Loading...
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * Copyright (c) 2003-2018, Intel Corporation. All rights reserved.
4 * Intel Management Engine Interface (Intel MEI) Linux driver
5 */
6
7#include <linux/export.h>
8#include <linux/kthread.h>
9#include <linux/interrupt.h>
10#include <linux/fs.h>
11#include <linux/jiffies.h>
12#include <linux/slab.h>
13#include <linux/pm_runtime.h>
14
15#include <linux/mei.h>
16
17#include "mei_dev.h"
18#include "hbm.h"
19#include "client.h"
20
21
22/**
23 * mei_irq_compl_handler - dispatch complete handlers
24 * for the completed callbacks
25 *
26 * @dev: mei device
27 * @cmpl_list: list of completed cbs
28 */
29void mei_irq_compl_handler(struct mei_device *dev, struct list_head *cmpl_list)
30{
31 struct mei_cl_cb *cb, *next;
32 struct mei_cl *cl;
33
34 list_for_each_entry_safe(cb, next, cmpl_list, list) {
35 cl = cb->cl;
36 list_del_init(&cb->list);
37
38 dev_dbg(dev->dev, "completing call back.\n");
39 mei_cl_complete(cl, cb);
40 }
41}
42EXPORT_SYMBOL_GPL(mei_irq_compl_handler);
43
44/**
45 * mei_cl_hbm_equal - check if hbm is addressed to the client
46 *
47 * @cl: host client
48 * @mei_hdr: header of mei client message
49 *
50 * Return: true if matches, false otherwise
51 */
52static inline int mei_cl_hbm_equal(struct mei_cl *cl,
53 struct mei_msg_hdr *mei_hdr)
54{
55 return mei_cl_host_addr(cl) == mei_hdr->host_addr &&
56 mei_cl_me_id(cl) == mei_hdr->me_addr;
57}
58
59/**
60 * mei_irq_discard_msg - discard received message
61 *
62 * @dev: mei device
63 * @hdr: message header
64 * @discard_len: the length of the message to discard (excluding header)
65 */
66static void mei_irq_discard_msg(struct mei_device *dev, struct mei_msg_hdr *hdr,
67 size_t discard_len)
68{
69 if (hdr->dma_ring) {
70 mei_dma_ring_read(dev, NULL,
71 hdr->extension[dev->rd_msg_hdr_count - 2]);
72 discard_len = 0;
73 }
74 /*
75 * no need to check for size as it is guaranteed
76 * that length fits into rd_msg_buf
77 */
78 mei_read_slots(dev, dev->rd_msg_buf, discard_len);
79 dev_dbg(dev->dev, "discarding message " MEI_HDR_FMT "\n",
80 MEI_HDR_PRM(hdr));
81}
82
83/**
84 * mei_cl_irq_read_msg - process client message
85 *
86 * @cl: reading client
87 * @mei_hdr: header of mei client message
88 * @meta: extend meta header
89 * @cmpl_list: completion list
90 *
91 * Return: always 0
92 */
93static int mei_cl_irq_read_msg(struct mei_cl *cl,
94 struct mei_msg_hdr *mei_hdr,
95 struct mei_ext_meta_hdr *meta,
96 struct list_head *cmpl_list)
97{
98 struct mei_device *dev = cl->dev;
99 struct mei_cl_cb *cb;
100
101 struct mei_ext_hdr_vtag *vtag_hdr = NULL;
102 struct mei_ext_hdr_gsc_f2h *gsc_f2h = NULL;
103
104 size_t buf_sz;
105 u32 length;
106 u32 ext_len;
107
108 length = mei_hdr->length;
109 ext_len = 0;
110 if (mei_hdr->extended) {
111 ext_len = sizeof(*meta) + mei_slots2data(meta->size);
112 length -= ext_len;
113 }
114
115 cb = list_first_entry_or_null(&cl->rd_pending, struct mei_cl_cb, list);
116 if (!cb) {
117 if (!mei_cl_is_fixed_address(cl)) {
118 cl_err(dev, cl, "pending read cb not found\n");
119 goto discard;
120 }
121 cb = mei_cl_alloc_cb(cl, mei_cl_mtu(cl), MEI_FOP_READ, cl->fp);
122 if (!cb)
123 goto discard;
124 list_add_tail(&cb->list, &cl->rd_pending);
125 }
126
127 if (mei_hdr->extended) {
128 struct mei_ext_hdr *ext = mei_ext_begin(meta);
129 do {
130 switch (ext->type) {
131 case MEI_EXT_HDR_VTAG:
132 vtag_hdr = (struct mei_ext_hdr_vtag *)ext;
133 break;
134 case MEI_EXT_HDR_GSC:
135 gsc_f2h = (struct mei_ext_hdr_gsc_f2h *)ext;
136 cb->ext_hdr = kzalloc(sizeof(*gsc_f2h), GFP_KERNEL);
137 if (!cb->ext_hdr) {
138 cb->status = -ENOMEM;
139 goto discard;
140 }
141 break;
142 case MEI_EXT_HDR_NONE:
143 fallthrough;
144 default:
145 cl_err(dev, cl, "unknown extended header\n");
146 cb->status = -EPROTO;
147 break;
148 }
149
150 ext = mei_ext_next(ext);
151 } while (!mei_ext_last(meta, ext));
152
153 if (!vtag_hdr && !gsc_f2h) {
154 cl_dbg(dev, cl, "no vtag or gsc found in extended header.\n");
155 cb->status = -EPROTO;
156 goto discard;
157 }
158 }
159
160 if (vtag_hdr) {
161 cl_dbg(dev, cl, "vtag: %d\n", vtag_hdr->vtag);
162 if (cb->vtag && cb->vtag != vtag_hdr->vtag) {
163 cl_err(dev, cl, "mismatched tag: %d != %d\n",
164 cb->vtag, vtag_hdr->vtag);
165 cb->status = -EPROTO;
166 goto discard;
167 }
168 cb->vtag = vtag_hdr->vtag;
169 }
170
171 if (gsc_f2h) {
172 u32 ext_hdr_len = mei_ext_hdr_len(&gsc_f2h->hdr);
173
174 if (!dev->hbm_f_gsc_supported) {
175 cl_err(dev, cl, "gsc extended header is not supported\n");
176 cb->status = -EPROTO;
177 goto discard;
178 }
179
180 if (length) {
181 cl_err(dev, cl, "no data allowed in cb with gsc\n");
182 cb->status = -EPROTO;
183 goto discard;
184 }
185 if (ext_hdr_len > sizeof(*gsc_f2h)) {
186 cl_err(dev, cl, "gsc extended header is too big %u\n", ext_hdr_len);
187 cb->status = -EPROTO;
188 goto discard;
189 }
190 memcpy(cb->ext_hdr, gsc_f2h, ext_hdr_len);
191 }
192
193 if (!mei_cl_is_connected(cl)) {
194 cl_dbg(dev, cl, "not connected\n");
195 cb->status = -ENODEV;
196 goto discard;
197 }
198
199 if (mei_hdr->dma_ring)
200 length = mei_hdr->extension[mei_data2slots(ext_len)];
201
202 buf_sz = length + cb->buf_idx;
203 /* catch for integer overflow */
204 if (buf_sz < cb->buf_idx) {
205 cl_err(dev, cl, "message is too big len %d idx %zu\n",
206 length, cb->buf_idx);
207 cb->status = -EMSGSIZE;
208 goto discard;
209 }
210
211 if (cb->buf.size < buf_sz) {
212 cl_dbg(dev, cl, "message overflow. size %zu len %d idx %zu\n",
213 cb->buf.size, length, cb->buf_idx);
214 cb->status = -EMSGSIZE;
215 goto discard;
216 }
217
218 if (mei_hdr->dma_ring) {
219 mei_dma_ring_read(dev, cb->buf.data + cb->buf_idx, length);
220 /* for DMA read 0 length to generate interrupt to the device */
221 mei_read_slots(dev, cb->buf.data + cb->buf_idx, 0);
222 } else {
223 mei_read_slots(dev, cb->buf.data + cb->buf_idx, length);
224 }
225
226 cb->buf_idx += length;
227
228 if (mei_hdr->msg_complete) {
229 cl_dbg(dev, cl, "completed read length = %zu\n", cb->buf_idx);
230 list_move_tail(&cb->list, cmpl_list);
231 } else {
232 pm_runtime_mark_last_busy(dev->dev);
233 pm_request_autosuspend(dev->dev);
234 }
235
236 return 0;
237
238discard:
239 if (cb)
240 list_move_tail(&cb->list, cmpl_list);
241 mei_irq_discard_msg(dev, mei_hdr, length);
242 return 0;
243}
244
245/**
246 * mei_cl_irq_disconnect_rsp - send disconnection response message
247 *
248 * @cl: client
249 * @cb: callback block.
250 * @cmpl_list: complete list.
251 *
252 * Return: 0, OK; otherwise, error.
253 */
254static int mei_cl_irq_disconnect_rsp(struct mei_cl *cl, struct mei_cl_cb *cb,
255 struct list_head *cmpl_list)
256{
257 struct mei_device *dev = cl->dev;
258 u32 msg_slots;
259 int slots;
260 int ret;
261
262 msg_slots = mei_hbm2slots(sizeof(struct hbm_client_connect_response));
263 slots = mei_hbuf_empty_slots(dev);
264 if (slots < 0)
265 return -EOVERFLOW;
266
267 if ((u32)slots < msg_slots)
268 return -EMSGSIZE;
269
270 ret = mei_hbm_cl_disconnect_rsp(dev, cl);
271 list_move_tail(&cb->list, cmpl_list);
272
273 return ret;
274}
275
276/**
277 * mei_cl_irq_read - processes client read related operation from the
278 * interrupt thread context - request for flow control credits
279 *
280 * @cl: client
281 * @cb: callback block.
282 * @cmpl_list: complete list.
283 *
284 * Return: 0, OK; otherwise, error.
285 */
286static int mei_cl_irq_read(struct mei_cl *cl, struct mei_cl_cb *cb,
287 struct list_head *cmpl_list)
288{
289 struct mei_device *dev = cl->dev;
290 u32 msg_slots;
291 int slots;
292 int ret;
293
294 if (!list_empty(&cl->rd_pending))
295 return 0;
296
297 msg_slots = mei_hbm2slots(sizeof(struct hbm_flow_control));
298 slots = mei_hbuf_empty_slots(dev);
299 if (slots < 0)
300 return -EOVERFLOW;
301
302 if ((u32)slots < msg_slots)
303 return -EMSGSIZE;
304
305 ret = mei_hbm_cl_flow_control_req(dev, cl);
306 if (ret) {
307 cl->status = ret;
308 cb->buf_idx = 0;
309 list_move_tail(&cb->list, cmpl_list);
310 return ret;
311 }
312
313 pm_runtime_mark_last_busy(dev->dev);
314 pm_request_autosuspend(dev->dev);
315
316 list_move_tail(&cb->list, &cl->rd_pending);
317
318 return 0;
319}
320
321static inline bool hdr_is_hbm(struct mei_msg_hdr *mei_hdr)
322{
323 return mei_hdr->host_addr == 0 && mei_hdr->me_addr == 0;
324}
325
326static inline bool hdr_is_fixed(struct mei_msg_hdr *mei_hdr)
327{
328 return mei_hdr->host_addr == 0 && mei_hdr->me_addr != 0;
329}
330
331static inline int hdr_is_valid(u32 msg_hdr)
332{
333 struct mei_msg_hdr *mei_hdr;
334 u32 expected_len = 0;
335
336 mei_hdr = (struct mei_msg_hdr *)&msg_hdr;
337 if (!msg_hdr || mei_hdr->reserved)
338 return -EBADMSG;
339
340 if (mei_hdr->dma_ring)
341 expected_len += MEI_SLOT_SIZE;
342 if (mei_hdr->extended)
343 expected_len += MEI_SLOT_SIZE;
344 if (mei_hdr->length < expected_len)
345 return -EBADMSG;
346
347 return 0;
348}
349
350/**
351 * mei_irq_read_handler - bottom half read routine after ISR to
352 * handle the read processing.
353 *
354 * @dev: the device structure
355 * @cmpl_list: An instance of our list structure
356 * @slots: slots to read.
357 *
358 * Return: 0 on success, <0 on failure.
359 */
360int mei_irq_read_handler(struct mei_device *dev,
361 struct list_head *cmpl_list, s32 *slots)
362{
363 struct mei_msg_hdr *mei_hdr;
364 struct mei_ext_meta_hdr *meta_hdr = NULL;
365 struct mei_cl *cl;
366 int ret;
367 u32 hdr_size_left;
368 u32 hdr_size_ext;
369 int i;
370 int ext_hdr_end;
371
372 if (!dev->rd_msg_hdr[0]) {
373 dev->rd_msg_hdr[0] = mei_read_hdr(dev);
374 dev->rd_msg_hdr_count = 1;
375 (*slots)--;
376 dev_dbg(dev->dev, "slots =%08x.\n", *slots);
377
378 ret = hdr_is_valid(dev->rd_msg_hdr[0]);
379 if (ret) {
380 dev_err(dev->dev, "corrupted message header 0x%08X\n",
381 dev->rd_msg_hdr[0]);
382 goto end;
383 }
384 }
385
386 mei_hdr = (struct mei_msg_hdr *)dev->rd_msg_hdr;
387 dev_dbg(dev->dev, MEI_HDR_FMT, MEI_HDR_PRM(mei_hdr));
388
389 if (mei_slots2data(*slots) < mei_hdr->length) {
390 dev_err(dev->dev, "less data available than length=%08x.\n",
391 *slots);
392 /* we can't read the message */
393 ret = -ENODATA;
394 goto end;
395 }
396
397 ext_hdr_end = 1;
398 hdr_size_left = mei_hdr->length;
399
400 if (mei_hdr->extended) {
401 if (!dev->rd_msg_hdr[1]) {
402 dev->rd_msg_hdr[1] = mei_read_hdr(dev);
403 dev->rd_msg_hdr_count++;
404 (*slots)--;
405 dev_dbg(dev->dev, "extended header is %08x\n", dev->rd_msg_hdr[1]);
406 }
407 meta_hdr = ((struct mei_ext_meta_hdr *)&dev->rd_msg_hdr[1]);
408 if (check_add_overflow((u32)sizeof(*meta_hdr),
409 mei_slots2data(meta_hdr->size),
410 &hdr_size_ext)) {
411 dev_err(dev->dev, "extended message size too big %d\n",
412 meta_hdr->size);
413 return -EBADMSG;
414 }
415 if (hdr_size_left < hdr_size_ext) {
416 dev_err(dev->dev, "corrupted message header len %d\n",
417 mei_hdr->length);
418 return -EBADMSG;
419 }
420 hdr_size_left -= hdr_size_ext;
421
422 ext_hdr_end = meta_hdr->size + 2;
423 for (i = dev->rd_msg_hdr_count; i < ext_hdr_end; i++) {
424 dev->rd_msg_hdr[i] = mei_read_hdr(dev);
425 dev_dbg(dev->dev, "extended header %d is %08x\n", i,
426 dev->rd_msg_hdr[i]);
427 dev->rd_msg_hdr_count++;
428 (*slots)--;
429 }
430 }
431
432 if (mei_hdr->dma_ring) {
433 if (hdr_size_left != sizeof(dev->rd_msg_hdr[ext_hdr_end])) {
434 dev_err(dev->dev, "corrupted message header len %d\n",
435 mei_hdr->length);
436 return -EBADMSG;
437 }
438
439 dev->rd_msg_hdr[ext_hdr_end] = mei_read_hdr(dev);
440 dev->rd_msg_hdr_count++;
441 (*slots)--;
442 mei_hdr->length -= sizeof(dev->rd_msg_hdr[ext_hdr_end]);
443 }
444
445 /* HBM message */
446 if (hdr_is_hbm(mei_hdr)) {
447 ret = mei_hbm_dispatch(dev, mei_hdr);
448 if (ret) {
449 dev_dbg(dev->dev, "mei_hbm_dispatch failed ret = %d\n",
450 ret);
451 goto end;
452 }
453 goto reset_slots;
454 }
455
456 /* find recipient cl */
457 list_for_each_entry(cl, &dev->file_list, link) {
458 if (mei_cl_hbm_equal(cl, mei_hdr)) {
459 cl_dbg(dev, cl, "got a message\n");
460 ret = mei_cl_irq_read_msg(cl, mei_hdr, meta_hdr, cmpl_list);
461 goto reset_slots;
462 }
463 }
464
465 /* if no recipient cl was found we assume corrupted header */
466 /* A message for not connected fixed address clients
467 * should be silently discarded
468 * On power down client may be force cleaned,
469 * silently discard such messages
470 */
471 if (hdr_is_fixed(mei_hdr) ||
472 dev->dev_state == MEI_DEV_POWER_DOWN) {
473 mei_irq_discard_msg(dev, mei_hdr, mei_hdr->length);
474 ret = 0;
475 goto reset_slots;
476 }
477 dev_err(dev->dev, "no destination client found 0x%08X\n", dev->rd_msg_hdr[0]);
478 ret = -EBADMSG;
479 goto end;
480
481reset_slots:
482 /* reset the number of slots and header */
483 memset(dev->rd_msg_hdr, 0, sizeof(dev->rd_msg_hdr));
484 dev->rd_msg_hdr_count = 0;
485 *slots = mei_count_full_read_slots(dev);
486 if (*slots == -EOVERFLOW) {
487 /* overflow - reset */
488 dev_err(dev->dev, "resetting due to slots overflow.\n");
489 /* set the event since message has been read */
490 ret = -ERANGE;
491 goto end;
492 }
493end:
494 return ret;
495}
496EXPORT_SYMBOL_GPL(mei_irq_read_handler);
497
498
499/**
500 * mei_irq_write_handler - dispatch write requests
501 * after irq received
502 *
503 * @dev: the device structure
504 * @cmpl_list: An instance of our list structure
505 *
506 * Return: 0 on success, <0 on failure.
507 */
508int mei_irq_write_handler(struct mei_device *dev, struct list_head *cmpl_list)
509{
510
511 struct mei_cl *cl;
512 struct mei_cl_cb *cb, *next;
513 s32 slots;
514 int ret;
515
516
517 if (!mei_hbuf_acquire(dev))
518 return 0;
519
520 slots = mei_hbuf_empty_slots(dev);
521 if (slots < 0)
522 return -EOVERFLOW;
523
524 if (slots == 0)
525 return -EMSGSIZE;
526
527 /* complete all waiting for write CB */
528 dev_dbg(dev->dev, "complete all waiting for write cb.\n");
529
530 list_for_each_entry_safe(cb, next, &dev->write_waiting_list, list) {
531 cl = cb->cl;
532
533 cl->status = 0;
534 cl_dbg(dev, cl, "MEI WRITE COMPLETE\n");
535 cl->writing_state = MEI_WRITE_COMPLETE;
536 list_move_tail(&cb->list, cmpl_list);
537 }
538
539 /* complete control write list CB */
540 dev_dbg(dev->dev, "complete control write list cb.\n");
541 list_for_each_entry_safe(cb, next, &dev->ctrl_wr_list, list) {
542 cl = cb->cl;
543 switch (cb->fop_type) {
544 case MEI_FOP_DISCONNECT:
545 /* send disconnect message */
546 ret = mei_cl_irq_disconnect(cl, cb, cmpl_list);
547 if (ret)
548 return ret;
549
550 break;
551 case MEI_FOP_READ:
552 /* send flow control message */
553 ret = mei_cl_irq_read(cl, cb, cmpl_list);
554 if (ret)
555 return ret;
556
557 break;
558 case MEI_FOP_CONNECT:
559 /* connect message */
560 ret = mei_cl_irq_connect(cl, cb, cmpl_list);
561 if (ret)
562 return ret;
563
564 break;
565 case MEI_FOP_DISCONNECT_RSP:
566 /* send disconnect resp */
567 ret = mei_cl_irq_disconnect_rsp(cl, cb, cmpl_list);
568 if (ret)
569 return ret;
570 break;
571
572 case MEI_FOP_NOTIFY_START:
573 case MEI_FOP_NOTIFY_STOP:
574 ret = mei_cl_irq_notify(cl, cb, cmpl_list);
575 if (ret)
576 return ret;
577 break;
578 case MEI_FOP_DMA_MAP:
579 ret = mei_cl_irq_dma_map(cl, cb, cmpl_list);
580 if (ret)
581 return ret;
582 break;
583 case MEI_FOP_DMA_UNMAP:
584 ret = mei_cl_irq_dma_unmap(cl, cb, cmpl_list);
585 if (ret)
586 return ret;
587 break;
588 default:
589 BUG();
590 }
591
592 }
593 /* complete write list CB */
594 dev_dbg(dev->dev, "complete write list cb.\n");
595 list_for_each_entry_safe(cb, next, &dev->write_list, list) {
596 cl = cb->cl;
597 ret = mei_cl_irq_write(cl, cb, cmpl_list);
598 if (ret)
599 return ret;
600 }
601 return 0;
602}
603EXPORT_SYMBOL_GPL(mei_irq_write_handler);
604
605
606/**
607 * mei_connect_timeout - connect/disconnect timeouts
608 *
609 * @cl: host client
610 */
611static void mei_connect_timeout(struct mei_cl *cl)
612{
613 struct mei_device *dev = cl->dev;
614
615 if (cl->state == MEI_FILE_CONNECTING) {
616 if (dev->hbm_f_dot_supported) {
617 cl->state = MEI_FILE_DISCONNECT_REQUIRED;
618 wake_up(&cl->wait);
619 return;
620 }
621 }
622 mei_reset(dev);
623}
624
625#define MEI_STALL_TIMER_FREQ (2 * HZ)
626/**
627 * mei_schedule_stall_timer - re-arm stall_timer work
628 *
629 * @dev: the device structure
630 *
631 * Schedule stall timer
632 */
633void mei_schedule_stall_timer(struct mei_device *dev)
634{
635 schedule_delayed_work(&dev->timer_work, MEI_STALL_TIMER_FREQ);
636}
637
638/**
639 * mei_timer - timer function.
640 *
641 * @work: pointer to the work_struct structure
642 *
643 */
644void mei_timer(struct work_struct *work)
645{
646 struct mei_cl *cl;
647 struct mei_device *dev = container_of(work,
648 struct mei_device, timer_work.work);
649 bool reschedule_timer = false;
650
651 mutex_lock(&dev->device_lock);
652
653 /* Catch interrupt stalls during HBM init handshake */
654 if (dev->dev_state == MEI_DEV_INIT_CLIENTS &&
655 dev->hbm_state != MEI_HBM_IDLE) {
656
657 if (dev->init_clients_timer) {
658 if (--dev->init_clients_timer == 0) {
659 dev_err(dev->dev, "timer: init clients timeout hbm_state = %d.\n",
660 dev->hbm_state);
661 mei_reset(dev);
662 goto out;
663 }
664 reschedule_timer = true;
665 }
666 }
667
668 if (dev->dev_state != MEI_DEV_ENABLED)
669 goto out;
670
671 /*** connect/disconnect timeouts ***/
672 list_for_each_entry(cl, &dev->file_list, link) {
673 if (cl->timer_count) {
674 if (--cl->timer_count == 0) {
675 dev_err(dev->dev, "timer: connect/disconnect timeout.\n");
676 mei_connect_timeout(cl);
677 goto out;
678 }
679 reschedule_timer = true;
680 }
681 }
682
683out:
684 if (dev->dev_state != MEI_DEV_DISABLED && reschedule_timer)
685 mei_schedule_stall_timer(dev);
686
687 mutex_unlock(&dev->device_lock);
688}
1/*
2 *
3 * Intel Management Engine Interface (Intel MEI) Linux driver
4 * Copyright (c) 2003-2012, Intel Corporation.
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms and conditions of the GNU General Public License,
8 * version 2, as published by the Free Software Foundation.
9 *
10 * This program is distributed in the hope it will be useful, but WITHOUT
11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
13 * more details.
14 *
15 */
16
17
18#include <linux/export.h>
19#include <linux/kthread.h>
20#include <linux/interrupt.h>
21#include <linux/fs.h>
22#include <linux/jiffies.h>
23#include <linux/slab.h>
24#include <linux/pm_runtime.h>
25
26#include <linux/mei.h>
27
28#include "mei_dev.h"
29#include "hbm.h"
30#include "client.h"
31
32
33/**
34 * mei_irq_compl_handler - dispatch complete handlers
35 * for the completed callbacks
36 *
37 * @dev: mei device
38 * @compl_list: list of completed cbs
39 */
40void mei_irq_compl_handler(struct mei_device *dev, struct mei_cl_cb *compl_list)
41{
42 struct mei_cl_cb *cb, *next;
43 struct mei_cl *cl;
44
45 list_for_each_entry_safe(cb, next, &compl_list->list, list) {
46 cl = cb->cl;
47 list_del_init(&cb->list);
48
49 dev_dbg(dev->dev, "completing call back.\n");
50 if (cl == &dev->iamthif_cl)
51 mei_amthif_complete(cl, cb);
52 else
53 mei_cl_complete(cl, cb);
54 }
55}
56EXPORT_SYMBOL_GPL(mei_irq_compl_handler);
57
58/**
59 * mei_cl_hbm_equal - check if hbm is addressed to the client
60 *
61 * @cl: host client
62 * @mei_hdr: header of mei client message
63 *
64 * Return: true if matches, false otherwise
65 */
66static inline int mei_cl_hbm_equal(struct mei_cl *cl,
67 struct mei_msg_hdr *mei_hdr)
68{
69 return mei_cl_host_addr(cl) == mei_hdr->host_addr &&
70 mei_cl_me_id(cl) == mei_hdr->me_addr;
71}
72
73/**
74 * mei_irq_discard_msg - discard received message
75 *
76 * @dev: mei device
77 * @hdr: message header
78 */
79static inline
80void mei_irq_discard_msg(struct mei_device *dev, struct mei_msg_hdr *hdr)
81{
82 /*
83 * no need to check for size as it is guarantied
84 * that length fits into rd_msg_buf
85 */
86 mei_read_slots(dev, dev->rd_msg_buf, hdr->length);
87 dev_dbg(dev->dev, "discarding message " MEI_HDR_FMT "\n",
88 MEI_HDR_PRM(hdr));
89}
90
91/**
92 * mei_cl_irq_read_msg - process client message
93 *
94 * @cl: reading client
95 * @mei_hdr: header of mei client message
96 * @complete_list: completion list
97 *
98 * Return: always 0
99 */
100int mei_cl_irq_read_msg(struct mei_cl *cl,
101 struct mei_msg_hdr *mei_hdr,
102 struct mei_cl_cb *complete_list)
103{
104 struct mei_device *dev = cl->dev;
105 struct mei_cl_cb *cb;
106 unsigned char *buffer = NULL;
107 size_t buf_sz;
108
109 cb = list_first_entry_or_null(&cl->rd_pending, struct mei_cl_cb, list);
110 if (!cb) {
111 cl_err(dev, cl, "pending read cb not found\n");
112 goto out;
113 }
114
115 if (!mei_cl_is_connected(cl)) {
116 cl_dbg(dev, cl, "not connected\n");
117 cb->status = -ENODEV;
118 goto out;
119 }
120
121 if (cb->buf.size == 0 || cb->buf.data == NULL) {
122 cl_err(dev, cl, "response buffer is not allocated.\n");
123 list_move_tail(&cb->list, &complete_list->list);
124 cb->status = -ENOMEM;
125 goto out;
126 }
127
128 buf_sz = mei_hdr->length + cb->buf_idx;
129 /* catch for integer overflow */
130 if (buf_sz < cb->buf_idx) {
131 cl_err(dev, cl, "message is too big len %d idx %zu\n",
132 mei_hdr->length, cb->buf_idx);
133
134 list_move_tail(&cb->list, &complete_list->list);
135 cb->status = -EMSGSIZE;
136 goto out;
137 }
138
139 if (cb->buf.size < buf_sz) {
140 cl_dbg(dev, cl, "message overflow. size %zu len %d idx %zu\n",
141 cb->buf.size, mei_hdr->length, cb->buf_idx);
142 buffer = krealloc(cb->buf.data, buf_sz, GFP_KERNEL);
143
144 if (!buffer) {
145 cb->status = -ENOMEM;
146 list_move_tail(&cb->list, &complete_list->list);
147 goto out;
148 }
149 cb->buf.data = buffer;
150 cb->buf.size = buf_sz;
151 }
152
153 buffer = cb->buf.data + cb->buf_idx;
154 mei_read_slots(dev, buffer, mei_hdr->length);
155
156 cb->buf_idx += mei_hdr->length;
157
158 if (mei_hdr->msg_complete) {
159 cl_dbg(dev, cl, "completed read length = %zu\n", cb->buf_idx);
160 list_move_tail(&cb->list, &complete_list->list);
161 } else {
162 pm_runtime_mark_last_busy(dev->dev);
163 pm_request_autosuspend(dev->dev);
164 }
165
166out:
167 if (!buffer)
168 mei_irq_discard_msg(dev, mei_hdr);
169
170 return 0;
171}
172
173/**
174 * mei_cl_irq_disconnect_rsp - send disconnection response message
175 *
176 * @cl: client
177 * @cb: callback block.
178 * @cmpl_list: complete list.
179 *
180 * Return: 0, OK; otherwise, error.
181 */
182static int mei_cl_irq_disconnect_rsp(struct mei_cl *cl, struct mei_cl_cb *cb,
183 struct mei_cl_cb *cmpl_list)
184{
185 struct mei_device *dev = cl->dev;
186 u32 msg_slots;
187 int slots;
188 int ret;
189
190 slots = mei_hbuf_empty_slots(dev);
191 msg_slots = mei_data2slots(sizeof(struct hbm_client_connect_response));
192
193 if (slots < msg_slots)
194 return -EMSGSIZE;
195
196 ret = mei_hbm_cl_disconnect_rsp(dev, cl);
197 mei_cl_set_disconnected(cl);
198 mei_io_cb_free(cb);
199 mei_me_cl_put(cl->me_cl);
200 cl->me_cl = NULL;
201
202 return ret;
203}
204
205/**
206 * mei_cl_irq_read - processes client read related operation from the
207 * interrupt thread context - request for flow control credits
208 *
209 * @cl: client
210 * @cb: callback block.
211 * @cmpl_list: complete list.
212 *
213 * Return: 0, OK; otherwise, error.
214 */
215static int mei_cl_irq_read(struct mei_cl *cl, struct mei_cl_cb *cb,
216 struct mei_cl_cb *cmpl_list)
217{
218 struct mei_device *dev = cl->dev;
219 u32 msg_slots;
220 int slots;
221 int ret;
222
223 msg_slots = mei_data2slots(sizeof(struct hbm_flow_control));
224 slots = mei_hbuf_empty_slots(dev);
225
226 if (slots < msg_slots)
227 return -EMSGSIZE;
228
229 ret = mei_hbm_cl_flow_control_req(dev, cl);
230 if (ret) {
231 cl->status = ret;
232 cb->buf_idx = 0;
233 list_move_tail(&cb->list, &cmpl_list->list);
234 return ret;
235 }
236
237 list_move_tail(&cb->list, &cl->rd_pending);
238
239 return 0;
240}
241
242static inline bool hdr_is_hbm(struct mei_msg_hdr *mei_hdr)
243{
244 return mei_hdr->host_addr == 0 && mei_hdr->me_addr == 0;
245}
246
247static inline bool hdr_is_fixed(struct mei_msg_hdr *mei_hdr)
248{
249 return mei_hdr->host_addr == 0 && mei_hdr->me_addr != 0;
250}
251
252/**
253 * mei_irq_read_handler - bottom half read routine after ISR to
254 * handle the read processing.
255 *
256 * @dev: the device structure
257 * @cmpl_list: An instance of our list structure
258 * @slots: slots to read.
259 *
260 * Return: 0 on success, <0 on failure.
261 */
262int mei_irq_read_handler(struct mei_device *dev,
263 struct mei_cl_cb *cmpl_list, s32 *slots)
264{
265 struct mei_msg_hdr *mei_hdr;
266 struct mei_cl *cl;
267 int ret;
268
269 if (!dev->rd_msg_hdr) {
270 dev->rd_msg_hdr = mei_read_hdr(dev);
271 (*slots)--;
272 dev_dbg(dev->dev, "slots =%08x.\n", *slots);
273 }
274 mei_hdr = (struct mei_msg_hdr *) &dev->rd_msg_hdr;
275 dev_dbg(dev->dev, MEI_HDR_FMT, MEI_HDR_PRM(mei_hdr));
276
277 if (mei_hdr->reserved || !dev->rd_msg_hdr) {
278 dev_err(dev->dev, "corrupted message header 0x%08X\n",
279 dev->rd_msg_hdr);
280 ret = -EBADMSG;
281 goto end;
282 }
283
284 if (mei_slots2data(*slots) < mei_hdr->length) {
285 dev_err(dev->dev, "less data available than length=%08x.\n",
286 *slots);
287 /* we can't read the message */
288 ret = -ENODATA;
289 goto end;
290 }
291
292 /* HBM message */
293 if (hdr_is_hbm(mei_hdr)) {
294 ret = mei_hbm_dispatch(dev, mei_hdr);
295 if (ret) {
296 dev_dbg(dev->dev, "mei_hbm_dispatch failed ret = %d\n",
297 ret);
298 goto end;
299 }
300 goto reset_slots;
301 }
302
303 /* find recipient cl */
304 list_for_each_entry(cl, &dev->file_list, link) {
305 if (mei_cl_hbm_equal(cl, mei_hdr)) {
306 cl_dbg(dev, cl, "got a message\n");
307 break;
308 }
309 }
310
311 /* if no recipient cl was found we assume corrupted header */
312 if (&cl->link == &dev->file_list) {
313 /* A message for not connected fixed address clients
314 * should be silently discarded
315 */
316 if (hdr_is_fixed(mei_hdr)) {
317 mei_irq_discard_msg(dev, mei_hdr);
318 ret = 0;
319 goto reset_slots;
320 }
321 dev_err(dev->dev, "no destination client found 0x%08X\n",
322 dev->rd_msg_hdr);
323 ret = -EBADMSG;
324 goto end;
325 }
326
327 if (cl == &dev->iamthif_cl) {
328 ret = mei_amthif_irq_read_msg(cl, mei_hdr, cmpl_list);
329 } else {
330 ret = mei_cl_irq_read_msg(cl, mei_hdr, cmpl_list);
331 }
332
333
334reset_slots:
335 /* reset the number of slots and header */
336 *slots = mei_count_full_read_slots(dev);
337 dev->rd_msg_hdr = 0;
338
339 if (*slots == -EOVERFLOW) {
340 /* overflow - reset */
341 dev_err(dev->dev, "resetting due to slots overflow.\n");
342 /* set the event since message has been read */
343 ret = -ERANGE;
344 goto end;
345 }
346end:
347 return ret;
348}
349EXPORT_SYMBOL_GPL(mei_irq_read_handler);
350
351
352/**
353 * mei_irq_write_handler - dispatch write requests
354 * after irq received
355 *
356 * @dev: the device structure
357 * @cmpl_list: An instance of our list structure
358 *
359 * Return: 0 on success, <0 on failure.
360 */
361int mei_irq_write_handler(struct mei_device *dev, struct mei_cl_cb *cmpl_list)
362{
363
364 struct mei_cl *cl;
365 struct mei_cl_cb *cb, *next;
366 struct mei_cl_cb *list;
367 s32 slots;
368 int ret;
369
370
371 if (!mei_hbuf_acquire(dev))
372 return 0;
373
374 slots = mei_hbuf_empty_slots(dev);
375 if (slots <= 0)
376 return -EMSGSIZE;
377
378 /* complete all waiting for write CB */
379 dev_dbg(dev->dev, "complete all waiting for write cb.\n");
380
381 list = &dev->write_waiting_list;
382 list_for_each_entry_safe(cb, next, &list->list, list) {
383 cl = cb->cl;
384
385 cl->status = 0;
386 cl_dbg(dev, cl, "MEI WRITE COMPLETE\n");
387 cl->writing_state = MEI_WRITE_COMPLETE;
388 list_move_tail(&cb->list, &cmpl_list->list);
389 }
390
391 /* complete control write list CB */
392 dev_dbg(dev->dev, "complete control write list cb.\n");
393 list_for_each_entry_safe(cb, next, &dev->ctrl_wr_list.list, list) {
394 cl = cb->cl;
395 switch (cb->fop_type) {
396 case MEI_FOP_DISCONNECT:
397 /* send disconnect message */
398 ret = mei_cl_irq_disconnect(cl, cb, cmpl_list);
399 if (ret)
400 return ret;
401
402 break;
403 case MEI_FOP_READ:
404 /* send flow control message */
405 ret = mei_cl_irq_read(cl, cb, cmpl_list);
406 if (ret)
407 return ret;
408
409 break;
410 case MEI_FOP_CONNECT:
411 /* connect message */
412 ret = mei_cl_irq_connect(cl, cb, cmpl_list);
413 if (ret)
414 return ret;
415
416 break;
417 case MEI_FOP_DISCONNECT_RSP:
418 /* send disconnect resp */
419 ret = mei_cl_irq_disconnect_rsp(cl, cb, cmpl_list);
420 if (ret)
421 return ret;
422 break;
423
424 case MEI_FOP_NOTIFY_START:
425 case MEI_FOP_NOTIFY_STOP:
426 ret = mei_cl_irq_notify(cl, cb, cmpl_list);
427 if (ret)
428 return ret;
429 break;
430 default:
431 BUG();
432 }
433
434 }
435 /* complete write list CB */
436 dev_dbg(dev->dev, "complete write list cb.\n");
437 list_for_each_entry_safe(cb, next, &dev->write_list.list, list) {
438 cl = cb->cl;
439 if (cl == &dev->iamthif_cl)
440 ret = mei_amthif_irq_write(cl, cb, cmpl_list);
441 else
442 ret = mei_cl_irq_write(cl, cb, cmpl_list);
443 if (ret)
444 return ret;
445 }
446 return 0;
447}
448EXPORT_SYMBOL_GPL(mei_irq_write_handler);
449
450
451/**
452 * mei_connect_timeout - connect/disconnect timeouts
453 *
454 * @cl: host client
455 */
456static void mei_connect_timeout(struct mei_cl *cl)
457{
458 struct mei_device *dev = cl->dev;
459
460 if (cl->state == MEI_FILE_CONNECTING) {
461 if (dev->hbm_f_dot_supported) {
462 cl->state = MEI_FILE_DISCONNECT_REQUIRED;
463 wake_up(&cl->wait);
464 return;
465 }
466 }
467 mei_reset(dev);
468}
469
470/**
471 * mei_timer - timer function.
472 *
473 * @work: pointer to the work_struct structure
474 *
475 */
476void mei_timer(struct work_struct *work)
477{
478 struct mei_cl *cl;
479
480 struct mei_device *dev = container_of(work,
481 struct mei_device, timer_work.work);
482
483
484 mutex_lock(&dev->device_lock);
485
486 /* Catch interrupt stalls during HBM init handshake */
487 if (dev->dev_state == MEI_DEV_INIT_CLIENTS &&
488 dev->hbm_state != MEI_HBM_IDLE) {
489
490 if (dev->init_clients_timer) {
491 if (--dev->init_clients_timer == 0) {
492 dev_err(dev->dev, "timer: init clients timeout hbm_state = %d.\n",
493 dev->hbm_state);
494 mei_reset(dev);
495 goto out;
496 }
497 }
498 }
499
500 if (dev->dev_state != MEI_DEV_ENABLED)
501 goto out;
502
503 /*** connect/disconnect timeouts ***/
504 list_for_each_entry(cl, &dev->file_list, link) {
505 if (cl->timer_count) {
506 if (--cl->timer_count == 0) {
507 dev_err(dev->dev, "timer: connect/disconnect timeout.\n");
508 mei_connect_timeout(cl);
509 goto out;
510 }
511 }
512 }
513
514 if (!mei_cl_is_connected(&dev->iamthif_cl))
515 goto out;
516
517 if (dev->iamthif_stall_timer) {
518 if (--dev->iamthif_stall_timer == 0) {
519 dev_err(dev->dev, "timer: amthif hanged.\n");
520 mei_reset(dev);
521 dev->iamthif_canceled = false;
522 dev->iamthif_state = MEI_IAMTHIF_IDLE;
523
524 mei_io_cb_free(dev->iamthif_current_cb);
525 dev->iamthif_current_cb = NULL;
526
527 dev->iamthif_fp = NULL;
528 mei_amthif_run_next_cmd(dev);
529 }
530 }
531
532out:
533 if (dev->dev_state != MEI_DEV_DISABLED)
534 schedule_delayed_work(&dev->timer_work, 2 * HZ);
535 mutex_unlock(&dev->device_lock);
536}