1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Copyright (c) 2003-2022, Intel Corporation. All rights reserved.
4 * Intel Management Engine Interface (Intel MEI) Linux driver
5 */
6
7 #include <linux/module.h>
8 #include <linux/moduleparam.h>
9 #include <linux/kernel.h>
10 #include <linux/device.h>
11 #include <linux/slab.h>
12 #include <linux/fs.h>
13 #include <linux/errno.h>
14 #include <linux/types.h>
15 #include <linux/fcntl.h>
16 #include <linux/poll.h>
17 #include <linux/init.h>
18 #include <linux/ioctl.h>
19 #include <linux/cdev.h>
20 #include <linux/sched/signal.h>
21 #include <linux/compat.h>
22 #include <linux/jiffies.h>
23 #include <linux/interrupt.h>
24
25 #include <linux/mei.h>
26
27 #include "mei_dev.h"
28 #include "client.h"
29
30 static const struct class mei_class = {
31 .name = "mei",
32 };
33
34 static dev_t mei_devt;
35 #define MEI_MAX_DEVS MINORMASK
36 static DEFINE_MUTEX(mei_minor_lock);
37 static DEFINE_IDR(mei_idr);
38
39 /**
40 * mei_open - the open function
41 *
42 * @inode: pointer to inode structure
43 * @file: pointer to file structure
44 *
45 * Return: 0 on success, <0 on error
46 */
mei_open(struct inode * inode,struct file * file)47 static int mei_open(struct inode *inode, struct file *file)
48 {
49 struct mei_device *dev;
50 struct mei_cl *cl;
51
52 int err;
53
54 dev = container_of(inode->i_cdev, struct mei_device, cdev);
55
56 mutex_lock(&dev->device_lock);
57
58 if (dev->dev_state != MEI_DEV_ENABLED) {
59 dev_dbg(dev->dev, "dev_state != MEI_ENABLED dev_state = %s\n",
60 mei_dev_state_str(dev->dev_state));
61 err = -ENODEV;
62 goto err_unlock;
63 }
64
65 cl = mei_cl_alloc_linked(dev);
66 if (IS_ERR(cl)) {
67 err = PTR_ERR(cl);
68 goto err_unlock;
69 }
70
71 cl->fp = file;
72 file->private_data = cl;
73
74 mutex_unlock(&dev->device_lock);
75
76 return nonseekable_open(inode, file);
77
78 err_unlock:
79 mutex_unlock(&dev->device_lock);
80 return err;
81 }
82
83 /**
84 * mei_cl_vtag_remove_by_fp - remove vtag that corresponds to fp from list
85 *
86 * @cl: host client
87 * @fp: pointer to file structure
88 *
89 */
mei_cl_vtag_remove_by_fp(const struct mei_cl * cl,const struct file * fp)90 static void mei_cl_vtag_remove_by_fp(const struct mei_cl *cl,
91 const struct file *fp)
92 {
93 struct mei_cl_vtag *vtag_l, *next;
94
95 list_for_each_entry_safe(vtag_l, next, &cl->vtag_map, list) {
96 if (vtag_l->fp == fp) {
97 list_del(&vtag_l->list);
98 kfree(vtag_l);
99 return;
100 }
101 }
102 }
103
104 /**
105 * mei_release - the release function
106 *
107 * @inode: pointer to inode structure
108 * @file: pointer to file structure
109 *
110 * Return: 0 on success, <0 on error
111 */
mei_release(struct inode * inode,struct file * file)112 static int mei_release(struct inode *inode, struct file *file)
113 {
114 struct mei_cl *cl = file->private_data;
115 struct mei_device *dev;
116 int rets;
117
118 if (WARN_ON(!cl || !cl->dev))
119 return -ENODEV;
120
121 dev = cl->dev;
122
123 mutex_lock(&dev->device_lock);
124
125 mei_cl_vtag_remove_by_fp(cl, file);
126
127 if (!list_empty(&cl->vtag_map)) {
128 cl_dbg(dev, cl, "not the last vtag\n");
129 mei_cl_flush_queues(cl, file);
130 rets = 0;
131 goto out;
132 }
133
134 rets = mei_cl_disconnect(cl);
135 /*
136 * Check again: This is necessary since disconnect releases the lock
137 * and another client can connect in the meantime.
138 */
139 if (!list_empty(&cl->vtag_map)) {
140 cl_dbg(dev, cl, "not the last vtag after disconnect\n");
141 mei_cl_flush_queues(cl, file);
142 goto out;
143 }
144
145 mei_cl_flush_queues(cl, NULL);
146 cl_dbg(dev, cl, "removing\n");
147
148 mei_cl_unlink(cl);
149 kfree(cl);
150
151 out:
152 file->private_data = NULL;
153
154 mutex_unlock(&dev->device_lock);
155 return rets;
156 }
157
158
159 /**
160 * mei_read - the read function.
161 *
162 * @file: pointer to file structure
163 * @ubuf: pointer to user buffer
164 * @length: buffer length
165 * @offset: data offset in buffer
166 *
167 * Return: >=0 data length on success , <0 on error
168 */
mei_read(struct file * file,char __user * ubuf,size_t length,loff_t * offset)169 static ssize_t mei_read(struct file *file, char __user *ubuf,
170 size_t length, loff_t *offset)
171 {
172 struct mei_cl *cl = file->private_data;
173 struct mei_device *dev;
174 struct mei_cl_cb *cb = NULL;
175 bool nonblock = !!(file->f_flags & O_NONBLOCK);
176 ssize_t rets;
177
178 if (WARN_ON(!cl || !cl->dev))
179 return -ENODEV;
180
181 dev = cl->dev;
182
183
184 mutex_lock(&dev->device_lock);
185 if (dev->dev_state != MEI_DEV_ENABLED) {
186 rets = -ENODEV;
187 goto out;
188 }
189
190 if (length == 0) {
191 rets = 0;
192 goto out;
193 }
194
195 if (ubuf == NULL) {
196 rets = -EMSGSIZE;
197 goto out;
198 }
199
200 cb = mei_cl_read_cb(cl, file);
201 if (cb)
202 goto copy_buffer;
203
204 if (*offset > 0)
205 *offset = 0;
206
207 rets = mei_cl_read_start(cl, length, file);
208 if (rets && rets != -EBUSY) {
209 cl_dbg(dev, cl, "mei start read failure status = %zd\n", rets);
210 goto out;
211 }
212
213 if (nonblock) {
214 rets = -EAGAIN;
215 goto out;
216 }
217
218 mutex_unlock(&dev->device_lock);
219 if (wait_event_interruptible(cl->rx_wait,
220 mei_cl_read_cb(cl, file) ||
221 !mei_cl_is_connected(cl))) {
222 if (signal_pending(current))
223 return -EINTR;
224 return -ERESTARTSYS;
225 }
226 mutex_lock(&dev->device_lock);
227
228 if (!mei_cl_is_connected(cl)) {
229 rets = -ENODEV;
230 goto out;
231 }
232
233 cb = mei_cl_read_cb(cl, file);
234 if (!cb) {
235 rets = 0;
236 goto out;
237 }
238
239 copy_buffer:
240 /* now copy the data to user space */
241 if (cb->status) {
242 rets = cb->status;
243 cl_dbg(dev, cl, "read operation failed %zd\n", rets);
244 goto free;
245 }
246
247 cl_dbg(dev, cl, "buf.size = %zu buf.idx = %zu offset = %lld\n",
248 cb->buf.size, cb->buf_idx, *offset);
249 if (*offset >= cb->buf_idx) {
250 rets = 0;
251 goto free;
252 }
253
254 /* length is being truncated to PAGE_SIZE,
255 * however buf_idx may point beyond that */
256 length = min_t(size_t, length, cb->buf_idx - *offset);
257
258 if (copy_to_user(ubuf, cb->buf.data + *offset, length)) {
259 cl_dbg(dev, cl, "failed to copy data to userland\n");
260 rets = -EFAULT;
261 goto free;
262 }
263
264 rets = length;
265 *offset += length;
266 /* not all data was read, keep the cb */
267 if (*offset < cb->buf_idx)
268 goto out;
269
270 free:
271 mei_cl_del_rd_completed(cl, cb);
272 *offset = 0;
273
274 out:
275 cl_dbg(dev, cl, "end mei read rets = %zd\n", rets);
276 mutex_unlock(&dev->device_lock);
277 return rets;
278 }
279
280 /**
281 * mei_cl_vtag_by_fp - obtain the vtag by file pointer
282 *
283 * @cl: host client
284 * @fp: pointer to file structure
285 *
286 * Return: vtag value on success, otherwise 0
287 */
mei_cl_vtag_by_fp(const struct mei_cl * cl,const struct file * fp)288 static u8 mei_cl_vtag_by_fp(const struct mei_cl *cl, const struct file *fp)
289 {
290 struct mei_cl_vtag *cl_vtag;
291
292 if (!fp)
293 return 0;
294
295 list_for_each_entry(cl_vtag, &cl->vtag_map, list)
296 if (cl_vtag->fp == fp)
297 return cl_vtag->vtag;
298 return 0;
299 }
300
301 /**
302 * mei_write - the write function.
303 *
304 * @file: pointer to file structure
305 * @ubuf: pointer to user buffer
306 * @length: buffer length
307 * @offset: data offset in buffer
308 *
309 * Return: >=0 data length on success , <0 on error
310 */
mei_write(struct file * file,const char __user * ubuf,size_t length,loff_t * offset)311 static ssize_t mei_write(struct file *file, const char __user *ubuf,
312 size_t length, loff_t *offset)
313 {
314 struct mei_cl *cl = file->private_data;
315 struct mei_cl_cb *cb;
316 struct mei_device *dev;
317 ssize_t rets;
318
319 if (WARN_ON(!cl || !cl->dev))
320 return -ENODEV;
321
322 dev = cl->dev;
323
324 mutex_lock(&dev->device_lock);
325
326 if (dev->dev_state != MEI_DEV_ENABLED) {
327 rets = -ENODEV;
328 goto out;
329 }
330
331 if (!mei_cl_is_connected(cl)) {
332 cl_dbg(dev, cl, "is not connected");
333 rets = -ENODEV;
334 goto out;
335 }
336
337 if (!mei_me_cl_is_active(cl->me_cl)) {
338 rets = -ENOTTY;
339 goto out;
340 }
341
342 if (length > mei_cl_mtu(cl)) {
343 rets = -EFBIG;
344 goto out;
345 }
346
347 if (length == 0) {
348 rets = 0;
349 goto out;
350 }
351
352 while (cl->tx_cb_queued >= dev->tx_queue_limit) {
353 if (file->f_flags & O_NONBLOCK) {
354 rets = -EAGAIN;
355 goto out;
356 }
357 mutex_unlock(&dev->device_lock);
358 rets = wait_event_interruptible(cl->tx_wait,
359 cl->writing_state == MEI_WRITE_COMPLETE ||
360 (!mei_cl_is_connected(cl)));
361 mutex_lock(&dev->device_lock);
362 if (rets) {
363 if (signal_pending(current))
364 rets = -EINTR;
365 goto out;
366 }
367 if (!mei_cl_is_connected(cl)) {
368 rets = -ENODEV;
369 goto out;
370 }
371 }
372
373 cb = mei_cl_alloc_cb(cl, length, MEI_FOP_WRITE, file);
374 if (!cb) {
375 rets = -ENOMEM;
376 goto out;
377 }
378 cb->vtag = mei_cl_vtag_by_fp(cl, file);
379
380 rets = copy_from_user(cb->buf.data, ubuf, length);
381 if (rets) {
382 cl_dbg(dev, cl, "failed to copy data from userland\n");
383 rets = -EFAULT;
384 mei_io_cb_free(cb);
385 goto out;
386 }
387
388 rets = mei_cl_write(cl, cb, MAX_SCHEDULE_TIMEOUT);
389 out:
390 mutex_unlock(&dev->device_lock);
391 return rets;
392 }
393
394 /**
395 * mei_ioctl_connect_client - the connect to fw client IOCTL function
396 *
397 * @file: private data of the file object
398 * @in_client_uuid: requested UUID for connection
399 * @client: IOCTL connect data, output parameters
400 *
401 * Locking: called under "dev->device_lock" lock
402 *
403 * Return: 0 on success, <0 on failure.
404 */
mei_ioctl_connect_client(struct file * file,const uuid_le * in_client_uuid,struct mei_client * client)405 static int mei_ioctl_connect_client(struct file *file,
406 const uuid_le *in_client_uuid,
407 struct mei_client *client)
408 {
409 struct mei_device *dev;
410 struct mei_me_client *me_cl;
411 struct mei_cl *cl;
412 int rets;
413
414 cl = file->private_data;
415 dev = cl->dev;
416
417 if (cl->state != MEI_FILE_INITIALIZING &&
418 cl->state != MEI_FILE_DISCONNECTED)
419 return -EBUSY;
420
421 /* find ME client we're trying to connect to */
422 me_cl = mei_me_cl_by_uuid(dev, in_client_uuid);
423 if (!me_cl) {
424 cl_dbg(dev, cl, "Cannot connect to FW Client UUID = %pUl\n",
425 in_client_uuid);
426 rets = -ENOTTY;
427 goto end;
428 }
429
430 if (me_cl->props.fixed_address) {
431 bool forbidden = dev->override_fixed_address ?
432 !dev->allow_fixed_address : !dev->hbm_f_fa_supported;
433 if (forbidden) {
434 cl_dbg(dev, cl, "Connection forbidden to FW Client UUID = %pUl\n",
435 in_client_uuid);
436 rets = -ENOTTY;
437 goto end;
438 }
439 }
440
441 cl_dbg(dev, cl, "Connect to FW Client ID = %d\n", me_cl->client_id);
442 cl_dbg(dev, cl, "FW Client - Protocol Version = %d\n", me_cl->props.protocol_version);
443 cl_dbg(dev, cl, "FW Client - Max Msg Len = %d\n", me_cl->props.max_msg_length);
444
445 /* prepare the output buffer */
446 client->max_msg_length = me_cl->props.max_msg_length;
447 client->protocol_version = me_cl->props.protocol_version;
448 cl_dbg(dev, cl, "Can connect?\n");
449
450 rets = mei_cl_connect(cl, me_cl, file);
451
452 end:
453 mei_me_cl_put(me_cl);
454 return rets;
455 }
456
457 /**
458 * mei_vt_support_check - check if client support vtags
459 *
460 * @dev: mei_device
461 * @uuid: client UUID
462 *
463 * Locking: called under "dev->device_lock" lock
464 *
465 * Return:
466 * 0 - supported
467 * -ENOTTY - no such client
468 * -EOPNOTSUPP - vtags are not supported by client
469 */
mei_vt_support_check(struct mei_device * dev,const uuid_le * uuid)470 static int mei_vt_support_check(struct mei_device *dev, const uuid_le *uuid)
471 {
472 struct mei_me_client *me_cl;
473 int ret;
474
475 if (!dev->hbm_f_vt_supported)
476 return -EOPNOTSUPP;
477
478 me_cl = mei_me_cl_by_uuid(dev, uuid);
479 if (!me_cl) {
480 dev_dbg(dev->dev, "Cannot connect to FW Client UUID = %pUl\n",
481 uuid);
482 return -ENOTTY;
483 }
484 ret = me_cl->props.vt_supported ? 0 : -EOPNOTSUPP;
485 mei_me_cl_put(me_cl);
486
487 return ret;
488 }
489
490 /**
491 * mei_ioctl_connect_vtag - connect to fw client with vtag IOCTL function
492 *
493 * @file: private data of the file object
494 * @in_client_uuid: requested UUID for connection
495 * @client: IOCTL connect data, output parameters
496 * @vtag: vm tag
497 *
498 * Locking: called under "dev->device_lock" lock
499 *
500 * Return: 0 on success, <0 on failure.
501 */
mei_ioctl_connect_vtag(struct file * file,const uuid_le * in_client_uuid,struct mei_client * client,u8 vtag)502 static int mei_ioctl_connect_vtag(struct file *file,
503 const uuid_le *in_client_uuid,
504 struct mei_client *client,
505 u8 vtag)
506 {
507 struct mei_device *dev;
508 struct mei_cl *cl;
509 struct mei_cl *pos;
510 struct mei_cl_vtag *cl_vtag;
511
512 cl = file->private_data;
513 dev = cl->dev;
514
515 cl_dbg(dev, cl, "FW Client %pUl vtag %d\n", in_client_uuid, vtag);
516
517 switch (cl->state) {
518 case MEI_FILE_DISCONNECTED:
519 if (mei_cl_vtag_by_fp(cl, file) != vtag) {
520 cl_err(dev, cl, "reconnect with different vtag\n");
521 return -EINVAL;
522 }
523 break;
524 case MEI_FILE_INITIALIZING:
525 /* malicious connect from another thread may push vtag */
526 if (!IS_ERR(mei_cl_fp_by_vtag(cl, vtag))) {
527 cl_err(dev, cl, "vtag already filled\n");
528 return -EINVAL;
529 }
530
531 list_for_each_entry(pos, &dev->file_list, link) {
532 if (pos == cl)
533 continue;
534 if (!pos->me_cl)
535 continue;
536
537 /* only search for same UUID */
538 if (uuid_le_cmp(*mei_cl_uuid(pos), *in_client_uuid))
539 continue;
540
541 /* if tag already exist try another fp */
542 if (!IS_ERR(mei_cl_fp_by_vtag(pos, vtag)))
543 continue;
544
545 /* replace cl with acquired one */
546 cl_dbg(dev, cl, "replacing with existing cl\n");
547 mei_cl_unlink(cl);
548 kfree(cl);
549 file->private_data = pos;
550 cl = pos;
551 break;
552 }
553
554 cl_vtag = mei_cl_vtag_alloc(file, vtag);
555 if (IS_ERR(cl_vtag))
556 return -ENOMEM;
557
558 list_add_tail(&cl_vtag->list, &cl->vtag_map);
559 break;
560 default:
561 return -EBUSY;
562 }
563
564 while (cl->state != MEI_FILE_INITIALIZING &&
565 cl->state != MEI_FILE_DISCONNECTED &&
566 cl->state != MEI_FILE_CONNECTED) {
567 mutex_unlock(&dev->device_lock);
568 wait_event_timeout(cl->wait,
569 (cl->state == MEI_FILE_CONNECTED ||
570 cl->state == MEI_FILE_DISCONNECTED ||
571 cl->state == MEI_FILE_DISCONNECT_REQUIRED ||
572 cl->state == MEI_FILE_DISCONNECT_REPLY),
573 dev->timeouts.cl_connect);
574 mutex_lock(&dev->device_lock);
575 }
576
577 if (!mei_cl_is_connected(cl))
578 return mei_ioctl_connect_client(file, in_client_uuid, client);
579
580 client->max_msg_length = cl->me_cl->props.max_msg_length;
581 client->protocol_version = cl->me_cl->props.protocol_version;
582
583 return 0;
584 }
585
586 /**
587 * mei_ioctl_client_notify_request - propagate event notification
588 * request to client
589 *
590 * @file: pointer to file structure
591 * @request: 0 - disable, 1 - enable
592 *
593 * Return: 0 on success , <0 on error
594 */
mei_ioctl_client_notify_request(const struct file * file,u32 request)595 static int mei_ioctl_client_notify_request(const struct file *file, u32 request)
596 {
597 struct mei_cl *cl = file->private_data;
598
599 if (request != MEI_HBM_NOTIFICATION_START &&
600 request != MEI_HBM_NOTIFICATION_STOP)
601 return -EINVAL;
602
603 return mei_cl_notify_request(cl, file, (u8)request);
604 }
605
606 /**
607 * mei_ioctl_client_notify_get - wait for notification request
608 *
609 * @file: pointer to file structure
610 * @notify_get: 0 - disable, 1 - enable
611 *
612 * Return: 0 on success , <0 on error
613 */
mei_ioctl_client_notify_get(const struct file * file,u32 * notify_get)614 static int mei_ioctl_client_notify_get(const struct file *file, u32 *notify_get)
615 {
616 struct mei_cl *cl = file->private_data;
617 bool notify_ev;
618 bool block = (file->f_flags & O_NONBLOCK) == 0;
619 int rets;
620
621 rets = mei_cl_notify_get(cl, block, ¬ify_ev);
622 if (rets)
623 return rets;
624
625 *notify_get = notify_ev ? 1 : 0;
626 return 0;
627 }
628
629 /**
630 * mei_ioctl - the IOCTL function
631 *
632 * @file: pointer to file structure
633 * @cmd: ioctl command
634 * @data: pointer to mei message structure
635 *
636 * Return: 0 on success , <0 on error
637 */
mei_ioctl(struct file * file,unsigned int cmd,unsigned long data)638 static long mei_ioctl(struct file *file, unsigned int cmd, unsigned long data)
639 {
640 struct mei_device *dev;
641 struct mei_cl *cl = file->private_data;
642 struct mei_connect_client_data conn;
643 struct mei_connect_client_data_vtag conn_vtag;
644 const uuid_le *cl_uuid;
645 struct mei_client *props;
646 u8 vtag;
647 u32 notify_get, notify_req;
648 int rets;
649
650
651 if (WARN_ON(!cl || !cl->dev))
652 return -ENODEV;
653
654 dev = cl->dev;
655
656 cl_dbg(dev, cl, "IOCTL cmd = 0x%x", cmd);
657
658 mutex_lock(&dev->device_lock);
659 if (dev->dev_state != MEI_DEV_ENABLED) {
660 rets = -ENODEV;
661 goto out;
662 }
663
664 switch (cmd) {
665 case IOCTL_MEI_CONNECT_CLIENT:
666 cl_dbg(dev, cl, "IOCTL_MEI_CONNECT_CLIENT\n");
667 if (copy_from_user(&conn, (char __user *)data, sizeof(conn))) {
668 cl_dbg(dev, cl, "failed to copy data from userland\n");
669 rets = -EFAULT;
670 goto out;
671 }
672 cl_uuid = &conn.in_client_uuid;
673 props = &conn.out_client_properties;
674 vtag = 0;
675
676 rets = mei_vt_support_check(dev, cl_uuid);
677 if (rets == -ENOTTY)
678 goto out;
679 if (!rets)
680 rets = mei_ioctl_connect_vtag(file, cl_uuid, props,
681 vtag);
682 else
683 rets = mei_ioctl_connect_client(file, cl_uuid, props);
684 if (rets)
685 goto out;
686
687 /* if all is ok, copying the data back to user. */
688 if (copy_to_user((char __user *)data, &conn, sizeof(conn))) {
689 cl_dbg(dev, cl, "failed to copy data to userland\n");
690 rets = -EFAULT;
691 goto out;
692 }
693
694 break;
695
696 case IOCTL_MEI_CONNECT_CLIENT_VTAG:
697 cl_dbg(dev, cl, "IOCTL_MEI_CONNECT_CLIENT_VTAG\n");
698 if (copy_from_user(&conn_vtag, (char __user *)data,
699 sizeof(conn_vtag))) {
700 cl_dbg(dev, cl, "failed to copy data from userland\n");
701 rets = -EFAULT;
702 goto out;
703 }
704
705 cl_uuid = &conn_vtag.connect.in_client_uuid;
706 props = &conn_vtag.out_client_properties;
707 vtag = conn_vtag.connect.vtag;
708
709 rets = mei_vt_support_check(dev, cl_uuid);
710 if (rets == -EOPNOTSUPP)
711 cl_dbg(dev, cl, "FW Client %pUl does not support vtags\n",
712 cl_uuid);
713 if (rets)
714 goto out;
715
716 if (!vtag) {
717 cl_dbg(dev, cl, "vtag can't be zero\n");
718 rets = -EINVAL;
719 goto out;
720 }
721
722 rets = mei_ioctl_connect_vtag(file, cl_uuid, props, vtag);
723 if (rets)
724 goto out;
725
726 /* if all is ok, copying the data back to user. */
727 if (copy_to_user((char __user *)data, &conn_vtag,
728 sizeof(conn_vtag))) {
729 cl_dbg(dev, cl, "failed to copy data to userland\n");
730 rets = -EFAULT;
731 goto out;
732 }
733
734 break;
735
736 case IOCTL_MEI_NOTIFY_SET:
737 cl_dbg(dev, cl, "IOCTL_MEI_NOTIFY_SET\n");
738 if (copy_from_user(¬ify_req,
739 (char __user *)data, sizeof(notify_req))) {
740 cl_dbg(dev, cl, "failed to copy data from userland\n");
741 rets = -EFAULT;
742 goto out;
743 }
744 rets = mei_ioctl_client_notify_request(file, notify_req);
745 break;
746
747 case IOCTL_MEI_NOTIFY_GET:
748 cl_dbg(dev, cl, "IOCTL_MEI_NOTIFY_GET\n");
749 rets = mei_ioctl_client_notify_get(file, ¬ify_get);
750 if (rets)
751 goto out;
752
753 cl_dbg(dev, cl, "copy connect data to user\n");
754 if (copy_to_user((char __user *)data,
755 ¬ify_get, sizeof(notify_get))) {
756 cl_dbg(dev, cl, "failed to copy data to userland\n");
757 rets = -EFAULT;
758 goto out;
759
760 }
761 break;
762
763 default:
764 rets = -ENOIOCTLCMD;
765 }
766
767 out:
768 mutex_unlock(&dev->device_lock);
769 return rets;
770 }
771
772 /**
773 * mei_poll - the poll function
774 *
775 * @file: pointer to file structure
776 * @wait: pointer to poll_table structure
777 *
778 * Return: poll mask
779 */
mei_poll(struct file * file,poll_table * wait)780 static __poll_t mei_poll(struct file *file, poll_table *wait)
781 {
782 __poll_t req_events = poll_requested_events(wait);
783 struct mei_cl *cl = file->private_data;
784 struct mei_device *dev;
785 __poll_t mask = 0;
786 bool notify_en;
787
788 if (WARN_ON(!cl || !cl->dev))
789 return EPOLLERR;
790
791 dev = cl->dev;
792
793 mutex_lock(&dev->device_lock);
794
795 notify_en = cl->notify_en && (req_events & EPOLLPRI);
796
797 if (dev->dev_state != MEI_DEV_ENABLED ||
798 !mei_cl_is_connected(cl)) {
799 mask = EPOLLERR;
800 goto out;
801 }
802
803 if (notify_en) {
804 poll_wait(file, &cl->ev_wait, wait);
805 if (cl->notify_ev)
806 mask |= EPOLLPRI;
807 }
808
809 if (req_events & (EPOLLIN | EPOLLRDNORM)) {
810 poll_wait(file, &cl->rx_wait, wait);
811
812 if (mei_cl_read_cb(cl, file))
813 mask |= EPOLLIN | EPOLLRDNORM;
814 else
815 mei_cl_read_start(cl, mei_cl_mtu(cl), file);
816 }
817
818 if (req_events & (EPOLLOUT | EPOLLWRNORM)) {
819 poll_wait(file, &cl->tx_wait, wait);
820 if (cl->tx_cb_queued < dev->tx_queue_limit)
821 mask |= EPOLLOUT | EPOLLWRNORM;
822 }
823
824 out:
825 mutex_unlock(&dev->device_lock);
826 return mask;
827 }
828
829 /**
830 * mei_cl_is_write_queued - check if the client has pending writes.
831 *
832 * @cl: writing host client
833 *
834 * Return: true if client is writing, false otherwise.
835 */
mei_cl_is_write_queued(struct mei_cl * cl)836 static bool mei_cl_is_write_queued(struct mei_cl *cl)
837 {
838 struct mei_device *dev = cl->dev;
839 struct mei_cl_cb *cb;
840
841 list_for_each_entry(cb, &dev->write_list, list)
842 if (cb->cl == cl)
843 return true;
844 list_for_each_entry(cb, &dev->write_waiting_list, list)
845 if (cb->cl == cl)
846 return true;
847 return false;
848 }
849
850 /**
851 * mei_fsync - the fsync handler
852 *
853 * @fp: pointer to file structure
854 * @start: unused
855 * @end: unused
856 * @datasync: unused
857 *
858 * Return: 0 on success, -ENODEV if client is not connected
859 */
mei_fsync(struct file * fp,loff_t start,loff_t end,int datasync)860 static int mei_fsync(struct file *fp, loff_t start, loff_t end, int datasync)
861 {
862 struct mei_cl *cl = fp->private_data;
863 struct mei_device *dev;
864 int rets;
865
866 if (WARN_ON(!cl || !cl->dev))
867 return -ENODEV;
868
869 dev = cl->dev;
870
871 mutex_lock(&dev->device_lock);
872
873 if (dev->dev_state != MEI_DEV_ENABLED || !mei_cl_is_connected(cl)) {
874 rets = -ENODEV;
875 goto out;
876 }
877
878 while (mei_cl_is_write_queued(cl)) {
879 mutex_unlock(&dev->device_lock);
880 rets = wait_event_interruptible(cl->tx_wait,
881 cl->writing_state == MEI_WRITE_COMPLETE ||
882 !mei_cl_is_connected(cl));
883 mutex_lock(&dev->device_lock);
884 if (rets) {
885 if (signal_pending(current))
886 rets = -EINTR;
887 goto out;
888 }
889 if (!mei_cl_is_connected(cl)) {
890 rets = -ENODEV;
891 goto out;
892 }
893 }
894 rets = 0;
895 out:
896 mutex_unlock(&dev->device_lock);
897 return rets;
898 }
899
900 /**
901 * mei_fasync - asynchronous io support
902 *
903 * @fd: file descriptor
904 * @file: pointer to file structure
905 * @band: band bitmap
906 *
907 * Return: negative on error,
908 * 0 if it did no changes,
909 * and positive a process was added or deleted
910 */
mei_fasync(int fd,struct file * file,int band)911 static int mei_fasync(int fd, struct file *file, int band)
912 {
913
914 struct mei_cl *cl = file->private_data;
915
916 if (!mei_cl_is_connected(cl))
917 return -ENODEV;
918
919 return fasync_helper(fd, file, band, &cl->ev_async);
920 }
921
922 /**
923 * trc_show - mei device trc attribute show method
924 *
925 * @device: device pointer
926 * @attr: attribute pointer
927 * @buf: char out buffer
928 *
929 * Return: number of the bytes printed into buf or error
930 */
trc_show(struct device * device,struct device_attribute * attr,char * buf)931 static ssize_t trc_show(struct device *device,
932 struct device_attribute *attr, char *buf)
933 {
934 struct mei_device *dev = dev_get_drvdata(device);
935 u32 trc;
936 int ret;
937
938 ret = mei_trc_status(dev, &trc);
939 if (ret)
940 return ret;
941 return sprintf(buf, "%08X\n", trc);
942 }
943 static DEVICE_ATTR_RO(trc);
944
945 /**
946 * fw_status_show - mei device fw_status attribute show method
947 *
948 * @device: device pointer
949 * @attr: attribute pointer
950 * @buf: char out buffer
951 *
952 * Return: number of the bytes printed into buf or error
953 */
fw_status_show(struct device * device,struct device_attribute * attr,char * buf)954 static ssize_t fw_status_show(struct device *device,
955 struct device_attribute *attr, char *buf)
956 {
957 struct mei_device *dev = dev_get_drvdata(device);
958 struct mei_fw_status fw_status;
959 int err, i;
960 ssize_t cnt = 0;
961
962 mutex_lock(&dev->device_lock);
963 err = mei_fw_status(dev, &fw_status);
964 mutex_unlock(&dev->device_lock);
965 if (err) {
966 dev_err(device, "read fw_status error = %d\n", err);
967 return err;
968 }
969
970 for (i = 0; i < fw_status.count; i++)
971 cnt += scnprintf(buf + cnt, PAGE_SIZE - cnt, "%08X\n",
972 fw_status.status[i]);
973 return cnt;
974 }
975 static DEVICE_ATTR_RO(fw_status);
976
977 /**
978 * hbm_ver_show - display HBM protocol version negotiated with FW
979 *
980 * @device: device pointer
981 * @attr: attribute pointer
982 * @buf: char out buffer
983 *
984 * Return: number of the bytes printed into buf or error
985 */
hbm_ver_show(struct device * device,struct device_attribute * attr,char * buf)986 static ssize_t hbm_ver_show(struct device *device,
987 struct device_attribute *attr, char *buf)
988 {
989 struct mei_device *dev = dev_get_drvdata(device);
990 struct hbm_version ver;
991
992 mutex_lock(&dev->device_lock);
993 ver = dev->version;
994 mutex_unlock(&dev->device_lock);
995
996 return sprintf(buf, "%u.%u\n", ver.major_version, ver.minor_version);
997 }
998 static DEVICE_ATTR_RO(hbm_ver);
999
1000 /**
1001 * hbm_ver_drv_show - display HBM protocol version advertised by driver
1002 *
1003 * @device: device pointer
1004 * @attr: attribute pointer
1005 * @buf: char out buffer
1006 *
1007 * Return: number of the bytes printed into buf or error
1008 */
hbm_ver_drv_show(struct device * device,struct device_attribute * attr,char * buf)1009 static ssize_t hbm_ver_drv_show(struct device *device,
1010 struct device_attribute *attr, char *buf)
1011 {
1012 return sprintf(buf, "%u.%u\n", HBM_MAJOR_VERSION, HBM_MINOR_VERSION);
1013 }
1014 static DEVICE_ATTR_RO(hbm_ver_drv);
1015
tx_queue_limit_show(struct device * device,struct device_attribute * attr,char * buf)1016 static ssize_t tx_queue_limit_show(struct device *device,
1017 struct device_attribute *attr, char *buf)
1018 {
1019 struct mei_device *dev = dev_get_drvdata(device);
1020 u8 size = 0;
1021
1022 mutex_lock(&dev->device_lock);
1023 size = dev->tx_queue_limit;
1024 mutex_unlock(&dev->device_lock);
1025
1026 return sysfs_emit(buf, "%u\n", size);
1027 }
1028
tx_queue_limit_store(struct device * device,struct device_attribute * attr,const char * buf,size_t count)1029 static ssize_t tx_queue_limit_store(struct device *device,
1030 struct device_attribute *attr,
1031 const char *buf, size_t count)
1032 {
1033 struct mei_device *dev = dev_get_drvdata(device);
1034 u8 limit;
1035 unsigned int inp;
1036 int err;
1037
1038 err = kstrtouint(buf, 10, &inp);
1039 if (err)
1040 return err;
1041 if (inp > MEI_TX_QUEUE_LIMIT_MAX || inp < MEI_TX_QUEUE_LIMIT_MIN)
1042 return -EINVAL;
1043 limit = inp;
1044
1045 mutex_lock(&dev->device_lock);
1046 dev->tx_queue_limit = limit;
1047 mutex_unlock(&dev->device_lock);
1048
1049 return count;
1050 }
1051 static DEVICE_ATTR_RW(tx_queue_limit);
1052
1053 /**
1054 * fw_ver_show - display ME FW version
1055 *
1056 * @device: device pointer
1057 * @attr: attribute pointer
1058 * @buf: char out buffer
1059 *
1060 * Return: number of the bytes printed into buf or error
1061 */
fw_ver_show(struct device * device,struct device_attribute * attr,char * buf)1062 static ssize_t fw_ver_show(struct device *device,
1063 struct device_attribute *attr, char *buf)
1064 {
1065 struct mei_device *dev = dev_get_drvdata(device);
1066 struct mei_fw_version *ver;
1067 ssize_t cnt = 0;
1068 int i;
1069
1070 ver = dev->fw_ver;
1071
1072 for (i = 0; i < MEI_MAX_FW_VER_BLOCKS; i++)
1073 cnt += scnprintf(buf + cnt, PAGE_SIZE - cnt, "%u:%u.%u.%u.%u\n",
1074 ver[i].platform, ver[i].major, ver[i].minor,
1075 ver[i].hotfix, ver[i].buildno);
1076 return cnt;
1077 }
1078 static DEVICE_ATTR_RO(fw_ver);
1079
1080 /**
1081 * dev_state_show - display device state
1082 *
1083 * @device: device pointer
1084 * @attr: attribute pointer
1085 * @buf: char out buffer
1086 *
1087 * Return: number of the bytes printed into buf or error
1088 */
dev_state_show(struct device * device,struct device_attribute * attr,char * buf)1089 static ssize_t dev_state_show(struct device *device,
1090 struct device_attribute *attr, char *buf)
1091 {
1092 struct mei_device *dev = dev_get_drvdata(device);
1093 enum mei_dev_state dev_state;
1094
1095 mutex_lock(&dev->device_lock);
1096 dev_state = dev->dev_state;
1097 mutex_unlock(&dev->device_lock);
1098
1099 return sprintf(buf, "%s", mei_dev_state_str(dev_state));
1100 }
1101 static DEVICE_ATTR_RO(dev_state);
1102
1103 /**
1104 * mei_set_devstate: set to new device state and notify sysfs file.
1105 *
1106 * @dev: mei_device
1107 * @state: new device state
1108 */
mei_set_devstate(struct mei_device * dev,enum mei_dev_state state)1109 void mei_set_devstate(struct mei_device *dev, enum mei_dev_state state)
1110 {
1111 struct device *clsdev;
1112
1113 if (dev->dev_state == state)
1114 return;
1115
1116 dev->dev_state = state;
1117
1118 clsdev = class_find_device_by_devt(&mei_class, dev->cdev.dev);
1119 if (clsdev) {
1120 sysfs_notify(&clsdev->kobj, NULL, "dev_state");
1121 put_device(clsdev);
1122 }
1123 }
1124
1125 /**
1126 * kind_show - display device kind
1127 *
1128 * @device: device pointer
1129 * @attr: attribute pointer
1130 * @buf: char out buffer
1131 *
1132 * Return: number of the bytes printed into buf or error
1133 */
kind_show(struct device * device,struct device_attribute * attr,char * buf)1134 static ssize_t kind_show(struct device *device,
1135 struct device_attribute *attr, char *buf)
1136 {
1137 struct mei_device *dev = dev_get_drvdata(device);
1138 ssize_t ret;
1139
1140 if (dev->kind)
1141 ret = sprintf(buf, "%s\n", dev->kind);
1142 else
1143 ret = sprintf(buf, "%s\n", "mei");
1144
1145 return ret;
1146 }
1147 static DEVICE_ATTR_RO(kind);
1148
1149 static struct attribute *mei_attrs[] = {
1150 &dev_attr_fw_status.attr,
1151 &dev_attr_hbm_ver.attr,
1152 &dev_attr_hbm_ver_drv.attr,
1153 &dev_attr_tx_queue_limit.attr,
1154 &dev_attr_fw_ver.attr,
1155 &dev_attr_dev_state.attr,
1156 &dev_attr_trc.attr,
1157 &dev_attr_kind.attr,
1158 NULL
1159 };
1160 ATTRIBUTE_GROUPS(mei);
1161
1162 /*
1163 * file operations structure will be used for mei char device.
1164 */
1165 static const struct file_operations mei_fops = {
1166 .owner = THIS_MODULE,
1167 .read = mei_read,
1168 .unlocked_ioctl = mei_ioctl,
1169 .compat_ioctl = compat_ptr_ioctl,
1170 .open = mei_open,
1171 .release = mei_release,
1172 .write = mei_write,
1173 .poll = mei_poll,
1174 .fsync = mei_fsync,
1175 .fasync = mei_fasync,
1176 };
1177
1178 /**
1179 * mei_minor_get - obtain next free device minor number
1180 *
1181 * @dev: device pointer
1182 *
1183 * Return: allocated minor, or -ENOSPC if no free minor left
1184 */
mei_minor_get(struct mei_device * dev)1185 static int mei_minor_get(struct mei_device *dev)
1186 {
1187 int ret;
1188
1189 mutex_lock(&mei_minor_lock);
1190 ret = idr_alloc(&mei_idr, dev, 0, MEI_MAX_DEVS, GFP_KERNEL);
1191 if (ret >= 0)
1192 dev->minor = ret;
1193 else if (ret == -ENOSPC)
1194 dev_err(dev->dev, "too many mei devices\n");
1195
1196 mutex_unlock(&mei_minor_lock);
1197 return ret;
1198 }
1199
1200 /**
1201 * mei_minor_free - mark device minor number as free
1202 *
1203 * @dev: device pointer
1204 */
mei_minor_free(struct mei_device * dev)1205 static void mei_minor_free(struct mei_device *dev)
1206 {
1207 mutex_lock(&mei_minor_lock);
1208 idr_remove(&mei_idr, dev->minor);
1209 mutex_unlock(&mei_minor_lock);
1210 }
1211
mei_register(struct mei_device * dev,struct device * parent)1212 int mei_register(struct mei_device *dev, struct device *parent)
1213 {
1214 struct device *clsdev; /* class device */
1215 int ret, devno;
1216
1217 ret = mei_minor_get(dev);
1218 if (ret < 0)
1219 return ret;
1220
1221 /* Fill in the data structures */
1222 devno = MKDEV(MAJOR(mei_devt), dev->minor);
1223 cdev_init(&dev->cdev, &mei_fops);
1224 dev->cdev.owner = parent->driver->owner;
1225
1226 /* Add the device */
1227 ret = cdev_add(&dev->cdev, devno, 1);
1228 if (ret) {
1229 dev_err(parent, "unable to add device %d:%d\n",
1230 MAJOR(mei_devt), dev->minor);
1231 goto err_dev_add;
1232 }
1233
1234 clsdev = device_create_with_groups(&mei_class, parent, devno,
1235 dev, mei_groups,
1236 "mei%d", dev->minor);
1237
1238 if (IS_ERR(clsdev)) {
1239 dev_err(parent, "unable to create device %d:%d\n",
1240 MAJOR(mei_devt), dev->minor);
1241 ret = PTR_ERR(clsdev);
1242 goto err_dev_create;
1243 }
1244
1245 mei_dbgfs_register(dev, dev_name(clsdev));
1246
1247 return 0;
1248
1249 err_dev_create:
1250 cdev_del(&dev->cdev);
1251 err_dev_add:
1252 mei_minor_free(dev);
1253 return ret;
1254 }
1255 EXPORT_SYMBOL_GPL(mei_register);
1256
mei_deregister(struct mei_device * dev)1257 void mei_deregister(struct mei_device *dev)
1258 {
1259 int devno;
1260
1261 devno = dev->cdev.dev;
1262 cdev_del(&dev->cdev);
1263
1264 mei_dbgfs_deregister(dev);
1265
1266 device_destroy(&mei_class, devno);
1267
1268 mei_minor_free(dev);
1269 }
1270 EXPORT_SYMBOL_GPL(mei_deregister);
1271
mei_init(void)1272 static int __init mei_init(void)
1273 {
1274 int ret;
1275
1276 ret = class_register(&mei_class);
1277 if (ret)
1278 return ret;
1279
1280 ret = alloc_chrdev_region(&mei_devt, 0, MEI_MAX_DEVS, "mei");
1281 if (ret < 0) {
1282 pr_err("unable to allocate char dev region\n");
1283 goto err_class;
1284 }
1285
1286 ret = mei_cl_bus_init();
1287 if (ret < 0) {
1288 pr_err("unable to initialize bus\n");
1289 goto err_chrdev;
1290 }
1291
1292 return 0;
1293
1294 err_chrdev:
1295 unregister_chrdev_region(mei_devt, MEI_MAX_DEVS);
1296 err_class:
1297 class_unregister(&mei_class);
1298 return ret;
1299 }
1300
mei_exit(void)1301 static void __exit mei_exit(void)
1302 {
1303 unregister_chrdev_region(mei_devt, MEI_MAX_DEVS);
1304 class_unregister(&mei_class);
1305 mei_cl_bus_exit();
1306 }
1307
1308 module_init(mei_init);
1309 module_exit(mei_exit);
1310
1311 MODULE_AUTHOR("Intel Corporation");
1312 MODULE_DESCRIPTION("Intel(R) Management Engine Interface");
1313 MODULE_LICENSE("GPL v2");
1314
1315