1 /* 2 * 3 * Intel Management Engine Interface (Intel MEI) Linux driver 4 * Copyright (c) 2003-2012, Intel Corporation. 5 * 6 * This program is free software; you can redistribute it and/or modify it 7 * under the terms and conditions of the GNU General Public License, 8 * version 2, as published by the Free Software Foundation. 9 * 10 * This program is distributed in the hope it will be useful, but WITHOUT 11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for 13 * more details. 14 * 15 */ 16 17 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 18 19 #include <linux/module.h> 20 #include <linux/moduleparam.h> 21 #include <linux/kernel.h> 22 #include <linux/device.h> 23 #include <linux/fs.h> 24 #include <linux/errno.h> 25 #include <linux/types.h> 26 #include <linux/fcntl.h> 27 #include <linux/aio.h> 28 #include <linux/pci.h> 29 #include <linux/poll.h> 30 #include <linux/init.h> 31 #include <linux/ioctl.h> 32 #include <linux/cdev.h> 33 #include <linux/sched.h> 34 #include <linux/uuid.h> 35 #include <linux/compat.h> 36 #include <linux/jiffies.h> 37 #include <linux/interrupt.h> 38 #include <linux/miscdevice.h> 39 40 #include <linux/mei.h> 41 42 #include "mei_dev.h" 43 #include "hw-me.h" 44 #include "client.h" 45 46 /** 47 * mei_open - the open function 48 * 49 * @inode: pointer to inode structure 50 * @file: pointer to file structure 51 e 52 * returns 0 on success, <0 on error 53 */ 54 static int mei_open(struct inode *inode, struct file *file) 55 { 56 struct miscdevice *misc = file->private_data; 57 struct pci_dev *pdev; 58 struct mei_cl *cl; 59 struct mei_device *dev; 60 61 int err; 62 63 err = -ENODEV; 64 if (!misc->parent) 65 goto out; 66 67 pdev = container_of(misc->parent, struct pci_dev, dev); 68 69 dev = pci_get_drvdata(pdev); 70 if (!dev) 71 goto out; 72 73 mutex_lock(&dev->device_lock); 74 err = -ENOMEM; 75 cl = mei_cl_allocate(dev); 76 if (!cl) 77 goto out_unlock; 78 79 err = -ENODEV; 80 if (dev->dev_state != MEI_DEV_ENABLED) { 81 dev_dbg(&dev->pdev->dev, "dev_state != MEI_ENABLED dev_state = %s\n", 82 mei_dev_state_str(dev->dev_state)); 83 goto out_unlock; 84 } 85 err = -EMFILE; 86 if (dev->open_handle_count >= MEI_MAX_OPEN_HANDLE_COUNT) { 87 dev_err(&dev->pdev->dev, "open_handle_count exceded %d", 88 MEI_MAX_OPEN_HANDLE_COUNT); 89 goto out_unlock; 90 } 91 92 err = mei_cl_link(cl, MEI_HOST_CLIENT_ID_ANY); 93 if (err) 94 goto out_unlock; 95 96 file->private_data = cl; 97 mutex_unlock(&dev->device_lock); 98 99 return nonseekable_open(inode, file); 100 101 out_unlock: 102 mutex_unlock(&dev->device_lock); 103 kfree(cl); 104 out: 105 return err; 106 } 107 108 /** 109 * mei_release - the release function 110 * 111 * @inode: pointer to inode structure 112 * @file: pointer to file structure 113 * 114 * returns 0 on success, <0 on error 115 */ 116 static int mei_release(struct inode *inode, struct file *file) 117 { 118 struct mei_cl *cl = file->private_data; 119 struct mei_cl_cb *cb; 120 struct mei_device *dev; 121 int rets = 0; 122 123 if (WARN_ON(!cl || !cl->dev)) 124 return -ENODEV; 125 126 dev = cl->dev; 127 128 mutex_lock(&dev->device_lock); 129 if (cl == &dev->iamthif_cl) { 130 rets = mei_amthif_release(dev, file); 131 goto out; 132 } 133 if (cl->state == MEI_FILE_CONNECTED) { 134 cl->state = MEI_FILE_DISCONNECTING; 135 dev_dbg(&dev->pdev->dev, 136 "disconnecting client host client = %d, " 137 "ME client = %d\n", 138 cl->host_client_id, 139 cl->me_client_id); 140 rets = mei_cl_disconnect(cl); 141 } 142 mei_cl_flush_queues(cl); 143 dev_dbg(&dev->pdev->dev, "remove client host client = %d, ME client = %d\n", 144 cl->host_client_id, 145 cl->me_client_id); 146 147 if (dev->open_handle_count > 0) { 148 clear_bit(cl->host_client_id, dev->host_clients_map); 149 dev->open_handle_count--; 150 } 151 mei_cl_unlink(cl); 152 153 154 /* free read cb */ 155 cb = NULL; 156 if (cl->read_cb) { 157 cb = mei_cl_find_read_cb(cl); 158 /* Remove entry from read list */ 159 if (cb) 160 list_del(&cb->list); 161 162 cb = cl->read_cb; 163 cl->read_cb = NULL; 164 } 165 166 file->private_data = NULL; 167 168 if (cb) { 169 mei_io_cb_free(cb); 170 cb = NULL; 171 } 172 173 kfree(cl); 174 out: 175 mutex_unlock(&dev->device_lock); 176 return rets; 177 } 178 179 180 /** 181 * mei_read - the read function. 182 * 183 * @file: pointer to file structure 184 * @ubuf: pointer to user buffer 185 * @length: buffer length 186 * @offset: data offset in buffer 187 * 188 * returns >=0 data length on success , <0 on error 189 */ 190 static ssize_t mei_read(struct file *file, char __user *ubuf, 191 size_t length, loff_t *offset) 192 { 193 struct mei_cl *cl = file->private_data; 194 struct mei_cl_cb *cb_pos = NULL; 195 struct mei_cl_cb *cb = NULL; 196 struct mei_device *dev; 197 int rets; 198 int err; 199 200 201 if (WARN_ON(!cl || !cl->dev)) 202 return -ENODEV; 203 204 dev = cl->dev; 205 206 mutex_lock(&dev->device_lock); 207 if (dev->dev_state != MEI_DEV_ENABLED) { 208 rets = -ENODEV; 209 goto out; 210 } 211 212 if (cl == &dev->iamthif_cl) { 213 rets = mei_amthif_read(dev, file, ubuf, length, offset); 214 goto out; 215 } 216 217 if (cl->read_cb) { 218 cb = cl->read_cb; 219 /* read what left */ 220 if (cb->buf_idx > *offset) 221 goto copy_buffer; 222 /* offset is beyond buf_idx we have no more data return 0 */ 223 if (cb->buf_idx > 0 && cb->buf_idx <= *offset) { 224 rets = 0; 225 goto free; 226 } 227 /* Offset needs to be cleaned for contiguous reads*/ 228 if (cb->buf_idx == 0 && *offset > 0) 229 *offset = 0; 230 } else if (*offset > 0) { 231 *offset = 0; 232 } 233 234 err = mei_cl_read_start(cl, length); 235 if (err && err != -EBUSY) { 236 dev_dbg(&dev->pdev->dev, 237 "mei start read failure with status = %d\n", err); 238 rets = err; 239 goto out; 240 } 241 242 if (MEI_READ_COMPLETE != cl->reading_state && 243 !waitqueue_active(&cl->rx_wait)) { 244 if (file->f_flags & O_NONBLOCK) { 245 rets = -EAGAIN; 246 goto out; 247 } 248 249 mutex_unlock(&dev->device_lock); 250 251 if (wait_event_interruptible(cl->rx_wait, 252 (MEI_READ_COMPLETE == cl->reading_state || 253 MEI_FILE_INITIALIZING == cl->state || 254 MEI_FILE_DISCONNECTED == cl->state || 255 MEI_FILE_DISCONNECTING == cl->state))) { 256 if (signal_pending(current)) 257 return -EINTR; 258 return -ERESTARTSYS; 259 } 260 261 mutex_lock(&dev->device_lock); 262 if (MEI_FILE_INITIALIZING == cl->state || 263 MEI_FILE_DISCONNECTED == cl->state || 264 MEI_FILE_DISCONNECTING == cl->state) { 265 rets = -EBUSY; 266 goto out; 267 } 268 } 269 270 cb = cl->read_cb; 271 272 if (!cb) { 273 rets = -ENODEV; 274 goto out; 275 } 276 if (cl->reading_state != MEI_READ_COMPLETE) { 277 rets = 0; 278 goto out; 279 } 280 /* now copy the data to user space */ 281 copy_buffer: 282 dev_dbg(&dev->pdev->dev, "buf.size = %d buf.idx= %ld\n", 283 cb->response_buffer.size, cb->buf_idx); 284 if (length == 0 || ubuf == NULL || *offset > cb->buf_idx) { 285 rets = -EMSGSIZE; 286 goto free; 287 } 288 289 /* length is being truncated to PAGE_SIZE, 290 * however buf_idx may point beyond that */ 291 length = min_t(size_t, length, cb->buf_idx - *offset); 292 293 if (copy_to_user(ubuf, cb->response_buffer.data + *offset, length)) { 294 rets = -EFAULT; 295 goto free; 296 } 297 298 rets = length; 299 *offset += length; 300 if ((unsigned long)*offset < cb->buf_idx) 301 goto out; 302 303 free: 304 cb_pos = mei_cl_find_read_cb(cl); 305 /* Remove entry from read list */ 306 if (cb_pos) 307 list_del(&cb_pos->list); 308 mei_io_cb_free(cb); 309 cl->reading_state = MEI_IDLE; 310 cl->read_cb = NULL; 311 out: 312 dev_dbg(&dev->pdev->dev, "end mei read rets= %d\n", rets); 313 mutex_unlock(&dev->device_lock); 314 return rets; 315 } 316 /** 317 * mei_write - the write function. 318 * 319 * @file: pointer to file structure 320 * @ubuf: pointer to user buffer 321 * @length: buffer length 322 * @offset: data offset in buffer 323 * 324 * returns >=0 data length on success , <0 on error 325 */ 326 static ssize_t mei_write(struct file *file, const char __user *ubuf, 327 size_t length, loff_t *offset) 328 { 329 struct mei_cl *cl = file->private_data; 330 struct mei_cl_cb *write_cb = NULL; 331 struct mei_device *dev; 332 unsigned long timeout = 0; 333 int rets; 334 int id; 335 336 if (WARN_ON(!cl || !cl->dev)) 337 return -ENODEV; 338 339 dev = cl->dev; 340 341 mutex_lock(&dev->device_lock); 342 343 if (dev->dev_state != MEI_DEV_ENABLED) { 344 rets = -ENODEV; 345 goto out; 346 } 347 348 id = mei_me_cl_by_id(dev, cl->me_client_id); 349 if (id < 0) { 350 rets = -ENODEV; 351 goto out; 352 } 353 if (length > dev->me_clients[id].props.max_msg_length || length <= 0) { 354 rets = -EMSGSIZE; 355 goto out; 356 } 357 358 if (cl->state != MEI_FILE_CONNECTED) { 359 dev_err(&dev->pdev->dev, "host client = %d, is not connected to ME client = %d", 360 cl->host_client_id, cl->me_client_id); 361 rets = -ENODEV; 362 goto out; 363 } 364 if (cl == &dev->iamthif_cl) { 365 write_cb = mei_amthif_find_read_list_entry(dev, file); 366 367 if (write_cb) { 368 timeout = write_cb->read_time + 369 mei_secs_to_jiffies(MEI_IAMTHIF_READ_TIMER); 370 371 if (time_after(jiffies, timeout) || 372 cl->reading_state == MEI_READ_COMPLETE) { 373 *offset = 0; 374 list_del(&write_cb->list); 375 mei_io_cb_free(write_cb); 376 write_cb = NULL; 377 } 378 } 379 } 380 381 /* free entry used in read */ 382 if (cl->reading_state == MEI_READ_COMPLETE) { 383 *offset = 0; 384 write_cb = mei_cl_find_read_cb(cl); 385 if (write_cb) { 386 list_del(&write_cb->list); 387 mei_io_cb_free(write_cb); 388 write_cb = NULL; 389 cl->reading_state = MEI_IDLE; 390 cl->read_cb = NULL; 391 } 392 } else if (cl->reading_state == MEI_IDLE) 393 *offset = 0; 394 395 396 write_cb = mei_io_cb_init(cl, file); 397 if (!write_cb) { 398 dev_err(&dev->pdev->dev, "write cb allocation failed\n"); 399 rets = -ENOMEM; 400 goto out; 401 } 402 rets = mei_io_cb_alloc_req_buf(write_cb, length); 403 if (rets) 404 goto out; 405 406 rets = copy_from_user(write_cb->request_buffer.data, ubuf, length); 407 if (rets) 408 goto out; 409 410 if (cl == &dev->iamthif_cl) { 411 rets = mei_amthif_write(dev, write_cb); 412 413 if (rets) { 414 dev_err(&dev->pdev->dev, 415 "amthif write failed with status = %d\n", rets); 416 goto out; 417 } 418 mutex_unlock(&dev->device_lock); 419 return length; 420 } 421 422 rets = mei_cl_write(cl, write_cb, false); 423 out: 424 mutex_unlock(&dev->device_lock); 425 if (rets < 0) 426 mei_io_cb_free(write_cb); 427 return rets; 428 } 429 430 /** 431 * mei_ioctl_connect_client - the connect to fw client IOCTL function 432 * 433 * @dev: the device structure 434 * @data: IOCTL connect data, input and output parameters 435 * @file: private data of the file object 436 * 437 * Locking: called under "dev->device_lock" lock 438 * 439 * returns 0 on success, <0 on failure. 440 */ 441 static int mei_ioctl_connect_client(struct file *file, 442 struct mei_connect_client_data *data) 443 { 444 struct mei_device *dev; 445 struct mei_client *client; 446 struct mei_cl *cl; 447 int i; 448 int rets; 449 450 cl = file->private_data; 451 if (WARN_ON(!cl || !cl->dev)) 452 return -ENODEV; 453 454 dev = cl->dev; 455 456 if (dev->dev_state != MEI_DEV_ENABLED) { 457 rets = -ENODEV; 458 goto end; 459 } 460 461 if (cl->state != MEI_FILE_INITIALIZING && 462 cl->state != MEI_FILE_DISCONNECTED) { 463 rets = -EBUSY; 464 goto end; 465 } 466 467 /* find ME client we're trying to connect to */ 468 i = mei_me_cl_by_uuid(dev, &data->in_client_uuid); 469 if (i < 0 || dev->me_clients[i].props.fixed_address) { 470 dev_dbg(&dev->pdev->dev, "Cannot connect to FW Client UUID = %pUl\n", 471 &data->in_client_uuid); 472 rets = -ENODEV; 473 goto end; 474 } 475 476 cl->me_client_id = dev->me_clients[i].client_id; 477 cl->state = MEI_FILE_CONNECTING; 478 479 dev_dbg(&dev->pdev->dev, "Connect to FW Client ID = %d\n", 480 cl->me_client_id); 481 dev_dbg(&dev->pdev->dev, "FW Client - Protocol Version = %d\n", 482 dev->me_clients[i].props.protocol_version); 483 dev_dbg(&dev->pdev->dev, "FW Client - Max Msg Len = %d\n", 484 dev->me_clients[i].props.max_msg_length); 485 486 /* if we're connecting to amthif client then we will use the 487 * existing connection 488 */ 489 if (uuid_le_cmp(data->in_client_uuid, mei_amthif_guid) == 0) { 490 dev_dbg(&dev->pdev->dev, "FW Client is amthi\n"); 491 if (dev->iamthif_cl.state != MEI_FILE_CONNECTED) { 492 rets = -ENODEV; 493 goto end; 494 } 495 clear_bit(cl->host_client_id, dev->host_clients_map); 496 mei_cl_unlink(cl); 497 498 kfree(cl); 499 cl = NULL; 500 file->private_data = &dev->iamthif_cl; 501 502 client = &data->out_client_properties; 503 client->max_msg_length = 504 dev->me_clients[i].props.max_msg_length; 505 client->protocol_version = 506 dev->me_clients[i].props.protocol_version; 507 rets = dev->iamthif_cl.status; 508 509 goto end; 510 } 511 512 513 /* prepare the output buffer */ 514 client = &data->out_client_properties; 515 client->max_msg_length = dev->me_clients[i].props.max_msg_length; 516 client->protocol_version = dev->me_clients[i].props.protocol_version; 517 dev_dbg(&dev->pdev->dev, "Can connect?\n"); 518 519 520 rets = mei_cl_connect(cl, file); 521 522 end: 523 return rets; 524 } 525 526 527 /** 528 * mei_ioctl - the IOCTL function 529 * 530 * @file: pointer to file structure 531 * @cmd: ioctl command 532 * @data: pointer to mei message structure 533 * 534 * returns 0 on success , <0 on error 535 */ 536 static long mei_ioctl(struct file *file, unsigned int cmd, unsigned long data) 537 { 538 struct mei_device *dev; 539 struct mei_cl *cl = file->private_data; 540 struct mei_connect_client_data *connect_data = NULL; 541 int rets; 542 543 if (cmd != IOCTL_MEI_CONNECT_CLIENT) 544 return -EINVAL; 545 546 if (WARN_ON(!cl || !cl->dev)) 547 return -ENODEV; 548 549 dev = cl->dev; 550 551 dev_dbg(&dev->pdev->dev, "IOCTL cmd = 0x%x", cmd); 552 553 mutex_lock(&dev->device_lock); 554 if (dev->dev_state != MEI_DEV_ENABLED) { 555 rets = -ENODEV; 556 goto out; 557 } 558 559 dev_dbg(&dev->pdev->dev, ": IOCTL_MEI_CONNECT_CLIENT.\n"); 560 561 connect_data = kzalloc(sizeof(struct mei_connect_client_data), 562 GFP_KERNEL); 563 if (!connect_data) { 564 rets = -ENOMEM; 565 goto out; 566 } 567 dev_dbg(&dev->pdev->dev, "copy connect data from user\n"); 568 if (copy_from_user(connect_data, (char __user *)data, 569 sizeof(struct mei_connect_client_data))) { 570 dev_dbg(&dev->pdev->dev, "failed to copy data from userland\n"); 571 rets = -EFAULT; 572 goto out; 573 } 574 575 rets = mei_ioctl_connect_client(file, connect_data); 576 577 /* if all is ok, copying the data back to user. */ 578 if (rets) 579 goto out; 580 581 dev_dbg(&dev->pdev->dev, "copy connect data to user\n"); 582 if (copy_to_user((char __user *)data, connect_data, 583 sizeof(struct mei_connect_client_data))) { 584 dev_dbg(&dev->pdev->dev, "failed to copy data to userland\n"); 585 rets = -EFAULT; 586 goto out; 587 } 588 589 out: 590 kfree(connect_data); 591 mutex_unlock(&dev->device_lock); 592 return rets; 593 } 594 595 /** 596 * mei_compat_ioctl - the compat IOCTL function 597 * 598 * @file: pointer to file structure 599 * @cmd: ioctl command 600 * @data: pointer to mei message structure 601 * 602 * returns 0 on success , <0 on error 603 */ 604 #ifdef CONFIG_COMPAT 605 static long mei_compat_ioctl(struct file *file, 606 unsigned int cmd, unsigned long data) 607 { 608 return mei_ioctl(file, cmd, (unsigned long)compat_ptr(data)); 609 } 610 #endif 611 612 613 /** 614 * mei_poll - the poll function 615 * 616 * @file: pointer to file structure 617 * @wait: pointer to poll_table structure 618 * 619 * returns poll mask 620 */ 621 static unsigned int mei_poll(struct file *file, poll_table *wait) 622 { 623 struct mei_cl *cl = file->private_data; 624 struct mei_device *dev; 625 unsigned int mask = 0; 626 627 if (WARN_ON(!cl || !cl->dev)) 628 return POLLERR; 629 630 dev = cl->dev; 631 632 mutex_lock(&dev->device_lock); 633 634 if (!mei_cl_is_connected(cl)) { 635 mask = POLLERR; 636 goto out; 637 } 638 639 mutex_unlock(&dev->device_lock); 640 641 642 if (cl == &dev->iamthif_cl) 643 return mei_amthif_poll(dev, file, wait); 644 645 poll_wait(file, &cl->tx_wait, wait); 646 647 mutex_lock(&dev->device_lock); 648 649 if (!mei_cl_is_connected(cl)) { 650 mask = POLLERR; 651 goto out; 652 } 653 654 if (MEI_WRITE_COMPLETE == cl->writing_state) 655 mask |= (POLLIN | POLLRDNORM); 656 657 out: 658 mutex_unlock(&dev->device_lock); 659 return mask; 660 } 661 662 /* 663 * file operations structure will be used for mei char device. 664 */ 665 static const struct file_operations mei_fops = { 666 .owner = THIS_MODULE, 667 .read = mei_read, 668 .unlocked_ioctl = mei_ioctl, 669 #ifdef CONFIG_COMPAT 670 .compat_ioctl = mei_compat_ioctl, 671 #endif 672 .open = mei_open, 673 .release = mei_release, 674 .write = mei_write, 675 .poll = mei_poll, 676 .llseek = no_llseek 677 }; 678 679 /* 680 * Misc Device Struct 681 */ 682 static struct miscdevice mei_misc_device = { 683 .name = "mei", 684 .fops = &mei_fops, 685 .minor = MISC_DYNAMIC_MINOR, 686 }; 687 688 689 int mei_register(struct mei_device *dev) 690 { 691 int ret; 692 mei_misc_device.parent = &dev->pdev->dev; 693 ret = misc_register(&mei_misc_device); 694 if (ret) 695 return ret; 696 697 if (mei_dbgfs_register(dev, mei_misc_device.name)) 698 dev_err(&dev->pdev->dev, "cannot register debugfs\n"); 699 700 return 0; 701 } 702 EXPORT_SYMBOL_GPL(mei_register); 703 704 void mei_deregister(struct mei_device *dev) 705 { 706 mei_dbgfs_deregister(dev); 707 misc_deregister(&mei_misc_device); 708 mei_misc_device.parent = NULL; 709 } 710 EXPORT_SYMBOL_GPL(mei_deregister); 711 712 static int __init mei_init(void) 713 { 714 return mei_cl_bus_init(); 715 } 716 717 static void __exit mei_exit(void) 718 { 719 mei_cl_bus_exit(); 720 } 721 722 module_init(mei_init); 723 module_exit(mei_exit); 724 725 MODULE_AUTHOR("Intel Corporation"); 726 MODULE_DESCRIPTION("Intel(R) Management Engine Interface"); 727 MODULE_LICENSE("GPL v2"); 728 729