Loading...
1// SPDX-License-Identifier: GPL-2.0
2
3#include <linux/types.h>
4#include <linux/kconfig.h>
5#include <linux/list.h>
6#include <linux/slab.h>
7#include <linux/security.h>
8#include <linux/highmem.h>
9#include <linux/umh.h>
10#include <linux/sysctl.h>
11#include <linux/vmalloc.h>
12#include <linux/module.h>
13
14#include "fallback.h"
15#include "firmware.h"
16
17/*
18 * firmware fallback mechanism
19 */
20
21MODULE_IMPORT_NS(FIRMWARE_LOADER_PRIVATE);
22
23extern struct firmware_fallback_config fw_fallback_config;
24
25/* These getters are vetted to use int properly */
26static inline int __firmware_loading_timeout(void)
27{
28 return fw_fallback_config.loading_timeout;
29}
30
31/* These setters are vetted to use int properly */
32static void __fw_fallback_set_timeout(int timeout)
33{
34 fw_fallback_config.loading_timeout = timeout;
35}
36
37/*
38 * use small loading timeout for caching devices' firmware because all these
39 * firmware images have been loaded successfully at lease once, also system is
40 * ready for completing firmware loading now. The maximum size of firmware in
41 * current distributions is about 2M bytes, so 10 secs should be enough.
42 */
43void fw_fallback_set_cache_timeout(void)
44{
45 fw_fallback_config.old_timeout = __firmware_loading_timeout();
46 __fw_fallback_set_timeout(10);
47}
48
49/* Restores the timeout to the value last configured during normal operation */
50void fw_fallback_set_default_timeout(void)
51{
52 __fw_fallback_set_timeout(fw_fallback_config.old_timeout);
53}
54
55static long firmware_loading_timeout(void)
56{
57 return __firmware_loading_timeout() > 0 ?
58 __firmware_loading_timeout() * HZ : MAX_JIFFY_OFFSET;
59}
60
61static inline bool fw_sysfs_done(struct fw_priv *fw_priv)
62{
63 return __fw_state_check(fw_priv, FW_STATUS_DONE);
64}
65
66static inline bool fw_sysfs_loading(struct fw_priv *fw_priv)
67{
68 return __fw_state_check(fw_priv, FW_STATUS_LOADING);
69}
70
71static inline int fw_sysfs_wait_timeout(struct fw_priv *fw_priv, long timeout)
72{
73 return __fw_state_wait_common(fw_priv, timeout);
74}
75
76struct fw_sysfs {
77 bool nowait;
78 struct device dev;
79 struct fw_priv *fw_priv;
80 struct firmware *fw;
81};
82
83static struct fw_sysfs *to_fw_sysfs(struct device *dev)
84{
85 return container_of(dev, struct fw_sysfs, dev);
86}
87
88static void __fw_load_abort(struct fw_priv *fw_priv)
89{
90 /*
91 * There is a small window in which user can write to 'loading'
92 * between loading done/aborted and disappearance of 'loading'
93 */
94 if (fw_state_is_aborted(fw_priv) || fw_sysfs_done(fw_priv))
95 return;
96
97 fw_state_aborted(fw_priv);
98}
99
100static void fw_load_abort(struct fw_sysfs *fw_sysfs)
101{
102 struct fw_priv *fw_priv = fw_sysfs->fw_priv;
103
104 __fw_load_abort(fw_priv);
105}
106
107static LIST_HEAD(pending_fw_head);
108
109void kill_pending_fw_fallback_reqs(bool only_kill_custom)
110{
111 struct fw_priv *fw_priv;
112 struct fw_priv *next;
113
114 mutex_lock(&fw_lock);
115 list_for_each_entry_safe(fw_priv, next, &pending_fw_head,
116 pending_list) {
117 if (!fw_priv->need_uevent || !only_kill_custom)
118 __fw_load_abort(fw_priv);
119 }
120 mutex_unlock(&fw_lock);
121}
122
123static ssize_t timeout_show(struct class *class, struct class_attribute *attr,
124 char *buf)
125{
126 return sysfs_emit(buf, "%d\n", __firmware_loading_timeout());
127}
128
129/**
130 * timeout_store() - set number of seconds to wait for firmware
131 * @class: device class pointer
132 * @attr: device attribute pointer
133 * @buf: buffer to scan for timeout value
134 * @count: number of bytes in @buf
135 *
136 * Sets the number of seconds to wait for the firmware. Once
137 * this expires an error will be returned to the driver and no
138 * firmware will be provided.
139 *
140 * Note: zero means 'wait forever'.
141 **/
142static ssize_t timeout_store(struct class *class, struct class_attribute *attr,
143 const char *buf, size_t count)
144{
145 int tmp_loading_timeout = simple_strtol(buf, NULL, 10);
146
147 if (tmp_loading_timeout < 0)
148 tmp_loading_timeout = 0;
149
150 __fw_fallback_set_timeout(tmp_loading_timeout);
151
152 return count;
153}
154static CLASS_ATTR_RW(timeout);
155
156static struct attribute *firmware_class_attrs[] = {
157 &class_attr_timeout.attr,
158 NULL,
159};
160ATTRIBUTE_GROUPS(firmware_class);
161
162static void fw_dev_release(struct device *dev)
163{
164 struct fw_sysfs *fw_sysfs = to_fw_sysfs(dev);
165
166 kfree(fw_sysfs);
167}
168
169static int do_firmware_uevent(struct fw_sysfs *fw_sysfs, struct kobj_uevent_env *env)
170{
171 if (add_uevent_var(env, "FIRMWARE=%s", fw_sysfs->fw_priv->fw_name))
172 return -ENOMEM;
173 if (add_uevent_var(env, "TIMEOUT=%i", __firmware_loading_timeout()))
174 return -ENOMEM;
175 if (add_uevent_var(env, "ASYNC=%d", fw_sysfs->nowait))
176 return -ENOMEM;
177
178 return 0;
179}
180
181static int firmware_uevent(struct device *dev, struct kobj_uevent_env *env)
182{
183 struct fw_sysfs *fw_sysfs = to_fw_sysfs(dev);
184 int err = 0;
185
186 mutex_lock(&fw_lock);
187 if (fw_sysfs->fw_priv)
188 err = do_firmware_uevent(fw_sysfs, env);
189 mutex_unlock(&fw_lock);
190 return err;
191}
192
193static struct class firmware_class = {
194 .name = "firmware",
195 .class_groups = firmware_class_groups,
196 .dev_uevent = firmware_uevent,
197 .dev_release = fw_dev_release,
198};
199
200int register_sysfs_loader(void)
201{
202 return class_register(&firmware_class);
203}
204
205void unregister_sysfs_loader(void)
206{
207 class_unregister(&firmware_class);
208}
209
210static ssize_t firmware_loading_show(struct device *dev,
211 struct device_attribute *attr, char *buf)
212{
213 struct fw_sysfs *fw_sysfs = to_fw_sysfs(dev);
214 int loading = 0;
215
216 mutex_lock(&fw_lock);
217 if (fw_sysfs->fw_priv)
218 loading = fw_sysfs_loading(fw_sysfs->fw_priv);
219 mutex_unlock(&fw_lock);
220
221 return sysfs_emit(buf, "%d\n", loading);
222}
223
224/**
225 * firmware_loading_store() - set value in the 'loading' control file
226 * @dev: device pointer
227 * @attr: device attribute pointer
228 * @buf: buffer to scan for loading control value
229 * @count: number of bytes in @buf
230 *
231 * The relevant values are:
232 *
233 * 1: Start a load, discarding any previous partial load.
234 * 0: Conclude the load and hand the data to the driver code.
235 * -1: Conclude the load with an error and discard any written data.
236 **/
237static ssize_t firmware_loading_store(struct device *dev,
238 struct device_attribute *attr,
239 const char *buf, size_t count)
240{
241 struct fw_sysfs *fw_sysfs = to_fw_sysfs(dev);
242 struct fw_priv *fw_priv;
243 ssize_t written = count;
244 int loading = simple_strtol(buf, NULL, 10);
245
246 mutex_lock(&fw_lock);
247 fw_priv = fw_sysfs->fw_priv;
248 if (fw_state_is_aborted(fw_priv))
249 goto out;
250
251 switch (loading) {
252 case 1:
253 /* discarding any previous partial load */
254 if (!fw_sysfs_done(fw_priv)) {
255 fw_free_paged_buf(fw_priv);
256 fw_state_start(fw_priv);
257 }
258 break;
259 case 0:
260 if (fw_sysfs_loading(fw_priv)) {
261 int rc;
262
263 /*
264 * Several loading requests may be pending on
265 * one same firmware buf, so let all requests
266 * see the mapped 'buf->data' once the loading
267 * is completed.
268 * */
269 rc = fw_map_paged_buf(fw_priv);
270 if (rc)
271 dev_err(dev, "%s: map pages failed\n",
272 __func__);
273 else
274 rc = security_kernel_post_load_data(fw_priv->data,
275 fw_priv->size,
276 LOADING_FIRMWARE, "blob");
277
278 /*
279 * Same logic as fw_load_abort, only the DONE bit
280 * is ignored and we set ABORT only on failure.
281 */
282 if (rc) {
283 fw_state_aborted(fw_priv);
284 written = rc;
285 } else {
286 fw_state_done(fw_priv);
287 }
288 break;
289 }
290 fallthrough;
291 default:
292 dev_err(dev, "%s: unexpected value (%d)\n", __func__, loading);
293 fallthrough;
294 case -1:
295 fw_load_abort(fw_sysfs);
296 break;
297 }
298out:
299 mutex_unlock(&fw_lock);
300 return written;
301}
302
303static DEVICE_ATTR(loading, 0644, firmware_loading_show, firmware_loading_store);
304
305static void firmware_rw_data(struct fw_priv *fw_priv, char *buffer,
306 loff_t offset, size_t count, bool read)
307{
308 if (read)
309 memcpy(buffer, fw_priv->data + offset, count);
310 else
311 memcpy(fw_priv->data + offset, buffer, count);
312}
313
314static void firmware_rw(struct fw_priv *fw_priv, char *buffer,
315 loff_t offset, size_t count, bool read)
316{
317 while (count) {
318 void *page_data;
319 int page_nr = offset >> PAGE_SHIFT;
320 int page_ofs = offset & (PAGE_SIZE-1);
321 int page_cnt = min_t(size_t, PAGE_SIZE - page_ofs, count);
322
323 page_data = kmap(fw_priv->pages[page_nr]);
324
325 if (read)
326 memcpy(buffer, page_data + page_ofs, page_cnt);
327 else
328 memcpy(page_data + page_ofs, buffer, page_cnt);
329
330 kunmap(fw_priv->pages[page_nr]);
331 buffer += page_cnt;
332 offset += page_cnt;
333 count -= page_cnt;
334 }
335}
336
337static ssize_t firmware_data_read(struct file *filp, struct kobject *kobj,
338 struct bin_attribute *bin_attr,
339 char *buffer, loff_t offset, size_t count)
340{
341 struct device *dev = kobj_to_dev(kobj);
342 struct fw_sysfs *fw_sysfs = to_fw_sysfs(dev);
343 struct fw_priv *fw_priv;
344 ssize_t ret_count;
345
346 mutex_lock(&fw_lock);
347 fw_priv = fw_sysfs->fw_priv;
348 if (!fw_priv || fw_sysfs_done(fw_priv)) {
349 ret_count = -ENODEV;
350 goto out;
351 }
352 if (offset > fw_priv->size) {
353 ret_count = 0;
354 goto out;
355 }
356 if (count > fw_priv->size - offset)
357 count = fw_priv->size - offset;
358
359 ret_count = count;
360
361 if (fw_priv->data)
362 firmware_rw_data(fw_priv, buffer, offset, count, true);
363 else
364 firmware_rw(fw_priv, buffer, offset, count, true);
365
366out:
367 mutex_unlock(&fw_lock);
368 return ret_count;
369}
370
371static int fw_realloc_pages(struct fw_sysfs *fw_sysfs, int min_size)
372{
373 int err;
374
375 err = fw_grow_paged_buf(fw_sysfs->fw_priv,
376 PAGE_ALIGN(min_size) >> PAGE_SHIFT);
377 if (err)
378 fw_load_abort(fw_sysfs);
379 return err;
380}
381
382/**
383 * firmware_data_write() - write method for firmware
384 * @filp: open sysfs file
385 * @kobj: kobject for the device
386 * @bin_attr: bin_attr structure
387 * @buffer: buffer being written
388 * @offset: buffer offset for write in total data store area
389 * @count: buffer size
390 *
391 * Data written to the 'data' attribute will be later handed to
392 * the driver as a firmware image.
393 **/
394static ssize_t firmware_data_write(struct file *filp, struct kobject *kobj,
395 struct bin_attribute *bin_attr,
396 char *buffer, loff_t offset, size_t count)
397{
398 struct device *dev = kobj_to_dev(kobj);
399 struct fw_sysfs *fw_sysfs = to_fw_sysfs(dev);
400 struct fw_priv *fw_priv;
401 ssize_t retval;
402
403 if (!capable(CAP_SYS_RAWIO))
404 return -EPERM;
405
406 mutex_lock(&fw_lock);
407 fw_priv = fw_sysfs->fw_priv;
408 if (!fw_priv || fw_sysfs_done(fw_priv)) {
409 retval = -ENODEV;
410 goto out;
411 }
412
413 if (fw_priv->data) {
414 if (offset + count > fw_priv->allocated_size) {
415 retval = -ENOMEM;
416 goto out;
417 }
418 firmware_rw_data(fw_priv, buffer, offset, count, false);
419 retval = count;
420 } else {
421 retval = fw_realloc_pages(fw_sysfs, offset + count);
422 if (retval)
423 goto out;
424
425 retval = count;
426 firmware_rw(fw_priv, buffer, offset, count, false);
427 }
428
429 fw_priv->size = max_t(size_t, offset + count, fw_priv->size);
430out:
431 mutex_unlock(&fw_lock);
432 return retval;
433}
434
435static struct bin_attribute firmware_attr_data = {
436 .attr = { .name = "data", .mode = 0644 },
437 .size = 0,
438 .read = firmware_data_read,
439 .write = firmware_data_write,
440};
441
442static struct attribute *fw_dev_attrs[] = {
443 &dev_attr_loading.attr,
444 NULL
445};
446
447static struct bin_attribute *fw_dev_bin_attrs[] = {
448 &firmware_attr_data,
449 NULL
450};
451
452static const struct attribute_group fw_dev_attr_group = {
453 .attrs = fw_dev_attrs,
454 .bin_attrs = fw_dev_bin_attrs,
455};
456
457static const struct attribute_group *fw_dev_attr_groups[] = {
458 &fw_dev_attr_group,
459 NULL
460};
461
462static struct fw_sysfs *
463fw_create_instance(struct firmware *firmware, const char *fw_name,
464 struct device *device, u32 opt_flags)
465{
466 struct fw_sysfs *fw_sysfs;
467 struct device *f_dev;
468
469 fw_sysfs = kzalloc(sizeof(*fw_sysfs), GFP_KERNEL);
470 if (!fw_sysfs) {
471 fw_sysfs = ERR_PTR(-ENOMEM);
472 goto exit;
473 }
474
475 fw_sysfs->nowait = !!(opt_flags & FW_OPT_NOWAIT);
476 fw_sysfs->fw = firmware;
477 f_dev = &fw_sysfs->dev;
478
479 device_initialize(f_dev);
480 dev_set_name(f_dev, "%s", fw_name);
481 f_dev->parent = device;
482 f_dev->class = &firmware_class;
483 f_dev->groups = fw_dev_attr_groups;
484exit:
485 return fw_sysfs;
486}
487
488/**
489 * fw_load_sysfs_fallback() - load a firmware via the sysfs fallback mechanism
490 * @fw_sysfs: firmware sysfs information for the firmware to load
491 * @timeout: timeout to wait for the load
492 *
493 * In charge of constructing a sysfs fallback interface for firmware loading.
494 **/
495static int fw_load_sysfs_fallback(struct fw_sysfs *fw_sysfs, long timeout)
496{
497 int retval = 0;
498 struct device *f_dev = &fw_sysfs->dev;
499 struct fw_priv *fw_priv = fw_sysfs->fw_priv;
500
501 /* fall back on userspace loading */
502 if (!fw_priv->data)
503 fw_priv->is_paged_buf = true;
504
505 dev_set_uevent_suppress(f_dev, true);
506
507 retval = device_add(f_dev);
508 if (retval) {
509 dev_err(f_dev, "%s: device_register failed\n", __func__);
510 goto err_put_dev;
511 }
512
513 mutex_lock(&fw_lock);
514 if (fw_state_is_aborted(fw_priv)) {
515 mutex_unlock(&fw_lock);
516 retval = -EINTR;
517 goto out;
518 }
519 list_add(&fw_priv->pending_list, &pending_fw_head);
520 mutex_unlock(&fw_lock);
521
522 if (fw_priv->opt_flags & FW_OPT_UEVENT) {
523 fw_priv->need_uevent = true;
524 dev_set_uevent_suppress(f_dev, false);
525 dev_dbg(f_dev, "firmware: requesting %s\n", fw_priv->fw_name);
526 kobject_uevent(&fw_sysfs->dev.kobj, KOBJ_ADD);
527 } else {
528 timeout = MAX_JIFFY_OFFSET;
529 }
530
531 retval = fw_sysfs_wait_timeout(fw_priv, timeout);
532 if (retval < 0 && retval != -ENOENT) {
533 mutex_lock(&fw_lock);
534 fw_load_abort(fw_sysfs);
535 mutex_unlock(&fw_lock);
536 }
537
538 if (fw_state_is_aborted(fw_priv)) {
539 if (retval == -ERESTARTSYS)
540 retval = -EINTR;
541 } else if (fw_priv->is_paged_buf && !fw_priv->data)
542 retval = -ENOMEM;
543
544out:
545 device_del(f_dev);
546err_put_dev:
547 put_device(f_dev);
548 return retval;
549}
550
551static int fw_load_from_user_helper(struct firmware *firmware,
552 const char *name, struct device *device,
553 u32 opt_flags)
554{
555 struct fw_sysfs *fw_sysfs;
556 long timeout;
557 int ret;
558
559 timeout = firmware_loading_timeout();
560 if (opt_flags & FW_OPT_NOWAIT) {
561 timeout = usermodehelper_read_lock_wait(timeout);
562 if (!timeout) {
563 dev_dbg(device, "firmware: %s loading timed out\n",
564 name);
565 return -EBUSY;
566 }
567 } else {
568 ret = usermodehelper_read_trylock();
569 if (WARN_ON(ret)) {
570 dev_err(device, "firmware: %s will not be loaded\n",
571 name);
572 return ret;
573 }
574 }
575
576 fw_sysfs = fw_create_instance(firmware, name, device, opt_flags);
577 if (IS_ERR(fw_sysfs)) {
578 ret = PTR_ERR(fw_sysfs);
579 goto out_unlock;
580 }
581
582 fw_sysfs->fw_priv = firmware->priv;
583 ret = fw_load_sysfs_fallback(fw_sysfs, timeout);
584
585 if (!ret)
586 ret = assign_fw(firmware, device);
587
588out_unlock:
589 usermodehelper_read_unlock();
590
591 return ret;
592}
593
594static bool fw_force_sysfs_fallback(u32 opt_flags)
595{
596 if (fw_fallback_config.force_sysfs_fallback)
597 return true;
598 if (!(opt_flags & FW_OPT_USERHELPER))
599 return false;
600 return true;
601}
602
603static bool fw_run_sysfs_fallback(u32 opt_flags)
604{
605 int ret;
606
607 if (fw_fallback_config.ignore_sysfs_fallback) {
608 pr_info_once("Ignoring firmware sysfs fallback due to sysctl knob\n");
609 return false;
610 }
611
612 if ((opt_flags & FW_OPT_NOFALLBACK_SYSFS))
613 return false;
614
615 /* Also permit LSMs and IMA to fail firmware sysfs fallback */
616 ret = security_kernel_load_data(LOADING_FIRMWARE, true);
617 if (ret < 0)
618 return false;
619
620 return fw_force_sysfs_fallback(opt_flags);
621}
622
623/**
624 * firmware_fallback_sysfs() - use the fallback mechanism to find firmware
625 * @fw: pointer to firmware image
626 * @name: name of firmware file to look for
627 * @device: device for which firmware is being loaded
628 * @opt_flags: options to control firmware loading behaviour, as defined by
629 * &enum fw_opt
630 * @ret: return value from direct lookup which triggered the fallback mechanism
631 *
632 * This function is called if direct lookup for the firmware failed, it enables
633 * a fallback mechanism through userspace by exposing a sysfs loading
634 * interface. Userspace is in charge of loading the firmware through the sysfs
635 * loading interface. This sysfs fallback mechanism may be disabled completely
636 * on a system by setting the proc sysctl value ignore_sysfs_fallback to true.
637 * If this is false we check if the internal API caller set the
638 * @FW_OPT_NOFALLBACK_SYSFS flag, if so it would also disable the fallback
639 * mechanism. A system may want to enforce the sysfs fallback mechanism at all
640 * times, it can do this by setting ignore_sysfs_fallback to false and
641 * force_sysfs_fallback to true.
642 * Enabling force_sysfs_fallback is functionally equivalent to build a kernel
643 * with CONFIG_FW_LOADER_USER_HELPER_FALLBACK.
644 **/
645int firmware_fallback_sysfs(struct firmware *fw, const char *name,
646 struct device *device,
647 u32 opt_flags,
648 int ret)
649{
650 if (!fw_run_sysfs_fallback(opt_flags))
651 return ret;
652
653 if (!(opt_flags & FW_OPT_NO_WARN))
654 dev_warn(device, "Falling back to sysfs fallback for: %s\n",
655 name);
656 else
657 dev_dbg(device, "Falling back to sysfs fallback for: %s\n",
658 name);
659 return fw_load_from_user_helper(fw, name, device, opt_flags);
660}
1// SPDX-License-Identifier: GPL-2.0
2
3#include <linux/types.h>
4#include <linux/kconfig.h>
5#include <linux/list.h>
6#include <linux/slab.h>
7#include <linux/security.h>
8#include <linux/highmem.h>
9#include <linux/umh.h>
10#include <linux/sysctl.h>
11#include <linux/vmalloc.h>
12
13#include "fallback.h"
14#include "firmware.h"
15
16/*
17 * firmware fallback mechanism
18 */
19
20extern struct firmware_fallback_config fw_fallback_config;
21
22/* These getters are vetted to use int properly */
23static inline int __firmware_loading_timeout(void)
24{
25 return fw_fallback_config.loading_timeout;
26}
27
28/* These setters are vetted to use int properly */
29static void __fw_fallback_set_timeout(int timeout)
30{
31 fw_fallback_config.loading_timeout = timeout;
32}
33
34/*
35 * use small loading timeout for caching devices' firmware because all these
36 * firmware images have been loaded successfully at lease once, also system is
37 * ready for completing firmware loading now. The maximum size of firmware in
38 * current distributions is about 2M bytes, so 10 secs should be enough.
39 */
40void fw_fallback_set_cache_timeout(void)
41{
42 fw_fallback_config.old_timeout = __firmware_loading_timeout();
43 __fw_fallback_set_timeout(10);
44}
45
46/* Restores the timeout to the value last configured during normal operation */
47void fw_fallback_set_default_timeout(void)
48{
49 __fw_fallback_set_timeout(fw_fallback_config.old_timeout);
50}
51
52static long firmware_loading_timeout(void)
53{
54 return __firmware_loading_timeout() > 0 ?
55 __firmware_loading_timeout() * HZ : MAX_JIFFY_OFFSET;
56}
57
58static inline bool fw_sysfs_done(struct fw_priv *fw_priv)
59{
60 return __fw_state_check(fw_priv, FW_STATUS_DONE);
61}
62
63static inline bool fw_sysfs_loading(struct fw_priv *fw_priv)
64{
65 return __fw_state_check(fw_priv, FW_STATUS_LOADING);
66}
67
68static inline int fw_sysfs_wait_timeout(struct fw_priv *fw_priv, long timeout)
69{
70 return __fw_state_wait_common(fw_priv, timeout);
71}
72
73struct fw_sysfs {
74 bool nowait;
75 struct device dev;
76 struct fw_priv *fw_priv;
77 struct firmware *fw;
78};
79
80static struct fw_sysfs *to_fw_sysfs(struct device *dev)
81{
82 return container_of(dev, struct fw_sysfs, dev);
83}
84
85static void __fw_load_abort(struct fw_priv *fw_priv)
86{
87 /*
88 * There is a small window in which user can write to 'loading'
89 * between loading done and disappearance of 'loading'
90 */
91 if (fw_sysfs_done(fw_priv))
92 return;
93
94 list_del_init(&fw_priv->pending_list);
95 fw_state_aborted(fw_priv);
96}
97
98static void fw_load_abort(struct fw_sysfs *fw_sysfs)
99{
100 struct fw_priv *fw_priv = fw_sysfs->fw_priv;
101
102 __fw_load_abort(fw_priv);
103}
104
105static LIST_HEAD(pending_fw_head);
106
107void kill_pending_fw_fallback_reqs(bool only_kill_custom)
108{
109 struct fw_priv *fw_priv;
110 struct fw_priv *next;
111
112 mutex_lock(&fw_lock);
113 list_for_each_entry_safe(fw_priv, next, &pending_fw_head,
114 pending_list) {
115 if (!fw_priv->need_uevent || !only_kill_custom)
116 __fw_load_abort(fw_priv);
117 }
118 mutex_unlock(&fw_lock);
119}
120
121static ssize_t timeout_show(struct class *class, struct class_attribute *attr,
122 char *buf)
123{
124 return sprintf(buf, "%d\n", __firmware_loading_timeout());
125}
126
127/**
128 * firmware_timeout_store() - set number of seconds to wait for firmware
129 * @class: device class pointer
130 * @attr: device attribute pointer
131 * @buf: buffer to scan for timeout value
132 * @count: number of bytes in @buf
133 *
134 * Sets the number of seconds to wait for the firmware. Once
135 * this expires an error will be returned to the driver and no
136 * firmware will be provided.
137 *
138 * Note: zero means 'wait forever'.
139 **/
140static ssize_t timeout_store(struct class *class, struct class_attribute *attr,
141 const char *buf, size_t count)
142{
143 int tmp_loading_timeout = simple_strtol(buf, NULL, 10);
144
145 if (tmp_loading_timeout < 0)
146 tmp_loading_timeout = 0;
147
148 __fw_fallback_set_timeout(tmp_loading_timeout);
149
150 return count;
151}
152static CLASS_ATTR_RW(timeout);
153
154static struct attribute *firmware_class_attrs[] = {
155 &class_attr_timeout.attr,
156 NULL,
157};
158ATTRIBUTE_GROUPS(firmware_class);
159
160static void fw_dev_release(struct device *dev)
161{
162 struct fw_sysfs *fw_sysfs = to_fw_sysfs(dev);
163
164 kfree(fw_sysfs);
165}
166
167static int do_firmware_uevent(struct fw_sysfs *fw_sysfs, struct kobj_uevent_env *env)
168{
169 if (add_uevent_var(env, "FIRMWARE=%s", fw_sysfs->fw_priv->fw_name))
170 return -ENOMEM;
171 if (add_uevent_var(env, "TIMEOUT=%i", __firmware_loading_timeout()))
172 return -ENOMEM;
173 if (add_uevent_var(env, "ASYNC=%d", fw_sysfs->nowait))
174 return -ENOMEM;
175
176 return 0;
177}
178
179static int firmware_uevent(struct device *dev, struct kobj_uevent_env *env)
180{
181 struct fw_sysfs *fw_sysfs = to_fw_sysfs(dev);
182 int err = 0;
183
184 mutex_lock(&fw_lock);
185 if (fw_sysfs->fw_priv)
186 err = do_firmware_uevent(fw_sysfs, env);
187 mutex_unlock(&fw_lock);
188 return err;
189}
190
191static struct class firmware_class = {
192 .name = "firmware",
193 .class_groups = firmware_class_groups,
194 .dev_uevent = firmware_uevent,
195 .dev_release = fw_dev_release,
196};
197
198int register_sysfs_loader(void)
199{
200 return class_register(&firmware_class);
201}
202
203void unregister_sysfs_loader(void)
204{
205 class_unregister(&firmware_class);
206}
207
208static ssize_t firmware_loading_show(struct device *dev,
209 struct device_attribute *attr, char *buf)
210{
211 struct fw_sysfs *fw_sysfs = to_fw_sysfs(dev);
212 int loading = 0;
213
214 mutex_lock(&fw_lock);
215 if (fw_sysfs->fw_priv)
216 loading = fw_sysfs_loading(fw_sysfs->fw_priv);
217 mutex_unlock(&fw_lock);
218
219 return sprintf(buf, "%d\n", loading);
220}
221
222/**
223 * firmware_loading_store() - set value in the 'loading' control file
224 * @dev: device pointer
225 * @attr: device attribute pointer
226 * @buf: buffer to scan for loading control value
227 * @count: number of bytes in @buf
228 *
229 * The relevant values are:
230 *
231 * 1: Start a load, discarding any previous partial load.
232 * 0: Conclude the load and hand the data to the driver code.
233 * -1: Conclude the load with an error and discard any written data.
234 **/
235static ssize_t firmware_loading_store(struct device *dev,
236 struct device_attribute *attr,
237 const char *buf, size_t count)
238{
239 struct fw_sysfs *fw_sysfs = to_fw_sysfs(dev);
240 struct fw_priv *fw_priv;
241 ssize_t written = count;
242 int loading = simple_strtol(buf, NULL, 10);
243
244 mutex_lock(&fw_lock);
245 fw_priv = fw_sysfs->fw_priv;
246 if (fw_state_is_aborted(fw_priv))
247 goto out;
248
249 switch (loading) {
250 case 1:
251 /* discarding any previous partial load */
252 if (!fw_sysfs_done(fw_priv)) {
253 fw_free_paged_buf(fw_priv);
254 fw_state_start(fw_priv);
255 }
256 break;
257 case 0:
258 if (fw_sysfs_loading(fw_priv)) {
259 int rc;
260
261 /*
262 * Several loading requests may be pending on
263 * one same firmware buf, so let all requests
264 * see the mapped 'buf->data' once the loading
265 * is completed.
266 * */
267 rc = fw_map_paged_buf(fw_priv);
268 if (rc)
269 dev_err(dev, "%s: map pages failed\n",
270 __func__);
271 else
272 rc = security_kernel_post_read_file(NULL,
273 fw_priv->data, fw_priv->size,
274 READING_FIRMWARE);
275
276 /*
277 * Same logic as fw_load_abort, only the DONE bit
278 * is ignored and we set ABORT only on failure.
279 */
280 list_del_init(&fw_priv->pending_list);
281 if (rc) {
282 fw_state_aborted(fw_priv);
283 written = rc;
284 } else {
285 fw_state_done(fw_priv);
286 }
287 break;
288 }
289 /* fallthrough */
290 default:
291 dev_err(dev, "%s: unexpected value (%d)\n", __func__, loading);
292 /* fallthrough */
293 case -1:
294 fw_load_abort(fw_sysfs);
295 break;
296 }
297out:
298 mutex_unlock(&fw_lock);
299 return written;
300}
301
302static DEVICE_ATTR(loading, 0644, firmware_loading_show, firmware_loading_store);
303
304static void firmware_rw_data(struct fw_priv *fw_priv, char *buffer,
305 loff_t offset, size_t count, bool read)
306{
307 if (read)
308 memcpy(buffer, fw_priv->data + offset, count);
309 else
310 memcpy(fw_priv->data + offset, buffer, count);
311}
312
313static void firmware_rw(struct fw_priv *fw_priv, char *buffer,
314 loff_t offset, size_t count, bool read)
315{
316 while (count) {
317 void *page_data;
318 int page_nr = offset >> PAGE_SHIFT;
319 int page_ofs = offset & (PAGE_SIZE-1);
320 int page_cnt = min_t(size_t, PAGE_SIZE - page_ofs, count);
321
322 page_data = kmap(fw_priv->pages[page_nr]);
323
324 if (read)
325 memcpy(buffer, page_data + page_ofs, page_cnt);
326 else
327 memcpy(page_data + page_ofs, buffer, page_cnt);
328
329 kunmap(fw_priv->pages[page_nr]);
330 buffer += page_cnt;
331 offset += page_cnt;
332 count -= page_cnt;
333 }
334}
335
336static ssize_t firmware_data_read(struct file *filp, struct kobject *kobj,
337 struct bin_attribute *bin_attr,
338 char *buffer, loff_t offset, size_t count)
339{
340 struct device *dev = kobj_to_dev(kobj);
341 struct fw_sysfs *fw_sysfs = to_fw_sysfs(dev);
342 struct fw_priv *fw_priv;
343 ssize_t ret_count;
344
345 mutex_lock(&fw_lock);
346 fw_priv = fw_sysfs->fw_priv;
347 if (!fw_priv || fw_sysfs_done(fw_priv)) {
348 ret_count = -ENODEV;
349 goto out;
350 }
351 if (offset > fw_priv->size) {
352 ret_count = 0;
353 goto out;
354 }
355 if (count > fw_priv->size - offset)
356 count = fw_priv->size - offset;
357
358 ret_count = count;
359
360 if (fw_priv->data)
361 firmware_rw_data(fw_priv, buffer, offset, count, true);
362 else
363 firmware_rw(fw_priv, buffer, offset, count, true);
364
365out:
366 mutex_unlock(&fw_lock);
367 return ret_count;
368}
369
370static int fw_realloc_pages(struct fw_sysfs *fw_sysfs, int min_size)
371{
372 int err;
373
374 err = fw_grow_paged_buf(fw_sysfs->fw_priv,
375 PAGE_ALIGN(min_size) >> PAGE_SHIFT);
376 if (err)
377 fw_load_abort(fw_sysfs);
378 return err;
379}
380
381/**
382 * firmware_data_write() - write method for firmware
383 * @filp: open sysfs file
384 * @kobj: kobject for the device
385 * @bin_attr: bin_attr structure
386 * @buffer: buffer being written
387 * @offset: buffer offset for write in total data store area
388 * @count: buffer size
389 *
390 * Data written to the 'data' attribute will be later handed to
391 * the driver as a firmware image.
392 **/
393static ssize_t firmware_data_write(struct file *filp, struct kobject *kobj,
394 struct bin_attribute *bin_attr,
395 char *buffer, loff_t offset, size_t count)
396{
397 struct device *dev = kobj_to_dev(kobj);
398 struct fw_sysfs *fw_sysfs = to_fw_sysfs(dev);
399 struct fw_priv *fw_priv;
400 ssize_t retval;
401
402 if (!capable(CAP_SYS_RAWIO))
403 return -EPERM;
404
405 mutex_lock(&fw_lock);
406 fw_priv = fw_sysfs->fw_priv;
407 if (!fw_priv || fw_sysfs_done(fw_priv)) {
408 retval = -ENODEV;
409 goto out;
410 }
411
412 if (fw_priv->data) {
413 if (offset + count > fw_priv->allocated_size) {
414 retval = -ENOMEM;
415 goto out;
416 }
417 firmware_rw_data(fw_priv, buffer, offset, count, false);
418 retval = count;
419 } else {
420 retval = fw_realloc_pages(fw_sysfs, offset + count);
421 if (retval)
422 goto out;
423
424 retval = count;
425 firmware_rw(fw_priv, buffer, offset, count, false);
426 }
427
428 fw_priv->size = max_t(size_t, offset + count, fw_priv->size);
429out:
430 mutex_unlock(&fw_lock);
431 return retval;
432}
433
434static struct bin_attribute firmware_attr_data = {
435 .attr = { .name = "data", .mode = 0644 },
436 .size = 0,
437 .read = firmware_data_read,
438 .write = firmware_data_write,
439};
440
441static struct attribute *fw_dev_attrs[] = {
442 &dev_attr_loading.attr,
443 NULL
444};
445
446static struct bin_attribute *fw_dev_bin_attrs[] = {
447 &firmware_attr_data,
448 NULL
449};
450
451static const struct attribute_group fw_dev_attr_group = {
452 .attrs = fw_dev_attrs,
453 .bin_attrs = fw_dev_bin_attrs,
454};
455
456static const struct attribute_group *fw_dev_attr_groups[] = {
457 &fw_dev_attr_group,
458 NULL
459};
460
461static struct fw_sysfs *
462fw_create_instance(struct firmware *firmware, const char *fw_name,
463 struct device *device, enum fw_opt opt_flags)
464{
465 struct fw_sysfs *fw_sysfs;
466 struct device *f_dev;
467
468 fw_sysfs = kzalloc(sizeof(*fw_sysfs), GFP_KERNEL);
469 if (!fw_sysfs) {
470 fw_sysfs = ERR_PTR(-ENOMEM);
471 goto exit;
472 }
473
474 fw_sysfs->nowait = !!(opt_flags & FW_OPT_NOWAIT);
475 fw_sysfs->fw = firmware;
476 f_dev = &fw_sysfs->dev;
477
478 device_initialize(f_dev);
479 dev_set_name(f_dev, "%s", fw_name);
480 f_dev->parent = device;
481 f_dev->class = &firmware_class;
482 f_dev->groups = fw_dev_attr_groups;
483exit:
484 return fw_sysfs;
485}
486
487/**
488 * fw_load_sysfs_fallback() - load a firmware via the sysfs fallback mechanism
489 * @fw_sysfs: firmware sysfs information for the firmware to load
490 * @opt_flags: flags of options, FW_OPT_*
491 * @timeout: timeout to wait for the load
492 *
493 * In charge of constructing a sysfs fallback interface for firmware loading.
494 **/
495static int fw_load_sysfs_fallback(struct fw_sysfs *fw_sysfs,
496 enum fw_opt opt_flags, long timeout)
497{
498 int retval = 0;
499 struct device *f_dev = &fw_sysfs->dev;
500 struct fw_priv *fw_priv = fw_sysfs->fw_priv;
501
502 /* fall back on userspace loading */
503 if (!fw_priv->data)
504 fw_priv->is_paged_buf = true;
505
506 dev_set_uevent_suppress(f_dev, true);
507
508 retval = device_add(f_dev);
509 if (retval) {
510 dev_err(f_dev, "%s: device_register failed\n", __func__);
511 goto err_put_dev;
512 }
513
514 mutex_lock(&fw_lock);
515 list_add(&fw_priv->pending_list, &pending_fw_head);
516 mutex_unlock(&fw_lock);
517
518 if (opt_flags & FW_OPT_UEVENT) {
519 fw_priv->need_uevent = true;
520 dev_set_uevent_suppress(f_dev, false);
521 dev_dbg(f_dev, "firmware: requesting %s\n", fw_priv->fw_name);
522 kobject_uevent(&fw_sysfs->dev.kobj, KOBJ_ADD);
523 } else {
524 timeout = MAX_JIFFY_OFFSET;
525 }
526
527 retval = fw_sysfs_wait_timeout(fw_priv, timeout);
528 if (retval < 0) {
529 mutex_lock(&fw_lock);
530 fw_load_abort(fw_sysfs);
531 mutex_unlock(&fw_lock);
532 }
533
534 if (fw_state_is_aborted(fw_priv)) {
535 if (retval == -ERESTARTSYS)
536 retval = -EINTR;
537 else
538 retval = -EAGAIN;
539 } else if (fw_priv->is_paged_buf && !fw_priv->data)
540 retval = -ENOMEM;
541
542 device_del(f_dev);
543err_put_dev:
544 put_device(f_dev);
545 return retval;
546}
547
548static int fw_load_from_user_helper(struct firmware *firmware,
549 const char *name, struct device *device,
550 enum fw_opt opt_flags)
551{
552 struct fw_sysfs *fw_sysfs;
553 long timeout;
554 int ret;
555
556 timeout = firmware_loading_timeout();
557 if (opt_flags & FW_OPT_NOWAIT) {
558 timeout = usermodehelper_read_lock_wait(timeout);
559 if (!timeout) {
560 dev_dbg(device, "firmware: %s loading timed out\n",
561 name);
562 return -EBUSY;
563 }
564 } else {
565 ret = usermodehelper_read_trylock();
566 if (WARN_ON(ret)) {
567 dev_err(device, "firmware: %s will not be loaded\n",
568 name);
569 return ret;
570 }
571 }
572
573 fw_sysfs = fw_create_instance(firmware, name, device, opt_flags);
574 if (IS_ERR(fw_sysfs)) {
575 ret = PTR_ERR(fw_sysfs);
576 goto out_unlock;
577 }
578
579 fw_sysfs->fw_priv = firmware->priv;
580 ret = fw_load_sysfs_fallback(fw_sysfs, opt_flags, timeout);
581
582 if (!ret)
583 ret = assign_fw(firmware, device, opt_flags);
584
585out_unlock:
586 usermodehelper_read_unlock();
587
588 return ret;
589}
590
591static bool fw_force_sysfs_fallback(enum fw_opt opt_flags)
592{
593 if (fw_fallback_config.force_sysfs_fallback)
594 return true;
595 if (!(opt_flags & FW_OPT_USERHELPER))
596 return false;
597 return true;
598}
599
600static bool fw_run_sysfs_fallback(enum fw_opt opt_flags)
601{
602 int ret;
603
604 if (fw_fallback_config.ignore_sysfs_fallback) {
605 pr_info_once("Ignoring firmware sysfs fallback due to sysctl knob\n");
606 return false;
607 }
608
609 if ((opt_flags & FW_OPT_NOFALLBACK))
610 return false;
611
612 /* Also permit LSMs and IMA to fail firmware sysfs fallback */
613 ret = security_kernel_load_data(LOADING_FIRMWARE);
614 if (ret < 0)
615 return false;
616
617 return fw_force_sysfs_fallback(opt_flags);
618}
619
620/**
621 * firmware_fallback_sysfs() - use the fallback mechanism to find firmware
622 * @fw: pointer to firmware image
623 * @name: name of firmware file to look for
624 * @device: device for which firmware is being loaded
625 * @opt_flags: options to control firmware loading behaviour
626 * @ret: return value from direct lookup which triggered the fallback mechanism
627 *
628 * This function is called if direct lookup for the firmware failed, it enables
629 * a fallback mechanism through userspace by exposing a sysfs loading
630 * interface. Userspace is in charge of loading the firmware through the sysfs
631 * loading interface. This sysfs fallback mechanism may be disabled completely
632 * on a system by setting the proc sysctl value ignore_sysfs_fallback to true.
633 * If this false we check if the internal API caller set the @FW_OPT_NOFALLBACK
634 * flag, if so it would also disable the fallback mechanism. A system may want
635 * to enfoce the sysfs fallback mechanism at all times, it can do this by
636 * setting ignore_sysfs_fallback to false and force_sysfs_fallback to true.
637 * Enabling force_sysfs_fallback is functionally equivalent to build a kernel
638 * with CONFIG_FW_LOADER_USER_HELPER_FALLBACK.
639 **/
640int firmware_fallback_sysfs(struct firmware *fw, const char *name,
641 struct device *device,
642 enum fw_opt opt_flags,
643 int ret)
644{
645 if (!fw_run_sysfs_fallback(opt_flags))
646 return ret;
647
648 if (!(opt_flags & FW_OPT_NO_WARN))
649 dev_warn(device, "Falling back to sysfs fallback for: %s\n",
650 name);
651 else
652 dev_dbg(device, "Falling back to sysfs fallback for: %s\n",
653 name);
654 return fw_load_from_user_helper(fw, name, device, opt_flags);
655}