1 /* 2 * 3 * Intel Management Engine Interface (Intel MEI) Linux driver 4 * Copyright (c) 2003-2012, Intel Corporation. 5 * 6 * This program is free software; you can redistribute it and/or modify it 7 * under the terms and conditions of the GNU General Public License, 8 * version 2, as published by the Free Software Foundation. 9 * 10 * This program is distributed in the hope it will be useful, but WITHOUT 11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for 13 * more details. 14 * 15 */ 16 17 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 18 19 #include <linux/module.h> 20 #include <linux/moduleparam.h> 21 #include <linux/kernel.h> 22 #include <linux/device.h> 23 #include <linux/fs.h> 24 #include <linux/errno.h> 25 #include <linux/types.h> 26 #include <linux/fcntl.h> 27 #include <linux/aio.h> 28 #include <linux/pci.h> 29 #include <linux/poll.h> 30 #include <linux/init.h> 31 #include <linux/ioctl.h> 32 #include <linux/cdev.h> 33 #include <linux/sched.h> 34 #include <linux/uuid.h> 35 #include <linux/compat.h> 36 #include <linux/jiffies.h> 37 #include <linux/interrupt.h> 38 #include <linux/miscdevice.h> 39 40 #include <linux/mei.h> 41 42 #include "mei_dev.h" 43 #include "hw-me.h" 44 #include "client.h" 45 46 /** 47 * mei_open - the open function 48 * 49 * @inode: pointer to inode structure 50 * @file: pointer to file structure 51 e 52 * returns 0 on success, <0 on error 53 */ 54 static int mei_open(struct inode *inode, struct file *file) 55 { 56 struct miscdevice *misc = file->private_data; 57 struct pci_dev *pdev; 58 struct mei_cl *cl; 59 struct mei_device *dev; 60 61 int err; 62 63 err = -ENODEV; 64 if (!misc->parent) 65 goto out; 66 67 pdev = container_of(misc->parent, struct pci_dev, dev); 68 69 dev = pci_get_drvdata(pdev); 70 if (!dev) 71 goto out; 72 73 mutex_lock(&dev->device_lock); 74 err = -ENOMEM; 75 cl = mei_cl_allocate(dev); 76 if (!cl) 77 goto out_unlock; 78 79 err = -ENODEV; 80 if (dev->dev_state != MEI_DEV_ENABLED) { 81 dev_dbg(&dev->pdev->dev, "dev_state != MEI_ENABLED dev_state = %s\n", 82 mei_dev_state_str(dev->dev_state)); 83 goto out_unlock; 84 } 85 err = -EMFILE; 86 if (dev->open_handle_count >= MEI_MAX_OPEN_HANDLE_COUNT) { 87 dev_err(&dev->pdev->dev, "open_handle_count exceded %d", 88 MEI_MAX_OPEN_HANDLE_COUNT); 89 goto out_unlock; 90 } 91 92 err = mei_cl_link(cl, MEI_HOST_CLIENT_ID_ANY); 93 if (err) 94 goto out_unlock; 95 96 file->private_data = cl; 97 mutex_unlock(&dev->device_lock); 98 99 return nonseekable_open(inode, file); 100 101 out_unlock: 102 mutex_unlock(&dev->device_lock); 103 kfree(cl); 104 out: 105 return err; 106 } 107 108 /** 109 * mei_release - the release function 110 * 111 * @inode: pointer to inode structure 112 * @file: pointer to file structure 113 * 114 * returns 0 on success, <0 on error 115 */ 116 static int mei_release(struct inode *inode, struct file *file) 117 { 118 struct mei_cl *cl = file->private_data; 119 struct mei_cl_cb *cb; 120 struct mei_device *dev; 121 int rets = 0; 122 123 if (WARN_ON(!cl || !cl->dev)) 124 return -ENODEV; 125 126 dev = cl->dev; 127 128 mutex_lock(&dev->device_lock); 129 if (cl == &dev->iamthif_cl) { 130 rets = mei_amthif_release(dev, file); 131 goto out; 132 } 133 if (cl->state == MEI_FILE_CONNECTED) { 134 cl->state = MEI_FILE_DISCONNECTING; 135 dev_dbg(&dev->pdev->dev, 136 "disconnecting client host client = %d, " 137 "ME client = %d\n", 138 cl->host_client_id, 139 cl->me_client_id); 140 rets = mei_cl_disconnect(cl); 141 } 142 mei_cl_flush_queues(cl); 143 dev_dbg(&dev->pdev->dev, "remove client host client = %d, ME client = %d\n", 144 cl->host_client_id, 145 cl->me_client_id); 146 147 if (dev->open_handle_count > 0) { 148 clear_bit(cl->host_client_id, dev->host_clients_map); 149 dev->open_handle_count--; 150 } 151 mei_cl_unlink(cl); 152 153 154 /* free read cb */ 155 cb = NULL; 156 if (cl->read_cb) { 157 cb = mei_cl_find_read_cb(cl); 158 /* Remove entry from read list */ 159 if (cb) 160 list_del(&cb->list); 161 162 cb = cl->read_cb; 163 cl->read_cb = NULL; 164 } 165 166 file->private_data = NULL; 167 168 mei_io_cb_free(cb); 169 170 kfree(cl); 171 out: 172 mutex_unlock(&dev->device_lock); 173 return rets; 174 } 175 176 177 /** 178 * mei_read - the read function. 179 * 180 * @file: pointer to file structure 181 * @ubuf: pointer to user buffer 182 * @length: buffer length 183 * @offset: data offset in buffer 184 * 185 * returns >=0 data length on success , <0 on error 186 */ 187 static ssize_t mei_read(struct file *file, char __user *ubuf, 188 size_t length, loff_t *offset) 189 { 190 struct mei_cl *cl = file->private_data; 191 struct mei_cl_cb *cb_pos = NULL; 192 struct mei_cl_cb *cb = NULL; 193 struct mei_device *dev; 194 int rets; 195 int err; 196 197 198 if (WARN_ON(!cl || !cl->dev)) 199 return -ENODEV; 200 201 dev = cl->dev; 202 203 204 mutex_lock(&dev->device_lock); 205 if (dev->dev_state != MEI_DEV_ENABLED) { 206 rets = -ENODEV; 207 goto out; 208 } 209 210 if (length == 0) { 211 rets = 0; 212 goto out; 213 } 214 215 if (cl == &dev->iamthif_cl) { 216 rets = mei_amthif_read(dev, file, ubuf, length, offset); 217 goto out; 218 } 219 220 if (cl->read_cb) { 221 cb = cl->read_cb; 222 /* read what left */ 223 if (cb->buf_idx > *offset) 224 goto copy_buffer; 225 /* offset is beyond buf_idx we have no more data return 0 */ 226 if (cb->buf_idx > 0 && cb->buf_idx <= *offset) { 227 rets = 0; 228 goto free; 229 } 230 /* Offset needs to be cleaned for contiguous reads*/ 231 if (cb->buf_idx == 0 && *offset > 0) 232 *offset = 0; 233 } else if (*offset > 0) { 234 *offset = 0; 235 } 236 237 err = mei_cl_read_start(cl, length); 238 if (err && err != -EBUSY) { 239 dev_dbg(&dev->pdev->dev, 240 "mei start read failure with status = %d\n", err); 241 rets = err; 242 goto out; 243 } 244 245 if (MEI_READ_COMPLETE != cl->reading_state && 246 !waitqueue_active(&cl->rx_wait)) { 247 if (file->f_flags & O_NONBLOCK) { 248 rets = -EAGAIN; 249 goto out; 250 } 251 252 mutex_unlock(&dev->device_lock); 253 254 if (wait_event_interruptible(cl->rx_wait, 255 (MEI_READ_COMPLETE == cl->reading_state || 256 MEI_FILE_INITIALIZING == cl->state || 257 MEI_FILE_DISCONNECTED == cl->state || 258 MEI_FILE_DISCONNECTING == cl->state))) { 259 if (signal_pending(current)) 260 return -EINTR; 261 return -ERESTARTSYS; 262 } 263 264 mutex_lock(&dev->device_lock); 265 if (MEI_FILE_INITIALIZING == cl->state || 266 MEI_FILE_DISCONNECTED == cl->state || 267 MEI_FILE_DISCONNECTING == cl->state) { 268 rets = -EBUSY; 269 goto out; 270 } 271 } 272 273 cb = cl->read_cb; 274 275 if (!cb) { 276 rets = -ENODEV; 277 goto out; 278 } 279 if (cl->reading_state != MEI_READ_COMPLETE) { 280 rets = 0; 281 goto out; 282 } 283 /* now copy the data to user space */ 284 copy_buffer: 285 dev_dbg(&dev->pdev->dev, "buf.size = %d buf.idx= %ld\n", 286 cb->response_buffer.size, cb->buf_idx); 287 if (length == 0 || ubuf == NULL || *offset > cb->buf_idx) { 288 rets = -EMSGSIZE; 289 goto free; 290 } 291 292 /* length is being truncated to PAGE_SIZE, 293 * however buf_idx may point beyond that */ 294 length = min_t(size_t, length, cb->buf_idx - *offset); 295 296 if (copy_to_user(ubuf, cb->response_buffer.data + *offset, length)) { 297 rets = -EFAULT; 298 goto free; 299 } 300 301 rets = length; 302 *offset += length; 303 if ((unsigned long)*offset < cb->buf_idx) 304 goto out; 305 306 free: 307 cb_pos = mei_cl_find_read_cb(cl); 308 /* Remove entry from read list */ 309 if (cb_pos) 310 list_del(&cb_pos->list); 311 mei_io_cb_free(cb); 312 cl->reading_state = MEI_IDLE; 313 cl->read_cb = NULL; 314 out: 315 dev_dbg(&dev->pdev->dev, "end mei read rets= %d\n", rets); 316 mutex_unlock(&dev->device_lock); 317 return rets; 318 } 319 /** 320 * mei_write - the write function. 321 * 322 * @file: pointer to file structure 323 * @ubuf: pointer to user buffer 324 * @length: buffer length 325 * @offset: data offset in buffer 326 * 327 * returns >=0 data length on success , <0 on error 328 */ 329 static ssize_t mei_write(struct file *file, const char __user *ubuf, 330 size_t length, loff_t *offset) 331 { 332 struct mei_cl *cl = file->private_data; 333 struct mei_cl_cb *write_cb = NULL; 334 struct mei_device *dev; 335 unsigned long timeout = 0; 336 int rets; 337 int id; 338 339 if (WARN_ON(!cl || !cl->dev)) 340 return -ENODEV; 341 342 dev = cl->dev; 343 344 mutex_lock(&dev->device_lock); 345 346 if (dev->dev_state != MEI_DEV_ENABLED) { 347 rets = -ENODEV; 348 goto out; 349 } 350 351 id = mei_me_cl_by_id(dev, cl->me_client_id); 352 if (id < 0) { 353 rets = -ENODEV; 354 goto out; 355 } 356 357 if (length == 0) { 358 rets = 0; 359 goto out; 360 } 361 362 if (length > dev->me_clients[id].props.max_msg_length) { 363 rets = -EFBIG; 364 goto out; 365 } 366 367 if (cl->state != MEI_FILE_CONNECTED) { 368 dev_err(&dev->pdev->dev, "host client = %d, is not connected to ME client = %d", 369 cl->host_client_id, cl->me_client_id); 370 rets = -ENODEV; 371 goto out; 372 } 373 if (cl == &dev->iamthif_cl) { 374 write_cb = mei_amthif_find_read_list_entry(dev, file); 375 376 if (write_cb) { 377 timeout = write_cb->read_time + 378 mei_secs_to_jiffies(MEI_IAMTHIF_READ_TIMER); 379 380 if (time_after(jiffies, timeout) || 381 cl->reading_state == MEI_READ_COMPLETE) { 382 *offset = 0; 383 list_del(&write_cb->list); 384 mei_io_cb_free(write_cb); 385 write_cb = NULL; 386 } 387 } 388 } 389 390 /* free entry used in read */ 391 if (cl->reading_state == MEI_READ_COMPLETE) { 392 *offset = 0; 393 write_cb = mei_cl_find_read_cb(cl); 394 if (write_cb) { 395 list_del(&write_cb->list); 396 mei_io_cb_free(write_cb); 397 write_cb = NULL; 398 cl->reading_state = MEI_IDLE; 399 cl->read_cb = NULL; 400 } 401 } else if (cl->reading_state == MEI_IDLE) 402 *offset = 0; 403 404 405 write_cb = mei_io_cb_init(cl, file); 406 if (!write_cb) { 407 dev_err(&dev->pdev->dev, "write cb allocation failed\n"); 408 rets = -ENOMEM; 409 goto out; 410 } 411 rets = mei_io_cb_alloc_req_buf(write_cb, length); 412 if (rets) 413 goto out; 414 415 rets = copy_from_user(write_cb->request_buffer.data, ubuf, length); 416 if (rets) { 417 dev_err(&dev->pdev->dev, "failed to copy data from userland\n"); 418 rets = -EFAULT; 419 goto out; 420 } 421 422 if (cl == &dev->iamthif_cl) { 423 rets = mei_amthif_write(dev, write_cb); 424 425 if (rets) { 426 dev_err(&dev->pdev->dev, 427 "amthif write failed with status = %d\n", rets); 428 goto out; 429 } 430 mutex_unlock(&dev->device_lock); 431 return length; 432 } 433 434 rets = mei_cl_write(cl, write_cb, false); 435 out: 436 mutex_unlock(&dev->device_lock); 437 if (rets < 0) 438 mei_io_cb_free(write_cb); 439 return rets; 440 } 441 442 /** 443 * mei_ioctl_connect_client - the connect to fw client IOCTL function 444 * 445 * @dev: the device structure 446 * @data: IOCTL connect data, input and output parameters 447 * @file: private data of the file object 448 * 449 * Locking: called under "dev->device_lock" lock 450 * 451 * returns 0 on success, <0 on failure. 452 */ 453 static int mei_ioctl_connect_client(struct file *file, 454 struct mei_connect_client_data *data) 455 { 456 struct mei_device *dev; 457 struct mei_client *client; 458 struct mei_cl *cl; 459 int i; 460 int rets; 461 462 cl = file->private_data; 463 if (WARN_ON(!cl || !cl->dev)) 464 return -ENODEV; 465 466 dev = cl->dev; 467 468 if (dev->dev_state != MEI_DEV_ENABLED) { 469 rets = -ENODEV; 470 goto end; 471 } 472 473 if (cl->state != MEI_FILE_INITIALIZING && 474 cl->state != MEI_FILE_DISCONNECTED) { 475 rets = -EBUSY; 476 goto end; 477 } 478 479 /* find ME client we're trying to connect to */ 480 i = mei_me_cl_by_uuid(dev, &data->in_client_uuid); 481 if (i < 0 || dev->me_clients[i].props.fixed_address) { 482 dev_dbg(&dev->pdev->dev, "Cannot connect to FW Client UUID = %pUl\n", 483 &data->in_client_uuid); 484 rets = -ENODEV; 485 goto end; 486 } 487 488 cl->me_client_id = dev->me_clients[i].client_id; 489 cl->state = MEI_FILE_CONNECTING; 490 491 dev_dbg(&dev->pdev->dev, "Connect to FW Client ID = %d\n", 492 cl->me_client_id); 493 dev_dbg(&dev->pdev->dev, "FW Client - Protocol Version = %d\n", 494 dev->me_clients[i].props.protocol_version); 495 dev_dbg(&dev->pdev->dev, "FW Client - Max Msg Len = %d\n", 496 dev->me_clients[i].props.max_msg_length); 497 498 /* if we're connecting to amthif client then we will use the 499 * existing connection 500 */ 501 if (uuid_le_cmp(data->in_client_uuid, mei_amthif_guid) == 0) { 502 dev_dbg(&dev->pdev->dev, "FW Client is amthi\n"); 503 if (dev->iamthif_cl.state != MEI_FILE_CONNECTED) { 504 rets = -ENODEV; 505 goto end; 506 } 507 clear_bit(cl->host_client_id, dev->host_clients_map); 508 mei_cl_unlink(cl); 509 510 kfree(cl); 511 cl = NULL; 512 file->private_data = &dev->iamthif_cl; 513 514 client = &data->out_client_properties; 515 client->max_msg_length = 516 dev->me_clients[i].props.max_msg_length; 517 client->protocol_version = 518 dev->me_clients[i].props.protocol_version; 519 rets = dev->iamthif_cl.status; 520 521 goto end; 522 } 523 524 525 /* prepare the output buffer */ 526 client = &data->out_client_properties; 527 client->max_msg_length = dev->me_clients[i].props.max_msg_length; 528 client->protocol_version = dev->me_clients[i].props.protocol_version; 529 dev_dbg(&dev->pdev->dev, "Can connect?\n"); 530 531 532 rets = mei_cl_connect(cl, file); 533 534 end: 535 return rets; 536 } 537 538 539 /** 540 * mei_ioctl - the IOCTL function 541 * 542 * @file: pointer to file structure 543 * @cmd: ioctl command 544 * @data: pointer to mei message structure 545 * 546 * returns 0 on success , <0 on error 547 */ 548 static long mei_ioctl(struct file *file, unsigned int cmd, unsigned long data) 549 { 550 struct mei_device *dev; 551 struct mei_cl *cl = file->private_data; 552 struct mei_connect_client_data *connect_data = NULL; 553 int rets; 554 555 if (cmd != IOCTL_MEI_CONNECT_CLIENT) 556 return -EINVAL; 557 558 if (WARN_ON(!cl || !cl->dev)) 559 return -ENODEV; 560 561 dev = cl->dev; 562 563 dev_dbg(&dev->pdev->dev, "IOCTL cmd = 0x%x", cmd); 564 565 mutex_lock(&dev->device_lock); 566 if (dev->dev_state != MEI_DEV_ENABLED) { 567 rets = -ENODEV; 568 goto out; 569 } 570 571 dev_dbg(&dev->pdev->dev, ": IOCTL_MEI_CONNECT_CLIENT.\n"); 572 573 connect_data = kzalloc(sizeof(struct mei_connect_client_data), 574 GFP_KERNEL); 575 if (!connect_data) { 576 rets = -ENOMEM; 577 goto out; 578 } 579 dev_dbg(&dev->pdev->dev, "copy connect data from user\n"); 580 if (copy_from_user(connect_data, (char __user *)data, 581 sizeof(struct mei_connect_client_data))) { 582 dev_err(&dev->pdev->dev, "failed to copy data from userland\n"); 583 rets = -EFAULT; 584 goto out; 585 } 586 587 rets = mei_ioctl_connect_client(file, connect_data); 588 589 /* if all is ok, copying the data back to user. */ 590 if (rets) 591 goto out; 592 593 dev_dbg(&dev->pdev->dev, "copy connect data to user\n"); 594 if (copy_to_user((char __user *)data, connect_data, 595 sizeof(struct mei_connect_client_data))) { 596 dev_dbg(&dev->pdev->dev, "failed to copy data to userland\n"); 597 rets = -EFAULT; 598 goto out; 599 } 600 601 out: 602 kfree(connect_data); 603 mutex_unlock(&dev->device_lock); 604 return rets; 605 } 606 607 /** 608 * mei_compat_ioctl - the compat IOCTL function 609 * 610 * @file: pointer to file structure 611 * @cmd: ioctl command 612 * @data: pointer to mei message structure 613 * 614 * returns 0 on success , <0 on error 615 */ 616 #ifdef CONFIG_COMPAT 617 static long mei_compat_ioctl(struct file *file, 618 unsigned int cmd, unsigned long data) 619 { 620 return mei_ioctl(file, cmd, (unsigned long)compat_ptr(data)); 621 } 622 #endif 623 624 625 /** 626 * mei_poll - the poll function 627 * 628 * @file: pointer to file structure 629 * @wait: pointer to poll_table structure 630 * 631 * returns poll mask 632 */ 633 static unsigned int mei_poll(struct file *file, poll_table *wait) 634 { 635 struct mei_cl *cl = file->private_data; 636 struct mei_device *dev; 637 unsigned int mask = 0; 638 639 if (WARN_ON(!cl || !cl->dev)) 640 return POLLERR; 641 642 dev = cl->dev; 643 644 mutex_lock(&dev->device_lock); 645 646 if (!mei_cl_is_connected(cl)) { 647 mask = POLLERR; 648 goto out; 649 } 650 651 mutex_unlock(&dev->device_lock); 652 653 654 if (cl == &dev->iamthif_cl) 655 return mei_amthif_poll(dev, file, wait); 656 657 poll_wait(file, &cl->tx_wait, wait); 658 659 mutex_lock(&dev->device_lock); 660 661 if (!mei_cl_is_connected(cl)) { 662 mask = POLLERR; 663 goto out; 664 } 665 666 if (MEI_WRITE_COMPLETE == cl->writing_state) 667 mask |= (POLLIN | POLLRDNORM); 668 669 out: 670 mutex_unlock(&dev->device_lock); 671 return mask; 672 } 673 674 /* 675 * file operations structure will be used for mei char device. 676 */ 677 static const struct file_operations mei_fops = { 678 .owner = THIS_MODULE, 679 .read = mei_read, 680 .unlocked_ioctl = mei_ioctl, 681 #ifdef CONFIG_COMPAT 682 .compat_ioctl = mei_compat_ioctl, 683 #endif 684 .open = mei_open, 685 .release = mei_release, 686 .write = mei_write, 687 .poll = mei_poll, 688 .llseek = no_llseek 689 }; 690 691 /* 692 * Misc Device Struct 693 */ 694 static struct miscdevice mei_misc_device = { 695 .name = "mei", 696 .fops = &mei_fops, 697 .minor = MISC_DYNAMIC_MINOR, 698 }; 699 700 701 int mei_register(struct mei_device *dev) 702 { 703 int ret; 704 mei_misc_device.parent = &dev->pdev->dev; 705 ret = misc_register(&mei_misc_device); 706 if (ret) 707 return ret; 708 709 if (mei_dbgfs_register(dev, mei_misc_device.name)) 710 dev_err(&dev->pdev->dev, "cannot register debugfs\n"); 711 712 return 0; 713 } 714 EXPORT_SYMBOL_GPL(mei_register); 715 716 void mei_deregister(struct mei_device *dev) 717 { 718 mei_dbgfs_deregister(dev); 719 misc_deregister(&mei_misc_device); 720 mei_misc_device.parent = NULL; 721 } 722 EXPORT_SYMBOL_GPL(mei_deregister); 723 724 static int __init mei_init(void) 725 { 726 return mei_cl_bus_init(); 727 } 728 729 static void __exit mei_exit(void) 730 { 731 mei_cl_bus_exit(); 732 } 733 734 module_init(mei_init); 735 module_exit(mei_exit); 736 737 MODULE_AUTHOR("Intel Corporation"); 738 MODULE_DESCRIPTION("Intel(R) Management Engine Interface"); 739 MODULE_LICENSE("GPL v2"); 740 741