1 /*
2 *
3 * Intel Management Engine Interface (Intel MEI) Linux driver
4 * Copyright (c) 2003-2012, Intel Corporation.
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms and conditions of the GNU General Public License,
8 * version 2, as published by the Free Software Foundation.
9 *
10 * This program is distributed in the hope it will be useful, but WITHOUT
11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
13 * more details.
14 *
15 */
16
17 #include <linux/kernel.h>
18 #include <linux/fs.h>
19 #include <linux/errno.h>
20 #include <linux/types.h>
21 #include <linux/fcntl.h>
22 #include <linux/ioctl.h>
23 #include <linux/cdev.h>
24 #include <linux/list.h>
25 #include <linux/delay.h>
26 #include <linux/sched.h>
27 #include <linux/uuid.h>
28 #include <linux/jiffies.h>
29 #include <linux/uaccess.h>
30 #include <linux/slab.h>
31
32 #include <linux/mei.h>
33
34 #include "mei_dev.h"
35 #include "hbm.h"
36 #include "client.h"
37
38 const uuid_le mei_amthif_guid = UUID_LE(0x12f80028, 0xb4b7, 0x4b2d,
39 0xac, 0xa8, 0x46, 0xe0,
40 0xff, 0x65, 0x81, 0x4c);
41
42 /**
43 * mei_amthif_reset_params - initializes mei device iamthif
44 *
45 * @dev: the device structure
46 */
mei_amthif_reset_params(struct mei_device * dev)47 void mei_amthif_reset_params(struct mei_device *dev)
48 {
49 /* reset iamthif parameters. */
50 dev->iamthif_current_cb = NULL;
51 dev->iamthif_canceled = false;
52 dev->iamthif_state = MEI_IAMTHIF_IDLE;
53 dev->iamthif_timer = 0;
54 dev->iamthif_stall_timer = 0;
55 dev->iamthif_open_count = 0;
56 }
57
58 /**
59 * mei_amthif_host_init - mei initialization amthif client.
60 *
61 * @dev: the device structure
62 *
63 * Return: 0 on success, <0 on failure.
64 */
mei_amthif_host_init(struct mei_device * dev)65 int mei_amthif_host_init(struct mei_device *dev)
66 {
67 struct mei_cl *cl = &dev->iamthif_cl;
68 struct mei_me_client *me_cl;
69 int ret;
70
71 dev->iamthif_state = MEI_IAMTHIF_IDLE;
72
73 mei_cl_init(cl, dev);
74
75 me_cl = mei_me_cl_by_uuid(dev, &mei_amthif_guid);
76 if (!me_cl) {
77 dev_info(dev->dev, "amthif: failed to find the client");
78 return -ENOTTY;
79 }
80
81 cl->me_client_id = me_cl->client_id;
82 cl->cl_uuid = me_cl->props.protocol_name;
83
84 /* Assign iamthif_mtu to the value received from ME */
85
86 dev->iamthif_mtu = me_cl->props.max_msg_length;
87 dev_dbg(dev->dev, "IAMTHIF_MTU = %d\n", dev->iamthif_mtu);
88
89
90 ret = mei_cl_link(cl, MEI_IAMTHIF_HOST_CLIENT_ID);
91 if (ret < 0) {
92 dev_err(dev->dev, "amthif: failed cl_link %d\n", ret);
93 goto out;
94 }
95
96 ret = mei_cl_connect(cl, NULL);
97
98 dev->iamthif_state = MEI_IAMTHIF_IDLE;
99
100 out:
101 mei_me_cl_put(me_cl);
102 return ret;
103 }
104
105 /**
106 * mei_amthif_find_read_list_entry - finds a amthilist entry for current file
107 *
108 * @dev: the device structure
109 * @file: pointer to file object
110 *
111 * Return: returned a list entry on success, NULL on failure.
112 */
mei_amthif_find_read_list_entry(struct mei_device * dev,struct file * file)113 struct mei_cl_cb *mei_amthif_find_read_list_entry(struct mei_device *dev,
114 struct file *file)
115 {
116 struct mei_cl_cb *cb;
117
118 list_for_each_entry(cb, &dev->amthif_rd_complete_list.list, list)
119 if (cb->file_object == file)
120 return cb;
121 return NULL;
122 }
123
124
125 /**
126 * mei_amthif_read - read data from AMTHIF client
127 *
128 * @dev: the device structure
129 * @file: pointer to file object
130 * @ubuf: pointer to user data in user space
131 * @length: data length to read
132 * @offset: data read offset
133 *
134 * Locking: called under "dev->device_lock" lock
135 *
136 * Return:
137 * returned data length on success,
138 * zero if no data to read,
139 * negative on failure.
140 */
mei_amthif_read(struct mei_device * dev,struct file * file,char __user * ubuf,size_t length,loff_t * offset)141 int mei_amthif_read(struct mei_device *dev, struct file *file,
142 char __user *ubuf, size_t length, loff_t *offset)
143 {
144 struct mei_cl *cl = file->private_data;
145 struct mei_cl_cb *cb;
146 unsigned long timeout;
147 int rets;
148 int wait_ret;
149
150 /* Only possible if we are in timeout */
151 if (!cl) {
152 dev_err(dev->dev, "bad file ext.\n");
153 return -ETIME;
154 }
155
156 dev_dbg(dev->dev, "checking amthif data\n");
157 cb = mei_amthif_find_read_list_entry(dev, file);
158
159 /* Check for if we can block or not*/
160 if (cb == NULL && file->f_flags & O_NONBLOCK)
161 return -EAGAIN;
162
163
164 dev_dbg(dev->dev, "waiting for amthif data\n");
165 while (cb == NULL) {
166 /* unlock the Mutex */
167 mutex_unlock(&dev->device_lock);
168
169 wait_ret = wait_event_interruptible(dev->iamthif_cl.wait,
170 (cb = mei_amthif_find_read_list_entry(dev, file)));
171
172 /* Locking again the Mutex */
173 mutex_lock(&dev->device_lock);
174
175 if (wait_ret)
176 return -ERESTARTSYS;
177
178 dev_dbg(dev->dev, "woke up from sleep\n");
179 }
180
181 if (cb->status) {
182 rets = cb->status;
183 dev_dbg(dev->dev, "read operation failed %d\n", rets);
184 goto free;
185 }
186
187 dev_dbg(dev->dev, "Got amthif data\n");
188 dev->iamthif_timer = 0;
189
190 timeout = cb->read_time +
191 mei_secs_to_jiffies(MEI_IAMTHIF_READ_TIMER);
192 dev_dbg(dev->dev, "amthif timeout = %lud\n",
193 timeout);
194
195 if (time_after(jiffies, timeout)) {
196 dev_dbg(dev->dev, "amthif Time out\n");
197 /* 15 sec for the message has expired */
198 list_del_init(&cb->list);
199 rets = -ETIME;
200 goto free;
201 }
202 /* if the whole message will fit remove it from the list */
203 if (cb->buf_idx >= *offset && length >= (cb->buf_idx - *offset))
204 list_del_init(&cb->list);
205 else if (cb->buf_idx > 0 && cb->buf_idx <= *offset) {
206 /* end of the message has been reached */
207 list_del_init(&cb->list);
208 rets = 0;
209 goto free;
210 }
211 /* else means that not full buffer will be read and do not
212 * remove message from deletion list
213 */
214
215 dev_dbg(dev->dev, "amthif cb->buf size - %d\n",
216 cb->buf.size);
217 dev_dbg(dev->dev, "amthif cb->buf_idx - %lu\n", cb->buf_idx);
218
219 /* length is being truncated to PAGE_SIZE, however,
220 * the buf_idx may point beyond */
221 length = min_t(size_t, length, (cb->buf_idx - *offset));
222
223 if (copy_to_user(ubuf, cb->buf.data + *offset, length)) {
224 dev_dbg(dev->dev, "failed to copy data to userland\n");
225 rets = -EFAULT;
226 } else {
227 rets = length;
228 if ((*offset + length) < cb->buf_idx) {
229 *offset += length;
230 goto out;
231 }
232 }
233 free:
234 dev_dbg(dev->dev, "free amthif cb memory.\n");
235 *offset = 0;
236 mei_io_cb_free(cb);
237 out:
238 return rets;
239 }
240
241 /**
242 * mei_amthif_read_start - queue message for sending read credential
243 *
244 * @cl: host client
245 * @file: file pointer of message recipient
246 *
247 * Return: 0 on success, <0 on failure.
248 */
mei_amthif_read_start(struct mei_cl * cl,struct file * file)249 static int mei_amthif_read_start(struct mei_cl *cl, struct file *file)
250 {
251 struct mei_device *dev = cl->dev;
252 struct mei_cl_cb *cb;
253 size_t length = dev->iamthif_mtu;
254 int rets;
255
256 cb = mei_io_cb_init(cl, MEI_FOP_READ, file);
257 if (!cb) {
258 rets = -ENOMEM;
259 goto err;
260 }
261
262 rets = mei_io_cb_alloc_buf(cb, length);
263 if (rets)
264 goto err;
265
266 list_add_tail(&cb->list, &dev->ctrl_wr_list.list);
267
268 dev->iamthif_state = MEI_IAMTHIF_READING;
269 dev->iamthif_file_object = cb->file_object;
270 dev->iamthif_current_cb = cb;
271
272 return 0;
273 err:
274 mei_io_cb_free(cb);
275 return rets;
276 }
277
278 /**
279 * mei_amthif_send_cmd - send amthif command to the ME
280 *
281 * @cl: the host client
282 * @cb: mei call back struct
283 *
284 * Return: 0 on success, <0 on failure.
285 */
mei_amthif_send_cmd(struct mei_cl * cl,struct mei_cl_cb * cb)286 static int mei_amthif_send_cmd(struct mei_cl *cl, struct mei_cl_cb *cb)
287 {
288 struct mei_device *dev;
289 int ret;
290
291 if (!cl->dev || !cb)
292 return -ENODEV;
293
294 dev = cl->dev;
295
296 dev->iamthif_state = MEI_IAMTHIF_WRITING;
297 dev->iamthif_current_cb = cb;
298 dev->iamthif_file_object = cb->file_object;
299 dev->iamthif_canceled = false;
300
301 ret = mei_cl_write(cl, cb, false);
302 if (ret < 0)
303 return ret;
304
305 if (cb->completed)
306 cb->status = mei_amthif_read_start(cl, cb->file_object);
307
308 return 0;
309 }
310
311 /**
312 * mei_amthif_run_next_cmd - send next amt command from queue
313 *
314 * @dev: the device structure
315 *
316 * Return: 0 on success, <0 on failure.
317 */
mei_amthif_run_next_cmd(struct mei_device * dev)318 int mei_amthif_run_next_cmd(struct mei_device *dev)
319 {
320 struct mei_cl *cl = &dev->iamthif_cl;
321 struct mei_cl_cb *cb;
322
323 dev->iamthif_canceled = false;
324 dev->iamthif_state = MEI_IAMTHIF_IDLE;
325 dev->iamthif_timer = 0;
326 dev->iamthif_file_object = NULL;
327
328 dev_dbg(dev->dev, "complete amthif cmd_list cb.\n");
329
330 cb = list_first_entry_or_null(&dev->amthif_cmd_list.list,
331 typeof(*cb), list);
332 if (!cb)
333 return 0;
334
335 list_del_init(&cb->list);
336 return mei_amthif_send_cmd(cl, cb);
337 }
338
339 /**
340 * mei_amthif_write - write amthif data to amthif client
341 *
342 * @cl: host client
343 * @cb: mei call back struct
344 *
345 * Return: 0 on success, <0 on failure.
346 */
mei_amthif_write(struct mei_cl * cl,struct mei_cl_cb * cb)347 int mei_amthif_write(struct mei_cl *cl, struct mei_cl_cb *cb)
348 {
349
350 struct mei_device *dev;
351
352 if (WARN_ON(!cl || !cl->dev))
353 return -ENODEV;
354
355 if (WARN_ON(!cb))
356 return -EINVAL;
357
358 dev = cl->dev;
359
360 list_add_tail(&cb->list, &dev->amthif_cmd_list.list);
361 return mei_amthif_run_next_cmd(dev);
362 }
363
364 /**
365 * mei_amthif_poll - the amthif poll function
366 *
367 * @dev: the device structure
368 * @file: pointer to file structure
369 * @wait: pointer to poll_table structure
370 *
371 * Return: poll mask
372 *
373 * Locking: called under "dev->device_lock" lock
374 */
375
mei_amthif_poll(struct mei_device * dev,struct file * file,poll_table * wait)376 unsigned int mei_amthif_poll(struct mei_device *dev,
377 struct file *file, poll_table *wait)
378 {
379 unsigned int mask = 0;
380
381 poll_wait(file, &dev->iamthif_cl.wait, wait);
382
383 if (dev->iamthif_state == MEI_IAMTHIF_READ_COMPLETE &&
384 dev->iamthif_file_object == file) {
385
386 mask |= POLLIN | POLLRDNORM;
387 mei_amthif_run_next_cmd(dev);
388 }
389
390 return mask;
391 }
392
393
394
395 /**
396 * mei_amthif_irq_write - write iamthif command in irq thread context.
397 *
398 * @cl: private data of the file object.
399 * @cb: callback block.
400 * @cmpl_list: complete list.
401 *
402 * Return: 0, OK; otherwise, error.
403 */
mei_amthif_irq_write(struct mei_cl * cl,struct mei_cl_cb * cb,struct mei_cl_cb * cmpl_list)404 int mei_amthif_irq_write(struct mei_cl *cl, struct mei_cl_cb *cb,
405 struct mei_cl_cb *cmpl_list)
406 {
407 int ret;
408
409 ret = mei_cl_irq_write(cl, cb, cmpl_list);
410 if (ret)
411 return ret;
412
413 if (cb->completed)
414 cb->status = mei_amthif_read_start(cl, cb->file_object);
415
416 return 0;
417 }
418
419 /**
420 * mei_amthif_irq_read_msg - read routine after ISR to
421 * handle the read amthif message
422 *
423 * @cl: mei client
424 * @mei_hdr: header of amthif message
425 * @cmpl_list: completed callbacks list
426 *
427 * Return: -ENODEV if cb is NULL 0 otherwise; error message is in cb->status
428 */
mei_amthif_irq_read_msg(struct mei_cl * cl,struct mei_msg_hdr * mei_hdr,struct mei_cl_cb * cmpl_list)429 int mei_amthif_irq_read_msg(struct mei_cl *cl,
430 struct mei_msg_hdr *mei_hdr,
431 struct mei_cl_cb *cmpl_list)
432 {
433 struct mei_device *dev;
434 int ret;
435
436 dev = cl->dev;
437
438 if (dev->iamthif_state != MEI_IAMTHIF_READING)
439 return 0;
440
441 ret = mei_cl_irq_read_msg(cl, mei_hdr, cmpl_list);
442 if (ret)
443 return ret;
444
445 if (!mei_hdr->msg_complete)
446 return 0;
447
448 dev_dbg(dev->dev, "completed amthif read.\n ");
449 dev->iamthif_current_cb = NULL;
450 dev->iamthif_stall_timer = 0;
451
452 return 0;
453 }
454
455 /**
456 * mei_amthif_complete - complete amthif callback.
457 *
458 * @dev: the device structure.
459 * @cb: callback block.
460 */
mei_amthif_complete(struct mei_device * dev,struct mei_cl_cb * cb)461 void mei_amthif_complete(struct mei_device *dev, struct mei_cl_cb *cb)
462 {
463
464 if (cb->fop_type == MEI_FOP_WRITE) {
465 if (!cb->status) {
466 dev->iamthif_stall_timer = MEI_IAMTHIF_STALL_TIMER;
467 mei_io_cb_free(cb);
468 return;
469 }
470 /*
471 * in case of error enqueue the write cb to complete read list
472 * so it can be propagated to the reader
473 */
474 list_add_tail(&cb->list, &dev->amthif_rd_complete_list.list);
475 wake_up_interruptible(&dev->iamthif_cl.wait);
476 return;
477 }
478
479 if (dev->iamthif_canceled != 1) {
480 dev->iamthif_state = MEI_IAMTHIF_READ_COMPLETE;
481 dev->iamthif_stall_timer = 0;
482 list_add_tail(&cb->list, &dev->amthif_rd_complete_list.list);
483 dev_dbg(dev->dev, "amthif read completed\n");
484 dev->iamthif_timer = jiffies;
485 dev_dbg(dev->dev, "dev->iamthif_timer = %ld\n",
486 dev->iamthif_timer);
487 } else {
488 mei_amthif_run_next_cmd(dev);
489 }
490
491 dev_dbg(dev->dev, "completing amthif call back.\n");
492 wake_up_interruptible(&dev->iamthif_cl.wait);
493 }
494
495 /**
496 * mei_clear_list - removes all callbacks associated with file
497 * from mei_cb_list
498 *
499 * @dev: device structure.
500 * @file: file structure
501 * @mei_cb_list: callbacks list
502 *
503 * mei_clear_list is called to clear resources associated with file
504 * when application calls close function or Ctrl-C was pressed
505 *
506 * Return: true if callback removed from the list, false otherwise
507 */
mei_clear_list(struct mei_device * dev,const struct file * file,struct list_head * mei_cb_list)508 static bool mei_clear_list(struct mei_device *dev,
509 const struct file *file, struct list_head *mei_cb_list)
510 {
511 struct mei_cl *cl = &dev->iamthif_cl;
512 struct mei_cl_cb *cb, *next;
513 bool removed = false;
514
515 /* list all list member */
516 list_for_each_entry_safe(cb, next, mei_cb_list, list) {
517 /* check if list member associated with a file */
518 if (file == cb->file_object) {
519 /* check if cb equal to current iamthif cb */
520 if (dev->iamthif_current_cb == cb) {
521 dev->iamthif_current_cb = NULL;
522 /* send flow control to iamthif client */
523 mei_hbm_cl_flow_control_req(dev, cl);
524 }
525 /* free all allocated buffers */
526 mei_io_cb_free(cb);
527 removed = true;
528 }
529 }
530 return removed;
531 }
532
533 /**
534 * mei_clear_lists - removes all callbacks associated with file
535 *
536 * @dev: device structure
537 * @file: file structure
538 *
539 * mei_clear_lists is called to clear resources associated with file
540 * when application calls close function or Ctrl-C was pressed
541 *
542 * Return: true if callback removed from the list, false otherwise
543 */
mei_clear_lists(struct mei_device * dev,struct file * file)544 static bool mei_clear_lists(struct mei_device *dev, struct file *file)
545 {
546 bool removed = false;
547
548 /* remove callbacks associated with a file */
549 mei_clear_list(dev, file, &dev->amthif_cmd_list.list);
550 if (mei_clear_list(dev, file, &dev->amthif_rd_complete_list.list))
551 removed = true;
552
553 mei_clear_list(dev, file, &dev->ctrl_rd_list.list);
554
555 if (mei_clear_list(dev, file, &dev->ctrl_wr_list.list))
556 removed = true;
557
558 if (mei_clear_list(dev, file, &dev->write_waiting_list.list))
559 removed = true;
560
561 if (mei_clear_list(dev, file, &dev->write_list.list))
562 removed = true;
563
564 /* check if iamthif_current_cb not NULL */
565 if (dev->iamthif_current_cb && !removed) {
566 /* check file and iamthif current cb association */
567 if (dev->iamthif_current_cb->file_object == file) {
568 /* remove cb */
569 mei_io_cb_free(dev->iamthif_current_cb);
570 dev->iamthif_current_cb = NULL;
571 removed = true;
572 }
573 }
574 return removed;
575 }
576
577 /**
578 * mei_amthif_release - the release function
579 *
580 * @dev: device structure
581 * @file: pointer to file structure
582 *
583 * Return: 0 on success, <0 on error
584 */
mei_amthif_release(struct mei_device * dev,struct file * file)585 int mei_amthif_release(struct mei_device *dev, struct file *file)
586 {
587 if (dev->iamthif_open_count > 0)
588 dev->iamthif_open_count--;
589
590 if (dev->iamthif_file_object == file &&
591 dev->iamthif_state != MEI_IAMTHIF_IDLE) {
592
593 dev_dbg(dev->dev, "amthif canceled iamthif state %d\n",
594 dev->iamthif_state);
595 dev->iamthif_canceled = true;
596 if (dev->iamthif_state == MEI_IAMTHIF_READ_COMPLETE) {
597 dev_dbg(dev->dev, "run next amthif iamthif cb\n");
598 mei_amthif_run_next_cmd(dev);
599 }
600 }
601
602 if (mei_clear_lists(dev, file))
603 dev->iamthif_state = MEI_IAMTHIF_IDLE;
604
605 return 0;
606 }
607