xref: /linux/drivers/misc/mei/interrupt.c (revision a4eb44a6435d6d8f9e642407a4a06f65eb90ca04)
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * Copyright (c) 2003-2018, Intel Corporation. All rights reserved.
4  * Intel Management Engine Interface (Intel MEI) Linux driver
5  */
6 
7 #include <linux/export.h>
8 #include <linux/kthread.h>
9 #include <linux/interrupt.h>
10 #include <linux/fs.h>
11 #include <linux/jiffies.h>
12 #include <linux/slab.h>
13 #include <linux/pm_runtime.h>
14 
15 #include <linux/mei.h>
16 
17 #include "mei_dev.h"
18 #include "hbm.h"
19 #include "client.h"
20 
21 
22 /**
23  * mei_irq_compl_handler - dispatch complete handlers
24  *	for the completed callbacks
25  *
26  * @dev: mei device
27  * @cmpl_list: list of completed cbs
28  */
29 void mei_irq_compl_handler(struct mei_device *dev, struct list_head *cmpl_list)
30 {
31 	struct mei_cl_cb *cb, *next;
32 	struct mei_cl *cl;
33 
34 	list_for_each_entry_safe(cb, next, cmpl_list, list) {
35 		cl = cb->cl;
36 		list_del_init(&cb->list);
37 
38 		dev_dbg(dev->dev, "completing call back.\n");
39 		mei_cl_complete(cl, cb);
40 	}
41 }
42 EXPORT_SYMBOL_GPL(mei_irq_compl_handler);
43 
44 /**
45  * mei_cl_hbm_equal - check if hbm is addressed to the client
46  *
47  * @cl: host client
48  * @mei_hdr: header of mei client message
49  *
50  * Return: true if matches, false otherwise
51  */
52 static inline int mei_cl_hbm_equal(struct mei_cl *cl,
53 			struct mei_msg_hdr *mei_hdr)
54 {
55 	return  mei_cl_host_addr(cl) == mei_hdr->host_addr &&
56 		mei_cl_me_id(cl) == mei_hdr->me_addr;
57 }
58 
59 /**
60  * mei_irq_discard_msg  - discard received message
61  *
62  * @dev: mei device
63  * @hdr: message header
64  * @discard_len: the length of the message to discard (excluding header)
65  */
66 static void mei_irq_discard_msg(struct mei_device *dev, struct mei_msg_hdr *hdr,
67 				size_t discard_len)
68 {
69 	if (hdr->dma_ring) {
70 		mei_dma_ring_read(dev, NULL,
71 				  hdr->extension[dev->rd_msg_hdr_count - 2]);
72 		discard_len = 0;
73 	}
74 	/*
75 	 * no need to check for size as it is guarantied
76 	 * that length fits into rd_msg_buf
77 	 */
78 	mei_read_slots(dev, dev->rd_msg_buf, discard_len);
79 	dev_dbg(dev->dev, "discarding message " MEI_HDR_FMT "\n",
80 		MEI_HDR_PRM(hdr));
81 }
82 
83 /**
84  * mei_cl_irq_read_msg - process client message
85  *
86  * @cl: reading client
87  * @mei_hdr: header of mei client message
88  * @meta: extend meta header
89  * @cmpl_list: completion list
90  *
91  * Return: always 0
92  */
93 static int mei_cl_irq_read_msg(struct mei_cl *cl,
94 			       struct mei_msg_hdr *mei_hdr,
95 			       struct mei_ext_meta_hdr *meta,
96 			       struct list_head *cmpl_list)
97 {
98 	struct mei_device *dev = cl->dev;
99 	struct mei_cl_cb *cb;
100 
101 	size_t buf_sz;
102 	u32 length;
103 	int ext_len;
104 
105 	length = mei_hdr->length;
106 	ext_len = 0;
107 	if (mei_hdr->extended) {
108 		ext_len = sizeof(*meta) + mei_slots2data(meta->size);
109 		length -= ext_len;
110 	}
111 
112 	cb = list_first_entry_or_null(&cl->rd_pending, struct mei_cl_cb, list);
113 	if (!cb) {
114 		if (!mei_cl_is_fixed_address(cl)) {
115 			cl_err(dev, cl, "pending read cb not found\n");
116 			goto discard;
117 		}
118 		cb = mei_cl_alloc_cb(cl, mei_cl_mtu(cl), MEI_FOP_READ, cl->fp);
119 		if (!cb)
120 			goto discard;
121 		list_add_tail(&cb->list, &cl->rd_pending);
122 	}
123 
124 	if (mei_hdr->extended) {
125 		struct mei_ext_hdr *ext;
126 		struct mei_ext_hdr_vtag *vtag_hdr = NULL;
127 
128 		ext = mei_ext_begin(meta);
129 		do {
130 			switch (ext->type) {
131 			case MEI_EXT_HDR_VTAG:
132 				vtag_hdr = (struct mei_ext_hdr_vtag *)ext;
133 				break;
134 			case MEI_EXT_HDR_NONE:
135 				fallthrough;
136 			default:
137 				cb->status = -EPROTO;
138 				break;
139 			}
140 
141 			ext = mei_ext_next(ext);
142 		} while (!mei_ext_last(meta, ext));
143 
144 		if (!vtag_hdr) {
145 			cl_dbg(dev, cl, "vtag not found in extended header.\n");
146 			cb->status = -EPROTO;
147 			goto discard;
148 		}
149 
150 		cl_dbg(dev, cl, "vtag: %d\n", vtag_hdr->vtag);
151 		if (cb->vtag && cb->vtag != vtag_hdr->vtag) {
152 			cl_err(dev, cl, "mismatched tag: %d != %d\n",
153 			       cb->vtag, vtag_hdr->vtag);
154 			cb->status = -EPROTO;
155 			goto discard;
156 		}
157 		cb->vtag = vtag_hdr->vtag;
158 	}
159 
160 	if (!mei_cl_is_connected(cl)) {
161 		cl_dbg(dev, cl, "not connected\n");
162 		cb->status = -ENODEV;
163 		goto discard;
164 	}
165 
166 	if (mei_hdr->dma_ring)
167 		length = mei_hdr->extension[mei_data2slots(ext_len)];
168 
169 	buf_sz = length + cb->buf_idx;
170 	/* catch for integer overflow */
171 	if (buf_sz < cb->buf_idx) {
172 		cl_err(dev, cl, "message is too big len %d idx %zu\n",
173 		       length, cb->buf_idx);
174 		cb->status = -EMSGSIZE;
175 		goto discard;
176 	}
177 
178 	if (cb->buf.size < buf_sz) {
179 		cl_dbg(dev, cl, "message overflow. size %zu len %d idx %zu\n",
180 			cb->buf.size, length, cb->buf_idx);
181 		cb->status = -EMSGSIZE;
182 		goto discard;
183 	}
184 
185 	if (mei_hdr->dma_ring) {
186 		mei_dma_ring_read(dev, cb->buf.data + cb->buf_idx, length);
187 		/*  for DMA read 0 length to generate interrupt to the device */
188 		mei_read_slots(dev, cb->buf.data + cb->buf_idx, 0);
189 	} else {
190 		mei_read_slots(dev, cb->buf.data + cb->buf_idx, length);
191 	}
192 
193 	cb->buf_idx += length;
194 
195 	if (mei_hdr->msg_complete) {
196 		cl_dbg(dev, cl, "completed read length = %zu\n", cb->buf_idx);
197 		list_move_tail(&cb->list, cmpl_list);
198 	} else {
199 		pm_runtime_mark_last_busy(dev->dev);
200 		pm_request_autosuspend(dev->dev);
201 	}
202 
203 	return 0;
204 
205 discard:
206 	if (cb)
207 		list_move_tail(&cb->list, cmpl_list);
208 	mei_irq_discard_msg(dev, mei_hdr, length);
209 	return 0;
210 }
211 
212 /**
213  * mei_cl_irq_disconnect_rsp - send disconnection response message
214  *
215  * @cl: client
216  * @cb: callback block.
217  * @cmpl_list: complete list.
218  *
219  * Return: 0, OK; otherwise, error.
220  */
221 static int mei_cl_irq_disconnect_rsp(struct mei_cl *cl, struct mei_cl_cb *cb,
222 				     struct list_head *cmpl_list)
223 {
224 	struct mei_device *dev = cl->dev;
225 	u32 msg_slots;
226 	int slots;
227 	int ret;
228 
229 	msg_slots = mei_hbm2slots(sizeof(struct hbm_client_connect_response));
230 	slots = mei_hbuf_empty_slots(dev);
231 	if (slots < 0)
232 		return -EOVERFLOW;
233 
234 	if ((u32)slots < msg_slots)
235 		return -EMSGSIZE;
236 
237 	ret = mei_hbm_cl_disconnect_rsp(dev, cl);
238 	list_move_tail(&cb->list, cmpl_list);
239 
240 	return ret;
241 }
242 
243 /**
244  * mei_cl_irq_read - processes client read related operation from the
245  *	interrupt thread context - request for flow control credits
246  *
247  * @cl: client
248  * @cb: callback block.
249  * @cmpl_list: complete list.
250  *
251  * Return: 0, OK; otherwise, error.
252  */
253 static int mei_cl_irq_read(struct mei_cl *cl, struct mei_cl_cb *cb,
254 			   struct list_head *cmpl_list)
255 {
256 	struct mei_device *dev = cl->dev;
257 	u32 msg_slots;
258 	int slots;
259 	int ret;
260 
261 	if (!list_empty(&cl->rd_pending))
262 		return 0;
263 
264 	msg_slots = mei_hbm2slots(sizeof(struct hbm_flow_control));
265 	slots = mei_hbuf_empty_slots(dev);
266 	if (slots < 0)
267 		return -EOVERFLOW;
268 
269 	if ((u32)slots < msg_slots)
270 		return -EMSGSIZE;
271 
272 	ret = mei_hbm_cl_flow_control_req(dev, cl);
273 	if (ret) {
274 		cl->status = ret;
275 		cb->buf_idx = 0;
276 		list_move_tail(&cb->list, cmpl_list);
277 		return ret;
278 	}
279 
280 	pm_runtime_mark_last_busy(dev->dev);
281 	pm_request_autosuspend(dev->dev);
282 
283 	list_move_tail(&cb->list, &cl->rd_pending);
284 
285 	return 0;
286 }
287 
288 static inline bool hdr_is_hbm(struct mei_msg_hdr *mei_hdr)
289 {
290 	return mei_hdr->host_addr == 0 && mei_hdr->me_addr == 0;
291 }
292 
293 static inline bool hdr_is_fixed(struct mei_msg_hdr *mei_hdr)
294 {
295 	return mei_hdr->host_addr == 0 && mei_hdr->me_addr != 0;
296 }
297 
298 static inline int hdr_is_valid(u32 msg_hdr)
299 {
300 	struct mei_msg_hdr *mei_hdr;
301 	u32 expected_len = 0;
302 
303 	mei_hdr = (struct mei_msg_hdr *)&msg_hdr;
304 	if (!msg_hdr || mei_hdr->reserved)
305 		return -EBADMSG;
306 
307 	if (mei_hdr->dma_ring)
308 		expected_len += MEI_SLOT_SIZE;
309 	if (mei_hdr->extended)
310 		expected_len += MEI_SLOT_SIZE;
311 	if (mei_hdr->length < expected_len)
312 		return -EBADMSG;
313 
314 	return 0;
315 }
316 
317 /**
318  * mei_irq_read_handler - bottom half read routine after ISR to
319  * handle the read processing.
320  *
321  * @dev: the device structure
322  * @cmpl_list: An instance of our list structure
323  * @slots: slots to read.
324  *
325  * Return: 0 on success, <0 on failure.
326  */
327 int mei_irq_read_handler(struct mei_device *dev,
328 			 struct list_head *cmpl_list, s32 *slots)
329 {
330 	struct mei_msg_hdr *mei_hdr;
331 	struct mei_ext_meta_hdr *meta_hdr = NULL;
332 	struct mei_cl *cl;
333 	int ret;
334 	u32 hdr_size_left;
335 	u32 hdr_size_ext;
336 	int i;
337 	int ext_hdr_end;
338 
339 	if (!dev->rd_msg_hdr[0]) {
340 		dev->rd_msg_hdr[0] = mei_read_hdr(dev);
341 		dev->rd_msg_hdr_count = 1;
342 		(*slots)--;
343 		dev_dbg(dev->dev, "slots =%08x.\n", *slots);
344 
345 		ret = hdr_is_valid(dev->rd_msg_hdr[0]);
346 		if (ret) {
347 			dev_err(dev->dev, "corrupted message header 0x%08X\n",
348 				dev->rd_msg_hdr[0]);
349 			goto end;
350 		}
351 	}
352 
353 	mei_hdr = (struct mei_msg_hdr *)dev->rd_msg_hdr;
354 	dev_dbg(dev->dev, MEI_HDR_FMT, MEI_HDR_PRM(mei_hdr));
355 
356 	if (mei_slots2data(*slots) < mei_hdr->length) {
357 		dev_err(dev->dev, "less data available than length=%08x.\n",
358 				*slots);
359 		/* we can't read the message */
360 		ret = -ENODATA;
361 		goto end;
362 	}
363 
364 	ext_hdr_end = 1;
365 	hdr_size_left = mei_hdr->length;
366 
367 	if (mei_hdr->extended) {
368 		if (!dev->rd_msg_hdr[1]) {
369 			dev->rd_msg_hdr[1] = mei_read_hdr(dev);
370 			dev->rd_msg_hdr_count++;
371 			(*slots)--;
372 			dev_dbg(dev->dev, "extended header is %08x\n", dev->rd_msg_hdr[1]);
373 		}
374 		meta_hdr = ((struct mei_ext_meta_hdr *)&dev->rd_msg_hdr[1]);
375 		if (check_add_overflow((u32)sizeof(*meta_hdr),
376 				       mei_slots2data(meta_hdr->size),
377 				       &hdr_size_ext)) {
378 			dev_err(dev->dev, "extended message size too big %d\n",
379 				meta_hdr->size);
380 			return -EBADMSG;
381 		}
382 		if (hdr_size_left < hdr_size_ext) {
383 			dev_err(dev->dev, "corrupted message header len %d\n",
384 				mei_hdr->length);
385 			return -EBADMSG;
386 		}
387 		hdr_size_left -= hdr_size_ext;
388 
389 		ext_hdr_end = meta_hdr->size + 2;
390 		for (i = dev->rd_msg_hdr_count; i < ext_hdr_end; i++) {
391 			dev->rd_msg_hdr[i] = mei_read_hdr(dev);
392 			dev_dbg(dev->dev, "extended header %d is %08x\n", i,
393 				dev->rd_msg_hdr[i]);
394 			dev->rd_msg_hdr_count++;
395 			(*slots)--;
396 		}
397 	}
398 
399 	if (mei_hdr->dma_ring) {
400 		if (hdr_size_left != sizeof(dev->rd_msg_hdr[ext_hdr_end])) {
401 			dev_err(dev->dev, "corrupted message header len %d\n",
402 				mei_hdr->length);
403 			return -EBADMSG;
404 		}
405 
406 		dev->rd_msg_hdr[ext_hdr_end] = mei_read_hdr(dev);
407 		dev->rd_msg_hdr_count++;
408 		(*slots)--;
409 		mei_hdr->length -= sizeof(dev->rd_msg_hdr[ext_hdr_end]);
410 	}
411 
412 	/*  HBM message */
413 	if (hdr_is_hbm(mei_hdr)) {
414 		ret = mei_hbm_dispatch(dev, mei_hdr);
415 		if (ret) {
416 			dev_dbg(dev->dev, "mei_hbm_dispatch failed ret = %d\n",
417 					ret);
418 			goto end;
419 		}
420 		goto reset_slots;
421 	}
422 
423 	/* find recipient cl */
424 	list_for_each_entry(cl, &dev->file_list, link) {
425 		if (mei_cl_hbm_equal(cl, mei_hdr)) {
426 			cl_dbg(dev, cl, "got a message\n");
427 			break;
428 		}
429 	}
430 
431 	/* if no recipient cl was found we assume corrupted header */
432 	if (&cl->link == &dev->file_list) {
433 		/* A message for not connected fixed address clients
434 		 * should be silently discarded
435 		 * On power down client may be force cleaned,
436 		 * silently discard such messages
437 		 */
438 		if (hdr_is_fixed(mei_hdr) ||
439 		    dev->dev_state == MEI_DEV_POWER_DOWN) {
440 			mei_irq_discard_msg(dev, mei_hdr, mei_hdr->length);
441 			ret = 0;
442 			goto reset_slots;
443 		}
444 		dev_err(dev->dev, "no destination client found 0x%08X\n",
445 				dev->rd_msg_hdr[0]);
446 		ret = -EBADMSG;
447 		goto end;
448 	}
449 
450 	ret = mei_cl_irq_read_msg(cl, mei_hdr, meta_hdr, cmpl_list);
451 
452 
453 reset_slots:
454 	/* reset the number of slots and header */
455 	memset(dev->rd_msg_hdr, 0, sizeof(dev->rd_msg_hdr));
456 	dev->rd_msg_hdr_count = 0;
457 	*slots = mei_count_full_read_slots(dev);
458 	if (*slots == -EOVERFLOW) {
459 		/* overflow - reset */
460 		dev_err(dev->dev, "resetting due to slots overflow.\n");
461 		/* set the event since message has been read */
462 		ret = -ERANGE;
463 		goto end;
464 	}
465 end:
466 	return ret;
467 }
468 EXPORT_SYMBOL_GPL(mei_irq_read_handler);
469 
470 
471 /**
472  * mei_irq_write_handler -  dispatch write requests
473  *  after irq received
474  *
475  * @dev: the device structure
476  * @cmpl_list: An instance of our list structure
477  *
478  * Return: 0 on success, <0 on failure.
479  */
480 int mei_irq_write_handler(struct mei_device *dev, struct list_head *cmpl_list)
481 {
482 
483 	struct mei_cl *cl;
484 	struct mei_cl_cb *cb, *next;
485 	s32 slots;
486 	int ret;
487 
488 
489 	if (!mei_hbuf_acquire(dev))
490 		return 0;
491 
492 	slots = mei_hbuf_empty_slots(dev);
493 	if (slots < 0)
494 		return -EOVERFLOW;
495 
496 	if (slots == 0)
497 		return -EMSGSIZE;
498 
499 	/* complete all waiting for write CB */
500 	dev_dbg(dev->dev, "complete all waiting for write cb.\n");
501 
502 	list_for_each_entry_safe(cb, next, &dev->write_waiting_list, list) {
503 		cl = cb->cl;
504 
505 		cl->status = 0;
506 		cl_dbg(dev, cl, "MEI WRITE COMPLETE\n");
507 		cl->writing_state = MEI_WRITE_COMPLETE;
508 		list_move_tail(&cb->list, cmpl_list);
509 	}
510 
511 	/* complete control write list CB */
512 	dev_dbg(dev->dev, "complete control write list cb.\n");
513 	list_for_each_entry_safe(cb, next, &dev->ctrl_wr_list, list) {
514 		cl = cb->cl;
515 		switch (cb->fop_type) {
516 		case MEI_FOP_DISCONNECT:
517 			/* send disconnect message */
518 			ret = mei_cl_irq_disconnect(cl, cb, cmpl_list);
519 			if (ret)
520 				return ret;
521 
522 			break;
523 		case MEI_FOP_READ:
524 			/* send flow control message */
525 			ret = mei_cl_irq_read(cl, cb, cmpl_list);
526 			if (ret)
527 				return ret;
528 
529 			break;
530 		case MEI_FOP_CONNECT:
531 			/* connect message */
532 			ret = mei_cl_irq_connect(cl, cb, cmpl_list);
533 			if (ret)
534 				return ret;
535 
536 			break;
537 		case MEI_FOP_DISCONNECT_RSP:
538 			/* send disconnect resp */
539 			ret = mei_cl_irq_disconnect_rsp(cl, cb, cmpl_list);
540 			if (ret)
541 				return ret;
542 			break;
543 
544 		case MEI_FOP_NOTIFY_START:
545 		case MEI_FOP_NOTIFY_STOP:
546 			ret = mei_cl_irq_notify(cl, cb, cmpl_list);
547 			if (ret)
548 				return ret;
549 			break;
550 		case MEI_FOP_DMA_MAP:
551 			ret = mei_cl_irq_dma_map(cl, cb, cmpl_list);
552 			if (ret)
553 				return ret;
554 			break;
555 		case MEI_FOP_DMA_UNMAP:
556 			ret = mei_cl_irq_dma_unmap(cl, cb, cmpl_list);
557 			if (ret)
558 				return ret;
559 			break;
560 		default:
561 			BUG();
562 		}
563 
564 	}
565 	/* complete  write list CB */
566 	dev_dbg(dev->dev, "complete write list cb.\n");
567 	list_for_each_entry_safe(cb, next, &dev->write_list, list) {
568 		cl = cb->cl;
569 		ret = mei_cl_irq_write(cl, cb, cmpl_list);
570 		if (ret)
571 			return ret;
572 	}
573 	return 0;
574 }
575 EXPORT_SYMBOL_GPL(mei_irq_write_handler);
576 
577 
578 /**
579  * mei_connect_timeout  - connect/disconnect timeouts
580  *
581  * @cl: host client
582  */
583 static void mei_connect_timeout(struct mei_cl *cl)
584 {
585 	struct mei_device *dev = cl->dev;
586 
587 	if (cl->state == MEI_FILE_CONNECTING) {
588 		if (dev->hbm_f_dot_supported) {
589 			cl->state = MEI_FILE_DISCONNECT_REQUIRED;
590 			wake_up(&cl->wait);
591 			return;
592 		}
593 	}
594 	mei_reset(dev);
595 }
596 
597 #define MEI_STALL_TIMER_FREQ (2 * HZ)
598 /**
599  * mei_schedule_stall_timer - re-arm stall_timer work
600  *
601  * Schedule stall timer
602  *
603  * @dev: the device structure
604  */
605 void mei_schedule_stall_timer(struct mei_device *dev)
606 {
607 	schedule_delayed_work(&dev->timer_work, MEI_STALL_TIMER_FREQ);
608 }
609 
610 /**
611  * mei_timer - timer function.
612  *
613  * @work: pointer to the work_struct structure
614  *
615  */
616 void mei_timer(struct work_struct *work)
617 {
618 	struct mei_cl *cl;
619 	struct mei_device *dev = container_of(work,
620 					struct mei_device, timer_work.work);
621 	bool reschedule_timer = false;
622 
623 	mutex_lock(&dev->device_lock);
624 
625 	/* Catch interrupt stalls during HBM init handshake */
626 	if (dev->dev_state == MEI_DEV_INIT_CLIENTS &&
627 	    dev->hbm_state != MEI_HBM_IDLE) {
628 
629 		if (dev->init_clients_timer) {
630 			if (--dev->init_clients_timer == 0) {
631 				dev_err(dev->dev, "timer: init clients timeout hbm_state = %d.\n",
632 					dev->hbm_state);
633 				mei_reset(dev);
634 				goto out;
635 			}
636 			reschedule_timer = true;
637 		}
638 	}
639 
640 	if (dev->dev_state != MEI_DEV_ENABLED)
641 		goto out;
642 
643 	/*** connect/disconnect timeouts ***/
644 	list_for_each_entry(cl, &dev->file_list, link) {
645 		if (cl->timer_count) {
646 			if (--cl->timer_count == 0) {
647 				dev_err(dev->dev, "timer: connect/disconnect timeout.\n");
648 				mei_connect_timeout(cl);
649 				goto out;
650 			}
651 			reschedule_timer = true;
652 		}
653 	}
654 
655 out:
656 	if (dev->dev_state != MEI_DEV_DISABLED && reschedule_timer)
657 		mei_schedule_stall_timer(dev);
658 
659 	mutex_unlock(&dev->device_lock);
660 }
661