1 /* 2 * 3 * Intel Management Engine Interface (Intel MEI) Linux driver 4 * Copyright (c) 2003-2012, Intel Corporation. 5 * 6 * This program is free software; you can redistribute it and/or modify it 7 * under the terms and conditions of the GNU General Public License, 8 * version 2, as published by the Free Software Foundation. 9 * 10 * This program is distributed in the hope it will be useful, but WITHOUT 11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for 13 * more details. 14 * 15 */ 16 17 18 #include <linux/export.h> 19 #include <linux/kthread.h> 20 #include <linux/interrupt.h> 21 #include <linux/fs.h> 22 #include <linux/jiffies.h> 23 #include <linux/slab.h> 24 25 #include <linux/mei.h> 26 27 #include "mei_dev.h" 28 #include "hbm.h" 29 #include "client.h" 30 31 32 /** 33 * mei_irq_compl_handler - dispatch complete handlers 34 * for the completed callbacks 35 * 36 * @dev: mei device 37 * @compl_list: list of completed cbs 38 */ 39 void mei_irq_compl_handler(struct mei_device *dev, struct mei_cl_cb *compl_list) 40 { 41 struct mei_cl_cb *cb, *next; 42 struct mei_cl *cl; 43 44 list_for_each_entry_safe(cb, next, &compl_list->list, list) { 45 cl = cb->cl; 46 list_del_init(&cb->list); 47 48 dev_dbg(dev->dev, "completing call back.\n"); 49 if (cl == &dev->iamthif_cl) 50 mei_amthif_complete(dev, cb); 51 else 52 mei_cl_complete(cl, cb); 53 } 54 } 55 EXPORT_SYMBOL_GPL(mei_irq_compl_handler); 56 57 /** 58 * mei_cl_hbm_equal - check if hbm is addressed to the client 59 * 60 * @cl: host client 61 * @mei_hdr: header of mei client message 62 * 63 * Return: true if matches, false otherwise 64 */ 65 static inline int mei_cl_hbm_equal(struct mei_cl *cl, 66 struct mei_msg_hdr *mei_hdr) 67 { 68 return cl->host_client_id == mei_hdr->host_addr && 69 cl->me_client_id == mei_hdr->me_addr; 70 } 71 72 /** 73 * mei_irq_discard_msg - discard received message 74 * 75 * @dev: mei device 76 * @hdr: message header 77 */ 78 static inline 79 void mei_irq_discard_msg(struct mei_device *dev, struct mei_msg_hdr *hdr) 80 { 81 /* 82 * no need to check for size as it is guarantied 83 * that length fits into rd_msg_buf 84 */ 85 mei_read_slots(dev, dev->rd_msg_buf, hdr->length); 86 dev_dbg(dev->dev, "discarding message " MEI_HDR_FMT "\n", 87 MEI_HDR_PRM(hdr)); 88 } 89 90 /** 91 * mei_cl_irq_read_msg - process client message 92 * 93 * @cl: reading client 94 * @mei_hdr: header of mei client message 95 * @complete_list: completion list 96 * 97 * Return: always 0 98 */ 99 int mei_cl_irq_read_msg(struct mei_cl *cl, 100 struct mei_msg_hdr *mei_hdr, 101 struct mei_cl_cb *complete_list) 102 { 103 struct mei_device *dev = cl->dev; 104 struct mei_cl_cb *cb; 105 unsigned char *buffer = NULL; 106 107 cb = list_first_entry_or_null(&cl->rd_pending, struct mei_cl_cb, list); 108 if (!cb) { 109 cl_err(dev, cl, "pending read cb not found\n"); 110 goto out; 111 } 112 113 if (!mei_cl_is_connected(cl)) { 114 cl_dbg(dev, cl, "not connected\n"); 115 cb->status = -ENODEV; 116 goto out; 117 } 118 119 if (cb->buf.size == 0 || cb->buf.data == NULL) { 120 cl_err(dev, cl, "response buffer is not allocated.\n"); 121 list_move_tail(&cb->list, &complete_list->list); 122 cb->status = -ENOMEM; 123 goto out; 124 } 125 126 if (cb->buf.size < mei_hdr->length + cb->buf_idx) { 127 cl_dbg(dev, cl, "message overflow. size %d len %d idx %ld\n", 128 cb->buf.size, mei_hdr->length, cb->buf_idx); 129 buffer = krealloc(cb->buf.data, mei_hdr->length + cb->buf_idx, 130 GFP_KERNEL); 131 132 if (!buffer) { 133 cb->status = -ENOMEM; 134 list_move_tail(&cb->list, &complete_list->list); 135 goto out; 136 } 137 cb->buf.data = buffer; 138 cb->buf.size = mei_hdr->length + cb->buf_idx; 139 } 140 141 buffer = cb->buf.data + cb->buf_idx; 142 mei_read_slots(dev, buffer, mei_hdr->length); 143 144 cb->buf_idx += mei_hdr->length; 145 146 if (mei_hdr->msg_complete) { 147 cb->read_time = jiffies; 148 cl_dbg(dev, cl, "completed read length = %lu\n", cb->buf_idx); 149 list_move_tail(&cb->list, &complete_list->list); 150 } 151 152 out: 153 if (!buffer) 154 mei_irq_discard_msg(dev, mei_hdr); 155 156 return 0; 157 } 158 159 /** 160 * mei_cl_irq_disconnect_rsp - send disconnection response message 161 * 162 * @cl: client 163 * @cb: callback block. 164 * @cmpl_list: complete list. 165 * 166 * Return: 0, OK; otherwise, error. 167 */ 168 static int mei_cl_irq_disconnect_rsp(struct mei_cl *cl, struct mei_cl_cb *cb, 169 struct mei_cl_cb *cmpl_list) 170 { 171 struct mei_device *dev = cl->dev; 172 u32 msg_slots; 173 int slots; 174 int ret; 175 176 slots = mei_hbuf_empty_slots(dev); 177 msg_slots = mei_data2slots(sizeof(struct hbm_client_connect_response)); 178 179 if (slots < msg_slots) 180 return -EMSGSIZE; 181 182 ret = mei_hbm_cl_disconnect_rsp(dev, cl); 183 184 cl->state = MEI_FILE_DISCONNECTED; 185 cl->status = 0; 186 mei_io_cb_free(cb); 187 188 return ret; 189 } 190 191 192 193 /** 194 * mei_cl_irq_disconnect - processes close related operation from 195 * interrupt thread context - send disconnect request 196 * 197 * @cl: client 198 * @cb: callback block. 199 * @cmpl_list: complete list. 200 * 201 * Return: 0, OK; otherwise, error. 202 */ 203 static int mei_cl_irq_disconnect(struct mei_cl *cl, struct mei_cl_cb *cb, 204 struct mei_cl_cb *cmpl_list) 205 { 206 struct mei_device *dev = cl->dev; 207 u32 msg_slots; 208 int slots; 209 210 msg_slots = mei_data2slots(sizeof(struct hbm_client_connect_request)); 211 slots = mei_hbuf_empty_slots(dev); 212 213 if (slots < msg_slots) 214 return -EMSGSIZE; 215 216 if (mei_hbm_cl_disconnect_req(dev, cl)) { 217 cl->status = 0; 218 cb->buf_idx = 0; 219 list_move_tail(&cb->list, &cmpl_list->list); 220 return -EIO; 221 } 222 223 cl->state = MEI_FILE_DISCONNECTING; 224 cl->status = 0; 225 cb->buf_idx = 0; 226 list_move_tail(&cb->list, &dev->ctrl_rd_list.list); 227 cl->timer_count = MEI_CONNECT_TIMEOUT; 228 229 return 0; 230 } 231 232 233 /** 234 * mei_cl_irq_read - processes client read related operation from the 235 * interrupt thread context - request for flow control credits 236 * 237 * @cl: client 238 * @cb: callback block. 239 * @cmpl_list: complete list. 240 * 241 * Return: 0, OK; otherwise, error. 242 */ 243 static int mei_cl_irq_read(struct mei_cl *cl, struct mei_cl_cb *cb, 244 struct mei_cl_cb *cmpl_list) 245 { 246 struct mei_device *dev = cl->dev; 247 u32 msg_slots; 248 int slots; 249 int ret; 250 251 msg_slots = mei_data2slots(sizeof(struct hbm_flow_control)); 252 slots = mei_hbuf_empty_slots(dev); 253 254 if (slots < msg_slots) 255 return -EMSGSIZE; 256 257 ret = mei_hbm_cl_flow_control_req(dev, cl); 258 if (ret) { 259 cl->status = ret; 260 cb->buf_idx = 0; 261 list_move_tail(&cb->list, &cmpl_list->list); 262 return ret; 263 } 264 265 list_move_tail(&cb->list, &cl->rd_pending); 266 267 return 0; 268 } 269 270 271 /** 272 * mei_cl_irq_connect - send connect request in irq_thread context 273 * 274 * @cl: client 275 * @cb: callback block. 276 * @cmpl_list: complete list. 277 * 278 * Return: 0, OK; otherwise, error. 279 */ 280 static int mei_cl_irq_connect(struct mei_cl *cl, struct mei_cl_cb *cb, 281 struct mei_cl_cb *cmpl_list) 282 { 283 struct mei_device *dev = cl->dev; 284 u32 msg_slots; 285 int slots; 286 int ret; 287 288 msg_slots = mei_data2slots(sizeof(struct hbm_client_connect_request)); 289 slots = mei_hbuf_empty_slots(dev); 290 291 if (mei_cl_is_other_connecting(cl)) 292 return 0; 293 294 if (slots < msg_slots) 295 return -EMSGSIZE; 296 297 cl->state = MEI_FILE_CONNECTING; 298 299 ret = mei_hbm_cl_connect_req(dev, cl); 300 if (ret) { 301 cl->status = ret; 302 cb->buf_idx = 0; 303 list_del_init(&cb->list); 304 return ret; 305 } 306 307 list_move_tail(&cb->list, &dev->ctrl_rd_list.list); 308 cl->timer_count = MEI_CONNECT_TIMEOUT; 309 return 0; 310 } 311 312 313 /** 314 * mei_irq_read_handler - bottom half read routine after ISR to 315 * handle the read processing. 316 * 317 * @dev: the device structure 318 * @cmpl_list: An instance of our list structure 319 * @slots: slots to read. 320 * 321 * Return: 0 on success, <0 on failure. 322 */ 323 int mei_irq_read_handler(struct mei_device *dev, 324 struct mei_cl_cb *cmpl_list, s32 *slots) 325 { 326 struct mei_msg_hdr *mei_hdr; 327 struct mei_cl *cl; 328 int ret; 329 330 if (!dev->rd_msg_hdr) { 331 dev->rd_msg_hdr = mei_read_hdr(dev); 332 (*slots)--; 333 dev_dbg(dev->dev, "slots =%08x.\n", *slots); 334 } 335 mei_hdr = (struct mei_msg_hdr *) &dev->rd_msg_hdr; 336 dev_dbg(dev->dev, MEI_HDR_FMT, MEI_HDR_PRM(mei_hdr)); 337 338 if (mei_hdr->reserved || !dev->rd_msg_hdr) { 339 dev_err(dev->dev, "corrupted message header 0x%08X\n", 340 dev->rd_msg_hdr); 341 ret = -EBADMSG; 342 goto end; 343 } 344 345 if (mei_slots2data(*slots) < mei_hdr->length) { 346 dev_err(dev->dev, "less data available than length=%08x.\n", 347 *slots); 348 /* we can't read the message */ 349 ret = -ENODATA; 350 goto end; 351 } 352 353 /* HBM message */ 354 if (mei_hdr->host_addr == 0 && mei_hdr->me_addr == 0) { 355 ret = mei_hbm_dispatch(dev, mei_hdr); 356 if (ret) { 357 dev_dbg(dev->dev, "mei_hbm_dispatch failed ret = %d\n", 358 ret); 359 goto end; 360 } 361 goto reset_slots; 362 } 363 364 /* find recipient cl */ 365 list_for_each_entry(cl, &dev->file_list, link) { 366 if (mei_cl_hbm_equal(cl, mei_hdr)) { 367 cl_dbg(dev, cl, "got a message\n"); 368 break; 369 } 370 } 371 372 /* if no recipient cl was found we assume corrupted header */ 373 if (&cl->link == &dev->file_list) { 374 dev_err(dev->dev, "no destination client found 0x%08X\n", 375 dev->rd_msg_hdr); 376 ret = -EBADMSG; 377 goto end; 378 } 379 380 if (cl == &dev->iamthif_cl) { 381 ret = mei_amthif_irq_read_msg(cl, mei_hdr, cmpl_list); 382 } else { 383 ret = mei_cl_irq_read_msg(cl, mei_hdr, cmpl_list); 384 } 385 386 387 reset_slots: 388 /* reset the number of slots and header */ 389 *slots = mei_count_full_read_slots(dev); 390 dev->rd_msg_hdr = 0; 391 392 if (*slots == -EOVERFLOW) { 393 /* overflow - reset */ 394 dev_err(dev->dev, "resetting due to slots overflow.\n"); 395 /* set the event since message has been read */ 396 ret = -ERANGE; 397 goto end; 398 } 399 end: 400 return ret; 401 } 402 EXPORT_SYMBOL_GPL(mei_irq_read_handler); 403 404 405 /** 406 * mei_irq_write_handler - dispatch write requests 407 * after irq received 408 * 409 * @dev: the device structure 410 * @cmpl_list: An instance of our list structure 411 * 412 * Return: 0 on success, <0 on failure. 413 */ 414 int mei_irq_write_handler(struct mei_device *dev, struct mei_cl_cb *cmpl_list) 415 { 416 417 struct mei_cl *cl; 418 struct mei_cl_cb *cb, *next; 419 struct mei_cl_cb *list; 420 s32 slots; 421 int ret; 422 423 424 if (!mei_hbuf_acquire(dev)) 425 return 0; 426 427 slots = mei_hbuf_empty_slots(dev); 428 if (slots <= 0) 429 return -EMSGSIZE; 430 431 /* complete all waiting for write CB */ 432 dev_dbg(dev->dev, "complete all waiting for write cb.\n"); 433 434 list = &dev->write_waiting_list; 435 list_for_each_entry_safe(cb, next, &list->list, list) { 436 cl = cb->cl; 437 438 cl->status = 0; 439 cl_dbg(dev, cl, "MEI WRITE COMPLETE\n"); 440 cl->writing_state = MEI_WRITE_COMPLETE; 441 list_move_tail(&cb->list, &cmpl_list->list); 442 } 443 444 if (dev->wd_state == MEI_WD_STOPPING) { 445 dev->wd_state = MEI_WD_IDLE; 446 wake_up(&dev->wait_stop_wd); 447 } 448 449 if (mei_cl_is_connected(&dev->wd_cl)) { 450 if (dev->wd_pending && 451 mei_cl_flow_ctrl_creds(&dev->wd_cl) > 0) { 452 ret = mei_wd_send(dev); 453 if (ret) 454 return ret; 455 dev->wd_pending = false; 456 } 457 } 458 459 /* complete control write list CB */ 460 dev_dbg(dev->dev, "complete control write list cb.\n"); 461 list_for_each_entry_safe(cb, next, &dev->ctrl_wr_list.list, list) { 462 cl = cb->cl; 463 switch (cb->fop_type) { 464 case MEI_FOP_DISCONNECT: 465 /* send disconnect message */ 466 ret = mei_cl_irq_disconnect(cl, cb, cmpl_list); 467 if (ret) 468 return ret; 469 470 break; 471 case MEI_FOP_READ: 472 /* send flow control message */ 473 ret = mei_cl_irq_read(cl, cb, cmpl_list); 474 if (ret) 475 return ret; 476 477 break; 478 case MEI_FOP_CONNECT: 479 /* connect message */ 480 ret = mei_cl_irq_connect(cl, cb, cmpl_list); 481 if (ret) 482 return ret; 483 484 break; 485 case MEI_FOP_DISCONNECT_RSP: 486 /* send disconnect resp */ 487 ret = mei_cl_irq_disconnect_rsp(cl, cb, cmpl_list); 488 if (ret) 489 return ret; 490 break; 491 default: 492 BUG(); 493 } 494 495 } 496 /* complete write list CB */ 497 dev_dbg(dev->dev, "complete write list cb.\n"); 498 list_for_each_entry_safe(cb, next, &dev->write_list.list, list) { 499 cl = cb->cl; 500 if (cl == &dev->iamthif_cl) 501 ret = mei_amthif_irq_write(cl, cb, cmpl_list); 502 else 503 ret = mei_cl_irq_write(cl, cb, cmpl_list); 504 if (ret) 505 return ret; 506 } 507 return 0; 508 } 509 EXPORT_SYMBOL_GPL(mei_irq_write_handler); 510 511 512 513 /** 514 * mei_timer - timer function. 515 * 516 * @work: pointer to the work_struct structure 517 * 518 */ 519 void mei_timer(struct work_struct *work) 520 { 521 unsigned long timeout; 522 struct mei_cl *cl; 523 524 struct mei_device *dev = container_of(work, 525 struct mei_device, timer_work.work); 526 527 528 mutex_lock(&dev->device_lock); 529 530 /* Catch interrupt stalls during HBM init handshake */ 531 if (dev->dev_state == MEI_DEV_INIT_CLIENTS && 532 dev->hbm_state != MEI_HBM_IDLE) { 533 534 if (dev->init_clients_timer) { 535 if (--dev->init_clients_timer == 0) { 536 dev_err(dev->dev, "timer: init clients timeout hbm_state = %d.\n", 537 dev->hbm_state); 538 mei_reset(dev); 539 goto out; 540 } 541 } 542 } 543 544 if (dev->dev_state != MEI_DEV_ENABLED) 545 goto out; 546 547 /*** connect/disconnect timeouts ***/ 548 list_for_each_entry(cl, &dev->file_list, link) { 549 if (cl->timer_count) { 550 if (--cl->timer_count == 0) { 551 dev_err(dev->dev, "timer: connect/disconnect timeout.\n"); 552 mei_reset(dev); 553 goto out; 554 } 555 } 556 } 557 558 if (!mei_cl_is_connected(&dev->iamthif_cl)) 559 goto out; 560 561 if (dev->iamthif_stall_timer) { 562 if (--dev->iamthif_stall_timer == 0) { 563 dev_err(dev->dev, "timer: amthif hanged.\n"); 564 mei_reset(dev); 565 dev->iamthif_canceled = false; 566 dev->iamthif_state = MEI_IAMTHIF_IDLE; 567 dev->iamthif_timer = 0; 568 569 mei_io_cb_free(dev->iamthif_current_cb); 570 dev->iamthif_current_cb = NULL; 571 572 dev->iamthif_file_object = NULL; 573 mei_amthif_run_next_cmd(dev); 574 } 575 } 576 577 if (dev->iamthif_timer) { 578 579 timeout = dev->iamthif_timer + 580 mei_secs_to_jiffies(MEI_IAMTHIF_READ_TIMER); 581 582 dev_dbg(dev->dev, "dev->iamthif_timer = %ld\n", 583 dev->iamthif_timer); 584 dev_dbg(dev->dev, "timeout = %ld\n", timeout); 585 dev_dbg(dev->dev, "jiffies = %ld\n", jiffies); 586 if (time_after(jiffies, timeout)) { 587 /* 588 * User didn't read the AMTHI data on time (15sec) 589 * freeing AMTHI for other requests 590 */ 591 592 dev_dbg(dev->dev, "freeing AMTHI for other requests\n"); 593 594 mei_io_list_flush(&dev->amthif_rd_complete_list, 595 &dev->iamthif_cl); 596 mei_io_cb_free(dev->iamthif_current_cb); 597 dev->iamthif_current_cb = NULL; 598 599 dev->iamthif_file_object->private_data = NULL; 600 dev->iamthif_file_object = NULL; 601 dev->iamthif_timer = 0; 602 mei_amthif_run_next_cmd(dev); 603 604 } 605 } 606 out: 607 if (dev->dev_state != MEI_DEV_DISABLED) 608 schedule_delayed_work(&dev->timer_work, 2 * HZ); 609 mutex_unlock(&dev->device_lock); 610 } 611