Loading...
1// SPDX-License-Identifier: GPL-2.0
2
3#include <linux/types.h>
4#include <linux/kconfig.h>
5#include <linux/list.h>
6#include <linux/slab.h>
7#include <linux/security.h>
8#include <linux/highmem.h>
9#include <linux/umh.h>
10#include <linux/sysctl.h>
11#include <linux/vmalloc.h>
12#include <linux/module.h>
13
14#include "fallback.h"
15#include "firmware.h"
16
17/*
18 * firmware fallback mechanism
19 */
20
21MODULE_IMPORT_NS(FIRMWARE_LOADER_PRIVATE);
22
23extern struct firmware_fallback_config fw_fallback_config;
24
25/* These getters are vetted to use int properly */
26static inline int __firmware_loading_timeout(void)
27{
28 return fw_fallback_config.loading_timeout;
29}
30
31/* These setters are vetted to use int properly */
32static void __fw_fallback_set_timeout(int timeout)
33{
34 fw_fallback_config.loading_timeout = timeout;
35}
36
37/*
38 * use small loading timeout for caching devices' firmware because all these
39 * firmware images have been loaded successfully at lease once, also system is
40 * ready for completing firmware loading now. The maximum size of firmware in
41 * current distributions is about 2M bytes, so 10 secs should be enough.
42 */
43void fw_fallback_set_cache_timeout(void)
44{
45 fw_fallback_config.old_timeout = __firmware_loading_timeout();
46 __fw_fallback_set_timeout(10);
47}
48
49/* Restores the timeout to the value last configured during normal operation */
50void fw_fallback_set_default_timeout(void)
51{
52 __fw_fallback_set_timeout(fw_fallback_config.old_timeout);
53}
54
55static long firmware_loading_timeout(void)
56{
57 return __firmware_loading_timeout() > 0 ?
58 __firmware_loading_timeout() * HZ : MAX_JIFFY_OFFSET;
59}
60
61static inline bool fw_sysfs_done(struct fw_priv *fw_priv)
62{
63 return __fw_state_check(fw_priv, FW_STATUS_DONE);
64}
65
66static inline bool fw_sysfs_loading(struct fw_priv *fw_priv)
67{
68 return __fw_state_check(fw_priv, FW_STATUS_LOADING);
69}
70
71static inline int fw_sysfs_wait_timeout(struct fw_priv *fw_priv, long timeout)
72{
73 return __fw_state_wait_common(fw_priv, timeout);
74}
75
76struct fw_sysfs {
77 bool nowait;
78 struct device dev;
79 struct fw_priv *fw_priv;
80 struct firmware *fw;
81};
82
83static struct fw_sysfs *to_fw_sysfs(struct device *dev)
84{
85 return container_of(dev, struct fw_sysfs, dev);
86}
87
88static void __fw_load_abort(struct fw_priv *fw_priv)
89{
90 /*
91 * There is a small window in which user can write to 'loading'
92 * between loading done and disappearance of 'loading'
93 */
94 if (fw_sysfs_done(fw_priv))
95 return;
96
97 list_del_init(&fw_priv->pending_list);
98 fw_state_aborted(fw_priv);
99}
100
101static void fw_load_abort(struct fw_sysfs *fw_sysfs)
102{
103 struct fw_priv *fw_priv = fw_sysfs->fw_priv;
104
105 __fw_load_abort(fw_priv);
106}
107
108static LIST_HEAD(pending_fw_head);
109
110void kill_pending_fw_fallback_reqs(bool only_kill_custom)
111{
112 struct fw_priv *fw_priv;
113 struct fw_priv *next;
114
115 mutex_lock(&fw_lock);
116 list_for_each_entry_safe(fw_priv, next, &pending_fw_head,
117 pending_list) {
118 if (!fw_priv->need_uevent || !only_kill_custom)
119 __fw_load_abort(fw_priv);
120 }
121 mutex_unlock(&fw_lock);
122}
123
124static ssize_t timeout_show(struct class *class, struct class_attribute *attr,
125 char *buf)
126{
127 return sprintf(buf, "%d\n", __firmware_loading_timeout());
128}
129
130/**
131 * firmware_timeout_store() - set number of seconds to wait for firmware
132 * @class: device class pointer
133 * @attr: device attribute pointer
134 * @buf: buffer to scan for timeout value
135 * @count: number of bytes in @buf
136 *
137 * Sets the number of seconds to wait for the firmware. Once
138 * this expires an error will be returned to the driver and no
139 * firmware will be provided.
140 *
141 * Note: zero means 'wait forever'.
142 **/
143static ssize_t timeout_store(struct class *class, struct class_attribute *attr,
144 const char *buf, size_t count)
145{
146 int tmp_loading_timeout = simple_strtol(buf, NULL, 10);
147
148 if (tmp_loading_timeout < 0)
149 tmp_loading_timeout = 0;
150
151 __fw_fallback_set_timeout(tmp_loading_timeout);
152
153 return count;
154}
155static CLASS_ATTR_RW(timeout);
156
157static struct attribute *firmware_class_attrs[] = {
158 &class_attr_timeout.attr,
159 NULL,
160};
161ATTRIBUTE_GROUPS(firmware_class);
162
163static void fw_dev_release(struct device *dev)
164{
165 struct fw_sysfs *fw_sysfs = to_fw_sysfs(dev);
166
167 kfree(fw_sysfs);
168}
169
170static int do_firmware_uevent(struct fw_sysfs *fw_sysfs, struct kobj_uevent_env *env)
171{
172 if (add_uevent_var(env, "FIRMWARE=%s", fw_sysfs->fw_priv->fw_name))
173 return -ENOMEM;
174 if (add_uevent_var(env, "TIMEOUT=%i", __firmware_loading_timeout()))
175 return -ENOMEM;
176 if (add_uevent_var(env, "ASYNC=%d", fw_sysfs->nowait))
177 return -ENOMEM;
178
179 return 0;
180}
181
182static int firmware_uevent(struct device *dev, struct kobj_uevent_env *env)
183{
184 struct fw_sysfs *fw_sysfs = to_fw_sysfs(dev);
185 int err = 0;
186
187 mutex_lock(&fw_lock);
188 if (fw_sysfs->fw_priv)
189 err = do_firmware_uevent(fw_sysfs, env);
190 mutex_unlock(&fw_lock);
191 return err;
192}
193
194static struct class firmware_class = {
195 .name = "firmware",
196 .class_groups = firmware_class_groups,
197 .dev_uevent = firmware_uevent,
198 .dev_release = fw_dev_release,
199};
200
201int register_sysfs_loader(void)
202{
203 return class_register(&firmware_class);
204}
205
206void unregister_sysfs_loader(void)
207{
208 class_unregister(&firmware_class);
209}
210
211static ssize_t firmware_loading_show(struct device *dev,
212 struct device_attribute *attr, char *buf)
213{
214 struct fw_sysfs *fw_sysfs = to_fw_sysfs(dev);
215 int loading = 0;
216
217 mutex_lock(&fw_lock);
218 if (fw_sysfs->fw_priv)
219 loading = fw_sysfs_loading(fw_sysfs->fw_priv);
220 mutex_unlock(&fw_lock);
221
222 return sprintf(buf, "%d\n", loading);
223}
224
225/**
226 * firmware_loading_store() - set value in the 'loading' control file
227 * @dev: device pointer
228 * @attr: device attribute pointer
229 * @buf: buffer to scan for loading control value
230 * @count: number of bytes in @buf
231 *
232 * The relevant values are:
233 *
234 * 1: Start a load, discarding any previous partial load.
235 * 0: Conclude the load and hand the data to the driver code.
236 * -1: Conclude the load with an error and discard any written data.
237 **/
238static ssize_t firmware_loading_store(struct device *dev,
239 struct device_attribute *attr,
240 const char *buf, size_t count)
241{
242 struct fw_sysfs *fw_sysfs = to_fw_sysfs(dev);
243 struct fw_priv *fw_priv;
244 ssize_t written = count;
245 int loading = simple_strtol(buf, NULL, 10);
246
247 mutex_lock(&fw_lock);
248 fw_priv = fw_sysfs->fw_priv;
249 if (fw_state_is_aborted(fw_priv))
250 goto out;
251
252 switch (loading) {
253 case 1:
254 /* discarding any previous partial load */
255 if (!fw_sysfs_done(fw_priv)) {
256 fw_free_paged_buf(fw_priv);
257 fw_state_start(fw_priv);
258 }
259 break;
260 case 0:
261 if (fw_sysfs_loading(fw_priv)) {
262 int rc;
263
264 /*
265 * Several loading requests may be pending on
266 * one same firmware buf, so let all requests
267 * see the mapped 'buf->data' once the loading
268 * is completed.
269 * */
270 rc = fw_map_paged_buf(fw_priv);
271 if (rc)
272 dev_err(dev, "%s: map pages failed\n",
273 __func__);
274 else
275 rc = security_kernel_post_read_file(NULL,
276 fw_priv->data, fw_priv->size,
277 READING_FIRMWARE);
278
279 /*
280 * Same logic as fw_load_abort, only the DONE bit
281 * is ignored and we set ABORT only on failure.
282 */
283 list_del_init(&fw_priv->pending_list);
284 if (rc) {
285 fw_state_aborted(fw_priv);
286 written = rc;
287 } else {
288 fw_state_done(fw_priv);
289 }
290 break;
291 }
292 fallthrough;
293 default:
294 dev_err(dev, "%s: unexpected value (%d)\n", __func__, loading);
295 fallthrough;
296 case -1:
297 fw_load_abort(fw_sysfs);
298 break;
299 }
300out:
301 mutex_unlock(&fw_lock);
302 return written;
303}
304
305static DEVICE_ATTR(loading, 0644, firmware_loading_show, firmware_loading_store);
306
307static void firmware_rw_data(struct fw_priv *fw_priv, char *buffer,
308 loff_t offset, size_t count, bool read)
309{
310 if (read)
311 memcpy(buffer, fw_priv->data + offset, count);
312 else
313 memcpy(fw_priv->data + offset, buffer, count);
314}
315
316static void firmware_rw(struct fw_priv *fw_priv, char *buffer,
317 loff_t offset, size_t count, bool read)
318{
319 while (count) {
320 void *page_data;
321 int page_nr = offset >> PAGE_SHIFT;
322 int page_ofs = offset & (PAGE_SIZE-1);
323 int page_cnt = min_t(size_t, PAGE_SIZE - page_ofs, count);
324
325 page_data = kmap(fw_priv->pages[page_nr]);
326
327 if (read)
328 memcpy(buffer, page_data + page_ofs, page_cnt);
329 else
330 memcpy(page_data + page_ofs, buffer, page_cnt);
331
332 kunmap(fw_priv->pages[page_nr]);
333 buffer += page_cnt;
334 offset += page_cnt;
335 count -= page_cnt;
336 }
337}
338
339static ssize_t firmware_data_read(struct file *filp, struct kobject *kobj,
340 struct bin_attribute *bin_attr,
341 char *buffer, loff_t offset, size_t count)
342{
343 struct device *dev = kobj_to_dev(kobj);
344 struct fw_sysfs *fw_sysfs = to_fw_sysfs(dev);
345 struct fw_priv *fw_priv;
346 ssize_t ret_count;
347
348 mutex_lock(&fw_lock);
349 fw_priv = fw_sysfs->fw_priv;
350 if (!fw_priv || fw_sysfs_done(fw_priv)) {
351 ret_count = -ENODEV;
352 goto out;
353 }
354 if (offset > fw_priv->size) {
355 ret_count = 0;
356 goto out;
357 }
358 if (count > fw_priv->size - offset)
359 count = fw_priv->size - offset;
360
361 ret_count = count;
362
363 if (fw_priv->data)
364 firmware_rw_data(fw_priv, buffer, offset, count, true);
365 else
366 firmware_rw(fw_priv, buffer, offset, count, true);
367
368out:
369 mutex_unlock(&fw_lock);
370 return ret_count;
371}
372
373static int fw_realloc_pages(struct fw_sysfs *fw_sysfs, int min_size)
374{
375 int err;
376
377 err = fw_grow_paged_buf(fw_sysfs->fw_priv,
378 PAGE_ALIGN(min_size) >> PAGE_SHIFT);
379 if (err)
380 fw_load_abort(fw_sysfs);
381 return err;
382}
383
384/**
385 * firmware_data_write() - write method for firmware
386 * @filp: open sysfs file
387 * @kobj: kobject for the device
388 * @bin_attr: bin_attr structure
389 * @buffer: buffer being written
390 * @offset: buffer offset for write in total data store area
391 * @count: buffer size
392 *
393 * Data written to the 'data' attribute will be later handed to
394 * the driver as a firmware image.
395 **/
396static ssize_t firmware_data_write(struct file *filp, struct kobject *kobj,
397 struct bin_attribute *bin_attr,
398 char *buffer, loff_t offset, size_t count)
399{
400 struct device *dev = kobj_to_dev(kobj);
401 struct fw_sysfs *fw_sysfs = to_fw_sysfs(dev);
402 struct fw_priv *fw_priv;
403 ssize_t retval;
404
405 if (!capable(CAP_SYS_RAWIO))
406 return -EPERM;
407
408 mutex_lock(&fw_lock);
409 fw_priv = fw_sysfs->fw_priv;
410 if (!fw_priv || fw_sysfs_done(fw_priv)) {
411 retval = -ENODEV;
412 goto out;
413 }
414
415 if (fw_priv->data) {
416 if (offset + count > fw_priv->allocated_size) {
417 retval = -ENOMEM;
418 goto out;
419 }
420 firmware_rw_data(fw_priv, buffer, offset, count, false);
421 retval = count;
422 } else {
423 retval = fw_realloc_pages(fw_sysfs, offset + count);
424 if (retval)
425 goto out;
426
427 retval = count;
428 firmware_rw(fw_priv, buffer, offset, count, false);
429 }
430
431 fw_priv->size = max_t(size_t, offset + count, fw_priv->size);
432out:
433 mutex_unlock(&fw_lock);
434 return retval;
435}
436
437static struct bin_attribute firmware_attr_data = {
438 .attr = { .name = "data", .mode = 0644 },
439 .size = 0,
440 .read = firmware_data_read,
441 .write = firmware_data_write,
442};
443
444static struct attribute *fw_dev_attrs[] = {
445 &dev_attr_loading.attr,
446 NULL
447};
448
449static struct bin_attribute *fw_dev_bin_attrs[] = {
450 &firmware_attr_data,
451 NULL
452};
453
454static const struct attribute_group fw_dev_attr_group = {
455 .attrs = fw_dev_attrs,
456 .bin_attrs = fw_dev_bin_attrs,
457};
458
459static const struct attribute_group *fw_dev_attr_groups[] = {
460 &fw_dev_attr_group,
461 NULL
462};
463
464static struct fw_sysfs *
465fw_create_instance(struct firmware *firmware, const char *fw_name,
466 struct device *device, u32 opt_flags)
467{
468 struct fw_sysfs *fw_sysfs;
469 struct device *f_dev;
470
471 fw_sysfs = kzalloc(sizeof(*fw_sysfs), GFP_KERNEL);
472 if (!fw_sysfs) {
473 fw_sysfs = ERR_PTR(-ENOMEM);
474 goto exit;
475 }
476
477 fw_sysfs->nowait = !!(opt_flags & FW_OPT_NOWAIT);
478 fw_sysfs->fw = firmware;
479 f_dev = &fw_sysfs->dev;
480
481 device_initialize(f_dev);
482 dev_set_name(f_dev, "%s", fw_name);
483 f_dev->parent = device;
484 f_dev->class = &firmware_class;
485 f_dev->groups = fw_dev_attr_groups;
486exit:
487 return fw_sysfs;
488}
489
490/**
491 * fw_load_sysfs_fallback() - load a firmware via the sysfs fallback mechanism
492 * @fw_sysfs: firmware sysfs information for the firmware to load
493 * @opt_flags: flags of options, FW_OPT_*
494 * @timeout: timeout to wait for the load
495 *
496 * In charge of constructing a sysfs fallback interface for firmware loading.
497 **/
498static int fw_load_sysfs_fallback(struct fw_sysfs *fw_sysfs,
499 u32 opt_flags, long timeout)
500{
501 int retval = 0;
502 struct device *f_dev = &fw_sysfs->dev;
503 struct fw_priv *fw_priv = fw_sysfs->fw_priv;
504
505 /* fall back on userspace loading */
506 if (!fw_priv->data)
507 fw_priv->is_paged_buf = true;
508
509 dev_set_uevent_suppress(f_dev, true);
510
511 retval = device_add(f_dev);
512 if (retval) {
513 dev_err(f_dev, "%s: device_register failed\n", __func__);
514 goto err_put_dev;
515 }
516
517 mutex_lock(&fw_lock);
518 list_add(&fw_priv->pending_list, &pending_fw_head);
519 mutex_unlock(&fw_lock);
520
521 if (opt_flags & FW_OPT_UEVENT) {
522 fw_priv->need_uevent = true;
523 dev_set_uevent_suppress(f_dev, false);
524 dev_dbg(f_dev, "firmware: requesting %s\n", fw_priv->fw_name);
525 kobject_uevent(&fw_sysfs->dev.kobj, KOBJ_ADD);
526 } else {
527 timeout = MAX_JIFFY_OFFSET;
528 }
529
530 retval = fw_sysfs_wait_timeout(fw_priv, timeout);
531 if (retval < 0 && retval != -ENOENT) {
532 mutex_lock(&fw_lock);
533 fw_load_abort(fw_sysfs);
534 mutex_unlock(&fw_lock);
535 }
536
537 if (fw_state_is_aborted(fw_priv)) {
538 if (retval == -ERESTARTSYS)
539 retval = -EINTR;
540 else
541 retval = -EAGAIN;
542 } else if (fw_priv->is_paged_buf && !fw_priv->data)
543 retval = -ENOMEM;
544
545 device_del(f_dev);
546err_put_dev:
547 put_device(f_dev);
548 return retval;
549}
550
551static int fw_load_from_user_helper(struct firmware *firmware,
552 const char *name, struct device *device,
553 u32 opt_flags)
554{
555 struct fw_sysfs *fw_sysfs;
556 long timeout;
557 int ret;
558
559 timeout = firmware_loading_timeout();
560 if (opt_flags & FW_OPT_NOWAIT) {
561 timeout = usermodehelper_read_lock_wait(timeout);
562 if (!timeout) {
563 dev_dbg(device, "firmware: %s loading timed out\n",
564 name);
565 return -EBUSY;
566 }
567 } else {
568 ret = usermodehelper_read_trylock();
569 if (WARN_ON(ret)) {
570 dev_err(device, "firmware: %s will not be loaded\n",
571 name);
572 return ret;
573 }
574 }
575
576 fw_sysfs = fw_create_instance(firmware, name, device, opt_flags);
577 if (IS_ERR(fw_sysfs)) {
578 ret = PTR_ERR(fw_sysfs);
579 goto out_unlock;
580 }
581
582 fw_sysfs->fw_priv = firmware->priv;
583 ret = fw_load_sysfs_fallback(fw_sysfs, opt_flags, timeout);
584
585 if (!ret)
586 ret = assign_fw(firmware, device, opt_flags);
587
588out_unlock:
589 usermodehelper_read_unlock();
590
591 return ret;
592}
593
594static bool fw_force_sysfs_fallback(u32 opt_flags)
595{
596 if (fw_fallback_config.force_sysfs_fallback)
597 return true;
598 if (!(opt_flags & FW_OPT_USERHELPER))
599 return false;
600 return true;
601}
602
603static bool fw_run_sysfs_fallback(u32 opt_flags)
604{
605 int ret;
606
607 if (fw_fallback_config.ignore_sysfs_fallback) {
608 pr_info_once("Ignoring firmware sysfs fallback due to sysctl knob\n");
609 return false;
610 }
611
612 if ((opt_flags & FW_OPT_NOFALLBACK_SYSFS))
613 return false;
614
615 /* Also permit LSMs and IMA to fail firmware sysfs fallback */
616 ret = security_kernel_load_data(LOADING_FIRMWARE);
617 if (ret < 0)
618 return false;
619
620 return fw_force_sysfs_fallback(opt_flags);
621}
622
623/**
624 * firmware_fallback_sysfs() - use the fallback mechanism to find firmware
625 * @fw: pointer to firmware image
626 * @name: name of firmware file to look for
627 * @device: device for which firmware is being loaded
628 * @opt_flags: options to control firmware loading behaviour
629 * @ret: return value from direct lookup which triggered the fallback mechanism
630 *
631 * This function is called if direct lookup for the firmware failed, it enables
632 * a fallback mechanism through userspace by exposing a sysfs loading
633 * interface. Userspace is in charge of loading the firmware through the sysfs
634 * loading interface. This sysfs fallback mechanism may be disabled completely
635 * on a system by setting the proc sysctl value ignore_sysfs_fallback to true.
636 * If this is false we check if the internal API caller set the
637 * @FW_OPT_NOFALLBACK_SYSFS flag, if so it would also disable the fallback
638 * mechanism. A system may want to enforce the sysfs fallback mechanism at all
639 * times, it can do this by setting ignore_sysfs_fallback to false and
640 * force_sysfs_fallback to true.
641 * Enabling force_sysfs_fallback is functionally equivalent to build a kernel
642 * with CONFIG_FW_LOADER_USER_HELPER_FALLBACK.
643 **/
644int firmware_fallback_sysfs(struct firmware *fw, const char *name,
645 struct device *device,
646 u32 opt_flags,
647 int ret)
648{
649 if (!fw_run_sysfs_fallback(opt_flags))
650 return ret;
651
652 if (!(opt_flags & FW_OPT_NO_WARN))
653 dev_warn(device, "Falling back to sysfs fallback for: %s\n",
654 name);
655 else
656 dev_dbg(device, "Falling back to sysfs fallback for: %s\n",
657 name);
658 return fw_load_from_user_helper(fw, name, device, opt_flags);
659}
1// SPDX-License-Identifier: GPL-2.0
2
3#include <linux/types.h>
4#include <linux/kconfig.h>
5#include <linux/list.h>
6#include <linux/slab.h>
7#include <linux/security.h>
8#include <linux/highmem.h>
9#include <linux/umh.h>
10#include <linux/sysctl.h>
11#include <linux/vmalloc.h>
12
13#include "fallback.h"
14#include "firmware.h"
15
16/*
17 * firmware fallback mechanism
18 */
19
20extern struct firmware_fallback_config fw_fallback_config;
21
22/* These getters are vetted to use int properly */
23static inline int __firmware_loading_timeout(void)
24{
25 return fw_fallback_config.loading_timeout;
26}
27
28/* These setters are vetted to use int properly */
29static void __fw_fallback_set_timeout(int timeout)
30{
31 fw_fallback_config.loading_timeout = timeout;
32}
33
34/*
35 * use small loading timeout for caching devices' firmware because all these
36 * firmware images have been loaded successfully at lease once, also system is
37 * ready for completing firmware loading now. The maximum size of firmware in
38 * current distributions is about 2M bytes, so 10 secs should be enough.
39 */
40void fw_fallback_set_cache_timeout(void)
41{
42 fw_fallback_config.old_timeout = __firmware_loading_timeout();
43 __fw_fallback_set_timeout(10);
44}
45
46/* Restores the timeout to the value last configured during normal operation */
47void fw_fallback_set_default_timeout(void)
48{
49 __fw_fallback_set_timeout(fw_fallback_config.old_timeout);
50}
51
52static long firmware_loading_timeout(void)
53{
54 return __firmware_loading_timeout() > 0 ?
55 __firmware_loading_timeout() * HZ : MAX_JIFFY_OFFSET;
56}
57
58static inline bool fw_sysfs_done(struct fw_priv *fw_priv)
59{
60 return __fw_state_check(fw_priv, FW_STATUS_DONE);
61}
62
63static inline bool fw_sysfs_loading(struct fw_priv *fw_priv)
64{
65 return __fw_state_check(fw_priv, FW_STATUS_LOADING);
66}
67
68static inline int fw_sysfs_wait_timeout(struct fw_priv *fw_priv, long timeout)
69{
70 return __fw_state_wait_common(fw_priv, timeout);
71}
72
73struct fw_sysfs {
74 bool nowait;
75 struct device dev;
76 struct fw_priv *fw_priv;
77 struct firmware *fw;
78};
79
80static struct fw_sysfs *to_fw_sysfs(struct device *dev)
81{
82 return container_of(dev, struct fw_sysfs, dev);
83}
84
85static void __fw_load_abort(struct fw_priv *fw_priv)
86{
87 /*
88 * There is a small window in which user can write to 'loading'
89 * between loading done and disappearance of 'loading'
90 */
91 if (fw_sysfs_done(fw_priv))
92 return;
93
94 list_del_init(&fw_priv->pending_list);
95 fw_state_aborted(fw_priv);
96}
97
98static void fw_load_abort(struct fw_sysfs *fw_sysfs)
99{
100 struct fw_priv *fw_priv = fw_sysfs->fw_priv;
101
102 __fw_load_abort(fw_priv);
103}
104
105static LIST_HEAD(pending_fw_head);
106
107void kill_pending_fw_fallback_reqs(bool only_kill_custom)
108{
109 struct fw_priv *fw_priv;
110 struct fw_priv *next;
111
112 mutex_lock(&fw_lock);
113 list_for_each_entry_safe(fw_priv, next, &pending_fw_head,
114 pending_list) {
115 if (!fw_priv->need_uevent || !only_kill_custom)
116 __fw_load_abort(fw_priv);
117 }
118 mutex_unlock(&fw_lock);
119}
120
121static ssize_t timeout_show(struct class *class, struct class_attribute *attr,
122 char *buf)
123{
124 return sprintf(buf, "%d\n", __firmware_loading_timeout());
125}
126
127/**
128 * firmware_timeout_store - set number of seconds to wait for firmware
129 * @class: device class pointer
130 * @attr: device attribute pointer
131 * @buf: buffer to scan for timeout value
132 * @count: number of bytes in @buf
133 *
134 * Sets the number of seconds to wait for the firmware. Once
135 * this expires an error will be returned to the driver and no
136 * firmware will be provided.
137 *
138 * Note: zero means 'wait forever'.
139 **/
140static ssize_t timeout_store(struct class *class, struct class_attribute *attr,
141 const char *buf, size_t count)
142{
143 int tmp_loading_timeout = simple_strtol(buf, NULL, 10);
144
145 if (tmp_loading_timeout < 0)
146 tmp_loading_timeout = 0;
147
148 __fw_fallback_set_timeout(tmp_loading_timeout);
149
150 return count;
151}
152static CLASS_ATTR_RW(timeout);
153
154static struct attribute *firmware_class_attrs[] = {
155 &class_attr_timeout.attr,
156 NULL,
157};
158ATTRIBUTE_GROUPS(firmware_class);
159
160static void fw_dev_release(struct device *dev)
161{
162 struct fw_sysfs *fw_sysfs = to_fw_sysfs(dev);
163
164 kfree(fw_sysfs);
165}
166
167static int do_firmware_uevent(struct fw_sysfs *fw_sysfs, struct kobj_uevent_env *env)
168{
169 if (add_uevent_var(env, "FIRMWARE=%s", fw_sysfs->fw_priv->fw_name))
170 return -ENOMEM;
171 if (add_uevent_var(env, "TIMEOUT=%i", __firmware_loading_timeout()))
172 return -ENOMEM;
173 if (add_uevent_var(env, "ASYNC=%d", fw_sysfs->nowait))
174 return -ENOMEM;
175
176 return 0;
177}
178
179static int firmware_uevent(struct device *dev, struct kobj_uevent_env *env)
180{
181 struct fw_sysfs *fw_sysfs = to_fw_sysfs(dev);
182 int err = 0;
183
184 mutex_lock(&fw_lock);
185 if (fw_sysfs->fw_priv)
186 err = do_firmware_uevent(fw_sysfs, env);
187 mutex_unlock(&fw_lock);
188 return err;
189}
190
191static struct class firmware_class = {
192 .name = "firmware",
193 .class_groups = firmware_class_groups,
194 .dev_uevent = firmware_uevent,
195 .dev_release = fw_dev_release,
196};
197
198int register_sysfs_loader(void)
199{
200 return class_register(&firmware_class);
201}
202
203void unregister_sysfs_loader(void)
204{
205 class_unregister(&firmware_class);
206}
207
208static ssize_t firmware_loading_show(struct device *dev,
209 struct device_attribute *attr, char *buf)
210{
211 struct fw_sysfs *fw_sysfs = to_fw_sysfs(dev);
212 int loading = 0;
213
214 mutex_lock(&fw_lock);
215 if (fw_sysfs->fw_priv)
216 loading = fw_sysfs_loading(fw_sysfs->fw_priv);
217 mutex_unlock(&fw_lock);
218
219 return sprintf(buf, "%d\n", loading);
220}
221
222/* Some architectures don't have PAGE_KERNEL_RO */
223#ifndef PAGE_KERNEL_RO
224#define PAGE_KERNEL_RO PAGE_KERNEL
225#endif
226
227/* one pages buffer should be mapped/unmapped only once */
228static int map_fw_priv_pages(struct fw_priv *fw_priv)
229{
230 if (!fw_priv->is_paged_buf)
231 return 0;
232
233 vunmap(fw_priv->data);
234 fw_priv->data = vmap(fw_priv->pages, fw_priv->nr_pages, 0,
235 PAGE_KERNEL_RO);
236 if (!fw_priv->data)
237 return -ENOMEM;
238 return 0;
239}
240
241/**
242 * firmware_loading_store - set value in the 'loading' control file
243 * @dev: device pointer
244 * @attr: device attribute pointer
245 * @buf: buffer to scan for loading control value
246 * @count: number of bytes in @buf
247 *
248 * The relevant values are:
249 *
250 * 1: Start a load, discarding any previous partial load.
251 * 0: Conclude the load and hand the data to the driver code.
252 * -1: Conclude the load with an error and discard any written data.
253 **/
254static ssize_t firmware_loading_store(struct device *dev,
255 struct device_attribute *attr,
256 const char *buf, size_t count)
257{
258 struct fw_sysfs *fw_sysfs = to_fw_sysfs(dev);
259 struct fw_priv *fw_priv;
260 ssize_t written = count;
261 int loading = simple_strtol(buf, NULL, 10);
262 int i;
263
264 mutex_lock(&fw_lock);
265 fw_priv = fw_sysfs->fw_priv;
266 if (fw_state_is_aborted(fw_priv))
267 goto out;
268
269 switch (loading) {
270 case 1:
271 /* discarding any previous partial load */
272 if (!fw_sysfs_done(fw_priv)) {
273 for (i = 0; i < fw_priv->nr_pages; i++)
274 __free_page(fw_priv->pages[i]);
275 vfree(fw_priv->pages);
276 fw_priv->pages = NULL;
277 fw_priv->page_array_size = 0;
278 fw_priv->nr_pages = 0;
279 fw_state_start(fw_priv);
280 }
281 break;
282 case 0:
283 if (fw_sysfs_loading(fw_priv)) {
284 int rc;
285
286 /*
287 * Several loading requests may be pending on
288 * one same firmware buf, so let all requests
289 * see the mapped 'buf->data' once the loading
290 * is completed.
291 * */
292 rc = map_fw_priv_pages(fw_priv);
293 if (rc)
294 dev_err(dev, "%s: map pages failed\n",
295 __func__);
296 else
297 rc = security_kernel_post_read_file(NULL,
298 fw_priv->data, fw_priv->size,
299 READING_FIRMWARE);
300
301 /*
302 * Same logic as fw_load_abort, only the DONE bit
303 * is ignored and we set ABORT only on failure.
304 */
305 list_del_init(&fw_priv->pending_list);
306 if (rc) {
307 fw_state_aborted(fw_priv);
308 written = rc;
309 } else {
310 fw_state_done(fw_priv);
311 }
312 break;
313 }
314 /* fallthrough */
315 default:
316 dev_err(dev, "%s: unexpected value (%d)\n", __func__, loading);
317 /* fallthrough */
318 case -1:
319 fw_load_abort(fw_sysfs);
320 break;
321 }
322out:
323 mutex_unlock(&fw_lock);
324 return written;
325}
326
327static DEVICE_ATTR(loading, 0644, firmware_loading_show, firmware_loading_store);
328
329static void firmware_rw_data(struct fw_priv *fw_priv, char *buffer,
330 loff_t offset, size_t count, bool read)
331{
332 if (read)
333 memcpy(buffer, fw_priv->data + offset, count);
334 else
335 memcpy(fw_priv->data + offset, buffer, count);
336}
337
338static void firmware_rw(struct fw_priv *fw_priv, char *buffer,
339 loff_t offset, size_t count, bool read)
340{
341 while (count) {
342 void *page_data;
343 int page_nr = offset >> PAGE_SHIFT;
344 int page_ofs = offset & (PAGE_SIZE-1);
345 int page_cnt = min_t(size_t, PAGE_SIZE - page_ofs, count);
346
347 page_data = kmap(fw_priv->pages[page_nr]);
348
349 if (read)
350 memcpy(buffer, page_data + page_ofs, page_cnt);
351 else
352 memcpy(page_data + page_ofs, buffer, page_cnt);
353
354 kunmap(fw_priv->pages[page_nr]);
355 buffer += page_cnt;
356 offset += page_cnt;
357 count -= page_cnt;
358 }
359}
360
361static ssize_t firmware_data_read(struct file *filp, struct kobject *kobj,
362 struct bin_attribute *bin_attr,
363 char *buffer, loff_t offset, size_t count)
364{
365 struct device *dev = kobj_to_dev(kobj);
366 struct fw_sysfs *fw_sysfs = to_fw_sysfs(dev);
367 struct fw_priv *fw_priv;
368 ssize_t ret_count;
369
370 mutex_lock(&fw_lock);
371 fw_priv = fw_sysfs->fw_priv;
372 if (!fw_priv || fw_sysfs_done(fw_priv)) {
373 ret_count = -ENODEV;
374 goto out;
375 }
376 if (offset > fw_priv->size) {
377 ret_count = 0;
378 goto out;
379 }
380 if (count > fw_priv->size - offset)
381 count = fw_priv->size - offset;
382
383 ret_count = count;
384
385 if (fw_priv->data)
386 firmware_rw_data(fw_priv, buffer, offset, count, true);
387 else
388 firmware_rw(fw_priv, buffer, offset, count, true);
389
390out:
391 mutex_unlock(&fw_lock);
392 return ret_count;
393}
394
395static int fw_realloc_pages(struct fw_sysfs *fw_sysfs, int min_size)
396{
397 struct fw_priv *fw_priv= fw_sysfs->fw_priv;
398 int pages_needed = PAGE_ALIGN(min_size) >> PAGE_SHIFT;
399
400 /* If the array of pages is too small, grow it... */
401 if (fw_priv->page_array_size < pages_needed) {
402 int new_array_size = max(pages_needed,
403 fw_priv->page_array_size * 2);
404 struct page **new_pages;
405
406 new_pages = vmalloc(new_array_size * sizeof(void *));
407 if (!new_pages) {
408 fw_load_abort(fw_sysfs);
409 return -ENOMEM;
410 }
411 memcpy(new_pages, fw_priv->pages,
412 fw_priv->page_array_size * sizeof(void *));
413 memset(&new_pages[fw_priv->page_array_size], 0, sizeof(void *) *
414 (new_array_size - fw_priv->page_array_size));
415 vfree(fw_priv->pages);
416 fw_priv->pages = new_pages;
417 fw_priv->page_array_size = new_array_size;
418 }
419
420 while (fw_priv->nr_pages < pages_needed) {
421 fw_priv->pages[fw_priv->nr_pages] =
422 alloc_page(GFP_KERNEL | __GFP_HIGHMEM);
423
424 if (!fw_priv->pages[fw_priv->nr_pages]) {
425 fw_load_abort(fw_sysfs);
426 return -ENOMEM;
427 }
428 fw_priv->nr_pages++;
429 }
430 return 0;
431}
432
433/**
434 * firmware_data_write - write method for firmware
435 * @filp: open sysfs file
436 * @kobj: kobject for the device
437 * @bin_attr: bin_attr structure
438 * @buffer: buffer being written
439 * @offset: buffer offset for write in total data store area
440 * @count: buffer size
441 *
442 * Data written to the 'data' attribute will be later handed to
443 * the driver as a firmware image.
444 **/
445static ssize_t firmware_data_write(struct file *filp, struct kobject *kobj,
446 struct bin_attribute *bin_attr,
447 char *buffer, loff_t offset, size_t count)
448{
449 struct device *dev = kobj_to_dev(kobj);
450 struct fw_sysfs *fw_sysfs = to_fw_sysfs(dev);
451 struct fw_priv *fw_priv;
452 ssize_t retval;
453
454 if (!capable(CAP_SYS_RAWIO))
455 return -EPERM;
456
457 mutex_lock(&fw_lock);
458 fw_priv = fw_sysfs->fw_priv;
459 if (!fw_priv || fw_sysfs_done(fw_priv)) {
460 retval = -ENODEV;
461 goto out;
462 }
463
464 if (fw_priv->data) {
465 if (offset + count > fw_priv->allocated_size) {
466 retval = -ENOMEM;
467 goto out;
468 }
469 firmware_rw_data(fw_priv, buffer, offset, count, false);
470 retval = count;
471 } else {
472 retval = fw_realloc_pages(fw_sysfs, offset + count);
473 if (retval)
474 goto out;
475
476 retval = count;
477 firmware_rw(fw_priv, buffer, offset, count, false);
478 }
479
480 fw_priv->size = max_t(size_t, offset + count, fw_priv->size);
481out:
482 mutex_unlock(&fw_lock);
483 return retval;
484}
485
486static struct bin_attribute firmware_attr_data = {
487 .attr = { .name = "data", .mode = 0644 },
488 .size = 0,
489 .read = firmware_data_read,
490 .write = firmware_data_write,
491};
492
493static struct attribute *fw_dev_attrs[] = {
494 &dev_attr_loading.attr,
495 NULL
496};
497
498static struct bin_attribute *fw_dev_bin_attrs[] = {
499 &firmware_attr_data,
500 NULL
501};
502
503static const struct attribute_group fw_dev_attr_group = {
504 .attrs = fw_dev_attrs,
505 .bin_attrs = fw_dev_bin_attrs,
506};
507
508static const struct attribute_group *fw_dev_attr_groups[] = {
509 &fw_dev_attr_group,
510 NULL
511};
512
513static struct fw_sysfs *
514fw_create_instance(struct firmware *firmware, const char *fw_name,
515 struct device *device, unsigned int opt_flags)
516{
517 struct fw_sysfs *fw_sysfs;
518 struct device *f_dev;
519
520 fw_sysfs = kzalloc(sizeof(*fw_sysfs), GFP_KERNEL);
521 if (!fw_sysfs) {
522 fw_sysfs = ERR_PTR(-ENOMEM);
523 goto exit;
524 }
525
526 fw_sysfs->nowait = !!(opt_flags & FW_OPT_NOWAIT);
527 fw_sysfs->fw = firmware;
528 f_dev = &fw_sysfs->dev;
529
530 device_initialize(f_dev);
531 dev_set_name(f_dev, "%s", fw_name);
532 f_dev->parent = device;
533 f_dev->class = &firmware_class;
534 f_dev->groups = fw_dev_attr_groups;
535exit:
536 return fw_sysfs;
537}
538
539/**
540 * fw_load_sysfs_fallback - load a firmware via the sysfs fallback mechanism
541 * @fw_sysfs: firmware sysfs information for the firmware to load
542 * @opt_flags: flags of options, FW_OPT_*
543 * @timeout: timeout to wait for the load
544 *
545 * In charge of constructing a sysfs fallback interface for firmware loading.
546 **/
547static int fw_load_sysfs_fallback(struct fw_sysfs *fw_sysfs,
548 unsigned int opt_flags, long timeout)
549{
550 int retval = 0;
551 struct device *f_dev = &fw_sysfs->dev;
552 struct fw_priv *fw_priv = fw_sysfs->fw_priv;
553
554 /* fall back on userspace loading */
555 if (!fw_priv->data)
556 fw_priv->is_paged_buf = true;
557
558 dev_set_uevent_suppress(f_dev, true);
559
560 retval = device_add(f_dev);
561 if (retval) {
562 dev_err(f_dev, "%s: device_register failed\n", __func__);
563 goto err_put_dev;
564 }
565
566 mutex_lock(&fw_lock);
567 list_add(&fw_priv->pending_list, &pending_fw_head);
568 mutex_unlock(&fw_lock);
569
570 if (opt_flags & FW_OPT_UEVENT) {
571 fw_priv->need_uevent = true;
572 dev_set_uevent_suppress(f_dev, false);
573 dev_dbg(f_dev, "firmware: requesting %s\n", fw_priv->fw_name);
574 kobject_uevent(&fw_sysfs->dev.kobj, KOBJ_ADD);
575 } else {
576 timeout = MAX_JIFFY_OFFSET;
577 }
578
579 retval = fw_sysfs_wait_timeout(fw_priv, timeout);
580 if (retval < 0) {
581 mutex_lock(&fw_lock);
582 fw_load_abort(fw_sysfs);
583 mutex_unlock(&fw_lock);
584 }
585
586 if (fw_state_is_aborted(fw_priv)) {
587 if (retval == -ERESTARTSYS)
588 retval = -EINTR;
589 else
590 retval = -EAGAIN;
591 } else if (fw_priv->is_paged_buf && !fw_priv->data)
592 retval = -ENOMEM;
593
594 device_del(f_dev);
595err_put_dev:
596 put_device(f_dev);
597 return retval;
598}
599
600static int fw_load_from_user_helper(struct firmware *firmware,
601 const char *name, struct device *device,
602 unsigned int opt_flags)
603{
604 struct fw_sysfs *fw_sysfs;
605 long timeout;
606 int ret;
607
608 timeout = firmware_loading_timeout();
609 if (opt_flags & FW_OPT_NOWAIT) {
610 timeout = usermodehelper_read_lock_wait(timeout);
611 if (!timeout) {
612 dev_dbg(device, "firmware: %s loading timed out\n",
613 name);
614 return -EBUSY;
615 }
616 } else {
617 ret = usermodehelper_read_trylock();
618 if (WARN_ON(ret)) {
619 dev_err(device, "firmware: %s will not be loaded\n",
620 name);
621 return ret;
622 }
623 }
624
625 fw_sysfs = fw_create_instance(firmware, name, device, opt_flags);
626 if (IS_ERR(fw_sysfs)) {
627 ret = PTR_ERR(fw_sysfs);
628 goto out_unlock;
629 }
630
631 fw_sysfs->fw_priv = firmware->priv;
632 ret = fw_load_sysfs_fallback(fw_sysfs, opt_flags, timeout);
633
634 if (!ret)
635 ret = assign_fw(firmware, device, opt_flags);
636
637out_unlock:
638 usermodehelper_read_unlock();
639
640 return ret;
641}
642
643static bool fw_force_sysfs_fallback(unsigned int opt_flags)
644{
645 if (fw_fallback_config.force_sysfs_fallback)
646 return true;
647 if (!(opt_flags & FW_OPT_USERHELPER))
648 return false;
649 return true;
650}
651
652static bool fw_run_sysfs_fallback(unsigned int opt_flags)
653{
654 if (fw_fallback_config.ignore_sysfs_fallback) {
655 pr_info_once("Ignoring firmware sysfs fallback due to sysctl knob\n");
656 return false;
657 }
658
659 if ((opt_flags & FW_OPT_NOFALLBACK))
660 return false;
661
662 return fw_force_sysfs_fallback(opt_flags);
663}
664
665int fw_sysfs_fallback(struct firmware *fw, const char *name,
666 struct device *device,
667 unsigned int opt_flags,
668 int ret)
669{
670 if (!fw_run_sysfs_fallback(opt_flags))
671 return ret;
672
673 dev_warn(device, "Falling back to user helper\n");
674 return fw_load_from_user_helper(fw, name, device, opt_flags);
675}