1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright (c) 2003-2020, Intel Corporation. All rights reserved. 4 * Intel Management Engine Interface (Intel MEI) Linux driver 5 */ 6 7 #include <linux/module.h> 8 #include <linux/moduleparam.h> 9 #include <linux/kernel.h> 10 #include <linux/device.h> 11 #include <linux/slab.h> 12 #include <linux/fs.h> 13 #include <linux/errno.h> 14 #include <linux/types.h> 15 #include <linux/fcntl.h> 16 #include <linux/poll.h> 17 #include <linux/init.h> 18 #include <linux/ioctl.h> 19 #include <linux/cdev.h> 20 #include <linux/sched/signal.h> 21 #include <linux/uuid.h> 22 #include <linux/compat.h> 23 #include <linux/jiffies.h> 24 #include <linux/interrupt.h> 25 26 #include <linux/mei.h> 27 28 #include "mei_dev.h" 29 #include "client.h" 30 31 static struct class *mei_class; 32 static dev_t mei_devt; 33 #define MEI_MAX_DEVS MINORMASK 34 static DEFINE_MUTEX(mei_minor_lock); 35 static DEFINE_IDR(mei_idr); 36 37 /** 38 * mei_open - the open function 39 * 40 * @inode: pointer to inode structure 41 * @file: pointer to file structure 42 * 43 * Return: 0 on success, <0 on error 44 */ 45 static int mei_open(struct inode *inode, struct file *file) 46 { 47 struct mei_device *dev; 48 struct mei_cl *cl; 49 50 int err; 51 52 dev = container_of(inode->i_cdev, struct mei_device, cdev); 53 54 mutex_lock(&dev->device_lock); 55 56 if (dev->dev_state != MEI_DEV_ENABLED) { 57 dev_dbg(dev->dev, "dev_state != MEI_ENABLED dev_state = %s\n", 58 mei_dev_state_str(dev->dev_state)); 59 err = -ENODEV; 60 goto err_unlock; 61 } 62 63 cl = mei_cl_alloc_linked(dev); 64 if (IS_ERR(cl)) { 65 err = PTR_ERR(cl); 66 goto err_unlock; 67 } 68 69 cl->fp = file; 70 file->private_data = cl; 71 72 mutex_unlock(&dev->device_lock); 73 74 return nonseekable_open(inode, file); 75 76 err_unlock: 77 mutex_unlock(&dev->device_lock); 78 return err; 79 } 80 81 /** 82 * mei_cl_vtag_remove_by_fp - remove vtag that corresponds to fp from list 83 * 84 * @cl: host client 85 * @fp: pointer to file structure 86 * 87 */ 88 static void mei_cl_vtag_remove_by_fp(const struct mei_cl *cl, 89 const struct file *fp) 90 { 91 struct mei_cl_vtag *vtag_l, *next; 92 93 list_for_each_entry_safe(vtag_l, next, &cl->vtag_map, list) { 94 if (vtag_l->fp == fp) { 95 list_del(&vtag_l->list); 96 kfree(vtag_l); 97 return; 98 } 99 } 100 } 101 102 /** 103 * mei_release - the release function 104 * 105 * @inode: pointer to inode structure 106 * @file: pointer to file structure 107 * 108 * Return: 0 on success, <0 on error 109 */ 110 static int mei_release(struct inode *inode, struct file *file) 111 { 112 struct mei_cl *cl = file->private_data; 113 struct mei_device *dev; 114 int rets; 115 116 if (WARN_ON(!cl || !cl->dev)) 117 return -ENODEV; 118 119 dev = cl->dev; 120 121 mutex_lock(&dev->device_lock); 122 123 mei_cl_vtag_remove_by_fp(cl, file); 124 125 if (!list_empty(&cl->vtag_map)) { 126 cl_dbg(dev, cl, "not the last vtag\n"); 127 mei_cl_flush_queues(cl, file); 128 rets = 0; 129 goto out; 130 } 131 132 rets = mei_cl_disconnect(cl); 133 /* 134 * Check again: This is necessary since disconnect releases the lock 135 * and another client can connect in the meantime. 136 */ 137 if (!list_empty(&cl->vtag_map)) { 138 cl_dbg(dev, cl, "not the last vtag after disconnect\n"); 139 mei_cl_flush_queues(cl, file); 140 goto out; 141 } 142 143 mei_cl_flush_queues(cl, NULL); 144 cl_dbg(dev, cl, "removing\n"); 145 146 mei_cl_unlink(cl); 147 kfree(cl); 148 149 out: 150 file->private_data = NULL; 151 152 mutex_unlock(&dev->device_lock); 153 return rets; 154 } 155 156 157 /** 158 * mei_read - the read function. 159 * 160 * @file: pointer to file structure 161 * @ubuf: pointer to user buffer 162 * @length: buffer length 163 * @offset: data offset in buffer 164 * 165 * Return: >=0 data length on success , <0 on error 166 */ 167 static ssize_t mei_read(struct file *file, char __user *ubuf, 168 size_t length, loff_t *offset) 169 { 170 struct mei_cl *cl = file->private_data; 171 struct mei_device *dev; 172 struct mei_cl_cb *cb = NULL; 173 bool nonblock = !!(file->f_flags & O_NONBLOCK); 174 ssize_t rets; 175 176 if (WARN_ON(!cl || !cl->dev)) 177 return -ENODEV; 178 179 dev = cl->dev; 180 181 182 mutex_lock(&dev->device_lock); 183 if (dev->dev_state != MEI_DEV_ENABLED) { 184 rets = -ENODEV; 185 goto out; 186 } 187 188 if (length == 0) { 189 rets = 0; 190 goto out; 191 } 192 193 if (ubuf == NULL) { 194 rets = -EMSGSIZE; 195 goto out; 196 } 197 198 cb = mei_cl_read_cb(cl, file); 199 if (cb) 200 goto copy_buffer; 201 202 if (*offset > 0) 203 *offset = 0; 204 205 rets = mei_cl_read_start(cl, length, file); 206 if (rets && rets != -EBUSY) { 207 cl_dbg(dev, cl, "mei start read failure status = %zd\n", rets); 208 goto out; 209 } 210 211 if (nonblock) { 212 rets = -EAGAIN; 213 goto out; 214 } 215 216 mutex_unlock(&dev->device_lock); 217 if (wait_event_interruptible(cl->rx_wait, 218 mei_cl_read_cb(cl, file) || 219 !mei_cl_is_connected(cl))) { 220 if (signal_pending(current)) 221 return -EINTR; 222 return -ERESTARTSYS; 223 } 224 mutex_lock(&dev->device_lock); 225 226 if (!mei_cl_is_connected(cl)) { 227 rets = -ENODEV; 228 goto out; 229 } 230 231 cb = mei_cl_read_cb(cl, file); 232 if (!cb) { 233 rets = 0; 234 goto out; 235 } 236 237 copy_buffer: 238 /* now copy the data to user space */ 239 if (cb->status) { 240 rets = cb->status; 241 cl_dbg(dev, cl, "read operation failed %zd\n", rets); 242 goto free; 243 } 244 245 cl_dbg(dev, cl, "buf.size = %zu buf.idx = %zu offset = %lld\n", 246 cb->buf.size, cb->buf_idx, *offset); 247 if (*offset >= cb->buf_idx) { 248 rets = 0; 249 goto free; 250 } 251 252 /* length is being truncated to PAGE_SIZE, 253 * however buf_idx may point beyond that */ 254 length = min_t(size_t, length, cb->buf_idx - *offset); 255 256 if (copy_to_user(ubuf, cb->buf.data + *offset, length)) { 257 dev_dbg(dev->dev, "failed to copy data to userland\n"); 258 rets = -EFAULT; 259 goto free; 260 } 261 262 rets = length; 263 *offset += length; 264 /* not all data was read, keep the cb */ 265 if (*offset < cb->buf_idx) 266 goto out; 267 268 free: 269 mei_cl_del_rd_completed(cl, cb); 270 *offset = 0; 271 272 out: 273 cl_dbg(dev, cl, "end mei read rets = %zd\n", rets); 274 mutex_unlock(&dev->device_lock); 275 return rets; 276 } 277 278 /** 279 * mei_cl_vtag_by_fp - obtain the vtag by file pointer 280 * 281 * @cl: host client 282 * @fp: pointer to file structure 283 * 284 * Return: vtag value on success, otherwise 0 285 */ 286 static u8 mei_cl_vtag_by_fp(const struct mei_cl *cl, const struct file *fp) 287 { 288 struct mei_cl_vtag *cl_vtag; 289 290 if (!fp) 291 return 0; 292 293 list_for_each_entry(cl_vtag, &cl->vtag_map, list) 294 if (cl_vtag->fp == fp) 295 return cl_vtag->vtag; 296 return 0; 297 } 298 299 /** 300 * mei_write - the write function. 301 * 302 * @file: pointer to file structure 303 * @ubuf: pointer to user buffer 304 * @length: buffer length 305 * @offset: data offset in buffer 306 * 307 * Return: >=0 data length on success , <0 on error 308 */ 309 static ssize_t mei_write(struct file *file, const char __user *ubuf, 310 size_t length, loff_t *offset) 311 { 312 struct mei_cl *cl = file->private_data; 313 struct mei_cl_cb *cb; 314 struct mei_device *dev; 315 ssize_t rets; 316 317 if (WARN_ON(!cl || !cl->dev)) 318 return -ENODEV; 319 320 dev = cl->dev; 321 322 mutex_lock(&dev->device_lock); 323 324 if (dev->dev_state != MEI_DEV_ENABLED) { 325 rets = -ENODEV; 326 goto out; 327 } 328 329 if (!mei_cl_is_connected(cl)) { 330 cl_err(dev, cl, "is not connected"); 331 rets = -ENODEV; 332 goto out; 333 } 334 335 if (!mei_me_cl_is_active(cl->me_cl)) { 336 rets = -ENOTTY; 337 goto out; 338 } 339 340 if (length > mei_cl_mtu(cl)) { 341 rets = -EFBIG; 342 goto out; 343 } 344 345 if (length == 0) { 346 rets = 0; 347 goto out; 348 } 349 350 while (cl->tx_cb_queued >= dev->tx_queue_limit) { 351 if (file->f_flags & O_NONBLOCK) { 352 rets = -EAGAIN; 353 goto out; 354 } 355 mutex_unlock(&dev->device_lock); 356 rets = wait_event_interruptible(cl->tx_wait, 357 cl->writing_state == MEI_WRITE_COMPLETE || 358 (!mei_cl_is_connected(cl))); 359 mutex_lock(&dev->device_lock); 360 if (rets) { 361 if (signal_pending(current)) 362 rets = -EINTR; 363 goto out; 364 } 365 if (!mei_cl_is_connected(cl)) { 366 rets = -ENODEV; 367 goto out; 368 } 369 } 370 371 cb = mei_cl_alloc_cb(cl, length, MEI_FOP_WRITE, file); 372 if (!cb) { 373 rets = -ENOMEM; 374 goto out; 375 } 376 cb->vtag = mei_cl_vtag_by_fp(cl, file); 377 378 rets = copy_from_user(cb->buf.data, ubuf, length); 379 if (rets) { 380 dev_dbg(dev->dev, "failed to copy data from userland\n"); 381 rets = -EFAULT; 382 mei_io_cb_free(cb); 383 goto out; 384 } 385 386 rets = mei_cl_write(cl, cb); 387 out: 388 mutex_unlock(&dev->device_lock); 389 return rets; 390 } 391 392 /** 393 * mei_ioctl_connect_client - the connect to fw client IOCTL function 394 * 395 * @file: private data of the file object 396 * @in_client_uuid: requested UUID for connection 397 * @client: IOCTL connect data, output parameters 398 * 399 * Locking: called under "dev->device_lock" lock 400 * 401 * Return: 0 on success, <0 on failure. 402 */ 403 static int mei_ioctl_connect_client(struct file *file, 404 const uuid_le *in_client_uuid, 405 struct mei_client *client) 406 { 407 struct mei_device *dev; 408 struct mei_me_client *me_cl; 409 struct mei_cl *cl; 410 int rets; 411 412 cl = file->private_data; 413 dev = cl->dev; 414 415 if (cl->state != MEI_FILE_INITIALIZING && 416 cl->state != MEI_FILE_DISCONNECTED) 417 return -EBUSY; 418 419 /* find ME client we're trying to connect to */ 420 me_cl = mei_me_cl_by_uuid(dev, in_client_uuid); 421 if (!me_cl) { 422 dev_dbg(dev->dev, "Cannot connect to FW Client UUID = %pUl\n", 423 in_client_uuid); 424 rets = -ENOTTY; 425 goto end; 426 } 427 428 if (me_cl->props.fixed_address) { 429 bool forbidden = dev->override_fixed_address ? 430 !dev->allow_fixed_address : !dev->hbm_f_fa_supported; 431 if (forbidden) { 432 dev_dbg(dev->dev, "Connection forbidden to FW Client UUID = %pUl\n", 433 in_client_uuid); 434 rets = -ENOTTY; 435 goto end; 436 } 437 } 438 439 dev_dbg(dev->dev, "Connect to FW Client ID = %d\n", 440 me_cl->client_id); 441 dev_dbg(dev->dev, "FW Client - Protocol Version = %d\n", 442 me_cl->props.protocol_version); 443 dev_dbg(dev->dev, "FW Client - Max Msg Len = %d\n", 444 me_cl->props.max_msg_length); 445 446 /* prepare the output buffer */ 447 client->max_msg_length = me_cl->props.max_msg_length; 448 client->protocol_version = me_cl->props.protocol_version; 449 dev_dbg(dev->dev, "Can connect?\n"); 450 451 rets = mei_cl_connect(cl, me_cl, file); 452 453 end: 454 mei_me_cl_put(me_cl); 455 return rets; 456 } 457 458 /** 459 * mei_vt_support_check - check if client support vtags 460 * 461 * Locking: called under "dev->device_lock" lock 462 * 463 * @dev: mei_device 464 * @uuid: client UUID 465 * 466 * Return: 467 * 0 - supported 468 * -ENOTTY - no such client 469 * -EOPNOTSUPP - vtags are not supported by client 470 */ 471 static int mei_vt_support_check(struct mei_device *dev, const uuid_le *uuid) 472 { 473 struct mei_me_client *me_cl; 474 int ret; 475 476 if (!dev->hbm_f_vt_supported) 477 return -EOPNOTSUPP; 478 479 me_cl = mei_me_cl_by_uuid(dev, uuid); 480 if (!me_cl) { 481 dev_dbg(dev->dev, "Cannot connect to FW Client UUID = %pUl\n", 482 uuid); 483 return -ENOTTY; 484 } 485 ret = me_cl->props.vt_supported ? 0 : -EOPNOTSUPP; 486 mei_me_cl_put(me_cl); 487 488 return ret; 489 } 490 491 /** 492 * mei_ioctl_connect_vtag - connect to fw client with vtag IOCTL function 493 * 494 * @file: private data of the file object 495 * @in_client_uuid: requested UUID for connection 496 * @client: IOCTL connect data, output parameters 497 * @vtag: vm tag 498 * 499 * Locking: called under "dev->device_lock" lock 500 * 501 * Return: 0 on success, <0 on failure. 502 */ 503 static int mei_ioctl_connect_vtag(struct file *file, 504 const uuid_le *in_client_uuid, 505 struct mei_client *client, 506 u8 vtag) 507 { 508 struct mei_device *dev; 509 struct mei_cl *cl; 510 struct mei_cl *pos; 511 struct mei_cl_vtag *cl_vtag; 512 513 cl = file->private_data; 514 dev = cl->dev; 515 516 dev_dbg(dev->dev, "FW Client %pUl vtag %d\n", in_client_uuid, vtag); 517 518 switch (cl->state) { 519 case MEI_FILE_DISCONNECTED: 520 if (mei_cl_vtag_by_fp(cl, file) != vtag) { 521 dev_err(dev->dev, "reconnect with different vtag\n"); 522 return -EINVAL; 523 } 524 break; 525 case MEI_FILE_INITIALIZING: 526 /* malicious connect from another thread may push vtag */ 527 if (!IS_ERR(mei_cl_fp_by_vtag(cl, vtag))) { 528 dev_err(dev->dev, "vtag already filled\n"); 529 return -EINVAL; 530 } 531 532 list_for_each_entry(pos, &dev->file_list, link) { 533 if (pos == cl) 534 continue; 535 if (!pos->me_cl) 536 continue; 537 538 /* only search for same UUID */ 539 if (uuid_le_cmp(*mei_cl_uuid(pos), *in_client_uuid)) 540 continue; 541 542 /* if tag already exist try another fp */ 543 if (!IS_ERR(mei_cl_fp_by_vtag(pos, vtag))) 544 continue; 545 546 /* replace cl with acquired one */ 547 dev_dbg(dev->dev, "replacing with existing cl\n"); 548 mei_cl_unlink(cl); 549 kfree(cl); 550 file->private_data = pos; 551 cl = pos; 552 break; 553 } 554 555 cl_vtag = mei_cl_vtag_alloc(file, vtag); 556 if (IS_ERR(cl_vtag)) 557 return -ENOMEM; 558 559 list_add_tail(&cl_vtag->list, &cl->vtag_map); 560 break; 561 default: 562 return -EBUSY; 563 } 564 565 while (cl->state != MEI_FILE_INITIALIZING && 566 cl->state != MEI_FILE_DISCONNECTED && 567 cl->state != MEI_FILE_CONNECTED) { 568 mutex_unlock(&dev->device_lock); 569 wait_event_timeout(cl->wait, 570 (cl->state == MEI_FILE_CONNECTED || 571 cl->state == MEI_FILE_DISCONNECTED || 572 cl->state == MEI_FILE_DISCONNECT_REQUIRED || 573 cl->state == MEI_FILE_DISCONNECT_REPLY), 574 mei_secs_to_jiffies(MEI_CL_CONNECT_TIMEOUT)); 575 mutex_lock(&dev->device_lock); 576 } 577 578 if (!mei_cl_is_connected(cl)) 579 return mei_ioctl_connect_client(file, in_client_uuid, client); 580 581 client->max_msg_length = cl->me_cl->props.max_msg_length; 582 client->protocol_version = cl->me_cl->props.protocol_version; 583 584 return 0; 585 } 586 587 /** 588 * mei_ioctl_client_notify_request - 589 * propagate event notification request to client 590 * 591 * @file: pointer to file structure 592 * @request: 0 - disable, 1 - enable 593 * 594 * Return: 0 on success , <0 on error 595 */ 596 static int mei_ioctl_client_notify_request(const struct file *file, u32 request) 597 { 598 struct mei_cl *cl = file->private_data; 599 600 if (request != MEI_HBM_NOTIFICATION_START && 601 request != MEI_HBM_NOTIFICATION_STOP) 602 return -EINVAL; 603 604 return mei_cl_notify_request(cl, file, (u8)request); 605 } 606 607 /** 608 * mei_ioctl_client_notify_get - wait for notification request 609 * 610 * @file: pointer to file structure 611 * @notify_get: 0 - disable, 1 - enable 612 * 613 * Return: 0 on success , <0 on error 614 */ 615 static int mei_ioctl_client_notify_get(const struct file *file, u32 *notify_get) 616 { 617 struct mei_cl *cl = file->private_data; 618 bool notify_ev; 619 bool block = (file->f_flags & O_NONBLOCK) == 0; 620 int rets; 621 622 rets = mei_cl_notify_get(cl, block, ¬ify_ev); 623 if (rets) 624 return rets; 625 626 *notify_get = notify_ev ? 1 : 0; 627 return 0; 628 } 629 630 /** 631 * mei_ioctl - the IOCTL function 632 * 633 * @file: pointer to file structure 634 * @cmd: ioctl command 635 * @data: pointer to mei message structure 636 * 637 * Return: 0 on success , <0 on error 638 */ 639 static long mei_ioctl(struct file *file, unsigned int cmd, unsigned long data) 640 { 641 struct mei_device *dev; 642 struct mei_cl *cl = file->private_data; 643 struct mei_connect_client_data conn; 644 struct mei_connect_client_data_vtag conn_vtag; 645 const uuid_le *cl_uuid; 646 struct mei_client *props; 647 u8 vtag; 648 u32 notify_get, notify_req; 649 int rets; 650 651 652 if (WARN_ON(!cl || !cl->dev)) 653 return -ENODEV; 654 655 dev = cl->dev; 656 657 dev_dbg(dev->dev, "IOCTL cmd = 0x%x", cmd); 658 659 mutex_lock(&dev->device_lock); 660 if (dev->dev_state != MEI_DEV_ENABLED) { 661 rets = -ENODEV; 662 goto out; 663 } 664 665 switch (cmd) { 666 case IOCTL_MEI_CONNECT_CLIENT: 667 dev_dbg(dev->dev, ": IOCTL_MEI_CONNECT_CLIENT.\n"); 668 if (copy_from_user(&conn, (char __user *)data, sizeof(conn))) { 669 dev_dbg(dev->dev, "failed to copy data from userland\n"); 670 rets = -EFAULT; 671 goto out; 672 } 673 cl_uuid = &conn.in_client_uuid; 674 props = &conn.out_client_properties; 675 vtag = 0; 676 677 rets = mei_vt_support_check(dev, cl_uuid); 678 if (rets == -ENOTTY) 679 goto out; 680 if (!rets) 681 rets = mei_ioctl_connect_vtag(file, cl_uuid, props, 682 vtag); 683 else 684 rets = mei_ioctl_connect_client(file, cl_uuid, props); 685 if (rets) 686 goto out; 687 688 /* if all is ok, copying the data back to user. */ 689 if (copy_to_user((char __user *)data, &conn, sizeof(conn))) { 690 dev_dbg(dev->dev, "failed to copy data to userland\n"); 691 rets = -EFAULT; 692 goto out; 693 } 694 695 break; 696 697 case IOCTL_MEI_CONNECT_CLIENT_VTAG: 698 dev_dbg(dev->dev, "IOCTL_MEI_CONNECT_CLIENT_VTAG\n"); 699 if (copy_from_user(&conn_vtag, (char __user *)data, 700 sizeof(conn_vtag))) { 701 dev_dbg(dev->dev, "failed to copy data from userland\n"); 702 rets = -EFAULT; 703 goto out; 704 } 705 706 cl_uuid = &conn_vtag.connect.in_client_uuid; 707 props = &conn_vtag.out_client_properties; 708 vtag = conn_vtag.connect.vtag; 709 710 rets = mei_vt_support_check(dev, cl_uuid); 711 if (rets == -EOPNOTSUPP) 712 dev_dbg(dev->dev, "FW Client %pUl does not support vtags\n", 713 cl_uuid); 714 if (rets) 715 goto out; 716 717 if (!vtag) { 718 dev_dbg(dev->dev, "vtag can't be zero\n"); 719 rets = -EINVAL; 720 goto out; 721 } 722 723 rets = mei_ioctl_connect_vtag(file, cl_uuid, props, vtag); 724 if (rets) 725 goto out; 726 727 /* if all is ok, copying the data back to user. */ 728 if (copy_to_user((char __user *)data, &conn_vtag, 729 sizeof(conn_vtag))) { 730 dev_dbg(dev->dev, "failed to copy data to userland\n"); 731 rets = -EFAULT; 732 goto out; 733 } 734 735 break; 736 737 case IOCTL_MEI_NOTIFY_SET: 738 dev_dbg(dev->dev, ": IOCTL_MEI_NOTIFY_SET.\n"); 739 if (copy_from_user(¬ify_req, 740 (char __user *)data, sizeof(notify_req))) { 741 dev_dbg(dev->dev, "failed to copy data from userland\n"); 742 rets = -EFAULT; 743 goto out; 744 } 745 rets = mei_ioctl_client_notify_request(file, notify_req); 746 break; 747 748 case IOCTL_MEI_NOTIFY_GET: 749 dev_dbg(dev->dev, ": IOCTL_MEI_NOTIFY_GET.\n"); 750 rets = mei_ioctl_client_notify_get(file, ¬ify_get); 751 if (rets) 752 goto out; 753 754 dev_dbg(dev->dev, "copy connect data to user\n"); 755 if (copy_to_user((char __user *)data, 756 ¬ify_get, sizeof(notify_get))) { 757 dev_dbg(dev->dev, "failed to copy data to userland\n"); 758 rets = -EFAULT; 759 goto out; 760 761 } 762 break; 763 764 default: 765 rets = -ENOIOCTLCMD; 766 } 767 768 out: 769 mutex_unlock(&dev->device_lock); 770 return rets; 771 } 772 773 /** 774 * mei_poll - the poll function 775 * 776 * @file: pointer to file structure 777 * @wait: pointer to poll_table structure 778 * 779 * Return: poll mask 780 */ 781 static __poll_t mei_poll(struct file *file, poll_table *wait) 782 { 783 __poll_t req_events = poll_requested_events(wait); 784 struct mei_cl *cl = file->private_data; 785 struct mei_device *dev; 786 __poll_t mask = 0; 787 bool notify_en; 788 789 if (WARN_ON(!cl || !cl->dev)) 790 return EPOLLERR; 791 792 dev = cl->dev; 793 794 mutex_lock(&dev->device_lock); 795 796 notify_en = cl->notify_en && (req_events & EPOLLPRI); 797 798 if (dev->dev_state != MEI_DEV_ENABLED || 799 !mei_cl_is_connected(cl)) { 800 mask = EPOLLERR; 801 goto out; 802 } 803 804 if (notify_en) { 805 poll_wait(file, &cl->ev_wait, wait); 806 if (cl->notify_ev) 807 mask |= EPOLLPRI; 808 } 809 810 if (req_events & (EPOLLIN | EPOLLRDNORM)) { 811 poll_wait(file, &cl->rx_wait, wait); 812 813 if (mei_cl_read_cb(cl, file)) 814 mask |= EPOLLIN | EPOLLRDNORM; 815 else 816 mei_cl_read_start(cl, mei_cl_mtu(cl), file); 817 } 818 819 if (req_events & (EPOLLOUT | EPOLLWRNORM)) { 820 poll_wait(file, &cl->tx_wait, wait); 821 if (cl->tx_cb_queued < dev->tx_queue_limit) 822 mask |= EPOLLOUT | EPOLLWRNORM; 823 } 824 825 out: 826 mutex_unlock(&dev->device_lock); 827 return mask; 828 } 829 830 /** 831 * mei_cl_is_write_queued - check if the client has pending writes. 832 * 833 * @cl: writing host client 834 * 835 * Return: true if client is writing, false otherwise. 836 */ 837 static bool mei_cl_is_write_queued(struct mei_cl *cl) 838 { 839 struct mei_device *dev = cl->dev; 840 struct mei_cl_cb *cb; 841 842 list_for_each_entry(cb, &dev->write_list, list) 843 if (cb->cl == cl) 844 return true; 845 list_for_each_entry(cb, &dev->write_waiting_list, list) 846 if (cb->cl == cl) 847 return true; 848 return false; 849 } 850 851 /** 852 * mei_fsync - the fsync handler 853 * 854 * @fp: pointer to file structure 855 * @start: unused 856 * @end: unused 857 * @datasync: unused 858 * 859 * Return: 0 on success, -ENODEV if client is not connected 860 */ 861 static int mei_fsync(struct file *fp, loff_t start, loff_t end, int datasync) 862 { 863 struct mei_cl *cl = fp->private_data; 864 struct mei_device *dev; 865 int rets; 866 867 if (WARN_ON(!cl || !cl->dev)) 868 return -ENODEV; 869 870 dev = cl->dev; 871 872 mutex_lock(&dev->device_lock); 873 874 if (dev->dev_state != MEI_DEV_ENABLED || !mei_cl_is_connected(cl)) { 875 rets = -ENODEV; 876 goto out; 877 } 878 879 while (mei_cl_is_write_queued(cl)) { 880 mutex_unlock(&dev->device_lock); 881 rets = wait_event_interruptible(cl->tx_wait, 882 cl->writing_state == MEI_WRITE_COMPLETE || 883 !mei_cl_is_connected(cl)); 884 mutex_lock(&dev->device_lock); 885 if (rets) { 886 if (signal_pending(current)) 887 rets = -EINTR; 888 goto out; 889 } 890 if (!mei_cl_is_connected(cl)) { 891 rets = -ENODEV; 892 goto out; 893 } 894 } 895 rets = 0; 896 out: 897 mutex_unlock(&dev->device_lock); 898 return rets; 899 } 900 901 /** 902 * mei_fasync - asynchronous io support 903 * 904 * @fd: file descriptor 905 * @file: pointer to file structure 906 * @band: band bitmap 907 * 908 * Return: negative on error, 909 * 0 if it did no changes, 910 * and positive a process was added or deleted 911 */ 912 static int mei_fasync(int fd, struct file *file, int band) 913 { 914 915 struct mei_cl *cl = file->private_data; 916 917 if (!mei_cl_is_connected(cl)) 918 return -ENODEV; 919 920 return fasync_helper(fd, file, band, &cl->ev_async); 921 } 922 923 /** 924 * trc_show - mei device trc attribute show method 925 * 926 * @device: device pointer 927 * @attr: attribute pointer 928 * @buf: char out buffer 929 * 930 * Return: number of the bytes printed into buf or error 931 */ 932 static ssize_t trc_show(struct device *device, 933 struct device_attribute *attr, char *buf) 934 { 935 struct mei_device *dev = dev_get_drvdata(device); 936 u32 trc; 937 int ret; 938 939 ret = mei_trc_status(dev, &trc); 940 if (ret) 941 return ret; 942 return sprintf(buf, "%08X\n", trc); 943 } 944 static DEVICE_ATTR_RO(trc); 945 946 /** 947 * fw_status_show - mei device fw_status attribute show method 948 * 949 * @device: device pointer 950 * @attr: attribute pointer 951 * @buf: char out buffer 952 * 953 * Return: number of the bytes printed into buf or error 954 */ 955 static ssize_t fw_status_show(struct device *device, 956 struct device_attribute *attr, char *buf) 957 { 958 struct mei_device *dev = dev_get_drvdata(device); 959 struct mei_fw_status fw_status; 960 int err, i; 961 ssize_t cnt = 0; 962 963 mutex_lock(&dev->device_lock); 964 err = mei_fw_status(dev, &fw_status); 965 mutex_unlock(&dev->device_lock); 966 if (err) { 967 dev_err(device, "read fw_status error = %d\n", err); 968 return err; 969 } 970 971 for (i = 0; i < fw_status.count; i++) 972 cnt += scnprintf(buf + cnt, PAGE_SIZE - cnt, "%08X\n", 973 fw_status.status[i]); 974 return cnt; 975 } 976 static DEVICE_ATTR_RO(fw_status); 977 978 /** 979 * hbm_ver_show - display HBM protocol version negotiated with FW 980 * 981 * @device: device pointer 982 * @attr: attribute pointer 983 * @buf: char out buffer 984 * 985 * Return: number of the bytes printed into buf or error 986 */ 987 static ssize_t hbm_ver_show(struct device *device, 988 struct device_attribute *attr, char *buf) 989 { 990 struct mei_device *dev = dev_get_drvdata(device); 991 struct hbm_version ver; 992 993 mutex_lock(&dev->device_lock); 994 ver = dev->version; 995 mutex_unlock(&dev->device_lock); 996 997 return sprintf(buf, "%u.%u\n", ver.major_version, ver.minor_version); 998 } 999 static DEVICE_ATTR_RO(hbm_ver); 1000 1001 /** 1002 * hbm_ver_drv_show - display HBM protocol version advertised by driver 1003 * 1004 * @device: device pointer 1005 * @attr: attribute pointer 1006 * @buf: char out buffer 1007 * 1008 * Return: number of the bytes printed into buf or error 1009 */ 1010 static ssize_t hbm_ver_drv_show(struct device *device, 1011 struct device_attribute *attr, char *buf) 1012 { 1013 return sprintf(buf, "%u.%u\n", HBM_MAJOR_VERSION, HBM_MINOR_VERSION); 1014 } 1015 static DEVICE_ATTR_RO(hbm_ver_drv); 1016 1017 static ssize_t tx_queue_limit_show(struct device *device, 1018 struct device_attribute *attr, char *buf) 1019 { 1020 struct mei_device *dev = dev_get_drvdata(device); 1021 u8 size = 0; 1022 1023 mutex_lock(&dev->device_lock); 1024 size = dev->tx_queue_limit; 1025 mutex_unlock(&dev->device_lock); 1026 1027 return sysfs_emit(buf, "%u\n", size); 1028 } 1029 1030 static ssize_t tx_queue_limit_store(struct device *device, 1031 struct device_attribute *attr, 1032 const char *buf, size_t count) 1033 { 1034 struct mei_device *dev = dev_get_drvdata(device); 1035 u8 limit; 1036 unsigned int inp; 1037 int err; 1038 1039 err = kstrtouint(buf, 10, &inp); 1040 if (err) 1041 return err; 1042 if (inp > MEI_TX_QUEUE_LIMIT_MAX || inp < MEI_TX_QUEUE_LIMIT_MIN) 1043 return -EINVAL; 1044 limit = inp; 1045 1046 mutex_lock(&dev->device_lock); 1047 dev->tx_queue_limit = limit; 1048 mutex_unlock(&dev->device_lock); 1049 1050 return count; 1051 } 1052 static DEVICE_ATTR_RW(tx_queue_limit); 1053 1054 /** 1055 * fw_ver_show - display ME FW version 1056 * 1057 * @device: device pointer 1058 * @attr: attribute pointer 1059 * @buf: char out buffer 1060 * 1061 * Return: number of the bytes printed into buf or error 1062 */ 1063 static ssize_t fw_ver_show(struct device *device, 1064 struct device_attribute *attr, char *buf) 1065 { 1066 struct mei_device *dev = dev_get_drvdata(device); 1067 struct mei_fw_version *ver; 1068 ssize_t cnt = 0; 1069 int i; 1070 1071 ver = dev->fw_ver; 1072 1073 for (i = 0; i < MEI_MAX_FW_VER_BLOCKS; i++) 1074 cnt += scnprintf(buf + cnt, PAGE_SIZE - cnt, "%u:%u.%u.%u.%u\n", 1075 ver[i].platform, ver[i].major, ver[i].minor, 1076 ver[i].hotfix, ver[i].buildno); 1077 return cnt; 1078 } 1079 static DEVICE_ATTR_RO(fw_ver); 1080 1081 /** 1082 * dev_state_show - display device state 1083 * 1084 * @device: device pointer 1085 * @attr: attribute pointer 1086 * @buf: char out buffer 1087 * 1088 * Return: number of the bytes printed into buf or error 1089 */ 1090 static ssize_t dev_state_show(struct device *device, 1091 struct device_attribute *attr, char *buf) 1092 { 1093 struct mei_device *dev = dev_get_drvdata(device); 1094 enum mei_dev_state dev_state; 1095 1096 mutex_lock(&dev->device_lock); 1097 dev_state = dev->dev_state; 1098 mutex_unlock(&dev->device_lock); 1099 1100 return sprintf(buf, "%s", mei_dev_state_str(dev_state)); 1101 } 1102 static DEVICE_ATTR_RO(dev_state); 1103 1104 /** 1105 * mei_set_devstate: set to new device state and notify sysfs file. 1106 * 1107 * @dev: mei_device 1108 * @state: new device state 1109 */ 1110 void mei_set_devstate(struct mei_device *dev, enum mei_dev_state state) 1111 { 1112 struct device *clsdev; 1113 1114 if (dev->dev_state == state) 1115 return; 1116 1117 dev->dev_state = state; 1118 1119 clsdev = class_find_device_by_devt(mei_class, dev->cdev.dev); 1120 if (clsdev) { 1121 sysfs_notify(&clsdev->kobj, NULL, "dev_state"); 1122 put_device(clsdev); 1123 } 1124 } 1125 1126 /** 1127 * kind_show - display device kind 1128 * 1129 * @device: device pointer 1130 * @attr: attribute pointer 1131 * @buf: char out buffer 1132 * 1133 * Return: number of the bytes printed into buf or error 1134 */ 1135 static ssize_t kind_show(struct device *device, 1136 struct device_attribute *attr, char *buf) 1137 { 1138 struct mei_device *dev = dev_get_drvdata(device); 1139 ssize_t ret; 1140 1141 if (dev->kind) 1142 ret = sprintf(buf, "%s\n", dev->kind); 1143 else 1144 ret = sprintf(buf, "%s\n", "mei"); 1145 1146 return ret; 1147 } 1148 static DEVICE_ATTR_RO(kind); 1149 1150 static struct attribute *mei_attrs[] = { 1151 &dev_attr_fw_status.attr, 1152 &dev_attr_hbm_ver.attr, 1153 &dev_attr_hbm_ver_drv.attr, 1154 &dev_attr_tx_queue_limit.attr, 1155 &dev_attr_fw_ver.attr, 1156 &dev_attr_dev_state.attr, 1157 &dev_attr_trc.attr, 1158 &dev_attr_kind.attr, 1159 NULL 1160 }; 1161 ATTRIBUTE_GROUPS(mei); 1162 1163 /* 1164 * file operations structure will be used for mei char device. 1165 */ 1166 static const struct file_operations mei_fops = { 1167 .owner = THIS_MODULE, 1168 .read = mei_read, 1169 .unlocked_ioctl = mei_ioctl, 1170 .compat_ioctl = compat_ptr_ioctl, 1171 .open = mei_open, 1172 .release = mei_release, 1173 .write = mei_write, 1174 .poll = mei_poll, 1175 .fsync = mei_fsync, 1176 .fasync = mei_fasync, 1177 .llseek = no_llseek 1178 }; 1179 1180 /** 1181 * mei_minor_get - obtain next free device minor number 1182 * 1183 * @dev: device pointer 1184 * 1185 * Return: allocated minor, or -ENOSPC if no free minor left 1186 */ 1187 static int mei_minor_get(struct mei_device *dev) 1188 { 1189 int ret; 1190 1191 mutex_lock(&mei_minor_lock); 1192 ret = idr_alloc(&mei_idr, dev, 0, MEI_MAX_DEVS, GFP_KERNEL); 1193 if (ret >= 0) 1194 dev->minor = ret; 1195 else if (ret == -ENOSPC) 1196 dev_err(dev->dev, "too many mei devices\n"); 1197 1198 mutex_unlock(&mei_minor_lock); 1199 return ret; 1200 } 1201 1202 /** 1203 * mei_minor_free - mark device minor number as free 1204 * 1205 * @dev: device pointer 1206 */ 1207 static void mei_minor_free(struct mei_device *dev) 1208 { 1209 mutex_lock(&mei_minor_lock); 1210 idr_remove(&mei_idr, dev->minor); 1211 mutex_unlock(&mei_minor_lock); 1212 } 1213 1214 int mei_register(struct mei_device *dev, struct device *parent) 1215 { 1216 struct device *clsdev; /* class device */ 1217 int ret, devno; 1218 1219 ret = mei_minor_get(dev); 1220 if (ret < 0) 1221 return ret; 1222 1223 /* Fill in the data structures */ 1224 devno = MKDEV(MAJOR(mei_devt), dev->minor); 1225 cdev_init(&dev->cdev, &mei_fops); 1226 dev->cdev.owner = parent->driver->owner; 1227 1228 /* Add the device */ 1229 ret = cdev_add(&dev->cdev, devno, 1); 1230 if (ret) { 1231 dev_err(parent, "unable to add device %d:%d\n", 1232 MAJOR(mei_devt), dev->minor); 1233 goto err_dev_add; 1234 } 1235 1236 clsdev = device_create_with_groups(mei_class, parent, devno, 1237 dev, mei_groups, 1238 "mei%d", dev->minor); 1239 1240 if (IS_ERR(clsdev)) { 1241 dev_err(parent, "unable to create device %d:%d\n", 1242 MAJOR(mei_devt), dev->minor); 1243 ret = PTR_ERR(clsdev); 1244 goto err_dev_create; 1245 } 1246 1247 mei_dbgfs_register(dev, dev_name(clsdev)); 1248 1249 return 0; 1250 1251 err_dev_create: 1252 cdev_del(&dev->cdev); 1253 err_dev_add: 1254 mei_minor_free(dev); 1255 return ret; 1256 } 1257 EXPORT_SYMBOL_GPL(mei_register); 1258 1259 void mei_deregister(struct mei_device *dev) 1260 { 1261 int devno; 1262 1263 devno = dev->cdev.dev; 1264 cdev_del(&dev->cdev); 1265 1266 mei_dbgfs_deregister(dev); 1267 1268 device_destroy(mei_class, devno); 1269 1270 mei_minor_free(dev); 1271 } 1272 EXPORT_SYMBOL_GPL(mei_deregister); 1273 1274 static int __init mei_init(void) 1275 { 1276 int ret; 1277 1278 mei_class = class_create(THIS_MODULE, "mei"); 1279 if (IS_ERR(mei_class)) { 1280 pr_err("couldn't create class\n"); 1281 ret = PTR_ERR(mei_class); 1282 goto err; 1283 } 1284 1285 ret = alloc_chrdev_region(&mei_devt, 0, MEI_MAX_DEVS, "mei"); 1286 if (ret < 0) { 1287 pr_err("unable to allocate char dev region\n"); 1288 goto err_class; 1289 } 1290 1291 ret = mei_cl_bus_init(); 1292 if (ret < 0) { 1293 pr_err("unable to initialize bus\n"); 1294 goto err_chrdev; 1295 } 1296 1297 return 0; 1298 1299 err_chrdev: 1300 unregister_chrdev_region(mei_devt, MEI_MAX_DEVS); 1301 err_class: 1302 class_destroy(mei_class); 1303 err: 1304 return ret; 1305 } 1306 1307 static void __exit mei_exit(void) 1308 { 1309 unregister_chrdev_region(mei_devt, MEI_MAX_DEVS); 1310 class_destroy(mei_class); 1311 mei_cl_bus_exit(); 1312 } 1313 1314 module_init(mei_init); 1315 module_exit(mei_exit); 1316 1317 MODULE_AUTHOR("Intel Corporation"); 1318 MODULE_DESCRIPTION("Intel(R) Management Engine Interface"); 1319 MODULE_LICENSE("GPL v2"); 1320 1321