1 /* 2 * 3 * Intel Management Engine Interface (Intel MEI) Linux driver 4 * Copyright (c) 2003-2012, Intel Corporation. 5 * 6 * This program is free software; you can redistribute it and/or modify it 7 * under the terms and conditions of the GNU General Public License, 8 * version 2, as published by the Free Software Foundation. 9 * 10 * This program is distributed in the hope it will be useful, but WITHOUT 11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for 13 * more details. 14 * 15 */ 16 17 18 #include <linux/export.h> 19 #include <linux/kthread.h> 20 #include <linux/interrupt.h> 21 #include <linux/fs.h> 22 #include <linux/jiffies.h> 23 #include <linux/slab.h> 24 #include <linux/pm_runtime.h> 25 26 #include <linux/mei.h> 27 28 #include "mei_dev.h" 29 #include "hbm.h" 30 #include "client.h" 31 32 33 /** 34 * mei_irq_compl_handler - dispatch complete handlers 35 * for the completed callbacks 36 * 37 * @dev: mei device 38 * @cmpl_list: list of completed cbs 39 */ 40 void mei_irq_compl_handler(struct mei_device *dev, struct list_head *cmpl_list) 41 { 42 struct mei_cl_cb *cb, *next; 43 struct mei_cl *cl; 44 45 list_for_each_entry_safe(cb, next, cmpl_list, list) { 46 cl = cb->cl; 47 list_del_init(&cb->list); 48 49 dev_dbg(dev->dev, "completing call back.\n"); 50 mei_cl_complete(cl, cb); 51 } 52 } 53 EXPORT_SYMBOL_GPL(mei_irq_compl_handler); 54 55 /** 56 * mei_cl_hbm_equal - check if hbm is addressed to the client 57 * 58 * @cl: host client 59 * @mei_hdr: header of mei client message 60 * 61 * Return: true if matches, false otherwise 62 */ 63 static inline int mei_cl_hbm_equal(struct mei_cl *cl, 64 struct mei_msg_hdr *mei_hdr) 65 { 66 return mei_cl_host_addr(cl) == mei_hdr->host_addr && 67 mei_cl_me_id(cl) == mei_hdr->me_addr; 68 } 69 70 /** 71 * mei_irq_discard_msg - discard received message 72 * 73 * @dev: mei device 74 * @hdr: message header 75 */ 76 static void mei_irq_discard_msg(struct mei_device *dev, struct mei_msg_hdr *hdr) 77 { 78 /* 79 * no need to check for size as it is guarantied 80 * that length fits into rd_msg_buf 81 */ 82 mei_read_slots(dev, dev->rd_msg_buf, hdr->length); 83 dev_dbg(dev->dev, "discarding message " MEI_HDR_FMT "\n", 84 MEI_HDR_PRM(hdr)); 85 } 86 87 /** 88 * mei_cl_irq_read_msg - process client message 89 * 90 * @cl: reading client 91 * @mei_hdr: header of mei client message 92 * @cmpl_list: completion list 93 * 94 * Return: always 0 95 */ 96 static int mei_cl_irq_read_msg(struct mei_cl *cl, 97 struct mei_msg_hdr *mei_hdr, 98 struct list_head *cmpl_list) 99 { 100 struct mei_device *dev = cl->dev; 101 struct mei_cl_cb *cb; 102 size_t buf_sz; 103 104 cb = list_first_entry_or_null(&cl->rd_pending, struct mei_cl_cb, list); 105 if (!cb) { 106 if (!mei_cl_is_fixed_address(cl)) { 107 cl_err(dev, cl, "pending read cb not found\n"); 108 goto discard; 109 } 110 cb = mei_cl_alloc_cb(cl, mei_cl_mtu(cl), MEI_FOP_READ, cl->fp); 111 if (!cb) 112 goto discard; 113 list_add_tail(&cb->list, &cl->rd_pending); 114 } 115 116 if (!mei_cl_is_connected(cl)) { 117 cl_dbg(dev, cl, "not connected\n"); 118 cb->status = -ENODEV; 119 goto discard; 120 } 121 122 buf_sz = mei_hdr->length + cb->buf_idx; 123 /* catch for integer overflow */ 124 if (buf_sz < cb->buf_idx) { 125 cl_err(dev, cl, "message is too big len %d idx %zu\n", 126 mei_hdr->length, cb->buf_idx); 127 cb->status = -EMSGSIZE; 128 goto discard; 129 } 130 131 if (cb->buf.size < buf_sz) { 132 cl_dbg(dev, cl, "message overflow. size %zu len %d idx %zu\n", 133 cb->buf.size, mei_hdr->length, cb->buf_idx); 134 cb->status = -EMSGSIZE; 135 goto discard; 136 } 137 138 mei_read_slots(dev, cb->buf.data + cb->buf_idx, mei_hdr->length); 139 140 cb->buf_idx += mei_hdr->length; 141 142 if (mei_hdr->msg_complete) { 143 cl_dbg(dev, cl, "completed read length = %zu\n", cb->buf_idx); 144 list_move_tail(&cb->list, cmpl_list); 145 } else { 146 pm_runtime_mark_last_busy(dev->dev); 147 pm_request_autosuspend(dev->dev); 148 } 149 150 return 0; 151 152 discard: 153 if (cb) 154 list_move_tail(&cb->list, cmpl_list); 155 mei_irq_discard_msg(dev, mei_hdr); 156 return 0; 157 } 158 159 /** 160 * mei_cl_irq_disconnect_rsp - send disconnection response message 161 * 162 * @cl: client 163 * @cb: callback block. 164 * @cmpl_list: complete list. 165 * 166 * Return: 0, OK; otherwise, error. 167 */ 168 static int mei_cl_irq_disconnect_rsp(struct mei_cl *cl, struct mei_cl_cb *cb, 169 struct list_head *cmpl_list) 170 { 171 struct mei_device *dev = cl->dev; 172 u32 msg_slots; 173 int slots; 174 int ret; 175 176 slots = mei_hbuf_empty_slots(dev); 177 msg_slots = mei_data2slots(sizeof(struct hbm_client_connect_response)); 178 179 if (slots < msg_slots) 180 return -EMSGSIZE; 181 182 ret = mei_hbm_cl_disconnect_rsp(dev, cl); 183 list_move_tail(&cb->list, cmpl_list); 184 185 return ret; 186 } 187 188 /** 189 * mei_cl_irq_read - processes client read related operation from the 190 * interrupt thread context - request for flow control credits 191 * 192 * @cl: client 193 * @cb: callback block. 194 * @cmpl_list: complete list. 195 * 196 * Return: 0, OK; otherwise, error. 197 */ 198 static int mei_cl_irq_read(struct mei_cl *cl, struct mei_cl_cb *cb, 199 struct list_head *cmpl_list) 200 { 201 struct mei_device *dev = cl->dev; 202 u32 msg_slots; 203 int slots; 204 int ret; 205 206 if (!list_empty(&cl->rd_pending)) 207 return 0; 208 209 msg_slots = mei_data2slots(sizeof(struct hbm_flow_control)); 210 slots = mei_hbuf_empty_slots(dev); 211 212 if (slots < msg_slots) 213 return -EMSGSIZE; 214 215 ret = mei_hbm_cl_flow_control_req(dev, cl); 216 if (ret) { 217 cl->status = ret; 218 cb->buf_idx = 0; 219 list_move_tail(&cb->list, cmpl_list); 220 return ret; 221 } 222 223 list_move_tail(&cb->list, &cl->rd_pending); 224 225 return 0; 226 } 227 228 static inline bool hdr_is_hbm(struct mei_msg_hdr *mei_hdr) 229 { 230 return mei_hdr->host_addr == 0 && mei_hdr->me_addr == 0; 231 } 232 233 static inline bool hdr_is_fixed(struct mei_msg_hdr *mei_hdr) 234 { 235 return mei_hdr->host_addr == 0 && mei_hdr->me_addr != 0; 236 } 237 238 static inline int hdr_is_valid(u32 msg_hdr) 239 { 240 struct mei_msg_hdr *mei_hdr; 241 242 mei_hdr = (struct mei_msg_hdr *)&msg_hdr; 243 if (!msg_hdr || mei_hdr->reserved) 244 return -EBADMSG; 245 246 return 0; 247 } 248 249 /** 250 * mei_irq_read_handler - bottom half read routine after ISR to 251 * handle the read processing. 252 * 253 * @dev: the device structure 254 * @cmpl_list: An instance of our list structure 255 * @slots: slots to read. 256 * 257 * Return: 0 on success, <0 on failure. 258 */ 259 int mei_irq_read_handler(struct mei_device *dev, 260 struct list_head *cmpl_list, s32 *slots) 261 { 262 struct mei_msg_hdr *mei_hdr; 263 struct mei_cl *cl; 264 int ret; 265 266 if (!dev->rd_msg_hdr) { 267 dev->rd_msg_hdr = mei_read_hdr(dev); 268 (*slots)--; 269 dev_dbg(dev->dev, "slots =%08x.\n", *slots); 270 271 ret = hdr_is_valid(dev->rd_msg_hdr); 272 if (ret) { 273 dev_err(dev->dev, "corrupted message header 0x%08X\n", 274 dev->rd_msg_hdr); 275 goto end; 276 } 277 } 278 279 mei_hdr = (struct mei_msg_hdr *)&dev->rd_msg_hdr; 280 dev_dbg(dev->dev, MEI_HDR_FMT, MEI_HDR_PRM(mei_hdr)); 281 282 if (mei_slots2data(*slots) < mei_hdr->length) { 283 dev_err(dev->dev, "less data available than length=%08x.\n", 284 *slots); 285 /* we can't read the message */ 286 ret = -ENODATA; 287 goto end; 288 } 289 290 /* HBM message */ 291 if (hdr_is_hbm(mei_hdr)) { 292 ret = mei_hbm_dispatch(dev, mei_hdr); 293 if (ret) { 294 dev_dbg(dev->dev, "mei_hbm_dispatch failed ret = %d\n", 295 ret); 296 goto end; 297 } 298 goto reset_slots; 299 } 300 301 /* find recipient cl */ 302 list_for_each_entry(cl, &dev->file_list, link) { 303 if (mei_cl_hbm_equal(cl, mei_hdr)) { 304 cl_dbg(dev, cl, "got a message\n"); 305 break; 306 } 307 } 308 309 /* if no recipient cl was found we assume corrupted header */ 310 if (&cl->link == &dev->file_list) { 311 /* A message for not connected fixed address clients 312 * should be silently discarded 313 * On power down client may be force cleaned, 314 * silently discard such messages 315 */ 316 if (hdr_is_fixed(mei_hdr) || 317 dev->dev_state == MEI_DEV_POWER_DOWN) { 318 mei_irq_discard_msg(dev, mei_hdr); 319 ret = 0; 320 goto reset_slots; 321 } 322 dev_err(dev->dev, "no destination client found 0x%08X\n", 323 dev->rd_msg_hdr); 324 ret = -EBADMSG; 325 goto end; 326 } 327 328 ret = mei_cl_irq_read_msg(cl, mei_hdr, cmpl_list); 329 330 331 reset_slots: 332 /* reset the number of slots and header */ 333 *slots = mei_count_full_read_slots(dev); 334 dev->rd_msg_hdr = 0; 335 336 if (*slots == -EOVERFLOW) { 337 /* overflow - reset */ 338 dev_err(dev->dev, "resetting due to slots overflow.\n"); 339 /* set the event since message has been read */ 340 ret = -ERANGE; 341 goto end; 342 } 343 end: 344 return ret; 345 } 346 EXPORT_SYMBOL_GPL(mei_irq_read_handler); 347 348 349 /** 350 * mei_irq_write_handler - dispatch write requests 351 * after irq received 352 * 353 * @dev: the device structure 354 * @cmpl_list: An instance of our list structure 355 * 356 * Return: 0 on success, <0 on failure. 357 */ 358 int mei_irq_write_handler(struct mei_device *dev, struct list_head *cmpl_list) 359 { 360 361 struct mei_cl *cl; 362 struct mei_cl_cb *cb, *next; 363 s32 slots; 364 int ret; 365 366 367 if (!mei_hbuf_acquire(dev)) 368 return 0; 369 370 slots = mei_hbuf_empty_slots(dev); 371 if (slots <= 0) 372 return -EMSGSIZE; 373 374 /* complete all waiting for write CB */ 375 dev_dbg(dev->dev, "complete all waiting for write cb.\n"); 376 377 list_for_each_entry_safe(cb, next, &dev->write_waiting_list, list) { 378 cl = cb->cl; 379 380 cl->status = 0; 381 cl_dbg(dev, cl, "MEI WRITE COMPLETE\n"); 382 cl->writing_state = MEI_WRITE_COMPLETE; 383 list_move_tail(&cb->list, cmpl_list); 384 } 385 386 /* complete control write list CB */ 387 dev_dbg(dev->dev, "complete control write list cb.\n"); 388 list_for_each_entry_safe(cb, next, &dev->ctrl_wr_list, list) { 389 cl = cb->cl; 390 switch (cb->fop_type) { 391 case MEI_FOP_DISCONNECT: 392 /* send disconnect message */ 393 ret = mei_cl_irq_disconnect(cl, cb, cmpl_list); 394 if (ret) 395 return ret; 396 397 break; 398 case MEI_FOP_READ: 399 /* send flow control message */ 400 ret = mei_cl_irq_read(cl, cb, cmpl_list); 401 if (ret) 402 return ret; 403 404 break; 405 case MEI_FOP_CONNECT: 406 /* connect message */ 407 ret = mei_cl_irq_connect(cl, cb, cmpl_list); 408 if (ret) 409 return ret; 410 411 break; 412 case MEI_FOP_DISCONNECT_RSP: 413 /* send disconnect resp */ 414 ret = mei_cl_irq_disconnect_rsp(cl, cb, cmpl_list); 415 if (ret) 416 return ret; 417 break; 418 419 case MEI_FOP_NOTIFY_START: 420 case MEI_FOP_NOTIFY_STOP: 421 ret = mei_cl_irq_notify(cl, cb, cmpl_list); 422 if (ret) 423 return ret; 424 break; 425 default: 426 BUG(); 427 } 428 429 } 430 /* complete write list CB */ 431 dev_dbg(dev->dev, "complete write list cb.\n"); 432 list_for_each_entry_safe(cb, next, &dev->write_list, list) { 433 cl = cb->cl; 434 ret = mei_cl_irq_write(cl, cb, cmpl_list); 435 if (ret) 436 return ret; 437 } 438 return 0; 439 } 440 EXPORT_SYMBOL_GPL(mei_irq_write_handler); 441 442 443 /** 444 * mei_connect_timeout - connect/disconnect timeouts 445 * 446 * @cl: host client 447 */ 448 static void mei_connect_timeout(struct mei_cl *cl) 449 { 450 struct mei_device *dev = cl->dev; 451 452 if (cl->state == MEI_FILE_CONNECTING) { 453 if (dev->hbm_f_dot_supported) { 454 cl->state = MEI_FILE_DISCONNECT_REQUIRED; 455 wake_up(&cl->wait); 456 return; 457 } 458 } 459 mei_reset(dev); 460 } 461 462 #define MEI_STALL_TIMER_FREQ (2 * HZ) 463 /** 464 * mei_schedule_stall_timer - re-arm stall_timer work 465 * 466 * Schedule stall timer 467 * 468 * @dev: the device structure 469 */ 470 void mei_schedule_stall_timer(struct mei_device *dev) 471 { 472 schedule_delayed_work(&dev->timer_work, MEI_STALL_TIMER_FREQ); 473 } 474 475 /** 476 * mei_timer - timer function. 477 * 478 * @work: pointer to the work_struct structure 479 * 480 */ 481 void mei_timer(struct work_struct *work) 482 { 483 struct mei_cl *cl; 484 struct mei_device *dev = container_of(work, 485 struct mei_device, timer_work.work); 486 bool reschedule_timer = false; 487 488 mutex_lock(&dev->device_lock); 489 490 /* Catch interrupt stalls during HBM init handshake */ 491 if (dev->dev_state == MEI_DEV_INIT_CLIENTS && 492 dev->hbm_state != MEI_HBM_IDLE) { 493 494 if (dev->init_clients_timer) { 495 if (--dev->init_clients_timer == 0) { 496 dev_err(dev->dev, "timer: init clients timeout hbm_state = %d.\n", 497 dev->hbm_state); 498 mei_reset(dev); 499 goto out; 500 } 501 reschedule_timer = true; 502 } 503 } 504 505 if (dev->dev_state != MEI_DEV_ENABLED) 506 goto out; 507 508 /*** connect/disconnect timeouts ***/ 509 list_for_each_entry(cl, &dev->file_list, link) { 510 if (cl->timer_count) { 511 if (--cl->timer_count == 0) { 512 dev_err(dev->dev, "timer: connect/disconnect timeout.\n"); 513 mei_connect_timeout(cl); 514 goto out; 515 } 516 reschedule_timer = true; 517 } 518 } 519 520 out: 521 if (dev->dev_state != MEI_DEV_DISABLED && reschedule_timer) 522 mei_schedule_stall_timer(dev); 523 524 mutex_unlock(&dev->device_lock); 525 } 526