1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * main.c - Multi purpose firmware loading support
4 *
5 * Copyright (c) 2003 Manuel Estrada Sainz
6 *
7 * Please see Documentation/driver-api/firmware/ for more information.
8 *
9 */
10
11 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
12
13 #include <linux/capability.h>
14 #include <linux/device.h>
15 #include <linux/kernel_read_file.h>
16 #include <linux/module.h>
17 #include <linux/init.h>
18 #include <linux/initrd.h>
19 #include <linux/timer.h>
20 #include <linux/vmalloc.h>
21 #include <linux/interrupt.h>
22 #include <linux/bitops.h>
23 #include <linux/mutex.h>
24 #include <linux/workqueue.h>
25 #include <linux/highmem.h>
26 #include <linux/firmware.h>
27 #include <linux/slab.h>
28 #include <linux/sched.h>
29 #include <linux/file.h>
30 #include <linux/list.h>
31 #include <linux/fs.h>
32 #include <linux/async.h>
33 #include <linux/pm.h>
34 #include <linux/suspend.h>
35 #include <linux/syscore_ops.h>
36 #include <linux/reboot.h>
37 #include <linux/security.h>
38 #include <linux/zstd.h>
39 #include <linux/xz.h>
40
41 #include <generated/utsrelease.h>
42
43 #include "../base.h"
44 #include "firmware.h"
45 #include "fallback.h"
46
47 MODULE_AUTHOR("Manuel Estrada Sainz");
48 MODULE_DESCRIPTION("Multi purpose firmware loading support");
49 MODULE_LICENSE("GPL");
50
51 struct firmware_cache {
52 /* firmware_buf instance will be added into the below list */
53 spinlock_t lock;
54 struct list_head head;
55 int state;
56
57 #ifdef CONFIG_FW_CACHE
58 /*
59 * Names of firmware images which have been cached successfully
60 * will be added into the below list so that device uncache
61 * helper can trace which firmware images have been cached
62 * before.
63 */
64 spinlock_t name_lock;
65 struct list_head fw_names;
66
67 struct delayed_work work;
68
69 struct notifier_block pm_notify;
70 #endif
71 };
72
73 struct fw_cache_entry {
74 struct list_head list;
75 const char *name;
76 };
77
78 struct fw_name_devm {
79 unsigned long magic;
80 const char *name;
81 };
82
to_fw_priv(struct kref * ref)83 static inline struct fw_priv *to_fw_priv(struct kref *ref)
84 {
85 return container_of(ref, struct fw_priv, ref);
86 }
87
88 #define FW_LOADER_NO_CACHE 0
89 #define FW_LOADER_START_CACHE 1
90
91 /* fw_lock could be moved to 'struct fw_sysfs' but since it is just
92 * guarding for corner cases a global lock should be OK */
93 DEFINE_MUTEX(fw_lock);
94
95 struct firmware_cache fw_cache;
96
fw_state_init(struct fw_priv * fw_priv)97 void fw_state_init(struct fw_priv *fw_priv)
98 {
99 struct fw_state *fw_st = &fw_priv->fw_st;
100
101 init_completion(&fw_st->completion);
102 fw_st->status = FW_STATUS_UNKNOWN;
103 }
104
fw_state_wait(struct fw_priv * fw_priv)105 static inline int fw_state_wait(struct fw_priv *fw_priv)
106 {
107 return __fw_state_wait_common(fw_priv, MAX_SCHEDULE_TIMEOUT);
108 }
109
110 static void fw_cache_piggyback_on_request(struct fw_priv *fw_priv);
111
__allocate_fw_priv(const char * fw_name,struct firmware_cache * fwc,void * dbuf,size_t size,size_t offset,u32 opt_flags)112 static struct fw_priv *__allocate_fw_priv(const char *fw_name,
113 struct firmware_cache *fwc,
114 void *dbuf,
115 size_t size,
116 size_t offset,
117 u32 opt_flags)
118 {
119 struct fw_priv *fw_priv;
120
121 /* For a partial read, the buffer must be preallocated. */
122 if ((opt_flags & FW_OPT_PARTIAL) && !dbuf)
123 return NULL;
124
125 /* Only partial reads are allowed to use an offset. */
126 if (offset != 0 && !(opt_flags & FW_OPT_PARTIAL))
127 return NULL;
128
129 fw_priv = kzalloc(sizeof(*fw_priv), GFP_ATOMIC);
130 if (!fw_priv)
131 return NULL;
132
133 fw_priv->fw_name = kstrdup_const(fw_name, GFP_ATOMIC);
134 if (!fw_priv->fw_name) {
135 kfree(fw_priv);
136 return NULL;
137 }
138
139 kref_init(&fw_priv->ref);
140 fw_priv->fwc = fwc;
141 fw_priv->data = dbuf;
142 fw_priv->allocated_size = size;
143 fw_priv->offset = offset;
144 fw_priv->opt_flags = opt_flags;
145 fw_state_init(fw_priv);
146 #ifdef CONFIG_FW_LOADER_USER_HELPER
147 INIT_LIST_HEAD(&fw_priv->pending_list);
148 #endif
149
150 pr_debug("%s: fw-%s fw_priv=%p\n", __func__, fw_name, fw_priv);
151
152 return fw_priv;
153 }
154
__lookup_fw_priv(const char * fw_name)155 static struct fw_priv *__lookup_fw_priv(const char *fw_name)
156 {
157 struct fw_priv *tmp;
158 struct firmware_cache *fwc = &fw_cache;
159
160 list_for_each_entry(tmp, &fwc->head, list)
161 if (!strcmp(tmp->fw_name, fw_name))
162 return tmp;
163 return NULL;
164 }
165
166 /* Returns 1 for batching firmware requests with the same name */
alloc_lookup_fw_priv(const char * fw_name,struct firmware_cache * fwc,struct fw_priv ** fw_priv,void * dbuf,size_t size,size_t offset,u32 opt_flags)167 int alloc_lookup_fw_priv(const char *fw_name, struct firmware_cache *fwc,
168 struct fw_priv **fw_priv, void *dbuf, size_t size,
169 size_t offset, u32 opt_flags)
170 {
171 struct fw_priv *tmp;
172
173 spin_lock(&fwc->lock);
174 /*
175 * Do not merge requests that are marked to be non-cached or
176 * are performing partial reads.
177 */
178 if (!(opt_flags & (FW_OPT_NOCACHE | FW_OPT_PARTIAL))) {
179 tmp = __lookup_fw_priv(fw_name);
180 if (tmp) {
181 kref_get(&tmp->ref);
182 spin_unlock(&fwc->lock);
183 *fw_priv = tmp;
184 pr_debug("batched request - sharing the same struct fw_priv and lookup for multiple requests\n");
185 return 1;
186 }
187 }
188
189 tmp = __allocate_fw_priv(fw_name, fwc, dbuf, size, offset, opt_flags);
190 if (tmp) {
191 INIT_LIST_HEAD(&tmp->list);
192 if (!(opt_flags & FW_OPT_NOCACHE))
193 list_add(&tmp->list, &fwc->head);
194 }
195 spin_unlock(&fwc->lock);
196
197 *fw_priv = tmp;
198
199 return tmp ? 0 : -ENOMEM;
200 }
201
__free_fw_priv(struct kref * ref)202 static void __free_fw_priv(struct kref *ref)
203 __releases(&fwc->lock)
204 {
205 struct fw_priv *fw_priv = to_fw_priv(ref);
206 struct firmware_cache *fwc = fw_priv->fwc;
207
208 pr_debug("%s: fw-%s fw_priv=%p data=%p size=%u\n",
209 __func__, fw_priv->fw_name, fw_priv, fw_priv->data,
210 (unsigned int)fw_priv->size);
211
212 list_del(&fw_priv->list);
213 spin_unlock(&fwc->lock);
214
215 if (fw_is_paged_buf(fw_priv))
216 fw_free_paged_buf(fw_priv);
217 else if (!fw_priv->allocated_size)
218 vfree(fw_priv->data);
219
220 kfree_const(fw_priv->fw_name);
221 kfree(fw_priv);
222 }
223
free_fw_priv(struct fw_priv * fw_priv)224 void free_fw_priv(struct fw_priv *fw_priv)
225 {
226 struct firmware_cache *fwc = fw_priv->fwc;
227 spin_lock(&fwc->lock);
228 if (!kref_put(&fw_priv->ref, __free_fw_priv))
229 spin_unlock(&fwc->lock);
230 }
231
232 #ifdef CONFIG_FW_LOADER_PAGED_BUF
fw_is_paged_buf(struct fw_priv * fw_priv)233 bool fw_is_paged_buf(struct fw_priv *fw_priv)
234 {
235 return fw_priv->is_paged_buf;
236 }
237
fw_free_paged_buf(struct fw_priv * fw_priv)238 void fw_free_paged_buf(struct fw_priv *fw_priv)
239 {
240 int i;
241
242 if (!fw_priv->pages)
243 return;
244
245 vunmap(fw_priv->data);
246
247 for (i = 0; i < fw_priv->nr_pages; i++)
248 __free_page(fw_priv->pages[i]);
249 kvfree(fw_priv->pages);
250 fw_priv->pages = NULL;
251 fw_priv->page_array_size = 0;
252 fw_priv->nr_pages = 0;
253 fw_priv->data = NULL;
254 fw_priv->size = 0;
255 }
256
fw_grow_paged_buf(struct fw_priv * fw_priv,int pages_needed)257 int fw_grow_paged_buf(struct fw_priv *fw_priv, int pages_needed)
258 {
259 /* If the array of pages is too small, grow it */
260 if (fw_priv->page_array_size < pages_needed) {
261 int new_array_size = max(pages_needed,
262 fw_priv->page_array_size * 2);
263 struct page **new_pages;
264
265 new_pages = kvmalloc_array(new_array_size, sizeof(void *),
266 GFP_KERNEL);
267 if (!new_pages)
268 return -ENOMEM;
269 memcpy(new_pages, fw_priv->pages,
270 fw_priv->page_array_size * sizeof(void *));
271 memset(&new_pages[fw_priv->page_array_size], 0, sizeof(void *) *
272 (new_array_size - fw_priv->page_array_size));
273 kvfree(fw_priv->pages);
274 fw_priv->pages = new_pages;
275 fw_priv->page_array_size = new_array_size;
276 }
277
278 while (fw_priv->nr_pages < pages_needed) {
279 fw_priv->pages[fw_priv->nr_pages] =
280 alloc_page(GFP_KERNEL | __GFP_HIGHMEM);
281
282 if (!fw_priv->pages[fw_priv->nr_pages])
283 return -ENOMEM;
284 fw_priv->nr_pages++;
285 }
286
287 return 0;
288 }
289
fw_map_paged_buf(struct fw_priv * fw_priv)290 int fw_map_paged_buf(struct fw_priv *fw_priv)
291 {
292 /* one pages buffer should be mapped/unmapped only once */
293 if (!fw_priv->pages)
294 return 0;
295
296 vunmap(fw_priv->data);
297 fw_priv->data = vmap(fw_priv->pages, fw_priv->nr_pages, 0,
298 PAGE_KERNEL_RO);
299 if (!fw_priv->data)
300 return -ENOMEM;
301
302 return 0;
303 }
304 #endif
305
306 /*
307 * ZSTD-compressed firmware support
308 */
309 #ifdef CONFIG_FW_LOADER_COMPRESS_ZSTD
fw_decompress_zstd(struct device * dev,struct fw_priv * fw_priv,size_t in_size,const void * in_buffer)310 static int fw_decompress_zstd(struct device *dev, struct fw_priv *fw_priv,
311 size_t in_size, const void *in_buffer)
312 {
313 size_t len, out_size, workspace_size;
314 void *workspace, *out_buf;
315 zstd_dctx *ctx;
316 int err;
317
318 if (fw_priv->allocated_size) {
319 out_size = fw_priv->allocated_size;
320 out_buf = fw_priv->data;
321 } else {
322 zstd_frame_header params;
323
324 if (zstd_get_frame_header(¶ms, in_buffer, in_size) ||
325 params.frameContentSize == ZSTD_CONTENTSIZE_UNKNOWN) {
326 dev_dbg(dev, "%s: invalid zstd header\n", __func__);
327 return -EINVAL;
328 }
329 out_size = params.frameContentSize;
330 out_buf = vzalloc(out_size);
331 if (!out_buf)
332 return -ENOMEM;
333 }
334
335 workspace_size = zstd_dctx_workspace_bound();
336 workspace = kvzalloc(workspace_size, GFP_KERNEL);
337 if (!workspace) {
338 err = -ENOMEM;
339 goto error;
340 }
341
342 ctx = zstd_init_dctx(workspace, workspace_size);
343 if (!ctx) {
344 dev_dbg(dev, "%s: failed to initialize context\n", __func__);
345 err = -EINVAL;
346 goto error;
347 }
348
349 len = zstd_decompress_dctx(ctx, out_buf, out_size, in_buffer, in_size);
350 if (zstd_is_error(len)) {
351 dev_dbg(dev, "%s: failed to decompress: %d\n", __func__,
352 zstd_get_error_code(len));
353 err = -EINVAL;
354 goto error;
355 }
356
357 if (!fw_priv->allocated_size)
358 fw_priv->data = out_buf;
359 fw_priv->size = len;
360 err = 0;
361
362 error:
363 kvfree(workspace);
364 if (err && !fw_priv->allocated_size)
365 vfree(out_buf);
366 return err;
367 }
368 #endif /* CONFIG_FW_LOADER_COMPRESS_ZSTD */
369
370 /*
371 * XZ-compressed firmware support
372 */
373 #ifdef CONFIG_FW_LOADER_COMPRESS_XZ
374 /* show an error and return the standard error code */
fw_decompress_xz_error(struct device * dev,enum xz_ret xz_ret)375 static int fw_decompress_xz_error(struct device *dev, enum xz_ret xz_ret)
376 {
377 if (xz_ret != XZ_STREAM_END) {
378 dev_warn(dev, "xz decompression failed (xz_ret=%d)\n", xz_ret);
379 return xz_ret == XZ_MEM_ERROR ? -ENOMEM : -EINVAL;
380 }
381 return 0;
382 }
383
384 /* single-shot decompression onto the pre-allocated buffer */
fw_decompress_xz_single(struct device * dev,struct fw_priv * fw_priv,size_t in_size,const void * in_buffer)385 static int fw_decompress_xz_single(struct device *dev, struct fw_priv *fw_priv,
386 size_t in_size, const void *in_buffer)
387 {
388 struct xz_dec *xz_dec;
389 struct xz_buf xz_buf;
390 enum xz_ret xz_ret;
391
392 xz_dec = xz_dec_init(XZ_SINGLE, (u32)-1);
393 if (!xz_dec)
394 return -ENOMEM;
395
396 xz_buf.in_size = in_size;
397 xz_buf.in = in_buffer;
398 xz_buf.in_pos = 0;
399 xz_buf.out_size = fw_priv->allocated_size;
400 xz_buf.out = fw_priv->data;
401 xz_buf.out_pos = 0;
402
403 xz_ret = xz_dec_run(xz_dec, &xz_buf);
404 xz_dec_end(xz_dec);
405
406 fw_priv->size = xz_buf.out_pos;
407 return fw_decompress_xz_error(dev, xz_ret);
408 }
409
410 /* decompression on paged buffer and map it */
fw_decompress_xz_pages(struct device * dev,struct fw_priv * fw_priv,size_t in_size,const void * in_buffer)411 static int fw_decompress_xz_pages(struct device *dev, struct fw_priv *fw_priv,
412 size_t in_size, const void *in_buffer)
413 {
414 struct xz_dec *xz_dec;
415 struct xz_buf xz_buf;
416 enum xz_ret xz_ret;
417 struct page *page;
418 int err = 0;
419
420 xz_dec = xz_dec_init(XZ_DYNALLOC, (u32)-1);
421 if (!xz_dec)
422 return -ENOMEM;
423
424 xz_buf.in_size = in_size;
425 xz_buf.in = in_buffer;
426 xz_buf.in_pos = 0;
427
428 fw_priv->is_paged_buf = true;
429 fw_priv->size = 0;
430 do {
431 if (fw_grow_paged_buf(fw_priv, fw_priv->nr_pages + 1)) {
432 err = -ENOMEM;
433 goto out;
434 }
435
436 /* decompress onto the new allocated page */
437 page = fw_priv->pages[fw_priv->nr_pages - 1];
438 xz_buf.out = kmap_local_page(page);
439 xz_buf.out_pos = 0;
440 xz_buf.out_size = PAGE_SIZE;
441 xz_ret = xz_dec_run(xz_dec, &xz_buf);
442 kunmap_local(xz_buf.out);
443 fw_priv->size += xz_buf.out_pos;
444 /* partial decompression means either end or error */
445 if (xz_buf.out_pos != PAGE_SIZE)
446 break;
447 } while (xz_ret == XZ_OK);
448
449 err = fw_decompress_xz_error(dev, xz_ret);
450 if (!err)
451 err = fw_map_paged_buf(fw_priv);
452
453 out:
454 xz_dec_end(xz_dec);
455 return err;
456 }
457
fw_decompress_xz(struct device * dev,struct fw_priv * fw_priv,size_t in_size,const void * in_buffer)458 static int fw_decompress_xz(struct device *dev, struct fw_priv *fw_priv,
459 size_t in_size, const void *in_buffer)
460 {
461 /* if the buffer is pre-allocated, we can perform in single-shot mode */
462 if (fw_priv->data)
463 return fw_decompress_xz_single(dev, fw_priv, in_size, in_buffer);
464 else
465 return fw_decompress_xz_pages(dev, fw_priv, in_size, in_buffer);
466 }
467 #endif /* CONFIG_FW_LOADER_COMPRESS_XZ */
468
469 /* direct firmware loading support */
470 static char fw_path_para[256];
471 static const char * const fw_path[] = {
472 fw_path_para,
473 "/lib/firmware/updates/" UTS_RELEASE,
474 "/lib/firmware/updates",
475 "/lib/firmware/" UTS_RELEASE,
476 "/lib/firmware"
477 };
478
479 /*
480 * Typical usage is that passing 'firmware_class.path=$CUSTOMIZED_PATH'
481 * from kernel command line because firmware_class is generally built in
482 * kernel instead of module.
483 */
484 module_param_string(path, fw_path_para, sizeof(fw_path_para), 0644);
485 MODULE_PARM_DESC(path, "customized firmware image search path with a higher priority than default path");
486
487 static int
fw_get_filesystem_firmware(struct device * device,struct fw_priv * fw_priv,const char * suffix,int (* decompress)(struct device * dev,struct fw_priv * fw_priv,size_t in_size,const void * in_buffer))488 fw_get_filesystem_firmware(struct device *device, struct fw_priv *fw_priv,
489 const char *suffix,
490 int (*decompress)(struct device *dev,
491 struct fw_priv *fw_priv,
492 size_t in_size,
493 const void *in_buffer))
494 {
495 size_t size;
496 int i, len, maxlen = 0;
497 int rc = -ENOENT;
498 char *path, *nt = NULL;
499 size_t msize = INT_MAX;
500 void *buffer = NULL;
501
502 /* Already populated data member means we're loading into a buffer */
503 if (!decompress && fw_priv->data) {
504 buffer = fw_priv->data;
505 msize = fw_priv->allocated_size;
506 }
507
508 path = __getname();
509 if (!path)
510 return -ENOMEM;
511
512 wait_for_initramfs();
513 for (i = 0; i < ARRAY_SIZE(fw_path); i++) {
514 size_t file_size = 0;
515 size_t *file_size_ptr = NULL;
516
517 /* skip the unset customized path */
518 if (!fw_path[i][0])
519 continue;
520
521 /* strip off \n from customized path */
522 maxlen = strlen(fw_path[i]);
523 if (i == 0) {
524 nt = strchr(fw_path[i], '\n');
525 if (nt)
526 maxlen = nt - fw_path[i];
527 }
528
529 len = snprintf(path, PATH_MAX, "%.*s/%s%s",
530 maxlen, fw_path[i],
531 fw_priv->fw_name, suffix);
532 if (len >= PATH_MAX) {
533 rc = -ENAMETOOLONG;
534 break;
535 }
536
537 fw_priv->size = 0;
538
539 /*
540 * The total file size is only examined when doing a partial
541 * read; the "full read" case needs to fail if the whole
542 * firmware was not completely loaded.
543 */
544 if ((fw_priv->opt_flags & FW_OPT_PARTIAL) && buffer)
545 file_size_ptr = &file_size;
546
547 /* load firmware files from the mount namespace of init */
548 rc = kernel_read_file_from_path_initns(path, fw_priv->offset,
549 &buffer, msize,
550 file_size_ptr,
551 READING_FIRMWARE);
552 if (rc < 0) {
553 if (rc != -ENOENT)
554 dev_warn(device, "loading %s failed with error %d\n",
555 path, rc);
556 else
557 dev_dbg(device, "loading %s failed for no such file or directory.\n",
558 path);
559 continue;
560 }
561 size = rc;
562 rc = 0;
563
564 dev_dbg(device, "Loading firmware from %s\n", path);
565 if (decompress) {
566 dev_dbg(device, "f/w decompressing %s\n",
567 fw_priv->fw_name);
568 rc = decompress(device, fw_priv, size, buffer);
569 /* discard the superfluous original content */
570 vfree(buffer);
571 buffer = NULL;
572 if (rc) {
573 fw_free_paged_buf(fw_priv);
574 continue;
575 }
576 } else {
577 dev_dbg(device, "direct-loading %s\n",
578 fw_priv->fw_name);
579 if (!fw_priv->data)
580 fw_priv->data = buffer;
581 fw_priv->size = size;
582 }
583 fw_state_done(fw_priv);
584 break;
585 }
586 __putname(path);
587
588 return rc;
589 }
590
591 /* firmware holds the ownership of pages */
firmware_free_data(const struct firmware * fw)592 static void firmware_free_data(const struct firmware *fw)
593 {
594 /* Loaded directly? */
595 if (!fw->priv) {
596 vfree(fw->data);
597 return;
598 }
599 free_fw_priv(fw->priv);
600 }
601
602 /* store the pages buffer info firmware from buf */
fw_set_page_data(struct fw_priv * fw_priv,struct firmware * fw)603 static void fw_set_page_data(struct fw_priv *fw_priv, struct firmware *fw)
604 {
605 fw->priv = fw_priv;
606 fw->size = fw_priv->size;
607 fw->data = fw_priv->data;
608
609 pr_debug("%s: fw-%s fw_priv=%p data=%p size=%u\n",
610 __func__, fw_priv->fw_name, fw_priv, fw_priv->data,
611 (unsigned int)fw_priv->size);
612 }
613
614 #ifdef CONFIG_FW_CACHE
fw_name_devm_release(struct device * dev,void * res)615 static void fw_name_devm_release(struct device *dev, void *res)
616 {
617 struct fw_name_devm *fwn = res;
618
619 if (fwn->magic == (unsigned long)&fw_cache)
620 pr_debug("%s: fw_name-%s devm-%p released\n",
621 __func__, fwn->name, res);
622 kfree_const(fwn->name);
623 }
624
fw_devm_match(struct device * dev,void * res,void * match_data)625 static int fw_devm_match(struct device *dev, void *res,
626 void *match_data)
627 {
628 struct fw_name_devm *fwn = res;
629
630 return (fwn->magic == (unsigned long)&fw_cache) &&
631 !strcmp(fwn->name, match_data);
632 }
633
fw_find_devm_name(struct device * dev,const char * name)634 static struct fw_name_devm *fw_find_devm_name(struct device *dev,
635 const char *name)
636 {
637 struct fw_name_devm *fwn;
638
639 fwn = devres_find(dev, fw_name_devm_release,
640 fw_devm_match, (void *)name);
641 return fwn;
642 }
643
fw_cache_is_setup(struct device * dev,const char * name)644 static bool fw_cache_is_setup(struct device *dev, const char *name)
645 {
646 struct fw_name_devm *fwn;
647
648 fwn = fw_find_devm_name(dev, name);
649 if (fwn)
650 return true;
651
652 return false;
653 }
654
655 /* add firmware name into devres list */
fw_add_devm_name(struct device * dev,const char * name)656 static int fw_add_devm_name(struct device *dev, const char *name)
657 {
658 struct fw_name_devm *fwn;
659
660 if (fw_cache_is_setup(dev, name))
661 return 0;
662
663 fwn = devres_alloc(fw_name_devm_release, sizeof(struct fw_name_devm),
664 GFP_KERNEL);
665 if (!fwn)
666 return -ENOMEM;
667 fwn->name = kstrdup_const(name, GFP_KERNEL);
668 if (!fwn->name) {
669 devres_free(fwn);
670 return -ENOMEM;
671 }
672
673 fwn->magic = (unsigned long)&fw_cache;
674 devres_add(dev, fwn);
675
676 return 0;
677 }
678 #else
fw_cache_is_setup(struct device * dev,const char * name)679 static bool fw_cache_is_setup(struct device *dev, const char *name)
680 {
681 return false;
682 }
683
fw_add_devm_name(struct device * dev,const char * name)684 static int fw_add_devm_name(struct device *dev, const char *name)
685 {
686 return 0;
687 }
688 #endif
689
assign_fw(struct firmware * fw,struct device * device)690 int assign_fw(struct firmware *fw, struct device *device)
691 {
692 struct fw_priv *fw_priv = fw->priv;
693 int ret;
694
695 mutex_lock(&fw_lock);
696 if (!fw_priv->size || fw_state_is_aborted(fw_priv)) {
697 mutex_unlock(&fw_lock);
698 return -ENOENT;
699 }
700
701 /*
702 * add firmware name into devres list so that we can auto cache
703 * and uncache firmware for device.
704 *
705 * device may has been deleted already, but the problem
706 * should be fixed in devres or driver core.
707 */
708 /* don't cache firmware handled without uevent */
709 if (device && (fw_priv->opt_flags & FW_OPT_UEVENT) &&
710 !(fw_priv->opt_flags & FW_OPT_NOCACHE)) {
711 ret = fw_add_devm_name(device, fw_priv->fw_name);
712 if (ret) {
713 mutex_unlock(&fw_lock);
714 return ret;
715 }
716 }
717
718 /*
719 * After caching firmware image is started, let it piggyback
720 * on request firmware.
721 */
722 if (!(fw_priv->opt_flags & FW_OPT_NOCACHE) &&
723 fw_priv->fwc->state == FW_LOADER_START_CACHE)
724 fw_cache_piggyback_on_request(fw_priv);
725
726 /* pass the pages buffer to driver at the last minute */
727 fw_set_page_data(fw_priv, fw);
728 mutex_unlock(&fw_lock);
729 return 0;
730 }
731
732 /* prepare firmware and firmware_buf structs;
733 * return 0 if a firmware is already assigned, 1 if need to load one,
734 * or a negative error code
735 */
736 static int
_request_firmware_prepare(struct firmware ** firmware_p,const char * name,struct device * device,void * dbuf,size_t size,size_t offset,u32 opt_flags)737 _request_firmware_prepare(struct firmware **firmware_p, const char *name,
738 struct device *device, void *dbuf, size_t size,
739 size_t offset, u32 opt_flags)
740 {
741 struct firmware *firmware;
742 struct fw_priv *fw_priv;
743 int ret;
744
745 *firmware_p = firmware = kzalloc(sizeof(*firmware), GFP_KERNEL);
746 if (!firmware) {
747 dev_err(device, "%s: kmalloc(struct firmware) failed\n",
748 __func__);
749 return -ENOMEM;
750 }
751
752 if (firmware_request_builtin_buf(firmware, name, dbuf, size)) {
753 dev_dbg(device, "using built-in %s\n", name);
754 return 0; /* assigned */
755 }
756
757 ret = alloc_lookup_fw_priv(name, &fw_cache, &fw_priv, dbuf, size,
758 offset, opt_flags);
759
760 /*
761 * bind with 'priv' now to avoid warning in failure path
762 * of requesting firmware.
763 */
764 firmware->priv = fw_priv;
765
766 if (ret > 0) {
767 ret = fw_state_wait(fw_priv);
768 if (!ret) {
769 fw_set_page_data(fw_priv, firmware);
770 return 0; /* assigned */
771 }
772 }
773
774 if (ret < 0)
775 return ret;
776 return 1; /* need to load */
777 }
778
779 /*
780 * Batched requests need only one wake, we need to do this step last due to the
781 * fallback mechanism. The buf is protected with kref_get(), and it won't be
782 * released until the last user calls release_firmware().
783 *
784 * Failed batched requests are possible as well, in such cases we just share
785 * the struct fw_priv and won't release it until all requests are woken
786 * and have gone through this same path.
787 */
fw_abort_batch_reqs(struct firmware * fw)788 static void fw_abort_batch_reqs(struct firmware *fw)
789 {
790 struct fw_priv *fw_priv;
791
792 /* Loaded directly? */
793 if (!fw || !fw->priv)
794 return;
795
796 fw_priv = fw->priv;
797 mutex_lock(&fw_lock);
798 if (!fw_state_is_aborted(fw_priv))
799 fw_state_aborted(fw_priv);
800 mutex_unlock(&fw_lock);
801 }
802
803 #if defined(CONFIG_FW_LOADER_DEBUG)
804 #include <crypto/hash.h>
805 #include <crypto/sha2.h>
806
fw_log_firmware_info(const struct firmware * fw,const char * name,struct device * device)807 static void fw_log_firmware_info(const struct firmware *fw, const char *name, struct device *device)
808 {
809 struct shash_desc *shash;
810 struct crypto_shash *alg;
811 u8 *sha256buf;
812 char *outbuf;
813
814 alg = crypto_alloc_shash("sha256", 0, 0);
815 if (IS_ERR(alg))
816 return;
817
818 sha256buf = kmalloc(SHA256_DIGEST_SIZE, GFP_KERNEL);
819 outbuf = kmalloc(SHA256_BLOCK_SIZE + 1, GFP_KERNEL);
820 shash = kmalloc(sizeof(*shash) + crypto_shash_descsize(alg), GFP_KERNEL);
821 if (!sha256buf || !outbuf || !shash)
822 goto out_free;
823
824 shash->tfm = alg;
825
826 if (crypto_shash_digest(shash, fw->data, fw->size, sha256buf) < 0)
827 goto out_shash;
828
829 for (int i = 0; i < SHA256_DIGEST_SIZE; i++)
830 sprintf(&outbuf[i * 2], "%02x", sha256buf[i]);
831 outbuf[SHA256_BLOCK_SIZE] = 0;
832 dev_dbg(device, "Loaded FW: %s, sha256: %s\n", name, outbuf);
833
834 out_shash:
835 crypto_free_shash(alg);
836 out_free:
837 kfree(shash);
838 kfree(outbuf);
839 kfree(sha256buf);
840 }
841 #else
fw_log_firmware_info(const struct firmware * fw,const char * name,struct device * device)842 static void fw_log_firmware_info(const struct firmware *fw, const char *name,
843 struct device *device)
844 {}
845 #endif
846
847 /*
848 * Reject firmware file names with ".." path components.
849 * There are drivers that construct firmware file names from device-supplied
850 * strings, and we don't want some device to be able to tell us "I would like to
851 * be sent my firmware from ../../../etc/shadow, please".
852 *
853 * Search for ".." surrounded by either '/' or start/end of string.
854 *
855 * This intentionally only looks at the firmware name, not at the firmware base
856 * directory or at symlink contents.
857 */
name_contains_dotdot(const char * name)858 static bool name_contains_dotdot(const char *name)
859 {
860 size_t name_len = strlen(name);
861
862 return strcmp(name, "..") == 0 || strncmp(name, "../", 3) == 0 ||
863 strstr(name, "/../") != NULL ||
864 (name_len >= 3 && strcmp(name+name_len-3, "/..") == 0);
865 }
866
867 /* called from request_firmware() and request_firmware_work_func() */
868 static int
_request_firmware(const struct firmware ** firmware_p,const char * name,struct device * device,void * buf,size_t size,size_t offset,u32 opt_flags)869 _request_firmware(const struct firmware **firmware_p, const char *name,
870 struct device *device, void *buf, size_t size,
871 size_t offset, u32 opt_flags)
872 {
873 struct firmware *fw = NULL;
874 struct cred *kern_cred = NULL;
875 const struct cred *old_cred;
876 bool nondirect = false;
877 int ret;
878
879 if (!firmware_p)
880 return -EINVAL;
881
882 if (!name || name[0] == '\0') {
883 ret = -EINVAL;
884 goto out;
885 }
886
887 if (name_contains_dotdot(name)) {
888 dev_warn(device,
889 "Firmware load for '%s' refused, path contains '..' component\n",
890 name);
891 ret = -EINVAL;
892 goto out;
893 }
894
895 ret = _request_firmware_prepare(&fw, name, device, buf, size,
896 offset, opt_flags);
897 if (ret <= 0) /* error or already assigned */
898 goto out;
899
900 /*
901 * We are about to try to access the firmware file. Because we may have been
902 * called by a driver when serving an unrelated request from userland, we use
903 * the kernel credentials to read the file.
904 */
905 kern_cred = prepare_kernel_cred(&init_task);
906 if (!kern_cred) {
907 ret = -ENOMEM;
908 goto out;
909 }
910 old_cred = override_creds(kern_cred);
911
912 ret = fw_get_filesystem_firmware(device, fw->priv, "", NULL);
913
914 /* Only full reads can support decompression, platform, and sysfs. */
915 if (!(opt_flags & FW_OPT_PARTIAL))
916 nondirect = true;
917
918 #ifdef CONFIG_FW_LOADER_COMPRESS_ZSTD
919 if (ret == -ENOENT && nondirect)
920 ret = fw_get_filesystem_firmware(device, fw->priv, ".zst",
921 fw_decompress_zstd);
922 #endif
923 #ifdef CONFIG_FW_LOADER_COMPRESS_XZ
924 if (ret == -ENOENT && nondirect)
925 ret = fw_get_filesystem_firmware(device, fw->priv, ".xz",
926 fw_decompress_xz);
927 #endif
928 if (ret == -ENOENT && nondirect)
929 ret = firmware_fallback_platform(fw->priv);
930
931 if (ret) {
932 if (!(opt_flags & FW_OPT_NO_WARN))
933 dev_warn(device,
934 "Direct firmware load for %s failed with error %d\n",
935 name, ret);
936 if (nondirect)
937 ret = firmware_fallback_sysfs(fw, name, device,
938 opt_flags, ret);
939 } else
940 ret = assign_fw(fw, device);
941
942 revert_creds(old_cred);
943 put_cred(kern_cred);
944
945 out:
946 if (ret < 0) {
947 fw_abort_batch_reqs(fw);
948 release_firmware(fw);
949 fw = NULL;
950 } else {
951 fw_log_firmware_info(fw, name, device);
952 }
953
954 *firmware_p = fw;
955 return ret;
956 }
957
958 /**
959 * request_firmware() - send firmware request and wait for it
960 * @firmware_p: pointer to firmware image
961 * @name: name of firmware file
962 * @device: device for which firmware is being loaded
963 *
964 * @firmware_p will be used to return a firmware image by the name
965 * of @name for device @device.
966 *
967 * Should be called from user context where sleeping is allowed.
968 *
969 * @name will be used as $FIRMWARE in the uevent environment and
970 * should be distinctive enough not to be confused with any other
971 * firmware image for this or any other device.
972 * It must not contain any ".." path components - "foo/bar..bin" is
973 * allowed, but "foo/../bar.bin" is not.
974 *
975 * Caller must hold the reference count of @device.
976 *
977 * The function can be called safely inside device's suspend and
978 * resume callback.
979 **/
980 int
request_firmware(const struct firmware ** firmware_p,const char * name,struct device * device)981 request_firmware(const struct firmware **firmware_p, const char *name,
982 struct device *device)
983 {
984 int ret;
985
986 /* Need to pin this module until return */
987 __module_get(THIS_MODULE);
988 ret = _request_firmware(firmware_p, name, device, NULL, 0, 0,
989 FW_OPT_UEVENT);
990 module_put(THIS_MODULE);
991 return ret;
992 }
993 EXPORT_SYMBOL(request_firmware);
994
995 /**
996 * firmware_request_nowarn() - request for an optional fw module
997 * @firmware: pointer to firmware image
998 * @name: name of firmware file
999 * @device: device for which firmware is being loaded
1000 *
1001 * This function is similar in behaviour to request_firmware(), except it
1002 * doesn't produce warning messages when the file is not found. The sysfs
1003 * fallback mechanism is enabled if direct filesystem lookup fails. However,
1004 * failures to find the firmware file with it are still suppressed. It is
1005 * therefore up to the driver to check for the return value of this call and to
1006 * decide when to inform the users of errors.
1007 **/
firmware_request_nowarn(const struct firmware ** firmware,const char * name,struct device * device)1008 int firmware_request_nowarn(const struct firmware **firmware, const char *name,
1009 struct device *device)
1010 {
1011 int ret;
1012
1013 /* Need to pin this module until return */
1014 __module_get(THIS_MODULE);
1015 ret = _request_firmware(firmware, name, device, NULL, 0, 0,
1016 FW_OPT_UEVENT | FW_OPT_NO_WARN);
1017 module_put(THIS_MODULE);
1018 return ret;
1019 }
1020 EXPORT_SYMBOL_GPL(firmware_request_nowarn);
1021
1022 /**
1023 * request_firmware_direct() - load firmware directly without usermode helper
1024 * @firmware_p: pointer to firmware image
1025 * @name: name of firmware file
1026 * @device: device for which firmware is being loaded
1027 *
1028 * This function works pretty much like request_firmware(), but this doesn't
1029 * fall back to usermode helper even if the firmware couldn't be loaded
1030 * directly from fs. Hence it's useful for loading optional firmwares, which
1031 * aren't always present, without extra long timeouts of udev.
1032 **/
request_firmware_direct(const struct firmware ** firmware_p,const char * name,struct device * device)1033 int request_firmware_direct(const struct firmware **firmware_p,
1034 const char *name, struct device *device)
1035 {
1036 int ret;
1037
1038 __module_get(THIS_MODULE);
1039 ret = _request_firmware(firmware_p, name, device, NULL, 0, 0,
1040 FW_OPT_UEVENT | FW_OPT_NO_WARN |
1041 FW_OPT_NOFALLBACK_SYSFS);
1042 module_put(THIS_MODULE);
1043 return ret;
1044 }
1045 EXPORT_SYMBOL_GPL(request_firmware_direct);
1046
1047 /**
1048 * firmware_request_platform() - request firmware with platform-fw fallback
1049 * @firmware: pointer to firmware image
1050 * @name: name of firmware file
1051 * @device: device for which firmware is being loaded
1052 *
1053 * This function is similar in behaviour to request_firmware, except that if
1054 * direct filesystem lookup fails, it will fallback to looking for a copy of the
1055 * requested firmware embedded in the platform's main (e.g. UEFI) firmware.
1056 **/
firmware_request_platform(const struct firmware ** firmware,const char * name,struct device * device)1057 int firmware_request_platform(const struct firmware **firmware,
1058 const char *name, struct device *device)
1059 {
1060 int ret;
1061
1062 /* Need to pin this module until return */
1063 __module_get(THIS_MODULE);
1064 ret = _request_firmware(firmware, name, device, NULL, 0, 0,
1065 FW_OPT_UEVENT | FW_OPT_FALLBACK_PLATFORM);
1066 module_put(THIS_MODULE);
1067 return ret;
1068 }
1069 EXPORT_SYMBOL_GPL(firmware_request_platform);
1070
1071 /**
1072 * firmware_request_cache() - cache firmware for suspend so resume can use it
1073 * @name: name of firmware file
1074 * @device: device for which firmware should be cached for
1075 *
1076 * There are some devices with an optimization that enables the device to not
1077 * require loading firmware on system reboot. This optimization may still
1078 * require the firmware present on resume from suspend. This routine can be
1079 * used to ensure the firmware is present on resume from suspend in these
1080 * situations. This helper is not compatible with drivers which use
1081 * request_firmware_into_buf() or request_firmware_nowait() with no uevent set.
1082 **/
firmware_request_cache(struct device * device,const char * name)1083 int firmware_request_cache(struct device *device, const char *name)
1084 {
1085 int ret;
1086
1087 mutex_lock(&fw_lock);
1088 ret = fw_add_devm_name(device, name);
1089 mutex_unlock(&fw_lock);
1090
1091 return ret;
1092 }
1093 EXPORT_SYMBOL_GPL(firmware_request_cache);
1094
1095 /**
1096 * request_firmware_into_buf() - load firmware into a previously allocated buffer
1097 * @firmware_p: pointer to firmware image
1098 * @name: name of firmware file
1099 * @device: device for which firmware is being loaded and DMA region allocated
1100 * @buf: address of buffer to load firmware into
1101 * @size: size of buffer
1102 *
1103 * This function works pretty much like request_firmware(), but it doesn't
1104 * allocate a buffer to hold the firmware data. Instead, the firmware
1105 * is loaded directly into the buffer pointed to by @buf and the @firmware_p
1106 * data member is pointed at @buf.
1107 *
1108 * This function doesn't cache firmware either.
1109 */
1110 int
request_firmware_into_buf(const struct firmware ** firmware_p,const char * name,struct device * device,void * buf,size_t size)1111 request_firmware_into_buf(const struct firmware **firmware_p, const char *name,
1112 struct device *device, void *buf, size_t size)
1113 {
1114 int ret;
1115
1116 if (fw_cache_is_setup(device, name))
1117 return -EOPNOTSUPP;
1118
1119 __module_get(THIS_MODULE);
1120 ret = _request_firmware(firmware_p, name, device, buf, size, 0,
1121 FW_OPT_UEVENT | FW_OPT_NOCACHE);
1122 module_put(THIS_MODULE);
1123 return ret;
1124 }
1125 EXPORT_SYMBOL(request_firmware_into_buf);
1126
1127 /**
1128 * request_partial_firmware_into_buf() - load partial firmware into a previously allocated buffer
1129 * @firmware_p: pointer to firmware image
1130 * @name: name of firmware file
1131 * @device: device for which firmware is being loaded and DMA region allocated
1132 * @buf: address of buffer to load firmware into
1133 * @size: size of buffer
1134 * @offset: offset into file to read
1135 *
1136 * This function works pretty much like request_firmware_into_buf except
1137 * it allows a partial read of the file.
1138 */
1139 int
request_partial_firmware_into_buf(const struct firmware ** firmware_p,const char * name,struct device * device,void * buf,size_t size,size_t offset)1140 request_partial_firmware_into_buf(const struct firmware **firmware_p,
1141 const char *name, struct device *device,
1142 void *buf, size_t size, size_t offset)
1143 {
1144 int ret;
1145
1146 if (fw_cache_is_setup(device, name))
1147 return -EOPNOTSUPP;
1148
1149 __module_get(THIS_MODULE);
1150 ret = _request_firmware(firmware_p, name, device, buf, size, offset,
1151 FW_OPT_UEVENT | FW_OPT_NOCACHE |
1152 FW_OPT_PARTIAL);
1153 module_put(THIS_MODULE);
1154 return ret;
1155 }
1156 EXPORT_SYMBOL(request_partial_firmware_into_buf);
1157
1158 /**
1159 * release_firmware() - release the resource associated with a firmware image
1160 * @fw: firmware resource to release
1161 **/
release_firmware(const struct firmware * fw)1162 void release_firmware(const struct firmware *fw)
1163 {
1164 if (fw) {
1165 if (!firmware_is_builtin(fw))
1166 firmware_free_data(fw);
1167 kfree(fw);
1168 }
1169 }
1170 EXPORT_SYMBOL(release_firmware);
1171
1172 /* Async support */
1173 struct firmware_work {
1174 struct work_struct work;
1175 struct module *module;
1176 const char *name;
1177 struct device *device;
1178 void *context;
1179 void (*cont)(const struct firmware *fw, void *context);
1180 u32 opt_flags;
1181 };
1182
request_firmware_work_func(struct work_struct * work)1183 static void request_firmware_work_func(struct work_struct *work)
1184 {
1185 struct firmware_work *fw_work;
1186 const struct firmware *fw;
1187
1188 fw_work = container_of(work, struct firmware_work, work);
1189
1190 _request_firmware(&fw, fw_work->name, fw_work->device, NULL, 0, 0,
1191 fw_work->opt_flags);
1192 fw_work->cont(fw, fw_work->context);
1193 put_device(fw_work->device); /* taken in request_firmware_nowait() */
1194
1195 module_put(fw_work->module);
1196 kfree_const(fw_work->name);
1197 kfree(fw_work);
1198 }
1199
1200 /**
1201 * request_firmware_nowait() - asynchronous version of request_firmware
1202 * @module: module requesting the firmware
1203 * @uevent: sends uevent to copy the firmware image if this flag
1204 * is non-zero else the firmware copy must be done manually.
1205 * @name: name of firmware file
1206 * @device: device for which firmware is being loaded
1207 * @gfp: allocation flags
1208 * @context: will be passed over to @cont, and
1209 * @fw may be %NULL if firmware request fails.
1210 * @cont: function will be called asynchronously when the firmware
1211 * request is over.
1212 *
1213 * Caller must hold the reference count of @device.
1214 *
1215 * Asynchronous variant of request_firmware() for user contexts:
1216 * - sleep for as small periods as possible since it may
1217 * increase kernel boot time of built-in device drivers
1218 * requesting firmware in their ->probe() methods, if
1219 * @gfp is GFP_KERNEL.
1220 *
1221 * - can't sleep at all if @gfp is GFP_ATOMIC.
1222 **/
1223 int
request_firmware_nowait(struct module * module,bool uevent,const char * name,struct device * device,gfp_t gfp,void * context,void (* cont)(const struct firmware * fw,void * context))1224 request_firmware_nowait(
1225 struct module *module, bool uevent,
1226 const char *name, struct device *device, gfp_t gfp, void *context,
1227 void (*cont)(const struct firmware *fw, void *context))
1228 {
1229 struct firmware_work *fw_work;
1230
1231 fw_work = kzalloc(sizeof(struct firmware_work), gfp);
1232 if (!fw_work)
1233 return -ENOMEM;
1234
1235 fw_work->module = module;
1236 fw_work->name = kstrdup_const(name, gfp);
1237 if (!fw_work->name) {
1238 kfree(fw_work);
1239 return -ENOMEM;
1240 }
1241 fw_work->device = device;
1242 fw_work->context = context;
1243 fw_work->cont = cont;
1244 fw_work->opt_flags = FW_OPT_NOWAIT |
1245 (uevent ? FW_OPT_UEVENT : FW_OPT_USERHELPER);
1246
1247 if (!uevent && fw_cache_is_setup(device, name)) {
1248 kfree_const(fw_work->name);
1249 kfree(fw_work);
1250 return -EOPNOTSUPP;
1251 }
1252
1253 if (!try_module_get(module)) {
1254 kfree_const(fw_work->name);
1255 kfree(fw_work);
1256 return -EFAULT;
1257 }
1258
1259 get_device(fw_work->device);
1260 INIT_WORK(&fw_work->work, request_firmware_work_func);
1261 schedule_work(&fw_work->work);
1262 return 0;
1263 }
1264 EXPORT_SYMBOL(request_firmware_nowait);
1265
1266 #ifdef CONFIG_FW_CACHE
1267 static ASYNC_DOMAIN_EXCLUSIVE(fw_cache_domain);
1268
1269 /**
1270 * cache_firmware() - cache one firmware image in kernel memory space
1271 * @fw_name: the firmware image name
1272 *
1273 * Cache firmware in kernel memory so that drivers can use it when
1274 * system isn't ready for them to request firmware image from userspace.
1275 * Once it returns successfully, driver can use request_firmware or its
1276 * nowait version to get the cached firmware without any interacting
1277 * with userspace
1278 *
1279 * Return 0 if the firmware image has been cached successfully
1280 * Return !0 otherwise
1281 *
1282 */
cache_firmware(const char * fw_name)1283 static int cache_firmware(const char *fw_name)
1284 {
1285 int ret;
1286 const struct firmware *fw;
1287
1288 pr_debug("%s: %s\n", __func__, fw_name);
1289
1290 ret = request_firmware(&fw, fw_name, NULL);
1291 if (!ret)
1292 kfree(fw);
1293
1294 pr_debug("%s: %s ret=%d\n", __func__, fw_name, ret);
1295
1296 return ret;
1297 }
1298
lookup_fw_priv(const char * fw_name)1299 static struct fw_priv *lookup_fw_priv(const char *fw_name)
1300 {
1301 struct fw_priv *tmp;
1302 struct firmware_cache *fwc = &fw_cache;
1303
1304 spin_lock(&fwc->lock);
1305 tmp = __lookup_fw_priv(fw_name);
1306 spin_unlock(&fwc->lock);
1307
1308 return tmp;
1309 }
1310
1311 /**
1312 * uncache_firmware() - remove one cached firmware image
1313 * @fw_name: the firmware image name
1314 *
1315 * Uncache one firmware image which has been cached successfully
1316 * before.
1317 *
1318 * Return 0 if the firmware cache has been removed successfully
1319 * Return !0 otherwise
1320 *
1321 */
uncache_firmware(const char * fw_name)1322 static int uncache_firmware(const char *fw_name)
1323 {
1324 struct fw_priv *fw_priv;
1325 struct firmware fw;
1326
1327 pr_debug("%s: %s\n", __func__, fw_name);
1328
1329 if (firmware_request_builtin(&fw, fw_name))
1330 return 0;
1331
1332 fw_priv = lookup_fw_priv(fw_name);
1333 if (fw_priv) {
1334 free_fw_priv(fw_priv);
1335 return 0;
1336 }
1337
1338 return -EINVAL;
1339 }
1340
alloc_fw_cache_entry(const char * name)1341 static struct fw_cache_entry *alloc_fw_cache_entry(const char *name)
1342 {
1343 struct fw_cache_entry *fce;
1344
1345 fce = kzalloc(sizeof(*fce), GFP_ATOMIC);
1346 if (!fce)
1347 goto exit;
1348
1349 fce->name = kstrdup_const(name, GFP_ATOMIC);
1350 if (!fce->name) {
1351 kfree(fce);
1352 fce = NULL;
1353 goto exit;
1354 }
1355 exit:
1356 return fce;
1357 }
1358
__fw_entry_found(const char * name)1359 static int __fw_entry_found(const char *name)
1360 {
1361 struct firmware_cache *fwc = &fw_cache;
1362 struct fw_cache_entry *fce;
1363
1364 list_for_each_entry(fce, &fwc->fw_names, list) {
1365 if (!strcmp(fce->name, name))
1366 return 1;
1367 }
1368 return 0;
1369 }
1370
fw_cache_piggyback_on_request(struct fw_priv * fw_priv)1371 static void fw_cache_piggyback_on_request(struct fw_priv *fw_priv)
1372 {
1373 const char *name = fw_priv->fw_name;
1374 struct firmware_cache *fwc = fw_priv->fwc;
1375 struct fw_cache_entry *fce;
1376
1377 spin_lock(&fwc->name_lock);
1378 if (__fw_entry_found(name))
1379 goto found;
1380
1381 fce = alloc_fw_cache_entry(name);
1382 if (fce) {
1383 list_add(&fce->list, &fwc->fw_names);
1384 kref_get(&fw_priv->ref);
1385 pr_debug("%s: fw: %s\n", __func__, name);
1386 }
1387 found:
1388 spin_unlock(&fwc->name_lock);
1389 }
1390
free_fw_cache_entry(struct fw_cache_entry * fce)1391 static void free_fw_cache_entry(struct fw_cache_entry *fce)
1392 {
1393 kfree_const(fce->name);
1394 kfree(fce);
1395 }
1396
__async_dev_cache_fw_image(void * fw_entry,async_cookie_t cookie)1397 static void __async_dev_cache_fw_image(void *fw_entry,
1398 async_cookie_t cookie)
1399 {
1400 struct fw_cache_entry *fce = fw_entry;
1401 struct firmware_cache *fwc = &fw_cache;
1402 int ret;
1403
1404 ret = cache_firmware(fce->name);
1405 if (ret) {
1406 spin_lock(&fwc->name_lock);
1407 list_del(&fce->list);
1408 spin_unlock(&fwc->name_lock);
1409
1410 free_fw_cache_entry(fce);
1411 }
1412 }
1413
1414 /* called with dev->devres_lock held */
dev_create_fw_entry(struct device * dev,void * res,void * data)1415 static void dev_create_fw_entry(struct device *dev, void *res,
1416 void *data)
1417 {
1418 struct fw_name_devm *fwn = res;
1419 const char *fw_name = fwn->name;
1420 struct list_head *head = data;
1421 struct fw_cache_entry *fce;
1422
1423 fce = alloc_fw_cache_entry(fw_name);
1424 if (fce)
1425 list_add(&fce->list, head);
1426 }
1427
devm_name_match(struct device * dev,void * res,void * match_data)1428 static int devm_name_match(struct device *dev, void *res,
1429 void *match_data)
1430 {
1431 struct fw_name_devm *fwn = res;
1432 return (fwn->magic == (unsigned long)match_data);
1433 }
1434
dev_cache_fw_image(struct device * dev,void * data)1435 static void dev_cache_fw_image(struct device *dev, void *data)
1436 {
1437 LIST_HEAD(todo);
1438 struct fw_cache_entry *fce;
1439 struct fw_cache_entry *fce_next;
1440 struct firmware_cache *fwc = &fw_cache;
1441
1442 devres_for_each_res(dev, fw_name_devm_release,
1443 devm_name_match, &fw_cache,
1444 dev_create_fw_entry, &todo);
1445
1446 list_for_each_entry_safe(fce, fce_next, &todo, list) {
1447 list_del(&fce->list);
1448
1449 spin_lock(&fwc->name_lock);
1450 /* only one cache entry for one firmware */
1451 if (!__fw_entry_found(fce->name)) {
1452 list_add(&fce->list, &fwc->fw_names);
1453 } else {
1454 free_fw_cache_entry(fce);
1455 fce = NULL;
1456 }
1457 spin_unlock(&fwc->name_lock);
1458
1459 if (fce)
1460 async_schedule_domain(__async_dev_cache_fw_image,
1461 (void *)fce,
1462 &fw_cache_domain);
1463 }
1464 }
1465
__device_uncache_fw_images(void)1466 static void __device_uncache_fw_images(void)
1467 {
1468 struct firmware_cache *fwc = &fw_cache;
1469 struct fw_cache_entry *fce;
1470
1471 spin_lock(&fwc->name_lock);
1472 while (!list_empty(&fwc->fw_names)) {
1473 fce = list_entry(fwc->fw_names.next,
1474 struct fw_cache_entry, list);
1475 list_del(&fce->list);
1476 spin_unlock(&fwc->name_lock);
1477
1478 uncache_firmware(fce->name);
1479 free_fw_cache_entry(fce);
1480
1481 spin_lock(&fwc->name_lock);
1482 }
1483 spin_unlock(&fwc->name_lock);
1484 }
1485
1486 /**
1487 * device_cache_fw_images() - cache devices' firmware
1488 *
1489 * If one device called request_firmware or its nowait version
1490 * successfully before, the firmware names are recored into the
1491 * device's devres link list, so device_cache_fw_images can call
1492 * cache_firmware() to cache these firmwares for the device,
1493 * then the device driver can load its firmwares easily at
1494 * time when system is not ready to complete loading firmware.
1495 */
device_cache_fw_images(void)1496 static void device_cache_fw_images(void)
1497 {
1498 struct firmware_cache *fwc = &fw_cache;
1499 DEFINE_WAIT(wait);
1500
1501 pr_debug("%s\n", __func__);
1502
1503 /* cancel uncache work */
1504 cancel_delayed_work_sync(&fwc->work);
1505
1506 fw_fallback_set_cache_timeout();
1507
1508 mutex_lock(&fw_lock);
1509 fwc->state = FW_LOADER_START_CACHE;
1510 dpm_for_each_dev(NULL, dev_cache_fw_image);
1511 mutex_unlock(&fw_lock);
1512
1513 /* wait for completion of caching firmware for all devices */
1514 async_synchronize_full_domain(&fw_cache_domain);
1515
1516 fw_fallback_set_default_timeout();
1517 }
1518
1519 /**
1520 * device_uncache_fw_images() - uncache devices' firmware
1521 *
1522 * uncache all firmwares which have been cached successfully
1523 * by device_uncache_fw_images earlier
1524 */
device_uncache_fw_images(void)1525 static void device_uncache_fw_images(void)
1526 {
1527 pr_debug("%s\n", __func__);
1528 __device_uncache_fw_images();
1529 }
1530
device_uncache_fw_images_work(struct work_struct * work)1531 static void device_uncache_fw_images_work(struct work_struct *work)
1532 {
1533 device_uncache_fw_images();
1534 }
1535
1536 /**
1537 * device_uncache_fw_images_delay() - uncache devices firmwares
1538 * @delay: number of milliseconds to delay uncache device firmwares
1539 *
1540 * uncache all devices's firmwares which has been cached successfully
1541 * by device_cache_fw_images after @delay milliseconds.
1542 */
device_uncache_fw_images_delay(unsigned long delay)1543 static void device_uncache_fw_images_delay(unsigned long delay)
1544 {
1545 queue_delayed_work(system_power_efficient_wq, &fw_cache.work,
1546 msecs_to_jiffies(delay));
1547 }
1548
fw_pm_notify(struct notifier_block * notify_block,unsigned long mode,void * unused)1549 static int fw_pm_notify(struct notifier_block *notify_block,
1550 unsigned long mode, void *unused)
1551 {
1552 switch (mode) {
1553 case PM_HIBERNATION_PREPARE:
1554 case PM_SUSPEND_PREPARE:
1555 case PM_RESTORE_PREPARE:
1556 /*
1557 * kill pending fallback requests with a custom fallback
1558 * to avoid stalling suspend.
1559 */
1560 kill_pending_fw_fallback_reqs(true);
1561 device_cache_fw_images();
1562 break;
1563
1564 case PM_POST_SUSPEND:
1565 case PM_POST_HIBERNATION:
1566 case PM_POST_RESTORE:
1567 /*
1568 * In case that system sleep failed and syscore_suspend is
1569 * not called.
1570 */
1571 mutex_lock(&fw_lock);
1572 fw_cache.state = FW_LOADER_NO_CACHE;
1573 mutex_unlock(&fw_lock);
1574
1575 device_uncache_fw_images_delay(10 * MSEC_PER_SEC);
1576 break;
1577 }
1578
1579 return 0;
1580 }
1581
1582 /* stop caching firmware once syscore_suspend is reached */
fw_suspend(void)1583 static int fw_suspend(void)
1584 {
1585 fw_cache.state = FW_LOADER_NO_CACHE;
1586 return 0;
1587 }
1588
1589 static struct syscore_ops fw_syscore_ops = {
1590 .suspend = fw_suspend,
1591 };
1592
register_fw_pm_ops(void)1593 static int __init register_fw_pm_ops(void)
1594 {
1595 int ret;
1596
1597 spin_lock_init(&fw_cache.name_lock);
1598 INIT_LIST_HEAD(&fw_cache.fw_names);
1599
1600 INIT_DELAYED_WORK(&fw_cache.work,
1601 device_uncache_fw_images_work);
1602
1603 fw_cache.pm_notify.notifier_call = fw_pm_notify;
1604 ret = register_pm_notifier(&fw_cache.pm_notify);
1605 if (ret)
1606 return ret;
1607
1608 register_syscore_ops(&fw_syscore_ops);
1609
1610 return ret;
1611 }
1612
unregister_fw_pm_ops(void)1613 static inline void unregister_fw_pm_ops(void)
1614 {
1615 unregister_syscore_ops(&fw_syscore_ops);
1616 unregister_pm_notifier(&fw_cache.pm_notify);
1617 }
1618 #else
fw_cache_piggyback_on_request(struct fw_priv * fw_priv)1619 static void fw_cache_piggyback_on_request(struct fw_priv *fw_priv)
1620 {
1621 }
register_fw_pm_ops(void)1622 static inline int register_fw_pm_ops(void)
1623 {
1624 return 0;
1625 }
unregister_fw_pm_ops(void)1626 static inline void unregister_fw_pm_ops(void)
1627 {
1628 }
1629 #endif
1630
fw_cache_init(void)1631 static void __init fw_cache_init(void)
1632 {
1633 spin_lock_init(&fw_cache.lock);
1634 INIT_LIST_HEAD(&fw_cache.head);
1635 fw_cache.state = FW_LOADER_NO_CACHE;
1636 }
1637
fw_shutdown_notify(struct notifier_block * unused1,unsigned long unused2,void * unused3)1638 static int fw_shutdown_notify(struct notifier_block *unused1,
1639 unsigned long unused2, void *unused3)
1640 {
1641 /*
1642 * Kill all pending fallback requests to avoid both stalling shutdown,
1643 * and avoid a deadlock with the usermode_lock.
1644 */
1645 kill_pending_fw_fallback_reqs(false);
1646
1647 return NOTIFY_DONE;
1648 }
1649
1650 static struct notifier_block fw_shutdown_nb = {
1651 .notifier_call = fw_shutdown_notify,
1652 };
1653
firmware_class_init(void)1654 static int __init firmware_class_init(void)
1655 {
1656 int ret;
1657
1658 /* No need to unfold these on exit */
1659 fw_cache_init();
1660
1661 ret = register_fw_pm_ops();
1662 if (ret)
1663 return ret;
1664
1665 ret = register_reboot_notifier(&fw_shutdown_nb);
1666 if (ret)
1667 goto out;
1668
1669 return register_sysfs_loader();
1670
1671 out:
1672 unregister_fw_pm_ops();
1673 return ret;
1674 }
1675
firmware_class_exit(void)1676 static void __exit firmware_class_exit(void)
1677 {
1678 unregister_fw_pm_ops();
1679 unregister_reboot_notifier(&fw_shutdown_nb);
1680 unregister_sysfs_loader();
1681 }
1682
1683 fs_initcall(firmware_class_init);
1684 module_exit(firmware_class_exit);
1685