pointer
  828. * @attr: attribute pointer
  829. * @buf: char out buffer
  830. *
  831. * Return: number of the bytes printed into buf or error
  832. */
  833. static ssize_t fw_status_show(struct device *device,
  834. struct device_attribute *attr, char *buf)
  835. {
  836. struct mei_device *dev = dev_get_drvdata(device);
  837. struct mei_fw_status fw_status;
  838. int err, i;
  839. ssize_t cnt = 0;
  840. mutex_lock(&dev->device_lock);
  841. err = mei_fw_status(dev, &fw_status);
  842. mutex_unlock(&dev->device_lock);
  843. if (err) {
  844. dev_err(device, "read fw_status error = %d\n", err);
  845. return err;
  846. }
  847. for (i = 0; i < fw_status.count; i++)
  848. cnt += scnprintf(buf + cnt, PAGE_SIZE - cnt, "%08X\n",
  849. fw_status.status[i]);
  850. return cnt;
  851. }
  852. static DEVICE_ATTR_RO(fw_status);
  853. /**
  854. * hbm_ver_show - display HBM protocol version negotiated with FW
  855. *
  856. * @device: device pointer
  857. * @attr: attribute pointer
  858. * @buf: char out buffer
  859. *
  860. * Return: number of the bytes printed into buf or error
  861. */
  862. static ssize_t hbm_ver_show(struct device *device,
  863. struct device_attribute *attr, char *buf)
  864. {
  865. struct mei_device *dev = dev_get_drvdata(device);
  866. struct hbm_version ver;
  867. mutex_lock(&dev->device_lock);
  868. ver = dev->version;
  869. mutex_unlock(&dev->device_lock);
  870. return sprintf(buf, "%u.%u\n", ver.major_version, ver.minor_version);
  871. }
  872. static DEVICE_ATTR_RO(hbm_ver);
  873. /**
  874. * hbm_ver_drv_show - display HBM protocol version advertised by driver
  875. *
  876. * @device: device pointer
  877. * @attr: attribute pointer
  878. * @buf: char out buffer
  879. *
  880. * Return: number of the bytes printed into buf or error
  881. */
  882. static ssize_t hbm_ver_drv_show(struct device *device,
  883. struct device_attribute *attr, char *buf)
  884. {
  885. return sprintf(buf, "%u.%u\n", HBM_MAJOR_VERSION, HBM_MINOR_VERSION);
  886. }
  887. static DEVICE_ATTR_RO(hbm_ver_drv);
  888. static ssize_t tx_queue_limit_show(struct device *device,
  889. struct device_attribute *attr, char *buf)
  890. {
  891. struct mei_device *dev = dev_get_drvdata(device);
  892. u8 size = 0;
  893. mutex_lock(&dev->device_lock);
  894. size = dev->tx_queue_limit;
  895. mutex_unlock(&dev->device_lock);
  896. return sysfs_emit(buf, "%u\n", size);
  897. }
  898. static ssize_t tx_queue_limit_store(struct device *device,
  899. struct device_attribute *attr,
  900. const char *buf, size_t count)
  901. {
  902. struct mei_device *dev = dev_get_drvdata(device);
  903. u8 limit;
  904. unsigned int inp;
  905. int err;
  906. err = kstrtouint(buf, 10, &inp);
  907. if (err)
  908. return err;
  909. if (inp > MEI_TX_QUEUE_LIMIT_MAX || inp < MEI_TX_QUEUE_LIMIT_MIN)
  910. return -EINVAL;
  911. limit = inp;
  912. mutex_lock(&dev->device_lock);
  913. dev->tx_queue_limit = limit;
  914. mutex_unlock(&dev->device_lock);
  915. return count;
  916. }
  917. static DEVICE_ATTR_RW(tx_queue_limit);
  918. /**
  919. * fw_ver_show - display ME FW version
  920. *
  921. * @device: device pointer
  922. * @attr: attribute pointer
  923. * @buf: char out buffer
  924. *
  925. * Return: number of the bytes printed into buf or error
  926. */
  927. static ssize_t fw_ver_show(struct device *device,
  928. struct device_attribute *attr, char *buf)
  929. {
  930. struct mei_device *dev = dev_get_drvdata(device);
  931. struct mei_fw_version *ver;
  932. ssize_t cnt = 0;
  933. int i;
  934. ver = dev->fw_ver;
  935. for (i = 0; i < MEI_MAX_FW_VER_BLOCKS; i++)
  936. cnt += scnprintf(buf + cnt, PAGE_SIZE - cnt, "%u:%u.%u.%u.%u\n",
  937. ver[i].platform, ver[i].major, ver[i].minor,
  938. ver[i].hotfix, ver[i].buildno);
  939. return cnt;
  940. }
  941. static DEVICE_ATTR_RO(fw_ver);
  942. /**
  943. * dev_state_show - display device state
  944. *
  945. * @device: device pointer
  946. * @attr: attribute pointer
  947. * @buf: char out buffer
  948. *
  949. * Return: number of the bytes printed into buf or error
  950. */
  951. static ssize_t dev_state_show(struct device *device,
  952. struct device_attribute *attr, char *buf)
  953. {
  954. struct mei_device *dev = dev_get_drvdata(device);
  955. enum mei_dev_state dev_state;
  956. mutex_lock(&dev->device_lock);
  957. dev_state = dev->dev_state;
  958. mutex_unlock(&dev->device_lock);
  959. return sprintf(buf, "%s", mei_dev_state_str(dev_state));
  960. }
  961. static DEVICE_ATTR_RO(dev_state);
  962. /**
  963. * mei_set_devstate: set to new device state and notify sysfs file.
  964. *
  965. * @dev: mei_device
  966. * @state: new device state
  967. */
  968. void mei_set_devstate(struct mei_device *dev, enum mei_dev_state state)
  969. {
  970. struct device *clsdev;
  971. if (dev->dev_state == state)
  972. return;
  973. dev->dev_state = state;
  974. wake_up_interruptible_all(&dev->wait_dev_state);
  975. if (!dev->cdev)
  976. return;
  977. clsdev = class_find_device_by_devt(&mei_class, dev->cdev->dev);
  978. if (clsdev) {
  979. sysfs_notify(&clsdev->kobj, NULL, "dev_state");
  980. put_device(clsdev);
  981. }
  982. }
  983. /**
  984. * kind_show - display device kind
  985. *
  986. * @device: device pointer
  987. * @attr: attribute pointer
  988. * @buf: char out buffer
  989. *
  990. * Return: number of the bytes printed into buf or error
  991. */
  992. static ssize_t kind_show(struct device *device,
  993. struct device_attribute *attr, char *buf)
  994. {
  995. struct mei_device *dev = dev_get_drvdata(device);
  996. ssize_t ret;
  997. if (dev->kind)
  998. ret = sprintf(buf, "%s\n", dev->kind);
  999. else
  1000. ret = sprintf(buf, "%s\n", "mei");
  1001. return ret;
  1002. }
  1003. static DEVICE_ATTR_RO(kind);
  1004. static struct attribute *mei_attrs[] = {
  1005. &dev_attr_fw_status.attr,
  1006. &dev_attr_hbm_ver.attr,
  1007. &dev_attr_hbm_ver_drv.attr,
  1008. &dev_attr_tx_queue_limit.attr,
  1009. &dev_attr_fw_ver.attr,
  1010. &dev_attr_dev_state.attr,
  1011. &dev_attr_trc.attr,
  1012. &dev_attr_kind.attr,
  1013. NULL
  1014. };
  1015. ATTRIBUTE_GROUPS(mei);
  1016. /*
  1017. * file operations structure will be used for mei char device.
  1018. */
  1019. static const struct file_operations mei_fops = {
  1020. .owner = THIS_MODULE,
  1021. .read = mei_read,
  1022. .unlocked_ioctl = mei_ioctl,
  1023. .compat_ioctl = compat_ptr_ioctl,
  1024. .open = mei_open,
  1025. .release = mei_release,
  1026. .write = mei_write,
  1027. .poll = mei_poll,
  1028. .fsync = mei_fsync,
  1029. .fasync = mei_fasync,
  1030. };
  1031. /**
  1032. * mei_minor_get - obtain next free device minor number
  1033. *
  1034. * @dev: device pointer
  1035. *
  1036. * Return: allocated minor, or -ENOSPC if no free minor left
  1037. */
  1038. static int mei_minor_get(struct mei_device *dev)
  1039. {
  1040. int ret;
  1041. mutex_lock(&mei_minor_lock);
  1042. ret = idr_alloc(&mei_idr, dev, 0, MEI_MAX_DEVS, GFP_KERNEL);
  1043. if (ret >= 0)
  1044. dev->minor = ret;
  1045. else if (ret == -ENOSPC)
  1046. dev_err(&dev->dev, "too many mei devices\n");
  1047. mutex_unlock(&mei_minor_lock);
  1048. return ret;
  1049. }
  1050. /**
  1051. * mei_minor_free - mark device minor number as free
  1052. *
  1053. * @minor: minor number to free
  1054. */
  1055. static void mei_minor_free(int minor)
  1056. {
  1057. mutex_lock(&mei_minor_lock);
  1058. idr_remove(&mei_idr, minor);
  1059. mutex_unlock(&mei_minor_lock);
  1060. }
  1061. static void mei_device_release(struct device *dev)
  1062. {
  1063. kfree(dev_get_drvdata(dev));
  1064. }
  1065. int mei_register(struct mei_device *dev, struct device *parent)
  1066. {
  1067. int ret, devno;
  1068. int minor;
  1069. ret = mei_minor_get(dev);
  1070. if (ret < 0)
  1071. return ret;
  1072. minor = dev->minor;
  1073. /* Fill in the data structures */
  1074. devno = MKDEV(MAJOR(mei_devt), dev->minor);
  1075. device_initialize(&dev->dev);
  1076. dev->dev.devt = devno;
  1077. dev->dev.class = &mei_class;
  1078. dev->dev.parent = parent;
  1079. dev->dev.groups = mei_groups;
  1080. dev->dev.release = mei_device_release;
  1081. dev_set_drvdata(&dev->dev, dev);
  1082. dev->cdev = cdev_alloc();
  1083. if (!dev->cdev) {
  1084. ret = -ENOMEM;
  1085. goto err;
  1086. }
  1087. dev->cdev->ops = &mei_fops;
  1088. dev->cdev->owner = parent->driver->owner;
  1089. cdev_set_parent(dev->cdev, &dev->dev.kobj);
  1090. /* Add the device */
  1091. ret = cdev_add(dev->cdev, devno, 1);
  1092. if (ret) {
  1093. dev_err(parent, "unable to add cdev for device %d:%d\n",
  1094. MAJOR(mei_devt), dev->minor);
  1095. goto err_del_cdev;
  1096. }
  1097. ret = dev_set_name(&dev->dev, "mei%d", dev->minor);
  1098. if (ret) {
  1099. dev_err(parent, "unable to set name to device %d:%d ret = %d\n",
  1100. MAJOR(mei_devt), dev->minor, ret);
  1101. goto err_del_cdev;
  1102. }
  1103. ret = device_add(&dev->dev);
  1104. if (ret) {
  1105. dev_err(parent, "unable to add device %d:%d ret = %d\n",
  1106. MAJOR(mei_devt), dev->minor, ret);
  1107. goto err_del_cdev;
  1108. }
  1109. mei_dbgfs_register(dev, dev_name(&dev->dev));
  1110. return 0;
  1111. err_del_cdev:
  1112. cdev_del(dev->cdev);
  1113. err:
  1114. put_device(&dev->dev);
  1115. mei_minor_free(minor);
  1116. return ret;
  1117. }
  1118. EXPORT_SYMBOL_GPL(mei_register);
  1119. void mei_deregister(struct mei_device *dev)
  1120. {
  1121. int devno;
  1122. int minor = dev->minor;
  1123. devno = dev->cdev->dev;
  1124. cdev_del(dev->cdev);
  1125. mei_dbgfs_deregister(dev);
  1126. device_destroy(&mei_class, devno);
  1127. mei_minor_free(minor);
  1128. }
  1129. EXPORT_SYMBOL_GPL(mei_deregister);
  1130. static int __init mei_init(void)
  1131. {
  1132. int ret;
  1133. ret = class_register(&mei_class);
  1134. if (ret)
  1135. return ret;
  1136. ret = alloc_chrdev_region(&mei_devt, 0, MEI_MAX_DEVS, "mei");
  1137. if (ret < 0) {
  1138. pr_err("unable to allocate char dev region\n");
  1139. goto err_class;
  1140. }
  1141. ret = mei_cl_bus_init();
  1142. if (ret < 0) {
  1143. pr_err("unable to initialize bus\n");
  1144. goto err_chrdev;
  1145. }
  1146. return 0;
  1147. err_chrdev:
  1148. unregister_chrdev_region(mei_devt, MEI_MAX_DEVS);
  1149. err_class:
  1150. class_unregister(&mei_class);
  1151. return ret;
  1152. }
  1153. static void __exit mei_exit(void)
  1154. {
  1155. unregister_chrdev_region(mei_devt, MEI_MAX_DEVS);
  1156. class_unregister(&mei_class);
  1157. mei_cl_bus_exit();
  1158. }
  1159. module_init(mei_init);
  1160. module_exit(mei_exit);
  1161. MODULE_AUTHOR("Intel Corporation");
  1162. MODULE_DESCRIPTION("Intel(R) Management Engine Interface");
  1163. MODULE_LICENSE("GPL v2");