1 /*
2 *
3 * Intel Management Engine Interface (Intel MEI) Linux driver
4 * Copyright (c) 2003-2012, Intel Corporation.
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms and conditions of the GNU General Public License,
8 * version 2, as published by the Free Software Foundation.
9 *
10 * This program is distributed in the hope it will be useful, but WITHOUT
11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
13 * more details.
14 *
15 */
16 #include <linux/module.h>
17 #include <linux/moduleparam.h>
18 #include <linux/kernel.h>
19 #include <linux/device.h>
20 #include <linux/slab.h>
21 #include <linux/fs.h>
22 #include <linux/errno.h>
23 #include <linux/types.h>
24 #include <linux/fcntl.h>
25 #include <linux/poll.h>
26 #include <linux/init.h>
27 #include <linux/ioctl.h>
28 #include <linux/cdev.h>
29 #include <linux/sched.h>
30 #include <linux/uuid.h>
31 #include <linux/compat.h>
32 #include <linux/jiffies.h>
33 #include <linux/interrupt.h>
34
35 #include <linux/mei.h>
36
37 #include "mei_dev.h"
38 #include "client.h"
39
40 /**
41 * mei_open - the open function
42 *
43 * @inode: pointer to inode structure
44 * @file: pointer to file structure
45 *
46 * Return: 0 on success, <0 on error
47 */
mei_open(struct inode * inode,struct file * file)48 static int mei_open(struct inode *inode, struct file *file)
49 {
50 struct mei_device *dev;
51 struct mei_cl *cl;
52
53 int err;
54
55 dev = container_of(inode->i_cdev, struct mei_device, cdev);
56 if (!dev)
57 return -ENODEV;
58
59 mutex_lock(&dev->device_lock);
60
61 if (dev->dev_state != MEI_DEV_ENABLED) {
62 dev_dbg(dev->dev, "dev_state != MEI_ENABLED dev_state = %s\n",
63 mei_dev_state_str(dev->dev_state));
64 err = -ENODEV;
65 goto err_unlock;
66 }
67
68 cl = mei_cl_alloc_linked(dev, MEI_HOST_CLIENT_ID_ANY);
69 if (IS_ERR(cl)) {
70 err = PTR_ERR(cl);
71 goto err_unlock;
72 }
73
74 file->private_data = cl;
75
76 mutex_unlock(&dev->device_lock);
77
78 return nonseekable_open(inode, file);
79
80 err_unlock:
81 mutex_unlock(&dev->device_lock);
82 return err;
83 }
84
85 /**
86 * mei_release - the release function
87 *
88 * @inode: pointer to inode structure
89 * @file: pointer to file structure
90 *
91 * Return: 0 on success, <0 on error
92 */
mei_release(struct inode * inode,struct file * file)93 static int mei_release(struct inode *inode, struct file *file)
94 {
95 struct mei_cl *cl = file->private_data;
96 struct mei_device *dev;
97 int rets = 0;
98
99 if (WARN_ON(!cl || !cl->dev))
100 return -ENODEV;
101
102 dev = cl->dev;
103
104 mutex_lock(&dev->device_lock);
105 if (cl == &dev->iamthif_cl) {
106 rets = mei_amthif_release(dev, file);
107 goto out;
108 }
109 if (mei_cl_is_connected(cl)) {
110 cl->state = MEI_FILE_DISCONNECTING;
111 cl_dbg(dev, cl, "disconnecting\n");
112 rets = mei_cl_disconnect(cl);
113 }
114 mei_cl_flush_queues(cl, file);
115 cl_dbg(dev, cl, "removing\n");
116
117 mei_cl_unlink(cl);
118
119 file->private_data = NULL;
120
121 kfree(cl);
122 out:
123 mutex_unlock(&dev->device_lock);
124 return rets;
125 }
126
127
128 /**
129 * mei_read - the read function.
130 *
131 * @file: pointer to file structure
132 * @ubuf: pointer to user buffer
133 * @length: buffer length
134 * @offset: data offset in buffer
135 *
136 * Return: >=0 data length on success , <0 on error
137 */
mei_read(struct file * file,char __user * ubuf,size_t length,loff_t * offset)138 static ssize_t mei_read(struct file *file, char __user *ubuf,
139 size_t length, loff_t *offset)
140 {
141 struct mei_cl *cl = file->private_data;
142 struct mei_device *dev;
143 struct mei_cl_cb *cb = NULL;
144 int rets;
145 int err;
146
147
148 if (WARN_ON(!cl || !cl->dev))
149 return -ENODEV;
150
151 dev = cl->dev;
152
153
154 mutex_lock(&dev->device_lock);
155 if (dev->dev_state != MEI_DEV_ENABLED) {
156 rets = -ENODEV;
157 goto out;
158 }
159
160 if (length == 0) {
161 rets = 0;
162 goto out;
163 }
164
165 if (cl == &dev->iamthif_cl) {
166 rets = mei_amthif_read(dev, file, ubuf, length, offset);
167 goto out;
168 }
169
170 cb = mei_cl_read_cb(cl, file);
171 if (cb) {
172 /* read what left */
173 if (cb->buf_idx > *offset)
174 goto copy_buffer;
175 /* offset is beyond buf_idx we have no more data return 0 */
176 if (cb->buf_idx > 0 && cb->buf_idx <= *offset) {
177 rets = 0;
178 goto free;
179 }
180 /* Offset needs to be cleaned for contiguous reads*/
181 if (cb->buf_idx == 0 && *offset > 0)
182 *offset = 0;
183 } else if (*offset > 0) {
184 *offset = 0;
185 }
186
187 err = mei_cl_read_start(cl, length, file);
188 if (err && err != -EBUSY) {
189 dev_dbg(dev->dev,
190 "mei start read failure with status = %d\n", err);
191 rets = err;
192 goto out;
193 }
194
195 if (list_empty(&cl->rd_completed) && !waitqueue_active(&cl->rx_wait)) {
196 if (file->f_flags & O_NONBLOCK) {
197 rets = -EAGAIN;
198 goto out;
199 }
200
201 mutex_unlock(&dev->device_lock);
202
203 if (wait_event_interruptible(cl->rx_wait,
204 (!list_empty(&cl->rd_completed)) ||
205 (!mei_cl_is_connected(cl)))) {
206
207 if (signal_pending(current))
208 return -EINTR;
209 return -ERESTARTSYS;
210 }
211
212 mutex_lock(&dev->device_lock);
213 if (!mei_cl_is_connected(cl)) {
214 rets = -EBUSY;
215 goto out;
216 }
217 }
218
219 cb = mei_cl_read_cb(cl, file);
220 if (!cb) {
221 rets = 0;
222 goto out;
223 }
224
225 copy_buffer:
226 /* now copy the data to user space */
227 if (cb->status) {
228 rets = cb->status;
229 dev_dbg(dev->dev, "read operation failed %d\n", rets);
230 goto free;
231 }
232
233 dev_dbg(dev->dev, "buf.size = %d buf.idx= %ld\n",
234 cb->buf.size, cb->buf_idx);
235 if (length == 0 || ubuf == NULL || *offset > cb->buf_idx) {
236 rets = -EMSGSIZE;
237 goto free;
238 }
239
240 /* length is being truncated to PAGE_SIZE,
241 * however buf_idx may point beyond that */
242 length = min_t(size_t, length, cb->buf_idx - *offset);
243
244 if (copy_to_user(ubuf, cb->buf.data + *offset, length)) {
245 dev_dbg(dev->dev, "failed to copy data to userland\n");
246 rets = -EFAULT;
247 goto free;
248 }
249
250 rets = length;
251 *offset += length;
252 if ((unsigned long)*offset < cb->buf_idx)
253 goto out;
254
255 free:
256 mei_io_cb_free(cb);
257
258 out:
259 dev_dbg(dev->dev, "end mei read rets= %d\n", rets);
260 mutex_unlock(&dev->device_lock);
261 return rets;
262 }
263 /**
264 * mei_write - the write function.
265 *
266 * @file: pointer to file structure
267 * @ubuf: pointer to user buffer
268 * @length: buffer length
269 * @offset: data offset in buffer
270 *
271 * Return: >=0 data length on success , <0 on error
272 */
mei_write(struct file * file,const char __user * ubuf,size_t length,loff_t * offset)273 static ssize_t mei_write(struct file *file, const char __user *ubuf,
274 size_t length, loff_t *offset)
275 {
276 struct mei_cl *cl = file->private_data;
277 struct mei_me_client *me_cl = NULL;
278 struct mei_cl_cb *write_cb = NULL;
279 struct mei_device *dev;
280 unsigned long timeout = 0;
281 int rets;
282
283 if (WARN_ON(!cl || !cl->dev))
284 return -ENODEV;
285
286 dev = cl->dev;
287
288 mutex_lock(&dev->device_lock);
289
290 if (dev->dev_state != MEI_DEV_ENABLED) {
291 rets = -ENODEV;
292 goto out;
293 }
294
295 me_cl = mei_me_cl_by_uuid_id(dev, &cl->cl_uuid, cl->me_client_id);
296 if (!me_cl) {
297 rets = -ENOTTY;
298 goto out;
299 }
300
301 if (length == 0) {
302 rets = 0;
303 goto out;
304 }
305
306 if (length > me_cl->props.max_msg_length) {
307 rets = -EFBIG;
308 goto out;
309 }
310
311 if (!mei_cl_is_connected(cl)) {
312 cl_err(dev, cl, "is not connected");
313 rets = -ENODEV;
314 goto out;
315 }
316 if (cl == &dev->iamthif_cl) {
317 write_cb = mei_amthif_find_read_list_entry(dev, file);
318
319 if (write_cb) {
320 timeout = write_cb->read_time +
321 mei_secs_to_jiffies(MEI_IAMTHIF_READ_TIMER);
322
323 if (time_after(jiffies, timeout)) {
324 *offset = 0;
325 mei_io_cb_free(write_cb);
326 write_cb = NULL;
327 }
328 }
329 }
330
331 *offset = 0;
332 write_cb = mei_cl_alloc_cb(cl, length, MEI_FOP_WRITE, file);
333 if (!write_cb) {
334 rets = -ENOMEM;
335 goto out;
336 }
337
338 rets = copy_from_user(write_cb->buf.data, ubuf, length);
339 if (rets) {
340 dev_dbg(dev->dev, "failed to copy data from userland\n");
341 rets = -EFAULT;
342 goto out;
343 }
344
345 if (cl == &dev->iamthif_cl) {
346 rets = mei_amthif_write(cl, write_cb);
347
348 if (rets) {
349 dev_err(dev->dev,
350 "amthif write failed with status = %d\n", rets);
351 goto out;
352 }
353 mei_me_cl_put(me_cl);
354 mutex_unlock(&dev->device_lock);
355 return length;
356 }
357
358 rets = mei_cl_write(cl, write_cb, false);
359 out:
360 mei_me_cl_put(me_cl);
361 mutex_unlock(&dev->device_lock);
362 if (rets < 0)
363 mei_io_cb_free(write_cb);
364 return rets;
365 }
366
367 /**
368 * mei_ioctl_connect_client - the connect to fw client IOCTL function
369 *
370 * @file: private data of the file object
371 * @data: IOCTL connect data, input and output parameters
372 *
373 * Locking: called under "dev->device_lock" lock
374 *
375 * Return: 0 on success, <0 on failure.
376 */
mei_ioctl_connect_client(struct file * file,struct mei_connect_client_data * data)377 static int mei_ioctl_connect_client(struct file *file,
378 struct mei_connect_client_data *data)
379 {
380 struct mei_device *dev;
381 struct mei_client *client;
382 struct mei_me_client *me_cl;
383 struct mei_cl *cl;
384 int rets;
385
386 cl = file->private_data;
387 dev = cl->dev;
388
389 if (dev->dev_state != MEI_DEV_ENABLED)
390 return -ENODEV;
391
392 if (cl->state != MEI_FILE_INITIALIZING &&
393 cl->state != MEI_FILE_DISCONNECTED)
394 return -EBUSY;
395
396 /* find ME client we're trying to connect to */
397 me_cl = mei_me_cl_by_uuid(dev, &data->in_client_uuid);
398 if (!me_cl || me_cl->props.fixed_address) {
399 dev_dbg(dev->dev, "Cannot connect to FW Client UUID = %pUl\n",
400 &data->in_client_uuid);
401 return -ENOTTY;
402 }
403
404 cl->me_client_id = me_cl->client_id;
405 cl->cl_uuid = me_cl->props.protocol_name;
406
407 dev_dbg(dev->dev, "Connect to FW Client ID = %d\n",
408 cl->me_client_id);
409 dev_dbg(dev->dev, "FW Client - Protocol Version = %d\n",
410 me_cl->props.protocol_version);
411 dev_dbg(dev->dev, "FW Client - Max Msg Len = %d\n",
412 me_cl->props.max_msg_length);
413
414 /* if we're connecting to amthif client then we will use the
415 * existing connection
416 */
417 if (uuid_le_cmp(data->in_client_uuid, mei_amthif_guid) == 0) {
418 dev_dbg(dev->dev, "FW Client is amthi\n");
419 if (!mei_cl_is_connected(&dev->iamthif_cl)) {
420 rets = -ENODEV;
421 goto end;
422 }
423 mei_cl_unlink(cl);
424
425 kfree(cl);
426 cl = NULL;
427 dev->iamthif_open_count++;
428 file->private_data = &dev->iamthif_cl;
429
430 client = &data->out_client_properties;
431 client->max_msg_length = me_cl->props.max_msg_length;
432 client->protocol_version = me_cl->props.protocol_version;
433 rets = dev->iamthif_cl.status;
434
435 goto end;
436 }
437
438 /* prepare the output buffer */
439 client = &data->out_client_properties;
440 client->max_msg_length = me_cl->props.max_msg_length;
441 client->protocol_version = me_cl->props.protocol_version;
442 dev_dbg(dev->dev, "Can connect?\n");
443
444 rets = mei_cl_connect(cl, file);
445
446 end:
447 mei_me_cl_put(me_cl);
448 return rets;
449 }
450
451 /**
452 * mei_ioctl - the IOCTL function
453 *
454 * @file: pointer to file structure
455 * @cmd: ioctl command
456 * @data: pointer to mei message structure
457 *
458 * Return: 0 on success , <0 on error
459 */
mei_ioctl(struct file * file,unsigned int cmd,unsigned long data)460 static long mei_ioctl(struct file *file, unsigned int cmd, unsigned long data)
461 {
462 struct mei_device *dev;
463 struct mei_cl *cl = file->private_data;
464 struct mei_connect_client_data connect_data;
465 int rets;
466
467
468 if (WARN_ON(!cl || !cl->dev))
469 return -ENODEV;
470
471 dev = cl->dev;
472
473 dev_dbg(dev->dev, "IOCTL cmd = 0x%x", cmd);
474
475 mutex_lock(&dev->device_lock);
476 if (dev->dev_state != MEI_DEV_ENABLED) {
477 rets = -ENODEV;
478 goto out;
479 }
480
481 switch (cmd) {
482 case IOCTL_MEI_CONNECT_CLIENT:
483 dev_dbg(dev->dev, ": IOCTL_MEI_CONNECT_CLIENT.\n");
484 if (copy_from_user(&connect_data, (char __user *)data,
485 sizeof(struct mei_connect_client_data))) {
486 dev_dbg(dev->dev, "failed to copy data from userland\n");
487 rets = -EFAULT;
488 goto out;
489 }
490
491 rets = mei_ioctl_connect_client(file, &connect_data);
492 if (rets)
493 goto out;
494
495 /* if all is ok, copying the data back to user. */
496 if (copy_to_user((char __user *)data, &connect_data,
497 sizeof(struct mei_connect_client_data))) {
498 dev_dbg(dev->dev, "failed to copy data to userland\n");
499 rets = -EFAULT;
500 goto out;
501 }
502
503 break;
504
505 default:
506 dev_err(dev->dev, ": unsupported ioctl %d.\n", cmd);
507 rets = -ENOIOCTLCMD;
508 }
509
510 out:
511 mutex_unlock(&dev->device_lock);
512 return rets;
513 }
514
515 /**
516 * mei_compat_ioctl - the compat IOCTL function
517 *
518 * @file: pointer to file structure
519 * @cmd: ioctl command
520 * @data: pointer to mei message structure
521 *
522 * Return: 0 on success , <0 on error
523 */
524 #ifdef CONFIG_COMPAT
mei_compat_ioctl(struct file * file,unsigned int cmd,unsigned long data)525 static long mei_compat_ioctl(struct file *file,
526 unsigned int cmd, unsigned long data)
527 {
528 return mei_ioctl(file, cmd, (unsigned long)compat_ptr(data));
529 }
530 #endif
531
532
533 /**
534 * mei_poll - the poll function
535 *
536 * @file: pointer to file structure
537 * @wait: pointer to poll_table structure
538 *
539 * Return: poll mask
540 */
mei_poll(struct file * file,poll_table * wait)541 static unsigned int mei_poll(struct file *file, poll_table *wait)
542 {
543 unsigned long req_events = poll_requested_events(wait);
544 struct mei_cl *cl = file->private_data;
545 struct mei_device *dev;
546 unsigned int mask = 0;
547
548 if (WARN_ON(!cl || !cl->dev))
549 return POLLERR;
550
551 dev = cl->dev;
552
553 mutex_lock(&dev->device_lock);
554
555
556 if (dev->dev_state != MEI_DEV_ENABLED ||
557 !mei_cl_is_connected(cl)) {
558 mask = POLLERR;
559 goto out;
560 }
561
562 if (cl == &dev->iamthif_cl) {
563 mask = mei_amthif_poll(dev, file, wait);
564 goto out;
565 }
566
567 if (req_events & (POLLIN | POLLRDNORM)) {
568 poll_wait(file, &cl->rx_wait, wait);
569
570 if (!list_empty(&cl->rd_completed))
571 mask |= POLLIN | POLLRDNORM;
572 else
573 mei_cl_read_start(cl, 0, file);
574 }
575
576 out:
577 mutex_unlock(&dev->device_lock);
578 return mask;
579 }
580
581 /**
582 * fw_status_show - mei device attribute show method
583 *
584 * @device: device pointer
585 * @attr: attribute pointer
586 * @buf: char out buffer
587 *
588 * Return: number of the bytes printed into buf or error
589 */
fw_status_show(struct device * device,struct device_attribute * attr,char * buf)590 static ssize_t fw_status_show(struct device *device,
591 struct device_attribute *attr, char *buf)
592 {
593 struct mei_device *dev = dev_get_drvdata(device);
594 struct mei_fw_status fw_status;
595 int err, i;
596 ssize_t cnt = 0;
597
598 mutex_lock(&dev->device_lock);
599 err = mei_fw_status(dev, &fw_status);
600 mutex_unlock(&dev->device_lock);
601 if (err) {
602 dev_err(device, "read fw_status error = %d\n", err);
603 return err;
604 }
605
606 for (i = 0; i < fw_status.count; i++)
607 cnt += scnprintf(buf + cnt, PAGE_SIZE - cnt, "%08X\n",
608 fw_status.status[i]);
609 return cnt;
610 }
611 static DEVICE_ATTR_RO(fw_status);
612
613 static struct attribute *mei_attrs[] = {
614 &dev_attr_fw_status.attr,
615 NULL
616 };
617 ATTRIBUTE_GROUPS(mei);
618
619 /*
620 * file operations structure will be used for mei char device.
621 */
622 static const struct file_operations mei_fops = {
623 .owner = THIS_MODULE,
624 .read = mei_read,
625 .unlocked_ioctl = mei_ioctl,
626 #ifdef CONFIG_COMPAT
627 .compat_ioctl = mei_compat_ioctl,
628 #endif
629 .open = mei_open,
630 .release = mei_release,
631 .write = mei_write,
632 .poll = mei_poll,
633 .llseek = no_llseek
634 };
635
636 static struct class *mei_class;
637 static dev_t mei_devt;
638 #define MEI_MAX_DEVS MINORMASK
639 static DEFINE_MUTEX(mei_minor_lock);
640 static DEFINE_IDR(mei_idr);
641
642 /**
643 * mei_minor_get - obtain next free device minor number
644 *
645 * @dev: device pointer
646 *
647 * Return: allocated minor, or -ENOSPC if no free minor left
648 */
mei_minor_get(struct mei_device * dev)649 static int mei_minor_get(struct mei_device *dev)
650 {
651 int ret;
652
653 mutex_lock(&mei_minor_lock);
654 ret = idr_alloc(&mei_idr, dev, 0, MEI_MAX_DEVS, GFP_KERNEL);
655 if (ret >= 0)
656 dev->minor = ret;
657 else if (ret == -ENOSPC)
658 dev_err(dev->dev, "too many mei devices\n");
659
660 mutex_unlock(&mei_minor_lock);
661 return ret;
662 }
663
664 /**
665 * mei_minor_free - mark device minor number as free
666 *
667 * @dev: device pointer
668 */
mei_minor_free(struct mei_device * dev)669 static void mei_minor_free(struct mei_device *dev)
670 {
671 mutex_lock(&mei_minor_lock);
672 idr_remove(&mei_idr, dev->minor);
673 mutex_unlock(&mei_minor_lock);
674 }
675
mei_register(struct mei_device * dev,struct device * parent)676 int mei_register(struct mei_device *dev, struct device *parent)
677 {
678 struct device *clsdev; /* class device */
679 int ret, devno;
680
681 ret = mei_minor_get(dev);
682 if (ret < 0)
683 return ret;
684
685 /* Fill in the data structures */
686 devno = MKDEV(MAJOR(mei_devt), dev->minor);
687 cdev_init(&dev->cdev, &mei_fops);
688 dev->cdev.owner = parent->driver->owner;
689
690 /* Add the device */
691 ret = cdev_add(&dev->cdev, devno, 1);
692 if (ret) {
693 dev_err(parent, "unable to add device %d:%d\n",
694 MAJOR(mei_devt), dev->minor);
695 goto err_dev_add;
696 }
697
698 clsdev = device_create_with_groups(mei_class, parent, devno,
699 dev, mei_groups,
700 "mei%d", dev->minor);
701
702 if (IS_ERR(clsdev)) {
703 dev_err(parent, "unable to create device %d:%d\n",
704 MAJOR(mei_devt), dev->minor);
705 ret = PTR_ERR(clsdev);
706 goto err_dev_create;
707 }
708
709 ret = mei_dbgfs_register(dev, dev_name(clsdev));
710 if (ret) {
711 dev_err(clsdev, "cannot register debugfs ret = %d\n", ret);
712 goto err_dev_dbgfs;
713 }
714
715 return 0;
716
717 err_dev_dbgfs:
718 device_destroy(mei_class, devno);
719 err_dev_create:
720 cdev_del(&dev->cdev);
721 err_dev_add:
722 mei_minor_free(dev);
723 return ret;
724 }
725 EXPORT_SYMBOL_GPL(mei_register);
726
mei_deregister(struct mei_device * dev)727 void mei_deregister(struct mei_device *dev)
728 {
729 int devno;
730
731 devno = dev->cdev.dev;
732 cdev_del(&dev->cdev);
733
734 mei_dbgfs_deregister(dev);
735
736 device_destroy(mei_class, devno);
737
738 mei_minor_free(dev);
739 }
740 EXPORT_SYMBOL_GPL(mei_deregister);
741
mei_init(void)742 static int __init mei_init(void)
743 {
744 int ret;
745
746 mei_class = class_create(THIS_MODULE, "mei");
747 if (IS_ERR(mei_class)) {
748 pr_err("couldn't create class\n");
749 ret = PTR_ERR(mei_class);
750 goto err;
751 }
752
753 ret = alloc_chrdev_region(&mei_devt, 0, MEI_MAX_DEVS, "mei");
754 if (ret < 0) {
755 pr_err("unable to allocate char dev region\n");
756 goto err_class;
757 }
758
759 ret = mei_cl_bus_init();
760 if (ret < 0) {
761 pr_err("unable to initialize bus\n");
762 goto err_chrdev;
763 }
764
765 return 0;
766
767 err_chrdev:
768 unregister_chrdev_region(mei_devt, MEI_MAX_DEVS);
769 err_class:
770 class_destroy(mei_class);
771 err:
772 return ret;
773 }
774
mei_exit(void)775 static void __exit mei_exit(void)
776 {
777 unregister_chrdev_region(mei_devt, MEI_MAX_DEVS);
778 class_destroy(mei_class);
779 mei_cl_bus_exit();
780 }
781
782 module_init(mei_init);
783 module_exit(mei_exit);
784
785 MODULE_AUTHOR("Intel Corporation");
786 MODULE_DESCRIPTION("Intel(R) Management Engine Interface");
787 MODULE_LICENSE("GPL v2");
788
789