1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Copyright (c) 2003-2020, Intel Corporation. All rights reserved.
4 * Intel Management Engine Interface (Intel MEI) Linux driver
5 */
6
7 #include <linux/module.h>
8 #include <linux/moduleparam.h>
9 #include <linux/kernel.h>
10 #include <linux/device.h>
11 #include <linux/slab.h>
12 #include <linux/fs.h>
13 #include <linux/errno.h>
14 #include <linux/types.h>
15 #include <linux/fcntl.h>
16 #include <linux/poll.h>
17 #include <linux/init.h>
18 #include <linux/ioctl.h>
19 #include <linux/cdev.h>
20 #include <linux/sched/signal.h>
21 #include <linux/uuid.h>
22 #include <linux/compat.h>
23 #include <linux/jiffies.h>
24 #include <linux/interrupt.h>
25
26 #include <linux/mei.h>
27
28 #include "mei_dev.h"
29 #include "client.h"
30
31 static struct class *mei_class;
32 static dev_t mei_devt;
33 #define MEI_MAX_DEVS MINORMASK
34 static DEFINE_MUTEX(mei_minor_lock);
35 static DEFINE_IDR(mei_idr);
36
37 /**
38 * mei_open - the open function
39 *
40 * @inode: pointer to inode structure
41 * @file: pointer to file structure
42 *
43 * Return: 0 on success, <0 on error
44 */
mei_open(struct inode * inode,struct file * file)45 static int mei_open(struct inode *inode, struct file *file)
46 {
47 struct mei_device *dev;
48 struct mei_cl *cl;
49
50 int err;
51
52 dev = container_of(inode->i_cdev, struct mei_device, cdev);
53
54 mutex_lock(&dev->device_lock);
55
56 if (dev->dev_state != MEI_DEV_ENABLED) {
57 dev_dbg(dev->dev, "dev_state != MEI_ENABLED dev_state = %s\n",
58 mei_dev_state_str(dev->dev_state));
59 err = -ENODEV;
60 goto err_unlock;
61 }
62
63 cl = mei_cl_alloc_linked(dev);
64 if (IS_ERR(cl)) {
65 err = PTR_ERR(cl);
66 goto err_unlock;
67 }
68
69 cl->fp = file;
70 file->private_data = cl;
71
72 mutex_unlock(&dev->device_lock);
73
74 return nonseekable_open(inode, file);
75
76 err_unlock:
77 mutex_unlock(&dev->device_lock);
78 return err;
79 }
80
81 /**
82 * mei_cl_vtag_remove_by_fp - remove vtag that corresponds to fp from list
83 *
84 * @cl: host client
85 * @fp: pointer to file structure
86 *
87 */
mei_cl_vtag_remove_by_fp(const struct mei_cl * cl,const struct file * fp)88 static void mei_cl_vtag_remove_by_fp(const struct mei_cl *cl,
89 const struct file *fp)
90 {
91 struct mei_cl_vtag *vtag_l, *next;
92
93 list_for_each_entry_safe(vtag_l, next, &cl->vtag_map, list) {
94 if (vtag_l->fp == fp) {
95 list_del(&vtag_l->list);
96 kfree(vtag_l);
97 return;
98 }
99 }
100 }
101
102 /**
103 * mei_release - the release function
104 *
105 * @inode: pointer to inode structure
106 * @file: pointer to file structure
107 *
108 * Return: 0 on success, <0 on error
109 */
mei_release(struct inode * inode,struct file * file)110 static int mei_release(struct inode *inode, struct file *file)
111 {
112 struct mei_cl *cl = file->private_data;
113 struct mei_device *dev;
114 int rets;
115
116 if (WARN_ON(!cl || !cl->dev))
117 return -ENODEV;
118
119 dev = cl->dev;
120
121 mutex_lock(&dev->device_lock);
122
123 mei_cl_vtag_remove_by_fp(cl, file);
124
125 if (!list_empty(&cl->vtag_map)) {
126 cl_dbg(dev, cl, "not the last vtag\n");
127 mei_cl_flush_queues(cl, file);
128 rets = 0;
129 goto out;
130 }
131
132 rets = mei_cl_disconnect(cl);
133 /*
134 * Check again: This is necessary since disconnect releases the lock
135 * and another client can connect in the meantime.
136 */
137 if (!list_empty(&cl->vtag_map)) {
138 cl_dbg(dev, cl, "not the last vtag after disconnect\n");
139 mei_cl_flush_queues(cl, file);
140 goto out;
141 }
142
143 mei_cl_flush_queues(cl, NULL);
144 cl_dbg(dev, cl, "removing\n");
145
146 mei_cl_unlink(cl);
147 kfree(cl);
148
149 out:
150 file->private_data = NULL;
151
152 mutex_unlock(&dev->device_lock);
153 return rets;
154 }
155
156
157 /**
158 * mei_read - the read function.
159 *
160 * @file: pointer to file structure
161 * @ubuf: pointer to user buffer
162 * @length: buffer length
163 * @offset: data offset in buffer
164 *
165 * Return: >=0 data length on success , <0 on error
166 */
mei_read(struct file * file,char __user * ubuf,size_t length,loff_t * offset)167 static ssize_t mei_read(struct file *file, char __user *ubuf,
168 size_t length, loff_t *offset)
169 {
170 struct mei_cl *cl = file->private_data;
171 struct mei_device *dev;
172 struct mei_cl_cb *cb = NULL;
173 bool nonblock = !!(file->f_flags & O_NONBLOCK);
174 ssize_t rets;
175
176 if (WARN_ON(!cl || !cl->dev))
177 return -ENODEV;
178
179 dev = cl->dev;
180
181
182 mutex_lock(&dev->device_lock);
183 if (dev->dev_state != MEI_DEV_ENABLED) {
184 rets = -ENODEV;
185 goto out;
186 }
187
188 if (length == 0) {
189 rets = 0;
190 goto out;
191 }
192
193 if (ubuf == NULL) {
194 rets = -EMSGSIZE;
195 goto out;
196 }
197
198 cb = mei_cl_read_cb(cl, file);
199 if (cb)
200 goto copy_buffer;
201
202 if (*offset > 0)
203 *offset = 0;
204
205 rets = mei_cl_read_start(cl, length, file);
206 if (rets && rets != -EBUSY) {
207 cl_dbg(dev, cl, "mei start read failure status = %zd\n", rets);
208 goto out;
209 }
210
211 if (nonblock) {
212 rets = -EAGAIN;
213 goto out;
214 }
215
216 mutex_unlock(&dev->device_lock);
217 if (wait_event_interruptible(cl->rx_wait,
218 mei_cl_read_cb(cl, file) ||
219 !mei_cl_is_connected(cl))) {
220 if (signal_pending(current))
221 return -EINTR;
222 return -ERESTARTSYS;
223 }
224 mutex_lock(&dev->device_lock);
225
226 if (!mei_cl_is_connected(cl)) {
227 rets = -ENODEV;
228 goto out;
229 }
230
231 cb = mei_cl_read_cb(cl, file);
232 if (!cb) {
233 rets = 0;
234 goto out;
235 }
236
237 copy_buffer:
238 /* now copy the data to user space */
239 if (cb->status) {
240 rets = cb->status;
241 cl_dbg(dev, cl, "read operation failed %zd\n", rets);
242 goto free;
243 }
244
245 cl_dbg(dev, cl, "buf.size = %zu buf.idx = %zu offset = %lld\n",
246 cb->buf.size, cb->buf_idx, *offset);
247 if (*offset >= cb->buf_idx) {
248 rets = 0;
249 goto free;
250 }
251
252 /* length is being truncated to PAGE_SIZE,
253 * however buf_idx may point beyond that */
254 length = min_t(size_t, length, cb->buf_idx - *offset);
255
256 if (copy_to_user(ubuf, cb->buf.data + *offset, length)) {
257 dev_dbg(dev->dev, "failed to copy data to userland\n");
258 rets = -EFAULT;
259 goto free;
260 }
261
262 rets = length;
263 *offset += length;
264 /* not all data was read, keep the cb */
265 if (*offset < cb->buf_idx)
266 goto out;
267
268 free:
269 mei_cl_del_rd_completed(cl, cb);
270 *offset = 0;
271
272 out:
273 cl_dbg(dev, cl, "end mei read rets = %zd\n", rets);
274 mutex_unlock(&dev->device_lock);
275 return rets;
276 }
277
278 /**
279 * mei_cl_vtag_by_fp - obtain the vtag by file pointer
280 *
281 * @cl: host client
282 * @fp: pointer to file structure
283 *
284 * Return: vtag value on success, otherwise 0
285 */
mei_cl_vtag_by_fp(const struct mei_cl * cl,const struct file * fp)286 static u8 mei_cl_vtag_by_fp(const struct mei_cl *cl, const struct file *fp)
287 {
288 struct mei_cl_vtag *cl_vtag;
289
290 if (!fp)
291 return 0;
292
293 list_for_each_entry(cl_vtag, &cl->vtag_map, list)
294 if (cl_vtag->fp == fp)
295 return cl_vtag->vtag;
296 return 0;
297 }
298
299 /**
300 * mei_write - the write function.
301 *
302 * @file: pointer to file structure
303 * @ubuf: pointer to user buffer
304 * @length: buffer length
305 * @offset: data offset in buffer
306 *
307 * Return: >=0 data length on success , <0 on error
308 */
mei_write(struct file * file,const char __user * ubuf,size_t length,loff_t * offset)309 static ssize_t mei_write(struct file *file, const char __user *ubuf,
310 size_t length, loff_t *offset)
311 {
312 struct mei_cl *cl = file->private_data;
313 struct mei_cl_cb *cb;
314 struct mei_device *dev;
315 ssize_t rets;
316
317 if (WARN_ON(!cl || !cl->dev))
318 return -ENODEV;
319
320 dev = cl->dev;
321
322 mutex_lock(&dev->device_lock);
323
324 if (dev->dev_state != MEI_DEV_ENABLED) {
325 rets = -ENODEV;
326 goto out;
327 }
328
329 if (!mei_cl_is_connected(cl)) {
330 cl_err(dev, cl, "is not connected");
331 rets = -ENODEV;
332 goto out;
333 }
334
335 if (!mei_me_cl_is_active(cl->me_cl)) {
336 rets = -ENOTTY;
337 goto out;
338 }
339
340 if (length > mei_cl_mtu(cl)) {
341 rets = -EFBIG;
342 goto out;
343 }
344
345 if (length == 0) {
346 rets = 0;
347 goto out;
348 }
349
350 while (cl->tx_cb_queued >= dev->tx_queue_limit) {
351 if (file->f_flags & O_NONBLOCK) {
352 rets = -EAGAIN;
353 goto out;
354 }
355 mutex_unlock(&dev->device_lock);
356 rets = wait_event_interruptible(cl->tx_wait,
357 cl->writing_state == MEI_WRITE_COMPLETE ||
358 (!mei_cl_is_connected(cl)));
359 mutex_lock(&dev->device_lock);
360 if (rets) {
361 if (signal_pending(current))
362 rets = -EINTR;
363 goto out;
364 }
365 if (!mei_cl_is_connected(cl)) {
366 rets = -ENODEV;
367 goto out;
368 }
369 }
370
371 cb = mei_cl_alloc_cb(cl, length, MEI_FOP_WRITE, file);
372 if (!cb) {
373 rets = -ENOMEM;
374 goto out;
375 }
376 cb->vtag = mei_cl_vtag_by_fp(cl, file);
377
378 rets = copy_from_user(cb->buf.data, ubuf, length);
379 if (rets) {
380 dev_dbg(dev->dev, "failed to copy data from userland\n");
381 rets = -EFAULT;
382 mei_io_cb_free(cb);
383 goto out;
384 }
385
386 rets = mei_cl_write(cl, cb);
387 out:
388 mutex_unlock(&dev->device_lock);
389 return rets;
390 }
391
392 /**
393 * mei_ioctl_connect_client - the connect to fw client IOCTL function
394 *
395 * @file: private data of the file object
396 * @in_client_uuid: requested UUID for connection
397 * @client: IOCTL connect data, output parameters
398 *
399 * Locking: called under "dev->device_lock" lock
400 *
401 * Return: 0 on success, <0 on failure.
402 */
mei_ioctl_connect_client(struct file * file,const uuid_le * in_client_uuid,struct mei_client * client)403 static int mei_ioctl_connect_client(struct file *file,
404 const uuid_le *in_client_uuid,
405 struct mei_client *client)
406 {
407 struct mei_device *dev;
408 struct mei_me_client *me_cl;
409 struct mei_cl *cl;
410 int rets;
411
412 cl = file->private_data;
413 dev = cl->dev;
414
415 if (cl->state != MEI_FILE_INITIALIZING &&
416 cl->state != MEI_FILE_DISCONNECTED)
417 return -EBUSY;
418
419 /* find ME client we're trying to connect to */
420 me_cl = mei_me_cl_by_uuid(dev, in_client_uuid);
421 if (!me_cl) {
422 dev_dbg(dev->dev, "Cannot connect to FW Client UUID = %pUl\n",
423 in_client_uuid);
424 rets = -ENOTTY;
425 goto end;
426 }
427
428 if (me_cl->props.fixed_address) {
429 bool forbidden = dev->override_fixed_address ?
430 !dev->allow_fixed_address : !dev->hbm_f_fa_supported;
431 if (forbidden) {
432 dev_dbg(dev->dev, "Connection forbidden to FW Client UUID = %pUl\n",
433 in_client_uuid);
434 rets = -ENOTTY;
435 goto end;
436 }
437 }
438
439 dev_dbg(dev->dev, "Connect to FW Client ID = %d\n",
440 me_cl->client_id);
441 dev_dbg(dev->dev, "FW Client - Protocol Version = %d\n",
442 me_cl->props.protocol_version);
443 dev_dbg(dev->dev, "FW Client - Max Msg Len = %d\n",
444 me_cl->props.max_msg_length);
445
446 /* prepare the output buffer */
447 client->max_msg_length = me_cl->props.max_msg_length;
448 client->protocol_version = me_cl->props.protocol_version;
449 dev_dbg(dev->dev, "Can connect?\n");
450
451 rets = mei_cl_connect(cl, me_cl, file);
452
453 end:
454 mei_me_cl_put(me_cl);
455 return rets;
456 }
457
458 /**
459 * mei_vt_support_check - check if client support vtags
460 *
461 * Locking: called under "dev->device_lock" lock
462 *
463 * @dev: mei_device
464 * @uuid: client UUID
465 *
466 * Return:
467 * 0 - supported
468 * -ENOTTY - no such client
469 * -EOPNOTSUPP - vtags are not supported by client
470 */
mei_vt_support_check(struct mei_device * dev,const uuid_le * uuid)471 static int mei_vt_support_check(struct mei_device *dev, const uuid_le *uuid)
472 {
473 struct mei_me_client *me_cl;
474 int ret;
475
476 if (!dev->hbm_f_vt_supported)
477 return -EOPNOTSUPP;
478
479 me_cl = mei_me_cl_by_uuid(dev, uuid);
480 if (!me_cl) {
481 dev_dbg(dev->dev, "Cannot connect to FW Client UUID = %pUl\n",
482 uuid);
483 return -ENOTTY;
484 }
485 ret = me_cl->props.vt_supported ? 0 : -EOPNOTSUPP;
486 mei_me_cl_put(me_cl);
487
488 return ret;
489 }
490
491 /**
492 * mei_ioctl_connect_vtag - connect to fw client with vtag IOCTL function
493 *
494 * @file: private data of the file object
495 * @in_client_uuid: requested UUID for connection
496 * @client: IOCTL connect data, output parameters
497 * @vtag: vm tag
498 *
499 * Locking: called under "dev->device_lock" lock
500 *
501 * Return: 0 on success, <0 on failure.
502 */
mei_ioctl_connect_vtag(struct file * file,const uuid_le * in_client_uuid,struct mei_client * client,u8 vtag)503 static int mei_ioctl_connect_vtag(struct file *file,
504 const uuid_le *in_client_uuid,
505 struct mei_client *client,
506 u8 vtag)
507 {
508 struct mei_device *dev;
509 struct mei_cl *cl;
510 struct mei_cl *pos;
511 struct mei_cl_vtag *cl_vtag;
512
513 cl = file->private_data;
514 dev = cl->dev;
515
516 dev_dbg(dev->dev, "FW Client %pUl vtag %d\n", in_client_uuid, vtag);
517
518 switch (cl->state) {
519 case MEI_FILE_DISCONNECTED:
520 if (mei_cl_vtag_by_fp(cl, file) != vtag) {
521 dev_err(dev->dev, "reconnect with different vtag\n");
522 return -EINVAL;
523 }
524 break;
525 case MEI_FILE_INITIALIZING:
526 /* malicious connect from another thread may push vtag */
527 if (!IS_ERR(mei_cl_fp_by_vtag(cl, vtag))) {
528 dev_err(dev->dev, "vtag already filled\n");
529 return -EINVAL;
530 }
531
532 list_for_each_entry(pos, &dev->file_list, link) {
533 if (pos == cl)
534 continue;
535 if (!pos->me_cl)
536 continue;
537
538 /* only search for same UUID */
539 if (uuid_le_cmp(*mei_cl_uuid(pos), *in_client_uuid))
540 continue;
541
542 /* if tag already exist try another fp */
543 if (!IS_ERR(mei_cl_fp_by_vtag(pos, vtag)))
544 continue;
545
546 /* replace cl with acquired one */
547 dev_dbg(dev->dev, "replacing with existing cl\n");
548 mei_cl_unlink(cl);
549 kfree(cl);
550 file->private_data = pos;
551 cl = pos;
552 break;
553 }
554
555 cl_vtag = mei_cl_vtag_alloc(file, vtag);
556 if (IS_ERR(cl_vtag))
557 return -ENOMEM;
558
559 list_add_tail(&cl_vtag->list, &cl->vtag_map);
560 break;
561 default:
562 return -EBUSY;
563 }
564
565 while (cl->state != MEI_FILE_INITIALIZING &&
566 cl->state != MEI_FILE_DISCONNECTED &&
567 cl->state != MEI_FILE_CONNECTED) {
568 mutex_unlock(&dev->device_lock);
569 wait_event_timeout(cl->wait,
570 (cl->state == MEI_FILE_CONNECTED ||
571 cl->state == MEI_FILE_DISCONNECTED ||
572 cl->state == MEI_FILE_DISCONNECT_REQUIRED ||
573 cl->state == MEI_FILE_DISCONNECT_REPLY),
574 mei_secs_to_jiffies(MEI_CL_CONNECT_TIMEOUT));
575 mutex_lock(&dev->device_lock);
576 }
577
578 if (!mei_cl_is_connected(cl))
579 return mei_ioctl_connect_client(file, in_client_uuid, client);
580
581 client->max_msg_length = cl->me_cl->props.max_msg_length;
582 client->protocol_version = cl->me_cl->props.protocol_version;
583
584 return 0;
585 }
586
587 /**
588 * mei_ioctl_client_notify_request -
589 * propagate event notification request to client
590 *
591 * @file: pointer to file structure
592 * @request: 0 - disable, 1 - enable
593 *
594 * Return: 0 on success , <0 on error
595 */
mei_ioctl_client_notify_request(const struct file * file,u32 request)596 static int mei_ioctl_client_notify_request(const struct file *file, u32 request)
597 {
598 struct mei_cl *cl = file->private_data;
599
600 if (request != MEI_HBM_NOTIFICATION_START &&
601 request != MEI_HBM_NOTIFICATION_STOP)
602 return -EINVAL;
603
604 return mei_cl_notify_request(cl, file, (u8)request);
605 }
606
607 /**
608 * mei_ioctl_client_notify_get - wait for notification request
609 *
610 * @file: pointer to file structure
611 * @notify_get: 0 - disable, 1 - enable
612 *
613 * Return: 0 on success , <0 on error
614 */
mei_ioctl_client_notify_get(const struct file * file,u32 * notify_get)615 static int mei_ioctl_client_notify_get(const struct file *file, u32 *notify_get)
616 {
617 struct mei_cl *cl = file->private_data;
618 bool notify_ev;
619 bool block = (file->f_flags & O_NONBLOCK) == 0;
620 int rets;
621
622 rets = mei_cl_notify_get(cl, block, ¬ify_ev);
623 if (rets)
624 return rets;
625
626 *notify_get = notify_ev ? 1 : 0;
627 return 0;
628 }
629
630 /**
631 * mei_ioctl - the IOCTL function
632 *
633 * @file: pointer to file structure
634 * @cmd: ioctl command
635 * @data: pointer to mei message structure
636 *
637 * Return: 0 on success , <0 on error
638 */
mei_ioctl(struct file * file,unsigned int cmd,unsigned long data)639 static long mei_ioctl(struct file *file, unsigned int cmd, unsigned long data)
640 {
641 struct mei_device *dev;
642 struct mei_cl *cl = file->private_data;
643 struct mei_connect_client_data conn;
644 struct mei_connect_client_data_vtag conn_vtag;
645 const uuid_le *cl_uuid;
646 struct mei_client *props;
647 u8 vtag;
648 u32 notify_get, notify_req;
649 int rets;
650
651
652 if (WARN_ON(!cl || !cl->dev))
653 return -ENODEV;
654
655 dev = cl->dev;
656
657 dev_dbg(dev->dev, "IOCTL cmd = 0x%x", cmd);
658
659 mutex_lock(&dev->device_lock);
660 if (dev->dev_state != MEI_DEV_ENABLED) {
661 rets = -ENODEV;
662 goto out;
663 }
664
665 switch (cmd) {
666 case IOCTL_MEI_CONNECT_CLIENT:
667 dev_dbg(dev->dev, ": IOCTL_MEI_CONNECT_CLIENT.\n");
668 if (copy_from_user(&conn, (char __user *)data, sizeof(conn))) {
669 dev_dbg(dev->dev, "failed to copy data from userland\n");
670 rets = -EFAULT;
671 goto out;
672 }
673 cl_uuid = &conn.in_client_uuid;
674 props = &conn.out_client_properties;
675 vtag = 0;
676
677 rets = mei_vt_support_check(dev, cl_uuid);
678 if (rets == -ENOTTY)
679 goto out;
680 if (!rets)
681 rets = mei_ioctl_connect_vtag(file, cl_uuid, props,
682 vtag);
683 else
684 rets = mei_ioctl_connect_client(file, cl_uuid, props);
685 if (rets)
686 goto out;
687
688 /* if all is ok, copying the data back to user. */
689 if (copy_to_user((char __user *)data, &conn, sizeof(conn))) {
690 dev_dbg(dev->dev, "failed to copy data to userland\n");
691 rets = -EFAULT;
692 goto out;
693 }
694
695 break;
696
697 case IOCTL_MEI_CONNECT_CLIENT_VTAG:
698 dev_dbg(dev->dev, "IOCTL_MEI_CONNECT_CLIENT_VTAG\n");
699 if (copy_from_user(&conn_vtag, (char __user *)data,
700 sizeof(conn_vtag))) {
701 dev_dbg(dev->dev, "failed to copy data from userland\n");
702 rets = -EFAULT;
703 goto out;
704 }
705
706 cl_uuid = &conn_vtag.connect.in_client_uuid;
707 props = &conn_vtag.out_client_properties;
708 vtag = conn_vtag.connect.vtag;
709
710 rets = mei_vt_support_check(dev, cl_uuid);
711 if (rets == -EOPNOTSUPP)
712 dev_dbg(dev->dev, "FW Client %pUl does not support vtags\n",
713 cl_uuid);
714 if (rets)
715 goto out;
716
717 if (!vtag) {
718 dev_dbg(dev->dev, "vtag can't be zero\n");
719 rets = -EINVAL;
720 goto out;
721 }
722
723 rets = mei_ioctl_connect_vtag(file, cl_uuid, props, vtag);
724 if (rets)
725 goto out;
726
727 /* if all is ok, copying the data back to user. */
728 if (copy_to_user((char __user *)data, &conn_vtag,
729 sizeof(conn_vtag))) {
730 dev_dbg(dev->dev, "failed to copy data to userland\n");
731 rets = -EFAULT;
732 goto out;
733 }
734
735 break;
736
737 case IOCTL_MEI_NOTIFY_SET:
738 dev_dbg(dev->dev, ": IOCTL_MEI_NOTIFY_SET.\n");
739 if (copy_from_user(¬ify_req,
740 (char __user *)data, sizeof(notify_req))) {
741 dev_dbg(dev->dev, "failed to copy data from userland\n");
742 rets = -EFAULT;
743 goto out;
744 }
745 rets = mei_ioctl_client_notify_request(file, notify_req);
746 break;
747
748 case IOCTL_MEI_NOTIFY_GET:
749 dev_dbg(dev->dev, ": IOCTL_MEI_NOTIFY_GET.\n");
750 rets = mei_ioctl_client_notify_get(file, ¬ify_get);
751 if (rets)
752 goto out;
753
754 dev_dbg(dev->dev, "copy connect data to user\n");
755 if (copy_to_user((char __user *)data,
756 ¬ify_get, sizeof(notify_get))) {
757 dev_dbg(dev->dev, "failed to copy data to userland\n");
758 rets = -EFAULT;
759 goto out;
760
761 }
762 break;
763
764 default:
765 rets = -ENOIOCTLCMD;
766 }
767
768 out:
769 mutex_unlock(&dev->device_lock);
770 return rets;
771 }
772
773 /**
774 * mei_poll - the poll function
775 *
776 * @file: pointer to file structure
777 * @wait: pointer to poll_table structure
778 *
779 * Return: poll mask
780 */
mei_poll(struct file * file,poll_table * wait)781 static __poll_t mei_poll(struct file *file, poll_table *wait)
782 {
783 __poll_t req_events = poll_requested_events(wait);
784 struct mei_cl *cl = file->private_data;
785 struct mei_device *dev;
786 __poll_t mask = 0;
787 bool notify_en;
788
789 if (WARN_ON(!cl || !cl->dev))
790 return EPOLLERR;
791
792 dev = cl->dev;
793
794 mutex_lock(&dev->device_lock);
795
796 notify_en = cl->notify_en && (req_events & EPOLLPRI);
797
798 if (dev->dev_state != MEI_DEV_ENABLED ||
799 !mei_cl_is_connected(cl)) {
800 mask = EPOLLERR;
801 goto out;
802 }
803
804 if (notify_en) {
805 poll_wait(file, &cl->ev_wait, wait);
806 if (cl->notify_ev)
807 mask |= EPOLLPRI;
808 }
809
810 if (req_events & (EPOLLIN | EPOLLRDNORM)) {
811 poll_wait(file, &cl->rx_wait, wait);
812
813 if (mei_cl_read_cb(cl, file))
814 mask |= EPOLLIN | EPOLLRDNORM;
815 else
816 mei_cl_read_start(cl, mei_cl_mtu(cl), file);
817 }
818
819 if (req_events & (EPOLLOUT | EPOLLWRNORM)) {
820 poll_wait(file, &cl->tx_wait, wait);
821 if (cl->tx_cb_queued < dev->tx_queue_limit)
822 mask |= EPOLLOUT | EPOLLWRNORM;
823 }
824
825 out:
826 mutex_unlock(&dev->device_lock);
827 return mask;
828 }
829
830 /**
831 * mei_cl_is_write_queued - check if the client has pending writes.
832 *
833 * @cl: writing host client
834 *
835 * Return: true if client is writing, false otherwise.
836 */
mei_cl_is_write_queued(struct mei_cl * cl)837 static bool mei_cl_is_write_queued(struct mei_cl *cl)
838 {
839 struct mei_device *dev = cl->dev;
840 struct mei_cl_cb *cb;
841
842 list_for_each_entry(cb, &dev->write_list, list)
843 if (cb->cl == cl)
844 return true;
845 list_for_each_entry(cb, &dev->write_waiting_list, list)
846 if (cb->cl == cl)
847 return true;
848 return false;
849 }
850
851 /**
852 * mei_fsync - the fsync handler
853 *
854 * @fp: pointer to file structure
855 * @start: unused
856 * @end: unused
857 * @datasync: unused
858 *
859 * Return: 0 on success, -ENODEV if client is not connected
860 */
mei_fsync(struct file * fp,loff_t start,loff_t end,int datasync)861 static int mei_fsync(struct file *fp, loff_t start, loff_t end, int datasync)
862 {
863 struct mei_cl *cl = fp->private_data;
864 struct mei_device *dev;
865 int rets;
866
867 if (WARN_ON(!cl || !cl->dev))
868 return -ENODEV;
869
870 dev = cl->dev;
871
872 mutex_lock(&dev->device_lock);
873
874 if (dev->dev_state != MEI_DEV_ENABLED || !mei_cl_is_connected(cl)) {
875 rets = -ENODEV;
876 goto out;
877 }
878
879 while (mei_cl_is_write_queued(cl)) {
880 mutex_unlock(&dev->device_lock);
881 rets = wait_event_interruptible(cl->tx_wait,
882 cl->writing_state == MEI_WRITE_COMPLETE ||
883 !mei_cl_is_connected(cl));
884 mutex_lock(&dev->device_lock);
885 if (rets) {
886 if (signal_pending(current))
887 rets = -EINTR;
888 goto out;
889 }
890 if (!mei_cl_is_connected(cl)) {
891 rets = -ENODEV;
892 goto out;
893 }
894 }
895 rets = 0;
896 out:
897 mutex_unlock(&dev->device_lock);
898 return rets;
899 }
900
901 /**
902 * mei_fasync - asynchronous io support
903 *
904 * @fd: file descriptor
905 * @file: pointer to file structure
906 * @band: band bitmap
907 *
908 * Return: negative on error,
909 * 0 if it did no changes,
910 * and positive a process was added or deleted
911 */
mei_fasync(int fd,struct file * file,int band)912 static int mei_fasync(int fd, struct file *file, int band)
913 {
914
915 struct mei_cl *cl = file->private_data;
916
917 if (!mei_cl_is_connected(cl))
918 return -ENODEV;
919
920 return fasync_helper(fd, file, band, &cl->ev_async);
921 }
922
923 /**
924 * trc_show - mei device trc attribute show method
925 *
926 * @device: device pointer
927 * @attr: attribute pointer
928 * @buf: char out buffer
929 *
930 * Return: number of the bytes printed into buf or error
931 */
trc_show(struct device * device,struct device_attribute * attr,char * buf)932 static ssize_t trc_show(struct device *device,
933 struct device_attribute *attr, char *buf)
934 {
935 struct mei_device *dev = dev_get_drvdata(device);
936 u32 trc;
937 int ret;
938
939 ret = mei_trc_status(dev, &trc);
940 if (ret)
941 return ret;
942 return sprintf(buf, "%08X\n", trc);
943 }
944 static DEVICE_ATTR_RO(trc);
945
946 /**
947 * fw_status_show - mei device fw_status attribute show method
948 *
949 * @device: device pointer
950 * @attr: attribute pointer
951 * @buf: char out buffer
952 *
953 * Return: number of the bytes printed into buf or error
954 */
fw_status_show(struct device * device,struct device_attribute * attr,char * buf)955 static ssize_t fw_status_show(struct device *device,
956 struct device_attribute *attr, char *buf)
957 {
958 struct mei_device *dev = dev_get_drvdata(device);
959 struct mei_fw_status fw_status;
960 int err, i;
961 ssize_t cnt = 0;
962
963 mutex_lock(&dev->device_lock);
964 err = mei_fw_status(dev, &fw_status);
965 mutex_unlock(&dev->device_lock);
966 if (err) {
967 dev_err(device, "read fw_status error = %d\n", err);
968 return err;
969 }
970
971 for (i = 0; i < fw_status.count; i++)
972 cnt += scnprintf(buf + cnt, PAGE_SIZE - cnt, "%08X\n",
973 fw_status.status[i]);
974 return cnt;
975 }
976 static DEVICE_ATTR_RO(fw_status);
977
978 /**
979 * hbm_ver_show - display HBM protocol version negotiated with FW
980 *
981 * @device: device pointer
982 * @attr: attribute pointer
983 * @buf: char out buffer
984 *
985 * Return: number of the bytes printed into buf or error
986 */
hbm_ver_show(struct device * device,struct device_attribute * attr,char * buf)987 static ssize_t hbm_ver_show(struct device *device,
988 struct device_attribute *attr, char *buf)
989 {
990 struct mei_device *dev = dev_get_drvdata(device);
991 struct hbm_version ver;
992
993 mutex_lock(&dev->device_lock);
994 ver = dev->version;
995 mutex_unlock(&dev->device_lock);
996
997 return sprintf(buf, "%u.%u\n", ver.major_version, ver.minor_version);
998 }
999 static DEVICE_ATTR_RO(hbm_ver);
1000
1001 /**
1002 * hbm_ver_drv_show - display HBM protocol version advertised by driver
1003 *
1004 * @device: device pointer
1005 * @attr: attribute pointer
1006 * @buf: char out buffer
1007 *
1008 * Return: number of the bytes printed into buf or error
1009 */
hbm_ver_drv_show(struct device * device,struct device_attribute * attr,char * buf)1010 static ssize_t hbm_ver_drv_show(struct device *device,
1011 struct device_attribute *attr, char *buf)
1012 {
1013 return sprintf(buf, "%u.%u\n", HBM_MAJOR_VERSION, HBM_MINOR_VERSION);
1014 }
1015 static DEVICE_ATTR_RO(hbm_ver_drv);
1016
tx_queue_limit_show(struct device * device,struct device_attribute * attr,char * buf)1017 static ssize_t tx_queue_limit_show(struct device *device,
1018 struct device_attribute *attr, char *buf)
1019 {
1020 struct mei_device *dev = dev_get_drvdata(device);
1021 u8 size = 0;
1022
1023 mutex_lock(&dev->device_lock);
1024 size = dev->tx_queue_limit;
1025 mutex_unlock(&dev->device_lock);
1026
1027 return sysfs_emit(buf, "%u\n", size);
1028 }
1029
tx_queue_limit_store(struct device * device,struct device_attribute * attr,const char * buf,size_t count)1030 static ssize_t tx_queue_limit_store(struct device *device,
1031 struct device_attribute *attr,
1032 const char *buf, size_t count)
1033 {
1034 struct mei_device *dev = dev_get_drvdata(device);
1035 u8 limit;
1036 unsigned int inp;
1037 int err;
1038
1039 err = kstrtouint(buf, 10, &inp);
1040 if (err)
1041 return err;
1042 if (inp > MEI_TX_QUEUE_LIMIT_MAX || inp < MEI_TX_QUEUE_LIMIT_MIN)
1043 return -EINVAL;
1044 limit = inp;
1045
1046 mutex_lock(&dev->device_lock);
1047 dev->tx_queue_limit = limit;
1048 mutex_unlock(&dev->device_lock);
1049
1050 return count;
1051 }
1052 static DEVICE_ATTR_RW(tx_queue_limit);
1053
1054 /**
1055 * fw_ver_show - display ME FW version
1056 *
1057 * @device: device pointer
1058 * @attr: attribute pointer
1059 * @buf: char out buffer
1060 *
1061 * Return: number of the bytes printed into buf or error
1062 */
fw_ver_show(struct device * device,struct device_attribute * attr,char * buf)1063 static ssize_t fw_ver_show(struct device *device,
1064 struct device_attribute *attr, char *buf)
1065 {
1066 struct mei_device *dev = dev_get_drvdata(device);
1067 struct mei_fw_version *ver;
1068 ssize_t cnt = 0;
1069 int i;
1070
1071 ver = dev->fw_ver;
1072
1073 for (i = 0; i < MEI_MAX_FW_VER_BLOCKS; i++)
1074 cnt += scnprintf(buf + cnt, PAGE_SIZE - cnt, "%u:%u.%u.%u.%u\n",
1075 ver[i].platform, ver[i].major, ver[i].minor,
1076 ver[i].hotfix, ver[i].buildno);
1077 return cnt;
1078 }
1079 static DEVICE_ATTR_RO(fw_ver);
1080
1081 /**
1082 * dev_state_show - display device state
1083 *
1084 * @device: device pointer
1085 * @attr: attribute pointer
1086 * @buf: char out buffer
1087 *
1088 * Return: number of the bytes printed into buf or error
1089 */
dev_state_show(struct device * device,struct device_attribute * attr,char * buf)1090 static ssize_t dev_state_show(struct device *device,
1091 struct device_attribute *attr, char *buf)
1092 {
1093 struct mei_device *dev = dev_get_drvdata(device);
1094 enum mei_dev_state dev_state;
1095
1096 mutex_lock(&dev->device_lock);
1097 dev_state = dev->dev_state;
1098 mutex_unlock(&dev->device_lock);
1099
1100 return sprintf(buf, "%s", mei_dev_state_str(dev_state));
1101 }
1102 static DEVICE_ATTR_RO(dev_state);
1103
1104 /**
1105 * mei_set_devstate: set to new device state and notify sysfs file.
1106 *
1107 * @dev: mei_device
1108 * @state: new device state
1109 */
mei_set_devstate(struct mei_device * dev,enum mei_dev_state state)1110 void mei_set_devstate(struct mei_device *dev, enum mei_dev_state state)
1111 {
1112 struct device *clsdev;
1113
1114 if (dev->dev_state == state)
1115 return;
1116
1117 dev->dev_state = state;
1118
1119 clsdev = class_find_device_by_devt(mei_class, dev->cdev.dev);
1120 if (clsdev) {
1121 sysfs_notify(&clsdev->kobj, NULL, "dev_state");
1122 put_device(clsdev);
1123 }
1124 }
1125
1126 /**
1127 * kind_show - display device kind
1128 *
1129 * @device: device pointer
1130 * @attr: attribute pointer
1131 * @buf: char out buffer
1132 *
1133 * Return: number of the bytes printed into buf or error
1134 */
kind_show(struct device * device,struct device_attribute * attr,char * buf)1135 static ssize_t kind_show(struct device *device,
1136 struct device_attribute *attr, char *buf)
1137 {
1138 struct mei_device *dev = dev_get_drvdata(device);
1139 ssize_t ret;
1140
1141 if (dev->kind)
1142 ret = sprintf(buf, "%s\n", dev->kind);
1143 else
1144 ret = sprintf(buf, "%s\n", "mei");
1145
1146 return ret;
1147 }
1148 static DEVICE_ATTR_RO(kind);
1149
1150 static struct attribute *mei_attrs[] = {
1151 &dev_attr_fw_status.attr,
1152 &dev_attr_hbm_ver.attr,
1153 &dev_attr_hbm_ver_drv.attr,
1154 &dev_attr_tx_queue_limit.attr,
1155 &dev_attr_fw_ver.attr,
1156 &dev_attr_dev_state.attr,
1157 &dev_attr_trc.attr,
1158 &dev_attr_kind.attr,
1159 NULL
1160 };
1161 ATTRIBUTE_GROUPS(mei);
1162
1163 /*
1164 * file operations structure will be used for mei char device.
1165 */
1166 static const struct file_operations mei_fops = {
1167 .owner = THIS_MODULE,
1168 .read = mei_read,
1169 .unlocked_ioctl = mei_ioctl,
1170 .compat_ioctl = compat_ptr_ioctl,
1171 .open = mei_open,
1172 .release = mei_release,
1173 .write = mei_write,
1174 .poll = mei_poll,
1175 .fsync = mei_fsync,
1176 .fasync = mei_fasync,
1177 .llseek = no_llseek
1178 };
1179
1180 /**
1181 * mei_minor_get - obtain next free device minor number
1182 *
1183 * @dev: device pointer
1184 *
1185 * Return: allocated minor, or -ENOSPC if no free minor left
1186 */
mei_minor_get(struct mei_device * dev)1187 static int mei_minor_get(struct mei_device *dev)
1188 {
1189 int ret;
1190
1191 mutex_lock(&mei_minor_lock);
1192 ret = idr_alloc(&mei_idr, dev, 0, MEI_MAX_DEVS, GFP_KERNEL);
1193 if (ret >= 0)
1194 dev->minor = ret;
1195 else if (ret == -ENOSPC)
1196 dev_err(dev->dev, "too many mei devices\n");
1197
1198 mutex_unlock(&mei_minor_lock);
1199 return ret;
1200 }
1201
1202 /**
1203 * mei_minor_free - mark device minor number as free
1204 *
1205 * @dev: device pointer
1206 */
mei_minor_free(struct mei_device * dev)1207 static void mei_minor_free(struct mei_device *dev)
1208 {
1209 mutex_lock(&mei_minor_lock);
1210 idr_remove(&mei_idr, dev->minor);
1211 mutex_unlock(&mei_minor_lock);
1212 }
1213
mei_register(struct mei_device * dev,struct device * parent)1214 int mei_register(struct mei_device *dev, struct device *parent)
1215 {
1216 struct device *clsdev; /* class device */
1217 int ret, devno;
1218
1219 ret = mei_minor_get(dev);
1220 if (ret < 0)
1221 return ret;
1222
1223 /* Fill in the data structures */
1224 devno = MKDEV(MAJOR(mei_devt), dev->minor);
1225 cdev_init(&dev->cdev, &mei_fops);
1226 dev->cdev.owner = parent->driver->owner;
1227
1228 /* Add the device */
1229 ret = cdev_add(&dev->cdev, devno, 1);
1230 if (ret) {
1231 dev_err(parent, "unable to add device %d:%d\n",
1232 MAJOR(mei_devt), dev->minor);
1233 goto err_dev_add;
1234 }
1235
1236 clsdev = device_create_with_groups(mei_class, parent, devno,
1237 dev, mei_groups,
1238 "mei%d", dev->minor);
1239
1240 if (IS_ERR(clsdev)) {
1241 dev_err(parent, "unable to create device %d:%d\n",
1242 MAJOR(mei_devt), dev->minor);
1243 ret = PTR_ERR(clsdev);
1244 goto err_dev_create;
1245 }
1246
1247 mei_dbgfs_register(dev, dev_name(clsdev));
1248
1249 return 0;
1250
1251 err_dev_create:
1252 cdev_del(&dev->cdev);
1253 err_dev_add:
1254 mei_minor_free(dev);
1255 return ret;
1256 }
1257 EXPORT_SYMBOL_GPL(mei_register);
1258
mei_deregister(struct mei_device * dev)1259 void mei_deregister(struct mei_device *dev)
1260 {
1261 int devno;
1262
1263 devno = dev->cdev.dev;
1264 cdev_del(&dev->cdev);
1265
1266 mei_dbgfs_deregister(dev);
1267
1268 device_destroy(mei_class, devno);
1269
1270 mei_minor_free(dev);
1271 }
1272 EXPORT_SYMBOL_GPL(mei_deregister);
1273
mei_init(void)1274 static int __init mei_init(void)
1275 {
1276 int ret;
1277
1278 mei_class = class_create(THIS_MODULE, "mei");
1279 if (IS_ERR(mei_class)) {
1280 pr_err("couldn't create class\n");
1281 ret = PTR_ERR(mei_class);
1282 goto err;
1283 }
1284
1285 ret = alloc_chrdev_region(&mei_devt, 0, MEI_MAX_DEVS, "mei");
1286 if (ret < 0) {
1287 pr_err("unable to allocate char dev region\n");
1288 goto err_class;
1289 }
1290
1291 ret = mei_cl_bus_init();
1292 if (ret < 0) {
1293 pr_err("unable to initialize bus\n");
1294 goto err_chrdev;
1295 }
1296
1297 return 0;
1298
1299 err_chrdev:
1300 unregister_chrdev_region(mei_devt, MEI_MAX_DEVS);
1301 err_class:
1302 class_destroy(mei_class);
1303 err:
1304 return ret;
1305 }
1306
mei_exit(void)1307 static void __exit mei_exit(void)
1308 {
1309 unregister_chrdev_region(mei_devt, MEI_MAX_DEVS);
1310 class_destroy(mei_class);
1311 mei_cl_bus_exit();
1312 }
1313
1314 module_init(mei_init);
1315 module_exit(mei_exit);
1316
1317 MODULE_AUTHOR("Intel Corporation");
1318 MODULE_DESCRIPTION("Intel(R) Management Engine Interface");
1319 MODULE_LICENSE("GPL v2");
1320
1321