1 /* 2 * 3 * Intel Management Engine Interface (Intel MEI) Linux driver 4 * Copyright (c) 2003-2012, Intel Corporation. 5 * 6 * This program is free software; you can redistribute it and/or modify it 7 * under the terms and conditions of the GNU General Public License, 8 * version 2, as published by the Free Software Foundation. 9 * 10 * This program is distributed in the hope it will be useful, but WITHOUT 11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for 13 * more details. 14 * 15 */ 16 17 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 18 19 #include <linux/module.h> 20 #include <linux/moduleparam.h> 21 #include <linux/kernel.h> 22 #include <linux/device.h> 23 #include <linux/fs.h> 24 #include <linux/errno.h> 25 #include <linux/types.h> 26 #include <linux/fcntl.h> 27 #include <linux/aio.h> 28 #include <linux/pci.h> 29 #include <linux/poll.h> 30 #include <linux/init.h> 31 #include <linux/ioctl.h> 32 #include <linux/cdev.h> 33 #include <linux/sched.h> 34 #include <linux/uuid.h> 35 #include <linux/compat.h> 36 #include <linux/jiffies.h> 37 #include <linux/interrupt.h> 38 #include <linux/miscdevice.h> 39 40 #include <linux/mei.h> 41 42 #include "mei_dev.h" 43 #include "hw-me.h" 44 #include "client.h" 45 46 /** 47 * mei_open - the open function 48 * 49 * @inode: pointer to inode structure 50 * @file: pointer to file structure 51 e 52 * returns 0 on success, <0 on error 53 */ 54 static int mei_open(struct inode *inode, struct file *file) 55 { 56 struct miscdevice *misc = file->private_data; 57 struct pci_dev *pdev; 58 struct mei_cl *cl; 59 struct mei_device *dev; 60 61 int err; 62 63 if (!misc->parent) 64 return -ENODEV; 65 66 pdev = container_of(misc->parent, struct pci_dev, dev); 67 68 dev = pci_get_drvdata(pdev); 69 if (!dev) 70 return -ENODEV; 71 72 mutex_lock(&dev->device_lock); 73 74 cl = NULL; 75 76 err = -ENODEV; 77 if (dev->dev_state != MEI_DEV_ENABLED) { 78 dev_dbg(&dev->pdev->dev, "dev_state != MEI_ENABLED dev_state = %s\n", 79 mei_dev_state_str(dev->dev_state)); 80 goto err_unlock; 81 } 82 83 err = -ENOMEM; 84 cl = mei_cl_allocate(dev); 85 if (!cl) 86 goto err_unlock; 87 88 /* open_handle_count check is handled in the mei_cl_link */ 89 err = mei_cl_link(cl, MEI_HOST_CLIENT_ID_ANY); 90 if (err) 91 goto err_unlock; 92 93 file->private_data = cl; 94 95 mutex_unlock(&dev->device_lock); 96 97 return nonseekable_open(inode, file); 98 99 err_unlock: 100 mutex_unlock(&dev->device_lock); 101 kfree(cl); 102 return err; 103 } 104 105 /** 106 * mei_release - the release function 107 * 108 * @inode: pointer to inode structure 109 * @file: pointer to file structure 110 * 111 * returns 0 on success, <0 on error 112 */ 113 static int mei_release(struct inode *inode, struct file *file) 114 { 115 struct mei_cl *cl = file->private_data; 116 struct mei_cl_cb *cb; 117 struct mei_device *dev; 118 int rets = 0; 119 120 if (WARN_ON(!cl || !cl->dev)) 121 return -ENODEV; 122 123 dev = cl->dev; 124 125 mutex_lock(&dev->device_lock); 126 if (cl == &dev->iamthif_cl) { 127 rets = mei_amthif_release(dev, file); 128 goto out; 129 } 130 if (cl->state == MEI_FILE_CONNECTED) { 131 cl->state = MEI_FILE_DISCONNECTING; 132 dev_dbg(&dev->pdev->dev, 133 "disconnecting client host client = %d, " 134 "ME client = %d\n", 135 cl->host_client_id, 136 cl->me_client_id); 137 rets = mei_cl_disconnect(cl); 138 } 139 mei_cl_flush_queues(cl); 140 dev_dbg(&dev->pdev->dev, "remove client host client = %d, ME client = %d\n", 141 cl->host_client_id, 142 cl->me_client_id); 143 144 mei_cl_unlink(cl); 145 146 147 /* free read cb */ 148 cb = NULL; 149 if (cl->read_cb) { 150 cb = mei_cl_find_read_cb(cl); 151 /* Remove entry from read list */ 152 if (cb) 153 list_del(&cb->list); 154 155 cb = cl->read_cb; 156 cl->read_cb = NULL; 157 } 158 159 file->private_data = NULL; 160 161 mei_io_cb_free(cb); 162 163 kfree(cl); 164 out: 165 mutex_unlock(&dev->device_lock); 166 return rets; 167 } 168 169 170 /** 171 * mei_read - the read function. 172 * 173 * @file: pointer to file structure 174 * @ubuf: pointer to user buffer 175 * @length: buffer length 176 * @offset: data offset in buffer 177 * 178 * returns >=0 data length on success , <0 on error 179 */ 180 static ssize_t mei_read(struct file *file, char __user *ubuf, 181 size_t length, loff_t *offset) 182 { 183 struct mei_cl *cl = file->private_data; 184 struct mei_cl_cb *cb_pos = NULL; 185 struct mei_cl_cb *cb = NULL; 186 struct mei_device *dev; 187 int rets; 188 int err; 189 190 191 if (WARN_ON(!cl || !cl->dev)) 192 return -ENODEV; 193 194 dev = cl->dev; 195 196 197 mutex_lock(&dev->device_lock); 198 if (dev->dev_state != MEI_DEV_ENABLED) { 199 rets = -ENODEV; 200 goto out; 201 } 202 203 if (length == 0) { 204 rets = 0; 205 goto out; 206 } 207 208 if (cl == &dev->iamthif_cl) { 209 rets = mei_amthif_read(dev, file, ubuf, length, offset); 210 goto out; 211 } 212 213 if (cl->read_cb) { 214 cb = cl->read_cb; 215 /* read what left */ 216 if (cb->buf_idx > *offset) 217 goto copy_buffer; 218 /* offset is beyond buf_idx we have no more data return 0 */ 219 if (cb->buf_idx > 0 && cb->buf_idx <= *offset) { 220 rets = 0; 221 goto free; 222 } 223 /* Offset needs to be cleaned for contiguous reads*/ 224 if (cb->buf_idx == 0 && *offset > 0) 225 *offset = 0; 226 } else if (*offset > 0) { 227 *offset = 0; 228 } 229 230 err = mei_cl_read_start(cl, length); 231 if (err && err != -EBUSY) { 232 dev_dbg(&dev->pdev->dev, 233 "mei start read failure with status = %d\n", err); 234 rets = err; 235 goto out; 236 } 237 238 if (MEI_READ_COMPLETE != cl->reading_state && 239 !waitqueue_active(&cl->rx_wait)) { 240 if (file->f_flags & O_NONBLOCK) { 241 rets = -EAGAIN; 242 goto out; 243 } 244 245 mutex_unlock(&dev->device_lock); 246 247 if (wait_event_interruptible(cl->rx_wait, 248 MEI_READ_COMPLETE == cl->reading_state || 249 mei_cl_is_transitioning(cl))) { 250 251 if (signal_pending(current)) 252 return -EINTR; 253 return -ERESTARTSYS; 254 } 255 256 mutex_lock(&dev->device_lock); 257 if (mei_cl_is_transitioning(cl)) { 258 rets = -EBUSY; 259 goto out; 260 } 261 } 262 263 cb = cl->read_cb; 264 265 if (!cb) { 266 rets = -ENODEV; 267 goto out; 268 } 269 if (cl->reading_state != MEI_READ_COMPLETE) { 270 rets = 0; 271 goto out; 272 } 273 /* now copy the data to user space */ 274 copy_buffer: 275 dev_dbg(&dev->pdev->dev, "buf.size = %d buf.idx= %ld\n", 276 cb->response_buffer.size, cb->buf_idx); 277 if (length == 0 || ubuf == NULL || *offset > cb->buf_idx) { 278 rets = -EMSGSIZE; 279 goto free; 280 } 281 282 /* length is being truncated to PAGE_SIZE, 283 * however buf_idx may point beyond that */ 284 length = min_t(size_t, length, cb->buf_idx - *offset); 285 286 if (copy_to_user(ubuf, cb->response_buffer.data + *offset, length)) { 287 rets = -EFAULT; 288 goto free; 289 } 290 291 rets = length; 292 *offset += length; 293 if ((unsigned long)*offset < cb->buf_idx) 294 goto out; 295 296 free: 297 cb_pos = mei_cl_find_read_cb(cl); 298 /* Remove entry from read list */ 299 if (cb_pos) 300 list_del(&cb_pos->list); 301 mei_io_cb_free(cb); 302 cl->reading_state = MEI_IDLE; 303 cl->read_cb = NULL; 304 out: 305 dev_dbg(&dev->pdev->dev, "end mei read rets= %d\n", rets); 306 mutex_unlock(&dev->device_lock); 307 return rets; 308 } 309 /** 310 * mei_write - the write function. 311 * 312 * @file: pointer to file structure 313 * @ubuf: pointer to user buffer 314 * @length: buffer length 315 * @offset: data offset in buffer 316 * 317 * returns >=0 data length on success , <0 on error 318 */ 319 static ssize_t mei_write(struct file *file, const char __user *ubuf, 320 size_t length, loff_t *offset) 321 { 322 struct mei_cl *cl = file->private_data; 323 struct mei_cl_cb *write_cb = NULL; 324 struct mei_device *dev; 325 unsigned long timeout = 0; 326 int rets; 327 int id; 328 329 if (WARN_ON(!cl || !cl->dev)) 330 return -ENODEV; 331 332 dev = cl->dev; 333 334 mutex_lock(&dev->device_lock); 335 336 if (dev->dev_state != MEI_DEV_ENABLED) { 337 rets = -ENODEV; 338 goto out; 339 } 340 341 id = mei_me_cl_by_id(dev, cl->me_client_id); 342 if (id < 0) { 343 rets = -ENODEV; 344 goto out; 345 } 346 347 if (length == 0) { 348 rets = 0; 349 goto out; 350 } 351 352 if (length > dev->me_clients[id].props.max_msg_length) { 353 rets = -EFBIG; 354 goto out; 355 } 356 357 if (cl->state != MEI_FILE_CONNECTED) { 358 dev_err(&dev->pdev->dev, "host client = %d, is not connected to ME client = %d", 359 cl->host_client_id, cl->me_client_id); 360 rets = -ENODEV; 361 goto out; 362 } 363 if (cl == &dev->iamthif_cl) { 364 write_cb = mei_amthif_find_read_list_entry(dev, file); 365 366 if (write_cb) { 367 timeout = write_cb->read_time + 368 mei_secs_to_jiffies(MEI_IAMTHIF_READ_TIMER); 369 370 if (time_after(jiffies, timeout) || 371 cl->reading_state == MEI_READ_COMPLETE) { 372 *offset = 0; 373 list_del(&write_cb->list); 374 mei_io_cb_free(write_cb); 375 write_cb = NULL; 376 } 377 } 378 } 379 380 /* free entry used in read */ 381 if (cl->reading_state == MEI_READ_COMPLETE) { 382 *offset = 0; 383 write_cb = mei_cl_find_read_cb(cl); 384 if (write_cb) { 385 list_del(&write_cb->list); 386 mei_io_cb_free(write_cb); 387 write_cb = NULL; 388 cl->reading_state = MEI_IDLE; 389 cl->read_cb = NULL; 390 } 391 } else if (cl->reading_state == MEI_IDLE) 392 *offset = 0; 393 394 395 write_cb = mei_io_cb_init(cl, file); 396 if (!write_cb) { 397 dev_err(&dev->pdev->dev, "write cb allocation failed\n"); 398 rets = -ENOMEM; 399 goto out; 400 } 401 rets = mei_io_cb_alloc_req_buf(write_cb, length); 402 if (rets) 403 goto out; 404 405 rets = copy_from_user(write_cb->request_buffer.data, ubuf, length); 406 if (rets) { 407 dev_err(&dev->pdev->dev, "failed to copy data from userland\n"); 408 rets = -EFAULT; 409 goto out; 410 } 411 412 if (cl == &dev->iamthif_cl) { 413 rets = mei_amthif_write(dev, write_cb); 414 415 if (rets) { 416 dev_err(&dev->pdev->dev, 417 "amthif write failed with status = %d\n", rets); 418 goto out; 419 } 420 mutex_unlock(&dev->device_lock); 421 return length; 422 } 423 424 rets = mei_cl_write(cl, write_cb, false); 425 out: 426 mutex_unlock(&dev->device_lock); 427 if (rets < 0) 428 mei_io_cb_free(write_cb); 429 return rets; 430 } 431 432 /** 433 * mei_ioctl_connect_client - the connect to fw client IOCTL function 434 * 435 * @dev: the device structure 436 * @data: IOCTL connect data, input and output parameters 437 * @file: private data of the file object 438 * 439 * Locking: called under "dev->device_lock" lock 440 * 441 * returns 0 on success, <0 on failure. 442 */ 443 static int mei_ioctl_connect_client(struct file *file, 444 struct mei_connect_client_data *data) 445 { 446 struct mei_device *dev; 447 struct mei_client *client; 448 struct mei_cl *cl; 449 int i; 450 int rets; 451 452 cl = file->private_data; 453 if (WARN_ON(!cl || !cl->dev)) 454 return -ENODEV; 455 456 dev = cl->dev; 457 458 if (dev->dev_state != MEI_DEV_ENABLED) { 459 rets = -ENODEV; 460 goto end; 461 } 462 463 if (cl->state != MEI_FILE_INITIALIZING && 464 cl->state != MEI_FILE_DISCONNECTED) { 465 rets = -EBUSY; 466 goto end; 467 } 468 469 /* find ME client we're trying to connect to */ 470 i = mei_me_cl_by_uuid(dev, &data->in_client_uuid); 471 if (i < 0 || dev->me_clients[i].props.fixed_address) { 472 dev_dbg(&dev->pdev->dev, "Cannot connect to FW Client UUID = %pUl\n", 473 &data->in_client_uuid); 474 rets = -ENODEV; 475 goto end; 476 } 477 478 cl->me_client_id = dev->me_clients[i].client_id; 479 cl->state = MEI_FILE_CONNECTING; 480 481 dev_dbg(&dev->pdev->dev, "Connect to FW Client ID = %d\n", 482 cl->me_client_id); 483 dev_dbg(&dev->pdev->dev, "FW Client - Protocol Version = %d\n", 484 dev->me_clients[i].props.protocol_version); 485 dev_dbg(&dev->pdev->dev, "FW Client - Max Msg Len = %d\n", 486 dev->me_clients[i].props.max_msg_length); 487 488 /* if we're connecting to amthif client then we will use the 489 * existing connection 490 */ 491 if (uuid_le_cmp(data->in_client_uuid, mei_amthif_guid) == 0) { 492 dev_dbg(&dev->pdev->dev, "FW Client is amthi\n"); 493 if (dev->iamthif_cl.state != MEI_FILE_CONNECTED) { 494 rets = -ENODEV; 495 goto end; 496 } 497 mei_cl_unlink(cl); 498 499 kfree(cl); 500 cl = NULL; 501 dev->iamthif_open_count++; 502 file->private_data = &dev->iamthif_cl; 503 504 client = &data->out_client_properties; 505 client->max_msg_length = 506 dev->me_clients[i].props.max_msg_length; 507 client->protocol_version = 508 dev->me_clients[i].props.protocol_version; 509 rets = dev->iamthif_cl.status; 510 511 goto end; 512 } 513 514 515 /* prepare the output buffer */ 516 client = &data->out_client_properties; 517 client->max_msg_length = dev->me_clients[i].props.max_msg_length; 518 client->protocol_version = dev->me_clients[i].props.protocol_version; 519 dev_dbg(&dev->pdev->dev, "Can connect?\n"); 520 521 522 rets = mei_cl_connect(cl, file); 523 524 end: 525 return rets; 526 } 527 528 529 /** 530 * mei_ioctl - the IOCTL function 531 * 532 * @file: pointer to file structure 533 * @cmd: ioctl command 534 * @data: pointer to mei message structure 535 * 536 * returns 0 on success , <0 on error 537 */ 538 static long mei_ioctl(struct file *file, unsigned int cmd, unsigned long data) 539 { 540 struct mei_device *dev; 541 struct mei_cl *cl = file->private_data; 542 struct mei_connect_client_data *connect_data = NULL; 543 int rets; 544 545 if (cmd != IOCTL_MEI_CONNECT_CLIENT) 546 return -EINVAL; 547 548 if (WARN_ON(!cl || !cl->dev)) 549 return -ENODEV; 550 551 dev = cl->dev; 552 553 dev_dbg(&dev->pdev->dev, "IOCTL cmd = 0x%x", cmd); 554 555 mutex_lock(&dev->device_lock); 556 if (dev->dev_state != MEI_DEV_ENABLED) { 557 rets = -ENODEV; 558 goto out; 559 } 560 561 dev_dbg(&dev->pdev->dev, ": IOCTL_MEI_CONNECT_CLIENT.\n"); 562 563 connect_data = kzalloc(sizeof(struct mei_connect_client_data), 564 GFP_KERNEL); 565 if (!connect_data) { 566 rets = -ENOMEM; 567 goto out; 568 } 569 dev_dbg(&dev->pdev->dev, "copy connect data from user\n"); 570 if (copy_from_user(connect_data, (char __user *)data, 571 sizeof(struct mei_connect_client_data))) { 572 dev_err(&dev->pdev->dev, "failed to copy data from userland\n"); 573 rets = -EFAULT; 574 goto out; 575 } 576 577 rets = mei_ioctl_connect_client(file, connect_data); 578 579 /* if all is ok, copying the data back to user. */ 580 if (rets) 581 goto out; 582 583 dev_dbg(&dev->pdev->dev, "copy connect data to user\n"); 584 if (copy_to_user((char __user *)data, connect_data, 585 sizeof(struct mei_connect_client_data))) { 586 dev_dbg(&dev->pdev->dev, "failed to copy data to userland\n"); 587 rets = -EFAULT; 588 goto out; 589 } 590 591 out: 592 kfree(connect_data); 593 mutex_unlock(&dev->device_lock); 594 return rets; 595 } 596 597 /** 598 * mei_compat_ioctl - the compat IOCTL function 599 * 600 * @file: pointer to file structure 601 * @cmd: ioctl command 602 * @data: pointer to mei message structure 603 * 604 * returns 0 on success , <0 on error 605 */ 606 #ifdef CONFIG_COMPAT 607 static long mei_compat_ioctl(struct file *file, 608 unsigned int cmd, unsigned long data) 609 { 610 return mei_ioctl(file, cmd, (unsigned long)compat_ptr(data)); 611 } 612 #endif 613 614 615 /** 616 * mei_poll - the poll function 617 * 618 * @file: pointer to file structure 619 * @wait: pointer to poll_table structure 620 * 621 * returns poll mask 622 */ 623 static unsigned int mei_poll(struct file *file, poll_table *wait) 624 { 625 struct mei_cl *cl = file->private_data; 626 struct mei_device *dev; 627 unsigned int mask = 0; 628 629 if (WARN_ON(!cl || !cl->dev)) 630 return POLLERR; 631 632 dev = cl->dev; 633 634 mutex_lock(&dev->device_lock); 635 636 if (!mei_cl_is_connected(cl)) { 637 mask = POLLERR; 638 goto out; 639 } 640 641 mutex_unlock(&dev->device_lock); 642 643 644 if (cl == &dev->iamthif_cl) 645 return mei_amthif_poll(dev, file, wait); 646 647 poll_wait(file, &cl->tx_wait, wait); 648 649 mutex_lock(&dev->device_lock); 650 651 if (!mei_cl_is_connected(cl)) { 652 mask = POLLERR; 653 goto out; 654 } 655 656 if (MEI_WRITE_COMPLETE == cl->writing_state) 657 mask |= (POLLIN | POLLRDNORM); 658 659 out: 660 mutex_unlock(&dev->device_lock); 661 return mask; 662 } 663 664 /* 665 * file operations structure will be used for mei char device. 666 */ 667 static const struct file_operations mei_fops = { 668 .owner = THIS_MODULE, 669 .read = mei_read, 670 .unlocked_ioctl = mei_ioctl, 671 #ifdef CONFIG_COMPAT 672 .compat_ioctl = mei_compat_ioctl, 673 #endif 674 .open = mei_open, 675 .release = mei_release, 676 .write = mei_write, 677 .poll = mei_poll, 678 .llseek = no_llseek 679 }; 680 681 /* 682 * Misc Device Struct 683 */ 684 static struct miscdevice mei_misc_device = { 685 .name = "mei", 686 .fops = &mei_fops, 687 .minor = MISC_DYNAMIC_MINOR, 688 }; 689 690 691 int mei_register(struct mei_device *dev) 692 { 693 int ret; 694 mei_misc_device.parent = &dev->pdev->dev; 695 ret = misc_register(&mei_misc_device); 696 if (ret) 697 return ret; 698 699 if (mei_dbgfs_register(dev, mei_misc_device.name)) 700 dev_err(&dev->pdev->dev, "cannot register debugfs\n"); 701 702 return 0; 703 } 704 EXPORT_SYMBOL_GPL(mei_register); 705 706 void mei_deregister(struct mei_device *dev) 707 { 708 mei_dbgfs_deregister(dev); 709 misc_deregister(&mei_misc_device); 710 mei_misc_device.parent = NULL; 711 } 712 EXPORT_SYMBOL_GPL(mei_deregister); 713 714 static int __init mei_init(void) 715 { 716 return mei_cl_bus_init(); 717 } 718 719 static void __exit mei_exit(void) 720 { 721 mei_cl_bus_exit(); 722 } 723 724 module_init(mei_init); 725 module_exit(mei_exit); 726 727 MODULE_AUTHOR("Intel Corporation"); 728 MODULE_DESCRIPTION("Intel(R) Management Engine Interface"); 729 MODULE_LICENSE("GPL v2"); 730 731