1 // SPDX-License-Identifier: GPL-2.0
2
3 #include <linux/highmem.h>
4 #include <linux/module.h>
5 #include <linux/security.h>
6 #include <linux/slab.h>
7 #include <linux/types.h>
8
9 #include "sysfs.h"
10
11 /*
12 * sysfs support for firmware loader
13 */
14
__fw_load_abort(struct fw_priv * fw_priv)15 void __fw_load_abort(struct fw_priv *fw_priv)
16 {
17 /*
18 * There is a small window in which user can write to 'loading'
19 * between loading done/aborted and disappearance of 'loading'
20 */
21 if (fw_state_is_aborted(fw_priv) || fw_state_is_done(fw_priv))
22 return;
23
24 fw_state_aborted(fw_priv);
25 }
26
27 #ifdef CONFIG_FW_LOADER_USER_HELPER
timeout_show(struct class * class,struct class_attribute * attr,char * buf)28 static ssize_t timeout_show(struct class *class, struct class_attribute *attr,
29 char *buf)
30 {
31 return sysfs_emit(buf, "%d\n", __firmware_loading_timeout());
32 }
33
34 /**
35 * timeout_store() - set number of seconds to wait for firmware
36 * @class: device class pointer
37 * @attr: device attribute pointer
38 * @buf: buffer to scan for timeout value
39 * @count: number of bytes in @buf
40 *
41 * Sets the number of seconds to wait for the firmware. Once
42 * this expires an error will be returned to the driver and no
43 * firmware will be provided.
44 *
45 * Note: zero means 'wait forever'.
46 **/
timeout_store(struct class * class,struct class_attribute * attr,const char * buf,size_t count)47 static ssize_t timeout_store(struct class *class, struct class_attribute *attr,
48 const char *buf, size_t count)
49 {
50 int tmp_loading_timeout = simple_strtol(buf, NULL, 10);
51
52 if (tmp_loading_timeout < 0)
53 tmp_loading_timeout = 0;
54
55 __fw_fallback_set_timeout(tmp_loading_timeout);
56
57 return count;
58 }
59 static CLASS_ATTR_RW(timeout);
60
61 static struct attribute *firmware_class_attrs[] = {
62 &class_attr_timeout.attr,
63 NULL,
64 };
65 ATTRIBUTE_GROUPS(firmware_class);
66
do_firmware_uevent(struct fw_sysfs * fw_sysfs,struct kobj_uevent_env * env)67 static int do_firmware_uevent(struct fw_sysfs *fw_sysfs, struct kobj_uevent_env *env)
68 {
69 if (add_uevent_var(env, "FIRMWARE=%s", fw_sysfs->fw_priv->fw_name))
70 return -ENOMEM;
71 if (add_uevent_var(env, "TIMEOUT=%i", __firmware_loading_timeout()))
72 return -ENOMEM;
73 if (add_uevent_var(env, "ASYNC=%d", fw_sysfs->nowait))
74 return -ENOMEM;
75
76 return 0;
77 }
78
firmware_uevent(struct device * dev,struct kobj_uevent_env * env)79 static int firmware_uevent(struct device *dev, struct kobj_uevent_env *env)
80 {
81 struct fw_sysfs *fw_sysfs = to_fw_sysfs(dev);
82 int err = 0;
83
84 mutex_lock(&fw_lock);
85 if (fw_sysfs->fw_priv)
86 err = do_firmware_uevent(fw_sysfs, env);
87 mutex_unlock(&fw_lock);
88 return err;
89 }
90 #endif /* CONFIG_FW_LOADER_USER_HELPER */
91
fw_dev_release(struct device * dev)92 static void fw_dev_release(struct device *dev)
93 {
94 struct fw_sysfs *fw_sysfs = to_fw_sysfs(dev);
95
96 if (fw_sysfs->fw_upload_priv)
97 fw_upload_free(fw_sysfs);
98
99 kfree(fw_sysfs);
100 }
101
102 static struct class firmware_class = {
103 .name = "firmware",
104 #ifdef CONFIG_FW_LOADER_USER_HELPER
105 .class_groups = firmware_class_groups,
106 .dev_uevent = firmware_uevent,
107 #endif
108 .dev_release = fw_dev_release,
109 };
110
register_sysfs_loader(void)111 int register_sysfs_loader(void)
112 {
113 int ret = class_register(&firmware_class);
114
115 if (ret != 0)
116 return ret;
117 return register_firmware_config_sysctl();
118 }
119
unregister_sysfs_loader(void)120 void unregister_sysfs_loader(void)
121 {
122 unregister_firmware_config_sysctl();
123 class_unregister(&firmware_class);
124 }
125
firmware_loading_show(struct device * dev,struct device_attribute * attr,char * buf)126 static ssize_t firmware_loading_show(struct device *dev,
127 struct device_attribute *attr, char *buf)
128 {
129 struct fw_sysfs *fw_sysfs = to_fw_sysfs(dev);
130 int loading = 0;
131
132 mutex_lock(&fw_lock);
133 if (fw_sysfs->fw_priv)
134 loading = fw_state_is_loading(fw_sysfs->fw_priv);
135 mutex_unlock(&fw_lock);
136
137 return sysfs_emit(buf, "%d\n", loading);
138 }
139
140 /**
141 * firmware_loading_store() - set value in the 'loading' control file
142 * @dev: device pointer
143 * @attr: device attribute pointer
144 * @buf: buffer to scan for loading control value
145 * @count: number of bytes in @buf
146 *
147 * The relevant values are:
148 *
149 * 1: Start a load, discarding any previous partial load.
150 * 0: Conclude the load and hand the data to the driver code.
151 * -1: Conclude the load with an error and discard any written data.
152 **/
firmware_loading_store(struct device * dev,struct device_attribute * attr,const char * buf,size_t count)153 static ssize_t firmware_loading_store(struct device *dev,
154 struct device_attribute *attr,
155 const char *buf, size_t count)
156 {
157 struct fw_sysfs *fw_sysfs = to_fw_sysfs(dev);
158 struct fw_priv *fw_priv;
159 ssize_t written = count;
160 int loading = simple_strtol(buf, NULL, 10);
161
162 mutex_lock(&fw_lock);
163 fw_priv = fw_sysfs->fw_priv;
164 if (fw_state_is_aborted(fw_priv) || fw_state_is_done(fw_priv))
165 goto out;
166
167 switch (loading) {
168 case 1:
169 /* discarding any previous partial load */
170 fw_free_paged_buf(fw_priv);
171 fw_state_start(fw_priv);
172 break;
173 case 0:
174 if (fw_state_is_loading(fw_priv)) {
175 int rc;
176
177 /*
178 * Several loading requests may be pending on
179 * one same firmware buf, so let all requests
180 * see the mapped 'buf->data' once the loading
181 * is completed.
182 */
183 rc = fw_map_paged_buf(fw_priv);
184 if (rc)
185 dev_err(dev, "%s: map pages failed\n",
186 __func__);
187 else
188 rc = security_kernel_post_load_data(fw_priv->data,
189 fw_priv->size,
190 LOADING_FIRMWARE,
191 "blob");
192
193 /*
194 * Same logic as fw_load_abort, only the DONE bit
195 * is ignored and we set ABORT only on failure.
196 */
197 if (rc) {
198 fw_state_aborted(fw_priv);
199 written = rc;
200 } else {
201 fw_state_done(fw_priv);
202
203 /*
204 * If this is a user-initiated firmware upload
205 * then start the upload in a worker thread now.
206 */
207 rc = fw_upload_start(fw_sysfs);
208 if (rc)
209 written = rc;
210 }
211 break;
212 }
213 fallthrough;
214 default:
215 dev_err(dev, "%s: unexpected value (%d)\n", __func__, loading);
216 fallthrough;
217 case -1:
218 fw_load_abort(fw_sysfs);
219 if (fw_sysfs->fw_upload_priv)
220 fw_state_init(fw_sysfs->fw_priv);
221
222 break;
223 }
224 out:
225 mutex_unlock(&fw_lock);
226 return written;
227 }
228
229 DEVICE_ATTR(loading, 0644, firmware_loading_show, firmware_loading_store);
230
firmware_rw_data(struct fw_priv * fw_priv,char * buffer,loff_t offset,size_t count,bool read)231 static void firmware_rw_data(struct fw_priv *fw_priv, char *buffer,
232 loff_t offset, size_t count, bool read)
233 {
234 if (read)
235 memcpy(buffer, fw_priv->data + offset, count);
236 else
237 memcpy(fw_priv->data + offset, buffer, count);
238 }
239
firmware_rw(struct fw_priv * fw_priv,char * buffer,loff_t offset,size_t count,bool read)240 static void firmware_rw(struct fw_priv *fw_priv, char *buffer,
241 loff_t offset, size_t count, bool read)
242 {
243 while (count) {
244 void *page_data;
245 int page_nr = offset >> PAGE_SHIFT;
246 int page_ofs = offset & (PAGE_SIZE - 1);
247 int page_cnt = min_t(size_t, PAGE_SIZE - page_ofs, count);
248
249 page_data = kmap(fw_priv->pages[page_nr]);
250
251 if (read)
252 memcpy(buffer, page_data + page_ofs, page_cnt);
253 else
254 memcpy(page_data + page_ofs, buffer, page_cnt);
255
256 kunmap(fw_priv->pages[page_nr]);
257 buffer += page_cnt;
258 offset += page_cnt;
259 count -= page_cnt;
260 }
261 }
262
firmware_data_read(struct file * filp,struct kobject * kobj,struct bin_attribute * bin_attr,char * buffer,loff_t offset,size_t count)263 static ssize_t firmware_data_read(struct file *filp, struct kobject *kobj,
264 struct bin_attribute *bin_attr,
265 char *buffer, loff_t offset, size_t count)
266 {
267 struct device *dev = kobj_to_dev(kobj);
268 struct fw_sysfs *fw_sysfs = to_fw_sysfs(dev);
269 struct fw_priv *fw_priv;
270 ssize_t ret_count;
271
272 mutex_lock(&fw_lock);
273 fw_priv = fw_sysfs->fw_priv;
274 if (!fw_priv || fw_state_is_done(fw_priv)) {
275 ret_count = -ENODEV;
276 goto out;
277 }
278 if (offset > fw_priv->size) {
279 ret_count = 0;
280 goto out;
281 }
282 if (count > fw_priv->size - offset)
283 count = fw_priv->size - offset;
284
285 ret_count = count;
286
287 if (fw_priv->data)
288 firmware_rw_data(fw_priv, buffer, offset, count, true);
289 else
290 firmware_rw(fw_priv, buffer, offset, count, true);
291
292 out:
293 mutex_unlock(&fw_lock);
294 return ret_count;
295 }
296
fw_realloc_pages(struct fw_sysfs * fw_sysfs,int min_size)297 static int fw_realloc_pages(struct fw_sysfs *fw_sysfs, int min_size)
298 {
299 int err;
300
301 err = fw_grow_paged_buf(fw_sysfs->fw_priv,
302 PAGE_ALIGN(min_size) >> PAGE_SHIFT);
303 if (err)
304 fw_load_abort(fw_sysfs);
305 return err;
306 }
307
308 /**
309 * firmware_data_write() - write method for firmware
310 * @filp: open sysfs file
311 * @kobj: kobject for the device
312 * @bin_attr: bin_attr structure
313 * @buffer: buffer being written
314 * @offset: buffer offset for write in total data store area
315 * @count: buffer size
316 *
317 * Data written to the 'data' attribute will be later handed to
318 * the driver as a firmware image.
319 **/
firmware_data_write(struct file * filp,struct kobject * kobj,struct bin_attribute * bin_attr,char * buffer,loff_t offset,size_t count)320 static ssize_t firmware_data_write(struct file *filp, struct kobject *kobj,
321 struct bin_attribute *bin_attr,
322 char *buffer, loff_t offset, size_t count)
323 {
324 struct device *dev = kobj_to_dev(kobj);
325 struct fw_sysfs *fw_sysfs = to_fw_sysfs(dev);
326 struct fw_priv *fw_priv;
327 ssize_t retval;
328
329 if (!capable(CAP_SYS_RAWIO))
330 return -EPERM;
331
332 mutex_lock(&fw_lock);
333 fw_priv = fw_sysfs->fw_priv;
334 if (!fw_priv || fw_state_is_done(fw_priv)) {
335 retval = -ENODEV;
336 goto out;
337 }
338
339 if (fw_priv->data) {
340 if (offset + count > fw_priv->allocated_size) {
341 retval = -ENOMEM;
342 goto out;
343 }
344 firmware_rw_data(fw_priv, buffer, offset, count, false);
345 retval = count;
346 } else {
347 retval = fw_realloc_pages(fw_sysfs, offset + count);
348 if (retval)
349 goto out;
350
351 retval = count;
352 firmware_rw(fw_priv, buffer, offset, count, false);
353 }
354
355 fw_priv->size = max_t(size_t, offset + count, fw_priv->size);
356 out:
357 mutex_unlock(&fw_lock);
358 return retval;
359 }
360
361 static struct bin_attribute firmware_attr_data = {
362 .attr = { .name = "data", .mode = 0644 },
363 .size = 0,
364 .read = firmware_data_read,
365 .write = firmware_data_write,
366 };
367
368 static struct attribute *fw_dev_attrs[] = {
369 &dev_attr_loading.attr,
370 #ifdef CONFIG_FW_UPLOAD
371 &dev_attr_cancel.attr,
372 &dev_attr_status.attr,
373 &dev_attr_error.attr,
374 &dev_attr_remaining_size.attr,
375 #endif
376 NULL
377 };
378
379 static struct bin_attribute *fw_dev_bin_attrs[] = {
380 &firmware_attr_data,
381 NULL
382 };
383
384 static const struct attribute_group fw_dev_attr_group = {
385 .attrs = fw_dev_attrs,
386 .bin_attrs = fw_dev_bin_attrs,
387 #ifdef CONFIG_FW_UPLOAD
388 .is_visible = fw_upload_is_visible,
389 #endif
390 };
391
392 static const struct attribute_group *fw_dev_attr_groups[] = {
393 &fw_dev_attr_group,
394 NULL
395 };
396
397 struct fw_sysfs *
fw_create_instance(struct firmware * firmware,const char * fw_name,struct device * device,u32 opt_flags)398 fw_create_instance(struct firmware *firmware, const char *fw_name,
399 struct device *device, u32 opt_flags)
400 {
401 struct fw_sysfs *fw_sysfs;
402 struct device *f_dev;
403
404 fw_sysfs = kzalloc(sizeof(*fw_sysfs), GFP_KERNEL);
405 if (!fw_sysfs) {
406 fw_sysfs = ERR_PTR(-ENOMEM);
407 goto exit;
408 }
409
410 fw_sysfs->nowait = !!(opt_flags & FW_OPT_NOWAIT);
411 fw_sysfs->fw = firmware;
412 f_dev = &fw_sysfs->dev;
413
414 device_initialize(f_dev);
415 dev_set_name(f_dev, "%s", fw_name);
416 f_dev->parent = device;
417 f_dev->class = &firmware_class;
418 f_dev->groups = fw_dev_attr_groups;
419 exit:
420 return fw_sysfs;
421 }
422