Loading...
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * Copyright (c) 2003-2022, Intel Corporation. All rights reserved.
4 * Intel Management Engine Interface (Intel MEI) Linux driver
5 */
6
7#include <linux/module.h>
8#include <linux/moduleparam.h>
9#include <linux/kernel.h>
10#include <linux/device.h>
11#include <linux/slab.h>
12#include <linux/fs.h>
13#include <linux/errno.h>
14#include <linux/types.h>
15#include <linux/fcntl.h>
16#include <linux/poll.h>
17#include <linux/init.h>
18#include <linux/ioctl.h>
19#include <linux/cdev.h>
20#include <linux/sched/signal.h>
21#include <linux/compat.h>
22#include <linux/jiffies.h>
23#include <linux/interrupt.h>
24
25#include <linux/mei.h>
26
27#include "mei_dev.h"
28#include "client.h"
29
30static const struct class mei_class = {
31 .name = "mei",
32};
33
34static dev_t mei_devt;
35#define MEI_MAX_DEVS MINORMASK
36static DEFINE_MUTEX(mei_minor_lock);
37static DEFINE_IDR(mei_idr);
38
39/**
40 * mei_open - the open function
41 *
42 * @inode: pointer to inode structure
43 * @file: pointer to file structure
44 *
45 * Return: 0 on success, <0 on error
46 */
47static int mei_open(struct inode *inode, struct file *file)
48{
49 struct mei_device *dev;
50 struct mei_cl *cl;
51
52 int err;
53
54 dev = container_of(inode->i_cdev, struct mei_device, cdev);
55
56 mutex_lock(&dev->device_lock);
57
58 if (dev->dev_state != MEI_DEV_ENABLED) {
59 dev_dbg(dev->dev, "dev_state != MEI_ENABLED dev_state = %s\n",
60 mei_dev_state_str(dev->dev_state));
61 err = -ENODEV;
62 goto err_unlock;
63 }
64
65 cl = mei_cl_alloc_linked(dev);
66 if (IS_ERR(cl)) {
67 err = PTR_ERR(cl);
68 goto err_unlock;
69 }
70
71 cl->fp = file;
72 file->private_data = cl;
73
74 mutex_unlock(&dev->device_lock);
75
76 return nonseekable_open(inode, file);
77
78err_unlock:
79 mutex_unlock(&dev->device_lock);
80 return err;
81}
82
83/**
84 * mei_cl_vtag_remove_by_fp - remove vtag that corresponds to fp from list
85 *
86 * @cl: host client
87 * @fp: pointer to file structure
88 *
89 */
90static void mei_cl_vtag_remove_by_fp(const struct mei_cl *cl,
91 const struct file *fp)
92{
93 struct mei_cl_vtag *vtag_l, *next;
94
95 list_for_each_entry_safe(vtag_l, next, &cl->vtag_map, list) {
96 if (vtag_l->fp == fp) {
97 list_del(&vtag_l->list);
98 kfree(vtag_l);
99 return;
100 }
101 }
102}
103
104/**
105 * mei_release - the release function
106 *
107 * @inode: pointer to inode structure
108 * @file: pointer to file structure
109 *
110 * Return: 0 on success, <0 on error
111 */
112static int mei_release(struct inode *inode, struct file *file)
113{
114 struct mei_cl *cl = file->private_data;
115 struct mei_device *dev;
116 int rets;
117
118 if (WARN_ON(!cl || !cl->dev))
119 return -ENODEV;
120
121 dev = cl->dev;
122
123 mutex_lock(&dev->device_lock);
124
125 mei_cl_vtag_remove_by_fp(cl, file);
126
127 if (!list_empty(&cl->vtag_map)) {
128 cl_dbg(dev, cl, "not the last vtag\n");
129 mei_cl_flush_queues(cl, file);
130 rets = 0;
131 goto out;
132 }
133
134 rets = mei_cl_disconnect(cl);
135 /*
136 * Check again: This is necessary since disconnect releases the lock
137 * and another client can connect in the meantime.
138 */
139 if (!list_empty(&cl->vtag_map)) {
140 cl_dbg(dev, cl, "not the last vtag after disconnect\n");
141 mei_cl_flush_queues(cl, file);
142 goto out;
143 }
144
145 mei_cl_flush_queues(cl, NULL);
146 cl_dbg(dev, cl, "removing\n");
147
148 mei_cl_unlink(cl);
149 kfree(cl);
150
151out:
152 file->private_data = NULL;
153
154 mutex_unlock(&dev->device_lock);
155 return rets;
156}
157
158
159/**
160 * mei_read - the read function.
161 *
162 * @file: pointer to file structure
163 * @ubuf: pointer to user buffer
164 * @length: buffer length
165 * @offset: data offset in buffer
166 *
167 * Return: >=0 data length on success , <0 on error
168 */
169static ssize_t mei_read(struct file *file, char __user *ubuf,
170 size_t length, loff_t *offset)
171{
172 struct mei_cl *cl = file->private_data;
173 struct mei_device *dev;
174 struct mei_cl_cb *cb = NULL;
175 bool nonblock = !!(file->f_flags & O_NONBLOCK);
176 ssize_t rets;
177
178 if (WARN_ON(!cl || !cl->dev))
179 return -ENODEV;
180
181 dev = cl->dev;
182
183
184 mutex_lock(&dev->device_lock);
185 if (dev->dev_state != MEI_DEV_ENABLED) {
186 rets = -ENODEV;
187 goto out;
188 }
189
190 if (length == 0) {
191 rets = 0;
192 goto out;
193 }
194
195 if (ubuf == NULL) {
196 rets = -EMSGSIZE;
197 goto out;
198 }
199
200 cb = mei_cl_read_cb(cl, file);
201 if (cb)
202 goto copy_buffer;
203
204 if (*offset > 0)
205 *offset = 0;
206
207 rets = mei_cl_read_start(cl, length, file);
208 if (rets && rets != -EBUSY) {
209 cl_dbg(dev, cl, "mei start read failure status = %zd\n", rets);
210 goto out;
211 }
212
213 if (nonblock) {
214 rets = -EAGAIN;
215 goto out;
216 }
217
218 mutex_unlock(&dev->device_lock);
219 if (wait_event_interruptible(cl->rx_wait,
220 mei_cl_read_cb(cl, file) ||
221 !mei_cl_is_connected(cl))) {
222 if (signal_pending(current))
223 return -EINTR;
224 return -ERESTARTSYS;
225 }
226 mutex_lock(&dev->device_lock);
227
228 if (!mei_cl_is_connected(cl)) {
229 rets = -ENODEV;
230 goto out;
231 }
232
233 cb = mei_cl_read_cb(cl, file);
234 if (!cb) {
235 rets = 0;
236 goto out;
237 }
238
239copy_buffer:
240 /* now copy the data to user space */
241 if (cb->status) {
242 rets = cb->status;
243 cl_dbg(dev, cl, "read operation failed %zd\n", rets);
244 goto free;
245 }
246
247 cl_dbg(dev, cl, "buf.size = %zu buf.idx = %zu offset = %lld\n",
248 cb->buf.size, cb->buf_idx, *offset);
249 if (*offset >= cb->buf_idx) {
250 rets = 0;
251 goto free;
252 }
253
254 /* length is being truncated to PAGE_SIZE,
255 * however buf_idx may point beyond that */
256 length = min_t(size_t, length, cb->buf_idx - *offset);
257
258 if (copy_to_user(ubuf, cb->buf.data + *offset, length)) {
259 dev_dbg(dev->dev, "failed to copy data to userland\n");
260 rets = -EFAULT;
261 goto free;
262 }
263
264 rets = length;
265 *offset += length;
266 /* not all data was read, keep the cb */
267 if (*offset < cb->buf_idx)
268 goto out;
269
270free:
271 mei_cl_del_rd_completed(cl, cb);
272 *offset = 0;
273
274out:
275 cl_dbg(dev, cl, "end mei read rets = %zd\n", rets);
276 mutex_unlock(&dev->device_lock);
277 return rets;
278}
279
280/**
281 * mei_cl_vtag_by_fp - obtain the vtag by file pointer
282 *
283 * @cl: host client
284 * @fp: pointer to file structure
285 *
286 * Return: vtag value on success, otherwise 0
287 */
288static u8 mei_cl_vtag_by_fp(const struct mei_cl *cl, const struct file *fp)
289{
290 struct mei_cl_vtag *cl_vtag;
291
292 if (!fp)
293 return 0;
294
295 list_for_each_entry(cl_vtag, &cl->vtag_map, list)
296 if (cl_vtag->fp == fp)
297 return cl_vtag->vtag;
298 return 0;
299}
300
301/**
302 * mei_write - the write function.
303 *
304 * @file: pointer to file structure
305 * @ubuf: pointer to user buffer
306 * @length: buffer length
307 * @offset: data offset in buffer
308 *
309 * Return: >=0 data length on success , <0 on error
310 */
311static ssize_t mei_write(struct file *file, const char __user *ubuf,
312 size_t length, loff_t *offset)
313{
314 struct mei_cl *cl = file->private_data;
315 struct mei_cl_cb *cb;
316 struct mei_device *dev;
317 ssize_t rets;
318
319 if (WARN_ON(!cl || !cl->dev))
320 return -ENODEV;
321
322 dev = cl->dev;
323
324 mutex_lock(&dev->device_lock);
325
326 if (dev->dev_state != MEI_DEV_ENABLED) {
327 rets = -ENODEV;
328 goto out;
329 }
330
331 if (!mei_cl_is_connected(cl)) {
332 cl_err(dev, cl, "is not connected");
333 rets = -ENODEV;
334 goto out;
335 }
336
337 if (!mei_me_cl_is_active(cl->me_cl)) {
338 rets = -ENOTTY;
339 goto out;
340 }
341
342 if (length > mei_cl_mtu(cl)) {
343 rets = -EFBIG;
344 goto out;
345 }
346
347 if (length == 0) {
348 rets = 0;
349 goto out;
350 }
351
352 while (cl->tx_cb_queued >= dev->tx_queue_limit) {
353 if (file->f_flags & O_NONBLOCK) {
354 rets = -EAGAIN;
355 goto out;
356 }
357 mutex_unlock(&dev->device_lock);
358 rets = wait_event_interruptible(cl->tx_wait,
359 cl->writing_state == MEI_WRITE_COMPLETE ||
360 (!mei_cl_is_connected(cl)));
361 mutex_lock(&dev->device_lock);
362 if (rets) {
363 if (signal_pending(current))
364 rets = -EINTR;
365 goto out;
366 }
367 if (!mei_cl_is_connected(cl)) {
368 rets = -ENODEV;
369 goto out;
370 }
371 }
372
373 cb = mei_cl_alloc_cb(cl, length, MEI_FOP_WRITE, file);
374 if (!cb) {
375 rets = -ENOMEM;
376 goto out;
377 }
378 cb->vtag = mei_cl_vtag_by_fp(cl, file);
379
380 rets = copy_from_user(cb->buf.data, ubuf, length);
381 if (rets) {
382 dev_dbg(dev->dev, "failed to copy data from userland\n");
383 rets = -EFAULT;
384 mei_io_cb_free(cb);
385 goto out;
386 }
387
388 rets = mei_cl_write(cl, cb, MAX_SCHEDULE_TIMEOUT);
389out:
390 mutex_unlock(&dev->device_lock);
391 return rets;
392}
393
394/**
395 * mei_ioctl_connect_client - the connect to fw client IOCTL function
396 *
397 * @file: private data of the file object
398 * @in_client_uuid: requested UUID for connection
399 * @client: IOCTL connect data, output parameters
400 *
401 * Locking: called under "dev->device_lock" lock
402 *
403 * Return: 0 on success, <0 on failure.
404 */
405static int mei_ioctl_connect_client(struct file *file,
406 const uuid_le *in_client_uuid,
407 struct mei_client *client)
408{
409 struct mei_device *dev;
410 struct mei_me_client *me_cl;
411 struct mei_cl *cl;
412 int rets;
413
414 cl = file->private_data;
415 dev = cl->dev;
416
417 if (cl->state != MEI_FILE_INITIALIZING &&
418 cl->state != MEI_FILE_DISCONNECTED)
419 return -EBUSY;
420
421 /* find ME client we're trying to connect to */
422 me_cl = mei_me_cl_by_uuid(dev, in_client_uuid);
423 if (!me_cl) {
424 dev_dbg(dev->dev, "Cannot connect to FW Client UUID = %pUl\n",
425 in_client_uuid);
426 rets = -ENOTTY;
427 goto end;
428 }
429
430 if (me_cl->props.fixed_address) {
431 bool forbidden = dev->override_fixed_address ?
432 !dev->allow_fixed_address : !dev->hbm_f_fa_supported;
433 if (forbidden) {
434 dev_dbg(dev->dev, "Connection forbidden to FW Client UUID = %pUl\n",
435 in_client_uuid);
436 rets = -ENOTTY;
437 goto end;
438 }
439 }
440
441 dev_dbg(dev->dev, "Connect to FW Client ID = %d\n",
442 me_cl->client_id);
443 dev_dbg(dev->dev, "FW Client - Protocol Version = %d\n",
444 me_cl->props.protocol_version);
445 dev_dbg(dev->dev, "FW Client - Max Msg Len = %d\n",
446 me_cl->props.max_msg_length);
447
448 /* prepare the output buffer */
449 client->max_msg_length = me_cl->props.max_msg_length;
450 client->protocol_version = me_cl->props.protocol_version;
451 dev_dbg(dev->dev, "Can connect?\n");
452
453 rets = mei_cl_connect(cl, me_cl, file);
454
455end:
456 mei_me_cl_put(me_cl);
457 return rets;
458}
459
460/**
461 * mei_vt_support_check - check if client support vtags
462 *
463 * @dev: mei_device
464 * @uuid: client UUID
465 *
466 * Locking: called under "dev->device_lock" lock
467 *
468 * Return:
469 * 0 - supported
470 * -ENOTTY - no such client
471 * -EOPNOTSUPP - vtags are not supported by client
472 */
473static int mei_vt_support_check(struct mei_device *dev, const uuid_le *uuid)
474{
475 struct mei_me_client *me_cl;
476 int ret;
477
478 if (!dev->hbm_f_vt_supported)
479 return -EOPNOTSUPP;
480
481 me_cl = mei_me_cl_by_uuid(dev, uuid);
482 if (!me_cl) {
483 dev_dbg(dev->dev, "Cannot connect to FW Client UUID = %pUl\n",
484 uuid);
485 return -ENOTTY;
486 }
487 ret = me_cl->props.vt_supported ? 0 : -EOPNOTSUPP;
488 mei_me_cl_put(me_cl);
489
490 return ret;
491}
492
493/**
494 * mei_ioctl_connect_vtag - connect to fw client with vtag IOCTL function
495 *
496 * @file: private data of the file object
497 * @in_client_uuid: requested UUID for connection
498 * @client: IOCTL connect data, output parameters
499 * @vtag: vm tag
500 *
501 * Locking: called under "dev->device_lock" lock
502 *
503 * Return: 0 on success, <0 on failure.
504 */
505static int mei_ioctl_connect_vtag(struct file *file,
506 const uuid_le *in_client_uuid,
507 struct mei_client *client,
508 u8 vtag)
509{
510 struct mei_device *dev;
511 struct mei_cl *cl;
512 struct mei_cl *pos;
513 struct mei_cl_vtag *cl_vtag;
514
515 cl = file->private_data;
516 dev = cl->dev;
517
518 dev_dbg(dev->dev, "FW Client %pUl vtag %d\n", in_client_uuid, vtag);
519
520 switch (cl->state) {
521 case MEI_FILE_DISCONNECTED:
522 if (mei_cl_vtag_by_fp(cl, file) != vtag) {
523 dev_err(dev->dev, "reconnect with different vtag\n");
524 return -EINVAL;
525 }
526 break;
527 case MEI_FILE_INITIALIZING:
528 /* malicious connect from another thread may push vtag */
529 if (!IS_ERR(mei_cl_fp_by_vtag(cl, vtag))) {
530 dev_err(dev->dev, "vtag already filled\n");
531 return -EINVAL;
532 }
533
534 list_for_each_entry(pos, &dev->file_list, link) {
535 if (pos == cl)
536 continue;
537 if (!pos->me_cl)
538 continue;
539
540 /* only search for same UUID */
541 if (uuid_le_cmp(*mei_cl_uuid(pos), *in_client_uuid))
542 continue;
543
544 /* if tag already exist try another fp */
545 if (!IS_ERR(mei_cl_fp_by_vtag(pos, vtag)))
546 continue;
547
548 /* replace cl with acquired one */
549 dev_dbg(dev->dev, "replacing with existing cl\n");
550 mei_cl_unlink(cl);
551 kfree(cl);
552 file->private_data = pos;
553 cl = pos;
554 break;
555 }
556
557 cl_vtag = mei_cl_vtag_alloc(file, vtag);
558 if (IS_ERR(cl_vtag))
559 return -ENOMEM;
560
561 list_add_tail(&cl_vtag->list, &cl->vtag_map);
562 break;
563 default:
564 return -EBUSY;
565 }
566
567 while (cl->state != MEI_FILE_INITIALIZING &&
568 cl->state != MEI_FILE_DISCONNECTED &&
569 cl->state != MEI_FILE_CONNECTED) {
570 mutex_unlock(&dev->device_lock);
571 wait_event_timeout(cl->wait,
572 (cl->state == MEI_FILE_CONNECTED ||
573 cl->state == MEI_FILE_DISCONNECTED ||
574 cl->state == MEI_FILE_DISCONNECT_REQUIRED ||
575 cl->state == MEI_FILE_DISCONNECT_REPLY),
576 dev->timeouts.cl_connect);
577 mutex_lock(&dev->device_lock);
578 }
579
580 if (!mei_cl_is_connected(cl))
581 return mei_ioctl_connect_client(file, in_client_uuid, client);
582
583 client->max_msg_length = cl->me_cl->props.max_msg_length;
584 client->protocol_version = cl->me_cl->props.protocol_version;
585
586 return 0;
587}
588
589/**
590 * mei_ioctl_client_notify_request - propagate event notification
591 * request to client
592 *
593 * @file: pointer to file structure
594 * @request: 0 - disable, 1 - enable
595 *
596 * Return: 0 on success , <0 on error
597 */
598static int mei_ioctl_client_notify_request(const struct file *file, u32 request)
599{
600 struct mei_cl *cl = file->private_data;
601
602 if (request != MEI_HBM_NOTIFICATION_START &&
603 request != MEI_HBM_NOTIFICATION_STOP)
604 return -EINVAL;
605
606 return mei_cl_notify_request(cl, file, (u8)request);
607}
608
609/**
610 * mei_ioctl_client_notify_get - wait for notification request
611 *
612 * @file: pointer to file structure
613 * @notify_get: 0 - disable, 1 - enable
614 *
615 * Return: 0 on success , <0 on error
616 */
617static int mei_ioctl_client_notify_get(const struct file *file, u32 *notify_get)
618{
619 struct mei_cl *cl = file->private_data;
620 bool notify_ev;
621 bool block = (file->f_flags & O_NONBLOCK) == 0;
622 int rets;
623
624 rets = mei_cl_notify_get(cl, block, ¬ify_ev);
625 if (rets)
626 return rets;
627
628 *notify_get = notify_ev ? 1 : 0;
629 return 0;
630}
631
632/**
633 * mei_ioctl - the IOCTL function
634 *
635 * @file: pointer to file structure
636 * @cmd: ioctl command
637 * @data: pointer to mei message structure
638 *
639 * Return: 0 on success , <0 on error
640 */
641static long mei_ioctl(struct file *file, unsigned int cmd, unsigned long data)
642{
643 struct mei_device *dev;
644 struct mei_cl *cl = file->private_data;
645 struct mei_connect_client_data conn;
646 struct mei_connect_client_data_vtag conn_vtag;
647 const uuid_le *cl_uuid;
648 struct mei_client *props;
649 u8 vtag;
650 u32 notify_get, notify_req;
651 int rets;
652
653
654 if (WARN_ON(!cl || !cl->dev))
655 return -ENODEV;
656
657 dev = cl->dev;
658
659 dev_dbg(dev->dev, "IOCTL cmd = 0x%x", cmd);
660
661 mutex_lock(&dev->device_lock);
662 if (dev->dev_state != MEI_DEV_ENABLED) {
663 rets = -ENODEV;
664 goto out;
665 }
666
667 switch (cmd) {
668 case IOCTL_MEI_CONNECT_CLIENT:
669 dev_dbg(dev->dev, ": IOCTL_MEI_CONNECT_CLIENT.\n");
670 if (copy_from_user(&conn, (char __user *)data, sizeof(conn))) {
671 dev_dbg(dev->dev, "failed to copy data from userland\n");
672 rets = -EFAULT;
673 goto out;
674 }
675 cl_uuid = &conn.in_client_uuid;
676 props = &conn.out_client_properties;
677 vtag = 0;
678
679 rets = mei_vt_support_check(dev, cl_uuid);
680 if (rets == -ENOTTY)
681 goto out;
682 if (!rets)
683 rets = mei_ioctl_connect_vtag(file, cl_uuid, props,
684 vtag);
685 else
686 rets = mei_ioctl_connect_client(file, cl_uuid, props);
687 if (rets)
688 goto out;
689
690 /* if all is ok, copying the data back to user. */
691 if (copy_to_user((char __user *)data, &conn, sizeof(conn))) {
692 dev_dbg(dev->dev, "failed to copy data to userland\n");
693 rets = -EFAULT;
694 goto out;
695 }
696
697 break;
698
699 case IOCTL_MEI_CONNECT_CLIENT_VTAG:
700 dev_dbg(dev->dev, "IOCTL_MEI_CONNECT_CLIENT_VTAG\n");
701 if (copy_from_user(&conn_vtag, (char __user *)data,
702 sizeof(conn_vtag))) {
703 dev_dbg(dev->dev, "failed to copy data from userland\n");
704 rets = -EFAULT;
705 goto out;
706 }
707
708 cl_uuid = &conn_vtag.connect.in_client_uuid;
709 props = &conn_vtag.out_client_properties;
710 vtag = conn_vtag.connect.vtag;
711
712 rets = mei_vt_support_check(dev, cl_uuid);
713 if (rets == -EOPNOTSUPP)
714 dev_dbg(dev->dev, "FW Client %pUl does not support vtags\n",
715 cl_uuid);
716 if (rets)
717 goto out;
718
719 if (!vtag) {
720 dev_dbg(dev->dev, "vtag can't be zero\n");
721 rets = -EINVAL;
722 goto out;
723 }
724
725 rets = mei_ioctl_connect_vtag(file, cl_uuid, props, vtag);
726 if (rets)
727 goto out;
728
729 /* if all is ok, copying the data back to user. */
730 if (copy_to_user((char __user *)data, &conn_vtag,
731 sizeof(conn_vtag))) {
732 dev_dbg(dev->dev, "failed to copy data to userland\n");
733 rets = -EFAULT;
734 goto out;
735 }
736
737 break;
738
739 case IOCTL_MEI_NOTIFY_SET:
740 dev_dbg(dev->dev, ": IOCTL_MEI_NOTIFY_SET.\n");
741 if (copy_from_user(¬ify_req,
742 (char __user *)data, sizeof(notify_req))) {
743 dev_dbg(dev->dev, "failed to copy data from userland\n");
744 rets = -EFAULT;
745 goto out;
746 }
747 rets = mei_ioctl_client_notify_request(file, notify_req);
748 break;
749
750 case IOCTL_MEI_NOTIFY_GET:
751 dev_dbg(dev->dev, ": IOCTL_MEI_NOTIFY_GET.\n");
752 rets = mei_ioctl_client_notify_get(file, ¬ify_get);
753 if (rets)
754 goto out;
755
756 dev_dbg(dev->dev, "copy connect data to user\n");
757 if (copy_to_user((char __user *)data,
758 ¬ify_get, sizeof(notify_get))) {
759 dev_dbg(dev->dev, "failed to copy data to userland\n");
760 rets = -EFAULT;
761 goto out;
762
763 }
764 break;
765
766 default:
767 rets = -ENOIOCTLCMD;
768 }
769
770out:
771 mutex_unlock(&dev->device_lock);
772 return rets;
773}
774
775/**
776 * mei_poll - the poll function
777 *
778 * @file: pointer to file structure
779 * @wait: pointer to poll_table structure
780 *
781 * Return: poll mask
782 */
783static __poll_t mei_poll(struct file *file, poll_table *wait)
784{
785 __poll_t req_events = poll_requested_events(wait);
786 struct mei_cl *cl = file->private_data;
787 struct mei_device *dev;
788 __poll_t mask = 0;
789 bool notify_en;
790
791 if (WARN_ON(!cl || !cl->dev))
792 return EPOLLERR;
793
794 dev = cl->dev;
795
796 mutex_lock(&dev->device_lock);
797
798 notify_en = cl->notify_en && (req_events & EPOLLPRI);
799
800 if (dev->dev_state != MEI_DEV_ENABLED ||
801 !mei_cl_is_connected(cl)) {
802 mask = EPOLLERR;
803 goto out;
804 }
805
806 if (notify_en) {
807 poll_wait(file, &cl->ev_wait, wait);
808 if (cl->notify_ev)
809 mask |= EPOLLPRI;
810 }
811
812 if (req_events & (EPOLLIN | EPOLLRDNORM)) {
813 poll_wait(file, &cl->rx_wait, wait);
814
815 if (mei_cl_read_cb(cl, file))
816 mask |= EPOLLIN | EPOLLRDNORM;
817 else
818 mei_cl_read_start(cl, mei_cl_mtu(cl), file);
819 }
820
821 if (req_events & (EPOLLOUT | EPOLLWRNORM)) {
822 poll_wait(file, &cl->tx_wait, wait);
823 if (cl->tx_cb_queued < dev->tx_queue_limit)
824 mask |= EPOLLOUT | EPOLLWRNORM;
825 }
826
827out:
828 mutex_unlock(&dev->device_lock);
829 return mask;
830}
831
832/**
833 * mei_cl_is_write_queued - check if the client has pending writes.
834 *
835 * @cl: writing host client
836 *
837 * Return: true if client is writing, false otherwise.
838 */
839static bool mei_cl_is_write_queued(struct mei_cl *cl)
840{
841 struct mei_device *dev = cl->dev;
842 struct mei_cl_cb *cb;
843
844 list_for_each_entry(cb, &dev->write_list, list)
845 if (cb->cl == cl)
846 return true;
847 list_for_each_entry(cb, &dev->write_waiting_list, list)
848 if (cb->cl == cl)
849 return true;
850 return false;
851}
852
853/**
854 * mei_fsync - the fsync handler
855 *
856 * @fp: pointer to file structure
857 * @start: unused
858 * @end: unused
859 * @datasync: unused
860 *
861 * Return: 0 on success, -ENODEV if client is not connected
862 */
863static int mei_fsync(struct file *fp, loff_t start, loff_t end, int datasync)
864{
865 struct mei_cl *cl = fp->private_data;
866 struct mei_device *dev;
867 int rets;
868
869 if (WARN_ON(!cl || !cl->dev))
870 return -ENODEV;
871
872 dev = cl->dev;
873
874 mutex_lock(&dev->device_lock);
875
876 if (dev->dev_state != MEI_DEV_ENABLED || !mei_cl_is_connected(cl)) {
877 rets = -ENODEV;
878 goto out;
879 }
880
881 while (mei_cl_is_write_queued(cl)) {
882 mutex_unlock(&dev->device_lock);
883 rets = wait_event_interruptible(cl->tx_wait,
884 cl->writing_state == MEI_WRITE_COMPLETE ||
885 !mei_cl_is_connected(cl));
886 mutex_lock(&dev->device_lock);
887 if (rets) {
888 if (signal_pending(current))
889 rets = -EINTR;
890 goto out;
891 }
892 if (!mei_cl_is_connected(cl)) {
893 rets = -ENODEV;
894 goto out;
895 }
896 }
897 rets = 0;
898out:
899 mutex_unlock(&dev->device_lock);
900 return rets;
901}
902
903/**
904 * mei_fasync - asynchronous io support
905 *
906 * @fd: file descriptor
907 * @file: pointer to file structure
908 * @band: band bitmap
909 *
910 * Return: negative on error,
911 * 0 if it did no changes,
912 * and positive a process was added or deleted
913 */
914static int mei_fasync(int fd, struct file *file, int band)
915{
916
917 struct mei_cl *cl = file->private_data;
918
919 if (!mei_cl_is_connected(cl))
920 return -ENODEV;
921
922 return fasync_helper(fd, file, band, &cl->ev_async);
923}
924
925/**
926 * trc_show - mei device trc attribute show method
927 *
928 * @device: device pointer
929 * @attr: attribute pointer
930 * @buf: char out buffer
931 *
932 * Return: number of the bytes printed into buf or error
933 */
934static ssize_t trc_show(struct device *device,
935 struct device_attribute *attr, char *buf)
936{
937 struct mei_device *dev = dev_get_drvdata(device);
938 u32 trc;
939 int ret;
940
941 ret = mei_trc_status(dev, &trc);
942 if (ret)
943 return ret;
944 return sprintf(buf, "%08X\n", trc);
945}
946static DEVICE_ATTR_RO(trc);
947
948/**
949 * fw_status_show - mei device fw_status attribute show method
950 *
951 * @device: device pointer
952 * @attr: attribute pointer
953 * @buf: char out buffer
954 *
955 * Return: number of the bytes printed into buf or error
956 */
957static ssize_t fw_status_show(struct device *device,
958 struct device_attribute *attr, char *buf)
959{
960 struct mei_device *dev = dev_get_drvdata(device);
961 struct mei_fw_status fw_status;
962 int err, i;
963 ssize_t cnt = 0;
964
965 mutex_lock(&dev->device_lock);
966 err = mei_fw_status(dev, &fw_status);
967 mutex_unlock(&dev->device_lock);
968 if (err) {
969 dev_err(device, "read fw_status error = %d\n", err);
970 return err;
971 }
972
973 for (i = 0; i < fw_status.count; i++)
974 cnt += scnprintf(buf + cnt, PAGE_SIZE - cnt, "%08X\n",
975 fw_status.status[i]);
976 return cnt;
977}
978static DEVICE_ATTR_RO(fw_status);
979
980/**
981 * hbm_ver_show - display HBM protocol version negotiated with FW
982 *
983 * @device: device pointer
984 * @attr: attribute pointer
985 * @buf: char out buffer
986 *
987 * Return: number of the bytes printed into buf or error
988 */
989static ssize_t hbm_ver_show(struct device *device,
990 struct device_attribute *attr, char *buf)
991{
992 struct mei_device *dev = dev_get_drvdata(device);
993 struct hbm_version ver;
994
995 mutex_lock(&dev->device_lock);
996 ver = dev->version;
997 mutex_unlock(&dev->device_lock);
998
999 return sprintf(buf, "%u.%u\n", ver.major_version, ver.minor_version);
1000}
1001static DEVICE_ATTR_RO(hbm_ver);
1002
1003/**
1004 * hbm_ver_drv_show - display HBM protocol version advertised by driver
1005 *
1006 * @device: device pointer
1007 * @attr: attribute pointer
1008 * @buf: char out buffer
1009 *
1010 * Return: number of the bytes printed into buf or error
1011 */
1012static ssize_t hbm_ver_drv_show(struct device *device,
1013 struct device_attribute *attr, char *buf)
1014{
1015 return sprintf(buf, "%u.%u\n", HBM_MAJOR_VERSION, HBM_MINOR_VERSION);
1016}
1017static DEVICE_ATTR_RO(hbm_ver_drv);
1018
1019static ssize_t tx_queue_limit_show(struct device *device,
1020 struct device_attribute *attr, char *buf)
1021{
1022 struct mei_device *dev = dev_get_drvdata(device);
1023 u8 size = 0;
1024
1025 mutex_lock(&dev->device_lock);
1026 size = dev->tx_queue_limit;
1027 mutex_unlock(&dev->device_lock);
1028
1029 return sysfs_emit(buf, "%u\n", size);
1030}
1031
1032static ssize_t tx_queue_limit_store(struct device *device,
1033 struct device_attribute *attr,
1034 const char *buf, size_t count)
1035{
1036 struct mei_device *dev = dev_get_drvdata(device);
1037 u8 limit;
1038 unsigned int inp;
1039 int err;
1040
1041 err = kstrtouint(buf, 10, &inp);
1042 if (err)
1043 return err;
1044 if (inp > MEI_TX_QUEUE_LIMIT_MAX || inp < MEI_TX_QUEUE_LIMIT_MIN)
1045 return -EINVAL;
1046 limit = inp;
1047
1048 mutex_lock(&dev->device_lock);
1049 dev->tx_queue_limit = limit;
1050 mutex_unlock(&dev->device_lock);
1051
1052 return count;
1053}
1054static DEVICE_ATTR_RW(tx_queue_limit);
1055
1056/**
1057 * fw_ver_show - display ME FW version
1058 *
1059 * @device: device pointer
1060 * @attr: attribute pointer
1061 * @buf: char out buffer
1062 *
1063 * Return: number of the bytes printed into buf or error
1064 */
1065static ssize_t fw_ver_show(struct device *device,
1066 struct device_attribute *attr, char *buf)
1067{
1068 struct mei_device *dev = dev_get_drvdata(device);
1069 struct mei_fw_version *ver;
1070 ssize_t cnt = 0;
1071 int i;
1072
1073 ver = dev->fw_ver;
1074
1075 for (i = 0; i < MEI_MAX_FW_VER_BLOCKS; i++)
1076 cnt += scnprintf(buf + cnt, PAGE_SIZE - cnt, "%u:%u.%u.%u.%u\n",
1077 ver[i].platform, ver[i].major, ver[i].minor,
1078 ver[i].hotfix, ver[i].buildno);
1079 return cnt;
1080}
1081static DEVICE_ATTR_RO(fw_ver);
1082
1083/**
1084 * dev_state_show - display device state
1085 *
1086 * @device: device pointer
1087 * @attr: attribute pointer
1088 * @buf: char out buffer
1089 *
1090 * Return: number of the bytes printed into buf or error
1091 */
1092static ssize_t dev_state_show(struct device *device,
1093 struct device_attribute *attr, char *buf)
1094{
1095 struct mei_device *dev = dev_get_drvdata(device);
1096 enum mei_dev_state dev_state;
1097
1098 mutex_lock(&dev->device_lock);
1099 dev_state = dev->dev_state;
1100 mutex_unlock(&dev->device_lock);
1101
1102 return sprintf(buf, "%s", mei_dev_state_str(dev_state));
1103}
1104static DEVICE_ATTR_RO(dev_state);
1105
1106/**
1107 * mei_set_devstate: set to new device state and notify sysfs file.
1108 *
1109 * @dev: mei_device
1110 * @state: new device state
1111 */
1112void mei_set_devstate(struct mei_device *dev, enum mei_dev_state state)
1113{
1114 struct device *clsdev;
1115
1116 if (dev->dev_state == state)
1117 return;
1118
1119 dev->dev_state = state;
1120
1121 clsdev = class_find_device_by_devt(&mei_class, dev->cdev.dev);
1122 if (clsdev) {
1123 sysfs_notify(&clsdev->kobj, NULL, "dev_state");
1124 put_device(clsdev);
1125 }
1126}
1127
1128/**
1129 * kind_show - display device kind
1130 *
1131 * @device: device pointer
1132 * @attr: attribute pointer
1133 * @buf: char out buffer
1134 *
1135 * Return: number of the bytes printed into buf or error
1136 */
1137static ssize_t kind_show(struct device *device,
1138 struct device_attribute *attr, char *buf)
1139{
1140 struct mei_device *dev = dev_get_drvdata(device);
1141 ssize_t ret;
1142
1143 if (dev->kind)
1144 ret = sprintf(buf, "%s\n", dev->kind);
1145 else
1146 ret = sprintf(buf, "%s\n", "mei");
1147
1148 return ret;
1149}
1150static DEVICE_ATTR_RO(kind);
1151
1152static struct attribute *mei_attrs[] = {
1153 &dev_attr_fw_status.attr,
1154 &dev_attr_hbm_ver.attr,
1155 &dev_attr_hbm_ver_drv.attr,
1156 &dev_attr_tx_queue_limit.attr,
1157 &dev_attr_fw_ver.attr,
1158 &dev_attr_dev_state.attr,
1159 &dev_attr_trc.attr,
1160 &dev_attr_kind.attr,
1161 NULL
1162};
1163ATTRIBUTE_GROUPS(mei);
1164
1165/*
1166 * file operations structure will be used for mei char device.
1167 */
1168static const struct file_operations mei_fops = {
1169 .owner = THIS_MODULE,
1170 .read = mei_read,
1171 .unlocked_ioctl = mei_ioctl,
1172 .compat_ioctl = compat_ptr_ioctl,
1173 .open = mei_open,
1174 .release = mei_release,
1175 .write = mei_write,
1176 .poll = mei_poll,
1177 .fsync = mei_fsync,
1178 .fasync = mei_fasync,
1179 .llseek = no_llseek
1180};
1181
1182/**
1183 * mei_minor_get - obtain next free device minor number
1184 *
1185 * @dev: device pointer
1186 *
1187 * Return: allocated minor, or -ENOSPC if no free minor left
1188 */
1189static int mei_minor_get(struct mei_device *dev)
1190{
1191 int ret;
1192
1193 mutex_lock(&mei_minor_lock);
1194 ret = idr_alloc(&mei_idr, dev, 0, MEI_MAX_DEVS, GFP_KERNEL);
1195 if (ret >= 0)
1196 dev->minor = ret;
1197 else if (ret == -ENOSPC)
1198 dev_err(dev->dev, "too many mei devices\n");
1199
1200 mutex_unlock(&mei_minor_lock);
1201 return ret;
1202}
1203
1204/**
1205 * mei_minor_free - mark device minor number as free
1206 *
1207 * @dev: device pointer
1208 */
1209static void mei_minor_free(struct mei_device *dev)
1210{
1211 mutex_lock(&mei_minor_lock);
1212 idr_remove(&mei_idr, dev->minor);
1213 mutex_unlock(&mei_minor_lock);
1214}
1215
1216int mei_register(struct mei_device *dev, struct device *parent)
1217{
1218 struct device *clsdev; /* class device */
1219 int ret, devno;
1220
1221 ret = mei_minor_get(dev);
1222 if (ret < 0)
1223 return ret;
1224
1225 /* Fill in the data structures */
1226 devno = MKDEV(MAJOR(mei_devt), dev->minor);
1227 cdev_init(&dev->cdev, &mei_fops);
1228 dev->cdev.owner = parent->driver->owner;
1229
1230 /* Add the device */
1231 ret = cdev_add(&dev->cdev, devno, 1);
1232 if (ret) {
1233 dev_err(parent, "unable to add device %d:%d\n",
1234 MAJOR(mei_devt), dev->minor);
1235 goto err_dev_add;
1236 }
1237
1238 clsdev = device_create_with_groups(&mei_class, parent, devno,
1239 dev, mei_groups,
1240 "mei%d", dev->minor);
1241
1242 if (IS_ERR(clsdev)) {
1243 dev_err(parent, "unable to create device %d:%d\n",
1244 MAJOR(mei_devt), dev->minor);
1245 ret = PTR_ERR(clsdev);
1246 goto err_dev_create;
1247 }
1248
1249 mei_dbgfs_register(dev, dev_name(clsdev));
1250
1251 return 0;
1252
1253err_dev_create:
1254 cdev_del(&dev->cdev);
1255err_dev_add:
1256 mei_minor_free(dev);
1257 return ret;
1258}
1259EXPORT_SYMBOL_GPL(mei_register);
1260
1261void mei_deregister(struct mei_device *dev)
1262{
1263 int devno;
1264
1265 devno = dev->cdev.dev;
1266 cdev_del(&dev->cdev);
1267
1268 mei_dbgfs_deregister(dev);
1269
1270 device_destroy(&mei_class, devno);
1271
1272 mei_minor_free(dev);
1273}
1274EXPORT_SYMBOL_GPL(mei_deregister);
1275
1276static int __init mei_init(void)
1277{
1278 int ret;
1279
1280 ret = class_register(&mei_class);
1281 if (ret)
1282 return ret;
1283
1284 ret = alloc_chrdev_region(&mei_devt, 0, MEI_MAX_DEVS, "mei");
1285 if (ret < 0) {
1286 pr_err("unable to allocate char dev region\n");
1287 goto err_class;
1288 }
1289
1290 ret = mei_cl_bus_init();
1291 if (ret < 0) {
1292 pr_err("unable to initialize bus\n");
1293 goto err_chrdev;
1294 }
1295
1296 return 0;
1297
1298err_chrdev:
1299 unregister_chrdev_region(mei_devt, MEI_MAX_DEVS);
1300err_class:
1301 class_unregister(&mei_class);
1302 return ret;
1303}
1304
1305static void __exit mei_exit(void)
1306{
1307 unregister_chrdev_region(mei_devt, MEI_MAX_DEVS);
1308 class_unregister(&mei_class);
1309 mei_cl_bus_exit();
1310}
1311
1312module_init(mei_init);
1313module_exit(mei_exit);
1314
1315MODULE_AUTHOR("Intel Corporation");
1316MODULE_DESCRIPTION("Intel(R) Management Engine Interface");
1317MODULE_LICENSE("GPL v2");
1318
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * Copyright (c) 2003-2020, Intel Corporation. All rights reserved.
4 * Intel Management Engine Interface (Intel MEI) Linux driver
5 */
6
7#include <linux/module.h>
8#include <linux/moduleparam.h>
9#include <linux/kernel.h>
10#include <linux/device.h>
11#include <linux/slab.h>
12#include <linux/fs.h>
13#include <linux/errno.h>
14#include <linux/types.h>
15#include <linux/fcntl.h>
16#include <linux/poll.h>
17#include <linux/init.h>
18#include <linux/ioctl.h>
19#include <linux/cdev.h>
20#include <linux/sched/signal.h>
21#include <linux/uuid.h>
22#include <linux/compat.h>
23#include <linux/jiffies.h>
24#include <linux/interrupt.h>
25
26#include <linux/mei.h>
27
28#include "mei_dev.h"
29#include "client.h"
30
31static struct class *mei_class;
32static dev_t mei_devt;
33#define MEI_MAX_DEVS MINORMASK
34static DEFINE_MUTEX(mei_minor_lock);
35static DEFINE_IDR(mei_idr);
36
37/**
38 * mei_open - the open function
39 *
40 * @inode: pointer to inode structure
41 * @file: pointer to file structure
42 *
43 * Return: 0 on success, <0 on error
44 */
45static int mei_open(struct inode *inode, struct file *file)
46{
47 struct mei_device *dev;
48 struct mei_cl *cl;
49
50 int err;
51
52 dev = container_of(inode->i_cdev, struct mei_device, cdev);
53 if (!dev)
54 return -ENODEV;
55
56 mutex_lock(&dev->device_lock);
57
58 if (dev->dev_state != MEI_DEV_ENABLED) {
59 dev_dbg(dev->dev, "dev_state != MEI_ENABLED dev_state = %s\n",
60 mei_dev_state_str(dev->dev_state));
61 err = -ENODEV;
62 goto err_unlock;
63 }
64
65 cl = mei_cl_alloc_linked(dev);
66 if (IS_ERR(cl)) {
67 err = PTR_ERR(cl);
68 goto err_unlock;
69 }
70
71 cl->fp = file;
72 file->private_data = cl;
73
74 mutex_unlock(&dev->device_lock);
75
76 return nonseekable_open(inode, file);
77
78err_unlock:
79 mutex_unlock(&dev->device_lock);
80 return err;
81}
82
83/**
84 * mei_release - the release function
85 *
86 * @inode: pointer to inode structure
87 * @file: pointer to file structure
88 *
89 * Return: 0 on success, <0 on error
90 */
91static int mei_release(struct inode *inode, struct file *file)
92{
93 struct mei_cl *cl = file->private_data;
94 struct mei_device *dev;
95 int rets;
96
97 if (WARN_ON(!cl || !cl->dev))
98 return -ENODEV;
99
100 dev = cl->dev;
101
102 mutex_lock(&dev->device_lock);
103
104 rets = mei_cl_disconnect(cl);
105
106 mei_cl_flush_queues(cl, file);
107 cl_dbg(dev, cl, "removing\n");
108
109 mei_cl_unlink(cl);
110
111 file->private_data = NULL;
112
113 kfree(cl);
114
115 mutex_unlock(&dev->device_lock);
116 return rets;
117}
118
119
120/**
121 * mei_read - the read function.
122 *
123 * @file: pointer to file structure
124 * @ubuf: pointer to user buffer
125 * @length: buffer length
126 * @offset: data offset in buffer
127 *
128 * Return: >=0 data length on success , <0 on error
129 */
130static ssize_t mei_read(struct file *file, char __user *ubuf,
131 size_t length, loff_t *offset)
132{
133 struct mei_cl *cl = file->private_data;
134 struct mei_device *dev;
135 struct mei_cl_cb *cb = NULL;
136 bool nonblock = !!(file->f_flags & O_NONBLOCK);
137 ssize_t rets;
138
139 if (WARN_ON(!cl || !cl->dev))
140 return -ENODEV;
141
142 dev = cl->dev;
143
144
145 mutex_lock(&dev->device_lock);
146 if (dev->dev_state != MEI_DEV_ENABLED) {
147 rets = -ENODEV;
148 goto out;
149 }
150
151 if (length == 0) {
152 rets = 0;
153 goto out;
154 }
155
156 if (ubuf == NULL) {
157 rets = -EMSGSIZE;
158 goto out;
159 }
160
161 cb = mei_cl_read_cb(cl, file);
162 if (cb)
163 goto copy_buffer;
164
165 if (*offset > 0)
166 *offset = 0;
167
168 rets = mei_cl_read_start(cl, length, file);
169 if (rets && rets != -EBUSY) {
170 cl_dbg(dev, cl, "mei start read failure status = %zd\n", rets);
171 goto out;
172 }
173
174 if (nonblock) {
175 rets = -EAGAIN;
176 goto out;
177 }
178
179 mutex_unlock(&dev->device_lock);
180 if (wait_event_interruptible(cl->rx_wait,
181 !list_empty(&cl->rd_completed) ||
182 !mei_cl_is_connected(cl))) {
183 if (signal_pending(current))
184 return -EINTR;
185 return -ERESTARTSYS;
186 }
187 mutex_lock(&dev->device_lock);
188
189 if (!mei_cl_is_connected(cl)) {
190 rets = -ENODEV;
191 goto out;
192 }
193
194 cb = mei_cl_read_cb(cl, file);
195 if (!cb) {
196 rets = 0;
197 goto out;
198 }
199
200copy_buffer:
201 /* now copy the data to user space */
202 if (cb->status) {
203 rets = cb->status;
204 cl_dbg(dev, cl, "read operation failed %zd\n", rets);
205 goto free;
206 }
207
208 cl_dbg(dev, cl, "buf.size = %zu buf.idx = %zu offset = %lld\n",
209 cb->buf.size, cb->buf_idx, *offset);
210 if (*offset >= cb->buf_idx) {
211 rets = 0;
212 goto free;
213 }
214
215 /* length is being truncated to PAGE_SIZE,
216 * however buf_idx may point beyond that */
217 length = min_t(size_t, length, cb->buf_idx - *offset);
218
219 if (copy_to_user(ubuf, cb->buf.data + *offset, length)) {
220 dev_dbg(dev->dev, "failed to copy data to userland\n");
221 rets = -EFAULT;
222 goto free;
223 }
224
225 rets = length;
226 *offset += length;
227 /* not all data was read, keep the cb */
228 if (*offset < cb->buf_idx)
229 goto out;
230
231free:
232 mei_io_cb_free(cb);
233 *offset = 0;
234
235out:
236 cl_dbg(dev, cl, "end mei read rets = %zd\n", rets);
237 mutex_unlock(&dev->device_lock);
238 return rets;
239}
240/**
241 * mei_write - the write function.
242 *
243 * @file: pointer to file structure
244 * @ubuf: pointer to user buffer
245 * @length: buffer length
246 * @offset: data offset in buffer
247 *
248 * Return: >=0 data length on success , <0 on error
249 */
250static ssize_t mei_write(struct file *file, const char __user *ubuf,
251 size_t length, loff_t *offset)
252{
253 struct mei_cl *cl = file->private_data;
254 struct mei_cl_cb *cb;
255 struct mei_device *dev;
256 ssize_t rets;
257
258 if (WARN_ON(!cl || !cl->dev))
259 return -ENODEV;
260
261 dev = cl->dev;
262
263 mutex_lock(&dev->device_lock);
264
265 if (dev->dev_state != MEI_DEV_ENABLED) {
266 rets = -ENODEV;
267 goto out;
268 }
269
270 if (!mei_cl_is_connected(cl)) {
271 cl_err(dev, cl, "is not connected");
272 rets = -ENODEV;
273 goto out;
274 }
275
276 if (!mei_me_cl_is_active(cl->me_cl)) {
277 rets = -ENOTTY;
278 goto out;
279 }
280
281 if (length > mei_cl_mtu(cl)) {
282 rets = -EFBIG;
283 goto out;
284 }
285
286 if (length == 0) {
287 rets = 0;
288 goto out;
289 }
290
291 while (cl->tx_cb_queued >= dev->tx_queue_limit) {
292 if (file->f_flags & O_NONBLOCK) {
293 rets = -EAGAIN;
294 goto out;
295 }
296 mutex_unlock(&dev->device_lock);
297 rets = wait_event_interruptible(cl->tx_wait,
298 cl->writing_state == MEI_WRITE_COMPLETE ||
299 (!mei_cl_is_connected(cl)));
300 mutex_lock(&dev->device_lock);
301 if (rets) {
302 if (signal_pending(current))
303 rets = -EINTR;
304 goto out;
305 }
306 if (!mei_cl_is_connected(cl)) {
307 rets = -ENODEV;
308 goto out;
309 }
310 }
311
312 cb = mei_cl_alloc_cb(cl, length, MEI_FOP_WRITE, file);
313 if (!cb) {
314 rets = -ENOMEM;
315 goto out;
316 }
317
318 rets = copy_from_user(cb->buf.data, ubuf, length);
319 if (rets) {
320 dev_dbg(dev->dev, "failed to copy data from userland\n");
321 rets = -EFAULT;
322 mei_io_cb_free(cb);
323 goto out;
324 }
325
326 rets = mei_cl_write(cl, cb);
327out:
328 mutex_unlock(&dev->device_lock);
329 return rets;
330}
331
332/**
333 * mei_ioctl_connect_client - the connect to fw client IOCTL function
334 *
335 * @file: private data of the file object
336 * @data: IOCTL connect data, input and output parameters
337 *
338 * Locking: called under "dev->device_lock" lock
339 *
340 * Return: 0 on success, <0 on failure.
341 */
342static int mei_ioctl_connect_client(struct file *file,
343 struct mei_connect_client_data *data)
344{
345 struct mei_device *dev;
346 struct mei_client *client;
347 struct mei_me_client *me_cl;
348 struct mei_cl *cl;
349 int rets;
350
351 cl = file->private_data;
352 dev = cl->dev;
353
354 if (dev->dev_state != MEI_DEV_ENABLED)
355 return -ENODEV;
356
357 if (cl->state != MEI_FILE_INITIALIZING &&
358 cl->state != MEI_FILE_DISCONNECTED)
359 return -EBUSY;
360
361 /* find ME client we're trying to connect to */
362 me_cl = mei_me_cl_by_uuid(dev, &data->in_client_uuid);
363 if (!me_cl) {
364 dev_dbg(dev->dev, "Cannot connect to FW Client UUID = %pUl\n",
365 &data->in_client_uuid);
366 rets = -ENOTTY;
367 goto end;
368 }
369
370 if (me_cl->props.fixed_address) {
371 bool forbidden = dev->override_fixed_address ?
372 !dev->allow_fixed_address : !dev->hbm_f_fa_supported;
373 if (forbidden) {
374 dev_dbg(dev->dev, "Connection forbidden to FW Client UUID = %pUl\n",
375 &data->in_client_uuid);
376 rets = -ENOTTY;
377 goto end;
378 }
379 }
380
381 dev_dbg(dev->dev, "Connect to FW Client ID = %d\n",
382 me_cl->client_id);
383 dev_dbg(dev->dev, "FW Client - Protocol Version = %d\n",
384 me_cl->props.protocol_version);
385 dev_dbg(dev->dev, "FW Client - Max Msg Len = %d\n",
386 me_cl->props.max_msg_length);
387
388 /* prepare the output buffer */
389 client = &data->out_client_properties;
390 client->max_msg_length = me_cl->props.max_msg_length;
391 client->protocol_version = me_cl->props.protocol_version;
392 dev_dbg(dev->dev, "Can connect?\n");
393
394 rets = mei_cl_connect(cl, me_cl, file);
395
396end:
397 mei_me_cl_put(me_cl);
398 return rets;
399}
400
401/**
402 * mei_ioctl_client_notify_request -
403 * propagate event notification request to client
404 *
405 * @file: pointer to file structure
406 * @request: 0 - disable, 1 - enable
407 *
408 * Return: 0 on success , <0 on error
409 */
410static int mei_ioctl_client_notify_request(const struct file *file, u32 request)
411{
412 struct mei_cl *cl = file->private_data;
413
414 if (request != MEI_HBM_NOTIFICATION_START &&
415 request != MEI_HBM_NOTIFICATION_STOP)
416 return -EINVAL;
417
418 return mei_cl_notify_request(cl, file, (u8)request);
419}
420
421/**
422 * mei_ioctl_client_notify_get - wait for notification request
423 *
424 * @file: pointer to file structure
425 * @notify_get: 0 - disable, 1 - enable
426 *
427 * Return: 0 on success , <0 on error
428 */
429static int mei_ioctl_client_notify_get(const struct file *file, u32 *notify_get)
430{
431 struct mei_cl *cl = file->private_data;
432 bool notify_ev;
433 bool block = (file->f_flags & O_NONBLOCK) == 0;
434 int rets;
435
436 rets = mei_cl_notify_get(cl, block, ¬ify_ev);
437 if (rets)
438 return rets;
439
440 *notify_get = notify_ev ? 1 : 0;
441 return 0;
442}
443
444/**
445 * mei_ioctl - the IOCTL function
446 *
447 * @file: pointer to file structure
448 * @cmd: ioctl command
449 * @data: pointer to mei message structure
450 *
451 * Return: 0 on success , <0 on error
452 */
453static long mei_ioctl(struct file *file, unsigned int cmd, unsigned long data)
454{
455 struct mei_device *dev;
456 struct mei_cl *cl = file->private_data;
457 struct mei_connect_client_data connect_data;
458 u32 notify_get, notify_req;
459 int rets;
460
461
462 if (WARN_ON(!cl || !cl->dev))
463 return -ENODEV;
464
465 dev = cl->dev;
466
467 dev_dbg(dev->dev, "IOCTL cmd = 0x%x", cmd);
468
469 mutex_lock(&dev->device_lock);
470 if (dev->dev_state != MEI_DEV_ENABLED) {
471 rets = -ENODEV;
472 goto out;
473 }
474
475 switch (cmd) {
476 case IOCTL_MEI_CONNECT_CLIENT:
477 dev_dbg(dev->dev, ": IOCTL_MEI_CONNECT_CLIENT.\n");
478 if (copy_from_user(&connect_data, (char __user *)data,
479 sizeof(connect_data))) {
480 dev_dbg(dev->dev, "failed to copy data from userland\n");
481 rets = -EFAULT;
482 goto out;
483 }
484
485 rets = mei_ioctl_connect_client(file, &connect_data);
486 if (rets)
487 goto out;
488
489 /* if all is ok, copying the data back to user. */
490 if (copy_to_user((char __user *)data, &connect_data,
491 sizeof(connect_data))) {
492 dev_dbg(dev->dev, "failed to copy data to userland\n");
493 rets = -EFAULT;
494 goto out;
495 }
496
497 break;
498
499 case IOCTL_MEI_NOTIFY_SET:
500 dev_dbg(dev->dev, ": IOCTL_MEI_NOTIFY_SET.\n");
501 if (copy_from_user(¬ify_req,
502 (char __user *)data, sizeof(notify_req))) {
503 dev_dbg(dev->dev, "failed to copy data from userland\n");
504 rets = -EFAULT;
505 goto out;
506 }
507 rets = mei_ioctl_client_notify_request(file, notify_req);
508 break;
509
510 case IOCTL_MEI_NOTIFY_GET:
511 dev_dbg(dev->dev, ": IOCTL_MEI_NOTIFY_GET.\n");
512 rets = mei_ioctl_client_notify_get(file, ¬ify_get);
513 if (rets)
514 goto out;
515
516 dev_dbg(dev->dev, "copy connect data to user\n");
517 if (copy_to_user((char __user *)data,
518 ¬ify_get, sizeof(notify_get))) {
519 dev_dbg(dev->dev, "failed to copy data to userland\n");
520 rets = -EFAULT;
521 goto out;
522
523 }
524 break;
525
526 default:
527 rets = -ENOIOCTLCMD;
528 }
529
530out:
531 mutex_unlock(&dev->device_lock);
532 return rets;
533}
534
535/**
536 * mei_poll - the poll function
537 *
538 * @file: pointer to file structure
539 * @wait: pointer to poll_table structure
540 *
541 * Return: poll mask
542 */
543static __poll_t mei_poll(struct file *file, poll_table *wait)
544{
545 __poll_t req_events = poll_requested_events(wait);
546 struct mei_cl *cl = file->private_data;
547 struct mei_device *dev;
548 __poll_t mask = 0;
549 bool notify_en;
550
551 if (WARN_ON(!cl || !cl->dev))
552 return EPOLLERR;
553
554 dev = cl->dev;
555
556 mutex_lock(&dev->device_lock);
557
558 notify_en = cl->notify_en && (req_events & EPOLLPRI);
559
560 if (dev->dev_state != MEI_DEV_ENABLED ||
561 !mei_cl_is_connected(cl)) {
562 mask = EPOLLERR;
563 goto out;
564 }
565
566 if (notify_en) {
567 poll_wait(file, &cl->ev_wait, wait);
568 if (cl->notify_ev)
569 mask |= EPOLLPRI;
570 }
571
572 if (req_events & (EPOLLIN | EPOLLRDNORM)) {
573 poll_wait(file, &cl->rx_wait, wait);
574
575 if (!list_empty(&cl->rd_completed))
576 mask |= EPOLLIN | EPOLLRDNORM;
577 else
578 mei_cl_read_start(cl, mei_cl_mtu(cl), file);
579 }
580
581 if (req_events & (EPOLLOUT | EPOLLWRNORM)) {
582 poll_wait(file, &cl->tx_wait, wait);
583 if (cl->tx_cb_queued < dev->tx_queue_limit)
584 mask |= EPOLLOUT | EPOLLWRNORM;
585 }
586
587out:
588 mutex_unlock(&dev->device_lock);
589 return mask;
590}
591
592/**
593 * mei_cl_is_write_queued - check if the client has pending writes.
594 *
595 * @cl: writing host client
596 *
597 * Return: true if client is writing, false otherwise.
598 */
599static bool mei_cl_is_write_queued(struct mei_cl *cl)
600{
601 struct mei_device *dev = cl->dev;
602 struct mei_cl_cb *cb;
603
604 list_for_each_entry(cb, &dev->write_list, list)
605 if (cb->cl == cl)
606 return true;
607 list_for_each_entry(cb, &dev->write_waiting_list, list)
608 if (cb->cl == cl)
609 return true;
610 return false;
611}
612
613/**
614 * mei_fsync - the fsync handler
615 *
616 * @fp: pointer to file structure
617 * @start: unused
618 * @end: unused
619 * @datasync: unused
620 *
621 * Return: 0 on success, -ENODEV if client is not connected
622 */
623static int mei_fsync(struct file *fp, loff_t start, loff_t end, int datasync)
624{
625 struct mei_cl *cl = fp->private_data;
626 struct mei_device *dev;
627 int rets;
628
629 if (WARN_ON(!cl || !cl->dev))
630 return -ENODEV;
631
632 dev = cl->dev;
633
634 mutex_lock(&dev->device_lock);
635
636 if (dev->dev_state != MEI_DEV_ENABLED || !mei_cl_is_connected(cl)) {
637 rets = -ENODEV;
638 goto out;
639 }
640
641 while (mei_cl_is_write_queued(cl)) {
642 mutex_unlock(&dev->device_lock);
643 rets = wait_event_interruptible(cl->tx_wait,
644 cl->writing_state == MEI_WRITE_COMPLETE ||
645 !mei_cl_is_connected(cl));
646 mutex_lock(&dev->device_lock);
647 if (rets) {
648 if (signal_pending(current))
649 rets = -EINTR;
650 goto out;
651 }
652 if (!mei_cl_is_connected(cl)) {
653 rets = -ENODEV;
654 goto out;
655 }
656 }
657 rets = 0;
658out:
659 mutex_unlock(&dev->device_lock);
660 return rets;
661}
662
663/**
664 * mei_fasync - asynchronous io support
665 *
666 * @fd: file descriptor
667 * @file: pointer to file structure
668 * @band: band bitmap
669 *
670 * Return: negative on error,
671 * 0 if it did no changes,
672 * and positive a process was added or deleted
673 */
674static int mei_fasync(int fd, struct file *file, int band)
675{
676
677 struct mei_cl *cl = file->private_data;
678
679 if (!mei_cl_is_connected(cl))
680 return -ENODEV;
681
682 return fasync_helper(fd, file, band, &cl->ev_async);
683}
684
685/**
686 * trc_show - mei device trc attribute show method
687 *
688 * @device: device pointer
689 * @attr: attribute pointer
690 * @buf: char out buffer
691 *
692 * Return: number of the bytes printed into buf or error
693 */
694static ssize_t trc_show(struct device *device,
695 struct device_attribute *attr, char *buf)
696{
697 struct mei_device *dev = dev_get_drvdata(device);
698 u32 trc;
699 int ret;
700
701 ret = mei_trc_status(dev, &trc);
702 if (ret)
703 return ret;
704 return sprintf(buf, "%08X\n", trc);
705}
706static DEVICE_ATTR_RO(trc);
707
708/**
709 * fw_status_show - mei device fw_status attribute show method
710 *
711 * @device: device pointer
712 * @attr: attribute pointer
713 * @buf: char out buffer
714 *
715 * Return: number of the bytes printed into buf or error
716 */
717static ssize_t fw_status_show(struct device *device,
718 struct device_attribute *attr, char *buf)
719{
720 struct mei_device *dev = dev_get_drvdata(device);
721 struct mei_fw_status fw_status;
722 int err, i;
723 ssize_t cnt = 0;
724
725 mutex_lock(&dev->device_lock);
726 err = mei_fw_status(dev, &fw_status);
727 mutex_unlock(&dev->device_lock);
728 if (err) {
729 dev_err(device, "read fw_status error = %d\n", err);
730 return err;
731 }
732
733 for (i = 0; i < fw_status.count; i++)
734 cnt += scnprintf(buf + cnt, PAGE_SIZE - cnt, "%08X\n",
735 fw_status.status[i]);
736 return cnt;
737}
738static DEVICE_ATTR_RO(fw_status);
739
740/**
741 * hbm_ver_show - display HBM protocol version negotiated with FW
742 *
743 * @device: device pointer
744 * @attr: attribute pointer
745 * @buf: char out buffer
746 *
747 * Return: number of the bytes printed into buf or error
748 */
749static ssize_t hbm_ver_show(struct device *device,
750 struct device_attribute *attr, char *buf)
751{
752 struct mei_device *dev = dev_get_drvdata(device);
753 struct hbm_version ver;
754
755 mutex_lock(&dev->device_lock);
756 ver = dev->version;
757 mutex_unlock(&dev->device_lock);
758
759 return sprintf(buf, "%u.%u\n", ver.major_version, ver.minor_version);
760}
761static DEVICE_ATTR_RO(hbm_ver);
762
763/**
764 * hbm_ver_drv_show - display HBM protocol version advertised by driver
765 *
766 * @device: device pointer
767 * @attr: attribute pointer
768 * @buf: char out buffer
769 *
770 * Return: number of the bytes printed into buf or error
771 */
772static ssize_t hbm_ver_drv_show(struct device *device,
773 struct device_attribute *attr, char *buf)
774{
775 return sprintf(buf, "%u.%u\n", HBM_MAJOR_VERSION, HBM_MINOR_VERSION);
776}
777static DEVICE_ATTR_RO(hbm_ver_drv);
778
779static ssize_t tx_queue_limit_show(struct device *device,
780 struct device_attribute *attr, char *buf)
781{
782 struct mei_device *dev = dev_get_drvdata(device);
783 u8 size = 0;
784
785 mutex_lock(&dev->device_lock);
786 size = dev->tx_queue_limit;
787 mutex_unlock(&dev->device_lock);
788
789 return snprintf(buf, PAGE_SIZE, "%u\n", size);
790}
791
792static ssize_t tx_queue_limit_store(struct device *device,
793 struct device_attribute *attr,
794 const char *buf, size_t count)
795{
796 struct mei_device *dev = dev_get_drvdata(device);
797 u8 limit;
798 unsigned int inp;
799 int err;
800
801 err = kstrtouint(buf, 10, &inp);
802 if (err)
803 return err;
804 if (inp > MEI_TX_QUEUE_LIMIT_MAX || inp < MEI_TX_QUEUE_LIMIT_MIN)
805 return -EINVAL;
806 limit = inp;
807
808 mutex_lock(&dev->device_lock);
809 dev->tx_queue_limit = limit;
810 mutex_unlock(&dev->device_lock);
811
812 return count;
813}
814static DEVICE_ATTR_RW(tx_queue_limit);
815
816/**
817 * fw_ver_show - display ME FW version
818 *
819 * @device: device pointer
820 * @attr: attribute pointer
821 * @buf: char out buffer
822 *
823 * Return: number of the bytes printed into buf or error
824 */
825static ssize_t fw_ver_show(struct device *device,
826 struct device_attribute *attr, char *buf)
827{
828 struct mei_device *dev = dev_get_drvdata(device);
829 struct mei_fw_version *ver;
830 ssize_t cnt = 0;
831 int i;
832
833 ver = dev->fw_ver;
834
835 for (i = 0; i < MEI_MAX_FW_VER_BLOCKS; i++)
836 cnt += scnprintf(buf + cnt, PAGE_SIZE - cnt, "%u:%u.%u.%u.%u\n",
837 ver[i].platform, ver[i].major, ver[i].minor,
838 ver[i].hotfix, ver[i].buildno);
839 return cnt;
840}
841static DEVICE_ATTR_RO(fw_ver);
842
843/**
844 * dev_state_show - display device state
845 *
846 * @device: device pointer
847 * @attr: attribute pointer
848 * @buf: char out buffer
849 *
850 * Return: number of the bytes printed into buf or error
851 */
852static ssize_t dev_state_show(struct device *device,
853 struct device_attribute *attr, char *buf)
854{
855 struct mei_device *dev = dev_get_drvdata(device);
856 enum mei_dev_state dev_state;
857
858 mutex_lock(&dev->device_lock);
859 dev_state = dev->dev_state;
860 mutex_unlock(&dev->device_lock);
861
862 return sprintf(buf, "%s", mei_dev_state_str(dev_state));
863}
864static DEVICE_ATTR_RO(dev_state);
865
866/**
867 * dev_set_devstate: set to new device state and notify sysfs file.
868 *
869 * @dev: mei_device
870 * @state: new device state
871 */
872void mei_set_devstate(struct mei_device *dev, enum mei_dev_state state)
873{
874 struct device *clsdev;
875
876 if (dev->dev_state == state)
877 return;
878
879 dev->dev_state = state;
880
881 clsdev = class_find_device_by_devt(mei_class, dev->cdev.dev);
882 if (clsdev) {
883 sysfs_notify(&clsdev->kobj, NULL, "dev_state");
884 put_device(clsdev);
885 }
886}
887
888/**
889 * kind_show - display device kind
890 *
891 * @device: device pointer
892 * @attr: attribute pointer
893 * @buf: char out buffer
894 *
895 * Return: number of the bytes printed into buf or error
896 */
897static ssize_t kind_show(struct device *device,
898 struct device_attribute *attr, char *buf)
899{
900 struct mei_device *dev = dev_get_drvdata(device);
901 ssize_t ret;
902
903 if (dev->kind)
904 ret = sprintf(buf, "%s\n", dev->kind);
905 else
906 ret = sprintf(buf, "%s\n", "mei");
907
908 return ret;
909}
910static DEVICE_ATTR_RO(kind);
911
912static struct attribute *mei_attrs[] = {
913 &dev_attr_fw_status.attr,
914 &dev_attr_hbm_ver.attr,
915 &dev_attr_hbm_ver_drv.attr,
916 &dev_attr_tx_queue_limit.attr,
917 &dev_attr_fw_ver.attr,
918 &dev_attr_dev_state.attr,
919 &dev_attr_trc.attr,
920 &dev_attr_kind.attr,
921 NULL
922};
923ATTRIBUTE_GROUPS(mei);
924
925/*
926 * file operations structure will be used for mei char device.
927 */
928static const struct file_operations mei_fops = {
929 .owner = THIS_MODULE,
930 .read = mei_read,
931 .unlocked_ioctl = mei_ioctl,
932 .compat_ioctl = compat_ptr_ioctl,
933 .open = mei_open,
934 .release = mei_release,
935 .write = mei_write,
936 .poll = mei_poll,
937 .fsync = mei_fsync,
938 .fasync = mei_fasync,
939 .llseek = no_llseek
940};
941
942/**
943 * mei_minor_get - obtain next free device minor number
944 *
945 * @dev: device pointer
946 *
947 * Return: allocated minor, or -ENOSPC if no free minor left
948 */
949static int mei_minor_get(struct mei_device *dev)
950{
951 int ret;
952
953 mutex_lock(&mei_minor_lock);
954 ret = idr_alloc(&mei_idr, dev, 0, MEI_MAX_DEVS, GFP_KERNEL);
955 if (ret >= 0)
956 dev->minor = ret;
957 else if (ret == -ENOSPC)
958 dev_err(dev->dev, "too many mei devices\n");
959
960 mutex_unlock(&mei_minor_lock);
961 return ret;
962}
963
964/**
965 * mei_minor_free - mark device minor number as free
966 *
967 * @dev: device pointer
968 */
969static void mei_minor_free(struct mei_device *dev)
970{
971 mutex_lock(&mei_minor_lock);
972 idr_remove(&mei_idr, dev->minor);
973 mutex_unlock(&mei_minor_lock);
974}
975
976int mei_register(struct mei_device *dev, struct device *parent)
977{
978 struct device *clsdev; /* class device */
979 int ret, devno;
980
981 ret = mei_minor_get(dev);
982 if (ret < 0)
983 return ret;
984
985 /* Fill in the data structures */
986 devno = MKDEV(MAJOR(mei_devt), dev->minor);
987 cdev_init(&dev->cdev, &mei_fops);
988 dev->cdev.owner = parent->driver->owner;
989
990 /* Add the device */
991 ret = cdev_add(&dev->cdev, devno, 1);
992 if (ret) {
993 dev_err(parent, "unable to add device %d:%d\n",
994 MAJOR(mei_devt), dev->minor);
995 goto err_dev_add;
996 }
997
998 clsdev = device_create_with_groups(mei_class, parent, devno,
999 dev, mei_groups,
1000 "mei%d", dev->minor);
1001
1002 if (IS_ERR(clsdev)) {
1003 dev_err(parent, "unable to create device %d:%d\n",
1004 MAJOR(mei_devt), dev->minor);
1005 ret = PTR_ERR(clsdev);
1006 goto err_dev_create;
1007 }
1008
1009 mei_dbgfs_register(dev, dev_name(clsdev));
1010
1011 return 0;
1012
1013err_dev_create:
1014 cdev_del(&dev->cdev);
1015err_dev_add:
1016 mei_minor_free(dev);
1017 return ret;
1018}
1019EXPORT_SYMBOL_GPL(mei_register);
1020
1021void mei_deregister(struct mei_device *dev)
1022{
1023 int devno;
1024
1025 devno = dev->cdev.dev;
1026 cdev_del(&dev->cdev);
1027
1028 mei_dbgfs_deregister(dev);
1029
1030 device_destroy(mei_class, devno);
1031
1032 mei_minor_free(dev);
1033}
1034EXPORT_SYMBOL_GPL(mei_deregister);
1035
1036static int __init mei_init(void)
1037{
1038 int ret;
1039
1040 mei_class = class_create(THIS_MODULE, "mei");
1041 if (IS_ERR(mei_class)) {
1042 pr_err("couldn't create class\n");
1043 ret = PTR_ERR(mei_class);
1044 goto err;
1045 }
1046
1047 ret = alloc_chrdev_region(&mei_devt, 0, MEI_MAX_DEVS, "mei");
1048 if (ret < 0) {
1049 pr_err("unable to allocate char dev region\n");
1050 goto err_class;
1051 }
1052
1053 ret = mei_cl_bus_init();
1054 if (ret < 0) {
1055 pr_err("unable to initialize bus\n");
1056 goto err_chrdev;
1057 }
1058
1059 return 0;
1060
1061err_chrdev:
1062 unregister_chrdev_region(mei_devt, MEI_MAX_DEVS);
1063err_class:
1064 class_destroy(mei_class);
1065err:
1066 return ret;
1067}
1068
1069static void __exit mei_exit(void)
1070{
1071 unregister_chrdev_region(mei_devt, MEI_MAX_DEVS);
1072 class_destroy(mei_class);
1073 mei_cl_bus_exit();
1074}
1075
1076module_init(mei_init);
1077module_exit(mei_exit);
1078
1079MODULE_AUTHOR("Intel Corporation");
1080MODULE_DESCRIPTION("Intel(R) Management Engine Interface");
1081MODULE_LICENSE("GPL v2");
1082