1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * main.c - Multi purpose firmware loading support
4 *
5 * Copyright (c) 2003 Manuel Estrada Sainz
6 *
7 * Please see Documentation/driver-api/firmware/ for more information.
8 *
9 */
10
11 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
12
13 #include <linux/capability.h>
14 #include <linux/device.h>
15 #include <linux/kernel_read_file.h>
16 #include <linux/module.h>
17 #include <linux/init.h>
18 #include <linux/initrd.h>
19 #include <linux/timer.h>
20 #include <linux/vmalloc.h>
21 #include <linux/interrupt.h>
22 #include <linux/bitops.h>
23 #include <linux/mutex.h>
24 #include <linux/workqueue.h>
25 #include <linux/highmem.h>
26 #include <linux/firmware.h>
27 #include <linux/slab.h>
28 #include <linux/sched.h>
29 #include <linux/file.h>
30 #include <linux/list.h>
31 #include <linux/fs.h>
32 #include <linux/async.h>
33 #include <linux/pm.h>
34 #include <linux/suspend.h>
35 #include <linux/syscore_ops.h>
36 #include <linux/reboot.h>
37 #include <linux/security.h>
38 #include <linux/zstd.h>
39 #include <linux/xz.h>
40
41 #include <generated/utsrelease.h>
42
43 #include "../base.h"
44 #include "firmware.h"
45 #include "fallback.h"
46
47 MODULE_AUTHOR("Manuel Estrada Sainz");
48 MODULE_DESCRIPTION("Multi purpose firmware loading support");
49 MODULE_LICENSE("GPL");
50
51 struct firmware_cache {
52 /* firmware_buf instance will be added into the below list */
53 spinlock_t lock;
54 struct list_head head;
55 int state;
56
57 #ifdef CONFIG_FW_CACHE
58 /*
59 * Names of firmware images which have been cached successfully
60 * will be added into the below list so that device uncache
61 * helper can trace which firmware images have been cached
62 * before.
63 */
64 spinlock_t name_lock;
65 struct list_head fw_names;
66
67 struct delayed_work work;
68
69 struct notifier_block pm_notify;
70 #endif
71 };
72
73 struct fw_cache_entry {
74 struct list_head list;
75 const char *name;
76 };
77
78 struct fw_name_devm {
79 unsigned long magic;
80 const char *name;
81 };
82
to_fw_priv(struct kref * ref)83 static inline struct fw_priv *to_fw_priv(struct kref *ref)
84 {
85 return container_of(ref, struct fw_priv, ref);
86 }
87
88 #define FW_LOADER_NO_CACHE 0
89 #define FW_LOADER_START_CACHE 1
90
91 /* fw_lock could be moved to 'struct fw_sysfs' but since it is just
92 * guarding for corner cases a global lock should be OK */
93 DEFINE_MUTEX(fw_lock);
94
95 struct firmware_cache fw_cache;
96
fw_state_init(struct fw_priv * fw_priv)97 void fw_state_init(struct fw_priv *fw_priv)
98 {
99 struct fw_state *fw_st = &fw_priv->fw_st;
100
101 init_completion(&fw_st->completion);
102 fw_st->status = FW_STATUS_UNKNOWN;
103 }
104
fw_state_wait(struct fw_priv * fw_priv)105 static inline int fw_state_wait(struct fw_priv *fw_priv)
106 {
107 return __fw_state_wait_common(fw_priv, MAX_SCHEDULE_TIMEOUT);
108 }
109
110 static void fw_cache_piggyback_on_request(struct fw_priv *fw_priv);
111
__allocate_fw_priv(const char * fw_name,struct firmware_cache * fwc,void * dbuf,size_t size,size_t offset,u32 opt_flags)112 static struct fw_priv *__allocate_fw_priv(const char *fw_name,
113 struct firmware_cache *fwc,
114 void *dbuf,
115 size_t size,
116 size_t offset,
117 u32 opt_flags)
118 {
119 struct fw_priv *fw_priv;
120
121 /* For a partial read, the buffer must be preallocated. */
122 if ((opt_flags & FW_OPT_PARTIAL) && !dbuf)
123 return NULL;
124
125 /* Only partial reads are allowed to use an offset. */
126 if (offset != 0 && !(opt_flags & FW_OPT_PARTIAL))
127 return NULL;
128
129 fw_priv = kzalloc(sizeof(*fw_priv), GFP_ATOMIC);
130 if (!fw_priv)
131 return NULL;
132
133 fw_priv->fw_name = kstrdup_const(fw_name, GFP_ATOMIC);
134 if (!fw_priv->fw_name) {
135 kfree(fw_priv);
136 return NULL;
137 }
138
139 kref_init(&fw_priv->ref);
140 fw_priv->fwc = fwc;
141 fw_priv->data = dbuf;
142 fw_priv->allocated_size = size;
143 fw_priv->offset = offset;
144 fw_priv->opt_flags = opt_flags;
145 fw_state_init(fw_priv);
146 #ifdef CONFIG_FW_LOADER_USER_HELPER
147 INIT_LIST_HEAD(&fw_priv->pending_list);
148 #endif
149
150 pr_debug("%s: fw-%s fw_priv=%p\n", __func__, fw_name, fw_priv);
151
152 return fw_priv;
153 }
154
__lookup_fw_priv(const char * fw_name)155 static struct fw_priv *__lookup_fw_priv(const char *fw_name)
156 {
157 struct fw_priv *tmp;
158 struct firmware_cache *fwc = &fw_cache;
159
160 list_for_each_entry(tmp, &fwc->head, list)
161 if (!strcmp(tmp->fw_name, fw_name))
162 return tmp;
163 return NULL;
164 }
165
166 /* Returns 1 for batching firmware requests with the same name */
alloc_lookup_fw_priv(const char * fw_name,struct firmware_cache * fwc,struct fw_priv ** fw_priv,void * dbuf,size_t size,size_t offset,u32 opt_flags)167 int alloc_lookup_fw_priv(const char *fw_name, struct firmware_cache *fwc,
168 struct fw_priv **fw_priv, void *dbuf, size_t size,
169 size_t offset, u32 opt_flags)
170 {
171 struct fw_priv *tmp;
172
173 spin_lock(&fwc->lock);
174 /*
175 * Do not merge requests that are marked to be non-cached or
176 * are performing partial reads.
177 */
178 if (!(opt_flags & (FW_OPT_NOCACHE | FW_OPT_PARTIAL))) {
179 tmp = __lookup_fw_priv(fw_name);
180 if (tmp) {
181 kref_get(&tmp->ref);
182 spin_unlock(&fwc->lock);
183 *fw_priv = tmp;
184 pr_debug("batched request - sharing the same struct fw_priv and lookup for multiple requests\n");
185 return 1;
186 }
187 }
188
189 tmp = __allocate_fw_priv(fw_name, fwc, dbuf, size, offset, opt_flags);
190 if (tmp) {
191 INIT_LIST_HEAD(&tmp->list);
192 if (!(opt_flags & FW_OPT_NOCACHE))
193 list_add(&tmp->list, &fwc->head);
194 }
195 spin_unlock(&fwc->lock);
196
197 *fw_priv = tmp;
198
199 return tmp ? 0 : -ENOMEM;
200 }
201
__free_fw_priv(struct kref * ref)202 static void __free_fw_priv(struct kref *ref)
203 __releases(&fwc->lock)
204 {
205 struct fw_priv *fw_priv = to_fw_priv(ref);
206 struct firmware_cache *fwc = fw_priv->fwc;
207
208 pr_debug("%s: fw-%s fw_priv=%p data=%p size=%u\n",
209 __func__, fw_priv->fw_name, fw_priv, fw_priv->data,
210 (unsigned int)fw_priv->size);
211
212 list_del(&fw_priv->list);
213 spin_unlock(&fwc->lock);
214
215 if (fw_is_paged_buf(fw_priv))
216 fw_free_paged_buf(fw_priv);
217 else if (!fw_priv->allocated_size)
218 vfree(fw_priv->data);
219
220 kfree_const(fw_priv->fw_name);
221 kfree(fw_priv);
222 }
223
free_fw_priv(struct fw_priv * fw_priv)224 void free_fw_priv(struct fw_priv *fw_priv)
225 {
226 struct firmware_cache *fwc = fw_priv->fwc;
227 spin_lock(&fwc->lock);
228 if (!kref_put(&fw_priv->ref, __free_fw_priv))
229 spin_unlock(&fwc->lock);
230 }
231
232 #ifdef CONFIG_FW_LOADER_PAGED_BUF
fw_is_paged_buf(struct fw_priv * fw_priv)233 bool fw_is_paged_buf(struct fw_priv *fw_priv)
234 {
235 return fw_priv->is_paged_buf;
236 }
237
fw_free_paged_buf(struct fw_priv * fw_priv)238 void fw_free_paged_buf(struct fw_priv *fw_priv)
239 {
240 int i;
241
242 if (!fw_priv->pages)
243 return;
244
245 vunmap(fw_priv->data);
246
247 for (i = 0; i < fw_priv->nr_pages; i++)
248 __free_page(fw_priv->pages[i]);
249 kvfree(fw_priv->pages);
250 fw_priv->pages = NULL;
251 fw_priv->page_array_size = 0;
252 fw_priv->nr_pages = 0;
253 fw_priv->data = NULL;
254 fw_priv->size = 0;
255 }
256
fw_grow_paged_buf(struct fw_priv * fw_priv,int pages_needed)257 int fw_grow_paged_buf(struct fw_priv *fw_priv, int pages_needed)
258 {
259 /* If the array of pages is too small, grow it */
260 if (fw_priv->page_array_size < pages_needed) {
261 int new_array_size = max(pages_needed,
262 fw_priv->page_array_size * 2);
263 struct page **new_pages;
264
265 new_pages = kvmalloc_array(new_array_size, sizeof(void *),
266 GFP_KERNEL);
267 if (!new_pages)
268 return -ENOMEM;
269 memcpy(new_pages, fw_priv->pages,
270 fw_priv->page_array_size * sizeof(void *));
271 memset(&new_pages[fw_priv->page_array_size], 0, sizeof(void *) *
272 (new_array_size - fw_priv->page_array_size));
273 kvfree(fw_priv->pages);
274 fw_priv->pages = new_pages;
275 fw_priv->page_array_size = new_array_size;
276 }
277
278 while (fw_priv->nr_pages < pages_needed) {
279 fw_priv->pages[fw_priv->nr_pages] =
280 alloc_page(GFP_KERNEL | __GFP_HIGHMEM);
281
282 if (!fw_priv->pages[fw_priv->nr_pages])
283 return -ENOMEM;
284 fw_priv->nr_pages++;
285 }
286
287 return 0;
288 }
289
fw_map_paged_buf(struct fw_priv * fw_priv)290 int fw_map_paged_buf(struct fw_priv *fw_priv)
291 {
292 /* one pages buffer should be mapped/unmapped only once */
293 if (!fw_priv->pages)
294 return 0;
295
296 vunmap(fw_priv->data);
297 fw_priv->data = vmap(fw_priv->pages, fw_priv->nr_pages, 0,
298 PAGE_KERNEL_RO);
299 if (!fw_priv->data)
300 return -ENOMEM;
301
302 return 0;
303 }
304 #endif
305
306 /*
307 * ZSTD-compressed firmware support
308 */
309 #ifdef CONFIG_FW_LOADER_COMPRESS_ZSTD
fw_decompress_zstd(struct device * dev,struct fw_priv * fw_priv,size_t in_size,const void * in_buffer)310 static int fw_decompress_zstd(struct device *dev, struct fw_priv *fw_priv,
311 size_t in_size, const void *in_buffer)
312 {
313 size_t len, out_size, workspace_size;
314 void *workspace, *out_buf;
315 zstd_dctx *ctx;
316 int err;
317
318 if (fw_priv->allocated_size) {
319 out_size = fw_priv->allocated_size;
320 out_buf = fw_priv->data;
321 } else {
322 zstd_frame_header params;
323
324 if (zstd_get_frame_header(¶ms, in_buffer, in_size) ||
325 params.frameContentSize == ZSTD_CONTENTSIZE_UNKNOWN) {
326 dev_dbg(dev, "%s: invalid zstd header\n", __func__);
327 return -EINVAL;
328 }
329 out_size = params.frameContentSize;
330 out_buf = vzalloc(out_size);
331 if (!out_buf)
332 return -ENOMEM;
333 }
334
335 workspace_size = zstd_dctx_workspace_bound();
336 workspace = kvzalloc(workspace_size, GFP_KERNEL);
337 if (!workspace) {
338 err = -ENOMEM;
339 goto error;
340 }
341
342 ctx = zstd_init_dctx(workspace, workspace_size);
343 if (!ctx) {
344 dev_dbg(dev, "%s: failed to initialize context\n", __func__);
345 err = -EINVAL;
346 goto error;
347 }
348
349 len = zstd_decompress_dctx(ctx, out_buf, out_size, in_buffer, in_size);
350 if (zstd_is_error(len)) {
351 dev_dbg(dev, "%s: failed to decompress: %d\n", __func__,
352 zstd_get_error_code(len));
353 err = -EINVAL;
354 goto error;
355 }
356
357 if (!fw_priv->allocated_size)
358 fw_priv->data = out_buf;
359 fw_priv->size = len;
360 err = 0;
361
362 error:
363 kvfree(workspace);
364 if (err && !fw_priv->allocated_size)
365 vfree(out_buf);
366 return err;
367 }
368 #endif /* CONFIG_FW_LOADER_COMPRESS_ZSTD */
369
370 /*
371 * XZ-compressed firmware support
372 */
373 #ifdef CONFIG_FW_LOADER_COMPRESS_XZ
374 /* show an error and return the standard error code */
fw_decompress_xz_error(struct device * dev,enum xz_ret xz_ret)375 static int fw_decompress_xz_error(struct device *dev, enum xz_ret xz_ret)
376 {
377 if (xz_ret != XZ_STREAM_END) {
378 dev_warn(dev, "xz decompression failed (xz_ret=%d)\n", xz_ret);
379 return xz_ret == XZ_MEM_ERROR ? -ENOMEM : -EINVAL;
380 }
381 return 0;
382 }
383
384 /* single-shot decompression onto the pre-allocated buffer */
fw_decompress_xz_single(struct device * dev,struct fw_priv * fw_priv,size_t in_size,const void * in_buffer)385 static int fw_decompress_xz_single(struct device *dev, struct fw_priv *fw_priv,
386 size_t in_size, const void *in_buffer)
387 {
388 struct xz_dec *xz_dec;
389 struct xz_buf xz_buf;
390 enum xz_ret xz_ret;
391
392 xz_dec = xz_dec_init(XZ_SINGLE, (u32)-1);
393 if (!xz_dec)
394 return -ENOMEM;
395
396 xz_buf.in_size = in_size;
397 xz_buf.in = in_buffer;
398 xz_buf.in_pos = 0;
399 xz_buf.out_size = fw_priv->allocated_size;
400 xz_buf.out = fw_priv->data;
401 xz_buf.out_pos = 0;
402
403 xz_ret = xz_dec_run(xz_dec, &xz_buf);
404 xz_dec_end(xz_dec);
405
406 fw_priv->size = xz_buf.out_pos;
407 return fw_decompress_xz_error(dev, xz_ret);
408 }
409
410 /* decompression on paged buffer and map it */
fw_decompress_xz_pages(struct device * dev,struct fw_priv * fw_priv,size_t in_size,const void * in_buffer)411 static int fw_decompress_xz_pages(struct device *dev, struct fw_priv *fw_priv,
412 size_t in_size, const void *in_buffer)
413 {
414 struct xz_dec *xz_dec;
415 struct xz_buf xz_buf;
416 enum xz_ret xz_ret;
417 struct page *page;
418 int err = 0;
419
420 xz_dec = xz_dec_init(XZ_DYNALLOC, (u32)-1);
421 if (!xz_dec)
422 return -ENOMEM;
423
424 xz_buf.in_size = in_size;
425 xz_buf.in = in_buffer;
426 xz_buf.in_pos = 0;
427
428 fw_priv->is_paged_buf = true;
429 fw_priv->size = 0;
430 do {
431 if (fw_grow_paged_buf(fw_priv, fw_priv->nr_pages + 1)) {
432 err = -ENOMEM;
433 goto out;
434 }
435
436 /* decompress onto the new allocated page */
437 page = fw_priv->pages[fw_priv->nr_pages - 1];
438 xz_buf.out = kmap_local_page(page);
439 xz_buf.out_pos = 0;
440 xz_buf.out_size = PAGE_SIZE;
441 xz_ret = xz_dec_run(xz_dec, &xz_buf);
442 kunmap_local(xz_buf.out);
443 fw_priv->size += xz_buf.out_pos;
444 /* partial decompression means either end or error */
445 if (xz_buf.out_pos != PAGE_SIZE)
446 break;
447 } while (xz_ret == XZ_OK);
448
449 err = fw_decompress_xz_error(dev, xz_ret);
450 if (!err)
451 err = fw_map_paged_buf(fw_priv);
452
453 out:
454 xz_dec_end(xz_dec);
455 return err;
456 }
457
fw_decompress_xz(struct device * dev,struct fw_priv * fw_priv,size_t in_size,const void * in_buffer)458 static int fw_decompress_xz(struct device *dev, struct fw_priv *fw_priv,
459 size_t in_size, const void *in_buffer)
460 {
461 /* if the buffer is pre-allocated, we can perform in single-shot mode */
462 if (fw_priv->data)
463 return fw_decompress_xz_single(dev, fw_priv, in_size, in_buffer);
464 else
465 return fw_decompress_xz_pages(dev, fw_priv, in_size, in_buffer);
466 }
467 #endif /* CONFIG_FW_LOADER_COMPRESS_XZ */
468
469 /* direct firmware loading support */
470 static char fw_path_para[256];
471 static const char * const fw_path[] = {
472 fw_path_para,
473 "/lib/firmware/updates/" UTS_RELEASE,
474 "/lib/firmware/updates",
475 "/lib/firmware/" UTS_RELEASE,
476 "/lib/firmware"
477 };
478
479 /*
480 * Typical usage is that passing 'firmware_class.path=$CUSTOMIZED_PATH'
481 * from kernel command line because firmware_class is generally built in
482 * kernel instead of module.
483 */
484 module_param_string(path, fw_path_para, sizeof(fw_path_para), 0644);
485 MODULE_PARM_DESC(path, "customized firmware image search path with a higher priority than default path");
486
487 static int
fw_get_filesystem_firmware(struct device * device,struct fw_priv * fw_priv,const char * suffix,int (* decompress)(struct device * dev,struct fw_priv * fw_priv,size_t in_size,const void * in_buffer))488 fw_get_filesystem_firmware(struct device *device, struct fw_priv *fw_priv,
489 const char *suffix,
490 int (*decompress)(struct device *dev,
491 struct fw_priv *fw_priv,
492 size_t in_size,
493 const void *in_buffer))
494 {
495 size_t size;
496 int i, len, maxlen = 0;
497 int rc = -ENOENT;
498 char *path, *nt = NULL;
499 size_t msize = INT_MAX;
500 void *buffer = NULL;
501
502 /* Already populated data member means we're loading into a buffer */
503 if (!decompress && fw_priv->data) {
504 buffer = fw_priv->data;
505 msize = fw_priv->allocated_size;
506 }
507
508 path = __getname();
509 if (!path)
510 return -ENOMEM;
511
512 wait_for_initramfs();
513 for (i = 0; i < ARRAY_SIZE(fw_path); i++) {
514 size_t file_size = 0;
515 size_t *file_size_ptr = NULL;
516
517 /* skip the unset customized path */
518 if (!fw_path[i][0])
519 continue;
520
521 /* strip off \n from customized path */
522 maxlen = strlen(fw_path[i]);
523 if (i == 0) {
524 nt = strchr(fw_path[i], '\n');
525 if (nt)
526 maxlen = nt - fw_path[i];
527 }
528
529 len = snprintf(path, PATH_MAX, "%.*s/%s%s",
530 maxlen, fw_path[i],
531 fw_priv->fw_name, suffix);
532 if (len >= PATH_MAX) {
533 rc = -ENAMETOOLONG;
534 break;
535 }
536
537 fw_priv->size = 0;
538
539 /*
540 * The total file size is only examined when doing a partial
541 * read; the "full read" case needs to fail if the whole
542 * firmware was not completely loaded.
543 */
544 if ((fw_priv->opt_flags & FW_OPT_PARTIAL) && buffer)
545 file_size_ptr = &file_size;
546
547 /* load firmware files from the mount namespace of init */
548 rc = kernel_read_file_from_path_initns(path, fw_priv->offset,
549 &buffer, msize,
550 file_size_ptr,
551 READING_FIRMWARE);
552 if (rc < 0) {
553 if (rc != -ENOENT)
554 dev_warn(device, "loading %s failed with error %d\n",
555 path, rc);
556 else
557 dev_dbg(device, "loading %s failed for no such file or directory.\n",
558 path);
559 continue;
560 }
561 size = rc;
562 rc = 0;
563
564 dev_dbg(device, "Loading firmware from %s\n", path);
565 if (decompress) {
566 dev_dbg(device, "f/w decompressing %s\n",
567 fw_priv->fw_name);
568 rc = decompress(device, fw_priv, size, buffer);
569 /* discard the superfluous original content */
570 vfree(buffer);
571 buffer = NULL;
572 if (rc) {
573 fw_free_paged_buf(fw_priv);
574 continue;
575 }
576 } else {
577 dev_dbg(device, "direct-loading %s\n",
578 fw_priv->fw_name);
579 if (!fw_priv->data)
580 fw_priv->data = buffer;
581 fw_priv->size = size;
582 }
583 fw_state_done(fw_priv);
584 break;
585 }
586 __putname(path);
587
588 return rc;
589 }
590
591 /* firmware holds the ownership of pages */
firmware_free_data(const struct firmware * fw)592 static void firmware_free_data(const struct firmware *fw)
593 {
594 /* Loaded directly? */
595 if (!fw->priv) {
596 vfree(fw->data);
597 return;
598 }
599 free_fw_priv(fw->priv);
600 }
601
602 /* store the pages buffer info firmware from buf */
fw_set_page_data(struct fw_priv * fw_priv,struct firmware * fw)603 static void fw_set_page_data(struct fw_priv *fw_priv, struct firmware *fw)
604 {
605 fw->priv = fw_priv;
606 fw->size = fw_priv->size;
607 fw->data = fw_priv->data;
608
609 pr_debug("%s: fw-%s fw_priv=%p data=%p size=%u\n",
610 __func__, fw_priv->fw_name, fw_priv, fw_priv->data,
611 (unsigned int)fw_priv->size);
612 }
613
614 #ifdef CONFIG_FW_CACHE
fw_name_devm_release(struct device * dev,void * res)615 static void fw_name_devm_release(struct device *dev, void *res)
616 {
617 struct fw_name_devm *fwn = res;
618
619 if (fwn->magic == (unsigned long)&fw_cache)
620 pr_debug("%s: fw_name-%s devm-%p released\n",
621 __func__, fwn->name, res);
622 kfree_const(fwn->name);
623 }
624
fw_devm_match(struct device * dev,void * res,void * match_data)625 static int fw_devm_match(struct device *dev, void *res,
626 void *match_data)
627 {
628 struct fw_name_devm *fwn = res;
629
630 return (fwn->magic == (unsigned long)&fw_cache) &&
631 !strcmp(fwn->name, match_data);
632 }
633
fw_find_devm_name(struct device * dev,const char * name)634 static struct fw_name_devm *fw_find_devm_name(struct device *dev,
635 const char *name)
636 {
637 struct fw_name_devm *fwn;
638
639 fwn = devres_find(dev, fw_name_devm_release,
640 fw_devm_match, (void *)name);
641 return fwn;
642 }
643
fw_cache_is_setup(struct device * dev,const char * name)644 static bool fw_cache_is_setup(struct device *dev, const char *name)
645 {
646 struct fw_name_devm *fwn;
647
648 fwn = fw_find_devm_name(dev, name);
649 if (fwn)
650 return true;
651
652 return false;
653 }
654
655 /* add firmware name into devres list */
fw_add_devm_name(struct device * dev,const char * name)656 static int fw_add_devm_name(struct device *dev, const char *name)
657 {
658 struct fw_name_devm *fwn;
659
660 if (fw_cache_is_setup(dev, name))
661 return 0;
662
663 fwn = devres_alloc(fw_name_devm_release, sizeof(struct fw_name_devm),
664 GFP_KERNEL);
665 if (!fwn)
666 return -ENOMEM;
667 fwn->name = kstrdup_const(name, GFP_KERNEL);
668 if (!fwn->name) {
669 devres_free(fwn);
670 return -ENOMEM;
671 }
672
673 fwn->magic = (unsigned long)&fw_cache;
674 devres_add(dev, fwn);
675
676 return 0;
677 }
678 #else
fw_cache_is_setup(struct device * dev,const char * name)679 static bool fw_cache_is_setup(struct device *dev, const char *name)
680 {
681 return false;
682 }
683
fw_add_devm_name(struct device * dev,const char * name)684 static int fw_add_devm_name(struct device *dev, const char *name)
685 {
686 return 0;
687 }
688 #endif
689
assign_fw(struct firmware * fw,struct device * device)690 int assign_fw(struct firmware *fw, struct device *device)
691 {
692 struct fw_priv *fw_priv = fw->priv;
693 int ret;
694
695 mutex_lock(&fw_lock);
696 if (!fw_priv->size || fw_state_is_aborted(fw_priv)) {
697 mutex_unlock(&fw_lock);
698 return -ENOENT;
699 }
700
701 /*
702 * add firmware name into devres list so that we can auto cache
703 * and uncache firmware for device.
704 *
705 * device may has been deleted already, but the problem
706 * should be fixed in devres or driver core.
707 */
708 /* don't cache firmware handled without uevent */
709 if (device && (fw_priv->opt_flags & FW_OPT_UEVENT) &&
710 !(fw_priv->opt_flags & FW_OPT_NOCACHE)) {
711 ret = fw_add_devm_name(device, fw_priv->fw_name);
712 if (ret) {
713 mutex_unlock(&fw_lock);
714 return ret;
715 }
716 }
717
718 /*
719 * After caching firmware image is started, let it piggyback
720 * on request firmware.
721 */
722 if (!(fw_priv->opt_flags & FW_OPT_NOCACHE) &&
723 fw_priv->fwc->state == FW_LOADER_START_CACHE)
724 fw_cache_piggyback_on_request(fw_priv);
725
726 /* pass the pages buffer to driver at the last minute */
727 fw_set_page_data(fw_priv, fw);
728 mutex_unlock(&fw_lock);
729 return 0;
730 }
731
732 /* prepare firmware and firmware_buf structs;
733 * return 0 if a firmware is already assigned, 1 if need to load one,
734 * or a negative error code
735 */
736 static int
_request_firmware_prepare(struct firmware ** firmware_p,const char * name,struct device * device,void * dbuf,size_t size,size_t offset,u32 opt_flags)737 _request_firmware_prepare(struct firmware **firmware_p, const char *name,
738 struct device *device, void *dbuf, size_t size,
739 size_t offset, u32 opt_flags)
740 {
741 struct firmware *firmware;
742 struct fw_priv *fw_priv;
743 int ret;
744
745 *firmware_p = firmware = kzalloc(sizeof(*firmware), GFP_KERNEL);
746 if (!firmware) {
747 dev_err(device, "%s: kmalloc(struct firmware) failed\n",
748 __func__);
749 return -ENOMEM;
750 }
751
752 if (firmware_request_builtin_buf(firmware, name, dbuf, size)) {
753 dev_dbg(device, "using built-in %s\n", name);
754 return 0; /* assigned */
755 }
756
757 ret = alloc_lookup_fw_priv(name, &fw_cache, &fw_priv, dbuf, size,
758 offset, opt_flags);
759
760 /*
761 * bind with 'priv' now to avoid warning in failure path
762 * of requesting firmware.
763 */
764 firmware->priv = fw_priv;
765
766 if (ret > 0) {
767 ret = fw_state_wait(fw_priv);
768 if (!ret) {
769 fw_set_page_data(fw_priv, firmware);
770 return 0; /* assigned */
771 }
772 }
773
774 if (ret < 0)
775 return ret;
776 return 1; /* need to load */
777 }
778
779 /*
780 * Batched requests need only one wake, we need to do this step last due to the
781 * fallback mechanism. The buf is protected with kref_get(), and it won't be
782 * released until the last user calls release_firmware().
783 *
784 * Failed batched requests are possible as well, in such cases we just share
785 * the struct fw_priv and won't release it until all requests are woken
786 * and have gone through this same path.
787 */
fw_abort_batch_reqs(struct firmware * fw)788 static void fw_abort_batch_reqs(struct firmware *fw)
789 {
790 struct fw_priv *fw_priv;
791
792 /* Loaded directly? */
793 if (!fw || !fw->priv)
794 return;
795
796 fw_priv = fw->priv;
797 mutex_lock(&fw_lock);
798 if (!fw_state_is_aborted(fw_priv))
799 fw_state_aborted(fw_priv);
800 mutex_unlock(&fw_lock);
801 }
802
803 #if defined(CONFIG_FW_LOADER_DEBUG)
804 #include <crypto/hash.h>
805 #include <crypto/sha2.h>
806
fw_log_firmware_info(const struct firmware * fw,const char * name,struct device * device)807 static void fw_log_firmware_info(const struct firmware *fw, const char *name, struct device *device)
808 {
809 struct shash_desc *shash;
810 struct crypto_shash *alg;
811 u8 *sha256buf;
812 char *outbuf;
813
814 alg = crypto_alloc_shash("sha256", 0, 0);
815 if (IS_ERR(alg))
816 return;
817
818 sha256buf = kmalloc(SHA256_DIGEST_SIZE, GFP_KERNEL);
819 outbuf = kmalloc(SHA256_BLOCK_SIZE + 1, GFP_KERNEL);
820 shash = kmalloc(sizeof(*shash) + crypto_shash_descsize(alg), GFP_KERNEL);
821 if (!sha256buf || !outbuf || !shash)
822 goto out_free;
823
824 shash->tfm = alg;
825
826 if (crypto_shash_digest(shash, fw->data, fw->size, sha256buf) < 0)
827 goto out_free;
828
829 for (int i = 0; i < SHA256_DIGEST_SIZE; i++)
830 sprintf(&outbuf[i * 2], "%02x", sha256buf[i]);
831 outbuf[SHA256_BLOCK_SIZE] = 0;
832 dev_dbg(device, "Loaded FW: %s, sha256: %s\n", name, outbuf);
833
834 out_free:
835 kfree(shash);
836 kfree(outbuf);
837 kfree(sha256buf);
838 crypto_free_shash(alg);
839 }
840 #else
fw_log_firmware_info(const struct firmware * fw,const char * name,struct device * device)841 static void fw_log_firmware_info(const struct firmware *fw, const char *name,
842 struct device *device)
843 {}
844 #endif
845
846 /*
847 * Reject firmware file names with ".." path components.
848 * There are drivers that construct firmware file names from device-supplied
849 * strings, and we don't want some device to be able to tell us "I would like to
850 * be sent my firmware from ../../../etc/shadow, please".
851 *
852 * Search for ".." surrounded by either '/' or start/end of string.
853 *
854 * This intentionally only looks at the firmware name, not at the firmware base
855 * directory or at symlink contents.
856 */
name_contains_dotdot(const char * name)857 static bool name_contains_dotdot(const char *name)
858 {
859 size_t name_len = strlen(name);
860
861 return strcmp(name, "..") == 0 || strncmp(name, "../", 3) == 0 ||
862 strstr(name, "/../") != NULL ||
863 (name_len >= 3 && strcmp(name+name_len-3, "/..") == 0);
864 }
865
866 /* called from request_firmware() and request_firmware_work_func() */
867 static int
_request_firmware(const struct firmware ** firmware_p,const char * name,struct device * device,void * buf,size_t size,size_t offset,u32 opt_flags)868 _request_firmware(const struct firmware **firmware_p, const char *name,
869 struct device *device, void *buf, size_t size,
870 size_t offset, u32 opt_flags)
871 {
872 struct firmware *fw = NULL;
873 struct cred *kern_cred = NULL;
874 const struct cred *old_cred;
875 bool nondirect = false;
876 int ret;
877
878 if (!firmware_p)
879 return -EINVAL;
880
881 if (!name || name[0] == '\0') {
882 ret = -EINVAL;
883 goto out;
884 }
885
886 if (name_contains_dotdot(name)) {
887 dev_warn(device,
888 "Firmware load for '%s' refused, path contains '..' component\n",
889 name);
890 ret = -EINVAL;
891 goto out;
892 }
893
894 ret = _request_firmware_prepare(&fw, name, device, buf, size,
895 offset, opt_flags);
896 if (ret <= 0) /* error or already assigned */
897 goto out;
898
899 /*
900 * We are about to try to access the firmware file. Because we may have been
901 * called by a driver when serving an unrelated request from userland, we use
902 * the kernel credentials to read the file.
903 */
904 kern_cred = prepare_kernel_cred(&init_task);
905 if (!kern_cred) {
906 ret = -ENOMEM;
907 goto out;
908 }
909 old_cred = override_creds(kern_cred);
910
911 ret = fw_get_filesystem_firmware(device, fw->priv, "", NULL);
912
913 /* Only full reads can support decompression, platform, and sysfs. */
914 if (!(opt_flags & FW_OPT_PARTIAL))
915 nondirect = true;
916
917 #ifdef CONFIG_FW_LOADER_COMPRESS_ZSTD
918 if (ret == -ENOENT && nondirect)
919 ret = fw_get_filesystem_firmware(device, fw->priv, ".zst",
920 fw_decompress_zstd);
921 #endif
922 #ifdef CONFIG_FW_LOADER_COMPRESS_XZ
923 if (ret == -ENOENT && nondirect)
924 ret = fw_get_filesystem_firmware(device, fw->priv, ".xz",
925 fw_decompress_xz);
926 #endif
927 if (ret == -ENOENT && nondirect)
928 ret = firmware_fallback_platform(fw->priv);
929
930 if (ret) {
931 if (!(opt_flags & FW_OPT_NO_WARN))
932 dev_warn(device,
933 "Direct firmware load for %s failed with error %d\n",
934 name, ret);
935 if (nondirect)
936 ret = firmware_fallback_sysfs(fw, name, device,
937 opt_flags, ret);
938 } else
939 ret = assign_fw(fw, device);
940
941 revert_creds(old_cred);
942 put_cred(kern_cred);
943
944 out:
945 if (ret < 0) {
946 fw_abort_batch_reqs(fw);
947 release_firmware(fw);
948 fw = NULL;
949 } else {
950 fw_log_firmware_info(fw, name, device);
951 }
952
953 *firmware_p = fw;
954 return ret;
955 }
956
957 /**
958 * request_firmware() - send firmware request and wait for it
959 * @firmware_p: pointer to firmware image
960 * @name: name of firmware file
961 * @device: device for which firmware is being loaded
962 *
963 * @firmware_p will be used to return a firmware image by the name
964 * of @name for device @device.
965 *
966 * Should be called from user context where sleeping is allowed.
967 *
968 * @name will be used as $FIRMWARE in the uevent environment and
969 * should be distinctive enough not to be confused with any other
970 * firmware image for this or any other device.
971 * It must not contain any ".." path components - "foo/bar..bin" is
972 * allowed, but "foo/../bar.bin" is not.
973 *
974 * Caller must hold the reference count of @device.
975 *
976 * The function can be called safely inside device's suspend and
977 * resume callback.
978 **/
979 int
request_firmware(const struct firmware ** firmware_p,const char * name,struct device * device)980 request_firmware(const struct firmware **firmware_p, const char *name,
981 struct device *device)
982 {
983 int ret;
984
985 /* Need to pin this module until return */
986 __module_get(THIS_MODULE);
987 ret = _request_firmware(firmware_p, name, device, NULL, 0, 0,
988 FW_OPT_UEVENT);
989 module_put(THIS_MODULE);
990 return ret;
991 }
992 EXPORT_SYMBOL(request_firmware);
993
994 /**
995 * firmware_request_nowarn() - request for an optional fw module
996 * @firmware: pointer to firmware image
997 * @name: name of firmware file
998 * @device: device for which firmware is being loaded
999 *
1000 * This function is similar in behaviour to request_firmware(), except it
1001 * doesn't produce warning messages when the file is not found. The sysfs
1002 * fallback mechanism is enabled if direct filesystem lookup fails. However,
1003 * failures to find the firmware file with it are still suppressed. It is
1004 * therefore up to the driver to check for the return value of this call and to
1005 * decide when to inform the users of errors.
1006 **/
firmware_request_nowarn(const struct firmware ** firmware,const char * name,struct device * device)1007 int firmware_request_nowarn(const struct firmware **firmware, const char *name,
1008 struct device *device)
1009 {
1010 int ret;
1011
1012 /* Need to pin this module until return */
1013 __module_get(THIS_MODULE);
1014 ret = _request_firmware(firmware, name, device, NULL, 0, 0,
1015 FW_OPT_UEVENT | FW_OPT_NO_WARN);
1016 module_put(THIS_MODULE);
1017 return ret;
1018 }
1019 EXPORT_SYMBOL_GPL(firmware_request_nowarn);
1020
1021 /**
1022 * request_firmware_direct() - load firmware directly without usermode helper
1023 * @firmware_p: pointer to firmware image
1024 * @name: name of firmware file
1025 * @device: device for which firmware is being loaded
1026 *
1027 * This function works pretty much like request_firmware(), but this doesn't
1028 * fall back to usermode helper even if the firmware couldn't be loaded
1029 * directly from fs. Hence it's useful for loading optional firmwares, which
1030 * aren't always present, without extra long timeouts of udev.
1031 **/
request_firmware_direct(const struct firmware ** firmware_p,const char * name,struct device * device)1032 int request_firmware_direct(const struct firmware **firmware_p,
1033 const char *name, struct device *device)
1034 {
1035 int ret;
1036
1037 __module_get(THIS_MODULE);
1038 ret = _request_firmware(firmware_p, name, device, NULL, 0, 0,
1039 FW_OPT_UEVENT | FW_OPT_NO_WARN |
1040 FW_OPT_NOFALLBACK_SYSFS);
1041 module_put(THIS_MODULE);
1042 return ret;
1043 }
1044 EXPORT_SYMBOL_GPL(request_firmware_direct);
1045
1046 /**
1047 * firmware_request_platform() - request firmware with platform-fw fallback
1048 * @firmware: pointer to firmware image
1049 * @name: name of firmware file
1050 * @device: device for which firmware is being loaded
1051 *
1052 * This function is similar in behaviour to request_firmware, except that if
1053 * direct filesystem lookup fails, it will fallback to looking for a copy of the
1054 * requested firmware embedded in the platform's main (e.g. UEFI) firmware.
1055 **/
firmware_request_platform(const struct firmware ** firmware,const char * name,struct device * device)1056 int firmware_request_platform(const struct firmware **firmware,
1057 const char *name, struct device *device)
1058 {
1059 int ret;
1060
1061 /* Need to pin this module until return */
1062 __module_get(THIS_MODULE);
1063 ret = _request_firmware(firmware, name, device, NULL, 0, 0,
1064 FW_OPT_UEVENT | FW_OPT_FALLBACK_PLATFORM);
1065 module_put(THIS_MODULE);
1066 return ret;
1067 }
1068 EXPORT_SYMBOL_GPL(firmware_request_platform);
1069
1070 /**
1071 * firmware_request_cache() - cache firmware for suspend so resume can use it
1072 * @name: name of firmware file
1073 * @device: device for which firmware should be cached for
1074 *
1075 * There are some devices with an optimization that enables the device to not
1076 * require loading firmware on system reboot. This optimization may still
1077 * require the firmware present on resume from suspend. This routine can be
1078 * used to ensure the firmware is present on resume from suspend in these
1079 * situations. This helper is not compatible with drivers which use
1080 * request_firmware_into_buf() or request_firmware_nowait() with no uevent set.
1081 **/
firmware_request_cache(struct device * device,const char * name)1082 int firmware_request_cache(struct device *device, const char *name)
1083 {
1084 int ret;
1085
1086 mutex_lock(&fw_lock);
1087 ret = fw_add_devm_name(device, name);
1088 mutex_unlock(&fw_lock);
1089
1090 return ret;
1091 }
1092 EXPORT_SYMBOL_GPL(firmware_request_cache);
1093
1094 /**
1095 * request_firmware_into_buf() - load firmware into a previously allocated buffer
1096 * @firmware_p: pointer to firmware image
1097 * @name: name of firmware file
1098 * @device: device for which firmware is being loaded and DMA region allocated
1099 * @buf: address of buffer to load firmware into
1100 * @size: size of buffer
1101 *
1102 * This function works pretty much like request_firmware(), but it doesn't
1103 * allocate a buffer to hold the firmware data. Instead, the firmware
1104 * is loaded directly into the buffer pointed to by @buf and the @firmware_p
1105 * data member is pointed at @buf.
1106 *
1107 * This function doesn't cache firmware either.
1108 */
1109 int
request_firmware_into_buf(const struct firmware ** firmware_p,const char * name,struct device * device,void * buf,size_t size)1110 request_firmware_into_buf(const struct firmware **firmware_p, const char *name,
1111 struct device *device, void *buf, size_t size)
1112 {
1113 int ret;
1114
1115 if (fw_cache_is_setup(device, name))
1116 return -EOPNOTSUPP;
1117
1118 __module_get(THIS_MODULE);
1119 ret = _request_firmware(firmware_p, name, device, buf, size, 0,
1120 FW_OPT_UEVENT | FW_OPT_NOCACHE);
1121 module_put(THIS_MODULE);
1122 return ret;
1123 }
1124 EXPORT_SYMBOL(request_firmware_into_buf);
1125
1126 /**
1127 * request_partial_firmware_into_buf() - load partial firmware into a previously allocated buffer
1128 * @firmware_p: pointer to firmware image
1129 * @name: name of firmware file
1130 * @device: device for which firmware is being loaded and DMA region allocated
1131 * @buf: address of buffer to load firmware into
1132 * @size: size of buffer
1133 * @offset: offset into file to read
1134 *
1135 * This function works pretty much like request_firmware_into_buf except
1136 * it allows a partial read of the file.
1137 */
1138 int
request_partial_firmware_into_buf(const struct firmware ** firmware_p,const char * name,struct device * device,void * buf,size_t size,size_t offset)1139 request_partial_firmware_into_buf(const struct firmware **firmware_p,
1140 const char *name, struct device *device,
1141 void *buf, size_t size, size_t offset)
1142 {
1143 int ret;
1144
1145 if (fw_cache_is_setup(device, name))
1146 return -EOPNOTSUPP;
1147
1148 __module_get(THIS_MODULE);
1149 ret = _request_firmware(firmware_p, name, device, buf, size, offset,
1150 FW_OPT_UEVENT | FW_OPT_NOCACHE |
1151 FW_OPT_PARTIAL);
1152 module_put(THIS_MODULE);
1153 return ret;
1154 }
1155 EXPORT_SYMBOL(request_partial_firmware_into_buf);
1156
1157 /**
1158 * release_firmware() - release the resource associated with a firmware image
1159 * @fw: firmware resource to release
1160 **/
release_firmware(const struct firmware * fw)1161 void release_firmware(const struct firmware *fw)
1162 {
1163 if (fw) {
1164 if (!firmware_is_builtin(fw))
1165 firmware_free_data(fw);
1166 kfree(fw);
1167 }
1168 }
1169 EXPORT_SYMBOL(release_firmware);
1170
1171 /* Async support */
1172 struct firmware_work {
1173 struct work_struct work;
1174 struct module *module;
1175 const char *name;
1176 struct device *device;
1177 void *context;
1178 void (*cont)(const struct firmware *fw, void *context);
1179 u32 opt_flags;
1180 };
1181
request_firmware_work_func(struct work_struct * work)1182 static void request_firmware_work_func(struct work_struct *work)
1183 {
1184 struct firmware_work *fw_work;
1185 const struct firmware *fw;
1186
1187 fw_work = container_of(work, struct firmware_work, work);
1188
1189 _request_firmware(&fw, fw_work->name, fw_work->device, NULL, 0, 0,
1190 fw_work->opt_flags);
1191 fw_work->cont(fw, fw_work->context);
1192 put_device(fw_work->device); /* taken in request_firmware_nowait() */
1193
1194 module_put(fw_work->module);
1195 kfree_const(fw_work->name);
1196 kfree(fw_work);
1197 }
1198
1199 /**
1200 * request_firmware_nowait() - asynchronous version of request_firmware
1201 * @module: module requesting the firmware
1202 * @uevent: sends uevent to copy the firmware image if this flag
1203 * is non-zero else the firmware copy must be done manually.
1204 * @name: name of firmware file
1205 * @device: device for which firmware is being loaded
1206 * @gfp: allocation flags
1207 * @context: will be passed over to @cont, and
1208 * @fw may be %NULL if firmware request fails.
1209 * @cont: function will be called asynchronously when the firmware
1210 * request is over.
1211 *
1212 * Caller must hold the reference count of @device.
1213 *
1214 * Asynchronous variant of request_firmware() for user contexts:
1215 * - sleep for as small periods as possible since it may
1216 * increase kernel boot time of built-in device drivers
1217 * requesting firmware in their ->probe() methods, if
1218 * @gfp is GFP_KERNEL.
1219 *
1220 * - can't sleep at all if @gfp is GFP_ATOMIC.
1221 **/
1222 int
request_firmware_nowait(struct module * module,bool uevent,const char * name,struct device * device,gfp_t gfp,void * context,void (* cont)(const struct firmware * fw,void * context))1223 request_firmware_nowait(
1224 struct module *module, bool uevent,
1225 const char *name, struct device *device, gfp_t gfp, void *context,
1226 void (*cont)(const struct firmware *fw, void *context))
1227 {
1228 struct firmware_work *fw_work;
1229
1230 fw_work = kzalloc(sizeof(struct firmware_work), gfp);
1231 if (!fw_work)
1232 return -ENOMEM;
1233
1234 fw_work->module = module;
1235 fw_work->name = kstrdup_const(name, gfp);
1236 if (!fw_work->name) {
1237 kfree(fw_work);
1238 return -ENOMEM;
1239 }
1240 fw_work->device = device;
1241 fw_work->context = context;
1242 fw_work->cont = cont;
1243 fw_work->opt_flags = FW_OPT_NOWAIT |
1244 (uevent ? FW_OPT_UEVENT : FW_OPT_USERHELPER);
1245
1246 if (!uevent && fw_cache_is_setup(device, name)) {
1247 kfree_const(fw_work->name);
1248 kfree(fw_work);
1249 return -EOPNOTSUPP;
1250 }
1251
1252 if (!try_module_get(module)) {
1253 kfree_const(fw_work->name);
1254 kfree(fw_work);
1255 return -EFAULT;
1256 }
1257
1258 get_device(fw_work->device);
1259 INIT_WORK(&fw_work->work, request_firmware_work_func);
1260 schedule_work(&fw_work->work);
1261 return 0;
1262 }
1263 EXPORT_SYMBOL(request_firmware_nowait);
1264
1265 #ifdef CONFIG_FW_CACHE
1266 static ASYNC_DOMAIN_EXCLUSIVE(fw_cache_domain);
1267
1268 /**
1269 * cache_firmware() - cache one firmware image in kernel memory space
1270 * @fw_name: the firmware image name
1271 *
1272 * Cache firmware in kernel memory so that drivers can use it when
1273 * system isn't ready for them to request firmware image from userspace.
1274 * Once it returns successfully, driver can use request_firmware or its
1275 * nowait version to get the cached firmware without any interacting
1276 * with userspace
1277 *
1278 * Return 0 if the firmware image has been cached successfully
1279 * Return !0 otherwise
1280 *
1281 */
cache_firmware(const char * fw_name)1282 static int cache_firmware(const char *fw_name)
1283 {
1284 int ret;
1285 const struct firmware *fw;
1286
1287 pr_debug("%s: %s\n", __func__, fw_name);
1288
1289 ret = request_firmware(&fw, fw_name, NULL);
1290 if (!ret)
1291 kfree(fw);
1292
1293 pr_debug("%s: %s ret=%d\n", __func__, fw_name, ret);
1294
1295 return ret;
1296 }
1297
lookup_fw_priv(const char * fw_name)1298 static struct fw_priv *lookup_fw_priv(const char *fw_name)
1299 {
1300 struct fw_priv *tmp;
1301 struct firmware_cache *fwc = &fw_cache;
1302
1303 spin_lock(&fwc->lock);
1304 tmp = __lookup_fw_priv(fw_name);
1305 spin_unlock(&fwc->lock);
1306
1307 return tmp;
1308 }
1309
1310 /**
1311 * uncache_firmware() - remove one cached firmware image
1312 * @fw_name: the firmware image name
1313 *
1314 * Uncache one firmware image which has been cached successfully
1315 * before.
1316 *
1317 * Return 0 if the firmware cache has been removed successfully
1318 * Return !0 otherwise
1319 *
1320 */
uncache_firmware(const char * fw_name)1321 static int uncache_firmware(const char *fw_name)
1322 {
1323 struct fw_priv *fw_priv;
1324 struct firmware fw;
1325
1326 pr_debug("%s: %s\n", __func__, fw_name);
1327
1328 if (firmware_request_builtin(&fw, fw_name))
1329 return 0;
1330
1331 fw_priv = lookup_fw_priv(fw_name);
1332 if (fw_priv) {
1333 free_fw_priv(fw_priv);
1334 return 0;
1335 }
1336
1337 return -EINVAL;
1338 }
1339
alloc_fw_cache_entry(const char * name)1340 static struct fw_cache_entry *alloc_fw_cache_entry(const char *name)
1341 {
1342 struct fw_cache_entry *fce;
1343
1344 fce = kzalloc(sizeof(*fce), GFP_ATOMIC);
1345 if (!fce)
1346 goto exit;
1347
1348 fce->name = kstrdup_const(name, GFP_ATOMIC);
1349 if (!fce->name) {
1350 kfree(fce);
1351 fce = NULL;
1352 goto exit;
1353 }
1354 exit:
1355 return fce;
1356 }
1357
__fw_entry_found(const char * name)1358 static int __fw_entry_found(const char *name)
1359 {
1360 struct firmware_cache *fwc = &fw_cache;
1361 struct fw_cache_entry *fce;
1362
1363 list_for_each_entry(fce, &fwc->fw_names, list) {
1364 if (!strcmp(fce->name, name))
1365 return 1;
1366 }
1367 return 0;
1368 }
1369
fw_cache_piggyback_on_request(struct fw_priv * fw_priv)1370 static void fw_cache_piggyback_on_request(struct fw_priv *fw_priv)
1371 {
1372 const char *name = fw_priv->fw_name;
1373 struct firmware_cache *fwc = fw_priv->fwc;
1374 struct fw_cache_entry *fce;
1375
1376 spin_lock(&fwc->name_lock);
1377 if (__fw_entry_found(name))
1378 goto found;
1379
1380 fce = alloc_fw_cache_entry(name);
1381 if (fce) {
1382 list_add(&fce->list, &fwc->fw_names);
1383 kref_get(&fw_priv->ref);
1384 pr_debug("%s: fw: %s\n", __func__, name);
1385 }
1386 found:
1387 spin_unlock(&fwc->name_lock);
1388 }
1389
free_fw_cache_entry(struct fw_cache_entry * fce)1390 static void free_fw_cache_entry(struct fw_cache_entry *fce)
1391 {
1392 kfree_const(fce->name);
1393 kfree(fce);
1394 }
1395
__async_dev_cache_fw_image(void * fw_entry,async_cookie_t cookie)1396 static void __async_dev_cache_fw_image(void *fw_entry,
1397 async_cookie_t cookie)
1398 {
1399 struct fw_cache_entry *fce = fw_entry;
1400 struct firmware_cache *fwc = &fw_cache;
1401 int ret;
1402
1403 ret = cache_firmware(fce->name);
1404 if (ret) {
1405 spin_lock(&fwc->name_lock);
1406 list_del(&fce->list);
1407 spin_unlock(&fwc->name_lock);
1408
1409 free_fw_cache_entry(fce);
1410 }
1411 }
1412
1413 /* called with dev->devres_lock held */
dev_create_fw_entry(struct device * dev,void * res,void * data)1414 static void dev_create_fw_entry(struct device *dev, void *res,
1415 void *data)
1416 {
1417 struct fw_name_devm *fwn = res;
1418 const char *fw_name = fwn->name;
1419 struct list_head *head = data;
1420 struct fw_cache_entry *fce;
1421
1422 fce = alloc_fw_cache_entry(fw_name);
1423 if (fce)
1424 list_add(&fce->list, head);
1425 }
1426
devm_name_match(struct device * dev,void * res,void * match_data)1427 static int devm_name_match(struct device *dev, void *res,
1428 void *match_data)
1429 {
1430 struct fw_name_devm *fwn = res;
1431 return (fwn->magic == (unsigned long)match_data);
1432 }
1433
dev_cache_fw_image(struct device * dev,void * data)1434 static void dev_cache_fw_image(struct device *dev, void *data)
1435 {
1436 LIST_HEAD(todo);
1437 struct fw_cache_entry *fce;
1438 struct fw_cache_entry *fce_next;
1439 struct firmware_cache *fwc = &fw_cache;
1440
1441 devres_for_each_res(dev, fw_name_devm_release,
1442 devm_name_match, &fw_cache,
1443 dev_create_fw_entry, &todo);
1444
1445 list_for_each_entry_safe(fce, fce_next, &todo, list) {
1446 list_del(&fce->list);
1447
1448 spin_lock(&fwc->name_lock);
1449 /* only one cache entry for one firmware */
1450 if (!__fw_entry_found(fce->name)) {
1451 list_add(&fce->list, &fwc->fw_names);
1452 } else {
1453 free_fw_cache_entry(fce);
1454 fce = NULL;
1455 }
1456 spin_unlock(&fwc->name_lock);
1457
1458 if (fce)
1459 async_schedule_domain(__async_dev_cache_fw_image,
1460 (void *)fce,
1461 &fw_cache_domain);
1462 }
1463 }
1464
__device_uncache_fw_images(void)1465 static void __device_uncache_fw_images(void)
1466 {
1467 struct firmware_cache *fwc = &fw_cache;
1468 struct fw_cache_entry *fce;
1469
1470 spin_lock(&fwc->name_lock);
1471 while (!list_empty(&fwc->fw_names)) {
1472 fce = list_entry(fwc->fw_names.next,
1473 struct fw_cache_entry, list);
1474 list_del(&fce->list);
1475 spin_unlock(&fwc->name_lock);
1476
1477 uncache_firmware(fce->name);
1478 free_fw_cache_entry(fce);
1479
1480 spin_lock(&fwc->name_lock);
1481 }
1482 spin_unlock(&fwc->name_lock);
1483 }
1484
1485 /**
1486 * device_cache_fw_images() - cache devices' firmware
1487 *
1488 * If one device called request_firmware or its nowait version
1489 * successfully before, the firmware names are recored into the
1490 * device's devres link list, so device_cache_fw_images can call
1491 * cache_firmware() to cache these firmwares for the device,
1492 * then the device driver can load its firmwares easily at
1493 * time when system is not ready to complete loading firmware.
1494 */
device_cache_fw_images(void)1495 static void device_cache_fw_images(void)
1496 {
1497 struct firmware_cache *fwc = &fw_cache;
1498 DEFINE_WAIT(wait);
1499
1500 pr_debug("%s\n", __func__);
1501
1502 /* cancel uncache work */
1503 cancel_delayed_work_sync(&fwc->work);
1504
1505 fw_fallback_set_cache_timeout();
1506
1507 mutex_lock(&fw_lock);
1508 fwc->state = FW_LOADER_START_CACHE;
1509 dpm_for_each_dev(NULL, dev_cache_fw_image);
1510 mutex_unlock(&fw_lock);
1511
1512 /* wait for completion of caching firmware for all devices */
1513 async_synchronize_full_domain(&fw_cache_domain);
1514
1515 fw_fallback_set_default_timeout();
1516 }
1517
1518 /**
1519 * device_uncache_fw_images() - uncache devices' firmware
1520 *
1521 * uncache all firmwares which have been cached successfully
1522 * by device_uncache_fw_images earlier
1523 */
device_uncache_fw_images(void)1524 static void device_uncache_fw_images(void)
1525 {
1526 pr_debug("%s\n", __func__);
1527 __device_uncache_fw_images();
1528 }
1529
device_uncache_fw_images_work(struct work_struct * work)1530 static void device_uncache_fw_images_work(struct work_struct *work)
1531 {
1532 device_uncache_fw_images();
1533 }
1534
1535 /**
1536 * device_uncache_fw_images_delay() - uncache devices firmwares
1537 * @delay: number of milliseconds to delay uncache device firmwares
1538 *
1539 * uncache all devices's firmwares which has been cached successfully
1540 * by device_cache_fw_images after @delay milliseconds.
1541 */
device_uncache_fw_images_delay(unsigned long delay)1542 static void device_uncache_fw_images_delay(unsigned long delay)
1543 {
1544 queue_delayed_work(system_power_efficient_wq, &fw_cache.work,
1545 msecs_to_jiffies(delay));
1546 }
1547
fw_pm_notify(struct notifier_block * notify_block,unsigned long mode,void * unused)1548 static int fw_pm_notify(struct notifier_block *notify_block,
1549 unsigned long mode, void *unused)
1550 {
1551 switch (mode) {
1552 case PM_HIBERNATION_PREPARE:
1553 case PM_SUSPEND_PREPARE:
1554 case PM_RESTORE_PREPARE:
1555 /*
1556 * kill pending fallback requests with a custom fallback
1557 * to avoid stalling suspend.
1558 */
1559 kill_pending_fw_fallback_reqs(true);
1560 device_cache_fw_images();
1561 break;
1562
1563 case PM_POST_SUSPEND:
1564 case PM_POST_HIBERNATION:
1565 case PM_POST_RESTORE:
1566 /*
1567 * In case that system sleep failed and syscore_suspend is
1568 * not called.
1569 */
1570 mutex_lock(&fw_lock);
1571 fw_cache.state = FW_LOADER_NO_CACHE;
1572 mutex_unlock(&fw_lock);
1573
1574 device_uncache_fw_images_delay(10 * MSEC_PER_SEC);
1575 break;
1576 }
1577
1578 return 0;
1579 }
1580
1581 /* stop caching firmware once syscore_suspend is reached */
fw_suspend(void)1582 static int fw_suspend(void)
1583 {
1584 fw_cache.state = FW_LOADER_NO_CACHE;
1585 return 0;
1586 }
1587
1588 static struct syscore_ops fw_syscore_ops = {
1589 .suspend = fw_suspend,
1590 };
1591
register_fw_pm_ops(void)1592 static int __init register_fw_pm_ops(void)
1593 {
1594 int ret;
1595
1596 spin_lock_init(&fw_cache.name_lock);
1597 INIT_LIST_HEAD(&fw_cache.fw_names);
1598
1599 INIT_DELAYED_WORK(&fw_cache.work,
1600 device_uncache_fw_images_work);
1601
1602 fw_cache.pm_notify.notifier_call = fw_pm_notify;
1603 ret = register_pm_notifier(&fw_cache.pm_notify);
1604 if (ret)
1605 return ret;
1606
1607 register_syscore_ops(&fw_syscore_ops);
1608
1609 return ret;
1610 }
1611
unregister_fw_pm_ops(void)1612 static inline void unregister_fw_pm_ops(void)
1613 {
1614 unregister_syscore_ops(&fw_syscore_ops);
1615 unregister_pm_notifier(&fw_cache.pm_notify);
1616 }
1617 #else
fw_cache_piggyback_on_request(struct fw_priv * fw_priv)1618 static void fw_cache_piggyback_on_request(struct fw_priv *fw_priv)
1619 {
1620 }
register_fw_pm_ops(void)1621 static inline int register_fw_pm_ops(void)
1622 {
1623 return 0;
1624 }
unregister_fw_pm_ops(void)1625 static inline void unregister_fw_pm_ops(void)
1626 {
1627 }
1628 #endif
1629
fw_cache_init(void)1630 static void __init fw_cache_init(void)
1631 {
1632 spin_lock_init(&fw_cache.lock);
1633 INIT_LIST_HEAD(&fw_cache.head);
1634 fw_cache.state = FW_LOADER_NO_CACHE;
1635 }
1636
fw_shutdown_notify(struct notifier_block * unused1,unsigned long unused2,void * unused3)1637 static int fw_shutdown_notify(struct notifier_block *unused1,
1638 unsigned long unused2, void *unused3)
1639 {
1640 /*
1641 * Kill all pending fallback requests to avoid both stalling shutdown,
1642 * and avoid a deadlock with the usermode_lock.
1643 */
1644 kill_pending_fw_fallback_reqs(false);
1645
1646 return NOTIFY_DONE;
1647 }
1648
1649 static struct notifier_block fw_shutdown_nb = {
1650 .notifier_call = fw_shutdown_notify,
1651 };
1652
firmware_class_init(void)1653 static int __init firmware_class_init(void)
1654 {
1655 int ret;
1656
1657 /* No need to unfold these on exit */
1658 fw_cache_init();
1659
1660 ret = register_fw_pm_ops();
1661 if (ret)
1662 return ret;
1663
1664 ret = register_reboot_notifier(&fw_shutdown_nb);
1665 if (ret)
1666 goto out;
1667
1668 return register_sysfs_loader();
1669
1670 out:
1671 unregister_fw_pm_ops();
1672 return ret;
1673 }
1674
firmware_class_exit(void)1675 static void __exit firmware_class_exit(void)
1676 {
1677 unregister_fw_pm_ops();
1678 unregister_reboot_notifier(&fw_shutdown_nb);
1679 unregister_sysfs_loader();
1680 }
1681
1682 fs_initcall(firmware_class_init);
1683 module_exit(firmware_class_exit);
1684