1 /* 2 * 3 * Intel Management Engine Interface (Intel MEI) Linux driver 4 * Copyright (c) 2003-2012, Intel Corporation. 5 * 6 * This program is free software; you can redistribute it and/or modify it 7 * under the terms and conditions of the GNU General Public License, 8 * version 2, as published by the Free Software Foundation. 9 * 10 * This program is distributed in the hope it will be useful, but WITHOUT 11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for 13 * more details. 14 * 15 */ 16 #include <linux/module.h> 17 #include <linux/moduleparam.h> 18 #include <linux/kernel.h> 19 #include <linux/device.h> 20 #include <linux/slab.h> 21 #include <linux/fs.h> 22 #include <linux/errno.h> 23 #include <linux/types.h> 24 #include <linux/fcntl.h> 25 #include <linux/poll.h> 26 #include <linux/init.h> 27 #include <linux/ioctl.h> 28 #include <linux/cdev.h> 29 #include <linux/sched.h> 30 #include <linux/uuid.h> 31 #include <linux/compat.h> 32 #include <linux/jiffies.h> 33 #include <linux/interrupt.h> 34 35 #include <linux/mei.h> 36 37 #include "mei_dev.h" 38 #include "client.h" 39 40 /** 41 * mei_open - the open function 42 * 43 * @inode: pointer to inode structure 44 * @file: pointer to file structure 45 * 46 * Return: 0 on success, <0 on error 47 */ 48 static int mei_open(struct inode *inode, struct file *file) 49 { 50 struct mei_device *dev; 51 struct mei_cl *cl; 52 53 int err; 54 55 dev = container_of(inode->i_cdev, struct mei_device, cdev); 56 if (!dev) 57 return -ENODEV; 58 59 mutex_lock(&dev->device_lock); 60 61 if (dev->dev_state != MEI_DEV_ENABLED) { 62 dev_dbg(dev->dev, "dev_state != MEI_ENABLED dev_state = %s\n", 63 mei_dev_state_str(dev->dev_state)); 64 err = -ENODEV; 65 goto err_unlock; 66 } 67 68 cl = mei_cl_alloc_linked(dev, MEI_HOST_CLIENT_ID_ANY); 69 if (IS_ERR(cl)) { 70 err = PTR_ERR(cl); 71 goto err_unlock; 72 } 73 74 file->private_data = cl; 75 76 mutex_unlock(&dev->device_lock); 77 78 return nonseekable_open(inode, file); 79 80 err_unlock: 81 mutex_unlock(&dev->device_lock); 82 return err; 83 } 84 85 /** 86 * mei_release - the release function 87 * 88 * @inode: pointer to inode structure 89 * @file: pointer to file structure 90 * 91 * Return: 0 on success, <0 on error 92 */ 93 static int mei_release(struct inode *inode, struct file *file) 94 { 95 struct mei_cl *cl = file->private_data; 96 struct mei_device *dev; 97 int rets; 98 99 if (WARN_ON(!cl || !cl->dev)) 100 return -ENODEV; 101 102 dev = cl->dev; 103 104 mutex_lock(&dev->device_lock); 105 if (cl == &dev->iamthif_cl) { 106 rets = mei_amthif_release(dev, file); 107 goto out; 108 } 109 rets = mei_cl_disconnect(cl); 110 111 mei_cl_flush_queues(cl, file); 112 cl_dbg(dev, cl, "removing\n"); 113 114 mei_cl_unlink(cl); 115 116 file->private_data = NULL; 117 118 kfree(cl); 119 out: 120 mutex_unlock(&dev->device_lock); 121 return rets; 122 } 123 124 125 /** 126 * mei_read - the read function. 127 * 128 * @file: pointer to file structure 129 * @ubuf: pointer to user buffer 130 * @length: buffer length 131 * @offset: data offset in buffer 132 * 133 * Return: >=0 data length on success , <0 on error 134 */ 135 static ssize_t mei_read(struct file *file, char __user *ubuf, 136 size_t length, loff_t *offset) 137 { 138 struct mei_cl *cl = file->private_data; 139 struct mei_device *dev; 140 struct mei_cl_cb *cb = NULL; 141 int rets; 142 int err; 143 144 145 if (WARN_ON(!cl || !cl->dev)) 146 return -ENODEV; 147 148 dev = cl->dev; 149 150 151 mutex_lock(&dev->device_lock); 152 if (dev->dev_state != MEI_DEV_ENABLED) { 153 rets = -ENODEV; 154 goto out; 155 } 156 157 if (length == 0) { 158 rets = 0; 159 goto out; 160 } 161 162 if (cl == &dev->iamthif_cl) { 163 rets = mei_amthif_read(dev, file, ubuf, length, offset); 164 goto out; 165 } 166 167 cb = mei_cl_read_cb(cl, file); 168 if (cb) { 169 /* read what left */ 170 if (cb->buf_idx > *offset) 171 goto copy_buffer; 172 /* offset is beyond buf_idx we have no more data return 0 */ 173 if (cb->buf_idx > 0 && cb->buf_idx <= *offset) { 174 rets = 0; 175 goto free; 176 } 177 /* Offset needs to be cleaned for contiguous reads*/ 178 if (cb->buf_idx == 0 && *offset > 0) 179 *offset = 0; 180 } else if (*offset > 0) { 181 *offset = 0; 182 } 183 184 err = mei_cl_read_start(cl, length, file); 185 if (err && err != -EBUSY) { 186 cl_dbg(dev, cl, "mei start read failure status = %d\n", err); 187 rets = err; 188 goto out; 189 } 190 191 if (list_empty(&cl->rd_completed) && !waitqueue_active(&cl->rx_wait)) { 192 if (file->f_flags & O_NONBLOCK) { 193 rets = -EAGAIN; 194 goto out; 195 } 196 197 mutex_unlock(&dev->device_lock); 198 199 if (wait_event_interruptible(cl->rx_wait, 200 (!list_empty(&cl->rd_completed)) || 201 (!mei_cl_is_connected(cl)))) { 202 203 if (signal_pending(current)) 204 return -EINTR; 205 return -ERESTARTSYS; 206 } 207 208 mutex_lock(&dev->device_lock); 209 if (!mei_cl_is_connected(cl)) { 210 rets = -EBUSY; 211 goto out; 212 } 213 } 214 215 cb = mei_cl_read_cb(cl, file); 216 if (!cb) { 217 if (mei_cl_is_fixed_address(cl) && dev->allow_fixed_address) { 218 cb = mei_cl_read_cb(cl, NULL); 219 if (cb) 220 goto copy_buffer; 221 } 222 rets = 0; 223 goto out; 224 } 225 226 copy_buffer: 227 /* now copy the data to user space */ 228 if (cb->status) { 229 rets = cb->status; 230 cl_dbg(dev, cl, "read operation failed %d\n", rets); 231 goto free; 232 } 233 234 cl_dbg(dev, cl, "buf.size = %d buf.idx = %ld\n", 235 cb->buf.size, cb->buf_idx); 236 if (length == 0 || ubuf == NULL || *offset > cb->buf_idx) { 237 rets = -EMSGSIZE; 238 goto free; 239 } 240 241 /* length is being truncated to PAGE_SIZE, 242 * however buf_idx may point beyond that */ 243 length = min_t(size_t, length, cb->buf_idx - *offset); 244 245 if (copy_to_user(ubuf, cb->buf.data + *offset, length)) { 246 dev_dbg(dev->dev, "failed to copy data to userland\n"); 247 rets = -EFAULT; 248 goto free; 249 } 250 251 rets = length; 252 *offset += length; 253 if ((unsigned long)*offset < cb->buf_idx) 254 goto out; 255 256 free: 257 mei_io_cb_free(cb); 258 259 out: 260 cl_dbg(dev, cl, "end mei read rets = %d\n", rets); 261 mutex_unlock(&dev->device_lock); 262 return rets; 263 } 264 /** 265 * mei_write - the write function. 266 * 267 * @file: pointer to file structure 268 * @ubuf: pointer to user buffer 269 * @length: buffer length 270 * @offset: data offset in buffer 271 * 272 * Return: >=0 data length on success , <0 on error 273 */ 274 static ssize_t mei_write(struct file *file, const char __user *ubuf, 275 size_t length, loff_t *offset) 276 { 277 struct mei_cl *cl = file->private_data; 278 struct mei_cl_cb *write_cb = NULL; 279 struct mei_device *dev; 280 unsigned long timeout = 0; 281 int rets; 282 283 if (WARN_ON(!cl || !cl->dev)) 284 return -ENODEV; 285 286 dev = cl->dev; 287 288 mutex_lock(&dev->device_lock); 289 290 if (dev->dev_state != MEI_DEV_ENABLED) { 291 rets = -ENODEV; 292 goto out; 293 } 294 295 if (!mei_cl_is_connected(cl)) { 296 cl_err(dev, cl, "is not connected"); 297 rets = -ENODEV; 298 goto out; 299 } 300 301 if (!mei_me_cl_is_active(cl->me_cl)) { 302 rets = -ENOTTY; 303 goto out; 304 } 305 306 if (length > mei_cl_mtu(cl)) { 307 rets = -EFBIG; 308 goto out; 309 } 310 311 if (length == 0) { 312 rets = 0; 313 goto out; 314 } 315 316 if (cl == &dev->iamthif_cl) { 317 write_cb = mei_amthif_find_read_list_entry(dev, file); 318 319 if (write_cb) { 320 timeout = write_cb->read_time + 321 mei_secs_to_jiffies(MEI_IAMTHIF_READ_TIMER); 322 323 if (time_after(jiffies, timeout)) { 324 *offset = 0; 325 mei_io_cb_free(write_cb); 326 write_cb = NULL; 327 } 328 } 329 } 330 331 *offset = 0; 332 write_cb = mei_cl_alloc_cb(cl, length, MEI_FOP_WRITE, file); 333 if (!write_cb) { 334 rets = -ENOMEM; 335 goto out; 336 } 337 338 rets = copy_from_user(write_cb->buf.data, ubuf, length); 339 if (rets) { 340 dev_dbg(dev->dev, "failed to copy data from userland\n"); 341 rets = -EFAULT; 342 goto out; 343 } 344 345 if (cl == &dev->iamthif_cl) { 346 rets = mei_amthif_write(cl, write_cb); 347 348 if (rets) { 349 dev_err(dev->dev, 350 "amthif write failed with status = %d\n", rets); 351 goto out; 352 } 353 mutex_unlock(&dev->device_lock); 354 return length; 355 } 356 357 rets = mei_cl_write(cl, write_cb, false); 358 out: 359 mutex_unlock(&dev->device_lock); 360 if (rets < 0) 361 mei_io_cb_free(write_cb); 362 return rets; 363 } 364 365 /** 366 * mei_ioctl_connect_client - the connect to fw client IOCTL function 367 * 368 * @file: private data of the file object 369 * @data: IOCTL connect data, input and output parameters 370 * 371 * Locking: called under "dev->device_lock" lock 372 * 373 * Return: 0 on success, <0 on failure. 374 */ 375 static int mei_ioctl_connect_client(struct file *file, 376 struct mei_connect_client_data *data) 377 { 378 struct mei_device *dev; 379 struct mei_client *client; 380 struct mei_me_client *me_cl; 381 struct mei_cl *cl; 382 int rets; 383 384 cl = file->private_data; 385 dev = cl->dev; 386 387 if (dev->dev_state != MEI_DEV_ENABLED) 388 return -ENODEV; 389 390 if (cl->state != MEI_FILE_INITIALIZING && 391 cl->state != MEI_FILE_DISCONNECTED) 392 return -EBUSY; 393 394 /* find ME client we're trying to connect to */ 395 me_cl = mei_me_cl_by_uuid(dev, &data->in_client_uuid); 396 if (!me_cl || 397 (me_cl->props.fixed_address && !dev->allow_fixed_address)) { 398 dev_dbg(dev->dev, "Cannot connect to FW Client UUID = %pUl\n", 399 &data->in_client_uuid); 400 mei_me_cl_put(me_cl); 401 return -ENOTTY; 402 } 403 404 dev_dbg(dev->dev, "Connect to FW Client ID = %d\n", 405 me_cl->client_id); 406 dev_dbg(dev->dev, "FW Client - Protocol Version = %d\n", 407 me_cl->props.protocol_version); 408 dev_dbg(dev->dev, "FW Client - Max Msg Len = %d\n", 409 me_cl->props.max_msg_length); 410 411 /* if we're connecting to amthif client then we will use the 412 * existing connection 413 */ 414 if (uuid_le_cmp(data->in_client_uuid, mei_amthif_guid) == 0) { 415 dev_dbg(dev->dev, "FW Client is amthi\n"); 416 if (!mei_cl_is_connected(&dev->iamthif_cl)) { 417 rets = -ENODEV; 418 goto end; 419 } 420 mei_cl_unlink(cl); 421 422 kfree(cl); 423 cl = NULL; 424 dev->iamthif_open_count++; 425 file->private_data = &dev->iamthif_cl; 426 427 client = &data->out_client_properties; 428 client->max_msg_length = me_cl->props.max_msg_length; 429 client->protocol_version = me_cl->props.protocol_version; 430 rets = dev->iamthif_cl.status; 431 432 goto end; 433 } 434 435 /* prepare the output buffer */ 436 client = &data->out_client_properties; 437 client->max_msg_length = me_cl->props.max_msg_length; 438 client->protocol_version = me_cl->props.protocol_version; 439 dev_dbg(dev->dev, "Can connect?\n"); 440 441 rets = mei_cl_connect(cl, me_cl, file); 442 443 end: 444 mei_me_cl_put(me_cl); 445 return rets; 446 } 447 448 /** 449 * mei_ioctl - the IOCTL function 450 * 451 * @file: pointer to file structure 452 * @cmd: ioctl command 453 * @data: pointer to mei message structure 454 * 455 * Return: 0 on success , <0 on error 456 */ 457 static long mei_ioctl(struct file *file, unsigned int cmd, unsigned long data) 458 { 459 struct mei_device *dev; 460 struct mei_cl *cl = file->private_data; 461 struct mei_connect_client_data connect_data; 462 int rets; 463 464 465 if (WARN_ON(!cl || !cl->dev)) 466 return -ENODEV; 467 468 dev = cl->dev; 469 470 dev_dbg(dev->dev, "IOCTL cmd = 0x%x", cmd); 471 472 mutex_lock(&dev->device_lock); 473 if (dev->dev_state != MEI_DEV_ENABLED) { 474 rets = -ENODEV; 475 goto out; 476 } 477 478 switch (cmd) { 479 case IOCTL_MEI_CONNECT_CLIENT: 480 dev_dbg(dev->dev, ": IOCTL_MEI_CONNECT_CLIENT.\n"); 481 if (copy_from_user(&connect_data, (char __user *)data, 482 sizeof(struct mei_connect_client_data))) { 483 dev_dbg(dev->dev, "failed to copy data from userland\n"); 484 rets = -EFAULT; 485 goto out; 486 } 487 488 rets = mei_ioctl_connect_client(file, &connect_data); 489 if (rets) 490 goto out; 491 492 /* if all is ok, copying the data back to user. */ 493 if (copy_to_user((char __user *)data, &connect_data, 494 sizeof(struct mei_connect_client_data))) { 495 dev_dbg(dev->dev, "failed to copy data to userland\n"); 496 rets = -EFAULT; 497 goto out; 498 } 499 500 break; 501 502 default: 503 dev_err(dev->dev, ": unsupported ioctl %d.\n", cmd); 504 rets = -ENOIOCTLCMD; 505 } 506 507 out: 508 mutex_unlock(&dev->device_lock); 509 return rets; 510 } 511 512 /** 513 * mei_compat_ioctl - the compat IOCTL function 514 * 515 * @file: pointer to file structure 516 * @cmd: ioctl command 517 * @data: pointer to mei message structure 518 * 519 * Return: 0 on success , <0 on error 520 */ 521 #ifdef CONFIG_COMPAT 522 static long mei_compat_ioctl(struct file *file, 523 unsigned int cmd, unsigned long data) 524 { 525 return mei_ioctl(file, cmd, (unsigned long)compat_ptr(data)); 526 } 527 #endif 528 529 530 /** 531 * mei_poll - the poll function 532 * 533 * @file: pointer to file structure 534 * @wait: pointer to poll_table structure 535 * 536 * Return: poll mask 537 */ 538 static unsigned int mei_poll(struct file *file, poll_table *wait) 539 { 540 unsigned long req_events = poll_requested_events(wait); 541 struct mei_cl *cl = file->private_data; 542 struct mei_device *dev; 543 unsigned int mask = 0; 544 545 if (WARN_ON(!cl || !cl->dev)) 546 return POLLERR; 547 548 dev = cl->dev; 549 550 mutex_lock(&dev->device_lock); 551 552 553 if (dev->dev_state != MEI_DEV_ENABLED || 554 !mei_cl_is_connected(cl)) { 555 mask = POLLERR; 556 goto out; 557 } 558 559 if (cl == &dev->iamthif_cl) { 560 mask = mei_amthif_poll(dev, file, wait); 561 goto out; 562 } 563 564 if (req_events & (POLLIN | POLLRDNORM)) { 565 poll_wait(file, &cl->rx_wait, wait); 566 567 if (!list_empty(&cl->rd_completed)) 568 mask |= POLLIN | POLLRDNORM; 569 else 570 mei_cl_read_start(cl, 0, file); 571 } 572 573 out: 574 mutex_unlock(&dev->device_lock); 575 return mask; 576 } 577 578 /** 579 * fw_status_show - mei device attribute show method 580 * 581 * @device: device pointer 582 * @attr: attribute pointer 583 * @buf: char out buffer 584 * 585 * Return: number of the bytes printed into buf or error 586 */ 587 static ssize_t fw_status_show(struct device *device, 588 struct device_attribute *attr, char *buf) 589 { 590 struct mei_device *dev = dev_get_drvdata(device); 591 struct mei_fw_status fw_status; 592 int err, i; 593 ssize_t cnt = 0; 594 595 mutex_lock(&dev->device_lock); 596 err = mei_fw_status(dev, &fw_status); 597 mutex_unlock(&dev->device_lock); 598 if (err) { 599 dev_err(device, "read fw_status error = %d\n", err); 600 return err; 601 } 602 603 for (i = 0; i < fw_status.count; i++) 604 cnt += scnprintf(buf + cnt, PAGE_SIZE - cnt, "%08X\n", 605 fw_status.status[i]); 606 return cnt; 607 } 608 static DEVICE_ATTR_RO(fw_status); 609 610 static struct attribute *mei_attrs[] = { 611 &dev_attr_fw_status.attr, 612 NULL 613 }; 614 ATTRIBUTE_GROUPS(mei); 615 616 /* 617 * file operations structure will be used for mei char device. 618 */ 619 static const struct file_operations mei_fops = { 620 .owner = THIS_MODULE, 621 .read = mei_read, 622 .unlocked_ioctl = mei_ioctl, 623 #ifdef CONFIG_COMPAT 624 .compat_ioctl = mei_compat_ioctl, 625 #endif 626 .open = mei_open, 627 .release = mei_release, 628 .write = mei_write, 629 .poll = mei_poll, 630 .llseek = no_llseek 631 }; 632 633 static struct class *mei_class; 634 static dev_t mei_devt; 635 #define MEI_MAX_DEVS MINORMASK 636 static DEFINE_MUTEX(mei_minor_lock); 637 static DEFINE_IDR(mei_idr); 638 639 /** 640 * mei_minor_get - obtain next free device minor number 641 * 642 * @dev: device pointer 643 * 644 * Return: allocated minor, or -ENOSPC if no free minor left 645 */ 646 static int mei_minor_get(struct mei_device *dev) 647 { 648 int ret; 649 650 mutex_lock(&mei_minor_lock); 651 ret = idr_alloc(&mei_idr, dev, 0, MEI_MAX_DEVS, GFP_KERNEL); 652 if (ret >= 0) 653 dev->minor = ret; 654 else if (ret == -ENOSPC) 655 dev_err(dev->dev, "too many mei devices\n"); 656 657 mutex_unlock(&mei_minor_lock); 658 return ret; 659 } 660 661 /** 662 * mei_minor_free - mark device minor number as free 663 * 664 * @dev: device pointer 665 */ 666 static void mei_minor_free(struct mei_device *dev) 667 { 668 mutex_lock(&mei_minor_lock); 669 idr_remove(&mei_idr, dev->minor); 670 mutex_unlock(&mei_minor_lock); 671 } 672 673 int mei_register(struct mei_device *dev, struct device *parent) 674 { 675 struct device *clsdev; /* class device */ 676 int ret, devno; 677 678 ret = mei_minor_get(dev); 679 if (ret < 0) 680 return ret; 681 682 /* Fill in the data structures */ 683 devno = MKDEV(MAJOR(mei_devt), dev->minor); 684 cdev_init(&dev->cdev, &mei_fops); 685 dev->cdev.owner = mei_fops.owner; 686 687 /* Add the device */ 688 ret = cdev_add(&dev->cdev, devno, 1); 689 if (ret) { 690 dev_err(parent, "unable to add device %d:%d\n", 691 MAJOR(mei_devt), dev->minor); 692 goto err_dev_add; 693 } 694 695 clsdev = device_create_with_groups(mei_class, parent, devno, 696 dev, mei_groups, 697 "mei%d", dev->minor); 698 699 if (IS_ERR(clsdev)) { 700 dev_err(parent, "unable to create device %d:%d\n", 701 MAJOR(mei_devt), dev->minor); 702 ret = PTR_ERR(clsdev); 703 goto err_dev_create; 704 } 705 706 ret = mei_dbgfs_register(dev, dev_name(clsdev)); 707 if (ret) { 708 dev_err(clsdev, "cannot register debugfs ret = %d\n", ret); 709 goto err_dev_dbgfs; 710 } 711 712 return 0; 713 714 err_dev_dbgfs: 715 device_destroy(mei_class, devno); 716 err_dev_create: 717 cdev_del(&dev->cdev); 718 err_dev_add: 719 mei_minor_free(dev); 720 return ret; 721 } 722 EXPORT_SYMBOL_GPL(mei_register); 723 724 void mei_deregister(struct mei_device *dev) 725 { 726 int devno; 727 728 devno = dev->cdev.dev; 729 cdev_del(&dev->cdev); 730 731 mei_dbgfs_deregister(dev); 732 733 device_destroy(mei_class, devno); 734 735 mei_minor_free(dev); 736 } 737 EXPORT_SYMBOL_GPL(mei_deregister); 738 739 static int __init mei_init(void) 740 { 741 int ret; 742 743 mei_class = class_create(THIS_MODULE, "mei"); 744 if (IS_ERR(mei_class)) { 745 pr_err("couldn't create class\n"); 746 ret = PTR_ERR(mei_class); 747 goto err; 748 } 749 750 ret = alloc_chrdev_region(&mei_devt, 0, MEI_MAX_DEVS, "mei"); 751 if (ret < 0) { 752 pr_err("unable to allocate char dev region\n"); 753 goto err_class; 754 } 755 756 ret = mei_cl_bus_init(); 757 if (ret < 0) { 758 pr_err("unable to initialize bus\n"); 759 goto err_chrdev; 760 } 761 762 return 0; 763 764 err_chrdev: 765 unregister_chrdev_region(mei_devt, MEI_MAX_DEVS); 766 err_class: 767 class_destroy(mei_class); 768 err: 769 return ret; 770 } 771 772 static void __exit mei_exit(void) 773 { 774 unregister_chrdev_region(mei_devt, MEI_MAX_DEVS); 775 class_destroy(mei_class); 776 mei_cl_bus_exit(); 777 } 778 779 module_init(mei_init); 780 module_exit(mei_exit); 781 782 MODULE_AUTHOR("Intel Corporation"); 783 MODULE_DESCRIPTION("Intel(R) Management Engine Interface"); 784 MODULE_LICENSE("GPL v2"); 785 786